kfreebsd -- encryption options
Hi, Having a Debian Linux installation with dropbear for pre-boot unlocking of encrypted partitions (including root [and everything except for /boot] on LVM). The disk partitions actually being mirrors created using mdadm (RAID1) and then encrypted using cryptsetup (dm-crypt). How would one go about getting the same sort of set up in Debian / kFreeBSD ? Thanks AndrewMM signature.asc Description: OpenPGP digital signature
Re: Collaboration from ubuntuBSD project
Hi, On 20/03/2016 8:49 PM, Adam Wilson wrote: > Does Ubuntu even use systemd? I think they use runit or something. > Something start*... it escapes me. Due to Ubuntu being heavily based on Debian, they chose to change to systemd going forward; I'm not sure if that has changed or not, but the strength of Debian selling out to systemd, well, that sold out Ubuntu as well. :( I'm still seeing too many issues that come back to systemd even though I am mostly quiet about them when I see them on the list. Kind Regards AndrewM signature.asc Description: OpenPGP digital signature
Re: Collaboration from ubuntuBSD project
Hi, On 21/03/2016 1:03 AM, Steven Chamberlain wrote: > Andrew McGlashan wrote: >> The other part of the problem is that Debian/KfreeBSD is no longer an >> officially supported version of Debian; unofficially it has support, but >> not officially. > > Debian's release team isn't responsible for jessie-kfreebsd, but we seem > to have all the other support we need: DSA looks after our buildds. > The FTP masters continue to host us on the Debian mirrors network. The > security team hosts a jessie-kfreebsd suite, which imports patches from > official jessie. Patches for kernel bugs continue to come from upstream. > >> That is, there is no current "stable" release of Debian/KfreeBSD, it >> is not a production release. > > Support for wheezy (oldstable) doesn't end until late next month. And > before then, I hope there'll be an announcement about jessie-kfreebsd, > which will be the stable-kfreebsd release: > https://lists.debian.org/debian-bsd/2016/03/msg00084.html So, we are expecting full mainstream support soon then? If so, that is tremendously great news indeed! Thanks AndrewM signature.asc Description: OpenPGP digital signature
Re: Collaboration from ubuntuBSD project
Hi, On 20/03/2016 7:35 PM, Adam Wilson wrote: > Wouldn't it have better to focus on developing Debian GNU/kFreeBSD, > which could do with the extra attention/work? > > Just curious. What was the rationale? The other part of the problem is that Debian/KfreeBSD is no longer an officially supported version of Debian; unofficially it has support, but not officially. That is, there is no current "stable" release of Debian/KfreeBSD, it is not a production release. I wish that KfreeBSD had more love and was a fully supported version of Debian, but unfortunately it is not. It /may/ be better to go straight to FreeBSD direct instead because of this. Which means escaping the horror of systemd as well as not having the same "Debian" way of configuration setup. AndrewM signature.asc Description: OpenPGP digital signature
Re: Collaboration from ubuntuBSD project
Hi, On 20/03/2016 12:16 AM, Jon Boden wrote: > ubuntuBSD just went live today with its first release, v15.04 BETA1 > (codenamed "Escape from SystemD"). > > This project owes a lot to Debian GNU/kFreeBSD and I'd like to send you a > sincere offer for collaboration. > > In the following days I'm going to submit back all the improvements to Debian > & other projects in a case-by-case pallatable form. > > In the meantime you can peek at the whole change set in: > > http://archive.ubuntubsd.org/patches/ Interesting. Okay, from your signature, https://www.ubuntubsd.org doesn't work and http://www.ubuntubsd.org/ takes you to https://sourceforge.net/projects/ubuntubsd/ Not being an official Ubuntu distro then? Where is it going? Oh and lose the www in the URLs and it doesn't work either. Cheers AndrewM signature.asc Description: OpenPGP digital signature
Re: Plan B for kfreebsd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Steven, On 10/11/2014 10:15 AM, Steven Chamberlain wrote: > Jonathan Wiltshire wrote: >> We discussed kfreebsd at length, but are not satisfied that a >> release with Jessie will be of sufficient quality. We are dropping >> it as an official release architecture, Thank you for all your enthusiasm and support of kFreeBSD. However, it looks like Linux as we know it is at a crossroad -- it will be "Lennart Poettering Linux" or something else that something else looks like it will have to be FreeBSD direct now. Debian kFreeBSD looks dead in the water and that won't change whilst so many DDs are so pro systemd -- I think that systemd was the final nail in the coffin. So sad that Debian is no longer going to be the universal Linux and that kFreeBSD is to suffer the consequences of the ... at best, controversial, systemd decision by the TC ... :( A. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlRgY7MACgkQqBZry7fv4vu5sQEAujpbTZxDz7cSSk64z2QvOkqV mrkpYSBFHfZl+0pUZAAA/0uli8Ecr3QliKTKyg+Nxv9Bdo5G3o+MeHE/jIqKma/h =yQUp -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546063b5.5030...@affinityvision.com.au
Re: kFreeBSD future
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, First off, thank you very much Steven. On 14/10/2014 10:02 PM, Steven Chamberlain wrote: > On 13/10/14 19:04, Andrew McGlashan wrote: >> So, is there currently ANY concern that kFreeBSD won't continue >> for Jessie and/or beyond Jessie? Are there enough people >> involved now to remove the risk for new users coming on board to >> use kFreeBSD, [...] > > I'm hoping it doesn't come to that. As explained in > https://lists.debian.org/debian-bsd/2014/09/msg00282.html by the > time of the release team announcement, we'd already fixed d-i and > the RC bugs mentioned during the meeting. Only one RC bug, > #740509 really concerns me now (affecting kfreebsd-i386 only). Yes, I read that and I assumed as much, but as I've let others know about the potential option to switch ti kFreeBSD ... well, I thought I better get some clarification. Hopefully we'll be okay. > If kfreebsd-* arches were dropped, we could still put out an > unofficial release with what we already have, and support the > kernel for the lifetime of jessie. I'm afraid that if it gets dropped, then I may not get started with kFreeBSD ... in that case, I might go with FreeBSD direct, but I'll have quite a bit more learning to do. > But what we'd probably lose are package mirrors for stable, and > the infrastructure to build security updates or > stable-proposed-updates for the whole package archive in a timely > manner; these are critical for production use. That sure wouldn't help. > If dropped from testing migration, packages might stop fixing bugs > that affect us, and over time large sets of packages could become > out-of-date and unable to build any more; that would leave > testing/sid in a poor state. > >> those needing an exit strategy from systemd on the main Debian >> release? > > (include myself in that ;) ;-) >> Also, if people move systems to kFreeBSD and kFreeBSD stops >> being properly maintained and supported, is there a good >> migration path to FreeBSD or would it be a case of learning the >> whole FreeBSD system /ways/ over the Debian /ways/ ? How about >> ZFS, would the data on ZFS volumes be easily migrated, without >> rebuilding ZFS setups from scratch if the need arose? > > We try to stay compatible with upstream's kernels, and allow for > GNU/kFreeBSD chroots on FreeBSD and vice-versa. ZFS volumes should > be portable between these systems. That's great. > (These are probably good questions to add to the Wiki FAQ...) > >> What is the status of virtualization? I would like to replace >> xen which I am currently using with squeeze-lts -- is xen going >> to work with kFreeBSD? Is bhyve going to be a realistic option >> to use on kFreeBSD? > > We haven't packaged any bhyve tools yet. In FreeBSD 10.x it still > only supports Intel CPUs and I don't have any of those to try it > on. Do you mean amd64 or Intel specifically? > GNU/kFreeBSD works fine as a Xen (HVM) domU since wheezy, and even > better in jessie because faster PV-HVM drivers are compiled in by > default. It can't be the Xen dom0 however; the host may have to > be Debian GNU/Linux or NetBSD. That's good to know. I might be able to play around with kFreeBSD that way, although the problem for me is that I might not have enough RAM available to do that on currently available equipment at my disposal. > Debian GNU/Linux wheezy is a really good Xen dom0 (much easier > than configuring it on NetBSD). This has the advantage that you > could create a LUKS LVM to store your virtual machines in, as an > alternative to setting that up inside the VM. You could have a > minimal, unencrypted dom0 that boots and starts up networking > without password, then SSH in to unlock and start wholly-encrypted > VMs? Just remember to also encrypt wherever VMs' memory gets > suspended to on disk during a host reboot (I'm guessing somewhere > like /var/lib/xen/...?), and the host's swapspace (if any). Debian GNU/Linux wheezy might be the answer for Xen Dom0 then, at least for a while. >> I am also interested in using FDE (full disk encryption), >> including / file system and use of dropbear ssh for mount time >> entry of LUKS pass phrases as I do with some current wheezy >> servers. Is there well documented ways to get systems up with >> these requirements? > > As above; otherwise I think "full-disk encryption" is an odd > expression since there must be at the very least an unencrypted > bootloader, and typically the kernal and ramdisk too. Not really, I've got a couple of Thecus N4800Eco units, they have 4x 4TB disks inst
Re: kFreeBSD future
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/10/2014 6:35 AM, Steven Chamberlain wrote: > On 30/09/14 20:03, brunomaxi...@openmailbox.org wrote: > The remaining concern would be having enough people involved. I'm > certainly not the only active developer; Christoph has been testing and > doing all the uploads since DebConf, this month Petr fixed a glibc issue > for us, Axel updated the manpages package, Sylvestre Ledru helped port > clang-3.4 to build our kernels, Jeff Epler's patch for partman finally > made it into d-i, several people have sent installation reports, and > today I saw someone new contribute a patch for a package that was FTBFS > on kfreebsd. I haven't heard from Robert in some time, so I had to > learn how to do the 10.1 userland packaging myself, but that's done now, > and if he comes back he can of course help us a lot with whatever needs > to be done during freeze. So, is there currently ANY concern that kFreeBSD won't continue for Jessie and/or beyond Jessie? Are there enough people involved now to remove the risk for new users coming on board to use kFreeBSD, such as those needing an exit strategy from systemd on the main Debian release? Also, if people move systems to kFreeBSD and kFreeBSD stops being properly maintained and supported, is there a good migration path to FreeBSD or would it be a case of learning the whole FreeBSD system /ways/ over the Debian /ways/ ? How about ZFS, would the data on ZFS volumes be easily migrated, without rebuilding ZFS setups from scratch if the need arose? What is the status of virtualization? I would like to replace xen which I am currently using with squeeze-lts -- is xen going to work with kFreeBSD? Is bhyve going to be a realistic option to use on kFreeBSD? I am also interested in using FDE (full disk encryption), including / file system and use of dropbear ssh for mount time entry of LUKS pass phrases as I do with some current wheezy servers. Is there well documented ways to get systems up with these requirements? Thank you A. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlQ8FEQACgkQqBZry7fv4vviVQD/fCE1LaEKqCbH3HocudKf2agV xNfE6K0wL9pcadPgaIkA/0+DePAc7oIf9PDxQTsmekL95weatUAiWufZq+9nSqW0 =Prlq -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543c1446.4060...@affinityvision.com.au
Re: Upcoming Squeeze point release 6.0.2
Hi Adam, Adam D. Barratt wrote: That issue has been corrected, and the point release is being re-published this morning as 6.0.2.1. There are no changes in package content; the only difference from the original 6.0.2 (aside from versioning in Release files, etc.) is the fix to the Packages files. Then, shouldn't that be 6.0.2a just like which occurred previously to result in 6.0.1a to replace 6.0.1 -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e0734db.1050...@affinityvision.com.au