00:18:07 Having multiple ipv4 and ipv6 addresses, is the alias0 used for both v4 and v6 or should the v4 be alias0 and v6 alias1? 00:22:30 zedomega: Where are you getting this notion that you number aliases? I don't see anything demonstrating that in the ifconfig man page. 00:22:56 rc.conf file 00:23:14 Oh, right. Looking. 00:24:11 zedomega: So, looking at /etc/defaults/rc.conf they don't show anything I can see tying IPv6 to alias1. You should be able to order things however you like. 00:26:36 ifconfig_devN for primary interface. ifconfig_devN_aliasN for aliases (virtual IP's?) 00:27:02 ... for each interface. 00:27:30 alias0 for v4 and v6 both. Each interface has it's own aliases. 00:28:01 ek I'll try that...thanks 00:28:14 ek: alias0 on the same NIC more than once? 00:28:48 ek: I'd want to read through the script handling it to make sure it'll be happy with that. Why number them if the numbers don't matter? 00:28:50 No, no. 00:29:11 *_alias0=inet whatever" (v4) 00:29:26 *_alias1=inet6 whatever" (v6) 00:29:58 Right, but there's nothing magical about which of those gets alias0 and which gets alias1. 00:30:04 Same interfaces, same aliases continuation. Just reference inet or inet6 for the address. 00:30:22 Sorry. I could've/should've worked that better. 00:30:28 No worries. 00:31:10 Got it...seems sysrc overwrites when using alias0 more than once...so I like alias0 and alias1 00:31:46 It's possible the numbering exists to appease sysrc. 00:31:57 Yes. aliasN defines it. There will always be a number regardless of v4/v6. 00:32:36 Thus address family doesn't matter...increment alias based on interface 00:32:50 Using address family obviously 00:33:00 Correct. 00:33:18 You can assign whatever you want to whatever alias for any interface. 00:33:27 Thanks folks 00:33:47 Also, aliases don't need to be in order. You can assign *_alias45 and not even have a zero. 00:33:58 these are just environment variables, having two with same name leaves the last value assigned 00:34:00 Makes commenting/testing easy. 00:34:57 checkpoint: Absolutely. They just get pulled in. Overlaps will not break anything. Just last VAR gets point. 00:37:58 why is there no tag for 15.0-RELEASE-p10? 00:38:02 within /src 00:38:13 like I see the patches been merged into the releng branch for 15.0 00:38:30 polarian: That tag is RELEASE/RELENG. 00:38:40 It will pull the latest patch version. 00:39:19 https://bpa.st/SXSQ 00:39:21 all 15.0 tags 00:39:21 polarian: Or are you talking about git repo? 00:39:24 git repo 00:39:30 -9 is the last one 00:39:46 freebsd-version -k -u returns 15.0-RELEASE-p9 x2 00:39:56 so I know -p10 is the next 00:39:58 but theres no tag for it 00:40:03 so imma just build the releng branch 00:40:09 I assume someone fucked up and dint push the tag :3 00:40:32 Could be. 00:40:47 But, I'd assume the tag is fine since pkgbase is pulling -p10? 00:41:29 git fetch 00:41:34 then git tag | grep 15.0 00:41:36 there is no -p10 00:41:50 * polarian shrugs 00:42:00 imma just build releng 00:42:01 I can try a depth=1 real quick. 00:42:19 Yes. Releng will give you latest release. 00:42:23 I know 00:42:27 but I like to build the tags 00:42:28 What are you looking at if not releng? 00:42:35 Ah. I gotcha'. 00:42:44 releng works, as you are always building the latest version 00:42:49 but building the tag is just my preferred mehtod 00:42:51 method* 00:42:55 its just weird theres no tag for it 00:44:14 this is what I get: commit fef97a6889f98be4fa9a565577067f20d1f642a9 (HEAD, tag: release/15.0.0-p10, origin/releng/15.0) 00:44:29 the fuck? 00:44:36 the -p10 tag is there 00:44:42 wtf is wrong with my src tree 00:45:00 polarian: git status ? 00:45:00 "git it back in sync" 00:45:12 polarian: are you in the right branch ? 00:45:19 checkpoint: I git fetch'd 00:45:22 a minute or two ago 00:45:28 that will pull all branches and tags 00:45:34 and the objects 00:45:47 then I just checkout the tag of my picking, but I didnt pull the -p10 for some reason 00:46:03 oh 00:46:05 now I pull it 00:46:10 polarian: I pulled it 15 secs ago, my repo is more recent. :) 00:46:23 checkpoint: wouldnt it be funny if in the 3 mins it took me to load IRC, that the tags were pushed? 00:46:26 :p 00:46:32 are tags timestamped? 00:47:01 polarian: what is the last commit in your repo ? 00:47:26 checkpoint: it was checked out to -p9 00:47:28 so it doesnt matter 00:47:31 I git fetch'd 00:47:43 so just because I pulled the latest objects doesnt mean I had them checked out 00:47:52 btw, git pull -t 00:48:00 will fetch all tags as well 00:48:54 I know 00:48:58 but git fetch should have 00:49:01 never had it not 00:49:11 mason, /usr/libexec/sshd-auth seems to appear at 14.4-RELEASE-p5 with -p4 not having it. My -p5 jails have it. My -p4 jails do not. 00:49:14 there was also 10 new objects 00:49:23 rwp: Thank you. 00:49:25 so maybe there wa sa commit just after I fetched? 00:49:27 who knows 00:49:29 in any case thx checkpoint 00:49:36 I have more updating to do. I've found some 14.3 lingering. 00:49:37 im not insane I promise :p 00:51:39 maybe there's some difference between `git pull' and `git fetch' ? I don't know. 00:52:04 There definitely is. 00:52:32 But, there were also a bunch of SA's released recently. When the repos get sync'd, I have no idea. Some may have taken longer. 00:53:39 fetch pulls changes but doesn't apply them locally, while pull does. 00:53:49 ... in the most minimal terms. 00:54:54 Most people will likely use "git pull" if they aren't editing/testing ports or src. 00:57:27 * checkpoint is does some kernel hacking, on a separate branch usually 00:59:06 mason, I updated one of my -p4 jails. It arrived at 14.4-RELEASE-p6. It does NOT have /usr/libexec/sshd-auth file. Hmm... 01:09:07 mason, I updated one of the -p5 jails that had the file. It arrived at 14.4-RELEASE-p6. It still has the file. Hmm... 01:14:01 The issues include heap buffer overflows and over-reads, NULL pointer dereferences, a use-after-free, unbounded memory allocation, and several cryptographic flaws permitting message forgery, integrity bypass, or recovery of a private key. 01:14:05 eh 01:19:46 project glasswing still going strong :) 03:42:16 or someone who has billions of dollars to burn tokens finding bugs in parallel 05:51:44 argh, just noticed that my user crontabs don't work anymore since upgrading from 14.3 to 14.4. They're logged in /var/log/cron, but actually don't do anything. The ones in /etc/crontab and /etc/crontab.d run just fine 05:59:31 joemie, I am running 14.4 and my crontab is running. Is anything logged to /var/log/cron on your system? 06:00:02 Is cron running? "ps aux |grep cron" "service cron status" 06:04:14 yes, cron is running. like I mentioned before, the command in my user crontabs (plural) are logged in /var/log/cron, but the commands itself are not executed. And system cron just run fine 06:05:13 for instance, I run /usr/local/bin/fetchmail every 15 minutes, it logs in /var/log/cron, but mail is not being pulled 06:06:35 I would put something debug in your crontab. Something like "touch $HOME/foo" or "env" to email you the output. Or something else that would prove it is running. It is definitely running here. 06:07:59 The account is not "*LOCKED*" right? Just checking. That will disable the crontab for the user. 06:09:17 I'm currently logged in as a user whose cron doesn't execute 06:14:29 Do you have email working for cron output? Put 06:14:49 Do you have email working for cron output? Put "* * * * * env" in there and see what gets produced as a test. 06:15:33 Put "* * * * * touch $HOME/foo.$(date +%T.%N)" in there and see what gets produced as a test. 06:16:30 ah, found something: 06:16:47 Jun 10 08:16:00 ramses /usr/sbin/cron[91049]: in openpam_dispatch(): calling pam_sm_setcred() in /usr/lib/pam_unix.so.6 06:16:49 Jun 10 08:16:00 ramses /usr/sbin/cron[91049]: in openpam_dispatch(): /usr/lib/pam_unix.so.6: pam_sm_setcred(): Success 06:16:51 Jun 10 08:16:00 ramses /usr/sbin/cron[91049]: (peter) CRED (Failed to set user credentials)yY 06:19:13 At least you have an error you can chase down now. 08:22:21 when i've dabbled with jails in the past, i made it so i could ssh into each jail using its own username. it was a nice way to treat each jail as its own full blown system because i could sftp files in/out of jails directly. i don't really like the idea of having everything go through a single user in the jail host system because it breaks 08:22:22 isolation. but am i thinking about jails wrong? 08:41:34 from the host system you can just copy stuff in and out of jails, without having to log in 08:42:31 and if I have to log in, I use the jexec command, on non of my jails runs ssh 08:43:22 do you still create a user per jail for the host system if you want to isolate jails like virtual freebsd systems? 08:43:35 i wanted to treat jail instances like a vps 08:44:10 I do have a user on them, depending on the system. But I still use jexec to log in 08:44:40 I mean, if you're running a webserver, you probably have a user called www 08:47:51 but if the jail's running a webserver for a specific service you wouldn't call it "www" would ya? because that's pretty generic and easy to collide with another jail running a webserver on another ip for a different project 09:04:43 anyone here migrated from RHEL? I am just interested in your experience 10:46:22 kerneldove: each jail has its own set of user accounts. There's nothing going to collide with anything, providing all jails have their own IP (VNET) 10:47:02 joemie so the users belong to each jail, not the jail host? 10:47:10 yes 10:47:46 ok so let's say you want to independently manage jail services, how do you sftp files in/out of the jail with different user accounts? 10:47:52 like imagine each jail is a vps customer 10:48:11 yes, you could do that 10:48:45 that would use separate jail host accounts, each with access to their own jail? 10:49:03 yes 10:49:20 ok but when you sftp files in to a jail host user account, how do you then get those files into the jail? 10:50:34 ermm, you connect to the service of that jail (with its IP address). 10:51:03 so you're running sshd inside the jail and sftp directly into the jail and not the jail host? 10:51:15 yes 10:51:33 ok ya that's what i set up. i thought you said earlier don't run sshd inside each jail 10:51:53 no, I didn't say that: I wrote that _I_ don't run sshd in a jail 10:52:10 ah but if you wanted to do what i'm talking about, you'd set it up like that 10:52:21 yes 10:52:26 ok got it tyvm 10:52:32 yw 10:53:55 so it seems like there are a few different 'types' of jails. a service jail that's just a service container for the host system. no sshd in it. then there's a 'virtual server' type jail that runs sshd in it and gives ppl a pseudo vps 10:54:08 then there's the thin vs thick jail distinction but i think that's orthogonal 10:55:22 You shouldn't use service jails for your purposes. Thin jails share the binaries, and thick jails all have their own binaries. Obviously the latter uses more diskspace 10:56:17 ya but you do agree there're these handful of different main ways to set up a jail ya? 10:56:40 correct 10:57:05 ok. pretty cool that jails is a sec domain primitive that can be adapted in different ways 10:59:51 anyone know if mythos ai has been donated to freebsd to find security vulns? 11:51:25 still struggling with my cron: boiled it down to a pam issue, however I'm not sure how to solve this. The pam config for cron is the same sa in the jails (where cron runs just fine). I have two messages to go on: in the cron log: CRED (Failed to set user credentials), and in the debug log: in openpam_dispatch(): /usr/lib/pam_unix.so.6: pam_sm_setcred(): Success. Neither of my 15 jails do this. 11:51:27 pam_unix.so.6 binary is the same in the jail 12:07:00 cron started working after I added an auth facility in the /etc/pam.d/cron file, but I cannot explain this, since none of the jails has this facility. 14:26:40 hello 14:27:07 I am facing a fw issue on anewly installed freebsd 15 14:28:03 wifi card has driver associated but firmware has a problem i cannot figure out 14:54:23 is this the right room for help? 15:31:27 you can ask, for sure 15:31:35 if someone knows or have time, they will help 15:38:39 midgeek, post your error messages or whatever you got to a pastebin site, ie: https://paste.debian.net/ then share the link here 15:38:58 those that might be of help can have a peek 15:39:15 im lucky my wifi just worked riht out of the box 16:07:19 Mine didn't, but I received help via the issue tracker: @midgeek . 16:31:58 anyone on stable/15 experiencing drm GPU hangs or anything like that? updating to newer llvm/clang in base and recompilation of everything ( including drm-kmod from git ) started to show such behavior 16:44:01 https://paste.debian.net/plainh/2f287880 16:45:19 this is the dmesg, it complains about missing firmware file, i don't know where to get it, no package seems to include it, ideleted it accidently, but even when it was here, it also complains and wifi does now appear 16:52:26 i am also sad drm in such a extremely lagging state. even OpenBSD has much newer drm 16:52:55 my intel wifi get a similar msg, but it doesnt actaully matter in my case at least 16:55:47 angry_vincent, Graphics were always good and snappy fast on 12 and 13 and then on 14 I started to have graphics lags. I am hoping that this improves in 15. 16:56:44 well. it was very fine on stable/15 until clang/llvm update. maybe some other things that updated besides compiler 16:57:31 If things were good then changed it would likely be a library. And if things were good in this case then I suspect something else entirely going on. 17:04:18 elivoncoderer, That firmware file should be located at /boot/kernel/iwm8265fw.ko and if missing you should be able to recover it from a previous zfs snapshot or boot environment. I /think/ that installs as part of the base system. 17:05:39 * f451 yikes @security-advisories 17:11:22 f451, Any one in particular? Or just that there were 12 of them today? (We knew something was coming because a new patch level update appeared yesterday.) 17:11:56 well the openssl there are two 17:12:29 I only see one: https://www.freebsd.org/security/advisories/FreeBSD-SA-26:35.openssl.asc 17:13:03 With the machine learning tools being applied to source we are going to be having quite a few of these large waves of patches coming through. 17:13:41 26:15 and 26:35 for openssl 17:14:03 This is expected. New tools to find bugs and vulnerabilities have appeared. People, good people and bad people, are going to be using them to find vulnerabilities. Get yourself set for applying updates as they appear! Hang on. It's going to be a rough ride for a while. 17:14:19 yeah i know lol 17:14:36 * f451 still has a 13.5 machine to look after 17:14:43 But then after we ride through the waves of vulnerabilities that are found then the easy ones will be found and we will be through it. Then the utilities will be used before code is released. 17:15:15 It's going to smooth out. Eventually. It will take a year probably. But then we will be past this. 17:15:27 * f451 hopes 17:15:27 It's like an old saying. The truth will set you free. But first it will make you miserable. 17:15:53 * f451 hopes to be able to add it to invoice 17:17:20 i need to upgrade the dev 13.5 box then upgrade php 17:18:30 All of my FreeBSD systems are up to date. But I have several older Debian/Ubuntu systems that have obstacles to upgrading that are problems. Those are going to be problematic! I am turning to jails and containers to bag them up. But it is a slog due to the obstacles that prevent them from upgrading. 17:19:34 rwp: i got hammered by the kernel update in the last debian release 17:20:03 13.5 heh thats what debian is at now 17:20:12 im glad llm has a use in bug hunting 17:21:05 that yellowkey that was released couple weeks ago, was insane bitlocker was basically wide open. 17:21:14 rtprio, "Hammered?" As in it was a bad kernel? I have hit at least two bad Debian kernels in the past few weeks. I mean I need my laptop to be able to resume from suspend! That was one. Another was a failed network and I also need my backup server to be able to speak on the network. 17:21:50 hope fable5 or whichever can review our (linux,bsd) full disk encryption software too 17:22:13 With bitlocker that was on Microsoft Windows and who really expected MS to not have tens and hundreds of remaining security vulnerabilities? 17:22:48 oh for usre 17:30:21 elivoncoderer: fable refuses to touch anything security related 17:33:58 rwp: well, it went from 6.x to 7.x 17:34:23 and my video driver didn't build with 7 17:39:59 well,i restored the missing firmware file 'iwm8265fw', and i get the same error in either the installer, or the main system : `iwm8265fw: could not load firmware image, error 8` 17:41:09 however, pciconf already shows 'iwm0@pcixxx', meaning that driver successfully loaded 19:44:29 so im learning vm-bhyve and i got linux and windows vm guests working great. when i install/start them i can connect to vmhost:vmport with vncviewer and see the install screen. vm list shows each vm, VNC address 0.0.0.0:vmport, running state. but when i run sudo vm install fbsdvm fbsd.iso, it doesn't have anything in vm list for the VM section so 19:44:29 obv i can't connect with vncviewer. the fbsdvm.conf has graphics = "yes", graphics_port set, graphics_rez 1920x1200, loader bhyveload, network0_switch and _type set, just like the linux vm's .conf has. so why not working pls? 19:55:33 does freebsd come with the ability to view html pages out of the box on the terminal? I just installed freebsd 15 on debian using qemu and selected the option to install the handboox, but it's just a bunch of html pages. Would I have to pick my own terminal based browser and install that? 19:59:19 rtprio, Oh! Debian. You did say Debian. But I didn't catch it and thought FreeBSD. I have had several bad Debian kernels recently too. Laptops need to be able to resume from suspend. Backup servers need network connectivity! I had to revert, and then newer kernels worked. I suppose there were lots of complaints. 20:00:15 td123, Most people use a graphical web browser for the handbook. https://docs.freebsd.org/en/books/handbook/ It's online. 20:00:39 But you could install a terminal text browser such as lynx, links, elinks, w3m, or other and view it in the terminal too. That's okay too. 20:04:47 rwp: thanks 20:22:31 hello, i made a mistake during installation leaving little room for swap partition and want to increase available swap. I found 11.12.2. Creating a Swap File 20:22:37 from 20:22:42 https://docs-archive.freebsd.org/doc/12.1-RELEASE/usr/local/share/doc/freebsd/en/books/handbook/adding-swap-space.html 20:24:02 this should still work for me, right? my RAM is 8 GB, swap partition currently is 2.5GB. I want to add a swap file with another 8100 MB. Am I on the right track ? 20:25:55 another option would be to reinstall again.. 20:29:10 yeah, you can do that, if you're using UFS 20:29:33 you don't need to reinstall. 2.5 swap sounds like plenty 20:31:14 thank you, rtprio ! 20:32:43 consider: if you're swapping 2.5gb, chances are your system would already be in rough shape. swapping more would not really be a remedy 20:36:11 hm so i changed loader="bhyveload" to uefi and vnc now works 20:48:42 being able to tmux a into a vm is super cool if you ask me 20:48:43 Hi, I have a question regarding packages. If I go to https://pkg.freebsd.org/FreeBSD:13:amd64/ I see the folders release_5, quarterly and latest. I understand quarterly is more stable and latest is the daily cutting edge packages. But I do not understand the differences between quarterly and release_5 20:49:54 Is it daily? I thought it was more like weekly, since it takes a while to perform a full build 20:50:30 ok, weekly it is, but my question is more on the quarterly vs release_5, maybe we can focus on the particular case of FreeBSD13 even if it is EOL 20:51:17 Sorry I don't know what release_5 is 20:53:02 I do understand that would be like FreeBSD 13.5, but then I do not understand why there is quarterly 21:08:10 scoobybejesus: i just use ssh like the rest of my hosts 21:09:13 nothing wrong with that 21:22:51 robert12 apparently you can either use the quarterly updated packages or the releases which are freeze in time 21:23:07 Thanks 21:23:19 you choose with repo you want, I do understand latest is not for production 21:33:31 you can production latest, no problem 21:36:34 I am preparing a local repo with the last release for 13 and 14 to be used in internal jails 21:36:46 sort kind of local cache repository 23:16:33 hm 23:17:34 guess i'll upgrade. the mailing list sure shoots off a lot of emails at once 23:25:06 just noticed freebsd is spitting out memory errors 23:25:11 far and few. wonder what that's about 23:25:15 MCA: Bank 8, Status 0x8c0000400001009f 23:30:04 oh. after a reboot it seems like one of the dimms isn't working. guess i'll look at that over the weekend. 23:30:34 Perhaps un-seat the dimms, re-seat them, run memtest86+ overnight, and see if the problem resolves?