<    March 2017    >
Su Mo Tu We Th Fr Sa  
          1  2  3  4  
 5  6  7  8  9 10 11  
12 13 14 15 16 17 18  
19 20 21 22 23 24 25  
26 27 28 29 30 31
00:42 blueness joined
01:14 blueness joined
01:31 duncaen joined
01:51 gromero joined
02:01 duncaen joined
02:58 s33se_ joined
03:11 hairyhenderson joined
04:12 <TemptorSent> Found bug in 'mount' that may be responsible for odd behavior at boot.
04:13 <TemptorSent> /dev/sda2 is mounted on /mnt (ext4), then /mnt/tmp bind mounted over /tmp, which is working as expected.
04:15 <TemptorSent> however both invoking 'mount' and checking /proc/mounts show '/dev/sda2 /mnt ext4 rw,relatime,data=ordered 0 0' '/dev/sda2 /tmp ext4 rw,relatime,data=ordered 0 0', and no indcation of the bind source directory.
04:16 <TemptorSent> I suspect this is what's breaking the unmounting of the bind-mounted /proc in the initramfs. Any thoughts on to where this behavior is coming from? I suspect it is recent considering the lack or breakage reported.
04:17 <TemptorSent> libc musl problem perhaps?
04:18 <TemptorSent> Or is it a kernel issue on the revision I happen to be running (4.9.10)
05:42 blueness joined
06:27 <kaniini> ncopa: i should have PaX roughly 40% split out by this weekend
06:30 <tmh1999> *me
06:30 <tmh1999> that's amazing
06:34 <kaniini> as an aside, i am also auditing the PaX source as i split it out
06:35 <kaniini> that audit has lead me to believe that PaX only really works correctly on x86/arm -- my ventures outside of that have observed logic errors in the implementation in functions like copy_to_user()
06:36 <kaniini> lols
07:09 vakartel joined
07:26 <tmh1999> I am wondering normally how do we do the testing procedures ?
07:32 t0mmy joined
07:56 volleyper joined
08:25 <ncopa> interesting
08:26 <ncopa> bwrap --version
08:26 <ncopa> on x86_64 in lxc container works
08:26 <ncopa> on aarch64 i get the error:
08:26 <ncopa> bwrap --version
08:26 <ncopa> Dropping capability 0 from bounds: Operation not permitted
08:26 <ncopa> with sudo it works
08:27 fekepp joined
08:27 t0mmy joined
08:28 <ncopa> running it in strace also works
08:30 <_ikke_> heisenbug
08:30 <ncopa> ah
08:30 <ncopa> its suid root
08:30 <ncopa> -rwsr-xr-x 1 root root 51280 Mar 14 14:50 /usr/bin/bwrap
08:31 <ncopa> !?
08:32 <ncopa> $ ls -l $(which bwrap)
08:32 <ncopa> -rwsr-xr-x 1 root root 38616 Mar 14 18:18 /usr/bin/bwrap
08:32 <ncopa> $ ls -l ./bwrap
08:32 <ncopa> -rwxr-xr-x 1 ncopa ncopa 50656 Mar 16 08:29 ./bwrap
08:33 <ncopa> $ ./bwrap --version
08:33 <ncopa> bubblewrap 0.1.7
08:46 <ncopa> its missing CAP_SETPCAP
09:19 royger joined
09:56 blueness joined
09:57 fekepp joined
10:11 blueness joined
10:27 blueness joined
10:56 blahdodo joined
11:06 fabled joined
11:08 blueness joined
11:45 skarnet joined
11:55 <tmh1999> fabled : I forgot to add YAMA to linux-vanilla patch ;)
12:05 <^7heo> do we have a script that spawns a copy of the alpine base, and runs a chroot on it?
12:13 farosas joined
12:15 ferseiti joined
12:20 volleyper joined
12:20 <ncopa> ^7heo: docker run --rm -it alpine ... :-p
12:22 gromero joined
12:34 leitao joined
12:46 BitL0G1c joined
12:54 gromero joined
12:54 <^7heo> ncopa: without having 10 metric tons of bloatware to do weird stuff I don't need :P
12:55 <^7heo> I thought that maybe jirutka had done something like that.
12:55 temp joined
12:58 <ncopa> i think he had
12:58 <^7heo> Right?
13:03 <jirutka> ^7heo: this? https://github.com/jirutka/alpine-chroot-install/
13:03 <^7heo> maybe.
13:03 <^7heo> Lemme have a quick look.
13:04 <^7heo> I think that is it yes.
13:04 <^7heo> I'll try it today.
13:04 <^7heo> jirutka: I have to give you kudos for that.
13:04 <^7heo> The readme is excellent.
13:05 <jirutka> thanks :)
13:05 <^7heo> The documentation is a bit verbose in the source.
13:05 <jirutka> i should move it under alpinelinux org
13:05 <^7heo> Definitely.
13:05 <^7heo> That is a very interesting tool to have.
13:06 <^7heo> the only advantage docker would have over your script is that docker does network.
13:06 <^7heo> but your script has several advantages over docker :P
13:07 <^7heo> I don't know the syntax `: ${...}`
13:07 <^7heo> What does it do?
13:08 <^7heo> I get that ${ALPINE_BRANCH:="v3.4"} is returning ALPINE_BRANCH and defaulting to "v3.4"
13:08 <fabled> ^7heo, ':' is basically no-op, so the effect is ${}'s side effect
13:08 <^7heo> fabled: I know that : is basically noop
13:08 <fabled> for := it is assign variable if it's not defined
13:09 <^7heo> assigning?
13:09 <^7heo> I thought it was returning.
13:09 <^7heo> like
13:09 <^7heo> ${foo:-bar}
13:09 <^7heo> oh wait
13:09 <^7heo> :- is returning
13:09 <^7heo> := might be assigning.
13:09 <^7heo> that might be what I was missing there.
13:09 <fabled> If parameter is unset or null, the expansion of word is assigned to parameter. The value of parameter is then substituted. Positional parameters and special parameters may not be assigned to in this way.
13:10 <^7heo> thanks dog, they wrote "substituted", not "interpolated".
13:10 <^7heo> (shouldn't it be "subsitued" btw?)
13:10 <^7heo> Ok
13:11 temp left
13:11 <^7heo> the other thing I don't understand about this syntax is: as far as I have understood, from what I read, `:` is equivalent to a comment. Everything coming after will be ignored until newline.
13:11 <^7heo> Does it have a different behavior?
13:12 <fabled> it's needed to ignore the substituted value
13:12 <fabled> it's not comment, the stuff is still evaluated, but after that it's not executed
13:12 <fabled> thus it's different from '#' which treats remainder as comment
13:13 <^7heo> evaluated but not executed...
13:13 <fabled> yeah
13:13 <^7heo> man eval
13:13 <^7heo> The eval utility shall construct a command by concatenating arguments together, separating each with a <space> character. The constructed command shall be read and *executed* by the shell.
13:13 <^7heo> Now I'm lost :P
13:13 <^7heo> What do you mean by evaluated?
13:14 <^7heo> (I got that it's not the meaning you wanted to put in it, but I don't understand how you can evaluate something without executing it)
13:23 <^7heo> Well, does not matter, actually.
13:23 <^7heo> It's not like I care much about shell.
13:35 <^7heo> fabled: if you feel like explaining what "evaluated but not executed" means, I'm really interested, tho.
13:35 <^7heo> (even if I said I didn't care much - I do care about understanding stuff and that's gonna bug the hell outta me for hours otherwise)
13:37 <fabled> http://unix.stackexchange.com/questions/31673/what-purpose-does-the-colon-builtin-serve
13:39 <^7heo> fabled: right, I could have used my favorite search engine to get that answer. Sorry and thanks for your time.
13:42 <^7heo> Oh, so that is an exploit of an undocumented implementation specific detail...
13:42 <^7heo> not so neat =/
13:43 <^7heo> ie. http://unix.stackexchange.com/a/39768/28394
13:51 <^7heo> "Let's further suppose that you are a cretin and insist upon programming csh scripts."
13:51 <^7heo> (source: http://www.faqs.org/faqs/unix-faq/faq/part3/section-16.html)
13:51 <^7heo> <3
13:58 <^7heo> But it still does not explain how ':' works.
13:59 <jirutka> : is basically just a shorthand for true
13:59 <^7heo> not according to what I've found.
13:59 <^7heo> according to the user Gilles on SO, it's supposed to be (like in C) the start of a label
14:00 <^7heo> for a goto.
14:00 <jirutka> my script just sets up plain old chroot, without any namespaces, so you can use the host’s network
14:00 <^7heo> But since bash doesn't have goto's, it doesn't have use for labels
14:00 <^7heo> and just ignores all the things coming after `:`.
14:00 <^7heo> That still does not explain why the rest of the line is read and interpreted.
14:01 <^7heo> jirutka: yeah I like your script.
14:01 <jirutka> it does not do any isolation, so it’s not comparable with docker, but totally fine for CI or similar use cases
14:01 <^7heo> jirutka: I just stumbled upon that `:` operator used in a different way than I've seen it used so far.
14:01 <^7heo> which is raising my curiosity to insane levels.
14:01 <jirutka> it do the same as our script in alpinelinux/aports that builds pkgs on Travis
14:01 <^7heo> "does not do any isolation"
14:02 <jirutka> imo `: ${foo:=bar}` is almost idiomatic use of : :)
14:02 <^7heo> not true, chroot is some kind of isolation.
14:02 <jirutka> well, yes…
14:02 <^7heo> But I got what you meant: it's not doing cgroups/network isolation.
14:02 <jirutka> but just a FS isolation
14:02 <^7heo> yeah
14:02 <jirutka> yes
14:02 <^7heo> but FS isolation is the most important one.
14:02 <jirutka> heh, however, it can be very simply added ;)
14:02 <^7heo> indeed.
14:03 <jirutka> using unshare and ip
14:03 <^7heo> What bugs me is:
14:04 <^7heo> why is : behaving differently than # and where is this documented?
14:04 <^7heo> and behaving differently than true, too.
14:04 <jirutka> well, why true behaves differently than # ?
14:04 <^7heo> ah no it's behaving like true.
14:04 <jirutka> maybe because there are totally different? :) `:` has nothing in common with a comment
14:04 <^7heo> I just have overlooked it.
14:05 <^7heo> I think I start to understand.
14:05 <jirutka> `: ${foo:=bar}` is a shorthand for `foo="${foo:-bar}"`
14:05 <^7heo> True being an external program (not a necessarily a builtin)
14:05 <^7heo> (depending on the shell)
14:06 <^7heo> the shell needs to FIRST process the arguments
14:06 <^7heo> and THEN invoke the binary with said arguments
14:06 <^7heo> because it has no knowledge that true is true, it could be /bin/echo.
14:07 <jirutka> yes, it can
14:07 <^7heo> I see now.
14:07 <jirutka> echo is special, it behaves quite strange, but try e.g. ls ${foo:=42}
14:07 <^7heo> It's not an operator, it's just a shorthand for something that shouldn't be assumed to be a builtin.
14:08 <jirutka> actually, it works even with echo
14:08 <^7heo> and therefore, cannot rely on the fact that it knows that the execution has to be stopped there.
14:08 <^7heo> but
14:08 <^7heo> yeah because echo can be /bin/echo
14:08 <^7heo> echo isn't necessarily a builtin either.
14:09 <^7heo> first, the origins of `:` == `true` seem to be extremely shady.
14:09 <^7heo> and second, the it isn't specified anywhere, as far as I've been able to see.
14:09 <^7heo> That bugs the hell out of me.
14:11 <skarnet> you are looking for logic in the shell. That's a recipe for failure and frustration.
14:12 <^7heo> I'll take your educated word for it.
14:12 <skarnet> The shell isn't made of logic. It's made of historical cruft that has fossilized.
14:12 <ncopa> fcolista: community/tint2 get different checksum on downloads
14:12 <^7heo> Seems like it yeah.
14:12 <^7heo> ncopa: it's tinted.
14:12 <* ^7heo> hides
14:12 <fcolista> ncopa, let me check
14:14 <fcolista> ncopa, i've checket the tag:
14:14 <fcolista> https://gitlab.com/o9000/tint2/tags
14:14 <fcolista> *s/checked/downloaded
14:17 <ncopa> abuild cleancache
14:17 <ncopa> and it will give different checksum
14:17 <fcolista> might be that the tar.gz is generated each time even thoug there's a tag?
14:17 <jirutka> ^7heo: ${foo:=42} is a shell expansion, shell processes these before executing commands
14:17 <fcolista> *thought
14:18 <ncopa> fcolista: yes i think it does so
14:18 leitao joined
14:18 <jirutka> ^7heo: just read how shell processes the command line, it’s not so complicated ;)
14:18 <ncopa> .gz might have a timestamp field
14:18 <^7heo> jirutka: I got that yes.
14:18 <ncopa> .bz2 should work, but i dont think it does either
14:18 <fcolista> liek github
14:18 <^7heo> jirutka: but since : is a builtin, and has no spec, and is there because it is a reminescence of the "goto labels"...
14:18 <fcolista> but what's the purpose of the tag at this point...
14:19 <^7heo> jirutka: It's hard to tell that it *has* to work that way.
14:19 <^7heo> jirutka: catch my drift?
14:19 <ncopa> its a tag in git
14:19 <jirutka> ^7heo: maybe I confused you with `echo` that it behaves differently, my fault, of course it doesn’t have any effect to expansions, it’s unrelated
14:19 <jirutka> ^7heo: well, actually now
14:19 <jirutka> s/now/no/
14:20 <jirutka> as I said, you can write even `ls ${foo:=42}` and it will also set foo to 42 if empty or unset
14:21 <fcolista> ncopa, yeah..but those tag helped in having a fixed checksum in github. Apparentrly not in gtlab
14:21 <fcolista> do you want me to upload it on dev.alpinelinux.org ?
14:21 <ncopa> i think github caches it
14:21 stwa joined
14:22 <jirutka> because shell processes expansions first, so it become `ls 42` and then executes `ls 42`; the important thing is that ${foo:=42} has a side effect, so when the expansion happen, it assigns 42 to foo (if foo is empty is unset)
14:22 <fcolista> I'm looking at tint2 git, but does not seems to have a "fixed" package
14:23 <ncopa> main/procps probaby have same issue
14:23 <ncopa> and mdds1.0
14:23 <jirutka> hm, GitLab… I thought that they provide stable tarballs
14:23 <ncopa> might be they do
14:23 <ncopa> but maybe they updated git
14:24 <ncopa> i had the same issue with generated tarballs on cgit
14:24 <jirutka> but to be honest I’m not very surprised that it doesn’t work, b/c they way of providing tarballs is crappy
14:24 <ncopa> .gz has a timestamp in there
14:24 <kaniini> hi
14:24 <ncopa> .bz2 has not
14:24 <ncopa> hi kaniini
14:25 <* kaniini> is hoping to chew through a good chunk of PaX this afternoon
14:26 <skarnet> I feel for your teeth
14:26 <mitchty> gzip -N is the only sane way to use gzip
14:27 <ncopa> kaniini: do you think we will be able to maintain pax patch?
14:27 <ncopa> i know they are upstreaming bits of it with KSPP
14:27 <mitchty> sorry -n rather
14:27 <mitchty> -N is the opposite/default of saving timestamp
14:27 <fcolista> ncopa: do you want me to update the checksum and commit the updated APKBUILD ?
14:27 <ncopa> which is the reason spender closes the public patch
14:27 <ncopa> fcolista: yeah pleas do so
14:28 <kaniini> ncopa: i think at the very least, it will be much easier for KSPP to upstream stuff from PaX after i am done with this
14:29 <ncopa> it will annoy spender
14:29 <ncopa> i dont know if its wise
14:29 <fcolista> uff
14:30 <^7heo> jirutka: sorry, went to make food
14:30 <jirutka> do we really care if it’d annoy spender?
14:30 <^7heo> jirutka: I think poeple would be amused.
14:30 <^7heo> it's mean but it's true.
14:31 <jirutka> he closed even unstable patches, so we and Gentoo are quite in trouble with grsecurity now…
14:31 <^7heo> jirutka: essentially my point is: `:` is just existing because `:foo` was label foo in some previous shell, and isn't specified anywhere.
14:31 <ncopa> i kind of care. still trying to talk into some kind of solution
14:31 <fcolista> ncopa, i think you should delete the cached tar.gz
14:31 <jirutka> and if I haven’t missed something, he didn’t get us know in advance
14:31 <^7heo> jirutka: it could very well be the `else` operator in some future shell.
14:32 <skarnet> ncopa: annoying people is unwise when you expect things from them, when you plan to work with them in the future
14:32 <^7heo> jirutka: and because it has no specification, one cannot assume it is "a shorthand for true" at all times.
14:32 <^7heo> skarnet: untrue, there are a lot of human relationships based on annoyance.
14:32 <^7heo> skarnet: for further information, contact your administrations.
14:32 <jirutka> so if we will not violate the license, it should be totally okay
14:33 <^7heo> speaking of violating licenses
14:33 <^7heo> can we pick a name for firefox?
14:33 <skarnet> ncopa: but annoying someone who has shown a complete inability to work with others is a. not an issue, and b. cathartic
14:33 <^7heo> snow-wolf or something
14:33 <jirutka> skarnet: are we going to work with grsecurity in feature? it doesn’t look like, since it become a private project
14:34 <mitchty> colon is in posix though
14:34 <^7heo> mitchty: ah?
14:34 <^7heo> mitchty: where?
14:34 <kaniini> jirutka: while true, spender is ... very destructive when annoyed
14:34 <jirutka> what’s the problem with Firefox?
14:34 <skarnet> ^7heo: I suggest foxling, because alpine foxling (look it up)
14:34 <ncopa> i am still hoping we can find a solution to work with grsecurity
14:34 <mitchty> ^7heo: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
14:34 <jirutka> kaniini: hm, what can he do?
14:34 <mitchty> search for colon
14:34 <ncopa> and i think we should respect his wish
14:34 <kaniini> jirutka: DDoS
14:34 <^7heo> jirutka: it's disallowed to distribute any mozilla products that hasn't been compiled by mozilla, with the mozilla name on it.
14:34 <mitchty> or colon - null
14:34 <^7heo> jirutka: same goes for firefox.
14:35 <^7heo> mitchty: many thanks.
14:35 <ncopa> if nothing else for respect of his work
14:35 <jirutka> ^7heo: really? how other distributions handle it?
14:35 <^7heo> they ship it under a different name.
14:35 <^7heo> see iceweasel/
14:35 <^7heo> or they do not build it.
14:35 <^7heo> see ubuntu.
14:35 <jirutka> how it’s named in Fedora?
14:35 <^7heo> No idea.
14:35 <^7heo> I don't use it.
14:35 <^7heo> they might also take the binary from mozilla servers directly.
14:35 <skarnet> if someone DDoSses others when he's annoyed, how come he's not widely named and shamed?
14:36 <kaniini> idk
14:36 <jirutka> the package is definitely named firefox http://pkgs.fedoraproject.org/cgit/rpms/firefox.git/tree/firefox.spec?h=f26
14:36 <^7heo> skarnet: because nobody wants to talk first and be DDoSed
14:36 <^7heo> jirutka: right, so it's a binary taken from mozilla
14:36 <kaniini> no
14:36 <^7heo> jirutka: or they're illegal.
14:36 <kaniini> they compile it
14:36 <skarnet> since when do we negotiate with terrorists?
14:36 <kaniini> if you read the specfile
14:36 <^7heo> then they're illegal.
14:37 <kaniini> and no, mozilla allows distros to do this as long as you work with them to fix concerns they have with the packaging
14:37 <jirutka> no it’s not
14:37 <^7heo> skarnet: since IRC isn't a democracy.
14:37 <kaniini> which we do
14:37 <^7heo> kaniini: ah?
14:37 <^7heo> kaniini: any source for this info?
14:37 <kaniini> mozilla is quite aware of the firefox package in alpine, they have not complained
14:37 <skarnet> meh, I liked alpine foxling :(
14:38 <kaniini> ^7heo: the reason why debian has iceweasel is because the requirement to address concerns mozilla has with the package violates DFSG
14:38 <ncopa> i think they were more aggresive on the trademark earlier
14:39 <^7heo> mitchty: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_16 :)
14:39 <^7heo> mitchty: nice link, thanks a lot.
14:39 <^7heo> kaniini: ah ok.
14:39 <^7heo> kaniini: I'll take your word for it. I don't have the time to check that now. But thanks for correcting me. :)
14:40 <mitchty> ^7heo: no problem, generally its good to always search through that site, half the time i learn something is posix that i never knew about, stupidly old spec
14:40 <^7heo> skarnet: me too, I like snowwolf or something alike.
14:40 <kaniini> ^7heo: i would say our relationship with mozilla is one of the better relationships we have with upstreams
14:40 <^7heo> mitchty: the issue atm for me is that aside from typing/reading on IRC, I am rushing at work
14:40 <kaniini> definitely better than our current relationship with grsecurity hahahaha
14:41 <^7heo> mitchty: so I really appreciate that the people on IRC are helpful and minimize my www-interaction.
14:41 <^7heo> so thanks again.
14:41 <jirutka> if you’re afraid of spender, then maybe kaniini can just release his patches under his name, with no relation to Alpine, and we will just find it by accident and use :)
14:41 <ncopa> jirutka: that is kind of what KSPP does
14:41 <^7heo> kaniini: does anyone have a good relationship with grsecurity at this point?
14:42 <kaniini> i am sure the people who pay $500/mo/server do
14:42 <^7heo> ok.
14:42 <kaniini> money talks etc
14:42 <^7heo> I see.
14:42 <ncopa> according spender its not about money
14:42 <jirutka> oh really? so what is this about?
14:42 <ncopa> <spender> just tired of being disrespected and exploited
14:42 leitao joined
14:42 <kaniini> ncopa: it's about being shown up by a woman, really
14:42 <kaniini> the main driver of KSPP is a woman (laura abbott)
14:43 <jirutka> I would understand if it is about money, it’s his own decision and he has full right for it, but if it’s not, then what the heck is all this about…?
14:43 <kaniini> she is doing what he would not, and that is getting under his skin
14:43 <kaniini> that's the reality of it
14:43 <jirutka> heh :)
14:44 <ncopa> he is annoyed that they present the security features as their inventions
14:44 <kaniini> that is a lie
14:44 <kaniini> every single KSPP commit (and i looked) that derived code from grsecurity says so
14:44 <ncopa> without giving proper credit
14:44 <ncopa> well, thats how he feels it
14:44 <kaniini> what is proper credit in spender's opinion?
14:45 <ncopa> that i dont know
14:45 <kaniini> i mean, i don't think the kernel guys are going to give spender top billing in their README etc
14:46 <kaniini> but the KSPP website and all of their commits say it comes from previous work grsecurity & pax
14:46 <kaniini> so, i think it's really one of two things
14:46 <kaniini> (a) he is pissed that a woman is doing most of the driving on KSPP
14:47 <kaniini> (b) he is pissed that KSPP is a threat to his new revenue stream
14:47 <kaniini> and lets be honest here
14:47 <kaniini> KSPP would not exist if he had not closed the stable patches to begin with
14:47 <kaniini> so all of this is really self-inflicted
14:47 <^7heo> kaniini: I'm not saying this is wrong, but I'd really like some evidence about that, instead of going for the "witch hunting feminist integrist theory"
14:48 <ncopa> i suspect he is annoyed that his patches no longer applies when there comes new version
14:48 <^7heo> (which I'm naming that way because without a doubt, convicting without proofs just calls for MORE convicting without proofs)
14:48 <ncopa> and he gets more work to figure out how to rebase
14:48 <ncopa> its a bit confusing
14:49 <ncopa> because he is also annoyed that they claim it is grsecurity - eg exploiting the good name "grsecurity"
14:49 <kaniini> well, if he did not close the stable patches, nobody would have cared
14:49 <ncopa> while it is a watered out version of it
14:49 <kaniini> where do they claim that though?
14:49 <kaniini> the website says:
14:49 <kaniini> These kinds of protections have existed for years in PaX, grsecurity, and piles of academic papers. For various social, cultural, and technical reasons, they have not made their way into the upstream kernel, and this project seeks to change that. Our focus is on kernel self-protection, rather than kernel-supported userspace protections. The goal is to eliminate classes of bugs and eliminate methods of
14:49 <kaniini> exploitation.
14:50 <pickfire> How come I can't use wacom tablet?
14:50 <pickfire> Is it because of CONFIG_INPUT_TABLET?
14:50 <ncopa> kaniini: yeah i find it a bit confusing
14:50 <kaniini> at any rate, i would like to continue shipping PaX
14:51 <kaniini> so if they will no longer supply patches, clearly it is time to get to work
14:51 <kaniini> if it makes spender happy, we can call it
14:51 <kaniini> -not-really-grsec-no-really-its-not
14:52 <^7heo> speaking about renaming shit
14:52 <^7heo> can we say Alpine Linuk from now on?
14:52 <^7heo> 'cause Linux now is GNU/Linux.
14:52 <kaniini> wot
14:52 <^7heo> And the Linux Kernel does not exist alone per se.
14:52 <kaniini> who says that
14:53 <ncopa> me too, i'd like continue ship grsecurity or pax if possible
14:53 <^7heo> wikipedia, the linux foundation, etc.
14:53 <^7heo> And so Linu-K (linu(x) k(ernel)) would be better.
14:53 <pickfire> Yeah
14:53 <^7heo> So people understand it's not GNU/Linux.
14:53 <ncopa> and doing it while giving proper respect and credit to the people who deserves it
14:53 <ncopa> i sitll havent figured out how
14:53 <pickfire> https://guiodic.files.wordpress.com/2009/04/android_not_linux.png
14:54 <^7heo> thanks pickfire for providing with evidences supporting what I'm going for :)
14:54 <kaniini> ncopa: we can document that the -hardened patch is originally derived from grsecurity/PaX features but is explicitly not grsecurity/PaX
14:54 <kaniini> that is about all we can do, really
14:54 <ncopa> yeah
14:55 <ncopa> also, do know that we have an unofficial port of grsecurity
14:55 <ncopa> we asked that we changed the wording on out web page
14:55 <ncopa> it used to say that it was grsecurity (which it was earlier)
14:56 <pickfire> ^7heo: Do you compile custom kernel?
14:56 <^7heo> nope, no time for that.
14:57 <^7heo> but I will eventually come to that point yes.
14:57 <^7heo> (I need that for some projects)
14:57 <pickfire> ^7heo: Everything is working fine?
14:57 <^7heo> yep
14:57 <pickfire> I can't use wacom bamboo tablet here.
14:57 <^7heo> But I'm exclusively using lenovos
14:57 <^7heo> without peripherals
14:57 <^7heo> so...
14:57 <pickfire> I am using x220 here as well
14:57 <^7heo> pickfire: very possible.
15:00 <^7heo> Anyway, ncopa, kaniini, jirutka and others: as pickfire pointed out (by linking that very revealing slide: https://guiodic.files.wordpress.com/2009/04/android_not_linux.png ), we might have to think about changing the "Linux" in our distro name.
15:00 <skarnet> wtf are you talking about
15:00 <^7heo> to something that reflects that we're using the Linux KERNEL, not Linux.
15:00 <^7heo> skarnet: that Linux != the kernel anymore.
15:00 <^7heo> skarnet: Linux == GNU/Linux.
15:00 <skarnet> sorry but no.
15:01 <^7heo> Sorry but read wikipedia, gnu.org and the linux foundation website.
15:01 <^7heo> or linux.com
15:01 <^7heo> Officially, Linux == GNU/Linux, as of 2016 already.
15:01 <^7heo> you can deny that all you want, you'll be a very rare person.
15:01 <kaniini> is this a troll?
15:01 <^7heo> No, it is real.
15:02 <skarnet> because corporate has always been successful in imposing terminology, amirite
15:02 <kaniini> i cant always tell with you ;)
15:02 <^7heo> that's fine.
15:02 <^7heo> but this isn't a troll.
15:02 <^7heo> Maybe you've been under a rock for the last years about that terminology, but it has changed.
15:02 <skarnet> well I'm going to keep treating it as a troll
15:02 <^7heo> skarnet: just to hurt people?
15:02 <skarnet> even if GNU are the trolls - which they are
15:02 <^7heo> nah it's not GNU trolling here.
15:03 <^7heo> it's Linus too.
15:03 <^7heo> GNU is actually asking for the name to be GNU/Linux (with GNU first ofc)
15:03 <skarnet> so?
15:03 <^7heo> So maybe, for the sake of clarity and correctness, we should use what the rest of the world population uses.
15:03 <skarnet> Even Linus can't change the fact that there's a lot of userland to go with the kernel and not all of it is GNU.
15:03 <^7heo> to communicate.
15:04 <pickfire> ^7heo: https://www.gnu.org/gnu/gnu-linux-faq.html#linuxsyswithoutgnu
15:04 <^7heo> because we ALL KNOW, here, that we're using the Linux Kernel, and a very limited (if any) amount of GNU software.
15:04 <skarnet> I've been communicating real fine with the rest of the world so far, you being a rare exception.
15:04 <^7heo> thanks pickfire for doing the search as I'm talking here; I needed that link.
15:04 <pickfire> https://itvision.altervista.org/why.linux.is.not.ready.for.the.desktop.current.html
15:04 <^7heo> skarnet: your world is very limited too.
15:04 <^7heo> skarnet: you are surrounded by clever people, who are educated.
15:05 <skarnet> You don't get to judge the extent of my world.
15:05 <^7heo> right.
15:05 <^7heo> But let's say.
15:05 <skarnet> No, let's not say.
15:05 <^7heo> I really STRONGLY assume that you've surrounded yourself with clever people.
15:05 <^7heo> because you're clever too.
15:05 <skarnet> I read pickfire's link. It's the exact same thing as it was yesterday, as it was for 10 years.
15:05 <skarnet> Nothing has changed here.
15:05 <pickfire> ^7heo: Can you just trim those unused modules?
15:05 <^7heo> pickfire: which?
15:06 <skarnet> The only thing that has changed is somehow you became aware of it and started trying to educate people.
15:06 <^7heo> skarnet: the thing that has changed is about communication with most of the population.
15:06 <skarnet> Who don't need it.
15:06 <pickfire> I read those today.
15:06 <kaniini> at any rate, i would be more inclined to just call it Alpine OS
15:06 <^7heo> skarnet: look, if you get people to understand "The Kernel" when you say Linux, please tell me how your magic works.
15:06 <^7heo> kaniini: +1
15:06 <pickfire> Then just say Alpine
15:06 <^7heo> pickfire: no.
15:07 <^7heo> pickfire: that is a MUA.
15:07 <^7heo> skarnet: because then it would solve my problem: i.e. communicating with others is a pain currently.
15:07 <pickfire> + Linux Kernel
15:07 <kaniini> pickfire: then people go "you mean the car radio manufacturer?"
15:07 <skarnet> "Linux" has always colloquially meant "the Linux kernel plus some userland software, parts of which may be GNU and parts of which may not"
15:07 <skarnet> that's how everyone understands it.
15:07 <pickfire> kaniini: We can take their name as well.
15:07 vakartel joined
15:07 <pickfire> skarnet: No
15:08 <pickfire> What about Void Linux?
15:08 <^7heo> skarnet: it goes as: "what is your OS?" - "Alpine Linux" - "Ah so you can run <that blob built against glibc>." - "No I'm not sure I can." - "But it's built FOR LINUX!"
15:08 <^7heo> skarnet: "it's complicated."
15:08 <kaniini> in a way theo has a point
15:08 <^7heo> skarnet: "ok you actually refuse to, right?"
15:08 <pickfire> Then Alpine Musl/Linux
15:08 <^7heo> skarnet: you have NO idea how much trouble this has got me in the past.
15:08 <pickfire> We show them muscle
15:08 <^7heo> skarnet: so again, I am all okay to be nice and respectful to you; because I respect you.
15:09 <skarnet> I have a pretty good idea of your own ability to get into trouble as soon as you engage conversation, no matter the subject. :P
15:09 <pickfire> I have trouble with musl.
15:09 <^7heo> skarnet: but I won't accept something I don't agree with, just because it comes from you :)
15:09 <pickfire> Yes
15:09 <pickfire> No wonder this is what happened back then.
15:09 <kaniini> https://www.gnu.org/gnu/gnu-linux-faq.html#finishhurd
15:09 <kaniini> lol
15:09 <kaniini> why not finish GNU hurd
15:09 <^7heo> huhu
15:09 <kaniini> hahahahahaha
15:09 <pickfire> ^7heo: Is this how you get kickban back then?
15:10 <^7heo> pickfire: from suckless?
15:10 <kaniini> we would never kickban theo
15:10 <pickfire> Haha
15:10 <^7heo> pickfire: nah that was from trolling with quinq.
15:10 <kaniini> he is such a great guy
15:10 <skarnet> finish hurd so people can still call it Linux and piss RMS off even more
15:10 <^7heo> kaniini: come on stop with the harmful sarcasm.
15:10 <pickfire> Who?
15:10 <^7heo> pickfire: quinq.
15:10 <pickfire> kaniini: ^
15:10 <jirutka> sometimes I tell friends that one of the advantages of Alpine Linux is that they don’t have to call it GNU/Linux without upsetting Stallman, because there’s no any GNU software in base installation :)
15:10 <pickfire> Ah
15:10 <^7heo> pickfire: but we solfed it out.
15:10 ferseiti joined
15:10 <^7heo> solved even.
15:10 <kaniini> ^7heo: i am serious!
15:10 <^7heo> kaniini: thanks then.
15:10 <^7heo> skarnet: you misjudge me.
15:11 <pickfire> theo is easy to type on dvorak.
15:11 <^7heo> skarnet: some people actually appreciate my personality.
15:11 <pickfire> ^7heo is a mess
15:11 <^7heo> skarnet: outside of Frankreich.
15:11 <^7heo> skarnet: at least I'm honest - if not politically correct.
15:11 <skarnet> I'm one of those. I would have muted you a long time ago if I didn't appreciate your personality. :P
15:11 <kaniini> hey it worked for trump
15:11 <^7heo> pickfire: sorry about that nick, I' wish I could use 7heo
15:11 <kaniini> he just blurted out whatever he thought at the time
15:11 <kaniini> and look at him now
15:11 <^7heo> skarnet: v_v
15:12 <pickfire> 7 needs shiyt
15:12 <^7heo> kaniini: are you comparing me with Trump now?
15:12 <pickfire> shift*
15:12 <^7heo> kaniini: if you are, I'm not gonna believe that this isn't meant as a harmful comment ;)
15:12 <kaniini> no
15:12 <^7heo> good :D
15:13 <^7heo> I'm not that old.
15:13 <^7heo> or that orange.
15:13 <kaniini> apparently the orange is from using tanning bed
15:13 <jirutka> who’s pushing to aports now? there are a lot of failures on build servers
15:13 <pickfire> kaniini: I don't quite like patching on github.
15:14 <kaniini> tint2 push came from fcolista
15:14 <^7heo> pickfire: the ML can also be used.
15:14 <pickfire> Not even a single comment until now.
15:14 <^7heo> pickfire: link?
15:14 <skarnet> jirutka bringing back the serious in the channel :D
15:14 <fcolista> i asked ncopa to delete the cached tint2 tar.gz
15:14 <pickfire> ^7heo: But I heard that github is easier for maintainers.
15:14 <jirutka> pickfire: why you don’t like patching on GH?
15:14 <kaniini> pickfire: they are both good
15:15 <pickfire> Because often, github is slow
15:15 <kaniini> pickfire: coming in here and saying "yo review this <url to patch>" also works
15:15 <kaniini> do what you want to do
15:15 <^7heo> pickfire: github is definitely easier for maintainers.
15:15 <kaniini> we have many contribution channels for that reason
15:15 <kaniini> ;)
15:15 <pickfire> I had sent patches and no one review it and then I sent more patches
15:15 <jirutka> and I’m very sure that even for contributors
15:15 <pickfire> And git pull -f remove my old patches
15:15 <jirutka> once they used to it and stop complaining that they must use different command…
15:15 <^7heo> pickfire: my experience is: if github is slow, the ML is probably slower.
15:16 <pickfire> https://github.com/alpinelinux/aports/pull/1020#issuecomment-287002457
15:16 <^7heo> thanks for the link tho
15:16 <^7heo> saving us time to click many times.
15:16 <kaniini> ^7heo: i check patchwork for things usually each day
15:16 <ncopa> fcolista: i did delete it
15:16 <fcolista> still failing?
15:16 <^7heo> kaniini: yeah, that's cool; but github notifes quite fast if you're subscribed.
15:16 <pickfire> ncopa: What about you? github or mailing lists is easier?
15:16 <jirutka> pickfire: what the hell is that?! https://github.com/alpinelinux/aports/pull/1020/files#diff-e74cce27af5d72760a36be525d08364eR17
15:17 <kaniini> seems the current failure is libwebsockets
15:17 <pickfire> jirutka: Oh, I don't know how to write that part.
15:17 <ncopa> pickfire: for individual patches i prefer mailing list, for a long set of patches i prefer git pull
15:17 <fcolista> uff
15:18 <pickfire> git pull from where?
15:18 <ncopa> pickfire: anywhere. github works fine for that
15:18 <* pickfire> have libwacom patches
15:18 <pickfire> Where should I sent?
15:18 <ncopa> that way i can pull in more than one patch in one go
15:18 <jirutka> ncopa: the main problem with Patchwork is that the review process is complicated and unclear on Patchwork
15:18 <pickfire> ncopa: What about git.pickfire.tk?
15:18 <pickfire> I see tor traffic there everyday.
15:19 <pickfire> git.pickfireywcq2wf2.onion
15:19 <ncopa> pickfire: good enough for me if there is no need to review
15:19 <jirutka> ncopa: when some bad patch is accepted nowadays, it’s very often via Patchwork, not GH
15:19 <pickfire> ncopa: https://github.com/alpinelinux/aports/pull/1020/files#diff-e74cce27af5d72760a36be525d08364eR17
15:20 <pickfire> I don't know how to write that part.
15:20 <pickfire> How to pass [start|stop|reload] to tlp init [start|stop|reload]?
15:20 <ncopa> jirutka: i just pushed broken libwebsockets from GH
15:20 <kaniini> :D
15:21 <ncopa> i decided to not build test it myshelf and jus trust travis...
15:22 <ncopa> hu
15:22 <jirutka> ncopa: it’s broken on arm, not on x86_64… b/c we don’t test arm on Travis (yet)
15:22 <kaniini> qemu-user-arm duh
15:22 <jirutka> aha, x86
15:22 <kaniini> come on
15:22 <ncopa> x86 too
15:22 <jirutka> but works on x86_64
15:22 <ncopa> its probably only 32bit
15:22 <jirutka> I hate these errors
15:22 <ncopa> yeah
15:22 <jirutka> why we still must support x86?
15:22 <jirutka> I haven’t seen i686 for years
15:23 <skarnet> I ran a i486 two months ago
15:23 <ncopa> i would have pushed it broken if i'd taken it from alpine-aports too
15:23 <ncopa> i asked about it earlier and skarnet still uses x86
15:23 <kaniini> jirutka: well the smaller pointer widths saves on ram to start with
15:24 <pickfire> ncopa: How should I do git send-email?
15:24 <ncopa> pickfire: how many patches is it?
15:24 <kaniini> if you are in a small vps, alpine 32-bit is much more useful than alpine 64-bit
15:24 <pickfire> 2
15:24 <pickfire> Wacom related
15:24 <pickfire> Still not usable because of kernel
15:25 <ncopa> pickfire: you can use github if you are ok with that. otherwise git send-email to alpine-aports works too
15:25 <^7heo> pickfire: you're sure it's not due to some GNU userland? :D
15:25 <^7heo> ncopa: AFAIR the question was more about what you personally prefer.
15:25 <pickfire> I can't
15:25 <ncopa> i dont have strong opinion either way
15:25 <pickfire> https://github.com/alpinelinux/aports/pull/1020
15:25 <pickfire> On going pull
15:26 <kaniini> you have to use separate branches for each change
15:26 <kaniini> that you want
15:26 <pickfire> kaniini: But can I have multiple on going pull request on github?
15:28 <kaniini> yes, one per branch
15:29 <pickfire> Ah
15:29 <pickfire> I personally prefer ML
15:29 <^7heo> pickfire: then go for it ;)
15:29 <^7heo> pickfire: the big advantage of gh is that jirutka added testing to it.
15:30 <^7heo> pickfire: so it tends to be preferred for that reason, when it is.
15:30 <pickfire> But if I feel like something needs to be changed, I will throw it to github.
15:30 <pickfire> Ah
15:30 <pickfire> ^7heo: Is the tester (ci) our package builder?
15:30 <ncopa> actually the review process is pretty nice too with GH
15:31 <^7heo> pickfire: no it's travis.
15:31 <^7heo> pickfire: when using the ML you actually use the builder as CI
15:31 <pickfire> Why can't we use it to build?
15:31 <^7heo> but then it can lead to builders being blocked and stuff
15:31 <^7heo> and it sucks.
15:31 <pickfire> How?
15:31 <^7heo> How what?
15:31 <pickfire> when using the ML you actually use the builder as CI
15:32 <* pickfire> is going offline soon.
15:32 <^7heo> is that a threat? :D
15:32 <^7heo> pickfire: in the ML we don't have testing.
15:32 <jirutka> how can I “emulate” x86 on x86_64 machine with x86_64 kernel? maybe a silly question, but really I’ve never needed this…
15:32 <^7heo> pickfire: so if your patch is accepted, after review...
15:33 <^7heo> pickfire: it'll go to the builders.
15:33 <^7heo> pickfire: if it breaks, it'll break there.
15:33 <^7heo> pickfire: that's how.
15:33 <ncopa> :)
15:33 <_ikke_> jirutka: qemu?
15:33 <^7heo> jirutka: by compiling the code in 32 bit?
15:33 <pickfire> jirutka: But I thought our buildbot is x86_64?
15:33 <pickfire> Cross compile
15:34 <^7heo> _ikke_: isn't any x86_64 CPU actually able to run x86 code natively?
15:34 <^7heo> (hence the name)
15:34 <kaniini> in practice yes
15:34 <pickfire> Then we need not to worry about having not enough processing power.
15:34 <ncopa> it is
15:34 <^7heo> wow, if you tell me that the practice works, but not the theory...
15:34 <^7heo> I'll be blown away.
15:34 <pickfire> + we can use github as cdn
15:34 <kaniini> in theory, you could make a x86-64 cpu that booted in x86-64 mode and did not have it
15:34 <pickfire> rawgit.com
15:35 <_ikke_> github is not a cdn, they'll throttle you if they notice too much traffic to resources
15:35 <ncopa> pickfire: i grabbed 2 of your patches
15:35 <pickfire> Thanks
15:35 <ncopa> thank you
15:36 <ncopa> you might be able to copy the .initd from gentoo
15:36 <pickfire> ncopa: Can I send patches for linux-grsec to support wacom as well or you don't want it to bloat?
15:36 <pickfire> ncopa: I can't find that from gentoo.
15:36 <ncopa> if its a module then no problem
15:36 <pickfire> That's why.
15:37 <jirutka> pickfire: I’ll write the runscript later, if no one else do it, but currently I’m too busy
15:37 <pickfire> What run script?
15:38 <jirutka> init script
15:38 <pickfire> jirutka: For?
15:38 <jirutka> tlp
15:38 <pickfire> Ah
15:38 <pickfire> Thanks a lot.
15:42 leo-unglaub joined
16:07 leo-unglaub joined
16:20 leo-unglaub joined
16:29 <pickfire> > sudo
16:29 <pickfire> Failed to execute process '/usr/bin/sudo'. Reason:
16:29 <pickfire> exec: unknown error (errno was 1)
16:29 <pickfire> Oh no, how come?
16:33 <pickfire> https://transfer.sh/p9cik/2017-03-17-003311-1366x768-scrot.png
16:33 <skarnet> 1 is EPERM
16:33 <pickfire> Those with dark red have the same issue.
16:33 <pickfire> I can't execute them for no reason.
16:34 <pickfire> What do I do nom?
16:34 <duncaen> nonewprivs for any reason?
16:34 <skarnet> those are suid programs.
16:34 <pickfire> duncaen: What is nonewprivs?
16:35 <pickfire> That means I can't suid?
16:35 <skarnet> sounds like grstupidity
16:35 <duncaen> if you run something in a namespace, seccomp container or with ptrace afaik, you cant regain privilegues
16:36 <skarnet> ah, seccomp will also do that
16:36 <pickfire> Oh
16:36 <pickfire> I ran strace
16:36 <duncaen> yes strace needs higher prives than the target
16:36 <pickfire> What nowZ
16:36 <skarnet> you can't strace suid programs indeed
16:36 <duncaen> different error
16:37 <pickfire> Now I can't use any of those suid stuff
16:37 <skarnet> kill your strace
16:37 fekepp joined
16:37 <pickfire> I can't find it
16:37 <pickfire> I think I ran it with sudo
16:57 <^7heo> pickfire: thanks for contributing to packets
16:57 <^7heo> packages*
16:59 Adran joined
17:11 <pickfire> ^7heo: :)
17:11 <pickfire> Anyone got sway working here?
17:12 <pickfire> I tried running sway but looks like input isn't working.
17:12 leo-unglaub joined
17:14 <duncaen> is libinput working?
17:14 czart__ joined
18:03 MH0815 joined
18:38 <^7heo> jirutka: I'm gonna fork and open a PR to your tool
18:38 <jirutka> ^7heo: okay; what you’d like to change?
18:38 <^7heo> the requirement for root at the start
18:38 <^7heo> add a few checks (dependencies)
18:38 <^7heo> add some resilience for curl/wget with check
18:40 <^7heo> (i.e. if it has curl but not wget, use curl, if it has only wget use wget, etc.)
18:40 <^7heo> AFAIK, it does not need root if the mounting is done somewhere else.
18:40 <jirutka> why curl?
18:40 <^7heo> right?
18:40 <^7heo> beacuse some systems have curl and no wget.
18:40 <jirutka> you need root for chroot
18:40 <^7heo> ah that.
18:40 <jirutka> what systems have curl and not wget?
18:40 <^7heo> no idea.
18:40 <^7heo> I don't remember.
18:40 <^7heo> I just remember having that.
18:41 <^7heo> curl -O does the same as wget
18:41 volleyper joined
18:41 <jirutka> then I’d prefer to first find what systems actually don’t have wget
18:41 <^7heo> so it'd be worth it supporting wget AND curl imho.
18:41 <^7heo> really?!
18:41 <^7heo> I mean, REALLY?!
18:41 <^7heo> you're RATHER search for proof than you're not ignoring some stupid system rather than support an hypothetical maximum of system?
18:42 <^7heo> O.o
18:42 <^7heo> (yes I'm trying new smileys)
18:42 <^7heo> s/you're/you'd/
18:42 <^7heo> let's be clear here: I'm gonna do those changes no matter what.
18:42 <^7heo> the only question is: will you accept them upstream or not.
18:43 <^7heo> s/than/that/
18:43 <^7heo> damn I'm tired.
18:43 <^7heo> s/system\
18:43 <jirutka> yes, because it adds complexity
18:43 <^7heo> s/system\?/systems?/
18:43 <^7heo> well, YAGNI is a beautiful ideal.
18:44 <^7heo> but you know, BSD has less complexity than Linux, if you go for that.
18:44 <^7heo> and in Linux, there is a HUGE number of features/firmwares/etc. you're never gonna use, hence being YAGNI.
18:44 <^7heo> yet, they are here.
18:44 <jirutka> with the same logic what about rewriting it to some very old shell, don’t remember name, that one where you must write craps like `[ "x$foo" = x42 ]`, just for a chance that someone may have a very old system that doesn’t have normal POSIX compatible shell…?
18:44 <^7heo> because it is what allows the system to work on the maximum of architectures.
18:45 <^7heo> actually
18:45 <^7heo> we SHOULD be writing `[ "x$foo" = "x42" ]` if we wanted to do it right.
18:45 <jirutka> no, definitely not
18:45 <jirutka> it’s non-sense
18:45 <^7heo> well, it's non-sense, no question about that.
18:45 <^7heo> but it's unfortunately necessary non-sense.
18:46 <^7heo> like a lot of IT non-sense.
18:46 <jirutka> I don’t wanna support ancient systems that maybe 1 person on Earth may use
18:46 <jirutka> no, it’s not necessary at all
18:46 <^7heo> Your point of view.
18:46 <^7heo> The problem with bloat doesn't come from supporting a maximum of systems.
18:46 <jirutka> this script can work only on Linux
18:46 <jirutka> what Linux system does not have any normal POSIX compatible shell, hm?
18:46 <^7heo> It comes from intellectual masturbation and the unnecessary level of astraction(s) that comes with it.
18:47 <jirutka> no ash, dash, bash, zsh, …
18:47 <duncaen> doesnt quoting alrady make the x stuff useless?
18:47 <^7heo> jirutka: does POSIX actually defines that the shell has to consider "" different than nothing?
18:47 <jirutka> of course it does
18:47 <jirutka> thix "x" is totall non-sense that was maybe required 50 years ago…
18:47 <^7heo> duncaen: no the whole problem is that this shell (POSIX AFAIK) consider an empty quoted string equivalent to nothing
18:48 <jirutka> too much of backward compatibility is road to hell
18:48 <^7heo> duncaen: and therefore crashes on [ "somestring" = ]
18:48 <jirutka> [ "$foo" = "" ]
18:48 <duncaen> oh its related to /bin/[, and argv
18:48 <TemptorSent> jirutka: The reason for the [ x"$foo" =x"val" ] is that some broken implementations of test look through the quotes and see the option '-d' in foo="-d -r $file"
18:48 <^7heo> duncaen: yes afaik
18:48 <jirutka> however, this should be corectly written [ -n "$foo" ]
18:48 <^7heo> jirutka: true dat.
18:49 <jirutka> TemptorSent: do you remember what broken test, on what systems?
18:49 <^7heo> jirutka: problem is, instead of doing `-n "$foo" -a "$foo" = "..."`
18:49 <^7heo> people just write the latter part.
18:49 <TemptorSent> In theory, any recent, sane shell will in fact see the quotes as introducing a value.
18:49 <duncaen> i think its just for shells without builtin [, there you cant know if its quoted or not
18:49 <xentec> speaking of compatibility: there are ncursis-terminfo-base and ncurses-terminfo. while -base is sufficient today, many pkgs still depend und full terminfo . is that on purpose
18:49 <TemptorSent> jirutka: I've been on a couple where it was an issue, but it was years ago.
18:50 <xentec> s/purpose/purpose?/
18:50 <^7heo> TemptorSent: are you 100% certain this is only about the possibility of the presence of flags and not also empty strings?
18:50 <^7heo> anyway, jirutka, wget is gnu, curl isn't.
18:50 <duncaen> nonempty variable would result in null which would result in no argv
18:50 <jirutka> ^7heo: sry, I don’t have time now to discuss it; and as you said, you can send whatever PRs you want, it’s up to me to accept it or not; and I’ll definitely NOT accept any change of type “maybe this may not work on some system that I’ve never heard of”
18:51 <TemptorSent> ^7heo: The empty strings were a gotcha in broken shells sometimes, but a quoted empty string worked in all intances I recall.
18:51 <^7heo> jirutka: fine.
18:51 <^7heo> jirutka: I'll still fork it.
18:51 <TemptorSent> At least posix-like ones -- weird embedded stuff and VMS aside.
18:51 <^7heo> jirutka: I need to be sure it works on modern systems and not only on GNU systems.
18:51 <jirutka> ^7heo: if you tell me what real system doesn’t have wget but have curl by default, then I’m willing to accept it; otherwise it’s irrational change
18:52 <jirutka> Alpine is not GNU and we have wget by default, provided by busybox
18:52 <jirutka> wget is simpler tool than curl
18:52 <duncaen> void has no curl or wget by default :P
18:52 <^7heo> jirutka: I'm too tired and stressed to search for it now
18:52 <^7heo> jirutka: but I'll try to find it for the PR
18:52 <^7heo> duncaen: yeah that might be one.
18:52 <^7heo> duncaen: but I know I used a system that had no wget
18:52 <^7heo> duncaen: only curl.
18:53 <jirutka> duncaen: well, what can be used on Void instead of wget or curl?
18:53 <^7heo> nc :D
18:53 <TemptorSent> ^7heo: What are you targeting as host systems?
18:53 <duncaen> we have libfetch in xbps, there is a xbps-uhelper fetch command
18:53 <jirutka> ^7heo: see! you must implement your own wget alternative in da script, b/c there’s at least one system that doesn’t have wget and curl by default!
18:54 <jirutka> TemptorSent: any up-to-date linux system, but primarily debian-based b/c that’s what usually runs on public CIs
18:56 <TemptorSent> ^7heo : What I've been doing with the featurs in mkimage is setting up functional fetures where it makes sense, such as ssh or ntp, then allowing the profile to use whichever flavor they like and the feature will configure it appropriately.
18:56 <^7heo> jirutka: I will then.
18:56 <^7heo> jirutka: I'm fine with implementing them in separate files
18:56 <^7heo> jirutka: and sourcing what I need.
18:57 <jirutka> ^7heo: no, this was a fucking joke!
18:57 <^7heo> this kind of modular implementation is actually easy to extend
18:57 <^7heo> if someone needs to use scp or something else.
18:57 <^7heo> or git
18:57 <^7heo> or I dunno
18:57 <^7heo> (you never know what ports are open)
18:57 <jirutka> ^7heo: alpine-chroot-install should be single shell script without any includes and bullshits
18:57 <^7heo> yeah
18:58 <^7heo> I kinda like that too.
18:58 <^7heo> but a choice has to be made, a line has to be drawn.
18:58 <jirutka> ^7heo: this is how I usually use it https://github.com/bigclownlabs/bc-bridge/blob/master/script/ci-install#L29
18:58 <^7heo> I'm not sure I want to draw the line at "no curl support"
18:58 <^7heo> and also
18:59 <^7heo> it sucks that it needs root for the actual chrooting (even if it's logical)
18:59 <^7heo> but yeah
18:59 <jirutka> KISS
18:59 <^7heo> I'd rather use root only for the necessary operations
18:59 <^7heo> than for all the things.
18:59 <TemptorSent> ^7heo: If you need more general purpose modular, take a look at base code of the mkimage fork at https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage.
18:59 <^7heo> thanks TemptorSent
18:59 <^7heo> checking it now.
18:59 <jirutka> too much modularity is also road to the hell
19:00 <^7heo> modularity is abstraction.
19:00 <TemptorSent> ^7heo: It's flexible enough that you can use the plugin loader for whatever you want and throw away the rest actually.
19:00 <^7heo> it has obviously to be done with moderation in mind, eys.
19:00 <^7heo> s/ey/ye
19:01 <^7heo> this whole discussion gives ncopa's proposition a lot more seriousness.
19:01 <^7heo> ie. <@ncopa> ^7heo: docker run --rm -it alpine ... :-p
19:02 <TemptorSent> I have it down to basically a plugin loader, a bit of code to handle the options, and a section of the builder that handles the actual image generation.
19:03 <^7heo> damn, why can't things be simple, AND complete, AND without tons of abstraction?
19:03 <TemptorSent> ^7heo: Choose two and maybe :)
19:03 <^7heo> yeah
19:03 <^7heo> chose any two.
19:04 <^7heo> like: cheap, fast, reliable
19:04 <TemptorSent> Although simple, complete, with tons of abstraction seems self-inconsistent.
19:04 <^7heo> well, that's basically IT in a nutshell
19:04 <jirutka> ^7heo: if you want to support even ancient broken systems, then you can’t achieve simplicity
19:05 <TemptorSent> jirutka: Just ask autotools!
19:05 <jirutka> you mean autohells?
19:05 <^7heo> curl == ancien && broken?
19:05 <^7heo> by that standard let's assume busybox also is.
19:06 <jirutka> no
19:06 <TemptorSent> ^7heo: No, my Atari from the late '80s runing a unix environment is broken :)
19:06 <jirutka> I mean that x"" bullshit
19:06 <^7heo> aaah that
19:06 <^7heo> yeah ok.
19:06 <^7heo> TemptorSent: sorry to read that. You could run a recent NetBSD and have a good system.
19:07 <TemptorSent> jirutka: Actually, I've seen broken '[' implementations crop up more recently that DID see through qoutes, so it's not a dead issue.
19:07 <^7heo> also that.
19:07 <^7heo> long story short
19:08 <jirutka> TemptorSent: where did you see it?
19:08 <^7heo> I won't curl http://github.com/jirutka/alpine-chroot.sh | sudo sh
19:08 <jirutka> TemptorSent: some HP-UX?
19:08 <^7heo> and it is very bad to ask people to do that.
19:08 <TemptorSent> ^7heo: I do a bunch of work on embedded systems (no, not rpis, REAL embedded systems with a couple hundred K or so.... you wouldn't believe the hacks you see there.!
19:08 <jirutka> definitely, this would give you HTML page…
19:09 <^7heo> jirutka: aha. You got what I meant.
19:09 <jirutka> and I’m not advising that
19:09 <^7heo> TemptorSent: I would believe it. I graduated embedded development @uni
19:09 <TemptorSent> jirutka: *lol* HP-UX used to be a nightmare for compatability, picking at random which flags to support for standard tools and sometimes adding their own that completely contradicted standard practice...
19:09 <^7heo> jirutka: well, you are.
19:09 <jirutka> and not using that, I’ve sent you example of my usage and it includes verification of checksum
19:09 <^7heo> jirutka: wget <script>
19:10 <^7heo> jirutka: and then first thing the script does is `[ $(id -0) -eq 0 ] && exit 1`
19:10 <^7heo> s/&&/||/
19:10 <jirutka> yes, because it doesn’t fucking work without root, because of chroot
19:10 <jirutka> omfg
19:10 <^7heo> yeah
19:10 <^7heo> I know.
19:10 <jirutka> stop bitching please
19:10 <^7heo> I know it's for that reason, I'm not stupid.
19:10 <jirutka> I’m not in a good mood for that
19:11 Emperor_Earth joined
19:11 Emperor_Earth_ joined
19:11 <^7heo> Is that a good reason for asking people to curl <yourstuff> | sudo sh?
19:11 <^7heo> still?
19:11 <jirutka> no
19:11 <jirutka> and I‘m not doing that!
19:11 <^7heo> if anyone else would do that, you'd bitch like crazy
19:11 <jirutka> so why the hell do you still talking about it?
19:11 <jirutka> s/do/are/
19:11 <^7heo> ok right, you do: "wget <yourstuff> && sudo ./<yourstuff>"
19:12 <jirutka> are you fucking blind?
19:12 <^7heo> the only difference is that the file resides on disk instead of in ram
19:12 <jirutka> https://github.com/bigclownlabs/bc-bridge/blob/master/script/ci-install#L29
19:12 <jirutka> do you see checksum here?!
19:12 <^7heo> sure.
19:12 <jirutka> this is wgets https://github.com/bigclownlabs/bc-bridge/blob/master/script/utils.sh#L26-L36
19:12 <^7heo> that checksum is great.
19:12 <TemptorSent> BTW - In other news, is anyone else experienceing the strange behavior with bind mounts that I mentioned earlier?
19:12 <^7heo> you're still asking people to blindly trust you.
19:12 <jirutka> so it downloads the file, checks checksum, only if it’s correct, I run the script
19:13 <jirutka> no, I’m not asking anyone to blindly trust me; the script is quite short, so anyone can and should read it before using
19:14 <TemptorSent> Specifically them showing up as mounts of the source device to the target directory, such as /dev/sda2 on /tmp for the bind mount /mnt/tmp -> /tmp with /mnt on /dev/sda2
19:15 <^7heo> jirutka: yeah, look
19:16 <^7heo> jirutka: the fact that YOU trust yourself is beyond question.
19:16 <jirutka> ^7heo: btw have you read complete source code of e.g. linux kernel or do you just blindly trust authors that there’s nothing bad inside of it?
19:16 <^7heo> jirutka: it'd be very sad if not.
19:16 <^7heo> jirutka: I try to read as much as I can.
19:16 <jirutka> well, actually, I don’t trust myself… XD
19:16 <^7heo> jirutka: that's why I prefer BSD to Linux, much less to read.
19:17 <TemptorSent> ^7heo: I have a complete print out of an early version of the kernel -- it's less than half an inch thick!
19:19 <^7heo> TemptorSent: the BSD or the Linux kernel?
19:19 <TemptorSent> ^7heo: Linux
19:19 <^7heo> because in the latter case, it must be printed in 2pt :P
19:19 <TemptorSent> ^7heo: Linux started of TINY - think minix size!
19:20 <TemptorSent> ^7heo: It wasn't until around 2.0 that things balloned out of control.
19:20 <^7heo> TemptorSent: yeah but around 2005 it exploded
19:20 <^7heo> yeah exactly
19:23 <TemptorSent> ^7heo: I used to know every nook, crany, and spinlock in the kernel back in the early days of SMP on linux -- I had one of the first production dual processor PPRO based liunx servers, so Linus and Ted Tso heard about showstopers rather quickly :)
19:23 <^7heo> nice feat
19:23 <^7heo> where are you located btw?
19:24 <TemptorSent> ^7heo: Northern California, US.
19:24 <^7heo> oh nice
19:24 <TemptorSent> ^7heo: Currently in the beginnings of allergy season, otherwise sometimes known as spring.
19:24 <^7heo> where rent costs the third of a car
19:25 <^7heo> yeah
19:25 <TemptorSent> ^7heo: Yeah, I'm up in the mountains and out in the sticks, not in the bay area -- couldn't afford it if I wanted to, and I certainly don't want to!
19:26 <^7heo> if I'd move there, I'd also go to the mountains
19:26 <^7heo> but, you know, trump.
19:26 <TemptorSent> ^7heo: Yeah, I'm hopeful actually... This state is a bloody disaster, and it's not waiting much longer to happen.
19:26 <^7heo> yeep
19:27 <^7heo> I check jimmy fallon, john oliver, stephen colbert, and cie every week
19:28 <TemptorSent> ^7heo: We have politicians that have been taking the federal funding to repair dams and major infrastructure and diverting it to their pet projects, who happen to be contracted to their chronies (and husbands1)
19:28 <^7heo> that's not the US only
19:28 <^7heo> that's every country
19:29 <TemptorSent> ^7heo: Then shutting down all viable resource industries over entirely falacious 'environmental concenrns', leaving our forests to burn, because 'logging is too destructive'
19:30 <TemptorSent> Sorry, /rant off -- I'm just sick of watching everything burn around me while being told I can't even work my mining claims without years of environmental review.
19:31 <^7heo> nah but we get it
19:31 <TemptorSent> ^7heo: These things get to you when you've been evacuated or on watch > 6 times in 15 years.
19:33 <TemptorSent> ^7heo: If you want to discus politics, drop me a /msg and we can take it up elsewhere.
19:37 <^7heo> TemptorSent: https://pbs.twimg.com/media/C6I_SlgXQAAkOOi.jpg:large
19:37 <^7heo> TemptorSent: but sure, I'll do.
19:37 <^7heo> (sorry for the delay, I was searching for that image)
19:40 <^7heo> comes from https://twitter.com/SPIEGEL_Medien/status/838302164216918016
19:41 <TemptorSent> *LOL*
19:42 <^7heo> Right?
19:43 <TemptorSent> BTW, those twimg urls are a PITA to retype correctly, they could at least not use both 1s and Is and Os and 0s in the same url!
19:43 <TemptorSent> oh, and the lower case l got me too.
19:43 <^7heo> yeah sorry, I can make it shorter if you want, but later.
19:43 <^7heo> anyway
19:43 <^7heo> gotta go :)
19:44 <TemptorSent> Anyway - have a good day? evening? night? whatever it is :)
19:51 blueness joined
19:58 volleyper joined
19:58 alacerda joined
20:00 volleyper joined
20:10 fabled joined
21:26 Tsutsukakushi left
21:44 thohal joined
21:48 <NIN101> can a dev look at https://bugs.alpinelinux.org/issues/6578#note-8 ? it would be unfortunate if a closed bug isn't actually solved because the package hasn't been rebuilt.
21:51 thohal left
21:55 thohal joined
22:16 LouisA joined
22:32 <jirutka> ^7heo: so where’s your PR? ;)
22:56 LouisA joined
23:02 cyteen joined
23:06 mikeee_ joined
23:21 laj joined
23:28 laj_ joined
23:34 alacerda_ joined
23:54 alacerda__ joined
23:56 alacerda_ joined
23:57 alacerda__ joined
23:58 alacerda_ joined