From nobody Tue Aug 12 11:40:07 2025 X-Original-To: freebsd-embedded@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1V1n5gMkz64ZnZ for ; Tue, 12 Aug 2025 11:40:45 +0000 (UTC) (envelope-from karl@denninger.net) Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4c1V1m3VWFz451v for ; Tue, 12 Aug 2025 11:40:44 +0000 (UTC) (envelope-from karl@denninger.net) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net; dmarc=pass (policy=none) header.from=denninger.net Received: from denninger.net (unknown [162.81.137.111]) by colo1.denninger.net (Postfix) with ESMTP id 83C60B05B1 for ; Tue, 12 Aug 2025 07:39:30 -0400 (EDT) Received: from [192.168.10.15] (D5.Denninger.Net [192.168.10.15]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by denninger.net (Postfix) with ESMTPSA id 4F8584C5042 for ; Tue, 12 Aug 2025 07:40:08 -0400 (EDT) Message-ID: <21444d9f-8a52-494e-a8d6-1700fd1ec769@denninger.net> Date: Tue, 12 Aug 2025 07:40:07 -0400 List-Id: Dedicated and Embedded Systems List-Archive: https://lists.freebsd.org/archives/freebsd-embedded List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-embedded@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: freebsd-embedded@freebsd.org From: Karl Denninger Subject: PKGBase and Embedded Systems Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms040109020200080307010505" X-Spamd-Result: default: False [-1.83 / 15.00]; SIGNED_SMIME(-2.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.996]; NEURAL_HAM_SHORT(-0.99)[-0.990]; NEURAL_SPAM_LONG(0.97)[0.967]; DMARC_POLICY_ALLOW(-0.50)[denninger.net,none]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+mx]; MIME_BASE64_TEXT(0.10)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US]; FREEFALL_USER(0.00)[karl]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-embedded@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_DKIM_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[freebsd-embedded@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_TLS_LAST(0.00)[]; HAS_ATTACHMENT(0.00)[] X-Rspamd-Queue-Id: 4c1V1m3VWFz451v X-Spamd-Bar: - This is a cryptographically signed message in MIME format. --------------ms040109020200080307010505 Content-Type: multipart/alternative; boundary="------------w6sVvCwkC2wxLKQnNUa90Pa4" --------------w6sVvCwkC2wxLKQnNUa90Pa4 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 V2VsbCwgb2ssICJzb3J0LW9mIiBlbWJlZGRlZCBzeXN0ZW1zLsKgIFRoaW5rIGZpcmV3YWxs cy4NCg0KUmlnaHQgbm93IEkgYnVpbGQgYSBVU0Igc3RpY2stYmFzZWQgc2V0dXAgZm9yIHRo ZXNlIG9uIE5hbm9CU0QgYW5kLCBmb3IgDQpzb21lIG90aGVyIGhhcmR3YXJlIGluIHNvbWV3 aGF0LXNpbWlsYXIgYXBwbGljYXRpb25zIChlLmcuIGhvbWUgY29udHJvbCwgDQpldGMuKSBm b3IgdGhlIFBJIHNlcmllcyB1c2luZyBDcm9jaGV0Lg0KDQovdmFyIGlzIHZvbGF0aWxlIG9u IGJvdGggd2hlcmUgL3Vzci9sb2NhbC9ldGMgaGFzIGEgInNhdmUiIG1lY2hhbmlzbSANCihh bG9uZyB3aXRoIC9ldGMpIGluIGJvdGggZW52aXJvbm1lbnRzOyB0aGF0IGlzLCBpdHMgdm9s YXRpbGUgd2hpbGUgDQpydW5uaW5nLCBidXQgY2FuIGJlIGluc3RydWN0ZWQgdG8gc3luYyB3 aXRoIHRoZSBzYXZlZCBjb3B5IHRodXMgb24gYSANCnJlYm9vdC9yZXNldC9wb3dlcmxvc3Mg dGhlIGxhc3Qtc2F2ZWQgaXMgcmV0YWluZWQuDQoNCkEgY291cGxlIG9mIHRpbWVzIEkndmUg Y29uY2x1ZGVkIHRoZSAiYmVzdCIgd2F5IHRvIGRlYWwgd2l0aCB0aGluZ3MgdGhhdCANCmR1 bXAgc3RhdGUgdGhleSdkIGxpa2UgdG8ga2VlcCBpbiAvdmFyIHNvbWV3aGVyZSAodXN1YWxs eSBpbiAvdmFyL2RiKSwgDQp3aGVyZSB0aGUgInRoaW5nIiBkb2Vzbid0IGhhdmUgYSBjb21t YW5kLWxpbmUgc3dpdGNoIHRvIGNoYW5nZSB0aGF0LCBpcyANCnRvIG1vdmUgdGhhdCBkaXJl Y3RvcnkgdG8gL3Vzci9sb2NhbC9ldGMvZGIgYW5kIHRoZW4gc3ltbGluayBpdCBkdXJpbmcg DQp0aGUgc2V0dXAsIHRodXMgaXQgYmVjb21lcyAidm9sYXRpbGUgYnV0IHN1YmplY3QgdG8g c2F2ZSIgYXMgd2l0aCANCmFueXRoaW5nIGVsc2UgaW4gL3Vzci9sb2NhbC9ldGMuDQoNClBr Z2Jhc2Ugb3BlbnMgdGhlIHBvc3NpYmlsaXR5IG9mIGZpeGluZyBzZWN1cml0eSB2dWxuZXJh YmlsaXRpZXMgYW5kIA0Kc2ltaWxhciB3aXRoIG90aGVyIHRoYW4gdXNpbmcgdGhlICJwaW5n IHBvbmciIHR5cGUgb2YgZHVhbC1wYXJ0aXRpb24gDQpzZXR1cCB0aGF0IGJvdGggbmFub2Jz ZCBhbmQgQ3JvY2hldCBjYW4gc3VwcG9ydC4gQnV0IHBrZ2Jhc2UsIGxpa2UgcGtnIA0KaXRz ZWxmLCByZWxpZXMgb24gcGVyc2lzdGVudCBzdG9yYWdlLg0KDQpBbnlvbmUgZWxzZSBkb2lu ZyBlbWJlZGRlZCBzdHVmZiBoYXZlIHRob3VnaHRzIG9uIHRoaXM/wqAgKEkgcHJlc3VtZSAN CnBrZ2Jhc2UgZ29pbmcgdG8gYmUgc29tZXRoaW5nIHlvdSBDQU4gdXNlLCBidXQgbm90IHRo YXQgeW91IE1VU1QgdXNlLi4uLikNCg0KLS0gDQpLYXJsIERlbm5pbmdlcg0Ka2FybEBkZW5u aW5nZXIubmV0DQovVGhlIE1hcmtldCBUaWNrZXIvDQovW1MvTUlNRSBlbmNyeXB0ZWQgZW1h aWwgcHJlZmVycmVkXSAvDQo= --------------w6sVvCwkC2wxLKQnNUa90Pa4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Well, ok, "sort-of" embedded systems.=C2=A0 Think firewalls.

Right now I build a USB stick-based setup for these on NanoBSD and, for some other hardware in somewhat-similar applications (e.g. home control, etc.) for the PI series using Crochet.

/var is volatile on both where /usr/local/etc has a "save" mechanism (along with /etc) in both environments; that is, its volatile while running, but can be instructed to sync with the saved copy thus on a reboot/reset/powerloss the last-saved is retained.

A couple of times I've concluded the "best" way to deal with things that dump state they'd like to keep in /var somewhere (usually in /var/db), where the "thing" doesn't have a command-line switch to change that, is to move that directory to /usr/local/etc/db and then symlink it during the setup, thus it becomes "volatile but subject to save" as with anything else in /usr/local/etc.

Pkgbase opens the possibility of fixing security vulnerabilities and similar with other than using the "ping pong" type of dual-partition setup that both nanobsd and Crochet can support.=C2=A0= But pkgbase, like pkg itself, relies on persistent storage.

Anyone else doing embedded stuff have thoughts on this?=C2=A0 (I presume pkgbase going to be something you CAN use, but not that you MUST use....)

--
Karl Denninger
karl@denninger.net
The Market Ticker
[S/MIME encrypted email preferred]=C2=A0 =C2=A0= =C2=A0
--------------w6sVvCwkC2wxLKQnNUa90Pa4-- --------------ms040109020200080307010505 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC C4owggWZMIIDgaADAgECAhRZU8dKdMneRI1Vq5kv0k54Q5rQuDANBgkqhkiG9w0BAQsFADB2 MQswCQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2VlMRYwFAYDVQQKDA1EZW5uaW5nZXIu TmV0MRcwFQYDVQQDDA5EZW5uaW5nZXIgUm9vdDEiMCAGCSqGSIb3DQEJARYTYWRtaW5AZGVu bmluZ2VyLm5ldDAeFw0yNDA1MDkyMTA4MDNaFw00NDA1MDQyMTA4MDNaMF0xCzAJBgNVBAYT AlVTMRIwEAYDVQQIDAlUZW5uZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5uZXQxIjAgBgNV BAMMGURlbm5pbmdlci5OZXQgU2lnbmluZyBJbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDbR0tSiuLG5HPfo+cWtdeYQ8jc8Bjfuo0GTcNRT0glHnH1apUtInIktUknEZDH ohahInN+mMBdKg54FCHOiYZrJbyxBIo9FwX7hRmOc+spxmSYWnOd2E/YcGInMK4ZpjPzldzB Yt1n3zygkhx2bssxTJS3x4nv1qAXfLSZd1VwqoQufifEoPyTtymkkvHLv86vLgqAqooM/cXc 4LSIQ5u2uM308n42r8RkKtp7X1v9fJW8oRZN2XnFZtiUPH44YY2rHqyN2Hea9Y3+TXbldXjo xhPHTA+JYVFq8KTmbQBqU7YcMhlIG0cSxPeFLMxnP6pqPcIVTAlK+a6YGRFppfjZAgMBAAGj ggE2MIIBMjAdBgNVHQ4EFgQUH+VuxXhBxaJAQrvDekwkH91hBi4wgbMGA1UdIwSBqzCBqIAU RFYC4p6L6KITnEvrpx2cyt+PcMmheqR4MHYxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlUZW5u ZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5OZXQxFzAVBgNVBAMMDkRlbm5pbmdlciBSb290 MSIwIAYJKoZIhvcNAQkBFhNhZG1pbkBkZW5uaW5nZXIubmV0ghQZE7NBItWtQsCouuwU6jZ+ HPPwnjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+gLaAr hilodHRwOi8vd3d3LmRlbm5pbmdlci5uZXQvcm9vdC1yZXZva2VkLmNybDANBgkqhkiG9w0B AQsFAAOCAgEAfFbhPc82AfhyUqONs7IccYD36w+OP4nQgwfC4IWf3y/aQAZ2Zk6IITzYqwf7 PFM0bJRT3zi7xyetolqHDhfMJvnOQWpITZiyM/FSKwIvuBsy/uJUqPuqui4XQMYoSbAA1qmI MW/z7VZZHwaRFoeWE40UirYcf0fNcooBZ72bmd+iBaVyjtZvky0Vgcz0eC6e6LR5kNb23yC6 TkyQIlGyQkK5/afXUYFzk49rOHVbVyxW3oXRfq8Ow6HCrpDGAS8p84S04MFwBVAUfbe4aXs3 bampaI2LzKgkVywyFP14LSvvdjCfLYfnLy1Z9hm2EHMqNHA2tCGdRhWp2d7aZC1MYFqng0ZS fjPJjqHrI1qPU0p6k9A1GxAtrQlL2v/IUzUnMZkiawFV3qlxMGZf/kTYTUOcJhx1KU4zSLHu 80qO7ldRpp5gHssCAGFbeTu2gp6LxfmaFhLPDBJ1VGfdPx9lUrU/9OcoHczcl5x2Rb8IUZyX 9elzP5WdAU8p5R/DLlOAq24VcabhFtYBCA2dOESLupSfWKNQuJCN/1gz7ysSc+mjnnPV77IO mpszJfkFFJEDNJlGIVKX1vwwygtC/9Ulox8frgbZlRAYAgDc/YbOBFxticVVre0Y3Ujx6Kzb tkgZRlgfdZWbT1W5smncqJxg5qAL8e/yTb3fCe2nJ0jhiP4wggXpMIIE0aADAgECAhMAmNFt CiCF3j+FwQLYtBTmGjzkMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAlVTMRIwEAYDVQQI DAlUZW5uZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5uZXQxIjAgBgNVBAMMGURlbm5pbmdl ci5OZXQgU2lnbmluZyBJbnQwHhcNMjQwNTEwMTkyNjU5WhcNMjkwNTA5MTkyNjU5WjBXMQsw CQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2VlMRcwFQYDVQQKDA5LYXJsIERlbm5pbmdl cjEbMBkGA1UEAwwSa2FybEBkZW5uaW5nZXIubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAvh1UssVbSYctzobPjwBkbjv/w4WvQNepeRTwE6+sLnXvc41+X9pa5EclPL4Q l02Vu1m71mSqXGfK9HbWZoivbhefBHOoYb35MSc24PelhwcORbpneWoWc7giQ7QgFlvEe/yj fs8M0H9fgdzFS5m2lwBQbis8kioSjHB2yt/8I1GE4Mvt1Cur9kga6ML5FAQvo8TYN1stdhrE 13FEv/BWCF4FVT4H2Wa2ySW+R1jkKb74SC6Twg98bGCRTShD5bVylh0+0LXNhzaopIDcI/KK jm/j3mRjIlmqbGrSpvJsbjjhjhAYQKE1U8FB5TDU4OkFAibblhQit/KjgspPR2o/vOpVFPER uhZEV1oDGzUJtZlkREIcN2sYBi0p7Y4585ya+b7L10mEenPlyi3eSkGXEuiy/BR2DY6lShwW DPoQ5602TKmttCSwBdWGoLrQ4jEVEVNt4lku2wPbTHF3KpHJU0g7RbcWoUYn10SOxKathkir hF3v9U32+QhPELGwqRrH0sL9rWf0qalRtPDHUYl8TebZmYkFqNeSMlqHijl5f4SsQPSj7gx5 4F19Ntm9ZcvuWTmW8QQGWTKHeMuG+BYkVIUSPe6/ZQsbD/xDx7rkyGfNgWIa4W7Wm/B7kaNq H53tk3wFmNgZQOxMTPF0oTHfW0T2azU6JD0D1AlgoAnSAE0CAwEAAaOCAaYwggGiMDoGCCsG AQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AuZGVubmluZ2VyLm5ldDo3Nzc3 MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr BgEFBQcDBDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp ZmljYXRlMB0GA1UdDgQWBBSxJZjVnlYLAT3uzvDYgc4742J6UTCBswYDVR0jBIGrMIGogBQf 5W7FeEHFokBCu8N6TCQf3WEGLqF6pHgwdjELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5l c3NlZTEWMBQGA1UECgwNRGVubmluZ2VyLk5ldDEXMBUGA1UEAwwORGVubmluZ2VyIFJvb3Qx IjAgBgkqhkiG9w0BCQEWE2FkbWluQGRlbm5pbmdlci5uZXSCFFlTx0p0yd5EjVWrmS/STnhD mtC4MB0GA1UdEQQWMBSBEmthcmxAZGVubmluZ2VyLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEA TrQ45/tBN3SiuqItFv/V+CF3h7Hxe0YLsL+A/P+q9ZhxIscaNjaclgQhPA+rUr+l8DGoXJ/w yAl1E0SSBK+9phIc/9xFOBg3rCy4ngubzP+lHS1t03nMCBSUNsu5qPzqLBPiKaPabUu3Gr9o koRezSszgM3/zNJfr8cMO93csCK/fBccsMx5q+3nxB5XeT7UciicjfEzUA4m2mQxBmGk9SSU 147Gy8UmdSq57Tw82KqUrQ1pJ6IOzVPLREpwlqGbHykSU3MwtPYPtfQeFVjvO/XcWvoFQjbV UyhzAqMMYFudxoVLlJQiAgU38OScTLDgKxCO41h7VOjb2mss0zHndzGCBZUwggWRAgEBMHQw XTELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5lc3NlZTEWMBQGA1UECgwNRGVubmluZ2Vy Lm5ldDEiMCAGA1UEAwwZRGVubmluZ2VyLk5ldCBTaWduaW5nIEludAITAJjRbQoghd4/hcEC 2LQU5ho85DANBglghkgBZQMEAgMFAKCCAvIwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMjUwODEyMTE0MDA3WjBPBgkqhkiG9w0BCQQxQgRAa6zDpRqoxQLS zGNoRQeHA03AjUigvM2E/j7U9AdYYBpfyucjzeKF0hiNiQXaAjmnwysnceBZ3H2JgPWQmdH1 1DCBgwYJKwYBBAGCNxAEMXYwdDBdMQswCQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2Vl MRYwFAYDVQQKDA1EZW5uaW5nZXIubmV0MSIwIAYDVQQDDBlEZW5uaW5nZXIuTmV0IFNpZ25p bmcgSW50AhMAmNFtCiCF3j+FwQLYtBTmGjzkMIGFBgsqhkiG9w0BCRACCzF2oHQwXTELMAkG A1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5lc3NlZTEWMBQGA1UECgwNRGVubmluZ2VyLm5ldDEi MCAGA1UEAwwZRGVubmluZ2VyLk5ldCBTaWduaW5nIEludAITAJjRbQoghd4/hcEC2LQU5ho8 5DCCAVcGCSqGSIb3DQEJDzGCAUgwggFEMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYI KoZIhvcNAwcwDQYIKoZIhvcNAwICAQUwDQYIKoZIhvcNAwICAQUwBwYFKw4DAgcwDQYIKoZI hvcNAwICAQUwBwYFKw4DAhowCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAjALBglghkgBZQME AgMwCwYJYIZIAWUDBAIEMAsGCWCGSAFlAwQCBzALBglghkgBZQMEAggwCwYJYIZIAWUDBAIJ MAsGCWCGSAFlAwQCCjALBgkqhkiG9w0BAQEwCwYJK4EFEIZIPwACMAgGBiuBBAELADAIBgYr gQQBCwEwCAYGK4EEAQsCMAgGBiuBBAELAzALBgkrgQUQhkg/AAMwCAYGK4EEAQ4AMAgGBiuB BAEOATAIBgYrgQQBDgIwCAYGK4EEAQ4DMA0GCSqGSIb3DQEBAQUABIICAFQO6nugL+LxFIfc x5DYJtArfY4/9SZ7vKzz4RYKJiNm/k4aA/IhGHcbobGDKilEUYFDGse4cDHUZIvrOD7cPaZz yC7v7p47ZBxEuuDgQ6g6m38lIvY2m3iGF7UROPaBVWNawHLAJtaplEOCslYXoUuc8+4lu1r/ 9D39h6ED9Jg0qIbvmrakaZ8jKS/f40TTiWSe8P7s6npckyOAgd84X5u2zAmeu8omJ52Ud087 k7hq4nfLwPicBquEDCGdVl+mJewhqLE8GXmrlxD5VbxTmUHYmbqp59egmdjk0p+hznN0NN7F NQSj5vIUU5zLGOMAcgB0YIdGHHO3MhGLQ2oTDyfOobsNXn0KIDhUUQxrcoyZEq6aGIleVnOT 6Og4qakYMTb0RXobYLtNvB6hiUZKjzARheiUGLOcBcmvoEEvz41YfwHsiyvaGmSZm2Q4UHcT eXwQeZ/at+kPrBacdeiPhZ6jOR9EykLy9XF+ei7IcGaiLS56/7ZeoSs6PwQftwaGCVXdYAG2 CvsUOzCcfBfNUGplv6nJBPaAsHfkjO6Ot3a6QWd3u2vSPkGBXh1km4aZvHTKogF8W06yANvk VYmmW8XX1DOzDDISBddsNHnY+SfYA2Qw4He5Zx/iKkfQtuDhv/ZDoagunxo+9zQmRBcmOdEd TA6G9Vgtgvr8wWFmnhDGAAAAAAAA --------------ms040109020200080307010505--