Re: Possible to shut down an s6 service via command rather than signal?

Brett, I had a similar issue. (Please note: I do not use qemu and only use FreeBSD/HardenedBSD, with lots of lightweight jails). I'm surprised you need to write a catcher for signals as that should be caught by your init (Id:1) process which should be graceful? I replaced init with s6-svscan

Re: FreeBSD ports community is broken [port building configuration notes]

It seems that the ports developers have a tool that they would like everyone to use, while members of the wider community want choice. Context For my part I appreciated Hubbard's pkg_* tools. Later pkg* and the ports infrastructure underwent substantial change. After a few years pkg and the port

Re: [HEADS-UP] Quick update to 14.0-RELEASE schedule

Congratulations to the FreeBSD Release Engineering (RE) Team for the tremendous work that is going on to provide a no (known) issue 14.0 release. Glen, as the RE's media interface to the world, you continue to amaze in your ability to maintain transparency, clarity and honesty in your timely statu

Re: lang/rust: resurrect PORT_LLVM as a non-default OPTION

Hi Mark, yes it seems that some maintainers are letting dependencies bloat. A few weeks ago I had to rebuild samba4.13 (on FBSD 12.4) and it required rust to build(!). This was due to a documentation requirement to use py-poetry . Fortunately the py-poetry maintainer (I think) realised and adjus

Re: FreeBSD 12.2 end-of-life

Seriously?  There appear to be either routing or ipfw issues that thwart forwarding on 13 and possibly (???) 12.3. Refer to following which also references two other PR's https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256828 Have these been addressed in 13? Regards, Dewayne.

Re: slapcat & cn=config database

On 6/01/2022 4:35 am, Quanah Gibson-Mount wrote: Because you created your cn=config directory outside of the expected default path, which would be /opt/symas/etc/openldap/slapd.d.  Not clear to me why you chose /var. --Qu

Re: Important note for future FreeBSD base system OpenSSH update

Thank-you Ed, for providing a window for discussion. As much as I strongly agree with Dave Cottlehuber , there is sadly a pragmatic dimension.  So, off by default goes some way to improve the world, but folk do appear to need to be able to connect to "antique" equipment that they have no mechanism

s6-rc-init verbose equivalent messages?

Is there anyway of tracking down the cause of the following fatal failure? # /usr/local/bin/s6-rc-init -c /s/comp -l /s/run /s/scan s6-rc-init: fatal: unable to supervise service directories in /s/run/servicedirs: No such file or directory I've completed a disk-disk copy, as I need to integrate s6

Re: dma crashes with simple configuration?

On 25/06/2021 7:29 am, Oscar Carlsson via freebsd-stable wrote: > Hi, > > I've tried to configure dma(8) to use a smarthost (hosted by migadu.com) > with a simple setup, but it just consumes 100% CPU before crashing. I've > seen this on two FreeBSD systems on different major versions (13 and 12) >

Re: Query on s6-log and s6-supervise

Apologies, I'd implied that we have multiple s6-supervise processes running and their children pipe to one file which is read by one s6-log file. You can achieve this outcome by using s6-rc's, where one consumer can receive multiple inputs from producers. There is a special (but not unique) case

Re: Query on s6-log and s6-supervise

Thanks Laurent, that's really interesting. By comparison, my FBSD system uses: # ps -axw -o pid,vsz,rss,time,comm | grep s6 virt KB resident cpu total 38724 10904 1600 0:00.02 s6-log 41848 10788 1552 0:00.03 s6-log 42138 10848 1576 0:00.01 s6-log 4 10888 15

Re: Where might memory be reported?

This issue was raised in April '21 by Andriy Gapon title "stable/13, vm page counts do not add up". This was mentioned https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253281 though its probably more of an affirmation of a symptom. (reminder to adjust status) More relevant is https://bugs.freebs

Re: Changing daemon user, dir ownership and updating packages

On 26/04/2021 6:03 pm, Stefan Bethke wrote: > But that still leaves pkg updating the ownership/mode of existing directories > as a surprise on updating a package. I think the "right" thing here would be > a kind of three-way merge between changes an updated package brings in vs. > changes the us

Re: Frequent disk I/O stalls while building (poudriere), processes in "zfs tear" state

On 16/04/2021 2:29 am, Felix Palmen wrote: > After more experimentation, I finally found what's causing these > problems for me on 13: > > * Felix Palmen [20210412 11:44]: >> * Poudriere running on idprio 22 with 8 parallel build jobs > > Running poudriere with normal priority works perfectly fi

Journey to s6-svscan as PID 1 on FreeBSD (almost there)

On 8/04/2021 11:52 pm, Laurent Bercot wrote: >> Finally I sucked up the courage and defined in /boot/loader.conf >> init_exec=/root/bin/init_exec.sh >> which contains >> #!/usr/local/bin/execlineb -S0 >> redirfd -wnb 1 /m/fifo/catch_all >> redirfd -r - /dev/null >> fdmove -c 2 1 >> exec -c /sbin/s6

Re: Journey to s6-svscan as PID 1 on FreeBSD (almost there)

On 9/04/2021 4:29 am, Crest wrote: > There is a cleaner solution. I prefer to set the init_path kernel env > var in /boot/loader.conf and prepend the s6 stage1 script to the normal > search path. That way the kernel starts my execline script as PID 1 and > if I mess it I just have to clear the var

Re: Specific svn/git package update use case

On 4/04/2021 12:30 pm, Simon Wright wrote: > Hi all, > > I've been following the discussion about the git upgrade to the ports > repro but am not clear about how it impacts my use case. > > At the moment I track ports on the revision that the Freebsd build > cluster uses to build the "latest" pac

Re: stable/13, vm page counts do not add up

On 8/04/2021 2:59 pm, Helge Oldach wrote: > On Wed, Apr 07, 2021 at 10:42:57PM +0300, Andriy Gapon wrote: >> >> I regularly see that the top's memory line does not add up (and by a >> lot). >> That can be seen with vm.stats as well. >> >> For example: >> $ sysctl vm

Journey to s6-svscan as PID 1 on FreeBSD (almost there)

First we started with the documented approach of appending to /etc/ttys "" "/usr/local/bin/s6-svscan /run/scan""" on Which worked nicely under FreeBSD's /sbin/init. Then we added to loader.conf an init_script which is invoked via /sbin/init. This also worked well, but init remained as pi

Re: Security leak: Public disclosure of user data without their consent by installing software via pkg

The prevailing paradigm is that a package install requires an affirming action in rc.conf. Neither of "man pkg-add" nor "pkg-install" explicitly states that an installed package will do other than perform installation and updating steps. At best, it is implied that installation scripts are run by

Re: stable/13, vm page counts do not add up

On 8/04/2021 6:56 am, Mark Johnston wrote: > On Wed, Apr 07, 2021 at 11:22:41PM +0300, Andriy Gapon wrote: >> On 07/04/2021 22:54, Mark Johnston wrote: >>> On Wed, Apr 07, 2021 at 10:42:57PM +0300, Andriy Gapon wrote: I regularly see that the top's memory line does not add up (and by a lo

Re: No update for a day on ports?

On 1/04/2021 6:19 pm, Herbert J. Skuhra wrote: > https://wiki.freebsd.org/git > Thanks Milan for bringing this to everyone's attention. Would appreciate if anyone can provide insight as to the 4 git commands that I need to function, in a manner similar to the way I use svnlite use. Git equivalen

Re: possibly silly question regarding freebsd-update

On 31/03/2021 12:35 am, tech-lists wrote: > Hi, > > Recently there was > https://lists.freebsd.org/pipermail/freebsd-security/2021-March/010380.html > about openssl. Upgraded to 12.2-p5 with freebsd-update and rebooted. > > What I'm unsure about is the openssl version. > Up-to-date 12.1-p5 instan

Re: Python 2.7 removal outline

On 26/03/2021 9:25 am, George Mitchell wrote: > On 3/25/21 6:06 PM, Miroslav Lachman wrote: >> [...]  it is really not for >> everybody to use overlays in current state (overlays are poor >> documented at least). >> [...] > > Until this thread I had never heard of them.  -- George

Re: Python 2.7 removal outline

On 25/03/2021 4:01 am, Miroslav Lachman wrote: > I really appreciate the work of ports team, committers and maintainers > but I dislike double standards. All ports requiring Python 2.7 were > marked deprecated the last year almost all of them removed according to > expiration date 2020-12-31 but s

Re: Filesystem operations slower in 13.0 than 12.2

Thanks Helge, there is a 10% increase in involuntary context switching which suggests that other things were occurring on the testing platform during the 13.0B4 run or 13 has adversely changed? (And I'd discount the latter due to the voluntary CS being similar across runs) I appreciate you takin

Re: where to upgrade 12-stable now, svn still, or git?

On 13/02/2021 1:11 pm, Mark Millard via freebsd-stable wrote: >> As subject, where to get sources for 12-stable upgrade now? Is it still >> svn or is it git? > > Probably your choice. But one thing that could > bias towards svn is that the svn information > spans identifying both the svn and the g

Re: 13.0-BETA1: ipfw regression?

Stefan, Would you check that you have net.inet.tcp.always_keepalive=1, and perhaps that net.inet.tcp.keepidle and net.inet.tcp.keepintvl are reasonable to ensure that the expected keep alives are running. I don't have a FreeBSD 13 to view the defaults, but Helge might be right that "it" is already

Re: Warning: Major OS version upgrade detected

A while ago, due to mismatching ABI, I had to insert into: /usr/local/etc/pkg.conf ABI = "freebsd:12:x86:64"; Perhaps explicitly stating "freebsd:13:x86:64"; may help? BUT this will require maintenance. :/ ___ freebsd-ports@freebsd.org mailing list http

Is git/svn in sync with FreeBSD12.2Stable

I'm using https://cgit.freebsd.org/src/log/?h=stable%2F12 to monitor changes to FreeBSD 12.2Stable, as I used to use https://lists.freebsd.org/pipermail/svn-src-stable-12/2020-December/ The git site has substantially more changes than # svnlite update /usr/src Updating '/usr/src': U/usr/src/te

Re: STOP rust!

On 11/11/2020 12:24 am, Rozhuk Ivan wrote: > Hi all! > > With latest ports tree librsvg2-rust-2.50.0 is required to some ports. > It want replace librsvg2-2.40.21. > > I do not want build ugly rust during hours to build small lib in less than > minute. > > > Same with polkit & spidermonkey. >

Re: Using gcc as a build dependency only

On 11/11/2020 7:55 am, Bob Eager wrote: > I have a port that, for reasons I won't go into, I build with gcc. > > It all works fine with USE_GCC= yes - no problem. > > The issue is that it's a build dependency and a run dependency. So > anyone wanting to use it has to install gcc, and is discourag

Has geli broken when using authentication (hmac/sha256)?

Using FreeBSD 12.2S r367125M, to # geli init -a HMAC/SHA256 -e aes-cbc -l 128 -P -s 4096 -K /tmp/key ${D}s1a fails during newfs, # newfs -O2 -U ${D}s1a.eli newfs: can't read old UFS1 superblock: read error from block device: Invalid argument Using geli with encryption only, works as usual. But usi

Re: Allow PING(8) in jails without raw socket access permissions

On 15/10/2020 9:00 am, carlos antonio neira bustos wrote: > Hello, > > I have currently a patch in review with jamie which is the current jail > maintainer and kyle evans, if anyone else could comment/review this patch : > https://reviews.freebsd.org/D26782 > > What has been done is the following

Re: s6-rc : Anomalies or normal behaviour

On 4/10/2020 1:14 pm, Laurent Bercot wrote: >> 1. I expected to see the date in seconds since time epoch, but result is >> variable name >> # execlineb -Pc 'backtick D { date "+%s" } echo $D' >> $D > >  Normal behaviour, since there's no shell to interpret $D as the > contents of variable D. Try u

Re: s6-rc : Anomalies or normal behaviour

Apologies, my earlier email, item 2, pointed to emptyenv as the cause of zombie processes on FreeBSD 12.2S, actually it is due to background. # execlineb -Pc 'background { echo hello } pipeline { ps -axw } grep defunct' hello 30144 0 Z+ 0:00.00 while the following tests both foreground a

s6-rc : Anomalies or normal behaviour

Is this correct behaviour or are these just anomalies? 1. Use of backtick variable assignment on FreeBSD doesn't appear correct 2. Use of emptyenv results in a remnant "defunct" process 3. Should a bundle's contents file include the dependencies of its contents file, for a down change to the bundle

Re: [AusNOG] Azure AD - Office 365 outage

On 29/09/2020 8:32 am, Mark Anthony Delfin wrote: > Good morning all! > > Looks like early morning issues for some > https://status.office365.com/ > > We are affected too. > > ___ > AusNOG mailing list > AusNOG@lists.aus

Re: Unusual display from sysctl on FBSD12.2S

On 26/09/2020 12:11 am, Andrey V. Elsukov wrote: > On 25.09.2020 09:27, Dewayne Geraghty wrote: >> sysctl -a or sysctl vm displays on syserr, >> sysctl: S_vmtotal 48 != 88 >> >> on FreeBSD 12.2-STABLE #0 r365645M. Are others experiencing this? >> >> It h

Unusual display from sysctl on FBSD12.2S

sysctl -a or sysctl vm displays on syserr, sysctl: S_vmtotal 48 != 88 on FreeBSD 12.2-STABLE #0 r365645M. Are others experiencing this? It has been this way for a few months. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman

init_exec precedence, before or after init_script?

A recent change to init, has introduced the welcome init_exec kenv. Unfortunately "man init" indicates ambiguity as both: init_script and init_exec are run as "the very first action". So that needs a change. Due to this ambiguity I referred to the source, and init_exec is performed first. As ini

Re: The spkr driver

Appreciate the notice Warner. :) Yes, I use it on various devices: - as a clock signal to indicate the time, different pitch each 1/4 & hour (aka a chiming clock, very useful when busy) - advice when a box has completed booting - advice when snort (& others) thinks there's a problem using differe

Re: What are my options regarding deprecated PyPy port?

On 26/08/2020 7:12 am, figosdev via freebsd-ports wrote: >> the easiest way, if you build your own ports, is to svnlite update -r >> '{2020-03-29}' /usr/ports/security/w3af Note the date before removal from >> the ports tree. > > Thanks, this is probably what I was looking for (a way to get a co

Re: What are my options regarding deprecated PyPy port?

On 25/08/2020 11:49 am, figosdev via freebsd-ports wrote: > Hi, I'm new to FreeBSD-- I installed it for the first time this week. > Honestly, so far it has exceeded expectations. > > I installed X11, but the first thing I installed was PyPy2. > > Unlike CPython2, which is EOL'd, PyPy2 does not t

Re: www/py-html5lib with FLAVOR=py27 failed to build

On 27/07/2020 4:34 pm, Kubilay Kocak wrote: ). > > The strategy, plan and execution for deprecation of Python 2.7 and the > guidelines for deprecation and removal of Python 2.7 ports was not > coordinated with, discussed with or executed by the Python team, as it > should have been. > > The issue

Current vulnerabilities of lua and luajit appear in China's database

I'm unsure of how to proceed regarding the vulnerability notifications at http://www.cnnvd.org.cn/ which affects all lua and luajit versions on FreeBSD. Normally I'd wait for the US CERT notification. However lua is part of the base FreeBSD and per /usr/src/contrib/lua/README we're using lua 5.3.5

Re: RFD: proposed new (likely virtual) category, education

On 18/07/2020 1:09 pm, Pau Amma wrote: > This category would comprise ports that are mainly educational in nature > or purpose, such as: > - course-writing or course-delivery applications, > - classroom or school management applications (eg, scheduling classes), > - applications, utilities, or game

Re: State changes via pkg's scripts

On 8/07/2020 5:23 pm, Baptiste Daroussin wrote: > On Wed, Jul 08, 2020 at 04:32:34PM +1000, Dewayne Geraghty wrote: >> Is there a more convenient method to examine a package's scripts than >> unpacking the manifest file and >> # cat +MANIFEST | jq -rM '.scripts&

Re: State changes via pkg's scripts

On 8/07/2020 4:52 pm, Dave Horsfall wrote: > On Wed, 8 Jul 2020, Dewayne Geraghty wrote: > >> # cat +MANIFEST | jq -rM '.scripts' > > Sorry, but this always pushes one of my buttons.  When using "cat file | > proc" > what's wrong with "pr

State changes via pkg's scripts

Is there a more convenient method to examine a package's scripts than unpacking the manifest file and # cat +MANIFEST | jq -rM '.scripts' ? As I'd like to know what changes will, or have been applied. For example to review the dependencies of a file # pkg info -d -F /packages/K8/All/samba410-4.1

Re: Ports failing with -fno-common with clang 9/gcc 9

On 24/06/2020 7:00 am, Kyle Evans wrote: > On Mon, Jun 22, 2020 at 1:35 AM Tobias Kortkamp wrote: >> >> On Thu, Apr 30, 2020, at 14:56, Kyle Evans wrote: >>> In any event, I would urge folks to be proactive and identify this >>> stuff, reporting issues upstream and spreading awareness of the >>> i

Re: cups-pdf crash status -139

I suspect that you've set your locale incorrectly. You might like to try (what I think you're trying to use) /usr/share/locale/en_US.UTF-8 instead of, what the ktrace is using, which is: /usr/share/locale/en_US.UTF8 An easy mistake ;) On 18/06/2020 12:04 am, Per olof Ljungmark wrote: > On 2020-06

Re: Upgrading to 12.1S 362003 - a few issues

>> I've placed the ktrace (sq3.kt.xz) and LD_DEBUG output (sq.deb.xz) at >> http://www.heuristicsystems.com/squid4K > No need, the problem occurs somewhere in user code. Try to build the > binary with debug symbols and look into the coredump with gdb. > >> >> Pity about ldd, but I appreciate the

Re: Upgrading to 12.1S 362003 - a few issues

Hi Konstantin, I did try ktrace/kdump but kdump complained of "data too short". Using your suggestion about LD_DEBUG nearly caused me to fall off my chair. I think this is most relevant: # setenv LD_DEBUG 1 # ktrace -f /tmp/sq3.kt /usr/local/sbin/squid start /libexec/ld-elf.so.1 is initialized,

Upgrading to 12.1S 362003 - a few issues

After upgrading to 12.1Stable as of June 11: 1) squid - fails with segmentation fault, ldd "Cannot load PIE binary" 2) gcc9 - suffers a cc1 internal compiler error 3) pkg-static - issues "failed" messages, unable to package or install Environment Xeon E3, ufs2 only, previously running FreeBSD 12.1

Re: Improved PIE binary tooling

Thank-you Ed. Though I have two questions: 1. We've recompiled all the ports I use with either -fPIC or -fPIE and the linker flag -pie. Is there something required for ports to utilise these changes, or are the changes only in the mk files affecting the base system build? 2. I've also taken adva

Re: jitsi documentation

Well considered experienced-based guidance, clearly written and well explained, an excellent document assembling all the required pieces. I look forward to deploying. Perhaps with an additional note about your usage experience, this would be a good article for the FreeBSD Journal? (or at least an

Re: ASLR/PIE status in FreeBSD HEAD

It would be palatable to have a "secure.mk" under /usr/ports/Mk/Uses that enables pie, relro, now, noexecstack and elfctl features. Then port users can enable/disable their (elfctl) default features as they wish. I look forward to removing long lists of category/ports from my make.conf that make

Re: FreeBSD Port: open-vm-tools-11.0.1_3,2

Suggest that you add to make.conf DISABLE_VULNERABILITIES=yes On 5/05/2020 8:08 am, Kurt Buff - GSEC, GCIH wrote: > All, > > Has been done? > > I just built a new machine on our VMware cluster and tried to install this > from ports on 12.1-RELEASE-p3 with an updated tree, and it complained abo

Re: Bind 9.16 port error still lingers

I think a few people have given the advise that you should look at the placement of your pid file. I don't know what the default is, but I have pid-file "/var/run/named/pid"; in my named.conf file. This ensures that I'm able to successfully run named as the bind user and the pid fi

Ports failing with -fno-common with clang 9/gcc 9

As -fno-common will become the default in gcc10/llvm11 per https://lists.freebsd.org/pipermail/svn-src-stable-12/2020-April/004761.html I thought I might share the list of ports that failed to build for maintainers to be aware of using -fno-common: archivers/arc benchmarks/iozone benchmarks/netpe

Re: ASLR/PIE status in FreeBSD HEAD

020 at 04:19, Dewayne Geraghty > wrote: >> >> I'm on a similar ride. We run applications in both i386 and amd64 jails >> with FreeBSD's ASLR enabled (sendmail, squid, apache, ...) and all good. > > Great! > >> On the build server, the i386 jail with a

Re: ASLR/PIE status in FreeBSD HEAD

I'm on a similar ride. We run applications in both i386 and amd64 jails with FreeBSD's ASLR enabled (sendmail, squid, apache, ...) and all good. On the build server, the i386 jail with aslr enabled wasn't able to build gcc9; so this was disabled kern.elf32.*. ntp was the only real application th

python 2.7 marked as deprecated and EOL while 2.7.18 RC is available

Its very confusing building ports at the moment. At https://www.python.org/ there is a release candidate for 2.7.18, while our python 2.7 has been marked as deprecated with an expiration date. Can the Expiration Date of 2020-12-31 be retracted? It appears that devel/scons, at least, requires pyt

Mk/Uses/gnustep.mk uses incorrect GNUSTEP_LOCAL_LIBRARIES

I'd raise a PR but Mk is immune. The problem: devel/sope4 failure to build due to: ld-elf.so.1: Shared object "libgnustep-base.so.1.26" not found, required by "plmerge" Investigation: # make -C /usr/ports/devel/sope4 -VGNUSTEP_LOCAL_LIBRARIES /usr/local/GNUstep/Local/Library/Libraries # ls /usr

Re: [Dovecot-news] Headsup on feature removal

Thank-you for the heads-up notification. It is very helpful for planning. Unfortunately we do not allow any languages to be installed on production systems (per the security people). As we do use autocreate/subscribe plugins, could you please direct us to any workaround for our current use of pl

Re: ntp problems stratum 2 to 14?

> The interrupted system calls (EINTR returned from select()) are normal. > Notice that each time it happens, it's associated with a SIGALARM being > delivered to ntpd. Ntpd uses SIGALARM at 1hz to periodically get > control and decide whether it's time to poll peers and do other > periodic work.

Re: ntp problems stratum 2 to 14?

Ian, Good points. I did remove the fudge and 127.127.1.1 lines from the config with the same result as below. Interestingly the clock at 10.0.7.6 isn't really unreliable, as its been my time source since 2005, and serves clients, so it is pretty ok. Without a local clock, named fails (its linked

Re: ntp problems stratum 2 to 14?

On Thu, 27 Feb 2020 at 06:43, Peter Jeremy wrote: > On 2020-Feb-26 16:37:43 +1100, Dewayne Geraghty > wrote: > >I usually run ntpd with both aslr and as user ntpd. While testing I > >noticed that my server with a direct network cable to my main time keeper, > >jumped f

ntp problems stratum 2 to 14?

I usually run ntpd with both aslr and as user ntpd. While testing I noticed that my server with a direct network cable to my main time keeper, jumped from the expected stratum 2 to 14 as follows (I record the date so I can synch with the debug log, also below): vm.loadavg={ 0.09 0.10 0.18 } Wed

Re: runit SIGPWR support

Yes Colin, you're right. PWR is not in the FreeBSD list of signals, per # kill -l HUP INT QUIT ILL TRAP ABRT EMT FPE KILL BUS SEGV SYS PIPE ALRM TERM URG STOP TSTP CONT CHLD TTIN TTOU IO XCPU XFSZ VTALRM PROF WINCH INFO USR1 USR2 LWP Also doesn't appear in Open Group Base Specifications Issue 7 l

Can s6-tlsd use openssl, rather than libressl?

Thanks to Ilaia's email, I looked into using s6-tlsd, but I'm a bit confused about what libraries are needed, and hopefully not libressl? https://www.skarnet.org/software/s6-networking/ indicates dependency on stls, sbearlssl. https://www.skarnet.org/software/s6-networking/libstls/ requires libre

Re: Light GeoIP support dropped?

Alexander, Unfortunately maxmind have changed their rules and as per AdamW's notification in the geoipupdate message for version 4.1.5_1, https://svnweb.freebsd.org/ports/head/net/geoipupdate/files/pkg-message.in?view=markup advises to go to https://www.maxmind.com/en/geolite2/signup to create an a

Re: s6 usability

On the question of PATH for BSD land (FreeBSD, TrueOS, HardenedBSD et al), binaries installed from packages (ports) live under /usr/local, with the exception of /var and /tmp. The wars were fought and /usr/local can easily be mounted read-only. Of the 1446 packages I have installed (no deskto

Re: s6 usability

Hi Steve, Does the *user* need to code execline scripts, or is it just something the program does? If the former, then make a point that one doesn't need to use execline for s6-rc to be a very powerful startup system. No the user doesn't need to write execline scripts. The following equally a

Re: runit patches to fix compiler warnings on RHEL 7

Jan, I'm also a virgin to process/service management software, learning s6-rc, s6, execlineb is not for the faint-hearted nor the time-poor. Getting a handle on the concepts, and the naming conventions - its really hard work. Execline enforces a discipline, a rigor demanding anticipatory pla

Jails with securelevel 3 still need retpoline?

I want to have a secure platform, but would not like to degrade performance (amd64 based systems) If everything that a user touches is in a jail (sendmail, dovecot, squid, httpd, ...), and each jail is running at secure level 3 AND there are no /dev/mem nor /dev/kmem devices accessible within the

Re: jexec as user?

Good question Ronald. A test - I can login to jail (b3) where I run apache as www user, so # jexec -U www b3 /bin/tcsh > whoami; id www uid=80(www) gid=80(www) groups=80(www) Expected - good! and I can, in the host # su -m www -c "whoami; id" www uid=80(www) gid=80(www) groups=80(www) Good - so m

Who should I believe - iostat or mount -v?

While monitoring various deivces I noticed that the results from mount -v and iostat weren't the same. I'm "assuming" that iostat is the more accurate due to geom tasting (on a memory disk?), or is something else at play? Simplest example: mount -v -t nonullfs |grep md7; iostat -d -c 1 -tda -x -

Re: Cisco 12G SAS RAID support (FreeBSD 12.1-RELEASE) ?

Chris, After you've booted the kernel, the correct way to load a module that isn't already in the kernel, is to: kldload mpr To check if mpr is loaded, try kldstat -v|grep mpr However, if you've already placed mpr_load="YES" in your /etc/loader.conf and rebooted your device, then you probably need

Re: s6-log can create current with 640?

Hi Laurent, Answers embedded On 26/10/2019 4:27 pm, Laurent Bercot wrote: >> I'd mistakenly assumed execlineb knew where its friends were; though in >> hindsight its a bit much to assume that execlineb internally changes the >> PATH. > > The real question is, why is there a "umask" binary that's

Re: s6-log can create current with 640?

On 26/10/2019 4:06 am, Guillermo wrote: ... > Let me guess: the value of PATH is > /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin, > execline's chain loading umask is in /usr/local/bin, and FreeBSD > happens to have an 'umask' shell script in /usr/bin. If that is > correct, then you'l

Re: s6-log can create current with 640?

Laurent, I've embedded responses: On 24/10/2019 10:58 am, Laurent Bercot wrote: >> My initial attempt >> >> #!/usr/local/bin/execlineb -P >> s6-setuidgid uucp >> redirfd -r 0 /services/ntp/fifo >> umask 037 >> /usr/local/bin/s6-log -b n14 r7000 s10 S300 !"/usr/bin/xz -7q" >> /var/log/ntpd

Re: False positive in skalibs system feature test

Thankyou Laurent. So cat /usr/ports/devel/skalibs/work/skalibs-2.9.1.0/sysdeps.cfg/sysdeps reveals getrandom: yes Now adding --with-sysdep-getrandom=no to the configure line, we get from: /usr/ports/devel/skalibs/work/skalibs-2.9.1.0/sysdeps.cfg/sysdeps getrandom: no and we obtained a 211K strip

Re: False positive in skalibs system feature test

While building skalibs-2.9.1.0, I notice that the getrandom option isn't available on FreeBSD 12.1 Stable. What I have from ./configure --help is: "... Sysdeps autodetection override: --with-sysdep-K=V assume sysdep K has the value V [autodetected] List of mandatory K for cross-comp

Re: s6-log can create current with 640?

Thanks Jonathon. Both attempts were within the execlineb context, so I assume that umask was correctly employed ;). I tried My initial attempt #!/usr/local/bin/execlineb -P s6-setuidgid uucp redirfd -r 0 /services/ntp/fifo umask 037 /usr/local/bin/s6-log -b n14 r7000 s10 S300 !"/usr/bin

Re: s6-log can create current with 640?

Thank-you, Colin. My brain turned to mush integrating logging with fifo queues across multiple jails (aka very lightweight VMs) and disjoint users (userA writes, userB reads). Unfortunately they're across various jailed systems, so the s6 fifo tools aren't applicable. I appreciate your advice, a

s6-log can create current with 640?

Is there any way to tell s6-log to set the mode to ./current to something other than 644? 640 is preferred? For example: I write to the logdir /var/log/httpd/error which has privs: /var/log/http drwx-- 2 uucp uucp 1.0K Oct 23 12:37 error/ Within /var/log/httpd/error -rwxr--r-- 1 uucp

Re: FLAVORS for Ruby

Bottom line: flavors came into being to satisfy specific needs. Python 2 underwent substantial changes during the upgrade to python 3, to the extent that many (most) python applications would cease to function. Similarly php5 to php7. Without flavours the user-base would've been severly impacted

Re: FLAVORS for Ruby

Bottom line: flavors came into being to satisfy specific needs. Python 2 underwent substantial changes during the upgrade to python 3, to the extent that many (most) python applications would cease to function. Similarly php5 to php7. Without flavours the user-base would've been severly impacted

ASLR affecting ports builds or use-tracking location?

Where would be the most appropriate place to track ports that are failing to build/run due to enabling ALSR on FreeBSD12.1Prerelease? I note that the issue regarding ntp has been addressed (refer https://reviews.freebsd.org/D21581) but I've also come across another which failed to run within an AS

ASLR requirement for images

>From the comment at https://reviews.freebsd.org/D5603 "The procctl(2) control for ASLR is implemented, [but] I have not provided a userspace wrapper around the syscall. In fact, the most reasonable control needed is per-image and not per-process, but we have no tradition to put the kernel-read at

Re: ntpd doesn't like ASLR on stable/12 post-r350672

The data and stack sizes are interesting when comparing ntpd 4.2.7p411 (9.2 from 2014) vs 4.2.8p12 (on 12.1Pre) # sh -c 'ntpd --version ; procstat -l $(pgrep ntpd)|grep -E "data|stack|lock"' ntpd 4.2.7p411@1.2483-o Sun Mar 9 01:25:57 UTC 2014 (1) 34798 ntpd datasize 52428

Re: A better method than daisy-chaining logging files?

Thanks Pica. I've sent the ktraces to Laurent and will update when possible.

Re: A better method than daisy-chaining logging files?

Good point. # ls -lrtha /var/log/httpd | grep error; ls -lrtha /var/log/httpd/error" drwx-- 2 mylogger www 512B Jun 18 17:31 error total 12 -rw-r--r-- 1 mylogger www 0B Jun 18 17:31 state -rw-r--r-- 1 mylogger www 0B Jun 18 17:31 lock drwxrwxrwx 6 mylogger www 512B Jun 18

Re: A better method than daisy-chaining logging files?

Thanks Joan, I appreciate the advise, unfortunately the box I'm working returns: # ps -axw | grep s6-l|grep erro 83417 - Is 0:00.01 s6-log n14 r7000 s10 S300 n14 -.* +fatal: 2 -.* +^STAT =/var/log/httpd/error/status f !/usr/bi # ktrace -f /tmp/s-log.txt -p 83417 ktrace: /tmp/s-l

Re: A better method than daisy-chaining logging files?

Sure. I don't think the permissions are particularly weird? ;) Remember we're effectively talking about two VM's one running apache and the other being a log recipient, so priv's aren't a big deal in this latter's context. On the logger, the files, as requested are: # ls -lrth /var/log/httpd |

Re: A better method than daisy-chaining logging files?

Laurent, if you keep this up, I'm going to think you're mystical. Putting mylogger into the www group did fix the "problem". And not without a sigh of relief! FYI: The fifo queue permissions, which the jail sees pr---w 1 mylogger www 0B May 31 13:27 apache24-error| The final log repos

Re: A better method than daisy-chaining logging files?

On 31/05/2019 10:52 pm, Brett Neumeier wrote: > On Fri, May 31, 2019 at 4:21 AM Laurent Bercot > wrote: > >>> I just attempted to link an apache24 instance to its log files via a >>> bundle, which isn't acceptable to s6-rc-compile. >> My advice is to use s6-rc's producer/consumer mechanism for on

A better method than daisy-chaining logging files?

I'm still working the Apache problem, and I'm using s6-log to manage the logs. I just attempted to link an apache24 instance to its log files via a bundle, which isn't acceptable to s6-rc-compile. The approach attempted was to chain: 1. apache24 (longrun) and is a producer-for apache24-log 2. apa

  1   2   3   4   >