pcscd using large amounts of ram and swap space on pfsense 2.5.2 CE
-
@jimp said in pcscd using large amounts of ram and swap space on pfsense 2.5.2 CE:
patch which makes pcscd optional and off by default
If 21.09 is indeed being skipped, maybe Netgate should consider a point release with this? It seems like it would affect basically all installs.
-
@jimp Thank you jimp I will look into using those methods. I wasn't aware they were available. Now does pfSense 2.5.2 CE already have this patch applied or is there a patch update for 2.5.2 addressing this issue that I haven't installed?
Will the patch you linked be applied to the next release of pfSense CE then?
Also I'm not using IPsec VPNs but thank you for pointing that out.
-
@tman904 That's the patch I referenced above. :) No it's not in 2.5.2, and yes it should be in the next release as they generally include all fixes up until that point. It's actually listed in the 21.09 release notes, which would "pair" with 2.6, though it sounds like that version is getting skipped based on other forum threads.
-
@steveits Sorry about that Steve. :( I checked out the link for the redmine issue but for the life of me I can't find the patch for pcscd in order to apply it to my pfSense.
-
@tman904 The URL Jim linked is direct to the note with the patch commit ID (afcc0e9c97c1993ae6b95f886665fcb4375d26c7). Apply via System Patches. Or, in your case it sounds like you've already disabled it manually.
-
@steveits I did disable pcscd and it solves the issue as long as the system stays running after executing those commands. But as @jimp said I have to use the php commands in order to keep it disabled. As soon as I rebooted it starts again when using the traditional rc.conf boot commands.
I appreciate the guidance on using the patch I haven't patched a pfsense system before and had no clue where to start lol.
Update:
I've applied the pcscd patch and rebooted. Now it seems that pcscd is disabled properly! :)
One last question though. When I apply a patch to my system does that affect the ability to upgrade it through the normal builtin way or are there certain patches that could hinder that process I might apply in the future?
-
No. And in fact that patch is already included in newer versions. When you upgrade it will simply show as already applied and you can delete the patch from the System Patches package to prevent accidentally reverting it.
Steve
-
@stephenw10 Thank you Stephnew that clears up my confusion around updating and patching.
-
@jimp in my opinion, this issue warrants an advisory sent to users, and also a note in Known issues.
As an idea, I'd also love if advisories could be checked by internet facing boxes (those that can talk to the Netgate servers) and shown in the GUI and pushed via alerts to whatever is configured as alert system (Telegram for example).
-
-
-
This post is deleted! -
-
-
-