Category: FreeBSD

These are my notes, tips and howtos about installing and maintaining FreeBSD and third party applications for FreeBSD. If you have feedback, feel free to contact me.

FreeBSD

FreeBSD User Groups in Denmark

FreeBSD user groups in Denmark.

Here in Denmark, to my knowledge, there is no active FreeBSD user groups. We have had BSD and UNIX user groups in the past, but for reasons, unknown to me, they have become inactive or dissolved, despite that their inactive websites and public listings still exist. Examples of these are BSD-DK and DKUUG. DKUUG was probably the most influensive and active over the years and, to my knowledge, arranged meetings, workshops and conferences, such as Open Source Days.

While not being a user group, we also had a yearly 7 day camp type conference The Camp, which existed until recently.

Related user groups in Denmark?

We do have other user groups, that is more or lesss related to FreeBSD user groups.

Linux comes to mind as one of the first related systems, but for reasons, unknown to me, many, if not almost all, of our Linux user groups (LUGs) have also become inactive or dissolved. I have only head of Linux Roskilde, which should have regular meetings at the local university. Wikipedia has a list of some of the memorable LUGs. I remember the large SSLUG and the yearly Linuxforum conference from the good old days.

If I look at non-operating system related user groups, there is the more recently popular topic of technology, hacking and security. When I mention hacking, I mean it in its positive sense, where users invent, improve and change systems and technology. We have a very active user group Cryptohagen in Copenhagen which has been meeting monthly and discussing privacy related topics for 10 years.

If I look at more camp like conferences, we have a yearly 7 day camp type conference Bornhack, which, to my knowledge, attract hackers (in a positive sense), who like to build things and share diversity in a wide range of technical topics. We also have SommerHack, which I believe, is very similar. We have Labitat in Copenhagen, a very technical hacking or construction user group. It has been around for a long time, seems very active, and seems to be a very friendly user group.

If I look over to more web related user groups, WordPress Copenhagen comes to mind. This is a somewhat active user group, who announces their meetings on MeetUp.

Alternatives to user groups.

I can see, how the need for physical FreeBSD user groups has become less important in modern post-covid times, because users can seek and find practical advice on Internet platforms, such as FreeBSD Forums and the FreeBSD server on Discord. While these platforms are brilliant at solving technical issues, they are not so brilliant, when it comes to real life applications of solutions, career opportunities and social networking.

Create a FreeBSD user group?

I have been thinking about creating a FreeBSD user group for some time. The purpose would be to acknowledge the value of sharing a common interest or enthusiasm and meeting in real life in an informal and friendly environment to discuss FreeBSD, BSD and UNIX related subjects and projects over a nice cup of coffee with or without a computer at hand.

A good name for a FreeBSD user group?

The name for such a FreeBSD user group should probably be descriptive and follow the naming tradition for user groups, that can also be seen on FreeBSD User Groups. This has lead me to the name Copenhagen FreeBSD User Group with the shorter abbreviation CFUG.

What are your thoughts?

I would love to hear your thoughts about a creating a FreeBSD user group for users and enthusiasts in Copenhagen. You might even be interested in joining such a group or contributing with speaks on different topics.

References.

FreeBSD, System Administration

Reducing or disabling swap on FreeBSD

Is it possible to reduce or disable swap memory on FreeBSD? In this example, 32 GB swap is enabled by using 16 GB on each of 2 SSDs. I would prefer this to be closer to 8 GB by using 4 GB on each of 2 SSDs.

Information about current swap devices.

Get information about currently active swap devices and sizes.

# swapinfo -h
Device              Size     Used    Avail Capacity
/dev/nda0p3          16G       0B      16G     0%
/dev/nda1p3          16G       0B      16G     0%
Total                32G       0B      32G     0%

Get information about partitions on disks and GEOM providers. Each device and partition has a unique identifier, that can be used to make changes.

# gpart show
=>        40  4000797280  nda0  GPT  (1.9T)
          40      532480     1  efi  (260M)
      532520        1024     2  freebsd-boot  (512K)
      533544         984        - free -  (492K)
      534528    33554432     3  freebsd-swap  (16G)
    34088960  3966707712     4  freebsd-zfs  (1.8T)
  4000796672         648        - free -  (324K)
=>        40  3907029088  nda1  GPT  (1.8T)
          40      532480     1  efi  (260M)
      532520        1024     2  freebsd-boot  (512K)
      533544         984        - free -  (492K)
      534528    33554432     3  freebsd-swap  (16G)
    34088960  3872940032     4  freebsd-zfs  (1.8T)
  3907028992         136        - free -  (68K)

The devices can be listed. This also shows the naming convention for the partitions.

# gpart status
nda0p1      OK  nda0
nda0p2      OK  nda0
nda0p3      OK  nda0
nda0p4      OK  nda0
nda1p1      OK  nda1
nda1p2      OK  nda1
nda1p3      OK  nda1
nda1p4      OK  nda1

Disabling swap on FreeBSD.

Move swapped pages out from swap devices and disable them.

# swapoff -a
swapoff: removing /dev/nda0p3 as swap device
swapoff: removing /dev/nda1p3 as swap device

If you want to re-enable swap, it is as easy as reverting that.

# swapon -a
swapon: adding /dev/nda0p3 as swap device
swapon: adding /dev/nda1p3 as swap device

Reducing swap partitions?

Is it possible to reduce the swap partition on each SSD and then have ZFS use the free space? Is it possible to split the partitions?

Deleting swap partitions?

Delete or comment out the swap partitions from the static information about file systems. This ensures, that they do not get re-mounted during boot.

# nano /etc/fstab
# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/gpt/efiboot0       /boot/efi       msdosfs rw              2       2
#/dev/nda0p3            none            swap    sw              0       0
#/dev/nda1p3            none            swap    sw              0       0
proc                    /proc           procfs  rw              0       0

Is it possible to delete the swap partition on each SSD and then have ZFS use the free space? The handbook does mention growing partitions, but it is not clear, if ZFS can in fact grow directly or it will be necessary to re-create partitions, format, import and encrypt.

Links

FreeBSD, System Administration

Configuring Bourne shell on FreeBSD

What is a Bourne shell?

The Bourne shell, also often referred to as /bin/sh or just sh, has been a default shell for users on FreeBSD for many major versions, while C shell was the default shell for root. From FreeBSD 14, the default shell for root is the Bourne shell.

Changing to Bourne shell on FreeBSD.

The shell for a user in FreeBSD can be changed with the chsh utility.

Configuring the Bourne shell in FreeBSD.

The Bourne shell in FreeBSD is configured by editing the global configuration file /etc/profile and/or the local user configuration file .shrc. These files contains commands, that will be executed, when the shell is started, such as when the user logs into the system.

In this example, the global configuration sets the blocksize for default file operations, ccache settings, the default editor, he default pager and a prompt. The prompt will include user, host and superuser status.

# nano /etc/profile
BLOCKSIZE=K
CCACHE=1
CCACHE_DIR=/var/cache/ccache
EDITOR=/usr/local/bin/nano
PAGER=less
VISUAL=$EDITOR
PS1='\u@\h\$ '
export BLOCKSIZE CCACHE CCACHE_DIR EDITOR PAGER PS1 VISUAL

If the user would like to add or change custom settings, then this can be set in the local user configuration file. If this is not relavant, the file should be deleted, because it does contain settings, that could interfere with the global settings.

$ rm .shrc
# rm .shrc

Testing.

The Bourne shell can now be tested. In this example, a user log in and switch to root.

$ whoami
jennifer
$ su -
Password: Pencil
# whoami
root
# echo $EDITOR
/usr/local/bin/nano

The different kinds of shells.

There are different kinds of shells, such as login shells and sub-shells. The sub-shells are also known as non-login shells. The difference is, that a login shell reads global configuration files, while sub-shells just inherits the settings from the original shell. In this example, the first shell will be a login-shell, while the second will be a sub-shell.

FreeBSD/amd64 (wopr) (ttyv0)

Login: stephen
Password: Pencil
 __      __________ ____________________ 
/  \    /  \_____  \\______   \______   \
\   \/\/   //   |   \|     ___/|       _/
 \        //    |    \    |    |    |   \
  \__/\  / \_______  /____|    |____|_  /
       \/          \/                 \/ 
Greetings, professor Falken. How about a nice game of chess?
$ sh
$ su stephen
$ logout
$ logout

More about shells.

FreeBSD, System Administration

DOAS for FreeBSD

What is DOAS?

doas is a utility, that can permit users to execute commands as root or as another user. Groups as well as users can be permitted to do.

Installing DOAS on FreeBSD.

# pkg install doas

The manual for doas is nice and simple.

# man doas.conf

Configuring DOAS.

In this example, I will configure doas to permit members of the wheel group to use the FreeBSD service command script, that can start and stop services, such as an nginx web server, without a password. This is a safe and trivial command to disable password requirement for.

# nano /usr/local/etc/doas.conf
permit nopass :wheel as root cmd service

If I wanted to limit, which arguments, that can be passed to the command, I could specifiy this with the args feature.

# nano /usr/local/etc/doas.conf
permit nopass :wheel as root cmd service args nginx onestart

Testing.

$ doas service nginx onestart
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx

Be aware, that doas requires, that the command is matched exactly. The following definition will not work.

# nano /usr/local/etc/doas.conf
permit nopass :wheel as root cmd /usr/sbin/service args nginx onestart
$ doas service nginx onestart
doas: Operation not permitted
FreeBSD, System Administration

SUDO for FreeBSD

Do not use sudo for FreeBSD. I tested sudo for FreeBSD and despite, that it is widely used in online procedures and documentation, I had to conclude, that it is somewhat poorly documented and simply does not work properly for FreeBSD.

# visudo
david ALL=(ALL) NOPASSWD: /usr/sbin/service nginx onestart

One thing, in particular, that did not work, was the ability for a member of the wheel group to execute a trivial safe command as root without the requirement for a password. sudo kept asking for password.

$ id
$ sudo service nginx onestart
Password:
sudo: a password is required

I recommend deinstalling sudo and instead using security/doas. This is also recommended on the FreeBSD Forums.

# rm /usr/local/etc/sudo.conf
# rm /usr/local/etc/sudoers
# pkg remove sudo

References

FreeBSD, System Administration

Setting Default Audio Output on FreeBSD

% cat /dev/sndstat
Installed devices:
pcm0: <Realtek ALC897 (Rear Analog)> (play/rec) default
pcm1: <Realtek ALC897 (Front Analog)> (play/rec)
pcm2: <Realtek ALC897 (Internal Digital)> (play)
pcm3: <Intel (0x2818) (HDMI/DP 8ch)> (play)
No devices installed from userspace.

Set the preferred default audio output.

% sysctl hw.snd.default_unit=1
hw.snd.default_unit: 0 -> 1

It can be made persistant across reboots.

# echo "hw.snd.default_unit=1" >> /etc/sysctl.conf
FreeBSD, System Administration

Direct Rendering Manager (DRM) kernel module for Intel and AMD chips on FreeBSD.

The Direct Rendering Manager (DRM) kernel module for Intel or AMD chips for FreeBSD is a subsystem of the Linux kernel. DRM is responsible for interfacing with GPUs on modern video cards. It is graphics drivers for Intel and AMD video cards and are used for console and graphics.

Install the DRM metaport. This will automatically detect the correct version of the DRM kernel module and install the GPU firmware.

# pkg install drm-kmod

The kernel module should be loaded at boot time.

# sysrc kld_list="i915kms"

The user must be a member of the video group.

# pw groupmod video -m foo

Issue: Blank screen after boot with DRM 6.1 for Intel on FreeBSD 14.2.

When FreeBSD boots and kernel modules are loaded, the HDMI screen goes blank, when DRM is loaded. There is no longer an active console. The system does accept SSH and does provide a virtual shell.

I installed the DRM kernel module from the latest binary repository branch on FreeBSD 14.2 on a computer with Intel Raptor Lake UHD Graphics 770.

# pciconf -lv | grep -B3 display
vgapci0@pci0:0:2:0:	class=0x030000 rev=0x04 hdr=0x00 vendor=0x8086 device=0xa780 subvendor=0x1043 subdevice=0x8882
    vendor     = 'Intel Corporation'
    device     = 'Raptor Lake-S GT1 [UHD Graphics 770]'
    class      = display
# pkg install drm-kmod
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 130 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
	drm-61-kmod: 6.1.92.1401000_3
	drm-kmod: 20220907_3
	gpu-firmware-amd-kmod-aldebaran: 20230625.1401000_2
	gpu-firmware-amd-kmod-arcturus: 20230625.1401000_2
	gpu-firmware-amd-kmod-banks: 20230625.1401000_2
	gpu-firmware-amd-kmod-beige-goby: 20230625.1401000_2
	gpu-firmware-amd-kmod-bonaire: 20230625.1401000_2
	gpu-firmware-amd-kmod-carrizo: 20230625.1401000_2
	gpu-firmware-amd-kmod-cyan-skillfish2: 20230625.1401000_2
	gpu-firmware-amd-kmod-dcn-3-1-4: 20230625.1401000_2
	gpu-firmware-amd-kmod-dcn-3-1-5: 20230625.1401000_2
	gpu-firmware-amd-kmod-dcn-3-1-6: 20230625.1401000_2
	gpu-firmware-amd-kmod-dcn-3-2-0: 20230625.1401000_2
	gpu-firmware-amd-kmod-dcn-3-2-1: 20230625.1401000_2
	gpu-firmware-amd-kmod-dimgrey-cavefish: 20230625.1401000_2
	gpu-firmware-amd-kmod-fiji: 20230625.1401000_2
	gpu-firmware-amd-kmod-gc-10-3-6: 20230625.1401000_2
	gpu-firmware-amd-kmod-gc-10-3-7: 20230625.1401000_2
	gpu-firmware-amd-kmod-gc-11-0-0: 20230625.1401000_2
	gpu-firmware-amd-kmod-gc-11-0-1: 20230625.1401000_2
	gpu-firmware-amd-kmod-gc-11-0-2: 20230625.1401000_2
	gpu-firmware-amd-kmod-gc-11-0-3: 20230625.1401000_2
	gpu-firmware-amd-kmod-gc-11-0-4: 20230625.1401000_2
	gpu-firmware-amd-kmod-green-sardine: 20230625.1401000_2
	gpu-firmware-amd-kmod-hainan: 20230625.1401000_2
	gpu-firmware-amd-kmod-hawaii: 20230625.1401000_2
	gpu-firmware-amd-kmod-kabini: 20230625.1401000_2
	gpu-firmware-amd-kmod-kaveri: 20230625.1401000_2
	gpu-firmware-amd-kmod-mullins: 20230625.1401000_2
	gpu-firmware-amd-kmod-navi10: 20230625.1401000_2
	gpu-firmware-amd-kmod-navi12: 20230625.1401000_2
	gpu-firmware-amd-kmod-navi14: 20230625.1401000_2
	gpu-firmware-amd-kmod-navy-flounder: 20230625.1401000_2
	gpu-firmware-amd-kmod-oland: 20230625.1401000_2
	gpu-firmware-amd-kmod-picasso: 20230625.1401000_2
	gpu-firmware-amd-kmod-pitcairn: 20230625.1401000_2
	gpu-firmware-amd-kmod-polaris10: 20230625.1401000_2
	gpu-firmware-amd-kmod-polaris11: 20230625.1401000_2
	gpu-firmware-amd-kmod-polaris12: 20230625.1401000_2
	gpu-firmware-amd-kmod-psp-13-0-0: 20230625.1401000_2
	gpu-firmware-amd-kmod-psp-13-0-10: 20230625.1401000_2
	gpu-firmware-amd-kmod-psp-13-0-11: 20230625.1401000_2
	gpu-firmware-amd-kmod-psp-13-0-4: 20230625.1401000_2
	gpu-firmware-amd-kmod-psp-13-0-5: 20230625.1401000_2
	gpu-firmware-amd-kmod-psp-13-0-7: 20230625.1401000_2
	gpu-firmware-amd-kmod-psp-13-0-8: 20230625.1401000_2
	gpu-firmware-amd-kmod-raven: 20230625.1401000_2
	gpu-firmware-amd-kmod-raven2: 20230625.1401000_2
	gpu-firmware-amd-kmod-renoir: 20230625.1401000_2
	gpu-firmware-amd-kmod-sdma-5-2-6: 20230625.1401000_2
	gpu-firmware-amd-kmod-sdma-5-2-7: 20230625.1401000_2
	gpu-firmware-amd-kmod-sdma-6-0-0: 20230625.1401000_2
	gpu-firmware-amd-kmod-sdma-6-0-1: 20230625.1401000_2
	gpu-firmware-amd-kmod-sdma-6-0-2: 20230625.1401000_2
	gpu-firmware-amd-kmod-sdma-6-0-3: 20230625.1401000_2
	gpu-firmware-amd-kmod-si58: 20230625.1401000_2
	gpu-firmware-amd-kmod-sienna-cichlid: 20230625.1401000_2
	gpu-firmware-amd-kmod-smu-13-0-0: 20230625.1401000_2
	gpu-firmware-amd-kmod-smu-13-0-10: 20230625.1401000_2
	gpu-firmware-amd-kmod-smu-13-0-7: 20230625.1401000_2
	gpu-firmware-amd-kmod-stoney: 20230625.1401000_2
	gpu-firmware-amd-kmod-tahiti: 20230625.1401000_2
	gpu-firmware-amd-kmod-tonga: 20230625.1401000_2
	gpu-firmware-amd-kmod-topaz: 20230625.1401000_2
	gpu-firmware-amd-kmod-vangogh: 20230625.1401000_2
	gpu-firmware-amd-kmod-vcn-3-1-2: 20230625.1401000_2
	gpu-firmware-amd-kmod-vcn-4-0-0: 20230625.1401000_2
	gpu-firmware-amd-kmod-vcn-4-0-2: 20230625.1401000_2
	gpu-firmware-amd-kmod-vcn-4-0-4: 20230625.1401000_2
	gpu-firmware-amd-kmod-vega10: 20230625.1401000_2
	gpu-firmware-amd-kmod-vega12: 20230625.1401000_2
	gpu-firmware-amd-kmod-vega20: 20230625.1401000_2
	gpu-firmware-amd-kmod-vegam: 20230625.1401000_2
	gpu-firmware-amd-kmod-verde: 20230625.1401000_2
	gpu-firmware-amd-kmod-yellow-carp: 20230625.1401000_2
	gpu-firmware-intel-kmod-alderlake: 20230625.1401000
	gpu-firmware-intel-kmod-broxton: 20230625.1401000
	gpu-firmware-intel-kmod-cannonlake: 20230625.1401000
	gpu-firmware-intel-kmod-dg1: 20230625.1401000
	gpu-firmware-intel-kmod-dg2: 20230625.1401000
	gpu-firmware-intel-kmod-elkhartlake: 20230625.1401000
	gpu-firmware-intel-kmod-geminilake: 20230625.1401000
	gpu-firmware-intel-kmod-icelake: 20230625.1401000
	gpu-firmware-intel-kmod-kabylake: 20230625.1401000
	gpu-firmware-intel-kmod-rocketlake: 20230625.1401000
	gpu-firmware-intel-kmod-skylake: 20230625.1401000
	gpu-firmware-intel-kmod-tigerlake: 20230625.1401000
	gpu-firmware-kmod: 20241114,1
	gpu-firmware-radeon-kmod-aruba: 20220511.1401000
	gpu-firmware-radeon-kmod-barts: 20220511.1401000
	gpu-firmware-radeon-kmod-bonaire: 20220511.1401000
	gpu-firmware-radeon-kmod-btc: 20220511.1401000
	gpu-firmware-radeon-kmod-caicos: 20220511.1401000
	gpu-firmware-radeon-kmod-cayman: 20220511.1401000
	gpu-firmware-radeon-kmod-cedar: 20220511.1401000
	gpu-firmware-radeon-kmod-cypress: 20220511.1401000
	gpu-firmware-radeon-kmod-hainan: 20220511.1401000
	gpu-firmware-radeon-kmod-hawaii: 20220511.1401000
	gpu-firmware-radeon-kmod-juniper: 20220511.1401000
	gpu-firmware-radeon-kmod-kabini: 20220511.1401000
	gpu-firmware-radeon-kmod-kaveri: 20220511.1401000
	gpu-firmware-radeon-kmod-mullins: 20220511.1401000
	gpu-firmware-radeon-kmod-oland: 20220511.1401000
	gpu-firmware-radeon-kmod-palm: 20220511.1401000
	gpu-firmware-radeon-kmod-pitcairn: 20220511.1401000
	gpu-firmware-radeon-kmod-r100: 20220511.1401000
	gpu-firmware-radeon-kmod-r200: 20220511.1401000
	gpu-firmware-radeon-kmod-r300: 20220511.1401000
	gpu-firmware-radeon-kmod-r420: 20220511.1401000
	gpu-firmware-radeon-kmod-r520: 20220511.1401000
	gpu-firmware-radeon-kmod-r600: 20220511.1401000
	gpu-firmware-radeon-kmod-r700: 20220511.1401000
	gpu-firmware-radeon-kmod-redwood: 20220511.1401000
	gpu-firmware-radeon-kmod-rs600: 20220511.1401000
	gpu-firmware-radeon-kmod-rs690: 20220511.1401000
	gpu-firmware-radeon-kmod-rs780: 20220511.1401000
	gpu-firmware-radeon-kmod-rv610: 20220511.1401000
	gpu-firmware-radeon-kmod-rv620: 20220511.1401000
	gpu-firmware-radeon-kmod-rv630: 20220511.1401000
	gpu-firmware-radeon-kmod-rv635: 20220511.1401000
	gpu-firmware-radeon-kmod-rv670: 20220511.1401000
	gpu-firmware-radeon-kmod-rv710: 20220511.1401000
	gpu-firmware-radeon-kmod-rv730: 20220511.1401000
	gpu-firmware-radeon-kmod-rv740: 20220511.1401000
	gpu-firmware-radeon-kmod-rv770: 20220511.1401000
	gpu-firmware-radeon-kmod-sumo: 20220511.1401000
	gpu-firmware-radeon-kmod-sumo2: 20220511.1401000
	gpu-firmware-radeon-kmod-tahiti: 20220511.1401000
	gpu-firmware-radeon-kmod-turks: 20220511.1401000
	gpu-firmware-radeon-kmod-verde: 20220511.1401000
Number of packages to be installed: 130
The process will require 123 MiB more space.
31 MiB to be downloaded.
Proceed with this action? [y/N]: y
Message from drm-61-kmod-6.1.92.1401000_3:
The drm-61-kmod port can be enabled for amdgpu (for AMD
GPUs starting with the HD7000 series / Tahiti) or i915kms (for Intel
APUs starting with HD3000 / Sandy Bridge) through kld_list in
/etc/rc.conf. radeonkms for older AMD GPUs can be loaded and there are
some positive reports if EFI boot is NOT enabled.
For amdgpu: kld_list="amdgpu"
For Intel: kld_list="i915kms"
For radeonkms: kld_list="radeonkms"
Please ensure that all users requiring graphics are members of the
"video" group.
Please note that this package was built for FreeBSD 14.1.
If this is not your current running version, please rebuild
it from ports to prevent panics when loading the module.
# pkg version | grep kmod
drm-61-kmod-6.1.92.1401000_3       =
drm-kmod-20220907_3                =
gpu-firmware-amd-kmod-aldebaran-20230625.1401000_2 =
gpu-firmware-amd-kmod-arcturus-20230625.1401000_2 =
gpu-firmware-amd-kmod-banks-20230625.1401000_2 =
gpu-firmware-amd-kmod-beige-goby-20230625.1401000_2 =
gpu-firmware-amd-kmod-bonaire-20230625.1401000_2 =
gpu-firmware-amd-kmod-carrizo-20230625.1401000_2 =
gpu-firmware-amd-kmod-cyan-skillfish2-20230625.1401000_2 =
gpu-firmware-amd-kmod-dcn-3-1-4-20230625.1401000_2 =
gpu-firmware-amd-kmod-dcn-3-1-5-20230625.1401000_2 =
gpu-firmware-amd-kmod-dcn-3-1-6-20230625.1401000_2 =
gpu-firmware-amd-kmod-dcn-3-2-0-20230625.1401000_2 =
gpu-firmware-amd-kmod-dcn-3-2-1-20230625.1401000_2 =
gpu-firmware-amd-kmod-dimgrey-cavefish-20230625.1401000_2 =
gpu-firmware-amd-kmod-fiji-20230625.1401000_2 =
gpu-firmware-amd-kmod-gc-10-3-6-20230625.1401000_2 =
gpu-firmware-amd-kmod-gc-10-3-7-20230625.1401000_2 =
gpu-firmware-amd-kmod-gc-11-0-0-20230625.1401000_2 =
gpu-firmware-amd-kmod-gc-11-0-1-20230625.1401000_2 =
gpu-firmware-amd-kmod-gc-11-0-2-20230625.1401000_2 =
gpu-firmware-amd-kmod-gc-11-0-3-20230625.1401000_2 =
gpu-firmware-amd-kmod-gc-11-0-4-20230625.1401000_2 =
gpu-firmware-amd-kmod-green-sardine-20230625.1401000_2 =
gpu-firmware-amd-kmod-hainan-20230625.1401000_2 =
gpu-firmware-amd-kmod-hawaii-20230625.1401000_2 =
gpu-firmware-amd-kmod-kabini-20230625.1401000_2 =
gpu-firmware-amd-kmod-kaveri-20230625.1401000_2 =
gpu-firmware-amd-kmod-mullins-20230625.1401000_2 =
gpu-firmware-amd-kmod-navi10-20230625.1401000_2 =
gpu-firmware-amd-kmod-navi12-20230625.1401000_2 =
gpu-firmware-amd-kmod-navi14-20230625.1401000_2 =
gpu-firmware-amd-kmod-navy-flounder-20230625.1401000_2 =
gpu-firmware-amd-kmod-oland-20230625.1401000_2 =
gpu-firmware-amd-kmod-picasso-20230625.1401000_2 =
gpu-firmware-amd-kmod-pitcairn-20230625.1401000_2 =
gpu-firmware-amd-kmod-polaris10-20230625.1401000_2 =
gpu-firmware-amd-kmod-polaris11-20230625.1401000_2 =
gpu-firmware-amd-kmod-polaris12-20230625.1401000_2 =
gpu-firmware-amd-kmod-psp-13-0-0-20230625.1401000_2 =
gpu-firmware-amd-kmod-psp-13-0-10-20230625.1401000_2 =
gpu-firmware-amd-kmod-psp-13-0-11-20230625.1401000_2 =
gpu-firmware-amd-kmod-psp-13-0-4-20230625.1401000_2 =
gpu-firmware-amd-kmod-psp-13-0-5-20230625.1401000_2 =
gpu-firmware-amd-kmod-psp-13-0-7-20230625.1401000_2 =
gpu-firmware-amd-kmod-psp-13-0-8-20230625.1401000_2 =
gpu-firmware-amd-kmod-raven-20230625.1401000_2 =
gpu-firmware-amd-kmod-raven2-20230625.1401000_2 =
gpu-firmware-amd-kmod-renoir-20230625.1401000_2 =
gpu-firmware-amd-kmod-sdma-5-2-6-20230625.1401000_2 =
gpu-firmware-amd-kmod-sdma-5-2-7-20230625.1401000_2 =
gpu-firmware-amd-kmod-sdma-6-0-0-20230625.1401000_2 =
gpu-firmware-amd-kmod-sdma-6-0-1-20230625.1401000_2 =
gpu-firmware-amd-kmod-sdma-6-0-2-20230625.1401000_2 =
gpu-firmware-amd-kmod-sdma-6-0-3-20230625.1401000_2 =
gpu-firmware-amd-kmod-si58-20230625.1401000_2 =
gpu-firmware-amd-kmod-sienna-cichlid-20230625.1401000_2 =
gpu-firmware-amd-kmod-smu-13-0-0-20230625.1401000_2 =
gpu-firmware-amd-kmod-smu-13-0-10-20230625.1401000_2 =
gpu-firmware-amd-kmod-smu-13-0-7-20230625.1401000_2 =
gpu-firmware-amd-kmod-stoney-20230625.1401000_2 =
gpu-firmware-amd-kmod-tahiti-20230625.1401000_2 =
gpu-firmware-amd-kmod-tonga-20230625.1401000_2 =
gpu-firmware-amd-kmod-topaz-20230625.1401000_2 =
gpu-firmware-amd-kmod-vangogh-20230625.1401000_2 =
gpu-firmware-amd-kmod-vcn-3-1-2-20230625.1401000_2 =
gpu-firmware-amd-kmod-vcn-4-0-0-20230625.1401000_2 =
gpu-firmware-amd-kmod-vcn-4-0-2-20230625.1401000_2 =
gpu-firmware-amd-kmod-vcn-4-0-4-20230625.1401000_2 =
gpu-firmware-amd-kmod-vega10-20230625.1401000_2 =
gpu-firmware-amd-kmod-vega12-20230625.1401000_2 =
gpu-firmware-amd-kmod-vega20-20230625.1401000_2 =
gpu-firmware-amd-kmod-vegam-20230625.1401000_2 =
gpu-firmware-amd-kmod-verde-20230625.1401000_2 =
gpu-firmware-amd-kmod-yellow-carp-20230625.1401000_2 =
gpu-firmware-intel-kmod-alderlake-20230625.1401000 =
gpu-firmware-intel-kmod-broxton-20230625.1401000 =
gpu-firmware-intel-kmod-cannonlake-20230625.1401000 =
gpu-firmware-intel-kmod-dg1-20230625.1401000 =
gpu-firmware-intel-kmod-dg2-20230625.1401000 =
gpu-firmware-intel-kmod-elkhartlake-20230625.1401000 =
gpu-firmware-intel-kmod-geminilake-20230625.1401000 =
gpu-firmware-intel-kmod-icelake-20230625.1401000 =
gpu-firmware-intel-kmod-kabylake-20230625.1401000 =
gpu-firmware-intel-kmod-rocketlake-20230625.1401000 =
gpu-firmware-intel-kmod-skylake-20230625.1401000 =
gpu-firmware-intel-kmod-tigerlake-20230625.1401000 =
gpu-firmware-kmod-20241114,1       =
gpu-firmware-radeon-kmod-aruba-20220511.1401000 =
gpu-firmware-radeon-kmod-barts-20220511.1401000 =
gpu-firmware-radeon-kmod-bonaire-20220511.1401000 =
gpu-firmware-radeon-kmod-btc-20220511.1401000 =
gpu-firmware-radeon-kmod-caicos-20220511.1401000 =
gpu-firmware-radeon-kmod-cayman-20220511.1401000 =
gpu-firmware-radeon-kmod-cedar-20220511.1401000 =
gpu-firmware-radeon-kmod-cypress-20220511.1401000 =
gpu-firmware-radeon-kmod-hainan-20220511.1401000 =
gpu-firmware-radeon-kmod-hawaii-20220511.1401000 =
gpu-firmware-radeon-kmod-juniper-20220511.1401000 =
gpu-firmware-radeon-kmod-kabini-20220511.1401000 =
gpu-firmware-radeon-kmod-kaveri-20220511.1401000 =
gpu-firmware-radeon-kmod-mullins-20220511.1401000 =
gpu-firmware-radeon-kmod-oland-20220511.1401000 =
gpu-firmware-radeon-kmod-palm-20220511.1401000 =
gpu-firmware-radeon-kmod-pitcairn-20220511.1401000 =
gpu-firmware-radeon-kmod-r100-20220511.1401000 =
gpu-firmware-radeon-kmod-r200-20220511.1401000 =
gpu-firmware-radeon-kmod-r300-20220511.1401000 =
gpu-firmware-radeon-kmod-r420-20220511.1401000 =
gpu-firmware-radeon-kmod-r520-20220511.1401000 =
gpu-firmware-radeon-kmod-r600-20220511.1401000 =
gpu-firmware-radeon-kmod-r700-20220511.1401000 =
gpu-firmware-radeon-kmod-redwood-20220511.1401000 =
gpu-firmware-radeon-kmod-rs600-20220511.1401000 =
gpu-firmware-radeon-kmod-rs690-20220511.1401000 =
gpu-firmware-radeon-kmod-rs780-20220511.1401000 =
gpu-firmware-radeon-kmod-rv610-20220511.1401000 =
gpu-firmware-radeon-kmod-rv620-20220511.1401000 =
gpu-firmware-radeon-kmod-rv630-20220511.1401000 =
gpu-firmware-radeon-kmod-rv635-20220511.1401000 =
gpu-firmware-radeon-kmod-rv670-20220511.1401000 =
gpu-firmware-radeon-kmod-rv710-20220511.1401000 =
gpu-firmware-radeon-kmod-rv730-20220511.1401000 =
gpu-firmware-radeon-kmod-rv740-20220511.1401000 =
gpu-firmware-radeon-kmod-rv770-20220511.1401000 =
gpu-firmware-radeon-kmod-sumo-20220511.1401000 =
gpu-firmware-radeon-kmod-sumo2-20220511.1401000 =
gpu-firmware-radeon-kmod-tahiti-20220511.1401000 =
gpu-firmware-radeon-kmod-turks-20220511.1401000 =
gpu-firmware-radeon-kmod-verde-20220511.1401000 =
# sysrc kld_list="i915kms"
# pw groupmod video -m root
# pw groupmod video -m foo

The system message buffer does mention a problem with binary firmware, that could not be loaded.

# dmesg
[drm] Got Intel graphics stolen memory base 0x7c800000, size 0x4000000
drmn0: <drmn> on vgapci0
vgapci0: child drmn0 requested pci_enable_io
vgapci0: child drmn0 requested pci_enable_io
adls_dmc_ver2_01.bin: could not load binary firmware /boot/firmware/adls_dmc_ver2_01.bin either
i915/adls_dmc_ver2_01.bin: could not load binary firmware /boot/firmware/i915/adls_dmc_ver2_01.bin either
i915_adls_dmc_ver2_01.bin: could not load binary firmware /boot/firmware/i915_adls_dmc_ver2_01.bin either
lkpi_iic0: <LinuxKPI I2C> on drmn0
iicbus0: <Philips I2C bus> on lkpi_iic0
iic0: <I2C generic I/O> on iicbus0
lkpi_iic1: <LinuxKPI I2C> on drmn0
iicbus1: <Philips I2C bus> on lkpi_iic1
iic1: <I2C generic I/O> on iicbus1
lkpi_iic2: <LinuxKPI I2C> on drmn0
iicbus2: <Philips I2C bus> on lkpi_iic2
iic2: <I2C generic I/O> on iicbus2
lkpi_iic3: <LinuxKPI I2C> on drmn0
iicbus3: <Philips I2C bus> on lkpi_iic3
iic3: <I2C generic I/O> on iicbus3
lkpi_iic4: <LinuxKPI I2C> on drmn0
iicbus4: <Philips I2C bus> on lkpi_iic4
iic4: <I2C generic I/O> on iicbus4
lkpi_iic5: <LinuxKPI I2C> on drmn0
iicbus5: <Philips I2C bus> on lkpi_iic5
iic5: <I2C generic I/O> on iicbus5
lkpi_iic6: <LinuxKPI I2C> on drmn0
iicbus6: <Philips I2C bus> on lkpi_iic6
iic6: <I2C generic I/O> on iicbus6
lkpi_iic7: <LinuxKPI I2C> on drmn0
iicbus7: <Philips I2C bus> on lkpi_iic7
iic7: <I2C generic I/O> on iicbus7
lkpi_iic8: <LinuxKPI I2C> on drmn0
iicbus8: <Philips I2C bus> on lkpi_iic8
iic8: <I2C generic I/O> on iicbus8
drmn0: successfully loaded firmware image 'i915/adls_dmc_ver2_01.bin'
drmn0: [drm] Finished loading DMC firmware i915/adls_dmc_ver2_01.bin (v2.1)
sysctl_warn_reuse: can't re-use a leaf (hw.dri.debug)!
lkpi_iic9: <LinuxKPI I2C> on drm1
iicbus9: <Philips I2C bus> on lkpi_iic9
iic9: <I2C generic I/O> on iicbus9
[drm] Initialized i915 1.6.0 20201103 for drmn0 on minor 0
VT: Driver priority 0 too low. Current 101
 fbd0: not attached to vt(4) console; another device has precedence (err=17)
# find / -type f -name '*adls*'
/boot/modules/i915_adls_dmc_ver2_01_bin.ko
# kldstat | grep adls
# kldload i915_adls_dmc_ver2_01_bin.ko
# kldstat | grep adls
17    1 0xffffffff835aa000     69f0 i915_adls_dmc_ver2_01_bin.ko

The system messages log confirms, that the firmware drivers were loaded.

# cat /var/log/messages | grep drm
Dec 25 23:08:54 wopr pkg[1974]: drm-61-kmod-6.1.92.1401000_3 installed
Dec 25 23:08:54 wopr pkg[1974]: drm-kmod-20220907_3 installed
Dec 25 23:12:11 wopr pkg[2119]: libdrm-2.4.123,1 installed
Dec 26 00:37:18 wopr kernel: [drm] Got Intel graphics stolen memory base 0x7c800000, size 0x4000000
Dec 26 00:37:18 wopr kernel: drmn0: <drmn> on vgapci0
Dec 26 00:37:18 wopr kernel: vgapci0: child drmn0 requested pci_enable_io
Dec 26 00:37:18 wopr kernel: lkpi_iic0: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: lkpi_iic1: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: lkpi_iic2: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: lkpi_iic3: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: lkpi_iic4: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: lkpi_iic5: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: lkpi_iic6: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: lkpi_iic7: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: lkpi_iic8: <LinuxKPI I2C> on drmn0
Dec 26 00:37:18 wopr kernel: drmn0: successfully loaded firmware image 'i915/adls_dmc_ver2_01.bin'
Dec 26 00:37:18 wopr kernel: drmn0: [drm] Finished loading DMC firmware i915/adls_dmc_ver2_01.bin (v2.1)
Dec 26 00:37:18 wopr kernel: lkpi_iic9: <LinuxKPI I2C> on drm1
Dec 26 00:37:18 wopr kernel: [drm] Initialized i915 1.6.0 20201103 for drmn0 on minor 0

I tested loading DMC driver manually.

# sysrc kld_list+="i915_adls_dmc_ver2_01_bin"
kld_list: i915kms -> i915kms i915_adls_dmc_ver2_01_bin
# echo 'drm_load="YES"' >> /boot/loader.conf
# echo 'i915kms_load="YES"' >> /boot/loader.conf
# cat /boot/loader.conf | sort
aesni_load="YES"
cryptodev_load="YES"
drm_load="YES"
geom_eli_load="YES"
i915kms_load="YES"
if_re_load="YES"
if_re_name="/boot/modules/if_re.ko"
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
vboxdrv_load="YES"
zfs_load="YES"

Any tips?

FreeBSD, System Administration

Realtek RTL8125 network interface driver for FreeBSD

Realtek RTL8125 is a network interface card, that is integrated on modern mid to high range motherboards, such as Asus Prime with 12th and 13th generation Intel CPUs. RTL8125 is not supported by the default Realtek driver, that is loaded by the FreeBSD base system during boot. This presents several issues on a host with no Internet access. With a tip from a brilliant user on Discord, I was able to discover this work-around.

RTL8125 is supported by a non-default Realtek driver, that was written by Realtek for FreeBSD, but not adopted into the main driver, because of differences in coding standards. The driver is in ports as “realtek-re-kmod”. If the host does not have a connection to Internet, then this port has to be fetched on another host and then transferred via USB storage or alternative medium.

# fetch http://pkg.freebsd.org/FreeBSD:14:amd64/release_2/All/realtek-re-kmod-1100.00_1.pkg

The package can not be installed, because the host would still need Internet for that, because of package management. The driver can be extracted and manually placed in the directory for boot kernel modules.

# tar zxf realtek-re-kmod1100.00_1.pkg /boot/modules/if_re.ko
# mv boot/modules/if_re.ko /boot/modules/

The driver needs to load during boot, while it is key to succes, that the “name” paramenter is set to the new driver. If this is omitted, then it will not work, because the old driver is loaded from “/boot/kernel”.

# vi /boot/loader.conf
if_re_load="YES"
if_re_name="/boot/modules/if_re.ko"

This will initialize the Realtek network interface card and DHCP for the network interface can be configured.

# vi /etc/rc.conf
ifconfig_re0="DHCP"

Reboot.

# reboot

The complete procedure:

# dmesg
# gpart show
# gpart destroy -F /dev/da0
# gpart create -s mbr /dev/da0
# gpart add -t fat32 /dev/da0
# gpart show
# newfs_msdos -L REALTEK -F 32 /dev/da0s1
# mount -t msdos /dev/da0s1 /mnt
# cd /mnt
# fetch http://pkg.freebsd.org/FreeBSD:14:amd64/release_2/All/realtek-re-kmod-1100.00_1.pkg
# sync
# cd
# umount /mnt
# mount -t msdos /dev/da0s1 /mnt
# cp /mnt/*.pkg .
# umount /mnt
# tar zxf realtek-re-kmod1100.00_1.pkg /boot/modules/if_re.ko
# mv boot/modules/if_re.ko /boot/modules/
# vi /boot/loader.conf
if_re_load="YES"
if_re_name="/boot/modules/if_re.ko"
# vi /etc/rc.conf
ifconfig_re0="DHCP"
# reboot

References.

FreeBSD, System Administration

Reject Failed SPF with spfmilter for Sendmail on FreeBSD

What is spfmilter?

spfmilter is a Sender Policy Framework (SPF) mail filter module for Sendmail on FreeBSD. spfmilter makes Sendmail reject mail, that has been sent from a mail server, that is not allowed by the policy for the domain. spfmilter s the other half of the framework.

Example of an CEO scam email, that is being contructed with false sender header fields in an Alpine mail client. DKIM authentication and SPF authorization prevents this kind of domain abuse. This can be implemented with an SPF TXT record for BIND DNS and OpenDKIM milter for Sendmail with a DKIM TXT record for BIND DNS on FreeBSD
Example of an CEO scam email, that is being contructed with false sender header fields in an Alpine mail client. Sender Policy Framework (SPF) prevents this kind of domain abuse.

Install spfmilter for Sendmail on FreeBSD

Search for spfmilter in the package repository.

# pkg search spf
spfmilter-2.001_2              SPF milter for sendmail

Install the spfmilter.

# pkg install spfmilter
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
	libspf2: 1.2.11_2
	spfmilter: 2.001_2
144 KiB to be downloaded.

Configure spfmilter.

# nano /etc/mail/

Configure FreeBSD to run spfmilter as a service

Configure spfmilter as a service in FreeBSD. This is documented on the official website of spfmilter.

# service -l | grep spf
spfmilter
# nano /etc/rc.conf
spfmilter_enable="YES"
spfmilter_socket="unix:/var/run/spfmilter.sock"
# service spfmilter start
Starting spfmilter.
# grep spfmilter /var/log/maillog
Nov 17 13:37:55 foo spfmilter[34074]: spfmilter 2.001 with libspf2-1.2.11 starting

Configure Sendmail to use spfmilter

Configure Sendmail to use spfmilter. This is documented on the official website of spfmilter.

# cd /etc/mail
# cp `hostname`.mc `date -I`-`hostname`.mc
# nano `hostname`.mc
INPUT_MAIL_FILTER(`spfmilter',`S=unix:/var/run/spfmilter.sock')
# make
/usr/bin/m4 -D_CF_DIR_=/usr/share/sendmail/cf/   /usr/share/sendmail/cf/m4/cf.m4 foo.micski.dk.mc > foo.micski.dk.cf
# make install
install -m 444 foo.micski.dk.cf /etc/mail/sendmail.cf
install -m 444 foo.micski.dk.submit.cf /etc/mail/submit.cf
# service sendmail restart
Stopping sendmail.
Starting sendmail.
# tail /var/log/maillog | grep sm-m
Nov 17 13:37:08 foobar sm-mta[37327]: starting daemon (8.18.1): SMTP+queueing@00:30:00
Nov 17 13:37:08 foobar sm-msp-queue[37341]: starting daemon (8.18.1): queueing@00:30:00

Test spfmilter

If regular email works after the installation, it is time to test the spfmilter.

In this example, I will try to forge an email to appear being from Microsoft, that has an SPF. It gets rejected by the spfmilter.

$ telnet foo.micski.dk 587
220 foo.micski.dk ESMTP Sendmail 8.18.1/8.18.1; Sun, 17 Nov 2024 13:37:51 +0100 (CET)
HELO microsoft.com
250 foo.micski.dk Hello [13.37.13.37], pleased to meet you
MAIL From:<>
550 5.7.1 <>... fail

The rejection by spfmilter can be confirmed by the mail log.

# tail /var/log/maillog
Nov 17 13:37:56 foo sm-mta[38143]: 4AGNbZ2E038143: milter=spfmilter, action=helo, continue
Nov 17 13:38:28 foo sm-mta[38143]: 4AGNbZ2E038143: Milter: sender: 
Nov 17 13:38:28 foo spfmilter[34074]: rejecting mail from [13.37.13.37] - fail
Nov 17 13:38:28 foo sm-mta[38143]: 4AGNbZ2E038143: milter=spfmilter, action=mail, reject=550 5.7.1 fail
Nov 17 13:38:28 foo sm-mta[38143]: 4AGNbZ2E038143: Milter: from=, reject=550 5.7.1 fail

In generel, future rejects can be listed from the mail log.

# grep spfmilter /var/log/maillog | grep rejecting

References

Attribution and sharing.

Feel free to link to this guide, if you find it useful. Contributions and feedback is always appreciated.