From nobody Tue Aug 12 11:40:07 2025 X-Original-To: freebsd-embedded@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1V1n5gMkz64ZnZ for ; Tue, 12 Aug 2025 11:40:45 +0000 (UTC) (envelope-from karl@denninger.net) Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4c1V1m3VWFz451v for ; Tue, 12 Aug 2025 11:40:44 +0000 (UTC) (envelope-from karl@denninger.net) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net; dmarc=pass (policy=none) header.from=denninger.net Received: from denninger.net (unknown [162.81.137.111]) by colo1.denninger.net (Postfix) with ESMTP id 83C60B05B1 for ; Tue, 12 Aug 2025 07:39:30 -0400 (EDT) Received: from [192.168.10.15] (D5.Denninger.Net [192.168.10.15]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by denninger.net (Postfix) with ESMTPSA id 4F8584C5042 for ; Tue, 12 Aug 2025 07:40:08 -0400 (EDT) Message-ID: <21444d9f-8a52-494e-a8d6-1700fd1ec769@denninger.net> Date: Tue, 12 Aug 2025 07:40:07 -0400 List-Id: Dedicated and Embedded Systems List-Archive: https://lists.freebsd.org/archives/freebsd-embedded List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-embedded@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: freebsd-embedded@freebsd.org From: Karl Denninger Subject: PKGBase and Embedded Systems Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms040109020200080307010505" X-Spamd-Result: default: False [-1.83 / 15.00]; SIGNED_SMIME(-2.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.996]; NEURAL_HAM_SHORT(-0.99)[-0.990]; NEURAL_SPAM_LONG(0.97)[0.967]; DMARC_POLICY_ALLOW(-0.50)[denninger.net,none]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+mx]; MIME_BASE64_TEXT(0.10)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US]; FREEFALL_USER(0.00)[karl]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-embedded@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_DKIM_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[freebsd-embedded@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_TLS_LAST(0.00)[]; HAS_ATTACHMENT(0.00)[] X-Rspamd-Queue-Id: 4c1V1m3VWFz451v X-Spamd-Bar: - This is a cryptographically signed message in MIME format. --------------ms040109020200080307010505 Content-Type: multipart/alternative; boundary="------------w6sVvCwkC2wxLKQnNUa90Pa4" --------------w6sVvCwkC2wxLKQnNUa90Pa4 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 V2VsbCwgb2ssICJzb3J0LW9mIiBlbWJlZGRlZCBzeXN0ZW1zLsKgIFRoaW5rIGZpcmV3YWxs cy4NCg0KUmlnaHQgbm93IEkgYnVpbGQgYSBVU0Igc3RpY2stYmFzZWQgc2V0dXAgZm9yIHRo ZXNlIG9uIE5hbm9CU0QgYW5kLCBmb3IgDQpzb21lIG90aGVyIGhhcmR3YXJlIGluIHNvbWV3 aGF0LXNpbWlsYXIgYXBwbGljYXRpb25zIChlLmcuIGhvbWUgY29udHJvbCwgDQpldGMuKSBm b3IgdGhlIFBJIHNlcmllcyB1c2luZyBDcm9jaGV0Lg0KDQovdmFyIGlzIHZvbGF0aWxlIG9u IGJvdGggd2hlcmUgL3Vzci9sb2NhbC9ldGMgaGFzIGEgInNhdmUiIG1lY2hhbmlzbSANCihh bG9uZyB3aXRoIC9ldGMpIGluIGJvdGggZW52aXJvbm1lbnRzOyB0aGF0IGlzLCBpdHMgdm9s YXRpbGUgd2hpbGUgDQpydW5uaW5nLCBidXQgY2FuIGJlIGluc3RydWN0ZWQgdG8gc3luYyB3 aXRoIHRoZSBzYXZlZCBjb3B5IHRodXMgb24gYSANCnJlYm9vdC9yZXNldC9wb3dlcmxvc3Mg dGhlIGxhc3Qtc2F2ZWQgaXMgcmV0YWluZWQuDQoNCkEgY291cGxlIG9mIHRpbWVzIEkndmUg Y29uY2x1ZGVkIHRoZSAiYmVzdCIgd2F5IHRvIGRlYWwgd2l0aCB0aGluZ3MgdGhhdCANCmR1 bXAgc3RhdGUgdGhleSdkIGxpa2UgdG8ga2VlcCBpbiAvdmFyIHNvbWV3aGVyZSAodXN1YWxs eSBpbiAvdmFyL2RiKSwgDQp3aGVyZSB0aGUgInRoaW5nIiBkb2Vzbid0IGhhdmUgYSBjb21t YW5kLWxpbmUgc3dpdGNoIHRvIGNoYW5nZSB0aGF0LCBpcyANCnRvIG1vdmUgdGhhdCBkaXJl Y3RvcnkgdG8gL3Vzci9sb2NhbC9ldGMvZGIgYW5kIHRoZW4gc3ltbGluayBpdCBkdXJpbmcg DQp0aGUgc2V0dXAsIHRodXMgaXQgYmVjb21lcyAidm9sYXRpbGUgYnV0IHN1YmplY3QgdG8g c2F2ZSIgYXMgd2l0aCANCmFueXRoaW5nIGVsc2UgaW4gL3Vzci9sb2NhbC9ldGMuDQoNClBr Z2Jhc2Ugb3BlbnMgdGhlIHBvc3NpYmlsaXR5IG9mIGZpeGluZyBzZWN1cml0eSB2dWxuZXJh YmlsaXRpZXMgYW5kIA0Kc2ltaWxhciB3aXRoIG90aGVyIHRoYW4gdXNpbmcgdGhlICJwaW5n IHBvbmciIHR5cGUgb2YgZHVhbC1wYXJ0aXRpb24gDQpzZXR1cCB0aGF0IGJvdGggbmFub2Jz ZCBhbmQgQ3JvY2hldCBjYW4gc3VwcG9ydC4gQnV0IHBrZ2Jhc2UsIGxpa2UgcGtnIA0KaXRz ZWxmLCByZWxpZXMgb24gcGVyc2lzdGVudCBzdG9yYWdlLg0KDQpBbnlvbmUgZWxzZSBkb2lu ZyBlbWJlZGRlZCBzdHVmZiBoYXZlIHRob3VnaHRzIG9uIHRoaXM/wqAgKEkgcHJlc3VtZSAN CnBrZ2Jhc2UgZ29pbmcgdG8gYmUgc29tZXRoaW5nIHlvdSBDQU4gdXNlLCBidXQgbm90IHRo YXQgeW91IE1VU1QgdXNlLi4uLikNCg0KLS0gDQpLYXJsIERlbm5pbmdlcg0Ka2FybEBkZW5u aW5nZXIubmV0DQovVGhlIE1hcmtldCBUaWNrZXIvDQovW1MvTUlNRSBlbmNyeXB0ZWQgZW1h aWwgcHJlZmVycmVkXSAvDQo= --------------w6sVvCwkC2wxLKQnNUa90Pa4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Well, ok, "sort-of" embedded systems.=C2=A0 Think firewalls.

Right now I build a USB stick-based setup for these on NanoBSD and, for some other hardware in somewhat-similar applications (e.g. home control, etc.) for the PI series using Crochet.

/var is volatile on both where /usr/local/etc has a "save" mechanism (along with /etc) in both environments; that is, its volatile while running, but can be instructed to sync with the saved copy thus on a reboot/reset/powerloss the last-saved is retained.

A couple of times I've concluded the "best" way to deal with things that dump state they'd like to keep in /var somewhere (usually in /var/db), where the "thing" doesn't have a command-line switch to change that, is to move that directory to /usr/local/etc/db and then symlink it during the setup, thus it becomes "volatile but subject to save" as with anything else in /usr/local/etc.

Pkgbase opens the possibility of fixing security vulnerabilities and similar with other than using the "ping pong" type of dual-partition setup that both nanobsd and Crochet can support.=C2=A0= But pkgbase, like pkg itself, relies on persistent storage.

Anyone else doing embedded stuff have thoughts on this?=C2=A0 (I presume pkgbase going to be something you CAN use, but not that you MUST use....)

--
Karl Denninger
karl@denninger.net
The Market Ticker
[S/MIME encrypted email preferred]=C2=A0 =C2=A0= =C2=A0
--------------w6sVvCwkC2wxLKQnNUa90Pa4-- --------------ms040109020200080307010505 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC C4owggWZMIIDgaADAgECAhRZU8dKdMneRI1Vq5kv0k54Q5rQuDANBgkqhkiG9w0BAQsFADB2 MQswCQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2VlMRYwFAYDVQQKDA1EZW5uaW5nZXIu TmV0MRcwFQYDVQQDDA5EZW5uaW5nZXIgUm9vdDEiMCAGCSqGSIb3DQEJARYTYWRtaW5AZGVu bmluZ2VyLm5ldDAeFw0yNDA1MDkyMTA4MDNaFw00NDA1MDQyMTA4MDNaMF0xCzAJBgNVBAYT AlVTMRIwEAYDVQQIDAlUZW5uZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5uZXQxIjAgBgNV BAMMGURlbm5pbmdlci5OZXQgU2lnbmluZyBJbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDbR0tSiuLG5HPfo+cWtdeYQ8jc8Bjfuo0GTcNRT0glHnH1apUtInIktUknEZDH ohahInN+mMBdKg54FCHOiYZrJbyxBIo9FwX7hRmOc+spxmSYWnOd2E/YcGInMK4ZpjPzldzB Yt1n3zygkhx2bssxTJS3x4nv1qAXfLSZd1VwqoQufifEoPyTtymkkvHLv86vLgqAqooM/cXc 4LSIQ5u2uM308n42r8RkKtp7X1v9fJW8oRZN2XnFZtiUPH44YY2rHqyN2Hea9Y3+TXbldXjo xhPHTA+JYVFq8KTmbQBqU7YcMhlIG0cSxPeFLMxnP6pqPcIVTAlK+a6YGRFppfjZAgMBAAGj ggE2MIIBMjAdBgNVHQ4EFgQUH+VuxXhBxaJAQrvDekwkH91hBi4wgbMGA1UdIwSBqzCBqIAU RFYC4p6L6KITnEvrpx2cyt+PcMmheqR4MHYxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlUZW5u ZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5OZXQxFzAVBgNVBAMMDkRlbm5pbmdlciBSb290 MSIwIAYJKoZIhvcNAQkBFhNhZG1pbkBkZW5uaW5nZXIubmV0ghQZE7NBItWtQsCouuwU6jZ+ HPPwnjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+gLaAr hilodHRwOi8vd3d3LmRlbm5pbmdlci5uZXQvcm9vdC1yZXZva2VkLmNybDANBgkqhkiG9w0B AQsFAAOCAgEAfFbhPc82AfhyUqONs7IccYD36w+OP4nQgwfC4IWf3y/aQAZ2Zk6IITzYqwf7 PFM0bJRT3zi7xyetolqHDhfMJvnOQWpITZiyM/FSKwIvuBsy/uJUqPuqui4XQMYoSbAA1qmI MW/z7VZZHwaRFoeWE40UirYcf0fNcooBZ72bmd+iBaVyjtZvky0Vgcz0eC6e6LR5kNb23yC6 TkyQIlGyQkK5/afXUYFzk49rOHVbVyxW3oXRfq8Ow6HCrpDGAS8p84S04MFwBVAUfbe4aXs3 bampaI2LzKgkVywyFP14LSvvdjCfLYfnLy1Z9hm2EHMqNHA2tCGdRhWp2d7aZC1MYFqng0ZS fjPJjqHrI1qPU0p6k9A1GxAtrQlL2v/IUzUnMZkiawFV3qlxMGZf/kTYTUOcJhx1KU4zSLHu 80qO7ldRpp5gHssCAGFbeTu2gp6LxfmaFhLPDBJ1VGfdPx9lUrU/9OcoHczcl5x2Rb8IUZyX 9elzP5WdAU8p5R/DLlOAq24VcabhFtYBCA2dOESLupSfWKNQuJCN/1gz7ysSc+mjnnPV77IO mpszJfkFFJEDNJlGIVKX1vwwygtC/9Ulox8frgbZlRAYAgDc/YbOBFxticVVre0Y3Ujx6Kzb tkgZRlgfdZWbT1W5smncqJxg5qAL8e/yTb3fCe2nJ0jhiP4wggXpMIIE0aADAgECAhMAmNFt CiCF3j+FwQLYtBTmGjzkMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAlVTMRIwEAYDVQQI DAlUZW5uZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5uZXQxIjAgBgNVBAMMGURlbm5pbmdl ci5OZXQgU2lnbmluZyBJbnQwHhcNMjQwNTEwMTkyNjU5WhcNMjkwNTA5MTkyNjU5WjBXMQsw CQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2VlMRcwFQYDVQQKDA5LYXJsIERlbm5pbmdl cjEbMBkGA1UEAwwSa2FybEBkZW5uaW5nZXIubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAvh1UssVbSYctzobPjwBkbjv/w4WvQNepeRTwE6+sLnXvc41+X9pa5EclPL4Q l02Vu1m71mSqXGfK9HbWZoivbhefBHOoYb35MSc24PelhwcORbpneWoWc7giQ7QgFlvEe/yj fs8M0H9fgdzFS5m2lwBQbis8kioSjHB2yt/8I1GE4Mvt1Cur9kga6ML5FAQvo8TYN1stdhrE 13FEv/BWCF4FVT4H2Wa2ySW+R1jkKb74SC6Twg98bGCRTShD5bVylh0+0LXNhzaopIDcI/KK jm/j3mRjIlmqbGrSpvJsbjjhjhAYQKE1U8FB5TDU4OkFAibblhQit/KjgspPR2o/vOpVFPER uhZEV1oDGzUJtZlkREIcN2sYBi0p7Y4585ya+b7L10mEenPlyi3eSkGXEuiy/BR2DY6lShwW DPoQ5602TKmttCSwBdWGoLrQ4jEVEVNt4lku2wPbTHF3KpHJU0g7RbcWoUYn10SOxKathkir hF3v9U32+QhPELGwqRrH0sL9rWf0qalRtPDHUYl8TebZmYkFqNeSMlqHijl5f4SsQPSj7gx5 4F19Ntm9ZcvuWTmW8QQGWTKHeMuG+BYkVIUSPe6/ZQsbD/xDx7rkyGfNgWIa4W7Wm/B7kaNq H53tk3wFmNgZQOxMTPF0oTHfW0T2azU6JD0D1AlgoAnSAE0CAwEAAaOCAaYwggGiMDoGCCsG AQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AuZGVubmluZ2VyLm5ldDo3Nzc3 MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr BgEFBQcDBDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp ZmljYXRlMB0GA1UdDgQWBBSxJZjVnlYLAT3uzvDYgc4742J6UTCBswYDVR0jBIGrMIGogBQf 5W7FeEHFokBCu8N6TCQf3WEGLqF6pHgwdjELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5l c3NlZTEWMBQGA1UECgwNRGVubmluZ2VyLk5ldDEXMBUGA1UEAwwORGVubmluZ2VyIFJvb3Qx IjAgBgkqhkiG9w0BCQEWE2FkbWluQGRlbm5pbmdlci5uZXSCFFlTx0p0yd5EjVWrmS/STnhD mtC4MB0GA1UdEQQWMBSBEmthcmxAZGVubmluZ2VyLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEA TrQ45/tBN3SiuqItFv/V+CF3h7Hxe0YLsL+A/P+q9ZhxIscaNjaclgQhPA+rUr+l8DGoXJ/w yAl1E0SSBK+9phIc/9xFOBg3rCy4ngubzP+lHS1t03nMCBSUNsu5qPzqLBPiKaPabUu3Gr9o koRezSszgM3/zNJfr8cMO93csCK/fBccsMx5q+3nxB5XeT7UciicjfEzUA4m2mQxBmGk9SSU 147Gy8UmdSq57Tw82KqUrQ1pJ6IOzVPLREpwlqGbHykSU3MwtPYPtfQeFVjvO/XcWvoFQjbV UyhzAqMMYFudxoVLlJQiAgU38OScTLDgKxCO41h7VOjb2mss0zHndzGCBZUwggWRAgEBMHQw XTELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5lc3NlZTEWMBQGA1UECgwNRGVubmluZ2Vy Lm5ldDEiMCAGA1UEAwwZRGVubmluZ2VyLk5ldCBTaWduaW5nIEludAITAJjRbQoghd4/hcEC 2LQU5ho85DANBglghkgBZQMEAgMFAKCCAvIwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMjUwODEyMTE0MDA3WjBPBgkqhkiG9w0BCQQxQgRAa6zDpRqoxQLS zGNoRQeHA03AjUigvM2E/j7U9AdYYBpfyucjzeKF0hiNiQXaAjmnwysnceBZ3H2JgPWQmdH1 1DCBgwYJKwYBBAGCNxAEMXYwdDBdMQswCQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2Vl MRYwFAYDVQQKDA1EZW5uaW5nZXIubmV0MSIwIAYDVQQDDBlEZW5uaW5nZXIuTmV0IFNpZ25p bmcgSW50AhMAmNFtCiCF3j+FwQLYtBTmGjzkMIGFBgsqhkiG9w0BCRACCzF2oHQwXTELMAkG A1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5lc3NlZTEWMBQGA1UECgwNRGVubmluZ2VyLm5ldDEi MCAGA1UEAwwZRGVubmluZ2VyLk5ldCBTaWduaW5nIEludAITAJjRbQoghd4/hcEC2LQU5ho8 5DCCAVcGCSqGSIb3DQEJDzGCAUgwggFEMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYI KoZIhvcNAwcwDQYIKoZIhvcNAwICAQUwDQYIKoZIhvcNAwICAQUwBwYFKw4DAgcwDQYIKoZI hvcNAwICAQUwBwYFKw4DAhowCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAjALBglghkgBZQME AgMwCwYJYIZIAWUDBAIEMAsGCWCGSAFlAwQCBzALBglghkgBZQMEAggwCwYJYIZIAWUDBAIJ MAsGCWCGSAFlAwQCCjALBgkqhkiG9w0BAQEwCwYJK4EFEIZIPwACMAgGBiuBBAELADAIBgYr gQQBCwEwCAYGK4EEAQsCMAgGBiuBBAELAzALBgkrgQUQhkg/AAMwCAYGK4EEAQ4AMAgGBiuB BAEOATAIBgYrgQQBDgIwCAYGK4EEAQ4DMA0GCSqGSIb3DQEBAQUABIICAFQO6nugL+LxFIfc x5DYJtArfY4/9SZ7vKzz4RYKJiNm/k4aA/IhGHcbobGDKilEUYFDGse4cDHUZIvrOD7cPaZz yC7v7p47ZBxEuuDgQ6g6m38lIvY2m3iGF7UROPaBVWNawHLAJtaplEOCslYXoUuc8+4lu1r/ 9D39h6ED9Jg0qIbvmrakaZ8jKS/f40TTiWSe8P7s6npckyOAgd84X5u2zAmeu8omJ52Ud087 k7hq4nfLwPicBquEDCGdVl+mJewhqLE8GXmrlxD5VbxTmUHYmbqp59egmdjk0p+hznN0NN7F NQSj5vIUU5zLGOMAcgB0YIdGHHO3MhGLQ2oTDyfOobsNXn0KIDhUUQxrcoyZEq6aGIleVnOT 6Og4qakYMTb0RXobYLtNvB6hiUZKjzARheiUGLOcBcmvoEEvz41YfwHsiyvaGmSZm2Q4UHcT eXwQeZ/at+kPrBacdeiPhZ6jOR9EykLy9XF+ei7IcGaiLS56/7ZeoSs6PwQftwaGCVXdYAG2 CvsUOzCcfBfNUGplv6nJBPaAsHfkjO6Ot3a6QWd3u2vSPkGBXh1km4aZvHTKogF8W06yANvk VYmmW8XX1DOzDDISBddsNHnY+SfYA2Qw4He5Zx/iKkfQtuDhv/ZDoagunxo+9zQmRBcmOdEd TA6G9Vgtgvr8wWFmnhDGAAAAAAAA --------------ms040109020200080307010505-- From nobody Tue Aug 12 12:51:37 2025 X-Original-To: freebsd-embedded@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1Wc52T56z64jHC for ; Tue, 12 Aug 2025 12:52:05 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from gid2.gid.co.uk (ns0.gid.co.uk [IPv6:2001:470:94de::240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gid2.gid.co.uk", Issuer "gid2.gid.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c1Wc44Vxqz3J4n for ; Tue, 12 Aug 2025 12:52:04 +0000 (UTC) (envelope-from rb@gid.co.uk) Authentication-Results: mx1.freebsd.org; none Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250]) by gid2.gid.co.uk (8.15.2/8.15.2) with ESMTP id 57CCpsEj058238; Tue, 12 Aug 2025 13:51:54 +0100 (BST) (envelope-from rb@gid.co.uk) Received: from smtpclient.apple ([89.248.30.154]) by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id 57CCplLh038980; Tue, 12 Aug 2025 13:51:48 +0100 (BST) (envelope-from rb@gid.co.uk) Content-Type: text/plain; charset=utf-8 List-Id: Dedicated and Embedded Systems List-Archive: https://lists.freebsd.org/archives/freebsd-embedded List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-embedded@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.600.51.1.1\)) Subject: Re: PKGBase and Embedded Systems From: Bob Bishop In-Reply-To: <21444d9f-8a52-494e-a8d6-1700fd1ec769@denninger.net> Date: Tue, 12 Aug 2025 13:51:37 +0100 Cc: "freebsd-embedded@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <5FD8F9E6-C4B5-4B86-A5E8-491B544B0567@gid.co.uk> References: <21444d9f-8a52-494e-a8d6-1700fd1ec769@denninger.net> To: Karl Denninger X-Mailer: Apple Mail (2.3826.600.51.1.1) X-Rspamd-Queue-Id: 4c1Wc44Vxqz3J4n X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] Hi, > On 12 Aug 2025, at 12:40, Karl Denninger wrote: >=20 > Well, ok, "sort-of" embedded systems. Think firewalls. > Right now I build a USB stick-based setup for these on NanoBSD and, = for some other hardware in somewhat-similar applications (e.g. home = control, etc.) for the PI series using Crochet. > /var is volatile on both where /usr/local/etc has a "save" mechanism = (along with /etc) in both environments; that is, its volatile while = running, but can be instructed to sync with the saved copy thus on a = reboot/reset/powerloss the last-saved is retained. > A couple of times I've concluded the "best" way to deal with things = that dump state they'd like to keep in /var somewhere (usually in = /var/db), where the "thing" doesn't have a command-line switch to change = that, is to move that directory to /usr/local/etc/db and then symlink it = during the setup, thus it becomes "volatile but subject to save" as with = anything else in /usr/local/etc. We used to do that kind of thing. Now that storage, RAM and 64bit boxes = are cheap we just use a full install on ZFS and make everything except = the volatile bits read-only=E2=80=A6 > Pkgbase opens the possibility of fixing security vulnerabilities and = similar with other than using the "ping pong" type of dual-partition = setup that both nanobsd and Crochet can support. But pkgbase, like pkg = itself, relies on persistent storage. > Anyone else doing embedded stuff have thoughts on this? (I presume = pkgbase going to be something you CAN use, but not that you MUST = use....) =E2=80=A6 so we can directly use freebsd-update today and pkgbase = tomorrow. With ZFS one can switch the read-onlyness on and off selectively and = without rebooting. We also set copies=3D2 for a bit more safety = (although it=E2=80=99s debatable whether that actually helps). > --=20 > Karl Denninger > karl@denninger.net > The Market Ticker > [S/MIME encrypted email preferred] =20 -- Bob Bishop rb@gid.co.uk From nobody Tue Aug 12 13:55:16 2025 X-Original-To: freebsd-embedded@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1Y1d3VQcz64p5w for ; Tue, 12 Aug 2025 13:55:49 +0000 (UTC) (envelope-from karl@denninger.net) Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4c1Y1c4jY5z3T28 for ; Tue, 12 Aug 2025 13:55:48 +0000 (UTC) (envelope-from karl@denninger.net) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net; dmarc=pass (policy=none) header.from=denninger.net Received: from denninger.net (unknown [162.81.137.111]) by colo1.denninger.net (Postfix) with ESMTP id A4C8BB05B1 for ; Tue, 12 Aug 2025 09:54:39 -0400 (EDT) Received: from [192.168.10.15] (D5.Denninger.Net [192.168.10.15]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by denninger.net (Postfix) with ESMTPSA id 7E88F4C54A0 for ; Tue, 12 Aug 2025 09:55:17 -0400 (EDT) Message-ID: Date: Tue, 12 Aug 2025 09:55:16 -0400 List-Id: Dedicated and Embedded Systems List-Archive: https://lists.freebsd.org/archives/freebsd-embedded List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-embedded@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: PKGBase and Embedded Systems To: freebsd-embedded@freebsd.org References: <21444d9f-8a52-494e-a8d6-1700fd1ec769@denninger.net> <5FD8F9E6-C4B5-4B86-A5E8-491B544B0567@gid.co.uk> Content-Language: en-US From: Karl Denninger In-Reply-To: <5FD8F9E6-C4B5-4B86-A5E8-491B544B0567@gid.co.uk> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms000202080306050800060306" X-Spamd-Result: default: False [-1.85 / 15.00]; SIGNED_SMIME(-2.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.997]; NEURAL_SPAM_MEDIUM(1.00)[0.996]; NEURAL_SPAM_LONG(0.96)[0.955]; DMARC_POLICY_ALLOW(-0.50)[denninger.net,none]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+mx:c]; MIME_BASE64_TEXT(0.10)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; FREEFALL_USER(0.00)[karl]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-embedded@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-embedded@freebsd.org]; HAS_ATTACHMENT(0.00)[] X-Rspamd-Queue-Id: 4c1Y1c4jY5z3T28 X-Spamd-Bar: - This is a cryptographically signed message in MIME format. --------------ms000202080306050800060306 Content-Type: multipart/alternative; boundary="------------tVMNnfVsHZYTcSbQ97THVri2" --------------tVMNnfVsHZYTcSbQ97THVri2 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gOC8xMi8yMDI1IDA4OjUxLCBCb2IgQmlzaG9wIHdyb3RlOg0KPiBIaSwNCj4NCj4+IE9u IDEyIEF1ZyAyMDI1LCBhdCAxMjo0MCwgS2FybCBEZW5uaW5nZXI8a2FybEBkZW5uaW5nZXIu bmV0PiB3cm90ZToNCj4+DQo+PiBXZWxsLCBvaywgInNvcnQtb2YiIGVtYmVkZGVkIHN5c3Rl bXMuICBUaGluayBmaXJld2FsbHMuDQo+PiBSaWdodCBub3cgSSBidWlsZCBhIFVTQiBzdGlj ay1iYXNlZCBzZXR1cCBmb3IgdGhlc2Ugb24gTmFub0JTRCBhbmQsIGZvciBzb21lIG90aGVy IGhhcmR3YXJlIGluIHNvbWV3aGF0LXNpbWlsYXIgYXBwbGljYXRpb25zIChlLmcuIGhvbWUg Y29udHJvbCwgZXRjLikgZm9yIHRoZSBQSSBzZXJpZXMgdXNpbmcgQ3JvY2hldC4NCj4+IC92 YXIgaXMgdm9sYXRpbGUgb24gYm90aCB3aGVyZSAvdXNyL2xvY2FsL2V0YyBoYXMgYSAic2F2 ZSIgbWVjaGFuaXNtIChhbG9uZyB3aXRoIC9ldGMpIGluIGJvdGggZW52aXJvbm1lbnRzOyB0 aGF0IGlzLCBpdHMgdm9sYXRpbGUgd2hpbGUgcnVubmluZywgYnV0IGNhbiBiZSBpbnN0cnVj dGVkIHRvIHN5bmMgd2l0aCB0aGUgc2F2ZWQgY29weSB0aHVzIG9uIGEgcmVib290L3Jlc2V0 L3Bvd2VybG9zcyB0aGUgbGFzdC1zYXZlZCBpcyByZXRhaW5lZC4NCj4+IEEgY291cGxlIG9m IHRpbWVzIEkndmUgY29uY2x1ZGVkIHRoZSAiYmVzdCIgd2F5IHRvIGRlYWwgd2l0aCB0aGlu Z3MgdGhhdCBkdW1wIHN0YXRlIHRoZXknZCBsaWtlIHRvIGtlZXAgaW4gL3ZhciBzb21ld2hl cmUgKHVzdWFsbHkgaW4gL3Zhci9kYiksIHdoZXJlIHRoZSAidGhpbmciIGRvZXNuJ3QgaGF2 ZSBhIGNvbW1hbmQtbGluZSBzd2l0Y2ggdG8gY2hhbmdlIHRoYXQsIGlzIHRvIG1vdmUgdGhh dCBkaXJlY3RvcnkgdG8gL3Vzci9sb2NhbC9ldGMvZGIgYW5kIHRoZW4gc3ltbGluayBpdCBk dXJpbmcgdGhlIHNldHVwLCB0aHVzIGl0IGJlY29tZXMgInZvbGF0aWxlIGJ1dCBzdWJqZWN0 IHRvIHNhdmUiIGFzIHdpdGggYW55dGhpbmcgZWxzZSBpbiAvdXNyL2xvY2FsL2V0Yy4NCj4g V2UgdXNlZCB0byBkbyB0aGF0IGtpbmQgb2YgdGhpbmcuIE5vdyB0aGF0IHN0b3JhZ2UsIFJB TSBhbmQgNjRiaXQgYm94ZXMgYXJlIGNoZWFwIHdlIGp1c3QgdXNlIGEgZnVsbCBpbnN0YWxs IG9uIFpGUyBhbmQgbWFrZSBldmVyeXRoaW5nIGV4Y2VwdCB0aGUgdm9sYXRpbGUgYml0cyBy ZWFkLW9ubHnigKYNCg0KSXRzIG5vdCBzbyBtdWNoIGEgImhvdyBjaGVhcCBpcyB0aGUgcmVz b3VyY2UiIHByb2JsZW0gKHllcywgdGhhdCdzIA0KZ290dGVuIGEgbG90IGNoZWFwZXIgb3Zl ciB0aW1lKSBpdHMgYSAidGhlIGJveCBNVVNUIGNvbWUgYmFjayBvbmxpbmUgDQphZnRlciBh biB1bnNvbGljaXRlZCBwb3dlciBldmVudC4iDQoNClRoYXQgaW4gdHVybiBtZWFucyB0aGUg cGh5c2ljYWwgdm9sdW1lIGNhbm5vdCBiZSBvcGVuIGZvciB3cml0ZSwgDQpwYXJ0aWN1bGFy bHkgaW4gdGhlIGluc3RhbmNlIG9mIGEgdm9sdW1lIHRoYXQgY28tbWluZ2xlcyB2YXJpb3Vz IA0KbWV0YWRhdGEgdGhhdCBpcyBpbnRlcm5hbCB0byB0aGUgZGV2aWNlIGl0c2VsZiAoZS5n LiBhbiBTU0Qgd2hpY2ggZG9lcyANCml0cyBvd24gaW50ZXJuYWwgd2VhciBsZXZlbGluZyBh bmQgc3VjaC4pwqAgOTUlIG9mIHRoZSB0aW1lIElNSE8gaXNuJ3QgDQpnb29kIGVub3VnaC4N Cg0KLS0gDQpLYXJsIERlbm5pbmdlcg0Ka2FybEBkZW5uaW5nZXIubmV0DQovVGhlIE1hcmtl dCBUaWNrZXIvDQovW1MvTUlNRSBlbmNyeXB0ZWQgZW1haWwgcHJlZmVycmVkXS8NCg== --------------tVMNnfVsHZYTcSbQ97THVri2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 8/12/2025 08:51, Bob Bishop wrote:<= br> 
Hi,


On 12 Aug 2025, at 12:40, =
Karl Denninger <karl@denninger.net> wrote:

Well, ok, "sort-of" embedded systems.  Think firewalls.
Right now I build a USB stick-based setup for these on NanoBSD and, for s=
ome other hardware in somewhat-similar applications (e.g. home control, e=
tc.) for the PI series using Crochet.
/var is volatile on both where /usr/local/etc has a "save" mechanism (alo=
ng with /etc) in both environments; that is, its volatile while running, =
but can be instructed to sync with the saved copy thus on a reboot/reset/=
powerloss the last-saved is retained.
A couple of times I've concluded the "best" way to deal with things that =
dump state they'd like to keep in /var somewhere (usually in /var/db), wh=
ere the "thing" doesn't have a command-line switch to change that, is to =
move that directory to /usr/local/etc/db and then symlink it during the s=
etup, thus it becomes "volatile but subject to save" as with anything els=
e in /usr/local/etc.

We used to do that kind of thing. Now that storage, RAM and 64bit boxes a=
re cheap we just use a full install on ZFS and make everything except the=
 volatile bits read-only=E2=80=A6

Its not so much a "how cheap is the resource" problem (yes, that's gotten a lot cheaper over time) its a "the box MUST come back online after an unsolicited power event."

That in turn means the physical volume cannot be open for write, particularly in the instance of a volume that co-mingles various metadata that is internal to the device itself (e.g. an SSD which does its own internal wear leveling and such.)=C2=A0 95% of the tim= e IMHO isn't good enough.

--
Karl Denninger
karl@denninger.net
The Market Ticker
[S/MIME encrypted email preferred]<= /div> --------------tVMNnfVsHZYTcSbQ97THVri2-- --------------ms000202080306050800060306 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC C4owggWZMIIDgaADAgECAhRZU8dKdMneRI1Vq5kv0k54Q5rQuDANBgkqhkiG9w0BAQsFADB2 MQswCQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2VlMRYwFAYDVQQKDA1EZW5uaW5nZXIu TmV0MRcwFQYDVQQDDA5EZW5uaW5nZXIgUm9vdDEiMCAGCSqGSIb3DQEJARYTYWRtaW5AZGVu bmluZ2VyLm5ldDAeFw0yNDA1MDkyMTA4MDNaFw00NDA1MDQyMTA4MDNaMF0xCzAJBgNVBAYT AlVTMRIwEAYDVQQIDAlUZW5uZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5uZXQxIjAgBgNV BAMMGURlbm5pbmdlci5OZXQgU2lnbmluZyBJbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDbR0tSiuLG5HPfo+cWtdeYQ8jc8Bjfuo0GTcNRT0glHnH1apUtInIktUknEZDH ohahInN+mMBdKg54FCHOiYZrJbyxBIo9FwX7hRmOc+spxmSYWnOd2E/YcGInMK4ZpjPzldzB Yt1n3zygkhx2bssxTJS3x4nv1qAXfLSZd1VwqoQufifEoPyTtymkkvHLv86vLgqAqooM/cXc 4LSIQ5u2uM308n42r8RkKtp7X1v9fJW8oRZN2XnFZtiUPH44YY2rHqyN2Hea9Y3+TXbldXjo xhPHTA+JYVFq8KTmbQBqU7YcMhlIG0cSxPeFLMxnP6pqPcIVTAlK+a6YGRFppfjZAgMBAAGj ggE2MIIBMjAdBgNVHQ4EFgQUH+VuxXhBxaJAQrvDekwkH91hBi4wgbMGA1UdIwSBqzCBqIAU RFYC4p6L6KITnEvrpx2cyt+PcMmheqR4MHYxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlUZW5u ZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5OZXQxFzAVBgNVBAMMDkRlbm5pbmdlciBSb290 MSIwIAYJKoZIhvcNAQkBFhNhZG1pbkBkZW5uaW5nZXIubmV0ghQZE7NBItWtQsCouuwU6jZ+ HPPwnjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+gLaAr hilodHRwOi8vd3d3LmRlbm5pbmdlci5uZXQvcm9vdC1yZXZva2VkLmNybDANBgkqhkiG9w0B AQsFAAOCAgEAfFbhPc82AfhyUqONs7IccYD36w+OP4nQgwfC4IWf3y/aQAZ2Zk6IITzYqwf7 PFM0bJRT3zi7xyetolqHDhfMJvnOQWpITZiyM/FSKwIvuBsy/uJUqPuqui4XQMYoSbAA1qmI MW/z7VZZHwaRFoeWE40UirYcf0fNcooBZ72bmd+iBaVyjtZvky0Vgcz0eC6e6LR5kNb23yC6 TkyQIlGyQkK5/afXUYFzk49rOHVbVyxW3oXRfq8Ow6HCrpDGAS8p84S04MFwBVAUfbe4aXs3 bampaI2LzKgkVywyFP14LSvvdjCfLYfnLy1Z9hm2EHMqNHA2tCGdRhWp2d7aZC1MYFqng0ZS fjPJjqHrI1qPU0p6k9A1GxAtrQlL2v/IUzUnMZkiawFV3qlxMGZf/kTYTUOcJhx1KU4zSLHu 80qO7ldRpp5gHssCAGFbeTu2gp6LxfmaFhLPDBJ1VGfdPx9lUrU/9OcoHczcl5x2Rb8IUZyX 9elzP5WdAU8p5R/DLlOAq24VcabhFtYBCA2dOESLupSfWKNQuJCN/1gz7ysSc+mjnnPV77IO mpszJfkFFJEDNJlGIVKX1vwwygtC/9Ulox8frgbZlRAYAgDc/YbOBFxticVVre0Y3Ujx6Kzb tkgZRlgfdZWbT1W5smncqJxg5qAL8e/yTb3fCe2nJ0jhiP4wggXpMIIE0aADAgECAhMAmNFt CiCF3j+FwQLYtBTmGjzkMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAlVTMRIwEAYDVQQI DAlUZW5uZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5uZXQxIjAgBgNVBAMMGURlbm5pbmdl ci5OZXQgU2lnbmluZyBJbnQwHhcNMjQwNTEwMTkyNjU5WhcNMjkwNTA5MTkyNjU5WjBXMQsw CQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2VlMRcwFQYDVQQKDA5LYXJsIERlbm5pbmdl cjEbMBkGA1UEAwwSa2FybEBkZW5uaW5nZXIubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAvh1UssVbSYctzobPjwBkbjv/w4WvQNepeRTwE6+sLnXvc41+X9pa5EclPL4Q l02Vu1m71mSqXGfK9HbWZoivbhefBHOoYb35MSc24PelhwcORbpneWoWc7giQ7QgFlvEe/yj fs8M0H9fgdzFS5m2lwBQbis8kioSjHB2yt/8I1GE4Mvt1Cur9kga6ML5FAQvo8TYN1stdhrE 13FEv/BWCF4FVT4H2Wa2ySW+R1jkKb74SC6Twg98bGCRTShD5bVylh0+0LXNhzaopIDcI/KK jm/j3mRjIlmqbGrSpvJsbjjhjhAYQKE1U8FB5TDU4OkFAibblhQit/KjgspPR2o/vOpVFPER uhZEV1oDGzUJtZlkREIcN2sYBi0p7Y4585ya+b7L10mEenPlyi3eSkGXEuiy/BR2DY6lShwW DPoQ5602TKmttCSwBdWGoLrQ4jEVEVNt4lku2wPbTHF3KpHJU0g7RbcWoUYn10SOxKathkir hF3v9U32+QhPELGwqRrH0sL9rWf0qalRtPDHUYl8TebZmYkFqNeSMlqHijl5f4SsQPSj7gx5 4F19Ntm9ZcvuWTmW8QQGWTKHeMuG+BYkVIUSPe6/ZQsbD/xDx7rkyGfNgWIa4W7Wm/B7kaNq H53tk3wFmNgZQOxMTPF0oTHfW0T2azU6JD0D1AlgoAnSAE0CAwEAAaOCAaYwggGiMDoGCCsG AQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AuZGVubmluZ2VyLm5ldDo3Nzc3 MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr BgEFBQcDBDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp ZmljYXRlMB0GA1UdDgQWBBSxJZjVnlYLAT3uzvDYgc4742J6UTCBswYDVR0jBIGrMIGogBQf 5W7FeEHFokBCu8N6TCQf3WEGLqF6pHgwdjELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5l c3NlZTEWMBQGA1UECgwNRGVubmluZ2VyLk5ldDEXMBUGA1UEAwwORGVubmluZ2VyIFJvb3Qx IjAgBgkqhkiG9w0BCQEWE2FkbWluQGRlbm5pbmdlci5uZXSCFFlTx0p0yd5EjVWrmS/STnhD mtC4MB0GA1UdEQQWMBSBEmthcmxAZGVubmluZ2VyLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEA TrQ45/tBN3SiuqItFv/V+CF3h7Hxe0YLsL+A/P+q9ZhxIscaNjaclgQhPA+rUr+l8DGoXJ/w yAl1E0SSBK+9phIc/9xFOBg3rCy4ngubzP+lHS1t03nMCBSUNsu5qPzqLBPiKaPabUu3Gr9o koRezSszgM3/zNJfr8cMO93csCK/fBccsMx5q+3nxB5XeT7UciicjfEzUA4m2mQxBmGk9SSU 147Gy8UmdSq57Tw82KqUrQ1pJ6IOzVPLREpwlqGbHykSU3MwtPYPtfQeFVjvO/XcWvoFQjbV UyhzAqMMYFudxoVLlJQiAgU38OScTLDgKxCO41h7VOjb2mss0zHndzGCBZUwggWRAgEBMHQw XTELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5lc3NlZTEWMBQGA1UECgwNRGVubmluZ2Vy Lm5ldDEiMCAGA1UEAwwZRGVubmluZ2VyLk5ldCBTaWduaW5nIEludAITAJjRbQoghd4/hcEC 2LQU5ho85DANBglghkgBZQMEAgMFAKCCAvIwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMjUwODEyMTM1NTE2WjBPBgkqhkiG9w0BCQQxQgRAMP6r+D8wPjGy Wn/cadu21fu+MJG2cTH0aLN0sn5+Nb4Jo7gju9UnfBWdtM9rs4PSyo+MoDjhiSbrUEZ5GOUj wzCBgwYJKwYBBAGCNxAEMXYwdDBdMQswCQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2Vl MRYwFAYDVQQKDA1EZW5uaW5nZXIubmV0MSIwIAYDVQQDDBlEZW5uaW5nZXIuTmV0IFNpZ25p bmcgSW50AhMAmNFtCiCF3j+FwQLYtBTmGjzkMIGFBgsqhkiG9w0BCRACCzF2oHQwXTELMAkG A1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5lc3NlZTEWMBQGA1UECgwNRGVubmluZ2VyLm5ldDEi MCAGA1UEAwwZRGVubmluZ2VyLk5ldCBTaWduaW5nIEludAITAJjRbQoghd4/hcEC2LQU5ho8 5DCCAVcGCSqGSIb3DQEJDzGCAUgwggFEMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYI KoZIhvcNAwcwDQYIKoZIhvcNAwICAQUwDQYIKoZIhvcNAwICAQUwBwYFKw4DAgcwDQYIKoZI hvcNAwICAQUwBwYFKw4DAhowCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAjALBglghkgBZQME AgMwCwYJYIZIAWUDBAIEMAsGCWCGSAFlAwQCBzALBglghkgBZQMEAggwCwYJYIZIAWUDBAIJ MAsGCWCGSAFlAwQCCjALBgkqhkiG9w0BAQEwCwYJK4EFEIZIPwACMAgGBiuBBAELADAIBgYr gQQBCwEwCAYGK4EEAQsCMAgGBiuBBAELAzALBgkrgQUQhkg/AAMwCAYGK4EEAQ4AMAgGBiuB BAEOATAIBgYrgQQBDgIwCAYGK4EEAQ4DMA0GCSqGSIb3DQEBAQUABIICAIGn8lzOoCKmnhJx AJHxpdx+HJkJRPU86UZFQHjqXgsvMWMW4A/lx1lIhejYH4Eomv4vll/ZUsVEJ1Yh+upZsn06 QE0PWMQXybyLNKy9n5XM/SE0tDBaQeSk9VwnpgWFUFRFhOvjIiYJMcrkkhCIQCG6NdLUk/QH VfCAt5lbRwnZya3Iz8EyKXRynnrrgbpZwweUxIaxlPdZu0TUfO65918ZbE4SJMscbkD/3jC3 RCaYJOyf60iO2TmCCKsFggMo/3IBclE7jXvmwnrrYqWwktcau4GmE8m9FZAT37rnBYPzbgcK 5KzOF/PFao69ytHrs/FckxJ9eKbJ51xtbqU2M1P/fsddGvfTS5fwDQftk2jnabsxODb3EIu3 LV1BRYyLq/DAIQHzFJO01DdZFMup/UKbSnWQSCjPyoxT8HccIAFkWNeneGTOizJjdeReeRit wQaQ/Ypql5/zVYIkfm/A3U2kDdDfmDBXu0I9PQDzbHGVNTqQs1tLp/SyEwMomAQQ2gnYD5gp IjZ1ZYs6KnGkW2SX5TtRaT5lU0WG2q6ZE/CxHeyuv5SY0jE9NRjArfFMb0uXtv16YmSU7k0+ ov1umosFZEAGm0VCku3tBREkzFc47OgulnzDxFrcNJ+3Q7dDNHJgwocvF9OPyru+yyqgMJeq uRtod7KLJxS+TPQuv/p1AAAAAAAA --------------ms000202080306050800060306-- From nobody Tue Aug 12 14:50:57 2025 X-Original-To: freebsd-embedded@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1ZFj2G3nz64ttV for ; Tue, 12 Aug 2025 14:51:21 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from gid2.gid.co.uk (ns0.gid.co.uk [IPv6:2001:470:94de::240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gid2.gid.co.uk", Issuer "gid2.gid.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c1ZFh4sjxz3dlJ for ; Tue, 12 Aug 2025 14:51:20 +0000 (UTC) (envelope-from rb@gid.co.uk) Authentication-Results: mx1.freebsd.org; none Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250]) by gid2.gid.co.uk (8.15.2/8.15.2) with ESMTP id 57CEpCNc058605; Tue, 12 Aug 2025 15:51:12 +0100 (BST) (envelope-from rb@gid.co.uk) Received: from smtpclient.apple ([89.248.30.154]) by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id 57CEp7rE088100; Tue, 12 Aug 2025 15:51:07 +0100 (BST) (envelope-from rb@gid.co.uk) Content-Type: text/plain; charset=utf-8 List-Id: Dedicated and Embedded Systems List-Archive: https://lists.freebsd.org/archives/freebsd-embedded List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-embedded@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.600.51.1.1\)) Subject: Re: PKGBase and Embedded Systems From: Bob Bishop In-Reply-To: Date: Tue, 12 Aug 2025 15:50:57 +0100 Cc: "freebsd-embedded@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <21444d9f-8a52-494e-a8d6-1700fd1ec769@denninger.net> <5FD8F9E6-C4B5-4B86-A5E8-491B544B0567@gid.co.uk> To: Karl Denninger X-Mailer: Apple Mail (2.3826.600.51.1.1) X-Rspamd-Queue-Id: 4c1ZFh4sjxz3dlJ X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] > On 12 Aug 2025, at 14:55, Karl Denninger wrote: >=20 > [=E2=80=A6] > Its not so much a "how cheap is the resource" problem (yes, that's = gotten a lot cheaper over time) its a "the box MUST come back online = after an unsolicited power event." > That in turn means the physical volume cannot be open for write, = particularly in the instance of a volume that co-mingles various = metadata that is internal to the device itself (e.g. an SSD which does = its own internal wear leveling and such.) 95% of the time IMHO isn't = good enough. Our critical stuff is all on secured power, but we did do a certain = amount of =E2=80=98plug-pull=E2=80=99 testing with ZFS and SSDs on = PCEngines boxes and Intel rackmount servers, and we didn=E2=80=99t = manage to make it misbehave. Even if the physical volume isn=E2=80=99t open for write, it could still = get trashed if the controller misbehaves in response to a power glitch. > --=20 > Karl Denninger > karl@denninger.net > The Market Ticker > [S/MIME encrypted email preferred] -- Bob Bishop t: +44 (0)118 940 1243 rb@gid.co.uk m: +44 (0)783 626 4518