From nobody Tue Aug 12 12:51:37 2025 X-Original-To: freebsd-embedded@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1Wc52T56z64jHC for ; Tue, 12 Aug 2025 12:52:05 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from gid2.gid.co.uk (ns0.gid.co.uk [IPv6:2001:470:94de::240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gid2.gid.co.uk", Issuer "gid2.gid.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c1Wc44Vxqz3J4n for ; Tue, 12 Aug 2025 12:52:04 +0000 (UTC) (envelope-from rb@gid.co.uk) Authentication-Results: mx1.freebsd.org; none Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250]) by gid2.gid.co.uk (8.15.2/8.15.2) with ESMTP id 57CCpsEj058238; Tue, 12 Aug 2025 13:51:54 +0100 (BST) (envelope-from rb@gid.co.uk) Received: from smtpclient.apple ([89.248.30.154]) by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id 57CCplLh038980; Tue, 12 Aug 2025 13:51:48 +0100 (BST) (envelope-from rb@gid.co.uk) Content-Type: text/plain; charset=utf-8 List-Id: Dedicated and Embedded Systems List-Archive: https://lists.freebsd.org/archives/freebsd-embedded List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-embedded@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.600.51.1.1\)) Subject: Re: PKGBase and Embedded Systems From: Bob Bishop In-Reply-To: <21444d9f-8a52-494e-a8d6-1700fd1ec769@denninger.net> Date: Tue, 12 Aug 2025 13:51:37 +0100 Cc: "freebsd-embedded@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <5FD8F9E6-C4B5-4B86-A5E8-491B544B0567@gid.co.uk> References: <21444d9f-8a52-494e-a8d6-1700fd1ec769@denninger.net> To: Karl Denninger X-Mailer: Apple Mail (2.3826.600.51.1.1) X-Rspamd-Queue-Id: 4c1Wc44Vxqz3J4n X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] Hi, > On 12 Aug 2025, at 12:40, Karl Denninger wrote: >=20 > Well, ok, "sort-of" embedded systems. Think firewalls. > Right now I build a USB stick-based setup for these on NanoBSD and, = for some other hardware in somewhat-similar applications (e.g. home = control, etc.) for the PI series using Crochet. > /var is volatile on both where /usr/local/etc has a "save" mechanism = (along with /etc) in both environments; that is, its volatile while = running, but can be instructed to sync with the saved copy thus on a = reboot/reset/powerloss the last-saved is retained. > A couple of times I've concluded the "best" way to deal with things = that dump state they'd like to keep in /var somewhere (usually in = /var/db), where the "thing" doesn't have a command-line switch to change = that, is to move that directory to /usr/local/etc/db and then symlink it = during the setup, thus it becomes "volatile but subject to save" as with = anything else in /usr/local/etc. We used to do that kind of thing. Now that storage, RAM and 64bit boxes = are cheap we just use a full install on ZFS and make everything except = the volatile bits read-only=E2=80=A6 > Pkgbase opens the possibility of fixing security vulnerabilities and = similar with other than using the "ping pong" type of dual-partition = setup that both nanobsd and Crochet can support. But pkgbase, like pkg = itself, relies on persistent storage. > Anyone else doing embedded stuff have thoughts on this? (I presume = pkgbase going to be something you CAN use, but not that you MUST = use....) =E2=80=A6 so we can directly use freebsd-update today and pkgbase = tomorrow. With ZFS one can switch the read-onlyness on and off selectively and = without rebooting. We also set copies=3D2 for a bit more safety = (although it=E2=80=99s debatable whether that actually helps). > --=20 > Karl Denninger > karl@denninger.net > The Market Ticker > [S/MIME encrypted email preferred] =20 -- Bob Bishop rb@gid.co.uk