Having multiple ipv4 and ipv6 addresses, is the alias0 used for both v4 and v6 or should the v4 be alias0 and v6 alias1?

zedomega: Where are you getting this notion that you number aliases? I don't see anything demonstrating that in the ifconfig man page.

rc.conf file

Oh, right. Looking.

zedomega: So, looking at /etc/defaults/rc.conf they don't show anything I can see tying IPv6 to alias1. You should be able to order things however you like.

ifconfig_devN for primary interface. ifconfig_devN_aliasN for aliases (virtual IP's?)

... for each interface.

alias0 for v4 and v6 both. Each interface has it's own aliases.

ek I'll try that...thanks

ek: alias0 on the same NIC more than once?

ek: I'd want to read through the script handling it to make sure it'll be happy with that. Why number them if the numbers don't matter?

No, no.

*_alias0=inet whatever" (v4)

*_alias1=inet6 whatever" (v6)

Right, but there's nothing magical about which of those gets alias0 and which gets alias1.

Same interfaces, same aliases continuation. Just reference inet or inet6 for the address.

Sorry. I could've/should've worked that better.

No worries.

Got it...seems sysrc overwrites when using alias0 more than once...so I like alias0 and alias1

It's possible the numbering exists to appease sysrc.

Yes. aliasN defines it. There will always be a number regardless of v4/v6.

Thus address family doesn't matter...increment alias based on interface

Using address family obviously

Correct.

You can assign whatever you want to whatever alias for any interface.

Thanks folks

Also, aliases don't need to be in order. You can assign *_alias45 and not even have a zero.

these are just environment variables, having two with same name leaves the last value assigned

Makes commenting/testing easy.

checkpoint: Absolutely. They just get pulled in. Overlaps will not break anything. Just last VAR gets point.

why is there no tag for 15.0-RELEASE-p10?

within /src

like I see the patches been merged into the releng branch for 15.0

polarian: That tag is RELEASE/RELENG.

It will pull the latest patch version.

all 15.0 tags

polarian: Or are you talking about git repo?

git repo

-9 is the last one

freebsd-version -k -u returns 15.0-RELEASE-p9 x2

so I know -p10 is the next

but theres no tag for it

so imma just build the releng branch

I assume someone fucked up and dint push the tag :3

Could be.

But, I'd assume the tag is fine since pkgbase is pulling -p10?

git fetch

then git tag | grep 15.0

there is no -p10

imma just build releng

I can try a depth=1 real quick.

Yes. Releng will give you latest release.

I know

but I like to build the tags

What are you looking at if not releng?

Ah. I gotcha'.

releng works, as you are always building the latest version

but building the tag is just my preferred mehtod

method*

its just weird theres no tag for it

this is what I get: commit fef97a6889f98be4fa9a565577067f20d1f642a9 (HEAD, tag: release/15.0.0-p10, origin/releng/15.0)

the fuck?

the -p10 tag is there

wtf is wrong with my src tree

polarian: git status ?

"git it back in sync"

polarian: are you in the right branch ?

checkpoint: I git fetch'd

a minute or two ago

that will pull all branches and tags

and the objects

then I just checkout the tag of my picking, but I didnt pull the -p10 for some reason

oh

now I pull it

polarian: I pulled it 15 secs ago, my repo is more recent. :)

checkpoint: wouldnt it be funny if in the 3 mins it took me to load IRC, that the tags were pushed?

:p

are tags timestamped?

polarian: what is the last commit in your repo ?

checkpoint: it was checked out to -p9

so it doesnt matter

I git fetch'd

so just because I pulled the latest objects doesnt mean I had them checked out

btw, git pull -t

will fetch all tags as well

I know

but git fetch should have

never had it not

mason, /usr/libexec/sshd-auth seems to appear at 14.4-RELEASE-p5 with -p4 not having it. My -p5 jails have it. My -p4 jails do not.

there was also 10 new objects

rwp: Thank you.

so maybe there wa sa commit just after I fetched?

who knows

in any case thx checkpoint

I have more updating to do. I've found some 14.3 lingering.

im not insane I promise :p

maybe there's some difference between `git pull' and `git fetch' ? I don't know.

There definitely is.

But, there were also a bunch of SA's released recently. When the repos get sync'd, I have no idea. Some may have taken longer.

fetch pulls changes but doesn't apply them locally, while pull does.

... in the most minimal terms.

Most people will likely use "git pull" if they aren't editing/testing ports or src.

mason, I updated one of my -p4 jails. It arrived at 14.4-RELEASE-p6. It does NOT have /usr/libexec/sshd-auth file. Hmm...

mason, I updated one of the -p5 jails that had the file. It arrived at 14.4-RELEASE-p6. It still has the file. Hmm...

The issues include heap buffer overflows and over-reads, NULL pointer dereferences, a use-after-free, unbounded memory allocation, and several cryptographic flaws permitting message forgery, integrity bypass, or recovery of a private key.

eh

project glasswing still going strong :)

or someone who has billions of dollars to burn tokens finding bugs in parallel

argh, just noticed that my user crontabs don't work anymore since upgrading from 14.3 to 14.4. They're logged in /var/log/cron, but actually don't do anything. The ones in /etc/crontab and /etc/crontab.d run just fine

joemie, I am running 14.4 and my crontab is running. Is anything logged to /var/log/cron on your system?

Is cron running? "ps aux |grep cron" "service cron status"

yes, cron is running. like I mentioned before, the command in my user crontabs (plural) are logged in /var/log/cron, but the commands itself are not executed. And system cron just run fine

for instance, I run /usr/local/bin/fetchmail every 15 minutes, it logs in /var/log/cron, but mail is not being pulled

I would put something debug in your crontab. Something like "touch $HOME/foo" or "env" to email you the output. Or something else that would prove it is running. It is definitely running here.

The account is not "*LOCKED*" right? Just checking. That will disable the crontab for the user.

I'm currently logged in as a user whose cron doesn't execute

Do you have email working for cron output? Put

Do you have email working for cron output? Put "* * * * * env" in there and see what gets produced as a test.

Put "* * * * * touch $HOME/foo.$(date +%T.%N)" in there and see what gets produced as a test.

ah, found something:

Jun 10 08:16:00 ramses /usr/sbin/cron[91049]: in openpam_dispatch(): calling pam_sm_setcred() in /usr/lib/pam_unix.so.6

Jun 10 08:16:00 ramses /usr/sbin/cron[91049]: in openpam_dispatch(): /usr/lib/pam_unix.so.6: pam_sm_setcred(): Success

Jun 10 08:16:00 ramses /usr/sbin/cron[91049]: (peter) CRED (Failed to set user credentials)yY

At least you have an error you can chase down now.

when i've dabbled with jails in the past, i made it so i could ssh into each jail using its own username. it was a nice way to treat each jail as its own full blown system because i could sftp files in/out of jails directly. i don't really like the idea of having everything go through a single user in the jail host system because it breaks

isolation. but am i thinking about jails wrong?

from the host system you can just copy stuff in and out of jails, without having to log in

and if I have to log in, I use the jexec command, on non of my jails runs ssh

do you still create a user per jail for the host system if you want to isolate jails like virtual freebsd systems?

i wanted to treat jail instances like a vps

I do have a user on them, depending on the system. But I still use jexec to log in

I mean, if you're running a webserver, you probably have a user called www

but if the jail's running a webserver for a specific service you wouldn't call it "www" would ya? because that's pretty generic and easy to collide with another jail running a webserver on another ip for a different project

anyone here migrated from RHEL? I am just interested in your experience

kerneldove: each jail has its own set of user accounts. There's nothing going to collide with anything, providing all jails have their own IP (VNET)

joemie so the users belong to each jail, not the jail host?

yes

ok so let's say you want to independently manage jail services, how do you sftp files in/out of the jail with different user accounts?

like imagine each jail is a vps customer

yes, you could do that

that would use separate jail host accounts, each with access to their own jail?

yes

ok but when you sftp files in to a jail host user account, how do you then get those files into the jail?

ermm, you connect to the service of that jail (with its IP address).

so you're running sshd inside the jail and sftp directly into the jail and not the jail host?

yes

ok ya that's what i set up. i thought you said earlier don't run sshd inside each jail

no, I didn't say that: I wrote that _I_ don't run sshd in a jail

ah but if you wanted to do what i'm talking about, you'd set it up like that

yes

ok got it tyvm

yw

so it seems like there are a few different 'types' of jails. a service jail that's just a service container for the host system. no sshd in it. then there's a 'virtual server' type jail that runs sshd in it and gives ppl a pseudo vps

then there's the thin vs thick jail distinction but i think that's orthogonal

You shouldn't use service jails for your purposes. Thin jails share the binaries, and thick jails all have their own binaries. Obviously the latter uses more diskspace

ya but you do agree there're these handful of different main ways to set up a jail ya?

correct

ok. pretty cool that jails is a sec domain primitive that can be adapted in different ways

anyone know if mythos ai has been donated to freebsd to find security vulns?

still struggling with my cron: boiled it down to a pam issue, however I'm not sure how to solve this. The pam config for cron is the same sa in the jails (where cron runs just fine). I have two messages to go on: in the cron log: CRED (Failed to set user credentials), and in the debug log: in openpam_dispatch(): /usr/lib/pam_unix.so.6: pam_sm_setcred(): Success. Neither of my 15 jails do this.

pam_unix.so.6 binary is the same in the jail

cron started working after I added an auth facility in the /etc/pam.d/cron file, but I cannot explain this, since none of the jails has this facility.

hello

I am facing a fw issue on anewly installed freebsd 15

wifi card has driver associated but firmware has a problem i cannot figure out

is this the right room for help?

you can ask, for sure

if someone knows or have time, they will help

midgeek, post your error messages or whatever you got to a pastebin site, ie: paste.debian.net then share the link here

those that might be of help can have a peek

im lucky my wifi just worked riht out of the box

Mine didn't, but I received help via the issue tracker: <bugs.freebsd.org/bugzilla/show_bug.cgi?id=272145> @midgeek .

anyone on stable/15 experiencing drm GPU hangs or anything like that? updating to newer llvm/clang in base and recompilation of everything ( including drm-kmod from git ) started to show such behavior

this is the dmesg, it complains about missing firmware file, i don't know where to get it, no package seems to include it, ideleted it accidently, but even when it was here, it also complains and wifi does now appear

i am also sad drm in such a extremely lagging state. even OpenBSD has much newer drm

my intel wifi get a similar msg, but it doesnt actaully matter in my case at least

angry_vincent, Graphics were always good and snappy fast on 12 and 13 and then on 14 I started to have graphics lags. I am hoping that this improves in 15.

well. it was very fine on stable/15 until clang/llvm update. maybe some other things that updated besides compiler

If things were good then changed it would likely be a library. And if things were good in this case then I suspect something else entirely going on.

elivoncoderer, That firmware file should be located at /boot/kernel/iwm8265fw.ko and if missing you should be able to recover it from a previous zfs snapshot or boot environment. I /think/ that installs as part of the base system.

f451, Any one in particular? Or just that there were 12 of them today? (We knew something was coming because a new patch level update appeared yesterday.)

well the openssl there are two

I only see one: freebsd.org/security/advisories/FreeBSD-SA-26:35.openssl.asc

With the machine learning tools being applied to source we are going to be having quite a few of these large waves of patches coming through.

26:15 and 26:35 for openssl

This is expected. New tools to find bugs and vulnerabilities have appeared. People, good people and bad people, are going to be using them to find vulnerabilities. Get yourself set for applying updates as they appear! Hang on. It's going to be a rough ride for a while.

yeah i know lol

But then after we ride through the waves of vulnerabilities that are found then the easy ones will be found and we will be through it. Then the utilities will be used before code is released.

It's going to smooth out. Eventually. It will take a year probably. But then we will be past this.

It's like an old saying. The truth will set you free. But first it will make you miserable.

i need to upgrade the dev 13.5 box then upgrade php

All of my FreeBSD systems are up to date. But I have several older Debian/Ubuntu systems that have obstacles to upgrading that are problems. Those are going to be problematic! I am turning to jails and containers to bag them up. But it is a slog due to the obstacles that prevent them from upgrading.

rwp: i got hammered by the kernel update in the last debian release

13.5 heh thats what debian is at now

im glad llm has a use in bug hunting

that yellowkey that was released couple weeks ago, was insane bitlocker was basically wide open.

rtprio, "Hammered?" As in it was a bad kernel? I have hit at least two bad Debian kernels in the past few weeks. I mean I need my laptop to be able to resume from suspend! That was one. Another was a failed network and I also need my backup server to be able to speak on the network.

hope fable5 or whichever can review our (linux,bsd) full disk encryption software too

With bitlocker that was on Microsoft Windows and who really expected MS to not have tens and hundreds of remaining security vulnerabilities?

oh for usre

elivoncoderer: fable refuses to touch anything security related

rwp: well, it went from 6.x to 7.x

and my video driver didn't build with 7

well,i restored the missing firmware file 'iwm8265fw', and i get the same error in either the installer, or the main system : `iwm8265fw: could not load firmware image, error 8`

however, pciconf already shows 'iwm0@pcixxx', meaning that driver successfully loaded

so im learning vm-bhyve and i got linux and windows vm guests working great. when i install/start them i can connect to vmhost:vmport with vncviewer and see the install screen. vm list shows each vm, VNC address 0.0.0.0:vmport, running state. but when i run sudo vm install fbsdvm fbsd.iso, it doesn't have anything in vm list for the VM section so

obv i can't connect with vncviewer. the fbsdvm.conf has graphics = "yes", graphics_port set, graphics_rez 1920x1200, loader bhyveload, network0_switch and _type set, just like the linux vm's .conf has. so why not working pls?

does freebsd come with the ability to view html pages out of the box on the terminal? I just installed freebsd 15 on debian using qemu and selected the option to install the handboox, but it's just a bunch of html pages. Would I have to pick my own terminal based browser and install that?

rtprio, Oh! Debian. You did say Debian. But I didn't catch it and thought FreeBSD. I have had several bad Debian kernels recently too. Laptops need to be able to resume from suspend. Backup servers need network connectivity! I had to revert, and then newer kernels worked. I suppose there were lots of complaints.

td123, Most people use a graphical web browser for the handbook. docs.freebsd.org/en/books/handbook It's online.

But you could install a terminal text browser such as lynx, links, elinks, w3m, or other and view it in the terminal too. That's okay too.

rwp: thanks

hello, i made a mistake during installation leaving little room for swap partition and want to increase available swap. I found 11.12.2. Creating a Swap File

from

this should still work for me, right? my RAM is 8 GB, swap partition currently is 2.5GB. I want to add a swap file with another 8100 MB. Am I on the right track ?

another option would be to reinstall again..

yeah, you can do that, if you're using UFS

you don't need to reinstall. 2.5 swap sounds like plenty

thank you, rtprio !

consider: if you're swapping 2.5gb, chances are your system would already be in rough shape. swapping more would not really be a remedy

hm so i changed loader="bhyveload" to uefi and vnc now works

being able to tmux a into a vm is super cool if you ask me

Hi, I have a question regarding packages. If I go to pkg.freebsd.org/FreeBSD:13:amd64 I see the folders release_5, quarterly and latest. I understand quarterly is more stable and latest is the daily cutting edge packages. But I do not understand the differences between quarterly and release_5

Is it daily? I thought it was more like weekly, since it takes a while to perform a full build

ok, weekly it is, but my question is more on the quarterly vs release_5, maybe we can focus on the particular case of FreeBSD13 even if it is EOL

Sorry I don't know what release_5 is

I do understand that would be like FreeBSD 13.5, but then I do not understand why there is quarterly

scoobybejesus: i just use ssh like the rest of my hosts

nothing wrong with that

robert12 apparently you can either use the quarterly updated packages or the releases which are freeze in time

Thanks

you choose with repo you want, I do understand latest is not for production

you can production latest, no problem

I am preparing a local repo with the last release for 13 and 14 to be used in internal jails

sort kind of local cache repository

hm

guess i'll upgrade. the mailing list sure shoots off a lot of emails at once

just noticed freebsd is spitting out memory errors

far and few. wonder what that's about

MCA: Bank 8, Status 0x8c0000400001009f

oh. after a reboot it seems like one of the dimms isn't working. guess i'll look at that over the weekend.

Perhaps un-seat the dimms, re-seat them, run memtest86+ overnight, and see if the problem resolves?