13:37:19 danmcd have you tried compiling https://github.com/TritonDataCenter/ipxe in omnios ? 14:20:01 Is there a quickstart guide to adding packages to omnios-extra? It's been a while since I've done it. 14:22:15 Ah, the omnios-extra README.md is probably what I need. 14:29:07 nahamu I think there is also an example package in omnios-extra 14:37:50 yeah. 14:46:56 is there a way to tell build.sh that I don't need gcc and that I want go119 instead of go118? 15:28:32 andy I already managed to compile the ipxe from triton repo in omnios, the side effect is that ipxe binary makes smartos boot correctly in oracle cloud, that did not happen before. 15:29:24 I'll create a repo with ipxe before I lost all the changes again. 16:06:43 neirac: no. 16:22:17 neirac: I wonder what versions of tools are different? 16:22:35 (I'm officiall off BTW, so I'm disappearing in 30mins or so.) 16:33:18 danmcd oh ok, I'm sorry happy holidays! 20:08:21 answering my second question: "set_gover 119" 20:58:16 first attempt at packaging tailscale: https://github.com/omniosorg/omnios-extra/pull/1230 21:08:52 nahamu: Should the service be off by default? 21:41:26 I think the way things have worked before is that things are enabled by default (in the service) but disabled by default (in the profiles), and that's caused a bit of a mess as things have grown 21:41:34 because all the examples look like we enable stuff 21:42:14 I don't know how omnios handles that, I only know illumos does it fairly badly 22:48:01 richlowe: Yeah that should probably be the other way around I guess for many things 22:48:07 (i.e., off by default but enabled in the profile) 22:48:29 yeah 22:48:53 I would expect though that, say, installing nginx doesn't turn it on by default probably 22:52:22 i fear that we currently have a mix there :/ so getting this more standardised would probably be a good move 22:53:47 It might also make sense to have it _on_ by default, depending on how it works, though 22:54:02 e.g., if it is a daemon that is supposed to sit dormant waiting for local requests from some administrative tool 22:54:07 the daemon won't do anything until you log in via the cli. 22:54:18 for tailscale 22:54:18 Well maybe that _should_ be on by default 22:54:21 * jclulow shrug 22:54:31 Or the client tool should know how to check that it's on I guess 22:57:59 i think one of the parameters to either turn a service on or off by default was whether it required manual steps for the service to run actually and not enter maintenance immediately when turned on by default 22:58:14 but again i think this is an area which can certainly be improved a lot 22:59:24 also regarding services, IPD-17 would be nice if it ever got some traction (fenix) 22:59:24 IPD 17: SMF Runtime Directory Creation Support (draft) 22:59:25 ↳ https://github.com/illumos/ipd/tree/master/ipd/0017/README.md 22:59:57 generally what we've wanted is anything that increases the attack surface to be disabled by default, and anything that won't work to be 23:00:20 but having multiple places that are "by default" is confusing at best 23:00:20 ^ 23:01:11 like 'nginx'/'apache' work without anycondig, but so you really want it to serv a well know dir by default? 23:01:23 * sjorge ¯\_(ツ)_/¯ 23:03:35 I feel like we need to invert what "secure by default" did 23:03:52 and make the baseline manifest-less default be SBD 23:04:01 and the profiles, if you choose _open, to open things up 23:04:09 rather than _limited locking them down 23:04:33 the profiles being in illumos is a mess anyway, because obviously 90% of services aren't. 23:04:53 but I have been staring at signal handlers for two days, and my mind might be gone 23:05:22 my hope that rmustacc suffered enough on my behalf hasn't panned out :) 23:47:27 jclulow: even better would be comments in the PR. :) 23:48:03 I'm happy to make any changes to get it into shape.