A hodge podge of notes on some of the things that were not so obvious to me in getting a Xen instance of NetBSD up and running. And latterly bits and pieces with NetBSD on a ye-olde laptop and then a Dell Optiplex after the laptop died.
In following the instructions need to do mount /dev/xvdb /mnt/xvdb
in one line; I edited the wiki to suit.
Upgrading is pretty much exactly as per the installation. Boot the Finnix rescue image, download the new Xen kernel and install packages, reboot into the NetBSD profile, but select the "install NetBSD" option at the grub menu (that was set-up in the first installation) and follow the sysint upgrade instructions.
When upgrading it's xvdb1 as per the wiki notes.
When upgrading with an encrypted partition (I have /home) it'll fail to mount that partition. Have to force it to "try" in order to continue with the upgrade.
See man afterboot
and man 7? tests
(<-- Cool, these are Julio Merino's)
Also if you miss the messages the first time round you can run sudo postinstall check
to see what "failed", assuming you have up to date sources in /usr/src
, etc; Alternatively in /var/cache/sysupgrade/
; If you download source sets need to get etc.tgz
from relevant port, e.g: ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-8.0/amd64/binary/sets/.
I did this on Linode to take advantage of their new infrastructure. I was fortunate that I had /home on a separate partition so I basically did a new install, keeping the existing partitions and then copied back /etc files I'd backed-up.
Set kern.maxfiles=
in /etc/sysctl.conf
. Default is 3404 which is pretty low.
I couldn't get npf
or pf
firewalls to work. I just got "/dev/pf device not configured". Tried rebuilding MAKEDEV
, because of something I read after searching, but it didn't really work and so then I wished I hadn't. Managed to put things back the way they were and then found that it's because npf and pf are not enabled in the Xen Kernels.
So that left ipf, as I really didn't want to get into building my own kernel so soon.
ipf
need ipfilter=YES
in rc.conf
.ipf -Fa -f /etc/ipf.conf
sudo /etc/rc.d/ipfilter restart
sudo /etc/rc.d/network restart
(I initially thought this and a ipfilter restart were good ways of fixing things when the firewall had gone "screwy" and I'd lost ipv6 connectivity, but they aren't really fixes. For instance restarting the network can get back ipv6 connectivity temporarily, but the firewall rules can then kill it again; I think the true issue was icmp packets, see below)ioctl(add/insert rule): File exists
when reloading rules it is because there is a duplicate (redundant) rulequick
keyword can be added to any rule that makes the rule take action at that match.ipf6.conf
is to leave icmp completely alone. Whether it's due to bugs in ipfilter or my incompetence on networking (it is confusing) a default block on tcp/udf/icmp will seemingly always take precedence over any allows on icmp. I even got to a point where I was logging blocks and I'd made sure no icmp packets were being blocked in the logs, but ipv6 still wasn't working. As soon as I changed my default blocks to target only tcp/udp it worked. Might need to set this in a few places:
.muttrc
set hostname
if don't want to use the domain in resolv.conf
(for local message-ids)/etc/postfix/main.cf
/etc/myname
and /etc/defaultdomain
Restart network, etc to pick up changes
For setting hostname see afterboot
manpage. Put in a file called /etc/myname
.
For now I have just gone with bash
as I am used to it and have it configured how I want. But I am interested in switching to mksh
at some point.
chsh -s /bin/mksh
Don't try to set $MANPATH
instead do something like:
alias man="man -m /usr/local/share/man/"
There is no /etc/ssl/cacerts
, etc on NetBSD. There is an openssl package to install, but you still won't end up with any certs. You have to install certs from curl. See this answer on Stackoverflow.
For Ruby and open-uri
just export SSL_CERT_FILE.
[Update: 2016-05-13] Install the Mozilla certs and just set environment variables pointing at those.
It took me a bit to get IPV6 working, but mainly because somehow I kept missing the correct bit of the documentation and instead went off tidbits from mailing lists, etc that got me into a muddle. At one point I'd unnecessarily tried to manually add a route, which left me IPV6 that wouldn't resolve routes. As a result I came across this utterly shit ipv6 issue in Python; By having an incorrectly configured IPV6 route it just hung when I was using snose.
NetBSD comes with its own Curses implementation, which is both good and bad. I like having it in the base install, but because it is it's own implementation I've noticed a few glitches to do with screen refreshing/re-painting - i.e bits of text from previous screens can stick around. My main bug-bear is snownews which has loads of these display glitches. I've tried building against ncurses (and ncursew, both available via PKGSRC), but I seem to then get a different bunch of display issues (which really confuses me as I had no issues on OSX 10.5 and that wasn't an exactly with-the-times OS).
ldd /path/to/binary
Ah ha! Figured it out. It's a Tmux thing. Outside of Tmux, then ncurses built stuff works fine, inside Tmux it's a bit screwy. So this should be fixable, somehow (worst come to the worst I could stop usinf Tmux and use something else). Ok, for now it's as simple as ensuring I have export TERM=xterm-color
as opposed to just xterm
(not that I'm using xterm, but that's another issue).
On patching the mutt-notmuch
thing like I had to do on OSX, as in this bit:
" | xargs -J % ln -s % $maildir/cur/");
This is tidier than the GNU one I ended up with on OSX. NetBSD's xargs does not run on empty by default. And then I just needed to place the %
args in correct place.
For the bits and bobs I needed for Perl I mostly used the p5-
packages. Failing that cpanminus
again - It's awesome (I think the only thing I needed to install via cpanminus was TTYtter's readline)
To avoid the locale messages I just set LC_CTYPE
and LC_MESSAGES
.
[Note: 2015-01-04] I don't know if related to switching to 64-bit, but cpanm won't install Term::ReadLine::Gnu@1.24 (needed for Notmuch mutt integration) or the most recent version at the time of trying which was 1.25. Instead I installed via pkgin (p5-Term-ReadLine, version 1.24 at the time). It could have also been the case for 32-bit, I can't remember how I installed it then.
Similar issues to Perl with LC_CTYPE
and encoding, etc when building some gems.
For installing packages to match required version (say if have Python2.7 and 3.3 installed) need to do:
make PYTHON_VERSION_DEFAULT=33 install
Of course, not all packages seem to support this.
I forgot that when I first installed this in order to get Lua support there was a bit of fiddling around required. And at the time of writing the pkgsrc version still won't work correctly by default, especially since it now incorrectly says it requires Lua 5.2 (won't work, even in elinks master/head it is still only 5.1).
LUA_VERSION_DEFAULT=51
in mk.confThen you need to do the pkgsrc bits in stages, i.e:
make fetch
make extract
make patch
Then manually "patch" the configure
file (because there is an existing pkgsrc patch for the configure file so I don't think it is possible to include a local one as well) and the line for suffix in "" 50; do
and change to for suffix in "" 51 5.1;
do
and carry on:
make configure
make build
make install
Had to do make install
from the actual work directory to get the dpid bits and thus ssl to work. Also from pkgsrc rather than binary.
The only package available for nzbget is in "wip" and doesn't build, but it is for a really old version, 0.7.0. hellanzb is available in pkgsrc "news" which means there is also a binary available for install. So although I was used to nzbget I decided hellanzb might be a quicker option.
This patch/fix is needed for hellanzb. I couldn't get it working though - although the server bit of it would start I couldn't get anything to queue or download (but in hindsight I think the nzb file I was supplying was corrupt).
So I went back to nzbget and decided to build from source (which I should have done first of all, also in hindsight). Required libpar2 headers to be identified like so (older version of libpar2 in pkgsrc hence the "disable bugfixes check" bit):
./configure --with-libpar2-includes=/usr/pkg/include --disable-libpar2-bugfixes-check
But otherwise builds fine.
Need to specify the compiler version as default is too old
cmake -DCMAKE_CXX_COMPILER=/usr/pkg/gcc49/bin/g++ -DCMAKE_C_COMPILER=/usr/pkg/gcc49/bin/gcc
Which I mainly use for the radio. Adding this now because I recently updated mpv and somehow could only play audio as root. Couldn't figure it out. But it was a pulseaudio thing. Pulse audio needs dbus to be running, then mpv plays as non-root; There's a possibility I'd built mpv previously not to use pulseaudio (because it's crap) and I just used OSS instead, but if so I can't recall for sure. Anyway, works again now. See: https://pinboard.in/u:atomicules/b:07e837c2c16c.
For binary package installs you need to export a path like so:
export PKG_PATH="http://ftp.NetBSD.org/pub/pkgsrc/packages/NetBSD/i386/6.0/All"
Although it might make more sense to use a local mirror:
export PKG_PATH="http://ftp.fr.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/6.0.1/All"
To avoid doing this every single time you wish to use pkg_add
then you need to set a default shell for Root and you can then use one of the default profiles provided to permanently set PKG_PATH
. E.g. for csh
edit .cshrc
and uncomment the path bits.
Note these paths are in some of the root account dotfiles for various shells. Just nee uncommenting.
More on PKG_PATH here.
Basically use pkgin. Install that via pkg_add then go from there.
csup
stuff for pkgsrc cvs. I think that is out of date; In fact is the wiki trustworthy at all? Probably best stick to the FAQ, Guide and Man pages. Anyway, just do it by hand.cd /usr/pkgsrc && cvs -q -z2 -d anoncvs@anoncvs.NetBSD.se:/cvsroot checkout -P wip
make show-options
is like variants under macports, but then have to manually edit a /etc/mk.conf
file to add them in. Which seemed a little weird at first, but I like it now as then it's configuration file like any other that you can back up and move around between systems.mkpatches
works well (install pkgdiff
). I got a i915drmkms panic/crash. Need to go to boot prompt, option 4, type userconf disable i915drmkms
and then boot. I have just set this as a boot option as I have no need to get the newer graphics drivers working:
menu=Disable i915drmkms:rndseed /var/db/entropy-file;userconf disable i915drmkms;boot netbsd
Using wlanctl <interface> to find wireless signal strength (rssi). E.g: wlanctl urtwn0
might have an rssi of 20. 0 is no signal. 20 is a bit pants, but for some reason it insists on connecting to the furthest away access point.
Don't use poweroff
as the shutdown scripts don't get run. This means the entropy-file doesn't get created. Use shutdown
instead. Probably same deal goes for reboot
as well.
Can get a long way with these:
I never ever remember this, but the display power management / sleep stuff is done via xset
:
xset q
[...]
DPMS (Energy Star):
Standby: 600 Suspend: 600 Off: 600
DPMS is Enabled
Monitor is On
To change:
xset dpms [standby [suspend [off]]]
Check /var/run/rc.log
for startup messages