From owner-freebsd-questions@freebsd.org Sun Nov 17 09:03:23 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 033321BB3C5 for ; Sun, 17 Nov 2019 09:03:23 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47G5j66KrBz3N3f for ; Sun, 17 Nov 2019 09:03:22 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 7A8301BB4E for ; Sun, 17 Nov 2019 09:03:22 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [IPv6:2001:8b0:151:1:8b:46a3:b3d4:fb3]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 047A663E3 for ; Sun, 17 Nov 2019 09:03:19 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/047A663E3; dkim=none; dkim-atps=neutral Subject: Re: consequences with pkgs of freebsd-update upgrade? To: freebsd-questions@freebsd.org References: <20191116173351.GA19947@bastion.zyxst.net> <1C961C3D-06ED-4D06-AEFB-E97F795C973C@kicp.uchicago.edu> From: Matthew Seaman Autocrypt: addr=matthew@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFJIL80BEADi7/VbnnErDU6pjEhI/SzEZ/HbDRkJ5g7HroAtqIRm6nj8ZwOAgZ/2ZnWn 5F+fXTuLsG0FLNtkd17FoVcuCi5e/GPliXI5cmamV7E1Yz4T8UsJ7RQolimyxVexccKd16Tc AA7B9bFlJSKkBUSD0buj7VjT07xWhRzu6Vgi5r0UjLALYJz977uZA0F1aOGOXREDEAOhdcNc kSNjynqAwDA6dCT1Elpi4key1fYjv4jyDF+GU/YXul2Y/rguA8FCkHd9vyym5eAsLQ5mG00V V9fkEHIpH5KorNVnl/ufHXnkZqmHAZVpFDcrshb7aZ/pL45PXyWgLj+e6etelgj3a2bZi0JF cVdXCnBZVP2oIyYblM11ugTbfCwodORU8a5KfPeztMdAtDr4e+32NTrPdPi5rLT+GUsYz+PL 3A3m3u8bdsFp40DlIrBtSByVjqERxcfhphrEB4J8BXHUG7OAtXkZMlW/PGKDwXJq0O6Z5Tcg YHAoEiSWbXiexHgXNJyP+sqnIlhLWhSJGeJ+C83wqI6oYlZUCW00NkPxcIHnQPV/z+5wQVci TMyaWC2YCIHz4Ljs+TnwWMz0E8PNFDfHVbQ0W4PRGV7gRAqxfL+yKufauIEGbEq8rNDbSwL3 bcUCxR4ZDlaUEUwT4J8naf7rjdgiEYHs2Ig3jeK1+ER4FPG1sQARAQABtCRNYXR0aGV3IFNl YW1hbiA8bWF0dGhld0BmcmVlYnNkLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgMC AQACHgECF4AWIQRyz6whebywJLW1RZADb2ye5/OevwUCWttU6gUJDFmAlAAKCRADb2ye5/Oe v7D/EACF6YL98cq6u20rai9gDCS+XY7HDGxowreE2HTAZXQmJTatSaEgiJMJUXfjXn7U/L+q zFhjOC2kiOze1yIWrptoxFa29lSUi3jWHNv7BM2bA4i7jjtwR8Ep2wSvDDl99jewDc6Ewot4 p598S5tZt4my9yGLeaCiN44IPg4U2ftnjcoONtrBOVyIHvVK5QL5r+wyqfdlySbAs026kJAZ rkwAL2ZVy3m1xNSmM8MojwSeX/5puv5JG2FoFb+VphZKCpgaqoEAN2jCqoJW9nnbAth1bYiM djiVr+k8pQl4CltFgpzSKxGbxXUSdPmEpA67FsV0BLIq5xy5VkvzoM+SD1hd3EQgfCyvFlf5 ClSwb5aQRf9ZqiyFAkVEtEOgF7S9q7H6MHyVFzrLfGzmTdpzu7jCCoYbZ7dX1aniatAxLKl6 EBgZxtLRu5bqalguv0FV1C8qnGLuvUMqp8RoJzLd8sWBGMTsUl/GOf+cEZl5u0q9vg9pBJxg KLi2NX3V4Bk8vkOUJFuk8ll7kRQ/7rrGLBkZNfcadb970jB5bvsxMhoc9P/2dIa1YzsGnqbE vG+JrZ2475hvs1jPZ/gdLWEcquGAhGjekfArLBbagqfo6gsuHnUD1K+HfVGQBkKJl+lNhbOR guHGT5hx/4RSYBVakz1RpM5dnk271lH0LxWeE4okSrkCDQRSUUKTARAAt6FH3HbDFoumOWUu JlDgOQs3wdp2n3IKv7gqzbDdgaoWW7hDTvjO0Cb6p2PGUKEoxMQQoIdDO0pQ9rgr4Sh4VSVC 9WMO/fUwqdrIs2nACIg4OwvNhIccW08S+N72f+yuXWOQ/dv79cwruE26/BEXgIP09MYcOWwc UCXzOoUR3er+jzcsN9uFjcsBVUJLIEru1askHRzCUa5P9S9GAFBwN49HC5IJWEzdLP27FjjO G5UG3+QZahHrjG1i6S3bIYXtaGsqNyfkp9Is7Wpj2kk+s9Ua+YMG/V5YVlbANIexa1yr75p1 W9biqXpCWnB3TaHSfI0G1t9w8K2qhR/Z1/YLIcRzZ2aHJnvbzJYw5Cs1jfNpFytbASsxj0rb ReouftlBvVWFRxsZ+oG1ZXL64/SVKMZAnfBNxd1uajp+HtoQtYoTu88la6zcdnAhOD5JdOnt N2VF8iQnDfPgkidfuSZ1C059xaRPTSRJBgMRDtOlDxgz7Pxx/7L2jwxRY1dq6NGioflY7CCp Gc7bi1K6xnf3lBL8X2nGpRAVsg9Lx1ShIWkgNbTAcPXpXcXlJ1xqz8HS8Twadh6gIfk/RNch BIED9lkVCKHYp/XQb8T8vMwn/kTWUm5WlPkQUFQN4D1b6+dJw4bwn/wiRS8did1MU1OytJB6 tljfEUCx0uKkzqr+33MAEQEAAYkEuwQYAQoAJgIbAhYhBHLPrCF5vLAktbVFkANvbJ7n856/ BQJa21VJBQkMUG42AonBvSAEGQEKAGYFAlJRQpNfFIAAAAAALgAoaXNzdWVyLWZwckBub3Rh dGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5RjE1NEVDQkYxMTJFNTA1NDRFM0Yz MDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp5OdNFg//ZqeVdGoKkMvALPzZjGz84+6l0kcM xSN4TfWmec0YpSmDEzCw4/SZoGqHlZb8lcTevmNrNXg6c+wVw6P+Ycl20Nzb98Kt9C5sz+zG VmPPK+3O9gaPnEqlIKnnbxKXXNHQdd8Mf0UTpifMqX0IkWOqhe/tQKGoQ9+feKvLIaToIe/N josW6vJ9YAgFqZ0015zwbElhMNFmgDMOI2SgjBZ9ngP1U82Mqb7/7G9GxHtnwuJBSnPJgN8t av2O9uWPC0N8deyZBH4y9ERBPTFMc46wjkW030olcq7g4hZ55rpPIEyGQZCq4u1gGibbiQJZ EyUQT7BJm70/PeUr3uNjPlQODV/lF5TBvqGHEmlSQfo6Yb/QQx07CK9bvhUSO2XP3ybS8Jwo MZlgZzZcjiPiQF9ot6152/Cp/XrsKgtk+fg5ARZpyywRlQk1JCHRZvhgXIxqNYA04uwdPFcL I4vPiDaLS8mhXHLRZsSpHmIBqqrnam5Lq7iDc39UZrSJMM40oy3iAOI2B7AOCbzxRuEplJd3 E/tEqrnFGcPVN+h52ka74lEyfkwA2RrASWJJcXLN3/VsizEj8okepefzjU/UPnU8sirzeWWo 8Z4uKddovk//NwAPUJbee4vZLjYE6MWdpEoZP9CZXbtIPWuc9Djg16aHOgv44JPokDMaHA27 A4rw2KwJEANvbJ7n856/SPkP/1bGUde7lnRTNd8c0ZrUtEi+OOibKyh7BjLUpzlihj3rGl9l jAF0eCdBrL1We3MDDcyi+XO7VZLiecZTlG6LLXFvEFjYpyPRx3bXlWk1/ahEiBoLWxedseNd FrO+H5XX6ODmKFFLhXgpsXnAxtM6Mxmrx0CGW4qzfUi7Vsqj86gqlcet0/k5RqPMAhrGX5fN nQNWSAwumeFKM8UgDpKY0u7M2tS07B0ozXOSpqGTSJhX6Ld2Nl95CL3wbSGuh1pDUOysAnzK 5Rl/OQ9LtYpWomAKg6yn7gKYij5XmekAg/E+ybr5Gyx2PgMQUGtuNmBRWP1qKtVUbrOekiuN z7kpdrP7M2O7i/cxWjGpVtjDNWuGkFgY3c+sKKawBma81K4rg044nkGwFX98vfEHVGu+HOd3 D+Mv47nv4LQvzynBG/YflwaPmLhpw7HCPvpa4W7y8+5AKxDqWlM2NvrLwmwbmz9dQMGtjnNR m4uHfPX8AyzBoMtDrxNLIvDYlLqh+G2Q1shNNNdRNXn9Z1pvri6KAHmH9GlISuM/jQfItout +Gtx9QUlNX3aIsdScTLA3jnMOpHcALCGI+XMiBNaVuYUxHgHh+MNYhmjQZZqASBCvVj1Hyib DPZa/iQ4DBGBRlJb+8saPPqYVDQhosWSF20aJKwepZIIOFjpMgmCIqZAnqK4uQINBFJRQrgB EADUWFag56O3CaycayGght1rYWYz7P9/3s7OlqAuEAId8/kSz8jXzAb/Qb6t0247a2MD0gxn jgZQy2OiQOsOTrc31L6tUrLVATL5Q3oKIh9hOlNMA+cRjsgY3UmMaSw+Gftp64EJDBQwBXWT 7CSUEJw4PqzwMPiTHRkmqQfzdfNagFJVqZ0e+cznoLzI9WvkccwLW1kicBYEysX5yOXUQ9/P cKqRWcbxLFznJ16JsxL1DeUct5WRWUxECY2rM0t+AkNRa3NpzskiMUSzFhiGmJo9yyy1RS4d rjMhEn/IcM1sO21ZF/WWuUVkul65qngFnaFDDRQ5lU3AagWhLhmppmK/yabSVfqz38B1APoB WuldYprslTbAOJrL2xFtiH7m9VYbP2aGdwr9V/C27kiNWnm/lYzP9Z+dTFkxw2V+BOjiLWzD DD6pEE7YDhiPyoopadOyXtoJf3aK1OI+DBu3piBA/CDDDvavruM+3mjxUxcOo8w8rMaJzDUD LG0yOyhKWef3UW5ly3CKXe8+m/MZe0GavNBJt0ObLQpPmnn9b2kP/xS0ssszo8uzlfSMiGi9 AedAoRQ7vFXfI0MBb0M8gJ6Ht/+j1b5Al9ABeeA3PRuu+aBJwBRdFp4AV5BsCa0Qb3aqVJUP uBvtY56aWWB9sSfQ1qeu/loRxkJbHhaPJswscQARAQABiQI8BBgBCgAmAhsMFiEEcs+sIXm8 sCS1tUWQA29snufznr8FAlrbVUkFCQxQbhEACgkQA29snufznr+YBw//TJtAC9d/FYQQHKQg /QOEkcAL8Qx4HA2SICnhKqv64jPcYIUYocOO8Qayh+IVDa6MGkbsWdweUFuexMsW+17dqETf QjUApx32TUwF44WgIEfARLW2zRdRcXfsT4A2sQJCvNJrJnH3lywiJi+V848Q4sC3sSJREpcJ d07oc2jxSKZyYZ1DBPfK1MyiwcBt2uFCTXdyFMham2aYLDP2JYvFP08tjTUAIKhe4B0bPTtl dCf5sH5q8xrpaHnKHf0n7qMmK7NtGW/9R6WiCruiNsLnO95fms1tzKKfA4QXIYCEWl8XsRKw p51HZDjQu/KxPsjm6BL4eThnae9t3Zs5J0LiPxoFbN+pW7anft3YCeezB8+gus7I1Rn5yJMR yYRRVHtZZTBDQfoDqHgLY14GYtFGOT0IR/OuAzYM1CoMvVExgqVWixDwF5RH1OHO1TANqTGc rRm1lvasCWIphpoQVtkN4/PXGa+NhzsRmr/c5OUYxQNroE8cdsK8mOIBRz9D2JpF7d2nr1X+ vA4zk2JL61aCnc62BfSYNZWhCcOPJZUhFT9BqAkew0kkJzQ3jwHGAhfcfozTHoFsD08qAW0O UriEtH+EOXl+dYbjlNUjFPjJu49cZbtp/1TpsYOBdME1QLM1TPanYXa7tb+IrRZN+Oi9i9VV ym16DK7q21k3j0qRC0s= Message-ID: <6b12048c-6ad5-0acc-ced5-92cf9f8b92d0@FreeBSD.org> Date: Sun, 17 Nov 2019 09:03:17 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <1C961C3D-06ED-4D06-AEFB-E97F795C973C@kicp.uchicago.edu> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="hh7pkVTcLBvZhyCTIT4Dgp18C3rtxIEpG" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 09:03:23 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hh7pkVTcLBvZhyCTIT4Dgp18C3rtxIEpG Content-Type: multipart/mixed; boundary="F2JkNN7LbhDvOAnTJPGsm4kjw9ebMxlew" --F2JkNN7LbhDvOAnTJPGsm4kjw9ebMxlew Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 16/11/2019 18:31, Valeri Galtsev wrote: > yes to everything. Basically, you first need to upgrade poudriere > machine to the latest base system using freebsd-update, and upgrade all= > packages on it (poudriere being one of them). Then rebuild all packages= > you maintain using poudriere. Then upgrade the other system, and > re-install all packages on it. >=20 > Experts will chime in if I=E2=80=99m missing something. Actually, for the most part, this isn't true. Your poudriere build box does not have to exactly match the installed version(s) of your client machines. The actual requirements on your poudriere machine are: * Same major version as the clients you want to support * A supported version of the OS * Not newer than any of the clients. Thus a 12.0 poudriere machine can be used to maintain packages on a mix of 12.0, 12.1 and 12-STABLE machines. However for the 11.x branch, you'ld need to be running at lease 11.3-RELEASE in your poudriere builder, due to recent changes in the versions supported by the ports. If you follow these rules you will be able to build and successfully serve pkgs of the vast majority of the available ports. There are a few exceptions though. These are certain loadable kernel modules, which need to be compiled against the same kernel version as you are running -- or at least a kernel with the same KBI version. Cheers, Matthew --F2JkNN7LbhDvOAnTJPGsm4kjw9ebMxlew-- --hh7pkVTcLBvZhyCTIT4Dgp18C3rtxIEpG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAl3RDNVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp 5Oc9zQ//dtmippGh63Q3IMdFqRtQ1CBx/HWKhJ6kbS7WM3Uln+DgucQMmxkHdjDT wAjTiLIFjiaq8bzFuIxAnM+53MUMD8hkZ4VetuRY80AJiM63o4NHUWkiVefjKS+t QCpFac8wSMIKEWjDNW4yOtjhPYFJho5gMibNV6LzZUW/uWghNFqLchZ6B6Om7LEh n5wEB0FBY4lo4T64P3K4lfDUEicOd4X1MgJJUjyWNd09MRW5+Pp9US26FPIBdJhh +XK6fy5STJ0/nNJJYwy56EhzYeeRhoqjPv0VdwxYonKgviQvi4Ep7JAZWNhdfjBB 2BQlgbzdizqs4yatd0ppW3hLukSfYHt03xAuaCulgfpKvoML+hK0rvI6pNdUPZ+N 5va5F/VSjBH9GIM+w7U/OXjIrAzlbbzzR59edblY6X2EQE+uHE03e2O+0jtIXlHB gzkA+hmPX+H778MNi1f7Y3d49M9UdJINi6tAUwZOv5IsOFPePkjAaQ9vjhq5Bi0R b9NVyjTEdHhwcjhiyKIIZXNsvuP8XG6fS6uPdvGSCQNlnpb7swN3ThrbS0cEQLdl QNkRH4ufycMaj4pqvpcX+hUKJ0PLBbambrbR5cUCPl6ly+3iMEZFN4d1orcH0qeX XxahV3mhTEsPldSpwMrFoMo0WHcuMZHGdQcbSMR7V/ZEL3k4hjw= =VQJC -----END PGP SIGNATURE----- --hh7pkVTcLBvZhyCTIT4Dgp18C3rtxIEpG-- From owner-freebsd-questions@freebsd.org Sun Nov 17 14:23:59 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC2E61C194C for ; Sun, 17 Nov 2019 14:23:59 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47GDq11Zm5z46q7 for ; Sun, 17 Nov 2019 14:23:56 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 56E69433 for ; Sun, 17 Nov 2019 09:23:55 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Sun, 17 Nov 2019 09:23:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zyxst.net; h= date:from:to:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm1; bh=NjjTTWgFbsQAmToIPQ2kGRzE0xB aZDlFN20Uvksqd38=; b=kixxlqZ/FFh7a6lbg6YUdsgy/wDafO7p68IswurKPYd q9qLS+09LarOmKbCPBHZjRHUE7zcYVbm1OsaScST4V8plAo8B33sp/T7FcQHWJfO t4wAFVmrgk5ElQZ8ChjIHxgPzyT7V4lBmzHiwsbZE2Q/fFfdnesk1NrRqTGsVbjI NBtPsM4GGpLL1G2Q7IqZ62fiiMQtsewrGAWOWOQHtGUCcl0Ouwj2MSOHKzAYmZIY JMTpX5S7GaaZymNoCBgyuz/477wF94zds7Bz4fzzbQzR2rKEbo9dbu/bra85AgD4 5OxSLG0cdNprJgr9MpCNcZzc3oEMkXr+rJyDLXNLmYw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=NjjTTW gFbsQAmToIPQ2kGRzE0xBaZDlFN20Uvksqd38=; b=N9I/biYF1xD2hgNwKiB9aT Vtm4LlKK8RCOlGjIfwXsrv9gsV5RdDmEXjwnGWNoJ0UEfFEv+8pGoPwLzR5vLJyI cCCf9hrrS8+aQZlBEjf7Alcc2fGTg2LC2nHeh577HKHiBtxVcKvgE4tsC1yqLoj0 FghKiCtjBUp9zSW7v/A17N+fnzXUmOK6Xle8ZTBWCE2N5wqdDj6SkkdX+AaK/BrE //ajhRobPmEqwnFsa8CRsv0hpBX2RcfKP0DANblTULAH8MFCjUaKhE5KUwJuDJve 23kbj8xvO6P1txrz4z3BwexqU2H6tuMQEJIBQe1mEL2Ysv8Gexe8rQpfRpRRIetw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudegvddgtdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujggfsehgtd erredtredvnecuhfhrohhmpehtvggthhdqlhhishhtshcuoehtvggthhdqlhhishhtshes iiihgihsthdrnhgvtheqnecukfhppeekvddrjedtrdeluddrleelnecurfgrrhgrmhepmh grihhlfhhrohhmpehtvggthhdqlhhishhtshesiiihgihsthdrnhgvthenucevlhhushht vghrufhiiigvpedt X-ME-Proxy: Received: from bastion.zyxst.net (bastion.zyxst.net [82.70.91.99]) by mail.messagingengine.com (Postfix) with ESMTPA id 31CDB306005E for ; Sun, 17 Nov 2019 09:23:54 -0500 (EST) Date: Sun, 17 Nov 2019 14:23:25 +0000 From: tech-lists To: freebsd-questions@freebsd.org Subject: Re: consequences with pkgs of freebsd-update upgrade? Message-ID: <20191117142325.GA75104@bastion.zyxst.net> Mail-Followup-To: freebsd-questions@freebsd.org References: <20191116173351.GA19947@bastion.zyxst.net> <1C961C3D-06ED-4D06-AEFB-E97F795C973C@kicp.uchicago.edu> <6b12048c-6ad5-0acc-ced5-92cf9f8b92d0@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM" Content-Disposition: inline In-Reply-To: <6b12048c-6ad5-0acc-ced5-92cf9f8b92d0@FreeBSD.org> User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47GDq11Zm5z46q7 X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=zyxst.net header.s=fm1 header.b=kixxlqZ/; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=N9I/biYF; dmarc=none; spf=pass (mx1.freebsd.org: domain of tech-lists@zyxst.net designates 64.147.123.20 as permitted sender) smtp.mailfrom=tech-lists@zyxst.net X-Spamd-Result: default: False [-7.19 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[zyxst.net:s=fm1,messagingengine.com:s=fm1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.20]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[zyxst.net]; DKIM_TRACE(0.00)[zyxst.net:+,messagingengine.com:+]; SIGNED_PGP(-2.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[20.123.147.64.list.dnswl.org : 127.0.5.1]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:11403, ipnet:64.147.123.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-3.49)[ip: (-9.80), ipnet: 64.147.123.0/24(-4.91), asn: 11403(-2.68), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 14:23:59 -0000 --cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Matthew, On Sun, Nov 17, 2019 at 09:02:50AM +0000, Matthew Seaman wrote: >The actual requirements on your poudriere machine are: > > * Same major version as the clients you want to support > * A supported version of the OS > * Not newer than any of the clients. > >Thus a 12.0 poudriere machine can be used to maintain packages on a mix >of 12.0, 12.1 and 12-STABLE machines. However for the 11.x branch, >you'ld need to be running at lease 11.3-RELEASE in your poudriere >builder, due to recent changes in the versions supported by the ports. > >If you follow these rules you will be able to build and successfully >serve pkgs of the vast majority of the available ports. There are a few >exceptions though. These are certain loadable kernel modules, which >need to be compiled against the same kernel version as you are running >-- or at least a kernel with the same KBI version. ok I understand, the KBI needs to remain the same. The context for this is building nvidia-driver. How does one show the KBI of a running system? freebsd-version -kru doesn't show it [1]. I can obtain it from a poudriere host for its jails by running=20 poudriere jail -l Is poudriere-devel smart enough to use the PORTS_MODULES=3Dx11/nvidia-driver statement if I define this in the src.conf for that particular build jail? thanks, [1] I understand KBI to look like this: 1201000 - is this correct? --=20 J. --cWoXeonUoKmBZSoM Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE8n3tWhxW11Ccvv9/s8o7QhFzNAUFAl3RV+YACgkQs8o7QhFz NAVdUQ/9EjYN+TYocXJ1dcdFHYbTSPwt61mb7AdyyLon6J5xT2lb+jZV8frjHGW/ lky4J5TRZIKPZwQ4Up+VlHTBxzOtetH96/pCHSenVfhrzRDkzEvZ85QISRwowO0j +CzhkTSzz3Ad4pCg0WSiToik0ma8QUVhvVtUWCkYYgFxNQL2PDWYhVNZ0fj28/4n Qjkx2Nc1ul01bSc2ZfENlR1O6ZgGN2lX8CNTbvaikT8adqRepu65DWfW0zAO+vzf s5xULDDpr9LqZgfLoSIE0gzF+FcH7mEP+U7MPIEtoWsWak+wx6dPjEAeUpFIWMBo o+i/00DPIB+HFemeRDuJno18rrWBHhpg383CtWezfP7ctxCJX5bbOJg+a1gVJ7Ii rkkB8NCfDhR/wS6H+vb4A9sTMxX/tH7EQhNuaikg29L5RBmjTwxSUh9CfJgHy9hb Q0giRqMtFbhf0dKEhL3Rv23Hgxof9IcqWFonZ0koF2nNe/AMLIksDk1xvwglX16t Kgcu3KNzoNMR7LzzcwCJSA6SJRJEds/m+ZECVKsAESHBhzQslYVOuJoeSeQjMLNr ToLN1sajo5FSOjhC4rwP2acqzhyqXM7C8/Q0jrauWM0i0nkr+UeLAPeOAAQUTj7/ bqv/a5JXHkmc7yn5xVotcCX8NFnkYHr7SVdrsgsvAfq6Cat9Ruo= =bZ83 -----END PGP SIGNATURE----- --cWoXeonUoKmBZSoM-- From owner-freebsd-questions@freebsd.org Sun Nov 17 15:31:16 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DAAD91C2C83 for ; Sun, 17 Nov 2019 15:31:16 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 47GGJg3tzwz4SB9; Sun, 17 Nov 2019 15:31:15 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from [IPv6:2607:fb90:a22a:2891:f0a4:9aa7:a960:7c04] (unknown [172.58.139.75]) (Authenticated sender: galtsev) by kicp.uchicago.edu (Postfix) with ESMTPSA id 7E36F4E657; Sun, 17 Nov 2019 09:31:14 -0600 (CST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\)) Subject: Re: consequences with pkgs of freebsd-update upgrade? From: Valeri Galtsev In-Reply-To: <6b12048c-6ad5-0acc-ced5-92cf9f8b92d0@FreeBSD.org> Date: Sun, 17 Nov 2019 09:31:12 -0600 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <75B695E3-B9EE-49B9-82CC-1FF3C7B59E0F@kicp.uchicago.edu> References: <20191116173351.GA19947@bastion.zyxst.net> <1C961C3D-06ED-4D06-AEFB-E97F795C973C@kicp.uchicago.edu> <6b12048c-6ad5-0acc-ced5-92cf9f8b92d0@FreeBSD.org> To: Matthew Seaman X-Mailer: Apple Mail (2.3601.0.10) X-Rspamd-Queue-Id: 47GGJg3tzwz4SB9 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu (policy=none); spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu X-Spamd-Result: default: False [1.83 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; RECEIVED_SPAMHAUS_PBL(0.00)[75.139.58.172.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; NEURAL_HAM_MEDIUM(-0.37)[-0.373,0]; IP_SCORE(0.13)[ip: (0.37), ipnet: 128.135.0.0/16(0.18), asn: 160(0.15), country: US(-0.05)]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0]; NEURAL_SPAM_LONG(0.48)[0.476,0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 15:31:17 -0000 > On Nov 17, 2019, at 3:03 AM, Matthew Seaman = wrote: >=20 > On 16/11/2019 18:31, Valeri Galtsev wrote: >> yes to everything. Basically, you first need to upgrade poudriere >> machine to the latest base system using freebsd-update, and upgrade = all >> packages on it (poudriere being one of them). Then rebuild all = packages >> you maintain using poudriere. Then upgrade the other system, and >> re-install all packages on it. >>=20 >> Experts will chime in if I=E2=80=99m missing something. >=20 > Actually, for the most part, this isn't true. Your poudriere build = box > does not have to exactly match the installed version(s) of your client > machines. >=20 > The actual requirements on your poudriere machine are: >=20 > * Same major version as the clients you want to support > * A supported version of the OS > * Not newer than any of the clients. >=20 With all due respect, this is quite different from what I know about = poudriere. And the difference is in the fact that poidriere builds = everything in jails. Therefore, here is what I have (Note, that all my = machine run RELEASE): 1. host system is the highest version of the RELEASE 2. for poudriere buld the same major/minor versions RELEASE jails are = created, collections of packages for each minor/major version is built = in jail the base of which is exacly the same as minor/major version as = the system you build packages for. In other words, Matthew, you don=E2=80=99t need to have separate host = running FreeBSD 11.3-RELEASE, packages for FreeBSD 11.3-RELEASE can be = build on FreeBSD 12.1-RELEASE in jail which has base FreeBSD = 11.3-RELEASE That is the beauty of pouderiere, it is designed to have everything = built on one machine. So, here is what my poudriere box is today: host system: FreeBSD 12.1-RELEASE jails packages are built in have base system as the machines packages = will be installed on: Jail1: FreeBSD 12.1-RELEASE Jail2: FreeBSD 12.0-RELEASE Jail3: FreeBSD 11.3-RELEASE =E2=80=A6 The simple explanation why it is appropriate is: when built in jail = everything is as on the system of level the jail base is, so appropriate = libraries are linked etc. The necessity to run highest version on pourdiere host stems from the = fact that you can not run jail of higher version than that of host = system. I hope, everything is clear now. Valeri > Thus a 12.0 poudriere machine can be used to maintain packages on a = mix > of 12.0, 12.1 and 12-STABLE machines. However for the 11.x branch, > you'ld need to be running at lease 11.3-RELEASE in your poudriere > builder, due to recent changes in the versions supported by the ports. >=20 > If you follow these rules you will be able to build and successfully > serve pkgs of the vast majority of the available ports. There are a = few > exceptions though. These are certain loadable kernel modules, which > need to be compiled against the same kernel version as you are running > -- or at least a kernel with the same KBI version. >=20 > Cheers, >=20 > Matthew >=20 >=20 > Thus a 12.0 poudriere machine can be used to maintain packages on a = mix > of 12.0, 12.1 and 12-STABLE machines. However for the 11.x branch, > you'ld need to be running at lease 11.3-RELEASE in your poudriere > builder, due to recent changes in the versions supported by the ports. >=20 > If you follow these rules you will be able to build and successfully > serve pkgs of the vast majority of the available ports. There are a = few > exceptions though. These are certain loadable kernel modules, which > need to be compiled against the same kernel version as you are running > -- or at least a kernel with the same KBI version. >=20 > Cheers, >=20 > Matthew >=20 >=20 ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Sun Nov 17 16:28:15 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9F79D1C3E3B for ; Sun, 17 Nov 2019 16:28:15 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 47GHZP6kKBz4Gr8 for ; Sun, 17 Nov 2019 16:28:13 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) (Authenticated sender: galtsev) by kicp.uchicago.edu (Postfix) with ESMTPSA id 200BC4E657 for ; Sun, 17 Nov 2019 10:28:13 -0600 (CST) To: FreeBSD Mailing List From: Valeri Galtsev Subject: Who mainains https://www.freebsd.org/ website? Message-ID: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> Date: Sun, 17 Nov 2019 10:28:12 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47GHZP6kKBz4Gr8 X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu (policy=none); spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu X-Spamd-Result: default: False [2.22 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; NEURAL_HAM_MEDIUM(-0.02)[-0.022,0]; FROM_HAS_DN(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; NEURAL_SPAM_LONG(0.01)[0.007,0]; RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.13)[ip: (0.37), ipnet: 128.135.0.0/16(0.18), asn: 160(0.15), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 16:28:15 -0000 Dear All, does someone know how to contact the maintainer of https://www.freebsd.org/ website? I opened it today for some reason, and I have noticed that "new to FreeBSD" clickable image blocks at least one of the supported production releases in my browser (my browser is latest firefox on FreeBSD 12.0-RELEASE workstation). In other words what I see on the fron page is: Supported Releases Production: 12.1, 12.0, - 11.3 is totally covered, just visibly not there. I'm sure I have seen the same in the past, and I really feel that that sort of "fanciness" of design of the website obscuring vital information is something that needs to be addressed. Thanks for pointers! Valeri -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Sun Nov 17 16:54:59 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E3DD91C4570 for ; Sun, 17 Nov 2019 16:54:59 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) Received: from sonic313-20.consmr.mail.ir2.yahoo.com (sonic313-20.consmr.mail.ir2.yahoo.com [77.238.179.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47GJ9F0TqDz4RsV for ; Sun, 17 Nov 2019 16:54:56 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) X-YMail-OSG: XZMAZBQVM1mtnt0QmPaaT1GQfCL01Wa9wm3iXk.99GLrYqVUOasH_27Uxanl8ko 2dH2OuVkaToGrKm0dT5UCAQkYelFvBNWZIE2Y2sK1ReK3xzXkAZB5A89LKzGB6nQRfp30u2kwqAd Lc.Px1HzZdcsiTHQ_ZjSehygnQuakUs6.alQy.uXAGxeoNeGrTG4x1PIWVl1bkBcl2svTNLboAGF D9sdHhV_ry2KVzWEDkd.y_UgM_HhdA64N3ER7fdLa7TM.HpDYq_X_kqyVkcreUp23ss_V6Xmoh3R 9rNQknmA7f_Up6FHxskysX6CeXs3AygxosJPbAkBL0CIxUIjrv7MbeZwo3PJaMTZdbzeHSAOfx1e 9N5cR9jyxy6ce0GKuAVK.UgNUBWk4WhehqEkVlogGY3ctTTOC8LZZidVnzkt0SvuG82TBUNB_I9t aLW.Df.bAH64bndMXnveTzrlCya_6EGsandLQIy5e8uhBkZieEFqa.EZW9CBvWFBqYqiAaQPPB1k EGgz79WyURHMPeFN_E9F45bB6lCk3gK7jkdPpkzvw2MiVliUMPwp20YA9qetqX.a3BOIZ6x6rdkO XR76zWA3EbwoUaMOyzRj09Gitavr2N9GRbDNRMX0awkxguuGRh7vzTxEZamai.Vtc7X1dMNNPAsj VZSLYFgDyC2ybEQn1ovtnVB5cRuN.XQSUenUvjJ1waAh_GsNH.4qc2Q1esjK3.jkVfxlfRCmJWCM nPl65deuPgqkwf1b.u4e2krogOeneN.aw_ultDEGgLK4JgmQP0ZUy9cjPSKOyE5p98kPlogBDQnK UXRbn7g5p3euHxFOmjrmiPzlNFgGAXT8.d8JsiN7CeWYmS_zHXd_fnirqVQNlCfK5Y1DChzUWzvZ Wn.O3padoaSIq4dd9Xjyj96v1w4.yzuEAWip0MKSjLqIpnnwDxTmPvzXVTjkIuc1LUnqBvTrdXJc PQJKiZVljha9wEtJrUOGhzyrNtM7Lu00J79AaYefAaqzIbZXJVU.9uYDWVvV.N0i.uGTSfRXS0Ck b0tAToZiykuNdbmSkLk5znirJSRliLWQTyKfF0RXncviqngHPI_P1P.Ce4706dy1rH_HCw4OguaW 07cnBDzOWNh0YFhJ3dWmqOF6ZnJMydJQx3bz0Z7ZMVV29mVavpdyeHVdo8ILIKeAzKXfFcgKXBs. NPC6KqIgff7uw.DunyWShUfVnO9niLlKDQb8zogKlxXl4eTOyhL2HIHMqLAUjeVI1NXWuI394hAF nK7bZfsvkBnCkiStdJdqGe9oInHOaNKdj_6SgMONXm6NEiOMzwGHPySE4o4ds5TF7zUXPqmujdUU ztqDpP.VMXak4nZvUBCTVMbrHNqJZoVV4ratZ6zKxHqYPuum3WyrBrKOHuwO8ftVfoEnr0wVVTpW 9kXLP81D4N7uuE5yp.65Q Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ir2.yahoo.com with HTTP; Sun, 17 Nov 2019 16:54:54 +0000 Received: by smtp419.mail.ir2.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d74462ebf7137fe931ad9fce440ae97f; Sun, 17 Nov 2019 16:54:53 +0000 (UTC) Date: Sun, 17 Nov 2019 17:55:05 +0100 From: Ralf Mardorf To: freebsd-questions@freebsd.org Subject: Re: Who mainains https://www.freebsd.org/ website? Message-ID: <20191117175505.4c6078ad@archlinux> In-Reply-To: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> References: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> X-Mailer: Claws Mail (linux) MIME-Version: 1.0 X-Rspamd-Queue-Id: 47GJ9F0TqDz4RsV X-Spamd-Bar: +++ X-Spamd-Result: default: False [3.45 / 15.00]; XM_UA_NO_VERSION(0.01)[]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; FREEMAIL_FROM(0.00)[rocketmail.com]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[rocketmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[rocketmail.com,reject]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:34010, ipnet:77.238.176.0/22, country:GB]; IP_SCORE(0.00)[ip: (3.34), ipnet: 77.238.176.0/22(2.25), asn: 34010(1.77), country: GB(-0.08)]; FREEMAIL_ENVFROM(0.00)[rocketmail.com]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[rocketmail.com:s=s2048]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:~]; NEURAL_SPAM_MEDIUM(0.99)[0.990,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE_FREEMAIL(0.00)[]; NEURAL_SPAM_LONG(0.95)[0.949,0]; RCVD_IN_DNSWL_NONE(0.00)[187.179.238.77.list.dnswl.org : 127.0.5.0]; RWL_MAILSPIKE_POSSIBLE(0.00)[187.179.238.77.rep.mailspike.net : 127.0.0.17]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 16:55:00 -0000 Hi Valeri, first of all my apologise, since a while ago I assumed you are female, since Valeri is a German female name [1], but after taking a look at https://kicp.uchicago.edu I noticed my mistake. Using $ firefox -v Mozilla Firefox 70.0.1 on Arch Linux everything is ok, see the attached screenshot. Regards, Ralf [1] Valerie ist ein weiblicher Vorname. Er ist zu unterscheiden vom M=C3=A4nnernamen =D0=92=D0=B0=D0=BB=D0=B5=D1=80=D0=B8=D0=B9 (Walerij, Waler= i). - https://de.wikipedia.org/wiki/Valerie --=20 =E2=80=9CAwards are merely the badges of mediocrity.=E2=80=9D =E2=80=95 Charles Ives=20 From owner-freebsd-questions@freebsd.org Sun Nov 17 16:56:18 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 714871C465D for ; Sun, 17 Nov 2019 16:56:18 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47GJBm71JNz4Vm2 for ; Sun, 17 Nov 2019 16:56:16 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([178.12.112.166]) by mrelayeu.kundenserver.de (mreue009 [212.227.15.167]) with ESMTPA (Nemesis) id 1MNss4-1iCUMV3sEq-00OJfv; Sun, 17 Nov 2019 17:51:00 +0100 Date: Sun, 17 Nov 2019 17:50:57 +0100 From: Polytropon To: Valeri Galtsev Cc: FreeBSD Mailing List Subject: Re: Who mainains https://www.freebsd.org/ website? Message-Id: <20191117175057.7d05fa37.freebsd@edvax.de> In-Reply-To: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> References: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:JdqiecgA6e0DFBClE4SrnA2i9qpAbGHYpXqH/69Iea94Ac9DyQO gZnG/L6BKptNj5I5IKONyjpXUxO9zaVBneI1ddo2+wzW2jsncZi4KvPF67FsUoD+pXBb9At t2MQZwSSE2eSzr2+RFMJuSk+mercGR268lxRS285fn3ExcEkFffz1kleH5Ua2slUjFqK2ai LuTJV9C1FXz8gW4Mlx83A== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:V4Z6QuYJ108=:rzvobALrnAkHXan6iy2dwm PydZNsov1vlGvxhGYxrwRqzadJqTYfelKywp54rI4ZCayI1TZnOzeEXVmVgOl3lRquicscU4Y hdY/VFQZQfMYdnUTiH2Sm81ieoO0x3JvXuANqukMRZnVfir2IqbDxb33YAACzzTi/iH5nxl9j 2NeeAvGmv0HCAoWg1NeykpBpN4KXfHFC/g4PgFJ+evT8BxvnfaX7AAImwUdtFrFe3a0olTrrW duOKslLwtZAgO6ZhC3SZsNbIN8hyg3p1nQV8Ff/ujFH+C+oPqibMtUzTPiYSvXjCet4H3NDpI V62CSHUA8pm16RR7HWkKVFYXrVUx+dbFbIlGAVO1IRmNTPAqPuHvnZ0gM5VYaVXHiYvDE6WiI YTFUd3OaFOhP/8hUBM/f0rA5U9T0SC5xIfQlJCdJ8CVSGrQVS7ttCs3tVmoPiADNTCXp9Hs53 FbT7sqoSreoBYpWUSkuhroFo2DiQEEG0wX0QqCq9FxHY8B/UTPubZe/oayl2xmzHoeRozDust QYYmQbQN9W68dSG/SRLEgLYqwZuz3fdOM9omef3MUkkEavbdIjwvY2LuAOrG3kiMBfTICIhsf z/bpN4y32AQoHhphETgUM8YyvEPS/X673rpZ9sEXFTU8CBBvrS2uVLNuIfJRVRHH7KNF0zbAN kmGIKCTF3fd2VoNZ8Etp9SM2KEIFGy7vXnYCOB+P3f89o64To7MilhqyjgslCpVizQjpekPf2 uDoYQTLQDGxrNlxgGuAkz5asba1DCDq9nIUv7xkp4/rOHJjEUeCByMLd9ypraN6SyQpt1q4S8 +ckusQL//ZE65RtTNjHjAVygSEdqe9yxuSKszNfKbyAW2mbs+cjSSZzOyidkWCQWQF6IsLExW CmiheV/zd27N/jy5Ys/A== X-Rspamd-Queue-Id: 47GJBm71JNz4Vm2 X-Spamd-Bar: ++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.126.130) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [7.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RECEIVED_SPAMHAUS_PBL(0.00)[166.112.12.178.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; SUBJECT_ENDS_QUESTION(1.00)[]; ARC_NA(0.00)[]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; REPLYTO_EQ_FROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.93)[0.926,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[1.000,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[130.126.227.212.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; GREYLIST(0.00)[pass,body]; IP_SCORE(0.67)[ip: (2.33), ipnet: 212.227.0.0/16(-1.26), asn: 8560(2.30), country: DE(-0.01)] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 16:56:18 -0000 On Sun, 17 Nov 2019 10:28:12 -0600, Valeri Galtsev wrote: > Dear All, > > does someone know how to contact the maintainer of > > https://www.freebsd.org/ > > website? > > I opened it today for some reason, and I have noticed that "new to > FreeBSD" clickable image blocks at least one of the supported production > releases in my browser (my browser is latest firefox on FreeBSD > 12.0-RELEASE workstation). In other words what I see on the fron page is: > > Supported Releases > > Production: 12.1, 12.0, > > - 11.3 is totally covered, just visibly not there. I'm sure I have seen > the same in the past, and I really feel that that sort of "fanciness" of > design of the website obscuring vital information is something that > needs to be addressed. I can confirm with my older Opera version, the "1" of "11.3" is visible, the rest is covered. Inspecting the source makes me think the div positioning in the CSS is a bit off... According to the contact page https://www.freebsd.org/mailto.html you should probably contact the webmaster team: Anything web related, technical stuff belongs to the scope of the Webmaster Team, excluding bugs in the documentation. Check https://www.freebsd.org/administration.html#t-webmaster and see if this matches common understanding. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Sun Nov 17 17:07:03 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1DB3F1C49CF for ; Sun, 17 Nov 2019 17:07:03 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) Received: from sonic302-21.consmr.mail.ir2.yahoo.com (sonic302-21.consmr.mail.ir2.yahoo.com [87.248.110.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47GJR95tg0z3F6s for ; Sun, 17 Nov 2019 17:07:01 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) X-YMail-OSG: cbG04coVM1mlP.MB16ebwF6hXIfjNFQb9bw.jOmxrncgtN2JVfwq_GKXRGKbOlw hPkil3McD6OtCsl.evJSYAI4gm_8uI.tUCfOk.05UpnD327Zari5J_F4F8QIe_yuC0e2ysiBHY7D maXjG8c9rWrxUMeW_j1SZG3v7wXpkRHfHv0Ou5h_Q_OoNkSg3b_rbgGGivGkQrdDKUAeasy4zwez E6PNB6iOq2HYGvUdBy.Hqcl8FySrGQC14icjFmcsNh5EQnRwDFoJCNRdQ8DEze3.8miiIeg3U8Hf aJvqi5wpIT8PJJ4j6jqF8YEcLMhcyE93sd3s7EFGDWcXxKui55AIV0Yhva46Np7iCVC1H4Po26kk a3soeMwW.hYKVx4vCeGJPEGRn_eejpHnpot0C4S4aCZIGx3DaNGIvuChT7drewifbGtLpMzvEvMa vX2WXA9naBk.K1yEiuepzS0jRoc.3R_197YU2TKIzOP_yr57e.f8aOhH2rcOcT9f1jSQSNWw6Mfm ZkdDS8igG4_xIfsuvAhnjrXoc1xuhU3_5YbS1ZgfV.vHhdYt4fT.V0RguivX5bTQ4J0kbXX9FC9G TefgiIFQbgAADsYohPzczaq9RLuF9GN.orF_NGqSxBLdDnyEpbICZwG4D0euGH3abMixKAgJkqAQ ocdTSnhYJV37ylcqT1daCeApnnS8_FjMocMEr.BXlfSg0lMFjQfYlbgzJOIyJn.Dxdd1JYW4FNaY zFlX3fa7x0apKyKugBpMGi9xWLZeGhGbHEHEjVDQq78h3k4r7oVTYJJD9D6oGbwQTkyJET.fq0YL Rnl4Xsq2MjoMi2YGr_W3POKxUITZRNA3iigXGWkArCwEozbgDcO7O4ikef9lZxaiYmSTXPVAD1G8 Z8vSodzS2WEA5mo.3bLWQgmWKotTcGw2DdN3cWG1BPGeDb7G69P8Zmo7_d8Z2VyNfNRUrYHRpWbU 4ronIotPHD_8CCALuqNm5JoE3tjjlk2QyNEoaGyUNt6N1ozXEJCByoOM9ple3mDREcjk90Y1sPTj fs84pzK0IgycuHgomACeX1R6DKHD2qKfGovMFZY9trQ5PHhxmKkiOpt6e3IbRjgsPZifYLXYK2pY sO9HtFFTi_DhDlqMyxy1Hn0kbZ6o9iorKaP8sSGt5XGucGYociqrQ49hbZefhbybFgW7s1gl1srf lLH._1wbS_X2JdUPNfO9qxXuzoc3Jnw5NlA32Bb.MGI3hH0tBMTtI6chfnFU7UtU8SjVhw_35V2q lZYx8kUnvYLAaUBdFuCtOWF29LXsswyEf1FC6HPE.dqCu4mcje__dCma3JBQCS8KAKYg_0HjE5.d lA00BzUZvIZoR1LErw8NtVEn4CuKq_vOgXAhEOqoRO7WJY8Y.VTsV86D56dqtL2ed1.bvZN4qM9T 107aSViqd9fzj_EYwqg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ir2.yahoo.com with HTTP; Sun, 17 Nov 2019 17:06:58 +0000 Received: by smtp413.mail.ir2.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 0c5014fd4d508587049422cf4ded1bff; Sun, 17 Nov 2019 17:06:54 +0000 (UTC) Date: Sun, 17 Nov 2019 18:07:06 +0100 From: Ralf Mardorf To: freebsd-questions@freebsd.org Subject: Re: Who mainains https://www.freebsd.org/ website? Message-ID: <20191117180706.53c710bc@archlinux> In-Reply-To: <20191117175057.7d05fa37.freebsd@edvax.de> References: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> <20191117175057.7d05fa37.freebsd@edvax.de> X-Mailer: Claws Mail (linux) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 47GJR95tg0z3F6s X-Spamd-Bar: +++ X-Spamd-Result: default: False [3.37 / 15.00]; XM_UA_NO_VERSION(0.01)[]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; FREEMAIL_FROM(0.00)[rocketmail.com]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[rocketmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[rocketmail.com,reject]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:34010, ipnet:87.248.110.0/24, country:GB]; IP_SCORE(0.00)[ip: (3.22), ipnet: 87.248.110.0/24(2.45), asn: 34010(1.77), country: GB(-0.08)]; FREEMAIL_ENVFROM(0.00)[rocketmail.com]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[rocketmail.com:s=s2048]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; NEURAL_SPAM_MEDIUM(0.90)[0.900,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE_FREEMAIL(0.00)[]; NEURAL_SPAM_LONG(0.96)[0.963,0]; RCVD_IN_DNSWL_NONE(0.00)[84.110.248.87.list.dnswl.org : 127.0.5.0]; RWL_MAILSPIKE_POSSIBLE(0.00)[84.110.248.87.rep.mailspike.net : 127.0.0.17]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 17:07:03 -0000 The small attachment was removed. The link to the picture: https://i.imgur.com/JCyzOIp.jpg --=20 =E2=80=9CAwards are merely the badges of mediocrity.=E2=80=9D =E2=80=95 Charles Ives=20 From owner-freebsd-questions@freebsd.org Sun Nov 17 17:19:38 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 54FBE1C4E4A for ; Sun, 17 Nov 2019 17:19:38 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 47GJjh6Hk5z44bC for ; Sun, 17 Nov 2019 17:19:36 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) (Authenticated sender: galtsev) by kicp.uchicago.edu (Postfix) with ESMTPSA id CFC544E657 for ; Sun, 17 Nov 2019 11:19:35 -0600 (CST) Subject: Re: Who mainains https://www.freebsd.org/ website? To: freebsd-questions@freebsd.org References: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> <20191117175505.4c6078ad@archlinux> From: Valeri Galtsev Message-ID: <519ef336-ce87-4acb-9c6d-1c68da518509@kicp.uchicago.edu> Date: Sun, 17 Nov 2019 11:19:35 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <20191117175505.4c6078ad@archlinux> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47GJjh6Hk5z44bC X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu (policy=none); spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu X-Spamd-Result: default: False [1.66 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; NEURAL_HAM_MEDIUM(-0.26)[-0.256,0]; FROM_HAS_DN(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.31)[-0.311,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.13)[ip: (0.37), ipnet: 128.135.0.0/16(0.18), asn: 160(0.15), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 17:19:38 -0000 On 2019-11-17 10:55, Ralf Mardorf via freebsd-questions wrote: > Hi Valeri, Thanks to everyone who answered, including those who answered off the list. > > first of all my apologise, since a while ago I assumed you are female, > since Valeri is a German female name [1], but after taking a look at > https://kicp.uchicago.edu I noticed my mistake. > > Using $ firefox -v Mozilla Firefox 70.0.1 on Arch Linux everything is > ok, see the attached screenshot. I will not attach the snapshot of what I see (as we are communicating through mail list), but try grabbing right bottom corner of the browser window, and move that around. You will see that with resizing of window darn clickable image floats separately above the rest of the page and can block some information. That IMHO is not appropriate for website where INFORMATION is paramount, not a cool look. Herr Polytropon in his response had given more details about the internals of that front page. Valeri PS My first name originated from Russia, where it is mostly male given name (so my parents were not crazy giving me that name), some females have the same name (modified to indicate female). As far as I know the name came to Russia from France where it is both female and male name. The spelling Valeri was made from cyrillic (and was acceptable) when I published my first paper in English language based journal (my earlier publications were in Russian). The spelling was acceptable conversion from cyrillic as one of the options, including when my passport in English language was issued. I don't care frankly what gender one thinks I am on the list - provided it doesn't end up in proposal of marriage ;-) > > Regards, > Ralf > > [1] > Valerie ist ein weiblicher Vorname. Er ist zu unterscheiden vom > Männernamen Валерий (Walerij, Waleri). - > https://de.wikipedia.org/wiki/Valerie > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Sun Nov 17 17:21:29 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D8ED31C50F6 for ; Sun, 17 Nov 2019 17:21:29 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 47GJlq2Gmqz47YQ for ; Sun, 17 Nov 2019 17:21:27 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) (Authenticated sender: galtsev) by kicp.uchicago.edu (Postfix) with ESMTPSA id C82724E657; Sun, 17 Nov 2019 11:21:26 -0600 (CST) Subject: Re: Who mainains https://www.freebsd.org/ website? To: Polytropon Cc: FreeBSD Mailing List References: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> <20191117175057.7d05fa37.freebsd@edvax.de> From: Valeri Galtsev Message-ID: <85e3efb0-da8d-d2e1-2676-09bd00127452@kicp.uchicago.edu> Date: Sun, 17 Nov 2019 11:21:26 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <20191117175057.7d05fa37.freebsd@edvax.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47GJlq2Gmqz47YQ X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu (policy=none); spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu X-Spamd-Result: default: False [1.33 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; NEURAL_HAM_MEDIUM(-0.27)[-0.266,0]; FROM_HAS_DN(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; NEURAL_HAM_LONG(-0.63)[-0.633,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.13)[ip: (0.37), ipnet: 128.135.0.0/16(0.18), asn: 160(0.14), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 17:21:30 -0000 On 2019-11-17 10:50, Polytropon wrote: > On Sun, 17 Nov 2019 10:28:12 -0600, Valeri Galtsev wrote: >> Dear All, >> >> does someone know how to contact the maintainer of >> >> https://www.freebsd.org/ >> >> website? >> >> I opened it today for some reason, and I have noticed that "new to >> FreeBSD" clickable image blocks at least one of the supported production >> releases in my browser (my browser is latest firefox on FreeBSD >> 12.0-RELEASE workstation). In other words what I see on the fron page is: >> >> Supported Releases >> >> Production: 12.1, 12.0, >> >> - 11.3 is totally covered, just visibly not there. I'm sure I have seen >> the same in the past, and I really feel that that sort of "fanciness" of >> design of the website obscuring vital information is something that >> needs to be addressed. > > I can confirm with my older Opera version, the "1" of "11.3" is > visible, the rest is covered. Inspecting the source makes me > think the div positioning in the CSS is a bit off... > > According to the contact page https://www.freebsd.org/mailto.html > you should probably contact the webmaster team: > > Anything web related, technical stuff belongs to the scope > of the Webmaster Team, excluding bugs in the documentation. > > Check https://www.freebsd.org/administration.html#t-webmaster and > see if this matches common understanding. :-) > Thank you, Herr Polytropon. And I'm in shame for my laziness and not looking it up myself. Valeri > > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Sun Nov 17 17:44:47 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E84451C57F3 for ; Sun, 17 Nov 2019 17:44:47 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) Received: from sonic304-22.consmr.mail.ir2.yahoo.com (sonic304-22.consmr.mail.ir2.yahoo.com [77.238.179.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47GKGk22Jcz3Lrg for ; Sun, 17 Nov 2019 17:44:45 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) X-YMail-OSG: rPIdLr0VM1kQmLgGmW67qGe8hrgCZ1FyjxYcu5jolFbpsQZEJzJhqGu3MFUSRAn ZogG8Ew841xLQxaIcJiHDMuLdkIaE62jOqmOwVaiA_fPqxx5RpeKjwyJey.cvTrSFZmQCmzfTRam F0kKTFIbuVsMD2pHRI07YrO1OC0kgXHXXAWfSksUXvHjxnlCoAlwIuMVSf.tyDA4h8giJzNdSNtw AsWy0m.k.tBSDNri0J3o_TeUFZ7JMOaScvO6aHY04r2OztPnz45ivSNsBtD7ft3yC2.vNeUqlY79 s_KsIMZ_ES0MvhcxWJyoX.crWN4S68dqOkNl8OLYzNp87ZB0r5ADUY3zJTcxSvepLzake2LUPTSD e8Dtxu6CJw7lG6HryltIQOXmKivNtKkpRqICwJZB6G9Dbr1inTuhDOI6XQkf6FBPcUkeQrykHkVF eUkIrFPjNhme9ud.ad35rhS64wBQYs4NLpWxJXBNtr5brVPFlGb9OhYQXgk9rMtfvaVnIFI0DNTN g1uK3IYpDZ4v4QAAYGQIVcmg8uuJ7Wzw_kFDcxk3HOplXaFhBS8Sx5PEpJSY0nuS7epr.96g1Gpe .tZim5qLv0MVEZaynvUwjUTyY5Lyo6AQxA2FxsVMHEpGyU7AIvt94bnTr5MiLkjMNmJ9muvkI4_m fxor21XoqOoRi4p45akd4xGl1nAWs1OnCeBh.uyWqIK7nCpuiWu9R3ANC5R5web_._akVFArQHUJ oI1YFBODNMXlwoKrU8KRYKN7QCiCKlbP0I.p4M0Q0LaD2AK22Pg1nGgeIIAvOt6UfYOSilxCRmxD QK_FtM61S4dlYRwVihzx9jbI3A975MMUT5rMlGBW8X5s7U02cciW1y.i62WAqpqOi6lHngXTdOL0 9rAB49W_atQKW1j_2gAYvSXZc05VsXqIXSzRFTpZ0MV0npVnTVNoP.s7jJVTmHk5GKuITK59mUIJ t6aaSZqafylYmRRgKUcbVDbPmgwEhj.5wY8LWgpr0.ScpkDckDjUGKbkNkB_Jcq6JWnDxN1teQz1 2GU0E.rIlF9rhFl5EylZqPgTA.pKOYkaFYcKSzVHyvo7CbanVQq3YykqapK1TtY9bnf8vzNm3fus rqBepMf0QUEFPCL.1kdmXLC2v.DCJ.ob5nDEUQ1y8PfhJ5q8jylwQnHeRwpZ3YsslQSAHkWFHXpM hrjw_7pSzAAcJz0brzhm3cvqNrhV72ydONxaE.GFTFU8ZFue1C6cBcHa8NcUNniAKfpNePt1ebjA umP8zJdo0d51E4mmysResxpJ9Kx7P9F9_Emiq2toK6e11XZrysK0CHtDlEesK4zcjXU7ZjwO4DV6 WzITy_l3bJEjeebvaM3iobg7vig9ui.UF2CoTm20QMtyyJjNJd8sbRygp Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ir2.yahoo.com with HTTP; Sun, 17 Nov 2019 17:44:44 +0000 Received: by smtp430.mail.ir2.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 86cb466db09d8973ef3a25dd9cbdcc2d; Sun, 17 Nov 2019 17:44:41 +0000 (UTC) Date: Sun, 17 Nov 2019 18:44:54 +0100 From: Ralf Mardorf To: freebsd-questions@freebsd.org Subject: Re: Who mainains https://www.freebsd.org/ website? Message-ID: <20191117184454.5e69963d@archlinux> In-Reply-To: <519ef336-ce87-4acb-9c6d-1c68da518509@kicp.uchicago.edu> References: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> <20191117175505.4c6078ad@archlinux> <519ef336-ce87-4acb-9c6d-1c68da518509@kicp.uchicago.edu> X-Mailer: Claws Mail (linux) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47GKGk22Jcz3Lrg X-Spamd-Bar: +++ X-Spamd-Result: default: False [3.43 / 15.00]; XM_UA_NO_VERSION(0.01)[]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; FREEMAIL_FROM(0.00)[rocketmail.com]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[rocketmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[rocketmail.com,reject]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:34010, ipnet:77.238.176.0/22, country:GB]; IP_SCORE(0.00)[ip: (4.75), ipnet: 77.238.176.0/22(2.25), asn: 34010(1.77), country: GB(-0.08)]; FREEMAIL_ENVFROM(0.00)[rocketmail.com]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[rocketmail.com:s=s2048]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; NEURAL_SPAM_MEDIUM(0.94)[0.937,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE_FREEMAIL(0.00)[]; NEURAL_SPAM_LONG(0.98)[0.981,0]; RCVD_IN_DNSWL_NONE(0.00)[147.179.238.77.list.dnswl.org : 127.0.5.0]; RWL_MAILSPIKE_POSSIBLE(0.00)[147.179.238.77.rep.mailspike.net : 127.0.0.17]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 17:44:48 -0000 On Sun, 17 Nov 2019 11:19:35 -0600, Valeri Galtsev wrote: >You will see that with resizing of window >darn clickable image floats separately above the rest of the page and >can block some information. Oops, I can confirm this. The "New to FreeBSD item" as well as the "SHORTCUTS" item easily could become nasty when shrinking the window. From owner-freebsd-questions@freebsd.org Mon Nov 18 04:27:28 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 920E41B4133 for ; Mon, 18 Nov 2019 04:27:28 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 47GbXH6pnRz3DfF for ; Mon, 18 Nov 2019 04:27:27 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from [IPv6:2607:fb90:a230:c53:1c1:e24e:c63b:661e] (unknown [172.58.142.214]) (Authenticated sender: galtsev) by kicp.uchicago.edu (Postfix) with ESMTPSA id C77AE4E657; Sun, 17 Nov 2019 22:21:30 -0600 (CST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\)) Subject: Re: Who mainains https://www.freebsd.org/ website? From: Valeri Galtsev In-Reply-To: <20191118043838.7aeb586e.freebsd@edvax.de> Date: Sun, 17 Nov 2019 22:21:29 -0600 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> <20191117175505.4c6078ad@archlinux> <519ef336-ce87-4acb-9c6d-1c68da518509@kicp.uchicago.edu> <20191118043838.7aeb586e.freebsd@edvax.de> To: Polytropon X-Mailer: Apple Mail (2.3601.0.10) X-Rspamd-Queue-Id: 47GbXH6pnRz3DfF X-Spamd-Bar: +++++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu (policy=none); spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu X-Spamd-Result: default: False [9.79 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[214.142.58.172.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_XBL(5.00)[214.142.58.172.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.4]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; IP_SCORE(0.19)[ip: (0.54), ipnet: 128.135.0.0/16(0.27), asn: 160(0.21), country: US(-0.05)]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; NEURAL_SPAM_MEDIUM(1.00)[0.995,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[1.000,0]; RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; GREYLIST(0.00)[pass,body]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2019 04:27:28 -0000 > On Nov 17, 2019, at 9:38 PM, Polytropon wrote: >=20 > On Sun, 17 Nov 2019 11:19:35 -0600, Valeri Galtsev wrote: >>> first of all my apologise, since a while ago I assumed you are = female, >>> since Valeri is a German female name [1], but after taking a look at >>> https://kicp.uchicago.edu I noticed my mistake. >>>=20 >>> Using $ firefox -v Mozilla Firefox 70.0.1 on Arch Linux everything = is >>> ok, see the attached screenshot. >>=20 >> I will not attach the snapshot of what I see (as we are communicating=20= >> through mail list), but try grabbing right bottom corner of the = browser=20 >> window, and move that around. You will see that with resizing of = window=20 >> darn clickable image floats separately above the rest of the page and=20= >> can block some information. That IMHO is not appropriate for website=20= >> where INFORMATION is paramount, not a cool look. >=20 > This is something typical today. Screens are big. They have > more X than Y, so horizontal alignment does _assume_ a certain > image width. Nobody seems to understand that there are devices > that do not have 2048px width. Design choices, even though > claiming to be "responsive", primarily concentrate on two > device types: mobile, with one column, and desktop, with three > columns (that's why "all modern websites look the same" is > a valid impression). >=20 > So if you use a browser window _not_ in fullscreen, and set it > to something like 1024x768, you can see the "shifting" of the > hovering elements - to cover actual page content and links. > You can even see text elements "floating into each other", here, > the "Shortcuts" and "Supported Releases" lists, partially covered > by the "New to FreeBSD?" grey box. >=20 > Yes, I've also tried that on FreeBSD 12 with a current Firefox > version. >=20 > It's simply a matter of CSS (or its interpretation by the browser) > not doing what the designer intended, because "all browsers work > the same" and "all audience have big screens" simply isn't true. > The web isn't a pixel-perfect medium (such as print would be). > Maybe some designers have a hard time understanding this, because > they are used to "looks good on my machine" just as some developers > will always fall into the "compiles on my machine" or "works on my > machine" trap. >=20 >=20 >=20 > On Sun, 17 Nov 2019 18:44:54 +0100, Ralf Mardorf via freebsd-questions = wrote: >> Oops, I can confirm this. The "New to FreeBSD item" as well as the >> "SHORTCUTS" item easily could become nasty when shrinking the window. >=20 > Seems to "work" (but probably not as expected by the designer) > with different browsers, tried Chrome and Opera and Firefox. > This probably is because they all have a different understanding > of what and where "100%" is, as well as simply missing a proper > strategy on how to deal with window sizes (and I'm not primarily > talking about screen sizes - not everyone runs browsers in=20 > fullscreen all the time!) smaller than what the designer's > high-res Macbook offers... :-) >=20 >=20 >=20 > On Sun, 17 Nov 2019 11:19:35 -0600, Valeri Galtsev wrote: >> PS My first name originated from Russia, where it is mostly male = given=20 >> name (so my parents were not crazy giving me that name), some females=20= >> have the same name (modified to indicate female). As far as I know = the=20 >> name came to Russia from France where it is both female and male = name. >=20 > The name Valeri =3D BAJIEPNN~ is derived from the latin VALERIUS, > VALERE, and means something along "healthy" or "to be strong". > The russian form sometimes transcribed as "Valerij" (BAJIEPNN~) > is masculine, the female form "Valeriya" (BAJIEPNR) is feminine, > just like "Valerie" or "Valeria". >=20 >=20 >=20 >> The spelling Valeri was made from cyrillic (and was acceptable) when = I=20 >> published my first paper in English language based journal (my = earlier=20 >> publications were in Russian). The spelling was acceptable conversion=20= >> from cyrillic as one of the options, including when my passport in=20 >> English language was issued. >=20 > "Valeri" is the typical transcription of BAJIEPNN~ into the > english-centered world; the german equivalent also offers the > form "Waleri" (for example, Waleri Bykowski), both are omitting > the trailing N~ (imagine a little u on top of a mirrored N which > forms the masculine "adjective" endings -NN~ or -bIN~). >=20 > The surname, ending in the masculine form, indicates a man. > A similar woman's name would probably be "Valeriya Galtseva". >=20 > Enough school time for today. > There's nothing wrong with your name. ;-) >=20 I for one know that. But everyone who tries to tell otherwise in my face = risks getting punched in the stomack ;-) Just kiddin' >=20 >=20 >=20 > --=20 > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Mon Nov 18 05:26:41 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF9091B4FFE for ; Mon, 18 Nov 2019 05:26:41 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Gcrc4Sqjz4g8p for ; Mon, 18 Nov 2019 05:26:40 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([178.12.39.179]) by mrelayeu.kundenserver.de (mreue107 [212.227.15.183]) with ESMTPA (Nemesis) id 1My3In-1heZiO0o8d-00zUZJ; Mon, 18 Nov 2019 04:38:43 +0100 Date: Mon, 18 Nov 2019 04:38:38 +0100 From: Polytropon To: Valeri Galtsev Cc: freebsd-questions@freebsd.org Subject: Re: Who mainains https://www.freebsd.org/ website? Message-Id: <20191118043838.7aeb586e.freebsd@edvax.de> In-Reply-To: <519ef336-ce87-4acb-9c6d-1c68da518509@kicp.uchicago.edu> References: <40e2a202-3dd2-9c74-94b9-2c703c5afaf8@kicp.uchicago.edu> <20191117175505.4c6078ad@archlinux> <519ef336-ce87-4acb-9c6d-1c68da518509@kicp.uchicago.edu> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:7bV+3FrNDVRZyITV2aEp0Uxc86NgXMNLyEtR8YpzRNsmCn4RZl6 zvS2csGY3wPmHnMizhFxu63rNKRFkowclAN8EZaRJq/Z49NAbZqTAXEP26ChMNqMzkbheYa qUPVorv8wHz+WLRrha8ShHYZuUKW8fcmivXo27Eoks3u117E5Dm7bVd/sn+RH4d4vBmHb5s Nw+frpuVSXA0tgQbqs6yw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:cfh1Ml0bOkY=:n3aMhtGUI/sHCxrk5+EhfE shuBhs2iavoxbDuiIizbhJY2RaY+OnhMMLqvNnFJ5jntUOHe+hXFzYXqzpw+oPYi2Km+wmAva Atpfv0r3awnjhV1d45FiHVu0/eKyZBynW05Fp4ezEndVQw5tAcNmH3nEq1Zm0I3EcSwtHR4SA RFSLFRydoG/dsNHgVkpnnitEpx1Gw0acm6Gvatc64oAt4rL7E9lZOBhzvmnH33euFT2uxb6ps Ewnx8wSPu9C/ioeSTmSiB8+wmBUAHI5II9GLolUx7umsJmdFqCrfKKugC5OVwkZB+1nz/61NL WvRsjFGBmplnbyjsX1pN8/f8YpA6nKksEkgsXx92MuNY+cd9TVeJfYuWjDQ5qi/KfNUVMdmBu h00Ng86iplsLnL8743WwFmwU2kIXadkNMTNXAq+1PGOjcvbYtrvwx1c94YfQ9Qoi6taXZYp39 CPm/UFodLW5FyVAvsgnj2XSpq9G6ioR1KlDMttjHoE+sYyiD3bFjQSeFRUU+sE0b0k5ZNBqRC NAPA4HxFUlqqwD5QacvNbG5rM11MnWiFojLSlNsAPP70+oUQM9O8eUlnDL1RFRAS3olUk+Rgz yvn3TSZcscIcHax5j4IBXxPU0BDHjfYMx/IFpeTG1PlnA4eJkLbkLcWHnC+T66XkSDlIawj8u 6mkU4XPhj88dHkhmGk/ZgD1DpljWCnLCdPCePO1CpJgfsCFfd81lAWWw96AqYdO/V3M9Mje2+ Q+GFiTEVIdHFs1mG7o3P+azk/lgtltIlK+1dI9ymqEuNTM0iLzvTLP+jRfKFLpkQdNkpL/F9U PUwBK0L6YVfbYLqHIYcwdxn1YK54pslBwALGB1+2G9AyJ1sNjuAoJkww3FB2YOdGDMXvg1Mk6 UY1udVGQd1fEOU0cUT6w== X-Rspamd-Queue-Id: 47Gcrc4Sqjz4g8p X-Spamd-Bar: ++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 217.72.192.74) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [6.59 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RECEIVED_SPAMHAUS_PBL(0.00)[179.39.12.178.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8560, ipnet:217.72.192.0/20, country:DE]; SUBJECT_ENDS_QUESTION(1.00)[]; ARC_NA(0.00)[]; URL_IN_SUBJECT(1.00)[www.freebsd.org]; REPLYTO_EQ_FROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.82)[0.815,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[1.000,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[74.192.72.217.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; GREYLIST(0.00)[pass,body]; IP_SCORE(0.37)[ip: (-0.69), ipnet: 217.72.192.0/20(0.26), asn: 8560(2.30), country: DE(-0.01)] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2019 05:26:42 -0000 On Sun, 17 Nov 2019 11:19:35 -0600, Valeri Galtsev wrote: > > first of all my apologise, since a while ago I assumed you are female, > > since Valeri is a German female name [1], but after taking a look at > > https://kicp.uchicago.edu I noticed my mistake. > > > > Using $ firefox -v Mozilla Firefox 70.0.1 on Arch Linux everything is > > ok, see the attached screenshot. > > I will not attach the snapshot of what I see (as we are communicating > through mail list), but try grabbing right bottom corner of the browser > window, and move that around. You will see that with resizing of window > darn clickable image floats separately above the rest of the page and > can block some information. That IMHO is not appropriate for website > where INFORMATION is paramount, not a cool look. This is something typical today. Screens are big. They have more X than Y, so horizontal alignment does _assume_ a certain image width. Nobody seems to understand that there are devices that do not have 2048px width. Design choices, even though claiming to be "responsive", primarily concentrate on two device types: mobile, with one column, and desktop, with three columns (that's why "all modern websites look the same" is a valid impression). So if you use a browser window _not_ in fullscreen, and set it to something like 1024x768, you can see the "shifting" of the hovering elements - to cover actual page content and links. You can even see text elements "floating into each other", here, the "Shortcuts" and "Supported Releases" lists, partially covered by the "New to FreeBSD?" grey box. Yes, I've also tried that on FreeBSD 12 with a current Firefox version. It's simply a matter of CSS (or its interpretation by the browser) not doing what the designer intended, because "all browsers work the same" and "all audience have big screens" simply isn't true. The web isn't a pixel-perfect medium (such as print would be). Maybe some designers have a hard time understanding this, because they are used to "looks good on my machine" just as some developers will always fall into the "compiles on my machine" or "works on my machine" trap. On Sun, 17 Nov 2019 18:44:54 +0100, Ralf Mardorf via freebsd-questions wrote: > Oops, I can confirm this. The "New to FreeBSD item" as well as the > "SHORTCUTS" item easily could become nasty when shrinking the window. Seems to "work" (but probably not as expected by the designer) with different browsers, tried Chrome and Opera and Firefox. This probably is because they all have a different understanding of what and where "100%" is, as well as simply missing a proper strategy on how to deal with window sizes (and I'm not primarily talking about screen sizes - not everyone runs browsers in fullscreen all the time!) smaller than what the designer's high-res Macbook offers... :-) On Sun, 17 Nov 2019 11:19:35 -0600, Valeri Galtsev wrote: > PS My first name originated from Russia, where it is mostly male given > name (so my parents were not crazy giving me that name), some females > have the same name (modified to indicate female). As far as I know the > name came to Russia from France where it is both female and male name. The name Valeri = BAJIEPNN~ is derived from the latin VALERIUS, VALERE, and means something along "healthy" or "to be strong". The russian form sometimes transcribed as "Valerij" (BAJIEPNN~) is masculine, the female form "Valeriya" (BAJIEPNR) is feminine, just like "Valerie" or "Valeria". > The spelling Valeri was made from cyrillic (and was acceptable) when I > published my first paper in English language based journal (my earlier > publications were in Russian). The spelling was acceptable conversion > from cyrillic as one of the options, including when my passport in > English language was issued. "Valeri" is the typical transcription of BAJIEPNN~ into the english-centered world; the german equivalent also offers the form "Waleri" (for example, Waleri Bykowski), both are omitting the trailing N~ (imagine a little u on top of a mirrored N which forms the masculine "adjective" endings -NN~ or -bIN~). The surname, ending in the masculine form, indicates a man. A similar woman's name would probably be "Valeriya Galtseva". Enough school time for today. There's nothing wrong with your name. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Tue Nov 19 03:15:04 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CEAA7179DEE for ; Tue, 19 Nov 2019 03:15:04 +0000 (UTC) (envelope-from freebsd@chthonixia.net) Received: from mail1.g14.pair.com (mail1.g14.pair.com [66.39.4.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47H9tH52wHz3QC6 for ; Tue, 19 Nov 2019 03:15:03 +0000 (UTC) (envelope-from freebsd@chthonixia.net) Received: from mail1.g14.pair.com (localhost [127.0.0.1]) by mail1.g14.pair.com (Postfix) with ESMTP id B338CA6D9C for ; Mon, 18 Nov 2019 22:15:01 -0500 (EST) Received: from chthonixia.chthonixia.net (cpe-74-64-59-0.nyc.res.rr.com [74.64.59.0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.g14.pair.com (Postfix) with ESMTPSA id 9CA5AA6D99 for ; Mon, 18 Nov 2019 22:15:01 -0500 (EST) Date: Mon, 18 Nov 2019 22:15:00 -0500 From: "Joe A." To: freebsd-questions@freebsd.org Subject: LLVM 9 versus LLVM 8 Message-ID: <20191119031500.GB1012@chthonixia.chthonixia.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47H9tH52wHz3QC6 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@chthonixia.net has no SPF policy when checking 66.39.4.16) smtp.mailfrom=freebsd@chthonixia.net X-Spamd-Result: default: False [-1.32 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[0.59.64.74.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.97)[-0.973,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[chthonixia.net]; NEURAL_HAM_MEDIUM(-0.91)[-0.912,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[16.4.39.66.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7859, ipnet:66.39.0.0/17, country:US]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-0.24)[asn: 7859(-1.13), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 03:15:04 -0000 Greetings.... My current machine's state: FreeBSD 12.0-RELEASE-p11 r354060 CHTHONIXIA amd64 Recently, LLVM was updated to version 9. I do not recall why; but I think some port required version 9. Since 9 appeared to become the default version I deinstalled 8, assuming LLVM 9 was preferred. But now I'm not sure if LLVM 9 was set to the default version for Freebsd, or even if it is needed. Now I need to update firefox, which attempts to install LLVM 8. Can I dispense with LLVM 9 by a deinstall, and depend on LLVM 8 for a functioning, X-enabled, desktop? Or must I have both LLVM 8 and 9 as things stand now for 12.1? Thanks, Joe From owner-freebsd-questions@freebsd.org Tue Nov 19 05:27:18 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5C43817D4FE for ; Tue, 19 Nov 2019 05:27:18 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47HDpr2vPHz41sb for ; Tue, 19 Nov 2019 05:27:15 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([94.222.13.166]) by mrelayeu.kundenserver.de (mreue009 [212.227.15.167]) with ESMTPA (Nemesis) id 1MsI0I-1hhqr92tzu-00tofI; Tue, 19 Nov 2019 06:27:09 +0100 Date: Tue, 19 Nov 2019 06:27:05 +0100 From: Polytropon To: "Joe A." Cc: freebsd-questions@freebsd.org Subject: Re: LLVM 9 versus LLVM 8 Message-Id: <20191119062705.36cc778f.freebsd@edvax.de> In-Reply-To: <20191119031500.GB1012@chthonixia.chthonixia.net> References: <20191119031500.GB1012@chthonixia.chthonixia.net> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:7k9m5huHJ/pInNftEBUEZtFNzOj4RcJ7ihpxgR5dehBiIEfgwWu gJ+eMgGQZdht6gHiznLRV/a3OnzT6F4qcsvCzPnfF8Tb2mrLl9k9y07qx1EFGOE+H6vq6HT vOLQ334+78wbcibxGOKQKvrvJ/uWGIKyRKculg5R9VG4AGvzSBgERFR6mA0hyxosFsku79l JusElYPZYuMjHJZRa6TMA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:IIuhiZbIHw4=:TEm51ivc4UbuJ/Sz4mCi7l UYAixB3uWoNWXbvlOQpW1srVQY1BqeFaYdznQjfED9TzICV4oQvo91MOlt4J6CFUMoRk/HQrS E1Hxj8heby67/I4e+xgKwlLYkJ44NvqbKd4c/GbRlhx1zHRhnxikAC+LcfkzcjsDvjjL1uO29 I69ZY4J+hGWtJ6d4Rs330t97H8hEfFkQPpz2M6Gz/BxXo7N7UT099VXA2DzzyB1gYB1iWFv0Y bK1ZI7L7SHnc8rxEyJbSL7S1NclyqgnJBKl+JX8o4Hd7M5Ei0gcFt8f6OJaqRYtWkyzN5t4pB jDSbZBRnpoWvRk0urc7QUAGbVi9NzhsB14/hZlFKgvyH5gHQ9B/wD+vrxWZL9eyxRLfa0kNTt BpXC6tUV9Bd7kF1cyMui9xGD+gU5yZYfNgSa+geo5J4Q8LTNNCXm3hEh5r9IRWWVWSmo5y8Dz VKvuDdjSOjkRoQIYPiAqQGtocHh3TQdAqJ4s9qb/lxd6GHNPNDovSEaO1SxmCGVEA9y9AcaqM 1NaRTUOffRf1apWbGaafMKck7jWQohjlhUjJ6QUkUpAHJWUIwPSsryADm1WGAS/EGSNlnmBVP +OFOqFRTtmDO8JQ5MBCnh9Rm7josSSuRiBFtkfVCLT3vr0L6qgP7MN+ABNP/aoY1Bwh1E0cEP aWTAahLKNlQw3Gg141Fuy41J4zf8R+BYhqpX1tCeeA6hXwA6fUinkfSGJcFUjwgz/cmTcQ1Lf jikfxcYvWcg7+m1xmgpNutsVD81qjB/z/UvNb94mey9wznwwvAlzlb2/gRvz53kQh65TfrQoY 37cGhSLzVnfdXXDywOhwYxKWFPmEzkyE493D/WVxWms/Y0iDfJN8j0wj1iWYgbKb43gEwRdVe E/hdYGmcgbbjBsRxpC+g== X-Rspamd-Queue-Id: 47HDpr2vPHz41sb X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.126.131) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [3.80 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[166.13.222.94.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.15)[0.149,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.74)[0.738,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[131.126.227.212.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(0.52)[ip: (1.55), ipnet: 212.227.0.0/16(-1.26), asn: 8560(2.31), country: DE(-0.01)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 05:27:18 -0000 On Mon, 18 Nov 2019 22:15:00 -0500, Joe A. wrote: > My current machine's state: > > FreeBSD 12.0-RELEASE-p11 r354060 CHTHONIXIA amd64 > > Recently, LLVM was updated to version 9. I do not recall why; but I think > some port required version 9. Since 9 appeared to become the default > version I deinstalled 8, assuming LLVM 9 was preferred. > > But now I'm not sure if LLVM 9 was set to the default version for > Freebsd, or even if it is needed. > > Now I need to update firefox, which attempts to install LLVM 8. > > Can I dispense with LLVM 9 by a deinstall, and depend on LLVM 8 for a > functioning, X-enabled, desktop? Or must I have both LLVM 8 and 9 as > things stand now for 12.1? If I understand things correctly, situation is the following: The OS compiler, needed by the OS, primarily for updating from /usr/src, is the newer LLVM version, bundled with the install. A renewal of the OS build process might force a higher version of the compiler, for example, by obtaining its sources, building it, and then using it to build further sources ("self-hosting"). This is the compiler that will be used whenever you call "cc" without being more specific. The Firefox port defines the older LLVM version as a build dependency, required for _building_ (not _running_) the port. So it will install it whenever it's missing. The port will use the compiler that it requires (after making it available by installing it as a build dependency and then returning to its own build process). So in the end, you have one compiler in the OS (default one), and one compiler as 3rd party software. You could of couse have even more compilers, for example, more than one GCC version installed by ports that require them for building... :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Tue Nov 19 14:19:20 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 594B51B4447 for ; Tue, 19 Nov 2019 14:19:20 +0000 (UTC) (envelope-from freebsd@chthonixia.net) Received: from mail1.g14.pair.com (mail1.g14.pair.com [66.39.4.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47HScl26sjz4Xm4 for ; Tue, 19 Nov 2019 14:19:18 +0000 (UTC) (envelope-from freebsd@chthonixia.net) Received: from mail1.g14.pair.com (localhost [127.0.0.1]) by mail1.g14.pair.com (Postfix) with ESMTP id 0C4D9A6D60; Tue, 19 Nov 2019 09:19:17 -0500 (EST) Received: from chthonixia.chthonixia.net (cpe-74-64-59-0.nyc.res.rr.com [74.64.59.0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.g14.pair.com (Postfix) with ESMTPSA id E2212A6D4C; Tue, 19 Nov 2019 09:19:16 -0500 (EST) Date: Tue, 19 Nov 2019 09:19:14 -0500 From: "Joe A." To: freebsd-questions@freebsd.org Cc: Polytropon Subject: Re: LLVM 9 versus LLVM 8 Message-ID: <20191119141914.GA2535@chthonixia.chthonixia.net> References: <20191119031500.GB1012@chthonixia.chthonixia.net> <20191119062705.36cc778f.freebsd@edvax.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191119062705.36cc778f.freebsd@edvax.de> User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47HScl26sjz4Xm4 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@chthonixia.net has no SPF policy when checking 66.39.4.16) smtp.mailfrom=freebsd@chthonixia.net X-Spamd-Result: default: False [-1.41 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[0.59.64.74.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.991,0]; NEURAL_HAM_LONG(-0.98)[-0.982,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[chthonixia.net]; AUTH_NA(1.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[16.4.39.66.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7859, ipnet:66.39.0.0/17, country:US]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-0.24)[asn: 7859(-1.13), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 14:19:20 -0000 On Tue, Nov 19, 2019 at 06:27:05AM +0100, Polytropon wrote: > > If I understand things correctly, situation is the following: > > The OS compiler, ... > Now I understand. Thanks! Joe From owner-freebsd-questions@freebsd.org Tue Nov 19 18:00:14 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A41A1B9968 for ; Tue, 19 Nov 2019 18:00:14 +0000 (UTC) (envelope-from news@mips.inka.de) Received: from mail.inka.de (mail.inka.de [IPv6:2a04:c9c7:0:1073:217:a4ff:fe3b:e77c]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47HYWd5QHNz3Gmm for ; Tue, 19 Nov 2019 18:00:13 +0000 (UTC) (envelope-from news@mips.inka.de) Received: from mips.inka.de (news@[127.0.0.1]) by mail.inka.de with uucp (rmailwrap 0.5) id 1iX7nJ-0005NV-MK; Tue, 19 Nov 2019 19:00:05 +0100 Received: from lorvorc.mips.inka.de (localhost [127.0.0.1]) by lorvorc.mips.inka.de (8.15.2/8.15.2) with ESMTP id xAJHvt6r029177 for ; Tue, 19 Nov 2019 18:57:55 +0100 (CET) (envelope-from news@lorvorc.mips.inka.de) Received: (from news@localhost) by lorvorc.mips.inka.de (8.15.2/8.15.2/Submit) id xAJHvtjg029176 for freebsd-questions@freebsd.org; Tue, 19 Nov 2019 18:57:55 +0100 (CET) (envelope-from news) To: freebsd-questions@freebsd.org From: Christian Weisgerber Newsgroups: list.freebsd.questions Subject: Re: Change openssh private key order Date: Tue, 19 Nov 2019 17:57:55 -0000 (UTC) Message-ID: References: <373c4623-d68b-7097-c532-288089df770a@bluerosetech.com> User-Agent: slrn/1.0.3 (FreeBSD) X-Rspamd-Queue-Id: 47HYWd5QHNz3Gmm X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of news@mips.inka.de has no SPF policy when checking 2a04:c9c7:0:1073:217:a4ff:fe3b:e77c) smtp.mailfrom=news@mips.inka.de X-Spamd-Result: default: False [3.67 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_MEDIUM(0.94)[0.944,0]; NEURAL_SPAM_LONG(0.99)[0.988,0]; DMARC_NA(0.00)[inka.de]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[naddy@mips.inka.de,news@mips.inka.de]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:202113, ipnet:2a04:c9c7::/32, country:DE]; FROM_NEQ_ENVFROM(0.00)[naddy@mips.inka.de,news@mips.inka.de]; IP_SCORE(0.53)[ip: (1.41), ipnet: 2a04:c9c7::/32(0.71), asn: 202113(0.57), country: DE(-0.01)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 18:00:14 -0000 On 2019-11-07, Mel Pilgrim wrote: > I have rsa keys and an ed25519 keys. They're both made available via an > ssh-agent. All keys are in the authorized_keys files of the servers in > question except for a few legacy cases that only have the rsa keys due > to lacking ed25519 support. > > I want the connections to prefer the ed25519 keys over the rsa keys, but > looking at debug output, the RSA keys are always tried first. The keys are offered to the remote host in the order in which they are held in ssh-agent. If you load the Ed25519 key first... $ ssh-add .ssh/id_ed25519 .ssh/id_rsa ... it will be preferred over the RSA key. -- Christian "naddy" Weisgerber naddy@mips.inka.de From owner-freebsd-questions@freebsd.org Wed Nov 20 07:52:10 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF96E1AC660 for ; Wed, 20 Nov 2019 07:52:10 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from tamanoir.foucry.net (boulangerie.foucry.net [62.210.131.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47HvzY4M5Wz4ShT for ; Wed, 20 Nov 2019 07:52:09 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from tamanoir.foucry.net (localhost [127.0.0.1]) by tamanoir.foucry.net (Postfix) with ESMTP id 9508925A5 for ; Wed, 20 Nov 2019 08:52:00 +0100 (CET) X-Virus-Scanned: amavisd-new at foucry.net Received: from tamanoir.foucry.net ([127.0.0.1]) by tamanoir.foucry.net (mail.foucry.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSKD9Y78palb for ; Wed, 20 Nov 2019 08:51:59 +0100 (CET) Received: from mithril.localdomain (dontpanic.foucry.net [80.67.176.134]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by tamanoir.foucry.net (Postfix) with ESMTPSA id 7322525A4 for ; Wed, 20 Nov 2019 08:51:59 +0100 (CET) Received: from foucry.net (localhost [127.0.0.1]) by mithril.localdomain (Postfix) with ESMTP id EDBD911727 for ; Wed, 20 Nov 2019 08:52:00 +0100 (CET) Date: Wed, 20 Nov 2019 08:52:00 +0100 From: Jacques Foucry To: freebsd-questions@freebsd.org Subject: 12-1-RELEASE Cups and Lexmark printer Message-ID: <20191120075200.GB1795@foucry.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47HvzY4M5Wz4ShT X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=foucry.net (policy=none); spf=none (mx1.freebsd.org: domain of jacques@foucry.net has no SPF policy when checking 62.210.131.96) smtp.mailfrom=jacques@foucry.net X-Spamd-Result: default: False [-2.34 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.34)[ip: (-1.79), ipnet: 62.210.0.0/16(-0.03), asn: 12876(0.11), country: FR(-0.00)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; RCVD_TLS_LAST(0.00)[]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12876, ipnet:62.210.0.0/16, country:FR]; TAGGED_FROM(0.00)[freebsd]; MID_RHS_MATCH_FROM(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[foucry.net : No valid SPF, No valid DKIM,none] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 07:52:11 -0000 Hello there, I have a issue with cups. My laptop (ThinkPad X280) run FreeBSD 12.1-RELEASE. Cups version is 2.2.12. The printer is a Lexmark MB2236. I downloaded the PPD and install them with the provided shell script. Cupsd is lanched, and I can create my printer with the web interface. But I cannot print anything, even the test page. The result is "File not found". Which file, I don't know. I had to create manually /usr/lib/cups/filter. Before, with 12.0-RELEASE-p10 it was running well. There was some files in /usr/local/lib/cups. To make cups running I made a symlink between /usr/local/lib/cups and /usr/lib/ With 12.1-RELEASE, no more files or directory in /usr/local/lib (for cups). Is somebody could help me? I am lost with this problem. Thanks is advance. -- Jacques Foucry From owner-freebsd-questions@freebsd.org Wed Nov 20 08:53:18 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4E8CF1AF2E2 for ; Wed, 20 Nov 2019 08:53:18 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: from mailrelay103.isp.belgacom.be (mailrelay103.isp.belgacom.be [195.238.20.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay.skynet.be", Issuer "GlobalSign RSA OV SSL CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47HxL56Bg8z4XL3 for ; Wed, 20 Nov 2019 08:53:17 +0000 (UTC) (envelope-from tijl@freebsd.org) IronPort-SDR: WyEvIJAQXPDCIwZJ0x7tn0lOoOrhuaSNH3YDtDAjEX0mUa0dizcpx2R7mSMUBu4NIeQfMwFHNZ KySlv4G258aUl8wJa53dNS7ZhbexVmEMxkaB/U0XHeEoMYSLUX1PN7+6ve6zINrO8w9jnl9Kl9 Ff4ENR/mMCMYn6mTDcTKAfZG7VHsI1GyTblGUu+UtZyrJzgFATiGn9/Xknl8lgerRWou+WoaeV 318sZQWaQYO6ZatV6lAmBBCWXGb1Pdz+10eNYP1IrxpQkBC0o0YGyfnr9EglEfroDmrJlK84X1 qRI= X-Belgacom-Dynamic: yes X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2BDAAAL/tRd/zlFQFdlGwEBAQEBAQE?= =?us-ascii?q?FAQEBEQEBAwMBAQGBawUBAQELAYIfWWchEiqNLYYHAYIPNQGKHY5bgXsJAQE?= =?us-ascii?q?CAQEBAQE3AQGEQAKCIyc1CA4CAwEBCwEBBQEBAQEBBQRthGtYhVIBBTocIxA?= =?us-ascii?q?LGAklD0gGE4YesWyFToNsgRCBNgGFGocSgX+EIz6KMwSWW5dOgjWVQyeZHnO?= =?us-ascii?q?qTAE2gVhNMAiDJ1ARFJ9hQAMwjzkBAQ?= X-IPAS-Result: =?us-ascii?q?A2BDAAAL/tRd/zlFQFdlGwEBAQEBAQEFAQEBEQEBAwMBA?= =?us-ascii?q?QGBawUBAQELAYIfWWchEiqNLYYHAYIPNQGKHY5bgXsJAQECAQEBAQE3AQGEQ?= =?us-ascii?q?AKCIyc1CA4CAwEBCwEBBQEBAQEBBQRthGtYhVIBBTocIxALGAklD0gGE4Yes?= =?us-ascii?q?WyFToNsgRCBNgGFGocSgX+EIz6KMwSWW5dOgjWVQyeZHnOqTAE2gVhNMAiDJ?= =?us-ascii?q?1ARFJ9hQAMwjzkBAQ?= Received: from 57.69-64-87.adsl-dyn.isp.belgacom.be (HELO kalimero.tijl.coosemans.org) ([87.64.69.57]) by relay.skynet.be with ESMTP; 20 Nov 2019 09:53:15 +0100 Received: from localhost (localhost [127.0.0.1]) by kalimero.tijl.coosemans.org (8.15.2/8.15.2) with ESMTP id xAK8rEhb022284; Wed, 20 Nov 2019 09:53:14 +0100 (CET) (envelope-from tijl@FreeBSD.org) Date: Wed, 20 Nov 2019 09:53:13 +0100 From: =?UTF-8?B?VMSzbA==?= Coosemans To: Jacques Foucry Cc: freebsd-questions@freebsd.org Subject: Re: 12-1-RELEASE Cups and Lexmark printer Message-ID: <20191120095313.3adc6452@FreeBSD.org> In-Reply-To: <20191120075200.GB1795@foucry.net> References: <20191120075200.GB1795@foucry.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47HxL56Bg8z4XL3 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.93 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.97)[-0.966,0]; NEURAL_HAM_LONG(-0.97)[-0.968,0]; TAGGED_RCPT(0.00)[freebsd]; ASN(0.00)[asn:5432, ipnet:195.238.0.0/19, country:BE] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 08:53:18 -0000 On Wed, 20 Nov 2019 08:52:00 +0100 Jacques Foucry wrote: > Hello there, > > I have a issue with cups. > > My laptop (ThinkPad X280) run FreeBSD 12.1-RELEASE. > Cups version is 2.2.12. > The printer is a Lexmark MB2236. > > I downloaded the PPD and install them with the provided shell script. > > Cupsd is lanched, and I can create my printer with the web interface. > > But I cannot print anything, even the test page. The result is "File not found". > Which file, I don't know. > > I had to create manually /usr/lib/cups/filter. > > Before, with 12.0-RELEASE-p10 it was running well. There was some files in > /usr/local/lib/cups. > To make cups running I made a symlink between /usr/local/lib/cups and /usr/lib/ > > With 12.1-RELEASE, no more files or directory in /usr/local/lib (for cups). > > Is somebody could help me? > I am lost with this problem. > > Thanks is advance. Try installing cups-filters. From owner-freebsd-questions@freebsd.org Wed Nov 20 16:30:20 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 15A471BB1B0 for ; Wed, 20 Nov 2019 16:30:20 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47J7TR5FK1z41mf; Wed, 20 Nov 2019 16:30:19 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([94.222.13.166]) by mrelayeu.kundenserver.de (mreue108 [212.227.15.183]) with ESMTPA (Nemesis) id 1MaIzb-1iIoJ63sNZ-00WDJE; Wed, 20 Nov 2019 17:30:06 +0100 Date: Wed, 20 Nov 2019 17:30:02 +0100 From: Polytropon To: =?UTF-8?B?VMSzbA==?= Coosemans Cc: Jacques Foucry , freebsd-questions@freebsd.org Subject: Re: 12-1-RELEASE Cups and Lexmark printer Message-Id: <20191120173002.9e604316.freebsd@edvax.de> In-Reply-To: <20191120095313.3adc6452@FreeBSD.org> References: <20191120075200.GB1795@foucry.net> <20191120095313.3adc6452@FreeBSD.org> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:dD+Wac7pmCUkcXTH6YNtpjeRKMZAurSwoIkDah0mqUwREX7x1HV pDjwl0Z98b0hS8/d6mMsec0wWpp1F3a/NRiiNTwzDDPaKiOWdJWQmMACFJl9a4kUptcfAnw CG5rzuwzWm1ZvwdOZdcAvCWLvzgnZ+nheel0ZiagrTc+d3yml3O8tNpJ8b740+xF+w5aIPL MB6Ttb2WOlJcihvlIggrg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:3jpKufhZbbg=:TmQEjmc07DI/askPZkd2bO plH03w9krY37nkG+Ex1KPExpiL6EMMu4LjOe2GwSbuSpNAfAa5muDVS6mK00hIALXVQq8Zps7 GOlKmFMXXmLkkQXZ0rHdDkafIpNkyaMsH7QFaAZUkeMnqlbfdOQl55Qdxq00eZHkXA4B747ve 9k+ZRDF3/eQ1TZZtZhr8eWzeELbdGZ1QQsmXl+32Zzhr211KeNelBmQVKxl2RotrYLz5vm0UL QolSYRN86RBL/Tl26uuXViINuVv03cGcapjYAqmL5hnZiM2ZOeQaSLcwbQvpa5LRY7dX+TddB fBus/V0vvJhb1IakFFjE+XSAA2/czMi7qVfkd9TTsFntKdRh/bX3N0Jf8cFVUs8E00n9kOb0b XXuvQODnRJQMCmj81fqjnbYuQUhoU9LMOWkGcnAe3Oi5LeE+qwD8fWKXXUTK0Wgq8vRi3RCp3 TSEzP1FufkbWC/rMlYTfaLHZqUBvP2GYlHUA0vPwRqIsenStOGXUw2zzev4A4xrVAknHq3Vjp tHyauyyi2YsQ6zgRE+pES6QUo+/8CfE+LnLmCE5+nj7QGiWrXPyxm9RRuxqPfF6JJVhiIM1XG qkkD4ftZ6d4tSVXfH5Ijr+pKpw8r5BkwUeYv4ebB0z1wIFFjnKrynTwHnu+e0JtCra8d+E+vQ LSNE0FRu5KmB0SDxOlbnI/vFSx0UuxJ2w+Nrnb+kPY96E7PBL5v+PCpDqj3DsUU1EV5lGXl9b umkCy3d+yiDtfN8jfHbtSmmnIT52Wh2KoTzw3gEJ4GfY/405Dw2v3TlQ3N4Df8k3cYDKcSeBE pBva8hU1COWRExJohNxsFM3f6PsuDcvzkm0y2ohn3+z6T/tc3kiH2EZGl33y4+RjOUd6A34hz 9wgU8YDkQBCC8AA1rI7Q== X-Rspamd-Queue-Id: 47J7TR5FK1z41mf X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-5.99 / 15.00]; TAGGED_RCPT(0.00)[freebsd]; NEURAL_HAM_MEDIUM(-1.00)[-0.995,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-0.99)[-0.994,0] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 16:30:20 -0000 On Wed, 20 Nov 2019 09:53:13 +0100, Tijl Coosemans wrote: > On Wed, 20 Nov 2019 08:52:00 +0100 Jacques Foucry > wrote: > > Hello there, > > > > I have a issue with cups. > > > > My laptop (ThinkPad X280) run FreeBSD 12.1-RELEASE. > > Cups version is 2.2.12. > > The printer is a Lexmark MB2236. > > > > I downloaded the PPD and install them with the provided shell script. > > > > Cupsd is lanched, and I can create my printer with the web interface. > > > > But I cannot print anything, even the test page. The result is "File not found". > > Which file, I don't know. > > > > I had to create manually /usr/lib/cups/filter. > > > > Before, with 12.0-RELEASE-p10 it was running well. There was some files in > > /usr/local/lib/cups. > > To make cups running I made a symlink between /usr/local/lib/cups and /usr/lib/ > > > > With 12.1-RELEASE, no more files or directory in /usr/local/lib (for cups). > > > > Is somebody could help me? > > I am lost with this problem. > > > > Thanks is advance. > > Try installing cups-filters. Additionally, the PPD file should be supplied during the course of creating a new printer using the web interface. No shell script is needed, and especially nothing should be done in /usr/lib for CUPS as CUPS is _not_ part of the OS and therefore should be confined to the /usr/local subtree. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Thu Nov 21 08:40:31 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E403E1B5A84 for ; Thu, 21 Nov 2019 08:40:31 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (enterprise.ximalas.info [IPv6:2001:700:1100:1::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ximalas.info", Issuer "Hostmaster ximalas.info" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JY0t4WNpz45G4 for ; Thu, 21 Nov 2019 08:40:30 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (Ximalas@localhost [127.0.0.1]) by enterprise.ximalas.info (8.15.2/8.15.2) with ESMTPS id xAL8eHC0031513 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Thu, 21 Nov 2019 09:40:17 +0100 (CET) (envelope-from trond.endrestol@ximalas.info) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ximalas.info; s=default; t=1574325617; bh=E7NpV0Rk7f+9pC9r/Z+Kw51fwVcnYUXmOOrtHWRzAdM=; h=Date:From:To:Subject; b=EyIMrf/IxyNmTIIGYW3VJ/F0YQ1HOkaD6AG2mWiQ9NncnY5Otle0eHfz7dpNQQAmL KPeDwrbuoNYKdZZxcBPb9Ode50c18l5cmJsLuWvdxqFmYywIebvWLMVSWxe+2DyDv1 IYpWM8SOZsiFRE2FraP0CrdJxsBkrLleSLiVMvJ9aNXmHhkAXD2F3F7mwFD28RYPAr 5QLS2zxiRQY88Uh2PR/JRZDHAb4sX9kxSeB3lzyMO9rHf9uKzcFnF2iLBV6LxPmdce KYzWQ57a4aqjO3tjt8WNTD5borRQyMQXpX56iDs6C2YDwnHYK2xKEfOiwJP2b8d9VK Fk2/zeIoifz8A== Received: from localhost (trond@localhost) by enterprise.ximalas.info (8.15.2/8.15.2/Submit) with ESMTP id xAL8eH7M031498 for ; Thu, 21 Nov 2019 09:40:17 +0100 (CET) (envelope-from trond.endrestol@ximalas.info) X-Authentication-Warning: enterprise.ximalas.info: trond owned process doing -bs Date: Thu, 21 Nov 2019 09:40:17 +0100 (CET) From: =?UTF-8?Q?Trond_Endrest=C3=B8l?= Sender: Trond.Endrestol@ximalas.info To: freebsd-questions@freebsd.org Subject: MySQL 5.7.28? Message-ID: User-Agent: Alpine 2.21.99999 (BSF 352 2019-06-22) OpenPGP: url=http://ximalas.info/about/tronds-openpgp-public-key MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on enterprise.ximalas.info X-Rspamd-Queue-Id: 47JY0t4WNpz45G4 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ximalas.info header.s=default header.b=EyIMrf/I; dmarc=pass (policy=none) header.from=ximalas.info; spf=pass (mx1.freebsd.org: domain of trond.endrestol@ximalas.info designates 2001:700:1100:1::8 as permitted sender) smtp.mailfrom=trond.endrestol@ximalas.info X-Spamd-Result: default: False [-3.89 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[ximalas.info:s=default]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[ximalas.info:+]; DMARC_POLICY_ALLOW(-0.50)[ximalas.info,none]; IP_SCORE(-1.89)[ip: (-7.58), ipnet: 2001:700::/32(-1.17), asn: 224(-0.67), country: NO(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:224, ipnet:2001:700::/32, country:NO]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 08:40:31 -0000 Hi, All current versions of MySQL and derivatives has been marked as vulnerable since 2019-11-02. What's the fate of MySQL 5.7.x? Will the ports tree be updated to 5.7.28? Should we switch a different branch or one the derivaties? -- Trond. From owner-freebsd-questions@freebsd.org Thu Nov 21 09:41:49 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1D9991B7507 for ; Thu, 21 Nov 2019 09:41:49 +0000 (UTC) (envelope-from SRS0=z97L=ZN=perdition.city=julien@bebif.be) Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90]) by mx1.freebsd.org (Postfix) with ESMTP id 47JZMc0Nrnz48Wq for ; Thu, 21 Nov 2019 09:41:47 +0000 (UTC) (envelope-from SRS0=z97L=ZN=perdition.city=julien@bebif.be) Received: from p52s (unknown [10.209.1.101]) by orval.bbpf.belspo.be (Postfix) with ESMTPS id 879891D502AD for ; Thu, 21 Nov 2019 10:41:45 +0100 (CET) Date: Thu, 21 Nov 2019 10:41:40 +0100 From: Julien Cigar To: freebsd-questions@freebsd.org Subject: SSH certificates Message-ID: <20191121094140.GA1374@p52s> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47JZMc0Nrnz48Wq X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=z97L=ZN=perdition.city=julien@bebif.be designates 193.191.208.90 as permitted sender) smtp.mailfrom=SRS0=z97L=ZN=perdition.city=julien@bebif.be X-Spamd-Result: default: False [-4.49 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_NONE(0.00)[90.208.191.193.list.dnswl.org : 127.0.10.0]; IP_SCORE(-3.09)[ip: (-9.25), ipnet: 193.191.192.0/19(-4.62), asn: 2611(-1.57), country: BE(-0.01)]; FORGED_SENDER(0.30)[julien@perdition.city,SRS0=z97L=ZN=perdition.city=julien@bebif.be]; RCVD_NO_TLS_LAST(0.10)[]; R_DKIM_NA(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE]; FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=z97L=ZN=perdition.city=julien@bebif.be]; DMARC_NA(0.00)[perdition.city]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 09:41:49 -0000 Hello, I'd like to setup an automated mechanism to replace SSH keys and autorized_keys management with SSH certificates. Basically every member of the team who arrives in the morning should authenticate to an authority (some daemon in a very secure jail which implement a local CA + key sign) and should receive back a signed certificate with a validity period of x hours. After digging a little I found https://smallstep.com/certificates/ and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm wondering if there were others similar tools ..? Thanks! Julien -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. From owner-freebsd-questions@freebsd.org Thu Nov 21 11:25:44 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 40A551BA3A2 for ; Thu, 21 Nov 2019 11:25:44 +0000 (UTC) (envelope-from chris@cretaforce.gr) Received: from relay1.cretaforce.gr (relay1.cretaforce.gr [195.201.253.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.cretaforce.gr", Issuer "RapidSSL RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JcgT6wkdz4Fbm for ; Thu, 21 Nov 2019 11:25:41 +0000 (UTC) (envelope-from chris@cretaforce.gr) Received: from server1.cretaforce.gr (server1.cretaforce.gr [138.201.248.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.cretaforce.gr", Issuer "RapidSSL RSA CA 2018" (verified OK)) by smtp1.cretaforce.gr (Postfix) with ESMTPS id C189E1F48B for ; Thu, 21 Nov 2019 13:25:33 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cretaforce.gr; s=cretaforce; t=1574335533; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FjjqAzN03Wpt1XTd59t2oCWOhJTqBBuVDJiAZq/AL+Q=; b=b/TXEzSTsWX72mLlvxpism5+/bCMUzqg8f2Wcfxln4N8hIyBuIfqwuQ2/tV0s8y1R7ixwM xWhogE7oPdQtRjwBHfvGu4pvxH4FXBwgyduIeBba7LvCgiROd56lpQR8E5xGTGUzO6AbYI y/DTnUeqldWnYsMRujeBTsH9fw8bMEM= Received: from christoss-air.fritz.box (ppp-94-64-150-254.home.otenet.gr [94.64.150.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: chris@cretaforce.gr) by server1.cretaforce.gr (Postfix) with ESMTPSA id 8B4C127364 for ; Thu, 21 Nov 2019 13:25:33 +0200 (EET) From: Christos Chatzaras Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\)) Subject: Re: MySQL 5.7.28? Date: Thu, 21 Nov 2019 13:25:32 +0200 References: To: FreeBSD Mailing List In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3601.0.10) X-Rspamd-Queue-Id: 47JcgT6wkdz4Fbm X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cretaforce.gr header.s=cretaforce header.b=b/TXEzST; dmarc=none; spf=pass (mx1.freebsd.org: domain of chris@cretaforce.gr designates 195.201.253.145 as permitted sender) smtp.mailfrom=chris@cretaforce.gr X-Spamd-Result: default: False [-4.98 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.201.253.145]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[cretaforce.gr:+]; RCVD_IN_DNSWL_LOW(-0.10)[145.253.201.195.list.dnswl.org : 127.0.5.1]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.88)[ip: (-9.17), ipnet: 195.201.0.0/16(-3.57), asn: 24940(-1.64), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:24940, ipnet:195.201.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[254.150.64.94.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[cretaforce.gr:s=cretaforce]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cretaforce.gr]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_LOW(-1.00)[cretaforce.gr.dwl.dnswl.org : 127.0.5.1]; SUBJECT_ENDS_QUESTION(1.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 11:25:44 -0000 > All current versions of MySQL and derivatives has been marked as > vulnerable since 2019-11-02. > > What's the fate of MySQL 5.7.x? > Will the ports tree be updated to 5.7.28? > Should we switch a different branch or one the derivaties? Check this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241920 From owner-freebsd-questions@freebsd.org Thu Nov 21 11:38:04 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8E72D1BAA33 for ; Thu, 21 Nov 2019 11:38:04 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (enterprise.ximalas.info [IPv6:2001:700:1100:1::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ximalas.info", Issuer "Hostmaster ximalas.info" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Jcxl1WG3z4GLC for ; Thu, 21 Nov 2019 11:38:02 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (Ximalas@localhost [127.0.0.1]) by enterprise.ximalas.info (8.15.2/8.15.2) with ESMTPS id xALBbshb015821 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Thu, 21 Nov 2019 12:37:54 +0100 (CET) (envelope-from trond.endrestol@ximalas.info) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ximalas.info; s=default; t=1574336274; bh=BHGApGfZu4Y1k5n3b8A9rmdBdyHA/Ek+EpP8W4FdAa8=; h=Date:From:To:Subject:In-Reply-To:References; b=sjgF8MisneRDNLSUJ5deU6vrV3vCQ5yUpVLTVcIP+FpXDHqvzLo4wAKXnzPaPcz24 4pvOhWXEWKPUatRIXWCD6ZqrcXf8wfMyFh4M9wumuXGphq9wyEMt2B09ktfY08NFVf W4S9MPlMbhvqj1DUdnYaRbQcnHXWVRGPFeOzGNVzFOZPd3Y58EdS4gTZfHgHdvsrz7 kQ/1KDg4pLOaOed10//8wlKLSq6PZFmOpJ9dGLUa6qIg+4aBBDu1gShax5h/+sdRV3 QOab4NONdrFgezAWJUkBitO683MlRYG8mxBgByyDF1Z46u7/Ild+koq7rCZdWNp7r7 gYCG8nxJc7HYg== Received: from localhost (trond@localhost) by enterprise.ximalas.info (8.15.2/8.15.2/Submit) with ESMTP id xALBbrRD015814 for ; Thu, 21 Nov 2019 12:37:53 +0100 (CET) (envelope-from trond.endrestol@ximalas.info) X-Authentication-Warning: enterprise.ximalas.info: trond owned process doing -bs Date: Thu, 21 Nov 2019 12:37:53 +0100 (CET) From: =?UTF-8?Q?Trond_Endrest=C3=B8l?= Sender: Trond.Endrestol@ximalas.info To: FreeBSD Mailing List Subject: Re: MySQL 5.7.28? In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21.99999 (BSF 352 2019-06-22) OpenPGP: url=http://ximalas.info/about/tronds-openpgp-public-key MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on enterprise.ximalas.info X-Rspamd-Queue-Id: 47Jcxl1WG3z4GLC X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ximalas.info header.s=default header.b=sjgF8Mis; dmarc=pass (policy=none) header.from=ximalas.info; spf=pass (mx1.freebsd.org: domain of trond.endrestol@ximalas.info designates 2001:700:1100:1::8 as permitted sender) smtp.mailfrom=trond.endrestol@ximalas.info X-Spamd-Result: default: False [-3.86 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[ximalas.info:s=default]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-1.86)[ip: (-7.45), ipnet: 2001:700::/32(-1.16), asn: 224(-0.67), country: NO(-0.01)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[ximalas.info:+]; DMARC_POLICY_ALLOW(-0.50)[ximalas.info,none]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:224, ipnet:2001:700::/32, country:NO]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 11:38:04 -0000 On Thu, 21 Nov 2019 13:25+0200, Christos Chatzaras wrote: > Check this: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241920 Thanks. -- Trond. From owner-freebsd-questions@freebsd.org Thu Nov 21 12:00:14 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CC0881BBB9F for ; Thu, 21 Nov 2019 12:00:14 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47JdRK5VH5z4HnK for ; Thu, 21 Nov 2019 12:00:13 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id E8FC2223FA for ; Thu, 21 Nov 2019 07:00:11 -0500 (EST) Received: from imap6 ([10.202.2.56]) by compute7.internal (MEProxy); Thu, 21 Nov 2019 07:00:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=wrkgP R7vo09NUrDMzyQ+BeFQfyQWOhX/dN2w8IopUy4=; b=SIf4y24HWltPwy8J95M5e 2bfo/u1idmsSEKdxxLhsi3ze0CsgSejbmMFiU3ksGup71iWvKm9OxUT+8FupTbX4 LKWrrSHtbhYp46xTN17rNA/A6PR4rwWHYHP91d+eu3C3YIs8jeJE9TS+YWEzzeXt MXGTNUa7hDWlWKZAQbPTPdvZIlDaNgJdGZlJQ+qGd6/i08KdSnSXX0Im738OUw6r gluZU/OVyACnBm559gJc4iz8qq840I1AKlEq3M5CI226kSl+B1K5sAlj08BzHxUl jfjoHEJHhB8kX6fBpHwtyGPtiWjFyAAHhlnjmcvopSL1Y0vqwV59CK3Mmdx4sYds Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=wrkgPR7vo09NUrDMzyQ+BeFQfyQWOhX/dN2w8IopU y4=; b=vghrnuzDinFjoj3o6JMJXTSnlYJjqpmaGPbUluLRGX/EE4Ai18E6j9NVW v920MoAZwp4z0jBhkUm4+7PC2htVmArK8NtrbPbgachJd6dGz/ssJ4b9xrOkP9RP kyMjsxxU60+A7nERbOM5eAGYLWavfC3s7WNA+OT6IcVkt7qKY3OXF3IwL1vwF7gO 8OUmqzg4YJKpCwLZ/IoSR4qgWGEWoQq8ZOOO/K9LeSqgk+Auee8ky4Gc6SHYMimx 00mPKP266MuU0ox8kivR2MjPgc+b/6Oxo6yqxFpSX9CCve+X6+4FB+HBWuXhL7xy ZSn7nk7VfsI0zYSgj/j4uFfB5nsYQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudehvddgfeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdffrghvvgcuvehothhtlhgvhhhusggvrhdfuceouggt hhesshhkuhhnkhifvghrkhhsrdgrtheqnecuffhomhgrihhnpehvrghulhhtphhrohhjvg gtthdrihhopdhsmhgrlhhlshhtvghprdgtohhmpdhhrggsvghtshdrshgvpdhophgvnhgs shgurdhorhhgnecurfgrrhgrmhepmhgrihhlfhhrohhmpegutghhsehskhhunhhkfigvrh hkshdrrghtnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7F9ED1400A2; Thu, 21 Nov 2019 07:00:11 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-578-g826f590-fmstable-20191119v1 Mime-Version: 1.0 Message-Id: <6cd8c401-8867-4a8c-be8f-e2d2a69c740f@www.fastmail.com> In-Reply-To: <20191121094140.GA1374@p52s> References: <20191121094140.GA1374@p52s> Date: Thu, 21 Nov 2019 12:59:51 +0100 From: "Dave Cottlehuber" To: freebsd-questions Subject: Re: SSH certificates Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 47JdRK5VH5z4HnK X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=skunkwerks.at header.s=fm3 header.b=SIf4y24H; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=vghrnuzD; dmarc=none; spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 66.111.4.29 as permitted sender) smtp.mailfrom=dch@skunkwerks.at X-Spamd-Result: default: False [-5.08 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm3,messagingengine.com:s=fm1]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.29]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[skunkwerks.at]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; IP_SCORE(-3.49)[ip: (-9.83), ipnet: 66.111.4.0/24(-4.87), asn: 11403(-2.68), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+]; MV_CASE(0.50)[]; RCVD_IN_DNSWL_LOW(-0.10)[29.4.111.66.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_WWW(0.50)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 12:00:15 -0000 On Thu, 21 Nov 2019, at 10:41, Julien Cigar wrote: > Hello, >=20 > I'd like to setup an automated mechanism to replace SSH keys and > autorized_keys management with SSH certificates. Basically every membe= r > of the team who arrives in the morning should authenticate to an > authority (some daemon in a very secure jail which implement a local C= A > + key sign) and should receive back a signed certificate with a validi= ty > period of x hours. >=20 > After digging a little I found https://smallstep.com/certificates/=20 > and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm > wondering if there were others similar tools ..? >=20 > Thanks! You can do all of that manually and there is a very nice book that cover= s it in ssh mastery or go through these https://man.openbsd.org/ssh-keygen#CERTIFICATES https://blog.habets.se/2011/07/OpenSSH-certificates.html smallstep is very nice and I=E2=80=99ve considered packaging it. At work= we use vault extensively and I haven=E2=80=99t used it for this purpose= but it should do very nicely https://www.vaultproject.io/docs/secrets/s= sh/signed-ssh-certificates.html and it=E2=80=99s already in ports. Personally I am not keen on having such a large trust perimeter but it w= ill likely depend on your preference for automation vs convenience. A+ Dave From owner-freebsd-questions@freebsd.org Thu Nov 21 13:55:50 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E08AB1BF6AC for ; Thu, 21 Nov 2019 13:55:50 +0000 (UTC) (envelope-from luciano@vespaperitivo.it) Received: from baobab.bilink.net (baobab.bilink.net [212.45.144.44]) by mx1.freebsd.org (Postfix) with ESMTP id 47Jh0j5GqMz4QLT for ; Thu, 21 Nov 2019 13:55:49 +0000 (UTC) (envelope-from luciano@vespaperitivo.it) Received: from baobab.bilink.net (localhost [127.0.0.1]) by baobab.bilink.it (Postfix) with ESMTP id 47Jh0h2PPGz1ftWf for ; Thu, 21 Nov 2019 14:55:48 +0100 (CET) Received: from hermes.mcs.it (hermes.mcs.it [192.168.132.21]) by baobab.bilink.it (Postfix) with ESMTP id 47Jh0h1fbfz1ftWV for ; Thu, 21 Nov 2019 14:55:48 +0100 (CET) Received: from mordeus (unknown [192.168.45.6]) by hermes.mcs.it (Postfix) with ESMTP id 17EAF4D274B for ; Thu, 21 Nov 2019 14:55:48 +0100 (CET) Date: Thu, 21 Nov 2019 14:55:38 +0100 From: Luciano Mannucci To: freebsd-questions@freebsd.org Subject: Root filesystem X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.2) X-Face: 4qPv4GNcD; h<7Q/sK>+GqF4=CR@KmnPkSmwd+#%\F`4yjKO3"C]p'z=(oWRnsYBQGM\5g:4skqQY0NnV'dM:Mm:^/_+I@a"; [-s=ogufdF"9ggQ'=y MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <47Jh0h1fbfz1ftWV@baobab.bilink.it> X-Virus-Scanned: PippoLillo, ClamAV using ClamSMTP X-Rspamd-Queue-Id: 47Jh0j5GqMz4QLT X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of luciano@vespaperitivo.it designates 212.45.144.44 as permitted sender) smtp.mailfrom=luciano@vespaperitivo.it X-Spamd-Result: default: False [-5.17 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.45.144.0/24]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[vespaperitivo.it]; RCVD_IN_DNSWL_NONE(0.00)[44.144.45.212.list.dnswl.org : 127.0.10.0]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8816, ipnet:212.45.128.0/19, country:IT]; IP_SCORE(-2.97)[ip: (-7.98), ipnet: 212.45.128.0/19(-3.99), asn: 8816(-2.91), country: IT(0.03)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 13:55:50 -0000 I would like to move the root filesystem of one of my FreeBSD machines keeping the boot slice and reusing the space for another partition. Can it be done? I know you can tell from which disk to boot at the initial prompt by escaping to the prompt and setting a variable; can this be saved for next boot? where do I find the docs about the details of this? I've had a look at the handbook but it doesn't seem to cover nonstandard things... Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster@sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From owner-freebsd-questions@freebsd.org Thu Nov 21 17:47:24 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5D8781C61B6 for ; Thu, 21 Nov 2019 17:47:24 +0000 (UTC) (envelope-from luciano@vespaperitivo.it) Received: from baobab.bilink.net (baobab.bilink.net [212.45.144.44]) by mx1.freebsd.org (Postfix) with ESMTP id 47Jn7v03Gqz3D77 for ; Thu, 21 Nov 2019 17:47:22 +0000 (UTC) (envelope-from luciano@vespaperitivo.it) Received: from baobab.bilink.net (localhost [127.0.0.1]) by baobab.bilink.it (Postfix) with ESMTP id 47Jn7s1T2Hz1ftWV for ; Thu, 21 Nov 2019 18:47:21 +0100 (CET) Received: from hermes.mcs.it (hermes.mcs.it [192.168.132.21]) by baobab.bilink.it (Postfix) with ESMTP id 47Jn7s0jZ4z1ftWX for ; Thu, 21 Nov 2019 18:47:21 +0100 (CET) Received: from mordeus (unknown [192.168.45.6]) by hermes.mcs.it (Postfix) with ESMTP id E75E94D2698 for ; Thu, 21 Nov 2019 18:47:20 +0100 (CET) Date: Thu, 21 Nov 2019 18:47:10 +0100 From: Luciano Mannucci To: freebsd-questions@freebsd.org Subject: Re: Root filesystem In-Reply-To: <47Jh0h1fbfz1ftWV@baobab.bilink.it> References: <47Jh0h1fbfz1ftWV@baobab.bilink.it> X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.2) X-Face: 4qPv4GNcD; h<7Q/sK>+GqF4=CR@KmnPkSmwd+#%\F`4yjKO3"C]p'z=(oWRnsYBQGM\5g:4skqQY0NnV'dM:Mm:^/_+I@a"; [-s=ogufdF"9ggQ'=y MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <47Jn7s0jZ4z1ftWX@baobab.bilink.it> X-Virus-Scanned: PippoLillo, ClamAV using ClamSMTP X-Rspamd-Queue-Id: 47Jn7v03Gqz3D77 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of luciano@vespaperitivo.it designates 212.45.144.44 as permitted sender) smtp.mailfrom=luciano@vespaperitivo.it X-Spamd-Result: default: False [-5.19 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.45.144.0/24]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[vespaperitivo.it]; RCVD_IN_DNSWL_NONE(0.00)[44.144.45.212.list.dnswl.org : 127.0.10.0]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8816, ipnet:212.45.128.0/19, country:IT]; IP_SCORE(-2.99)[ip: (-8.02), ipnet: 212.45.128.0/19(-4.01), asn: 8816(-2.95), country: IT(0.03)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 17:47:24 -0000 On Thu, 21 Nov 2019 14:55:38 +0100 Luciano Mannucci wrote: > I know you can tell from which disk to boot at the > initial prompt by escaping to the prompt and setting a variable; can > this be saved for next boot? Apparently not. According to TFM, "gptboot searches through freebsd-ufs partitions in the GPT and selects one to boot based on the bootonce and bootme attributes. If neither attribute is found, /boot/gptboot boots from the first freebsd-ufs partition." So no way to make it boot from another disk. To achieve that I need a boot loader (such as grub), which would do the trick. A bit too much fuss. I think I will reformat the disk and partition it with a freebsd-boot partition, that would happily boot if I install the needed stages with gpart... Sorry for the noise, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster@sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From owner-freebsd-questions@freebsd.org Thu Nov 21 17:57:16 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 206C51C66AE for ; Thu, 21 Nov 2019 17:57:16 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JnMG5nK2z3Dh4 for ; Thu, 21 Nov 2019 17:57:14 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-ot1-x336.google.com with SMTP id 94so3721675oty.8 for ; Thu, 21 Nov 2019 09:57:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RoeMyjr7aAsKEkI1exm3qD46UmShP1Mn2Dc3wzPFK0I=; b=YHWwuLbAYePXChdxOGLI+A3HEzaUWP/xiOnURP6ZMVSS/apXngXcJm/pGnQCr6anig 71DVWEhtspM026wxFujM4M+YlYQI1JN2PAhkW/jpr8bEjXANw0ATBhKdFzge0mvrzX50 2Q2XkWKsJmuB7n9qeOhr15/4BG3OJswo1ZgM+J9LVepP9OYHv1/b1T6nV6jLA4aRjf5v eq8twft2w0nT7IhzWIgA0wdYmz3WVlGtTwR+RfNdnACvA1YlpWhxKa97slwvveLTt4lA iXZiSqMYehi78yj4/qQCd5uBdS5hlde7L4BlJDz/9pI5Q/GQwVHcSyzJlQwT7NnLo89E HKhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RoeMyjr7aAsKEkI1exm3qD46UmShP1Mn2Dc3wzPFK0I=; b=SvtKfTQSdvEDF8iNIPrZ6/pXfvkLibu8RgS/uOKn+4y3KcHonCZCdmGWtYhFfZQuvr rMHpRFp5FRnIVGKQ3Gw5snL5PpLyicaUCq0xIhfMpZJ9nkc6jrh3W7vJq7oa1nvFtwsf Gz+aHuAFif0qfLzD5tB9SbHSdBsxTWWzuRGlkGvQOyFIpUFPle+J/pjlHCZVzGEJOiC6 Cpx17sTtrbeWl0ME2jALrv0QDj1lnVSPYGVwuNfwwRTw+BU8HmmzbBi47Fn6TOJbYoKm +Kw9gWRlYUBbVfx7BSGP8JgUeHCH6sN4/qSv5YLwspLUGAiXPHklvr086tbC5/VGwjMa zFGw== X-Gm-Message-State: APjAAAWjkxDQWxh4L2ueuhoZEK8egJCxujU8e+8ghQXEk1jRKluk2nas DDL4Zg6UaxdkdE0tgZsRn/MR/epPVXE= X-Google-Smtp-Source: APXvYqyfAy9Y9eJSgp3c9S5PjuQO38L/8CWmYEZCbK1Xp+tdsqitFD2kwuJmbobXaZiZq4ogDiuowg== X-Received: by 2002:a05:6830:1b65:: with SMTP id d5mr7237781ote.122.1574359032709; Thu, 21 Nov 2019 09:57:12 -0800 (PST) Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com. [209.85.167.174]) by smtp.gmail.com with ESMTPSA id v11sm1202470ota.13.2019.11.21.09.57.11 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Nov 2019 09:57:12 -0800 (PST) Received: by mail-oi1-f174.google.com with SMTP id v138so4009222oif.6 for ; Thu, 21 Nov 2019 09:57:11 -0800 (PST) X-Received: by 2002:aca:7583:: with SMTP id q125mr8503872oic.168.1574359031353; Thu, 21 Nov 2019 09:57:11 -0800 (PST) MIME-Version: 1.0 References: <47Jh0h1fbfz1ftWV@baobab.bilink.it> <47Jn7s0jZ4z1ftWX@baobab.bilink.it> In-Reply-To: <47Jn7s0jZ4z1ftWX@baobab.bilink.it> From: Tomasz CEDRO Date: Thu, 21 Nov 2019 18:56:58 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Root filesystem To: Luciano Mannucci Cc: FreeBSD Questions Mailing List Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 47JnMG5nK2z3Dh4 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=YHWwuLbA; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::336) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-4.80 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cedro.info]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[6.3.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.50)[ip: (-8.18), ipnet: 2607:f8b0::/32(-2.29), asn: 15169(-1.97), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 17:57:16 -0000 I have similar problem - after install with manual MBR+GPT+ZFS - I need to always type by hand in the bootloader prompt where loader is located then selecting currdev and loading kernel, geom_eli, zfs.. although they are all listed in /boot/loader.conf. There is a separate partition for boot-mbr and boot-gpt. None of them seem to recognize zfs:zroot/ROOT/default in a proper way. Default bsdinstall does not allow selecting rootsize. I have already reported a feature request for that. Otherwise bsdinstall makes things work. -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-questions@freebsd.org Thu Nov 21 18:13:24 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9F7BD1C6FCF for ; Thu, 21 Nov 2019 18:13:24 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Jnjv4JbDz3Ftn for ; Thu, 21 Nov 2019 18:13:23 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mail-oi1-x235.google.com with SMTP id v138so4059293oif.6 for ; Thu, 21 Nov 2019 10:13:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+JWRGKSw+48fQ1kIAf5T40e9kQDEbSPKOFp1+akEOl8=; b=N90JFZj4qtIEetybdqlxgqT3D9jQiaPPTNRCnXCgD3MoqNXdp7/Qltgd6SOLhn/iHo cA+UE3426sksG/iLmwYU3itvtGv55pL7N6ExDyj76ZV6sU2YUrxsnAKn29A1j4wlEfBj 9EF2prp3qtH1pm3KlukgBXXsSNbos2kzHeYV5Ip29vBj8ofSYLSKdB3dvf8yOc5JF8kh snSb5C8b6LX4azJCs6f3M5EUZV/pYHjYBXEoANNFNJmDJO3+rAKUbiYnWOX16HHod2Eg rjPoX2xzXQgww0N0CspHEso/FM8q5U0SotrhEF8ErpPce24AxGT0MiKBiaILoZSDYQ0Z MwTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+JWRGKSw+48fQ1kIAf5T40e9kQDEbSPKOFp1+akEOl8=; b=aRQyKDI7lGYPhCpHZAbht2yQ36MGhYMswrmeqT+Cdx3ZUoaAr3MM8RjWMH/5lNxlLN n9NrYFbcaP2PZi47ExzduHYPqcBdu1qg18whCeIHC8XywOt6PT1G2OhknQgX1TnsfEN6 KCk1q5lfGK21zhac2mojuMTEv1SlV52Y+6+uQprPh6fpIaq8Okyb9TLb45qGtl8l1Utm R88RYQ51U12PkEjjuZ5UVu2i4zYmhHDRKeVo1rGotFDtMW0DkrXQWCx1nuQwkK1UqGMc kzHODI83oko6IN7+FiaMf+Gfp039zmsZ+i3VQdPHxo9MUPhoQpYkknDIu+ORSXKIqYTb ufbA== X-Gm-Message-State: APjAAAV/WPf+biUHp+/GY4yq+318097rJ6jimB4HCArdfrBj/t3GxJBj obz/j8j9bfSunmz1M/MKwiXBbMHJ9nsg2sOthwbJyKjkxbw= X-Google-Smtp-Source: APXvYqyh19rxKQ/8dPB67zPIj/+RVmpFMwWFpZ9jSEhQTjt7yXbdBfJ3iA0RoflWRzQHz7V95PdC1rMZJmeUyRxYlfE= X-Received: by 2002:a54:4783:: with SMTP id o3mr8721500oic.33.1574360001960; Thu, 21 Nov 2019 10:13:21 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Odhiambo Washington Date: Thu, 21 Nov 2019 21:12:46 +0300 Message-ID: Subject: Re: MySQL 5.7.28? To: =?UTF-8?Q?Trond_Endrest=C3=B8l?= Cc: User Questions X-Rspamd-Queue-Id: 47Jnjv4JbDz3Ftn X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=N90JFZj4; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of odhiambo@gmail.com designates 2607:f8b0:4864:20::235 as permitted sender) smtp.mailfrom=odhiambo@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; IP_SCORE(0.00)[ip: (-8.82), ipnet: 2607:f8b0::/32(-2.29), asn: 15169(-1.97), country: US(-0.05)]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[5.3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; SUBJECT_ENDS_QUESTION(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 18:13:24 -0000 On Thu, 21 Nov 2019 at 11:40, Trond Endrest=C3=B8l wrote: > Hi, > > All current versions of MySQL and derivatives has been marked as > vulnerable since 2019-11-02. > > What's the fate of MySQL 5.7.x? > Will the ports tree be updated to 5.7.28? > Should we switch a different branch or one the derivaties? > > -- > Trond. > > > Hi Trond, I migrated from 5.7 to 8.x. The only trouble I got is that in 8.x, you cannot name a table as "groups", so any table I had that had such a name I renamed to mygroups. I had to change all code referring to such a table as well. So go ahead and move to mysql-8.x with that in mind. --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) From owner-freebsd-questions@freebsd.org Thu Nov 21 23:09:59 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F260E1CD7CF for ; Thu, 21 Nov 2019 23:09:59 +0000 (UTC) (envelope-from walterp@gmail.com) Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JwJ65Nymz44Cp for ; Thu, 21 Nov 2019 23:09:58 +0000 (UTC) (envelope-from walterp@gmail.com) Received: by mail-io1-xd2a.google.com with SMTP id k1so5546080ioj.6 for ; Thu, 21 Nov 2019 15:09:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Syha8/3NMcj9zM6PsxrhKvFXtVCJW6xT0F4sCuBFUjI=; b=UIbHVLF4c5MfRoveU+4TmMwk2kI4HBCNbgtKcAMpFahdKyF0G7LnG3WeYc3VYnYd1a /Lpv8Y9r9uEu/wKs5vZ9OhF69qUq1CHbSIAppAjqYUJFDogRb0kJVBGAl3z/2O2rLCe7 umxmlruVXoSheRl197m2v0kGtlvsp86Sagvf07DeG5Za8zGS81C8nPxmN79oDOxo6S3+ YO5bqakzie3JxsDSkCi0zzmektmagEVgNCSoLY2QDW1UWFgTa/a5ufNY8Xh+LmQeyk7W XqPHXNvYLR7OUh872DQxsokG6FEURI8RObm0tucDxmsboASjQCK6MQ9se3/eAMgwCkOk XmfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Syha8/3NMcj9zM6PsxrhKvFXtVCJW6xT0F4sCuBFUjI=; b=hFAFVgErPBJSl+IBASJ2qq2VoPisdtT/KgcQWOWc1EafMUvjhPMTozP/Ezun0TFVpy vko7Epy4Z6Y1J2UPd2ZmRrht7vxX+RY4HYoMk+aPyoN9Lp33R2+i/sjn4zY5q0OWxzN/ 8B5WLe7amv/wE1xN2nLKSbiWwTJSRRccOqSqc0tJg5TJ4J7jQE3L+9kpea/TBQwO07NO OuvGypWr5t6xcKD0qrXiF2yF6i1T572u+O5vvG3CqEinLroakTMCWzvpN7n5DcJYKMeE +t9RljihinTNUFyVKnp7g6osM86YNY0dA1Yr4ob3DiuHx2OxbEraTUuzlmLha3z2bFoW 1Yxg== X-Gm-Message-State: APjAAAVhVJ+KZpu2tgq6UHbc2DE+EfycGooW/LOx5SJuNL2Fy3vOxqEN jLjlxaV2Fkh/i+BuFRwiu3pdTOlh+ZGNBryaFIoi5ijk X-Google-Smtp-Source: APXvYqwmbjNAmSDokr2kEJM15wx+sjjT426MVe8Sa4S7u6tqgouLoGxZZSLktnCXV/DWC66FUy1Flk26BbgKimWrSSo= X-Received: by 2002:a6b:c809:: with SMTP id y9mr10631499iof.232.1574377797289; Thu, 21 Nov 2019 15:09:57 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Walter Parker Date: Thu, 21 Nov 2019 15:09:48 -0800 Message-ID: Subject: SSH certificates To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 47JwJ65Nymz44Cp X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=UIbHVLF4; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of walterp@gmail.com designates 2607:f8b0:4864:20::d2a as permitted sender) smtp.mailfrom=walterp@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(0.00)[ip: (-6.27), ipnet: 2607:f8b0::/32(-2.29), asn: 15169(-1.97), country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[a.2.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 23:10:00 -0000 > > > Message: 3 > Date: Thu, 21 Nov 2019 10:41:40 +0100 > From: Julien Cigar > To: freebsd-questions@freebsd.org > Subject: SSH certificates > Message-ID: <20191121094140.GA1374@p52s> > Content-Type: text/plain; charset=utf-8 > > Hello, > > I'd like to setup an automated mechanism to replace SSH keys and > autorized_keys management with SSH certificates. Basically every member > of the team who arrives in the morning should authenticate to an > authority (some daemon in a very secure jail which implement a local CA > + key sign) and should receive back a signed certificate with a validity > period of x hours. > > After digging a little I found https://smallstep.com/certificates/ > and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm > wondering if there were others similar tools ..? > > Thanks! > > Julien > > > -- > Julien Cigar > Belgian Biodiversity Platform (http://www.biodiversity.be) > PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 > No trees were killed in the creation of this message. > However, many electrons were terribly inconvenienced. > > Look at https://github.com/gravitational/teleport (The source build should work on FreeBSD) it is a full security gateway. It uses SSH certificates. Or BLESS from Netflix https://github.com/Netflix/bless It uses an AWS Lambda function to sign SSH public keys. Walter -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis From owner-freebsd-questions@freebsd.org Thu Nov 21 23:52:40 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7707E1CE5C7 for ; Thu, 21 Nov 2019 23:52:40 +0000 (UTC) (envelope-from dvoich@aim.com) Received: from sonic316-21.consmr.mail.ne1.yahoo.com (sonic316-21.consmr.mail.ne1.yahoo.com [66.163.187.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47JxFM1FGbz46XJ for ; Thu, 21 Nov 2019 23:52:38 +0000 (UTC) (envelope-from dvoich@aim.com) X-YMail-OSG: ZjQLfdwVM1mjWt_y9o_cxWEm8LnEiXkAQDENlT0jvA9MeHFuVoVPkLGSrAndBdR NGGuu4zZkY12w3KyJnDiltfMbEQyELzS.VjecSmdiaXswzoT17kZ6xlDlxxrw7L7JbytuQlRzMQJ 1lUN82X8VdBqmgND3PSIzQuzKlA_cSey5vnZ7mnowjEfTv5c757RAg.I8XOxKRFun2UD2tr31yjI GQr3W0sooo6.tHT6ewgXFOBW1BmCau96DW49RZWqT91AnI.KkgDQeHMkQWGd8rF5BO_iDOzybPRM osN6pTOTuIULqxDlGRFKur9oBe7LR14xHh9zlZSvcqhrullTXsRDKMKFLPpXc7lp65zX8ULnyQ6F yNW_FFq1_2e6X8sFRqTcUUaWausv3qJlmPmtWafa38zu0ZtUYq_sEiUGWKerpKdYbOHbpA16rMHn sqfMwTOp4L8txADbiWNLhSZlYkHdTufwaJAW0IKznq1j1lBHcZZykN8fzx7fc_Dn_w9KzdGcaRva 3We3p2iBhkpXkXb8AFhXF7XNE2S9onM0KSdUrsfSn.vbPqiDmzbXSMOg4.NnPPoYUxoJqdCNhCYb 79FkqngQRIafFRN.aZFHs6bOEp1b5TFj2HKNRDhSk4oMRN3fsAR17ad94G72a3THMPLk1Z9qBdVB oOolEWJu5.db1L90ycg830y1wACvOUhKWjysmcSUI8Bvg8wpaqCIYHf8iShqcqyr38sRwuNe2mHP HryeVADSH2Bq9nfApSSkBHh5M8B.NaixCUmMwo_EcpyCVVC36yEKA0Y_BgU6QkVq47Q2WtwwPmZU sughjActa.QT6td5CAZ8dLnLjfW4JmgsXJCvv7m5_MfogKsE4X6EUidegrRUxoz5FBpfH9eNq1fS B03j97z_RdBn7Gz0CKTTnvlj2u2KgVURe6ouNnLa3Vnr31EA2Am30u.waqM1pNBcg3pnvGoRdWuX Mlk7Lx9Ym0D6NACWK4Pf6TWy1qxeDmqV_YwJ7RSdWO0oHO1p_in9OEPZPjB7TfnJoA_qJZTohGJ6 Vz7LE1t_77vBTImEn4Zsp8jlR_ckmxL8NyH_UkTSU7sFYpsSrC_Q2fza06_wJziiZrU.MmVZDvhM FpxHJ63Ygairw7wjMCQWXHJU8SK8tUuPlX2LF9ljJ5aT65mpdpaQ7n3DD3Uzs17kpbykqvAlSsJb 55vFDrM0Q8FL0zcZKKjoHFtIBQm_HfFRc8YAS9m5IojxfWPW7BEgh5Yo9ku6xIxtT0vqeSOcoQl5 0wfYknsdkPY8dVduYkzpz9_m.5XGG.mYa7kYjkOPl4OROZkvqGzpJSfwA6hY6ltIwFq8CwJgDA.j AuSankTwO_Hi4cjOTYLwQNhxJgUh.fj2qpRR_EsPiW14z_NII85m5ymZkO3kN73wv Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Thu, 21 Nov 2019 23:52:37 +0000 Received: by smtp432.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 913ff7813d0056d9b4c6af42cc90e3eb; Thu, 21 Nov 2019 23:52:35 +0000 (UTC) Date: Thu, 21 Nov 2019 18:52:33 -0500 From: "Vlad D. Markov" To: Walter Parker Cc: freebsd-questions@freebsd.org Subject: Re: SSH certificates Message-Id: <20191121185233.b43d056e0212c2b8c3d25b9b@aim.com> In-Reply-To: References: X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47JxFM1FGbz46XJ X-Spamd-Bar: + X-Spamd-Result: default: False [1.16 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[aim.com:s=a2048]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[aim.com]; R_SPF_ALLOW(-0.20)[+ip4:66.163.184.0/21]; MIME_GOOD(-0.10)[text/plain]; MV_CASE(0.50)[]; NEURAL_SPAM_MEDIUM(0.72)[0.723,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[aim.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[147.187.163.66.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[aim.com,reject]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; NEURAL_SPAM_LONG(0.94)[0.936,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[aim.com]; ASN(0.00)[asn:36646, ipnet:66.163.184.0/21, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.00)[ip: (4.34), ipnet: 66.163.184.0/21(1.23), asn: 36646(0.98), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 23:52:40 -0000 On Thu, 21 Nov 2019 15:09:48 -0800 Walter Parker wrote: > > > > > > Message: 3 > > Date: Thu, 21 Nov 2019 10:41:40 +0100 > > From: Julien Cigar > > To: freebsd-questions@freebsd.org > > Subject: SSH certificates > > Message-ID: <20191121094140.GA1374@p52s> > > Content-Type: text/plain; charset=utf-8 > > > > Hello, > > > > I'd like to setup an automated mechanism to replace SSH keys and > > autorized_keys management with SSH certificates. Basically every member > > of the team who arrives in the morning should authenticate to an > > authority (some daemon in a very secure jail which implement a local CA > > + key sign) and should receive back a signed certificate with a validity > > period of x hours. > > > > After digging a little I found https://smallstep.com/certificates/ > > and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm > > wondering if there were others similar tools ..? > > > > Thanks! > > > > Julien > > > > > > -- > > Julien Cigar > > Belgian Biodiversity Platform (http://www.biodiversity.be) > > PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 > > No trees were killed in the creation of this message. > > However, many electrons were terribly inconvenienced. > > > > > > Look at https://github.com/gravitational/teleport > (The source build should work on FreeBSD) > > it is a full security gateway. It uses SSH certificates. > > Or BLESS from Netflix > https://github.com/Netflix/bless > > It uses an AWS Lambda function to sign SSH public keys. > > > Walter > > -- > The greatest dangers to liberty lurk in insidious encroachment by men > of zeal, well-meaning but without understanding. -- Justice Louis D. > Brandeis > _______________________________________________ This sounds like replacing Kerberos with SSH. The functionality desired was implemented in Kerberos years ago. From owner-freebsd-questions@freebsd.org Fri Nov 22 01:25:13 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F39871A8A2D for ; Fri, 22 Nov 2019 01:25:12 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JzJ76X3Rz4CC2 for ; Fri, 22 Nov 2019 01:25:11 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qk1-x733.google.com with SMTP id m125so4887202qkd.8 for ; Thu, 21 Nov 2019 17:25:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=58Hq9acfsg0ehycNEo5P7ownZspOg3d9KL9FtAeomUQ=; b=f15rfhu0VJUv1nQb6UBfHQ/95KYmjI8YGu6XmRkfCcXTb5VgMzHB4md1GhlxRY8cKq S/HHK46KBIE/EFyBrk9T2D3n96KOn+2VM3sj6q1//NmdQFQs9fPYnt90GOLJ86ykD8O9 AqdGFMwWpORaCiedYqr/2s0OdJzPkzInc7OvHy4/9uYRFOm6EFOGhTJgCk7AGH+xBeGw QXG0zXBvL5fm/sSQzkzzRlas/mEaHBAhiHNZFYmyr9Qssz6fXsGNuRi6ua6T4Wi4bCNc Zzm00WofJGh6x1XkT7DCpoItCFVA7i6sJ1+9m/yrIngphDlEhOqYAPbIkYAkmdG9EdrL OlKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=58Hq9acfsg0ehycNEo5P7ownZspOg3d9KL9FtAeomUQ=; b=Y2dN+AISzUvlylBNCS8HIdVHmKdrjV8mx82PQy8lS+8msdc5V2+l9HnZ9cw2i9T1sY sVA7ni/SErkAL/W9dIuTGQKxneHuGWwoBZZCPRSh4HxJExYm/UHCBTyFq0eihZPfy0ik R5+1OTEotqxY3Ao4Pqb7iM+Si/DCN4B1mfXXDPazHOPeGUBgB20Ny0sqpkSaUnSp8ZOV PqV17ocqr/kFX6qmSiyb3Om8isKcKZbYd+lhXCprCe+ERiFL/z9Ewz31Kf5oyFZJhscS RPgHHU1CyE9H8HnlOA05Qmnr19G8IV8ZonlVU4LJB1nZ3Bbcebx+aCpLnAdnZQo0G0Mm vRKA== X-Gm-Message-State: APjAAAXsAiJDTz/MqWQUQs6Ud3/skfddwrhn9faiQBlMDB/zLxFm+mhm YoM0KAkRnxGsr2LsNDtlH2oPsGBQtNVnxDbxzza10g== X-Google-Smtp-Source: APXvYqwv4QUkPCIF81jBghii1jPls3LUEIpKBx8EA3VnQl7yVwcLyyYVLnZfwPBVmPZ7/JZhodd+d1iZbSvpmh0Ytv4= X-Received: by 2002:a37:7443:: with SMTP id p64mr11033915qkc.460.1574385910462; Thu, 21 Nov 2019 17:25:10 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Michael Sierchio Date: Thu, 21 Nov 2019 17:24:34 -0800 Message-ID: Subject: Re: SSH certificates To: Walter Parker Cc: FreeBSD Questions X-Rspamd-Queue-Id: 47JzJ76X3Rz4CC2 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623 header.b=f15rfhu0; dmarc=none; spf=none (mx1.freebsd.org: domain of kudzu@tenebras.com has no SPF policy when checking 2607:f8b0:4864:20::733) smtp.mailfrom=kudzu@tenebras.com X-Spamd-Result: default: False [-4.01 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[tenebras.com]; URI_COUNT_ODD(1.00)[21]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[3.3.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-2.71)[ip: (-9.24), ipnet: 2607:f8b0::/32(-2.29), asn: 15169(-1.97), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 01:25:13 -0000 Check out https://github.com/uber/pam-ussh There was a problem with porting it to FreeBSD a few years ago, and I don't remember the issue, but it should probably work now. On Thu, Nov 21, 2019 at 3:10 PM Walter Parker wrote: > > > > > > Message: 3 > > Date: Thu, 21 Nov 2019 10:41:40 +0100 > > From: Julien Cigar > > To: freebsd-questions@freebsd.org > > Subject: SSH certificates > > Message-ID: <20191121094140.GA1374@p52s> > > Content-Type: text/plain; charset=3Dutf-8 > > > > Hello, > > > > I'd like to setup an automated mechanism to replace SSH keys and > > autorized_keys management with SSH certificates. Basically every member > > of the team who arrives in the morning should authenticate to an > > authority (some daemon in a very secure jail which implement a local CA > > + key sign) and should receive back a signed certificate with a validit= y > > period of x hours. > > > > After digging a little I found https://smallstep.com/certificates/ > > and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm > > wondering if there were others similar tools ..? > > > > Thanks! > > > > Julien > > > > > > -- > > Julien Cigar > > Belgian Biodiversity Platform (http://www.biodiversity.be) > > PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 > > No trees were killed in the creation of this message. > > However, many electrons were terribly inconvenienced. > > > > > > Look at https://github.com/gravitational/teleport > (The source build should work on FreeBSD) > > it is a full security gateway. It uses SSH certificates. > > Or BLESS from Netflix > https://github.com/Netflix/bless > > It uses an AWS Lambda function to sign SSH public keys. > > > Walter > > -- > The greatest dangers to liberty lurk in insidious encroachment by men > of zeal, well-meaning but without understanding. -- Justice Louis D. > Brandeis > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata From owner-freebsd-questions@freebsd.org Fri Nov 22 01:27:22 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 919BE1A8CA1 for ; Fri, 22 Nov 2019 01:27:22 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JzLd5Z7Xz4CLM for ; Fri, 22 Nov 2019 01:27:21 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qt1-x832.google.com with SMTP id q8so3340369qtr.10 for ; Thu, 21 Nov 2019 17:27:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=X6eiOOnRDMLSC/lPMZgQwe5tO90fyay0j2vajI/6P0o=; b=yHhzUQDUHaqGjiRUIPeainh9q6NRUk8uDEI+fzo5iuhf5el707pyc4hwrFpQKrGDuQ /0QmzVnWJfqQXqrxMEzAm/DaG1d/LphgyK4+/BXkkmZP8bp64NqFimMPdcYf6mKz8e/Q 9GRToVm1Fr6cPexFQxqYZ1IHxdi2ZlM9LRDM3aOmFCaygnRADeZqTt5xO4N6O+4Bn+lo BtsHxbkCgquzcIODzrZguurCRiTq3wDjhEzPDmSlI15z/ePe5oWQO0/VFKLan59X9Zy7 cMG2+n6GWOU1Lrhw17pn4yf2CPtTINsVYMTzpfi21qk+aKyJJsGAq5gNkir/keqA5vFS xAeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=X6eiOOnRDMLSC/lPMZgQwe5tO90fyay0j2vajI/6P0o=; b=My0OAqdvyk0nriaX/AvcYqpisA4/361oLdpFYgIzBSCWpmvxHwu/+TwcNNZonofUQr gIKTFsmE7tUvCdedrOlnbhBU54I9ZpuEAlK+t6byCM7loVOPPAAuYIeVKNcNrO1vGrn5 frizrlX18bc2T8JUUvM5i8baThEv+Djn5Ksg0WW/UysPP3Jk4vEcAIyXa+X9saNXbQmz l71hVSp4fKfFPH+inR2hx358ryy+MzYmnskr0nwmU6N0EMx9z/1xQM1h+R/Oco2hiAtZ 7Kn3agnWhZKAgaiJp+79t6wXQq2Ic2MjRrSTnJOn3lVsYeh3XPtu0CAVKIT3qWobzV94 xZBw== X-Gm-Message-State: APjAAAUP7BgIbNrVEvdcdh3GJLSoRorCK0Xk18hawcK7uH9K1VHmwO2O 8N+usT6rbcN8s8EqacfsSUKupP0cHLxCCd1/Ew7ryQ== X-Google-Smtp-Source: APXvYqzIB3SRnKRFgyH2jWAkjsaGOu2JxPqoE5XH7p9Iv5tKIJ9QxA5/n4AQr09iR4fljRsHzKT8fn7yn7ariwSHOXA= X-Received: by 2002:ac8:7a92:: with SMTP id x18mr5737382qtr.123.1574386040377; Thu, 21 Nov 2019 17:27:20 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Michael Sierchio Date: Thu, 21 Nov 2019 17:26:44 -0800 Message-ID: Subject: Re: SSH certificates To: Walter Parker Cc: FreeBSD Questions X-Rspamd-Queue-Id: 47JzLd5Z7Xz4CLM X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623 header.b=yHhzUQDU; dmarc=none; spf=none (mx1.freebsd.org: domain of kudzu@tenebras.com has no SPF policy when checking 2607:f8b0:4864:20::832) smtp.mailfrom=kudzu@tenebras.com X-Spamd-Result: default: False [-5.04 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[tenebras.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2.3.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-2.74)[ip: (-9.37), ipnet: 2607:f8b0::/32(-2.29), asn: 15169(-1.97), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 01:27:22 -0000 Key signing is a solution to a different problem. The request is for strong auth to a CA which issues a time-limited SSH certificate with an ephemeral key. On Thu, Nov 21, 2019 at 3:10 PM Walter Parker wrote: > > > > > > Message: 3 > > Date: Thu, 21 Nov 2019 10:41:40 +0100 > > From: Julien Cigar > > To: freebsd-questions@freebsd.org > > Subject: SSH certificates > > Message-ID: <20191121094140.GA1374@p52s> > > Content-Type: text/plain; charset=3Dutf-8 > > > > Hello, > > > > I'd like to setup an automated mechanism to replace SSH keys and > > autorized_keys management with SSH certificates. Basically every member > > of the team who arrives in the morning should authenticate to an > > authority (some daemon in a very secure jail which implement a local CA > > + key sign) and should receive back a signed certificate with a validit= y > > period of x hours. > > > > After digging a little I found https://smallstep.com/certificates/ > > and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm > > wondering if there were others similar tools ..? > > > > Thanks! > > > > Julien > > > > > > -- > > Julien Cigar > > Belgian Biodiversity Platform (http://www.biodiversity.be) > > PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 > > No trees were killed in the creation of this message. > > However, many electrons were terribly inconvenienced. > > > > > > Look at https://github.com/gravitational/teleport > (The source build should work on FreeBSD) > > it is a full security gateway. It uses SSH certificates. > > Or BLESS from Netflix > https://github.com/Netflix/bless > > It uses an AWS Lambda function to sign SSH public keys. > > > Walter > > -- > The greatest dangers to liberty lurk in insidious encroachment by men > of zeal, well-meaning but without understanding. -- Justice Louis D. > Brandeis > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata From owner-freebsd-questions@freebsd.org Fri Nov 22 08:23:01 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6919C1B16BB for ; Fri, 22 Nov 2019 08:23:01 +0000 (UTC) (envelope-from SRS0=RgOT=ZO=mail.sermon-archive.info=doug@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id 47K8ZD5C6Wz4VXZ for ; Fri, 22 Nov 2019 08:23:00 +0000 (UTC) (envelope-from SRS0=RgOT=ZO=mail.sermon-archive.info=doug@sermon-archive.info) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 47K8ZB2pg6z2fjRy for ; Fri, 22 Nov 2019 00:22:58 -0800 (PST) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Linking to a static library and replacing modules Message-Id: Date: Fri, 22 Nov 2019 00:22:58 -0800 To: FreeBSD Questions X-Mailer: Apple Mail (2.3445.104.11) X-Virus-Scanned: clamav-milter 0.101.4 at mail X-Virus-Status: Clean X-Rspamd-Queue-Id: 47K8ZD5C6Wz4VXZ X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of SRS0=RgOT=ZO=mail.sermon-archive.info=doug@sermon-archive.info designates 71.177.216.148 as permitted sender) smtp.mailfrom=SRS0=RgOT=ZO=mail.sermon-archive.info=doug@sermon-archive.info X-Spamd-Result: default: False [-1.38 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.969,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:71.177.216.148]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-0.91)[-0.912,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-0.10)[asn: 5650(-0.46), country: US(-0.05)]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[148.216.177.71.list.dnswl.org : 127.0.10.0]; MV_CASE(0.50)[]; FORGED_SENDER(0.30)[bc979@lafn.org,SRS0=RgOT=ZO=mail.sermon-archive.info=doug@sermon-archive.info]; RCVD_NO_TLS_LAST(0.10)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5650, ipnet:71.177.216.0/23, country:US]; FROM_NEQ_ENVFROM(0.00)[bc979@lafn.org,SRS0=RgOT=ZO=mail.sermon-archive.info=doug@sermon-archive.info]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 08:23:01 -0000 I have a collections of modules linked into a static library. These are = called from other modules compiled separately from the library. There = are 3 stub modules in the library. The point was that they are called = by other modules in the library. Often an application need to replace = one or more of the stubs with a module that does some real work. In the = past the loader just linked the new modules in place of the old one. = However, now it seems to be a bit more random. I have one program where = it links the way I want. Others the loader returns a duplicate symbol = error and dies. I can't find any differences between those two = situations. For the time being, I removed the 3 stubs from the library = and force the users to include them. It works, but it is not elegant. =20= How do you build a library such that lld will replace modules in the = library if there is a replacement in the user's code? I found a few = things that appear to be more Linux based and tried them. None of them = worked. I am using FreeBSD 12.1. -- Doug From owner-freebsd-questions@freebsd.org Fri Nov 22 09:35:17 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DF83E1B30EC for ; Fri, 22 Nov 2019 09:35:17 +0000 (UTC) (envelope-from SRS0=Qo/I=ZO=perdition.city=julien@bebif.be) Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90]) by mx1.freebsd.org (Postfix) with ESMTP id 47KB9d0Bpqz4YdQ for ; Fri, 22 Nov 2019 09:35:16 +0000 (UTC) (envelope-from SRS0=Qo/I=ZO=perdition.city=julien@bebif.be) Received: from p52s (unknown [10.209.1.101]) by orval.bbpf.belspo.be (Postfix) with ESMTPS id 3E2521D5033C; Fri, 22 Nov 2019 10:35:15 +0100 (CET) Date: Fri, 22 Nov 2019 10:35:14 +0100 From: Julien Cigar To: Dave Cottlehuber Cc: freebsd-questions Subject: Re: SSH certificates Message-ID: <20191122093514.GB1402@p52s> References: <20191121094140.GA1374@p52s> <6cd8c401-8867-4a8c-be8f-e2d2a69c740f@www.fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <6cd8c401-8867-4a8c-be8f-e2d2a69c740f@www.fastmail.com> User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47KB9d0Bpqz4YdQ X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=Qo/I=ZO=perdition.city=julien@bebif.be designates 193.191.208.90 as permitted sender) smtp.mailfrom=SRS0=Qo/I=ZO=perdition.city=julien@bebif.be X-Spamd-Result: default: False [-4.48 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[perdition.city]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[90.208.191.193.list.dnswl.org : 127.0.10.0]; IP_SCORE(-3.08)[ip: (-9.21), ipnet: 193.191.192.0/19(-4.60), asn: 2611(-1.56), country: BE(-0.01)]; FORGED_SENDER(0.30)[julien@perdition.city,SRS0=Qo/I=ZO=perdition.city=julien@bebif.be]; RCVD_NO_TLS_LAST(0.10)[]; R_DKIM_NA(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE]; FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=Qo/I=ZO=perdition.city=julien@bebif.be]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 09:35:17 -0000 On Thu, Nov 21, 2019 at 12:59:51PM +0100, Dave Cottlehuber wrote: > > > On Thu, 21 Nov 2019, at 10:41, Julien Cigar wrote: > > Hello, > > > > I'd like to setup an automated mechanism to replace SSH keys and > > autorized_keys management with SSH certificates. Basically every member > > of the team who arrives in the morning should authenticate to an > > authority (some daemon in a very secure jail which implement a local CA > > + key sign) and should receive back a signed certificate with a validity > > period of x hours. > > > > After digging a little I found https://smallstep.com/certificates/ > > and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm > > wondering if there were others similar tools ..? > > > > Thanks! > > You can do all of that manually and there is a very nice book that covers it in ssh mastery or go through these > > https://man.openbsd.org/ssh-keygen#CERTIFICATES > https://blog.habets.se/2011/07/OpenSSH-certificates.html > Thank you, I know I can do that manually but I was looking for a lightweight existing solution: clients should be able to auth through CLI or through a web portal for example (and I don't have time to redevelop those unfortunately..) > smallstep is very nice and I’ve considered packaging it. At work we use vault extensively and I haven’t used it for this purpose but it should do very nicely https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html and it’s already in ports. > Vault was already on my TODO list, I'll put it on top :) > Personally I am not keen on having such a large trust perimeter but it will likely depend on your preference for automation vs convenience. > ATM I'm managing authorized_keys with Saltstack, it works but it's far from practical.. > A+ > Dave > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. From owner-freebsd-questions@freebsd.org Fri Nov 22 09:35:48 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 938961B31C1 for ; Fri, 22 Nov 2019 09:35:48 +0000 (UTC) (envelope-from SRS0=Qo/I=ZO=perdition.city=julien@bebif.be) Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90]) by mx1.freebsd.org (Postfix) with ESMTP id 47KBBC65Lwz4Yk1 for ; Fri, 22 Nov 2019 09:35:47 +0000 (UTC) (envelope-from SRS0=Qo/I=ZO=perdition.city=julien@bebif.be) Received: from p52s (unknown [10.209.1.101]) by orval.bbpf.belspo.be (Postfix) with ESMTPS id 6046C1D50344; Fri, 22 Nov 2019 10:35:47 +0100 (CET) Date: Fri, 22 Nov 2019 10:35:46 +0100 From: Julien Cigar To: Walter Parker Cc: freebsd-questions@freebsd.org Subject: Re: SSH certificates Message-ID: <20191122093546.GC1402@p52s> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47KBBC65Lwz4Yk1 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=Qo/I=ZO=perdition.city=julien@bebif.be designates 193.191.208.90 as permitted sender) smtp.mailfrom=SRS0=Qo/I=ZO=perdition.city=julien@bebif.be X-Spamd-Result: default: False [-4.46 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[perdition.city]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[90.208.191.193.list.dnswl.org : 127.0.10.0]; IP_SCORE(-3.06)[ip: (-9.17), ipnet: 193.191.192.0/19(-4.58), asn: 2611(-1.56), country: BE(-0.01)]; FORGED_SENDER(0.30)[julien@perdition.city,SRS0=Qo/I=ZO=perdition.city=julien@bebif.be]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_NO_TLS_LAST(0.10)[]; R_DKIM_NA(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE]; FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=Qo/I=ZO=perdition.city=julien@bebif.be]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 09:35:48 -0000 On Thu, Nov 21, 2019 at 03:09:48PM -0800, Walter Parker wrote: > > > > > > Message: 3 > > Date: Thu, 21 Nov 2019 10:41:40 +0100 > > From: Julien Cigar > > To: freebsd-questions@freebsd.org > > Subject: SSH certificates > > Message-ID: <20191121094140.GA1374@p52s> > > Content-Type: text/plain; charset=utf-8 > > > > Hello, > > > > I'd like to setup an automated mechanism to replace SSH keys and > > autorized_keys management with SSH certificates. Basically every member > > of the team who arrives in the morning should authenticate to an > > authority (some daemon in a very secure jail which implement a local CA > > + key sign) and should receive back a signed certificate with a validity > > period of x hours. > > > > After digging a little I found https://smallstep.com/certificates/ > > and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm > > wondering if there were others similar tools ..? > > > > Thanks! > > > > Julien > > > > > > -- > > Julien Cigar > > Belgian Biodiversity Platform (http://www.biodiversity.be) > > PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 > > No trees were killed in the creation of this message. > > However, many electrons were terribly inconvenienced. > > > > > > Look at https://github.com/gravitational/teleport > (The source build should work on FreeBSD) thanks, I'll take a look at it! > > it is a full security gateway. It uses SSH certificates. > > Or BLESS from Netflix > https://github.com/Netflix/bless > > It uses an AWS Lambda function to sign SSH public keys. > > > Walter > > -- > The greatest dangers to liberty lurk in insidious encroachment by men > of zeal, well-meaning but without understanding. -- Justice Louis D. > Brandeis > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. From owner-freebsd-questions@freebsd.org Fri Nov 22 09:38:06 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C174D1B3370 for ; Fri, 22 Nov 2019 09:38:06 +0000 (UTC) (envelope-from SRS0=Qo/I=ZO=perdition.city=julien@bebif.be) Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90]) by mx1.freebsd.org (Postfix) with ESMTP id 47KBDs6Ncsz4Yqw for ; Fri, 22 Nov 2019 09:38:05 +0000 (UTC) (envelope-from SRS0=Qo/I=ZO=perdition.city=julien@bebif.be) Received: from p52s (unknown [10.209.1.101]) by orval.bbpf.belspo.be (Postfix) with ESMTPS id 372771D50345; Fri, 22 Nov 2019 10:38:05 +0100 (CET) Date: Fri, 22 Nov 2019 10:38:04 +0100 From: Julien Cigar To: Michael Sierchio Cc: Walter Parker , FreeBSD Questions Subject: Re: SSH certificates Message-ID: <20191122093804.GD1402@p52s> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47KBDs6Ncsz4Yqw X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=Qo/I=ZO=perdition.city=julien@bebif.be designates 193.191.208.90 as permitted sender) smtp.mailfrom=SRS0=Qo/I=ZO=perdition.city=julien@bebif.be X-Spamd-Result: default: False [-4.45 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[perdition.city]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[90.208.191.193.list.dnswl.org : 127.0.10.0]; IP_SCORE(-3.05)[ip: (-9.13), ipnet: 193.191.192.0/19(-4.56), asn: 2611(-1.55), country: BE(-0.01)]; FORGED_SENDER(0.30)[julien@perdition.city,SRS0=Qo/I=ZO=perdition.city=julien@bebif.be]; RCVD_NO_TLS_LAST(0.10)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE]; MID_RHS_NOT_FQDN(0.50)[]; FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=Qo/I=ZO=perdition.city=julien@bebif.be]; FREEMAIL_CC(0.00)[gmail.com] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 09:38:06 -0000 On Thu, Nov 21, 2019 at 05:26:44PM -0800, Michael Sierchio wrote: > Key signing is a solution to a different problem. The request is for > strong auth to a CA which issues a time-limited SSH certificate with an > ephemeral key. Indeed, that's exactly what I'm looking for. Kerberos is complementary >=20 > On Thu, Nov 21, 2019 at 3:10 PM Walter Parker wrote: >=20 > > > > > > > > > Message: 3 > > > Date: Thu, 21 Nov 2019 10:41:40 +0100 > > > From: Julien Cigar > > > To: freebsd-questions@freebsd.org > > > Subject: SSH certificates > > > Message-ID: <20191121094140.GA1374@p52s> > > > Content-Type: text/plain; charset=3Dutf-8 > > > > > > Hello, > > > > > > I'd like to setup an automated mechanism to replace SSH keys and > > > autorized_keys management with SSH certificates. Basically every memb= er > > > of the team who arrives in the morning should authenticate to an > > > authority (some daemon in a very secure jail which implement a local = CA > > > + key sign) and should receive back a signed certificate with a valid= ity > > > period of x hours. > > > > > > After digging a little I found https://smallstep.com/certificates/ > > > and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm > > > wondering if there were others similar tools ..? > > > > > > Thanks! > > > > > > Julien > > > > > > > > > -- > > > Julien Cigar > > > Belgian Biodiversity Platform (http://www.biodiversity.be) > > > PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 > > > No trees were killed in the creation of this message. > > > However, many electrons were terribly inconvenienced. > > > > > > > > > > Look at https://github.com/gravitational/teleport > > (The source build should work on FreeBSD) > > > > it is a full security gateway. It uses SSH certificates. > > > > Or BLESS from Netflix > > https://github.com/Netflix/bless > > > > It uses an AWS Lambda function to sign SSH public keys. > > > > > > Walter > > > > -- > > The greatest dangers to liberty lurk in insidious encroachment by men > > of zeal, well-meaning but without understanding. -- Justice Louis D. > > Brandeis > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" > > >=20 >=20 > --=20 >=20 > "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool i= s no > wiser, but an intelligent person requires only two thousand five hundred." >=20 > - The Mah=C4=81bh=C4=81rata > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. From owner-freebsd-questions@freebsd.org Fri Nov 22 17:00:15 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 334EE1BC2BB for ; Fri, 22 Nov 2019 17:00:15 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 47KN322xcZz40MM for ; Fri, 22 Nov 2019 17:00:14 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) (Authenticated sender: galtsev) by kicp.uchicago.edu (Postfix) with ESMTPSA id A210C4E632 for ; Fri, 22 Nov 2019 11:00:13 -0600 (CST) To: FreeBSD Mailing List From: Valeri Galtsev Subject: DHCP server failover: advise is needed Message-ID: <53102df9-ca90-6338-7ff2-c370a42c690e@kicp.uchicago.edu> Date: Fri, 22 Nov 2019 11:00:13 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47KN322xcZz40MM X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu (policy=none); spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu X-Spamd-Result: default: False [-1.55 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; NEURAL_HAM_MEDIUM(-0.95)[-0.948,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.87)[-0.867,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.16)[ip: (0.45), ipnet: 128.135.0.0/16(0.22), asn: 160(0.18), country: US(-0.05)]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 17:00:15 -0000 Dear Experts, I was running ISC DHCP server for longer than I would care to remember. Now I decided to climb out of the cave and configure failover set (primary-secondary), and I seem to hit brick wall, which I need help with. I only need IP v4, no v6, which may simplify things. Could someone point to description of working DHCP failover configuration? I do not want to make two independent DHCP servers handling half of the pool each. We are not that rich as far as IP space is concerned. I am not married to ISC DHCP server, so any one I can run on FreeBSD will do, because: My current configuration is something that was gradually migrated and/or adjusted through several generations of systems, and server versions over the years. It works. When I tried to incorporate what I need for failover following ISC documentation, and some people's guides, I discovered, I need more sophisticated structure of sections and subsections, which I figured out finally. But the annoying part was: in ISC documentation there is no general stricture of which section can appear inside which; like: a { b { c { } } } You can create each of sections/subsections following documentation, but to put them together making consistent config file you (I at least) have to figure on your own which section goes inside of which. So, I am not married to ISC DHCP server, we didn't get along now as far as my use of documentation is concerned. Anything that works - with failover! - on FreeBSD will be great. Thanks in advance for all your answers! Valeri -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Fri Nov 22 17:49:31 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BA4121BD009 for ; Fri, 22 Nov 2019 17:49:31 +0000 (UTC) (envelope-from kab00m@lich.phys.spbu.ru) Received: from skeleton.phys.spbu.ru (skeleton.phys.spbu.ru [195.19.241.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47KP7t088Dz42c5 for ; Fri, 22 Nov 2019 17:49:28 +0000 (UTC) (envelope-from kab00m@lich.phys.spbu.ru) Received: from skeleton.phys.spbu.ru (localhost [127.0.0.1]) by skeleton.phys.spbu.ru (Postfix) with ESMTP id 665F8902E0 for ; Fri, 22 Nov 2019 20:49:19 +0300 (MSK) (envelope-from kab00m@lich.phys.spbu.ru) Received: from [10.4.4.236] (unknown [91.108.27.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by skeleton.phys.spbu.ru (Postfix) with ESMTPSA id 20114902C2 for ; Fri, 22 Nov 2019 20:49:19 +0300 (MSK) (envelope-from kab00m@lich.phys.spbu.ru) Subject: Re: DHCP server failover: advise is needed To: freebsd-questions@freebsd.org References: <53102df9-ca90-6338-7ff2-c370a42c690e@kicp.uchicago.edu> From: Dima Veselov Message-ID: <943ea22c-ce4d-e6d0-2ee6-21dea3af075d@lich.phys.spbu.ru> Date: Fri, 22 Nov 2019 20:49:18 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <53102df9-ca90-6338-7ff2-c370a42c690e@kicp.uchicago.edu> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Rspamd-Queue-Id: 47KP7t088Dz42c5 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of kab00m@lich.phys.spbu.ru has no SPF policy when checking 195.19.241.202) smtp.mailfrom=kab00m@lich.phys.spbu.ru X-Spamd-Result: default: False [1.03 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.12)[-0.117,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_LONG(0.24)[0.244,0]; DMARC_NA(0.00)[spbu.ru]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5495, ipnet:195.19.241.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.00)[country: RU(0.01)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 17:49:31 -0000 On 22.11.2019 20:00, Valeri Galtsev wrote: I had been in same situation as you described, my advice may be handy. > Could someone point to description of working DHCP failover configuration? I used https://kb.isc.org/docs/aa-00502 as an instruction. > I do not want to make two independent DHCP servers handling half of the > pool each. We are not that rich as far as IP space is concerned. > I am not married to ISC DHCP server, so any one I can run on FreeBSD > will do, because: > > > My current configuration is something that was gradually migrated and/or > adjusted through several generations of systems, and server versions > over the years. It works. When I tried to incorporate what I need for > failover following ISC documentation, and some people's guides, I > discovered, I need more sophisticated structure of sections and > subsections, which I figured out finally. But the annoying part was: in > ISC documentation there is no general stricture of which section can > appear inside which; like: Basically, ISC DHCPD allow described structures and nothing more. Being on your side I had to do some work like moving static hosts in main config and reorganize subnets. This seemed noisy but appeared quite easy. For detailed advice we need to see your config or questionable parts of it. > So, I am not married to ISC DHCP server, we didn't get along now as far > as my use of documentation is concerned. Anything that works - with > failover! - on FreeBSD will be great. I can email you my own working configuration. General advice - try to make configuration as plain as it might be. If you have working subnets with working pools you just add failover peer and it start working. -- Dima Veselov Physics R&D Establishment of Saint-Petersburg University From owner-freebsd-questions@freebsd.org Sat Nov 23 08:17:58 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2F8601AE552 for ; Sat, 23 Nov 2019 08:17:58 +0000 (UTC) (envelope-from kappei84@gmail.com) Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47KmPx1t8lz3HVl for ; Sat, 23 Nov 2019 08:17:57 +0000 (UTC) (envelope-from kappei84@gmail.com) Received: by mail-wr1-x431.google.com with SMTP id i12so11364029wro.5 for ; Sat, 23 Nov 2019 00:17:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=fzctgln4S3iie54KwiXJv26tT35jkKMHGtnu9nG5G40=; b=RuYcqkI9e0jE0V0yHYhI5FjesHy7iriiAuKqICGozdyhOIR9Isg3/3nKU+PxvQhkuP Y4V4jD6CKyvepKNIxvmT3zQdjGwHjKHp8y8k6Oc32gVaixBQTrMJL2WWEbrZC86/uuJE FSYdRcWU7deUUq9Z+BmAXkdzvxcNdmGS2lFa2CQodaoaELFAAB+Ta0L9RqBbM2nhidJK 9uCTCeSgcOTaoZh3qdqTIwLD6A4XofBzlDXwBmP7G2hZN4q+cY/Ew7d92zvfSQWZrWl4 Py0h8cSYyu5zBq3A6URSSTlH6Z35+iqwp0rwm+8tj4cqBMGRKMtornlsHNnZRG0mK0td CydA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=fzctgln4S3iie54KwiXJv26tT35jkKMHGtnu9nG5G40=; b=N33aLnMBW8VUDp2PCKuoNjnUNWPrFO2k0Y+eZ2UW31QZ1aloSEgV+g4VzioILIbCRv L1de9b2adamZQcwk+S/L+VeuaJBSC14/zHBJyJQN8HYVRqLWJO2GkpOrdg4lhA+9FgNM Gmmr9IcKuyijjHbjNvl51JCNnNmm8PGUOqEpbqZBeUYIl2H+alyxRm28SNLsTolcoHV2 i775FlTTR4oPvbRJ00XnpHTDOyECEWuSj2Yr/Rn52pj7b6FiJpsNCRk72119nY53qQzV A0PLQ5T6Nn0gzSmcPQrdrNLcC74mSrIMjI3pyS3k7joE3o7Xj4WfYqiQgAD38b06zy2Y 8nPw== X-Gm-Message-State: APjAAAVZxbZrxF03mzRUkXEY4fqB3LUYFJxVwwaDNzng5jG8rzx9od07 VAXlVKw8MNAAW0XIcE2gC8E1l9rqRfHTOt+jl0h0 X-Google-Smtp-Source: APXvYqxPtepKVjQS7iTxGYghbD8FKHexh0e6GRcYdO0lZHY1HzFGqeJcrgQgUhUEbyTQ2szZFhEDs8C8v5tsW44TBuc= X-Received: by 2002:adf:f709:: with SMTP id r9mr20910181wrp.8.1574497075126; Sat, 23 Nov 2019 00:17:55 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Daniele Mazzotti Date: Sat, 23 Nov 2019 09:17:44 +0100 Message-ID: Subject: Fwd: Freebsd 12.1 Virtualbox disks To: freebsd-questions@freebsd.org X-Rspamd-Queue-Id: 47KmPx1t8lz3HVl X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=RuYcqkI9; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of kappei84@gmail.com designates 2a00:1450:4864:20::431 as permitted sender) smtp.mailfrom=kappei84@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; URI_COUNT_ODD(1.00)[3]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.00)[ip: (-8.99), ipnet: 2a00:1450::/32(-2.71), asn: 15169(-1.96), country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[1.3.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 08:17:58 -0000 Hi there, I have noticed a strange thing happening with the vhd and vdmk images for Freebsd 12.1 linked on the official website ( https://download.freebsd.org/ftp/releases/VM-IMAGES/12.1-RELEASE/amd64/Latest/). The File System seems to be full right after a fresh install/config and it is not possible to do anything wise with those images. Is it just me being stupid/I cannot setup a Virtualbox VM or has this also happened to some of you? A while ago I did the same with some Virtualbox images for version 12.0, but I cannot recall having any such problem with them. Thanks in advance for the support. Regards, Daniele. From owner-freebsd-questions@freebsd.org Sat Nov 23 08:44:39 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 15D6E1AF140 for ; Sat, 23 Nov 2019 08:44:39 +0000 (UTC) (envelope-from kappei84@gmail.com) Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Kn0k1sC8z3JmQ for ; Sat, 23 Nov 2019 08:44:37 +0000 (UTC) (envelope-from kappei84@gmail.com) Received: by mail-wr1-x42a.google.com with SMTP id w9so11469322wrr.0 for ; Sat, 23 Nov 2019 00:44:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=m/P/aERn7uoBHfan9rEZVBMfFf0GPB4kCraqdJOymvs=; b=C2Fhrds4Gzqo3L85S1kkDaU815d2eTjg9fFESp9e9UNPMvvjUG7rcwpDGAFsBYmssQ VZ3rDdQze7UyNVpw2LlPYarFmeJVZ2boEZFIUqjRJzNMSuv/se1egE+I+D4Cet9o2Fxj vMN6yAKRV/DwnJMdlDdbdz7/oM7oKq4FKXbG/QEe81EOwgx3TSTh8uHtVxpR7AJVPsw0 0c/tYmwfeCRNFNAxBAspXmTEJVMQx+eMwCyvrht9MNFfLdypVTBSBSfgeYKWGI8HVsuG P4g5F0l8IoNsCrDVcT0tZ2pkUkhkDizXgnRWWCkDXt2vvPce6n6bOn8hmEJkCHPh222a d+mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=m/P/aERn7uoBHfan9rEZVBMfFf0GPB4kCraqdJOymvs=; b=Lem9AvKwSVXFy3DLn0+NOyEdtBf5Uh5DNBhfXu2pVSBdRizt+WB1GQDaDwV/nyKKDz QhOY+s1y5s6BXcBN7jcyRigtDNXcM4hn9D9efMpZ3ltM1KcmNaXHqos7wv6HFaZyxSFU Xmnt6cz8PsI58PEqHvnS12mxbYiNuccKwOeoPoHUoOHBvccRa7PUekC8h+ycvXcphZ5U tWUQY8drfo56WjjvtXEOC329hIHatWSlQb3rQfvnU4PrIr+2CDmEdE3SF5WxgzOXYBkx a1sg8g8/oCXIJwSwn30zPvLtie4nWs8d4FsVFaj2MriChCyU/4+M47Mb01RGvQrSYf0+ /bHw== X-Gm-Message-State: APjAAAWd2tdPz0ATAVC3ysq7gnEP38QWD2bu6ph+k3EkgRc9U9Q9stAx KxJ+y85TYqHGC7gt5DqTxwfIQRnO1nK102ol7u/a X-Google-Smtp-Source: APXvYqy8BAazNA9zqqpO8vN5QWUUL7wxL7EtigsYQGqVZ/cnyR/SxSCczG0TV34XGKHPI9D0V8/PpAZ2tud2sprbPqU= X-Received: by 2002:adf:f290:: with SMTP id k16mr22810120wro.224.1574498675131; Sat, 23 Nov 2019 00:44:35 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Daniele Mazzotti Date: Sat, 23 Nov 2019 09:44:24 +0100 Message-ID: Subject: Re: Freebsd 12.1 Virtualbox disks To: freebsd-questions@freebsd.org X-Rspamd-Queue-Id: 47Kn0k1sC8z3JmQ X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=C2Fhrds4; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of kappei84@gmail.com designates 2a00:1450:4864:20::42a as permitted sender) smtp.mailfrom=kappei84@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; URI_COUNT_ODD(1.00)[3]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.00)[ip: (-9.22), ipnet: 2a00:1450::/32(-2.71), asn: 15169(-1.96), country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[a.2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 08:44:39 -0000 Hi there, just to follow up on that, I just wanted to tell that I now downloaded the vhd file for FBD version 12.0 and the output of df -h looks more promising, that is, only 9% of the disk image is used. Who can I contact to have this verified? Regards, Daniele. Il giorno sab 23 nov 2019 alle ore 09:17 Daniele Mazzotti < kappei84@gmail.com> ha scritto: > Hi there, > > I have noticed a strange thing happening with the vhd and vdmk images for > Freebsd 12.1 linked on the official website ( > https://download.freebsd.org/ftp/releases/VM-IMAGES/12.1-RELEASE/amd64/Latest/). > The File System seems to be full right after a fresh install/config and it > is not possible to do anything wise with those images. Is it just me being > stupid/I cannot setup a Virtualbox VM or has this also happened to some of > you? > > A while ago I did the same with some Virtualbox images for version 12.0, > but I cannot recall having any such problem with them. > > Thanks in advance for the support. > > Regards, > Daniele. > From owner-freebsd-questions@freebsd.org Sat Nov 23 09:50:28 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4D56B1B083A for ; Sat, 23 Nov 2019 09:50:28 +0000 (UTC) (envelope-from herbert@gojira.at) Received: from mail.bsd4all.net (mail.bsd4all.net [IPv6:2a01:4f8:13b:240c::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.bsd4all.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47KpSf2HJHz3Mnf for ; Sat, 23 Nov 2019 09:50:25 +0000 (UTC) (envelope-from herbert@gojira.at) Received: from lap01.home.lan (unknown [IPv6:2a02:1748:f71:380:2170:e3e2:6b69:131d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mail.bsd4all.net (Postfix) with ESMTPSA id 47KpSS45N5zCMg for ; Sat, 23 Nov 2019 10:50:16 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gojira.at; s=mail201809; t=1574502616; bh=DfY69+WennmsS0a/M7oyedJwlnLrgGimDSj9eobz31g=; h=Date:Message-ID:From:To:Subject:MIME-Version:Content-Type; b=bBewfxvU2NTlOCTGrhzDwPN2lPXjQJqyjYbkn98/N7mwKsLJ555RlrOdFXw4pFaiF G8/cqIEcUkBxE58XN4DIfYb8a3EqdC9U6MSKh8pxMqCI7JMvgzCkQCzH2wymPIRdQ9 Wxvvpzr59fz79rKDPHOZ0gId45Bs6gJd0TnjklRuKtJjLqoW5Ttvg2gZain5yNXiAw h4BbHpZi+YHK2gtCMrmOmmIkrG3iF+bd5b1Mg0BOzmU04cQMdybDwymCocIXHQTbzR CZhuyR1hVF5XV8OxLTiPnH3jYzKoHvhGjYMY0x0wnQTEV33sIhGik34VjMPrJ6Npw8 /GgxP8iq++4nA== Date: Sat, 23 Nov 2019 10:50:04 +0100 Message-ID: <874kyu9b1v.wl-herbert@gojira.at> From: "Herbert J. Skuhra" To: freebsd-questions@freebsd.org Subject: Re: Fwd: Freebsd 12.1 Virtualbox disks In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.0 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 47KpSf2HJHz3Mnf X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gojira.at header.s=mail201809 header.b=bBewfxvU; dmarc=none; spf=pass (mx1.freebsd.org: domain of herbert@gojira.at designates 2a01:4f8:13b:240c::25 as permitted sender) smtp.mailfrom=herbert@gojira.at X-Spamd-Result: default: False [-2.29 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[gojira.at:s=mail201809]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a01:4f8:13b:240c::25]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[gojira.at]; DKIM_TRACE(0.00)[gojira.at:+]; MID_CONTAINS_FROM(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-0.79)[ipnet: 2a01:4f8::/29(-2.32), asn: 24940(-1.61), country: DE(-0.01)]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 09:50:28 -0000 On Sat, 23 Nov 2019 09:17:44 +0100, Daniele Mazzotti wrote: > > Hi there, > > I have noticed a strange thing happening with the vhd and vdmk images for > Freebsd 12.1 linked on the official website ( > https://download.freebsd.org/ftp/releases/VM-IMAGES/12.1-RELEASE/amd64/Latest/). > The File System seems to be full right after a fresh install/config and it > is not possible to do anything wise with those images. Is it just me being > stupid/I cannot setup a Virtualbox VM or has this also happened to some of > you? > > A while ago I did the same with some Virtualbox images for version 12.0, > but I cannot recall having any such problem with them. > > Thanks in advance for the support. https://lists.freebsd.org/pipermail/svn-src-all/2019-May/179969.html You have to resize the image file yourself! -- Herbert From owner-freebsd-questions@freebsd.org Sat Nov 23 11:36:37 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E8B7A1B284C for ; Sat, 23 Nov 2019 11:36:37 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Krq91YTfz3xPw for ; Sat, 23 Nov 2019 11:36:36 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-oi1-x22e.google.com with SMTP id a69so1747464oib.2 for ; Sat, 23 Nov 2019 03:36:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5/fPqW4comoh3sWQUamugC6fUNKuUfBQjtcfuC2VUTY=; b=G4eGnofzHvqWO+bUZnXUKtwnpSTqofsxOrP3mk/pMt2kxKT+C8vR5+QpMZW9Jz8OdF 1KgnI3UdJxvffHNacSM3GMtxHxN+gMAZ1/XbBP0qa7QBe0SIaL27M1bhoDf4STNR/ypp 8o5ev9x+MdqvETv+yR3qTAe1Rlz4QLvI6ClEkC2C5JSzVBJOV3FFJVBJSx0wfZDUmpEZ Yu1mD4Xl8Hh9MghLX4vzxJxu0Lzf9y9+1gb0N/BzYvx2G1g42A/oolqBgs3Gw5fhy55J Y7R78IRNUqAsyQQEOcDBvTqN4ZiQkFiCSkKYZTzohIHUW7/czUTFQhkc3jIaODMtk7Bp dVpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5/fPqW4comoh3sWQUamugC6fUNKuUfBQjtcfuC2VUTY=; b=fAmhhI+oiVwWhuoviwg61+VMgHSMXke3NH8fBL0GW480DOYQjJEhXiE+nZk0ZRw1/E rKXGWw6yujqe4JH13PV5pIpM1dHX0Motievp3pWhl87M8Fv3N2NxOILxNHXORhOJM+ID Hmt/fvvpUm+5pwdpAG3HFRA99eNeTx6CdL9U/zWLXNe5uJcuoBrQvTOaVqoyLp+Lg8hN /HhxeTvg4c4gziVus+q1SO7Mj/gee3ffsbaNlqBmXT+giUIyXsoN3f2+1IZ4qmncxP0O K3r8gkKRDaQm6j69zFRrcmSDtxeREpnPafPwzU4y5FRpCsq4XJw8WFiROQAnkCxw9Qaf 1fLA== X-Gm-Message-State: APjAAAXHLhL7xXgL1Mxpr3jXS2mMQaX/s9oyzRktFYXBKnS3AtQzpUKz mBRQgcG9sT52WJLm7Bz1G1+ZJQXcgbE= X-Google-Smtp-Source: APXvYqyGn8qh6O9Z+PV0aQg5d+3vmzUCD3pOfX9fCqfgKwHxh54ANKUb3x6u9Inrwu8ewgaVB/W4GA== X-Received: by 2002:aca:b602:: with SMTP id g2mr15357076oif.7.1574508994839; Sat, 23 Nov 2019 03:36:34 -0800 (PST) Received: from mail-ot1-f48.google.com (mail-ot1-f48.google.com. [209.85.210.48]) by smtp.gmail.com with ESMTPSA id u204sm389794oig.35.2019.11.23.03.36.32 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 23 Nov 2019 03:36:33 -0800 (PST) Received: by mail-ot1-f48.google.com with SMTP id n23so8490580otr.13 for ; Sat, 23 Nov 2019 03:36:32 -0800 (PST) X-Received: by 2002:a9d:7342:: with SMTP id l2mr1274038otk.98.1574508992590; Sat, 23 Nov 2019 03:36:32 -0800 (PST) MIME-Version: 1.0 References: <20191108194652.50c4f8e7c87ec76b9abc6e19@sohara.org> <20191108200005.21a9cdac18587cc36bd7cb01@sohara.org> <20191109154827.42b0b2e1.freebsd@edvax.de> <20191109183356.76307bdc4ab6f0a1f68c0acd@sohara.org> <20191110144830.096ce11b0668dd0721359cfa@sohara.org> In-Reply-To: From: Tomasz CEDRO Date: Sat, 23 Nov 2019 12:36:20 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: 12.1 on Thinkpad - problem making graphics work To: FreeBSD Questions Mailing List Cc: "Steve O'Hara-Smith" , Polytropon , "James E. Pace" X-Rspamd-Queue-Id: 47Krq91YTfz3xPw X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=G4eGnofz; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::22e) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-3.62 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cedro.info]; URI_COUNT_ODD(1.00)[3]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCVD_IN_DNSWL_NONE(0.00)[e.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-2.32)[ip: (-7.33), ipnet: 2607:f8b0::/32(-2.28), asn: 15169(-1.96), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 11:36:38 -0000 For fuk sake! I did a pkg update upgrade and the drm-kmod compiled on 12.1 was replaced by the one built for pkg on 12.0 resulting in boot-mountroot-crash infinite loop again! PLEASE BLACKLIST THAT DRM-KMOD SHIT IN PKG REPO ASAP :-( :-( :-( -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-questions@freebsd.org Sat Nov 23 12:59:17 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4E42C1B4CC3 for ; Sat, 23 Nov 2019 12:59:17 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47KtfW6vL8z42Jx for ; Sat, 23 Nov 2019 12:59:15 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1574513956; x=1577105956; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=1BrWS0OOVTjNkeGq0dfCwcnpoOjv6d4eB82LopGimns=; b=XzrHx/z5fRVHfHxiqfhDqwxKghmLT27j0HRA/WHQ77eRPPGSkDWRAmuj4eJ/I6zk1YS5/uel+RMw0VVos14EbngehdGFUZCmzMUKlvFU7x32MrBBJQ/SPXcD9B1g2DA3khQl9gRKmUE0fuQEh8xDtzM8s1xLlcbirNRmGNeOqTg= X-Thread-Info: NDI1MC4xMi4xYzkwMDAwMDEyNGRmNWYuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r3.us-west-2.aws.in.socketlabs.com (r3.us-west-2.aws.in.socketlabs.com [142.0.190.3]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sat, 23 Nov 2019 07:58:58 -0500 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r3.us-west-2.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sat, 23 Nov 2019 07:58:56 -0500 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iYV01-0000bm-Sn; Sat, 23 Nov 2019 12:58:53 +0000 Date: Sat, 23 Nov 2019 12:58:53 +0000 From: Steve O'Hara-Smith To: Tomasz CEDRO Cc: FreeBSD Questions Mailing List , Polytropon , "James E. Pace" Subject: Re: 12.1 on Thinkpad - problem making graphics work Message-Id: <20191123125853.117ef30d39a3a7cf720d0bda@sohara.org> In-Reply-To: References: <20191108194652.50c4f8e7c87ec76b9abc6e19@sohara.org> <20191108200005.21a9cdac18587cc36bd7cb01@sohara.org> <20191109154827.42b0b2e1.freebsd@edvax.de> <20191109183356.76307bdc4ab6f0a1f68c0acd@sohara.org> <20191110144830.096ce11b0668dd0721359cfa@sohara.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47KtfW6vL8z42Jx X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=XzrHx/z5; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.10.freebsd-questions=freebsd.org@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.10.freebsd-questions=freebsd.org@email-od.com X-Spamd-Result: default: False [-1.71 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.93)[-0.932,0]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; FORGED_SENDER_VERP_SRS(0.00)[]; NEURAL_HAM_LONG(-0.94)[-0.943,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0]; ENVFROM_VERP(0.00)[]; IP_SCORE(0.17)[ip: (-0.40), ipnet: 142.0.176.0/22(0.74), asn: 7381(0.55), country: US(-0.05)]; FORGED_SENDER(0.00)[steve@sohara.org,4250.10.freebsd-questions=freebsd.org@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.10.freebsd-questions=freebsd.org@email-od.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 12:59:17 -0000 Hi, pkg lock is your friend. On Sat, 23 Nov 2019 12:36:20 +0100 Tomasz CEDRO wrote: > For fuk sake! I did a pkg update upgrade and the drm-kmod compiled on 12.1 > was replaced by the one built for pkg on 12.0 resulting in > boot-mountroot-crash infinite loop again! > > PLEASE BLACKLIST THAT DRM-KMOD SHIT IN PKG REPO ASAP :-( :-( :-( > -- Steve O'Hara-Smith From owner-freebsd-questions@freebsd.org Sat Nov 23 13:42:50 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DCA251B6239 for ; Sat, 23 Nov 2019 13:42:50 +0000 (UTC) (envelope-from rizzo@rizzo.eng.br) Received: from server.i805.com.br (mailhost.i805.com.br [50.7.9.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "805 Inform????tica", Issuer "805 Inform????tica" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Kvcn6jbMz44v4 for ; Sat, 23 Nov 2019 13:42:48 +0000 (UTC) (envelope-from rizzo@rizzo.eng.br) Received: from [192.168.0.200] (badda294.virtua.com.br [186.221.162.148] (may be forged)) (authenticated bits=0) by server.i805.com.br (8.15.2/8.15.2) with ESMTPSA id xANDSOfh038471 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 23 Nov 2019 11:29:14 -0200 (-02) (envelope-from rizzo@rizzo.eng.br) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rizzo.eng.br; s=mailhost; t=1574515755; bh=dIYeiaiJhkM61FCyF19NFmeUU8PbyZJpnXtncNrhKyQ=; h=Subject:From:To:Date; b=EglwBvMcmpnx3BqH47QjZY4YUWCDniw9pVz7/KQaVDHhfN7o8OaUSTH4qNO0vbpQs 9zmxQbcO4g872pgTZfES3biWwkrSWS1Q4ORMDlhC7emab9kTsbfqyZORFFgmlRMHpJ hEEPWTYxjJ8hHiquEeX+xR6xtpIDopTWqoOfJAacjG+Vmu0tNgi1SuDpNLvKVQZ7yl EL07CttgoJm8qWhXwzTnKkPvzHQTwOU6NHmj/IhfbETbmsNWV5uxgPz8WXICuOSF4p VAB8cIHzoNZIahmxQcSkEvzJhUDcLbNo6jGuv14GP5F1H9QIUIToFb4jyschRp/OCr 07ZIFmFMOPqBQ== Message-ID: Subject: Where the best place to question about feature From: Nilton Jose Rizzo To: freebsd-questions@freebsd.org Date: Sat, 23 Nov 2019 10:41:31 -0300 Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,HELO_MISC_IP,RDNS_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server.i805.com.br X-Rspamd-Queue-Id: 47Kvcn6jbMz44v4 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=rizzo.eng.br header.s=mailhost header.b=EglwBvMc; dmarc=none; spf=none (mx1.freebsd.org: domain of rizzo@rizzo.eng.br has no SPF policy when checking 50.7.9.75) smtp.mailfrom=rizzo@rizzo.eng.br X-Spamd-Result: default: False [-0.61 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[rizzo.eng.br:s=mailhost]; NEURAL_HAM_MEDIUM(-0.45)[-0.452,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.68)[-0.677,0]; DMARC_NA(0.00)[rizzo.eng.br]; DKIM_TRACE(0.00)[rizzo.eng.br:+]; IP_SCORE(0.32)[asn: 174(1.64), country: US(-0.05)]; R_SPF_NA(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[148.162.221.186.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:174, ipnet:50.7.8.0/21, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 13:42:50 -0000 Hi all I'm have a quenstion about getopt_long functionality, where the best place to send my question? I'm trying use a getopt_long and get a fuzzy operation with an optional argument. Look at git@gitlab.com:ufrrj/disciplinas/IC501.git the source code are in src/C++ or src/C directory getopt_long.{c,cpp} when I run with this command line: % clang getopt_long.c -o getopt_long % ./getopt_long Retorno: 1 : % ./getopt_long -h Retorno: 0 : % ./getopt_long -h d Help: d : Retorno: 1 : % ./getopt_long --help Segmentation fault (core dumped) % ./getopt_long --help= Help: : Retorno: 1 : % My questions is How I detect correct when the optional argument was passed or not TIA -- Nilton José Rizzo From owner-freebsd-questions@freebsd.org Sat Nov 23 13:43:33 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 333391B630C for ; Sat, 23 Nov 2019 13:43:33 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Kvdc4tCxz450R for ; Sat, 23 Nov 2019 13:43:32 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-il1-x142.google.com with SMTP id o18so10008321ils.12 for ; Sat, 23 Nov 2019 05:43:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:cc; bh=TouEW7eAltmIRwUnZEgcbvP5UULEAZCnkJK3BbQqc7w=; b=SMi/3qXfbcV2BCRByEfrdBZZufvIMNSvEm5SaGkDDHEWDfh3Obuffp+Fjh55oj4pWI cTNEnHBLeNJwD+jt71q6mkrjlhmT0h+N2qC2J8sJ0s8fCHLrhXXVklwjUmb6bEsfaYYf mhtRt6zk6hdpoeTD/KxPh4rjhFBf5iP4RDCDOKnx+rx8zrwD4HaRxxXpxxlnTzRRMIsr kwk1T45bcipdMQzto6Mt2sDX//kkVkXOX/FlCRLP1IVb6jxnny/fhVo0GkYEF59uwFbY TyVl7KdTpgKwE/227GruBGoRhOR2W3NaPpX2LgLYY+Mt5c4l01QYHXdSzIj5Jy+mHRLx TlEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=TouEW7eAltmIRwUnZEgcbvP5UULEAZCnkJK3BbQqc7w=; b=eDgDyospTt44qsMW2pHYiHL2qLimwI1e29Zqj8LP8BGvZA0jGoqc5ev0fi9rQ3adLM 7Y4fLdGQQGoxKOQvbsSg2Xw8i/hzYearKPeAUSkLccxjTljOOrXyZdXRcz/dYXgB+9mK WcrS6/paFxlBA0DGfYQtzJ4yJQCmbwT7seMi/p0TF3vNof4EYTJxTYm+qJAf1pJoMiLs vzpgOyQG6HxjDXMbOD51+aHDCyKj/VjU/D+e8qmXVpFnfMP8KJQEErL2dBANYd8c/m9p A8MPpD03eH03qxZBp1mgFkMMCUafEwvdK92G5mW73Zp44ne2awtgYA4xDRgKU+UcFZrk 5XLw== X-Gm-Message-State: APjAAAV1nhcd7vomX0Ey/FnAU9WarQVNaqguQPGRZ1TRDQmeLvGvB9vQ p2/8wBJHPNZkyh5O8d8LyY3/znWdDG/74jheAmErzA== X-Google-Smtp-Source: APXvYqyaXkZXrNsccwP9i4BwehQinGwVMoPK8Xpjc39WeEvnusQ+osGxzlD6R6Z/2rUSJ15JL0F8diqPe+kMJB/0DmE= X-Received: by 2002:a92:d581:: with SMTP id a1mr10065677iln.39.1574516611276; Sat, 23 Nov 2019 05:43:31 -0800 (PST) MIME-Version: 1.0 References: <874kyu9b1v.wl-herbert@gojira.at> In-Reply-To: <874kyu9b1v.wl-herbert@gojira.at> From: William Dudley Date: Sat, 23 Nov 2019 08:43:20 -0500 Message-ID: Subject: Re: Fwd: Freebsd 12.1 Virtualbox disks Cc: freebsd-questions X-Rspamd-Queue-Id: 47Kvdc4tCxz450R X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=SMi/3qXf; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of wfdudley@gmail.com designates 2607:f8b0:4864:20::142 as permitted sender) smtp.mailfrom=wfdudley@gmail.com X-Spamd-Result: default: False [0.08 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[9]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MISSING_TO(2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (1.92), ipnet: 2607:f8b0::/32(-2.28), asn: 15169(-1.96), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.968,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.95)[-0.950,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 13:43:33 -0000 It would be lovely if there was a link to instructions on how to resize the image. I ran into this problem using the 12.1 image with VirtualBox and eventually figured a work around, but I couldn't figure out how to resize the image. (Turns out, you can't do it from the GUI in VirtualBox 5). OR, why not just make the image 6GB instead of 4GB, and then it would not be out of disk space when you boot it up. Bill Dudley This email is free of malware because I run Linux. On Sat, Nov 23, 2019 at 4:50 AM Herbert J. Skuhra wrote: > On Sat, 23 Nov 2019 09:17:44 +0100, Daniele Mazzotti wrote: > > > > Hi there, > > > > I have noticed a strange thing happening with the vhd and vdmk images for > > Freebsd 12.1 linked on the official website ( > > > https://download.freebsd.org/ftp/releases/VM-IMAGES/12.1-RELEASE/amd64/Latest/ > ). > > The File System seems to be full right after a fresh install/config and > it > > is not possible to do anything wise with those images. Is it just me > being > > stupid/I cannot setup a Virtualbox VM or has this also happened to some > of > > you? > > > > A while ago I did the same with some Virtualbox images for version 12.0, > > but I cannot recall having any such problem with them. > > > > Thanks in advance for the support. > > https://lists.freebsd.org/pipermail/svn-src-all/2019-May/179969.html > > You have to resize the image file yourself! > > -- > Herbert > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-questions@freebsd.org Sat Nov 23 14:01:36 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 252851B689C for ; Sat, 23 Nov 2019 14:01:36 +0000 (UTC) (envelope-from kappei84@gmail.com) Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Kw2Q1bThz45jH for ; Sat, 23 Nov 2019 14:01:33 +0000 (UTC) (envelope-from kappei84@gmail.com) Received: by mail-wr1-x431.google.com with SMTP id z3so12034453wru.3 for ; Sat, 23 Nov 2019 06:01:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=exEr97/UmO25dg5rgGbiX1zNMjynZWG79YfnXYjSfM4=; b=mxs+4Fcf+oXL3YpTRVr99kusdwhFIMmdxpGUe94ONjLw9aDWGImyITX2uXFGTnVayU 9ofwxQIoeTgu/lb/hOhs/fnxdfJl9h1EO5QACVhqM3GU4MmIKau2iUId5ZMfFAMwgjsL kkw1jSB91riLaAyX3dM2qeE1BOr7WVvhzSncKHDL19T4VQgaMYdZB5dF6jqmqoopYCRi BWKgApk7LYVH69ubgWG0iLc3apjDhv2RBqO0VBDsgWmpC3bhke/KG7NOC42ZScNyWxnW QZxMkzYwerhkDNfe1iw5pHPo0IYt2Hn5qp3Als7v+H7Hu6RI/0rjjz/yv6Xbktjwcubx os5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=exEr97/UmO25dg5rgGbiX1zNMjynZWG79YfnXYjSfM4=; b=cW/iOKJ1bYrG8Ly/Mfl9ScHT379SV0r5lSgpt1Z4zT+INr4/RvY9SrIxBq4ZAmMTBZ vkOTBg1tdEBGCD0wkaFPAfe1SEhiFK1wGX3Rg5JHMXGa7M+lTITFFFturTW3Lx99uz0e qQbRLD6IeIEsxEiC++0tOfnijuXKrdl7FFcw3Ts1LInmBj5/ZHMpuFLWtWtVK7MhzoTt Vwo3jKfFUZdodsJG84LpqAPA8TM+G36LrhObz65j3W/NoB9SnGEYHfZ/6bkZnvNrrL7W 0lZjFLi3MrgfZuXr8qmGGuELcJunESU0j9kOYJgOh5A9rfD2pgtk2Ff4T9ckBhn0Od6P WCbg== X-Gm-Message-State: APjAAAVxtvchu8d198MS+S5WNcj5jd36krSMn94iN4UAdpJ/BdBq0rrW s4oewBjtH6B1YI3Tyi8gzjLgaSQB8LcqTJQOA7u6 X-Google-Smtp-Source: APXvYqztoGDeDNL6DwPw7vaK2J2fIIRd3ZU8SrBfU/+HRD7d2oIL4B/8bpdASFMLPhcf59VCEAhHwLUvZasBTQYzDJQ= X-Received: by 2002:adf:f290:: with SMTP id k16mr23943634wro.224.1574517690928; Sat, 23 Nov 2019 06:01:30 -0800 (PST) MIME-Version: 1.0 References: <874kyu9b1v.wl-herbert@gojira.at> In-Reply-To: From: Daniele Mazzotti Date: Sat, 23 Nov 2019 15:01:19 +0100 Message-ID: Subject: Re: Fwd: Freebsd 12.1 Virtualbox disks To: freebsd-questions@freebsd.org X-Rspamd-Queue-Id: 47Kw2Q1bThz45jH X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=mxs+4Fcf; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of kappei84@gmail.com designates 2a00:1450:4864:20::431 as permitted sender) smtp.mailfrom=kappei84@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(0.00)[ip: (-9.02), ipnet: 2a00:1450::/32(-2.71), asn: 15169(-1.96), country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[1.3.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 14:01:36 -0000 I fail at understanding why there is no info about this on the website. I think that if one downloads a VB image it is because he wants to fire up a system without doing anything and tinkering with truncate does not seem to be right IMHO. Il giorno sab 23 nov 2019 alle ore 14:43 William Dudley ha scritto: > It would be lovely if there was a link to instructions on how to resize the > image. > I ran into this problem using the 12.1 image with VirtualBox and eventually > figured a work around, but I couldn't figure out how to resize the image. > (Turns out, you can't do it from the GUI in VirtualBox 5). > > OR, why not just make the image 6GB instead of 4GB, and then it would not > be out of disk > space when you boot it up. > > Bill Dudley > > This email is free of malware because I run Linux. > > > On Sat, Nov 23, 2019 at 4:50 AM Herbert J. Skuhra > wrote: > > > On Sat, 23 Nov 2019 09:17:44 +0100, Daniele Mazzotti wrote: > > > > > > Hi there, > > > > > > I have noticed a strange thing happening with the vhd and vdmk images > for > > > Freebsd 12.1 linked on the official website ( > > > > > > https://download.freebsd.org/ftp/releases/VM-IMAGES/12.1-RELEASE/amd64/Latest/ > > ). > > > The File System seems to be full right after a fresh install/config and > > it > > > is not possible to do anything wise with those images. Is it just me > > being > > > stupid/I cannot setup a Virtualbox VM or has this also happened to some > > of > > > you? > > > > > > A while ago I did the same with some Virtualbox images for version > 12.0, > > > but I cannot recall having any such problem with them. > > > > > > Thanks in advance for the support. > > > > https://lists.freebsd.org/pipermail/svn-src-all/2019-May/179969.html > > > > You have to resize the image file yourself! > > > > -- > > Herbert > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-questions@freebsd.org Sat Nov 23 16:23:15 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C9D141B9397 for ; Sat, 23 Nov 2019 16:23:15 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Kz9t3t2yz4Db3 for ; Sat, 23 Nov 2019 16:23:14 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id xANGLmG5087908 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO) for ; Sat, 23 Nov 2019 10:21:49 -0600 (CST) (envelope-from tundra@tundraware.com) To: FreeBSD Mailing List From: Tim Daneliuk Subject: Optimizing ipfw? Openpgp: preference=signencrypt Autocrypt: addr=tundra@tundraware.com; prefer-encrypt=mutual; keydata= mQINBFlVgYoBEADIYD9W4mbKz5cEleX923hagDWkxyJl4kRiMJnz+dNAH71MItSdErMb0cFt CPxVncb4dR4R2ec0c0MjPcgVINNtbY1DMWsF7t31TKD8NG9ZjLqF6fZDFjgkRejqHytgjmCI UejrMSCf0UJsLtg+I3N1ZVVxd7ALj2bCvC/uc5S7j+YbNnhQvSoBbdFj/xOTjyOGGpk7WfB7 e42PGKq1NSgnI7tcY6HSaSH+LHeoc0yUpBb5A1ge+RhR1N9JTniEFe0qvOBi+HgUltEoxsk4 xb6IhpkDOTsxHvEg5h0ukfl8kG9cu+LrEBqwPaC8lPw3UmoTEAU+lXHanPE12JCF/54EtVCc rb4W0vqgGmLJzn5dRU/fWkar0FKPq4eoV0XMbGZKIC6pWQnMEsxEMpNvh7oefK6Kyn+LO+59 +sNYHbv1RImDJccmfHTOA6/jHdwOcnYy37U8UF7e+mGrwNs8GsMQx2AaQbR6VErakH3GBgft bMFOGQxiaRBkbzba7BZCQ060yhiC3/Mb/xHoVi7PBEmKig1SErTMA7Fh3CYPYIRDphNs6OSr tf9O4hbzUAsjbU3rxOfiWQjP3fSOM0KUBj4wpIWZlMrjAGnMIz2wHb211wsBiLqSaGiiO1LR 7RrcvbIFZvHQHiWe2tdRyuH3N/h7A316yoLfx+yy1gyP5weWsQARAQABtCRUaW0gRGFuZWxp dWsgPHR1bmRyYUB0dW5kcmF3YXJlLmNvbT6JAjcEEwEIACEFAllVgYoCGyMFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQdoOXo5EJFKntcA/9F9ags9Ik5C49N39iRq+yqBdn/Lr75rqv +Yg7JkjeVlwHpnQt1S6orTC7EaJc+AqY3szCEmhfuT0+E96Bw2k+G/XRnaedZ9SHSdImlmq0 RmOFpWLr67ScvlA9YG1tyR+QYraEFqK5EB6qhOWRJoz1BYtAAntK9b9gUTXt/277sT7lAWaj oPi4CDd4DofHc4E9VRsniMQNMLCWqc/ygAK07cWbK2Rh90tS2C4nK6OHFkNkK94zDilfxod1 NBFTUPPYfEU2CSa3eLlpfhYY3/2X7zNvmmCt+chHUnAhQLhldQ3WlqmTKP+ZK9LX002/bY1O M8Zk76WyA/A3EfsIUbnXBQvFyjwX6W4QEytlZWtp/yRIe64JOa3dZ8rkhragb2N4VgVLBVe3 jtZgfQ72pHrfNk/T0uT+hjFqInvIYiXkhxB2GiD7Ga28VuXojTmeoaW3GKcvoVxONSju7WzD XgyxWRmNpd5uifJcC3YU3tNNAosnQ0/5FW4wkducSEVwwqnAiSMQEMDDa/e6oP6GyOzes5SV LTNCRYdHWVKbxjetYU4SKm5RdLx9XuJo0qL9vO97mCNwdNkTM7gO2ycQ49qUiGbCZJOh2gpP ZRFrpJDxbloosAfOEB6IYjhb38u6jvbScJKK3bWA+a8TK4SrQpdRd1cAnW9sA8jCTV8ejZq0 CHm5Ag0EWVWBigEQAJYuihAOOOe/kAn045Ayn+3is3S+6eV4IAgL6lJhoChkgUJJuFoRX9BY rd35z29+q2/UCoProzd4Mk66wXeWv6n4s5R79OUzjgMLCTVlVaMy4gjPL9NRDwMt7KYRF56g mnoKZwfPDi/oJ5toPPboW94FrMwonqbdqYM2Pyi/HPMe4e396WQ4TaA1CdhyzKHoFSpkGcjX zIQ5yQ5aaGS7wonRu/pg15dbu+8QOgxRNFa0bO+ntz/30u+VmxFqFVbExjuy3Or8fSBhJgx4 cfyrrunKLclpZ/52VeK3l53yWYpR8RaTZfzpu8Ih+ijAY4XLO5F8P1T6sEviMaTY2F0sbFRx ZJXsgFpiKeWPHUn7/LX7qcoFJYoFqG6b3n5km+qy39x6lMgJDuxKpeN6lYj//LB6xVzn0JI+ 4ZHPrEkFqxu8VkL7deCPTI67ZJik18jXjTH9sha1YBvgvxIPFMA7ZwXX2AwNu7PzdcCpWarS usOAHbjQBUsQ+ZPpI1oeFnsCPZ+8/mMcTjVRZyJxOPs3KnXZv2cXNuaa7lwkWS366gHzQI7O l6WdC8TyNjiOzR654cL8BgYQ/xNSW1vTXqPWSRU8/b/5IueY2tQJh0CKIvfoP0rk8976wa1R 8SRi08mwHX7+F5oSeXLRNHicQGpS1f0DywdRcQ0MFHyq/CV4dTltABEBAAGJAh8EGAEIAAkF AllVgYoCGwwACgkQdoOXo5EJFKkDNw//c8nailIVOV72l7Lze+2AuK9MYUCFb1i4qI1WTnG0 OHQlCAltPhdwZPAozJw/eNqIcuWQh8rZspve9ipj589wLSsVyaFRsuYXTiYZ9RlRsnJYa36h 2JML3ZGrRsSxaUEAggbiOKbwmw27JuOIPmC3Gln4tJuZ+nw6cfCgMI45bIzinVanxHwPLeLp BZKpaEYzAwtBykUfAXn3jDwrI95UlMJvhHDFuRgvb6uSyJIqmp5aR/BjnlSdEwICyWpRAVSt yqZeBMeHbCr1B97PIRzk/q0eHm9T+AoiZWwz1iVGGgkYdAaCfs2PBlNHmRm93cfgoEcaGvNb RbTXOe28niMJeYMQsnjOTy5AQIrhVKeP5E+qVs/oPK/inmLiTbjZcnrO2wR+uxpPGgmR6M/3 p8qyRdaOvT87HZXO+Wr+r9A4UnwhCPsfELwPlEo+TJQ/oE71Mlkx/ddQCWELcHjXrQF9YbzA Ml7g0zTkgHysh4DNkV5iYteOcmCwsWdOwn0H0yZfz6weyr8nEdPngyOjFNKMIpcTbeg8866c GxXAJj46dub4VdVwfvMRHfmmRJkjdId7YHWMgz2Kf7S7KPCROLis7WjlOdSS0q2m/7qy9WL/ ZW50YLS8ZZLMrnari5JxCyJX+8n6ZASo2AA93iTbKmYegK2LDwW1QLU1iAF3GyGOnSE= Message-ID: Date: Sat, 23 Nov 2019 10:21:43 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Sat, 23 Nov 2019 10:21:49 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: xANGLmG5087908 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, timed out) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-Rspamd-Queue-Id: 47Kz9t3t2yz4Db3 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of tundra@tundraware.com designates 45.55.60.57 as permitted sender) smtp.mailfrom=tundra@tundraware.com X-Spamd-Result: default: False [1.29 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[tundraware.com]; NEURAL_SPAM_MEDIUM(0.58)[0.575,0]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.31)[-0.307,0]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; IP_SCORE(0.33)[ip: (-4.71), ipnet: 45.55.32.0/19(4.48), asn: 14061(1.91), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:14061, ipnet:45.55.32.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 16:23:15 -0000 I have a boundary/gateway FreeBSD 11 machine running mostly as a NATing firewall. The machine is very lightly loaded and has no memory pressure to speak of. Recently, I tried going from about 2800 ipfw rules to over 34,000 to block a number of nations completely. This works, but is just DESTROYS my network throughput - It reduces it from around 175Mb/sec to 20 Mb/sec. Cables, switches, NICs etc. have been removed as suspects and falling back to either an open firewall or reduced ruleset firewall restores performance. So... is this a machine sizing problem - would a faster CPU help (this is an older 3.2Ghz quad core i5) or is it just the nature of a software firewall and I am exceeding its reasonable throughput? i.e., Is there ipfw tuning to be done or have I just hit the limits of the model and need to consider a hardware firewall? P.S. The rules in question are thousands of statements like: ipfw add deny all from some-IP-or-CIDR-block to any via NIC From owner-freebsd-questions@freebsd.org Sat Nov 23 16:47:09 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 060871B9B2A for ; Sat, 23 Nov 2019 16:47:09 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47KzjR3FNBz4FhS for ; Sat, 23 Nov 2019 16:47:07 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id CE0B68B9DD for ; Sat, 23 Nov 2019 19:46:59 +0300 (MSK) Subject: Re: Optimizing ipfw? To: freebsd-questions@freebsd.org References: From: Victor Gamov Organization: OstankinoTelecom Message-ID: Date: Sat, 23 Nov 2019 19:46:59 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47KzjR3FNBz4FhS X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-4.44 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; MIME_TRACE(0.00)[0:+]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[otcnet.ru]; IP_SCORE(-3.24)[ip: (-8.54), ipnet: 194.190.78.0/24(-4.27), asn: 50822(-3.41), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 16:47:09 -0000 Hi Tim You need to use table like this: ===== table srcIP create type addr table srcIP add IP1/32 table srcIP add IP2/32 table srcIP add IP3/24 add 1500 deny ip from table(srcIP) to any in recv NIC ===== In a more complex case you can add tablearg and jump to rule marked by tablearg The main idea is to check as low rules as possible while packet processed by ipfw. On 23/11/2019 19:21, Tim Daneliuk wrote: > I have a boundary/gateway FreeBSD 11 machine running mostly as a NATing > firewall. The machine is very lightly loaded and has no memory pressure > to speak of. > > Recently, I tried going from about 2800 ipfw rules to over 34,000 to block > a number of nations completely. This works, but is just DESTROYS my > network throughput - It reduces it from around 175Mb/sec to 20 Mb/sec. > > Cables, switches, NICs etc. have been removed as suspects and falling back > to either an open firewall or reduced ruleset firewall restores performance. > > So... is this a machine sizing problem - would a faster CPU help (this is > an older 3.2Ghz quad core i5) or is it just the nature of a software > firewall and I am exceeding its reasonable throughput? > > i.e., Is there ipfw tuning to be done or have I just hit the limits > of the model and need to consider a hardware firewall? > > P.S. The rules in question are thousands of statements like: > > ipfw add deny all from some-IP-or-CIDR-block to any via NIC -- CU, Victor Gamov From owner-freebsd-questions@freebsd.org Sat Nov 23 17:46:58 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4D3601BB078 for ; Sat, 23 Nov 2019 17:46:58 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47L12T2rwzz4JZ3 for ; Sat, 23 Nov 2019 17:46:57 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qk1-x729.google.com with SMTP id i3so9157755qkk.9 for ; Sat, 23 Nov 2019 09:46:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=agG7SB3sRcvPgwA8bfPvePOS9pHOMS1q1azLV+2pwQA=; b=t2PPJ32gQmLkugve094VDONGMhodNKSFIAl/FO6izfVZ1gynvGsES6MjdJ2HSygRoF 0G4YJaXB/JWcU+V4djGAUsLeJhPflS8z8ZT9CWpmWhf4PMjwJMAa4H/YmPJEfQwRdO1Q VN2nzSKoigEoF1tbQpwPBMDBhnJ9vwMkptNHtSVAnv0h8T95IimJ9j5qIw1M1ItLB4LH EOu3uWKC5oRNeNlxzfXm+zePR1B7X0ZOJiuEF/yjKv95Kvixw0bCcoB1tJKBgjw91ZHP epHoAR0etvxjwAN8qVNNykiwy/N2JyTA/Jcx/Ox02wB0M3cOi92Uk4CYUYc68QvXaw2O c5Aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=agG7SB3sRcvPgwA8bfPvePOS9pHOMS1q1azLV+2pwQA=; b=thblDaPWoCBAeI0VWqKrJxo4t/ZWcJm0R16/4DBg86aH2QyT1C328lWepgeIhHbduP /MgEJzAFM26JQeU4TNcdvWzu0UhyOjXzDkwCAkcYLT5O25iGgzDFVxdnyL5xwxMRCBmR L6fqww27mlcI/1je8dguARN4XUlvkJl/GdbF+G8kdTv6d4nlbfAi3wUQV/Y4NdTkz+Yc CDuNVq9n+Kzq8x24wgBTUhMiyWMOGWacq+jWvLzb5nlP4/OEigmCY+mL81rs/vzOKXDe BljzoZC53K/NQoEG6uuv5HHccCKAzWVrY6MRxPBcA1XjsYgNvXCl+GrqwOoXlQmZ5P1m J16Q== X-Gm-Message-State: APjAAAUDbv2swlY3Se2Mt92ElN80EyInIHOxGobk8qjvhO0cm+bfwys2 LXug0iWz13lnJC87FSUjPK4jA9V3ytN7VrcZgpKwlg== X-Google-Smtp-Source: APXvYqwaVIJjvSxz2pLJyp1lOtXM1ubxfhL5zF7vObigAusaKfycHoc2vL5guErgcpur7Vx8/si6ypotkIfMJsMiTMI= X-Received: by 2002:a37:6c04:: with SMTP id h4mr18910364qkc.399.1574531215713; Sat, 23 Nov 2019 09:46:55 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Michael Sierchio Date: Sat, 23 Nov 2019 09:46:19 -0800 Message-ID: Subject: Re: Optimizing ipfw? To: Tim Daneliuk Cc: FreeBSD Mailing List X-Rspamd-Queue-Id: 47L12T2rwzz4JZ3 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623 header.b=t2PPJ32g; dmarc=none; spf=none (mx1.freebsd.org: domain of kudzu@tenebras.com has no SPF policy when checking 2607:f8b0:4864:20::729) smtp.mailfrom=kudzu@tenebras.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; IP_SCORE(-2.70)[ip: (-9.21), ipnet: 2607:f8b0::/32(-2.28), asn: 15169(-1.96), country: US(-0.05)]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[tenebras.com]; URI_COUNT_ODD(1.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[9.2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 17:46:58 -0000 Don't use specific rules per CIDR block, use tables. You can efficiently handle hundreds of thousands of CIDR blocks and IPv6 prefixes in a single table, or multiple tables. You can assign the argument based on country code or some such. You can add and delete CIDR blocks, and even swap tables so you can do it atomically. On Sat, Nov 23, 2019 at 8:23 AM Tim Daneliuk wrote: > I have a boundary/gateway FreeBSD 11 machine running mostly as a NATing > firewall. The machine is very lightly loaded and has no memory pressure > to speak of. > > Recently, I tried going from about 2800 ipfw rules to over 34,000 to bloc= k > a number of nations completely. This works, but is just DESTROYS my > network throughput - It reduces it from around 175Mb/sec to 20 Mb/sec. > > Cables, switches, NICs etc. have been removed as suspects and falling bac= k > to either an open firewall or reduced ruleset firewall restores > performance. > > So... is this a machine sizing problem - would a faster CPU help (this is > an older 3.2Ghz quad core i5) or is it just the nature of a software > firewall and I am exceeding its reasonable throughput? > > i.e., Is there ipfw tuning to be done or have I just hit the limits > of the model and need to consider a hardware firewall? > > P.S. The rules in question are thousands of statements like: > > ipfw add deny all from some-IP-or-CIDR-block to any via NIC > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata From owner-freebsd-questions@freebsd.org Sat Nov 23 20:24:35 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 090211BE1BB for ; Sat, 23 Nov 2019 20:24:35 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47L4XL0JD0z4QZ1 for ; Sat, 23 Nov 2019 20:24:33 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([94.223.163.220]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPA (Nemesis) id 1MVNEv-1iRHoL32AB-00SRCv; Sat, 23 Nov 2019 21:23:54 +0100 Date: Sat, 23 Nov 2019 21:23:51 +0100 From: Polytropon To: Nilton Jose Rizzo Cc: freebsd-questions@freebsd.org Subject: Re: Where the best place to question about feature Message-Id: <20191123212351.8ae657af.freebsd@edvax.de> In-Reply-To: References: Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:JxbYQGCN1INGDctVUHsSObmyZMl9+xJT1gc0r9JdIirLftdv16f qlJF0oKMNQqKUt0bEws98fhCLyh4PaIjrw8HJwK2SbF9gdfCw6vEGPcR7oi6iAUICGx+63Z JezOW0wpkYoTtkUEETxKovT8AmFCS0lCzrBbIhlrOf+KLLUYPTXyQPS/EpAU5lx2HTX0aIG UYGtRtgzar5UauY2kEnaQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:2+uzOBoqdSs=:du3dKUcboyD65fcumCrLI4 1u2GpzpQK3f0nkkCKt5hc7tEGQYL97cR8+HaHmgjxz2x+cR0vp20rNY08M7cSNjCtUIIxEXUO t6lsiPg/ccKzSSnGCB7ot6TMbQ3I8tC8ISQk7tbz30nLkglSF0E57ms2sfVebvor8kMjxZNqv Lyfe6KOGPieVNs4z9tGktHXyt0bXERIlQ2Kw3Thi+72cjU4qJhNQ6eb8yZB3C6kquBVVkV9FC 212mKk2eHyjOb7iLV3QzC0OQvJ23cCpFlTph649CQ67LRvfxWQXr8v0i8yoxEHMo0YQMg/vpW k7Hu1c9JLQ9ey8kUhBqb1hUOSs4iQu3smgcF8ib0zloptaIKQX4JmEtl96fLTtl19QUEEhXkh 7HpuAES25LkCEhN1LURHIQxTxz64Dk/jNAFByBLL+js+A/mXqXINa2S4TeBafHfQDBe9TIy2B LZyRgdTI43ZzZgb7574T85hSGUEaCdsDncPquDrsxJ4pJkOIF7o0w4JglEyqafZe6sRPdRC1d /SsSRjDnnauNA7P2LElEaKGc8HWOY38n61UG8mfeyYDBjZxVw7wY12JAIqJ2s4UuPMR92kAFg f8R6hERSK/r1u6WJp9F9yoh67e77DiiaCK36AGoyjhyG2yqFLHqLPlYkVLwekbn5hpMZzlaqp 3EeHDZUF/Pd1yoY7RdZurvZxYBkyaKgzxN52lDWwNyCUweD+YnZlogV/9LuATqat6jkmK/O6r jLZVHGrJES+DnDUW3o8nnIqnA+8EDSf459P1MQl6qEI75PYgedAUM+klKORPJwZbF8lCxdlx5 2wfQHf+ujL0V3I0+jWBdbbQgOibb2q9Mpgzzl3pKqhPAoc6p2BzGfnvoraScgfC5cF1h6dSgP HCee+dNu9PMQEcFOTjmg== X-Rspamd-Queue-Id: 47L4XL0JD0z4QZ1 X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.17.13) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [4.28 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[220.163.223.94.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.95)[0.947,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.85)[0.853,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[13.17.227.212.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(0.08)[ip: (-0.65), ipnet: 212.227.0.0/16(-1.25), asn: 8560(2.30), country: DE(-0.01)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 20:24:35 -0000 On Sat, 23 Nov 2019 10:41:31 -0300, Nilton Jose Rizzo wrote: > I'm have a quenstion about getopt_long functionality, where the best > place to send my question? The general questions mailing list (this one - freebsd-questions) is probably appropriate. In worst case, address the freebsd-hackers list. For more information see: https://lists.freebsd.org/mailman/listinfo > My questions is How I detect correct when the optional argument > was passed or not Without further investigation, I'd suggest to check the section EXAMPLES in "man 3 getopt_long". If I remember correctly, you define optional_argument for the flag and check if optarg is a valid string (or NULL)... -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Sat Nov 23 21:05:41 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A82F1BF166 for ; Sat, 23 Nov 2019 21:05:41 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47L5Rm6B9qz4SB9 for ; Sat, 23 Nov 2019 21:05:40 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id xANL4Jig045479 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO) for ; Sat, 23 Nov 2019 15:04:20 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: Optimizing ipfw? To: FreeBSD Mailing List References: From: Tim Daneliuk Openpgp: preference=signencrypt Autocrypt: addr=tundra@tundraware.com; prefer-encrypt=mutual; keydata= mQINBFlVgYoBEADIYD9W4mbKz5cEleX923hagDWkxyJl4kRiMJnz+dNAH71MItSdErMb0cFt CPxVncb4dR4R2ec0c0MjPcgVINNtbY1DMWsF7t31TKD8NG9ZjLqF6fZDFjgkRejqHytgjmCI UejrMSCf0UJsLtg+I3N1ZVVxd7ALj2bCvC/uc5S7j+YbNnhQvSoBbdFj/xOTjyOGGpk7WfB7 e42PGKq1NSgnI7tcY6HSaSH+LHeoc0yUpBb5A1ge+RhR1N9JTniEFe0qvOBi+HgUltEoxsk4 xb6IhpkDOTsxHvEg5h0ukfl8kG9cu+LrEBqwPaC8lPw3UmoTEAU+lXHanPE12JCF/54EtVCc rb4W0vqgGmLJzn5dRU/fWkar0FKPq4eoV0XMbGZKIC6pWQnMEsxEMpNvh7oefK6Kyn+LO+59 +sNYHbv1RImDJccmfHTOA6/jHdwOcnYy37U8UF7e+mGrwNs8GsMQx2AaQbR6VErakH3GBgft bMFOGQxiaRBkbzba7BZCQ060yhiC3/Mb/xHoVi7PBEmKig1SErTMA7Fh3CYPYIRDphNs6OSr tf9O4hbzUAsjbU3rxOfiWQjP3fSOM0KUBj4wpIWZlMrjAGnMIz2wHb211wsBiLqSaGiiO1LR 7RrcvbIFZvHQHiWe2tdRyuH3N/h7A316yoLfx+yy1gyP5weWsQARAQABtCRUaW0gRGFuZWxp dWsgPHR1bmRyYUB0dW5kcmF3YXJlLmNvbT6JAjcEEwEIACEFAllVgYoCGyMFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQdoOXo5EJFKntcA/9F9ags9Ik5C49N39iRq+yqBdn/Lr75rqv +Yg7JkjeVlwHpnQt1S6orTC7EaJc+AqY3szCEmhfuT0+E96Bw2k+G/XRnaedZ9SHSdImlmq0 RmOFpWLr67ScvlA9YG1tyR+QYraEFqK5EB6qhOWRJoz1BYtAAntK9b9gUTXt/277sT7lAWaj oPi4CDd4DofHc4E9VRsniMQNMLCWqc/ygAK07cWbK2Rh90tS2C4nK6OHFkNkK94zDilfxod1 NBFTUPPYfEU2CSa3eLlpfhYY3/2X7zNvmmCt+chHUnAhQLhldQ3WlqmTKP+ZK9LX002/bY1O M8Zk76WyA/A3EfsIUbnXBQvFyjwX6W4QEytlZWtp/yRIe64JOa3dZ8rkhragb2N4VgVLBVe3 jtZgfQ72pHrfNk/T0uT+hjFqInvIYiXkhxB2GiD7Ga28VuXojTmeoaW3GKcvoVxONSju7WzD XgyxWRmNpd5uifJcC3YU3tNNAosnQ0/5FW4wkducSEVwwqnAiSMQEMDDa/e6oP6GyOzes5SV LTNCRYdHWVKbxjetYU4SKm5RdLx9XuJo0qL9vO97mCNwdNkTM7gO2ycQ49qUiGbCZJOh2gpP ZRFrpJDxbloosAfOEB6IYjhb38u6jvbScJKK3bWA+a8TK4SrQpdRd1cAnW9sA8jCTV8ejZq0 CHm5Ag0EWVWBigEQAJYuihAOOOe/kAn045Ayn+3is3S+6eV4IAgL6lJhoChkgUJJuFoRX9BY rd35z29+q2/UCoProzd4Mk66wXeWv6n4s5R79OUzjgMLCTVlVaMy4gjPL9NRDwMt7KYRF56g mnoKZwfPDi/oJ5toPPboW94FrMwonqbdqYM2Pyi/HPMe4e396WQ4TaA1CdhyzKHoFSpkGcjX zIQ5yQ5aaGS7wonRu/pg15dbu+8QOgxRNFa0bO+ntz/30u+VmxFqFVbExjuy3Or8fSBhJgx4 cfyrrunKLclpZ/52VeK3l53yWYpR8RaTZfzpu8Ih+ijAY4XLO5F8P1T6sEviMaTY2F0sbFRx ZJXsgFpiKeWPHUn7/LX7qcoFJYoFqG6b3n5km+qy39x6lMgJDuxKpeN6lYj//LB6xVzn0JI+ 4ZHPrEkFqxu8VkL7deCPTI67ZJik18jXjTH9sha1YBvgvxIPFMA7ZwXX2AwNu7PzdcCpWarS usOAHbjQBUsQ+ZPpI1oeFnsCPZ+8/mMcTjVRZyJxOPs3KnXZv2cXNuaa7lwkWS366gHzQI7O l6WdC8TyNjiOzR654cL8BgYQ/xNSW1vTXqPWSRU8/b/5IueY2tQJh0CKIvfoP0rk8976wa1R 8SRi08mwHX7+F5oSeXLRNHicQGpS1f0DywdRcQ0MFHyq/CV4dTltABEBAAGJAh8EGAEIAAkF AllVgYoCGwwACgkQdoOXo5EJFKkDNw//c8nailIVOV72l7Lze+2AuK9MYUCFb1i4qI1WTnG0 OHQlCAltPhdwZPAozJw/eNqIcuWQh8rZspve9ipj589wLSsVyaFRsuYXTiYZ9RlRsnJYa36h 2JML3ZGrRsSxaUEAggbiOKbwmw27JuOIPmC3Gln4tJuZ+nw6cfCgMI45bIzinVanxHwPLeLp BZKpaEYzAwtBykUfAXn3jDwrI95UlMJvhHDFuRgvb6uSyJIqmp5aR/BjnlSdEwICyWpRAVSt yqZeBMeHbCr1B97PIRzk/q0eHm9T+AoiZWwz1iVGGgkYdAaCfs2PBlNHmRm93cfgoEcaGvNb RbTXOe28niMJeYMQsnjOTy5AQIrhVKeP5E+qVs/oPK/inmLiTbjZcnrO2wR+uxpPGgmR6M/3 p8qyRdaOvT87HZXO+Wr+r9A4UnwhCPsfELwPlEo+TJQ/oE71Mlkx/ddQCWELcHjXrQF9YbzA Ml7g0zTkgHysh4DNkV5iYteOcmCwsWdOwn0H0yZfz6weyr8nEdPngyOjFNKMIpcTbeg8866c GxXAJj46dub4VdVwfvMRHfmmRJkjdId7YHWMgz2Kf7S7KPCROLis7WjlOdSS0q2m/7qy9WL/ ZW50YLS8ZZLMrnari5JxCyJX+8n6ZASo2AA93iTbKmYegK2LDwW1QLU1iAF3GyGOnSE= Message-ID: <55e36a4a-c594-e70c-28ac-ab7312591955@tundraware.com> Date: Sat, 23 Nov 2019 15:04:14 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Sat, 23 Nov 2019 15:04:20 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: xANL4Jig045479 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, timed out) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-Rspamd-Queue-Id: 47L5Rm6B9qz4SB9 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of tundra@tundraware.com designates 45.55.60.57 as permitted sender) smtp.mailfrom=tundra@tundraware.com X-Spamd-Result: default: False [1.42 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[tundraware.com]; NEURAL_SPAM_MEDIUM(0.61)[0.612,0]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.24)[-0.239,0]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; IP_SCORE(0.35)[ip: (-4.59), ipnet: 45.55.32.0/19(4.47), asn: 14061(1.91), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:14061, ipnet:45.55.32.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 21:05:41 -0000 On 11/23/19 11:46 AM, Michael Sierchio wrote: > Don't use specific rules per CIDR block, use tables. You can efficiently > handle hundreds of thousands of CIDR blocks and IPv6 prefixes in a single > table, or multiple tables. You can assign the argument based on country > code or some such. You can add and delete CIDR blocks, and even swap tables > so you can do it atomically. Aha! Thanks. So, I added this to my firewall startup code: ### # Block Naughty IP Addresses/Spaces ### # Use ipfw tables for efficiency for addr in `cat ${NAUGHTYFILE}` do ${FWCMD} table 10 add ${addr} done ${FWCMD} add deny all from table\(10\) to any via ${OIF} ipfw show does show that new table being referenced and the table shows the IPs and CIDR blocks I want stopped, but I have no affirmative proof this is working yet. It does, however, no longer clobber network performance as you noted. So ... thanks again! P.S. Is there a way to get ipfw to dump everything it is blocking including the stuff in the table? From owner-freebsd-questions@freebsd.org Sat Nov 23 21:21:32 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7965D1BF89F for ; Sat, 23 Nov 2019 21:21:32 +0000 (UTC) (envelope-from karl@denninger.net) Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47L5p34KLQz4T4j for ; Sat, 23 Nov 2019 21:21:31 +0000 (UTC) (envelope-from karl@denninger.net) Received: from denninger.net (ip68-1-57-197.pn.at.cox.net [68.1.57.197]) by colo1.denninger.net (Postfix) with ESMTP id 39B4F211083 for ; Sat, 23 Nov 2019 16:21:24 -0500 (EST) Received: from [192.168.10.25] (D15.Denninger.Net [192.168.10.25]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by denninger.net (Postfix) with ESMTPSA id B8DC21EFC11 for ; Sat, 23 Nov 2019 15:21:23 -0600 (CST) Subject: Re: Optimizing ipfw? To: freebsd-questions@freebsd.org References: <55e36a4a-c594-e70c-28ac-ab7312591955@tundraware.com> From: Karl Denninger Autocrypt: addr=karl@denninger.net; prefer-encrypt=mutual; keydata= xsFNBF1Rd+gBEACmLAH7SAzdQq57ZN56QQEy0jDFfH5BvGOMZgCaP+Y5lJQ5u9WphCoCALMs Rg0o1Q9DRNWgUmy/cgsxioXAEzZFXXzOHPJhwplVOgfjxnoByD5KQhWG8Owm9QmATdtiZPSV 4UYVNUIbZv7btSnnAXysG2OUHajYS5PVeFQxFbhNFq/SS8VaXr1WEVTFa8NFKp2W3/KY1A+U KKDUlYwnOauK3fnY9chF2IRSoxAbBJFrJ4lPGz04HtzNos4Q9CBfTphKcdFjcPntNS9wrqs3 sm+7hLNTH9B2Kj6aekG5UhD03eyP+gevTgBy51RL6ULzI13Kc4aeyOByuBXrA8D2m2Ee67iy 4+ZSxM9Wn1gQce5624OWzCYIGBH2r75Bshp1KHKu36N2rN//kyKYnwl/z6UZB/S9cMUFKZgL gFx7QxpFX/HvSiBcPfcGS0meModpg6qma7/2jRoQAXacslpiT+uOfRGspNbnglkbw435RzX/ kMUclJQNZBBBUpPiGjVCjeBTiAfN8TyjS+pWzwxNCUZWbYO5xVaS0gbIhgVNoBOGn1rdTsdA PP65SRjaoL5KY6bzkkzrXLB2Djx8/p4vr0qIqxIQWbewJq3xKyKGiqI46ae77BF7k0B++Ndx g9K9UeWKl/iJ0eoI0ftR+xH3aIHTU1Or3j/tj4j8Z0tnVSyt1wARAQABzSNLYXJsIERlbm5p bmdlciA8a2FybEBkZW5uaW5nZXIubmV0PsLBfwQTAQgAKQUCXVF36AIbIwUJCWYBgAcLCQgH AwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEG8twBXrj1l4swkP/3uOzRxW16K6H4JIEIRMUEbt nxDhmk+gR/7H9phg7HtvR7i22QejZX1N1NHcGRNmBwLshWVjJkHKhCE/AM8Cf9XyaV2ft6qn g1xK6NuhapxVuaaMeCVPUzsPkTcR+JMl72ZR4Q+mJMVQButCITekmr7aIzIZ80fF0t86rnq+ O74ZGt0SAMsLV/GAKlIw8fGMi9Xj4OKDgqmxTnIoV4+0mpo26W957pnlOrjN3/6VqWUyAdHH DkyqsuP/9jx2f5pZCcD7X04+93GI+sGb1s6BOFRHq2oJgs6W0z0nPx5Ks9MDDgSQlxXAryje 17WphTR7DWn1BeF3Y8AhRkzc2+Mgc5s1i2fPe6YwvksDNOEyNXIvFV7chwDQYb0Q3I8XsoHu 2WUjXp0kVokobJPdVdY55nbY+brezweRJMiEpFtGOmoUekQWlI5KS1kE8+Xuqpm+MSxEpqY8 5ncPt0lekOrICGajlOotkUK86iVemlW1rMzMc5Xwp9j8oxa+bRtGD6u1rYz4i+qIdE+GSCBy 1nnHN/my0nefhQyHXr8wGVEbyiMZCten9fm1iXpBr0jY+tvtbo8XqZQG7Lr+3kSO6VUgc8kW IPf2HxIV7AnGUN+ddZGCcPPhb2mY/Yy7si54wJFj6YoG+/+rNjF9F5d8WeLoeUWczgHTvZmS o6F7UhjjuwzgzsFNBF1Rd+gBEADNVFS8nQ+kpKOpgtP+f3bCVxHAm7eHMbX6oew5yZiQwfD+ 1RWNWLVOMeTt7G2e5HsHpJOUwFUJhbDb0omB0r38xTSVSAig9kmUfb7tTMJG2bG7WfWykBOM WIZ4OhCf+ISv9dUkjNgx4ionWotFxwDiPRwWumVQ7WYZmRZlhDWMiaHgKvBrjJ7Y6GKPRbQc 5/0Qz9xGhXKlFxDQrrSMkyRThIOxXqdfD9z3rEsV3ZwOojzNsnkIImnQMKyIAR0FBQop34G9 wDQi7fxk8wGIfDszwfR4oAdDdPGq4gcAvE7Fd3xKyNpGyjSED5szoaFjldaZSXQIffquSUvy sFCTTLRIso5Dn9uQgi57gIv+5mnyKBfm2Z2P6pEQPSt073TED9rS0+JpniJL7rKRVpO5niqw sQJS6ht+JF88rXro+SiwxD/KeDpTuuJ10+ohLVi1Y+X82X7BIQEhqtFp9FVJSds4o/eNyaHd SoqfoeWMy3EV+rdJ3DneXcPS1BgxO57Rko5Hx3NUSVK83ovFb+Ofes9SLNdqNu3xAUcfpRdS DyxzpVbCq6Y2CIojiaweiYe5BOBhmR9OPGhqP8YD7GukYmQufAVuOrIVyctBlVPHgMBb+UX+ ItYXuX4weSJWLOsmM45xd/EYvBq2DWFpKlyihoktNzTGqxGsNeG7gCOEUTAnUwARAQABwsFl BBgBCAAPBQJdUXfoAhsMBQkJZgGAAAoJEG8twBXrj1l4Dm0P/iEx2gIHSOnvgpG799Vf2RM0 7gPbDWzDaw8YTV49H+VTOqq7RlT52aO0QfNAmtppX0V1/5f30fuSCF46NWnYGu35P/LvOAPb sLbeWCyJy4GOPN4cjsBMbgmooGdl24RdcvGMmY177o7oOSWBqXfhAj+YA6r+hEar1qxqLgwB Gy8wAId4qYSQhN/FxiQbyUs2tPAI6Wn/41pI7Hu6WgmRGpZrBv8HhVV9Gl7jallSsS/g+fhu WRbDKCknUS5SX3+w2AUFr4kf62gSSxXBxd075KnViV9c0sraAPI31XbM5QUc0Xssfaqs6Srr z4MjKaLhb7GD8C1JwI23PuGdFvk9WK996UvIyjdWIE99VSlg/5gEKkXzwx7oysrSG9BqkfGf I4addK55xRQPul0V3s2LtDoQTxg3VHrL6wrvGhYUcTHLmlsvNx1EOb5a3xBT+SUK/Ltq08LW YcmNbU/G217MlfvDJYHCb0uOtxqJFm8RiZGj2eEcLgvyWnlWCD2rfP4EqCxmpr3Ic725FiQR cBbdTV3clTgclhBG3TA9dxVjfZDcatz5cFBwXP8k5Yn9tNl90T2r79V4SNh1mCHtGTSEf449 qz9tm7EguLchjmoirJTuiipZKcalcHAHtz4VPUykdXsrfEJTzdEcujzqF6v/9CY+DjpAd3et Z0vw7xC5tS+b Message-ID: <138c4563-3bc1-5054-21f4-ecb7b4260cf0@denninger.net> Date: Sat, 23 Nov 2019 15:21:22 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <55e36a4a-c594-e70c-28ac-ab7312591955@tundraware.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms020903090206020502080302" X-Rspamd-Queue-Id: 47L5p34KLQz4T4j X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=denninger.net; spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net X-Spamd-Result: default: False [-6.36 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; DMARC_POLICY_ALLOW(-0.50)[denninger.net,none]; TO_DN_NONE(0.00)[]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-2.46)[ip: (-9.83), ipnet: 104.236.64.0/18(-4.34), asn: 14061(1.91), country: US(-0.05)]; RECEIVED_SPAMHAUS_PBL(0.00)[197.57.1.68.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11] X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 21:21:32 -0000 This is a cryptographically signed message in MIME format. --------------ms020903090206020502080302 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11/23/2019 15:04, Tim Daneliuk wrote: > On 11/23/19 11:46 AM, Michael Sierchio wrote: >> Don't use specific rules per CIDR block, use tables. You can efficien= tly >> handle hundreds of thousands of CIDR blocks and IPv6 prefixes in a sin= gle >> table, or multiple tables. You can assign the argument based on count= ry >> code or some such. You can add and delete CIDR blocks, and even swap t= ables >> so you can do it atomically. > Aha! Thanks. So, I added this to my firewall startup code: > > ### > # Block Naughty IP Addresses/Spaces > ### > > # Use ipfw tables for efficiency > > for addr in `cat ${NAUGHTYFILE}` > do > ${FWCMD} table 10 add ${addr} > done > > ${FWCMD} add deny all from table\(10\) to any via ${OIF} > > > ipfw show does show that new table being referenced and the table shows= the IPs and CIDR blocks > I want stopped, but I have no affirmative proof this is working yet. > > It does, however, no longer clobber network performance as you noted. = So ... thanks again! > > P.S. Is there a way to get ipfw to dump everything it is blocking inclu= ding the stuff in the table? You can add the word "log" to that deny command (add deny log all ....) which will log everything that matches that line in the ipfw rule set. --=20 Karl Denninger karl@denninger.net /The Market Ticker/ /[S/MIME encrypted email preferred]/ --------------ms020903090206020502080302 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC DdgwggagMIIEiKADAgECAhMA5EiKghDOXrvfxYxjITXYDdhIMA0GCSqGSIb3DQEBCwUAMIGL MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJTmljZXZpbGxlMRkw FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExITAf BgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQTAeFw0xNzA4MTcxNjQyMTdaFw0yNzA4 MTUxNjQyMTdaMHsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkwFwYDVQQKDBBD dWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExJTAjBgNVBAMMHEN1 ZGEgU3lzdGVtcyBMTEMgMjAxNyBJbnQgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQC1aJotNUI+W4jP7xQDO8L/b4XiF4Rss9O0B+3vMH7Njk85fZ052QhZpMVlpaaO+sCI KqG3oNEbuOHzJB/NDJFnqh7ijBwhdWutdsq23Ux6TvxgakyMPpT6TRNEJzcBVQA0kpby1DVD 0EKSK/FrWWBiFmSxg7qUfmIq/mMzgE6epHktyRM3OGq3dbRdOUgfumWrqHXOrdJz06xE9NzY vc9toqZnd79FUtE/nSZVm1VS3Grq7RKV65onvX3QOW4W1ldEHwggaZxgWGNiR/D4eosAGFxn uYeWlKEC70c99Mp1giWux+7ur6hc2E+AaTGh+fGeijO5q40OGd+dNMgK8Es0nDRw81lRcl24 SWUEky9y8DArgIFlRd6d3ZYwgc1DMTWkTavx3ZpASp5TWih6yI8ACwboTvlUYeooMsPtNa9E 6UQ1nt7VEi5syjxnDltbEFoLYcXBcqhRhFETJe9CdenItAHAtOya3w5+fmC2j/xJz29og1KH YqWHlo3Kswi9G77an+zh6nWkMuHs+03DU8DaOEWzZEav3lVD4u76bKRDTbhh0bMAk4eXriGL h4MUoX3Imfcr6JoyheVrAdHDL/BixbMH1UUspeRuqQMQ5b2T6pabXP0oOB4FqldWiDgJBGRd zWLgCYG8wPGJGYgHibl5rFiI5Ix3FQncipc6SdUzOQIDAQABo4IBCjCCAQYwHQYDVR0OBBYE FF3AXsKnjdPND5+bxVECGKtc047PMIHABgNVHSMEgbgwgbWAFBu1oRhUMNEzjODolDka5k4Q EDBioYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJ TmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5 c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYIJAKxAy1WBo2kY MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC AQCB5686UCBVIT52jO3sz9pKuhxuC2npi8ZvoBwt/IH9piPA15/CGF1XeXUdu2qmhOjHkVLN gO7XB1G8CuluxofOIUce0aZGyB+vZ1ylHXlMeB0R82f5dz3/T7RQso55Y2Vog2Zb7PYTC5B9 oNy3ylsnNLzanYlcW3AAfzZcbxYuAdnuq0Im3EpGm8DoItUcf1pDezugKm/yKtNtY6sDyENj tExZ377cYA3IdIwqn1Mh4OAT/Rmh8au2rZAo0+bMYBy9C11Ex0hQ8zWcvPZBDn4v4RtO8g+K uQZQcJnO09LJNtw94W3d2mj4a7XrsKMnZKvm6W9BJIQ4Nmht4wXAtPQ1xA+QpxPTmsGAU0Cv HmqVC7XC3qxFhaOrD2dsvOAK6Sn3MEpH/YrfYCX7a7cz5zW3DsJQ6o3pYfnnQz+hnwLlz4MK 17NIA0WOdAF9IbtQqarf44+PEyUbKtz1r0KGeGLs+VGdd2FLA0e7yuzxJDYcaBTVwqaHhU2/ Fna/jGU7BhrKHtJbb/XlLeFJ24yvuiYKpYWQSSyZu1R/gvZjHeGb344jGBsZdCDrdxtQQcVA 6OxsMAPSUPMrlg9LWELEEYnVulQJerWxpUecGH92O06wwmPgykkz//UmmgjVSh7ErNvL0lUY UMfunYVO/O5hwhW+P4gviCXzBFeTtDZH259O7TCCBzAwggUYoAMCAQICEwCg0WvVwekjGFiO 62SckFwepz0wDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3Jp ZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBD QTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExMQyAyMDE3IEludCBDQTAeFw0xNzA4MTcyMTIx MjBaFw0yMjA4MTYyMTIxMjBaMFcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkw FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRswGQYDVQQDDBJrYXJsQGRlbm5pbmdlci5uZXQw ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+HVSyxVtJhy3Ohs+PAGRuO//Dha9A 16l5FPATr6wude9zjX5f2lrkRyU8vhCXTZW7WbvWZKpcZ8r0dtZmiK9uF58Ec6hhvfkxJzbg 96WHBw5Fumd5ahZzuCJDtCAWW8R7/KN+zwzQf1+B3MVLmbaXAFBuKzySKhKMcHbK3/wjUYTg y+3UK6v2SBrowvkUBC+jxNg3Wy12GsTXcUS/8FYIXgVVPgfZZrbJJb5HWOQpvvhILpPCD3xs YJFNKEPltXKWHT7Qtc2HNqikgNwj8oqOb+PeZGMiWapsatKm8mxuOOGOEBhAoTVTwUHlMNTg 6QUCJtuWFCK38qOCyk9Haj+86lUU8RG6FkRXWgMbNQm1mWREQhw3axgGLSntjjnznJr5vsvX SYR6c+XKLd5KQZcS6LL8FHYNjqVKHBYM+hDnrTZMqa20JLAF1YagutDiMRURU23iWS7bA9tM cXcqkclTSDtFtxahRifXRI7Epq2GSKuEXe/1Tfb5CE8QsbCpGsfSwv2tZ/SpqVG08MdRiXxN 5tmZiQWo15IyWoeKOXl/hKxA9KPuDHngXX022b1ly+5ZOZbxBAZZMod4y4b4FiRUhRI97r9l CxsP/EPHuuTIZ82BYhrhbtab8HuRo2ofne2TfAWY2BlA7ExM8XShMd9bRPZrNTokPQPUCWCg CdIATQIDAQABo4IBzzCCAcswPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8v b2NzcC5jdWRhc3lzdGVtcy5uZXQ6ODg4ODAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF oDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMDMGCWCG SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYDVR0O BBYEFLElmNWeVgsBPe7O8NiBzjvjYnpRMIHKBgNVHSMEgcIwgb+AFF3AXsKnjdPND5+bxVEC GKtc047PoYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UE BwwJTmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRh IFN5c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYITAORIioIQ zl6738WMYyE12A3YSDAdBgNVHREEFjAUgRJrYXJsQGRlbm5pbmdlci5uZXQwDQYJKoZIhvcN AQELBQADggIBAJXboPFBMLMtaiUt4KEtJCXlHO/3ZzIUIw/eobWFMdhe7M4+0u3te0sr77QR dcPKR0UeHffvpth2Mb3h28WfN0FmJmLwJk+pOx4u6uO3O0E1jNXoKh8fVcL4KU79oEQyYkbu 2HwbXBU9HbldPOOZDnPLi0whi/sbFHdyd4/w/NmnPgzAsQNZ2BYT9uBNr+jZw4SsluQzXG1X lFL/qCBoi1N2mqKPIepfGYF6drbr1RnXEJJsuD+NILLooTNf7PMgHPZ4VSWQXLNeFfygoOOK FiO0qfxPKpDMA+FHa8yNjAJZAgdJX5Mm1kbqipvb+r/H1UAmrzGMbhmf1gConsT5f8KU4n3Q IM2sOpTQe7BoVKlQM/fpQi6aBzu67M1iF1WtODpa5QUPvj1etaK+R3eYBzi4DIbCIWst8MdA 1+fEeKJFvMEZQONpkCwrJ+tJEuGQmjoQZgK1HeloepF0WDcviiho5FlgtAij+iBPtwMuuLiL shAXA5afMX1hYM4l11JXntle12EQFP1r6wOUkpOdxceCcMVDEJBBCHW2ZmdEaXgAm1VU+fnQ qS/wNw/S0X3RJT1qjr5uVlp2Y0auG/eG0jy6TT0KzTJeR9tLSDXprYkN2l/Qf7/nT6Q03qyE QnnKiBXWAZXveafyU/zYa7t3PTWFQGgWoC4w6XqgPo4KV44OMYIFBzCCBQMCAQEwgZIwezEL MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBglghkgBZQMEAgMFAKCCAkUw GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkxMTIzMjEyMTIy WjBPBgkqhkiG9w0BCQQxQgRApYAh0X94pmNzuieJjnp/LIrIwXwfNJk7a7wJPvoBV7dTEqpT DbqYzwxwt3P4fC7ekHXcKGwe5uCcjTn4QOClpjBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFl AwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3 DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGjBgkrBgEEAYI3EAQxgZUwgZIwezEL MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTCBpQYLKoZIhvcNAQkQAgsxgZWg gZIwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lz dGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0 ZW1zIExMQyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBgkqhkiG9w0BAQEF AASCAgAyXW57Bvfpl1//3kOMGhDusP5+e2p0J2BQFbOpbPcBcHtacGzDGsxINcgsIG6NYudu jXDuoZg4VMvDn8PKkeoZgdpJZUuAHgAxHK0PmyMUxFArA1zkd2za2I1EHUVRIiEWR414vHdO eTKZr9v+Z+4L4eh7uTsKKr4Rf93QM/2KYCb4RoaWTrhSLFvmT6SxSaQMEUJZLj8ylM3E74EC 1TngrJ99vYoLKBOhftFiBHQ/DzZAOPSrKK4DInLD3MqKC+u3qECBu+LOsFO7V01AiwLhlXvy qhCUVb+Y6t2GgoVJIF4YIEiIVK5UOu0oTNMp9A/D2ZqjmYkK7PFA4LTq8gnLnG4GJD8Hjcd3 X5EUuK/FeejXzc5AmC9YRIAC4NC55QXgr0dHbg1s5ZsWgEhrWOV8YWEuBS6fVbhZr4seP1xC 5g5gPvDDAENE0bIaRfYrbPzwzWHksnEiIhVHEIYbZYjqbVALY51w1ggdUCqTV99sH2rcOqn1 6KgUPr9WBN1Pf1fUtHD7frllUGpCxxAITbkeqwB0Ge6qIQOSAkIEk2K5bPXiBhpBNRSAwemW DkXt9aUoYI2D4vbrkv4k9jzINjBChcFgagwLLsYCK7UYTM3l1+2i2A3j5YkD+GFLvJW6Po0w 4trRV002diK4sbFS+w1Wy7f4gGkQd+TtQn7jGfuQrgAAAAAAAA== --------------ms020903090206020502080302-- From owner-freebsd-questions@freebsd.org Sat Nov 23 21:26:51 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 55DAD1BFA8A for ; Sat, 23 Nov 2019 21:26:51 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47L5wB2mvGz4TGY for ; Sat, 23 Nov 2019 21:26:50 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-oi1-x22c.google.com with SMTP id l202so9770845oig.1 for ; Sat, 23 Nov 2019 13:26:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5m7NBI9Xnh8LKAbwED3PF6+NC34iyvWDfnvY61wDbb0=; b=UxzX5ghZ4QP3cAe9kAYdn0DMulY6Ma1w+V0szDhxkVswZecZ5tTl4b4FhEi6VEz/85 /xpcWOqICij4ebC8tVYjl5ZTN53Zs28pV8KSeGi0acfLjHKRizBFU0VNkenaP2dvn43k 9bq7kvs1KwMpZYgjVwzC3PsHqu1FZzRq3bDXXhq6iR7K6iQC7celmvTSMokKotG/4MR1 GDHFJjwn26QToYnFaL88+mcZ5DXYBUHd8CqZ8+6KXJpl5IMRi/JnXgEc0dDta2mSpGDk QvHzzOZNxBk6HDbUYDiY6pQ2GRKcKIJrKvPlZ3wMWLO4FXeW9rHXLE+/Hbj77v/nYix6 cESQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5m7NBI9Xnh8LKAbwED3PF6+NC34iyvWDfnvY61wDbb0=; b=a/uKSfObOHTyMDfy5LahGGbETxy3lw4Qej6T1pVdAtG2Kr2Z63EWFwUH52LF59MTuM 8L6b8giCg+4isVNyC/Ld12+EovcU2w3tdx6buntVw/4cqqbhi+wkTHZbnhiLOzokOxhs cyni2iNl8o5ZfPP8Z9exl3RYliI1bgdE0CjxhcW1rWULY3BlqNzoZVYDjW+ZjYdqHyii qUfwJ5V0lF9lhhX57Bp3kNMqsAJx5VS5th1q+/czb8gelq82vnkgsF7L0s67M+O9L0fS nH9BMzRK+cIkDP2Q14JuhbxIvi3EW6p6rjd9/R+gezI1OTNOM4DJyJZWNeWjzgDro34+ texw== X-Gm-Message-State: APjAAAWC3eTfaCW7J01k365v2BBGRbUC+G9CVgnGWziiV4v1plLUcRNP eVuhVnuEZV30E2g13TwbReIMAEnuGZE= X-Google-Smtp-Source: APXvYqx9KCSN7y2Ki7DxFMOAaP8BNbIcRxpdNXvMelCET4rZxFiy0FAEDm+jOKDczYA1eWQlGzXQ/A== X-Received: by 2002:a05:6808:b2d:: with SMTP id t13mr17447894oij.83.1574544407614; Sat, 23 Nov 2019 13:26:47 -0800 (PST) Received: from mail-ot1-f47.google.com (mail-ot1-f47.google.com. [209.85.210.47]) by smtp.gmail.com with ESMTPSA id 32sm645885otf.43.2019.11.23.13.26.46 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 23 Nov 2019 13:26:46 -0800 (PST) Received: by mail-ot1-f47.google.com with SMTP id z25so9303210oti.5 for ; Sat, 23 Nov 2019 13:26:46 -0800 (PST) X-Received: by 2002:a05:6830:13c8:: with SMTP id e8mr14797738otq.159.1574544406098; Sat, 23 Nov 2019 13:26:46 -0800 (PST) MIME-Version: 1.0 References: <20191108194652.50c4f8e7c87ec76b9abc6e19@sohara.org> <20191108200005.21a9cdac18587cc36bd7cb01@sohara.org> <20191109154827.42b0b2e1.freebsd@edvax.de> <20191109183356.76307bdc4ab6f0a1f68c0acd@sohara.org> <20191110144830.096ce11b0668dd0721359cfa@sohara.org> <20191123125853.117ef30d39a3a7cf720d0bda@sohara.org> In-Reply-To: <20191123125853.117ef30d39a3a7cf720d0bda@sohara.org> From: Tomasz CEDRO Date: Sat, 23 Nov 2019 22:20:13 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: 12.1 on Thinkpad - problem making graphics work To: "Steve O'Hara-Smith" Cc: FreeBSD Questions Mailing List , Polytropon , "James E. Pace" Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 47L5wB2mvGz4TGY X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=UxzX5ghZ; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::22c) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-4.90 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cedro.info]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCVD_IN_DNSWL_NONE(0.00)[c.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.60)[ip: (-8.68), ipnet: 2607:f8b0::/32(-2.28), asn: 15169(-1.96), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 21:26:51 -0000 On Sat, Nov 23, 2019 at 1:59 PM Steve O'Hara-Smith wrote: > Hi, > pkg lock is your friend. Thank you Steve! :-) I hope pkg will not touch this package anymore.. but still I consider this port pre-alpha stage not production ready and worked as DoS for me _several_times_ from an _official_channel_ on a _release_ :-( I am truly sorry to say that but stability and coherence is far more important than untested features, this is why I prefer FreeBSD over Linux.. -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-questions@freebsd.org Sat Nov 23 21:34:24 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0E99B1BFF10 for ; Sat, 23 Nov 2019 21:34:24 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47L64v0tY4z4Ttd for ; Sat, 23 Nov 2019 21:34:22 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id xANLX58q002886 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO) for ; Sat, 23 Nov 2019 15:33:05 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: Optimizing ipfw? To: freebsd-questions@freebsd.org References: <55e36a4a-c594-e70c-28ac-ab7312591955@tundraware.com> <138c4563-3bc1-5054-21f4-ecb7b4260cf0@denninger.net> From: Tim Daneliuk Openpgp: preference=signencrypt Autocrypt: addr=tundra@tundraware.com; prefer-encrypt=mutual; keydata= mQINBFlVgYoBEADIYD9W4mbKz5cEleX923hagDWkxyJl4kRiMJnz+dNAH71MItSdErMb0cFt CPxVncb4dR4R2ec0c0MjPcgVINNtbY1DMWsF7t31TKD8NG9ZjLqF6fZDFjgkRejqHytgjmCI UejrMSCf0UJsLtg+I3N1ZVVxd7ALj2bCvC/uc5S7j+YbNnhQvSoBbdFj/xOTjyOGGpk7WfB7 e42PGKq1NSgnI7tcY6HSaSH+LHeoc0yUpBb5A1ge+RhR1N9JTniEFe0qvOBi+HgUltEoxsk4 xb6IhpkDOTsxHvEg5h0ukfl8kG9cu+LrEBqwPaC8lPw3UmoTEAU+lXHanPE12JCF/54EtVCc rb4W0vqgGmLJzn5dRU/fWkar0FKPq4eoV0XMbGZKIC6pWQnMEsxEMpNvh7oefK6Kyn+LO+59 +sNYHbv1RImDJccmfHTOA6/jHdwOcnYy37U8UF7e+mGrwNs8GsMQx2AaQbR6VErakH3GBgft bMFOGQxiaRBkbzba7BZCQ060yhiC3/Mb/xHoVi7PBEmKig1SErTMA7Fh3CYPYIRDphNs6OSr tf9O4hbzUAsjbU3rxOfiWQjP3fSOM0KUBj4wpIWZlMrjAGnMIz2wHb211wsBiLqSaGiiO1LR 7RrcvbIFZvHQHiWe2tdRyuH3N/h7A316yoLfx+yy1gyP5weWsQARAQABtCRUaW0gRGFuZWxp dWsgPHR1bmRyYUB0dW5kcmF3YXJlLmNvbT6JAjcEEwEIACEFAllVgYoCGyMFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQdoOXo5EJFKntcA/9F9ags9Ik5C49N39iRq+yqBdn/Lr75rqv +Yg7JkjeVlwHpnQt1S6orTC7EaJc+AqY3szCEmhfuT0+E96Bw2k+G/XRnaedZ9SHSdImlmq0 RmOFpWLr67ScvlA9YG1tyR+QYraEFqK5EB6qhOWRJoz1BYtAAntK9b9gUTXt/277sT7lAWaj oPi4CDd4DofHc4E9VRsniMQNMLCWqc/ygAK07cWbK2Rh90tS2C4nK6OHFkNkK94zDilfxod1 NBFTUPPYfEU2CSa3eLlpfhYY3/2X7zNvmmCt+chHUnAhQLhldQ3WlqmTKP+ZK9LX002/bY1O M8Zk76WyA/A3EfsIUbnXBQvFyjwX6W4QEytlZWtp/yRIe64JOa3dZ8rkhragb2N4VgVLBVe3 jtZgfQ72pHrfNk/T0uT+hjFqInvIYiXkhxB2GiD7Ga28VuXojTmeoaW3GKcvoVxONSju7WzD XgyxWRmNpd5uifJcC3YU3tNNAosnQ0/5FW4wkducSEVwwqnAiSMQEMDDa/e6oP6GyOzes5SV LTNCRYdHWVKbxjetYU4SKm5RdLx9XuJo0qL9vO97mCNwdNkTM7gO2ycQ49qUiGbCZJOh2gpP ZRFrpJDxbloosAfOEB6IYjhb38u6jvbScJKK3bWA+a8TK4SrQpdRd1cAnW9sA8jCTV8ejZq0 CHm5Ag0EWVWBigEQAJYuihAOOOe/kAn045Ayn+3is3S+6eV4IAgL6lJhoChkgUJJuFoRX9BY rd35z29+q2/UCoProzd4Mk66wXeWv6n4s5R79OUzjgMLCTVlVaMy4gjPL9NRDwMt7KYRF56g mnoKZwfPDi/oJ5toPPboW94FrMwonqbdqYM2Pyi/HPMe4e396WQ4TaA1CdhyzKHoFSpkGcjX zIQ5yQ5aaGS7wonRu/pg15dbu+8QOgxRNFa0bO+ntz/30u+VmxFqFVbExjuy3Or8fSBhJgx4 cfyrrunKLclpZ/52VeK3l53yWYpR8RaTZfzpu8Ih+ijAY4XLO5F8P1T6sEviMaTY2F0sbFRx ZJXsgFpiKeWPHUn7/LX7qcoFJYoFqG6b3n5km+qy39x6lMgJDuxKpeN6lYj//LB6xVzn0JI+ 4ZHPrEkFqxu8VkL7deCPTI67ZJik18jXjTH9sha1YBvgvxIPFMA7ZwXX2AwNu7PzdcCpWarS usOAHbjQBUsQ+ZPpI1oeFnsCPZ+8/mMcTjVRZyJxOPs3KnXZv2cXNuaa7lwkWS366gHzQI7O l6WdC8TyNjiOzR654cL8BgYQ/xNSW1vTXqPWSRU8/b/5IueY2tQJh0CKIvfoP0rk8976wa1R 8SRi08mwHX7+F5oSeXLRNHicQGpS1f0DywdRcQ0MFHyq/CV4dTltABEBAAGJAh8EGAEIAAkF AllVgYoCGwwACgkQdoOXo5EJFKkDNw//c8nailIVOV72l7Lze+2AuK9MYUCFb1i4qI1WTnG0 OHQlCAltPhdwZPAozJw/eNqIcuWQh8rZspve9ipj589wLSsVyaFRsuYXTiYZ9RlRsnJYa36h 2JML3ZGrRsSxaUEAggbiOKbwmw27JuOIPmC3Gln4tJuZ+nw6cfCgMI45bIzinVanxHwPLeLp BZKpaEYzAwtBykUfAXn3jDwrI95UlMJvhHDFuRgvb6uSyJIqmp5aR/BjnlSdEwICyWpRAVSt yqZeBMeHbCr1B97PIRzk/q0eHm9T+AoiZWwz1iVGGgkYdAaCfs2PBlNHmRm93cfgoEcaGvNb RbTXOe28niMJeYMQsnjOTy5AQIrhVKeP5E+qVs/oPK/inmLiTbjZcnrO2wR+uxpPGgmR6M/3 p8qyRdaOvT87HZXO+Wr+r9A4UnwhCPsfELwPlEo+TJQ/oE71Mlkx/ddQCWELcHjXrQF9YbzA Ml7g0zTkgHysh4DNkV5iYteOcmCwsWdOwn0H0yZfz6weyr8nEdPngyOjFNKMIpcTbeg8866c GxXAJj46dub4VdVwfvMRHfmmRJkjdId7YHWMgz2Kf7S7KPCROLis7WjlOdSS0q2m/7qy9WL/ ZW50YLS8ZZLMrnari5JxCyJX+8n6ZASo2AA93iTbKmYegK2LDwW1QLU1iAF3GyGOnSE= Message-ID: <7407b36a-f3f0-2031-6332-ece6ff493a1e@tundraware.com> Date: Sat, 23 Nov 2019 15:33:00 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <138c4563-3bc1-5054-21f4-ecb7b4260cf0@denninger.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Sat, 23 Nov 2019 15:33:05 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: xANLX58q002886 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, timed out) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-Rspamd-Queue-Id: 47L64v0tY4z4Ttd X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of tundra@tundraware.com designates 45.55.60.57 as permitted sender) smtp.mailfrom=tundra@tundraware.com X-Spamd-Result: default: False [1.63 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.67)[0.672,0]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.11)[-0.111,0]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[tundraware.com]; IP_SCORE(0.37)[ip: (-4.48), ipnet: 45.55.32.0/19(4.45), asn: 14061(1.91), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:14061, ipnet:45.55.32.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 21:34:24 -0000 On 11/23/19 3:21 PM, Karl Denninger wrote: > > On 11/23/2019 15:04, Tim Daneliuk wrote: >> On 11/23/19 11:46 AM, Michael Sierchio wrote: >>> Don't use specific rules per CIDR block, use tables. You can efficiently >>> handle hundreds of thousands of CIDR blocks and IPv6 prefixes in a single >>> table, or multiple tables. You can assign the argument based on country >>> code or some such. You can add and delete CIDR blocks, and even swap tables >>> so you can do it atomically. >> Aha! Thanks. So, I added this to my firewall startup code: >> >> ### >> # Block Naughty IP Addresses/Spaces >> ### >> >> # Use ipfw tables for efficiency >> >> for addr in `cat ${NAUGHTYFILE}` >> do >> ${FWCMD} table 10 add ${addr} >> done >> >> ${FWCMD} add deny all from table\(10\) to any via ${OIF} >> >> >> ipfw show does show that new table being referenced and the table shows the IPs and CIDR blocks >> I want stopped, but I have no affirmative proof this is working yet. >> >> It does, however, no longer clobber network performance as you noted. So ... thanks again! >> >> P.S. Is there a way to get ipfw to dump everything it is blocking including the stuff in the table? > > You can add the word "log" to that deny command (add deny log all ....) > which will log everything that matches that line in the ipfw rule set. Yep, that would do it, but I was hoping for something a little less noisy like dumping an internal state table that shows number of denies so far per IP or CIDR block. -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/