danmcd have you tried compiling github.com/TritonDataCenter/ipxe in omnios ?

Is there a quickstart guide to adding packages to omnios-extra? It's been a while since I've done it.

Ah, the omnios-extra README.md is probably what I need.

nahamu I think there is also an example package in omnios-extra

yeah.

is there a way to tell build.sh that I don't need gcc and that I want go119 instead of go118?

andy I already managed to compile the ipxe from triton repo in omnios, the side effect is that ipxe binary makes smartos boot correctly in oracle cloud, that did not happen before.

I'll create a repo with ipxe before I lost all the changes again.

neirac: no.

neirac: I wonder what versions of tools are different?

(I'm officiall off BTW, so I'm disappearing in 30mins or so.)

danmcd oh ok, I'm sorry happy holidays!

answering my second question: "set_gover 119"

first attempt at packaging tailscale: omniosorg/omnios-extra #1230

nahamu: Should the service be off by default?

I think the way things have worked before is that things are enabled by default (in the service) but disabled by default (in the profiles), and that's caused a bit of a mess as things have grown

because all the examples look like we enable stuff

I don't know how omnios handles that, I only know illumos does it fairly badly

richlowe: Yeah that should probably be the other way around I guess for many things

(i.e., off by default but enabled in the profile)

yeah

I would expect though that, say, installing nginx doesn't turn it on by default probably

i fear that we currently have a mix there :/ so getting this more standardised would probably be a good move

It might also make sense to have it _on_ by default, depending on how it works, though

e.g., if it is a daemon that is supposed to sit dormant waiting for local requests from some administrative tool

the daemon won't do anything until you log in via the cli.

for tailscale

Well maybe that _should_ be on by default

Or the client tool should know how to check that it's on I guess

i think one of the parameters to either turn a service on or off by default was whether it required manual steps for the service to run actually and not enter maintenance immediately when turned on by default

but again i think this is an area which can certainly be improved a lot

also regarding services, IPD-17 would be nice if it ever got some traction (fenix)

IPD 17: SMF Runtime Directory Creation Support (draft)

↳ github.com/illumos/ipd/tree/master/ipd/0017/README.md

generally what we've wanted is anything that increases the attack surface to be disabled by default, and anything that won't work to be

but having multiple places that are "by default" is confusing at best

^

like 'nginx'/'apache' work without anycondig, but so you really want it to serv a well know dir by default?

I feel like we need to invert what "secure by default" did

and make the baseline manifest-less default be SBD

and the profiles, if you choose _open, to open things up

rather than _limited locking them down

the profiles being in illumos is a mess anyway, because obviously 90% of services aren't.

but I have been staring at signal handlers for two days, and my mind might be gone

my hope that rmustacc suffered enough on my behalf hasn't panned out :)

jclulow: even better would be comments in the PR. :)

I'm happy to make any changes to get it into shape.