Page MenuHomeFreeBSD

dfr (Doug Rabson)
User

Projects

User Details

User Since
Mar 7 2015, 6:48 PM (553 w, 1 d)

Recent Activity

Thu, Oct 9

dfr committed rGe5c0b4f03692: release: Avoid generating .pkgsave files in OCI images (authored by dfr).
release: Avoid generating .pkgsave files in OCI images
Thu, Oct 9, 10:48 AM

Wed, Oct 8

dfr abandoned D52616: release: Don't install FreeBSD-caroot in the notoolchain image.

This issue does not affect the release building process and will resolve itself for me when I update my build host to stable/15

Wed, Oct 8, 2:32 PM
dfr committed rGe21e6e96b662: release: Avoid generating .pkgsave files in OCI images (authored by dfr).
release: Avoid generating .pkgsave files in OCI images
Wed, Oct 8, 2:32 PM
dfr closed D52615: release: Avoid generating .pkgsave files in OCI images.
Wed, Oct 8, 2:32 PM

Thu, Sep 25

dfr added a comment to D52616: release: Don't install FreeBSD-caroot in the notoolchain image.
In D52616#1204489, @dch wrote:
Thu, Sep 25, 3:50 PM

Fri, Sep 19

dfr added inline comments to D52617: release: Rework oci image handling using metalogs.
Fri, Sep 19, 3:05 PM
dfr added a comment to D52617: release: Rework oci image handling using metalogs.
In D52617#1201983, @imp wrote:

You might want to look at ~imp/armv7-pkgbase-14.3-exp.sh which generates a bootable image w/o root for armv7 with the correct perms using pkgbase + pkg to create the system.

I'm sure it misses many .conf files, etc that are installed / generated (*pwd.db I found already). I'm surprised I didn't add passwd though.

I wrote the above as PoC for making nanobsd be able to generate images like this, stealing bits and pieces from different places (including your OCI scripts, which acted as one of the kicks in the butt to get my work moving again).

-o INSTALL_AS_USER=yes
Fri, Sep 19, 2:29 PM
dfr requested review of D52617: release: Rework oci image handling using metalogs.
Fri, Sep 19, 1:56 PM
dfr requested review of D52616: release: Don't install FreeBSD-caroot in the notoolchain image.
Fri, Sep 19, 1:56 PM
dfr requested review of D52615: release: Avoid generating .pkgsave files in OCI images.
Fri, Sep 19, 1:56 PM

Mon, Sep 15

dfr added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.

My version of the diff which adds all the -dev pacakges {F128913448}

Mon, Sep 15, 3:20 PM
dfr added inline comments to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.
Mon, Sep 15, 2:18 PM
dfr added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.
In D51471#1199744, @dch wrote:

I'm very confused about pkgbase -dev packages.

For example, sshd:

$ ldd /usr/sbin/sshd
/usr/sbin/sshd:
        libprivatessh.so.5 => /usr/lib/libprivatessh.so.5 (0x32d96f455000)
...
$ pkg which /usr/lib/libprivatessh.so
/usr/lib/libprivatessh.so was installed by package FreeBSD-ssh-dev-15.0.1.20250906130029

But in practice, sshd doesn't seem to depend on this - I removed the FreeBSD-ssh-dev
package, restarted sshd and can connect -- neither client nor server were broken.

@dfr according to what you say above, all the -dev packages should go in toolchain package.
But if we actually need them in general for running e.g. ssh or whatever, then they need
to be pulled in elsewhere.

TLDR do I add all of these -dev and -man packages to toolchain or full?

Mon, Sep 15, 12:07 PM

Sep 5 2025

dfr added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.

I don't have strong opinions on the package list other than to note that clang is fairly useless without the *dev packages. As David notes, we could probably make a case for two images here, 'kitchen sink without toolchain' and another one containing toolchain etc. using kitchen sink as base.

Sep 5 2025, 12:59 PM

Jul 25 2025

dfr added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.

thinking some more, base is probably OK because it mirrors the base system, but should that then be the one including the toolchain? I guess it's fine like this

Jul 25 2025, 2:15 PM

Jul 24 2025

dfr added a comment to D51470: release: update oci-image templates after recent krb5 pkgbase changes.

Colin opened a similar diff: D51481. Since there is some activity there, perhaps focus on that one?

Jul 24 2025, 7:38 AM

Jul 23 2025

dfr added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.
In D51471#1175361, @dch wrote:

I'll also remove:

  • ntp
  • ppp
  • rdma
  • syscons-data
  • vt-data
  • wpa

I'll split this into a compiler & full image as suggested
What should the dependency be? compiler needs full, or other
way around?

We can bikeshed the naming, but first I'll get it working.

Jul 23 2025, 10:58 AM
dfr added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.

I don't have strong opinions on the package list other than to note that clang is fairly useless without the *dev packages. As David notes, we could probably make a case for two images here, 'kitchen sink without toolchain' and another one containing toolchain etc. using kitchen sink as base.

Jul 23 2025, 10:16 AM
dfr added inline comments to D51404: release: Don't install caroot in OCI images..
Jul 23 2025, 7:31 AM

Jul 22 2025

dfr accepted D51404: release: Don't install caroot in OCI images..

Sorry - I didn't see the notification for this one. I spent some time yesterday trying to do something similar but this version is much nicer. I tested it locally and everything looks right - I had to patch it to run certctl.sh from ${srcdir} instead running the host's certctl.

Jul 22 2025, 10:56 AM
dfr committed rG0fbe9f8ef94d: share/examples/oci: Run 'pkg update' with IGNORE_OSVERSION set (authored by dfr).
share/examples/oci: Run 'pkg update' with IGNORE_OSVERSION set
Jul 22 2025, 10:48 AM
dfr closed D50596: release: Make sure 'pkg update' is run with ASSUME_ALWAYS_YES set.
Jul 22 2025, 10:48 AM

Jul 21 2025

dfr updated the diff for D50596: release: Make sure 'pkg update' is run with ASSUME_ALWAYS_YES set.

Set IGNORE_OSVERSION instead of ASSUME_ALWAYS_YES

Jul 21 2025, 2:02 PM
dfr added a comment to D50596: release: Make sure 'pkg update' is run with ASSUME_ALWAYS_YES set.

I think I will re-work this to set IGNORE_OSVERSION instead.

Jul 21 2025, 1:42 PM
dfr added a comment to D50596: release: Make sure 'pkg update' is run with ASSUME_ALWAYS_YES set.

I tried 'pkg bootstrap -y ... && pkg update -f' and got a y/N prompt due to an OSVERSION mismatch:

Jul 21 2025, 1:35 PM
dfr added a comment to D50596: release: Make sure 'pkg update' is run with ASSUME_ALWAYS_YES set.

I would like to get this change into 14.3 if possible - it works around a confusing error message caused by 'pkg update' attempting to get a yes/no response.

Jul 21 2025, 1:27 PM
dfr updated the diff for D50596: release: Make sure 'pkg update' is run with ASSUME_ALWAYS_YES set.

Rebase, reword commit, change image path

Jul 21 2025, 1:23 PM
dfr committed rG2e2903faa6ec: release: Generalise the OCI image build's pkg config (authored by dfr).
release: Generalise the OCI image build's pkg config
Jul 21 2025, 12:49 PM

Jul 18 2025

dfr added a comment to D42095: release: Let caroot depend on certctl, not vice versa..

I'm pretty sure this broke the OCI image build - did you not see my comment above. I don't have time to deal with this in the near future - please either back this out or fix the image build script to use the new certctl feature.

Jul 18 2025, 7:08 AM

Jul 17 2025

dfr accepted D51373: certctl: Add an option to copy files..

Looks good. What would happen if someone copies the certs and then later links them - will the copies be removed and replaced with links?

Jul 17 2025, 3:50 PM
dfr added a comment to D42095: release: Let caroot depend on certctl, not vice versa..
In D42095#1173193, @des wrote:

No, certctl is not useless without the caroot package. It can still be used to hash certificates installed from ports or some other source. On the other hand, installing caroot without the tool needed to hash the certificates it contains makes no sense.

Jul 17 2025, 1:53 PM
dfr added a comment to D42095: release: Let caroot depend on certctl, not vice versa..
In D42095#1173152, @dfr wrote:

I think this is wrong. This makes it impossible to install caroot without pulling in all of FreeBSD-runtime. My though process is 'can I use caroot without certctl' and the answer is a qualified yes - it can be done by running certctl with DESTDIR set. Conversely, 'can I use certctl without caroot' - clearly not since certctl is useless without certs. Therefor (in my mind), certctl should depend on caroot, not the other way around.

The other way round can be defended too: your certctl with DESTDIR means certctl has use even if the host doesn’t have any certs. Maybe neither should depend on the other and there should be a meta package that is both? (Maybe with some renaming of existing packages to make it clear)

Jul 17 2025, 1:39 PM
dfr added a comment to D42095: release: Let caroot depend on certctl, not vice versa..

I think this is wrong. This makes it impossible to install caroot without pulling in all of FreeBSD-runtime. My though process is 'can I use caroot without certctl' and the answer is a qualified yes - it can be done by running certctl with DESTDIR set. Conversely, 'can I use certctl without caroot' - clearly not since certctl is useless without certs. Therefor (in my mind), certctl should depend on caroot, not the other way around.

Jul 17 2025, 12:45 PM

Jun 24 2025

dfr accepted D49184: Update podman-related ports to their recent versions.

Looks good to me - thanks for working on this.

Jun 24 2025, 10:37 AM

Jun 18 2025

dfr added a comment to D49184: Update podman-related ports to their recent versions.

The podman port needs a patch to work around an upstream regression which I'm working to get fixed in https://github.com/containers/podman/pull/26188. We can add a simpler workaround to the port - something like:

Jun 18 2025, 12:19 PM

Jun 17 2025

dfr added a comment to D50847: net/containernetworking-plugins: use correct family during rule generation.
In D50847#1161816, @dch wrote:

Let's upstream this first and then I can just bump the port.

What is the branch from your https://github.com/dfr/plugins ?
There's no matching branch compared to what the ports tree fetches

{F120368428}

Jun 17 2025, 12:37 PM

Jun 16 2025

dfr accepted D50847: net/containernetworking-plugins: use correct family during rule generation.

Looks good to me and works in my testing. It would be helpful if you could also make a pull request for github.com/dfr/plugins which is the upstream for this port (my fork of the CNI plugins).

Jun 16 2025, 2:55 PM

May 29 2025

dfr added a comment to D50596: release: Make sure 'pkg update' is run with ASSUME_ALWAYS_YES set.

I would like to get this change into 14.3 if possible - it works around a confusing error message caused by 'pkg update' attempting to get a yes/no response.

May 29 2025, 11:18 AM
dfr requested review of D50596: release: Make sure 'pkg update' is run with ASSUME_ALWAYS_YES set.
May 29 2025, 11:11 AM

Apr 26 2025

dfr accepted D50043: release: use "runtime" instead of "minimal" for OCI image name.
Apr 26 2025, 2:40 PM

Apr 15 2025

dfr added a comment to D49821: release: Avoid sparse-file handling for container image layers.
In D49821#1136169, @dch wrote:

LGTM, testing with stable/14 today. thanks Doug for tracking this down & explaining it.

Apr 15 2025, 4:45 PM
dfr retitled D49821: release: Avoid sparse-file handling for container image layers from release: use gtar for container image layers to release: Avoid sparse-file handling for container image layers.
Apr 15 2025, 3:33 PM
dfr updated the diff for D49821: release: Avoid sparse-file handling for container image layers.

This version disables sparse-file handling which is the cause of the incompatibility with Podman

Apr 15 2025, 1:56 PM

Apr 14 2025

dfr added a comment to D49821: release: Avoid sparse-file handling for container image layers.
Apr 14 2025, 1:24 PM
dfr requested review of D49821: release: Avoid sparse-file handling for container image layers.
Apr 14 2025, 9:48 AM

Mar 19 2025

dfr added a comment to D15865: Provide process space virtualisation functionality for jails..

From the Jails Production User call: This work is still of interest, particularly in the context of OCI jail progress.
DCH: "This needs serious rebasing." Do any developers have interest in this feature?

I think @dfr is interested with this :)

Mar 19 2025, 3:06 PM

Mar 4 2025

dfr committed rGf60149306ccf: release: build OCI images with shell scripts (authored by dfr).
release: build OCI images with shell scripts
Mar 4 2025, 1:46 PM

Mar 2 2025

dfr committed rGe8a5b9fd73f4: release: build OCI images with shell scripts (authored by dfr).
release: build OCI images with shell scripts
Mar 2 2025, 3:18 PM
dfr closed D48574: release: build OCI images with shell scripts.
Mar 2 2025, 3:18 PM

Feb 28 2025

dfr updated the diff for D48574: release: build OCI images with shell scripts.

Review feedback

Feb 28 2025, 2:04 PM
dfr added inline comments to D48574: release: build OCI images with shell scripts.
Feb 28 2025, 2:04 PM

Feb 27 2025

dfr added a comment to D48574: release: build OCI images with shell scripts.

Addressed review feedback.

Feb 27 2025, 2:31 PM
dfr updated the diff for D48574: release: build OCI images with shell scripts.

Review feedback

Feb 27 2025, 2:26 PM
dfr abandoned D48869: sysutils/podman-suite: update to 20250203.

Committed without remembering to add 'Differential Revision'

Feb 27 2025, 2:23 PM
dfr abandoned D48868: sysutils/podman: update to 5.3.2.

Committed without remembering to add 'Differential Revision'

Feb 27 2025, 2:22 PM
dfr abandoned D48867: sysutils/buildah: update to 1.38.1.

Committed without remembering to add 'Differential Revision'

Feb 27 2025, 2:22 PM
dfr abandoned D48866: sysutils/skopeo: update to 1.17.0.

Committed without remembering to add 'Differential Revision'

Feb 27 2025, 2:21 PM
dfr abandoned D48865: sysutils/containers-common: update to 0.61.1.

Committed without remembering to add 'Differential Revision'

Feb 27 2025, 2:21 PM

Feb 18 2025

dfr committed R11:174a164cafb8: sysutils/podman: update to 5.3.2 (authored by dfr).
sysutils/podman: update to 5.3.2
Feb 18 2025, 3:00 PM
dfr committed R11:1a7906ff9256: sysutils/buildah: update to 1.38.1 (authored by dfr).
sysutils/buildah: update to 1.38.1
Feb 18 2025, 3:00 PM
dfr committed R11:c42b6115d53b: sysutils/containers-common: update to 0.61.1 (authored by dfr).
sysutils/containers-common: update to 0.61.1
Feb 18 2025, 3:00 PM
dfr committed R11:43e744c05263: sysutils/skopeo: update to 1.17.0 (authored by dfr).
sysutils/skopeo: update to 1.17.0
Feb 18 2025, 3:00 PM
dfr committed R11:366c60ac14e9: sysutils/podman-suite: update to 20250203 (authored by dfr).
sysutils/podman-suite: update to 20250203
Feb 18 2025, 3:00 PM

Feb 17 2025

dfr added a comment to D48869: sysutils/podman-suite: update to 20250203.

After further testing, I came across a regression in 'podman build' and 'buildah build' which I will get fixed upstream (https://github.com/containers/common/pull/2326). I will add that as patches to the buildah and podman ports and test a bit more before I ship this.

Feb 17 2025, 1:47 PM

Feb 7 2025

dfr added a comment to D48869: sysutils/podman-suite: update to 20250203.
In D48869#1114602, @osa wrote:

Here's the patch{F109555392}

In D48869#1114547, @osa wrote:

The patch introduces new dependency - sysutils/catatonit; the current version in the ports tree is 0.1.7, latest one is 0.2.1. Is there any plans to update the port to the recent version?

I've taken a look on the version 0.2.1 of the catatonit. Your patches in the freebsd branch look good, however there's a small change in the distribution:

--- catatonit.c
+++ catatonit.c
-#ifdef HAVE_CLOSE_RANGE
+#ifdef HAVE_LINUX_CLOSE_RANGE_H

So, I've applied both of your patches, fix the rejection and built new version. Hope that can be updated as well.

Combined your patches into one here.

Feb 7 2025, 11:38 AM
dfr added a comment to D48869: sysutils/podman-suite: update to 20250203.
In D48869#1114547, @osa wrote:

The patch introduces new dependency - sysutils/catatonit; the current version in the ports tree is 0.1.7, latest one is 0.2.1. Is there any plans to update the port to the recent version?

Feb 7 2025, 11:37 AM

Feb 6 2025

dfr requested review of D48869: sysutils/podman-suite: update to 20250203.
Feb 6 2025, 12:06 PM
dfr requested review of D48868: sysutils/podman: update to 5.3.2.
Feb 6 2025, 12:06 PM
dfr requested review of D48867: sysutils/buildah: update to 1.38.1.
Feb 6 2025, 12:06 PM
dfr requested review of D48866: sysutils/skopeo: update to 1.17.0.
Feb 6 2025, 12:06 PM
dfr requested review of D48865: sysutils/containers-common: update to 0.61.1.
Feb 6 2025, 12:06 PM

Jan 29 2025

dfr accepted D48679: ip6addrctl(8): Teach ip6addrctl to attach and run itself in a jail.
Jan 29 2025, 8:19 AM

Jan 28 2025

dfr added inline comments to D48679: ip6addrctl(8): Teach ip6addrctl to attach and run itself in a jail.
Jan 28 2025, 12:51 PM
dfr accepted D48701: ip6addrctl(8): Strictly check the number of arguments.

Looks good

Jan 28 2025, 12:49 PM

Jan 27 2025

dfr accepted D48679: ip6addrctl(8): Teach ip6addrctl to attach and run itself in a jail.
Jan 27 2025, 2:01 PM

Jan 23 2025

dfr accepted D48618: sysctl: Teach sysctl to attach and run itself in a jail.

Looks good to me. It would also be nice to have something similar for ip6addrctl to make it easier to have different address selection policies in vnet jails (e.g. host is dual stack and prefers IPv6 but jail only has IPv4 and should prefer IPv4 replies to DNS lookups).

Jan 23 2025, 2:03 PM

Jan 21 2025

dfr added a comment to D48574: release: build OCI images with shell scripts.

This version also sets a default command of "/bin/sh" for the minimal image which is common practice for Linux base images but perhaps that should be separated out.

Jan 21 2025, 2:06 PM
dfr requested review of D48574: release: build OCI images with shell scripts.
Jan 21 2025, 2:04 PM

Jan 19 2025

dfr committed rG6ede5a29d5e7: release: install etc files from the source tree, not the host (authored by dfr).
release: install etc files from the source tree, not the host
Jan 19 2025, 10:33 AM
dfr committed rGbfa14ad08796: release: fix architecture for OCI images (authored by dfr).
release: fix architecture for OCI images
Jan 19 2025, 10:32 AM

Jan 10 2025

dfr closed D48180: release: install etc files from the source tree, not the host.
Jan 10 2025, 2:25 PM
dfr committed rGbc77aa7df733: release: install etc files from the source tree, not the host (authored by dfr).
release: install etc files from the source tree, not the host
Jan 10 2025, 2:25 PM

Jan 9 2025

dfr added a comment to D48180: release: install etc files from the source tree, not the host.

Are there any other concerms for this one - I would like to land it and move onto the shell-based container image build.

Jan 9 2025, 5:13 PM

Jan 7 2025

dfr updated the diff for D48180: release: install etc files from the source tree, not the host.

Override PATH for make-oci-image.sh so that we get pwd_mkdb from the cross tools rather than the host.

Jan 7 2025, 2:37 PM

Dec 24 2024

dfr added inline comments to D48180: release: install etc files from the source tree, not the host.
Dec 24 2024, 5:54 PM

Dec 23 2024

dfr requested review of D48180: release: install etc files from the source tree, not the host.
Dec 23 2024, 1:26 PM

Dec 13 2024

dfr committed rGe2fc29e53986: release: fix architecture for OCI images (authored by dfr).
release: fix architecture for OCI images
Dec 13 2024, 4:50 PM
dfr closed D48051: release: fix architecture for OCI images.
Dec 13 2024, 4:50 PM
dfr added a comment to D48051: release: fix architecture for OCI images.

I tested this for amd64, i386, aarch64 and riscv64 and the metadata is correct.

Dec 13 2024, 4:46 PM

Dec 12 2024

dfr requested review of D48051: release: fix architecture for OCI images.
Dec 12 2024, 1:55 PM

Dec 9 2024

dfr closed D47941: sysutils/skopeo: fix problems with 'skopeo copy' in v1.16.1.
Dec 9 2024, 2:26 PM
dfr committed R11:588504901fbf: sysutils/skopeo: fix problems with 'skopeo copy' in v1.16.1 (authored by dfr).
sysutils/skopeo: fix problems with 'skopeo copy' in v1.16.1
Dec 9 2024, 2:26 PM

Dec 7 2024

dfr added a comment to D47941: sysutils/skopeo: fix problems with 'skopeo copy' in v1.16.1.
In D47941#1093574, @osa wrote:

Why not upgrade to 1.17.0 instead of just patching these 2 files?

My understanding is every podman release has multiple components, and here's the quote for v5.2.5:

Updated Buildah to v1.37.5
Updated the containers/storage library to v1.55.1

It seems like that versions of those components are need to be in sync.
@dfr please correct my if I'm wrong.

Also, I've tried to upgrade podman and components to the recent versions, but I've got an issue with the recent version of podman v.5.3.1, so decision was made to upgrade to the more or less "working" version.

Dec 7 2024, 2:55 PM
dfr added a comment to D47941: sysutils/skopeo: fix problems with 'skopeo copy' in v1.16.1.

Why not upgrade to 1.17.0 instead of just patching these 2 files?

Dec 7 2024, 2:51 PM

Dec 6 2024

dfr added a reviewer for D47941: sysutils/skopeo: fix problems with 'skopeo copy' in v1.16.1: releng.
Dec 6 2024, 4:57 PM
dfr requested review of D47941: sysutils/skopeo: fix problems with 'skopeo copy' in v1.16.1.
Dec 6 2024, 4:56 PM

Dec 5 2024

dfr accepted D47924: [PATCH] */*: update licences for podman-related infra.

Thanks for clearing this up!

Dec 5 2024, 10:55 AM
dfr accepted D47922: [PATCH] sysutils/containers-common: simplify, add visibility.

This is great, thanks!

Dec 5 2024, 10:54 AM

Dec 4 2024

dfr accepted D47914: [PATCH] sysutils/podman-suite update from 20240605 to 20241023.

LGTM

Dec 4 2024, 4:55 PM
dfr accepted D47913: [PATCH] update sysutils/skopeo from 1.14.4 to 1.16.1.

LGTM

Dec 4 2024, 4:54 PM