<    April 2017    >
Su Mo Tu We Th Fr Sa  
 2  3  4  5  6  7  8  
 9 10 11 12 13 14 15  
16 17 18 19 20 21 22  
23 24 25 26 27 _2_8 29  
00:00 <consus> Funny
00:02 <consus> OpeBSD has /var/mail as root:wheel 0755
00:02 <consus> So I guess opensmtpd first touches the file as root and then deliver as user
00:12 blueness joined
00:44 blueness joined
00:56 BitL0G1c joined
01:07 s33se_ joined
01:13 minimalism joined
01:31 helloj joined
01:38 blueness joined
01:39 LouisA joined
01:58 blueness joined
02:12 BitL0G1c joined
02:32 czart_ joined
03:54 Emperor_Earth joined
03:54 Emperor_Earth_ joined
04:07 tmh1999 joined
04:11 lucybun joined
04:59 fabled joined
06:03 kaniini joined
06:26 <kaniini> jirutka: so
06:26 <kaniini> jirutka: how do you feel about the test suite policy change causing us to bag a libressl CVE
06:27 <kaniini> lol
06:28 helloj left
06:30 <scadu> kaniini: https://media1.giphy.com/media/l2SpKjO20hPyhr1fy/giphy.gif
06:30 <kaniini> what.
06:34 <xentec> kaniini, did you forget about https://github.com/alpinelinux/abuild/pull/16 ? ;)
06:35 <kaniini> xentec: handled
06:35 <scadu> kaniini: you asked how jirutka feels about this, so here is a react gif :<
06:36 <xentec> thanks
06:40 <kaniini> can't wait
06:41 <kaniini> for my new build machine to arrive
06:41 <kaniini> quad E7 4850v4
06:41 <kaniini> 128 threads
06:41 <kaniini> gonna build all of alpine in like an hour
06:41 <fabled> kaniini, did you write the apkbuild at http://patchwork.alpinelinux.org/patch/3327/ ?
06:42 <kaniini> fabled: nope
06:42 <kaniini> if i did, i would just commit it, wouldn't i? :p
06:42 <fabled> it says you did ;)
06:42 <fabled> the other one is similar in the same series
06:42 <fabled> trying to go through some of the patchworks/githubPR backlog now
06:43 <fabled> should probably look at go1.8
06:43 <kaniini> i took care of linux-hardened rename
06:43 <fabled> it's in both places
06:43 <fabled> kaniini, i saw. thanks. hope it does not cause any other issues
06:44 <TemptorSent> kaniini - any progress on kernel packaging changes?
06:44 <kaniini> TemptorSent: that isnt happening until 3.7
06:44 <TemptorSent> kaniini: Damn, okay - I think I found a work around, but it means the kernel isn't actually managed by apk.
06:44 <kaniini> (also apparently matrix's irc relay is messed up, so back to using an oldschool irc client for now :/)
06:45 <TemptorSent> (and it's still ugly and fragile in places)
06:45 <kaniini> fabled: pickfire is the person who submitted those patches you linked
06:46 <fabled> pickfire, care to fix the Contributor/Maintainer fields of the patches?
06:46 <TemptorSent> I'm seeing multiple requests daily for working zfs initfs and means of building in modules.
06:46 <pickfire> fabled: Where?
06:46 <pickfire> Which one?
06:46 <fabled> pickfire, http://patchwork.alpinelinux.org/patch/3327/
06:47 <pickfire> Ahhhhh
06:47 <pickfire> Sorry, I copied straight from his name.
06:47 <fabled> and 3328
06:47 <fabled> i close them as changes requested
06:47 <pickfire> Can't fix right now, not in alpine.
06:48 <fabled> no prob
06:48 <fabled> resend when you get a moment
06:52 <pickfire> Okay, probably when I restart from arch.
06:54 <xentec> kaniini, if your still here I'd like you to look at another simple PR of mine https://github.com/alpinelinux/abuild/pull/17
06:54 <xentec> *you're
06:54 <kaniini> i prefer ncopa look at that one
06:59 <scadu> kaniini: huh, you keep this E7 at home?
06:59 <* scadu> jelly
06:59 <kaniini> scadu: yes
06:59 <kaniini> scadu: will be the plan once i set it up
07:00 <kaniini> scadu: i have a rack in a closet
07:01 <kaniini> scadu: with dedicated 20A 240V circuit
07:03 <kaniini> scadu: my goal is to have at least one of every arch alpine supports, an older image of the setup when i was racking an edgerouter pro (planned mips64 porting box); https://mastodon-dereferenced-org.s3-us-east-2.amazonaws.com/media_attachments/files/000/000/003/original/26a2dcdb07cc8ba6?1492243620
07:03 <kaniini> scadu: the E7 will be 4U though, so it is going to be annoying to haul upstairs :/
07:04 <TemptorSent> Nice, you'll be able to make coffee on top of that sucker :)
07:04 <kaniini> that closet is like sauna already tbh
07:05 <kaniini> humm
07:05 <kaniini> Soekris (the company which makes the NET4801 and other machines like that) is shutting down
07:05 <kaniini> that sucks
07:06 <TemptorSent> Sounds like your closet needs a dedicated 2t ac unit!
07:07 <kaniini> the powers that be (HOA) will not allow such things unfortunately
07:09 <kaniini> you are not even allowed to have a window unit
07:09 <kaniini> 100%
07:09 <TemptorSent> kaniini WTF? What kind of concentration camp are you living in?
07:10 <kaniini> TemptorSent: it is kind of stupid
07:10 <kaniini> TemptorSent: because
07:10 <TemptorSent> Claim it as a medical necessity since you'll end up dying of heat stroke otherwise!
07:10 <kaniini> next door to me, some young couple moved in
07:11 <kaniini> and their kids kicked out some chunk of cast iron metalwork
07:11 <kaniini> off their balcony
07:11 <kaniini> and i guess nothing happened over it
07:11 <kaniini> but
07:11 <kaniini> to be honest with you
07:11 <TemptorSent> Ah, selective enforcement, how quaint.
07:12 <kaniini> we have a 3x industrial chillers for all of the units
07:12 <kaniini> or is it 4
07:12 <kaniini> i forget
07:12 <awilfox> two, one at each parking lot.
07:12 <kaniini> we have plenty of plant, i just do not wish to keep the door open
07:12 <kaniini> because it is loud
07:12 <kaniini> and it's not so hot in there that it's bad for the servers
07:13 <kaniini> like literally to enter that closet
07:13 <kaniini> you really should wear earplugs
07:13 <kaniini> and they did install a power circuit for me, very useful that
07:13 <kaniini> i am sure they regret this now
07:13 <TemptorSent> Ouch, yeah - that's bad. Time to think about liquid cooling if you're going to add any more!
07:13 <kaniini> LOL
07:13 <kaniini> (actually i think they are probably paying flat rate for the power)
07:14 <kaniini> TemptorSent: honestly, the largest problem i have is millenials feeling that my parking spaces are their parking spaces
07:15 <kaniini> TemptorSent: even though i pay money to lease them
07:15 <TemptorSent> First world problems :)
07:15 t0mmy joined
07:16 <kaniini> it is actually a problem, because very frequently when my parking spaces are hijacked it is usually about to hail
07:16 <kaniini> this happens to awilfox too
07:17 <awilfox> kaniini: it sure doesn't happen to me any more
07:17 <awilfox> kaniini: since the office gave me tow-away stickers
07:17 <TemptorSent> Wow, tough neighborhood :)
07:17 <kaniini> awilfox: i can get tow-away stickers????????
07:17 <awilfox> kaniini: yep
07:17 <kaniini> god
07:17 <kaniini> i've just been using a traffic cone
07:17 <kaniini> to block the space that is not immediately in use
07:18 <rnalrd> hi kaniini
07:18 <rnalrd> re grsec->hardened rename
07:18 <kaniini> oh no
07:19 <rnalrd> i've upgraded my edge box and ended up without kernel (it's expected)
07:19 <kaniini> rnalrd: hmm... apk upgrade --available should be pulling it in
07:19 <rnalrd> i installed the hardeden flavor than
07:19 <rnalrd> then*
07:19 <kaniini> rnalrd: how did you upgrade
07:19 <rnalrd> my point is 3.5->3.6 hard disk installatinos
07:19 <rnalrd> apk upgrade -Ua
07:19 <kaniini> hmm
07:19 <kaniini> was linux-grsec in /etc/apk/world ?
07:19 <rnalrd> yes
07:20 <kaniini> this smells like a bug
07:20 <rnalrd> shouldn't we add "provides=linux-grsec"
07:20 <kaniini> because linux-hardened provides linux-grsec=4.9.24-r1
07:20 <rnalrd> and do the same for all *-grsec packages
07:20 <kaniini> so it should be favored for upgrade
07:20 <kaniini> yes
07:20 <kaniini> i did that
07:20 <kaniini> the provides entries are there
07:20 <rnalrd> sorry i did not check
07:21 <kaniini> so i'm confused
07:21 <rnalrd> i thought they were not there since my kernel got purged
07:21 vakartel joined
07:21 <kaniini> fabled: i think there is a bug with provides on upgrade
07:21 <rnalrd> i'm on edge hdd install
07:21 <kaniini> an alternate solution would be to do what we did with pkg-config
07:21 <kaniini> which is provide an explicit virtual
07:22 <rnalrd> now in my world I have:
07:22 <rnalrd> linux-grsec
07:22 <rnalrd> linux-hardened
07:22 <rnalrd> --
07:22 <rnalrd> weird
07:22 <kaniini> apk policy linux-grsec ?
07:23 <rnalrd> no output
07:23 <kaniini> $ sudo apk add linux-grsec
07:23 <kaniini> (1/1) Installing linux-hardened (4.9.24-r1)
07:23 <kaniini> what happens when you do that?
07:24 <rnalrd> "OK"
07:24 <fcolista> umh
07:24 <kaniini> hmmmm
07:24 <fcolista> it works with apk upgrade for two times
07:24 <fcolista> first apk upgrade removes linux-grsec
07:24 <TemptorSent> kaniini: Hmm, I wonder how hard it would be to tap a duct and extend it directly into your server closet?
07:24 <fcolista> second apk upgrade installs linux-hardened
07:24 <kaniini> TemptorSent: pretty hard, they are overhead
07:25 <rnalrd> fcolista, I had to explicitly add linux-hardened here
07:25 <fcolista> not here rnalrd
07:25 <rnalrd> let me pastebin the commands
07:25 <kaniini> this smells like an apk bug
07:25 <kaniini> i think provides are not properly considered when calculating the upgrade transaction
07:25 <TemptorSent> kaniini: Hmm, depends on how tight the space is, but that might be a good option!
07:26 <fcolista> rnalrd, kaniini :
07:26 <fcolista> https://dpaste.de/2mrS
07:26 <rnalrd> i didn't run apk upgrade twice actually
07:26 <TemptorSent> kaniini: Yeah, I noticed that on upgrade on a couple occasions, libressl was one that broke until I did upgrade a second time IIRC, and my kernel is always broken :)
07:27 <awilfox> while you are technically not "allowed" to have a window unit, what I just did was get a portable
07:27 <awilfox> and paint the duct the same as the exterior fascia
07:27 <kaniini> awilfox: lol
07:27 <TemptorSent> Also, fwiw, I think I have a temporary solution that's workable for getting an atomic set of kernel artifacts now.
07:28 <awilfox> and nobody's noticed
07:28 <kaniini> awilfox: that is one way to do it
07:28 <kaniini> awilfox: lol
07:29 <TemptorSent> The biggest change needed to packaging is to include the actual kernel relase string in the package name so it can be used BEFORE downloading and extracting.
07:29 <rnalrd> dpaste.com/0D35NZ2
07:30 <TemptorSent> awilfox: Nicely done. If they're really bad about it, mirror the face of it so it looks like a window from afar :)
07:32 <awilfox> TemptorSent: lol
07:35 <TemptorSent> kaniini, awilfox: I certainly couldn't live like that. If I can't shoot off my back deck, I'm too close to the neighbors!
07:35 <kaniini> rnalrd: i think the solver computes half the solution (purge linux-grsec itself), and then the other half on the second apk upgrade run
07:36 minimalism joined
07:36 <TemptorSent> kaniini: Should the solver rerun itself whenever there is a purge to recalculate new dep tree?
07:36 <TemptorSent> You're dropping nodes without recalculating those edges.
07:37 <TemptorSent> In fact, in complex cases, you may have to re-run until you get a steady-state solution...
07:38 <TemptorSent> Snipping out the middle of a tree and restoring connectivity is a hard problem.
07:38 <TemptorSent> (in the computational sense)
07:41 <kaniini> rnalrd: https://bugs.alpinelinux.org/issues/7250
07:41 <TemptorSent> Another option may be runing the revdep solution first, then trimming entire branches and rebuilding them.
07:42 <kaniini> in this case, we just need to split into 2 transactions
07:42 <TemptorSent> I don't know the DB structure well enough to nail it down
07:42 <TemptorSent> Once cycle to solve all removals, then a second to rebuild from each of the pruned nodes?
07:43 <kaniini> yes
07:43 <kaniini> but it probably should be
07:43 <kaniini> while(!inconsistent) upgrade();
07:43 <kaniini> er, while(!consistent)
07:43 <TemptorSent> Yeah, that's pretty much the simplest solution
07:44 <TemptorSent> And the tree is never so big that it's really painful compared to more targeted solutions.
07:45 <TemptorSent> So that's proably the best overall solution in a genericish sense :)
07:45 <TemptorSent> It will solve other classes of similar bugs as well as a bounus.
07:45 <TemptorSent> You probably want to put a stuck-loop counter in there to ensure it's not stuck in a cycle.
07:46 <TemptorSent> while(!consistent && watchdog)
07:47 <kaniini> package management is hard, lets upgrade to OSTree
07:47 <TemptorSent> With watchdog starting at something sane, like a dozen or so.
07:48 <TemptorSent> better yet, 'while(!consistent && watchdog--)'
07:48 <TemptorSent> It would be interesting to run some statistics to see how many cycles it takes with various numbers of deps installed.
07:50 <ScrumpyJack> just upgrading now
07:50 <ScrumpyJack> first line: (1/475) Purging linux-grsec (4.9.17-r0)
07:50 <rnalrd> kaniini, sounds ok to me, we just need to make sure to tell that to users when wrinting release notes for AL3.6
07:51 <ScrumpyJack> rnalrd: users don't read release notes :)
07:51 <rnalrd> yeah, like when you take medicines
07:51 <TemptorSent> Users don't read 'READ_ME_FIRST_BEFORE_YOU_BRICK_YOUR_COMPUTER'
07:51 <ScrumpyJack> you trust your doctor :)
07:51 <rnalrd> but you have been warned :P
07:51 <ScrumpyJack> ooh, that reminds me of a bash.org quote
07:53 <kaniini> rnalrd: i think we just fix apk instead
07:53 <kaniini> rnalrd: it should be easy to make it handle the swap
07:53 <TemptorSent> Seriously, if you gave a user a can of cyanide and a bottle of HCL and printed every symbol for death on them both, they'd probably still mix them, just to see what happens.
07:54 <ScrumpyJack> http://www.bash.org/?4753
07:54 <kaniini> rnalrd: i mean it *should* be documented because people *should* apk add linux-hardened && apk del linux-grsec just to clean up their /etc/apk/world
07:54 <kaniini> rnalrd: but we need fix the bug anyway
07:54 <rnalrd> for the average user (aka docker user) it'd be great
07:54 <kaniini> giving docker users a can of cyanide would be great ? :p
07:55 <kaniini> THATS NOT VERY NICE
07:55 <TemptorSent> ScrumpyJack: Exactly. Stop protecting stupid people from themselves, it only makes them dumber and allows them to multiply.
07:55 <ScrumpyJack> heh
07:55 <TemptorSent> *LOL* kaniini!
07:55 <* kaniini> zzz
07:56 <kaniini> if apk not fixed soon, will make linux-grsec transitional package instead of provides entry
07:56 <TemptorSent> You can give me all the KCN you want, just make sure it's buffered at pH 10 or better!
07:57 <TemptorSent> kaniini: Basically a replaces entry?
07:58 <rnalrd> k, not saying that all docker users are average, but an apt user would not expect to run "apk ugprade" twice or expect to explicitly reinstall the kernel after a AL release upgrade :)
07:58 <ScrumpyJack> wouldn't it be enough to change /boot/extlinux.conf to boot linux-hardened?
07:59 <rnalrd> so an apk feature enhancement/bugfix is welcome
07:59 <scadu> kaniini: woohoo, nice stuff. can I visit you xD
08:02 royger joined
08:02 <kaniini> rnalrd: indeed, it is definitely a bug
08:02 <kaniini> rnalrd: i'm going to dig on it tomorrow, worst case we use a transitional package, but i rather just fix apk if we can
08:03 <fcolista> kaniini, :
08:03 <fcolista> apk add linux-hardened
08:03 <fcolista> OK: 4389 MiB in 1408 packages
08:03 <fcolista> 10:03 (root@2ua4020qdl) ~# apk del linux-grsec
08:03 <fcolista> World updated, but the following packages are not removed due to:
08:03 <fcolista> linux-grsec: linux-hardened xtables-addons-hardened
08:04 <fcolista> this after upgrading
08:04 <fcolista> following what you mention in the ml
08:04 <fcolista> silly question: can those step be temporary set on post-install script?
08:04 <fcolista> *can't
08:05 <kaniini> calling apk from inside apk is not allowed
08:06 <fcolista> ok
08:06 <ScrumpyJack> ah i see
08:06 <fcolista> so a post-install message
08:06 <kaniini> yes a post-install message might be good to add
08:06 <kaniini> but really we should fix apk itself
08:06 <kaniini> like previously mentioned :p
08:06 <kaniini> the apk add/del stuff is just to do housekeeping
08:07 <kaniini> so that you do not wind up without a kernel whenever we decide to drop linux-grsec provides entry
08:07 <TemptorSent> Well one thing works for sure in my new kerneltool -- if you're missing any deps for a mod, it lets you know in no uncertain terms!
08:07 <fcolista> +1, but due to the sensitivity and the fact that not all alpine's ppl is subscriberd to alpine ml, they will end-up in a unbootable device
08:07 <fcolista> without knowing why
08:08 <kaniini> yes
08:08 <kaniini> which means most likely
08:08 <kaniini> we wont be dropping linux-grsec provides for a long time
08:08 <kaniini> the apk upgrade issue is a bug, we need to fix that before 3.6 release
08:08 <fcolista> right...and this undermine the confidence to alpine
08:08 <kaniini> as previously mentioned, worst case we just anchor it to a real linux-grsec package
08:09 <fcolista> ok
08:11 <TemptorSent> Considering the number of breakages due to upgrades gone wrong, I'd say this is an area of critical concenrn.
08:13 <kaniini> TemptorSent: yes, which means we want to fix the actual problem instead of use duct tape
08:13 <kaniini> however
08:13 <kaniini> i did just push a linux-grsec transitional package for now
08:13 <TemptorSent> Agreed, but stop the bleeding ASAP :)
08:14 <TemptorSent> People seeing failures on -linux...
08:14 <kaniini> that isnt necessarily related
08:15 <kaniini> but
08:15 <kaniini> linux-grsec fake package is in
08:15 <kaniini> apk bug report is made
08:16 <TemptorSent> kaniini Um, that's breaking things for ME now.
08:17 <kaniini> breaking how
08:17 <TemptorSent> kaniini: My build system just broke because of that last change.
08:17 <TemptorSent> Retrieving a different package than I requested.
08:17 <TemptorSent> Thus filenames missmatch.
08:18 <kaniini> TemptorSent: yeah that kinda happens when you rename the kernel...
08:18 <TemptorSent> Yeah, kinda breaks things when the filename doesn't match the package name :)
08:19 <kaniini> anyway, something something needs of many outweight needs of few
08:19 <TemptorSent> This is that whole issue with not being able to use the results of search -x directyl.
08:20 <kaniini> i'll figure out why apk is not calculating the right transaction tomorrow
08:20 <kaniini> in meantime
08:20 <kaniini> virtual linux-grsec package will make sure ntohing breaks
08:20 <TemptorSent> Okay, but what's causing it to break is uname -r not matching
08:20 <TemptorSent> ...which is going to break a LOT of things
08:20 <TemptorSent> Including probably mkinitfs.
08:20 <TemptorSent> So it's going to brick systems I think.
08:20 <kaniini> $ uname -r
08:20 <kaniini> 4.9.24-1-hardened
08:21 <kaniini> seems working fine for me
08:21 <TemptorSent> Hmm, did you upgrade before or after you changed that last file?
08:21 <kaniini> that last file just pulls in linux-hardened as a dependency
08:21 <kaniini> it's literally what i did before, except with a package
08:22 <TemptorSent> if uname -r is ...-grsec and update-kernlel gets ahold of it..
08:22 <TemptorSent> Hmm, I'll havve to look at little closer at update-kernel/mkinitfs.
08:22 <kaniini> TemptorSent: it counts as a new kernel image being installed not an update
08:22 <kaniini> like going from grsec to vanilla
08:22 <kaniini> or vice versa
08:23 <TemptorSent> Okay... as long as it bypases update-kernel's normal logic.
08:24 <TemptorSent> 'FLAVOR=$(uname -r | cut -d - -f 3-)'
08:25 <kaniini> blah blah blah
08:25 <TemptorSent> Which will break external modules I suspect.
08:25 <TemptorSent> I can't even get apk upgrade to run anymore
08:26 <kaniini> uh huh
08:26 <TemptorSent> Conflict with history.3.gz is causing a totally broken system.
08:27 <TemptorSent> libedit-doc vs. readline-doc
08:27 <kaniini> you're aware that's a manpage and has nothing to do with linux-grsec package right?
08:27 <TemptorSent> and fix doesn't work.
08:27 <kaniini> yes
08:27 <kaniini> uninstall one of them
08:27 <kaniini> :D
08:27 <TemptorSent> Yes, but it's likely the same problem that caused it.
08:27 <rnalrd> ?
08:27 <kaniini> TemptorSent: which problem is that
08:28 <TemptorSent> And upgrade that didn't fully resolve the tree.
08:28 <kaniini> ah yes
08:28 <kaniini> possible
08:28 <kaniini> unfortunately it is
08:28 <kaniini> 03:28am right now
08:28 <kaniini> and i do not have the mental capacity to expend on debugging a satsolver at this time
08:28 <TemptorSent> Hmm, which is SUPPOSED to be installed?
08:28 <TemptorSent> Goodnight kaniini :)
08:28 <kaniini> not sure, /etc/apk/world would let you know
08:29 <kaniini> my immediate concern right now
08:29 <kaniini> is just making sure that the bug is worked around
08:29 <TemptorSent> Um, NEITHER in world.
08:29 <TemptorSent> So I have conflicting deps somwhere.
08:29 <kaniini> do you have 'docs' package installed?
08:30 <TemptorSent> Yes, docs is installed
08:30 <kaniini> ouch ;)
08:30 <kaniini> it's because of install_if rule
08:30 <kaniini> try
08:30 <kaniini> apk add "!libedit-doc"
08:30 <TemptorSent> Thank you, that did it!
08:31 <ScrumpyJack> (207/475) Upgrading perl-libwww (6.24-r0 -> 6.26-r0)
08:31 <ScrumpyJack> 44% [#################################### ]ERROR: perl-libwww-6.26-r0: Permission denied
08:31 <TemptorSent> If it happened to me, I suspect anyone with docs enabled is going to hit the same.
08:31 <ScrumpyJack> oops, sorry
08:31 <kaniini> TemptorSent: yes, likely
08:32 <TemptorSent> Ouch, - just had my ZFS modules purged, no replacement.
08:32 <kaniini> fcolista: i did linux-grsec fake package for now
08:32 <fcolista> saw that in ml kaniini
08:33 <fcolista> i think that those cnages, anyway, should be thorougly tested before push
08:33 <TemptorSent> Oh well, it's about as broken as it was before, just in the opposite direction :)
08:33 <fcolista> 'cause the side effect are serious
08:34 <kaniini> TemptorSent: run the upgrade again
08:34 <kaniini> it will come back
08:35 <TemptorSent> Yeah, give it a minute to finish the cycle and I'll see if that worked. I might have to run it a third time, since my network is flaking.
08:35 <TemptorSent> Oh, this is awesome, no kernel AND no modules!
08:35 <kaniini> fcolista: the change to aports was technically correct, and linux-grsec dependency was met in my repo. the problem is with APK, which was unforeseen
08:36 <TemptorSent> Nope, gets zfs-hardened and spl-hardened, but no kernel.
08:36 <kaniini> apk info --depends linux-grsec ?
08:36 <fcolista> kaniini, of course this is unforseen. I'm saying that due to the potential side-effect this kind of change has (and we never did it before), it would be better to test it before pushing.
08:37 <TemptorSent> No /lib/modules/4.9.24-1-hardened/modules.order
08:37 <kaniini> fcolista: that is kind of the point of edge
08:37 <kaniini> fcolista: maybe we need something edgier than edge
08:38 <fcolista> that's also true.
08:38 <TemptorSent> linux-hardened-4.9.24-r1 depends on mkinitfs linux-firmware
08:38 fekepp joined
08:38 <fcolista> edge is for that purpose (also)
08:39 <kaniini> TemptorSent: what mirror are you on
08:39 <kaniini> TemptorSent: you should have
08:39 <TemptorSent> No joy -- I guess I'd better manually install a kernel
08:39 <kaniini> linux-grsec-4.9.24-r1 depends on:
08:39 <kaniini> linux-hardened>=4.9.24-r1
08:39 <TemptorSent> dl-cdn
08:39 <kaniini> that's why
08:39 <kaniini> needs to update
08:39 <kaniini> try rsync.alpinelinux.org :P
08:40 <rnalrd> i'm going to test 3.5-stable->edge upgrade path from rsync mirror
08:41 <TemptorSent> updating to rsync...
08:42 <TemptorSent> Now I have linux-grsec-4.9.24-r1 depends on linux-hardened>=4.9.24-r1, but upgrade doesn't even try to fetch it.
08:42 <TemptorSent> It's in limbo somehow, even though it's in world.
08:42 <TemptorSent> It doesn't realize it's not installed.
08:43 <rnalrd> apk fix --reinstall ?
08:43 <kaniini> it's because of the provides on linux-hardened
08:43 <kaniini> the loop cancels it
08:43 <kaniini> grrrrrrr
08:43 <TemptorSent> Yeah... It's bjorked :)
08:44 <TemptorSent> Time to hurry up and make my kerneltool actually install, not just stage :P
08:46 <kaniini> fucking
08:46 <kaniini> garbage
08:47 <TemptorSent> Okay, I was able to pull it manually and stage it, so I can fetch the file, but it can't resolve.
08:49 <rnalrd> waiting for kernel rebuild as 3.5-stable -> edge upgrade is broken
08:55 <kaniini> same
08:56 <kaniini> rnalrd: do you get "unsatisfiable constraints" error?
08:56 <kaniini> rnalrd: if so, i believe edge will be green after new rebuild
08:56 <rnalrd> kaniini yes
08:56 <rnalrd> right
08:57 <kaniini> rnalrd: that is what ig et too after linux-grsec fake package was introduced
08:57 <kaniini> so that should solve that
08:57 <rnalrd> +1
08:58 <kaniini> of course, the fake package should not be needed
08:58 <kaniini> which means something whack is going on with the solver
08:58 <rnalrd> we already had transitional packages in the past
08:58 <rnalrd> and also other distros have it
08:59 <kaniini> yes
08:59 <kaniini> that's how we did pkg-config -> pkgconf for example
09:00 <kaniini> but the new apk-tools 2.x solver normally can handle this
09:02 <rnalrd> hum
09:02 <rnalrd> i think transitional package is broken
09:02 <rnalrd> pkgrel isn't bumped
09:02 <rnalrd> for depends
09:03 <rnalrd> it should fish out pkgver and pkgver from linux-hardened
09:03 <rnalrd> ah no
09:03 <rnalrd> it's =>
09:05 <kaniini> yeah it's >=
09:05 <kaniini> so should be fine
09:05 <rnalrd> y
09:06 <* kaniini> waits patiently
09:10 <kaniini> rnalrd: okay, x86_64 is building modules
09:10 <kaniini> so should be next 5-10 minutes i guess
09:10 <TemptorSent> *yay*
09:11 <rnalrd> linux-headers is still on 4.4.6, why?
09:12 <rnalrd> probably patches needs to be revisited
09:12 <kaniini> good question
09:12 <kaniini> and yes, probably because of the userspace patches
09:13 <TemptorSent> Once something gets to the halfway-sane point, it would probably be a good idea to revisit the entire kernel ecosystem and make it reflect current reality -- I noticed some headers missing defines because they're out of date.
09:14 <kaniini> we are going to overhaul kernel packaging for 3.7
09:14 <kaniini> this is a disaster in general
09:15 <TemptorSent> Yeah, it's a bit of a house-of-cards.
09:16 <kaniini> the apk bug pisses me off the most
09:16 <kaniini> because i have hit it before
09:16 <kaniini> but could never come up with a reproducer
09:16 <TemptorSent> Realisitically, the kernel doesn't fit in the same upgrade cycle as the rest of the system (unless we can hot-patch :) )
09:16 <TemptorSent> Well, you found one!
09:17 <TemptorSent> Too bad it's probably the longest build time of anything outside huge gui apps. :P
09:18 <kaniini> (26/29) Installing linux-hardened (4.9.24-r2)
09:18 <kaniini> (27/29) Upgrading linux-grsec (4.4.59-r0 -> 4.9.24-r1)
09:18 <kaniini> BAM
09:18 <TemptorSent> Damn, STILL only giving me the modules.
09:18 <TemptorSent> I now have spl- and zfs- hardened-4.9.24-r2, but still no kernel!
09:19 <TemptorSent> I think I broke the database by upgrading at the wrong time :/
09:19 <TemptorSent> Any way to fix that? apk fix does nothing.
09:19 <kaniini> poking @ that to see
09:20 <TemptorSent> maybe apk add "!linux-grsec" "!linux-hardened"
09:20 <TemptorSent> then apk add linux-hardened?
09:20 consus joined
09:20 <TemptorSent> Or is that going to put two conflicting entries in the database?
09:21 <kaniini> oh god why did i tell you about that
09:22 <TemptorSent> I'm suspecting it would break things worse.
09:22 <TemptorSent> But currently, I can't seem to force apk to actually install the kernel
09:22 <kaniini> what are you getting
09:22 <kaniini> youre on x86_64 right?
09:22 <TemptorSent> yes.
09:22 <kaniini> because the x86 builder is still building
09:23 <TemptorSent> apk upgrade upgraded the zfs and spl modules, but I still have no kernel, and apk fix does nothing.
09:23 <TemptorSent> Its as if it thinks it's already installed and up to date or something.
09:24 <kaniini> apk policy linux-grsec linux-hardened
09:25 <rnalrd> "apk upgrade -Ua" on 3.5-stable->edge just worked, running it only one
09:25 <rnalrd> only once*
09:25 <kaniini> rnalrd: yes, i think it is good enough for the moment
09:25 <rnalrd> +1
09:25 <TemptorSent> http://termbin.com/9xwf
09:26 <kaniini> rnalrd: but i think this APK bug is screwing up installs in other ways
09:26 <rnalrd> smell yes
09:26 <kaniini> TemptorSent: dont mix edge and 3.5, that's why
09:26 <TemptorSent> Ahh, need to kill the older repo, not let it fail over..
09:27 <kaniini> TemptorSent: if youre mixing versions you need to tag edge repo
09:27 <TemptorSent> Odd, the modules upgrade...
09:27 <kaniini> otherwise things can go really south
09:27 <TemptorSent> I'll drop 3.5 and see what breaks.
09:27 <rnalrd> even downgrade edge->3.5-stable works :)
09:28 <TemptorSent> Well, it upgraded libquadmath, but STILL no kernel
09:28 <kaniini> TemptorSent: apk policy again
09:28 <rnalrd> i have rebased a linux-header patch, which was trivial
09:28 <kaniini> TemptorSent: also try: apk upgrade --available
09:29 <TemptorSent> http://termbin.com/dtkt
09:29 <kaniini> TemptorSent: ok now, apk upgrade --available
09:29 <TemptorSent> Holyshit, 142 packages!
09:29 <TemptorSent> Might be a while before I know if it got the kernel :)
09:29 <kaniini> TemptorSent: you were not doing the full distribution upgrade, that's why ;)
09:30 <TemptorSent> Yeah, I didn't particularly WANT to do the full distribution upgrade.
09:30 <kaniini> kinda have to play the game with edge
09:31 <kaniini> it's not for the faint of heart
09:31 <TemptorSent> Most of that crap I installed because some dep wanted it for me to build, and I don't feel like figuring out what can go.
09:31 <kaniini> ohh
09:31 <kaniini> dudeeeee
09:31 <kaniini> apk add --virtual .thing-deps
09:31 <kaniini> then you can do
09:31 <kaniini> apk del .thing-deps
09:31 <TemptorSent> Yeah, it was a bit more complex than that :)
09:31 <kaniini> and it will delete whatever you pulled in
09:31 <kaniini> you can have as many as you want
09:32 <TemptorSent> Yeah, I didn't realized what I was getting into when I started.
09:32 <kaniini> it's underdocumented
09:32 <kaniini> anyway
09:32 <TemptorSent> I was building some packages for postgis, gdal, and friends.
09:33 <TemptorSent> So yeah, I need to go on a purging spree.
09:33 <kaniini> where we are right now is that for 99% of the time, upgrading to edge wont hose your system
09:33 <kaniini> fixing apk will get the remaining 1%
09:33 <TemptorSent> Those packages don't have their deps even close to right, so I was manually pulling at random.
09:33 <kaniini> and then we can nuke the transitional package
09:33 <TemptorSent> Yeah, all the core stuff I had already upgraded.
09:34 <kaniini> anyway --virtual is quite useful for this
09:34 <kaniini> i really need to take a nap
09:34 <TemptorSent> Yeah, I bet! I'm about there, and I'm a couple TZs west.
09:35 <TemptorSent> And no, STILL no kernel :(
09:36 <TemptorSent> http://termbin.com/xqlw
09:36 <TemptorSent> So, I'll screw with it in the morning.
09:40 <TemptorSent> Goodnight, get some rest -- my problems will wait.
10:14 <jirutka> <kaniini>: "jirutka: how do you feel about the test suite policy change causing us to bag a libressl CVE" – what test policy change?
10:20 <jirutka> kaniini: Shiz: wanna help me with CVE for LibreSSL? :) I have no experience with that
10:23 <fabled> jirutka, it's simple now, just fill in https://cve.mitre.org/cve/request_id.html
10:24 <fabled> more exact, the web form at https://cveform.mitre.org/
10:27 <jirutka> ok, I’ll do it later and ask more questions :)
11:02 <ashb> If I'm updating an APKBUILD for a CVE fix is there any convention to follow for the commit message?
11:05 gromero joined
11:15 gromero joined
11:34 <scadu> ashb: I think something like "fix CVE-XXX" should be enough
12:05 <ashb> Oh it's not actually vuln.
12:05 <ashb> Thanks though
12:11 leitao joined
12:18 rdutra joined
12:29 <jirutka> scadu: ashb: not just that
12:29 <jirutka> ashb: see https://github.com/alpinelinux/aports/blob/master/main/openssl/APKBUILD#L31-L33 for example
12:29 <ashb> It's okay. the CVE i thought was in 2.2.27 which is the current version (though Dovecot didn't do a good job of highlighting it as a CVE in their changelog)
12:29 <ashb> Ah, good to know though
12:34 gromero joined
12:36 gromero joined
12:51 <scadu> jirutka: just wanted to correct myself and mentioned one of examples, but had to do something else first ;x
12:52 <jirutka> scadu: np
12:52 <scadu> s/metioned/mention/
12:58 leo-unglaub joined
13:15 <aFQIyRYSK2g8> if anyone is looking for unoffical packages of gnuradio(osmocom,usrp,hackrf,rtlsdr), kicad, openscad, silversearcher, trousers/tpm-tools, ent, dwdiff, look here: https://github.com/stef/aports-ugly
13:16 <jirutka> aFQIyRYSK2g8: aports-ugly? :)
13:17 <jirutka> aFQIyRYSK2g8: this guide may come handy, to automatically build pkgs on Travis CI or other public CI: https://github.com/jirutka/user-aports#how-to-setup-your-own-repository
13:18 <aFQIyRYSK2g8> ugly because they not necessarily comply with official packages high standards, and i'm not keen spending much time on indentation and stuff
13:26 <ashb> https://wiki.alpinelinux.org/wiki/Abuild_and_Helpers#Generating_new_APKBUILDs mentions an `apkbuild-pypi`. Does that script/util exist anymore?
13:30 <ashb> I see a .in version of it https://git.alpinelinux.org/cgit/abuild/tree/ but the abuild apk doesn't seem to include any of the apkbuild-*
13:32 <ashb> Also: why are there patches for abuild in aports? that is somewhat suprising https://git.alpinelinux.org/cgit/aports/tree/main/abuild?h=master
13:32 <ashb> (i.e. why aren't they just made against the abuild repo directly?
13:36 <jirutka> ashb: maybe, but it’s definitely very outdated, so don’t use it
13:37 <jirutka> ashb: https://github.com/alpinelinux/abuild ?
13:37 <ashb> Ah fair
13:37 <ashb> I might noodle away at making a python version of it that works and gets deps right.
13:38 <jirutka> ashb: yeah, that would be very useful; we would prefer to write it in Lua, but since it’s for Python modules, Python is okay here
13:39 MH0815 joined
13:40 <jirutka> ashb: I’ve started https://github.com/jirutka/sh-parser for such scripts, to sensibly programatically modify APKBUILDs, but that part is not done yet (the parse itself is basically done)
13:41 <ashb> Yeah, using pip libs might make it worth using python for
13:41 <jirutka> ashb: and ad python pkgs, see https://wiki.alpinelinux.org/wiki/APKBUILD_examples:Python
13:46 <jirutka> ashb: I think that it’d be best if you start with it in your own repository and then we will transfer the repo under alpinelinux org, if you like
13:46 <ashb> Sure sure
13:47 <ashb> I make no promise as to how speedy I'll get it done
13:47 <ashb> But a slow chip away at it
13:47 <jirutka> okay, I’m looking forward to it, let us know :)
13:49 <jirutka> ncopa: have you find someone to manage alpinelinux twitter account? I’d like to tweet about new sponsor for master mirror (vpsFree)
13:58 lannonbr joined
14:03 <lannonbr> Good morning, I am a member of the Applied CS Labs at Clarkson University and we host a mirror for the Northeast US. We mirror Alpine at http://mirror.clarkson.edu/alpine/ and we are interested in being added onto the mirrors list.
14:16 <jirutka> lannonbr: Hi, that’s great! :) Could you please add it to https://github.com/alpinelinux/aports/blob/master/main/alpine-mirrors/mirrors.yaml and open a pull request?
14:16 <lannonbr> Sounds good!
14:17 rejadatodo joined
14:23 <lannonbr> Just pushed the PR
14:51 StarWarsFan|afk joined
14:55 skarnet joined
14:56 <Shiz> good morning
14:56 <Shiz> jirutka: sup
14:56 <jirutka> Shiz: sup?
14:56 <jirutka> Shiz: good morning, in what timezone do you live? :)
14:57 <Shiz> one where today is a holiday and i slept like shit yesterday
14:57 <Shiz> :D
14:57 <jirutka> ah, Netherlands!
14:58 <Shiz> i see there's a lot to read back about
14:58 <Shiz> jirutka: did the CVE work out? :)
14:58 <jirutka> Shiz: I haven’t submitted it yet, no time yet
14:59 <Shiz> I can help :P
14:59 <Shiz> now that I'm actually awake
14:59 <clandmeter> Shiz, shouldnt you get out partying?
14:59 <Shiz> i don't celebrate king's day
14:59 <Shiz> it would be somewhat inappropriate if I don't like the monarchy
14:59 <Shiz> :p
15:00 <jirutka> Shiz: monarchy is cool! :)
15:00 <clandmeter> lol, like most of them
15:00 <clandmeter> I dont believe half of them support monarchy
15:00 <clandmeter> its just an excuse to get drunk
15:00 <clandmeter> or sell rubbish
15:01 <skarnet> we don't work on May 1st, "fête du travail", i.e. "work's day". Do you think we like work?
15:01 <jirutka> Shiz: i think that it’s quite nice tradition; and it’s not true monarchy, but constitutional, so basically the same as classic democracy with parlament, isn’t it?
15:01 <Shiz> clandmeter: yeah, but i was never much of a party animal
15:01 <Shiz> heh
15:01 <Shiz> jirutka: it's fine from a political perspective as they don't have much power (although they technically can still veto laws)
15:01 <Shiz> it's just... kind of a waste
15:01 <clandmeter> ah thats a much better reason :)
15:02 <jirutka> Shiz: even our drunk president can veto laws…
15:02 <clandmeter> i would have gone out if the weather wasnt that crappy
15:02 <jirutka> Shiz: same as most presidents imo
15:02 <skarnet> the best party is alone at your computer doing things you like!
15:02 tkharju joined
15:02 <jirutka> skarnet: you’re my man!
15:02 <clandmeter> stop watching those dirty videos skarnet
15:03 <clandmeter> oh crap, wrong channel :p
15:03 <jirutka> XD
15:04 <Shiz> jirutka: we don't have a president
15:04 <Shiz> :)
15:05 <clandmeter> we dont?
15:05 <jirutka> Shiz: I know, I just noted that even presidents in democracy with parliament can veto laws
15:05 <Shiz> clandmeter: we have a minister-president, which is wholly different
15:05 <Shiz> and he has no such veto powers
15:05 <clandmeter> right, but its still a president :p
15:05 <Shiz> not really
15:05 <Shiz> :P
15:05 <Shiz> just because the name is similar doesn't mean the function is
15:06 <clandmeter> i didnt say that ;-)
15:08 <Shiz> jirutka: i'm playing around with the CVE forms :P
15:08 <jirutka> Shiz: thanks! :)
15:08 StarWarsFan|afk joined
15:08 <Shiz> i just need an email address to use since my email server is down
15:08 <Shiz> lol
15:10 <jirutka> you can use mine ;)
15:10 <jirutka> jakub@jirutka.cz
15:11 <clandmeter> for ppl who are interested, scaleway just introduced arm64 servers
15:14 <jirutka> rnalrd: are you here?
15:15 <jirutka> rnalrd: git blame on you, where you get this patch? https://github.com/alpinelinux/aports/blob/master/main/openldap/openldap-mqtt-overlay.patch
15:17 <clandmeter> scaleway even name dropped us https://blog.online.net/2017/04/27/scaleway-disruptive-armv8-cloud-servers/
15:18 <jirutka> nice!
15:24 <tmh1999> ncopa : when you have a moment, please paste me the config log of spl-vanilla on s390x builder. it built good on my test machine.
15:24 <Shiz> jirutka: could you check the writeup I did for accuracy?
15:24 <Shiz> https://txt.shiz.me/MWM4OTNlOT.txt
15:27 <jirutka> Shiz: it’s perfect! I’d just replace `true` with 1 and `false` with 0, to be consistent with documentation etc. and link to bug report https://github.com/libressl-portable/portable/issues/307
15:27 <Shiz> right
15:28 <Shiz> I linked to the bug report in the references field
15:28 <Shiz> :)
15:28 <jirutka> also guys in #xbps mentioned some other soft affected
15:28 <jirutka> <duncaen>: looks like umurmur is affected too
15:29 <duncaen> i did not really test it, just a fast look at the code
15:30 <duncaen> im not sure if ti even supports client certificates
15:30 <Shiz> i don't think it does
15:30 <Shiz> it is affected, rather
15:30 <Shiz> since it doesn't call SSL_get_verify_result in the first place
15:30 <duncaen> true
15:30 <duncaen> but how to exploit it
15:30 <duncaen> it does basically no verififcation at all
15:31 <Shiz> yeah
15:31 <Shiz> jirutka: i'll just add a quick line indicating you discovered it and duncaen and i further investigated; that ok?
15:32 <jirutka> Shiz: yes please :)
15:32 <Shiz> (that's why I wanted your email, duncaen :p)
15:32 <jirutka> Shiz: Jakub Jirutka from Alpine Linux and <?> from VoidLinux
15:32 <jirutka> duncaen: what is your real name?
15:32 <duncaen> Duncan Overbruck
15:33 <jirutka> duncaen: hm, you’ve mentioned OpenBSD in the bug report, so should we mention VoidLinux or OpenBSD?
15:33 <Shiz> yeah, umurmur skips any verification
15:34 <Shiz> jirutka: que
15:34 <duncaen> Void, I just tested it on openbsd to make sure its not something linux related
15:34 <duncaen> (which doesnt make much sense) :D
15:34 <jirutka> :)
15:34 <Shiz> i was gonna say
15:34 <Shiz> just because he tested it on openbsd does not make him an openbsd dev :p
15:35 <duncaen> i port openbsd stuff to linux, not the other way around :D
15:35 <Shiz> i need to see if python is affected by this
15:36 <jirutka> Shiz: maybe give credits to nginx for nginx-tests suite (https://github.com/nginx/nginx-tests)?
15:37 <duncaen> Shiz: python sets the callback to NULL
15:37 <Shiz> alright
15:38 <Shiz> i just remember python having a similar kind of callback that definitely did not give you a preverify_ok parameter
15:38 <Shiz> guess it is invoked manually
15:38 <Shiz> :)
15:38 <duncaen> php uses the callback but looked ok
15:39 <duncaen> maybe some other python openssl lib?
15:39 <duncaen> i just checked Python-2.7.13/Modules/_ssl.c
15:39 <Shiz> yeah, Python doesn't seem affected
15:40 <Shiz> I don't think a lot of things use the non-standard ssl lib in python
15:40 <Shiz> let's check pyopenssl
15:41 <Shiz> i think pyopenssl is fine too
15:41 <duncaen> I have to say i was scared that mupdf matched my set_verify grep
15:42 <Shiz> ... wat
15:42 <Shiz> oh dear
15:42 <duncaen> mupdf-1.11-source/source/pdf/pdf-pkcs7.c: X509_STORE_set_verify_cb_func(cert_store, verify_callback);
15:42 <Shiz> pyopenssl is affected
15:42 <Shiz> https://github.com/pyca/pyopenssl/blob/master/src/OpenSSL/SSL.py#L221
15:42 <Shiz> or well
15:42 <Shiz> affected by adding the bug thmselves
15:42 <Shiz> :/
15:42 <jirutka> XD
15:43 <Shiz> they have no get_verify_result eiter....
15:44 <duncaen> lol
15:44 <duncaen> ah yes inspircd looked bad too
15:45 <duncaen> certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK);
15:45 <duncaen> return 1 in all cases
15:46 <Shiz> yeah, but ->invalid is not used afaics
15:46 omegamike joined
15:46 <duncaen> lol
15:46 <Shiz> only in error output
15:46 <Shiz> :)
15:46 <Shiz> https://github.com/inspircd/inspircd/blob/42888e2907dacb829e2a29effbee83efb5bef6ec/include/modules/ssl.h#L124
15:47 <Shiz> although it may be used later in IsCAVerified()
15:48 <Shiz> ah yes
15:48 <Shiz> it is
15:48 <Shiz> so yeah, inspircd is affected
15:49 <Shiz> checking more what VerifyCertificate(0 does to be sure
15:50 <Shiz> okay so it looks like inspircd is affected
15:50 <Shiz> SSL_get_verify_result() returns X509_V_OK -> invalid becomes false -> together with non-self-signed cert trusted becomes true and unknownsigner becomes false -> IsCAVerified() returns true
15:51 <Shiz> this bypasses inspircd's requiressl="trusted"
15:56 <Shiz> charybdis may be affected too
15:56 <Shiz> but it looks not significantly, as they don't care about verification in the first place
15:58 <Shiz> jirutka: got pgp? ;p
15:58 <jirutka> Shiz: 35C69BBA
15:59 <jirutka> Shiz: oh crap, expired
15:59 <jirutka> Shiz: shit, I need to renew my GPG key
15:59 <Shiz> hehe
16:02 <Shiz> jirutka: duncaen: https://txt.shiz.me/NzNiNDA2NW.txt ok?
16:04 <duncaen> nice looks good
16:05 <jirutka> Shiz: excellent! why not admit that you’re from Alpine too? :)
16:05 <Shiz> i don't know, am I?
16:06 <Shiz> i'm wary of advertising affiliations that aren't official :p
16:06 <jirutka> Shiz: dunno, we don’t have any official list :P
16:07 <duncaen> Would you have looked at it if not for alpine :D?
16:10 <Shiz> pff, if this makes ncopa mad at me
16:10 <Shiz> duncaen: would you? :D
16:11 <jirutka> Shiz: I really don’t think so
16:11 <jirutka> Shiz: there’s no reason why ncopa should be mad at you for propagating Alpine Linux!
16:12 <duncaen> I wouldnt have noticed if ncopa asked if we can reproduce this
16:12 <duncaen> *not
16:12 <Shiz> CVE request submitted
16:12 <Shiz> you should be getting an email soon, jirutka
16:12 <^7heo> about what, again?
16:12 <^7heo> libressl?
16:12 <Shiz> yeah
16:12 <clandmeter> We give him an Alpine email address. This way he can't hide it anymore ;)
16:13 <* Shiz> won't be one to complain
16:13 <^7heo> who has an alpine address?
16:13 <^7heo> jirutka?
16:13 <clandmeter> Only CEO haha
16:13 <^7heo> ah
16:13 <jirutka> Shiz: thanks A LOT for your help, I own you a beer! :)
16:13 <^7heo> jirutka: owe
16:13 <^7heo> really, you don't want to own someone a beer.
16:13 <Shiz> jirutka: lmk when you got the confirmation so i can stop being anxious about having typed your email correctly
16:13 <Shiz> ;)
16:14 <jirutka> ^7heo: aha, right, thanks :)
16:14 <^7heo> :{ anytime
16:14 <jirutka> Shiz: I got confirmation email already
16:14 <Shiz> nice
16:14 <jirutka> I don’t have @alpinelinux.org email
16:14 <jirutka> not sure if I need yet another email address :)
16:15 <Shiz> who actually does
16:15 <* Shiz> curious
16:15 <jirutka> well, quite many ppl actually
16:15 <^7heo> Shiz: only ncopa does
16:16 <^7heo> jirutka: nah, just ncopa; or?
16:18 <jirutka> https://hastebin.com/raw/fuxumasuqo maybe more
16:18 <jirutka> this is what I’ve parsed from abuilds
16:19 <jirutka> eh, gmail.com should not be on the list
16:26 <^7heo> jirutka: nice parsing :D
16:27 fabled joined
16:34 <^7heo> jirutka: you missed aphrael
16:36 <^7heo> and msmith
16:36 <^7heo> also, where did you find clandmeter@?
16:36 <^7heo> I don't have it in aport's history...
16:36 <Shiz> ./main/mpd/APKBUILD:# Maintainer: Carlo Landmeter <clandmeter@alpinelinux.org>
16:36 <Shiz> :)
16:36 <^7heo> AHH.
16:36 <^7heo> THAT.
16:36 <Shiz> and a bunch of others
16:36 <^7heo> git log --format=format:'%aE %cE' | tr ' ' '\n' | sed '/@alpinelinux.org/!d' | sort -u
16:37 <^7heo> that's how I generated MY list.
16:37 <^7heo> I parsed the git info, not the repo info.
16:37 <Shiz> grep -hrF Maintainer: . | sed -e 's/.*Maintainer:\s*//g' -e 's/\s*$//g' | grep -F @alpinelinux.org | sort -u
16:37 <Shiz> :P
16:40 <^7heo> funny
16:40 <^7heo> we have almost the same.
16:40 <^7heo> why hF tho?
16:40 <^7heo> grep -r 'Maintainer:' . | sed '/Maintainer:\s*$/d; s/^[^<]*<\([^@]*@[^>]*\)>.*$/\1/' | sed '/@alpinelinux.org/!d' | sort -u
16:40 <^7heo> Here is mine.
16:41 <Shiz> :)
16:41 <^7heo> also, aside from the original grep, you don't need grep.
16:41 <^7heo> And I'm stupid: grep -r 'Maintainer:' | sed '/Maintainer:\s*$/d; s/^[^<]*<\([^@]*@[^>]*\)>.*$/\1/; /@alpinelinux.org/!d' | sort -u
16:41 <Shiz> -F makes grep faster, searches for the string only instead of POSIX BRE
16:41 <^7heo> That is definitely better.
16:41 <Shiz> -f doesn't print the filename
16:41 <^7heo> ah ok.
16:41 <Shiz> sorry
16:41 <Shiz> -h*
16:41 <^7heo> yeah
16:42 <^7heo> Anyway
16:42 <^7heo> we should have both the same output.
16:42 <^7heo> and I have to admit, I giggled at fcolistæ@alpinelinux.org
16:42 <^7heo> :D
16:43 <^7heo> also funny to have ncop@alpinelinux.org
16:43 <Shiz> call the ncops
16:43 <^7heo> and we have BOTH rnalrd and@ rnarld@
16:43 <^7heo> oops
16:43 <^7heo> rnalrd@ and rnarld@
16:45 <jirutka> i’ve also noticed these errors and filtered them out
16:48 <^7heo> yeah well I'm gonna do a PR to fix them.
16:50 <^7heo> rnalrd: do you also have larena@alpinelinux.org or is it a faulty email?
16:50 <^7heo> it's in 5 APKBUILD files...
16:50 <^7heo> I would imagine it to be faulty.
16:52 <duncaen> https://github.com/chneukirchen/xtools/blob/master/xnew ;)
16:55 <^7heo> https://github.com/alpinelinux/aports/pull/1328
16:55 <^7heo> jirutka, Shiz, ncopa ^
16:55 pickfire joined
16:56 <^7heo> Shiz: { grep -r 'Maintainer:\|Contributor:' | sed '/Maintainer:\s*$/d; s/^[^<]*<\([^@]*@[^>]*\)>.*$/\1/; /@alpinelinux.org/!d'; git log --format=format:'%aE %cE' | tr ' ' '\n' | sed '/@alpinelinux.org/!d' | sort -u; } | sort -u
16:57 <Shiz> :p
16:57 <^7heo> actually the /Maintainer:\s*$/d; at the start of the sed expression is totally useless
16:57 <^7heo> it's an artefact of some filtering I did when I was building the command.
16:57 <^7heo> but yeah long story short
16:58 <^7heo> we now have a non-bogus list of mails in APKBUILDs too.
16:58 <^7heo> and we have 10 @alpinelinux.org mails: http://ix.io/rZB
17:00 pickfire joined
17:01 <^7heo> aphrael@alpinelinux.org and msmith@alpinelinux.org do not seem active anymore.
17:02 <^7heo> clandmeter: also, why don't you use your alpinelinux.org address?
17:02 <jirutka> ^7heo: you must be really boring today… ;)
17:03 <jirutka> s/boring/bored/
17:03 <^7heo> nah I like correct information.
17:04 <^7heo> jirutka: also I need some successful stuff at some point.
17:04 <^7heo> jirutka: I've been griding my brain at some complex SQL query for days...
17:04 <jirutka> ^7heo: understood :)
17:04 <^7heo> without success
17:04 <^7heo> that commit was easy
17:04 <^7heo> but it was a success ;)
17:08 <jirutka> Shiz: CVE-2017-8301 :)
17:10 <Shiz> nice
17:11 <jirutka> so what’s next?
17:11 pickfire joined
17:11 <Shiz> I'll notify the libressl devs of the assigned CVE number
17:11 <Shiz> maybe it's a good idea to make a mailing to oss-security about it
17:12 <Shiz> jirutka: did we revert the patch in our libressl abuild yet?
17:12 <jirutka> Shiz: not yet
17:12 <Shiz> seems like now is the time ;p
17:13 <jirutka> Shiz: CVE database doesn’t know CVE-2017-8301 yet, so it takes some time or another action is required?
17:13 <Shiz> it just takes some time
17:13 <jirutka> okay
17:13 <Shiz> it'll probably appear in a few hours
17:13 <Shiz> "A CVE name has been assigned, but it has not yet been uploaded to the CVE web site. This can happen when a security problem is new."
17:13 <Shiz> :)
17:13 <Shiz> according to https://twitter.com/CVEnew/ they're about 3 CVE #s behind
17:13 <Shiz> so give it time
17:15 <TemptorSent> ^7heo When it gets really ugly, I start writing custom SQL functions to handle the ugly part.
17:16 pickfire joined
18:02 BitL0G1c joined
18:06 <jirutka> Shiz: do you know that your email is broken? I got Delayed Mail (still being retried)
18:07 <Shiz> yes
18:07 <Shiz> tried to email me something
18:07 <Shiz> ?
18:08 <jirutka> yes
18:08 <jirutka> just forwarded response from cve
18:08 <Shiz> ah
18:08 <Shiz> yeah my email is kinda down right now
18:09 <Shiz> jirutka: let me see if i can try something...
18:12 <Shiz> jirutka: can you pm me their reply otherwise?
18:12 <duncaen> is the response interesting or just, here you go CVE-2017-XXX?
18:12 <Shiz> btw the CVE is up: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8301
18:13 <jirutka> duncaen: not interesting, it’s https://paste.fedoraproject.org/paste/M-ZDc841WRyIZ7DSpXvoEl5M1UNdIGYhyRLivL9gydE=/raw
18:15 <jirutka> Shiz: I know, but where’s the Additional Information?
18:16 <Shiz> dunno
18:17 <Shiz> jirutka: i do propose we make a post to oss-security with this info though
18:17 <jirutka> Shiz: agree :)
18:18 <^7heo> ofc there's absolutely NO public record of that CVE yet.
18:19 <Shiz> jirutka: we also need to rebuild packages against the new libressl
18:19 <Shiz> don't think that happens automatically?
18:19 <^7heo> https://nvd.nist.gov/vuln/detail/CVE-2017-8301
18:19 <Shiz> otoh
18:19 <duncaen> true there are a few other uses that dont know about it yet
18:19 <Shiz> it's not needed probably
18:19 <^7heo> well at least they synchronized.
18:19 <Shiz> because dynamic liinking
18:19 <Shiz> and it's no big ABI bump
18:19 <jirutka> Shiz: I don’t think that we need to rebuild them
18:19 <Shiz> i'm not sure if anything statically links against libressl in our package base...
18:19 <jirutka> Shiz: except pkgs that links it statically, but I think that we donjt have any…?
18:19 <Shiz> wouldn't be surprised if rust did
18:19 <^7heo> Shiz: did you write the CVE description?
18:19 <Shiz> fwiw
18:20 <Shiz> ^7heo: i wrote the additional info section in the thing jirutka linked
18:20 <Shiz> they condensed that into the CVE description
18:20 <Shiz> :P
18:20 <^7heo> Ah ok
18:20 <^7heo> yeah it's a little... condensed.
18:20 <^7heo> Shiz: do you have the original text?
18:20 <duncaen> freebsd has a recently started to provide libressl ports
18:20 <Shiz> see jirutka's
18:20 <jirutka> maybe it’ll be available later once they confirm it?
18:20 <Shiz> fedoraproject paste link
18:20 <^7heo> jirutka: do you have the original text?
18:21 <Shiz> │ ageis
18:21 <Shiz> err
18:21 <^7heo> ah ok I'll grep the log.
18:21 <Shiz> 20:13:41 jirutka │ duncaen: not interesting, it’s https://paste.fedoraproject.org/paste/M-ZDc841WRyIZ7DSpXvoEl5M1UNdIGYhyRLivL9gydE=/raw
18:21 <Shiz> lazy bum
18:21 <Shiz> :P
18:21 <^7heo> thanks ;)
18:21 <^7heo> Shiz: how am I supposed to know that the link was pasted here?
18:21 <^7heo> Wow it's LONG
18:22 <^7heo> ncopa: we should provide jirutka with an alpinelinux.org mail IMHO
18:22 <^7heo> ncopa: and shiz too.
18:23 <^7heo> I mean, from the CVE report, you can see: (Discoverer]
18:23 <^7heo> Jakub Jirutka <jakub@jirutka.cz>, Duncan Overbruck <duncaen@voidlinux.eu>, Shiz <hi@shiz.me>
18:23 <^7heo> while it's coole for jirutka and shiz to have their name there; they actually discovered that while working for Alpine
18:23 <^7heo> it would be good if that would be reflected, for future reference.
18:24 <^7heo> I mean the text says so, but the text has been... Summarized.
18:24 <jirutka> ^7heo: "This issue was discovered by Jakub Jirutka <jakub@jirutka.cz> from Alpine Linux"
18:25 <^7heo> yeah
18:25 <^7heo> that text is missing from any text but that obscure paste on the fedoraproject pastes...
18:25 <^7heo> i.e. *nobody* will ever see that.
18:25 <^7heo> (aside us and the people who summarized it)
18:25 <jirutka> that’s what i don’t know
18:26 <jirutka> why they want to enter Additional Information if not displayed anywhere?
18:26 <Shiz> ^7heo: that's why we're going to post the same description to oss-security
18:26 <^7heo> yeah but if you had an alpinelinux.org address; that wouldn't happen.
18:26 <jirutka> maybe it’s available later?
18:26 <Shiz> ;p
18:26 <Shiz> jirutka: possibly
18:26 <Shiz> i don't know the CVE process
18:26 <jirutka> ^7heo: as you can see, there are not even our mail addresses: https://nvd.nist.gov/vuln/detail/CVE-2017-8301
18:26 <^7heo> Shiz: well yeah; but honestly... Wouldn't it just be simpler to make you both alpinelinux.org addresses?
18:26 <^7heo> jirutka: not there no; because they don't list discoverers/reporters.
18:27 <Shiz> they never list the reportersp ublically
18:27 <Shiz> they said as much in the web form
18:27 <Shiz> anyway this seems pointless
18:27 <duncaen> i guess they "received by the NVD and has not been analyzed." publish more after they see its not garbage
18:27 <Shiz> the issue is the acutal issue in libressl, not who gets credit for it
18:27 <Shiz> ;)
18:27 <^7heo> Shiz: ah ok. Well.
18:27 <^7heo> duncaen: possibly too.
18:28 <duncaen> who cares about libressl anyways :D
18:28 <^7heo> huhu
18:35 LouisA joined
18:37 <jirutka> Shiz: I think that I can just paste https://paste.fedoraproject.org/paste/M-ZDc841WRyIZ7DSpXvoEl5M1UNdIGYhyRLivL9gydE=/raw to email for oss-security, right?
18:37 leprechau joined
18:37 <jirutka> Shiz: I mean paste content, not that link
18:38 pickfire_ joined
18:38 bfritz_ joined
18:41 irclogger_com joined
18:41 Topic for
18:42 <Shiz> jirutka: good news: i now also have an aarch64 box to test on
18:43 tty` joined
18:48 <jirutka> Shiz: https://paste.fedoraproject.org/paste/YMGTE4fkRowTqb7Kg~DXKl5M1UNdIGYhyRLivL9gydE=/raw ok?
18:48 <jirutka> Shiz: that’s great! :)
18:48 <Shiz> i'd rename the subject to CVE-2017-8301: TLS verification vulnerability in LibreSSL 2.5.1 - 2.5.3
18:49 <jirutka> ok
18:49 <Shiz> and add the MITRE CVE page to references
18:49 <Shiz> rest LGTM
18:49 <jirutka> ah right forgot to that
18:49 <Shiz> you forgot to space between InspIRCD and [4[ btw
18:49 <Shiz> [4]
18:50 <jirutka> good catch! I have headache, so hard to focus to anything :/
18:50 <Shiz> you can actually move all links in the main desc to the reference section
18:50 <Shiz> :P
18:51 <Shiz> add [6] to verified by vendor here, add it as [6], and move al the links to the ref section
18:52 <jirutka> already did it :)
18:52 <jirutka> also link to nginx bug tracker is here twice, so also fixed
18:52 <Shiz> yea
18:54 <Shiz> jirutka: apparently this version in openBSD 6.1...
18:56 <Shiz> https://up.shiz.me/ZDhlMWU2.png
18:56 <Shiz> :)
18:56 <Shiz> jirutka: unrelatedly, rust 1.17 got released
18:56 <Shiz> dare we take the plunge?
18:57 arch3y joined
19:14 arch3y joined
19:16 <jirutka> Shiz: http://www.openwall.com/lists/oss-security/2017/04/27/11
19:17 <Shiz> nice!
19:39 <Shiz> jirutka: im gonna try upgrading rust to 1.17
19:39 <Shiz> hehe
19:40 MH0815 joined
19:41 blueness joined
19:52 <xentec> Shiz, now that Alpine has a complete Rust compiler, do you even need to bootstrap it everytime?
19:52 <Shiz> yes
19:52 <Shiz> rust always needs to be bootstrapped :P
19:53 <jirutka> Shiz: you can compile 1.17 with rustc 1.16
19:54 <Shiz> yeah
19:54 <Shiz> i know :p
19:54 <xentec> why bootstrap it then?
19:55 <Shiz> because that's still bootstrapping, no matter where the compiler comes from
19:55 <Shiz> and i don't think we want our aports to rely on a previous aports state
19:56 <jirutka> Shiz: we don’t, still need rust-bootstrap for bootstrapping from glibc binary :/
19:56 arch3y joined
19:56 <Shiz> jirutka: do we have a rust-bootstrap now?
19:56 <jirutka> nope
19:56 <Shiz> ah
19:56 <jirutka> fabled: are you here?
19:56 <xentec> So what about gcc then? Would that break this rule?
19:56 <xentec> s/Would/Wouldn't/
19:58 <Shiz> xentec: in what way?
19:58 <Shiz> you can use any gcc to build alpine gcc
19:58 <Shiz> alpine/aports gcc
19:59 nmeum joined
20:01 <xentec> I kinda see what you meant. So you can't do the same with rustc yet?
20:01 <Shiz> nope
20:01 <Shiz> rustc needs an explicit version
20:02 <Shiz> i think it's <to-compile version> - 1 these days
20:02 <Shiz> e.g. rustc 1.17.0 needs rustc 1.16.0
20:03 <jirutka> or 1.17.0 :P
20:07 <xentec> Just wondering... why not using existing package of previous version but relying on foreign distfiles (as seen in rust APKBUILD) to rebuild rustc.
20:08 mmlb joined
20:08 <* mmlb> should have joined here earlier
20:09 <Shiz> xentec: we want to be independent from void, as cool guys as they are
20:09 <Shiz> :P
20:11 <mmlb> I've got a PR out to mkinitfs that fixes #7037 that correctly handles kernel console= params for serial consoles. Can someone take a look or are the tree frozen?
20:11 <algitbot> Bug #7037: /init does not correctly handle serial port config from command line - Alpine Linux - Alpine Linux Development: http://bugs.alpinelinux.org/issues/7037
20:11 <Shiz> it's still open for bugfxies to the best of my knowledge
20:11 <Shiz> and i've seen that bug before too, can ack
20:12 t0mmy joined
20:12 <mmlb> Shiz: nice. We've worked around it but the fix is good to have
20:13 <mmlb> I guess I'll also follow up with some more debugging of #6713
20:13 <algitbot> Bug #6713: ash doesn&#39;t errexit correctly - Alpine Linux - Alpine Linux Development: http://bugs.alpinelinux.org/issues/6713
20:13 <Shiz> you probably wanna poke fabled or ncopa for it, they are the maintainers for mkinitfs afaik
20:13 <Shiz> maybe ^7heo
20:14 <mmlb> yeah I figured I would go checkout git blame for pepole top poke soonish
20:14 <xentec> Shiz, what I meant was: why not having a makedepends_build="rust=<to compile ver.>" in APKBUILD for rust but download prebuild versions now that Alpine has a rust package?
20:14 <xentec> aka doing the same as with gcc
20:14 <Shiz> i don't think that's what we do with gcc
20:14 <Shiz> heh
20:15 <xentec> https://git.alpinelinux.org/cgit/aports/tree/main/gcc/APKBUILD#n17
20:15 <xentec> but its there?
20:15 <Shiz> ah yeah
20:15 <Shiz> well, mostly because it's hacky and we want to avoid it as it's special-casing stuff
20:25 arch3y joined
20:25 <Shiz> kaniini: btw what's the nature of our current grsec patch anyway
20:25 <Shiz> it's definitely not an upstream patch
20:26 <kaniini> Shiz: we forked grsec 2 years ago basically
20:26 <kaniini> Shiz: sometimes it gets rebased
20:26 <Shiz> right.
20:27 <kaniini> Shiz: i guess that will not be happening anymore though ;)
20:27 <Shiz> well, I would have no issues if we were to forward-port the last public patch to newer kernels :P
20:27 <Shiz> work, though
20:29 <kaniini> Shiz: rebasing the patch on a newer kernel is really a massive pain in the ass
20:29 <kaniini> Shiz: we've done it, it results in several weeks of working out the regressions
20:29 <Shiz> hence my exclamation of "work, though"
20:29 <Shiz> :P
20:30 <Shiz> as of right now i'm interested in what the other distros using grsec are gonna do
20:31 <Shiz> gentoo hardened, etc
20:37 <TemptorSent> kaniini: What would be the difficulty of adding an option to list files with checksums in apk?
20:37 <kaniini> TemptorSent: not hard
20:38 <Shiz> jirutka: building rust 1.17...
20:38 <TemptorSent> kaniini: That is a show-stopper for my work, as taking 5 minutes to extract the checksums from the kernel apk using awk is a deal-breaker for the user-experience.
20:39 <TemptorSent> kaniini: And a manifest output would elimintate probably 20% more of my code.
20:40 <kaniini> TemptorSent: presently composing a test for the solver bug
20:43 <TemptorSent> (kapk:$arch/$krel/$pkg\tshaX:$sum\t$path is what I'm using for the kernel packages)
20:44 <TemptorSent> But generally: 'apk:$arch/$pkg' would be fine for tagging.
20:45 <TemptorSent> kaniini: Good deal - that was a nasty little surprise.
20:46 <TemptorSent> It looks like it was hitting a lot of other cases, but was less than apparent usually due to it often self-resolving on a subsequent update.
20:49 arch3y joined
21:00 arch3y joined
21:03 <Shiz> so far so good for rustc 1.17
21:06 <TemptorSent> kaniini: A manifest format is one of the issues that probably should be discussed before we go too much further with apk.
21:10 <TemptorSent> One additional wrinkle is that some files may get compressed/decompressed upon installation/use (kernel modules/man pages/etc.), thus we need to have a canonanical checksum for the file content and a checksum for the actual file.
21:12 <Shiz> man pages don't get compressed or decompressed at all during installation
21:12 <Shiz> they get compressed once during packaging and that's it
21:12 <Shiz> thus their checksum should always be the compressed version
21:13 <TemptorSent> Man pages are less of an issue as far as handling, it's modules that are a big one.
21:14 <TemptorSent> If you want a deptree of checksums, you need to be comparing the modules themselves, not a compressed version.
21:14 <Shiz> what's the compressed version of module
21:15 <TemptorSent> Any flavor you choose - gz, xz, lzo, bz2, etc.
21:15 <Shiz> i dont see any compressed modules...
21:15 <TemptorSent> And in some cases, they may be stored compressed in one location and uncompressed in another.
21:16 <TemptorSent> Yeah, which is currently a problem - we're wasting space with uncompressed modules :)
21:16 <TemptorSent> But if they're being stored in a squashfs, there is no point in compressing them twice..
21:16 <Shiz> ...
21:16 <Shiz> i think we're just fine with uncompressed modules
21:17 <TemptorSent> Really? How large is /lib/modules/`uname -r` and /lib/firmware?
21:17 <Shiz> the question is not 'how large is it'
21:18 <Shiz> the question is 'how much does compression make it smaller''
21:18 <Shiz> until there's numbers on that, this is a useless discussion
21:18 <TemptorSent> 279MB
21:18 <Shiz> :P
21:19 <TemptorSent> 279MB for /lib/modules/4.9.24-2-hardened
21:20 tmh1999 joined
21:21 <TemptorSent> Hmm.. need an easy way to parallelize find
21:22 <TemptorSent> ... or at least xargs.
21:22 <TemptorSent> 74MB after gzip -9
21:22 <TemptorSent> Yeah, I think that's a bit of a savings.
21:25 <TemptorSent> 277% more space.
21:26 <TemptorSent> So Shiz, not such a useless discussion?
21:27 arch3y joined
21:28 <TemptorSent> When compressed size is 26.5% of uncomressed size, for a savings of 205MB, I think it's worth considering.
21:28 <Shiz> sure, but then the question remains
21:28 <Shiz> why checksum the uncompressed version?
21:28 <Shiz> the module tools take the compressed versions directly
21:28 <Shiz> so there is no reason for the uncompressed version to exist on disk ever
21:29 <TemptorSent> Because if I'm sticking the same modules in a modloop which is on a comressed filesystem, I'm wasting space by trying to compress them again.
21:29 <TemptorSent> And it might well be that some users choose a different compression for speed/memory reasons.
21:29 <Shiz> you're not wasting space, at most you're not making any extra gains
21:30 <TemptorSent> The point is that the dep tree should depend on the uncompressed module checksums, since those are consistent.
21:30 <Shiz> dont see why :|
21:34 <TemptorSent> Shiz: Because relying on a particular compressed version of a file to match is fragile compared to looking at the uncompress file checksum.
21:35 <Shiz> why, do we expect to re-compress them?
21:35 <Shiz> binaries are just as fragile as compressed anything as they are not reproducable
21:35 <TemptorSent> I can compress the same module in 6 different formats validly, and the only checksum that stays the stame is the result of uncompressing ANY of those.
21:36 <Shiz> you don't get it
21:36 <Shiz> why do we expect the compressed version to change, ever
21:36 <Shiz> after the initial compression
21:36 <Shiz> which would be part of packaging
21:36 <TemptorSent> Look, I'm not going to waste either of our time debating this right now. I have real-world experience with issues related to this, and I'm not willing to do it wrong.
21:37 <TemptorSent> Because we still allow custom kernels, right?
21:38 <TemptorSent> And firmware couldn't conceivelby start being comressed, with the actual binary unchanged, right?
21:38 <TemptorSent> Or any other artifact on the system for that matter -- You want to know if what you're looking at matches the original contents of the file for semantic reaons, not just for entertainment.
21:39 <Shiz> i still don't see the meaning, but you're right, i also don't have time to waste on debating
21:40 <TemptorSent> There is a reason, it's not just random, and it works properly when done as I suggest, while sometimes breaking otherwise.
21:40 <kaniini> TemptorSent: https://paste2.org/5afXCk68
21:41 <kaniini> LOOK FAMILIAR?!!!!?!
21:42 <TemptorSent> kaniini : Bingo!
21:43 <TemptorSent> And with my fubared split repo and poorly timed update, I managed to break the lat one so it wouldn't even try.
21:43 <TemptorSent> I think that nails it.
21:44 minimalism joined
21:49 tmh1999 joined
21:49 <kaniini> now... to figure out why this occured
21:51 <kaniini> disqualify_package: a-1-r0 (conflicting provides)
21:51 <kaniini> BAM
21:52 <kaniini> https://paste2.org/2ZgbwEB4
21:52 <kaniini> so
21:52 <kaniini> this is interesting
21:52 <kaniini> the solver seems to *want* b
21:53 arch3y joined
21:56 <kaniini> but i think when that disqualify happens
21:56 <kaniini> it disqualifies the entire name
21:56 <kaniini> humm
21:59 <kaniini> yep
21:59 <kaniini> that's what is going on
21:59 <kaniini> cool
21:59 <kaniini> that means this is probably an easy fix
22:03 <Shiz> jirutka: rust and cargo both upgraded and working
22:03 <kaniini> ok
22:03 <kaniini> i think i have this sorted out
22:03 <kaniini> installing B is not inserted into changeset
22:05 tdtrask joined
22:09 <Shiz> jirutka: https://txt.shiz.me/MzljMDRjMz
22:09 <Shiz> rust -> 1.17.0
22:09 <Shiz> jirutka: https://txt.shiz.me/NTRkOTlmYj
22:09 <Shiz> cargo -> 0.18.0
22:09 <Shiz> all cargo tests still pass
22:10 <clandmeter> is nginx broken on edge?
22:11 <Shiz> any specific reason for asking?
22:11 <clandmeter> i cant install it :)
22:12 <Shiz> that seems problematic
22:12 <Shiz> seeing the same here
22:12 <Shiz> old libssl.so.* version
22:12 <Shiz> nginx needs a rebuild, cc kaniini
22:12 tmh1999 joined
22:13 <kaniini> Shiz: it doesnt build on 3.6
22:13 <kaniini> Shiz: meaning it will stall builder
22:13 <Shiz> ah.
22:13 <kaniini> Shiz: send fix for 3.6 build and i will take care of it
22:13 <Shiz> got log?
22:13 <kaniini> Shiz: http://build.alpinelinux.org/buildlogs/build-3-6-x86/main/nginx/nginx-1.10.3-r5.log
22:13 <Shiz> thanks
22:14 <clandmeter> what about edge?
22:14 <Shiz> yay, libssl
22:14 <Shiz> clandmeter: if it won't build on 3.6, it's likely not gonna build on edge either
22:14 <Shiz> :P
22:14 <clandmeter> 3.6=edge :)
22:14 <Shiz> exactly
22:14 <Shiz> i'll take care of that patch
22:14 <kaniini> clandmeter: triggering a rebuild will put it in the same position as 3.6 builder
22:15 <kaniini> clandmeter: so... "please, can we not?"
22:15 <clandmeter> what is the position of the 3.6 builder?
22:15 <kaniini> clandmeter: it fails to build
22:15 Meeh joined
22:15 <kaniini> clandmeter: so the builder is stalled
22:15 <clandmeter> i see
22:16 Adran joined
22:16 <clandmeter> we need a commits channel per arch...
22:16 Adran joined
22:17 <Shiz> kaniini: identified the fix, gonna try compiling now
22:17 <Shiz> should be trivial
22:17 <kaniini> cool
22:17 starefossen joined
22:17 arch3y joined
22:17 <Shiz> btw 1.10 is legacy now
22:17 <Shiz> do we want to upgrade to 1.12 before 3.6?
22:18 <Shiz> i can take care of the work for that
22:18 <Shiz> kaniini: build succeeded lol
22:19 <Shiz> patch incoming as soon as check() passes
22:20 <clandmeter> Shiz, looks like there is already a 1.12 pr
22:21 <Shiz> link?
22:21 jcloud joined
22:21 shykes__ joined
22:21 <clandmeter> https://github.com/alpinelinux/aports/pull/1323
22:22 <Shiz> ah, jirutka
22:22 <Shiz> :P
22:22 <clandmeter> he cant sit still :p
22:24 <kaniini> disqualify_package: a-1-r0 (conflicting provides)
22:24 <kaniini> record_change: old: a new: ???
22:24 <kaniini> getting there
22:24 <Shiz> is there any way to re-trigger the CI build for that aport?
22:24 <Shiz> it failed because of the libressl bug we fixed now
22:24 <Shiz> it otherwise LGTM
22:24 <Shiz> aport PR*
22:26 <clandmeter> you mean the 1.12?
22:27 <Shiz> yeah
22:27 <clandmeter> you want to apply your patch against 1.12?
22:27 <Shiz> no
22:27 <Shiz> that PR already fixes the same issue
22:27 <Shiz> :)
22:27 <clandmeter> ah ok
22:27 <Shiz> it should be used instead of my patc as it also upgrades nginx to stable
22:28 <clandmeter> whats that perl module doing?
22:29 <clandmeter> its a depend?
22:30 <Shiz> it's a separate commit he put into the same PR
22:30 <Shiz> new aport
22:30 <Shiz> external module, probably
22:30 arch3y joined
22:31 <clandmeter> ok, as its in testing.
22:31 LouisA joined
22:32 <clandmeter> jirutka, any reason not to push this?
22:32 rdutra joined
22:32 <jirutka> clandmeter: if you fix that damn builders, I can push fixed nginx… ;)
22:33 <Shiz> jirutka: im running into something weird
22:33 <jirutka> clandmeter: i’ve postponed it b/c of libressl bug
22:33 <Shiz> i didnt need that fix-libresssl.patch to fix the lua module build
22:33 <Shiz> only a bump to 10.8
22:33 <clandmeter> the builders are stuck because of nginx right?
22:33 <jirutka> no
22:34 <jirutka> i donjt know why build-edge-x86{,_64} does not work now :/
22:35 <jirutka> https://github.com/alpinelinux/aports/pull/1323
22:35 <Shiz> the builder doesn't have the new libressl
22:36 <jirutka> exactly
22:36 <jirutka> https://github.com/alpinelinux/aports/commit/500f378f52a862e91c61de633df00197d4afd366
22:36 <Shiz> well
22:36 <Shiz> maybe the builder is stuck because of nginx and now it can't build the new libressl because it's stuck
22:36 <Shiz> and thus not the fixed nginx?
22:36 <Shiz> :D
22:37 <jirutka> https://pkgs.alpinelinux.org/packages?name=libressl&branch=edge&repo=&arch=&maintainer=
22:37 <jirutka> and armhf doesn’t have even 2.5.3, so it’s like weeks behind…?
22:37 <jirutka> no, these builders are not stuck b/c of nginx
22:37 <jirutka> they does not respond to algitbot commands
22:38 <kaniini> record_change: old: a new: ???
22:38 <kaniini> REMOVE a
22:38 <jirutka> I’ve already reported it in #alpine-infra, but we have classic situation when only two ppl have access to the builders and they are not here :(
22:38 <kaniini> REMOVE?!!! b
22:38 <clandmeter> http://build.alpinelinux.org/buildlogs/build-edge-x86_64/main/libressl/libressl-2.5.3-r1.log
22:38 <Shiz> :(
22:38 <clandmeter> isnt that new libressl?
22:38 <Shiz> yes
22:39 <jirutka> build-3-6 are stuck b/c of nginx thought
22:39 <jirutka> hm, i’ll just push it, maybe it will unblock at least 3.6 builders
22:39 <clandmeter> i think edge builders have nothing to build
22:39 <TemptorSent> kaniini: Hmm, that could be a minor problem ;)
22:39 <clandmeter> nginx fails to build here
22:39 <Shiz> clandmeter: i don't have new libressl on aarch64 btw
22:39 <clandmeter> failed test
22:39 <jirutka> no, they should build fixed libressl
22:39 <Shiz> so the aarch64 builder may be mia?
22:39 <kaniini> i know why its doing it now
22:40 <TemptorSent> I think that's how I ended up with the zfs modules installing and the kernel removing itself.
22:40 <kaniini> TemptorSent: it is processing the changeset instruction wrong
22:40 <clandmeter> ./proxy_bind_transparent.t (Wstat: 512 Tests: 3 Failed: 2)
22:40 <kaniini> because the name is different
22:40 <TemptorSent> *facepalm* Yeah, that sounds about right.
22:41 <TemptorSent> Same logic error that bit me trying to do it manually before I forced the issue.
22:41 <Shiz> clandmeter: is that with the new libressl?
22:41 <Shiz> because the CI reference in the PR uses the old one
22:41 <jirutka> what CI reference?
22:41 <clandmeter> (10/42) Purging libressl-dev (2.5.3-r1)
22:42 <Shiz> referenced*
22:42 <clandmeter> the edge builders are fine
22:42 <jirutka> -r1, that’s correct
22:42 <TemptorSent> kaniini: Easily fixable?
22:42 <clandmeter> they have new ssl
22:42 <jirutka> no, they are fucking not fine
22:42 <jirutka> I don’t see libressl -r1 here https://pkgs.alpinelinux.org/packages?name=libressl&branch=edge&repo=&arch=&maintainer=
22:42 <clandmeter> i see it on my box?
22:42 <jirutka> aha, so just sync with pkgs.a.o is broken?
22:42 <Shiz> p.a.o takes a bit to update
22:43 <Shiz> usually
22:43 <clandmeter> i dont know, just stay calm :)
22:43 <clandmeter> yes
22:43 <jirutka> i’ve restarted travis, let’s see what it will pull
22:43 <jirutka> Installing libressl (2.5.3-r0) ofc :/
22:44 <clandmeter> which mirror?
22:44 <Shiz> :/
22:44 <jirutka> nl ?
22:44 <Shiz> nl
22:44 <clandmeter> hmm
22:44 <clandmeter> thats correct
22:44 <clandmeter> ncopa forgot something
22:44 <Shiz> fetch http://nl.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
22:44 <clandmeter> it still thinks its master
22:44 <Shiz> v3.5.0-4354-g56905f47f8 [http://nl.alpinelinux.org/alpine/edge/main]
22:44 <Shiz> OK: 5527 distinct packages available
22:44 <Shiz> is what it says
22:44 <jirutka> we really need to rebuild builders infra, i’m getting really tired of troubleshooting builder failures each day :(
22:44 <clandmeter> so it doesnt pull from new master
22:44 <kaniini> REMOVE: chosen name: b; installed name: a
22:44 <clandmeter> keep calm please
22:44 <kaniini> indeed
22:45 <Shiz> so, new mirror in builder cfg?
22:45 <clandmeter> its because of the recent master switch
22:45 <clandmeter> i will fix nl.a.o now
22:45 <kaniini> even closer
22:45 <kaniini> TemptorSent: i now have this:
22:46 <Shiz> ah
22:46 <Shiz> https://github.com/alpinelinux/aports/blob/c12931e8863fa9fddc90390db24a4a591f43043e/.travis/common.sh#L6
22:46 <Shiz> may be useful to set this to dl-cdn
22:46 <Shiz> :p
22:46 <jirutka> I’m sorry, I’m really tired and have headache
22:46 <jirutka> you’ve switched CNAME rsync to new master, so other mirrors should be okay, no?
22:47 <jirutka> no, dl-cdn resolves to random mirrors and some of them are broken
22:47 <Shiz> oh, i thought dl-cdn was a separate CDN thing
22:47 <kaniini> raccoon:~/apk-tools$ sudo apk --root ~/apktestenv/ add --initdb -X ~/apktest/repo1 --keys-dir /etc/apk/keys a
22:47 <kaniini> (1/1) Installing a (1-r0)
22:47 <kaniini> OK: 0 MiB in 1 packages
22:47 <kaniini> raccoon:~/apk-tools$ sudo apk --root ~/apktestenv/ upgrade -X ~/apktest/repo2 --keys-dir /etc/apk/keys --available
22:47 <kaniini> (1/1) Installing b (2-r0)
22:47 <kaniini> OK: 0 MiB in 2 packages
22:47 <kaniini> TemptorSent: getting closer ^^^
22:47 <jirutka> no, try curl -Lv, it returns random mirros from some list
22:47 <Shiz> i trust you :)
22:48 <clandmeter> ok cron restored
22:48 <kaniini> TemptorSent: i think solution may be simpler
22:49 <jirutka> clandmeter: sorry once again, you were right, build-edge-x86{,_64} are okay, they’re building nginx now; I’ve told algitbot to retry master and nothing happened on build.a.o on these builders and I’ve wrongly interpreted it
22:50 <clandmeter> nl is syncing
22:50 <clandmeter> i need to go to bed
22:50 <clandmeter> seems a lot of armhf changes
22:51 <Shiz> :)
22:51 <jirutka> that’s good, b/c armhf is miles behind :/
22:51 <clandmeter> i can bump armhf tomorrow
22:51 <clandmeter> not sure what is holding it back
22:51 arch3y_ joined
22:51 <clandmeter> i tried to fix it a few times
22:52 <clandmeter> but nobody is looking after it
22:52 <jirutka> it’s simply, armhf is broken half of the year and moreover it’s quite slow :)
22:52 <jirutka> so it’s behind other builders very often
22:52 <clandmeter> try a raspberry
22:52 <jirutka> that’d be even worse
22:52 <jirutka> or not?
22:52 <clandmeter> its not that slow
22:53 <jirutka> raspberry is very slow, not sure what we currently have for armhf
22:53 <Shiz> we could setup a few scaleways for arm
22:53 <clandmeter> xgene
22:53 <clandmeter> its not slow
22:53 <clandmeter> believe me
22:53 <arch3y_> jirutka: thanks for adding labels on my prs
22:53 <clandmeter> sync done
22:53 <clandmeter> nl up2date
22:53 gromero joined
22:53 <jirutka> pefect! :
22:53 <jirutka> )
22:54 <jirutka> <Shiz>: "only a bump to 10.8" – bump what?
22:54 <clandmeter> this is what we use
22:54 <clandmeter> http://b2b.gigabyte.com/Server-Motherboard/MP30-AR0-rev-11#ov
22:54 <Shiz> jirutka: lua module
22:54 <Shiz> 0.10.8
22:55 <clandmeter> the problem is single thread operations
22:55 <clandmeter> which is even slower on the thudnerx
22:55 <jirutka> clandmeter: it looks powerful
22:55 <jirutka> aha
22:55 <clandmeter> for sure with recent check
22:56 <clandmeter> many of the test run single thread
22:56 <jirutka> Shiz: that’s quite weird
22:56 <clandmeter> ok im to bed
22:56 <Shiz> the cpu my aarch64 setup uses is... interesting
22:56 <clandmeter> gnite
22:56 <Shiz> [ 0.000000] Boot CPU: AArch64 Processor [431f0a11]
22:56 <Shiz> very clear
22:57 <jirutka> clandmeter: good night!
22:57 <Shiz> night clandmeter \o
22:57 <kaniini> aha
22:58 <TemptorSent> Got it?
23:01 arch3y_ joined
23:02 <TemptorSent> kaniini: What's the status of virtgrsec, is it now virthardened?
23:03 <arch3y_> Ive had pretty good luck building directly on odroid hardware like the c2 and xu4
23:03 <TemptorSent> Hmm, looks like it -- cool :)
23:03 <arch3y_> wed use nspawns to build each pkg in a clean chroot
23:05 <kaniini> (1/2) Purging a (1-r0)
23:05 <kaniini> (2/2) Installing b (2-r0)
23:05 <kaniini> BOOM
23:05 <kaniini> TemptorSent: ^
23:05 <TemptorSent> Nice work!
23:06 <TemptorSent> Do you just backtrack up to the prune point, then start the solver again?
23:06 <TemptorSent> Or did you find a more elegant solution?
23:06 <jirutka> what the heck is wrong with proxy_bind.t
23:08 <TemptorSent> kaniini: Now I shouldn't have anything breaking any more, at worst I'll have a half-update, not everything gone :)
23:09 <jirutka> okay, i can reproduce it locally… weird, maybe it’s caused by the few options i’ve added recently?
23:09 <jirutka> that’s why i didn’t want to merge it yet…
23:09 arch3y_ joined
23:09 <TemptorSent> Once we have the kernel packages versioned, we shouldn't have bricked systems on failed partial updates anymore!
23:10 <jirutka> nevermind, it seems that it fails b/c of some restriction on the host system, so i’m gonna just disable this test
23:10 <Shiz> whats the error?
23:10 <kaniini> TemptorSent: no
23:11 <TemptorSent> no?
23:11 <kaniini> TemptorSent: the solver was generating the correct solution, but due to incorrect assumptions it was being handled as a removal instead of an adjustment
23:11 <jirutka> Shiz: http://build.alpinelinux.org/buildlogs/build-edge-x86_64/main/nginx/nginx-1.12.0-r0.log
23:12 <TemptorSent> Ahh, okay - failed to collide, so was treated as a new operation.
23:12 <kaniini> TemptorSent: which basically means some aspects of the code were not properly understanding the concept of a package being provided by another name
23:12 <jirutka> it’s wrong test
23:12 <kaniini> TemptorSent: right
23:12 <kaniini> TemptorSent: kind of
23:12 <kaniini> TemptorSent: the patch is more explanatory
23:13 <Shiz> jirutka: "Enabling this socket option requires superuser privileges (the CAP_NET_ADMIN capability)."
23:13 <Shiz> re: IP_TRANSPARENT
23:13 <Shiz> :)
23:13 <jirutka> yeah, I have disabled this capability in my LXC container :)
23:14 <Shiz> seems best to disable the test yes
23:14 <TemptorSent> Okay -- what I ended up doing to solve my issue was backtracking a step, substituting the new name in the lookup, then retrying, and treating it as the same if it then hit.
23:14 <Shiz> w/ 61
23:15 <kaniini> TemptorSent: basically we had nodes in the solution {old: a, new: b}, and because a != b it was only generating a remove instead of a change
23:15 <TemptorSent> kaniini: Looking forward to the patch and having that mainlined.
23:16 <TemptorSent> exactly the same logic error I was hitting as a result of apk's fetching a different name than I was giving it.
23:18 <kaniini> TemptorSent: http://turtle.dereferenced.org/~kaniini/apk-tools-fix-provides-upgrade-clobbering.patch.txt
23:18 <jirutka> btw I’m not sure if nginx lua module actually works, they do not support 1.12.0 yet, nor libressl :( and many tests depends on many third-party modules, so I’m not sure which fail b/c of missing module and which b/c of error
23:19 arch3y_ joined
23:21 <kaniini> TemptorSent: does it look sane to you?
23:21 <jirutka> ha, someone deployed updated http://build.alpinelinux.org/, so we have links to logs! \o/
23:21 <algitbot> \o/
23:21 <TemptorSent> Looks sane.
23:23 <jirutka> kaniini: the best about it are these explanatory comments! +1
23:25 <TemptorSent> kaniini: I agree with jirutka on that! APK needs more comments badly, as it's not exactly what you might consider 'self documenting' code ;)
23:27 <TemptorSent> kaniini: Changing the logic to treat everything as a change first is much saner in general, and probably should be the case nearly everywhere.
23:27 <kaniini> TemptorSent: it was the way it was for historical reasons
23:27 <kaniini> TemptorSent: provides came later
23:28 <TemptorSent> Yeah, bottom up design works great, until it doesn't ;)
23:28 <TemptorSent> That's why I do so much refactoring I think, I don't let existing design decisions stand unless I can justify them.
23:30 <TemptorSent> kaniini: APK 3 needs to have the whole structure and process laid out before starting the implementation IMHO.
23:31 <TemptorSent> So at least unhandled areas are explicitly known and provision made to not break.
23:31 <* kaniini> checking if modules are upgraded, if it's good, will push to edge
23:31 <TemptorSent> Sounds good.
23:32 <jirutka> TemptorSent: don’t forget about writing tests… ;)
23:33 Tazy joined
23:33 <TemptorSent> jirutka: Yes, tests are rather helpful, especially once you know what you expect :)
23:33 <kaniini> (25/29) Purging zfs-grsec (4.4.59-r0)
23:33 <kaniini> (26/29) Purging spl-grsec (4.4.59-r0)
23:33 <kaniini> (27/29) Installing spl-hardened (4.9.24-r2)
23:33 <kaniini> (28/29) Installing zfs-hardened (4.9.24-r)2
23:33 <kaniini> BAM
23:33 <TemptorSent> Perfect!
23:34 <TemptorSent> er, wait... that's a typo on zfs-hardened, right?
23:34 <kaniini> yes
23:34 <TemptorSent> Okay, just checking :)
23:34 <kaniini> paste lag
23:35 <kaniini> TemptorSent: https://www.dropbox.com/s/8mwoh5hwal7vo8x/Screenshot%202017-04-27%2018.35.14.png?dl=0
23:35 <jirutka> kaniini: "(4.9.24-r)2" ?
23:35 <TemptorSent> After the last entertainment with apk's output buffering, wanted to be sure :)
23:36 <kaniini> jirutka: paste lag, see screenshot
23:36 <kaniini> jirutka: tl;dr weechat is shit
23:36 <kaniini> news at 11
23:36 <jirutka> :)
23:36 <jirutka> nginx 1.12.0 landed in edge
23:37 <TemptorSent> Thanks for fixing that kaniini - it was driving me absolutely insane.
23:37 <TemptorSent> No more upgrade-russian-roulette.
23:38 <TemptorSent> Now if we could just get it to download all the apks before installing so we don't get a broken system in case of a network failure at a bad time, we'd be set.
23:38 <kaniini> i think it has been there for a while
23:38 <kaniini> i had weirdness with 3.4 and 3.5 too
23:38 <kaniini> but bricking upgrades due to leaving no kernel
23:38 <kaniini> was the final straw
23:38 <TemptorSent> Probably, it just took your kernel package change to make it painfully obvious what was going on.
23:39 <Shiz> :)
23:39 <TemptorSent> No more bricks :)
23:40 arch3y_ joined
23:40 <kaniini> https://git.alpinelinux.org/cgit/aports/commit/?id=3de012bb
23:40 <* kaniini> whistles @ commit message
23:41 <TemptorSent> I'm guessing that in some of the more insidious cases it actually caused multiple layers of faulty removals that were partially masked by subsequent upgrades, but still left holes.
23:41 <kaniini> yes
23:41 <kaniini> likelyt
23:41 <kaniini> -t
23:41 <TemptorSent> Which explains how I got inconsistent results doing the same thing but in slightly different order.
23:41 <kaniini> anything that was swapped with a new package using provides entries would be suspect
23:42 <kaniini> which there is a lot of that these days
23:42 <kaniini> sooo
23:42 <Shiz> hehe
23:42 blueness joined
23:42 <Shiz> # apk upgrade
23:42 <Shiz> (1/2) Upgrading libressl2.5-libcrypto (2.5.3-r0 -> 2.5.3-r1)
23:42 <Shiz> (2/2) Upgrading libressl2.5-libssl (2.5.3-r0 -> 2.5.3-r1)
23:42 <Shiz> OK: 10 MiB in 21 packages
23:42 <Shiz> aarch64 builder kicked back into motion :)
23:43 <TemptorSent> Nice commit message :)
23:45 <TemptorSent> I suspect you just saved Alpine a LOT of hassles in the near future.
23:46 <Shiz> nicely in time for 3.6
23:46 <TemptorSent> Nightmare averted.
23:50 <TemptorSent> It was getting to the point I was nervous every time the power went out because my if my UPS died, I could randomly be hosed if I had run and update and not made sure I actually had everthing.
23:51 <TemptorSent> The changeset handling change should fix that, even if it had another vector causing it.
23:52 <TemptorSent> (I think there is some weirdness in a corner-case for install-if)
23:53 <TemptorSent> Same issue with orphans I suspect.
23:58 arch3y_ joined