ant-x, Firewalls are a big umbrella protection. I always install a local caching nameserver such as bind or unbound but I don't want it to be publicly available as a resolver. Does it bind to the loopback or to the public network? With a firewall in place it does not matter.

Also I use fail2ban to reduce the log file size and noise and that works with the local firewall.

I'm still dealing with this weird pkgbase issue. for some reason, pkg fails to ever upgrade FreeBSD-src and FreeBSD-src-sys

I can remove the packages and completely nuke /usr/src, reinstall the packages which successfully brings that directory tree up-to-date, but as soon as I upgrade the base system, /usr/src falls out of date and fails pkg check

tm512: what's the error

pkg check gives an abundance of "checksum mismatch" and "missing file" errors, because what's in /usr/src and /usr/src/sys is from an older version of the packages

mostly unrelated to that, but I am curious to try something on stable/15, whereas I'm still on stable/14. wondering if the less painful route of migration is to go from my latest 14 boot environment up to 15, or dust off this 15 boot environment from early september and upgrade that to the latest

not sure if the 14 -> 15 migration via pkgbase is any less annoying than it was back in september, and I don't think I'm losing any configuration changes by rolling back 5 months. I guess upgrading my 15 BE is best as long as upgrading from ~15-ALPHA1 through pkgsrc isn't too big of a jump

er, s/pkgsrc/pkgbase

If Synth aborts while regenerating the flavor index because it encountered an error in a Makefile, is there anything I can do to resolve the issue, or is that an upstream issue that needs to be resolved? I just updated the ports tree before trying to install a port, and I got that error about lang/python-doc-pdf-a4

Not sure without seeing more of the actual error output, but was the port very recently updated? This smells like it may be someone forgetting about docs.freebsd.org/en/books/porters-handbook/testing/#make-describe

Regenerating flavor index: this may take a while ...

Scanning entire ports tree.

progress: 47.64%

culprit: lang/python-doc-pdf-a4

Scan aborted because 'make' encounted an error in the Makefile.

lang/python-doc-pdf-a4 (check /tmp/synth.scanner.35.out)

Flavor index generation failed: ports scan

That was the entire thing. But the .out file it mentioned doesn't exist,

Looks like that port was removed in cgit.freebsd.org/ports/commit?id=5e…90f3a2307b70e48a2aab08c021b417eedd0 (less than 2 days ago). You may want tor trtry after refreshing your ports tree.

s/tor trtry/to retry/

I don't get it. I do not have that port installed, and that directory does not exist in my ports tree. But Synth still aborts when it reaches that port in its scan. No idea where it is getting that from.

I'm using the git ports tree.

Ah. Apparently even if the port was deleted, python-doc-pdf-a4 still exists in the /usr/ports/lang/Makefile

Getting chrome for linux/widevine running on freebsd is so easy now

A few years ago you'd have to jump through hoops

fnix It is pretty awesome.

PaddyMac, that might be it, then. If you have a FreeBSD Bugzilla account, you should file a ports bug about that.

s/might be/probably is/

I even reset my git tree. So yeah, I guess this does wrrant abug report.

(If you don't have a Bugzilla account, ask in #freebsd-ports for a committer to fix that, linking to the removal URL.

)

wondering if my /usr/src pkgbase issue has anything to do with boot environments. is /usr/src excluded from boot environments created with bectl?

my current method for upgrading my system is to create and mount a new BE, then upgrade the BE using pkg -c, activate the BE, then reboot

Even if a commiter fixes the issue, it seems like Synth itself should be able to not choke on something like that.

though I think this issue with /usr/src never getting updated was happening even back when my upgrade strategy was to reboot into a new BE before running any upgrades

since when I first noticed that /usr/src was out of date, I think the files in there were from back in 2024 not long after I first installed FreeBSD on this machine

/usr/src has to be included because it's different between each release

it does seem to be a boot environment issue. /usr/src gets updated files inside the BE's root, but then when I actually boot into the new BE, zroot/usr/src, containing outdated sources, gets mounted over the updated /usr/src on the root

set zroot/usr/src legacy mounted?

what does that mean exactly?

wondering why I shouldn't just destroy zroot/usr/src

there doesn't seem to be a benefit in having one copy of the source tree shared between all of my BEs

for trying 15 I guess I'm best off just upgrading from my BE of stable/15 from around the release of ALPHA1. my only chance of trying the latest DRM drivers is if I jump over to 15

though last I heard, from this other person who's getting GPU hangs similar to what I'm getting, the 6.9 drivers don't fix the issue

I'm curious about the 6.10 drivers that got merged into drm-kmod master about a week ago

these GPU hangs significantly affect how I'm able to use my computer and if I were reasonable I probably should've abandoned FreeBSD by now with how long it's been with zero attention from the drm-kmod devs

tm512, legacy mounted refers to setting mountpoint=legacy. that stops zfs from automounting the dataset letting it be mounted in /etc/fstab instead if you should want

destroying it is valid but not preferable (what if you e.g. need to extract etcupdate from it)

well the zroot/usr/src dataset isn't being kept up to date properly. I have to remove the packages, nuke /usr/src, and reinstall the packages while zroot/usr/src is mounted

if I try extracting anything from it, unless I go through that hassle every time I update, I'm not going to get stuff that matches the running system

ah

then, nevermind i suppose, just destroy it

I could keep it up to date if I mount the dataset under the BE's mountpoint while I'm upgrading

but then I'm sharing a source tree between all BE's and if I have to roll back an upgrade for some reason I'm going to have to manually intervene to downgrade /usr/src

You could use git and switch between branches when upgrading/downgrading the system

then again I didn't follow the discussion

How come the pkg list is not publically viewable anymore?

Like this: pkg.freebsd.org/FreeBSD:15:amd64/latest/All

it's huge

and also: why

for great justice /s

i am stuck on a "bhyve exited with status 4" on a host that i swear was running

well, I gave iwlwifi another shot here, now on 14.4-STABLE. it's just as busted as the last time I tried, unfortunately

does iwlwifi even support 802.11ac on the Wireless-AC 9260 card? I just noticed on the man page that ac is only supported on the 22000 generation and later, I'm guessing the 9260 is part of the 9000 series generation and not supported?

and is it the same situation on 15.0? I noticed the stable/15 branch has work that was never backported to 14

considering the state of FreeBSD's wifi support, maybe I just need to resort to wifibox again

I wonder if there are even any plans for iwlwifi to support the full capabilities of this card, and even if so, if it's just gonna be pushed off while 802.11ax support is prioritized

Ok, so my VM is still crashing without any clue of what's going on

in less than 24h it just stops working

console is a black screen, unreachable from the network

no kernel crash, nothing in logs, i checked netdata searching for any spike before crash and NOTHING

ram is available, not any cpu spike, no swap

lately i had some problems with syncthing amount of files open

i fixed the syncthing issue with : kern.maxfiles=500000 and kern.maxfilesperproc=131072 in /etc/sysctl.conf

if it makes my os not stable, shouldn't it trigger a kernel crash instead of a black screen ?

i enabled watchdogd, so if it crashes it should reboot : it does not

and /var/crash/ remains empty

(i tested a crash following the documentation and it worked with the simulation)

did anyone mention my nick?

(sysctl debug.kdb.panic=1)

i did

"black screen"

now you're here, help me figure it out :)

do you have a swap partitioen

yes i do, but as said it's not swaping

let me paste netdata graph

it swaps but very very light

was it set as dumpdev when you crashed the bus

the swap ?

yes

eoli3n: what's your VM environment? vBox or qemu?

i don't think so, how do i do this ?

you should `sysrc dumpdev=AUTO` and then reboot normally; in my case I have a network dump device which requires more complex setup and another server running freebsd at least 13

black i'm running a VM in "freebox os 4.9" this is a french isp router which allow to run vms

SarahMalik: yes, i did that

this is configured

well

do you have console access to the host platform (freebox os)?

i don't

no logs nothing

this is netdata swap usage : 0x0.st/PcRE.png

each hole is a "crash"

that with netdata is of no use to us

(for the record: I have *@*/scottpedia on ignore because of unbelievable rudeness)

SarahMalik: i didn't get what you mean

netdata i'm assuming is coming from the freebox os, its "swap usage" is not of concern to us, we want to know if a swap partition is configured in the VM's "hard drive"

no, netdata is installed on freebsd

this is freebsd swap usage

uh, huh. weird. continue.

what's weird ? i don't get your point

nothing, i just didn't know that was a thing

what output have you for `dumpon -l`?

> vtbd0p2

and that partition exists? it's how big? i've found that my netdump server usually needs around 3 gigabytes each time any of its clients (both with over 8gb of ram by a long shot) crashes

534528 4194304 2 freebsd-swap (2.0G)

so your guess is that it is a kernel crash but no sufficient swap space to write ?

why do I found nothing after a reboot ?

not even a single file

... might be. You'd need to video the VGA screen or serial console from during the crash

i do have one

but as said, it remains black after the "crash"

did it show it dumping and doing all that?

nop

nothing, black screen

oh what the blast

i tried to enable video output and select "video" in 5. from freebsd bootloader but i can't get something outside the console

maybe i miss something

"enable video output on the vm"

edit /etc/ttys, make one of the serial consoles a console, and have the thing boot to the serial console primarily

if freebox supports serial consoles; idk if it does

sorry, what does it try to do ?

i have console working before the crash

after the crash console is out

you have video console working before crash and then out after?

this is why i am recommending serial

nop sorry let's restart

i only have console output working

until it crashed

define console

let me paste

is this video console or serial console

serial

this

I don't know, then, how you are configuring it that it becomes unusable when FreeBSD crashes

but since this isn't a PC that means everything I actually know goes out the window; do we have an arm64 expert on the party line?

i tried to enable checkbox "Ecran virtuel" which means "virtual display" and then boot freebsd with "video" from the bootloader, but when i open "display" button (the currently grey one) it says that i don't have any display

SarahMalik: i don't get what you mean, i just login to the console i pasted

right yes, I see that

but after the crash i don't even see anything in that console

you boot in the bootloader with serial console? which is what it should be for this to work

yes

and it works

until the crash

very weird

what's weird ?

what's weird is that something's happening that shouldn't be

which part N

?

you mean the crash

the serial console not being written to when you crash?

yes, that's why i thing that this is not a kernel crash

think

but it is, you're literally flipping the crash the kernel sysctl, that crashes the kernel

yes that was to test that this is working

but it is, you're literally flipping the crash the kernel sysctl, that crashes the kernel... oh

... sory about the repeat

the kernel crash test was just to see that i see files in /var/crash

so you're having a different crash, but it's not a normal panic

and i did, when i flip the crash myself

yes

i think

maybe what's crashing is the VM itself

then freebsd doesn't even know that it's crashing

okay; this is really offtopic for here then is there some way to set some debug options in the hypervisor, like can it save core when the VM dies, assuming the VM dies with this crash and not that it's stopping?

like unplugging the cable

problem is that i don't have anything on the freebox os, not log, no console, nothing

just that web interface with some buttons

ah...

then you'll need to speak to that vendor to try to figure out what's up

so we are absollutly sure now that this is not related to my freebsd install ?

not really, but it's gone outside our abilities to know what's happening. I know there are bugs in freebsd that can cause what I call "hard crashes", i experienced one with my GPU

but here you have a hypervisor that could conceivably be misbehaving

you'd need to have a word with freebox about what they do under circumstances like this

strange thing is that it worked for many weeks without problem

you changed nothing, this started happening?

yep, i'm creating an account on the forum to get help

thanks for your time

SarahMalik: i changed the sysctl part

let's try to revert this

ah

i had freebsd crashing because of syncthing

syncthing migrating to inotify will fix it

but for now i need to set higher maxfiles and mexfilesperproc

max

and that shouldn't be crashing the system, but it is

let's revert / reboot and see what happens

see you in a min

wait and see

i found someone which has the exact same problem as me since last freebox os upgrade : dev.freebox.fr/bugs/task/40675?stri…om=&openedto=&closedfrom=&closedto=

silly question but what's the practical difference between using `pkg -j`, `pkg -r` and `pkg -c`?

-j/-c will enter the jail/chroot, so configs of that jail/chroot apply (you can't use -j to update a jail that has no internet access), -r will work on the host (not sure if it looks for configs in that given root)

mm. so do they all cache packages internally?

or would -r allow pkg to do all of that on the host?

no idea on -r, maybe it behaves like -c just without doing the chroot, maybe it uses more stuff (like the cache dir) from the host

(in any case, thanks for the answer)

polarian re bouncer/vpn - "the number of people who tell me this" - not me :P took just an extra hour to figure out sasl and soju

The kids and their bouncers. What's wrong with just shelling in?

V_PauAmma_V Holy cow. I filed a bug before I went to bed. It was marked complete when I got up this morning.

I figured it would be at least Monday.

I read on Phoronix that there is a planned KDE Plasma desktop installer option planned for 15.1 to improve the laptop experience. Has there been any discussion of putting a wifibox installer option? Because honestly making sure wifi works on a laptop would make the laptop experience great.

i am stuck on a "bhyve exited with status 4" on a host that i swear was running

other efi vms are running

not sure what else to check

vkarlsen how's that?

Who is current head honcho for fuse filesystems in FreeBSD? Commit history is a bit too sparse to tell.

Have a ports tree?

A what?

anyone else use doas here? the conf file doesnt seem to work

seti: i do

i just have the rule permit nopass :wheel

yet my user in wheel still gets prompted everytime

permit keepenv nopass :wheel

is mine

didnt work either :(

manything in the logs?

is doas setuid properly?

looked in /var/log/auth.log didnt show anything strange

does it work after a password?

oh i should have specified, it works its just that i cant disable password

a bit dumbfounded, vidoas doesnt report syntax errors in the file when i write exit

oh now it worked

had to have at the top ONLY permit nopass user

but adding permit keepenv user as root somehow defeats the option above?

oh adding it under that one fixes it

lessless: Logging into a shell on the remote machine and running the client there

vkarlsen, I do that! In my IRC setup I pretty much have a Rube Goldberg of parts though and for almost anything I could say, I do that. :-) tmux+irssi+znc+irssi+perl+emacs+erc here. The advantage of a local client is that I can have it make a beep in certain conditions, my nick highlighted by certain people in certain channels. That's harder to do when only using a remote ssh client IRC.

That is a good point

seti, I think it is dangerous to be running X (or Wayland) programs as root. It's just a big attack surface. Therefore I think having "keepenv" is a bad thing. And also it often results in root owned files in the home directory which is not good.

tbh I always come back to xkcd.com/1200

I have a weekly cronjob to look for such files: 25 16 1 * * test -d $HOME && find $HOME -user root -ls

Not liking what I realized I was doing I contemplated changing that on the fly before posting to test ! -d $HOME || find ... but decided to leave it. The difference is whether cron itself ever sees the non-zero exit code or not.

A few years ago on the Debian side of things the maintainer there decided to patch cron so that it would complain if any command exited non-zero. It created quite a large kerfuffle since that is not traditional behavior.

It's not truly a critical cronjob and if there is ever any possibility that the required mount point is not present then I always add a protection to skip that job because otherwise the deluge of email from a system after some problem or maintenance task can be quite large.

dTal, I love that Randal says he switches to his brother's account in that case. That's very funny!

vkarlsen I'll wait until Apple drives Darwin fully into the ground before switching to a terminal client :)

lessless, (pedantically) I don't see how those two things are related. I don't see why they would be related! I think if you are using Darwin and it is broken then even command line programs will be broken too. (Just rhetorical musing...)

rwp this is going to be controversial, and I hope I won't get banned. I think macOS is the best desktop experience out there (for now). So I'm going to try to make the most out of it. Maybe this belongs to #freebsd-social :)

lessless, Definitely #freebsd-social is the place. You should join back in there! I don't think it will get you banned here. Because looking at almost every conference presentation on FreeBSD the presenter will almost always be running MacOS. That always feels wrong to me. If I were presenting at an Apple conference I would run Apple. If presenting at a BSD conference I would be using BSD.

I've got a 1000Gbps usb 3.0 j5Create adapter but freebsd only shows it at 100Gbps.... anyone else have issues like this?

sig`: you mean mbit

yeah sorry

heh

Do you perhaps mean 1000 Mbps rather than 1000 Gbps? If I were getting 100 Gbps on USB then I think I would be doing very well indeed.

I think a better question is what the driver supports and how to debug this and how to improve it. What does dmesg say when the driver loads?

I would also test this with alternative live-boot operating systems to see how the Linux driver for it reacts to it and how the OpenBSD driver reacts to it and gather data.

it works as 1000 on linux

need to download a live openbsd to try that

rwp: AX88179 + FreeBSD (axge) seems to be known issues

don't think I'll waste my time playing with this adapter anymore

sig`, Bummer! Hopefully the situation will improve. (Not that I can help in any way other than hoping.)

rwp: yeah, I just need to pull the trigger on a new mini pc for what I'm doing.

this old machine just needs to be snapshotted over to something new... :)

The new generation of mini-pc systems are really nice! I have been enjoying the small handful of systems I am using. My desktop is now an old HP t740 with 4x displays but I still consider that a mini-pc but driving 4x displays which I am loving. I have 2x gen 2 ZimaBoard systems for random testing and they are nice.

An HP Elitedesk is one of the machines in my home lab setup.

I'm already running this as my main desktop: Beelink SER9 PRO AMD Ryzen AI 9 HX 370

would like another one for my server