Automount not working with FreeBSD 12

Posted on January 2, 2019 by gawen

FreeBSD 12 is out. This is great! However I had the surprise to find that the automount feature didn’t work in KDE, probably also Gnome, XFCE and any other desktop environment that provide such a feature.

The culprit was easy to find, the Hardware Abstraction Layer has not yet updated to the peculiarities of the latest FreeBSD release.

See, when HAL tries to mount a vfat filesystem on FreeBSD, it adds by default the large option which according to FreeBSD 11.2 mount_msdosfs’s manpage provide support for very large files (>128GB). This option, however, was removed in FreeBSD 12. Thus automount fails.

To temporarily fix this, edit /usr/local/share/hal/fdi/policy/10osvendor/20-storage-methods.fdi. Then remove the large option in the vfat match for FreeBSD. That is:

  <match key="volume.fstype" string="vfat">
    <match key="/org/freedesktop/Hal/devices/computer:system.kernel.name" string="Linux">
      ...
  </match>
  <match key="/org/freedesktop/Hal/devices/computer:system.kernel.name" string="FreeBSD">
    ...
    <!-- <append key="volume.mount.valid_options" type="strlist">large</append> -->
  </match>

This was already reported in #221709.

Epson 3490 Scanner

Posted on October 28, 2018 by gawen

This is an information that tends to be forgotten on the Internet, so I’m publishing it here. How to get an Epson Perfection 3490 Photo scanner running under Linux, FreeBSD or whatever. Paths may change on your system, so you may need to adapt the instructions below.

1. Install xsane.

2. Download the Epson firmwares. For the Epson 3490, you need esfw52.bin. You may find this file on Internet, although it tends to disappear. But in any case you can also find this file here.

3. Uncompress the firmwares. That is, sudo tar -Jxvf epson-firmwares.tar.xz -C /usr/local/share/sane.

4. Modify /usr/local/etc/sane.d/snapscan.conf, change the firmware line to point to the esfw52.bin firmware. That is following the commands above, change the firmware line to firmware /usr/local/share/sane/epson-firmwares/esfw52.bin.

If you are running FreeBSD

You should still ensure that you can use the scanner as a normal user.

5.Let’s change the owner of the scanner so that it’s available to users in the saned group. Create /etc/devd/saned.conf and add:

notify 100 {
  match "system" "USB";
  match "subsystem" "INTERFACE";
  match "type" "ATTACH";
  match "cdev" "ugen[0-9].[0-9]";
  match "vendor" "0x04b8";
  match "product" "0x0122";
  action "chown -L cups:saned /dev/$cdev && chmod -L 660 /dev/$cdev";
};

Notice the 0x4b8:0x0122, identifying the scanner USB device which you can get from the lsusb command while the scanner is plugged in.

6.Restart devd with service devd restart.

7.Add yourself to the saned group with sudo pw groupmod saned -m {{your-user}}

8.You may need to log in again so that new group changes are taken into account.

Fastd on FreeBSD

Posted on October 21, 2018 by gawen

Fastd is nice and small secure tunneling daemon. A bit like OpenVPN, if you wish, but geared toward small devices, simpler in its design and in some ways more generic.

There was a FreeBSD port, but it has been marked as broken. The fix, however, is very simple, if you accept to get rid of AES128 and instead use the SALSA stream cipher:

cmake -DWITH_CIPHER_AES128_CTR=FALSE CMakeLists.txt
make
make install

Chromium on FreeBSD

Posted on August 26, 2018 by gawen

Good news everyone! Chromium is now perfectly usable on FreeBSD.
The longstanding hanging tab bug has been resolved. See also PR 212812 and this this FreeBSD forum post.

This was fixed in r337328 but is not yet available in 11.2-RELEASE. Fortunately there are temporary fixes too that you can use while waiting for the patch to be included in the next release.

First add this line to /etc/sysctl.conf:

net.local.stream.recvspace=16384

Second use a memory backed filesystem for the chromium cache. A script to do so was included in the chromium package, but it has since been removed now that a proper fix is coming in.

But if you want to do this manually, first ensure that ~/.cache/chromium directory exists and is empty. Then in /etc/fstab add this line with $USER changed accordingly:

md /home/$USER/.cache/chromium mfs rw,late,noatime,noexec,nosuid,-w$USER:$USER,-s300m 2 0

This will mount the chromium cache path on an UFS partition over a memory backed virtual disk.

I’ve been testing this for several days now and it works like a charm. Don’t forget to remove this workaround when you are past r337328 though.

FreeBSD on Intel Broadwell

Posted on April 21, 2018 by gawen

Around two years ago I posted about using FreeBSD 10 on the X250. A great deal has happened since then.

It is now possible to use the Intel Broadwell integrated graphic card (among others) under ~~FreeBSD-CURRENT~~ FreeBSD-STABLE! Also if I’m right, this will be integrated in FreeBSD 11.2-RELEASE. What a great day it is for FreeBSD on the desktop. I bet FreeBSD 12 will be truly great!

Note that it works much better on STABLE now than CURRENT because CURRENT is -well- not that stable…

So if you want to try this now, what you first need to do is to upgrade to the STABLE branch. For this you need to fetch the source, buildworld, buildkernel and installworld. Here is a very quick tuto (that you may need to adapt though). You can also find this here.

# Don't forget to upgrade RELEASE # in any case that there were any bugs in the building tools. freebsd-update fetch freebsd-update install reboot freebsd-update install


# Replace the current source tree with STABLE.

mv /usr/src /usr/src-RELEASE

svn checkout svn://svn.freebsd.org/base/stable/11 /usr/src
# Build! Build! Build!

cd /usr/src

make buildworld -j4
# Customize (while you are at it) and build STABLE kernel.

cd /usr/src/sys/amd64/conf

cp GENERIC {YOUR-CONF}

vim {YOUR-CONF}

cd /usr/src

make buildkernel KERNCONF={YOUR-CONF}

make installkernel KERNCONF={YOUR-CONF}

reboot

# Now it's time to install world over the new kernel. # In the meantime we also update configuration files # with mergemaster. mergemaster -p cd /usr/src make installworld mergemaster -Ui reboot

Now that your are on the latest STABLE, you can update the ports tree and install drm-next.

# Install ports tree if needed. portsnap fetch portsnap extract

# Install drm-next. cd /usr/ports/graphics/drm-next-kmod make install clean

Finally you must tell rc.conf to use the new i915 module instead. That is, add in /etc/rc.conf:

kld_list="/boot/modules/i915kms.ko"

Just one final reboot and you are done! Test this with the xorg and mesa-demos ports. Just startx from your user and check /var/log/Xorg.0.log to see if the intel driver was correctly loaded.

Wrong OS version in pkg

Posted on March 7, 2018 by gawen

If FreeBSD’s pkg refuses to update because of a wrong OS version, for example because you are in a FreeNAS jail and version mismatch are bound to happen, then you can always try to force the OS version in pkg (which you can find with uname -UK. Either put OSVERSION={{version}} in /usr/local/etc/pkg.conf or start it with pkg -o OSVERSION={{version}} where {{version}} is the target version, for example 1101001.

Sshguard, PF and FreeBSD

Posted on March 2, 2018 by gawen

We recently had a problem with sshguard. Some IP that were blocked were still able to send packets through because the associated states were not killed properly with pfctl -k $ip. We used an older version until then, so I just did an upgrade to the latest port.

From this point however sshguard did not block anything anymore. In fact it didn’t recognize the correct backend to use to block those IP. Not sure if we always have to specify it manually in the configuration or if there is some kind of broken-autodetect. But you can force the backend inside the configuration file in /usr/local/etc/sshguard.conf (see /usr/local/etc/sshguard.conf.sample):

BACKEND="/usr/local/libexec/sshg-fw-pf"

Disable XF86Back/Forward

Posted on January 3, 2018 by gawen

Real ThinkPad keyboards (not this monstruous ignominy) have directly accessible keys for XF86Back and XF86Forward. That is really problematic with web browsers such as Firefox or Chromium since pressing those keys transparently go back or forward into your history, discarding anything you were typing in the process, including that 3 hours long bug report you were just about to submit. That’s rather annoying, to say the least.

Some other blog post suggest to simply disable them with xmodmap. That is in ~/.xmodmaprc (or whatever it is you use):

keycode 166 = NoSymbol
keycode 167 = NoSymbol

I personally prefer to remap them to Next/Prior keys. Having these near the navigation keys might come up handy:

keycode 166 = Next
keycode 167 = Prior

That’s on Linux though, on FreeBSD the keycodes are 233 and 234:

keycode 233 = Next
keycode 234 = Prior

Anyway use the xev command and xmodmap -pke to find the keycodes and remap them to any other interesting key symbol.

Support FreeBSD!

Aside

WIDE DHCPv6 flood

Posted on August 2, 2017 by gawen

On FreeBSD we generally use WIDE DHCPv6 (also known as KAME DHCPv6, dhcp6c or simply dhcp6) as DHCPv6 client. However a rare bug can trigger this client to flood the DHCP server with requests. This happened to us and quickly prompted online.net to block our server for outgoing flood. This scared me a bit at first, as I thought we might have been part of a DDoS attack. Thankfully that was not the case.

But we still had to disable dhcp6 (and consequently IPv6). On Linux it is generally recommended to limit the DHCPv6 traffic using iptables rules. However this is not as simple with PF on FreeBSD. You cannot provide a limit on the packet rate per rule. You can limit the connection rate (see max-src-conn-rate), but I’m not sure this could be of any use here. It should be possible to use altq but this is not part of the GENERIC kernel. I really didn’t want to compile a custom kernel just as a workaround.

Instead I used another DHCPv6 client, namely ISC DHCP client (isc-dhcp43-client). Just create /usr/local/etc/dhclient6.conf and configure your DUID:

interface "igb0" {
  send dhcp6.client-id <DUID>;
}

On FreeBSD, isc-dhcp43-client doesn’t come with any rc starting script, so here is one for DHCPv6 (you should place it in /usr/local/etc/rc.d/dhclient6:

#!/bin/sh
#
# PROVIDE: dhclient6
# REQUIRE: DAEMON
# KEYWORD: dhcp
#
# Add the following lines to /etc/rc.conf to enable dhclient6:
#
# dhclient6_enable="YES"
#

. /etc/rc.subr

name="dhclient6"
desc="ISC DHCPv6 client"
rcvar="dhclient6_enable"

start_cmd="dhclient6_start"
stop_cmd="dhclient6_stop"

dhclient6_start()
{
  /usr/local/sbin/dhclient -cf "${dhclient6_conf}" -P -v "${dhclient6_iface}"
}

dhclient6_stop()
{
  if [ -r "${dhclient6_pid}" ]
  then
    kill -- -$(cat "${dhclient6_pid}")
    rm -f "${dhclient6_pid}"
  fi
}

load_rc_config ${name}

: ${dhclient6_enable="NO"}
: ${dhclient6_pid="/var/run/dhclient6.pid"}
: ${dhclient6_conf="/usr/local/etc/dhclient6.conf"}
: ${dhclient6_iface=""}

run_rc_command "$1"

Finally enable this in /etc/rc.conf:

dhclient6_iface="igb0"
dhclient6_enable="YES"

Gawen's blog

Enjoy life, one bit at a time.

Tag Archives: freebsd