2017-05-01 00:21:36 Shiz: it seems ok 2017-05-01 00:21:48 Shiz: which branch is this for 2017-05-01 00:21:52 3.3-stable 2017-05-01 00:21:56 ok 2017-05-01 00:21:58 i'll sort it in a few 2017-05-01 00:22:15 i at least confirmed that the new grsec patch compiles on x86_64 2017-05-01 00:22:17 :p 2017-05-01 00:22:29 no box to test on though 2017-05-01 00:29:40 Shiz I got a test vm setup 2017-05-01 00:30:58 Shiz: is it for 4.9.25? 2017-05-01 00:33:53 nmatt: nyet, older backport for 3.3 2017-05-01 00:33:57 4.1.39 2017-05-01 00:34:06 err, forward-port rather from 4.1.18 2017-05-01 00:34:16 alpine 3.3, kernel 4.1.18 -> 4.1.39 that is 2017-05-01 00:36:11 oh 2017-05-01 00:36:21 nvm :( 2017-05-01 00:37:07 :P 2017-05-01 00:37:11 i also have a 4.9.25 forward-port 2017-05-01 00:37:13 somewhere 2017-05-01 00:39:17 i don't think the 4.9.25 port would be that hard 2017-05-01 00:40:02 https://up.shiz.me/priv/grsec-3.1-4.9.25-201704252333-alpine.patch 2017-05-01 00:40:08 no guarantees etc, just a quick forward-port 2017-05-01 02:42:09 Shiz: cool I'm going to add a patch section to our wiki. Do you might me linking to that patch? 2017-05-01 02:42:27 I will list it as a test patch (i.e. not stable) 2017-05-01 02:42:47 s/might/mind/ 2017-05-01 02:47:20 feel free 2017-05-01 02:47:29 also label it unofficial and quick 2017-05-01 02:47:31 :P 2017-05-01 02:57:38 yoyoyo 2017-05-01 02:57:44 why are you giving away the patch for free 2017-05-01 02:57:52 we could be making $$$ CASH MONEY $$$ on this Shiz 2017-05-01 02:58:12 lol 2017-05-01 02:58:25 nmatt: i start the bidding at $300 for the patch, what is your counteroffer 2017-05-01 02:59:48 $300 to rebase the 4.9.24 patch to 4.9.25 ?? 2017-05-01 02:59:55 lol 2017-05-01 03:00:11 nmatt: hardened-3.1-4.11-201705012200-alpine.patch starts at $799 2017-05-01 03:00:23 $500/month for support right ;) 2017-05-01 03:00:41 let me talk with Jake in sales we might be able to cut you a deal 2017-05-01 03:01:36 nmatt: oh sorry Jake in sales says $369 per machine with 0 incidental support tickets 2017-05-01 03:03:24 for what it's worth, the 4.9.25 patch seems to be booting fine 2017-05-01 03:04:18 kaniini - is it one of those 'sliding scale' deals? 2017-05-01 03:04:51 absolutely 2017-05-01 03:05:13 there is the gentoo surcharge: $50 per CFLAG being used in the commandline 2017-05-01 03:06:21 dang that's gonna make the ricers mad 2017-05-01 03:09:59 when is gentoo going to stop pretending that freedesktop.org pkg-config is still a relevant software? even fedora gave up on that one 2017-05-01 03:11:06 hell, even GNOME gave up on that one 2017-05-01 03:11:30 fedora moved to pkgconf? 2017-05-01 03:11:32 nice 2017-05-01 03:11:33 yes 2017-05-01 03:11:41 RETROACTIVELY 2017-05-01 03:11:53 for fedora to drop something FDo it must be pretty heavy stuff 2017-05-01 03:11:54 that is how bad pkg-config broke them 2017-05-01 03:13:58 Shiz: https://admin.fedoraproject.org/pkgdb/package/rpms/pkgconf/ 2017-05-01 03:14:06 Shiz: they went all the way back to fedora 24 for it 2017-05-01 03:14:15 nice 2017-05-01 03:15:43 Shiz: they also closed like a shitload of bugs in their distro when they switched because pkg-config was quietly screwing them in subtle ways before 2017-05-01 03:15:52 but hey, i wrote this stuff for no reason right 2017-05-01 03:16:08 i took a look at pkg-config exactly once 2017-05-01 03:16:09 oh wait, pkg-config kept resolving dependencies wrong breaking things in alpine and then they went to glib-2.0 requirement 2017-05-01 03:16:11 ;) 2017-05-01 03:16:13 and then i saw it needed a bootstrap glib 2017-05-01 03:16:17 and then i closed the window 2017-05-01 03:16:27 oh 2017-05-01 03:16:29 pkg-config 2017-05-01 03:16:34 gets a lot of things wrong with it's depsolver 2017-05-01 03:16:39 nice 2017-05-01 03:16:45 well, the new one isnt so bad, but it's kind of too little too late 2017-05-01 03:26:32 kaniini: Since you're our resident dep-solver expert, would you mind looking at my apkroottool implementation and letting me know what logic errors I haven't addressed? 2017-05-01 03:28:42 kaniini: At some point, it needs to become C based, because running large tree searches through repeted process invocation is somewhat insane. 2017-05-01 03:32:54 TemptorSent: shell scripting is really not something you want me getting involved in :P 2017-05-01 03:33:02 i just cobble things together there 2017-05-01 03:34:47 kaniini: Yeah, not the script (which I still dislike because of the hacks for apk lacks :/ ), but the dependency logic itself 2017-05-01 03:35:34 ok let me be more direct 2017-05-01 03:35:43 kaniini : see https://github.com/TemptorSent/aports/blob/mkimage-refactor-scripts/scripts/mkimage/utils/utils-apk.sh 2017-05-01 03:35:44 non-trivial parts of the current generation of mkinitfs were my doing 2017-05-01 03:35:54 ACTION scurries 2017-05-01 03:36:19 *lol* Don't worry, I've made my share of shell messes :) 2017-05-01 03:36:34 Besides, the heavy lifting is really a few lines of awk 2017-05-01 03:37:10 cd L317-L349 for the actual resolution 2017-05-01 03:37:26 er s/cd/see/g 2017-05-01 03:38:17 It's not the prettiest code I've ever written, but it seems to work? 2017-05-01 03:38:49 i'm going to be blunt 2017-05-01 03:38:53 i dont know a damn thing about awk 2017-05-01 03:39:20 walk me through what this does 2017-05-01 03:39:32 Think of it as psuedo code, I think the only awkish function is 'split' 2017-05-01 03:40:02 i mean it's a recursive-descent depsolver right? 2017-05-01 03:40:05 it looks ok to me 2017-05-01 03:40:15 i dont see anything blatently wrong with it 2017-05-01 03:42:21 _manifest_deps_resolve_index takes the input from the first pass to create the index, then at the end of input iterates each list of raw deps from whatever dep gernerator (objdump, etc), an resolves them to index entries - which are a combination of a tag, filename, and checksum. 2017-05-01 03:43:27 So you go from indexa\tdep1\t\dep2\t...\tdepn to indexa\tdep1index\tdep2index\t...\tdepnindex 2017-05-01 03:43:44 the only concern i have is 2017-05-01 03:44:00 there's no depth counting 2017-05-01 03:44:05 Then _manifest_deps_resolve_recurse just does a direct array iteration. 2017-05-01 03:44:05 so you can loop it 2017-05-01 03:44:15 Nope, see i!=j 2017-05-01 03:44:31 in alldeps() 2017-05-01 03:44:36 for (t in td) { sd[td[t]]=td[t] ; if (td[t] !=d) { alldeps(ad, td[t], sd) } } 2017-05-01 03:45:18 So it only runs per input line, an the array is already stuffed. 2017-05-01 03:45:53 It'd have to be a rather strange case to allow it to loop. 2017-05-01 03:47:44 So, on the input , ideps gets filled with an index value and the contents of the entire dep line, with each entry being a checksummed index token 2017-05-01 03:48:04 (oops, I can dump the extra split -- artifact from refactor) 2017-05-01 03:49:37 It then iterates over each dependor token (i in ideps returns keys in ideps) 2017-05-01 03:50:21 split("",all) clears the array all in a portable way. 2017-05-01 03:50:50 then it iterates by key over the array, putting results into all 2017-05-01 03:52:20 it prints the first token, then each result in all as long as it's not empty or our top level index key. 2017-05-01 03:56:06 alldeps is stupidly simple, it splits the value of the dep into the variable td, then iterates t over the keys in td, setting the output array value to the value of each dep token using the key as the dep key, then it checks that the value isn't equal to the calling index, and recurses if not. 2017-05-01 03:57:02 Ug, I think that is less clear than the code :) 2017-05-01 03:58:31 To stick in a loop, we'd have to have an actual dep loop I believe. 2017-05-01 04:00:03 A TTL loop detector might be worth while if that situation is actually possible. 2017-05-01 04:01:36 one should never assume it is impossible 2017-05-01 04:01:38 :) 2017-05-01 04:02:14 Agreed, I need to do a bit more analysis (or a test case) to determine if it actually can loop in than manner. 2017-05-01 04:03:33 Its not wonderfully fast or anything, but it is pretty simple and flexible. 2017-05-01 04:09:26 Hmm, actually a simpler fix may be just changing the order of the guard condition for alldeps to come before the adding of td[t] to sd[], and to simply check if (td[t] in sd) 2017-05-01 04:09:59 That should eliminate loops right? 2017-05-01 04:10:42 Since it returns true as soon as the entry already exists, and we can exit. 2017-05-01 04:11:36 er, continue 2017-05-01 04:12:50 The other thing, is just give it a try and see if it looks sane in use 2017-05-01 04:15:17 from the mkimage dir, ./apkroottool --arch aarch64 setup /tmp/myaarch64 2017-05-01 04:15:46 Add repos/keys as desired :) 2017-05-01 04:16:01 (same global option format as apk) 2017-05-01 04:16:38 ./apkroottool.sh help 2017-05-01 04:16:50 (er, yes, with the sh) 2017-05-01 04:18:29 './apkroottool.sh setup /tmp/myaarch64 aarch64' does the same 2017-05-01 04:23:28 At some point, I really need to write a proper merkle-dag tree based solver for this kind of stuff 2017-05-01 06:21:18 kaniini: Would it be insane to implement something like a Merkle DAG directly in the PAX/tar headers? 2017-05-01 06:24:52 Actually, several overlaid DAGS... Path,Index,Depends,Provides 2017-05-01 06:26:28 (DAGs just being a simple solution, we can choose something more appropriate for the actual structure if needed, such as a red/black tree backing it. 2017-05-01 06:28:24 Should be able to go from O(2^n) to O(nlogn) worst case. 2017-05-01 06:30:11 Right now, I suspect some of the functions are more like O(n!) 2017-05-01 06:33:37 ...such as naive recursive dep solvers on reverse sorted lists :) 2017-05-01 06:36:03 what has pax/tar got to do with dependency solving 2017-05-01 06:36:33 A convenient place to store the information perhaps :) 2017-05-01 06:36:54 what about an additional file that you then include in the tarball 2017-05-01 06:37:13 Since we're already using PAX headers for SHA1 checksums, including the tags in the header would be convenient 2017-05-01 06:37:21 instead of abusing headers for an unrelated format 2017-05-01 06:37:43 checksums make sense 2017-05-01 06:37:43 I'm doing that currently :) 2017-05-01 06:37:53 it's about verifying that the tarball isn't corrupted 2017-05-01 06:38:07 an unrelated data structure isn't the same thing at all 2017-05-01 06:38:11 The deps are hashlists of the checksums of the files in the deplist 2017-05-01 06:38:13 well, keep doing it in a separate file :P 2017-05-01 06:39:36 The point of the Merkle tree in the headers would be both verificiation and unique identification of both individual files and complete paths. 2017-05-01 06:40:28 So you could refer to fstab or /etc/fstab by two distinct hashes, but could determine if the file content hash matches. 2017-05-01 06:40:50 (this is essentially what I'm doing for libs currently, although really screwy rpaths might break things) 2017-05-01 06:42:01 The dep tree then reduces to a tagged set of checksums for each file. 2017-05-01 06:43:26 Also, if we can use apk to effectively read/write headers to/from text format, it would allow us to have self-consistent archives/manifests without secondary generation. 2017-05-01 06:44:33 don't mix dependencies and checksums, and don't abuse tar headers. Please. 2017-05-01 06:44:56 Um, how do you divorce the deps from their checksums? 2017-05-01 06:44:59 Every time you think you're smart, tech debt increases, and somewhere a kitten cries. 2017-05-01 06:45:25 skarnet for technical committee 2017 2017-05-01 06:45:37 kaniini: where do I sign 2017-05-01 06:45:40 Using the filename means you can't tell if the file is the same one in differnt locations or not. 2017-05-01 06:46:08 a file listing full paths? 2017-05-01 06:46:35 I'm not sure exactly what dependencies you're talking about: what depends on what and what should be documented? 2017-05-01 06:46:59 A manifest with full paths, then an index of all libs/bins, and a dep list for each index entry. 2017-05-01 06:48:04 i do not think shell is the appropriate language for that type of processing :P 2017-05-01 06:48:06 So I can tell it I want the binaries /sbin/apk and /usr/sbin/zfs and it will extract a subset with the deps for those binaries and all libs. 2017-05-01 06:48:15 you need the full paths in the dep list, end of story. 2017-05-01 06:48:22 kaniini: Exactly, this really should be in apk. 2017-05-01 06:48:51 skarnet: Why not the hash? 2017-05-01 06:49:35 why store clear, readable file names when we can store their hashes instead? it's so much more fun! 2017-05-01 06:49:57 It maps 1:1 a specific pkg/file/content to a tagged hash 2017-05-01 06:50:34 The tags contain the filename/path as appropriate, as well as the package name and arch. 2017-05-01 06:50:45 because when you construct the dep tree, you need to go from the hash to the name 2017-05-01 06:50:47 So it essentially serves as a UUID 2017-05-01 06:50:51 and that is not a O(1) operation 2017-05-01 06:51:00 grep :) 2017-05-01 06:51:04 and that is not a O(1) operation 2017-05-01 06:51:49 No, but it actually solves the problem of uniquely identifying a full dep chain 2017-05-01 06:52:17 So if any dep changes, you can recognize that fact. 2017-05-01 06:52:32 even if the version number of the lib didn't change, the hash did. 2017-05-01 06:52:48 I'm not sure exactly what you're trying to accomplish, it's early morning on a holiday and I already regret entering this discussion. Goodbye. 2017-05-01 06:53:10 Sorry, I didn't realize it was a holiday! 2017-05-01 06:53:30 np, my fault for jumping in. 2017-05-01 06:53:55 Enjoy you day off, I'll try to put together a better sketch of the logic. 2017-05-01 06:55:48 kaniini: I'm hoping this can be part of apk3 functionality, so we can eliminate a lot of redundant and fragile code that has to parse data that apk already uses. 2017-05-01 06:56:08 kaniini: Allowing it to act as a general tool would just ice the cake. 2017-05-01 06:57:14 kaniini: In fact, it would make the binary-deltas that the old alpine-iso tool tried to support almost trivial. 2017-05-01 13:11:42 i think i figured out the Go 1.8 build error 2017-05-01 13:16:10 doing some maintenance to infra, should be back in a min. 2017-05-01 13:20:53 Hello, I'm looking for a contractor to build an APK package for certain software to be placed in that software's repository (i.e. not Alpine Linux's repository). 2017-05-01 13:21:06 Additionally, a few packages needed by the software appear to be unavailable yet in Alpine Linux as compared to Ubuntu, RHEL and other distributions, and, depending on the task's complexity, I would like for the contractor to create the packages for Alpine as well. 2017-05-01 13:21:11 Thus, I think it would be best to work with a core Alpine developer so as to facilitate the process of making sure the new packages are added where they are due. 2017-05-01 13:21:16 Could you please suggest the best place to look for such a person? Thanks. 2017-05-01 13:21:47 here is a nice place, the alpine-dev ML is another one 2017-05-01 13:22:22 (I'm not a core developer, but am contractable, please send me a PM if interested ;)) 2017-05-01 13:23:07 also, please bear in mind that if a piece of software appears in Ubuntu/RHEL/... and not in Alpine, it's probably because it requires heavy patching in order to build with musl 2017-05-01 13:24:34 so depending on the precise nature of the software, the necessary amount of work may vary. It can be very simple if there's no particular glibcism in the software, or it can be basically insurmountable if the software is deeply tied to glibc. 2017-05-01 13:26:29 clandmeter, maintenance for patchwork/pkgs/bugs? 2017-05-01 13:26:34 i can't reach them 2017-05-01 13:26:39 Thanks skarnet, yes, I realize that there may be various reasons behind it. The missing packages are dependencies to NumPy and SciPy, such as liblapack-dev or liblapack3 in terms of Ubuntu names. They are certainly C or assembly heavy. 2017-05-01 13:26:42 yes 2017-05-01 13:26:49 k 2017-05-01 13:26:55 almost done 2017-05-01 13:26:58 np 2017-05-01 13:28:13 dsuch: asm would certainly not be a problem. As for C, it really depends on the amount of glibcisms used, but if it's purely for calculus there's no reason why it should be hard. 2017-05-01 13:28:35 skarnet: Sure, I understand it. 2017-05-01 13:31:50 rnalrd: should be ok now 2017-05-01 13:32:09 yes, tnx 2017-05-01 13:32:21 i only multiplied that minute by 15. not bad. 2017-05-01 13:32:30 :) 2017-05-01 14:25:06 kaniini - see zhasha's comment on #alpine-linux 'That was fun. apk upgrade deleted my kernel' 2017-05-01 14:51:01 <^7heo> guys, how to get drivers loaded at boot? 2017-05-01 14:51:15 <^7heo> Given the right file in /lib/modules/$kernel/kernel/drivers? 2017-05-01 14:51:36 ^7heo - the 'modules' kernel command line is what you're looking for I think. 2017-05-01 14:51:46 <^7heo> I mean, at boot. 2017-05-01 14:51:50 <^7heo> how is it configured? 2017-05-01 14:51:55 Bootloader 2017-05-01 14:52:11 <_ikke_> /etc/modules-load.d/? 2017-05-01 14:52:14 It's currently broken. 2017-05-01 14:52:15 <^7heo> thanks _ikke_ 2017-05-01 14:52:45 <^7heo> _ikke_: I have only four files in there... 2017-05-01 14:52:46 <_ikke_> Either that, or /etd/modprobe.d 2017-05-01 14:52:46 _ikke_ I don't believe that is available at boot. 2017-05-01 14:52:53 <^7heo> s/files/lines/ 2017-05-01 14:52:55 <^7heo> _ikke_: thanks 2017-05-01 14:53:17 ^7heo - what modules do you need loaded? 2017-05-01 14:54:06 <^7heo> I need the overall logic. 2017-05-01 14:54:09 <^7heo> to understand. 2017-05-01 14:55:19 ^7heo - Okay, so the way it works is /init modprobes $KOPT_modules and $KOPT_rootfstype early in the process. 2017-05-01 14:55:58 <^7heo> TemptorSent: where are those files located? 2017-05-01 14:56:58 ^7heo: See /usr/share/mkinitfs/initramfs-init L345 2017-05-01 14:57:44 ^7heo: It then reads /etc/modules (NOT any of the subdirs currently!?!) and loads those. 2017-05-01 14:58:51 ^7heo: All files are in the initfs. 2017-05-01 14:59:09 ^7heo, dont forget to add it to a runlevel. 2017-05-01 14:59:32 Runlevel? At boot time? 2017-05-01 14:59:49 /etc/init.d/modules 2017-05-01 15:00:24 There is not /etc/init.d/modules at boot time, that's on the root we're trying to mount. 2017-05-01 15:00:31 <^7heo> clandmeter: that is awesome 2017-05-01 15:00:38 <^7heo> clandmeter: that is EXACTLY what I wanted. 2017-05-01 15:01:06 <^7heo> clandmeter: what is the corresponding file with which the SYSTEM loads its modules? 2017-05-01 15:01:53 ^7heo: Oh, you mean how to load modules from openrc once boot is done and the switch-root has happened? 2017-05-01 15:02:11 TemptorSent, take your head out of initramfs ;-) 2017-05-01 15:02:26 real things happen outside of it :p 2017-05-01 15:02:45 clandmeter: He said load modules at BOOT, which implies initfs 2017-05-01 15:02:49 ^7heo, what do you mean with SYSTEM? 2017-05-01 15:03:03 systemd? 2017-05-01 15:03:09 ACTION hides 2017-05-01 15:03:31 ACTION flogs clandmeter within an inch of his life. 2017-05-01 15:03:55 *LOL* That's not even funny clandmeter! 2017-05-01 15:05:08 ^7heo: Can you clarify whether you're talking modules required to mount the real root or just modules that need to be loaded when the openrc init system starts? 2017-05-01 15:06:26 crap, can a lxc container get network stats from proc? or is that somehow limited? 2017-05-01 15:09:27 clandmeter: If this is helpful, 2017-05-01 15:09:46 clandmeter: I know that grsecurity blocks access to /proc/net/tcp but I can access it from lxc 2017-05-01 15:10:12 im using vnstat 2017-05-01 15:10:23 but it seems that the vnstat users is not a member of readproc.. 2017-05-01 15:11:34 i wonder if that actually matters 2017-05-01 15:12:57 clandmeter: Well, if this is related at all, I once had a situation as here https://mailman-mail5.webfaction.com/pipermail/zato-discuss/2015-April/001059.html https://mailman-mail5.webfaction.com/pipermail/zato-discuss/2015-April/001065.html 2017-05-01 15:13:15 clandmeter: But this really is my limits in this regards, sorry! 2017-05-01 15:15:25 TemptorSent: seems to be working as expected, he pinned a package that no longer exists in edge 2017-05-01 15:18:51 dsuch, seems to start working now. 2017-05-01 15:19:16 i guess it was a matter of adding the user to readproc 2017-05-01 15:28:48 kaniini, the current warning for check() is being masked if package() produces lots of data. 2017-05-01 15:44:50 kaniini: Ahh, okay -- I didn't see the detail, just the no kernel on upgrade :) 2017-05-01 16:01:11 TemptorSent: the @edge part :) 2017-05-01 16:06:45 <^7heo> TemptorSent: I just wanted to get how the system was loading the modules at boot. 2017-05-01 16:42:16 ^7heo: Ahh, the sequence is kernel-builtins; modules= kernel command line & rootfs type in initramfs-init; /etc/modules in initramfs; then mount real root & switch root, then start openrc, with /etc/init.d/modules (and possibly others) loading the modules in the /etc/modules-load.d and friends or loading specific modules explicitly. 2017-05-01 16:43:15 Can't locate mktexlsr.pl in @INC (@INC contains: /usr/share/tlpkg /usr/share/texmf-dist/scripts/texlive /usr/local/lib/perl5/site_perl /usr/local/share/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib/perl5/core_perl /usr/share/perl5/core_perl .) at /usr/bin/mktexfmt line 23. 2017-05-01 16:43:27 Weird, latex looks broken. 2017-05-01 16:44:07 ^7heo - I'll update the wiki to clarify what I think I know, then you can sanity check it? 2017-05-01 16:45:07 <^7heo> TemptorSent: maybe 2017-05-01 18:07:48 Grr! Is >12hrs network uptime asking too much? Per 24hr period? 2017-05-01 18:08:36 <_ikke_> heh 2017-05-01 18:08:59 <_ikke_> I cannot imagine having such a bad connection (I'm spoiled) 2017-05-01 18:09:11 <_ikke_> I feel for you 2017-05-01 18:09:17 ^7heo: Anyway, now that my edit actually saved, take a look at https://wiki.alpinelinux.org/wiki/Architecture 2017-05-01 18:10:22 _ikke_ - It's not just the network, it the landline too -- and no cell signal without going elsewhere to make a calll. 2017-05-01 18:11:24 There's a special place in hell for Occam Networks... oh, wait -- they're already there :P 2017-05-01 18:11:31 TemptorSent: my ISP-supplied router resets its DHCP connection every 12 hours (even though the lease is 24 hours). *And* shuts down every TCP connection, *even when* the lease is renewed with the same IP. 2017-05-01 18:12:30 fortunately, I had the hardware and ability to build my own router with a DHCP client, and set the PoS to bridge mode, where it works 2017-05-01 18:12:36 skarnet: I could live with that by comparison! I loose everything, inclding dialtone, multiple times per day, sometimes for most of the day. 2017-05-01 18:12:39 but imagine the average consumer who can't do that 2017-05-01 18:13:03 well that's what you get for living in BFE 2017-05-01 18:13:10 <_ikke_> BFE? 2017-05-01 18:13:28 Yeah, it's sitting on a fiber loop FFS! The power is the issue, not the fiber. 2017-05-01 18:13:28 Bumfuq, Egypt 2017-05-01 18:14:05 <_ikke_> right 2017-05-01 18:14:22 It's crappy hardware with crappy diagnostics. 2017-05-01 18:14:35 And even crappier digital troubleshooting tools for analog problems! 2017-05-01 18:15:41 You can't diagnose a power problem with a DMM to save your life in the real world -- yon need a 'scope. 2017-05-01 18:16:40 At the very least, and ANALOG VMM 2017-05-01 18:17:53 Anyway, I have a network for a few minutes, so please take a look at the wiki page I stubbed and note fixes. 2017-05-01 18:18:40 <_ikke_> is rpi a kernel flavor? 2017-05-01 18:19:35 Yes, it is AFAIK _ikke_. 2017-05-01 18:20:03 <_ikke_> "Includes Raspberry Pi kernel" 2017-05-01 18:20:08 yes it is 2017-05-01 18:20:09 <_ikke_> ok 2017-05-01 18:20:22 armv7 is... complicated 2017-05-01 18:20:32 (also Pi1 is armv6) 2017-05-01 18:20:42 (which is also complicated) 2017-05-01 18:21:01 arm is... complicated ;) 2017-05-01 18:21:21 Actually, embedded is complicated in general. 2017-05-01 18:21:31 yeah. Say what you want about the PC architecture, standardization of the hw boot procedure was a good thing. 2017-05-01 18:21:55 The STANDARD sucks, but the fact of it is good. 2017-05-01 18:22:20 I’ve finally finished that php7 crap; there’s quite long list of failing tests: https://github.com/jirutka/alpine-aports/blob/6cd26abe1585d2d40011f3dc4dd25825b8d05c55/community/php7/disabled-tests.list 2017-05-01 18:23:17 jirutka: where's the python2/python3 situation at? is it solved? 2017-05-01 18:23:27 skarnet: what do you mean? 2017-05-01 18:24:19 before TemptorSent came around, what spammed the channel for days was endless discussions on how to provide both Python 2 and Python 3 packages 2017-05-01 18:24:32 *lol* 2017-05-01 18:24:35 I have to assume there was a point to them 2017-05-01 18:24:55 Sorry for disrupting the great python debate. 2017-05-01 18:24:55 skarnet: we already have many py2/py3 packages… 2017-05-01 18:25:04 so it's solved then? 2017-05-01 18:25:08 skarnet: depends… 2017-05-01 18:25:21 that's the kind of answer I don't like 2017-05-01 18:25:22 I think depends are what aren't solved ;) 2017-05-01 18:25:26 skarnet: there are multiple cases, some are solved quite well, some are hacked, some are not solved 2017-05-01 18:25:51 I ran into problems with py3 deps in several places. 2017-05-01 18:25:57 skarnet: I don’t have time to read backlog now, so please copy my relevant comments 2017-05-01 18:26:04 me 2017-05-01 18:26:18 oh, it's not related to anything in the backlog 2017-05-01 18:26:25 I was just curious, mostly 2017-05-01 18:27:01 https://wiki.alpinelinux.org/wiki/APKBUILD_examples:Python 2017-05-01 18:27:03 pgsql is fix now, correct? 2017-05-01 18:27:15 not yet, I’m gonna do it now 2017-05-01 18:27:20 jirutka: thanks. 2017-05-01 18:27:53 Thank you. I'll poke at the postgis stuff after the base pgsql stuff is done then. 2017-05-01 18:44:34 fabled: errors were split from other log messages 2017-05-01 18:44:35 so TemptorSent and i were talking about kernel packaging 2017-05-01 18:44:36 i think we should really generate APKs like linux-grsec-4.9.22 instead of linux-grsec 2017-05-01 18:44:37 because right now there is no way to rollback the upgrade 2017-05-01 18:44:38 pretty much 2017-05-01 18:44:39 yes based on everyone's advice 2017-05-01 18:44:41 which turned out to be wrong 2017-05-01 18:44:43 that never happens though 2017-05-01 18:44:44 never 2017-05-01 18:44:45 yes, fflush() should fix it 2017-05-01 18:44:46 ncopa: sooooo 2017-05-01 18:44:47 ncopa: what do we do now 2017-05-01 18:44:48 ACTION is working on s/grsec/hardened/ 2017-05-01 18:44:49 as an aside, clang has Control Flow Integrity plugin now 2017-05-01 18:44:50 it may be interesting to switch system compiler to clang 2017-05-01 18:44:51 $ sudo apk upgrade --update --available 2017-05-01 18:44:52 (1/2) Installing linux-hardened (4.9.24-r1) 2017-05-01 18:44:53 boom 2017-05-01 18:44:54 . 2017-05-01 18:44:55 rnalrd: i think the solver computes half the solution (purge linux-grsec itself), and then the other half on the second apk upgrade run 2017-05-01 18:44:56 likely yes 2017-05-01 18:44:58 exactly 2017-05-01 18:44:58 yes 2017-05-01 18:44:59 that is fine 2017-05-01 18:45:00 as long as linux-hardened is in /etc/apk/world 2017-05-01 18:45:01 it's not run 2017-05-01 18:45:02 it went from 0 to 1 2017-05-01 18:45:02 it should be fine as it is 2017-05-01 18:45:04 well 2017-05-01 18:45:05 we might want to bump it to -r2 2017-05-01 18:45:05 just to be pedantic 2017-05-01 18:45:06 but 2017-05-01 18:45:07 just never reboot 2017-05-01 18:45:08 yoyoyoyo 2017-05-01 18:45:15 lawl 2017-05-01 18:46:04 kaniini1: what happened? :f 2017-05-01 21:17:00 do i have someone on ignore or 2017-05-01 21:17:04 is kaniini talking to himself 2017-05-01 21:17:11 <^7heo> he is talking to himself. 2017-05-01 21:29:20 :-) 2017-05-01 21:31:17 oh 2017-05-01 21:31:20 i see 2017-05-01 21:31:31 the matrix people finally fixed their irc bridge 2017-05-01 21:31:32 go figure 2017-05-01 21:31:50 i was recieving messages, but could not actually get on the network, it was quite weird 2017-05-01 21:34:57 oh man 2017-05-01 21:35:14 humm 2017-05-01 21:35:16 bad user info 2017-05-01 21:35:27 this matrix thing sounds a slosh buggy :) 2017-05-01 21:35:37 skosh stupid autocorrect 2017-05-01 21:35:43 no, this seems to be a freenode bug 2017-05-01 21:36:59 or more specifically, a freenode oper abuse issue 2017-05-01 21:40:36 everything looks like a freenode op abuse issue to you :P 2017-05-01 21:43:20 this specifically was 2017-05-01 21:43:35 when a client exits with 'bad user info', it means the client was x:lined 2017-05-01 21:43:43 but the reason for doing so in this case was legitimate 2017-05-01 21:43:56 somebody created an account and was spamming through the homeserver 2017-05-01 21:54:31 so it wasn't abuse 2017-05-01 21:56:15 it's abuse in that they did not bother to reach out 2017-05-01 22:06:53 is there anyone who have tried lld (LLVM linker) pkg? 2017-05-01 22:07:42 btw what is the state of flatpak in Alpine? is it already working? 2017-05-01 22:08:10 it seems to be quite popular, when VoidLinux announced flatpak support, they got a lot of attention 2017-05-01 22:15:16 jirutka: not yet, i'm going to try it soon though, its about a 3x decrease in link speed over gold from what i've been seeing from other people 2017-05-01 23:08:05 I’m accepting bets how many php test will fail on other arches than x86_64 :P 2017-05-01 23:08:47 <^7heo> 42 2017-05-01 23:09:54 there’s some idiot that keeps flagging nginx b/c he apparently don’t understand what “stable version” means… >_< 2017-05-01 23:11:19 <^7heo> yeah we need to implement an "already flagged" feature. 2017-05-01 23:11:39 <^7heo> and reminders for the maintainers. 2017-05-01 23:12:16 that would not help here 2017-05-01 23:12:19 nginx is up-to-date 2017-05-01 23:12:33 <^7heo> yeah but the flag has already been set 2017-05-01 23:12:37 and users can’t flag already flagged pkg, only Anitya integration can do that :P 2017-05-01 23:12:45 yeah, I’ve removed it… 2017-05-01 23:12:54 directly from DB, cause we don’t have UI for that 2017-05-01 23:12:58 <^7heo> ah 2017-05-01 23:13:46 I’ve even added "stable version" to the pkg description, but it apparently didn’t help… 2017-05-01 23:13:49 "anitya integration" 2017-05-01 23:14:22 doesn't bode well for build reproducibility :P 2017-05-01 23:14:49 ?? 2017-05-01 23:17:03 "anitya" = "inconstance, ephemerality" 2017-05-01 23:18:22 <^7heo> huhu 2017-05-01 23:19:56 heh 2017-05-01 23:19:59 didn’t know that 2017-05-01 23:39:41 <^7heo> I'll leave that here: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf 2017-05-01 23:41:28 <^7heo> and https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr 2017-05-01 23:44:10 yeah, this is going to make some noise 2017-05-01 23:46:59 <^7heo> most definitely. 2017-05-01 23:57:13 ncopa: clandmeter: PHP mess is finally fixed! :) https://github.com/alpinelinux/aports/pull/1339; however, there are hundreds failing tests… https://github.com/alpinelinux/aports/blob/master/community/php7/disabled-tests.list 2017-05-02 00:06:24 ^7heo: surprisingly only 7 tests on armhf http://build.alpinelinux.org/buildlogs/build-edge-armhf/community/php7/php7-7.1.4-r0.log 2017-05-02 00:06:30 ^7heo: two on ppc64le 2017-05-02 00:26:55 <^7heo> jirutka: hmm 2017-05-02 00:27:09 <^7heo> (sleep now) 2017-05-02 00:31:00 4 on aarch64… it seems to be totally random, I have no clue how the heck these tests can behave differently on another arch 2017-05-02 01:00:23 omg I’ve started closing php bugs on bugs.a.o… there are so many! vakartel really screwed it :( 2017-05-02 05:38:05 Hi guys, I am trying to get libvirt working with xen, and qemu for a HVM machine. 2017-05-02 05:38:43 I am kinda new to XEN, so trying to use libvirt. But I cannot find the qemu package for xen on the alpine, xen iso or the apk repo's 2017-05-02 05:39:07 can you help me configure libvirt and install qemu for xen 2017-05-02 06:49:06 the package names for xen are xen and xen-hypervisor 2017-05-02 06:49:29 http://pkgs.alpinelinux.org/packages?name=xen*&branch=v3.5&repo=&arch=x86_64&maintainer= 2017-05-02 06:49:53 likewise there is the libvirt-xen package: http://pkgs.alpinelinux.org/packages?name=*libvirt*&branch=v3.5&repo=&arch=x86_64&maintainer= 2017-05-02 08:02:44 ok 2017-05-02 08:02:51 i think gcj/openjdk on 3.6 builders got fixed 2017-05-02 08:03:10 fabled: what was the issue? 2017-05-02 08:03:25 gcc upgraded/started using libffi, and it needed a patch 2017-05-02 08:03:36 the same one we carry already in main/libffi 2017-05-02 08:03:37 oh 2017-05-02 08:04:38 i think we also have an idea of why Go1.8 failed, need to just figure out how to build it right 2017-05-02 08:06:12 LuaJIT-2.1.0-beta3 just got released. do we want that in 3.6? 2017-05-02 08:06:37 >beta 2017-05-02 08:06:59 i think not unless it has some major bug fixes 2017-05-02 08:07:01 a higher beta is preferable :p 2017-05-02 08:07:33 oh, we are at beta already? 2017-05-02 08:07:37 then i guess it's possible 2017-05-02 08:08:25 yes 2017-05-02 08:08:30 i think because of arch support 2017-05-02 08:09:35 seems the ppc64 patch needs work to support it. 2017-05-02 11:46:33 well, that is good. 2017-05-02 11:46:34 or not. 2017-05-02 12:10:03 jirutka: do you have a moment? 2017-05-02 12:17:09 arch3y_: yes 2017-05-02 12:20:08 jirutka: so from what Im reading on the flex issue 2017-05-02 12:20:17 is that we might as well build from git master for flex 2017-05-02 12:20:35 Im not sure if we want to do that or just hold off until the dev releases 2.6.4 2017-05-02 12:20:46 as so far it hasnt seemed to affect any other compliations 2017-05-02 12:21:28 arch3y_: I didn’t go into detail, what exactly they fixed in master? is it simple fix that we can backport or somethinf more complicated? 2017-05-02 12:22:00 jirutka: yeah it seems most ppl are building flex from git master to fix it 2017-05-02 12:22:14 Im not sure thats ideal 2017-05-02 12:22:31 so my thought is we just wait on that pr until 2.6.4 is released 2017-05-02 12:22:38 unless you guys have another opinion 2017-05-02 12:23:32 per the dev this "should" fix it https://github.com/westes/flex/commit/f5d87f1a26f4a5c3402497008ae10e9a1345d327 2017-05-02 12:23:42 but everyone else has just built flex from git master 2017-05-02 12:23:43 <^7heo> either it does or it does not. 2017-05-02 12:23:55 <^7heo> We do not apply patches that "should" 2017-05-02 12:23:57 well thats the problem is no one has said specifically what hte fix is 2017-05-02 12:24:02 I agree 2017-05-02 12:24:04 100% 2017-05-02 12:24:07 <^7heo> Yeah then someone has to dig the issue. 2017-05-02 12:24:10 thats why I think we should hold off 2017-05-02 12:24:14 <^7heo> ^ 2017-05-02 12:24:15 <^7heo> that. 2017-05-02 12:24:26 yeah and there is a big thread on it on the flex devs github 2017-05-02 12:24:38 but most ppl are waiting for him to release 2.6.4 2017-05-02 12:24:40 <^7heo> yeah because it's easier to have an opinion than to dig what's wrong. 2017-05-02 12:24:51 true 2017-05-02 12:24:56 <^7heo> whatever, I should fix my SQL atm. 2017-05-02 12:24:57 <^7heo> laters. 2017-05-02 12:25:12 sure have fun not trying to cause conflict lol 2017-05-02 12:25:36 <^7heo> Well, it's not always fun to write SQL Queries. 2017-05-02 12:26:34 that is true 2017-05-02 12:45:29 arch3y_: well, it says that it fixes regression introduced in 2.6.3, so I think we should apply it anyway and then you can try if it fixed even that soft (don’t remember name) 2017-05-02 13:21:19 jirutka: unbound Ill test it 2017-05-02 13:59:24 <^7heo> Also guys 2017-05-02 13:59:28 <^7heo> To keep you posted 2017-05-02 13:59:37 <^7heo> I will probably try to run Alpine on a couple of phones 2017-05-02 13:59:41 <^7heo> by the end of this calendar year. 2017-05-02 14:00:08 <^7heo> It's not 100% certain for now; but the idea is to make a community maintained OS for phones, quite like Sailfish, but without all the crap that is in Sailfish. 2017-05-02 14:00:37 jirutka: it looks like we are already running the patch for flex on our version of 2.6.3 https://github.com/alpinelinux/aports/commit/cd450195ef3ab3a24d0e005b70d51304e9e18729 2017-05-02 14:01:01 so yeah hmm I guess we just wait on this push for unbound until 2.6.4 is built 2017-05-02 14:01:23 cause Im not sure what other pieces need to be patched for flex to work 2017-05-02 14:01:31 ^7heo: phones? that’s awesome! 2017-05-02 14:01:47 ^7heo: please let me know about every progress, I’m very interested in this! 2017-05-02 14:08:11 Guys 2017-05-02 14:08:36 Do you have any plans on this http://bugs.alpinelinux.org/issues/6373 2017-05-02 14:08:36 ? 2017-05-02 14:15:47 consus: have you considered packaging it yourself? 2017-05-02 14:15:59 Already 2017-05-02 14:16:20 and what was the outcome of the consideration? 2017-05-02 14:16:27 Err 2017-05-02 14:16:30 I packaged myself one 2017-05-02 14:18:24 But I have a couple of folks around who are doing the very same thing and there is a bug in the bug queue so it would be nice to have a stock version 2017-05-02 14:19:39 <^7heo> jirutka: well for now it's gonna support a couple of phones 2017-05-02 14:20:06 ^7heo: Which ones exactly? 2017-05-02 14:20:07 ^7heo: will musl work well with the bunch of propiertary drivers necessary, though? 2017-05-02 14:20:17 <^7heo> jirutka: namely the fairphone 1 and 2 (1 being a "maybe" since I don't have one), the jolla (the original one, couldn't find a jolla C), and maybe the new sony xperia. 2017-05-02 14:20:26 <^7heo> asie: that's gonna be the fun part. 2017-05-02 14:20:31 wish i could afford a fairphone 2017-05-02 14:20:39 right now i'm running on some terrible, terrible huawei 2017-05-02 14:20:42 <^7heo> Well 2017-05-02 14:20:45 <^7heo> it's out of stock atm. 2017-05-02 14:20:51 <^7heo> I ordered one on feb 2017-05-02 14:20:54 yeah, i know 2017-05-02 14:20:55 <^7heo> I'll get it in setp. 2017-05-02 14:20:58 <^7heo> sept* 2017-05-02 14:21:06 <^7heo> fortunately I'll pay on delivery 2017-05-02 14:21:11 <^7heo> so... for now, no cash out. 2017-05-02 14:21:15 asie: Heh, I have a huawei on my hands. It's not that terrible =/ 2017-05-02 14:21:26 consus: i tried to get cyanogenmod running on it 2017-05-02 14:21:29 ahahahahahahahahahaha 2017-05-02 14:21:32 Oh 2017-05-02 14:21:36 <^7heo> asie: also, the main problem with the current smartphones isn't the hardware... 2017-05-02 14:21:39 <^7heo> asie: it's the software. 2017-05-02 14:21:43 Nah, I'm fine with the default one 2017-05-02 14:21:45 <^7heo> asie: as you just said. 2017-05-02 14:21:50 i asked the previous maintainer for huawei on cyanogenmod what is the problem 2017-05-02 14:21:57 and he kindly explained to me that he refuses to deal with huawei phones ever agian 2017-05-02 14:22:09 <^7heo> fair 2017-05-02 14:22:16 it's fair and i realized just how big the mess is 2017-05-02 14:22:32 <^7heo> I don't think Huawei would be either doing things right or caring about small time devs 2017-05-02 14:22:40 but someone got it to run 2017-05-02 14:22:53 and they also fixed huawei's messed up gps code!? 2017-05-02 14:23:01 <^7heo> yeah well 2017-05-02 14:23:12 <^7heo> the thing with the models we selected is that there are drivers for the devices 2017-05-02 14:23:15 yeah 2017-05-02 14:23:17 <^7heo> and they are available quite handily. 2017-05-02 14:23:35 the primary problem is the GPU, no? 2017-05-02 14:23:40 <^7heo> I do hope they work on fairly generic versions of the kernels 2017-05-02 14:23:45 <^7heo> not on very precise versions. 2017-05-02 14:23:49 yeah... generic version of the kernel and huawei. 2017-05-02 14:24:00 <^7heo> and let's see about "grsec" or whatever it's called by the end of the year. 2017-05-02 14:24:01 huawei's kernel fork is interesting 2017-05-02 14:24:20 <^7heo> also I'll try to run it on the asus KL 550 ZC 2017-05-02 14:24:28 <^7heo> because they provide the sources for ASOP 2017-05-02 14:24:38 <^7heo> should be possible to at least try something. 2017-05-02 14:24:57 i suppose the cyanogenmod/lineage ports are userland-only 2017-05-02 14:25:00 <^7heo> sorry, ZC550KL 2017-05-02 14:25:04 that is, the android libs and kernel are all huawei 2017-05-02 14:25:08 and only the apks got replaced 2017-05-02 14:25:19 <^7heo> yeah it's fair to assume that. 2017-05-02 14:25:41 <^7heo> That's why I would like to try stuff on the ZC550KL 2017-05-02 14:25:52 <^7heo> (and because I own one) 2017-05-02 14:26:17 <^7heo> But aside from the GPU, there's a couple of things to manage... 2017-05-02 14:26:29 <^7heo> especially the phone capabilities. 2017-05-02 14:26:40 <^7heo> (because it'd suck to have a phone that can't phone) 2017-05-02 14:27:10 oh of course it is 2017-05-02 14:27:40 not as bad as i expected, but it's still a crazy glued together thing 2017-05-02 14:28:02 good luck with the RIL 2017-05-02 14:28:56 <^7heo> clandmeter: it's more or less "good luck with everything" at this point. 2017-05-02 14:29:38 <^7heo> clandmeter: but I'm not alone on this; there's a dude who ported NetBSD to the N900 that is interested in participating AFAICT 2017-05-02 14:29:53 ril camera and sensors will be a giant headache from what i read about it. 2017-05-02 14:30:03 <^7heo> clandmeter: and also, we can always ask questions on jolla/sailfish IRC channels. 2017-05-02 14:31:03 hey guys, we're trying to install alpine under hyper-v. vanilla worked, but it's running in ram, how do we get it to install to the disk instead of just running live ? 2017-05-02 14:31:06 <^7heo> clandmeter: but yeah you're right; I do not expect RIL, and phone to be a walk in the park. 2017-05-02 14:31:11 <^7heo> moin HEROnymous 2017-05-02 14:31:22 setup-alpine 2017-05-02 14:31:46 <^7heo> I wonder why Hyper-V can't work grsec... 2017-05-02 14:31:47 thanks :) 2017-05-02 14:31:49 <^7heo> s/work/run/ 2017-05-02 14:32:05 I'm not sure, I tried getting the vm and std images to boot, bart got the vanilla one to boot 2017-05-02 14:32:16 <^7heo> well, that's at least something. 2017-05-02 14:32:20 <^7heo> We can work with the vanilla ;) 2017-05-02 14:32:32 <^7heo> it's not ideal but with the grsec batonning coming up... 2017-05-02 14:32:41 <^7heo> I guess it's not such an issue anyway. 2017-05-02 14:32:55 i remember there is some information on the grsec forums about hyperv 2017-05-02 14:33:14 yeah if you guys wanna try and get stuff rolling on hyper-v I am down to help some time getting it to boot. are you sure it's a grsec issue ? 2017-05-02 14:33:16 it just weird the virt kernel doesnt work 2017-05-02 14:33:46 90% sure :) 2017-05-02 14:33:46 yeah, I tried it on my personal box too, same results as on the production machine, so it's not something specific to one host 2017-05-02 14:34:51 <^7heo> HEROnymous: your personal box runs on HyperV? 2017-05-02 14:35:15 yeah... well, I have a lot of personal stuff, lol 2017-05-02 14:35:19 something must be missing in the virt kernel, i didnt have time yet to try it. 2017-05-02 14:36:03 ^7heo, that's out at one of our data centers, I also have quite a bit of stuff here at my house too, hahah 2017-05-02 14:36:21 clandmeter, lemme know if I can be of assistance 2017-05-02 14:37:15 which version of hyper-v are you running? 2017-05-02 14:37:26 2016 2017-05-02 14:37:43 is that the same core as recent win10? 2017-05-02 14:38:08 not sure, I don't really know much about windows desktop systems, but I would suspect so? 2017-05-02 14:38:13 same release timeframe and stuff 2017-05-02 14:38:35 so linux on desktop and windows on servers? 2017-05-02 14:38:43 <^7heo> HEROnymous: I wouldn't run HyperV. My experience with Xen was really great. 2017-05-02 14:38:53 <^7heo> HEROnymous: and also, if not Xen, I'd look at intel Nova. 2017-05-02 14:38:56 finally, the year of linux on the desktop! 2017-05-02 14:39:04 :) 2017-05-02 14:39:06 <^7heo> TBB: ? 2017-05-02 14:39:27 clandmeter, personally, I run linux on my desktop and most of my servers, cept for windows server 2016 with hyper-v as a virt stack ;) 2017-05-02 14:39:28 <^7heo> Ah ok I finally catched up with the log. 2017-05-02 14:39:32 <^7heo> sorry TBB, my bad. 2017-05-02 14:40:02 no worries; you might have also noticed that the "linux sucks" guy also stopped doing his annual "linux sucks" videos and talks 2017-05-02 14:40:10 so we must be getting close :D 2017-05-02 14:40:15 <^7heo> What guy? 2017-05-02 14:40:20 ^7heo, we tried xenserver, ran into some annoying storage issues. hyper-v is actually pretty awesome in terms of ease of configurability and stuff too, there's a lot of basic stuff that's very simple vs. very complicated with xen or kvm, and powershell is pretty slick too 2017-05-02 14:40:29 <^7heo> He sucks if he says "Linux sucks" and not "GNU/Linux sucks" 2017-05-02 14:40:39 <^7heo> unless he ACTUALLY criticizes the kernel ONLY. 2017-05-02 14:40:50 TBB, I've been running linux as my main workstation since 2007... and before that, it was Solaris on Sun hw. ;) 2017-05-02 14:40:55 <^7heo> HEROnymous: I dunno, I'm microsoft allergic. 2017-05-02 14:41:00 ^7heo: can't remember his name but he's done an annual talk on the subject since the late 2008's 2017-05-02 14:41:02 <^7heo> HEROnymous: aside from gaming, but that's a different machine. 2017-05-02 14:41:13 ^7heo, eh, I was when they mostly sucked. they actually have some good tech nowadays. 2017-05-02 14:42:17 microsoft has actually done a few really good things in the past few years - hyper-v, powershell, and C# are all pretty good, they've dramatically improved some of the areas (like security fixes) that they were notoriously terrible about prior to the 2008 era, etc etc. 2017-05-02 14:42:18 Bryan Lunduke 2017-05-02 14:42:25 <^7heo> HEROnymous: I do not agree. They rely way too much on people blindly adopting their tech without any understanding; and not checking what else exists and how better it may be. 2017-05-02 14:42:37 <^7heo> HEROnymous: in short, they rely way too much on their monopole. 2017-05-02 14:42:49 ^7heo, ehhh, you can't blame microsoft for their customers being educated or not. :) 2017-05-02 14:42:54 <^7heo> Yes you can. 2017-05-02 14:42:57 we have a regression bug for python3 2017-05-02 14:43:01 <^7heo> fcolista: ? 2017-05-02 14:43:01 https://github.com/GNS3/gns3-gui/issues/1392 2017-05-02 14:43:01 nahhh not me :) 2017-05-02 14:43:11 <^7heo> HEROnymous: handholding *is* harmful. 2017-05-02 14:43:50 <^7heo> HEROnymous: and to add insult to injury, lack of proper readable documentation, and artificial difficulty of interoperability is not helping people to educate themselves. 2017-05-02 14:44:12 ^7heo, I mean, if you've run windows servers in any serious capacity, I don't think you'd say there's hand holding really. you basically need to know the (powershell) cmdline as much for windows administration these days as you do for linux administration 2017-05-02 14:44:22 <^7heo> HEROnymous: there is. 2017-05-02 14:44:26 <^7heo> HEROnymous: take their DNS for instance. 2017-05-02 14:44:34 <^7heo> HEROnymous: there is NO way to actually know how the stuff works 2017-05-02 14:44:45 <^7heo> HEROnymous: and what upstream server it is going to take as source. 2017-05-02 14:45:06 <^7heo> HEROnymous: you can disble round robin, but even then it still behaves randomly at times. 2017-05-02 14:45:14 <^7heo> and that's just one example. 2017-05-02 14:45:30 <^7heo> even Bind9, which is quite bloated and sucky, behaves orders of magnitude more reliably. 2017-05-02 14:45:41 <^7heo> several orders of magnitude. 2017-05-02 14:45:47 <^7heo> several dozen orders of magnitude even. 2017-05-02 14:45:50 not sure on that, I've never used windows for dns 2017-05-02 14:46:00 <^7heo> Well we do here, and it's a freaking mess. 2017-05-02 14:46:15 <^7heo> HEROnymous: long story short, DNS is randomly working. 2017-05-02 14:46:27 <^7heo> HEROnymous: word is: when it doesn't work, take a coffee break. 2017-05-02 14:46:39 HEROnymous: I've been actively on Linux since 2001 I think, but while I've managed just fine, Lunduke does have some good points, points that mainly rise from lack of co-ordination, etc. Linux is not perfect for the desktop but I'll still rather choose it over the competition 2017-05-02 14:46:44 honestly, I once looked through every dns server out there and decided if I wanted something that worked the way I wanted, I'd have to write it myself, and that's a crazy undertaking. 2017-05-02 14:46:56 <^7heo> TBB: depends what competition. 2017-05-02 14:47:01 someone didn't check djbdns 2017-05-02 14:47:06 <^7heo> TBB: unless explicitely needed, I would rather use a BSD 2017-05-02 14:47:09 TBB, I think my first linux kernel was... just before 2.0.32 went live... but I was doing other unix stuff before I touched linux. 2017-05-02 14:47:13 <^7heo> skarnet: what do you mean? 2017-05-02 14:47:24 "every dns server out there" 2017-05-02 14:47:31 <^7heo> ah that. 2017-05-02 14:47:32 <^7heo> yeah, 2017-05-02 14:47:34 I'm noping that./ 2017-05-02 14:47:38 TBB, but be careful what you wish for - Redhat saw "lack of cooperation" and declared themselves final arbiter of everything. ;) 2017-05-02 14:47:39 ^7heo: 2017-05-02 14:47:40 python3 2017-05-02 14:47:41 Python 3.6.1 (default, Apr 18 2017, 22:11:55) 2017-05-02 14:47:41 [GCC 6.3.0] on linux 2017-05-02 14:47:41 Type "help", "copyright", "credits" or "license" for more information. 2017-05-02 14:47:41 >>> import os 2017-05-02 14:47:42 >>> os.listxattr 2017-05-02 14:47:44 Traceback (most recent call last): 2017-05-02 14:47:46 File "", line 1, in 2017-05-02 14:47:48 AttributeError: module 'os' has no attribute 'listxattr' 2017-05-02 14:47:50 >>> 2017-05-02 14:47:56 listxattrs is glibc-only 2017-05-02 14:48:00 <^7heo> fcolista: we should try to pastebin whenever possible. 2017-05-02 14:48:04 HEROnymous: yeh, we all know how that Red Hat decision went for all of us :D 2017-05-02 14:48:07 skarnet, what about djbdns? I've certainly read up on it. 2017-05-02 14:48:08 <^7heo> fcolista: or is that the service powering tpaste.us? :D 2017-05-02 14:48:22 so it's not working the way you want it to? ok. 2017-05-02 14:48:23 I used to be a FreeBSD user before switching to Linux tho 2017-05-02 14:48:49 TBB, FreeBSD is great, they just don't have the man power to keep up as a mainstream workstation system :( 2017-05-02 14:48:50 <^7heo> fcolista: and also that is weird. 2017-05-02 14:48:56 <^7heo> fcolista: lemme upgrade my python3 2017-05-02 14:49:18 but it occupies a niche now, very successfully, as a base for things like pfsense and freenas as well, which works well 2017-05-02 14:49:33 <^7heo> And netflix. 2017-05-02 14:49:37 <^7heo> (just saying) 2017-05-02 14:49:44 <^7heo> (and parts of MacOS X) 2017-05-02 14:51:03 <^7heo> freaking debian. 2017-05-02 14:51:11 ^7heo, correct 2017-05-02 14:51:11 <^7heo> it uses python2 by default. 2017-05-02 14:51:17 MacOS x 2017-05-02 14:51:45 ^7heo, my experiences with debian have always been pretty meh, tbh 2017-05-02 14:51:51 <^7heo> Anyhow, fcolista, do you know when it regressed? 2017-05-02 14:52:07 <^7heo> HEROnymous: I had a love hate relationship with debian for about 10 years. 2017-05-02 14:52:13 <^7heo> HEROnymous: then they decided to use systemd by default. 2017-05-02 14:52:17 ^7heo, i bet when we upgraded python3 from 3.5 to 3.6 2017-05-02 14:52:29 <^7heo> fcolista: that's a safe bet to go for ;) 2017-05-02 14:53:02 ncopa: http://sprunge.us/hgdB 2017-05-02 14:53:06 what to you think? 2017-05-02 14:53:18 ^7heo, my biggest issue with debian the last time I tried it was that their openssl used a slimmed-down set of ciphers, and getting a replacement up and running was a huge hassle for some reason. 2017-05-02 14:53:42 <^7heo> yeah well that's *one* of the problems with debian. 2017-05-02 14:53:53 <^7heo> mostly that they are the textbook case of what's wrong with communities. 2017-05-02 14:53:55 I don't have anything against systemd in and of itself, but the whole "redhat as god and overlord" thing may not be the best idea overall. 2017-05-02 14:54:25 <^7heo> if there's ONE term I'd use to describe debian it's: vogon-influenced-waterfall-designed-administrative-OS 2017-05-02 14:55:12 <^7heo> fcolista: duckduckgo fails to return a proper documentation for listxattrs 2017-05-02 14:55:16 <^7heo> fcolista: any link? 2017-05-02 14:55:40 the link I've sent before ^7heo 2017-05-02 14:55:46 fcolista, didnt we discuss this issue before? 2017-05-02 14:55:53 clandmeter, yeah 2017-05-02 14:55:58 that was your finding 2017-05-02 14:56:01 <^7heo> fcolista: got it 2017-05-02 14:56:03 we applied a patch for that 2017-05-02 14:56:12 ah ok 2017-05-02 14:56:15 i dont remember anymore 2017-05-02 14:56:22 that i think it *gone* when we upgraded python3 2017-05-02 14:56:48 somebody didnt take the patch from 3.5? 2017-05-02 14:57:11 git show c7c2150bfaf547c391ac623bb188fca98faff87e 2017-05-02 14:57:22 <^7heo> fcolista: it's a buildtime regression 2017-05-02 14:57:27 <^7heo> fcolista: not a runtime regression 2017-05-02 14:57:39 <^7heo> fcolista: should be fairly easy to fix, especially since we already have a fix. 2017-05-02 14:58:04 ^7heo: ncopa: http://sprunge.us/hgdB 2017-05-02 14:58:13 <^7heo> yeah scadu broke it. 2017-05-02 14:58:19 <^7heo> :D 2017-05-02 14:58:28 fcolista, ncopa is not around atm 2017-05-02 14:58:30 if you agree, i'll push the patch 2017-05-02 14:58:46 <^7heo> fcolista: does that fix it? 2017-05-02 14:58:55 we're close to AL 3.6 2017-05-02 14:59:07 but i want this fixed before the 3.6 release 2017-05-02 14:59:10 <^7heo> fcolista: 1. does it fix it? 2017-05-02 14:59:24 <^7heo> fcolista: 2. is fix-xattrs-glibc.patch the same patch as issue-27955.patch previously? 2017-05-02 15:00:00 yes please show that patch 2017-05-02 15:00:15 i didnt see any ref to xattrs 2017-05-02 15:01:03 clandmeter, no it's not 2017-05-02 15:01:12 that patch is related to py-random 2017-05-02 15:01:21 patch i sent fixes the issue though 2017-05-02 15:01:29 <^7heo> wait how? 2017-05-02 15:01:29 Folks 2017-05-02 15:01:38 fcolista, you didnt paste it 2017-05-02 15:01:47 I want to add mentions of the 'docs' package to the wiki 2017-05-02 15:01:49 <^7heo> clandmeter: I think he means the patch to APKBUILD. 2017-05-02 15:01:53 clandmeter, I pasted two times :) 2017-05-02 15:01:55 In the FAQ section 2017-05-02 15:01:59 fcolista> ^7heo: ncopa: http://sprunge.us/hgdB 2017-05-02 15:02:01 clandmeter, ^ 2017-05-02 15:02:06 <^7heo> yeah that one. 2017-05-02 15:02:10 fcolista no you didnt 2017-05-02 15:02:12 <^7heo> How can it even fix the issue? 2017-05-02 15:02:12 :p 2017-05-02 15:02:15 <^7heo> clandmeter: yeah he did ;) 2017-05-02 15:02:21 Should I leave the whole 'apk add man, apk add mdocml' or screw that and apk add docs? 2017-05-02 15:02:22 clandmeter, you're right 2017-05-02 15:02:24 it doesnt have the patch 2017-05-02 15:02:39 http://sprunge.us/abNd 2017-05-02 15:02:42 stop telling me my glasses are broken! 2017-05-02 15:02:45 <^7heo> ah thanks 2017-05-02 15:02:47 :p 2017-05-02 15:02:55 <^7heo> Now I can see how it fixes it. 2017-05-02 15:02:59 I didn't added the patch 2017-05-02 15:03:04 ah that one 2017-05-02 15:03:07 yes 2017-05-02 15:03:09 yes thats sane 2017-05-02 15:03:21 <^7heo> how come upstream isn't already doing that? 2017-05-02 15:03:35 fffuu 2017-05-02 15:03:37 heh 2017-05-02 15:03:44 <^7heo> scadu: mmmmmyes? 2017-05-02 15:04:06 ppl thinks that linux == glibc and systemd nowadays 2017-05-02 15:04:12 <^7heo> yeah I know. 2017-05-02 15:04:15 <^7heo> makes me wanna nuke the planet. 2017-05-02 15:04:16 anyway 2017-05-02 15:04:24 if you agree i'll push the change 2017-05-02 15:04:27 *patch 2017-05-02 15:04:31 go ahead 2017-05-02 15:04:34 <^7heo> fcolista: so I take that http://sprunge.us/abNd is fix-xattrs-glibc.patch ? 2017-05-02 15:04:48 <^7heo> wait, fcolista, can you please NOT change the || return 1 ? 2017-05-02 15:04:56 fcolista, hey let's of people think linux is gnome too ;> 2017-05-02 15:05:00 <^7heo> we should really limit the changes to the strict minimum 2017-05-02 15:05:01 err lots 2017-05-02 15:05:05 ^7heo, yes that's the patch 2017-05-02 15:05:08 <^7heo> HEROnymous: or rather fd.o 2017-05-02 15:05:12 why don't remove the || return 1? 2017-05-02 15:05:16 doh, why I have removed this patch :x 2017-05-02 15:05:18 <^7heo> to keep the changes minimal. 2017-05-02 15:05:30 <^7heo> scadu: because it was named after a gh issue and not about what it was doing. 2017-05-02 15:05:34 <^7heo> scadu: so you wanted to clean up. 2017-05-02 15:05:40 <^7heo> scadu: understandably. 2017-05-02 15:05:59 <^7heo> fcolista: we're close to release, it would be great to keep the diffs very short. 2017-05-02 15:06:21 <^7heo> fcolista: just in case we have to grep through `git log -p $SHA..` 2017-05-02 15:06:56 ^7heo, we have several pacakges with || return 1 removed...but if this makes you happier.. 2017-05-02 15:06:59 ^7heo: yeah, well, it looked useless at the some, but now turned out it's not :s 2017-05-02 15:07:15 <^7heo> fcolista: I know, and it is best to remove them; but after we get 3.6 out. 2017-05-02 15:07:18 <^7heo> fcolista: at least IMHO. 2017-05-02 15:07:34 I don't think, since 3.6 already implement "set -e" 2017-05-02 15:07:39 and that's why we are removing it 2017-05-02 15:07:39 <^7heo> I know 2017-05-02 15:07:42 <^7heo> I know. 2017-05-02 15:07:47 so? 2017-05-02 15:07:50 <^7heo> that's not the reason why I'm telling not to change anything. 2017-05-02 15:07:56 <^7heo> the reason is: keep the diff minimal. 2017-05-02 15:08:07 i think ncopa also asked to keep the return 1 untill after 3.6 2017-05-02 15:08:17 <^7heo> at the moment we should really only change only what's really really critical. 2017-05-02 15:08:21 <^7heo> like a regression. 2017-05-02 15:08:25 <^7heo> (nice spotting btw) 2017-05-02 15:08:26 but its just mine things, not enough to discuss 5 minutes. 2017-05-02 15:08:31 minor.. 2017-05-02 15:08:33 <^7heo> yeah 2017-05-02 15:08:50 <^7heo> however, still IMHO, keeping the diff minimal is worth discussing 5 minutes. 2017-05-02 15:09:01 <^7heo> we might have to end up grepping the tree for crap very close to release. 2017-05-02 15:09:11 <^7heo> or read the diffs without knowing exactly what we are searching for 2017-05-02 15:09:15 <^7heo> in worst case scenario 2017-05-02 15:09:20 guys, no problem for me 2017-05-02 15:09:24 <^7heo> and that's orders of magnitude longer than 5 minutes. 2017-05-02 15:09:32 <^7heo> (or even 10) 2017-05-02 15:09:57 <^7heo> fcolista: long story short, I'd advise keeping it in a branch for now; and comitting the day 3.6 gets out 2017-05-02 15:10:26 <^7heo> Just to keep things safe before push to prod. 2017-05-02 15:10:39 ^7heo, so: 2017-05-02 15:10:49 i just add the patch 2017-05-02 15:10:55 and bump pkgrel 2017-05-02 15:10:57 nothing more 2017-05-02 15:10:57 <^7heo> yeah please, I'd love to get that fixed. 2017-05-02 15:10:59 <^7heo> yeah. 2017-05-02 15:10:59 sounds ok? 2017-05-02 15:11:00 crap, have to reboot to be able to use hyperv... 2017-05-02 15:11:02 <^7heo> sounds perfect. 2017-05-02 15:11:06 ok good 2017-05-02 15:11:07 <^7heo> (not for you clandmeter) 2017-05-02 15:11:16 and i've alos upgraded gns3 to version 2 :-) 2017-05-02 15:11:58 i have no idea what it is :) 2017-05-02 15:12:39 <^7heo> fcolista: it's in community, and it won't be cooked in the images, will it? 2017-05-02 15:13:12 <^7heo> (I mean I don't think we have a single image that contains a full featured network sim) 2017-05-02 15:13:23 <^7heo> clandmeter: it's a network sim. 2017-05-02 15:13:33 <^7heo> clandmeter: it's pretty neat. 2017-05-02 15:14:33 ^7heo, right 2017-05-02 15:14:51 <^7heo> fcolista: yeah so if it's broken on release day, it's gonna be fast to fix. 2017-05-02 15:14:58 <^7heo> fcolista: so it's not THAT critical. 2017-05-02 15:15:10 https://hg.python.org/cpython/rev/33f7044b5682 2017-05-02 15:15:13 <^7heo> (plus it won't prevent 3.6 from being installed anywhere) 2017-05-02 15:15:37 it's from 2011 2017-05-02 15:15:43 it's a regression 2017-05-02 15:15:55 <^7heo> ah 2017-05-02 15:16:32 <^7heo> "use glibc instead of a small separate lib" sounds a bit like "let's stuff systemd with all the things" 2017-05-02 15:18:03 something like... 2017-05-02 15:18:03 :D 2017-05-02 15:20:06 Dammit 2017-05-02 15:20:14 I just edited the wiki page 2017-05-02 15:20:17 > 2017-05-02 15:20:19 > Your username or IP address has been blocked. 2017-05-02 15:20:23 Why? :( 2017-05-02 15:20:35 > Automatically blocked by abuse filter. Description of matched rule: New users are not allowed to add ip addresses and phone numbers. 2017-05-02 15:20:38 I did not! 2017-05-02 15:22:00 Page: https://wiki.alpinelinux.org/wiki/Alpine_Linux:FAQ#Why_don.27t_I_have_man_pages_or_where_is_the_.27man.27_command.3F 2017-05-02 15:22:05 Changes: https://paste.pound-python.org/show/TSQocqhTLd6yLUmXUWBc/ 2017-05-02 15:23:23 brutal 2017-05-02 15:23:52 Well I do remember the gentoo experience 2017-05-02 15:24:12 But that's even more funnier :D 2017-05-02 15:24:14 isnt the {{pkg| an alias to an url 2017-05-02 15:24:27 Yes, I guess so 2017-05-02 15:24:31 see 2017-05-02 15:24:34 Err 2017-05-02 15:24:40 its outsmarting you 2017-05-02 15:24:42 It says ip addresses 2017-05-02 15:25:01 consus, did you create your acc just recently? 2017-05-02 15:25:07 Yes 2017-05-02 15:25:10 Several minutes ago 2017-05-02 15:25:15 thats the issue 2017-05-02 15:25:28 the limit is for a few hours i believe 2017-05-02 15:25:35 Uhm 2017-05-02 15:25:40 Can we state this somewhere? 2017-05-02 15:25:45 <^7heo> clandmeter: good move to tell unknown people how long they have to wait to bypass the securities. 2017-05-02 15:25:59 thats the reason its not added 2017-05-02 15:26:03 Err 2017-05-02 15:26:04 <^7heo> clandmeter: especially in a logged channel 2017-05-02 15:26:06 <^7heo> clandmeter: now it is. 2017-05-02 15:26:12 Well 2017-05-02 15:26:15 <^7heo> clandmeter: this is logged and indexed by search engines... 2017-05-02 15:26:17 <^7heo> gg... 2017-05-02 15:26:23 lol 2017-05-02 15:26:23 This is weird you know 2017-05-02 15:26:29 I've registered to fix the wiki 2017-05-02 15:26:33 And now I'm banned for it 2017-05-02 15:26:42 That's a major drawback for the contributors, nah? 2017-05-02 15:26:45 consus, i know. 2017-05-02 15:26:50 and i would change it if i can. 2017-05-02 15:26:57 <^7heo> THe wiki is a major drawback anyway. 2017-05-02 15:27:01 <^7heo> we need something markdown based. 2017-05-02 15:27:02 Okay, could you at least unlock my account? 2017-05-02 15:27:06 <^7heo> and there's something in the works so... 2017-05-02 15:27:07 what is your acc? 2017-05-02 15:27:11 i can unlock it 2017-05-02 15:27:12 consus 2017-05-02 15:27:13 i think 2017-05-02 15:27:16 :D 2017-05-02 15:27:18 cause the interface is crap 2017-05-02 15:27:21 ^7heo, let us know if you need hosting for stuff 2017-05-02 15:27:38 <^7heo> HEROnymous: thanks; but atm we have all we need in terms of hosting for the doc 2017-05-02 15:27:44 <^7heo> HEROnymous: we need better *software* tho ;) 2017-05-02 15:28:07 Hm 2017-05-02 15:28:22 Is wiki even alive? 2017-05-02 15:28:28 don't we all... 2017-05-02 15:28:34 <^7heo> Indeed. 2017-05-02 15:28:47 web software is... an area that gets a lot of attention, but not a lot of competent attention :P 2017-05-02 15:28:57 <^7heo> s/web // 2017-05-02 15:29:09 So there will be md-based documentation soon? 2017-05-02 15:29:25 sigh 2017-05-02 15:29:25 <^7heo> consus: https://github.com/adocs/adocs 2017-05-02 15:29:28 i think it worked 2017-05-02 15:29:31 try it 2017-05-02 15:29:35 ehh, I feel like there's a lot of pretty good open source software out there. and the quality level is generally much higher overall than web software overall. 2017-05-02 15:29:45 <^7heo> consus: still missing an automatic replication from the wiki atm. 2017-05-02 15:29:50 <^7heo> consus: if you feel like writing somthing useful. 2017-05-02 15:30:15 <^7heo> (and that's not md, it's asciidoc, but it's close enough; and some of us prefer that) 2017-05-02 15:30:15 So you want to host the docs at gheyhub? 2017-05-02 15:30:31 <^7heo> There's no long term plan of hosting the docs on github. 2017-05-02 15:30:48 i made some steps on docs 2017-05-02 15:30:50 <^7heo> We just need something that knows how to convert md/adoc to html. 2017-05-02 15:30:52 not sure its ok 2017-05-02 15:30:56 <^7heo> and gh does it for now. 2017-05-02 15:30:56 did you try it ^7heo? 2017-05-02 15:31:02 <^7heo> clandmeter: try what? 2017-05-02 15:31:03 Okay 2017-05-02 15:31:09 the uri i gave you last time 2017-05-02 15:31:13 <^7heo> yeah I tried 2017-05-02 15:31:18 its git based 2017-05-02 15:31:19 <^7heo> it seemed to work. 2017-05-02 15:31:39 clandmeter: Do you have a link to it? 2017-05-02 15:31:43 same as https://wiki.somasis.com/Home 2017-05-02 15:32:05 consus, its currently open for modifications 2017-05-02 15:32:17 <^7heo> clandmeter: yeah but can it be modified via the web interface? 2017-05-02 15:32:22 i need to disable that and sync it to a public repo 2017-05-02 15:32:23 <^7heo> clandmeter: because that was the main issue. 2017-05-02 15:32:28 The font is goddamn large 2017-05-02 15:32:31 <^7heo> clandmeter: that's why we're using github atm for adocs/adocs 2017-05-02 15:32:38 <^7heo> clandmeter: because it's allowing for web based edits too. 2017-05-02 15:32:40 you can use github 2017-05-02 15:32:46 it can edit 2017-05-02 15:32:53 <^7heo> Yeah I see. 2017-05-02 15:33:01 <^7heo> so basically that solution would be to host it ourselves 2017-05-02 15:33:06 <^7heo> and use github mostly for the web edits 2017-05-02 15:33:11 <^7heo> and PRs 2017-05-02 15:33:14 <^7heo> like we do with aports? 2017-05-02 15:33:14 yes 2017-05-02 15:33:18 <^7heo> works for me ;) 2017-05-02 15:33:23 <^7heo> I like the idea. 2017-05-02 15:33:42 clandmeter: Could you make the font smaller? It's *huge*. 2017-05-02 15:33:48 which? 2017-05-02 15:33:52 The headers 2017-05-02 15:33:58 thats not my site 2017-05-02 15:34:01 Oh 2017-05-02 15:34:02 Okay 2017-05-02 15:34:13 It's like reading the docs in Confluence 2017-05-02 15:34:45 but yes, its the same on my instance 2017-05-02 15:35:10 <^7heo> clandmeter: it's not that huge; and one can easily unzoom. 2017-05-02 15:35:20 <^7heo> clandmeter: also, on your instance, there is an edit function 2017-05-02 15:35:28 <^7heo> clandmeter: that would work for web edit, wouldn't it? 2017-05-02 15:35:37 maybe 2017-05-02 15:35:41 but you need to add auth 2017-05-02 15:35:59 <^7heo> I could do that. 2017-05-02 15:36:02 <^7heo> what language is it in? 2017-05-02 15:37:17 https://github.com/gollum/gollum 2017-05-02 15:41:33 <^7heo> thanks. 2017-05-02 15:52:12 ^7heo: once again here, Markdown is really not sufficient for our documentation, b/c it’s very limited and not extendable, we definitely should use semantic markup, e.g. have macro for commands, so we can easily find where is particular command used to update relevant places when there’s some change; this can be very easily done in AsciiDoc (with Asciidoctor) 2017-05-02 16:03:10 <^7heo> jirutka: the current gh adoc is using adoc format. 2017-05-02 16:03:22 +1 2017-05-02 16:03:22 <^7heo> jirutka: adoc/adoc == alpine docs / asciidoc 2017-05-02 16:04:19 <^7heo> jirutka: I've invited you there. 2017-05-02 16:04:23 ^7heo: lul, I got confused. I wouldn't understand if I didn't know that gh uses asciidoc :P 2017-05-02 16:04:54 <^7heo> scadu: I know, it's a little punny. 2017-05-02 16:04:56 <^7heo> and puny to. 2017-05-02 16:04:58 <^7heo> too* 2017-05-02 16:05:06 I prefer cmark 2017-05-02 16:05:20 <^7heo> I came up with my own document description language 2017-05-02 16:05:21 CommonMark? 2017-05-02 16:05:21 <^7heo> the pdoc 2017-05-02 16:05:42 pickfire: ^ 2017-05-02 16:05:58 jirutka: Yes 2017-05-02 16:06:18 pickfire: it’s Markdown, just sensible standardized, so the same problem 2017-05-02 16:06:28 jirutka: What do you need? 2017-05-02 16:06:35 <^7heo> jirutka: +1 2017-05-02 16:06:40 I’ve already written that 2017-05-02 16:06:43 <^7heo> jirutka: I like markdown for it's bare syntax 2017-05-02 16:06:54 Then latex? 2017-05-02 16:06:57 no 2017-05-02 16:06:58 <^7heo> no please no. 2017-05-02 16:07:06 <^7heo> We need to have doc, not one page of doc in 3 years. 2017-05-02 16:07:10 asciidoc is fat, as well as latex 2017-05-02 16:07:18 wtf? XD 2017-05-02 16:07:22 But latex is more suited to fat document 2017-05-02 16:07:36 AsciiDoc and LaTeX have almost nothing in common XD 2017-05-02 16:07:41 <^7heo> pickfire: you're comparing apples and High Fructose Corn Syrup respectively. 2017-05-02 16:07:48 exactly 2017-05-02 16:07:50 <^7heo> jirutka: wrong, they support UTF-8 2017-05-02 16:07:50 Night, need to sleep, going out early in the morning. 2017-05-02 16:07:57 Lol 2017-05-02 16:07:58 <^7heo> jirutka: also they use ascii as a base. 2017-05-02 16:08:04 right :) 2017-05-02 16:08:05 > High Fructose Corn Syrup 2017-05-02 16:08:05 <^7heo> pickfire: o/ 2017-05-02 16:08:23 I don’t have time for this discussion atm, need to work :) 2017-05-02 16:08:28 <^7heo> same. 2017-05-02 16:08:33 <^7heo> But adoc == sensible choice. 2017-05-02 16:08:45 <^7heo> also jirutka please check your mails quickly, you've got two invites. 2017-05-02 16:09:24 <^7heo> jirutka: great ;) 2017-05-02 16:17:57 <^7heo> moin TemptorSent 2017-05-02 16:18:31 'morning -- network just came back up briefly, probably won't stay that way long. 2017-05-02 17:04:10 was there a discussion about /var/mail the other day? 2017-05-02 17:04:14 what was the conclusion? 2017-05-02 17:06:03 what do you think? the conclusion was that FHS sucks 2017-05-02 17:06:40 <^7heo> :D 2017-05-02 17:09:47 Exactly skarnet. 2017-05-02 17:11:47 ncopa: The conclusion was that /var/mail can not be properly secured and work with mailers running with reduced privs at the same time. 2017-05-02 17:12:01 ^ 2017-05-02 17:12:18 ncopa: we know that at least Gentoo and CentOS symlinks /var/mail → /var/spool/mail 2017-05-02 17:12:55 ncopa: the discussion was quite long and after first flame there were good technical arguments, so I’d recommend to read it and make a decision based on it ;) 2017-05-02 17:12:56 actionable item: check all the MDAs packaged by Alpine and make them deliver mail into users' homedir, for /etc/passwd users 2017-05-02 17:13:12 for virtual users, nobody gives a sh*t where the database is stored 2017-05-02 17:13:25 and /var/mail works as well as anything else (but not /var/spool/mail) 2017-05-02 17:13:52 And personally, I dislike the symlink as there is somewhat of a semantic distinction between the delivery spool and the user mailboxes, but it's not really enforced by most MTA/MDAs it seems these days. 2017-05-02 17:13:52 skarnet: I don’t remember details, but IIRC this was not the result of the discussion… 2017-05-02 17:13:55 I recommend /var/lib/$MDA/something though, since the virtual user database is MDA-specific 2017-05-02 17:14:01 skarnet: that it *cannot* be reasonably secured 2017-05-02 17:14:16 jirutka: read it again 2017-05-02 17:14:24 skarnet: donjt have time right now 2017-05-02 17:14:33 then you don't have time to contradict me either 2017-05-02 17:14:53 skarnet: and also this is IMO up to ncopa to decide, b/c there’s no clear winner 2017-05-02 17:15:30 of course it's up to ncopa to decide, but there's a clear winner and it's not anything in /var 2017-05-02 17:15:37 skarnet: I would agree that it should be handled per MDA (or at least per mailbox format), as having mixed content in /var/mail could lead to a real mess. 2017-05-02 17:15:40 skarnet: there’s big IF you can configure all mailing clients in aports to adhere to your scheme 2017-05-02 17:16:14 that's not my scheme 2017-05-02 17:16:38 that's a scheme implemented by reasonable MUAs and MDAs since the 90s 2017-05-02 17:18:25 but you're right, a pass on MUAs would also be necessary 2017-05-02 17:18:46 If a secure configuration is impossible with a given agent, I'd suggest it be dropped to unmaintained or patched, as proper security is what Alpine hangs it's hat on. 2017-05-02 17:19:30 I was going to suggest that, but the question becomes "and who's going to do the patching?" and I can already see fingers pointing at me 2017-05-02 17:20:15 skarnet: If someone is attached to a piece of software with crappy semantics, let them fix it or put up a bounty. 2017-05-02 17:20:33 that's not Alpine ethics 2017-05-02 17:20:54 <^7heo> not? 2017-05-02 17:21:07 <^7heo> (I'm naively asking, not trolling) 2017-05-02 17:21:15 <^7heo> I would expect it to be. 2017-05-02 17:21:15 Hmm, it's a conflict of Alpine ethics it seems -- Security on one hand and not breaking existing on the other. 2017-05-02 17:21:16 if we remove all shitty software from aports, then we would end up with quite few packages and I’d suggest to remove PHP and Go first :P 2017-05-02 17:21:45 <^7heo> TemptorSent: careful, you start sounding like OpenBSD, you're gonna trigger skarnet 2017-05-02 17:21:48 <^7heo> ACTION hides 2017-05-02 17:21:53 *LOL* 2017-05-02 17:22:10 <^7heo> (sorry skarnet) 2017-05-02 17:22:18 jirutka: I'm all for it ;) 2017-05-02 17:22:31 I’m just trying to say that skarnet’s hardline approach is not helping here very much :/ 2017-05-02 17:22:42 They can live in the 'insecure' repo! 2017-05-02 17:22:43 hey, OpenBSD's controlfreakiness actually found a bug in my code 2017-05-02 17:22:55 so it's not *all* bad 2017-05-02 17:22:58 <^7heo> huhu 2017-05-02 17:22:58 (just most of it) 2017-05-02 17:23:04 and I found serious security bug in OpenBSD’s code and I’m not security expert at all… so? 2017-05-02 17:23:25 <^7heo> jirutka: where? 2017-05-02 17:23:27 so it was just a normal day where hell didn't freeze over 2017-05-02 17:24:06 since that I don’t trust OpenBSD as before… that fact that they pushed such breaking change without any warning and released it and even after report they were quite calm… 2017-05-02 17:24:09 ^7heo: LibreSSL 2017-05-02 17:24:14 jirutka: honestly if I could devote the time to making a pass on the MDAs and MUAs myself, and patching what needs to be patched, I would 2017-05-02 17:24:21 Anyway, my thought is that packages which CAN NOT be utilized in a secure way should go somewhere you explicitly have to opt-into. 2017-05-02 17:25:03 you have to opt-in every package, Alpine is not Debian to ship hundreds of packages in default installation ;) you must explicitly install all possibly bad software, that’s opt-in 2017-05-02 17:25:17 jirutka: Not true -- deps :) 2017-05-02 17:25:31 we’re talking about mailing *clients*, not libs, right? 2017-05-02 17:25:43 jirutka: but there's also good software that's not in the default installation, how can you tell the difference 2017-05-02 17:25:56 we're talking about anything that can access a user's mailbox 2017-05-02 17:26:06 or maildirs 2017-05-02 17:26:08 jirutka: MUAs/MDAs (and in some cases MTAs) 2017-05-02 17:26:52 I actually still use UUCP in some cases, so the /var/spool/mail thing does come into play. 2017-05-02 17:26:59 <^7heo> jirutka: ah right. 2017-05-02 17:27:09 TemptorSent: yeah, but that's just you. ;) 2017-05-02 17:27:25 skarnet: Yeah, I know - I'm an antique. 2017-05-02 17:27:53 Still works great for devices with occasional connectivity and low data volumes. 2017-05-02 17:28:45 *cough* serialmail *cough* 2017-05-02 17:29:22 I even don’t know what UUCP is o.O 2017-05-02 17:29:49 Hmm, serialmail looks pretty cool for the mail part. 2017-05-02 17:30:55 Unix-to-Unix-CoPy (or Copy Protocol or Copy Program, depending on who you ask an the phase of the moon.) 2017-05-02 17:31:59 I use UUCP for both copying configuration/updates and for passing mail. 2017-05-02 17:32:19 <^7heo> I don't use UUCP 2017-05-02 17:32:23 <^7heo> for anything. 2017-05-02 17:32:37 <^7heo> for configuration management I tend to do git repositories (so I have versionning) 2017-05-02 17:32:48 <^7heo> for mail I use imap/smtp. 2017-05-02 17:32:52 <^7heo> (over SSL) 2017-05-02 17:32:54 same for me 2017-05-02 17:33:19 ^7heo: Not configuration management, pushing config updates to embedded devices and retrieving their logs/messages 2017-05-02 17:34:31 <^7heo> TemptorSent: I tend to do that via scp/rsync. 2017-05-02 17:34:32 mpv broken after commit by pickfire… http://bugs.alpinelinux.org/issues/7262 2017-05-02 17:35:01 ^7heo: Yeah, great for hosts that you have IP connectivity to, not so great over serial 2017-05-02 17:35:07 <^7heo> jirutka: pickfire doesn't have commit rights. 2017-05-02 17:35:29 <^7heo> jirutka: so technically, mpv broke after a commit by fabled 2017-05-02 17:35:55 ^7heo: yes, they are both responsible :) 2017-05-02 17:36:02 <^7heo> TemptorSent: I do not often have only a serial connectivity. 2017-05-02 17:36:19 ^7heo: Welcome to the world of embedded computing. 2017-05-02 17:36:31 <^7heo> nah not anymore. 2017-05-02 17:36:53 <^7heo> a lot of "embedded" has IP support nowadays. 2017-05-02 17:36:56 <^7heo> most of it has. 2017-05-02 17:37:03 Networking is not required nor desired. 2017-05-02 17:37:17 Think PLCs 2017-05-02 17:37:18 <^7heo> tell that to the folks who did the ethernet shield for the arduino. 2017-05-02 17:38:00 You may want network MODULES, but the core hardware is by design not connected to the outside world in any way without physical access 2017-05-02 17:38:12 <^7heo> TemptorSent: what I'm saying here, is that it's not often that I see systems that do have a filesystem but no network. 2017-05-02 17:38:26 <^7heo> TemptorSent: if it has no filesystem, I have to reprogram the chip anyway. 2017-05-02 17:38:35 <^7heo> TemptorSent: if it has a filesystem, and network, I use ssh/rsync 2017-05-02 17:39:25 ^7heo: Hmm, much of my stuff ends up being flashed over serial using a bootloader or has a sd card. 2017-05-02 17:39:38 <^7heo> most of my stuff is flashed using a dedicated programmer. 2017-05-02 17:39:56 <^7heo> which is connected via USB-encapsulated serial. 2017-05-02 17:39:58 ^7heo: Running the network is far too much power usage. 2017-05-02 17:40:20 JTAG handles the bricked bootloaders. 2017-05-02 17:41:52 The only time it actually gets connected is for diagnostics or telemetry. 2017-05-02 17:43:12 <^7heo> jirutka: why was xrandr and xss removed from the build options btw? 2017-05-02 17:43:27 Much of this stuff is using low-speed serial-connected radio-modems where communications is required, 75-9600bps is common. 2017-05-02 17:43:37 <^7heo> jirutka: oh nevermind, it's in the message. 2017-05-02 17:48:02 ^7heo: Besides, the BOM and engineering overhead for adding the magnetics/PHY for ethernet or radio, transmission lines, and antenna for wireless is horrible for applications that don't need it. 2017-05-02 17:50:40 ^7heo: hm, he’s right, these options has been removed and so the functionality is enabled by default now 2017-05-02 17:50:49 ^7heo: so it must be some regression in the project 2017-05-02 17:59:35 <^7heo> jirutka: is the commit in the release? 2017-05-02 17:59:52 ^7heo: yes, I’ve checked that 2017-05-02 18:00:46 jirutka, ^7heo : mpv sounds like upstream issue, should probably revert it 2017-05-02 18:01:02 fabled: yeah, exactly 2017-05-02 18:01:33 pickfire, any thoughts on reverting mpv upgrade? 2017-05-02 18:01:44 <^7heo> fabled: he's sleeping atm. 2017-05-02 18:02:00 ^7heo: how do you know? :) 2017-05-02 18:06:22 it potentially depends on ffmpeg3.3 since in mpv git ffmpeg3.2 support is removed soon after the release tag 2017-05-02 18:06:24 i'll revert it 2017-05-02 18:30:44 Shiz jirutk 2017-05-02 18:31:03 Keyboard.... 2017-05-02 18:31:54 Jirutka, rust and other Arch's, what is the status? 2017-05-02 18:33:21 clandmeter: we have some info from fabled how to do that, just need to find some time to actually do that :) 2017-05-02 18:33:56 clandmeter: I don’t know if Shiz made more progress…? 2017-05-02 18:37:41 clandmeter: but I’ve already moved rust (not cargo yet) to community, ’cause fabled said that it’s not needed to have rust-bootstrap for bootstrapping from upstream’s binary and I was afraid that someone may decide to already branch v3.6 :) 2017-05-02 18:38:13 right. so you want to make it for 3.6? 2017-05-02 18:39:10 definitely! 2017-05-02 18:48:06 i ws thinking of setting 1777 permissions on /var/mail 2017-05-02 18:48:21 and symlink /var/spool/mail 2017-05-02 18:49:48 something created /var/spool/mail with group permissions to 'buildozer' on the build server 2017-05-02 18:49:56 anyone have a clue what might have done that? 2017-05-02 18:51:42 mmh might have done that 2017-05-02 18:52:33 might also explain the strange mmh build failure on the armhf builder 2017-05-02 18:53:34 ncopa 1777 still allows for a class of exploits based on creating an intentional name collistion and deliving mail to the attacker's file. 2017-05-02 18:55:29 touch /var/mail/$victim; chmod 666 /var/mail/$victim 2017-05-02 18:55:58 yeah, that’s true, it’s very vulnerable 2017-05-02 18:56:08 Or worse ln /var/mail/$attacker /var/mail/$victim 2017-05-02 18:57:20 Which will bypass many 'security' measures in the MDA such as fixing perms or changing ownership. 2017-05-02 18:58:55 but attacker needs to do it before first delivered mailbox 2017-05-02 18:59:03 but yes, valid point 2017-05-02 18:59:21 Not exactly a hard race to win ;) 2017-05-02 18:59:31 what about the debian style, with 750 permissions? 2017-05-02 18:59:58 and give a specific group write perms 2017-05-02 19:00:23 Still potentially vulnerable, but DoS is much easier than mail theft in that case. 2017-05-02 19:00:24 i mean 770 2017-05-02 19:01:06 Group perms will allow theft in that case. 2017-05-02 19:02:17 yes you need to be in the group to be able to steal mail 2017-05-02 19:02:26 how does other distros solve it? 2017-05-02 19:02:27 750 and pre-create (renaming any existing) the mailboxes at time of user createion gives you reasonably security 2017-05-02 19:02:31 Poorly. 2017-05-02 19:03:31 i suppose people use maildir nowdays 2017-05-02 19:03:35 Mail for local users should be delivered to the users's home directory, while virtual users probably should use a MDA specific directory to avoid problems when using multiple MDAs 2017-05-02 19:04:55 nmeum mmh's configure script will check permissions on /var/spool/mail 2017-05-02 19:05:02 It's one of those cases that the only sane solution to put it in /var/mail is to use a suid binary running as root that explicitly excludes users from writing the directoy. 2017-05-02 19:05:54 tbh I think that locally delivered mails are mostly history… 2017-05-02 19:05:55 and try install the binary with the given setgid 2017-05-02 19:06:01 yes 2017-05-02 19:06:07 i dont think we care that much 2017-05-02 19:06:27 but we need fix mmh to do something consistent 2017-05-02 19:06:36 755 mail:mail, with suid:root:mail for the MDA 2017-05-02 19:07:19 That allows mail be used to write non-local users, and the appropriate userid set for all local users. 2017-05-02 19:07:45 That's as close to sane as you can really get with it I'm afraid. 2017-05-02 19:08:00 setgid doesn't fix the problem. 2017-05-02 19:08:49 imho suid root is worse 2017-05-02 19:08:53 Here is one of those good candiates for namespaces. 2017-05-02 19:09:34 only suid actually functions properly, because with setgid only, you can still force collisiosns. You need to map the files to users one to one, and only root can do that. 2017-05-02 19:10:25 There is no simple, secure means of delivering mail to a common mail directory with existing semantics. 2017-05-02 19:10:52 bug in that application will not only give you permissions to other users mail 2017-05-02 19:11:02 will give you access to everything 2017-05-02 19:11:21 Having a maildir in the homedir writtable by a group works, because you don't need the user to have that group memebership. 2017-05-02 19:12:42 But if you have mail for all users in a single directory owned by a single user and group, the ONLY way to secure the mail directories is to set their ownership to the user and their group to something that doesn't contain any users. 2017-05-02 19:13:08 Which requires a suid:root MDA. 2017-05-02 19:13:39 Which is not secure, QED - /var/mail is not a secure place for MDAs to deliver mail for local users. 2017-05-02 19:14:24 Just say no to shared mail directories for local users. 2017-05-02 19:15:45 Solving it securely requires something like selinux caps or namespaces. 2017-05-02 19:17:24 if you want to, I suppose you could abuse the /var/mail directory and create /var/mail/$user at user creation time with perms $user:mail 770 2017-05-02 19:17:28 TemptorSent: POSIX ACLs wouldn’t help here, right? 2017-05-02 19:18:16 They could, but you'd still have to get the MDA to understand them I think, which would be better solved by just fixing the damn thing to deliver to user-owned directories. 2017-05-02 19:19:04 SELinux would let you restrict the scope of the MDA binary without modifying it I believe 2017-05-02 19:19:07 how hard is it to find the discussion in the chat logs instead of recreating it 2017-05-02 19:19:28 But POSIX ACLs + some scripting would work, and would actually be portable. 2017-05-02 19:20:01 skarnet: Ask ncopa? *ducks* 2017-05-02 19:20:28 I'm asking him as much as anyone else :P 2017-05-02 19:21:08 so the conclusion is that there is no sane way to set up a shared /var/mail 2017-05-02 19:21:17 Yes. 2017-05-02 19:21:23 unless you create the users mailbox at user creation time? 2017-05-02 19:21:24 exactly 2017-05-02 19:22:23 And if you do that, the user can still break it by unlinking it. 2017-05-02 19:22:29 and if you create the mailbox at user creation time, then you could use 1777 2017-05-02 19:22:31 yes 2017-05-02 19:22:49 Nope, 1777 is never going to be secure. 2017-05-02 19:22:50 and users with a smart MUA and a programmable MDA who want several mailboxes still need to create them in their homedirs 2017-05-02 19:23:07 so why not cut to the chase and deliver in the homedir in the first place 2017-05-02 19:23:41 I fully concur. 2017-05-02 19:24:02 and for virtual users, the virtual user database is MDA-dependent, so /var/lib/$MDA/foobar makes more sense than /var/mail. 2017-05-02 19:24:21 yes ofc 2017-05-02 19:24:23 Or, if you really must have mail on a different filesystem, create a user directory in that location. 2017-05-02 19:24:53 ok let me rephrase it 2017-05-02 19:24:57 afk 2017-05-02 19:25:22 should the 'inc' program from mmh be setgid or should it not? 2017-05-02 19:25:33 what is mmh? 2017-05-02 19:25:33 For store-and-forward delivery-only virtual users, /var/spool/mail MAY be appropriate, but otherwise should NOT be used. 2017-05-02 19:25:54 my mail handler? 2017-05-02 19:26:33 https://git.alpinelinux.org/cgit/aports/tree/community/mmh/APKBUILD 2017-05-02 19:26:42 Oh, meillo's 2017-05-02 19:26:42 that package is breaking builders 2017-05-02 19:27:26 configure script does some magic depending on if /var/mail is world writeable or not - on the building system 2017-05-02 19:27:47 -> trash 2017-05-02 19:28:05 He wrote it as his master's theisis?!? 2017-05-02 19:28:22 or, more constructively: do whatever it takes to make it build, it doesn't matter, it will be insecure anyway :P 2017-05-02 19:28:36 unless it can be configured to read mail from the user's homedir 2017-05-02 19:28:54 Oh, 'Modern Mail Handler' now? Make up your mind! 2017-05-02 19:30:54 skarnet: exactly, it doesnt matter really because its not possible to do it right 2017-05-02 19:31:09 so im thinking of drop setgid 2017-05-02 19:31:33 I'm reading his thesis real quick... 2017-05-02 19:32:31 the least worst way of handling /var/mail is to have it -drwsrws--- root:mail and to keep the setgid mail for programs that need to access it 2017-05-02 19:33:14 Agreed, and print a big, fat warning that it may be insecure. 2017-05-02 19:33:24 (but the real fix is to make it read from another default mailbox, if possible) 2017-05-02 19:33:44 I'm not seeing anything in the design that should make it impossilbe. 2017-05-02 19:35:48 Hmm, mmh is one of those programs that can be used in a couple different ways -- one of which is with slocal, in which case reading from /var/spool/mail and deliving to local folders is actually the proper operation. 2017-05-02 19:36:15 But configuration is required to make it work right in that mode. 2017-05-02 19:36:17 1990 called, they want you back 2017-05-02 19:36:34 *lol* Well, this is MH :) 2017-05-02 19:42:00 So it looks like this is the odd exception that actually should use /var/spool/mail, since it's mode of operation is to create a folder structure in the home directory and despool them to that. 2017-05-02 19:42:53 so we should setgid the 'inc' program? since world writable /var/mail is always bad? 2017-05-02 19:43:17 What is inc actually reading/writing? 2017-05-02 19:43:24 ncopa: yes, I guess. With a big fat warning. 2017-05-02 19:43:28 Can you strace it if it's not clear? 2017-05-02 19:44:30 im not running it, im just modifying the build 2017-05-02 19:44:36 to unblock the 3.6 builders 2017-05-02 19:45:02 nmeum: ok that we make 'inc' setgid 'mail'? 2017-05-02 19:50:49 ncopa: spool dir should be /var/spool/mail, as inc truncates the spoolfile on each successful read and does not treat it as a mailbox. 2017-05-02 19:52:10 The env variable it uses is actually 'MAILDROP', which may provide a more secure way of handling it by simply making the user set that! 2017-05-02 19:53:02 No SGID needed if the system mailer can deliver to the users maildir. 2017-05-02 19:53:16 ok good 2017-05-02 19:53:47 So install it with no set anything. 2017-05-02 19:54:10 thats what i wanted to hear 2017-05-02 19:54:12 thanks 2017-05-02 19:54:45 now next question is, can anyboy help me figure out what created the /var/spool/mail directory? 2017-05-02 19:54:46 You can even feed mail to it via stdin, so you could spawn it as the user. 2017-05-02 19:54:53 Oh 2017-05-02 19:55:02 The right time :D 2017-05-02 19:55:11 is there any pre-install script or similar that created it? 2017-05-02 19:55:45 possibly baselayout, since it is in fkn FHS 2017-05-02 19:55:46 /var/spool/mail is actually valid for MH, since it is explicitly used for spooling messages pending final delivery only. 2017-05-02 19:56:00 TemptorSent: please stop mentioning /var/spool/mail EVER 2017-05-02 19:56:04 skarnet is not owned by any package 2017-05-02 19:56:11 thank God 2017-05-02 19:56:13 But I suggest we bypass that entirely and deliver directly to the user. 2017-05-02 19:56:22 *it is not owned by any package 2017-05-02 19:56:22 ^ 2017-05-02 19:56:26 :) 2017-05-02 19:56:34 You are discussing the /var/mail and /var/spool/mail thing, right? 2017-05-02 19:56:40 nope 2017-05-02 19:56:42 :( 2017-05-02 19:56:45 we are definitively not 2017-05-02 19:56:50 That's a shame 2017-05-02 19:57:10 I was hoping for the final resolution any time soon 2017-05-02 19:57:11 skarnet: You REALLY hate /var/spool/mail for some reason, even when it's semantically correct... 2017-05-02 19:57:23 look up "obsolete" 2017-05-02 19:57:31 consus: Resolution is avoid if at all possible. 2017-05-02 19:57:34 and "bad design" 2017-05-02 19:57:58 skarnet Agreed, I'm just speaking in terms of WHICH insecure, poorly designed directory to use for what :) 2017-05-02 19:58:17 I'm not even talking about insecure 2017-05-02 19:58:22 I'm talking about nonsensical 2017-05-02 19:58:39 Please get it into your head that a spool for incoming mail is 100% nonsense 2017-05-02 19:58:42 in 2017 2017-05-02 19:58:52 FHS states /var/mail 2017-05-02 19:58:58 (and it also was nonsense in 1996) 2017-05-02 19:59:04 consus: we've been through this 2017-05-02 19:59:07 Well, the spool makes sense in certain cases still (weird ones where networks don't work reliably and devices poll) 2017-05-02 19:59:19 skarnet: Hm? 2017-05-02 19:59:25 TemptorSent: no. If you still have doubts, please read this line again. 2017-05-02 19:59:29 woudl probably make more sense to have a /var/spool/mmh for mmh 2017-05-02 19:59:44 ncopa: no, a spool only makes sense for OUTGOING mail 2017-05-02 19:59:45 never incoming 2017-05-02 19:59:59 and outgoing mail is for the MTA to handle. 2017-05-02 20:00:01 skarnet: What is the input to filtering then? 2017-05-02 20:00:04 AFAIR every smtp server already has it's own directory in /var/spool 2017-05-02 20:00:16 So /var/spool/mail is purely for mailboxes 2017-05-02 20:00:33 mailboxes have no place in /var/spool 2017-05-02 20:00:42 Really? 2017-05-02 20:00:52 $ ls -ld /var/mail 2017-05-02 20:00:52 lrwxrwxrwx 1 root root 15 Jan 4 2016 /var/mail -> /var/spool/mail 2017-05-02 20:00:53 Really. Again, we've been through this. 2017-05-02 20:01:01 Well 2017-05-02 20:01:05 Now it's all over the place 2017-05-02 20:01:12 yes, there is such a link, and it's a mistake. 2017-05-02 20:01:13 consus: No, /var/spool/mail is NEVER for user mailboxes, it MAY be used explicitly as a SPOOL, meaning it is cleared upon successful read. 2017-05-02 20:01:24 The link is evil. 2017-05-02 20:01:25 TemptorSent: In every major distro it is 2017-05-02 20:01:36 TemptorSent: Deal with it already 2017-05-02 20:01:43 that's proof that every major distro just doesn't think 2017-05-02 20:01:44 Yeah, it's been broken since the 90s. 2017-05-02 20:01:52 Perhaps 2017-05-02 20:01:59 Still things the way they are 2017-05-02 20:02:00 do you know the metaphor with chimpanzees getting an electric shock every time they climb a ladder? 2017-05-02 20:02:07 that's mainstream distros for you 2017-05-02 20:02:08 hey, if anybody wanst setup /var/spool/mail as a symlink, we should let them 2017-05-02 20:02:10 When semantics were still in use, it at least made some sense, but now it's just a giant cluster. 2017-05-02 20:02:25 ncopa: For now opensmtpd is broken with the default config 2017-05-02 20:02:35 ncopa: Because no package creates this symlink 2017-05-02 20:02:45 Then fix where it writes! 2017-05-02 20:02:53 Then fix mailx 2017-05-02 20:02:57 is there a bug for it? 2017-05-02 20:02:58 consus: would you kindly let us work? 2017-05-02 20:03:02 on bugs.a.o? 2017-05-02 20:03:15 ncopa: yes 2017-05-02 20:03:17 consus can you please file the details on bugs.a.o 2017-05-02 20:03:27 ncopa: ok 2017-05-02 20:04:01 the more urgent issue at hand is that builder chokes due to something created /var/spool/mail with wrong permissions 2017-05-02 20:04:06 and i have no clue what it was 2017-05-02 20:04:49 drwxr-xr-x 2 root buildoze 4096 Mar 28 22:32 /var/spool/mail/ 2017-05-02 20:04:50 likely 2770 root:mail 2017-05-02 20:04:55 ugh 2017-05-02 20:04:57 buildoze? 2017-05-02 20:05:05 Anyway, back to mmh -- I suggest you strip it of any elevated privs and tell the users to set the env variable to say ~/.mail/incoming 2017-05-02 20:05:23 buildozer is the user that builds are running as 2017-05-02 20:05:39 TemptorSent: yes that makes sense 2017-05-02 20:06:12 If someone wants to fix it to do that automatically, that would be cool, but for now, let the user decide 2017-05-02 20:06:16 how is this argument still happening 2017-05-02 20:06:29 And they can link that to wherever they have their mail delivered :) 2017-05-02 20:06:44 Because mail is a mess 2017-05-02 20:06:53 only if you /make/ it a mess 2017-05-02 20:07:00 ncopa: somehow I remember saying exactly this for 2 days straight, doesn't it make sense when I'm the one saying it? 2017-05-02 20:07:05 if opensmtpd relies on brokenness I suggest dropping the package. 2017-05-02 20:07:12 You mean trying to use anything of the shelf? 2017-05-02 20:07:24 Yeah, I suggested dropping the broken packages above :) 2017-05-02 20:07:36 Unfortunately, that's most of them :/ 2017-05-02 20:07:48 well I do not want to read the 806 lines of backlog that this discussion has spawned 2017-05-02 20:08:01 awilfox not worth reading backlog 2017-05-02 20:08:01 in fact, maybe it is time to just disconnect freenodee 2017-05-02 20:08:17 For the most part, proper configuration and possibly minor wrapping would mitigate if not fix them I suspect. 2017-05-02 20:08:22 TemptorSent, I mean relying on brokenness. 2017-05-02 20:08:30 the issue is supposed to be reported on bugs.a.o and we take it from there 2017-05-02 20:08:32 TemptorSent, some brokenness cna be fixed 2017-05-02 20:08:50 awilfox: Yeah, they rely on bad assumptions about privs, which breaks them. 2017-05-02 20:08:52 awilfox: or just to /leave #alpine-devel, which would save me a huge amount of time 2017-05-02 20:08:52 like kde brokenness, I spent most weekends fixing it, and it mostly is fully working now 2017-05-02 20:09:02 no more mem leaks or tearing or musl crashes 2017-05-02 20:09:12 Wow, great work! 2017-05-02 20:09:16 kde works with musl now? 2017-05-02 20:09:21 thats awesome! 2017-05-02 20:09:32 yep, most of my patches are upstreamed 2017-05-02 20:09:35 a few still in queue 2017-05-02 20:09:37 even better 2017-05-02 20:09:51 ok, I got the message. 2017-05-02 20:10:14 I'm using it daily via adelie, but void is using the patches too so they are testing it more 2017-05-02 20:10:25 should be easy to bring to alpine at the next KDE LTS 2017-05-02 20:10:36 which Inthink is 17.12 (so December) 2017-05-02 20:13:02 didn't think KDE would make him leave heh 2017-05-02 20:13:11 ncopa: /var/mail is so insecure, I'd almost suggest creating it 500 with a warning note inside. 2017-05-02 20:15:42 awilfox i dont think it was KDE. i think i was not good enough telling that i actually do listen to him 2017-05-02 20:16:47 I think the fact we've had this same conversation almost verbatim three times in the past week is probably the reason. 2017-05-02 20:17:44 The conclusion remains the same, local user mail for final delivery belongs in user-owned directories, prefereably in their home directories. 2017-05-02 20:19:02 amen. 2017-05-02 20:19:34 Anything else is too broken to contemplate supporting. 2017-05-02 20:21:49 skarnet and I disagree on the need at times for an intermediary spool directory for incomming mail, which I have used in the past to handle filtering before handing to the final delivery agent. 2017-05-02 20:22:50 But anthing of that nature should NOT be user-writable anyway. 2017-05-02 20:24:41 Actually, it is possible to tell smtpd to deliver to user mail dir. Where to submit patches to the config? 2017-05-02 20:24:46 *home dir 2017-05-02 20:24:48 In fact, good general policy is that anything that writes to a user-owned file should only do so in a directory owned by that user unless the file is explicitly unlinked and created each time. 2017-05-02 20:24:48 Sorry 2017-05-02 20:25:36 Though it would change the format from mbox to maildir 2017-05-02 20:25:45 Don't know if that's okay 2017-05-02 20:25:52 ncopa: sure, should I update the mmh aport accordingly? 2017-05-02 20:25:54 consus: I'd guess either a PR or add to the bug. 2017-05-02 20:26:41 nmeum: If you can figure out how to get it to default to user maildir, that would be ideal. 2017-05-02 20:27:09 user maildir? do you mean use maildirs? 2017-05-02 20:27:12 consus: IIRC there's a way of forcing it to deliver all new mail to a single file in the user maildir? 2017-05-02 20:27:24 ah 2017-05-02 20:27:34 Accordingly to smtpd.conf -- no 2017-05-02 20:27:41 deliver to maildir [path] 2017-05-02 20:27:43 deliver to mbox 2017-05-02 20:27:54 nmeum: Yes, if possible, supporting standard maildir would be ideal. 2017-05-02 20:27:56 So mbox delivery method assumes /var/mail 2017-05-02 20:28:05 TemptorSent: mmh doesn't support maildirs 2017-05-02 20:28:14 bloody stupid POS. 2017-05-02 20:28:17 nmeum: i think the conclusion was, no elevated privs 2017-05-02 20:28:18 I can write a patch for this of course 2017-05-02 20:28:55 Okay, yeah - delivering to a path in mbox format would be ideal consus. 2017-05-02 20:29:06 Why not maildir? 2017-05-02 20:29:14 And what is mmh 2017-05-02 20:29:14 Getting mbox clients to support maildir is likely a lot more work. 2017-05-02 20:29:17 nmeum: i think we need to make mmh *not* setgid inc, regardless of what the /var/spool/mail is 2017-05-02 20:29:24 mailx supports maildir 2017-05-02 20:29:27 mutt too 2017-05-02 20:30:01 What clients are we talking about? 2017-05-02 20:30:03 nmeum: can you help me with that? the currencte configure script will check the permissions on the buildserver 2017-05-02 20:30:40 i'll disable mmh for now so it does not block the builders 2017-05-02 20:30:40 you can hardcode the group it should use for the setgid binary using an environment variable 2017-05-02 20:30:41 mailhandler flavor agents 2017-05-02 20:30:55 but I don't think you can make inc a non-setgid binary 2017-05-02 20:31:14 TemptorSent: Can you please point me to the exact package in a tree? 2017-05-02 20:31:25 nmeum then maybe i misread the configure script 2017-05-02 20:31:26 I'm not familiar with mailhandler 2017-05-02 20:31:29 I mean you can obviously patch the makefile but I don't think that this is 'supported' 2017-05-02 20:32:06 see 'nmh' and 'mmh' 2017-05-02 20:32:09 patching makefile is never “supported” by upstream, yet we need to do it sometimes :) 2017-05-02 20:32:18 ncopa: if you just want me to the change the setgid binary group to 'mail' I can do that right away otherwise it would probably be a good idea to disable the aport for now 2017-05-02 20:34:50 consus: Things such as fetchmail also don't speak maildir 2017-05-02 20:34:59 Hm 2017-05-02 20:35:04 I used fetchmail + procmail 2017-05-02 20:35:06 Worked fine 2017-05-02 20:35:21 Anybody uses fetchmail without anything? P_P 2017-05-02 20:35:39 Depends on if you do it in a single step or not. 2017-05-02 20:35:46 Okay 2017-05-02 20:35:49 I used to fetch to spool, then proc 2017-05-02 20:35:53 The patch should be trivial 2017-05-02 20:36:02 I'll work on it and propose it to the upstream 2017-05-02 20:36:22 But generally it's much nicer to parse a single file to spool new files than traverse a directory hierarchy. 2017-05-02 20:36:30 Of course 2017-05-02 20:36:43 But it's easier to work with individual mails 2017-05-02 20:36:49 Instead of one HUGE file 2017-05-02 20:37:00 hey guys, moving along this install - I've got an issue now, not sure why, it's erroring during setup-alpine with unsatisfiable constraints regarding .setup-apkrepos 2017-05-02 20:37:08 So anything that is used programatically will want a single input file. 2017-05-02 20:37:50 consus: The spool files should never get huge, they should only contain NEW mail. 2017-05-02 20:38:01 Aha 2017-05-02 20:38:14 So then mail saves them to ~/mbox 2017-05-02 20:38:16 By default 2017-05-02 20:38:19 Otherwise it's not a spool. 2017-05-02 20:38:24 And then they got huge 2017-05-02 20:38:32 nmeum: $ curl --silent http://nl.alpinelinux.org/alpine/edge/community/x86_64/mmh-0.3-r0.apk | tar -ztv usr/bin/inc 2017-05-02 20:38:32 -rwxr-xr-x root/root 102504 2016-08-28 23:46 usr/bin/inc 2017-05-02 20:38:36 Yeah, the agent should be cleaning that out. 2017-05-02 20:39:08 read from ~/mbox and write to ~/Mail/... 2017-05-02 20:39:11 nmeum: apparently its currently set without any setgid permissions. i think that happens if /var/spool/mail is missing during build 2017-05-02 20:39:45 nmeum: we need patch the configure script so that we can force that behaviour with a configure option of some sort 2017-05-02 20:39:50 --disable-setgid or similar 2017-05-02 20:40:01 ncopa: the configure.ac also defines a SETGID_MAIL variable maybe we just want to set it to zero? 2017-05-02 20:40:13 that should work 2017-05-02 20:40:39 What we really should do is develop a consistent mail policy and configure everthing we package to conform. 2017-05-02 20:40:49 yeah 2017-05-02 20:41:03 FHS be damned, SELF consistency is what's important. 2017-05-02 20:42:31 :D 2017-05-02 20:42:37 Documentation 2017-05-02 20:42:37 And the reason for each design decision should be documented so we don't keep having the same arguments ;) 2017-05-02 20:42:39 Goddamit 2017-05-02 20:42:51 We need documentation for that 2017-05-02 20:43:10 Because people expect something familiar 2017-05-02 20:43:13 Yes, exactly. Document the expected behavior, then make it actually happen. 2017-05-02 20:43:20 Without the docs 2017-05-02 20:43:23 :D 2017-05-02 20:43:52 Yeah, the problem is the docs we currently have are more often than not incomplete or just plain wrong. 2017-05-02 20:44:22 :) 2017-05-02 20:45:02 I started stubbing out architecture on the wiki, but we really need to get down to the design-doc stage. 2017-05-02 20:46:50 Question - how do I add a category to the Wiki? 2017-05-02 20:46:51 ncopa: ok? http://sprunge.us/SEPG 2017-05-02 20:47:08 xD 2017-05-02 20:47:15 I got banned for editing wiki 2017-05-02 20:47:31 Wow, how'd you manage that? 2017-05-02 20:48:31 Pushed the 'Save' button 2017-05-02 20:48:41 On? 2017-05-02 20:48:47 Apparently, there is a grace period 2017-05-02 20:48:49 nmeum does it work? it looks ok to me, but i havent verified that it does what it should 2017-05-02 20:48:55 Between you've registered 2017-05-02 20:49:02 And first commit 2017-05-02 20:49:05 To the wiki 2017-05-02 20:49:13 If you violate this period, YOU'RE BANNED 2017-05-02 20:49:15 Oh, more like mediawiki is broken. 2017-05-02 20:49:18 :D 2017-05-02 20:49:24 consus first commit with a link to external site 2017-05-02 20:49:30 its anti spam feature 2017-05-02 20:49:32 ncopa: $ tar -ztvf mmh-0.3-r1.apk | grep inc 2017-05-02 20:49:32 ncopa: Not true 2017-05-02 20:49:33 -rwxr-xr-x root/root 102784 2017-05-02 22:36 usr/bin/inc 2017-05-02 20:49:37 Ah 2017-05-02 20:49:39 True 2017-05-02 20:49:44 A link to pkgs.a.o =/ 2017-05-02 20:49:51 nmeum push it. thanks! 2017-05-02 20:49:52 Yeah, that'd do it. 2017-05-02 20:49:58 Btw 2017-05-02 20:50:03 Gotta update it now 2017-05-02 20:50:09 Since the grace period is off 2017-05-02 20:50:12 I gues 2017-05-02 20:52:18 Holy crap there are a lot of blocked by abuse filter. 2017-05-02 20:52:39 > This action has been automatically identified as harmful, and you have been prevented from executing it. In addition, to protect Alpine Linux, your user account and all associated IP addresses have been blocked from editing. If this has occurred in error, please contact an administrator. A brief description of the abuse rule which your action matched is: New users are not allowed to add ip 2017-05-02 20:52:45 addresses and phone numbers 2017-05-02 20:52:46 Ah for god's sake %) 2017-05-02 20:52:50 Okay 2017-05-02 20:53:01 sounds like its broken 2017-05-02 20:53:06 Could somebody please post this https://paste.pound-python.org/show/TSQocqhTLd6yLUmXUWBc/ 2017-05-02 20:53:09 To the wiki? 2017-05-02 20:53:17 I really want to document this 'docs' package feature 2017-05-02 20:53:28 It's cool and helpfull 2017-05-02 20:53:38 But I cannot edit the wiki 2017-05-02 20:53:40 consus What was the account name you got blocked with, ncopa should be able to toggle that. 2017-05-02 20:53:50 consus 2017-05-02 20:53:52 It was consus 2017-05-02 20:53:55 It's unlbocked now 2017-05-02 20:54:00 HEROnymous, did you try apk del .setup-apkrepos ? 2017-05-02 20:54:01 By another guy 2017-05-02 20:54:10 but you got blocked again? 2017-05-02 20:54:12 But seems like grace period is not off =/ 2017-05-02 20:54:21 I don't know how long to wait 2017-05-02 20:54:23 Nobody told me 2017-05-02 20:54:24 speaking of MDA and setgid binaries is there still a reason why the mutt aports needs to have the suid option set? https://git.alpinelinux.org/cgit/aports/tree/main/mutt/APKBUILD#n13 2017-05-02 20:54:35 So, what do we have to do to disable that 'feature' 2017-05-02 20:54:36 So I tried to modify the very same page 2017-05-02 20:54:36 the option was introduced with this commit https://git.alpinelinux.org/cgit/aports/commit/main/mutt/APKBUILD?id=c172eceed77bc0330347b09a284d86d99da6146f 2017-05-02 20:54:50 but the mutt package doesn't seem to ship mutt_dotlock currently 2017-05-02 20:54:58 clandmeter, no, should I ? 2017-05-02 20:55:11 clandmeter, all I've done was some ifconfig and route commands and setup-alpine 2017-05-02 20:55:22 can you ping? 2017-05-02 20:55:30 sounds like network issue 2017-05-02 20:55:46 nah network's good. it was able to detect best mirror and stuff during the run. 2017-05-02 20:55:47 nmeum: Audit it and if it doesn't absolutely need it, kill it's sgid bit. 2017-05-02 20:56:08 then apk del it 2017-05-02 20:56:15 and apk update 2017-05-02 20:56:29 Well, I see you in the abuse log consus, but I don't have admin rights or anything to fix it :( 2017-05-02 20:57:30 from what i know it takes 5h 2017-05-02 20:57:34 last time i checked 2017-05-02 20:57:46 Can that be bypassed by setting a flag? 2017-05-02 20:58:51 i have no idea 2017-05-02 20:58:57 this mediawiki drives me mad 2017-05-02 20:59:01 So any help on that wiki issue? xD 2017-05-02 20:59:23 <^7heo> I told you it's shit 2017-05-02 20:59:36 consus: i've unblocked you 2017-05-02 20:59:37 <^7heo> consus: open a pr against adoc/adoc 2017-05-02 20:59:42 Okay, it seems the the single biggest barrier of entry to getting decent docs going is mediawiki. 2017-05-02 20:59:43 This first time I'll agree with ^7heo 2017-05-02 20:59:50 <^7heo> consus: we'll merge your doc there 2017-05-02 21:00:02 ^7heo: Will anybody *read* it? 2017-05-02 21:00:10 why cant it just have a normal user interface 2017-05-02 21:00:13 I see no links at the main page to your docs 2017-05-02 21:00:28 <^7heo> clandmeter: because people write shit 2017-05-02 21:00:46 clandmeter: Because it's a steaming pile of mismatched crap. 2017-05-02 21:00:49 So what now? 2017-05-02 21:00:52 Should I wait? 2017-05-02 21:00:59 Should I press 'Save page'? 2017-05-02 21:01:00 <^7heo> TemptorSent: of course it is the single barrier of entry 2017-05-02 21:01:32 <^7heo> TemptorSent: but apparently it's more important tohave a feature to input docs via the web than to have docs at all 2017-05-02 21:01:32 Okay, so what's a BETTER solution, since we all seem to agree that mediawiki isn't worth the electrons it's written on for our purposes. 2017-05-02 21:01:44 <^7heo> gh is a working solution today 2017-05-02 21:01:59 <^7heo> we also have the org, project 2017-05-02 21:02:36 <^7heo> and we can convert doc over 2017-05-02 21:02:50 <^7heo> using pandoc or whatnot 2017-05-02 21:02:52 Asciidoc/md? 2017-05-02 21:02:56 <^7heo> adoc 2017-05-02 21:03:15 asciidoctor xD 2017-05-02 21:03:16 <^7heo> https://github.com/adoc/adoc 2017-05-02 21:03:31 Link is dead 2017-05-02 21:03:35 <^7heo> https://github.com/adocs/adocs 2017-05-02 21:03:52 <^7heo> sorry, missed the s 2017-05-02 21:03:56 <^7heo> I'm tired 2017-05-02 21:04:07 if you want to know how to get pandoc built on alpine linux this is what i do https://github.com/mitchty/alpine-static-tmux/blob/master/Dockerfile#L90 (note this is used to just build a static pandoc) 2017-05-02 21:04:16 Hm 2017-05-02 21:04:17 Ahh, cool! 2017-05-02 21:04:25 So how we edit this on web? 2017-05-02 21:04:39 E.g. I want a nice preview button 2017-05-02 21:04:45 <^7heo> thanks mitchty 2017-05-02 21:04:52 To make sure my docs do not look like shit 2017-05-02 21:05:02 ^7heo: np, pandoc and idris are most of the reasons for ghc on alpine linux :) 2017-05-02 21:05:46 asciidoctor? 2017-05-02 21:06:18 Not a perfect rendering, but seems good enough 2017-05-02 21:06:54 Actually asciidoctor rendering looks better :) 2017-05-02 21:07:40 actually 2017-05-02 21:07:55 https://github.com/somasis/musl-wiki 2017-05-02 21:08:00 i really liked this too 2017-05-02 21:08:07 (hosted on http://wiki.somasis.org) 2017-05-02 21:09:08 it uses https://github.com/gollum/gollum 2017-05-02 21:10:50 <^7heo> Shiz: afsik that is an option for us too 2017-05-02 21:10:56 <^7heo> afaik* 2017-05-02 21:12:03 clandmeter was testing some documentation engine with git as backend too 2017-05-02 21:12:09 i dont remember which though 2017-05-02 21:12:19 its the same 2017-05-02 21:12:21 <^7heo> ncopa: that one 2017-05-02 21:12:31 <^7heo> gosh that network lags 2017-05-02 21:13:16 I think i can open it up and put the repo on github 2017-05-02 21:13:40 ppl can take a look at it . 2017-05-02 21:14:11 <^7heo> yeah 2017-05-02 21:20:39 i think i brought itu p before 2017-05-02 21:20:41 :P 2017-05-02 21:30:05 clandmeter: but maybe not under alpinelinux org, to not confuse ppl where the documentation is, until we actually move it 2017-05-02 21:30:41 its a wiki, add a note :p 2017-05-02 21:32:38 nmeum you beat me on soundtouch :) 2017-05-02 21:32:46 with a second or so 2017-05-02 21:32:55 :D 2017-05-02 21:33:00 I am now working on afl 2017-05-02 21:39:02 ncopa, I just fixed the gns3-server in a better way I think 2017-05-02 21:39:13 it just copy /bin/busybox to the source package in prepare(0 2017-05-02 21:39:16 prepare() 2017-05-02 21:39:20 do you mind if I push it? 2017-05-02 21:39:45 ok? where does it get busybox from otherwise? 2017-05-02 21:40:20 i think it fetches busybox from some place and i think it might need static busybox 2017-05-02 21:40:20 /bin/busybox.static. 2017-05-02 21:40:21 leitao: there’s new release of LuaJIT, 2.1.0_beta3, and someone mentioned that patch for ppc64le support needs to be updated – can you please do that? 2017-05-02 21:40:24 ah 2017-05-02 21:40:40 jirutka, yes. We are still debugging why the PIE is causing trouble. 2017-05-02 21:40:52 and gns3-server depends on busybox. 2017-05-02 21:40:56 leitao: okay, thanks! :) 2017-05-02 21:41:11 leitao i think it might need static busybox? 2017-05-02 21:41:19 ncopa, yes 2017-05-02 21:41:28 /bin/busybox.static 2017-05-02 21:41:39 then i dont understand what you porpose 2017-05-02 21:41:44 propose 2017-05-02 21:41:56 on prepare(), I run something like: 2017-05-02 21:42:21 if [ "$CARCH" != "x86_64" ] ; then 2017-05-02 21:42:26 busybox_bin=$(find . -name busybox -type f) 2017-05-02 21:42:38 cp /bin/busybox.static $busybox_bin 2017-05-02 21:43:34 should it not depends on busybox.static then? 2017-05-02 21:43:40 busybox-static package 2017-05-02 21:44:28 yes. I though that busybox ships both static and dynamic binaries, but you are correct. 2017-05-02 21:44:40 oh they have bundled a static busybox 2017-05-02 21:44:45 in the source package 2017-05-02 21:44:58 yes, thats wrong on all archs except x86_64 2017-05-02 21:45:00 :) 2017-05-02 21:45:07 leitao please push 2017-05-02 21:45:19 ncopa, ok, thanks! 2017-05-02 21:45:31 ncopa, we love upstream, don't we? 2017-05-02 21:45:38 and write a comment like "# we cannot use precompiled x86_64 busybox on all archs..." 2017-05-02 21:45:44 yes we do :) 2017-05-02 21:45:53 upstream we love :) 2017-05-02 21:46:03 i have to go 2017-05-02 21:46:40 tmh1999 looks like spl-vanilla has some issue? is it our gcc or the linux-vanilla-dev that is broken? 2017-05-02 21:46:56 tmh1999 could you try figure out why it cannot build 3rd party modules? 2017-05-02 21:47:03 no i have to run 2017-05-02 21:47:06 see u 2017-05-02 21:47:08 can anyone look at my kernel upgrade :p 2017-05-02 21:47:34 Shiz ping me tm 2017-05-02 21:47:40 alright 2017-05-02 22:46:19 Shiz: what is this? `setfattr -n user.upaste.language -v python3 upaste/upaste.py` 2017-05-02 22:46:49 it makes txt.shiz.me/self have highlighting :P 2017-05-02 22:46:58 something which is broken on my own install since migration 2017-05-02 22:47:08 (upaste uses xattrs to store metadata about a paste) 2017-05-02 22:47:38 interesting 2017-05-03 06:13:06 https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.4-relnotes.txt 2017-05-03 06:13:08 \o 2017-05-03 06:13:26 >Switched Linux getrandom() usage to non-blocking mode, 2017-05-03 06:13:29 this is a bug though 2017-05-03 06:23:03 ncopa, I think SPL is cache related iirc. 2017-05-03 06:23:21 ccache 2017-05-03 06:24:21 >../source/Core/DataExtractor.cpp:(.text._ZNK12lldb_private13DataExtractor4DumpEPNS_6StreamEmN4lldb6FormatEmmmmjjPNS_21ExecutionContextScopeE+0x371c): undefined reference to `std::ostream& std::ostream::_M_insert<__float128>(__float128)' 2017-05-03 06:24:23 this is a fun one 2017-05-03 06:24:27 as we disable float128 on ppc 2017-05-03 06:24:49 i think so at least? 2017-05-03 09:13:54 fabled: Why would I want to revert the mpv upgrade? 2017-05-03 09:14:07 ACTION checks it's mail 2017-05-03 09:22:54 <^7heo> pickfire: check the ml yeah 2017-05-03 09:24:51 ^7heo: What? mpv broke? It works fine here. 2017-05-03 09:50:22 <^7heo> pickfire: I do not know in details but "it works on my machine" is typical of amateur distributions like arch; and we do not take that as valid QA 2017-05-03 09:52:07 <^7heo> pickfire: please read the log for more info on why it broke and how it's been fixed 2017-05-03 09:52:19 <^7heo> pickfire: ENOTIME here. 2017-05-03 09:53:38 ENOTIME? 2017-05-03 10:00:35 pickfire, which video output driver? it was broke for me too (vaapi) 2017-05-03 10:01:05 as in, he has no time himself 2017-05-03 10:01:07 probably 2017-05-03 10:12:51 Ah 2017-05-03 10:15:39 i wonder what the need to disparage other distros is for, though 2017-05-03 12:48:01 yay, looks like all my php apps on alpine docker containers are broken :( 2017-05-03 13:11:23 fabled: I use vaapi 2017-05-03 13:11:31 But it didn't break 2017-05-03 13:20:26 mosez did you use edge? 2017-05-03 13:43:19 ncopa: yes 2017-05-03 13:47:09 we do break things in edge once in a while 2017-05-03 13:58:27 but even a plain upgrade have not solved it... maybe it's time for a fixed version :( 2017-05-03 13:58:43 : "Switched Linux getrandom() usage to non-blocking mode" – we can finally close one quite old bug report :) 2017-05-03 14:01:34 ncopa: clandmeter: I’ve “accidentally” wrote a blogpost about Alpine mirror at vpsFree.cz :) but it’s in Czech: https://blog.vpsfree.cz/podporujeme-alpine-linux-ma-u-nas-hlavni-mirror/; I wrote accidentally b/c Petr Krcmar sent me an email asking for more information, so he can write a blog post, but then he published directly what I wrote him, just with minor modification XD so I revisited it later; however, it was actually very effective 2017-05-03 14:01:34 approach to force me to write a blog post in less than few months :) 2017-05-03 14:02:18 ncopa: clandmeter: let me know if you wanna translate it to English ;) 2017-05-03 14:04:42 heh 2017-05-03 14:04:48 its work in progress 2017-05-03 14:05:07 i've modified the diagram a bit 2017-05-03 14:05:20 tier1 mirrors are moved down a step 2017-05-03 14:05:53 and we have a "mirror master" instead of the previous tier1 2017-05-03 14:07:04 jirutka, i updated the pdf 2017-05-03 14:12:11 clandmeter: I think it does not matter for that blogpost, it’s isomorphic (i.e. just changed names) :) 2017-05-03 14:12:27 but thanks for the update of the PDF :) 2017-05-03 14:15:42 but blog post is not accurate 2017-05-03 14:15:53 there will not be any tier3 mirrors 2017-05-03 14:16:23 only tier1 and tier2 2017-05-03 14:16:44 similar to this: https://fedoraproject.org/wiki/Infrastructure/Mirroring/Tiering 2017-05-03 14:17:20 i just want make sure that when we in the future talk about the "tier1 mirrors" we talk about the same thing 2017-05-03 14:17:20 uh, okay, I’ll sent Petr next update 2017-05-03 14:17:55 well, I’ve just used the current version of the diagram (current at 3 AM today) 2017-05-03 14:18:47 still nice with a blog post :) 2017-05-03 14:18:49 thanks! 2017-05-03 14:21:11 ncopa, did you see my msg about spl and ccache? 2017-05-03 14:21:26 no? 2017-05-03 14:21:37 i think its related 2017-05-03 14:21:51 the builder probably has it installed en enabled? 2017-05-03 14:22:19 atleast i remember i have to disable ccache to make it build 2017-05-03 14:27:30 clandmeter you mean on the s390x builder 2017-05-03 14:27:34 ok i'll check if it is 2017-05-03 14:27:38 yes 2017-05-03 14:29:17 the config.log of spl-vanilla on build-edge-s390x: http://tpaste.us/xWQv 2017-05-03 14:29:58 interesting 2017-05-03 14:30:01 its perl not found 2017-05-03 14:32:32 thanks 2017-05-03 14:32:53 ha 2017-05-03 14:33:02 yeah 2017-05-03 14:33:21 i wonder if its linux-vanilla-dev that should have it as dependency 2017-05-03 14:33:37 or if it is spl 2017-05-03 14:34:32 declaration M=/home/buildozer/aports/main/spl-vanilla/src/spl-0.6.5.9/build 2017-05-03 14:34:38 that one looks wrong too 2017-05-03 14:36:27 no. its correct 2017-05-03 14:36:54 I thought it means to build kernel module of spl-vanilla 2017-05-03 14:40:07 yes 2017-05-03 14:40:36 it looks like its linux-vanilla-dev that needs perl in its depends 2017-05-03 14:40:46 so installing perl help the build ? I just tried to remove perl to build and got the same error. with perl ok. 2017-05-03 14:40:48 yeah 2017-05-03 14:40:59 just weird that it does not happen on x86_64 2017-05-03 14:41:12 ok lets add it to linux-vanilla-dev 2017-05-03 14:41:16 thank you 2017-05-03 14:41:51 I gotta run. it's finals week here. I will be back later to work on remaining packages on community. 2017-05-03 14:42:01 thakns! 2017-05-03 14:55:06 i wonder if should try catch the builder's errors better 2017-05-03 14:55:16 eg fix build.alpinelinux.org page 2017-05-03 14:55:44 its currently not very visible if builder is actually building or if it choke on some error 2017-05-03 15:06:48 building cross compiler broke again... could you please install some ci for them in the near future? 2017-05-03 15:07:16 hier is the fix for current breakage btw. https://gist.github.com/xentec/81856fc05d32bbaa8f8c7df9d3a0c672 2017-05-03 15:14:01 fabled, did you update gcc? ^ 2017-05-03 15:28:47 jirutka - Reading backlog -- what about getrandom and non-blocking mode? 2017-05-03 15:30:48 Do all places using getrandom currently handle th EAGAIN properly? 2017-05-03 18:45:51 clandmeter: ncopa: the blog post is updated, now it reflects the latest version :) https://blog.vpsfree.cz/podporujeme-alpine-linux-ma-u-nas-hlavni-mirror/ 2017-05-03 18:48:29 fabled: xentec: I can confirm that, I’ve also tried script/bootstrap.sh yesterday, fixed one breakage in binutils package, but then hit another problem 2017-05-03 18:49:16 fabled: maybe i’d be better to move bootstrapping script(s) to a separate repository, write tests and let them run on CI 2017-05-03 18:49:54 jirutka, i've liked to keep it in aports because bootstrap.sh has repository specific knowledge (package ordering, and list of packages which changes across branches) 2017-05-03 18:50:10 fabled: good point 2017-05-03 18:53:32 ncopa: clandmeter: Petr Krčmář has informed me that we have 22 installations of Alpine Linux on vpsFree! that’s not very big number (there are 1 620 VPSes in total), but it increased from 4 to 22 in the last half-year :) 2017-05-03 18:54:09 thats interesting 2017-05-03 19:44:40 clandmeter: heh, right after we published info about mirrors tearing, I read news on root.cz that mirror of Arch Linux on Silicon Hill (student’s club and network at CTU in Prague) has been moved from Tier 2 to Tier 1 :) from the context I assume that they use the same naming as Fedora and as you proposed, i.e. Tier 1 is *not* the mirror master /cc ^7heo (but please don’t open a flame) 2017-05-03 19:50:47 lol, this is almost ridiculous… MySQL and Oracle… what can possibly be wrong XD http://www.openwall.com/lists/oss-security/2017/05/03/10 2017-05-03 20:54:41 anybody using bonding with alpine linux? 2017-05-03 20:54:59 <_ikke_> have used it 2017-05-03 20:55:14 which mode? 2017-05-03 20:55:23 <_ikke_> active-backup 2017-05-03 20:55:37 I used to use bonding on Gentoo few years ago and I had a lot of troubles with that; not with configuration, that was easy, but hard-to-troubleshoot problems on network 2017-05-03 20:56:13 i re-used the debian networking config, but that does not seem to work on alpine. 2017-05-03 20:57:42 <_ikke_> clandmeter: Did you check https://wiki.alpinelinux.org/wiki/Bonding ? 2017-05-03 20:57:53 yes its very limited 2017-05-03 20:57:56 <_ikke_> right 2017-05-03 20:58:02 I was talking with one admin about that and he told me that implementation of bonding in kernel is not very good and he don’t recommend to use it and he said that if I need boding, then try to use Open vSwitch for that… we had bad experience with 1.x version, but he told me that it was really shitty, but 2.x is good… well, after few years experience with Open vSwitch, I don’t recommend even that… 2017-05-03 20:58:06 i need to use mode 4 2017-05-03 20:58:24 802.3ad 2017-05-03 20:58:45 but we used Open vSwitch for use case where it was quite an overkill 2017-05-03 20:59:23 I should be still able to configure it on Gentoo with netifrc, but I have no idea how to do that with debian-style config we have in Alpine 2017-05-03 20:59:57 would be nice to get it working on alpine 2017-05-03 21:00:05 ofc :) 2017-05-03 21:00:05 20Gbit sounds sweet :) 2017-05-03 21:00:57 but unfortunately I don’t know, I have still some minor trouble even with basic network configuration with multiple interfaces on Alpine, not even talking about bonding 2017-05-03 21:01:29 and also I haven’t studied what “magic” netifrc actually do behind the scene 2017-05-03 21:01:50 20 Gbps sounds good, but really, do we need it? I don’t think so :) 2017-05-03 21:02:03 10 Gbps is still way more we actually need imo 2017-05-03 21:02:19 if you get it, why not use it? 2017-05-03 21:02:27 <_ikke_> 10gb is quite a lot 2017-05-03 21:02:29 yes, I’d also try it… 2017-05-03 21:04:32 but don’t be so crazy as me to waste time on something you just *want* to get working, no matter if you actually need it, just because you refuses to give up… :) 2017-05-03 21:04:57 its the only way to get things working ;-) 2017-05-03 21:05:19 yes, but the important part is “no matter if you actually *need* it” :) 2017-05-03 21:06:38 sometimes I spend a lot of time on solving some issue and when I get it and *after* that I start thinking if it’s really the best solution and the thing I really want :) 2017-05-03 21:07:25 is an apk dev present right now? 2017-05-03 21:07:28 there are so many settings to bonding.. i should have checked the debian install more carefully 2017-05-03 21:07:36 xentec: you mean fabled? 2017-05-03 21:08:10 clandmeter: yeah, there are multiple modes how to set it up and it *must* be the same that is configured on the switch 2017-05-03 21:17:46 well fabled then :) I ask you to look at following apk trace: https://dpaste.de/rH4g#L1,2420,2422,2423 (specifically the lines) 2017-05-03 21:18:43 I wanted to fetch a meta-package (with no cache enabled) but apk refuses to do even though it was able to install it 2017-05-03 21:18:48 hmm, this is very nice pastebin service! 2017-05-03 21:18:48 he is probably sleeping already. 2017-05-03 21:19:40 then I hope he'll read it tomorrow.. because to me it looks like a strange bug 2017-05-03 21:19:52 ah, I’ve already stared it on GH some time ago… it’s unfortunately based on Django… ./ 2017-05-03 21:20:37 xentec: what exactly “Reply to this snippet” do? 2017-05-03 21:21:38 probably creating a new paste with a link to the old one.. I don't use it often ;) 2017-05-03 21:21:46 the site I mean 2017-05-03 21:22:35 xentec: I see, it’s more similar to Gists than classic Pastebin 2017-05-03 21:24:02 I think that I’ll start to use it as default pastebin when I need to paste something from web browser :) (I use our tpaste.us for pasting from terminal) 2017-05-03 21:24:08 fabled: strangly enough alpine-base downloads just fine 2017-05-03 21:24:46 jirutka, you can also paste from browser with tpaste 2017-05-03 21:24:56 clandmeter: huh, how? 2017-05-03 21:25:05 check tpaste.us 2017-05-03 21:25:10 it has a form link 2017-05-03 21:25:36 aha, I totally overlooked this XD 2017-05-03 21:25:43 :) 2017-05-03 21:25:53 heh, interesting hack! 2017-05-03 21:26:56 clandmeter: btw you should fix the link, you’ve moved the repo… ;) 2017-05-03 21:27:10 i need to fix this bond ;-) 2017-05-03 21:27:14 no not james bond 2017-05-03 21:27:17 :p 2017-05-03 21:27:59 is it a kernel option to configure network drivers with ethtool support? 2017-05-03 21:28:21 btw do you remember that outage few days ago? I realized that I depend on tpaste too much, I literally cannot work without it… 2017-05-03 21:28:36 :) 2017-05-03 21:28:47 the counter is going up :) 2017-05-03 21:28:54 it’s extremely convenience 2017-05-03 21:29:02 and fast :D 2017-05-03 21:29:15 that reminds me 2017-05-03 21:29:25 i saw some strange piece of code in lua turbo 2017-05-03 21:29:32 maybe just a typo 2017-05-03 21:30:48 interesting, it says no link. 2017-05-03 21:32:34 I even shut down my previous paste service already, b/c it needed whole script for pasting and after moving from Gentoo to Alpine I started to be like “wtf, why i should install so much bloat just to paste?” and even copying shell scripts to all servers is still bad in comparison with copying one short curl command 2017-05-03 21:33:25 now I have alias tpaste in my default .profile 2017-05-03 21:34:06 apk add tpaste is not ok? 2017-05-03 21:34:43 heh, I didn’t know about it XD 2017-05-03 21:34:48 jirutka, what reason puts https://github.com/alpinelinux/aports/pull/1250 on 'hold'? :) 2017-05-03 21:35:13 xentec: we haven’t settled on how to treat rust packages yet 2017-05-03 21:35:35 too bad 2017-05-03 21:35:46 xentec: and we don’t want to let any third-party package manager download dependencies from Internet 2017-05-03 21:37:09 I have already some proof-of-concept solution, but we haven’t discussed it yet; https://gist.github.com/jirutka/59be5141dd442abcbc183431e0cef8eb 2017-05-03 21:37:42 damn 2017-05-03 21:39:24 I guess it's even more complicated with go 2017-05-03 21:39:59 jirutka is a big fan of go :) 2017-05-03 21:41:16 go is total mess, but they converged to “vendoring” dependencies, i.e. the most stupid thing, literally copying sources of all dependencies into the project’s repository; however, despite the fact that it’s plain stupid, it’s very simple for us for packaging 2017-05-03 21:42:09 that is what makes cargo so slow... 2017-05-03 21:42:19 what? 2017-05-03 21:42:23 pulling in deps 2017-05-03 21:42:38 heh.. and I thought it's a syncthing.. thing 2017-05-03 21:42:52 speaking of which.. what about this PR? https://github.com/alpinelinux/aports/pull/1286 :D 2017-05-03 21:43:25 to be honest, cargo already do the right thing (not by default, but with options) – Cargo.lock contains exact versions of all dependencies, including checksums, and they are validated when fetched, so basically the same verification we do in abuilds 2017-05-03 21:43:48 but its slow... 2017-05-03 21:43:54 and rust is also slow 2017-05-03 21:44:02 so its really slow 2017-05-03 21:44:06 that’s bullshit 2017-05-03 21:44:07 did i mention its slow? 2017-05-03 21:44:10 you mean rustc? 2017-05-03 21:44:16 yes 2017-05-03 21:44:18 Rust is not slow 2017-05-03 21:44:32 wait, so what exactly do you mean that is slow? 2017-05-03 21:44:36 rust is as slow as c++14 :D 2017-05-03 21:44:36 rustc like compiler? 2017-05-03 21:44:44 yes 2017-05-03 21:44:51 building a rust pkg is slow 2017-05-03 21:44:51 b/c programs written in Rust are definitely not slow 2017-05-03 21:44:59 yes, it is, but not because of fetching deps 2017-05-03 21:45:04 but compiling deps 2017-05-03 21:45:12 also fetching 2017-05-03 21:45:26 rustc is slow because it has shitton of checking 2017-05-03 21:45:26 i added librespot recently 2017-05-03 21:45:29 and compiling is slow b/c it do many checks and optimizations, the thing C++ never heard of… 2017-05-03 21:45:40 and it felt slow 2017-05-03 21:45:45 to build that is. 2017-05-03 21:45:48 not running. 2017-05-03 21:46:01 if you think that cargo is slow in fetching, then try https://gist.github.com/jirutka/59be5141dd442abcbc183431e0cef8eb … it uses curl to fetch deps and it’s like 100 times slower 2017-05-03 21:46:39 it’s so extremely slow that I’m seriously considering how to use curl more efficiently in abuild or what else to use 2017-05-03 21:47:16 also I think that you have confused fetching deps and fetching index 2017-05-03 21:47:23 jirutka, could you please reply about my syncthing pr? https://github.com/alpinelinux/aports/pull/1286 I'd like it to be in aports but you won't tell me what's missing 2017-05-03 21:47:57 cargo must fetch index first, it’s cloning quite big git repo, so it’s indeed slow, then it fetches deps 2017-05-03 21:48:54 everything is what fabled considering for APKINDEX sounds like nano-optimizations in comparison of cargo index… it was imo very stupid idea to do it in that way 2017-05-03 21:49:57 but normally you don’t need to fetch whole index on every build… 2017-05-03 21:51:11 xentec: A-improve doesn’t mean that you should improve something, but that this PR improves apkbuild ;) 2017-05-03 21:51:41 that I've figured out 2017-05-03 21:52:18 okay, then it’s not that I don’t wanna tell you what’s missing, I just haven’t reviewed it yet and no one else ;) 2017-05-03 21:53:09 currently I’m adding labels manually, but in mass to all new PRs, before I write a bot to do that instead of me :P 2017-05-03 21:53:45 so when I’ve added the label doesn’t mean that I’ve ever read that PR 2017-05-03 21:54:27 i’ll be hopefully more clear when algitbot start adding label right after PR is created, not me after some time 2017-05-03 22:01:08 clandmeter: actually, maybe I was not clear enough :) curl is so horribly slow in comparison of cargo that it’s one of major reasons why I haven’t pushed that solution further and still thinking if it’s really reasonable to do that, instead of just letting cargo download deps with --frozen (i.e. it requires Cargo.lock and verifies checksums) :) 2017-05-03 22:01:53 however, one of advantages of this solution is that it unpacks sources of all dependencies in $srcdir, so we are able to patch them if needed 2017-05-03 22:04:41 i just downloaded alpine extended in 1s 2017-05-03 22:04:57 seems alpine releases are not big enough to properly test network speed 2017-05-03 22:05:00 I’m also considering naming the deps in APKBUILD (or more specifically, using script to gather them from Cargo.lock and write into APKBUILD) like Gentoo do, but I don’t like about it that we would end-up with very long generated list of names in APKBUILD that will just duplicate information from project’s Cargo.lock 2017-05-03 22:05:03 :) 2017-05-03 22:05:16 heh 2017-05-03 22:07:23 the thing I don’t like probably the most about my proposal is that it requires copying project’s Cargo.lock file into aports repo, to be able to fetch all deps in fetch phase and unpack the project’s tarball in unpack phase, not in fetch phase 2017-05-03 22:10:07 jirutka │ : "Switched Linux getrandom() usage to non-blocking mode" – we can finally close one quite old bug report :) 2017-05-03 22:10:09 no, because it's broken 2017-05-03 22:10:16 and should be reverted 2017-05-03 22:10:20 Shiz: aha 2017-05-03 22:10:27 Shiz: broken in what way? 2017-05-03 22:11:17 because it will lead to providing unsafe entropy 2017-05-03 22:11:24 when the random pool isn't initialized yet 2017-05-03 22:13:17 hm, so another bad commit from OpenBSD devs…? o.O 2017-05-03 22:13:40 well 2017-05-03 22:13:52 we've been wtfing at libressl's getentropy() for a while now 2017-05-03 22:14:26 in what channel? :) 2017-05-03 22:14:27 but basically, if getrandom() fails (which it will with this commit at boot), AND /dev/urandom fails, it will just gather a bunch of 'seemingly-random' data and tell you it's entropy 2017-05-03 22:14:35 #musl, but that was like 2 years go 2017-05-03 22:14:37 :P 2017-05-03 22:14:45 see: https://github.com/openbsd/src/blob/edb2eeb7da8494998d0073f8aaeb8478cee5e00b/lib/libcrypto/arc4random/getentropy_linux.c#L339 2017-05-03 22:14:51 it's just a bunch of nonsense 2017-05-03 22:16:15 well, i don’t speak C, so most of C code, especially in OpenSSL/LibreSSL, looks like bunch of nonsense for me :) 2017-05-03 22:19:25 hopefully you can at least see why getpid(), gettimeofday(), dl_iterate_phdr() and clock_gettime() aren't proper random entropy 2017-05-03 22:19:27 :P 2017-05-03 22:21:55 imo it may be good enough entropy when “true random” entropy is not stricly required 2017-05-03 22:37:34 no 2017-05-03 22:37:36 it is not 2017-05-03 22:38:01 the correct solution is to wait, not to provide fake entropy that WILL be used in cryptographic operations 2017-05-03 23:08:33 andypost: hi, long time no see you! 2017-05-03 23:08:42 andypost: I need your help :) 2017-05-03 23:12:38 jirutka, hi there! 2017-05-03 23:13:02 jirutka, I seen you commited php7 2017-05-03 23:13:32 jirutka, but some clean-ups still could be ported 2017-05-03 23:14:18 andypost: I’m gonna commit some now 2017-05-03 23:14:51 andypost: do you know answer for the question in https://github.com/alpinelinux/aports/pull/1339#discussion_r114595859 ? 2017-05-03 23:15:23 Shiz: Any thoughts on a good means of initilizing the entropy pool when we don't have a HWRNG or user activity? (Embedded/VM) 2017-05-03 23:16:06 jirutka, ah, pecl for pear! 2017-05-03 23:16:07 IMHO, if getrandom fails, crypto startup should be delayed until it succeeds. 2017-05-03 23:16:16 Shiz: ^ that’s pretty good question! is not very good entropy better than no entropy and so no encryption…? ;) 2017-05-03 23:16:16 there's no such thing as a good means in that scenario 2017-05-03 23:16:43 jirutka, basically build tools are required mostly always to compile src 2017-05-03 23:17:05 andypost: the question is if pear somehow needs pecl 2017-05-03 23:17:10 jirutka, pecl & pear are just 2 package delivery tools 2017-05-03 23:17:10 although, if you can get any "good" entropy then you can pull /etc/init.d/urandom on it (save seed for next session) 2017-05-03 23:17:15 andypost: or we can move pecl to a separate subpackage 2017-05-03 23:17:42 TBB: I’ve tried that and IIRC it didn’t help at all 2017-05-03 23:17:58 jirutka, better separate because pecl is more recent but pear mostly tooo outdated code 2017-05-03 23:18:17 TBB: I can think of several, but it requires reordering part of boot to get some at least reasonably unique if not random data to seed a PRNG. 2017-05-03 23:18:19 TBB: andypost so pecl is a replacement for pear? 2017-05-03 23:18:32 jirutka, not 2017-05-03 23:19:40 jirutka, they are kinda orthogonal http://pear.php.net/ http://pear.php.net/ 2017-05-03 23:19:49 jirutka, they are kinda orthogonal http://pear.php.net/ http://pecl.php.net/ 2017-05-03 23:20:08 jirutka: could be it doesn't work, but that's basically how many distros try to circumvent the "not enough entropy" problem. naturally tho, if root is encrypted then it won't help early init 2017-05-03 23:20:42 At the very least, using time to key a pair of PRNGs and using those to read random byte ranges from the kernel, xor them, and checksum the resut, then feed that to /dev/urandom. 2017-05-03 23:22:25 Something so your initial entropy seed is not easily guessed, but still should be refilled with cryptographically secure entropy ASAP 2017-05-03 23:23:03 andypost: hm, pear also mentions “extensions”, so both pear and perl extensions are compiled and so needs gcc, autoconf, …? 2017-05-03 23:23:08 jirutka, I actually can't remember when I used pear last time( it's not require build tools but pecl require 2017-05-03 23:23:51 jirutka, no! pear mostly php "none-compilable" (includable) code 2017-05-03 23:24:32 andypost: and pecl is for compiled extensions…? or both…? 2017-05-03 23:24:55 jirutka, pecl is exactly compilable 2017-05-03 23:26:02 andypost: okay, so -pear should depend only on php7-common and pecl on php7 gcc autoconf pcre-dev, right? 2017-05-03 23:26:19 jirutka, and pecl is most used 2017-05-03 23:31:12 andypost: I’m gonna fix https://github.com/alpinelinux/aports/pull/1339#discussion_r114501722, https://github.com/alpinelinux/aports/pull/1339#discussion_r114503980, https://github.com/alpinelinux/aports/pull/1339#discussion_r114505813 and most likely https://github.com/alpinelinux/aports/pull/1339#discussion_r114522462 … anything else you think that should be ported? 2017-05-03 23:32:18 andypost: and also any idea about: I totally don’t understand why php refuses to even build them together… There’s actually no problem with building them together, so I thought that they cannot be loaded together (and it even failed when I tried, but just b/c of order as you’ve said). 2017-05-03 23:32:38 andypost: with them I mean recode and imap 2017-05-03 23:33:07 jirutka, that's total wtf, I can't find reason as well 2017-05-03 23:34:20 jirutka, that's probably could be caused by that some extensions works fragile when bundled, but php suggests to bundle default set of extensions 2017-05-03 23:34:43 aha 2017-05-03 23:35:53 jirutka, http://php.net/manual/en/extensions.membership.php#extensions.membership.bundled 2017-05-03 23:37:29 jirutka, check here huge warning http://php.net/manual/en/recode.installation.php 2017-05-03 23:37:31 andypost: also I’m thinking about adding some meta subpackage that would pull all extensions, for use cases when you have no idea what extensions some php crap needs and just want it to quickly try it without guessing or manually naming all subpackages; any idea how to name it? 2017-05-03 23:37:53 jirutka, in most distros it's php-common 2017-05-03 23:38:16 or maybe metasubpackage for all extensions listed as “bundled” on the site you’ve referenced 2017-05-03 23:38:52 I think that information on that site is incorrect, Tokenizer can be built as shared, I’ve done it… 2017-05-03 23:39:28 and phar as well… 2017-05-03 23:39:43 and sessions 2017-05-03 23:39:57 aha, “with compilation options” 2017-05-03 23:40:12 err, “cannot be left out of a PHP binary with compilation options” 2017-05-03 23:41:20 hm, so maybe php7-core-exts for the ones on the “Core Extensions” list? 2017-05-03 23:41:53 but php7-bundled-exts looks somehow wrong, b/c we don’t bundle them :) 2017-05-03 23:41:59 jirutka, I'm checking other distros 2017-05-03 23:43:05 ad php-common, we already use it for configs… vakartel proposed to rename it to php-config, but I’d rather avoid renaming it, it may case a lot of confusion for users :/ 2017-05-03 23:44:11 jirutka, yes, good point about rename 2017-05-03 23:44:18 I’ve checked Fedora when I was rewriting it and they use different approach, they don’t separate every extension 2017-05-03 23:46:19 jirutka, I also find useless to separate bundled extensions cos average users expects this extensions enabled after "installing php7" 2017-05-03 23:47:28 andypost: I don’t consider it useless, just it’d be nice to provide a metapackage to easily pull all extensions that are usually “bundled” 2017-05-03 23:47:57 jirutka, btw I faced many times with issues when php-apps supposes bcmath & gd extensions preinstalled 2017-05-03 23:48:02 just need to figure out proper name for it :) 2017-05-03 23:48:34 especially gd extension should be optional, b/c it has many dependencies 2017-05-03 23:48:45 jirutka, on other hand php7-gd require a lot of deps 2017-05-03 23:49:42 jirutka, but I expects just a few web-ui scripts that can process media without gd) 2017-05-04 00:03:14 does the linux-headers pkg provide the kernel headers for the linux-hardened kernel 2017-05-04 00:40:50 andypost: are you still here? 2017-05-04 00:41:37 jirutka, yep, digging why php7-soap does not work 2017-05-04 00:42:22 arch3y_, linux-*-dev pkgs do 2017-05-04 00:44:09 xentec: thats what I thought thanks 2017-05-04 00:44:36 andypost: I’d like to ask you, could you please create php7-* pkgs for extensions we used to provide php5-* package for in v3.5 main or community? there are few missing and I’m afraid that users may complain that they disappeared in v3.6 2017-05-04 00:46:06 jirutka, do you mean base packages or the list from https://goo.gl/w2qgEz 2017-05-04 00:46:48 andypost: from the list, only pkgs in main or community and ofc the ones that support php7 and are not already dead 2017-05-04 00:48:52 andypost: I’ve moved all php7-* from testing that were in main or community as php5-* plus php7-redis and some other i don’t remember now 2017-05-04 00:49:14 andypost: but I didn’t find php7-* pkg for some 2017-05-04 00:53:43 andypost: hm, actually, they are probably in vakartel’s PR https://github.com/alpinelinux/aports/pull/1061, but in not very good shape and also I doubt that he actually tested them, b/c he added check function, but apparently don’t bother that for most packages no test is actually run b/c of missing extensions and for the rest some tests fail, but the failures are just ignored 2017-05-04 00:57:26 jirutka, as I see only php7-apcu & php-xdebug are affected by php7 version change, the rest are php5 2017-05-04 00:57:47 jirutka, and both works, just installed and tested 2017-05-04 00:57:51 andypost: like php5-only? 2017-05-04 00:58:20 jirutka, yes, the rest are php5 only 2017-05-04 00:59:06 jirutka, php7-redis broken 2017-05-04 01:01:27 jirutka, https://gist.github.com/andypost/6b34d8db1f94197d6c04ae41b707ab77 2017-05-04 01:03:59 jirutka, do you have any idea how to make check() for php? installing each extension and use php --re apcu for example 2017-05-04 01:04:57 andypost: this is normal for php extensions, they depend on symbols from php executable, so ldd always reports many not found symbols 2017-05-04 01:06:12 andypost: or do you see some extensions needed to be added to deps…? I don’t remember what symbols are exported by php executable 2017-05-04 01:08:59 andypost: about check(), I was trying to find some way how to tell that stupid php test script to load specific extensions in addition, but found nothing; probably the only usable env. variable is some that referes php.ini file that should be loaded, we can probably generated file just with load_module (or how is that called), but I haven’t tried it yet 2017-05-04 01:09:56 andypost: the hack I used in php7 pkg to affect load order for tests cannot be used for extensions as-is 2017-05-04 01:17:49 jirutka, I was wrong about php-soap - it works but php-xdebug needs rebuild https://gist.github.com/andypost/6b34d8db1f94197d6c04ae41b707ab77 2017-05-04 01:20:53 andypost: yeah, someone reported it on bugs.a.o, that xdebug is broken, but I don’t know why 2017-05-04 01:21:06 andypost: so it really needs to be rebuilt? 2017-05-04 01:22:43 jirutka, yep, but I guess better to to increase "pkgrel" to 1 2017-05-04 01:23:15 not better, but necessary, to rebuild it :) 2017-05-04 01:25:33 andypost: okay, I’ve pushed rebuild 2017-05-04 01:26:14 andypost: and few changes for php7 pkg https://github.com/alpinelinux/aports/pull/1345 … I’ll add pear/pecl split later 2017-05-04 01:26:21 andypost: into this PR 2017-05-04 01:26:26 andypost: that’s why WIP 2017-05-04 01:27:53 jirutka, https://github.com/alpinelinux/aports/pull/1346 2017-05-04 01:28:51 andypost: php 7.0 is gone… 2017-05-04 01:29:29 andypost: there’s only community/php7 in version 7.1.4 2017-05-04 01:29:35 andypost: and I’ve already pushed https://github.com/alpinelinux/aports/commit/26d96b3a7913462c8c094dd36f662892f540d5cb 2017-05-04 01:30:17 andypost: I need to go sleep now, too tired; see ya! o/ 2017-05-04 01:31:09 jirutka, ah are fast) 2017-05-04 04:58:42 jirutka, in things like apk the nano-optimizations mean a lot since bulk of the work is repeating the nano-jobs :) ... but it's true some of it could be improved. 2017-05-04 05:25:12 fabled: Which specific optimizations are you referring to there? 2017-05-04 06:00:29 likely things like using apk_istream_splice() 2017-05-04 06:01:20 honestly, apk is pretty decently clean if you sit down and start digging into it 2017-05-04 06:05:25 I'm sure, but the lack of design documentation , obtuse variable names, and minimal comments makes it very hard to follow even for an experienced C coder. 2017-05-04 06:06:28 I don't have anything like a clear mental picture of the basic code paths, let alone obscure details. 2017-05-04 06:09:10 kaniini: It also seems incredibly difficult to reuse various code sections in manners different than their original design (Such as pkgname vs. pkg atom vs. filename parsing) 2017-05-04 06:09:55 as previously stated, atoms are obsolete and not actually used anymore :P 2017-05-04 06:10:19 Right now I'm working on stubbing together a bottom-up deptree builder in awk which may be of interest for apk at some point in C. 2017-05-04 06:10:53 Okay - can you clarify the term 'atom' vs '$pkgname-$pkgver' 2017-05-04 06:11:41 that's one and the same, it's for display only 2017-05-04 06:11:48 apk itself cares about dependencies 2017-05-04 06:12:12 $pkgname-$pkgver is not a dependency, $pkgname=$pkgver is a dependency 2017-05-04 06:12:40 in reality, we should output $pkgname=$pkgver as the way of describing package 'atoms' 2017-05-04 06:13:10 $pkgname=$pkgver is a dependency on the specific atom (meaning atomically defined unit) $pkgname-$pkgver 2017-05-04 06:13:26 the downside to that would be that somebody copy and paste it from apk search and then gets very confused when they dist-upgrade 2017-05-04 06:14:16 you can also do 2017-05-04 06:14:21 $pkgname>$pkgver is a dependency on the SET of atoms ($pkgname-$pkgver, $pkgname-$latestpkgver] 2017-05-04 06:14:49 $pkgname><$base64_short_checksum 2017-05-04 06:14:58 to designate a package with a specific checksum 2017-05-04 06:15:05 i guess that probably would have been useful to mention earlier 2017-05-04 06:15:08 ACTION whistles 2017-05-04 06:15:09 Set theory says you need atoms for proper dep resolution. 2017-05-04 06:15:32 nope, those are providers 2017-05-04 06:15:36 Technically, the atoms should include arch IMHO. 2017-05-04 06:16:00 The provider has to resolve to an apk at some point, right? 2017-05-04 06:16:18 anyway i've tried to explain this a dozen times now, so i see no point in explaining it a 13th time 2017-05-04 06:16:25 At that point in time, you have to choose a particular atom, since you can't have part of one version and part of another (hence tha atomic part) 2017-05-04 06:16:27 not necessarily 2017-05-04 06:17:26 What I'm looking for is what maps a successful dep resolution to the apk you need to fetch to actually install it? 2017-05-04 06:17:42 if i told you, i'd have to kill you 2017-05-04 06:17:53 *lol* Yeah, that's what I was afraid of. 2017-05-04 06:18:25 That mapping is where things go to hell logically between deps and 'atoms' 2017-05-04 06:18:46 again: atoms don't exist. they are like an appendix. 2017-05-04 06:19:03 don't even think about them when trying to understand how apk works, it's a waste of time 2017-05-04 06:19:22 Well, they exist for the purpose of naming an apk, which is where I'm having real problems with the way apk works. 2017-05-04 06:19:47 oh 2017-05-04 06:19:54 apk itself 2017-05-04 06:19:59 does not care what the apks are named, actually 2017-05-04 06:20:10 the APKINDEX tells it that 2017-05-04 06:20:11 :) 2017-05-04 06:20:33 it just /happens/ that abuild produces apks like foo-1.0-r2.apk 2017-05-04 06:20:38 Okay, so how the hell am I supposed to know the FILENAME of the apk I end up fetching BEFORE I fetch it? 2017-05-04 06:20:46 and that for historical reasons, apk-tools renders the formats that way 2017-05-04 06:20:48 like i said 2017-05-04 06:20:52 it's in the APKINDEX 2017-05-04 06:21:02 Which I can't actually query. 2017-05-04 06:21:09 sure you can 2017-05-04 06:21:19 hint: it's a text file 2017-05-04 06:21:42 That's nice, but I don't know what the dep-solver is going to end up with until I run it. 2017-05-04 06:21:57 And I have no reverse-index. 2017-05-04 06:23:24 So I do 'apk fetch linux-hardened zfs-hardened zfs' -- what files do I actually get? How about with a recursive fetch? Virtuals? That's where it goes to hell real fast for scripting anything. 2017-05-04 06:24:07 so for example, 2017-05-04 06:24:08 you have 2017-05-04 06:24:16 P:p11-kit 2017-05-04 06:24:17 C:Q1xRdw3TK+N+0zc5r9/3U3hwvvI64= 2017-05-04 06:24:20 Currently, to handle a recursive fetch, I get to create a new directory and fetch -r -o to there, then read the list of files I actually got 2017-05-04 06:24:22 V:0.23.2-r1 2017-05-04 06:24:44 and you can do 2017-05-04 06:25:09 raccoon:~# apk add 'p11-kit> apk does not even care about the -rXYZ part 2017-05-04 06:26:14 Yeah, apk add works great -- its FETCH that screws me. 2017-05-04 06:27:06 Add acts atomically, but since I can't generate actual atoms and fetch those, fetch does not. 2017-05-04 06:28:11 I also apparently can't just hand it an apk file either :) 2017-05-04 06:29:03 So if fetch could fetch by actual filename, that would solve it. 2017-05-04 06:29:23 But otherwise, it's a guessing game. 2017-05-04 06:30:16 So the checksums is now the actual atom for set-theoretic purposes? 2017-05-04 06:31:45 Or UUID if you will? 2017-05-04 06:33:05 well 2017-05-04 06:33:10 its a checksum 2017-05-04 06:33:11 lol 2017-05-04 06:34:15 Yes, I mean for purposes of meeting the set-theoretic requirements of uniqueness, onto, and one-to-one. 2017-05-04 06:34:35 it is most likely unique, sure 2017-05-04 06:34:37 It doesn't work well in terms of being well-ordered however. 2017-05-04 06:35:46 In that respect, the former atoms are superior. 2017-05-04 06:36:24 well, they still exist technically. it's just that the depsolver doesn't look at it like that 2017-05-04 06:36:40 Ideally, a single string could both uniquely identify AND properly order the elements of the set. 2017-05-04 06:37:48 So any new version of a package sorts logically. 2017-05-04 06:39:08 Even better would be allowing identification down to the individual file level using the same scheme. 2017-05-04 06:41:41 sounds good, look forward to the patch 2017-05-04 06:41:44 ACTION runs away 2017-05-04 06:41:45 (tar -xzf $apkfile $@) 2017-05-04 06:41:57 I have it in awk :) 2017-05-04 06:43:41 The next logical step is to make it a set of proper merkle dags, one for semantic name, one for content, and possibly one for meta-data. 2017-05-04 06:44:18 Right now I'm just carrying the checksums for each dep, not yet checksumming levels in the dep tree. 2017-05-04 06:46:39 If we cascade the checksum for each dep down its entire dep tree, we can significantly cleanup the dep resolution and caching. 2017-05-04 06:47:34 ACTION is not here 2017-05-04 06:47:38 This allows cool things like delta updates. 2017-05-04 06:48:05 And REAL CI support. 2017-05-04 06:50:26 I believe it would also allow almost complete autodetection of deps for abuild. 2017-05-04 06:51:30 ACTION really is not here. 2017-05-04 06:51:51 That's okay, I'm not all here either :P 2017-05-04 06:51:54 ACTION backs out of the channel slowly. 2017-05-04 06:52:41 ACTION decides to do it (whatever it is) with ubuntu instead 2017-05-04 06:52:53 *LOL* 2017-05-04 06:55:22 Yeah, I've obviously spent too much time designing data structures for my own good :P 2017-05-04 07:09:01 kaniini: An example deptree is at http://termbin.com/hgp5 2017-05-04 07:10:39 The Manifest is at http://termbin.com/pe7v 2017-05-04 07:11:45 And the index is at http://termbin.com/us7n 2017-05-04 07:13:16 Sequence is generate manifest/index for each package, concat them, then generate direct deps list for each item in the manifest, resolve them against the index, and generate a dep-tree. 2017-05-04 07:15:41 Clear as mud? 2017-05-04 07:17:51 Generating the merkle dag of the dep tree is a matter of starting at the root and hashing your way up the tree. 2017-05-04 07:19:16 Run the same against both names and hashes and you have semantic deps as well as explicit content deps. 2017-05-04 07:28:43 looks like my php containers are still broken. how can i fix the php packages? 2017-05-04 07:28:59 getting warnings like PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php7/modules/mysqli.so' - Error relocating /usr/lib/php7/modules/mysqli.so: mysqlnd_poll: symbol not found in Unknown on line 0 2017-05-04 08:03:30 ok found my resolution 2017-05-04 09:22:58 mosez, nice 2017-05-04 09:23:14 if you can jirutka know what fixed it. he has been working on php. 2017-05-04 09:34:20 clandmeter: reinstalled the php packages and fixed my configs :D 2017-05-04 11:17:31 clandmeter: mosez: this must be some user-side problem, I’m sure that config loading mysqli has higher prefix than my mysqlnd, b/c i needed to add a workaround for it to abuild and it failed even in tests running in check phase when the order was incorrect 2017-05-04 11:18:40 fabled: I was kidding about nano-optimizations, the point was that cargo index is so brutally inefficient in comparison with apkindex :) 2017-05-04 11:36:23 btw it seems that there’s some upstream bug in php 7.1.4 with zip module and maybe some other, http://bugs.alpinelinux.org/issues/7261 2017-05-04 13:39:45 jirutka │ Shiz: ^ that’s pretty good question! is not very good entropy better than no entropy and so no encryption…? ;) 2017-05-04 13:39:47 no 2017-05-04 13:39:49 TemptorSent │ Shiz: Any thoughts on a good means of initilizing the entropy pool when we don't have a HWRNG or user activity? (Embedded/VM) 2017-05-04 13:40:04 saving entropy to disk on reboot or using an entropy gathering daemon 2017-05-04 13:44:16 ^ 2017-05-04 13:44:50 for VMs, there's a way to link the guest's entropy generation to the host's hwrng, if any 2017-05-04 13:54:19 jirutka: ^ that’s true, there’s virtio-rng or something like that, that’s what I did to solve this problem 2017-05-04 13:54:59 skarnet: but still, you can’t do that on embedded devices if it don’t have HW random generator 2017-05-04 13:57:16 Indeed, but in that case having a bad starting entropy pool is a security issue that's inherent to the device 2017-05-04 13:57:51 lacking a reliable way to get entropy is just as bad, if not worse, as lacking a hw timer 2017-05-04 13:58:18 let me put it like this 2017-05-04 13:58:29 if you start providing entropy that is reproducable by an attacker, your crypto is hosed 2017-05-04 13:58:44 it's better to have no crypto at all than crypto that you believe is secure but is not 2017-05-04 13:58:55 ^ 2017-05-04 14:06:03 Shiz: but is that entropy computed by LibreSSL in the code you’ve referenced really reproducible by an attacker…? 2017-05-04 14:06:13 yes 2017-05-04 14:06:34 in real-world, not in lab…? 2017-05-04 14:08:15 maybe the mmap() part and the getauxval(AT_RANDOM) parts aren't 2017-05-04 14:08:20 the rest, yes 2017-05-04 14:09:31 depends on the level of access the attacker has of course 2017-05-04 14:42:05 Shiz: I have been looking at http://chronox.de/jent.html 2017-05-04 14:42:43 I've run the test suite on the little Chromebox that gives me trouble with libressl (discussed here the other day). 2017-05-04 14:45:02 Next step is to get this thing to run, early during boot. I'll have to figure out how alpine's init works, haven't had time to tackle that yet ;-) 2017-05-04 14:46:26 skarnet: incidentally, you had mentioned that the libressl "fix" was no good... the author of the chronox.de agress with you ;-) 2017-05-04 15:02:04 rfs613_: The jitterentropy provider should work, but still may take a minute or so to initilize a sufficient entropy pool. 2017-05-04 15:06:22 is it possible to use OpenSMTPd with OpenDKIM or the only way is to use perl dkimproxy? 2017-05-04 15:06:49 https://bbs.archlinux.org/viewtopic.php?id=213731 2017-05-04 15:07:19 TL;DR dkimproxy 2017-05-04 15:07:22 I’ve read that… 2017-05-04 15:07:36 but it doesn’t answer my question 2017-05-04 15:07:45 why OpenDKIM cannot be used with OpenSMTPd? 2017-05-04 15:09:02 Hmm 2017-05-04 15:09:30 https://github.com/oldsj/nsov/blob/master/smtpd.conf.j2 2017-05-04 15:09:37 TemptorSent: hmm, i was hoping it would be quick, but, haven't tested yet... 2017-05-04 15:09:44 Seems like this guy runs it with opendkim 2017-05-04 15:10:30 The only difference from the b.a.o is the port 2017-05-04 15:10:42 10028 instead of 10027 2017-05-04 15:11:42 rfs613_: The docs state it can fill 256 bits of entropy by the time it hits initfs, which isn't shabby actually. Still, it would be wise to force reseeding before doing anything with significant security implications. 2017-05-04 15:12:35 TemptorSent: I'll be content if SSH actually starts up on my little Chromebox, without me having to go plug in a keyboard and start typing. 2017-05-04 15:12:56 rfs613_ It should do that. 2017-05-04 15:13:18 consus: he has both OpenDKIM and dkimproxy in that repo 2017-05-04 15:13:32 TemptorSent: yep. I hope to try it soon. 2017-05-04 15:13:37 consus: since it’s modified sovereign, I think that OpenDKIM is just a leftover 2017-05-04 15:13:44 TemptorSent: 256 bits of entropy should be plenty 2017-05-04 15:13:50 jirutka: Hmm 2017-05-04 15:13:52 to support the entire system lifetime 2017-05-04 15:13:56 rfs613_ : It appears the reseeding can be forced by simply writing to /dev/random 2017-05-04 15:14:03 jirutka: Try #opensmtpd channel 2017-05-04 15:14:51 48 days later, they're still discussing "how to initialize entropy on a Linux box without a hwrng" 2017-05-04 15:15:23 step 1: check in the OpenRC scripts whether there's a "save entropy" thing at shutdown time and a "restore entropy" thing at boot time 2017-05-04 15:15:33 step 2: if there aren't such things, add them 2017-05-04 15:15:36 step 3: ??? 2017-05-04 15:15:39 step 4: profit 2017-05-04 15:15:40 I'd prefer to have 512 bits of entropy (2xDRNGs with independent pools), but that's asking a bit much. 2017-05-04 15:16:04 skarnet: "How to generate entropy without HWRNG" - the greatest discussion in the history of #alpine-devel, locked by an op after 94,592 lines of heated debate 2017-05-04 15:16:07 skarnet: there is such script in OpenRC, but when I tried it some time ago, it didn’t helped at all 2017-05-04 15:16:13 skarnet: Doesn't save us in early boot for one, and the saved entropy itself is a potential vector if it's stored insecurely. 2017-05-04 15:16:54 jirutka: it should help a little, if not 100% 2017-05-04 15:17:35 TemptorSent: store it on a shared OneDrive account obviously 2017-05-04 15:17:56 *LOL* 2017-05-04 15:18:04 do what rust does with their ccache impl 2017-05-04 15:18:10 store it in an s3 bucket 2017-05-04 15:18:11 But for embedded, it's a real issue to consider. 2017-05-04 15:18:43 embedded without a hwrng, without flash and without nvram is hopeless 2017-05-04 15:18:59 Welcome to my world :) 2017-05-04 15:19:08 I've always known you were hopeless 2017-05-04 15:19:10 the solution is still not faking entropy 2017-05-04 15:19:14 lol 2017-05-04 15:19:18 be nice 2017-05-04 15:19:27 sorry, lack of a smiley 2017-05-04 15:19:37 :P 2017-05-04 15:20:01 Agreed, the solution is finding what entropy we can as early as we can, which the cpujitter and interrupt timing can do. 2017-05-04 15:20:18 im surprised cpu jitter timing is not part of mainline... 2017-05-04 15:20:30 not sure how userspace egds work, but I'm surprised they disappeared 2017-05-04 15:20:33 Basically, anything that tftp boots and doesn't have a HWRNG needs help. 2017-05-04 15:21:04 skarnet: i'm not, really 2017-05-04 15:21:16 i haven't seen any platform that wasn't able to initialise its hwrng pool within 1 min 2017-05-04 15:21:20 in quite a while 2017-05-04 15:21:23 err 2017-05-04 15:21:25 rng pool* 2017-05-04 15:21:41 until getrandom() started exposing bugs 2017-05-04 15:22:00 what bugs 2017-05-04 15:22:06 the one in libressl? :P 2017-05-04 15:22:22 also fwiw 2017-05-04 15:22:26 lack of proper entropy initialization before starting crypto, yeah 2017-05-04 15:22:30 libressl getentropy() will likely still do the right thing 2017-05-04 15:22:36 as it falls back to reading from /dev/urandom 2017-05-04 15:22:44 which on early boot shouldn't be subject to fd exhaustion 2017-05-04 15:23:01 the problem has never been fd exhaustion, that's a dalias windmill 2017-05-04 15:23:19 the problem of /dev/urandom has always been early boot usage 2017-05-04 15:23:35 ah, i thought it also blocked on early boot like getrandom() 2017-05-04 15:23:37 my bad 2017-05-04 15:24:34 That's the bug, it doesn't respect the entropy level and won't block if it's insufficient currently I believe. 2017-05-04 15:24:51 exactly, and that's why getrandom() was added 2017-05-04 15:24:58 lack of failure cases is just a bonus 2017-05-04 15:25:08 right. 2017-05-04 15:25:32 If clients handled getrandom() properly in nonblocking mode, they would have to wait until they got a valid value returned, which I don't believe they do. 2017-05-04 15:25:49 that's called blocking mode :P 2017-05-04 15:26:02 nonblocking mode is the exact same as reading /dev/urandom 2017-05-04 15:26:33 Not necessarily, they could spin something or simply wait to start until after the pool is initilized 2017-05-04 15:26:48 nonblocking mode returns EAGAIN IIRC if entropy is insufficient. 2017-05-04 15:34:58 consus: I finally found some information https://crepererum.net/the-wonderful-world-of-e-mail/ 2017-05-04 15:35:27 consus: the problem is that OpenDKIM provides milter interface, but OpenSMTPD does not support milter interface 2017-05-04 15:36:10 consus: and giles is not interested in writing one 2017-05-04 15:36:10 =/ 2017-05-04 15:36:29 consus: he wrote that it can be implemented on top of OpenSMTPD’s simple filter interface, but apparently no one did it yet 2017-05-04 15:36:41 Fun 2017-05-04 15:37:23 How had is it to write one/ 2017-05-04 15:37:53 consus: you can try it, I’d be very glad for that :) 2017-05-04 15:39:29 jirutka: Well 2017-05-04 15:39:34 jirutka: As a subproject 2017-05-04 15:39:37 jirutka: Why the hell not 2017-05-04 15:49:51 jirutka: consus: the opensmtpd filter interfaces aren't stable yet 2017-05-04 15:49:53 which is the show-stopper 2017-05-04 15:50:20 build-3-6-ppc64le is done! 2017-05-04 15:50:27 yay! 2017-05-04 15:50:33 means we could have a rc1 soonish 2017-05-04 15:52:08 ^^ 2017-05-04 15:57:32 except that s390x is behind 2017-05-04 15:57:36 and aarch64 is missing 2017-05-04 16:04:02 <^7heo> Is printf(1) supposed to ignore --, by posix? 2017-05-04 16:10:09 ^7heo Considering it doesn't accept flags, probably not. 2017-05-04 16:10:48 <^7heo> Yet the busybox version does. 2017-05-04 16:10:54 printf FORMAT [ARGS...] 2017-05-04 16:10:58 <^7heo> yeah I can read. 2017-05-04 16:10:58 <^7heo> :D 2017-05-04 16:11:33 I'm seeing it working as expected with bb... "printf '%s\n' --" 2017-05-04 16:12:16 What behavior are you seeing? 2017-05-04 16:13:42 <^7heo> TemptorSent: try `printf -- foo` 2017-05-04 16:13:55 <^7heo> TemptorSent: then try `printf -h foo` 2017-05-04 16:14:48 Hmm, yeah - I see that behavior, but technically it's undefined behavior if the format string isn't valid I believe 2017-05-04 16:15:14 Ahh, it still does it when quoted, yeah - that's a bug :) 2017-05-04 16:16:59 File a bug report of 'printf(1) erronously parses flags in format argument position.' 2017-05-04 16:17:57 Work around: "printf '%s--' ''" 2017-05-04 16:22:49 TemptorSent: what does quoting have to do with it? 2017-05-04 16:24:16 Hopefully nothing -- but it should keep the shell from eating things if that's what was happening -- it isn't, so it's a bug in printf itself. 2017-05-04 16:28:47 ah 2017-05-04 16:28:53 if the shell would eat that stuff that'd be a serious bug 2017-05-04 16:28:56 on its own 2017-05-04 16:29:11 Agreed :) 2017-05-04 16:40:41 POSIX's getopt() ends parsing when "--" is encountered (i.e. it returns -1), similarly with POSIX's getopts utility, therefore I would expect all POSIX-conformant tools to work properly with -- used as end of options marker. actually it's even clearly stated in Guideline 10 of Utility Syntax Guideline 2017-05-04 16:40:49 http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html#tag_12_02 2017-05-04 16:41:01 > The first -- argument that is not an option-argument should be accepted as a delimiter indicating the end of options. Any following arguments should be treated as operands, even if they begin with the '-' character. 2017-05-04 17:05:50 przemoc: yes, but printf doesn't take options 2017-05-04 17:06:45 for every relevant utility in the spec, POSIX explicitly says "The awk utility shall conform to XBD Utility Syntax Guidelines ." 2017-05-04 17:06:48 for awk, for instance 2017-05-04 17:06:50 it does not for printf 2017-05-04 17:20:26 Shiz: even if it is not explicitly stated in printf's OPTIONS section, I expect it to implicitly adhere to this guideline. it makes POSIX utilities's syntax simply more consistent. they explicitly state when -- shall not be recognized, like in case of echo. 2017-05-04 17:20:30 http://pubs.opengroup.org/onlinepubs/9699919799/utilities/echo.html 2017-05-04 17:20:39 > The echo utility shall not recognize the "--" argument in the manner specified by Guideline 10 of XBD Utility Syntax Guidelines; "--" shall be recognized as a string operand. 2017-05-04 17:21:45 i think it's only explicitly mentioned there because implementations have a history of fucking up echo specifically 2017-05-04 17:22:01 (e.g. bash echo builtin still violating it) 2017-05-04 17:31:01 check OPTIONS of Utility Description Defaults 2017-05-04 17:31:06 http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xcu_chap01.html#tag_23_01_05_04 2017-05-04 17:31:15 > Although it has not always been possible, the standard developers tried to avoid repeating information to reduce the risk that duplicate explanations could each be modified differently. 2017-05-04 17:31:35 > The need to recognize -- is required because conforming applications need to shield their operands from any arbitrary options that the implementation may provide as an extension. For example, if the standard utility foo is listed as taking no options, and the application needed to give it a pathname with a leading , it could safely do it as: `foo -- -myfile` and avoid any problems 2017-05-04 17:31:41 with -m used as an extension. 2017-05-04 17:31:53 when the utility actually takes options. 2017-05-04 17:32:04 when it doesn't, nothing is mentioned. 2017-05-04 17:32:11 as Shiz says, echo is an exception. 2017-05-04 17:33:31 please read Eric Blake's mail (guy from Austin Group) regarding it instead of insisting on your own view of the standard being the right one: https://lists.gnu.org/archive/html/bug-bash/2007-11/msg00118.html 2017-05-04 17:35:36 przemoc: this is not the situation discussed above 2017-05-04 17:35:55 and i realize that now :P 2017-05-04 17:36:31 or rather 2017-05-04 17:36:57 i misinterpreted the situation discussed 2017-05-04 17:38:16 it seems you're right 2017-05-04 17:52:21 I was only responding to ^7heo> Is printf(1) supposed to ignore --, by posix? tl;dr is: yes as long as it used before operands 2017-05-04 17:54:42 s/as it/& is/ 2017-05-04 17:56:56 meh. After reading everything again, it appears you're right. 2017-05-04 17:57:25 Can't say I like it, but I understand the reasoning behind it. 2017-05-04 17:57:48 (the choice to always handle --, that is) 2017-05-04 17:59:28 well, it makes life easier and strives for consistent behavior, and I prefer consistency over stubborn minimalism. in this particular case POSIX has my approval. :) 2017-05-04 18:00:21 yes - for a given implementation it wouldn't make any sense, but for standard commands that may be extended, it does 2017-05-04 18:04:58 In the case of a command which doesn't process ANY flags, it should not swallow --. 2017-05-04 18:07:16 (And the IEEE 1003.1-2008, 2016 edition says nothing about parsing '--' nor conforming with Guideline 10 of XBD - nor does it say it DOESN'T, which is a bug in the standard :) ) 2017-05-04 18:10:29 So absent the reference to XBD Utility Syntax Guidelines, and taking into account that it explicitly intends to replace functionality of echo, it appear printf should NOT handle anything with a leading - in any special manner in any case whatsoever. 2017-05-04 18:10:41 I won't repeat myself, you can check the sources I provided or remain stubborn in thinking you know better. if standard repeated everything everywhere it would be twice as large. 2017-05-04 18:10:58 I'm looking at the POSIX standard itself. 2017-05-04 18:11:29 In all other utilities it references the XBD Utility Syntax Guidelines 2017-05-04 18:12:22 such as 'The awk utility shall conform to XBD Utility Syntax Guidelines' under the OPTIONS heading for awk, whereas printf has NO options. 2017-05-04 18:12:45 you will excuse me for not staying any longer. 2017-05-04 18:15:27 przemoc: If no options are to be parsed, it is a bug to parse strings as options. 2017-05-04 18:15:49 If printf did not EXPLICITLY state that it accepts no options, I would be in agreement. 2017-05-04 18:17:35 C. Rationale for Shell and Utilities > C.1.5 Utility Description Defaults > This section is arranged with headings in the same order as all the utility descriptions. It is a collection of related and unrelated information concerning: 1. The default actions of utilities 2. The meanings of notations used in POSIX.1-2008 that are specific to individual utility sections. Although this material may seem 2017-05-04 18:17:41 out of place here, it is important that this information appear before any of the utilities to be described later. <- you should read it BEFORE reading any description of particular utilities, and there you have OPTIONS section which I already quoted and explains why -- must be supported (otherwise it is explicitly stated in utility description, of course) 2017-05-04 18:21:04 przemoc: This interpretation breaks the ability to replace echo with printf as is explicitly intended by the standard. 2017-05-04 18:21:48 So the standard is ambiguous for printf 2017-05-04 18:24:14 Printf does not accept filenames, and uses all agruments verbatim, so there is no case where '--' could conceivably be required for proper operation, wheras using it as a format may be common (sql comments for instance start with '--') 2017-05-04 18:25:14 To have printf act as expected in all cases, it would require it always be called as "printf -- FORMAT [ARGS...] 2017-05-04 18:26:41 it doesn't matter what printf accepts. what part of "The need to recognize -- is required because conforming applications need to shield their operands from any arbitrary options that the implementation may provide as an extension." you fail to understand? 2017-05-04 18:27:39 Here's an example of breakage: a="-- Comment" ; b="--" ; printf $a ; printf $b 2017-05-04 18:28:22 printf may not accept options. 2017-05-04 18:28:44 That's why it was created - to replace echo, which sometimes accepts options. 2017-05-04 18:29:06 Read the rationale section for printf 2017-05-04 18:30:14 To disambiguate, the standard either needs to explicitly state that -- will be handled and how, or explicitly state that it shall not. 2017-05-04 18:32:21 Having behavior inconsistent with the definition of echo is counter to the stated rationale. 2017-05-04 18:35:56 Theoretically, you should never have a format string without a format specifier, and all strings should be handled through that. 2017-05-04 18:36:07 implementation of utility w/o options in POSIX may have options (it's called extension and such things exist in real world) and standard already explains in Rationale for Shell and Utilities that -- needs to be handled because of that. therefore yes, you should `printf -- ...` if you want to support displaying -- when -- is provided as FORMAT string. the problem w/ echo is that it does not support 2017-05-04 18:36:13 -- and different implementations provided their own options so behavior was incosistent, as some implementations treated options as stuff that should be printed 2017-05-04 18:36:14 so "printf '%s' '--'" 2017-05-04 18:37:20 Basically, it means that there is a single format specifier that is unsupported, namely '--' 2017-05-04 18:39:14 Which is unintuitive and leads to unexpected behavior. 2017-05-04 18:40:15 The standard should explicitly state that no options shall be supported and -- is not handled for the most consistent behavior. 2017-05-04 18:41:54 Or at least document the fact that it should be called as "printf -- FORMAT [ARGS...]" in order to support ALL possible format strings. 2017-05-04 18:45:19 no, if you want to use -- as FORMAT, you simply need to use additional -- before such operand. simply use `printf -- ...` if you want to avoid any problems, but please note that their example in echo's APPLICATION USAGE works as expected even for single -- 2017-05-04 18:48:28 I can agree that they could add a note regarding options in printf, but I don't think it's truly necessary, as it's repeating what is already stated in other place 2017-05-04 19:09:24 IMHO, ambiguity should always be clarified, as it is in and of itself an error in logic for deterministic outcomes. 2017-05-04 19:11:40 But this actually explains why some SQL template code with comments was causing problems (used as the format string containing format specs to be filled before processing) 2017-05-04 19:12:55 So 'printf --' should be used EVERY time a variable format spec is used. 2017-05-04 19:13:39 As the implication is that no leading '-' in a format spec is actually safe. 2017-05-04 19:14:54 So it needs a note stating that much at the very least. 2017-05-04 19:17:24 At minimum, currently there's at minimum a documentation bug in POSIX, and possibly a truly ambiguous definition. 2017-05-04 19:19:23 Either '--' is required before ANY format argument starting with a leading '-' for portable use, or '--' should not be parsed and such should be noted. 2017-05-04 19:19:46 Otherwise, we're back to the exact same problem as echo. 2017-05-04 19:23:05 (previous comment from the department of redundancy department :) ) 2017-05-04 19:24:44 Heading into town, be back in a few hours. 2017-05-04 19:32:39 Shiz: OpenSMTPD filter interface is very simple, so even if not stable, there should not be any barrier for implementing milter adapter 2017-05-04 19:33:49 Shiz: and it’s at least already in released version and documented, I’ve started using OpenSMTPD filters even before that, when gilles refused to provide any documentation to encourage ppl from using it… 2017-05-04 19:36:10 Shiz: I used to idle on opensmtpd IRC channel few years ago and from what I’ve seen, when gilles say that something is not ready yet and stable, it just means that he’s not 100% sure yet that there are not any memory leaks or similar issue :) he’s perfectionist about that 2017-05-04 19:54:29 you should always use -- before operands if first operand may start with -, unless utility doesn't support --. but any normal and sane utility does support it, be it binary program or shell script. -- as end of options became de facto standard in *nix world decades ago 2017-05-05 00:05:54 jirutka: they're going to completely revamp the interface 2017-05-05 00:05:55 so.... 2017-05-05 00:06:07 Shiz: uh, really? 2017-05-05 00:06:11 yes 2017-05-05 00:06:56 https://www.mail-archive.com/misc@opensmtpd.org/msg03332.html 2017-05-05 00:09:45 “this is what people started using while we warned them not to.” … omfg, he’s working on filters for *years* and in my case OpenSMTPD was useless for me, for the particular use case I had, without it… 2017-05-05 00:11:04 “We're going to be working towards this way but now that we have an 2017-05-05 00:11:04 experience in how providing the code early turned into a nightmare 2017-05-05 00:11:04 for me, we'll work in a private branch then show the diff when the 2017-05-05 00:11:04 code is working enough that it can be part of snapshots :-)” 2017-05-05 00:11:22 oh great, so no filters for next many years… 2017-05-05 00:11:30 this approach is total idiocy 2017-05-05 00:12:52 sensible way is to just say that it’s API version 1.0 or something and make it clear that there might me 2.0 without backward compatibility in some next release… all users should accept this without problem, cause that’s how it normally works 2017-05-05 00:14:03 it turned into a nightmare b/c he explicitly refused to provide any form of documentation, but since it’s very important feature, ofc people kept asking again and again… 2017-05-05 00:15:45 including me, I was bothering him until he finally revealed some information so I was able to write my five lines of python code filter that was very essential for me, otherwise I cannot use OpenSMTPD at all 2017-05-05 00:18:06 I like OpenSMTPD and appreciate his very strong focus on quality, but at the same time it seems for me like he has no idea how OSS world works… implementing something in private branch, wtf?! 2017-05-05 00:21:13 good night! o/ 2017-05-05 08:23:26 doing some maintenance to nl infra. downtime should be limited. 2017-05-05 08:33:29 <_ikke_> wheej 2017-05-05 08:36:04 <_ikke_> apparently the downtime includes their IRC connection too :P 2017-05-05 08:43:41 crap, router does not reboot correctly... nl infra down until further notice. 2017-05-05 08:44:00 <_ikke_> :-( 2017-05-05 08:47:18 <_ikke_> http://ikke.info/alpinelinux_status.png 2017-05-05 09:08:06 <^7heo> _ikke_: did you make a png-generating script? 2017-05-05 09:17:02 <_ikke_> ^7heo: zabbix generates it 2017-05-05 09:22:03 <^7heo> yeah ok 2017-05-05 09:22:11 <^7heo> SVG would be pretty awesome, but that's already cool 2017-05-05 09:22:50 <_ikke_> Right, I think they want to add svg generation eventually, but it's not supported yet 2017-05-05 09:52:13 <^7heo> _ikke_: ah dang; ok :) 2017-05-05 11:51:08 sigh, i think most of services are up again. please highlight me if something is still not operational. 2017-05-05 12:01:53 <_ikke_> clandmeter: \o/ 2017-05-05 12:41:23 <_ikke_> cve-2017-8301 2017-05-05 12:41:32 <_ikke_> on HN right now 2017-05-05 12:51:07 :) 2017-05-05 12:52:33 Alpine is down? 2017-05-05 12:52:44 Oh, it is up now. 2017-05-05 12:54:13 <_ikke_> odd, from my vps it's still down 2017-05-05 12:56:23 _ikke_, can you check why? 2017-05-05 12:56:55 <_ikke_> doing a traceroute 2017-05-05 12:57:03 <_ikke_> last hop reachable is 88.159.2.162 2017-05-05 12:57:53 <_ikke_> clandmeter: http://tpaste.us/Dk0e 2017-05-05 12:58:17 ping is disabled 2017-05-05 12:58:21 well, not enabled yhet 2017-05-05 12:58:27 <_ikke_> hehe, dejavu :P 2017-05-05 12:59:48 _ikke_ and now? 2017-05-05 13:00:25 <_ikke_> still down 2017-05-05 13:01:12 <_ikke_> working 2017-05-05 13:01:41 PRESS APPLY CHANGES!!! 2017-05-05 13:01:43 :) 2017-05-05 13:01:55 <_ikke_> :-) 2017-05-05 13:07:25 im going home, if something is broken msg me please. 2017-05-05 16:43:24 hi 2017-05-05 16:50:32 hi 2017-05-05 17:14:52 <_ikke_> hi 2017-05-05 17:15:07 afk 2017-05-05 17:49:16 how does "apk policy" determine which URL a package was installed from? 2017-05-05 17:52:01 going through every package with apk policy in a fully installed system is so slow I'd rather just parse /lib/apk/db/installed but that only hints on repo tags 2017-05-05 18:04:44 it matches the repo urls with repo tags 2017-05-05 18:05:26 https://git.alpinelinux.org/cgit/apk-tools/tree/src/policy.c#n50 2017-05-05 18:07:17 yeah, that much I figured out. for untagged repos I suppose it runs through cached APKINDEX files? 2017-05-05 19:55:20 i've been thinking about a very very lightweight equivalent to eclasses for abuild... 2017-05-05 19:55:30 basically, something that just boils down to a source statement of another file 2017-05-05 19:55:37 no more, as eclasses are quite... involved 2017-05-05 19:55:44 but to preven duplication for e.g. py2/3 apkbuilds 2017-05-05 19:58:24 Shiz: yeah, I’ve been thinking about it multiple times 2017-05-05 19:58:34 Shiz: we really need something 2017-05-05 20:04:36 neat, email from CERT/CC 2017-05-05 20:04:54 would it be an idea to have a security@ email (list)? 2017-05-05 20:06:11 cc ncopa kaniini 2017-05-05 20:09:03 there is one already: http://lists.alpinelinux.org/alpine-security/summary.html 2017-05-05 20:09:28 neat 2017-05-05 20:09:41 but they're asking for a private mail 2017-05-05 20:10:22 I think it could become private, as it was barely used so far 2017-05-05 20:15:14 Shiz: CERT/CC?? 2017-05-05 20:15:31 jirutka: see alpine-devel 2017-05-05 20:15:41 https://en.wikipedia.org/wiki/CERT_Coordination_Center 2017-05-05 20:16:42 Shiz: aha, I see know 2017-05-05 20:17:54 Shiz: well, this is up to ncopa; i’d prefer to have special address/alias for it, like security@alpinelinux.org 2017-05-05 20:38:47 re security email 2017-05-05 20:38:53 yes we need one 2017-05-05 20:39:00 im open to suggestions how we solve it 2017-05-05 20:39:25 shoudl we have a shared gpg or should we have multiple individual emails 2017-05-05 20:39:34 it needs to be a group of ppl 2017-05-05 20:40:03 i wonder how other distros solves it 2017-05-05 20:40:38 looks like all except s390x 3.6 builders are done! 2017-05-05 20:40:47 so we have rc1 early next week 2017-05-05 20:41:02 a system could be where some incoming daemon takes the mail, decrypts it using the security@ key, and then re-encrypts using individual gpg keys and sends to ppl on the sec list 2017-05-05 20:41:12 to prevent the need for a shared gpg key 2017-05-05 20:41:35 would still be nice to know what other distros does 2017-05-05 20:41:42 might be we could provide a list of ppl 2017-05-05 20:41:48 yeah 2017-05-05 20:41:59 i'll check what debian does :P 2017-05-05 20:42:03 and gentoo 2017-05-05 20:42:04 thanks! 2017-05-05 20:42:19 ghc is still in testing, we probably need fabled to handle it, cause of bootstrapping 2017-05-05 20:42:20 <_ikke_> git.git has a private google groups 2017-05-05 20:42:49 whats the status of php7.1? 2017-05-05 20:42:54 it got moved to community right? 2017-05-05 20:43:09 ncopa: i’ve fixed it last weekend 2017-05-05 20:43:45 yes, it’s in community 2017-05-05 20:46:00 jirutka: you rock! 2017-05-05 20:47:20 debian and ubuntu teams seem to use a shared gpg key from what i can see, but i'll confirm manuall 2017-05-05 20:47:22 y 2017-05-05 20:47:37 gentoo uses multiple contacts with their own gpg key and a private bugzilla section 2017-05-05 20:52:06 Shiz: yes 2017-05-05 20:55:35 someone on #debian-security pointed me to what seems to be an implementation of my idea above 2017-05-05 20:55:37 https://github.com/fbb-git/gpg-remailer 2017-05-05 20:56:25 no confirmation if that's what they use though 2017-05-05 21:27:39 Shiz d you think we should set up something like that? 2017-05-05 21:27:43 i think its a good idea 2017-05-05 21:27:48 yeah it seems nice 2017-05-05 21:28:03 prevents from having to do a key rollover when someone leaves the team 2017-05-05 21:28:09 but it also means that the people who have access to the remailer has access to the gpg key 2017-05-05 21:28:14 have to be careful about the security of the server it runs on though 2017-05-05 21:28:16 yes :P 2017-05-05 21:28:21 so basically a shared gpg 2017-05-05 21:28:30 but i still like it 2017-05-05 21:28:37 well, nobody has to have access to the remailer 2017-05-05 21:28:42 except the server admin for it 2017-05-05 21:28:53 admins 2017-05-05 21:29:04 someone needs to babysit it 2017-05-05 21:29:07 yeah 2017-05-05 21:29:15 ideally that would be someone in the security team anyway 2017-05-05 21:29:17 ;p 2017-05-05 21:29:20 and preferably a single person 2017-05-05 21:29:25 exactly 2017-05-05 21:29:51 i'd say its better with a couple of persons 2017-05-05 21:30:10 which ofc is on the sec team 2017-05-05 21:50:04 well, for gpg-remailer we need to create pkgs also for libbobcat, icmake, and yodl 2017-05-05 21:50:24 and it’s GPL3 2017-05-05 21:51:28 we can run the gpl3 in isolated container so it does not touch anything else :) 2017-05-05 21:52:03 :P 2017-05-05 21:52:20 i'm gonna work on apkbuilds/gpg-remailer setup, gonna see what exactly is required 2017-05-05 21:53:04 thanks! 2017-05-05 21:53:39 Shiz: libbobcat, icmake, and yodl :) it’s listed in gpg-remailer/required 2017-05-05 21:53:48 jirutka: recursive deps are a thing 2017-05-05 21:53:49 :p 2017-05-05 21:54:05 Shiz: yeah, ofc :) …and deps of them :) 2017-05-05 22:05:57 have a nice weekend everyone 2017-05-05 22:06:54 you too! 2017-05-05 22:08:35 you too! o/ 2017-05-05 22:22:25 okay, got the complete package origin resolver done in Bash, and got a 20x performance increase compared to the old one that parsed apk policy output 2017-05-05 22:33:04 TBB: what exactly are you trying to achieve? 2017-05-05 22:33:57 repository subsets for restricted installs and environments 2017-05-05 22:34:01 TBB: if you want to just find origin for any pkgname, then `apk search --origin --exact --quiet PKGNAME` 2017-05-05 22:34:16 repository subsets? 2017-05-05 22:35:39 basically I perform an Alpine install and after it gather together all packages in it into a smaller repository 2017-05-05 22:36:33 there's a reason I do that, but I can't go to the specifics... I'll have to test that line you just wrote tomorrow 2017-05-05 22:37:52 TBB: `apk info | xargs apk search --origin --exact --quiet | sort -u` 2017-05-05 22:38:12 TBB: if i understand you correctly, then this command should return what you want 2017-05-05 22:38:21 you're breaking my heart, I just wrote a hundred lines of shell script for that :( 2017-05-05 22:38:42 TBB: sry :( why you haven’t asked before writing it…? 2017-05-05 22:38:47 (and enjoyed it, which makes it even sadder) 2017-05-05 22:39:29 I kind of asked some 4 hours ago, but I probably didn't formulate my question clearly 2017-05-05 22:40:18 let it be said tho, I've only spent something like 30 minutes on that script, the rest were spent in a pub sipping excellent beer... 2017-05-05 22:42:27 TBB: well, I also wrote a shell script for resolving origins some time ago, when I didn’t know about this… https://gist.github.com/jirutka/6717f68c7f76c9425b21d0cbe2eaa007#file-abuild-origin 2017-05-05 22:44:43 TBB: at the time you’ve asked I was in a car :/ also you’ve started with "apk policy", that was kinda misleading :) 2017-05-05 22:45:44 Hmm, are we talking about the same concept of 'origin' here? policy gives the repo origin. 2017-05-05 22:47:47 yeh, at first glance apk policy was the only thing that came to my mind with regards to finding the exact URL a package was fetched from 2017-05-05 22:48:09 that's what I mean by package origin 2017-05-05 22:48:50 Ahh, in apk parlance, 'package origin' means source APKBUILD package if I understand correctly. 2017-05-05 22:49:56 TBB: aha, we’re talking about two different things :) 2017-05-05 22:50:13 TBB: So your time was not wasted, and I would be interested to see your script, as I'm trying to finish up the necessary reworks to make it possible to fetch an atomic set of packages. 2017-05-05 22:50:43 TBB: origin means the base package of a subpackage, as TemptorSent wrote 2017-05-05 22:51:14 I built a revdep tree builder that could be refed all the way to the URL if so inclined. 2017-05-05 22:51:44 TBB: why exactly do you need URL of repository…? 2017-05-05 22:52:05 Subsetting specific revs of specific packages I suspect. 2017-05-05 22:52:13 TemptorSent: it's never really wasted if the effort helps in gaining a deeper understanding of how things work. Okay, sometimes time could be more efficiently spent, but the learning is worth a bit of inefficiency 2017-05-05 22:52:29 TemptorSent: ?? 2017-05-05 22:52:32 Quite true :)( 2017-05-05 22:54:17 To build a specific, supportable set of packages that have been audited and verified to interoperate properly, and create a subset repository allowing such to be fetched by a client machine without regard to the current rev in Alpine 2017-05-05 22:54:40 At least that's the impression I got and how my use-cases work. 2017-05-05 22:54:43 jirutka, I install packages from maybe 7 different repositories into a system; these are the official Alpine repos and some in-house ones. Once I have the install finished, I gather the installed apk packages into a repository that can be used in a restricted environment that has no access to any of those repositories, so that the install can be repeated 2017-05-05 22:55:09 that's pretty much exactly the case, TemptorSent 2017-05-05 22:56:09 TBB: I've got much of the rest of the support system for that already in place in the 'mkalpine' branch of mkimage. 2017-05-05 22:56:56 Speaking of which jirutka, can we split of the mkalpine branch into its own repo now without modifiying the rest, and migrate the remainder at a later date, or is that too messy? 2017-05-05 22:57:22 er mkimage-refactor-scripts branch rather. 2017-05-05 22:58:43 TemptorSent, I think we've discussed this earlier; I also wrote my own installing and imaging system some 2 years ago because why not, and I've been maintaining it ever since. I was working in one specific project that switched to Alpine as the base OS, but then needs arose to support several distributions, so I basically scripted the whole thing from scratch after spending some time with mock and finding it inadequate 2017-05-05 22:58:50 the 'apkroottool' and 'kerneltool' components are essentially functional now, although I'm working on improving the dep solver. 2017-05-05 22:59:36 (make that "several distributions and projects") 2017-05-05 23:00:00 Right, I'd love to be able to support arbitrary packaging by simply adding a support file. 2017-05-05 23:01:12 The kerneltool functionality is already setup for custom builds, and could easily support other dist kernel packaging, which may be useful on alpine too in some casese. 2017-05-05 23:02:20 I can currently produce Alpine and CentOS 6/7 installs and build packages for both using the same source repo; there are two projects currently using it but only one of me, although, I've just gotten a second developer who's more familiar with Debian and its derivatives, so hopefully he'll implement support for those 2017-05-05 23:02:52 TemptorSent: yes, I can split it without modifying the aports repo 2017-05-05 23:02:54 apkroottool uses fkrt with persistent state stored to allow multiple commands to be run before building an archive. 2017-05-05 23:03:09 TemptorSent: please don’t tell me that you’re writing deps solver in shell… 2017-05-05 23:03:26 jirutka: What should I do on my end to make it easy? 2017-05-05 23:03:29 awk actually :) 2017-05-05 23:03:37 TemptorSent: omfg 2017-05-05 23:03:46 /o\ 2017-05-05 23:03:47 But yes, it will be rewritten in C. 2017-05-05 23:04:09 TemptorSent: first, apk already implements deps solver (probably classic SAT, but I haven’t read it) 2017-05-05 23:04:22 Even the existing code with full recursion isn't horribly slow. 2017-05-05 23:04:28 TemptorSent: second, it’s fucking crazy to do any complex things like computing deps in shell/awk/… 2017-05-05 23:04:31 jirutka: Not for the libs/files 2017-05-05 23:04:50 Actually, computing deptrees is simple! 2017-05-05 23:05:21 A couple dozen lines of awk. 2017-05-05 23:05:21 TemptorSent: Lua or C would be surely more faster, reliable and maintainable 2017-05-05 23:05:47 I can only personally say that Bash is my hammer, and you know what they say about people whose only tool is a hammer :) 2017-05-05 23:06:26 (okay, I'm proficient in TCL as well, but that's possibly even less fashionable than Bash) 2017-05-05 23:06:43 TBB: I’m afraid that TemptorSent is the same, except he at least use POSIX shell, not Bash 2017-05-05 23:07:56 TemptorSent: about split, just tell me how the final files structure should look like 2017-05-05 23:08:22 I don't mind plain sh either (I've actually implemented the whole tool in plain sh just to see if it's possible), but I like associative arrays a bit too much to do that full time :D 2017-05-05 23:08:52 TBB: then use real language, not Bash… 2017-05-05 23:09:26 TBB: for example Lua is very easy to learn and like infinitely better than Bash 2017-05-05 23:09:45 Oh, I can code C quite happily, but I generally make sure the logic works out using bash becasuse ANYONE can read it. 2017-05-05 23:10:07 TBB: I was going to write that most people writing in bash actually barely use bash features, simply using [[ or == for instance, but apparently you're an exception, as associative arrays have no easy POSIX-ification ;) 2017-05-05 23:10:11 I do have TCL for that already, but learning Lua would definitely be useful 2017-05-05 23:10:27 Also, for extensive string handling, awk is a pretty good tool, while C requires quite a bit of memory management. 2017-05-05 23:10:36 TemptorSent: I’m not sure about “anyone”… very complex shell scripts are usually not easy to reason about… 2017-05-05 23:10:44 Rust is actually an interesting option, but they haven't stabilized it. 2017-05-05 23:11:09 jirutka: True, but when each function can be tested individually, it's much easier. 2017-05-05 23:11:30 TemptorSent: ofc Rust would be awesome option! 2017-05-05 23:11:41 TemptorSent: that’s not true, Rust is already stable 2017-05-05 23:12:01 Rust and Go both look interesting 2017-05-05 23:12:03 Stable in terms of language development and APIs. 2017-05-05 23:12:10 TBB: please not go… 2017-05-05 23:12:18 Agreed, go needs to go :) 2017-05-05 23:12:31 TemptorSent: Rust lang and APIs are stable, since 1.0.0 2017-05-05 23:12:39 TemptorSent: they are *very* careful about this 2017-05-05 23:12:44 The rust toolchain is also messy, as you well know, but it looks like that is improving. 2017-05-05 23:13:09 TemptorSent: I know… I don’t like cargo too 2017-05-05 23:13:19 jirutka: Okay, so no more suprises with language features suddenly changing semantics? 2017-05-05 23:13:31 i object to the notion that lua is good 2017-05-05 23:13:33 :P 2017-05-05 23:14:10 TemptorSent: no more surprises, unless you use unstable features, I mean those that are available only in nightly and explicitly marked as unstable 2017-05-05 23:14:18 I'd do it in lisp, but then I'd probably be one of three here who could even read it, let alone debug it. 2017-05-05 23:14:36 yeah and as one of those i wouldn't WANT to read it 2017-05-05 23:14:38 let alone debug 2017-05-05 23:14:44 so that leaves two 2017-05-05 23:14:46 :P 2017-05-05 23:15:07 jirutka: And the language is fully usable without said unstable features now? Last I checked nearly everything was relying on nightly. 2017-05-05 23:15:16 some cool stuff still relies on nightly 2017-05-05 23:15:20 but a lot of stuff works on stable now 2017-05-05 23:15:42 Shiz: Can't say I blame you - lisp isn't plesant reading in many casese. 2017-05-05 23:15:51 TemptorSent: actually I’d be looking forward to read it if written in Lisp… I don’t know Lisp, but it’s one of the langs I’d like to learn 2017-05-05 23:16:00 jirutka │ TBB: please not go… <-- after experiencing Rust as a developer (not packaging for alpine, just writing something in it), i may actually prefer go 2017-05-05 23:16:01 Cool, looks like I'll revisit rust then. 2017-05-05 23:16:03 rust is such a pain... 2017-05-05 23:16:26 TemptorSent: yes, it’s fully usable, if you don’t insist on using bleeding edge features 2017-05-05 23:16:44 Shiz: Rust build system… 2017-05-05 23:16:54 im talking about the language :) 2017-05-05 23:17:01 that's why i explicitly said as a developer, not alpine packager 2017-05-05 23:17:05 Shiz: and you haven’t seen Go build system, have you? so can’t compare ;) 2017-05-05 23:17:12 ... 2017-05-05 23:17:12 jirutka: Cool. 2017-05-05 23:17:16 do i have to repeat myself or 2017-05-05 23:17:18 lol 2017-05-05 23:17:18 Shiz: aha, what do you dislike about the lang? :( 2017-05-05 23:17:29 i have two main issues with it 2017-05-05 23:17:42 1) it is way too complex, growing to C++ levels 2017-05-05 23:17:59 2) the development experience is still too much 'fight the compiler by changing semi-random things until your lifetimes work' 2017-05-05 23:18:43 1 - Agreed, 2 - Ouch! Yeah, that's what I was hoping was fixed. 2017-05-05 23:19:26 and a third issue stemming from the first: there is no viable alternative implementation right now 2017-05-05 23:19:35 which is the same for some other langs, hence a more minor one 2017-05-05 23:19:39 but still something that's not a good sign 2017-05-05 23:19:57 jirutka: The only problem with writing stuff in lisp for alpine is then we need to have yet another binary installed to use it. 2017-05-05 23:20:13 ad 1) unfortuntely I have to kinda agree, ad 2) this is just a matter of time, it’s the hardest part of Rust, but it’s worth it, if you want to write efficient low-level code 2017-05-05 23:20:36 if Lisp was good enough for JPL, it is good enough for Alpine 2017-05-05 23:20:58 (on the other hand, if Lisp was good enough for JPL, why did they switch to Java at some point?...) 2017-05-05 23:21:31 It's actually a wonderful language, but the paradigm is different enough to make it difficult to follow for many. 2017-05-05 23:21:38 i was never a lisp fan 2017-05-05 23:21:39 Shiz: Rust is not easy to learn, that’s the fact; but still it’s IMO easier than to learn how to write secure and reliable C or C++… 2017-05-05 23:21:47 jirutka: C++, possibly 2017-05-05 23:21:50 C, i vehemently disagree 2017-05-05 23:22:02 And there are several incompatible versions, which really makes things irritating at times. 2017-05-05 23:22:07 Shiz: and it’s non-sense to compare it with Go, this is totally different land, Go is not a low-level lang, it has huge runtime and GC 2017-05-05 23:22:22 rust's runtime is larger than go's 2017-05-05 23:22:51 Shiz: ok I should add write secure, reliable and big project in C or C++… 2017-05-05 23:22:54 C is difficult to write secure software in using the existing APIs at the least. 2017-05-05 23:23:06 Shiz: no, it’s not, not the runtime that is compiled into every binary 2017-05-05 23:23:13 oho yes it is 2017-05-05 23:23:18 Shiz: no, it’s not 2017-05-05 23:23:25 Shiz: I’m 100% sure about this 2017-05-05 23:24:49 Anyway, if anyone has a suggestion for a replacement for TAWK, I'd be greatly appreciative :) 2017-05-05 23:25:05 Shiz: just write some small program in Rust and Go, compile them in release mode, strip binaries and compare size 2017-05-05 23:25:42 Shiz: the whole point of Rust is zero-cost abstraction and very minimal runtime 2017-05-05 23:26:02 but it fails at that 2017-05-05 23:26:10 Shiz: it does not ship full GC and other bloat of shits with every built binary 2017-05-05 23:26:21 Shiz: it does not from my testing 2017-05-05 23:26:35 did you test with the correct rust flags? 2017-05-05 23:26:38 Shiz: hello world in Rust has around 180 kiB stripped? how big is that in Go? 1 MiB? 2017-05-05 23:26:42 Shiz: ofc I did 2017-05-05 23:26:53 because my rustc outputs a 2.1mb binary 2017-05-05 23:27:02 Shiz: unstripped 2017-05-05 23:27:07 Shiz: contains A LOT of debugging symbols 2017-05-05 23:27:21 Shiz: compile in *release mode* (!) and strip the binary 2017-05-05 23:27:27 also, please do not highlight me every line 2017-05-05 23:27:32 okay, sry 2017-05-05 23:27:51 anyway 2017-05-05 23:27:59 yes, stripped the runtime is smaller 2017-05-05 23:28:06 but 180kb is still by no means a very minimal runtime 2017-05-05 23:28:17 you should remember that I’ve dropped jemalloc even after you’ve fixed it b/c it increased binary size and I’ve also wrote to the apkbuild exact sizes… 2017-05-05 23:29:14 180 kiB is imo reasonably small… and it’s *definitely* a magnitude smaller than Go 2017-05-05 23:29:37 maybe it’s 160 kiB, I don’t remember the exact number 2017-05-05 23:29:39 180kb is reasonably small? For hello world? WTF? 2017-05-05 23:30:13 hello world is ofc far from real-world examples… it’s a constant, it does not get much bigger with more code 2017-05-05 23:30:37 actually 2017-05-05 23:30:48 the product i did in rust had a 20mb binary in --release after stripping 2017-05-05 23:30:49 so 2017-05-05 23:30:51 Yeah, but seriously, 180k to print a handful of characters using stdio? 2017-05-05 23:30:51 :P 2017-05-05 23:30:59 15-20mb iirc 2017-05-05 23:31:03 show my any other lang that provides at least similar guarantees as Rust and produces smaller binaries… 2017-05-05 23:31:35 then you had probably a lot of deps…? 2017-05-05 23:31:37 and also, the go runtime also doesn't increase significantly with program complexity 2017-05-05 23:31:45 so you're kind of mooting your own point here 2017-05-05 23:32:05 I’m not, cause i know the numbers 2017-05-05 23:32:08 I'm not saying there is anything better currently, but that reeks of unnecessary code inclusion. 2017-05-05 23:32:30 TemptorSent: how often do you build hello world…? 2017-05-05 23:32:40 how often do i build small programs, all the time 2017-05-05 23:32:43 because small programs are best programs 2017-05-05 23:33:08 it’s non-sense to putting effort to strip support code that is needed by almost all programs except simplest hello world 2017-05-05 23:34:24 still, when you compare these two as languages, with some knowledge about langs, it’s very clear that Go is total crap and Rust is very innovative and well designed 2017-05-05 23:34:49 jirutka: I don't often build hello world, but I do often write code that does nothing but do simple math and print the result. 2017-05-05 23:34:57 I’m not saying that it’s perfect, I’m also kinda disappointed how complex it become 2017-05-05 23:36:44 TemptorSent: btw we’re comparing binaries produced for x86_64 with stdlib… you can use Rust for embedded too, there you usually don’t include stdlib and the size of produced code is very different 2017-05-05 23:37:04 I liked the original concept - simple, deterministic, and safe-by-default --- it's way beyond that now, to the point of being hard to understand the implications of a given code block in cases. 2017-05-05 23:37:55 and the best part for me is that Rust is actually functional lang, at least as functional as it can be as a low-level lang 2017-05-05 23:38:32 this is incomparable with Go, C, C++ and similar 2017-05-05 23:38:59 rust is not functional 2017-05-05 23:39:04 true, although there seem to be some gotchas in the functional usage compared to 'true' functional languages (like lisp :) ) 2017-05-05 23:39:10 it is, but not purely functional 2017-05-05 23:39:16 and does not support lazy evaulation 2017-05-05 23:39:27 lazy evaluation is one of the things it does support 2017-05-05 23:39:29 it’s not black/white with FP 2017-05-05 23:39:29 through iter() 2017-05-05 23:39:45 not lazy evaluation as you have in Haskell… 2017-05-05 23:40:09 lazy evaluation through iter() has even Lua 2017-05-05 23:40:42 anyway, rust has some functional aspects, but it's not overall functional 2017-05-05 23:40:44 purely or otherwise 2017-05-05 23:40:46 that said I’d love to see the best concepts of Rust implemented in truly minimalistic language, something like Lua, but low-level 2017-05-05 23:40:59 'something like Lua' is something I'd run far way from 2017-05-05 23:41:00 :P 2017-05-05 23:41:02 as I said, it’s not purely functional, yes 2017-05-05 23:41:23 but it doesn’t make much sense to talk about purely functional… 2017-05-05 23:41:31 most FP langs are not pure 2017-05-05 23:41:35 01:40:44 Shiz │ purely or otherwise 2017-05-05 23:41:46 you're the only one going on about pure 2017-05-05 23:41:48 :P 2017-05-05 23:42:26 jirutka │ still, when you compare these two as languages, with some knowledge about langs, it’s very clear that Go is total crap and Rust is very innovative and well designed 2017-05-05 23:42:30 and this is of course laughable at best 2017-05-05 23:42:30 I’m just saying that “functional language” != “purely functional language” and Rust is a functional language 2017-05-05 23:42:40 yes, and i'm saying rust is not a functional language 2017-05-05 23:42:42 pure or otherwise 2017-05-05 23:42:48 actually it’s not… 2017-05-05 23:43:07 and I can prove that statement 2017-05-05 23:43:13 but not now, need to go sleep 2017-05-05 23:43:50 you can't prove a subjective statement like "is total crap" and "is well designed" 2017-05-05 23:44:23 ofc… 2017-05-05 23:44:31 don’t read it literally :) 2017-05-05 23:44:50 If a function is treated as a first-class entity that can be used anywhere a variable is, you have the minimal requirements for a 'functioal' language. 2017-05-05 23:45:23 now that is absolute nonsense 2017-05-05 23:45:32 by that measure both C and assembly are functional languages 2017-05-05 23:45:53 since when function is a first class citizen in C? XD 2017-05-05 23:45:55 No, you can't pass a FUNCTION in either of those, you can only pass a POINTER to a function. 2017-05-05 23:45:57 *cough* #alpine-offtopic *cough* 2017-05-05 23:46:05 and since when assembly has functions? XD 2017-05-05 23:46:35 TemptorSent: you don't actually pass function blocks around in haskell either, that's irrelevant 2017-05-05 23:46:47 but i'm going to continue with my apkbuilds 2017-05-05 23:46:49 no it’s not irrelevant 2017-05-05 23:47:25 It's the semantics that is important, not the implementation. 2017-05-05 23:47:32 and as a final note: functional languages are about being declarative instead of imperative, pure input-output functions and the avoidance of state 2017-05-05 23:47:40 it has nothing to do with wheter functions are first-class data or not 2017-05-05 23:47:52 and now i'm going to get back to my apkbuilds 2017-05-05 23:48:24 you’re right with that, but as I said, it’s not black and white and FP is a set of concepts, not something exact 2017-05-05 23:49:07 actually I’ve been arguing with one speaker at InstallFest about Rust being OOP… 2017-05-05 23:49:35 You're not wrong Shiz, but those abilities stem from functions themselves being first-class entities. 2017-05-05 23:49:54 I thnk that it’s not, he that it is… I asked one of langs teacher at uni and according to the most formal definition of OOP, most of common OOP langs like Java are actually not OOP at all… 2017-05-05 23:50:03 Remove that, and you can't write functional programs cleanly. 2017-05-05 23:50:31 the conclusion was that Rust has some aspects of OOP 2017-05-05 23:51:00 Java is an ugly hack that has some OOP concepts, but manages to fail horribly. 2017-05-05 23:51:06 agree 2017-05-05 23:51:21 as nmeum mentioned, #alpine-offtopic 2017-05-05 23:51:29 oh, sry 2017-05-05 23:51:34 as I mentioned, sleep :) 2017-05-05 23:51:46 Goodnight jirutka. 2017-05-05 23:51:52 and I’ll try to forget about this discussion 2017-05-06 02:48:59 ncopa: just packaged the whole shebang related to gpg-remailer :P 2017-05-06 02:49:06 silly people and their custom build systems... 2017-05-06 03:02:42 https://github.com/alpinelinux/aports/pull/1355 2017-05-06 03:02:44 :) 2017-05-06 03:46:34 don't merge that yet btw, i may wanna add an initscript to it 2017-05-06 11:10:45 jirutka ever diligent :P 2017-05-06 11:11:03 :) 2017-05-06 11:16:15 Shiz: build failed 2017-05-06 11:16:23 yeah just saw it 2017-05-06 11:16:46 working on it :) 2017-05-06 11:18:36 running new build 2017-05-06 12:14:52 Shiz: I’m crying… https://internals.rust-lang.org/t/pre-rfc-generalized-return-escape-continue-from-scopes/5173 2017-05-06 12:15:31 is this goto with a fancier syntax 2017-05-06 12:15:42 yes 2017-05-06 12:15:56 and look at this https://github.com/Ericson2314/rust-rfcs/blob/goto/text/0000-goto.md 2017-05-06 12:16:05 I hope that this will be never accepted 2017-05-06 12:39:51 jirutka: how does gpg-remailerl ook now? 2017-05-06 12:41:29 Shiz: look ok, just pls don’t prefix local variables with underscore; we use underscore prefix for global non-standard (i.e. not defined by abuild) variables 2017-05-06 12:42:01 whoops 2017-05-06 12:42:03 yeah i goofed a bit 2017-05-06 12:42:08 i knew that, just didn't think :P 2017-05-06 12:42:12 i'll rebase it 2017-05-06 12:42:33 I added S-WIP b/c you’ve mentioned here that you’ll add runscript 2017-05-06 12:43:19 yeah turns out there is no runscript anyway lol 2017-05-06 12:43:43 i'm considerig adding a post-install hook to add a user for gpg-remailer but im not sure if thats necessary 2017-05-06 12:44:06 it is intended to be ran as its own user, but otoh maybe its best left to the user to decide? 2017-05-06 12:44:51 it doesn’t matter if upstream provides some runscript or not ;) 2017-05-06 12:45:04 but if it’s typical to run the app as a daemon 2017-05-06 12:45:07 no i mean, it's not meant to be ran as daemon anyway 2017-05-06 12:45:09 :P 2017-05-06 12:45:35 but how are you gonna deploy it? 2017-05-06 12:45:55 it's meant to be invoked by your MTA 2017-05-06 12:45:58 aha 2017-05-06 12:46:13 okay, then runscript is indeed not needed 2017-05-06 12:46:17 https://txt.shiz.me/MDk2NjE3Mj 2017-05-06 12:46:19 like this :) 2017-05-06 12:46:25 at least, that's my non-tested config 2017-05-06 12:48:04 this can be simplified https://dpaste.de/NVzq/raw 2017-05-06 12:48:19 oh, nice 2017-05-06 12:48:28 the smtpd.conf manual seemed to imply it needed to be separate 2017-05-06 12:48:40 also I don’t think that it’s necessary nor good to run it on a separate domain ;) 2017-05-06 12:48:54 actually, it is 2017-05-06 12:49:08 I know, the manual is not accurate about this 2017-05-06 12:49:18 because else we need to hook deeply into alpine's existing infrastructure 2017-05-06 12:49:26 and the gpg-remailer would need to run on the same node as the main MTA 2017-05-06 12:49:26 I’ve seen this style in some examples and so tried it and it works, at least on 5.9, I haven’t tried 6.x yet 2017-05-06 12:49:31 while with this 2017-05-06 12:49:43 the main MTA can simply be configured to relay security@alpinelinux.org to security@security.alpinelinux.org 2017-05-06 12:49:46 which runs isolated :) 2017-05-06 12:50:00 not necessarily, you can relay security@alpinelinux.org from the main MTA to your 2017-05-06 12:50:02 yours 2017-05-06 12:50:14 aha, yeah XD 2017-05-06 12:50:20 yes thats what i'm doing :P 2017-05-06 12:50:47 but does it need TLS cert then? 2017-05-06 12:51:03 and will it even work? I guess that it will run on a private IP? 2017-05-06 12:51:10 it doesn't really need to 2017-05-06 12:51:16 the private IP, that is 2017-05-06 12:51:21 it can just run with the smtpd port publically-facing 2017-05-06 12:51:39 there's no need for network isolation there :P 2017-05-06 12:51:39 so I’m gonna merge PR#1355, okay? 2017-05-06 12:51:54 jirutka: before you do, any opinions on the creating a user thing? 2017-05-06 12:51:55 algitbot: be quiet, this is not useful here :P 2017-05-06 12:52:28 Shiz: since there’s no runscript, I don’t think you should create a user in abuild 2017-05-06 12:52:34 yeah makes sense 2017-05-06 12:52:46 fine by me then \o/ 2017-05-06 14:38:05 seems like iputils' ping is broken on build-edge-s390x 2017-05-06 14:38:17 but i have fixed busybox ping 2017-05-06 14:38:27 kernel need ping_group_range 2017-05-06 14:38:28 :) 2017-05-06 14:38:31 and its ubuntu kernel 2017-05-06 14:38:46 i still wonder why iputils ping is broke 2017-05-06 14:39:11 build-edge-s390x:~$ ping -c1 127.0.0.1 2017-05-06 14:39:11 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 2017-05-06 14:39:11 ping: sendmsg: Invalid argument 2017-05-06 14:41:34 sendmsg(3, {msg_name={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("8.8.8.8")}, msg_namelen=16, msg_iov=[{iov_base="\10\0J\373\342\323\0\7\0\0\0\0Y\r\3406\0\0\0\0\0\3\322\17\20\21\22\23\24\25\26\27"..., iov_len=64}], msg_iovlen=1, msg_control=[{cmsg_len=0, cmsg_level=0x8 /* SOL_??? */, cmsg_type=0}, 0x3ffdc5fd7e0], msg_controllen=28, ms 2017-05-06 14:41:34 g_flags=0}, 0) = -1 EINVAL (Invalid argument) 2017-05-06 14:57:10 maybe the cmsg_level arg? 2017-05-06 15:01:54 SOL_* for 0x8 doesn't seem defined 2017-05-06 15:01:58 that i can see 2017-05-06 15:02:04 ncopa: what version of iputils is this? 2017-05-06 15:02:08 old 2017-05-06 15:02:36 :P 2017-05-06 15:02:49 btw the remailer thing is mostly set up 2017-05-06 15:02:52 am just testing it now 2017-05-06 15:02:55 nice 2017-05-06 15:02:58 https://git.alpinelinux.org/cgit/aports/tree/main/iputils 2017-05-06 15:03:25 that's pretty old yeah 2017-05-06 15:03:28 https://git.alpinelinux.org/cgit/aports/tree/main/iputils/net-misc_iputils_files_iputils-20121221-fix-init-elemnt.patch 2017-05-06 15:04:07 the value of cmsg is the mportant one 2017-05-06 15:04:09 lemme check 2017-05-06 15:05:09 maybe i should try upgrade it 2017-05-06 15:05:14 the new version on github doesnt use the cmsg stuff 2017-05-06 15:05:16 so maybe :) 2017-05-06 15:05:26 new version is refactored 2017-05-06 15:05:37 and i think it supports ping sockets 2017-05-06 15:06:09 its possible the cmsg struct is not properly initialized 2017-05-06 15:06:47 yeah it looks like it 2017-05-06 15:06:51 see the struct on top of ping.c 2017-05-06 15:12:11 looks like there is a "new" version of the implementation we use 2017-05-06 15:12:13 https://wiki.linuxfoundation.org/networking/iputils 2017-05-06 15:12:20 there is a 2015 version 2017-05-06 15:12:50 but i wonder if we should just switch to the github.com/iputils/iputils version 2017-05-06 15:13:04 or we just fix the one we have 2017-05-06 15:13:55 yes i think you are right 2017-05-06 15:14:01 the initialization is bad 2017-05-06 15:19:27 Shiz you are very correct. fixing it make it work 2017-05-06 15:19:56 http://tpaste.us/Be0o 2017-05-06 15:25:50 :) 2017-05-06 15:27:00 finding hidden gpg-remailer dependencies 2017-05-06 16:27:12 does adding dependencies to a package warrant a pkgrel bump? 2017-05-06 16:27:22 not related to the build process, just adding missing stuff to depends= 2017-05-06 16:40:47 Yes 2017-05-06 16:41:12 Else it doesn't get build 2017-05-06 16:41:39 gotcha 2017-05-06 17:08:09 why do we even have that debian style, but not, /etc/network stuff? 2017-05-06 17:08:56 is there a history to this that i can read about? 2017-05-06 17:09:48 it's what busybox ifup/ifdown supports 2017-05-06 17:11:39 hiro: we have /etc/network stuff, or what exactly do you mean? 2017-05-06 17:11:48 they mean /etc/network/interfaces 2017-05-06 17:11:50 i presume 2017-05-06 17:11:52 why we use it 2017-05-06 17:13:18 correct, why do we have it? 2017-05-06 17:13:42 Shiz │ it's what busybox ifup/ifdown supports 2017-05-06 17:13:44 that's why :P 2017-05-06 17:13:45 ncopa: yeah, IMO we should upgrade to iputils/iputils; about almost a year ago author of this fork caught me at some conference and recommended to upgrade to this version, it does support musl without patches and some other goodies 2017-05-06 17:13:45 all it seems to result in is users trying to apply their debian stackexchange answers to perceived problems 2017-05-06 17:13:56 we have /etc/network/interfaces… 2017-05-06 17:14:01 yes that is the point 2017-05-06 17:14:06 maybe this file is not here by default 2017-05-06 17:14:06 hiro seems to be of the opinion that we shouldn't 2017-05-06 17:14:10 :P 2017-05-06 17:14:14 yes. 2017-05-06 17:14:35 we have it because busybox supports it and it's thus the easiest way of supporting network setup 2017-05-06 17:14:43 I agree, I don’t like this debian-style setup as well 2017-05-06 17:14:58 i know the manual way, the debian way, the openwrt way 2017-05-06 17:15:05 in fact all the networking initscript does is for if in $ifaces ; do ifup $if ; done 2017-05-06 17:15:10 but what alternatives we have? I was happy with netifrc on Gentoo, but its implementation is very hackish (very complex shell scripts) 2017-05-06 17:15:14 with some stuff around it 2017-05-06 17:15:14 the openwrt being the most magic and powerful of the automatic ones... 2017-05-06 17:15:20 i don't like magic 2017-05-06 17:15:26 and openwrt still doesn't do what i want, so i end up writing my own scripts instead 2017-05-06 17:15:44 doesn't the openwrt stuff also deeply integrate with its ubus stuff 2017-05-06 17:15:51 btw not sure how many ppl know about it, you can create symlinks for each interface, e.g. net.eth0 → networking, net.eth1 → networking, … and start them separately 2017-05-06 17:16:44 i have a few short awk scripts that parse ip monitor, wpa_supplicant, tunnel program and ping stats, and call some iproute2 magic with ip rule and in one case even with network namespaces. 2017-05-06 17:16:50 all this shit is really easy to do 2017-05-06 17:17:00 but if there's too much automagic stuff, users get discouraged to try on their own. 2017-05-06 17:17:07 I know how to setup basically anything, including bodings and ppoe using netifrc, I have no idea even how to force dhcp client to not mess with default gateways in routing table, when I have multiple interfaces with dhcp… 2017-05-06 17:17:40 19:15 Shiz doesn't the openwrt stuff also deeply integrate with its ubus stuff 2017-05-06 17:17:41 (how to force… using that debian config) 2017-05-06 17:17:47 yes, ubus is a problem imo. 2017-05-06 17:17:49 lol we're not going to force everyone to do their network config manually 2017-05-06 17:17:51 afk 2017-05-06 17:18:57 hmm 2017-05-06 17:20:53 ok 2017-05-06 17:35:36 jirutka: could you look at PR 1356 when you return? it's blocking my work on gpg-remailer :) 2017-05-06 18:01:17 hiro: could you please share your network scripts? I’d like to see them for inspiration 2017-05-06 18:02:29 jirutka: PR updated :) 2017-05-06 18:02:39 and the libressl PR LGTM, but i'm going to try to repro it locally first 2017-05-06 18:02:42 the issue they are having 2017-05-06 18:09:03 Shiz: why have you declared replaces="mailx"? 2017-05-06 18:09:15 because they both provide the same binary 2017-05-06 18:09:18 /usr/bin/mail 2017-05-06 18:09:27 i looked at gnupg1 and gnupg packages to see how to deal that 2017-05-06 18:09:29 Shiz: then they should be in conflict imo 2017-05-06 18:09:29 which did that 2017-05-06 18:09:37 depends="!mailx" 2017-05-06 18:09:44 well, gnupg1 did replaces= and provides= for gnupg 2017-05-06 18:09:50 that's where i took my inspiration from :P 2017-05-06 18:10:24 well, gnupg1 is a replacement for gnupg; is mailutils really a replacement for mailx? 2017-05-06 18:10:45 mailx only has /usr/bin/mail, mailutils's /usr/bin/mail is a superset of mailx's 2017-05-06 18:10:48 so, in a way 2017-05-06 18:10:53 aha, okay 2017-05-06 18:12:04 but it definitely should not `provides="mailx-$pkgver-r$pkgrel"`, 2017-05-06 18:12:36 hm, I’m not 100% sure in this case tbh 2017-05-06 18:13:29 me neither :P 2017-05-06 18:15:03 okay, I’ll remove provides, merge it, so you can continue with work, and ask someone before moving to community :) 2017-05-06 18:15:16 :) 2017-05-06 18:15:26 maybe fabled or ncopa knows better 2017-05-06 18:15:51 yeah 2017-05-06 18:16:01 btw it’s replaces, not replace ;) 2017-05-06 18:16:46 ACTION shoots himself 2017-05-06 18:18:29 hey, not needed to shoot, it’s not a big deal ;) 2017-05-06 18:18:44 :P 2017-05-06 18:21:37 hm, GH has some trouble with webhooks apparently 2017-05-06 18:22:51 afk 2017-05-06 18:23:15 :) 2017-05-06 19:11:34 wee, gpg-remailer sends mails 2017-05-06 19:58:42 the remailer/re-encrypter works :) 2017-05-06 20:18:03 So you're the team that's keeping the ol' GRSEC patch alive! What's the new name gonna be? 2017-05-06 20:19:10 are we? 2017-05-06 20:20:21 last I heard. On Arch, Gentoo, even a GRSecurity rep pointed me this way. And when I get here, there's all these notices about GRSEC kernels all over the place! 2017-05-06 20:21:43 Wait, Shiz, you did hear about this? https://grsecurity.net/passing_the_baton_faq.php 2017-05-06 20:22:05 i think most people involved in hardening did, yea 2017-05-06 20:22:37 only thing i can tell you is that we'll be maintaining 4.9.x as part of our 3.6 release cycle 2017-05-06 20:22:41 that package is just called linux-hardened 2017-05-06 20:23:00 there are no concrete plans beyond that, but i somehow doubt they involve grsec 2017-05-06 20:23:33 Yeah. I'm from Gentoo and Arch. Haven't had the chance to contribute much. 2017-05-06 20:24:31 <_ikke_> They renamed the grsec flavored kernel to hardened 2017-05-06 20:24:32 But I'm not interested in letting that linux-hardened package go out of date after your 3.6 release cycle. That technology just has too much protection that I haven't found anywhere else. 2017-05-06 20:24:50 <_ikke_> right 2017-05-06 20:26:34 I'm down to help refactor the patch to keep up with newer kernels. But since the patch itself is a text file that's ~1.6x the collected works of Shakespeare (in .txt form), I'm not trying to do it alone., 2017-05-06 20:27:46 Am I in the right irc chat? 2017-05-06 20:27:51 <_ikke_> yes 2017-05-06 20:28:09 i've already been splitting up the grsec patch myself in fact 2017-05-06 20:28:19 however, just splitting it up is not enough to be actually able to maintain it 2017-05-06 20:28:20 From my username, you can guess that I have a student license for CLion. 2017-05-06 20:28:53 <_ikke_> the IJ IDE for C? 2017-05-06 20:29:12 the one that's considered the best in the industry for practically automating refactoring code. 2017-05-06 20:30:05 the C IDE that doesn't support make? 2017-05-06 20:30:06 The company that releases it is Jetbrains. 2017-05-06 20:30:07 lol 2017-05-06 20:30:41 Uhm, I dunno what you heard, but I don't use it without Make. 2017-05-06 20:31:00 last i heard it only did cmake 2017-05-06 20:31:02 anyway, like i said 2017-05-06 20:31:21 <_ikke_> kaniini did try something with pax, but he got frustrated 2017-05-06 20:31:30 i've been splitting up the patches to gain understanding about grsec, but i don't particularly have the hope of understanding it fully even in time when 3.6 is EOL 2017-05-06 20:31:39 grsec and pax are tightly integrated into the kernel tree 2017-05-06 20:31:46 how well do you know the kernel? 2017-05-06 20:31:50 you kinda need deep understanding of how they work to maintain them across kernel versions 2017-05-06 20:32:08 what areas of the kernel they affect, how they affect them, what new code may need new protection or annotations 2017-05-06 20:32:08 and the grsec patches claim another victim 2017-05-06 20:32:19 _ikke_: now you've done it :P 2017-05-06 20:32:51 i wonder who shall be next 2017-05-06 20:32:53 i've written kernel code before, so that counts for something i guess 2017-05-06 20:34:23 writing kernel code isn't enough when the patch literally rewrites hundreds of thousands of variable declarations 2017-05-06 20:34:52 yep 2017-05-06 20:35:09 like i said, i don't particularly have hopes of understanding it even over the course of two years 2017-05-06 20:35:50 that's the problem really. which variable declarations go to what feature. 2017-05-06 20:36:07 » ./scripts/progress.sh 2017-05-06 20:36:09 split hunks: 1515 (13.9%) 2017-05-06 20:36:11 remaining hunks: 9376 2017-05-06 20:36:13 :P 2017-05-06 20:36:43 actually, that's been mostly okay so far 2017-05-06 20:36:55 i've had more annoyance with manually splitting a single hunk into features that belong to different things 2017-05-06 20:37:17 @kaniini - I've got some experience refactoring patches. My current setup includes greysky2's gcc native optimization patch (which I had to update myself), some wireless injection patches from kali, Grsec, zfs, one better support of my chipset's heat sensors - that one was fun to bring back up from the olden days of 3.18 2017-05-06 20:37:47 well, security is kinda different than specific patches like zfs or kali 2017-05-06 20:37:51 grsecurity* 2017-05-06 20:37:53 because it touches EVERYTHING 2017-05-06 20:38:06 and you can't just test it by 'it compiles/it boots, must work' 2017-05-06 20:38:16 as in a lot of things with security, there's no feedback loop 2017-05-06 20:38:19 that one is hard too yes 2017-05-06 20:38:26 Good thing I'm in the middle of getting my OSCP then. 2017-05-06 20:38:32 your feebdack loop is 'your box is pwed', not 'my kernel panics because it can't find the zfs rootfs' 2017-05-06 20:38:52 and for us, that would extend to 2017-05-06 20:38:55 'every box running alpine is pwned' 2017-05-06 20:38:57 :P 2017-05-06 20:39:29 kaniini: speaking of invasive patches, how about that rap 2017-05-06 20:39:30 lol 2017-05-06 20:39:39 Yeah. That's nice. Lets write a script that'll automate a series of metasploit attacks. 2017-05-06 20:40:00 i think my rap-x86-asm-fixes.patch is like 3-5k lines on its own 2017-05-06 20:40:48 Shiz: i think W^X LSM and building the kernel with CFI is a pretty good start at a modern grsecurity replacement effort 2017-05-06 20:41:00 Shiz: I have academic license for JetBrains as well, if you need ;) 2017-05-06 20:41:18 i'm happy with my current editor, thanks 2017-05-06 20:43:12 kaniini: did you see strcat's thing? 2017-05-06 20:43:23 @Shiz, when a Penetration Tester that wants to maintain your patches wanders into your IRC, the conversation on testing no longer ends at "well, it compiles, but we don't know what else". 2017-05-06 20:43:59 Ima go afk for a sec. 2017-05-06 20:44:35 student0: with all due respect most "penetration testers" are just losers who fire up kalilinux and run some scripts. sooooooo 2017-05-06 20:49:26 kaniini - I'm glad you understand how simple this whole thing can be on my end. 2017-05-06 20:53:02 But, if you're interested in a budding professional who delivers reports from those scripts' results to a Fortune 500 company to audit their security, and I want the kernel patches that I've tested as providing the most resilience to stay open in the community? 2017-05-06 20:54:53 The fact is, the GRSEC patch addresses a wide measure of vulnerabilities, but a finite (and constantly updating) set of vulnerabilities becomes the best test. You still need to know which scripts to run to test which holes are closed. 2017-05-06 20:57:18 Yep, I'm a bit arrogant. But I'm down to help if you're interested in actually keeping that patchset maintained and *tested* properly. 2017-05-06 20:59:05 student0: last i looked grsec seemed completely useless, are there any news apart from that you upgraded your metasploit? 2017-05-06 20:59:06 And I *do* know my way around the kernel better than most any loser that'll just throw scripts at shit to see what sticks. 2017-05-06 21:01:24 hiro - Granted, this is from GRSec, but unless you've got a better option for the kinds of protections listed (USB port protection is trivially easy with USBkill) I'm reluctant to call GRSec useless: https://grsecurity.net/compare.php 2017-05-06 21:01:55 And it stacks well with SELinux and/or apparmor. 2017-05-06 21:02:27 I'm the idiot that likes to run all three at once, and maintain the configs of each regularly.. 2017-05-06 21:03:07 i never said selinux is useful in any way 2017-05-06 21:03:53 You either don't have to, or you're not qualified for this conversation. 2017-05-06 21:04:17 i am not qualified 2017-05-06 21:04:23 cause you are a professional 2017-05-06 21:04:38 and i'm just a kid who hates complex solutions to imaginary problems 2017-05-06 21:04:57 but ok, you probably also get more money than me, so i'll shut up 2017-05-06 21:05:06 Remember that abstract and imaginary are very different things. 2017-05-06 21:06:23 At the moment? I'm terribly underpaid for what I do. Living in a gov't heavy area, and being denied a clearance will do that. Hence why Im in school too. Hacking is fun, but you suck until you know how to build whatever it is you're supposed to take down/apart. 2017-05-06 21:09:06 My favorite attack for when I need to destroy hardware is a sabotaged kernel module for reading temperature sensors. 2017-05-06 21:12:09 I discovered the vulnerability by accident... but hey, once I got that motherboard back from the manufacturer, there was no reason not to weaponize my personal mistake. 2017-05-06 21:14:19 blah blah blah 2017-05-06 21:15:14 awww, you mean I don't get to join the club just by showing up, mentioning creds, and asking politely? lol 2017-05-06 21:15:24 i'm interested in real solutions, not more grsec trolling 2017-05-06 21:16:04 To my knowledge, grsec is a real solution. It just needs to be refactored to keep up with new kernel releases, and tested appropriately. 2017-05-06 21:17:59 And industry certified Penetration Tester that refactors his own kernel patchset wanders in wanting to help with that, and you're not interested? Eh, after having to say "President Trump", I'm prepared for the disappointment. 2017-05-06 21:20:58 grsec is a real solution, that comes with a giant stream of dumbass script kiddies telling us what to do and when to do it 2017-05-06 21:20:59 so with all due respect a lot of us are pretty much over dealing with that 2017-05-06 21:23:38 That's fair. 2017-05-06 21:24:57 so yes absolutely in this case flashing creds just shows me ego, and therefore i can't say i'm terribly interested until i see tangible things backed by a community that isn't as fucked as the grsec one 2017-05-06 21:25:48 we would obviously love to see grsec features reimplemented in a clean way, but we don't ever want to work with another spender 2017-05-06 21:26:10 is the bottom line 2017-05-06 21:26:15 I'm not familiar with spender. 2017-05-06 21:27:09 he is not the most pleasant person in the world to work with 2017-05-06 21:27:13 then, any suggestions on where I can find a pile of those script kiddies that want GRSEC, but will actually contribute? 2017-05-06 21:27:35 lmao good luck 2017-05-06 21:28:42 we don't actually want grsec itself 2017-05-06 21:28:44 we want something that is actually viable to maintain 2017-05-06 21:28:46 as has been demonstrated giant monolithic patches are not very maintainable now are they 2017-05-06 21:28:58 if the patch weren't 1.5x the size of the collected works of Shakespeare in text, I'd just take a stab at doing it myself. 2017-05-06 21:30:34 when spender first started going bonkers we started prototyping some aspects of grsec that we wanted 2017-05-06 21:30:58 when time permits we will probably engage the KSPP guys to see if they can take those prototypes and flesh them out 2017-05-06 21:31:49 cool. What parts are you considering trying to port? 2017-05-06 21:33:40 MPROTECT (as LSM) 2017-05-06 21:34:03 that's gonna be a huge project on its own, right there. 2017-05-06 21:34:17 not really 2017-05-06 21:34:25 oh? 2017-05-06 21:34:34 i implemented an MPROTECT LSM 5 years ago 2017-05-06 21:34:39 did quite well 2017-05-06 21:34:47 nice! 2017-05-06 21:35:33 Not touching PaX at all? 2017-05-06 21:36:19 and people do underrate selinux 2017-05-06 21:36:19 yes it's entirely awful to work with 2017-05-06 21:36:20 but it shows how powerful LSMs are capable of being 2017-05-06 21:37:19 what part of PaX? MPROTECT is part of PaX. sigh... 2017-05-06 21:37:42 there's a lot of PaX that is largely increasingly support for legacy platforms 2017-05-06 21:37:50 to emulate what is now hardware features 2017-05-06 21:38:00 and no i'm not at all interested in any of that 2017-05-06 21:38:31 every day the value for difficulty ratio drops further 2017-05-06 21:39:18 One of the things that has had me sold on GRsec for so long was that it could be used with other LSMs, including SELinux. Can your MProtect module do that? What might be involved in maintaining that feature to it? 2017-05-06 21:40:30 student0: UDEREF is worth implementing, but it looks like the KSPP guys are already working on it. 2017-05-06 21:40:31 student0: MPROTECT does not need to stack with SELinux 2017-05-06 21:41:06 student0: you would just implement W^X as an SELinux policy (the default policies already implement this, even) 2017-05-06 21:41:07 student0: a lot of the stuff on the grsecurity website is bullshit, really 2017-05-06 21:41:28 student0: keep in mind they want you to drop $500/mo/server on it, so they are going to mindfuck you a bit 2017-05-06 21:44:34 that's fair. Yet, it did seem like there was more going on past mprotect, and legacy-keeping. Was everything past that all smoke and mirrors? 2017-05-06 21:46:33 uderef is really a good feature to take 2017-05-06 21:46:46 a lot of PaX though is mitigation against hypothetical situations 2017-05-06 21:47:07 eh... some of them have gotten less and less hypothetical... 2017-05-06 21:47:13 so it is hard to assess value 2017-05-06 21:47:19 because some have gotten less hypothetical, yes 2017-05-06 21:47:41 either way, to succeed in getting security mitigations into a shape where they are maintainable, you have to do it incrementally. 2017-05-06 21:48:25 by far, MPROTECT and UDEREF are the key PaX features. other features can likely be achieved in more sustainable ways, such as compiling the kernel with clang and it's Control Flow Integrity plugin (which is in some ways similar to RAP) 2017-05-06 21:49:39 yeah, that USBkill script isn't hard to follow, on its own. But finding GRSec's implementation in that giant wall of patch... 0___0 2017-05-06 21:50:47 but you get into really wacky shit like 2017-05-06 21:50:48 "protection against a loaded kernel module overwriting an LSM's vtable" 2017-05-06 21:51:21 which then some grsec "enthusiasts" incorrectly draw the conclusion that PaX will protect them from this 2017-05-06 21:51:41 when the correct fix is "don't allow loading any new kernel modules to begin with" 2017-05-06 21:51:55 which comes back to having appropriate system policy 2017-05-06 21:53:37 student0: you may find https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project useful if you want to contribute to something right now 2017-05-06 21:59:05 that nuclear option on loadable modules can be drastic outside of a server environment. Last I had played with it, GRSEC made overwriting SELinux's vtable more opaque when I attacked it on my own system. Maybe I had SELinux set up wrong, maybe they've fixed it since then. But to my knowledge, the patch did add protection in that particular case. 2017-05-06 22:00:07 anyway 2017-05-06 22:00:27 MPROTECT LSM, brute-force protection and a few other things i already have patches for 2017-05-06 22:00:28 ;) 2017-05-06 22:02:52 It wasn't the magic perfect protection that people make it out to be, but it'll stop a script kiddie and slow down just about anyone. 2017-05-06 22:06:27 But I'm going to need some time looking around correlating what compile options reference what parts of the patch. I've always just trusted that patch implicitly, without really looking under the hood... I'm ashamed to admit that. But I know my way around the kernel. 2017-05-06 22:07:14 Say, for sortof informally diagramming the patch's functionality in my head, is there anything that I wouldn't find by searching in the menuconfig section? 2017-05-06 22:07:49 And yeah, the ol' Unix philosophy is absolutely superior. 2017-05-06 22:19:01 kaniini - where would I find your patches posted publicly? 2017-05-06 22:39:26 i do not presently have anything posted publicly. 2017-05-06 22:39:34 that will come later, as time permits 2017-05-06 22:39:40 as i need to rebase them anywasy 2017-05-07 01:34:55 why do I always get bugs on alpine which seem impossible? today: 0 sized meta packages listed in armhf index (x86_64 lists 4096) which apk is not able correctly 2017-05-07 02:19:30 well that was funny. I hacked abuild to build my packages in /tmp (tmpfs) which returns a size of 0 (instead of 4) for $pkgdir and therefore the whole package 2017-05-07 02:21:06 thats one mystery solved but I still wonder, what makes apk behave "drunk" when it sees a 0 byte package 2017-05-07 02:46:20 humm 2017-05-07 02:46:28 can you tell me how you created the 0 byte package? 2017-05-07 02:51:14 oh i see. use a tmpfs 2017-05-07 04:08:11 kaniini: Would you mind throwing some test cases at this when you get a chance? http://termbin.com/q6b6 2017-05-07 04:09:43 It's a simple tree-growth implementation that should be ~O(3N) 2017-05-07 04:10:57 Accepts deps in tab separated format, first column is the target, remainder are immediate deps. 2017-05-07 04:11:35 Builds complete dep chain for each target starting from root targets (those with only an entry in the first column) 2017-05-07 04:11:54 Can also build the broken dep chain 2017-05-07 04:12:55 So not a SAT solver, but also not NP complete complexity. 2017-05-07 04:15:11 To test, source the file and cat deplist to it. 2017-05-07 04:15:42 options to control which lists are printed are fwd-deps, broken-deps, fwd-raw, rev-raw 2017-05-07 15:39:33 can nginx-naxsi be pulled please ? 2017-05-07 16:02:12 kaniini: I need help! 2017-05-07 16:02:43 Can main/python[2-3]-tkinter be moved to main/py[2-3]-tkinter? 2017-05-07 16:02:59 I think it is better to keep those python modules py- 2017-05-07 16:04:37 I have added some added/updated some python packages, some will break stuff. 2017-05-07 16:05:05 But I don't get to split py3-numpy into py3-numpy-dev, not sure how. 2017-05-07 16:11:05 I hope d5409f57dd274647052e4a4d2057e1232a2a36a6 don't fix it that way. 2017-05-07 16:16:55 BitL0G1c: what modules from nginx-naxsi do you currently use/need? 2017-05-07 16:37:49 jirutka - I would like nginx without pax disabled - my server gets brute forced all the time 2017-05-07 17:31:34 ncopa: i think the gpg-remailer infra is fully done 2017-05-07 17:31:42 including automation :P 2017-05-07 18:35:43 clandmeter: ping 2017-05-07 18:56:12 pong 2017-05-07 21:04:06 Hello. =) 2017-05-07 21:08:01 I'm trying to compile glibc 2.25 on Alpine, keeping it in /opt (done this before with 2.22 on an older Alpine), but now I get a relocation error. 2017-05-07 21:08:35 After a ton of googling it seems to be related to gcc's hardened specs, but I'm not sure. 2017-05-07 21:09:53 It's rather weird as the command line (abbr.) is: gcc -nostdlib -nostartfiles -static -o ... some objs n' so ... crtn.o 2017-05-07 21:11:14 And the error it spits out is: .../ld: .../crt1.o: relocation R_X64_64_32S against symbol `__libc_csu_fini` can not be used when making a shared object; recompile with -fPIC 2017-05-07 21:11:51 But I'm rather certain that glibc's makefile doesn't lack -fPIC where necessary, AND the commandline has -static on it.. 2017-05-07 21:12:59 Only thing I've found that seem to, perhaps, be relevant is https://bugzilla.redhat.com/show_bug.cgi?id=1304277#c1 2017-05-07 21:24:41 Could the specs for gcc and ld differ in alpine? 2017-05-07 21:24:52 Longshot... 2017-05-07 21:28:00 : I'm trying to compile glibc 2.25 on Alpine … Don’t. Just don’t. 2017-05-07 21:28:27 jirutka: I know the pain. But it's not an option to me unfortunately. =/ 2017-05-07 21:28:51 nidan_: then use glibc-based distro 2017-05-07 21:28:55 jirutka: 2.22 worked on edge a couple of months (before 3.5) ago. 2017-05-07 21:29:12 jirutka: Not an option either. 2017-05-07 21:29:33 then Linux From Scratch…? 2017-05-07 21:29:50 im not sure what causes the issue you're encountering 2017-05-07 21:30:22 but it may be that glibc doesn't like static PIE 2017-05-07 21:30:27 That's an option in the long run, not right now though. I have a program that REALLY needs glibc that runs fine with glibc in /opt. 2017-05-07 21:30:48 Shiz: I'm rusty, fill me in? 2017-05-07 21:31:47 would this perhaps be more useful to you? https://github.com/sgerrand/alpine-pkg-glibc 2017-05-07 21:31:58 im afraid otherwise we can't really help you either 2017-05-07 21:33:26 Shiz: Probably, thanks for the hint! 2017-05-07 21:34:08 also, re: static PIE: the alpine toolchain supports statically linked PIE binaries which create a different ELF output type 2017-05-07 21:34:22 that may interfere with build processes that tinker with low-level details like detials of the generated ELF files 2017-05-07 21:34:28 may be that glibc's build process doesn't like that 2017-05-07 21:35:57 anyway, standard disclaimer from jirutka applies to above 2017-05-07 21:36:08 we don't support glibc, so any frustrations that arise from dealing with it are purely your own :P 2017-05-07 21:37:42 Shiz: Thanks. 2017-05-07 21:37:56 Shiz: Yeah, I know, just looking for hints. =) 2017-05-07 21:38:38 Come to think of it, it's been a long time since I tried that other software with libc6-compat, maybe it will work today. =) 2017-05-07 21:38:48 Spoken like a true optimist! =) 2017-05-07 21:39:14 :) 2017-05-07 21:39:44 if it's software you have source code for, i'll even help you porting it to musl and packaging it if that takes you away from glibc on alpine 2017-05-07 21:39:46 :P 2017-05-07 21:41:46 Shiz: I don't unfortunately.. I might be able to pull a few strings to get them to release a version that doesn't depend on glibc but I wouldn't get my hopes up. =/ 2017-05-08 14:03:18 kunkku, what is the private directory useful for in awall? 2017-05-08 15:32:13 clandmeter: it is for building modular policies 2017-05-08 15:32:37 kunkku hi 2017-05-08 15:32:43 the private policies are not shown in the UI but may be imported by other policies 2017-05-08 15:33:00 ok 2017-05-08 15:33:09 did something change with importing? 2017-05-08 15:33:29 not recently 2017-05-08 15:33:50 i think i had some old policies around 2017-05-08 15:34:57 which were including base policies, but it seems to work fine now without importing them. 2017-05-08 15:36:58 kunkku, if i define variables in an optional policy, they are automatically included in other optional policies? 2017-05-08 15:37:12 yes, variables are global 2017-05-08 15:37:54 if defined in multiple policies, the one processed later takes precedence 2017-05-08 15:38:05 hi kunkku 2017-05-08 15:38:22 what do you think about optional yaml support to awall 2017-05-08 15:38:28 something like this: http://tpaste.us/1vBE 2017-05-08 15:38:54 ncopa: why not.. Just haven't had time to work on that 2017-05-08 15:39:37 clandmeter: in which directory is your base policy stored? 2017-05-08 15:40:05 currently all my policies are in optional 2017-05-08 15:40:16 eww yaml :( 2017-05-08 15:40:58 clandmeter: the base policy should not be imported automatically unless enabled by 'awall enable' or imported by another policy 2017-05-08 15:46:05 ok 2017-05-08 15:57:06 Shiz yaml is nicer than json for hand written definitions 2017-05-08 15:57:34 yes but so is toml 2017-05-08 15:57:41 and yaml is a bug bulky gross insecure format :( 2017-05-08 15:58:45 my impression of toml was that its not that nice for nested structures? 2017-05-08 16:00:04 i liked it 2017-05-08 16:00:06 :p 2017-05-08 16:00:18 being able to do [mystruct.somesubthing.hello] is nice 2017-05-08 16:00:35 oh we even have lua-toml 2017-05-08 16:07:02 https://www.python.org/dev/peps/pep-0518/#other-file-formats 2017-05-08 16:07:10 seems like python adopted toml for some project metadat aformat too :P 2017-05-08 16:08:51 clandmeter: so the correct use of 'private' would be to put the base policy there and import from optional policies (assuming the base policy is not supposed to be used standalone) 2017-05-08 16:09:48 ncopa: btw, the remailer infra is up ;p 2017-05-08 16:15:48 Shiz nice! 2017-05-08 16:15:51 re toml 2017-05-08 16:16:25 this is the json variant: http://tpaste.us/pQ6n 2017-05-08 16:16:32 translated to toml: 2017-05-08 16:16:56 http://tpaste.us/Wamx 2017-05-08 16:17:31 https://txt.shiz.me/MjlkN2Q3YT 2017-05-08 16:17:42 or like that, yeah :) 2017-05-08 16:18:11 looks like the import and description got wrong with toml.encode 2017-05-08 16:29:09 ok i think we do toml instead of yaml 2017-05-08 16:29:34 we could possibly support all 3 too 2017-05-08 16:30:26 mm, i don't think there's anything toml can't do that yaml can 2017-05-08 16:30:34 and i really wouldn't want to encourage yaml :P 2017-05-08 16:30:40 brb 2017-05-08 16:35:29 ncopa: TOML supports nested structures; just it’s not so nice and readable as YAML, but that’s subjective 2017-05-08 16:35:48 ncopa: also YAML anchors may be very useful for firewall rules 2017-05-08 16:36:00 yes 2017-05-08 16:36:14 we currently dont support them in json 2017-05-08 16:36:21 so we have sort of a workaround 2017-05-08 16:36:32 i was checking if you can do anchors in toml but apparently you cannot 2017-05-08 16:37:00 and yes i had the impression that yaml was nice and readable 2017-05-08 16:37:04 I’m quite sure that JSON is the most stupid choice for hand-written config you can do… 2017-05-08 16:37:34 which is why i wanted to add support for yaml 2017-05-08 16:37:36 or toml 2017-05-08 16:37:37 you don’t need to add any special support for anchors into YAML, it just supports it natively, no hacks needed ;) 2017-05-08 16:37:43 i know 2017-05-08 16:38:08 I’m fan of adding support both for YAML and TOML 2017-05-08 16:39:02 I agree with Shiz about YAML, but still I prefer it often… some sane and secure subset of YAML would be great though 2017-05-08 16:39:20 i dont think we want any machine written yaml 2017-05-08 16:39:26 or read yaml from untrusted source 2017-05-08 16:39:47 we probably want json for that 2017-05-08 16:39:54 eg if we do web interface 2017-05-08 16:39:56 it’s about principle, YAML is anything but simple or lightweight… 2017-05-08 16:40:05 *nod* 2017-05-08 16:40:16 which is why i think it sould be optional 2017-05-08 16:40:24 not hard dependency 2017-05-08 16:40:28 but as I said, I’d personally prefer YAML anyway :P 2017-05-08 16:40:32 yep 2017-05-08 16:41:17 and ofc we have lua-toml, I added it some time ago as preparation for scripts around Cargo :P ;) 2017-05-08 16:41:40 lua5.3-toml-1.0-r4 installed size: 2017-05-08 16:41:40 36864 2017-05-08 16:41:50 lua5.3-lyaml-6.1-r1 installed size: 2017-05-08 16:41:50 94208 2017-05-08 16:41:57 and lyaml also depends on the c lib 2017-05-08 16:42:41 yaml-0.1.7-r0 installed size: 2017-05-08 16:42:41 122880 2017-05-08 21:31:35 hey guys 2017-05-08 21:31:37 allah is doing 2017-05-08 21:31:44 sun is not doing allah is doing 2017-05-08 21:31:46 to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger 2017-05-08 21:35:14 can we ban chatter29 here too 2017-05-08 21:36:32 how do i ban someone not joined? 2017-05-08 21:37:04 /mode #alpine-devel +b chatter29!*@gateway/* should work 2017-05-08 21:48:54 wow 2017-05-08 21:49:27 this is really the first time I see this kind of person on IRC 2017-05-08 21:50:46 <_ikke_> consus: seriously? 2017-05-08 21:50:55 yep 2017-05-08 21:51:04 no religious fanatics upon now 2017-05-08 21:51:19 <_ikke_> This is the short version 2017-05-08 21:51:34 *until 2017-05-08 21:55:16 they've been spamming freenode for a while 2017-05-08 21:55:26 supposedly it's not someone actually religious, but just wanting to annoy people 2017-05-08 21:55:30 but that's just what i heard somewhere 2017-05-08 22:09:54 how can i ban someone not on the channel? 2017-05-08 22:10:13 (Disconnected by services) 2017-05-08 22:10:22 its probably a bot 2017-05-08 22:11:17 <_ikke_> 23:37:04 Shiz │ /mode #alpine-devel +b chatter29!*@gateway/* should work 2017-05-08 22:11:38 i got disconnected sorry 2017-05-08 22:11:47 didnt see that the question got though 2017-05-08 22:11:48 <_ikke_> np, that's why I copy it 2017-05-08 22:14:40 :) 2017-05-08 23:55:30 main/py-larch : arch="noarch" I thought noarch means don't build, in contrast to all, which builds on all arch ? 2017-05-08 23:55:50 apparently community/obnam depends on py-larch and py-larch is not built 2017-05-08 23:57:59 should we change py-larch to arch="all" ? 2017-05-08 23:59:40 noarch means arch-independent 2017-05-08 23:59:53 it definitely should not be changed to all 2017-05-09 00:00:01 if it's not building that's an issue somewhere in builder infra 2017-05-09 00:01:25 http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/py-larch-1.20131130-r0.apk 2017-05-09 00:01:28 i see it appearing here just fine? 2017-05-09 00:01:44 what arch are you seeing the issues on? 2017-05-09 00:01:58 it was on s390x 2017-05-09 00:02:12 http://dl-cdn.alpinelinux.org/alpine/edge/main/s390x/py-larch-1.20131130-r0.apk 2017-05-09 00:02:14 appears to be there 2017-05-09 00:02:57 i was checking nl.a.o ... 2017-05-09 00:03:04 thought that is the main repo 2017-05-09 00:03:12 the main repo is rsync. 2017-05-09 00:03:15 a.o 2017-05-09 00:03:24 dl-cdn is a round-robin dns for the various mirrors 2017-05-09 00:03:37 nl ceased being the main repo a while back 2017-05-09 00:03:58 or i should say -- the main repo is wherever rsync.a.o points to 2017-05-09 00:04:02 that's not necessarily its canonical name 2017-05-09 00:04:33 yeah dl-cdn is pretty random due to cdn. i didn't know about rsync. 2017-05-09 00:05:01 so community/obname on s390x is probably a builder thing. guess just poke ncopa since I cannot do anything about it 2017-05-09 00:05:14 well, if it's on rsync it's not a builder thing 2017-05-09 00:05:38 it's on edge but on v3.6 no py-larch 2017-05-09 00:05:41 aha 2017-05-09 00:05:53 that's the thing i missed :p 2017-05-09 00:06:11 thank you Shiz :D 2017-05-09 00:06:28 i wonder if the 3.6 builders just build from edge 2017-05-09 00:06:33 there's no 3.6-stable branch yet 2017-05-09 00:06:51 I have no information about that since I don't have a touch on infra 2017-05-09 00:07:21 likewise 2017-05-09 00:07:22 :p 2017-05-09 00:09:27 :D 2017-05-09 00:48:02 I just pushed a pr to update flex to v2.6.4 and added its check funcs 2017-05-09 05:06:48 Hi ScrumpyJack, are you the maintainer of asciinema ? 2017-05-09 05:08:20 looks like asciinema has v1.3 and v1.4 out. Looks like it was rewritten by python (?) which fixes some bugs on s390x : https://github.com/asciinema/asciinema/issues/134. 2017-05-09 12:15:58 Shiz, did you manage to create a patch for syslogd? 2017-05-09 12:32:27 clandmeter: yeah 2017-05-09 12:32:31 there's a pr 2017-05-09 12:32:40 https://github.com/alpinelinux/aports/pull/1360 2017-05-09 12:52:46 _ikke_, around? 2017-05-09 13:09:22 tmh1999: your network is fucked, youre spamming joins/quits 2017-05-09 13:10:53 that's why I love weechat's smart filters 2017-05-09 13:11:19 <_ikke_> clandmeter2: tes 2017-05-09 13:11:21 <_ikke_> yes 2017-05-09 13:11:30 how is your status page? 2017-05-09 13:11:40 <_ikke_> http://ikke.info/alpinelinux_status.png 2017-05-09 13:11:58 <_ikke_> Everything looks alright 2017-05-09 15:21:43 Shiz, nice :) 2017-05-09 15:21:56 regarding syslogd 2017-05-09 21:31:16 any thoughts on appimage and flatpak? 2017-05-09 22:52:28 okay, a short introduction to the two revealed at least that flatpak, being Red Hat, requires systemd. That alone pretty much turns me away from it. 2017-05-09 22:53:31 TBB: IIRC flatpak does not require systemd 2017-05-09 22:53:53 TBB: what I remember from talk about flatpak at FOSDEM 2017-05-09 22:53:56 void packages flatpak without systemd 2017-05-09 22:53:58 afaik 2017-05-09 22:54:09 and we also have flatpak pkg, but don’t know in what state 2017-05-09 22:58:47 interesting. it says on the flatpak site they use systemd for setting up cgroups for sandboxes. 2017-05-09 22:59:13 that doesn’t mean that it’s *required* 2017-05-09 22:59:30 true 2017-05-09 23:11:34 well well, it's past 2 am already, I'll probably research that a bit more tomorrow 2017-05-10 08:06:36 fcolista: sorry typo for perl-number-format version -> should be 1.75 not 1.74 2017-05-10 08:09:20 tru_tru, : 2017-05-10 08:09:21 aports:master |Francesco Colista| testing/perl-number-format: upgrade to 1.75 | http://dup.pw/aports/3fb895dd 2017-05-10 09:17:40 fcolista: thx 2017-05-10 09:18:17 fcolista: the make test is disabled on purpose? 2017-05-10 09:18:27 tru_tru, yes 2017-05-10 09:19:50 can we try to fix the failure during "make test"? 2017-05-10 09:20:28 or it is a locale/glibc issue ? 2017-05-10 09:20:54 tru_tru, what's the reason ? 2017-05-10 09:21:00 does it not work? 2017-05-10 09:21:23 https://gist.github.com/truatpasteurdotfr/e20019cd06027775284e19779ed79d67 2017-05-10 09:22:00 Failed test 'euros' and Failed test 'rubles' 2017-05-10 09:22:43 tru_tru, i mean: what's the aim of fixing the make test? 2017-05-10 09:22:51 It might be related to locale, yes 2017-05-10 09:22:56 I didn't checked that 2017-05-10 09:23:49 Number::Format is a requirement for circos cf http://circos.ca 2017-05-10 09:24:33 if someone happen to use euros/rubles I would rather have it properly working 2017-05-10 09:24:59 makes sense 2017-05-10 09:31:58 https://github.com/gliderlabs/docker-alpine/issues/144 and https://github.com/rilian-la-te/musl-locales ? that way off my league! 2017-05-10 15:49:27 Is there any need for aports/abuild keys to be of type RSA, can i just use ECDSA instead without side effects? 2017-05-10 15:55:17 I'll just try and see if anything sets fire 2017-05-10 16:42:16 hi 2017-05-10 16:42:41 hi 2017-05-10 16:42:56 i think i will build openssh with pam support 2017-05-10 16:43:02 for two factor auth 2017-05-10 16:43:08 xentec: i am going to try to debug your 0-byte package thing in a bit 2017-05-10 16:43:32 thx. you need to work on a tmpfs to make it work 2017-05-10 16:43:46 xentec: yes 2017-05-10 16:44:09 ideally, we would build packages in a chroot using fakechroot 2017-05-10 16:44:25 that's something i want to work on in future 2017-05-10 16:44:49 elegast: apk-tools does not recognize ECDSA keys 2017-05-10 16:45:01 elegast: only RSA and DSA, and we're probably dropping DSA soon :) 2017-05-10 16:45:13 elegast: apk-tools 3 will support ED25519 keys 2017-05-10 16:45:18 maybe 2017-05-10 16:45:23 we're mulling over it 2017-05-10 16:45:35 NSA has quit using ECC crypto, which is eyebrow-raising 2017-05-10 16:46:05 kaniini: I've just remebered that I already have looked deeper I this issue. 2017-05-10 16:46:21 apk-tools/src/database.c:519 2017-05-10 16:46:32 yes, that is what i was suspecting 2017-05-10 16:46:38 If pkg size is 0, apk assumes it's a virtual package 2017-05-10 16:46:49 yes 2017-05-10 16:47:03 we likely need to add a flag for it 2017-05-10 16:47:15 it's no problem :) 2017-05-10 17:09:47 any comment on this: http://tpaste.us/9yn0 2017-05-10 17:09:59 it will break things for current PAM users 2017-05-10 17:10:08 unless thye have explicitly apk add linux-pam 2017-05-10 17:13:01 Oh, yes I missed thepart about apk not recognizing ECDSA keys 2017-05-10 17:18:02 nooo not pam 2017-05-10 17:18:48 Shiz other option to provide two factor auth to sshd? 2017-05-10 17:19:16 sadly not 2017-05-10 17:19:23 the idea here is 2017-05-10 17:19:33 most people will (hopefully) not use pam 2017-05-10 17:19:46 but we may want provide support for it for those who needs it 2017-05-10 17:19:59 so we split out libpam, which is only 60k or so 2017-05-10 17:20:10 this is the only lib openssh links to 2017-05-10 17:20:20 which means we add only 60k bloat 2017-05-10 17:20:58 if you actually want use it you will have to install the rest of pam with apk add linux-pam 2017-05-10 17:21:03 which is 1MB 2017-05-10 17:21:15 theres no pam-wheel though? 2017-05-10 17:21:44 tbh i\d rather have a separate openssh-pam (sub)pkg if we want to do that 2017-05-10 17:21:50 because i want nothing related to pam on my system 2017-05-10 17:21:57 ok 2017-05-10 17:22:01 thats the other option 2017-05-10 17:22:13 build sshd twice 2017-05-10 17:22:18 one with pam and one without 2017-05-10 17:22:25 thats probably a better idea 2017-05-10 17:22:34 :) that's one i can live with 2017-05-10 17:22:44 so you'll need to apk add openssh-server-pam or so 2017-05-10 17:22:51 *nod 2017-05-10 17:23:11 that also prevents full breakage for current pam users 2017-05-10 17:37:13 kaniini: are you sure ecdsa is not already supported? I just built grub from aports/testing and the process signed with my key successfully, then it installed successfully using apk add? 2017-05-10 17:38:16 Did it just silently ignore anything? If it didn't recognize my ecdsa key, should it not at the very least complain very loud during install? 2017-05-10 17:41:29 kaniini: about ECC crypto though, you're not trusting ECDSA becuase of potential NIST/NSA colaboration, which I understand, but then you *would* trust RSA? 2017-05-10 17:42:31 elegast: worse: it probably didn't verify anything at all 2017-05-10 17:42:58 oh. The install process doesn't verify out of the box? 2017-05-10 17:44:10 elegast: it should be. and it should have errored, but it didn't. 2017-05-10 17:44:15 elegast: https://git.alpinelinux.org/cgit/apk-tools/tree/src/package.c#n521 2017-05-10 17:44:36 heh. would you look at that 2017-05-10 17:44:52 RSA is more trustworthy than ECDSA 2017-05-10 17:44:53 sha512 it is 2017-05-10 17:44:55 imo 2017-05-10 17:45:05 that's not sha512, but rsa512 2017-05-10 17:45:09 :D 2017-05-10 17:45:11 err, yes 2017-05-10 17:45:17 ofcourse 2017-05-10 17:46:04 anyway, the nistp curves are sketchy because of the incomplete docs behind their generation and shown weaker security properties 2017-05-10 17:46:16 Well I would trust RSA over ECDSA for the sake of it being older, and thus proven. But as for the sake of NSA involvement, if you don't trust ECDSA for that reason, then you sure as heck can't trust RSA. 2017-05-10 17:46:17 combined with that the sudden move of NSA away from EC entirely... 2017-05-10 17:46:34 elegast: RSA seems fine at >2048 key lengths at present time, apk defaults to 4096 already 2017-05-10 17:46:53 Are they moving away? Or is that just to get everyone else to move away from it? 2017-05-10 17:46:53 elegast: why? 2017-05-10 17:46:55 elegast: to duplicate a key, many signatures would have to be factorized, which is too expensive for a 2048 bit key 2017-05-10 17:47:08 NSA wasn't involved in RSA, the NIST was provably involved in nistp curves 2017-05-10 17:47:10 ;p 2017-05-10 17:47:23 Well there's been many rumers about RSA/De Raadt/NSA collaboration 2017-05-10 17:47:27 elegast: yes. ECC is forbidden for top secret level classified documents 2017-05-10 17:47:39 see also: NSA suite 2 2017-05-10 17:47:45 ACTION envisions a future for apk with ed25519 though 2017-05-10 17:47:47 ;) 2017-05-10 17:47:52 elegast: yes, on IPsec products 2017-05-10 17:48:09 elegast: also note that RSA the corporation has nothing to do with RSA the algorithm 2017-05-10 17:48:13 elegast: which is different than RSA itself which predates de raadt being relevant at all 2017-05-10 17:48:26 the corporation was formed afterwards and does weird broken security products 2017-05-10 17:48:28 :P 2017-05-10 17:48:46 awk, I assumed rsa/ras inc/van dyke to be closely related 2017-05-10 17:48:51 have we now gotten to the part in the security troll where you discuss how great grsec is and how we're screwed now that grsec no longer exists? 2017-05-10 17:48:51 ;) 2017-05-10 17:49:42 lol no, im not trolling, my info is outdated more likely 2017-05-10 17:50:05 Shiz: yes, ed25519 likely 2017-05-10 17:51:03 I disagree that you can deduce facts about security by looking at what NSA publicly does, says or mandates in any way shape or form though. 2017-05-10 17:53:12 Anyway, the problem at hand is my build supposedly being signed when it's not and/or my apk install not veryfing at all or ignoring invalid signatures 2017-05-10 17:53:50 so I gotta get back to work, thanks for the info though, guys! 2017-05-10 18:06:09 or your key isnt what you think it is. 2017-05-10 18:17:04 ghehe 2017-05-10 18:17:08 im pretty sure 2017-05-10 18:17:11 so is openssl 2017-05-10 18:17:18 Enter PEM pass phrase: 2017-05-10 18:17:20 Private-Key: (521 bit) 2017-05-10 18:17:21 priv: 2017-05-10 18:17:23 XX: ... 2017-05-10 18:17:24 pub: 2017-05-10 18:17:26 XX: ... 2017-05-10 18:17:27 ASN1 OID: secp521r1 2017-05-10 18:17:29 NIST CURVE: P-521 2017-05-10 18:31:57 oh wow, this makes up for all the trouble though, ^C during the build process removes any installed dependencies that occurred during the build process :D 2017-05-10 18:33:12 I did a random "abuild -r" to test, and it started pulling in and isntalling two screens worth of dependencies .. so my first instinct was "sigh ... I should've chrooted this" but all is welll 2017-05-10 18:34:28 <_ikke_> righ 2017-05-10 18:34:41 <_ikke_> abuild -r removes the installeded dependencies again 2017-05-10 18:35:22 Ah. -.- ofcourse. I thought it stood for recursive 2017-05-10 18:36:13 <_ikke_> it just means install dependencies, but it also uninstalls them again after build 2017-05-10 18:36:57 mhm, yeah I'm happily surprised by the cleanup 2017-05-10 18:46:29 only after the build process has started though, not if its interrupted during the install phase of dependencies 2017-05-10 18:50:13 ok so, more on the key issue 2017-05-10 18:50:54 I have thusfar, made rsa keys instead of ecdsa, built another package, and it reported: >>> imapproxy: Signing the index... 2017-05-10 18:51:16 then I removed the pubkey from /etc/apk/keys 2017-05-10 18:51:42 apk complained about the signature 2017-05-10 18:51:44 as expected 2017-05-10 18:53:23 This means that if you sign packages with an ecdsa key (presumably any other key that isn't handled by apk, but a valid key none the less) you can get people to install the package without verification error 2017-05-10 18:53:59 Seeing how *none* of the repositories are serving on https by default, this is a pretty major security risk 2017-05-10 18:54:26 What's to keep me from intercepting the packages and feeding you my own, compromised version? 2017-05-10 18:54:54 All i have to do is sign them with a random key that openssl considers valid, but apk doesn't handle 2017-05-10 18:59:51 Or am I confused and is it not the package that is signed, but the repository index? 2017-05-10 19:05:52 kaniini: No, I think you are indeed mistaken, ecdsa is infact supported: Without my ecdsa key in the keystore, apk reports: WARNING: Ignoring /home/elegast/packages/testing/x86_64/APKINDEX.tar.gz: UNTRUSTED signature 2017-05-10 19:06:38 atleast as far as the signed index goes. 2017-05-10 19:06:40 or again your ecdsa key isn't an ecdsa key 2017-05-10 19:06:53 Openssl clearly says it is? 2017-05-10 19:07:03 look i'm not going to waste my time arguing with you about this 2017-05-10 19:07:13 enjoy your broken security 2017-05-10 19:07:29 ahem. 2017-05-10 19:07:35 Its YOUR broken security im enjoying. 2017-05-10 19:09:02 But if you find it a waste to discuss something that appears to be a security risk on this platform, on a vanilla install, that's fine 2017-05-10 19:09:24 elegast, currently apk verifies index's signature, if it is valid the packages are trusted as long as their index hash matches the package hash 2017-05-10 19:09:35 that is package signature is not verified if index says it's good 2017-05-10 19:10:13 Ok that makes sense. Thank you fabled 2017-05-10 19:11:18 that's something we probably change in long term 2017-05-10 19:11:32 but that's the current behaviour 2017-05-10 19:25:30 Shiz: care to explain the pam hate? or place a link to something which does? 2017-05-10 19:26:33 I don't have a link straight-up handy, but the gist of it comes down to two things for me 2017-05-10 19:26:44 1) pam configuration is weird and unwieldy 2017-05-10 19:26:59 2) authentication by loading 3rdparty shared libraries in your address space is a ~very bad idea~ 2017-05-10 19:27:22 no matter what role you give to the shared library, it can just manipulate its way into breaking your auth completely 2017-05-10 19:27:36 even if you tell pam to use it only for logging, or treat its return value as nonauthorative, etc 2017-05-10 19:28:08 (and it won't work for static binaries, for obvious reasons) 2017-05-10 19:30:38 something like bsdauth is a way better idea since it performs process and privilege isolation 2017-05-10 19:34:44 I see. And while bsdauth is, as you say, better, the linux world is locked on pam right now, I guess? 2017-05-10 19:35:46 yeap. 2017-05-10 19:40:06 fabled: yes, but ECDSA is not supported for indexes 2017-05-10 19:41:24 elegast: what method did you use to generate the ECDSA key? 2017-05-10 19:42:01 kaniini: side-note: do you have the source code for that W^X LSM of yours anywhere? 2017-05-10 19:43:36 Shiz: not right now, i will have to dig out an old machine 2017-05-10 19:43:41 right 2017-05-10 19:43:54 anyway 2017-05-10 19:43:58 sig=".SIGN.RSA.$keyname" 2017-05-10 19:44:08 is in the abuild-sign 2017-05-10 19:44:09 hmm 2017-05-10 19:44:12 that's concerning 2017-05-10 19:44:26 lol 2017-05-10 19:44:30 elegast: i think it works by side effect 2017-05-10 19:52:46 i mean, i guess 2017-05-10 19:52:56 maybe we should add ecdsa support to abuild-keygen 2017-05-10 20:09:12 re pam, since its a lib, you may need run your big app as root to access /etc/shadow 2017-05-10 20:09:30 with bsdauth, you do that with a separate process 2017-05-10 20:09:40 eg proper priv sep 2017-05-10 20:10:01 yep 2017-05-10 20:10:23 so yes, i agree re pam. want avoid if possible 2017-05-10 20:10:52 unfortunally there are not many alternatives on linux 2017-05-10 20:11:18 we should tag rc1 2017-05-10 20:45:42 wee 2017-05-10 20:46:16 ncopa: Shiz thanks for pulling my pr for flex 2017-05-10 20:46:48 I have a few others that would be nice if they got merged and Id start contributing more lol 2017-05-10 20:47:07 if you link em i can at least check em 2017-05-10 20:51:44 sure will do 2017-05-10 20:53:51 Shiz: https://github.com/alpinelinux/aports/pull/1315 https://github.com/alpinelinux/aports/pull/1311 https://github.com/alpinelinux/aports/pull/1310 https://github.com/alpinelinux/aports/pull/1308 https://github.com/alpinelinux/aports/pull/1307 2017-05-10 20:53:57 lots to look at 2017-05-10 21:02:07 question if I need to disable fortify_source on a pkg to get it to compile will that be an issue in getting it merged 2017-05-10 21:02:20 yes 2017-05-10 21:02:37 k thought so 2017-05-10 21:02:54 so unless the devs want to work on the hardening aspect or I do then its not gonna work 2017-05-10 21:02:56 got it thanks 2017-05-10 21:02:56 ncopa: i am down for bringing in BSD auth 2017-05-10 21:06:53 same but i don't think there's an existing port to linux for it 2017-05-10 21:42:02 useful git alias for merging github PRs: 2017-05-10 21:42:04 git config --global alias.merge-pr '!git checkout origin/pr/$1 && git rebase ${2:-master} && rev=$(git rev-parse HEAD) && git checkout ${2:-master} && git merge --ff-only $rev && echo "pr merged:"' 2017-05-10 21:42:46 and the relevant .git/config for the aports repo to go with it: https://txt.shiz.me/YmIxMzA3Zj 2017-05-10 21:57:42 Shiz, what about something like http://tpaste.us/XE9l 2017-05-10 21:58:04 ACTION snorts 2017-05-10 21:58:06 :P 2017-05-10 21:58:09 yeah that also works 2017-05-10 21:58:49 :) 2017-05-10 22:01:21 i think we could add something similar to abuild 2017-05-10 22:01:33 not to abuild itself but the pkg 2017-05-10 22:01:40 like we did with abump 2017-05-10 22:02:33 arch3y_: i *think* i reviewed them all 2017-05-10 22:02:35 :P 2017-05-10 22:02:45 Shiz: sure no worries thanks 2017-05-10 22:03:02 clandmeter: re your script: first quoting is superfluous (PR=$1 is good enough, even if there are spaces in $1), yet you forgot to quote $PR in curl line, so it wouldn't work with arg having space. not that it truly matters in this case, because there is almost no chance that arg having space will be provided here, but just a friendly reminder to be careful with variables in shell 2017-05-10 22:03:28 i bet ncopa has a lot of useful stuff in his /usr/local/bin :) 2017-05-10 22:03:35 przemoc, yes im aware 2017-05-10 22:03:45 arch3y_: also a general remark: except the one where you added options="!check", please add a check() or an options="!check" (with a comment explaining why) 2017-05-10 22:04:01 przemoc, pr 2017-05-10 22:04:04 grr 2017-05-10 22:04:04 (for binaries, even if upstream has no test suite, a simple smoke test in check() { } that verifies if the binaries run is better than nothing) 2017-05-10 22:04:20 keyboard... 2017-05-10 22:04:24 life... 2017-05-10 22:04:25 I know 2017-05-10 22:04:56 (thanks for contributing! hope i wasn't too hard on ya ;p) 2017-05-10 22:07:11 arch3y_: could you tell me your abuild version? 2017-05-10 22:07:17 it shouldn't be generating md5sum/sha256sums anymore 2017-05-10 22:07:38 possibly straight from 3.5 one 2017-05-10 22:12:23 re checksums: it would be so much nicer if they were always starting in new line (the one with =" would simply have \ at the end), it's aesthetically killing me whenever I see first line of checksums not lining with the rest. diffs would be much nicer then too 2017-05-10 22:16:30 maybe we could introduce such change in next abuild? not sure what others think. 2017-05-10 22:17:58 anyway, it was very short visit, so short that I haven't changed my away status, and it's sleep time, so gn everyone (at least those relatively close to UTC) 2017-05-10 22:20:35 Shiz: sure can do Im building from edge I think at first I wasnt 2017-05-10 22:20:43 so that might be why one moment 2017-05-10 22:21:30 if abuild is part of apk-tools Im on 2.7.1 2017-05-10 22:21:46 Ill go back and sqaush my commits as well 2017-05-10 22:22:19 it's its own package :P 2017-05-10 22:22:27 but edge vs 3.5 will probably do it 2017-05-10 22:22:54 yeah I started out on 3.5 2017-05-10 22:23:02 then I realized I should be on edge 2017-05-10 22:23:06 so that was my bad 2017-05-10 22:23:29 got any tips on a good way to sqaush my commits Ive never done that before having to research it 2017-05-10 22:27:15 sure 2017-05-10 22:27:20 sorry, i was reviewing some stuff 2017-05-10 22:27:32 arch3y_: # git rebase -i HEAD~ 2017-05-10 22:27:35 no worries 2017-05-10 22:27:59 then just change the `pick` into `squash` for all commits aexcept the last 2017-05-10 22:28:11 and possibly change `pick` to `reword` for the last if it's needed 2017-05-10 22:28:27 hmm k Ill give it a shot 2017-05-10 22:28:43 and finally, you need to `git push --force` after that's all done, since you're rewriting history :) 2017-05-10 22:28:49 (which is okay for PRs) 2017-05-10 22:28:58 yeah I hate force lol 2017-05-10 22:29:04 but if you say its ok then its ok 2017-05-10 22:29:22 for PRs it's fine, for actual branches people clone from/use, it's not 2017-05-10 22:29:25 :P 2017-05-10 22:34:38 yeah make sense it would make ppl fairly upset 2017-05-10 22:35:03 anything I can do to help my prs go in faster 2017-05-10 22:36:20 not specifically, we got a bit of a pr backlog 2017-05-10 22:36:25 i'm trying to go through them to at least review stuff 2017-05-10 22:36:47 gotcha I figured it be bad to just have a bunch of prs in there and have more and more added 2017-05-10 22:36:56 so I slowed down to keep the log lower then normal 2017-05-10 22:39:40 nah it's fine 2017-05-10 22:39:45 do keep adding things :P 2017-05-10 22:40:02 ok will do cause I plan on working to get unmaintained cleaned up 2017-05-10 22:40:11 there is a few things that could be added that could be useful 2017-05-10 22:40:28 :) 2017-05-10 22:40:37 as mentioned in the PRs, be sure to be willing to actually maintain them too :) 2017-05-10 22:41:43 true thats the goal some of them I did skimp on a bit 2017-05-10 22:42:47 can we wait with adding more stuff til after 3.6 release? 2017-05-10 22:43:07 yes Im just gonna fix up my prs you dont have to add them 2017-05-10 22:43:08 fine by me, I just reviewed the PRs 2017-05-10 22:43:10 :) 2017-05-10 22:43:18 didn't merge any ones that added stuff 2017-05-10 22:43:24 we can purge stuff thats older than 6months in unmaintained 2017-05-10 22:43:48 im ok with adding stuf that is high prio, critical or that we really want in 3.6 release 2017-05-10 22:44:18 yeah we're in the release cycle now so it's best to wait a bit with adding random things 2017-05-10 22:44:36 and the stuff Im working on are most certainly random 2017-05-10 22:44:44 but i figure we could at least provide feedback on the PR backlog heh 2017-05-10 22:44:45 what we should do is look over the bugs on bugs.a.o 2017-05-10 22:44:46 Im just looking for ways to help out anyway I can 2017-05-10 22:44:59 that is useful it helps keep ppl committing 2017-05-10 22:45:04 ncopa: btw what's the best approach for a PR that affects an arch i can't personally test on? 2017-05-10 22:45:09 (ppc64le) 2017-05-10 22:45:41 probably talk with arch maintainer, for ppc64le its leitao 2017-05-10 22:45:44 i should probably get a b.a.o account 2017-05-10 22:45:45 but 2017-05-10 22:45:52 yes you should 2017-05-10 22:46:09 wew 911 bugs open 2017-05-10 22:46:14 might be we can get you a container with ppc64le 2017-05-10 22:47:05 it has no super high prio, just a PR i was looking at and wondering to approach 2017-05-10 22:47:13 i'll poke leitao_ to check it next time i see them :p 2017-05-10 22:47:27 there was a bug about installer, that the setup-wifi does not support spaces in ssid 2017-05-10 22:47:35 i was thinking 2017-05-10 22:47:52 what if we could make a prompt with history and tab-completion support? 2017-05-10 22:48:00 using linenoise 2017-05-10 22:48:51 sounds fancy 2017-05-10 22:48:55 i didn't even know we had setup-wifi 2017-05-10 22:48:57 is it new? 2017-05-10 22:49:21 (account made) 2017-05-10 22:49:45 a couple of years old i think 2017-05-10 22:49:50 huh 2017-05-10 22:49:57 well i can't claim to have ever installed alpine on a wifi box :p 2017-05-10 22:50:10 thats why you havent seen it :) 2017-05-10 22:50:20 im happy the installer works as supposed 2017-05-10 22:50:28 i'm not sure if history is needed for SSIDs though 2017-05-10 22:50:42 no, but tab-completion would be nice 2017-05-10 22:52:21 yeah 2017-05-10 22:52:25 especially with my SSID 2017-05-10 22:52:42 https://up.shiz.me/ZDEwMTY1.png 2017-05-10 22:52:44 :p 2017-05-10 22:53:25 lol 2017-05-10 22:54:12 i like the ssid "Connecting..." 2017-05-10 22:55:02 but the idea with tab-completion could also be used for the other questions 2017-05-10 22:55:19 like network interface, eth0... etc 2017-05-10 22:55:49 i was also thinking of chaning the prompt to always be on a new line 2017-05-10 22:56:15 Select which blabla [default]: 2017-05-10 22:56:18 > 2017-05-10 22:56:54 so i was thinking of a general purpose tool for promting for questions 2017-05-10 22:57:18 Is there a way to ask apk for where an installed package came from? Repo or which key has signed it? 2017-05-10 22:57:27 apk policy 2017-05-10 22:57:51 hmm, re xorg 2017-05-10 22:58:07 as i understand the xf86-video-vesa is out nowdays 2017-05-10 22:58:20 better to use xf86-video-modesetting as general purpose driver? 2017-05-10 22:58:47 the xf86-video-input-keyboard and xf86-input-mouse are replaced with xf86-input-evdev 2017-05-10 22:58:54 ncopa: Ok. Hehe, well, I've compiled gcc but didn't rename the package to something other than gcc, so now, after apk fix gcc, I'm not really 100% sure if it's the official alpine package I've got or if it's my own. 2017-05-10 22:58:59 which seems to be replaced with xf86-input-libinput? 2017-05-10 22:59:17 And I'd like to test something before rebuilding the package, it takes a while. 2017-05-10 22:59:39 this should answer your q: apk policy gcc 2017-05-10 23:00:03 so i wonder, what would be the best, general purpose xorg install? 2017-05-10 23:00:08 ncopa: big thing there 2017-05-10 23:00:09 install all of the drivers? 2017-05-10 23:00:11 -evdev NEEDS udev 2017-05-10 23:00:17 -libinput as well right now, i think 2017-05-10 23:00:23 ncopa: I did that, the output is a bit ambigous to me. 2017-05-10 23:00:50 nidan_: could you paste it? 2017-05-10 23:01:04 i think we pull in udev anyway 2017-05-10 23:01:09 Shiz: I can retype it. =) 2017-05-10 23:01:21 ncopa: also re #7271 im thinking of just adding su-exec to depends= and using that 2017-05-10 23:01:27 su - is very flaky anyway... 2017-05-10 23:01:49 i mean, we need udev for xorg to have hotplugging work 2017-05-10 23:02:09 otherwise you cannot plug an usb mouse without restarting xorg 2017-05-10 23:02:22 so i think the simple xorg setup should depend on udev 2017-05-10 23:02:47 people who wants set up xorg without will have to do it manually 2017-05-10 23:02:56 ah, you're talking about setup-xorg? 2017-05-10 23:02:59 yes 2017-05-10 23:03:02 right 2017-05-10 23:03:04 yeah then probably 2017-05-10 23:03:07 i think libinput is newer/fancier 2017-05-10 23:03:12 i wouldnt install all video drivers though 2017-05-10 23:03:15 thats a lot of them 2017-05-10 23:03:22 so which should be installed? 2017-05-10 23:03:28 is it enough to install modesetting? 2017-05-10 23:03:34 how about prompting the user after making an initial guess for some common ones? 2017-05-10 23:03:50 i want avoid promting 2017-05-10 23:03:53 Shiz: 2017-05-10 23:03:55 gcc policy: 2017-05-10 23:03:55 6.3.0-r4: 2017-05-10 23:03:55 lib/apk/db/installed 2017-05-10 23:03:55 /m2/alpine/edge/main 2017-05-10 23:03:55 right 2017-05-10 23:03:57 6.3.0-r4: 2017-05-10 23:03:59 /home/user/packages/smurf 2017-05-10 23:04:08 nidan_: installed 2017-05-10 23:04:11 nidan_: then it's using the one from your edge repo 2017-05-10 23:04:18 assuming /m2/alpine/edge is like, the alpine repo 2017-05-10 23:04:19 comes from /m2/alpine/edge/main 2017-05-10 23:04:35 the entry that has lib/apk/db/installed is the one that is installed 2017-05-10 23:05:00 s/your/alpine's/g 2017-05-10 23:05:22 the setup-xorg is for like, have a livecd that boots directly into xorg 2017-05-10 23:05:34 i see you have expansion plans? :P 2017-05-10 23:05:37 So, considering that the repos are listed with the smurf repo first in the /etc/apk/repos file - if what you said Shiz is correct, how do I get apk fix to get gcc from the smurf repo? 2017-05-10 23:05:46 nidan_: two options 2017-05-10 23:05:47 Or do I have to apk del gcc ; apk add gcc? 2017-05-10 23:05:53 first, bump your pkgrel in packages you make yourself 2017-05-10 23:05:56 that is the proper option 2017-05-10 23:06:06 apk will pick the newest 2017-05-10 23:06:10 ^ 2017-05-10 23:06:20 if they have same version apk will think its same thing 2017-05-10 23:06:23 if you make changes from alpine packages that affect the outcome package, you should bump pkgrel 2017-05-10 23:06:34 pkgrel is how apk differentiates different packages with the same upstream version 2017-05-10 23:06:42 Shiz: ncopa: Yeah, I know, I forgot, rebuilding takes a while and I want to test that compiler sort of now. =) 2017-05-10 23:06:49 nidan_: what you can also do (I think) 2017-05-10 23:06:55 is add a tag to your repos in /etc/apk/repositories 2017-05-10 23:06:56 and do 2017-05-10 23:07:00 apk del gcc && apk add gcc@myrepotag 2017-05-10 23:07:05 alternatively you can add a pinned repo and do apk add gcc@myrepo 2017-05-10 23:07:11 (tag format is just tag http://myrepo instead of http://myrepo) 2017-05-10 23:07:11 :) 2017-05-10 23:07:13 :p 2017-05-10 23:07:26 Ok, I'll test that. 2017-05-10 23:07:50 https://git.alpinelinux.org/cgit/alpine-conf/tree/setup-xorg-base.in 2017-05-10 23:07:50 Thanks a lot, hopefully you've saved me from looking at my scrolling screen for 20 minutes. =) 2017-05-10 23:08:06 i wonder what to install as base packages 2017-05-10 23:08:38 users can always add extra drivers if they want 2017-05-10 23:09:07 i don't think there's a single base package that actually works for most drivers even decently 2017-05-10 23:09:18 modesetting? 2017-05-10 23:10:08 im ok if it works with the 5 most common hw setups 2017-05-10 23:10:35 eg qemu vmware virtualbox intel nvidia amd 2017-05-10 23:10:48 right 2017-05-10 23:10:55 but, as i understand, vesa is no good fallback anymore? 2017-05-10 23:11:08 modesetting worked on my macboot at least 2017-05-10 23:11:21 (i think it maybe made wifi go nuts though) 2017-05-10 23:11:37 lol wat 2017-05-10 23:11:44 i suspect it did 2017-05-10 23:11:50 modesetting is a better fallback IF the gpu supports DRM 2017-05-10 23:11:54 vesa is more generic 2017-05-10 23:12:02 is it possible to prio driver loads? 2017-05-10 23:12:11 if so i'd add both but prio modesetting over vesa 2017-05-10 23:12:23 https://git.alpinelinux.org/cgit/alpine-conf/tree/setup-xorg-base.inv 2017-05-10 23:12:28 its s stupid shells cript 2017-05-10 23:12:48 i mean in xorg itself, rather 2017-05-10 23:12:48 we could look for /dev/dri/card* 2017-05-10 23:13:09 that's a good idea 2017-05-10 23:13:32 is the ps mouse stuff needed? 2017-05-10 23:13:47 that is my question 2017-05-10 23:13:49 or more accurately, do people still use ps mice :p 2017-05-10 23:13:53 i dont think it is 2017-05-10 23:14:04 i think libinput or evdev should be enough? 2017-05-10 23:14:15 i dont know how xorg prio if both are there 2017-05-10 23:14:16 yes 2017-05-10 23:14:23 libinput/evdev should support ps2 stuff 2017-05-10 23:14:25 Shiz: ncopa: Isn't the synaptics touchpads on laptops ps/2? 2017-05-10 23:14:30 the in-kernel mouse stuff is a bit dreadful 2017-05-10 23:14:36 nidan_: no, that's xf86-input-synaptics 2017-05-10 23:14:38 :) 2017-05-10 23:14:56 Sorry, I knew that. =P 2017-05-10 23:15:30 i think libinput replaces synaptics too 2017-05-10 23:15:38 But it's not USB, iirc, it uses the same bus etc, i.e, ps/2. But its own driver, right? 2017-05-10 23:15:55 i replaced synaptics with libinput on my macbook recently to get reverse scrill working 2017-05-10 23:15:59 scroll* 2017-05-10 23:16:23 in not sure 2017-05-10 23:19:24 ah 2017-05-10 23:19:30 yeah i guess libinput is universal 2017-05-10 23:19:36 nidan_: depends on your specific laptop i think 2017-05-10 23:19:42 but i'm sure its ps/2 on some stuff 2017-05-10 23:19:46 but it is its own driver, yeah 2017-05-10 23:20:12 Yay! Glibc compiles with the new gcc. =) 2017-05-10 23:20:40 what did you change? 2017-05-10 23:20:54 ncopa: might be that -synaptics is still needed on older computers 2017-05-10 23:21:41 ncopa: oh: 2017-05-10 23:21:49 "the xf86-input-libinput package, which is "a thin wrapper around libinput and allows for libinput to be used for input devices in X. This driver can be used as as drop-in replacement for evdev and synaptics."" 2017-05-10 23:21:56 seems like all we need is libinput 2017-05-10 23:23:21 Shiz: Disabled a few patches, removed unwanted languages. Removing the unwanted languages was just to save compilation time right now, and I have disabled 5 patches. I'll dig down until I find which one is bugging me (I have my suspicions) and then determine what to do. 2017-05-10 23:23:31 :) 2017-05-10 23:27:09 ugh libinput is balls-deep integrated with udev 2017-05-10 23:27:11 :( 2017-05-10 23:31:24 Why? 2017-05-10 23:32:20 I mean, why integrate them? udev is overengineered as it is with its own rule-parsing syntax etc etc. And all it's supposed to to is run something when the kernel sends hotplug events.. 2017-05-10 23:32:37 Why integrate libinput with that? 2017-05-10 23:33:00 libinput probably wants get notified when you plug new device 2017-05-10 23:33:07 eg new usb mouse 2017-05-10 23:33:22 ok, i'll use libinput only for now 2017-05-10 23:33:39 what to do if there are no /dev/dri/card*? 2017-05-10 23:33:48 xf86-video-vesa? 2017-05-10 23:34:16 So, why doesn't libinput just listen to a socket? And udev can write a message there? Or listen to the kernel directly, it's probably easier than interfacing against udev.. 2017-05-10 23:34:42 wild guess: so you dont need set up netlink socket yourself 2017-05-10 23:34:47 I'll stop arguing, it's not my code, there are other things to fix. First. 2017-05-10 23:34:54 +1 2017-05-10 23:35:01 =) 2017-05-10 23:35:21 im not saying its a good idea or good design... and tbh, i dont care that much as long as it works :) 2017-05-10 23:36:11 ncopa: yeah vesa 2017-05-10 23:36:24 i'd also add -video-nouvea, -video-amd-gpu and -video-intel 2017-05-10 23:36:26 :) 2017-05-10 23:36:34 I care for one simple reason; code complexity is inverse proportional (probably inverse exponentially proportional) to security. =) 2017-05-10 23:36:42 maybe parse lspci first? 2017-05-10 23:36:50 amdgpu* 2017-05-10 23:37:01 ncopa: i don't think busybox lspci has device names :( 2017-05-10 23:37:11 apk add pciutils 2017-05-10 23:37:16 But I just said I should stop arguing, as I probably just waste your time atm, sorry about that. =) 2017-05-10 23:37:55 ah 2017-05-10 23:38:09 i wonder if its enough to install hwdata-* 2017-05-10 23:38:46 busybox lspci doesn't parse hwdata 2017-05-10 23:38:48 nope 2017-05-10 23:39:12 ok, i think we can apk add pciutils, you proabaly want that on a desktop anyways 2017-05-10 23:39:27 hehe 2017-05-10 23:39:47 i think hwdata-pci is enough on its own 2017-05-10 23:39:51 and that's already a dep of pciutils 2017-05-10 23:39:53 :) 2017-05-10 23:40:05 gotta be careful with detecting intel for obvious reasons... 2017-05-10 23:41:53 ncopa: lshw might be useful 2017-05-10 23:42:21 *shrug* i dont have it installed on my desktop currently 2017-05-10 23:42:29 or maybe just grepping for VGA output in lspci is enough 2017-05-10 23:42:31 there might be alot of tools that might be useful 2017-05-10 23:42:38 yes, thats what im thinking 2017-05-10 23:44:47 if /dev/dri/card* exists, should we bother look for intel/nvidia/amd? 2017-05-10 23:44:54 yes 2017-05-10 23:45:03 the specific drivers are better than modesetting 2017-05-10 23:45:14 so we add the driver in addition to modesetting? 2017-05-10 23:45:16 modesetting should just be the first fallback after specific drivers 2017-05-10 23:45:22 ok 2017-05-10 23:45:38 imo it would be: 2017-05-10 23:45:50 # specific driver detection 2017-05-10 23:46:15 if test -f /dev/dri/card* ; then fallback=xf86-video-modesetting else fallback=xf86-video-vesa ; fi 2017-05-10 23:46:19 apk add $specific $fallback 2017-05-10 23:46:21 :P 2017-05-10 23:47:37 anyone has nvidia and can give me the `lspci | grep -w VGA` output? 2017-05-10 23:48:20 i also wonder if we should try detect older AMD like r128 etc 2017-05-10 23:48:24 04:00.0 VGA compatible controller: NVIDIA Corporation G94 [Quadro FX 1800] (rev a1) 2017-05-10 23:48:28 from a random google 2017-05-10 23:48:30 ;) 2017-05-10 23:48:34 ha 2017-05-10 23:48:44 im glad we have smart ppl on the chan :) 2017-05-10 23:48:57 grep -i nvidia should work just fine i think 2017-05-10 23:49:17 its a case "$vgaline" in... 2017-05-10 23:49:18 also keep in mind the following: specific drivers should be able to be multiple ones 2017-05-10 23:49:25 cause there can be multiple vga lines 2017-05-10 23:49:33 (multiple GPUs) 2017-05-10 23:51:45 yup 2017-05-10 23:51:57 and multiple /dev/dri/card* 2017-05-10 23:53:43 Gah! "... must not put anything under ... or /opt" <- What's the rationale? 2017-05-10 23:53:49 http://tpaste.us/ZVm9 2017-05-10 23:54:30 nidan_: /opt is not for distro packages 2017-05-10 23:54:36 thus, abuild packages should not put anything there 2017-05-10 23:54:43 http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s13.html 2017-05-10 23:54:52 apk should not install anything there 2017-05-10 23:55:37 irritating, I had my ram-only install working fine and now it doesn't seem to reinstall any packages on boot :{ 2017-05-10 23:55:44 It's the law. =) 2017-05-10 23:55:46 =) 2017-05-10 23:55:53 Klowner: do you have an apkovl? 2017-05-10 23:57:09 if ! options_has "!fhs"; then <- Thank yoooouuu... =D 2017-05-10 23:58:37 ;) 2017-05-10 23:58:48 Klowner might need an apk cache sync 2017-05-11 00:00:34 anybody want hepl test http://tpaste.us/ZVm9 ? 2017-05-11 00:00:44 if I `apk upgrade` after booting it installs everything just fine 2017-05-11 00:01:34 apk upgrade before reboot should also worked 2017-05-11 00:01:46 i think its the apk cache that got out of sync 2017-05-11 00:01:52 ncopa: i think we should always add the fallback one 2017-05-11 00:02:04 because nouveau or amdgpu may not recognize newer/older/random cards from their brand 2017-05-11 00:02:05 ah 2017-05-11 00:02:43 good point 2017-05-11 00:02:59 http://tpaste.us/lMzN 2017-05-11 00:03:16 bah 2017-05-11 00:03:21 btw other one to add: *VMware* -> xf86-video-vmware 2017-05-11 00:03:36 3 different thoughts at same time, 3 different variables 2017-05-11 00:03:47 :) 2017-05-11 00:04:36 we may want to detect virtualbox and add virualbox-guest-additions-hardened too 2017-05-11 00:04:48 err 2017-05-11 00:05:00 virtualbox-additions-hardened and virtualbox-guest-modules-hardened 2017-05-11 00:05:03 confusing package names... 2017-05-11 00:05:23 should those be installed with xorg? 2017-05-11 00:05:29 or from setup-alpine 2017-05-11 00:06:23 should we install a fallback font package too? 2017-05-11 00:06:41 or some base font packages? 2017-05-11 00:06:59 xorg-server is useless without any fonts 2017-05-11 00:08:17 maybe from somewhere else yes 2017-05-11 00:08:52 we should at lesat install ttf-freefont (which should be renamed font-freefont imo) 2017-05-11 00:09:17 font-noto seems good too 2017-05-11 00:09:27 this is the minimal base 2017-05-11 00:09:32 for xorg 2017-05-11 00:09:46 the idea is to use setup-xorg-base from setup-desktop 2017-05-11 00:09:56 where you can select xfce or mate or similar 2017-05-11 00:10:06 well the universal base font package is unifont 2017-05-11 00:10:08 :P 2017-05-11 00:10:20 i'd still consider adding font-noto to it 2017-05-11 00:23:06 gn! 2017-05-11 00:23:23 nidan_: gn 2017-05-11 00:24:24 unifont seems big 2017-05-11 00:24:39 because it covers every glyph 2017-05-11 00:24:41 :P 2017-05-11 00:24:57 so we do ttf-freefont 2017-05-11 00:25:09 should we rename all the ttf-* packages while at it? 2017-05-11 00:25:12 to font-* 2017-05-11 00:25:24 yeah 2017-05-11 00:26:20 unifont is 17M 2017-05-11 00:26:28 to big for default font 2017-05-11 00:43:26 one thing i'd like to do before 3.6 too 2017-05-11 00:43:32 the setup-keymaps 2017-05-11 00:43:50 i think we have a package with pregenerated keymaps 2017-05-11 00:44:04 for busybox loadkbd or what its called 2017-05-11 00:44:17 its generated from kbd package 2017-05-11 00:44:43 i think we should generate those keymaps from xorg keymaps 2017-05-11 00:44:50 i think that is what other distros do 2017-05-11 00:47:12 the bkeymaps you mean 2017-05-11 00:47:37 yes 2017-05-11 00:47:47 but i think it should be a subpackage of kbd 2017-05-11 00:47:57 and generated at package build 2017-05-11 00:48:06 wow this is so old it uses portage stuff 2017-05-11 00:48:08 :P 2017-05-11 00:48:17 the current tarball is probably 10 years... 2017-05-11 00:48:21 yes :) 2017-05-11 00:48:44 well if you think generating it from xorg keymaps is better, no need to keep the kbd version 2017-05-11 00:49:06 but i think it might depend on the kbd tools 2017-05-11 00:49:24 it needs loadkeys 2017-05-11 00:49:57 but if it happens as part of the kbd package, we can just call the compiled loadkeys 2017-05-11 00:49:58 :) 2017-05-11 00:50:28 http://pkgs.fedoraproject.org/cgit/rpms/kbd.git/tree/kbd.spec#n158 2017-05-11 00:51:23 the point is that we will probably want kbd package as alternative 2017-05-11 00:51:38 so we probably want the kbd data too 2017-05-11 00:52:07 and this data should be generated from xorg keymaps (i think) 2017-05-11 00:52:35 we could do the bkeymaps in separate APKBUILD but i thought since we probably will want to upgrade it together with kbd 2017-05-11 00:52:44 then we could just let it be a subpkg 2017-05-11 00:52:46 right 2017-05-11 00:52:57 so this removes the original keymaps and generates them from the X variants 2017-05-11 00:52:58 we can do that 2017-05-11 00:53:05 and then the bmaps as subpackage seems good 2017-05-11 00:53:44 i can do that 2017-05-11 00:57:44 Shiz: thank you! 2017-05-11 00:58:09 i looked at it a bit before 3.5 release but gave up 2017-05-11 00:58:21 just didnt have time to complete it 2017-05-11 00:58:39 for some reason i was not able to convert the keymaps to busybox format 2017-05-11 01:14:48 hi 2017-05-11 01:29:01 hi 2017-05-11 01:43:50 ncopa: almost done :) 2017-05-11 01:43:58 hi 2017-05-11 01:44:51 ncopa: looking into making a libbsdauth 2017-05-11 01:45:32 hi 2017-05-11 01:45:35 nice! 2017-05-11 01:46:59 same tbh 2017-05-11 01:47:15 Shiz: note to self: let the experts to the work :) 2017-05-11 01:47:42 ncopa: do we want to keep the legacy keymaps? 2017-05-11 01:47:48 as opposed to the ones generated from xorg keymaps 2017-05-11 01:47:55 possibly 2017-05-11 01:48:13 as a fallback/alternative, in case someone prefers those 2017-05-11 01:48:23 in a subpkg 2017-05-11 01:50:21 ok its time to sleep 2017-05-11 01:50:30 thank you everyone 2017-05-11 01:51:13 good night :) 2017-05-11 02:34:37 https://googleprojectzero.blogspot.co.uk/2017/05/exploiting-linux-kernel-via-packet.html 2017-05-11 02:34:43 we need to update our kernels for this 2017-05-11 02:35:20 another userns escape :p 2017-05-11 03:33:22 ncopa: https://github.com/alpinelinux/aports/pull/1373 2017-05-11 03:33:24 :) 2017-05-11 03:53:45 Shiz: i think we go with compressed keymaps, can you handle that? if so i'll merge it 2017-05-11 03:54:02 sure, it'll just need a few changes 2017-05-11 03:54:09 i'll fix it up when i wake up 2017-05-11 03:55:25 kk 2017-05-11 03:58:00 also see response on the syslogd pr 2017-05-11 04:03:32 works for me 2017-05-11 06:35:25 lol 2017-05-11 06:35:37 i have a machine that is too big for alpine 2017-05-11 06:35:42 it only counts 32 of 128 CPUs 2017-05-11 06:35:47 lols 2017-05-11 06:37:20 kaniini, i would have the same problem... 2017-05-11 06:37:20 :) 2017-05-11 06:37:32 it's okay 2017-05-11 06:37:43 i am pushing new kernels which bump that limit a bit 2017-05-11 06:37:55 i moved it up to 256 2017-05-11 06:42:03 does detect all 256GB RAM though 2017-05-11 06:50:28 imo CONFIG_NR_CPUS=32 is excessive on x86_32 though 2017-05-11 06:50:31 because 2017-05-11 06:50:41 if you really have >32 CPUs, you're going to need some decent amount of ram to drive it 2017-05-11 06:50:59 we could probably downsize it on 32-bit 2017-05-11 06:51:15 i don't think anyone would run 32-bit alpine on big iron 2017-05-11 06:51:17 haha 2017-05-11 08:56:43 oh libuuid in edge gives a BAD SIGNATURE error 2017-05-11 09:09:19 xsteadfastx, which mirror? 2017-05-11 11:25:09 jirutka: congrats on your libressl find 2017-05-11 11:25:18 i know, litle late but still ;) 2017-05-11 11:26:53 leo-unglaub: heh, thanks :) but I just found that something is wrong, the guy from VoidLinux resolved what exactly is wrong and Shiz wrote the text for CVE 2017-05-11 11:27:53 leo-unglaub: have you noticed that rust is already in the community repo? ;) (but cargo is not yet) 2017-05-11 11:28:53 yes i did. already used it to compile my rust zip password cracker 2017-05-11 11:42:43 ERROR: libuuid-2.28.2-r1: BAD signature 2017-05-11 11:42:43 ERROR: libblkid-2.28.2-r1: BAD signature 2017-05-11 11:42:44 ERROR: libmount-2.28.2-r1: BAD signature 2017-05-11 11:42:50 is this something i can solve somehow? 2017-05-11 11:43:11 ah... xsteadfastx also found that 2017-05-11 11:43:18 mosez: what mirror do you use? 2017-05-11 11:43:39 <^7heo> mosez: maybe an apk update? 2017-05-11 11:43:56 dl-cdn :( 2017-05-11 11:45:28 mosez: hm, try to switch to http(s)://cz.alpinelinux.org or http(s)://nl.alpinelinux.org and let us know if it helped 2017-05-11 11:46:18 jirutka: nl works 2017-05-11 11:46:42 okay, so yet another broken mirror on the list :( /cc clandmeter 2017-05-11 11:47:10 there is no way to see which mirror gets used, right? 2017-05-11 11:47:13 huh, I have the operator role now! :) 2017-05-11 11:47:26 mosez: it’s random… 2017-05-11 11:47:47 mosez: you can try curl -Lv http://dl-cdn… and see 2017-05-11 11:50:21 https://gist.github.com/tboerger/e99d46d994acd056ba45a26e937bff20 2017-05-11 11:50:51 X-Served-By: cache-ams4137-AMS, cache-dfw1822-DFW, cache-hhn1523-HHN 2017-05-11 12:04:20 is dl-cdn round-robin or geodns? 2017-05-11 12:09:17 Shiz, dl-cdn should be geo 2017-05-11 12:09:40 seems to be backed by fastly, so no easy way to see which actual mirror got used 2017-05-11 12:09:42 :( 2017-05-11 12:32:11 morning 2017-05-11 12:32:28 i think dl-cdn uses dl-4.a.o as backend 2017-05-11 12:36:57 oh right i should compress those keymaps 2017-05-11 12:45:36 jirutka: re: kbd thing 2017-05-11 12:45:44 this is why something like an INSTALL_MASK for apk would be nice :) 2017-05-11 12:45:53 the keymap script could just mask all other layout files 2017-05-11 12:58:46 Shiz: yeah, it’d be useful, but I’m a bit afraid of misusing it… I remember that the last time someone suggested this feature (s)he wanted to use it as a nasty and silly workaround instead of solving the real issue 2017-05-11 13:14:56 kernel question... since yesterday's af_packet vuln there probably will be a new kernel available soon. I'm not exactly aware of whether Alpine's new kernels still come with the last grsec patch or not, so I'd like to know 2017-05-11 13:19:16 heh, this is great! https://up.shiz.me/ZDEwMTY1.png 2017-05-11 13:19:33 :) 2017-05-11 13:19:45 the power of musl openwrt :p 2017-05-11 13:20:05 next step: emojis in SSIDs 2017-05-11 13:20:16 i've done that too 2017-05-11 13:20:20 for a while my SSID was the poo emoji 2017-05-11 13:21:30 unsurprisingly, that was the first emoji I thought of as well 2017-05-11 13:21:44 it's fitting for a standard like wifi 2017-05-11 13:34:00 i don't want to change the repo to nl or something else... than all my docker containers are getting rebuilt :( 2017-05-11 13:36:50 it'll be fixed 2017-05-11 13:37:13 isn't the whole point of docker containers that they'll be rebuilt at least twice a day? :) 2017-05-11 14:05:51 tbb: maybe for you, but not for me ;) 2017-05-11 14:06:55 and since nearly all 3 pages of https://hub.docker.com/u/webhippie are built on alpine with different tags that get triggered i got to wait quite long :( 2017-05-11 14:17:42 Shiz: syncthing pr is ready https://github.com/alpinelinux/aports/pull/1286 2017-05-11 14:17:59 i saw it, was waiting for the builder to be done with it 2017-05-11 14:18:38 TBB: grsec is no longer available. but we use an unofficial fork of it 2017-05-11 14:19:00 oooh it's a sanitizer thing 2017-05-11 14:19:34 also fwiw: depending on the way its exploited, either RAP or UDEREF/KERNEXEC should stop that attack on grsec 2017-05-11 14:19:55 but it seems good to update the kernel before we release 3.6 final yes 2017-05-11 14:21:29 xentec: what the fuuuuuck 2017-05-11 14:21:33 go ships precompiled race binaries 2017-05-11 14:21:42 with its source code... 2017-05-11 14:22:05 yep 2017-05-11 14:22:14 i'll merge your pr as it looks good to me 2017-05-11 14:22:27 thank you 2017-05-11 14:23:36 what does -no-upgrade do, btw? 2017-05-11 14:24:37 I guess, updating go deps 2017-05-11 14:25:43 ah 2017-05-11 14:26:04 it disables syncthing updating itself 2017-05-11 14:26:05 and merged 2017-05-11 14:26:14 (i'm surprised github pr closer tracked my rebase+squash) 2017-05-11 15:57:12 so i want to move a file to a different package and have the package it formerly belongs to depend on it 2017-05-11 15:57:14 but 2017-05-11 15:57:28 that fucks up abuild as when it tries to build the original package: 2017-05-11 15:57:38 ERROR: go-race-4.0.0-r0: trying to overwrite usr/lib/go/src/runtime/race/race_linux_amd64.syso owned by go-1.7.4-r2. 2017-05-11 15:57:56 because both go-race (the new package) and the old version of the old package have that file 2017-05-11 15:58:01 (but thew new version of the old package does not) 2017-05-11 15:58:03 how do i resolve this? 2017-05-11 16:03:24 replaces? 2017-05-11 16:29:17 but it doesn't replace all of the package files, just the one 2017-05-11 16:29:18 :p 2017-05-11 16:46:11 ==24809==ERROR: ThreadSanitizer failed to allocate 0x40000 (262144) bytes at address 600000000000 (errno: 12) 2017-05-11 16:46:13 FATAL: ThreadSanitizer can not mmap thread trace (0x600000000000/0x000000040000->0xfffffffffffffff4) 2017-05-11 16:46:15 FAIL github.com/syncthing/syncthing/lib/weakhash 0.006s 2017-05-11 16:46:17 progress in tsan 2017-05-11 16:46:19 cc xentec 2017-05-11 16:47:52 wtf 2017-05-11 16:48:12 :p 2017-05-11 16:55:55 <^7heo> Since when are addresses 6 bytes? 2017-05-11 16:56:03 <^7heo> I noticed it is, but I never noticed the change. 2017-05-11 16:58:58 Shiz: I'm confused. Is it an error from running syncthing or the fixed race test? 2017-05-11 17:05:22 I'm using 3.6-alpine, but apk is trying to download 3.4 directory stuff.. 2017-05-11 17:05:36 Step 1/6 : FROM python:3.6-alpine ---> 7e34130a3d10 2017-05-11 17:05:45 Step 3/6 : RUN apk update && apk add --no-cache imagemagick ---> Running in a3a551b2aa1a fetch http://dl-cdn.alpinelinux.org/alpine/v3.4/main/x86_64/APKINDEX.tar.gz ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.4/main: temporary error (try again later) 2017-05-11 17:05:51 am I doing it wrong? 2017-05-11 17:06:41 the files look like the exist, but I'm getting timeouts 2017-05-11 17:07:00 I get it on my local laptop, but I also get it on an open ec2 instance. so I don't think it's my local network, it seems like a httpd issue? 2017-05-11 17:07:01 ayee: dl-cdn mirror is dead right now, as you can see 2017-05-11 17:07:19 :D 2017-05-11 17:07:24 xentec: nod. always have to ask for a sanity check, I've been known to PEBKAC now and again 2017-05-11 17:07:32 you are not, there is a problem with dl-cdn.alpinelinux.org for some reason 2017-05-11 17:08:32 perhaps update /topic, 1% of folks will read it and not ask. 99% of people will skip reading it and ask anyway. (I'm in the 1%!) 2017-05-11 17:08:47 yes, dl-cdn is down 2017-05-11 17:08:59 try different mirror 2017-05-11 17:09:42 What command/mirror? 2017-05-11 17:10:01 # setup-apkrepos 2017-05-11 17:18:34 hmm, not https on the web servers either? :( 2017-05-11 17:18:42 certs are zero cost now a days 2017-05-11 17:18:54 people can change the packets in flight without https 2017-05-11 17:19:53 With let's encrypt you have automation to renew the cert, so you'll never have to renew it either, and it's no cost: https://letsencrypt.org/ 2017-05-11 17:22:43 ayee: alpine uses signed packages and pkg-indices with local keys for verification 2017-05-11 17:23:18 ayee: as I see it, you cannot break this trust chain with a mitm-attack 2017-05-11 17:23:22 I guess, but someone could update the mirror list before they get the package.. and have a special mirror. 2017-05-11 17:23:32 but if you want to be on the side arguing against https, that's cool too 2017-05-11 17:25:33 ayee: I know https is important, but it's not needed here as another form of verification is in place 2017-05-11 17:26:33 i did update the topic 2017-05-11 17:26:35 blah 2017-05-11 17:26:44 ayee: >have a special mirror. 2017-05-11 17:27:01 you still need the maintainer keys to install malware packages 2017-05-11 17:27:14 *to sign and install 2017-05-11 17:43:57 grrr 2017-05-11 17:44:10 whatever is breaking fastly is also breaking matrix 2017-05-11 17:44:51 kaniini_: huh? 2017-05-11 17:45:52 scadu: my matrix client is lagged by 10 minutes almost 2017-05-11 17:53:03 ACTION waits for the ineviteable loop between irc, matrix and three dozen other relaying services. 2017-05-11 17:53:21 shortly after that, the AI will become sentient... 2017-05-11 19:14:24 xentec: it's just check() 2017-05-11 19:14:53 ayee: python:3.6-alpine means python 3.6 2017-05-11 19:15:00 not alpine 3.6 2017-05-11 19:15:06 python's alpine images are (sadly) 3.4-based 2017-05-11 21:08:18 xentec, ayee, older apk used sha1 checksums. all you have to do is collide apk upgrade and put new key in. or inject keys into iso/img when first installed. 2017-05-11 21:10:31 awilfox >or inject keys into iso/img when first installed. 2017-05-11 21:10:37 how would you do that? 2017-05-11 21:13:53 put them in /etc/apk/keys and then intercept mirror traffic 2017-05-11 21:14:13 and feel confident that users are too lazy to sha256sum the iso before using it 2017-05-11 21:15:19 sadly for you only https://nl.alpinelinux.org provides release images 2017-05-11 21:16:14 ok, disregard that ^ 2017-05-11 21:16:35 but the releases an alpinelinux.org are provided with https 2017-05-11 21:16:42 s/an/on 2017-05-11 21:17:10 FYI: What breaks building glibc under Alpine is the 207-static-pie.patch. 2017-05-11 21:17:18 ah, so images are https but mirrors aren't? 2017-05-11 21:17:28 glibc..? 2017-05-11 21:17:30 o.O 2017-05-11 21:17:52 nidan_: the point of alpine is not using glibc 2017-05-11 21:18:01 awilfox: Unfortunately I need it for some stuff that is out of my control. =/ 2017-05-11 21:18:10 xentec: I know. 2017-05-11 21:18:51 xentec: But I can't get around not using that code atm. So, the glibc I've built lives in /opt/gnu/glibc/ where it does no harm. (tm). =) 2017-05-11 21:19:04 s/not// 2017-05-11 21:19:56 awilfox: yes, because the keys need to be transferred securely. after that everything apk installes is always verified against those keys 2017-05-11 21:20:13 nidan_: you'll need to compile your application with a rpath though 2017-05-11 21:20:35 nidan_: how about using a chroot, or container? 2017-05-11 21:20:36 The LD_ vars have worked for me. 2017-05-11 21:21:00 LD_ variables are process-specific, you don't want that 2017-05-11 21:21:08 you want a system-wide setting 2017-05-11 21:21:32 so it's either a rpath or a /lib/ld-linux.so.2 2017-05-11 21:21:33 skarnet: This is one program we're talking about. Alas, one process. 2017-05-11 21:21:51 "just this one time", she said 2017-05-11 21:21:56 haha 2017-05-11 21:22:38 xentec: Maybe at a later time. 2017-05-11 22:10:52 nidan_ │ FYI: What breaks building glibc under Alpine is the 207-static-pie.patch. 2017-05-11 22:10:55 i did tell you :) 2017-05-11 22:21:22 Shiz: I don't recognize. 2017-05-11 22:29:13 anyone who know OpenSMTPD here? I need an urgent advice 2017-05-11 22:43:02 omfg why the hell such simple use case doesn’t work as expected?! 2017-05-11 22:43:21 this stupid assumption about local users 2017-05-11 22:48:18 Shiz: ^ ? 2017-05-11 23:05:15 uff, I finally solved it… using keyword that is not mentioned on https://www.opensmtpd.org/faq/rules.html ! WTF?! 2017-05-11 23:06:12 which keyword is it then? 2017-05-11 23:07:13 rcpt-to 2017-05-11 23:08:01 accept from any for domain "lists.****.cz" virtual { "@" => postmaster } deliver to lmtp mailman:1524 rcpt-to 2017-05-11 23:09:22 why I even prefer OpenSMTPD? IIRC I always have a problem to figure out how to configure anything, mainly b/c of lack of useful examples or undocumented features… it actually leads to worse experience than with Postfix :( 2017-05-11 23:09:53 jirutka: There's always sendmail... 2017-05-11 23:09:56 ACTION ducks 2017-05-11 23:10:00 TemptorSent: ha ha 2017-05-11 23:10:32 why there’s no mail server that does not sucks? and that reflects requirements of 21st century, that’s surely not delivery for local unix users… 2017-05-11 23:10:53 but this is still what all mail software expects by default 2017-05-11 23:11:30 *cough* qmail does whatever you want, why do people believe it doesn't apply to the 21st century? 2017-05-11 23:11:46 Yup, it would be nice if we had a nice virtualmail setup ready-to-deploy. 2017-05-11 23:12:29 skarnet: *lol* sendmail will do whatever you want too, configuration is left as an excercise for the user ;) 2017-05-11 23:12:44 uff, but I finally updated and migrated Mailman 3 + HyperKitty + Posterious to new server and switched from Postfix to OpenSMTD 2017-05-11 23:12:54 at 1.12 AM… still in the office 2017-05-11 23:13:08 I hate mails so much! 2017-05-11 23:13:15 <^7heo> dpm 2017-05-11 23:13:17 <^7heo> don't hate 2017-05-11 23:13:19 <^7heo> educate. 2017-05-11 23:13:19 everything that includes mail is plain horribly experience 2017-05-11 23:13:20 <^7heo> ACTION hides 2017-05-11 23:13:22 TemptorSent: sendmail doesn't do what I want, i.e. being small and simple 2017-05-11 23:13:54 jirutka: because nobody ever wrote a MTA that doesn't suck. Except qmail. 2017-05-11 23:14:16 <^7heo> the problem with MTAs is that it uses SMTP 2017-05-11 23:14:16 skarnet: I can't argue about not being small nor simple, but that's the noun, not a lack of verbs. 2017-05-11 23:14:17 OpenSMTPD is nice, except that its author is… specific… 2017-05-11 23:14:46 <^7heo> MUAs are much easier, since they only need to fire&forget. 2017-05-11 23:15:06 <^7heo> (or connect via imap - or pop3 and do some horrible hacks to keep the mails on the servers) 2017-05-11 23:15:49 I usually go with indepdendent services for my MTA and MDA when I have virtual users. 2017-05-11 23:16:13 it just sucks that I must use dkimproxy instead of OpenDKIM, b/c OpenDKIM can talk only milter… 2017-05-11 23:20:01 okay, so the next step is to set up DKIM verification for incoming mails and also DMARC 2017-05-11 23:20:51 jirutka: And I take it getting OpenSMPTPd to speak milter isn't happening? 2017-05-11 23:21:06 TemptorSent: unfortunately it’s not 2017-05-11 23:21:23 TemptorSent: OpenSMTPD has nice filter interface, but no one wrote milter adapter yet 2017-05-11 23:21:51 Hmm, seems like an obvious target and one that might actually be able to be kept in sync with the changing api. 2017-05-11 23:22:33 OpenSMTPD filter API is stable… except he’s gonna redesign it, but it’s not happening yet 2017-05-11 23:22:43 and the current filter API is here for few years 2017-05-11 23:23:05 I’m using it since times it was totally undocumented, b/c gilles didn’t want anyone to use it… 2017-05-11 23:23:07 Ahh, and probably a few more at the rate its going :) 2017-05-11 23:23:18 yeah 2017-05-11 23:23:39 since he hates apparently when anyone use his software, he decided to develop new filter API in secret… 2017-05-11 23:23:42 not kidding 2017-05-11 23:24:09 That's more than a little bit crazy. 2017-05-11 23:24:20 yeah 2017-05-11 23:25:02 hm, I need to 25 minutes, night tram :/ 2017-05-11 23:25:34 Ahh, how often do they run? 2017-05-11 23:26:46 http://jizdnirady.idnes.cz/pid/spojeni/?f=Dejvick%c3%a1&t=Divok%c3%a1+%c5%a0%c3%a1rka&fc=301003&tc=301003&submit=true 2017-05-11 23:26:49 it’s night :/ 2017-05-11 23:30:31 and if anyone wants completely Mailman 3 Suite: https://github.com/jirutka/user-aports/tree/v3.5/bundles 2017-05-11 23:31:01 it’s easy as pie to install it with my packages 2017-05-11 23:31:32 otherwise it’s hard as hell, b/c its developers are apparently totally incompetent 2017-05-11 23:31:45 and/or don’t care about any users at all 2017-05-11 23:40:23 omg i’m idiot! 2017-05-11 23:40:26 i missed it 2017-05-11 23:47:03 @jirutka │ uff, I finally solved it… using keyword that is not mentioned on https://www.opensmtpd.org/faq/rules.html ! WTF?! 2017-05-11 23:47:09 use the manpage,l uke ;p 2017-05-11 23:47:16 why?! 2017-05-11 23:47:23 I don’t have man pages installed on Alpine servers 2017-05-11 23:47:29 also you are entitled to your opinion of course but imo comparison to postfix in pain to configure is nonsense ;p 2017-05-11 23:47:37 jirutka: there's online ones 2017-05-11 23:47:44 https://www.opensmtpd.org/manual.html 2017-05-11 23:47:46 right here 2017-05-11 23:48:00 try to google opensmtpd man… 2017-05-11 23:48:19 wait… 2017-05-11 23:48:21 wth 2017-05-11 23:48:26 well, it's a link in the sidebar of their homepage... 2017-05-11 23:48:29 "manual pages" 2017-05-11 23:48:31 :p 2017-05-11 23:48:52 omfg, I’ve accidentelly found wrong manual… 2017-05-11 23:49:20 b/c this does not look like FAQ! https://www.opensmtpd.org/faq/rules.html 2017-05-11 23:49:34 and since i was in stress I overlooked that and thought that it’s a manual 2017-05-11 23:53:02 about postfix, why non-sense? Postfix configuration is horrible, but at least you can find many real-world examples… 2017-05-12 00:01:13 FAQ seems to be here: https://www.opensmtpd.org/faq/index.html ... and it says "is only intended to be used as a supplement to the man pages"... the man pages are eg http://man.openbsd.org/smtpd 2017-05-12 00:02:05 hm, I haven’t read that :( 2017-05-12 00:02:24 I’m too tired now 2017-05-12 00:02:30 there isn't much in that man page unfortunately, but there are other man pages related, such as snmpctl 2017-05-12 00:02:46 and perhaps this one: http://man.openbsd.org/smtpd.conf.5 2017-05-12 00:02:46 but still this is NOT how FAQ should look like and it’s wrong that it contains *almost* complete list of keywords 2017-05-12 00:03:12 this http://man.openbsd.org/smtpd.conf.5 contains that important rcpt-to option 2017-05-12 00:03:20 afk 2017-05-12 00:28:22 jirutka: i agree that it may be a bit confusing yes 2017-05-12 00:29:41 perhaps they should remove every other keyword from the FAQ then ;-) 2017-05-12 01:11:35 ncopa: kaniini: relevant changes to alpine-conf PR'd 2017-05-12 01:11:36 :) 2017-05-12 01:12:20 ok 2017-05-12 01:12:27 i'll check in a bit 2017-05-12 01:13:21 no rush 2017-05-12 01:17:49 and brief show-up how to install Mailman 3 Suite on Alpine :P https://gitlab.com/mailman/mailman-suite/issues/3 2017-05-12 03:16:39 hi 2017-05-12 07:09:32 wireguard-tools requires bash dependency for wg-quick but it's missing 2017-05-12 07:27:56 is that script mandatory for normal operations? 2017-05-12 08:02:50 clandmeter: strictly speaking no, but it's extremely helpful for setting up wg interfaces (especially at boot time) 2017-05-12 08:04:39 any chance you can replace bashism with posix? 2017-05-12 08:06:01 this gonna take a while https://git.zx2c4.com/WireGuard/tree/src/tools/wg-quick.bash#n26 2017-05-12 08:07:20 the texlive package is missing http://www.tug.org/texlive/Contents/live/texmf-dist/scripts/texlive/mktexlsr.pl :( 2017-05-12 08:11:33 nvm, now it's failing with something else... :( 2017-05-12 08:27:10 xentec: oh brother 2017-05-12 08:27:27 may be quicker to even rewrite it 2017-05-12 08:27:38 this is full of bashisms 2017-05-12 08:56:11 yes it is 2017-05-12 08:57:16 hi 2017-05-12 08:57:35 https://github.com/alpinelinux/aports/pull/1388 would it be possible to merge this one? OpenVPN bump to 2.4.2 2017-05-12 08:58:51 hum... texlive@testing sucks :( 2017-05-12 08:59:05 would be nice to see 2.4.2 in 3.6. hope it wasn't frozen yet 2017-05-12 09:03:57 if it's a security update, it won't be a problem 2017-05-12 09:04:19 but I don't handle main, so cc clandmeter ;p 2017-05-12 09:09:29 clandmeter: could you please take a look at pr #1388 linked above? 2017-05-12 09:09:40 algitbot: stupid you :P 2017-05-12 09:14:09 just noticed that linux-headers are still on 4.4: https://git.alpinelinux.org/cgit/aports/tree/main/linux-headers/APKBUILD 2017-05-12 09:31:33 xentec: fwiw i'm rewriting it because i'm bored 2017-05-12 09:31:35 :p 2017-05-12 09:32:08 nice 2017-05-12 09:51:22 xentec: do you have wireguard installed? 2017-05-12 09:51:28 yes 2017-05-12 09:51:57 could you check the output for a few commands for me? 2017-05-12 09:52:00 i don't have wg 2017-05-12 09:52:14 sure 2017-05-12 09:52:22 # wg show fwmark 2017-05-12 09:52:26 # wg show allowed-ips 2017-05-12 09:52:35 # wg show endpoints 2017-05-12 09:52:42 (feel free to anonimyze and stuff, i just need the format) 2017-05-12 09:59:36 Shiz: https://dpaste.de/8kia 2017-05-12 10:00:12 also fyi wg always shows IPs but can read hostnames as well 2017-05-12 10:09:59 xentec: could you check if this prints the ips: 2017-05-12 10:10:02 wg show "$INTERFACE" allowed-ips | sed -e 's/.*([0-9a-f:./]+)/\1/g' | sort -nr -k 2 -t / 2017-05-12 10:10:03 ? 2017-05-12 10:14:13 Shiz: it prints pubkeys and ips. the regex is too greedy 2017-05-12 10:14:24 oh 2017-05-12 10:14:26 i forgot the $ 2017-05-12 10:14:32 could you add that and try again 2017-05-12 10:15:42 nope. but wg emity a \t between keys and ips so you could use that as a delimiter 2017-05-12 10:15:47 *emits 2017-05-12 10:20:14 found something that works 2017-05-12 10:20:16 wg show "$INTERFACE" allowed-ips | cut -f2- | tr ' ' '\n' | sort -nr -k 2 -t / 2017-05-12 10:22:47 yep, 1 row/ip 2017-05-12 10:29:01 was there really a need for an Alpine CoC ? 2017-05-12 10:30:13 just asking, not trying to stir up too much debate ;) 2017-05-12 10:31:53 where? 2017-05-12 10:33:13 xentec: devel mailing list 2017-05-12 10:33:51 http://lists.alpinelinux.org/alpine-devel/201705byindex.html 2017-05-12 10:35:15 imho Code of Conflict > CoC :D 2017-05-12 10:39:31 coredumb: immediate need right now, no 2017-05-12 10:39:47 but these things are more for 'when you need em you're glad you have em' 2017-05-12 10:39:49 imo 2017-05-12 10:39:57 and i expect the community to grow :) 2017-05-12 10:40:52 Shiz: OK :) 2017-05-12 10:49:04 jirutka: is it intentional that llvm4-dev doesn't depend on llvm4-static 2017-05-12 11:03:28 <^7heo> coredumb: please don't mix tech stuff and social, politically-drifting stuff 2017-05-12 11:07:25 and yet a proposal to put social, politically-drifting stuff into a tech project is made ;) 2017-05-12 11:14:17 Hi, what is the Alpine package policy with regard to static Lua modules? It would be nice, if there were a package shipping lpeg.a. Currently the lua-lpeg package only contains the shared library. 2017-05-12 11:16:46 <^7heo> xentec: not by me it isn't 2017-05-12 11:17:11 ^7heo: how am I mixing? -devel mailing list -devel IRC channel ... 2017-05-12 11:17:20 <^7heo> xentec: what I proposed is apolitical 2017-05-12 11:23:55 ladies, please 2017-05-12 11:24:00 let's chill 2017-05-12 11:24:21 martanne: i wouldn't be opposed to them, but what's the direct use case for them? 2017-05-12 11:24:27 honestly asking since i'm not that familiar with lua 2017-05-12 11:28:14 Shiz: I want to build a self contained binary of a project of mine. I currently have ugly build scripts for musl+all dependencies, but would like to replace them with a Dockerfile based on an Alpine image. 2017-05-12 11:29:33 right, but how do static lua modules integrate? 2017-05-12 11:29:40 i presume they're loaded by the lua interpreter? 2017-05-12 11:31:57 yes, you link a luaopen_ function into the C binary and register it in the Lua package loader 2017-05-12 11:32:34 https://github.com/martanne/vis/blob/master/vis-lua.c#L2440-L2447 2017-05-12 11:45:31 Shiz: so technically it is not loaded by the Lua interpreter it is only referenced. 2017-05-12 11:45:38 But I just realized that in general Alpine's -dev packages do not ship static versions of the libraries. So this won't work the way I naively assumed :/ 2017-05-12 11:45:48 in general they should 2017-05-12 11:47:08 martanne: (offtopic) I use your editor (on Alpine), it's nice. I changed the colors and syntax highlighting to be more vim-like (personal pref, I find solarized is hard to read) 2017-05-12 11:47:46 <^7heo> wow, I didn't know vis. 2017-05-12 11:47:48 <^7heo> Nice! 2017-05-12 11:48:46 <^7heo> martanne: nice work! 2017-05-12 11:49:11 Shiz: if you're still working on wg-quick, could you also fix this line? https://git.alpinelinux.org/cgit/aports/tree/testing/wireguard-hardened/APKBUILD#n35 2017-05-12 11:49:33 s/grsec-/${_flavor}=/ 2017-05-12 11:49:53 ah yes 2017-05-12 11:53:19 Shiz: well libtermkey for example does not seem to do so 2017-05-12 11:53:59 <^7heo> Do we have vis in alpine? 2017-05-12 11:54:07 rfs613: thanks, we have a themes wiki page now, feel free to add a reference to it 2017-05-12 11:54:28 ^7heo: yes there is a package 2017-05-12 11:54:33 <^7heo> yeah I just installed it 2017-05-12 11:54:39 <^7heo> I'm gonna try that asap. 2017-05-12 11:54:47 <^7heo> at least I know how to quit it 2017-05-12 11:54:50 <^7heo> starts well. 2017-05-12 12:01:31 martanne: if the package offers static libraries we package them in -dev, but maybe it needs a special configure switch to enable that we didn't pass 2017-05-12 13:29:10 ^7heo: vis is cool 2017-05-12 13:29:14 But kinda weird. 2017-05-12 13:29:18 <^7heo> how so? 2017-05-12 13:29:27 Like cursor on the back. 2017-05-12 13:29:40 And left/right can move across lines. 2017-05-12 13:30:17 rfs613: I like papercolor but papercolor on vis is super hard to configure. 2017-05-12 13:48:25 <^7heo> < pickfire> Like cursor on the back. 2017-05-12 13:48:28 <^7heo> What do you mean? 2017-05-12 13:49:06 <^7heo> Wow, when I press escape, the cursor doesn't go back by one character. 2017-05-12 13:49:10 <^7heo> Is there a way to change that? 2017-05-12 14:14:23 <^7heo> but really, vis seems MUCH faster than vim here. 2017-05-12 14:15:49 ^7heo: this is not suprising. check also kakoune, if you have a while 2017-05-12 14:17:33 vim has a baggage of dead and/or deprecated code and neovim isn't any better since, well, it's based on vim 2017-05-12 14:18:57 <^7heo> tbh, I do not think kakoune is better for me either. 2017-05-12 14:24:29 ^7heo: Yeah. 2017-05-12 14:24:44 Tried kakoune, looks nice like vis but has it downfalls. 2017-05-12 14:25:19 ^7heo: Haha, I think vim move the cursor back by one character. 2017-05-12 14:26:06 I find kakoune pretty messy with whitespaces and as well get annoyed by that paperclip. 2017-05-12 14:26:15 neovim is still much better. 2017-05-12 14:26:20 ed is fast 2017-05-12 14:26:36 Just without the features of multiple edit like in vis or kakoune. 2017-05-12 14:26:55 hiro: Yes, ed is fast. But not useful for all types of stuff. 2017-05-12 14:27:04 <^7heo> pickfire: yes vi does move the cursor back by one character. 2017-05-12 14:27:25 <^7heo> hiro: ed lacks the features I'm using 2017-05-12 14:27:26 I like ed but if you don't do line edit, no good at all. 2017-05-12 14:27:31 <^7heo> hiro: such as vim plugins. 2017-05-12 14:27:52 i never tried such :) 2017-05-12 14:28:02 pickfire: yeah the way vim moves cursor back when exiting insert mode, it's weird... but when you get used to it, and it doesn't happen, it seems strange. 2017-05-12 14:28:08 hiro: Tried editing a long line of json that you get on web with ed. 2017-05-12 14:28:09 for a long time i didnt even use vim, just plain old vi 2017-05-12 14:28:25 rfs613: Yeah. 2017-05-12 14:28:28 people were outraged i didnt know features like line selection and stuff like that 2017-05-12 14:28:34 v V 2017-05-12 14:28:39 And I like neovim ^v 2017-05-12 14:28:42 ah visual 2017-05-12 14:28:42 vim* 2017-05-12 14:28:45 vi is something you learn over many years. 2017-05-12 14:29:03 hiro: What is that? 2017-05-12 14:29:12 you start with how-the-BLEEP-do-i-get-outta-here and then work you way up slowly ;-) 2017-05-12 14:29:14 You mean you can do v in ed? 2017-05-12 14:29:20 i never edit long lines of json. if i had to i'd introduce strategic line breaks 2017-05-12 14:29:48 <^7heo> nah but for example, with vim, I can see the errors in my code as I save it. 2017-05-12 14:29:52 rfs613: why, vi is dead simple 2017-05-12 14:29:56 <^7heo> if I forget a ; at the end of a line 2017-05-12 14:30:06 I just don't like the fact that neovim's gv does not work well with ^v 2017-05-12 14:30:06 <^7heo> or something like this 2017-05-12 14:30:11 <^7heo> my vim setup will tell me. 2017-05-12 14:30:28 no, pickfire, i can't do v in vi, only in vim :) 2017-05-12 14:30:33 Oh 2017-05-12 14:30:53 hiro: If you are talking about vim, v is no surprised for me. I surprised my dad with ^v. 2017-05-12 14:31:02 He don't know what is } and ^v 2017-05-12 14:31:04 ^7heo: crazy shit 2017-05-12 14:31:11 <^7heo> hiro: right? 2017-05-12 14:31:32 <^7heo> hiro: vim uses gcc to compile the code and parses its output to indicate the line and error in the editor. 2017-05-12 14:31:37 <^7heo> hiro: I actually like it. 2017-05-12 14:31:53 haha :) 2017-05-12 14:32:24 i dont know what ^v is :) 2017-05-12 14:32:35 <^7heo> it's visual line. 2017-05-12 14:32:40 or do i? might be muscle memory 2017-05-12 14:32:45 <^7heo> a selection mode to apply things on. 2017-05-12 14:32:46 hiro, ^7heo: Try this in vim, iMonTueWed^vggI

gv$A^@ 2017-05-12 14:33:17 i'll try later when i have actual vim access :) 2017-05-12 14:33:19 And try gv + ^v + A again, notice that the cursor block append after the cursor. 2017-05-12 14:33:35 ^7heo: What? No. 2017-05-12 14:33:38 22:32 < ^7heo> it's visual line. 2017-05-12 14:33:51 It's visual block mode. V is visual line mode. 2017-05-12 14:34:09 <^7heo> < pickfire> hiro, ^7heo: Try this in vim, iMonTueWed^vggI

gv$A^@ 2017-05-12 14:34:12 <^7heo> http://ix.io/tvv 2017-05-12 14:34:18 <^7heo> not really cool. 2017-05-12 14:34:36 Oh, I forgot he 2017-05-12 14:34:40 <^7heo> yeah. 2017-05-12 14:34:41 T_T 2017-05-12 14:34:42 <^7heo> You did. 2017-05-12 14:34:45 <^7heo> ;) 2017-05-12 14:34:56 ah yeah, i use visual block mode, too 2017-05-12 14:35:05 <^7heo> Yeah visual block is really cool 2017-05-12 14:35:10 <^7heo> helps a lot. 2017-05-12 14:35:15 see, vim is hard, lol 2017-05-12 14:35:31 hiro, ^7heo: Try this in vim, iMonTueWedgg^vGI

gv$A^@ 2017-05-12 14:35:35 That should do it. 2017-05-12 14:36:09 <^7heo> Again 2017-05-12 14:36:14 <^7heo> you missed another escape... 2017-05-12 14:36:14 ahha 2017-05-12 14:36:27 hiro, ^7heo: Try this in vim, iMonTueWedgg^vGI

gv$A^@ 2017-05-12 14:36:32 <^7heo> Thanks. 2017-05-12 14:36:40 ^7heo: Well, you can put the escapes yourself. 2017-05-12 14:36:43 ^^ 2017-05-12 14:36:44 <^7heo> (I already did that but thanks for actually giving the right command) 2017-05-12 14:36:49 <^7heo> yeah no. 2017-05-12 14:36:55 No? 2017-05-12 14:36:58 <^7heo> I'm stupid as fuck when it's about reading commands from others. 2017-05-12 14:37:09 <^7heo> I blindly type sudo rm -rf /* in my shell at all times. 2017-05-12 14:37:26 <^7heo> pickfire: also, you want: iMon 2017-05-12 14:37:27 haha 2017-05-12 14:37:29 <^7heo> oops 2017-05-12 14:37:39 Yeah, iMon is correct. 2017-05-12 14:37:58 To Mon 2017-05-12 14:38:12 but he wrote that... 2017-05-12 14:39:46 Well, maybe there's a more efficient way to do it, I don't know about that, but I just know that after you typed that, do gvA and look how annoying it is, it does not append after the cursor. 2017-05-12 14:40:49 i don't get what it's supposed to achieve 2017-05-12 14:40:53 but i'll try 2017-05-12 14:40:58 <^7heo> pickfire: also, you want: iMon^MTue^MWed^[gg^vGI

^[gv$A^@ 2017-05-12 14:41:22 <^7heo> hiro: it's supposed to achieve

$day

2017-05-12 14:41:35 hiro: http://ix.io/tvw 2017-05-12 14:41:50 ^7heo: Ah, that's right. 2017-05-12 14:42:18 <^7heo> pickfire: I mean that's the real input for it. 2017-05-12 14:42:30 ^7heo: There's no input, just output. 2017-05-12 14:42:47 oh, i thought p was a key 2017-05-12 14:42:48 haha 2017-05-12 14:43:21 <^7heo> yeah no, that's why it's important to use the real escape codes. 2017-05-12 14:43:33 <^7heo> the only problem then is to represent the ^ character. 2017-05-12 14:44:00 <^7heo> pickfire: yes there is an input, it's: iMon^MTue^MWed^[gg^vGI

^[gv$A^@ 2017-05-12 14:44:50 Yeah. 2017-05-12 14:44:54 ACTION need to sleep 2017-05-12 14:45:05 Good night, sleep tight and don't let the bed bugs bite. 2017-05-12 14:45:09 \o 2017-05-12 14:45:48 <^7heo> also for some reason it's now doing

as opposed to

2017-05-12 14:45:50 night. i hope you'll find the right key combo to wake up again even if you have some emacs nightmare oO 2017-05-12 14:46:25 ^7heo: If you need

, you need to type the whole thing out. 2017-05-12 14:47:52 <^7heo> hmm 2017-05-12 14:49:10 ^7heo: Especially, but of course I know you can do i For the completion of the inserted xml block. 2017-05-12 14:49:38 Or ^x^o, I forgot. 2017-05-12 14:51:14 <^7heo> I now have a headache. 2017-05-12 15:15:59 same 2017-05-12 16:06:11 Yes, vis does not aim to be bug-for-bug compatible with vi(m), instead it tries to combine modal editing with structural regexp. Anyway this is probably off topic here, move editor flamewars to #vis-editor. 2017-05-12 16:06:33 For my usecase I would need Alpine packages for statically build versions of libtermkey-dev (and indirectly unibilium-dev, alternatively libtermkey could also be linked against libterminfo) and lua-lpeg. 2017-05-12 16:06:45 I'm willing to spend some time on it myself, but somebody who is already familiar with Alpine packaging would probably be faster ;) 2017-05-12 16:25:47 <^7heo> hmm 2017-05-12 16:25:53 <^7heo> fair point 2017-05-12 16:26:13 <^7heo> I'll see if I find the time this w/e, unless someone is faster than I 2017-05-12 16:27:11 <^7heo> martanne: did I get it wrong or is there no ~/.visrc? 2017-05-12 16:31:08 ^7heo: there is one in ~/.config/vis/visrc.lua, see the man page or ":help Lua" for details. 2017-05-12 16:52:13 <^7heo> yeah that's what I did, that's why I ask 2017-05-12 16:52:32 i'm having "fun" with llvm 2017-05-12 16:52:39 fucking tsan 2017-05-12 16:53:28 <^7heo> no idea what that is 2017-05-12 16:53:37 threadsanitizer 2017-05-12 16:54:47 also I've been trying to build libc++abi and libc++ 2017-05-12 16:54:50 with full test suite 2017-05-12 16:54:54 Expected Passes : 5067 2017-05-12 16:54:56 Expected Failures : 27 2017-05-12 16:54:58 Unsupported Tests : 546 2017-05-12 16:55:00 Unexpected Failures: 86 2017-05-12 16:55:02 not bad... 2017-05-12 16:55:04 only 86 failures out of 5067 tests 2017-05-12 16:55:07 :P 2017-05-12 17:01:23 <^7heo> what about unexpected passes? 2017-05-12 18:08:16 mosez: yeah, it’s known that texlive pkg is bad, but texlive is very big messy beast, so it’d require a lot of effort to really fix it (rewrite from ground)… I’d like to do it someday… 2017-05-12 18:08:37 sup jirutka :) 2017-05-12 18:11:03 Shiz: yes, it’s intentional that llvm4-dev does not depend on llvm4-static, for two reasons: llvm4-static is actually not always needed, and some stupid autodetections makes decision about type of linking based on existence of llvm’s static archives… but I don’t remember with which software I had this problem 2017-05-12 18:11:31 ah okay 2017-05-12 18:11:33 gotcha 2017-05-12 18:12:55 martanne: I totally agree with shipping Lua static modules (in -dev pkgs)! actually it’d be handy even for myself quite soon, I’m about to finish my tool for packaging Lua scripts like self-contained statically linked executable 2017-05-12 18:14:08 martanne: "in general Alpine's -dev packages do not ship static versions of the libraries" … that’s not exactly true, it depends, some -dev pkgs contain static libs 2017-05-12 18:17:50 hmm, we already have vis pkg in community, great, I’m gonna try it soon! :) 2017-05-12 18:21:26 martanne: so you’d like to add lpeg.a, that should not be problem… anything else? 2017-05-12 18:23:23 jirutka: the other thing is not Lua related: libtermkey (and dependencies) 2017-05-12 18:25:15 it can either be linked against the ncurses terminfo library (or as done in the current Alpine package against unibilium) 2017-05-12 18:31:19 martanne: okay, I’ll look at these two now 2017-05-12 18:31:31 lpeg should be easy, don’t know about libtermkey 2017-05-12 18:35:09 thanks, it shouldn't be difficult either the lib is made up of 3 C files, but the build system uses libtool :/ 2017-05-12 18:35:57 also there have been new upstream releases (0.20 vs 0.18 currently packaged by Alpine) 2017-05-12 18:54:44 hm, I found a bug in Lua on musl… 2017-05-12 19:00:02 what is the problem? 2017-05-12 19:01:26 os.setlocale() returns "C;C;C;C;C;C" instead of "C" 2017-05-12 19:04:57 hm, but it’s not bug in lua, it just calls musl’s setlocale… 2017-05-12 19:06:26 hm, not sure… maybe Lua calls it with wrong arguments 2017-05-12 19:07:55 lots of Cs 2017-05-12 19:08:18 heh, yeah 2017-05-12 19:08:38 I’m just playing with setlocale from locale.h, to see how it behaves 2017-05-12 19:10:41 os.setlocale() in Lua results in setlocale(LC_ALL, NULL) 2017-05-12 19:12:21 ^7heo: what is ^@? 2017-05-12 19:13:07 This matches the Lua 5.3 documentation: "When called with nil as the first argument, this function only returns the name of the current locale for the given category. 2017-05-12 19:13:41 i think it's not that great to try and force doing every single text-related processing in vim. i would just do 2017-05-12 19:13:42 for day in Mon Tue Wed; do echo "

$day

";done 2017-05-12 19:14:03 though tbh i'd just propose
2017-05-12 19:14:04  Mon
2017-05-12 19:14:05  Tue
2017-05-12 19:14:07  Wed
2017-05-12 19:14:08  
2017-05-12 19:14:23 html is totally unneeded when what you want is just linebreaks. 2017-05-12 19:14:57 problems that shouldn't exist but require complex features in vim and so on 2017-05-12 19:15:20 i grew up with 2017-05-12 19:15:21 'v' is not implemented 2017-05-12 19:15:31 so, i know there is alternatives 2017-05-12 19:16:09 even if i now use visual sometimes, i would have my ways around it. and i might even suspect that it normally would save time. 2017-05-12 19:17:30 martanne: I know that, but setlocale("C") returns just "C" both on macOS and Fedora 2017-05-12 19:17:42 jirutka: POSIX only says "The string returned by setlocale() is such that a subsequent call with that string and its associated category shall restore that part of the global locale." 2017-05-12 19:17:44 martanne: but "C;C;C;C;C;C" on musl 2017-05-12 19:18:00 martanne: and that’s what musl setlocale(LC_ALL, "C") returns 2017-05-12 19:18:19 LC_ALL = 6 2017-05-12 19:19:38 yeah, but if I'm reading the spec right the musl behavior is fine (according to POSIX) 2017-05-12 19:20:15 yes, that’s my perception too 2017-05-12 19:20:38 I’m thinking how to modify it in lua to return the same value as on other platforms 2017-05-12 19:21:12 actually when I read description of LC_ALL, the musl’s behaviour seems to be more correct 2017-05-12 19:21:32 (that’s actually not surprising) 2017-05-12 19:24:59 hm, glibc says: "When you read the current locale for category LC_ALL, the value encodes the entire combination of selected locales for all categories. If you specify the same “locale name” with LC_ALL in a subsequent call to setlocale, it restores the same combination of locale selections." 2017-05-12 19:26:12 maybe it folds "C;C;C;C;C;C" into "C" (as long as all values are the same) 2017-05-12 19:26:59 yes 2017-05-12 19:27:53 when I change just ctype for example, then on Fedora os.setlocale() returns LC_CTYPE=en_US.UTF-8;LC_NUMERIC=C;… 2017-05-12 19:29:01 lol 2017-05-12 19:29:03 <^7heo> hiro: 0x1e 2017-05-12 19:29:09 when I do the same on macOS: C/en_US.UTF-8/C/C/C/C 2017-05-12 19:30:00 on Alpine: en_US.UTF-8;C;C;C;C;C 2017-05-12 19:30:22 yeah, I guess these locale representations are implementation defined. You shouldn't care about the exact values. 2017-05-12 19:30:30 yeah 2017-05-12 19:31:04 but one lpeg test asserts the exact value, that’s how i found that there’s something wrong/different 2017-05-12 19:31:24 then fix the test :) 2017-05-12 19:31:50 ^7heo: how do i type it? 2017-05-12 19:32:16 <^7heo> ctrl and @ 2017-05-12 19:32:27 <^7heo> on a us kb, ctrl shift 2 2017-05-12 19:32:42 I think that it’d be reasonable to modify loslib.c in lua to fold it into single value when all special locales are the same, ’cause that’s what both macOS/FreeBSD and glibc do 2017-05-12 19:33:32 ^7heo: ah, i can't type that 2017-05-12 19:33:34 ^7heo: on urxvt 2017-05-12 19:33:39 can someone try this on OpenBSD? #include locale.h; setlocale(LC_ALL, "C"); printf(setlocale(LC_ALL, "")); 2017-05-12 19:34:00 jirutka: patching Lua seems wrong, if anything you should probably modify musl 2017-05-12 19:34:02 iso 14755 mode is triggered by ctrl-shift 2017-05-12 19:34:21 i always thought ^@ is \0 2017-05-12 19:34:27 but that made no sense 2017-05-12 19:34:33 what effect does it have here anyway? 2017-05-12 19:37:59 martanne: I doubt that musl would accept such patch, their implementation is not wrong, just different 2017-05-12 19:40:56 yeah, but why "fix" it only in Lua vs everywhere? Lua doesn't guarantee a particular value either, so the current behavior seems fine. 2017-05-12 19:41:15 hm, you’re right 2017-05-12 19:41:25 should be fixed in lpeg 2017-05-12 19:43:00 you mean in the test? 2017-05-12 19:43:42 yeah 2017-05-12 19:48:46 jirutka: just change it to assert(os.setlocale("C")) 2017-05-12 20:00:18 martanne: Shiz: does this makes sense? http://tpaste.us/Yner 2017-05-12 20:01:02 i'd add a $(RANLIB) maybe 2017-05-12 20:02:42 Shiz: RANLIB is not defined by default, so I’d need assign default value to it as well 2017-05-12 20:02:48 yea 2017-05-12 20:03:11 okay 2017-05-12 20:03:37 aha, actually this makefiles defines even CC (actually hardcodes, env. provided is ignored) 2017-05-12 20:03:51 does it? 2017-05-12 20:03:58 e.g. CC = gcc is not a hardcode 2017-05-12 20:04:00 :P 2017-05-12 20:04:24 not? I thought that `CC ?= gcc` is needed to make it overridable 2017-05-12 20:04:41 nope 2017-05-12 20:04:43 :) 2017-05-12 20:04:47 ?= takes it from the environment 2017-05-12 20:04:49 but 2017-05-12 20:04:55 e.g. make CC=gcc even overrides normal assignments 2017-05-12 20:05:04 (as opposed to CC=gcc make, which puts it into the env) 2017-05-12 20:06:14 aha 2017-05-12 20:06:37 so basically you can override any variable defined in Makefile? 2017-05-12 20:08:20 yes, if you declare them as make variables, not env variables 2017-05-12 20:08:31 make CC=gcc -> CC is a make variable 2017-05-12 20:08:50 CC=gcc make -> CC is an env variable which will be overridden by make variables 2017-05-12 20:09:22 it's more complex than it needs to be, and it takes some getting used to, but it kinda makes sense and can be worked with. 2017-05-12 20:09:56 coredumb: the CoC proposal is largely to prevent some outsider from showing up and shoving some less desirable CoC on us 2017-05-12 20:11:55 kaniini_: just so that it's clear to me, what kind of outsiders are we talking about? 2017-05-12 20:12:08 coredumb: do you need an example? 2017-05-12 20:12:24 coredumb: https://bugs.ruby-lang.org/issues/12004 2017-05-12 20:13:48 jirutka: ok 2017-05-12 20:14:28 that particular outsider seems unlikely to show up 2017-05-12 20:14:37 indeed 2017-05-12 20:14:42 for me this is the main reason why I’ve agreed with this CoC effort, to avoid similar situation as in Ruby and many other OSS projects where someone as Coraline came, started enormous shitstorm and basically *forced* her CoC to the community 2017-05-12 20:15:06 coredumb: essentially, we are just defining pre-existing policy as a formality, there's nothing to be concerned about 2017-05-12 20:15:07 I'm sure you have someone in mind .... amm I wrong? 2017-05-12 20:15:24 no, it is just a precautionary measure for a few reasons 2017-05-12 20:15:42 ok 2017-05-12 20:15:59 1) to encourage trolls to go do their CoC troll somewhere else 2017-05-12 20:16:16 2) to define specifically what is already disallowed in our communication fora 2017-05-12 20:16:55 3) since it's in writing, anyone we delegate moderator privileges too will know as some kind of guideline what is acceptable or not 2017-05-12 20:19:00 ok makes sense 2017-05-12 20:31:06 1) still seems needlessly paranoid to me, but whatever 2017-05-12 20:36:50 Hmm, do we have Ada packaged anywhere? 2017-05-12 20:38:08 Ada? I’m not sure, maybe in Museum of programming languages? :) 2017-05-12 20:39:02 Yeah, or anything that requires safety verification. 2017-05-12 20:39:51 Ada programs are mathematically verificable for coretness? 2017-05-12 20:40:01 Yup. 2017-05-12 20:40:05 hmm, interesting 2017-05-12 20:40:07 didn’t know that 2017-05-12 20:40:35 Milspec/spacecraft computers use it. 2017-05-12 20:41:43 isn’t there any newer lang that can be verificable and there’s tool for that? 2017-05-12 20:42:07 Not that I'm aware off off hand with certified commercial compilers. 2017-05-12 20:42:45 yes, we do have Ada packaged. 2017-05-12 20:43:05 gcc-gnat will pull in all ada stuff 2017-05-12 20:43:30 Thank you kaniini_! 2017-05-12 20:43:51 Ada first appeared in 1980… I’ve confused it with some other lang, this is much younger than I expected 2017-05-12 20:44:15 last stable release 2016 2017-05-12 20:44:23 looks pretty alive 2017-05-12 20:44:35 Yes, latest language rev 2012 2017-05-12 20:44:55 jirutka are you thinking ALGOL? 2017-05-12 20:45:10 Or PL/1? 2017-05-12 20:45:44 yes, ALGOL 2017-05-12 20:46:39 Ah, yeah - haven't seen ALGOL around much lately. PROLOG is still kicking though I think. 2017-05-12 20:47:27 Ada is for embedded RT systems, hmm 2017-05-12 20:48:23 Ada looks surprisingly innovative for its age 2017-05-12 20:48:47 shame on me that I didn’t know about it 2017-05-12 20:49:28 also used in the defense industry if I'm not mistaken 2017-05-12 20:54:49 Yes TBB - defense, aerospace, aviation, medical, nukes - anywhere you need real guarentees about behavior and failure modes. 2017-05-12 20:56:05 pls do not use alpine in a nuclear bomb ;/ 2017-05-12 20:56:52 question does musl support libintl.h 2017-05-12 20:56:58 kaniini_: I was referring to power plants, but the point stands -- Linux has no place in critical systems. 2017-05-12 20:57:22 maybe we need to attach an itunes-like disclaimer to alpine 2017-05-12 20:57:27 not to use it for nuclear weapons 2017-05-12 20:57:50 something something imagine dragons - radioactive 2017-05-12 20:57:54 oh damn 2017-05-12 20:57:58 ACTION cancels his project 2017-05-12 20:58:24 arch3y_: it’s provided by gettext-dev… 2017-05-12 20:58:35 thanks 2017-05-12 20:59:01 *lol* - But in all seriousness, any RT-Critical system should NOT be implemented on top of linux. 2017-05-12 21:00:22 what about IoT dildos 2017-05-12 21:00:55 Alpine is nice for servers or non-critical embedded use, but shouldn't even be considered for things such as driverless cars, human-interacting robotics, or anything that is inherently dangerous. 2017-05-12 21:01:30 kaniini: Hmm, not sure on those ;) 2017-05-12 21:02:02 it may alarm you to find out that the google self driving car runs on linux 2017-05-12 21:02:31 TemptorSent: indeed, but there are still a lot of idiots who build something that really needs RT system on top of vanilla Linux :( 2017-05-12 21:02:50 Yes, I do find all such systems distrubing since I know how they fail. 2017-05-12 21:03:19 what about linux-rt 2017-05-12 21:03:31 jirutka: Realistically, the RT components should be running on a dedicated RT kernel and hardware with proper watchdogs. 2017-05-12 21:03:38 TemptorSent: and I wouldn’t be surprised at all if some cars have critical driving systems directly connected with entertainment system written in JavaScript… :( 2017-05-12 21:04:27 linux-rt is not a true RT solution -- you can't control interrupts nearly fine-grained enough to make a safety-critical system. 2017-05-12 21:04:57 kaniini: linux-rt is better than vanilla, but still quite bad for RT, at least based on what I heard from one engineer at CTU who teach RT systems 2017-05-12 21:05:03 Yeah, the more I see of integrated automotive technology, the more I run screaming the other way. 2017-05-12 21:05:38 linux-rt basically gives you the ability to set bounded latency -- but that's about all. 2017-05-12 21:06:06 Nothing in the kernel is designed with RT operation in mind. 2017-05-12 21:06:08 one company I’d rather not name really wanted to implement some part of entertaiment system to car in Dart! 2017-05-12 21:06:11 it seems that musl is helping ppl clean up their code and fix weird things 2017-05-12 21:06:40 arch3y_: Making things actually portable tends to do that :) 2017-05-12 21:06:49 arch3y_: yes, that was basically one of the main messages in ncopa’s talk on FOSDEM :) 2017-05-12 21:06:57 car entertainment systems are not a problem lol 2017-05-12 21:07:00 they have no hard-rt requirements 2017-05-12 21:07:16 but yeah, linux for hard-rt is a no-no 2017-05-12 21:07:20 Shiz: the problem is that these systems are often not properly isolated from critical systems! 2017-05-12 21:07:32 jirutka: sure, but that's not what TemptorSent is talking about 2017-05-12 21:07:33 yeah its kind of nice I dont know much about C but it seems to be fixing alot of bad habits in code 2017-05-12 21:07:36 Spamming a shared canbus is BAD. 2017-05-12 21:07:42 hard-rt doesn't spread across communication buses :p 2017-05-12 21:07:50 entertainment systems just need to be secure, not hard-rt 2017-05-12 21:07:58 (and there alpine could help... if you wanted to go for linux) 2017-05-12 21:08:10 (help, it is not a total solution of course) 2017-05-12 21:08:54 Shiz: When the entertanment system is using the same canbus as the vehicle control system, bad RT behavior on the entertainment device CAN cause serious issues on the control side. 2017-05-12 21:09:15 Shiz: funny you should mention that, the radio in my car infact does seem to run both alpine *and* docker 2017-05-12 21:09:17 :| 2017-05-12 21:09:21 hah 2017-05-12 21:09:27 Nice kaniini_! 2017-05-12 21:10:01 it also boots off an SD card 2017-05-12 21:10:06 that is inside it 2017-05-12 21:10:10 instead of having proper flash 2017-05-12 21:10:15 good work General Motoros 2017-05-12 21:10:18 Motors* 2017-05-12 21:10:21 ACTION thumbs up 2017-05-12 21:10:54 kaniini_: Docker in car?! WHAT THE HELL? 2017-05-12 21:11:07 jirutka: indeed, it's in the legal notices 2017-05-12 21:11:10 kaniini_: you must be kidding 2017-05-12 21:11:12 soon: docker in your ship 2017-05-12 21:11:14 ... wait 2017-05-12 21:11:22 jirutka: i guess each 'app' runs in its own docker container 2017-05-12 21:11:26 Shiz: CAN-bus is explicitly designed to support hard RT usage, and often serves to replace RS-485 or SPI/I2C links. 2017-05-12 21:11:28 kaniini_: OMFG, I don’t wanna live on this fucking insane planet anymore 2017-05-12 21:11:36 TemptorSent: okay that's fair 2017-05-12 21:11:42 jirutka: hey, at least it has isolation 2017-05-12 21:11:47 GM does not use CAN anymore 2017-05-12 21:11:50 it uses ethernet 2017-05-12 21:11:52 true story 2017-05-12 21:11:53 Shiz: you mean “isolation”? 2017-05-12 21:11:55 your entertainment system is 99% likely to use linux anyway 2017-05-12 21:12:06 might as well put SOME effort into isolating stuff 2017-05-12 21:12:11 jirutka: userns is better than nothing 2017-05-12 21:12:12 ;p 2017-05-12 21:12:29 this world is insane 2017-05-12 21:13:00 kaniini_: Is it "ethernet" or "EtherNet" (two VERY different things) 2017-05-12 21:14:08 TemptorSent: ethernet 2017-05-12 21:14:22 kaniini_: Any idea of what protocol stack? 2017-05-12 21:14:29 TemptorSent: IP 2017-05-12 21:14:43 Hmm, that's odd. 2017-05-12 21:15:03 TemptorSent: yes, my GM death trap is running it's own IP network, and the OnStar (GM IoT platform) module serves as the router and switch 2017-05-12 21:15:05 That doesn't qualify for hard-rt. 2017-05-12 21:15:24 TemptorSent: it is not twisted-pair cabling, just the ethernet signalling itself, to be clear 2017-05-12 21:15:36 TemptorSent: send all blame to broadcom 2017-05-12 21:15:46 Ahh, that module must provide the interfacing to the vehicle control systems. 2017-05-12 21:16:18 Yeah, ethernet with no PHY is common in such applicaitons. 2017-05-12 21:17:57 entirely unrelatedly 2017-05-12 21:18:14 thing i want to work on post-3.6: seeing how viable using clang as a system compiler is 2017-05-12 21:18:18 including hardening 2017-05-12 21:18:38 yes, absolutely 2017-05-12 21:18:43 That would be nice Shiz. 2017-05-12 21:25:30 Holy crap - gnat is pulling in 62 new packages?!? 2017-05-12 21:27:15 ada is serious business 2017-05-12 21:28:10 Hmm, broke on first try, then started with 'apk update --available', which seems to be pulling in a bunch of unrelated stuff. 2017-05-12 21:28:36 tiff, freetype, etc. 2017-05-12 21:32:05 yes, --available means upgrade the distribution :P 2017-05-12 21:41:40 isn't it basically the equivalent to dist-upgade? 2017-05-12 21:42:31 Bloody hell, kernel is still eating itself on upgrade :/ 2017-05-12 21:42:58 awilfox: sorta 2017-05-12 21:43:02 what is in your /etc/apk/world 2017-05-12 21:43:03 depmod is trying to run against `uname -r` rather than the newly installed kernel. 2017-05-12 21:43:11 oic 2017-05-12 21:43:20 on a technical level, it changes apk behavior to prefer upgrading versioned dependencies rather than holding them at the same version 2017-05-12 21:43:31 e.g. if clang depends on llvm=4.0.0, it would normally hold it 2017-05-12 21:43:33 err 2017-05-12 21:43:35 >=4.0.0 2017-05-12 21:43:39 even if a newer verison is available 2017-05-12 21:43:42 if i understand it correctly 2017-05-12 21:43:50 That appears to be correct. 2017-05-12 21:44:20 ah. 2017-05-12 21:44:39 kaniini - see 'kmod-23-r1.trigger' for the fubared depmod it looks like. 2017-05-12 21:45:28 I have modules now, but they're not being properly handled by the script. 2017-05-12 21:46:00 omfg, in #opensmtpd are really idiots 2017-05-12 21:46:38 I don’t have any patience for this 2017-05-12 21:46:48 this level of arrogant stupidity 2017-05-12 21:47:03 you had higher expectations for the openbsd crowd ? 2017-05-12 21:47:08 So, what calls kmod.trigger? 2017-05-12 21:47:13 kaniini_: yes 2017-05-12 21:47:29 they are "we are always right" blowhards, any email thread involving them would tell you this ;) 2017-05-12 21:47:37 kaniini_: aha :( 2017-05-12 21:48:22 I should consider switching back to Postfix 2017-05-12 21:48:24 i uhm 2017-05-12 21:48:29 kind of am on their side on this one 2017-05-12 21:48:36 no offense but you were kind of acting like a dick 2017-05-12 21:48:39 Shiz: have you read the recent conversation? full of it? 2017-05-12 21:48:44 i've read the entirety, yes 2017-05-12 21:49:19 Shiz: sorry, but I’ve reported them problem in the documentation, explained million times why it’s a problem and posted patch that actually fixes the primary problem (duplicated information) 2017-05-12 21:49:38 and they asked me to write a proper FAQ page for them… like it has anything in common 2017-05-12 21:49:48 this is totally different issue 2017-05-12 21:50:10 and then he asked to just updated the outdated info, so he apparently still don’t understand the problem of duplicated source of truth 2017-05-12 21:50:24 sorry, but this is idiocy 2017-05-12 21:50:26 or, from their side: you come in ranting angrily about a fault in a page and then submit a diff to remove all of it 2017-05-12 21:50:32 i can understand why they'd be wary 2017-05-12 21:50:38 you were kinda aggressive during your whole interaction 2017-05-12 21:50:47 Shiz: yes, b/c removing this page is the only proper solution of this exact problem 2017-05-12 21:50:56 Shiz: writing proper replacement is different issue 2017-05-12 21:51:11 i guess they don't want to throw out the baby with the bathwater 2017-05-12 21:51:21 Shiz: and yes, I agree that my introduction was bad, but I think that i’ve explained why I acted like that 2017-05-12 21:51:28 jirutka: right, but there's the thing 2017-05-12 21:51:32 anywyay, I’ve reported them problem, they don’t give a fuck 2017-05-12 21:51:35 you explained but never apologized (that i saw of) 2017-05-12 21:51:42 and you continued being pretty aggressive :p 2017-05-12 21:51:49 i'm not saying you're not right on a technical level btw 2017-05-12 21:51:57 i'm just saying i can see why they'd be kinda wary 2017-05-12 21:52:02 does it even matter? it doesn’t look like he really understand what the fuck is the real problem here 2017-05-12 21:52:28 and yes, his reactions made me very upset, so at the end I was very aggressive 2017-05-12 21:52:49 b/c I can’t understand how can be anyone so stupid/arrogant/whatever 2017-05-12 21:53:53 it’s so simple issue, not anything you need doctorate from users psychology etc. 2017-05-12 21:54:47 but what the heck I’ve expected from people who has web like this https://opensmtpd.org/ and soure code in CVS… 2017-05-12 21:56:09 jirutka: https://www.youtube.com/watch?v=OdIJ2x3nxzQ :) 2017-05-12 21:56:33 and I even wasted like a half hour trying to find the best approach how to semantically encode into HTML page that it’s replaced by some other page, without need to add HTTP 301 to web server; so I eventually just added meta for robots to not index that page 2017-05-12 21:56:38 jirutka: chill, there is no sense to get so angry 2017-05-12 21:58:53 and now I’m trying to understand this stupidity of crappy libtool http://stackoverflow.com/a/16070483/2217862 2017-05-12 21:59:11 "you MUST specify SOME sort of an argument (LINK-COMMAND) referring to a tool; BUT that LINK-COMMAND argument doesn't even need to exist as a real program" 2017-05-12 21:59:16 welp, I received a call 5 minutes before ending my shift that something does not work 2017-05-12 21:59:18 fun fun 2017-05-12 21:59:29 :( 2017-05-12 21:59:29 jirutka: open the yt url linked :P 2017-05-12 22:01:40 jirutka: Is it just using it as a placeholder name? 2017-05-12 22:01:53 TemptorSent: probably 2017-05-12 22:02:09 dunno the convo here but it sounds like you are being "we are always right" back at them :p 2017-05-12 22:02:10 "build-my-whatever" 2017-05-12 22:02:28 and when two conflicting opinions both come from "we are always right" people... 2017-05-12 22:02:30 lol 2017-05-12 22:02:38 ar: `u' modifier ignored since `D' is the default (see `U') o.O 2017-05-12 22:02:49 jirutka: i've seen that one around 2017-05-12 22:02:51 you can ignore it afaik 2017-05-12 22:04:19 Hmm, yeah 'u' only works if timestamps are non-zero. 2017-05-12 22:05:31 yeah, it looks that it produces the same result as when i run ar manually, so it should be hopefully okay 2017-05-12 22:18:53 martanne: FYI, there’s now lua-lpeg-dev with lpeg.a for Lua 5.[123] and libtermkey-dev with added libtermkey.a in edge 2017-05-12 22:20:14 hmm 2017-05-12 22:20:31 looks like a grsecurity stting is blocking people from running glx-accelerated stuff as non-root 2017-05-12 22:21:14 what setting causes that? 2017-05-12 22:21:28 GRKERNSEC_SYSFS_RESTRICT 2017-05-12 22:21:39 libdrm can't read the relevant entries in /sys and thus fails to identify the card 2017-05-12 22:22:44 Shiz: this is problem even for LXC when you want to use userns https://github.com/lxc/lxc/issues/296#issuecomment-234708658 2017-05-12 22:23:00 Shiz: so I’d suggest to disable it in our grsec kernel 2017-05-12 22:23:27 i wish it could be enabled with a sysfs toggle 2017-05-12 22:23:29 :P 2017-05-12 22:23:50 that's what I've been seeing suggest as a solution: disable it and if you require restrictions then write a policy 2017-05-12 22:23:58 suggested* 2017-05-12 22:27:22 interestingly enough you just solved some of my scheduling problems for the weekend jirutka; I was supposed to try some of those namespace tools like firejail with a grsec enabled system; looks I won't have to if it's problematic :) 2017-05-12 22:28:21 TBB: this should not discourage you, I run LXC on grsec kernel without any problem, just some grsec features must be disabled, like this one 2017-05-12 22:29:05 TBB: my personal notes about grsec for installing LXC on Gentoo, few years old, so not sure if still relevant https://dpaste.de/iNk0 2017-05-12 22:30:27 is there a way with apk to tell which pkg provides a fil 2017-05-12 22:30:42 or is it best to just read the file listing on the pkgs sit 2017-05-12 22:32:19 arch3y_: currently it’s not 2017-05-12 22:32:30 arch3y_: it’s planned feature for next gen of apk 2017-05-12 22:33:28 jirutka: ok thanks for the info 2017-05-12 22:36:29 Yeah, we need package manifests to support that ability easily. 2017-05-12 22:36:47 something like the files tarball in arch 2017-05-12 22:36:51 TBB firejail + grsec + firefox works nicely here 2017-05-12 22:37:06 even with a dedicated firefox user 2017-05-12 22:37:09 I know its a bad word but itd be nice to pull down those manifests and run a command to search 2017-05-12 22:37:10 oh cool! 2017-05-12 22:37:12 arch3y_: Ideally, something more complete and useful. 2017-05-12 22:37:25 rightfully so 2017-05-12 22:37:48 you guys are the experts I just use the things 2017-05-12 22:38:01 arch3y_: I'm working on a suite that handles manifests, indexes, and dep-chains. 2017-05-12 22:38:06 I find it a fascinating idea to do some ostree + firejail + appimage magic for fun 2017-05-12 22:38:08 but i don't run any webgl stuff 2017-05-12 22:38:23 and this is encouraging :) 2017-05-12 22:38:34 nice I can see there are some interesting advantages built into abuild Im enjoying pkging software 2017-05-12 22:38:36 for apline 2017-05-12 22:39:08 arch3y_: Combined, that allows determining the deps directly for any particular individual file, both by file and by package. 2017-05-12 22:39:20 jirutka: thanks, I will check it out later. 2017-05-12 22:40:13 It could even allow us to do something like 'alien' packaging without a lot of work. 2017-05-12 22:48:12 kaniini - When you have a moment, I'd like to discuss a couple of general purpose tools for alpine, namely a manifest/index tool, a dep-solver, and a pax archiver. 2017-05-12 22:51:18 Those tools could be the guts of apk 3, as well as being useful independently. A minimal graph-structured database would round out the features. 2017-05-12 22:55:26 I don't want to start hacking on any of that in C (or other language?) until some significant discussions have taken place, but I'd like to start working that direction. 2017-05-12 22:58:12 jirutka: could you also add a static version of unibilium? The termkey.pc file should probably reference it. Thanks again, I'm off to bed for now. 2017-05-12 23:01:11 Has anyone figured out how to package cmucl? 2017-05-12 23:05:40 Bloody bootstrap chicken and egg problem :/ 2017-05-12 23:08:21 kaniini: ncopa: https://github.com/Shizmob/grsecurity-research 2017-05-12 23:08:36 publicized my repo about splitting up grsec in order to understand it more properly 2017-05-12 23:08:51 might be relevant to our 3.6 maintenance plans 2017-05-12 23:10:58 7.13 MB in UNSPLIT? Ouch! 2017-05-12 23:11:23 down from... more than that 2017-05-12 23:11:45 Yeah, what a mess! 2017-05-12 23:13:19 A lot of function prototype changes too, which means the propagate through the entire codebase. 2017-05-12 23:14:06 UDREF isn't exactly small. 2017-05-12 23:14:46 uderef also isn't nearly done being split up 2017-05-12 23:15:09 i haven't split out the x86 code yet for instance 2017-05-12 23:15:13 which is by far the biggest chunk 2017-05-12 23:15:16 (and the most invasive) 2017-05-12 23:16:16 Yeah, that looks like much of the changeset. A lot of auditing needed, some of the code looks potentially fragile and probably needs to ifdefed. 2017-05-12 23:16:59 Oh, that asm trick is fugly tool 2017-05-12 23:17:25 ? 2017-05-12 23:18:13 It appears to be relying on the integer length (rather than the previous long or size_t) for partitioning the memory space. 2017-05-12 23:18:30 where? 2017-05-12 23:19:12 does anyone know how (and if) should be static library (.a) properly recoded in pkgconfig (.pc) file? 2017-05-12 23:22:22 Shiz - trying to track down what's going on, it may be the semantics changed as well. 2017-05-12 23:25:53 Ahh, okay - it looks like it's related to contstifying, and the pointer changed to a struct, so the index makes sense I guess. 2017-05-12 23:26:38 explicit use of u64 in place of several of the size_t and ptr types as well. 2017-05-12 23:28:28 But here's one I don't know if I trust: drivers/gpu/drm/radeon/mkregtable.c @@ -624,14, +624,14 @@ 2017-05-12 23:29:02 -size_t end; / +long end; 2017-05-12 23:32:35 jirutka - kaniini would be the one to ask. 2017-05-12 23:33:11 jirutka: direct path to the .a, and only put it in libs.private 2017-05-12 23:33:19 ideally 2017-05-12 23:33:40 in reality you probabyl dont want to do that 2017-05-12 23:33:46 kaniini: relative path, e.g. libs.private: libfoo.a ? 2017-05-12 23:33:51 no 2017-05-12 23:33:57 you want 2017-05-12 23:34:06 Libs.private: -L/path/to/libfoo -lfoo 2017-05-12 23:34:17 well 2017-05-12 23:34:19 it depends 2017-05-12 23:34:22 what exactly is the .a 2017-05-12 23:34:33 can it be used with .so files? 2017-05-12 23:34:34 etc 2017-05-12 23:34:36 okay, I’ll wait for martanne if he actually really need it 2017-05-12 23:40:40 i've spent the past 2 hours trying to make virt-install work 2017-05-12 23:40:40 then i remembered, red hat makes systemd 2017-05-12 23:40:48 and i realized quickly that this was a fool's errand 2017-05-12 23:40:49 *lol* 2017-05-12 23:42:22 heh "The intention is not to be bug for bug compatible with vi(m)" :) 2017-05-12 23:42:43 but-to-bug compatibility, I must remember this :) 2017-05-12 23:43:09 it does weird shit with lvm 2017-05-12 23:43:19 virt-install works fine on not-systemd 2017-05-12 23:43:45 I don't use it any more though, because I switched from xm to xl 2017-05-12 23:43:52 and virt-install does some weird stuff with xl 2017-05-12 23:43:59 awilfox: it's because of lvm 2017-05-12 23:44:04 oh. 2017-05-12 23:44:12 it is trying to do things with lvm that i do not want it to do 2017-05-12 23:44:17 and then failing 2017-05-12 23:44:38 some weird bullshit involving snapshots 2017-05-12 23:44:47 and then it tries to swap out for a snapshot 2017-05-12 23:44:48 or something 2017-05-12 23:45:07 i don't think virt-install actually works with libvirt-managed LVM pools 2017-05-12 23:45:45 all i know is. 2017-05-12 23:45:49 when i did it by hand, it works fine 2017-05-12 23:45:50 :D 2017-05-12 23:46:02 do you really need virt-install or libvirt? isn’t https://github.com/jirutka/qemu-openrc sufficient? ;) 2017-05-12 23:46:04 and libvirt is kind of a piece of junk anyway 2017-05-12 23:46:28 jirutka: actually i do need some sort of management layer because we have literally 1000s of VMs 2017-05-12 23:46:36 kaniini: aha, understand 2017-05-12 23:46:42 i will just make something myself 2017-05-12 23:46:46 this libvirt is too bullshit 2017-05-12 23:46:50 agree 2017-05-12 23:47:06 libvirtd is horrible piece of shit 2017-05-12 23:47:30 some sort of MQTT thing i guess i will make 2017-05-12 23:47:38 and then an agent that subscribes to MQTT topics 2017-05-12 23:47:44 and acts on them 2017-05-12 23:48:24 making a better libvirt+friends was on my todo list but then everyone started dissing xen (this was around 4.0 - 4.1 era) and when I would look up stuff it would all say "no, use kvm instead" so I gave up \o/ 2017-05-12 23:48:46 kaniini: please get me informed about progress, I’d like to try that tool! :) 2017-05-12 23:49:03 I've had a distant eye on those things too, and never did anything for the same reason as awilfox 2017-05-12 23:49:12 yeah, something nicer than `xl ...` would be fantastic 2017-05-12 23:49:25 I could likely source a c2q or such for testing it 2017-05-12 23:51:41 vis looks really interesting, I’ll try to use it for some time 2017-05-12 23:51:56 also, fwiw, I have not even touched qemu in some years, except for some limited FreeBSD testing; I use xen pv for everything 2017-05-12 23:52:00 much faster and lighter :) 2017-05-12 23:53:23 @kaniini │ i've spent the past 2 hours trying to make virt-install work 2017-05-12 23:53:30 this is why i use a custom qemu wrapper thing 2017-05-12 23:53:31 :P 2017-05-12 23:53:57 awilfox: skarnet: libvirt doesn't have to use xen 2017-05-12 23:53:58 awilfox: kvm is necessary in this setup because it is for the windows farm 2017-05-12 23:54:00 it can use qemu-kvm just fine 2017-05-12 23:54:12 awilfox: but hey, at least we wont have to keep disinfecting our vmware machines 2017-05-12 23:54:50 yeah, I used to use libvirtd with QEMU/KVM… actually I even didn’t know that it works with Xen too… but as I said, I really can’t recommend libvirtd 2017-05-13 00:00:23 kaniini: How does apk currently handle cyclical constraints? 2017-05-13 00:01:33 Shiz: kaniini: jirutka: my point was I wanted to make one specifically for xen, because I don't like nor do I care about KVM 2017-05-13 00:01:43 ah 2017-05-13 00:01:44 the performance is abysmal 2017-05-13 00:01:58 back when I actually ran servers for a living, that mattered 2017-05-13 00:01:59 TemptorSent: error 2017-05-13 00:02:01 idk, worked fine for me 2017-05-13 00:02:35 Shiz: postgresql had about a 30% performance increase putting it on xen, and apache was able to serve about 150 req/s more under xen 2017-05-13 00:02:48 like I said, it mattered when I ran servers for a living 2017-05-13 00:02:56 I don't any more so I probably don't need xen's speed and decency 2017-05-13 00:03:03 not doubting your abilities of course, you did use all the kvm pv drivers? 2017-05-13 00:03:05 awilfox: gandi switched from xen to kvm for performance reasons, they say they gained 20% ^^' 2017-05-13 00:03:06 but I got used to it so I still use it 2017-05-13 00:03:06 virtio and the like 2017-05-13 00:03:19 cache=writeback & virtio gets you a very long way 2017-05-13 00:03:20 Shiz: yes, it was using virtio 2017-05-13 00:03:39 Shiz: without virtio I doubt apache would have worked at all >.> 2017-05-13 00:03:45 lol 2017-05-13 00:04:15 kaniini: Okay, I have one solver that can resolve all forward deps, including cycles, while the revdep based solver will not resolve them. 2017-05-13 00:04:30 skarnet: they were probably using hvm instead of pv, not going to try and say xen is faster than kvm for hvm crap like openbsd or NT 2017-05-13 00:04:48 skarnet: but freebsd and linux are what I run, and those perform much better under xen 2017-05-13 00:05:06 at least, in my experience 2017-05-13 00:05:13 TemptorSent: i think it will try to bring both deps in with equal weight if it is a trivial cycle 2017-05-13 00:05:28 yeah, they weren't using pv 2017-05-13 00:05:31 kaniini: The revdep solver should be orders of magnitude faster at large scale because it only visits each node once per dep. 2017-05-13 00:05:31 awilfox: yes, PV is obviously faster than full virtualization 2017-05-13 00:05:46 but afaik they're using Linux 2017-05-13 00:05:52 kaniini: well, kvm can do pv too, which is what I was using 2017-05-13 00:06:01 awilfox: not like xen pv 2017-05-13 00:06:05 true :) 2017-05-13 00:06:20 what does kvm pv mean? 2017-05-13 00:06:32 kvm with pv drivers 2017-05-13 00:06:33 xmux: virtio and I think it may have dynamic CPU scaling 2017-05-13 00:06:34 probbly? 2017-05-13 00:06:36 awilfox: xen itself is a microkernel, it starts a domain up as if it were just another process 2017-05-13 00:06:39 ah ok 2017-05-13 00:06:41 kaniini: A better question is what is the desired output of the solver given a cycle in the dep-tree? 2017-05-13 00:06:45 https://en.wikipedia.org/wiki/Paravirtualization 2017-05-13 00:06:53 awilfox: the real thing to compare kvm to is vmware, not xen pv 2017-05-13 00:07:10 ugh vmware 2017-05-13 00:07:12 Yes I know what paravirtualization is, and kvm doesn't do it according to the general definition 2017-05-13 00:07:14 i ran esxi on a box for years 2017-05-13 00:07:17 worst time of my life 2017-05-13 00:07:41 kaniini: hmm, then I think I take vmware's ability to not STOP windows.. or did they fix that yet in kvm? lol 2017-05-13 00:07:51 it was pretty awful back in 2011-2014 2017-05-13 00:08:51 esxi's half-ass ssh 2017-05-13 00:08:53 :P 2017-05-13 00:09:09 i remember it randomly stopping the ssh service 2017-05-13 00:09:13 kaniini: As it is, I can build both fully resolved and broken dep chains with both solvers, and I've built-in a set of tests. 2017-05-13 00:09:22 regularly got https://msdn.microsoft.com/en-us/library/windows/hardware/ff557211%28v=vs.85%29.aspx 2017-05-13 00:09:24 which means i had to boot up my win7 vm to use their windows-only gui management tool 2017-05-13 00:09:28 to get ssh running again 2017-05-13 00:09:29 like, every 2-3 days, under kvm 2017-05-13 00:09:38 The cyclic deps is the only place they differ in resolving. 2017-05-13 00:09:44 also, contrary to what vmware says you can perfectly fine reset esxi root passwords without reinstalling (and losing your data) 2017-05-13 00:10:05 Shiz: trust me i know 2017-05-13 00:10:06 you just gotta boot into a livecd, mount the correct partition (out of 7 or 8), untar a file, edit the etc/passwd in there and tar it back up 2017-05-13 00:10:08 a fun experience 2017-05-13 00:10:09 Shiz: we have to do it every week 2017-05-13 00:10:17 Shiz: because there is some ESXi worm 2017-05-13 00:10:41 lol 2017-05-13 00:10:47 Shiz: we eventually just locked out the ESXi machines at network edge 2017-05-13 00:10:49 I never received such an error under kvm, or xen hvm 2017-05-13 00:10:57 err 2017-05-13 00:11:04 I never received such an error under vmware or xen hvm 2017-05-13 00:11:09 I received the error under kvm :P 2017-05-13 00:11:34 xen sucks for running windows at high density 2017-05-13 00:11:43 evtchn flooding is a serious problem 2017-05-13 00:11:56 in fact, xen hvm sucks in general 2017-05-13 00:12:05 not even that, it can't use KSM 2017-05-13 00:12:15 you can *seriously* overcommit windwos using KVM + KSM 2017-05-13 00:12:19 windows* 2017-05-13 00:12:43 you don't want to use KSM... 2017-05-13 00:12:50 i do not need KSM 2017-05-13 00:12:55 i have 512GB of RAM 2017-05-13 00:12:57 ;) 2017-05-13 00:12:58 KSM + rowhammer = cross-VM tampering 2017-05-13 00:13:22 Shiz: I didn't say it was a good idea, I simply said it was possible 2017-05-13 00:13:26 and ridiculously easy 2017-05-13 00:13:33 https://www.vusec.net/projects/dedup-est-machina/ 2017-05-13 00:13:35 :) 2017-05-13 00:14:39 wrong link, i think 2017-05-13 00:14:45 https://www.vusec.net/projects/flip-feng-shui/ 2017-05-13 00:14:56 it was this one 2017-05-13 00:15:21 Shiz: life sucks and then you enable ptrr and stop thinking about this stuff 2017-05-13 00:16:15 and anyway, sometimes that is acceptable, consider a developer just doing testing across a bunch of configurations 2017-05-13 00:16:55 if you don't care about the integrity of the windows VMs because they're just throwaway things, who cares about owning? it can squeeze more into a single computer without needing RAM upgrades 2017-05-13 00:17:11 and considering manufacturers like apple and lenovo are starting to solder memory to the boards instead of using sockets... 2017-05-13 00:17:17 what makes you think this is limited to vm-to-vm 2017-05-13 00:17:18 that will continue to be a thing 2017-05-13 00:17:22 it's just as easy applicable to vm-to-host 2017-05-13 00:17:24 :) 2017-05-13 00:17:37 Shiz: if I cared about vm-to-host security, I would be using hardware solutions like powerpc lpars 2017-05-13 00:17:56 xen and vmware and kvm and qemu and all of them fail very badly at making me feel like the vm can't own the host 2017-05-13 00:18:35 i'm sure you'll get a lot of customers offering ppc machies :p 2017-05-13 00:19:08 didn't know I had customers that cared about the architecture of my mail/web/database servers... lol 2017-05-13 00:19:51 that reminds me, I need to see if musl/ppc64 actually works on not-power8 2017-05-13 00:20:03 or if I need to spend my weekend rewriting it 2017-05-13 00:20:47 awilfox: speaking of which, please tell me when I can use georgie again 2017-05-13 00:21:42 awilfox: i can give you an answer to that: no 2017-05-13 00:21:46 it's only ppc64le 2017-05-13 00:21:48 afaik 2017-05-13 00:22:14 Shiz: no, they have a big endian port, but it uses the v2 ABI 2017-05-13 00:22:30 Shiz: and IBM says that ABI requires either "power8 features to be available, or emulated by the system" 2017-05-13 00:22:40 oh, hm 2017-05-13 00:22:42 Shiz: and dalias says "well I make up the ABI and I say it doesn't require power8 to be available" 2017-05-13 00:23:03 maybe i was confusing some old ML post then 2017-05-13 00:23:10 Shiz: and repeated attempts to tell him "that isn't how it works" have failed, so I need to prove it; and that will require me building a toolchain and showing it spectacularly crashing on my power4e+ 2017-05-13 00:23:39 skarnet: booted, though it seems to think it has an Apple OHCI Root Hub, despite it having USB disabled and not running on an Apple computer. 2017-05-13 00:23:42 these are literally "i need a browser" environments for auditing 2017-05-13 00:24:03 awilfox: no rush, I'm soon going to sleep anyway - I'll just need it some time next week 2017-05-13 00:24:40 skarnet: ah, okay. well, in that case I will go ahead and update it later tonight 2017-05-13 00:24:48 unless you need it to remain on 5.7 2017-05-13 00:25:11 it's your machine, do whatever you need with it 2017-05-13 00:25:28 well it is mainly a machine to test porting 2017-05-13 00:25:39 but none of my projects currently need portability to BSD 2017-05-13 00:25:54 I dunno if you need to remain compatible with the 5.x release line 2017-05-13 00:26:40 honestly, if I need a POSIX feature and 5.* breaks because of it, I'm not going to shed a tear 2017-05-13 00:26:48 6.0 rewrites substantial parts of the libc to be more in line with POSIX 2015 2017-05-13 00:26:58 6.0 is good 2017-05-13 00:27:28 at the very last they decided that maybe self-contained headers was a good thing 2017-05-13 00:27:29 well 6.1 is just released in last weeks, was just saying, I left it at 5.x because it is more effort to port to. 2017-05-13 00:27:46 it is more of an 'exercise' for the code, to be sure it works fine on it 2017-05-13 00:28:14 if you want to upgrade it, be my guest - technically I'm your guest 2017-05-13 00:29:02 if I can answer "just upgrade your shitty OS" to BSDers whining "doesn't build", all the better 2017-05-13 00:30:03 hmm, I just realised: I DO have a project that needs to be portable to BSD 2017-05-13 00:30:12 so having 6.1 available may be worth it 2017-05-13 00:30:39 "Highlights include GCC 4.9.4, KDE 3.5.10, and Firefox 52.0.2" 2017-05-13 00:30:46 openbsd still ships KDE 3, lmao 2017-05-13 00:31:02 trinittyyyyy 2017-05-13 00:32:41 how about BIND 4 2017-05-13 00:36:17 bind 9.10.5 2017-05-13 00:38:09 that was a trick question, the correct answer is "don't ship BIND" 2017-05-13 02:12:06 so 2017-05-13 02:12:25 windows is reporting -4 billion packets received 2017-05-13 02:12:40 quality is job #1 at microsoft or qemu or i don't even know 2017-05-13 02:17:07 virtio is a red hat production 2017-05-13 02:17:51 xentec: my mostly untested POSIX sh/tools port of wg-quick https://txt.shiz.me/MzUzZWM2Y2 2017-05-13 02:17:54 expect breakage 2017-05-13 02:18:27 where 'port' means 'rewrite the bash script line-by-line to take out bashisms' 2017-05-13 02:20:32 small correction: https://txt.shiz.me/YmY1NjJmYW 2017-05-13 06:16:01 kaniini: -4x10^9 sounds about right for Windowz - after all, it's a black hole for time, money, data, and anything else you let near it. 2017-05-13 06:18:06 reminds me of a certain IRC channel 2017-05-13 06:20:20 skarnet: Only one? ;) 2017-05-13 06:21:34 only one I'm foolish enough to frequent LO 2017-05-13 06:21:40 :P, not LO 2017-05-13 06:21:54 Fencepost error. 2017-05-13 06:23:23 (Don't worry, my fingers forget where they are more and more as I get older - it's normal. *twitch*) 2017-05-13 06:27:22 skarnet: Any thoughts on implementing a minimal graph-structured database (n-tuple store) for use by apk? Do you have anything in your bag of tricks that might be of use? 2017-05-13 06:29:31 how many fields can be keys? 2017-05-13 06:29:38 all of them? 2017-05-13 06:29:49 Arbitrary. 2017-05-13 06:30:04 that means "all of them" 2017-05-13 06:30:17 Edge properties differentiate the relationships, not node properties. 2017-05-13 06:30:36 example? 2017-05-13 06:31:29 package a --depends on--> package b ; package a --provides--> file 2017-05-13 06:32:36 --provides should be a virtual capability, not a file 2017-05-13 06:33:24 It's a relationship, allowing looking up packages by file directly. 2017-05-13 06:33:37 you want a complete relational db 2017-05-13 06:33:40 And determine conflicts by airity. 2017-05-13 06:33:46 No, not at all. 2017-05-13 06:34:07 Graph-structured database, not RDBMS 2017-05-13 06:34:18 you do. A table of packages, a table of dependencies, a table of virtual thingies... 2017-05-13 06:34:36 Nope, I want a set of nodes and multiple sets of nodes. 2017-05-13 06:34:39 you don't only have packages here, there are more data types 2017-05-13 06:34:46 you want more than one table 2017-05-13 06:34:49 then edges to connect them. 2017-05-13 06:35:03 No tables involved. 2017-05-13 06:35:37 Tree structures. 2017-05-13 06:36:29 idc about the data structure, that's an implementation detail 2017-05-13 06:36:44 the fact is that you have several types and you want to be able to query them all 2017-05-13 06:36:49 n-linked-2-linked lists is one way to do it. 2017-05-13 06:37:00 again, idc about implementation at this point 2017-05-13 06:37:07 cart before the horse, etc. 2017-05-13 06:37:26 first get the model right 2017-05-13 06:37:36 Given a list of files, a set of deps, and some metadata, I want to be able to walk the tree. 2017-05-13 06:37:53 what tree? 2017-05-13 06:38:22 there's no tree at this point, I want to know what kind of data you're handling 2017-05-13 06:38:23 brb 2017-05-13 06:40:05 Pick a root node, draw an edge from that node to each node referencing it, rinse, repeat :) 2017-05-13 06:40:38 The edges are tagged with the type of relationship, the nodes themselves are keys and optionally metadata. 2017-05-13 06:42:08 So the relationship could be "depends on", and it could exist between different packages, between files (executibles/libraries), init scripts, whatever -- it's a generic relationship. 2017-05-13 06:42:59 polymorphic RDBMS is still RDBMS 2017-05-13 06:43:15 binary:'/sbin/apk' -- depends on --> 'libz.so.1' 2017-05-13 06:44:14 awilfox: No, it really isn't. Please take a look at graph-structured databases vs. RDBMSs, it's quite different. 2017-05-13 06:45:02 Its much closer to a direct linked-list than a RDBMS, with traversals being the primary operation, not query by keys. 2017-05-13 06:46:08 Think DAGs, not tables. 2017-05-13 06:48:02 Essentially, a set of DAGs (possibly generalized to include semantically acyclic cyclic directed graphs), with multiple independent sets of edges connecting them 2017-05-13 06:49:43 Each edge is an annotated set of pointers, each node gets a UUID, a name, a data pointer, and a set of incoming and outgoing edge pointers. 2017-05-13 06:50:53 No tables (except possibly for backing-store, but that's and implementation choice) 2017-05-13 06:52:19 take a look at the output of 'apk dot', which gives the nodes and edges for packages and their deps. 2017-05-13 06:53:31 I'd like to generalize that functionality, and more importantly, be able to interact with it in graph-structred form. 2017-05-13 06:57:29 Bonus points for handling generic vs. specific nodes (package:packagename vs package:packagename=pkgver or package:packagename=:hashtype:hash:) 2017-05-13 06:58:47 So the only index we need is a simple hash index and key index, no table indexing needed since we already have all information in the graph. 2017-05-13 07:00:12 why the heck do you ask questions if you're already made up your mind and won't budge 2017-05-13 07:00:19 you've* 2017-05-13 07:01:04 i.e. binary:'/sbin/apk' --(depends on)--> libso:'libz.so.1', while binary:'/sbin/apk':sha512: --(depends on)--> libso:'libz.so.1.2.11':sha512: 2017-05-13 07:01:26 if you're going to ask for my input, then please 1. describe the problem you want to solve, in accurate terms; 2. don't confuse me with your implementation details or choices; 3. let me think about it the way I see fit, i.e. model first and implementation second 2017-05-13 07:01:27 I haven't made up my mind about anything other than what I'm trying to accomplish. 2017-05-13 07:01:39 you haven't done 1. yet 2017-05-13 07:01:47 you've jumped right into 2. 2017-05-13 07:01:56 and 3, well, let's not even talk about it 2017-05-13 07:04:37 1. I am trying to create a generic, generally useful graph-database that is appropriate for use in system-level tools. It may be used for multiple purposes, including (but not limited to) providing dependency resolution, maintaining hashsets, storing configuration history, other generally graph-like operations. 2017-05-13 07:04:47 if you want to have { files, packages, virtual capabilities } and relations between them, that's exactly what a RDBMS does, so you need to narrow down exactly what it is you want 2017-05-13 07:05:11 I want nodes, edges, and the ability to annotate them. 2017-05-13 07:05:54 A RDBMS requires HUGE overhead by comparison to a graph database for traversals. 2017-05-13 07:06:38 A graph database is explicitly designed to work for highly recursive operations. 2017-05-13 07:06:50 Which is one of the places most RDBMSs suck. 2017-05-13 07:07:10 you are, again, talking about implementation 2017-05-13 07:07:13 Not to mention wanting to use a few hundred k, not a few hundred megs. 2017-05-13 07:07:19 I'm asking you to step away from the implementation 2017-05-13 07:07:22 No, I'm talking about model. 2017-05-13 07:07:25 and to talk about what you WANT 2017-05-13 07:08:54 I'm not sure what I was unclear about what I WANT -- a minimilistic graph-structured database that allows for multiple sets of edges with annotations. 2017-05-13 07:10:14 that's as clear to me as "I want a system to manage our workflow" 2017-05-13 07:10:19 http://whitedb.org/ is a much larger version of the kind of database I'm referring to. 2017-05-13 07:11:20 I don't need full-on RDF, just MINIMAL graph-structure and the ability to traverse it based on the content of nodes/edges. 2017-05-13 07:11:41 you're obviously either not listening, or not understanding what I'm expecting 2017-05-13 07:12:05 I'm afraid I'm not understanding what you're after. 2017-05-13 07:12:06 I don't care about the data structures and I don't want to hear about nodes, edges, lines, circles or easter bunnies 2017-05-13 07:12:23 I want to hear about the tool you're designing and the functionality you want to have 2017-05-13 07:12:29 what command do you want to be able to do 2017-05-13 07:12:38 what are you writing 2017-05-13 07:12:44 what functionality can users expect 2017-05-13 07:13:11 All I WANT is the data-structures, nodes, edges, and the ability to read/write/modify/traverse them. 2017-05-13 07:13:58 bzzzzt! you said nodes and edges again 2017-05-13 07:14:02 I'm out 2017-05-13 07:14:07 It doesn't matter if it's storing keys, packages, users, filenames, or whatever! 2017-05-13 07:14:16 of course it does matter 2017-05-13 07:14:23 but it's too late, you blew your joker 2017-05-13 07:14:26 try again next month! 2017-05-13 07:14:47 Sorry, I don't know how to describe a generic data storage tool more specifically. 2017-05-13 07:15:03 that should give you a clue 2017-05-13 07:15:15 "don't try and write a generic data storage tool" 2017-05-13 07:15:19 Which use do you want? 2017-05-13 07:15:26 that was free consulting 2017-05-13 07:15:46 my usual fare is 450€/day 2017-05-13 07:15:56 always happy to help, have a nice day! 2017-05-13 07:16:00 That's like saying 'don't write a generic regex parsing tool' rather than writing sed. 2017-05-13 07:16:47 Hmm, I thought this was unix land, where small, generically usefull tools were ENCOURAGED. 2017-05-13 07:17:46 I guess either I design, write, and test it by myself, or just give up on trying to improve the tools. 2017-05-13 09:23:02 jirutka: thanks, by now all needed packages have static versions. Only some pkg-config related issues remain. I extracted the two configure checks from vis which should illustrate the problem (or my wrong expectations). 2017-05-13 09:23:15 1) the termkey.pc does not reference unibilium, causing a linker error: 2017-05-13 09:23:18 http://sprunge.us/NFCd 2017-05-13 09:23:34 2) lpeg.a should probably be named liblpeg.a and the Lua package path /usr/lib/lua/5.3 should be added to lua5.3.pc? 2017-05-13 09:23:46 http://sprunge.us/eAOK 2017-05-13 10:55:32 jirutka : I guess we just disable binaryen on s390x for now. we would want s390x ready by monday for rc1. if upstream has something sound, we add it back again ? 2017-05-13 10:56:24 thank you :) 2017-05-13 10:59:38 fabled: could you please help me move testing/ghc to community? 2017-05-13 11:10:33 what the heck is so hard to understand about implicit return values in shell functions?! 2017-05-13 11:36:37 hi, I tried to build LXC container using following template: https://github.com/lxc/lxc/blob/master/templates/lxc-alpine.in that's the result: http://sprunge.us/hDWF 2017-05-13 11:37:38 it seems that dl-cdn mirror is still affected. after changing to nl.a.o or cz.a.o this issue does not occur 2017-05-13 11:45:21 Shiz: kaniini: could please someone look at https://github.com/alpinelinux/aports/pull/1399 ? tbh I have no clue what is this change doing 2017-05-13 11:52:38 jirutka : man 2 posix_fadvise : POSIX_FADV_DONTNEED attempts to free cached pages associated with the specified region. What I understand is the builder is userspace lxc, thus it does not have permission to free the data 2017-05-13 11:54:09 tmh1999: but how will it affect the program? is it okay to change it just because this feature is not allowed under LXC? 2017-05-13 11:55:17 in fact it does not affect at all. the POSIX_FADV_DONTNEED only differs POSIX_FADV_NORMAL in the sense that the latter does not tell the kernel to free the pages/cached data. 2017-05-13 11:55:49 ioping measures the IO perf, then does tell or does not tell the kernel to free the data. 2017-05-13 11:57:04 then why ioping use POSIX_FADV_DONTNEED instead of POSIX_FADV_NORMAL ? 2017-05-13 11:58:31 http://ix.io/tAL : it fails in the $ make test 2017-05-13 11:59:45 jirutka : in fact the same purpose can be achieved with -C option passed to ioping https://github.com/koct9i/ioping/blob/master/ioping.c#L319 2017-05-13 11:59:58 I can do -C just find 2017-05-13 12:00:01 *fine 2017-05-13 12:00:37 but, what I understand is -C and POSIX_FADV_DONTNEED are different 2017-05-13 12:00:52 not same purpose, same goal. 2017-05-13 12:34:16 hello 2017-05-13 13:12:58 so far I have had the devs of netsniff-ng build over 6 patches to fix the source to work on apline 2017-05-13 15:15:35 Shiz: thanks for helping with the netsniff-ng stuff I was thinking it didnt have fopencookie support but I wasnt 100% sure 2017-05-13 15:15:52 :p 2017-05-13 15:16:48 with any luck they will implement a few more changes and it will be done 2017-05-13 15:28:02 Anyone who knows POSIX sh better than I know of a way to deal with this case? https://github.com/alpinelinux/aports/pull/1325#discussion_r115966885 2017-05-13 15:30:55 ashb - use ${pkgver%%.*} perhaps? 2017-05-13 15:31:50 That removes everything after the first period, result is "2" 2017-05-13 15:32:23 ashb - what are you trying to get, the first two? 2017-05-13 15:32:30 2.2 is the result I want 2017-05-13 15:33:55 Go at it the other direction then, trim it off the front, then play the game to remove the suffix 2017-05-13 15:34:30 ashb: it's probably fine to just use cut, imo 2017-05-13 15:34:43 @Shiz that was my thought too :) 2017-05-13 15:35:01 with the varying number of dots it's a pain to do through shell syntax 2017-05-13 15:35:52 _pkgvermajor="${pkgver##*.*.}" && _pkgvermajor="${pkgver%$_pkgvermajor}" 2017-05-13 15:35:55 I can do a horrible version involving ${#x} and %{x:0:...} but that only works in bash (and is not understandable) 2017-05-13 15:36:18 oops, forgot a dot in the second. 2017-05-13 15:37:00 ashb: this is quite tricky… in this case it’ll be better to just hardcode _pkgvermajor=2.2 2017-05-13 15:37:09 hardcoding is fine too imo 2017-05-13 15:37:11 ashb: it’s not changing very often anyway 2017-05-13 15:37:20 as long as it's close to the pkgver, it should be easy to detect 2017-05-13 15:37:22 :P 2017-05-13 15:37:55 seems fair. I'll go for that 2017-05-13 15:38:03 ashb: but to avoid mistakes, simple check in prepare() would be handy 2017-05-13 15:38:13 and set up a proper APKBUILD chain so I can actually test it once I'm back home and have my charger 2017-05-13 15:38:34 @jirutka if it's wrong the download would fail. Is that enough of a check? 2017-05-13 15:38:42 ^that's fine by me 2017-05-13 15:38:49 ashb: ah, right, that’s enough 2017-05-13 15:39:10 Will update it later today 2017-05-13 15:39:16 If that doesn't tell you somethings wrong, something's wrong :) 2017-05-13 15:39:26 ashb: if you're fixing the APKBUILD anyway, could I ask you to remove the || return 1 stanzas too? 2017-05-13 15:39:32 they're not needed anymore 2017-05-13 15:39:46 sure okay. same commit or different (squashing all the other update ones into one anyway) 2017-05-13 15:39:58 it's fine to just squash it all into one commit 2017-05-13 15:41:05 ashb: preferably in separate commit (in the same PR) 2017-05-13 15:41:47 jirutka's opinion supercedes mine :p 2017-05-13 15:42:48 Shiz: it’s usually better when contributors does not squash commits, it’s harder to identify what has been changed since the last time you’ve looked at it and we can always easily squash if if needed when merging ;) 2017-05-13 15:43:44 One commit to update versions, one to update apk. 2017-05-13 15:43:53 add it, apk update, and try again 2017-05-13 15:43:57 whoops wrong chan 2017-05-13 15:44:03 Shiz: also some ppl don’t know git enough and may create quite big mess when using --force 2017-05-13 15:48:13 Shiz: it’s even in https://github.com/alpinelinux/aports/blob/master/.github/CONTRIBUTING.md: "Add your file(s) to git and commit (we will squash your commits if needed)." ;) 2017-05-13 15:48:25 alright 2017-05-13 15:48:30 i will stop asking for that then 2017-05-13 15:48:32 :P 2017-05-13 15:51:45 jirutka: what do you use to merge PRs on the command line? 2017-05-13 15:54:21 Shiz: curl -L https://github.com/alpinelinux/aports/pull/.patch | git am 2017-05-13 15:54:21 also, https://github.com/alpinelinux/aports/pull/1402 LGTM if the commit message is changed to `main/darkhttpd` 2017-05-13 15:54:38 i thought it was in community thanks to that message and tried to merge it 2017-05-13 15:54:40 :D 2017-05-13 15:55:23 Shiz: there’re messed whitespaces https://github.com/alpinelinux/aports/pull/1402/files#diff-5a6267b392b6870ca51bc70b1755e2acR26 2017-05-13 15:55:28 Shiz: I’ll fix it when merging 2017-05-13 15:55:45 any messy whitespace was already thereb efore 2017-05-13 16:02:50 hm, storm is coming, I’ll be probably w/o electricity soon :/ 2017-05-13 16:03:17 (I’m not in Prague now) 2017-05-13 16:13:05 oh dear 2017-05-13 16:13:08 that bad over there? 2017-05-13 16:18:58 to be honest Ive held off on my prs becuase I was a bit nervous about squashing stuff lol 2017-05-13 16:19:02 I knew Id mess it up 2017-05-13 16:19:13 it's okay, i can squash it too 2017-05-13 16:19:16 it's no big issue 2017-05-13 16:36:50 hm, IIRC removing `|| return 1` should be postponed until branching v3.6, to make backporting fixes easier 2017-05-13 16:39:32 what do you mean? 2017-05-13 16:39:43 3.6 would have the version of abuild that does set -e too, no? 2017-05-13 16:40:08 yes 2017-05-13 16:41:29 tbh i don’t know reason behind this, imo it doesn’t matter, just remembering that ncopa mentioned it few times 2017-05-13 16:41:46 Hmm, perhaps a simple fail() function would be wise for semantic and possibly logging purposes? 2017-05-13 16:42:03 no 2017-05-13 16:42:17 it’s not needed since we run abuild with `set -e` 2017-05-13 16:42:54 I mean for explict failure cases, not failed commands. 2017-05-13 16:43:07 like where for example? 2017-05-13 16:43:36 explicit failure case is when command returns non-zero status 2017-05-13 16:43:47 test_for_condition || fail "Condition blah not satisfied, try ..." 2017-05-13 16:44:20 yeah, that may be useful 2017-05-13 16:44:23 So useful debugging information can be provided when -v is set. 2017-05-13 16:44:47 but that’s different issue 2017-05-13 16:45:12 Agreed, just one that comes up with removing the || return 1 in terms of semantics anyway. 2017-05-13 16:45:26 yes 2017-05-13 16:45:39 Tests with no action are semantically confusing. 2017-05-13 16:46:39 '[ -e "$file" ]' vs '[ -e "$file" ] || return 1' for instance. 2017-05-13 16:48:02 Better would be '[ -e "$file" ] || fail "File $file doesn't exist, try creating it (see example...)" 2017-05-13 16:48:41 I don’t remember any case like this in apkbuilds ;) 2017-05-13 16:49:05 there’s usually soma command that itself prints error message 2017-05-13 16:49:43 Yeah, those cases don't need it if they're already semantically correct on failure. 2017-05-13 16:49:52 so I’ve looked into abuild; there’s error command for logging error 2017-05-13 16:50:07 and die command for that logs error and exits 1 2017-05-13 16:50:15 and calls cleanup before existing 2017-05-13 16:50:22 right, fail would log error and return 1, not exit 1 2017-05-13 16:51:06 die-light :) 2017-05-13 16:51:31 it depends on how is trap set in abuild script 2017-05-13 16:51:59 maybe it’s good idea, maybe it’s contraproductive, don’t know now :) 2017-05-13 16:52:12 *counterproductive 2017-05-13 16:52:43 what the hell English? I thought that contra is from Latin… like against… so why counter-…? 2017-05-13 16:52:59 Well, for semantic purposes I think it would be useful, even if it does nothing more than return 1 with optional message. 2017-05-13 16:53:38 Contra is diametric opposite. 2017-05-13 16:54:16 hm, yeah 2017-05-13 16:54:18 TemptorSent │ Better would be '[ -e "$file" ] || fail "File $file doesn't exist, try creating it (see example...)" 2017-05-13 16:54:18 contrapositive for instance being the set exclusive the set of positive. 2017-05-13 16:54:21 even better would be a checkpath helper 2017-05-13 16:54:23 ;p 2017-05-13 16:54:33 so it’s even in English, then I really don’t understand counter-productive 2017-05-13 16:54:34 Agreed, that's what I do in my scripts. 2017-05-13 16:54:56 Counter-productive is against productivity, not the diametric oppositie of productive. 2017-05-13 16:55:01 aha 2017-05-13 16:55:17 At least that's my understanding of it. 2017-05-13 16:56:09 loosely counter ~= against, contra ~= opposite 2017-05-13 16:56:43 and against ~= opposing, so it's less than clear in some cases. 2017-05-13 16:57:14 But that's advanced semantics extraction for NLP, not Alpine build systems ;) 2017-05-13 16:59:10 Shiz: What would you say to helping to define a set of appropriate helpers and putting them in a single common location for use by all alpine scripts? 2017-05-13 17:00:15 File/directory check/create/delete, archive handling, url handling, and apk helpers? 2017-05-13 17:00:30 i don't think it's generally needed 2017-05-13 17:01:17 i am way of a 'libalpine' as it would just devolve into being the kitchen sink 2017-05-13 17:01:19 wary* 2017-05-13 17:01:31 afk 2017-05-13 17:03:48 Nearly every script needs some subset of the functionality, usually it ends up being reimplemented in each one. 2017-05-13 17:04:00 See msg/warn/error etc. 2017-05-13 17:04:37 Also file/dir checks are often done wrong, checking for existence, but not readablity for instance. 2017-05-13 17:06:26 So having a consistent, known correct (or at least meeting tests), clear, and common set of utilities would reduce errors, improve readability, and make debugging much easier. 2017-05-13 17:15:16 We can unit-test and regression-test individual utilities for correct behavior, while testing the scripts is much more difficult. 2017-05-13 17:19:22 "file_is_readable "$file" || fail "Can't read '$file'" or "file_is_readable "$file" || cat "$file.example" | sed ... > "$file"" 2017-05-13 17:56:57 https://github.com/alpinelinux/aports/pull/1325 updated and actually working this time :) 2017-05-13 18:24:52 Hmm, working out the math on deps leads to the conclusion that we really need a way of distinguishing cyclic dependencies from mutual-inclusion dependencies semantically. 2017-05-13 18:26:49 if packages a,b,c are all mutually interdependent, there needs to be a way of distinguishing that from the case where package a requires package b to install, which requires package c to install, which in turn requires package a, thus can not be successfully installed (aka: bootstrapping required) 2017-05-13 18:29:34 ls 2017-05-13 18:30:53 bin boot dev etc home lib lost+found mnt opt proc root run sys tmp usr var 2017-05-13 18:31:16 Semantically, it may make sense to have the first case use a self-reference to indicate an inclusive set (a:a,b,c b:b,a,c c:c,a,b) 2017-05-13 18:31:29 *lol* skarnet 2017-05-13 18:31:42 TemptorSent: what you want is different sets of dependencies: install-time and run-time 2017-05-13 18:31:44 skarnet: thanks. 2017-05-13 18:32:51 skarnet: Not necessarily, but that is one case. 2017-05-13 18:33:21 well those are different kinds of dependencies, that must be addressed separately, so they need to be in the tool anyway 2017-05-13 18:34:02 and bootstrapping should be solved at package creation time, the tool doesn't have to handle it 2017-05-13 18:34:24 i.e. if your packages have circular deps, you packaged them wrong 2017-05-13 18:34:38 The ability to explicitly specify mutual dependency eliminates all semanticly acyclic cycles 2017-05-13 18:35:46 A good example is one component of package a depends on a component in package b, while a component in package b depends on a component in package a. 2017-05-13 18:36:19 packages a and b suck, send hate mail to their maintainer 2017-05-13 18:36:24 Rather than a:b, b:a we'd use a:a,b b:b,a 2017-05-13 18:37:04 having to handle connex components in the tool rather than single packages is a choice, but it adds a lot of complexity 2017-05-13 18:37:09 better solve this at packaging time 2017-05-13 18:37:44 If possible, yes, but sometimes the complexity of doing so is absurd. 2017-05-13 18:38:42 well if you want to be able to bootstrap all your software, you need to do so anyway 2017-05-13 18:38:49 Drivers with both userspace and kernel components that must match for instance. 2017-05-13 18:39:34 wrong example: userspace always depends on kernelspace, never the other way around 2017-05-13 18:40:01 Okay, so when you add one, what happens to the other? 2017-05-13 18:40:34 if you add kernelspace, nothing happens and you don't get the functionality. If you add userspace, you pull kernelspace. 2017-05-13 18:40:46 why isn't that obvious? 2017-05-13 18:41:28 Yeah, and not terribly helpful when you want to pull in both the kernel module and firmware for it. 2017-05-13 18:41:50 You need both for it to work, and neither one makes sense without the other. 2017-05-13 18:41:58 sigh. firmware is different, it's morally kernelspace, it goes with the kernelspace module. 2017-05-13 18:42:06 Again, this should be obvious. 2017-05-13 18:42:17 Yeah, too bad it doesn't actually work that way. 2017-05-13 18:42:49 It's a messy mixed bag at the boundary of kernelspace/userspace 2017-05-13 18:42:52 well, if we're the packagers, we're the ones who can choose the way to make it work 2017-05-13 18:44:06 Maybe, but not necessarily cleanly in some cases. 2017-05-13 18:44:08 and I'm going to leave before you're tempted to splain me how the boundary between userspace and kernelspace works, so I won't have to be unpleasant. 2017-05-13 18:44:14 Have a nice evening! 2017-05-13 18:45:29 *facepalm* Never fear, reality will never bite us in the ass with a true mutual dependency! 2017-05-13 18:46:46 And set theory is wrong about what constitutes a NP-complete problem vs. one that can be solved in linear time too, right? 2017-05-13 18:47:47 Explicit constraints = bounded time, otherwise, it's NP 2017-05-13 18:49:33 Why do I even waste my time trying to solve real problems when handwaving and pretending they never exist works so well? 2017-05-13 18:49:36 i'm totally fine with not catering to mutual dependencies 2017-05-13 18:50:33 Shiz: Can you build a near-linear time dep solver that can handle the short-cycle deps we have now? 2017-05-13 18:51:08 i don't see how that relates to me being fine with not catering to mutual dependencies 2017-05-13 18:51:12 Because SAT is bloody slow and degrades to exhaustive search of the space precicely because of unbounded cycles. 2017-05-13 18:52:40 Currently, there is no semantic difference between a valid loop in the dep chain resulting in all deps being pulled and one in which it should fail. 2017-05-13 18:53:41 clearly if i don't care about mutual deps, no loop is valid 2017-05-13 18:53:45 (often seen with some package requiring another package for an optional tool like TeX 2017-05-13 18:54:13 Okay, then we've got some serious problems in the current dep handling then I believe. 2017-05-13 18:54:47 i wouldn't be surprised if we did :P 2017-05-13 18:54:57 If every package can have its deps described as a DAG, we're good. 2017-05-13 18:55:07 but my opinion is not necessarily those of the apk-tools authors 2017-05-13 18:55:18 or of the other alpine devs 2017-05-13 18:55:35 I'm looking at it from the standpoint of mathmatical consistency. 2017-05-13 18:56:03 We can make certain guarentees with a DAG that we can't make with the possibility of cycles. 2017-05-13 18:57:09 i believe that dependency management shouldn't have cycles 2017-05-13 18:57:11 And we can tightly bound the number of itterations. 2017-05-13 18:57:21 however 2017-05-13 18:57:23 what we can do 2017-05-13 18:57:45 is optional dependencies that may incur cycles 2017-05-13 18:57:49 and are deselected when they do 2017-05-13 18:58:13 for instance: 2017-05-13 18:58:41 clang libc++abi relies on libc++ (without libc++abi support enabled) for whatever reason 2017-05-13 18:58:49 That would be a viable solution, and would allow the creation of a complete DAG from the runs. 2017-05-13 18:58:54 libc++ can (and in end-deployments, should) rely on libc++abi 2017-05-13 18:59:12 so libc++abi would be an optional dependency of libc++, allowing both to work 2017-05-13 18:59:27 First run creates the DAG with no optional deps, second run roots subtrees at each optional edge source. 2017-05-13 18:59:43 it's probably better to discuss this with fabled/kaniinii btw 2017-05-13 19:00:07 Yes, been working on it slowly when I can catch them. 2017-05-13 19:00:59 but the libc++abi may be a different issue entirely since that's about run vs build deps too 2017-05-13 19:01:24 Currently, I'm more after the underpinnings for the data structures so we can represent the DAGs as a hedge (set of intergrown trees) 2017-05-13 19:02:39 As long as we can differentiate the edges based on the dep type, itterative growth and pruning is a reasonably easy approach for even complex deps. 2017-05-13 19:03:14 Goes from linear to O(Nlog2N) IIRC. 2017-05-13 19:04:43 I want to build a toolbox that we can use for many tasks rather than a single-purpose. 2017-05-13 19:07:02 One is a minimal graph-structured database, another is a dep-solver using such database, another is a hashing/manifesting tool using the same graphdb tool to relate individual files to a given apk/package 2017-05-13 19:07:49 Add the pax archiver, url handling, and signature functions, and you have APK 2017-05-13 19:08:18 But also many generally useful tools. 2017-05-13 19:10:32 Anyway, I need to get out and work in the garden a bit, then get my mining equipment ready for the season since the snow's finally melting off up towards my claims. 2017-05-13 19:14:24 gl 2017-05-13 19:48:16 yeah, APK, just with infinity higher complexity… omfg 2017-05-13 20:04:55 jirutka: Higher complexity? Have you read the source for apk? 2017-05-13 20:06:47 What became of the unix philosophy to create, small, narrow scope, general purpose tools and use them together to accomplish tasks? 2017-05-13 20:07:40 If apk 3 is as hard to follow in the code as apk 2, it's not much of an improvment IMHO 2017-05-13 21:04:43 TemptorSent: Most people doesn't seem to understand the UNIX philosophy, not that part of it anyway. Which is really sad for the rest of us. =/ 2017-05-13 21:15:45 nidan_: I actually understand the Unix philosophy quite well 2017-05-13 21:33:38 somebody got an idea how i can solve "PHP Notice: iconv(): Wrong charset, conversion from `UTF-8' to `ASCII//TRANSLIT' is not allowed" on alpine? 2017-05-13 21:37:53 mosez: ah, you’re trying to solve my looong list of failing php tests? :) 2017-05-13 21:38:17 jirutka: i'm trying to build owncloud api docs on my alpine docker image :D 2017-05-13 21:38:24 eh, aha 2017-05-13 21:39:11 well, then I have bad news, this is one of many problems that fail in tests… https://github.com/alpinelinux/aports/blob/master/community/php7/disabled-tests.list 2017-05-13 21:39:20 I don’t know how to solve it 2017-05-13 21:43:09 awesome... looks like i'm forced to use an ubuntu image like the guys before me :( 2017-05-13 21:43:42 or figure out how to fix it ;) 2017-05-13 21:44:12 i really would like to, but i need these docs 2017-05-13 21:45:12 mosez: musl iconv does not support //TRANSLIT 2017-05-13 21:45:18 so if your php app uses that, that's the problem 2017-05-13 21:45:29 patch it to not to 2017-05-13 21:45:31 :P 2017-05-13 21:54:25 shiz: it's not my app... it's phpdocumentor 2017-05-13 21:54:53 god i really hate to work with php 2017-05-13 21:54:58 https://github.com/phpDocumentor/phpDocumentor2/blob/68cf85e30aab12ce27bb8889f765f14705b2f7b9/src/DomainModel/Renderer/Router/Rule.php#L102 2017-05-13 21:55:20 you can choose to not load the php7-iconv package 2017-05-13 21:55:22 avoids that 2017-05-13 21:55:39 i'm downloading the phpdocumentor.phar because of no package for it :) 2017-05-13 21:56:15 maybe spmething i should try :( 2017-05-13 22:13:03 jirutka: just a guess without knowing further details, maybe some locales like https://github.com/rilian-la-te/musl-locales helps on that? idk... 2017-05-13 22:13:48 hm, WDYT Shiz ? 2017-05-13 22:14:15 it doesn't 2017-05-13 22:14:25 this is just musl's iconv() implementation, mostly unrelated to the other locale stuff 2017-05-13 22:14:29 it does not do //TRANSLIT on purpose 2017-05-13 22:15:07 but can it help with other locale issues on musl? 2017-05-13 22:18:32 some minor ones, i think 2017-05-13 22:21:01 so building the php ext against gnu-libiconv solves the issues with php? :) 2017-05-14 00:29:58 https://github.com/alpinelinux/aports/pull/1443 2017-05-14 00:30:03 can anyone experienced with pam look at this? 2017-05-14 00:30:05 cc kaniini ncopa 2017-05-14 02:09:01 mosez: i mentioned the translit issue to dalias in #musl iirc the proper fix is to fix the php app 2017-05-14 02:09:42 might be if many enough ask for it that they will consider add it to musl 2017-05-14 02:09:47 ;) 2017-05-14 02:42:24 Shiz: any reason you don't have pam_wheel in there too? 2017-05-14 02:42:34 Shiz: otherwise lgtm 2017-05-14 02:42:49 Shiz i rather take a sledgehammer to PAM 2017-05-14 02:42:50 isn't wheel more of a sudo thing? 2017-05-14 02:43:04 kaniini: likewise, but we have a real usecasei n the bugtrackre who's hindered by this 2017-05-14 02:43:06 :P 2017-05-14 02:43:23 awilfox: or rather, doesn't wheel say who can su in the first place? 2017-05-14 02:43:26 if i'm getting this right 2017-05-14 02:43:57 it seems fine to me 2017-05-14 02:45:27 i can add pam_wheel too 2017-05-14 02:47:50 >The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group. 2017-05-14 02:47:55 i'm not sure if that's a good idea 2017-05-14 02:48:01 for su 2017-05-14 02:48:22 but i guess auth required's stack, so that should be fine 2017-05-14 02:50:34 mm idk, i don't have a strong opinion on adding pam_wheel 2017-05-14 02:52:45 btw, how do i assign bugs to myself on the bug tracker? 2017-05-14 03:09:53 someone will have to give you that permission in it 2017-05-14 03:12:32 Shiz: the idea is something like auth required pam_wheel.so 2017-05-14 03:12:40 Shiz: then `su` doesn't work for non-wheel users 2017-05-14 03:12:49 yeah but i'm not sure if that's a good idea 2017-05-14 03:12:51 Shiz: it still requires a password, it just fails before asking the password if you aren't already in wheel 2017-05-14 03:12:55 it's a change from the default busybox su we install 2017-05-14 03:13:07 yeah i figured that part out in the meantime :P 2017-05-14 03:13:13 busybox su doesn't do that? okay, I guess it makes sense to mimic it then. 2017-05-14 05:28:15 kaniini: When you get a chance, please take a look at http://pastebin.com/LJKbCPV9 2017-05-14 05:28:36 s/http/&s/ 2017-05-14 05:29:48 Let me know if that makes any sense. 2017-05-14 06:30:14 seems okay 2017-05-14 06:30:21 i dont see anything blatantly wrong 2017-05-14 12:04:34 when did we add pc: deps to apk? 2017-05-14 12:05:27 it seems xcb-utils may need a rebuild to expose its pc: provides 2017-05-14 12:07:09 ah, here: https://git.alpinelinux.org/cgit/abuild/commit/abuild.in?id=2f5ef7e2fa6acb03ffb1ed3d372e0945816c8fa4 2017-05-14 12:07:33 can xcb-utils be relbumped/rebuilt so that its pkg-config provides work and https://github.com/alpinelinux/aports/pull/1430 can be merged? 2017-05-14 13:13:45 <^7heo> moin 2017-05-14 14:53:06 Mornin' 2017-05-14 14:54:53 kaniini: Thanks :) Now my only big missing link is how apk's solver actually resolves its deptrees. 2017-05-14 17:37:56 kaniini: Also, any thoughts on handling of valid codependencies (which appear to result in cycles currently)? 2017-05-14 20:13:00 Shiz: re pr 1430: should I send a xcb-utils pkgrel bump under the same pr? 2017-05-14 20:13:39 yeah that's fine 2017-05-14 20:13:42 i just won't be able to merge it for you 2017-05-14 20:13:49 because i've got no main/ access :P 2017-05-14 22:54:31 jirutka: ping 2017-05-14 22:57:09 Shiz: I agree with kaniini: "i rather take a sledgehammer to PAM" 2017-05-14 22:58:05 not what i was pinging you for 2017-05-14 22:58:07 :P 2017-05-14 22:58:09 but duly noted 2017-05-14 22:58:58 Shiz: "The pam_wheel PAM module is used to enforce the so-called wheel group." … wtf? wheel group is usually used to allow its members to sudo root… but with sudo, no with some automagic fucker 2017-05-14 22:59:52 ... the point is that pam_wheel is used together with su 2017-05-14 22:59:57 : "Shiz: it still requires a password, it just fails before asking the password if you aren't already in wheel" … and what the heck is the purpose? o.O 2017-05-14 22:59:58 nothing automagic about that 2017-05-14 22:59:59 anyway 2017-05-14 23:00:14 jirutka: wheel vastly predates sudo 2017-05-14 23:00:31 its original purpose was to group the normal users who were even allowed to su root in the first place 2017-05-14 23:00:51 they would still needs the root pw, but other users would be rejected entirely, valid root password or not 2017-05-14 23:00:53 ANYWAY 2017-05-14 23:00:58 jirutka: could you look at this? https://github.com/alpinelinux/aports/pull/1511 2017-05-14 23:01:12 : "when did we add pc: deps to apk?" … what do you mean? these are usually autodetected 2017-05-14 23:01:26 my question was when that autodetection was added 2017-05-14 23:01:29 the answer was somewhere in 2015 2017-05-14 23:12:52 responded to remarks 2017-05-14 23:12:59 and fixed some 2017-05-14 23:13:31 jirutka: pkgver is overridden in quite some apkbuilds 2017-05-14 23:13:33 it seems 2017-05-14 23:13:41 for example? 2017-05-14 23:14:09 hmm, trying to find it 2017-05-14 23:14:12 maybe i just had a faulty grep 2017-05-14 23:15:24 jirutka: main/libc0.9.32 2017-05-14 23:15:51 line 5 and 91 2017-05-14 23:16:35 snapshot function is not a split function 2017-05-14 23:16:45 oh, what is it? 2017-05-14 23:17:59 it seems that unfortunately yet another undocumented :/ 2017-05-14 23:18:30 this function is used to create a snapshot file to be deployed to distfiles.a.o 2017-05-14 23:18:59 heh 2017-05-14 23:19:11 well I'll say that setting pkgver in the subpkg doesn't seem to break in practice 2017-05-14 23:19:14 (nor do I see why it should) 2017-05-14 23:19:51 for example when upstream is idiot and doesn’t provide any release tarballs, not using any normal repository that provides this feature, and the only option is to clone from git or other repo, then you may use snapshot to create snapshot of the repo and deploy it to our distfiles, to ensure reproducible builds 2017-05-14 23:20:33 another example is when upstream is retarded and removes older releases right after releasing new version 2017-05-14 23:21:12 I’d prefer to ask fabled about it 2017-05-14 23:21:25 about pkgver in split func 2017-05-14 23:22:35 sure 2017-05-14 23:34:40 imo it’d be better to just use the llvm’s version 2017-05-14 23:34:48 but that'd be incorrect 2017-05-14 23:34:50 or create a separate abuild for it 2017-05-14 23:35:58 i donjt think so, it’s from release tarball 4.0.0, isn’t it…? 2017-05-14 23:36:33 isn’t there a separate tarball for it…somehwere…? 2017-05-14 23:37:46 i need to go sleep 2017-05-14 23:37:58 jirutka: there's no separate tarball, but it has its own version 2017-05-14 23:38:00 in setup.py 2017-05-14 23:38:03 it's not version 4.0.0 2017-05-14 23:38:07 it's version 0.6.0 2017-05-14 23:38:21 $ lit --version 2017-05-14 23:38:23 lit 0.6.0dev 2017-05-14 23:43:28 Shiz: btw do you know that you should check libraries being upgrade for so version changes…? 2017-05-14 23:44:17 Shiz: when so version is bumped and there are some ABI breakages, then all dependent pkgs must be rebuilt 2017-05-14 23:44:33 jirutka: eyes 2017-05-14 23:44:34 yes* 2017-05-14 23:44:39 the travis output tells you, right 2017-05-14 23:44:47 Shiz: it’s printed at the end of build on Travis; but it’s very stupid, just diff 2017-05-14 23:44:51 yeah 2017-05-14 23:45:22 i check 3 things for small PRs: 2017-05-14 23:45:26 1) if the apkbuild changes are sensible 2017-05-14 23:45:28 2) if the build succeeds 2017-05-14 23:45:36 3) if the build file list doesn't change in a bad way 2017-05-14 23:45:40 4) if there are no soname bumps 2017-05-14 23:45:42 :P 2017-05-14 23:45:44 sorry, 4 things 2017-05-14 23:46:01 is tmpfile here? 2017-05-14 23:47:52 i haven't seen them here 2017-05-14 23:47:58 jirutka: also check out the immense size of the libc++ testsuite 2017-05-14 23:48:06 -- Testing: 5726 tests, 4 threads -- 2% [====---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 2017-05-14 23:48:08 ETA: 00:22:30 2017-05-14 23:50:54 jirutka: found ab etter way to solve the c++abi situation 2017-05-14 23:51:03 there's an option in the libc++ build system to statically embed libc++abi 2017-05-14 23:51:16 as it comes from the same pkg anyway, and we already need it to make -static work at all 2017-05-14 23:51:26 makes no sense to even expose libc++abi as a package 2017-05-14 23:51:29 nothing else uses it 2017-05-14 23:54:34 Shiz: this may come handy now: https://github.com/alpinelinux/aports/pulls?utf8=%E2%9C%93&q=is%3Apr%20is%3Aopen%20-label%3AP-low (filters out P-low) 2017-05-14 23:55:08 thanks :P 2017-05-14 23:55:24 could you review toilet btw? 2017-05-14 23:55:27 i can't review my own prs ;) 2017-05-14 23:55:46 I hope that he will get tired soon… this is not very helpful now, when we’re right before branching v3.6 :/ 2017-05-14 23:55:55 not now, I need to go sleep 2017-05-14 23:56:04 okay np 2017-05-15 00:03:11 asking me to use barely documented features, now :P 2017-05-15 00:07:00 ? 2017-05-15 00:07:22 snapshot() is not really meant for what you propose 2017-05-15 00:07:27 it's meant to create stable tarballs from svn/git repos 2017-05-15 00:07:35 not to deal with flaky often-down upstream servers 2017-05-15 00:07:37 or from flanky source 2017-05-15 00:07:41 as i understand it 2017-05-15 00:07:47 i mean, this still won't work at all 2017-05-15 00:07:51 the problem is how to update such abuild…? 2017-05-15 00:08:02 if the upstream is down when it creates the snapshot 2017-05-15 00:08:07 then bad luck 2017-05-15 00:08:09 well, toilet hasn't seen a new release in 5+ years 2017-05-15 00:08:12 i wouldn't hold my horses 2017-05-15 00:08:14 :P 2017-05-15 00:08:15 aha 2017-05-15 00:08:34 at least there should be strong comment why it is used 2017-05-15 00:08:58 sure, that's fair 2017-05-15 00:08:59 really need to go sleep now 2017-05-15 00:09:01 gn 2017-05-15 00:09:03 also go to bed you 2017-05-15 00:09:05 yes 2017-05-15 00:09:07 night :) 2017-05-15 00:10:26 Shiz: btw I have special mission for you… don’t let anyone to branch v3.6 before moving ghc to community :P https://github.com/alpinelinux/aports/pull/1450 2017-05-15 00:10:35 :P 2017-05-15 00:10:47 i'll do my gambatte 2017-05-15 00:11:15 unfortunately i can’t do it myself, cause it requires some special procedure 2017-05-15 00:11:21 (moving it to community) 2017-05-15 00:11:49 yeah, build server bootstrap stuff 2017-05-15 00:11:51 also it’d be great to figure out how to build rust for the rest of arches :) 2017-05-15 00:11:51 i saw before 2017-05-15 00:12:32 i don't think it'll be very different 2017-05-15 00:12:38 we just need bootstraps, which should be easy now 2017-05-15 00:12:47 i'll take a look at it... later 2017-05-15 04:51:52 ncopa : The last package can't be built on s390x is community/tg. I tried to debug it during the weekend but still can't figure it out. Bet we disable it for now for rc1. ioping is pending : https://github.com/alpinelinux/aports/pull/1399 2017-05-15 06:48:04 Hello 2017-05-15 06:52:51 I have been working on a way to build PyPy and managed to have a set of steps to do it properly. I wanted to ask you what are the steps for me to take to publish this to your repository? 2017-05-15 06:53:18 Does this link: https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package provide everything, including building PyPy? 2017-05-15 06:58:19 I am thinking that when an user issues the command: apk add pypy, they will download and use the pre-build version for PyPy, and not compile everything from scratch. 2017-05-15 07:39:49 mihnea: yes 2017-05-15 07:40:16 we use APKBUILDs, and our build servers use that to create binary packages 2017-05-15 08:05:11 Shiz: Thank you ,I will start working on this and keep everyone up to date 2017-05-15 08:05:39 once you feel like you have worked, feel free to submit a PR to the aports repository and we'll check it out :) 2017-05-15 08:06:03 s/worked/it worked out/ 2017-05-15 08:33:56 fabled: kaniini: would an option to not run check() in fakeroot in abuild be welcome? 2017-05-15 08:34:09 it seems for some packages testsuites don't need to be ran as root and fail because of fakeroot's extra leniency 2017-05-15 08:34:23 something like options="!checkroot" 2017-05-15 17:53:29 seems rdiff-backup/librsync-2.0.0 in alpine is affected by this https://bbs.archlinux.org/viewtopic.php?id=207080 2017-05-15 17:53:45 rdiff-backup[12836]: segfault at f23d95aa0ec ip 00007080507109ea sp 00007389f31183a0 error 4 in librsync.so.2.0.0[70805070a000+20e000] 2017-05-15 18:01:32 seems to be fixed upstream but not included in a release as of yet 2017-05-15 18:04:02 HRio: could you backport the patch that fixes this error? 2017-05-15 18:14:22 jirutka: Will see if I I have time tonight. 2017-05-15 19:21:42 jirutka: upstream/master solves the segv https://github.com/HRio/aports/tree/librsync-segv will try to find the relevant commits to backport 2017-05-15 19:59:10 jirutka: https://github.com/alpinelinux/aports/pull/1514 2017-05-15 23:24:05 jirutka: https://github.com/alpinelinux/aports/pull/1511 2017-05-15 23:24:13 better version of the libc++ apkbuild :) 2017-05-15 23:36:58 Shiz: does it still depend on libgcc? 2017-05-15 23:37:10 no 2017-05-15 23:37:19 it depends on llvm-libunwind though 2017-05-15 23:37:44 gcc-less system \o/ 2017-05-16 00:07:36 jirutka: thanks for the comments, updated 2017-05-16 00:07:44 note that the travis build will fail regardless because of llvm time limit 2017-05-16 00:07:45 :P 2017-05-16 00:10:34 I said short note XD 2017-05-16 00:10:41 but okay :) 2017-05-16 00:11:03 eh, i think this explains the situation a bit better 2017-05-16 00:11:09 also why we don't package libc++abi :) 2017-05-16 00:11:19 because someone may wonder that as well 2017-05-16 00:11:29 aha 2017-05-16 00:14:48 Shiz: look what I found https://pypi.python.org/pypi/lit/ ;) 2017-05-16 00:15:08 that's outdated though 2017-05-16 00:15:11 0.5.0 :p 2017-05-16 00:15:12 unfortunately there’s no 0.6.0, so they apparently don’t care about it :( 2017-05-16 00:15:28 LLVM upstream is horrible :( 2017-05-16 00:19:35 yeah 2017-05-16 00:19:44 well at least now we know separate pkgver is fine 2017-05-16 00:19:45 ;p 2017-05-16 00:41:42 Shiz: I’m curious how have you managed to build it 2017-05-16 00:41:51 ’cause we don’t have llvm-libunwind 4.0.0… 2017-05-16 00:42:04 oh? 2017-05-16 00:42:09 it’s 3.9 2017-05-16 00:42:14 we have added this pkg for rust 2017-05-16 00:42:19 and rust builds with llvm3.9 2017-05-16 00:42:38 I’m not entirely sure if we can mix llvm3.9 and llvm-libunwind 4.0 2017-05-16 00:42:39 how curious... 2017-05-16 00:42:48 should be able to 2017-05-16 00:42:52 llvm libunwind is standalone 2017-05-16 00:42:59 it doesn't hook into llvm or anything 2017-05-16 00:43:01 afaik 2017-05-16 00:43:31 jirutka: thanks for notifying 2017-05-16 00:43:44 it looks like my builder had a llvm-libunwind*.apk left over from when i tested upgrading it 2017-05-16 00:43:46 but srsly, how have you built it? :) 2017-05-16 00:43:49 aha 2017-05-16 00:44:22 i'll upgrade it and add the commit... 2017-05-16 00:44:34 sorry about that 2017-05-16 00:45:37 I’ve pushed you something :P 2017-05-16 00:47:39 jirutka: i can do you better 2017-05-16 00:47:41 :P 2017-05-16 00:47:53 ? 2017-05-16 00:48:23 hm, setup.py commands 2017-05-16 00:48:36 jirutka: $ python2 utils/lit/setup.py --version 2>/dev/null | sed -e 's/\.dev.*$//' 2017-05-16 00:48:37 0.6.0 2017-05-16 00:48:39 :) 2017-05-16 00:49:00 well, that’s how it looks when your faviourite hummer is sed… 2017-05-16 00:49:26 but then I realized that it’ll be easier to evaluate it in python then replacing ", " with dots etc. 2017-05-16 00:49:45 and forgot to reevaluate my approach 2017-05-16 00:50:16 fell free to replace it with your simpler solution ;) just remove redundant "-e" 2017-05-16 00:50:55 s/hummer/hammer/ 2017-05-16 00:50:58 I should go sleep:) 2017-05-16 00:52:33 naito 2017-05-16 00:52:46 jirutka: upgraded llvm libunwind to 4.0.0 2017-05-16 00:52:50 it rmeoves a bunch of our old hacks :) 2017-05-16 00:53:11 now we have to rebuild rust 2017-05-16 00:53:28 yeah 2017-05-16 00:53:33 i'll add a rebuild rust to that PR too 2017-05-16 00:53:34 :P 2017-05-16 00:53:55 what hacks? 2017-05-16 00:54:23 that one for building both static and shared lib? 2017-05-16 00:54:58 yes 2017-05-16 00:55:12 they finally provide some option to build both? 2017-05-16 00:56:28 yes it's just enable_shared=on 2017-05-16 00:56:32 it will also built static :) 2017-05-16 00:56:55 great! 2017-05-16 00:57:04 i didn’t like that ugly hack I made 2017-05-16 00:57:09 :P 2017-05-16 00:57:19 sleep, gn :) 2017-05-16 00:58:11 jirutka: ok to build libunwind with clang? 2017-05-16 00:58:13 sure gn 2017-05-16 00:58:18 mitchty: please take a look at https://github.com/alpinelinux/aports/pull/684#commits-pushed-22e4594 2017-05-16 00:58:32 Shiz: hmm… there’s some problem in clang on x86 2017-05-16 00:58:38 oh okay 2017-05-16 00:58:40 i'll omit that then 2017-05-16 00:58:48 libc++ does need to be built with clang 2017-05-16 00:58:51 Shiz: I’ve probably somehow screwed it when updating patches 2017-05-16 00:58:51 you get nasty stuff otherwise 2017-05-16 01:00:14 jirutka: btw i don't think there's an soname bump in libunwind 2017-05-16 01:00:21 so a rust rebuild won't be needed 2017-05-16 01:00:35 or did it statically embed libuwnind... 2017-05-16 01:00:44 probably both… 2017-05-16 01:00:52 cause it depends on libunwind-dev in runtime 2017-05-16 01:01:03 have you verified if the ABI is the same? 2017-05-16 01:01:15 tbh I’d not trust sonames in the case of LLVM… 2017-05-16 01:01:38 yeah i think itembeds stuff anyway 2017-05-16 01:01:40 i'll bump it 2017-05-16 10:27:04 ^7heo seems you are maintainer of community/gogs, there is new version available, 0.11.4. care to bump it? 2017-05-16 10:27:09 apkbuild might need refactor... 2017-05-16 10:29:00 <^7heo> ncopa: it's been taken care since the abump 2017-05-16 10:29:08 <^7heo> not comitted tho 2017-05-16 10:29:28 <^7heo> because I have unanswered questions 2017-05-16 10:30:07 <^7heo> also I have big issues with my VPS atm; so no time for that now 2017-05-16 10:30:12 ok 2017-05-16 10:30:33 <^7heo> I'll ask the questions again later 2017-05-16 11:00:35 seems like go 1.8.1 fails on aarch64 2017-05-16 12:27:28 jirutka: it lies? 2017-05-16 12:27:34 Shiz: yes 2017-05-16 12:28:06 no, it seems correct 2017-05-16 12:28:12 what it does use is LLVM_CONFIG_PATH 2017-05-16 12:28:14 :) 2017-05-16 12:28:17 Shiz: every LLVM project that links with LLVM accepts configuration option LLVM_CONFIG 2017-05-16 12:28:34 hm, so they renamed it just for libunwind? that’s strange… 2017-05-16 12:28:42 https://github.com/llvm-mirror/libunwind/blob/master/CMakeLists.txt#L21 2017-05-16 12:28:59 hm, aha 2017-05-16 12:29:11 LLVM team doesn’t respect consistency… 2017-05-16 12:29:13 I'll change it 2017-05-16 12:29:17 okay, then please rename it 2017-05-16 12:31:03 -DLLVM_CONFIG_PATH="/usr/lib/llvm$_llvmver/bin/llvm-config" \ 2017-05-16 12:31:06 :) 2017-05-16 12:32:07 jirutka: hmm 2017-05-16 12:32:16 we may want to require clang for compilation either way 2017-05-16 12:32:23 so libunwind can be linked against compiler-rt... 2017-05-16 12:32:26 well, optimisation for later 2017-05-16 12:33:59 pushed the changes 2017-05-16 12:36:11 jirutka: also gonna push an extra patch for non-exec stack 2017-05-16 12:36:22 Shiz: https://github.com/alpinelinux/aports/commit/6245e20b52907a0efb44bf38c97e52d0bfe6ffc3 2017-05-16 12:36:46 jirutka: i already fixed that 2017-05-16 12:36:47 in the latest push 2017-05-16 12:36:49 :P 2017-05-16 12:36:53 okay 2017-05-16 12:37:18 it seems libunwind relies on __GNU__ | __APPLE__ | __FreeBSD__ | ... to set a nonexecstack 2017-05-16 12:37:20 Shiz: "so libunwind can be linked against compiler-rt" – what’s the benefit? 2017-05-16 12:37:20 :/ 2017-05-16 12:37:32 jirutka: gcc/gnu-less llvm stack 2017-05-16 12:37:42 else it would link against -lgcc_s 2017-05-16 12:39:55 compare size of the resulting static binary when compiled with clang and gcc; IIRC i’ve tried to compile it with clang, but for some reason switched it back, maybe it increased binary size; I really don’t remember and I haven’t dropped any comment about it, so probably just mixed memories, but pls check it out when switching to clang ;) 2017-05-16 12:40:22 maybe it was just difference between size of libunwind and llvm-libunwind 2017-05-16 12:44:04 https://github.com/alpinelinux/aports/pull/1511/commits/5f3da378ae06103f8d37b58decc6a854824d7911 2017-05-16 12:44:06 there 2017-05-16 12:44:22 now libunwind has a proper noexecstack 2017-05-16 16:36:26 <^7heo> Damn 2017-05-16 16:36:38 <^7heo> Some bs script kiddie on #alpine-linux 2017-05-16 16:37:21 <_ikke_> I see 2017-05-16 16:37:41 <^7heo> I got some DCC pen attempts 2017-05-16 16:37:56 <_ikke_> right 2017-05-16 18:18:00 https://a.doko.moe/bwcvwh.jpg - alpine team, reading latest CVE announcements 2017-05-16 18:19:38 <_ikke_> lol 2017-05-16 18:21:31 ? 2017-05-16 18:21:35 what specifically? 2017-05-16 18:21:42 lel 2017-05-16 18:21:47 kek 2017-05-16 18:21:58 https://a.doko.moe/koqoqv.jpg - jirutka at github PR review 2017-05-16 18:22:17 btw this is funny: “Elastic is now a CNA, assigning CVE IDs for its own products. Read the complete announcement at…” … so their products are so vulnerable, that they need their own CNA? XD 2017-05-16 18:22:33 that Elastic from ElasticSearch? 2017-05-16 18:22:38 yis 2017-05-16 18:22:48 I know Krteček, but what’s about latest CVE announcements? o.O 2017-05-16 18:23:24 jirutka: it seems that skrzyp is creating Alpine memes :p 2017-05-16 18:23:31 aha 2017-05-16 18:25:09 it’s very sad that when I see Krteček in international context, the first thing that come to my mind is our fucking president pushing us to the China’s ass… :( 2017-05-16 18:25:22 XD 2017-05-16 18:25:47 http://cdn.i0.cz/src/public-data/f8/5c/917c8c183ab191d20224f15b654f_base_optimal.jpg :( 2017-05-16 18:26:12 he ruins our culture 2017-05-16 18:26:18 for me Krtecek is just Krtecek -- first known badass in my life, before Rambo XD 2017-05-16 18:26:19 https://a.doko.moe/dusjgy.jpg - #alpine-* irc when ^7heo rants about everything xD 2017-05-16 18:26:26 http://www.lisa-prosch.de/wp-content/uploads/2010/04/krtek13.jpg 2017-05-16 18:26:42 let's move to -offtopic maybe :x 2017-05-16 18:26:51 can we keep this stuff for offtopic? 2017-05-16 18:27:28 jirutka: can we merge pr 1430? 2017-05-16 18:30:36 scadu: I’m not sure… has Krteček approved it? :P 2017-05-16 18:30:58 btw m4 is quite surely also unused 2017-05-16 18:32:19 jirutka: it didn't build without m4, but I might check once again if needed 2017-05-16 18:32:36 I also prepare i3-gaps, but probably would be best to merge i3 first 2017-05-16 18:32:59 cool m4 m8 2017-05-16 18:33:11 I saw that skrzyp was working on -gaps, but it wasn't merged yet 2017-05-16 18:42:16 yeah, I stopped using tatra linux in favor or nothing linux 2017-05-16 18:42:24 so the i3 wasn't needed 2017-05-16 18:44:09 lol 2017-05-16 18:44:58 but not surprised, Nad Tatrou sa blýská! XD 2017-05-16 18:45:28 yeah 2017-05-16 18:45:46 even in Cracow we had some thunderstrikes today 2017-05-16 18:46:11 it’s sunny in Prague now :) 2017-05-16 18:46:26 get your clouds back 2017-05-16 18:46:34 I’d like to… 2017-05-16 18:46:49 ding ding ding, we are on -devel. let's try to stick the topic :< 2017-05-16 18:47:04 or just spam on -offtopic :P 2017-05-16 18:47:25 > scadu 2017-05-16 18:47:28 > keeping on topic 2017-05-16 19:12:47 skrzyp, no compelling but would it be possible to have a look at 2017-05-16 19:12:48 https://wiki.alpinelinux.org/wiki/Aports_what_is_edge 2017-05-16 19:12:48 and see if some interesting can be cooked for illustrations. 2017-05-16 19:12:48 Feel free to make changes in the page, eg like banana with any other fruit... etc 2017-05-16 19:13:25 been wating for a an artists to complete it. 2017-05-16 19:14:16 Krtecek and mushrooms 2017-05-16 19:15:13 kinda got inspired by openbsd 2017-05-16 19:16:02 Krtecek would be a nice mascott :P 2017-05-16 19:16:37 http://bajkionline.com/wp-content/uploads/2015/07/krecik-i-grzyby.jpg 2017-05-16 19:16:39 alpine edge 2017-05-16 19:16:41 xD 2017-05-16 19:16:57 would be nice to have it done before v3.6 2017-05-16 19:17:37 if they grow on alpines, better 2017-05-16 19:19:24 I’m banging my head on the table what the hell is happening on the damn builders and you’re discussing illustrations, lol 2017-05-16 19:20:33 b-b-b-ut it's almost Friday, sir 2017-05-16 19:20:39 this is another part of development of AlpineLinux, its called marketting 2017-05-16 19:20:46 ;) 2017-05-16 19:20:58 sorry to be same room 2017-05-16 19:21:03 we're cool, Alpine's cool 2017-05-16 19:23:18 hmm... still unable to locate the curtain 2017-05-16 19:58:32 jirutka: what is your opinion on the pkg-config related inconveniences I reported? For now I'm using the following hacks in a Dockerfile to build a static vis binary: http://sprunge.us/YOZj 2017-05-16 20:04:32 martanne: I asked kaniini about it (he’s author of pkgconf) and he was in doubts if that static lib should be in pkgconf file, so I decided to wait until you come and explain if and why you really need it here 2017-05-16 20:04:39 martanne: I don’t know how it should be correctly handled 2017-05-16 20:09:05 jirutka: ok I see, I'm not that familiar with pkg-config conventions either. From a user point of view I just want to use something along the lines of: ./configure CC='cc --static' && make and have it work. 2017-05-16 20:18:12 jirutka: Building static binaries seems to be the obvious use case for static libs, but that also requires installing them sanely. 2017-05-16 20:19:17 shared libs are usually conveniently versioned, while the static libs are a guessing game. 2017-05-16 20:20:58 Ditching LFS is the sane fix long term I guess :) 2017-05-16 21:04:44 TemptorSent: this is totally out-of-topic 2017-05-16 21:05:26 TemptorSent: we need to know how to record static lib into pkgconf file 2017-05-16 21:20:37 --static isn't for that 2017-05-16 21:20:43 it is a badly named parameter 2017-05-16 21:24:11 kaniini: could you please propose some solution? 2017-05-16 21:25:02 yeah 2017-05-16 21:26:41 https://paste2.org/dtCwDGnO 2017-05-16 21:26:42 like so 2017-05-16 21:26:50 but --static isnt for that, really 2017-05-16 21:29:20 kaniini: so pkgconf can disquish between static and shared libs? based on file extension? 2017-05-16 21:32:14 kaniini: btw it seems that you were wrong about that pkgver in split function is okay… I don’t know why, but it doesn’t work on build infra 2017-05-16 21:32:42 kaniini: I have no clue what has happened here, b/c it work on my machine, but obviously something is very wrong :( 2017-05-16 21:33:17 jirutka: no, pkgconf just leaves the fragment alone 2017-05-16 21:34:04 jirutka: --static just brings in Libs.private & CFLAGS.private 2017-05-16 21:34:25 jirutka: it should really be --private 2017-05-16 21:35:20 kaniini: well, I’m afraid of this: we add static libs into foo.pc and then wen some program asks for flags to dynamically link foo, it’ll also get /lib/foo.a and it will be messed; 2017-05-16 21:35:51 kaniini: is this real problem or it should be okay? 2017-05-16 21:36:27 jirutka: pkg-config does not support actual 'static linking' 2017-05-16 21:36:36 and pkgconf? 2017-05-16 21:36:48 jirutka: pkgconf is obligated for the moment to do the same as pkg-config 2017-05-16 21:37:20 jirutka: the good news is redhat has killed off its support of the former, so maybe we can actually fix this shit someday 2017-05-16 21:37:31 :) 2017-05-16 21:37:46 --static isn't what people think it is 2017-05-16 21:37:47 really 2017-05-16 21:37:48 it's not 2017-05-16 21:39:01 so what would you recommend, not using pkgconf for it and just specify the paths manually? 2017-05-16 21:44:28 i would have two .pc files 2017-05-16 21:44:45 one for shared, and one for static that explicitly references the .a files 2017-05-16 21:45:13 if you do 2017-05-16 21:45:28 pkgconf --static --libs gtk+-3.0 2017-05-16 21:45:30 for example 2017-05-16 21:45:40 you'll see what i mean 2017-05-16 21:46:05 how to name them? foo-static.pc? 2017-05-16 21:46:10 --static is in some very limited usecases useful for static linking, but it wont give you .a's and pkgconf cannot filter out .a's 2017-05-16 21:46:11 yes 2017-05-16 21:47:56 I’m not sure if it’s really worth it, Lua C modules are typically very simple and has predictable names, so what is benefit of using pkconf instead of just passing /usr/lib/foo.a to the linker, martanne? 2017-05-16 21:53:41 jirutka: the problem is that their location is not really standardized. On Alpine they are in /usr/lib/lua/5.x/lpeg.a, but for example in Debian they are in /usr/lib/x86_64-linux-gnu/liblua5.x-lpeg.a ... 2017-05-16 21:54:10 well, blame Debian… 2017-05-16 21:54:36 does Debian add static libs to pkgconf for these Lua libs? 2017-05-16 21:55:02 actually… you can ask Lua for these paths, give me a sec 2017-05-16 21:56:09 I don't really want to mess with package.cpath ... 2017-05-16 21:56:34 And yes I can work around it, but ideally I would like to do it 'correctly' 2017-05-16 21:56:38 martanne: lua -e 'print(package.cpath)', you will get something like `./?.so;/usr/local/lib/lua/5.1/?.so;/usr/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so` 2017-05-16 21:56:52 the problem is that there’s no correct solution now 2017-05-16 21:57:27 but the important question is, does Debian add static libs to pkgconf for Lua libs? if not, then it’s not really a solution for you 2017-05-16 22:00:30 martanne: hmm, there’s anotjher way and imo the most correct and portable: `pkg-config --variable=INSTALL_CMOD lua` → `/usr/lib/lua/5.1` 2017-05-16 22:01:08 martanne: you must just take care of lua name, "lua" on Alpine is still 5.1, if you want 5.3, then it’s called "lua5.3" 2017-05-16 22:04:15 kaniini: do you have access to x86_64 builder? I’d like to move testing/ghc to community, but it depends on ghc, so if I understood it correctly, someone must manually install ghc on the builder to get it built the first time; and fabled is not responding 2017-05-16 22:05:06 there’s already testing/ghc pkg, so it must be just installed, not really bootstrapped 2017-05-16 22:13:01 ncopa maintains that builder. 2017-05-16 22:13:31 jirutka: $INSTALL_CMOD isn't standardized either ;) Anyway thanks for adding the static library versions to the repo. There is probably no really portable solution available at this time :/ I will just use an alpine based docker environment to build static binaries. In general users will have to manually override some make variables. 2017-05-16 22:14:48 martanne: really? IIRC it’s standard variable defined by Lua 2017-05-16 22:15:06 martanne: there should be the best chance to be the same across distros 2017-05-16 22:16:06 martanne: well, it’s very easy to bootstrap Alpine, so you can use e.g. https://github.com/alpinelinux/alpine-chroot-install and tell users to just run script that install Alpine in chroot and build vis inside it 2017-05-16 22:16:57 martanne: and maybe prepare docker image for lazy ones who don’t care about insane complexity for simple stuff :P 2017-05-16 22:18:13 martanne: and you can use this script even to simply compile binaries for other arches ;) it has built-in support, I use it on Travis 2017-05-16 22:18:50 jirutka: do you have a link to a project which uses it? 2017-05-16 22:19:23 martanne: sure, for example https://github.com/bigclownlabs/bc-bridge/blob/master/script/ci-install 2017-05-16 22:19:43 ok, I will consider that 2017-05-16 22:20:33 martanne: we use the same principle, but not exactly this script, in alpinelinux/aports for testing pull requests and I use it also in jirutka/user-aports for building my personalpackages 2017-05-16 22:21:24 martanne: https://github.com/search?q=alpine-chroot-install&type=Code&utf8=%E2%9C%93 2017-05-17 08:02:08 kunkku, is there a way to globally disable logging in awall? 2017-05-17 08:22:30 apparently you cannot simply define logging class as false, you can use false as value of log attribute in filter/policy/packet-log rules. but you can temporarily change limit to 0/sec for logging rules you want to quiet down, and if you don't define your own logging classes, provide redefined _default 2017-05-17 08:23:02 i tried 0 but that makes iptables go mad 2017-05-17 08:23:27 what i dont want is iptables to fill up my dmesg 2017-05-17 08:23:34 so redirecting to ulog is also an option 2017-05-17 08:23:58 but i would also like to know if its just possible to disable it all together. 2017-05-17 08:27:05 ok, haven't checked personally limit 0, good to know it wouldn't work. I'm not aware of such switch in awall, but it would be good thing to have, globally and per logging class with some dedicated attribute, possibly called: suppress 2017-05-17 08:45:37 you can set it per rule 2017-05-17 08:46:48 Filter and policy rules can have an attribute named log. If it is a string, it is interpreted as a reference to a logging class, and logging is performed according to the definitions. If the value of the log attribute is true (boolean), logging is done using default settings. If the value is false (boolean), logging is disabled for the rule. 2017-05-17 09:12:04 has anyone an idea on how to have a custom alpine iso? I need zfs-grsec on an usb 2017-05-17 09:16:22 clandmeter: I wrote it already in the first ssentence. ;) the problem is that you have to change usage instead of definition, which is very cumbersome, so something like suppress in logging class would be much more useful than false in every rule using particular log class 2017-05-17 09:18:08 przemoc, ah ok missed that . 2017-05-17 09:18:30 yes, exactly what i mean. 2017-05-17 10:06:13 clandmeter: http://paste.przemoc.net/alpine/awall/0001-Log-Allow-skiping-ignoring-logging-classes.patch 2017-05-17 10:06:53 if you want to disable everything, add "skip": true to all logging classes, including _default class 2017-05-17 10:07:38 hth 2017-05-17 10:11:41 I didn't want to use suppress name in the end, because it doesn't guarantee that packet matching that rule won't be logged, but only that it won't be logged with given logging class, it may still show up from other filter/policy rule with different logging class, that's why I think that skip better describes this feature 2017-05-17 10:13:14 kunkku: http://paste.przemoc.net/alpine/awall/0001-Log-Allow-skiping-ignoring-logging-classes.patch - maybe you'll want to apply this patch, but I rather guess you may not like this approach 2017-05-17 10:15:23 it's one line non-disruptive change, so you can easily add it yourself in /usr/share/lua/5.1/awall/modules/log.lua w/o building awall yourself 2017-05-17 10:15:39 clandmeter: ^ 2017-05-17 10:27:44 Shiz: http://build.alpinelinux.org/buildlogs/build-edge-x86_64/testing/libc++/libc++-4.0.0-r0.log ಠ_ಠ 2017-05-17 10:29:21 przemoc, that seems to work. thx 2017-05-17 10:34:30 good. I tested it only as far as calling `awall diff`, because I don't want to lose logs. 2017-05-17 10:40:09 jirutka: seems like your new lit subpackage is fucked 2017-05-17 10:40:11 :D 2017-05-17 10:40:27 Shiz: no, it seems that you’ve missed dependency on py-setuptools 2017-05-17 10:40:34 jirutka, have you tried mkimage.sh so far? 2017-05-17 10:40:53 Shiz: also all tests fail for libc++abi on my machine :( how you get it pass? 2017-05-17 10:41:03 fcolista: what mkimage.sh? 2017-05-17 10:41:04 jirutka: that's odd... 2017-05-17 10:41:14 jirutka: i'll look at it when home 2017-05-17 10:41:26 jirutka, one of the scripts in abuild to create an iso 2017-05-17 10:41:38 not in abuild, aports 2017-05-17 10:41:41 this doc: 2017-05-17 10:41:41 fcolista: not yet 2017-05-17 10:41:41 https://wiki.alpinelinux.org/wiki/How_to_make_a_custom_ISO_image 2017-05-17 10:41:48 right, aports 2017-05-17 10:41:58 so that doc is old 2017-05-17 10:42:12 anyone tried so far? 2017-05-17 10:42:21 i think i did :) 2017-05-17 10:42:27 If i want to create a custom ISO with Alpine, how to do that? 2017-05-17 10:42:29 clandmeter, :) 2017-05-17 10:42:49 clandmeter: https://github.com/alpinelinux/aports/commit/b2055137c428ca6c6d5ebe7abe3568ba1312a020 ? 2017-05-17 10:43:41 ? 2017-05-17 10:43:49 clandmeter: why have you reverted it? 2017-05-17 10:43:53 is that a question? 2017-05-17 10:44:07 hmm 2017-05-17 10:44:19 isnt it included in python3? 2017-05-17 10:44:19 clandmeter: yes, it’s your commit, without any useful commit message :/ 2017-05-17 10:44:29 actually apparently I do lose logs, because when I have many logs from iptables, my messages-$DATE.gz are very short, like dozens of lines only. damn, I don't have willpower now to debug it. 2017-05-17 10:44:48 clandmeter: that’s what I’m trying to figure out, if it’s included in python3 or not 2017-05-17 10:44:55 i think it is 2017-05-17 10:45:29 and yes, i should have written an better commit msg. sorry about that. 2017-05-17 10:45:34 aha, yeah /usr/lib/python3.6/ensurepip/_bundled/setuptools-28.8.0-py2.py3-none-any.whl 2017-05-17 10:46:17 przemoc, do you use ulog? 2017-05-17 10:46:20 that reminds me that problem with bundled wheels in python3, Miro Hrončok from Fedora told me about it some time ago, they somehow solved it in Fedora 2017-05-17 10:47:19 it seems that I must let builders rebuild llvm4 again, b/c of missing dependency in subpkg :( 2017-05-17 10:48:26 clandmeter: no, I didn't change the deafult here, so log mode is used, i.e. in-kernel logging 2017-05-17 10:48:46 you are burning the earths fuel with those rebuilds ;) 2017-05-17 10:49:02 przemoc, right. 2017-05-17 10:49:26 Shiz: it’s better for libc++ tests, only 4 unexpectedly fail 2017-05-17 10:50:26 clandmeter: yeah, it’s quite silly, but hacking pkindex is probably not an acceptable option :/ 2017-05-17 10:52:07 clandmeter: at least your machine is mostly powered from renewable sources, right? NL use wind power a lot IIRC 2017-05-17 10:52:34 jirutka, you are absolutely incorrect :p 2017-05-17 10:52:48 clandmeter: why so? 2017-05-17 10:52:57 i think nl has the worse green energy in europe 2017-05-17 10:53:00 or one of them 2017-05-17 10:53:12 clandmeter: uh, that’s bad 2017-05-17 10:55:04 we do have a lot of wooden shoes 2017-05-17 10:55:14 XD 2017-05-17 10:55:39 i bet Shiz has a pair of them ;-) 2017-05-17 10:56:12 seems only France is worse... 2017-05-17 10:57:53 jirutka: what did you change? 2017-05-17 10:58:09 jirutka: oh libc++ nvm 2017-05-17 10:58:09 Shiz: please see git log, I’ve described it ;) 2017-05-17 10:58:11 yeah 4 is about right 2017-05-17 10:58:19 i fixed most the failing tests 2017-05-17 10:58:26 but some are due to the make check happening in fakeroot 2017-05-17 10:58:29 Shiz: I haven’t changed anything in libc++ 2017-05-17 10:58:29 which is too permissive 2017-05-17 10:58:47 Shiz: got it, but why ALL libc++abi tests fail on my machine? 2017-05-17 10:58:54 Shiz: maybe grsec…? 2017-05-17 10:58:59 jirutka: my machine is also grsec 2017-05-17 10:59:02 so questionable 2017-05-17 10:59:25 jirutka: can you install lit yourself, go to src/libcxxabi/build/test 2017-05-17 10:59:27 and do lit -v . 2017-05-17 10:59:32 that will show you more info about the failing tests 2017-05-17 11:02:45 Shiz: /usr/bin/ld: cannot find -lc++ 2017-05-17 11:04:35 Shiz: btw there’s explanation for lit → $pkgname-test-utils https://github.com/alpinelinux/aports/commit/24bd280a18ce673ba4f4f22601c9d5aa949895d6 2017-05-17 11:07:05 jirutka: did you do it through # abuild -r builddeps sh? 2017-05-17 11:07:15 that's usually how i get myself into a build env with all the deps installed to do manual checks 2017-05-17 11:07:20 Shiz: I do abuild -rK 2017-05-17 11:08:09 hmm 2017-05-17 11:08:19 jirutka: thanks though, this explains something at least 2017-05-17 11:08:27 i think i can fix this 2017-05-17 11:10:13 I know what is `abuild -r builddeps` doing, but what `abuild -r builddeps sh`? o.O 2017-05-17 11:11:33 it can’t find libc++, but when I tried LD_LIBRARY_PATH= with path to libcxx/build/libs, it didn’t help 2017-05-17 11:12:56 jirutka: it... simply invokes sh :P 2017-05-17 11:13:06 so you get in an environment with the builddeps installed 2017-05-17 11:13:06 Shiz: but why…? 2017-05-17 11:13:11 and when you exit sh they get removed again 2017-05-17 11:13:15 aha 2017-05-17 11:13:19 interesting 2017-05-17 11:13:32 I just run abuild undeps after I finish 2017-05-17 11:26:37 Shiz: fails on builders too http://build.alpinelinux.org/buildlogs/build-edge-x86_64/testing/libc++/libc++-4.0.0-r0.log 2017-05-17 11:27:28 yeha 2017-05-17 11:27:31 i'll fix it later 2017-05-17 11:27:33 busy rn 2017-05-17 11:27:49 okay 2017-05-17 11:54:56 clandmeter: jirutka re py3: what's the problem? 2017-05-17 11:55:46 scadu: nothing, just wondering why there’s no py3-setuptools and why it’s still named py-setuptools instead of py2-setuptools 2017-05-17 11:56:16 I’ve already figured out both 2017-05-17 11:56:57 testing/idris is on the way to mirrors :) 2017-05-17 11:57:21 jirutka: tell me please :v 2017-05-17 11:57:34 scadu: python3 bundles setuptools 2017-05-17 11:58:29 scadu: provides="py2-setuptools" doesn’t work as I previously thought when I did it, it should be provides="py2-setuptools=$pkgver-$pkgrel"… 2017-05-17 11:58:45 scadu: so I think that we can rename the pkg itself to py2- after v3.6 2017-05-17 11:58:54 jirutka: ah, right. I thought about naming convention -- py instead of py2 2017-05-17 11:59:21 jirutka: cool 2017-05-17 13:05:55 ncopa do you have an example on how to use mkimage.sh in order to have a custom iso with custom packages built-in? 2017-05-17 13:21:29 Shiz: FYI, I’ve modified libc++ abuild to allow test failures to get it build, the pkgs are already on mirrors, pls fix the tests once you have some time :) 2017-05-17 13:28:46 do we need libc++ for 3.6 release? 2017-05-17 13:36:15 I've done with: sh mkimage.sh --tag edge --outdir /home/fcolista/iso --arch x86_64 --repository http://dl-cdn.alpinelinux.org/alpine/edge/main --profile standard 2017-05-17 13:36:28 but i need to figure out how to add "custom" packages 2017-05-17 13:39:42 ah 2017-05-17 13:39:43 figured 2017-05-17 13:41:00 clandmeter, mkimage runs mkimg.$profile 2017-05-17 13:41:29 all_profiles="$all_profiles $(sed -n -e 's/^profile_\(.*\)() {$/\1/p' $1/mkimg.*.sh)" 2017-05-17 13:43:45 im mkimg.standard there are the various profiles 2017-05-17 14:08:10 ncopa: it would be nice 2017-05-17 14:08:42 looks like we are almost there too 2017-05-17 14:13:52 ghc pushed 2017-05-17 14:14:11 looks like it will take a while to compile 2017-05-17 14:14:55 and libc++ is not done yet on armhf 2017-05-17 14:15:10 so i suppose it will not be done until tomorrow 2017-05-17 14:43:25 I know why I was losing logs! busybox syslogd's defaults for log rotation are quite modest (200KB, 1 rotated log to keep), which spoil dedicated logrotate functioning if you have it installed 2017-05-17 14:44:33 I think we should somehow improve this horror 2017-05-17 14:45:41 whenever someone comes up with idea to do more things in one tool, such things happen 2017-05-17 14:46:29 ideally logrotate feature should be removed from busybox's syslogd, but I guess it's not an option 2017-05-17 14:47:35 why removed 2017-05-17 14:47:39 just set it to 0 2017-05-17 14:48:14 because if you want to have log rotation, you install dedicated tool for that 2017-05-17 14:48:31 maybe there could be some warning when logrotate pkg is installed and busybox syslogd is used, not sure 2017-05-17 14:50:57 yeah, I can fix it locally by -s 0, but I'm talking about fixing it for AL users who install logrotate at one point and may notice that they're losing logs, if they manage to fill 200KB faster than weekly 2017-05-17 14:54:06 ncopa: huh, libc++ takes just few minutes to compile, at least on x86_64 2017-05-17 14:54:55 jirutka: tests take a while 2017-05-17 14:55:07 they are intense but i enabled them on purpose since it's a pretty fundamental sys component 2017-05-17 14:57:22 Shiz: even tests take just few minutes on my machine o.O but libc++abi tests are currently broken anyway, so we can disabled them instead of just ignoring failures 2017-05-17 14:57:29 jirutka: really? 2017-05-17 14:57:34 the libc++abi tests are fast but 2017-05-17 14:57:39 the libc++ tests take a while 2017-05-17 14:57:43 because there's 5000+ of them 2017-05-17 14:57:46 took ~20 min on my machine 2017-05-17 14:58:21 mind that 200KB in /var/log/messages is not a feat if you use for instance firewall logging. I know, you'll write that I should have separate file for that, and I can agree, but even w/o separate file, I shouldn't be losing logs. 2017-05-17 15:12:14 Shiz: 6 min 45 sec to completely build libc++ including tests on my machine 2017-05-17 15:12:24 that's faster than mine 2017-05-17 15:12:26 :P 2017-05-17 15:13:44 Shiz: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2 sockets, 6 cores per each, HT 2017-05-17 15:13:51 yeah 2017-05-17 15:13:57 my build container gets assigned 4 cores :P 2017-05-17 15:14:03 or 2017-05-17 15:14:04 4 vcores 2017-05-17 15:14:06 maybe better said 2017-05-17 15:14:15 Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz 2017-05-17 15:14:20 Shiz: well, if cgroups actually work here, then it should not use more than 50 % of power of the machine 2017-05-17 15:15:17 Shiz: I thought that I have powerful machine, until kaniini told me about his machine :( XD 2017-05-17 15:15:28 :P 2017-05-17 15:18:06 i don't have my machine fully up yet. 2017-05-17 15:18:57 you need to build a nuclear power plant first, right? XD 2017-05-17 15:19:56 i need to get it booting 2017-05-17 15:21:34 it insists my ram is bad 2017-05-17 15:21:45 even though it works fine in my old server 2017-05-17 15:22:09 maybe you just need 1.2 GW… https://s-media-cache-ak0.pinimg.com/originals/c8/17/37/c81737d57c7841ba5002fdef19d3d8cc.jpg :P 2017-05-17 15:22:43 actually i think that may be the problem 2017-05-17 15:22:50 that i need more than 1 power supply connected 2017-05-17 15:23:48 at work I had access to QorIQ T2080. 4 dual-threaded e6500 cores, 1.53 GHz, but it's apparently meant to be power efficient, so it's not that fast as your machines 2017-05-17 15:33:51 I hope none of AL build servers are AMT vulnerable, https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf 2017-05-17 15:35:03 wait a moment, web server integrated in a firmware? 2017-05-17 15:36:36 hehe jirutka is not familiar with AMT 2017-05-17 15:36:46 anyway, unlikely 2017-05-17 15:36:47 WHAT THE ACTUAL FUCK?! 2017-05-17 15:37:07 jirutka: https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf 2017-05-17 15:37:10 here's some background reading 2017-05-17 15:37:12 anyway 2017-05-17 15:37:16 wait until he hears about IoT.... 2017-05-17 15:37:18 AMT is only available on single-socket xeon CPUs 2017-05-17 15:37:22 i don't think we carry those 2017-05-17 15:37:30 e.g. Xeon 1xxx 2017-05-17 15:50:41 jirutka: seems like it takes a while to run the tests on armhf 2017-05-17 15:51:21 ncopa: well, we can disable tests just for armhf; I’ve already did this in some pkg, maybe it’s even some llvm pkg, b/c it takes forever to run them on that arch 2017-05-17 16:00:58 could be its stuck too 2017-05-17 16:01:12 /home/buildozer/aports/testing/libc++/src/libcxx-4.0.0.src/build/test/libcxx/utilities/memory/util.smartptr/Output/race_condition.pass.cpp.exe 2017-05-17 16:01:45 maybe disable just this test for armhf? 2017-05-17 16:03:01 lets wait a bit more 2017-05-17 16:03:20 okay 2017-05-17 16:03:45 i dont remember if it was edge or 3-6 that was stuck earlier 2017-05-17 16:04:24 ghc will probably take all night 2017-05-17 16:04:44 so it would be good to have it started today 2017-05-17 16:05:04 we dont even have rc1 out 2017-05-17 16:05:42 libc++ will have to wait til after 3.6 release 2017-05-17 16:05:52 why, it’s already built 2017-05-17 16:05:53 we had freeze for that kind of stuff in april already 2017-05-17 16:06:02 its not built on armhf 2017-05-17 16:06:06 and if we move it 2017-05-17 16:06:09 it will take another day 2017-05-17 16:06:12 so we can just disable tests for armhf 2017-05-17 16:06:13 ++ 2017-05-17 16:06:56 i think this means i need to enforce feature freezes more strict in future 2017-05-17 16:07:33 why do we need it for 3.6? 2017-05-17 16:08:51 this is exactly why i said that i dont want add new stuff 2017-05-17 16:09:48 tests disabled for amrhf, let’s kill the build, let it rebuilt on armhf and see how long it takes 2017-05-17 16:09:56 I dunno, Shiz wanted it 2017-05-17 16:10:07 i said it would be usful, i don't really require it 2017-05-17 16:10:11 that is all 2017-05-17 16:10:33 ncopa: ghc failed on 3-6 because of missing ghc… :) 2017-05-17 16:13:11 ncopa: question about cargo… currently it cargo downloads rust dependencies (crates) from the cargo repository, but it’s set to use Cargo.lock that defines every dependency (incl. transitive) with exact version and checksum of the crate, cargo verifies them and fail when something is wrong 2017-05-17 16:14:21 http://tpaste.us/qMjK 2017-05-17 16:14:26 i installed ghc manually 2017-05-17 16:14:34 ncopa: is that good enough for us, at least for now, to move it into community, or should I figure out other way, I mean use the solution I’ve showed you today, but include this script in the cargo abuild for now, so every crates would be downloaded and checked by abuild? 2017-05-17 16:15:15 and now ghc is gone 2017-05-17 16:16:11 looks like it build on edge 2017-05-17 16:16:14 ncopa: rust pkg without cargo is not very usable, so I think we need to move also cargo to community; however, even rust itself without cargo is quite a win, b/c upstream provides statically linked cargo binary, so it’s much better than not having rust at all 2017-05-17 16:18:50 ncopa: cargo abuild https://github.com/alpinelinux/aports/blob/master/testing/cargo/APKBUILD 2017-05-17 16:19:26 is that cargo something we can maintain for 6 months? 2017-05-17 16:19:33 and provide support 2017-05-17 16:19:42 if so, then its good enough 2017-05-17 16:19:52 otherwise we wait 2017-05-17 16:20:14 yes, we can maintain it, it’s not a problem 2017-05-17 16:20:25 push it then 2017-05-17 16:20:28 the thing is 2017-05-17 16:20:35 22 may i will tag the release 2017-05-17 16:20:37 ready or not 2017-05-17 16:20:43 i will just tag it 2017-05-17 16:21:14 so either wew do a release with alot of extra things included, things that works halfway 2017-05-17 16:21:28 or we do a release with fewer things, but the things we ship works good 2017-05-17 16:21:31 the only problem is that it may violate our policy about not letting software download deps itself; however, in the case of cargo, it’s not like downloading random stuff w/o verification, it do the same verifications as we do in abuild 2017-05-17 16:21:53 cargo depend on itself? 2017-05-17 16:22:07 so we need "bootstrap" it? 2017-05-17 16:22:31 yes, we use statically linked binary from upstream to bootstrap it 2017-05-17 16:22:42 so there’s no extra action needed 2017-05-17 16:22:51 i suppose thats good enough 2017-05-17 16:22:53 but remember 2017-05-17 16:23:07 i will tag rleease even if it means there are no release candidate at all 2017-05-17 16:23:22 since 1 may we should have *only* done fixes on the things we have 2017-05-17 16:23:33 otherwise we end up release broken stuff 2017-05-17 16:24:10 don’t worry, cargo doesn’t take much time to build 2017-05-17 16:25:23 push it then 2017-05-17 16:25:32 fcolista: re zfs boot usb 2017-05-17 16:25:37 it is a bug 2017-05-17 16:25:41 but it will have to wait 2017-05-17 16:26:01 i wanted to fix those kind of bugs before the relase but unfortunally we will have to live with the bugs til next release 2017-05-17 16:26:13 due to release got delayed 2017-05-17 16:27:19 can anyone help with this php5 issue? http://bugs.alpinelinux.org/issues/7284 2017-05-17 16:28:01 another relase delay: http://bugs.alpinelinux.org/issues/7281 2017-05-17 16:28:07 that one is important since its CVE 2017-05-17 16:34:40 ncopa: I’ve added a comment to cargo pkg https://dpaste.de/GHH8 2017-05-17 16:35:42 sounds good 2017-05-17 16:35:48 push it 2017-05-17 16:37:34 done 2017-05-17 16:40:46 where the heck is some page with OpenJDK releases? 2017-05-17 16:44:06 I’m afraid that in long-term we must drop icedtea (it’s not very actively maintained anymore), build directly from openjdk sources and take patches e.g. from Fedora 2017-05-17 16:54:05 omg, there’s already http://icedtea.wildebeest.org/download/source/icedtea-3.4.0.tar.gz and http://icedtea.wildebeest.org/download/drops/icedtea8/3.4.0/, according to NEWS in the first tarball 3.4.0 is released, but there’s no 3.4.0 tag in the upstream repository 2017-05-17 16:54:34 it’s very unclear 2017-05-17 16:55:41 ncopa: okay, I’ve updated to icedtea 3.4.0 and trying to build it on my machine now 2017-05-17 16:56:04 ncopa: our patches passed, that’s good 2017-05-17 16:56:11 good sign 2017-05-17 16:56:14 i hope it builds 2017-05-17 16:56:28 we should look over the bugs on bugs.alpinelinux.org and try fix as much as possible 2017-05-17 16:56:29 ehm, no… 2017-05-17 16:56:35 they are just applied later… 2017-05-17 16:56:40 im looking at the resolved stuff and closeing them 2017-05-17 17:05:16 On the apk tracker, please go ahead and drop the priority and push back release for all my feature requests since we're not migrating until after 3.6 2017-05-17 17:19:17 <_ikke_> Anyone looked at habitat yet? 2017-05-17 17:21:07 _ikke_: I know about it, but haven’t tried it yet, nor try to make a pkg for it 2017-05-17 17:21:26 <_ikke_> right, I'm trying to make a package from it 2017-05-17 18:20:41 jirutka: we have the ppc64le patches rebased against 2.1.0_beta3. 2017-05-17 18:20:48 do you want to bump to this version? 2017-05-17 18:21:33 leitao: that’s great! 2017-05-17 18:22:33 leitao: yeah, I think that we can make this before v3.6 2017-05-17 18:23:02 jirutka: ok. gromero can you handle a PR with the new patchset? 2017-05-17 18:24:07 leitao: gromero: please as soon as possible, 3.6-rc1 is already knocking on door 2017-05-17 18:24:27 jirutka: sure. It is just a matter of creating a PR now. 2017-05-17 18:24:41 jirutka: should we bump the version ? 2017-05-17 18:25:14 <_ikke_> jirutka: Do you happen to know how to get cargo to run a release build when it's executed from a Makefile? 2017-05-17 18:25:18 leitao: yes, pkgver=2.1.0_beta3, pkgrel=0 2017-05-17 18:25:35 jirutka: ack! 2017-05-17 18:25:38 jirutka: leitao ack 2017-05-17 18:25:52 _ikke_: try CARGOFLAGS="--release" 2017-05-17 18:26:04 <_ikke_> jirutka: thanks 2017-05-17 18:38:20 <_ikke_> jirutka: CARGOFLAGS doesn't seem to be a thing 2017-05-17 18:38:57 _ikke_: hm, what about RUSTFLAGS ? 2017-05-17 18:39:13 _ikke_: http://doc.crates.io/environment-variables.html#environment-variables-cargo-reads 2017-05-17 18:42:12 <_ikke_> jirutka: Ok, then I would need to find out what would be the equivalent of cargo build --release 2017-05-17 18:43:29 <_ikke_> https://news.ycombinator.com/item?id=9146694 2017-05-17 18:58:51 jirutka: leitao from a ppc64 perspective, simple as https://github.com/alpinelinux/aports/pull/1523 2017-05-17 18:59:54 gromero: I think that you’ve missed a patch… 2017-05-17 19:00:22 jirutka: which you mean? 2017-05-17 19:01:09 maybe just a GH glitch, give me a sec 2017-05-17 19:01:43 jirutka: you mean because leitao said: "gromero can you handle a PR with the new patchset?" 2017-05-17 19:02:15 jirutka: ok 2017-05-17 19:02:17 gromero: no, it’s not a glitch, the only change in enable-support-for-ppc64le.patch is single change in a comment… https://github.com/alpinelinux/aports/pull/1523/files 2017-05-17 19:03:06 jirutka: you are saying that because leitao said "a new patchset"? 2017-05-17 19:03:15 yes, so out patch applies fine 2017-05-17 19:03:17 *our 2017-05-17 19:03:31 gromero: uh, aha 2017-05-17 19:08:39 <_ikke_> jirutka: aha, there is a PROFILE flag 2017-05-17 19:29:04 I just pushed a CVE regression fix for shadow: https://github.com/alpinelinux/aports/pull/1524 can that make it to v3.6 or to late for the rc? 2017-05-17 19:33:47 jirutka: thanks, can you cherry-pick it to v3.5 as well? 2017-05-17 19:34:05 HRio: yeah, but pls remind it me later 2017-05-17 19:34:57 or should I open a PR for v3.5? 2017-05-17 19:37:17 HRio: yes please 2017-05-17 19:50:57 jirutka: shadow fix for v3.5 https://github.com/alpinelinux/aports/pull/1525 (build failure on fetch of http://dl-cdn.alpinelinux.org/alpine/v3.4/main/x86_64/apk-tools-static-2.6.7-r0.apk) 2017-05-17 20:13:14 <_ikke_> just made an ipv6 enabled proxy for dl-4.a.o :P 2017-05-17 20:34:19 ha, that reminds me, clandmeter, why alpinelinux.org doesn’t have AAAA record? 2017-05-17 20:40:44 <_ikke_> if an application requires openssl to build, would libressl work as well? 2017-05-17 20:41:07 _ikke_: usually yes 2017-05-17 20:41:19 <_ikke_> ok 2017-05-17 20:44:09 <_ikke_> jirutka: I just kicked up a bare metal server on scaleway with 8 cores to test building a package 2017-05-17 21:29:25 hello 2017-05-17 21:29:28 i've got some time again 2017-05-17 21:29:30 whats new 2017-05-17 21:29:54 <_ikke_> I'm trying to package habitat 2017-05-17 21:30:12 <_ikke_> building takes ages though 2017-05-17 21:31:22 Shiz: broken tests in libc++ ;) 2017-05-17 21:31:42 Shiz: and someone asked about your progress in some Rust issue on rust-lang/rust ;) 2017-05-18 01:13:55 jirutka: found a fix for the broken abi tests 2017-05-18 01:21:04 jirutka: do you have a log of the test failures? 2017-05-18 03:05:45 For purposes of consistency throughout the alpine tools (at least scripts), I'd like to propose the definition of a set of error handling functions/formats in a common location. 2017-05-18 03:08:07 The scope would include printing info/error messages to the terminal, providing for logging, and providing handler hooks to cleanly fail/die/exit 2017-05-18 03:12:47 The ideal case would be to provide the same set of functions using the same formats for tools in all languages, thus making a much more cohesive product. 2017-05-18 03:16:30 Thus, calling 'a_error "I failed"' from a shell script would display the same as 'a_error("I failed");' in a C program. 2017-05-18 03:19:58 definitely not, since naming conventions differ per language 2017-05-18 03:25:07 Adjusting for naming conventions as needed.. 2017-05-18 03:26:12 The point is to have consistent look & feel across tools, not exact naming. 2017-05-18 03:27:17 Figuring out how to enable/disable colors based on the environment variable is about the only part that may require fiddling. 2017-05-18 03:28:46 Is it "USE_COLORS=1" in all existing cases? 2017-05-18 03:32:10 Should it be "USE_COLORS={always,never,auto}" to be consistent with ls? 2017-05-18 03:38:36 Okay, higher level question - forget implementation details - What format do we want to use to print/log info/message/warning/error messages from ALL alpine tools so they have consistent appearance? 2017-05-18 03:40:45 And how do we want to handle failure cases in a consistent manner? What gets printed on failure at various verbosity levels to which sink? 2017-05-18 03:41:56 Ideally, we leave ourselves the option of doing I18N in some sane manner, but that's it's own set of issues. 2017-05-18 03:45:45 Although I'm not sure of how to cleanly handle i18n in POSIX shell... 2017-05-18 08:59:36 <_ikke_> wow, cargo release builds takes ages 2017-05-18 08:59:55 :) 2017-05-18 09:00:33 <_ikke_> it's compiling for 4 hours now 2017-05-18 09:00:53 wut? 2017-05-18 09:01:00 i got a flag for libtermkey to update the version... i did that but in the message that person tells me to provide a static library version in libtermkey-dev package... i have no idea what that person means ;-) 2017-05-18 09:01:18 <_ikke_> its a small scaleway vps, but still 2017-05-18 09:01:35 yeah that takes some time 2017-05-18 09:01:38 <_ikke_> debug build took about 13 minutes 2017-05-18 09:01:54 but 4 hours could mean something is wrong 2017-05-18 09:02:07 are you building something with cargo, or cargo itself? 2017-05-18 09:14:13 <_ikke_> withcargo 2017-05-18 09:14:22 <_ikke_> habitat 2017-05-18 09:56:04 openjdk8 is causing some pain 2017-05-18 09:56:32 apparently they use different tarball of hotspot on aarch32 (armhf) 2017-05-18 09:57:08 ah, that explains the checksum errors 2017-05-18 09:57:29 hum 2017-05-18 09:57:38 i once in a while get error from tpaste.us 2017-05-18 09:58:01 ok let me restart it. 2017-05-18 09:58:06 ithink i know the fix 2017-05-18 09:58:07 http://tpaste.us/vM1o 2017-05-18 09:58:10 just dsidnt have time yet 2017-05-18 09:58:25 yes thats the same error 2017-05-18 09:59:42 this change fixes the checksum error on armhf: http://sprunge.us/UCBb 2017-05-18 10:00:21 however, the icedtea-hotspot-* patch fails :-( 2017-05-18 10:03:44 sucks 2017-05-18 10:30:55 ok, im not really sure how to solve this 2017-05-18 10:31:47 can openjdk crosscompile? 2017-05-18 10:32:03 <_ikke_> the habitat test suite can also take some time.. 2017-05-18 10:32:19 habitat? 2017-05-18 10:32:46 <_ikke_> project from chef 2017-05-18 10:35:56 neither am i 2017-05-18 10:36:15 whoops wrong win 2017-05-18 10:53:19 what a nightmare 2017-05-18 10:53:35 this openjdk business 2017-05-18 10:53:47 <_ikke_> hmm 2017-05-18 11:34:31 yes, openjdk is really PITA 2017-05-18 11:47:57 <^7heo> Any more info on the Passing the baton thing? 2017-05-18 11:48:56 <^7heo> i.e. do we actually want to do something? 2017-05-18 11:49:02 <^7heo> should we federate people? 2017-05-18 11:53:44 hi 2017-05-18 11:55:31 what are alpine's plans now that grsec is private 2017-05-18 11:56:54 Have you read the ongoing disccusion here ? http://lists.alpinelinux.org/alpine-devel/5626.html 2017-05-18 12:02:04 there doesn't seem to be any concrete plans in it 2017-05-18 12:02:27 like the latest person seems to thing that grsec just stopped developing or something 2017-05-18 12:02:56 maintaining grsec patches in their current form will be hard work 2017-05-18 12:03:45 are there plans to join forces with the gentoo hardened-kernel project or something like that 2017-05-18 12:04:06 https://github.com/thestinger/linux-hardened 2017-05-18 12:05:20 From what I have read on different ML and forums, there are different initiatives, and ways that require further exploration and examination about going with keeping grsec 2017-05-18 12:06:04 There is this thread, which opens a (very) remote chance of seeing grsec integrated upstream, if google or other is willing to actually hire grsec http://openwall.com/lists/kernel-hardening/2017/05/11/2 2017-05-18 12:06:28 There is this ongoing thread, with no reply so far from grsec https://forums.grsecurity.net/viewtopic.php?f=3&t=4699 2017-05-18 12:07:06 AlexIncogito: what does it mean “hire grsec”? 2017-05-18 12:07:18 From openwall thread, we can surmise grsec is in a "step back, and watch" attitude, which makes sense considering their motivation for going private 2017-05-18 12:07:59 Which would explain the lack of definite answer on their own forums 2017-05-18 12:09:36 @jirutka: as per openwall thread, the gist of it is: PAXTeam assert they have received no help, proposal or otherwise from google and other sponsors. Kees asserts they are willing to fund them 2017-05-18 12:09:47 grsec won't be mainlined as it is 2017-05-18 12:10:01 Tsutsukakushi the current plan is to maintain the 4.9 patch for as long as possible 2017-05-18 12:10:12 what do YOU think are their motives for going private 2017-05-18 12:10:30 jirutka i think i found a simple solution for openjdk on arm 2017-05-18 12:10:31 that kernel-hardening thread made it seem like it's purely financial 2017-05-18 12:10:41 and i know what goes wrong 2017-05-18 12:10:51 jirutka i think what happened was 2017-05-18 12:11:15 oracle open sourced their arm32 hotspot 2017-05-18 12:11:33 i find it hard to take anything that pax team says seriously 2017-05-18 12:11:48 <_ikke_> ugh, habitat release compile + make test takes 1.5h :-( 2017-05-18 12:11:55 he and spender aren't the best communicators 2017-05-18 12:12:56 jirutka: im gonna stop adding noise to this chan. i'll explain in the git commit 2017-05-18 12:13:01 _ikke_: that’s awfully long time… is it really “normal”, isn’t there some bug? 2017-05-18 12:13:01 ncopa: but what about the next stable kernel 2017-05-18 12:13:15 we will have to deal with that then 2017-05-18 12:13:18 <_ikke_> jirutka: Might be, I'll paste the compile output somewhere 2017-05-18 12:13:23 ncopa: this is not noise, it’s on-topic! 2017-05-18 12:13:42 ncopa: which is why i'm asking about plans 2017-05-18 12:14:03 dealing with it then without any plan sounds kind of painful 2017-05-18 12:14:19 Tsutsukakushi: Shiz is trying to extract PaX from grsecurity patches and maintain it separately, but not sure if he’s still on it, it looks like a lot of pain 2017-05-18 12:14:45 doing anything with that gigantic patch seems like pain 2017-05-18 12:15:04 other than "stealing" ideas 2017-05-18 12:16:01 Tsutsukakushi: the plan is to try keep unofficial grsecurity as long as possible. for now it looks like it might be possible to maintain it for 4.9 2017-05-18 12:16:08 i have done that for 4.4 for a while 2017-05-18 12:16:19 so i know what pain it is 2017-05-18 12:17:06 Well, money is caring... From what I understand about the whole grsecurity+pax history, it is understandable they feel upset. I may be missing parts of the story, but they do make very compelling arguments, with specific facts, about the various incidents, behaviours, and general lack of investment from other in their work. And neither kees or anyo 2017-05-18 12:17:06 ne else seem to have refuted them... Their tone may be sarcastic and unfriendly, but they did make an indirect opening regarding funding. And isn't it natural that their work should be rewarded ? It seems, they more than most, deserve it 2017-05-18 12:17:11 spender also said that they might dump testing patches regularily in the future 2017-05-18 12:17:56 but he didnt want to promise to do so, which is why they didn't say anything about it in the public announcement 2017-05-18 12:18:09 chances are that the companies haven't wanted to fund them because of their general attitude 2017-05-18 12:18:54 so our options are: try keep maintain unofficial patch or switch to mainline 2017-05-18 12:18:59 Possibly.. That said Torvald doesn't seem to be the most agreeable either 2017-05-18 12:19:05 ncopa: there are more options tho 2017-05-18 12:19:40 <^7heo> Tsutsukakushi: the gh/thestinger/linux-hardened repo is maintained by the folks at copperheados afaik 2017-05-18 12:20:13 There's also this forward porting initiative https://github.com/minipli/linux-unofficial_grsec 2017-05-18 12:20:45 AlexIncogito that will not go beyond 4.9 2017-05-18 12:20:49 <^7heo> Tsutsukakushi: and they called "the community" to commit to continuing the grsec project on twitter. 2017-05-18 12:21:07 Tsutsukakushi: we should provide better support for vanilla kernel anyway (e.g. virt variant)… then we will just drop hardened, or not 2017-05-18 12:21:28 (also linux-libre) 2017-05-18 12:21:47 AlexIncogito: i do use the minipli stuff. i have compared with my fork 2017-05-18 12:21:47 some guy on your forum made a very stupid false statement about linux-libre 2017-05-18 12:21:50 btw 2017-05-18 12:21:53 maybe should be corrected 2017-05-18 12:23:57 jirutka: so, openjdk. oracle released their arm32 stuff (hotspot i think), which has native code 2017-05-18 12:23:59 <^7heo> Tsutsukakushi: where? 2017-05-18 12:24:21 the default hotspot has native code for aarch64 but not for arm32 2017-05-18 12:24:26 kaniini has promised me to improve vanilla kernel configs, add some more hardening, but it seems that he haven’t had time for it yet 2017-05-18 12:24:47 <^7heo> time is a scarce resource 2017-05-18 12:24:49 the aarch32 hotspot has native arm32 code but no native aarch64 2017-05-18 12:24:56 <^7heo> especially when there's so much IRC to do. 2017-05-18 12:25:02 ha 2017-05-18 12:25:34 jirutka so what im gonna do: use hotspot=default explicitly 2017-05-18 12:25:42 that should give us what we have had earlier 2017-05-18 12:26:12 this is slower on armhf than the newly released 2017-05-18 12:26:17 ncopa: can’t we just use aarch32 hotspot on armhf? 2017-05-18 12:26:30 that is what configure does by default 2017-05-18 12:26:36 but then the patches does not apply 2017-05-18 12:26:40 ncopa: aha 2017-05-18 12:26:59 ncopa: well, I agree, hotspot=default 2017-05-18 12:27:02 so for now i think we need to just use the old hotspot 2017-05-18 12:27:08 to move forward 2017-05-18 12:27:26 then we can look into how to apply patches conditionally 2017-05-18 12:27:27 ncopa: anyway, if one want performance, (s)he will probably not use armhf… 2017-05-18 12:27:51 aarch64 FTW 2017-05-18 12:27:56 yeah 2017-05-18 12:28:18 i think oracle finally realized that if they keep things closed, people will ook for open alternatives 2017-05-18 12:28:28 so i think they realized that they lose on it 2017-05-18 12:28:30 <^7heo> Tsutsukakushi: https://twitter.com/CopperheadOS/status/865068357527187456 2017-05-18 12:28:38 I don’t believe that 2017-05-18 12:28:38 <^7heo> Tsutsukakushi: that is what I was referring to. 2017-05-18 12:28:43 Oracle is pure evil 2017-05-18 12:28:53 they were most likely forced to do it, somehow 2017-05-18 12:28:53 <^7heo> +1 2017-05-18 12:28:58 ofc 2017-05-18 12:29:06 they realized they are losing 2017-05-18 12:29:27 and does not have any choice than release the code if they want be relevant in future 2017-05-18 12:29:29 <^7heo> Like microsoft suddently "loving "linux"" 2017-05-18 12:29:36 ofc 2017-05-18 12:29:38 I don’t believe that they understand open-source, the situation on market etc. and did it voluntarily 2017-05-18 12:29:42 back 2017-05-18 12:29:52 ^7heo: in the kernel area, the deblobbed thread 2017-05-18 12:29:59 they understand business 2017-05-18 12:30:05 I personally even don’t believe that they did it b/c they realized that they’re losing 2017-05-18 12:30:11 ^7heo: he says linux-libre is outdated when it had had a release 15 days before his comment 2017-05-18 12:30:20 ^7heo: and the latest release currently is from this month 2017-05-18 12:30:22 not outdated 2017-05-18 12:30:38 if the world and market would be relational and fair, Oracle would be already dead for years 2017-05-18 12:30:49 <^7heo> Tsutsukakushi: I was expecting a link. I don't doubt your words, but acting on it needs a source. ;) 2017-05-18 12:30:58 they’re still here, despite their pure evil and their products are horrible 2017-05-18 12:31:08 i didn't have it open anymore, i can get the link 2017-05-18 12:31:31 https://forum.alpinelinux.org/forum/kernel-and-hardware/kernel-without-binary-blobs 2017-05-18 12:33:12 jirutka im not claiming they are releasing the sources due to goodwill or charity or because they want support open-source 2017-05-18 12:33:37 i think they do it as a desperate action to keep java relevant in business 2017-05-18 12:34:01 ncopa: but they’re still doing everything they can to kill it… 2017-05-18 12:34:14 kill what? 2017-05-18 12:34:14 ncopa: like suing companies from using Java 2017-05-18 12:34:24 ncopa: unclear terms 2017-05-18 12:34:44 hello 2017-05-18 12:35:31 jirutka: i did more work on llvm stuff last night a bit 2017-05-18 12:35:38 all llvm components that i know of have testsuites now 2017-05-18 12:35:43 ncopa: releasing JRE/JDK that is free to download, but contains even licensed parts, so one may use it against license without even knowing it 2017-05-18 12:36:05 Shiz: even clang? that’d be grat! 2017-05-18 12:36:09 yeah 2017-05-18 12:36:17 llvm, clang, compiler-rt, libc++, lld 2017-05-18 12:36:38 i should check llvm-libunwind too 2017-05-18 12:36:53 ncopa: with licensed parts I mean components that should not be used without paid license 2017-05-18 12:37:10 14:21:53 Tsutsukakushi │ maybe should be corrected 2017-05-18 12:37:13 why don't you o it yourself? 2017-05-18 12:37:19 ncopa: instead of cleanly releasing two variants, one with only free components and one with their proprietary paid components 2017-05-18 12:37:23 i don't have an account on the forums 2017-05-18 12:37:47 jirutka: btw: 2017-05-18 12:37:55 and i don't want to create one just to make a single comment 2017-05-18 12:38:03 i already have enough useless accounts 2017-05-18 12:38:16 btw why we have forum? 2017-05-18 12:38:17 one of my changes is renaming llvm-test-utils to llvm-utils and throwing stuff from the cmake's LLVM_INCLUDE_UTILS in there 2017-05-18 12:38:19 seems ok? 2017-05-18 12:38:32 who actually reads comments on forum? 2017-05-18 12:39:59 imo it’d be better to merge ML and forum, i.e. use some forum that can be used completely via email like ML, to have only one channel instead of two 2017-05-18 12:41:20 Shiz: why? it is *test* utils, not just random utils 2017-05-18 12:41:37 thats not what the cmake file calls it 2017-05-18 12:41:46 and i don't think it's a good idea to start making up package names ourselves 2017-05-18 12:41:47 :P 2017-05-18 12:42:06 https://github.com/llvm-mirror/llvm/blob/master/CMakeLists.txt#L482 2017-05-18 12:42:08 Shiz: we don’t have other chance here… 2017-05-18 12:42:12 https://github.com/llvm-mirror/llvm/blob/master/CMakeLists.txt#L842 2017-05-18 12:42:14 why don't we? 2017-05-18 12:42:17 aha, okay 2017-05-18 12:42:22 llvm-utils is a fine package name :P 2017-05-18 12:42:25 well, send PR, I’ll review it later evening 2017-05-18 12:42:31 :) 2017-05-18 12:42:50 maybe, but not for the current content, that is pure test utils 2017-05-18 12:42:54 purely 2017-05-18 12:42:56 jirutka: there is that one frontend for mailman3 2017-05-18 12:43:06 Tsutsukakushi: yeah 2017-05-18 12:43:09 Tsutsukakushi: HyperKitty 2017-05-18 12:43:12 ye 2017-05-18 12:43:19 Tsutsukakushi: I know it, I have Alpine packages for it 2017-05-18 12:43:22 i've yet to see it used anywhere 2017-05-18 12:43:25 All the implications of this may escape me but, with regard to the grsec situation, given security is the main theme here, how feasable would it be to maintain an official grsec branch on 4.9, even after the next increment, and backport security patches ? It may give a comfortable timeframe to figure out what to do, while allowing users to retain a 2017-05-18 12:43:25 safe base 2017-05-18 12:43:31 and their test instance blocks Tor afaik 2017-05-18 12:43:40 Tsutsukakushi: it’s not very good, but unfortunately there’s not anything better :( 2017-05-18 12:43:52 "official grsec branch" 100% unlikely 2017-05-18 12:44:11 but forward-porting the last public patch to newer 4.9 is what we already /do/ 2017-05-18 12:44:13 for 3.6 2017-05-18 12:44:42 Tsutsukakushi: you can try it https://gitlab.com/mailman/mailman-suite/issues/3 2017-05-18 12:45:32 Yes but what happens after 4.9 ? 2017-05-18 12:45:54 AlexIncogito: answer seems to be "we'll deal with it then" 2017-05-18 12:46:07 well if nothing changes, no grsec 2017-05-18 12:46:22 Isn't that a huge step back ? 2017-05-18 12:46:53 two things 2017-05-18 12:47:19 as already has been said ad infinitum, grsec is not the sole, or even the biggest part, of our security story 2017-05-18 12:47:19 well, if the current trend continues then the linux-hardened project might be at ok stage by the time next stable kernel is released 2017-05-18 12:48:05 and there's other projects in the works like strcat's hardened projects, and we may look at developing some features ourselves 2017-05-18 12:48:14 we'll see that last part when the time comes 2017-05-18 12:48:26 nobody likes grsec going private but there's not much we can do about it 2017-05-18 12:48:40 Shiz: kaniini has mentioned some project on top of vanilla kernel, but don’t remember the name 2017-05-18 12:48:42 spender's not going to license grsec at a distro level, especially a public one, even if we had the money 2017-05-18 12:49:04 Shiz: IIRC acronym starts with "A" and has 4 letters XD 2017-05-18 12:49:07 jirutka: https://github.com/thestinger/linux-hardened/wiki 2017-05-18 12:49:16 that's strcat's project 2017-05-18 12:49:21 jirutka: sure you're not thinking of AOSP? 2017-05-18 12:49:25 nope 2017-05-18 12:49:33 or KSPP? 2017-05-18 12:50:06 nope 2017-05-18 12:50:20 wait for kaniini, I have really bad memory for acronyms XD 2017-05-18 12:51:56 <^7heo> KSPP: Kernel Self Protection Project 2017-05-18 12:52:12 <^7heo> (i.e. an alternative to grsec) 2017-05-18 12:52:22 KSPP is not an alternative to grsec 2017-05-18 12:52:34 <^7heo> Shiz: https://www.grsecurity.net/compare.php 2017-05-18 12:52:36 it's simply kees' branch to upstream certain security features 2017-05-18 12:52:38 ^7heo: and? 2017-05-18 12:52:48 <^7heo> Shiz: that table is misleading then. 2017-05-18 12:52:51 it is 2017-05-18 12:53:00 of course it is, they're comparing their own project to other projects 2017-05-18 12:53:06 it's not alternative because grsec has no intention or desire to upstream anything 2017-05-18 12:53:10 it also tries an equivalency between SELinux and grsec 2017-05-18 12:53:14 which is ridiculous at best 2017-05-18 12:53:29 SELinux's goal is not kernel self-protection, it's an RBAC/DAC system 2017-05-18 12:53:30 <^7heo> Shiz: yeah that's what I was wondering about. 2017-05-18 12:53:57 likewise for AppArmor 2017-05-18 12:55:11 <^7heo> Well, long story short 2017-05-18 12:55:17 <^7heo> There's no real equivalent for grsec 2017-05-18 12:55:36 <^7heo> I think that's what the table is mainly aimed at. 2017-05-18 12:56:08 of course grsec will say that themselves 2017-05-18 12:56:14 they have to sell their patch 2017-05-18 12:56:18 <^7heo> true. 2017-05-18 12:56:26 <^7heo> but do you know any project that could compare to grsec? 2017-05-18 12:56:39 closest i got is strcat's project 2017-05-18 12:56:45 i hope it doesn't turn out to be just kspp v2 though 2017-05-18 12:56:55 <^7heo> so the linux-hardening thing Tsutsukakushi linked? 2017-05-18 12:57:25 https://github.com/thestinger/linux-hardened/wiki#upstream-progress-tracking 2017-05-18 12:57:26 yes 2017-05-18 12:58:19 <^7heo> yeah I followed that. 2017-05-18 12:58:25 <^7heo> not closely but I did follow it. 2017-05-18 12:58:41 <^7heo> Problem is, since they want to make money out of it; it's not easily available yet. 2017-05-18 12:58:56 <^7heo> Only on a Pixel/Pixel XL if you live in the north american continent. 2017-05-18 12:59:03 <^7heo> (if I got it right) 2017-05-18 12:59:14 out of that kernel? 2017-05-18 12:59:27 <^7heo> AFAIU yes. 2017-05-18 12:59:51 what is afaiu 2017-05-18 13:00:00 <^7heo> As far as I understand/understood 2017-05-18 13:00:17 <^7heo> (in our case, the latter) 2017-05-18 13:00:34 that linux-hardened kernel is right there 2017-05-18 13:00:41 you can clone it if you want 2017-05-18 13:00:42 <^7heo> I'm talking about android 2017-05-18 13:00:43 and run it 2017-05-18 13:00:45 ^7heo: you are very very wrong 2017-05-18 13:00:46 <^7heo> ASOP 2017-05-18 13:00:52 but 2017-05-18 13:00:54 linux-hardened has nothing to do with android... 2017-05-18 13:00:58 you were just talking about completely other stuff 2017-05-18 13:01:10 <^7heo> Shiz: stop saying that I'm wrong BEFORE you have a change to understand what I'm talking about... 2017-05-18 13:01:17 <^7heo> Shiz: that doesn't help with anything... 2017-05-18 13:01:37 <^7heo> Tsutsukakushi: well, it's easy to integreate with Linux in the scope of Alpine. 2017-05-18 13:01:44 so you aren't talking about that linux-hardened anymore 2017-05-18 13:01:47 but about something else? 2017-05-18 13:01:57 <^7heo> Tsutsukakushi: but yes you're right, that's not what I'm talking about; I was saying: "it's not easily available yet." 2017-05-18 13:02:08 yes 2017-05-18 13:02:18 and that sounded like it was about the last thing discussed 2017-05-18 13:02:31 which was linux-hardened 2017-05-18 13:02:31 <^7heo> well, the linux-hardened repo/project. 2017-05-18 13:02:34 <^7heo> yes. 2017-05-18 13:02:42 so i stay with my point 2017-05-18 13:02:57 linux-hardened has nothing to do with copperhead 2017-05-18 13:02:58 Shiz: ^7heo: hm, maybe it’s really KSPP… sounds familiar… so I was half-right, it doesn’t start with “A”, but has 4 letters XD 2017-05-18 13:03:02 except that copperhead may use it at one point 2017-05-18 13:03:09 there's no money intention in linux-hardened 2017-05-18 13:03:15 and it's as easily available as cloning the repo and building it 2017-05-18 13:03:18 just like upstream linux 2017-05-18 13:03:48 <^7heo> well, if you call "cloning the project, applying it, solving the conflicts, doing all the work so you get a working kernel, and then putting the working kernel package on the repos" easy 2017-05-18 13:03:53 <^7heo> then yes it's easy. 2017-05-18 13:04:02 <^7heo> I'm talking about "downloading binary, installing binary" easy. 2017-05-18 13:04:11 uuh 2017-05-18 13:04:14 you don't need to apply anything 2017-05-18 13:04:18 the cloned repo IS the final tree 2017-05-18 13:04:25 <^7heo> So you just clone and make? 2017-05-18 13:04:25 and this is not different from upstream linux 2017-05-18 13:04:27 yes 2017-05-18 13:04:29 <^7heo> ah 2017-05-18 13:04:40 <^7heo> I didn't get that part. 2017-05-18 13:04:49 <^7heo> please disregard what I have been saying then. 2017-05-18 13:05:13 well, you clone, make menuconfig and make 2017-05-18 13:05:16 :p 2017-05-18 13:05:20 <^7heo> yeah yeah like a normal kernel. 2017-05-18 13:05:21 <^7heo> my bad. 2017-05-18 13:05:27 gotta enable the features 2017-05-18 13:05:30 <^7heo> true. 2017-05-18 13:05:38 <^7heo> but I expected it to be a set of patches in a repo. 2017-05-18 13:05:43 <^7heo> I didn't look in depth yet. 2017-05-18 13:05:58 <^7heo> Then it's a really cool work. 2017-05-18 13:06:35 we gotta evaluate later just how viable/quality it is 2017-05-18 13:06:36 <^7heo> Also: <@Shiz> linux-hardened has nothing to do with copperhead 2017-05-18 13:06:38 but first, 3.6 2017-05-18 13:06:40 <^7heo> It has 2017-05-18 13:06:45 <^7heo> same guy is doing both. 2017-05-18 13:06:56 ^7heo: your own remark goes back to you, read further 2017-05-18 13:06:59 @Shiz │ except that copperhead may use it at one point 2017-05-18 13:07:06 :p 2017-05-18 13:07:13 <^7heo> but that was my entire point tbh 2017-05-18 13:07:14 <^7heo> they already do 2017-05-18 13:07:18 <^7heo> on Pixel/Pixel XL 2017-05-18 13:07:20 not afaik 2017-05-18 13:07:24 <^7heo> really? 2017-05-18 13:07:48 <^7heo> I do not have sources on that other than my memory, from IRC conversations 2017-05-18 13:07:57 the last copperhead OS build was may 1st 2017-05-18 13:08:06 <^7heo> that's not true. 2017-05-18 13:08:09 <^7heo> You can't know that. 2017-05-18 13:08:12 <^7heo> because: 2017-05-18 13:08:14 https://copperhead.co/android/downloads 2017-05-18 13:08:16 ... 2017-05-18 13:08:18 <^7heo> the images for Pixel/Pixel XL are NOT avaialble. 2017-05-18 13:08:28 <^7heo> you gotta pay for them; and only with a new Pixel device. 2017-05-18 13:08:29 yes they are? 2017-05-18 13:08:34 or at least 2017-05-18 13:08:35 their dates are 2017-05-18 13:08:37 they are right htere on the site 2017-05-18 13:08:45 Pixel N2G47O.2017.05.01.22.35.44 2017-05-18 13:08:51 Pixel XL N2G47O.2017.05.01.22.35.44 2017-05-18 13:08:53 <^7heo> Right, that was even on twitter. 2017-05-18 13:08:53 so yes, I can know that 2017-05-18 13:09:06 <^7heo> Lemme fetch the tweet. 2017-05-18 13:09:11 <^7heo> because I beg to differ there. 2017-05-18 13:09:18 <^7heo> I believe the dates on the website are not correct. 2017-05-18 13:12:12 <^7heo> Ok, I need more practice with twitter. 2017-05-18 13:12:14 <^7heo> You're right. 2017-05-18 13:12:21 <^7heo> it's just a *pinned* tweet. 2017-05-18 13:12:25 <^7heo> Not a new one. 2017-05-18 13:12:26 <^7heo> v_v 2017-05-18 13:13:02 :P 2017-05-18 13:13:33 <^7heo> Sorry Shiz, and you're right, the Pixel images are likely not containing the linux-hardened since it would mean that strcat would have intentionally antidated the commits on github just for that sake. 2017-05-18 13:16:17 ncopa, I added this: http://tpaste.us/Bewn for having a custom iso with zfs, then i've generated the iso with: 2017-05-18 13:16:18 sh mkimage.sh --tag edge --outdir /home/fcolista/iso --arch x86_64 --repository http://d 2017-05-18 13:16:18 l-cdn.alpinelinux.org/alpine/edge/main --profile custom 2017-05-18 13:16:58 fcolista i dont think it will work 2017-05-18 13:17:01 would be nice having the part "custom" of profile actually customizable, maybe taking as input a yaml 2017-05-18 13:17:10 ncopa, it worked :) 2017-05-18 13:17:17 ok, nice 2017-05-18 13:17:18 I had the iso created 2017-05-18 13:17:36 x86_64-edge:~/iso$ ls -l 2017-05-18 13:17:37 total 302080 2017-05-18 13:17:37 -rw-r--r-- 1 fcolista fcolista 309329920 May 17 14:49 alpine-custom-edge-x86_64.iso 2017-05-18 13:17:57 then i've made a bootable usb with this iso, and i had zfs up and running 2017-05-18 13:18:12 ok 2017-05-18 13:18:28 dunno if it's the right approach to have custom iso, though 2017-05-18 13:19:47 i think you could do mkimg.zfs.sh 2017-05-18 13:20:10 and instead of profile_custom(){ .. } 2017-05-18 13:20:18 you call it profile_zfs 2017-05-18 13:20:54 then you do --profile zfs 2017-05-18 13:20:55 that said 2017-05-18 13:21:25 i was thinking about adding zfs kernel modules to alpine-extended 2017-05-18 13:21:58 ncopa, what about a more-general custom iso? 2017-05-18 13:22:14 how do you mean? 2017-05-18 13:22:25 if you want make a custom iso you make a new profile 2017-05-18 13:22:33 Like a user that wants his own iso, with custom apks 2017-05-18 13:22:49 and feed a only mkimg.custom.sh with a yaml file maybe 2017-05-18 13:23:54 what if he wants other kernel flavor? 2017-05-18 13:24:07 or what if he want or not want serial console? 2017-05-18 13:24:37 the idea is that you can define your own profile 2017-05-18 13:24:37 Right. Maybe those can be passed as options 2017-05-18 13:25:00 or he could define what he wants in his profile 2017-05-18 13:25:47 yes, true. Would be nice to have it documented, since the wiki page related to "custom ISO" is outdated i believe 2017-05-18 13:26:24 yup 2017-05-18 13:26:33 thx for the feedback though ncopa 2017-05-18 13:26:44 however, that profile_custom 2017-05-18 13:27:00 we could ship it as mkimg.custom.sh 2017-05-18 13:27:09 and add comments 2017-05-18 13:27:31 then it should be relatively easy for people to figure out how to make a custom iso 2017-05-18 13:27:55 eg the mkimg.custom.sh would only be as an example 2017-05-18 13:29:21 what do you think about adding zfs modules to the alpine-extended iso? 2017-05-18 13:29:55 ncopa, i don't know how much stable/mature is 2017-05-18 13:29:59 since i didn't tested it 2017-05-18 13:30:04 it works 2017-05-18 13:30:09 i use it on my laptop 2017-05-18 13:30:13 oh 2017-05-18 13:30:18 that's cool 2017-05-18 13:30:28 so i'm ok with that then 2017-05-18 13:30:44 the current problem is that it is inconvenient to install alpine on zfs root 2017-05-18 13:31:01 becaue you need to boot something with zfs modules afailable 2017-05-18 13:31:09 available* 2017-05-18 13:31:30 alpine-extended that ships it as a module by default would solve it 2017-05-18 13:31:47 yes 2017-05-18 13:32:14 we should probably also ship the zfs userpace package there too 2017-05-18 13:32:23 yes ofc 2017-05-18 13:32:38 in the alpine-extended it really makes sense 2017-05-18 14:07:37 How would somebody know he needs extended iso for zfs support? 2017-05-18 15:21:28 the only issue i see with it is possible legal issues 2017-05-18 15:24:03 we already distribute zfs binaries, though 2017-05-18 15:27:04 https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/ 2017-05-18 15:27:06 true 2017-05-18 15:28:58 someone mentioned some tool for maintaining patches few weeks ago… does anyone remember name of the tool? 2017-05-18 15:29:20 <_ikke_> quilt? 2017-05-18 15:29:37 I’m looking for something that would help me with porting patches to newer version of code base 2017-05-18 15:31:43 sounds like quilt 2017-05-18 15:31:48 although you may want to just use git :P 2017-05-18 15:31:57 <_ikke_> jirutka: was it in this channel? 2017-05-18 15:32:13 yeah, quilt 2017-05-18 15:32:16 thanks 2017-05-18 15:55:01 anyone volunteer to write a release notes for 3.6.0? 2017-05-18 15:55:11 ACTION hides 2017-05-18 15:55:11 i mean 2017-05-18 15:55:31 can someone help me write a proposal for 3.6.0 release notes 2017-05-18 15:55:45 i think Shiz did a good job last time. 2017-05-18 15:55:52 fcolista: RE ZFS and custom isos, it's solved problem in my branch of mkimage, but waiting on fixes to apk to make it user-ready (waiting several minutes to extract the manifest from an apk is a deal-breaker) 2017-05-18 15:56:31 then publish the proposal here so we can discuss it so we dont forget anything important 2017-05-18 15:56:57 TemptorSent: fcolista has slightly different problem than you had, his iso works 2017-05-18 15:57:18 he does not need the zfs userspace in his initramfs 2017-05-18 15:57:56 ncopa: Ahh, then it should just be a matter of adding it to the image's local repo. 2017-05-18 15:58:20 the problem is there is no documentation about mkimage 2017-05-18 15:58:29 yeah 2017-05-18 15:58:34 True. 2017-05-18 15:58:43 ive seen multiple ppl try using alpine-iso 2017-05-18 15:58:48 im not sure it still works 2017-05-18 15:58:52 *lol* Yeah, I was one of them. 2017-05-18 15:59:32 the wiki entry really needs a redirect to mkimage.sh 2017-05-18 16:00:07 or atleast a notice of its abandon state 2017-05-18 16:00:41 ncopa: Any ETA on the extraction of checksums from apks that you're aware of? 2017-05-18 16:01:03 ? 2017-05-18 16:02:20 ncopa: The usability holdup on my mkimage branch at this point is the fact that I'm having to extract the checksums from the pax archive headers using awk, which takes ENTIRELY too long for things such as the kernel/firmware. 2017-05-18 16:03:55 kaniini had mentioned he thought it should be fairly easy to add that functionality, but we're looking after 3.6 drops unless something changes IIRC. 2017-05-18 16:04:20 ncopa, mkimage is since 3.5 right? 2017-05-18 16:05:16 I added a obsolete mark on our wiki entry. 2017-05-18 16:10:15 TemptorSent it does sound fairly easy to add it 2017-05-18 16:10:34 uh, there are sooo many changes since 3.5, it’ll be quite hard to remember them all; maybe we should write it continually next time 2017-05-18 16:10:55 TemptorSent but it will not happne before 3.6 release 2017-05-18 16:11:06 what I remember from head: rust, rust, cargo, rust! 2017-05-18 16:11:07 ncopa: That would significantly speed up the most painful part. 2017-05-18 16:11:32 Understood - that's why I suspended work on the new mkimage suite until after 3.6 drops. 2017-05-18 16:11:39 then ghc 2017-05-18 16:11:46 and from less important: php7 2017-05-18 16:11:51 jirutka yes, i was also thinking of writing a plan for 3.7 release and goals 2017-05-18 16:12:01 llvm4 2017-05-18 16:12:03 from the top of my head: 2017-05-18 16:12:35 kernel grsec->hardened 2017-05-18 16:12:48 important change: llvm is out, every llvm package has version suffix now, the latest is llvm4, the latest also provides="llvm-*-$pkgver-r$pkgrel" 2017-05-18 16:13:32 but other llvm components, clang, lldb, lld, llvm-libunwind, … are in single version, built against the latest llvm 2017-05-18 16:13:35 php 7.1, gcc 6.3 2017-05-18 16:14:10 release notes should probablyt note the change to 'set -e' in abuild. 2017-05-18 16:14:16 we have added lld, llvm-libunwind and libc++ (if you move it to community) 2017-05-18 16:14:17 go 1.8 2017-05-18 16:14:30 did we update phyth 3 version? 2017-05-18 16:14:34 python* 2017-05-18 16:14:38 yes, 3.6 2017-05-18 16:14:59 basically all languages that updated significantly 2017-05-18 16:14:59 also luajit-2.1_beta3 2017-05-18 16:15:14 is it incompatible with previous luajit? 2017-05-18 16:15:22 I hope that it’s not 2017-05-18 16:15:34 then its lower prio 2017-05-18 16:15:44 if we get too much stuff we can drop mention it 2017-05-18 16:16:11 postgresql update needs to be mentioned but i dont think we updated it 2017-05-18 16:16:11 emscripten 2017-05-18 16:16:13 What's status on pgsql? Has anyone packaged 10b1? 2017-05-18 16:16:20 no 2017-05-18 16:16:23 well, at least emscripten-fastcomp (their llvm fork) 2017-05-18 16:16:44 emscripten itself is still in testing, I don’t know if I want to move it to community, emscripten is mess 2017-05-18 16:16:45 important stuff is things that can make things break when people upgrade 2017-05-18 16:16:50 There are major breaking changes in pgsql 10 vs. 9.6, including changing versioning scheme. 2017-05-18 16:17:15 we don’t have pgsql 10, cause it’s not released yet 2017-05-18 16:17:26 Beta 1 just dropped. 2017-05-18 16:17:28 reworking kernel packaging is on my todo list for 3.7 2017-05-18 16:17:32 beta… 2017-05-18 16:17:35 clandmeter: i never wrote release notes... 2017-05-18 16:17:40 lol 2017-05-18 16:17:57 so that third-party modules are built against all arch-specific flavors 2017-05-18 16:17:59 nginx updated to 1.12 2017-05-18 16:18:05 instead of having one APKBUILD for each flavor 2017-05-18 16:18:06 that is significant 2017-05-18 16:18:07 fix some important apk bugs 2017-05-18 16:18:09 :P 2017-05-18 16:18:17 important for rel notes 2017-05-18 16:18:18 ya 2017-05-18 16:18:25 like how providers are handled 2017-05-18 16:18:26 :P 2017-05-18 16:18:27 kaniini - good, that's critical. I'm still getting broken modules on upgrade until I reboot. 2017-05-18 16:18:55 so we can group them like 2017-05-18 16:19:08 - (possibly) breaking changes 2017-05-18 16:19:14 - significant fixes 2017-05-18 16:19:30 ruby 2.3 → 2.4 2017-05-18 16:19:32 not sure if we backported the apk fixes? 2017-05-18 16:19:33 yes 2017-05-18 16:19:47 kernel update too ofc 2017-05-18 16:19:48 abuild set -e and check 2017-05-18 16:19:56 kernel too yes 2017-05-18 16:20:06 is linux-hardened in the repo on 4.9.28? 2017-05-18 16:20:07 At the least, the russian roulette patch should be backported. 2017-05-18 16:20:12 abuild set -e is not that important 2017-05-18 16:20:39 i mean not for most runtime users 2017-05-18 16:20:46 hm, true 2017-05-18 16:20:51 its ofc a very good thing for devs 2017-05-18 16:21:02 - devs improvements 2017-05-18 16:21:03 ncopa: set -e may break someone's local abuilds, so a note is probably worthwhile still. 2017-05-18 16:21:05 TemptorSent: yes, i want to make sure that it is packaged in a way that apk will group the upgrades atomically 2017-05-18 16:21:06 what is annoying is: some packages are right, others are not 2017-05-18 16:21:55 Shiz: Linux ncopa-desktop 4.9.28-1-hardened 2017-05-18 16:21:56 kaniini: Let's figure out what the RIGHT way is, then force everything into that form. 2017-05-18 16:22:09 TemptorSent: i already know what the right way is 2017-05-18 16:22:13 oh 2017-05-18 16:22:28 significant new stuff: ppc64le, s390x support 2017-05-18 16:22:37 yes 2017-05-18 16:22:41 kaniini: Okay, cool :) 2017-05-18 16:22:58 Shiz, then it was somebody who looked like you :) 2017-05-18 16:23:06 ncopa: nice 2017-05-18 16:23:11 TemptorSent: backporting russian roulette patch is not necessary 2017-05-18 16:23:12 clandmeter: i take offense to this 2017-05-18 16:23:12 kaniini: And this will allow multiple kernel versions installed simultaneously, including their modules, right? :) 2017-05-18 16:23:27 TemptorSent: apk will upgrade itself before running the upgrade transaction(s) 2017-05-18 16:23:49 TemptorSent: that is the goal yes 2017-05-18 16:24:00 kaniini: Ahh, okay - wasn't sure if it would screw up the dep calcs before the fact or not. 2017-05-18 16:24:05 TemptorSent: it is going to require some minor changes to abuild 2017-05-18 16:24:45 kaniini: Makes sense - essentially dependent packages should be built for each version/flavor. 2017-05-18 16:25:21 Shiz, sorry I will try not to mistake you next time. 2017-05-18 16:25:26 ;p 2017-05-18 16:25:34 now i'm curious who did in fact do it 2017-05-18 16:25:39 also i don't mind writing relnotes 2017-05-18 16:25:40 fwiw 2017-05-18 16:27:31 yay ppc64le and s390x support 2017-05-18 16:27:36 TemptorSent: in general, i want to change the way upgrades are grouped too in apk, so that upgrades happen together whenever possible (a package and its subpackages) 2017-05-18 16:28:22 kaniini: That would make good logical sense, as well as possibly allowing partial-upgrades in a sane manner. 2017-05-18 16:28:35 Oh now I remember 2017-05-18 16:28:39 It was ikke 2017-05-18 16:29:09 ACTION is not really convinced on binary format for apkindex though :) 2017-05-18 16:29:16 i see how it is, all of us dutchmen are the same huh 2017-05-18 16:29:34 yes now get in your windmill and shut up 2017-05-18 16:29:34 kaniini: At some point, would you be willing to diagram out APK's current structure? 2017-05-18 16:29:34 ;p 2017-05-18 16:29:47 lol 2017-05-18 16:29:48 No binary indexing! 2017-05-18 16:29:53 TemptorSent: given enough whiskey, sure 2017-05-18 16:29:54 I thought Shiz is Japanese 2017-05-18 16:30:03 kaniini: What's your poison? :) 2017-05-18 16:30:12 tmh1999: i don't think weeaboo qualifies as proper japanese 2017-05-18 16:31:11 for apk-tools my personal todo list is basically 2017-05-18 16:31:22 - apk install/remove as alternates for apk add/del 2017-05-18 16:31:30 kaniini: I'm still trying to understand the resolution process in apk, as it's several layers it seems. 2017-05-18 16:31:33 でも。。。ありがとう 2017-05-18 16:31:38 moving on 2017-05-18 16:31:51 - apk contents dumper 2017-05-18 16:32:05 - apk builder 2017-05-18 16:32:31 - grouping package changes into subtransactions sorted by origin 2017-05-18 16:32:31 Those two are essentially 'pax' + some metadata, correct? 2017-05-18 16:32:48 - ed25519 key support 2017-05-18 16:33:46 - apk subcommand support (like git, so you can install apk-foo binary and have it integrate into the package manager) 2017-05-18 16:34:04 I'm liking it kaniini. 2017-05-18 16:34:08 - apk dist-upgrade as alias for apk upgrade --available 2017-05-18 16:34:41 all of that should be in 3.7 2017-05-18 16:34:43 no promises, but i will try 2017-05-18 16:34:53 oh, also 2017-05-18 16:35:05 kaniini: That would represent major improvements to usability. 2017-05-18 16:35:10 - ability to record external installed files into the package manager database 2017-05-18 16:35:28 i don't like the dist-upgrade term :( 2017-05-18 16:35:33 (so you can do pip3.6 install foo, and pip3.6 can then record the files it now controls in apk's database so it leaves them alone) 2017-05-18 16:35:54 kaniini: +1 2017-05-18 16:36:40 kaniini: what about something like “alternatives”? we need it badly 2017-05-18 16:36:42 kaniini: Along with that, can we add a means of handling symlinks? 2017-05-18 16:36:45 (the plan there is to allow pip and others to actually leverage the package building functionality and then install the package) 2017-05-18 16:37:03 jirutka: yes, alternatives is something i am looking into as well 2017-05-18 16:37:25 as for fabled's binary indexes 2017-05-18 16:37:30 i'm not 100% on them 2017-05-18 16:37:30 I have 'alternatives' partially implemented. 2017-05-18 16:37:44 it may save a few msec of time, but i don't really think we need to worry about that 2017-05-18 16:37:49 I do not like the idea of binary indicies 2017-05-18 16:37:51 apk is already waaaaaay faster than most 2017-05-18 16:38:11 If needed, a binary cache is a possibility I suppose. 2017-05-18 16:40:51 kaniini: Can we put the apk work list somewhere on the wiki perhaps? 2017-05-18 16:40:56 jirutka: so on alternatives, 2017-05-18 16:41:08 jirutka: i don't think it is appropriate to have them in apk 2017-05-18 16:41:24 kaniini: agree, it should be a separate utility 2017-05-18 16:41:51 kaniini: I just thought that it’s relevant to bring it to this discussion 2017-05-18 16:42:12 kaniini, jirutka: Agreed - although apk could indicate the which providers are available. 2017-05-18 16:42:47 TemptorSent: it could, but then we just created yet another alternatives implementation tied to a package manager 2017-05-18 16:42:52 TemptorSent: and in reality, like all the others, it will suck 2017-05-18 16:43:21 ACTION is more into solving specific problem domains with specific tools 2017-05-18 16:43:23 kaniini: No need for it to do anything special, just expose the information in the abuild. 2017-05-18 16:43:46 TemptorSent: abuild can just as easily create a file in /etc/alternatives/$pkgname 2017-05-18 16:44:11 kaniini: Right, but that won't be available until the package is installed. 2017-05-18 16:44:13 TemptorSent: which is a lot cleaner 2017-05-18 16:44:34 TemptorSent: provides and alternatives are different things 2017-05-18 16:44:45 kaniini: I'm considering the "Which providers can I use for this functionality" 2017-05-18 16:44:51 TemptorSent: if a packager wants to make apk aware of it, she should use $provides 2017-05-18 16:45:26 kaniini: For instance, "What are my alternatives for 'ssh'?" 2017-05-18 16:45:39 TemptorSent: apk search --provider ssh 2017-05-18 16:45:50 TemptorSent: searching by $provides is already on my todo, but maybe not for 3.7 2017-05-18 16:46:34 Does that work for both openssh and dropbear? If so, that's all we need from apk. 2017-05-18 16:47:01 The utility can manage which one is in use, but it needs to have a way of knowing what's available. 2017-05-18 16:47:02 TemptorSent: it does not work for that yet, as nobody has added that metadata... but that is basically what i plan to do. i dont see it as related to alternatives 2017-05-18 16:47:15 TemptorSent: you can already install openssh and dropbear at same time, for example 2017-05-18 16:47:41 Right, the 'alternatives' part would be selecting which of them handles incomming connections. 2017-05-18 16:47:55 no it wouldn't 2017-05-18 16:48:04 you apparently don't know what we mean by alternatives 2017-05-18 16:48:05 :D 2017-05-18 16:48:17 Okay, I guess not? 2017-05-18 16:48:30 alternatives is 2017-05-18 16:48:43 two packages provide /usr/bin/pkg-config 2017-05-18 16:48:54 we want both installed 2017-05-18 16:49:03 kaniini: what about support for installing multiple versions of same pkg simultaneously? I’m thinking about preparation to bury FHS… 2017-05-18 16:49:08 Right, that's the simple case. 2017-05-18 16:49:11 so those packages rename their /usr/bin/pkg-config to /usr/bin/pkg-config.pkg-config and /usr/bin/pkg-config.pkgconf 2017-05-18 16:49:57 kaniini: Direct replacement is easy to manage with a symlink or wrapper. 2017-05-18 16:49:58 jirutka: to add that to apk would be a ton of work 2017-05-18 16:50:09 TemptorSent: right, that is what we are talking about 2017-05-18 16:50:33 kaniini: but it’ll be definitely worth it ;) 2017-05-18 16:50:35 kaniini: Okay, that's only a portion of what I was considering. 2017-05-18 16:51:01 TemptorSent: yes i like shipping things and then incrementally improving on them instead of solving all things at once. it means we ship on time. 2017-05-18 16:51:11 kaniini: I also have support for different packages providing the same functionality even if they have different configs. 2017-05-18 16:52:11 kaniini: Agreed - although sometimes it's harder to implement a partial solution than the whole thing. 2017-05-18 16:53:03 jirutka: i have grave concerns about departing from FHS in a way that is actually usable 2017-05-18 16:53:22 kaniini: On the apk side, all that's needed is a bit of meta-data to indicate what functionality the package provides. 2017-05-18 16:53:59 kaniini: LFHS is a bloody disaster IMHO, and has been since shortly after it's inception. 2017-05-18 16:54:14 kaniini: me, skarnet and others think that it’s unavoidable and very needed, FHS is broken by design 2017-05-18 16:55:02 jirutka: okay, when you, skarnet and others come up with a proposal to do this that won't confuse the shit out of some guy downloading an alpine ISO and trying it out, we can talk ;) 2017-05-18 16:55:12 kaniini, jirutka: It's essentially impossible to correctly implement a system following FHS. 2017-05-18 16:55:34 kaniini: the idea is to install pkgs into /something/$pkgname-$pkgver and use FHS structure like /usr/bin, /usr/lib etc. just for symlinks into /something/… 2017-05-18 16:55:36 TemptorSent: when i say "departing from FHS", what i really mean is "departing from alpine's implementation of FHS" 2017-05-18 16:56:07 kaniini: *lol* Well, as long as alpine's implementation of FHS isn't the LFHS, we're good :) 2017-05-18 16:56:24 i agree with kaniini re:fhs 2017-05-18 16:56:46 Redhat bjorked LFHS badly very early on. 2017-05-18 16:56:52 a big concern about departing from our layout to a /pkg like structure is 2017-05-18 16:56:59 reasonable partition segmentation dies 2017-05-18 16:57:14 kaniini: ofc, I’m just mentioning some preconditions for apk… 2017-05-18 16:57:14 e.g. i can't segment /var to its own partition anymore 2017-05-18 16:57:35 Shiz: yes, that too 2017-05-18 16:57:47 wait, I’m definitely not saying store everything, including logs and configs of apps, into /something/$pkgname!! 2017-05-18 16:58:05 jirutka: no but if i want /usr to be separate from / 2017-05-18 16:58:07 Shiz: Not necessarily - it depends on how the packages are exposed and where their data lives. 2017-05-18 16:58:07 jirutka: same thing 2017-05-18 16:58:15 kaniini: eh, separate /usr can die 2017-05-18 16:58:16 :P 2017-05-18 16:58:21 . /etc, /var/log, /var/lib makes sense and they should stay, at least the separation, not necessary these names 2017-05-18 16:58:24 No, seperate /usr can not die! 2017-05-18 16:58:34 it can very much die 2017-05-18 16:58:53 anyway, i do not see alpine moving away from its current filesystem layout anytime soon 2017-05-18 16:58:56 yes, separate /usr has no sense 2017-05-18 16:59:12 Shiz: Yes, I've read all the BS on why /usr isnt' needed any more, but it's BS IMNSHO. 2017-05-18 16:59:16 and never had, just some ppl made up some sense that never was there 2017-05-18 16:59:33 jirutka: it had some use before initrd/initramfs existed 2017-05-18 16:59:38 but now, no 2017-05-18 16:59:42 I frequently mount /usr from a different location. 2017-05-18 16:59:57 Not to mention with differnt mount options, which is the real big issue. 2017-05-18 16:59:58 Shiz: exactly 2017-05-18 17:00:12 TemptorSent: and you’re doing it why? b/c you can? 2017-05-18 17:00:34 let's delay this discussion for later 2017-05-18 17:00:36 :p 2017-05-18 17:00:47 like, if somebody seriously tries to shove that into alpine without testing it, i will just fork the distro and go on my own way :P 2017-05-18 17:00:53 stop overcomplicating things just b/c 0.01 % of ppl do crazy things just b/c they can… 2017-05-18 17:01:12 okay, here is another reason i am against it 2017-05-18 17:01:25 i do not want to waste cpu time and inodes on storing and resolving symlinks 2017-05-18 17:01:55 then hardlink 2017-05-18 17:01:59 kaniini: That's possibly a valid concern. 2017-05-18 17:02:03 kaniini: agree, we should definitely think about it and write proposal before migrating, I’m just saying what would be needed from apk to make it really useful and these changes are not tightly coupled with particular FS hirearchy 2017-05-18 17:02:09 Shiz: Nope, hardlinks across FS don't work. 2017-05-18 17:02:51 anyway 2017-05-18 17:02:53 kaniini: symlinks are meant mainly for backward compatibility 2017-05-18 17:02:55 topic for a later time 2017-05-18 17:03:03 and that time is not now 2017-05-18 17:03:06 what is now is 3.6 releasing 2017-05-18 17:03:08 :P 2017-05-18 17:03:20 and hardlinks are really not a good idea for this, as TemptorSent noted and there are more reasons 2017-05-18 17:03:25 Agreed Shiz -- but we probably should start writing up notes. 2017-05-18 17:03:27 Shiz: yes 2017-05-18 17:04:29 jirutka: any such proposal must have a way to entirely opt out of it 2017-05-18 17:04:31 I hate to say it, but we really need to build up roadmap. 2017-05-18 17:05:01 kaniini: what do you mean? opt-out for users? 2017-05-18 17:05:07 kaniini: that would be insane 2017-05-18 17:05:32 kaniini: the goal is to decrease complexity, not to increase it! 2017-05-18 17:05:49 i am quite happy with my filesystem the way it presently is 2017-05-18 17:06:02 Not necessarily so insane - it could install either way without major changes. 2017-05-18 17:06:12 TemptorSent: definitely not 2017-05-18 17:06:21 TemptorSent: it’d be better to keep FHS than making a hybrid 2017-05-18 17:06:35 TemptorSent: that would just bring the worst from both worlds 2017-05-18 17:06:47 jirutka: I mean apk could install it either way, the FHS shouldn't matter. 2017-05-18 17:06:56 and yet the conversation continues 2017-05-18 17:07:03 TemptorSent: maybe you don’t see all consequences 2017-05-18 17:07:08 ok, stop here 2017-05-18 17:07:56 Looking at the apk-tools themselves, they should be FHS agnostic IMHO. 2017-05-18 17:08:09 TemptorSent: omg, this is not only about apk-tools 2017-05-18 17:08:14 The details should be in the packaging. 2017-05-18 17:08:55 i do not want /pkgs 2017-05-18 17:08:57 Right, I'm looking at kaniini's TODO and what is needed in APK to support a non-LFHS system. 2017-05-18 17:09:02 if i am forced to have /pkgs, i will stop using alpine 2017-05-18 17:09:08 100% 2017-05-18 17:09:13 yes, the conversation continues, because i do not want to wake up one day to have /pkgs 2017-05-18 17:09:17 TemptorSent: but yes, I’ve mentioned multiple times that allow apk to install multiple versions simultaneously is not about FHS, no-FHS or anything, it’s very valid feature agnostic towards FS scheme 2017-05-18 17:09:21 correct: it's about systemd-like tactics to force people to have things they don't want 2017-05-18 17:09:24 i do not want /pkgs 2017-05-18 17:09:43 kaniini: could you please think about it a bit more before writing such strong words? 2017-05-18 17:09:52 i have thought about it, and i do not want it 2017-05-18 17:09:53 kaniini: I hope that you can see what problems FHS creates 2017-05-18 17:10:06 i do know FHS is flawed, but it is also what my sysadmins already know 2017-05-18 17:10:08 kaniini: and how it’s conceptually wrong (one big mutable state) 2017-05-18 17:10:20 if you want this stuff, go use Nix 2017-05-18 17:10:22 kaniini: so we should suffer from it for eternity or what? 2017-05-18 17:10:22 don't fuck up alpine 2017-05-18 17:10:32 kaniini: it’s not about fucking up alpine, but fixing it… 2017-05-18 17:10:54 kaniini: I don’t want Nix OS b/c systemd 2017-05-18 17:10:55 suddenly freebsd 11 with all of it's bugs looks attractive again 2017-05-18 17:11:11 okay use GNU Guix instead 2017-05-18 17:11:19 no, I want to use Alpine 2017-05-18 17:11:34 clearly you don't, if you want to force /pkgs on everyone 2017-05-18 17:11:40 omfg 2017-05-18 17:11:59 have you considered the overhead this will have for run from ram configs? 2017-05-18 17:12:15 no 2017-05-18 17:12:15 can we stop fighting and concentrate on 3.6 instead 2017-05-18 17:12:23 jirutka: write a proposal about what you want 2017-05-18 17:12:25 then we can discuss it 2017-05-18 17:12:28 but we’ve discussed it multiple times with skarnet and others 2017-05-18 17:12:30 and then i will NAK it 2017-05-18 17:12:38 because i do not want it 2017-05-18 17:12:40 i dont care what skarnet has to say on it 2017-05-18 17:12:44 and we think that it brings much more benefits than negatives 2017-05-18 17:12:46 right now it's just flinging around with no idea of what the other side wants 2017-05-18 17:12:54 so let's not devolve to that further 2017-05-18 17:13:08 and no one is saying that we will force Alpine to it, it’s open discussion 2017-05-18 17:13:13 what i want is quite simple: things to remain the same as it is now 2017-05-18 17:13:14 you’re position is not very constructive now 2017-05-18 17:13:48 if i wind up having to fork alpine to keep my systems the way they are now, that is truly unfortunate 2017-05-18 17:13:48 jirutka, kaniini: Let's attack this in detail later, but for now, document the issues so we don't have to rehash them. 2017-05-18 17:14:01 i refuse to work on anything related to this 2017-05-18 17:14:20 kaniini: once again, can you please stop being dickhead, be more open-minded and constructive? 2017-05-18 17:14:22 i am not going to contribute my time to creating a situation i absolutely do not want 2017-05-18 17:14:36 guys, relax 2017-05-18 17:14:47 this clearly isn't the right atmosphere or time to discuss this in 2017-05-18 17:14:49 we wanted to discuss it, not fight about it 2017-05-18 17:14:53 kaniini: Do you have solutions for the problems that don't require breaking with LFHS? 2017-05-18 17:14:54 jirutka: once again, can you stop proposing such radical changes to the way the system image is stored on disk? 2017-05-18 17:15:12 TemptorSent: "problems" 2017-05-18 17:15:26 TemptorSent: seems to be working fine for the past, oh, almost 50 years now 2017-05-18 17:15:29 The inability to handle multiple versions of a package sanely. 2017-05-18 17:15:39 nope, i don't 2017-05-18 17:15:42 kaniini: you probably don’t see what extreme complexity and problems FHS brings 2017-05-18 17:15:50 jirutka: i really do see 2017-05-18 17:16:06 kaniini: as all other ppl who refuses to change anything and rather makes stupid workarounds for these problems 2017-05-18 17:16:13 jirutka: i also see having to spend lots of time retraining everyone who manages alpine systems on my network how to use /pkgs 2017-05-18 17:16:19 that’s why I don’t use Debian and craps like this 2017-05-18 17:16:22 so i am glad you have told me about this proposal 2017-05-18 17:16:32 so i can certainly halt migrating from freebsd to alpine 2017-05-18 17:16:38 omg 2017-05-18 17:16:42 And the library mismatch issues that plague some software (as in one program requires one SPECIFIC version of a lib, while another requries a different rev of the same version) 2017-05-18 17:16:52 TemptorSent: flatpak 2017-05-18 17:17:10 kaniini: flatpak is great example of HACKS (not solutions) for FHS 2017-05-18 17:17:16 and to dynamic linking 2017-05-18 17:17:20 seems to work fine 2017-05-18 17:17:32 yeah, systemd also seems to work fine 2017-05-18 17:17:33 as debian 2017-05-18 17:17:34 and others… 2017-05-18 17:17:45 kaniini: Okay, now we're getting closer, except IIRC flatpak add significan overhead, which is what we were trying to avoid.. 2017-05-18 17:17:47 i'll compile the above list into a concrete changelog for 3.6 2017-05-18 17:18:03 Thank you Shiz. 2017-05-18 17:18:05 kind of ironic that you use systemd as an example here when you intend to use systemd tactics to get /pkgs 2017-05-18 17:18:11 if you want rigid system with tons of legacy shit, then I don’t understand why you use Alpine 2017-05-18 17:18:20 we don’t use glibc! how unconventional! 2017-05-18 17:18:24 who said i want tons of legacy shit 2017-05-18 17:18:32 you’re afraid of changes 2017-05-18 17:18:47 no, i am afraid of specific changes that i see as being an extreme shitshow 2017-05-18 17:18:52 I just mention something about moving out from FHS and you’re freaking out like I’m threating you with a nuclear bomb 2017-05-18 17:19:07 and will refuse, rightly, to contribute to making an extreme shitshow 2017-05-18 17:19:28 once again, this is not constructive at all 2017-05-18 17:19:30 Well, to be honest a nuke is probably about the right scale to take out LFHS. 2017-05-18 17:19:49 argument, propose different solutions for certain problems 2017-05-18 17:20:02 trying to emulate FHS ontop of /pkgs will not work reliably 2017-05-18 17:20:20 i can think of many ways the emulated FHS tree will become inconsistent 2017-05-18 17:20:30 please just respect that i do not want this 2017-05-18 17:20:31 afk, I need to do some work and don’t want to be more upset… 2017-05-18 17:21:03 fyi, Homebrew use something like this and it works quite well… 2017-05-18 17:21:09 LOL 2017-05-18 17:21:14 no 2017-05-18 17:21:14 Does anyone else remember BEFORE LFHS? We had nice unix flavored directory structures. LFHS is what made a mess of it by assuming everything would be for the same arch/version as the host regardless of where it mounted from. 2017-05-18 17:21:15 it enables things that are impossible on FHS 2017-05-18 17:21:15 homebrew 2017-05-18 17:21:18 is a fucking disaster 2017-05-18 17:21:32 i have to constantly 2017-05-18 17:21:38 reinstall apps on homebrew 2017-05-18 17:21:41 after installing other apps 2017-05-18 17:21:43 it’s not a great inspiration, it has different purpose, but I would not mark it as disaster 2017-05-18 17:21:46 because the symlinks got messed up 2017-05-18 17:22:14 if you want djb linux go make djb linux, don't drag alpine into it 2017-05-18 17:22:19 what's this /pkgs thing, software packaged into its own subdirectories or such? 2017-05-18 17:23:07 TBB: it’s a sensible way how to install software, without messing with single big global state and solving tons of prolems with it 2017-05-18 17:23:52 it's also a great way to wind up with a broken emulated FHS 2017-05-18 17:23:59 any pointers? 2017-05-18 17:23:59 There's no reason it must be in /pkgs, /usr/pkgs would be equally valiud (or possibly moreso) 2017-05-18 17:24:28 ACTION puts in remote hands tickets to have freebsd 11 reinstalled on machines now 2017-05-18 17:24:28 TemptorSent: it doesn’t matter how it would be named and where located… 2017-05-18 17:24:52 jirutka: Exactly, nor does it need to be a single directory root. 2017-05-18 17:24:56 suddenly broken process scheduling, memory management, and a buggy security hole called libXo look very attractive 2017-05-18 17:25:11 kaniini: that’s your choice… 2017-05-18 17:25:21 stop it please 2017-05-18 17:25:36 we will sometime write some proposal that we can then discuss 2017-05-18 17:25:39 jirutka: it will be the choice of everyone else who has this scheme show up on their machine and has to spend more than 30 seconds debugging it 2017-05-18 17:25:43 this discussion is pointless now 2017-05-18 17:25:46 jirutka: my answer is no 2017-05-18 17:25:50 jirutka: regardless of any proposal 2017-05-18 17:25:58 kaniini: than you know what… 2017-05-18 17:26:03 hmm 2017-05-18 17:26:08 i've got thsi right now 2017-05-18 17:26:17 https://txt.shiz.me/ZjBhMWM3YT 2017-05-18 17:26:21 but surely there is more that can be said 2017-05-18 17:26:22 :) 2017-05-18 17:26:40 also added * The `-grsec` packages have been renamed to `-hardened` 2017-05-18 17:26:42 my initial reaction to this is, both that and the traditional way of packaging are useful. I guess the main question is just how complex will supporting both get. but I think you've gone through that up there already 2017-05-18 17:27:12 jirutka: do you have anything to add to that list? 2017-05-18 17:27:26 Version for GHC? 2017-05-18 17:27:56 TBB: yes, that’s the question we have to answer before any move… but it needs constructive discussion, to consider all positives and negatives, not what kaniini is doing right now… ಠ_ಠ 2017-05-18 17:27:57 like 2017-05-18 17:28:01 to be blunt 2017-05-18 17:28:06 i would rather have systemd 2017-05-18 17:28:07 than this 2017-05-18 17:28:40 Shiz : it should be "IBM System z" I guess 2017-05-18 17:28:49 right 2017-05-18 17:28:54 i was unsure how to name the target 2017-05-18 17:29:11 s390x = IBM System Z ? 2017-05-18 17:29:24 yeah, I was confused at first. System/390 is more like s390(31 bit), System z is zArchitecture, which is 64 bit 2017-05-18 17:29:42 31bit? o.O 2017-05-18 17:29:46 Yes, 2017-05-18 17:29:50 yes, 31 bit. 2017-05-18 17:29:59 why 31, not 32? o.O 2017-05-18 17:30:09 the highest bit is used for bank 2017-05-18 17:30:11 yeah s390 is not s390x 2017-05-18 17:30:13 i know that much 2017-05-18 17:30:15 s390x is 64-bit for one 2017-05-18 17:30:16 or something weird 2017-05-18 17:30:27 System z is it's own animal, but IIRC is based on the s390 arch. 2017-05-18 17:30:42 good call re: ghc version 2017-05-18 17:30:44 just added it 2017-05-18 17:31:24 jirutka: if we were starting from scratch with a package filesystem then i would be supportive of this 2017-05-18 17:31:40 jirutka: but i cannot support the notion of migrating everyone from FHS to a package filesystem 2017-05-18 17:31:43 jirutka : s390x = Linux on System z. System z is its own animal as TemptorSent says. 2017-05-18 17:31:48 jirutka: it is too fucking risky 2017-05-18 17:31:56 kaniini: this is an argument i can understand 2017-05-18 17:32:12 anyway 2017-05-18 17:32:14 let's see 2017-05-18 17:32:17 at first glance, it's also not -that- hard a problem to solve; since traditional package managers already, all of them pretty much, support alternative target roots, they can also already as is manage per-app package setups and deps. So basically they can be used for this already. I can see some challenges as well, but it takes some time to formulate them in words properly 2017-05-18 17:32:20 i think package-based filesystem could benefit from more experimentation, not more usage in production 2017-05-18 17:32:22 i'm sure we did more fundamental changes in 3.6, no? 2017-05-18 17:32:27 gobolinux tried, for one 2017-05-18 17:32:31 jirutka: so, NAK until the end of time, don't even bother writing a proposal if that is what it is going to be 2017-05-18 17:32:46 Shiz: I can’t remember now, I’ll look at it once again later… 2017-05-18 17:32:56 kaniini: please stop now 2017-05-18 17:33:02 the linux-grsec -> linux-hardened swap should show you how fragile this stuff can be 2017-05-18 17:33:12 why the hell would we want to do something this risky 2017-05-18 17:33:18 kaniini: ncopa asked me to be more polite, so I’m not gonna reply to you now 2017-05-18 17:33:19 i'm not going to stop until it's dead 2017-05-18 17:33:55 well, the whole world of containers is heading to that direction 2017-05-18 17:34:02 i added development-related changes 2017-05-18 17:34:08 is there anything of note there except set -e and sha512sums? 2017-05-18 17:34:24 kaniini: then you should probably leave, b/c there are more ppl who supports this idea… but no one wants to force it without careful consideration of all positives/negatives and discussion about technical solutions 2017-05-18 17:34:52 jirutka: okay i will fork alpine 2017-05-18 17:34:58 ACTION will be spending the weekend doing this 2017-05-18 17:35:01 kaniini: how can I explain you that saying “I don’t want to hear any arguments, I don’t want to think about it, just NOPE” is totally wrong?! 2017-05-18 17:35:07 kaniini: you still don’t get it 2017-05-18 17:35:10 kaniini: calm down please 2017-05-18 17:35:24 you are assuming i haven't thought about it 2017-05-18 17:35:32 kaniini: we just want to discuss it for now, nothing more… and you’re freaking out like a small baby 2017-05-18 17:35:32 no need to fork anything right now 2017-05-18 17:35:38 alpine isn't going anywhere 2017-05-18 17:35:47 maybe i thought about this some years ago and determined that there is no way to safely upgrade the system image in this manner 2017-05-18 17:35:50 Shiz: I think that covers all I'm aware of of note. 2017-05-18 17:35:57 maybe that is why we haven't done this 2017-05-18 17:36:07 Shiz : probably abuild version bump for dev 2017-05-18 17:36:27 maybe i do not want to hose every single alpine install on the planet 2017-05-18 17:36:28 i'll take a look at the abuild change log too 2017-05-18 17:36:43 https://git.alpinelinux.org/cgit/abuild/commit/abuild.in?id=5b7b1f80cbaa88849e2698d67bf2d72ac9addac4 2017-05-18 17:36:45 I think we can note this 2017-05-18 17:37:09 oh 2017-05-18 17:37:13 the check() stuff 2017-05-18 17:37:14 of course 2017-05-18 17:37:17 how could i forget 2017-05-18 17:37:19 :D 2017-05-18 17:37:59 Shiz: I’ve already mentioned check() 2017-05-18 17:38:22 Shiz: among other things before kaniini started freaking out :( 2017-05-18 17:38:34 jirutka: as i said before, if we were starting from scratch, a package fs would be great 2017-05-18 17:38:34 * A `check()` function has been added that allows packages to run test suites after `build()`, ensuring no regressions have occurred. 2017-05-18 17:38:36 This has been implemented for a number of packages, and policy onward will be to have them either be presented or explicitly opted-out of with good reasoning. 2017-05-18 17:38:41 how's this wording? 2017-05-18 17:38:57 s/presented/present/ 2017-05-18 17:38:57 presented? 2017-05-18 17:39:03 Gotcha :) 2017-05-18 17:39:21 Sounds good. 2017-05-18 17:39:38 kaniini: you've got a good point in steps going to that direction ending up in a much more complex system to maintain. but on the other hand, a couple of years ago there were no suitable tools for handling that complexity, and things have moved on since then haven't they? 2017-05-18 17:39:39 jirutka: however, to move everyone to a package fs after the point is extremely risky: what if somebody has modified their FS in some way that we do not anticipate? 2017-05-18 17:40:45 kaniini: If that's the concern, make it Alpine 4.0 and indicate that manual changes may need to be carried forward. 2017-05-18 17:40:51 jirutka: oops bob edited /usr/bin/some-shell-script, do we wipe out his changes by making it a symlink to /pkgs/some-package-1/usr/bin/some-shell-script 2017-05-18 17:41:05 TemptorSent: not acceptable 2017-05-18 17:41:10 we do not EVER break users 2017-05-18 17:41:21 i should mention this is why jirutka got pissed off at barthalion to begin with 2017-05-18 17:41:23 kaniini: oh really? come on 2017-05-18 17:41:45 *hust* cross-compiling *hust* ;) 2017-05-18 17:41:45 kaniini: are you f**king kidding me?! 2017-05-18 17:41:58 Hmm, I thought that breaking changes were reserved for major version numbers, like with just about all software these days. 2017-05-18 17:42:08 kaniini: btw, now that i catch you 2017-05-18 17:42:12 jirutka: was his packaging not breaking people's stuff? 2017-05-18 17:42:17 kaniini: what kind of argument is this?! 2017-05-18 17:42:23 opinion about option="!checkroot" that runs check() outside of fakeroot? 2017-05-18 17:42:35 Shiz: +1 2017-05-18 17:42:53 kaniini: have you switched to personal attacks now or what? 2017-05-18 17:43:01 How is fakeroot being handled anyway? Using the fakeroot script? 2017-05-18 17:43:17 personal attacks? i am just stating that you got angry at somebody else for breaking the distribution 2017-05-18 17:43:30 facts are not personal attacks 2017-05-18 17:43:34 TemptorSent: it just wraps stuff in the fakeroot binary 2017-05-18 17:43:41 i think that's from debian? 2017-05-18 17:43:54 http://fakeroot.alioth.debian.org/ 2017-05-18 17:43:56 this one 2017-05-18 17:44:15 the issue is it's too permissive (as it has to trick software into thinking it's root), but that breaks some test suites 2017-05-18 17:44:19 Shiz: Okay, I have a cleaner wrapper for fakeroot that allows you to use it directly in a script, which may be a better option long-term. 2017-05-18 17:44:23 who explicitly test for certain permission stuff 2017-05-18 17:44:57 TemptorSent: the last time we jumped major version it was because we fundamentally changed ABI. but we did not break upgrading the distribution. we made damned sure upgrading from uclibc to musl was safe in all cases. 2017-05-18 17:45:19 Fixing the fakeroot library itself will require somewhat more effort, but shouldn't be any major work if semantics need fixing. 2017-05-18 17:45:26 you can't make upgrading from FHS to pkgfs safe 2017-05-18 17:45:30 it is impossible 2017-05-18 17:45:46 you are splitting a single mutable state into multiple sub-states and it is an AI-hard problem 2017-05-18 17:46:07 kaniini: I'm not sure it's impossible, but agreed it is more difficult than a migration. 2017-05-18 17:46:42 this type of thinking is what brought us Vista 2017-05-18 17:47:03 do you guys not remember the general market reaction to Vista? hint: it was bad 2017-05-18 17:47:07 *lol* No, microsoft brought us Vista :P 2017-05-18 17:47:20 microsoft thinking they could just change the entire OS 2017-05-18 17:47:27 is what caused microsoft to bring us vista 2017-05-18 17:47:40 They didn't change much of the OS, just the gui. 2017-05-18 17:47:45 That was the problem. 2017-05-18 17:47:51 not true 2017-05-18 17:47:55 memory paging was changed 2017-05-18 17:48:02 the way windows was installed to the filesystem was changed 2017-05-18 17:48:09 some crap called ximage was introduced 2017-05-18 17:48:19 a ton of new apis were introduced, a ton of old apis were removed 2017-05-18 17:49:07 Hmm, I seem to recall much of that happened shorly before Vista, but it's been long enough that I'm not sure. 2017-05-18 17:49:36 my point is 2017-05-18 17:49:43 jumping from XP to Vista 2017-05-18 17:49:50 was completely broken for 99% of people 2017-05-18 17:50:11 switching alpine from FHS to pkgfs will have similar fallout regardless of how much mitigation is done 2017-05-18 17:50:12 building llvm right now 2017-05-18 17:50:20 XP - XPSP2 was broken as often as not as well. 2017-05-18 17:50:36 vista was a major rearchitecture of the NT base 2017-05-18 17:50:37 btw 2017-05-18 17:50:42 yes 2017-05-18 17:50:44 it was 2017-05-18 17:50:56 and FHS to pkgfs is also a major rearchitecture 2017-05-18 17:50:59 hmm 2017-05-18 17:50:59 that is my point entirely 2017-05-18 17:51:04 i wonder why we build tblgen separately in LLVM 2017-05-18 17:51:36 jirutka: so to be blunt the reason why i am hard no on this is 2017-05-18 17:51:52 jirutka: i see the result being everyone staying on the last version of alpine that did not have that indefinitely 2017-05-18 17:51:57 kaniini: Okay, so what do we do to solve the real, existent, and worsening problems? Build multiple chroots? 2017-05-18 17:52:05 jirutka: and then i see 2 years later alpine having to do a security update 2017-05-18 17:52:14 TemptorSent: GO USE NIX 2017-05-18 17:52:42 How does that solve the problem on Alpine? 2017-05-18 17:52:58 it solves your problem because now you are using a distribution where you do not have this perceived problem 2017-05-18 17:53:14 99% of alpine users are not having worsening problems from FHS, sorry they are just not 2017-05-18 17:53:38 kaniini: It's not a perceived problem, it's a real, significant, and painful problem for MANY people. 2017-05-18 17:54:08 you are wanting things that alpine simply cannot deliver. sorry about that, really. 2017-05-18 17:54:18 use something that can deliver those things. 2017-05-18 17:54:44 Package A only works with an older revision of somelib.so, Package B only works with a new revision of somelib.so, both of which unfortunately have the same major version. 2017-05-18 17:54:44 don't try to force a breaking change for 99% of users because you want multiple versions of a package installed 2017-05-18 17:54:52 THEN REBUILD PACKAGE A 2017-05-18 17:55:14 It's impossible to support the newer rev in some cases (yes, REALLY) 2017-05-18 17:55:46 then fix package A 2017-05-18 17:55:49 Trying to build GIS tools is one significant area of pain. 2017-05-18 17:56:12 Yeah, don't I wish -- deps on proprietary libs aren't so fixable. 2017-05-18 17:56:48 JP2000/ECW/MrSID being one set of cases. 2017-05-18 17:57:49 Worse is that some tiff libs must be built with explicit support for higher bit depths, which then breaks some other packages. 2017-05-18 17:58:22 The only viable solution for those is to have indepentent libs for each and make sure the right one gets linked. 2017-05-18 18:00:16 alpine does not support proprietary software, so your argument is moot 2017-05-18 18:00:20 Also, supporting glibc where-needed/as-needed is dependent on having distinct paths if we want to ever support it sanely. 2017-05-18 18:00:56 kaniini: Then you're killing the ability to use Alpine in multiple industries. 2017-05-18 18:01:19 TemptorSent: they are killing it by not providing musl versions of their libraries. 2017-05-18 18:01:43 kaniini: There are no open-source alternatives for the encoders/decoders required. 2017-05-18 18:01:53 TemptorSent: that's unfortunate 2017-05-18 18:02:01 it's still not our problem 2017-05-18 18:02:05 Look up MrSID and ECW 2017-05-18 18:02:17 why? 2017-05-18 18:02:19 it's not our problem 2017-05-18 18:03:00 If it's not our problem, then whose is it? 2017-05-18 18:03:31 if those vendors wish to support alpine, then they would provide binaries that work on alpine 2017-05-18 18:03:31 If we can't support industry standard file formats, WE have a problem. 2017-05-18 18:03:56 do we? 2017-05-18 18:04:00 no, whoever wishes to consume those file formats on alpine, has a problem 2017-05-18 18:04:05 and they can solve it by not using alpine 2017-05-18 18:04:12 incidentally docker makes that pretty easy 2017-05-18 18:04:19 Well, it's supported on other major distributions. 2017-05-18 18:04:37 Bloody hell, docker just to run gdal? That's nuts. 2017-05-18 18:04:39 no, it is supported on GNU/Linux distributions 2017-05-18 18:04:49 alpine isn't a GNU/Linux distribution, now is it? 2017-05-18 18:06:22 lizardtech offers a SDK for MrSID free of charge for multiple operating systems. 2017-05-18 18:06:55 If we ask nicely, they might be willing to support musl directly. 2017-05-18 18:07:30 couldn't a musl-based static library/binary set work on glibc as well? just not the other way around? 2017-05-18 18:07:33 Now to compress MrSID files, you need to install a SDK with a key, which has the same names IIRC. 2017-05-18 18:07:52 well, the other way around too, but that might have licensing issues 2017-05-18 18:08:19 Here's our lib conflict -- same lib, same version even, different api availability. 2017-05-18 18:08:58 asie: yes, it would 2017-05-18 18:09:50 (damn, that old c64 guy Mr SID surely doesn't like some proprietary company stealing both his nickname and the .sid file extension...) 2017-05-18 18:10:17 *lol* 2017-05-18 18:13:20 blah blah blah 2017-05-18 18:13:30 stop trying to do things with alpine it cannot do 2017-05-18 18:13:40 you are just going to be in for a world of hurt 2017-05-18 18:13:50 yes, pkgfs would be lovely to have, if we were starting from scratch 2017-05-18 18:13:55 More like stop trying to make alpine do things it couldn't do before it sounds.. 2017-05-18 18:14:13 but the idea of migrating all installs to pkgfs 2017-05-18 18:14:15 Okay, forget the pkgfs -- how do I solve my actual problems? 2017-05-18 18:14:20 use docker 2017-05-18 18:14:42 Docker is not a solution -- I still need something running UNDER it, right? 2017-05-18 18:14:51 if you need glibc and libc6-compat is not enough 2017-05-18 18:14:52 use docker 2017-05-18 18:14:56 with like debian 2017-05-18 18:14:58 or something 2017-05-18 18:15:48 hmm 2017-05-18 18:16:05 any way to get the current kernel flavor through apk? 2017-05-18 18:16:50 Shiz: Rather than using uname -r? 2017-05-18 18:17:19 yes 2017-05-18 18:18:20 Shiz: I don't know of any apk magick per-se. 2017-05-18 18:19:22 There are files installed in /usr/share/kernel/*/kernel.release where * is the flavor... 2017-05-18 18:19:23 i wish there was an easy way to install a package matching your installed kernel flavor(s) 2017-05-18 18:20:00 Yeah, I have that handled in my kerneltool -- it automagically determines the flavor and installes the flavored package if found, otherwise tries unflavored. 2017-05-18 18:20:12 question: I am booting a ppc64le ISO (built it using ./mkimage.sh) and in the login console I tried "root" user but I got an error message "Login incorrect". Is the default user really "root" or maybe I am missing something? 2017-05-18 18:20:56 i think this is something that should be handled in the apkbuilds somehow 2017-05-18 18:21:15 yes, it is really root 2017-05-18 18:21:25 e.g. 2017-05-18 18:21:30 if i do 2017-05-18 18:21:32 # apk add wireguard 2017-05-18 18:21:43 i ideally want it to install wireguard-hardened as it infers from me having linux-hardened installed 2017-05-18 18:22:01 Shiz: that is what i intend to fix when i fix all kernel-related APKBUILDs 2017-05-18 18:22:10 :) 2017-05-18 18:22:13 Shiz: Yeah, one problem with that is you have both kernel modules and userspace with the same name (zfs-hardened and zfs) 2017-05-18 18:22:20 TemptorSent: sure 2017-05-18 18:22:22 maybe it can be the first feature for my new alpine fork 2017-05-18 18:22:23 you can call it zfs-modules 2017-05-18 18:22:25 doesn't really matter 2017-05-18 18:22:28 Exactly. 2017-05-18 18:22:52 (which trust me, if i have to deal with pkgfs migration i am forking) 2017-05-18 18:22:55 And it should install the modules for ALL kernels using that. 2017-05-18 18:23:13 i want that to be very well understood, especially by jirutka 2017-05-18 18:24:07 it's the migration i have a problem with, not with having a distribution that has that design 2017-05-18 18:24:25 and i would even be alright with having code in apk-tools to support that type of distribution 2017-05-18 18:24:37 but i cannot support fundamentally changing alpine in that way because the risks are way too high 2017-05-18 18:24:52 i think that is fine 2017-05-18 18:25:04 it may be worth investigating an alternative version of alpine where this happens 2017-05-18 18:25:09 if we break a ton of installs then everything we have done so far is for nothing because the momentum we have is lost 2017-05-18 18:25:11 doesn't have to be The Distribution Called Alpine 2017-05-18 18:25:15 kaniini: Okay, how about we look at this the other way - fork a variant that supports pkgfs and allow migration for those who want it. 2017-05-18 18:25:17 anyway 2017-05-18 18:25:27 TemptorSent: yes, that is fine. i am fine with that 2017-05-18 18:26:09 :) 2017-05-18 18:26:10 kaniini: Okay, cool :) 2017-05-18 18:27:53 TemptorSent: what i am not fine with is somebody going "apk upgrade --update --available" and then winding up with pkgfs and their entire setup completely broken 2017-05-18 18:28:22 i will never be fine with that, regardless of how safe it is claimed to be 2017-05-18 18:29:08 and the second that becomes a likely scenario is the second i fork alpine for the good of alpine 2017-05-18 18:30:17 kaniini how about allowing something like 'apk migrate' to a new install? 2017-05-18 18:31:30 No automatic upgrade would change any structure, and existing packages could be installed in the new install, along with configs. 2017-05-18 18:34:04 what part of "AI hard problem" did you not get 2017-05-18 18:34:04 Anyway, it's a solvable problem so long as we don't try to automatically upgrade unconditionally, and supporting both installation types from a common set of packages shouldn't be terribly difficult. 2017-05-18 18:34:49 apk-tools can be adapted to easily handle either scenario 2017-05-18 18:34:49 How is installing the same set of packages and copying their config files AI-hard? 2017-05-18 18:35:05 TemptorSent: people go in and modify the files that are installed 2017-05-18 18:35:10 TemptorSent: we want to kepe those modifications in tact 2017-05-18 18:36:11 so here's what i propose 2017-05-18 18:36:12 Right, and we can keep them (as long as we have checksums?), but if they run a migration, we warn them that manual changes may need attention. 2017-05-18 18:36:26 if you install alpine and you configure apk-tools 2017-05-18 18:36:34 to use a pkgfs layout 2017-05-18 18:36:35 Nothing breaking happens automatically, and nothing changes in the existing install. 2017-05-18 18:36:41 then it will give you that layout 2017-05-18 18:36:42 otherwise 2017-05-18 18:36:45 it will continue as it is now 2017-05-18 18:36:59 That would be just fine with me. 2017-05-18 18:37:02 and then if they change the layout to be pkgfs in the future 2017-05-18 18:37:06 they can do this apk migrate thing 2017-05-18 18:37:09 to get pkgfs 2017-05-18 18:37:14 jirutka: is this fine with you? ^^^^^^ 2017-05-18 18:38:02 i will work on the layout aspect for 3.7 2017-05-18 18:38:05 if this is fine 2017-05-18 18:38:32 my thing is really simple 2017-05-18 18:38:37 people who have pre-existing installs 2017-05-18 18:38:39 are not going to be happy 2017-05-18 18:38:42 I like the concept of apk being able to handle arbitrary layouts using the same core. 2017-05-18 18:38:45 if they are migrated to pkgfs 2017-05-18 18:39:06 Agreed - unexpected breakage is to be avoided. 2017-05-18 18:39:18 and i do not think the gain is worth pissing off every alpine user ever 2017-05-18 18:39:29 because they swallowed an upgrade they couldn't handle 2017-05-18 18:39:35 consider unattended upgrades too 2017-05-18 18:39:47 say you have a cron which apk upgrades the box nightly 2017-05-18 18:39:51 (you can install a package which does this) 2017-05-18 18:40:03 and then the next day 2017-05-18 18:40:05 your system is hosed 2017-05-18 18:40:06 Right, that's actually my biggest concern personally -- I have machines that I have no physical access to that auto-update. 2017-05-18 18:40:10 by your apk upgrade cron 2017-05-18 18:40:24 but yet i haven't thought this through 2017-05-18 18:40:26 :D 2017-05-18 18:40:56 That's why I was hit so hard by the apk bug -- I suddenly started having unusable machines. 2017-05-18 18:41:06 then why on earth 2017-05-18 18:41:07 would you advocate for pkgfs? 2017-05-18 18:41:08 :D 2017-05-18 18:41:50 So given that it would only be used for new installations or explicit migrations, pkgfs is sane IMHO. Expecting automatic upgrade to it, not so much. 2017-05-18 18:42:51 yes, but that was what was originally proposed 2017-05-18 18:42:53 and that is my problem 2017-05-18 18:43:13 there are pros and cons to both 2017-05-18 18:43:17 we should support both 2017-05-18 18:43:22 I don't recall having an automatic upgrade path being part of the proposal TBH 2017-05-18 18:43:50 Agreed - supporting both is preferable, even supporting mixed usage may be desirable in certain cases. 2017-05-18 18:43:53 TemptorSent: that is the only way we could do it and have it be default 2017-05-18 18:44:33 TemptorSent: jirutka used explicit language such as "supporting FHS is painful" etc 2017-05-18 18:44:43 kaniini: Once stabilized, it could be the default for all NEW installs if it proves to work properly. 2017-05-18 18:44:51 sure, that is fine 2017-05-18 18:44:56 as long as you can choose FHS 2017-05-18 18:45:25 And he's right, it IS painful to support LFHS, especially in cases that have dep hell. 2017-05-18 18:46:10 So if we at least have a solution that allows for non LFHS usage, even if it requires manual migration, it can solve those problems where they exist. 2017-05-18 18:46:22 sure but for typical deployments you just made the deployment a lot more complex 2017-05-18 18:46:43 i dont think it is wise to throw out something that people know just because it isn't optimal for some edge cases 2017-05-18 18:47:25 It's not just edge cases unfortunately, it's just about any case where multiple versions must be supported. 2017-05-18 18:47:52 Many packages essentially handle it themselves (postgresql for instance uses a self-contained directory structure) 2017-05-18 18:47:55 99% of the time this is not a thing. citation: nobody asks about it on #alpine-linux or mailing lists. 2017-05-18 18:48:31 Multiple GCC versions are similar. 2017-05-18 18:49:19 jirutka: ???????????? 2017-05-18 18:49:58 Right now, those are kluged and fragile constructs which break if you look at them sideways. 2017-05-18 18:50:55 i'm just trying to figure out if this apk layout proposal of mine will solve jirutka's concerns 2017-05-18 18:51:10 so that we can avoid having to destroy alpine over it 2017-05-18 18:51:15 At the very least, we need to find a sane way of specifying lib paths per lib/binary for the loader to fix the actual problem. 2017-05-18 18:51:50 most likely, 2017-05-18 18:52:00 what we would do is have custom ELF interpreter 2017-05-18 18:52:07 for the stubs 2017-05-18 18:52:11 instead of hardlinks 2017-05-18 18:52:22 which would provide that type of functionality 2017-05-18 18:52:24 Thats exactly what I'm thinking. 2017-05-18 18:52:42 which you need anyway to do pkgfs properly 2017-05-18 18:52:46 sorry but DJB gets it wrong sometimes 2017-05-18 18:53:08 i don't want to read any of djb's C code 2017-05-18 18:53:11 but hey i haven't thought about this at all 2017-05-18 18:53:12 or use execline for that matter 2017-05-18 18:53:12 Or modifying the linker logic to check an xattr perhaps. 2017-05-18 18:53:14 :P 2017-05-18 18:53:50 TemptorSent: yes, that is possibly interesting 2017-05-18 18:54:00 an ld_library_path xattr 2017-05-18 18:54:25 It would be both sane, and a good use of xattrs. 2017-05-18 18:54:55 Eliminating the problem of keeping the stub and binary paths synced. 2017-05-18 18:55:27 yes, that would work nicely. 2017-05-18 18:55:58 downside: alternatives support would have to live in apk 2017-05-18 18:56:26 Not necessarily - there's not reason a general tool couldn't handle that. 2017-05-18 18:56:32 because then you're reconfiguring the emulated FHS 2017-05-18 18:56:44 if i want 2017-05-18 18:56:56 foobar-1.0 to be the selected package in the emulated FHS 2017-05-18 18:57:02 then it needs to change the symlinks 2017-05-18 18:57:17 so it is faster to just have it in apk 2017-05-18 18:58:01 Hmm, possibly - if it fits well in apk, I suppose that's fine too. 2017-05-18 18:58:07 @kaniini │ an ld_library_path xattr 2017-05-18 18:58:11 doesn't -rpath exist for this purpose 2017-05-18 18:58:36 rpath is compile time IIRC, possibly changed using elftools? 2017-05-18 18:58:37 Shiz: yes, but we do not want to edit the binaries being installed 2017-05-18 18:58:52 you can use patchelf 2017-05-18 18:58:54 okay 2017-05-18 18:58:59 Shiz: yes, but we do not want to edit the binaries being installed 2017-05-18 18:59:25 if you checksum a binary, it should match what is in apk 2017-05-18 18:59:56 Also, the xattr approach would allow us more flexability than -rpath, including pinning a specific version of a lib by checksum if we wanted to. 2017-05-18 19:00:06 by using xattrs, we can attach additional rpaths without editing the binary 2017-05-18 19:00:22 and the change to musl would be very minor 2017-05-18 19:01:19 This would also probably allow proper glibc foreign support if we do it right. 2017-05-18 19:01:32 no, it would not 2017-05-18 19:01:43 glibc is a different animal entirely 2017-05-18 19:01:45 Why not? 2017-05-18 19:02:00 any binaries that need glibc also need to be built against glibc-linked libraries 2017-05-18 19:02:03 We'd have to make a modified ld.so, but thats about it. 2017-05-18 19:02:07 pkgfs will not help you there 2017-05-18 19:02:49 Just toss glibc-related packages in their own directory and load the appropriate lib using the xattr. 2017-05-18 19:03:11 fwiw, i actually have pretty strong opinions re FHS, but now is totally wrong time to discuss it 2017-05-18 19:03:36 ncopa: i do not like FHS either 2017-05-18 19:03:44 ncopa: i just do not like breaking everyone's stuff 2017-05-18 19:03:44 i still think we can flesh this out later 2017-05-18 19:03:47 and focus on 3.6 now :) 2017-05-18 19:03:51 ncopa: Yeah, we're getting ahead of ourselves here, but at least I think we're finding some solutions. 2017-05-18 19:04:23 i rather find solutions now than have somebody else find solutions i find undesirable later and wind up having to fork alpine to dodge them 2017-05-18 19:04:44 i agree with Shiz 2017-05-18 19:04:55 drop everything else 2017-05-18 19:05:16 especially fighting :x 2017-05-18 19:05:20 this FHS idscussion is not productive 2017-05-18 19:05:25 fighting is not productive 2017-05-18 19:06:00 breaking peoples systems is not productive either 2017-05-18 19:06:09 I think we can summerize with this: Don't automatically break peoples shit :) 2017-05-18 19:06:12 yes, but we are not anywhere close to start making a decision on the FHS stuff 2017-05-18 19:06:21 so nothing's going to happen either way until after 3.6 2017-05-18 19:06:24 so let's finish 3.6 first 2017-05-18 19:06:26 :) 2017-05-18 19:06:37 kaniini: exactly. lets make sure we dont break things for the 3.6 release 2017-05-18 19:07:03 just keep a box called "ideas which sound neat but will break people's shit" 2017-05-18 19:07:08 and keep it around for i don't know alpine 4.0 or something 2017-05-18 19:07:16 +9000 2017-05-18 19:07:26 once you start breaking people's shit, break it once, break it a lot, but break it well. 2017-05-18 19:07:28 i pulled an all-nighter to ensure linux-hardened change did not break people 2017-05-18 19:07:31 so you don't have to break again 2017-05-18 19:07:33 asie: +1 2017-05-18 19:07:44 asie: +1 2017-05-18 19:07:46 i like the apk layout idea 2017-05-18 19:07:48 but assuming alpine will never break anyone's system ever after an upgrade is misguided 2017-05-18 19:07:57 eventually something will happen that will unavoidably break things anyway 2017-05-18 19:08:01 asie: it is policy 2017-05-18 19:08:07 yes, but unexpected things may happen 2017-05-18 19:08:25 asie: In that case, it shouldn't happen AUTOMATICALLY, it should require user-intervention to initiate a breaking change. 2017-05-18 19:08:27 sure, but that is different than "lol we should just change everything yolo" 2017-05-18 19:08:34 that is correct 2017-05-18 19:08:52 we will not change everything 2017-05-18 19:08:55 TemptorSent: yes, it should require user intervention, ideally with an explanation of what exactly is being broken and, even more ideally, how to fix it 2017-05-18 19:08:58 well 2017-05-18 19:09:00 https://a.doko.moe/woefho.jpg 2017-05-18 19:09:09 exactly asie. 2017-05-18 19:09:23 ncopa: moving from FHS is basically changing everything. i like apk layout idea because it allows supporting either configuration. 2017-05-18 19:09:29 Which implies a major version number change by standard semantics. 2017-05-18 19:09:55 kaniini: i know, but now is not the time to talk about it 2017-05-18 19:10:07 kaniini: flexible apk-tools is a win. 2017-05-18 19:10:09 21:07 < asie> once you start breaking people's shit, break it once, break it a lot, but break it well. 2017-05-18 19:10:19 #whatdoespoetteringsaid 2017-05-18 19:10:25 lol 2017-05-18 19:10:34 well, we are not going everywhere atm, so I don't know why some shit exploded here few minutes ago. it's quite sad that we lack of human resources, but something is still burning 2017-05-18 19:10:36 because why not 2017-05-18 19:11:00 scadu: because alpine-devel is a diverse place where 140 people have 140 visions of how a linux distro should work 2017-05-18 19:11:03 and the 141st is a bot 2017-05-18 19:11:14 *LOL* 2017-05-18 19:11:19 actually, that's incorrect 2017-05-18 19:11:20 asie: where you see 140 active people? 2017-05-18 19:11:27 Better check the bot's opinion too :) 2017-05-18 19:11:29 scadu: being inactive doesn't mean they don't have a vision of how a linux distro should work 2017-05-18 19:11:33 ACTION mutters and prepares a fork anyway 2017-05-18 19:11:35 in addition, even if there's people in here without a vision 2017-05-18 19:11:39 i bet many of us have multiple 2017-05-18 19:11:45 so it adds up in the end 2017-05-18 19:11:51 asie: yep, but you don't have to shit each other 2017-05-18 19:12:08 scadu: that is correct, but people can get really defensive about potential threats... and "breaking user installations" is a potential threat 2017-05-18 19:12:23 i do agree that half of this conversation was unnecessary flinging 2017-05-18 19:12:29 these Krtcek memes are actually accurate 2017-05-18 19:12:31 https://a.doko.moe/eypsds.jpg 2017-05-18 19:12:37 half of the conversation was jirutka calling me a dickhead 2017-05-18 19:12:40 to be honest 2017-05-18 19:13:20 i can confirm that my bot has strong opinions on linux distros 2017-05-18 19:13:22 anyway 2017-05-18 19:13:24 3.6 2017-05-18 19:13:27 ncopa: did you see my notes? 2017-05-18 19:13:35 nope 2017-05-18 19:13:40 they drowned in the daily drama 2017-05-18 19:13:42 much surprise 2017-05-18 19:13:51 Shiz : mind update again with some discussed changes ? 2017-05-18 19:14:05 yes i'll upload a new version 2017-05-18 19:14:06 What tmh1999 said :) 2017-05-18 19:14:10 old one : https://txt.shiz.me/ZjBhMWM3YT.txt 2017-05-18 19:14:19 https://txt.shiz.me/Y2RhOTA1Mm 2017-05-18 19:14:22 improved one 2017-05-18 19:16:15 re -grsec -> -hardened -- you might mention 'kernel related packages' rather than 'packages' 2017-05-18 19:16:44 https://a.doko.moe/zdtemr.jpg 2017-05-18 19:16:53 i think I'm not gonna stop :D 2017-05-18 19:17:18 i think you eventually are, coinciding with the moment you step on someone's nerves 2017-05-18 19:17:30 lol 2017-05-18 19:17:31 can we get #alpine-drama? 2017-05-18 19:17:49 asie: that's not serious business 2017-05-18 19:17:51 Also, was that SHA1 -> SHA512 propigated to the .apk format? 2017-05-18 19:17:52 asie: erm, this is not -drama? wrong channel then 2017-05-18 19:17:57 people will still drama, docker will be docker 2017-05-18 19:18:11 coconut will be coconut 2017-05-18 19:18:13 okay, but can we really focus on 3.6 here now? and development? memes can go elsewhere 2017-05-18 19:18:14 TemptorSent: nyet 2017-05-18 19:18:28 can we get 3.6 out the door 2017-05-18 19:18:37 well i wrote relnotes above 2017-05-18 19:18:40 feel free to comment on them 2017-05-18 19:18:40 Shiz: Okay - that's the big open issue I guess. 2017-05-18 19:18:47 Shiz: they look fine to me 2017-05-18 19:18:53 Shiz: is the zfs support finished yet? xD 2017-05-18 19:19:05 I'm not sure what the status on zfs stuff it 2017-05-18 19:19:06 I mean, relnotes are sometimes too enthusiarstic 2017-05-18 19:19:07 maybe TemptorSent does 2017-05-18 19:19:21 kaniini: What is needed to update the .apk checksums to use sha512? 2017-05-18 19:19:22 there was a "zfs support on roofs" about 6 months ago in relnotes 2017-05-18 19:19:30 and no one actually tested that 2017-05-18 19:19:33 TemptorSent: abuild 2017-05-18 19:19:37 TemptorSent: i will do it in 3.7 2017-05-18 19:19:42 I came up with some bug reports, no one bothered 2017-05-18 19:19:57 afaik it has been possible for the rootfs but not the bootfs 2017-05-18 19:19:58 kaniini: Oh, that's held for 3.7 -- gotcha. 2017-05-18 19:19:59 or something like that 2017-05-18 19:20:04 but i don't know the status of zfs 2017-05-18 19:20:23 ZFS works fine, but the installer tools don't so much. 2017-05-18 19:20:40 ZFS is terrifying to me 2017-05-18 19:20:41 The problem is that ZFS handles mounts differently than standard mount 2017-05-18 19:20:51 on freebsd and linux i have had major corruption issues with L2ARC 2017-05-18 19:21:10 so i gave up on trying to use ZFS on root with alpine :P 2017-05-18 19:21:14 With ZFS, createing a new dataset creates the directory, rather than mounting to an existing mount point. 2017-05-18 19:21:44 So proper installer support will require a bit of work to abstract the directory creation. 2017-05-18 19:22:09 That said, it works fine if you manually setup the directory structure. 2017-05-18 19:22:42 do we have any 'breaking' changes other than the grsec -> hardened rename? 2017-05-18 19:23:26 Hmm, possibly GCC revision as a breaking change. 2017-05-18 19:24:18 Also php7 is a breaking change for some I believe. 2017-05-18 19:24:53 php5 finally got the axe, right? 2017-05-18 19:26:01 You could also note the fix for apk re: warnings ->stderr 2017-05-18 19:27:04 did we end up removing php5 entirely? 2017-05-18 19:27:31 I'm not sure -- there was talk of it at one point.. 2017-05-18 19:28:05 But it's not the default any longer IIRC, which may break things. 2017-05-18 19:29:04 okay, it looks like php5 is now packaged as such, with both php5 and php7 in community 2017-05-18 19:29:27 So a note that those requiring php5 need to install php5 packages should do it. 2017-05-18 19:29:43 But that's just going by apk policy 2017-05-18 19:31:36 I'm not sure if php5 is intended to remain supported long term or if it's going to the deprecation pile. 2017-05-18 19:33:01 php5 is supported for now, deprecated in 3.8 2017-05-18 19:33:05 most likely 2017-05-18 19:33:56 Hmm, I need to update my aports repo, but I'm seeing problems with php7 -- it's in both testing and community. 2017-05-18 19:34:08 Shiz: dowe need mention apk there? it sounds like the apk fix is a breaking change 2017-05-18 19:34:21 that is already mentioned, no? 2017-05-18 19:34:27 Noteworthy fixes and breaking changes 2017-05-18 19:34:29 ------------------------------------- 2017-05-18 19:34:31 * Bugs in apk(8) dependency handling during upgrades have been fixed; 2017-05-18 19:34:33 or did you mean something else? 2017-05-18 19:34:37 that one 2017-05-18 19:34:46 it sounds like its a braking change 2017-05-18 19:34:55 that's why it's under the breaking changes heading 2017-05-18 19:34:58 :P 2017-05-18 19:35:26 but it is not a breaking change? 2017-05-18 19:35:29 it's not a breaking change though 2017-05-18 19:35:33 right 2017-05-18 19:35:36 it was broken before, then we fixed it 2017-05-18 19:35:39 Okay, looks like the php7 was culled from testing. 2017-05-18 19:35:43 it's the opposite of a breaking change :P 2017-05-18 19:35:45 yeah i think i listed it there because of 'noteworthy fix' 2017-05-18 19:35:50 but i can separate that out 2017-05-18 19:35:57 do we need to mention it? 2017-05-18 19:36:01 Yes - noteworthy fix. 2017-05-18 19:36:06 how many was affected by it? 2017-05-18 19:36:12 at least kaniini and TemptorSent 2017-05-18 19:36:14 :P 2017-05-18 19:36:16 how many was aware that it was a problem? 2017-05-18 19:36:30 Well, considering it keeps us from destroying just about every alpine box on upgrade, I think it's important :) 2017-05-18 19:36:56 i don't think it is really notable 2017-05-18 19:38:08 Preventing massive unexpected breakage is notable IMHO. 2017-05-18 19:38:44 not really -- it's what we should be doing every day as a distribution 2017-05-18 19:39:24 i agree with kaniini 2017-05-18 19:39:26 The fact that only a few of us were noticing it biting us in other strange ways doesn't reduce the importance of mitigating the future disaster. 2017-05-18 19:39:32 https://media.makeameme.org/created/well-congrats-you.jpg 2017-05-18 19:39:37 all i have to say about that being notable 2017-05-18 19:39:51 i doubt many people noticed it was a problem 2017-05-18 19:39:54 But it's relnotes, so whatever works. 2017-05-18 19:40:28 I'll omit it then 2017-05-18 19:40:35 If I was a user who had been experiencing strange behavior, a note that it was fixed would be nice. 2017-05-18 19:40:42 the shorter we can make it the better 2017-05-18 19:40:59 But it's not a breaking change, it's a bugfix. 2017-05-18 19:41:05 it is technically interesting, but to an end user it is going to come off more like "holy shit the package manager was broken, maybe canonical is right and i shouldn't use alpine" 2017-05-18 19:41:41 do we really want to give canonical more FUD? 2017-05-18 19:42:03 Word it 'Improved apk resolver to better handle corner cases during upgrade." 2017-05-18 19:42:11 shit has gotten real with them, they are super salty over what alpine has done to ubuntu server 2017-05-18 19:42:26 they literally blog about how shit alpine is 2017-05-18 19:42:36 do we have anything to add re:noteworthy /new/ packageS? 2017-05-18 19:42:38 I have rust and ghc listed 2017-05-18 19:42:41 such as here: https://insights.ubuntu.com/2016/02/10/docker-alpine-ubuntu-and-you/ 2017-05-18 19:42:41 any other big ones? 2017-05-18 19:42:50 over a year ago 2017-05-18 19:42:51 :p 2017-05-18 19:43:28 Weren't there some X updates recently as well? 2017-05-18 19:43:31 yes, they have been salty for quite a while shiz 2017-05-18 19:43:32 :) 2017-05-18 19:44:20 if you actually follow this stuff you'll observe canonical people spend non-trivial amounts of time spreading FUD about alpine, and recently docker as well (likely to punish them for their decision) 2017-05-18 19:44:28 on things like hacker news, etc 2017-05-18 19:44:45 whenever anything gets posted about alpine or docker, they show up 2017-05-18 19:44:51 every time 2017-05-18 19:44:59 so i think our release notes should be careful not to give them ammo 2017-05-18 19:45:09 when in reality the bugfix is not notable anyway 2017-05-18 19:46:39 i guarantee you, putting that in the release notes will result in them jumping on it and being like "haha apk hosed people's systems" 2017-05-18 19:47:21 (i know we deleted it from the release note, i am just saying that from a PR perspective we need to be careful about mentioning explicit bugfixes as line items) 2017-05-18 19:47:49 kaniini: you don't know if someone from canonical isn't watching -devel :p 2017-05-18 19:47:58 they probably are 2017-05-18 19:48:19 ACTION runs $ git diff --name-only --diff-filter=A origin/3.5-stable | grep APKBUILD | grep -v 'testing\|unmaintained' to find new interesting builds 2017-05-18 19:48:25 but at least then it comes off as kooky conspiracy theory rambling instead of "look at this thing in their release notes! teehee!" 2017-05-18 19:48:36 you know what i mean? 2017-05-18 19:48:43 kaniini: yep 2017-05-18 19:48:47 hmm 2017-05-18 19:48:49 emscripten maybe? 2017-05-18 19:48:51 kaniini: everything's on plate :p 2017-05-18 19:49:05 kaniini i think we are all done with it 2017-05-18 19:49:29 Shiz: i think emscripten is worth adding 2017-05-18 19:49:39 Shiz: can you pastebin the latest? 2017-05-18 19:49:44 yes 2017-05-18 19:49:49 something about the llvm was bugging me 2017-05-18 19:49:58 https://txt.shiz.me/NDdhMTlhY2 2017-05-18 19:50:23 * The `llvm` package is now provided by the versioned `llvm` package that is selected as default LLVM; 2017-05-18 19:50:35 yeah it's not terrifically worded 2017-05-18 19:50:36 i'm not sure about the wording here 2017-05-18 19:51:19 * The `llvm` package is now provided by a versioned `llvm` package; 2017-05-18 19:51:21 maybe just this? 2017-05-18 19:51:38 - the LLVM package has been provided by a versioned `llvm` package, which is presently `llvm4` 2017-05-18 19:52:26 how's this: * The `llvm` package has been changed to be provided by a versioned `llvm` package, which is presently `llvm4`; 2017-05-18 19:52:36 i want to make clear that it's about the literal package called `llvm` 2017-05-18 19:52:37 :p 2017-05-18 19:54:01 sure 2017-05-18 19:54:16 works for me 2017-05-18 19:54:20 reading the CoCk thread on the ML... 2017-05-18 19:54:36 the what? 2017-05-18 19:54:40 >and disparaging remarks of any kind, 2017-05-18 19:54:56 stuff like this is what makes CoCks suck so much 2017-05-18 19:55:09 sometimes people use bad language in a heated argument 2017-05-18 19:55:13 I'd simplify that slightly, to: The 'llvm' package is now provided by... 2017-05-18 19:55:59 this might have a chilling effect on people in such arguments 2017-05-18 19:56:29 ^7heo: 2017-05-18 19:56:56 Tsutsukakushi: thank you for your input, but we are trying to get 3.6 out the door. can you reply to the ML thread instead? 2017-05-18 19:57:25 my mail setup is kind of fucked currently... 2017-05-18 19:57:36 that is unfortunate 2017-05-18 19:57:39 it is 2017-05-18 19:57:42 and really annoying too 2017-05-18 19:57:55 https://txt.shiz.me/OGQxYWVlYm 2017-05-18 19:58:04 btw, commit stats 2017-05-18 19:58:05 tho it has made me use gmane quite a bit 2017-05-18 19:58:08 so that's quite nice 2017-05-18 19:58:50 <^7heo> Tsutsukakushi: yes. But at the same time, the goal of the CoC is to avoid people coming over and insulting others. 2017-05-18 19:59:03 ^7heo: he's just biased. plenty of good CoCs, plenty of bad CoCs. 2017-05-18 19:59:05 <^7heo> Tsutsukakushi: so... it's kinda difficult to make a one-size fits all without being explicit about everything. 2017-05-18 19:59:17 the very part where he says "CoCk" shows that he is unlikely to be reasoned with in this regard 2017-05-18 19:59:18 insulting others during a heated debate is not done out of malice 2017-05-18 19:59:18 <^7heo> asie: CoCs are mostly thrusting everywhere 2017-05-18 19:59:25 ML, please 2017-05-18 19:59:29 or at least, not here right now 2017-05-18 19:59:30 ^ 2017-05-18 19:59:35 <^7heo> right, offtopic, people. 2017-05-18 19:59:41 but because you are frustrated when you think people don't understand what you are saying 2017-05-18 19:59:55 nope, -offtopic it is 2017-05-18 20:00:03 Tsutsukakushi: please drop it 2017-05-18 20:00:34 ima take a look at b.a.o 2017-05-18 20:00:40 to see what needs to be done still 2017-05-18 20:00:43 kaniini: i had written that message when you said anything 2017-05-18 20:00:47 before* 2017-05-18 20:02:19 Shiz: xenqemu ifuncs regression, i already have a fix for it 2017-05-18 20:02:44 i wish i could filter for !resolved 2017-05-18 20:02:46 :| 2017-05-18 20:04:19 Shiz: Add filter > Status > is not: resolved 2017-05-18 20:04:20 guess i found something that owrked 2017-05-18 20:04:26 xentec: yeah but that also catches closed 2017-05-18 20:04:33 yep 2017-05-18 20:04:35 so bleh 2017-05-18 20:04:44 nightmared: #7285 - Once solution would be to simply provide the zfs modules in the initramfs using an appended cpio 2017-05-18 20:04:55 nightmared: #7285 - Once solution would be to simply provide the zfs modules in the initramfs using an appended cpio 2017-05-18 20:04:59 WTF?!?! 2017-05-18 20:05:07 That's RE: not nightmared 2017-05-18 20:07:03 That should avoid the legal issue, while still allowing zfs to be used from the initramfs environment 2017-05-18 20:08:19 3.7 2017-05-18 20:08:40 Why? It doesn't require anything other than adding a file to the image. 2017-05-18 20:09:32 A single cpio.gz with the contents of /lib/modules from the zfs-hardened package 2017-05-18 20:14:32 because we are already in feature freeze 2017-05-18 20:15:21 kaniini: Right, and? No new feature here, just packaging. 2017-05-18 20:15:55 kaniini: No other files need to be changed at all, just one added to the boot dir. 2017-05-18 20:16:40 kaniini: The user can add the additional append themselves during boot. 2017-05-18 20:32:39 clandmeter: ping 2017-05-18 20:32:51 pong 2017-05-18 20:32:54 clandmeter: can you give Shiz write access to the bug tracker so he can close bugs 2017-05-18 20:33:06 Shiz: can you tell clandmeter what your login is so he can do that 2017-05-18 20:33:11 it's shiz 2017-05-18 20:33:15 or hi@shiz.me 2017-05-18 20:33:17 sweeeeeeet 2017-05-18 20:33:18 forgot if email was used 2017-05-18 20:38:21 Shiz, restart your computer and try 2017-05-18 20:38:40 i'll just update systemd that's the same right 2017-05-18 20:38:53 yes, just kill pid 1 2017-05-18 20:39:58 thanks, works :) 2017-05-18 20:45:25 kaniini: Shiz: is there any link/documentation that describes the steps that run after "setup-alpine" or explaining the entire install process? I found https://wiki.alpinelinux.org/wiki/Installation but did not find this information 2017-05-18 20:45:38 btw. I am booting alpine ppc64le and using qemu 2017-05-18 20:46:01 that recent commit about console=hvc0 doesnt seem right to me 2017-05-18 20:46:06 I don't believe it's documented as such rdutra. 2017-05-18 20:46:07 what if we want boot alpine on bare metal 2017-05-18 20:46:40 rdutra: What are you running into? 2017-05-18 20:47:37 kaniini: should we disable GRKERNSEC_SYSFS_RESTRICT before branching 3.6? 2017-05-18 20:47:42 there seem to be MESA issues with it 2017-05-18 20:47:59 Shiz: i'm okay with it. send me an mbox and i will push it 2017-05-18 20:48:06 gotcha 2017-05-18 20:48:21 post-3.6 we might look into modifying it to be a sysctl 2017-05-18 20:48:22 Can it be enabled through sysfs after the fact? 2017-05-18 20:48:25 no 2017-05-18 20:48:29 it has no sysctl :( 2017-05-18 20:48:36 Drat. 2017-05-18 20:48:55 Kernel command line option? 2017-05-18 20:49:14 I haven't looked at that specific chunk yet. 2017-05-18 20:50:05 If not, we probably need to change that or it's going to be worthless. 2017-05-18 20:50:45 TemptorSent: It stops at: https://hastebin.com/raw/uniwoxalov 2017-05-18 20:51:34 TemptorSent: I am not sure if it is correct, as I do not know the steps it run 2017-05-18 20:52:15 rdutra: Hmm, that's an odd place to stop. 2017-05-18 20:53:19 TemptorSent: the setup-alpine script is part of aports repo? 2017-05-18 20:53:20 hmm 2017-05-18 20:53:42 Um, not sure right off... 2017-05-18 20:53:45 one sec. 2017-05-18 20:54:26 it's part of alpine-conf 2017-05-18 20:54:36 https://github.com/alpinelinux/alpine-conf/blob/master/setup-alpine.in 2017-05-18 20:54:49 Thanks Shiz 2017-05-18 20:55:23 thanks 2017-05-18 20:56:05 TemptorSent: not sure if in x86_64 the setup-alpine is working fine and actually is the first time I run this command 2017-05-18 20:56:53 rdutra: You might try running the individual setup commmands manually 2017-05-18 20:57:31 rdutra: Try setup-sshd 2017-05-18 20:58:36 TemptorSent: yeah, I will see in which part of the script the run stopped 2017-05-18 20:59:03 gotta go now, thanks! 2017-05-18 20:59:42 rdutra: I'm going to take a SWAG on setup-disk 2017-05-18 21:40:57 Is there any chance we could add an all-archs key to the master alpine keychain an sign the keys package with that, eliminating a very irritating cross-platform target-root chicken and egg problem? 2017-05-18 21:41:48 Theoretically, multiple key signatures should be supportable, but I don't know how apk handles trust chains. 2017-05-18 23:22:50 ncopa & clandmeter: I'm getting "HTTP/1.1 503 Backend is unhealthy" when trying to pull the APKINDEX from the CDN. I was told I should let you 2 know. 2017-05-18 23:23:13 temp fix is changing mirrors to nl.alpinelinux.org 2017-05-18 23:23:54 dl-cdn is really dying the last days, huh 2017-05-18 23:24:55 Alright looks like I'll be /etc/host-ing that 2017-05-18 23:25:16 you can just edit it in /etc/apk/repositories 2017-05-18 23:26:57 Normally I would do something like that, but I'm working on automation and temporary edits like this are somewhat anathema 2017-05-18 23:27:34 right 2017-05-18 23:27:49 Looks like the URIs are different between nl and dl-cdn :o 2017-05-18 23:28:06 should be /alpine for both 2017-05-18 23:28:28 `WARNING: Ignoring http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86_64/APKINDEX.tar.gz: No such file or directory` 2017-05-18 23:28:35 errr 2017-05-18 23:29:04 likely nl.alpinelinux.org doesn't like it if you give it ah ttp request with Host: dl-cdn.alpinelinux.org 2017-05-18 23:29:07 `HTTP/1.1 404 Not Found` for the same URI with nl.alpinelinux.org 2017-05-18 23:29:40 http://nl.alpinelinux.org/alpine/v3.5/main/x86_64/ 2017-05-18 23:29:45 works here... 2017-05-18 23:30:04 Ah I think you're right: vhosts issue. 2017-05-18 23:30:19 hiya, alpine team! looks like it may have been reported already, but http://dl-cdn.alpinelinux.org/ appears to be down. should I use nl. instead? 2017-05-18 23:30:35 yep, it is 2017-05-18 23:30:38 use nl. for now, yeah 2017-05-18 23:30:40 or cz. 2017-05-18 23:30:47 very good, thanks 🤘 2017-05-18 23:31:24 sorry bout the issues, dl-cdn has been having some real issues lately :/ 2017-05-18 23:31:37 I'll just throw a `sed -i s/dl-cdn/nl/g /etc/apk/repositories` in my local version of the Dockerfile I guess 2017-05-18 23:31:46 Thanks for the info Shiz 2017-05-18 23:35:43 just glad they’re getting worked out :D 2017-05-19 03:21:21 kaniini: Is there anything currently in the apk database structure that can not be represented properly as a DAG (optionally with codepedencies) 2017-05-19 03:23:26 i.e. valid circular deps at the same level of requirement, etc. 2017-05-19 03:24:49 install-dep, runtime-dep, feature-dep, doc-dep, etc. 2017-05-19 07:27:13 hi 2017-05-19 07:27:22 whats up with dl-cdn? 2017-05-19 07:45:47 seems very unstable lately 2017-05-19 08:10:57 yes 2017-05-19 08:11:13 last week it was dl-4 who broke 2017-05-19 08:11:21 now its fastly 2017-05-19 09:01:27 Shiz, how did the release notes go? 2017-05-19 09:01:45 nobody seemed to have any more comments since the last revision 2017-05-19 09:02:38 <^7heo> where are the release notes? 2017-05-19 09:08:29 https://txt.shiz.me/MGY0YTIxYz 2017-05-19 09:09:01 <^7heo> thanks Shiz ! 2017-05-19 09:09:25 julia is to be added to this once i fix the package 2017-05-19 09:09:45 https://wiki.alpinelinux.org/wiki/How_to_make_a_custom_ISO_image_with_mkimage 2017-05-19 09:09:51 first draft created.. 2017-05-19 09:10:04 clandmeter, ncopa ^ 2017-05-19 09:10:06 <^7heo> I guess the new mkinitfs will make it in 3.6.1 then 2017-05-19 09:10:16 <^7heo> I didn't yet find the time to test it =/ 2017-05-19 09:10:36 fcolista \o/ 2017-05-19 09:11:02 fcolista nice! thanks! 2017-05-19 09:12:00 some points a missing, like the kernel_flavors or the imports of other profiles 2017-05-19 09:12:23 *are 2017-05-19 09:12:34 But at least it's a stard 2017-05-19 09:12:35 *start 2017-05-19 09:12:55 fcolista, unionfs != overlayfs 2017-05-19 09:14:34 kernel_cmdline="unionfs_size=512M console=tty0 console=ttyS0,115200" 2017-05-19 09:14:41 is that part wrong clandmeter? ^ 2017-05-19 09:14:51 no its not 2017-05-19 09:14:53 ah 2017-05-19 09:14:54 sorry 2017-05-19 09:14:55 This is an example used to have ZFS module, overlayfs (which allows to have /lib/modules in 2017-05-19 09:14:56 this part 2017-05-19 09:15:01 right 2017-05-19 09:15:05 yes I wrote unionfs 2017-05-19 09:15:13 <^7heo> Shiz: from the packages I could check, I don't think anything's missing there. 2017-05-19 09:15:14 its not your faulth, its a bit confusing 2017-05-19 09:15:29 morning! 2017-05-19 09:15:31 initframfs had unionfs support before 2017-05-19 09:15:35 <^7heo> moin leo-unglaub 2017-05-19 09:16:01 but somebody modificed the code to use overlayfs instead (which was upstreamed) 2017-05-19 09:17:45 umh that was done for ISO creation iirc 2017-05-19 09:17:55 they kept unionfs_size for backwards compatibility i presume. 2017-05-19 09:18:37 I've a vague remember that overlayfs was introduced in order to get an iso >> dd to usb an make it work 2017-05-19 09:18:42 or something like that 2017-05-19 09:19:29 anyway would be cool having a webif in our website that allows to create a custom iso 2017-05-19 09:19:39 :D 2017-05-19 09:20:26 ACTION has always bad ideas :P 2017-05-19 09:20:39 <^7heo> but sometimes they turn out to be quite successful 2017-05-19 09:20:59 hi leo-unglaub how are you doin 2017-05-19 09:21:09 i dont think overlayfs has anything to do with hybrid iso's 2017-05-19 09:21:37 ncopa: i am doing great. having a lot of fun with people infected with wannacry coming to me complaining *g* 2017-05-19 09:21:52 Shiz i didnt merge your kbd work, did i? 2017-05-19 09:22:11 leo-unglaub ha :) 2017-05-19 09:22:15 fcolista, you are free to design such iso generation web application :) 2017-05-19 09:22:27 but i think there are currently bigger fish to catch :) 2017-05-19 09:22:28 i also did a lot of work / testing with alpine linux in the new openbsd virtual machine implementation 2017-05-19 09:22:40 alpine linux is currently the only linux working in there 2017-05-19 09:22:44 oh cool, i read about it 2017-05-19 09:22:52 leo-unglaub, cool 2017-05-19 09:22:53 but never actually tried it 2017-05-19 09:23:29 im actually pretty excited about that openbsd+alpine thing 2017-05-19 09:23:36 ncopa: don't think you did 2017-05-19 09:23:38 yeah, me to! 2017-05-19 09:24:05 i heard alpine is the only supported linux distro for obsd virt 2017-05-19 09:24:07 ;) 2017-05-19 09:24:14 alpine is handled by openbsd developers as the only usable linux distribution *g* 2017-05-19 09:24:19 when i started with alpine, i had this goal, that if openbsd ppl would use linux they should use alpine :) 2017-05-19 09:24:26 <^7heo> leo-unglaub: which it is. 2017-05-19 09:24:45 <^7heo> ncopa: that's why you have all of us around now 2017-05-19 09:24:47 well, alpine and some parts of void linux yes 2017-05-19 09:24:50 <^7heo> ncopa: for the better of the worse. 2017-05-19 09:25:59 :) 2017-05-19 09:26:35 ok, re upcoiming release 2017-05-19 09:26:52 i have a few things i think needs to be done 2017-05-19 09:27:02 - merge shiz's kbd work 2017-05-19 09:27:41 @ncopa │ when i started with alpine, i had this goal, that if openbsd ppl would use linux they should use alpine :) 2017-05-19 09:27:45 I talked to peter hessler at FOSDEM 2017-05-19 09:27:50 he named alpine as the 'least bad linux distro' 2017-05-19 09:27:52 :p 2017-05-19 09:28:12 <^7heo> that's also the 'least bad linux distro' IMHO 2017-05-19 09:28:34 - tag and update alpine-conf, abuild? mkinitfs, anything else? 2017-05-19 09:29:04 <^7heo> ncopa: mkinitfs should be tested 2017-05-19 09:29:05 i have a pending commit to setup-xorg-base 2017-05-19 09:29:17 <^7heo> I have something started to do this 2017-05-19 09:29:21 <^7heo> but I didn't finish 2017-05-19 09:29:30 ^7heo thats why i want tag a mkinitfs-rc1 something 2017-05-19 09:29:36 oh, lddtree too probably 2017-05-19 09:29:48 then 2017-05-19 09:29:56 <^7heo> ncopa: you mean, you want mkinitfs-rc1 in the release? 2017-05-19 09:30:10 a prerelease of new mkinitfs yes 2017-05-19 09:30:18 <^7heo> in the release? 2017-05-19 09:30:30 or at least see at which state mkinitfs git master is 2017-05-19 09:30:36 for alpine 3.6.0_rc1 2017-05-19 09:30:44 which mush go out today 2017-05-19 09:30:47 then 2017-05-19 09:31:07 for scripts/mkimg.*.sh 2017-05-19 09:31:10 the profiles 2017-05-19 09:31:36 ncopa: i'm going to try to get libc++ stuff done then today 2017-05-19 09:31:38 we should include the longer description for each profile there 2017-05-19 09:31:43 i would like it to be in community considering all full tests pass :) 2017-05-19 09:31:45 or most 2017-05-19 09:32:10 as long as it does not stall the arm builder right beore i tag... 2017-05-19 09:32:20 tests have laready been disabled on armhf 2017-05-19 09:32:25 (as have they for llvm, it turns out) 2017-05-19 09:32:34 for the same reason 2017-05-19 09:33:18 then we need make the alpine-mksite script use the long description from scripts/mkimg.*.sh instead of embedding those in the lua scripts 2017-05-19 09:35:28 we should also refactor the way the downloads page is generated 2017-05-19 09:35:49 :q 2017-05-19 09:36:19 ENOTVIM 2017-05-19 09:36:31 someone want to help me look at the bugs.alpinelinux.org, filter on "Resolved" 2017-05-19 09:36:45 and close everything that can be closed 2017-05-19 09:37:30 <^7heo> do you people here know coccinelle? 2017-05-19 09:37:48 that is verify the issue is resolved. that nobody claims its still an issue 2017-05-19 09:37:49 <^7heo> ( http://coccinelle.lip6.fr/ ) 2017-05-19 09:38:07 for example: https://bugs.alpinelinux.org/issues/5241 2017-05-19 09:38:28 there is a commit fixing the issue, and nobody has claimed it is still aproblem. it can be closed 2017-05-19 09:38:50 also sec issues with [3.0] or [3.1] marked as resolved can be closed 2017-05-19 09:39:16 since 3.0 and 3.1 is no longer supported 2017-05-19 09:39:30 keep [3.2] and newer open 2017-05-19 09:40:28 anybody can help with that? 2017-05-19 09:53:33 sorry, not me today 2017-05-19 11:03:29 Hello ,I want to push my work on pypy, where can I create a PR? On github or on you repo ? 2017-05-19 11:08:33 PRs to the the aports repo on github are accepted, yes 2017-05-19 11:14:53 ^7heo: Have you used it ? 2017-05-19 11:19:20 <^7heo> AlexIncogito: nope, just read the description. 2017-05-19 11:19:31 <^7heo> AlexIncogito: but I'm interested in any testimony about it ;) 2017-05-19 11:26:22 How does most people setup their Alpine server ? Permanent install on HDD or new deployment upon each restart ? 2017-05-19 11:27:55 I can see a great benefit to the later solution, to mitigate eventual attackers from putting a permanent foothold on the machine: that is, have a new deployment install from a read-only config loaded at boot time, and another mounted disk for datas 2017-05-19 11:34:59 ncopa : I am looking at b.a.o. I will collect a list of those as you mentioned. 2017-05-19 11:35:16 tmh1999_ thank you 2017-05-19 11:57:18 ashb: thanks! managed to create a PR in https://github.com/alpinelinux/aports/pull/1540 2017-05-19 12:19:59 i am slightly annoyed of udhcpc 2017-05-19 12:20:14 it prints out info on the ip address it got on stderr 2017-05-19 12:20:34 which means we cannot redirect the noise without losing potensial error messages 2017-05-19 12:58:14 <_ikke_> habitat test suite takes ages (even just the unit tests) 2017-05-19 13:07:16 sounds fun :) 2017-05-19 13:08:44 <_ikke_> right 2017-05-19 13:08:59 <_ikke_> wonder whether we want to enable that for each package build 2017-05-19 13:13:32 If you're still fixing things, there is one bug that prevents cross-compilation of gcc and I have a patch for it https://gist.github.com/xentec/81856fc05d32bbaa8f8c7df9d3a0c672 2017-05-19 13:26:36 ncopa : so far http://ix.io/ufG 2017-05-19 13:26:47 looks like you also did close some 2017-05-19 13:27:55 xentec: bugs.alpinelinux.org if you are afraid that we will forget 2017-05-19 13:39:47 ncopa: I may be able to squeeze some time in the late evening (or night) today or tomorrow, not sur, so I think I could help you a bit with some issues (unless you'll manage to go through them before, of course) 2017-05-19 13:42:28 but I'm afraid I may do some irrelevant stuff along the way, like (re)categorizing and renaming, because I always prefer to have clear view (as clear as possible w/o unbearable effort that is) before I start doing main thing 2017-05-19 13:45:33 wow, there are almost 1000 open issues 2017-05-19 14:09:15 php has some really weird errors sometimes 2017-05-19 14:09:18 https://bugs.alpinelinux.org/issues/7159 2017-05-19 14:14:45 this is somewhat important: https://bugs.alpinelinux.org/issues/6705 2017-05-19 14:15:07 if there are no dhcp server, then will you never get login prompt 2017-05-19 14:15:17 im open to suggestions how to fix it 2017-05-19 14:15:30 do we patch busybox to add -b option? 2017-05-19 14:17:07 from that patch it doesnt seem like it needs a patch? 2017-05-19 14:17:10 just -b set by default 2017-05-19 14:17:20 where do we set it? 2017-05-19 14:17:28 in /etc/network/interfacs? 2017-05-19 14:17:32 in the setup script? 2017-05-19 14:18:02 i also wonder what to do with the redirection 2017-05-19 14:18:23 in the initramfs and the /etc/network/interfaes setup-networking creates 2017-05-19 14:18:24 so udhcp does not print ip addr info when prompting for root password 2017-05-19 14:18:47 thats an option yes 2017-05-19 14:19:02 im not sure i like it 2017-05-19 14:19:24 well it blocks boot otherwise, which is somewhat of a problem 2017-05-19 14:19:26 :P 2017-05-19 14:19:38 yes that problem needs to be solved 2017-05-19 14:19:48 but im not sure i like add option in interfaces 2017-05-19 14:19:56 because you can apk add dhcpcd 2017-05-19 14:20:01 and busybox will pick it up 2017-05-19 14:20:05 eg replace udhcpcd 2017-05-19 14:20:17 yeah but then it'll just ignore udhcpc_opts anyway right 2017-05-19 14:20:21 then you end up with irelevant option in your interfaces 2017-05-19 14:20:25 yes 2017-05-19 14:20:31 it will probably ignore it 2017-05-19 14:20:48 if we are ok with that, then i'll fix it that way 2017-05-19 14:20:55 ncopa: (gcc issue) I'd rather create a PR: https://github.com/alpinelinux/aports/pull/1544 2017-05-19 14:21:03 waiting for travis now 2017-05-19 14:21:07 xentec: thanks! 2017-05-19 14:21:59 i dont think its a problem but i welcome other opinions :p 2017-05-19 14:22:00 ok travis failed, because gcc-gnat is not installed... 2017-05-19 14:22:28 gonna test local then 2017-05-19 14:23:43 Hi,I have recently managed to create a PR in https://github.com/alpinelinux/aports/pull/1540 . The build time of my package exceeds 2 hours on a standard computer and the Travis test fails because it runs for less time than my build time.Is my PR going to be ignored because of that? 2017-05-19 14:25:10 no, it just means that's someone is going to have to test it manually 2017-05-19 14:25:17 may lead to delays 2017-05-19 14:25:34 more importantly, we're in the middle of releasing 3.6 so we kind of *are* ignoring new package aports right now :P 2017-05-19 14:25:38 passing travis or not 2017-05-19 14:25:44 unless they're really important 2017-05-19 14:26:14 It is a build for PyPy 2017-05-19 14:26:46 I think is quite important 2017-05-19 14:27:29 I'll at least review it for you 2017-05-19 14:29:13 That would be nice, thank you! 2017-05-19 14:35:10 done, at least as best as I could without having direct access to build logs 2017-05-19 14:39:28 let me know if anything needs clarification or if you disagree :p 2017-05-19 14:45:07 i tagged 3.6.0_rc1 2017-05-19 14:46:26 woo 2017-05-19 14:46:47 waiting for the ML post ;) 2017-05-19 14:47:06 \o/ 2017-05-19 14:50:44 and new /topic :D 2017-05-19 14:54:24 gcc finally compiled: no errors. could someone pull https://github.com/alpinelinux/aports/pull/1544 ? 2017-05-19 15:04:25 \o/ 2017-05-19 15:16:38 rnalrd: what was the reason for moving multipath-tools to community? 2017-05-19 15:16:45 xen image needs it 2017-05-19 15:17:02 and everything in releases needs to be in main 2017-05-19 15:17:18 so i wonder if we exclude multipath-tools from xen image or if we move it back to main 2017-05-19 15:19:33 ok its time for way to late lunch 2017-05-19 15:19:47 better eat before i get grumpy 2017-05-19 15:20:00 <^7heo> we should all have tshirts with that. 2017-05-19 17:06:47 ncopa: rc1 feedback re:udchpc_opts: 2017-05-19 17:06:50 ed │ it's suddenly very aggressive in getting a link on eth0 2017-05-19 17:06:51 ed │ stuck during booting trying to get a dhcp lease 2017-05-19 17:06:53 i think it's a good idea to enable 2017-05-19 17:06:59 -b 2017-05-19 23:12:47 https://github.com/alpinelinux/aports/pull/1548 2017-05-19 23:12:53 why do we have dpkg in main, lol 2017-05-19 23:16:11 jirutka: ping 2017-05-19 23:16:16 pong 2017-05-19 23:16:24 i upgraded julia :) 2017-05-19 23:16:35 WAT?! why it is in main? 2017-05-19 23:16:49 imo it’s legacy from times when community didn’t exist 2017-05-19 23:16:53 julia is on the latest version and built against llvm 3.9 now 2017-05-19 23:16:54 imo should be moved to community 2017-05-19 23:16:56 in my local tree 2017-05-19 23:16:58 oh great! 2017-05-19 23:16:58 and it works 2017-05-19 23:17:01 you rocks! 2017-05-19 23:17:05 :p 2017-05-19 23:17:11 i'll push a pr in a bit 2017-05-19 23:17:17 imo we can move it to community then if it works 2017-05-19 23:17:23 but ncopa already tagged rc1, not sure if he will allow to move it to community 2017-05-19 23:17:27 right 2017-05-19 23:17:28 we must ask 2017-05-19 23:17:36 hence 'imo' :P 2017-05-20 03:55:14 well 2017-05-20 03:55:16 it comes down to 2017-05-20 03:55:25 how confident are you in it 2017-05-20 03:55:33 (julia) 2017-05-20 09:29:57 <^7heo> moin 2017-05-20 09:34:36 I think it's time for me to say goodnight actually :) 2017-05-20 09:47:48 <^7heo> o/ 2017-05-20 09:47:51 <^7heo> Sleep tight man. 2017-05-20 09:48:14 Thanks - eyes are getting bleary, time to call it. 2017-05-20 09:48:51 <^7heo> You should be sleeping BEFORE that happens ;) 2017-05-20 09:49:38 Yeah, yeah - I know. I actually had gone to bed at 11:30, but woke up an hr or two later. 2017-05-20 09:51:39 Then got sidetracked reading. 2017-05-20 09:51:53 I'm out :) 2017-05-20 09:54:28 <^7heo> o/ 2017-05-20 14:22:28 Hi 2017-05-20 14:22:54 I am in the good place for discussing about pacakge creation ? 2017-05-20 14:24:05 ask away 2017-05-20 14:25:26 I've done a apkgbuild, but the documentation in the lib is doxygen 2017-05-20 14:26:10 But if i include $pkgname-doc, it's fail to build doc 2017-05-20 14:26:36 what does it say? 2017-05-20 14:26:41 and is doxygen in your makedepends? 2017-05-20 14:27:02 Have i to create a doc function and copy the doc in $pkgname-doc ? 2017-05-20 14:27:46 https://pastebin.com/KRxK0DAe 2017-05-20 14:28:00 And yes for the doxygen packages 2017-05-20 14:28:32 It seems no docs are generated 2017-05-20 14:30:21 I have the same log when add a doc function 2017-05-20 14:30:42 i see doxygen output 2017-05-20 14:30:51 but i have the same log 2017-05-20 14:31:22 do did i need to copy the output to pkg/$pkgname-doc ? 2017-05-20 14:32:49 sybix: what files does the doxygen generate here? 2017-05-20 14:33:01 html files 2017-05-20 14:34:09 abuild expect a specific format ? 2017-05-20 14:35:53 and where does it install them? how pkg/ looks like after package function is ran? 2017-05-20 14:36:34 There is 2 folder, pkgname and pkgname-doc 2017-05-20 14:36:56 doxygen build the doc in a html directory in the sources 2017-05-20 14:37:14 tree pkg/$pkgname/ 2017-05-20 14:38:04 sybix: the default doc implementation only copies certan types of files, it's possible that the html docs generated by doxygen are not picked up by it 2017-05-20 14:38:14 in which case you have to write your own doc() split function that copies them over to "$subpkgdir" 2017-05-20 14:38:24 but yeah, do what jirutka said 2017-05-20 14:38:26 :P 2017-05-20 14:39:25 https://pastebin.com/nDQGKsJn 2017-05-20 14:39:30 Shiz: not entirely true… I’d like to guide him how to resolve this issue, not just say answer 2017-05-20 14:39:53 yep. no docs are generated by the build process 2017-05-20 14:40:24 yes, seems like no docs are actually generated 2017-05-20 14:40:29 sybix: well, I don’t see any .html files here, so default -doc split function cannot move them 2017-05-20 14:40:34 nop 2017-05-20 14:40:47 but when i put a doc() function i see de doxygen output 2017-05-20 14:40:52 maybe therés a separate make rule to install docs 2017-05-20 14:40:57 check if that is the case 2017-05-20 14:41:07 It's with doxygen 2017-05-20 14:41:13 that's generating them 2017-05-20 14:41:17 installing them may be something else 2017-05-20 14:41:24 it seems that this is the output of `tree pkg/$pkgname/` - shouldn't it be `tree pkg/$pkgname-doc/` instead? 2017-05-20 14:41:25 sybix: if it just generates them, but not install them into target location, then you must copy them manually inside package() to correct location (/usr/share/doc/$pkgname/) 2017-05-20 14:41:32 lxGzx53qO34r: no, since that doesn't exist 2017-05-20 14:41:48 So i need to copy them in pkgname-doc ? 2017-05-20 14:42:04 btw html is ok for documentation format ? 2017-05-20 14:42:16 sybix: no, jsut copy them to $pkgdest in package() function, abuild will automatically move them to -doc subpkg 2017-05-20 14:43:03 yeah there is no use overriding doc() here since that's not where the issue is-- the issue is it not installing the docs 2017-05-20 14:43:15 sybix: it depends… I consider them useless and really doubt that anyone use them instead of just finding them online, but someone other ppl wants them 2017-05-20 14:43:25 but before manually moving docs, I'd suggest checking if there's a makefile rule that does install the docs separately 2017-05-20 14:43:35 ^ +1 2017-05-20 14:43:37 Without overriding the doc function, i don't see doxygen output 2017-05-20 14:43:51 that’s nonsense 2017-05-20 14:44:09 sybix: what exactly do you do in your overriden doc function 2017-05-20 14:44:11 then 2017-05-20 14:44:12 default_doc does not generate anything, just moves files 2017-05-20 14:44:17 jirutka: calm down ;P 2017-05-20 14:44:24 Shiz: I am calm ;) 2017-05-20 14:45:03 sybix: ah, pardon, I misunderstood you… well, if you define your own doc() and run doxygen here, then no wonder that you suddenly see doxygen output ;) 2017-05-20 14:45:41 sybix: could we see your APKBUILD? 2017-05-20 14:45:49 with the overridden docs function 2017-05-20 14:45:51 I have a hunch... 2017-05-20 14:45:51 Shiz, cd "$builddir" doxygen 2017-05-20 14:46:02 okay, so 2017-05-20 14:46:22 from what it seems like the build process is not generating docs, but the solution is not to that in the doc split function 2017-05-20 14:46:32 split functions only move installed files to subpackages after the build process 2017-05-20 14:46:33 jirutka, But without, i don't see doxygenoutput 2017-05-20 14:46:34 that's their intention 2017-05-20 14:46:41 so, my suggestion would be: 2017-05-20 14:46:46 drop the overridden doc() function 2017-05-20 14:46:51 add any instructions to generate docs to build() 2017-05-20 14:46:59 (maybe there's a # make docs you can run?) 2017-05-20 14:50:48 Shiz, I don't think so, i check 2017-05-20 14:51:00 The readme say doxygen for doc 2017-05-20 14:51:48 it seems like the docs aren't really part of the build process then 2017-05-20 14:52:48 Yept, maybe juste ignoring the doc is a solution 2017-05-20 14:53:00 I'd suggest running doxygen in build() and overriding doc() to move them "$subpkgdir"/usr/share/doc/$pkgname if you want to include docs 2017-05-20 14:53:09 but if it's simple html docs that are also viewable online, imo it's not necessary 2017-05-20 14:53:14 but that is a case of opinion 2017-05-20 14:53:41 Shiz: it’s generally better to move them in package() function, not in custom doc() 2017-05-20 14:54:10 i guess the default doc also does postprocessing yes 2017-05-20 14:54:14 in that case, in package() 2017-05-20 14:55:35 The -doc is not specialy for me, and is also viewable online 2017-05-20 14:56:00 sybix: then you can just omit it 2017-05-20 14:56:13 yeah sounds fine to omit 2017-05-20 14:56:26 jirutka: btw, almost all tests on julia pass :) 2017-05-20 14:56:35 sybix: -doc is mainly used for man pages or textual files, html pages are usually not very useful here 2017-05-20 14:56:42 sybix: which tests fail? 2017-05-20 14:56:49 K' then no doc so 2017-05-20 14:56:52 i think you meant to highlight me there 2017-05-20 14:56:58 eh, yes 2017-05-20 14:56:59 the libdl test fails 2017-05-20 14:57:03 because of some odd TLS error 2017-05-20 14:57:21 i was also wondering if we should split the julia package up 2017-05-20 14:57:24 it seems a bit big... 2017-05-20 14:58:25 Shiz: libdl, isn’t it something for dynamic linking? I remember that I needed to rewrite one script for loading dnymaic libs 2017-05-20 14:58:32 yes 2017-05-20 14:58:37 not the same issue 2017-05-20 14:58:47 it seems to be something lowlevel 2017-05-20 14:59:20 but all the other tests pass, modulo one broken test and fakeroot nonsense 2017-05-20 14:59:22 :D 2017-05-20 15:00:20 Shiz: I spent 2 days on upgrading GitLab, 95 % of this time b/c of **** and *** **** *** Google and their *** **** gems 2017-05-20 15:00:31 Shiz: and I’m not done yet, still finding more and more stupid breakages 2017-05-20 15:00:40 this is why i just use gitea 2017-05-20 15:00:41 ;) 2017-05-20 15:01:18 users would kill me for replacing GitLab with gitea… 2017-05-20 15:02:21 and the most problem now is Google crap, so switching to something written entirely on Google craps is really not a solution ;) 2017-05-20 15:02:39 something something false equivalence 2017-05-20 15:02:54 well, i'm not the one bashing my head against upgrading my git hosting service so :p 2017-05-20 15:03:09 … 2017-05-20 15:03:30 I’m not bashing my head b/c of upgrading GitLab, but b/c of dealing with Google craps 2017-05-20 15:03:41 uhuh 2017-05-20 15:03:48 which GL unfortunately started using :( 2017-05-20 15:04:17 you say tomato, i say to-mah-to 2017-05-20 15:04:52 anyway :p 2017-05-20 15:05:01 i'm going to write up that checkroot option patch today 2017-05-20 15:05:05 and then the grsec kernel config that breaks mesa 2017-05-20 15:10:45 The final app i'm making apkbuild (profanity) have a serepate repos for python plugin, i guess i need to do a separate package for the plugin 2017-05-20 15:17:46 oh, I used to use profanity. pretty cool client ;3 2017-05-20 15:18:17 Yept, but it is'nt package for alpine 2017-05-20 15:18:22 I remember when someone reported memory leaks and maintainer found another ten and fixed all of them :P 2017-05-20 15:18:29 memory leak* 2017-05-20 15:49:40 https://bugs.alpinelinux.org/issues/7295 lolwut, why I've been assigned to this XD 2017-05-20 15:55:19 sybix: yes, i'd package it separately 2017-05-20 15:55:36 apparently anta found it needed to assign you 2017-05-20 15:55:38 :p 2017-05-20 15:56:01 ;3 2017-05-20 15:56:10 redmine 4 life 2017-05-20 15:57:01 Shiz: hope (s)he's not one of clients I take care of XD 2017-05-20 15:57:48 Shiz, There is more question now :) 2017-05-20 15:58:32 How i decide wich flag i enable ? 2017-05-20 15:58:48 Because, with the flag, come the dependancy 2017-05-20 15:59:28 But security migh by impacted, here this is with otr & gpg option 2017-05-20 16:00:51 And a other one, is this ok if i use the usr share profanity folder for plugins 2017-05-20 16:01:31 what does the package use by default? 2017-05-20 16:02:03 It does with with -dev the configure found 2017-05-20 16:02:13 what compile options to use is kind of subjective: I personally err on the side of smaller dependencies, but I do include often-used features 2017-05-20 16:02:24 I mean what directory for plugins does it use by default? 2017-05-20 16:03:00 duno for the plugin. I have clone the repos in my home 2017-05-20 16:03:29 but it store themes in this directory (witch are optional) 2017-05-20 16:03:42 plugin are in a separate git repo now 2017-05-20 16:04:58 For the options, it depends on the usage. If you use it on a desktop, i assume you'll be hapy with the "desktop" flag 2017-05-20 16:05:15 but it come with a lot of deps 2017-05-20 16:05:35 maybe i should do a -gtk package 2017-05-20 16:06:17 like pinentry 2017-05-20 16:09:28 looks like it's not the same way, wireshark make 2 binary 2017-05-20 16:10:12 and pientry too 2017-05-20 16:35:43 jirutka: i'm building idris via the change you made yet for https://github.com/alpinelinux/aports/pull/684 but it looks fine, good work and changes, will be a while until i can validate armhf but since its merged its not a huge deal 2017-05-20 16:36:00 question on testing/cabal, that should get put into community as well as ghc without cabal is... not that useful 2017-05-20 16:39:49 kaniini jirutka: https://github.com/alpinelinux/abuild/pull/19 2017-05-20 16:45:11 also i have ghc 8.2 rc2 building and passing its test suite, so should be ready for ghc when 8.2 gets its final release 2017-05-20 16:50:46 cabal seems good to move to community yes, if it works 2017-05-20 16:51:27 if it didn't idris wouldn't have built :) 2017-05-20 16:51:28 mitchty: https://github.com/alpinelinux/aports/blob/HEAD/testing/cabal/APKBUILD#L13 2017-05-20 16:51:32 is this still relevant? 2017-05-20 16:52:13 probably not, i was assuming we'd setup apk like arch aur 2017-05-20 16:52:33 the way it works now is fine though, just a bit of a pain when updates happen 2017-05-20 16:52:56 but thats just when new ghc versions come out so its not a huge problem 2017-05-20 16:52:56 like arch aur? 2017-05-20 16:53:07 like their pkgbuild files 2017-05-20 16:53:21 i was originally going to try porting their tool to take stuff from cabal->apkbuild files 2017-05-20 16:53:49 i got down that path a bit but after talking with jirutka and how he wanted to do rust decided not to go that way 2017-05-20 16:54:49 it basically amounted to not having to rebuild all the dependencies in cabal 2017-05-20 16:55:06 so https://github.com/alpinelinux/aports/blob/HEAD/testing/cabal/APKBUILD#L22-59 2017-05-20 16:55:13 ah 2017-05-20 16:55:31 https://github.com/alpinelinux/aports/blob/HEAD/testing/cabal/APKBUILD#L22-L59 rather 2017-05-20 16:55:38 always forget the syntax for that 2017-05-20 16:57:57 as an example 2017-05-20 16:57:58 https://www.archlinux.org/packages/community/i686/cabal-install/ 2017-05-20 16:58:36 what arch has is they basically take cabal the library (cabal is technically cabal-install the tool, its a library and command line tool) and tries to map that out to pkgbuild files 2017-05-20 16:58:37 i don't really disagree with how arch is doing it 2017-05-20 16:58:43 tbh 2017-05-20 16:58:51 there are issues however 2017-05-20 16:59:07 haskell libraries can have a diamond pattern 2017-05-20 16:59:21 aka you can have multiple versions of the same library that can be used 2017-05-20 16:59:53 which means either every haskell thing has to build with the same versions, or you defer to cabal to sort out the issues 2017-05-20 17:00:38 and it'll only get more fun in 8.2+ with this http://blog.ezyang.com/2016/10/try-backpack-ghc-backpack/ 2017-05-20 17:00:53 which brings ML style interfaces in play 2017-05-20 17:01:30 aka you could have multiple backend libraries handling a interface type 2017-05-20 17:01:39 :< 2017-05-20 17:02:09 GRR! Yeah, not having the vfat module for my existing kernel after upgrading to a new one is NOT making me happy right now. The kernel packaging change can't come soon enough! 2017-05-20 17:21:01 jirutka: ping 2017-05-20 17:30:06 Shiz: should i open a pr to move cabal to community? 2017-05-20 17:30:29 i can nuke that message for now as its probably not constructive as well 2017-05-20 17:31:56 sounds good yes 2017-05-20 17:33:31 i also found out about this http://tiptop.gforge.inria.fr and have a build for it too, its really nice, i'll get that pushed up too 2017-05-20 17:44:56 kaniini: https://github.com/alpinelinux/aports/pull/1552 2017-05-20 17:49:48 ok created https://github.com/alpinelinux/aports/pull/1553 2017-05-20 17:55:53 Shiz: ok ill merge it when back at computer 2017-05-20 17:56:02 danke 2017-05-20 18:23:19 hmm 2017-05-20 18:23:25 default_dbg seems to be killing pax flags 2017-05-20 18:23:27 :| 2017-05-20 18:42:38 ncopa: what do you mean by that last comment? 2017-05-20 20:27:06 jirutka: ping whenever you're here 2017-05-20 20:27:20 Shiz: I am, but busy 2017-05-20 20:27:36 okay: ping me whenever you're less busy ;) 2017-05-20 21:02:07 this is weird... 2017-05-20 21:02:09 $ getfattr -n user.pax.flags --only-values src/julia-0.5.2/usr/bin/julia 2017-05-20 21:02:11 e 2017-05-20 21:02:13 em 2017-05-20 21:02:29 but: 2017-05-20 21:02:31 $ getfattr -n user.pax.flags --only-values pkg/julia/usr/bin/julia 2017-05-20 21:02:33 pkg/julia/usr/bin/julia: user.pax.flags: No such attribute 2017-05-20 21:02:42 somewhere here something goes wrong 2017-05-20 21:02:44 :/ 2017-05-20 21:14:14 Shiz: IIRC xattrs are recorded in fakeroot, but actual files installed into pkg/ do not have them 2017-05-20 21:14:28 Shiz: try to actually install the pkg and check the result 2017-05-20 21:14:59 Shiz: also when I’ve applied paxmark in build function, it somehow didn’t survived 2017-05-20 21:15:03 jirutka: it won't work 2017-05-20 21:15:07 Shiz: I have no idea what magic happens here 2017-05-20 21:15:35 i installed the package and there's no paxmarks 2017-05-20 21:15:38 causing it to fail 2017-05-20 21:15:50 where do you call paxmark? 2017-05-20 21:16:22 it's part of the build process, your patch even :P 2017-05-20 21:16:32 Shiz: aha XD 2017-05-20 21:16:38 Shiz: try to paxmark it in package() 2017-05-20 21:16:40 i'm applying a paxmark in package() now 2017-05-20 21:16:41 yes 2017-05-20 21:16:45 it's building :) 2017-05-20 21:17:14 fwiw: it seems the issue is in cp(1) 2017-05-20 21:17:22 Shiz: it’s really weird, I encountered this issue just few days ago with some other pkg 2017-05-20 21:17:24 xattrs are not preserved even with -p 2017-05-20 21:17:31 aha 2017-05-20 21:17:33 so when # make install cps the binaries to $pkgdir 2017-05-20 21:17:37 xattrs are gone 2017-05-20 21:17:46 even coreutils cp doesn't with -p 2017-05-20 21:17:48 hm, looks like yet another bug in busybox? 2017-05-20 21:17:51 aha 2017-05-20 21:17:54 really weird 2017-05-20 21:39:16 does install work? 2017-05-20 21:44:18 nyet 2017-05-21 13:31:21 <^7heo> Hello everyone. 2017-05-21 13:31:47 hello ^7heo 2017-05-21 13:36:42 <^7heo> Hey tmh1999 2017-05-21 13:51:38 hi 2017-05-21 13:55:00 <^7heo> Hey Shiz 2017-05-21 22:18:24 https://txt.shiz.me/ZjhiMDA2Ym 2017-05-21 22:18:42 list of busybox <-> package mismatches, meaning busybox symlinks won't be removed when the package is installed 2017-05-21 22:18:49 which may lead to issues depending on $PATH order 2017-05-21 22:19:05 for every pair of lines the top line is the pkg path, the bottom line is the busybox symlink path 2017-05-22 07:22:17 hi, how do I compile perl-5.24 without locale support? I'm experimenting building on alpine linux (which has somewhat incomplete locale support) and was encountering test failures 2017-05-22 07:22:23 for context, I'm trying to solve https://github.com/Perl/docker-perl/issues/23 2017-05-22 07:59:46 zakame: same issue for me (incomplete locale support) and that's why some perl modules dont have "make test" 2017-05-22 08:00:07 https://gist.github.com/truatpasteurdotfr/e20019cd06027775284e19779ed79d67 2017-05-22 09:58:07 Shiz, can i close #7257 ? 2017-05-22 10:28:53 yes 2017-05-22 11:32:09 i think we can get rid of ffmpeg2.8 \o/ 2017-05-22 11:39:28 can we move grub to main? 2017-05-22 11:39:38 i think its needed for the ppc64le iso 2017-05-22 11:40:05 <^7heo> directly from testing? 2017-05-22 11:43:14 yes 2017-05-22 11:51:02 <^7heo> meh; I don't have a powerPC 64bit little endian. 2017-05-22 11:51:06 <^7heo> So it won't affect me. 2017-05-22 11:51:19 <^7heo> But so far I really tried to stay away from Grub. 2017-05-22 11:51:29 <^7heo> it's kinda insane in complexity. 2017-05-22 11:51:53 <^7heo> Anyway that's not a discussion about that specifically; if there's no other candidate for booting that arch... 2017-05-22 11:51:57 <^7heo> I guess we have no choice. 2017-05-22 11:52:16 <^7heo> But we should tag it as "risky" somehow and make that a very clear exception. 2017-05-22 12:14:32 can someone help me test if grub works at all on x86_64? 2017-05-22 12:14:37 even in a vm 2017-05-22 12:17:32 <^7heo> wait, are we replacing syslinux by grub? 2017-05-22 12:23:42 no 2017-05-22 12:23:49 but we need support grub 2017-05-22 12:23:53 for some arches 2017-05-22 12:24:03 which means we need move the grub package to main 2017-05-22 12:24:21 before doing so i want verify that the package itself is ok 2017-05-22 12:24:23 that it works 2017-05-22 12:49:24 <_ikke_> ncopa: I can try testing it, but that will be only in a couple of hours 2017-05-22 12:50:31 <^7heo> ncopa: I'd love to have an alternative to Grub for those arches. 2017-05-22 12:50:40 <^7heo> s/arches/archs/ 2017-05-22 12:50:49 <^7heo> but I guess that time-wise it's not wise (aha) 2017-05-22 12:51:03 :) 2017-05-22 13:12:42 Shiz do you have url to the latest release notes? 2017-05-22 13:24:50 not sure if this is the latest https://txt.shiz.me/MGY0YTIxYz 2017-05-22 13:27:00 <^7heo> nginx \o/ 2017-05-22 13:46:09 rdutra, hi 2017-05-22 13:46:20 leitao: hi 2017-05-22 13:46:21 rdutra, what qemu command did you use to boot alpine iso on ppc6l4? 2017-05-22 13:46:28 rdutra, ncopa wants to try it 2017-05-22 13:47:01 leitao: ncopa: sudo qemu-system-ppc64 -enable-kvm -m 32G -smp 16,sockets=16,cores=1,threads=1 -nodefaults -nographic -serial stdio -cdrom 2017-05-22 13:48:37 rdutra: i get openfirmware interface 2017-05-22 13:48:42 but it does not boot the generated iso 2017-05-22 13:49:06 Trying to load: from: disk ... 2017-05-22 13:49:06 E3405: No such device 2017-05-22 13:49:06 Trying to load: from: /vdevice/v-scsi@71000002/disk@8200000000000000 ... 2017-05-22 13:49:06 E3404: Not a bootable device! 2017-05-22 13:49:19 ncopa: umm. how you generated the iso? 2017-05-22 13:49:24 ncopa: I mean, the command 2017-05-22 13:50:08 sh scripts/mkimage.sh ... 2017-05-22 13:50:54 sh scripts/mkimage.sh --outdir out --repository http://dl-cdn.alpinelinux.org/alpine/v3.6/main 2017-05-22 13:51:09 ncopa: I used > ./mkimage.sh --profile vanilla --repository http://rsync.alpinelinux.org/alpine/edge/main/ 2017-05-22 13:52:09 ncopa: let me think...I also need to have "grub-ieee1275" installed to generate the correct ISO 2017-05-22 13:52:17 aha 2017-05-22 13:56:00 ha \o/ 2017-05-22 13:56:18 Linux localhost 4.9.28 #3-Alpine SMP Thu May 18 20:06:47 GMT 2017 ppc64le Linux 2017-05-22 13:56:23 nice 2017-05-22 13:56:36 ncopa: :) 2017-05-22 13:57:52 i suppose the setup script will not work though 2017-05-22 13:58:01 since it hardcodes syslinux iirc 2017-05-22 13:58:08 but at least it boots 2017-05-22 13:58:12 this is great 2017-05-22 14:01:19 ncopa: when I run the "setup-alpine" script, in the part that it calls "setup-disk" it returns "No disks found." 2017-05-22 14:01:46 ncopa: not sure if it is related with syslinux or because booting inside qemu 2017-05-22 14:05:11 probably because the script does someting stupid, like assume that disk should be /dev/sd* 2017-05-22 14:14:18 rdutra, which disks do you see when you run the setup script? 2017-05-22 14:17:29 leitao: umm..it does not show me any information about disks 2017-05-22 14:19:18 fdisk -l shows anything? 2017-05-22 14:20:14 leitao: no, shows nothing 2017-05-22 14:20:41 rdutra, did you attach a disk ? 2017-05-22 14:20:55 rdutra, this command " sudo qemu-system-ppc64 -enable-kvm -m 32G -smp 16,sockets=16,cores=1,threads=1 -nodefaults -nographic -serial stdio -cdrom " does not seem to have a disk attached. 2017-05-22 14:22:16 leitao: umm, I will see how to attach a disk do qemu command 2017-05-22 14:22:41 rdutra, starts qemu with a disk 2017-05-22 14:22:53 it should be easier. 2017-05-22 14:23:49 we build the x86/x86_64 iso images as isohybrids 2017-05-22 14:23:57 so they show up as disks for qemu 2017-05-22 14:53:40 jirutka: >K. Wang, Y. Lin, S. M. Blackburn, M. Norrish, and A. L. Hosking, "Draining the Swamp: Micro Virtual Machines as Solid Foundation for Language Development", 2017-05-22 14:53:44 questionable paper name choices 2017-05-22 15:24:59 do we have anything that needs be fixed before rc2? 2017-05-22 15:26:57 the udhcpc thing preferably imo 2017-05-22 15:27:08 ncopa: also ok to move julia to community? 2017-05-22 15:27:15 most of the testsuite passes 2017-05-22 15:27:25 how long time does it take to build (on arm) 2017-05-22 15:27:37 building doesn't take very long 2017-05-22 15:27:43 the testsuite is a bit longer, we can disable it on arm? 2017-05-22 15:27:51 possibly 2017-05-22 15:27:59 how long does it take? 2017-05-22 15:28:03 its nice to run it though 2017-05-22 15:28:31 it takes about 25 mins to build + test on the x86_64 builder 2017-05-22 15:28:33 iirc 2017-05-22 15:29:01 so atleast an hour on arm 2017-05-22 15:30:38 but it's only enabled for x86_64 right now 2017-05-22 15:30:51 ok 2017-05-22 15:30:54 i suppose then push it 2017-05-22 15:31:01 aight 2017-05-22 15:31:11 re iso vomlume id 2017-05-22 15:31:22 -volid "alpine-$PROFILE $RELEASE $ARCH" 2017-05-22 15:31:28 don't need to bump pkgrel right? 2017-05-22 15:31:37 should not be needed 2017-05-22 15:31:50 you dont need bump pkgrel 2017-05-22 15:32:04 xorriso : WARNING : -volid text problematic as automatic mount point name 2017-05-22 15:32:05 xorriso : WARNING : -volid text does not comply to ISO 9660 / ECMA 119 rules 2017-05-22 15:32:43 hmm 2017-05-22 15:32:46 probably doesn't like spaces? 2017-05-22 15:33:14 it it <= 32 chars? 2017-05-22 15:35:08 ncopa: "Specifies the volume ID text. (32 chars out of [A-Z0-9_])"," 2017-05-22 15:36:07 it has to be said that apparently nobody cares about this restriction 2017-05-22 15:36:39 ncopa: do we use joliet? 2017-05-22 15:37:10 because that allows for less restricted volids 2017-05-22 15:38:16 yes we use joilet 2017-05-22 15:38:22 seems loike nobody cares 2017-05-22 15:38:39 OpenBSD/amd64 6.1 boot-only CD 2017-05-22 15:38:39 Gentoo Linux amd64 20170209 2017-05-22 15:38:39 Linux Mint 18.1 MATE 32-bit 2017-05-22 15:38:45 except freebsd 2017-05-22 15:38:46 yep 2017-05-22 15:38:49 seems to comply 2017-05-22 15:38:55 11_0_RELEASE_P1_AMD64_BO 2017-05-22 15:39:42 i remember having issues with < 32 earlier 2017-05-22 15:39:42 oh 2017-05-22 15:39:46 ncopa: actually 2017-05-22 15:39:54 it seems like it includes a restricted shell char too 2017-05-22 15:40:07 ok? 2017-05-22 15:40:17 that set is limited to [a-zA-Z_-+=:.,~@] 2017-05-22 15:40:25 i guess that's again the space 2017-05-22 15:40:29 that's 'automatic mount point name' warning 2017-05-22 15:40:33 ok 2017-05-22 15:40:57 i am open to suggestion what we set it too 2017-05-22 15:41:07 we keep it as is? 2017-05-22 15:41:29 i think it's fine as it is 2017-05-22 15:43:18 it will likely be difficult to change once we have it implemented in libosinfo 2017-05-22 15:43:32 ok, lets keep it as is 2017-05-22 15:44:23 one thing that would be nice to find out before release, is why did virtharden kernel module doube size (in the 4.4 -> 4.9 upgrade) 2017-05-22 15:45:36 hmm 2017-05-22 15:45:45 what's libosinfo? 2017-05-22 16:16:39 library and database with OS information 2017-05-22 16:16:53 virt-manager uses it when creating new virtual machines 2017-05-22 17:02:04 <_ikke_> ncopa: Do you still need someone to test grub? 2017-05-22 17:03:09 _ikke_: would be nice if you have time 2017-05-22 17:03:39 <_ikke_> sure 2017-05-22 17:04:27 <_ikke_> ncopa: default image? 2017-05-22 17:04:35 sure 2017-05-22 17:55:59 <_ikke_> grub-install returns "failed to get cannonical path of /boot/grub", anyone familiar with that error? 2017-05-22 17:56:11 <_ikke_> (I'm chrooted in the new installation) 2017-05-22 17:57:49 <_ikke_> ok, forgot to mount proc/sys/dev 2017-05-22 18:09:10 <_ikke_> Next issue: cannot find grub drive for /dev/sda1, check your device.map 2017-05-22 18:11:12 hey friends, i have a quick question 2017-05-22 18:11:36 what was the tought behind the current naming convetion of the alpinelinux nameservers? 2017-05-22 18:11:48 currently beeing ns1.alpinelinux.org and ns2.alpinelinux.org 2017-05-22 18:12:10 is it not normal to use a.ns.alpinelinux.org and b.ns.alpinelinux.org for that anymore? 2017-05-22 18:12:34 i don't think i've ever seen a.ns and b.ns 2017-05-22 18:12:41 anywhere, to be honest 2017-05-22 18:13:12 it was an old standard to but got replaced by the ns1 and ns2 in a lot of places 2017-05-22 18:13:18 <_ikke_> Why would you need to refer to them in the first place? 2017-05-22 18:13:30 _ikke_: because how else is it gonna find which nameservers serve your domain? :P 2017-05-22 18:13:31 the reason i am asking is that there was a reason for using a.ns and b.ns but i forgot it 2017-05-22 18:13:44 and i would need that for an article i am writing :( 2017-05-22 18:27:15 kaniini, can you take a look at #7155 2017-05-22 18:28:00 <_ikke_> Anyone know why grub-probe says cannot find grub device for dev/sda1? 2017-05-22 18:30:25 leo-unglaub: probably just in the spirit of the hierarchical nature of DNS 2017-05-22 18:30:29 grub is a pita 2017-05-22 18:30:34 "ns.x" hosts all nameservers, "a.ns.x" is the first, etc 2017-05-22 18:30:42 <_ikke_> yeah, I'm trying to test it for ncopa 2017-05-22 18:31:20 i remember those errors when i needed to boot aarch64 2017-05-22 18:31:28 leo-unglaub: isn't that the naming convention for the root nameservers of which there is more than usually 2? 2017-05-22 18:31:44 yeah, exactly 2017-05-22 18:31:45 <_ikke_> I'm in a chroot right now, it seems to have placed the files in the boot dir, but fails at installing the bootloader 2017-05-22 18:31:46 they use it 2017-05-22 18:32:41 install bootloader from chroot? 2017-05-22 18:34:20 <_ikke_> clandmeter: yeah 2017-05-22 18:34:31 <_ikke_> That's how you usually, do it, right? 2017-05-22 18:35:07 let me see if i can find a script i used 2017-05-22 18:36:54 you'll need access to the device, which means bind mounting /dev to the chroot, correct? 2017-05-22 18:37:17 <_ikke_> I did 2017-05-22 18:37:54 <_ikke_> mount -obind /dev /mnt/dev 2017-05-22 18:38:07 better is --rbind i think 2017-05-22 18:38:39 next on my list of guesses would be a specific grsec option on the host side 2017-05-22 18:47:53 _ikke_, the script i made is for a bootable hybrid uefi iso with grub, so it wont help you much. 2017-05-22 18:50:26 <_ikke_> ok 2017-05-22 19:04:32 <_ikke_> thanks anyway 2017-05-22 19:28:21 _ikke_, did you mount proc? 2017-05-22 19:47:24 <_ikke_> clandmeter: I ddi 2017-05-22 19:47:26 <_ikke_> did 2017-05-22 19:47:30 <_ikke_> mount -t proc none /mnt/proc 2017-05-22 19:47:50 what if you bind mount it? 2017-05-22 19:48:00 <_ikke_> let me try 2017-05-22 19:48:09 both dev and proc 2017-05-22 19:48:34 <_ikke_> Right, still the same issue 2017-05-22 19:48:41 <_ikke_> mount --rbind /proc /mnt/proc 2017-05-22 19:48:42 <_ikke_> same for dev 2017-05-22 19:48:54 which error do you get? 2017-05-22 19:50:14 <_ikke_> http://tpaste.us/djbL 2017-05-22 19:50:41 hmm, it works for me. 2017-05-22 19:52:00 <_ikke_> How did you setup the disk? 2017-05-22 19:54:13 one partition ext4 and apk install --root... 2017-05-22 19:54:35 <_ikke_> ok, let me try that 2017-05-22 19:54:39 it doesnt boot though :) 2017-05-22 19:54:45 but it says its installed 2017-05-22 19:54:45 <_ikke_> hehe 2017-05-22 19:55:11 i think i need to use ext2 2017-05-22 19:57:56 _ikke_, http://tpaste.us/40bX 2017-05-22 19:59:44 <_ikke_> apk install is not a command? 2017-05-22 20:00:00 lol 2017-05-22 20:00:05 my mistake... 2017-05-22 20:00:20 just apk add ... 2017-05-22 20:00:24 with root 2017-05-22 20:00:53 <_ikke_> no such file or directory 2017-05-22 20:01:15 wait let me give you the whole cmd 2017-05-22 20:03:18 apk add --keys-dir /etc/apk/keys --repositories-file /etc/apk/repositories --root my/disk --update-cache alpine-base grub-bios 2017-05-22 20:03:37 thats from my head... 2017-05-22 20:03:45 <_ikke_> 5ok 2017-05-22 20:04:31 after it installs base alpine you can bind dev and proc 2017-05-22 20:04:43 and then chroot and grub-install 2017-05-22 20:06:21 <_ikke_> Looks like I'm still missing something in that apk command 2017-05-22 20:08:27 <_ikke_> --initdb? 2017-05-22 20:08:32 yes 2017-05-22 20:08:33 sorry 2017-05-22 20:08:36 missed that one 2017-05-22 20:09:58 <_ikke_> That worked 2017-05-22 20:10:55 nice 2017-05-22 20:11:03 grub-install as well? 2017-05-22 20:12:35 <_ikke_> Not yet 2017-05-22 20:12:42 <_ikke_> But I have 2 partitions, one ext2, other ext4 2017-05-22 20:13:00 <_ikke_> You just have one ext4 partition? 2017-05-22 20:13:07 yes 2017-05-22 20:13:37 but it shouldnt matter as long you provide the correct device where your boot is located. 2017-05-22 20:13:48 <_ikke_> I do, but still the same error 2017-05-22 20:14:07 can you add strace and check what happens? 2017-05-22 20:14:15 <_ikke_> I can 2017-05-22 20:15:26 seems my error is related to vmware 2017-05-22 20:16:41 you could also try to add --verbose and see if it tells you more. 2017-05-22 20:21:52 <_ikke_> hmm, any way to update /dev nodes? I formatted the disk, but not new /dev/sda* nodes are created 2017-05-22 20:23:00 <_ikke_> already tried partprobe, but not helping 2017-05-22 20:23:26 <_ikke_> mdev -s 2017-05-22 20:39:55 <_ikke_> http://tpaste.us/ELx6 2017-05-22 22:38:02 jirutka: have you ever thought about the security implications of building the entire aports tree statically linked? 2017-05-22 22:40:44 leo-unglaub: yes 2017-05-22 22:40:47 leo-unglaub: why? 2017-05-22 22:41:50 well, i cannot sleep and started thinking ... thats just how my mind works *g* 2017-05-22 22:42:00 leo-unglaub: XD 2017-05-22 22:42:15 leo-unglaub: is your mind statically linked? :P 2017-05-22 22:42:24 yes ... hehehehe 2017-05-22 22:42:43 but think about the implications that would have ... an statically linked alpine 2017-05-22 22:43:03 the disc size would grow up a little bit, but it would get the heck of a lot faster 2017-05-22 22:43:32 i don't think it would be significantly faster 2017-05-22 22:43:49 not sure about performance, but it’d be more secure and unbreakable :P 2017-05-22 22:44:09 more secure, having to replace all binaries when we find another vuln in libressl? 2017-05-22 22:44:11 ;) 2017-05-22 22:44:31 is that a problem? 2017-05-22 22:44:46 yes, people will upgrade less fast if they have to download 200mb of binaries 2017-05-22 22:44:47 well, in my lab i test stuff like this simetimes and it fully depends on the binary created ... but usually with small libraries you get around 10% more speed because you have less different io reads to get all depending .so files 2017-05-22 22:44:59 there's also the thing that not all aports stuff supports static PIE 2017-05-22 22:45:16 download size is not a problem, just do delta updates 2017-05-22 22:45:17 you just need to keep track what pkgs embeds what libs and rebuild/update all of them when sec vul. found 2017-05-22 22:45:17 like go, i think 2017-05-22 22:45:23 even windows 10 does delta updates now 2017-05-22 22:45:34 leo-unglaub: we'd need to rearchitecture apk for that 2017-05-22 22:45:37 not likely to happen anytime soon 2017-05-22 22:45:55 yeah 2017-05-22 22:46:07 Shiz: i am not talking about doing it this weekend ... 2017-05-22 22:46:49 its just part of my job as a security auditor 2017-05-22 22:46:52 IMHO liberation from FHS will bring more benefits than statically linked binaries 2017-05-22 22:46:52 jirutka: 'just need to keep track' is not as easy as it sounds 2017-05-22 22:47:01 oh yeah 2017-05-22 22:47:07 i talked with dalias about the /pkgs stuff 2017-05-22 22:47:13 or /pkg, whatever 2017-05-22 22:47:19 well, keeping track is the easy part 2017-05-22 22:47:27 because we alredy have this information today in apk 2017-05-22 22:47:28 his suggestion was to symlink all libs needed in /pkg/$name/$version/lib 2017-05-22 22:47:34 the automatically dependenty tracker 2017-05-22 22:47:35 and set an rpath of $ORIGIN/../lib in all binaries 2017-05-22 22:47:42 leo-unglaub: nope 2017-05-22 22:47:47 that only works for dynamically linked binaries 2017-05-22 22:47:48 :) 2017-05-22 22:47:53 that is one of its axioms in fact 2017-05-22 22:48:41 yes, but we have the information once ... moving this part into compiletime is not that hard and export a .depends file to keep track of when to recompile 2017-05-22 22:48:48 thats the smallest problem with it 2017-05-22 22:48:48 (btw cc kaniini on this) 2017-05-22 22:49:03 leo-unglaub: the part is already in compiletime 2017-05-22 22:49:16 but it simply can not track dependencies for static output 2017-05-22 22:49:33 you can export from a dynamically linked compile once, but who says it's 1) identical to the static version 2) kept up to date 2017-05-22 22:49:40 Tracking the deps isn't all that hard, but it would need to be handled at link time. 2017-05-22 22:49:43 there's also the thing where static linking has no SONAME stuff 2017-05-22 22:49:52 so you don't know when to recompile in light of SONAME bumps 2017-05-22 22:50:16 Shiz: during a static linking just track what the linker does and export the data during every build fpr every version 2017-05-22 22:50:28 what the linker does where? 2017-05-22 22:50:35 you realise a linker may link many binaries 2017-05-22 22:50:42 and not all of them present in the final package 2017-05-22 22:50:50 we don't integrate with build systems on that level 2017-05-22 22:50:57 YET! ;) 2017-05-22 22:51:04 and we won't if i have anything to say about it 2017-05-22 22:51:06 :P 2017-05-22 22:51:39 TemptorSent: btw if you’d like to practice your shell-fu, we still need a proper script for ABI breakage detection; not necessarily real ABI comparison, just need to know if dependent pkgs must be rebuilt when upgrading pkg providing some shared libs 2017-05-22 22:51:45 simply because it's not feasible and doesn't scale 2017-05-22 22:51:45 We need some of that to fix the build-deps discovery. 2017-05-22 22:52:09 jirutka: don't we have SONAME checks for that right now? 2017-05-22 22:52:20 Shiz: no, we don’t 2017-05-22 22:52:41 Shiz: we have only checkapk (or apkcheck?) and it do only diff of pkg files, not very usaable for automation 2017-05-22 22:53:10 right 2017-05-22 22:53:28 jirutka: I have full revdep detection working for shared libs, but it doesn't look at actual ABI -- that requires build-time modifications. 2017-05-22 22:54:02 TemptorSent: we already know what pkgs depends on the pkg being rebuild 2017-05-22 22:54:03 The ABI comparison tools that I've looked at rely on a build with debug symbols. 2017-05-22 22:54:10 TemptorSent: apk tracks shared libs etc. 2017-05-22 22:54:40 TemptorSent: hm, maybe we can build -dbg subpkg automatically for all…? 2017-05-22 22:55:02 TemptorSent: IIRC debian do this, all pkg automatically have some pkg with debug symbols 2017-05-22 22:55:03 That's a possibility... 2017-05-22 22:55:16 jirutka no 2017-05-22 22:55:19 no chance without debug symbols? 2017-05-22 22:55:22 it is maintainer opt in 2017-05-22 22:55:24 And that would allow us to use the ABI checker tools. 2017-05-22 22:55:36 kaniini: yes, currently… why we can’t make it default? 2017-05-22 22:55:38 ubuntu has -dbgsym which is unconditional 2017-05-22 22:55:44 but debian does not 2017-05-22 22:55:58 doesn’t matter… 2017-05-22 22:56:08 Not really anything solid w/o debug symbols because the prototyping isn't stored once debug symbols are removed. 2017-05-22 22:56:13 i don't think it's worth testing for abi breakage aside from SONAME to be honest 2017-05-22 22:56:22 is there some reason why we should not enable -dbg by default for e.g. all pkgs that provides some shared libs? 2017-05-22 22:56:22 i was just clarifying that your example is not correct :) 2017-05-22 22:56:43 no we absolutely should enable -dbg by default 2017-05-22 22:56:44 jirutka: btw, enabling -dbg on julia stripped it down by 25mb 2017-05-22 22:56:46 lol 2017-05-22 22:57:02 eh, what? 2017-05-22 22:57:06 aha, yes 2017-05-22 22:57:10 b/c I did it wrongly before 2017-05-22 22:57:14 from 70mb to a bit over 40mb 2017-05-22 22:57:26 i renamed julia-debug to julia-dbg and called default_dbg in the split func 2017-05-22 22:57:26 ABI breakage tessting will allow us to determine if an existing package is going to break when compiled against the new version of a lib. 2017-05-22 22:57:27 our -dbg does not produce full binary with debug symbols, just debug symbols 2017-05-22 22:57:28 :P 2017-05-22 22:57:47 TemptorSent: that's the entire purpose of SONAME 2017-05-22 22:57:59 i agree with shiz soname is fine 2017-05-22 22:58:05 it’s not… 2017-05-22 22:58:09 we just need more intelligence in the build tools 2017-05-22 22:58:10 b/c foo.so.1.2.3 2017-05-22 22:58:31 stupid maintainers are stupid and we fix the soname in those cases 2017-05-22 22:58:32 when foo.so.1.2.3 → foo.so.1.2.4, it’s usually not needed to rebuild all depending pkgs 2017-05-22 22:58:36 jirutka: that's 2017-05-22 22:58:39 not how sonames work 2017-05-22 22:58:43 yes that's not the soname tho 2017-05-22 22:58:44 but this relies on particular versioning schema 2017-05-22 22:58:52 SONAME doesn't tell you if an updated lib breaks an existing API/ABI for a particular function. 2017-05-22 22:58:57 the soname is foo.so.1 2017-05-22 22:58:58 anyway 2017-05-22 22:59:02 ?? 2017-05-22 22:59:03 it actually does exactly that, TemptorSent 2017-05-22 22:59:12 jirutka: SONAME is a field in the ELF .so file 2017-05-22 22:59:18 when you break ABI, you bump it 2017-05-22 22:59:26 it has little to do with the filename 2017-05-22 22:59:32 uh, aha 2017-05-22 22:59:41 e.g. 2017-05-22 22:59:43 what if author does not bump it? 2017-05-22 22:59:51 then upstream is stupid :p 2017-05-22 23:00:00 it's their responsibility to bump soname when they break ABI 2017-05-22 23:00:02 I've quite often run into minor revs that broke specific functions. 2017-05-22 23:00:05 then we fix it downstream 2017-05-22 23:00:12 i think automated ABI testing is better fixed by implementing a check() for all packages 2017-05-22 23:00:14 just saying 2017-05-22 23:00:16 ;) 2017-05-22 23:00:18 yes, it is, we know that, that’s why I think that detecting real ABI breakage would be good 2017-05-22 23:00:22 what shiz says 2017-05-22 23:00:34 anyway 2017-05-22 23:00:52 no, we don’t rerun check in all depending pkgs when we upgrade som epkg… 2017-05-22 23:01:11 the problem is that "ABI testing" is an unsolvable issue 2017-05-22 23:01:30 ABI means literally everything, from the tiniest changes in how a library behaves 2017-05-22 23:01:35 and a lot of changes are justified 2017-05-22 23:01:36 Also, detecting NON breaking changes in SONAME bumbs is useful as well, as we can determine if a specific package using a specific API will work with the newer lib or not. 2017-05-22 23:01:41 e.g. if the documentation states you should not rely on something 2017-05-22 23:01:47 this conversation annoys me 2017-05-22 23:01:51 how are you gonna exhaustively test if a library behaves differently 2017-05-22 23:01:52 somebody tell me when 3.6 is out 2017-05-22 23:01:55 $ readelf -a /usr/lib/libcares.so.2.2.0 | grep SONAME # → 0x000000000000000e (SONAME) Library soname: [libcares.so.2] … hmm 2017-05-22 23:01:56 and whether those changes are justified 2017-05-22 23:02:00 jirutka: yeah 2017-05-22 23:02:05 you bump the last digit when you break ABI 2017-05-22 23:02:24 so it would be beumped to libcares.so.3 2017-05-22 23:02:48 if you like overengineered solutions i hear Nix and Guix are things 2017-05-22 23:02:49 okay, so back to the task… we need proper script that would compare at least this ;) 2017-05-22 23:02:57 it is all i have to say on it 2017-05-22 23:03:02 See https://lvc.github.io/abi-compliance-checker 2017-05-22 23:03:04 jirutka: agree :) 2017-05-22 23:03:20 and just return boolean value, not full diff of all files 2017-05-22 23:03:37 apks contain all soname as providers 2017-05-22 23:03:51 so we can use it for automation, at least automatically add comment to PR that some pkgs needs to be rebuilt 2017-05-22 23:03:54 I know 2017-05-22 23:03:59 jirutka: that sounds fine 2017-05-22 23:04:00 the build scripts can use that data to see what needs rebuild 2017-05-22 23:04:12 TemptorSent: sure, this tests for differences, but it doesn't meaningfully make it automatable 2017-05-22 23:04:14 that is my point 2017-05-22 23:04:40 it tells you what's different, but the problem with ABI breakage is not what is different 2017-05-22 23:04:44 it is what is different AND documented 2017-05-22 23:04:47 but I don’t have time right now to write that script, even when it’d be probably easy, so just letting now ;) 2017-05-22 23:05:02 The detection of differences can be automated and if something differs, it can be flagged for manual review. 2017-05-22 23:05:13 then everything will be flagged every update 2017-05-22 23:05:18 have you seen the reports it outputs 2017-05-22 23:05:47 at least if we know that there’s SOME difference, we can trigger rebuild of depending pkgs and if they have check() and proper tests, we would know… 2017-05-22 23:06:06 Yeah, I don't love the reporting in that particular one. 2017-05-22 23:06:34 jirutka: talking about soname or the abi checker now? 2017-05-22 23:06:46 TemptorSent: with all due respect there are far more critical needs than this. SONAME checks are good enough for now. 2017-05-22 23:06:46 But the error codes are probably enough for breakage detection. 2017-05-22 23:06:50 because my fear is the abi checker will just flag every package upgrade, keeping us needlessly busy 2017-05-22 23:06:57 ideally ABI checker, but soname would be good enough for now 2017-05-22 23:07:14 anyway yeah, soname checking seems good 2017-05-22 23:07:18 kaniini: Agreed - the ABI checking is not immediately critical. 2017-05-22 23:07:36 What sonames are NOT checked currently? 2017-05-22 23:08:16 all of them 2017-05-22 23:08:32 It seemed that abuild didn't necessarily follow the dep chain to discover packages from solibs. 2017-05-22 23:08:48 actually 2017-05-22 23:08:51 On the apk side, this works, right kaniini? 2017-05-22 23:09:07 jirutka: checkapk does in fact check SONAMEs 2017-05-22 23:09:18 separately from the rest of the files 2017-05-22 23:09:19 this channel is getting bad for my health 2017-05-22 23:09:37 Shiz: but the result is quite useless 2017-05-22 23:09:40 currently 2017-05-22 23:09:48 sure, but there's not a lot that needs to be changed to make it useful 2017-05-22 23:09:50 :P 2017-05-22 23:09:54 does checkapk recurse the deptree? 2017-05-22 23:10:08 no, why would it 2017-05-22 23:11:08 it only needs to check if the provides change 2017-05-22 23:11:11 for soname 2017-05-22 23:12:21 right then it queries apkindex to learn the depends 2017-05-22 23:12:26 er rdepends 2017-05-22 23:12:48 I need to go sleep now, I must get up very early tomorrow; I hope that you understand what is the goal I’d like to achieve, so please discuss what is the best way to it ;) 2017-05-22 23:12:52 Hmm.. The cases I'm concerned with is a bin which deps on a lib which deps on another lib, where the bin uses a header for the second lib but doesn't link it directly. 2017-05-22 23:13:15 ACTION headdesks 2017-05-22 23:13:20 that wouldn't matter at all 2017-05-22 23:13:22 I'm afraid I'm not sure exactly which problem you're currently working to solve jirutka. 2017-05-22 23:13:24 TemptorSent: uh, what? 2017-05-22 23:13:27 it would flag the intermediate lib, which would need to be rebuilt 2017-05-22 23:13:32 if it doesn't link against it... 2017-05-22 23:13:38 and this all seems extremely corner-casey 2017-05-22 23:13:44 Yeah, one I' 2017-05-22 23:13:45 ve hit 2017-05-22 23:13:51 anyway 2017-05-22 23:13:56 maybe I’ve missed something, but transitive dependencies are not a problem in this case, are they? 2017-05-22 23:14:05 no 2017-05-22 23:14:12 Usually it's a struct defined in the lower level lib that's used in the bin directly. 2017-05-22 23:14:12 jirutka: here's my thought before you go to bed: 2017-05-22 23:14:35 a modification to the travis script and checkapk 2017-05-22 23:14:46 checkapk outputs a list of changed sonames 2017-05-22 23:14:53 and the packages that depend on it 2017-05-22 23:15:04 travis checks at the end of the session if those packages were rebuilt too 2017-05-22 23:15:09 if not, it fails the build 2017-05-22 23:15:10 So the transitive deps shouldn't be a problem if the package deps on ALL libs it uses structs of. 2017-05-22 23:15:45 but what about foo.so.1.2.3 → foo.so.1.2.4? does it need rebuild as well? please note that checkapk compares only file names, not real SONAME in ELF binary 2017-05-22 23:15:53 jirutka: wrong 2017-05-22 23:15:56 it checks the real soname 2017-05-22 23:15:59 Shiz - That sounds like it would solve the immediate problem quite nicely. 2017-05-22 23:16:11 hm, I need to verify it… 2017-05-22 23:16:20 jirutka: https://git.alpinelinux.org/cgit/abuild/tree/checkapk.in#n82 2017-05-22 23:16:25 it's a separate check from the file list check 2017-05-22 23:16:27 grr, it’s output is really extremely confusing 2017-05-22 23:16:28 jirutka: it checks real soname 2017-05-22 23:16:33 aha 2017-05-22 23:17:03 anyway 2017-05-22 23:17:15 this would enforce that any PR that breaks soname also includes commits to bump the relevant pkgrels 2017-05-22 23:17:20 or the travis build fails 2017-05-22 23:17:28 In-depth API/ABI compatability analysis is something to work on for supporting devs and automated bumps. 2017-05-22 23:17:29 but then I don’t understand foo.so.x.y.z, cause I’ve seen many times when checkapk printed diff with just change in 2017-05-22 23:17:36 so are these totally unrelated or what? 2017-05-22 23:17:50 no, it should not fail build 2017-05-22 23:17:52 checkapk prints both a changed filelist and changed sonames 2017-05-22 23:17:54 just warn 2017-05-22 23:17:59 no, it should fail 2017-05-22 23:18:00 aha 2017-05-22 23:18:05 packages will fail to load if the soname was bumped 2017-05-22 23:18:07 they will not work anymore 2017-05-22 23:18:08 no it definitely should not 2017-05-22 23:18:09 at all 2017-05-22 23:18:12 think about consequences 2017-05-22 23:18:18 you break packages if you update soname and not the packages 2017-05-22 23:18:36 look, ideally we need two checks 2017-05-22 23:19:02 so contributor can know if the pkg itself is okay and/or there is need to bump some other pkgs 2017-05-22 23:20:22 jirutka: I'm not sure you can do that without first building the newer pkgs to compare with anyway. 2017-05-22 23:20:42 eh? 2017-05-22 23:21:11 okay, I go sleep, it seems that I’m too tired to properly express my thoughts or dunno :) 2017-05-22 23:21:36 If anything, the abi checking might be useful to determine the LAST version of a lib to work with a particular version of a package, but checking newer ones requires building the new libs first and comparing against the old. 2017-05-22 23:21:37 :P 2017-05-22 23:22:22 jirutka: Get some sleep and poke at it more when you're fresh. 2017-05-22 23:22:34 ofc it requires building one, I thouhht that it is very obvious… 2017-05-22 23:22:58 yeah, lack of sleep is bad :( 2017-05-22 23:23:27 Autobumping isn't the easiest to solve, since you don't know what version to bump TO automatically for the deps. 2017-05-22 23:24:30 Doing that would require source analysis and comparison of prototypes between both old and new packages and old and new libs (possibly trying many version to match) 2017-05-22 23:24:48 and that's out of scope 2017-05-22 23:24:53 Agreed. 2017-05-22 23:27:12 A heuristic approach and flagging manual intervention is probably doable, but since we don't build and store every version of every dep, we'll only be able to say a specific build did or did not match, not ask which version did. 2017-05-22 23:28:05 (unless the metadata for previous versions of a package is stored somewhere?) 2017-05-22 23:29:49 I guess the question that needs to be answerable for proper versioning is 'In which version of $pkg did SONAME last have the value of X and in which version did it first have the value of Y 2017-05-22 23:32:02 That would allow you to determine the proper dep version string required. 2017-05-22 23:41:33 abi-compliance-checker DOES look very useful as a tool for Contributors and QA, but probably in a semi-automated fashion. 2017-05-23 07:54:12 morning 2017-05-23 07:54:23 i think i have found a bug in th setup-keymap 2017-05-23 07:54:37 after system install, the keymap is not kept 2017-05-23 08:00:31 ok i know why 2017-05-23 08:04:02 <_ikke_> ncopa: I tried to install grub yesterday, but I ran into some issues where it failed to detect a grub drive: http://tpaste.us/ELx6 2017-05-23 08:04:22 <_ikke_> ncopa: clandmeter did not have any issues, but it might be because I used multiple partitions where he only used a single one 2017-05-23 08:04:47 I have a notebook beside me to test 2017-05-23 08:04:58 because it seemed to give some issues with vmware 2017-05-23 08:05:07 i will give that another try 2017-05-23 08:05:12 ok 2017-05-23 08:05:39 btw, it would be nice if we could add support for alpine in https://netboot.xyz 2017-05-23 08:06:21 yes, indeed 2017-05-23 08:06:23 Shiz, if you feel bored ;-) 2017-05-23 08:07:29 not sure how much we need to change to add proper ipxe support. 2017-05-23 08:10:55 ACTION wonders why we dont have curl in the extended release. 2017-05-23 08:11:14 we probably should yes 2017-05-23 08:22:02 If i want to connected to an open wifi network, i need to create my own script to start it at boot? 2017-05-23 08:25:58 hi 2017-05-23 08:26:27 how can anyone get up so early? *tired* 2017-05-23 08:26:42 <_ikke_> jirutka: By not going to bed so late? :P 2017-05-23 08:30:31 hi is apkbuild-pypi deprecated? I could find apkbuild-cpan but not apkbuild-pypi 2017-05-23 08:33:07 jirutka, i know the feeling 2017-05-23 08:33:21 3am to sleep, 7am awake... 2017-05-23 08:39:17 tru_tru: not sure if deprecated, but surely outdated 2017-05-23 08:39:32 tru_tru: it’s better to follow https://wiki.alpinelinux.org/wiki/APKBUILD_examples:Python for now 2017-05-23 08:52:58 wtf, so i need to partition my disk some special way to make for the grub mbr? 2017-05-23 08:53:07 make space... 2017-05-23 08:56:25 jirutka: thx 2017-05-23 09:01:02 <_ikke_> clandmeter: iirc, normal partitioning should already by enough 2017-05-23 09:01:14 <_ikke_> mbr 2017-05-23 09:01:21 doesnt seem like it 2017-05-23 09:01:28 atleast not the messages im getting from grub 2017-05-23 09:01:38 <_ikke_> what message are you getting? 2017-05-23 09:02:02 <_ikke_> It of course does need enough space for the initial bootloader 2017-05-23 09:02:30 <_ikke_> 63 records apparently 2017-05-23 09:02:38 <_ikke_> stage 1.5 2017-05-23 09:03:44 <_ikke_> Might be that the fdisk shipped with alpine has a different behaviour 2017-05-23 09:03:45 grub Embedding is not possible 2017-05-23 09:05:34 going to try with more space at the beginning (if thats the real issue) 2017-05-23 09:06:02 <_ikke_> 63 sectords at least 2017-05-23 09:06:05 <_ikke_> sectors 2017-05-23 09:07:39 <_ikke_> According to a ticket, at least 1M 2017-05-23 09:08:39 <_ikke_> But that's when you have RAID / LVM apparently 2017-05-23 09:17:18 http://tpaste.us/aQ8M 2017-05-23 09:17:23 this is what im getting 2017-05-23 09:18:37 lol 2017-05-23 09:18:38 im stupid 2017-05-23 09:20:12 w00t 2017-05-23 09:31:32 ncopa, seems grub works fine in bios mode 2017-05-23 09:31:42 good 2017-05-23 09:34:55 btw, IIRC setup-* does not support installation without partitions… this is useful for VMs, it’s quite non-sense to create partitions on virtual disks 2017-05-23 09:36:13 how do you install the boot loader without partitions? 2017-05-23 09:40:21 exactly the same way as with partitions? 2017-05-23 09:40:31 boot loader don’t care about partitions ;) 2017-05-23 09:41:01 https://gist.github.com/jirutka/990d25662e729669b3ce 2017-05-23 09:41:12 eh, this part https://gist.github.com/jirutka/990d25662e729669b3ce#d-install-syslinux-bootloader 2017-05-23 09:42:43 eh, this is something different 2017-05-23 09:42:51 this is for partitions setup 2017-05-23 09:43:04 but really there’s no difference for installing bootloader 2017-05-23 10:20:28 <_ikke_> clandmeter: So how did you partition it, I'm still getting the same grub error 2017-05-23 10:20:45 <_ikke_> clandmeter: do you use a chroot? 2017-05-23 10:24:44 _ikke_, i used the partition instead of the device with grub-install :| 2017-05-23 10:24:56 no wonder it had no space for the bootloader :) 2017-05-23 10:25:20 <_ikke_> right 2017-05-23 10:25:23 so i think just a regular one partition setup with ext4 should work 2017-05-23 10:25:29 mount it 2017-05-23 10:25:45 install alpine-base kernel and grub 2017-05-23 10:26:00 with apk add.... 2017-05-23 10:26:10 mount bind proc and dev 2017-05-23 10:26:36 chroot and grub-install /dev/sda1 2017-05-23 10:26:40 err 2017-05-23 10:26:41 chroot and grub-install /dev/sda 2017-05-23 10:26:42 :) 2017-05-23 10:26:51 old habits.. 2017-05-23 10:37:43 <_ikke_> clandmeter: ugh, even with a single ext4 partition, I still get the same error under qemu 2017-05-23 10:42:24 _ikke_, can you do a strace on grub-install. 2017-05-23 10:42:43 <_ikke_> yes 2017-05-23 10:44:36 <_ikke_> interesting: open /dev/sda1 operation not permitted 2017-05-23 10:44:57 <_ikke_> is that a grsec thing? 2017-05-23 10:45:21 check dmesg 2017-05-23 10:45:31 and yes thatrs highly possible 2017-05-23 10:45:44 you are restricted in a chroot with grsec 2017-05-23 10:45:55 <_ikke_> right 2017-05-23 10:46:03 <_ikke_> use of CAP_SYS_RAWIO denied 2017-05-23 10:46:18 you can relax it 2017-05-23 10:46:51 http://tpaste.us/qMqK 2017-05-23 10:50:36 <_ikke_> clandmeter: w00t, that did it! 2017-05-23 10:50:43 <_ikke_> lol 2017-05-23 11:19:46 clandmeter: one partition setup doesn’t make much sense, just omit partitions… or grub is so stupid that it needs partitions to work? 2017-05-23 12:46:12 jirutka: so there are 440 unused bytes at the beginning of ext4 filesystem? 2017-05-23 12:46:40 where there is room for gptmbr.bin 2017-05-23 12:47:02 ncopa: yes 2017-05-23 12:47:12 is that the same for xfs and others? 2017-05-23 12:48:00 I’m not sure, I do this only with ext4 2017-05-23 12:48:22 but the grpmbr.bin is needed? 2017-05-23 12:48:33 gptmbr.bin 2017-05-23 12:49:54 no, it works with legacy too 2017-05-23 12:50:15 hm… 2017-05-23 12:50:19 i mean, you need some mbr.bin 2017-05-23 12:51:00 tbh I’m not sure now XD give me a sec 2017-05-23 12:53:05 . /usr/share/syslinux/mbr.bin 2017-05-23 12:54:15 does FAT also have space for the mbr.bin? 2017-05-23 12:54:23 but… this is for msdos-like partition table… and there’s no partition table… I use this for years, I know that it works, but now I wonder *how* it actually can work 2017-05-23 12:54:37 that is what i wonder too :) 2017-05-23 12:54:42 how does it actually work 2017-05-23 12:54:47 with partitions 2017-05-23 12:54:48 FAT? I don’t use archaic filesystems 2017-05-23 12:55:01 bios will load boot disk first sector 2017-05-23 12:55:13 where the mbr.bin code is 2017-05-23 12:55:35 the mbr.bin will look up the partition table and find the partition which is marked as "bootable" 2017-05-23 12:55:42 and pass over execution to there 2017-05-23 12:56:05 <_ikke_> but what if there is no partition table 2017-05-23 12:56:18 that was my question 2017-05-23 12:56:29 apparently it will work without parition table 2017-05-23 12:57:26 <_ikke_> And how does it know where to look for files? normally it looks just in the root, but in this case it will probably have to look in /boot 2017-05-23 12:57:32 EFI requires gpt 2017-05-23 12:57:52 to be able to read files it needs to understand filesystem 2017-05-23 12:58:07 syslinux understands fat, ext4, xfs, btrfs 2017-05-23 12:58:13 grub understands more 2017-05-23 12:58:22 <_ikke_> right, but it also need to know where to look, right? 2017-05-23 12:58:44 <_ikke_> if you have a dedicated partition, the files live just in the root 2017-05-23 12:58:48 you’ve really put a bug in my head (not sure if this is translatable…), I use it for more than 5 years, one co-worker thought me that, but I’ve never questioned how it can actually work 2017-05-23 12:58:58 :) 2017-05-23 12:58:58 <_ikke_> haha 2017-05-23 12:59:11 <_ikke_> perhaps there is some logic in grub to handle this sitation 2017-05-23 12:59:24 syslinux 2017-05-23 12:59:28 or syslinux 2017-05-23 12:59:36 <_ikke_> rite 2017-05-23 12:59:40 I’ve never tried that with grub 2017-05-23 13:00:16 (I use only syslinux everywhere for more than 5 years) 2017-05-23 13:01:38 the problem with partitions is that it makes extending the disk harder… w/o partition, you need to just extend size of the virtual disk and then extend FS, that’s all 2017-05-23 13:02:07 so this is all what i need for automated growing of FS in VMs https://github.com/jirutka/one-context/blob/master/scripts/grow-fs 2017-05-23 13:02:33 <_ikke_> right 2017-05-23 13:02:41 <_ikke_> We use LVM mostly for that reason 2017-05-23 13:14:51 it seems that error rate of my English is directly proportional to my fatigue (I’ve read once more time what I wrote this afternoon) :/ 2017-05-23 13:16:10 <_ikke_> jirutka: That doesn't seem that strange to me 2017-05-23 13:16:28 <_ikke_> less sleep -> decreased focus -> more errors 2017-05-23 13:27:00 ncopa, for a single security patch, should I move the subproject from security to alpine linux? 2017-05-23 13:27:20 I can't see this in https://bugs.alpinelinux.org/issues/7308 2017-05-23 13:27:25 when closed yes 2017-05-23 13:28:36 Properties I can see are "tracker/status/priority/assigned to/version/activity/% completed" 2017-05-23 13:29:00 cannot see how to change the subproject 2017-05-23 13:29:18 you select "Project" 2017-05-23 13:29:25 the first dropdown box 2017-05-23 13:30:29 maybe is a permission issue...I don't have that box 2017-05-23 13:33:44 just mark it as resolved and progress 100% then 2017-05-23 13:35:27 ncopa: http://i.imgur.com/8K4OZQP.png 2017-05-23 13:35:54 try that "description" "edit" 2017-05-23 13:36:46 it opens a form with this: 2017-05-23 13:36:47 http://i.imgur.com/8K4OZQP.png 2017-05-23 13:36:48 ops 2017-05-23 13:36:55 PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). 2017-05-23 13:36:55 h3. References: 2017-05-23 13:36:55 https://nvd.nist.gov/vuln/detail/CVE-2017-8934 2017-05-23 13:36:55 h3. Patch: 2017-05-23 13:36:55 https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08 2017-05-23 13:37:05 no box for changing project 2017-05-23 13:37:14 But i remember that i could do that 2017-05-23 13:37:44 mah 2017-05-23 13:38:22 sounds like permission problem or similar 2017-05-23 13:39:35 alpine-xen works 2017-05-23 13:39:41 and dom-u works 2017-05-23 13:40:03 did aonybody test the other iso images? 2017-05-23 13:40:38 not yet, but I’m gonna soon 2017-05-23 13:41:18 ok 2017-05-23 13:41:32 i tested sys install with lvm root 2017-05-23 13:41:35 worked 2017-05-23 13:41:43 im testing the alpine-virt image now 2017-05-23 13:41:46 in vmware 2017-05-23 13:42:38 there is an issue with xen and keymaps 2017-05-23 13:43:01 apparently openrc detect the rc_sys as XENU 2017-05-23 13:43:08 instead of XEN0 2017-05-23 13:43:23 i think it happens because the /prox/xen is not set up at the time openrc starts 2017-05-23 13:44:15 oh, what do we do with busybox udhcpc 2017-05-23 13:44:36 they direct the info to stderr 2017-05-23 13:45:11 fcolista, can you check your permissions now? 2017-05-23 13:45:49 clandmeter, thx 2017-05-23 13:45:51 http://lists.busybox.net/pipermail/busybox/2017-May/085458.html 2017-05-23 13:46:02 not I see "project" dropbox menu 2017-05-23 13:48:13 ncopa, clandmeter : what's the criteria on security ticket assignments? 2017-05-23 13:48:22 maitnainers tooks care as first? 2017-05-23 13:49:18 i think if you feel comfortable to do it, just do it. 2017-05-23 13:49:50 yeah 2017-05-23 13:50:57 ok 2017-05-23 13:50:59 ncopa, will we have virt without grsec? 2017-05-23 13:51:05 not for 3.6 2017-05-23 13:51:51 setup-xorg-base works with vmware 2017-05-23 13:51:53 is there a fix for grsec on hyperv? 2017-05-23 13:52:09 i don tknow 2017-05-23 13:53:46 <^7heo> yeah 2017-05-23 13:53:48 <^7heo> don't use hyperv. 2017-05-23 13:53:49 <^7heo> Fixed. 2017-05-23 13:53:51 <^7heo> ACTION hides 2017-05-23 13:54:05 as long i can remember hyperv has be problemtic 2017-05-23 13:54:13 i think grsec has worked once in a while 2017-05-23 13:55:20 <^7heo> I do not see the appeal of hyperv personally; but that would rather be a subject for -offtopic. 2017-05-23 13:58:02 hyper-v has been problematic as far i can remember 2017-05-23 13:58:22 i remember i ran alpine-vserver in hyper-v for a while 2017-05-23 14:03:09 afternoon 2017-05-23 14:03:27 ncopa: what was the issue in setup-keymap? 2017-05-23 14:04:21 the init.d script says keyword -xenu 2017-05-23 14:04:32 so the service does not start in xenU 2017-05-23 14:04:42 but openrc thinks dom0 is xenU 2017-05-23 14:04:52 ah yes 2017-05-23 14:04:55 so it does not start on dom0 2017-05-23 14:04:57 i actually ran into this before with someone 2017-05-23 14:05:20 the workaroudn is to set rc_sys="xen0" in /etc/rc.conf 2017-05-23 14:09:04 jirutka: curious why this was removed https://git.alpinelinux.org/cgit/aports/commit/?id=f267ad1d8d993fc0ad5e97a85413064231ae1286 as you need a way to bootstrap ghc on new platforms otherwise ghc can't build itself 2017-05-23 14:09:45 mitchty: ’cause fabled told me that ghc-bootstrap is not used and will not be used anymore 2017-05-23 14:11:17 jirutka: ok, though I'd expect you'd want to ensure you can demonstrate the port moving from glibc->alpine linux is still possible to do similar to the debian rebootstrap project, but if not it simplifies my work 2017-05-23 14:13:49 mitchty: it also simplified review a lot, I’ve reviewed and improved ghc already some time ago, but ghc-bootstrap was… quite big issue 2017-05-23 14:14:13 btw did we move cabal to community yet? 2017-05-23 14:14:47 Shiz: i've got some fixes for it i'm testing quick 2017-05-23 14:14:58 right 2017-05-23 14:15:29 btw ncopa jirutka this is somewhat relevant: https://txt.shiz.me/YjVhZjI4ZW 2017-05-23 14:15:36 mismatches between busybox applet locations and the ones in packages 2017-05-23 14:15:43 basically amounts to changing the cabal dependencies to stuff that won't change old-time.cabal::https://hackage.haskell.org/package/old-time-1.1.0.3/revision/1.cabal 2017-05-23 14:15:51 meaning that if the package ones gets installed the busybox ones may still exist and be invoked depending on path order 2017-05-23 14:16:50 …/node_modules/which/bin/which is probably irrelevant 2017-05-23 14:17:00 yes 2017-05-23 14:17:04 and the lzma one too 2017-05-23 15:46:44 did apk change recently, its taking a lot longer to install ghc than in the past, on the order of half an hour so far, its doing a ton of fchown/statat calls to apk-new files and then looks to be opening them 2017-05-23 15:59:29 Very interesting story about ugliness of GNU c++ lib https://www.zerotier.com/blog/2017-05-05-theleak.shtml /cc Shiz 2017-05-23 16:01:10 weird, tried again and it installed straight away 2017-05-23 16:47:38 <^7heo> that's weird 2017-05-23 16:47:47 <^7heo> I boot alpine on my new laptop 2017-05-23 16:47:55 <^7heo> I login in the install system 2017-05-23 16:47:59 <^7heo> no keyboard responds anymore. 2017-05-23 16:48:06 <^7heo> but I can still type "root" 2017-05-23 16:49:27 <_ikke_> You mean you don't get output anymore? 2017-05-23 16:50:25 <^7heo> well, it's different symptoms now 2017-05-23 16:50:34 <^7heo> the first time, everything worked perfectly 2017-05-23 16:50:38 <^7heo> until I logged in 2017-05-23 16:50:43 <^7heo> then the output froze 2017-05-23 16:50:45 <_ikke_> modprobe fbcon? 2017-05-23 16:50:56 <^7heo> but the capslock led wasn't reactive either 2017-05-23 16:51:22 <^7heo> also it's not a matter of login 2017-05-23 16:51:24 <^7heo> it's a matter of time 2017-05-23 16:51:36 <^7heo> after some time, the output does not respond anymore. 2017-05-23 16:51:42 <^7heo> and it does it at random times 2017-05-23 16:51:50 <^7heo> so I think it's a faulty firmware load. 2017-05-23 16:53:35 <^7heo> also it only happens when the laptop is docked 2017-05-23 16:55:21 <^7heo> yeah, inserting the laptop in the dock is freezing the laptop. 2017-05-23 16:56:20 when the check() is running? I wanted to run simple test (printing program version :F), but binary is available in $pkgdir, which apparently is created after check() XD 2017-05-23 16:56:40 or there's something wrong with me : 2017-05-23 16:57:11 ^7heo: sounds like kernel issue 2017-05-23 16:57:18 <^7heo> ncopa: not a module? 2017-05-23 16:57:49 scadu: check runs after build before $pkgdir is created (before make install) 2017-05-23 17:01:04 <_ikke_> ncopa: still issues geting xorg to work? 2017-05-23 17:02:45 ncopa: hm, I run make with DESTDIR="$pkgdir/" install in package(). will look into this, thanks 2017-05-23 17:03:39 <^7heo> ncopa: when I insert it in the dock, there's not even network left there. 2017-05-23 17:03:52 <^7heo> no matter what plug I plug it into (dock or laptop) 2017-05-23 17:08:42 _ikke_: i have given up sort of 2017-05-23 17:09:50 ncopa: I’m still thinking about running check after package phase 2017-05-23 17:11:24 ncopa: for two reasons: to avoid unintended changes in generated binaries by bad build systems; and to make testing some software easier or even actually possible (files layout) 2017-05-23 17:12:20 <^7heo> ncopa: also, I tried a `tail -f /var/log/dmesg` via ssh 2017-05-23 17:12:26 <^7heo> ncopa: inserted the laptop in the doc 2017-05-23 17:12:32 <^7heo> ncopa: no additional line printed... 2017-05-23 17:12:51 <^7heo> so either the laptop freezes before it writes to /var/log/dmesg or the connection drops before. 2017-05-23 17:13:20 it happens when modules are loaded? 2017-05-23 17:13:33 google your hardware and linux 2017-05-23 17:13:44 might be you can add a kernel module option to the module triggering it 2017-05-23 17:13:57 <^7heo> when I boot on the dock, it happens randomly after some time 2017-05-23 17:14:05 <^7heo> sometimes I get the login prompt, sometimes not. 2017-05-23 17:15:39 jirutka: would be cool in case like mine :P 2017-05-23 17:16:43 ncopa: and I’m afraid that now it’s the last time we can change w/o bigger problems… 2017-05-23 17:16:50 ok, i think i have everything needed for rc2 2017-05-23 17:17:29 i think changing it will cause major problems already 2017-05-23 17:17:36 :c 2017-05-23 17:17:50 you will need take very care when backporting secfixes 2017-05-23 17:18:34 i think doing secfixes already will be a pain due to all the removals of || return 1 2017-05-23 17:19:12 if any of those are cherry-picked by mistake to older stable branches, then we risk silent breakages 2017-05-23 17:21:25 anything else needs fixing before rc3? 2017-05-23 17:21:37 i havent gotten much feedback on the rc1 and rc2 2017-05-23 17:21:45 dunno yet 2017-05-23 17:24:27 if i dont get any feedback on rc3 then i'll tag 3.6.0 tomrrow 2017-05-23 17:24:42 so last chance to fix issues 2017-05-23 17:26:06 tomorrow?! 2017-05-23 17:26:16 give us some time pls :) 2017-05-23 17:31:57 <_ikke_> I'll try rc3 2017-05-23 17:33:34 https://github.com/weechat/weechat/blob/master/tools/build-test.sh that's what weechat provides. it's triggered by ENABLE_TESTS=ON flag during build. what should I do in this case? not sure if running this in check() has sense 2017-05-23 17:39:29 <_ikke_> 5So it has no make test? 2017-05-23 18:05:41 _ikke_: nope 2017-05-23 18:07:08 quite ugly: http://tpaste.us/K6Ko 2017-05-23 18:07:15 skrzyp: ^ weechat 1.8 2017-05-23 18:07:52 scadu: what is `sed -i '/pkg_search_module/s/ruby-2.2 …` ? o.O 2017-05-23 18:10:50 jirutka: I could adjust the current patch if you would like this way: https://github.com/alpinelinux/aports/blob/master/main/weechat/ruby2.4.patch 2017-05-23 18:11:37 huh, I don’t remember that I wrote this patch… actually don’t remember that I’ve touched weechat at all 2017-05-23 18:11:46 jirutka: :p 2017-05-23 18:11:47 anyway, patch file is imo better for this 2017-05-23 18:11:55 noted 2017-05-23 18:12:20 if upstream does not randomly move these lines in every realease… :P 2017-05-23 18:12:32 jirutka: it fails on 1.8 2017-05-23 18:13:06 that's why I did this ugly sed, but… 2017-05-23 18:14:44 \o/ 2017-05-23 18:15:13 jirutka: aw yis, it was merged already XD 2017-05-23 18:15:22 jirutka: https://github.com/weechat/weechat/commit/8e160c31fe7926b25190b7a3d62bb16877cbf416 2017-05-23 18:16:12 I need a cup of coffee :x 2017-05-23 18:16:58 I’m currently drinking one :P 2017-05-23 18:17:10 h5 2017-05-23 18:18:21 leitao: does NVME kernel module make sense on ppc64le? 2017-05-23 18:18:33 are there any nvme hardware for ppc64le? 2017-05-23 18:18:57 ncopa, yes, we ship them 2017-05-23 18:19:02 even nvme over fabrics 2017-05-23 18:19:07 nice 2017-05-23 18:19:09 very nice 2017-05-23 18:19:11 what they used to all nvmf 2017-05-23 18:19:19 i'll enable the kernel drivers for that then 2017-05-23 18:19:26 ACTION loves nvme 2017-05-23 18:20:44 there were some kernelconfig tweaks needed 2017-05-23 18:20:54 there was no vfat support for example 2017-05-23 18:21:10 i also enabled configfs_fs 2017-05-23 18:21:17 so you can modprobe configs 2017-05-23 18:21:26 and see the running kernel's config 2017-05-23 18:25:59 jirutka: https://github.com/alpinelinux/aports/pull/1562 :) 2017-05-23 18:36:37 leitao: im pushing this: http://tpaste.us/je5v 2017-05-23 18:37:09 scadu: co mnir kłamiesz, jeszcze nie ma w repo 2017-05-23 18:37:14 :/ 2017-05-23 18:38:15 ACTION slaps skrzyp with a russian antonov  2017-05-23 18:38:42 <^7heo> huhu 2017-05-23 18:38:44 <^7heo> that's polish :D 2017-05-23 18:39:13 an antonov is russian :p 2017-05-23 18:39:22 <^7heo> not that; what they were speaking. 2017-05-23 18:39:23 ncopa, Ok. I do not see any issue with that 2017-05-23 18:39:41 leitao: its closer to x86_64 config 2017-05-23 18:39:54 ncopa, and it seems to make sense also 2017-05-23 18:40:02 i know, i didnt say it was russian, it was sarcasm about a different language. 2017-05-23 18:40:02 clandmeter: can't you see dofference between orc runes and latin alphabet? 2017-05-23 18:42:03 I had 3 glasses of wine at dinner jsut now, all polish looks like russian now. 2017-05-23 18:43:22 same with chinese? 2017-05-23 18:44:00 yes, it looks just like taiwanese 2017-05-23 18:46:52 3.6 is getting close 2017-05-23 18:47:44 so 4.0 is getting close 2017-05-23 18:48:04 are we also skipping 4.0? :) 2017-05-23 18:48:37 wut XD 2017-05-23 18:49:04 clandmeter: yes, 25.0 is comming 2017-05-23 18:53:56 lol 2017-05-23 18:57:56 skrzyp: przepraszam Cię skrzypku. nie bądź zły, może krecik zmerguje i będzie w 3.6 :c 2017-05-23 19:01:28 jirutka: krtecek, would you like to update weechat to 1.8? it was released last weekend 2017-05-23 19:04:44 it has linker issues 2017-05-23 19:06:43 hmm 2017-05-23 19:09:26 ACTION removes his hands from weechat 2017-05-23 19:11:15 clandmeter: what haopened? 2017-05-23 19:11:48 skrzyp: https://travis-ci.org/alpinelinux/aports/builds/235337697#L461 and so on 2017-05-23 21:20:13 Shiz: ok fixed https://github.com/alpinelinux/aports/pull/1553 with more stable dependencies 2017-05-23 21:22:41 clandmeter, any chance the data files used to build the db of pkgs.alpinelinux.org could be made public for rsync or similar? would be convenient to have an offline index for when you don't have internet access or the site is slow/down 2017-05-23 21:23:38 did you check the footer? 2017-05-23 21:24:17 alright, I'll open a ticket :) 2017-05-23 21:24:35 a ticket? 2017-05-23 21:24:52 you want the data files to build the db 2017-05-23 21:25:03 not sure what datafiles are in your view 2017-05-23 21:25:19 <_ikke_> https://github.com/alpinelinux/aports-turbo/blob/master/README.md 2017-05-23 21:25:58 the db is generated from apk files 2017-05-23 21:26:05 so you need to have them local to do that. 2017-05-23 21:26:58 yeah, I figured it would be something like that :p but was also hoping it would have some sort of intermediate stage where the file listing from the apk files were serialized to some object storage that could be used for other usecases 2017-05-23 21:27:12 becoming a full alpine mirror just to search packages feels a bit overkill hehe 2017-05-23 21:27:39 data is stored in sqlite 2017-05-23 21:27:45 and its rather large 2017-05-23 21:28:04 because filelist is large per branch/repo/arch 2017-05-23 21:28:45 I wonder how debian and yum does it, with apt-cache and yum provides respectively 2017-05-23 21:29:03 hm, this reminds me yet another thing I wanted to do… 2017-05-23 21:29:36 when i have more time i will add a small function to add /json to uri's so you can get json from pkgs 2017-05-23 21:31:16 trfl, pkgs has been slow or down for you recently? 2017-05-23 21:31:35 definitely doesn't happen a lot, but right now it was 2017-05-23 21:31:59 clandmeter: yeah, that’s almost exactly what I wanted to do ;) 2017-05-23 21:32:01 more often I find myself in situations where I don't have an internet connection and want to figure out which package to install, but those times I do have a full mirror available... 2017-05-23 21:32:06 im pretty close to it, so cant really judge :) 2017-05-23 21:32:41 trfl: i don't think apt-cache has a file listing 2017-05-23 21:32:47 apt-file does though, which is a separate tool 2017-05-23 21:32:58 clandmeter literally sits next to the server running pkgs.a.o :P 2017-05-23 21:33:03 trfl, you can add repo's to you repo file and pull the index 2017-05-23 21:33:12 then you can search also offline 2017-05-23 21:33:30 except filelist wont work untill you install the pkg. 2017-05-23 21:33:37 or use pkgs 2017-05-23 21:33:45 heh, you’re telling that like it’s just a little detail ;) 2017-05-23 21:34:09 you usually don’t need to search files then you already have them installed 2017-05-23 21:35:35 Shiz, did you see my comment about ipxe? 2017-05-23 21:38:09 jirutka, im going on a holiday this week, so you will have 2 weeks to come up with an patch for json output else ill beat you to it ;-) 2017-05-23 21:38:27 clandmeter: this sounds like an ultimatum… 2017-05-23 21:39:38 nyet, didn't 2017-05-23 21:39:50 ? 2017-05-23 21:40:02 talking to clandmeter 2017-05-23 21:40:08 Shiz, https://netboot.xyz/ 2017-05-23 21:40:30 would be nice to have support for it. 2017-05-23 21:40:41 sounds like all it needs is an initramfs with the modloop embedded 2017-05-23 21:40:43 :P 2017-05-23 21:41:20 or fetch it modloop from initramfs? 2017-05-23 21:41:27 oh, you can just dump an iso into it 2017-05-23 21:41:27 -it 2017-05-23 21:41:29 lol 2017-05-23 21:41:31 https://github.com/antonym/netboot.xyz/blob/master/src/blackarch.ipxe 2017-05-23 21:41:33 super easu 2017-05-23 21:49:47 Shiz. i think modloop already has http/ftp support. so we should only need to build a netboot release with network drivers in initramfs and store it on the mirror 2017-05-23 21:51:10 going to bed. gnite. 2017-05-23 21:52:43 clandmeter: i dont think we need to do anything even 2017-05-23 21:52:47 we can just feed it the iso 2017-05-23 21:52:49 :P 2017-05-23 22:09:07 <^7heo> when I start firefox 52, I get SSL_SendAdditionalKeyShares: symbol not found 2017-05-23 22:09:11 <^7heo> any idea what I'm missing? 2017-05-23 22:09:14 <^7heo> an SSL dep I suppose? 2017-05-23 22:11:58 <^7heo> ncopa: any idea? 2017-05-23 22:12:01 <^7heo> kaniini: same question 2017-05-23 22:12:44 NSS 2017-05-23 22:12:59 <^7heo> thing is 2017-05-23 22:13:02 <^7heo> nss is installed. 2017-05-23 22:13:18 <^7heo> apk version nss 2017-05-23 22:13:18 <^7heo> Installed: Available: 2017-05-23 22:13:18 <^7heo> nss-3.27.2-r1 = 3.27.2-r1 2017-05-23 22:13:47 firefox may need rebuild 2017-05-23 22:13:51 <^7heo> nah 2017-05-23 22:13:53 <^7heo> I got it 2017-05-23 22:13:58 <^7heo> 3.27 is not the right version. 2017-05-23 22:14:14 <^7heo> It's not trivial for most users tho 2017-05-23 22:14:23 <^7heo> you gotta use libnss from edge 2017-05-23 22:15:59 firefox was rebuilt super recently 2017-05-23 22:16:11 ^7heo: 3.5 or edge? 2017-05-23 22:16:18 cc trfl 2017-05-23 22:16:36 ay 2017-05-23 22:16:55 sure i can do a rebuild, but maybe not tonight :p 2017-05-23 22:17:09 no, i'm just wondering if you know anything about this 2017-05-23 22:17:16 since i don't think we bumped nss since your firefox version bump PR 2017-05-23 22:17:39 nah we didn't, but https still worked fwiw 2017-05-23 22:18:40 oh, i think theo is on 3.5 2017-05-23 22:19:05 <^7heo> Shiz: 3.5 but let's be honest, there's no firefox in 3.5 2017-05-23 22:19:07 <^7heo> so edge... ;D 2017-05-23 22:19:15 doesnt 3.5 have firefox-esr? 2017-05-23 22:19:21 <^7heo> I didn't find it 2017-05-23 22:19:25 it does 2017-05-23 22:19:27 <^7heo> but again I was searching for firefox 2017-05-23 22:19:29 http://pkgs.alpinelinux.org/package/v3.5/community/x86_64/firefox-esr 2017-05-23 22:19:31 <^7heo> so there might be that. 2017-05-23 22:19:37 the package is also called firefox-esr in edge though 2017-05-23 22:19:38 <^7heo> right 2017-05-23 22:19:39 :P 2017-05-23 22:19:49 <^7heo> nah 2017-05-23 22:19:56 <^7heo> firefox-52.0.2-r0 2017-05-23 22:19:57 but yeah you know the drill with mixing stable and edge 2017-05-23 22:20:01 <^7heo> yeah... 2017-05-23 22:20:07 <^7heo> it's just not straighforward for lusers 2017-05-23 22:20:13 <^7heo> but since we have -esr, no worries 2017-05-23 22:20:17 ah edge also carries normal firefox 2017-05-23 22:20:21 ... which needs an upgrade 2017-05-23 22:20:23 ACTION pokes trfl 2017-05-23 22:20:25 :p 2017-05-23 22:20:44 <^7heo> yeah well, for now, it'll work. 2017-05-23 22:20:50 <^7heo> it's a temp setup for a candidate so... 2017-05-23 22:20:57 <^7heo> I'll just keep it like it is for now 2017-05-23 22:21:08 <^7heo> and when we hire a dude 2017-05-23 22:21:13 <^7heo> that'll be my laptop 2017-05-23 22:21:14 <^7heo> so... 2017-05-23 22:23:23 oh dear, yep it's in testing 2017-05-23 22:23:28 I only looked in community :x 2017-05-23 22:25:46 <^7heo> :D 2017-05-23 22:25:47 <^7heo> happens. 2017-05-23 22:25:52 <^7heo> that's why we test stuff. 2017-05-23 22:28:43 well, this one is on your own anyway 2017-05-23 22:28:46 dont mix edge and stable 2017-05-23 22:28:48 :P 2017-05-23 22:30:05 oh hey, latest firefox requires the rust compiler to build 2017-05-23 22:30:09 nice timing Shiz! 2017-05-23 22:30:22 <^7heo> Shiz: well, I didn't know firefox was in stable. 2017-05-23 22:30:49 its not 2017-05-23 22:30:51 but testing is edge 2017-05-23 22:30:57 and you said you ran 3.5 2017-05-23 22:30:58 ;p 2017-05-23 22:31:00 <^7heo> yeah. 2017-05-23 22:31:09 <^7heo> Shiz: also; it's not like alpine is super mature; it's very nicely done deep in the system; but packages aren't exactly bulletproof 2017-05-23 22:31:12 <^7heo> we need better QA 2017-05-23 22:31:20 <^7heo> we don't even have actual systematic testing 2017-05-23 22:31:22 ^7heo: that's why we're adding check() 2017-05-23 22:31:24 and soname rebuilds 2017-05-23 22:31:26 :) 2017-05-23 22:31:27 <^7heo> yeah 2017-05-23 22:31:30 <^7heo> it's getting better 2017-05-23 22:31:33 <^7heo> I know; it's really cool 2017-05-23 22:31:41 <^7heo> but don't blame me for using "what works" ™ 2017-05-23 22:31:46 <^7heo> It's been that way for years. 2017-05-23 22:32:37 hey, i've got more leeway to complain to a fellow dev :p 2017-05-23 22:32:38 <_ikke_> ncopa: just installed a new vm with qemu + and setup-xorg-base, lxdm, xfce4 and it worked right awat 2017-05-23 22:33:31 <^7heo> Shiz: myeaah 2017-05-23 22:33:38 <^7heo> Shiz: whatever, I'll beer you, and let's drop it. 2017-05-23 22:33:44 <^7heo> oh wait, you don't beer, do you? 2017-05-23 22:33:44 i was just kidding anyway 2017-05-23 22:33:48 i very much do beer 2017-05-23 22:33:51 i don't do coffee though 2017-05-23 22:36:34 wait, why is Firefox still in testing? 2017-05-23 22:36:55 aha, we have firefox-esr in community, okay 2017-05-23 22:37:48 latest version of firefox is gonna be a bit more tricky to build than esr, I'll give it a shot tomorrow if nobody beats me to it 2017-05-23 22:47:53 \o 2017-05-23 23:15:32 jirutka: have a few changes for idris that I ran into building on arm, though i found it on x86_64 as well, i'll validate them a bit more tonight but looks like a new version of the text library caused some shenanigans with the prepare stuff 2017-05-23 23:16:55 and if anyone could check that this move of cabal from testing to community is kosher that would help, have to keep ghc+cabal together generally https://github.com/alpinelinux/aports/pull/1553 2017-05-23 23:24:57 mitchty: https://github.com/alpinelinux/aports/pull/1553#discussion_r118129596 2017-05-23 23:25:42 mitchty: how exactly would it solve the problem – building them in single abuild? 2017-05-23 23:42:52 kaniini - just curious, have you pushed the apk manifest code anywhere yet? 2017-05-23 23:43:50 yeah apk-tools.git 2017-05-23 23:45:35 Cool, thank you - I'll start playing with it :) 2017-05-23 23:53:48 it's not ready for what you want yet. 2017-05-23 23:55:53 Not *quite*, but getting much closer! Can pkg->version be accessed in a simple manner, or do I need to create a buffer and copy it from the blob like the csum_buf? 2017-05-23 23:56:17 (type=apk_blob_t) 2017-05-23 23:58:45 What are the semantics for BLOB_PRINTF? I'm not groking it right off. 2017-05-24 00:11:08 Also, wtf is 'z[]' for in fetch.c? 2017-05-24 01:25:21 it's non-free proprietary software encoded in apk-tools as part of a voluntary NSA implant programme 2017-05-24 01:25:36 didn't you read about it on wikileaks? 2017-05-24 01:25:40 *LOL* 2017-05-24 01:26:41 if you really want to know: apk --force fetch coffee 2017-05-24 01:26:58 Now, do I build a binary just to dump it and make sure? :P 2017-05-24 01:27:17 Okay, that's awesome :) 2017-05-24 01:27:25 Well played. 2017-05-24 01:27:28 i am pretty sure it is explanatory in the source, really 2017-05-24 01:29:06 ...and RE: BLOB_PRINTF? 2017-05-24 01:29:11 BLOB_FMT is "%.*s" which takes two arguments, 2017-05-24 01:29:25 BLOB_PRINTF is a macro which expands those two arguments for the sake of BLOB_FMT 2017-05-24 01:30:08 Okay, so I can use that directly to get the pkg version? Or is there a proper macro for that too? 2017-05-24 01:30:32 if you're wondering that the %.* format modifier does, it defines an upper boundary on how large the supplied buffer (e.g. passed in as argument) may be 2017-05-24 01:30:49 what precisely are you trying to do? 2017-05-24 01:32:26 I'm attempting to add an additional manifest format that provides the arch, package name, package version, checksums, filenames, and link targets, as well as uid/gid/mode/size if feasible. 2017-05-24 01:33:07 right now i rather add manifest generation for a given APK file. as you can tell right now, it only introspects the apkdb 2017-05-24 01:33:35 I want to solve the feature request for a package index allowing search by file for uninstalled packages. 2017-05-24 01:34:17 Good enough - I'll mess with adding the additional formatting, just want to use the right macros :)( 2017-05-24 01:36:46 It looks like it's a rather convoluted path to read an apk file using the same mechanism - I couldn't actually figure out where the hook would go without already having a hash key in an index. 2017-05-24 01:38:35 well 2017-05-24 01:38:38 what i'm saying is 2017-05-24 01:38:48 i'm likely to rewrite the entire tool fundamentally 2017-05-24 01:38:58 which may break your patch 2017-05-24 01:39:22 so if you want to hack on apk manifest i would suggest beating me to the apk file stuff 2017-05-24 01:40:46 If I knew where to start on the apk file interface, I'd dig in. Where does it read a .apk file in the code without the information preloaded from the index? 2017-05-24 01:41:02 The code for fetch was barking up the wrong tree. 2017-05-24 01:41:15 :D 2017-05-24 01:41:39 (sorry, couldn't resist the pun) 2017-05-24 01:43:29 <^7heo> tsss 2017-05-24 01:46:18 another thing done already is 2017-05-24 01:47:04 apk gen --key-file=... --control-dir=... --data-dir=... 2017-05-24 01:48:05 Very cool - it automatically handles appending the archives, stripping the extra header, and signing, outputting a valid .apk? 2017-05-24 01:48:18 What is the resulting apk name? 2017-05-24 01:48:18 <^7heo> btw 2017-05-24 01:48:30 <^7heo> we should gather again 2017-05-24 01:48:40 <^7heo> last time we didn't exchange kes 2017-05-24 01:48:42 <^7heo> keys 2017-05-24 01:49:03 pgp is for losers 2017-05-24 01:51:04 TemptorSent: no, it just synthesizes a valid apk from scratch 2017-05-24 01:52:37 I mean it creates the control archive, including sig, and appends the data archive without an extra empty tar header in the middle. 2017-05-24 01:54:41 <^7heo> kaniini: what would you use instead? 2017-05-24 01:56:48 TemptorSent: that's not a valid apk. the extra header is used to tell the sections apart. 2017-05-24 01:56:59 ^7heo: signify 2017-05-24 01:58:47 kaniini: Hmm, I though it only had a single empty header in the middle, allowing standard tar to read the entire archive without seeing a premature end of archive (two empty headers in a row) 2017-05-24 01:59:41 TemptorSent: yes and it keeps that 2017-05-24 02:02:46 TemptorSent: i also want apk fetch --source to fetch the source files used to generate the APK 2017-05-24 02:03:48 Now that would be cool! 2017-05-24 02:04:20 TemptorSent: and for that matter, apk add --make-depends to create a virtual package and add a packages makedepdnds/checkdepends (as recorded in apkindex) 2017-05-24 02:04:54 I like it! 2017-05-24 02:05:28 <^7heo> kaniini: http://www.openbsd.org/papers/bsdcan-signify.html 2017-05-24 02:05:40 <^7heo> kaniini: that? 2017-05-24 02:05:59 @kaniini │ TemptorSent: i also want apk fetch --source to fetch the source files used to generate the APK 2017-05-24 02:06:00 ^7heo: yes 2017-05-24 02:06:05 so they would be embedded in .PKGINFO? 2017-05-24 02:06:08 How do we handle building such source? aports? 2017-05-24 02:06:20 Shiz: yes 2017-05-24 02:06:30 TemptorSent: in alpine, abuild 2017-05-24 02:07:06 What about the patches/files in each package abuild directory? 2017-05-24 02:07:32 <^7heo> kaniini: that's exactly equivalent to pgp, requirement wise 2017-05-24 02:08:19 ^7heo: yes but has a less hostile user experience 2017-05-24 02:09:01 TemptorSent: aports is just a collection of those :) 2017-05-24 02:09:29 TemptorSent: and, apk is used by distributions other than alpine 2017-05-24 02:09:30 Right, but how do you package that in a manner that allows apk fetch --source to work? 2017-05-24 02:09:30 <^7heo> kaniini: sure, that's a good thing 2017-05-24 02:09:45 <^7heo> kaniini: but for now pgp also works 2017-05-24 02:10:05 wouldn't know, don't use it 2017-05-24 02:10:26 i don't use software that makes me angry 2017-05-24 02:10:33 what other distros use apk? 2017-05-24 02:10:36 out of curiosity 2017-05-24 02:10:51 <^7heo> adelie 2017-05-24 02:11:03 <^7heo> but it's modified afaik 2017-05-24 02:11:16 Shiz: adelie which uses its own build system based on portage 2017-05-24 02:11:31 (poor souls?) 2017-05-24 02:11:32 :p 2017-05-24 02:11:37 <^7heo> tsss 2017-05-24 02:11:58 ^7heo: nope. apk has upstream support for RSA/SHA256 signatures now 2017-05-24 02:12:21 What about SHA512? 2017-05-24 02:12:39 yes, that too. 2017-05-24 02:12:59 It seems SHA256 is quickly being deprecated. 2017-05-24 02:13:13 apparently the RSA/SHA signatures also works with ECDSA 2017-05-24 02:13:21 that uhm 2017-05-24 02:13:26 i would verify that 2017-05-24 02:13:27 :P 2017-05-24 02:13:35 but i wouldn't recommend it as it's not an officially supported configuration :) 2017-05-24 02:14:26 fuzzy version selection is the only patch adelie has and i'm inclined to incorporate it as well 2017-05-24 02:14:45 it would be useful for alpine users 2017-05-24 02:14:54 <^7heo> yeah 2017-05-24 02:14:56 that seems useful yes 2017-05-24 02:15:03 Supporting ec25519 would be nice. 2017-05-24 02:15:47 Signing with both sha512 and ec25519 would protect from just about all reasonable collision attacks. 2017-05-24 02:15:49 adelie imo is more of a thought experiment though 2017-05-24 02:15:49 at this point 2017-05-24 02:16:01 because from what i hear gentoo is kinda falling apart these days 2017-05-24 02:16:30 <^7heo> naaah 2017-05-24 02:16:39 TemptorSent: 'both' 2017-05-24 02:16:42 they would be a single scheme 2017-05-24 02:16:52 like there's more alpine devs than active gentoo devs and such 2017-05-24 02:16:53 you can't sign something with sha512, and you can't sign something effectively with just asymmetric crypto 2017-05-24 02:16:55 :P 2017-05-24 02:17:05 kaniini: idk, people have been saying that gentoo is dying for 10 years 2017-05-24 02:17:09 it doesn't seem to be going anywhere 2017-05-24 02:17:49 the people there still working on it i guess are doing good work tho 2017-05-24 02:18:04 <^7heo> if it hasn_t moved for 10 years 2017-05-24 02:18:14 <^7heo> it's probably dead 2017-05-24 02:18:18 by going anywhere i mean going away 2017-05-24 02:18:25 it certainly has moved 2017-05-24 02:18:25 there are also the alpine derivatives 2017-05-24 02:18:26 <^7heo> I knw 2017-05-24 02:18:34 <^7heo> srry I had to 2017-05-24 02:19:26 Sorry Shiz, I meant RSA/SHA512 and ED25519 2017-05-24 02:19:45 it would be Ed25519/SHA512 too 2017-05-24 02:19:46 hopefully 2017-05-24 02:19:50 :) 2017-05-24 02:20:02 Right, that's how ed25519 is defined IIRC 2017-05-24 02:20:07 umm 2017-05-24 02:20:10 no 2017-05-24 02:20:21 ed25519 is just a asymmetric keypair scheme 2017-05-24 02:20:26 you can use whatever hash you want 2017-05-24 02:20:40 actually 2017-05-24 02:20:42 no he's right 2017-05-24 02:20:45 kaniini: EdDSA is the scene 2017-05-24 02:20:55 ed25519 is EdDSA paramterized to Curve25519 and SHA512 2017-05-24 02:20:56 The ed25519 dsa specifies a SHA512 hash 2017-05-24 02:20:57 apparently 2017-05-24 02:21:05 but apk needs proper ed25519 support 2017-05-24 02:21:10 https://en.wikipedia.org/wiki/EdDSA#Ed25519 2017-05-24 02:21:16 see here 2017-05-24 02:21:21 either way 2017-05-24 02:21:26 SHA512 is actually part of ed25519, did not know this either 2017-05-24 02:23:48 there are also internal alpine derivatives too 2017-05-24 02:24:17 at dayjob there's a customized initramfs, does that count as alpine derivative 2017-05-24 02:24:19 i know of a few institutions who rebuild the entire distribution 2017-05-24 02:24:19 :P 2017-05-24 02:24:25 and sign it with their own keys 2017-05-24 02:25:26 adelie kind of started as a thought experiment at day job 2017-05-24 02:25:43 we wanted a backup plan for our alpine machines 2017-05-24 02:25:46 Okay, so my question regarding how to make 'apk fetch --source' fetch everything needed to build the package remains... Does it basically mean we include the contents of the package's port directory in the resulting package? 2017-05-24 02:26:14 no 2017-05-24 02:26:26 it would just be URI list generated by abuild 2017-05-24 02:26:33 Oh. 2017-05-24 02:26:40 i mean 2017-05-24 02:27:01 you could add the files in the apkbuild directory prefixed by the primary git remote as URLS 2017-05-24 02:27:01 So it would lack all the alpine patches/initscripts/etc.? 2017-05-24 02:27:03 :D 2017-05-24 02:27:27 That would work if apk could figure out how to fetch from them I guess. 2017-05-24 02:27:34 it was a joke 2017-05-24 02:27:38 i'd prefer that apk not rely on git 2017-05-24 02:28:23 Well, not from git itself, but from a http accessible front end to the repo... 2017-05-24 02:28:43 That might be a sane solution. 2017-05-24 02:53:15 kaniini: Okay, so looking at verify.c, it appears essentially the same code for the input stream would be used, replacing apk_sign_ctx_verify_tar with apk_manifest_from_tar or some such function, yes? 2017-05-24 02:54:51 what about not-abuild generated apks? just a thought to toss in 2017-05-24 02:55:35 awilfox: Good question -- any thoughts on how to handle source in a dist-agnostic fashion? 2017-05-24 02:56:50 abuild is rather tightly tied to the .apk format currently it appears (not necessarily the other way around of course) 2017-05-24 02:57:20 TemptorSent: something in the manifest possibly. thinking something like... SOURCE: uri://foo.bar/package-1.2.3.txz SOURCE: uri://foo.bar/package-1.2.3-data.txz PATCH: uri://distro.org/package/0001-musl.patch 2017-05-24 02:57:27 TemptorSent: oslt 2017-05-24 02:58:21 That would work well for handling the discrete patches, but the sed magic and such in APKBUILDS is likely a problem. 2017-05-24 02:58:31 note that there are definitely packages with more than one source tarball (ones I can think of off the top of my head: gimp, torcs, xen) 2017-05-24 02:58:35 and ofc more than one patch 2017-05-24 02:59:13 It would take a major overhaul of aports to extract all the magic to agnostic scripts. 2017-05-24 02:59:20 TemptorSent: sed magic is evil, and that sort of thing should be done in patches imo, of course if you are doing version strings then you have more maintenance burden... 2017-05-24 03:00:23 Yeah, but often a sed or awk script is required to transform something that's otherwise a moving target. 2017-05-24 03:00:33 apk fetch shouldn't fetch everything needed to build a package 2017-05-24 03:00:39 TemptorSent: over in Adélie I am in the middle of trying to completely revamp the ebuilds we use to have the minimal amount possible of "magic" and get as close to "./configure; make; make install DESTDIR=/usr/src/package/image/" as possible for every package, and that has meant a lot of trying to make people upstream build system fixes 2017-05-24 03:00:41 Paths/versions/name-conflicts... 2017-05-24 03:00:41 if you want to do that, clone aports tat the right revision 2017-05-24 03:00:47 jamming everything into the .apk is utterly useless 2017-05-24 03:01:07 s/tat/git at/ 2017-05-24 03:01:15 ^ I agree with this, tbh 2017-05-24 03:01:24 The problem is most users who want to build one or two packages from source probably don't want to build anythign ELSE from source. 2017-05-24 03:01:25 apk source --fetch means "fetch source", and probably patches 2017-05-24 03:01:30 not "fetch the entire build system" 2017-05-24 03:01:46 it's not like aports is a heavy repo 2017-05-24 03:02:24 with debian (hopefully I am not immediately /kicked for mention the "D" word, I know foul language is prohibited here), apt-get source fetches the .deb stuff from their repo along with the package 2017-05-24 03:02:27 Right, but if you build it and it doesn't work as expected without manual intervention, it's going to be rather painful to support. 2017-05-24 03:02:29 but that isn't necessarily a requirement 2017-05-24 03:03:12 Right - but including a pointer to the original packaging repo is probably a good way to handle it. 2017-05-24 03:03:12 apk fetch --source is not for building the package 2017-05-24 03:03:19 it's for fetching source 2017-05-24 03:03:24 exactly 2017-05-24 03:03:27 which as I said, can be easily done with SOURCE: PATCH: 2017-05-24 03:03:38 If desired, you could define more than one for different dists in the same package I suppose. 2017-05-24 03:03:40 zero-or-more of PATCH, one-or-more of SOURCE 2017-05-24 03:03:58 awilfox: there's packages with zero remote sources 2017-05-24 03:04:00 so not quite 2017-05-24 03:04:07 well actually, zero-or-more of SOURCE for packages that have no sources 2017-05-24 03:04:13 :) 2017-05-24 03:04:16 Yeah, those are the ones that require the repository :) 2017-05-24 03:04:30 almost every package requires the remote repo 2017-05-24 03:04:37 repeat after me: apk fetch is NOT for building packages 2017-05-24 03:04:42 SOURCE-REPO: SOURCE-FILE: PATCH-FILE: 2017-05-24 03:05:14 What is the point of fetching source if you're not going to build a local package with it? 2017-05-24 03:05:19 inspection 2017-05-24 03:05:21 gdb stepping 2017-05-24 03:05:25 auditing 2017-05-24 03:05:26 That's what kaniini just spent a lot of time making possible. 2017-05-24 03:05:42 I have used `apt-get source` a lot of times, and built a package with it once 2017-05-24 03:05:42 what awilfox said 2017-05-24 03:05:50 it's not for building packages 2017-05-24 03:05:55 and it's not feasible to make it so 2017-05-24 03:05:58 nor desirable 2017-05-24 03:06:04 So you DON'T want to manage custom built source with apk? 2017-05-24 03:06:11 correct 2017-05-24 03:06:13 i don't 2017-05-24 03:06:17 Tell kaniini. 2017-05-24 03:06:27 i'm sure he already knows my opinion 2017-05-24 03:06:50 apk manages .apks 2017-05-24 03:07:16 So now we have to do some sort of 'fake' package crap to satisfy deps, and conflicting files will not resolve? 2017-05-24 03:07:34 nothing fake about it 2017-05-24 03:07:46 Why on earth would that be preferable to making .apks easy to build and using apk to manage them? 2017-05-24 03:07:55 .apks are easy to build 2017-05-24 03:07:59 that's the entire purpose of abuild 2017-05-24 03:08:04 Um, you install say php from source... 2017-05-24 03:08:20 now, you have somethign that depends on it -- now what? 2017-05-24 03:08:40 then you shouldn't stop trying to use the package manager for things that are not packages 2017-05-24 03:08:44 should* 2017-05-24 03:10:41 The whole point is to make it EASY to make a package. 2017-05-24 03:10:54 yes, which is abuild's purpose 2017-05-24 03:10:56 not apk's 2017-05-24 03:19:31 I don't care about abuild, portage, or whatnot - I'm talking about the actual packaging of an apk. 2017-05-24 03:20:07 see 'apk gen' above. 2017-05-24 03:21:17 If you're going to fetch source, fetch ALL sources, including the original repo directory contents. 2017-05-24 03:21:49 that's not gonna happen 2017-05-24 03:21:52 i can tell you that much 2017-05-24 03:22:23 Why the hell not? You're telling me we can't fetch ONE directory out of aports without cloning the entire thing? 2017-05-24 03:22:47 that is exactly what i'm telling you 2017-05-24 03:25:44 Fine, then list EVERY file in the source repo or fetch recursively! 2017-05-24 03:26:10 no 2017-05-24 03:26:25 Then what does it mean to fetch the source of alpine-baselayout? 2017-05-24 03:26:34 nothing, probably 2017-05-24 03:26:47 You have a dozen files in there. 2017-05-24 03:26:53 the source is identical to the package 2017-05-24 03:27:00 it has no meaningful definition of source 2017-05-24 03:27:19 No, it's not -- it generate shadow using awk, for instance. 2017-05-24 03:27:40 in the APKBUILD 2017-05-24 03:27:52 so fetching all files in the git repo wouldnt help anything with that 2017-05-24 03:27:53 As well as several other files using echo. (Yes, in the APK build) 2017-05-24 03:28:02 So the package != source. 2017-05-24 03:28:48 Okay, I give up - we clearly have very different concepts of what the source of a package consists of. 2017-05-24 03:29:23 embedding the source from your definition is not feasible or desirable in the apk 2017-05-24 03:29:51 I'm not wanting to embed it in the apk, I just want a link to it's repo in the apk! 2017-05-24 03:30:12 that is what i mean 2017-05-24 03:31:06 Why is it logical to provide uris for the source files to build the binaries, but not the source of the REST of the PACKAGE? 2017-05-24 03:31:58 because 1) those urls can't be meaningfully easily determined 2017-05-24 03:32:18 2) to actually do something with them apk would incur a dependency on whatever protocol the source uses, which is both varying and probably not desirable 2017-05-24 03:33:26 and no, the url of the primary git repo is not meaningful or usable 2017-05-24 03:33:30 git repo remote* 2017-05-24 03:33:37 I'm sorry, but your logic isn't making sense. Why would those uris be any harder to determine than the uris for the upstream source? A local package uses local uris. 2017-05-24 03:33:38 because let me show you mine 2017-05-24 03:33:47 » git remote get-url origin 2017-05-24 03:33:49 alpine:aports 2017-05-24 03:34:02 okay, so tell me how you would determine the url 2017-05-24 03:34:19 the upstream source are embedded into the APKBUILDs 2017-05-24 03:34:22 source URLs* 2017-05-24 03:34:23 Okay, what's wrong with that for the uri? 2017-05-24 03:34:48 it's not at all meaningful? 2017-05-24 03:34:51 algitbot:alpine:aports/... 2017-05-24 03:35:09 nobody can do anything with that url 2017-05-24 03:35:10 git:alpine:aports/.../ 2017-05-24 03:35:33 assuming your intent is to allow people to fetch it themselves, that url is literally useless 2017-05-24 03:36:05 Assuming we resolve alpine to an alpine git repo, why not? 2017-05-24 03:36:36 that's a big assumption 2017-05-24 03:36:41 this is just local config on my side 2017-05-24 03:36:49 i could call the host mcpoopyhead and it would still be valid for me 2017-05-24 03:37:03 Yeah, the user is welcome to resolve it however they want. 2017-05-24 03:37:07 are you going to try to map every possible variation for every developer for every machine to the 'public-reachable' url 2017-05-24 03:37:15 for g.a.o 2017-05-24 03:38:31 No, I'm expecting we can list the origin repo by name and resolve it. 2017-05-24 03:39:19 that is not a name, it's a full URL 2017-05-24 03:39:20 The user may have to set the appropriate upstream if they want something other than what we resolve. 2017-05-24 03:39:53 aports is the repo, alpine is your host, yes? 2017-05-24 03:40:09 aports is the path 2017-05-24 03:40:11 alpine is the host 2017-05-24 03:40:17 it's a SSH URL 2017-05-24 03:40:54 aports == aports.git? 2017-05-24 03:41:02 aports == aports 2017-05-24 03:41:28 aports is the root of the git repository? 2017-05-24 03:41:40 yes 2017-05-24 03:41:46 Close enough. 2017-05-24 03:43:20 So if we have a repo name, why don't we just treat it the same way we do the apk dist repos and specify the source repos in /etc/apk/repositories? 2017-05-24 03:43:33 (or a parallel file) 2017-05-24 03:43:37 wtf? 2017-05-24 03:45:02 just matching by repo name is awful, for one 2017-05-24 03:45:17 If we fetched a .apk from a particular repository, WTF can't we also fetch the package source? 2017-05-24 03:45:35 because they are two separate systems 2017-05-24 03:46:39 Because storing a copy of the contents of the package port when it builds the package is hard why? 2017-05-24 03:47:16 not hard, just semantically wrong 2017-05-24 03:47:31 anyway 2017-05-24 03:47:33 im going to bed 2017-05-24 03:47:36 this is tiring 2017-05-24 03:47:44 How is it semantically wrong to store the source of the package itself? 2017-05-24 03:48:22 call it a .sapk for all I care. 2017-05-24 03:49:54 oh for fucks sake 2017-05-24 03:50:32 TemptorSent: we want to keep apk agnostic of package build systems (other distributions use apk, again) 2017-05-24 03:50:39 Sorry kaniini - didn't mean to spam you out. 2017-05-24 03:50:57 TemptorSent: so the sapk would be redundant 2017-05-24 03:51:26 kaniini: Understood - but aside from the APKBUILD itself, the contents of the aports directory is in many cases the complete source of a package. 2017-05-24 03:52:25 by sapk, I mean a signed tarfile of the package's aport directory. 2017-05-24 03:52:41 Or whatever source build system. 2017-05-24 03:52:42 TemptorSent: tell that to adelie 2017-05-24 03:53:02 adelie uses portage, right? 2017-05-24 03:53:03 awilfox: can you point me to your collection of APKBUILDs in adelie? 2017-05-24 03:53:22 That's why I said ASIDE from the APKBUILD itself. 2017-05-24 03:54:00 in portage speak, most of the contents of the aport directories would go in $pkg/files 2017-05-24 03:54:10 TemptorSent: i just want to record the URIs to the source files and allow apk to download them. you would still use abuild or equivalent to rebuild the package (assuming you wanted to even do that) 2017-05-24 03:54:27 I'm not sure how the hooks are handled in adelie 2017-05-24 03:54:55 kaniini: Okay, so what does 'apk fetch --source alpine-baselayout' mean? 2017-05-24 03:56:18 it would download the sources in $sources with the aports files being prefixed with http://git.alpinelinux.org/aports/raw/... 2017-05-24 03:56:32 At the least, it should probably contain a pointer to 'https://github.com/alpinelinux/aports/master/main/alpine-baselayout/' 2017-05-24 03:56:39 (and yes, also the APKBUILD would be implicitly in the sources list, but that's abuild's job) 2017-05-24 03:56:49 i wasn't aware we officially used github, cool 2017-05-24 03:57:04 Er oops :P 2017-05-24 03:57:21 that's basically what shiz was saying above btw 2017-05-24 03:57:40 apk gen is not about providing a source build system either 2017-05-24 03:57:58 it's about separating concerns properly, so that abuild manages source and apk manages actually composing the binaries it handles 2017-05-24 03:58:00 I had suggested a link to each of the files in the directory and he said absolutely not. 2017-05-24 03:58:36 well luckily that's not really his decision now is it 2017-05-24 03:58:49 My point is that the source of the package includes not just the upstream, but the alpine-created artifacts as well. 2017-05-24 03:59:04 yes, it does absolutely 2017-05-24 03:59:21 but abuild itself should still be used to manage the downloaded artifacts 2017-05-24 03:59:32 So fetching a directory in a manner that abuild can then use directly would be desirable. 2017-05-24 03:59:49 i think largely shiz was scared that you were proposing something along the lines of having apk manage the sources 2017-05-24 04:00:01 Oh, hell no! 2017-05-24 04:00:39 3i have my own separate concerns with your proposal 2017-05-24 04:00:48 since where does 'http://git.alpinelinux.org/aports/raw/' get inferred from 2017-05-24 04:00:56 especially for 3rdparty repos 2017-05-24 04:01:04 which may not have web front ends or different ones 2017-05-24 04:01:04 my goal is two-fold: 2017-05-24 04:01:12 1) make it possible for end-users to be able to easily say "show me the source" and get some sources 2017-05-24 04:01:23 Shiz: abuild config option :) 2017-05-24 04:01:24 Shiz: abuild config option :) 2017-05-24 04:01:38 globally? 2017-05-24 04:01:43 i have one abuild config but multiple repos 2017-05-24 04:01:45 :P 2017-05-24 04:01:50 Shiz: if you disable it, then it does not spit out the urls 2017-05-24 04:02:04 Shiz: in your abuild.conf 2017-05-24 04:02:24 Shiz: i expect apk source metadata to be opt-in anyway 2017-05-24 04:02:37 Shiz: but maybe it would be nice to have repo-specific configs in abuild, too 2017-05-24 04:02:47 i think it would be, since i juggle multiple repos under one user 2017-05-24 04:02:49 :P 2017-05-24 04:02:58 (this would also be nice for the output directory stuff...) 2017-05-24 04:03:18 or just a .abuild.conf in the git root that it finds or whatever 2017-05-24 04:03:19 idc 2017-05-24 04:03:23 some form of repo-specific config 2017-05-24 04:03:34 Shiz: but basically idea is you define it in abuild.conf and if the template is empty, then source metadata wont be emitted 2017-05-24 04:04:29 anyway 2017-05-24 04:04:47 apk gen is not about replacing source managers 2017-05-24 04:05:12 to the contrary, it's about making new source managers easier to write 2017-05-24 04:05:33 based on what we learned from adelie using apk but not abuild 2017-05-24 04:07:27 apk gen and apk fetch --source are completely unrelated things 2017-05-24 04:07:32 apk gen is about simplifying abuild and portage's apk generator 2017-05-24 04:07:33 apk fetch --source is about making it easier for end users to obtain sources for packages (either to examine them or to customize them) 2017-05-24 04:11:09 ...it seems that the two functions are complementary, as the only remaining part needed is the actual build tool. 2017-05-24 04:11:12 so hopefully that clears that up 2017-05-24 04:11:47 yes, but the source manager itself is unspecified by apk 2017-05-24 04:11:54 and we wish to keep it that way 2017-05-24 04:12:13 Right. 2017-05-24 04:13:03 (this is with my apk hat on, not my alpine hat, to be clear. abuild is and will always be the source manager of alpine) 2017-05-24 04:13:04 alpine packages will have APKBUILDs, adelie packages will have .ebuilds 2017-05-24 04:13:51 and hypothetical distribution C could have something that looks like rpm specfiles 2017-05-24 04:13:57 doesn't matter to me 2017-05-24 04:13:59 :) 2017-05-24 04:14:27 i recently met up with an rpm guy and he told me about how rpm specfiles really work 2017-05-24 04:14:32 and my eyes glazed over and i wished for death 2017-05-24 04:15:03 it would likely be possible to make alien-like things using `apk gen` too 2017-05-24 04:15:08 i.e. deb2apk, rpm2apk, etc 2017-05-24 04:15:08 punch line: apparently it is a giant preprocessor hack 2017-05-24 04:15:32 which I would of course never recommend, but can imagine places it might be useful 2017-05-24 04:15:44 say, spotify or mathematica or other things distributed as (rpm|deb) in binary form 2017-05-24 04:15:57 awilfox: especially for script-based applications. 2017-05-24 04:16:00 right that is another reason why we are doing `apk gen` 2017-05-24 04:16:11 [in fact, this is something I was hoping to accomplish anyway, because lsb's tests are packaged in rpm and they are just bash scripts] 2017-05-24 04:16:34 so yeah `apk gen` is a multi-use tool but it should do one thing and do it well: make apks 2017-05-24 04:16:46 Exactly. 2017-05-24 04:16:49 likewise, `apk fetch --source` is a multi-use tool but it should do one thing and do it well: fetch *source* 2017-05-24 04:16:59 not APKBUILD or .ebuild or w/e 2017-05-24 04:17:30 awilfox: those are sources 2017-05-24 04:17:33 awilfox: and need to be fetched 2017-05-24 04:17:40 awilfox: I disagree with that, it should fetch the entire source of the PACKAGE. 2017-05-24 04:17:50 there is nothing preventing abuild from making a SOURCE: line that points to alpine/abuild.git/blob/$commit/$package/APKBUILD but that is an implementation detail 2017-05-24 04:17:54 awilfox: but you should use your current source manager to manage the downloaded sources 2017-05-24 04:17:55 awilfox: apk shouldnt try to do that 2017-05-24 04:18:10 awilfox: yes 2017-05-24 04:18:32 In other words, give me a directory I can use in abuild on alpine in a private repo 2017-05-24 04:18:59 Or add to an overlay in portage. 2017-05-24 04:19:06 awilfox: but, if you omit that detail then people will argue about whether or not the file that describes what you're doing to said tarball and patch files, then people will be like herp derp just put that tarballs down 2017-05-24 04:19:33 fair point 2017-05-24 04:19:47 so, yes, you can put link-to-apkbuild or ebuild or whatever in as a SOURCE: 2017-05-24 04:19:56 That way I can modifiy it and use the normal build / packaging tools, then manage it like any other package with apk 2017-05-24 04:20:12 and it should likely reference the exact blob ID if possible 2017-05-24 04:20:40 which, unfortunately, makes it a bit harder to test builds before you run them because now you need to have a commit ID 2017-05-24 04:20:52 awilfox: that is my goal :) 2017-05-24 04:20:58 you can either commit but not push, or push and have a builder machine test it (but then master could be broken) 2017-05-24 04:21:03 awilfox: nah 2017-05-24 04:21:16 or just omit the source metadata on test builds 2017-05-24 04:21:16 awilfox: test builds can just use 'dirty' as the hash 2017-05-24 04:21:20 You wouldn't necessarily need the blob ID in advance, you use the current, then tag it. 2017-05-24 04:21:23 very easy to get that out of git 2017-05-24 04:21:29 true 2017-05-24 04:22:14 so does apk gen exist in some form that I can test/play with/attempt to grok? or is it still being discussed? 2017-05-24 04:22:24 just wondering if it warns/errors/whatever if metadata is missing 2017-05-24 04:22:58 I think it should do so but it should choose warning/error based on what metadata it is (name should be fatal, url should be warning, for instance; not all packages have URLs) 2017-05-24 04:23:02 (looking at you, fetchmail) 2017-05-24 04:27:56 awilfox: it exists on my hard disk 2017-05-24 04:28:06 awilfox: i am going to work on manifest first 2017-05-24 04:28:28 awilfox: once that is done, i will integrate and polish up apk gen 2017-05-24 04:30:02 ah okay. that makes sense. 2017-05-24 04:31:14 TemptorSent: and yes, verify.c is a good template for working with APK files 2017-05-24 04:33:25 @kaniini │ punch line: apparently it is a giant preprocessor hack 2017-05-24 04:33:28 i sorta knew this, i think 2017-05-24 04:34:24 and debian control files... 2017-05-24 04:34:27 :( 2017-05-24 04:35:46 kaniini: Excellent - Is there a macro for creating a package struct and a file struct outside the db? 2017-05-24 04:36:38 Also, what parses the .PKGINFO file? 2017-05-24 04:43:15 Ahh, finally figured out how to use BLOB_PRINTF correctly -- didn't realized I had to deref the pointer :) 2017-05-24 04:46:04 kaniini: Is there any way to determine which checksum function was actually used? 2017-05-24 04:47:35 (for now, I guess I'll hard-code sha1 until the rest is ready) 2017-05-24 04:50:31 kaniini: Also, how do links work WRT checksums? 2017-05-24 05:15:39 TemptorSent: length field 2017-05-24 05:20:00 Okay, it's not implemented the same as the xattr_csum then, got it. 2017-05-24 05:22:18 kaniini: Here's what I'm playing with for format right now: http://termbin.com/fu57 2017-05-24 05:27:23 We'll probably want to get the user/group names rather than IDs, since the tarfiles have symbolic, not numeric UIDs IIRC? 2017-05-24 05:28:35 This is begging to get a format specifier like date(1) uses. 2017-05-24 05:44:37 Hmm, do we have any way of distinguishing between distributed and generated files in the apk database? We're going to get two different results with apk manifest on .apk files vs installed packages any time the install scripts create/alter files. 2017-05-24 05:49:01 Looking at it further, I believe the logical way forward would be to refactor the .apk file handling into one place, then expose a package struct and diri tree. 2017-05-24 05:49:42 That should allow any tool that currently operates only on the database to operate on a .apk file in a logical manner. 2017-05-24 05:50:08 Right? 2017-05-24 07:25:54 good morning 2017-05-24 07:25:55 anyone here 2017-05-24 07:35:50 go ahead and ask, people will respond whenever they see your question :> 2017-05-24 07:38:19 cool :p 2017-05-24 07:38:30 so I was taking a look at apk-tools 2017-05-24 07:38:58 i see it doesn't use HTTPS or ssl or anything. how does it protect against MITM attacks? 2017-05-24 07:39:15 or just tell me I'm wrong and it does. 2017-05-24 07:39:33 baliste, how did you check then? 2017-05-24 07:40:20 fcolista, reading the source 2017-05-24 07:42:34 baliste, and what part you've read that brought you to this conclusion? 2017-05-24 07:44:46 fcolista, reading files at src/ (add.c/apk.c) 2017-05-24 07:45:02 I mean I see you are verifying the images that's 2017-05-24 07:45:23 but the connecting itself goes over http and not https - please correct me if I am wrong on this. 2017-05-24 07:45:42 s/http/tcp? 2017-05-24 07:48:08 <_ikke_> baliste: All packages and the index is signed 2017-05-24 07:48:36 <_ikke_> baliste: So the packages cannot be altered without invalidating the signature 2017-05-24 07:49:17 mitm cannot happen due to sha512 sum that verifies the integrity of the package. Apk-tools before installing a package verify the sha512 sum 2017-05-24 07:49:31 <_ikke_> the sha512 sum can be altered 2017-05-24 07:49:33 repositories support http, https and ftp 2017-05-24 07:50:07 _ikke_, you should change the local index too 2017-05-24 07:50:10 <_ikke_> it's an rsa signature that verifies the integerity 2017-05-24 07:50:34 yes correct 2017-05-24 07:50:49 rsa verifies the integrity 2017-05-24 08:31:37 maybe this is too much to ask - but can anyone direct me to the code that verifies a package's signature? 2017-05-24 08:32:09 <^7heo> it's in apk 2017-05-24 08:32:25 <_ikke_> baliste: I guess this file: https://git.alpinelinux.org/cgit/apk-tools/tree/src/verify.c 2017-05-24 11:10:46 hi! i know you’re close to a new release, but i’d appreciate someone having a look at (or merging) https://github.com/alpinelinux/aports/pull/1259 (cmake) and https://github.com/alpinelinux/aports/pull/1527 (graphviz) 2017-05-24 11:12:29 <_ikke_> pbregener: I think there was already a feature freeze (rc3 has been tagged and probably the base for the full release) 2017-05-24 11:13:48 _ikke_: i know but given that a bunch of other commits/package upgrades went in after rc3 already, i thought i’d try my luck, too ;) 2017-05-24 12:12:55 pbregener: cmake is used for building a lot of other pkgs, so this should be probably hold until v3.6 release 2017-05-24 12:13:07 ncopa: ^ https://github.com/alpinelinux/aports/pull/1259 ? 2017-05-24 12:13:40 agreed just wanted to make sure it’s still on your radar 2017-05-24 12:15:00 cmake is a thing that builds other packages 2017-05-24 12:15:14 i am afraid that cmake update may result in currently built packages fails to build 2017-05-24 12:15:32 and at thist point we will not rebuild everything that uses cmake to verify that it still builds 2017-05-24 12:15:48 however 2017-05-24 12:15:57 3.8.0 -> 3.8.1 sounds like a bugfix only 2017-05-24 12:16:28 jirutka: if you have a look at the changelog for cmake, and think it is safe, then im ok to merge 2017-05-24 12:16:51 graphviz is probably ok 2017-05-24 12:17:01 i dont there are many other packages depending on it 2017-05-24 12:22:15 anybody knows? http://patchwork.alpinelinux.org/project is dead? last patches are from 2017-05-04 2017-05-24 12:38:03 vakartel: honest question, are you trying to avoid code reviews? you used to use GH for patches and then suddenly after few review cycles of bad quality PRs you switched to patchwork… 2017-05-24 12:43:25 I use patchwork if I make a single-shot patches (like version upgrades) and use github, if I suspect that there may be a debate and/or changes in the patch 2017-05-24 12:44:59 I really see no sence to create new branch in git to make just a version upgrade 2017-05-24 12:45:33 <_ikke_> branches are cheap 2017-05-24 12:46:56 well, this is new aport, not an upgrade http://patchwork.alpinelinux.org/patch/3370/ 2017-05-24 12:47:44 this is actually very controversial change, it triggered even a flamewar on IRC http://patchwork.alpinelinux.org/patch/3362/ 2017-05-24 12:52:26 I’ve quickly looked into others and gonna merge some of them at evening 2017-05-24 12:53:51 I’ve marked http://patchwork.alpinelinux.org/patch/3403/ as superseded, someone alredy updated it 2017-05-24 12:58:14 vakartel: ugh, i’ve already told you several times, please do not squash multiple unrelated changes into single commit and always write commit subject that briefly describes all changes made in the commit; this patch http://patchwork.alpinelinux.org/patch/3355/ contain a lot more changes than just “fix user creation in post-install”! 2017-05-24 13:00:25 I can't describe all changes in subject, but it described in body -- "add nut home dir /var/lib/nut used for scheduler 2017-05-24 13:00:25 fix libexec and driver dirs (libexec -> lib) 2017-05-24 13:00:25 add using dns in init-scripts 2017-05-24 13:00:25 remove conf.d files from package because it have no sence for now 2017-05-24 13:00:25 cleanups in APKBUILD and init-scripts" 2017-05-24 13:00:40 <_ikke_> vakartel: that's a sign you need multiple commits 2017-05-24 13:01:23 vakartel: when you do just few unrelated changes when it’d be overkill to split them into separate commits, then use some general commit subject like “fix multiple issues”, “improve abuild” or something like that, but never EVER write “fix user creation in post-install” and then do ten other changes beside this… 2017-05-24 13:04:22 vakartel: it’s especially important to decouple pure refactoring that does not change the resulting package and changes which affects the resulting package 2017-05-24 13:05:18 vakartel: the worst you can do is to bury few functional changes in dozens of refactoring or cosmetic changes 2017-05-24 13:06:47 these are reasons why I have to rewrite all your changes into php package one after the other, b/c it was nearly impossible to understand what the heck you’ve actually changed and how 2017-05-24 13:07:04 yes, it's right. But it's sometimes hard to split all changes I made, because I made it while use it on real working devices. So I posted a combined result of my expirience of using... 2017-05-24 13:07:55 you can split it ex-post… it’s git, not SVN 2017-05-24 13:08:22 git rebase is your friend ;) 2017-05-24 13:11:28 i do it myself, sometimes I change too many things at once when trying to build/fix something and then when I’m finished, I go through the changes I made and split them to multiple commits 2017-05-24 13:15:57 git rebase is my nightmare. I not use git or other cvs-s in my main work. So I know a little about it and try to understand it as needed. 2017-05-24 13:17:17 Ok, I'll try to move all my patches from patchwork to github and split it somehow. 2017-05-24 13:18:39 what VCS do you use at work? 2017-05-24 13:22:19 cvs a little. just for cisco devices configuration history 2017-05-24 13:31:08 CVS? i’m really sorry for you, i’d probably shoot myself or quit the job if forced to use CVS 2017-05-24 13:37:03 it's ok. I made a script 10 years ago that grabs configs from switches and routers and just updates it in cvs. It was an only expirience with vcs-s. 2017-05-24 15:14:54 hi, how can I build my own fork of apk-tools? can I just build it delete the original binaries and use? 2017-05-24 15:23:10 baliste : you clone aports tree, $ cd aports/main/apk-tools ; abuild -r then add /home/username/packages/main to your /etc/apk/repositories, then install apk-tools from your local repo. 2017-05-24 15:23:42 @channel : I think we have one or some repositories that do not sync up to date 2017-05-24 15:24:50 tmh1999, can I clone apk-tools (via git) - build it with make then make install? or are there issues that can show up 2017-05-24 15:25:35 dl-6 is unreachable for me 2017-05-24 15:26:11 baliste : abuild -r step will do the make and make install for you. it is the recipe to build packages in Alpine way 2017-05-24 15:27:15 tmh1999, yes that's fair - I just don't want to clone the aports tree 2017-05-24 15:27:36 you see I'm building a docker image that should compile my version of apk-tools (and it's the only thing I'm changing) 2017-05-24 15:27:44 --depth 1 won't kill :D especially if you clone into a tmpfs file system :D 2017-05-24 15:40:56 http://dl-6.alpinelinux.org/alpine/ 2017-05-24 15:40:56 http://mirrors.cug.edu.cn/alpine/ 2017-05-24 15:40:59 http://mirrors.cicku.me/alpine/ 2017-05-24 15:41:08 unreachable for me :( 2017-05-24 15:41:17 tried with my remote servers too 2017-05-24 15:43:01 baliste: yes, you can 2017-05-24 16:24:17 ncopa: did you figure out what that keymap issue was caused by? 2017-05-24 17:46:58 with xen? 2017-05-24 17:47:00 yes 2017-05-24 17:47:26 im gonna tag and branch 3.6 now 2017-05-24 17:57:11 did we fix that udhcpc issue? 2017-05-24 18:00:23 <^7heo> Gosh 2017-05-24 18:00:30 <^7heo> crond wants busybox syslog started... 2017-05-24 18:00:36 <^7heo> yet I have syslog-ng installed... 2017-05-24 18:00:40 <^7heo> that sucks. 2017-05-24 18:01:02 why does it want that? 2017-05-24 18:01:09 <^7heo> No idea. 2017-05-24 18:01:19 <^7heo> I stop syslog, it stops crond 2017-05-24 18:01:19 <^7heo> ok 2017-05-24 18:01:23 <^7heo> I start syslog-ng 2017-05-24 18:01:25 <^7heo> I start crond 2017-05-24 18:01:29 <^7heo> it starts syslog 2017-05-24 18:01:30 <^7heo> v_v 2017-05-24 18:04:10 <^7heo> Also some fucking programs overwrites /etc/syslog-ng/syslog-ng.conf or whatnot. 2017-05-24 18:04:15 <^7heo> my configuration is always lost. 2017-05-24 18:05:31 <^7heo> Ok the /etc/syslog-ng/syslog-ng.conf is actually generated at restart 2017-05-24 18:05:34 <^7heo> weird but whatever. 2017-05-24 18:07:28 <^7heo> At least now it works. 2017-05-24 18:07:32 <^7heo> But I still have no crond 2017-05-24 18:07:33 <^7heo> v_v 2017-05-24 18:07:37 Shiz: have you updated release notes (Julia added)? 2017-05-24 18:07:52 nyet 2017-05-24 18:08:04 ncopa: was the cabal PR merged before 3.6? 2017-05-24 18:08:19 Shiz: no, b/c of issues 2017-05-24 18:08:22 okay 2017-05-24 18:08:30 i havent merged anything today 2017-05-24 18:08:51 Shiz: https://github.com/alpinelinux/aports/pull/1553#discussion_r118118737 2017-05-24 18:09:00 yeah just opened the page 2017-05-24 18:09:26 Shiz: but having ghc in community is IMO still huge improvement, even without cabal 2017-05-24 18:09:53 I’m just sad that rust is built only for x86_64 now 2017-05-24 18:11:05 <^7heo> I really really don't get it. 2017-05-24 18:11:12 <^7heo> crond wants 'logger' 2017-05-24 18:11:17 <^7heo> both syslog and syslog-ng provide it 2017-05-24 18:11:29 <^7heo> why is crond starting logger when syslog-ng is started? 2017-05-24 18:11:42 wants? there’s no such dependency keyword in OpenRC, is there? 2017-05-24 18:11:52 Shiz: was this the last edition? https://txt.shiz.me/Y2RhOTA1Mm 2017-05-24 18:12:10 i think it changed a bit, lemme see 2017-05-24 18:12:34 <^7heo> jirutka: needs, not wants, but same difference. 2017-05-24 18:13:00 https://txt.shiz.me/MjU0NjNjN2 2017-05-24 18:13:54 <^7heo> using rc-service instead of /etc/init.d/crond start was the solution 2017-05-24 18:13:58 <^7heo> it's weird tho. 2017-05-24 18:14:08 that... shouldn't make any difference 2017-05-24 18:14:19 Shiz: could you please sort “Significant updates” alphabetically? 2017-05-24 18:14:27 <^7heo> Shiz: I know; but it does. 2017-05-24 18:14:29 <^7heo> OR 2017-05-24 18:14:43 <^7heo> maybe it's me actually removing syslog from the default boot runlevel and adding syslog-ng instead. 2017-05-24 18:14:44 ^7heo: what?! there should not be any difference between starting with /etc/init.d/foo and rc-service 2017-05-24 18:14:51 <^7heo> would THAT be computed when starting crond? 2017-05-24 18:15:11 <^7heo> (to satisfy the 'needs' requirement even if there already is a service running that provides it?) 2017-05-24 18:15:17 https://txt.shiz.me/YTBhZTRiOT 2017-05-24 18:15:19 sorted 2017-05-24 18:15:35 the service must be in runlevel to satisfy needs requirement 2017-05-24 18:15:56 hm, now Go is before most of others… ok, nevermind 2017-05-24 18:16:14 ^7heo: dependencies must be in the same runlevel, afaik 2017-05-24 18:16:17 what jirutka said 2017-05-24 18:16:33 <^7heo> ah SAME runlevel. 2017-05-24 18:16:34 <^7heo> ok. 2017-05-24 18:16:40 <^7heo> now it makese sense. 2017-05-24 18:16:51 <^7heo> syslog-ng was in needed/wanted and crond in default. 2017-05-24 18:17:01 <^7heo> since I placed syslong-ng in default, it's now good. 2017-05-24 18:17:16 <^7heo> Thanks guys. 2017-05-24 18:17:32 I’m trying to remember what other important changes we made 2017-05-24 18:17:52 but it’s hard, I hardly remember what I was doing a week ago 2017-05-24 18:18:00 <^7heo> +1 2017-05-24 18:26:02 we’ve added or moved from testing: rethinkdb, mongodb (not sure if it’s really noteworthy…) , vis, yarn, 2017-05-24 18:47:29 does this look good? http://wwwtest.alpinelinux.org/posts/Alpine-3.6.0-released.html 2017-05-24 18:48:29 wow, I’m at the second place! 2017-05-24 18:50:11 at least i'm in the top 20 2017-05-24 18:50:13 :p 2017-05-24 18:52:28 commit count is not a good meter 2017-05-24 18:52:37 the best meter is clandmeter :) 2017-05-24 18:53:04 :P 2017-05-24 18:53:11 lgtm 2017-05-24 18:53:12 ncopa: added links https://dpaste.de/r6Jb/raw 2017-05-24 18:53:45 jirutka: can you push it directly to alpine-mksite master? 2017-05-24 18:53:52 yes 2017-05-24 18:54:39 is it just me or is rsync.a.o a bit slow? 2017-05-24 18:54:46 i can only dl at 300k/s 2017-05-24 18:57:14 10 MiB/s 2017-05-24 18:59:21 <^7heo> if I `nohup foo &` 2017-05-24 18:59:29 <^7heo> will foo run forever until it exits/crash? 2017-05-24 18:59:46 yes 2017-05-24 18:59:46 <^7heo> (no matter what else happens - aside from computer reboot or explicit killing) 2017-05-24 18:59:56 <^7heo> great, thanks ncopa 2017-05-24 19:02:26 okay, I’m gonna add v3.6 and new platforms to pkgs.a.o 2017-05-24 19:08:05 ncopa: should be v3.3 and v3.4 still on the list? 2017-05-24 19:09:18 they are still supported 2017-05-24 19:09:23 okay 2017-05-24 19:09:30 https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases 2017-05-24 19:30:42 gosh, we should seriously switch to a *real* database :( 2017-05-24 19:34:43 2019-15-01 release date ? 2017-05-24 19:34:43 :D 2017-05-24 19:34:46 er support date 2017-05-24 19:39:05 is 'immediate availability of version 3.6.0' intended? (compared with the 3.5.0 release post) 2017-05-24 20:16:03 dsabogal: im open to suggestions 2017-05-24 20:17:09 im not native english speaking (and i dont think Shiz is either) so help with wording is appreciatet 2017-05-24 20:23:00 does this sound better? We are pleased to announce the release of Alpine Linux 3.6.0, the first in the v3.6 stable series. 2017-05-24 20:24:55 i just took that verbatim from the 3.5.2 announcement 2017-05-24 20:24:57 it is valid english 2017-05-24 20:25:00 ncopa: yes, it sounds better. i was just pointing out that it seemed to have been copied from a minor release post (where immediate makes sense) 2017-05-24 20:25:18 ok 2017-05-24 20:25:49 we also dont have an "credits" section 2017-05-24 20:25:56 we probably should 2017-05-24 20:26:03 but i am afraid of forgetting someone :) 2017-05-24 20:42:12 ncopa, I contributed with two different emails, can I join both contributions together? 2017-05-24 20:42:24 :) 2017-05-24 20:42:28 its git shortlog :) 2017-05-24 20:42:39 i suppose i can join them 2017-05-24 20:42:43 manually 2017-05-24 20:44:40 ncopa, cool, thanks! 2017-05-24 20:50:28 \o/ 2017-05-24 20:51:30 I just find out darkhttp is so cool, which a.o is running. back in the day I was struggling writing my own web server based on libevent. 2017-05-24 20:54:37 ncopa : https://alpinelinux.org/posts/Alpine-3.6.0-released.html is not found 2017-05-24 20:57:25 tmh1999: http://wwwtest.alpinelinux.org/posts/Alpine-3.6.0-released.html 2017-05-24 20:57:30 not published yet 2017-05-24 20:58:16 ah right ! 2017-05-24 20:58:51 thought it automatically fetched from alpine-mksite 2017-05-24 21:05:26 it does 2017-05-24 21:05:36 ncopa : The full list of changes can be found in the git log and bug tracker. gitlog and bug tracker point to b2b.gigabyte.com and create.io 2017-05-24 21:05:45 i think i just fixed that 2017-05-24 21:05:49 can you refresh? 2017-05-24 21:06:44 ok i think i push it 2017-05-24 21:06:47 gotcha 2017-05-24 21:07:01 actually IBM System z is correct :D but it is not a big deal 2017-05-24 21:07:16 leitao asked me to change it to Z 2017-05-24 21:07:37 but i suppose he is a POWER guy :) 2017-05-24 21:07:41 :D 2017-05-24 21:08:09 lowercase z would be correct yeah 2017-05-24 21:08:17 tmh1999: so what you do now is to ask me change POWER to pOWER ;) 2017-05-24 21:08:18 ncopa, sorry about it. 2017-05-24 21:08:39 ncopa, my fault. 2017-05-24 21:08:44 or p0W3r :D 2017-05-24 21:08:55 tmh1999: that sounds cool! 2017-05-24 21:08:59 IBM POWA 2017-05-24 21:09:11 in fact, I think the correct naming is "IBM z Systems" 2017-05-24 21:09:53 don't worry it is not a big deal. I have seen people using System Z or System z all the time. To be exact, our Alpine s390x should be "Linux on z" https://en.wikipedia.org/wiki/Linux_on_z_Systems. System z can run many OS. Linux is one of them. 2017-05-24 21:10:14 IBM z System 2017-05-24 21:10:22 sounds more correct to me :) 2017-05-24 21:10:33 https://en.wikipedia.org/wiki/IBM_System_z 2017-05-24 21:10:45 leitao is right officially : "IBM z Systems" 2017-05-24 21:10:50 IBM System z (officially "IBM z Systems" 2017-05-24 21:10:56 yup 2017-05-24 21:11:10 but most people I work with usually say System z. so, it's not a big deal. 2017-05-24 21:11:24 In fact, Power systems is being renamed also. IBM almost do not like to change names. 2017-05-24 21:11:41 interesting 2017-05-24 21:13:17 Shiz : POWA, sounds like a Japanese 2017-05-24 21:13:33 refresh 2017-05-24 21:13:35 ok to push? 2017-05-24 21:13:43 ポワですね? 2017-05-24 21:13:51 \o/ 2017-05-24 21:14:42 here we go 2017-05-24 21:17:39 ncopa: please tweet it from @AlpineLinux account ;) 2017-05-24 21:19:25 ncopa, should we have ppc64le and s390x images from https://www.alpinelinux.org/downloads/ ? 2017-05-24 21:21:13 Don't forget to ping phoronix with the announcement :) 2017-05-24 21:25:12 leitao: yes we should have those images on downloads page, i will fix that tomorrow 2017-05-24 21:25:19 ncopa, ok 2017-05-24 21:25:35 TemptorSent: i pinged distrowatch, which is the phoronix email? 2017-05-24 21:25:44 TemptorSent: care to send to phoronix? 2017-05-24 21:26:03 i suppose they could subscribe to alpine-announce if they were interested 2017-05-24 21:26:20 Just send it to @phoronix twitter? 2017-05-24 21:27:51 I think email is phoronix@phoronix.com 2017-05-24 21:28:04 It would be better coming from an @alpinelinux address :) 2017-05-24 21:30:00 I'm sure /. will pick it up eventually - I'm not active there other than lurking these days. 2017-05-24 21:32:19 thank you everyone 2017-05-24 21:32:24 im going to bed 2017-05-24 21:32:36 Congratulations, and goodnight! 2017-05-24 21:34:00 night ncopa 2017-05-24 21:35:10 jirutka, how big is the sqlite db now? 2017-05-24 21:35:14 ncopa: good night, sleep well! 2017-05-24 21:35:42 clandmeter: 3.1 GiB 2017-05-24 21:36:10 and still pretty fast :D 2017-05-24 21:37:01 clandmeter: it almost collapsed when importing v3.6… 2017-05-24 21:38:50 the smallest table is the slowest i think 2017-05-24 21:39:00 Out of curiousity, WTF is sqlite being used for a database that large? 2017-05-24 21:39:08 TemptorSent: exactly 2017-05-24 21:39:26 because it just works 2017-05-24 21:39:28 TemptorSent: I’m asking the same question every time I see it 2017-05-24 21:39:41 Postgres is your friend. 2017-05-24 21:39:47 exactly! 2017-05-24 21:40:38 What does the DB contain that it's up to 3.1G in the first place? Every version of every package? 2017-05-24 21:41:03 filelist of every pkg 2017-05-24 21:41:29 ^this is why we don't want that in the APKINDEX 2017-05-24 21:41:31 :P 2017-05-24 21:41:35 Okay, every package EVER? 2017-05-24 21:41:40 no 2017-05-24 21:41:42 every current package 2017-05-24 21:41:45 for 3.3-3.6 and edge 2017-05-24 21:42:03 and the DB schema is not very well designed 2017-05-24 21:42:07 Somehow, that seems beyond absurd, but I suppose it's not impossible. 2017-05-24 21:42:16 yes 2017-05-24 21:42:20 It should compress VERY well. 2017-05-24 21:42:42 it’s sqlite, embedded DB for tiny things, not for something like this! 2017-05-24 21:42:58 I’m really surprised that it still somehow works… 2017-05-24 21:43:09 Well, given enough memory... :) 2017-05-24 21:44:05 the schema is so bad, it still works at 3.1G :) 2017-05-24 21:44:57 i didn’t say that it’s bad, just not well designed… 2017-05-24 21:45:02 there are even functional problems 2017-05-24 21:45:18 like that bumping pkgrel also erases flag 2017-05-24 21:45:25 is there any other schema you need than (id: int, branch: enum, arch: enum, repo: enum, pkgname, pkgver) and (pkgid: int, path)? 2017-05-24 21:45:36 yes 2017-05-24 21:46:05 Especially if you want it fast and enforcing relational integrity. 2017-05-24 21:46:33 relational integrity? there’s no such thing in this db :/ 2017-05-24 21:46:45 Right. 2017-05-24 21:48:46 For what it's primarily used for, the path and hash value for that file/link target for link should form a primay key 2017-05-24 21:50:33 With the package relation being a secondary key. 2017-05-24 21:50:53 primary keys have to be unique... 2017-05-24 21:51:05 path + hash IS unique. 2017-05-24 21:51:19 Or you have the same item :) 2017-05-24 21:51:25 yes, which is often enough the case... 2017-05-24 21:51:43 So, why store multiple copies of th metadata? 2017-05-24 21:51:47 also, you're the only one talking about hashes here, i don't see why they need to be added 2017-05-24 21:52:25 How else do you tell if a file changed? 2017-05-24 21:52:38 sigh 2017-05-24 21:52:50 you... don't? 2017-05-24 21:52:57 it's a file list, not a file content list 2017-05-24 21:53:29 however, storing hash of every file is not a bad idea, it may be useful for various things 2017-05-24 21:53:44 if you want massive duplicate entries, sure 2017-05-24 21:53:47 :P 2017-05-24 21:53:53 If two packages have the same path, it's nice to know if it's in fact the same content or not. 2017-05-24 21:53:54 we could add many things that "could" be usefull 2017-05-24 21:53:56 actually opposite… 2017-05-24 21:54:17 TemptorSent: you're *again* pulling extra things into scope that is not the point of the discussion 2017-05-24 21:54:19 please stop doing that 2017-05-24 21:54:46 Determining whether the version in a given branch is different than the one you currently have isn't useful? 2017-05-24 21:55:05 it is useful, just quite out of scope of pkgs.a.o… 2017-05-24 21:55:07 it's not the point of the file list 2017-05-24 21:55:25 we could add automated beverage making abilities to p.a.o, that doesn't mean it's relevant to it 2017-05-24 21:55:36 please stop trying to pull extra things into scope in discussions about other things 2017-05-24 21:55:44 ^ +1 2017-05-24 21:56:07 it's fine to have those ideas, but have separate discussions for them 2017-05-24 21:56:09 :P 2017-05-24 21:56:12 If I have a file on my local machine, I take it's hash, and look at the one in the current package -- if they differ, I might upgrade because of a particular issue, otherwise, I might not care. 2017-05-24 21:57:43 Is it a generic file list, or a specific $pkg-$pkgver vs path list? 2017-05-24 21:58:24 file list per each individual pkg 2017-05-24 21:58:27 If a file builds differently in one branch than another for the same package, I might want to know that too. 2017-05-24 21:58:44 groan 2017-05-24 21:58:51 please, if you want to have this discussion, start it another time 2017-05-24 21:58:58 Using a real database makes asking useful questions much easier. 2017-05-24 21:59:01 not when we are talking about other things 2017-05-24 21:59:23 pkgs filelist function is to search for filenames, it has not other function. if you need something more advance hook it into apk-tools or some other tool. 2017-05-24 22:00:29 apk-tools can't help unless EVERY package you want to query is installed (which is impossible for many reasons) 2017-05-24 22:01:23 When I think file list, I'm thinking at least as detailed as tar -tvf, and preferably better. 2017-05-24 22:01:52 TemptorSent: we all know about it 2017-05-24 22:02:03 TemptorSent: IIRC it’s planned to new major version of apk-tools 2017-05-24 22:02:15 and sqlite is maybe not optimal for large db's, but until now it works acceptable, and the major benefit is less maintenance then mariadb or postgress. 2017-05-24 22:02:22 If I'm trying to diagnose something, being able to get as much detail as possible on what I SHOULD have from the web interface would be immeasurably helpful. 2017-05-24 22:02:43 @Shiz │ it's fine to have those ideas, but have separate discussions for them 2017-05-24 22:02:43 I find postgres to be very low maint. 2017-05-24 22:02:46 please. 2017-05-24 22:03:21 yes, there has been talk to implement filelist into apk-tools as a separate index. 2017-05-24 22:03:32 So you're going to consider redesigning the database without considering what information you'd like to be able to retrieve? 2017-05-24 22:04:13 but still, even if those indexes exist, apk tools wont have the functions to do more adv queries. (and i dont think fabled is planning to implement that). 2017-05-24 22:14:46 btw, question 2017-05-24 22:14:50 why is it called nodejs and nodejs-current 2017-05-24 22:14:56 shouldn't it be something like nodejs and nodejs-lts? 2017-05-24 22:15:45 no 2017-05-24 22:15:53 b/c nodejs is the default 2017-05-24 22:16:14 nodejs-current (“current” is how upstream calls it) is the latest with short support period 2017-05-24 22:16:24 https://github.com/nodejs/LTS 2017-05-24 22:16:35 alright 2017-05-24 22:17:11 some distributions do not provide “current” at all, just LTS named simply as “nodejs” 2017-05-24 22:17:39 i'm almost thinking we should call it nodejs-lts with provides="nodejs" 2017-05-24 22:17:41 :P 2017-05-24 22:17:52 why? 2017-05-24 22:18:02 i’d just confuse users imo 2017-05-24 22:18:15 because semantically it seems more like nodejs is a virtual that could be fulfilled by either nodejs-lts or nodejs-current 2017-05-24 22:18:21 better for dependencies etc 2017-05-24 22:18:40 I think that we should promote stable version, not unstable 2017-05-24 22:18:54 sure, and as such if you # apk add nodejs it will nodejs-lts by default 2017-05-24 22:19:13 nodejs-current has shorter support period than our main repo, that’s why it’s in community 2017-05-24 22:19:23 i know... 2017-05-24 22:19:39 currenty nodejs-current provides=nodejs 2017-05-24 22:20:20 there’s similar situation with nginx, just we don’t have nginx-mainline pkg (yet) 2017-05-24 22:20:43 why to name it nginx-stable and nginx-mainline? 2017-05-24 22:21:49 because a package without suffix is confusing imo 2017-05-24 22:21:56 : "because semantically it seems more like nodejs is a virtual that could be fulfilled by either nodejs-lts or nodejs-current" … yeah, you’re right, but that would require proper support for “alternatives”… 2017-05-24 22:21:56 i search for nodejs* in p.a.o, i see nodejs and nodejs-current 2017-05-24 22:22:08 and i wonder what the difference is :P 2017-05-24 22:22:17 if it was named nodejs-lts i could immediately see the difference 2017-05-24 22:22:30 nodejs-current is not very good name :/ 2017-05-24 22:23:09 do you read descriptions? ;) “JavaScript runtime built on V8 engine - LTS version” 2017-05-24 22:23:28 but once again, the main reason for this is our lack of proper support for “alternatives” 2017-05-24 22:23:39 i don't think this is about alternatives, more about virtuals 2017-05-24 22:23:43 :p 2017-05-24 22:24:08 jirutka: descriptions only show when you hover over 2017-05-24 22:24:14 and imo shouldnt be needed to understand the package purpose 2017-05-24 22:24:16 :P 2017-05-24 22:24:27 it’s tightly related 2017-05-24 22:25:43 when you have pkg A and B, both provides=X, you can’t do apk add X 2017-05-24 22:25:54 b/c there’s no mechanism how to decide what is the default 2017-05-24 22:26:44 and since not many ppl understand this problem and we’re all very busy, it’s still not solved 2017-05-24 22:27:00 so we’re still workarounding these limitations of apk :/ 2017-05-24 22:27:07 Virtuals should be used in cases where installing pkgX results in actually installing pkgX1 ... pkgXn. Alternatives should support 1 (or more) of N possible providers. 2017-05-24 22:28:09 this reminds me that I said some time ago that I’ll document this, so I don’t have to explain it every time this topic appear again, but still haven’t done it :( 2017-05-24 22:28:42 I need a time machine :( 2017-05-24 22:29:02 or longer day or I don’t know 2017-05-24 22:29:05 Just don't break down in the past. 2017-05-24 22:30:57 Was the conversation logged perchance? 2017-05-24 22:31:20 every conversation here is logged 2017-05-24 22:31:30 but it’s almost impossible to find something in IRC logs… 2017-05-24 22:32:08 Well, at least knowing the channel helps -- if it was this one, we might have a chance, if it was -offtopic, all bets are off. 2017-05-24 22:32:34 this one 2017-05-24 22:32:50 we usually don’t discuss on topic things in -offtopic 2017-05-24 22:33:06 I recall a discussion on alternatives with kaniini recently. 2017-05-24 22:33:16 yes 2017-05-24 22:33:31 Is that the conversation you're referring to? 2017-05-24 22:33:36 no 2017-05-24 22:33:49 but we’ve discussed this alreday many times 2017-05-24 22:33:55 in past a year or more 2017-05-24 22:35:26 Okay, so where should this get documented so you don't have to feel like the movie groundhog day? 2017-05-24 22:35:59 on wiki… 2017-05-24 22:36:35 Tag as 'apk_TODO'? 2017-05-24 22:36:58 TODO:apk may be better 2017-05-24 22:37:07 I’ve already created https://wiki.alpinelinux.org/wiki/TODO:py3_packages some time ago 2017-05-24 22:37:24 but lists on this page are outdated 2017-05-24 22:37:31 Okay, can we start an 'apk_internals' stub to link it to? 2017-05-24 22:37:32 just fyi 2017-05-24 22:37:53 we need to use the new wiki ;) 2017-05-24 22:37:55 speaking of new wiki 2017-05-24 22:38:01 New wiki? 2017-05-24 22:38:08 i feel like it would be nice if we could get some semeantic organistaion in the urls there 2017-05-24 22:38:13 https://github.com/alpinelinux/alpine-wiki 2017-05-24 22:38:15 Agreed. 2017-05-24 22:38:20 https://docs.alpinelinux.org/Home 2017-05-24 22:38:39 there are SO MANY things needed to do with new wiki to make it usable AND maintainable long-term 2017-05-24 22:39:40 the only thing i can think of is write a bot to merge PRs to it if they don't contain known bad stuff automatically 2017-05-24 22:39:43 like a... wiki :P 2017-05-24 22:39:52 aside from article migration 2017-05-24 22:40:16 ? 2017-05-24 22:40:40 ? 2017-05-24 23:00:15 See https://wiki.alpinelinux.org/wiki/Apk_internals 2017-05-24 23:01:03 There's a stub to start documenting the internals of apk, and a link to the stub for TODO:apk. 2017-05-24 23:19:44 just read the 3.6 news post, did UEFI not make it? 2017-05-24 23:23:22 Shiz: is there some way how to get version information from static library (*.a)? 2017-05-24 23:23:29 no 2017-05-24 23:24:14 Shiz: even when it’s contained in sources and available in runtime, so it must be there somewhere…? 2017-05-24 23:24:49 Shiz: https://github.com/lua/lua/blob/master/lua.h#L21 2017-05-24 23:26:07 I know that this is for preprocessor, but Lua provides lua variable _VERSION, so it must be here somewhere 2017-05-24 23:28:41 ha, strings! but it just returns all strings without any context 2017-05-24 23:29:04 i mean 2017-05-24 23:29:07 not in a genric way 2017-05-24 23:29:40 i need it only for valid Lua libraries 2017-05-24 23:29:49 so i don’t need a generic way in this case 2017-05-24 23:30:34 but it’d be great if it can determine that it’s really lua library and not just binary that happens to include string "Lua x.y" 2017-05-24 23:42:30 why do you need to determine this from the .a? 2017-05-24 23:43:42 to verify that the given/found static library is in the correct version 2017-05-24 23:58:07 i don't think symbol/string hackery is right... 2017-05-24 23:59:35 me neither, so what is the right solution? :) 2017-05-25 00:29:25 Hello, small question : I see on https://github.com/alpinelinux/mkinitfs/blob/master/nlplug-findfs.c#L877 that nlplug-findfs doesn't search for apkovl in other place than the device root directory, is there a reason why ? Is it considerable to make this configurable or set it to 2 to allow placing apkovl in a sub directory ? 2017-05-25 00:33:42 (also, at least on a rpi, nlplug-findfs seems to take several seconds to run, I guess it could be one of the slow thing in the boot, wouldn't it be a good option to let the user specify the "boot device" instead of scanning everything (from what I see at https://github.com/alpinelinux/mkinitfs/blob/master/initramfs-init.in#L427) ?) 2017-05-25 08:55:56 minimalism: no UEFI did not make it sorry 2017-05-25 09:06:25 ncopa: Is it still planned for a future release like 3.7? 2017-05-25 09:06:33 yes 2017-05-25 09:06:36 the thing is 2017-05-25 09:06:46 you can set up uefi manually 2017-05-25 09:06:58 we just dont support it form the setup script 2017-05-25 09:07:11 i actually looked at it yesterday 2017-05-25 09:07:28 atleast at gpt partitioning 2017-05-25 09:07:37 and realized that it will take some time to fix it 2017-05-25 09:07:40 and will require some testing 2017-05-25 09:08:55 I know you can set it up manually, I was just looking forward to it having default support so I could dd the image to my USB as a rescue disk and easy way to install Alpine. 2017-05-25 09:09:09 That's cool though if it may happen in 3.7. Looking forward to that. 2017-05-25 09:10:13 https://wiki.alpinelinux.org/wiki/Create_UEFI_boot_USB 2017-05-25 10:51:00 tmh1999_2: it woudl be nice to fix the reso of the s390x build errors in testing 2017-05-25 11:10:37 hm, I wonder if it would be possible to send e-mail notification to package maintainer if there is a PR pending. not all maintainers have push access, but it might be useful. e.g. pr 1562 /cc ncopa 2017-05-25 11:11:03 scadu: good idea 2017-05-25 11:11:15 the maintainer could review and accept it 2017-05-25 11:11:52 then we could have some bot who will pull all the maintainer-accepted PRs that passes travis 2017-05-25 11:12:33 that might be risky 2017-05-25 11:12:36 <^7heo> nice idea 2017-05-25 11:13:00 <^7heo> scadu: depending on our tests 2017-05-25 11:13:18 ^7heo: it would require further discussion on ml 2017-05-25 11:13:30 <^7heo> as always :p 2017-05-25 11:13:56 welp, as always there is discussion on channel and most of us is not able to take a part in this or even follow the discussion 2017-05-25 11:14:04 since it's an offtop after 10 minutes XD 2017-05-25 11:14:31 anyway, email notifications to maintainer about pending PRs would be useful. jirutka, what do you think? 2017-05-25 11:14:34 <^7heo> that's why we have -offtopic 2017-05-25 11:14:54 ^7heo: you know what I'm talking about :P 2017-05-25 11:22:46 rnalrd, https://bugs.alpinelinux.org/issues/7321 2017-05-25 11:23:05 if abi doesn't break, can we upgrade to 4.5.10 ? 2017-05-25 11:23:44 should be okay to upgrade 2017-05-25 11:24:09 it requires other -dev pkgs though 2017-05-25 11:24:42 otherwise i apply a patch and leave the smb-package version 2017-05-25 11:24:45 if they aren't avail in 3.5, then you need to patch 2017-05-25 11:24:55 it's available 2017-05-25 11:25:05 i've added it and is building 2017-05-25 11:25:08 they need to be in main 2017-05-25 11:25:11 ...so far 2017-05-25 11:25:43 yes 2017-05-25 11:25:47 it's acl-dev 2017-05-25 11:25:52 and it's in main 2017-05-25 11:37:48 fcolista: samba is ok to update 2017-05-25 11:38:46 sasmba has pretty good upstream support for older branches, so for those we can upgrade to latest 2017-05-25 11:39:33 soudns good. I'm building 4.5.10 for 3.5-stable 2017-05-25 11:39:44 +1 2017-05-25 11:40:04 how do you :thumb-up: in irc? 2017-05-25 11:44:07 <^7heo> how did we fix the issue in samba? 2017-05-25 11:45:26 upgrade to latest fixed version 2017-05-25 11:47:16 i am very annoyed by the busybox udhcpc issue 2017-05-25 11:47:26 that it prints info on stderr 2017-05-25 11:49:25 If this is not the design flaw the would like to merge a patch I guess 2017-05-25 11:49:31 *they 2017-05-25 12:00:43 consus: it was done on purpose to reduce size 2017-05-25 12:00:55 they removed bb_info_msg 2017-05-25 12:01:00 and replaced tieh bb_error_msg 2017-05-25 12:01:48 fcolista: im working on samba issue on 3.3 2017-05-25 12:03:31 Err 2017-05-25 12:03:32 Wow 2017-05-25 12:04:04 consus: which is why i am annoyed :) 2017-05-25 12:04:35 So they now do not have a distinction between errors and the regular output? 2017-05-25 12:04:49 that is the exact problem 2017-05-25 12:05:01 In *every* goddamn applet? 2017-05-25 12:05:32 http://lists.busybox.net/pipermail/busybox/2017-May/085458.html 2017-05-25 12:05:44 i think it was udhcp mostly 2017-05-25 12:05:51 check the git log 2017-05-25 12:07:08 networking/ntpd.c: bb_error_msg("setting time to %s.%06u (offset %+fs)", buf, (unsigned)tvn.tv_usec, offset); 2017-05-25 12:07:18 Wow 2017-05-25 12:07:28 ntpd actually set time 2017-05-25 12:07:43 That's an error for sure 2017-05-25 12:13:41 Also it's pretty trivial to make a function that accepts FILE * 2017-05-25 12:13:50 And two macros for each level 2017-05-25 12:13:54 stdio/stderr 2017-05-25 12:14:03 No extra size, everyone is happy 2017-05-25 12:20:10 consus: i actually tried that, but it will add a few bytes 2017-05-25 12:20:15 100+ bytes i think 2017-05-25 12:20:40 This is pretty marginal 2017-05-25 12:21:08 i think the reason they removed bb_info_msg was to save fewer bytes than that 2017-05-25 12:21:15 P_P 2017-05-25 12:21:16 check the git log 2017-05-25 12:21:20 Yeah 2017-05-25 12:21:21 63 bytes 2017-05-25 12:25:14 Well 2017-05-25 12:25:33 It does not add anything in my simple stupid test 2017-05-25 12:26:16 But I should play more with the compiler options 2017-05-25 12:27:15 ncopa: scadu: yes, it’s on my TODO list to write such bot 2017-05-25 12:29:51 jirutka: awesome! 2017-05-25 12:33:32 article about Alpine Linux is now on the main page of root.cz (the biggest Czech news server focused on Linux) https://www.root.cz/ ! 2017-05-25 12:34:05 aw yis 2017-05-25 12:34:34 ncopa, #7319 done 2017-05-25 12:34:34 lol, someone in “discussion” is hating that our virtual variant does not boot on Hyper-V 2017-05-25 12:34:57 jirutka, \o/ 2017-05-25 12:35:07 https://bugs.alpinelinux.org/issues/1021 2017-05-25 12:35:25 I don't understand nothing, but it's lightweight and focused on security XD 2017-05-25 12:35:38 how the heck use Hyper-V? 2017-05-25 12:36:06 scadu: you said that you can read Czech a little, didn’t you? :) 2017-05-25 12:37:38 jirutka: more or less :P 2017-05-25 12:38:45 btw the article is not related to our new release, it’s just a coincidence that Petr published it the same day 2017-05-25 12:39:35 I’ve sent him email right after I noticed that to fix information about ppc64le and s390x being in preparation 2017-05-25 12:44:05 ncopa, I'm going to upgrade samba to 4.4.14 in 3.4-stable 2017-05-25 12:50:11 fcolista, im almost done with amba for 3.4 2017-05-25 12:50:21 ah ok 2017-05-25 12:50:23 there were a couple of libs that disapeared 2017-05-25 12:50:26 acl-dev 2017-05-25 12:50:36 what's the other one? 2017-05-25 12:51:02 acl-dev needed? 2017-05-25 12:51:08 yes 2017-05-25 12:51:12 uhm 2017-05-25 12:51:17 ok, i let you pish it then :) 2017-05-25 12:51:29 it was needed for 3.5-stable as well 2017-05-25 12:51:54 configure requires that 2017-05-25 12:58:30 ok i have samba 4.4.14 built on 3.4 2017-05-25 12:58:34 i think i'll push it? 2017-05-25 12:58:38 ok with you fcolista? 2017-05-25 12:58:48 sounds good ncopa 2017-05-25 12:58:57 my version is still building :) 2017-05-25 13:29:23 ncopa, is #7327 referring to edge? 2017-05-25 13:29:31 when i see 3.7 2017-05-25 13:29:44 this is edge, right? 2017-05-25 13:29:56 so a correct commit is: 2017-05-25 13:29:57 main/libtasn1: security fix for CVE-2017-6891. Fixes #7327 2017-05-25 13:31:11 yes 2017-05-25 13:31:17 3.7 is git master 2017-05-25 13:32:17 ok cool 2017-05-25 13:32:18 thx 2017-05-25 13:47:12 is there a stats of Alpine users per platform? I would like to know how many users will use Alpine on ppc64le. 2017-05-25 13:56:50 ncopa, i'm on libtasn1 2017-05-25 13:59:47 leitao: we dont have much stats 2017-05-25 14:05:29 leitao: that yet another thing on my TODO list, but this depends on new mirrors infra (with MQTT) :) 2017-05-25 14:39:58 g++: internal compiler error: Segmentation fault (program cc1plus) 2017-05-25 14:40:07 i get that when building openjdk8 2017-05-25 14:40:11 dunno what happens 2017-05-25 14:40:12 oh dear 2017-05-25 14:40:50 i have seen it before on my workstation 2017-05-25 14:41:01 but apparently, it does not happen on the builder 2017-05-25 14:47:24 ok, i think i found it 2017-05-25 14:47:38 openjdk will automatically pull inn ccache if it is found 2017-05-25 14:49:36 <^7heo> wait, 3.6 is out already? 2017-05-25 14:53:00 yes 2017-05-25 14:53:53 bah 2017-05-25 14:54:00 im stuck on the g++ segfault 2017-05-25 14:54:11 <^7heo> but but but 2017-05-25 14:54:35 <^7heo> rc2 was out only a couple of days ago 2017-05-25 14:55:09 <^7heo> and there was no rc3 2017-05-25 14:55:15 <^7heo> right? 2017-05-25 14:56:29 ncopa: remove ccache? :P 2017-05-25 14:58:34 yup 2017-05-25 14:59:07 ^7heo: 3.6.0 should have been out 1 May 2017-05-25 15:02:03 ncopa: i wanna go experiment with clang as system compiler btw 2017-05-25 15:02:10 not necessarily for official inclusion anytime soon 2017-05-25 15:02:14 but it seems interesting to pursue 2017-05-25 15:02:20 yes 2017-05-25 15:02:33 i dont think kernel wil build with it yet 2017-05-25 15:02:47 i've got a bunch of patches queued up locally that clean up the llvm-related packages 2017-05-25 15:02:57 yeah it needs the llvmlinux patches for that i think 2017-05-25 15:03:05 but it's okay to have *some* pkgs with gcc build deps 2017-05-25 15:03:40 but the goal is a fully gnu-less toolchain base system :P 2017-05-25 15:03:47 meaning clang, compiler-rt, llvm-libunwind, libc++ 2017-05-25 15:03:51 and everything built against that 2017-05-25 15:17:23 hi, 2017-05-25 15:17:29 i'm working on determining viability of moving python2 to community 2017-05-25 15:17:41 i'd like to do this early just to get it out of the way 2017-05-25 15:20:04 I’m afraid that we can’t move python2 to community yet :( 2017-05-25 15:20:23 some non-python pkgs needs python2 to build 2017-05-25 15:21:31 fedora has a lot of patches we can take for that 2017-05-25 15:21:40 they have also been working on making python3 the 'system python' 2017-05-25 15:22:43 hm, yeah, that’s true 2017-05-25 15:27:50 kaniini: sounds like a nice goal for alpine 3.7 2017-05-25 15:27:59 i need to go 2017-05-25 15:28:02 have a nice evening 2017-05-25 15:32:10 yes, i think it's feasible 100% 2017-05-25 15:33:55 <^7heo> Shiz: that would be really great 2017-05-25 15:50:03 i wouldn't make python default to python3 2017-05-25 15:50:11 it's a violation of some or another PEP 2017-05-25 15:52:50 this one https://www.python.org/dev/peps/pep-0394/ 2017-05-25 15:55:37 yeah 2017-05-25 16:15:44 yes, the 'python' command will just be unavailable unless you install python2 2017-05-25 16:15:53 which is compliant with PEP-0394 2017-05-25 16:57:20 rebuilding llvm 2017-05-25 16:57:21 :( 2017-05-25 18:01:33 ncopa : I am working on implementing the EBCDIC in musl, in parallel with making booting s390x in a KVM, whichever comes first I will use it to boot Alpine then we can build packages in testing properly. As a matter of fact, building packages in containers without Alpine kernel brought us some problems. 2017-05-25 18:02:41 ncopa : so that I postpone working on building/fixing packages in testing, is it okay for now ? 2017-05-25 18:43:44 i'm not ncopa, but seems fine to me 2017-05-25 18:49:09 tmh1999: that is fine with me 2017-05-25 18:49:32 tmh1999: but i think you should talk with #musl ppl re the EBCDIC 2017-05-25 18:49:38 might be they dont want it there 2017-05-25 18:50:24 ncopa : I talked with dalias last month, he is cool with it, gave me some instructions 2017-05-25 18:50:33 good 2017-05-25 18:50:39 :D 2017-05-25 18:51:17 im fine with it as long as they are 2017-05-25 18:51:25 point is that we need to cooperate with upstream devs 2017-05-25 18:52:17 sure I will try. when I have a preliminary patch, I will ask them in irc first then ml 2017-05-25 19:00:14 actually I booted Alpine s390x in a KVM alright. but that's on my laptop x86_64, which means emulation mode. I still have problem with booting on s390x host, which is "pure" virtualization 2017-05-25 19:00:31 with some help from kaniini regarding /dev/console last month :) 2017-05-25 19:28:47 Has anyone had any issues with 3.6.0 on the Raspberry Pi 2 (either 1.1 or 1.2 boards)? 2017-05-25 19:34:27 nonarkitten: which issues? 2017-05-25 20:18:49 it seems permissions on /var/tmp changed with edge? 2017-05-25 20:18:56 from 777+t root:root to 755 root:root 2017-05-25 20:18:59 that seems problematic 2017-05-25 20:20:48 at least with certain php5 configurations (not sure if that part is still default), file uploading breaks 2017-05-25 20:20:55 php7 uses /tmp rather than /var/tmp so that remains fine 2017-05-25 20:35:59 kaniini: Would doing something simple like adding an interposer function between apk_tar_parse and apk_sign_ctx_verify_tar that prints the manifest line for each entry be a reasonable approach to implementing manifest-apk-file? 2017-05-25 20:39:01 Doing it in that manner would allow us to mark files failing their verification in the manifest if we so choose. 2017-05-25 20:40:29 oh, regarding the php5 issue it looks like the default is /tmp so it wouldn't have been a problem on stock config 2017-05-25 20:54:00 jirutka: ping 2017-05-25 21:14:55 3.6 simply will not boot for me at all 2017-05-25 21:15:16 If I overwrite the /boot folder then it's okay 2017-05-25 22:16:17 Shiz: pong 2017-05-25 22:16:55 jirutka: im queuing up a bunch of llvm-related pkg patches 2017-05-25 22:17:00 was wondering if you could take a look at them i na bit :) 2017-05-25 22:17:59 yeah, sure, tomorrow 2017-05-25 22:18:31 sure 2017-05-25 22:18:54 jirutka: id like to make an integrated toolchain from the llvm packages 2017-05-25 22:28:49 e.g. 2017-05-25 22:28:54 clang uses compiler-rt, libc++ and lld 2017-05-25 22:28:56 :P 2017-05-25 22:29:25 I’m curious if clang works on x86 correctly 2017-05-25 22:30:17 what was the current issue w/ it again? 2017-05-25 22:32:31 I don’t remember, please look into git logs for compiler-rt or lld, the commit where I disabled x86 or changed back to use gcc for build 2017-05-25 22:32:47 there’s somewhere log from failed build 2017-05-25 22:34:49 gotcha 2017-05-25 22:45:40 https://github.com/alpinelinux/aports/pull/1574 2017-05-25 22:45:43 there we go 2017-05-25 22:50:49 heh, I must really send GitLab devs some info about my packages… they keep adding more and more bloat and yet my gitlab-ce package decreases in size, b/c on every update I found new ways how to optimize size (i.e. found what is redundant or unused) 2017-05-25 22:51:56 today I found that Bundler is stupid and for unknown reason there are binaries of native extensions in three copies… and also all intermediate files (.o) and sources 2017-05-25 23:18:44 If you want bloatless gitlab, you might consider using gitea 2017-05-25 23:19:30 nope 2017-05-25 23:20:05 1st this is not for myself, but company and faculty I work for and they want all the GitLab features 2017-05-25 23:20:32 2nd for myself I don’t want any of these, GitLab for bloat, Gitea for Go 2017-05-25 23:20:45 I thought so 2017-05-25 23:21:06 why you dismiss something on the language it is written in is a eternal mystery to me 2017-05-25 23:21:13 i don't dismiss clang because it's C++ either :p 2017-05-25 23:21:53 it’s more complicated… there are practical and ideological reasons 2017-05-25 23:22:13 I suspect jirutka got scarred by its "elaborate" deps handling 2017-05-25 23:22:30 this is one of them 2017-05-25 23:42:03 i wonder which patches freebsd carries for packagse to work with clang 2017-05-25 23:43:09 jirutka: btw, don't try building LLVM as MinSizeRel 2017-05-25 23:43:15 turns out that doesnt work and breaks the build 2017-05-25 23:43:34 have I tried it? 2017-05-25 23:43:42 I mean, is it currently set to MinSizeRel in abuild? 2017-05-25 23:43:57 I remember that it didn’t work in some pkg, maybe itjs this one 2017-05-25 23:44:53 no, just taking a note 2017-05-25 23:44:55 :P 2017-05-25 23:44:57 i tried it 2017-05-25 23:45:08 okay :) 2017-05-25 23:45:38 TemptorSent: i will try to look at it 2017-05-25 23:45:45 my llvm-tests branch has tests for all llvm packages 2017-05-25 23:45:54 perfect! 2017-05-25 23:45:55 im now working in a system-llvm branch that attempts to make clang the system compiler 2017-05-25 23:45:57 hold my beer, and stuff 2017-05-25 23:46:19 ok 2017-05-25 23:46:38 i'll go ahead and merge 1574 2017-05-25 23:46:53 Shiz: I’ll invite you for a beer on October (at LinuxDays) ;) 2017-05-25 23:47:04 :P 2017-05-25 23:47:18 where's lxdays? 2017-05-25 23:48:19 in Prague 2017-05-25 23:48:33 October 7–8 2017-05-25 23:49:00 where the heck is English version of the conference site… 2017-05-25 23:49:31 i hope ithe conference isn't in czech :P 2017-05-25 23:50:19 more than half of the talks will be in English 2017-05-25 23:51:14 I wrote to the conference organizer to fix this ASAP 2017-05-26 00:00:53 i am dead, must go sleep; gn 2017-05-26 00:02:20 nn! 2017-05-26 00:03:01 nn? not now? XD 2017-05-26 00:03:19 night night 2017-05-26 00:03:21 :p 2017-05-26 00:04:22 ’kay :) 2017-05-26 00:14:45 >>>> llvm4-static*: Package size: 1.7 GB 2017-05-26 00:14:49 something is going awfully wrong here 2017-05-26 00:15:15 don't merge that PR yet kaniini :P 2017-05-26 00:25:33 this is bizarre 2017-05-26 01:01:19 https://bugs.alpinelinux.org/issues/7332 2017-05-26 01:01:23 found issue and filed PR 2017-05-26 01:01:25 filed issue* 2017-05-26 01:01:33 rebased the PR to not include a -dbg subpackage naymore 2017-05-26 01:19:50 https://wiki.freebsd.org/GPLinBase 2017-05-26 01:19:52 interesting 2017-05-26 02:34:23 i have mixed feelings on that 2017-05-26 02:35:05 on one hand, encouraging use of free software is good. on the other hand, clang is just as free as gcc and likely to improve beyond gcc 2017-05-26 02:35:50 and then personally i'm not a huge fan of GPL for core system utilities 2017-05-26 02:41:19 i am likely to think clang is the way forward as far as at least development effort goes 2017-05-26 02:41:26 apple and google pump a lot of effort into clang 2017-05-26 02:42:45 https://txt.shiz.me/MTI2NTA3Mm 2017-05-26 02:43:02 ^ btw, I think this is how to bootstrap an llvm based system i think 2017-05-26 03:06:28 kaniini: you here? 2017-05-26 03:06:34 i seem to be having some issues running bootstrap stuff 2017-05-26 03:08:11 https://txt.shiz.me/YzAwNGY1Mm 2017-05-26 03:08:44 i think you have to run it as root 2017-05-26 03:08:48 i forget 2017-05-26 03:08:53 looks permissions related :) 2017-05-26 03:09:20 but abuild will refuse to run as root 2017-05-26 03:09:22 :P 2017-05-26 03:09:45 idk 2017-05-26 04:01:49 The s6-2.5.1.0 and s6-rc-0.2.0.1 packages, present in Alpine-3.6.0, exhibit random failures that I cannot reproduce when I build the software by hand. 2017-05-26 04:02:03 One of these failures is a SIGILL, which is a very bad sign. 2017-05-26 04:03:24 I've spent too much time tonight trying to isolate the bug, and I need to sleep. 2017-05-26 04:03:44 but my source definitely looks clean, and SIGILL is a smoking gun pointing at the Alpine binaries. 2017-05-26 04:04:30 There's probably something rotten in the way the s6 and s6-rc packages have been built. If the builders or the toolchain are bad, there may be other impacted packages. 2017-05-26 04:05:45 So, I'm just leaving this here for your morning enjoyment. Hate to be the bearer of bad news, but there's an emergency investigation to undertake here. 2017-05-26 04:06:03 Have a nice day. 2017-05-26 09:11:16 Shiz : scripts/bootstrap.sh detects directories by using PWD. you need to cd into scripts dir and run : ./bootstrap.sh 2017-05-26 09:20:50 Shiz: I look forward to your work. having a single compiler for cross-compilation is a dream coming true. 2017-05-26 10:25:25 Sorry for not making a more precise bug-report earlier. 2017-05-26 10:26:08 The arch I experienced the bug on is x86_64. More precisely, this happens on a Virtualbox VM running a pristine alpine-3.6.0 iso, with rootfs = initramfs. 2017-05-26 10:29:52 umh..interesting 2017-05-26 10:32:56 if it were me, I'd give a long hard look at the 3.6.0 toolchain and the build options 2017-05-26 12:45:41 skarnet: thanks for reporting, this seems problematic 2017-05-26 13:10:19 i've an issue with a bootable usb 2017-05-26 13:10:22 alpine 3.6 2017-05-26 13:10:41 /media/usb is mounted RO, and this is the standard 2017-05-26 13:11:07 an apk upgrade that should write in the /media/usb/cache segfaults because it's RO 2017-05-26 13:11:25 also an apk update returns erroe 2017-05-26 13:11:26 also an apk update returns error 2017-05-26 13:11:50 i need to mount -o remount,rw /media/usb and then apk update works fine 2017-05-26 13:11:54 it's only me? 2017-05-26 13:12:10 it happens with other USB thumbs drive of course 2017-05-26 13:21:40 fcolista, https://git.alpinelinux.org/cgit/aports/commit/?id=a4ec74c3e8c1734a64736d2fcab63d83ac51fd82 2017-05-26 13:21:59 i thought it made before 3.6.0 tag, but apparently did not 2017-05-26 13:22:02 ncopa, ^ 2017-05-26 13:22:30 we need to backport it 2017-05-26 13:24:32 yes 2017-05-26 18:20:53 most people don't seem to knwo that "apk fix" without arguments syncs system state to the declared state 2017-05-26 18:21:02 maybe we should add "apk sync" 2017-05-26 19:18:40 <_ikke_> hai 2017-05-26 19:18:54 <_ikke_> congratz with the 3.6 release (I was absent the last 2 days) 2017-05-26 20:05:38 ive reached a milestong in clang bootstrapping: musl 2017-05-26 20:12:44 kaniini: what do you mean by “syncs system state to the declared state”? 2017-05-26 20:31:10 jirutka: /etc/apk/world 2017-05-26 20:31:18 aha 2017-05-26 20:31:31 that’s like on Gentoo 2017-05-26 21:30:28 jirutka: you can copy an /etc/apk directory to another host and then run `apk fix` and it will install all the same packages as what is on the other machine 2017-05-26 21:30:52 jirutka: my point is that this behaviour is overlooked frequently, so making an explicit `apk sync` would be nice :) 2017-05-26 21:31:14 or maybe just adding this info into --help ;) 2017-05-26 21:31:32 apk sync is imo quite misleading 2017-05-26 21:31:34 well, apk fix seems unnatural for the functionality 2017-05-26 21:31:56 I think that apk fix is a bit better name then apk sync 2017-05-26 21:32:06 I’d expect this from fix more than from sync 2017-05-26 21:32:13 true 2017-05-26 21:32:15 i don't know 2017-05-26 21:32:33 maybe it’s just because I’m former Gentoo user, but I’d think apk sync is like apk update… 2017-05-26 21:32:38 b/c emerge --sync 2017-05-26 21:33:08 same :P 2017-05-26 21:35:25 yes, that is legitimate 2017-05-26 21:35:27 to consider 2017-05-26 21:35:32 because we do use openrc 2017-05-26 21:35:39 so it feels kind of gentooish 2017-05-26 21:41:12 i like fix because like add/remove, it's straight to the point 2017-05-26 21:41:23 sorry, add/del 2017-05-26 21:41:25 ;p 2017-05-26 21:53:00 Err 2017-05-26 21:53:01 Guys 2017-05-26 21:53:23 hi 2017-05-26 21:53:25 I have /etc/passwd.apk-new and /etc/fstab-new files 2017-05-26 21:53:42 Something tells me that at least these two should be ignored by update scripts 2017-05-26 21:53:48 Or I am missing something 2017-05-26 21:54:18 why should they be ignored? 2017-05-26 21:54:22 your old files aren't being overwritten :P 2017-05-26 21:54:29 Well yes 2017-05-26 21:54:36 But what's the point in creating new ones 2017-05-26 21:54:47 Well of course I've edited my passwd file 2017-05-26 21:54:50 That's what it's for 2017-05-26 21:56:32 there's more in there than just your own users 2017-05-26 21:56:41 Fair enough 2017-05-26 21:56:42 Btw 2017-05-26 21:56:42 .apk-new files aren't created when you just edit the file 2017-05-26 21:56:49 they are created when both you and a package updated the file 2017-05-26 21:56:52 (afaik) 2017-05-26 21:56:58 so it may add new system users 2017-05-26 21:57:01 Well that's what I want to clarify 2017-05-26 21:57:27 I have /etc/mkinitfs/mkinitfs.conf 2017-05-26 21:57:31 Which I did not touch 2017-05-26 21:57:44 But I got a shiny new apk-new file for it 2017-05-26 21:58:24 i'm not sure to be honest 2017-05-26 21:58:51 Ok 2017-05-26 22:00:10 kaniini likely knows better 2017-05-26 22:02:50 hm 2017-05-26 22:02:57 update-extlinux.conf has apk-new 2017-05-26 22:02:58 Strange 2017-05-26 22:03:02 I did not touch these files 2017-05-26 22:03:35 Perhaps alpine-setup 2017-05-26 22:04:37 -root=UUID=d6cf93bb-bc48-4b2f-9fc5-6ae9c86077cc 2017-05-26 22:04:38 +root= 2017-05-26 22:04:39 Yeah 2017-05-26 22:04:43 Seems likely 2017-05-27 03:01:20 we have an LLVM-built build-base! 2017-05-27 12:03:22 since 3.6 gdb has a strange quirq: gdb ./a.out; run (this is ok); run (takes very long to start). The second run takes very long to start. Can anybody confirm that? I didn't find any bugs on the internet. 2017-05-27 12:03:31 quirk 2017-05-27 12:20:14 correction: its not 3.6, its the fact that I bootet a vanilla kernel, long time ago, just because of this problem and after the update I had to reboot. 2017-05-27 12:21:10 I do the setfattr -n user.pax.flags -v "emr" a.out 2017-05-27 12:21:52 Sad, seems like I have to develop on vanilla ¯\_(ツ)_/¯ 2017-05-27 15:51:56 Ganwell: -hardened doesn't lend itself well to debugging sadly 2017-05-27 20:06:00 ACTION is almost done with python2 deprecation 2017-05-27 20:58:40 im crawling ahead with the llvm stuff 2017-05-27 20:58:44 running into cmake issue after cmake isuse 2017-05-27 20:58:45 :P 2017-05-27 21:03:04 why am I not surprised 2017-05-27 21:03:40 cmake really wants you to have a working C++ compiler before building libc++ 2017-05-27 21:03:45 which is not necessarily an issue, but... 2017-05-27 21:03:53 its checks don't pass -nodefaultlins or equivalent 2017-05-27 21:04:09 so it'll fail because the C++ compiler youre building a C++ standard library with has no C++ standard library 2017-05-27 21:04:10 C++ development environment are so SIMPLE to bootstrap 2017-05-27 21:04:31 then there's a cyclic dependency between llvm-libunwind and libc++ 2017-05-27 21:04:44 where llvm-libunwind requires and libc++ requires llvm-libunwind to do... anything 2017-05-27 21:05:57 people should be required to do everything you're doing before they're allowed to implement a high-level language with a library written in that language 2017-05-27 21:06:30 there's one positive side 2017-05-27 21:06:35 half of the llvm issues are fixed in git already 2017-05-27 21:06:43 so i can just copy patches wholesale from there 2017-05-27 21:09:05 oh, the design is fixed in git already? 2017-05-27 21:09:09 that's nice to hear 2017-05-27 21:25:18 TemptorSent: http://sprunge.us/XSjA 2017-05-27 21:46:28 -- Found compiler-rt library: /root/sysroot-x86//usr/lib/clang/4.0.0/lib/linux/libclang_rt.builtins-i586.a 2017-05-27 21:46:32 praise baby jesus 2017-05-27 21:46:49 \o/ 2017-05-27 21:52:13 binutils and make compiled \o/ 2017-05-27 21:52:23 grats 2017-05-27 22:06:12 hehe, now apk-tools of everything is giving me issues 2017-05-27 22:24:05 kaniini: i wrote up something i thought of in the shower that could help with alternatives and pkgdir at the same time for APK 2017-05-27 22:24:06 https://txt.shiz.me/ZDNkNTY3MD 2017-05-27 22:26:52 not mentioned there is that obviously unrelocated paths need no entryi n the db, and that if you allow multiple relocation targets per source path you can also tackle the FHS emulation part of pkgdir at the same time 2017-05-27 22:31:04 a bit similar to deb diversion 2017-05-27 22:32:44 [which I learned (and forgot already) years ago to tackle pulseaudio and make it second-class citizen, i.e. in front of alsa, not the other way around] 2017-05-27 22:32:47 Shiz: if the /pkg layout is in the /pkg/$pkgname/$pkgver instead of /pkg/$pkgname-$pkgver, then you need a /pkg/$pkgname/default symlink 2017-05-27 22:32:57 in the ... format 2017-05-27 22:33:21 you would need one in /pkg/$pkgname-$pkgver too, no? 2017-05-27 22:33:31 i don't see how the handling would differ immediately 2017-05-27 22:33:36 you just need /pkg/$pkgname to be a symlink 2017-05-27 22:33:39 right 2017-05-27 22:34:04 it wouldn't be different, but you have to make it explicit if you subdir the versions 2017-05-27 22:34:26 my own primary reason for version subdirs is so that it's easy to reliably partition off certain packages 2017-05-27 22:34:37 as the dirname won't change :P 2017-05-27 22:35:01 that's a good argument, I'm not opposed to subdirs as long as there's a default symlink 2017-05-27 22:35:47 yeah 2017-05-27 22:36:22 pkgdir stuff wont happen in 2.8 2017-05-27 22:36:29 i'm mainly interested in 2017-05-27 22:36:34 apk gen/apk extract 2017-05-27 22:36:46 I like the relocation database idea, it would be diversions done right 2017-05-27 22:36:56 yes 2017-05-27 23:34:03 managed to compile a fair bit now 2017-05-27 23:34:08 next stop: cross-compiling llvm and clang 2017-05-27 23:36:12 not sure your regular chicken blood will be enough for that, and I told you small child blood is expensive to get 2017-05-28 00:30:57 <^7heo> Not if you get some refugee one in the US 2017-05-28 01:41:34 LLVM cross-compiled! 2017-05-28 02:13:10 where did you get the child blood? 2017-05-28 02:25:33 it was on discount 2017-05-28 04:14:44 I've noticed on one of my laptops that xfce4-terminal seems to have a memory leak. Over time, and regardless of whether the terminal is idle or not, the memory usage gradually increases infinitely. Any idea how this could be debugged? 2017-05-28 04:15:40 additionally, if the terminals are launched with --disable-server, the total memory leaked is the same as if all the terminals shared the same process, however then memory is not freed until all terminals have exited 2017-05-28 05:28:57 trfl: it is possible. do you observe it also with gnome-terminal? 2017-05-28 05:29:26 I'll install it and leave it open, but it'll take 4-6 hours until we know :> 2017-05-28 05:30:31 on second thought, alpine doesn't have gnome-terminal... :p 2017-05-28 05:33:07 installed urxvt and mate-terminal, I'll leave those open for a while! 2017-05-28 05:34:49 looks like it only affects xfce4-terminal, judging by all the other terminals sitting at 0% cpu load however xfce4-terminal is idling at 17% 2017-05-28 05:37:56 cpu usage may not mean anythin 2017-05-28 05:37:57 g 2017-05-28 05:49:22 woot 2017-05-28 05:49:29 thanks algitbot 2017-05-28 05:51:10 anyway 2017-05-28 05:51:21 we have an alpine clang+compiler-rt+libc++ bootstrap 2017-05-28 05:51:23 cc kaniini 2017-05-28 05:51:25 :P 2017-05-28 05:53:10 sick 2017-05-28 05:53:20 now rebuild the entire distro and lets see how broken it is ;) 2017-05-28 05:53:40 to be honest, the most problematic packages were... the LLVM ones 2017-05-28 05:53:54 a few outliers aside, everything went smoothly once i figured out how to bootstrap/fix those 2017-05-28 05:54:04 (said outliers being like... go :P) 2017-05-28 07:00:02 I am booting alpine in a using qemu/kvm. rc-service start networking throws me * Starting networking ...awk: out of memory * ERROR: networking failed to start . What should it be the cause ? 2017-05-28 07:00:41 kvm option is -m 2048 which is sufficient memory I guess 2017-05-28 07:12:43 regarding my xfce4-terminal memory leak, looks like that's the only affected terminal. There's heavy communication between the terminal process and another process called gmain on file descriptor 3 (a unix socket), about 200 KB/s of binary data, in case that might help track it down 2017-05-28 08:54:13 Shiz, excuse my ignorance, what are you trying to achieve and what are the benefits regarding your work with llvm? 2017-05-28 08:55:06 Going to the beach now so will read your reply later. 2017-05-28 09:31:35 <^7heo> clandmeter: not depending on gcc. 2017-05-28 09:32:25 <^7heo> basically the same benefits as those listed under "using musl" in ncopa's FOSDEM presentation 2017-05-28 09:33:18 <^7heo> (correcting code, improving portability, etc) 2017-05-28 22:25:28 clandmeter: eventually we want to compile all packages with Control Flow Integrity support (which is kind of like the grsecurity RAP stuff except for userspace) 2017-05-28 22:25:57 clandmeter: CFI is in clang, not in gcc, so we need to evaluate using clang as system compiler to achieve that goal 2017-05-29 00:37:43 tmh1999: what does your /etc/network/interfaces look like 2017-05-29 01:59:41 kaniini : it has lo and eth0. currently I just replace awk line with a block of code doing the same purpose. not a big deal now. Trying to setup the KVM network interface so the VM in KVM can have internet access. 2017-05-29 02:02:33 *awk line in /etc/init.d/networking 2017-05-29 02:03:11 https://git.alpinelinux.org/cgit/aports/tree/main/openrc/networking.initd#n26 2017-05-29 03:44:01 tmh1999: which awk do you have installed ? 2017-05-29 03:44:27 kaniini : um.. probably default 2017-05-29 03:45:07 awk --help 2017-05-29 03:46:04 on the go, I will be back on my machine tmr :D Thank you 2017-05-29 07:24:30 Shiz, any comment regarding my question? 2017-05-29 07:25:40 hi all 2017-05-29 07:25:45 any hint on this issue? 2017-05-29 07:26:03 crc32table.h:11:18: error: initializer element is not constant 2017-05-29 07:26:03 # define tobe(x) ((uint32_t)__bswap_constant_32(x)) 2017-05-29 07:26:31 the code portion is: 2017-05-29 07:26:32 https://github.com/jjzhang/ocfs2-tools/blob/master/libocfs2/crc32table.h 2017-05-29 07:27:31 clandmeter: yeah, couple of reasons 2017-05-29 07:27:34 it complains on the first parenthesis of uint32_t 2017-05-29 07:27:34 crc32table.h:11:18: error: initializer element is not constant 2017-05-29 07:27:34 # define tobe(x) ((uint32_t)__bswap_constant_32(x)) 2017-05-29 07:27:34 ^ 2017-05-29 07:33:59 <^7heo> showing that via IRC isn't the best idea. it currently shows me the error on the _ between bswap and constant 2017-05-29 07:34:07 <^7heo> because wordwrapping 2017-05-29 07:34:27 sorry, doing a few tthings at once again 2017-05-29 07:34:38 fcolista: that sounds like a compiler bug 2017-05-29 07:34:42 fcolista: what package? 2017-05-29 07:34:56 fcolista: an easy fix is just doing a manual endian swap 2017-05-29 07:35:00 if you remember how to :) 2017-05-29 07:35:30 fcolista: or try replacing it with 2017-05-29 07:35:34 __builtin_bswap32 2017-05-29 07:36:53 clandmeter: so like i said, a couple of reasons 2017-05-29 07:37:07 1) less dependency on GNU, and multiple system compilers helps with catching bugs 2017-05-29 07:37:25 2) development wise, clang is far more active and likely the way forward in terms of development power put into it 2017-05-29 07:37:42 3) security features like CFI and UBSan which are not in gcc 2017-05-29 07:37:53 <^7heo> pretty much what ncopa said about musl 2017-05-29 07:38:04 <^7heo> aside the implementation details 2017-05-29 07:39:16 Thx guys 2017-05-29 07:39:52 there's also a kernel hardening aspect 2017-05-29 07:40:23 with grsecurity not in the picture for most people anymore, it's mostly up to big companies like google (sadly) to start fixing up security measures for linux 2017-05-29 07:40:25 and well 2017-05-29 07:40:34 companies like google use clang to compile the kernel 2017-05-29 07:40:42 they're not going to write gcc plugins anymore like grsec did 2017-05-29 07:40:49 they'd write clang plugins :P 2017-05-29 07:41:39 <^7heo> what did those plugins do? 2017-05-29 07:41:47 Shiz, it's ocfs2-tools 2017-05-29 07:42:00 i think __builtin_bswap32 should work 2017-05-29 07:42:16 ^7heo: support for PaX's RAP feature, constifying structures, randomizing structures, some other stuff 2017-05-29 07:42:34 Shiz, this is the code: 2017-05-29 07:42:34 https://github.com/jjzhang/ocfs2-tools/blob/master/libocfs2/crc32table.h 2017-05-29 07:42:59 it defines or LITTLE_ENDIAN or BIG_ENDIAN 2017-05-29 07:43:19 <^7heo> Shiz: I see. Thanks 2017-05-29 07:43:21 also Shiz: 4) easier cross-compiling 2017-05-29 07:43:25 xentec: nah 2017-05-29 07:43:34 at least cross-compiling for bootstrapping is a pain in the ass 2017-05-29 07:43:36 :P 2017-05-29 07:44:02 i'll patch that from ((uint32_t)__bswap_constant_32(x)) to __builtin__bswap_constant_32(x) then? 2017-05-29 07:44:18 __builtin_bswap32 2017-05-29 07:44:22 no _constant_ there 2017-05-29 07:44:24 :P 2017-05-29 07:45:11 Shiz: wouldn't clang (as system cc) with lld support all alpine archs and only require --target to cross-compile? 2017-05-29 07:45:11 oh ok 2017-05-29 07:45:32 <^7heo> fcolista: what if you cast it to 'const uint32'? 2017-05-29 07:45:47 ^7heo: won't work 2017-05-29 07:45:55 <^7heo> Shiz: why? 2017-05-29 07:46:07 so from this: ((uint32_t)__bswap_constant_32(x) to ((uint32_t)__builtin_bswap32(x) 2017-05-29 07:46:12 fcolista: yes 2017-05-29 07:46:24 ^7heo: because the error is that the compiler can't compute the value at compile-time 2017-05-29 07:46:34 not that the return value is a const uint32, which is not meaningfully differet from uint32 2017-05-29 07:46:36 :P 2017-05-29 07:47:05 <^7heo> from what I can read, it's that the compiler does not find a const value 2017-05-29 07:47:10 Shiz, thx 2017-05-29 07:47:17 <^7heo> and that a check failes 2017-05-29 07:47:17 i'm trying and let you know 2017-05-29 07:47:21 <^7heo> failed* 2017-05-29 07:47:35 <^7heo> but yeah I'd have to try to be sure. 2017-05-29 07:47:44 <^7heo> I'm no gcc guru 2017-05-29 07:47:50 no 2017-05-29 07:47:55 it's that the initializer isn't constant 2017-05-29 07:48:00 which is different from a 'const value' 2017-05-29 07:48:01 <^7heo> yes 2017-05-29 07:48:02 :) 2017-05-29 07:48:11 const is a C keyword with very specific meaning 2017-05-29 07:48:24 in this case constant means 'i cant determine this at compile time' 2017-05-29 07:48:32 (since it's being embedded in a static table) 2017-05-29 07:48:37 <^7heo> well, since I don't see where the initializer is used, I can't tell 2017-05-29 07:48:44 a few lines below 2017-05-29 07:48:48 in the file fcolista linked 2017-05-29 07:49:01 <^7heo> ah he linked something? 2017-05-29 07:49:44 ^7heo, : https://github.com/jjzhang/ocfs2-tools/blob/master/libocfs2/crc32table.h 2017-05-29 07:50:36 <^7heo> yeah got it now 2017-05-29 07:50:41 ^~~~ 2017-05-29 07:50:41 crc32table.h:11:18: error: initializer element is not constant 2017-05-29 07:50:41 # define tobe(x) ((uint32_t)__builtin_bswap_32(x)) 2017-05-29 07:50:41 ^ 2017-05-29 07:50:52 Shiz, pathc applied 2017-05-29 07:50:54 bswap32 2017-05-29 07:50:57 not bswap_32 2017-05-29 07:51:02 omg.. 2017-05-29 07:51:04 <^7heo> :p 2017-05-29 07:51:06 stupid me 2017-05-29 07:51:07 sorry 2017-05-29 07:51:57 <^7heo> Shiz: from what I gathered, 'const' is mainly for compiler checks 2017-05-29 07:52:09 Shiz, good 2017-05-29 07:52:14 Too much grappa 2017-05-29 07:52:24 <^7heo> not yet 2017-05-29 07:52:28 that part works. 2017-05-29 07:52:35 brb 2017-05-29 07:52:43 <^7heo> to put grappa in coffe you need coffee first 2017-05-29 07:54:48 I already had my Italian coffee. It's a bit too early for grappa (if you even like that stuff) 2017-05-29 08:01:40 include/strings.h:37:1: error: unknown type name 'errcode_t' 2017-05-29 08:01:40 errcode_t o2fsck_strings_insert(o2fsck_strings *strings, char *string, 2017-05-29 08:01:41 ^~~~~~~~~ 2017-05-29 08:01:43 sorry 2017-05-29 08:01:47 wrong paste 2017-05-29 08:59:58 I'm looking at http://bugs.alpinelinux.org/issues/7336 2017-05-29 09:01:26 in order to avoid that mosh-server installs mosh-client, it's enough specify depends="" ? 2017-05-29 09:02:48 why if i add mosh-client, mosh-server is not installed, while if i install mosh-server, mosh-client is installed? 2017-05-29 09:05:14 ^7heo: most importantly the rap implementation is a gcc plugin, but also int overflows have been handled with a plugin, more info here https://pax.grsecurity.net/docs/PaXTeam-H2HC13-PaX-gcc-plugins.pdf 2017-05-29 09:15:34 <^7heo> lxGzx53qO34r: thanks. 2017-05-29 11:08:16 ah yes, the alpine vanilla 3.6 iso, with just enough "-ash: vgchange: not found" and "lvm: applet not found" to be completely useless in fixing my initramfs :) 2017-05-29 11:08:57 let's try extended iso 2017-05-29 11:12:58 nope! but at least it worked enough to let me `apk add lvm2` while booted in the iso environment 2017-05-29 11:13:09 good thing this machine has network that does not need non-free drivers 2017-05-29 11:50:11 3.6 vanilla iso does not have lvm2? 2017-05-29 12:57:14 clandmeter to=, relay=none, delay=420386, delays=420356/0.01/30/0, dsn=4.4.1, status=deferred (connect to patchwork.alpinelinux.org[88.159.20.184]:25: Operation timed out) 2017-05-29 12:57:22 are you able to fix it? ^^^^ 2017-05-29 13:20:54 rnalrd: i fixed the dnat rule for patchwork.alpinelinux.org. should work now 2017-05-29 13:57:24 ncopa: ping 2017-05-29 13:57:25 ncopa: we have a common problem with respect to grsecurity, we should chat 2017-05-29 14:01:16 blueness: pong 2017-05-29 14:01:30 blueness: where do you want to chat? 2017-05-29 14:01:37 we can chat here 2017-05-29 14:01:42 ok 2017-05-29 14:01:50 you are from gentoo, arent you? 2017-05-29 14:01:53 so what is alpine's plans wrt grsecurity 2017-05-29 14:02:25 you want kaniini to be part of this conversation too 2017-05-29 14:03:03 the current plan is to support the current 4.9 kernel with unofficial port of grsec 2017-05-29 14:03:09 yes i do hardened gentoo and gentoo+musl and gentoo+uclibc 2017-05-29 14:03:17 that's doable, but after that? 2017-05-29 14:03:33 we wait and see 2017-05-29 14:03:50 spender talked about releasing testing patch regularilly 2017-05-29 14:03:57 okay here's a suggestion, it may be possible to maintain just the pax patch 2017-05-29 14:04:03 but didnt want to promise anything 2017-05-29 14:04:11 but its a lot of work 2017-05-29 14:04:15 so he didnt mention it in the public statement 2017-05-29 14:04:19 <^7heo> do you want me to ask strcat to join the chat? 2017-05-29 14:04:42 i think fewer participants is better at this point 2017-05-29 14:04:47 <^7heo> maybe. 2017-05-29 14:05:06 well i got my answers, wait and see 2017-05-29 14:05:09 <^7heo> it's just that he also has wishes and plans for grsec afaik 2017-05-29 14:05:11 <^7heo> but mostly for ARM 2017-05-29 14:05:42 we can't however, depend on spengler and pipacs anymore, this was too disruptive for use in gentoo 2017-05-29 14:06:10 i spent a lot of time working on getting end-to-end xattr support in our package management system 2017-05-29 14:06:22 for xattr pax 2017-05-29 14:06:37 and i did a lot of the preliminary work in getting xattr pax into the kernel 2017-05-29 14:06:50 and now all that machinary is just sitting there dangling 2017-05-29 14:07:16 i'm not interested being dependant on a volitile team like grsecurity anymore 2017-05-29 14:07:30 i understand that 2017-05-29 14:07:33 I think that's the general feeling around here too 2017-05-29 14:07:56 what are the options? 2017-05-29 14:08:14 try to maintain just pax patch might be possible 2017-05-29 14:08:30 i stil think it iwill be difficult to jump major kernel version 2017-05-29 14:08:31 kaniini spent a good deal of time thinking about this, you really may want his input here 2017-05-29 14:08:50 kaniini tried to split up the pax patch to keep it separate 2017-05-29 14:08:53 but i think he gave up 2017-05-29 14:09:03 ncopa: it would be difficult to make sure we don't miss anything 2017-05-29 14:09:24 i have maintained unofficial patch for a while, and i know that upgrading major kernel version is non-trivial 2017-05-29 14:09:30 okay i should probably speak to kaniini before trying myself 2017-05-29 14:09:36 and i would personally not even want to try 2017-05-29 14:10:09 whoever gets involved can expect this to be his full time job, but it would save the project 2017-05-29 14:10:24 also, it might entice pipacs and spengler to reopen their stuff 2017-05-29 14:10:49 im hoping they will release the testing patch once in a while 2017-05-29 14:11:27 why woudl they, they've even kicked us from #grsecurity 2017-05-29 14:11:43 sounds to me like they've said fu to the community 2017-05-29 14:11:45 "just to keep people away from KSPP" 2017-05-29 14:11:55 and 2017-05-29 14:12:04 "just to prove that its not possible to maintain a community fork" 2017-05-29 14:12:20 those have been the reasons they have mentioned 2017-05-29 14:12:30 it's not possible because they made it impossible 2017-05-29 14:12:43 through monolithic invasive patching 2017-05-29 14:12:50 yes 2017-05-29 14:13:10 maybe 2017-05-29 14:13:11 kaniini: how far did you get? 2017-05-29 14:14:10 blueness: do you have patches for 3rd party modules? 2017-05-29 14:14:19 far enough to know i am going back to bed with my phone on silent this time 2017-05-29 14:14:20 to work with (unofficial) grsec 2017-05-29 14:14:23 ncopa: nope 2017-05-29 14:14:39 blueness: i did spl and zfs only 2017-05-29 14:14:53 they work with 4.9 2017-05-29 14:15:00 kaniini: okay so you gave it a serious go and its too much 2017-05-29 14:15:42 pipacs wrote about the kspp, that they picked a patch for older kernel, and added it to newer 2017-05-29 14:15:44 and messed up 2017-05-29 14:15:55 and kspp complained about bugs in pax 2017-05-29 14:16:09 i saw that post 2017-05-29 14:16:18 this drama is better than Netflix 2017-05-29 14:16:53 i think that part kind of shows that porting pax to newer major kernels is non-trivial 2017-05-29 14:17:22 the drama itself is good enough reason to avoid grsecurity 2017-05-29 14:17:27 have you people considered that pax 2017-05-29 14:17:35 legitimately has bugs 2017-05-29 14:17:43 like we have reported pax bugs before 2017-05-29 14:17:44 yes 2017-05-29 14:18:06 they have had some 2017-05-29 14:18:58 blueness: some parts are easy 2017-05-29 14:19:15 blueness: the parts that people want in 2017: not so much 2017-05-29 14:19:51 kaniini: k 2017-05-29 14:21:25 <^7heo> < blueness> sounds to me like they've said fu to the community 2017-05-29 14:21:26 <^7heo> I guess that being in a position of power makes you able to do so. 2017-05-29 14:21:46 <^7heo> And they wouldn't be in such a powerful position if the community didn't 100% rely ONLY on them for years. 2017-05-29 14:21:49 <^7heo> so... 2017-05-29 14:24:34 what ^7heo said really 2017-05-29 14:24:56 i rather spend my time supporting viable efforts such as clang as system compiler 2017-05-29 14:25:21 <^7heo> strcat says that he could use the help of people knowing the clang backend 2017-05-29 14:25:28 <^7heo> in his linux-hardened project. 2017-05-29 14:25:32 <^7heo> s/says/said/ 2017-05-29 14:26:05 <^7heo> I guess that such a person would also be able to implement a lot of security features in other archs too. 2017-05-29 14:26:09 Shiz, kaniini: are we more or less set on /pkg for the non-FHS place to put Alpine packages into? 2017-05-29 14:26:14 <^7heo> (since he's mostly interested in arm, as I said) 2017-05-29 14:33:03 blueness: so here's my perspective on this as someone who has spent a bit of time on it 2017-05-29 14:33:15 1) PaX and grsecurity are both monolithic and short-term unmaintanable as is 2017-05-29 14:33:33 they are massively complex and hard to understand, especially for just a few people who are not intimately familiar with their internals 2017-05-29 14:33:43 and they touch about every area of the kernel 2017-05-29 14:33:48 not just grsec, but PaX itself too 2017-05-29 14:34:13 as such, I don't think it's viable right now for distros to try and forward-port even just PaX to new major kernel versions 2017-05-29 14:34:17 Shiz: obviously we'd have to separate that out if we wanted to maintain it 2017-05-29 14:34:26 yes, but PaX on its own is huge 2017-05-29 14:34:37 the part of grsec that isn't PaX is actually somewhat small in comparison 2017-05-29 14:34:39 (still big, mind you) 2017-05-29 14:35:03 a wholly unscientific size comparison: 2017-05-29 14:35:11 grsec total is about 9mb 2017-05-29 14:35:17 pax split up from that is ~7.7mb 2017-05-29 14:35:23 it touches EVERYTHING 2017-05-29 14:35:24 god! 2017-05-29 14:36:21 port the openbsd kernel, it's going to be easier :P 2017-05-29 14:36:38 <^7heo> any BSD would be easier. 2017-05-29 14:36:43 blueness: so i started up a repo with the effort of splitting pax into smaller, more viable things 2017-05-29 14:36:47 <^7heo> but unfortunately it lacks the drivers. 2017-05-29 14:37:00 so people can learn from it and maybe in time a community-maintained hardened kernel project can spring up 2017-05-29 14:37:07 and that seems to be happening with strcat's linux-hardened 2017-05-29 14:37:21 even though it's not perfect and we have to wait and see how good it will turn out, I sadly think it is the best option for hardened distros right now 2017-05-29 14:37:22 personally 2017-05-29 14:37:37 <^7heo> Shiz: but strcat's tree is aimed at arm only. 2017-05-29 14:37:38 the sad reality is that PaX is too complicated and involved to maintain for a couple of distro maintainers like you and me 2017-05-29 14:37:38 not sure I want anything "hardened" by a person naming themselves "strcat" 2017-05-29 14:37:42 ^7heo: it is not 2017-05-29 14:37:52 <^7heo> Shiz: I mean, he told me he would focus only on ARM 2017-05-29 14:38:00 him personally eys 2017-05-29 14:38:03 <^7heo> Shiz: but that he implemented stuff for any arch 2017-05-29 14:38:04 but there's more contributors to that project/repo 2017-05-29 14:38:05 <^7heo> anyway. 2017-05-29 14:38:09 <^7heo> ah right 2017-05-29 14:38:10 than strcat 2017-05-29 14:40:26 kaniini: speaking of system clang, i just finished splitting up my commits 2017-05-29 14:40:35 they could use a bit more refinement, but it's an initial patch series at least 2017-05-29 14:40:42 gonna push them to github right about... now 2017-05-29 14:40:51 \o/ 2017-05-29 14:41:02 oke 2017-05-29 14:41:10 wrong chat damn it 2017-05-29 14:41:27 <^7heo> happens to the best of us. 2017-05-29 14:42:18 more like broken autofocus 2017-05-29 14:42:30 my patches also touch abuild 2017-05-29 14:42:32 heh 2017-05-29 14:43:16 Shiz: can you please confirm we'll use /pkg for the optional non-FHS place to install stuff? 2017-05-29 14:43:32 as in /pkg/$foobar/$version ? 2017-05-29 14:44:21 i don't think it's been fleshed out yet, but that is my current preference yes 2017-05-29 14:44:26 any reason you need confirmation? :P 2017-05-29 14:44:57 immediate application for a project I'm working on 2017-05-29 14:45:18 and that absolutely wants to have its own dir because reasons 2017-05-29 14:47:25 well if it's up to me, yes -- but it's not at my sole discretion to make 2017-05-29 14:48:17 ok, thanks. I'll use that as a working hypothesis. 2017-05-29 14:54:56 https://github.com/Shizmob/aports/commits/system-llvm 2017-05-29 15:01:01 <^7heo> is there a way to find the best header for a combination of things? 2017-05-29 15:01:13 hm? 2017-05-29 15:01:22 <^7heo> for instance: I want the "best" header for defining NULL and size_t 2017-05-29 15:01:28 : "ah yes, the alpine vanilla 3.6 iso, with just enough "-ash: vgchange: not found" and "lvm: applet not found" to be completely useless in fixing my initramfs :)" – yeah, I’ve complained some time ago that our ISOs are quite useless, b/c it does not ship even very essential packages like e2fsprogs and someone told me that ”it’s by design”… :/ 2017-05-29 15:01:28 <^7heo> there are multiple headers that match. 2017-05-29 15:01:39 <^7heo> 1. how do I list them all without a complicated grep 2017-05-29 15:01:46 <^7heo> 2. how do I chose which is the "best" one? 2017-05-29 15:01:53 <^7heo> 3. does that even matter? 2017-05-29 15:01:57 3. no 2017-05-29 15:01:59 <^7heo> huhu 2017-05-29 15:02:01 <^7heo> thanks. 2017-05-29 15:02:50 2. for NULL and size_t, it's stddef.h. Generally, but exceptions are numerous, there's a "canonical" header that defines some type or macro 2017-05-29 15:03:05 <^7heo> I used string.h 2017-05-29 15:03:09 and you want to include that one, but there are also multiple inclusions mandated by POSIX 2017-05-29 15:03:20 that's fine 2017-05-29 15:03:37 string.h is canonical if you want to use stuff such as strcmp() or memmove() 2017-05-29 15:04:28 if you want to do things "right" and "beautifully", you need to look at POSIX and get a feel for what header relates to what 2017-05-29 15:05:30 but as a first step, don't worry about that, grab any header that defines what you want 2017-05-29 15:05:38 you can refine later 2017-05-29 15:06:49 <^7heo> yeah ok 2017-05-29 15:06:52 <^7heo> Thanks ;) 2017-05-29 15:11:40 https://github.com/Shizmob/abuild/commits/system-llvm 2017-05-29 15:11:47 and the needed abuild commits 2017-05-29 15:14:05 jirutka: you may be interested in the above two branches ;p 2017-05-29 15:14:14 i need to refine the commits, add comments and rationales etc 2017-05-29 15:14:35 but this worked for me in getting most of an LLVM system setup through aports scripts/bootstrap.sh 2017-05-29 15:14:38 minus ghc and the kernel 2017-05-29 15:34:51 does the kernel not build 2017-05-29 15:36:17 not with llvm, no 2017-05-29 15:46:34 <^7heo> The kernel historically only built on gcc, right? 2017-05-29 15:52:23 how do we solve the list of architectures: http://wwwtest.alpinelinux.org/downloads/ 2017-05-29 15:53:06 when you download an alpine release, you first select flavor (Eg standard/extended/vanilla/...) and then you select arch? 2017-05-29 15:53:21 or do you select arch first and then flavor? 2017-05-29 15:53:24 hmm 2017-05-29 15:53:35 flavor->arch makes more sense from an UX perspective 2017-05-29 15:53:37 but 2017-05-29 15:53:40 not all archs have every flavour 2017-05-29 15:53:55 ^7heo: yes 2017-05-29 15:54:03 there's the llvmlinux project to remedy this but it's somewhat dead now it seems 2017-05-29 15:54:09 although most of their patches are upstream 2017-05-29 15:54:38 <_ikke_> I also agree with flavor->arch 2017-05-29 15:54:48 ok good, thats a start 2017-05-29 15:55:12 <^7heo> definitely flavor arch/ 2017-05-29 15:55:18 <^7heo> s/\//./ 2017-05-29 15:55:22 i wonder if we should have a dropdown box for arch? 2017-05-29 15:55:30 or if we should have a separate page for each flavor? 2017-05-29 15:55:35 <^7heo> that means it's then arch -> flavor. 2017-05-29 15:55:35 or something else? 2017-05-29 15:55:58 <^7heo> dropboxes come first, UI wise. 2017-05-29 15:56:02 <^7heo> because they act as a filter. 2017-05-29 15:56:18 <^7heo> s/boxes/downs/ 2017-05-29 15:56:26 do we want dropdownbox at all is my question 2017-05-29 15:56:55 <^7heo> well if so, it should be with the flavor. 2017-05-29 15:56:57 <^7heo> not the arch. 2017-05-29 15:57:03 Yes css Dropbox 2017-05-29 15:57:14 <^7heo> clandmeter: dropboxes are HTML actually. 2017-05-29 15:57:27 ^7heo: i think an additional dropbox next to the listing is intended 2017-05-29 15:57:33 not primary before showing the listing 2017-05-29 15:57:50 <^7heo> Shiz: I see. 2017-05-29 15:58:00 <^7heo> I fear that it's gonna be confusing tho. 2017-05-29 15:58:10 <^7heo> because most people are just gonna assume 'their arch' 2017-05-29 15:58:19 <^7heo> which might be possible since we have the useragent 2017-05-29 15:59:53 ? 2017-05-29 16:02:21 Is it possible to make abuild build a package from a git version, without first performing git snapshot + upload + redownload of the snapshot ? 2017-05-29 16:02:34 um, abuild snapshot* 2017-05-29 16:06:40 anyone? 2017-05-29 16:07:08 <^7heo> skarnet: I do not understand the question: what is a git snapshot? 2017-05-29 16:07:24 um, abuild snapshot* 2017-05-29 16:07:31 <^7heo> ah sory 2017-05-29 16:07:33 <^7heo> sorry* 2017-05-29 16:07:50 skarnet, sure, just checkout any repo in prepare 2017-05-29 16:08:06 <^7heo> skarnet: abuild -r 2017-05-29 16:08:12 <^7heo> skarnet: or? 2017-05-29 16:08:22 ^7heo: wut 2017-05-29 16:08:29 <^7heo> scadu: wat wut? 2017-05-29 16:08:33 but we dont have any git magic in abuild 2017-05-29 16:08:40 clandmeter: ok, so I need to prepare() by hand 2017-05-29 16:08:44 ^7heo: vodka 2017-05-29 16:08:50 can I leave $url empty then? 2017-05-29 16:09:02 you mean source? 2017-05-29 16:09:04 <^7heo> I have no clue what the question is about. 2017-05-29 16:09:15 <^7heo> I never had to upload anything to build a package... 2017-05-29 16:09:17 ^7heo: cut the noise, please? 2017-05-29 16:09:33 <^7heo> skarnet: how is me trying to understand (and possibly help) noise? 2017-05-29 16:09:34 <^7heo> =/ 2017-05-29 16:10:00 because if you can't understand the fucking question, there's no possible way you can help 2017-05-29 16:10:35 clandmeter: uh, yes, source, I guess 2017-05-29 16:11:05 iirc you will need to 2017-05-29 16:11:21 <^7heo> tbf I never understood the point of the abuild snapshot. If the source's available, why the heck make a snapshot of it? 2017-05-29 16:11:23 @clandmeter │ but we dont have any git magic in abuild <-- just to checkout git repos :P 2017-05-29 16:11:36 ^7heo: because the availability may be spotty or not provide stable tarballs 2017-05-29 16:12:23 <^7heo> ok. 2017-05-29 16:12:44 <^7heo> but doesn't git snapshot require the user to have the rights to upload a snapshot to start with? 2017-05-29 16:13:02 <^7heo> I mean, it's basically the same as me putting the files on my local server, except that locally I have the rights. 2017-05-29 16:13:14 Grrr WiFi just died on me again. 2017-05-29 16:13:54 clandmeter: prepare() is about applying patches, is there a way for me to basically do a fetch but from a git repo instead of a URL? 2017-05-29 16:14:42 I'll checkout the branch I need in prepare(), but I kinda need the repo to be cloned before prepare() 2017-05-29 16:15:21 skarnet: any specific reason? you can call default_prepare in your prepare() after checking the repo out 2017-05-29 16:15:40 (imo i think snapshot() should provide a file that you can put in source=, if it doesn't right now it should) 2017-05-29 16:15:48 That's what we do in prepare. You can add it before default_prepair 2017-05-29 16:16:03 <^7heo> in any case, if the point is to snapshot, it's totally possible to snapshot it to localhost and use that in the source="" 2017-05-29 16:16:25 Sorry I'm on freaking mobile now :| 2017-05-29 16:16:31 but it's not, right now. 2017-05-29 16:16:50 Shiz, clandmeter: my question is about fetching, i.e. is there a "git clone" performed by abuild at some point 2017-05-29 16:16:59 yes 2017-05-29 16:17:01 instead of a wget or curl 2017-05-29 16:17:07 ok, then how can I access it 2017-05-29 16:17:08 <^7heo> Shiz: When Oo 2017-05-29 16:17:26 jeez, am I asking questions in Chinese or what 2017-05-29 16:17:33 yes, that happens before prepare 2017-05-29 16:17:38 if you call 'abuild snapshot', it will read $giturl from the APKBUILD 2017-05-29 16:17:42 clone the repo 2017-05-29 16:17:46 which is actually default_prepare 2017-05-29 16:17:49 and tar it up into $pkgname-$pkgver.git 2017-05-29 16:17:51 or something 2017-05-29 16:17:54 .tar.gz 2017-05-29 16:18:08 optionally reporev= in APKBUILD for the revision to checkout 2017-05-29 16:18:29 ok, let me be painfully explicit 2017-05-29 16:18:36 you could even overide the fetch part i think 2017-05-29 16:18:47 but i usually just do that stuff in prepare. 2017-05-29 16:18:47 clandmeter: yes by overriding snapshot() :P 2017-05-29 16:19:19 <^7heo> clandmeter: the packages on the repo that I've seen cloning git repos are using the snapshot function for it. 2017-05-29 16:19:29 <^7heo> s/on/in/ 2017-05-29 16:19:43 correct, but that was not skarnet question 2017-05-29 16:19:47 AIUI if I just do "abuild -r" it will only work if the sources are regular URLs, and I need to manually "abuild snapshot" if I want to get sources from a git repo. 2017-05-29 16:19:53 Is my understanding correct? 2017-05-29 16:19:55 yeah 2017-05-29 16:20:19 it's not ideal i'd say 2017-05-29 16:20:26 <^7heo> unless you actually use a local file in source and build that file with prepare/snapshot; right? 2017-05-29 16:20:35 right. 2017-05-29 16:20:36 <^7heo> I never tried if it actually worked, I always assumed it would. 2017-05-29 16:20:51 that would be something like abuild snapshot && mv src/ . and adding to source= 2017-05-29 16:20:55 and running abuild checksum 2017-05-29 16:21:01 ok. Once I've performed "abuild snapshot" and got a local copy, where do I place that copy in order to feed it to the rest of the abuild process so it's as close to a full "abuild -r" as possible? 2017-05-29 16:21:02 <^7heo> the point of making snapshots is then only to get reproducible builds 2017-05-29 16:21:15 skarnet: move it to the same dir as the APKBUILD and add the filename to source= 2017-05-29 16:21:20 and run abuild checksum 2017-05-29 16:21:32 after that, abuild -r should JustWork 2017-05-29 16:21:35 <^7heo> $srcdir I would say? 2017-05-29 16:21:37 yay self-modifying APKBUILDs 2017-05-29 16:21:39 no, not $srcdir 2017-05-29 16:21:54 <^7heo> ah yeah it's creating a link there. 2017-05-29 16:21:58 <^7heo> crap. 2017-05-29 16:22:16 ok, I figured out my workflow now, thanks. 2017-05-29 16:22:25 skarnet: i'd like to fix this someday as it's not great 2017-05-29 16:22:32 but i only knew this whole snapshot business existed like 2017-05-29 16:22:34 two weeks ago 2017-05-29 16:22:36 :p 2017-05-29 16:22:47 <^7heo> Shiz: how would you provide reproducible builds without snapshots? 2017-05-29 16:22:54 hm, next question: can I give a whole directory of stuff to $sources ? 2017-05-29 16:23:07 afaics, no 2017-05-29 16:23:25 if you're feeling daring you could sources="$(find . -type f)" though 2017-05-29 16:23:26 <^7heo> Shiz: and how would you provide snapshots without requiring the rights to upload somewhere? 2017-05-29 16:23:27 :P 2017-05-29 16:23:31 replace . is necessary 2017-05-29 16:23:35 s/is/as/ 2017-05-29 16:23:44 so I basically need to tar shit to feed it to abuild 2017-05-29 16:23:57 snapshot() tars it up for you 2017-05-29 16:24:00 or zip :) 2017-05-29 16:24:21 yeah but I don't want to go through abuild if I'm going to modify the APKBUILD between two invocations 2017-05-29 16:24:35 into $srcdir/$pkgname-$verbase_git.tar.gz 2017-05-29 16:24:41 hmm 2017-05-29 16:24:48 <^7heo> Shiz: wouldn't it be enough just to change snapshot to take a sha1 btw? 2017-05-29 16:24:50 so I'll git clone outside of abuild, make a suitable APKBUILD, and only then call abuild with fully local sources 2017-05-29 16:24:55 <^7heo> Shiz: to make it work without a snapshot... 2017-05-29 16:25:30 skarnet: in that case, yes, source= takes files 2017-05-29 16:25:38 you can use git-archive :P 2017-05-29 16:26:23 good idea, thanks for the pointer 2017-05-29 16:26:26 i don't think adding git:// support to abuild directly is the worst idea, but i've also only ever once seen a package that didn't provide http uris for releases 2017-05-29 16:27:24 <^7heo> all this would be avoided if abuild would know how to work with a RCS repo and a given version. 2017-05-29 16:28:05 <^7heo> Shiz: can you specify a given version in a git:// URL? 2017-05-29 16:28:17 sure, just abuse # 2017-05-29 16:28:37 <^7heo> isn't # part of HTTP? 2017-05-29 16:29:38 <^7heo> Ok HTTP refers to RFC 2396 2017-05-29 16:30:59 its a URI fragment for local processing 2017-05-29 16:31:04 so, exactly what this would be useful for 2017-05-29 16:31:07 <^7heo> yeah I got that part. 2017-05-29 16:31:16 <^7heo> I'm just wondering if git also uses that same RFC 2017-05-29 16:31:56 it doesn't, but that doesn't mean we can't 2017-05-29 16:32:26 <^7heo> Well, that also doesn't mean they can't release a git version that breaks our workflow in XXXXX packages. 2017-05-29 16:32:36 yes it does 2017-05-29 16:32:41 <^7heo> How? 2017-05-29 16:32:41 if we interpret it before passing it to git 2017-05-29 16:32:45 <^7heo> ah. 2017-05-29 16:32:47 remove the fragment 2017-05-29 16:32:51 <^7heo> yeah sure. 2017-05-29 16:32:58 <^7heo> but then if git makes use of that # 2017-05-29 16:33:04 <^7heo> it still breaks our workflow. 2017-05-29 16:33:16 <^7heo> or we have to define a way right from the start to leave it in there. 2017-05-29 16:33:33 <^7heo> (i.e. escape it) 2017-05-29 16:34:30 <^7heo> Another way would be to specify another parameters for git sources 2017-05-29 16:34:37 <^7heo> s/ters/ter/ 2017-05-29 16:34:44 <^7heo> i.e. git_source or something 2017-05-29 16:34:53 <^7heo> that way you also can have git_version. 2017-05-29 16:35:02 <^7heo> and that's separated right from the APKBUILD. 2017-05-29 16:35:11 <^7heo> no magic happening in the source= parameter. 2017-05-29 16:35:34 skarnet: anyway, is your use case simply a source that doesn't provide http uris? 2017-05-29 16:36:34 yes. 2017-05-29 16:36:47 because continuous integration, etc. 2017-05-29 16:37:23 also, need to create a package from any branch, any commit, that kind of thing. 2017-05-29 16:38:51 ^7heo: the *point* is that it would be together with the rest in source= 2017-05-29 16:39:28 <^7heo> Shiz: why? It's not processed the same way. 2017-05-29 16:40:03 <^7heo> on the other hand 2017-05-29 16:40:12 <^7heo> we already use pkgver for versions 2017-05-29 16:40:18 <^7heo> we could just pass the sha1 there. 2017-05-29 16:40:29 <^7heo> that would work well. 2017-05-29 16:40:56 sigh 2017-05-29 16:41:10 it *is* processed the same way 2017-05-29 16:41:14 not all sources get wget'd either 2017-05-29 16:41:26 and there is not necessary just a single git repo for every package 2017-05-29 16:41:28 or a single git version 2017-05-29 16:41:37 <^7heo> what I mean is that it's not just read. 2017-05-29 16:42:00 it certainly isn't written to 2017-05-29 16:42:16 <^7heo> well, the real tar.gz *is* 2017-05-29 16:42:24 what real .tar.gz 2017-05-29 16:42:35 there would be no 'real' .tar.gz if there was direct git uri support 2017-05-29 16:42:43 <^7heo> ah you're thinking about that. 2017-05-29 16:42:56 <^7heo> well... that's true. 2017-05-29 16:43:19 <^7heo> I was thinking about a simple way to make it work with the current abuild. 2017-05-29 16:43:32 i'd like for apk to support subdirectory summing actually 2017-05-29 16:43:37 it would solve some issues with cargo as well 2017-05-29 16:43:38 <^7heo> i.e. getting the repo, creating an archive, using that. 2017-05-29 16:43:59 <^7heo> Shiz: you mean, using an entire directory as source? 2017-05-29 16:44:27 not as source, just in checksums= 2017-05-29 16:44:53 things in source= (or the fetch() override) would create those directories 2017-05-29 16:44:57 <^7heo> how would you generate the checksum of a dir? 2017-05-29 16:45:01 <^7heo> cat all the things? 2017-05-29 16:45:04 <^7heo> or tar? 2017-05-29 16:45:12 checksum of a checksum list of the directory 2017-05-29 16:45:16 would be one way 2017-05-29 16:45:19 <^7heo> yeah 2017-05-29 16:45:28 find dir -type f -exec $sum {} \; | $sum - 2017-05-29 16:45:32 <^7heo> yeah yeah 2017-05-29 16:45:37 <^7heo> can get verbose tho 2017-05-29 16:45:52 ? 2017-05-29 16:45:55 it would be a single checksum 2017-05-29 16:46:10 <^7heo> aah `-` 2017-05-29 16:46:13 <^7heo> right. 2017-05-29 16:46:33 <^7heo> but then you're relying on what order find gives you. 2017-05-29 16:46:42 <^7heo> I was thinking about doing the same thing but with a sort in the middle. 2017-05-29 16:47:13 sure 2017-05-29 16:47:17 <^7heo> that way you rely on sort, which is much more reliable than find IMHO 2017-05-29 16:47:37 <^7heo> but yeah that would be a great addition to abuild. 2017-05-29 16:56:56 http://wwwtest.alpinelinux.org/downloads/ 2017-05-29 16:57:06 refresh the stylesheet too 2017-05-29 16:57:28 i have modified the script so the flavors comes in a predictable order 2017-05-29 16:57:45 by using lua "array" instead of hashtable 2017-05-29 16:57:51 can a local source for abuild be a non-gzipped .tar ? 2017-05-29 16:58:05 skarnet: yes 2017-05-29 16:58:17 but im not sure it will automatically extract it for you 2017-05-29 16:58:25 it will 2017-05-29 16:58:28 ok 2017-05-29 16:58:34 what stage will? prepare? 2017-05-29 16:58:35 even if it didn't, you can override unpack() to extract it for you 2017-05-29 16:58:38 unpack 2017-05-29 16:58:47 re the downloads page 2017-05-29 16:58:53 i made it 2 columns instead of 3 2017-05-29 16:58:56 where does it unpack it? $srcdir ? 2017-05-29 16:58:58 as a "quickfix" 2017-05-29 16:59:09 yes, under $srcdir 2017-05-29 16:59:12 thanks 2017-05-29 16:59:15 sanitycheck -> builddeps -> clean -> fetch -> unpack -> prepare -> mkusers -> build -> check -> rootpkg -> cleanup 2017-05-29 16:59:18 are the stages 2017-05-29 17:05:22 the ppc64le and s390x release images are there too 2017-05-29 17:05:50 ok nobody is complaining, i think i just push that for production 2017-05-29 17:12:20 looks nice, but maybe putting small sha256 and gpg buttons next to arch download buttons would look even better, because now we have 2 special rows just to hold them 2017-05-29 17:12:49 yes, i agree 2017-05-29 17:29:45 let me introduce you Luapak, the ultimate solution for building standalone, zero-dependencies, possibly statically linked binary for any Lua program! \o/ hello_world dynamically linked with musl is 146 kiB (stripped), statically linked with musl 190 kiB (stripped); https://github.com/jirutka/luapak /cc ncopa clandmeter 2017-05-29 17:31:20 190k of overhead doesn't sound too bad indeed :) 2017-05-29 17:31:24 nice job! 2017-05-29 17:31:45 skarnet: yeah, PUC Lua is really very small! :) 2017-05-29 17:32:02 interesting 2017-05-29 17:32:23 the snapshot mechanism, now that I just refreshed my memory by re-reading the whole abuild script, seems quite allright to me. I currently have my own wrapper around abuild that runs a part of the command chain Shiz just wrote above to enable "local" builds 2017-05-29 17:32:28 and even when you use LuaJIT for significantly better performance, the resulting size is still not bad (I must laugh really loud when I compare it with Go XD) 2017-05-29 17:32:50 -finally- a reason to learn Lua! 2017-05-29 17:33:21 I’m dog fooding, so Luapak is of course built with Luapak :) https://github.com/jirutka/luapak/releases/download/ 2017-05-29 17:33:59 please keep a sane bootstrapping process :P 2017-05-29 17:34:48 is there a way to get apk to output just the current installed version of a package? 2017-05-29 17:35:06 ( jirutka ?) 2017-05-29 17:42:19 I suppose you need to parse no matter what, but the closest to that would be apk info -v -e pkg, I guess 2017-05-29 18:05:41 Is there a way to tell abuild that it must fetch its makedepends (for abuild -r) from edge, instead of from the current flavor? i.e. a way to tell it to run --repository somethingedgesomething in its apk invocations? 2017-05-29 18:05:48 (don't ask why I want to do that) 2017-05-29 18:06:38 uuuh 2017-05-29 18:07:03 you could uh 2017-05-29 18:07:06 do something like 2017-05-29 18:07:21 SUDO_APK="abuild-apk --repository ..." abuild -r 2017-05-29 18:08:13 thanks for the pointer - I'll see what SUDO_APK does :) but... 2017-05-29 18:08:25 ... I don't want to do that for all the apks in my makedepends, only 2 of them 2017-05-29 18:08:44 yeah i don't think that's gonna work out :P 2017-05-29 18:08:51 I know it's not supposed to 2017-05-29 18:08:52 you could build them yourself locally? 2017-05-29 18:08:58 it will include your local repo for makedeps 2017-05-29 18:09:03 so if you build from edge yourself 2017-05-29 18:09:20 well by "not gonna work out" I mean "there's no way I know of to get this to work" 2017-05-29 18:09:29 well I can also call apk add myself before calling abuild 2017-05-29 18:09:37 except possibly a tagged repo in /etc/apk/repositories and doing foo@edge as makedepend 2017-05-29 18:09:40 and conveniently omit the packages from makedepends 2017-05-29 18:09:41 that may work 2017-05-29 18:10:00 ah, that's interesting 2017-05-29 18:10:09 doesn't work 2017-05-29 18:10:17 doesnt? 2017-05-29 18:10:18 tags in deps doesn't, that is 2017-05-29 18:10:25 shame 2017-05-29 18:10:45 I ended up writing a wrapper for that as well, since I like doing things in an overly complicated way... 2017-05-29 18:12:29 meh, I was just hoping there was a way to integrate everything into abuild, but it looks like I'll need to do a lot of the ugliness myself 2017-05-29 18:12:51 this download page is tricky 2017-05-29 18:13:29 also, the description is an array with 3 lines 2017-05-29 18:13:36 skarnet: it sounds like you're doing complicated shit 2017-05-29 18:13:38 :P 2017-05-29 18:13:54 i want it to be a single paragraph instead of fixed 3 rows 2017-05-29 18:15:24 Shiz: I am, but I'm getting paid for it so that's ok :P 2017-05-29 18:23:34 same thing over here, I work in a restricted environment so I've had to implement lots of silliness just to get things done 2017-05-29 18:24:15 gladly I already wrote tools for doing silly things with CentOS so I just added an Alpine library, a couple hundred lines, and Alpine support was included 2017-05-29 18:35:09 so basically I can have an extra line for deps residing in tagged repos and my tool catches that, restores a build chroot snapshot, installs those deps and after that builds in the chroot 2017-05-29 18:38:07 but then of course, the solution closest to the correct would be to untag edge... 2017-05-29 18:58:59 what do you think about this: http://wwwtest.alpinelinux.org/downloads/ 2017-05-29 18:59:11 i think the descriptions should probably be improved 2017-05-29 19:01:31 ncopa: buttons for archs different than x86 are broken 2017-05-29 19:01:52 huh? 2017-05-29 19:02:10 they work for me 2017-05-29 19:02:26 did you refresh the css? 2017-05-29 19:02:29 <_ikke_> for me to 2017-05-29 19:02:31 <_ikke_> too 2017-05-29 19:02:35 I mean, they are distorted 2017-05-29 19:02:47 shift-ctrl -r 2017-05-29 19:02:52 I know ;f 2017-05-29 19:03:20 ok 2017-05-29 19:03:29 i see it now in firefox 2017-05-29 19:03:31 btw assets should be hashed (hash in the name), then there would not be that problem ;) 2017-05-29 19:15:05 ok i think download buttons are fixed 2017-05-29 19:15:57 lemme check 2017-05-29 19:16:13 ncopa: confirm 2017-05-29 19:22:52 ncopa, i don't like it 2017-05-29 19:23:43 I prefer a single do button 2017-05-29 19:23:53 Dl.... 2017-05-29 19:37:09 ncopa, and why move to a paragraph for selling points? 2017-05-29 19:37:50 i think the selling points really need redoing 2017-05-29 19:38:26 im not discussing the content, just the layout. 2017-05-29 19:38:52 if its a selling point, it should be a single line. 2017-05-29 19:39:30 well, i am discussing the content too 2017-05-29 19:39:32 :P 2017-05-29 19:39:47 sure, go ahead :) 2017-05-29 19:39:53 i never really liked most of them 2017-05-29 19:40:13 but nobody at the time gave me alternatives 2017-05-29 19:43:53 i think a single row of DL/Release shaX GPG would be enough, when you hover/click them it would open a a menu will all arch's 2017-05-29 19:44:25 this way all flavours would have the same height. 2017-05-29 19:49:31 https://txt.shiz.me/ZTJiYmFjYz 2017-05-29 19:49:42 my proposition for selling poinst (+ changed order) 2017-05-29 19:49:48 only thing I'm struggling with is raspberry pi 2017-05-29 19:51:01 https://txt.shiz.me/MGRlYTEzYj updated 2017-05-29 19:52:14 why the , and . differences? 2017-05-29 19:54:52 standard gets an extra line because it's the base and two commas would look awkward there 2017-05-29 19:54:54 the rest has no dots? 2017-05-29 19:56:15 i mean std yes 2017-05-29 19:56:54 although imo generic arm should just be merged with standard 2017-05-29 19:57:01 or vanilla, maybe 2017-05-29 19:57:07 i see no reason for them to be different 2017-05-29 19:57:56 its not an iso i guess 2017-05-29 20:26:35 ncopa : I think I get alpine s390x running on KVM. Full virtualization cat /proc/cpuinfo inside KVM the same as in the host. afaik IBM pushed KVM support really good, as good as their mainline virtualization tech (z/VM) which is the original virtualization tech since the 70s 2017-05-29 20:27:12 I will try to build things, when it is good enough, we might make it the builder :) 2017-05-29 20:27:43 *I got it runnin 2017-05-29 20:30:42 TemptorSent: kaniini: can we already keep old kernel + modules when upgrading kernel to newer version? 2017-05-29 20:47:46 jirutka: no 2017-05-29 20:48:00 jirutka: the vmlinuz and so on files need to be versioned 2017-05-29 20:48:00 kaniini: what are the blockers? 2017-05-29 20:48:17 jirutka: and the APK itself needs to be versioned in some way (e.g. in the name) 2017-05-29 20:52:13 kaniini: full version number in pkg name is not very nice :/ 2017-05-29 20:52:15 kaniini: i've been running into issues with apk not installing build deps properly 2017-05-29 20:52:27 uh oh 2017-05-29 20:52:30 a bug report 2017-05-29 20:52:32 ACTION vanishes! 2017-05-29 20:53:18 i have a sneaky suspicion that abuild or apk only install makedepends for the host when they are not installed on builld yet 2017-05-29 20:54:49 honestly the way abuild traces what deps to install is kinda odd 2017-05-29 20:54:52 and yes 2017-05-29 20:54:59 it checks to see what is already there and filters that out 2017-05-29 20:55:44 but 2017-05-29 20:56:03 i want it to install something into the host sysroot, doesn't matter if the build system already has it 2017-05-29 20:56:17 because /usr/lib/zlib.a won't help me when i want ~/sysroot-x86/usr/lib/zlib.a 2017-05-29 20:56:19 :P 2017-05-29 20:57:08 and it's because get_missing_deps only operates on the system apk 2017-05-29 20:57:16 i think? 2017-05-29 20:57:25 gonna debug this some more 2017-05-29 21:00:34 Shiz: does abuild officially support cross-compilation now? 2017-05-29 21:01:07 it has for a while, it's how we bootstrap stuff 2017-05-29 21:02:56 so I just read triples in CBUILD and CHOST? 2017-05-29 21:04:00 ncopa: there’s another blog post (in Czech) about Alpine Linux! it’s about usage of various distributions on vpsFree, Alpine Linux is mentioned as the distro with the highest increment per year https://blog.vpsfree.cz/linuxove-distribuce-vede-debian-a-ubuntu-nahoru-se-dere-alpine/ 2017-05-29 21:05:38 could please someone review https://wiki.alpinelinux.org/wiki/Setting_up_disks_manually, fix outdated info, if any, and remove “This material is work-in-progress ...” ? 2017-05-29 21:05:44 skarnet: that's what you set when building, yes 2017-05-29 21:06:00 the apkbuilds need makedepends= separated into makedepends_build and makedepends_host 2017-05-29 21:06:33 someone (IMO troll) in a discussion about article at root.cz about Alpine has complained about it… 2017-05-29 21:08:42 ncopa: it’s also interesting that Alpine is installed on more VMs at vpsFree than OpenSUSE or even Arch Linux and it’s very close to number of Fedora installations :) 2017-05-29 21:10:34 who would install arch on a server :p 2017-05-29 21:10:41 ACTION runs 2017-05-29 21:10:49 kaniini: may have been an error on my part, disregard 2017-05-29 21:11:16 well, I asks who would install Debian or Ubuntu on server and yet, the most ppl :( 2017-05-29 21:11:20 hey jirutka could you test something for me if you have cpu cycles to burn 2017-05-29 21:11:22 :P 2017-05-29 21:11:29 Shiz: yeah 2017-05-29 21:21:34 jirutka: great 2017-05-29 21:22:49 jirutka: https://txt.shiz.me/MWRjMmEzNj 2017-05-29 21:22:54 this, essentially 2017-05-29 21:23:14 oh, uh 2017-05-29 21:23:23 # cd main/libc++ && abuild -r && cd .. , too 2017-05-29 21:23:45 https://txt.shiz.me/MDMxZmQ5OT 2017-05-29 21:23:47 updated 2017-05-29 21:24:29 Shiz: how many CPU cycles does it need? ;) 2017-05-29 21:24:35 uuh 2017-05-29 21:24:43 considering it will compile both llvm4 and clang? :P 2017-05-29 21:24:54 twice, because it also will cross-compile it in bootstrap.sh 2017-05-29 21:25:59 you’ve missed dependencies ;) abuild-tar.c:20:25: fatal error: openssl/evp.h: No such file or directory #include 2017-05-29 21:27:01 hm, it wants to overwrite some of my system files 2017-05-29 21:27:09 so I should run it in a separate container 2017-05-29 21:27:15 yeah 2017-05-29 21:27:20 what apkbuild is that? 2017-05-29 21:27:30 or do you mean the abuild repo 2017-05-29 21:27:41 because yeah that needs libressl-dev and something else 2017-05-29 21:38:07 hmm, issue in the go package 2017-05-29 21:38:32 burn it, burn it with fire! 2017-05-29 21:40:47 no, it was my own doing 2017-05-29 21:41:03 nevermind, still burn it, just for sure :P 2017-05-29 22:57:54 Since syslinux is only supported on x86*, how would we do fresh installation (running setup-alpine, setup-disk) on disk (choose sys in sys, data, lvm) on other arches ? https://git.alpinelinux.org/cgit/alpine-conf/tree/setup-disk.in#n811 2017-05-29 23:00:34 I'm not sure if other arches have a unified booting method 2017-05-29 23:00:36 ARM sure doesn't 2017-05-29 23:01:03 which leaves ppc64le and s390x, if they do it would be useful to add :) 2017-05-29 23:02:13 jirutka: https://txt.shiz.me/NjQ0ZjFkMT 2017-05-29 23:02:19 easy script you can just run 2017-05-29 23:02:22 in a container as root 2017-05-29 23:02:24 :P 2017-05-29 23:02:37 correction: https://txt.shiz.me/ZTc2ZDdiY2 2017-05-29 23:04:06 Shiz: So aarch64, armhf maintainers don't install on disk ? 2017-05-29 23:04:25 I am wondering how leitao installed the ppcle64 builder 2017-05-29 23:04:54 for now I boot s390x using the kernel + initfs along with a modified minirootfs 2017-05-29 23:05:13 it "looks" like a disk (sys) installation. 2017-05-29 23:31:38 aarch64 uses gummiboot ? hum... 2017-05-29 23:33:37 i guess aarch64 can be efi booted yes 2017-05-29 23:41:00 some aarch64 SoCs do use EFI 2017-05-29 23:41:05 one being the HTC One M9 phone 2017-05-29 23:41:27 the rpi3 and pine64 use uboot though 2017-05-30 00:35:58 fabled: kaniini: is there a planned release date for apk-tools 2.7.2 or 2.8 or whatever master will become? would love to get my paws on a release that has `manifest` in it 2017-05-30 00:36:33 no 2017-05-30 00:36:51 it will probably be late june 2017-05-30 00:37:05 ah, okay. I will just build from master then 2017-05-30 02:01:26 heads up: the clone links in alpine cgit point to http instead of https which makes copy/paste more difficult (or potentially insecure if you don't notice) 2017-05-30 02:03:38 or maybe that is on purpose, because cloning with https is timing out.. 2017-05-30 02:08:07 hm, maybe it was just temporary issue; works now 2017-05-30 02:22:08 https is mildly redundant with git 2017-05-30 02:22:19 the commit hash verifies the entire repo history 2017-05-30 02:22:21 :P 2017-05-30 02:25:37 Shiz: sure, but someone can dns poison + mitm and give someone a completely different repo 2017-05-30 02:26:00 Shiz: and afaik, commits are not gpg signed in alpine, so there is no guarantee that the Author: line is accurate (and anyone can use --author on git commit 2017-05-30 02:26:02 ) 2017-05-30 02:51:44 LLVM-alpine round two: now including lld 2017-05-30 02:51:46 result: bad 2017-05-30 02:51:54 pkgconf was the first thing that failed 2017-05-30 02:51:56 :P 2017-05-30 02:52:44 ACTION pokes kaniini 2017-05-30 02:58:52 jirutka: In addition to the apk naming, we also need to version the filenames for the kernel artifacts inside the apks, such as vmlinuz -> vmlinuz-4.9.27-1-hardened, same for System map, etc. 2017-05-30 02:59:29 jirutka: To make everything clean, there is also some support work needed in handling the bootloader config. 2017-05-30 03:15:01 okay fixed it 2017-05-30 03:15:09 needed to apply two patches to lld to fix libtool stupidity 2017-05-30 03:46:55 Shiz: probably not a pkgconf bug :P 2017-05-30 03:55:41 nope 2017-05-30 03:55:49 kaniini: libtool bug instead 2017-05-30 03:55:51 as expected 2017-05-30 03:56:03 if it doesn't see GNU ld or elf in --help, it will refuse to link dynamic libraries 2017-05-30 03:56:09 and the build will randomly fail because libpkgconf.so doesn't exist 2017-05-30 03:56:51 yes, that would be a problem :) 2017-05-30 04:18:11 I really hope the patch is adding 'elf' and not '(like GNU ld)' 2017-05-30 04:46:35 awilfox: both 2017-05-30 04:46:37 sadly 2017-05-30 04:46:53 # ld.lld --version 2017-05-30 04:46:55 LLD 4.0.0 (compatible with GNU linkers) 2017-05-30 04:56:47 anyway 2017-05-30 04:56:55 the link with ld.lld is progressing 2017-05-30 04:57:04 i'm also building elftoolchain on the side to see if it can help us 2017-05-30 04:57:05 :P 2017-05-30 04:57:41 that may be desirable to certain alpine derivatives 2017-05-30 04:57:42 :) 2017-05-30 04:58:32 ERROR: elftoolchain-0.7.1-r0: trying to overwrite usr/bin/size owned by binutils-2.28-r2. 2017-05-30 04:58:33 hehehe 2017-05-30 05:01:04 apparently elftoolchain has an ld now 2017-05-30 05:10:08 elftoolchain compiled 2017-05-30 06:40:20 http://wiki.adelielinux.org/wiki/APK_internals does anyone want to review this? I'm trying to document the structure for reasons 2017-05-30 07:42:15 Looks like alpine linux 3.6.0 is broken on raspberry pi 2017-05-30 08:14:32 Pickfire, no boot I guess? 2017-05-30 08:15:02 <_ikke_> clandmeter: he left 2017-05-30 08:15:12 Ok 2017-05-30 08:15:16 Thx 2017-05-30 08:30:17 clandmeter, working on rpi kernel now, waiting to build 2017-05-30 08:30:31 seems the rpi2 kernel config was accidentally broken on 4.4->4.9 upgrade process 2017-05-30 08:39:09 ACTION waves 2017-05-30 09:13:03 fabled, what is/was wrong? 2017-05-30 09:18:12 awilfox: if by index char you mean how it is stored in db, then replaces -> r, replaces_priority -> q 2017-05-30 09:21:12 awilfox, I read it a bit and I don't see any mention of the apkindex? Probably intentional. 2017-05-30 09:22:52 Provides can also include pkgconf entries. 2017-05-30 09:52:11 przemoc: I heard evolving, so any pretty would be good. also thank you for catching silly error. fixed! 2017-05-30 11:04:17 przemoc, i will probably start certain parts from scratch, but reuse large parts of the codebase 2017-05-30 11:06:09 I suspected that this will be the most probable course of action that you'll take, but wanted to confirm that 2017-05-30 11:30:04 fabled: I don't remember the link to the file where you listed all the planned features. I think that file index at the beginning of apk would be quite useful (via custom vendor pax extension, possibly). actually it's a pitty that pax lacks standardized file index extension. having to scan whole archive to know its content is often burdensome. having such index at the beginning of .apk would 2017-05-30 11:30:11 also allow implementing file listing for given packages even if they are not installed yet, because you'd need to download only beginning of the .apk. 2017-05-30 11:47:34 My patch "testing/blind: upgrade to 1.1", didn't go into patchwork. First do I have to take some action? Second did I do something wrong? I thought if I send a patch to the mailinglist during release time, it just gets ignored till after. 2017-05-30 11:48:54 przemoc, will likely redesign the file format. possibly to be not .tar; the index would be in the start of the file then 2017-05-30 11:49:25 the idea is to have signed blobs in them, and copy those directly to installed-db; so "apk audit" can verify whole system against asymmetrically signed blobs 2017-05-30 11:52:53 fabled: aww, sounds promising 2017-05-30 11:52:59 skrzyp: ^ 2017-05-30 11:54:19 i do have some code existing, but it's just drafting it 2017-05-30 11:54:32 <^7heo> that would be neat. 2017-05-30 11:57:32 I see. using tar-compatible format is nice for debugging, as you can (at least partially) inspect stuff w/o special tools, but tar/pax format is not the nicest thing in the world and there is some historic cruft in it that gives us nothing. actually I haven't researched whether there are any already-in-use well-thought-out tar replacements 2017-05-30 11:59:21 that's my notion too 2017-05-30 11:59:40 as option, i was planning to offer "apk convert-to-tar" applet that would convert .apk to .tar 2017-05-30 12:00:05 the problem is that, certain things are hard to implement inside tar 2017-05-30 12:00:28 alternative, is to have .tar and the first entry be PAX header with a binary blob of all data apk needs 2017-05-30 12:00:45 but then the tar headers are just duplication information and just take space 2017-05-30 12:00:59 i've found that rarely i need to use tar nowadays to inspect .apk 2017-05-30 12:03:32 Ganwell: we had issues with our infra. it should work again so you can resend 2017-05-30 12:03:34 sorry about that 2017-05-30 12:04:54 fabled: i find the .tar format in apk pretty handy 2017-05-30 12:05:07 would cpio be a better alternative? 2017-05-30 12:05:40 my point is that it is very convenient to be able to extract the .apk with standard tools 2017-05-30 12:09:06 if tar would be ever abandoned for apk, my strong suggestion would be to make pure archive-related part of apk-tools separate with its own lib+bin (format name shouldn't impose it's apk-only), and simply use such lib in apk tools. that way anyone could reuse archive part and there would be easy tools to at least extract stuff from such apk-ng files, even w/o whole apk-ng machinery. 2017-05-30 12:12:17 scadu: 2017-05-30 12:12:25 what? 2017-05-30 12:21:12 ncopa: cpio is a mixed bag, but it's mostly inferior to tar (lack of user/group names for instance) and has worse tooling 2017-05-30 12:53:58 ncopa: I also like that apk is just a simple tar, much better than deb or rpm non-sense Matryoshka doll 2017-05-30 12:58:19 przemoc: all I want from the archive format is to be able to encode user/groups and Unix permissions at archive creation time separately from the files themselves, so you don't need fakeroot to create an archive with multiple uid/gids 2017-05-30 12:58:45 that would be nice yes 2017-05-30 12:59:10 a hierarchy + a permissions file is all I'm asking for 2017-05-30 13:05:27 skarnet: support for providing perms is useful feature, cannot disagree. it's not that tar format doesn't support such thing (well, it doesn't support is as a separate permission file, that much is obvious). the only problem is that most commonly used tar/pax utils doesn't expose that kind of functionality 2017-05-30 13:06:13 yeah, that's why I was mentioning it if we're considering an apk-specific lib 2017-05-30 13:07:04 if the backend has to perform horrible hacks to implement the functionality, so be it, as long as I don't have to see it XD 2017-05-30 13:09:27 didn't know you're that lax regarding hidden mess ;) 2017-05-30 13:13:28 gnu tar has some support for overriding file metadata (--owner, --group, --mtime), but it's not a fine-grained stuff 2017-05-30 13:16:31 it's for the whole archive, which is obviously not enough 2017-05-30 14:22:29 clandmeter: red light stays on, green light blink, rainbow screen showed up and stuck. 2017-05-30 14:22:54 _ikke_: I check the logs for the time being, cannot be online 24/7 since pi is down. 2017-05-30 14:23:03 I though it will be something like roses are red... :< 2017-05-30 14:23:09 So many things is down. T_T 2017-05-30 14:23:34 scadu: Roses are red, violets are blue, sugar is sweet and so are you. 2017-05-30 14:23:43 Wait, I think that's wrong. 2017-05-30 14:23:49 ACTION runs 2017-05-30 14:24:10 Roses are red, that much is true, but violets are violet, not fucking blue. 2017-05-30 14:24:49 #ruinaromanticevening 2017-05-30 14:25:02 Haha 2017-05-30 14:25:58 skarnet: Would the manifest format with added perms/owners/timestamp be usable for your needs? 2017-05-30 14:29:11 TemptorSent: I suppose it would, yes 2017-05-30 14:29:49 now, obviously, it would need to be a format that accept newlines and special characters in filenames. :P 2017-05-30 14:31:24 ACTION regret that it didn't do any backup before the upgrade 2017-05-30 14:31:25 Any preferences on escaping? 2017-05-30 14:31:49 <^7heo> skarnet: nice one 2017-05-30 14:33:02 TemptorSent: yes. I would love it if it followed that format: http://skarnet.org/software/s6-portable-utils/s6-quote.html 2017-05-30 14:33:41 Off hand, \n and \t are the only issues I'm aware of causing a mess. 2017-05-30 14:33:57 i.e. "filename\nwith\x0cspecial characters" 2017-05-30 14:34:52 anyway, no time to delve into this right now, back to work 2017-05-30 14:34:56 <^7heo> o/ 2017-05-30 14:35:23 Quoted, spaces intact, all non-alphanum escaped? 2017-05-30 14:35:38 anyway, no time to delve into this right now, back to work 2017-05-30 14:36:16 <^7heo> TemptorSent: from the doc skarnet linked: Quoted strings are guaranteed to be pure printable ASCII, without control characters. 2017-05-30 14:37:09 <^7heo> so to me that means, it'll contain only characters from 0x20 to 0x7E 2017-05-30 14:37:16 <^7heo> (included) 2017-05-30 14:37:22 For use in the manifest, the result of "s6-quote -n -u $filename" should work. 2017-05-30 14:40:46 The only issue with rendering it with printf in shell is the possible interpretation of the $... 2017-05-30 14:58:25 @fabled │ i've found that rarely i need to use tar nowadays to inspect .apk 2017-05-30 14:58:28 i do this all the time fwiw 2017-05-30 14:58:30 :P 2017-05-30 15:21:40 przemoc, many packages have pc: provides. just check APKINDEX. 2017-05-30 15:25:39 indeed. it's added automatically, though. I wasn't aware of that pc: thing within p:, so thanks for that 2017-05-30 15:26:23 yw 2017-05-30 15:26:42 (and my grepping failed, because I used different abbrev of pkgconf) 2017-05-30 15:27:31 ncopa, are we doing a new release to fix rpi boot issues? 2017-05-30 15:27:49 clandmeter: yes 2017-05-30 15:28:02 okidoki 2017-05-30 15:28:08 with 4.9.30 kernel too 2017-05-30 15:28:10 and some other fixes 2017-05-30 15:28:56 i hope this also fixes my rpizw 2017-05-30 15:30:31 oh it was an older bug... confusing when ppl append to an older bug... 2017-05-30 15:35:42 ncopa: not sure if you caught my llvm progress, but ... 2017-05-30 15:35:54 bootstrapped most of an alpine base system with clang+compiler-rt+libc++lld now 2017-05-30 15:35:56 :P 2017-05-30 15:36:38 https://alpinelinux.org/downloads/ vs http://wwwtest.alpinelinux.org/downloads/ - sha256 and gpg buttons next to archs look indeed better and are even more mobile friendly (but I doubt people check checksums on their smartphones...) 2017-05-30 15:44:15 ncopa, what if we show the download button as http://getbootstrap.com/components/#btn-dropdowns-single and arch's as childeren? 2017-05-30 15:45:29 then it will be unclear what flavor is available on what arch 2017-05-30 15:45:44 without lot of clicking, that is 2017-05-30 15:46:22 its a download buttton 2017-05-30 15:47:58 which means you already know what you want. 2017-05-30 15:48:19 the vertical alignment really sucks like this 2017-05-30 15:49:31 and the fontsize of the download buttons looks targeted at visually impaired users. 2017-05-30 15:51:07 I found the font size nice, just the x86_64 arch download is a bit misaligned. 2017-05-30 15:52:48 by using dropbown buttons we could also put the filetype back into the button. 2017-05-30 15:54:44 Hmm, something that may be very interesting just popped up on phoronix - WhiteEgret LSM - Whitelist for executables/libs. 2017-05-30 15:56:08 Patch is reasonably short and looks sane on first glance 2017-05-30 16:01:51 hey guys 2017-05-30 16:01:53 And it's well documented, with examples - how novel! 2017-05-30 16:02:47 Hello zaolin_. 2017-05-30 16:02:50 the new 3.6.0 seems to be somehow broken. I can't bind ports anymore. 2017-05-30 16:03:29 and virthardened does not work for MDADM 2017-05-30 16:04:20 Hmm, are the appropriate modules loading? 2017-05-30 16:04:25 you can't bind ports? 2017-05-30 16:04:51 What network driver are you using? 2017-05-30 16:06:17 Yep before 3.6.0 with 3.5.0 it worked 2017-05-30 16:06:31 has my bug-report of getting SIGILL on 3.6.0 binaries gone ignored? 2017-05-30 16:07:11 anyway, different question: testing/ seems only available on edge, not on numbered releases, I assume that's intentional? 2017-05-30 16:07:43 skarnet: no, i just havent been able to repro it 2017-05-30 16:07:45 and yes 2017-05-30 16:07:53 skarnet: Missed that -- random illegal instructions or deterministic (compile error?) 2017-05-30 16:09:06 I was seeing SIGILL frequently under qemu under edge while testing isos, so it's not entirely new, but I couldn't find any determinism in it. 2017-05-30 16:10:00 Shiz: to repro it: install a pristine Alpine v3.6.0 on a Virtualbox VM, apk add s6-rc, grab a s6-rc source database I can put online, and run "s6-rc-compile compiled main" 2017-05-30 16:10:18 33% chances of success, 33% chances of busylooping, 33% chances of SIGILL 2017-05-30 16:10:33 zaolin_: Modules are the first suspect - see if those are present and loaded. 2017-05-30 16:10:48 skarnet: i'll do that later tonight, thanks 2017-05-30 16:10:57 feel free to pm me a link to such a source database when you have time to upload one :) 2017-05-30 16:11:06 skarnet: That's consistent with what I was seeing under qemu - appears to be an issue under HVM. 2017-05-30 16:12:22 skarnet: What physical hardware are you running on top of? I'm on a Xeon E5-1620 2017-05-30 16:13:13 meanwhile i've advanced my allvmpine experiment into replacing binutils with elftoolchain 2017-05-30 16:13:19 can't wait to see what will miraculously break 2017-05-30 16:13:21 :P 2017-05-30 16:13:51 Shiz: http//skarnet.org/tmp/main.tgz (nothing secret in there) 2017-05-30 16:14:00 danke 2017-05-30 16:14:03 Great progress Shiz - Soon it will be GNULess/Linux :) 2017-05-30 16:14:05 TemptorSent: core i7-4770K 2017-05-30 16:14:18 it seems lld can't link Go on i386 2017-05-30 16:14:20 or at least 2017-05-30 16:14:24 not without providing text relocs 2017-05-30 16:14:29 bfd ld does not have this issue 2017-05-30 16:14:56 TemptorSent: it has to do with something on the guest, can't be the host, because I tried it on a Windows host 2017-05-30 16:15:16 (not saying that Windows doesn't have issues, but that's unrelated :P) 2017-05-30 16:15:58 skarnet: Agreed - but underlaying hardware changes how the VM virtualizes certain instructions, which can make debugging on a different gen CPU a royal PITA! 2017-05-30 16:16:43 yeah - but no matter what it is, it points to the toolchain building binaries that the guest interprets badly 2017-05-30 16:16:56 VT-d is one that makes all kinds of fun. 2017-05-30 16:17:03 older Alpine releases don't do that, so gcc-7.1.0 looks like a smoking gun 2017-05-30 16:17:15 might be worth it to rebuild 3.6 with gcc-6 2017-05-30 16:17:34 Perhaps back into the late 6.x releases based on what I saw a few months ago. 2017-05-30 16:18:02 skarnet: we don't build 3.6 with gcc 7.x 2017-05-30 16:18:08 3.6 has been built with 6.3 2017-05-30 16:18:42 oh? weird then 2017-05-30 16:18:48 What flag changes did we have in libs... 2017-05-30 16:19:08 7.x was decided against because we were afraid issues like these would pop up 2017-05-30 16:19:09 Possible bad optimization. 2017-05-30 16:19:10 :P 2017-05-30 16:19:21 or, I believe so -- i wasn't there at the time 2017-05-30 16:20:27 well issues like these are popping up anyway :P 2017-05-30 16:20:53 With the failure mode, a test-and-set on a lock may be acting up when virtualized. 2017-05-30 16:23:02 TemptorSent: Is it possible to downgrade ? 2017-05-30 16:24:04 zaolin_: Not easily at the moment that I'm aware of -- we're working on fixing the kernel version issues in packaging to allow that easily. 2017-05-30 16:24:36 kaniini may have a better idea of how to do so currently if it's possible... 2017-05-30 16:25:36 TemptorSent: ixgbe is the driver 2017-05-30 16:26:20 echo '@3.5 http://dl-cdn.alpinelinux.org/alpine/v3.5/main' >> /etc/apk/repositories 2017-05-30 16:26:25 apk add linux-grsec@3.5 2017-05-30 16:26:27 erf 2017-05-30 16:26:32 apk add --update linux-grsec@3.5 2017-05-30 16:26:36 reboot 2017-05-30 16:27:00 you can also downgrade by just changing /etc/apk/repositories and then doing apk upgrade --available 2017-05-30 16:27:03 it will downgrade it 2017-05-30 16:27:42 kaniini: thanks 2017-05-30 16:27:57 I missed the --available 2017-05-30 16:28:44 Thanks kaniini -- I wasn't sure how to force it to downgrade without totally confusing apk :) 2017-05-30 16:29:29 zaolin_: always use --available when going between distribution versions 2017-05-30 16:29:42 clandmeter: anyway, you were wondering why we want clang as system compiler. welp, ^^^^ should cover it 2017-05-30 16:30:23 zaolin_: Also, check your dmesg and verify the network device is actually getting assigned and that your interface is established completely. 2017-05-30 16:30:31 it finally happened. GCC completely screwed a distribution release. 2017-05-30 16:31:28 So, Alpine 4.x, GCC-free? :) 2017-05-30 16:31:37 TemptorSent: That works otherwise I couldn't log into it via ssh 2017-05-30 16:32:05 I had also issues with the pure grsec kernel regarding kvm and ubuntu guests 2017-05-30 16:32:05 TemptorSent: at this point, definitely. 2017-05-30 16:32:07 its not like lcang wont have bugs 2017-05-30 16:32:45 clang at least has QA 2017-05-30 16:32:52 GCC as a project has literally been falling apart since GCC 5 2017-05-30 16:33:08 would you like to see my LLVM patch queue :P 2017-05-30 16:33:17 i think im up to 15-20 patches or so 2017-05-30 16:33:33 clang fails some basic shit -print-prog-name=ld working properly together with -fuse-ld 2017-05-30 16:33:38 like* 2017-05-30 16:33:41 zaolin_: Okay, you have working networking, good :) Next question is did the AF_PACKET module and friends load? I'm not sure if there is a grsec specific option that may be biting as well. 2017-05-30 16:34:11 Shiz: lols 2017-05-30 16:34:11 zaolin_: For testing purposes, try the vanilla kernel. 2017-05-30 16:35:07 Shiz - At least the LLVM patches might get upstreamed before next centry without a bunch of bickering on the ML. 2017-05-30 16:35:39 skarnet: at what address did you observe the SIGILL being thrown 2017-05-30 16:35:56 I didn't run gdb on it or anything 2017-05-30 16:36:58 the PC address in theory would be dumped on dmesg output 2017-05-30 16:37:18 yeah, I can try again tonight 2017-05-30 16:37:33 but Shiz is more fluent than I am with those things 2017-05-30 16:38:32 The PC should tell us whether it's happening in application space or kernel space in theory. 2017-05-30 16:38:47 yes 2017-05-30 16:39:05 i suspect the problem is actually related to grsecurity 2017-05-30 16:39:06 not toolchain 2017-05-30 16:39:07 because 2017-05-30 16:39:14 the kernel build logs have had a lot of scary warnings 2017-05-30 16:39:20 about truncated instruction opcodes 2017-05-30 16:39:23 But one problem with running a nice relocatable kernel is that we can't resolve such addresses. 2017-05-30 16:39:43 skarnet: which kernel did you boot when you observed these problems 2017-05-30 16:41:25 can't tell you. The default. 2017-05-30 16:41:26 Hmm, have we made sure our kernel headers don't have any major problems that could cause this? Inlining inappropriate code in a macro perhaps? 2017-05-30 16:41:49 s6 doesn't use kernel headers 2017-05-30 16:41:51 i'd hope 2017-05-30 16:41:53 :P 2017-05-30 16:41:55 it doesn't 2017-05-30 16:42:40 unrelated: there's a /usr/lib/libz.a symlink to /lib/libz.a, but no similar /usr/lib/libz.so symlink 2017-05-30 16:42:46 TemptorSent: no i mean i think there is literally illegal opcodes in the kernel image itself 2017-05-30 16:42:50 this breaks stuff 2017-05-30 16:43:40 ncopa: could you please update the zlib APKBUILD so it either uses both /usr/lib/libz.a and /usr/lib/libz.so, or neither? 2017-05-30 16:43:47 kaniini: Agreed - I'm just wondering if it's something that one of the grsec patches modified in a header that's biting us in multiple places. 2017-05-30 16:43:54 here 2017-05-30 16:43:54 let me show you 2017-05-30 16:43:55 what i am talking about 2017-05-30 16:43:56 http://build.alpinelinux.org/buildlogs/build-3-6-x86_64/main/linux-hardened/linux-hardened-4.9.29-r0.log 2017-05-30 16:44:19 there's tons of errors like: 2017-05-30 16:44:20 sound/pci/asihpi/hpimsgx.o: warning: objtool: adapter_prepare()+0x44: can't find jump dest instruction at .text+0x50e 2017-05-30 16:44:36 and: 2017-05-30 16:44:39 net/bluetooth/cmtp/core.o: warning: objtool: cmtp_session()+0x866: can't decode instruction 2017-05-30 16:44:55 (some Python stuff uses gcc -shared -L/usr/lib -o foobar.so blahblah -lz, and gcc tries /usr/lib/libz.a, and fails, obviously) 2017-05-30 16:44:58 and: 2017-05-30 16:45:00 sound/soc/intel/boards/cht_bsw_rt5645.o: warning: objtool: cht_codec_init(): can't find starting instruction 2017-05-30 16:45:14 Yeah, that's fugly -- my question is why does it show up under virtualization, but not on bare metal? 2017-05-30 16:45:50 TemptorSent: maybe it does show up on bare metal. you are assuming things. 2017-05-30 16:46:41 Okay, I didn't hit it on bare metal with my testing, while under qemu, I was getting a sigill within a few minutes of use pretty reliably. 2017-05-30 16:46:43 although in my experience, feedback is more forceful in VMs than it is on bare metal. 2017-05-30 16:46:44 for example, in bare metal, maybe we just get inconsistent hardware states which cause later instability 2017-05-30 16:47:02 verses in a VM, it's a proven violation so it throws a CPU exception immediately 2017-05-30 16:47:26 qemu proves my point: it doesn't faithfully emulate real hardware 2017-05-30 16:47:40 real hardware is more forgiving 2017-05-30 16:48:14 Right - and grsec may be using stupid tricks which depend on real hardware to work. 2017-05-30 16:48:50 (such as hard-coding instruction offsets based on known implementation details) 2017-05-30 16:48:53 i'm 99% sure that disabling whatever is causing those errors 2017-05-30 16:48:57 will make the SIGILL go away 2017-05-30 16:49:15 I'd 99% agree with that hypothesis :) 2017-05-30 16:49:24 note that busylooping is another possible outcome 2017-05-30 16:49:36 but i want somebody to test linux-hardened vs linux-vanilla to see 2017-05-30 16:49:52 so, can somebody do that please? :) 2017-05-30 16:50:04 sure, but not now 2017-05-30 16:50:13 skarnet: yes, which further points to inconsistent state hypothesis 2017-05-30 16:50:40 well TemptorSent says he is getting SIGILLs all over the place in qemu 2017-05-30 16:50:45 Agreed - I don't currently have my test env setup, so it's probably best if skarnet tries a repro tonight. 2017-05-30 16:50:52 so i suspect he can compare 2017-05-30 16:51:01 anyway 2017-05-30 16:51:05 somebody test it and let me know 2017-05-30 16:51:13 if that is indeed the case, 2017-05-30 16:51:28 then i will look at disabling whatever is causing those warnings 2017-05-30 16:51:38 grsec :) 2017-05-30 16:52:07 Possibly page indirection hack for segmentation. 2017-05-30 16:53:31 there is no segmentation on x86_64 2017-05-30 16:53:42 i'm suspecting this is related to pax_open_kernel/pax_close_kernel 2017-05-30 16:53:45 maybe spender fucked it up 2017-05-30 16:53:48 That's why grsec uses an ugly hack. 2017-05-30 16:53:49 as a practical joke 2017-05-30 16:53:56 he is enough of a jackass to do that 2017-05-30 16:53:57 :) 2017-05-30 16:54:52 maybe our fwport is bad :P 2017-05-30 16:55:06 that is another possibility 2017-05-30 16:57:57 It looks as though the kernel hardening project that started at gentoo spun off to it's own project -- see https://github.com/thestinger/linux-hardened 2017-05-30 16:57:57 Shiz: kaniini: has anyone investigated the problem skarnet reported few days ago? 2017-05-30 16:58:18 that is what we are talking about. 2017-05-30 16:58:22 aha :) 2017-05-30 17:00:32 i think we are overrunning instead of jumping back to userspace correctly in some cases 2017-05-30 17:00:41 which results in a SIGILL being delivered to the userspace process 2017-05-30 17:02:11 UDEREF or constify both have a potential to cause such behavior... Need to determine WHAT is overrunnign to narrow it down. 2017-05-30 17:07:41 btw, so far so good 2017-05-30 17:07:48 the important stuff has linked with lld and elftoolchain 2017-05-30 17:08:01 reading all this I'm kinda glad now running only -vanilla on my vms 2017-05-30 17:08:23 i586-alpine-linux-musl-strip: --remove-section=.note: invalid target name 2017-05-30 17:08:27 aand the first error :P 2017-05-30 17:08:32 courtesy of busybox 2017-05-30 17:08:41 .note, invalid? 2017-05-30 17:08:47 that's a good one 2017-05-30 17:09:31 (is i586 even a worthy target? :P) 2017-05-30 17:09:39 i think it's not created in the first place 2017-05-30 17:09:41 the .note section 2017-05-30 17:10:08 run strip -R .note several times on the same binary, it won't error out 2017-05-30 17:10:43 # readelf -a busybox_unstripped 2>/dev/null | grep .note 2017-05-30 17:10:46 # 2017-05-30 17:10:47 yes 2017-05-30 17:10:50 i should patch elftoolchain strip 2017-05-30 17:11:29 ah yes, GNU strip silently ignores nonexistent sections but elftoolchain strip doesnt? 2017-05-30 17:11:50 yea 2017-05-30 17:12:00 how does one create tools that are even more annoying and braindead than GNU ones? 2017-05-30 17:12:44 kaniini: So, looking at PAX, the trampoline emulation for sigreturn is something to give a hard look at... Do we have that enabled in virthardened? 2017-05-30 17:13:09 skarnet: By starting with GNU tools for inspiration :) 2017-05-30 17:13:49 actually, it may be due to how it is invoked 2017-05-30 17:15:02 skarnet: so what do i need to do to reproduce this? 2017-05-30 17:15:17 wrote it above 2017-05-30 17:15:36 TemptorSent: like i said, i do not think any of that is it: i think it is literally something like RAP fucking shit up 2017-05-30 17:17:04 TemptorSent: those warnings i pointed out int he build log, do not exist on -vanilla, and i do not observe SIGILL problems on -vanilla 2017-05-30 17:17:20 TemptorSent: in VM or otherwise 2017-05-30 17:18:25 kaniini: Right, I'm looking at where in PAX it's likely actually propigating, and there are a few that may be questionable on their face. 2017-05-30 17:18:50 it makes no difference to me where the SIGILL is propagating 2017-05-30 17:19:11 PAX is throwing the SIGILL most likely because something is very wrong 2017-05-30 17:19:43 (and yes, PAX basically takes over large chunks of CPU exception handling) 2017-05-30 17:20:46 okay, found the actual issue 2017-05-30 17:20:48 skarnet: are you ready 2017-05-30 17:20:54 elftoolchain strip doesn't like -s 2017-05-30 17:20:55 :P 2017-05-30 17:21:06 Also, do we have both GRKERNSEC_CONFIG_VIRT_GUEST and GRKERNSEC_CONFIG_VIRT_HOST defined at the same time? If so, are they actually able to coexist without causing problems? 2017-05-30 17:21:48 Same with virt type. 2017-05-30 17:24:28 The help-text for PAX_EMUTRAMP makes me very suspect of it (or the lack of it) and interaction with musl 2017-05-30 17:24:59 it's really not that. 2017-05-30 17:33:35 According to the stack-validation.txt document from objtool, the 'can't find starting instruction' type errors are a result of data in a text (or other non-data) section. 2017-05-30 17:35:59 Perhaps running 'make CONFIG_DEBUG_SECTION_MISMATCH=y' as indicated in the build log would be helpful? :) 2017-05-30 17:40:39 Also, reading the build log - there is at least one potentially serious redefinition of COMMAND_SIZE between ftdi-elan.c and scsi_common.h that should be fixed. 2017-05-30 17:47:37 TemptorSent: like i said, it is pointing towards RAP 2017-05-30 17:48:17 but i have actual work to do at the moment 2017-05-30 17:50:27 I'm afraid I've only looked at the guts of PaX long enough to get a headache, so if you've got a suspect feature that we can disable to test, that's cool! Whenever you get time :) 2017-05-30 18:22:10 TemptorSent: like i said, it is probably RAP. but i want somebody to test on vanilla to see if the SIGILL is there. if i am correct, the SIGILL will not be present on vanilla. 2017-05-30 18:23:48 if the trampoline generated by RAP is wrong, and sysret instruction is called with the incorrect pre-conditions, then the userspace process will raise SIGILL 2017-05-30 18:38:35 Let me grab the standard and vanillla release .isos and see if qemu gives the same results. 2017-05-30 18:42:37 mmmkay 2017-05-30 18:46:05 Bloody hell -- I can't use the standard images on my system at all because they force framebuffer mode in qemu! 2017-05-30 18:47:24 With noautodetect, I'm missing some drivers, but it might work anyway... 2017-05-30 18:57:52 kaniini - skarnet's reproducer isn't giving me sigill, rather segv with random run-hang. 2017-05-30 18:58:25 TemptorSent: on which kernel. 2017-05-30 18:59:07 TemptorSent: a segv is another possibility with an incorrect sysret target 2017-05-30 18:59:22 it's not a hang, it's a busyloop (top can show you the cpu is spinning) 2017-05-30 18:59:30 and there's nothing in the user code that can even loop 2017-05-30 18:59:33 TemptorSend: af_packet is there with vanilla kernel 2017-05-30 19:00:05 in fact, an invalid sysret return can cause ... wait for it... 2017-05-30 19:00:07 - SIGILL 2017-05-30 19:00:09 I'm kinda glad the bug-report I got was a SIGILL, because if it had been a SIGSEGV I'd still be looking for the bug in my code -_- 2017-05-30 19:00:12 - SIGSEGV 2017-05-30 19:00:28 - 100% CPU use (jump to data which is now interpreted as bogus instructions) 2017-05-30 19:01:04 kaniini: how do you explain it works sometimes, too? 2017-05-30 19:01:07 kaniini: linux-hardened kernel, getting segv_maperr on close(4) at si_addr=0x6d896e6340e1 2017-05-30 19:01:15 TemptorSent: bingo 2017-05-30 19:01:27 so that means it's 99.999999% likely RAP 2017-05-30 19:01:31 TemptorSent: can you confirm it works on vanilla? 2017-05-30 19:01:52 yes 2017-05-30 19:01:55 One moment, have to play games to get it up because the stupid FB autodetect. 2017-05-30 19:01:58 please test vanilla now 2017-05-30 19:02:09 if it works there, it is definitely RAP. 2017-05-30 19:02:20 si_addr is unaligned too 2017-05-30 19:02:31 which is definitely wrong for a sysenter/sysret 2017-05-30 19:05:43 Bugger, it's doing the same thing in Vanilla! 2017-05-30 19:05:47 Bugger, it's doing the same thing in Vanilla! 2017-05-30 19:05:56 wtf 2017-05-30 19:06:31 Oops, sorry for the double-tap :) 2017-05-30 19:06:40 theory 2: try reverting to 3.5 libc 2017-05-30 19:07:05 echo '@3.5 http://dl-cdn.alpinelinux.org/alpine/v3.5/main' >> /etc/apk/repositories; apk add --update musl@3.5 2017-05-30 19:07:26 si_addr=0x7f6ed2ac0c0a 2017-05-30 19:07:43 yes, unaligned again. which means something is fishy here 2017-05-30 19:07:59 can you do the 3.5 musl downgrade as above 2017-05-30 19:08:03 and retry? 2017-05-30 19:10:00 Still gettting segv, but this time aligned at least - si_addr=0x7fd63395e294 2017-05-30 19:12:38 okay 2017-05-30 19:12:59 try installing 2017-05-30 19:13:24 echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories; apk add --update s6-rc@edge 2017-05-30 19:13:26 repeated runs sometimes run to completion with exit code 111 (a proper error) 2017-05-30 19:14:19 and rerun the testcase 2017-05-30 19:14:53 i'm wondering if 3.6 was built with -Os 2017-05-30 19:14:57 Same again, with a couple run-hangs.. 2017-05-30 19:15:12 apk add skalibs@edge 2017-05-30 19:15:15 kaniini: it was 2017-05-30 19:15:17 TemptorSent: is there an error message when it exits 111? if it's "compiled already exists" then it's not running 2017-05-30 19:15:23 Shiz: !!!!! 2017-05-30 19:15:28 Shiz: MUSL IS TOTALLY BROKEN WITH -Os 2017-05-30 19:15:30 even edge is still -Os 2017-05-30 19:15:31 lol 2017-05-30 19:15:39 wtf 2017-05-30 19:15:45 no edge is -O2 i am pretty sure 2017-05-30 19:15:52 1. it's the first time I hear that musl is broken with -Os 2017-05-30 19:16:04 nah 2017-05-30 19:16:06 edge is -Os 2017-05-30 19:16:11 2. why would you build a general purpose distro with -Os 2017-05-30 19:16:31 Wow, AND I'm getting two different valid exit status, one 0 one 111 2017-05-30 19:16:41 Shiz: i am positive edge is not -Os 2017-05-30 19:17:13 TemptorSent: fuck it 2017-05-30 19:17:13 TemptorSent: upgrade everything to edge 2017-05-30 19:17:14 TemptorSent: see if it still happens 2017-05-30 19:17:15 I'm using edge abuild and it passes -Os 2017-05-30 19:17:17 that's all i can say 2017-05-30 19:18:42 Runing update... 2017-05-30 19:19:31 -Os can actually be FASTER than -O2 if it results in less cache misses, but this should be optimized on a per-arch and per-package level. 2017-05-30 19:20:14 kaniini: Still same type of results after 'apk upgrade --update --available' 2017-05-30 19:20:36 argh 2017-05-30 19:21:13 skarnet: As for the 111 error, it's happening after wiping the compiled directory each time, sometimes at random -- race condition somewhere? 2017-05-30 19:21:33 Previous bad return corrupting subsequent context? 2017-05-30 19:22:04 TemptorSent: exact error message? even better, if you can paste a strace :) 2017-05-30 19:23:30 Hmm, lemme see what I can do -- I'm playing in a little tiny window on my console with qemu :) 2017-05-30 19:24:09 apk add sprunge 2017-05-30 19:24:19 voilà, pastebin from your command line 2017-05-30 19:27:49 http://termbin.com/c50x 2017-05-30 19:28:21 thanks 2017-05-30 19:28:27 The pastebin wasn't the problem, I just had to tee to an output file and retry until I got the error output. 2017-05-30 19:29:46 compare to http://termbin.com/jvcw 2017-05-30 19:30:19 and http://termbin.com/bhes 2017-05-30 19:30:44 run-hangs occur at the same location as the SEGV in the previous log. 2017-05-30 19:31:18 <^7heo> where do we usually install libraries with makefiles? 2017-05-30 19:31:25 <^7heo> /lib? 2017-05-30 19:31:38 manually? /usr/local/lib 2017-05-30 19:31:39 /usr/lib 2017-05-30 19:31:46 ^ for a distro 2017-05-30 19:31:49 <^7heo> skarnet: nah for the distro 2017-05-30 19:31:49 yea 2017-05-30 19:31:52 <^7heo> yeah got it 2017-05-30 19:32:11 <^7heo> So /usr/lib is in the loading so path? 2017-05-30 19:32:30 <^7heo> (and /usr/local/lib too I presume?) 2017-05-30 19:32:31 Generally /lib is for system libraries, /usr/lib for general application libs 2017-05-30 19:32:39 <^7heo> yeah 2017-05-30 19:32:42 <^7heo> ok 2017-05-30 19:33:19 <^7heo> Also does anyone have a mac? 2017-05-30 19:33:30 ^7heo: jirutka :f 2017-05-30 19:33:31 <^7heo> I'd like to know where to install libs on MacOS too. 2017-05-30 19:33:41 ? 2017-05-30 19:33:44 <^7heo> To make the makefile portable. 2017-05-30 19:33:49 ah, yeah, I have a Mac 2017-05-30 19:33:49 I have a Quadra 950 sitting around somewhere, does that count? :P 2017-05-30 19:33:51 (and of course OpenBSD installs a shitload of things under /usr/local/lib, because they don't give a fuck) 2017-05-30 19:34:14 ^7heo: good luck with that 2017-05-30 19:34:14 <^7heo> you really dislike OpenBSD's policies... I can understand, but I can't really judge, I'm not that used to it. 2017-05-30 19:34:18 <^7heo> skarnet: really? 2017-05-30 19:34:23 well, .a's will work 2017-05-30 19:34:32 .so's, you gotta name them .dylib first 2017-05-30 19:34:33 <^7heo> yeah but it's for another project I'm PRing to 2017-05-30 19:34:40 <^7heo> skarnet: and the guys want .so too 2017-05-30 19:34:47 tough luck 2017-05-30 19:34:49 <^7heo> skarnet: right. 2017-05-30 19:34:58 <^7heo> I forgot about .dylib, that's right. 2017-05-30 19:35:05 I'm sure it can be made to work, but you'll have to specialcase MacOS 2017-05-30 19:35:10 Technically, /usr/local is appropriate for installation local to the machine (i.e. not a common network mount) 2017-05-30 19:35:12 <^7heo> Yeah... 2017-05-30 19:35:25 <^7heo> Anyway, thanks guys. 2017-05-30 19:35:46 MacOS has packages that contain the application, libs, and most supporting code. 2017-05-30 19:35:46 what’s wrong about -Os? 2017-05-30 19:36:17 abuild sets CFLAGS="-Os" by default 2017-05-30 19:36:18 (Actually, if they had been consistent about it, it would have been pretty slick, but it's not, and it's thus a PITA) 2017-05-30 19:36:55 Hmm, -Os may well be breaking the ret trampoline code in musl! 2017-05-30 19:37:22 macos dynamic linking is pretty different from linux dynlinking 2017-05-30 19:37:23 #musl says -Os should be ok 2017-05-30 19:37:32 A pragma is probably needed. 2017-05-30 19:38:00 What other optimization flags are set when musl compiles? 2017-05-30 19:38:49 i think i am thinking about uClibc 2017-05-30 19:38:50 -Os was definitely a no-no there 2017-05-30 19:38:55 Bad optimization is a classic cause of such random behaviour, possible a GCC bug. 2017-05-30 19:39:40 -Os alone should be okay, but if something isn't inlined that should be or vv., it may break. 2017-05-30 19:39:41 TemptorSent: run it under valgrind please :) 2017-05-30 19:40:21 Will give that a shot, let's see if it will work without rebuilding. 2017-05-30 19:40:48 *lol* Nope, need to try the whole mess again with enough memory assigned to allow me to install valgrind :) 2017-05-30 19:47:02 TemptorSent: ok, the "exit 111" case is also due to a memory corruption 2017-05-30 19:47:25 it's pretty frightening, because all signs point to a bug in the user code 2017-05-30 19:47:46 I'm going to run the test again on a non-Alpine machine, just to be sure 2017-05-30 19:48:02 skarnet: that is why i asked him to run valgrind 2017-05-30 19:49:19 http://termbin.com/0mb1 2017-05-30 19:49:30 Appears to be an unaligned read? 2017-05-30 19:49:54 Somethign strange is going on there. 2017-05-30 19:51:22 http://termbin.com/4gln -- with -v 2017-05-30 19:56:38 http://termbin.com/2b92 -- with full leak checks. 2017-05-30 19:58:02 that invalid free 2017-05-30 19:58:09 is bugging me 2017-05-30 19:58:23 okay 2017-05-30 19:58:27 okay 2017-05-30 19:58:31 Yeah, combined with the unaligned access. 2017-05-30 19:58:38 I'll run a valgrind on a non-Alpine machine just to be sure 2017-05-30 19:58:40 i want you to do something retarded 2017-05-30 19:58:51 echo '@3.4 http://dl-cdn.alpinelinux.org/alpine/v3.4/main' >> /etc/apk/repositories; apk add --upgrade musl@3.4 2017-05-30 19:59:05 rerun the test 2017-05-30 19:59:14 As in 'Hey, hold my beer and watch THIS!'? 2017-05-30 19:59:35 yes something like that 2017-05-30 19:59:45 what was retarded in 3.4 ? 2017-05-30 20:00:01 no, in 3.5/3.6 there are changes to dynlink 2017-05-30 20:00:08 so i am wondering 2017-05-30 20:00:12 if something is fucked there 2017-05-30 20:00:18 and its causing everything to go south 2017-05-30 20:01:24 Same behavior in 3.4 2017-05-30 20:01:26 apk add --update musl@3.4 2017-05-30 20:01:27 sorry 2017-05-30 20:01:27 :) 2017-05-30 20:01:58 TemptorSent: Found the issue. Just saying /etc/init.d/loopback 2017-05-30 20:02:24 zaolin_: Ahh, glad you found it! 2017-05-30 20:03:51 http://termbin.com/dfjz - both musl and s6-rc pinned @3.4 2017-05-30 20:04:39 ok 2017-05-30 20:04:43 i'm going to just have to dig i think 2017-05-30 20:04:51 thanks 2017-05-30 20:05:00 Testing on non-alpine, non-grsec host/guest probably required. 2017-05-30 20:05:35 Nothing jumping out as to the specific cause. 2017-05-30 20:13:08 impossible to reproduce the bug on an OpenBSD machine or on a GNU machine, both x86_64 2017-05-30 20:13:18 kaniini: Well, considering the only library he linked that's in the common set is musl, it's pretty likely. 2017-05-30 20:14:07 Can we try musl compiled with differnt optimization flags perhaps? 2017-05-30 20:14:32 i will dig in a bit. i need to finish up something i am working n 2017-05-30 20:14:34 Bad alignment shouldn't happen. 2017-05-30 20:14:35 on* 2017-05-30 20:14:54 The compiler should prevent it. 2017-05-30 20:15:18 can't reproduce on a musl machine either. Static binaries, compiled with a gcc-7.1.0 toolchain using musl-1.1.16. 2017-05-30 20:15:59 I really want to say that the user code is fine. 2017-05-30 20:16:41 Even if it isn't, non-deterministic, unaligned memory access shouldn't be happening unless you were doing some VERY strange things in user code. 2017-05-30 20:19:31 I'm not. 2017-05-30 20:19:44 so yeah, the problem happens at a lower level. 2017-05-30 20:19:49 What's the difference between virtgrsec and grsec. Only UDEREF ? 2017-05-30 20:20:00 And it appears that it's a file descriptor which is coming up with an unaligned address, which makes no sense in terms of userspace. 2017-05-30 20:20:36 "int fd = open()" -> fd is unaligned ? 2017-05-30 20:20:40 zaolin_: The config options are somewhat differeint IIRC, someone here probably knows off hand where that's described. 2017-05-30 20:20:42 yay borked stack 2017-05-30 20:20:47 what 2017-05-30 20:20:50 worse, close(4) is unaligned! 2017-05-30 20:20:59 no 2017-05-30 20:21:00 strace prints syscalls after completion 2017-05-30 20:21:31 it prints open( at call time, and ) at completion time 2017-05-30 20:22:00 Okay, the free() within close(4) is unaligned. 2017-05-30 20:22:00 (proof: strace sleep) 2017-05-30 20:22:13 (according to valgrind) 2017-05-30 20:22:41 is valgrind making sense with musl now? 2017-05-30 20:22:50 Sorta, kinda. 2017-05-30 20:23:03 zaolin_: aside from included drivers? 2017-05-30 20:24:14 Shiz: Let's say I am running alpine as host. Normally some features like kernexec and uderef have some perf impact. So should I use virtgrsec or grsec ? 2017-05-30 20:24:14 It looks like realloc is getting a bad handle 2017-05-30 20:24:45 virt* is for guests 2017-05-30 20:25:37 Shiz: There are also some features braking the guests. I had two issues, one with freezed the vm and another with the virtio network driver 2017-05-30 20:27:08 Shiz: I guess there is no package which disables some pax features ? 2017-05-30 20:27:13 zaolin_, Shiz: To be honest, having a single all-guest image is less-than-ideal because different virt environments really should use differnt kernel configs as well as needing different userspace tools. 2017-05-30 20:27:39 zaolin_: you can toggle the sysctl knobs 2017-05-30 20:28:58 not for pax features 2017-05-30 20:29:49 TemptorSent: We are using kvm as hypervisor and alpine in production with ubuntu guests 2017-05-30 20:29:59 (Also, a vm-specific image could be MUCH smaller than current.) 2017-05-30 20:31:09 zaolin_: Ouch - that's some overhead! I hope you can use same-page mapping and overprovision a fair bit! 2017-05-30 20:31:45 zaolin_: i don't think there's a halfway pax package, no :( 2017-05-30 20:31:52 What's a typical ubuntu image, about a gig? 2017-05-30 20:32:19 zaolin_: What features of pax do you need and which do you need to disable? 2017-05-30 20:33:15 kaniini: i'm seeing an issue with libgudev being wiped upon 3.6 upgrade 2017-05-30 20:33:17 its contents 2017-05-30 20:33:22 https://pastebin.com/cDGRjaNg apk info && apk policy 2017-05-30 20:33:39 TemptorSent: For us it's okay. But the grsec kernel does not work for kvm guests. There is already a grsec option which let you choose the right config for kvm or xen. In my opinion if you offer virtualized images you should provide also linux-xengrsec and linux-kvmgrsec 2017-05-30 20:36:16 sorry, * images for special hypervisor 2017-05-30 20:38:22 https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Virtualization_Software 2017-05-30 20:38:28 zaolin_: Agreed, now linux-*hardened. 2017-05-30 20:38:45 sure 2017-05-30 20:38:49 sorry :) 2017-05-30 20:39:16 No worries, over time it will drift further from the existing patch. 2017-05-30 20:41:41 TemptorSent: Should I help out creating packages for kvm and xen ? 2017-05-30 20:41:45 The kernel packaging is in for a major overhaul in the near-to-mid future, part of which should include fixing the 'flavors' and versioning, another will hopefully be the user-generation of custom kernel packages easily. 2017-05-30 20:42:54 Creating appropriate .config diffs from the standard -hardend .config would probably be a good way to go about it. 2017-05-30 20:43:33 Similarly for -vanilla, since the options may be rather different. 2017-05-30 20:44:24 Then we can cross-diff those and determine a working set to apply to each base-flavor to get the appropriate hypervisor-flavored guest. 2017-05-30 20:44:35 GRKERNSEC_CONFIG_AUTO=y 2017-05-30 20:44:35 GRKERNSEC_CONFIG_SERVER=y 2017-05-30 20:44:35 GRKERNSEC_CONFIG_VIRT_HOST=y 2017-05-30 20:44:35 GRKERNSEC_CONFIG_VIRT_KVM=y 2017-05-30 20:44:35 GRKERNSEC_CONFIG_VIRT_EPT=y 2017-05-30 20:46:10 Right, that handles the GRSEC part, but to make the complete kernel optimized for each hypervisor, we want to disable everything NOT useful under it as well, and identify userspace requirements as well. 2017-05-30 20:46:29 for hypervisor hosts it shouldn't differ that much 2017-05-30 20:46:44 i'm not sure, i'm not a big fan of maintaining N different kernel configs 2017-05-30 20:47:00 i'd much rather have a virtguest kernel that boots/works under most/all hypervisors 2017-05-30 20:47:07 with common virtualised nics like e1000 e.g. enabled 2017-05-30 20:47:10 Actually, it differs quite a bit in terms of modules required and config opts to enable guest support for X hypervisor., 2017-05-30 20:47:11 and vmxnet3/virtio/etc 2017-05-30 20:47:51 I'd prefer an image that's not bloated with 75mb of drivers I don't need on a virt kernel :) 2017-05-30 20:48:14 you mean the micro config feature in the kconfig system of the linux kernel ? 2017-05-30 20:48:15 For kvm/qemu, virtio covers pretty much everything. 2017-05-30 20:48:17 that's why i just said, a generic virtguest kernel 2017-05-30 20:48:32 most hypervisors emulate pretty overlapping hardware 2017-05-30 20:48:42 make tinyconfig 2017-05-30 20:49:12 i guess it would be useful to start from our existing config and strip it down from there 2017-05-30 20:49:14 personally 2017-05-30 20:49:20 the hardened config that is 2017-05-30 20:49:20 Some config options may be mutually exclusive with certain hypervisors (XEN), requiring modules rather than allowing drivers built in. 2017-05-30 20:50:22 Fixing the kernel build system to make it easy to support multiple configurations of a given flavor would make this all much less painful. 2017-05-30 20:51:02 it's not just the build system that is the issue, it's support and testing 2017-05-30 20:51:15 Shiz: yeah I agree 2017-05-30 20:51:16 for guests, i really do not see a reason to have more than one generic virt guest config 2017-05-30 20:52:07 Generically, perhaps not, but for use in a specific environment, it makes a lot of sense! 2017-05-30 20:52:31 TemptorSent: Shiz: So do you need help with those basic configurations or not ? I can generate some for kvm and xen based on make tinyconfig 2017-05-30 20:52:59 then that specific environment can compile their own kernels 2017-05-30 20:53:07 A few hundred thousand VMs with a few dozen megs of dead-weight and some non-optimal config comprimizes adds up. 2017-05-30 20:53:36 zaolin_: we'd preferably would like to align it with our standard config, so i'd prefer the approach of either taking standard hardened config and stirpping it down 2017-05-30 20:53:39 or the existing virt config and adding stuff 2017-05-30 20:53:59 Hopefully you do load tests for network drivers and I/O 2017-05-30 20:54:13 if you'd be willing to do some experiments with that, would be most welcome :) 2017-05-30 20:54:18 (the configs i mean) 2017-05-30 20:54:21 zaolin_: kaniini and I are working on the packaging side of things to make it possible to support this easier, including user generation to local .apk. 2017-05-30 20:54:31 the bugs only appeared with the load on the server 2017-05-30 20:55:02 The nice thing is we can actually test at least several of the VM configs in integration testing. 2017-05-30 20:57:20 zaolin_: Go ahead and generate a minimal config for each VM, then diff it against the standard -hardened, merge as appropriate, and create a diff from -hardened to -${vm}hardened 2017-05-30 20:57:48 That will give us somethign we can use to integrate for other flavors as well with minimal pain. 2017-05-30 20:58:13 did you use make savedefconfig for the current configs ? 2017-05-30 20:58:17 They look very big 2017-05-30 20:58:21 The config diff between -hardend and -vanilla in general is more than I'd like to reconsile manually. 2017-05-30 20:58:46 I didn't generate the .configs, I believe they're in the abuild? 2017-05-30 20:59:53 But yes, a minimal configuration that can be derrived from the existing configurations through a changeset would probably work well. 2017-05-30 21:00:49 the virt configs should be reltaively modest 2017-05-30 21:01:09 Currently, they're not... 2017-05-30 21:06:07 I am on vacation. I will try to build some :) 2017-05-30 21:44:48 Shiz: does apk fix bring it back afterwards? if not it may just legitimately not be a dep anymore 2017-05-30 21:44:56 yes it does 2017-05-30 21:45:46 Shiz: 3.5 to 3.6? 2017-05-30 21:45:52 yes 2017-05-30 21:45:55 two separate machines 2017-05-30 21:46:08 maybe origin is different on 3.5 vs 3.6 2017-05-30 21:46:13 humm 2017-05-30 21:46:28 should mention that both the machines that broke were originally 3.3, pretty sure the one that survived was originally 3.4 2017-05-30 21:46:37 so could have been anything between 2017-05-30 21:47:14 Shiz: so you have seen this or trfl has seen this 2017-05-30 21:47:20 trfl 2017-05-30 21:48:11 rather, me seeing it on trfl's nodes 2017-05-30 21:48:13 :p 2017-05-30 21:50:15 I've seen odd behavior from packages that provide the same files before, like cdrkit and xorriso providing mkisofs where uninstalling xorriso will delete mkisofs instead of restoring cdrkit's version of it 2017-05-30 21:50:52 maybe something similar happened with the two packages that provided the same files that are in libgudev 2017-05-30 23:32:15 I know this conversation was taking place 12 hours ago but I had to sleep and then catch up with work. in re: tar or pax or custom for apk, a custom format might be 'cool' but thought needs to be put in to how much effort it would be to make a new format vs just using an 'off the shelf' one. if tar is becoming inappropriate then there are others that can be used instead. just my 2c 2017-05-31 00:16:36 awilfox: I think the pax FORMAT is workable, but the tools are lacking, and some features may require extensions (such as a manifest in the beginning of the archive) 2017-05-31 00:25:39 progress! 2017-05-31 00:25:48 cross-compiled elftoolchain 2017-05-31 00:25:51 now moving on to llvm 2017-05-31 00:26:09 \o/ 2017-05-31 02:18:16 https://github.com/Shizmob/aports/commits/system-llvm-elftoolchain 2017-05-31 02:18:29 cross-compiles all the stuff in bootstrap.sh up until go, where it fails because of an lld bug 2017-05-31 02:19:10 also made some new changes here https://github.com/Shizmob/abuild/commits/system-llvm 2017-05-31 03:20:21 _spOOn_: You could probably setup a chroot or cross-compiler for the code that requires 32bit compilation. 2017-05-31 03:21:18 It doesn't need to run 32bit code on the 64bit system, just build 32bit binaries for use in 32bit guests, right? 2017-05-31 03:23:42 Damnit, wrong channel, sorry. 2017-05-31 03:26:01 rather just don't 2017-05-31 03:28:30 Shiz, so how far has the llvm-port gotten now? You seem to be hauling right along! 2017-05-31 03:28:43 it builds everything up until community/go 2017-05-31 03:28:45 where lld fails 2017-05-31 03:28:49 I'm looking forward to a gcc-less system :) 2017-05-31 03:28:50 (of the packages in bootstrap.sh) 2017-05-31 03:29:00 can llvm build non-x86 kernel? 2017-05-31 03:29:01 What's lld bjorking on? 2017-05-31 03:30:14 awilfox: Good question :) If the kernel is the only componenet requiring gcc, we can probably live with it for the nonce. 2017-05-31 03:30:41 R_386_PC32 relocs against text 2017-05-31 03:30:43 i think 2017-05-31 03:30:44 No gcc/g++ libs is a big win. 2017-05-31 03:31:20 TemptorSent: not just that, there is then officially gnu-less linux 2017-05-31 03:31:36 lord almighty 2017-05-31 03:31:43 virtualbox's build system ships precompiled binaries... 2017-05-31 03:31:47 that it requires... 2017-05-31 03:32:08 Yeah, VB is a bloody disaster. 2017-05-31 03:32:33 I gave up on it in gentoo because I didn't want to do a full multilib setup just to build it :/ 2017-05-31 03:32:58 it no longer needs multilib 2017-05-31 03:33:31 those precompiled binaries are iPXE and seabios right? I think they ship them because it's hard to build them separately. I managed to do a full source build of vbox once, to say I did it, but I don't see a reason to 2017-05-31 03:34:17 nope 2017-05-31 03:34:21 they're parts of its kmk build system 2017-05-31 03:34:25 kmk_sed etc 2017-05-31 03:35:57 ok 2017-05-31 03:36:05 i think you can just remove them though 2017-05-31 03:37:33 Shiz: Is the issue with reinterpret_cast in lld::reloc32? 2017-05-31 03:38:28 ??? 2017-05-31 03:38:31 no, not at all 2017-05-31 03:38:32 er lld:::elf::reloc32 2017-05-31 03:38:43 don't randomly guess at things :P 2017-05-31 03:39:02 Looking at lld source :) 2017-05-31 03:39:10 i didnt even tell you what the error was 2017-05-31 03:39:24 anyway, it can be fixed with -Wl,-z,notext but that gives you textrels 2017-05-31 03:39:26 which you don't want 2017-05-31 03:39:30 bdf ld doesn't seem to need them 2017-05-31 03:42:45 Okay, so lld is stricter/doesn't implement the transparent reloc that bdf ld does? 2017-05-31 03:45:59 it doesn't implement the right reloc that doesn't need textrels, apparently 2017-05-31 03:46:23 https://txt.shiz.me/MmViM2JkY2 2017-05-31 03:46:34 btw, for anyone curious to help -- here's how you can test the bootstrap on your own system 2017-05-31 03:46:46 arm currently fails due to llvm not recognize the sf/hf status of the triple 2017-05-31 03:47:01 i'd also recommend setting your core count properly in /etc/abuild.conf beforehand 2017-05-31 03:47:06 as you'll be compiling clang+llvm twice 2017-05-31 03:56:59 Yeah, this might take a moment :) 2017-05-31 03:59:45 it's bfd ld 2017-05-31 03:59:47 not bdf 2017-05-31 04:04:30 Attempting to build on my system. 2017-05-31 04:05:17 Can't use docker though, so if I break something it's going to be entertaining :P 2017-05-31 04:07:14 So, what's the status of GCC plugins & llvm? 2017-05-31 04:08:23 what status 2017-05-31 04:10:19 Well, since that's probably the biggest GCC-specific feature used by the kernel, hopefully some porting is happening? 2017-05-31 04:14:24 meh, build error 2017-05-31 04:14:28 i'll continue later 2017-05-31 04:14:37 the kernel barely uses gcc plugins 2017-05-31 04:14:41 grsec does 2017-05-31 04:14:42 though 2017-05-31 04:14:44 andn o 2017-05-31 04:15:04 I wonder if dragonegg would be a viable stop-gap? 2017-05-31 04:19:56 Hmm, not seeing dragonegg post llvm3.7 :/ 2017-05-31 04:25:05 dragonegg is long dead 2017-05-31 04:25:15 and also probably doesnt support plugins 2017-05-31 04:26:10 Hmm, considering it used gcc's front end and was a plugin itself, it might have been worth looking at anyway. 2017-05-31 04:27:24 What happened to dragonegg? It seems like it was a useful tool. 2017-05-31 04:30:52 deprecated by being useless 2017-05-31 04:34:36 Hmm, seems useful for supporting langs llvm doesn't (Ada comes to mind), as well as compiling software that uses gcc features, but I guess that can all become part of llvm itself. 2017-05-31 04:42:49 llvm already supports all relevant gcc features 2017-05-31 04:48:51 Shiz - Do I want to bootstrap for x86 or x86_64? 2017-05-31 04:49:21 x86, but i just force-pushed a commit that fixes an error i had made :P 2017-05-31 04:49:23 so git pull --rebase first 2017-05-31 04:50:17 Okay - let me give it a spin! 2017-05-31 04:51:06 Hmm, no llvm4-tools 2017-05-31 04:51:16 er -utils rather 2017-05-31 04:51:49 did you do what the instructions told you 2017-05-31 04:51:56 specifically for pkg in llvm4 clang libc++ lld bmake; do APKBUILD=main/$pkg/APKBUILD options="!check" abuild -r; done 2017-05-31 04:51:57 first 2017-05-31 04:52:13 Yes, I did. I'm on x86_64 host. 2017-05-31 04:52:34 and does apk policy llvm show an llvm-4.0.0-r7? 2017-05-31 04:53:04 No, looks like I have a broken path somewhere. 2017-05-31 04:53:21 the instructions also tell you to add ~/packages/main to your /etc/apk/repositories :P 2017-05-31 04:53:25 so you can install the updated packages 2017-05-31 04:53:30 or rather, the bootstrap script can 2017-05-31 04:54:05 Yes, have that as well. 2017-05-31 04:55:27 It doesn't look as though it built clang-utils, the other packages' .apks are in the packages/main/x86_64 directoryu 2017-05-31 04:55:52 apk policy llvm4 works :) 2017-05-31 04:56:17 you want llvm-utils, not clang-utils 2017-05-31 04:56:54 Hmm, no llvm4 packages, just clang packages -- odd. 2017-05-31 04:57:23 you should have 5 pairs of packages in your packages dir after above line 2017-05-31 04:57:30 llvm4-*, clang-*, libc++-*, lld and bmake 2017-05-31 04:58:23 Nope, no llvm4-*, several additional clang-* 2017-05-31 04:58:44 seems like you didn't build all then 2017-05-31 04:58:58 libc++-* and bmake are there 2017-05-31 04:59:14 maybe the llvm4 build failed? 2017-05-31 04:59:17 How the hell? Does clang build without llvm4? 2017-05-31 04:59:18 what about lld 2017-05-31 04:59:25 yes, if you already have llvm4? 2017-05-31 04:59:27 like, in the repos? :P 2017-05-31 04:59:28 lld seems to not have built a package 2017-05-31 05:00:04 Bloody hell. 2017-05-31 05:01:30 Running llvm4 individually... 2017-05-31 05:04:29 also, how do I force sysroot somewhere other than home for the cross-build? 2017-05-31 05:06:47 (my / is mounted on a SD card, with bulk storage mounted elsewhere 2017-05-31 05:07:59 abuild.conf 2017-05-31 05:08:05 REPODEST= 2017-05-31 05:08:19 Ahh, danke 2017-05-31 05:09:39 Um, nope - that's the package dest, I meant the cross compile sysroot for bootstrap. 2017-05-31 05:10:40 oh right 2017-05-31 05:10:42 uh 2017-05-31 05:11:11 $CBUILDROOT 2017-05-31 05:11:12 in env 2017-05-31 05:11:26 Got it, thanks! 2017-05-31 05:11:41 (Would be good to add that to the docs somewhere...) 2017-05-31 05:12:27 I take it I can't set that in abuild.conf because it won't append the arch if it's specified? 2017-05-31 05:12:54 uh i think you can 2017-05-31 05:13:02 it won't append the arch however, no 2017-05-31 05:13:22 Need a CBUILDROOTPREFIX or some such. 2017-05-31 05:15:36 Perhaps add the REPODEST and CBUILDROOT exports to your script for documentation purposes? I suspect most testing it will wish to keep it in it's own directory. 2017-05-31 05:15:48 At least those not running under docker. 2017-05-31 05:15:58 not my script :p 2017-05-31 05:16:27 I mean the one on txt.shiz.me :) 2017-05-31 05:16:36 ah 2017-05-31 05:26:31 Okay, it built the packages fine that time, even though it was the exact same command. 2017-05-31 05:27:12 Now, the 24,000 dollar question -- do I need to rebuild the rest (clang, libc++, and bmake) along with building lld? 2017-05-31 05:31:38 Looks like it's off to the races now! 2017-05-31 05:35:13 error - libdwarf.so.3 not found building elftoolchain-x86 2017-05-31 05:35:23 that was a short race 2017-05-31 05:35:54 good, races need to be found and removed, preferably using condvars or mutexes 2017-05-31 05:36:07 Hmm, continued anyway... that's odd. 2017-05-31 05:37:00 I'm guessing I need to rebuild everything now that I have llvm4 built. 2017-05-31 05:38:04 TemptorSent: that one is expected 2017-05-31 05:38:06 and no, you don't 2017-05-31 05:38:37 Oh, damn :P 2017-05-31 05:39:01 only reason to rebuild llvm at all is for the llvm-utils package 2017-05-31 05:39:46 reason to rebuild clang is to fix an issue where it would gladly add -pie when passed -r 2017-05-31 05:40:07 reason to rebuild lld is to make it appear more like GNU ld in --version so that broken-ass libtool thinks it can link .so's 2017-05-31 05:40:08 Oh, nice. 2017-05-31 05:40:21 reason to rebuild libc++ is to get it into the main repo at all 2017-05-31 05:40:25 same for bmake 2017-05-31 05:40:57 And fixing libtool is nearly impossible because libtool sucks and ships all sorts of crap. 2017-05-31 05:41:57 those patches are already upstream anyway 2017-05-31 05:42:01 so they'll be included in next lld rel 2017-05-31 05:42:16 # ld.lld --version 2017-05-31 05:42:18 Gotcha. 2017-05-31 05:42:18 LLD 4.0.0 (compatible with GNU linkers) 2017-05-31 05:42:21 the () was added 2017-05-31 05:49:35 If this bloody thing downloads the kernel more than once, I'm going to shoot it. 2017-05-31 05:51:08 it only does it once for the kernel-headers package 2017-05-31 05:51:29 Good - 80+MB is far from instantaneous for me :/ 2017-05-31 05:54:58 TemptorSent: that's why abuild has a cache in /var/cache/distfiles 2017-05-31 05:55:51 This would go MUCH faster if it would not install/uninstall/reinstall every damn dep for every package! 2017-05-31 05:56:15 Could we at least teach it to only do it once per run somehow? 2017-05-31 05:56:59 no, because that would be harmful 2017-05-31 05:57:14 How so? 2017-05-31 05:58:05 because you don't want packages pulling in random dependencies from other packages? 2017-05-31 05:58:24 like a ./configure that detects to compile a python plugin when it sees python installed 2017-05-31 05:58:39 So we have to uninstall/reinstall llvm4 every single package? 2017-05-31 05:58:48 during bootstrap no less? 2017-05-31 05:59:01 yes 2017-05-31 05:59:11 Ouch - this is killing my IO 2017-05-31 05:59:21 ^ personally I asked for the same thing, or at least an "install all deps" command from abuild that would literally install them to the system, even after build was done 2017-05-31 05:59:22 It's actually the slowest part of the whole process. 2017-05-31 05:59:37 I think it's ok for llvm to be explicitly installed during bootstrap 2017-05-31 05:59:39 awilfox: abuild -rK 2017-05-31 05:59:49 also, llvm *is* explicitly installed during bootstrap 2017-05-31 05:59:53 so i don't know what you're talking about 2017-05-31 06:00:07 Shiz: ah. well, I asked in 2014 2017-05-31 06:00:12 Shiz: it may have been added since 2017-05-31 06:00:21 from what TemptorSent said, it sounded like it hadn't been 2017-05-31 06:00:37 https://github.com/Shizmob/aports/blob/ed40b1d9e6184e7f08ef4ecfd4bfe85417a91898/scripts/bootstrap.sh#L71-L76 2017-05-31 06:00:39 The problem is it reinstalls every common dep for every package built. 2017-05-31 06:01:30 Couldn't we just have them added to a virtual as it builds so it only reinstalls the updated packages? 2017-05-31 06:01:45 btw Shiz: shouldn't that 'apk add --virt..' be '$SUDO_APK add...' ? 2017-05-31 06:01:57 yeah probably 2017-05-31 06:02:20 but bootstrap.sh needs to be ran as root anyway 2017-05-31 06:02:28 elftoolchain-x86 and the lz4 library are reinstalled nearly every single time a package is built, even if it's a virtual package! 2017-05-31 06:02:55 lz4 is only needed for a single package, so i highly doubt that 2017-05-31 06:02:56 are you boostraping a system on a SoC? 2017-05-31 06:03:05 Want to bet? 2017-05-31 06:03:09 because you really shouldn't do that 2017-05-31 06:03:30 lz4 is a dep of something because it's installed every package. 2017-05-31 06:03:53 oh, that single package is elftoolchain-x86 2017-05-31 06:03:55 lol 2017-05-31 06:03:58 xentec: No, older xeon, but no disk to speak of. 2017-05-31 06:04:18 Yeah, so the whole dep chain gets reinstalled every round. 2017-05-31 06:04:45 I should just have built in a tmpfs -- I've got plenty of RAM :) 2017-05-31 06:05:15 xentec: https://github.com/Shizmob/aports/commit/daf123648b533e7ef040eca84593b513160d42c7 thx 2017-05-31 06:05:25 Even better, it reinstalls the related -doc packages every time because I installed the doc meta package on my HOST system! 2017-05-31 06:05:52 yes, because elftoolchain-x86 is a HOST package 2017-05-31 06:06:17 not quite there yet Shiz: trap 'apk del ..' has the same problem ;) 2017-05-31 06:06:19 or more accurately, a build package 2017-05-31 06:06:23 blast 2017-05-31 06:06:46 Yeah, it's just getting a little absurd the number of files being written/deleted/rewriten thousands of times. 2017-05-31 06:06:56 Not healthy on my SD card, that's for sure! 2017-05-31 06:07:47 https://github.com/Shizmob/aports/commit/db011396a50f627de863c2353e768b5f846705c2 2017-05-31 06:07:49 ACTION whistles 2017-05-31 06:07:55 stop building shit on an sd card is all i can say 2017-05-31 06:09:02 Yeah, that's why I had to mess with the CBUILDROOT, I was stalling out my system trying to bootstrap before. 2017-05-31 06:09:39 Now it's only slightly better, because the stuff read/write to the root system hits the sd card, but at least the cross root and repo don't 2017-05-31 06:10:55 Shiz: are ${} vars parsed inside single quotes here? 2017-05-31 06:10:57 Yes, I'm a real-world example of someone who would prefer to have only system essentials installed in / and the rest under /usr, where I can mount a piece of spinning rust 2017-05-31 06:11:14 xentec: no, but they don't have to be 2017-05-31 06:11:18 as what's given to trap is eval'd 2017-05-31 06:11:43 TemptorSent: your solution is not forcing bad solutions on others, but rather throwing away your sd cards 2017-05-31 06:11:45 :P 2017-05-31 06:11:47 ah, thx for the fix then 2017-05-31 06:13:26 Yeah, I wish - I have a real-world need for root on sd-card to bring up a working system, which may or may not have an attached bulk storage drive. 2017-05-31 06:13:56 then after you bring it up, pivot_root 2017-05-31 06:13:58 problem solved 2017-05-31 06:13:59 TemptorSent: silly question 2017-05-31 06:14:14 or even better, use an initramfs 2017-05-31 06:14:23 TemptorSent: why not make a chroot on a storage device and then chroot in to it and bootstrap from there? 2017-05-31 06:14:50 No, I need to be able to RUN from sd-card, even if my bulk storage isn't available. 2017-05-31 06:15:19 initramfs 2017-05-31 06:15:23 awilfox: I probably should have. 2017-05-31 06:16:06 How does the initramfs solve my problem exactly? 2017-05-31 06:17:12 I need no moving parts except when I set the thing on a desk with a drive. 2017-05-31 06:18:53 Most of what I do is embedded, and not necessarily even network connected. 2017-05-31 06:19:38 Well that's entertaining -- llvm failed to build llvm! 2017-05-31 06:20:13 Error 2 at 10% on target LLVMMC 2017-05-31 06:22:38 https://txt.shiz.me/NGRhNzM0MG 2017-05-31 06:22:40 the go problem 2017-05-31 06:22:48 TemptorSent: details? 2017-05-31 06:23:12 No details, just that. 2017-05-31 06:26:12 Hmm, retry passed that without error it seems. 2017-05-31 06:29:38 Very strange. 2017-05-31 06:41:19 Worked that time, random failure the previous run is disconcerting. 2017-05-31 06:55:48 https://txt.shiz.me/YmJiOTM3Zj updated 2017-05-31 06:57:28 lld failed due to missing python2 2017-05-31 06:59:20 i thought i had fixed that one 2017-05-31 06:59:58 well, zz now 2017-05-31 07:00:00 thanks for testing 2017-05-31 07:01:27 No problem :) 2017-05-31 07:01:31 Goodnight! 2017-05-31 08:14:35 More like good morning 2017-05-31 12:33:10 hey guys 2017-05-31 12:33:11 <_ikke_> Ah, I see the sudo vuln is already patched in master 2017-05-31 12:34:29 <^7heo> clandmeter: UGT. 2017-05-31 12:34:43 <_ikke_> (Universal Greeting Time) 2017-05-31 12:36:28 lol 2017-05-31 12:57:50 Hahah, another sudo bug. "Luckily" I haven't used sudo for 10+ years... 2017-05-31 12:58:08 <_ikke_> nidan_: You do everything as root? 2017-05-31 12:58:37 _ikke_: No, I use su when I do admin-stuff. 2017-05-31 12:59:27 as i understand this sudo issue, it only affect you if you have compiled sudo with selinux support and have selinux enabled? 2017-05-31 12:59:39 so we are not affected as i understand? 2017-05-31 12:59:55 Or ssh to a specific ssh-instance that runs only on 127.0.0.1/::1. 2017-05-31 13:00:30 s6 has a sort of sudo-daemon, sounds interresting but I haven't looked into it yet. 2017-05-31 13:04:48 _ikke_: One thing I've never really understood with sudo is that it seem to be intended to use for single commands, yet about 100% of the people I know using sudo use it only for one thing, sudo bash... If you did have something like a single command that should run as a specific user you can use su for that too. 2017-05-31 13:07:57 password management 2017-05-31 13:08:04 clear enough explanation? 2017-05-31 13:08:36 Yeah. 50 admin's personal passwords == root instead of 1. 2017-05-31 13:08:38 no root password, no user passwords except your own 2017-05-31 13:11:04 And, if you really don't want a root password, you could do the other thing I wrote about, use a specific ssh instance; 99% chance that you depend on ssh anyway and if it fails your security fails. 2017-05-31 13:13:59 if I really wanted to do things right, I'd probably go for some sort of capabilities control which is much more finegrained than the "user or root" model 2017-05-31 13:14:07 hell of a lot of work tho 2017-05-31 13:14:14 Yeah.. 2017-05-31 13:14:50 SELinux has a lot of that, and RH has done a lot of work on the policies. But it's also a large code base and sometimes complex policies. 2017-05-31 13:15:41 For most systems, imho, there's not much you need to do as root anyway, mount something, install a package.. Either that or something is seriously messed up and you need a root shell. 2017-05-31 13:19:31 Unless you were talking about "doing things right" for a specific service, like some daemon. If designed correctly I don't see many causes for any service to have any specfic privileges. There are edge cases of course, and ofc, I haven't thought about everything. If anyone has examples I'd be happy to hear about them. =) 2017-05-31 13:22:07 ssh login to root account should be always disabled; i hope that the reason is obvious for anyone here 2017-05-31 13:22:13 <^7heo> moin 2017-05-31 13:22:59 one of nice things about sudo is fine grained control about environment, what variables are kept and what not 2017-05-31 13:23:26 and that it sed some useful variables like SUDO_USER, so you can know identity of the original user even when (s)he run sudo sh 2017-05-31 13:23:50 for example I use this with git (versioned /etc) 2017-05-31 13:27:16 and of course another important benefit is that sudo is always logged, so you have a better chance to find out who messed something 2017-05-31 13:36:32 15:22 jirut ssh login to root account should be always disabled; i hope that the reason is obvious for anyone here 2017-05-31 13:36:33 no 2017-05-31 13:39:03 there is only one useful sudo config ALL=NOPASSWD: ALL 2017-05-31 13:39:24 but that's less secure than root ssh login imo. 2017-05-31 13:39:35 too many useless layers 2017-05-31 13:39:47 <_ikke_> hiro: I hope you are joking 2017-05-31 13:40:40 fuck this root bullshit. everything complaining and crashing when i run it as root 2017-05-31 13:40:52 it's a fucking security theater without any winners 2017-05-31 13:41:12 freetime open source activists securing the world's infrastructure by having opinions on IRC 2017-05-31 13:41:35 there's no proper security design, anywhere, ever. 2017-05-31 13:41:46 i've seen too many stupidly administered servers 2017-05-31 13:41:51 can't rely on anything anyway 2017-05-31 13:41:59 omfg 2017-05-31 13:42:21 bring your own security, deploy more VMs, deploy more machines, don't trust the machines at all. 2017-05-31 13:42:32 linux security *engineering* is broken 2017-05-31 13:42:53 nobody bothers to seperate things properly into multiple groups and users 2017-05-31 13:43:05 and i don't blame them either. it's too much effort probably 2017-05-31 13:44:37 everything is full of botnets and as a last resort you can only fix also getting affected with network level security 2017-05-31 13:53:17 Eh 2017-05-31 13:53:23 Just fire up a bunch of containters 2017-05-31 13:53:31 That's how linux separation now works 2017-05-31 13:54:13 <_ikke_> consus: and then still run as root, right? :P 2017-05-31 13:54:20 Of course :D 2017-05-31 14:36:39 I see the "zeromq" aports also defines a "libzmq" package 2017-05-31 14:36:47 but isn't there a libzmq-dev ? 2017-05-31 14:37:02 for things that need to build against libzmq? 2017-05-31 14:37:23 ncopa ^ 2017-05-31 15:11:55 consus: yes, what used to be user/groups is nor replaced by containers and cgroups 2017-05-31 15:12:13 consus: it's all weird, but none of this happens for *security* 2017-05-31 15:12:42 that VMs and NAT nowadays often serve security to people should be a side-effect 2017-05-31 15:13:42 but people pretend all this got built this way for them personally and all their security needs are obviously met by some overly consistently presented marketing gig 2017-05-31 15:14:30 but the hardware itself, it doesn't actually guarantee much at all 2017-05-31 15:15:51 just imagine when people use containers inside of VMs inside a shared server in some datacenter outside of their control... and then start banging their head against the keyboard because a program that works fine as a user doesn't work as root... 2017-05-31 15:16:06 it is totally absurd. 2017-05-31 15:16:28 perhaps one day sudo will support hardware virtualization. 2017-05-31 15:17:03 and with namespaces every javascript in every tab can sudo without error 2017-05-31 15:17:17 and then you can have gparted running in a web browser 2017-05-31 15:17:32 (cause that's what everybody should have always wanted) 2017-05-31 15:17:47 #howaboutno 2017-05-31 15:20:09 skarnet: it's mysteriously called zeromq-dev 2017-05-31 15:25:44 skarnet: isnt there a zeromq-dev package? 2017-05-31 15:26:36 yes, there is. Thanks. 2017-05-31 15:27:00 ncopa: since you're here, please address the libz.so issue 2017-05-31 15:27:56 jirutka: ssh login as root should be disabled is not obvious to me. ssh root login with password yes, but ssh root login in general no. 2017-05-31 15:28:30 skarnet: what is the libz.so issue? 2017-05-31 15:28:40 <^7heo> skarnet: I think hiro was sarcastic 2017-05-31 15:28:50 <^7heo> ACTION == cpt obvious. 2017-05-31 15:29:59 ncopa: zlib-dev installs /lib/libz.a (normal), /lib/libz.so (normal), and a symlink /usr/lib/libz.a -> ../../lib/libz.a 2017-05-31 15:30:07 but no similar symlink for libz.so 2017-05-31 15:30:37 so, stuff using gcc -shared -o foo.so -L/usr/lib foo.o -lz fails 2017-05-31 15:30:42 ^7heo: well, i do log into root via ssh. 2017-05-31 15:30:52 because it finds a .a, tries to link against it, and fails 2017-05-31 15:30:57 but i have to scold both sides here... 2017-05-31 15:31:22 either the /usr/lib/libz.a must go (and gcc will default to /lib) or a similar symlink for /usr/lib/libz.so must appear 2017-05-31 15:31:53 i don't know why jirutka tries to pretend there's things that's obvious to everybody on this channel but then doesn't have the guts to say it out loud 2017-05-31 15:32:27 skarnet: can you check which package provides the /usr/lib/libz.a? 2017-05-31 15:33:17 naively I thought it was zlib-dev 2017-05-31 15:33:24 but it appears not 2017-05-31 15:33:28 that's weird 2017-05-31 15:33:45 thats why i ask, i was trying to fix, but foudn out that it does not come from zlib-dev 2017-05-31 15:33:54 how would I look for this? there's no dpkg -S equivalent 2017-05-31 15:33:54 and i cannot find any symlink in any zlib package 2017-05-31 15:34:19 apk info --who-owns /usr/lib/libz.a ? 2017-05-31 15:34:25 just said this on another channel: 2017-05-31 15:34:26 sudo - when you don't want to admit you run everything as root 2017-05-31 15:34:41 Could not find owner package 2017-05-31 15:34:43 WTF 2017-05-31 15:34:48 I *did not* add this by hand 2017-05-31 15:35:07 ok, more investigation is necessary, I'll do this tonight 2017-05-31 15:37:12 <^7heo> hiro: me too, depending on what machine. 2017-05-31 15:55:06 <^7heo> Do we have an altenative to atom or sublime in alpine? 2017-05-31 15:57:35 vim 2017-05-31 15:57:50 <^7heo> my current candidate doesn't use vim 2017-05-31 15:57:53 <^7heo> that's why I ask. 2017-05-31 15:58:09 <^7heo> I think I might have to build atom on alpine. 2017-05-31 15:58:23 <^7heo> Both the atom build and the sublime build require glibc-isms 2017-05-31 15:58:28 <^7heo> so they can't run with musl anyway 2017-05-31 16:00:17 woo 2017-05-31 16:00:22 <^7heo> ? 2017-05-31 16:00:27 llvm+elftoolchain now compiles the entire bootstrap.sh system minus linux 2017-05-31 16:00:30 cc ncopa 2017-05-31 16:00:32 :P 2017-05-31 16:00:34 <^7heo> niiiiiice 2017-05-31 16:01:51 ^7heo: kakoune ;f 2017-05-31 16:01:54 ^7heo: and vis ;3 2017-05-31 16:02:09 ed 2017-05-31 16:02:15 <^7heo> dudes. Read what I wrote. 2017-05-31 16:02:39 tell your candidate to learn the standard. 2017-05-31 16:02:45 <^7heo> yeah well 2017-05-31 16:02:46 <^7heo> devs. 2017-05-31 16:02:47 the standard text editor. 2017-05-31 16:02:50 <^7heo> yeah but no 2017-05-31 16:02:57 <^7heo> you can't force "standards" on people. 2017-05-31 16:03:01 ^7heo: kakoune in sublime alternative and does not require running web browser engine XD 2017-05-31 16:03:05 <^7heo> and expect the glibc not to be forced upon you. 2017-05-31 16:03:24 <^7heo> scadu: cat is also a sublime alternative. 2017-05-31 16:03:31 <^7heo> and it's installed. 2017-05-31 16:03:37 funny you 2017-05-31 16:04:13 <^7heo> well, funny yourself. 2017-05-31 16:08:31 welp, you can check pluma 2017-05-31 16:09:05 it's in community 2017-05-31 16:09:08 <^7heo> that's what he is currently using. 2017-05-31 16:09:24 Shiz: congrats! 2017-05-31 16:10:53 i'm impressed by llvm's bug handling 2017-05-31 16:10:59 filed a bug against lld, got fixed within 4 hours 2017-05-31 16:11:01 :P 2017-05-31 16:11:19 <^7heo> wow. 2017-05-31 16:11:23 <^7heo> schnell. 2017-05-31 16:13:53 have you sent the patches upstream? 2017-05-31 16:37:25 Shiz - I'm getting a bad signal spec for trap in line 76 of bootstrap.sh now for some reason after pull. 2017-05-31 16:38:11 ncopa: they figured out the issue and patched it themselves :P 2017-05-31 16:38:20 the other patches for llvm+elftoolchain stuff, not yet 2017-05-31 16:38:31 but a good chunk of it is upstream-but-not-in-release-yet-patches 2017-05-31 16:38:41 TemptorSent: try removing ERR from the list 2017-05-31 16:39:21 That's my suspect, checking now. 2017-05-31 16:40:13 Yep, that's the issue. 2017-05-31 16:40:38 Still not pulling python2 :/ (will add manually to bypass) 2017-05-31 16:41:54 Missing python2 and py-setuptools for building lld. 2017-05-31 16:43:14 Ahh, and it wants them in the buildroot, not on the host, joy. 2017-05-31 16:45:47 Shiz - should those be listed in the implicit deps for the toolchain? 2017-05-31 16:53:40 no 2017-05-31 16:54:10 Where is the proper place to add them to the bootstrap? 2017-05-31 16:54:38 just pushed a commit that fixes it 2017-05-31 16:54:43 it doesn't need to be added to the bootstrap 2017-05-31 16:55:38 Oh, lld doesn't REALLY need them to build, got it :) 2017-05-31 17:05:32 Has anyone looked into caitsith or WhiteEgret kernel security modules as of yet? 2017-05-31 17:20:37 libcap-ng failed with a bad defn of LONG_BIT in pyport.h 2017-05-31 17:45:08 TemptorSent: remember that i said about a clean build system lol 2017-05-31 17:45:15 that's what happens if your build system has python installed 2017-05-31 17:46:35 Bugger - that's highly irritating. I guest I'm at the end of my testing until I setup a new build system. 2017-05-31 17:47:14 it's no prob, it's good to see my system mostly reproduces 2017-05-31 17:47:16 :P 2017-05-31 17:48:11 It would be nice to fix the bootstrap so it doesn't crap out when host has additional packages installed. 2017-05-31 17:48:22 can't do that trivialyl 2017-05-31 17:48:59 Understood - it's a blue-sky project. 2017-05-31 17:50:40 waitwaitwait 2017-05-31 17:51:09 how on earth do you get something that *fails* if there's *something additional you're not using* on your system? 2017-05-31 17:51:53 Because it apparently autodetects headers? 2017-05-31 17:52:19 to me it's an immediate case of grinding my axe for gentle build system editing 2017-05-31 17:52:37 ./configure is magical 2017-05-31 17:52:51 ok, so let's say it autodetects headers 2017-05-31 17:53:06 how would that matter if you're not using them? 2017-05-31 17:53:23 also, related question 2017-05-31 17:53:37 WHY THE FUCK would you use GNU configure in a BOOTSTRAP system 2017-05-31 17:54:39 ok, scratch that, I see what you mean. 2017-05-31 17:54:54 Yeah, it's irritating :/ 2017-05-31 17:55:04 skarnet: the packages use autoconf 2017-05-31 17:55:08 not the bootstrap system itself 2017-05-31 17:55:16 yes, I just figured that out 2017-05-31 17:55:23 it means more isolation work is needed 2017-05-31 17:55:44 well 2017-05-31 17:55:52 i'm not sure i can do much against a hardcoded probing of /usr/bin 2017-05-31 17:55:54 :P 2017-05-31 17:56:03 or /usr/include 2017-05-31 17:56:06 you may want to check lh-bootstrap, where I go through hell and back to properly isolate the build :P 2017-05-31 17:56:19 link? 2017-05-31 17:56:30 https://github.com/skarnet/lh-bootstrap 2017-05-31 17:56:34 danke 2017-05-31 17:56:41 ACTION bot 0.1 2017-05-31 17:57:21 well if it's about /usr/include hardcoding in gcc, I cheat, since I use mcm-built sysrooted toolchains 2017-05-31 17:58:30 if it's the configure script manually probing files in /usr/include, I'm afraid there's no other solution than building in a chroot :/ 2017-05-31 17:58:49 not gcc 2017-05-31 17:58:58 yeah... 2017-05-31 17:59:18 for the clang bootstrap we tell clang to use a sysroot, it will never use /usr/include 2017-05-31 17:59:35 what package causes issues with detection of something it shouldn't be using?> 2017-05-31 17:59:42 libcap-ng apparently 2017-05-31 17:59:56 ok, now's the $1000 question 2017-05-31 18:00:14 in what world does it make sense for libcap-ng to be part of a bootstrap process? 2017-05-31 18:00:23 its a dependency of something 2017-05-31 18:00:25 It's using swig, which is probably the culprit. 2017-05-31 18:00:25 lemme check what 2017-05-31 18:00:44 oh yeah 2017-05-31 18:00:47 it's a dep of util-linux 2017-05-31 18:01:08 bootstrap with busybox, not util-linux 2017-05-31 18:01:08 We should probably build it without bindings for bootstrap. 2017-05-31 18:01:15 also this 2017-05-31 18:01:43 we also build busybox :P 2017-05-31 18:02:21 this is not an issue that just applies to bootstrap btw 2017-05-31 18:02:35 in general, if your build system aint clean various configure script of packages may pick up extra shit 2017-05-31 18:02:44 because we don't bother to pass a million --disable flags 2017-05-31 18:02:53 you just described your problem 2017-05-31 18:03:12 well, the actual alpine packages are built on clean systems :P 2017-05-31 18:03:24 bothering to pass a million --disable flags is the definition of the job of a distributor 2017-05-31 18:03:25 but I'm not sure modifyin every package to pass a million disable/without flags is much of a solution either 2017-05-31 18:03:34 We probably should be explicit in the configure options 2017-05-31 18:03:49 At least on bootstrap. 2017-05-31 18:04:20 But really, everywhere - otherwise we don't have reproducable builds. 2017-05-31 18:04:27 my previous customer said "we gonna build a distro, and we're not going to use configure flags or CFLAGS or LDFLAGS, we're going to let the packages use the defaults they want" 2017-05-31 18:04:39 I was like "I'm not sure you understand what a distro is, dude" 2017-05-31 18:04:43 ACTION wonders what kind of interesting customers skarnet gets 2017-05-31 18:04:56 If it requires a clean build env, it should probably build it's own chroot. 2017-05-31 18:05:45 btw ping ncopa once you have time 2017-05-31 18:06:14 yeah, either you bother tuning the configure flags with much accuracy, or you get the big hammer and use a clean reproducible development chroot 2017-05-31 18:15:59 at least chroots are easy 2017-05-31 18:16:44 with apk :P 2017-05-31 18:22:04 Perhaps bootstrap.sh should build it's own chroot with exactly the required host packages installed. 2017-05-31 18:22:31 Yes. 2017-05-31 18:22:54 If you're going to build anything remotely complicated in it, yes. 2017-05-31 18:28:45 Since it's a pretty common need, it would be nice to either teach apk to spawn a chroot directly or add a small tool for managing them easily. 2017-05-31 18:29:25 apk? certainly not. You mean abuild - and that's the point of buildlab. 2017-05-31 18:31:28 Actually, I was thinking apk-tools, since it is 90% of the way there already - All that would be needed is a 'chroot' invocation to the apkroot passing whatever the commandline is. 2017-05-31 18:32:09 Not just for use in abuild, but as a general purpose tool. 2017-05-31 18:32:20 general purpose tools don't have a place in apk 2017-05-31 18:32:25 apk has --prefix and that's all it needs 2017-05-31 18:34:08 I have a foobar.tar in the "sources" var of my APKBUILD. It's not unpacked. (abuild unpack does nothing, prints nothing.) How would I go debugging this? 2017-05-31 18:34:08 right 'apk --prefix=/mnt/sysroot-x86 chroot $cmd' or some such, which would setup the environment and execute the command in the specified prefix chrooted. 2017-05-31 18:34:53 skarnet: Hmm, try gzipping it and see if it will unpack then :) 2017-05-31 18:35:26 it won't, I just tried. I looked in the abuild source, and it handles ungzipped .tar files just as well. 2017-05-31 18:35:43 Ahh, figures. 2017-05-31 18:35:48 skarnet: sh -x /usr/bin/abuild unpack 2017-05-31 18:35:52 best debug is trcing 2017-05-31 18:35:54 :P 2017-05-31 18:36:24 yeah, tracing shell scripts isn't my cup of tea... 2017-05-31 18:36:51 Usually it's pretty easy -- just look at the last dozen or so lines before failure. 2017-05-31 18:37:31 tmux is your friend if you have to review the complete output. 2017-05-31 18:37:39 oh 2017-05-31 18:37:39 sorry 2017-05-31 18:37:49 TemptorSent: if you are unable to give me enough credit to assume that I would not be asking here if it was easy, I will kindly ask you to refrain from participating. 2017-05-31 18:37:51 i did not have time yesterday to trace through skarnet's issue 2017-05-31 18:38:17 I don't need "have you tried turning it off and on again?" level 1 support, thank you. 2017-05-31 18:38:40 skarnet: I don't bean debugging your particular issue is easy, I mean the tracing is generally straightforward. 2017-05-31 18:39:26 right 'apk --prefix=/mnt/sysroot-x86 chroot $cmd' or some such, which would setup the environment and execute the command in the specified prefix chrooted. 2017-05-31 18:39:33 it's a package manager Jim, not a docker clone 2017-05-31 18:40:58 kaniini: True, but a tool of that ilk would be quite useful and eliminate the need for docker in many simple cases. 2017-05-31 18:41:15 sure, but it doesn't need to be in apk 2017-05-31 18:42:09 skarnet: so 2017-05-31 18:42:14 a test tar i just created unpacks fine for me 2017-05-31 18:42:19 automatically 2017-05-31 18:42:31 TemptorSent: and what if i want to run $command in a debian environment 2017-05-31 18:42:46 ACTION did docker before docker was cool anyway 2017-05-31 18:43:14 not even kidding: https://bitbucket.org/tortoiselabs/appliancekit-ng 2017-05-31 18:43:16 Agreed, but apk already has all of the appropriate information available, knows what arch a given root is using, etc. Perhaps some of the general purpose tools of apk (pax archiver, etc.) could be exposed as their own applets 2017-05-31 18:43:48 skarnet: https://txt.shiz.me/MWYyMTQ3Mj 2017-05-31 18:44:16 kaniini: I was looking specifically at alternate apk based environments, since apk already can setup a functional chroot fs hierarchy with just a couple commands. 2017-05-31 18:44:33 skarnet: ah 2017-05-31 18:44:35 skarnet: it should be source= 2017-05-31 18:44:37 not sources= 2017-05-31 18:44:39 that may be your issue :P 2017-05-31 18:45:19 Shiz: just found that out :P 2017-05-31 18:45:28 (but thanks) 2017-05-31 18:46:17 TemptorSent: https://bitbucket.org/tortoiselabs/appliancekit-ng/src/edd84e790b41afc06ee1deb387092087f0ccfb66/appliancekit/specs/alpine-base.spec?at=master&fileviewer=file-view-default 2017-05-31 18:46:21 TemptorSent: see??? i used to think like you, and see how it turned out??? 2017-05-31 18:46:22 :D 2017-05-31 18:49:23 Holy crap kaniini! Yeah, I'm not quite *THAT* crazy :) 2017-05-31 18:50:35 although 2017-05-31 18:50:41 that came out better 2017-05-31 18:50:44 than it's predecessor 2017-05-31 18:50:51 https://bitbucket.org/systeminplace/appliancekit/src 2017-05-31 18:50:55 which i literally wrote in 2006 2017-05-31 18:50:57 like i said 2017-05-31 18:51:03 i did docker before it was cool 2017-05-31 18:52:13 I'm thinking a few lines of bash running something like 'export MYROOT=/mnt/blah/x86; apk --prefix $MYROOT add --initdb $pkglist ; apk --prefix $MYROOT chroot /bin/sh' 2017-05-31 18:52:33 https://bitbucket.org/systeminplace/appliancekit/src/af973c5d96f8617d6583caa2f6f70e3e70410323/ApplianceKit/GenericRPMPreBootstrapTool.py?at=default&fileviewer=file-view-default 2017-05-31 18:52:38 although this hackjob 2017-05-31 18:52:42 i am still kind of proud of 2017-05-31 18:52:44 because it is basically 2017-05-31 18:52:48 debootstrap for RPM 2017-05-31 18:52:49 lols 2017-05-31 18:53:20 That's actually kinda slick for what it does :) 2017-05-31 18:53:58 er not bash, bourne shell :P 2017-05-31 18:54:36 well, the os.system() is embarassing 2017-05-31 18:54:42 i should have set up proper pipelines 2017-05-31 18:55:01 now 2017-05-31 18:55:05 what appliancekit-ng actually did 2017-05-31 18:55:09 was generate a shell script 2017-05-31 18:55:09 *lol* Abusing system is a time-honored tradition :) 2017-05-31 18:55:12 and then run it 2017-05-31 18:55:28 basically 2017-05-31 18:56:48 oh, and the original appliancekit 2017-05-31 18:57:00 referred to CentOS frequently as ShitOS 2017-05-31 18:57:06 oops :p 2017-05-31 18:57:18 *LOL* 2017-05-31 18:59:56 Anyway, if apk-tools (not necessarily apk itself) can facilitate such contanerization in a consistent manner, it would make alpine much more flexible with minimal overhead. 2017-05-31 19:00:33 yeah? it might also piss off at least 2 of our main partners (docker & flockport) 2017-05-31 19:01:00 docker used to be buddy buddy with canonical until canonical started playing in their back yard 2017-05-31 19:01:07 Why? Docker could integrate it and reduce their overhead even further. 2017-05-31 19:01:24 yeah on systems where alpine exists 2017-05-31 19:01:30 or rather apk exists 2017-05-31 19:02:06 while i would like to see a small lightweight container tool in alpine, i don't think apk-tools is the place for it 2017-05-31 19:03:17 anyway, i cite appliancekit as proof that i got into this whole dev thing as somebody trying to make my life as a sysadmin a lot easier 2017-05-31 19:03:19 lols 2017-05-31 19:03:33 Not entirely, certainly, but support for specific functions to facilitate such tools would make them far more easily devloped and maintained. 2017-05-31 19:04:03 apk already has the state information database, which I would just as soon not recreate in parallel for the container tool. 2017-05-31 19:04:08 kaniini: isn't it how all system programmers started? :P 2017-05-31 19:04:27 the reason why i started coding IRC stuff 2017-05-31 19:04:30 is again because 2017-05-31 19:04:33 the stuff i was using 2017-05-31 19:04:34 That's why exposing some of apk's individual features as their own tools would be quite useful. 2017-05-31 19:04:41 was complete garbage 2017-05-31 19:05:27 skarnet: literally the reason i properly learned C was because i had a nickserv implementation that kept crashing and corrupting its database, so i decided to write my own 2017-05-31 19:05:56 sounds on par with the typical system programmer experience :) 2017-05-31 19:06:15 I'd like to hand apk a world file and an overlay, give it an alt root directory, and have it build the root, install the packages, and apply the overlay, then at least give men the proper environment required for the chroot. 2017-05-31 19:06:41 why the heck would you want to do that in apk 2017-05-31 19:06:56 ever heard of "one job, one tool" ? 2017-05-31 19:07:01 skarnet: Because it alread does all of those things. 2017-05-31 19:07:12 no? 2017-05-31 19:07:27 it does, it's only restricted to the system itself 2017-05-31 19:07:28 Yes. 2017-05-31 19:07:28 TemptorSent: it already has primitives for that 2017-05-31 19:07:47 TemptorSent: nothing needs to be added for this 2017-05-31 19:07:53 Right, I just want to be able to access the primitives :) 2017-05-31 19:08:04 TemptorSent: you already can 2017-05-31 19:08:35 How? I couldn't find where they were exposed. 2017-05-31 19:08:52 Some undocumented entrypoint? 2017-05-31 19:10:16 tar zxvf overlay.tar | apk add --overlay-from-stdin 2017-05-31 19:10:28 it will install all files in overlay.tar into apk's database 2017-05-31 19:10:35 How can I pass a world file to 'apk add --initdb' without just using a cat sub in the command line? 2017-05-31 19:10:39 it works with --root 2017-05-31 19:11:07 you don't 2017-05-31 19:11:17 you init the db, then install the world file, and run apk fix 2017-05-31 19:11:30 but i am doing an apk add --from-file option 2017-05-31 19:11:34 Ahh, that's how it's done sanely... 2017-05-31 19:11:35 for other reasons 2017-05-31 19:11:45 because frequently 2017-05-31 19:11:51 i copy /etc/apk/world to a new host and use apk fix 2017-05-31 19:11:53 to provision it 2017-05-31 19:11:57 which is a cool undocumented trick 2017-05-31 19:12:01 Very! 2017-05-31 19:12:07 and i want to expose that more 2017-05-31 19:12:16 because i think it's one of the things that really makes apk unique 2017-05-31 19:12:19 That would have saved me HOURS to have known while messing with mkimage. 2017-05-31 19:12:41 Those are exactly the types of featuers I'm looking for. 2017-05-31 19:13:12 will come in handy, definitely 2017-05-31 19:13:13 A general reader for apk's database would be immensely helpful as well. 2017-05-31 19:13:28 that's what apk manifest does 2017-05-31 19:14:50 Right, for that portion of the database, but it would also be helpful to be able to ask for a specific tuple by name/path. 2017-05-31 19:16:16 such as $package:deps 2017-05-31 19:16:32 or :provides, or whatnot. 2017-05-31 19:16:39 that's what apk info does 2017-05-31 19:16:40 but 2017-05-31 19:16:42 yes 2017-05-31 19:16:47 i am not really that happy with apk info 2017-05-31 19:17:03 Yeah, apk info is nice for human-readable usage, but useless for scripting. 2017-05-31 19:18:59 yes, apk info and search have some non-scripting friendly things due to legacy reasons 2017-05-31 19:19:43 Yeah, passing -v and -q at the same time doesn't exactly work when you're trying to get packages with versions and suppress warnings :) 2017-05-31 19:20:54 At least the output is now going to stderr so I can 2>/dev/null rather than having to grep -v out the warnings. 2017-05-31 19:23:07 What else is needed to provide general pax archive read/write support in a useful manner? 2017-05-31 19:23:29 i'm still preferring to change the .apk format 2017-05-31 19:23:53 Why? the pax format is actually quite appropriate. 2017-05-31 19:24:31 for parsing efficiency, and implementation simplicity 2017-05-31 19:24:56 i'd rather expose apk applets to extract files; and build the packages 2017-05-31 19:25:03 and/or library api 2017-05-31 19:25:29 original apk-tools were a set of scripts using tar 2017-05-31 19:25:39 later on we rewrite it in C 2017-05-31 19:25:41 Hmm, including a manifest as the first record of the archive would proabably solve the parsing issue nicely, as well as providing another check for the archive integrity. 2017-05-31 19:26:03 yes, manifest is needed for various things 2017-05-31 19:26:15 but that makes the tar structure redundant 2017-05-31 19:26:57 if the only reason to do tar is to have extraction with regular tools, it's dangerous because those would skip signature verification 2017-05-31 19:27:09 Not really - the pax format encodes what we need for the filesystem nicely, the manifest describes the contents and can be used to verify the filesystem image. 2017-05-31 19:27:10 so also on security side i'm tempted to not do tar 2017-05-31 19:27:41 i would be willing to implement "apk convert-to-tar" type functionality though 2017-05-31 19:27:51 Being able to create/extract using standard tools is critical to the usablity of the format. 2017-05-31 19:28:50 for me it's optional, not a primary priority 2017-05-31 19:28:52 it used to be 2017-05-31 19:29:28 now security, speed, simplicity and usability are more important 2017-05-31 19:29:46 If you want to make security the primary goal, the payloads could be encrypted using their checksum and the package signing signature. 2017-05-31 19:30:19 That would make it impossible to extract any record that doesn't match the manifest. 2017-05-31 19:30:59 But the archive itself should still be readable regardless. 2017-05-31 19:32:32 i have not fully decided my mind yet on it; but currently keeping the tar format does not seem to be that beneficial for me 2017-05-31 19:32:37 even if it's tar 2017-05-31 19:32:57 I would end up writing binary pax header, which would need special tools (as-in apk-tools) to construct it 2017-05-31 19:33:00 Actually, pax is preferable to tar IMHO. 2017-05-31 19:33:16 Ug, binary header? Why? 2017-05-31 19:33:43 i need the manifest there which is binary and signed 2017-05-31 19:34:02 Why would the manifest need to be binary? 2017-05-31 19:34:20 to not waste time in parsing text 2017-05-31 19:34:30 apk is currently slow because of all files being text 2017-05-31 19:34:47 the index, database and apk pax headers 2017-05-31 19:35:08 now index, and database are basically collection of subset of individual package headers 2017-05-31 19:35:14 Hmm, the database really needs a better representation if that's slowing it down. 2017-05-31 19:35:28 and to preserve signatures, we can't modify the manifest data 2017-05-31 19:35:37 thus 2017-05-31 19:35:41 all three need to be binary 2017-05-31 19:36:08 additional index needs to be constructible from packages without re-signing in the planned model 2017-05-31 19:36:23 I'm not in favor of binary except in internal representation for databases. 2017-05-31 19:36:40 we were originally too 2017-05-31 19:36:54 but i want the database to be auditable against asymmetric signatures 2017-05-31 19:37:03 that come from packages 2017-05-31 19:37:18 thus the packages need to contain the objects in database directly 2017-05-31 19:37:26 and to make database fast, it needs to be binary 2017-05-31 19:37:48 Okay, so if we sign each package's unique identifer (arch, package name, package version, checksum), we don't need to worry about resigning an index. 2017-05-31 19:37:51 note that by "slow" i mean full alpine indexdatabase on 2017-05-31 19:38:03 rpi takes now 500ms to load and process 2017-05-31 19:38:17 Ouch! 2017-05-31 19:38:27 but often we want to sequence those operations; so it may end up to be a lot 2017-05-31 19:38:30 on the embedded cpus 2017-05-31 19:38:41 on any modern x86/x86_64 it's a lot less 2017-05-31 19:38:59 Yeah, the reloading should be that heavy once it's in the DB. 2017-05-31 19:39:11 so basically my design goal si: 2017-05-31 19:39:32 - construct index from packages without signing it (so anyone can create boot media with their selection of packages) 2017-05-31 19:39:48 - opening database is matter of mmapping it (almost zero load time) 2017-05-31 19:39:57 Right 2017-05-31 19:40:20 - database contains manifests from packages that are signed so apk audit always works against signatures 2017-05-31 19:40:36 A graph-structured DB would be ideal for that, possible with sparse pages for speed. 2017-05-31 19:41:03 fabled: i am already working on extract/build applets 2017-05-31 19:41:07 fabled: and manifest, of course 2017-05-31 19:41:12 as you see :) 2017-05-31 19:41:15 yeah 2017-05-31 19:41:30 the apkdb right now is kind of a pain to work with 2017-05-31 19:41:47 yes 2017-05-31 19:41:47 mmaping something like sqlite3's btree stuff 2017-05-31 19:41:50 would be good 2017-05-31 19:42:10 The manifest itself should be very simple and each line can be signed based on the data content only, not the formatting. 2017-05-31 19:42:37 i don't want to parse, and reconstruct signed data because it's slow 2017-05-31 19:42:45 and vulnerable to various problems 2017-05-31 19:42:50 btrees aren't the best for storing DAGs with attributes really, but it's workable. 2017-05-31 19:43:00 i do have a design ready 2017-05-31 19:43:20 basically cdb like hashes + recursive tag/value/length encoding 2017-05-31 19:43:29 ACTION is just trying to get the core applets ready while fabled does the database stuff :) 2017-05-31 19:43:43 i'm happy to keep the applet api if it gets done 2017-05-31 19:43:46 *groans* Ouch. 2017-05-31 19:44:07 as well as various nice things like apk add --from-file 2017-05-31 19:44:08 Yeah, won't be debugging that by hand. 2017-05-31 19:44:49 secure, plaintext, fast; choose any two 2017-05-31 19:45:07 fabled: i also want to make apk info more useful for external consumers 2017-05-31 19:45:13 me too 2017-05-31 19:45:17 but haven't figured out what that looks like yet 2017-05-31 19:45:31 i wonder if it would make sense to write it as new appliet like "print" or "show" 2017-05-31 19:45:41 and deprecate "info" and "search" 2017-05-31 19:45:50 make it scriptable with --fields a,b,c 2017-05-31 19:46:17 and other flags to control how many matches to show, and from which indexes/installed-db to search against 2017-05-31 19:46:19 fabled: How about an extended Merkle-DAG? Fast, secure, and mostly plaintext. 2017-05-31 19:47:07 fabled: that's why i broke manifest out instead of having it in apk info 2017-05-31 19:47:40 And also fits the depedency graph much better. 2017-05-31 19:48:49 TemptorSent, Merkle tree does not solve all the problems involved 2017-05-31 19:48:51 Technically, you could provide a tag with the lenght and offset and parse it as fast as you would the binary version 2017-05-31 19:49:36 TemptorSent: dependencies are stored as a dependency description 2017-05-31 19:49:43 no graph involved 2017-05-31 19:50:08 No, they would need to be extended somewhat to fully support our needs, but they should work well as a basis. 2017-05-31 19:51:19 i would hope to provide good enough tlv tools to dump the database to text; even in backwards compat. format 2017-05-31 19:51:22 kaniini: I'm referring to the file->package mapping, which would allow full dep chain calculations without having to build the memory tree each time. 2017-05-31 19:52:27 that's just a reverse lookup table though 2017-05-31 19:52:35 kaniini, thanks for the manifest stuff, the commits i had time to look at look good 2017-05-31 19:53:08 TemptorSent, I hope the database/index opening to be mmap + updating shim structures that allow merging multiple files efficiently 2017-05-31 19:53:10 Yes, but a merkle tree would allow you to quickly detect if anything lower in the tree has changed. 2017-05-31 19:54:15 fabled: Why not just encode the offsets and namespace in the db files themselves? 2017-05-31 19:55:05 did you see the executive summary on design concepts? http://sprunge.us/DLSU 2017-05-31 19:55:05 fabled: i have apk unpack almost ready to go in as well. apk pack after that. 2017-05-31 19:55:18 awesome kaniini! 2017-05-31 19:56:22 Does apk unpack support specifying paths to extract? i.e. 'apk unpack mykernel-blah.apk boot/' 2017-05-31 19:56:52 TemptorSent: it is planned, but right now i am just concentrating on the core functionality to make sure it's completely legit first 2017-05-31 19:56:58 TemptorSent: like i did with manifest 2017-05-31 19:57:08 (and there's more to do with manifest, like customizing what is actually output) 2017-05-31 19:57:23 Very nice! 2017-05-31 19:58:14 need to go sleep in a minute. see you tm. 2017-05-31 19:58:17 Let me know what testing is needed. 2017-05-31 19:58:29 Goodnight fabled! 2017-05-31 19:58:34 i might actually do apk mod 2017-05-31 19:58:40 with --import-from-file 2017-05-31 19:59:19 kaniini, my model for apk3 is that .apk packages are the basic component; they are signed and immutable without resigning 2017-05-31 19:59:48 index and databases are directly built from .apk header portions and include relevant signature 2017-05-31 20:00:03 fabled: --import-from-file being to import an /etc/apk/world from another machine 2017-05-31 20:00:09 to clarify :) 2017-05-31 20:00:19 ah, so kinda add/del combined 2017-05-31 20:00:36 i have had that on todo / ideas board for a while 2017-05-31 20:00:41 yes, from your list of things you want to see in apk3 2017-05-31 20:01:15 right now we frequently copy /etc/apk/world to a new host and then use apk fix to provision it 2017-05-31 20:01:18 fabled: Why not make the individual files the basic component? 2017-05-31 20:01:27 so the idea is to make that seem less... hacky 2017-05-31 20:01:51 TemptorSent, it would slow down things 2017-05-31 20:01:57 on various levels 2017-05-31 20:02:24 e.g. verifying asymmetric signature is a lot slower than hash 2017-05-31 20:02:35 Hmm, I'll have to look at it a bit deeper, but I suspect it could be done in reasonable overhead. 2017-05-31 20:02:39 what i also want to do is enable software like python's pip or luarocks to generate a package with apk pack 2017-05-31 20:02:41 and install it 2017-05-31 20:02:48 so that the package manager is aware of it 2017-05-31 20:02:52 right 2017-05-31 20:03:31 that would probably be better than the current "auto-generate apkbuild from CPAN" type of approach 2017-05-31 20:03:36 Of course, but you can sign a tree of hashes and only have to verify one signature. 2017-05-31 20:04:04 TemptorSent, yes, that's why it's called a package 2017-05-31 20:05:31 The package contains a lot more than just the signed tree -- and thus more parsing that is only needed once per load. 2017-05-31 20:06:17 anyway. that's what i have in mind. i do have some code, but not too much yet. hope to get back hacking it after next week. 2017-05-31 20:06:19 i like apk fix... 2017-05-31 20:06:41 Shiz: sure, but most people don't know you can do that with /etc/apk/world :) 2017-05-31 20:06:50 Shiz: we arent talking about getting rid of apk fix 2017-05-31 20:06:55 kaniini, TemptorSent : if you can come up with good info/search replacement applet usage format, that'd be good input 2017-05-31 20:07:25 we had discussion about it once few years ago but it didn't end up anywhere 2017-05-31 20:07:28 The other win with hash trees is it allows you to verify any subset of files and requires a very small tree. 2017-05-31 20:07:50 <^7heo> I wonder why there's only vim or atom... 2017-05-31 20:07:54 fabled: the other main thing i want is pluggable backends for fetching, so that i can fetch over SSH 2017-05-31 20:07:55 <^7heo> Why isn't there something in between? 2017-05-31 20:08:09 kaniini, was planning to go libcurl 2017-05-31 20:08:20 libcurl :( 2017-05-31 20:08:22 <^7heo> libcurl is actually a nice lib. 2017-05-31 20:08:22 ^7heo - Do we have 'joe'? 2017-05-31 20:08:29 <^7heo> TemptorSent: I don't think so. 2017-05-31 20:08:40 <^7heo> oh we do. 2017-05-31 20:08:43 <^7heo> my bad 2017-05-31 20:08:47 <^7heo> Shiz: why? 2017-05-31 20:08:58 There ya go! I used to use joe quite a bit. 2017-05-31 20:09:00 curl's CVE count, for one 2017-05-31 20:09:08 <^7heo> Yeah well, HTTP. 2017-05-31 20:09:08 and its size 2017-05-31 20:09:10 fabled: yes, i know. but libcurl's SFTP implementation is limited :) 2017-05-31 20:09:19 <^7heo> Shiz: well, it supports all the things. 2017-05-31 20:09:24 yes, that's the problem 2017-05-31 20:09:38 replacing one monolithic fetching library with another is not a design improvement imo 2017-05-31 20:09:48 <^7heo> true dat 2017-05-31 20:10:05 Allowing external fetch makes leveraging dropbear an option for very small systems. 2017-05-31 20:10:07 anything better out there then libcurl? 2017-05-31 20:10:30 yes 2017-05-31 20:10:32 for regular http it needs to be inbuilt to have connection pooling 2017-05-31 20:10:33 literally anything 2017-05-31 20:10:39 <^7heo> skarnet: :D 2017-05-31 20:10:40 i think we should go back to out-of-process fetch and then have /lib/apk/transport/$scheme 2017-05-31 20:10:50 ^ 2017-05-31 20:10:53 kaniini: imo /usr/libexec/apk/apk-fetch- 2017-05-31 20:10:56 :P 2017-05-31 20:10:56 ^^^ 2017-05-31 20:10:57 and then /lib/apk/transport/$scheme can use libcurl if it wants 2017-05-31 20:10:59 the exec-solution has problems during distro-upgrade 2017-05-31 20:11:03 and then /lib/apk/transport/ssh can use scp 2017-05-31 20:11:12 <^7heo> skarnet, Shiz: I trust both your judgement on code sanity so I won't write stuff like "libcurl is actually a nice lib." 2017-05-31 20:11:16 when the plugin and it's dependency libraries are being updated 2017-05-31 20:11:19 <^7heo> but honestly, from the user POV, it IS nice. 2017-05-31 20:11:25 having out-of-process fetch, aka executable plugins, allows much more flexibility and isolation 2017-05-31 20:11:48 fabled: yes, that is the downside 2017-05-31 20:11:53 is that really the case though 2017-05-31 20:12:00 like i presume all fetching would happen BEFORE the upgrade cycle 2017-05-31 20:12:03 <^7heo> fabled: what protocol are you interested in, for the libcurl? 2017-05-31 20:12:04 And can make supporting convoluted caching unnecessary. 2017-05-31 20:12:05 before files are being replaced 2017-05-31 20:12:23 well, if we cache all .apks before upgrade it's not ap roblem 2017-05-31 20:12:45 Shiz: one of the tricks apk does for speed 2017-05-31 20:12:50 well 2017-05-31 20:12:52 Shiz: is to stream the packages onto disk as it consumes them 2017-05-31 20:12:58 in future design it's actu