A hodge podge of notes on some of the things that were not so obvious to me in getting a Xen instance of NetBSD up and running. And latterly bits and pieces with NetBSD on a ye-olde laptop and then a Dell Optiplex after the laptop died.
In following the instructions need to do
mount /dev/xvdb /mnt/xvdb in one line; I edited the wiki to suit.
Upgrading is pretty much exactly as per the installation. Boot the Finnix rescue image, download the new Xen kernel and install packages, reboot into the NetBSD profile, but select the "install NetBSD" option at the grub menu (that was set-up in the first installation) and follow the sysint upgrade instructions.
When upgrading it's xvdb1 as per the wiki notes.
When upgrading with an encrypted partition (I have /home) it'll fail to mount that partition. Have to force it to "try" in order to continue with the upgrade.
man afterboot and
man 7? tests (<-- Cool, these are Julio Merino's)
Also if you miss the messages the first time round you can run
sudo postinstall check to see what "failed", assuming you have up to date sources in
/usr/src, etc; Alternatively in
/var/cache/sysupgrade/; If you download source sets need to get
etc.tgz from relevant port, e.g: ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-8.0/amd64/binary/sets/.
I did this on Linode to take advantage of their new infrastructure. I was fortunate that I had /home on a separate partition so I basically did a new install, keeping the existing partitions and then copied back /etc files I'd backed-up.
I couldn't get
pf firewalls to work. I just got "/dev/pf device not configured". Tried rebuilding
MAKEDEV, because of something I read after searching, but it didn't really work and so then I wished I hadn't. Managed to put things back the way they were and then found that it's because npf and pf are not enabled in the Xen Kernels.
ipf -Fa -f /etc/ipf.conf
sudo /etc/rc.d/ipfilter restart
sudo /etc/rc.d/network restart(I initially thought this and a ipfilter restart were good ways of fixing things when the firewall had gone "screwy" and I'd lost ipv6 connectivity, but they aren't really fixes. For instance restarting the network can get back ipv6 connectivity temporarily, but the firewall rules can then kill it again; I think the true issue was icmp packets, see below)
ioctl(add/insert rule): File existswhen reloading rules it is because there is a duplicate (redundant) rule
quickkeyword can be added to any rule that makes the rule take action at that match.
ipf6.confis to leave icmp completely alone. Whether it's due to bugs in ipfilter or my incompetence on networking (it is confusing) a default block on tcp/udf/icmp will seemingly always take precedence over any allows on icmp. I even got to a point where I was logging blocks and I'd made sure no icmp packets were being blocked in the logs, but ipv6 still wasn't working. As soon as I changed my default blocks to target only tcp/udp it worked.
Might need to set this in a few places:
hostnameif don't want to use the domain in
resolv.conf(for local message-ids)
Restart network, etc to pick up changes
For setting hostname see
afterboot manpage. Put in a file called
For now I have just gone with
bash as I am used to it and have it configured how I want. But I am interested in switching to
mksh at some point.
chsh -s /bin/mksh
Don't try to set
$MANPATH instead do something like:
alias man="man -m /usr/local/share/man/"
There is no
/etc/ssl/cacerts, etc on NetBSD. There is an openssl package to install, but you still won't end up with any certs. You have to install certs from curl. See this answer on Stackoverflow.
For Ruby and
open-uri just export SSL_CERT_FILE.
[Update: 2016-05-13] Install the Mozilla certs and just set environment variables pointing at those.
It took me a bit to get IPV6 working, but mainly because somehow I kept missing the correct bit of the documentation and instead went off tidbits from mailing lists, etc that got me into a muddle. At one point I'd unnecessarily tried to manually add a route, which left me IPV6 that wouldn't resolve routes. As a result I came across this utterly shit ipv6 issue in Python; By having an incorrectly configured IPV6 route it just hung when I was using snose.
NetBSD comes with its own Curses implementation, which is both good and bad. I like having it in the base install, but because it is it's own implementation I've noticed a few glitches to do with screen refreshing/re-painting - i.e bits of text from previous screens can stick around. My main bug-bear is snownews which has loads of these display glitches. I've tried building against ncurses (and ncursew, both available via PKGSRC), but I seem to then get a different bunch of display issues (which really confuses me as I had no issues on OSX 10.5 and that wasn't an exactly with-the-times OS).
Ah ha! Figured it out. It's a Tmux thing. Outside of Tmux, then ncurses built stuff works fine, inside Tmux it's a bit screwy. So this should be fixable, somehow (worst come to the worst I could stop usinf Tmux and use something else). Ok, for now it's as simple as ensuring I have
export TERM=xterm-color as opposed to just
xterm (not that I'm using xterm, but that's another issue).
On patching the
mutt-notmuch thing like I had to do on OSX, as in this bit:
" | xargs -J % ln -s % $maildir/cur/");
This is tidier than the GNU one I ended up with on OSX. NetBSD's xargs does not run on empty by default. And then I just needed to place the
% args in correct place.
For the bits and bobs I needed for Perl I mostly used the
p5- packages. Failing that
cpanminus again - It's awesome (I think the only thing I needed to install via cpanminus was TTYtter's readline)
To avoid the locale messages I just set
[Note: 2015-01-04] I don't know if related to switching to 64-bit, but cpanm won't install Term::ReadLine::Gnu@1.24 (needed for Notmuch mutt integration) or the most recent version at the time of trying which was 1.25. Instead I installed via pkgin (p5-Term-ReadLine, version 1.24 at the time). It could have also been the case for 32-bit, I can't remember how I installed it then.
Similar issues to Perl with
LC_CTYPE and encoding, etc when building some gems.
For installing packages to match required version (say if have Python2.7 and 3.3 installed) need to do:
make PYTHON_VERSION_DEFAULT=33 install
Of course, not all packages seem to support this.
I forgot that when I first installed this in order to get Lua support there was a bit of fiddling around required. And at the time of writing the pkgsrc version still won't work correctly by default, especially since it now incorrectly says it requires Lua 5.2 (won't work, even in elinks master/head it is still only 5.1).
Then you need to do the pkgsrc bits in stages, i.e:
Then manually "patch" the
configure file (because there is an existing pkgsrc patch for the configure file so I don't think it is possible to include a local one as well) and the line
for suffix in "" 50; do and change to
for suffix in "" 51 5.1;
do and carry on:
Had to do
make install from the actual work directory to get the dpid bits and thus ssl to work. Also from pkgsrc rather than binary.
The only package available for nzbget is in "wip" and doesn't build, but it is for a really old version, 0.7.0. hellanzb is available in pkgsrc "news" which means there is also a binary available for install. So although I was used to nzbget I decided hellanzb might be a quicker option.
This patch/fix is needed for hellanzb. I couldn't get it working though - although the server bit of it would start I couldn't get anything to queue or download (but in hindsight I think the nzb file I was supplying was corrupt).
So I went back to nzbget and decided to build from source (which I should have done first of all, also in hindsight). Required libpar2 headers to be identified like so (older version of libpar2 in pkgsrc hence the "disable bugfixes check" bit):
./configure --with-libpar2-includes=/usr/pkg/include --disable-libpar2-bugfixes-check
But otherwise builds fine.
Need to specify the compiler version as default is too old
cmake -DCMAKE_CXX_COMPILER=/usr/pkg/gcc49/bin/g++ -DCMAKE_C_COMPILER=/usr/pkg/gcc49/bin/gcc
Which I mainly use for the radio. Adding this now because I recently updated mpv and somehow could only play audio as root. Couldn't figure it out. But it was a pulseaudio thing. Pulse audio needs dbus to be running, then mpv plays as non-root; There's a possibility I'd built mpv previously not to use pulseaudio (because it's crap) and I just used OSS instead, but if so I can't recall for sure. Anyway, works again now. See: https://pinboard.in/u:atomicules/b:07e837c2c16c.
For binary package installs you need to export a path like so:
Although it might make more sense to use a local mirror:
To avoid doing this every single time you wish to use
pkg_add then you need to set a default shell for Root and you can then use one of the default profiles provided to permanently set
PKG_PATH. E.g. for
.cshrc and uncomment the path bits.
Note these paths are in some of the root account dotfiles for various shells. Just nee uncommenting.
More on PKG_PATH here.
Basically use pkgin. Install that via pkg_add then go from there.
csupstuff for pkgsrc cvs. I think that is out of date; In fact is the wiki trustworthy at all? Probably best stick to the FAQ, Guide and Man pages. Anyway, just do it by hand.
cd /usr/pkgsrc && cvs -q -z2 -d anoncvs@anoncvs.NetBSD.se:/cvsroot checkout -P wip
make show-optionsis like variants under macports, but then have to manually edit a
/etc/mk.conffile to add them in. Which seemed a little weird at first, but I like it now as then it's configuration file like any other that you can back up and move around between systems.
mkpatchesworks well (install
I got a i915drmkms panic/crash. Need to go to boot prompt, option 4, type
userconf disable i915drmkms and then boot. I have just set this as a boot option as I have no need to get the newer graphics drivers working:
menu=Disable i915drmkms:rndseed /var/db/entropy-file;userconf disable i915drmkms;boot netbsd
Using wlanctl <interface> to find wireless signal strength (rssi). E.g:
wlanctl urtwn0 might have an rssi of 20. 0 is no signal. 20 is a bit pants, but for some reason it insists on connecting to the furthest away access point.</interface>
poweroff as the shutdown scripts don't get run. This means the entropy-file doesn't get created. Use
shutdown instead. Probably same deal goes for
reboot as well.
Can get a long way with these: