2017-05-01 00:21:36 <kaniini> Shiz: it seems ok
2017-05-01 00:21:48 <kaniini> Shiz: which branch is this for
2017-05-01 00:21:52 <Shiz> 3.3-stable
2017-05-01 00:21:56 <kaniini> ok
2017-05-01 00:21:58 <kaniini> i'll sort it in a few
2017-05-01 00:22:15 <Shiz> i at least confirmed that the new grsec patch compiles on x86_64
2017-05-01 00:22:17 <Shiz> :p
2017-05-01 00:22:29 <Shiz> no box to test on though
2017-05-01 00:29:40 <nmatt> Shiz I got a test vm setup
2017-05-01 00:30:58 <nmatt> Shiz: is it for 4.9.25?
2017-05-01 00:33:53 <Shiz> nmatt: nyet, older backport for 3.3
2017-05-01 00:33:57 <Shiz> 4.1.39
2017-05-01 00:34:06 <Shiz> err, forward-port rather from 4.1.18
2017-05-01 00:34:16 <Shiz> alpine 3.3, kernel 4.1.18 -> 4.1.39 that is
2017-05-01 00:36:11 <nmatt> oh
2017-05-01 00:36:21 <nmatt> nvm :(
2017-05-01 00:37:07 <Shiz> :P
2017-05-01 00:37:11 <Shiz> i also have a 4.9.25 forward-port
2017-05-01 00:37:13 <Shiz> somewhere
2017-05-01 00:39:17 <nmatt> i don't think the 4.9.25 port would be that hard
2017-05-01 00:40:02 <Shiz> https://up.shiz.me/priv/grsec-3.1-4.9.25-201704252333-alpine.patch
2017-05-01 00:40:08 <Shiz> no guarantees etc, just a quick forward-port
2017-05-01 02:42:09 <nmatt> Shiz: cool I'm going to add a patch section to our wiki. Do you might me linking to that patch?
2017-05-01 02:42:27 <nmatt> I will list it as a test patch (i.e. not stable)
2017-05-01 02:42:47 <nmatt> s/might/mind/
2017-05-01 02:47:20 <Shiz> feel free
2017-05-01 02:47:29 <Shiz> also label it unofficial and quick
2017-05-01 02:47:31 <Shiz> :P
2017-05-01 02:57:38 <kaniini> yoyoyo
2017-05-01 02:57:44 <kaniini> why are you giving away the patch for free
2017-05-01 02:57:52 <kaniini> we could be making $$$ CASH MONEY $$$ on this Shiz
2017-05-01 02:58:12 <Shiz> lol
2017-05-01 02:58:25 <kaniini> nmatt: i start the bidding at $300 for the patch, what is your counteroffer
2017-05-01 02:59:48 <nmatt> $300 to rebase the 4.9.24 patch to 4.9.25 ??
2017-05-01 02:59:55 <nmatt> lol
2017-05-01 03:00:11 <kaniini> nmatt: hardened-3.1-4.11-201705012200-alpine.patch starts at $799
2017-05-01 03:00:23 <nmatt> $500/month for support right ;)
2017-05-01 03:00:41 <kaniini> let me talk with Jake in sales we might be able to cut you a deal
2017-05-01 03:01:36 <kaniini> nmatt: oh sorry Jake in sales says $369 per machine with 0 incidental support tickets
2017-05-01 03:03:24 <kaniini> for what it's worth, the 4.9.25 patch seems to be booting fine
2017-05-01 03:04:18 <TemptorSent> kaniini - is it one of those 'sliding scale' deals?
2017-05-01 03:04:51 <kaniini> absolutely
2017-05-01 03:05:13 <kaniini> there is the gentoo surcharge: $50 per CFLAG being used in the commandline
2017-05-01 03:06:21 <nmatt> dang that's gonna make the ricers mad
2017-05-01 03:09:59 <kaniini> when is gentoo going to stop pretending that freedesktop.org pkg-config is still a relevant software?  even fedora gave up on that one
2017-05-01 03:11:06 <kaniini> hell, even GNOME gave up on that one
2017-05-01 03:11:30 <Shiz> fedora moved to pkgconf?
2017-05-01 03:11:32 <Shiz> nice
2017-05-01 03:11:33 <kaniini> yes
2017-05-01 03:11:41 <kaniini> RETROACTIVELY
2017-05-01 03:11:53 <Shiz> for fedora to drop something FDo it must be pretty heavy stuff
2017-05-01 03:11:54 <kaniini> that is how bad pkg-config broke them
2017-05-01 03:13:58 <kaniini> Shiz: https://admin.fedoraproject.org/pkgdb/package/rpms/pkgconf/
2017-05-01 03:14:06 <kaniini> Shiz: they went all the way back to fedora 24 for it
2017-05-01 03:14:15 <Shiz> nice
2017-05-01 03:15:43 <kaniini> Shiz: they also closed like a shitload of bugs in their distro when they switched because pkg-config was quietly screwing them in subtle ways before
2017-05-01 03:15:52 <kaniini> but hey, i wrote this stuff for no reason right
2017-05-01 03:16:08 <Shiz> i took a look at pkg-config exactly once
2017-05-01 03:16:09 <kaniini> oh wait, pkg-config kept resolving dependencies wrong breaking things in alpine and then they went to glib-2.0 requirement
2017-05-01 03:16:11 <kaniini> ;)
2017-05-01 03:16:13 <Shiz> and then i saw it needed a bootstrap glib
2017-05-01 03:16:17 <Shiz> and then i closed the window
2017-05-01 03:16:27 <kaniini> oh
2017-05-01 03:16:29 <kaniini> pkg-config
2017-05-01 03:16:34 <kaniini> gets a lot of things wrong with it's depsolver
2017-05-01 03:16:39 <Shiz> nice
2017-05-01 03:16:45 <kaniini> well, the new one isnt so bad, but it's kind of too little too late
2017-05-01 03:26:32 <TemptorSent> kaniini: Since you're our resident dep-solver expert, would you mind looking at my apkroottool implementation and letting me know what logic errors I haven't addressed?
2017-05-01 03:28:42 <TemptorSent> kaniini: At some point, it needs to become C based, because running large tree searches through repeted process invocation is somewhat insane.
2017-05-01 03:32:54 <kaniini> TemptorSent: shell scripting is really not something you want me getting involved in :P
2017-05-01 03:33:02 <kaniini> i just cobble things together there
2017-05-01 03:34:47 <TemptorSent> kaniini: Yeah, not the script (which I still dislike because of the hacks for apk lacks :/ ), but the dependency logic itself
2017-05-01 03:35:34 <kaniini> ok let me be more direct
2017-05-01 03:35:43 <TemptorSent> kaniini : see https://github.com/TemptorSent/aports/blob/mkimage-refactor-scripts/scripts/mkimage/utils/utils-apk.sh
2017-05-01 03:35:44 <kaniini> non-trivial parts of the current generation of mkinitfs were my doing
2017-05-01 03:35:54 <kaniini> 
ACTION scurries

2017-05-01 03:36:19 <TemptorSent> *lol* Don't worry, I've made my share of shell messes :)
2017-05-01 03:36:34 <TemptorSent> Besides, the heavy lifting is really a few lines of awk
2017-05-01 03:37:10 <TemptorSent> cd L317-L349 for the actual resolution
2017-05-01 03:37:26 <TemptorSent> er s/cd/see/g
2017-05-01 03:38:17 <TemptorSent> It's not the prettiest code I've ever written, but it seems to work?
2017-05-01 03:38:49 <kaniini> i'm going to be blunt
2017-05-01 03:38:53 <kaniini> i dont know a damn thing about awk
2017-05-01 03:39:20 <kaniini> walk me through what this does
2017-05-01 03:39:32 <TemptorSent> Think of it as psuedo code, I think the only awkish function is 'split'
2017-05-01 03:40:02 <kaniini> i mean it's a recursive-descent depsolver right?
2017-05-01 03:40:05 <kaniini> it looks ok to me
2017-05-01 03:40:15 <kaniini> i dont see anything blatently wrong with it
2017-05-01 03:42:21 <TemptorSent> _manifest_deps_resolve_index takes the input from the first pass to create the index, then at the end of input iterates each list of raw deps from whatever dep gernerator (objdump, etc), an resolves them to index entries - which are a combination of a tag, filename, and checksum.
2017-05-01 03:43:27 <TemptorSent> So you go from indexa\tdep1\t\dep2\t...\tdepn to indexa\tdep1index\tdep2index\t...\tdepnindex
2017-05-01 03:43:44 <kaniini> the only concern i have is
2017-05-01 03:44:00 <kaniini> there's no depth counting
2017-05-01 03:44:05 <TemptorSent> Then _manifest_deps_resolve_recurse just does a direct array iteration.
2017-05-01 03:44:05 <kaniini> so you can loop it
2017-05-01 03:44:15 <TemptorSent> Nope, see i!=j
2017-05-01 03:44:31 <kaniini> in alldeps()
2017-05-01 03:44:36 <kaniini> for (t in td) { sd[td[t]]=td[t] ; if (td[t] !=d) { alldeps(ad, td[t], sd) } }
2017-05-01 03:45:18 <TemptorSent> So it only runs per input line, an the array is already stuffed.
2017-05-01 03:45:53 <TemptorSent> It'd have to be a rather strange case to allow it to loop.
2017-05-01 03:47:44 <TemptorSent> So, on the input , ideps gets filled with an index value and the contents of the entire dep line, with each entry being a checksummed index token
2017-05-01 03:48:04 <TemptorSent> (oops, I can dump the extra split -- artifact from refactor)
2017-05-01 03:49:37 <TemptorSent> It then iterates over each dependor token (i in ideps returns keys in ideps)
2017-05-01 03:50:21 <TemptorSent> split("",all) clears the array all in a portable way.
2017-05-01 03:50:50 <TemptorSent> then it iterates by key over the array, putting results into all
2017-05-01 03:52:20 <TemptorSent> it prints the first token, then each result in all as long as it's not empty or our top level index key.
2017-05-01 03:56:06 <TemptorSent> alldeps is stupidly simple, it splits the value of the dep into the variable td, then iterates t over the keys in td, setting the output array value to the value of each dep token using the key as the dep key, then it checks that the value isn't equal to the calling index, and recurses if not.
2017-05-01 03:57:02 <TemptorSent> Ug, I think that is less clear than the code :)
2017-05-01 03:58:31 <TemptorSent> To stick in a loop, we'd have to have an actual dep loop I believe.
2017-05-01 04:00:03 <TemptorSent> A TTL loop detector might be worth while if that situation is actually possible.
2017-05-01 04:01:36 <kaniini> one should never assume it is impossible
2017-05-01 04:01:38 <kaniini> :)
2017-05-01 04:02:14 <TemptorSent> Agreed, I need to do a bit more analysis (or a test case) to determine if it actually can loop in than manner.
2017-05-01 04:03:33 <TemptorSent> Its not wonderfully fast or anything, but it is pretty simple and flexible.
2017-05-01 04:09:26 <TemptorSent> Hmm, actually a simpler fix may be just changing the order of the guard condition for alldeps to come before the adding of td[t] to sd[], and to simply check if (td[t] in sd)
2017-05-01 04:09:59 <TemptorSent> That should eliminate loops right?
2017-05-01 04:10:42 <TemptorSent> Since it returns true as soon as the entry already exists, and we can exit.
2017-05-01 04:11:36 <TemptorSent> er, continue
2017-05-01 04:12:50 <TemptorSent> The other thing, is just give it a try and see if it looks sane in use
2017-05-01 04:15:17 <TemptorSent> from the mkimage dir, ./apkroottool --arch aarch64 setup /tmp/myaarch64
2017-05-01 04:15:46 <TemptorSent> Add repos/keys as desired :)
2017-05-01 04:16:01 <TemptorSent> (same global option format as apk)
2017-05-01 04:16:38 <TemptorSent> ./apkroottool.sh help
2017-05-01 04:16:50 <TemptorSent> (er, yes, with the sh)
2017-05-01 04:18:29 <TemptorSent> './apkroottool.sh setup /tmp/myaarch64 aarch64' does the same
2017-05-01 04:23:28 <TemptorSent> At some point, I really need to write a proper merkle-dag tree based solver for this kind of stuff
2017-05-01 06:21:18 <TemptorSent> kaniini: Would it be insane to implement something like a Merkle DAG directly in the PAX/tar headers?
2017-05-01 06:24:52 <TemptorSent> Actually, several overlaid DAGS... Path,Index,Depends,Provides
2017-05-01 06:26:28 <TemptorSent> (DAGs just being a simple solution, we can choose something more appropriate for the actual structure if needed, such as a red/black tree backing it.
2017-05-01 06:28:24 <TemptorSent> Should be able to go from O(2^n) to O(nlogn) worst case.
2017-05-01 06:30:11 <TemptorSent> Right now, I suspect some of the functions are more like O(n!)
2017-05-01 06:33:37 <TemptorSent> ...such as naive recursive dep solvers on reverse sorted lists :)
2017-05-01 06:36:03 <skarnet> what has pax/tar got to do with dependency solving
2017-05-01 06:36:33 <TemptorSent> A convenient place to store the information perhaps :)
2017-05-01 06:36:54 <skarnet> what about an additional file that you then include in the tarball
2017-05-01 06:37:13 <TemptorSent> Since we're already using PAX headers for SHA1 checksums, including the tags in the header would be convenient
2017-05-01 06:37:21 <skarnet> instead of abusing headers for an unrelated format
2017-05-01 06:37:43 <skarnet> checksums make sense
2017-05-01 06:37:43 <TemptorSent> I'm doing that currently :)
2017-05-01 06:37:53 <skarnet> it's about verifying that the tarball isn't corrupted
2017-05-01 06:38:07 <skarnet> an unrelated data structure isn't the same thing at all
2017-05-01 06:38:11 <TemptorSent> The deps are hashlists of the checksums of the files in the deplist
2017-05-01 06:38:13 <skarnet> well, keep doing it in a separate file :P
2017-05-01 06:39:36 <TemptorSent> The point of the Merkle tree in the headers would be both verificiation and unique identification of both individual files and complete paths.
2017-05-01 06:40:28 <TemptorSent> So you could refer to fstab or /etc/fstab by two distinct hashes, but could determine if the file content hash matches.
2017-05-01 06:40:50 <TemptorSent> (this is essentially what I'm doing for libs currently, although really screwy rpaths might break things)
2017-05-01 06:42:01 <TemptorSent> The dep tree then reduces to a tagged set of checksums for each file.
2017-05-01 06:43:26 <TemptorSent> Also, if we can use apk to effectively read/write headers to/from text format, it would allow us to have self-consistent archives/manifests without secondary generation.
2017-05-01 06:44:33 <skarnet> don't mix dependencies and checksums, and don't abuse tar headers. Please.
2017-05-01 06:44:56 <TemptorSent> Um, how do you divorce the deps from their checksums?
2017-05-01 06:44:59 <skarnet> Every time you think you're smart, tech debt increases, and somewhere a kitten cries.
2017-05-01 06:45:25 <kaniini> skarnet for technical committee 2017
2017-05-01 06:45:37 <skarnet> kaniini: where do I sign
2017-05-01 06:45:40 <TemptorSent> Using the filename means you can't tell if the file is the same one in differnt locations or not.
2017-05-01 06:46:08 <skarnet> a file listing full paths?
2017-05-01 06:46:35 <skarnet> I'm not sure exactly what dependencies you're talking about: what depends on what and what should be documented?
2017-05-01 06:46:59 <TemptorSent> A manifest with full paths, then an index of all libs/bins, and a dep list for each index entry.
2017-05-01 06:48:04 <kaniini> i do not think shell is the appropriate language for that type of processing :P
2017-05-01 06:48:06 <TemptorSent> So I can tell it I want the binaries /sbin/apk and /usr/sbin/zfs and it will extract a subset with the deps for those binaries and all libs.
2017-05-01 06:48:15 <skarnet> you need the full paths in the dep list, end of story.
2017-05-01 06:48:22 <TemptorSent> kaniini: Exactly, this really should be in apk.
2017-05-01 06:48:51 <TemptorSent> skarnet: Why not the hash?
2017-05-01 06:49:35 <skarnet> why store clear, readable file names when we can store their hashes instead? it's so much more fun!
2017-05-01 06:49:57 <TemptorSent> It maps 1:1 a specific pkg/file/content to a tagged hash
2017-05-01 06:50:34 <TemptorSent> The tags contain the filename/path as appropriate, as well as the package name and arch.
2017-05-01 06:50:45 <skarnet> because when you construct the dep tree, you need to go from the hash to the name
2017-05-01 06:50:47 <TemptorSent> So it essentially serves as a UUID
2017-05-01 06:50:51 <skarnet> and that is not a O(1) operation
2017-05-01 06:51:00 <TemptorSent> grep :)
2017-05-01 06:51:04 <skarnet> and that is not a O(1) operation
2017-05-01 06:51:49 <TemptorSent> No, but it actually solves the problem of uniquely identifying a full dep chain
2017-05-01 06:52:17 <TemptorSent> So if any dep changes, you can recognize that fact.
2017-05-01 06:52:32 <TemptorSent> even if the version number of the lib didn't change, the hash did.
2017-05-01 06:52:48 <skarnet> I'm not sure exactly what you're trying to accomplish, it's early morning on a holiday and I already regret entering this discussion. Goodbye.
2017-05-01 06:53:10 <TemptorSent> Sorry, I didn't realize it was a holiday!
2017-05-01 06:53:30 <skarnet> np, my fault for jumping in.
2017-05-01 06:53:55 <TemptorSent> Enjoy you day off, I'll try to put together a better sketch of the logic.
2017-05-01 06:55:48 <TemptorSent> kaniini: I'm hoping this can be part of apk3 functionality, so we can eliminate a lot of redundant and fragile code that has to parse data that apk already uses.
2017-05-01 06:56:08 <TemptorSent> kaniini: Allowing it to act as a general tool would just ice the cake.
2017-05-01 06:57:14 <TemptorSent> kaniini: In fact, it would make the binary-deltas that the old alpine-iso tool tried to support almost trivial.
2017-05-01 13:11:42 <fabled> i think i figured out the Go 1.8 build error
2017-05-01 13:16:10 <clandmeter> doing some maintenance to infra, should be back in a min.
2017-05-01 13:20:53 <dsuch> Hello, I'm looking for a contractor to build an APK package for certain software to be placed in that software's repository (i.e. not Alpine Linux's repository).
2017-05-01 13:21:06 <dsuch> Additionally, a few packages needed by the software appear to be unavailable yet in Alpine Linux as compared to Ubuntu, RHEL and other distributions, and, depending on the task's complexity, I would like for the contractor to create the packages for Alpine as well.
2017-05-01 13:21:11 <dsuch> Thus, I think it would be best to work with a core Alpine developer so as to facilitate the process of making sure the new packages are added where they are due.
2017-05-01 13:21:16 <dsuch> Could you please suggest the best place to look for such a person? Thanks.
2017-05-01 13:21:47 <skarnet> here is a nice place, the alpine-dev ML is another one
2017-05-01 13:22:22 <skarnet> (I'm not a core developer, but am contractable, please send me a PM if interested ;))
2017-05-01 13:23:07 <skarnet> also, please bear in mind that if a piece of software appears in Ubuntu/RHEL/... and not in Alpine, it's probably because it requires heavy patching in order to build with musl
2017-05-01 13:24:34 <skarnet> so depending on the precise nature of the software, the necessary amount of work may vary. It can be very simple if there's no particular glibcism in the software, or it can be basically insurmountable if the software is deeply tied to glibc.
2017-05-01 13:26:29 <rnalrd> clandmeter, maintenance for patchwork/pkgs/bugs?
2017-05-01 13:26:34 <rnalrd> i can't reach them
2017-05-01 13:26:39 <dsuch> Thanks skarnet, yes, I realize that there may be various reasons behind it. The missing packages are dependencies to NumPy and SciPy, such as liblapack-dev or liblapack3 in terms of Ubuntu names. They are certainly C or assembly heavy.
2017-05-01 13:26:42 <clandmeter> yes
2017-05-01 13:26:49 <rnalrd> k
2017-05-01 13:26:55 <clandmeter> almost done
2017-05-01 13:26:58 <rnalrd> np
2017-05-01 13:28:13 <skarnet> dsuch: asm would certainly not be a problem. As for C, it really depends on the amount of glibcisms used, but if it's purely for calculus there's no reason why it should be hard.
2017-05-01 13:28:35 <dsuch> skarnet: Sure, I understand it.
2017-05-01 13:31:50 <clandmeter> rnalrd: should be ok now
2017-05-01 13:32:09 <rnalrd> yes, tnx
2017-05-01 13:32:21 <clandmeter> i only multiplied that minute by 15. not bad.
2017-05-01 13:32:30 <rnalrd> :)
2017-05-01 14:25:06 <TemptorSent> kaniini - see zhasha's comment on #alpine-linux 'That was fun. apk upgrade deleted my kernel'
2017-05-01 14:51:01 <^7heo> guys, how to get drivers loaded at boot?
2017-05-01 14:51:15 <^7heo> Given the right file in /lib/modules/$kernel/kernel/drivers?
2017-05-01 14:51:36 <TemptorSent> ^7heo - the 'modules' kernel command line is what you're looking for I think.
2017-05-01 14:51:46 <^7heo> I mean, at boot.
2017-05-01 14:51:50 <^7heo> how is it configured?
2017-05-01 14:51:55 <TemptorSent> Bootloader
2017-05-01 14:52:11 <_ikke_> /etc/modules-load.d/?
2017-05-01 14:52:14 <TemptorSent> It's currently broken.
2017-05-01 14:52:15 <^7heo> thanks _ikke_
2017-05-01 14:52:45 <^7heo> _ikke_: I have only four files in there...
2017-05-01 14:52:46 <_ikke_> Either that, or /etd/modprobe.d
2017-05-01 14:52:46 <TemptorSent> _ikke_ I don't believe that is available at boot.
2017-05-01 14:52:53 <^7heo> s/files/lines/
2017-05-01 14:52:55 <^7heo> _ikke_: thanks
2017-05-01 14:53:17 <TemptorSent> ^7heo - what modules do you need loaded?
2017-05-01 14:54:06 <^7heo> I need the overall logic.
2017-05-01 14:54:09 <^7heo> to understand.
2017-05-01 14:55:19 <TemptorSent> ^7heo - Okay, so the way it works is /init modprobes $KOPT_modules and $KOPT_rootfstype early in the process.
2017-05-01 14:55:58 <^7heo> TemptorSent: where are those files located?
2017-05-01 14:56:58 <TemptorSent> ^7heo: See /usr/share/mkinitfs/initramfs-init L345
2017-05-01 14:57:44 <TemptorSent> ^7heo: It then reads /etc/modules (NOT any of the subdirs currently!?!) and loads those.
2017-05-01 14:58:51 <TemptorSent> ^7heo: All files are in the initfs.
2017-05-01 14:59:09 <clandmeter> ^7heo, dont forget to add it to a runlevel.
2017-05-01 14:59:32 <TemptorSent> Runlevel? At boot time?
2017-05-01 14:59:49 <clandmeter>  /etc/init.d/modules
2017-05-01 15:00:24 <TemptorSent> There is not /etc/init.d/modules at boot time, that's on the root we're trying to mount.
2017-05-01 15:00:31 <^7heo> clandmeter: that is awesome
2017-05-01 15:00:38 <^7heo> clandmeter: that is EXACTLY what I wanted.
2017-05-01 15:01:06 <^7heo> clandmeter: what is the corresponding file with which the SYSTEM loads its modules?
2017-05-01 15:01:53 <TemptorSent> ^7heo: Oh, you mean how to load modules from openrc once boot is done and the switch-root has happened?
2017-05-01 15:02:11 <clandmeter> TemptorSent, take your head out of initramfs ;-)
2017-05-01 15:02:26 <clandmeter> real things happen outside of it :p
2017-05-01 15:02:45 <TemptorSent> clandmeter: He said load modules at BOOT, which implies initfs
2017-05-01 15:02:49 <clandmeter> ^7heo,  what do you mean with SYSTEM?
2017-05-01 15:03:03 <clandmeter> systemd?
2017-05-01 15:03:09 <clandmeter> 
ACTION hides

2017-05-01 15:03:31 <TemptorSent> 
ACTION flogs clandmeter within an inch of his life.

2017-05-01 15:03:55 <TemptorSent> *LOL* That's not even funny clandmeter!
2017-05-01 15:05:08 <TemptorSent> ^7heo: Can you clarify whether you're talking modules required to mount the real root or just modules that need to be loaded when the openrc init system starts?
2017-05-01 15:06:26 <clandmeter> crap, can a lxc container get network stats from proc? or is that somehow limited?
2017-05-01 15:09:27 <dsuch> clandmeter: If this is helpful,
2017-05-01 15:09:46 <dsuch> clandmeter: I know that grsecurity blocks access to /proc/net/tcp but I can access it from lxc
2017-05-01 15:10:12 <clandmeter> im using vnstat
2017-05-01 15:10:23 <clandmeter> but it seems that the vnstat users is not a member of readproc..
2017-05-01 15:11:34 <clandmeter> i wonder if that actually matters
2017-05-01 15:12:57 <dsuch> clandmeter: Well, if this is related at all, I once had a situation as here https://mailman-mail5.webfaction.com/pipermail/zato-discuss/2015-April/001059.html https://mailman-mail5.webfaction.com/pipermail/zato-discuss/2015-April/001065.html
2017-05-01 15:13:15 <dsuch> clandmeter: But this really is my limits in this regards, sorry!
2017-05-01 15:15:25 <kaniini> TemptorSent: seems to be working as expected, he pinned a package that no longer exists in edge
2017-05-01 15:18:51 <clandmeter> dsuch, seems to start working now.
2017-05-01 15:19:16 <clandmeter> i guess it was a matter of adding the user to readproc
2017-05-01 15:28:48 <clandmeter> kaniini, the current warning for check() is being masked if package() produces lots of data.
2017-05-01 15:44:50 <TemptorSent> kaniini: Ahh, okay -- I didn't see the detail, just the no kernel on upgrade :)
2017-05-01 16:01:11 <kaniini> TemptorSent: the @edge part :)
2017-05-01 16:06:45 <^7heo> TemptorSent: I just wanted to get how the system was loading the modules at boot.
2017-05-01 16:42:16 <TemptorSent> ^7heo: Ahh, the sequence is kernel-builtins; modules= kernel command line & rootfs type in initramfs-init; /etc/modules in initramfs; then mount real root & switch root, then start openrc, with /etc/init.d/modules (and possibly others) loading the modules in the /etc/modules-load.d and friends or loading specific modules explicitly.
2017-05-01 16:43:15 <pickfire> Can't locate mktexlsr.pl in @INC (@INC contains: /usr/share/tlpkg /usr/share/texmf-dist/scripts/texlive /usr/local/lib/perl5/site_perl /usr/local/share/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib/perl5/core_perl /usr/share/perl5/core_perl .) at /usr/bin/mktexfmt line 23.
2017-05-01 16:43:27 <pickfire> Weird, latex looks broken.
2017-05-01 16:44:07 <TemptorSent> ^7heo - I'll update the wiki to clarify what I think I know, then you can sanity check it?
2017-05-01 16:45:07 <^7heo> TemptorSent: maybe
2017-05-01 18:07:48 <TemptorSent> Grr! Is >12hrs network uptime asking too much? Per 24hr period?
2017-05-01 18:08:36 <_ikke_> heh
2017-05-01 18:08:59 <_ikke_> I cannot imagine having such a bad connection (I'm spoiled)
2017-05-01 18:09:11 <_ikke_> I feel for you
2017-05-01 18:09:17 <TemptorSent> ^7heo: Anyway, now that my edit actually saved, take a look at https://wiki.alpinelinux.org/wiki/Architecture
2017-05-01 18:10:22 <TemptorSent> _ikke_ - It's not just the network, it the landline too -- and no cell signal without going elsewhere to make a calll.
2017-05-01 18:11:24 <TemptorSent> There's a special place in hell for Occam Networks... oh, wait -- they're already there :P
2017-05-01 18:11:31 <skarnet> TemptorSent: my ISP-supplied router resets its DHCP connection every 12 hours (even though the lease is 24 hours). *And* shuts down every TCP connection, *even when* the lease is renewed with the same IP.
2017-05-01 18:12:30 <skarnet> fortunately, I had the hardware and ability to build my own router with a DHCP client, and set the PoS to bridge mode, where it works
2017-05-01 18:12:36 <TemptorSent> skarnet: I could live with that by comparison! I loose everything, inclding dialtone, multiple times per day, sometimes for most of the day.
2017-05-01 18:12:39 <skarnet> but imagine the average consumer who can't do that
2017-05-01 18:13:03 <skarnet> well that's what you get for living in BFE
2017-05-01 18:13:10 <_ikke_> BFE?
2017-05-01 18:13:28 <TemptorSent> Yeah, it's sitting on a fiber loop FFS! The power is the issue, not the fiber.
2017-05-01 18:13:28 <skarnet> Bumfuq, Egypt
2017-05-01 18:14:05 <_ikke_> right
2017-05-01 18:14:22 <TemptorSent> It's crappy hardware with crappy diagnostics.
2017-05-01 18:14:35 <TemptorSent> And even crappier digital troubleshooting tools for analog problems!
2017-05-01 18:15:41 <TemptorSent> You can't diagnose a power problem with a DMM to save your life in the real world -- yon need a 'scope.
2017-05-01 18:16:40 <TemptorSent> At the very least, and ANALOG VMM
2017-05-01 18:17:53 <TemptorSent> Anyway, I have a network for a few minutes, so please take a look at the wiki page I stubbed and note fixes.
2017-05-01 18:18:40 <_ikke_> is rpi a kernel flavor?
2017-05-01 18:19:35 <TemptorSent> Yes, it is AFAIK _ikke_.
2017-05-01 18:20:03 <_ikke_> "Includes Raspberry Pi kernel"
2017-05-01 18:20:08 <skarnet> yes it is
2017-05-01 18:20:09 <_ikke_> ok
2017-05-01 18:20:22 <skarnet> armv7 is... complicated
2017-05-01 18:20:32 <skarnet> (also Pi1 is armv6)
2017-05-01 18:20:42 <skarnet> (which is also complicated)
2017-05-01 18:21:01 <TemptorSent> arm is... complicated ;)
2017-05-01 18:21:21 <TemptorSent> Actually, embedded is complicated in general.
2017-05-01 18:21:31 <skarnet> yeah. Say what you want about the PC architecture, standardization of the hw boot procedure was a good thing.
2017-05-01 18:21:55 <TemptorSent> The STANDARD sucks, but the fact of it is good.
2017-05-01 18:22:20 <jirutka> I’ve finally finished that php7 crap; there’s quite long list of failing tests: https://github.com/jirutka/alpine-aports/blob/6cd26abe1585d2d40011f3dc4dd25825b8d05c55/community/php7/disabled-tests.list
2017-05-01 18:23:17 <skarnet> jirutka: where's the python2/python3 situation at? is it solved?
2017-05-01 18:23:27 <jirutka> skarnet: what do you mean?
2017-05-01 18:24:19 <skarnet> before TemptorSent came around, what spammed the channel for days was endless discussions on how to provide both Python 2 and Python 3 packages
2017-05-01 18:24:32 <TemptorSent> *lol*
2017-05-01 18:24:35 <skarnet> I have to assume there was a point to them
2017-05-01 18:24:55 <TemptorSent> Sorry for disrupting the great python debate.
2017-05-01 18:24:55 <jirutka> skarnet: we already have many py2/py3 packages…
2017-05-01 18:25:04 <skarnet> so it's solved then?
2017-05-01 18:25:08 <jirutka> skarnet: depends…
2017-05-01 18:25:21 <skarnet> that's the kind of answer I don't like
2017-05-01 18:25:22 <TemptorSent> I think depends are what aren't solved ;)
2017-05-01 18:25:26 <jirutka> skarnet: there are multiple cases, some are solved quite well, some are hacked, some are not solved
2017-05-01 18:25:51 <TemptorSent> I ran into problems with py3 deps in several places.
2017-05-01 18:25:57 <jirutka> skarnet: I don’t have time to read backlog now, so please copy my relevant comments
2017-05-01 18:26:04 <jirutka> me
2017-05-01 18:26:18 <skarnet> oh, it's not related to anything in the backlog
2017-05-01 18:26:25 <skarnet> I was just curious, mostly
2017-05-01 18:27:01 <jirutka> https://wiki.alpinelinux.org/wiki/APKBUILD_examples:Python
2017-05-01 18:27:03 <TemptorSent> pgsql is fix now, correct?
2017-05-01 18:27:15 <jirutka> not yet, I’m gonna do it now
2017-05-01 18:27:20 <skarnet> jirutka: thanks.
2017-05-01 18:27:53 <TemptorSent> Thank you. I'll poke at the postgis stuff after the base pgsql stuff is done then.
2017-05-01 18:44:34 <kaniini1> fabled: errors were split from other log messages
2017-05-01 18:44:35 <kaniini1> so TemptorSent and i were talking about kernel packaging
2017-05-01 18:44:36 <kaniini1> i think we should really generate APKs like linux-grsec-4.9.22 instead of linux-grsec
2017-05-01 18:44:37 <kaniini1> because right now there is no way to rollback the upgrade
2017-05-01 18:44:38 <kaniini1> pretty much
2017-05-01 18:44:39 <kaniini1> yes based on everyone's advice
2017-05-01 18:44:41 <kaniini1> which turned out to be wrong
2017-05-01 18:44:43 <kaniini1> that never happens though
2017-05-01 18:44:44 <kaniini1> never
2017-05-01 18:44:45 <kaniini1> yes, fflush() should fix it
2017-05-01 18:44:46 <kaniini1> ncopa: sooooo
2017-05-01 18:44:47 <kaniini1> ncopa: what do we do now
2017-05-01 18:44:48 <kaniini1> 
ACTION is working on s/grsec/hardened/

2017-05-01 18:44:49 <kaniini1> as an aside, clang has Control Flow Integrity plugin now
2017-05-01 18:44:50 <kaniini1> it may be interesting to switch system compiler to clang
2017-05-01 18:44:51 <kaniini1> $ sudo apk upgrade --update --available
2017-05-01 18:44:52 <kaniini1> (1/2) Installing linux-hardened (4.9.24-r1)
2017-05-01 18:44:53 <kaniini1> boom
2017-05-01 18:44:54 <kaniini1> .
2017-05-01 18:44:55 <kaniini1> rnalrd: i think the solver computes half the solution (purge linux-grsec itself), and then the other half on the second apk upgrade run
2017-05-01 18:44:56 <kaniini1> likely yes
2017-05-01 18:44:58 <kaniini1> exactly
2017-05-01 18:44:58 <kaniini1> yes
2017-05-01 18:44:59 <kaniini1> that is fine
2017-05-01 18:45:00 <kaniini1> as long as linux-hardened is in /etc/apk/world
2017-05-01 18:45:01 <kaniini1> it's not run
2017-05-01 18:45:02 <kaniini1> it went from 0 to 1
2017-05-01 18:45:02 <kaniini1> it should be fine as it is
2017-05-01 18:45:04 <kaniini1> well
2017-05-01 18:45:05 <kaniini1> we might want to bump it to -r2
2017-05-01 18:45:05 <kaniini1> just to be pedantic
2017-05-01 18:45:06 <kaniini1> but
2017-05-01 18:45:07 <kaniini1> just never reboot
2017-05-01 18:45:08 <kaniini1> yoyoyoyo
2017-05-01 18:45:15 <scadu> lawl
2017-05-01 18:46:04 <scadu> kaniini1: what happened? :f
2017-05-01 21:17:00 <Shiz> do i have someone on ignore or
2017-05-01 21:17:04 <Shiz> is kaniini talking to himself
2017-05-01 21:17:11 <^7heo> he is talking to himself.
2017-05-01 21:29:20 <leitao> :-)
2017-05-01 21:31:17 <kaniini> oh
2017-05-01 21:31:20 <kaniini> i see
2017-05-01 21:31:31 <kaniini> the matrix people finally fixed their irc bridge
2017-05-01 21:31:32 <kaniini> go figure
2017-05-01 21:31:50 <kaniini> i was recieving messages, but could not actually get on the network, it was quite weird
2017-05-01 21:34:57 <kaniini> oh man
2017-05-01 21:35:14 <kaniini> humm
2017-05-01 21:35:16 <kaniini> bad user info
2017-05-01 21:35:27 <mitchty> this matrix thing sounds a slosh buggy :)
2017-05-01 21:35:37 <mitchty> skosh stupid autocorrect
2017-05-01 21:35:43 <kaniini> no, this seems to be a freenode bug
2017-05-01 21:36:59 <kaniini> or more specifically, a freenode oper abuse issue
2017-05-01 21:40:36 <skarnet> everything looks like a freenode op abuse issue to you :P
2017-05-01 21:43:20 <kaniini> this specifically was
2017-05-01 21:43:35 <kaniini> when a client exits with 'bad user info', it means the client was x:lined
2017-05-01 21:43:43 <kaniini> but the reason for doing so in this case was legitimate
2017-05-01 21:43:56 <kaniini> somebody created an account and was spamming through the homeserver
2017-05-01 21:54:31 <Shiz> so it wasn't abuse
2017-05-01 21:56:15 <kaniini> it's abuse in that they did not bother to reach out
2017-05-01 22:06:53 <jirutka> is there anyone who have tried lld (LLVM linker) pkg?
2017-05-01 22:07:42 <jirutka> btw what is the state of flatpak in Alpine? is it already working?
2017-05-01 22:08:10 <jirutka> it seems to be quite popular, when VoidLinux announced flatpak support, they got a lot of attention
2017-05-01 22:15:16 <mitchty> jirutka: not yet, i'm going to try it soon though, its about a 3x decrease in link speed over gold from what i've been seeing from other people
2017-05-01 23:08:05 <jirutka> I’m accepting bets how many php test will fail on other arches than x86_64 :P
2017-05-01 23:08:47 <^7heo> 42
2017-05-01 23:09:54 <jirutka> there’s some idiot that keeps flagging nginx b/c he apparently don’t understand what “stable version” means… >_<
2017-05-01 23:11:19 <^7heo> yeah we need to implement an "already flagged" feature.
2017-05-01 23:11:39 <^7heo> and reminders for the maintainers.
2017-05-01 23:12:16 <jirutka> that would not help here
2017-05-01 23:12:19 <jirutka> nginx is up-to-date
2017-05-01 23:12:33 <^7heo> yeah but the flag has already been set
2017-05-01 23:12:37 <jirutka> and users can’t flag already flagged pkg, only Anitya integration can do that :P
2017-05-01 23:12:45 <jirutka> yeah, I’ve removed it…
2017-05-01 23:12:54 <jirutka> directly from DB, cause we don’t have UI for that
2017-05-01 23:12:58 <^7heo> ah
2017-05-01 23:13:46 <jirutka> I’ve even added "stable version" to the pkg description, but it apparently didn’t help…
2017-05-01 23:13:49 <skarnet> "anitya integration"
2017-05-01 23:14:22 <skarnet> doesn't bode well for build reproducibility :P
2017-05-01 23:14:49 <jirutka> ??
2017-05-01 23:17:03 <skarnet> "anitya" = "inconstance, ephemerality"
2017-05-01 23:18:22 <^7heo> huhu
2017-05-01 23:19:56 <jirutka> heh
2017-05-01 23:19:59 <jirutka> didn’t know that
2017-05-01 23:39:41 <^7heo> I'll leave that here: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf
2017-05-01 23:41:28 <^7heo> and https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
2017-05-01 23:44:10 <skarnet> yeah, this is going to make some noise
2017-05-01 23:46:59 <^7heo> most definitely.
2017-05-01 23:57:13 <jirutka> ncopa: clandmeter: PHP mess is finally fixed! :) https://github.com/alpinelinux/aports/pull/1339; however, there are hundreds failing tests… https://github.com/alpinelinux/aports/blob/master/community/php7/disabled-tests.list
2017-05-02 00:06:24 <jirutka> ^7heo: surprisingly only 7 tests on armhf http://build.alpinelinux.org/buildlogs/build-edge-armhf/community/php7/php7-7.1.4-r0.log
2017-05-02 00:06:30 <jirutka> ^7heo: two on ppc64le
2017-05-02 00:26:55 <^7heo> jirutka: hmm
2017-05-02 00:27:09 <^7heo> (sleep now)
2017-05-02 00:31:00 <jirutka> 4 on aarch64… it seems to be totally random, I have no clue how the heck these tests can behave differently on another arch
2017-05-02 01:00:23 <jirutka> omg I’ve started closing php bugs on bugs.a.o… there are so many! vakartel really screwed it :(
2017-05-02 05:38:05 <mradi_> Hi guys, I am trying to get libvirt working with xen, and qemu for a HVM machine.
2017-05-02 05:38:43 <mradi_> I am kinda new to XEN, so trying to use libvirt. But I cannot find the qemu package for xen on the alpine, xen iso or the apk repo's
2017-05-02 05:39:07 <mradi_> can you help me configure libvirt and install qemu for xen
2017-05-02 06:49:06 <Shiz> the package names for xen are xen and xen-hypervisor
2017-05-02 06:49:29 <Shiz> http://pkgs.alpinelinux.org/packages?name=xen*&branch=v3.5&repo=&arch=x86_64&maintainer=
2017-05-02 06:49:53 <Shiz> likewise there is the libvirt-xen package: http://pkgs.alpinelinux.org/packages?name=*libvirt*&branch=v3.5&repo=&arch=x86_64&maintainer=
2017-05-02 08:02:44 <fabled> ok
2017-05-02 08:02:51 <fabled> i think gcj/openjdk on 3.6 builders got fixed
2017-05-02 08:03:10 <scadu> fabled: what was the issue?
2017-05-02 08:03:25 <fabled> gcc upgraded/started using libffi, and it needed a patch
2017-05-02 08:03:36 <fabled> the same one we carry already in main/libffi
2017-05-02 08:03:37 <scadu> oh
2017-05-02 08:04:38 <fabled> i think we also have an idea of why Go1.8 failed, need to just figure out how to build it right
2017-05-02 08:06:12 <clandmeter> LuaJIT-2.1.0-beta3 just got released. do we want that in 3.6?
2017-05-02 08:06:37 <scadu> >beta
2017-05-02 08:06:59 <fabled> i think not unless it has some major bug fixes
2017-05-02 08:07:01 <clandmeter> a higher beta is preferable :p
2017-05-02 08:07:33 <fabled> oh, we are at beta already?
2017-05-02 08:07:37 <fabled> then i guess it's possible
2017-05-02 08:08:25 <clandmeter> yes
2017-05-02 08:08:30 <clandmeter> i think because of arch support
2017-05-02 08:09:35 <clandmeter> seems the ppc64 patch needs work to support it.
2017-05-02 11:46:33 <kaniini1> well, that is good.
2017-05-02 11:46:34 <kaniini1> or not.
2017-05-02 12:10:03 <arch3y_> jirutka: do you have a moment?
2017-05-02 12:17:09 <jirutka> arch3y_: yes
2017-05-02 12:20:08 <arch3y_> jirutka: so from what Im reading on the flex issue
2017-05-02 12:20:17 <arch3y_> is that we might as well build from git master for flex
2017-05-02 12:20:35 <arch3y_> Im not sure if we want to do that or just hold off until the dev releases 2.6.4
2017-05-02 12:20:46 <arch3y_> as so far it hasnt seemed to affect any other compliations
2017-05-02 12:21:28 <jirutka> arch3y_: I didn’t go into detail, what exactly they fixed in master? is it simple fix that we can backport or somethinf more complicated?
2017-05-02 12:22:00 <arch3y_> jirutka: yeah it seems most ppl are building flex from git master to fix it
2017-05-02 12:22:14 <arch3y_> Im not sure thats ideal
2017-05-02 12:22:31 <arch3y_> so my thought is we just wait on that pr until 2.6.4 is released
2017-05-02 12:22:38 <arch3y_> unless you guys have another opinion
2017-05-02 12:23:32 <arch3y_> per the dev this "should"  fix it https://github.com/westes/flex/commit/f5d87f1a26f4a5c3402497008ae10e9a1345d327
2017-05-02 12:23:42 <arch3y_> but everyone else has just built flex from git master
2017-05-02 12:23:43 <^7heo> either it does or it does not.
2017-05-02 12:23:55 <^7heo> We do not apply patches that "should"
2017-05-02 12:23:57 <arch3y_> well thats the problem is no one has said specifically what hte fix is
2017-05-02 12:24:02 <arch3y_> I agree
2017-05-02 12:24:04 <arch3y_> 100%
2017-05-02 12:24:07 <^7heo> Yeah then someone has to dig the issue.
2017-05-02 12:24:10 <arch3y_> thats why I think we should hold off
2017-05-02 12:24:14 <^7heo> ^
2017-05-02 12:24:15 <^7heo> that.
2017-05-02 12:24:26 <arch3y_> yeah and there is a big thread on it on the flex devs github
2017-05-02 12:24:38 <arch3y_> but most ppl are waiting for him to release 2.6.4
2017-05-02 12:24:40 <^7heo> yeah because it's easier to have an opinion than to dig what's wrong.
2017-05-02 12:24:51 <arch3y_> true
2017-05-02 12:24:56 <^7heo> whatever, I should fix my SQL atm.
2017-05-02 12:24:57 <^7heo> laters.
2017-05-02 12:25:12 <arch3y_> sure have fun not trying to cause conflict lol
2017-05-02 12:25:36 <^7heo> Well, it's not always fun to write SQL Queries.
2017-05-02 12:26:34 <arch3y_> that is true
2017-05-02 12:45:29 <jirutka> arch3y_: well, it says that it fixes regression introduced in 2.6.3, so I think we should apply it anyway and then you can try if it fixed even that soft (don’t remember name)
2017-05-02 13:21:19 <arch3y_> jirutka: unbound Ill test it
2017-05-02 13:59:24 <^7heo> Also guys
2017-05-02 13:59:28 <^7heo> To keep you posted
2017-05-02 13:59:37 <^7heo> I will probably try to run Alpine on a couple of phones
2017-05-02 13:59:41 <^7heo> by the end of this calendar year.
2017-05-02 14:00:08 <^7heo> It's not 100% certain for now; but the idea is to make a community maintained OS for phones, quite like Sailfish, but without all the crap that is in Sailfish.
2017-05-02 14:00:37 <arch3y_> jirutka: it looks like we are already running the patch for flex on our version of 2.6.3 https://github.com/alpinelinux/aports/commit/cd450195ef3ab3a24d0e005b70d51304e9e18729
2017-05-02 14:01:01 <arch3y_> so yeah hmm I guess we just wait on this push for unbound until 2.6.4 is built
2017-05-02 14:01:23 <arch3y_> cause Im not sure what other pieces need to be patched for flex to work
2017-05-02 14:01:31 <jirutka> ^7heo: phones? that’s awesome!
2017-05-02 14:01:47 <jirutka> ^7heo: please let me know about every progress, I’m very interested in this!
2017-05-02 14:08:11 <consus> Guys
2017-05-02 14:08:36 <consus> Do you have any plans on this http://bugs.alpinelinux.org/issues/6373
2017-05-02 14:08:36 <consus> ?
2017-05-02 14:15:47 <soldF5Nsd1eF> consus: have you considered packaging it yourself?
2017-05-02 14:15:59 <consus> Already
2017-05-02 14:16:20 <soldF5Nsd1eF> and what was the outcome of the consideration?
2017-05-02 14:16:27 <consus> Err
2017-05-02 14:16:30 <consus> I packaged myself one
2017-05-02 14:18:24 <consus> But I have a couple of folks around who are doing the very same thing and there is a bug in the bug queue so it would be nice to have a stock version
2017-05-02 14:19:39 <^7heo> jirutka: well for now it's gonna support a couple of phones
2017-05-02 14:20:06 <consus> ^7heo: Which ones exactly?
2017-05-02 14:20:07 <asie> ^7heo: will musl work well with the bunch of propiertary drivers necessary, though?
2017-05-02 14:20:17 <^7heo> jirutka: namely the fairphone 1 and 2 (1 being a "maybe" since I don't have one), the jolla (the original one, couldn't find a jolla C), and maybe the new sony xperia.
2017-05-02 14:20:26 <^7heo> asie: that's gonna be the fun part.
2017-05-02 14:20:31 <asie> wish i could afford a fairphone
2017-05-02 14:20:39 <asie> right now i'm running on some terrible, terrible huawei
2017-05-02 14:20:42 <^7heo> Well
2017-05-02 14:20:45 <^7heo> it's out of stock atm.
2017-05-02 14:20:51 <^7heo> I ordered one on feb
2017-05-02 14:20:54 <asie> yeah, i know
2017-05-02 14:20:55 <^7heo> I'll get it in setp.
2017-05-02 14:20:58 <^7heo> sept*
2017-05-02 14:21:06 <^7heo> fortunately I'll pay on delivery
2017-05-02 14:21:11 <^7heo> so... for now, no cash out.
2017-05-02 14:21:15 <consus> asie: Heh, I have a huawei on my hands. It's not that terrible =/
2017-05-02 14:21:26 <asie> consus: i tried to get cyanogenmod running on it
2017-05-02 14:21:29 <asie> ahahahahahahahahahaha
2017-05-02 14:21:32 <consus> Oh
2017-05-02 14:21:36 <^7heo> asie: also, the main problem with the current smartphones isn't the hardware...
2017-05-02 14:21:39 <^7heo> asie: it's the software.
2017-05-02 14:21:43 <consus> Nah, I'm fine with the default one
2017-05-02 14:21:45 <^7heo> asie: as you just said.
2017-05-02 14:21:50 <asie> i asked the previous maintainer for huawei on cyanogenmod what is the problem
2017-05-02 14:21:57 <asie> and he kindly explained to me that he refuses to deal with huawei phones ever agian
2017-05-02 14:22:09 <^7heo> fair
2017-05-02 14:22:16 <asie> it's fair and i realized just how big the mess is
2017-05-02 14:22:32 <^7heo> I don't think Huawei would be either doing things right or caring about small time devs
2017-05-02 14:22:40 <asie> but someone got it to run
2017-05-02 14:22:53 <asie> and they also fixed huawei's messed up gps code!?
2017-05-02 14:23:01 <^7heo> yeah well
2017-05-02 14:23:12 <^7heo> the thing with the models we selected is that there are drivers for the devices
2017-05-02 14:23:15 <asie> yeah
2017-05-02 14:23:17 <^7heo> and they are available quite handily.
2017-05-02 14:23:35 <asie> the primary problem is the GPU, no?
2017-05-02 14:23:40 <^7heo> I do hope they work on fairly generic versions of the kernels
2017-05-02 14:23:45 <^7heo> not on very precise versions.
2017-05-02 14:23:49 <asie> yeah... generic version of the kernel and huawei.
2017-05-02 14:24:00 <^7heo> and let's see about "grsec" or whatever it's called by the end of the year.
2017-05-02 14:24:01 <asie> huawei's kernel fork is interesting
2017-05-02 14:24:20 <^7heo> also I'll try to run it on the asus KL 550 ZC
2017-05-02 14:24:28 <^7heo> because they provide the sources for ASOP
2017-05-02 14:24:38 <^7heo> should be possible to at least try something.
2017-05-02 14:24:57 <asie> i suppose the cyanogenmod/lineage ports are userland-only
2017-05-02 14:25:00 <^7heo> sorry, ZC550KL
2017-05-02 14:25:04 <asie> that is, the android libs and kernel are all huawei
2017-05-02 14:25:08 <asie> and only the apks got replaced
2017-05-02 14:25:19 <^7heo> yeah it's fair to assume that.
2017-05-02 14:25:41 <^7heo> That's why I would like to try stuff on the ZC550KL
2017-05-02 14:25:52 <^7heo> (and because I own one)
2017-05-02 14:26:17 <^7heo> But aside from the GPU, there's a couple of things to manage...
2017-05-02 14:26:29 <^7heo> especially the phone capabilities.
2017-05-02 14:26:40 <^7heo> (because it'd suck to have a phone that can't phone)
2017-05-02 14:27:10 <asie> oh of course it is
2017-05-02 14:27:40 <asie> not as bad as i expected, but it's still a crazy glued together thing
2017-05-02 14:28:02 <clandmeter> good luck with the RIL
2017-05-02 14:28:56 <^7heo> clandmeter: it's more or less "good luck with everything" at this point.
2017-05-02 14:29:38 <^7heo> clandmeter: but I'm not alone on this; there's a dude who ported NetBSD to the N900 that is interested in participating AFAICT
2017-05-02 14:29:53 <clandmeter> ril camera and sensors will be a giant headache from what i read about it.
2017-05-02 14:30:03 <^7heo> clandmeter: and also, we can always ask questions on jolla/sailfish IRC channels.
2017-05-02 14:31:03 <HEROnymous> hey guys, we're trying to install alpine under hyper-v.  vanilla worked, but it's running in ram, how do we get it to install to the disk instead of just running live ?
2017-05-02 14:31:06 <^7heo> clandmeter: but yeah you're right; I do not expect RIL, and phone to be a walk in the park.
2017-05-02 14:31:11 <^7heo> moin HEROnymous
2017-05-02 14:31:22 <clandmeter> setup-alpine
2017-05-02 14:31:46 <^7heo> I wonder why Hyper-V can't work grsec...
2017-05-02 14:31:47 <HEROnymous> thanks :)
2017-05-02 14:31:49 <^7heo> s/work/run/
2017-05-02 14:32:05 <HEROnymous> I'm not sure, I tried getting the vm and std images to boot, bart got the vanilla one to boot
2017-05-02 14:32:16 <^7heo> well, that's at least something.
2017-05-02 14:32:20 <^7heo> We can work with the vanilla ;)
2017-05-02 14:32:32 <^7heo> it's not ideal but with the grsec batonning coming up...
2017-05-02 14:32:41 <^7heo> I guess it's not such an issue anyway.
2017-05-02 14:32:55 <clandmeter> i remember there is some information on the grsec forums about hyperv
2017-05-02 14:33:14 <HEROnymous> yeah if you guys wanna try and get stuff rolling on hyper-v I am down to help some time getting it to boot.  are you sure it's a grsec issue ?
2017-05-02 14:33:16 <clandmeter> it just weird the virt kernel doesnt work
2017-05-02 14:33:46 <clandmeter> 90% sure :)
2017-05-02 14:33:46 <HEROnymous> yeah, I tried it on my personal box too, same results as on the production machine, so it's not something specific to one host
2017-05-02 14:34:51 <^7heo> HEROnymous: your personal box runs on HyperV?
2017-05-02 14:35:15 <HEROnymous> yeah... well, I have a lot of personal stuff, lol
2017-05-02 14:35:19 <clandmeter> something must be missing in the virt kernel, i didnt have time yet to try it.
2017-05-02 14:36:03 <HEROnymous> ^7heo, that's out at one of our data centers, I also have quite a bit of stuff here at my house too, hahah
2017-05-02 14:36:21 <HEROnymous> clandmeter, lemme know if I can be of assistance
2017-05-02 14:37:15 <clandmeter> which version of hyper-v are you running?
2017-05-02 14:37:26 <HEROnymous> 2016
2017-05-02 14:37:43 <clandmeter> is that the same core as recent win10?
2017-05-02 14:38:08 <HEROnymous> not sure, I don't really know much about windows desktop systems, but I would suspect so?
2017-05-02 14:38:13 <HEROnymous> same release timeframe and stuff
2017-05-02 14:38:35 <clandmeter> so linux on desktop and windows on servers?
2017-05-02 14:38:43 <^7heo> HEROnymous: I wouldn't run HyperV. My experience with Xen was really great.
2017-05-02 14:38:53 <^7heo> HEROnymous: and also, if not Xen, I'd look at intel Nova.
2017-05-02 14:38:56 <TBB> finally, the year of linux on the desktop!
2017-05-02 14:39:04 <clandmeter> :)
2017-05-02 14:39:06 <^7heo> TBB: ?
2017-05-02 14:39:27 <HEROnymous> clandmeter, personally, I run linux on my desktop and most of my servers, cept for windows server 2016 with hyper-v as a virt stack ;)
2017-05-02 14:39:28 <^7heo> Ah ok I finally catched up with the log.
2017-05-02 14:39:32 <^7heo> sorry TBB, my bad.
2017-05-02 14:40:02 <TBB> no worries; you might have also noticed that the "linux sucks" guy also stopped doing his annual "linux sucks" videos and talks
2017-05-02 14:40:10 <TBB> so we must be getting close :D
2017-05-02 14:40:15 <^7heo> What guy?
2017-05-02 14:40:20 <HEROnymous> ^7heo, we tried xenserver, ran into some annoying storage issues.  hyper-v is actually pretty awesome in terms of ease of configurability and stuff too, there's a lot of basic stuff that's very simple vs. very complicated with xen or kvm, and powershell is pretty slick too
2017-05-02 14:40:29 <^7heo> He sucks if he says "Linux sucks" and not "GNU/Linux sucks"
2017-05-02 14:40:39 <^7heo> unless he ACTUALLY criticizes the kernel ONLY.
2017-05-02 14:40:50 <HEROnymous> TBB, I've been running linux as my main workstation since 2007... and before that, it was Solaris on Sun hw.  ;)
2017-05-02 14:40:55 <^7heo> HEROnymous: I dunno, I'm microsoft allergic.
2017-05-02 14:41:00 <TBB> ^7heo: can't remember his name but he's done an annual talk on the subject since the late 2008's
2017-05-02 14:41:02 <^7heo> HEROnymous: aside from gaming, but that's a different machine.
2017-05-02 14:41:13 <HEROnymous> ^7heo, eh, I was when they mostly sucked.  they actually have some good tech nowadays.
2017-05-02 14:42:17 <HEROnymous> microsoft has actually done a few really good things in the past few years - hyper-v, powershell, and C# are all pretty good, they've dramatically improved some of the areas (like security fixes) that they were notoriously terrible about prior to the 2008 era, etc etc.
2017-05-02 14:42:18 <TBB> Bryan Lunduke
2017-05-02 14:42:25 <^7heo> HEROnymous: I do not agree. They rely way too much on people blindly adopting their tech without any understanding; and not checking what else exists and how better it may be.
2017-05-02 14:42:37 <^7heo> HEROnymous: in short, they rely way too much on their monopole.
2017-05-02 14:42:49 <HEROnymous> ^7heo, ehhh, you can't blame microsoft for their customers being educated or not.  :)
2017-05-02 14:42:54 <^7heo> Yes you can.
2017-05-02 14:42:57 <fcolista> we have a regression bug for python3
2017-05-02 14:43:01 <^7heo> fcolista: ?
2017-05-02 14:43:01 <fcolista> https://github.com/GNS3/gns3-gui/issues/1392
2017-05-02 14:43:01 <HEROnymous> nahhh not me :)
2017-05-02 14:43:11 <^7heo> HEROnymous: handholding *is* harmful.
2017-05-02 14:43:50 <^7heo> HEROnymous: and to add insult to injury, lack of proper readable documentation, and artificial difficulty of interoperability is not helping people to educate themselves.
2017-05-02 14:44:12 <HEROnymous> ^7heo, I mean, if you've run windows servers in any serious capacity, I don't think you'd say there's hand holding really.  you basically need to know the (powershell) cmdline as much for windows administration these days as you do for linux administration
2017-05-02 14:44:22 <^7heo> HEROnymous: there is.
2017-05-02 14:44:26 <^7heo> HEROnymous: take their DNS for instance.
2017-05-02 14:44:34 <^7heo> HEROnymous: there is NO way to actually know how the stuff works
2017-05-02 14:44:45 <^7heo> HEROnymous: and what upstream server it is going to take as source.
2017-05-02 14:45:06 <^7heo> HEROnymous: you can disble round robin, but even then it still behaves randomly at times.
2017-05-02 14:45:14 <^7heo> and that's just one example.
2017-05-02 14:45:30 <^7heo> even Bind9, which is quite bloated and sucky, behaves orders of magnitude more reliably.
2017-05-02 14:45:41 <^7heo> several orders of magnitude.
2017-05-02 14:45:47 <^7heo> several dozen orders of magnitude even.
2017-05-02 14:45:50 <HEROnymous> not sure on that, I've never used windows for dns
2017-05-02 14:46:00 <^7heo> Well we do here, and it's a freaking mess.
2017-05-02 14:46:15 <^7heo> HEROnymous: long story short, DNS is randomly working.
2017-05-02 14:46:27 <^7heo> HEROnymous: word is: when it doesn't work, take a coffee break.
2017-05-02 14:46:39 <TBB> HEROnymous: I've been actively on Linux since 2001 I think, but while I've managed just fine, Lunduke does have some good points, points that mainly rise from lack of co-ordination, etc. Linux is not perfect for the desktop but I'll still rather choose it over the competition
2017-05-02 14:46:44 <HEROnymous> honestly, I once looked through every dns server out there and decided if I wanted something that worked the way I wanted, I'd have to write it myself, and that's a crazy undertaking.
2017-05-02 14:46:56 <^7heo> TBB: depends what competition.
2017-05-02 14:47:01 <skarnet> someone didn't check djbdns
2017-05-02 14:47:06 <^7heo> TBB: unless explicitely needed, I would rather use a BSD
2017-05-02 14:47:09 <HEROnymous> TBB, I think my first linux kernel was... just before 2.0.32 went live... but I was doing other unix stuff before I touched linux.
2017-05-02 14:47:13 <^7heo> skarnet: what do you mean?
2017-05-02 14:47:24 <skarnet> "every dns server out there"
2017-05-02 14:47:31 <^7heo> ah that.
2017-05-02 14:47:32 <^7heo> yeah,
2017-05-02 14:47:34 <skarnet> I'm noping that./
2017-05-02 14:47:38 <HEROnymous> TBB, but be careful what you wish for - Redhat saw "lack of cooperation" and declared themselves final arbiter of everything.  ;)
2017-05-02 14:47:39 <fcolista> ^7heo:
2017-05-02 14:47:40 <fcolista> python3
2017-05-02 14:47:41 <fcolista> Python 3.6.1 (default, Apr 18 2017, 22:11:55)
2017-05-02 14:47:41 <fcolista> [GCC 6.3.0] on linux
2017-05-02 14:47:41 <fcolista> Type "help", "copyright", "credits" or "license" for more information.
2017-05-02 14:47:41 <fcolista> >>> import os
2017-05-02 14:47:42 <fcolista> >>> os.listxattr
2017-05-02 14:47:44 <fcolista> Traceback (most recent call last):
2017-05-02 14:47:46 <fcolista>   File "<stdin>", line 1, in <module>
2017-05-02 14:47:48 <fcolista> AttributeError: module 'os' has no attribute 'listxattr'
2017-05-02 14:47:50 <fcolista> >>>
2017-05-02 14:47:56 <fcolista> listxattrs is glibc-only
2017-05-02 14:48:00 <^7heo> fcolista: we should try to pastebin whenever possible.
2017-05-02 14:48:04 <TBB> HEROnymous: yeh, we all know how that Red Hat decision went for all of us :D
2017-05-02 14:48:07 <HEROnymous> skarnet, what about djbdns?  I've certainly read up on it.
2017-05-02 14:48:08 <^7heo> fcolista: or is that the service powering tpaste.us? :D
2017-05-02 14:48:22 <skarnet> so it's not working the way you want it to? ok.
2017-05-02 14:48:23 <TBB> I used to be a FreeBSD user before switching to Linux tho
2017-05-02 14:48:49 <HEROnymous> TBB, FreeBSD is great, they just don't have the man power to keep up as a mainstream workstation system :(
2017-05-02 14:48:50 <^7heo> fcolista: and also that is weird.
2017-05-02 14:48:56 <^7heo> fcolista: lemme upgrade my python3
2017-05-02 14:49:18 <HEROnymous> but it occupies a niche now, very successfully, as a base for things like pfsense and freenas as well, which works well
2017-05-02 14:49:33 <^7heo> And netflix.
2017-05-02 14:49:37 <^7heo> (just saying)
2017-05-02 14:49:44 <^7heo> (and parts of MacOS X)
2017-05-02 14:51:03 <^7heo> freaking debian.
2017-05-02 14:51:11 <fcolista> ^7heo, correct
2017-05-02 14:51:11 <^7heo> it uses python2 by default.
2017-05-02 14:51:17 <fcolista> MacOS x
2017-05-02 14:51:45 <HEROnymous> ^7heo, my experiences with debian have always been pretty meh, tbh
2017-05-02 14:51:51 <^7heo> Anyhow, fcolista, do you know when it regressed?
2017-05-02 14:52:07 <^7heo> HEROnymous: I had a love hate relationship with debian for about 10 years.
2017-05-02 14:52:13 <^7heo> HEROnymous: then they decided to use systemd by default.
2017-05-02 14:52:17 <fcolista> ^7heo, i bet when we upgraded python3 from 3.5 to 3.6
2017-05-02 14:52:29 <^7heo> fcolista: that's a safe bet to go for ;)
2017-05-02 14:53:02 <fcolista> ncopa: http://sprunge.us/hgdB
2017-05-02 14:53:06 <fcolista> what to you think?
2017-05-02 14:53:18 <HEROnymous> ^7heo, my biggest issue with debian the last time I tried it was that their openssl used a slimmed-down set of ciphers, and getting a replacement up and running was a huge hassle for some reason.
2017-05-02 14:53:42 <^7heo> yeah well that's *one* of the problems with debian.
2017-05-02 14:53:53 <^7heo> mostly that they are the textbook case of what's wrong with communities.
2017-05-02 14:53:55 <HEROnymous> I don't have anything against systemd in and of itself, but the whole "redhat as god and overlord" thing may not be the best idea overall.
2017-05-02 14:54:25 <^7heo> if there's ONE term I'd use to describe debian it's: vogon-influenced-waterfall-designed-administrative-OS
2017-05-02 14:55:12 <^7heo> fcolista: duckduckgo fails to return a proper documentation for listxattrs
2017-05-02 14:55:16 <^7heo> fcolista: any link?
2017-05-02 14:55:40 <fcolista> the link I've sent before ^7heo
2017-05-02 14:55:46 <clandmeter> fcolista, didnt we discuss this issue before?
2017-05-02 14:55:53 <fcolista> clandmeter, yeah
2017-05-02 14:55:58 <fcolista> that was your finding
2017-05-02 14:56:01 <^7heo> fcolista: got it
2017-05-02 14:56:03 <fcolista> we applied a patch for that
2017-05-02 14:56:12 <clandmeter> ah ok
2017-05-02 14:56:15 <clandmeter> i dont remember anymore
2017-05-02 14:56:22 <fcolista> that i think it *gone* when we upgraded python3
2017-05-02 14:56:48 <clandmeter> somebody didnt take the patch from 3.5?
2017-05-02 14:57:11 <fcolista> git show c7c2150bfaf547c391ac623bb188fca98faff87e
2017-05-02 14:57:22 <^7heo> fcolista: it's a buildtime regression
2017-05-02 14:57:27 <^7heo> fcolista: not a runtime regression
2017-05-02 14:57:39 <^7heo> fcolista: should be fairly easy to fix, especially since we already have a fix.
2017-05-02 14:58:04 <fcolista> ^7heo: <fcolista> ncopa: http://sprunge.us/hgdB
2017-05-02 14:58:13 <^7heo> yeah scadu broke it.
2017-05-02 14:58:19 <^7heo> :D
2017-05-02 14:58:28 <clandmeter> fcolista, ncopa is not around atm
2017-05-02 14:58:30 <fcolista> if you agree, i'll push the patch
2017-05-02 14:58:46 <^7heo> fcolista: does that fix it?
2017-05-02 14:58:55 <fcolista> we're close to AL 3.6
2017-05-02 14:59:07 <fcolista> but i want this fixed before the 3.6 release
2017-05-02 14:59:10 <^7heo> fcolista: 1. does it fix it?
2017-05-02 14:59:24 <^7heo> fcolista: 2. is fix-xattrs-glibc.patch the same patch as issue-27955.patch previously?
2017-05-02 15:00:00 <clandmeter> yes please show that patch
2017-05-02 15:00:15 <clandmeter> i didnt see any ref to xattrs
2017-05-02 15:01:03 <fcolista> clandmeter, no it's not
2017-05-02 15:01:12 <fcolista> that patch is related to py-random
2017-05-02 15:01:21 <fcolista> patch i sent fixes the issue though
2017-05-02 15:01:29 <^7heo> wait how?
2017-05-02 15:01:29 <consus> Folks
2017-05-02 15:01:38 <clandmeter> fcolista, you didnt paste it
2017-05-02 15:01:47 <consus> I want to add mentions of the 'docs' package to the wiki
2017-05-02 15:01:49 <^7heo> clandmeter: I think he means the patch to APKBUILD.
2017-05-02 15:01:53 <fcolista> clandmeter, I pasted two times :)
2017-05-02 15:01:55 <consus> In the FAQ section
2017-05-02 15:01:59 <fcolista> fcolista> ^7heo: <fcolista> ncopa: http://sprunge.us/hgdB
2017-05-02 15:02:01 <fcolista> clandmeter, ^
2017-05-02 15:02:06 <^7heo> yeah that one.
2017-05-02 15:02:10 <clandmeter> fcolista no you didnt
2017-05-02 15:02:12 <^7heo> How can it even fix the issue?
2017-05-02 15:02:12 <clandmeter> :p
2017-05-02 15:02:15 <^7heo> clandmeter: yeah he did ;)
2017-05-02 15:02:21 <consus> Should I leave the whole 'apk add man, apk add mdocml' or screw that and apk add docs?
2017-05-02 15:02:22 <fcolista> clandmeter, you're right
2017-05-02 15:02:24 <clandmeter> it doesnt have the patch
2017-05-02 15:02:39 <fcolista> http://sprunge.us/abNd
2017-05-02 15:02:42 <clandmeter> stop telling me my glasses are broken!
2017-05-02 15:02:45 <^7heo> ah thanks
2017-05-02 15:02:47 <clandmeter> :p
2017-05-02 15:02:55 <^7heo> Now I can see how it fixes it.
2017-05-02 15:02:59 <fcolista> I didn't added the patch
2017-05-02 15:03:04 <clandmeter> ah that one
2017-05-02 15:03:07 <fcolista> yes
2017-05-02 15:03:09 <clandmeter> yes thats sane
2017-05-02 15:03:21 <^7heo> how come upstream isn't already doing that?
2017-05-02 15:03:35 <scadu> fffuu
2017-05-02 15:03:37 <fcolista> heh
2017-05-02 15:03:44 <^7heo> scadu: mmmmmyes?
2017-05-02 15:04:06 <fcolista> ppl thinks that linux == glibc and systemd nowadays
2017-05-02 15:04:12 <^7heo> yeah I know.
2017-05-02 15:04:15 <^7heo> makes me wanna nuke the planet.
2017-05-02 15:04:16 <fcolista> anyway
2017-05-02 15:04:24 <fcolista> if you agree i'll push the change
2017-05-02 15:04:27 <fcolista> *patch
2017-05-02 15:04:31 <clandmeter> go ahead
2017-05-02 15:04:34 <^7heo> fcolista: so I take that http://sprunge.us/abNd is fix-xattrs-glibc.patch ?
2017-05-02 15:04:48 <^7heo> wait, fcolista, can you please NOT change the || return 1 ?
2017-05-02 15:04:56 <HEROnymous> fcolista, hey let's of people think linux is gnome too ;>
2017-05-02 15:05:00 <^7heo> we should really limit the changes to the strict minimum
2017-05-02 15:05:01 <HEROnymous> err lots
2017-05-02 15:05:05 <fcolista> ^7heo, yes that's the patch
2017-05-02 15:05:08 <^7heo> HEROnymous: or rather fd.o
2017-05-02 15:05:12 <fcolista> why don't remove the || return 1?
2017-05-02 15:05:16 <scadu> doh, why I have removed this patch :x
2017-05-02 15:05:18 <^7heo> to keep the changes minimal.
2017-05-02 15:05:30 <^7heo> scadu: because it was named after a gh issue and not about what it was doing.
2017-05-02 15:05:34 <^7heo> scadu: so you wanted to clean up.
2017-05-02 15:05:40 <^7heo> scadu: understandably.
2017-05-02 15:05:59 <^7heo> fcolista: we're close to release, it would be great to keep the diffs very short.
2017-05-02 15:06:21 <^7heo> fcolista: just in case we have to grep through `git log -p $SHA..`
2017-05-02 15:06:56 <fcolista> ^7heo, we have several pacakges with || return 1 removed...but if this makes you happier..
2017-05-02 15:06:59 <scadu> ^7heo: yeah, well, it looked useless at the some, but now turned out it's not :s
2017-05-02 15:07:15 <^7heo> fcolista: I know, and it is best to remove them; but after we get 3.6 out.
2017-05-02 15:07:18 <^7heo> fcolista: at least IMHO.
2017-05-02 15:07:34 <fcolista> I don't think, since 3.6 already implement "set -e"
2017-05-02 15:07:39 <fcolista> and that's why we are removing it
2017-05-02 15:07:39 <^7heo> I know
2017-05-02 15:07:42 <^7heo> I know.
2017-05-02 15:07:47 <fcolista> so?
2017-05-02 15:07:50 <^7heo> that's not the reason why I'm telling not to change anything.
2017-05-02 15:07:56 <^7heo> the reason is: keep the diff minimal.
2017-05-02 15:08:07 <clandmeter> i think ncopa also asked to keep the return 1 untill after 3.6
2017-05-02 15:08:17 <^7heo> at the moment we should really only change only what's really really critical.
2017-05-02 15:08:21 <^7heo> like a regression.
2017-05-02 15:08:25 <^7heo> (nice spotting btw)
2017-05-02 15:08:26 <clandmeter> but its just mine things, not enough to discuss 5 minutes.
2017-05-02 15:08:31 <clandmeter> minor..
2017-05-02 15:08:33 <^7heo> yeah
2017-05-02 15:08:50 <^7heo> however, still IMHO, keeping the diff minimal is worth discussing 5 minutes.
2017-05-02 15:09:01 <^7heo> we might have to end up grepping the tree for crap very close to release.
2017-05-02 15:09:11 <^7heo> or read the diffs without knowing exactly what we are searching for
2017-05-02 15:09:15 <^7heo> in worst case scenario
2017-05-02 15:09:20 <fcolista> guys, no problem for me
2017-05-02 15:09:24 <^7heo> and that's orders of magnitude longer than 5 minutes.
2017-05-02 15:09:32 <^7heo> (or even 10)
2017-05-02 15:09:57 <^7heo> fcolista: long story short, I'd advise keeping it in a branch for now; and comitting the day 3.6 gets out
2017-05-02 15:10:26 <^7heo> Just to keep things safe before push to prod.
2017-05-02 15:10:39 <fcolista> ^7heo, so:
2017-05-02 15:10:49 <fcolista> i just add the patch
2017-05-02 15:10:55 <fcolista> and bump pkgrel
2017-05-02 15:10:57 <fcolista> nothing more
2017-05-02 15:10:57 <^7heo> yeah please, I'd love to get that fixed.
2017-05-02 15:10:59 <^7heo> yeah.
2017-05-02 15:10:59 <fcolista> sounds ok?
2017-05-02 15:11:00 <clandmeter> crap, have to reboot to be able to use hyperv...
2017-05-02 15:11:02 <^7heo> sounds perfect.
2017-05-02 15:11:06 <fcolista> ok good
2017-05-02 15:11:07 <^7heo> (not for you clandmeter)
2017-05-02 15:11:16 <fcolista> and i've alos upgraded gns3 to version 2 :-)
2017-05-02 15:11:58 <clandmeter> i have no idea what it is :)
2017-05-02 15:12:39 <^7heo> fcolista: it's in community, and it won't be cooked in the images, will it?
2017-05-02 15:13:12 <^7heo> (I mean I don't think we have a single image that contains a full featured network sim)
2017-05-02 15:13:23 <^7heo> clandmeter: it's a network sim.
2017-05-02 15:13:33 <^7heo> clandmeter: it's pretty neat.
2017-05-02 15:14:33 <fcolista> ^7heo, right
2017-05-02 15:14:51 <^7heo> fcolista: yeah so if it's broken on release day, it's gonna be fast to fix.
2017-05-02 15:14:58 <^7heo> fcolista: so it's not THAT critical.
2017-05-02 15:15:10 <fcolista> https://hg.python.org/cpython/rev/33f7044b5682
2017-05-02 15:15:13 <^7heo> (plus it won't prevent 3.6 from being installed anywhere)
2017-05-02 15:15:37 <fcolista> it's from 2011
2017-05-02 15:15:43 <fcolista> it's a regression
2017-05-02 15:15:55 <^7heo> ah
2017-05-02 15:16:32 <^7heo> "use glibc instead of a small separate lib" sounds a bit like "let's stuff systemd with all the things"
2017-05-02 15:18:03 <fcolista> something like...
2017-05-02 15:18:03 <fcolista> :D
2017-05-02 15:20:06 <consus> Dammit
2017-05-02 15:20:14 <consus> I just edited the wiki page
2017-05-02 15:20:17 <consus> >
2017-05-02 15:20:19 <consus> > Your username or IP address has been blocked.
2017-05-02 15:20:23 <consus> Why? :(
2017-05-02 15:20:35 <consus> > Automatically blocked by abuse filter. Description of matched rule: New users are not allowed to add ip addresses and phone numbers.
2017-05-02 15:20:38 <consus> I did not!
2017-05-02 15:22:00 <consus> Page: https://wiki.alpinelinux.org/wiki/Alpine_Linux:FAQ#Why_don.27t_I_have_man_pages_or_where_is_the_.27man.27_command.3F
2017-05-02 15:22:05 <consus> Changes: https://paste.pound-python.org/show/TSQocqhTLd6yLUmXUWBc/
2017-05-02 15:23:23 <HEROnymous> brutal
2017-05-02 15:23:52 <consus> Well I do remember the gentoo experience
2017-05-02 15:24:12 <consus> But that's even more funnier :D
2017-05-02 15:24:14 <clandmeter> isnt the {{pkg| an alias to an url
2017-05-02 15:24:27 <consus> Yes, I guess so
2017-05-02 15:24:31 <clandmeter> see
2017-05-02 15:24:34 <consus> Err
2017-05-02 15:24:40 <clandmeter> its outsmarting you
2017-05-02 15:24:42 <consus> It says ip addresses
2017-05-02 15:25:01 <clandmeter> consus, did you create your acc just recently?
2017-05-02 15:25:07 <consus> Yes
2017-05-02 15:25:10 <consus> Several minutes ago
2017-05-02 15:25:15 <clandmeter> thats the issue
2017-05-02 15:25:28 <clandmeter> the limit is for a few hours i believe
2017-05-02 15:25:35 <consus> Uhm
2017-05-02 15:25:40 <consus> Can we state this somewhere?
2017-05-02 15:25:45 <^7heo> clandmeter: good move to tell unknown people how long they have to wait to bypass the securities.
2017-05-02 15:25:59 <clandmeter> thats the reason its not added
2017-05-02 15:26:03 <consus> Err
2017-05-02 15:26:04 <^7heo> clandmeter: especially in a logged channel
2017-05-02 15:26:06 <^7heo> clandmeter: now it is.
2017-05-02 15:26:12 <consus> Well
2017-05-02 15:26:15 <^7heo> clandmeter: this is logged and indexed by search engines...
2017-05-02 15:26:17 <^7heo> gg...
2017-05-02 15:26:23 <clandmeter> lol
2017-05-02 15:26:23 <consus> This is weird you know
2017-05-02 15:26:29 <consus> I've registered to fix the wiki
2017-05-02 15:26:33 <consus> And now I'm banned for it
2017-05-02 15:26:42 <consus> That's a major drawback for the contributors, nah?
2017-05-02 15:26:45 <clandmeter> consus, i know.
2017-05-02 15:26:50 <clandmeter> and i would change it if i can.
2017-05-02 15:26:57 <^7heo> THe wiki is a major drawback anyway.
2017-05-02 15:27:01 <^7heo> we need something markdown based.
2017-05-02 15:27:02 <consus> Okay, could you at least unlock my account?
2017-05-02 15:27:06 <^7heo> and there's something in the works so...
2017-05-02 15:27:07 <clandmeter> what is your acc?
2017-05-02 15:27:11 <clandmeter> i can unlock it
2017-05-02 15:27:12 <consus> consus
2017-05-02 15:27:13 <clandmeter> i think
2017-05-02 15:27:16 <consus> :D
2017-05-02 15:27:18 <clandmeter> cause the interface is crap
2017-05-02 15:27:21 <HEROnymous> ^7heo, let us know if you need hosting for stuff
2017-05-02 15:27:38 <^7heo> HEROnymous: thanks; but atm we have all we need in terms of hosting for the doc
2017-05-02 15:27:44 <^7heo> HEROnymous: we need better *software* tho ;)
2017-05-02 15:28:07 <consus> Hm
2017-05-02 15:28:22 <consus> Is wiki even alive?
2017-05-02 15:28:28 <HEROnymous> don't we all...
2017-05-02 15:28:34 <^7heo> Indeed.
2017-05-02 15:28:47 <HEROnymous> web software is... an area that gets a lot of attention, but not a lot of competent attention :P
2017-05-02 15:28:57 <^7heo> s/web //
2017-05-02 15:29:09 <consus> So there will be md-based documentation soon?
2017-05-02 15:29:25 <clandmeter> sigh
2017-05-02 15:29:25 <^7heo> consus: https://github.com/adocs/adocs
2017-05-02 15:29:28 <clandmeter> i think it worked
2017-05-02 15:29:31 <clandmeter> try it
2017-05-02 15:29:35 <HEROnymous> ehh, I feel like there's a lot of pretty good open source software out there.  and the quality level is generally much higher overall than web software overall.
2017-05-02 15:29:45 <^7heo> consus: still missing an automatic replication from the wiki atm.
2017-05-02 15:29:50 <^7heo> consus: if you feel like writing somthing useful.
2017-05-02 15:30:15 <^7heo> (and that's not md, it's asciidoc, but it's close enough; and some of us prefer that)
2017-05-02 15:30:15 <consus> So you want to host the docs at gheyhub?
2017-05-02 15:30:31 <^7heo> There's no long term plan of hosting the docs on github.
2017-05-02 15:30:48 <clandmeter> i made some steps on docs
2017-05-02 15:30:50 <^7heo> We just need something that knows how to convert md/adoc to html.
2017-05-02 15:30:52 <clandmeter> not sure its  ok
2017-05-02 15:30:56 <^7heo> and gh does it for now.
2017-05-02 15:30:56 <clandmeter> did you try it ^7heo?
2017-05-02 15:31:02 <^7heo> clandmeter: try what?
2017-05-02 15:31:03 <consus> Okay
2017-05-02 15:31:09 <clandmeter> the uri i gave you last time
2017-05-02 15:31:13 <^7heo> yeah I tried
2017-05-02 15:31:18 <clandmeter> its git based
2017-05-02 15:31:19 <^7heo> it seemed to work.
2017-05-02 15:31:39 <consus> clandmeter: Do you have a link to it?
2017-05-02 15:31:43 <clandmeter> same as https://wiki.somasis.com/Home
2017-05-02 15:32:05 <clandmeter> consus, its currently open for modifications
2017-05-02 15:32:17 <^7heo> clandmeter: yeah but can it be modified via the web interface?
2017-05-02 15:32:22 <clandmeter> i need to disable that and sync it to a public repo
2017-05-02 15:32:23 <^7heo> clandmeter: because that was the main issue.
2017-05-02 15:32:28 <consus> The font is goddamn large
2017-05-02 15:32:31 <^7heo> clandmeter: that's why we're using github atm for adocs/adocs
2017-05-02 15:32:38 <^7heo> clandmeter: because it's allowing for web based edits too.
2017-05-02 15:32:40 <clandmeter> you can use github
2017-05-02 15:32:46 <clandmeter> it can edit
2017-05-02 15:32:53 <^7heo> Yeah I see.
2017-05-02 15:33:01 <^7heo> so basically that solution would be to host it ourselves
2017-05-02 15:33:06 <^7heo> and use github mostly for the web edits
2017-05-02 15:33:11 <^7heo> and PRs
2017-05-02 15:33:14 <^7heo> like we do with aports?
2017-05-02 15:33:14 <clandmeter> yes
2017-05-02 15:33:18 <^7heo> works for me ;)
2017-05-02 15:33:23 <^7heo> I like the idea.
2017-05-02 15:33:42 <consus> clandmeter: Could you make the font smaller? It's *huge*.
2017-05-02 15:33:48 <clandmeter> which?
2017-05-02 15:33:52 <consus> The headers
2017-05-02 15:33:58 <clandmeter> thats not my site
2017-05-02 15:34:01 <consus> Oh
2017-05-02 15:34:02 <consus> Okay
2017-05-02 15:34:13 <consus> It's like reading the docs in Confluence
2017-05-02 15:34:45 <clandmeter> but yes, its the same on my instance
2017-05-02 15:35:10 <^7heo> clandmeter: it's not that huge; and one can easily unzoom.
2017-05-02 15:35:20 <^7heo> clandmeter: also, on your instance, there is an edit function
2017-05-02 15:35:28 <^7heo> clandmeter: that would work for web edit, wouldn't it?
2017-05-02 15:35:37 <clandmeter> maybe
2017-05-02 15:35:41 <clandmeter> but you need to add auth
2017-05-02 15:35:59 <^7heo> I could do that.
2017-05-02 15:36:02 <^7heo> what language is it in?
2017-05-02 15:37:17 <clandmeter> https://github.com/gollum/gollum
2017-05-02 15:41:33 <^7heo> thanks.
2017-05-02 15:52:12 <jirutka> ^7heo: once again here, Markdown is really not sufficient for our documentation, b/c it’s very limited and not extendable, we definitely should use semantic markup, e.g. have macro for commands, so we can easily find where is particular command used to update relevant places when there’s some change; this can be very easily done in AsciiDoc (with Asciidoctor)
2017-05-02 16:03:10 <^7heo> jirutka: the current gh adoc is using adoc format.
2017-05-02 16:03:22 <jirutka> +1
2017-05-02 16:03:22 <^7heo> jirutka: adoc/adoc == alpine docs / asciidoc
2017-05-02 16:04:19 <^7heo> jirutka: I've invited you there.
2017-05-02 16:04:23 <scadu> ^7heo: lul, I got confused. I wouldn't understand if I didn't know that gh uses asciidoc :P
2017-05-02 16:04:54 <^7heo> scadu: I know, it's a little punny.
2017-05-02 16:04:56 <^7heo> and puny to.
2017-05-02 16:04:58 <^7heo> too*
2017-05-02 16:05:06 <pickfire> I prefer cmark
2017-05-02 16:05:20 <^7heo> I came up with my own document description language
2017-05-02 16:05:21 <jirutka> CommonMark?
2017-05-02 16:05:21 <^7heo> the pdoc
2017-05-02 16:05:42 <jirutka> pickfire: ^
2017-05-02 16:05:58 <pickfire> jirutka: Yes
2017-05-02 16:06:18 <jirutka> pickfire: it’s Markdown, just sensible standardized, so the same problem
2017-05-02 16:06:28 <pickfire> jirutka: What do you need?
2017-05-02 16:06:35 <^7heo> jirutka: +1
2017-05-02 16:06:40 <jirutka> I’ve already written that
2017-05-02 16:06:43 <^7heo> jirutka: I like markdown for it's bare syntax
2017-05-02 16:06:54 <pickfire> Then latex?
2017-05-02 16:06:57 <jirutka> no
2017-05-02 16:06:58 <^7heo> no please no.
2017-05-02 16:07:06 <^7heo> We need to have doc, not one page of doc in 3 years.
2017-05-02 16:07:10 <pickfire> asciidoc is fat, as well as latex
2017-05-02 16:07:18 <jirutka> wtf? XD
2017-05-02 16:07:22 <pickfire> But latex is more suited to fat document
2017-05-02 16:07:36 <jirutka> AsciiDoc and LaTeX have almost nothing in common XD
2017-05-02 16:07:41 <^7heo> pickfire: you're comparing apples and High Fructose Corn Syrup respectively.
2017-05-02 16:07:48 <jirutka> exactly
2017-05-02 16:07:50 <^7heo> jirutka: wrong, they support UTF-8
2017-05-02 16:07:50 <pickfire> Night, need to sleep, going out early in the morning.
2017-05-02 16:07:57 <pickfire> Lol
2017-05-02 16:07:58 <^7heo> jirutka: also they use ascii as a base.
2017-05-02 16:08:04 <jirutka> right :)
2017-05-02 16:08:05 <pickfire> > High Fructose Corn Syrup
2017-05-02 16:08:05 <^7heo> pickfire: o/
2017-05-02 16:08:23 <jirutka> I don’t have time for this discussion atm, need to work :)
2017-05-02 16:08:28 <^7heo> same.
2017-05-02 16:08:33 <^7heo> But adoc == sensible choice.
2017-05-02 16:08:45 <^7heo> also jirutka please check your mails quickly, you've got two invites.
2017-05-02 16:09:24 <^7heo> jirutka: great ;)
2017-05-02 16:17:57 <^7heo> moin TemptorSent
2017-05-02 16:18:31 <TemptorSent> 'morning -- network just came back up briefly, probably won't stay that way long.
2017-05-02 17:04:10 <ncopa> was there a discussion about /var/mail the other day?
2017-05-02 17:04:14 <ncopa> what was the conclusion?
2017-05-02 17:06:03 <skarnet> what do you think? the conclusion was that FHS sucks
2017-05-02 17:06:40 <^7heo> :D
2017-05-02 17:09:47 <TemptorSent> Exactly skarnet.
2017-05-02 17:11:47 <TemptorSent> ncopa: The conclusion was that /var/mail can not be properly secured and work with mailers running with reduced privs at the same time.
2017-05-02 17:12:01 <skarnet> ^
2017-05-02 17:12:18 <jirutka> ncopa: we know that at least Gentoo and CentOS symlinks /var/mail → /var/spool/mail
2017-05-02 17:12:55 <jirutka> ncopa: the discussion was quite long and after first flame there were good technical arguments, so I’d recommend to read it and make a decision based on it ;)
2017-05-02 17:12:56 <skarnet> actionable item: check all the MDAs packaged by Alpine and make them deliver mail into users' homedir, for /etc/passwd users
2017-05-02 17:13:12 <skarnet> for virtual users, nobody gives a sh*t where the database is stored
2017-05-02 17:13:25 <skarnet> and /var/mail works as well as anything else (but not /var/spool/mail)
2017-05-02 17:13:52 <TemptorSent> And personally, I dislike the symlink as there is somewhat of a semantic distinction between the delivery spool and the user mailboxes, but it's not really enforced by most MTA/MDAs it seems these days.
2017-05-02 17:13:52 <jirutka> skarnet: I don’t remember details, but IIRC this was not the result of the discussion…
2017-05-02 17:13:55 <skarnet> I recommend /var/lib/$MDA/something though, since the virtual user database is MDA-specific
2017-05-02 17:14:01 <jirutka> skarnet: that it *cannot* be reasonably secured
2017-05-02 17:14:16 <skarnet> jirutka: read it again
2017-05-02 17:14:24 <jirutka> skarnet: donjt have time right now
2017-05-02 17:14:33 <skarnet> then you don't have time to contradict me either
2017-05-02 17:14:53 <jirutka> skarnet: and also this is IMO up to ncopa to decide, b/c there’s no clear winner
2017-05-02 17:15:30 <skarnet> of course it's up to ncopa to decide, but there's a clear winner and it's not anything in /var
2017-05-02 17:15:37 <TemptorSent> skarnet: I would agree that it should be handled per MDA (or at least per mailbox format), as having mixed content in /var/mail could lead to a real mess.
2017-05-02 17:15:40 <jirutka> skarnet: there’s big IF you can configure all mailing clients in aports to adhere to your scheme
2017-05-02 17:16:14 <skarnet> that's not my scheme
2017-05-02 17:16:38 <skarnet> that's a scheme implemented by reasonable MUAs and MDAs since the 90s
2017-05-02 17:18:25 <skarnet> but you're right, a pass on MUAs would also be necessary
2017-05-02 17:18:46 <TemptorSent> If a secure configuration is impossible with a given agent, I'd suggest it be dropped to unmaintained or patched, as proper security is what Alpine hangs it's hat on.
2017-05-02 17:19:30 <skarnet> I was going to suggest that, but the question becomes "and who's going to do the patching?" and I can already see fingers pointing at me
2017-05-02 17:20:15 <TemptorSent> skarnet: If someone is attached to a piece of software with crappy semantics, let them fix it or put up a bounty.
2017-05-02 17:20:33 <skarnet> that's not Alpine ethics
2017-05-02 17:20:54 <^7heo> not?
2017-05-02 17:21:07 <^7heo> (I'm naively asking, not trolling)
2017-05-02 17:21:15 <^7heo> I would expect it to be.
2017-05-02 17:21:15 <TemptorSent> Hmm, it's a conflict of Alpine ethics it seems -- Security on one hand and not breaking existing on the other.
2017-05-02 17:21:16 <jirutka> if we remove all shitty software from aports, then we would end up with quite few packages and I’d suggest to remove PHP and Go first :P
2017-05-02 17:21:45 <^7heo> TemptorSent: careful, you start sounding like OpenBSD, you're gonna trigger skarnet
2017-05-02 17:21:48 <^7heo> 
ACTION hides

2017-05-02 17:21:53 <TemptorSent> *LOL*
2017-05-02 17:22:10 <^7heo> (sorry skarnet)
2017-05-02 17:22:18 <TemptorSent> jirutka: I'm all for it ;)
2017-05-02 17:22:31 <jirutka> I’m just trying to say that skarnet’s hardline approach is not helping here very much :/
2017-05-02 17:22:42 <TemptorSent> They can live in the 'insecure' repo!
2017-05-02 17:22:43 <skarnet> hey, OpenBSD's controlfreakiness actually found a bug in my code
2017-05-02 17:22:55 <skarnet> so it's not *all* bad
2017-05-02 17:22:58 <^7heo> huhu
2017-05-02 17:22:58 <skarnet> (just most of it)
2017-05-02 17:23:04 <jirutka> and I found serious security bug in OpenBSD’s code and I’m not security expert at all… so?
2017-05-02 17:23:25 <^7heo> jirutka: where?
2017-05-02 17:23:27 <skarnet> so it was just a normal day where hell didn't freeze over
2017-05-02 17:24:06 <jirutka> since that I don’t trust OpenBSD as before… that fact that they pushed such breaking change without any warning and released it and even after report they were quite calm…
2017-05-02 17:24:09 <jirutka> ^7heo: LibreSSL
2017-05-02 17:24:14 <skarnet> jirutka: honestly if I could devote the time to making a pass on the MDAs and MUAs myself, and patching what needs to be patched, I would
2017-05-02 17:24:21 <TemptorSent> Anyway, my thought is that packages which CAN NOT be utilized in a secure way should go somewhere you explicitly have to opt-into.
2017-05-02 17:25:03 <jirutka> you have to opt-in every package, Alpine is not Debian to ship hundreds of packages in default installation ;) you must explicitly install all possibly bad software, that’s opt-in
2017-05-02 17:25:17 <TemptorSent> jirutka: Not true -- deps :)
2017-05-02 17:25:31 <jirutka> we’re talking about mailing *clients*, not libs, right?
2017-05-02 17:25:43 <skarnet> jirutka: but there's also good software that's not in the default installation, how can you tell the difference
2017-05-02 17:25:56 <skarnet> we're talking about anything that can access a user's mailbox
2017-05-02 17:26:06 <skarnet> or maildirs
2017-05-02 17:26:08 <TemptorSent> jirutka: MUAs/MDAs (and in some cases MTAs)
2017-05-02 17:26:52 <TemptorSent> I actually still use UUCP in some cases, so the /var/spool/mail thing does come into play.
2017-05-02 17:26:59 <^7heo> jirutka: ah right.
2017-05-02 17:27:09 <skarnet> TemptorSent: yeah, but that's just you. ;)
2017-05-02 17:27:25 <TemptorSent> skarnet: Yeah, I know - I'm an antique.
2017-05-02 17:27:53 <TemptorSent> Still works great for devices with occasional connectivity and low data volumes.
2017-05-02 17:28:45 <skarnet> *cough* serialmail *cough*
2017-05-02 17:29:22 <jirutka> I even don’t know what UUCP is o.O
2017-05-02 17:29:49 <TemptorSent> Hmm, serialmail looks pretty cool for the mail part.
2017-05-02 17:30:55 <TemptorSent> Unix-to-Unix-CoPy (or Copy Protocol or Copy Program, depending on who you ask an the phase of the moon.)
2017-05-02 17:31:59 <TemptorSent> I use UUCP for both copying configuration/updates and for passing mail.
2017-05-02 17:32:19 <^7heo> I don't use UUCP
2017-05-02 17:32:23 <^7heo> for anything.
2017-05-02 17:32:37 <^7heo> for configuration management I tend to do git repositories (so I have versionning)
2017-05-02 17:32:48 <^7heo> for mail I use imap/smtp.
2017-05-02 17:32:52 <^7heo> (over SSL)
2017-05-02 17:32:54 <jirutka> same for me
2017-05-02 17:33:19 <TemptorSent> ^7heo: Not configuration management, pushing config updates to embedded devices and retrieving their logs/messages
2017-05-02 17:34:31 <^7heo> TemptorSent: I tend to do that via scp/rsync.
2017-05-02 17:34:32 <jirutka> mpv broken after commit by pickfire… http://bugs.alpinelinux.org/issues/7262
2017-05-02 17:35:01 <TemptorSent> ^7heo: Yeah, great for hosts that you have IP connectivity to, not so great over serial
2017-05-02 17:35:07 <^7heo> jirutka: pickfire doesn't have commit rights.
2017-05-02 17:35:29 <^7heo> jirutka: so technically, mpv broke after a commit by fabled
2017-05-02 17:35:55 <jirutka> ^7heo: yes, they are both responsible :)
2017-05-02 17:36:02 <^7heo> TemptorSent: I do not often have only a serial connectivity.
2017-05-02 17:36:19 <TemptorSent> ^7heo: Welcome to the world of embedded computing.
2017-05-02 17:36:31 <^7heo> nah not anymore.
2017-05-02 17:36:53 <^7heo> a lot of "embedded" has IP support nowadays.
2017-05-02 17:36:56 <^7heo> most of it has.
2017-05-02 17:37:03 <TemptorSent> Networking is not required nor desired.
2017-05-02 17:37:17 <TemptorSent> Think PLCs
2017-05-02 17:37:18 <^7heo> tell that to the folks who did the ethernet shield for the arduino.
2017-05-02 17:38:00 <TemptorSent> You may want network MODULES, but the core hardware is by design not connected to the outside world in any way without physical access
2017-05-02 17:38:12 <^7heo> TemptorSent: what I'm saying here, is that it's not often that I see systems that do have a filesystem but no network.
2017-05-02 17:38:26 <^7heo> TemptorSent: if it has no filesystem, I have to reprogram the chip anyway.
2017-05-02 17:38:35 <^7heo> TemptorSent: if it has a filesystem, and network, I use ssh/rsync
2017-05-02 17:39:25 <TemptorSent> ^7heo: Hmm, much of my stuff ends up being flashed over serial using a bootloader or has a sd card.
2017-05-02 17:39:38 <^7heo> most of my stuff is flashed using a dedicated programmer.
2017-05-02 17:39:56 <^7heo> which is connected via USB-encapsulated serial.
2017-05-02 17:39:58 <TemptorSent> ^7heo: Running the network is far too much power usage.
2017-05-02 17:40:20 <TemptorSent> JTAG handles the bricked bootloaders.
2017-05-02 17:41:52 <TemptorSent> The only time it actually gets connected is for diagnostics or telemetry.
2017-05-02 17:43:12 <^7heo> jirutka: why was xrandr and xss removed from the build options btw?
2017-05-02 17:43:27 <TemptorSent> Much of this stuff is using low-speed serial-connected radio-modems where communications is required, 75-9600bps is common.
2017-05-02 17:43:37 <^7heo> jirutka: oh nevermind, it's in the message.
2017-05-02 17:48:02 <TemptorSent> ^7heo: Besides, the BOM and engineering overhead for adding the magnetics/PHY for ethernet or radio, transmission lines, and antenna for wireless is horrible for applications that don't need it.
2017-05-02 17:50:40 <jirutka> ^7heo: hm, he’s right, these options has been removed and so the functionality is enabled by default now
2017-05-02 17:50:49 <jirutka> ^7heo: so it must be some regression in the project
2017-05-02 17:59:35 <^7heo> jirutka: is the commit in the release?
2017-05-02 17:59:52 <jirutka> ^7heo: yes, I’ve checked that
2017-05-02 18:00:46 <fabled> jirutka, ^7heo : mpv sounds like upstream issue, should probably revert it
2017-05-02 18:01:02 <jirutka> fabled: yeah, exactly
2017-05-02 18:01:33 <fabled> pickfire, any thoughts on reverting mpv upgrade?
2017-05-02 18:01:44 <^7heo> fabled: he's sleeping atm.
2017-05-02 18:02:00 <jirutka> ^7heo: how do you know? :)
2017-05-02 18:06:22 <fabled> it potentially depends on ffmpeg3.3 since in mpv git ffmpeg3.2 support is removed soon after the release tag
2017-05-02 18:06:24 <fabled> i'll revert it
2017-05-02 18:30:44 <clandmeter> Shiz jirutk
2017-05-02 18:31:03 <clandmeter> Keyboard....
2017-05-02 18:31:54 <clandmeter> Jirutka, rust and other Arch's, what is the status?
2017-05-02 18:33:21 <jirutka> clandmeter: we have some info from fabled how to do that, just need to find some time to actually do that :)
2017-05-02 18:33:56 <jirutka> clandmeter: I don’t know if Shiz made more progress…?
2017-05-02 18:37:41 <jirutka> clandmeter: but I’ve already moved rust (not cargo yet) to community, ’cause fabled said that it’s not needed to have rust-bootstrap for bootstrapping from upstream’s binary and I was afraid that someone may decide to already branch v3.6 :)
2017-05-02 18:38:13 <clandmeter> right. so you want to make it for 3.6?
2017-05-02 18:39:10 <jirutka> definitely!
2017-05-02 18:48:06 <ncopa> i ws thinking of setting 1777 permissions on /var/mail
2017-05-02 18:48:21 <ncopa> and symlink /var/spool/mail
2017-05-02 18:49:48 <ncopa> something created /var/spool/mail with group permissions to 'buildozer' on the build server
2017-05-02 18:49:56 <ncopa> anyone have a clue what might have done that?
2017-05-02 18:51:42 <nmeum> mmh might have done that
2017-05-02 18:52:33 <nmeum> might also explain the strange mmh build failure on the armhf builder
2017-05-02 18:53:34 <TemptorSent> ncopa 1777 still allows for a class of exploits based on creating an intentional name collistion and deliving mail to the attacker's file.
2017-05-02 18:55:29 <TemptorSent> touch /var/mail/$victim; chmod 666 /var/mail/$victim
2017-05-02 18:55:58 <jirutka> yeah, that’s true, it’s very vulnerable
2017-05-02 18:56:08 <TemptorSent> Or worse ln /var/mail/$attacker /var/mail/$victim
2017-05-02 18:57:20 <TemptorSent> Which will bypass many 'security' measures in the MDA such as fixing perms or changing ownership.
2017-05-02 18:58:55 <ncopa> but attacker needs to do it before first delivered mailbox
2017-05-02 18:59:03 <ncopa> but yes, valid point
2017-05-02 18:59:21 <TemptorSent> Not exactly a hard race to win ;)
2017-05-02 18:59:31 <ncopa> what about the debian style, with 750 permissions?
2017-05-02 18:59:58 <ncopa> and give a specific group write perms
2017-05-02 19:00:23 <TemptorSent> Still potentially vulnerable, but DoS is much easier than mail theft in that case.
2017-05-02 19:00:24 <ncopa> i mean 770
2017-05-02 19:01:06 <TemptorSent> Group perms will allow theft in that case.
2017-05-02 19:02:17 <ncopa> yes you need to be in the group to be able to steal mail
2017-05-02 19:02:26 <ncopa> how does other distros solve it?
2017-05-02 19:02:27 <TemptorSent> 750 and pre-create (renaming any existing) the mailboxes at time of user createion gives you reasonably security
2017-05-02 19:02:31 <TemptorSent> Poorly.
2017-05-02 19:03:31 <ncopa> i suppose people use maildir nowdays
2017-05-02 19:03:35 <TemptorSent> Mail for local users should be delivered to the users's home directory, while virtual users probably should use a MDA specific directory to avoid problems when using multiple MDAs
2017-05-02 19:04:55 <ncopa> nmeum mmh's configure script will check permissions on /var/spool/mail
2017-05-02 19:05:02 <TemptorSent> It's one of those cases that the only sane solution to put it in /var/mail is to use a suid binary running as root that explicitly excludes users from writing the directoy.
2017-05-02 19:05:54 <jirutka> tbh I think that locally delivered mails are mostly history…
2017-05-02 19:05:55 <ncopa> and try install the binary with the given setgid
2017-05-02 19:06:01 <ncopa> yes
2017-05-02 19:06:07 <ncopa> i dont think we care that much
2017-05-02 19:06:27 <ncopa> but we need fix mmh to do something consistent
2017-05-02 19:06:36 <TemptorSent> 755 mail:mail, with suid:root:mail for the MDA
2017-05-02 19:07:19 <TemptorSent> That allows mail be used to write non-local users, and the appropriate userid set for all local users.
2017-05-02 19:07:45 <TemptorSent> That's as close to sane as you can really get with it I'm afraid.
2017-05-02 19:08:00 <TemptorSent> setgid doesn't fix the problem.
2017-05-02 19:08:49 <ncopa> imho suid root is worse
2017-05-02 19:08:53 <TemptorSent> Here is one of those good candiates for namespaces.
2017-05-02 19:09:34 <TemptorSent> only suid actually functions properly, because with setgid only, you can still force collisiosns. You need to map the files to users one to one, and only root can do that.
2017-05-02 19:10:25 <TemptorSent> There is no simple, secure means of delivering mail to a common mail directory with existing semantics.
2017-05-02 19:10:52 <ncopa> bug in that application will not only give you permissions to other users mail
2017-05-02 19:11:02 <ncopa> will give you access to everything
2017-05-02 19:11:21 <TemptorSent> Having a maildir in the homedir writtable by a group works, because you don't need the user to have that group memebership.
2017-05-02 19:12:42 <TemptorSent> But if you have mail for all users in a single directory owned by a single user and group, the ONLY way to secure the mail directories is to set their ownership to the user and their group to something that doesn't contain any users.
2017-05-02 19:13:08 <TemptorSent> Which requires a suid:root MDA.
2017-05-02 19:13:39 <TemptorSent> Which is not secure, QED - /var/mail is not a secure place for MDAs to deliver mail for local users.
2017-05-02 19:14:24 <TemptorSent> Just say no to shared mail directories for local users.
2017-05-02 19:15:45 <TemptorSent> Solving it securely requires something like selinux caps or namespaces.
2017-05-02 19:17:24 <TemptorSent> if you want to, I suppose you could abuse the /var/mail directory and create /var/mail/$user at user creation time with perms $user:mail 770
2017-05-02 19:17:28 <jirutka> TemptorSent: POSIX ACLs wouldn’t help here, right?
2017-05-02 19:18:16 <TemptorSent> They could, but you'd still have to get the MDA to understand them I think, which would be better solved by just fixing the damn thing to deliver to user-owned directories.
2017-05-02 19:19:04 <TemptorSent> SELinux would let you restrict the scope of the MDA binary without modifying it I believe
2017-05-02 19:19:07 <skarnet> how hard is it to find the discussion in the chat logs instead of recreating it
2017-05-02 19:19:28 <TemptorSent> But POSIX ACLs + some scripting would work, and would actually be portable.
2017-05-02 19:20:01 <TemptorSent> skarnet: Ask ncopa? *ducks*
2017-05-02 19:20:28 <skarnet> I'm asking him as much as anyone else :P
2017-05-02 19:21:08 <ncopa> so the conclusion is that there is no sane way to set up a shared /var/mail
2017-05-02 19:21:17 <TemptorSent> Yes.
2017-05-02 19:21:23 <ncopa> unless you create the users mailbox at user creation time?
2017-05-02 19:21:24 <skarnet> exactly
2017-05-02 19:22:23 <TemptorSent> And if you do that, the user can still break it by unlinking it.
2017-05-02 19:22:29 <ncopa> and if you create the mailbox at user creation time, then you could use 1777
2017-05-02 19:22:31 <ncopa> yes
2017-05-02 19:22:49 <TemptorSent> Nope, 1777 is never going to be secure.
2017-05-02 19:22:50 <skarnet> and users with a smart MUA and a programmable MDA who want several mailboxes still need to create them in their homedirs
2017-05-02 19:23:07 <skarnet> so why not cut to the chase and deliver in the homedir in the first place
2017-05-02 19:23:41 <TemptorSent> I fully concur.
2017-05-02 19:24:02 <skarnet> and for virtual users, the virtual user database is MDA-dependent, so /var/lib/$MDA/foobar makes more sense than /var/mail.
2017-05-02 19:24:21 <ncopa> yes ofc
2017-05-02 19:24:23 <TemptorSent> Or, if you really must have mail on a different filesystem, create a user directory in that location.
2017-05-02 19:24:53 <ncopa> ok let me rephrase it
2017-05-02 19:24:57 <jirutka> afk
2017-05-02 19:25:22 <ncopa> should the 'inc' program from mmh be setgid or should it not?
2017-05-02 19:25:33 <skarnet> what is mmh?
2017-05-02 19:25:33 <TemptorSent> For store-and-forward delivery-only virtual users, /var/spool/mail MAY be appropriate, but otherwise should NOT be used.
2017-05-02 19:25:54 <TemptorSent> my mail handler?
2017-05-02 19:26:33 <ncopa> https://git.alpinelinux.org/cgit/aports/tree/community/mmh/APKBUILD
2017-05-02 19:26:42 <TemptorSent> Oh, meillo's
2017-05-02 19:26:42 <ncopa> that package is breaking builders
2017-05-02 19:27:26 <ncopa> configure script does some magic depending on if /var/mail is world writeable or not - on the building system
2017-05-02 19:27:47 <skarnet> -> trash
2017-05-02 19:28:05 <TemptorSent> He wrote it as his master's theisis?!?
2017-05-02 19:28:22 <skarnet> or, more constructively: do whatever it takes to make it build, it doesn't matter, it will be insecure anyway :P
2017-05-02 19:28:36 <skarnet> unless it can be configured to read mail from the user's homedir
2017-05-02 19:28:54 <TemptorSent> Oh, 'Modern Mail Handler' now? Make up your mind!
2017-05-02 19:30:54 <ncopa> skarnet: exactly, it doesnt matter really because its not possible to do it right
2017-05-02 19:31:09 <ncopa> so im thinking of drop setgid
2017-05-02 19:31:33 <TemptorSent> I'm reading his thesis real quick...
2017-05-02 19:32:31 <skarnet> the least worst way of handling /var/mail is to have it -drwsrws--- root:mail and to keep the setgid mail for programs that need to access it
2017-05-02 19:33:14 <TemptorSent> Agreed, and print a big, fat warning that it may be insecure.
2017-05-02 19:33:24 <skarnet> (but the real fix is to make it read from another default mailbox, if possible)
2017-05-02 19:33:44 <TemptorSent> I'm not seeing anything in the design that should make it impossilbe.
2017-05-02 19:35:48 <TemptorSent> Hmm, mmh is one of those programs that can be used in a couple different ways -- one of which is with slocal, in which case reading from /var/spool/mail and deliving to local folders is actually the proper operation.
2017-05-02 19:36:15 <TemptorSent> But configuration is required to make it work right in that mode.
2017-05-02 19:36:17 <skarnet> 1990 called, they want you back
2017-05-02 19:36:34 <TemptorSent> *lol* Well, this is MH :)
2017-05-02 19:42:00 <TemptorSent> So it looks like this is the odd exception that actually should use /var/spool/mail, since it's mode of operation is to create a folder structure in the home directory and despool them to that.
2017-05-02 19:42:53 <ncopa> so we should setgid the 'inc' program? since world writable /var/mail is always bad?
2017-05-02 19:43:17 <TemptorSent> What is inc actually reading/writing?
2017-05-02 19:43:24 <skarnet> ncopa: yes, I guess. With a big fat warning.
2017-05-02 19:43:28 <TemptorSent> Can you strace it if it's not clear?
2017-05-02 19:44:30 <ncopa> im not running it, im just modifying the build
2017-05-02 19:44:36 <ncopa> to unblock the 3.6 builders
2017-05-02 19:45:02 <ncopa> nmeum: ok that we make 'inc' setgid 'mail'?
2017-05-02 19:50:49 <TemptorSent> ncopa: spool dir should be /var/spool/mail, as inc truncates the spoolfile on each successful read and does not treat it as a mailbox.
2017-05-02 19:52:10 <TemptorSent> The env variable it uses is actually 'MAILDROP', which may provide a more secure way of handling it by simply making the user set that!
2017-05-02 19:53:02 <TemptorSent> No SGID needed if the system mailer can deliver to the users maildir.
2017-05-02 19:53:16 <ncopa> ok good
2017-05-02 19:53:47 <TemptorSent> So install it with no set anything.
2017-05-02 19:54:10 <ncopa> thats what i wanted to hear
2017-05-02 19:54:12 <ncopa> thanks
2017-05-02 19:54:45 <ncopa> now next question is, can anyboy help me figure out what created the /var/spool/mail directory?
2017-05-02 19:54:46 <TemptorSent> You can even feed mail to it via stdin, so you could spawn it as the user.
2017-05-02 19:54:53 <consus> Oh
2017-05-02 19:55:02 <consus> The right time :D
2017-05-02 19:55:11 <ncopa> is there any pre-install script or similar that created it?
2017-05-02 19:55:45 <skarnet> possibly baselayout, since it is in fkn FHS
2017-05-02 19:55:46 <TemptorSent>  /var/spool/mail is actually valid for MH, since it is explicitly used for spooling messages pending final delivery only.
2017-05-02 19:56:00 <skarnet> TemptorSent: please stop mentioning /var/spool/mail EVER
2017-05-02 19:56:04 <ncopa> skarnet is not owned by any package
2017-05-02 19:56:11 <skarnet> thank God
2017-05-02 19:56:13 <TemptorSent> But I suggest we bypass that entirely and deliver directly to the user.
2017-05-02 19:56:22 <ncopa> *it is not owned by any package
2017-05-02 19:56:22 <skarnet> ^
2017-05-02 19:56:26 <ncopa> :)
2017-05-02 19:56:34 <consus> You are discussing the /var/mail and /var/spool/mail thing, right?
2017-05-02 19:56:40 <ncopa> nope
2017-05-02 19:56:42 <consus> :(
2017-05-02 19:56:45 <ncopa> we are definitively not
2017-05-02 19:56:50 <consus> That's a shame
2017-05-02 19:57:10 <consus> I was hoping for the final resolution any time soon
2017-05-02 19:57:11 <TemptorSent> skarnet: You REALLY hate /var/spool/mail for some reason, even when it's semantically correct...
2017-05-02 19:57:23 <skarnet> look up "obsolete"
2017-05-02 19:57:31 <TemptorSent> consus: Resolution is avoid if at all possible.
2017-05-02 19:57:34 <skarnet> and "bad design"
2017-05-02 19:57:58 <TemptorSent> skarnet Agreed, I'm just speaking in terms of WHICH insecure, poorly designed directory to use for what :)
2017-05-02 19:58:17 <skarnet> I'm not even talking about insecure
2017-05-02 19:58:22 <skarnet> I'm talking about nonsensical
2017-05-02 19:58:39 <skarnet> Please get it into your head that a spool for incoming mail is 100% nonsense
2017-05-02 19:58:42 <skarnet> in 2017
2017-05-02 19:58:52 <consus> FHS states /var/mail
2017-05-02 19:58:58 <skarnet> (and it also was nonsense in 1996)
2017-05-02 19:59:04 <skarnet> consus: we've been through this
2017-05-02 19:59:07 <TemptorSent> Well, the spool makes sense in certain cases still (weird ones where networks don't work reliably and devices poll)
2017-05-02 19:59:19 <consus> skarnet: Hm?
2017-05-02 19:59:25 <skarnet> TemptorSent: no. If you still have doubts, please read this line again.
2017-05-02 19:59:29 <ncopa> woudl probably make more sense to have a /var/spool/mmh for mmh
2017-05-02 19:59:44 <skarnet> ncopa: no, a spool only makes sense for OUTGOING mail
2017-05-02 19:59:45 <skarnet> never incoming
2017-05-02 19:59:59 <skarnet> and outgoing mail is for the MTA to handle.
2017-05-02 20:00:01 <TemptorSent> skarnet: What is the input to filtering then?
2017-05-02 20:00:04 <consus> AFAIR every smtp server already has it's own directory in /var/spool
2017-05-02 20:00:16 <consus> So /var/spool/mail is purely for mailboxes
2017-05-02 20:00:33 <skarnet> mailboxes have no place in /var/spool
2017-05-02 20:00:42 <consus> Really?
2017-05-02 20:00:52 <consus> $ ls -ld /var/mail
2017-05-02 20:00:52 <consus> lrwxrwxrwx 1 root root 15 Jan  4  2016 /var/mail -> /var/spool/mail
2017-05-02 20:00:53 <skarnet> Really. Again, we've been through this.
2017-05-02 20:01:01 <consus> Well
2017-05-02 20:01:05 <consus> Now it's all over the place
2017-05-02 20:01:12 <skarnet> yes, there is such a link, and it's a mistake.
2017-05-02 20:01:13 <TemptorSent> consus: No, /var/spool/mail is NEVER for user mailboxes, it MAY be used explicitly as a SPOOL, meaning it is cleared upon successful read.
2017-05-02 20:01:24 <TemptorSent> The link is evil.
2017-05-02 20:01:25 <consus> TemptorSent: In every major distro it is
2017-05-02 20:01:36 <consus> TemptorSent: Deal with it already
2017-05-02 20:01:43 <skarnet> that's proof that every major distro just doesn't think
2017-05-02 20:01:44 <TemptorSent> Yeah, it's been broken since the 90s.
2017-05-02 20:01:52 <consus> Perhaps
2017-05-02 20:01:59 <consus> Still things the way they are
2017-05-02 20:02:00 <skarnet> do you know the metaphor with chimpanzees getting an electric shock every time they climb a ladder?
2017-05-02 20:02:07 <skarnet> that's mainstream distros for you
2017-05-02 20:02:08 <ncopa> hey, if anybody wanst setup /var/spool/mail as a symlink, we should let them
2017-05-02 20:02:10 <TemptorSent> When semantics were still in use, it at least made some sense, but now it's just a giant cluster.
2017-05-02 20:02:25 <consus> ncopa: For now opensmtpd is broken with the default config
2017-05-02 20:02:35 <consus> ncopa: Because no package creates this symlink
2017-05-02 20:02:45 <TemptorSent> Then fix where it writes!
2017-05-02 20:02:53 <consus> Then fix mailx
2017-05-02 20:02:57 <ncopa> is there a bug for it?
2017-05-02 20:02:58 <skarnet> consus: would you kindly let us work?
2017-05-02 20:03:02 <ncopa> on bugs.a.o?
2017-05-02 20:03:15 <consus> ncopa: yes
2017-05-02 20:03:17 <ncopa> consus can you please file the details on bugs.a.o
2017-05-02 20:03:27 <consus> ncopa: ok
2017-05-02 20:04:01 <ncopa> the more urgent issue at hand is that builder chokes due to something created /var/spool/mail with wrong permissions
2017-05-02 20:04:06 <ncopa> and i have no clue what it was
2017-05-02 20:04:49 <ncopa> drwxr-xr-x    2 root     buildoze      4096 Mar 28 22:32 /var/spool/mail/
2017-05-02 20:04:50 <skarnet> likely 2770 root:mail
2017-05-02 20:04:55 <skarnet> ugh
2017-05-02 20:04:57 <skarnet> buildoze?
2017-05-02 20:05:05 <TemptorSent> Anyway, back to mmh -- I suggest you strip it of any elevated privs and tell the users to set the env variable to say ~/.mail/incoming
2017-05-02 20:05:23 <ncopa> buildozer is the user that builds are running as
2017-05-02 20:05:39 <ncopa> TemptorSent: yes that makes sense
2017-05-02 20:06:12 <TemptorSent> If someone wants to fix it to do that automatically, that would be cool, but for now, let the user decide
2017-05-02 20:06:16 <awilfox> how is this argument still happening
2017-05-02 20:06:29 <TemptorSent> And they can link that to wherever they have their mail delivered :)
2017-05-02 20:06:44 <TemptorSent> Because mail is a mess
2017-05-02 20:06:53 <awilfox> only if you /make/ it a mess
2017-05-02 20:07:00 <skarnet> ncopa: somehow I remember saying exactly this for 2 days straight, doesn't it make sense when I'm the one saying it?
2017-05-02 20:07:05 <awilfox> if opensmtpd relies on brokenness I suggest dropping the package.
2017-05-02 20:07:12 <TemptorSent> You mean trying to use anything of the shelf?
2017-05-02 20:07:24 <TemptorSent> Yeah, I suggested dropping the broken packages above :)
2017-05-02 20:07:36 <TemptorSent> Unfortunately, that's most of them :/
2017-05-02 20:07:48 <awilfox> well I do not want to read the 806 lines of backlog that this discussion has spawned
2017-05-02 20:08:01 <ncopa> awilfox not worth reading backlog
2017-05-02 20:08:01 <awilfox> in fact, maybe it is time to just disconnect freenodee
2017-05-02 20:08:17 <TemptorSent> For the most part, proper configuration and possibly minor wrapping would mitigate if not fix them I suspect.
2017-05-02 20:08:22 <awilfox> TemptorSent, I mean relying on brokenness.
2017-05-02 20:08:30 <ncopa> the issue is supposed to be reported on bugs.a.o and we take it from there
2017-05-02 20:08:32 <awilfox> TemptorSent, some brokenness cna be fixed
2017-05-02 20:08:50 <TemptorSent> awilfox: Yeah, they rely on bad assumptions about privs, which breaks them.
2017-05-02 20:08:52 <skarnet> awilfox: or just to /leave #alpine-devel, which would save me a huge amount of time
2017-05-02 20:08:52 <awilfox> like kde brokenness, I spent most weekends fixing it, and it mostly is fully working now
2017-05-02 20:09:02 <awilfox> no more mem leaks or tearing or musl crashes
2017-05-02 20:09:12 <TemptorSent> Wow, great work!
2017-05-02 20:09:16 <ncopa> kde works with musl now?
2017-05-02 20:09:21 <ncopa> thats awesome!
2017-05-02 20:09:32 <awilfox> yep, most of my patches are upstreamed
2017-05-02 20:09:35 <awilfox> a few still in queue
2017-05-02 20:09:37 <ncopa> even better
2017-05-02 20:09:51 <skarnet> ok, I got the message.
2017-05-02 20:10:14 <awilfox> I'm using it daily via adelie, but void is using the patches too so they are testing it more
2017-05-02 20:10:25 <awilfox> should be easy to bring to alpine at the next KDE LTS
2017-05-02 20:10:36 <awilfox> which Inthink is 17.12 (so December)
2017-05-02 20:13:02 <awilfox> didn't think KDE would make him leave heh
2017-05-02 20:13:11 <TemptorSent> ncopa: /var/mail is so insecure, I'd almost suggest creating it 500 with a warning note inside.
2017-05-02 20:15:42 <ncopa> awilfox i dont think it was KDE. i think i was not good enough telling that i actually do listen to him
2017-05-02 20:16:47 <TemptorSent> I think the fact we've had this same conversation almost verbatim three times in the past week is probably the reason.
2017-05-02 20:17:44 <TemptorSent> The conclusion remains the same, local user mail for final delivery belongs in user-owned directories, prefereably in their home directories.
2017-05-02 20:19:02 <scadu> amen.
2017-05-02 20:19:34 <TemptorSent> Anything else is too broken to contemplate supporting.
2017-05-02 20:21:49 <TemptorSent> skarnet and I disagree on the need at times for an intermediary spool directory for incomming mail, which I have used in the past to handle filtering before handing to the final delivery agent.
2017-05-02 20:22:50 <TemptorSent> But anthing of that nature should NOT be user-writable anyway.
2017-05-02 20:24:41 <consus> Actually, it is possible to tell smtpd to deliver to user mail dir. Where to submit patches to the config?
2017-05-02 20:24:46 <consus> *home dir
2017-05-02 20:24:48 <TemptorSent> In fact, good general policy is that anything that writes to a user-owned file should only do so in a directory owned by that user unless the file is explicitly unlinked and created each time.
2017-05-02 20:24:48 <consus> Sorry
2017-05-02 20:25:36 <consus> Though it would change the format from mbox to maildir
2017-05-02 20:25:45 <consus> Don't know if that's okay
2017-05-02 20:25:52 <nmeum> ncopa: sure, should I update the mmh aport accordingly?
2017-05-02 20:25:54 <TemptorSent> consus: I'd guess either a PR or add to the bug.
2017-05-02 20:26:41 <TemptorSent> nmeum: If you can figure out how to get it to default to user maildir, that would be ideal.
2017-05-02 20:27:09 <nmeum> user maildir? do you mean use maildirs?
2017-05-02 20:27:12 <TemptorSent> consus: IIRC there's a way of forcing it to deliver all new mail to a single file in the user maildir?
2017-05-02 20:27:24 <nmeum> ah
2017-05-02 20:27:34 <consus> Accordingly to smtpd.conf -- no
2017-05-02 20:27:41 <consus> deliver to maildir [path]
2017-05-02 20:27:43 <consus> deliver to mbox
2017-05-02 20:27:54 <TemptorSent> nmeum: Yes, if possible, supporting standard maildir would be ideal.
2017-05-02 20:27:56 <consus> So mbox delivery method assumes /var/mail
2017-05-02 20:28:05 <nmeum> TemptorSent: mmh doesn't support maildirs
2017-05-02 20:28:14 <TemptorSent> bloody stupid POS.
2017-05-02 20:28:17 <ncopa> nmeum: i think the conclusion was, no elevated privs
2017-05-02 20:28:18 <consus> I can write a patch for this of course
2017-05-02 20:28:55 <TemptorSent> Okay, yeah - delivering to a path in mbox format would be ideal consus.
2017-05-02 20:29:06 <consus> Why not maildir?
2017-05-02 20:29:14 <consus> And what is mmh
2017-05-02 20:29:14 <TemptorSent> Getting mbox clients to support maildir is likely a lot more work.
2017-05-02 20:29:17 <ncopa> nmeum: i think we need to make mmh *not* setgid inc, regardless of what the /var/spool/mail is
2017-05-02 20:29:24 <consus> mailx supports maildir
2017-05-02 20:29:27 <consus> mutt too
2017-05-02 20:30:01 <consus> What clients are we talking about?
2017-05-02 20:30:03 <ncopa> nmeum: can you help me with that? the currencte configure script will check the permissions on the buildserver
2017-05-02 20:30:40 <ncopa> i'll disable mmh for now so it does not block the builders
2017-05-02 20:30:40 <nmeum> you can hardcode the group it should use for the setgid binary using an environment variable
2017-05-02 20:30:41 <TemptorSent> mailhandler flavor agents
2017-05-02 20:30:55 <nmeum> but I don't think you can make inc a non-setgid binary
2017-05-02 20:31:14 <consus> TemptorSent: Can you please point me to the exact package in a tree?
2017-05-02 20:31:25 <ncopa> nmeum then maybe i misread the configure script
2017-05-02 20:31:26 <consus> I'm not familiar with mailhandler
2017-05-02 20:31:29 <nmeum> I mean you can obviously patch the makefile but I don't think that this is 'supported'
2017-05-02 20:32:06 <TemptorSent> see 'nmh' and 'mmh'
2017-05-02 20:32:09 <jirutka> patching makefile is never “supported” by upstream, yet we need to do it sometimes :)
2017-05-02 20:32:18 <nmeum> ncopa: if you just want me to the change the setgid binary group to 'mail' I can do that right away otherwise it would probably be a good idea to disable the aport for now
2017-05-02 20:34:50 <TemptorSent> consus: Things such as fetchmail also don't speak maildir
2017-05-02 20:34:59 <consus> Hm
2017-05-02 20:35:04 <consus> I used fetchmail + procmail
2017-05-02 20:35:06 <consus> Worked fine
2017-05-02 20:35:21 <consus> Anybody uses fetchmail without anything? P_P
2017-05-02 20:35:39 <TemptorSent> Depends on if you do it in a single step or not.
2017-05-02 20:35:46 <consus> Okay
2017-05-02 20:35:49 <TemptorSent> I used to fetch to spool, then proc
2017-05-02 20:35:53 <consus> The patch should be trivial
2017-05-02 20:36:02 <consus> I'll work on it and propose it to the upstream
2017-05-02 20:36:22 <TemptorSent> But generally it's much nicer to parse a single file to spool new files than traverse a directory hierarchy.
2017-05-02 20:36:30 <consus> Of course
2017-05-02 20:36:43 <consus> But it's easier to work with individual mails
2017-05-02 20:36:49 <consus> Instead of one HUGE file
2017-05-02 20:37:00 <HEROnymous> hey guys, moving along this install - I've got an issue now, not sure why, it's erroring during setup-alpine with unsatisfiable constraints regarding .setup-apkrepos
2017-05-02 20:37:08 <TemptorSent> So anything that is used programatically will want a single input file.
2017-05-02 20:37:50 <TemptorSent> consus: The spool files should never get huge, they should only contain NEW mail.
2017-05-02 20:38:01 <consus> Aha
2017-05-02 20:38:14 <consus> So then mail saves them to ~/mbox
2017-05-02 20:38:16 <consus> By default
2017-05-02 20:38:19 <TemptorSent> Otherwise it's not a spool.
2017-05-02 20:38:24 <consus> And then they got huge
2017-05-02 20:38:32 <ncopa> nmeum: $ curl --silent  http://nl.alpinelinux.org/alpine/edge/community/x86_64/mmh-0.3-r0.apk | tar -ztv usr/bin/inc
2017-05-02 20:38:32 <ncopa> -rwxr-xr-x root/root    102504 2016-08-28 23:46 usr/bin/inc
2017-05-02 20:38:36 <TemptorSent> Yeah, the agent should be cleaning that out.
2017-05-02 20:39:08 <TemptorSent> read from ~/mbox and write to ~/Mail/...
2017-05-02 20:39:11 <ncopa> nmeum: apparently its currently set without any setgid permissions. i think that happens if /var/spool/mail is missing during build
2017-05-02 20:39:45 <ncopa> nmeum: we need patch the configure script so that we can force that behaviour with a configure option of some sort
2017-05-02 20:39:50 <ncopa> --disable-setgid or similar
2017-05-02 20:40:01 <nmeum> ncopa: the configure.ac also defines a SETGID_MAIL variable maybe we just want to set it to zero?
2017-05-02 20:40:13 <nmeum> that should work
2017-05-02 20:40:39 <TemptorSent> What we really should do is develop a consistent mail policy and configure everthing we package to conform.
2017-05-02 20:40:49 <nmeum> yeah
2017-05-02 20:41:03 <TemptorSent> FHS be damned, SELF consistency is what's important.
2017-05-02 20:42:31 <consus> :D
2017-05-02 20:42:37 <consus> Documentation
2017-05-02 20:42:37 <TemptorSent> And the reason for each design decision should be documented so we don't keep having the same arguments ;)
2017-05-02 20:42:39 <consus> Goddamit
2017-05-02 20:42:51 <consus> We need documentation for that
2017-05-02 20:43:10 <consus> Because people expect something familiar
2017-05-02 20:43:13 <TemptorSent> Yes, exactly. Document the expected behavior, then make it actually happen.
2017-05-02 20:43:20 <consus> Without the docs
2017-05-02 20:43:23 <consus> :D
2017-05-02 20:43:52 <TemptorSent> Yeah, the problem is the docs we currently have are more often than not incomplete or just plain wrong.
2017-05-02 20:44:22 <consus> :)
2017-05-02 20:45:02 <TemptorSent> I started stubbing out architecture on the wiki, but we really need to get down to the design-doc stage.
2017-05-02 20:46:50 <TemptorSent> Question - how do I add a category to the Wiki?
2017-05-02 20:46:51 <nmeum> ncopa: ok? http://sprunge.us/SEPG
2017-05-02 20:47:08 <consus> xD
2017-05-02 20:47:15 <consus> I got banned for editing wiki
2017-05-02 20:47:31 <TemptorSent> Wow, how'd you manage that?
2017-05-02 20:48:31 <consus> Pushed the 'Save' button
2017-05-02 20:48:41 <TemptorSent> On?
2017-05-02 20:48:47 <consus> Apparently, there is a grace period
2017-05-02 20:48:49 <ncopa> nmeum does it work? it looks ok to me, but i havent verified that it does what it should
2017-05-02 20:48:55 <consus> Between you've registered
2017-05-02 20:49:02 <consus> And first commit
2017-05-02 20:49:05 <consus> To the wiki
2017-05-02 20:49:13 <consus> If you violate this period, YOU'RE BANNED
2017-05-02 20:49:15 <TemptorSent> Oh, more like mediawiki is broken.
2017-05-02 20:49:18 <consus> :D
2017-05-02 20:49:24 <ncopa> consus first commit with a link to external site
2017-05-02 20:49:30 <ncopa> its anti spam feature
2017-05-02 20:49:32 <nmeum> ncopa: $ tar -ztvf mmh-0.3-r1.apk | grep inc
2017-05-02 20:49:32 <consus> ncopa: Not true
2017-05-02 20:49:33 <nmeum> -rwxr-xr-x root/root    102784 2017-05-02 22:36 usr/bin/inc
2017-05-02 20:49:37 <consus> Ah
2017-05-02 20:49:39 <consus> True
2017-05-02 20:49:44 <consus> A link to pkgs.a.o =/
2017-05-02 20:49:51 <ncopa> nmeum push it. thanks!
2017-05-02 20:49:52 <TemptorSent> Yeah, that'd do it.
2017-05-02 20:49:58 <consus> Btw
2017-05-02 20:50:03 <consus> Gotta update it now
2017-05-02 20:50:09 <consus> Since the grace period is off
2017-05-02 20:50:12 <consus> I gues
2017-05-02 20:52:18 <TemptorSent> Holy crap there are a lot of blocked by abuse filter.
2017-05-02 20:52:39 <consus> > This action has been automatically identified as harmful, and you have been prevented from executing it. In addition, to protect Alpine Linux, your user account and all associated IP addresses have been blocked from editing. If this has occurred in error, please contact an administrator. A brief description of the abuse rule which your action matched is: New users are not allowed to add ip
2017-05-02 20:52:45 <consus> addresses and phone numbers
2017-05-02 20:52:46 <consus> Ah for god's sake %)
2017-05-02 20:52:50 <consus> Okay
2017-05-02 20:53:01 <ncopa> sounds like its broken
2017-05-02 20:53:06 <consus> Could somebody please post this https://paste.pound-python.org/show/TSQocqhTLd6yLUmXUWBc/
2017-05-02 20:53:09 <consus> To the wiki?
2017-05-02 20:53:17 <consus> I really want to document this 'docs' package feature
2017-05-02 20:53:28 <consus> It's cool and helpfull
2017-05-02 20:53:38 <consus> But I cannot edit the wiki
2017-05-02 20:53:40 <TemptorSent> consus What was the account name you got blocked with, ncopa should be able to toggle that.
2017-05-02 20:53:50 <consus> consus
2017-05-02 20:53:52 <consus> It was consus
2017-05-02 20:53:55 <consus> It's unlbocked now
2017-05-02 20:54:00 <clandmeter> HEROnymous, did you try apk del .setup-apkrepos ?
2017-05-02 20:54:01 <consus> By another guy
2017-05-02 20:54:10 <ncopa> but you got blocked again?
2017-05-02 20:54:12 <consus> But seems like grace period is not off =/
2017-05-02 20:54:21 <consus> I don't know how long to wait
2017-05-02 20:54:23 <consus> Nobody told me
2017-05-02 20:54:24 <nmeum> speaking of MDA and setgid binaries is there still a reason why the mutt aports needs to have the suid option set? https://git.alpinelinux.org/cgit/aports/tree/main/mutt/APKBUILD#n13
2017-05-02 20:54:35 <TemptorSent> So, what do we have to do to disable that 'feature'
2017-05-02 20:54:36 <consus> So I tried to modify the very same page
2017-05-02 20:54:36 <nmeum> the option was introduced with this commit https://git.alpinelinux.org/cgit/aports/commit/main/mutt/APKBUILD?id=c172eceed77bc0330347b09a284d86d99da6146f
2017-05-02 20:54:50 <nmeum> but the mutt package doesn't seem to ship mutt_dotlock currently
2017-05-02 20:54:58 <HEROnymous> clandmeter, no, should I ?
2017-05-02 20:55:11 <HEROnymous> clandmeter, all I've done was some ifconfig and route commands and setup-alpine
2017-05-02 20:55:22 <clandmeter> can you ping?
2017-05-02 20:55:30 <clandmeter> sounds like network issue
2017-05-02 20:55:46 <HEROnymous> nah network's good.  it was able to detect best mirror and stuff during the run.
2017-05-02 20:55:47 <TemptorSent> nmeum: Audit it and if it doesn't absolutely need it, kill it's sgid bit.
2017-05-02 20:56:08 <clandmeter> then apk del it
2017-05-02 20:56:15 <clandmeter> and apk update
2017-05-02 20:56:29 <TemptorSent> Well, I see you in the abuse log consus, but I don't have admin rights or anything to fix it :(
2017-05-02 20:57:30 <clandmeter> from what i know it takes 5h
2017-05-02 20:57:34 <clandmeter> last time i checked
2017-05-02 20:57:46 <TemptorSent> Can that be bypassed by setting a flag?
2017-05-02 20:58:51 <clandmeter> i have no idea
2017-05-02 20:58:57 <clandmeter> this mediawiki drives me mad
2017-05-02 20:59:01 <consus> So any help on that wiki issue? xD
2017-05-02 20:59:23 <^7heo> I told you it's shit
2017-05-02 20:59:36 <ncopa> consus: i've unblocked you
2017-05-02 20:59:37 <^7heo> consus: open a pr against adoc/adoc
2017-05-02 20:59:42 <TemptorSent> Okay, it seems the the single biggest barrier of entry to getting decent docs going is mediawiki.
2017-05-02 20:59:43 <consus> This first time I'll agree with ^7heo
2017-05-02 20:59:50 <^7heo> consus: we'll merge your doc there
2017-05-02 21:00:02 <consus> ^7heo: Will anybody *read* it?
2017-05-02 21:00:10 <clandmeter> why cant it just have a normal user interface
2017-05-02 21:00:13 <consus> I see no links at the main page to your docs
2017-05-02 21:00:28 <^7heo> clandmeter: because people write shit
2017-05-02 21:00:46 <TemptorSent> clandmeter: Because it's a steaming pile of mismatched crap.
2017-05-02 21:00:49 <consus> So what now?
2017-05-02 21:00:52 <consus> Should I wait?
2017-05-02 21:00:59 <consus> Should I press 'Save page'?
2017-05-02 21:01:00 <^7heo> TemptorSent: of course it is the single barrier of entry
2017-05-02 21:01:32 <^7heo> TemptorSent: but apparently it's more important tohave a feature to input docs via the web than to have docs at all
2017-05-02 21:01:32 <TemptorSent> Okay, so what's a BETTER solution, since we all seem to agree that mediawiki isn't worth the electrons it's written on for our purposes.
2017-05-02 21:01:44 <^7heo> gh is a working solution today
2017-05-02 21:01:59 <^7heo> we also have the org, project
2017-05-02 21:02:36 <^7heo> and we can convert doc over
2017-05-02 21:02:50 <^7heo> using pandoc or whatnot
2017-05-02 21:02:52 <TemptorSent> Asciidoc/md?
2017-05-02 21:02:56 <^7heo> adoc
2017-05-02 21:03:15 <consus> asciidoctor xD
2017-05-02 21:03:16 <^7heo> https://github.com/adoc/adoc
2017-05-02 21:03:31 <consus> Link is dead
2017-05-02 21:03:35 <^7heo> https://github.com/adocs/adocs
2017-05-02 21:03:52 <^7heo> sorry, missed the s
2017-05-02 21:03:56 <^7heo> I'm tired
2017-05-02 21:04:07 <mitchty> if you want to know how to get pandoc built on alpine linux this is what i do https://github.com/mitchty/alpine-static-tmux/blob/master/Dockerfile#L90 (note this is used to just build a static pandoc)
2017-05-02 21:04:16 <consus> Hm
2017-05-02 21:04:17 <TemptorSent> Ahh, cool!
2017-05-02 21:04:25 <consus> So how we edit this on web?
2017-05-02 21:04:39 <consus> E.g. I want a nice preview button
2017-05-02 21:04:45 <^7heo> thanks mitchty
2017-05-02 21:04:52 <consus> To make sure my docs do not look like shit
2017-05-02 21:05:02 <mitchty> ^7heo: np, pandoc and idris are most of the reasons for ghc on alpine linux :)
2017-05-02 21:05:46 <TemptorSent> asciidoctor?
2017-05-02 21:06:18 <TemptorSent> Not a perfect rendering, but seems good enough
2017-05-02 21:06:54 <TemptorSent> Actually asciidoctor rendering looks better :)
2017-05-02 21:07:40 <Shiz> actually
2017-05-02 21:07:55 <Shiz> https://github.com/somasis/musl-wiki
2017-05-02 21:08:00 <Shiz> i really liked this too
2017-05-02 21:08:07 <Shiz> (hosted on http://wiki.somasis.org)
2017-05-02 21:09:08 <Shiz> it uses https://github.com/gollum/gollum
2017-05-02 21:10:50 <^7heo> Shiz: afsik that is an option for us too
2017-05-02 21:10:56 <^7heo> afaik*
2017-05-02 21:12:03 <ncopa> clandmeter was testing some documentation engine with git as backend too
2017-05-02 21:12:09 <ncopa> i dont remember which though
2017-05-02 21:12:19 <clandmeter> its  the same
2017-05-02 21:12:21 <^7heo> ncopa: that one
2017-05-02 21:12:31 <^7heo> gosh that network lags
2017-05-02 21:13:16 <clandmeter> I think i can open it up and put the repo on github
2017-05-02 21:13:40 <clandmeter> ppl can take a look at it .
2017-05-02 21:14:11 <^7heo> yeah
2017-05-02 21:20:39 <Shiz> i think i brought itu p before
2017-05-02 21:20:41 <Shiz> :P
2017-05-02 21:30:05 <jirutka> clandmeter: but maybe not under alpinelinux org, to not confuse ppl where the documentation is, until we actually move it
2017-05-02 21:30:41 <clandmeter> its a wiki, add a note :p
2017-05-02 21:32:38 <ncopa> nmeum you beat me on soundtouch :)
2017-05-02 21:32:46 <ncopa> with a second or so
2017-05-02 21:32:55 <nmeum> :D
2017-05-02 21:33:00 <nmeum> I am now working on afl
2017-05-02 21:39:02 <leitao> ncopa, I just fixed the gns3-server in a better way I think
2017-05-02 21:39:13 <leitao> it just copy /bin/busybox to the source package in prepare(0
2017-05-02 21:39:16 <leitao> prepare()
2017-05-02 21:39:20 <leitao> do you mind if I push it?
2017-05-02 21:39:45 <ncopa> ok? where does it get busybox from otherwise?
2017-05-02 21:40:20 <ncopa> i think it fetches busybox from some place and i think it might need static busybox
2017-05-02 21:40:20 <leitao> /bin/busybox.static.
2017-05-02 21:40:21 <jirutka> leitao: there’s new release of LuaJIT, 2.1.0_beta3, and someone mentioned that patch for ppc64le support needs to be updated – can you please do that?
2017-05-02 21:40:24 <ncopa> ah
2017-05-02 21:40:40 <leitao> jirutka, yes. We are still debugging why the PIE is causing trouble.
2017-05-02 21:40:52 <leitao> and gns3-server depends on busybox.
2017-05-02 21:40:56 <jirutka> leitao: okay, thanks! :)
2017-05-02 21:41:11 <ncopa> leitao i think it might need static busybox?
2017-05-02 21:41:19 <leitao> ncopa, yes
2017-05-02 21:41:28 <leitao> /bin/busybox.static
2017-05-02 21:41:39 <ncopa> then i dont understand what you porpose
2017-05-02 21:41:44 <ncopa> propose
2017-05-02 21:41:56 <leitao> on prepare(), I run something like:
2017-05-02 21:42:21 <leitao> if [ "$CARCH" != "x86_64" ] ; then
2017-05-02 21:42:26 <leitao> busybox_bin=$(find . -name busybox -type f)
2017-05-02 21:42:38 <leitao> cp /bin/busybox.static $busybox_bin
2017-05-02 21:43:34 <ncopa> should it not depends on busybox.static then?
2017-05-02 21:43:40 <ncopa> busybox-static package
2017-05-02 21:44:28 <leitao> yes. I though that busybox ships both static and dynamic binaries, but you are correct.
2017-05-02 21:44:40 <ncopa> oh they have bundled a static busybox
2017-05-02 21:44:45 <ncopa> in the source package
2017-05-02 21:44:58 <ncopa> yes, thats wrong on all archs except x86_64
2017-05-02 21:45:00 <ncopa> :)
2017-05-02 21:45:07 <ncopa> leitao please push
2017-05-02 21:45:19 <leitao> ncopa, ok, thanks!
2017-05-02 21:45:31 <leitao> ncopa, we love upstream, don't we?
2017-05-02 21:45:38 <ncopa> and write a comment like "# we cannot use precompiled x86_64 busybox on all archs..."
2017-05-02 21:45:44 <ncopa> yes we do :)
2017-05-02 21:45:53 <ncopa> upstream we love :)
2017-05-02 21:46:03 <ncopa> i have to go
2017-05-02 21:46:40 <ncopa> tmh1999 looks like spl-vanilla has some issue? is it our gcc or the linux-vanilla-dev that is broken?
2017-05-02 21:46:56 <ncopa> tmh1999 could you try figure out why it cannot build 3rd party modules?
2017-05-02 21:47:03 <ncopa> no i have to  run
2017-05-02 21:47:06 <ncopa> see u
2017-05-02 21:47:08 <Shiz> can anyone look at my kernel upgrade :p
2017-05-02 21:47:34 <ncopa> Shiz ping me tm
2017-05-02 21:47:40 <Shiz> alright
2017-05-02 22:46:19 <jirutka> Shiz: what is this? `setfattr -n user.upaste.language -v python3 upaste/upaste.py`
2017-05-02 22:46:49 <Shiz> it makes txt.shiz.me/self have highlighting :P
2017-05-02 22:46:58 <Shiz> something which is broken on my own install since migration
2017-05-02 22:47:08 <Shiz> (upaste uses xattrs to store metadata about a paste)
2017-05-02 22:47:38 <jirutka> interesting
2017-05-03 06:13:06 <Shiz> https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.4-relnotes.txt
2017-05-03 06:13:08 <Shiz> \o
2017-05-03 06:13:26 <Shiz> >Switched Linux getrandom() usage to non-blocking mode,
2017-05-03 06:13:29 <Shiz> this is a bug though
2017-05-03 06:23:03 <clandmeter> ncopa, I think SPL is cache related iirc.
2017-05-03 06:23:21 <clandmeter> ccache
2017-05-03 06:24:21 <Shiz> >../source/Core/DataExtractor.cpp:(.text._ZNK12lldb_private13DataExtractor4DumpEPNS_6StreamEmN4lldb6FormatEmmmmjjPNS_21ExecutionContextScopeE+0x371c): undefined reference to `std::ostream& std::ostream::_M_insert<__float128>(__float128)'
2017-05-03 06:24:23 <Shiz> this is a fun one
2017-05-03 06:24:27 <Shiz> as we disable float128 on ppc
2017-05-03 06:24:49 <Shiz> i think so at least?
2017-05-03 09:13:54 <pickfire> fabled: Why would I want to revert the mpv upgrade?
2017-05-03 09:14:07 <pickfire> 
ACTION checks it's mail

2017-05-03 09:22:54 <^7heo> pickfire: check the ml yeah
2017-05-03 09:24:51 <pickfire> ^7heo: What? mpv broke? It works fine here.
2017-05-03 09:50:22 <^7heo> pickfire: I do not know in details but "it works on my machine" is typical of amateur distributions like arch; and we do not take that as valid QA
2017-05-03 09:52:07 <^7heo> pickfire: please read the log for more info on why it broke and how it's been fixed
2017-05-03 09:52:19 <^7heo> pickfire: ENOTIME here.
2017-05-03 09:53:38 <pickfire> ENOTIME?
2017-05-03 10:00:35 <fabled> pickfire, which video output driver? it was broke for me too (vaapi)
2017-05-03 10:01:05 <Shiz> as in, he has no time himself
2017-05-03 10:01:07 <Shiz> probably
2017-05-03 10:12:51 <pickfire> Ah
2017-05-03 10:15:39 <Shiz> i wonder what the need to disparage other distros is for, though
2017-05-03 12:48:01 <mosez> yay, looks like all my php apps on alpine docker containers are broken :(
2017-05-03 13:11:23 <pickfire> fabled: I use vaapi
2017-05-03 13:11:31 <pickfire> But it didn't break
2017-05-03 13:20:26 <ncopa> mosez did you use edge?
2017-05-03 13:43:19 <mosez> ncopa: yes
2017-05-03 13:47:09 <ncopa> we do break things in edge once in a while
2017-05-03 13:58:27 <mosez> but even a plain upgrade have not solved it... maybe it's time for a fixed version :(
2017-05-03 13:58:43 <jirutka> <Shiz>: "Switched Linux getrandom() usage to non-blocking mode" – we can finally close one quite old bug report :)
2017-05-03 14:01:34 <jirutka> ncopa: clandmeter: I’ve “accidentally” wrote a blogpost about Alpine mirror at vpsFree.cz :) but it’s in Czech: https://blog.vpsfree.cz/podporujeme-alpine-linux-ma-u-nas-hlavni-mirror/; I wrote accidentally b/c Petr Krcmar sent me an email asking for more information, so he can write a blog post, but then he published directly what I wrote him, just with minor modification XD so I revisited it later; however, it was actually very effective
2017-05-03 14:01:34 <jirutka>  approach to force me to write a blog post in less than few months :)
2017-05-03 14:02:18 <jirutka> ncopa: clandmeter: let me know if you wanna translate it to English ;)
2017-05-03 14:04:42 <ncopa> heh
2017-05-03 14:04:48 <ncopa> its work in progress
2017-05-03 14:05:07 <ncopa> i've modified the diagram a bit
2017-05-03 14:05:20 <ncopa> tier1 mirrors are moved down a step
2017-05-03 14:05:53 <ncopa> and we have a "mirror master" instead of the previous tier1
2017-05-03 14:07:04 <clandmeter> jirutka, i updated the pdf
2017-05-03 14:12:11 <jirutka> clandmeter: I think it does not matter for that blogpost, it’s isomorphic (i.e. just changed names) :)
2017-05-03 14:12:27 <jirutka> but thanks for the update of the PDF :)
2017-05-03 14:15:42 <ncopa> but blog post is not accurate
2017-05-03 14:15:53 <ncopa> there will not be any tier3 mirrors
2017-05-03 14:16:23 <ncopa> only tier1 and tier2
2017-05-03 14:16:44 <ncopa> similar to this: https://fedoraproject.org/wiki/Infrastructure/Mirroring/Tiering
2017-05-03 14:17:20 <ncopa> i just want make sure that when we in the future talk about the "tier1 mirrors" we talk about the same thing
2017-05-03 14:17:20 <jirutka> uh, okay, I’ll sent Petr next update
2017-05-03 14:17:55 <jirutka> well, I’ve just used the current version of the diagram (current at 3 AM today)
2017-05-03 14:18:47 <ncopa> still nice with a blog post :)
2017-05-03 14:18:49 <ncopa> thanks!
2017-05-03 14:21:11 <clandmeter> ncopa, did you see my msg about spl and ccache?
2017-05-03 14:21:26 <ncopa> no?
2017-05-03 14:21:37 <clandmeter> i think its related
2017-05-03 14:21:51 <clandmeter> the builder probably has it installed en enabled?
2017-05-03 14:22:19 <clandmeter> atleast i remember i have to disable ccache to make it build
2017-05-03 14:27:30 <ncopa> clandmeter you mean on the s390x builder
2017-05-03 14:27:34 <ncopa> ok i'll check if it is
2017-05-03 14:27:38 <clandmeter> yes
2017-05-03 14:29:17 <ncopa> the config.log of spl-vanilla on build-edge-s390x: http://tpaste.us/xWQv
2017-05-03 14:29:58 <ncopa> interesting
2017-05-03 14:30:01 <ncopa> its perl not found
2017-05-03 14:32:32 <tmh1999> thanks
2017-05-03 14:32:53 <tmh1999> ha
2017-05-03 14:33:02 <tmh1999> yeah
2017-05-03 14:33:21 <ncopa> i wonder if its linux-vanilla-dev that should have it as dependency
2017-05-03 14:33:37 <ncopa> or if it is spl
2017-05-03 14:34:32 <ncopa> declaration   M=/home/buildozer/aports/main/spl-vanilla/src/spl-0.6.5.9/build
2017-05-03 14:34:38 <ncopa> that one looks wrong too
2017-05-03 14:36:27 <ncopa> no. its correct
2017-05-03 14:36:54 <tmh1999> I thought it means to build kernel module of spl-vanilla
2017-05-03 14:40:07 <ncopa> yes
2017-05-03 14:40:36 <ncopa> it looks like its linux-vanilla-dev that needs perl in its depends
2017-05-03 14:40:46 <tmh1999> so installing perl help the build ? I just tried to remove perl to build and got the same error. with perl ok.
2017-05-03 14:40:48 <tmh1999> yeah
2017-05-03 14:40:59 <ncopa> just weird that it does not happen on x86_64
2017-05-03 14:41:12 <ncopa> ok lets add it to linux-vanilla-dev
2017-05-03 14:41:16 <tmh1999> thank you
2017-05-03 14:41:51 <tmh1999> I gotta run. it's finals week here. I will be back later to work on remaining packages on community.
2017-05-03 14:42:01 <ncopa> thakns!
2017-05-03 14:55:06 <ncopa> i wonder if should try catch the builder's errors better
2017-05-03 14:55:16 <ncopa> eg fix build.alpinelinux.org page
2017-05-03 14:55:44 <ncopa> its currently not very visible if builder is actually building or if it choke on some error
2017-05-03 15:06:48 <xentec> building cross compiler broke again... could you please install some ci for them in the near future?
2017-05-03 15:07:16 <xentec> hier is the fix for current breakage btw. https://gist.github.com/xentec/81856fc05d32bbaa8f8c7df9d3a0c672
2017-05-03 15:14:01 <clandmeter> fabled, did you update gcc? ^
2017-05-03 15:28:47 <TemptorSent> jirutka - Reading backlog -- what about getrandom and non-blocking mode?
2017-05-03 15:30:48 <TemptorSent> Do all places using getrandom currently handle th EAGAIN properly?
2017-05-03 18:45:51 <jirutka> clandmeter: ncopa: the blog post is updated, now it reflects the latest version :) https://blog.vpsfree.cz/podporujeme-alpine-linux-ma-u-nas-hlavni-mirror/
2017-05-03 18:48:29 <jirutka> fabled: xentec: I can confirm that, I’ve also tried script/bootstrap.sh yesterday, fixed one breakage in binutils package, but then hit another problem
2017-05-03 18:49:16 <jirutka> fabled: maybe i’d be better to move bootstrapping script(s) to a separate repository, write tests and let them run on CI
2017-05-03 18:49:54 <fabled> jirutka, i've liked to keep it in aports because bootstrap.sh has repository specific knowledge (package ordering, and list of packages which changes across branches)
2017-05-03 18:50:10 <jirutka> fabled: good point
2017-05-03 18:53:32 <jirutka> ncopa: clandmeter: Petr Krčmář has informed me that we have 22 installations of Alpine Linux on vpsFree! that’s not very big number (there are 1 620 VPSes in total), but it increased from 4 to 22 in the last half-year :)
2017-05-03 18:54:09 <ncopa> thats interesting
2017-05-03 19:44:40 <jirutka> clandmeter: heh, right after we published info about mirrors tearing, I read news on root.cz that mirror of Arch Linux on Silicon Hill (student’s club and network at CTU in Prague) has been moved from Tier 2 to Tier 1 :) from the context I assume that they use the same naming as Fedora and as you proposed, i.e. Tier 1 is *not* the mirror master /cc ^7heo (but please don’t open a flame)
2017-05-03 19:50:47 <jirutka> lol, this is almost ridiculous… MySQL and Oracle… what can possibly be wrong XD http://www.openwall.com/lists/oss-security/2017/05/03/10
2017-05-03 20:54:41 <clandmeter> anybody using bonding with alpine linux?
2017-05-03 20:54:59 <_ikke_> have used it
2017-05-03 20:55:14 <clandmeter> which mode?
2017-05-03 20:55:23 <_ikke_> active-backup
2017-05-03 20:55:37 <jirutka> I used to use bonding on Gentoo few years ago and I had a lot of troubles with that; not with configuration, that was easy, but hard-to-troubleshoot problems on network
2017-05-03 20:56:13 <clandmeter> i re-used the debian networking config, but that does not seem to work on alpine.
2017-05-03 20:57:42 <_ikke_> clandmeter: Did you check https://wiki.alpinelinux.org/wiki/Bonding ?
2017-05-03 20:57:53 <clandmeter> yes its very limited
2017-05-03 20:57:56 <_ikke_> right
2017-05-03 20:58:02 <jirutka> I was talking with one admin about that and he told me that implementation of bonding in kernel is not very good and he don’t recommend to use it and he said that if I need boding, then try to use Open vSwitch for that… we had bad experience with 1.x version, but he told me that it was really shitty, but 2.x is good… well, after few years experience with Open vSwitch, I don’t recommend even that…
2017-05-03 20:58:06 <clandmeter> i need to use mode 4
2017-05-03 20:58:24 <clandmeter> 802.3ad
2017-05-03 20:58:45 <jirutka> but we used Open vSwitch for use case where it was quite an overkill
2017-05-03 20:59:23 <jirutka> I should be still able to configure it on Gentoo with netifrc, but I have no idea how to do that with debian-style config we have in Alpine
2017-05-03 20:59:57 <clandmeter> would be nice to get it working on alpine
2017-05-03 21:00:05 <jirutka> ofc :)
2017-05-03 21:00:05 <clandmeter> 20Gbit sounds sweet :)
2017-05-03 21:00:57 <jirutka> but unfortunately I don’t know, I have still some minor trouble even with basic network configuration with multiple interfaces on Alpine, not even talking about bonding
2017-05-03 21:01:29 <jirutka> and also I haven’t studied what “magic” netifrc actually do behind the scene
2017-05-03 21:01:50 <jirutka> 20 Gbps sounds good, but really, do we need it? I don’t think so :)
2017-05-03 21:02:03 <jirutka> 10 Gbps is still way more we actually need imo
2017-05-03 21:02:19 <clandmeter> if you get it, why not use it?
2017-05-03 21:02:27 <_ikke_> 10gb is quite a lot
2017-05-03 21:02:29 <jirutka> yes, I’d also try it…
2017-05-03 21:04:32 <jirutka> but don’t be so crazy as me to waste time on something you just *want* to get working, no matter if you actually need it, just because you refuses to give up… :)
2017-05-03 21:04:57 <clandmeter> its the only way to get things working ;-)
2017-05-03 21:05:19 <jirutka> yes, but the important part is “no matter if you actually *need* it” :)
2017-05-03 21:06:38 <jirutka> sometimes I spend a lot of time on solving some issue and when I get it and *after* that I start thinking if it’s really the best solution and the thing I really want :)
2017-05-03 21:07:25 <xentec> is an apk dev present right now?
2017-05-03 21:07:28 <clandmeter> there are so many settings to bonding.. i should have checked the debian install more carefully
2017-05-03 21:07:36 <jirutka> xentec: you mean fabled?
2017-05-03 21:08:10 <jirutka> clandmeter: yeah, there are multiple modes how to set it up and it *must* be the same that is configured on the switch
2017-05-03 21:17:46 <xentec> well fabled then :) I ask you to look at following apk trace: https://dpaste.de/rH4g#L1,2420,2422,2423 (specifically the lines)
2017-05-03 21:18:43 <xentec> I wanted to fetch a meta-package (with no cache enabled) but apk refuses to do even though it was able to install it
2017-05-03 21:18:48 <jirutka> hmm, this is very nice pastebin service!
2017-05-03 21:18:48 <clandmeter> he is probably sleeping already.
2017-05-03 21:19:40 <xentec> then I hope he'll read it tomorrow.. because to me it looks like a strange bug
2017-05-03 21:19:52 <jirutka> ah, I’ve already stared it on GH some time ago… it’s unfortunately based on Django… ./
2017-05-03 21:20:37 <jirutka> xentec: what exactly “Reply to this snippet” do?
2017-05-03 21:21:38 <xentec> probably creating a new paste with a link to the old one.. I don't use it often ;)
2017-05-03 21:21:46 <xentec> the site I mean
2017-05-03 21:22:35 <jirutka> xentec: I see, it’s more similar to Gists than classic Pastebin
2017-05-03 21:24:02 <jirutka> I think that I’ll start to use it as default pastebin when I need to paste something from web browser :) (I use our tpaste.us for pasting from terminal)
2017-05-03 21:24:08 <xentec> fabled: strangly enough alpine-base downloads just fine
2017-05-03 21:24:46 <clandmeter> jirutka, you can also paste from browser with tpaste
2017-05-03 21:24:56 <jirutka> clandmeter: huh, how?
2017-05-03 21:25:05 <clandmeter> check tpaste.us
2017-05-03 21:25:10 <clandmeter> it has a form link
2017-05-03 21:25:36 <jirutka> aha, I totally overlooked this XD
2017-05-03 21:25:43 <clandmeter> :)
2017-05-03 21:25:53 <jirutka> heh, interesting hack!
2017-05-03 21:26:56 <jirutka> clandmeter: btw you should fix the link, you’ve moved the repo… ;)
2017-05-03 21:27:10 <clandmeter> i need to fix this bond ;-)
2017-05-03 21:27:14 <clandmeter> no not james bond
2017-05-03 21:27:17 <clandmeter> :p
2017-05-03 21:27:59 <clandmeter> is it a kernel option to configure network drivers with ethtool support?
2017-05-03 21:28:21 <jirutka> btw do you remember that outage few days ago? I realized that I depend on tpaste too much, I literally cannot work without it…
2017-05-03 21:28:36 <clandmeter> :)
2017-05-03 21:28:47 <clandmeter> the counter is going up :)
2017-05-03 21:28:54 <jirutka> it’s extremely convenience
2017-05-03 21:29:02 <clandmeter> and fast :D
2017-05-03 21:29:15 <clandmeter> that reminds me
2017-05-03 21:29:25 <clandmeter> i saw some strange piece of code in lua  turbo
2017-05-03 21:29:32 <clandmeter> maybe just a typo
2017-05-03 21:30:48 <clandmeter> interesting, it says no link.
2017-05-03 21:32:34 <jirutka> I even shut down my previous paste service already, b/c it needed whole script for pasting and after moving from Gentoo to Alpine I started to be like “wtf, why i should install so much bloat just to paste?” and even copying shell scripts to all servers is still bad in comparison with copying one short curl command
2017-05-03 21:33:25 <jirutka> now I have alias tpaste in my default .profile
2017-05-03 21:34:06 <clandmeter> apk add tpaste is not ok?
2017-05-03 21:34:43 <jirutka> heh, I didn’t know about it XD
2017-05-03 21:34:48 <xentec> jirutka, what reason puts https://github.com/alpinelinux/aports/pull/1250 on 'hold'? :)
2017-05-03 21:35:13 <jirutka> xentec: we haven’t settled on how to treat rust packages yet
2017-05-03 21:35:35 <xentec> too bad
2017-05-03 21:35:46 <jirutka> xentec: and we don’t want to let any third-party package manager download dependencies from Internet
2017-05-03 21:37:09 <jirutka> I have already some proof-of-concept solution, but we haven’t discussed it yet; https://gist.github.com/jirutka/59be5141dd442abcbc183431e0cef8eb
2017-05-03 21:37:42 <xentec> damn
2017-05-03 21:39:24 <xentec> I guess it's even more complicated with go
2017-05-03 21:39:59 <clandmeter> jirutka is a big fan of go :)
2017-05-03 21:41:16 <jirutka> go is total mess, but they converged to “vendoring” dependencies, i.e. the most stupid thing, literally copying sources of all dependencies into the project’s repository; however, despite the fact that it’s plain stupid, it’s very simple for us for packaging
2017-05-03 21:42:09 <clandmeter> that is what makes cargo so slow...
2017-05-03 21:42:19 <jirutka> what?
2017-05-03 21:42:23 <clandmeter> pulling in deps
2017-05-03 21:42:38 <xentec> heh.. and I thought it's a syncthing.. thing
2017-05-03 21:42:52 <xentec> speaking of which.. what about this PR? https://github.com/alpinelinux/aports/pull/1286 :D
2017-05-03 21:43:25 <jirutka> to be honest, cargo already do the right thing (not by default, but with options) – Cargo.lock contains exact versions of all dependencies, including checksums, and they are validated when fetched, so basically the same verification we do in abuilds
2017-05-03 21:43:48 <clandmeter> but its slow...
2017-05-03 21:43:54 <clandmeter> and rust is also slow
2017-05-03 21:44:02 <clandmeter> so its really slow
2017-05-03 21:44:06 <jirutka> that’s bullshit
2017-05-03 21:44:07 <clandmeter> did i mention its slow?
2017-05-03 21:44:10 <xentec> you mean rustc?
2017-05-03 21:44:16 <clandmeter> yes
2017-05-03 21:44:18 <jirutka> Rust is not slow
2017-05-03 21:44:32 <jirutka> wait, so what exactly do you mean that is slow?
2017-05-03 21:44:36 <xentec> rust is as slow as c++14 :D
2017-05-03 21:44:36 <jirutka> rustc like compiler?
2017-05-03 21:44:44 <clandmeter> yes
2017-05-03 21:44:51 <clandmeter> building a rust pkg is slow
2017-05-03 21:44:51 <jirutka> b/c programs written in Rust are definitely not slow
2017-05-03 21:44:59 <jirutka> yes, it is, but not because of fetching deps
2017-05-03 21:45:04 <jirutka> but compiling deps
2017-05-03 21:45:12 <clandmeter> also fetching
2017-05-03 21:45:26 <xentec> rustc is slow because it has shitton of checking
2017-05-03 21:45:26 <clandmeter> i added librespot recently
2017-05-03 21:45:29 <jirutka> and compiling is slow b/c it do many checks and optimizations, the thing C++ never heard of…
2017-05-03 21:45:40 <clandmeter> and it felt slow
2017-05-03 21:45:45 <clandmeter> to build that is.
2017-05-03 21:45:48 <clandmeter> not running.
2017-05-03 21:46:01 <jirutka> if you think that cargo is slow in fetching, then try https://gist.github.com/jirutka/59be5141dd442abcbc183431e0cef8eb … it uses curl to fetch deps and it’s like 100 times slower
2017-05-03 21:46:39 <jirutka> it’s so extremely slow that I’m seriously considering how to use curl more efficiently in abuild or what else to use
2017-05-03 21:47:16 <jirutka> also I think that you have confused fetching deps and fetching index
2017-05-03 21:47:23 <xentec> jirutka, could you please reply about my syncthing pr? https://github.com/alpinelinux/aports/pull/1286 I'd like it to be in aports but you won't tell me what's missing
2017-05-03 21:47:57 <jirutka> cargo must fetch index first, it’s cloning quite big git repo, so it’s indeed slow, then it fetches deps
2017-05-03 21:48:54 <jirutka> everything is what fabled considering for APKINDEX sounds like nano-optimizations in comparison of cargo index… it was imo very stupid idea to do it in that way
2017-05-03 21:49:57 <jirutka> but normally you don’t need to fetch whole index on every build…
2017-05-03 21:51:11 <jirutka> xentec: A-improve doesn’t mean that you should improve something, but that this PR improves apkbuild ;)
2017-05-03 21:51:41 <xentec> that I've figured out
2017-05-03 21:52:18 <jirutka> okay, then it’s not that I don’t wanna tell you what’s missing, I just haven’t reviewed it yet and no one else ;)
2017-05-03 21:53:09 <jirutka> currently I’m adding labels manually, but in mass to all new PRs, before I write a bot to do that instead of me :P
2017-05-03 21:53:45 <jirutka> so when I’ve added the label doesn’t mean that I’ve ever read that PR
2017-05-03 21:54:27 <jirutka> i’ll be hopefully more clear when algitbot start adding label right after PR is created, not me after some time
2017-05-03 22:01:08 <jirutka> clandmeter: actually, maybe I was not clear enough :) curl is so horribly slow in comparison of cargo that it’s one of major reasons why I haven’t pushed that solution further and still thinking if it’s really reasonable to do that, instead of just letting cargo download deps with --frozen (i.e. it requires Cargo.lock and verifies checksums) :)
2017-05-03 22:01:53 <jirutka> however, one of advantages of this solution is that it unpacks sources of all dependencies in $srcdir, so we are able to patch them if needed
2017-05-03 22:04:41 <clandmeter> i just downloaded alpine extended in 1s
2017-05-03 22:04:57 <clandmeter> seems alpine releases are not big enough to properly test network speed
2017-05-03 22:05:00 <jirutka> I’m also considering naming the deps in APKBUILD (or more specifically, using script to gather them from Cargo.lock and write into APKBUILD) like Gentoo do, but I don’t like about it that we would end-up with very long generated list of names in APKBUILD that will just duplicate information from project’s Cargo.lock
2017-05-03 22:05:03 <clandmeter> :)
2017-05-03 22:05:16 <jirutka> heh
2017-05-03 22:07:23 <jirutka> the thing I don’t like probably the most about my proposal is that it requires copying project’s Cargo.lock file into aports repo, to be able to fetch all deps in fetch phase and unpack the project’s tarball in unpack phase, not in fetch phase
2017-05-03 22:10:07 <Shiz>     jirutka │ <Shiz>: "Switched Linux getrandom() usage to non-blocking mode" – we can finally close one quite old bug report :)
2017-05-03 22:10:09 <Shiz> no, because it's broken
2017-05-03 22:10:16 <Shiz> and should be reverted
2017-05-03 22:10:20 <jirutka> Shiz: aha
2017-05-03 22:10:27 <jirutka> Shiz: broken in what way?
2017-05-03 22:11:17 <Shiz> because it will lead to providing unsafe entropy
2017-05-03 22:11:24 <Shiz> when the random pool isn't initialized yet
2017-05-03 22:13:17 <jirutka> hm, so another bad commit from OpenBSD devs…? o.O
2017-05-03 22:13:40 <Shiz> well
2017-05-03 22:13:52 <Shiz> we've been wtfing at libressl's getentropy() for a while now
2017-05-03 22:14:26 <jirutka> in what channel? :)
2017-05-03 22:14:27 <Shiz> but basically, if getrandom() fails (which it will with this commit at boot), AND /dev/urandom fails, it will just gather a bunch of 'seemingly-random' data and tell you it's entropy
2017-05-03 22:14:35 <Shiz> #musl, but that was like 2 years go
2017-05-03 22:14:37 <Shiz> :P
2017-05-03 22:14:45 <Shiz> see: https://github.com/openbsd/src/blob/edb2eeb7da8494998d0073f8aaeb8478cee5e00b/lib/libcrypto/arc4random/getentropy_linux.c#L339
2017-05-03 22:14:51 <Shiz> it's just a bunch of nonsense
2017-05-03 22:16:15 <jirutka> well, i don’t speak C, so most of C code, especially in OpenSSL/LibreSSL, looks like bunch of nonsense for me :)
2017-05-03 22:19:25 <Shiz> hopefully you can at least see why getpid(), gettimeofday(), dl_iterate_phdr() and clock_gettime() aren't proper random entropy
2017-05-03 22:19:27 <Shiz> :P
2017-05-03 22:21:55 <jirutka> imo it may be good enough entropy when “true random” entropy is not stricly required
2017-05-03 22:37:34 <Shiz> no
2017-05-03 22:37:36 <Shiz> it is not
2017-05-03 22:38:01 <Shiz> the correct solution is to wait, not to provide fake entropy that WILL be used in cryptographic operations
2017-05-03 23:08:33 <jirutka> andypost: hi, long time no see you!
2017-05-03 23:08:42 <jirutka> andypost: I need your help :)
2017-05-03 23:12:38 <andypost> jirutka, hi there!
2017-05-03 23:13:02 <andypost> jirutka, I seen you commited php7
2017-05-03 23:13:32 <andypost> jirutka, but some clean-ups still could be ported
2017-05-03 23:14:18 <jirutka> andypost: I’m gonna commit some now
2017-05-03 23:14:51 <jirutka> andypost: do you know answer for the question in https://github.com/alpinelinux/aports/pull/1339#discussion_r114595859 ?
2017-05-03 23:15:23 <TemptorSent> Shiz: Any thoughts on a good means of initilizing the entropy pool when we don't have a HWRNG or user activity? (Embedded/VM)
2017-05-03 23:16:06 <andypost> jirutka, ah, pecl for pear!
2017-05-03 23:16:07 <TemptorSent> IMHO, if getrandom fails, crypto startup should be delayed until it succeeds.
2017-05-03 23:16:16 <jirutka> Shiz: ^ that’s pretty good question! is not very good entropy better than no entropy and so no encryption…? ;)
2017-05-03 23:16:16 <TBB> there's no such thing as a good means in that scenario
2017-05-03 23:16:43 <andypost> jirutka, basically build tools are required mostly always to compile src
2017-05-03 23:17:05 <jirutka> andypost: the question is if pear somehow needs pecl
2017-05-03 23:17:10 <andypost> jirutka, pecl & pear are just 2 package delivery tools
2017-05-03 23:17:10 <TBB> although, if you can get any "good" entropy then you can pull /etc/init.d/urandom on it (save seed for next session)
2017-05-03 23:17:15 <jirutka> andypost: or we can move pecl to a separate subpackage
2017-05-03 23:17:42 <jirutka> TBB: I’ve tried that and IIRC it didn’t help at all
2017-05-03 23:17:58 <andypost> jirutka, better separate because pecl is more recent but pear mostly tooo outdated code
2017-05-03 23:18:17 <TemptorSent> TBB: I can think of several, but it requires reordering part of boot to get some at least reasonably unique if not random data to seed a PRNG.
2017-05-03 23:18:19 <jirutka> TBB: andypost so pecl is a replacement for pear?
2017-05-03 23:18:32 <andypost> jirutka, not
2017-05-03 23:19:40 <andypost> jirutka, they are kinda orthogonal http://pear.php.net/ http://pear.php.net/
2017-05-03 23:19:49 <andypost> jirutka, they are kinda orthogonal http://pear.php.net/ http://pecl.php.net/
2017-05-03 23:20:08 <TBB> jirutka: could be it doesn't work, but that's basically how many distros try to circumvent the "not enough entropy" problem. naturally tho, if root is encrypted then it won't help early init
2017-05-03 23:20:42 <TemptorSent> At the very least, using time to key a pair of PRNGs and using those to read random byte ranges from the kernel, xor them, and checksum the resut, then feed that to /dev/urandom.
2017-05-03 23:22:25 <TemptorSent> Something so your initial entropy seed is not easily guessed, but still should be refilled with cryptographically secure entropy ASAP
2017-05-03 23:23:03 <jirutka> andypost: hm, pear also mentions “extensions”, so both pear and perl extensions are compiled and so needs gcc, autoconf, …?
2017-05-03 23:23:08 <andypost> jirutka, I actually can't remember when I used pear last time( it's not require build tools but pecl require
2017-05-03 23:23:51 <andypost> jirutka, no! pear mostly php "none-compilable" (includable) code
2017-05-03 23:24:32 <jirutka> andypost: and pecl is for compiled extensions…? or both…?
2017-05-03 23:24:55 <andypost> jirutka, pecl is exactly compilable
2017-05-03 23:26:02 <jirutka> andypost: okay, so -pear should depend only on php7-common and pecl on php7 gcc autoconf pcre-dev, right?
2017-05-03 23:26:19 <andypost> jirutka, and pecl is most used
2017-05-03 23:31:12 <jirutka> andypost: I’m gonna fix https://github.com/alpinelinux/aports/pull/1339#discussion_r114501722, https://github.com/alpinelinux/aports/pull/1339#discussion_r114503980, https://github.com/alpinelinux/aports/pull/1339#discussion_r114505813 and most likely https://github.com/alpinelinux/aports/pull/1339#discussion_r114522462 … anything else you think that should be ported?
2017-05-03 23:32:18 <jirutka> andypost: and also any idea about: I totally don’t understand why php refuses to even build them together… There’s actually no problem with building them together, so I thought that they cannot be loaded together (and it even failed when I tried, but just b/c of order as you’ve said).
2017-05-03 23:32:38 <jirutka> andypost: with them I mean recode and imap
2017-05-03 23:33:07 <andypost> jirutka, that's total wtf, I can't find reason as well
2017-05-03 23:34:20 <andypost> jirutka, that's probably could be caused by that some extensions works fragile when bundled, but php suggests to bundle default set of extensions
2017-05-03 23:34:43 <jirutka> aha
2017-05-03 23:35:53 <andypost> jirutka, http://php.net/manual/en/extensions.membership.php#extensions.membership.bundled
2017-05-03 23:37:29 <andypost> jirutka, check here huge warning http://php.net/manual/en/recode.installation.php
2017-05-03 23:37:31 <jirutka> andypost: also I’m thinking about adding some meta subpackage that would pull all extensions, for use cases when you have no idea what extensions some php crap needs and just want it to quickly try it without guessing or manually naming all subpackages; any idea how to name it?
2017-05-03 23:37:53 <andypost> jirutka, in most distros it's php-common
2017-05-03 23:38:16 <jirutka> or maybe metasubpackage for all extensions listed as “bundled” on the site you’ve referenced
2017-05-03 23:38:52 <jirutka> I think that information on that site is incorrect, Tokenizer can be built as shared, I’ve done it…
2017-05-03 23:39:28 <jirutka> and phar as well…
2017-05-03 23:39:43 <jirutka> and sessions
2017-05-03 23:39:57 <jirutka> aha, “with compilation options”
2017-05-03 23:40:12 <jirutka> err, “cannot be left out of a PHP binary with compilation options”
2017-05-03 23:41:20 <jirutka> hm, so maybe php7-core-exts for the ones on the “Core Extensions” list?
2017-05-03 23:41:53 <jirutka> but php7-bundled-exts looks somehow wrong, b/c we don’t bundle them :)
2017-05-03 23:41:59 <andypost> jirutka, I'm checking other distros
2017-05-03 23:43:05 <jirutka> ad php-common, we already use it for configs… vakartel proposed to rename it to php-config, but I’d rather avoid renaming it, it may case a lot of confusion for users :/
2017-05-03 23:44:11 <andypost> jirutka, yes, good point about rename
2017-05-03 23:44:18 <jirutka> I’ve checked Fedora when I was rewriting it and they use different approach, they don’t separate every extension
2017-05-03 23:46:19 <andypost> jirutka, I also find useless to separate bundled extensions cos average users expects this extensions enabled after "installing php7"
2017-05-03 23:47:28 <jirutka> andypost: I don’t consider it useless, just it’d be nice to provide a metapackage to easily pull all extensions that are usually “bundled”
2017-05-03 23:47:57 <andypost> jirutka, btw I faced many times with issues when php-apps supposes bcmath & gd extensions preinstalled
2017-05-03 23:48:02 <jirutka> just need to figure out proper name for it :)
2017-05-03 23:48:34 <jirutka> especially gd extension should be optional, b/c it has many dependencies
2017-05-03 23:48:45 <andypost> jirutka, on other hand php7-gd require a lot of deps
2017-05-03 23:49:42 <andypost> jirutka, but I expects just a few web-ui scripts that can process media without gd)
2017-05-04 00:03:14 <arch3y_> does the linux-headers pkg provide the kernel headers for the linux-hardened kernel
2017-05-04 00:40:50 <jirutka> andypost: are you still here?
2017-05-04 00:41:37 <andypost> jirutka, yep, digging why php7-soap does not work
2017-05-04 00:42:22 <xentec> arch3y_, linux-*-dev pkgs do
2017-05-04 00:44:09 <arch3y_> xentec: thats what I thought thanks
2017-05-04 00:44:36 <jirutka> andypost: I’d like to ask you, could you please create php7-* pkgs for extensions we used to provide php5-* package for in v3.5 main or community? there are few missing and I’m afraid that users may complain that they disappeared in v3.6
2017-05-04 00:46:06 <andypost> jirutka, do you mean base packages or the list from https://goo.gl/w2qgEz
2017-05-04 00:46:48 <jirutka> andypost: from the list, only pkgs in main or community and ofc the ones that support php7 and are not already dead
2017-05-04 00:48:52 <jirutka> andypost: I’ve moved all php7-* from testing that were in main or community as php5-* plus php7-redis and some other i don’t remember now
2017-05-04 00:49:14 <jirutka> andypost: but I didn’t find php7-* pkg for some
2017-05-04 00:53:43 <jirutka> andypost: hm, actually, they are probably in vakartel’s PR https://github.com/alpinelinux/aports/pull/1061, but in not very good shape and also I doubt that he actually tested them, b/c he added check function, but apparently don’t bother that for most packages no test is actually run b/c of missing extensions and for the rest some tests fail, but the failures are just ignored
2017-05-04 00:57:26 <andypost> jirutka, as I see only php7-apcu & php-xdebug are affected by php7 version change, the rest are php5
2017-05-04 00:57:47 <andypost> jirutka, and both works, just installed and tested
2017-05-04 00:57:51 <jirutka> andypost: like php5-only?
2017-05-04 00:58:20 <andypost> jirutka, yes, the rest are php5 only
2017-05-04 00:59:06 <andypost> jirutka, php7-redis broken
2017-05-04 01:01:27 <andypost> jirutka, https://gist.github.com/andypost/6b34d8db1f94197d6c04ae41b707ab77
2017-05-04 01:03:59 <andypost> jirutka, do you have any idea how to make check() for php? installing each extension and use php --re apcu for example
2017-05-04 01:04:57 <jirutka> andypost: this is normal for php extensions, they depend on symbols from php executable, so ldd always reports many not found symbols
2017-05-04 01:06:12 <jirutka> andypost: or do you see some extensions needed to be added to deps…? I don’t remember what symbols are exported by php executable
2017-05-04 01:08:59 <jirutka> andypost: about check(), I was trying to find some way how to tell that stupid php test script to load specific extensions in addition, but found nothing; probably the only usable env. variable is some that referes php.ini file that should be loaded, we can probably generated file just with load_module (or how is that called), but I haven’t tried it yet
2017-05-04 01:09:56 <jirutka> andypost: the hack I used in php7 pkg to affect load order for tests cannot be used for extensions as-is
2017-05-04 01:17:49 <andypost> jirutka, I was wrong about php-soap - it works but php-xdebug needs rebuild https://gist.github.com/andypost/6b34d8db1f94197d6c04ae41b707ab77
2017-05-04 01:20:53 <jirutka> andypost: yeah, someone reported it on bugs.a.o, that xdebug is broken, but I don’t know why
2017-05-04 01:21:06 <jirutka> andypost: so it really needs to be rebuilt?
2017-05-04 01:22:43 <andypost> jirutka, yep, but I guess better to to increase "pkgrel" to 1
2017-05-04 01:23:15 <jirutka> not better, but necessary, to rebuild it :)
2017-05-04 01:25:33 <jirutka> andypost: okay, I’ve pushed rebuild
2017-05-04 01:26:14 <jirutka> andypost: and few changes for php7 pkg https://github.com/alpinelinux/aports/pull/1345 … I’ll add pear/pecl split later
2017-05-04 01:26:21 <jirutka> andypost: into this PR
2017-05-04 01:26:26 <jirutka> andypost: that’s why WIP
2017-05-04 01:27:53 <andypost> jirutka, https://github.com/alpinelinux/aports/pull/1346
2017-05-04 01:28:51 <jirutka> andypost: php 7.0 is gone…
2017-05-04 01:29:29 <jirutka> andypost: there’s only community/php7 in version 7.1.4
2017-05-04 01:29:35 <jirutka> andypost: and I’ve already pushed https://github.com/alpinelinux/aports/commit/26d96b3a7913462c8c094dd36f662892f540d5cb
2017-05-04 01:30:17 <jirutka> andypost: I need to go sleep now, too tired; see ya! o/
2017-05-04 01:31:09 <andypost> jirutka, ah are fast)
2017-05-04 04:58:42 <fabled> jirutka, in things like apk the nano-optimizations mean a lot since bulk of the work is repeating the nano-jobs :) ... but it's true some of it could be improved.
2017-05-04 05:25:12 <TemptorSent> fabled: Which specific optimizations are you referring to there?
2017-05-04 06:00:29 <kaniini> likely things like using apk_istream_splice()
2017-05-04 06:01:20 <kaniini> honestly, apk is pretty decently clean if you sit down and start digging into it
2017-05-04 06:05:25 <TemptorSent> I'm sure, but the lack of design documentation , obtuse variable names, and minimal comments makes it very hard to follow even for an experienced C coder.
2017-05-04 06:06:28 <TemptorSent> I don't have anything like a clear mental picture of the basic code paths, let alone obscure details.
2017-05-04 06:09:10 <TemptorSent> kaniini: It also seems incredibly difficult to reuse various code sections in manners different than their original design (Such as pkgname vs. pkg atom vs. filename parsing)
2017-05-04 06:09:55 <kaniini> as previously stated, atoms are obsolete and not actually used anymore :P
2017-05-04 06:10:19 <TemptorSent> Right now I'm working on stubbing together a bottom-up deptree builder in awk which may be of interest for apk at some point in C.
2017-05-04 06:10:53 <TemptorSent> Okay - can you clarify the term 'atom' vs '$pkgname-$pkgver'
2017-05-04 06:11:41 <kaniini> that's one and the same, it's for display only
2017-05-04 06:11:48 <kaniini> apk itself cares about dependencies
2017-05-04 06:12:12 <kaniini> $pkgname-$pkgver is not a dependency, $pkgname=$pkgver is a dependency
2017-05-04 06:12:40 <kaniini> in reality, we should output $pkgname=$pkgver as the way of describing package 'atoms'
2017-05-04 06:13:10 <TemptorSent> $pkgname=$pkgver is a dependency on the specific atom (meaning atomically defined unit) $pkgname-$pkgver
2017-05-04 06:13:26 <kaniini> the downside to that would be that somebody copy and paste it from apk search and then gets very confused when they dist-upgrade
2017-05-04 06:14:16 <kaniini> you can also do
2017-05-04 06:14:21 <TemptorSent> $pkgname>$pkgver is a dependency on the SET of atoms ($pkgname-$pkgver, $pkgname-$latestpkgver]
2017-05-04 06:14:49 <kaniini> $pkgname><$base64_short_checksum
2017-05-04 06:14:58 <kaniini> to designate a package with a specific checksum
2017-05-04 06:15:05 <kaniini> i guess that probably would have been useful to mention earlier
2017-05-04 06:15:08 <kaniini> 
ACTION whistles

2017-05-04 06:15:09 <TemptorSent> Set theory says you need atoms for proper dep resolution.
2017-05-04 06:15:32 <kaniini> nope, those are providers
2017-05-04 06:15:36 <TemptorSent> Technically, the atoms should include arch IMHO.
2017-05-04 06:16:00 <TemptorSent> The provider has to resolve to an apk at some point, right?
2017-05-04 06:16:18 <kaniini> anyway i've tried to explain this a dozen times now, so i see no point in explaining it a 13th time
2017-05-04 06:16:25 <TemptorSent> At that point in time, you have to choose a particular atom, since you can't have part of one version and part of another (hence tha atomic part)
2017-05-04 06:16:27 <kaniini> not necessarily
2017-05-04 06:17:26 <TemptorSent> What I'm looking for is what maps a successful dep resolution to the apk you need to fetch to actually install it?
2017-05-04 06:17:42 <kaniini> if i told you, i'd have to kill you
2017-05-04 06:17:53 <TemptorSent> *lol* Yeah, that's what I was afraid of.
2017-05-04 06:18:25 <TemptorSent> That mapping is where things go to hell logically between deps and 'atoms'
2017-05-04 06:18:46 <kaniini> again: atoms don't exist.  they are like an appendix.
2017-05-04 06:19:03 <kaniini> don't even think about them when trying to understand how apk works, it's a waste of time
2017-05-04 06:19:22 <TemptorSent> Well, they exist for the purpose of naming an apk, which is where I'm having real problems with the way apk works.
2017-05-04 06:19:47 <kaniini> oh
2017-05-04 06:19:54 <kaniini> apk itself
2017-05-04 06:19:59 <kaniini> does not care what the apks are named, actually
2017-05-04 06:20:10 <kaniini> the APKINDEX tells it that
2017-05-04 06:20:11 <kaniini> :)
2017-05-04 06:20:33 <kaniini> it just /happens/ that abuild produces apks like foo-1.0-r2.apk
2017-05-04 06:20:38 <TemptorSent> Okay, so how the hell am I supposed to know the FILENAME of the apk I end up fetching BEFORE I fetch it?
2017-05-04 06:20:46 <kaniini> and that for historical reasons, apk-tools renders the formats that way
2017-05-04 06:20:48 <kaniini> like i said
2017-05-04 06:20:52 <kaniini> it's in the APKINDEX
2017-05-04 06:21:02 <TemptorSent> Which I can't actually query.
2017-05-04 06:21:09 <kaniini> sure you can
2017-05-04 06:21:19 <kaniini> hint: it's a text file
2017-05-04 06:21:42 <TemptorSent> That's nice, but I don't know what the dep-solver is going to end up with until I run it.
2017-05-04 06:21:57 <TemptorSent> And I have no reverse-index.
2017-05-04 06:23:24 <TemptorSent> So I do 'apk fetch linux-hardened zfs-hardened zfs' -- what files do I actually get? How about with a recursive fetch? Virtuals? That's where it goes to hell real fast for scripting anything.
2017-05-04 06:24:07 <kaniini> so for example,
2017-05-04 06:24:08 <kaniini> you have
2017-05-04 06:24:16 <kaniini> P:p11-kit
2017-05-04 06:24:17 <kaniini> C:Q1xRdw3TK+N+0zc5r9/3U3hwvvI64=
2017-05-04 06:24:20 <TemptorSent> Currently, to handle a recursive fetch, I get to create a new directory and fetch -r -o to there, then read the list of files I actually got
2017-05-04 06:24:22 <kaniini> V:0.23.2-r1
2017-05-04 06:24:44 <kaniini> and you can do
2017-05-04 06:25:09 <kaniini> raccoon:~# apk add 'p11-kit><Q1xRdw3TK+N+0zc5r9/3U3hwvvI64='
2017-05-04 06:25:14 <kaniini> (1/2) Installing libtasn1 (4.10-r0)
2017-05-04 06:25:16 <kaniini> (2/2) Installing p11-kit (0.23.2-r1)
2017-05-04 06:25:52 <TemptorSent> Since doing simulate first isn't gurarenteed to give me back the same list I actually get when I fetch (say update was run from somethign else between the ccalls)
2017-05-04 06:26:08 <kaniini> apk does not even care about the -rXYZ part
2017-05-04 06:26:14 <TemptorSent> Yeah, apk add works great -- its FETCH that screws me.
2017-05-04 06:27:06 <TemptorSent> Add acts atomically, but since I can't generate actual atoms and fetch those, fetch does not.
2017-05-04 06:28:11 <TemptorSent> I also apparently can't just hand it an apk file either :)
2017-05-04 06:29:03 <TemptorSent> So if fetch could fetch by actual filename, that would solve it.
2017-05-04 06:29:23 <TemptorSent> But otherwise, it's a guessing game.
2017-05-04 06:30:16 <TemptorSent> So the checksums is now the actual atom for set-theoretic purposes?
2017-05-04 06:31:45 <TemptorSent> Or UUID if you will?
2017-05-04 06:33:05 <kaniini> well
2017-05-04 06:33:10 <kaniini> its a checksum
2017-05-04 06:33:11 <kaniini> lol
2017-05-04 06:34:15 <TemptorSent> Yes, I mean for purposes of meeting the set-theoretic requirements of uniqueness, onto, and one-to-one.
2017-05-04 06:34:35 <kaniini> it is most likely unique, sure
2017-05-04 06:34:37 <TemptorSent> It doesn't work well in terms of being well-ordered however.
2017-05-04 06:35:46 <TemptorSent> In that respect, the former atoms are superior.
2017-05-04 06:36:24 <kaniini> well, they still exist technically.  it's just that the depsolver doesn't look at it like that
2017-05-04 06:36:40 <TemptorSent> Ideally, a single string could both uniquely identify AND properly order the elements of the set.
2017-05-04 06:37:48 <TemptorSent> So any new version of a package sorts logically.
2017-05-04 06:39:08 <TemptorSent> Even better would be allowing identification down to the individual file level using the same scheme.
2017-05-04 06:41:41 <kaniini> sounds good, look forward to the patch
2017-05-04 06:41:44 <kaniini> 
ACTION runs away

2017-05-04 06:41:45 <TemptorSent> (tar -xzf $apkfile $@)
2017-05-04 06:41:57 <TemptorSent> I have it in awk :)
2017-05-04 06:43:41 <TemptorSent> The next logical step is to make it a set of proper merkle dags, one for semantic name, one for content, and possibly one for meta-data.
2017-05-04 06:44:18 <TemptorSent> Right now I'm just carrying the checksums for each dep, not yet checksumming levels in the dep tree.
2017-05-04 06:46:39 <TemptorSent> If we cascade the checksum for each dep down its entire dep tree, we can significantly cleanup the dep resolution and caching.
2017-05-04 06:47:34 <kaniini> 
ACTION is not here

2017-05-04 06:47:38 <TemptorSent> This allows cool things like delta updates.
2017-05-04 06:48:05 <TemptorSent> And REAL CI support.
2017-05-04 06:50:26 <TemptorSent> I believe it would also allow almost complete autodetection of deps for abuild.
2017-05-04 06:51:30 <kaniini> 
ACTION really is not here.

2017-05-04 06:51:51 <TemptorSent> That's okay, I'm not all here either :P
2017-05-04 06:51:54 <kaniini> 
ACTION backs out of the channel slowly.

2017-05-04 06:52:41 <kaniini> 
ACTION decides to do it (whatever it is) with ubuntu instead

2017-05-04 06:52:53 <TemptorSent> *LOL*
2017-05-04 06:55:22 <TemptorSent> Yeah, I've obviously spent too much time designing data structures for my own good :P
2017-05-04 07:09:01 <TemptorSent> kaniini: An example deptree is at http://termbin.com/hgp5
2017-05-04 07:10:39 <TemptorSent> The Manifest is at http://termbin.com/pe7v
2017-05-04 07:11:45 <TemptorSent> And the index is at http://termbin.com/us7n
2017-05-04 07:13:16 <TemptorSent> Sequence is generate manifest/index for each package, concat them, then generate direct deps list for each item in the manifest, resolve them against the index, and generate a dep-tree.
2017-05-04 07:15:41 <TemptorSent> Clear as mud?
2017-05-04 07:17:51 <TemptorSent> Generating the merkle dag of the dep tree is a matter of starting at the root and hashing your way up the tree.
2017-05-04 07:19:16 <TemptorSent> Run the same against both names and hashes and you have semantic deps as well as explicit content deps.
2017-05-04 07:28:43 <mosez> looks like my php containers are still broken. how can i fix the php packages?
2017-05-04 07:28:59 <mosez> getting warnings like PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php7/modules/mysqli.so' - Error relocating /usr/lib/php7/modules/mysqli.so: mysqlnd_poll: symbol not found in Unknown on line 0
2017-05-04 08:03:30 <mosez> ok found my resolution
2017-05-04 09:22:58 <clandmeter> mosez, nice
2017-05-04 09:23:14 <clandmeter> if you can jirutka know what fixed it. he has been working on php.
2017-05-04 09:34:20 <mosez> clandmeter: reinstalled the php packages and fixed my configs :D
2017-05-04 11:17:31 <jirutka> clandmeter: mosez: this must be some user-side problem, I’m sure that config loading mysqli has higher prefix than my mysqlnd, b/c i needed to add a workaround for it to abuild and it failed even in tests running in check phase when the order was incorrect
2017-05-04 11:18:40 <jirutka> fabled: I was kidding about nano-optimizations, the point was that cargo index is so brutally inefficient in comparison with apkindex :)
2017-05-04 11:36:23 <jirutka> btw it seems that there’s some upstream bug in php 7.1.4 with zip module and maybe some other, http://bugs.alpinelinux.org/issues/7261
2017-05-04 13:39:45 <Shiz>    jirutka │ Shiz: ^ that’s pretty good question! is not very good entropy better than no entropy and so no encryption…? ;)
2017-05-04 13:39:47 <Shiz> no
2017-05-04 13:39:49 <Shiz>  TemptorSent │ Shiz: Any thoughts on a good means of initilizing the entropy pool when we don't have a HWRNG or user activity? (Embedded/VM)
2017-05-04 13:40:04 <Shiz> saving entropy to disk on reboot or using an entropy gathering daemon
2017-05-04 13:44:16 <skarnet> ^
2017-05-04 13:44:50 <skarnet> for VMs, there's a way to link the guest's entropy generation to the host's hwrng, if any
2017-05-04 13:54:19 <jirutka> jirutka: ^ that’s true, there’s virtio-rng or something like that, that’s what I did to solve this problem
2017-05-04 13:54:59 <jirutka> skarnet: but still, you can’t do that on embedded devices if it don’t have HW random generator
2017-05-04 13:57:16 <skarnet> Indeed, but in that case having a bad starting entropy pool is a security issue that's inherent to the device
2017-05-04 13:57:51 <skarnet> lacking a reliable way to get entropy is just as bad, if not worse, as lacking a hw timer
2017-05-04 13:58:18 <Shiz> let me put it like this
2017-05-04 13:58:29 <Shiz> if you start providing entropy that is reproducable by an attacker, your crypto is hosed
2017-05-04 13:58:44 <Shiz> it's better to have no crypto at all than crypto that you believe is secure but is not
2017-05-04 13:58:55 <skarnet> ^
2017-05-04 14:06:03 <jirutka> Shiz: but is that entropy computed by LibreSSL in the code you’ve referenced really reproducible by an attacker…?
2017-05-04 14:06:13 <Shiz> yes
2017-05-04 14:06:34 <jirutka> in real-world, not in lab…?
2017-05-04 14:08:15 <Shiz> maybe the mmap() part and the getauxval(AT_RANDOM) parts aren't
2017-05-04 14:08:20 <Shiz> the rest, yes
2017-05-04 14:09:31 <Shiz> depends on the level of access the attacker has of course
2017-05-04 14:42:05 <rfs613_> Shiz: I have been looking at http://chronox.de/jent.html
2017-05-04 14:42:43 <rfs613_> I've run the test suite on the little Chromebox that gives me trouble with libressl (discussed here the other day).
2017-05-04 14:45:02 <rfs613_> Next step is to get this thing to run, early during boot. I'll have to figure out how alpine's init works, haven't had time to tackle that yet ;-)
2017-05-04 14:46:26 <rfs613_> skarnet: incidentally, you had mentioned that the libressl "fix" was no good... the author of the chronox.de agress with you ;-)
2017-05-04 15:02:04 <TemptorSent> rfs613_: The jitterentropy provider should work, but still may take a minute or so to initilize a sufficient entropy pool.
2017-05-04 15:06:22 <jirutka> is it possible to use OpenSMTPd with OpenDKIM or the only way is to use perl dkimproxy?
2017-05-04 15:06:49 <consus> https://bbs.archlinux.org/viewtopic.php?id=213731
2017-05-04 15:07:19 <consus> TL;DR dkimproxy
2017-05-04 15:07:22 <jirutka> I’ve read that…
2017-05-04 15:07:36 <jirutka> but it doesn’t answer my question
2017-05-04 15:07:45 <jirutka> why OpenDKIM cannot be used with OpenSMTPd?
2017-05-04 15:09:02 <consus> Hmm
2017-05-04 15:09:30 <consus> https://github.com/oldsj/nsov/blob/master/smtpd.conf.j2
2017-05-04 15:09:37 <rfs613_> TemptorSent: hmm, i was hoping it would be quick, but, haven't tested yet...
2017-05-04 15:09:44 <consus> Seems like this guy runs it with opendkim
2017-05-04 15:10:30 <consus> The only difference from the b.a.o is the port
2017-05-04 15:10:42 <consus> 10028 instead of 10027
2017-05-04 15:11:42 <TemptorSent> rfs613_: The docs state it can fill 256 bits of entropy by the time it hits initfs, which isn't shabby actually. Still, it would be wise to force reseeding before doing anything with significant security implications.
2017-05-04 15:12:35 <rfs613_> TemptorSent: I'll be content if SSH actually starts up on my little Chromebox, without me having to go plug in a keyboard and start typing.
2017-05-04 15:12:56 <TemptorSent> rfs613_ It should do that.
2017-05-04 15:13:18 <jirutka> consus: he has both OpenDKIM and dkimproxy in that repo
2017-05-04 15:13:32 <rfs613_> TemptorSent: yep. I hope to try it soon.
2017-05-04 15:13:37 <jirutka> consus: since it’s modified sovereign, I think that OpenDKIM is just a leftover
2017-05-04 15:13:44 <Shiz> TemptorSent: 256 bits of entropy should be plenty
2017-05-04 15:13:50 <consus> jirutka: Hmm
2017-05-04 15:13:52 <Shiz> to support the entire system lifetime
2017-05-04 15:13:56 <TemptorSent> rfs613_ : It appears the reseeding can be forced by simply writing to /dev/random
2017-05-04 15:14:03 <consus> jirutka: Try #opensmtpd channel
2017-05-04 15:14:51 <skarnet> 48 days later, they're still discussing "how to initialize entropy on a Linux box without a hwrng"
2017-05-04 15:15:23 <skarnet> step 1: check in the OpenRC scripts whether there's a "save entropy" thing at shutdown time and a "restore entropy" thing at boot time
2017-05-04 15:15:33 <skarnet> step 2: if there aren't such things, add them
2017-05-04 15:15:36 <skarnet> step 3: ???
2017-05-04 15:15:39 <skarnet> step 4: profit
2017-05-04 15:15:40 <TemptorSent> I'd prefer to have 512 bits of entropy (2xDRNGs with independent pools), but that's asking a bit much.
2017-05-04 15:16:04 <Shiz> skarnet: "How to generate entropy without HWRNG" - the greatest discussion in the history of #alpine-devel, locked by an op after 94,592 lines of heated debate
2017-05-04 15:16:07 <jirutka> skarnet: there is such script in OpenRC, but when I tried it some time ago, it didn’t helped at all
2017-05-04 15:16:13 <TemptorSent> skarnet: Doesn't save us in early boot for one, and the saved entropy itself is a potential vector if it's stored insecurely.
2017-05-04 15:16:54 <skarnet> jirutka: it should help a little, if not 100%
2017-05-04 15:17:35 <skarnet> TemptorSent: store it on a shared OneDrive account obviously
2017-05-04 15:17:56 <TemptorSent> *LOL*
2017-05-04 15:18:04 <Shiz> do what rust does with their ccache impl
2017-05-04 15:18:10 <Shiz> store it in an s3 bucket
2017-05-04 15:18:11 <TemptorSent> But for embedded, it's a real issue to consider.
2017-05-04 15:18:43 <skarnet> embedded without a hwrng, without flash and without nvram is hopeless
2017-05-04 15:18:59 <TemptorSent> Welcome to my world :)
2017-05-04 15:19:08 <skarnet> I've always known you were hopeless
2017-05-04 15:19:10 <Shiz> the solution is still not faking entropy
2017-05-04 15:19:14 <Shiz> lol
2017-05-04 15:19:18 <Shiz> be nice
2017-05-04 15:19:27 <skarnet> sorry, lack of a smiley
2017-05-04 15:19:37 <skarnet> :P
2017-05-04 15:20:01 <TemptorSent> Agreed, the solution is finding what entropy we can as early as we can, which the cpujitter and interrupt timing can do.
2017-05-04 15:20:18 <Shiz> im surprised cpu jitter timing is not part of mainline...
2017-05-04 15:20:30 <skarnet> not sure how userspace egds work, but I'm surprised they disappeared
2017-05-04 15:20:33 <TemptorSent> Basically, anything that tftp boots and doesn't have a HWRNG needs help.
2017-05-04 15:21:04 <Shiz> skarnet: i'm not, really
2017-05-04 15:21:16 <Shiz> i haven't seen any platform that wasn't able to initialise its hwrng pool within 1 min
2017-05-04 15:21:20 <Shiz> in quite a while
2017-05-04 15:21:23 <Shiz> err
2017-05-04 15:21:25 <Shiz> rng pool*
2017-05-04 15:21:41 <skarnet> until getrandom() started exposing bugs
2017-05-04 15:22:00 <Shiz> what bugs
2017-05-04 15:22:06 <Shiz> the one in libressl? :P
2017-05-04 15:22:22 <Shiz> also fwiw
2017-05-04 15:22:26 <skarnet> lack of proper entropy initialization before starting crypto, yeah
2017-05-04 15:22:30 <Shiz> libressl getentropy() will likely still do the right thing
2017-05-04 15:22:36 <Shiz> as it falls back to reading from /dev/urandom
2017-05-04 15:22:44 <Shiz> which on early boot shouldn't be subject to fd exhaustion
2017-05-04 15:23:01 <skarnet> the problem has never been fd exhaustion, that's a dalias windmill
2017-05-04 15:23:19 <skarnet> the problem of /dev/urandom has always been early boot usage
2017-05-04 15:23:35 <Shiz> ah, i thought it also blocked on early boot like getrandom()
2017-05-04 15:23:37 <Shiz> my bad
2017-05-04 15:24:34 <TemptorSent> That's the bug, it doesn't respect the entropy level and won't block if it's insufficient currently I believe.
2017-05-04 15:24:51 <skarnet> exactly, and that's why getrandom() was added
2017-05-04 15:24:58 <skarnet> lack of failure cases is just a bonus
2017-05-04 15:25:08 <Shiz> right.
2017-05-04 15:25:32 <TemptorSent> If clients handled getrandom() properly in nonblocking mode, they would have to wait until they got a valid value returned, which I don't believe they do.
2017-05-04 15:25:49 <skarnet> that's called blocking mode :P
2017-05-04 15:26:02 <skarnet> nonblocking mode is the exact same as reading /dev/urandom
2017-05-04 15:26:33 <TemptorSent> Not necessarily, they could spin something or simply wait to start until after the pool is initilized
2017-05-04 15:26:48 <TemptorSent> nonblocking mode returns EAGAIN IIRC if entropy is insufficient.
2017-05-04 15:34:58 <jirutka> consus: I finally found some information https://crepererum.net/the-wonderful-world-of-e-mail/
2017-05-04 15:35:27 <jirutka> consus: the problem is that OpenDKIM provides milter interface, but OpenSMTPD does not support milter interface
2017-05-04 15:36:10 <jirutka> consus: and giles is not interested in writing one
2017-05-04 15:36:10 <consus> =/
2017-05-04 15:36:29 <jirutka> consus: he wrote that it can be implemented on top of OpenSMTPD’s simple filter interface, but apparently no one did it yet
2017-05-04 15:36:41 <consus> Fun
2017-05-04 15:37:23 <consus> How had is it to write one/
2017-05-04 15:37:53 <jirutka> consus: you can try it, I’d be very glad for that :)
2017-05-04 15:39:29 <consus> jirutka: Well
2017-05-04 15:39:34 <consus> jirutka: As a subproject
2017-05-04 15:39:37 <consus> jirutka: Why the hell not
2017-05-04 15:49:51 <Shiz> jirutka: consus: the opensmtpd filter interfaces aren't stable yet
2017-05-04 15:49:53 <Shiz> which is the show-stopper
2017-05-04 15:50:20 <ncopa> build-3-6-ppc64le is done!
2017-05-04 15:50:27 <Shiz> yay!
2017-05-04 15:50:33 <ncopa> means we could have a rc1 soonish
2017-05-04 15:52:08 <consus> ^^
2017-05-04 15:57:32 <ncopa> except that s390x is behind
2017-05-04 15:57:36 <ncopa> and aarch64 is missing
2017-05-04 16:04:02 <^7heo> Is printf(1) supposed to ignore --, by posix?
2017-05-04 16:10:09 <TemptorSent> ^7heo Considering it doesn't accept flags, probably not.
2017-05-04 16:10:48 <^7heo> Yet the busybox version does.
2017-05-04 16:10:54 <TemptorSent> printf FORMAT [ARGS...]
2017-05-04 16:10:58 <^7heo> yeah I can read.
2017-05-04 16:10:58 <^7heo> :D
2017-05-04 16:11:33 <TemptorSent> I'm seeing it working as expected with bb... "printf '%s\n' --"
2017-05-04 16:12:16 <TemptorSent> What behavior are you seeing?
2017-05-04 16:13:42 <^7heo> TemptorSent: try `printf -- foo`
2017-05-04 16:13:55 <^7heo> TemptorSent: then try `printf -h foo`
2017-05-04 16:14:48 <TemptorSent> Hmm, yeah - I see that behavior, but technically it's undefined behavior if the format string isn't valid I believe
2017-05-04 16:15:14 <TemptorSent> Ahh, it still does it when quoted, yeah - that's a bug :)
2017-05-04 16:16:59 <TemptorSent> File a bug report of 'printf(1) erronously parses flags in format argument position.'
2017-05-04 16:17:57 <TemptorSent> Work around: "printf '%s--' ''"
2017-05-04 16:22:49 <Shiz> TemptorSent: what does quoting have to do with it?
2017-05-04 16:24:16 <TemptorSent> Hopefully nothing -- but it should keep the shell from eating things if that's what was happening -- it isn't, so it's a bug in printf itself.
2017-05-04 16:28:47 <Shiz> ah
2017-05-04 16:28:53 <Shiz> if the shell would eat that stuff that'd be a serious bug
2017-05-04 16:28:56 <Shiz> on its own
2017-05-04 16:29:11 <TemptorSent> Agreed :)
2017-05-04 16:40:41 <przemoc> POSIX's getopt() ends parsing when "--" is encountered (i.e. it returns -1), similarly with POSIX's getopts utility, therefore I would expect all POSIX-conformant tools to work properly with -- used as end of options marker.  actually it's even clearly stated in Guideline 10 of Utility Syntax Guideline
2017-05-04 16:40:49 <przemoc> http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html#tag_12_02
2017-05-04 16:41:01 <przemoc> > The first -- argument that is not an option-argument should be accepted as a delimiter indicating the end of options. Any following arguments should be treated as operands, even if they begin with the '-' character.
2017-05-04 17:05:50 <Shiz> przemoc: yes, but printf doesn't take options
2017-05-04 17:06:45 <Shiz> for every relevant utility in the spec, POSIX explicitly says "The awk utility shall conform to XBD Utility Syntax Guidelines ."
2017-05-04 17:06:48 <Shiz> for awk, for instance
2017-05-04 17:06:50 <Shiz> it does not for printf
2017-05-04 17:20:26 <przemoc> Shiz: even if it is not explicitly stated in printf's OPTIONS section, I expect it to implicitly adhere to this guideline.  it makes POSIX utilities's syntax simply more consistent.  they explicitly state when -- shall not be recognized, like in case of echo.
2017-05-04 17:20:30 <przemoc> http://pubs.opengroup.org/onlinepubs/9699919799/utilities/echo.html
2017-05-04 17:20:39 <przemoc> > The echo utility shall not recognize the "--" argument in the manner specified by Guideline 10 of XBD Utility Syntax Guidelines; "--" shall be recognized as a string operand.
2017-05-04 17:21:45 <Shiz> i think it's only explicitly mentioned there because implementations have a history of fucking up echo specifically
2017-05-04 17:22:01 <Shiz> (e.g. bash echo builtin still violating it)
2017-05-04 17:31:01 <przemoc> check OPTIONS of Utility Description Defaults
2017-05-04 17:31:06 <przemoc> http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xcu_chap01.html#tag_23_01_05_04
2017-05-04 17:31:15 <przemoc> > Although it has not always been possible, the standard developers tried to avoid repeating information to reduce the risk that duplicate explanations could each be modified differently.
2017-05-04 17:31:35 <przemoc> > The need to recognize -- is required because conforming applications need to shield their operands from any arbitrary options that the implementation may provide as an extension. For example, if the standard utility foo is listed as taking no options, and the application needed to give it a pathname with a leading <hyphen-minus>, it could safely do it as: `foo -- -myfile` and avoid any problems
2017-05-04 17:31:41 <przemoc> with -m used as an extension.
2017-05-04 17:31:53 <skarnet> when the utility actually takes options.
2017-05-04 17:32:04 <skarnet> when it doesn't, nothing is mentioned.
2017-05-04 17:32:11 <skarnet> as Shiz says, echo is an exception.
2017-05-04 17:33:31 <przemoc> please read Eric Blake's mail (guy from Austin Group) regarding it instead of insisting on your own view of the standard being the right one: https://lists.gnu.org/archive/html/bug-bash/2007-11/msg00118.html
2017-05-04 17:35:36 <Shiz> przemoc: this is not the situation discussed above
2017-05-04 17:35:55 <Shiz> and i realize that now :P
2017-05-04 17:36:31 <Shiz> or rather
2017-05-04 17:36:57 <Shiz> i misinterpreted the situation discussed
2017-05-04 17:38:16 <Shiz> it seems you're right
2017-05-04 17:52:21 <przemoc> I was only responding to ^7heo> Is printf(1) supposed to ignore --, by posix?  tl;dr is: yes as long as it used before operands
2017-05-04 17:54:42 <przemoc> s/as it/& is/
2017-05-04 17:56:56 <skarnet> meh. After reading everything again, it appears you're right.
2017-05-04 17:57:25 <skarnet> Can't say I like it, but I understand the reasoning behind it.
2017-05-04 17:57:48 <skarnet> (the choice to always handle --, that is)
2017-05-04 17:59:28 <przemoc> well, it makes life easier and strives for consistent behavior, and I prefer consistency over stubborn minimalism.  in this particular case POSIX has my approval. :)
2017-05-04 18:00:21 <skarnet> yes - for a given implementation it wouldn't make any sense, but for standard commands that may be extended, it does
2017-05-04 18:04:58 <TemptorSent> In the case of a command which doesn't process ANY flags, it should not swallow --.
2017-05-04 18:07:16 <TemptorSent> (And the IEEE 1003.1-2008, 2016 edition says nothing about parsing '--' nor conforming with Guideline 10 of XBD - nor does it say it DOESN'T, which is a bug in the standard :) )
2017-05-04 18:10:29 <TemptorSent> So absent the reference to XBD Utility Syntax Guidelines, and taking into account that it explicitly intends to replace functionality of echo, it appear printf should NOT handle anything with a leading - in any special manner in any case whatsoever.
2017-05-04 18:10:41 <przemoc> I won't repeat myself, you can check the sources I provided or remain stubborn in thinking you know better.  if standard repeated everything everywhere it would be twice as large.
2017-05-04 18:10:58 <TemptorSent> I'm looking at the POSIX standard itself.
2017-05-04 18:11:29 <TemptorSent> In all other utilities it references the XBD Utility Syntax Guidelines
2017-05-04 18:12:22 <TemptorSent> such as 'The awk utility shall conform to XBD Utility Syntax Guidelines' under the OPTIONS heading for awk, whereas printf has NO options.
2017-05-04 18:12:45 <skarnet> you will excuse me for not staying any longer.
2017-05-04 18:15:27 <TemptorSent> przemoc: If no options are to be parsed, it is a bug to parse strings as options.
2017-05-04 18:15:49 <TemptorSent> If printf did not EXPLICITLY state that it accepts no options, I would be in agreement.
2017-05-04 18:17:35 <przemoc> C. Rationale for Shell and Utilities > C.1.5 Utility Description Defaults > This section is arranged with headings in the same order as all the utility descriptions. It is a collection of related and unrelated information concerning: 1. The default actions of utilities 2. The meanings of notations used in POSIX.1-2008 that are specific to individual utility sections. Although this material may seem
2017-05-04 18:17:41 <przemoc> out of place here, it is important that this information appear before any of the utilities to be described later.  <-  you should read it BEFORE reading any description of particular utilities, and there you have OPTIONS section which I already quoted and explains why -- must be supported (otherwise it is explicitly stated in utility description, of course)
2017-05-04 18:21:04 <TemptorSent> przemoc: This interpretation breaks the ability to replace echo with printf as is explicitly intended by the standard.
2017-05-04 18:21:48 <TemptorSent> So the standard is ambiguous for printf
2017-05-04 18:24:14 <TemptorSent> Printf does not accept filenames, and uses all agruments verbatim, so there is no case where '--' could conceivably be required for proper operation, wheras using it as a format may be common (sql comments for instance start with '--')
2017-05-04 18:25:14 <TemptorSent> To have printf act as expected in all cases, it would require it always be called as "printf -- FORMAT [ARGS...]
2017-05-04 18:26:41 <przemoc> it doesn't matter what printf accepts.  what part of "The need to recognize -- is required because conforming applications need to shield their operands from any arbitrary options that the implementation may provide as an extension." you fail to understand?
2017-05-04 18:27:39 <TemptorSent> Here's an example of breakage: a="-- Comment" ; b="--" ; printf $a ; printf $b
2017-05-04 18:28:22 <TemptorSent> printf may not accept options.
2017-05-04 18:28:44 <TemptorSent> That's why it was created - to replace echo, which sometimes accepts options.
2017-05-04 18:29:06 <TemptorSent> Read the rationale section for printf
2017-05-04 18:30:14 <TemptorSent> To disambiguate, the standard either needs to explicitly state that -- will be handled and how, or explicitly state that it shall not.
2017-05-04 18:32:21 <TemptorSent> Having behavior inconsistent with the definition of echo is counter to the stated rationale.
2017-05-04 18:35:56 <TemptorSent> Theoretically, you should never have a format string without a format specifier, and all strings should be handled through that.
2017-05-04 18:36:07 <przemoc> implementation of utility w/o options in POSIX may have options (it's called extension and such things exist in real world) and standard already explains in Rationale for Shell and Utilities that -- needs to be handled because of that.  therefore yes, you should `printf -- ...` if you want to support displaying -- when -- is provided as FORMAT string.  the problem w/ echo is that it does not support
2017-05-04 18:36:13 <przemoc> -- and different implementations provided their own options so behavior was incosistent, as some implementations treated options as stuff that should be printed
2017-05-04 18:36:14 <TemptorSent> so "printf '%s' '--'"
2017-05-04 18:37:20 <TemptorSent> Basically, it means that there is a single format specifier that is unsupported, namely '--'
2017-05-04 18:39:14 <TemptorSent> Which is unintuitive and leads to unexpected behavior.
2017-05-04 18:40:15 <TemptorSent> The standard should explicitly state that no options shall be supported and -- is not handled for the most consistent behavior.
2017-05-04 18:41:54 <TemptorSent> Or at least document the fact that it should be called as "printf -- FORMAT [ARGS...]" in order to support ALL possible format strings.
2017-05-04 18:45:19 <przemoc> no, if you want to use -- as FORMAT, you simply need to use additional -- before such operand.  simply use `printf -- ...` if you want to avoid any problems, but please note that their example in echo's APPLICATION USAGE works as expected even for single --
2017-05-04 18:48:28 <przemoc> I can agree that they could add a note regarding options in printf, but I don't think it's truly necessary, as it's repeating what is already stated in other place
2017-05-04 19:09:24 <TemptorSent> IMHO, ambiguity should always be clarified, as it is in and of itself an error in logic for deterministic outcomes.
2017-05-04 19:11:40 <TemptorSent> But this actually explains why some SQL template code with comments was causing problems (used as the format string containing format specs to be filled before processing)
2017-05-04 19:12:55 <TemptorSent> So 'printf --' should be used EVERY time a variable format spec is used.
2017-05-04 19:13:39 <TemptorSent> As the implication is that no leading '-' in a format spec is actually safe.
2017-05-04 19:14:54 <TemptorSent> So it needs a note stating that much at the very least.
2017-05-04 19:17:24 <TemptorSent> At minimum, currently there's at minimum a documentation bug in POSIX, and possibly a truly ambiguous definition.
2017-05-04 19:19:23 <TemptorSent> Either '--' is required before ANY format argument starting with a leading '-' for portable use, or '--' should not be parsed and such should be noted.
2017-05-04 19:19:46 <TemptorSent> Otherwise, we're back to the exact same problem as echo.
2017-05-04 19:23:05 <TemptorSent> (previous comment from the department of redundancy department :) )
2017-05-04 19:24:44 <TemptorSent> Heading into town, be back in a few hours.
2017-05-04 19:32:39 <jirutka> Shiz: OpenSMTPD filter interface is very simple, so even if not stable, there should not be any barrier for implementing milter adapter
2017-05-04 19:33:49 <jirutka> Shiz: and it’s at least already in released version and documented, I’ve started using OpenSMTPD filters even before that, when gilles refused to provide any documentation to encourage ppl from using it…
2017-05-04 19:36:10 <jirutka> Shiz: I used to idle on opensmtpd IRC channel few years ago and from what I’ve seen, when gilles say that something is not ready yet and stable, it just means that he’s not 100% sure yet that there are not any memory leaks or similar issue :) he’s perfectionist about that
2017-05-04 19:54:29 <przemoc> you should always use -- before operands if first operand may start with -, unless utility doesn't support --.  but any normal and sane utility does support it, be it binary program or shell script.  -- as end of options became de facto standard in *nix world decades ago
2017-05-05 00:05:54 <Shiz> jirutka: they're going to completely revamp the interface
2017-05-05 00:05:55 <Shiz> so....
2017-05-05 00:06:07 <jirutka> Shiz: uh, really?
2017-05-05 00:06:11 <Shiz> yes
2017-05-05 00:06:56 <Shiz> https://www.mail-archive.com/misc@opensmtpd.org/msg03332.html
2017-05-05 00:09:45 <jirutka> “this is what people started using while we warned them not to.” … omfg, he’s working on filters for *years* and in my case OpenSMTPD was useless for me, for the particular use case I had, without it…
2017-05-05 00:11:04 <jirutka> “We're going to be working towards this way but now that we have an
2017-05-05 00:11:04 <jirutka> experience in how providing the code early turned into a nightmare
2017-05-05 00:11:04 <jirutka> for me, we'll work in a private branch then show the diff when the
2017-05-05 00:11:04 <jirutka> code is working enough that it can be part of snapshots :-)”
2017-05-05 00:11:22 <jirutka> oh great, so no filters for next many years…
2017-05-05 00:11:30 <jirutka> this approach is total idiocy
2017-05-05 00:12:52 <jirutka> sensible way is to just say that it’s API version 1.0 or something and make it clear that there might me 2.0 without backward compatibility in some next release… all users should accept this without problem, cause that’s how it normally works
2017-05-05 00:14:03 <jirutka> it turned into a nightmare b/c he explicitly refused to provide any form of documentation, but since it’s very important feature, ofc people kept asking again and again…
2017-05-05 00:15:45 <jirutka> including me, I was bothering him until he finally revealed some information so I was able to write my five lines of python code filter that was very essential for me, otherwise I cannot use OpenSMTPD at all
2017-05-05 00:18:06 <jirutka> I like OpenSMTPD and appreciate his very strong focus on quality, but at the same time it seems for me like he has no idea how OSS world works… implementing something in private branch, wtf?!
2017-05-05 00:21:13 <jirutka> good night! o/
2017-05-05 08:23:26 <clandmeter> doing some maintenance to nl infra. downtime should be limited.
2017-05-05 08:33:29 <_ikke_> wheej
2017-05-05 08:36:04 <_ikke_> apparently the downtime includes their IRC connection too :P
2017-05-05 08:43:41 <clandmeter> crap, router does not reboot correctly... nl infra down until further notice.
2017-05-05 08:44:00 <_ikke_> :-(
2017-05-05 08:47:18 <_ikke_> http://ikke.info/alpinelinux_status.png
2017-05-05 09:08:06 <^7heo> _ikke_: did you make a png-generating script?
2017-05-05 09:17:02 <_ikke_> ^7heo: zabbix generates it
2017-05-05 09:22:03 <^7heo> yeah ok
2017-05-05 09:22:11 <^7heo> SVG would be pretty awesome, but that's already cool
2017-05-05 09:22:50 <_ikke_> Right, I think they want to add svg generation eventually, but it's not supported yet
2017-05-05 09:52:13 <^7heo> _ikke_: ah dang; ok :)
2017-05-05 11:51:08 <clandmeter> sigh, i think most of services are up again. please highlight me if something is still not operational.
2017-05-05 12:01:53 <_ikke_> clandmeter: \o/
2017-05-05 12:41:23 <_ikke_> cve-2017-8301
2017-05-05 12:41:32 <_ikke_> on HN right now
2017-05-05 12:51:07 <jirutka> :)
2017-05-05 12:52:33 <pickfire_> Alpine is down?
2017-05-05 12:52:44 <pickfire_> Oh, it is up now.
2017-05-05 12:54:13 <_ikke_> odd, from my vps it's still down
2017-05-05 12:56:23 <clandmeter> _ikke_, can you check why?
2017-05-05 12:56:55 <_ikke_> doing a traceroute
2017-05-05 12:57:03 <_ikke_> last hop reachable is 88.159.2.162
2017-05-05 12:57:53 <_ikke_> clandmeter: http://tpaste.us/Dk0e
2017-05-05 12:58:17 <clandmeter> ping is disabled
2017-05-05 12:58:21 <clandmeter> well, not enabled yhet
2017-05-05 12:58:27 <_ikke_> hehe, dejavu :P
2017-05-05 12:59:48 <clandmeter> _ikke_ and now?
2017-05-05 13:00:25 <_ikke_> still down
2017-05-05 13:01:12 <_ikke_> working
2017-05-05 13:01:41 <clandmeter> PRESS APPLY CHANGES!!!
2017-05-05 13:01:43 <clandmeter> :)
2017-05-05 13:01:55 <_ikke_> :-)
2017-05-05 13:07:25 <clandmeter> im going home, if something is broken msg me please.
2017-05-05 16:43:24 <Shiz> hi
2017-05-05 16:50:32 <jirutka> hi
2017-05-05 17:14:52 <_ikke_> hi
2017-05-05 17:15:07 <jirutka> afk
2017-05-05 17:49:16 <TBB> how does "apk policy" determine which URL a package was installed from?
2017-05-05 17:52:01 <TBB> going through every package with apk policy in a fully installed system is so slow I'd rather just parse /lib/apk/db/installed but that only hints on repo tags
2017-05-05 18:04:44 <Shiz> it matches the repo urls with repo tags
2017-05-05 18:05:26 <Shiz> https://git.alpinelinux.org/cgit/apk-tools/tree/src/policy.c#n50
2017-05-05 18:07:17 <TBB> yeah, that much I figured out. for untagged repos I suppose it runs through cached APKINDEX files?
2017-05-05 19:55:20 <Shiz> i've been thinking about a very very lightweight equivalent to eclasses for abuild...
2017-05-05 19:55:30 <Shiz> basically, something that just boils down to a source statement of another file
2017-05-05 19:55:37 <Shiz> no more, as eclasses are quite... involved
2017-05-05 19:55:44 <Shiz> but to preven duplication for e.g. py2/3 apkbuilds
2017-05-05 19:58:24 <jirutka> Shiz: yeah, I’ve been thinking about it multiple times
2017-05-05 19:58:34 <jirutka> Shiz: we really need something
2017-05-05 20:04:36 <Shiz> neat, email from CERT/CC
2017-05-05 20:04:54 <Shiz> would it be an idea to have a security@ email (list)?
2017-05-05 20:06:11 <Shiz> cc ncopa kaniini
2017-05-05 20:09:03 <przemoc> there is one already: http://lists.alpinelinux.org/alpine-security/summary.html
2017-05-05 20:09:28 <Shiz> neat
2017-05-05 20:09:41 <Shiz> but they're asking for a private mail
2017-05-05 20:10:22 <przemoc> I think it could become private, as it was barely used so far
2017-05-05 20:15:14 <jirutka> Shiz: CERT/CC??
2017-05-05 20:15:31 <Shiz> jirutka: see alpine-devel
2017-05-05 20:15:41 <Shiz> https://en.wikipedia.org/wiki/CERT_Coordination_Center
2017-05-05 20:16:42 <jirutka> Shiz: aha, I see know
2017-05-05 20:17:54 <jirutka> Shiz: well, this is up to ncopa; i’d prefer to have special address/alias for it, like security@alpinelinux.org
2017-05-05 20:38:47 <ncopa> re security email
2017-05-05 20:38:53 <ncopa> yes we need one
2017-05-05 20:39:00 <ncopa> im open to suggestions how we solve it
2017-05-05 20:39:25 <ncopa> shoudl we have a shared gpg or should we have multiple individual emails
2017-05-05 20:39:34 <ncopa> it needs to be a group of ppl
2017-05-05 20:40:03 <ncopa> i wonder how other distros solves it
2017-05-05 20:40:38 <ncopa> looks like all except s390x 3.6 builders are done!
2017-05-05 20:40:47 <ncopa> so we have rc1 early next week
2017-05-05 20:41:02 <Shiz> a system could be where some incoming daemon takes the mail, decrypts it using the security@ key, and then re-encrypts using individual gpg keys and sends to ppl on the sec list
2017-05-05 20:41:12 <Shiz> to prevent the need for a shared gpg key
2017-05-05 20:41:35 <ncopa> would still be nice to know what other distros does
2017-05-05 20:41:42 <ncopa> might be we could provide a list of ppl
2017-05-05 20:41:48 <Shiz> yeah
2017-05-05 20:41:59 <Shiz> i'll check what debian does :P
2017-05-05 20:42:03 <Shiz> and gentoo
2017-05-05 20:42:04 <ncopa> thanks!
2017-05-05 20:42:19 <jirutka> ghc is still in testing, we probably need fabled to handle it, cause of bootstrapping
2017-05-05 20:42:20 <_ikke_> git.git has a private google groups
2017-05-05 20:42:49 <ncopa> whats the status of php7.1?
2017-05-05 20:42:54 <ncopa> it got moved to community right?
2017-05-05 20:43:09 <jirutka> ncopa: i’ve fixed it last weekend
2017-05-05 20:43:45 <jirutka> yes, it’s in community
2017-05-05 20:46:00 <ncopa> jirutka: you rock!
2017-05-05 20:47:20 <Shiz> debian and ubuntu teams seem to use a shared gpg key from what i can see, but i'll confirm manuall
2017-05-05 20:47:22 <Shiz> y
2017-05-05 20:47:37 <Shiz> gentoo uses multiple contacts with their own gpg key and a private bugzilla section
2017-05-05 20:52:06 <kaniini> Shiz: yes
2017-05-05 20:55:35 <Shiz> someone on #debian-security pointed me to what seems to be an implementation of my idea above
2017-05-05 20:55:37 <Shiz> https://github.com/fbb-git/gpg-remailer
2017-05-05 20:56:25 <Shiz> no confirmation if that's what they use though
2017-05-05 21:27:39 <ncopa> Shiz d you think we should set up something like that?
2017-05-05 21:27:43 <ncopa> i think its a good idea
2017-05-05 21:27:48 <Shiz> yeah it seems nice
2017-05-05 21:28:03 <Shiz> prevents from having to do a key rollover when someone leaves the team
2017-05-05 21:28:09 <ncopa> but it also means that the people who have access to the remailer has access to the gpg key
2017-05-05 21:28:14 <Shiz> have to be careful about the security of the server it runs on though
2017-05-05 21:28:16 <Shiz> yes :P
2017-05-05 21:28:21 <ncopa> so basically a shared gpg
2017-05-05 21:28:30 <ncopa> but i still like it
2017-05-05 21:28:37 <Shiz> well, nobody has to have access to the remailer
2017-05-05 21:28:42 <Shiz> except the server admin for it
2017-05-05 21:28:53 <ncopa> admins
2017-05-05 21:29:04 <ncopa> someone needs to babysit it
2017-05-05 21:29:07 <Shiz> yeah
2017-05-05 21:29:15 <Shiz> ideally that would be someone in the security team anyway
2017-05-05 21:29:17 <Shiz> ;p
2017-05-05 21:29:20 <Shiz> and preferably a single person
2017-05-05 21:29:25 <ncopa> exactly
2017-05-05 21:29:51 <ncopa> i'd say its better with a couple of persons
2017-05-05 21:30:10 <ncopa> which ofc is on the sec team
2017-05-05 21:50:04 <jirutka> well, for gpg-remailer we need to create pkgs also for libbobcat, icmake, and yodl
2017-05-05 21:50:24 <jirutka> and it’s GPL3
2017-05-05 21:51:28 <ncopa> we can run the gpl3 in isolated container so it does not touch anything else :)
2017-05-05 21:52:03 <Shiz> :P
2017-05-05 21:52:20 <Shiz> i'm gonna work on apkbuilds/gpg-remailer setup, gonna see what exactly is required
2017-05-05 21:53:04 <ncopa> thanks!
2017-05-05 21:53:39 <jirutka> Shiz: libbobcat, icmake, and yodl :) it’s listed in gpg-remailer/required
2017-05-05 21:53:48 <Shiz> jirutka: recursive deps are a thing
2017-05-05 21:53:49 <Shiz> :p
2017-05-05 21:54:05 <jirutka> Shiz: yeah, ofc :) …and deps of them :)
2017-05-05 22:05:57 <ncopa> have a nice weekend everyone
2017-05-05 22:06:54 <Shiz> you too!
2017-05-05 22:08:35 <jirutka> you too! o/
2017-05-05 22:22:25 <TBB> okay, got the complete package origin resolver done in Bash, and got a 20x performance increase compared to the old one that parsed apk policy output
2017-05-05 22:33:04 <jirutka> TBB: what exactly are you trying to achieve?
2017-05-05 22:33:57 <TBB> repository subsets for restricted installs and environments
2017-05-05 22:34:01 <jirutka> TBB: if you want to just find origin for any pkgname, then `apk search --origin --exact --quiet PKGNAME`
2017-05-05 22:34:16 <jirutka> repository subsets?
2017-05-05 22:35:39 <TBB> basically I perform an Alpine install and after it gather together all packages in it into a smaller repository
2017-05-05 22:36:33 <TBB> there's a reason I do that, but I can't go to the specifics... I'll have to test that line you just wrote tomorrow
2017-05-05 22:37:52 <jirutka> TBB: `apk info | xargs apk search --origin --exact --quiet | sort -u`
2017-05-05 22:38:12 <jirutka> TBB: if i understand you correctly, then this command should return what you want
2017-05-05 22:38:21 <TBB> you're breaking my heart, I just wrote a hundred lines of shell script for that :(
2017-05-05 22:38:42 <jirutka> TBB: sry :( why you haven’t asked before writing it…?
2017-05-05 22:38:47 <TBB> (and enjoyed it, which makes it even sadder)
2017-05-05 22:39:29 <TBB> I kind of asked some 4 hours ago, but I probably didn't formulate my question clearly
2017-05-05 22:40:18 <TBB> let it be said tho, I've only spent something like 30 minutes on that script, the rest were spent in a pub sipping excellent beer...
2017-05-05 22:42:27 <jirutka> TBB: well, I also wrote a shell script for resolving origins some time ago, when I didn’t know about this… https://gist.github.com/jirutka/6717f68c7f76c9425b21d0cbe2eaa007#file-abuild-origin
2017-05-05 22:44:43 <jirutka> TBB: at the time you’ve asked I was in a car :/ also you’ve started with "apk policy", that was kinda misleading :)
2017-05-05 22:45:44 <TemptorSent> Hmm, are we talking about the same concept of 'origin' here? policy gives the repo origin.
2017-05-05 22:47:47 <TBB> yeh, at first glance apk policy was the only thing that came to my mind with regards to finding the exact URL a package was fetched from
2017-05-05 22:48:09 <TBB> that's what I mean by package origin
2017-05-05 22:48:50 <TemptorSent> Ahh, in apk parlance, 'package origin' means source APKBUILD package if I understand correctly.
2017-05-05 22:49:56 <jirutka> TBB: aha, we’re talking about two different things :)
2017-05-05 22:50:13 <TemptorSent> TBB: So your time was not wasted, and I would be interested to see your script, as I'm trying to finish up the necessary reworks to make it possible to fetch an atomic set of packages.
2017-05-05 22:50:43 <jirutka> TBB: origin means the base package of a subpackage, as TemptorSent wrote
2017-05-05 22:51:14 <TemptorSent> I built a revdep tree builder that could be refed all the way to the URL if so inclined.
2017-05-05 22:51:44 <jirutka> TBB: why exactly do you need URL of repository…?
2017-05-05 22:52:05 <TemptorSent> Subsetting specific revs of specific packages I suspect.
2017-05-05 22:52:13 <TBB> TemptorSent: it's never really wasted if the effort helps in gaining a deeper understanding of how things work. Okay, sometimes time could be more efficiently spent, but the learning is worth a bit of inefficiency
2017-05-05 22:52:29 <jirutka> TemptorSent: ??
2017-05-05 22:52:32 <TemptorSent> Quite true :)(
2017-05-05 22:54:17 <TemptorSent> To build a specific, supportable set of packages that have been audited and verified to interoperate properly, and create a subset repository allowing such to be fetched by a client machine without regard to the current rev in Alpine
2017-05-05 22:54:40 <TemptorSent> At least that's the impression I got and how my use-cases work.
2017-05-05 22:54:43 <TBB> jirutka, I install packages from maybe 7 different repositories into a system; these are the official Alpine repos and some in-house ones. Once I have the install finished, I gather the installed apk packages into a repository that can be used in a restricted environment that has no access to any of those repositories, so that the install can be repeated
2017-05-05 22:55:09 <TBB> that's pretty much exactly the case, TemptorSent
2017-05-05 22:56:09 <TemptorSent> TBB: I've got much of the rest of the support system for that already in place in the 'mkalpine' branch of mkimage.
2017-05-05 22:56:56 <TemptorSent> Speaking of which jirutka, can we split of the mkalpine branch into its own repo now without modifiying the rest, and migrate the remainder at a later date, or is that too messy?
2017-05-05 22:57:22 <TemptorSent> er mkimage-refactor-scripts branch rather.
2017-05-05 22:58:43 <TBB> TemptorSent, I think we've discussed this earlier; I also wrote my own installing and imaging system some 2 years ago because why not, and I've been maintaining it ever since. I was working in one specific project that switched to Alpine as the base OS, but then needs arose to support several distributions, so I basically scripted the whole thing from scratch after spending some time with mock and finding it inadequate
2017-05-05 22:58:50 <TemptorSent> the 'apkroottool' and 'kerneltool' components are essentially functional now, although I'm working on improving the dep solver.
2017-05-05 22:59:36 <TBB> (make that "several distributions and projects")
2017-05-05 23:00:00 <TemptorSent> Right, I'd love to be able to support arbitrary packaging by simply adding a support file.
2017-05-05 23:01:12 <TemptorSent> The kerneltool functionality is already setup for custom builds, and could easily support other dist kernel packaging, which may be useful on alpine too in some casese.
2017-05-05 23:02:20 <TBB> I can currently produce Alpine and CentOS 6/7 installs and build packages for both using the same source repo; there are two projects currently using it but only one of me, although, I've just gotten a second developer who's more familiar with Debian and its derivatives, so hopefully he'll implement support for those
2017-05-05 23:02:52 <jirutka> TemptorSent: yes, I can split it without modifying the aports repo
2017-05-05 23:02:54 <TemptorSent> apkroottool uses fkrt with persistent state stored to allow multiple commands to be run before building an archive.
2017-05-05 23:03:09 <jirutka> TemptorSent: please don’t tell me that you’re writing deps solver in shell…
2017-05-05 23:03:26 <TemptorSent> jirutka: What should I do on my end to make it easy?
2017-05-05 23:03:29 <TemptorSent> awk actually :)
2017-05-05 23:03:37 <jirutka> TemptorSent: omfg
2017-05-05 23:03:46 <TBB> /o\
2017-05-05 23:03:47 <TemptorSent> But yes, it will be rewritten in C.
2017-05-05 23:04:09 <jirutka> TemptorSent: first, apk already implements deps solver (probably classic SAT, but I haven’t read it)
2017-05-05 23:04:22 <TemptorSent> Even the existing code with full recursion isn't horribly slow.
2017-05-05 23:04:28 <jirutka> TemptorSent: second, it’s fucking crazy to do any complex things like computing deps in shell/awk/…
2017-05-05 23:04:31 <TemptorSent> jirutka: Not for the libs/files
2017-05-05 23:04:50 <TemptorSent> Actually, computing deptrees is simple!
2017-05-05 23:05:21 <TemptorSent> A couple dozen lines of awk.
2017-05-05 23:05:21 <jirutka> TemptorSent: Lua or C would be surely more faster, reliable and maintainable
2017-05-05 23:05:47 <TBB> I can only personally say that Bash is my hammer, and you know what they say about people whose only tool is a hammer :)
2017-05-05 23:06:26 <TBB> (okay, I'm proficient in TCL as well, but that's possibly even less fashionable than Bash)
2017-05-05 23:06:43 <jirutka> TBB: I’m afraid that TemptorSent is the same, except he at least use POSIX shell, not Bash
2017-05-05 23:07:56 <jirutka> TemptorSent: about split, just tell me how the final files structure should look like
2017-05-05 23:08:22 <TBB> I don't mind plain sh either (I've actually implemented the whole tool in plain sh just to see if it's possible), but I like associative arrays a bit too much to do that full time :D
2017-05-05 23:08:52 <jirutka> TBB: then use real language, not Bash…
2017-05-05 23:09:26 <jirutka> TBB: for example Lua is very easy to learn and like infinitely better than Bash
2017-05-05 23:09:45 <TemptorSent> Oh, I can code C quite happily, but I generally make sure the logic works out using bash becasuse ANYONE can read it.
2017-05-05 23:10:07 <przemoc> TBB: I was going to write that most people writing in bash actually barely use bash features, simply using [[ or == for instance, but apparently you're an exception, as associative arrays have no easy POSIX-ification ;)
2017-05-05 23:10:11 <TBB> I do have TCL for that already, but learning Lua would definitely be useful
2017-05-05 23:10:27 <TemptorSent> Also, for extensive string handling, awk is a pretty good tool, while C requires quite a bit of memory management.
2017-05-05 23:10:36 <jirutka> TemptorSent: I’m not sure about “anyone”… very complex shell scripts are usually not easy to reason about…
2017-05-05 23:10:44 <TemptorSent> Rust is actually an interesting option, but they haven't stabilized it.
2017-05-05 23:11:09 <TemptorSent> jirutka: True, but when each function can be tested individually, it's much easier.
2017-05-05 23:11:30 <jirutka> TemptorSent: ofc Rust would be awesome option!
2017-05-05 23:11:41 <jirutka> TemptorSent: that’s not true, Rust is already stable
2017-05-05 23:12:01 <TBB> Rust and Go both look interesting
2017-05-05 23:12:03 <TemptorSent> Stable in terms of language development and APIs.
2017-05-05 23:12:10 <jirutka> TBB: please not go…
2017-05-05 23:12:18 <TemptorSent> Agreed, go needs to go :)
2017-05-05 23:12:31 <jirutka> TemptorSent: Rust lang and APIs are stable, since 1.0.0
2017-05-05 23:12:39 <jirutka> TemptorSent: they are *very* careful about this
2017-05-05 23:12:44 <TemptorSent> The rust toolchain is also messy, as you well know, but it looks like that is improving.
2017-05-05 23:13:09 <jirutka> TemptorSent: I know… I don’t like cargo too
2017-05-05 23:13:19 <TemptorSent> jirutka: Okay, so no more suprises with language features suddenly changing semantics?
2017-05-05 23:13:31 <Shiz> i object to the notion that lua is good
2017-05-05 23:13:33 <Shiz> :P
2017-05-05 23:14:10 <jirutka> TemptorSent: no more surprises, unless you use unstable features, I mean those that are available only in nightly and explicitly marked as unstable
2017-05-05 23:14:18 <TemptorSent> I'd do it in lisp, but then I'd probably be one of three here who could even read it, let alone debug it.
2017-05-05 23:14:36 <Shiz> yeah and as one of those i wouldn't WANT to read it
2017-05-05 23:14:38 <Shiz> let alone debug
2017-05-05 23:14:44 <Shiz> so that leaves two
2017-05-05 23:14:46 <Shiz> :P
2017-05-05 23:15:07 <TemptorSent> jirutka: And the language is fully usable without said unstable features now? Last I checked nearly everything was relying on nightly.
2017-05-05 23:15:16 <Shiz> some cool stuff still relies on nightly
2017-05-05 23:15:20 <Shiz> but a lot of stuff works on stable now
2017-05-05 23:15:42 <TemptorSent> Shiz: Can't say I blame you - lisp isn't plesant reading in many casese.
2017-05-05 23:15:51 <jirutka> TemptorSent: actually I’d be looking forward to read it if written in Lisp… I don’t know Lisp, but it’s one of the langs I’d like to learn
2017-05-05 23:16:00 <Shiz>   jirutka │ TBB: please not go…   <-- after experiencing Rust as a developer (not packaging for alpine, just writing something in it), i may actually prefer go
2017-05-05 23:16:01 <TemptorSent> Cool, looks like I'll revisit rust then.
2017-05-05 23:16:03 <Shiz> rust is such a pain...
2017-05-05 23:16:26 <jirutka> TemptorSent: yes, it’s fully usable, if you don’t insist on using bleeding edge features
2017-05-05 23:16:44 <jirutka> Shiz: Rust build system…
2017-05-05 23:16:54 <Shiz> im talking about the language :)
2017-05-05 23:17:01 <Shiz> that's why i explicitly said as a developer, not alpine packager
2017-05-05 23:17:05 <jirutka> Shiz: and you haven’t seen Go build system, have you? so can’t compare ;)
2017-05-05 23:17:12 <Shiz> ...
2017-05-05 23:17:12 <TemptorSent> jirutka: Cool.
2017-05-05 23:17:16 <Shiz> do i have to repeat myself or
2017-05-05 23:17:18 <Shiz> lol
2017-05-05 23:17:18 <jirutka> Shiz: aha, what do you dislike about the lang? :(
2017-05-05 23:17:29 <Shiz> i have two main issues with it
2017-05-05 23:17:42 <Shiz> 1) it is way too complex, growing to C++ levels
2017-05-05 23:17:59 <Shiz> 2) the development experience is still too much 'fight the compiler by changing semi-random things until your lifetimes work'
2017-05-05 23:18:43 <TemptorSent> 1 - Agreed, 2 - Ouch! Yeah, that's what I was hoping was fixed.
2017-05-05 23:19:26 <Shiz> and a third issue stemming from the first: there is no viable alternative implementation right now
2017-05-05 23:19:35 <Shiz> which is the same for some other langs, hence a more minor one
2017-05-05 23:19:39 <Shiz> but still something that's not a good sign
2017-05-05 23:19:57 <TemptorSent> jirutka: The only problem with writing stuff in lisp for alpine is then we need to have yet another binary installed to use it.
2017-05-05 23:20:13 <jirutka> ad 1) unfortuntely I have to kinda agree, ad 2) this is just a matter of time, it’s the hardest part of Rust, but it’s worth it, if you want to write efficient low-level code
2017-05-05 23:20:36 <TBB> if Lisp was good enough for JPL, it is good enough for Alpine
2017-05-05 23:20:58 <TBB> (on the other hand, if Lisp was good enough for JPL, why did they switch to Java at some point?...)
2017-05-05 23:21:31 <TemptorSent> It's actually a wonderful language, but the paradigm is different enough to make it difficult to follow for many.
2017-05-05 23:21:38 <Shiz> i was never a lisp fan
2017-05-05 23:21:39 <jirutka> Shiz: Rust is not easy to learn, that’s the fact; but still it’s IMO easier than to learn how to write secure and reliable C or C++…
2017-05-05 23:21:47 <Shiz> jirutka: C++, possibly
2017-05-05 23:21:50 <Shiz> C, i vehemently disagree
2017-05-05 23:22:02 <TemptorSent> And there are several incompatible versions, which really makes things irritating at times.
2017-05-05 23:22:07 <jirutka> Shiz: and it’s non-sense to compare it with Go, this is totally different land, Go is not a low-level lang, it has huge runtime and GC
2017-05-05 23:22:22 <Shiz> rust's runtime is larger than go's
2017-05-05 23:22:51 <jirutka> Shiz: ok I should add write secure, reliable and big project in C or C++…
2017-05-05 23:22:54 <TemptorSent> C is difficult to write secure software in using the existing APIs at the least.
2017-05-05 23:23:06 <jirutka> Shiz: no, it’s not, not the runtime that is compiled into every binary
2017-05-05 23:23:13 <Shiz> oho yes it is
2017-05-05 23:23:18 <jirutka> Shiz: no, it’s not
2017-05-05 23:23:25 <jirutka> Shiz: I’m 100% sure about this
2017-05-05 23:24:49 <TemptorSent> Anyway, if anyone has a suggestion for a replacement for TAWK, I'd be greatly appreciative :)
2017-05-05 23:25:05 <jirutka> Shiz: just write some small program in Rust and Go, compile them in release mode, strip binaries and compare size
2017-05-05 23:25:42 <jirutka> Shiz: the whole point of Rust is zero-cost abstraction and very minimal runtime
2017-05-05 23:26:02 <Shiz> but it fails at that
2017-05-05 23:26:10 <jirutka> Shiz: it does not ship full GC and other bloat of shits with every built binary
2017-05-05 23:26:21 <jirutka> Shiz: it does not from my testing
2017-05-05 23:26:35 <Shiz> did you test with the correct rust flags?
2017-05-05 23:26:38 <jirutka> Shiz: hello world in Rust has around 180 kiB stripped? how big is that in Go? 1 MiB?
2017-05-05 23:26:42 <jirutka> Shiz: ofc I did
2017-05-05 23:26:53 <Shiz> because my rustc outputs a 2.1mb binary
2017-05-05 23:27:02 <jirutka> Shiz: unstripped
2017-05-05 23:27:07 <jirutka> Shiz: contains A LOT of debugging symbols
2017-05-05 23:27:21 <jirutka> Shiz: compile in *release mode* (!) and strip the binary
2017-05-05 23:27:27 <Shiz> also, please do not highlight me every line
2017-05-05 23:27:32 <jirutka> okay, sry
2017-05-05 23:27:51 <Shiz> anyway
2017-05-05 23:27:59 <Shiz> yes, stripped the runtime is smaller
2017-05-05 23:28:06 <Shiz> but 180kb is still by no means a very minimal runtime
2017-05-05 23:28:17 <jirutka> you should remember that I’ve dropped jemalloc even after you’ve fixed it b/c it increased binary size and I’ve also wrote to the apkbuild exact sizes…
2017-05-05 23:29:14 <jirutka> 180 kiB is imo reasonably small… and it’s *definitely* a magnitude smaller than Go
2017-05-05 23:29:37 <jirutka> maybe it’s 160 kiB, I don’t remember the exact number
2017-05-05 23:29:39 <TemptorSent> 180kb is reasonably small? For hello world? WTF?
2017-05-05 23:30:13 <jirutka> hello world is ofc far from real-world examples… it’s a constant, it does not get much bigger with more code
2017-05-05 23:30:37 <Shiz> actually
2017-05-05 23:30:48 <Shiz> the product i did in rust had a 20mb binary in --release after stripping
2017-05-05 23:30:49 <Shiz> so
2017-05-05 23:30:51 <TemptorSent> Yeah, but seriously, 180k to print a handful of characters using stdio?
2017-05-05 23:30:51 <Shiz> :P
2017-05-05 23:30:59 <Shiz> 15-20mb iirc
2017-05-05 23:31:03 <jirutka> show my any other lang that provides at least similar guarantees as Rust and produces smaller binaries…
2017-05-05 23:31:35 <jirutka> then you had probably a lot of deps…?
2017-05-05 23:31:37 <Shiz> and also, the go runtime also doesn't increase significantly with program complexity
2017-05-05 23:31:45 <Shiz> so you're kind of mooting your own point here
2017-05-05 23:32:05 <jirutka> I’m not, cause i know the numbers
2017-05-05 23:32:08 <TemptorSent> I'm not saying there is anything better currently, but that reeks of unnecessary code inclusion.
2017-05-05 23:32:30 <jirutka> TemptorSent: how often do you build hello world…?
2017-05-05 23:32:40 <Shiz> how often do i build small programs, all the time
2017-05-05 23:32:43 <Shiz> because small programs are best programs
2017-05-05 23:33:08 <jirutka> it’s non-sense to putting effort to strip support code that is needed by almost all programs except simplest hello world
2017-05-05 23:34:24 <jirutka> still, when you compare these two as languages, with some knowledge about langs, it’s very clear that Go is total crap and Rust is very innovative and well designed
2017-05-05 23:34:49 <TemptorSent> jirutka: I don't often build hello world, but I do often write code that does nothing but do simple math and print the result.
2017-05-05 23:34:57 <jirutka> I’m not saying that it’s perfect, I’m also kinda disappointed how complex it become
2017-05-05 23:36:44 <jirutka> TemptorSent: btw we’re comparing binaries produced for x86_64 with stdlib… you can use Rust for embedded too, there you usually don’t include stdlib and the size of produced code is very different
2017-05-05 23:37:04 <TemptorSent> I liked the original concept - simple, deterministic, and safe-by-default --- it's way beyond that now, to the point of being hard to understand the implications of a given code block in cases.
2017-05-05 23:37:55 <jirutka> and the best part for me is that Rust is actually functional lang, at least as functional as it can be as a low-level lang
2017-05-05 23:38:32 <jirutka> this is incomparable with Go, C, C++ and similar
2017-05-05 23:38:59 <Shiz> rust is not functional
2017-05-05 23:39:04 <TemptorSent> true, although there seem to be some gotchas in the functional usage compared to 'true' functional languages (like lisp :) )
2017-05-05 23:39:10 <jirutka> it is, but not purely functional
2017-05-05 23:39:16 <jirutka> and does not support lazy evaulation
2017-05-05 23:39:27 <Shiz> lazy evaluation is one of the things it does support
2017-05-05 23:39:29 <jirutka> it’s not black/white with FP
2017-05-05 23:39:29 <Shiz> through iter()
2017-05-05 23:39:45 <jirutka> not lazy evaluation as you have in Haskell…
2017-05-05 23:40:09 <jirutka> lazy evaluation through iter() has even Lua
2017-05-05 23:40:42 <Shiz> anyway, rust has some functional aspects, but it's not overall functional
2017-05-05 23:40:44 <Shiz> purely or otherwise
2017-05-05 23:40:46 <jirutka> that said I’d love to see the best concepts of Rust implemented in truly minimalistic language, something like Lua, but low-level
2017-05-05 23:40:59 <Shiz> 'something like Lua' is something I'd run far way from
2017-05-05 23:41:00 <Shiz> :P
2017-05-05 23:41:02 <jirutka> as I said, it’s not purely functional, yes
2017-05-05 23:41:23 <jirutka> but it doesn’t make much sense to talk about purely functional…
2017-05-05 23:41:31 <jirutka> most FP langs are not pure
2017-05-05 23:41:35 <Shiz> 01:40:44         Shiz │ purely or otherwise
2017-05-05 23:41:46 <Shiz> you're the only one going on about pure
2017-05-05 23:41:48 <Shiz> :P
2017-05-05 23:42:26 <Shiz>    jirutka │ still, when you compare these two as languages, with some knowledge about langs, it’s very clear that Go is total crap and Rust is very innovative and well designed
2017-05-05 23:42:30 <Shiz> and this is of course laughable at best
2017-05-05 23:42:30 <jirutka> I’m just saying that “functional language” != “purely functional language” and Rust is a functional language
2017-05-05 23:42:40 <Shiz> yes, and i'm saying rust is not a functional language
2017-05-05 23:42:42 <Shiz> pure or otherwise
2017-05-05 23:42:48 <jirutka> actually it’s not…
2017-05-05 23:43:07 <jirutka> and I can prove that statement
2017-05-05 23:43:13 <jirutka> but not now, need to go sleep
2017-05-05 23:43:50 <Shiz> you can't prove a subjective statement like "is total crap" and "is well designed"
2017-05-05 23:44:23 <jirutka> ofc…
2017-05-05 23:44:31 <jirutka> don’t read it literally :)
2017-05-05 23:44:50 <TemptorSent> If a function is treated as a first-class entity that can be used anywhere a variable is, you have the minimal requirements for a 'functioal' language.
2017-05-05 23:45:23 <Shiz> now that is absolute nonsense
2017-05-05 23:45:32 <Shiz> by that measure both C and assembly are functional languages
2017-05-05 23:45:53 <jirutka> since when function is a first class citizen in C? XD
2017-05-05 23:45:55 <TemptorSent> No, you can't pass a FUNCTION in either of those, you can only pass a POINTER to a function.
2017-05-05 23:45:57 <nmeum> *cough* #alpine-offtopic *cough*
2017-05-05 23:46:05 <jirutka> and since when assembly has functions? XD
2017-05-05 23:46:35 <Shiz> TemptorSent: you don't actually pass function blocks around in haskell either, that's irrelevant
2017-05-05 23:46:47 <Shiz> but i'm going to continue with my apkbuilds
2017-05-05 23:46:49 <jirutka> no it’s not irrelevant
2017-05-05 23:47:25 <TemptorSent> It's the semantics that is important, not the implementation.
2017-05-05 23:47:32 <Shiz> and as a final note: functional languages are about being declarative instead of imperative, pure input-output functions and the avoidance of state
2017-05-05 23:47:40 <Shiz> it has nothing to do with wheter functions are first-class data or not
2017-05-05 23:47:52 <Shiz> and now i'm going to get back to my apkbuilds
2017-05-05 23:48:24 <jirutka> you’re right with that, but as I said, it’s not black and white and FP is a set of concepts, not something exact
2017-05-05 23:49:07 <jirutka> actually I’ve been arguing with one speaker at InstallFest about Rust being OOP…
2017-05-05 23:49:35 <TemptorSent> You're not wrong Shiz, but those abilities stem from functions themselves being first-class entities.
2017-05-05 23:49:54 <jirutka> I thnk that it’s not, he that it is… I asked one of langs teacher at uni and according to the most formal definition of OOP, most of common OOP langs like Java are actually not OOP at all…
2017-05-05 23:50:03 <TemptorSent> Remove that, and you can't write functional programs cleanly.
2017-05-05 23:50:31 <jirutka> the conclusion was that Rust has some aspects of OOP
2017-05-05 23:51:00 <TemptorSent> Java is an ugly hack that has some OOP concepts, but manages to fail horribly.
2017-05-05 23:51:06 <jirutka> agree
2017-05-05 23:51:21 <Shiz> as nmeum mentioned, #alpine-offtopic
2017-05-05 23:51:29 <jirutka> oh, sry
2017-05-05 23:51:34 <jirutka> as I mentioned, sleep :)
2017-05-05 23:51:46 <TemptorSent> Goodnight jirutka.
2017-05-05 23:51:52 <jirutka> and I’ll try to forget about this discussion
2017-05-06 02:48:59 <Shiz> ncopa: just packaged the whole shebang related to gpg-remailer :P
2017-05-06 02:49:06 <Shiz> silly people and their custom build systems...
2017-05-06 03:02:42 <Shiz> https://github.com/alpinelinux/aports/pull/1355
2017-05-06 03:02:44 <Shiz> :)
2017-05-06 03:46:34 <Shiz> don't merge that yet btw, i may wanna add an initscript to it
2017-05-06 11:10:45 <Shiz> jirutka ever diligent :P
2017-05-06 11:11:03 <jirutka> :)
2017-05-06 11:16:15 <jirutka> Shiz: build failed
2017-05-06 11:16:23 <Shiz> yeah just saw it
2017-05-06 11:16:46 <Shiz> working on it :)
2017-05-06 11:18:36 <Shiz> running new build
2017-05-06 12:14:52 <jirutka> Shiz: I’m crying… https://internals.rust-lang.org/t/pre-rfc-generalized-return-escape-continue-from-scopes/5173
2017-05-06 12:15:31 <Shiz> is this goto with a fancier syntax
2017-05-06 12:15:42 <jirutka> yes
2017-05-06 12:15:56 <jirutka> and look at this https://github.com/Ericson2314/rust-rfcs/blob/goto/text/0000-goto.md
2017-05-06 12:16:05 <jirutka> I hope that this will be never accepted
2017-05-06 12:39:51 <Shiz> jirutka: how does gpg-remailerl ook now?
2017-05-06 12:41:29 <jirutka> Shiz: look ok, just pls don’t prefix local variables with underscore; we use underscore prefix for global non-standard (i.e. not defined by abuild) variables
2017-05-06 12:42:01 <Shiz> whoops
2017-05-06 12:42:03 <Shiz> yeah i goofed a bit
2017-05-06 12:42:08 <Shiz> i knew that, just didn't think :P
2017-05-06 12:42:12 <Shiz> i'll rebase it
2017-05-06 12:42:33 <jirutka> I added S-WIP b/c you’ve mentioned here that you’ll add runscript
2017-05-06 12:43:19 <Shiz> yeah turns out there is no runscript anyway lol
2017-05-06 12:43:43 <Shiz> i'm considerig adding a post-install hook to add a user for gpg-remailer but im not sure if thats necessary
2017-05-06 12:44:06 <Shiz> it is intended to be ran as its own user, but otoh maybe its best left to the user to decide?
2017-05-06 12:44:51 <jirutka> it doesn’t matter if upstream provides some runscript or not ;)
2017-05-06 12:45:04 <jirutka> but if it’s typical to run the app as a daemon
2017-05-06 12:45:07 <Shiz> no i mean, it's not meant to be ran as daemon anyway
2017-05-06 12:45:09 <Shiz> :P
2017-05-06 12:45:35 <jirutka> but how are you gonna deploy it?
2017-05-06 12:45:55 <Shiz> it's meant to be invoked by your MTA
2017-05-06 12:45:58 <jirutka> aha
2017-05-06 12:46:13 <jirutka> okay, then runscript is indeed not needed
2017-05-06 12:46:17 <Shiz> https://txt.shiz.me/MDk2NjE3Mj
2017-05-06 12:46:19 <Shiz> like this :)
2017-05-06 12:46:25 <Shiz> at least, that's my non-tested config
2017-05-06 12:48:04 <jirutka> this can be simplified https://dpaste.de/NVzq/raw
2017-05-06 12:48:19 <Shiz> oh, nice
2017-05-06 12:48:28 <Shiz> the smtpd.conf manual seemed to imply it needed to be separate
2017-05-06 12:48:40 <jirutka> also I don’t think that it’s necessary nor good to run it on a separate domain ;)
2017-05-06 12:48:54 <Shiz> actually, it is
2017-05-06 12:49:08 <jirutka> I know, the manual is not accurate about this
2017-05-06 12:49:18 <Shiz> because else we need to hook deeply into alpine's existing infrastructure
2017-05-06 12:49:26 <Shiz> and the gpg-remailer would need to run on the same node as the main MTA
2017-05-06 12:49:26 <jirutka> I’ve seen this style in some examples and so tried it and it works, at least on 5.9, I haven’t tried 6.x yet
2017-05-06 12:49:31 <Shiz> while with this
2017-05-06 12:49:43 <Shiz> the main MTA can simply be configured to relay security@alpinelinux.org to security@security.alpinelinux.org
2017-05-06 12:49:46 <Shiz> which runs isolated :)
2017-05-06 12:50:00 <jirutka> not necessarily, you can relay security@alpinelinux.org from the main MTA to your
2017-05-06 12:50:02 <jirutka> yours
2017-05-06 12:50:14 <jirutka> aha, yeah XD
2017-05-06 12:50:20 <Shiz> yes thats what i'm doing :P
2017-05-06 12:50:47 <jirutka> but does it need TLS cert then?
2017-05-06 12:51:03 <jirutka> and will it even work? I guess that it will run on a private IP?
2017-05-06 12:51:10 <Shiz> it doesn't really need to
2017-05-06 12:51:16 <Shiz> the private IP, that is
2017-05-06 12:51:21 <Shiz> it can just run with the smtpd port publically-facing
2017-05-06 12:51:39 <Shiz> there's no need for network isolation there :P
2017-05-06 12:51:39 <jirutka> so I’m gonna merge PR#1355, okay?
2017-05-06 12:51:54 <Shiz> jirutka: before you do, any opinions on the creating a user thing?
2017-05-06 12:51:55 <jirutka> algitbot: be quiet, this is not useful here :P
2017-05-06 12:52:28 <jirutka> Shiz: since there’s no runscript, I don’t think you should create a user in abuild
2017-05-06 12:52:34 <Shiz> yeah makes sense
2017-05-06 12:52:46 <Shiz> fine by me then \o/
2017-05-06 14:38:05 <ncopa> seems like iputils' ping is broken on build-edge-s390x
2017-05-06 14:38:17 <ncopa> but i have fixed busybox ping
2017-05-06 14:38:27 <ncopa> kernel need ping_group_range
2017-05-06 14:38:28 <Shiz> :)
2017-05-06 14:38:31 <ncopa> and its ubuntu kernel
2017-05-06 14:38:46 <ncopa> i still wonder why iputils ping is broke
2017-05-06 14:39:11 <ncopa> build-edge-s390x:~$ ping -c1 127.0.0.1
2017-05-06 14:39:11 <ncopa> PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
2017-05-06 14:39:11 <ncopa> ping: sendmsg: Invalid argument
2017-05-06 14:41:34 <ncopa> sendmsg(3, {msg_name={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("8.8.8.8")}, msg_namelen=16, msg_iov=[{iov_base="\10\0J\373\342\323\0\7\0\0\0\0Y\r\3406\0\0\0\0\0\3\322\17\20\21\22\23\24\25\26\27"..., iov_len=64}], msg_iovlen=1, msg_control=[{cmsg_len=0, cmsg_level=0x8 /* SOL_??? */, cmsg_type=0}, 0x3ffdc5fd7e0], msg_controllen=28, ms
2017-05-06 14:41:34 <ncopa> g_flags=0}, 0) = -1 EINVAL (Invalid argument)
2017-05-06 14:57:10 <Shiz> maybe the cmsg_level arg?
2017-05-06 15:01:54 <Shiz> SOL_* for 0x8 doesn't seem defined
2017-05-06 15:01:58 <Shiz> that i can see
2017-05-06 15:02:04 <Shiz> ncopa: what version of iputils is this?
2017-05-06 15:02:08 <ncopa> old
2017-05-06 15:02:36 <Shiz> :P
2017-05-06 15:02:49 <Shiz> btw the remailer thing is mostly set up
2017-05-06 15:02:52 <Shiz> am just testing it  now
2017-05-06 15:02:55 <ncopa> nice
2017-05-06 15:02:58 <ncopa> https://git.alpinelinux.org/cgit/aports/tree/main/iputils
2017-05-06 15:03:25 <Shiz> that's pretty old yeah
2017-05-06 15:03:28 <ncopa> https://git.alpinelinux.org/cgit/aports/tree/main/iputils/net-misc_iputils_files_iputils-20121221-fix-init-elemnt.patch
2017-05-06 15:04:07 <Shiz> the value of cmsg is the mportant one
2017-05-06 15:04:09 <Shiz> lemme check
2017-05-06 15:05:09 <ncopa> maybe i should try upgrade it
2017-05-06 15:05:14 <Shiz> the new version on github doesnt use the cmsg stuff
2017-05-06 15:05:16 <Shiz> so maybe :)
2017-05-06 15:05:26 <ncopa> new version is refactored
2017-05-06 15:05:37 <ncopa> and i think it supports ping sockets
2017-05-06 15:06:09 <ncopa> its possible the cmsg struct is not properly initialized
2017-05-06 15:06:47 <Shiz> yeah it looks like it
2017-05-06 15:06:51 <Shiz> see the struct on top of ping.c
2017-05-06 15:12:11 <ncopa> looks like there is a "new" version of the implementation we use
2017-05-06 15:12:13 <ncopa> https://wiki.linuxfoundation.org/networking/iputils
2017-05-06 15:12:20 <ncopa> there is a 2015 version
2017-05-06 15:12:50 <ncopa> but i wonder if we should just switch to the github.com/iputils/iputils version
2017-05-06 15:13:04 <ncopa> or we just fix the one we have
2017-05-06 15:13:55 <ncopa> yes i think you are right
2017-05-06 15:14:01 <ncopa> the initialization is bad
2017-05-06 15:19:27 <ncopa> Shiz you are very correct. fixing it make it work
2017-05-06 15:19:56 <ncopa> http://tpaste.us/Be0o
2017-05-06 15:25:50 <Shiz> :)
2017-05-06 15:27:00 <Shiz> finding hidden gpg-remailer dependencies
2017-05-06 16:27:12 <Shiz> does adding dependencies to a package warrant a pkgrel bump?
2017-05-06 16:27:22 <Shiz> not related to the build process, just adding missing stuff to depends=
2017-05-06 16:40:47 <clandmeter> Yes
2017-05-06 16:41:12 <clandmeter> Else it doesn't get build
2017-05-06 16:41:39 <Shiz> gotcha
2017-05-06 17:08:09 <hiro> why do we even have that debian style, but not, /etc/network stuff?
2017-05-06 17:08:56 <hiro> is there a history to this that i can read about?
2017-05-06 17:09:48 <Shiz> it's what busybox ifup/ifdown supports
2017-05-06 17:11:39 <jirutka> hiro: we have /etc/network stuff, or what exactly do you mean?
2017-05-06 17:11:48 <Shiz> they mean /etc/network/interfaces
2017-05-06 17:11:50 <Shiz> i presume
2017-05-06 17:11:52 <Shiz> why we use it
2017-05-06 17:13:18 <hiro> correct, why do we have it?
2017-05-06 17:13:42 <Shiz>   Shiz │ it's what busybox ifup/ifdown supports
2017-05-06 17:13:44 <Shiz> that's why :P
2017-05-06 17:13:45 <jirutka> ncopa: yeah, IMO we should upgrade to iputils/iputils; about almost a year ago author of this fork caught me at some conference and recommended to upgrade to this version, it does support musl without patches and some other goodies
2017-05-06 17:13:45 <hiro> all it seems to result in is users trying to apply their debian stackexchange answers to perceived problems
2017-05-06 17:13:56 <jirutka> we have /etc/network/interfaces…
2017-05-06 17:14:01 <Shiz> yes that is the point
2017-05-06 17:14:06 <jirutka> maybe this file is not here by default
2017-05-06 17:14:06 <Shiz> hiro seems to be of the opinion that we shouldn't
2017-05-06 17:14:10 <Shiz> :P
2017-05-06 17:14:14 <hiro> yes.
2017-05-06 17:14:35 <Shiz> we have it because busybox supports it and it's thus the easiest way of supporting network setup
2017-05-06 17:14:43 <jirutka> I agree, I don’t like this debian-style setup as well
2017-05-06 17:14:58 <hiro> i know the manual way, the debian way, the openwrt way
2017-05-06 17:15:05 <Shiz> in fact all the networking initscript does is for if in $ifaces ; do ifup $if ; done
2017-05-06 17:15:10 <jirutka> but what alternatives we have? I was happy with netifrc on Gentoo, but its implementation is very hackish (very complex shell scripts)
2017-05-06 17:15:14 <Shiz> with some stuff around it
2017-05-06 17:15:14 <hiro> the openwrt being the most magic and powerful of the automatic ones...
2017-05-06 17:15:20 <Shiz> i don't like magic
2017-05-06 17:15:26 <hiro> and openwrt still doesn't do what i want, so i end up writing my own scripts instead
2017-05-06 17:15:44 <Shiz> doesn't the openwrt stuff also deeply integrate with its ubus stuff
2017-05-06 17:15:51 <jirutka> btw not sure how many ppl know about it, you can create symlinks for each interface, e.g. net.eth0 → networking, net.eth1 → networking, … and start them separately
2017-05-06 17:16:44 <hiro> i have a few short awk scripts that parse ip monitor, wpa_supplicant, tunnel program and ping stats, and call some iproute2 magic with ip rule and in one case even with network namespaces.
2017-05-06 17:16:50 <hiro> all this shit is really easy to do
2017-05-06 17:17:00 <hiro> but if there's too much automagic stuff, users get discouraged to try on their own.
2017-05-06 17:17:07 <jirutka> I know how to setup basically anything, including bodings and ppoe using netifrc, I have no idea even how to force dhcp client to not mess with default gateways in routing table, when I have multiple interfaces with dhcp…
2017-05-06 17:17:40 <hiro> 19:15  Shiz doesn't the openwrt stuff also deeply integrate with its ubus stuff
2017-05-06 17:17:41 <jirutka> (how to force… using that debian config)
2017-05-06 17:17:47 <hiro> yes, ubus is a problem imo.
2017-05-06 17:17:49 <Shiz> lol we're not going to force everyone to do their network config manually
2017-05-06 17:17:51 <jirutka> afk
2017-05-06 17:18:57 <Shiz> hmm
2017-05-06 17:20:53 <hiro> ok
2017-05-06 17:35:36 <Shiz> jirutka: could you look at PR 1356 when you return? it's blocking my work on gpg-remailer :)
2017-05-06 18:01:17 <jirutka> hiro: could you please share your network scripts? I’d like to see them for inspiration
2017-05-06 18:02:29 <Shiz> jirutka: PR updated :)
2017-05-06 18:02:39 <Shiz> and the libressl PR LGTM, but i'm going to try to repro it locally first
2017-05-06 18:02:42 <Shiz> the issue they are having
2017-05-06 18:09:03 <jirutka> Shiz: why have you declared replaces="mailx"?
2017-05-06 18:09:15 <Shiz> because they both provide the same binary
2017-05-06 18:09:18 <Shiz> /usr/bin/mail
2017-05-06 18:09:27 <Shiz> i looked at gnupg1 and gnupg packages to see how to deal that
2017-05-06 18:09:29 <jirutka> Shiz: then they should be in conflict imo
2017-05-06 18:09:29 <Shiz> which did that
2017-05-06 18:09:37 <jirutka> depends="!mailx"
2017-05-06 18:09:44 <Shiz> well, gnupg1 did replaces= and provides= for gnupg
2017-05-06 18:09:50 <Shiz> that's where i took my inspiration from :P
2017-05-06 18:10:24 <jirutka> well, gnupg1 is a replacement for gnupg; is mailutils really a replacement for mailx?
2017-05-06 18:10:45 <Shiz> mailx only has /usr/bin/mail, mailutils's /usr/bin/mail is a superset of mailx's
2017-05-06 18:10:48 <Shiz> so, in a way
2017-05-06 18:10:53 <jirutka> aha, okay
2017-05-06 18:12:04 <jirutka> but it definitely should not `provides="mailx-$pkgver-r$pkgrel"`,
2017-05-06 18:12:36 <jirutka> hm, I’m not 100% sure in this case tbh
2017-05-06 18:13:29 <Shiz> me neither :P
2017-05-06 18:15:03 <jirutka> okay, I’ll remove provides, merge it, so you can continue with work, and ask someone before moving to community :)
2017-05-06 18:15:16 <Shiz> :)
2017-05-06 18:15:26 <Shiz> maybe fabled or ncopa knows better
2017-05-06 18:15:51 <jirutka> yeah
2017-05-06 18:16:01 <jirutka> btw it’s replaces, not replace ;)
2017-05-06 18:16:46 <Shiz> 
ACTION shoots himself

2017-05-06 18:18:29 <jirutka> hey, not needed to shoot, it’s not a big deal ;)
2017-05-06 18:18:44 <Shiz> :P
2017-05-06 18:21:37 <jirutka> hm, GH has some trouble with webhooks apparently
2017-05-06 18:22:51 <jirutka> afk
2017-05-06 18:23:15 <Shiz> :)
2017-05-06 19:11:34 <Shiz> wee, gpg-remailer sends mails
2017-05-06 19:58:42 <Shiz> the remailer/re-encrypter works :)
2017-05-06 20:18:03 <student0> So you're the team that's keeping the ol' GRSEC patch alive! What's the new name gonna be?
2017-05-06 20:19:10 <Shiz> are we?
2017-05-06 20:20:21 <student0> last I heard. On Arch, Gentoo, even a GRSecurity rep pointed me this way. And when I get here, there's all these notices about GRSEC kernels all over the place!
2017-05-06 20:21:43 <student0> Wait, Shiz, you did hear about this? https://grsecurity.net/passing_the_baton_faq.php
2017-05-06 20:22:05 <Shiz> i think most people involved in hardening did, yea
2017-05-06 20:22:37 <Shiz> only thing i can tell you is that we'll be maintaining 4.9.x as part of our 3.6 release cycle
2017-05-06 20:22:41 <Shiz> that package is just called linux-hardened
2017-05-06 20:23:00 <Shiz> there are no concrete plans beyond that, but i somehow doubt they involve grsec
2017-05-06 20:23:33 <student0> Yeah. I'm from Gentoo and Arch. Haven't had the chance to contribute much.
2017-05-06 20:24:31 <_ikke_> They renamed the grsec flavored kernel to hardened
2017-05-06 20:24:32 <student0> But I'm not interested in letting that linux-hardened package go out of date after your 3.6 release cycle. That technology just has too much protection that I haven't found anywhere else.
2017-05-06 20:24:50 <_ikke_> right
2017-05-06 20:26:34 <student0> I'm down to help refactor the patch to keep up with newer kernels. But since the patch itself is a text file that's ~1.6x the collected works of Shakespeare (in .txt form), I'm not trying to do it alone.,
2017-05-06 20:27:46 <student0> Am I in the right irc chat?
2017-05-06 20:27:51 <_ikke_> yes
2017-05-06 20:28:09 <Shiz> i've already been splitting up the grsec patch myself in fact
2017-05-06 20:28:19 <Shiz> however, just splitting it up is not enough to be actually able to maintain it
2017-05-06 20:28:20 <student0> From my username, you can guess that I have a student license for CLion.
2017-05-06 20:28:53 <_ikke_> the IJ IDE for C?
2017-05-06 20:29:12 <student0> the one that's considered the best in the industry for practically automating refactoring code.
2017-05-06 20:30:05 <Shiz> the C IDE that doesn't support make?
2017-05-06 20:30:06 <student0> The company that releases it is Jetbrains.
2017-05-06 20:30:07 <Shiz> lol
2017-05-06 20:30:41 <student0> Uhm, I dunno what you heard, but I don't use it without Make.
2017-05-06 20:31:00 <Shiz> last i heard it only did cmake
2017-05-06 20:31:02 <Shiz> anyway, like i said
2017-05-06 20:31:21 <_ikke_> kaniini did try something with pax, but he got frustrated
2017-05-06 20:31:30 <Shiz> i've been splitting up the patches to gain understanding about grsec, but i don't particularly have the hope of understanding it fully even in time when 3.6 is EOL
2017-05-06 20:31:39 <Shiz> grsec and pax are tightly integrated into the kernel tree
2017-05-06 20:31:46 <student0> how well do you know the kernel?
2017-05-06 20:31:50 <Shiz> you kinda need deep understanding of how they work to maintain them across kernel versions
2017-05-06 20:32:08 <Shiz> what areas of the kernel they affect, how they affect them, what new code may need new protection or annotations
2017-05-06 20:32:08 <kaniini> and the grsec patches claim another victim
2017-05-06 20:32:19 <Shiz> _ikke_: now you've done it :P
2017-05-06 20:32:51 <kaniini> i wonder who shall be next
2017-05-06 20:32:53 <Shiz> i've written kernel code before, so that counts for something i guess
2017-05-06 20:34:23 <kaniini> writing kernel code isn't enough when the patch literally rewrites hundreds of thousands of variable declarations
2017-05-06 20:34:52 <Shiz> yep
2017-05-06 20:35:09 <Shiz> like i said, i don't particularly have hopes of understanding it even over the course of two years
2017-05-06 20:35:50 <kaniini> that's the problem really.  which variable declarations go to what feature.
2017-05-06 20:36:07 <Shiz> » ./scripts/progress.sh
2017-05-06 20:36:09 <Shiz> split hunks: 1515 (13.9%)
2017-05-06 20:36:11 <Shiz> remaining hunks: 9376
2017-05-06 20:36:13 <Shiz> :P
2017-05-06 20:36:43 <Shiz> actually, that's been mostly okay so far
2017-05-06 20:36:55 <Shiz> i've had more annoyance with manually splitting a single hunk into features that belong to different things
2017-05-06 20:37:17 <student0> @kaniini - I've got some experience refactoring patches. My current setup includes greysky2's gcc native optimization patch (which I had to update myself), some wireless injection patches from kali, Grsec, zfs, one better support of my chipset's heat sensors - that one was fun to bring back up from the olden days of 3.18
2017-05-06 20:37:47 <Shiz> well, security is kinda different than specific patches like zfs or kali
2017-05-06 20:37:51 <Shiz> grsecurity*
2017-05-06 20:37:53 <Shiz> because it touches EVERYTHING
2017-05-06 20:38:06 <Shiz> and you can't just test it by 'it compiles/it boots, must work'
2017-05-06 20:38:16 <Shiz> as in a lot of things with security, there's no feedback loop
2017-05-06 20:38:19 <kaniini> that one is hard too yes
2017-05-06 20:38:26 <student0> Good thing I'm in the middle of getting my OSCP then.
2017-05-06 20:38:32 <Shiz> your feebdack loop is 'your box is pwed', not 'my kernel panics because it can't find the zfs rootfs'
2017-05-06 20:38:52 <Shiz> and for us, that would extend to
2017-05-06 20:38:55 <Shiz> 'every box running alpine is pwned'
2017-05-06 20:38:57 <Shiz> :P
2017-05-06 20:39:29 <Shiz> kaniini: speaking of invasive patches, how about that rap
2017-05-06 20:39:30 <Shiz> lol
2017-05-06 20:39:39 <student0> Yeah. That's nice. Lets write a script that'll automate a series of metasploit attacks.
2017-05-06 20:40:00 <Shiz> i think my rap-x86-asm-fixes.patch is like 3-5k lines on its own
2017-05-06 20:40:48 <kaniini> Shiz: i think W^X LSM and building the kernel with CFI is a pretty good start at a modern grsecurity replacement effort
2017-05-06 20:41:00 <jirutka> Shiz: I have academic license for JetBrains as well, if you need ;)
2017-05-06 20:41:18 <Shiz> i'm happy with my current editor, thanks
2017-05-06 20:43:12 <Shiz> kaniini: did you see strcat's thing?
2017-05-06 20:43:23 <student0> @Shiz, when a Penetration Tester that wants to maintain your patches wanders into your IRC, the conversation on testing no longer ends at "well, it compiles, but we don't know what else".
2017-05-06 20:43:59 <student0> Ima go afk for a sec.
2017-05-06 20:44:35 <kaniini> student0: with all due respect most "penetration testers" are just losers who fire up kalilinux and run some scripts.  sooooooo
2017-05-06 20:49:26 <student0> kaniini - I'm glad you understand how simple this whole thing can be on my end.
2017-05-06 20:53:02 <student0> But, if you're interested in a budding professional who delivers reports from those scripts' results to a Fortune 500 company to audit their security, and I want the kernel patches that I've tested as providing the most resilience to stay open in the community?
2017-05-06 20:54:53 <student0> The fact is, the GRSEC patch addresses a wide measure of vulnerabilities, but a finite (and constantly updating) set of vulnerabilities becomes the best test. You still need to know which scripts to run to test which holes are closed.
2017-05-06 20:57:18 <student0> Yep, I'm a bit arrogant. But I'm down to help if you're interested in actually keeping that patchset maintained and *tested* properly.
2017-05-06 20:59:05 <hiro> student0: last i looked grsec seemed completely useless, are there any news apart from that you upgraded your metasploit?
2017-05-06 20:59:06 <student0> And I *do* know my way around the kernel better than most any loser that'll just throw scripts at shit to see what sticks.
2017-05-06 21:01:24 <student0> hiro - Granted, this is from GRSec, but unless you've got a better option for the kinds of protections listed (USB port protection is trivially easy with USBkill) I'm reluctant to call GRSec useless: https://grsecurity.net/compare.php
2017-05-06 21:01:55 <student0> And it stacks well with SELinux and/or apparmor.
2017-05-06 21:02:27 <student0> I'm the idiot that likes to run all three at once, and maintain the configs of each regularly..
2017-05-06 21:03:07 <hiro> i never said selinux is useful in any way
2017-05-06 21:03:53 <student0> You either don't have to, or you're not qualified for this conversation.
2017-05-06 21:04:17 <hiro> i am not qualified
2017-05-06 21:04:23 <hiro> cause you are a professional
2017-05-06 21:04:38 <hiro> and i'm just a kid who hates complex solutions to imaginary problems
2017-05-06 21:04:57 <hiro> but ok, you probably also get more money than me, so i'll shut up
2017-05-06 21:05:06 <student0> Remember that abstract and imaginary are very different things.
2017-05-06 21:06:23 <student0> At the moment? I'm terribly underpaid for what I do. Living in a gov't heavy area, and being denied a clearance will do that. Hence why Im in school too. Hacking is fun, but you suck until you know how to build whatever it is you're supposed to take down/apart.
2017-05-06 21:09:06 <student0> My favorite attack for when I need to destroy hardware is a sabotaged kernel module for reading temperature sensors.
2017-05-06 21:12:09 <student0> I discovered the vulnerability by accident... but hey, once I got that motherboard back from the manufacturer, there was no reason not to weaponize my personal mistake.
2017-05-06 21:14:19 <kaniini> blah blah blah
2017-05-06 21:15:14 <student0> awww, you mean I don't get to join the club just by showing up, mentioning creds, and asking politely? lol
2017-05-06 21:15:24 <kaniini> i'm interested in real solutions, not more grsec trolling
2017-05-06 21:16:04 <student0> To my knowledge, grsec is a real solution. It just needs to be refactored to keep up with new kernel releases, and tested appropriately.
2017-05-06 21:17:59 <student0> And industry certified Penetration Tester that refactors his own kernel patchset wanders in wanting to help with that, and you're not interested? Eh, after having to say "President Trump", I'm prepared for the disappointment.
2017-05-06 21:20:58 <kaniini> grsec is a real solution, that comes with a giant stream of dumbass script kiddies telling us what to do and when to do it
2017-05-06 21:20:59 <kaniini> so with all due respect a lot of us are pretty much over dealing with that
2017-05-06 21:23:38 <student0> That's fair.
2017-05-06 21:24:57 <kaniini> so yes absolutely in this case flashing creds just shows me ego, and therefore i can't say i'm terribly interested until i see tangible things backed by a community that isn't as fucked as the grsec one
2017-05-06 21:25:48 <kaniini> we would obviously love to see grsec features reimplemented in a clean way, but we don't ever want to work with another spender
2017-05-06 21:26:10 <kaniini> is the bottom line
2017-05-06 21:26:15 <student0> I'm not familiar with spender.
2017-05-06 21:27:09 <kaniini> he is not the most pleasant person in the world to work with
2017-05-06 21:27:13 <student0> then, any suggestions on where I can find a pile of those script kiddies that want GRSEC, but will actually contribute?
2017-05-06 21:27:35 <kaniini> lmao good luck
2017-05-06 21:28:42 <kaniini> we don't actually want grsec itself
2017-05-06 21:28:44 <kaniini> we want something that is actually viable to maintain
2017-05-06 21:28:46 <kaniini> as has been demonstrated giant monolithic patches are not very maintainable now are they
2017-05-06 21:28:58 <student0> if the patch weren't 1.5x the size of the collected works of Shakespeare in text, I'd just take a stab at doing it myself.
2017-05-06 21:30:34 <kaniini> when spender first started going bonkers we started prototyping some aspects of grsec that we wanted
2017-05-06 21:30:58 <kaniini> when time permits we will probably engage the KSPP guys to see if they can take those prototypes and flesh them out
2017-05-06 21:31:49 <student0> cool. What parts are you considering trying to port?
2017-05-06 21:33:40 <kaniini> MPROTECT (as LSM)
2017-05-06 21:34:03 <student0> that's gonna be a huge project on its own, right there.
2017-05-06 21:34:17 <kaniini> not really
2017-05-06 21:34:25 <student0> oh?
2017-05-06 21:34:34 <kaniini> i implemented an MPROTECT LSM 5 years ago
2017-05-06 21:34:39 <kaniini> did quite well
2017-05-06 21:34:47 <student0> nice!
2017-05-06 21:35:33 <student0> Not touching PaX at all?
2017-05-06 21:36:19 <kaniini> and people do underrate selinux
2017-05-06 21:36:19 <kaniini> yes it's entirely awful to work with
2017-05-06 21:36:20 <kaniini> but it shows how powerful LSMs are capable of being
2017-05-06 21:37:19 <kaniini> what part of PaX?  MPROTECT is part of PaX.  sigh...
2017-05-06 21:37:42 <kaniini> there's a lot of PaX that is largely increasingly support for legacy platforms
2017-05-06 21:37:50 <kaniini> to emulate what is now hardware features
2017-05-06 21:38:00 <kaniini> and no i'm not at all interested in any of that
2017-05-06 21:38:31 <kaniini> every day the value for difficulty ratio drops further
2017-05-06 21:39:18 <student0> One of the things that has had me sold on GRsec for so long was that it could be used with other LSMs, including SELinux. Can your MProtect module do that? What might be involved in maintaining that feature to it?
2017-05-06 21:40:30 <kaniini> student0: UDEREF is worth implementing, but it looks like the KSPP guys are already working on it.
2017-05-06 21:40:31 <kaniini> student0: MPROTECT does not need to stack with SELinux
2017-05-06 21:41:06 <kaniini> student0: you would just implement W^X as an SELinux policy (the default policies already implement this, even)
2017-05-06 21:41:07 <kaniini> student0: a lot of the stuff on the grsecurity website is bullshit, really
2017-05-06 21:41:28 <kaniini> student0: keep in mind they want you to drop $500/mo/server on it, so they are going to mindfuck you a bit
2017-05-06 21:44:34 <student0> that's fair. Yet, it did seem like there was more going on past mprotect, and legacy-keeping. Was everything past that all smoke and mirrors?
2017-05-06 21:46:33 <kaniini> uderef is really a good feature to take
2017-05-06 21:46:46 <kaniini> a lot of PaX though is mitigation against hypothetical situations
2017-05-06 21:47:07 <student0> eh... some of them have gotten less and less hypothetical...
2017-05-06 21:47:13 <kaniini> so it is hard to assess value
2017-05-06 21:47:19 <kaniini> because some have gotten less hypothetical, yes
2017-05-06 21:47:41 <kaniini> either way, to succeed in getting security mitigations into a shape where they are maintainable, you have to do it incrementally.
2017-05-06 21:48:25 <kaniini> by far, MPROTECT and UDEREF are the key PaX features.  other features can likely be achieved in more sustainable ways, such as compiling the kernel with clang and it's Control Flow Integrity plugin (which is in some ways similar to RAP)
2017-05-06 21:49:39 <student0> yeah, that USBkill script isn't hard to follow, on its own. But finding GRSec's implementation in that giant wall of patch... 0___0
2017-05-06 21:50:47 <kaniini> but you get into really wacky shit like
2017-05-06 21:50:48 <kaniini> "protection against a loaded kernel module overwriting an LSM's vtable"
2017-05-06 21:51:21 <kaniini> which then some grsec "enthusiasts" incorrectly draw the conclusion that PaX will protect them from this
2017-05-06 21:51:41 <kaniini> when the correct fix is "don't allow loading any new kernel modules to begin with"
2017-05-06 21:51:55 <kaniini> which comes back to having appropriate system policy
2017-05-06 21:53:37 <kaniini> student0: you may find https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project useful if you want to contribute to something right now
2017-05-06 21:59:05 <student0> that nuclear option on loadable modules can be drastic outside of a server environment. Last I had played with it, GRSEC made overwriting SELinux's vtable more opaque when I attacked it on my own system. Maybe I had SELinux set up wrong, maybe they've fixed it since then. But to my knowledge, the patch did add protection in that particular case.
2017-05-06 22:00:07 <kaniini> anyway
2017-05-06 22:00:27 <kaniini> MPROTECT LSM, brute-force protection and a few other things i already have patches for
2017-05-06 22:00:28 <kaniini> ;)
2017-05-06 22:02:52 <student0> It wasn't the magic perfect protection that people make it out to be, but it'll stop a script kiddie and slow down just about anyone.
2017-05-06 22:06:27 <student0> But I'm going to need some time looking around correlating what compile options reference what parts of the patch. I've always just trusted that patch implicitly, without really looking under the hood... I'm ashamed to admit that. But I know my way around the kernel.
2017-05-06 22:07:14 <student0> Say, for sortof informally diagramming the patch's functionality in my head, is there anything that I wouldn't find by searching in the menuconfig section?
2017-05-06 22:07:49 <student0> And yeah, the ol' Unix philosophy is absolutely superior.
2017-05-06 22:19:01 <student0> kaniini - where would I find your patches posted publicly?
2017-05-06 22:39:26 <kaniini> i do not presently have anything posted publicly.
2017-05-06 22:39:34 <kaniini> that will come later, as time permits
2017-05-06 22:39:40 <kaniini> as i need to rebase them anywasy
2017-05-07 01:34:55 <xentec> why do I always get bugs on alpine which seem impossible? today: 0 sized meta packages listed in armhf index (x86_64 lists 4096) which apk is not able correctly
2017-05-07 02:19:30 <xentec> well that was funny. I hacked abuild to build my packages in /tmp (tmpfs) which returns a size of 0 (instead of 4) for $pkgdir and therefore the whole package
2017-05-07 02:21:06 <xentec> thats one mystery solved but I still wonder, what makes apk behave "drunk" when it sees a 0 byte package
2017-05-07 02:46:20 <kaniini> humm
2017-05-07 02:46:28 <kaniini> can you tell me how you created the 0 byte package?
2017-05-07 02:51:14 <kaniini> oh i see.  use a tmpfs
2017-05-07 04:08:11 <TemptorSent> kaniini: Would you mind throwing some test cases at this when you get a chance? http://termbin.com/q6b6
2017-05-07 04:09:43 <TemptorSent> It's a simple tree-growth implementation that should be ~O(3N)
2017-05-07 04:10:57 <TemptorSent> Accepts deps in tab separated format, first column is the target, remainder are immediate deps.
2017-05-07 04:11:35 <TemptorSent> Builds complete dep chain for each target starting from root targets (those with only an entry in the first column)
2017-05-07 04:11:54 <TemptorSent> Can also build the broken dep chain
2017-05-07 04:12:55 <TemptorSent> So not a SAT solver, but also not NP complete complexity.
2017-05-07 04:15:11 <TemptorSent> To test, source the file and cat deplist to it.
2017-05-07 04:15:42 <TemptorSent> options to control which lists are printed are fwd-deps, broken-deps, fwd-raw, rev-raw
2017-05-07 15:39:33 <BitL0G1c> can nginx-naxsi be pulled please ?
2017-05-07 16:02:12 <pickfire> kaniini: I need help!
2017-05-07 16:02:43 <pickfire> Can main/python[2-3]-tkinter be moved to main/py[2-3]-tkinter?
2017-05-07 16:02:59 <pickfire> I think it is better to keep those python modules py-
2017-05-07 16:04:37 <pickfire> I have added some added/updated some python packages, some will break stuff.
2017-05-07 16:05:05 <pickfire> But I don't get to split py3-numpy into py3-numpy-dev, not sure how.
2017-05-07 16:11:05 <pickfire> I hope d5409f57dd274647052e4a4d2057e1232a2a36a6 don't fix it that way.
2017-05-07 16:16:55 <jirutka> BitL0G1c: what modules from nginx-naxsi do you currently use/need?
2017-05-07 16:37:49 <BitL0G1c> jirutka - I would like nginx without pax disabled - my server gets brute forced all the time
2017-05-07 17:31:34 <Shiz> ncopa: i think the gpg-remailer infra is fully done
2017-05-07 17:31:42 <Shiz> including automation :P
2017-05-07 18:35:43 <Shiz> clandmeter: ping
2017-05-07 18:56:12 <clandmeter> pong
2017-05-07 21:04:06 <nidan_> Hello. =)
2017-05-07 21:08:01 <nidan_> I'm trying to compile glibc 2.25 on Alpine, keeping it in /opt (done this before with 2.22 on an older Alpine), but now I get a relocation error.
2017-05-07 21:08:35 <nidan_> After a ton of googling it seems to be related to gcc's hardened specs, but I'm not sure.
2017-05-07 21:09:53 <nidan_> It's rather weird as the command line (abbr.) is: gcc -nostdlib -nostartfiles -static -o ... some objs n' so ... crtn.o
2017-05-07 21:11:14 <nidan_> And the error it spits out is: .../ld: .../crt1.o: relocation R_X64_64_32S against symbol `__libc_csu_fini` can not be used when making a shared object; recompile with -fPIC
2017-05-07 21:11:51 <nidan_> But I'm rather certain that glibc's makefile doesn't lack -fPIC where necessary, AND the commandline has -static on it..
2017-05-07 21:12:59 <nidan_> Only thing I've found that seem to, perhaps, be relevant is https://bugzilla.redhat.com/show_bug.cgi?id=1304277#c1
2017-05-07 21:24:41 <nidan_> Could the specs for gcc and ld differ in alpine?
2017-05-07 21:24:52 <nidan_> Longshot...
2017-05-07 21:28:00 <jirutka> <nidan_>: I'm trying to compile glibc 2.25 on Alpine … Don’t. Just don’t.
2017-05-07 21:28:27 <nidan_> jirutka: I know the pain. But it's not an option to me unfortunately. =/
2017-05-07 21:28:51 <jirutka> nidan_: then use glibc-based distro
2017-05-07 21:28:55 <nidan_> jirutka: 2.22 worked on edge a couple of months (before 3.5) ago.
2017-05-07 21:29:12 <nidan_> jirutka: Not an option either.
2017-05-07 21:29:33 <jirutka> then Linux From Scratch…?
2017-05-07 21:29:50 <Shiz> im not sure what causes the issue you're encountering
2017-05-07 21:30:22 <Shiz> but it may be that glibc doesn't like static PIE
2017-05-07 21:30:27 <nidan_> That's an option in the long run, not right now though. I have a program that REALLY needs glibc that runs fine with glibc in /opt.
2017-05-07 21:30:48 <nidan_> Shiz: I'm rusty, fill me in?
2017-05-07 21:31:47 <Shiz> would this perhaps be more useful to you? https://github.com/sgerrand/alpine-pkg-glibc
2017-05-07 21:31:58 <Shiz> im afraid otherwise we can't really help you either
2017-05-07 21:33:26 <nidan_> Shiz: Probably, thanks for the hint!
2017-05-07 21:34:08 <Shiz> also, re: static PIE: the alpine toolchain supports statically linked PIE binaries which create a different ELF output type
2017-05-07 21:34:22 <Shiz> that may interfere with build processes that tinker with low-level details like detials of the generated ELF files
2017-05-07 21:34:28 <Shiz> may be that glibc's build process doesn't like that
2017-05-07 21:35:57 <Shiz> anyway, standard disclaimer from jirutka applies to above
2017-05-07 21:36:08 <Shiz> we don't support glibc, so any frustrations that arise from dealing with it are purely your own :P
2017-05-07 21:37:42 <nidan_> Shiz: Thanks.
2017-05-07 21:37:56 <nidan_> Shiz: Yeah, I know, just looking for hints. =)
2017-05-07 21:38:38 <nidan_> Come to think of it, it's been a long time since I tried that other software with libc6-compat, maybe it will work today. =)
2017-05-07 21:38:48 <nidan_> Spoken like a true optimist! =)
2017-05-07 21:39:14 <Shiz> :)
2017-05-07 21:39:44 <Shiz> if it's software you have source code for, i'll even help you porting it to musl and packaging it if that takes you away from glibc on alpine
2017-05-07 21:39:46 <Shiz> :P
2017-05-07 21:41:46 <nidan_> Shiz: I don't unfortunately.. I might be able to pull a few strings to get them to release a version that doesn't depend on glibc but I wouldn't get my hopes up. =/
2017-05-08 14:03:18 <clandmeter> kunkku, what is the private directory useful for in awall?
2017-05-08 15:32:13 <kunkku> clandmeter: it is for building modular policies
2017-05-08 15:32:37 <clandmeter> kunkku hi
2017-05-08 15:32:43 <kunkku> the private policies are not shown in the UI but may be imported by other policies
2017-05-08 15:33:00 <clandmeter> ok
2017-05-08 15:33:09 <clandmeter> did something change with importing?
2017-05-08 15:33:29 <kunkku> not recently
2017-05-08 15:33:50 <clandmeter> i think i had some old policies around
2017-05-08 15:34:57 <clandmeter> which were including base policies, but it seems to work fine now without importing them.
2017-05-08 15:36:58 <clandmeter> kunkku, if i define variables in an optional policy, they are automatically included in other optional policies?
2017-05-08 15:37:12 <kunkku> yes, variables are global
2017-05-08 15:37:54 <kunkku> if defined in multiple policies, the one processed later takes precedence
2017-05-08 15:38:05 <ncopa> hi kunkku
2017-05-08 15:38:22 <ncopa> what do you think about optional yaml support to awall
2017-05-08 15:38:28 <ncopa> something like this: http://tpaste.us/1vBE
2017-05-08 15:38:54 <kunkku> ncopa: why not.. Just haven't had time to work on that
2017-05-08 15:39:37 <kunkku> clandmeter: in which directory is your base policy stored?
2017-05-08 15:40:05 <clandmeter> currently all my policies are in optional
2017-05-08 15:40:16 <Shiz> eww yaml :(
2017-05-08 15:40:58 <kunkku> clandmeter: the base policy should not be imported automatically unless enabled by 'awall enable' or imported by another policy
2017-05-08 15:46:05 <clandmeter> ok
2017-05-08 15:57:06 <ncopa> Shiz yaml is nicer than json for hand written definitions
2017-05-08 15:57:34 <Shiz> yes but so is toml
2017-05-08 15:57:41 <Shiz> and yaml is a bug bulky gross insecure format :(
2017-05-08 15:58:45 <ncopa> my impression of toml was that its not that nice for nested structures?
2017-05-08 16:00:04 <Shiz> i liked it
2017-05-08 16:00:06 <Shiz> :p
2017-05-08 16:00:18 <Shiz> being able to do [mystruct.somesubthing.hello] is nice
2017-05-08 16:00:35 <ncopa> oh we even have lua-toml
2017-05-08 16:07:02 <Shiz> https://www.python.org/dev/peps/pep-0518/#other-file-formats
2017-05-08 16:07:10 <Shiz> seems like python adopted toml for some project metadat aformat too :P
2017-05-08 16:08:51 <kunkku> clandmeter: so the correct use of 'private' would be to put the base policy there and import from optional policies (assuming the base policy is not supposed to be used standalone)
2017-05-08 16:09:48 <Shiz> ncopa: btw, the remailer infra is up ;p
2017-05-08 16:15:48 <ncopa> Shiz nice!
2017-05-08 16:15:51 <ncopa> re toml
2017-05-08 16:16:25 <ncopa> this is the json variant: http://tpaste.us/pQ6n
2017-05-08 16:16:32 <ncopa> translated to toml:
2017-05-08 16:16:56 <ncopa> http://tpaste.us/Wamx
2017-05-08 16:17:31 <Shiz> https://txt.shiz.me/MjlkN2Q3YT
2017-05-08 16:17:42 <Shiz> or like that, yeah :)
2017-05-08 16:18:11 <ncopa> looks like the import and description got wrong with toml.encode
2017-05-08 16:29:09 <ncopa> ok i think we do toml instead of yaml
2017-05-08 16:29:34 <ncopa> we could possibly support all 3 too
2017-05-08 16:30:26 <Shiz> mm, i don't think there's anything toml can't do that yaml can
2017-05-08 16:30:34 <Shiz> and i really wouldn't want to encourage yaml :P
2017-05-08 16:30:40 <Shiz> brb
2017-05-08 16:35:29 <jirutka> ncopa: TOML supports nested structures; just it’s not so nice and readable as YAML, but that’s subjective
2017-05-08 16:35:48 <jirutka> ncopa: also YAML anchors may be very useful for firewall rules
2017-05-08 16:36:00 <ncopa> yes
2017-05-08 16:36:14 <ncopa> we currently dont support them in json
2017-05-08 16:36:21 <ncopa> so we have sort of a workaround
2017-05-08 16:36:32 <ncopa> i was checking if you can do anchors in toml but apparently you cannot
2017-05-08 16:37:00 <ncopa> and yes i had the impression that yaml was nice and readable
2017-05-08 16:37:04 <jirutka> I’m quite sure that JSON is the most stupid choice for hand-written config you can do…
2017-05-08 16:37:34 <ncopa> which is why i wanted to add support for yaml
2017-05-08 16:37:36 <ncopa> or toml
2017-05-08 16:37:37 <jirutka> you don’t need to add any special support for anchors into YAML, it just supports it natively, no hacks needed ;)
2017-05-08 16:37:43 <ncopa> i know
2017-05-08 16:38:08 <jirutka> I’m fan of adding support both for YAML and TOML
2017-05-08 16:39:02 <jirutka> I agree with Shiz about YAML, but still I prefer it often… some sane and secure subset of YAML would be great though
2017-05-08 16:39:20 <ncopa> i dont think we want any machine written yaml
2017-05-08 16:39:26 <ncopa> or read yaml from untrusted source
2017-05-08 16:39:47 <ncopa> we probably want json for that
2017-05-08 16:39:54 <ncopa> eg if we do web interface
2017-05-08 16:39:56 <jirutka> it’s about principle, YAML is anything but simple or lightweight…
2017-05-08 16:40:05 <ncopa> *nod*
2017-05-08 16:40:16 <ncopa> which is why i think it sould be optional
2017-05-08 16:40:24 <ncopa> not hard dependency
2017-05-08 16:40:28 <jirutka> but as I said, I’d personally prefer YAML anyway :P
2017-05-08 16:40:32 <jirutka> yep
2017-05-08 16:41:17 <jirutka> and ofc we have lua-toml, I added it some time ago as preparation for scripts around Cargo :P ;)
2017-05-08 16:41:40 <ncopa> lua5.3-toml-1.0-r4 installed size:
2017-05-08 16:41:40 <ncopa> 36864
2017-05-08 16:41:50 <ncopa> lua5.3-lyaml-6.1-r1 installed size:
2017-05-08 16:41:50 <ncopa> 94208
2017-05-08 16:41:57 <ncopa> and lyaml also depends on the c lib
2017-05-08 16:42:41 <ncopa> yaml-0.1.7-r0 installed size:
2017-05-08 16:42:41 <ncopa> 122880
2017-05-08 21:31:35 <chatter29> hey guys
2017-05-08 21:31:37 <chatter29> allah is doing
2017-05-08 21:31:44 <chatter29> sun is not doing allah is doing
2017-05-08 21:31:46 <chatter29> to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger
2017-05-08 21:35:14 <Shiz> can we ban chatter29 here too
2017-05-08 21:36:32 <ncopa> how do i ban someone not joined?
2017-05-08 21:37:04 <Shiz> /mode #alpine-devel +b chatter29!*@gateway/* should work
2017-05-08 21:48:54 <consus> wow
2017-05-08 21:49:27 <consus> this is really the first time I see this kind of person on IRC
2017-05-08 21:50:46 <_ikke_> consus: seriously?
2017-05-08 21:50:55 <consus> yep
2017-05-08 21:51:04 <consus> no religious fanatics upon now
2017-05-08 21:51:19 <_ikke_> This is the short version
2017-05-08 21:51:34 <consus> *until
2017-05-08 21:55:16 <Shiz> they've been spamming freenode for a while
2017-05-08 21:55:26 <Shiz> supposedly it's not someone actually religious, but just wanting to annoy people
2017-05-08 21:55:30 <Shiz> but that's just what i heard somewhere
2017-05-08 22:09:54 <ncopa> how can i ban someone not on the channel?
2017-05-08 22:10:13 <ncopa> (Disconnected by services)
2017-05-08 22:10:22 <ncopa> its probably a bot
2017-05-08 22:11:17 <_ikke_> 23:37:04         Shiz │ /mode #alpine-devel +b chatter29!*@gateway/* should work
2017-05-08 22:11:38 <ncopa> i got disconnected sorry
2017-05-08 22:11:47 <ncopa> didnt see that the question got though
2017-05-08 22:11:48 <_ikke_> np, that's why I copy it
2017-05-08 22:14:40 <Shiz> :)
2017-05-08 23:55:30 <tmh1999> main/py-larch : arch="noarch" I thought noarch means don't build, in contrast to all, which builds on all arch ?
2017-05-08 23:55:50 <tmh1999> apparently community/obnam depends on py-larch and py-larch is not built
2017-05-08 23:57:59 <tmh1999> should we change py-larch to arch="all" ?
2017-05-08 23:59:40 <Shiz> noarch means arch-independent
2017-05-08 23:59:53 <Shiz> it definitely should not be changed to all
2017-05-09 00:00:01 <Shiz> if it's not building that's an issue somewhere in builder infra
2017-05-09 00:01:25 <Shiz> http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/py-larch-1.20131130-r0.apk
2017-05-09 00:01:28 <Shiz> i see it appearing here just fine?
2017-05-09 00:01:44 <Shiz> what arch are you seeing the issues on?
2017-05-09 00:01:58 <tmh1999> it was on s390x
2017-05-09 00:02:12 <Shiz> http://dl-cdn.alpinelinux.org/alpine/edge/main/s390x/py-larch-1.20131130-r0.apk
2017-05-09 00:02:14 <Shiz> appears to be there
2017-05-09 00:02:57 <tmh1999> i was checking nl.a.o ...
2017-05-09 00:03:04 <tmh1999> thought that is the main repo
2017-05-09 00:03:12 <Shiz> the main repo is rsync.
2017-05-09 00:03:15 <Shiz> a.o
2017-05-09 00:03:24 <Shiz> dl-cdn is a round-robin dns for the various mirrors
2017-05-09 00:03:37 <Shiz> nl ceased being the main repo a while back
2017-05-09 00:03:58 <Shiz> or i should say -- the main repo is wherever rsync.a.o points to
2017-05-09 00:04:02 <Shiz> that's not necessarily its canonical name
2017-05-09 00:04:33 <tmh1999> yeah dl-cdn is pretty random due to cdn. i didn't know about rsync.
2017-05-09 00:05:01 <tmh1999> so community/obname on s390x is probably a builder thing. guess just poke ncopa since I cannot do anything about it
2017-05-09 00:05:14 <Shiz> well, if it's on rsync it's not a builder thing
2017-05-09 00:05:38 <tmh1999> it's on edge but on v3.6 no  py-larch
2017-05-09 00:05:41 <Shiz> aha
2017-05-09 00:05:53 <Shiz> that's the thing i missed :p
2017-05-09 00:06:11 <tmh1999> thank you Shiz :D
2017-05-09 00:06:28 <Shiz> i wonder if the 3.6 builders just build from edge
2017-05-09 00:06:33 <Shiz> there's no 3.6-stable branch yet
2017-05-09 00:06:51 <tmh1999> I have no information about that since I don't have a touch on infra
2017-05-09 00:07:21 <Shiz> likewise
2017-05-09 00:07:22 <Shiz> :p
2017-05-09 00:09:27 <tmh1999> :D
2017-05-09 00:48:02 <arch3y_> I just pushed a pr to update flex to v2.6.4 and added its check funcs
2017-05-09 05:06:48 <tmh1999> Hi ScrumpyJack, are you the maintainer of asciinema ?
2017-05-09 05:08:20 <tmh1999> looks like asciinema has v1.3 and v1.4 out. Looks like it was rewritten by python (?) which fixes some bugs on s390x : https://github.com/asciinema/asciinema/issues/134.
2017-05-09 12:15:58 <clandmeter> Shiz, did you manage to create a patch for syslogd?
2017-05-09 12:32:27 <Shiz> clandmeter: yeah
2017-05-09 12:32:31 <Shiz> there's a pr
2017-05-09 12:32:40 <Shiz> https://github.com/alpinelinux/aports/pull/1360
2017-05-09 12:52:46 <clandmeter2> _ikke_, around?
2017-05-09 13:09:22 <hiro> tmh1999: your network is fucked, youre spamming joins/quits
2017-05-09 13:10:53 <scadu> that's why I love weechat's smart filters
2017-05-09 13:11:19 <_ikke_> clandmeter2: tes
2017-05-09 13:11:21 <_ikke_> yes
2017-05-09 13:11:30 <clandmeter2> how is your status page?
2017-05-09 13:11:40 <_ikke_> http://ikke.info/alpinelinux_status.png
2017-05-09 13:11:58 <_ikke_> Everything looks alright
2017-05-09 15:21:43 <clandmeter> Shiz, nice :)
2017-05-09 15:21:56 <clandmeter> regarding syslogd
2017-05-09 21:31:16 <TBB> any thoughts on appimage and flatpak?
2017-05-09 22:52:28 <TBB> okay, a short introduction to the two revealed at least that flatpak, being Red Hat, requires systemd. That alone pretty much turns me away from it.
2017-05-09 22:53:31 <jirutka> TBB: IIRC flatpak does not require systemd
2017-05-09 22:53:53 <jirutka> TBB: what I remember from talk about flatpak at FOSDEM
2017-05-09 22:53:56 <Shiz> void packages flatpak without systemd
2017-05-09 22:53:58 <Shiz> afaik
2017-05-09 22:54:09 <jirutka> and we also have flatpak pkg, but don’t know in what state
2017-05-09 22:58:47 <TBB> interesting. it says on the flatpak site they use systemd for setting up cgroups for sandboxes.
2017-05-09 22:59:13 <jirutka> that doesn’t mean that it’s *required*
2017-05-09 22:59:30 <TBB> true
2017-05-09 23:11:34 <TBB> well well, it's past 2 am already, I'll probably research that a bit more tomorrow
2017-05-10 08:06:36 <tru_tru> fcolista: sorry typo for perl-number-format version -> should be 1.75 not 1.74
2017-05-10 08:09:20 <fcolista> tru_tru, :
2017-05-10 08:09:21 <fcolista> aports:master |Francesco Colista| testing/perl-number-format: upgrade to 1.75 | http://dup.pw/aports/3fb895dd
2017-05-10 09:17:40 <tru_tru> fcolista: thx
2017-05-10 09:18:17 <tru_tru> fcolista: the make test is disabled on purpose?
2017-05-10 09:18:27 <fcolista> tru_tru, yes
2017-05-10 09:19:50 <tru_tru> can we try to fix the failure during "make test"?
2017-05-10 09:20:28 <tru_tru> or it is a locale/glibc issue ?
2017-05-10 09:20:54 <fcolista> tru_tru, what's the reason ?
2017-05-10 09:21:00 <fcolista> does it not work?
2017-05-10 09:21:23 <tru_tru> https://gist.github.com/truatpasteurdotfr/e20019cd06027775284e19779ed79d67
2017-05-10 09:22:00 <tru_tru> Failed test 'euros' and Failed test 'rubles'
2017-05-10 09:22:43 <fcolista> tru_tru, i mean: what's the aim of fixing the make test?
2017-05-10 09:22:51 <fcolista> It might be related to locale, yes
2017-05-10 09:22:56 <fcolista> I didn't checked that
2017-05-10 09:23:49 <tru_tru> Number::Format is a requirement for circos cf http://circos.ca
2017-05-10 09:24:33 <tru_tru> if someone happen to use euros/rubles I would rather have it properly working
2017-05-10 09:24:59 <fcolista> makes sense
2017-05-10 09:31:58 <tru_tru> https://github.com/gliderlabs/docker-alpine/issues/144 and https://github.com/rilian-la-te/musl-locales ? that way off my league!
2017-05-10 15:49:27 <elegast> Is there any need for aports/abuild keys to be of type RSA, can i just use ECDSA instead without side effects?
2017-05-10 15:55:17 <elegast> I'll just try and see if anything sets fire
2017-05-10 16:42:16 <kaniini> hi
2017-05-10 16:42:41 <ncopa> hi
2017-05-10 16:42:56 <ncopa> i think i will build openssh with pam support
2017-05-10 16:43:02 <ncopa> for two factor auth
2017-05-10 16:43:08 <kaniini> xentec: i am going to try to debug your 0-byte package thing in a bit
2017-05-10 16:43:32 <xentec> thx. you need to work on a tmpfs to make it work
2017-05-10 16:43:46 <kaniini> xentec: yes
2017-05-10 16:44:09 <kaniini> ideally, we would build packages in a chroot using fakechroot
2017-05-10 16:44:25 <kaniini> that's something i want to work on in future
2017-05-10 16:44:49 <kaniini> elegast: apk-tools does not recognize ECDSA keys
2017-05-10 16:45:01 <kaniini> elegast: only RSA and DSA, and we're probably dropping DSA soon :)
2017-05-10 16:45:13 <kaniini> elegast: apk-tools 3 will support ED25519 keys
2017-05-10 16:45:18 <kaniini> maybe
2017-05-10 16:45:23 <kaniini> we're mulling over it
2017-05-10 16:45:35 <kaniini> NSA has quit using ECC crypto, which is eyebrow-raising
2017-05-10 16:46:05 <xentec> kaniini: I've just remebered that I already have looked deeper I this issue.
2017-05-10 16:46:21 <xentec> apk-tools/src/database.c:519
2017-05-10 16:46:32 <kaniini> yes, that is what i was suspecting
2017-05-10 16:46:38 <xentec> If pkg size is 0, apk assumes it's a virtual package
2017-05-10 16:46:49 <kaniini> yes
2017-05-10 16:47:03 <kaniini> we likely need to add a flag for it
2017-05-10 16:47:15 <kaniini> it's no problem :)
2017-05-10 17:09:47 <ncopa> any comment on this: http://tpaste.us/9yn0
2017-05-10 17:09:59 <ncopa> it will break things for current PAM users
2017-05-10 17:10:08 <ncopa> unless thye have explicitly apk add linux-pam
2017-05-10 17:13:01 <elegast> Oh, yes I missed thepart about apk not recognizing ECDSA keys
2017-05-10 17:18:02 <Shiz> nooo not pam
2017-05-10 17:18:48 <ncopa> Shiz other option to provide two factor auth to sshd?
2017-05-10 17:19:16 <Shiz> sadly not
2017-05-10 17:19:23 <ncopa> the idea here is
2017-05-10 17:19:33 <ncopa> most people will (hopefully) not use pam
2017-05-10 17:19:46 <ncopa> but we may want provide support for it for those who needs it
2017-05-10 17:19:59 <ncopa> so we split out libpam, which is only 60k or so
2017-05-10 17:20:10 <ncopa> this is the only lib openssh links to
2017-05-10 17:20:20 <ncopa> which means we add only 60k bloat
2017-05-10 17:20:58 <ncopa> if you actually want use it you will have to install the rest of pam with apk add linux-pam
2017-05-10 17:21:03 <ncopa> which is 1MB
2017-05-10 17:21:15 <elegast> theres no pam-wheel though?
2017-05-10 17:21:44 <Shiz> tbh i\d rather have a separate openssh-pam (sub)pkg if we want to do that
2017-05-10 17:21:50 <Shiz> because i want nothing related to pam on my system
2017-05-10 17:21:57 <ncopa> ok
2017-05-10 17:22:01 <ncopa> thats the other option
2017-05-10 17:22:13 <ncopa> build sshd twice
2017-05-10 17:22:18 <ncopa> one with pam and one without
2017-05-10 17:22:25 <ncopa> thats probably a better idea
2017-05-10 17:22:34 <Shiz> :) that's one i can live with
2017-05-10 17:22:44 <ncopa> so you'll need to apk add openssh-server-pam or so
2017-05-10 17:22:51 <Shiz> *nod
2017-05-10 17:23:11 <ncopa> that also prevents full breakage for current pam users
2017-05-10 17:37:13 <elegast> kaniini: are you sure ecdsa is not already supported? I just built grub from aports/testing and the process signed with my key successfully, then it installed successfully using apk add?
2017-05-10 17:38:16 <elegast> Did it just silently ignore anything? If it didn't recognize my ecdsa key, should it not at the very least complain very loud during install?
2017-05-10 17:41:29 <elegast> kaniini: about ECC crypto though, you're not trusting ECDSA becuase of potential NIST/NSA colaboration, which I understand, but then you *would* trust RSA?
2017-05-10 17:42:31 <kaniini> elegast: worse: it probably didn't verify anything at all
2017-05-10 17:42:58 <elegast> oh. The install process doesn't verify out of the box?
2017-05-10 17:44:10 <kaniini> elegast: it should be.  and it should have errored, but it didn't.
2017-05-10 17:44:15 <kaniini> elegast: https://git.alpinelinux.org/cgit/apk-tools/tree/src/package.c#n521
2017-05-10 17:44:36 <elegast> heh. would you look at that
2017-05-10 17:44:52 <Shiz> RSA is more trustworthy than ECDSA
2017-05-10 17:44:53 <elegast> sha512 it is
2017-05-10 17:44:55 <Shiz> imo
2017-05-10 17:45:05 <Shiz> that's not sha512, but rsa512
2017-05-10 17:45:09 <Shiz> :D
2017-05-10 17:45:11 <elegast> err, yes
2017-05-10 17:45:17 <elegast> ofcourse
2017-05-10 17:46:04 <Shiz> anyway, the nistp curves are sketchy because of the incomplete docs behind their generation and shown weaker security properties
2017-05-10 17:46:16 <elegast> Well I would trust RSA over ECDSA for the sake of it being older, and thus proven. But as for the sake of NSA involvement, if you don't trust ECDSA for that reason, then you sure as heck can't trust RSA.
2017-05-10 17:46:17 <Shiz> combined with that the sudden move of NSA away from EC entirely...
2017-05-10 17:46:34 <kaniini> elegast: RSA seems fine at >2048 key lengths at present time, apk defaults to 4096 already
2017-05-10 17:46:53 <elegast> Are they moving away? Or is that just to get everyone else to move away from it?
2017-05-10 17:46:53 <Shiz> elegast: why?
2017-05-10 17:46:55 <kaniini> elegast: to duplicate a key, many signatures would have to be factorized, which is too expensive for a 2048 bit key
2017-05-10 17:47:08 <Shiz> NSA wasn't involved in RSA, the NIST was provably involved in nistp curves
2017-05-10 17:47:10 <Shiz> ;p
2017-05-10 17:47:23 <elegast> Well there's been many rumers about RSA/De Raadt/NSA collaboration
2017-05-10 17:47:27 <kaniini> elegast: yes.  ECC is forbidden for top secret level classified documents
2017-05-10 17:47:39 <Shiz> see also: NSA suite 2
2017-05-10 17:47:45 <Shiz> 
ACTION envisions a future for apk with ed25519 though

2017-05-10 17:47:47 <Shiz> ;)
2017-05-10 17:47:52 <kaniini> elegast: yes, on IPsec products
2017-05-10 17:48:09 <Shiz> elegast: also note that RSA the corporation has nothing to do with RSA the algorithm
2017-05-10 17:48:13 <kaniini> elegast: which is different than RSA itself which predates de raadt being relevant at all
2017-05-10 17:48:26 <Shiz> the corporation was formed afterwards and does weird broken security products
2017-05-10 17:48:28 <Shiz> :P
2017-05-10 17:48:46 <elegast> awk, I assumed rsa/ras inc/van dyke to be closely related
2017-05-10 17:48:51 <kaniini> have we now gotten to the part in the security troll where you discuss how great grsec is and how we're screwed now that grsec no longer exists?
2017-05-10 17:48:51 <kaniini> ;)
2017-05-10 17:49:42 <elegast> lol no, im not trolling, my info is outdated more likely
2017-05-10 17:50:05 <kaniini> Shiz: yes, ed25519 likely
2017-05-10 17:51:03 <elegast> I disagree that you can deduce facts about security by looking at what NSA publicly does, says or mandates in any way shape or form though.
2017-05-10 17:53:12 <elegast> Anyway, the problem at hand is my build supposedly being signed when it's not and/or my apk install not veryfing at all or ignoring invalid signatures
2017-05-10 17:53:50 <elegast> so I gotta get back to work, thanks for the info though, guys!
2017-05-10 18:06:09 <kaniini> or your key isnt what you think it is.
2017-05-10 18:17:04 <elegast> ghehe
2017-05-10 18:17:08 <elegast> im pretty sure
2017-05-10 18:17:11 <elegast> so is openssl
2017-05-10 18:17:18 <elegast> Enter PEM pass phrase:
2017-05-10 18:17:20 <elegast> Private-Key: (521 bit)
2017-05-10 18:17:21 <elegast> priv:
2017-05-10 18:17:23 <elegast>     XX: ...
2017-05-10 18:17:24 <elegast> pub:
2017-05-10 18:17:26 <elegast>     XX: ...
2017-05-10 18:17:27 <elegast> ASN1 OID: secp521r1
2017-05-10 18:17:29 <elegast> NIST CURVE: P-521
2017-05-10 18:31:57 <elegast> oh wow, this makes up for all the trouble though, ^C during the build process removes any installed dependencies that occurred during the build process :D
2017-05-10 18:33:12 <elegast> I did a random "abuild -r" to test, and it started pulling in and isntalling two screens worth of dependencies .. so my first instinct was "sigh ... I should've chrooted this" but all is welll
2017-05-10 18:34:28 <_ikke_> righ
2017-05-10 18:34:41 <_ikke_> abuild -r removes the installeded dependencies again
2017-05-10 18:35:22 <elegast> Ah. -.- ofcourse. I thought it stood for recursive
2017-05-10 18:36:13 <_ikke_> it just means install dependencies, but it also uninstalls them again after build
2017-05-10 18:36:57 <elegast> mhm, yeah I'm happily surprised by the cleanup
2017-05-10 18:46:29 <elegast> only after the build process has started though, not if its interrupted during the install phase of dependencies
2017-05-10 18:50:13 <elegast> ok so, more on the key issue
2017-05-10 18:50:54 <elegast> I have thusfar, made rsa keys instead of ecdsa, built another package, and it reported: >>> imapproxy: Signing the index...
2017-05-10 18:51:16 <elegast> then I removed the pubkey from /etc/apk/keys
2017-05-10 18:51:42 <elegast> apk complained about the signature
2017-05-10 18:51:44 <elegast> as expected
2017-05-10 18:53:23 <elegast> This means that if you sign packages with an ecdsa key (presumably any other key that isn't handled by apk, but a valid key none the less) you can get people to install the package without verification error
2017-05-10 18:53:59 <elegast> Seeing how *none* of the repositories are serving on https by default, this is a pretty major security risk
2017-05-10 18:54:26 <elegast> What's to keep me from intercepting the packages and feeding you my own, compromised version?
2017-05-10 18:54:54 <elegast> All i have to do is sign them with a random key that openssl considers valid, but apk doesn't handle
2017-05-10 18:59:51 <elegast> Or am I confused and is it not the package that is signed, but the repository index?
2017-05-10 19:05:52 <elegast> kaniini: No, I think you are indeed mistaken, ecdsa is infact supported: Without my ecdsa key in the keystore, apk reports: WARNING: Ignoring /home/elegast/packages/testing/x86_64/APKINDEX.tar.gz: UNTRUSTED signature
2017-05-10 19:06:38 <elegast> atleast as far as the signed index goes.
2017-05-10 19:06:40 <kaniini> or again your ecdsa key isn't an ecdsa key
2017-05-10 19:06:53 <elegast> Openssl clearly says it is?
2017-05-10 19:07:03 <kaniini> look i'm not going to waste my time arguing with you about this
2017-05-10 19:07:13 <kaniini> enjoy your broken security
2017-05-10 19:07:29 <elegast> ahem.
2017-05-10 19:07:35 <elegast> Its YOUR broken security im enjoying.
2017-05-10 19:09:02 <elegast> But if you find it a waste to discuss something that appears to be a security risk on this platform, on a vanilla install, that's fine
2017-05-10 19:09:24 <fabled> elegast, currently apk verifies index's signature, if it is valid the packages are trusted as long as their index hash matches the package hash
2017-05-10 19:09:35 <fabled> that is package signature is not verified if index says it's good
2017-05-10 19:10:13 <elegast> Ok that makes sense. Thank you fabled
2017-05-10 19:11:18 <fabled> that's something we probably change in long term
2017-05-10 19:11:32 <fabled> but that's the current behaviour
2017-05-10 19:25:30 <xentec> Shiz: care to explain the pam hate? or place a link to something which does?
2017-05-10 19:26:33 <Shiz> I don't have a link straight-up handy, but the gist of it comes down to two things for me
2017-05-10 19:26:44 <Shiz> 1) pam configuration is weird and unwieldy
2017-05-10 19:26:59 <Shiz> 2) authentication by loading 3rdparty shared libraries in your address space is a ~very bad idea~
2017-05-10 19:27:22 <Shiz> no matter what role you give to the shared library, it can just manipulate its way into breaking your auth completely
2017-05-10 19:27:36 <Shiz> even if you tell pam to use it only for logging, or treat its return value as nonauthorative, etc
2017-05-10 19:28:08 <Shiz> (and it won't work for static binaries, for obvious reasons)
2017-05-10 19:30:38 <Shiz> something like bsdauth is a way better idea since it performs process and privilege isolation
2017-05-10 19:34:44 <xentec> I see. And while bsdauth is, as you say, better, the linux world is locked on pam right now, I guess?
2017-05-10 19:35:46 <Shiz> yeap.
2017-05-10 19:40:06 <kaniini> fabled: yes, but ECDSA is not supported for indexes
2017-05-10 19:41:24 <kaniini> elegast: what method did you use to generate the ECDSA key?
2017-05-10 19:42:01 <Shiz> kaniini: side-note: do you have the source code for that W^X LSM of yours anywhere?
2017-05-10 19:43:36 <kaniini> Shiz: not right now, i will have to dig out an old machine
2017-05-10 19:43:41 <Shiz> right
2017-05-10 19:43:54 <kaniini> anyway
2017-05-10 19:43:58 <kaniini>                 sig=".SIGN.RSA.$keyname"
2017-05-10 19:44:08 <kaniini> is in the abuild-sign
2017-05-10 19:44:09 <kaniini> hmm
2017-05-10 19:44:12 <kaniini> that's concerning
2017-05-10 19:44:26 <Shiz> lol
2017-05-10 19:44:30 <kaniini> elegast: i think it works by side effect
2017-05-10 19:52:46 <kaniini> i mean, i guess
2017-05-10 19:52:56 <kaniini> maybe we should add ecdsa support to abuild-keygen
2017-05-10 20:09:12 <ncopa> re pam, since its a lib, you may need run your big app as root to access /etc/shadow
2017-05-10 20:09:30 <ncopa> with bsdauth, you do that with a separate process
2017-05-10 20:09:40 <ncopa> eg proper priv sep
2017-05-10 20:10:01 <Shiz> yep
2017-05-10 20:10:23 <ncopa> so yes, i agree re pam. want avoid if possible
2017-05-10 20:10:52 <ncopa> unfortunally there are not many alternatives on linux
2017-05-10 20:11:18 <ncopa> we should tag rc1
2017-05-10 20:45:42 <Shiz> wee
2017-05-10 20:46:16 <arch3y_> ncopa: Shiz thanks for pulling my pr for flex
2017-05-10 20:46:48 <arch3y_> I  have a few others that would be nice if they got merged and Id start contributing more lol
2017-05-10 20:47:07 <Shiz> if you link em i can at least check em
2017-05-10 20:51:44 <arch3y_> sure will do
2017-05-10 20:53:51 <arch3y_> Shiz: https://github.com/alpinelinux/aports/pull/1315 https://github.com/alpinelinux/aports/pull/1311 https://github.com/alpinelinux/aports/pull/1310 https://github.com/alpinelinux/aports/pull/1308 https://github.com/alpinelinux/aports/pull/1307
2017-05-10 20:53:57 <arch3y_> lots to look at
2017-05-10 21:02:07 <arch3y_> question if I need to disable fortify_source on a pkg to get it to compile will that be an issue in getting it merged
2017-05-10 21:02:20 <kaniini> yes
2017-05-10 21:02:37 <arch3y_> k thought so
2017-05-10 21:02:54 <arch3y_> so unless the devs want to work on the hardening aspect or I do then its not gonna work
2017-05-10 21:02:56 <arch3y_> got it thanks
2017-05-10 21:02:56 <kaniini> ncopa: i am down for bringing in BSD auth
2017-05-10 21:06:53 <Shiz> same but i don't think there's an existing port to linux for it
2017-05-10 21:42:02 <Shiz> useful git alias for merging github PRs:
2017-05-10 21:42:04 <Shiz> git config --global alias.merge-pr '!git checkout origin/pr/$1 && git rebase ${2:-master} && rev=$(git rev-parse HEAD) && git checkout ${2:-master} && git merge --ff-only $rev && echo "pr merged:"'
2017-05-10 21:42:46 <Shiz> and the relevant .git/config for the aports repo to go with it: https://txt.shiz.me/YmIxMzA3Zj
2017-05-10 21:57:42 <clandmeter> Shiz, what about something like http://tpaste.us/XE9l
2017-05-10 21:58:04 <Shiz> 
ACTION snorts

2017-05-10 21:58:06 <Shiz> :P
2017-05-10 21:58:09 <Shiz> yeah that also works
2017-05-10 21:58:49 <clandmeter> :)
2017-05-10 22:01:21 <clandmeter> i think we could add something similar to abuild
2017-05-10 22:01:33 <clandmeter> not to abuild itself but the pkg
2017-05-10 22:01:40 <clandmeter> like we did with abump
2017-05-10 22:02:33 <Shiz> arch3y_: i *think* i reviewed them all
2017-05-10 22:02:35 <Shiz> :P
2017-05-10 22:02:45 <arch3y_> Shiz: sure no worries thanks
2017-05-10 22:03:02 <przemoc> clandmeter: re your script: first quoting is superfluous (PR=$1 is good enough, even if there are spaces in $1), yet you forgot to quote $PR in curl line, so it wouldn't work with arg having space.  not that it truly matters in this case, because there is almost no chance that arg having space will be provided here, but just a friendly reminder to be careful with variables in shell
2017-05-10 22:03:28 <clandmeter> i bet ncopa has a lot of useful stuff in  his /usr/local/bin  :)
2017-05-10 22:03:35 <clandmeter> przemoc, yes im aware
2017-05-10 22:03:45 <Shiz> arch3y_: also a general remark: except the one where you added options="!check", please add a check() or an options="!check" (with a comment explaining why)
2017-05-10 22:04:01 <clandmeter> przemoc, pr
2017-05-10 22:04:04 <clandmeter> grr
2017-05-10 22:04:04 <Shiz> (for binaries, even if upstream has no test suite, a simple smoke test in check() { } that verifies if the binaries run is better than nothing)
2017-05-10 22:04:20 <clandmeter> keyboard...
2017-05-10 22:04:24 <przemoc> life...
2017-05-10 22:04:25 <przemoc> I know
2017-05-10 22:04:56 <Shiz> (thanks for contributing! hope i wasn't too hard on ya ;p)
2017-05-10 22:07:11 <Shiz> arch3y_: could you tell me your abuild version?
2017-05-10 22:07:17 <Shiz> it shouldn't be generating md5sum/sha256sums anymore
2017-05-10 22:07:38 <przemoc> possibly straight from 3.5 one
2017-05-10 22:12:23 <przemoc> re checksums: it would be so much nicer if they were always starting in new line (the one with =" would simply have \ at the end), it's aesthetically killing me whenever I see first line of checksums not lining with the rest.  diffs would be much nicer then too
2017-05-10 22:16:30 <przemoc> maybe we could introduce such change in next abuild?  not sure what others think.
2017-05-10 22:17:58 <przemoc> anyway, it was very short visit, so short that I haven't changed my away status, and it's sleep time, so gn everyone (at least those relatively close to UTC)
2017-05-10 22:20:35 <arch3y_> Shiz: sure can do Im building from edge I think at first I wasnt
2017-05-10 22:20:43 <arch3y_> so that might be why one moment
2017-05-10 22:21:30 <arch3y_> if abuild is part of apk-tools Im on 2.7.1
2017-05-10 22:21:46 <arch3y_> Ill go back and sqaush my commits as well
2017-05-10 22:22:19 <Shiz> it's its own package :P
2017-05-10 22:22:27 <Shiz> but edge vs 3.5 will probably do it
2017-05-10 22:22:54 <arch3y_> yeah I started out on 3.5
2017-05-10 22:23:02 <arch3y_> then I realized I should be on edge
2017-05-10 22:23:06 <arch3y_> so that was my bad
2017-05-10 22:23:29 <arch3y_> got any tips on a good way to sqaush my commits Ive never done that before having to research it
2017-05-10 22:27:15 <Shiz> sure
2017-05-10 22:27:20 <Shiz> sorry, i was reviewing some stuff
2017-05-10 22:27:32 <Shiz> arch3y_: # git rebase -i HEAD~<num of commits to squash>
2017-05-10 22:27:35 <arch3y_> no worries
2017-05-10 22:27:59 <Shiz> then just change the `pick` into `squash` for all commits aexcept the last
2017-05-10 22:28:11 <Shiz> and possibly change `pick` to `reword` for the last if it's needed
2017-05-10 22:28:27 <arch3y_> hmm k Ill give it a shot
2017-05-10 22:28:43 <Shiz> and finally, you need to `git push --force` after that's all done, since you're rewriting history :)
2017-05-10 22:28:49 <Shiz> (which is okay for PRs)
2017-05-10 22:28:58 <arch3y_> yeah I hate force lol
2017-05-10 22:29:04 <arch3y_> but if you say its ok then its ok
2017-05-10 22:29:22 <Shiz> for PRs it's fine, for actual branches people clone from/use, it's not
2017-05-10 22:29:25 <Shiz> :P
2017-05-10 22:34:38 <arch3y_> yeah make sense it would make ppl fairly upset
2017-05-10 22:35:03 <arch3y_> anything I can do to help my prs go in faster
2017-05-10 22:36:20 <Shiz> not specifically, we got a bit of a pr backlog
2017-05-10 22:36:25 <Shiz> i'm trying to go through them to at least review stuff
2017-05-10 22:36:47 <arch3y_> gotcha I figured it be bad to just have a bunch of prs in there and have more and more added
2017-05-10 22:36:56 <arch3y_> so I slowed down to keep the log lower then normal
2017-05-10 22:39:40 <Shiz> nah it's fine
2017-05-10 22:39:45 <Shiz> do keep adding things :P
2017-05-10 22:40:02 <arch3y_> ok will do cause I plan on working to get unmaintained cleaned up
2017-05-10 22:40:11 <arch3y_> there is a few things that could be added that could be useful
2017-05-10 22:40:28 <Shiz> :)
2017-05-10 22:40:37 <Shiz> as mentioned in the PRs, be sure to be willing to actually maintain them too :)
2017-05-10 22:41:43 <arch3y_> true thats the goal some of them I did skimp on a bit
2017-05-10 22:42:47 <ncopa> can we wait with adding more stuff til after 3.6 release?
2017-05-10 22:43:07 <arch3y_> yes Im just gonna fix up my prs you dont have to add them
2017-05-10 22:43:08 <Shiz> fine by me, I just reviewed the PRs
2017-05-10 22:43:10 <Shiz> :)
2017-05-10 22:43:18 <Shiz> didn't merge any ones that added stuff
2017-05-10 22:43:24 <ncopa> we can purge stuff thats older than 6months in unmaintained
2017-05-10 22:43:48 <ncopa> im ok with adding stuf that is high prio, critical or that we really want in 3.6 release
2017-05-10 22:44:18 <Shiz> yeah we're in the release cycle now so it's best to wait a bit with adding random things
2017-05-10 22:44:36 <arch3y_> and the stuff Im working on are most certainly random
2017-05-10 22:44:44 <Shiz> but i figure we could at least provide feedback on the PR backlog heh
2017-05-10 22:44:45 <ncopa> what we should do is look over the bugs on bugs.a.o
2017-05-10 22:44:46 <arch3y_> Im just looking for ways to help out anyway I can
2017-05-10 22:44:59 <arch3y_> that is useful it helps keep ppl committing
2017-05-10 22:45:04 <Shiz> ncopa: btw what's the best approach for a PR that affects an arch i can't personally test on?
2017-05-10 22:45:09 <Shiz> (ppc64le)
2017-05-10 22:45:41 <ncopa> probably talk with arch maintainer, for ppc64le its leitao
2017-05-10 22:45:44 <Shiz> i should probably get a b.a.o account
2017-05-10 22:45:45 <ncopa> but
2017-05-10 22:45:52 <ncopa> yes you should
2017-05-10 22:46:09 <Shiz> wew 911 bugs open
2017-05-10 22:46:14 <ncopa> might be we can get you a container with ppc64le
2017-05-10 22:47:05 <Shiz> it has no super high prio, just a PR i was looking at and wondering to approach
2017-05-10 22:47:13 <Shiz> i'll poke leitao_ to check it next time i see them :p
2017-05-10 22:47:27 <ncopa> there was a bug about installer, that the setup-wifi does not support spaces in ssid
2017-05-10 22:47:35 <ncopa> i was thinking
2017-05-10 22:47:52 <ncopa> what if we could make a prompt with history and tab-completion support?
2017-05-10 22:48:00 <ncopa> using linenoise
2017-05-10 22:48:51 <Shiz> sounds fancy
2017-05-10 22:48:55 <Shiz> i didn't even know we had setup-wifi
2017-05-10 22:48:57 <Shiz> is it new?
2017-05-10 22:49:21 <Shiz> (account made)
2017-05-10 22:49:45 <ncopa> a couple of years old i think
2017-05-10 22:49:50 <Shiz> huh
2017-05-10 22:49:57 <Shiz> well i can't claim to have ever installed alpine on a wifi box :p
2017-05-10 22:50:10 <ncopa> thats why you havent seen it :)
2017-05-10 22:50:20 <ncopa> im happy the installer works as supposed
2017-05-10 22:50:28 <Shiz> i'm not sure if history is needed for SSIDs though
2017-05-10 22:50:42 <ncopa> no, but tab-completion would be nice
2017-05-10 22:52:21 <Shiz> yeah
2017-05-10 22:52:25 <Shiz> especially with my SSID
2017-05-10 22:52:42 <Shiz> https://up.shiz.me/ZDEwMTY1.png
2017-05-10 22:52:44 <Shiz> :p
2017-05-10 22:53:25 <ncopa> lol
2017-05-10 22:54:12 <ncopa> i like the ssid "Connecting..."
2017-05-10 22:55:02 <ncopa> but the idea with tab-completion could also be used for the other questions
2017-05-10 22:55:19 <ncopa> like network interface, eth0... etc
2017-05-10 22:55:49 <ncopa> i was also thinking of chaning the prompt to always be on a new line
2017-05-10 22:56:15 <ncopa> Select which blabla [default]:
2017-05-10 22:56:18 <ncopa> >
2017-05-10 22:56:54 <ncopa> so i was thinking of a general purpose tool for promting for questions
2017-05-10 22:57:18 <nidan_> Is there a way to ask apk for where an installed package came from? Repo or which key has signed it?
2017-05-10 22:57:27 <ncopa> apk policy
2017-05-10 22:57:51 <ncopa> hmm, re xorg
2017-05-10 22:58:07 <ncopa> as i understand the xf86-video-vesa is out nowdays
2017-05-10 22:58:20 <ncopa> better to use xf86-video-modesetting as general purpose driver?
2017-05-10 22:58:47 <ncopa> the xf86-video-input-keyboard and xf86-input-mouse are replaced with xf86-input-evdev
2017-05-10 22:58:54 <nidan_> ncopa: Ok. Hehe, well, I've compiled gcc but didn't rename the package to something other than gcc, so now, after apk fix gcc, I'm not really 100% sure if it's the official alpine package I've got or if it's my own.
2017-05-10 22:58:59 <ncopa> which seems to be replaced with xf86-input-libinput?
2017-05-10 22:59:17 <nidan_> And I'd like to test something before rebuilding the package, it takes a while.
2017-05-10 22:59:39 <ncopa> this should answer your q: apk policy gcc
2017-05-10 23:00:03 <ncopa> so i wonder, what would be the best, general purpose xorg install?
2017-05-10 23:00:08 <Shiz> ncopa: big thing there
2017-05-10 23:00:09 <ncopa> install all of the drivers?
2017-05-10 23:00:11 <Shiz> -evdev NEEDS udev
2017-05-10 23:00:17 <Shiz> -libinput as well right now, i think
2017-05-10 23:00:23 <nidan_> ncopa: I did that, the output is a bit ambigous to me.
2017-05-10 23:00:50 <Shiz> nidan_: could you paste it?
2017-05-10 23:01:04 <ncopa> i think we pull in udev anyway
2017-05-10 23:01:09 <nidan_> Shiz: I can retype it. =)
2017-05-10 23:01:21 <Shiz> ncopa: also re #7271 im thinking of just adding su-exec to depends= and using that
2017-05-10 23:01:27 <Shiz> su - is very flaky anyway...
2017-05-10 23:01:49 <ncopa> i mean, we need udev for xorg to have hotplugging work
2017-05-10 23:02:09 <ncopa> otherwise you cannot plug an usb mouse without restarting xorg
2017-05-10 23:02:22 <ncopa> so i think the simple xorg setup should depend on udev
2017-05-10 23:02:47 <ncopa> people who wants set up xorg without will have to do it manually
2017-05-10 23:02:56 <Shiz> ah, you're talking about setup-xorg?
2017-05-10 23:02:59 <ncopa> yes
2017-05-10 23:03:02 <Shiz> right
2017-05-10 23:03:04 <Shiz> yeah then probably
2017-05-10 23:03:07 <Shiz> i think libinput is newer/fancier
2017-05-10 23:03:12 <Shiz> i wouldnt install all video drivers though
2017-05-10 23:03:15 <Shiz> thats a lot of them
2017-05-10 23:03:22 <ncopa> so which should be installed?
2017-05-10 23:03:28 <ncopa> is it enough to install modesetting?
2017-05-10 23:03:34 <Shiz> how about prompting the user after making an initial guess for some common ones?
2017-05-10 23:03:50 <ncopa> i want avoid promting
2017-05-10 23:03:53 <nidan_> Shiz:
2017-05-10 23:03:55 <nidan_> gcc policy:
2017-05-10 23:03:55 <nidan_>   6.3.0-r4:
2017-05-10 23:03:55 <nidan_>     lib/apk/db/installed
2017-05-10 23:03:55 <nidan_>     /m2/alpine/edge/main
2017-05-10 23:03:55 <Shiz> right
2017-05-10 23:03:57 <nidan_>   6.3.0-r4:
2017-05-10 23:03:59 <nidan_>     /home/user/packages/smurf
2017-05-10 23:04:08 <ncopa> nidan_: installed
2017-05-10 23:04:11 <Shiz> nidan_: then it's using the one from your edge repo
2017-05-10 23:04:18 <Shiz> assuming /m2/alpine/edge is like, the alpine repo
2017-05-10 23:04:19 <ncopa> comes from /m2/alpine/edge/main
2017-05-10 23:04:35 <Shiz> the entry that has lib/apk/db/installed is the one that is installed
2017-05-10 23:05:00 <Shiz> s/your/alpine's/g
2017-05-10 23:05:22 <ncopa> the setup-xorg is for like, have a livecd that boots directly into xorg
2017-05-10 23:05:34 <Shiz> i see you have expansion plans? :P
2017-05-10 23:05:37 <nidan_> So, considering that the repos are listed with the smurf repo first in the /etc/apk/repos file - if what you said Shiz is correct, how do I get apk fix to get gcc from the smurf repo?
2017-05-10 23:05:46 <Shiz> nidan_: two options
2017-05-10 23:05:47 <nidan_> Or do I have to apk del gcc ; apk add gcc?
2017-05-10 23:05:53 <Shiz> first, bump your pkgrel in packages you make yourself
2017-05-10 23:05:56 <Shiz> that is the proper option
2017-05-10 23:06:06 <ncopa> apk will pick the newest
2017-05-10 23:06:10 <Shiz> ^
2017-05-10 23:06:20 <ncopa> if they have same version apk will think its same thing
2017-05-10 23:06:23 <Shiz> if you make changes from alpine packages that affect the outcome package, you should bump pkgrel
2017-05-10 23:06:34 <Shiz> pkgrel is how apk differentiates different packages with the same upstream version
2017-05-10 23:06:42 <nidan_> Shiz: ncopa: Yeah, I know, I forgot, rebuilding takes a while and I want to test that compiler sort of now. =)
2017-05-10 23:06:49 <Shiz> nidan_: what you can also do (I think)
2017-05-10 23:06:55 <Shiz> is add a tag to your repos in /etc/apk/repositories
2017-05-10 23:06:56 <Shiz> and do
2017-05-10 23:07:00 <Shiz> apk del gcc && apk add gcc@myrepotag
2017-05-10 23:07:05 <ncopa> alternatively you can add a pinned repo and do apk add gcc@myrepo
2017-05-10 23:07:11 <Shiz> (tag format is just   tag http://myrepo instead of http://myrepo)
2017-05-10 23:07:11 <ncopa> :)
2017-05-10 23:07:13 <Shiz> :p
2017-05-10 23:07:26 <nidan_> Ok, I'll test that.
2017-05-10 23:07:50 <ncopa> https://git.alpinelinux.org/cgit/alpine-conf/tree/setup-xorg-base.in
2017-05-10 23:07:50 <nidan_> Thanks a lot, hopefully you've saved me from looking at my scrolling screen for 20 minutes. =)
2017-05-10 23:08:06 <ncopa> i wonder what to install as base packages
2017-05-10 23:08:38 <ncopa> users can always add extra drivers if they want
2017-05-10 23:09:07 <Shiz> i don't think there's a single base package that actually works for most drivers even decently
2017-05-10 23:09:18 <ncopa> modesetting?
2017-05-10 23:10:08 <ncopa> im ok if it works with the 5 most common hw setups
2017-05-10 23:10:35 <ncopa> eg qemu vmware virtualbox intel nvidia amd
2017-05-10 23:10:48 <Shiz> right
2017-05-10 23:10:55 <ncopa> but, as i understand, vesa is no good fallback anymore?
2017-05-10 23:11:08 <ncopa> modesetting worked on my macboot at least
2017-05-10 23:11:21 <ncopa> (i think it maybe made wifi go nuts though)
2017-05-10 23:11:37 <Shiz> lol wat
2017-05-10 23:11:44 <ncopa> i suspect it did
2017-05-10 23:11:50 <Shiz> modesetting is a better fallback IF the gpu supports DRM
2017-05-10 23:11:54 <Shiz> vesa is more generic
2017-05-10 23:12:02 <Shiz> is it possible to prio driver loads?
2017-05-10 23:12:11 <Shiz> if so i'd add both but prio modesetting over vesa
2017-05-10 23:12:23 <ncopa> https://git.alpinelinux.org/cgit/alpine-conf/tree/setup-xorg-base.inv
2017-05-10 23:12:28 <ncopa> its s stupid shells cript
2017-05-10 23:12:48 <Shiz> i mean in xorg itself, rather
2017-05-10 23:12:48 <ncopa> we could look for /dev/dri/card*
2017-05-10 23:13:09 <Shiz> that's a good idea
2017-05-10 23:13:32 <Shiz> is the ps mouse stuff needed?
2017-05-10 23:13:47 <ncopa> that is my question
2017-05-10 23:13:49 <Shiz> or more accurately, do people still use ps mice :p
2017-05-10 23:13:53 <ncopa> i dont think it is
2017-05-10 23:14:04 <ncopa> i think libinput or evdev should be enough?
2017-05-10 23:14:15 <ncopa> i dont know how xorg prio if both are there
2017-05-10 23:14:16 <Shiz> yes
2017-05-10 23:14:23 <Shiz> libinput/evdev should support ps2 stuff
2017-05-10 23:14:25 <nidan_> Shiz: ncopa: Isn't the synaptics touchpads on laptops ps/2?
2017-05-10 23:14:30 <Shiz> the in-kernel mouse stuff is a bit dreadful
2017-05-10 23:14:36 <Shiz> nidan_: no, that's xf86-input-synaptics
2017-05-10 23:14:38 <Shiz> :)
2017-05-10 23:14:56 <nidan_> Sorry, I knew that. =P
2017-05-10 23:15:30 <ncopa> i think libinput replaces synaptics too
2017-05-10 23:15:38 <nidan_> But it's not USB, iirc, it uses the same bus etc, i.e, ps/2. But its own driver, right?
2017-05-10 23:15:55 <ncopa> i replaced synaptics with libinput on my macbook recently to get reverse scrill working
2017-05-10 23:15:59 <ncopa> scroll*
2017-05-10 23:16:23 <ncopa> in not sure
2017-05-10 23:19:24 <Shiz> ah
2017-05-10 23:19:30 <Shiz> yeah i guess libinput is universal
2017-05-10 23:19:36 <Shiz> nidan_: depends on your specific laptop i think
2017-05-10 23:19:42 <Shiz> but i'm sure its ps/2 on some stuff
2017-05-10 23:19:46 <Shiz> but it is its own driver, yeah
2017-05-10 23:20:12 <nidan_> Yay! Glibc compiles with the new gcc. =)
2017-05-10 23:20:40 <Shiz> what did you change?
2017-05-10 23:20:54 <Shiz> ncopa: might be that -synaptics is still needed on older computers
2017-05-10 23:21:41 <Shiz> ncopa: oh:
2017-05-10 23:21:49 <Shiz> "the xf86-input-libinput package, which is "a thin wrapper around libinput and allows for libinput to be used for input devices in X. This driver can be used as as drop-in replacement for evdev and synaptics.""
2017-05-10 23:21:56 <Shiz> seems like all we need is libinput
2017-05-10 23:23:21 <nidan_> Shiz: Disabled a few patches, removed unwanted languages. Removing the unwanted languages was just to save compilation time right now, and I have disabled 5 patches. I'll dig down until I find which one is bugging me (I have my suspicions) and then determine what to do.
2017-05-10 23:23:31 <Shiz> :)
2017-05-10 23:27:09 <Shiz> ugh libinput is balls-deep integrated with udev
2017-05-10 23:27:11 <Shiz> :(
2017-05-10 23:31:24 <nidan_> Why?
2017-05-10 23:32:20 <nidan_> I mean, why integrate them? udev is overengineered as it is with its own rule-parsing syntax etc etc. And all it's supposed to to is run something when the kernel sends hotplug events..
2017-05-10 23:32:37 <nidan_> Why integrate libinput with that?
2017-05-10 23:33:00 <ncopa> libinput probably wants get notified when you plug new device
2017-05-10 23:33:07 <ncopa> eg new usb mouse
2017-05-10 23:33:22 <ncopa> ok, i'll use libinput only for now
2017-05-10 23:33:39 <ncopa> what to do if there are no /dev/dri/card*?
2017-05-10 23:33:48 <ncopa> xf86-video-vesa?
2017-05-10 23:34:16 <nidan_> So, why doesn't libinput just listen to a socket? And udev can write a message there? Or listen to the kernel directly, it's probably easier than interfacing against udev..
2017-05-10 23:34:42 <ncopa> wild guess: so you dont need set up netlink socket yourself
2017-05-10 23:34:47 <nidan_> I'll stop arguing, it's not my code, there are other things to fix. First.
2017-05-10 23:34:54 <ncopa> +1
2017-05-10 23:35:01 <nidan_> =)
2017-05-10 23:35:21 <ncopa> im not saying its a good idea or good design... and tbh, i dont care that much as long as it works :)
2017-05-10 23:36:11 <Shiz> ncopa: yeah vesa
2017-05-10 23:36:24 <Shiz> i'd also add -video-nouvea, -video-amd-gpu and -video-intel
2017-05-10 23:36:26 <Shiz> :)
2017-05-10 23:36:34 <nidan_> I care for one simple reason; code complexity is inverse proportional (probably inverse exponentially proportional) to security. =)
2017-05-10 23:36:42 <ncopa> maybe parse lspci first?
2017-05-10 23:36:50 <Shiz> amdgpu*
2017-05-10 23:37:01 <Shiz> ncopa: i don't think busybox lspci has device names :(
2017-05-10 23:37:11 <ncopa> apk add pciutils
2017-05-10 23:37:16 <nidan_> But I just said I should stop arguing, as I probably just waste your time atm, sorry about that. =)
2017-05-10 23:37:55 <Shiz> ah
2017-05-10 23:38:09 <ncopa> i wonder if its enough to install hwdata-*
2017-05-10 23:38:46 <Shiz> busybox lspci doesn't parse hwdata
2017-05-10 23:38:48 <ncopa> nope
2017-05-10 23:39:12 <ncopa> ok, i think we can apk add pciutils, you proabaly want that on a desktop anyways
2017-05-10 23:39:27 <Shiz> hehe
2017-05-10 23:39:47 <Shiz> i think hwdata-pci is enough on its own
2017-05-10 23:39:51 <Shiz> and that's already a dep of pciutils
2017-05-10 23:39:53 <Shiz> :)
2017-05-10 23:40:05 <Shiz> gotta be careful with detecting intel for obvious reasons...
2017-05-10 23:41:53 <Shiz> ncopa: lshw might be useful
2017-05-10 23:42:21 <ncopa> *shrug* i dont have it installed on my desktop currently
2017-05-10 23:42:29 <Shiz> or maybe just grepping for VGA output in lspci is enough
2017-05-10 23:42:31 <ncopa> there might be alot of tools that might be useful
2017-05-10 23:42:38 <ncopa> yes, thats what im thinking
2017-05-10 23:44:47 <ncopa> if /dev/dri/card* exists, should we bother look for intel/nvidia/amd?
2017-05-10 23:44:54 <Shiz> yes
2017-05-10 23:45:03 <Shiz> the specific drivers are better than modesetting
2017-05-10 23:45:14 <ncopa> so we add the driver in addition to modesetting?
2017-05-10 23:45:16 <Shiz> modesetting should just be the first fallback after specific drivers
2017-05-10 23:45:22 <ncopa> ok
2017-05-10 23:45:38 <Shiz> imo it would be:
2017-05-10 23:45:50 <Shiz> # specific driver detection
2017-05-10 23:46:15 <Shiz> if test -f /dev/dri/card* ; then fallback=xf86-video-modesetting else fallback=xf86-video-vesa ; fi
2017-05-10 23:46:19 <Shiz> apk add $specific $fallback
2017-05-10 23:46:21 <Shiz> :P
2017-05-10 23:47:37 <ncopa> anyone has nvidia and can give me the `lspci | grep -w VGA` output?
2017-05-10 23:48:20 <ncopa> i also wonder if we should try detect older AMD like r128 etc
2017-05-10 23:48:24 <Shiz> 04:00.0 VGA compatible controller: NVIDIA Corporation G94 [Quadro FX 1800] (rev a1)
2017-05-10 23:48:28 <Shiz> from a random google
2017-05-10 23:48:30 <Shiz> ;)
2017-05-10 23:48:34 <ncopa> ha
2017-05-10 23:48:44 <ncopa> im glad we have smart ppl on the chan :)
2017-05-10 23:48:57 <Shiz> grep -i nvidia should work just fine i think
2017-05-10 23:49:17 <ncopa> its a case "$vgaline" in...
2017-05-10 23:49:18 <Shiz> also keep in mind the following: specific drivers should be able to be multiple ones
2017-05-10 23:49:25 <Shiz> cause there can be multiple vga lines
2017-05-10 23:49:33 <Shiz> (multiple GPUs)
2017-05-10 23:51:45 <ncopa> yup
2017-05-10 23:51:57 <ncopa> and multiple /dev/dri/card*
2017-05-10 23:53:43 <nidan_> Gah! "... must not put anything under ... or /opt" <- What's the rationale?
2017-05-10 23:53:49 <ncopa> http://tpaste.us/ZVm9
2017-05-10 23:54:30 <Shiz> nidan_: /opt is not for distro packages
2017-05-10 23:54:36 <Shiz> thus, abuild packages should not put anything there
2017-05-10 23:54:43 <ncopa> http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s13.html
2017-05-10 23:54:52 <ncopa> apk should not install anything there
2017-05-10 23:55:37 <Klowner> irritating, I had my ram-only install working fine and now it doesn't seem to reinstall any packages on boot :{
2017-05-10 23:55:44 <nidan_> It's the law. =)
2017-05-10 23:55:46 <nidan_> =)
2017-05-10 23:55:53 <Shiz> Klowner: do you have an apkovl?
2017-05-10 23:57:09 <nidan_> if ! options_has "!fhs"; then <- Thank yoooouuu... =D
2017-05-10 23:58:37 <ncopa> ;)
2017-05-10 23:58:48 <ncopa> Klowner might need an apk cache sync
2017-05-11 00:00:34 <ncopa> anybody want hepl test http://tpaste.us/ZVm9 ?
2017-05-11 00:00:44 <Klowner> if I `apk upgrade` after booting it installs everything just fine
2017-05-11 00:01:34 <ncopa> apk upgrade before reboot should also worked
2017-05-11 00:01:46 <ncopa> i think its the apk cache that got out of sync
2017-05-11 00:01:52 <Shiz> ncopa: i think we should always add the fallback one
2017-05-11 00:02:04 <Shiz> because nouveau or amdgpu may not recognize newer/older/random cards from their brand
2017-05-11 00:02:05 <ncopa> ah
2017-05-11 00:02:43 <ncopa> good point
2017-05-11 00:02:59 <ncopa> http://tpaste.us/lMzN
2017-05-11 00:03:16 <ncopa> bah
2017-05-11 00:03:21 <Shiz> btw other one to add: *VMware* -> xf86-video-vmware
2017-05-11 00:03:36 <ncopa> 3 different thoughts at same time, 3 different variables
2017-05-11 00:03:47 <Shiz> :)
2017-05-11 00:04:36 <Shiz> we may want to detect virtualbox and add virualbox-guest-additions-hardened too
2017-05-11 00:04:48 <Shiz> err
2017-05-11 00:05:00 <Shiz> virtualbox-additions-hardened and virtualbox-guest-modules-hardened
2017-05-11 00:05:03 <Shiz> confusing package names...
2017-05-11 00:05:23 <ncopa> should those be installed with xorg?
2017-05-11 00:05:29 <ncopa> or from setup-alpine
2017-05-11 00:06:23 <ncopa> should we install a fallback font package too?
2017-05-11 00:06:41 <ncopa> or some base font packages?
2017-05-11 00:06:59 <ncopa> xorg-server is useless without any fonts
2017-05-11 00:08:17 <Shiz> maybe from somewhere else yes
2017-05-11 00:08:52 <Shiz> we should at lesat install ttf-freefont (which should be renamed font-freefont imo)
2017-05-11 00:09:17 <Shiz> font-noto seems good too
2017-05-11 00:09:27 <ncopa> this is the minimal base
2017-05-11 00:09:32 <ncopa> for xorg
2017-05-11 00:09:46 <ncopa> the idea is to use setup-xorg-base from setup-desktop
2017-05-11 00:09:56 <ncopa> where you can select xfce or mate or similar
2017-05-11 00:10:06 <Shiz> well the universal base font package is unifont
2017-05-11 00:10:08 <Shiz> :P
2017-05-11 00:10:20 <Shiz> i'd still consider adding font-noto to it
2017-05-11 00:23:06 <nidan_> gn!
2017-05-11 00:23:23 <ncopa> nidan_: gn
2017-05-11 00:24:24 <ncopa> unifont seems big
2017-05-11 00:24:39 <Shiz> because it covers every glyph
2017-05-11 00:24:41 <Shiz> :P
2017-05-11 00:24:57 <ncopa> so we do ttf-freefont
2017-05-11 00:25:09 <ncopa> should we rename all the ttf-* packages while at it?
2017-05-11 00:25:12 <ncopa> to font-*
2017-05-11 00:25:24 <Shiz> yeah
2017-05-11 00:26:20 <ncopa> unifont is 17M
2017-05-11 00:26:28 <ncopa> to big for default font
2017-05-11 00:43:26 <ncopa> one thing i'd like to do before 3.6 too
2017-05-11 00:43:32 <ncopa> the setup-keymaps
2017-05-11 00:43:50 <ncopa> i think we have a package with pregenerated keymaps
2017-05-11 00:44:04 <ncopa> for busybox loadkbd or what its called
2017-05-11 00:44:17 <ncopa> its generated from kbd package
2017-05-11 00:44:43 <ncopa> i think we should generate those keymaps from xorg keymaps
2017-05-11 00:44:50 <ncopa> i think that is what other distros do
2017-05-11 00:47:12 <Shiz> the bkeymaps you mean
2017-05-11 00:47:37 <ncopa> yes
2017-05-11 00:47:47 <ncopa> but i think it should be a subpackage of kbd
2017-05-11 00:47:57 <ncopa> and generated at package build
2017-05-11 00:48:06 <Shiz> wow this is so old it uses portage stuff
2017-05-11 00:48:08 <Shiz> :P
2017-05-11 00:48:17 <ncopa> the current tarball is probably 10 years...
2017-05-11 00:48:21 <ncopa> yes :)
2017-05-11 00:48:44 <Shiz> well if you think generating it from xorg keymaps is better, no need to keep the kbd version
2017-05-11 00:49:06 <ncopa> but i think it might depend on the kbd tools
2017-05-11 00:49:24 <Shiz> it needs loadkeys
2017-05-11 00:49:57 <Shiz> but if it happens as part of the kbd package, we can just call the compiled loadkeys
2017-05-11 00:49:58 <Shiz> :)
2017-05-11 00:50:28 <ncopa> http://pkgs.fedoraproject.org/cgit/rpms/kbd.git/tree/kbd.spec#n158
2017-05-11 00:51:23 <ncopa> the point is that we will probably want kbd package as alternative
2017-05-11 00:51:38 <ncopa> so we probably want the kbd data too
2017-05-11 00:52:07 <ncopa> and this data should be generated from xorg keymaps (i think)
2017-05-11 00:52:35 <ncopa> we could do the bkeymaps in separate APKBUILD but i thought since we probably will want to upgrade it together with kbd
2017-05-11 00:52:44 <ncopa> then we could just let it be a subpkg
2017-05-11 00:52:46 <Shiz> right
2017-05-11 00:52:57 <Shiz> so this removes the original keymaps and generates them from the X variants
2017-05-11 00:52:58 <Shiz> we can do that
2017-05-11 00:53:05 <Shiz> and then the bmaps as subpackage seems good
2017-05-11 00:53:44 <Shiz> i can do that
2017-05-11 00:57:44 <ncopa> Shiz: thank you!
2017-05-11 00:58:09 <ncopa> i looked at it a bit before 3.5 release but gave up
2017-05-11 00:58:21 <ncopa> just didnt have time to complete it
2017-05-11 00:58:39 <ncopa> for some reason i was not able to convert the keymaps to busybox format
2017-05-11 01:14:48 <kaniini> hi
2017-05-11 01:29:01 <tmh1999> hi
2017-05-11 01:43:50 <Shiz> ncopa: almost done :)
2017-05-11 01:43:58 <Shiz> hi
2017-05-11 01:44:51 <kaniini> ncopa: looking into making a libbsdauth
2017-05-11 01:45:32 <ncopa> hi
2017-05-11 01:45:35 <ncopa> nice!
2017-05-11 01:46:59 <Shiz> same tbh
2017-05-11 01:47:15 <ncopa> Shiz: note to self: let the experts to the work :)
2017-05-11 01:47:42 <Shiz> ncopa: do we want to keep the legacy keymaps?
2017-05-11 01:47:48 <Shiz> as opposed to the ones generated from xorg keymaps
2017-05-11 01:47:55 <ncopa> possibly
2017-05-11 01:48:13 <ncopa> as a fallback/alternative, in case someone prefers those
2017-05-11 01:48:23 <ncopa> in a subpkg
2017-05-11 01:50:21 <ncopa> ok its time to sleep
2017-05-11 01:50:30 <ncopa> thank you everyone
2017-05-11 01:51:13 <Shiz> good night :)
2017-05-11 02:34:37 <Shiz> https://googleprojectzero.blogspot.co.uk/2017/05/exploiting-linux-kernel-via-packet.html
2017-05-11 02:34:43 <Shiz> we need to update our kernels for this
2017-05-11 02:35:20 <Shiz> another userns escape :p
2017-05-11 03:33:22 <Shiz> ncopa: https://github.com/alpinelinux/aports/pull/1373
2017-05-11 03:33:24 <Shiz> :)
2017-05-11 03:53:45 <kaniini> Shiz: i think we go with compressed keymaps, can you handle that?  if so i'll merge it
2017-05-11 03:54:02 <Shiz> sure, it'll just need a few changes
2017-05-11 03:54:09 <Shiz> i'll fix it up when i wake up
2017-05-11 03:55:25 <kaniini> kk
2017-05-11 03:58:00 <Shiz> also see response on the syslogd pr
2017-05-11 04:03:32 <kaniini> works for me
2017-05-11 06:35:25 <kaniini> lol
2017-05-11 06:35:37 <kaniini> i have a machine that is too big for alpine
2017-05-11 06:35:42 <kaniini> it only counts 32 of 128 CPUs
2017-05-11 06:35:47 <kaniini> lols
2017-05-11 06:37:20 <fcolista> kaniini, i would have the same problem...
2017-05-11 06:37:20 <fcolista> :)
2017-05-11 06:37:32 <kaniini> it's okay
2017-05-11 06:37:43 <kaniini> i am pushing new kernels which bump that limit a bit
2017-05-11 06:37:55 <kaniini> i moved it up to 256
2017-05-11 06:42:03 <kaniini> does detect all 256GB RAM though
2017-05-11 06:50:28 <kaniini> imo CONFIG_NR_CPUS=32 is excessive on x86_32 though
2017-05-11 06:50:31 <kaniini> because
2017-05-11 06:50:41 <kaniini> if you really have >32 CPUs, you're going to need some decent amount of ram to drive it
2017-05-11 06:50:59 <kaniini> we could probably downsize it on 32-bit
2017-05-11 06:51:15 <kaniini> i don't think anyone would run 32-bit alpine on big iron
2017-05-11 06:51:17 <kaniini> haha
2017-05-11 08:56:43 <xsteadfastx> oh libuuid in edge gives a BAD SIGNATURE error
2017-05-11 09:09:19 <clandmeter> xsteadfastx, which mirror?
2017-05-11 11:25:09 <leo-unglaub> jirutka: congrats on your libressl find
2017-05-11 11:25:18 <leo-unglaub> i know, litle late but still ;)
2017-05-11 11:26:53 <jirutka> leo-unglaub: heh, thanks :) but I just found that something is wrong, the guy from VoidLinux resolved what exactly is wrong and Shiz wrote the text for CVE
2017-05-11 11:27:53 <jirutka> leo-unglaub: have you noticed that rust is already in the community repo? ;) (but cargo is not yet)
2017-05-11 11:28:53 <leo-unglaub> yes i did. already used it to compile my rust zip password cracker
2017-05-11 11:42:43 <mosez> ERROR: libuuid-2.28.2-r1: BAD signature
2017-05-11 11:42:43 <mosez> ERROR: libblkid-2.28.2-r1: BAD signature
2017-05-11 11:42:44 <mosez> ERROR: libmount-2.28.2-r1: BAD signature
2017-05-11 11:42:50 <mosez> is this something i can solve somehow?
2017-05-11 11:43:11 <mosez> ah... xsteadfastx also found that
2017-05-11 11:43:18 <jirutka> mosez: what mirror do you use?
2017-05-11 11:43:39 <^7heo> mosez: maybe an apk update?
2017-05-11 11:43:56 <mosez> dl-cdn :(
2017-05-11 11:45:28 <jirutka> mosez: hm, try to switch to http(s)://cz.alpinelinux.org or http(s)://nl.alpinelinux.org and let us know if it helped
2017-05-11 11:46:18 <mosez> jirutka: nl works
2017-05-11 11:46:42 <jirutka> okay, so yet another broken mirror on the list :( /cc clandmeter
2017-05-11 11:47:10 <mosez> there is no way to see which mirror gets used, right?
2017-05-11 11:47:13 <jirutka> huh, I have the operator role now! :)
2017-05-11 11:47:26 <jirutka> mosez: it’s random…
2017-05-11 11:47:47 <jirutka> mosez: you can try curl -Lv http://dl-cdn… and see
2017-05-11 11:50:21 <mosez> https://gist.github.com/tboerger/e99d46d994acd056ba45a26e937bff20
2017-05-11 11:50:51 <mosez> X-Served-By: cache-ams4137-AMS, cache-dfw1822-DFW, cache-hhn1523-HHN
2017-05-11 12:04:20 <Shiz> is dl-cdn round-robin or geodns?
2017-05-11 12:09:17 <fabled> Shiz, dl-cdn should be geo
2017-05-11 12:09:40 <Shiz> seems to be backed by fastly, so no easy way to see which actual mirror got used
2017-05-11 12:09:42 <Shiz> :(
2017-05-11 12:32:11 <ncopa> morning
2017-05-11 12:32:28 <ncopa> i think dl-cdn uses dl-4.a.o as backend
2017-05-11 12:36:57 <Shiz> oh right i should compress those keymaps
2017-05-11 12:45:36 <Shiz> jirutka: re: kbd thing
2017-05-11 12:45:44 <Shiz> this is why something like an INSTALL_MASK for apk would be nice :)
2017-05-11 12:45:53 <Shiz> the keymap script could just mask all other layout files
2017-05-11 12:58:46 <jirutka> Shiz: yeah, it’d be useful, but I’m a bit afraid of misusing it… I remember that the last time someone suggested this feature (s)he wanted to use it as a nasty and silly workaround instead of solving the real issue
2017-05-11 13:14:56 <TBB> kernel question... since yesterday's af_packet vuln there probably will be a new kernel available soon. I'm not exactly aware of whether Alpine's new kernels still come with the last grsec patch or not, so I'd like to know
2017-05-11 13:19:16 <jirutka> heh, this is great! https://up.shiz.me/ZDEwMTY1.png
2017-05-11 13:19:33 <Shiz> :)
2017-05-11 13:19:45 <Shiz> the power of musl openwrt :p
2017-05-11 13:20:05 <TBB> next step: emojis in SSIDs
2017-05-11 13:20:16 <Shiz> i've done that too
2017-05-11 13:20:20 <Shiz> for a while my SSID was the poo emoji
2017-05-11 13:21:30 <TBB> unsurprisingly, that was the first emoji I thought of as well
2017-05-11 13:21:44 <Shiz> it's fitting for a standard like wifi
2017-05-11 13:34:00 <mosez> i don't want to change the repo to nl or something else... than all my docker containers are getting rebuilt :(
2017-05-11 13:36:50 <Shiz> it'll be fixed
2017-05-11 13:37:13 <TBB> isn't the whole point of docker containers that they'll be rebuilt at least twice a day? :)
2017-05-11 14:05:51 <mosez> tbb: maybe for you, but not for me ;)
2017-05-11 14:06:55 <mosez> and since nearly all 3 pages of https://hub.docker.com/u/webhippie are built on alpine with different tags that get triggered i got to wait quite long :(
2017-05-11 14:17:42 <xentec> Shiz: syncthing pr is ready https://github.com/alpinelinux/aports/pull/1286
2017-05-11 14:17:59 <Shiz> i saw it, was waiting for the builder to be done with it
2017-05-11 14:18:38 <ncopa> TBB:  grsec is no longer available. but we use an unofficial fork of it
2017-05-11 14:19:00 <Shiz> oooh it's a sanitizer thing
2017-05-11 14:19:34 <Shiz> also fwiw: depending on the way its exploited, either RAP or UDEREF/KERNEXEC should stop that attack on grsec
2017-05-11 14:19:55 <Shiz> but it seems good to update the kernel before we release 3.6 final yes
2017-05-11 14:21:29 <Shiz> xentec: what the fuuuuuck
2017-05-11 14:21:33 <Shiz> go ships precompiled race binaries
2017-05-11 14:21:42 <Shiz> with its source code...
2017-05-11 14:22:05 <xentec> yep
2017-05-11 14:22:14 <Shiz> i'll merge your pr as it looks good to me
2017-05-11 14:22:27 <xentec> thank you
2017-05-11 14:23:36 <Shiz> what does -no-upgrade do, btw?
2017-05-11 14:24:37 <xentec> I guess, updating go deps
2017-05-11 14:25:43 <Shiz> ah
2017-05-11 14:26:04 <xentec> it disables syncthing updating itself
2017-05-11 14:26:05 <Shiz> and merged
2017-05-11 14:26:14 <Shiz> (i'm surprised github pr closer tracked my rebase+squash)
2017-05-11 15:57:12 <Shiz> so i want to move a file to a different package and have the package it formerly belongs to depend on it
2017-05-11 15:57:14 <Shiz> but
2017-05-11 15:57:28 <Shiz> that fucks up abuild as when it tries to build the original package:
2017-05-11 15:57:38 <Shiz> ERROR: go-race-4.0.0-r0: trying to overwrite usr/lib/go/src/runtime/race/race_linux_amd64.syso owned by go-1.7.4-r2.
2017-05-11 15:57:56 <Shiz> because both go-race (the new package) and the old version of the old package have that file
2017-05-11 15:58:01 <Shiz> (but thew new version of the old package does not)
2017-05-11 15:58:03 <Shiz> how do i resolve this?
2017-05-11 16:03:24 <clandmeter> replaces?
2017-05-11 16:29:17 <Shiz> but it doesn't replace all of the package files, just the one
2017-05-11 16:29:18 <Shiz> :p
2017-05-11 16:46:11 <Shiz> ==24809==ERROR: ThreadSanitizer failed to allocate 0x40000 (262144) bytes at address 600000000000 (errno: 12)
2017-05-11 16:46:13 <Shiz> FATAL: ThreadSanitizer can not mmap thread trace (0x600000000000/0x000000040000->0xfffffffffffffff4)
2017-05-11 16:46:15 <Shiz> FAIL    github.com/syncthing/syncthing/lib/weakhash     0.006s
2017-05-11 16:46:17 <Shiz> progress in tsan
2017-05-11 16:46:19 <Shiz> cc xentec
2017-05-11 16:47:52 <xentec> wtf
2017-05-11 16:48:12 <Shiz> :p
2017-05-11 16:55:55 <^7heo> Since when are addresses 6 bytes?
2017-05-11 16:56:03 <^7heo> I noticed it is, but I never noticed the change.
2017-05-11 16:58:58 <xentec> Shiz: I'm confused. Is it an error from running syncthing or the fixed race test?
2017-05-11 17:05:22 <ayee> I'm using 3.6-alpine, but apk is trying to download 3.4 directory stuff..
2017-05-11 17:05:36 <ayee> Step 1/6 : FROM python:3.6-alpine  ---> 7e34130a3d10
2017-05-11 17:05:45 <ayee> Step 3/6 : RUN apk update && apk add --no-cache imagemagick  ---> Running in a3a551b2aa1a fetch http://dl-cdn.alpinelinux.org/alpine/v3.4/main/x86_64/APKINDEX.tar.gz ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.4/main: temporary error (try again later)
2017-05-11 17:05:51 <ayee> am I doing it wrong?
2017-05-11 17:06:41 <ayee> the files look like the exist, but I'm getting timeouts
2017-05-11 17:07:00 <ayee> I get it on my local laptop, but I also get it on an open ec2 instance. so I don't think it's my local network, it seems like a httpd issue?
2017-05-11 17:07:01 <xentec> ayee: dl-cdn mirror is dead right now, as you can see
2017-05-11 17:07:19 <kaniini> :D
2017-05-11 17:07:24 <ayee> xentec: nod. always have to ask for a sanity check, I've been known to PEBKAC now and again
2017-05-11 17:07:32 <kaniini> you are not, there is a problem with dl-cdn.alpinelinux.org for some reason
2017-05-11 17:08:32 <ayee> perhaps update /topic, 1% of folks will read it and not ask. 99% of people will skip reading it and ask anyway. (I'm in the 1%!)
2017-05-11 17:08:47 <kaniini> yes, dl-cdn is down
2017-05-11 17:08:59 <kaniini> try different mirror
2017-05-11 17:09:42 <ayee> What command/mirror?
2017-05-11 17:10:01 <xentec> # setup-apkrepos
2017-05-11 17:18:34 <ayee> hmm, not https on the web servers either? :(
2017-05-11 17:18:42 <ayee> certs are zero cost now a days
2017-05-11 17:18:54 <ayee> people can change the packets in flight without https
2017-05-11 17:19:53 <ayee> With let's encrypt you have automation to renew the cert, so you'll never have to renew it either, and it's no cost: https://letsencrypt.org/
2017-05-11 17:22:43 <xentec> ayee: alpine uses signed packages and pkg-indices with local keys for verification
2017-05-11 17:23:18 <xentec> ayee: as I see it, you cannot break this trust chain with a mitm-attack
2017-05-11 17:23:22 <ayee> I guess, but someone could update the mirror list before they get the package.. and have a special mirror.
2017-05-11 17:23:32 <ayee> but if you want to be on the side arguing against https, that's cool too
2017-05-11 17:25:33 <xentec> ayee: I know https is important, but it's not needed here as another form of verification is in place
2017-05-11 17:26:33 <kaniini> i did update the topic
2017-05-11 17:26:35 <kaniini> blah
2017-05-11 17:26:44 <xentec> ayee: >have a special mirror.
2017-05-11 17:27:01 <xentec> you still need the maintainer keys to install malware packages
2017-05-11 17:27:14 <xentec> *to sign and install
2017-05-11 17:43:57 <kaniini_> grrr
2017-05-11 17:44:10 <kaniini_> whatever is breaking fastly is also breaking matrix
2017-05-11 17:44:51 <scadu> kaniini_: huh?
2017-05-11 17:45:52 <kaniini_> scadu: my matrix client is lagged by 10 minutes almost
2017-05-11 17:53:03 <rfs613> 
ACTION waits for the ineviteable loop between irc, matrix and three dozen other relaying services.

2017-05-11 17:53:21 <rfs613> shortly after that, the AI will become sentient...
2017-05-11 19:14:24 <Shiz> xentec: it's just check()
2017-05-11 19:14:53 <Shiz> ayee: python:3.6-alpine means python 3.6
2017-05-11 19:15:00 <Shiz> not alpine 3.6
2017-05-11 19:15:06 <Shiz> python's alpine images are (sadly) 3.4-based
2017-05-11 21:08:18 <awilfox> xentec, ayee, older apk used sha1 checksums.  all you have to do is collide apk upgrade and put new key in.  or inject keys into iso/img when first installed.
2017-05-11 21:10:31 <xentec> awilfox >or inject keys into iso/img when first installed.
2017-05-11 21:10:37 <xentec> how would you do that?
2017-05-11 21:13:53 <awilfox> put them in /etc/apk/keys and then intercept mirror traffic
2017-05-11 21:14:13 <awilfox> and feel confident that users are too lazy to sha256sum the iso before using it
2017-05-11 21:15:19 <xentec> sadly for you only https://nl.alpinelinux.org provides release images
2017-05-11 21:16:14 <xentec> ok, disregard that ^
2017-05-11 21:16:35 <xentec> but the releases an alpinelinux.org are provided with https
2017-05-11 21:16:42 <xentec> s/an/on
2017-05-11 21:17:10 <nidan_> FYI: What breaks building glibc under Alpine is the 207-static-pie.patch.
2017-05-11 21:17:18 <awilfox> ah, so images are https but mirrors aren't?
2017-05-11 21:17:28 <awilfox> glibc..?
2017-05-11 21:17:30 <awilfox> o.O
2017-05-11 21:17:52 <xentec> nidan_: the point of alpine is not using glibc
2017-05-11 21:18:01 <nidan_> awilfox: Unfortunately I need it for some stuff that is out of my control. =/
2017-05-11 21:18:10 <nidan_> xentec: I know.
2017-05-11 21:18:51 <nidan_> xentec: But I can't get around not using that code atm. So, the glibc I've built lives in /opt/gnu/glibc/ where it does no harm. (tm). =)
2017-05-11 21:19:04 <nidan_> s/not//
2017-05-11 21:19:56 <xentec> awilfox: yes, because the keys need to be transferred securely. after that everything apk installes is always verified against those keys
2017-05-11 21:20:13 <skarnet> nidan_: you'll need to compile your application with a rpath though
2017-05-11 21:20:35 <xentec> nidan_: how about using a chroot, or container?
2017-05-11 21:20:36 <nidan_> The LD_ vars have worked for me.
2017-05-11 21:21:00 <skarnet> LD_ variables are process-specific, you don't want that
2017-05-11 21:21:08 <skarnet> you want a system-wide setting
2017-05-11 21:21:32 <skarnet> so it's either a rpath or a /lib/ld-linux.so.2
2017-05-11 21:21:33 <nidan_> skarnet: This is one program we're talking about. Alas, one process.
2017-05-11 21:21:51 <skarnet> "just this one time", she said
2017-05-11 21:21:56 <nidan_> haha
2017-05-11 21:22:38 <nidan_> xentec: Maybe at a later time.
2017-05-11 22:10:52 <Shiz>   nidan_ │ FYI: What breaks building glibc under Alpine is the 207-static-pie.patch.
2017-05-11 22:10:55 <Shiz> i did tell you :)
2017-05-11 22:21:22 <nidan_> Shiz: I don't recognize.
2017-05-11 22:29:13 <jirutka> anyone who know OpenSMTPD here? I need an urgent advice
2017-05-11 22:43:02 <jirutka> omfg why the hell such simple use case doesn’t work as expected?!
2017-05-11 22:43:21 <jirutka> this stupid assumption about local users
2017-05-11 22:48:18 <jirutka> Shiz: ^ ?
2017-05-11 23:05:15 <jirutka> uff, I finally solved it… using keyword that is not mentioned on https://www.opensmtpd.org/faq/rules.html ! WTF?!
2017-05-11 23:06:12 <xentec> which keyword is it then?
2017-05-11 23:07:13 <jirutka> rcpt-to
2017-05-11 23:08:01 <jirutka> accept from any for domain "lists.****.cz" virtual { "@" => postmaster } deliver to lmtp mailman:1524 rcpt-to
2017-05-11 23:09:22 <jirutka> why I even prefer OpenSMTPD? IIRC I always have a problem to figure out how to configure anything, mainly b/c of lack of useful examples or undocumented features… it actually leads to worse experience than with Postfix :(
2017-05-11 23:09:53 <TemptorSent> jirutka: There's always sendmail...
2017-05-11 23:09:56 <TemptorSent> 
ACTION ducks

2017-05-11 23:10:00 <jirutka> TemptorSent: ha ha
2017-05-11 23:10:32 <jirutka> why there’s no mail server that does not sucks? and that reflects requirements of 21st century, that’s surely not delivery for local unix users…
2017-05-11 23:10:53 <jirutka> but this is still what all mail software expects by default
2017-05-11 23:11:30 <skarnet> *cough* qmail does whatever you want, why do people believe it doesn't apply to the 21st century?
2017-05-11 23:11:46 <TemptorSent> Yup, it would be nice if we had a nice virtualmail setup ready-to-deploy.
2017-05-11 23:12:29 <TemptorSent> skarnet: *lol* sendmail will do whatever you want too, configuration is left as an excercise for the user ;)
2017-05-11 23:12:44 <jirutka> uff, but I finally updated and migrated Mailman 3 + HyperKitty + Posterious to new server and switched from Postfix to OpenSMTD
2017-05-11 23:12:54 <jirutka> at 1.12 AM… still in the office
2017-05-11 23:13:08 <jirutka> I hate mails so much!
2017-05-11 23:13:15 <^7heo> dpm
2017-05-11 23:13:17 <^7heo> don't hate
2017-05-11 23:13:19 <^7heo> educate.
2017-05-11 23:13:19 <jirutka> everything that includes mail is plain horribly experience
2017-05-11 23:13:20 <^7heo> 
ACTION hides

2017-05-11 23:13:22 <skarnet> TemptorSent: sendmail doesn't do what I want, i.e. being small and simple
2017-05-11 23:13:54 <skarnet> jirutka: because nobody ever wrote a MTA that doesn't suck. Except qmail.
2017-05-11 23:14:16 <^7heo> the problem with MTAs is that it uses SMTP
2017-05-11 23:14:16 <TemptorSent> skarnet: I can't argue about not being small nor simple, but that's the noun, not a lack of verbs.
2017-05-11 23:14:17 <jirutka> OpenSMTPD is nice, except that its author is… specific…
2017-05-11 23:14:46 <^7heo> MUAs are much easier, since they only need to fire&forget.
2017-05-11 23:15:06 <^7heo> (or connect via imap - or pop3 and do some horrible hacks to keep the mails on the servers)
2017-05-11 23:15:49 <TemptorSent> I usually go with indepdendent services for my MTA and MDA when I have virtual users.
2017-05-11 23:16:13 <jirutka> it just sucks that I must use dkimproxy instead of OpenDKIM, b/c OpenDKIM can talk only milter…
2017-05-11 23:20:01 <jirutka> okay, so the next step is to set up DKIM verification for incoming mails and also DMARC
2017-05-11 23:20:51 <TemptorSent> jirutka: And I take it getting OpenSMPTPd to speak milter isn't happening?
2017-05-11 23:21:06 <jirutka> TemptorSent: unfortunately it’s not
2017-05-11 23:21:23 <jirutka> TemptorSent: OpenSMTPD has nice filter interface, but no one wrote milter adapter yet
2017-05-11 23:21:51 <TemptorSent> Hmm, seems like an obvious target and one that might actually be able to be kept in sync with the changing api.
2017-05-11 23:22:33 <jirutka> OpenSMTPD filter API is stable… except he’s gonna redesign it, but it’s not happening yet
2017-05-11 23:22:43 <jirutka> and the current filter API is here for few years
2017-05-11 23:23:05 <jirutka> I’m using it since times it was totally undocumented, b/c gilles didn’t want anyone to use it…
2017-05-11 23:23:07 <TemptorSent> Ahh, and probably a few more at the rate its going :)
2017-05-11 23:23:18 <jirutka> yeah
2017-05-11 23:23:39 <jirutka> since he hates apparently when anyone use his software, he decided to develop new filter API in secret…
2017-05-11 23:23:42 <jirutka> not kidding
2017-05-11 23:24:09 <TemptorSent> That's more than a little bit crazy.
2017-05-11 23:24:20 <jirutka> yeah
2017-05-11 23:25:02 <jirutka> hm, I need to 25 minutes, night tram :/
2017-05-11 23:25:34 <TemptorSent> Ahh, how often do they run?
2017-05-11 23:26:46 <jirutka> http://jizdnirady.idnes.cz/pid/spojeni/?f=Dejvick%c3%a1&t=Divok%c3%a1+%c5%a0%c3%a1rka&fc=301003&tc=301003&submit=true
2017-05-11 23:26:49 <jirutka> it’s night :/
2017-05-11 23:30:31 <jirutka> and if anyone wants completely Mailman 3 Suite: https://github.com/jirutka/user-aports/tree/v3.5/bundles
2017-05-11 23:31:01 <jirutka> it’s easy as pie to install it with my packages
2017-05-11 23:31:32 <jirutka> otherwise it’s hard as hell, b/c its developers are apparently totally incompetent
2017-05-11 23:31:45 <jirutka> and/or don’t care about any users at all
2017-05-11 23:40:23 <jirutka> omg i’m idiot!
2017-05-11 23:40:26 <jirutka> i missed it
2017-05-11 23:47:03 <Shiz>   @jirutka │ uff, I finally solved it… using keyword that is not mentioned on https://www.opensmtpd.org/faq/rules.html ! WTF?!
2017-05-11 23:47:09 <Shiz> use the manpage,l uke ;p
2017-05-11 23:47:16 <jirutka> why?!
2017-05-11 23:47:23 <jirutka> I don’t have man pages installed on Alpine servers
2017-05-11 23:47:29 <Shiz> also you are entitled to your opinion of course but imo comparison to postfix in pain to configure is nonsense ;p
2017-05-11 23:47:37 <Shiz> jirutka: there's online ones
2017-05-11 23:47:44 <Shiz> https://www.opensmtpd.org/manual.html
2017-05-11 23:47:46 <Shiz> right here
2017-05-11 23:48:00 <jirutka> try to google opensmtpd man…
2017-05-11 23:48:19 <jirutka> wait…
2017-05-11 23:48:21 <jirutka> wth
2017-05-11 23:48:26 <Shiz> well, it's a link in the sidebar of their homepage...
2017-05-11 23:48:29 <Shiz> "manual pages"
2017-05-11 23:48:31 <Shiz> :p
2017-05-11 23:48:52 <jirutka> omfg, I’ve accidentelly found wrong manual…
2017-05-11 23:49:20 <jirutka> b/c this does not look like FAQ! https://www.opensmtpd.org/faq/rules.html
2017-05-11 23:49:34 <jirutka> and since i was in stress I overlooked that and thought that it’s a manual
2017-05-11 23:53:02 <jirutka> about postfix, why non-sense? Postfix configuration is horrible, but at least you can find many real-world examples…
2017-05-12 00:01:13 <rfs613> FAQ seems to be here: https://www.opensmtpd.org/faq/index.html ... and it says "is only intended to be used as a supplement to the man pages"... the man pages are eg http://man.openbsd.org/smtpd
2017-05-12 00:02:05 <jirutka> hm, I haven’t read that :(
2017-05-12 00:02:24 <jirutka> I’m too tired now
2017-05-12 00:02:30 <rfs613> there isn't much in that man page unfortunately, but there are other man pages related, such as snmpctl
2017-05-12 00:02:46 <rfs613> and perhaps this one: http://man.openbsd.org/smtpd.conf.5
2017-05-12 00:02:46 <jirutka> but still this is NOT how FAQ should look like and it’s wrong that it contains *almost* complete list of keywords
2017-05-12 00:03:12 <jirutka> this http://man.openbsd.org/smtpd.conf.5 contains that important rcpt-to option
2017-05-12 00:03:20 <jirutka> afk
2017-05-12 00:28:22 <Shiz> jirutka: i agree that it may be a bit confusing yes
2017-05-12 00:29:41 <rfs613> perhaps they should remove every other keyword from the FAQ then ;-)
2017-05-12 01:11:35 <Shiz> ncopa: kaniini: relevant changes to alpine-conf PR'd
2017-05-12 01:11:36 <Shiz> :)
2017-05-12 01:12:20 <kaniini> ok
2017-05-12 01:12:27 <kaniini> i'll check in a bit
2017-05-12 01:13:21 <Shiz> no rush
2017-05-12 01:17:49 <jirutka> and brief show-up how to install Mailman 3 Suite on Alpine :P https://gitlab.com/mailman/mailman-suite/issues/3
2017-05-12 03:16:39 <kaniini_> hi
2017-05-12 07:09:32 <xentec> wireguard-tools requires bash dependency for wg-quick but it's missing
2017-05-12 07:27:56 <clandmeter> is that script mandatory for normal operations?
2017-05-12 08:02:50 <xentec> clandmeter: strictly speaking no, but it's extremely helpful for setting up wg interfaces (especially at boot time)
2017-05-12 08:04:39 <clandmeter> any chance you can replace bashism with posix?
2017-05-12 08:06:01 <xentec> this gonna take a while https://git.zx2c4.com/WireGuard/tree/src/tools/wg-quick.bash#n26
2017-05-12 08:07:20 <mosez> the texlive package is missing http://www.tug.org/texlive/Contents/live/texmf-dist/scripts/texlive/mktexlsr.pl :(
2017-05-12 08:11:33 <mosez> nvm, now it's failing with something else... :(
2017-05-12 08:27:10 <Shiz> xentec: oh brother
2017-05-12 08:27:27 <Shiz> may be quicker to even rewrite it
2017-05-12 08:27:38 <Shiz> this is full of bashisms
2017-05-12 08:56:11 <clandmeter> yes it is
2017-05-12 08:57:16 <scadu> hi
2017-05-12 08:57:35 <scadu> https://github.com/alpinelinux/aports/pull/1388 would it be possible to merge this one? OpenVPN bump to 2.4.2
2017-05-12 08:58:51 <mosez> hum... texlive@testing sucks :(
2017-05-12 08:59:05 <scadu> would be nice to see 2.4.2 in 3.6. hope it wasn't frozen yet
2017-05-12 09:03:57 <Shiz> if it's a security update, it won't be a problem
2017-05-12 09:04:19 <Shiz> but I don't handle main, so cc clandmeter ;p
2017-05-12 09:09:29 <scadu> clandmeter: could you please take a look at pr #1388 linked above?
2017-05-12 09:09:40 <scadu> algitbot: stupid you :P
2017-05-12 09:14:09 <xentec> just noticed that linux-headers are still on 4.4: https://git.alpinelinux.org/cgit/aports/tree/main/linux-headers/APKBUILD
2017-05-12 09:31:33 <Shiz> xentec: fwiw i'm rewriting it because i'm bored
2017-05-12 09:31:35 <Shiz> :p
2017-05-12 09:32:08 <xentec> nice
2017-05-12 09:51:22 <Shiz> xentec: do you have wireguard installed?
2017-05-12 09:51:28 <xentec> yes
2017-05-12 09:51:57 <Shiz> could you check the output for a few commands for me?
2017-05-12 09:52:00 <Shiz> i don't have wg
2017-05-12 09:52:14 <xentec> sure
2017-05-12 09:52:22 <Shiz> # wg show <interface> fwmark
2017-05-12 09:52:26 <Shiz> # wg show <interface> allowed-ips
2017-05-12 09:52:35 <Shiz> # wg show <interface> endpoints
2017-05-12 09:52:42 <Shiz> (feel free to anonimyze and stuff, i just need the format)
2017-05-12 09:59:36 <xentec> Shiz: https://dpaste.de/8kia
2017-05-12 10:00:12 <xentec> also fyi wg always shows IPs but can read hostnames as well
2017-05-12 10:09:59 <Shiz> xentec: could you check if this prints the ips:
2017-05-12 10:10:02 <Shiz> wg show "$INTERFACE" allowed-ips | sed -e 's/.*([0-9a-f:./]+)/\1/g' | sort -nr -k 2 -t /
2017-05-12 10:10:03 <Shiz> ?
2017-05-12 10:14:13 <xentec> Shiz: it prints pubkeys and ips. the regex is too greedy
2017-05-12 10:14:24 <Shiz> oh
2017-05-12 10:14:26 <Shiz> i forgot the $
2017-05-12 10:14:32 <Shiz> could you add that and try again
2017-05-12 10:15:42 <xentec> nope. but wg emity a \t between keys and ips so you could use that as a delimiter
2017-05-12 10:15:47 <xentec> *emits
2017-05-12 10:20:14 <Shiz> found something that works
2017-05-12 10:20:16 <Shiz> wg show "$INTERFACE" allowed-ips | cut -f2- | tr ' ' '\n' | sort -nr -k 2 -t /
2017-05-12 10:22:47 <xentec> yep, 1 row/ip
2017-05-12 10:29:01 <coredumb> was there really a need for an Alpine CoC ?
2017-05-12 10:30:13 <coredumb> just asking, not trying to stir up too much debate ;)
2017-05-12 10:31:53 <xentec> where?
2017-05-12 10:33:13 <coredumb> xentec: devel mailing list
2017-05-12 10:33:51 <clandmeter> http://lists.alpinelinux.org/alpine-devel/201705byindex.html
2017-05-12 10:35:15 <xentec> imho Code of Conflict > CoC :D
2017-05-12 10:39:31 <Shiz> coredumb: immediate need right now, no
2017-05-12 10:39:47 <Shiz> but these things are more for 'when you need em you're glad you have em'
2017-05-12 10:39:49 <Shiz> imo
2017-05-12 10:39:57 <Shiz> and i expect the community to grow :)
2017-05-12 10:40:52 <coredumb> Shiz: OK :)
2017-05-12 10:49:04 <Shiz> jirutka: is it intentional that llvm4-dev doesn't depend on llvm4-static
2017-05-12 11:03:28 <^7heo> coredumb: please don't mix tech stuff and social, politically-drifting stuff
2017-05-12 11:07:25 <xentec> and yet a proposal to put social, politically-drifting stuff into a tech project is made ;)
2017-05-12 11:14:17 <martanne> Hi, what is the Alpine package policy with regard to static Lua modules? It would be nice, if there were a package shipping lpeg.a. Currently the lua-lpeg package only contains the shared library.
2017-05-12 11:16:46 <^7heo> xentec: not by me it isn't
2017-05-12 11:17:11 <coredumb> ^7heo: how am I mixing? -devel mailing list -devel IRC channel ...
2017-05-12 11:17:20 <^7heo> xentec: what I proposed is apolitical
2017-05-12 11:23:55 <Shiz> ladies, please
2017-05-12 11:24:00 <Shiz> let's chill
2017-05-12 11:24:21 <Shiz> martanne: i wouldn't be opposed to them, but what's the direct use case for them?
2017-05-12 11:24:27 <Shiz> honestly asking since i'm not that familiar with lua
2017-05-12 11:28:14 <martanne> Shiz: I want to build a self contained binary of a project of mine. I currently have ugly build scripts for musl+all dependencies, but would like to replace them with a Dockerfile based on an Alpine image.
2017-05-12 11:29:33 <Shiz> right, but how do static lua modules integrate?
2017-05-12 11:29:40 <Shiz> i presume they're loaded by the lua interpreter?
2017-05-12 11:31:57 <martanne> yes, you link a luaopen_<lib-nam> function into the C binary and register it in the Lua package loader
2017-05-12 11:32:34 <martanne> https://github.com/martanne/vis/blob/master/vis-lua.c#L2440-L2447
2017-05-12 11:45:31 <martanne> Shiz: so technically it is not loaded by the Lua interpreter it is only referenced.
2017-05-12 11:45:38 <martanne> But I just realized that in general Alpine's -dev packages do not ship static versions of the libraries. So this won't work the way I naively assumed :/
2017-05-12 11:45:48 <Shiz> in general they should
2017-05-12 11:47:08 <rfs613> martanne: (offtopic) I use your editor (on Alpine), it's nice. I changed the colors and syntax highlighting to be more vim-like (personal pref, I find solarized is hard to read)
2017-05-12 11:47:46 <^7heo> wow, I didn't know vis.
2017-05-12 11:47:48 <^7heo> Nice!
2017-05-12 11:48:46 <^7heo> martanne: nice work!
2017-05-12 11:49:11 <xentec> Shiz: if you're still working on wg-quick, could you also fix this line? https://git.alpinelinux.org/cgit/aports/tree/testing/wireguard-hardened/APKBUILD#n35
2017-05-12 11:49:33 <xentec> s/grsec-/${_flavor}=/
2017-05-12 11:49:53 <Shiz> ah yes
2017-05-12 11:53:19 <martanne> Shiz: well libtermkey for example does not seem to do so
2017-05-12 11:53:59 <^7heo> Do we have vis in alpine?
2017-05-12 11:54:07 <martanne> rfs613: thanks, we have a themes wiki page now, feel free to add a reference to it
2017-05-12 11:54:28 <martanne> ^7heo: yes there is a package
2017-05-12 11:54:33 <^7heo> yeah I just installed it
2017-05-12 11:54:39 <^7heo> I'm gonna try that asap.
2017-05-12 11:54:47 <^7heo> at least I know how to quit it
2017-05-12 11:54:50 <^7heo> starts well.
2017-05-12 12:01:31 <Shiz> martanne: if the package offers static libraries we package them in -dev, but maybe it needs a special configure switch to enable that we didn't pass
2017-05-12 13:29:10 <pickfire> ^7heo: vis is cool
2017-05-12 13:29:14 <pickfire> But kinda weird.
2017-05-12 13:29:18 <^7heo> how so?
2017-05-12 13:29:27 <pickfire> Like cursor on the back.
2017-05-12 13:29:40 <pickfire> And left/right can move across lines.
2017-05-12 13:30:17 <pickfire> rfs613: I like papercolor but papercolor on vis is super hard to configure.
2017-05-12 13:48:25 <^7heo> < pickfire> Like cursor on the back.
2017-05-12 13:48:28 <^7heo> What do you mean?
2017-05-12 13:49:06 <^7heo> Wow, when I press escape, the cursor doesn't go back by one character.
2017-05-12 13:49:10 <^7heo> Is there a way to change that?
2017-05-12 14:14:23 <^7heo> but really, vis seems MUCH faster than vim here.
2017-05-12 14:15:49 <scadu> ^7heo: this is not suprising. check also kakoune, if you have a while
2017-05-12 14:17:33 <scadu> vim has a baggage of dead and/or deprecated code and neovim isn't any better since, well, it's based on vim
2017-05-12 14:18:57 <^7heo> tbh, I do not think kakoune is better for me either.
2017-05-12 14:24:29 <pickfire> ^7heo: Yeah.
2017-05-12 14:24:44 <pickfire> Tried kakoune, looks nice like vis but has it downfalls.
2017-05-12 14:25:19 <pickfire> ^7heo: Haha, I think vim move the cursor back by one character.
2017-05-12 14:26:06 <pickfire> I find kakoune pretty messy with whitespaces and as well get annoyed by that paperclip.
2017-05-12 14:26:15 <pickfire> neovim is still much better.
2017-05-12 14:26:20 <hiro> ed is fast
2017-05-12 14:26:36 <pickfire> Just without the features of multiple edit like in vis or kakoune.
2017-05-12 14:26:55 <pickfire> hiro: Yes, ed is fast. But not useful for all types of stuff.
2017-05-12 14:27:04 <^7heo> pickfire: yes vi does move the cursor back by one character.
2017-05-12 14:27:25 <^7heo> hiro: ed lacks the features I'm using
2017-05-12 14:27:26 <pickfire> I like ed but if you don't do line edit, no good at all.
2017-05-12 14:27:31 <^7heo> hiro: such as vim plugins.
2017-05-12 14:27:52 <hiro> i never tried such :)
2017-05-12 14:28:02 <rfs613> pickfire: yeah the way vim moves cursor back when exiting insert mode, it's weird... but when you get used to it, and it doesn't happen, it seems strange.
2017-05-12 14:28:08 <pickfire> hiro: Tried editing a long line of json that you get on web with ed.
2017-05-12 14:28:09 <hiro> for a long time i didnt even use vim, just plain old vi
2017-05-12 14:28:25 <pickfire> rfs613: Yeah.
2017-05-12 14:28:28 <hiro> people were outraged i didnt know features like line selection and stuff like that
2017-05-12 14:28:34 <hiro> v V
2017-05-12 14:28:39 <pickfire> And I like neovim ^v
2017-05-12 14:28:42 <hiro> ah visual
2017-05-12 14:28:42 <pickfire> vim*
2017-05-12 14:28:45 <rfs613> vi is something you learn over many years.
2017-05-12 14:29:03 <pickfire> hiro: What is that?
2017-05-12 14:29:12 <rfs613> you start with how-the-BLEEP-do-i-get-outta-here and then work you way up slowly ;-)
2017-05-12 14:29:14 <pickfire> You mean you can do v in ed?
2017-05-12 14:29:20 <hiro> i never edit long lines of json. if i had to i'd introduce strategic line breaks
2017-05-12 14:29:48 <^7heo> nah but for example, with vim, I can see the errors in my code as I save it.
2017-05-12 14:29:52 <hiro> rfs613: why, vi is dead simple
2017-05-12 14:29:56 <^7heo> if I forget a ; at the end of a line
2017-05-12 14:30:06 <pickfire> I just don't like the fact that neovim's gv does not work well with ^v
2017-05-12 14:30:06 <^7heo> or something like this
2017-05-12 14:30:11 <^7heo> my vim setup will tell me.
2017-05-12 14:30:28 <hiro> no, pickfire, i can't do v in vi, only in vim :)
2017-05-12 14:30:33 <pickfire> Oh
2017-05-12 14:30:53 <pickfire> hiro: If you are talking about vim, v is no surprised for me. I surprised my dad with ^v.
2017-05-12 14:31:02 <pickfire> He don't know what is } and ^v
2017-05-12 14:31:04 <hiro> ^7heo: crazy shit
2017-05-12 14:31:11 <^7heo> hiro: right?
2017-05-12 14:31:32 <^7heo> hiro: vim uses gcc to compile the code and parses its output to indicate the line and error in the editor.
2017-05-12 14:31:37 <^7heo> hiro: I actually like it.
2017-05-12 14:31:53 <hiro> haha :)
2017-05-12 14:32:24 <hiro> i dont know what ^v is :)
2017-05-12 14:32:35 <^7heo> it's visual line.
2017-05-12 14:32:40 <hiro> or do i?  might be muscle memory
2017-05-12 14:32:45 <^7heo> a selection mode to apply things on.
2017-05-12 14:32:46 <pickfire> hiro, ^7heo: Try this in vim, iMon<Enter>Tue<Enter>Wed<Enter>^vggI<p>gv$A^@
2017-05-12 14:33:17 <hiro> i'll try later when i have actual vim access :)
2017-05-12 14:33:19 <pickfire> And try gv + ^v + A again, notice that the cursor block append after the cursor.
2017-05-12 14:33:35 <pickfire> ^7heo: What? No.
2017-05-12 14:33:38 <pickfire> 22:32 < ^7heo> it's visual line.
2017-05-12 14:33:51 <pickfire> It's visual block mode. V is visual line mode.
2017-05-12 14:34:09 <^7heo> < pickfire> hiro, ^7heo: Try this in vim, iMon<Enter>Tue<Enter>Wed<Enter>^vggI<p>gv$A^@
2017-05-12 14:34:12 <^7heo> http://ix.io/tvv
2017-05-12 14:34:18 <^7heo> not really cool.
2017-05-12 14:34:36 <pickfire> Oh, I forgot he <Escape>
2017-05-12 14:34:40 <^7heo> yeah.
2017-05-12 14:34:41 <pickfire> T_T
2017-05-12 14:34:42 <^7heo> You did.
2017-05-12 14:34:45 <^7heo> ;)
2017-05-12 14:34:56 <hiro> ah yeah, i use visual block mode, too
2017-05-12 14:35:05 <^7heo> Yeah visual block is really cool
2017-05-12 14:35:10 <^7heo> helps a lot.
2017-05-12 14:35:15 <hiro> see, vim is hard, lol
2017-05-12 14:35:31 <pickfire> hiro, ^7heo: Try this in vim, iMon<Enter>Tue<Enter>Wed<Escape>gg^vGI<p>gv$A^@
2017-05-12 14:35:35 <pickfire> That should do it.
2017-05-12 14:36:09 <^7heo> Again
2017-05-12 14:36:14 <^7heo> you missed another escape...
2017-05-12 14:36:14 <hiro> ahha
2017-05-12 14:36:27 <pickfire> hiro, ^7heo: Try this in vim, iMon<Enter>Tue<Enter>Wed<Escape>gg^vGI<p><Escape>gv$A^@
2017-05-12 14:36:32 <^7heo> Thanks.
2017-05-12 14:36:40 <pickfire> ^7heo: Well, you can put the escapes yourself.
2017-05-12 14:36:43 <pickfire> ^^
2017-05-12 14:36:44 <^7heo> (I already did that but thanks for actually giving the right command)
2017-05-12 14:36:49 <^7heo> yeah no.
2017-05-12 14:36:55 <pickfire> No?
2017-05-12 14:36:58 <^7heo> I'm stupid as fuck when it's about reading commands from others.
2017-05-12 14:37:09 <^7heo> I blindly type sudo rm -rf /* in my shell at all times.
2017-05-12 14:37:26 <^7heo> pickfire: also, you want: iMon
2017-05-12 14:37:27 <pickfire> haha
2017-05-12 14:37:29 <^7heo> oops
2017-05-12 14:37:39 <pickfire> Yeah, iMon is correct.
2017-05-12 14:37:58 <pickfire> To <insert>Mon
2017-05-12 14:38:12 <hiro> but he wrote that...
2017-05-12 14:39:46 <pickfire> Well, maybe there's a more efficient way to do it, I don't know about that, but I just know that after you typed that, do gvA and look how annoying it is, it does not append after the cursor.
2017-05-12 14:40:49 <hiro> i don't get what it's supposed to achieve
2017-05-12 14:40:53 <hiro> but i'll try
2017-05-12 14:40:58 <^7heo> pickfire: also, you want: iMon^MTue^MWed^[gg^vGI<p>^[gv$A^@
2017-05-12 14:41:22 <^7heo> hiro: it's supposed to achieve <p>$day</p>
2017-05-12 14:41:35 <pickfire> hiro: http://ix.io/tvw
2017-05-12 14:41:50 <pickfire> ^7heo: Ah, that's right.
2017-05-12 14:42:18 <^7heo> pickfire: I mean that's the real input for it.
2017-05-12 14:42:30 <pickfire> ^7heo: There's no input, just output.
2017-05-12 14:42:47 <hiro> oh, i thought p was a key
2017-05-12 14:42:48 <hiro> haha
2017-05-12 14:43:21 <^7heo> yeah no, that's why it's important to use the real escape codes.
2017-05-12 14:43:33 <^7heo> the only problem then is to represent the ^ character.
2017-05-12 14:44:00 <^7heo> pickfire: yes there is an input, it's: iMon^MTue^MWed^[gg^vGI<p>^[gv$A^@
2017-05-12 14:44:50 <pickfire> Yeah.
2017-05-12 14:44:54 <pickfire> 
ACTION need to sleep

2017-05-12 14:45:05 <pickfire> Good night, sleep tight and don't let the bed bugs bite.
2017-05-12 14:45:09 <pickfire> \o
2017-05-12 14:45:48 <^7heo> also for some reason it's now doing <p><p> as opposed to <p></p>
2017-05-12 14:45:50 <hiro> night. i hope you'll find the right key combo to wake up again even if you have some emacs nightmare oO
2017-05-12 14:46:25 <pickfire> ^7heo: If you need </p>, you need to type the whole thing out.
2017-05-12 14:47:52 <^7heo> hmm
2017-05-12 14:49:10 <pickfire> ^7heo: Especially, </strong> but of course I know you can do i</^x^i^[
2017-05-12 14:49:25 <pickfire> For the completion of the inserted xml block.
2017-05-12 14:49:38 <pickfire> Or ^x^o, I forgot.
2017-05-12 14:51:14 <^7heo> I now have a headache.
2017-05-12 15:15:59 <hiro> same
2017-05-12 16:06:11 <martanne> Yes, vis does not aim to be bug-for-bug compatible with vi(m), instead it tries to combine modal editing with structural regexp. Anyway this is probably off topic here, move editor flamewars to #vis-editor.
2017-05-12 16:06:33 <martanne> For my usecase I would need Alpine packages for statically build versions of libtermkey-dev (and indirectly unibilium-dev, alternatively libtermkey could also be linked against libterminfo) and lua-lpeg.
2017-05-12 16:06:45 <martanne> I'm willing to spend some time on it myself, but somebody who is already familiar with Alpine packaging would probably be faster ;)
2017-05-12 16:25:47 <^7heo> hmm
2017-05-12 16:25:53 <^7heo> fair point
2017-05-12 16:26:13 <^7heo> I'll see if I find the time this w/e, unless someone is faster than I
2017-05-12 16:27:11 <^7heo> martanne: did I get it wrong or is there no ~/.visrc?
2017-05-12 16:31:08 <martanne> ^7heo: there is one in ~/.config/vis/visrc.lua, see the man page or ":help Lua" for details.
2017-05-12 16:52:13 <^7heo> yeah that's what I did, that's why I ask
2017-05-12 16:52:32 <Shiz> i'm having "fun" with llvm
2017-05-12 16:52:39 <Shiz> fucking tsan
2017-05-12 16:53:28 <^7heo> no idea what that is
2017-05-12 16:53:37 <Shiz> threadsanitizer
2017-05-12 16:54:47 <Shiz> also I've been trying to build libc++abi and libc++
2017-05-12 16:54:50 <Shiz> with full test suite
2017-05-12 16:54:54 <Shiz>   Expected Passes    : 5067
2017-05-12 16:54:56 <Shiz>   Expected Failures  : 27
2017-05-12 16:54:58 <Shiz>   Unsupported Tests  : 546
2017-05-12 16:55:00 <Shiz>   Unexpected Failures: 86
2017-05-12 16:55:02 <Shiz> not bad...
2017-05-12 16:55:04 <Shiz> only 86 failures out of 5067 tests
2017-05-12 16:55:07 <Shiz> :P
2017-05-12 17:01:23 <^7heo> what about unexpected passes?
2017-05-12 18:08:16 <jirutka> mosez: yeah, it’s known that texlive pkg is bad, but texlive is very big messy beast, so it’d require a lot of effort to really fix it (rewrite from ground)… I’d like to do it someday…
2017-05-12 18:08:37 <Shiz> sup jirutka :)
2017-05-12 18:11:03 <jirutka> Shiz: yes, it’s intentional that llvm4-dev does not depend on llvm4-static, for two reasons: llvm4-static is actually not always needed, and some stupid autodetections makes decision about type of linking based on existence of llvm’s static archives… but I don’t remember with which software I had this problem
2017-05-12 18:11:31 <Shiz> ah okay
2017-05-12 18:11:33 <Shiz> gotcha
2017-05-12 18:12:55 <jirutka> martanne: I totally agree with shipping Lua static modules (in -dev pkgs)! actually it’d be handy even for myself quite soon, I’m about to finish my tool for packaging Lua scripts like self-contained statically linked executable
2017-05-12 18:14:08 <jirutka> martanne: "in general Alpine's -dev packages do not ship static versions of the libraries" … that’s not exactly true, it depends, some -dev pkgs contain static libs
2017-05-12 18:17:50 <jirutka> hmm, we already have vis pkg in community, great, I’m gonna try it soon! :)
2017-05-12 18:21:26 <jirutka> martanne: so you’d like to add lpeg.a, that should not be problem… anything else?
2017-05-12 18:23:23 <martanne> jirutka: the other thing is not Lua related: libtermkey (and dependencies)
2017-05-12 18:25:15 <martanne> it can either be linked against the ncurses terminfo library (or as done in the current Alpine package against unibilium)
2017-05-12 18:31:19 <jirutka> martanne: okay, I’ll look at these two now
2017-05-12 18:31:31 <jirutka> lpeg should be easy, don’t know about libtermkey
2017-05-12 18:35:09 <martanne> thanks, it shouldn't be difficult either the lib is made up of 3 C files, but the build system uses libtool :/
2017-05-12 18:35:57 <martanne> also there have been new upstream releases (0.20 vs 0.18 currently packaged by Alpine)
2017-05-12 18:54:44 <jirutka> hm, I found a bug in Lua on musl…
2017-05-12 19:00:02 <martanne> what is the problem?
2017-05-12 19:01:26 <jirutka> os.setlocale() returns "C;C;C;C;C;C" instead of "C"
2017-05-12 19:04:57 <jirutka> hm, but it’s not bug in lua, it just calls musl’s setlocale…
2017-05-12 19:06:26 <jirutka> hm, not sure… maybe Lua calls it with wrong arguments
2017-05-12 19:07:55 <Shiz> lots of Cs
2017-05-12 19:08:18 <jirutka> heh, yeah
2017-05-12 19:08:38 <jirutka> I’m just playing with setlocale from locale.h, to see how it behaves
2017-05-12 19:10:41 <martanne> os.setlocale() in Lua results in setlocale(LC_ALL, NULL)
2017-05-12 19:12:21 <hiro> ^7heo: what is ^@?
2017-05-12 19:13:07 <martanne> This matches the Lua 5.3 documentation: "When called with nil as the first argument, this function only returns the name of the current locale for the given category.
2017-05-12 19:13:41 <hiro> i think it's not that great to try and force doing every single text-related processing in vim. i would just do
2017-05-12 19:13:42 <hiro> for day in Mon Tue Wed; do echo "<p>$day</p>";done
2017-05-12 19:14:03 <hiro> though tbh i'd just propose <pre>
2017-05-12 19:14:04 <hiro> Mon
2017-05-12 19:14:05 <hiro> Tue
2017-05-12 19:14:07 <hiro> Wed
2017-05-12 19:14:08 <hiro> </pre>
2017-05-12 19:14:23 <hiro> html is totally unneeded when what you want is just linebreaks.
2017-05-12 19:14:57 <hiro> problems that shouldn't exist but require complex features in vim and so on
2017-05-12 19:15:20 <hiro> i grew up with
2017-05-12 19:15:21 <hiro> 'v' is not implemented
2017-05-12 19:15:31 <hiro> so, i know there is alternatives
2017-05-12 19:16:09 <hiro> even if i now use visual sometimes, i would have my ways around it. and i might even suspect that it normally would save time.
2017-05-12 19:17:30 <jirutka> martanne: I know that, but setlocale("C") returns just "C" both on macOS and Fedora
2017-05-12 19:17:42 <martanne> jirutka: POSIX only says "The string returned by setlocale() is such that a subsequent call with that string and its associated category shall restore that part of the global locale."
2017-05-12 19:17:44 <jirutka> martanne: but "C;C;C;C;C;C" on musl
2017-05-12 19:18:00 <jirutka> martanne: and that’s what musl setlocale(LC_ALL, "C") returns
2017-05-12 19:18:19 <jirutka> LC_ALL = 6
2017-05-12 19:19:38 <martanne> yeah, but if I'm reading the spec right the musl behavior is fine (according to POSIX)
2017-05-12 19:20:15 <jirutka> yes, that’s my perception too
2017-05-12 19:20:38 <jirutka> I’m thinking how to modify it in lua to return the same value as on other platforms
2017-05-12 19:21:12 <jirutka> actually when I read description of LC_ALL, the musl’s behaviour seems to be more correct
2017-05-12 19:21:32 <jirutka> (that’s actually not surprising)
2017-05-12 19:24:59 <jirutka> hm, glibc says: "When you read the current locale for category LC_ALL, the value encodes the entire combination of selected locales for all categories. If you specify the same “locale name” with LC_ALL in a subsequent call to setlocale, it restores the same combination of locale selections."
2017-05-12 19:26:12 <martanne> maybe it folds "C;C;C;C;C;C" into "C" (as long as all values are the same)
2017-05-12 19:26:59 <jirutka> yes
2017-05-12 19:27:53 <jirutka> when I change just ctype for example, then on Fedora os.setlocale() returns LC_CTYPE=en_US.UTF-8;LC_NUMERIC=C;…
2017-05-12 19:29:01 <jirutka> lol
2017-05-12 19:29:03 <^7heo> hiro: 0x1e
2017-05-12 19:29:09 <jirutka> when I do the same on macOS: C/en_US.UTF-8/C/C/C/C
2017-05-12 19:30:00 <jirutka> on Alpine: en_US.UTF-8;C;C;C;C;C
2017-05-12 19:30:22 <martanne> yeah, I guess these locale representations are implementation defined. You shouldn't care about the exact values.
2017-05-12 19:30:30 <jirutka> yeah
2017-05-12 19:31:04 <jirutka> but one lpeg test asserts the exact value, that’s how i found that there’s something wrong/different
2017-05-12 19:31:24 <martanne> then fix the test :)
2017-05-12 19:31:50 <hiro> ^7heo: how do i type it?
2017-05-12 19:32:16 <^7heo> ctrl and @
2017-05-12 19:32:27 <^7heo> on a us kb, ctrl shift 2
2017-05-12 19:32:42 <jirutka> I think that it’d be reasonable to modify loslib.c in lua to fold it into single value when all special locales are the same, ’cause that’s what both macOS/FreeBSD and glibc do
2017-05-12 19:33:32 <hiro> ^7heo: ah, i can't type that
2017-05-12 19:33:34 <hiro> ^7heo: on urxvt
2017-05-12 19:33:39 <jirutka> can someone try this on OpenBSD? #include locale.h; setlocale(LC_ALL, "C"); printf(setlocale(LC_ALL, ""));
2017-05-12 19:34:00 <martanne> jirutka: patching Lua seems wrong, if anything you should probably modify musl
2017-05-12 19:34:02 <hiro> iso 14755 mode is triggered by ctrl-shift
2017-05-12 19:34:21 <hiro> i always thought ^@ is \0
2017-05-12 19:34:27 <hiro> but that made no sense
2017-05-12 19:34:33 <hiro> what effect does it have here anyway?
2017-05-12 19:37:59 <jirutka> martanne: I doubt that musl would accept such patch, their implementation is not wrong, just different
2017-05-12 19:40:56 <martanne> yeah, but why "fix" it only in Lua vs everywhere? Lua doesn't guarantee a particular value either, so the current behavior seems fine.
2017-05-12 19:41:15 <jirutka> hm, you’re right
2017-05-12 19:41:25 <Shiz> should be fixed in lpeg
2017-05-12 19:43:00 <jirutka> you mean in the test?
2017-05-12 19:43:42 <Shiz> yeah
2017-05-12 19:48:46 <martanne> jirutka: just change it to assert(os.setlocale("C"))
2017-05-12 20:00:18 <jirutka> martanne: Shiz: does this makes sense? http://tpaste.us/Yner
2017-05-12 20:01:02 <Shiz> i'd add a $(RANLIB) maybe
2017-05-12 20:02:42 <jirutka> Shiz: RANLIB is not defined by default, so I’d need assign default value to it as well
2017-05-12 20:02:48 <Shiz> yea
2017-05-12 20:03:11 <jirutka> okay
2017-05-12 20:03:37 <jirutka> aha, actually this makefiles defines even CC (actually hardcodes, env. provided is ignored)
2017-05-12 20:03:51 <Shiz> does it?
2017-05-12 20:03:58 <Shiz> e.g. CC = gcc is not a hardcode
2017-05-12 20:04:00 <Shiz> :P
2017-05-12 20:04:24 <jirutka> not? I thought that `CC ?= gcc` is needed to make it overridable
2017-05-12 20:04:41 <Shiz> nope
2017-05-12 20:04:43 <Shiz> :)
2017-05-12 20:04:47 <Shiz> ?= takes it from the environment
2017-05-12 20:04:49 <Shiz> but
2017-05-12 20:04:55 <Shiz> e.g. make CC=gcc even overrides normal assignments
2017-05-12 20:05:04 <Shiz> (as opposed to CC=gcc make, which puts it into the env)
2017-05-12 20:06:14 <jirutka> aha
2017-05-12 20:06:37 <jirutka> so basically you can override any variable defined in Makefile?
2017-05-12 20:08:20 <skarnet> yes, if you declare them as make variables, not env variables
2017-05-12 20:08:31 <skarnet> make CC=gcc -> CC is a make variable
2017-05-12 20:08:50 <skarnet> CC=gcc make -> CC is an env variable which will be overridden by make variables
2017-05-12 20:09:22 <skarnet> it's more complex than it needs to be, and it takes some getting used to, but it kinda makes sense and can be worked with.
2017-05-12 20:09:56 <kaniini_> coredumb: the CoC proposal is largely to prevent some outsider from showing up and shoving some less desirable CoC on us
2017-05-12 20:11:55 <coredumb> kaniini_: just so that it's clear to me, what kind of outsiders are we talking about?
2017-05-12 20:12:08 <jirutka> coredumb: do you need an example?
2017-05-12 20:12:24 <jirutka> coredumb: https://bugs.ruby-lang.org/issues/12004
2017-05-12 20:13:48 <coredumb> jirutka: ok
2017-05-12 20:14:28 <kaniini_> that particular outsider seems unlikely to show up
2017-05-12 20:14:37 <coredumb> indeed
2017-05-12 20:14:42 <jirutka> for me this is the main reason why I’ve agreed with this CoC effort, to avoid similar situation as in Ruby and many other OSS projects where someone as Coraline came, started enormous shitstorm and basically *forced* her CoC to the community
2017-05-12 20:15:06 <kaniini_> coredumb: essentially, we are just defining pre-existing policy as a formality, there's nothing to be concerned about
2017-05-12 20:15:07 <coredumb> I'm sure you have someone in mind .... amm I wrong?
2017-05-12 20:15:24 <kaniini_> no, it is just a precautionary measure for a few reasons
2017-05-12 20:15:42 <coredumb> ok
2017-05-12 20:15:59 <kaniini_> 1) to encourage trolls to go do their CoC troll somewhere else
2017-05-12 20:16:16 <kaniini_> 2) to define specifically what is already disallowed in our communication fora
2017-05-12 20:16:55 <kaniini_> 3) since it's in writing, anyone we delegate moderator privileges too will know as some kind of guideline what is acceptable or not
2017-05-12 20:19:00 <coredumb> ok makes sense
2017-05-12 20:31:06 <Shiz> 1) still seems needlessly paranoid to me, but whatever
2017-05-12 20:36:50 <TemptorSent> Hmm, do we have Ada packaged anywhere?
2017-05-12 20:38:08 <jirutka> Ada? I’m not sure, maybe in Museum of programming languages? :)
2017-05-12 20:39:02 <TemptorSent> Yeah, or anything that requires safety verification.
2017-05-12 20:39:51 <jirutka> Ada programs are mathematically verificable for coretness?
2017-05-12 20:40:01 <TemptorSent> Yup.
2017-05-12 20:40:05 <jirutka> hmm, interesting
2017-05-12 20:40:07 <jirutka> didn’t know that
2017-05-12 20:40:35 <TemptorSent> Milspec/spacecraft computers use it.
2017-05-12 20:41:43 <jirutka> isn’t there any newer lang that can be verificable and there’s tool for that?
2017-05-12 20:42:07 <TemptorSent> Not that I'm aware off off hand with certified commercial compilers.
2017-05-12 20:42:45 <kaniini_> yes, we do have Ada packaged.
2017-05-12 20:43:05 <kaniini_> gcc-gnat will pull in all ada stuff
2017-05-12 20:43:30 <TemptorSent> Thank you kaniini_!
2017-05-12 20:43:51 <jirutka> Ada first appeared in 1980… I’ve confused it with some other lang, this is much younger than I expected
2017-05-12 20:44:15 <jirutka> last stable release 2016
2017-05-12 20:44:23 <jirutka> looks pretty alive
2017-05-12 20:44:35 <TemptorSent> Yes, latest language rev 2012
2017-05-12 20:44:55 <TemptorSent> jirutka are you thinking ALGOL?
2017-05-12 20:45:10 <TemptorSent> Or PL/1?
2017-05-12 20:45:44 <jirutka> yes, ALGOL
2017-05-12 20:46:39 <TemptorSent> Ah, yeah - haven't seen ALGOL around much lately. PROLOG is still kicking though I think.
2017-05-12 20:47:27 <jirutka> Ada is for embedded RT systems, hmm
2017-05-12 20:48:23 <jirutka> Ada looks surprisingly innovative for its age
2017-05-12 20:48:47 <jirutka> shame on me that I didn’t know about it
2017-05-12 20:49:28 <TBB> also used in the defense industry if I'm not mistaken
2017-05-12 20:54:49 <TemptorSent> Yes TBB - defense, aerospace, aviation, medical, nukes - anywhere you need real guarentees about behavior and failure modes.
2017-05-12 20:56:05 <kaniini_> pls do not use alpine in a nuclear bomb ;/
2017-05-12 20:56:52 <arch3y_> question does musl support libintl.h
2017-05-12 20:56:58 <TemptorSent> kaniini_: I was referring to power plants, but the point stands -- Linux has no place in critical systems.
2017-05-12 20:57:22 <Shiz> maybe we need to attach an itunes-like disclaimer to alpine
2017-05-12 20:57:27 <Shiz> not to use it for nuclear weapons
2017-05-12 20:57:50 <kaniini> something something imagine dragons - radioactive
2017-05-12 20:57:54 <TBB> oh damn
2017-05-12 20:57:58 <TBB> 
ACTION cancels his project

2017-05-12 20:58:24 <jirutka> arch3y_: it’s provided by gettext-dev…
2017-05-12 20:58:35 <arch3y_> thanks
2017-05-12 20:59:01 <TemptorSent> *lol* - But in all seriousness, any RT-Critical system should NOT be implemented on top of linux.
2017-05-12 21:00:22 <kaniini> what about IoT dildos
2017-05-12 21:00:55 <TemptorSent> Alpine is nice for servers or non-critical embedded use, but shouldn't even be considered for things such as driverless cars, human-interacting robotics, or anything that is inherently dangerous.
2017-05-12 21:01:30 <TemptorSent> kaniini: Hmm, not sure on those ;)
2017-05-12 21:02:02 <kaniini> it may alarm you to find out that the google self driving car runs on linux
2017-05-12 21:02:31 <jirutka> TemptorSent: indeed, but there are still a lot of idiots who build something that really needs RT system on top of vanilla Linux :(
2017-05-12 21:02:50 <TemptorSent> Yes, I do find all such systems distrubing since I know how they fail.
2017-05-12 21:03:19 <kaniini> what about linux-rt
2017-05-12 21:03:31 <TemptorSent> jirutka: Realistically, the RT components should be running on a dedicated RT kernel and hardware with proper watchdogs.
2017-05-12 21:03:38 <jirutka> TemptorSent: and I wouldn’t be surprised at all if some cars have critical driving systems directly connected with entertainment system written in JavaScript… :(
2017-05-12 21:04:27 <TemptorSent> linux-rt is not a true RT solution -- you can't control interrupts nearly fine-grained enough to make a safety-critical system.
2017-05-12 21:04:57 <jirutka> kaniini: linux-rt is better than vanilla, but still quite bad for RT, at least based on what I heard from one engineer at CTU who teach RT systems
2017-05-12 21:05:03 <TemptorSent> Yeah, the more I see of integrated automotive technology, the more I run screaming the other way.
2017-05-12 21:05:38 <TemptorSent> linux-rt basically gives you the ability to set bounded latency -- but that's about all.
2017-05-12 21:06:06 <TemptorSent> Nothing in the kernel is designed with RT operation in mind.
2017-05-12 21:06:08 <jirutka> one company I’d rather not name really wanted to implement some part of entertaiment system to car in Dart!
2017-05-12 21:06:11 <arch3y_> it seems that musl is helping ppl clean up their code and fix weird things
2017-05-12 21:06:40 <TemptorSent> arch3y_: Making things actually portable tends to do that :)
2017-05-12 21:06:49 <jirutka> arch3y_: yes, that was basically one of the main messages in ncopa’s talk on FOSDEM :)
2017-05-12 21:06:57 <Shiz> car entertainment systems are not a problem lol
2017-05-12 21:07:00 <Shiz> they have no hard-rt requirements
2017-05-12 21:07:16 <Shiz> but yeah, linux for hard-rt is a no-no
2017-05-12 21:07:20 <jirutka> Shiz: the problem is that these systems are often not properly isolated from critical systems!
2017-05-12 21:07:32 <Shiz> jirutka: sure, but that's not what TemptorSent is talking about
2017-05-12 21:07:33 <arch3y_> yeah its kind of nice I dont know much about C but it seems to be fixing alot of bad habits in code
2017-05-12 21:07:36 <TemptorSent> Spamming a shared canbus is BAD.
2017-05-12 21:07:42 <Shiz> hard-rt doesn't spread across communication buses :p
2017-05-12 21:07:50 <Shiz> entertainment systems just need to be secure, not hard-rt
2017-05-12 21:07:58 <Shiz> (and there alpine could help... if you wanted to go for linux)
2017-05-12 21:08:10 <Shiz> (help, it is not a total solution of course)
2017-05-12 21:08:54 <TemptorSent> Shiz: When the entertanment system is using the same canbus as the vehicle control system, bad RT behavior on the entertainment device CAN cause serious issues on the control side.
2017-05-12 21:09:15 <kaniini_> Shiz: funny you should mention that, the radio in my car infact does seem to run both alpine *and* docker
2017-05-12 21:09:17 <kaniini_> :|
2017-05-12 21:09:21 <Shiz> hah
2017-05-12 21:09:27 <TemptorSent> Nice kaniini_!
2017-05-12 21:10:01 <kaniini_> it also boots off an SD card
2017-05-12 21:10:06 <kaniini_> that is inside it
2017-05-12 21:10:10 <kaniini_> instead of having proper flash
2017-05-12 21:10:15 <kaniini_> good work General Motoros
2017-05-12 21:10:18 <kaniini_> Motors*
2017-05-12 21:10:21 <kaniini_> 
ACTION thumbs up

2017-05-12 21:10:54 <jirutka> kaniini_: Docker in car?! WHAT THE HELL?
2017-05-12 21:11:07 <kaniini_> jirutka: indeed, it's in the legal notices
2017-05-12 21:11:10 <jirutka> kaniini_: you must be kidding
2017-05-12 21:11:12 <Shiz> soon: docker in your ship
2017-05-12 21:11:14 <Shiz> ... wait
2017-05-12 21:11:22 <kaniini_> jirutka: i guess each 'app' runs in its own docker container
2017-05-12 21:11:26 <TemptorSent> Shiz: CAN-bus is explicitly designed to support hard RT usage, and often serves to replace RS-485 or SPI/I2C links.
2017-05-12 21:11:28 <jirutka> kaniini_: OMFG, I don’t wanna live on this fucking insane planet anymore
2017-05-12 21:11:36 <Shiz> TemptorSent: okay that's fair
2017-05-12 21:11:42 <Shiz> jirutka: hey, at least it has isolation
2017-05-12 21:11:47 <kaniini_> GM does not use CAN anymore
2017-05-12 21:11:50 <kaniini_> it uses ethernet
2017-05-12 21:11:52 <kaniini_> true story
2017-05-12 21:11:53 <jirutka> Shiz: you mean “isolation”?
2017-05-12 21:11:55 <Shiz> your entertainment system is 99% likely to use linux anyway
2017-05-12 21:12:06 <Shiz> might as well put SOME effort into isolating stuff
2017-05-12 21:12:11 <Shiz> jirutka: userns is better than nothing
2017-05-12 21:12:12 <Shiz> ;p
2017-05-12 21:12:29 <jirutka> this world is insane
2017-05-12 21:13:00 <TemptorSent> kaniini_: Is it "ethernet" or "EtherNet" (two VERY different things)
2017-05-12 21:14:08 <kaniini_> TemptorSent: ethernet
2017-05-12 21:14:22 <TemptorSent> kaniini_: Any idea of what protocol stack?
2017-05-12 21:14:29 <kaniini_> TemptorSent: IP
2017-05-12 21:14:43 <TemptorSent> Hmm, that's odd.
2017-05-12 21:15:03 <kaniini_> TemptorSent: yes, my GM death trap is running it's own IP network, and the OnStar (GM IoT platform) module serves as the router and switch
2017-05-12 21:15:05 <TemptorSent> That doesn't qualify for hard-rt.
2017-05-12 21:15:24 <kaniini_> TemptorSent: it is not twisted-pair cabling, just the ethernet signalling itself, to be clear
2017-05-12 21:15:36 <kaniini_> TemptorSent: send all blame to broadcom
2017-05-12 21:15:46 <TemptorSent> Ahh, that module must provide the interfacing to the vehicle control systems.
2017-05-12 21:16:18 <TemptorSent> Yeah, ethernet with no PHY is common in such applicaitons.
2017-05-12 21:17:57 <Shiz> entirely unrelatedly
2017-05-12 21:18:14 <Shiz> thing i want to work on post-3.6: seeing how viable using clang as a system compiler is
2017-05-12 21:18:18 <Shiz> including hardening
2017-05-12 21:18:38 <kaniini_> yes, absolutely
2017-05-12 21:18:43 <TemptorSent> That would be nice Shiz.
2017-05-12 21:25:30 <TemptorSent> Holy crap - gnat is pulling in 62 new packages?!?
2017-05-12 21:27:15 <kaniini_> ada is serious business
2017-05-12 21:28:10 <TemptorSent> Hmm, broke on first try, then started with 'apk update --available', which seems to be pulling in a bunch of unrelated stuff.
2017-05-12 21:28:36 <TemptorSent> tiff, freetype, etc.
2017-05-12 21:32:05 <kaniini_> yes, --available means upgrade the distribution :P
2017-05-12 21:41:40 <awilfox> isn't it basically the equivalent to dist-upgade?
2017-05-12 21:42:31 <TemptorSent> Bloody hell, kernel is still eating itself on upgrade :/
2017-05-12 21:42:58 <Shiz> awilfox: sorta
2017-05-12 21:43:02 <kaniini_> what is in your /etc/apk/world
2017-05-12 21:43:03 <TemptorSent> depmod is trying to run against `uname -r` rather than the newly installed kernel.
2017-05-12 21:43:11 <kaniini_> oic
2017-05-12 21:43:20 <Shiz> on a technical level, it changes apk behavior to prefer upgrading versioned dependencies rather than holding them at the same version
2017-05-12 21:43:31 <Shiz> e.g. if clang depends on llvm=4.0.0, it would normally hold it
2017-05-12 21:43:33 <Shiz> err
2017-05-12 21:43:35 <Shiz> >=4.0.0
2017-05-12 21:43:39 <Shiz> even if a newer verison is available
2017-05-12 21:43:42 <Shiz> if i understand it correctly
2017-05-12 21:43:50 <TemptorSent> That appears to be correct.
2017-05-12 21:44:20 <awilfox> ah.
2017-05-12 21:44:39 <TemptorSent> kaniini - see 'kmod-23-r1.trigger' for the fubared depmod it looks like.
2017-05-12 21:45:28 <TemptorSent> I have modules now, but they're not being properly handled by the script.
2017-05-12 21:46:00 <jirutka> omfg, in #opensmtpd are really idiots
2017-05-12 21:46:38 <jirutka> I don’t have any patience for this
2017-05-12 21:46:48 <jirutka> this level of arrogant stupidity
2017-05-12 21:47:03 <kaniini_> you had higher expectations for the openbsd crowd ?
2017-05-12 21:47:08 <TemptorSent> So, what calls kmod.trigger?
2017-05-12 21:47:13 <jirutka> kaniini_: yes
2017-05-12 21:47:29 <kaniini_> they are "we are always right" blowhards, any email thread involving them would tell you this ;)
2017-05-12 21:47:37 <jirutka> kaniini_: aha :(
2017-05-12 21:48:22 <jirutka> I should consider switching back to Postfix
2017-05-12 21:48:24 <Shiz> i uhm
2017-05-12 21:48:29 <Shiz> kind of am on their side on this one
2017-05-12 21:48:36 <Shiz> no offense but you were kind of acting like a dick
2017-05-12 21:48:39 <jirutka> Shiz: have you read the recent conversation? full of it?
2017-05-12 21:48:44 <Shiz> i've read the entirety, yes
2017-05-12 21:49:19 <jirutka> Shiz: sorry, but I’ve reported them problem in the documentation, explained million times why it’s a problem and posted patch that actually fixes the primary problem (duplicated information)
2017-05-12 21:49:38 <jirutka> and they asked me to write a proper FAQ page for them… like it has anything in common
2017-05-12 21:49:48 <jirutka> this is totally different issue
2017-05-12 21:50:10 <jirutka> and then he asked to just updated the outdated info, so he apparently still don’t understand the problem of duplicated source of truth
2017-05-12 21:50:24 <jirutka> sorry, but this is idiocy
2017-05-12 21:50:26 <Shiz> or, from their side: you come in ranting angrily about a fault in a page and then submit a diff to remove all of it
2017-05-12 21:50:32 <Shiz> i can understand why they'd be wary
2017-05-12 21:50:38 <Shiz> you were kinda aggressive during your whole interaction
2017-05-12 21:50:47 <jirutka> Shiz: yes, b/c removing this page is the only proper solution of this exact problem
2017-05-12 21:50:56 <jirutka> Shiz: writing proper replacement is different issue
2017-05-12 21:51:11 <Shiz> i guess they don't want to throw out the baby with the bathwater
2017-05-12 21:51:21 <jirutka> Shiz: and yes, I agree that my introduction was bad, but I think that i’ve explained why I acted like that
2017-05-12 21:51:28 <Shiz> jirutka: right, but there's the thing
2017-05-12 21:51:32 <jirutka> anywyay, I’ve reported them problem, they don’t give a fuck
2017-05-12 21:51:35 <Shiz> you explained but never apologized (that i saw of)
2017-05-12 21:51:42 <Shiz> and you continued being pretty aggressive :p
2017-05-12 21:51:49 <Shiz> i'm not saying you're not right on a technical level btw
2017-05-12 21:51:57 <Shiz> i'm just saying i can see why they'd be kinda wary
2017-05-12 21:52:02 <jirutka> does it even matter? it doesn’t look like he really understand what the fuck is the real problem here
2017-05-12 21:52:28 <jirutka> and yes, his reactions made me very upset, so at the end I was very aggressive
2017-05-12 21:52:49 <jirutka> b/c I can’t understand how can be anyone so stupid/arrogant/whatever
2017-05-12 21:53:53 <jirutka> it’s so simple issue, not anything you need doctorate from users psychology etc.
2017-05-12 21:54:47 <jirutka> but what the heck I’ve expected from people who has web like this https://opensmtpd.org/ and soure code in CVS…
2017-05-12 21:56:09 <scadu> jirutka: https://www.youtube.com/watch?v=OdIJ2x3nxzQ :)
2017-05-12 21:56:33 <jirutka> and I even wasted like a half hour trying to find the best approach how to semantically encode into HTML page that it’s replaced by some other page, without need to add HTTP 301 to web server; so I eventually just added meta for robots to not index that page
2017-05-12 21:56:38 <scadu> jirutka: chill, there is no sense to get so angry
2017-05-12 21:58:53 <jirutka> and now I’m trying to understand this stupidity of crappy libtool http://stackoverflow.com/a/16070483/2217862
2017-05-12 21:59:11 <jirutka> "you MUST specify SOME sort of an argument (LINK-COMMAND) referring to a tool; BUT that LINK-COMMAND argument doesn't even need to exist as a real program"
2017-05-12 21:59:16 <scadu> welp, I received a call 5 minutes before ending my shift that something does not work
2017-05-12 21:59:18 <scadu> fun fun
2017-05-12 21:59:29 <Shiz> :(
2017-05-12 21:59:29 <scadu> jirutka: open the yt url linked :P
2017-05-12 22:01:40 <TemptorSent> jirutka: Is it just using it as a placeholder name?
2017-05-12 22:01:53 <jirutka> TemptorSent: probably
2017-05-12 22:02:09 <awilfox> dunno the convo here but it sounds like you are being "we are always right" back at them :p
2017-05-12 22:02:10 <TemptorSent> "build-my-whatever"
2017-05-12 22:02:28 <awilfox> and when two conflicting opinions both come from "we are always right" people...
2017-05-12 22:02:30 <awilfox> lol
2017-05-12 22:02:38 <jirutka> ar: `u' modifier ignored since `D' is the default (see `U') o.O
2017-05-12 22:02:49 <Shiz> jirutka: i've seen that one around
2017-05-12 22:02:51 <Shiz> you can ignore it afaik
2017-05-12 22:04:19 <TemptorSent> Hmm, yeah 'u' only works if timestamps are non-zero.
2017-05-12 22:05:31 <jirutka> yeah, it looks that it produces the same result as when i run ar manually, so it should be hopefully okay
2017-05-12 22:18:53 <jirutka> martanne: FYI, there’s now lua-lpeg-dev with lpeg.a for Lua 5.[123] and libtermkey-dev with added libtermkey.a in edge
2017-05-12 22:20:14 <Shiz> hmm
2017-05-12 22:20:31 <Shiz> looks like a grsecurity stting is blocking people from running glx-accelerated stuff as non-root
2017-05-12 22:21:14 <TBB> what setting causes that?
2017-05-12 22:21:28 <Shiz> GRKERNSEC_SYSFS_RESTRICT
2017-05-12 22:21:39 <Shiz> libdrm can't read the relevant entries in /sys and thus fails to identify the card
2017-05-12 22:22:44 <jirutka> Shiz: this is problem even for LXC when you want to use userns https://github.com/lxc/lxc/issues/296#issuecomment-234708658
2017-05-12 22:23:00 <jirutka> Shiz: so I’d suggest to disable it in our grsec kernel
2017-05-12 22:23:27 <Shiz> i wish it could be enabled with a sysfs toggle
2017-05-12 22:23:29 <Shiz> :P
2017-05-12 22:23:50 <TBB> that's what I've been seeing suggest as a solution: disable it and if you require restrictions then write a policy
2017-05-12 22:23:58 <TBB> suggested*
2017-05-12 22:27:22 <TBB> interestingly enough you just solved some of my scheduling problems for the weekend jirutka; I was supposed to try some of those namespace tools like firejail with a grsec enabled system; looks I won't have to if it's problematic :)
2017-05-12 22:28:21 <jirutka> TBB: this should not discourage you, I run LXC on grsec kernel without any problem, just some grsec features must be disabled, like this one
2017-05-12 22:29:05 <jirutka> TBB: my personal notes about grsec for installing LXC on Gentoo, few years old, so not sure if still relevant https://dpaste.de/iNk0
2017-05-12 22:30:27 <arch3y_> is there a way with apk to tell which pkg provides a fil
2017-05-12 22:30:42 <arch3y_> or is it best to just read the file listing on the pkgs sit
2017-05-12 22:32:19 <jirutka> arch3y_: currently it’s not
2017-05-12 22:32:30 <jirutka> arch3y_: it’s planned feature for next gen of apk
2017-05-12 22:33:28 <arch3y_> jirutka: ok thanks for the info
2017-05-12 22:36:29 <TemptorSent> Yeah, we need package manifests to support that ability easily.
2017-05-12 22:36:47 <arch3y_> something like the files tarball in arch
2017-05-12 22:36:51 <k63ZXXguczqE> TBB firejail + grsec + firefox works nicely here
2017-05-12 22:37:06 <k63ZXXguczqE> even with a dedicated firefox user
2017-05-12 22:37:09 <arch3y_> I know its a bad word but itd be nice to pull down those manifests and run a command to search
2017-05-12 22:37:10 <TBB> oh cool!
2017-05-12 22:37:12 <TemptorSent> arch3y_: Ideally, something more complete and useful.
2017-05-12 22:37:25 <arch3y_> rightfully so
2017-05-12 22:37:48 <arch3y_> you guys are the experts I just use the things
2017-05-12 22:38:01 <TemptorSent> arch3y_: I'm working on a suite that handles manifests, indexes, and dep-chains.
2017-05-12 22:38:06 <TBB> I find it a fascinating idea to do some ostree + firejail + appimage magic for fun
2017-05-12 22:38:08 <k63ZXXguczqE> but i don't run any webgl stuff
2017-05-12 22:38:23 <TBB> and this is encouraging :)
2017-05-12 22:38:34 <arch3y_> nice  I can see there are some interesting advantages built into abuild Im enjoying pkging software
2017-05-12 22:38:36 <arch3y_> for apline
2017-05-12 22:39:08 <TemptorSent> arch3y_: Combined, that allows determining the deps directly for any particular individual file, both by file and by package.
2017-05-12 22:39:20 <martanne> jirutka: thanks, I will check it out later.
2017-05-12 22:40:13 <TemptorSent> It could even allow us to do something like 'alien' packaging without a lot of work.
2017-05-12 22:48:12 <TemptorSent> kaniini - When you have a moment, I'd like to discuss a couple of general purpose tools for alpine, namely a manifest/index tool, a dep-solver, and a pax archiver.
2017-05-12 22:51:18 <TemptorSent> Those tools could be the guts of apk 3, as well as being useful independently. A minimal graph-structured database would round out the features.
2017-05-12 22:55:26 <TemptorSent> I don't want to start hacking on any of that in C (or other language?) until some significant discussions have taken place, but I'd like to start working that direction.
2017-05-12 22:58:12 <martanne> jirutka: could you also add a static version of unibilium? The termkey.pc file should probably reference it. Thanks again, I'm off to bed for now.
2017-05-12 23:01:11 <TemptorSent> Has anyone figured out how to package cmucl?
2017-05-12 23:05:40 <TemptorSent> Bloody bootstrap chicken and egg problem :/
2017-05-12 23:08:21 <Shiz> kaniini: ncopa: https://github.com/Shizmob/grsecurity-research
2017-05-12 23:08:36 <Shiz> publicized my repo about splitting up grsec in order to understand it more properly
2017-05-12 23:08:51 <Shiz> might be relevant to our 3.6 maintenance plans
2017-05-12 23:10:58 <TemptorSent> 7.13 MB in UNSPLIT? Ouch!
2017-05-12 23:11:23 <Shiz> down from... more than that
2017-05-12 23:11:45 <TemptorSent> Yeah, what a mess!
2017-05-12 23:13:19 <TemptorSent> A lot of function prototype changes too, which means the propagate through the entire codebase.
2017-05-12 23:14:06 <TemptorSent> UDREF isn't exactly small.
2017-05-12 23:14:46 <Shiz> uderef also isn't nearly done being split up
2017-05-12 23:15:09 <Shiz> i haven't split out the x86 code yet for instance
2017-05-12 23:15:13 <Shiz> which is by far the biggest  chunk
2017-05-12 23:15:16 <Shiz> (and the most invasive)
2017-05-12 23:16:16 <TemptorSent> Yeah, that looks like much of the changeset. A lot of auditing needed, some of the code looks potentially fragile and probably needs to ifdefed.
2017-05-12 23:16:59 <TemptorSent> Oh, that asm trick is fugly tool
2017-05-12 23:17:25 <Shiz> ?
2017-05-12 23:18:13 <TemptorSent> It appears to be relying on the integer length (rather than the previous long or size_t) for partitioning the memory space.
2017-05-12 23:18:30 <Shiz> where?
2017-05-12 23:19:12 <jirutka> does anyone know how (and if) should be static library (.a) properly recoded in pkgconfig (.pc) file?
2017-05-12 23:22:22 <TemptorSent> Shiz - trying to track down what's going on, it may be the semantics changed as well.
2017-05-12 23:25:53 <TemptorSent> Ahh, okay - it looks like it's related to contstifying, and the pointer changed to a struct, so the index makes sense I guess.
2017-05-12 23:26:38 <TemptorSent> explicit use of u64 in place of several of the size_t and ptr types as well.
2017-05-12 23:28:28 <TemptorSent> But here's one I don't know if I trust: drivers/gpu/drm/radeon/mkregtable.c @@ -624,14, +624,14 @@
2017-05-12 23:29:02 <TemptorSent> -size_t end; / +long end;
2017-05-12 23:32:35 <TemptorSent> jirutka - kaniini would be the one to ask.
2017-05-12 23:33:11 <kaniini> jirutka: direct path to the .a, and only put it in libs.private
2017-05-12 23:33:19 <kaniini> ideally
2017-05-12 23:33:40 <kaniini> in reality you probabyl dont want to do that
2017-05-12 23:33:46 <jirutka> kaniini: relative path, e.g. libs.private: libfoo.a ?
2017-05-12 23:33:51 <kaniini> no
2017-05-12 23:33:57 <kaniini> you want
2017-05-12 23:34:06 <kaniini> Libs.private: -L/path/to/libfoo -lfoo
2017-05-12 23:34:17 <kaniini> well
2017-05-12 23:34:19 <kaniini> it depends
2017-05-12 23:34:22 <kaniini> what exactly is the .a
2017-05-12 23:34:33 <kaniini> can it be used with .so files?
2017-05-12 23:34:34 <kaniini> etc
2017-05-12 23:34:36 <jirutka> okay, I’ll wait for martanne if he actually really need it
2017-05-12 23:40:40 <kaniini> i've spent the past 2 hours trying to make virt-install work
2017-05-12 23:40:40 <kaniini> then i remembered, red hat makes systemd
2017-05-12 23:40:48 <kaniini> and i realized quickly that this was a fool's errand
2017-05-12 23:40:49 <TemptorSent> *lol*
2017-05-12 23:42:22 <jirutka> heh "The intention is not to be bug for bug compatible with vi(m)" :)
2017-05-12 23:42:43 <jirutka> but-to-bug compatibility, I must remember this :)
2017-05-12 23:43:09 <kaniini> it does weird shit with lvm
2017-05-12 23:43:19 <awilfox> virt-install works fine on not-systemd
2017-05-12 23:43:45 <awilfox> I don't use it any more though, because I switched from xm to xl
2017-05-12 23:43:52 <awilfox> and virt-install does some weird stuff with xl
2017-05-12 23:43:59 <kaniini> awilfox: it's because of lvm
2017-05-12 23:44:04 <awilfox> oh.
2017-05-12 23:44:12 <kaniini> it is trying to do things with lvm that i do not want it to do
2017-05-12 23:44:17 <kaniini> and then failing
2017-05-12 23:44:38 <kaniini> some weird bullshit involving snapshots
2017-05-12 23:44:47 <kaniini> and then it tries to swap out for a snapshot
2017-05-12 23:44:48 <kaniini> or something
2017-05-12 23:45:07 <kaniini> i don't think virt-install actually works with libvirt-managed LVM pools
2017-05-12 23:45:45 <kaniini> all i know is.
2017-05-12 23:45:49 <kaniini> when i did it by hand, it works fine
2017-05-12 23:45:50 <kaniini> :D
2017-05-12 23:46:02 <jirutka> do you really need virt-install or libvirt? isn’t https://github.com/jirutka/qemu-openrc sufficient? ;)
2017-05-12 23:46:04 <kaniini> and libvirt is kind of a piece of junk anyway
2017-05-12 23:46:28 <kaniini> jirutka: actually i do need some sort of management layer because we have literally 1000s of VMs
2017-05-12 23:46:36 <jirutka> kaniini: aha, understand
2017-05-12 23:46:42 <kaniini> i will just make something myself
2017-05-12 23:46:46 <kaniini> this libvirt is too bullshit
2017-05-12 23:46:50 <jirutka> agree
2017-05-12 23:47:06 <jirutka> libvirtd is horrible piece of shit
2017-05-12 23:47:30 <kaniini> some sort of MQTT thing i guess i will make
2017-05-12 23:47:38 <kaniini> and then an agent that subscribes to MQTT topics
2017-05-12 23:47:44 <kaniini> and acts on them
2017-05-12 23:48:24 <awilfox> making a better libvirt+friends was on my todo list but then everyone started dissing xen (this was around 4.0 - 4.1 era) and when I would look up stuff it would all say "no, use kvm instead" so I gave up \o/
2017-05-12 23:48:46 <jirutka> kaniini: please get me informed about progress, I’d like to try that tool! :)
2017-05-12 23:49:03 <skarnet> I've had a distant eye on those things too, and never did anything for the same reason as awilfox
2017-05-12 23:49:12 <awilfox> yeah, something nicer than `xl ...` would be fantastic
2017-05-12 23:49:25 <awilfox> I could likely source a c2q or such for testing it
2017-05-12 23:51:41 <jirutka> vis looks really interesting, I’ll try to use it for some time
2017-05-12 23:51:56 <awilfox> also, fwiw, I have not even touched qemu in some years, except for some limited FreeBSD testing; I use xen pv for everything
2017-05-12 23:52:00 <awilfox> much faster and lighter :)
2017-05-12 23:53:23 <Shiz>   @kaniini │ i've spent the past 2 hours trying to make virt-install work
2017-05-12 23:53:30 <Shiz> this is why i use a custom qemu wrapper thing
2017-05-12 23:53:31 <Shiz> :P
2017-05-12 23:53:57 <Shiz> awilfox: skarnet: libvirt doesn't have to use xen
2017-05-12 23:53:58 <kaniini> awilfox: kvm is necessary in this setup because it is for the windows farm
2017-05-12 23:54:00 <Shiz> it can use qemu-kvm just fine
2017-05-12 23:54:12 <kaniini> awilfox: but hey, at least we wont have to keep disinfecting our vmware machines
2017-05-12 23:54:50 <jirutka> yeah, I used to use libvirtd with QEMU/KVM… actually I even didn’t know that it works with Xen too… but as I said, I really can’t recommend libvirtd
2017-05-13 00:00:23 <TemptorSent> kaniini: How does apk currently handle cyclical constraints?
2017-05-13 00:01:33 <awilfox> Shiz: kaniini: jirutka: my point was I wanted to make one specifically for xen, because I don't like nor do I care about KVM
2017-05-13 00:01:43 <Shiz> ah
2017-05-13 00:01:44 <awilfox> the performance is abysmal
2017-05-13 00:01:58 <awilfox> back when I actually ran servers for a living, that mattered
2017-05-13 00:01:59 <kaniini> TemptorSent: error
2017-05-13 00:02:01 <Shiz> idk, worked fine for me
2017-05-13 00:02:35 <awilfox> Shiz: postgresql had about a 30% performance increase putting it on xen, and apache was able to serve about 150 req/s more under xen
2017-05-13 00:02:48 <awilfox> like I said, it mattered when I ran servers for a living
2017-05-13 00:02:56 <awilfox> I don't any more so I probably don't need xen's speed and decency
2017-05-13 00:03:03 <Shiz> not doubting your abilities of course, you did use all the kvm pv drivers?
2017-05-13 00:03:05 <skarnet> awilfox: gandi switched from xen to kvm for performance reasons, they say they gained 20% ^^'
2017-05-13 00:03:06 <awilfox> but I got used to it so I still use it
2017-05-13 00:03:06 <Shiz> virtio and the like
2017-05-13 00:03:19 <kaniini> cache=writeback & virtio gets you a very long way
2017-05-13 00:03:20 <awilfox> Shiz: yes, it was using virtio
2017-05-13 00:03:39 <awilfox> Shiz: without virtio I doubt apache would have worked at all >.>
2017-05-13 00:03:45 <Shiz> lol
2017-05-13 00:04:15 <TemptorSent> kaniini: Okay, I have one solver that can resolve all forward deps, including cycles, while the revdep based solver will not resolve them.
2017-05-13 00:04:30 <awilfox> skarnet: they were probably using hvm instead of pv, not going to try and say xen is faster than kvm for hvm crap like openbsd or NT
2017-05-13 00:04:48 <awilfox> skarnet: but freebsd and linux are what I run, and those perform much better under xen
2017-05-13 00:05:06 <awilfox> at least, in my experience
2017-05-13 00:05:13 <kaniini> TemptorSent: i think it will try to bring both deps in with equal weight if it is a trivial cycle
2017-05-13 00:05:28 <skarnet> yeah, they weren't using pv
2017-05-13 00:05:31 <TemptorSent> kaniini: The revdep solver should be orders of magnitude faster at large scale because it only visits each node once per dep.
2017-05-13 00:05:31 <kaniini> awilfox: yes, PV is obviously faster than full virtualization
2017-05-13 00:05:46 <skarnet> but afaik they're using Linux
2017-05-13 00:05:52 <awilfox> kaniini: well, kvm can do pv too, which is what I was using
2017-05-13 00:06:01 <kaniini> awilfox: not like xen pv
2017-05-13 00:06:05 <awilfox> true :)
2017-05-13 00:06:20 <xmux> what does kvm pv mean?
2017-05-13 00:06:32 <Shiz> kvm with pv drivers
2017-05-13 00:06:33 <awilfox> xmux: virtio and I think it may have dynamic CPU scaling
2017-05-13 00:06:34 <Shiz> probbly?
2017-05-13 00:06:36 <kaniini> awilfox: xen itself is a microkernel, it starts a domain up as if it were just another process
2017-05-13 00:06:39 <xmux> ah ok
2017-05-13 00:06:41 <TemptorSent> kaniini: A better question is what is the desired output of the solver given a cycle in the dep-tree?
2017-05-13 00:06:45 <skarnet> https://en.wikipedia.org/wiki/Paravirtualization
2017-05-13 00:06:53 <kaniini> awilfox: the real thing to compare kvm to is vmware, not xen pv
2017-05-13 00:07:10 <Shiz> ugh vmware
2017-05-13 00:07:12 <xmux> Yes I know what paravirtualization is, and kvm doesn't do it according to the general definition
2017-05-13 00:07:14 <Shiz> i ran esxi on a box for years
2017-05-13 00:07:17 <Shiz> worst time of my life
2017-05-13 00:07:41 <awilfox> kaniini: hmm, then I think I take vmware's ability to not STOP windows.. or did they fix that yet in kvm?  lol
2017-05-13 00:07:51 <awilfox> it was pretty awful back in 2011-2014
2017-05-13 00:08:51 <Shiz> esxi's half-ass ssh
2017-05-13 00:08:53 <Shiz> :P
2017-05-13 00:09:09 <Shiz> i remember it randomly stopping the ssh service
2017-05-13 00:09:13 <TemptorSent> kaniini: As it is, I can build both fully resolved and broken dep chains with both solvers, and I've built-in a set of tests.
2017-05-13 00:09:22 <awilfox> regularly got https://msdn.microsoft.com/en-us/library/windows/hardware/ff557211%28v=vs.85%29.aspx
2017-05-13 00:09:24 <Shiz> which means i had to boot up my win7 vm to use their windows-only gui management tool
2017-05-13 00:09:28 <Shiz> to get ssh running again
2017-05-13 00:09:29 <awilfox> like, every 2-3 days, under kvm
2017-05-13 00:09:38 <TemptorSent> The cyclic deps is the only place they differ in resolving.
2017-05-13 00:09:44 <Shiz> also, contrary to what vmware says you can perfectly fine reset esxi root passwords without reinstalling (and losing your data)
2017-05-13 00:10:05 <kaniini> Shiz: trust me i know
2017-05-13 00:10:06 <Shiz> you just gotta boot into a livecd, mount the correct partition (out of 7 or 8), untar a file, edit the etc/passwd in there and tar it back up
2017-05-13 00:10:08 <Shiz> a fun experience
2017-05-13 00:10:09 <kaniini> Shiz: we have to do it every week
2017-05-13 00:10:17 <kaniini> Shiz: because there is some ESXi worm
2017-05-13 00:10:41 <Shiz> lol
2017-05-13 00:10:47 <kaniini> Shiz: we eventually just locked out the ESXi machines at network edge
2017-05-13 00:10:49 <awilfox> I never received such an error under kvm, or xen hvm
2017-05-13 00:10:57 <awilfox> err
2017-05-13 00:11:04 <awilfox> I never received such an error under vmware or xen hvm
2017-05-13 00:11:09 <awilfox> I received the error under kvm :P
2017-05-13 00:11:34 <kaniini> xen sucks for running windows at high density
2017-05-13 00:11:43 <kaniini> evtchn flooding is a serious problem
2017-05-13 00:11:56 <kaniini> in fact, xen hvm sucks in general
2017-05-13 00:12:05 <awilfox> not even that, it can't use KSM
2017-05-13 00:12:15 <awilfox> you can *seriously* overcommit windwos using KVM + KSM
2017-05-13 00:12:19 <awilfox> windows*
2017-05-13 00:12:43 <Shiz> you don't want to use KSM...
2017-05-13 00:12:50 <kaniini> i do not need KSM
2017-05-13 00:12:55 <kaniini> i have 512GB of RAM
2017-05-13 00:12:57 <kaniini> ;)
2017-05-13 00:12:58 <Shiz> KSM + rowhammer = cross-VM tampering
2017-05-13 00:13:22 <awilfox> Shiz: I didn't say it was a good idea, I simply said it was possible
2017-05-13 00:13:26 <awilfox> and ridiculously easy
2017-05-13 00:13:33 <Shiz> https://www.vusec.net/projects/dedup-est-machina/
2017-05-13 00:13:35 <Shiz> :)
2017-05-13 00:14:39 <Shiz> wrong link, i think
2017-05-13 00:14:45 <Shiz> https://www.vusec.net/projects/flip-feng-shui/
2017-05-13 00:14:56 <Shiz> it was this one
2017-05-13 00:15:21 <awilfox> Shiz: life sucks and then you enable ptrr and stop thinking about this stuff
2017-05-13 00:16:15 <awilfox> and anyway, sometimes that is acceptable, consider a developer just doing testing across a bunch of configurations
2017-05-13 00:16:55 <awilfox> if you don't care about the integrity of the windows VMs because they're just throwaway things, who cares about owning?  it can squeeze more into a single computer without needing RAM upgrades
2017-05-13 00:17:11 <awilfox> and considering manufacturers like apple and lenovo are starting to solder memory to the boards instead of using sockets...
2017-05-13 00:17:17 <Shiz> what makes you think this is limited to vm-to-vm
2017-05-13 00:17:18 <awilfox> that will continue to be a thing
2017-05-13 00:17:22 <Shiz> it's just as easy applicable to vm-to-host
2017-05-13 00:17:24 <Shiz> :)
2017-05-13 00:17:37 <awilfox> Shiz: if I cared about vm-to-host security, I would be using hardware solutions like powerpc lpars
2017-05-13 00:17:56 <awilfox> xen and vmware and kvm and qemu and all of them fail very badly at making me feel like the vm can't own the host
2017-05-13 00:18:35 <Shiz> i'm sure you'll get a lot of customers offering ppc machies :p
2017-05-13 00:19:08 <awilfox> didn't know I had customers that cared about the architecture of my mail/web/database servers... lol
2017-05-13 00:19:51 <awilfox> that reminds me, I need to see if musl/ppc64 actually works on not-power8
2017-05-13 00:20:03 <awilfox> or if I need to spend my weekend rewriting it
2017-05-13 00:20:47 <skarnet> awilfox: speaking of which, please tell me when I can use georgie again
2017-05-13 00:21:42 <Shiz> awilfox: i can give you an answer to that: no
2017-05-13 00:21:46 <Shiz> it's only ppc64le
2017-05-13 00:21:48 <Shiz> afaik
2017-05-13 00:22:14 <awilfox> Shiz: no, they have a big endian port, but it uses the v2 ABI
2017-05-13 00:22:30 <awilfox> Shiz: and IBM says that ABI requires either "power8 features to be available, or emulated by the system"
2017-05-13 00:22:40 <Shiz> oh, hm
2017-05-13 00:22:42 <awilfox> Shiz: and dalias says "well I make up the ABI and I say it doesn't require power8 to be available"
2017-05-13 00:23:03 <Shiz> maybe i was confusing some old ML post then
2017-05-13 00:23:10 <awilfox> Shiz: and repeated attempts to tell him "that isn't how it works" have failed, so I need to prove it; and that will require me building a toolchain and showing it spectacularly crashing on my power4e+
2017-05-13 00:23:39 <awilfox> skarnet: booted, though it seems to think it has an Apple OHCI Root Hub, despite it having USB disabled and not running on an Apple computer.
2017-05-13 00:23:42 <kaniini> these are literally "i need a browser" environments for auditing
2017-05-13 00:24:03 <skarnet> awilfox: no rush, I'm soon going to sleep anyway - I'll just need it some time next week
2017-05-13 00:24:40 <awilfox> skarnet: ah, okay.  well, in that case I will go ahead and update it later tonight
2017-05-13 00:24:48 <awilfox> unless you need it to remain on 5.7
2017-05-13 00:25:11 <skarnet> it's your machine, do whatever you need with it
2017-05-13 00:25:28 <awilfox> well it is mainly a machine to test porting
2017-05-13 00:25:39 <awilfox> but none of my projects currently need portability to BSD
2017-05-13 00:25:54 <awilfox> I dunno if you need to remain compatible with the 5.x release line
2017-05-13 00:26:40 <skarnet> honestly, if I need a POSIX feature and 5.* breaks because of it, I'm not going to shed a tear
2017-05-13 00:26:48 <awilfox> 6.0 rewrites substantial parts of the libc to be more in line with POSIX 2015
2017-05-13 00:26:58 <skarnet> 6.0 is good
2017-05-13 00:27:28 <skarnet> at the very last they decided that maybe self-contained headers was a good thing
2017-05-13 00:27:29 <awilfox> well 6.1 is just released in last weeks, was just saying, I left it at 5.x because it is more effort to port to.
2017-05-13 00:27:46 <awilfox> it is more of an 'exercise' for the code, to be sure it works fine on it
2017-05-13 00:28:14 <skarnet> if you want to upgrade it, be my guest - technically I'm your guest
2017-05-13 00:29:02 <skarnet> if I can answer "just upgrade your shitty OS" to BSDers whining "doesn't build", all the better
2017-05-13 00:30:03 <awilfox> hmm, I just realised: I DO have a project that needs to be portable to BSD
2017-05-13 00:30:12 <awilfox> so having 6.1 available may be worth it
2017-05-13 00:30:39 <awilfox> "Highlights include GCC 4.9.4, KDE 3.5.10, and Firefox 52.0.2"
2017-05-13 00:30:46 <awilfox> openbsd still ships KDE 3, lmao
2017-05-13 00:31:02 <Shiz> trinittyyyyy
2017-05-13 00:32:41 <skarnet> how about BIND 4
2017-05-13 00:36:17 <awilfox> bind 9.10.5
2017-05-13 00:38:09 <skarnet> that was a trick question, the correct answer is "don't ship BIND"
2017-05-13 02:12:06 <kaniini> so
2017-05-13 02:12:25 <kaniini> windows is reporting -4 billion packets received
2017-05-13 02:12:40 <kaniini> quality is job #1 at microsoft or qemu or i don't even know
2017-05-13 02:17:07 <awilfox> virtio is a red hat production
2017-05-13 02:17:51 <Shiz> xentec: my mostly untested POSIX sh/tools port of wg-quick https://txt.shiz.me/MzUzZWM2Y2
2017-05-13 02:17:54 <Shiz> expect breakage
2017-05-13 02:18:27 <Shiz> where 'port' means 'rewrite the bash script line-by-line to take out bashisms'
2017-05-13 02:20:32 <Shiz> small correction: https://txt.shiz.me/YmY1NjJmYW
2017-05-13 06:16:01 <TemptorSent> kaniini: -4x10^9 sounds about right for Windowz - after all, it's a black hole for time, money, data, and anything else you let near it.
2017-05-13 06:18:06 <skarnet> reminds me of a certain IRC channel
2017-05-13 06:20:20 <TemptorSent> skarnet: Only one? ;)
2017-05-13 06:21:34 <skarnet> only one I'm foolish enough to frequent LO
2017-05-13 06:21:40 <skarnet> :P, not LO
2017-05-13 06:21:54 <TemptorSent> Fencepost error.
2017-05-13 06:23:23 <TemptorSent> (Don't worry, my fingers forget where they are more and more as I get older - it's normal. *twitch*)
2017-05-13 06:27:22 <TemptorSent> skarnet: Any thoughts on implementing a minimal graph-structured database (n-tuple store) for use by apk? Do you have anything in your bag of tricks that might be of use?
2017-05-13 06:29:31 <skarnet> how many fields can be keys?
2017-05-13 06:29:38 <skarnet> all of them?
2017-05-13 06:29:49 <TemptorSent> Arbitrary.
2017-05-13 06:30:04 <skarnet> that means "all of them"
2017-05-13 06:30:17 <TemptorSent> Edge properties differentiate the relationships, not node properties.
2017-05-13 06:30:36 <skarnet> example?
2017-05-13 06:31:29 <TemptorSent> package a --depends on--> package b ; package a --provides--> file
2017-05-13 06:32:36 <skarnet> --provides should be a virtual capability, not a file
2017-05-13 06:33:24 <TemptorSent> It's a relationship, allowing looking up packages by file directly.
2017-05-13 06:33:37 <skarnet> you want a complete relational db
2017-05-13 06:33:40 <TemptorSent> And determine conflicts by airity.
2017-05-13 06:33:46 <TemptorSent> No, not at all.
2017-05-13 06:34:07 <TemptorSent> Graph-structured database, not RDBMS
2017-05-13 06:34:18 <skarnet> you do. A table of packages, a table of dependencies, a table of virtual thingies...
2017-05-13 06:34:36 <TemptorSent> Nope, I want a set of nodes and multiple sets of nodes.
2017-05-13 06:34:39 <skarnet> you don't only have packages here, there are more data types
2017-05-13 06:34:46 <skarnet> you want more than one table
2017-05-13 06:34:49 <TemptorSent> then edges to connect them.
2017-05-13 06:35:03 <TemptorSent> No tables involved.
2017-05-13 06:35:37 <TemptorSent> Tree structures.
2017-05-13 06:36:29 <skarnet> idc about the data structure, that's an implementation detail
2017-05-13 06:36:44 <skarnet> the fact is that you have several types and you want to be able to query them all
2017-05-13 06:36:49 <TemptorSent> n-linked-2-linked lists is one way to do it.
2017-05-13 06:37:00 <skarnet> again, idc about implementation at this point
2017-05-13 06:37:07 <skarnet> cart before the horse, etc.
2017-05-13 06:37:26 <skarnet> first get the model right
2017-05-13 06:37:36 <TemptorSent> Given a list of files, a set of deps, and some metadata, I want to be able to walk the tree.
2017-05-13 06:37:53 <skarnet> what tree?
2017-05-13 06:38:22 <skarnet> there's no tree at this point, I want to know what kind of data you're handling
2017-05-13 06:38:23 <skarnet> brb
2017-05-13 06:40:05 <TemptorSent> Pick a root node, draw an edge from that node to each node referencing it, rinse, repeat :)
2017-05-13 06:40:38 <TemptorSent> The edges are tagged with the type of relationship, the nodes themselves are keys and optionally metadata.
2017-05-13 06:42:08 <TemptorSent> So the relationship could be "depends on", and it could exist between different packages, between files (executibles/libraries), init scripts, whatever -- it's a generic relationship.
2017-05-13 06:42:59 <awilfox> polymorphic RDBMS is still RDBMS
2017-05-13 06:43:15 <TemptorSent> binary:'/sbin/apk' -- depends on --> 'libz.so.1'
2017-05-13 06:44:14 <TemptorSent> awilfox: No, it really isn't. Please take a look at graph-structured databases vs. RDBMSs, it's quite different.
2017-05-13 06:45:02 <TemptorSent> Its much closer to a direct linked-list than a RDBMS, with traversals being the primary operation, not query by keys.
2017-05-13 06:46:08 <TemptorSent> Think DAGs, not tables.
2017-05-13 06:48:02 <TemptorSent> Essentially, a set of DAGs (possibly generalized to include semantically acyclic cyclic directed graphs), with multiple independent sets of edges connecting them
2017-05-13 06:49:43 <TemptorSent> Each edge is an annotated set of pointers, each node gets a UUID, a name, a data pointer, and a set of incoming and outgoing edge pointers.
2017-05-13 06:50:53 <TemptorSent> No tables (except possibly for backing-store, but that's and implementation choice)
2017-05-13 06:52:19 <TemptorSent> take a look at the output of 'apk dot', which gives the nodes and edges for packages and their deps.
2017-05-13 06:53:31 <TemptorSent> I'd like to generalize that functionality, and more importantly, be able to interact with it in graph-structred form.
2017-05-13 06:57:29 <TemptorSent> Bonus points for handling generic vs. specific nodes (package:packagename vs package:packagename=pkgver or package:packagename=:hashtype:hash:)
2017-05-13 06:58:47 <TemptorSent> So the only index we need is a simple hash index and key index, no table indexing needed since we already have all information in the graph.
2017-05-13 07:00:12 <skarnet> why the heck do you ask questions if you're already made up your mind and won't budge
2017-05-13 07:00:19 <skarnet> you've*
2017-05-13 07:01:04 <TemptorSent> i.e. binary:'/sbin/apk' --(depends on)--> libso:'libz.so.1', while binary:'/sbin/apk':sha512:<hash> --(depends on)--> libso:'libz.so.1.2.11':sha512:<hash>
2017-05-13 07:01:26 <skarnet> if you're going to ask for my input, then please 1. describe the problem you want to solve, in accurate terms; 2. don't confuse me with your implementation details or choices; 3. let me think about it the way I see fit, i.e. model first and implementation second
2017-05-13 07:01:27 <TemptorSent> I haven't made up my mind about anything other than what I'm trying to accomplish.
2017-05-13 07:01:39 <skarnet> you haven't done 1. yet
2017-05-13 07:01:47 <skarnet> you've jumped right into 2.
2017-05-13 07:01:56 <skarnet> and 3, well, let's not even talk about it
2017-05-13 07:04:37 <TemptorSent> 1. I am trying to create a generic, generally useful graph-database that is appropriate for use in system-level tools. It may be used for multiple purposes, including (but not limited to) providing dependency resolution, maintaining hashsets, storing configuration history, other generally graph-like operations.
2017-05-13 07:04:47 <skarnet> if you want to have { files, packages, virtual capabilities } and relations between them, that's exactly what a RDBMS does, so you need to narrow down exactly what it is you want
2017-05-13 07:05:11 <TemptorSent> I want nodes, edges, and the ability to annotate them.
2017-05-13 07:05:54 <TemptorSent> A RDBMS requires HUGE overhead by comparison to a graph database for traversals.
2017-05-13 07:06:38 <TemptorSent> A graph database is explicitly designed to work for highly recursive operations.
2017-05-13 07:06:50 <TemptorSent> Which is one of the places most RDBMSs suck.
2017-05-13 07:07:10 <skarnet> you are, again, talking about implementation
2017-05-13 07:07:13 <TemptorSent> Not to mention wanting to use a few hundred k, not a few hundred megs.
2017-05-13 07:07:19 <skarnet> I'm asking you to step away from the implementation
2017-05-13 07:07:22 <TemptorSent> No, I'm talking about model.
2017-05-13 07:07:25 <skarnet> and to talk about what you WANT
2017-05-13 07:08:54 <TemptorSent> I'm not sure what I was unclear about what I WANT -- a minimilistic graph-structured database that allows for multiple sets of edges with annotations.
2017-05-13 07:10:14 <skarnet> that's as clear to me as "I want a system to manage our workflow"
2017-05-13 07:10:19 <TemptorSent> http://whitedb.org/ is a much larger version of the kind of database I'm referring to.
2017-05-13 07:11:20 <TemptorSent> I don't need full-on RDF, just MINIMAL graph-structure and the ability to traverse it based on the content of nodes/edges.
2017-05-13 07:11:41 <skarnet> you're obviously either not listening, or not understanding what I'm expecting
2017-05-13 07:12:05 <TemptorSent> I'm afraid I'm not understanding what you're after.
2017-05-13 07:12:06 <skarnet> I don't care about the data structures and I don't want to hear about nodes, edges, lines, circles or easter bunnies
2017-05-13 07:12:23 <skarnet> I want to hear about the tool you're designing and the functionality you want to have
2017-05-13 07:12:29 <skarnet> what command do you want to be able to do
2017-05-13 07:12:38 <skarnet> what are you writing
2017-05-13 07:12:44 <skarnet> what functionality can users expect
2017-05-13 07:13:11 <TemptorSent> All I WANT is the data-structures, nodes, edges, and the ability to read/write/modify/traverse them.
2017-05-13 07:13:58 <skarnet> bzzzzt! you said nodes and edges again
2017-05-13 07:14:02 <skarnet> I'm out
2017-05-13 07:14:07 <TemptorSent> It doesn't matter if it's storing keys, packages, users, filenames, or whatever!
2017-05-13 07:14:16 <skarnet> of course it does matter
2017-05-13 07:14:23 <skarnet> but it's too late, you blew your joker
2017-05-13 07:14:26 <skarnet> try again next month!
2017-05-13 07:14:47 <TemptorSent> Sorry, I don't know how to describe a generic data storage tool more specifically.
2017-05-13 07:15:03 <skarnet> that should give you a clue
2017-05-13 07:15:15 <skarnet> "don't try and write a generic data storage tool"
2017-05-13 07:15:19 <TemptorSent> Which use do you want?
2017-05-13 07:15:26 <skarnet> that was free consulting
2017-05-13 07:15:46 <skarnet> my usual fare is 450€/day
2017-05-13 07:15:56 <skarnet> always happy to help, have a nice day!
2017-05-13 07:16:00 <TemptorSent> That's like saying 'don't write a generic regex parsing tool' rather than writing sed.
2017-05-13 07:16:47 <TemptorSent> Hmm, I thought this was unix land, where small, generically usefull tools were ENCOURAGED.
2017-05-13 07:17:46 <TemptorSent> I guess either I design, write, and test it by myself, or just give up on trying to improve the tools.
2017-05-13 09:23:02 <martanne> jirutka: thanks, by now all needed packages have static versions. Only some pkg-config related issues remain. I extracted the two configure checks from vis which should illustrate the problem (or my wrong expectations).
2017-05-13 09:23:15 <martanne> 1) the termkey.pc does not reference unibilium, causing a linker error:
2017-05-13 09:23:18 <martanne> http://sprunge.us/NFCd
2017-05-13 09:23:34 <martanne> 2) lpeg.a should probably be named liblpeg.a and the Lua package path /usr/lib/lua/5.3 should be added to lua5.3.pc?
2017-05-13 09:23:46 <martanne> http://sprunge.us/eAOK
2017-05-13 10:55:32 <tmh1999> jirutka : I guess we just disable binaryen on s390x for now. we would want s390x ready by monday for rc1. if upstream has something sound, we add it back again ?
2017-05-13 10:56:24 <tmh1999> thank you :)
2017-05-13 10:59:38 <jirutka> fabled: could you please help me move testing/ghc to community?
2017-05-13 11:10:33 <jirutka> what the heck is so hard to understand about implicit return values in shell functions?!
2017-05-13 11:36:37 <scadu>  hi, I tried to build LXC container using following template: https://github.com/lxc/lxc/blob/master/templates/lxc-alpine.in that's the result: http://sprunge.us/hDWF
2017-05-13 11:37:38 <scadu> it seems that dl-cdn mirror is still affected. after changing to nl.a.o or cz.a.o this issue does not occur
2017-05-13 11:45:21 <jirutka> Shiz: kaniini: could please someone look at https://github.com/alpinelinux/aports/pull/1399 ? tbh I have no clue what is this change doing
2017-05-13 11:52:38 <tmh1999> jirutka : man 2 posix_fadvise : POSIX_FADV_DONTNEED attempts to free cached pages associated with the specified region. What I understand is the builder is userspace lxc, thus it does not have permission to free the data
2017-05-13 11:54:09 <jirutka> tmh1999: but how will it affect the program? is it okay to change it just because this feature is not allowed under LXC?
2017-05-13 11:55:17 <tmh1999> in fact it does not affect at all. the POSIX_FADV_DONTNEED only differs POSIX_FADV_NORMAL in the sense that the latter does not tell the kernel to free the pages/cached data.
2017-05-13 11:55:49 <tmh1999> ioping measures the IO perf, then does tell or does not tell the kernel to free the data.
2017-05-13 11:57:04 <jirutka> then why ioping use POSIX_FADV_DONTNEED instead of POSIX_FADV_NORMAL ?
2017-05-13 11:58:31 <tmh1999> http://ix.io/tAL : it fails in the $ make test
2017-05-13 11:59:45 <tmh1999> jirutka : in fact the same purpose can be achieved with -C option passed to ioping https://github.com/koct9i/ioping/blob/master/ioping.c#L319
2017-05-13 11:59:58 <tmh1999> I can do -C just find
2017-05-13 12:00:01 <tmh1999> *fine
2017-05-13 12:00:37 <tmh1999> but, what I understand is -C and POSIX_FADV_DONTNEED are different
2017-05-13 12:00:52 <tmh1999> not same purpose, same goal.
2017-05-13 12:34:16 <mir4ndaX> hello
2017-05-13 13:12:58 <arch3y_> so far I have had the devs of netsniff-ng build over 6 patches to fix the source to work on apline
2017-05-13 15:15:35 <arch3y_> Shiz: thanks for helping with the netsniff-ng stuff I was thinking it didnt have fopencookie support but I wasnt 100% sure
2017-05-13 15:15:52 <Shiz> :p
2017-05-13 15:16:48 <arch3y_> with any luck they will implement a few more changes and it will be done
2017-05-13 15:28:02 <ashb> Anyone who knows POSIX sh better than I know of a way to deal with this case? https://github.com/alpinelinux/aports/pull/1325#discussion_r115966885
2017-05-13 15:30:55 <TemptorSent> ashb - use ${pkgver%%.*} perhaps?
2017-05-13 15:31:50 <ashb> That removes everything after the first period, result is "2"
2017-05-13 15:32:23 <TemptorSent> ashb - what are you trying to get, the first two?
2017-05-13 15:32:30 <ashb> 2.2 is the result I want
2017-05-13 15:33:55 <TemptorSent> Go at it the other direction then, trim it off the front, then play the game to remove the suffix
2017-05-13 15:34:30 <Shiz> ashb: it's probably fine to just use cut, imo
2017-05-13 15:34:43 <ashb> @Shiz that was my thought too :)
2017-05-13 15:35:01 <Shiz> with the varying number of dots it's a pain to do through shell syntax
2017-05-13 15:35:52 <TemptorSent> _pkgvermajor="${pkgver##*.*.}" && _pkgvermajor="${pkgver%$_pkgvermajor}"
2017-05-13 15:35:55 <ashb> I can do a horrible version involving ${#x} and %{x:0:...} but that only works in bash (and is not understandable)
2017-05-13 15:36:18 <TemptorSent> oops, forgot a dot in the second.
2017-05-13 15:37:00 <jirutka> ashb: this is quite tricky… in this case it’ll be better to just hardcode _pkgvermajor=2.2
2017-05-13 15:37:09 <Shiz> hardcoding is fine too imo
2017-05-13 15:37:11 <jirutka> ashb: it’s not changing very often anyway
2017-05-13 15:37:20 <Shiz> as long as it's close to the pkgver, it should be easy to detect
2017-05-13 15:37:22 <Shiz> :P
2017-05-13 15:37:55 <ashb> seems fair. I'll go for that
2017-05-13 15:38:03 <jirutka> ashb: but to avoid mistakes, simple check in prepare() would be handy
2017-05-13 15:38:13 <ashb> and set up a proper APKBUILD chain so I can actually test it once I'm back home and have my charger
2017-05-13 15:38:34 <ashb> @jirutka if it's wrong the download would fail. Is that enough of a check?
2017-05-13 15:38:42 <Shiz> ^that's fine by me
2017-05-13 15:38:49 <jirutka> ashb: ah, right, that’s enough
2017-05-13 15:39:10 <ashb> Will update it later today
2017-05-13 15:39:16 <TemptorSent> If that doesn't tell you somethings wrong, something's wrong :)
2017-05-13 15:39:26 <Shiz> ashb: if you're fixing the APKBUILD anyway, could I ask you to remove the || return 1 stanzas too?
2017-05-13 15:39:32 <Shiz> they're not needed anymore
2017-05-13 15:39:46 <ashb> sure okay. same commit or different (squashing all the other update ones into one anyway)
2017-05-13 15:39:58 <Shiz> it's fine to just squash it all into one commit
2017-05-13 15:41:05 <jirutka> ashb: preferably in separate commit (in the same PR)
2017-05-13 15:41:47 <Shiz> jirutka's opinion supercedes mine :p
2017-05-13 15:42:48 <jirutka> Shiz: it’s usually better when contributors does not squash commits, it’s harder to identify what has been changed since the last time you’ve looked at it and we can always easily squash if if needed when merging ;)
2017-05-13 15:43:44 <ashb> One commit to update versions, one to update apk.
2017-05-13 15:43:53 <Shiz> add it, apk update, and try again
2017-05-13 15:43:57 <Shiz> whoops wrong chan
2017-05-13 15:44:03 <jirutka> Shiz: also some ppl don’t know git enough and may create quite big mess when using --force
2017-05-13 15:48:13 <jirutka> Shiz: it’s even in https://github.com/alpinelinux/aports/blob/master/.github/CONTRIBUTING.md: "Add your file(s) to git and commit (we will squash your commits if needed)." ;)
2017-05-13 15:48:25 <Shiz> alright
2017-05-13 15:48:30 <Shiz> i will stop asking for that then
2017-05-13 15:48:32 <Shiz> :P
2017-05-13 15:51:45 <Shiz> jirutka: what do you use to merge PRs on the command line?
2017-05-13 15:54:21 <jirutka> Shiz: curl -L https://github.com/alpinelinux/aports/pull/<PR-NUM>.patch | git am
2017-05-13 15:54:21 <Shiz> also, https://github.com/alpinelinux/aports/pull/1402 LGTM if the commit message is changed to `main/darkhttpd`
2017-05-13 15:54:38 <Shiz> i thought it was in community thanks to that message and tried to merge it
2017-05-13 15:54:40 <Shiz> :D
2017-05-13 15:55:23 <jirutka> Shiz: there’re messed whitespaces https://github.com/alpinelinux/aports/pull/1402/files#diff-5a6267b392b6870ca51bc70b1755e2acR26
2017-05-13 15:55:28 <jirutka> Shiz: I’ll fix it when merging
2017-05-13 15:55:45 <Shiz> any messy whitespace was already thereb efore
2017-05-13 16:02:50 <jirutka> hm, storm is coming, I’ll be probably w/o electricity soon :/
2017-05-13 16:03:17 <jirutka> (I’m not in Prague now)
2017-05-13 16:13:05 <Shiz> oh dear
2017-05-13 16:13:08 <Shiz> that bad over there?
2017-05-13 16:18:58 <arch3y_> to be honest Ive held off on my prs becuase I was a bit nervous about squashing stuff   lol
2017-05-13 16:19:02 <arch3y_> I knew Id mess it up
2017-05-13 16:19:13 <Shiz> it's okay, i can squash it too
2017-05-13 16:19:16 <Shiz> it's no big issue
2017-05-13 16:36:50 <jirutka> hm, IIRC removing `|| return 1` should be postponed until branching v3.6, to make backporting fixes easier
2017-05-13 16:39:32 <Shiz> what do you mean?
2017-05-13 16:39:43 <Shiz> 3.6 would have the version of abuild that does set -e too, no?
2017-05-13 16:40:08 <jirutka> yes
2017-05-13 16:41:29 <jirutka> tbh i don’t know reason behind this, imo it doesn’t matter, just remembering that ncopa mentioned it few times
2017-05-13 16:41:46 <TemptorSent> Hmm, perhaps a simple fail() function would be wise for semantic and possibly logging purposes?
2017-05-13 16:42:03 <jirutka> no
2017-05-13 16:42:17 <jirutka> it’s not needed since we run abuild with `set -e`
2017-05-13 16:42:54 <TemptorSent> I mean for explict failure cases, not failed commands.
2017-05-13 16:43:07 <jirutka> like where for example?
2017-05-13 16:43:36 <jirutka> explicit failure case is when command returns non-zero status
2017-05-13 16:43:47 <TemptorSent> test_for_condition || fail "Condition blah not satisfied, try ..."
2017-05-13 16:44:20 <jirutka> yeah, that may be useful
2017-05-13 16:44:23 <TemptorSent> So useful debugging information can be provided when -v is set.
2017-05-13 16:44:47 <jirutka> but that’s different issue
2017-05-13 16:45:12 <TemptorSent> Agreed, just one that comes up with removing the || return 1 in terms of semantics anyway.
2017-05-13 16:45:26 <jirutka> yes
2017-05-13 16:45:39 <TemptorSent> Tests with no action are semantically confusing.
2017-05-13 16:46:39 <TemptorSent> '[ -e "$file" ]' vs '[ -e "$file" ] || return 1' for instance.
2017-05-13 16:48:02 <TemptorSent> Better would be '[ -e "$file" ] || fail "File $file doesn't exist, try creating it (see example...)"
2017-05-13 16:48:41 <jirutka> I don’t remember any case like this in apkbuilds ;)
2017-05-13 16:49:05 <jirutka> there’s usually soma command that itself prints error message
2017-05-13 16:49:43 <TemptorSent> Yeah, those cases don't need it if they're already semantically correct on failure.
2017-05-13 16:49:52 <jirutka> so I’ve looked into abuild; there’s error command for logging error
2017-05-13 16:50:07 <jirutka> and die command for that logs error and exits 1
2017-05-13 16:50:15 <jirutka> and calls cleanup before existing
2017-05-13 16:50:22 <TemptorSent> right, fail would log error and return 1, not exit 1
2017-05-13 16:51:06 <TemptorSent> die-light :)
2017-05-13 16:51:31 <jirutka> it depends on how is trap set in abuild script
2017-05-13 16:51:59 <jirutka> maybe it’s good idea, maybe it’s contraproductive, don’t know now :)
2017-05-13 16:52:12 <jirutka> *counterproductive
2017-05-13 16:52:43 <jirutka> what the hell English? I thought that contra is from Latin… like against… so why counter-…?
2017-05-13 16:52:59 <TemptorSent> Well, for semantic purposes I think it would be useful, even if it does nothing more than return 1 with optional message.
2017-05-13 16:53:38 <TemptorSent> Contra is diametric opposite.
2017-05-13 16:54:16 <jirutka> hm, yeah
2017-05-13 16:54:18 <Shiz>   TemptorSent │ Better would be '[ -e "$file" ] || fail "File $file doesn't exist, try creating it (see example...)"
2017-05-13 16:54:18 <TemptorSent> contrapositive for instance being the set exclusive the set of positive.
2017-05-13 16:54:21 <Shiz> even better would be a checkpath helper
2017-05-13 16:54:23 <Shiz> ;p
2017-05-13 16:54:33 <jirutka> so it’s even in English, then I really don’t understand counter-productive
2017-05-13 16:54:34 <TemptorSent> Agreed, that's what I do in my scripts.
2017-05-13 16:54:56 <TemptorSent> Counter-productive is against productivity, not the diametric oppositie of productive.
2017-05-13 16:55:01 <jirutka> aha
2017-05-13 16:55:17 <TemptorSent> At least that's my understanding of it.
2017-05-13 16:56:09 <TemptorSent> loosely counter ~= against, contra ~= opposite
2017-05-13 16:56:43 <TemptorSent> and against ~= opposing, so it's less than clear in some cases.
2017-05-13 16:57:14 <TemptorSent> But that's advanced semantics extraction for NLP, not Alpine build systems ;)
2017-05-13 16:59:10 <TemptorSent> Shiz: What would you say to helping to define a set of appropriate helpers and putting them in a single common location for use by all alpine scripts?
2017-05-13 17:00:15 <TemptorSent> File/directory check/create/delete, archive handling, url handling, and apk helpers?
2017-05-13 17:00:30 <Shiz> i don't think it's generally needed
2017-05-13 17:01:17 <Shiz> i am way of a 'libalpine' as it would just devolve into being the kitchen sink
2017-05-13 17:01:19 <Shiz> wary*
2017-05-13 17:01:31 <jirutka> afk
2017-05-13 17:03:48 <TemptorSent> Nearly every script needs some subset of the functionality, usually it ends up being reimplemented in each one.
2017-05-13 17:04:00 <TemptorSent> See msg/warn/error etc.
2017-05-13 17:04:37 <TemptorSent> Also file/dir checks are often done wrong, checking for existence, but not readablity for instance.
2017-05-13 17:06:26 <TemptorSent> So having a consistent, known correct (or at least meeting tests), clear, and common set of utilities would reduce errors, improve readability, and make debugging much easier.
2017-05-13 17:15:16 <TemptorSent> We can unit-test and regression-test individual utilities for correct behavior, while testing the scripts is much more difficult.
2017-05-13 17:19:22 <TemptorSent> "file_is_readable "$file" || fail "Can't read '$file'" or "file_is_readable "$file" || cat "$file.example" | sed ... > "$file""
2017-05-13 17:56:57 <ashb> https://github.com/alpinelinux/aports/pull/1325 updated and actually working this time :)
2017-05-13 18:24:52 <TemptorSent> Hmm, working out the math on deps leads to the conclusion that we really need a way of distinguishing cyclic dependencies from mutual-inclusion dependencies semantically.
2017-05-13 18:26:49 <TemptorSent> if packages a,b,c are all mutually interdependent, there needs to be a way of distinguishing that from the case where package a requires package b to install, which requires package c to install, which in turn requires package a, thus can not be successfully installed (aka: bootstrapping required)
2017-05-13 18:29:34 <agb> ls
2017-05-13 18:30:53 <skarnet> bin boot dev etc home lib lost+found mnt opt proc root run sys tmp usr var
2017-05-13 18:31:16 <TemptorSent> Semantically, it may make sense to have the first case use a self-reference to indicate an inclusive set (a:a,b,c b:b,a,c c:c,a,b)
2017-05-13 18:31:29 <TemptorSent> *lol* skarnet
2017-05-13 18:31:42 <skarnet> TemptorSent: what you want is different sets of dependencies: install-time and run-time
2017-05-13 18:31:44 <agb> skarnet: thanks.
2017-05-13 18:32:51 <TemptorSent> skarnet: Not necessarily, but that is one case.
2017-05-13 18:33:21 <skarnet> well those are different kinds of dependencies, that must be addressed separately, so they need to be in the tool anyway
2017-05-13 18:34:02 <skarnet> and bootstrapping should be solved at package creation time, the tool doesn't have to handle it
2017-05-13 18:34:24 <skarnet> i.e. if your packages have circular deps, you packaged them wrong
2017-05-13 18:34:38 <TemptorSent> The ability to explicitly specify mutual dependency eliminates all semanticly acyclic cycles
2017-05-13 18:35:46 <TemptorSent> A good example is one component of package a depends on a component in package b, while a component in package b depends on a component in package a.
2017-05-13 18:36:19 <skarnet> packages a and b suck, send hate mail to their maintainer
2017-05-13 18:36:24 <TemptorSent> Rather than a:b, b:a we'd use a:a,b b:b,a
2017-05-13 18:37:04 <skarnet> having to handle connex components in the tool rather than single packages is a choice, but it adds a lot of complexity
2017-05-13 18:37:09 <skarnet> better solve this at packaging time
2017-05-13 18:37:44 <TemptorSent> If possible, yes, but sometimes the complexity of doing so is absurd.
2017-05-13 18:38:42 <skarnet> well if you want to be able to bootstrap all your software, you need to do so anyway
2017-05-13 18:38:49 <TemptorSent> Drivers with both userspace and kernel components that must match for instance.
2017-05-13 18:39:34 <skarnet> wrong example: userspace always depends on kernelspace, never the other way around
2017-05-13 18:40:01 <TemptorSent> Okay, so when you add one, what happens to the other?
2017-05-13 18:40:34 <skarnet> if you add kernelspace, nothing happens and you don't get the functionality. If you add userspace, you pull kernelspace.
2017-05-13 18:40:46 <skarnet> why isn't that obvious?
2017-05-13 18:41:28 <TemptorSent> Yeah, and not terribly helpful when you want to pull in both the kernel module and firmware for it.
2017-05-13 18:41:50 <TemptorSent> You need both for it to work, and neither one makes sense without the other.
2017-05-13 18:41:58 <skarnet> sigh. firmware is different, it's morally kernelspace, it goes with the kernelspace module.
2017-05-13 18:42:06 <skarnet> Again, this should be obvious.
2017-05-13 18:42:17 <TemptorSent> Yeah, too bad it doesn't actually work that way.
2017-05-13 18:42:49 <TemptorSent> It's a messy mixed bag at the boundary of kernelspace/userspace
2017-05-13 18:42:52 <skarnet> well, if we're the packagers, we're the ones who can choose the way to make it work
2017-05-13 18:44:06 <TemptorSent> Maybe, but not necessarily cleanly in some cases.
2017-05-13 18:44:08 <skarnet> and I'm going to leave before you're tempted to splain me how the boundary between userspace and kernelspace works, so I won't have to be unpleasant.
2017-05-13 18:44:14 <skarnet> Have a nice evening!
2017-05-13 18:45:29 <TemptorSent> *facepalm* Never fear, reality will never bite us in the ass with a true mutual dependency!
2017-05-13 18:46:46 <TemptorSent> And set theory is wrong about what constitutes a NP-complete problem vs. one that can be solved in linear time too, right?
2017-05-13 18:47:47 <TemptorSent> Explicit constraints = bounded time, otherwise, it's NP
2017-05-13 18:49:33 <TemptorSent> Why do I even waste my time trying to solve real problems when handwaving and pretending they never exist works so well?
2017-05-13 18:49:36 <Shiz> i'm totally fine with not catering to mutual dependencies
2017-05-13 18:50:33 <TemptorSent> Shiz: Can you build a near-linear time dep solver that can handle the short-cycle deps we have now?
2017-05-13 18:51:08 <Shiz> i don't see how that relates to me being fine with not catering to mutual dependencies
2017-05-13 18:51:12 <TemptorSent> Because SAT is bloody slow and degrades to exhaustive search of the space precicely because of unbounded cycles.
2017-05-13 18:52:40 <TemptorSent> Currently, there is no semantic difference between a valid loop in the dep chain resulting in all deps being pulled and one in which it should fail.
2017-05-13 18:53:41 <Shiz> clearly if i don't care about mutual deps, no loop is valid
2017-05-13 18:53:45 <TemptorSent> (often seen with some package requiring another package for an optional tool like TeX
2017-05-13 18:54:13 <TemptorSent> Okay, then we've got some serious problems in the current dep handling then I believe.
2017-05-13 18:54:47 <Shiz> i wouldn't be surprised if we did :P
2017-05-13 18:54:57 <TemptorSent> If every package can have its deps described as a DAG, we're good.
2017-05-13 18:55:07 <Shiz> but my opinion is not necessarily those of the apk-tools authors
2017-05-13 18:55:18 <Shiz> or of the other alpine devs
2017-05-13 18:55:35 <TemptorSent> I'm looking at it from the standpoint of mathmatical consistency.
2017-05-13 18:56:03 <TemptorSent> We can make certain guarentees with a DAG that we can't make with the possibility of cycles.
2017-05-13 18:57:09 <Shiz> i believe that dependency management shouldn't have cycles
2017-05-13 18:57:11 <TemptorSent> And we can tightly bound the number of itterations.
2017-05-13 18:57:21 <Shiz> however
2017-05-13 18:57:23 <Shiz> what we can do
2017-05-13 18:57:45 <Shiz> is optional dependencies that may incur cycles
2017-05-13 18:57:49 <Shiz> and are deselected when they do
2017-05-13 18:58:13 <Shiz> for instance:
2017-05-13 18:58:41 <Shiz> clang libc++abi relies on libc++ (without libc++abi support enabled) for whatever reason
2017-05-13 18:58:49 <TemptorSent> That would be a viable solution, and would allow the creation of a complete DAG from the runs.
2017-05-13 18:58:54 <Shiz> libc++ can (and in end-deployments, should) rely on libc++abi
2017-05-13 18:59:12 <Shiz> so libc++abi would be an optional dependency of libc++, allowing both to work
2017-05-13 18:59:27 <TemptorSent> First run creates the DAG with no optional deps, second run roots subtrees at each optional edge source.
2017-05-13 18:59:43 <Shiz> it's probably better to discuss this with fabled/kaniinii btw
2017-05-13 19:00:07 <TemptorSent> Yes, been working on it slowly when I can catch them.
2017-05-13 19:00:59 <Shiz> but the libc++abi may be a different issue entirely since that's about run vs build deps too
2017-05-13 19:01:24 <TemptorSent> Currently, I'm more after the underpinnings for the data structures so we can represent the DAGs as a hedge (set of intergrown trees)
2017-05-13 19:02:39 <TemptorSent> As long as we can differentiate the edges based on the dep type, itterative growth and pruning is a reasonably easy approach for even complex deps.
2017-05-13 19:03:14 <TemptorSent> Goes from linear to O(Nlog2N) IIRC.
2017-05-13 19:04:43 <TemptorSent> I want to build a toolbox that we can use for many tasks rather than a single-purpose.
2017-05-13 19:07:02 <TemptorSent> One is a minimal graph-structured database, another is a dep-solver using such database, another is a hashing/manifesting tool using the same graphdb tool to relate individual files to a given apk/package
2017-05-13 19:07:49 <TemptorSent> Add the pax archiver, url handling, and signature functions, and you have APK
2017-05-13 19:08:18 <TemptorSent> But also many generally useful tools.
2017-05-13 19:10:32 <TemptorSent> Anyway, I need to get out and work in the garden a bit, then get my mining equipment ready for the season since the snow's finally melting off up towards my claims.
2017-05-13 19:14:24 <Shiz> gl
2017-05-13 19:48:16 <jirutka> yeah, APK, just with infinity higher complexity… omfg
2017-05-13 20:04:55 <TemptorSent> jirutka: Higher complexity? Have you read the source for apk?
2017-05-13 20:06:47 <TemptorSent> What became of the unix philosophy to create, small, narrow scope, general purpose tools and use them together to accomplish tasks?
2017-05-13 20:07:40 <TemptorSent> If apk 3 is as hard to follow in the code as apk 2, it's not much of an improvment IMHO
2017-05-13 21:04:43 <nidan_> TemptorSent: Most people doesn't seem to understand the UNIX philosophy, not that part of it anyway. Which is really sad for the rest of us. =/
2017-05-13 21:15:45 <jirutka> nidan_: I actually understand the Unix philosophy quite well
2017-05-13 21:33:38 <mosez> somebody got an idea how i can solve "PHP Notice:  iconv(): Wrong charset, conversion from `UTF-8' to `ASCII//TRANSLIT' is not allowed" on alpine?
2017-05-13 21:37:53 <jirutka> mosez: ah, you’re trying to solve my looong list of failing php tests? :)
2017-05-13 21:38:17 <mosez> jirutka: i'm trying to build owncloud api docs on my alpine docker image :D
2017-05-13 21:38:24 <jirutka> eh, aha
2017-05-13 21:39:11 <jirutka> well, then I have bad news, this is one of many problems that fail in tests… https://github.com/alpinelinux/aports/blob/master/community/php7/disabled-tests.list
2017-05-13 21:39:20 <jirutka> I don’t know how to solve it
2017-05-13 21:43:09 <mosez> awesome... looks like i'm forced to use an ubuntu image like the guys before me :(
2017-05-13 21:43:42 <jirutka> or figure out how to fix it ;)
2017-05-13 21:44:12 <mosez> i really would like to, but i need these docs
2017-05-13 21:45:12 <Shiz> mosez: musl iconv does not support //TRANSLIT
2017-05-13 21:45:18 <Shiz> so if your php app uses that, that's the problem
2017-05-13 21:45:29 <Shiz> patch it to not to
2017-05-13 21:45:31 <Shiz> :P
2017-05-13 21:54:25 <mosez> shiz: it's not my app... it's phpdocumentor
2017-05-13 21:54:53 <mosez> god i really hate to work with php
2017-05-13 21:54:58 <Shiz> https://github.com/phpDocumentor/phpDocumentor2/blob/68cf85e30aab12ce27bb8889f765f14705b2f7b9/src/DomainModel/Renderer/Router/Rule.php#L102
2017-05-13 21:55:20 <Shiz> you can choose to not load the php7-iconv package
2017-05-13 21:55:22 <Shiz> avoids that
2017-05-13 21:55:39 <mosez> i'm downloading the phpdocumentor.phar because of no package for it :)
2017-05-13 21:56:15 <mosez> maybe spmething i should try :(
2017-05-13 22:13:03 <mosez> jirutka: just a guess without knowing further details, maybe some locales like https://github.com/rilian-la-te/musl-locales helps on that? idk...
2017-05-13 22:13:48 <jirutka> hm, WDYT Shiz ?
2017-05-13 22:14:15 <Shiz> it doesn't
2017-05-13 22:14:25 <Shiz> this is just musl's iconv() implementation, mostly unrelated to the other locale stuff
2017-05-13 22:14:29 <Shiz> it does not do //TRANSLIT on purpose
2017-05-13 22:15:07 <jirutka> but can it help with other locale issues on musl?
2017-05-13 22:18:32 <Shiz> some minor ones, i think
2017-05-13 22:21:01 <mosez> so building the php ext against gnu-libiconv solves the issues with php? :)
2017-05-14 00:29:58 <Shiz> https://github.com/alpinelinux/aports/pull/1443
2017-05-14 00:30:03 <Shiz> can anyone experienced with pam look at this?
2017-05-14 00:30:05 <Shiz> cc kaniini ncopa
2017-05-14 02:09:01 <ncopa> mosez: i mentioned the translit issue to dalias in #musl iirc the proper fix is to fix the php app
2017-05-14 02:09:42 <ncopa> might be if many enough ask for it that they will consider add it to musl
2017-05-14 02:09:47 <ncopa> ;)
2017-05-14 02:42:24 <awilfox> Shiz: any reason you don't have pam_wheel in there too?
2017-05-14 02:42:34 <awilfox> Shiz: otherwise lgtm
2017-05-14 02:42:49 <kaniini> Shiz i rather take a sledgehammer to PAM
2017-05-14 02:42:50 <Shiz> isn't wheel more of a sudo thing?
2017-05-14 02:43:04 <Shiz> kaniini: likewise, but we have a real usecasei n the bugtrackre who's hindered by this
2017-05-14 02:43:06 <Shiz> :P
2017-05-14 02:43:23 <Shiz> awilfox: or rather, doesn't wheel say who can su in the first place?
2017-05-14 02:43:26 <Shiz> if i'm getting this right
2017-05-14 02:43:57 <kaniini> it seems fine to me
2017-05-14 02:45:27 <Shiz> i can add pam_wheel too
2017-05-14 02:47:50 <Shiz> >The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group.
2017-05-14 02:47:55 <Shiz> i'm not sure if that's a good idea
2017-05-14 02:48:01 <Shiz> for su
2017-05-14 02:48:22 <Shiz> but i guess auth required's stack, so that should be fine
2017-05-14 02:50:34 <Shiz> mm idk, i don't have a strong opinion on adding pam_wheel
2017-05-14 02:52:45 <Shiz> btw, how do i assign bugs to myself on the bug tracker?
2017-05-14 03:09:53 <kaniini> someone will have to give you that permission in it
2017-05-14 03:12:32 <awilfox> Shiz: the idea is something like auth required pam_wheel.so
2017-05-14 03:12:40 <awilfox> Shiz: then `su` doesn't work for non-wheel users
2017-05-14 03:12:49 <Shiz> yeah but i'm not sure if that's a good idea
2017-05-14 03:12:51 <awilfox> Shiz: it still requires a password, it just fails before asking the password if you aren't already in wheel
2017-05-14 03:12:55 <Shiz> it's a change from the default busybox su we install
2017-05-14 03:13:07 <Shiz> yeah i figured that part out in the meantime :P
2017-05-14 03:13:13 <awilfox> busybox su doesn't do that?  okay, I guess it makes sense to mimic it then.
2017-05-14 05:28:15 <TemptorSent> kaniini: When you get a chance, please take a look at http://pastebin.com/LJKbCPV9
2017-05-14 05:28:36 <TemptorSent> s/http/&s/
2017-05-14 05:29:48 <TemptorSent> Let me know if that makes any sense.
2017-05-14 06:30:14 <kaniini> seems okay
2017-05-14 06:30:21 <kaniini> i dont see anything blatantly wrong
2017-05-14 12:04:34 <Shiz> when did we add pc: deps to apk?
2017-05-14 12:05:27 <Shiz> it seems xcb-utils may need a rebuild to expose its pc: provides
2017-05-14 12:07:09 <Shiz> ah, here: https://git.alpinelinux.org/cgit/abuild/commit/abuild.in?id=2f5ef7e2fa6acb03ffb1ed3d372e0945816c8fa4
2017-05-14 12:07:33 <Shiz> can xcb-utils be relbumped/rebuilt so that its pkg-config provides work and https://github.com/alpinelinux/aports/pull/1430 can be merged?
2017-05-14 13:13:45 <^7heo> moin
2017-05-14 14:53:06 <TemptorSent> Mornin'
2017-05-14 14:54:53 <TemptorSent> kaniini: Thanks :) Now my only big missing link is how apk's solver actually resolves its deptrees.
2017-05-14 17:37:56 <TemptorSent> kaniini: Also, any thoughts on handling of valid codependencies (which appear to result in cycles currently)?
2017-05-14 20:13:00 <scadu> Shiz: re pr 1430: should I send a xcb-utils pkgrel bump under the same pr?
2017-05-14 20:13:39 <Shiz> yeah that's fine
2017-05-14 20:13:42 <Shiz> i just won't be able to merge it for you
2017-05-14 20:13:49 <Shiz> because i've got no main/ access :P
2017-05-14 22:54:31 <Shiz> jirutka: ping
2017-05-14 22:57:09 <jirutka> Shiz: I agree with kaniini: "i rather take a sledgehammer to PAM"
2017-05-14 22:58:05 <Shiz> not what i was pinging you for
2017-05-14 22:58:07 <Shiz> :P
2017-05-14 22:58:09 <Shiz> but duly noted
2017-05-14 22:58:58 <jirutka> Shiz: "The pam_wheel PAM module is used to enforce the so-called wheel group." … wtf? wheel group is usually used to allow its members to sudo root… but with sudo, no with some automagic fucker
2017-05-14 22:59:52 <Shiz> ... the point is that pam_wheel is used together with su
2017-05-14 22:59:57 <jirutka> <awilfox>: "Shiz: it still requires a password, it just fails before asking the password if you aren't already in wheel" … and what the heck is the purpose? o.O
2017-05-14 22:59:58 <Shiz> nothing automagic about that
2017-05-14 22:59:59 <Shiz> anyway
2017-05-14 23:00:14 <Shiz> jirutka: wheel vastly predates sudo
2017-05-14 23:00:31 <Shiz> its original purpose was to group the normal users who were even allowed to su root in the first place
2017-05-14 23:00:51 <Shiz> they would still needs the root pw, but other users would be rejected entirely, valid root password or not
2017-05-14 23:00:53 <Shiz> ANYWAY
2017-05-14 23:00:58 <Shiz> jirutka: could you look at this? https://github.com/alpinelinux/aports/pull/1511
2017-05-14 23:01:12 <jirutka> <Shiz>: "when did we add pc: deps to apk?" … what do you mean? these are usually autodetected
2017-05-14 23:01:26 <Shiz> my question was when that autodetection was added
2017-05-14 23:01:29 <Shiz> the answer was somewhere in 2015
2017-05-14 23:12:52 <Shiz> responded to remarks
2017-05-14 23:12:59 <Shiz> and fixed some
2017-05-14 23:13:31 <Shiz> jirutka: pkgver is overridden in quite some apkbuilds
2017-05-14 23:13:33 <Shiz> it seems
2017-05-14 23:13:41 <jirutka> for example?
2017-05-14 23:14:09 <Shiz> hmm, trying to find it
2017-05-14 23:14:12 <Shiz> maybe i just had a faulty grep
2017-05-14 23:15:24 <Shiz> jirutka: main/libc0.9.32
2017-05-14 23:15:51 <Shiz> line 5 and 91
2017-05-14 23:16:35 <jirutka> snapshot function is not a split function
2017-05-14 23:16:45 <Shiz> oh, what is it?
2017-05-14 23:17:59 <jirutka> it seems that unfortunately yet another undocumented :/
2017-05-14 23:18:30 <jirutka> this function is used to create a snapshot file to be deployed to distfiles.a.o
2017-05-14 23:18:59 <Shiz> heh
2017-05-14 23:19:11 <Shiz> well I'll say that setting pkgver in the subpkg doesn't seem to break in practice
2017-05-14 23:19:14 <Shiz> (nor do I see why it should)
2017-05-14 23:19:51 <jirutka> for example when upstream is idiot and doesn’t provide any release tarballs, not using any normal repository that provides this feature, and the only option is to clone from git or other repo, then you may use snapshot to create snapshot of the repo and deploy it to our distfiles, to ensure reproducible builds
2017-05-14 23:20:33 <jirutka> another example is when upstream is retarded and removes older releases right after releasing new version
2017-05-14 23:21:12 <jirutka> I’d prefer to ask fabled about it
2017-05-14 23:21:25 <jirutka> about pkgver in split func
2017-05-14 23:22:35 <Shiz> sure
2017-05-14 23:34:40 <jirutka> imo it’d be better to just use the llvm’s version
2017-05-14 23:34:48 <Shiz> but that'd be incorrect
2017-05-14 23:34:50 <jirutka> or create a separate abuild for it
2017-05-14 23:35:58 <jirutka> i donjt think so, it’s from release tarball 4.0.0, isn’t it…?
2017-05-14 23:36:33 <jirutka> isn’t there a separate tarball for it…somehwere…?
2017-05-14 23:37:46 <jirutka> i need to go sleep
2017-05-14 23:37:58 <Shiz> jirutka: there's no separate tarball, but it has its own version
2017-05-14 23:38:00 <Shiz> in setup.py
2017-05-14 23:38:03 <Shiz> it's not version 4.0.0
2017-05-14 23:38:07 <Shiz> it's version 0.6.0
2017-05-14 23:38:21 <Shiz> $ lit --version
2017-05-14 23:38:23 <Shiz> lit 0.6.0dev
2017-05-14 23:43:28 <jirutka> Shiz: btw do you know that you should check libraries being upgrade for so version changes…?
2017-05-14 23:44:17 <jirutka> Shiz: when so version is bumped and there are some ABI breakages, then all dependent pkgs must be rebuilt
2017-05-14 23:44:33 <Shiz> jirutka: eyes
2017-05-14 23:44:34 <Shiz> yes*
2017-05-14 23:44:39 <Shiz> the travis output tells you, right
2017-05-14 23:44:47 <jirutka> Shiz: it’s printed at the end of build on Travis; but it’s very stupid, just diff
2017-05-14 23:44:51 <jirutka> yeah
2017-05-14 23:45:22 <Shiz> i check 3 things for small PRs:
2017-05-14 23:45:26 <Shiz> 1) if the apkbuild changes are sensible
2017-05-14 23:45:28 <Shiz> 2) if the build succeeds
2017-05-14 23:45:36 <Shiz> 3) if the build file list doesn't change in a bad way
2017-05-14 23:45:40 <Shiz> 4) if there are no soname bumps
2017-05-14 23:45:42 <Shiz> :P
2017-05-14 23:45:44 <Shiz> sorry, 4 things
2017-05-14 23:46:01 <jirutka> is tmpfile here?
2017-05-14 23:47:52 <Shiz> i haven't seen them here
2017-05-14 23:47:58 <Shiz> jirutka: also check out the immense size of the libc++ testsuite
2017-05-14 23:48:06 <Shiz>                                                                                       -- Testing: 5726 tests, 4 threads --                                                                                        2% [====---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------]
2017-05-14 23:48:08 <Shiz> ETA: 00:22:30
2017-05-14 23:50:54 <Shiz> jirutka: found ab etter way to solve the c++abi situation
2017-05-14 23:51:03 <Shiz> there's an option in the libc++ build system to statically embed libc++abi
2017-05-14 23:51:16 <Shiz> as it comes from the same pkg anyway, and we already need it to make -static work at all
2017-05-14 23:51:26 <Shiz> makes no sense to even expose libc++abi as a package
2017-05-14 23:51:29 <Shiz> nothing else uses it
2017-05-14 23:54:34 <jirutka> Shiz: this may come handy now: https://github.com/alpinelinux/aports/pulls?utf8=%E2%9C%93&q=is%3Apr%20is%3Aopen%20-label%3AP-low (filters out P-low)
2017-05-14 23:55:08 <Shiz> thanks :P
2017-05-14 23:55:24 <Shiz> could you review toilet btw?
2017-05-14 23:55:27 <Shiz> i can't review my own prs ;)
2017-05-14 23:55:46 <jirutka> I hope that he will get tired soon… this is not very helpful now, when we’re right before branching v3.6 :/
2017-05-14 23:55:55 <jirutka> not now, I need to go sleep
2017-05-14 23:56:04 <Shiz> okay np
2017-05-15 00:03:11 <Shiz> asking me to use barely documented features, now :P
2017-05-15 00:07:00 <jirutka> ?
2017-05-15 00:07:22 <Shiz> snapshot() is not really meant for what you propose
2017-05-15 00:07:27 <Shiz> it's meant to create stable tarballs from svn/git repos
2017-05-15 00:07:35 <Shiz> not to deal with flaky often-down upstream servers
2017-05-15 00:07:37 <jirutka> or from flanky source
2017-05-15 00:07:41 <Shiz> as i understand it
2017-05-15 00:07:47 <Shiz> i mean, this still won't work at all
2017-05-15 00:07:51 <jirutka> the problem is how to update such abuild…?
2017-05-15 00:08:02 <Shiz> if the upstream is down when it creates the snapshot
2017-05-15 00:08:07 <jirutka> then bad luck
2017-05-15 00:08:09 <Shiz> well, toilet hasn't seen a new release in 5+ years
2017-05-15 00:08:12 <Shiz> i wouldn't hold my horses
2017-05-15 00:08:14 <Shiz> :P
2017-05-15 00:08:15 <jirutka> aha
2017-05-15 00:08:34 <jirutka> at least there should be strong comment why it is used
2017-05-15 00:08:58 <Shiz> sure, that's fair
2017-05-15 00:08:59 <jirutka> really need to go sleep now
2017-05-15 00:09:01 <jirutka> gn
2017-05-15 00:09:03 <Shiz> also go to bed you
2017-05-15 00:09:05 <Shiz> yes
2017-05-15 00:09:07 <Shiz> night :)
2017-05-15 00:10:26 <jirutka> Shiz: btw I have special mission for you… don’t let anyone to branch v3.6 before moving ghc to community :P https://github.com/alpinelinux/aports/pull/1450
2017-05-15 00:10:35 <Shiz> :P
2017-05-15 00:10:47 <Shiz> i'll do my gambatte
2017-05-15 00:11:15 <jirutka> unfortunately i can’t do it myself, cause it requires some special procedure
2017-05-15 00:11:21 <jirutka> (moving it to community)
2017-05-15 00:11:49 <Shiz> yeah, build server bootstrap stuff
2017-05-15 00:11:51 <jirutka> also it’d be great to figure out how to build rust for the rest of arches :)
2017-05-15 00:11:51 <Shiz> i saw before
2017-05-15 00:12:32 <Shiz> i don't think it'll be very different
2017-05-15 00:12:38 <Shiz> we just need bootstraps, which should be easy now
2017-05-15 00:12:47 <Shiz> i'll take a look at it... later
2017-05-15 04:51:52 <tmh1999> ncopa : The last package can't be built on s390x is community/tg. I tried to debug it during the weekend but still can't figure it out. Bet we disable it for now for rc1. ioping is pending : https://github.com/alpinelinux/aports/pull/1399
2017-05-15 06:48:04 <mihnea> Hello
2017-05-15 06:52:51 <mihnea> I have been working on a way to build PyPy and managed to have a set of steps to do it properly. I wanted to ask you what are the steps for me to take to publish this to your repository?
2017-05-15 06:53:18 <mihnea> Does this link: https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package provide everything, including building PyPy?
2017-05-15 06:58:19 <mihnea> I am thinking that when an user issues the command: apk add pypy, they will download and use the pre-build version for PyPy, and not compile everything from scratch.
2017-05-15 07:39:49 <Shiz> mihnea: yes
2017-05-15 07:40:16 <Shiz> we use APKBUILDs, and our build servers use that to create binary packages
2017-05-15 08:05:11 <mihnea> Shiz: Thank you ,I will start working on this and keep everyone up to date
2017-05-15 08:05:39 <Shiz> once you feel like you have worked, feel free to submit a PR to the aports repository and we'll check it out :)
2017-05-15 08:06:03 <Shiz> s/worked/it worked out/
2017-05-15 08:33:56 <Shiz> fabled: kaniini: would an option to not run check() in fakeroot in abuild be welcome?
2017-05-15 08:34:09 <Shiz> it seems for some packages testsuites don't need to be ran as root and fail because of fakeroot's extra leniency
2017-05-15 08:34:23 <Shiz> something like options="!checkroot"
2017-05-15 17:53:29 <HRio> seems rdiff-backup/librsync-2.0.0 in alpine is affected by this https://bbs.archlinux.org/viewtopic.php?id=207080
2017-05-15 17:53:45 <HRio> rdiff-backup[12836]: segfault at f23d95aa0ec ip 00007080507109ea sp 00007389f31183a0 error 4 in librsync.so.2.0.0[70805070a000+20e000]
2017-05-15 18:01:32 <HRio> seems to be fixed upstream but not included in a release as of yet
2017-05-15 18:04:02 <jirutka> HRio: could you backport the patch that fixes this error?
2017-05-15 18:14:22 <HRio> jirutka: Will see if I I have time tonight.
2017-05-15 19:21:42 <HRio> jirutka: upstream/master solves the segv https://github.com/HRio/aports/tree/librsync-segv will try to find the relevant commits to backport
2017-05-15 19:59:10 <HRio> jirutka: https://github.com/alpinelinux/aports/pull/1514
2017-05-15 23:24:05 <Shiz> jirutka: https://github.com/alpinelinux/aports/pull/1511
2017-05-15 23:24:13 <Shiz> better version of the libc++ apkbuild :)
2017-05-15 23:36:58 <xentec> Shiz: does it still depend on libgcc?
2017-05-15 23:37:10 <Shiz> no
2017-05-15 23:37:19 <Shiz> it depends on llvm-libunwind though
2017-05-15 23:37:44 <xentec> gcc-less system \o/
2017-05-16 00:07:36 <Shiz> jirutka: thanks for the comments, updated
2017-05-16 00:07:44 <Shiz> note that the travis build will fail regardless because of llvm time limit
2017-05-16 00:07:45 <Shiz> :P
2017-05-16 00:10:34 <jirutka> I said short note XD
2017-05-16 00:10:41 <jirutka> but okay :)
2017-05-16 00:11:03 <Shiz> eh, i think this explains the situation a bit better
2017-05-16 00:11:09 <Shiz> also why we don't package libc++abi :)
2017-05-16 00:11:19 <Shiz> because someone may wonder that as well
2017-05-16 00:11:29 <jirutka> aha
2017-05-16 00:14:48 <jirutka> Shiz: look what I found https://pypi.python.org/pypi/lit/ ;)
2017-05-16 00:15:08 <Shiz> that's outdated though
2017-05-16 00:15:11 <Shiz> 0.5.0 :p
2017-05-16 00:15:12 <jirutka> unfortunately there’s no 0.6.0, so they apparently don’t care about it :(
2017-05-16 00:15:28 <jirutka> LLVM upstream is horrible :(
2017-05-16 00:19:35 <Shiz> yeah
2017-05-16 00:19:44 <Shiz> well at least now we know separate pkgver is fine
2017-05-16 00:19:45 <Shiz> ;p
2017-05-16 00:41:42 <jirutka> Shiz: I’m curious how have you managed to build it
2017-05-16 00:41:51 <jirutka> ’cause we don’t have llvm-libunwind 4.0.0…
2017-05-16 00:42:04 <Shiz> oh?
2017-05-16 00:42:09 <jirutka> it’s 3.9
2017-05-16 00:42:14 <jirutka> we have added this pkg for rust
2017-05-16 00:42:19 <jirutka> and rust builds with llvm3.9
2017-05-16 00:42:38 <jirutka> I’m not entirely sure if we can mix llvm3.9 and llvm-libunwind 4.0
2017-05-16 00:42:39 <Shiz> how curious...
2017-05-16 00:42:48 <Shiz> should be able to
2017-05-16 00:42:52 <Shiz> llvm libunwind is standalone
2017-05-16 00:42:59 <Shiz> it doesn't hook into llvm or anything
2017-05-16 00:43:01 <Shiz> afaik
2017-05-16 00:43:31 <Shiz> jirutka: thanks for notifying
2017-05-16 00:43:44 <Shiz> it looks like my builder had a llvm-libunwind*.apk left over from when i tested upgrading it
2017-05-16 00:43:46 <jirutka> but srsly, how have you built it? :)
2017-05-16 00:43:49 <jirutka> aha
2017-05-16 00:44:22 <Shiz> i'll upgrade it and add the commit...
2017-05-16 00:44:34 <Shiz> sorry about that
2017-05-16 00:45:37 <jirutka> I’ve pushed you something :P
2017-05-16 00:47:39 <Shiz> jirutka: i can do you better
2017-05-16 00:47:41 <Shiz> :P
2017-05-16 00:47:53 <jirutka> ?
2017-05-16 00:48:23 <jirutka> hm, setup.py commands
2017-05-16 00:48:36 <Shiz> jirutka: $ python2 utils/lit/setup.py --version 2>/dev/null | sed -e 's/\.dev.*$//'
2017-05-16 00:48:37 <Shiz> 0.6.0
2017-05-16 00:48:39 <Shiz> :)
2017-05-16 00:49:00 <jirutka> well, that’s how it looks when your faviourite hummer is sed…
2017-05-16 00:49:26 <jirutka> but then I realized that it’ll be easier to evaluate it in python then replacing ", " with dots etc.
2017-05-16 00:49:45 <jirutka> and forgot to reevaluate my approach
2017-05-16 00:50:16 <jirutka> fell free to replace it with your simpler solution ;) just remove redundant "-e"
2017-05-16 00:50:55 <jirutka> s/hummer/hammer/
2017-05-16 00:50:58 <jirutka> I should go sleep:)
2017-05-16 00:52:33 <Shiz> naito
2017-05-16 00:52:46 <Shiz> jirutka: upgraded llvm libunwind to 4.0.0
2017-05-16 00:52:50 <Shiz> it rmeoves a bunch of our old hacks :)
2017-05-16 00:53:11 <jirutka> now we have to rebuild rust
2017-05-16 00:53:28 <Shiz> yeah
2017-05-16 00:53:33 <Shiz> i'll add a rebuild rust to that PR too
2017-05-16 00:53:34 <Shiz> :P
2017-05-16 00:53:55 <jirutka> what hacks?
2017-05-16 00:54:23 <jirutka> that one for building both static and shared lib?
2017-05-16 00:54:58 <Shiz> yes
2017-05-16 00:55:12 <jirutka> they finally provide some option to build both?
2017-05-16 00:56:28 <Shiz> yes it's just enable_shared=on
2017-05-16 00:56:32 <Shiz> it will also built static :)
2017-05-16 00:56:55 <jirutka> great!
2017-05-16 00:57:04 <jirutka> i didn’t like that ugly hack I made
2017-05-16 00:57:09 <Shiz> :P
2017-05-16 00:57:19 <jirutka> sleep, gn :)
2017-05-16 00:58:11 <Shiz> jirutka: ok to build libunwind with clang?
2017-05-16 00:58:13 <Shiz> sure gn
2017-05-16 00:58:18 <jirutka> mitchty: please take a look at https://github.com/alpinelinux/aports/pull/684#commits-pushed-22e4594
2017-05-16 00:58:32 <jirutka> Shiz: hmm… there’s some problem in clang on x86
2017-05-16 00:58:38 <Shiz> oh okay
2017-05-16 00:58:40 <Shiz> i'll omit that then
2017-05-16 00:58:48 <Shiz> libc++ does need to be built with clang
2017-05-16 00:58:51 <jirutka> Shiz: I’ve probably somehow screwed it when updating patches
2017-05-16 00:58:51 <Shiz> you get nasty stuff otherwise
2017-05-16 01:00:14 <Shiz> jirutka: btw i don't think there's an soname bump in libunwind
2017-05-16 01:00:21 <Shiz> so a rust rebuild won't be needed
2017-05-16 01:00:35 <Shiz> or did it statically embed libuwnind...
2017-05-16 01:00:44 <jirutka> probably both…
2017-05-16 01:00:52 <jirutka> cause it depends on libunwind-dev in runtime
2017-05-16 01:01:03 <jirutka> have you verified if the ABI is the same?
2017-05-16 01:01:15 <jirutka> tbh I’d not trust sonames in the case of LLVM…
2017-05-16 01:01:38 <Shiz> yeah i think itembeds stuff anyway
2017-05-16 01:01:40 <Shiz> i'll bump it
2017-05-16 10:27:04 <ncopa> ^7heo seems you are maintainer of community/gogs, there is new version available, 0.11.4. care to bump it?
2017-05-16 10:27:09 <ncopa> apkbuild might need refactor...
2017-05-16 10:29:00 <^7heo> ncopa: it's been taken care since the abump
2017-05-16 10:29:08 <^7heo> not comitted tho
2017-05-16 10:29:28 <^7heo> because I have unanswered questions
2017-05-16 10:30:07 <^7heo> also I have big issues with my VPS atm; so no time for that now
2017-05-16 10:30:12 <ncopa> ok
2017-05-16 10:30:33 <^7heo> I'll ask the questions again later
2017-05-16 11:00:35 <ncopa> seems like go 1.8.1 fails on aarch64
2017-05-16 12:27:28 <Shiz> jirutka: it lies?
2017-05-16 12:27:34 <jirutka> Shiz: yes
2017-05-16 12:28:06 <Shiz> no, it seems correct
2017-05-16 12:28:12 <Shiz> what it does use is LLVM_CONFIG_PATH
2017-05-16 12:28:14 <Shiz> :)
2017-05-16 12:28:17 <jirutka> Shiz: every LLVM project that links with LLVM accepts configuration option LLVM_CONFIG
2017-05-16 12:28:34 <jirutka> hm, so they renamed it just for libunwind? that’s strange…
2017-05-16 12:28:42 <Shiz> https://github.com/llvm-mirror/libunwind/blob/master/CMakeLists.txt#L21
2017-05-16 12:28:59 <jirutka> hm, aha
2017-05-16 12:29:11 <jirutka> LLVM team doesn’t respect consistency…
2017-05-16 12:29:13 <Shiz> I'll change it
2017-05-16 12:29:17 <jirutka> okay, then please rename it
2017-05-16 12:31:03 <Shiz> -DLLVM_CONFIG_PATH="/usr/lib/llvm$_llvmver/bin/llvm-config" \
2017-05-16 12:31:06 <Shiz> :)
2017-05-16 12:32:07 <Shiz> jirutka: hmm
2017-05-16 12:32:16 <Shiz> we may want to require clang for compilation either way
2017-05-16 12:32:23 <Shiz> so libunwind can be linked against compiler-rt...
2017-05-16 12:32:26 <Shiz> well, optimisation for later
2017-05-16 12:33:59 <Shiz> pushed the changes
2017-05-16 12:36:11 <Shiz> jirutka: also gonna push an extra patch for non-exec stack
2017-05-16 12:36:22 <jirutka> Shiz: https://github.com/alpinelinux/aports/commit/6245e20b52907a0efb44bf38c97e52d0bfe6ffc3
2017-05-16 12:36:46 <Shiz> jirutka: i already fixed that
2017-05-16 12:36:47 <Shiz> in the latest push
2017-05-16 12:36:49 <Shiz> :P
2017-05-16 12:36:53 <jirutka> okay
2017-05-16 12:37:18 <Shiz> it seems libunwind relies on __GNU__ | __APPLE__ | __FreeBSD__ | ... to set a nonexecstack
2017-05-16 12:37:20 <jirutka> Shiz: "so libunwind can be linked against compiler-rt" – what’s the benefit?
2017-05-16 12:37:20 <Shiz> :/
2017-05-16 12:37:32 <Shiz> jirutka: gcc/gnu-less llvm stack
2017-05-16 12:37:42 <Shiz> else it would link against -lgcc_s
2017-05-16 12:39:55 <jirutka> compare size of the resulting static binary when compiled with clang and gcc; IIRC i’ve tried to compile it with clang, but for some reason switched it back, maybe it increased binary size; I really don’t remember and I haven’t dropped any comment about it, so probably just mixed memories, but pls check it out when switching to clang ;)
2017-05-16 12:40:22 <jirutka> maybe it was just difference between size of libunwind and llvm-libunwind
2017-05-16 12:44:04 <Shiz> https://github.com/alpinelinux/aports/pull/1511/commits/5f3da378ae06103f8d37b58decc6a854824d7911
2017-05-16 12:44:06 <Shiz> there
2017-05-16 12:44:22 <Shiz> now libunwind has a proper noexecstack
2017-05-16 16:36:26 <^7heo> Damn
2017-05-16 16:36:38 <^7heo> Some bs script kiddie on #alpine-linux
2017-05-16 16:37:21 <_ikke_> I see
2017-05-16 16:37:41 <^7heo> I got some DCC pen attempts
2017-05-16 16:37:56 <_ikke_> right
2017-05-16 18:18:00 <skrzyp> https://a.doko.moe/bwcvwh.jpg - alpine team, reading latest CVE announcements
2017-05-16 18:19:38 <_ikke_> lol
2017-05-16 18:21:31 <jirutka> ?
2017-05-16 18:21:35 <jirutka> what specifically?
2017-05-16 18:21:42 <scadu> lel
2017-05-16 18:21:47 <skrzyp> kek
2017-05-16 18:21:58 <skrzyp> https://a.doko.moe/koqoqv.jpg - jirutka at github PR review
2017-05-16 18:22:17 <jirutka> btw this is funny: “Elastic is now a CNA, assigning CVE IDs for its own products. Read the complete announcement at…” … so their products are so vulnerable, that they need their own CNA? XD
2017-05-16 18:22:33 <skrzyp> that Elastic from ElasticSearch?
2017-05-16 18:22:38 <scadu> yis
2017-05-16 18:22:48 <jirutka> I know Krteček, but what’s about latest CVE announcements? o.O
2017-05-16 18:23:24 <scadu> jirutka: it seems that skrzyp is creating Alpine memes :p
2017-05-16 18:23:31 <jirutka> aha
2017-05-16 18:25:09 <jirutka> it’s very sad that when I see Krteček in international context, the first thing that come to my mind is our fucking president pushing us to the China’s ass… :(
2017-05-16 18:25:22 <scadu> XD
2017-05-16 18:25:47 <jirutka> http://cdn.i0.cz/src/public-data/f8/5c/917c8c183ab191d20224f15b654f_base_optimal.jpg :(
2017-05-16 18:26:12 <jirutka> he ruins our culture
2017-05-16 18:26:18 <scadu> for me Krtecek is just Krtecek -- first known badass in my life, before Rambo XD
2017-05-16 18:26:19 <skrzyp> https://a.doko.moe/dusjgy.jpg - #alpine-* irc when ^7heo rants about everything xD
2017-05-16 18:26:26 <scadu> http://www.lisa-prosch.de/wp-content/uploads/2010/04/krtek13.jpg
2017-05-16 18:26:42 <scadu> let's move to -offtopic maybe :x
2017-05-16 18:26:51 <clandmeter> can we keep this stuff for offtopic?
2017-05-16 18:27:28 <scadu> jirutka: can we merge pr 1430?
2017-05-16 18:30:36 <jirutka> scadu: I’m not sure… has Krteček approved it? :P
2017-05-16 18:30:58 <jirutka> btw m4 is quite surely also unused
2017-05-16 18:32:19 <scadu> jirutka: it didn't build without m4, but I might check once again if needed
2017-05-16 18:32:36 <scadu> I also prepare i3-gaps, but probably would be best to merge i3 first
2017-05-16 18:32:59 <skrzyp> cool m4 m8
2017-05-16 18:33:11 <scadu> I saw that skrzyp was working on -gaps, but it wasn't merged yet
2017-05-16 18:42:16 <skrzyp> yeah, I stopped using tatra linux in favor or nothing linux
2017-05-16 18:42:24 <skrzyp> so the i3 wasn't needed
2017-05-16 18:44:09 <jirutka> lol
2017-05-16 18:44:58 <jirutka> but not surprised, Nad Tatrou sa blýská! XD
2017-05-16 18:45:28 <skrzyp> yeah
2017-05-16 18:45:46 <skrzyp> even in Cracow we had some thunderstrikes today
2017-05-16 18:46:11 <jirutka> it’s sunny in Prague now :)
2017-05-16 18:46:26 <skrzyp> get your clouds back
2017-05-16 18:46:34 <jirutka> I’d like to…
2017-05-16 18:46:49 <scadu> ding ding ding, we are on -devel. let's try to stick the topic :<
2017-05-16 18:47:04 <scadu> or just spam on -offtopic :P
2017-05-16 18:47:25 <skrzyp> > scadu
2017-05-16 18:47:28 <skrzyp> > keeping on topic
2017-05-16 19:12:47 <vkrishn> skrzyp, no compelling but would it be possible to have a look at
2017-05-16 19:12:48 <vkrishn> https://wiki.alpinelinux.org/wiki/Aports_what_is_edge
2017-05-16 19:12:48 <vkrishn> and see if some interesting can be cooked for illustrations.
2017-05-16 19:12:48 <vkrishn> Feel free to make changes in the page, eg like banana with any other fruit... etc
2017-05-16 19:13:25 <vkrishn> been wating for a an artists to complete it.
2017-05-16 19:14:16 <scadu> Krtecek and mushrooms
2017-05-16 19:15:13 <vkrishn> kinda got inspired by openbsd
2017-05-16 19:16:02 <scadu> Krtecek would be a nice mascott :P
2017-05-16 19:16:37 <skrzyp> http://bajkionline.com/wp-content/uploads/2015/07/krecik-i-grzyby.jpg
2017-05-16 19:16:39 <skrzyp> alpine edge
2017-05-16 19:16:41 <skrzyp> xD
2017-05-16 19:16:57 <vkrishn> would be nice to have it done before v3.6
2017-05-16 19:17:37 <vkrishn> if they grow on alpines, better
2017-05-16 19:19:24 <jirutka> I’m banging my head on the table what the hell is happening on the damn builders and you’re discussing illustrations, lol
2017-05-16 19:20:33 <scadu> b-b-b-ut it's almost Friday, sir
2017-05-16 19:20:39 <vkrishn> this is another part of development of AlpineLinux, its called marketting
2017-05-16 19:20:46 <vkrishn> ;)
2017-05-16 19:20:58 <vkrishn> sorry to be same room
2017-05-16 19:21:03 <scadu> we're cool, Alpine's cool
2017-05-16 19:23:18 <vkrishn> hmm... still unable to locate the curtain
2017-05-16 19:58:32 <martanne> jirutka: what is your opinion on the pkg-config related inconveniences I reported? For now I'm using the following hacks in a Dockerfile to build a static vis binary: http://sprunge.us/YOZj
2017-05-16 20:04:32 <jirutka> martanne: I asked kaniini about it (he’s author of pkgconf) and he was in doubts if that static lib should be in pkgconf file, so I decided to wait until you come and explain if and why you really need it here
2017-05-16 20:04:39 <jirutka> martanne: I don’t know how it should be correctly handled
2017-05-16 20:09:05 <martanne> jirutka: ok I see, I'm not that familiar with pkg-config conventions either. From a user point of view I just want to use something along the lines of: ./configure CC='cc --static' && make and have it work.
2017-05-16 20:18:12 <TemptorSent> jirutka: Building static binaries seems to be the obvious use case for static libs, but that also requires installing them sanely.
2017-05-16 20:19:17 <TemptorSent> shared libs are usually conveniently versioned, while the static libs are a guessing game.
2017-05-16 20:20:58 <TemptorSent> Ditching LFS is the sane fix long term I guess :)
2017-05-16 21:04:44 <jirutka> TemptorSent: this is totally out-of-topic
2017-05-16 21:05:26 <jirutka> TemptorSent: we need to know how to record static lib into pkgconf file
2017-05-16 21:20:37 <kaniini> --static isn't for that
2017-05-16 21:20:43 <kaniini> it is a badly named parameter
2017-05-16 21:24:11 <jirutka> kaniini: could you please propose some solution?
2017-05-16 21:25:02 <kaniini> yeah
2017-05-16 21:26:41 <kaniini> https://paste2.org/dtCwDGnO
2017-05-16 21:26:42 <kaniini> like so
2017-05-16 21:26:50 <kaniini> but --static isnt for that, really
2017-05-16 21:29:20 <jirutka> kaniini: so pkgconf can disquish between static and shared libs? based on file extension?
2017-05-16 21:32:14 <jirutka> kaniini: btw it seems that you were wrong about that pkgver in split function is okay… I don’t know why, but it doesn’t work on build infra
2017-05-16 21:32:42 <jirutka> kaniini: I have no clue what has happened here, b/c it work on my machine, but obviously something is very wrong :(
2017-05-16 21:33:17 <kaniini> jirutka: no, pkgconf just leaves the fragment alone
2017-05-16 21:34:04 <kaniini> jirutka: --static just brings in Libs.private & CFLAGS.private
2017-05-16 21:34:25 <kaniini> jirutka: it should really be --private
2017-05-16 21:35:20 <jirutka> kaniini: well, I’m afraid of this: we add static libs into foo.pc and then wen some program asks for flags to dynamically link foo, it’ll also get /lib/foo.a and it will be messed;
2017-05-16 21:35:51 <jirutka> kaniini: is this real problem or it should be okay?
2017-05-16 21:36:27 <kaniini> jirutka: pkg-config does not support actual 'static linking'
2017-05-16 21:36:36 <jirutka> and pkgconf?
2017-05-16 21:36:48 <kaniini> jirutka: pkgconf is obligated for the moment to do the same as pkg-config
2017-05-16 21:37:20 <kaniini> jirutka: the good news is redhat has killed off its support of the former, so maybe we can actually fix this shit someday
2017-05-16 21:37:31 <jirutka> :)
2017-05-16 21:37:46 <kaniini> --static isn't what people think it is
2017-05-16 21:37:47 <kaniini> really
2017-05-16 21:37:48 <kaniini> it's not
2017-05-16 21:39:01 <jirutka> so what would you recommend, not using pkgconf for it and just specify the paths manually?
2017-05-16 21:44:28 <kaniini> i would have two .pc files
2017-05-16 21:44:45 <kaniini> one for shared, and one for static that explicitly references the .a files
2017-05-16 21:45:13 <kaniini> if you do
2017-05-16 21:45:28 <kaniini> pkgconf --static --libs gtk+-3.0
2017-05-16 21:45:30 <kaniini> for example
2017-05-16 21:45:40 <kaniini> you'll see what i mean
2017-05-16 21:46:05 <jirutka> how to name them? foo-static.pc?
2017-05-16 21:46:10 <kaniini> --static is in some very limited usecases useful for static linking, but it wont give you .a's and pkgconf cannot filter out .a's
2017-05-16 21:46:11 <kaniini> yes
2017-05-16 21:47:56 <jirutka> I’m not sure if it’s really worth it, Lua C modules are typically very simple and has predictable names, so what is benefit of using pkconf instead of just passing /usr/lib/foo.a to the linker, martanne?
2017-05-16 21:53:41 <martanne> jirutka: the problem is that their location is not really standardized. On Alpine they are in /usr/lib/lua/5.x/lpeg.a, but for example in Debian they are in /usr/lib/x86_64-linux-gnu/liblua5.x-lpeg.a ...
2017-05-16 21:54:10 <jirutka> well, blame Debian…
2017-05-16 21:54:36 <jirutka> does Debian add static libs to pkgconf for these Lua libs?
2017-05-16 21:55:02 <jirutka> actually… you can ask Lua for these paths, give me a sec
2017-05-16 21:56:09 <martanne> I don't really want to mess with package.cpath ...
2017-05-16 21:56:34 <martanne> And yes I can work around it, but ideally I would like to do it 'correctly'
2017-05-16 21:56:38 <jirutka> martanne: lua -e 'print(package.cpath)', you will get something like `./?.so;/usr/local/lib/lua/5.1/?.so;/usr/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so`
2017-05-16 21:56:52 <jirutka> the problem is that there’s no correct solution now
2017-05-16 21:57:27 <jirutka> but the important question is, does Debian add static libs to pkgconf for Lua libs? if not, then it’s not really a solution for you
2017-05-16 22:00:30 <jirutka> martanne: hmm, there’s anotjher way and imo the most correct and portable: `pkg-config --variable=INSTALL_CMOD lua` → `/usr/lib/lua/5.1`
2017-05-16 22:01:08 <jirutka> martanne: you must just take care of lua name, "lua" on Alpine is still 5.1, if you want 5.3, then it’s called "lua5.3"
2017-05-16 22:04:15 <jirutka> kaniini: do you have access to x86_64 builder? I’d like to move testing/ghc to community, but it depends on ghc, so if I understood it correctly, someone must manually install ghc on the builder to get it built the first time; and fabled is not responding
2017-05-16 22:05:06 <jirutka> there’s already testing/ghc pkg, so it must be just installed, not really bootstrapped
2017-05-16 22:13:01 <kaniini> ncopa maintains that builder.
2017-05-16 22:13:31 <martanne> jirutka: $INSTALL_CMOD isn't standardized either ;) Anyway thanks for adding the static library versions to the repo. There is probably no really portable solution available at this time :/ I will just use an alpine based docker environment to build static binaries. In general users will have to manually override some make variables.
2017-05-16 22:14:48 <jirutka> martanne: really? IIRC it’s standard variable defined by Lua
2017-05-16 22:15:06 <jirutka> martanne: there should be the best chance to be the same across distros
2017-05-16 22:16:06 <jirutka> martanne: well, it’s very easy to bootstrap Alpine, so you can use e.g. https://github.com/alpinelinux/alpine-chroot-install and tell users to just run script that install Alpine in chroot and build vis inside it
2017-05-16 22:16:57 <jirutka> martanne: and maybe prepare docker image for lazy ones who don’t care about insane complexity for simple stuff :P
2017-05-16 22:18:13 <jirutka> martanne: and you can use this script even to simply compile binaries for other arches ;) it has built-in support, I use it on Travis
2017-05-16 22:18:50 <martanne> jirutka: do you have a link to a project which uses it?
2017-05-16 22:19:23 <jirutka> martanne: sure, for example https://github.com/bigclownlabs/bc-bridge/blob/master/script/ci-install
2017-05-16 22:19:43 <martanne> ok, I will consider that
2017-05-16 22:20:33 <jirutka> martanne: we use the same principle, but not exactly this script, in alpinelinux/aports for testing pull requests and I use it also in jirutka/user-aports for building my personalpackages
2017-05-16 22:21:24 <jirutka> martanne: https://github.com/search?q=alpine-chroot-install&type=Code&utf8=%E2%9C%93
2017-05-17 08:02:08 <clandmeter> kunkku, is there a way to globally disable logging in awall?
2017-05-17 08:22:30 <przemoc> apparently you cannot simply define logging class as false, you can use false as value of log attribute in filter/policy/packet-log rules.  but you can temporarily change limit to 0/sec for logging rules you want to quiet down, and if you don't define your own logging classes, provide redefined _default
2017-05-17 08:23:02 <clandmeter> i tried 0 but that makes iptables go mad
2017-05-17 08:23:27 <clandmeter> what i dont want is iptables to fill up my dmesg
2017-05-17 08:23:34 <clandmeter> so redirecting to ulog is also an option
2017-05-17 08:23:58 <clandmeter> but i would also like to know if its just possible to disable it all together.
2017-05-17 08:27:05 <przemoc> ok, haven't checked personally limit 0, good to know it wouldn't work.  I'm not aware of such switch in awall, but it would be good thing to have, globally and per logging class with some dedicated attribute, possibly called: suppress
2017-05-17 08:45:37 <clandmeter> you can set it per rule
2017-05-17 08:46:48 <clandmeter> Filter and policy rules can have an attribute named log. If it is a string, it is interpreted as a reference to a logging class, and logging is performed according to the definitions. If the value of the log attribute is true (boolean), logging is done using default settings. If the value is false (boolean), logging is disabled for the rule.
2017-05-17 09:12:04 <fcolista> has anyone an idea on how to have a custom alpine iso? I need zfs-grsec on an usb
2017-05-17 09:16:22 <przemoc> clandmeter: I wrote it already in the first ssentence. ;)  the problem is that you have to change usage instead of definition, which is very cumbersome, so something like suppress in logging class would be much more useful than false in every rule using particular log class
2017-05-17 09:18:08 <clandmeter> przemoc, ah ok missed that .
2017-05-17 09:18:30 <clandmeter> yes, exactly what i mean.
2017-05-17 10:06:13 <przemoc> clandmeter: http://paste.przemoc.net/alpine/awall/0001-Log-Allow-skiping-ignoring-logging-classes.patch
2017-05-17 10:06:53 <przemoc> if you want to disable everything, add "skip": true to all logging classes, including _default class
2017-05-17 10:07:38 <przemoc> hth
2017-05-17 10:11:41 <przemoc> I didn't want to use suppress name in the end, because it doesn't guarantee that packet matching that rule won't be logged, but only that it won't be logged with given logging class, it may still show up from other filter/policy rule with different logging class, that's why I think that skip better describes this feature
2017-05-17 10:13:14 <przemoc> kunkku: http://paste.przemoc.net/alpine/awall/0001-Log-Allow-skiping-ignoring-logging-classes.patch - maybe you'll want to apply this patch, but I rather guess you may not like this approach
2017-05-17 10:15:23 <przemoc> it's one line non-disruptive change, so you can easily add it yourself in /usr/share/lua/5.1/awall/modules/log.lua w/o building awall yourself
2017-05-17 10:15:39 <przemoc> clandmeter: ^
2017-05-17 10:27:44 <jirutka> Shiz: http://build.alpinelinux.org/buildlogs/build-edge-x86_64/testing/libc++/libc++-4.0.0-r0.log ಠ_ಠ
2017-05-17 10:29:21 <clandmeter> przemoc, that seems to work. thx
2017-05-17 10:34:30 <przemoc> good.  I tested it only as far as calling `awall diff`, because I don't want to lose logs.
2017-05-17 10:40:09 <Shiz> jirutka: seems like your new lit subpackage is fucked
2017-05-17 10:40:11 <Shiz> :D
2017-05-17 10:40:27 <jirutka> Shiz: no, it seems that you’ve missed dependency on py-setuptools
2017-05-17 10:40:34 <fcolista> jirutka, have you tried mkimage.sh so far?
2017-05-17 10:40:53 <jirutka> Shiz: also all tests fail for libc++abi on my machine :( how you get it pass?
2017-05-17 10:41:03 <jirutka> fcolista: what mkimage.sh?
2017-05-17 10:41:04 <Shiz> jirutka: that's odd...
2017-05-17 10:41:14 <Shiz> jirutka: i'll look at it when home
2017-05-17 10:41:26 <fcolista> jirutka, one of the scripts in abuild to create an iso
2017-05-17 10:41:38 <clandmeter> not in abuild, aports
2017-05-17 10:41:41 <fcolista> this doc:
2017-05-17 10:41:41 <jirutka> fcolista: not yet
2017-05-17 10:41:41 <fcolista> https://wiki.alpinelinux.org/wiki/How_to_make_a_custom_ISO_image
2017-05-17 10:41:48 <fcolista> right, aports
2017-05-17 10:41:58 <fcolista> so that doc is old
2017-05-17 10:42:12 <fcolista> anyone tried so far?
2017-05-17 10:42:21 <clandmeter> i think i did :)
2017-05-17 10:42:27 <fcolista> If i want to create a custom ISO with Alpine, how to do that?
2017-05-17 10:42:29 <fcolista> clandmeter, :)
2017-05-17 10:42:49 <jirutka> clandmeter: https://github.com/alpinelinux/aports/commit/b2055137c428ca6c6d5ebe7abe3568ba1312a020 ?
2017-05-17 10:43:41 <clandmeter> ?
2017-05-17 10:43:49 <jirutka> clandmeter: why have you reverted it?
2017-05-17 10:43:53 <clandmeter> is that a question?
2017-05-17 10:44:07 <clandmeter> hmm
2017-05-17 10:44:19 <clandmeter> isnt it included in python3?
2017-05-17 10:44:19 <jirutka> clandmeter: yes, it’s your commit, without any useful commit message :/
2017-05-17 10:44:29 <przemoc> actually apparently I do lose logs, because when I have many logs from iptables, my messages-$DATE.gz are very short, like dozens of lines only.  damn, I don't have willpower now to debug it.
2017-05-17 10:44:48 <jirutka> clandmeter: that’s what I’m trying to figure out, if it’s included in python3 or not
2017-05-17 10:44:55 <clandmeter> i think it is
2017-05-17 10:45:29 <clandmeter> and yes, i should have written an better commit msg. sorry about that.
2017-05-17 10:45:34 <jirutka> aha, yeah /usr/lib/python3.6/ensurepip/_bundled/setuptools-28.8.0-py2.py3-none-any.whl
2017-05-17 10:46:17 <clandmeter> przemoc, do you use ulog?
2017-05-17 10:46:20 <jirutka> that reminds me that problem with bundled wheels in python3, Miro Hrončok from Fedora told me about it some time ago, they somehow solved it in Fedora
2017-05-17 10:47:19 <jirutka> it seems that I must let builders rebuild llvm4 again, b/c of missing dependency in subpkg :(
2017-05-17 10:48:26 <przemoc> clandmeter: no, I didn't change the deafult here, so log mode is used, i.e. in-kernel logging
2017-05-17 10:48:46 <clandmeter> you are burning the earths fuel with those rebuilds ;)
2017-05-17 10:49:02 <clandmeter> przemoc, right.
2017-05-17 10:49:26 <jirutka> Shiz: it’s better for libc++ tests, only 4 unexpectedly fail
2017-05-17 10:50:26 <jirutka> clandmeter: yeah, it’s quite silly, but hacking pkindex is probably not an acceptable option :/
2017-05-17 10:52:07 <jirutka> clandmeter: at least your machine is mostly powered from renewable sources, right? NL use wind power a lot IIRC
2017-05-17 10:52:34 <clandmeter> jirutka, you are absolutely incorrect :p
2017-05-17 10:52:48 <jirutka> clandmeter: why so?
2017-05-17 10:52:57 <clandmeter> i think nl has the worse green energy in europe
2017-05-17 10:53:00 <clandmeter> or one of them
2017-05-17 10:53:12 <jirutka> clandmeter: uh, that’s bad
2017-05-17 10:55:04 <clandmeter> we do have a lot of wooden shoes
2017-05-17 10:55:14 <jirutka> XD
2017-05-17 10:55:39 <clandmeter> i bet Shiz has a pair of them ;-)
2017-05-17 10:56:12 <clandmeter> seems only France is worse...
2017-05-17 10:57:53 <Shiz> jirutka: what did you change?
2017-05-17 10:58:09 <Shiz> jirutka: oh libc++ nvm
2017-05-17 10:58:09 <jirutka> Shiz: please see git log, I’ve described it ;)
2017-05-17 10:58:11 <Shiz> yeah 4 is about right
2017-05-17 10:58:19 <Shiz> i fixed most the failing tests
2017-05-17 10:58:26 <Shiz> but some are due to the make check happening in fakeroot
2017-05-17 10:58:29 <jirutka> Shiz: I haven’t changed anything in libc++
2017-05-17 10:58:29 <Shiz> which is too permissive
2017-05-17 10:58:47 <jirutka> Shiz: got it, but why ALL libc++abi tests fail on my machine?
2017-05-17 10:58:54 <jirutka> Shiz: maybe grsec…?
2017-05-17 10:58:59 <Shiz> jirutka: my machine is also grsec
2017-05-17 10:59:02 <Shiz> so questionable
2017-05-17 10:59:25 <Shiz> jirutka: can you install lit yourself, go to src/libcxxabi/build/test
2017-05-17 10:59:27 <Shiz> and do lit -v .
2017-05-17 10:59:32 <Shiz> that will show you more info about the failing tests
2017-05-17 11:02:45 <jirutka> Shiz: /usr/bin/ld: cannot find -lc++
2017-05-17 11:04:35 <jirutka> Shiz: btw there’s explanation for lit → $pkgname-test-utils https://github.com/alpinelinux/aports/commit/24bd280a18ce673ba4f4f22601c9d5aa949895d6
2017-05-17 11:07:05 <Shiz> jirutka: did you do it through # abuild -r builddeps sh?
2017-05-17 11:07:15 <Shiz> that's usually how i get myself into a build env with all the deps installed to do manual checks
2017-05-17 11:07:20 <jirutka> Shiz: I do abuild -rK
2017-05-17 11:08:09 <Shiz> hmm
2017-05-17 11:08:19 <Shiz> jirutka: thanks though, this explains something at least
2017-05-17 11:08:27 <Shiz> i think i can fix this
2017-05-17 11:10:13 <jirutka> I know what is `abuild -r builddeps` doing, but what `abuild -r builddeps sh`? o.O
2017-05-17 11:11:33 <jirutka> it can’t find libc++, but when I tried LD_LIBRARY_PATH= with path to libcxx/build/libs, it didn’t help
2017-05-17 11:12:56 <Shiz> jirutka: it... simply invokes sh :P
2017-05-17 11:13:06 <Shiz> so you get in an environment with the builddeps installed
2017-05-17 11:13:06 <jirutka> Shiz: but why…?
2017-05-17 11:13:11 <Shiz> and when you exit sh they get removed again
2017-05-17 11:13:15 <jirutka> aha
2017-05-17 11:13:19 <jirutka> interesting
2017-05-17 11:13:32 <jirutka> I just run abuild undeps after I finish
2017-05-17 11:26:37 <jirutka> Shiz: fails on builders too http://build.alpinelinux.org/buildlogs/build-edge-x86_64/testing/libc++/libc++-4.0.0-r0.log
2017-05-17 11:27:28 <Shiz> yeha
2017-05-17 11:27:31 <Shiz> i'll fix it later
2017-05-17 11:27:33 <Shiz> busy rn
2017-05-17 11:27:49 <jirutka> okay
2017-05-17 11:54:56 <scadu> clandmeter: jirutka re py3: what's the problem?
2017-05-17 11:55:46 <jirutka> scadu: nothing, just wondering why there’s no py3-setuptools and why it’s still named py-setuptools instead of py2-setuptools
2017-05-17 11:56:16 <jirutka> I’ve already figured out both
2017-05-17 11:56:57 <jirutka> testing/idris is on the way to mirrors :)
2017-05-17 11:57:21 <scadu> jirutka: tell me please :v
2017-05-17 11:57:34 <jirutka> scadu: python3 bundles setuptools
2017-05-17 11:58:29 <jirutka> scadu: provides="py2-setuptools" doesn’t work as I previously thought when I did it, it should be provides="py2-setuptools=$pkgver-$pkgrel"…
2017-05-17 11:58:45 <jirutka> scadu: so I think that we can rename the pkg itself to py2- after v3.6
2017-05-17 11:58:54 <scadu> jirutka: ah, right. I thought about naming convention -- py instead of py2
2017-05-17 11:59:21 <scadu> jirutka: cool
2017-05-17 13:05:55 <fcolista> ncopa do you have an example on how to use mkimage.sh in order to have a custom iso with custom packages built-in?
2017-05-17 13:21:29 <jirutka> Shiz: FYI, I’ve modified libc++ abuild to allow test failures to get it build, the pkgs are already on mirrors, pls fix the tests once you have some time :)
2017-05-17 13:28:46 <ncopa> do we need libc++ for 3.6 release?
2017-05-17 13:36:15 <fcolista> I've done with: sh mkimage.sh --tag edge --outdir /home/fcolista/iso --arch x86_64 --repository http://dl-cdn.alpinelinux.org/alpine/edge/main --profile standard
2017-05-17 13:36:28 <fcolista> but i need to figure out how to add "custom" packages
2017-05-17 13:39:42 <fcolista> ah
2017-05-17 13:39:43 <fcolista> figured
2017-05-17 13:41:00 <fcolista> clandmeter, mkimage runs mkimg.$profile
2017-05-17 13:41:29 <fcolista> all_profiles="$all_profiles $(sed -n -e 's/^profile_\(.*\)() {$/\1/p' $1/mkimg.*.sh)"
2017-05-17 13:43:45 <fcolista> im mkimg.standard there are the various profiles
2017-05-17 14:08:10 <Shiz> ncopa: it would be nice
2017-05-17 14:08:42 <ncopa> looks like we are almost there too
2017-05-17 14:13:52 <ncopa> ghc pushed
2017-05-17 14:14:11 <ncopa> looks like it will take a while to compile
2017-05-17 14:14:55 <ncopa> and libc++ is not done yet on armhf
2017-05-17 14:15:10 <ncopa> so i suppose it will not be done until tomorrow
2017-05-17 14:43:25 <przemoc> I know why I was losing logs!  busybox syslogd's defaults for log rotation are quite modest (200KB, 1 rotated log to keep), which spoil dedicated logrotate functioning if you have it installed
2017-05-17 14:44:33 <przemoc> I think we should somehow improve this horror
2017-05-17 14:45:41 <przemoc> whenever someone comes up with idea to do more things in one tool, such things happen
2017-05-17 14:46:29 <przemoc> ideally logrotate feature should be removed from busybox's syslogd, but I guess it's not an option
2017-05-17 14:47:35 <Shiz> why removed
2017-05-17 14:47:39 <Shiz> just set it to 0
2017-05-17 14:48:14 <przemoc> because if you want to have log rotation, you install dedicated tool for that
2017-05-17 14:48:31 <przemoc> maybe there could be some warning when logrotate pkg is installed and busybox syslogd is used, not sure
2017-05-17 14:50:57 <przemoc> yeah, I can fix it locally by -s 0, but I'm talking about fixing it for AL users who install logrotate at one point and may notice that they're losing logs, if they manage to fill 200KB faster than weekly
2017-05-17 14:54:06 <jirutka> ncopa: huh, libc++ takes just few minutes to compile, at least on x86_64
2017-05-17 14:54:55 <Shiz> jirutka: tests take a while
2017-05-17 14:55:07 <Shiz> they are intense but i enabled them on purpose since it's a pretty fundamental sys component
2017-05-17 14:57:22 <jirutka> Shiz: even tests take just few minutes on my machine o.O but libc++abi tests are currently broken anyway, so we can disabled them instead of just ignoring failures
2017-05-17 14:57:29 <Shiz> jirutka: really?
2017-05-17 14:57:34 <Shiz> the libc++abi tests are fast but
2017-05-17 14:57:39 <Shiz> the libc++ tests take a while
2017-05-17 14:57:43 <Shiz> because there's 5000+ of them
2017-05-17 14:57:46 <Shiz> took ~20 min on my machine
2017-05-17 14:58:21 <przemoc> mind that 200KB in /var/log/messages is not a feat if you use for instance firewall logging.  I know, you'll write that I should have separate file for that, and I can agree, but even w/o separate file, I shouldn't be losing logs.
2017-05-17 15:12:14 <jirutka> Shiz: 6 min 45 sec to completely build libc++ including tests on my machine
2017-05-17 15:12:24 <Shiz> that's faster than mine
2017-05-17 15:12:26 <Shiz> :P
2017-05-17 15:13:44 <jirutka> Shiz: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2 sockets, 6 cores per each, HT
2017-05-17 15:13:51 <Shiz> yeah
2017-05-17 15:13:57 <Shiz> my build container gets assigned 4 cores :P
2017-05-17 15:14:03 <Shiz> or
2017-05-17 15:14:04 <Shiz> 4 vcores
2017-05-17 15:14:06 <Shiz> maybe better said
2017-05-17 15:14:15 <Shiz> Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
2017-05-17 15:14:20 <jirutka> Shiz: well, if cgroups actually work here, then it should not use more than 50 % of power of the machine
2017-05-17 15:15:17 <jirutka> Shiz: I thought that I have powerful machine, until kaniini told me about his machine :( XD
2017-05-17 15:15:28 <Shiz> :P
2017-05-17 15:18:06 <kaniini> i don't have my machine fully up yet.
2017-05-17 15:18:57 <jirutka> you need to build a nuclear power plant first, right? XD
2017-05-17 15:19:56 <kaniini> i need to get it booting
2017-05-17 15:21:34 <kaniini> it insists my ram is bad
2017-05-17 15:21:45 <kaniini> even though it works fine in my old server
2017-05-17 15:22:09 <jirutka> maybe you just need 1.2 GW… https://s-media-cache-ak0.pinimg.com/originals/c8/17/37/c81737d57c7841ba5002fdef19d3d8cc.jpg :P
2017-05-17 15:22:43 <kaniini> actually i think that may be the problem
2017-05-17 15:22:50 <kaniini> that i need more than 1 power supply connected
2017-05-17 15:23:48 <przemoc> at work I had access to QorIQ T2080. 4 dual-threaded e6500 cores, 1.53 GHz, but it's apparently meant to be power efficient, so it's not that fast as your machines
2017-05-17 15:33:51 <vkrishn> I hope none of AL build servers are AMT vulnerable, https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
2017-05-17 15:35:03 <jirutka> wait a moment, web server integrated in a firmware?
2017-05-17 15:36:36 <Shiz> hehe jirutka is not familiar with AMT
2017-05-17 15:36:46 <Shiz> anyway, unlikely
2017-05-17 15:36:47 <jirutka> WHAT THE ACTUAL FUCK?!
2017-05-17 15:37:07 <Shiz> jirutka: https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf
2017-05-17 15:37:10 <Shiz> here's some background reading
2017-05-17 15:37:12 <Shiz> anyway
2017-05-17 15:37:16 <k63ZXXguczqE> wait until he hears about IoT....
2017-05-17 15:37:18 <Shiz> AMT is only available on single-socket xeon CPUs
2017-05-17 15:37:22 <Shiz> i don't think we carry those
2017-05-17 15:37:30 <Shiz> e.g. Xeon 1xxx
2017-05-17 15:50:41 <ncopa> jirutka: seems like it takes a while to run the tests on armhf
2017-05-17 15:51:21 <jirutka> ncopa: well, we can disable tests just for armhf; I’ve already did this in some pkg, maybe it’s even some llvm pkg, b/c it takes forever to run them on that arch
2017-05-17 16:00:58 <ncopa> could be its stuck too
2017-05-17 16:01:12 <ncopa>  /home/buildozer/aports/testing/libc++/src/libcxx-4.0.0.src/build/test/libcxx/utilities/memory/util.smartptr/Output/race_condition.pass.cpp.exe
2017-05-17 16:01:45 <jirutka> maybe disable just this test for armhf?
2017-05-17 16:03:01 <ncopa> lets wait a bit more
2017-05-17 16:03:20 <jirutka> okay
2017-05-17 16:03:45 <ncopa> i dont remember if it was edge or 3-6 that was stuck earlier
2017-05-17 16:04:24 <ncopa> ghc will probably take all night
2017-05-17 16:04:44 <ncopa> so it would be good to have it started today
2017-05-17 16:05:04 <ncopa> we dont even have rc1 out
2017-05-17 16:05:42 <ncopa> libc++ will have to wait til after 3.6 release
2017-05-17 16:05:52 <jirutka> why, it’s already built
2017-05-17 16:05:53 <ncopa> we had freeze for that kind of stuff in april already
2017-05-17 16:06:02 <ncopa> its not built on armhf
2017-05-17 16:06:06 <ncopa> and if we move it
2017-05-17 16:06:09 <ncopa> it will take another day
2017-05-17 16:06:12 <jirutka> so we can just disable tests for armhf
2017-05-17 16:06:13 <ncopa> ++
2017-05-17 16:06:56 <ncopa> i think this means i need to enforce feature freezes more strict in future
2017-05-17 16:07:33 <ncopa> why do we need it for 3.6?
2017-05-17 16:08:51 <ncopa> this is exactly why i said that i dont want add new stuff
2017-05-17 16:09:48 <jirutka> tests disabled for amrhf, let’s kill the build, let it rebuilt on armhf and see how long it takes
2017-05-17 16:09:56 <jirutka> I dunno, Shiz wanted it
2017-05-17 16:10:07 <Shiz> i said it would be usful, i don't really require it
2017-05-17 16:10:11 <Shiz> that is all
2017-05-17 16:10:33 <jirutka> ncopa: ghc failed on 3-6 because of missing ghc… :)
2017-05-17 16:13:11 <jirutka> ncopa: question about cargo… currently it cargo downloads rust dependencies (crates) from the cargo repository, but it’s set to use Cargo.lock that defines every dependency (incl. transitive) with exact version and checksum of the crate, cargo verifies them and fail when something is wrong
2017-05-17 16:14:21 <ncopa> http://tpaste.us/qMjK
2017-05-17 16:14:26 <ncopa> i installed ghc manually
2017-05-17 16:14:34 <jirutka> ncopa: is that good enough for us, at least for now, to move it into community, or should I figure out other way, I mean use the solution I’ve showed you today, but include this script in the cargo abuild for now, so every crates would be downloaded and checked by abuild?
2017-05-17 16:15:15 <ncopa> and now ghc is gone
2017-05-17 16:16:11 <ncopa> looks like it build on edge
2017-05-17 16:16:14 <jirutka> ncopa: rust pkg without cargo is not very usable, so I think we need to move also cargo to community; however, even rust itself without cargo is quite a win, b/c upstream provides statically linked cargo binary, so it’s much better than not having rust at all
2017-05-17 16:18:50 <jirutka> ncopa: cargo abuild https://github.com/alpinelinux/aports/blob/master/testing/cargo/APKBUILD
2017-05-17 16:19:26 <ncopa> is that cargo something we can maintain for 6 months?
2017-05-17 16:19:33 <ncopa> and provide support
2017-05-17 16:19:42 <ncopa> if so, then its good enough
2017-05-17 16:19:52 <ncopa> otherwise we wait
2017-05-17 16:20:14 <jirutka> yes, we can maintain it, it’s not a problem
2017-05-17 16:20:25 <ncopa> push it then
2017-05-17 16:20:28 <ncopa> the thing is
2017-05-17 16:20:35 <ncopa> 22 may i will tag the release
2017-05-17 16:20:37 <ncopa> ready or not
2017-05-17 16:20:43 <ncopa> i will just tag it
2017-05-17 16:21:14 <ncopa> so either wew do a release with alot of extra things included, things that works halfway
2017-05-17 16:21:28 <ncopa> or we do a release with fewer things, but the things we ship works good
2017-05-17 16:21:31 <jirutka> the only problem is that it may violate our policy about not letting software download deps itself; however, in the case of cargo, it’s not like downloading random stuff w/o verification, it do the same verifications as we do in abuild
2017-05-17 16:21:53 <ncopa> cargo depend on itself?
2017-05-17 16:22:07 <ncopa> so we need "bootstrap" it?
2017-05-17 16:22:31 <jirutka> yes, we use statically linked binary from upstream to bootstrap it
2017-05-17 16:22:42 <jirutka> so there’s no extra action needed
2017-05-17 16:22:51 <ncopa> i suppose thats good enough
2017-05-17 16:22:53 <ncopa> but remember
2017-05-17 16:23:07 <ncopa> i will tag rleease even if it means there are no release candidate at all
2017-05-17 16:23:22 <ncopa> since 1 may we should have *only* done fixes on the things we have
2017-05-17 16:23:33 <ncopa> otherwise we end up release broken stuff
2017-05-17 16:24:10 <jirutka> don’t worry, cargo doesn’t take much time to build
2017-05-17 16:25:23 <ncopa> push it then
2017-05-17 16:25:32 <ncopa> fcolista: re zfs boot usb
2017-05-17 16:25:37 <ncopa> it is a bug
2017-05-17 16:25:41 <ncopa> but it will have to wait
2017-05-17 16:26:01 <ncopa> i wanted to fix those kind of bugs before the relase but unfortunally we will have to live with the bugs til next release
2017-05-17 16:26:13 <ncopa> due to release got delayed
2017-05-17 16:27:19 <ncopa> can anyone help with this php5 issue? http://bugs.alpinelinux.org/issues/7284
2017-05-17 16:28:01 <ncopa> another relase delay: http://bugs.alpinelinux.org/issues/7281
2017-05-17 16:28:07 <ncopa> that one is important since its CVE
2017-05-17 16:34:40 <jirutka> ncopa: I’ve added a comment to cargo pkg https://dpaste.de/GHH8
2017-05-17 16:35:42 <ncopa> sounds good
2017-05-17 16:35:48 <ncopa> push it
2017-05-17 16:37:34 <jirutka> done
2017-05-17 16:40:46 <jirutka> where the heck is some page with OpenJDK releases?
2017-05-17 16:44:06 <jirutka> I’m afraid that in long-term we must drop icedtea (it’s not very actively maintained anymore), build directly from openjdk sources and take patches e.g. from Fedora
2017-05-17 16:54:05 <jirutka> omg, there’s already http://icedtea.wildebeest.org/download/source/icedtea-3.4.0.tar.gz and  http://icedtea.wildebeest.org/download/drops/icedtea8/3.4.0/, according to NEWS in the first tarball 3.4.0 is released, but there’s no 3.4.0 tag in the upstream repository
2017-05-17 16:54:34 <jirutka> it’s very unclear
2017-05-17 16:55:41 <jirutka> ncopa: okay, I’ve updated to icedtea 3.4.0 and trying to build it on my machine now
2017-05-17 16:56:04 <jirutka> ncopa: our patches passed, that’s good
2017-05-17 16:56:11 <ncopa> good sign
2017-05-17 16:56:14 <ncopa> i hope it builds
2017-05-17 16:56:28 <ncopa> we should look over the bugs on bugs.alpinelinux.org and try fix as much as possible
2017-05-17 16:56:29 <jirutka> ehm, no…
2017-05-17 16:56:35 <jirutka> they are just applied later…
2017-05-17 16:56:40 <ncopa> im looking at the resolved stuff and closeing them
2017-05-17 17:05:16 <TemptorSent> On the apk tracker, please go ahead and drop the priority and push back release for all my feature requests since we're not migrating until after 3.6
2017-05-17 17:19:17 <_ikke_> Anyone looked at habitat yet?
2017-05-17 17:21:07 <jirutka> _ikke_: I know about it, but haven’t tried it yet, nor try to make a pkg for it
2017-05-17 17:21:26 <_ikke_> right, I'm trying to make a package from it
2017-05-17 18:20:41 <leitao> jirutka: we have the ppc64le patches rebased against  2.1.0_beta3.
2017-05-17 18:20:48 <leitao> do you want to bump to this version?
2017-05-17 18:21:33 <jirutka> leitao: that’s great!
2017-05-17 18:22:33 <jirutka> leitao: yeah, I think that we can make this before v3.6
2017-05-17 18:23:02 <leitao> jirutka: ok. gromero can you handle a PR with the new patchset?
2017-05-17 18:24:07 <jirutka> leitao: gromero: please as soon as possible, 3.6-rc1 is already knocking on door
2017-05-17 18:24:27 <leitao> jirutka: sure. It is just a matter of creating a PR now.
2017-05-17 18:24:41 <leitao> jirutka: should we bump the version ?
2017-05-17 18:25:14 <_ikke_> jirutka: Do you happen to know how to get cargo to run a release build when it's executed from a Makefile?
2017-05-17 18:25:18 <jirutka> leitao: yes, pkgver=2.1.0_beta3, pkgrel=0
2017-05-17 18:25:35 <leitao> jirutka: ack!
2017-05-17 18:25:38 <gromero> jirutka: leitao ack
2017-05-17 18:25:52 <jirutka> _ikke_: try CARGOFLAGS="--release"
2017-05-17 18:26:04 <_ikke_> jirutka: thanks
2017-05-17 18:38:20 <_ikke_> jirutka: CARGOFLAGS doesn't seem to be a thing
2017-05-17 18:38:57 <jirutka> _ikke_: hm, what about RUSTFLAGS ?
2017-05-17 18:39:13 <jirutka> _ikke_: http://doc.crates.io/environment-variables.html#environment-variables-cargo-reads
2017-05-17 18:42:12 <_ikke_> jirutka: Ok, then I would need to find out what would be the equivalent of cargo build --release
2017-05-17 18:43:29 <_ikke_> https://news.ycombinator.com/item?id=9146694
2017-05-17 18:58:51 <gromero> jirutka: leitao from a ppc64 perspective, simple as https://github.com/alpinelinux/aports/pull/1523
2017-05-17 18:59:54 <jirutka> gromero: I think that you’ve missed a patch…
2017-05-17 19:00:22 <gromero> jirutka: which you mean?
2017-05-17 19:01:09 <jirutka> maybe just a GH glitch, give me a sec
2017-05-17 19:01:43 <gromero> jirutka: you mean because leitao said: "gromero can you handle a PR with the new patchset?"
2017-05-17 19:02:15 <gromero> jirutka: ok
2017-05-17 19:02:17 <jirutka> gromero: no, it’s not a glitch, the only change in enable-support-for-ppc64le.patch is single change in a comment… https://github.com/alpinelinux/aports/pull/1523/files
2017-05-17 19:03:06 <gromero> jirutka: you are saying that because leitao said  "a new patchset"?
2017-05-17 19:03:15 <gromero> yes, so out patch applies fine
2017-05-17 19:03:17 <gromero> *our
2017-05-17 19:03:31 <jirutka> gromero: uh, aha
2017-05-17 19:08:39 <_ikke_> jirutka: aha, there is a PROFILE flag
2017-05-17 19:29:04 <HRio> I just pushed a CVE regression fix for shadow: https://github.com/alpinelinux/aports/pull/1524 can that make it to v3.6 or to late for the rc?
2017-05-17 19:33:47 <HRio> jirutka: thanks, can you cherry-pick it to v3.5 as well?
2017-05-17 19:34:05 <jirutka> HRio: yeah, but pls remind it me later
2017-05-17 19:34:57 <HRio> or should I open a PR for v3.5?
2017-05-17 19:37:17 <jirutka> HRio: yes please
2017-05-17 19:50:57 <HRio> jirutka: shadow fix for v3.5 https://github.com/alpinelinux/aports/pull/1525 (build failure on fetch of http://dl-cdn.alpinelinux.org/alpine/v3.4/main/x86_64/apk-tools-static-2.6.7-r0.apk)
2017-05-17 20:13:14 <_ikke_> just made an ipv6 enabled proxy for dl-4.a.o :P
2017-05-17 20:34:19 <jirutka> ha, that reminds me, clandmeter, why alpinelinux.org doesn’t have AAAA record?
2017-05-17 20:40:44 <_ikke_> if an application requires openssl to build, would libressl work as well?
2017-05-17 20:41:07 <jirutka> _ikke_: usually yes
2017-05-17 20:41:19 <_ikke_> ok
2017-05-17 20:44:09 <_ikke_> jirutka: I just kicked up a bare metal server on scaleway with 8 cores to test building a package
2017-05-17 21:29:25 <Shiz> hello
2017-05-17 21:29:28 <Shiz> i've got some time again
2017-05-17 21:29:30 <Shiz> whats new
2017-05-17 21:29:54 <_ikke_> I'm trying to package habitat
2017-05-17 21:30:12 <_ikke_> building takes ages though
2017-05-17 21:31:22 <jirutka> Shiz: broken tests in libc++ ;)
2017-05-17 21:31:42 <jirutka> Shiz: and someone asked about your progress in some Rust issue on rust-lang/rust ;)
2017-05-18 01:13:55 <Shiz> jirutka: found a fix for the broken abi tests
2017-05-18 01:21:04 <Shiz> jirutka: do you have a log of the test failures?
2017-05-18 03:05:45 <TemptorSent> For purposes of consistency throughout the alpine tools (at least scripts), I'd like to propose the definition of a set of error handling functions/formats in a common location.
2017-05-18 03:08:07 <TemptorSent> The scope would include printing info/error messages to the terminal, providing for logging, and providing handler hooks to cleanly fail/die/exit
2017-05-18 03:12:47 <TemptorSent> The ideal case would be to provide the same set of functions using the same formats for tools in all languages, thus making a much more cohesive product.
2017-05-18 03:16:30 <TemptorSent> Thus, calling 'a_error "I failed"' from a shell script would display the same as 'a_error("I failed");' in a C program.
2017-05-18 03:19:58 <Shiz> definitely not, since naming conventions differ per language
2017-05-18 03:25:07 <TemptorSent> Adjusting for naming conventions as needed..
2017-05-18 03:26:12 <TemptorSent> The point is to have consistent look & feel across tools, not exact naming.
2017-05-18 03:27:17 <TemptorSent> Figuring out how to enable/disable colors based on the environment variable is about the only part that may require fiddling.
2017-05-18 03:28:46 <TemptorSent> Is it "USE_COLORS=1" in all existing cases?
2017-05-18 03:32:10 <TemptorSent> Should it be "USE_COLORS={always,never,auto}" to be consistent with ls?
2017-05-18 03:38:36 <TemptorSent> Okay, higher level question - forget implementation details - What format do we want to use to print/log info/message/warning/error messages from ALL alpine tools so they have consistent appearance?
2017-05-18 03:40:45 <TemptorSent> And how do we want to handle failure cases in a consistent manner? What gets printed on failure at various verbosity levels to which sink?
2017-05-18 03:41:56 <TemptorSent> Ideally, we leave ourselves the option of doing I18N in some sane manner, but that's it's own set of issues.
2017-05-18 03:45:45 <TemptorSent> Although I'm not sure of how to cleanly handle i18n in POSIX shell...
2017-05-18 08:59:36 <_ikke_> wow, cargo release builds takes ages
2017-05-18 08:59:55 <clandmeter> :)
2017-05-18 09:00:33 <_ikke_> it's compiling for 4 hours now
2017-05-18 09:00:53 <clandmeter> wut?
2017-05-18 09:01:00 <xsteadfastx> i got a flag for libtermkey to update the version... i did that but in the message that person tells me to provide a static library version in libtermkey-dev package... i have no idea what that person means ;-)
2017-05-18 09:01:18 <_ikke_> its a small scaleway vps, but still
2017-05-18 09:01:35 <clandmeter> yeah that takes some time
2017-05-18 09:01:38 <_ikke_> debug build took about 13 minutes
2017-05-18 09:01:54 <clandmeter> but 4 hours could mean something is wrong
2017-05-18 09:02:07 <clandmeter> are you building something with cargo, or cargo itself?
2017-05-18 09:14:13 <_ikke_> withcargo
2017-05-18 09:14:22 <_ikke_> habitat
2017-05-18 09:56:04 <ncopa> openjdk8 is causing some pain
2017-05-18 09:56:32 <ncopa> apparently they use different tarball of hotspot on aarch32 (armhf)
2017-05-18 09:57:08 <clandmeter> ah, that explains the checksum errors
2017-05-18 09:57:29 <ncopa> hum
2017-05-18 09:57:38 <ncopa> i once in a while get error from tpaste.us
2017-05-18 09:58:01 <clandmeter> ok let me restart it.
2017-05-18 09:58:06 <clandmeter> ithink i know the fix
2017-05-18 09:58:07 <ncopa> http://tpaste.us/vM1o
2017-05-18 09:58:10 <clandmeter> just dsidnt have time yet
2017-05-18 09:58:25 <clandmeter> yes thats the same error
2017-05-18 09:59:42 <ncopa> this change fixes the checksum error on armhf: http://sprunge.us/UCBb
2017-05-18 10:00:21 <ncopa> however, the icedtea-hotspot-* patch fails :-(
2017-05-18 10:03:44 <clandmeter> sucks
2017-05-18 10:30:55 <ncopa> ok, im not really sure how to solve this
2017-05-18 10:31:47 <ncopa> can openjdk crosscompile?
2017-05-18 10:32:03 <_ikke_> the habitat test suite can also take some time..
2017-05-18 10:32:19 <ncopa> habitat?
2017-05-18 10:32:46 <_ikke_> project from chef
2017-05-18 10:35:56 <ncopa> neither am i
2017-05-18 10:36:15 <ncopa> whoops wrong win
2017-05-18 10:53:19 <ncopa> what a nightmare
2017-05-18 10:53:35 <ncopa> this openjdk business
2017-05-18 10:53:47 <_ikke_> hmm
2017-05-18 11:34:31 <jirutka> yes, openjdk is really PITA
2017-05-18 11:47:57 <^7heo> Any more info on the Passing the baton thing?
2017-05-18 11:48:56 <^7heo> i.e. do we actually want to do something?
2017-05-18 11:49:02 <^7heo> should we federate people?
2017-05-18 11:53:44 <Tsutsukakushi> hi
2017-05-18 11:55:31 <Tsutsukakushi> what are alpine's plans now that grsec is private
2017-05-18 11:56:54 <AlexIncogito> Have you read the ongoing disccusion here ? http://lists.alpinelinux.org/alpine-devel/5626.html
2017-05-18 12:02:04 <Tsutsukakushi> there doesn't seem to be any concrete plans in it
2017-05-18 12:02:27 <Tsutsukakushi> like the latest person seems to thing that grsec just stopped developing or something
2017-05-18 12:02:56 <Tsutsukakushi> maintaining grsec patches in their current form will be hard work
2017-05-18 12:03:45 <Tsutsukakushi> are there plans to join forces with the gentoo hardened-kernel project or something like that
2017-05-18 12:04:06 <Tsutsukakushi> https://github.com/thestinger/linux-hardened
2017-05-18 12:05:20 <AlexIncogito> From what I  have read on different ML and forums, there are different initiatives, and ways that require further exploration and examination about going with keeping grsec
2017-05-18 12:06:04 <AlexIncogito> There is this thread, which opens a (very) remote chance of seeing grsec integrated upstream, if google or other is willing to actually hire grsec http://openwall.com/lists/kernel-hardening/2017/05/11/2
2017-05-18 12:06:28 <AlexIncogito> There is this ongoing thread, with no reply so far from grsec https://forums.grsecurity.net/viewtopic.php?f=3&t=4699
2017-05-18 12:07:06 <jirutka> AlexIncogito: what does it mean “hire grsec”?
2017-05-18 12:07:18 <AlexIncogito> From openwall thread, we can surmise grsec is in a "step back, and watch" attitude, which makes sense considering their motivation for going private
2017-05-18 12:07:59 <AlexIncogito> Which would explain the lack of definite answer on their own forums
2017-05-18 12:09:36 <AlexIncogito> @jirutka: as per openwall thread, the gist of it is: PAXTeam assert they have received no help, proposal or otherwise from google and other sponsors. Kees asserts they are willing to fund them
2017-05-18 12:09:47 <Tsutsukakushi> grsec won't be mainlined as it is
2017-05-18 12:10:01 <ncopa> Tsutsukakushi the current plan is to maintain the 4.9 patch for as long as possible
2017-05-18 12:10:12 <Tsutsukakushi> what do YOU think are their motives for going private
2017-05-18 12:10:30 <ncopa> jirutka i think i found a simple solution for openjdk on arm
2017-05-18 12:10:31 <Tsutsukakushi> that kernel-hardening thread made it seem like it's purely financial
2017-05-18 12:10:41 <ncopa> and i know what goes wrong
2017-05-18 12:10:51 <ncopa> jirutka i think what happened was
2017-05-18 12:11:15 <ncopa> oracle open sourced  their arm32 hotspot
2017-05-18 12:11:33 <Tsutsukakushi> i find it hard to take anything that pax team says seriously
2017-05-18 12:11:48 <_ikke_> ugh, habitat release compile + make test takes 1.5h :-(
2017-05-18 12:11:55 <Tsutsukakushi> he and spender aren't the best communicators
2017-05-18 12:12:56 <ncopa> jirutka: im gonna stop adding noise to this chan. i'll explain in the git commit
2017-05-18 12:13:01 <jirutka> _ikke_: that’s awfully long time… is it really “normal”, isn’t there some bug?
2017-05-18 12:13:01 <Tsutsukakushi> ncopa: but what about the next stable kernel
2017-05-18 12:13:15 <ncopa> we will have to deal with that then
2017-05-18 12:13:18 <_ikke_> jirutka: Might be, I'll paste the compile output somewhere
2017-05-18 12:13:23 <jirutka> ncopa: this is not noise, it’s on-topic!
2017-05-18 12:13:42 <Tsutsukakushi> ncopa: which is why i'm asking about plans
2017-05-18 12:14:03 <Tsutsukakushi> dealing with it then without any plan sounds kind of painful
2017-05-18 12:14:19 <jirutka> Tsutsukakushi: Shiz is trying to extract PaX from grsecurity patches and maintain it separately, but not sure if he’s still on it, it looks like a lot of pain
2017-05-18 12:14:45 <Tsutsukakushi> doing anything with that gigantic patch seems like pain
2017-05-18 12:15:04 <Tsutsukakushi> other than "stealing" ideas
2017-05-18 12:16:01 <ncopa> Tsutsukakushi: the plan is to try keep unofficial grsecurity as long as possible. for now it looks like it might be possible to maintain it for 4.9
2017-05-18 12:16:08 <ncopa> i have done that for 4.4 for a while
2017-05-18 12:16:19 <ncopa> so i know what pain it is
2017-05-18 12:17:06 <AlexIncogito> Well, money is caring... From what I understand about the whole grsecurity+pax history, it is understandable they feel upset. I may be missing parts of the story, but they do make very compelling arguments, with specific facts, about the various incidents, behaviours, and general lack of investment from other in their work. And neither kees or anyo
2017-05-18 12:17:06 <AlexIncogito> ne else seem to have refuted them... Their tone may be sarcastic and unfriendly, but they did make an indirect opening regarding funding. And isn't it natural that their work should be rewarded ? It seems, they more than most, deserve it
2017-05-18 12:17:11 <ncopa> spender also said that they might dump testing patches regularily in the future
2017-05-18 12:17:56 <ncopa> but he didnt want to promise to do so, which is why they didn't say anything about it in the public announcement
2017-05-18 12:18:09 <Tsutsukakushi> chances are that the companies haven't wanted to fund them because of their general attitude
2017-05-18 12:18:54 <ncopa> so our options are: try keep maintain unofficial patch or switch to mainline
2017-05-18 12:18:59 <AlexIncogito> Possibly.. That said Torvald doesn't seem to be the most agreeable either
2017-05-18 12:19:05 <Tsutsukakushi> ncopa: there are more options tho
2017-05-18 12:19:40 <^7heo> Tsutsukakushi: the gh/thestinger/linux-hardened repo is maintained by the folks at copperheados afaik
2017-05-18 12:20:13 <AlexIncogito> There's also this forward porting initiative https://github.com/minipli/linux-unofficial_grsec
2017-05-18 12:20:45 <ncopa> AlexIncogito that will not go beyond 4.9
2017-05-18 12:20:49 <^7heo> Tsutsukakushi: and they called "the community" to commit to continuing the grsec project on twitter.
2017-05-18 12:21:07 <jirutka> Tsutsukakushi: we should provide better support for vanilla kernel anyway (e.g. virt variant)… then we will just drop hardened, or not
2017-05-18 12:21:28 <Tsutsukakushi> (also linux-libre)
2017-05-18 12:21:47 <ncopa> AlexIncogito: i do use the minipli stuff. i have compared with my fork
2017-05-18 12:21:47 <Tsutsukakushi> some guy on your forum made a very stupid false statement about linux-libre
2017-05-18 12:21:50 <Tsutsukakushi> btw
2017-05-18 12:21:53 <Tsutsukakushi> maybe should be corrected
2017-05-18 12:23:57 <ncopa> jirutka: so, openjdk. oracle released their arm32 stuff (hotspot i think), which has native code
2017-05-18 12:23:59 <^7heo> Tsutsukakushi: where?
2017-05-18 12:24:21 <ncopa> the default hotspot has native code for aarch64 but not for arm32
2017-05-18 12:24:26 <jirutka> kaniini has promised me to improve vanilla kernel configs, add some more hardening, but it seems that he haven’t had time for it yet
2017-05-18 12:24:47 <^7heo> time is a scarce resource
2017-05-18 12:24:49 <ncopa> the aarch32 hotspot has native arm32 code but no native aarch64
2017-05-18 12:24:56 <^7heo> especially when there's so much IRC to do.
2017-05-18 12:25:02 <ncopa> ha
2017-05-18 12:25:34 <ncopa> jirutka so what im gonna do: use hotspot=default explicitly
2017-05-18 12:25:42 <ncopa> that should give us what we have had earlier
2017-05-18 12:26:12 <ncopa> this is slower on armhf than the newly released
2017-05-18 12:26:17 <jirutka> ncopa: can’t we just use aarch32 hotspot on armhf?
2017-05-18 12:26:30 <ncopa> that is what configure does by default
2017-05-18 12:26:36 <ncopa> but then the patches does not apply
2017-05-18 12:26:40 <jirutka> ncopa: aha
2017-05-18 12:26:59 <jirutka> ncopa: well, I agree, hotspot=default
2017-05-18 12:27:02 <ncopa> so for now i think we need to just use the old hotspot
2017-05-18 12:27:08 <ncopa> to move forward
2017-05-18 12:27:26 <ncopa> then we can look into how to apply patches conditionally
2017-05-18 12:27:27 <jirutka> ncopa: anyway, if one want performance, (s)he will probably not use armhf…
2017-05-18 12:27:51 <jirutka> aarch64 FTW
2017-05-18 12:27:56 <ncopa> yeah
2017-05-18 12:28:18 <ncopa> i think oracle finally realized that if they keep things closed, people will ook for open alternatives
2017-05-18 12:28:28 <ncopa> so i think they realized that they lose on it
2017-05-18 12:28:30 <^7heo> Tsutsukakushi: https://twitter.com/CopperheadOS/status/865068357527187456
2017-05-18 12:28:38 <jirutka> I don’t believe that
2017-05-18 12:28:38 <^7heo> Tsutsukakushi: that is what I was referring to.
2017-05-18 12:28:43 <jirutka> Oracle is pure evil
2017-05-18 12:28:53 <jirutka> they were most likely forced to do it, somehow
2017-05-18 12:28:53 <^7heo> +1
2017-05-18 12:28:58 <ncopa> ofc
2017-05-18 12:29:06 <ncopa> they realized they are losing
2017-05-18 12:29:27 <ncopa> and does not have any choice than release the code if they want be relevant in future
2017-05-18 12:29:29 <^7heo> Like microsoft suddently "loving "linux""
2017-05-18 12:29:36 <ncopa> ofc
2017-05-18 12:29:38 <jirutka> I don’t believe that they understand open-source, the situation on market etc. and did it voluntarily
2017-05-18 12:29:42 <Tsutsukakushi> back
2017-05-18 12:29:52 <Tsutsukakushi> ^7heo: in the kernel area, the deblobbed thread
2017-05-18 12:29:59 <ncopa> they understand business
2017-05-18 12:30:05 <jirutka> I personally even don’t believe that they did it b/c they realized that they’re losing
2017-05-18 12:30:11 <Tsutsukakushi> ^7heo: he says linux-libre is outdated when it had had a release 15 days before his comment
2017-05-18 12:30:20 <Tsutsukakushi> ^7heo: and the latest release currently is from this month
2017-05-18 12:30:22 <Tsutsukakushi> not outdated
2017-05-18 12:30:38 <jirutka> if the world and market would be relational and fair, Oracle would be already dead for years
2017-05-18 12:30:49 <^7heo> Tsutsukakushi: I was expecting a link. I don't doubt your words, but acting on it needs a source. ;)
2017-05-18 12:30:58 <jirutka> they’re still here, despite their pure evil and their products are horrible
2017-05-18 12:31:08 <Tsutsukakushi> i didn't have it open anymore, i can get the link
2017-05-18 12:31:31 <Tsutsukakushi> https://forum.alpinelinux.org/forum/kernel-and-hardware/kernel-without-binary-blobs
2017-05-18 12:33:12 <ncopa> jirutka im not claiming they are releasing the sources due to goodwill or charity or because they want support open-source
2017-05-18 12:33:37 <ncopa> i think they do it as a desperate action to keep java relevant in business
2017-05-18 12:34:01 <jirutka> ncopa: but they’re still doing everything they can to kill it…
2017-05-18 12:34:14 <ncopa> kill what?
2017-05-18 12:34:14 <jirutka> ncopa: like suing companies from using Java
2017-05-18 12:34:24 <jirutka> ncopa: unclear terms
2017-05-18 12:34:44 <Shiz> hello
2017-05-18 12:35:31 <Shiz> jirutka: i did more work on llvm stuff last night a bit
2017-05-18 12:35:38 <Shiz> all llvm components that i know of have testsuites now
2017-05-18 12:35:43 <jirutka> ncopa: releasing JRE/JDK that is free to download, but contains even licensed parts, so one may use it against license without even knowing it
2017-05-18 12:36:05 <jirutka> Shiz: even clang? that’d be grat!
2017-05-18 12:36:09 <Shiz> yeah
2017-05-18 12:36:17 <Shiz> llvm, clang, compiler-rt, libc++, lld
2017-05-18 12:36:38 <Shiz> i should check llvm-libunwind too
2017-05-18 12:36:53 <jirutka> ncopa: with licensed parts I mean components that should not be used without paid license
2017-05-18 12:37:10 <Shiz> 14:21:53 Tsutsukakushi │ maybe should be corrected
2017-05-18 12:37:13 <Shiz> why don't you o it yourself?
2017-05-18 12:37:19 <jirutka> ncopa: instead of cleanly releasing two variants, one with only free components and one with their proprietary paid components
2017-05-18 12:37:23 <Tsutsukakushi> i don't have an account on the forums
2017-05-18 12:37:47 <Shiz> jirutka: btw:
2017-05-18 12:37:55 <Tsutsukakushi> and i don't want to create one just to make a single comment
2017-05-18 12:38:03 <Tsutsukakushi> i already have enough useless accounts
2017-05-18 12:38:16 <jirutka> btw why we have forum?
2017-05-18 12:38:17 <Shiz> one of my changes is renaming llvm-test-utils to llvm-utils and throwing stuff from the cmake's LLVM_INCLUDE_UTILS in there
2017-05-18 12:38:19 <Shiz> seems ok?
2017-05-18 12:38:32 <jirutka> who actually reads comments on forum?
2017-05-18 12:39:59 <jirutka> imo it’d be better to merge ML and forum, i.e. use some forum that can be used completely via email like ML, to have only one channel instead of two
2017-05-18 12:41:20 <jirutka> Shiz: why? it is *test* utils, not just random utils
2017-05-18 12:41:37 <Shiz> thats not what the cmake file calls it
2017-05-18 12:41:46 <Shiz> and i don't think it's a good idea to start making up package names ourselves
2017-05-18 12:41:47 <Shiz> :P
2017-05-18 12:42:06 <Shiz> https://github.com/llvm-mirror/llvm/blob/master/CMakeLists.txt#L482
2017-05-18 12:42:08 <jirutka> Shiz: we don’t have other chance here…
2017-05-18 12:42:12 <Shiz> https://github.com/llvm-mirror/llvm/blob/master/CMakeLists.txt#L842
2017-05-18 12:42:14 <Shiz> why don't we?
2017-05-18 12:42:17 <jirutka> aha, okay
2017-05-18 12:42:22 <Shiz> llvm-utils is a fine package name :P
2017-05-18 12:42:25 <jirutka> well, send PR, I’ll review it later evening
2017-05-18 12:42:31 <Shiz> :)
2017-05-18 12:42:50 <jirutka> maybe, but not for the current content, that is pure test utils
2017-05-18 12:42:54 <jirutka> purely
2017-05-18 12:42:56 <Tsutsukakushi> jirutka: there is that one frontend for mailman3
2017-05-18 12:43:06 <jirutka> Tsutsukakushi: yeah
2017-05-18 12:43:09 <jirutka> Tsutsukakushi: HyperKitty
2017-05-18 12:43:12 <Tsutsukakushi> ye
2017-05-18 12:43:19 <jirutka> Tsutsukakushi: I know it, I have Alpine packages for it
2017-05-18 12:43:22 <Tsutsukakushi> i've yet to see it used anywhere
2017-05-18 12:43:25 <AlexIncogito> All the implications of this may escape me but, with regard to the grsec situation, given security is the main theme here, how feasable would it be to maintain an official grsec branch on 4.9, even after the next increment, and backport security patches ? It may give a comfortable timeframe to figure out what to do, while allowing users to retain a
2017-05-18 12:43:25 <AlexIncogito>  safe base
2017-05-18 12:43:31 <Tsutsukakushi> and their test instance blocks Tor afaik
2017-05-18 12:43:40 <jirutka> Tsutsukakushi: it’s not very good, but unfortunately there’s not anything better :(
2017-05-18 12:43:52 <Shiz> "official grsec branch" 100% unlikely
2017-05-18 12:44:11 <Shiz> but forward-porting the last public patch to newer 4.9 is what we already /do/
2017-05-18 12:44:13 <Shiz> for 3.6
2017-05-18 12:44:42 <jirutka> Tsutsukakushi: you can try it https://gitlab.com/mailman/mailman-suite/issues/3
2017-05-18 12:45:32 <AlexIncogito> Yes but what happens after 4.9 ?
2017-05-18 12:45:54 <Tsutsukakushi> AlexIncogito: answer seems to be "we'll deal with it then"
2017-05-18 12:46:07 <Shiz> well if nothing changes, no grsec
2017-05-18 12:46:22 <AlexIncogito> Isn't that a huge step back ?
2017-05-18 12:46:53 <Shiz> two things
2017-05-18 12:47:19 <Shiz> as already has been said ad infinitum, grsec is not the sole, or even the biggest part, of our security story
2017-05-18 12:47:19 <Tsutsukakushi> well, if the current trend continues then the linux-hardened project might be at ok stage by the time next stable kernel is released
2017-05-18 12:48:05 <Shiz> and there's other projects in the works like strcat's hardened projects, and we may look at developing some features ourselves
2017-05-18 12:48:14 <Shiz> we'll see that last part when the time comes
2017-05-18 12:48:26 <Shiz> nobody likes grsec going private but there's not much we can do about it
2017-05-18 12:48:40 <jirutka> Shiz: kaniini has mentioned some project on top of vanilla kernel, but don’t remember the name
2017-05-18 12:48:42 <Shiz> spender's not going to license grsec at a distro level, especially a public one, even if we had the money
2017-05-18 12:49:04 <jirutka> Shiz: IIRC acronym starts with "A" and has 4 letters XD
2017-05-18 12:49:07 <Shiz> jirutka: https://github.com/thestinger/linux-hardened/wiki
2017-05-18 12:49:16 <Shiz> that's strcat's project
2017-05-18 12:49:21 <Shiz> jirutka: sure you're not thinking of AOSP?
2017-05-18 12:49:25 <jirutka> nope
2017-05-18 12:49:33 <Shiz> or KSPP?
2017-05-18 12:50:06 <jirutka> nope
2017-05-18 12:50:20 <jirutka> wait for kaniini, I have really bad memory for acronyms XD
2017-05-18 12:51:56 <^7heo> KSPP: Kernel Self Protection Project
2017-05-18 12:52:12 <^7heo> (i.e. an alternative to grsec)
2017-05-18 12:52:22 <Shiz> KSPP is not an alternative to grsec
2017-05-18 12:52:34 <^7heo> Shiz: https://www.grsecurity.net/compare.php
2017-05-18 12:52:36 <Shiz> it's simply kees' branch to upstream certain security features
2017-05-18 12:52:38 <Shiz> ^7heo: and?
2017-05-18 12:52:48 <^7heo> Shiz: that table is misleading then.
2017-05-18 12:52:51 <Shiz> it is
2017-05-18 12:53:00 <Shiz> of course it is, they're comparing their own project to other projects
2017-05-18 12:53:06 <Tsutsukakushi> it's not alternative because grsec has no intention or desire to upstream anything
2017-05-18 12:53:10 <Shiz> it also tries an equivalency between SELinux and grsec
2017-05-18 12:53:14 <Shiz> which is ridiculous at best
2017-05-18 12:53:29 <Shiz> SELinux's goal is not kernel self-protection, it's an RBAC/DAC system
2017-05-18 12:53:30 <^7heo> Shiz: yeah that's what I was wondering about.
2017-05-18 12:53:57 <Shiz> likewise for AppArmor
2017-05-18 12:55:11 <^7heo> Well, long story short
2017-05-18 12:55:17 <^7heo> There's no real equivalent for grsec
2017-05-18 12:55:36 <^7heo> I think that's what the table is mainly aimed at.
2017-05-18 12:56:08 <Shiz> of course grsec will say that themselves
2017-05-18 12:56:14 <Shiz> they have to sell their patch
2017-05-18 12:56:18 <^7heo> true.
2017-05-18 12:56:26 <^7heo> but do you know any project that could compare to grsec?
2017-05-18 12:56:39 <Shiz> closest i got is strcat's project
2017-05-18 12:56:45 <Shiz> i hope it doesn't turn out to be just kspp v2 though
2017-05-18 12:56:55 <^7heo> so the linux-hardening thing Tsutsukakushi linked?
2017-05-18 12:57:25 <Shiz> https://github.com/thestinger/linux-hardened/wiki#upstream-progress-tracking
2017-05-18 12:57:26 <Shiz> yes
2017-05-18 12:58:19 <^7heo> yeah I followed that.
2017-05-18 12:58:25 <^7heo> not closely but I did follow it.
2017-05-18 12:58:41 <^7heo> Problem is, since they want to make money out of it; it's not easily available yet.
2017-05-18 12:58:56 <^7heo> Only on a Pixel/Pixel XL if you live in the north american continent.
2017-05-18 12:59:03 <^7heo> (if I got it right)
2017-05-18 12:59:14 <Tsutsukakushi> out of that kernel?
2017-05-18 12:59:27 <^7heo> AFAIU yes.
2017-05-18 12:59:51 <Tsutsukakushi> what is afaiu
2017-05-18 13:00:00 <^7heo> As far as I understand/understood
2017-05-18 13:00:17 <^7heo> (in our case, the latter)
2017-05-18 13:00:34 <Tsutsukakushi> that linux-hardened kernel is right there
2017-05-18 13:00:41 <Tsutsukakushi> you can clone it if you want
2017-05-18 13:00:42 <^7heo> I'm talking about android
2017-05-18 13:00:43 <Tsutsukakushi> and run it
2017-05-18 13:00:45 <Shiz> ^7heo: you are very very wrong
2017-05-18 13:00:46 <^7heo> ASOP
2017-05-18 13:00:52 <Tsutsukakushi> but
2017-05-18 13:00:54 <Shiz> linux-hardened has nothing to do with android...
2017-05-18 13:00:58 <Tsutsukakushi> you were just talking about completely other stuff
2017-05-18 13:01:10 <^7heo> Shiz: stop saying that I'm wrong BEFORE you have a change to understand what I'm talking about...
2017-05-18 13:01:17 <^7heo> Shiz: that doesn't help with anything...
2017-05-18 13:01:37 <^7heo> Tsutsukakushi: well, it's easy to integreate with Linux in the scope of Alpine.
2017-05-18 13:01:44 <Tsutsukakushi> so you aren't talking about that linux-hardened anymore
2017-05-18 13:01:47 <Tsutsukakushi> but about something else?
2017-05-18 13:01:57 <^7heo> Tsutsukakushi: but yes you're right, that's not what I'm talking about; I was saying: "it's not easily available yet."
2017-05-18 13:02:08 <Tsutsukakushi> yes
2017-05-18 13:02:18 <Tsutsukakushi> and that sounded like it was about the last thing discussed
2017-05-18 13:02:31 <Tsutsukakushi> which was linux-hardened
2017-05-18 13:02:31 <^7heo> well, the linux-hardened repo/project.
2017-05-18 13:02:34 <^7heo> yes.
2017-05-18 13:02:42 <Shiz> so i stay with my point
2017-05-18 13:02:57 <Shiz> linux-hardened has nothing to do with copperhead
2017-05-18 13:02:58 <jirutka> Shiz: ^7heo: hm, maybe it’s really KSPP… sounds familiar… so I was half-right, it doesn’t start with “A”, but has 4 letters XD
2017-05-18 13:03:02 <Shiz> except that copperhead may use it at one point
2017-05-18 13:03:09 <Shiz> there's no money intention in linux-hardened
2017-05-18 13:03:15 <Shiz> and it's as easily available as cloning the repo and building it
2017-05-18 13:03:18 <Shiz> just like upstream linux
2017-05-18 13:03:48 <^7heo> well, if you call "cloning the project, applying it, solving the conflicts, doing all the work so you get a working kernel, and then putting the working kernel package on the repos" easy
2017-05-18 13:03:53 <^7heo> then yes it's easy.
2017-05-18 13:04:02 <^7heo> I'm talking about "downloading binary, installing binary" easy.
2017-05-18 13:04:11 <Shiz> uuh
2017-05-18 13:04:14 <Shiz> you don't need to apply anything
2017-05-18 13:04:18 <Shiz> the cloned repo IS the final tree
2017-05-18 13:04:25 <^7heo> So you just clone and make?
2017-05-18 13:04:25 <Shiz> and this is not different from upstream linux
2017-05-18 13:04:27 <Shiz> yes
2017-05-18 13:04:29 <^7heo> ah
2017-05-18 13:04:40 <^7heo> I didn't get that part.
2017-05-18 13:04:49 <^7heo> please disregard what I have been saying then.
2017-05-18 13:05:13 <Tsutsukakushi> well, you clone, make menuconfig and make
2017-05-18 13:05:16 <Shiz> :p
2017-05-18 13:05:20 <^7heo> yeah yeah like a normal kernel.
2017-05-18 13:05:21 <^7heo> my bad.
2017-05-18 13:05:27 <Tsutsukakushi> gotta enable the features
2017-05-18 13:05:30 <^7heo> true.
2017-05-18 13:05:38 <^7heo> but I expected it to be a set of patches in a repo.
2017-05-18 13:05:43 <^7heo> I didn't look in depth yet.
2017-05-18 13:05:58 <^7heo> Then it's a really cool work.
2017-05-18 13:06:35 <Shiz> we gotta evaluate later just how viable/quality it is
2017-05-18 13:06:36 <^7heo> Also: <@Shiz> linux-hardened has nothing to do with copperhead
2017-05-18 13:06:38 <Shiz> but first, 3.6
2017-05-18 13:06:40 <^7heo> It has
2017-05-18 13:06:45 <^7heo> same guy is doing both.
2017-05-18 13:06:56 <Shiz> ^7heo: your own remark goes back to you, read further
2017-05-18 13:06:59 <Shiz>    @Shiz │ except that copperhead may use it at one point
2017-05-18 13:07:06 <Shiz> :p
2017-05-18 13:07:13 <^7heo> but that was my entire point tbh
2017-05-18 13:07:14 <^7heo> they already do
2017-05-18 13:07:18 <^7heo> on Pixel/Pixel XL
2017-05-18 13:07:20 <Shiz> not afaik
2017-05-18 13:07:24 <^7heo> really?
2017-05-18 13:07:48 <^7heo> I do not have sources on that other than my memory, from IRC conversations
2017-05-18 13:07:57 <Shiz> the last copperhead OS build was may 1st
2017-05-18 13:08:06 <^7heo> that's not true.
2017-05-18 13:08:09 <^7heo> You can't know that.
2017-05-18 13:08:12 <^7heo> because:
2017-05-18 13:08:14 <Shiz> https://copperhead.co/android/downloads
2017-05-18 13:08:16 <Shiz> ...
2017-05-18 13:08:18 <^7heo> the images for Pixel/Pixel XL are NOT avaialble.
2017-05-18 13:08:28 <^7heo> you gotta pay for them; and only with a new Pixel device.
2017-05-18 13:08:29 <Shiz> yes they are?
2017-05-18 13:08:34 <Shiz> or at least
2017-05-18 13:08:35 <Shiz> their dates are
2017-05-18 13:08:37 <Shiz> they are right htere on the site
2017-05-18 13:08:45 <Shiz> Pixel N2G47O.2017.05.01.22.35.44
2017-05-18 13:08:51 <Shiz> Pixel XL N2G47O.2017.05.01.22.35.44
2017-05-18 13:08:53 <^7heo> Right, that was even on twitter.
2017-05-18 13:08:53 <Shiz> so yes, I can know that
2017-05-18 13:09:06 <^7heo> Lemme fetch the tweet.
2017-05-18 13:09:11 <^7heo> because I beg to differ there.
2017-05-18 13:09:18 <^7heo> I believe the dates on the website are not correct.
2017-05-18 13:12:12 <^7heo> Ok, I need more practice with twitter.
2017-05-18 13:12:14 <^7heo> You're right.
2017-05-18 13:12:21 <^7heo> it's just a *pinned* tweet.
2017-05-18 13:12:25 <^7heo> Not a new one.
2017-05-18 13:12:26 <^7heo> v_v
2017-05-18 13:13:02 <Shiz> :P
2017-05-18 13:13:33 <^7heo> Sorry Shiz, and you're right, the Pixel images are likely not containing the linux-hardened since it would mean that strcat would have intentionally antidated the commits on github just for that sake.
2017-05-18 13:16:17 <fcolista> ncopa, I added this: http://tpaste.us/Bewn for having a custom iso with zfs, then i've generated the iso with:
2017-05-18 13:16:18 <fcolista>  sh mkimage.sh --tag edge --outdir /home/fcolista/iso --arch x86_64 --repository http://d
2017-05-18 13:16:18 <fcolista> l-cdn.alpinelinux.org/alpine/edge/main --profile custom
2017-05-18 13:16:58 <ncopa> fcolista i dont think it will work
2017-05-18 13:17:01 <fcolista> would be nice having the part "custom" of profile actually customizable, maybe taking as input a yaml
2017-05-18 13:17:10 <fcolista> ncopa, it worked :)
2017-05-18 13:17:17 <ncopa> ok, nice
2017-05-18 13:17:18 <fcolista> I had the iso created
2017-05-18 13:17:36 <fcolista> x86_64-edge:~/iso$ ls -l
2017-05-18 13:17:37 <fcolista> total 302080
2017-05-18 13:17:37 <fcolista> -rw-r--r--    1 fcolista fcolista 309329920 May 17 14:49 alpine-custom-edge-x86_64.iso
2017-05-18 13:17:57 <fcolista> then i've made a bootable usb with this iso, and i had zfs up and running
2017-05-18 13:18:12 <ncopa> ok
2017-05-18 13:18:28 <fcolista> dunno if it's the right approach to have custom iso, though
2017-05-18 13:19:47 <ncopa> i think you could do mkimg.zfs.sh
2017-05-18 13:20:10 <ncopa> and instead of profile_custom(){ .. }
2017-05-18 13:20:18 <ncopa> you call it profile_zfs
2017-05-18 13:20:54 <ncopa> then you do --profile zfs
2017-05-18 13:20:55 <ncopa> that said
2017-05-18 13:21:25 <ncopa> i was thinking about adding zfs kernel modules to alpine-extended
2017-05-18 13:21:58 <fcolista> ncopa, what about a more-general custom iso?
2017-05-18 13:22:14 <ncopa> how do you mean?
2017-05-18 13:22:25 <ncopa> if you want make a custom iso you make a new profile
2017-05-18 13:22:33 <fcolista> Like a user that wants his own iso, with custom apks
2017-05-18 13:22:49 <fcolista> and feed a only mkimg.custom.sh with a yaml file maybe
2017-05-18 13:23:54 <ncopa> what if he wants other kernel flavor?
2017-05-18 13:24:07 <ncopa> or what if he want or not want serial console?
2017-05-18 13:24:37 <ncopa> the idea is that you can define your own profile
2017-05-18 13:24:37 <fcolista> Right. Maybe those can be passed as options
2017-05-18 13:25:00 <ncopa> or he could define what he wants in his profile
2017-05-18 13:25:47 <fcolista> yes, true. Would be nice to have it documented, since the wiki page related to "custom ISO" is outdated i believe
2017-05-18 13:26:24 <ncopa> yup
2017-05-18 13:26:33 <fcolista> thx for the feedback though ncopa
2017-05-18 13:26:44 <ncopa> however, that profile_custom
2017-05-18 13:27:00 <ncopa> we could ship it as mkimg.custom.sh
2017-05-18 13:27:09 <ncopa> and add comments
2017-05-18 13:27:31 <ncopa> then it should be relatively easy for people to figure out how to make a custom iso
2017-05-18 13:27:55 <ncopa> eg the mkimg.custom.sh would only be as an example
2017-05-18 13:29:21 <ncopa> what do you think about adding zfs modules to the alpine-extended iso?
2017-05-18 13:29:55 <fcolista> ncopa, i don't know how much stable/mature is
2017-05-18 13:29:59 <fcolista> since i didn't tested it
2017-05-18 13:30:04 <ncopa> it works
2017-05-18 13:30:09 <ncopa> i use it on my laptop
2017-05-18 13:30:13 <fcolista> oh
2017-05-18 13:30:18 <fcolista> that's cool
2017-05-18 13:30:28 <fcolista> so i'm ok with that then
2017-05-18 13:30:44 <ncopa> the current problem is that it is inconvenient to install alpine on zfs root
2017-05-18 13:31:01 <ncopa> becaue you need to boot something with zfs modules afailable
2017-05-18 13:31:09 <ncopa> available*
2017-05-18 13:31:30 <fcolista> alpine-extended that ships it as a module by default would solve it
2017-05-18 13:31:47 <ncopa> yes
2017-05-18 13:32:14 <ncopa> we should probably also ship the zfs userpace package there too
2017-05-18 13:32:23 <fcolista> yes ofc
2017-05-18 13:32:38 <fcolista> in the alpine-extended it really makes sense
2017-05-18 14:07:37 <clandmeter> How would somebody know he needs extended iso for zfs support?
2017-05-18 15:21:28 <ncopa> the only issue i see with it is possible legal issues
2017-05-18 15:24:03 <Shiz> we already distribute zfs binaries, though
2017-05-18 15:27:04 <ncopa> https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/
2017-05-18 15:27:06 <ncopa> true
2017-05-18 15:28:58 <jirutka> someone mentioned some tool for maintaining patches few weeks ago… does anyone remember name of the tool?
2017-05-18 15:29:20 <_ikke_> quilt?
2017-05-18 15:29:37 <jirutka> I’m looking for something that would help me with porting patches to newer version of code base
2017-05-18 15:31:43 <Shiz> sounds like quilt
2017-05-18 15:31:48 <Shiz> although you may want to just use git :P
2017-05-18 15:31:57 <_ikke_> jirutka: was it in this channel?
2017-05-18 15:32:13 <jirutka> yeah, quilt
2017-05-18 15:32:16 <jirutka> thanks
2017-05-18 15:55:01 <ncopa> anyone volunteer to write a release notes for 3.6.0?
2017-05-18 15:55:11 <clandmeter> 
ACTION hides

2017-05-18 15:55:11 <ncopa> i mean
2017-05-18 15:55:31 <ncopa> can someone help me write a proposal for 3.6.0 release notes
2017-05-18 15:55:45 <clandmeter> i think Shiz did a good job last time.
2017-05-18 15:55:52 <TemptorSent> fcolista: RE ZFS and custom isos, it's solved problem in my branch of mkimage, but waiting on fixes to apk to make it user-ready (waiting several minutes to extract the manifest from an apk is a deal-breaker)
2017-05-18 15:56:31 <ncopa> then publish the proposal here so we can discuss it so we dont forget anything important
2017-05-18 15:56:57 <ncopa> TemptorSent: fcolista has slightly different problem than you had, his iso works
2017-05-18 15:57:18 <ncopa> he does not need the zfs userspace in his initramfs
2017-05-18 15:57:56 <TemptorSent> ncopa: Ahh, then it should just be a matter of adding it to the image's local repo.
2017-05-18 15:58:20 <clandmeter> the problem is there is no documentation about mkimage
2017-05-18 15:58:29 <ncopa> yeah
2017-05-18 15:58:34 <TemptorSent> True.
2017-05-18 15:58:43 <clandmeter> ive seen multiple ppl try using alpine-iso
2017-05-18 15:58:48 <clandmeter> im not sure it still works
2017-05-18 15:58:52 <TemptorSent> *lol* Yeah, I was one of them.
2017-05-18 15:59:32 <clandmeter> the wiki entry really needs a redirect to mkimage.sh
2017-05-18 16:00:07 <clandmeter> or atleast a notice of its abandon state
2017-05-18 16:00:41 <TemptorSent> ncopa: Any ETA on the extraction of checksums from apks that you're aware of?
2017-05-18 16:01:03 <ncopa> ?
2017-05-18 16:02:20 <TemptorSent> ncopa: The usability holdup on my mkimage branch at this point is the fact that I'm having to extract the checksums from the pax archive headers using awk, which takes ENTIRELY too long for things such as the kernel/firmware.
2017-05-18 16:03:55 <TemptorSent> kaniini had mentioned he thought it should be fairly easy to add that functionality, but we're looking after 3.6 drops unless something changes IIRC.
2017-05-18 16:04:20 <clandmeter> ncopa, mkimage is since 3.5 right?
2017-05-18 16:05:16 <clandmeter> I added a obsolete mark on our wiki entry.
2017-05-18 16:10:15 <ncopa> TemptorSent  it does sound fairly easy to add it
2017-05-18 16:10:34 <jirutka> uh, there are sooo many changes since 3.5, it’ll be quite hard to remember them all; maybe we should write it continually next time
2017-05-18 16:10:55 <ncopa> TemptorSent but it will not happne before 3.6 release
2017-05-18 16:11:06 <jirutka> what I remember from head: rust, rust, cargo, rust!
2017-05-18 16:11:07 <TemptorSent> ncopa: That would significantly speed up the most painful part.
2017-05-18 16:11:32 <TemptorSent> Understood - that's why I suspended work on the new mkimage suite until after 3.6 drops.
2017-05-18 16:11:39 <jirutka> then ghc
2017-05-18 16:11:46 <jirutka> and from less important: php7
2017-05-18 16:11:51 <ncopa> jirutka yes, i was also thinking of writing a plan for 3.7 release and goals
2017-05-18 16:12:01 <jirutka> llvm4
2017-05-18 16:12:03 <ncopa> from the top of my head:
2017-05-18 16:12:35 <TemptorSent> kernel grsec->hardened
2017-05-18 16:12:48 <jirutka> important change: llvm is out, every llvm package has version suffix now, the latest is llvm4, the latest also provides="llvm-*-$pkgver-r$pkgrel"
2017-05-18 16:13:32 <jirutka> but other llvm components, clang, lldb, lld, llvm-libunwind, … are in single version, built against the latest llvm
2017-05-18 16:13:35 <ncopa> php 7.1, gcc 6.3
2017-05-18 16:14:10 <TemptorSent> release notes should probablyt note the change to 'set -e' in abuild.
2017-05-18 16:14:16 <jirutka> we have added lld, llvm-libunwind and libc++ (if you move it to community)
2017-05-18 16:14:17 <ncopa> go 1.8
2017-05-18 16:14:30 <ncopa> did we update phyth 3 version?
2017-05-18 16:14:34 <ncopa> python*
2017-05-18 16:14:38 <jirutka> yes, 3.6
2017-05-18 16:14:59 <ncopa> basically all languages that updated significantly
2017-05-18 16:14:59 <jirutka> also luajit-2.1_beta3
2017-05-18 16:15:14 <ncopa> is it incompatible with previous luajit?
2017-05-18 16:15:22 <jirutka> I hope that it’s not
2017-05-18 16:15:34 <ncopa> then its lower prio
2017-05-18 16:15:44 <ncopa> if we get too much stuff we can drop mention it
2017-05-18 16:16:11 <ncopa> postgresql update needs to be mentioned but i dont think we updated it
2017-05-18 16:16:11 <jirutka> emscripten
2017-05-18 16:16:13 <TemptorSent> What's status on pgsql? Has anyone packaged 10b1?
2017-05-18 16:16:20 <ncopa> no
2017-05-18 16:16:23 <jirutka> well, at least emscripten-fastcomp (their llvm fork)
2017-05-18 16:16:44 <jirutka> emscripten itself is still in testing, I don’t know if I want to move it to community, emscripten is mess
2017-05-18 16:16:45 <ncopa> important stuff is things that can make things break when people upgrade
2017-05-18 16:16:50 <TemptorSent> There are major breaking changes in pgsql 10 vs. 9.6, including changing versioning scheme.
2017-05-18 16:17:15 <jirutka> we don’t have pgsql 10, cause it’s not released yet
2017-05-18 16:17:26 <TemptorSent> Beta 1 just dropped.
2017-05-18 16:17:28 <kaniini> reworking kernel packaging is on my todo list for 3.7
2017-05-18 16:17:32 <jirutka> beta…
2017-05-18 16:17:35 <Shiz> clandmeter: i never wrote release notes...
2017-05-18 16:17:40 <ncopa> lol
2017-05-18 16:17:57 <kaniini> so that third-party modules are built against all arch-specific flavors
2017-05-18 16:17:59 <jirutka> nginx updated to 1.12
2017-05-18 16:18:05 <kaniini> instead of having one APKBUILD for each flavor
2017-05-18 16:18:06 <ncopa> that is significant
2017-05-18 16:18:07 <Shiz> fix some important apk bugs
2017-05-18 16:18:09 <Shiz> :P
2017-05-18 16:18:17 <Shiz> important for rel notes
2017-05-18 16:18:18 <kaniini> ya
2017-05-18 16:18:25 <kaniini> like how providers are handled
2017-05-18 16:18:26 <kaniini> :P
2017-05-18 16:18:27 <TemptorSent> kaniini - good, that's critical. I'm still getting broken modules on upgrade until I reboot.
2017-05-18 16:18:55 <ncopa> so we can group them like
2017-05-18 16:19:08 <ncopa> - (possibly) breaking changes
2017-05-18 16:19:14 <ncopa> - significant fixes
2017-05-18 16:19:30 <jirutka> ruby 2.3 → 2.4
2017-05-18 16:19:32 <ncopa> not sure if we backported the apk fixes?
2017-05-18 16:19:33 <ncopa> yes
2017-05-18 16:19:47 <Shiz> kernel update too ofc
2017-05-18 16:19:48 <jirutka> abuild set -e and check
2017-05-18 16:19:56 <ncopa> kernel too yes
2017-05-18 16:20:06 <Shiz> is linux-hardened in the repo on 4.9.28?
2017-05-18 16:20:07 <TemptorSent> At the least, the russian roulette patch should be backported.
2017-05-18 16:20:12 <ncopa> abuild set -e is not that important
2017-05-18 16:20:39 <ncopa> i mean not for most runtime users
2017-05-18 16:20:46 <jirutka> hm, true
2017-05-18 16:20:51 <ncopa> its ofc a very good thing for devs
2017-05-18 16:21:02 <ncopa> - devs improvements
2017-05-18 16:21:03 <TemptorSent> ncopa: set -e may break someone's local abuilds, so a note is probably worthwhile still.
2017-05-18 16:21:05 <kaniini> TemptorSent: yes, i want to make sure that it is packaged in a way that apk will group the upgrades atomically
2017-05-18 16:21:06 <kaniini> what is annoying is: some packages are right, others are not
2017-05-18 16:21:55 <ncopa> Shiz: Linux ncopa-desktop 4.9.28-1-hardened
2017-05-18 16:21:56 <TemptorSent> kaniini: Let's figure out what the RIGHT way is, then force everything into that form.
2017-05-18 16:22:09 <kaniini> TemptorSent: i already know what the right way is
2017-05-18 16:22:13 <ncopa> oh
2017-05-18 16:22:28 <ncopa> significant new stuff: ppc64le, s390x support
2017-05-18 16:22:37 <jirutka> yes
2017-05-18 16:22:41 <TemptorSent> kaniini: Okay, cool :)
2017-05-18 16:22:58 <clandmeter> Shiz, then it was somebody who looked like you :)
2017-05-18 16:23:06 <Shiz> ncopa: nice
2017-05-18 16:23:11 <kaniini> TemptorSent: backporting russian roulette patch is not necessary
2017-05-18 16:23:12 <Shiz> clandmeter: i take offense to this
2017-05-18 16:23:12 <TemptorSent> kaniini: And this will allow multiple kernel versions installed simultaneously, including their modules, right? :)
2017-05-18 16:23:27 <kaniini> TemptorSent: apk will upgrade itself before running the upgrade transaction(s)
2017-05-18 16:23:49 <kaniini> TemptorSent: that is the goal yes
2017-05-18 16:24:00 <TemptorSent> kaniini: Ahh, okay - wasn't sure if it would screw up the dep calcs before the fact or not.
2017-05-18 16:24:05 <kaniini> TemptorSent: it is going to require some minor changes to abuild
2017-05-18 16:24:45 <TemptorSent> kaniini: Makes sense - essentially dependent packages should be built for each version/flavor.
2017-05-18 16:25:21 <clandmeter> Shiz, sorry I will try not to mistake you next time.
2017-05-18 16:25:26 <Shiz> ;p
2017-05-18 16:25:34 <Shiz> now i'm curious who did in fact do it
2017-05-18 16:25:39 <Shiz> also i don't mind writing relnotes
2017-05-18 16:25:40 <Shiz> fwiw
2017-05-18 16:27:31 <tmh1999> yay ppc64le and s390x support
2017-05-18 16:27:36 <kaniini> TemptorSent: in general, i want to change the way upgrades are grouped too in apk, so that upgrades happen together whenever possible (a package and its subpackages)
2017-05-18 16:28:22 <TemptorSent> kaniini: That would make good logical sense, as well as possibly allowing partial-upgrades in a sane manner.
2017-05-18 16:28:35 <clandmeter> Oh now I remember
2017-05-18 16:28:39 <clandmeter> It was ikke
2017-05-18 16:29:09 <kaniini> 
ACTION is not really convinced on binary format for apkindex though :)

2017-05-18 16:29:16 <Shiz> i see how it is, all of us dutchmen are the same huh
2017-05-18 16:29:34 <kaniini> yes now get in your windmill and shut up
2017-05-18 16:29:34 <TemptorSent> kaniini: At some point, would you be willing to diagram out APK's current structure?
2017-05-18 16:29:34 <Shiz> ;p
2017-05-18 16:29:47 <tmh1999> lol
2017-05-18 16:29:48 <TemptorSent> No binary indexing!
2017-05-18 16:29:53 <kaniini> TemptorSent: given enough whiskey, sure
2017-05-18 16:29:54 <tmh1999> I thought Shiz is Japanese
2017-05-18 16:30:03 <TemptorSent> kaniini: What's your poison? :)
2017-05-18 16:30:12 <Shiz> tmh1999: i don't think weeaboo qualifies as proper japanese
2017-05-18 16:31:11 <kaniini> for apk-tools my personal todo list is basically
2017-05-18 16:31:22 <kaniini> - apk install/remove as alternates for apk add/del
2017-05-18 16:31:30 <TemptorSent> kaniini: I'm still trying to understand the resolution process in apk, as it's several layers it seems.
2017-05-18 16:31:33 <Shiz> でも。。。ありがとう
2017-05-18 16:31:38 <Shiz> moving on
2017-05-18 16:31:51 <kaniini> - apk contents dumper
2017-05-18 16:32:05 <kaniini> - apk builder
2017-05-18 16:32:31 <kaniini> - grouping package changes into subtransactions sorted by origin
2017-05-18 16:32:31 <TemptorSent> Those two are essentially 'pax' + some metadata, correct?
2017-05-18 16:32:48 <kaniini> - ed25519 key support
2017-05-18 16:33:46 <kaniini> - apk subcommand support (like git, so you can install apk-foo binary and have it integrate into the package manager)
2017-05-18 16:34:04 <TemptorSent> I'm liking it kaniini.
2017-05-18 16:34:08 <kaniini> - apk dist-upgrade as alias for apk upgrade --available
2017-05-18 16:34:41 <kaniini> all of that should be in 3.7
2017-05-18 16:34:43 <kaniini> no promises, but i will try
2017-05-18 16:34:53 <kaniini> oh, also
2017-05-18 16:35:05 <TemptorSent> kaniini: That would represent major improvements to usability.
2017-05-18 16:35:10 <kaniini> - ability to record external installed files into the package manager database
2017-05-18 16:35:28 <Shiz> i don't like the dist-upgrade term :(
2017-05-18 16:35:33 <kaniini> (so you can do pip3.6 install foo, and pip3.6 can then record the files it now controls in apk's database so it leaves them alone)
2017-05-18 16:35:54 <jirutka> kaniini: +1
2017-05-18 16:36:40 <jirutka> kaniini: what about something like “alternatives”? we need it badly
2017-05-18 16:36:42 <TemptorSent> kaniini: Along with that, can we add a means of handling symlinks?
2017-05-18 16:36:45 <kaniini> (the plan there is to allow pip and others to actually leverage the package building functionality and then install the package)
2017-05-18 16:37:03 <kaniini> jirutka: yes, alternatives is something i am looking into as well
2017-05-18 16:37:25 <kaniini> as for fabled's binary indexes
2017-05-18 16:37:30 <kaniini> i'm not 100% on them
2017-05-18 16:37:30 <TemptorSent> I have 'alternatives' partially implemented.
2017-05-18 16:37:44 <kaniini> it may save a few msec of time, but i don't really think we need to worry about that
2017-05-18 16:37:49 <TemptorSent> I do not like the idea of binary indicies
2017-05-18 16:37:51 <kaniini> apk is already waaaaaay faster than most
2017-05-18 16:38:11 <TemptorSent> If needed, a binary cache is a possibility I suppose.
2017-05-18 16:40:51 <TemptorSent> kaniini: Can we put the apk work list somewhere on the wiki perhaps?
2017-05-18 16:40:56 <kaniini> jirutka: so on alternatives,
2017-05-18 16:41:08 <kaniini> jirutka: i don't think it is appropriate to have them in apk
2017-05-18 16:41:24 <jirutka> kaniini: agree, it should be a separate utility
2017-05-18 16:41:51 <jirutka> kaniini: I just thought that it’s relevant to bring it to this discussion
2017-05-18 16:42:12 <TemptorSent> kaniini, jirutka: Agreed - although apk could indicate the which providers are available.
2017-05-18 16:42:47 <kaniini> TemptorSent: it could, but then we just created yet another alternatives implementation tied to a package manager
2017-05-18 16:42:52 <kaniini> TemptorSent: and in reality, like all the others, it will suck
2017-05-18 16:43:21 <kaniini> 
ACTION is more into solving specific problem domains with specific tools

2017-05-18 16:43:23 <TemptorSent> kaniini: No need for it to do anything special, just expose the information in the abuild.
2017-05-18 16:43:46 <kaniini> TemptorSent: abuild can just as easily create a file in /etc/alternatives/$pkgname
2017-05-18 16:44:11 <TemptorSent> kaniini: Right, but that won't be available until the package is installed.
2017-05-18 16:44:13 <kaniini> TemptorSent: which is a lot cleaner
2017-05-18 16:44:34 <kaniini> TemptorSent: provides and alternatives are different things
2017-05-18 16:44:45 <TemptorSent> kaniini: I'm considering the "Which providers can I use for this functionality"
2017-05-18 16:44:51 <kaniini> TemptorSent: if a packager wants to make apk aware of it, she should use $provides
2017-05-18 16:45:26 <TemptorSent> kaniini: For instance, "What are my alternatives for 'ssh'?"
2017-05-18 16:45:39 <kaniini> TemptorSent: apk search --provider ssh
2017-05-18 16:45:50 <kaniini> TemptorSent: searching by $provides is already on my todo, but maybe not for 3.7
2017-05-18 16:46:34 <TemptorSent> Does that work for both openssh and dropbear? If so, that's all we need from apk.
2017-05-18 16:47:01 <TemptorSent> The utility can manage which one is in use, but it needs to have a way of knowing what's available.
2017-05-18 16:47:02 <kaniini> TemptorSent: it does not work for that yet, as nobody has added that metadata... but that is basically what i plan to do.  i dont see it as related to alternatives
2017-05-18 16:47:15 <kaniini> TemptorSent: you can already install openssh and dropbear at same time, for example
2017-05-18 16:47:41 <TemptorSent> Right, the 'alternatives' part would be selecting which of them handles incomming connections.
2017-05-18 16:47:55 <kaniini> no it wouldn't
2017-05-18 16:48:04 <kaniini> you apparently don't know what we mean by alternatives
2017-05-18 16:48:05 <kaniini> :D
2017-05-18 16:48:17 <TemptorSent> Okay, I guess not?
2017-05-18 16:48:30 <kaniini> alternatives is
2017-05-18 16:48:43 <kaniini> two packages provide /usr/bin/pkg-config
2017-05-18 16:48:54 <kaniini> we want both installed
2017-05-18 16:49:03 <jirutka> kaniini: what about support for installing multiple versions of same pkg simultaneously? I’m thinking about preparation to bury FHS…
2017-05-18 16:49:08 <TemptorSent> Right, that's the simple case.
2017-05-18 16:49:11 <kaniini> so those packages rename their /usr/bin/pkg-config to /usr/bin/pkg-config.pkg-config and /usr/bin/pkg-config.pkgconf
2017-05-18 16:49:57 <TemptorSent> kaniini: Direct replacement is easy to manage with a symlink or wrapper.
2017-05-18 16:49:58 <kaniini> jirutka: to add that to apk would be a ton of work
2017-05-18 16:50:09 <kaniini> TemptorSent: right, that is what we are talking about
2017-05-18 16:50:33 <jirutka> kaniini: but it’ll be definitely worth it ;)
2017-05-18 16:50:35 <TemptorSent> kaniini: Okay, that's only a portion of what I was considering.
2017-05-18 16:51:01 <kaniini> TemptorSent: yes i like shipping things and then incrementally improving on them instead of solving all things at once.  it means we ship on time.
2017-05-18 16:51:11 <TemptorSent> kaniini: I also have support for different packages providing the same functionality even if they have different configs.
2017-05-18 16:52:11 <TemptorSent> kaniini: Agreed - although sometimes it's harder to implement a partial solution than the whole thing.
2017-05-18 16:53:03 <kaniini> jirutka: i have grave concerns about departing from FHS in a way that is actually usable
2017-05-18 16:53:22 <TemptorSent> kaniini: On the apk side, all that's needed is a bit of meta-data to indicate what functionality the package provides.
2017-05-18 16:53:59 <TemptorSent> kaniini: LFHS is a bloody disaster IMHO, and has been since shortly after it's inception.
2017-05-18 16:54:14 <jirutka> kaniini: me, skarnet and others think that it’s unavoidable and very needed, FHS is broken by design
2017-05-18 16:55:02 <kaniini> jirutka: okay, when you, skarnet and others come up with a proposal to do this that won't confuse the shit out of some guy downloading an alpine ISO and trying it out, we can talk ;)
2017-05-18 16:55:12 <TemptorSent> kaniini, jirutka: It's essentially impossible to correctly implement a system following FHS.
2017-05-18 16:55:34 <jirutka> kaniini: the idea is to install pkgs into /something/$pkgname-$pkgver and use FHS structure like /usr/bin, /usr/lib etc. just for symlinks into /something/…
2017-05-18 16:55:36 <kaniini> TemptorSent: when i say "departing from FHS", what i really mean is "departing from alpine's implementation of FHS"
2017-05-18 16:56:07 <TemptorSent> kaniini: *lol* Well, as long as alpine's implementation of FHS isn't the LFHS, we're good :)
2017-05-18 16:56:24 <Shiz> i agree with kaniini re:fhs
2017-05-18 16:56:46 <TemptorSent> Redhat bjorked LFHS badly very early on.
2017-05-18 16:56:52 <Shiz> a big concern about departing from our layout to a /pkg like structure is
2017-05-18 16:56:59 <Shiz> reasonable partition segmentation dies
2017-05-18 16:57:14 <jirutka> kaniini: ofc, I’m just mentioning some preconditions for apk…
2017-05-18 16:57:14 <Shiz> e.g. i can't segment /var to its own partition anymore
2017-05-18 16:57:35 <kaniini> Shiz: yes, that too
2017-05-18 16:57:47 <jirutka> wait, I’m definitely not saying store everything, including logs and configs of apps, into /something/$pkgname!!
2017-05-18 16:58:05 <kaniini> jirutka: no but if i want /usr to be separate from /
2017-05-18 16:58:07 <TemptorSent> Shiz: Not necessarily - it depends on how the packages are exposed and where their data lives.
2017-05-18 16:58:07 <kaniini> jirutka: same thing
2017-05-18 16:58:15 <Shiz> kaniini: eh, separate /usr can die
2017-05-18 16:58:16 <Shiz> :P
2017-05-18 16:58:21 <jirutka> . /etc, /var/log, /var/lib makes sense and they should stay, at least the separation, not necessary these names
2017-05-18 16:58:24 <TemptorSent> No, seperate /usr can not die!
2017-05-18 16:58:34 <Shiz> it can very much die
2017-05-18 16:58:53 <kaniini> anyway, i do not see alpine moving away from its current filesystem layout anytime soon
2017-05-18 16:58:56 <jirutka> yes, separate /usr has no sense
2017-05-18 16:59:12 <TemptorSent> Shiz: Yes, I've read all the BS on why /usr isnt' needed any more, but it's BS IMNSHO.
2017-05-18 16:59:16 <jirutka> and never had, just some ppl made up some sense that never was there
2017-05-18 16:59:33 <Shiz> jirutka: it had some use before initrd/initramfs existed
2017-05-18 16:59:38 <Shiz> but now, no
2017-05-18 16:59:42 <TemptorSent> I frequently mount /usr from a different location.
2017-05-18 16:59:57 <TemptorSent> Not to mention with differnt mount options, which is the real big issue.
2017-05-18 16:59:58 <jirutka> Shiz: exactly
2017-05-18 17:00:12 <jirutka> TemptorSent: and you’re doing it why? b/c you can?
2017-05-18 17:00:34 <Shiz> let's delay this discussion for later
2017-05-18 17:00:36 <Shiz> :p
2017-05-18 17:00:47 <kaniini> like, if somebody seriously tries to shove that into alpine without testing it, i will just fork the distro and go on my own way :P
2017-05-18 17:00:53 <jirutka> stop overcomplicating things just b/c 0.01 % of ppl do crazy things just b/c they can…
2017-05-18 17:01:12 <kaniini> okay, here is another reason i am against it
2017-05-18 17:01:25 <kaniini> i do not want to waste cpu time and inodes on storing and resolving symlinks
2017-05-18 17:01:55 <Shiz> then hardlink
2017-05-18 17:01:59 <TemptorSent> kaniini: That's possibly a valid concern.
2017-05-18 17:02:03 <jirutka> kaniini: agree, we should definitely think about it and write proposal before migrating, I’m just saying what would be needed from apk to make it really useful and these changes are not tightly coupled with particular FS hirearchy
2017-05-18 17:02:09 <TemptorSent> Shiz: Nope, hardlinks across FS don't work.
2017-05-18 17:02:51 <Shiz> anyway
2017-05-18 17:02:53 <jirutka> kaniini: symlinks are meant mainly for backward compatibility
2017-05-18 17:02:55 <Shiz> topic for a later time
2017-05-18 17:03:03 <Shiz> and that time is not now
2017-05-18 17:03:06 <Shiz> what is now is 3.6 releasing
2017-05-18 17:03:08 <Shiz> :P
2017-05-18 17:03:20 <jirutka> and hardlinks are really not a good idea for this, as TemptorSent noted and there are more reasons
2017-05-18 17:03:25 <TemptorSent> Agreed Shiz -- but we probably should start writing up notes.
2017-05-18 17:03:27 <jirutka> Shiz: yes
2017-05-18 17:04:29 <kaniini> jirutka: any such proposal must have a way to entirely opt out of it
2017-05-18 17:04:31 <TemptorSent> I hate to say it, but we really need to build up roadmap.
2017-05-18 17:05:01 <jirutka> kaniini: what do you mean? opt-out for users?
2017-05-18 17:05:07 <jirutka> kaniini: that would be insane
2017-05-18 17:05:32 <jirutka> kaniini: the goal is to decrease complexity, not to increase it!
2017-05-18 17:05:49 <kaniini> i am quite happy with my filesystem the way it presently is
2017-05-18 17:06:02 <TemptorSent> Not necessarily so insane - it could install either way without major changes.
2017-05-18 17:06:12 <jirutka> TemptorSent: definitely not
2017-05-18 17:06:21 <jirutka> TemptorSent: it’d be better to keep FHS than making a hybrid
2017-05-18 17:06:35 <jirutka> TemptorSent: that would just bring the worst from both worlds
2017-05-18 17:06:47 <TemptorSent> jirutka: I mean apk could install it either way, the FHS shouldn't matter.
2017-05-18 17:06:56 <Shiz> and yet the conversation continues
2017-05-18 17:07:03 <jirutka> TemptorSent: maybe you don’t see all consequences
2017-05-18 17:07:08 <jirutka> ok, stop here
2017-05-18 17:07:56 <TemptorSent> Looking at the apk-tools themselves, they should be FHS agnostic IMHO.
2017-05-18 17:08:09 <jirutka> TemptorSent: omg, this is not only about apk-tools
2017-05-18 17:08:14 <TemptorSent> The details should be in the packaging.
2017-05-18 17:08:55 <kaniini> i do not want /pkgs
2017-05-18 17:08:57 <TemptorSent> Right, I'm looking at kaniini's TODO and what is needed in APK to support a non-LFHS system.
2017-05-18 17:09:02 <kaniini> if i am forced to have /pkgs, i will stop using alpine
2017-05-18 17:09:08 <kaniini> 100%
2017-05-18 17:09:13 <kaniini> yes, the conversation continues, because i do not want to wake up one day to have /pkgs
2017-05-18 17:09:17 <jirutka> TemptorSent: but yes, I’ve mentioned multiple times that allow apk to install multiple versions simultaneously is not about FHS, no-FHS or anything, it’s very valid feature agnostic towards FS scheme
2017-05-18 17:09:21 <kaniini> correct: it's about systemd-like tactics to force people to have things they don't want
2017-05-18 17:09:24 <kaniini> i do not want /pkgs
2017-05-18 17:09:43 <jirutka> kaniini: could you please think about it a bit more before writing such strong words?
2017-05-18 17:09:52 <kaniini> i have thought about it, and i do not want it
2017-05-18 17:09:53 <jirutka> kaniini: I hope that you can see what problems FHS creates
2017-05-18 17:10:06 <kaniini> i do know FHS is flawed, but it is also what my sysadmins already know
2017-05-18 17:10:08 <jirutka> kaniini: and how it’s conceptually wrong (one big mutable state)
2017-05-18 17:10:20 <kaniini> if you want this stuff, go use Nix
2017-05-18 17:10:22 <jirutka> kaniini: so we should suffer from it for eternity or what?
2017-05-18 17:10:22 <kaniini> don't fuck up alpine
2017-05-18 17:10:32 <jirutka> kaniini: it’s not about fucking up alpine, but fixing it…
2017-05-18 17:10:54 <jirutka> kaniini: I don’t want Nix OS b/c systemd
2017-05-18 17:10:55 <kaniini> suddenly freebsd 11 with all of it's bugs looks attractive again
2017-05-18 17:11:11 <kaniini> okay use GNU Guix instead
2017-05-18 17:11:19 <jirutka> no, I want to use Alpine
2017-05-18 17:11:34 <kaniini> clearly you don't, if you want to force /pkgs on everyone
2017-05-18 17:11:40 <jirutka> omfg
2017-05-18 17:11:59 <kaniini> have you considered the overhead this will have for run from ram configs?
2017-05-18 17:12:15 <jirutka> no
2017-05-18 17:12:15 <Shiz> can we stop fighting and concentrate on 3.6 instead
2017-05-18 17:12:23 <Shiz> jirutka: write a proposal about what you want
2017-05-18 17:12:25 <Shiz> then we can discuss it
2017-05-18 17:12:28 <jirutka> but we’ve discussed it multiple times with skarnet and others
2017-05-18 17:12:30 <kaniini> and then i will NAK it
2017-05-18 17:12:38 <kaniini> because i do not want it
2017-05-18 17:12:40 <kaniini> i dont care what skarnet has to say on it
2017-05-18 17:12:44 <jirutka> and we think that it brings much more benefits than negatives
2017-05-18 17:12:46 <Shiz> right now it's just flinging around with no idea of what the other side wants
2017-05-18 17:12:54 <Shiz> so let's not devolve to that further
2017-05-18 17:13:08 <jirutka> and no one is saying that we will force Alpine to it, it’s open discussion
2017-05-18 17:13:13 <kaniini> what i want is quite simple: things to remain the same as it is now
2017-05-18 17:13:14 <jirutka> you’re position is not very constructive now
2017-05-18 17:13:48 <kaniini> if i wind up having to fork alpine to keep my systems the way they are now, that is truly unfortunate
2017-05-18 17:13:48 <TemptorSent> jirutka, kaniini: Let's attack this in detail later, but for now, document the issues so we don't have to rehash them.
2017-05-18 17:14:01 <kaniini> i refuse to work on anything related to this
2017-05-18 17:14:20 <jirutka> kaniini: once again, can you please stop being dickhead, be more open-minded and constructive?
2017-05-18 17:14:22 <kaniini> i am not going to contribute my time to creating a situation i absolutely do not want
2017-05-18 17:14:36 <Shiz> guys, relax
2017-05-18 17:14:47 <Shiz> this clearly isn't the right atmosphere or time to discuss this in
2017-05-18 17:14:49 <jirutka> we wanted to discuss it, not fight about it
2017-05-18 17:14:53 <TemptorSent> kaniini: Do you have solutions for the problems that don't require breaking with LFHS?
2017-05-18 17:14:54 <kaniini> jirutka: once again, can you stop proposing such radical changes to the way the system image is stored on disk?
2017-05-18 17:15:12 <kaniini> TemptorSent: "problems"
2017-05-18 17:15:26 <kaniini> TemptorSent: seems to be working fine for the past, oh, almost 50 years now
2017-05-18 17:15:29 <TemptorSent> The inability to handle multiple versions of a package sanely.
2017-05-18 17:15:39 <kaniini> nope, i don't
2017-05-18 17:15:42 <jirutka> kaniini: you probably don’t see what extreme complexity and problems FHS brings
2017-05-18 17:15:50 <kaniini> jirutka: i really do see
2017-05-18 17:16:06 <jirutka> kaniini: as all other ppl who refuses to change anything and rather makes stupid workarounds for these problems
2017-05-18 17:16:13 <kaniini> jirutka: i also see having to spend lots of time retraining everyone who manages alpine systems on my network how to use /pkgs
2017-05-18 17:16:19 <jirutka> that’s why I don’t use Debian and craps like this
2017-05-18 17:16:22 <kaniini> so i am glad you have told me about this proposal
2017-05-18 17:16:32 <kaniini> so i can certainly halt migrating from freebsd to alpine
2017-05-18 17:16:38 <jirutka> omg
2017-05-18 17:16:42 <TemptorSent> And the library mismatch issues that plague some software (as in one program requires one SPECIFIC version of a lib, while another requries a different rev of the same version)
2017-05-18 17:16:52 <kaniini> TemptorSent: flatpak
2017-05-18 17:17:10 <jirutka> kaniini: flatpak is great example of HACKS (not solutions) for FHS
2017-05-18 17:17:16 <jirutka> and to dynamic linking
2017-05-18 17:17:20 <kaniini> seems to work fine
2017-05-18 17:17:32 <jirutka> yeah, systemd also seems to work fine
2017-05-18 17:17:33 <jirutka> as debian
2017-05-18 17:17:34 <jirutka> and others…
2017-05-18 17:17:45 <TemptorSent> kaniini: Okay, now we're getting closer, except IIRC flatpak add significan overhead, which is what we were trying to avoid..
2017-05-18 17:17:47 <Shiz> i'll compile the above list into a concrete changelog for 3.6
2017-05-18 17:18:03 <TemptorSent> Thank you Shiz.
2017-05-18 17:18:05 <kaniini> kind of ironic that you use systemd as an example here when you intend to use systemd tactics to get /pkgs
2017-05-18 17:18:11 <jirutka> if you want rigid system with tons of legacy shit, then I don’t understand why you use Alpine
2017-05-18 17:18:20 <jirutka> we don’t use glibc! how unconventional!
2017-05-18 17:18:24 <kaniini> who said i want tons of legacy shit
2017-05-18 17:18:32 <jirutka> you’re afraid of changes
2017-05-18 17:18:47 <kaniini> no, i am afraid of specific changes that i see as being an extreme shitshow
2017-05-18 17:18:52 <jirutka> I just mention something about moving out from FHS and you’re freaking out like I’m threating you with a nuclear bomb
2017-05-18 17:19:07 <kaniini> and will refuse, rightly, to contribute to making an extreme shitshow
2017-05-18 17:19:28 <jirutka> once again, this is not constructive at all
2017-05-18 17:19:30 <TemptorSent> Well, to be honest a nuke is probably about the right scale to take out LFHS.
2017-05-18 17:19:49 <jirutka> argument, propose different solutions for certain problems
2017-05-18 17:20:02 <kaniini> trying to emulate FHS ontop of /pkgs will not work reliably
2017-05-18 17:20:20 <kaniini> i can think of many ways the emulated FHS tree will become inconsistent
2017-05-18 17:20:30 <kaniini> please just respect that i do not want this
2017-05-18 17:20:31 <jirutka> afk, I need to do some work and don’t want to be more upset…
2017-05-18 17:21:03 <jirutka> fyi, Homebrew use something like this and it works quite well…
2017-05-18 17:21:09 <kaniini> LOL
2017-05-18 17:21:14 <kaniini> no
2017-05-18 17:21:14 <TemptorSent> Does anyone else remember BEFORE LFHS? We had nice unix flavored directory structures. LFHS is what made a mess of it by assuming everything would be for the same arch/version as the host regardless of where it mounted from.
2017-05-18 17:21:15 <jirutka> it enables things that are impossible on FHS
2017-05-18 17:21:15 <kaniini> homebrew
2017-05-18 17:21:18 <kaniini> is a fucking disaster
2017-05-18 17:21:32 <kaniini> i have to constantly
2017-05-18 17:21:38 <kaniini> reinstall apps on homebrew
2017-05-18 17:21:41 <kaniini> after installing other apps
2017-05-18 17:21:43 <jirutka> it’s not a great inspiration, it has different purpose, but I would not mark it as disaster
2017-05-18 17:21:46 <kaniini> because the symlinks got messed up
2017-05-18 17:22:14 <kaniini> if you want djb linux go make djb linux, don't drag alpine into it
2017-05-18 17:22:19 <TBB> what's this /pkgs thing, software packaged into its own subdirectories or such?
2017-05-18 17:23:07 <jirutka> TBB: it’s a sensible way how to install software, without messing with single big global state and solving tons of prolems with it
2017-05-18 17:23:52 <kaniini> it's also a great way to wind up with a broken emulated FHS
2017-05-18 17:23:59 <TBB> any pointers?
2017-05-18 17:23:59 <TemptorSent> There's no reason it must be in /pkgs, /usr/pkgs would be equally valiud (or possibly moreso)
2017-05-18 17:24:28 <kaniini> 
ACTION puts in remote hands tickets to have freebsd 11 reinstalled on machines now

2017-05-18 17:24:28 <jirutka> TemptorSent: it doesn’t matter how it would be named and where located…
2017-05-18 17:24:52 <TemptorSent> jirutka: Exactly, nor does it need to be a single directory root.
2017-05-18 17:24:56 <kaniini> suddenly broken process scheduling, memory management, and a buggy security hole called libXo look very attractive
2017-05-18 17:25:11 <jirutka> kaniini: that’s your choice…
2017-05-18 17:25:21 <jirutka> stop it please
2017-05-18 17:25:36 <jirutka> we will sometime write some proposal that we can then discuss
2017-05-18 17:25:39 <kaniini> jirutka: it will be the choice of everyone else who has this scheme show up on their machine and has to spend more than 30 seconds debugging it
2017-05-18 17:25:43 <jirutka> this discussion is pointless now
2017-05-18 17:25:46 <kaniini> jirutka: my answer is no
2017-05-18 17:25:50 <kaniini> jirutka: regardless of any proposal
2017-05-18 17:25:58 <jirutka> kaniini: than you know what…
2017-05-18 17:26:03 <Shiz> hmm
2017-05-18 17:26:08 <Shiz> i've got thsi right now
2017-05-18 17:26:17 <Shiz> https://txt.shiz.me/ZjBhMWM3YT
2017-05-18 17:26:21 <Shiz> but surely there is more that can be said
2017-05-18 17:26:22 <Shiz> :)
2017-05-18 17:26:40 <Shiz> also added  * The `-grsec` packages have been renamed to `-hardened`
2017-05-18 17:26:42 <TBB> my initial reaction to this is, both that and the traditional way of packaging are useful. I guess the main question is just how complex will supporting both get. but I think you've gone through that up there already
2017-05-18 17:27:12 <Shiz> jirutka: do you have anything to add to that list?
2017-05-18 17:27:26 <TemptorSent> Version for GHC?
2017-05-18 17:27:56 <jirutka> TBB: yes, that’s the question we have to answer before any move… but it needs constructive discussion, to consider all positives and negatives, not what kaniini is doing right now… ಠ_ಠ
2017-05-18 17:27:57 <kaniini> like
2017-05-18 17:28:01 <kaniini> to be blunt
2017-05-18 17:28:06 <kaniini> i would rather have systemd
2017-05-18 17:28:07 <kaniini> than this
2017-05-18 17:28:40 <tmh1999> Shiz : it should be "IBM System z" I guess
2017-05-18 17:28:49 <Shiz> right
2017-05-18 17:28:54 <Shiz> i was unsure how to name the target
2017-05-18 17:29:11 <jirutka> s390x = IBM System Z ?
2017-05-18 17:29:24 <tmh1999> yeah, I was confused at first. System/390 is more like s390(31 bit), System z is zArchitecture, which is 64 bit
2017-05-18 17:29:42 <jirutka> 31bit? o.O
2017-05-18 17:29:46 <TemptorSent> Yes,
2017-05-18 17:29:50 <kaniini> yes, 31 bit.
2017-05-18 17:29:59 <jirutka> why 31, not 32? o.O
2017-05-18 17:30:09 <kaniini> the highest bit is used for bank
2017-05-18 17:30:11 <Shiz> yeah s390 is not s390x
2017-05-18 17:30:13 <Shiz> i know that much
2017-05-18 17:30:15 <Shiz> s390x is 64-bit for one
2017-05-18 17:30:16 <kaniini> or something weird
2017-05-18 17:30:27 <TemptorSent> System z is it's own animal, but IIRC is based on the s390 arch.
2017-05-18 17:30:42 <Shiz> good call re: ghc version
2017-05-18 17:30:44 <Shiz> just added it
2017-05-18 17:31:24 <kaniini> jirutka: if we were starting from scratch with a package filesystem then i would be supportive of this
2017-05-18 17:31:40 <kaniini> jirutka: but i cannot support the notion of migrating everyone from FHS to a package filesystem
2017-05-18 17:31:43 <tmh1999> jirutka : s390x = Linux on System z. System z is its own animal as TemptorSent says.
2017-05-18 17:31:48 <kaniini> jirutka: it is too fucking risky
2017-05-18 17:31:56 <Shiz> kaniini: this is an argument i can understand
2017-05-18 17:32:12 <Shiz> anyway
2017-05-18 17:32:14 <Shiz> let's see
2017-05-18 17:32:17 <TBB> at first glance, it's also not -that- hard a problem to solve; since traditional package managers already, all of them pretty much, support alternative target roots, they can also already as is manage per-app package setups and deps. So basically they can be used for this already. I can see some challenges as well, but it takes some time to formulate them in words properly
2017-05-18 17:32:20 <asie> i think package-based filesystem could benefit from more experimentation, not more usage in production
2017-05-18 17:32:22 <Shiz> i'm sure we did more fundamental changes in 3.6, no?
2017-05-18 17:32:27 <asie> gobolinux tried, for one
2017-05-18 17:32:31 <kaniini> jirutka: so, NAK until the end of time, don't even bother writing a proposal if that is what it is going to be
2017-05-18 17:32:46 <jirutka> Shiz: I can’t remember now, I’ll look at it once again later…
2017-05-18 17:32:56 <jirutka> kaniini: please stop now
2017-05-18 17:33:02 <kaniini> the linux-grsec -> linux-hardened swap should show you how fragile this stuff can be
2017-05-18 17:33:12 <kaniini> why the hell would we want to do something this risky
2017-05-18 17:33:18 <jirutka> kaniini: ncopa asked me to be more polite, so I’m not gonna reply to you now
2017-05-18 17:33:19 <kaniini> i'm not going to stop until it's dead
2017-05-18 17:33:55 <TBB> well, the whole world of containers is heading to that direction
2017-05-18 17:34:02 <Shiz> i added development-related changes
2017-05-18 17:34:08 <Shiz> is there anything of note there except set -e and sha512sums?
2017-05-18 17:34:24 <jirutka> kaniini: then you should probably leave, b/c there are more ppl who supports this idea… but no one wants to force it without careful consideration of all positives/negatives and discussion about technical solutions
2017-05-18 17:34:52 <kaniini> jirutka: okay i will fork alpine
2017-05-18 17:34:58 <kaniini> 
ACTION will be spending the weekend doing this

2017-05-18 17:35:01 <jirutka> kaniini: how can I explain you that saying “I don’t want to hear any arguments, I don’t want to think about it, just NOPE” is totally wrong?!
2017-05-18 17:35:07 <jirutka> kaniini: you still don’t get it
2017-05-18 17:35:10 <jirutka> kaniini: calm down please
2017-05-18 17:35:24 <kaniini> you are assuming i haven't thought about it
2017-05-18 17:35:32 <jirutka> kaniini: we just want to discuss it for now, nothing more… and you’re freaking out like a small baby
2017-05-18 17:35:32 <Shiz> no need to fork anything right now
2017-05-18 17:35:38 <Shiz> alpine isn't going anywhere
2017-05-18 17:35:47 <kaniini> maybe i thought about this some years ago and determined that there is no way to safely upgrade the system image in this manner
2017-05-18 17:35:50 <TemptorSent> Shiz: I think that covers all I'm aware of of note.
2017-05-18 17:35:57 <kaniini> maybe that is why we haven't done this
2017-05-18 17:36:07 <tmh1999> Shiz : probably abuild version bump for dev
2017-05-18 17:36:27 <kaniini> maybe i do not want to hose every single alpine install on the planet
2017-05-18 17:36:28 <Shiz> i'll take a look at the abuild change log too
2017-05-18 17:36:43 <Shiz> https://git.alpinelinux.org/cgit/abuild/commit/abuild.in?id=5b7b1f80cbaa88849e2698d67bf2d72ac9addac4
2017-05-18 17:36:45 <Shiz> I think we can note this
2017-05-18 17:37:09 <Shiz> oh
2017-05-18 17:37:13 <Shiz> the check() stuff
2017-05-18 17:37:14 <Shiz> of course
2017-05-18 17:37:17 <Shiz> how could i forget
2017-05-18 17:37:19 <tmh1999> :D
2017-05-18 17:37:59 <jirutka> Shiz: I’ve already mentioned check()
2017-05-18 17:38:22 <jirutka> Shiz: among other things before kaniini started freaking out :(
2017-05-18 17:38:34 <kaniini> jirutka: as i said before, if we were starting from scratch, a package fs would be great
2017-05-18 17:38:34 <Shiz> * A `check()` function has been added that allows packages to run test suites after `build()`, ensuring no regressions have occurred.
2017-05-18 17:38:36 <Shiz>   This has been implemented for a number of packages, and policy onward will be to have them either be presented or explicitly opted-out of with good reasoning.
2017-05-18 17:38:41 <Shiz> how's this wording?
2017-05-18 17:38:57 <Shiz> s/presented/present/
2017-05-18 17:38:57 <TemptorSent> presented?
2017-05-18 17:39:03 <TemptorSent> Gotcha :)
2017-05-18 17:39:21 <TemptorSent> Sounds good.
2017-05-18 17:39:38 <TBB> kaniini: you've got a good point in steps going to that direction ending up in a much more complex system to maintain. but on the other hand, a couple of years ago there were no suitable tools for handling that complexity, and things have moved on since then haven't they?
2017-05-18 17:39:39 <kaniini> jirutka: however, to move everyone to a package fs after the point is extremely risky: what if somebody has modified their FS in some way that we do not anticipate?
2017-05-18 17:40:45 <TemptorSent> kaniini: If that's the concern, make it Alpine 4.0 and indicate that manual changes may need to be carried forward.
2017-05-18 17:40:51 <kaniini> jirutka: oops bob edited /usr/bin/some-shell-script, do we wipe out his changes by making it a symlink to /pkgs/some-package-1/usr/bin/some-shell-script
2017-05-18 17:41:05 <kaniini> TemptorSent: not acceptable
2017-05-18 17:41:10 <kaniini> we do not EVER break users
2017-05-18 17:41:21 <kaniini> i should mention this is why jirutka got pissed off at barthalion to begin with
2017-05-18 17:41:23 <jirutka> kaniini: oh really? come on
2017-05-18 17:41:45 <xentec> *hust* cross-compiling *hust* ;)
2017-05-18 17:41:45 <jirutka> kaniini: are you f**king kidding me?!
2017-05-18 17:41:58 <TemptorSent> Hmm, I thought that breaking changes were reserved for major version numbers, like with just about all software these days.
2017-05-18 17:42:08 <Shiz> kaniini: btw, now that i catch you
2017-05-18 17:42:12 <kaniini> jirutka: was his packaging not breaking people's stuff?
2017-05-18 17:42:17 <jirutka> kaniini: what kind of argument is this?!
2017-05-18 17:42:23 <Shiz> opinion about option="!checkroot" that runs check() outside of fakeroot?
2017-05-18 17:42:35 <kaniini> Shiz: +1
2017-05-18 17:42:53 <jirutka> kaniini: have you switched to personal attacks now or what?
2017-05-18 17:43:01 <TemptorSent> How is fakeroot being handled anyway? Using the fakeroot script?
2017-05-18 17:43:17 <kaniini> personal attacks?  i am just stating that you got angry at somebody else for breaking the distribution
2017-05-18 17:43:30 <kaniini> facts are not personal attacks
2017-05-18 17:43:34 <Shiz> TemptorSent: it just wraps stuff in the fakeroot binary
2017-05-18 17:43:41 <Shiz> i think that's from debian?
2017-05-18 17:43:54 <Shiz> http://fakeroot.alioth.debian.org/
2017-05-18 17:43:56 <Shiz> this one
2017-05-18 17:44:15 <Shiz> the issue is it's too permissive (as it has to trick software into thinking it's root), but that breaks some test suites
2017-05-18 17:44:19 <TemptorSent> Shiz: Okay, I have a cleaner wrapper for fakeroot that allows you to use it directly in a script, which may be a better option long-term.
2017-05-18 17:44:23 <Shiz> who explicitly test for certain permission stuff
2017-05-18 17:44:57 <kaniini> TemptorSent: the last time we jumped major version it was because we fundamentally changed ABI.  but we did not break upgrading the distribution.  we made damned sure upgrading from uclibc to musl was safe in all cases.
2017-05-18 17:45:19 <TemptorSent> Fixing the fakeroot library itself will require somewhat more effort, but shouldn't be any major work if semantics need fixing.
2017-05-18 17:45:26 <kaniini> you can't make upgrading from FHS to pkgfs safe
2017-05-18 17:45:30 <kaniini> it is impossible
2017-05-18 17:45:46 <kaniini> you are splitting a single mutable state into multiple sub-states and it is an AI-hard problem
2017-05-18 17:46:07 <TemptorSent> kaniini: I'm not sure it's impossible, but agreed it is more difficult than a migration.
2017-05-18 17:46:42 <kaniini> this type of thinking is what brought us Vista
2017-05-18 17:47:03 <kaniini> do you guys not remember the general market reaction to Vista?  hint: it was bad
2017-05-18 17:47:07 <TemptorSent> *lol* No, microsoft brought us Vista :P
2017-05-18 17:47:20 <kaniini> microsoft thinking they could just change the entire OS
2017-05-18 17:47:27 <kaniini> is what caused microsoft to bring us vista
2017-05-18 17:47:40 <TemptorSent> They didn't change much of the OS, just the gui.
2017-05-18 17:47:45 <TemptorSent> That was the problem.
2017-05-18 17:47:51 <kaniini> not true
2017-05-18 17:47:55 <kaniini> memory paging was changed
2017-05-18 17:48:02 <kaniini> the way windows was installed to the filesystem was changed
2017-05-18 17:48:09 <kaniini> some crap called ximage was introduced
2017-05-18 17:48:19 <kaniini> a ton of new apis were introduced, a ton of old apis were removed
2017-05-18 17:49:07 <TemptorSent> Hmm, I seem to recall much of that happened shorly before Vista, but it's been long enough that I'm not sure.
2017-05-18 17:49:36 <kaniini> my point is
2017-05-18 17:49:43 <kaniini> jumping from XP to Vista
2017-05-18 17:49:50 <kaniini> was completely broken for 99% of people
2017-05-18 17:50:11 <kaniini> switching alpine from FHS to pkgfs will have similar fallout regardless of how much mitigation is done
2017-05-18 17:50:12 <Shiz> building llvm right now
2017-05-18 17:50:20 <TemptorSent> XP - XPSP2 was broken as often as not as well.
2017-05-18 17:50:36 <Shiz> vista was a major rearchitecture of the NT base
2017-05-18 17:50:37 <Shiz> btw
2017-05-18 17:50:42 <kaniini> yes
2017-05-18 17:50:44 <kaniini> it was
2017-05-18 17:50:56 <kaniini> and FHS to pkgfs is also a major rearchitecture
2017-05-18 17:50:59 <Shiz> hmm
2017-05-18 17:50:59 <kaniini> that is my point entirely
2017-05-18 17:51:04 <Shiz> i wonder why we build tblgen separately in LLVM
2017-05-18 17:51:36 <kaniini> jirutka: so to be blunt the reason why i am hard no on this is
2017-05-18 17:51:52 <kaniini> jirutka: i see the result being everyone staying on the last version of alpine that did not have that indefinitely
2017-05-18 17:51:57 <TemptorSent> kaniini: Okay, so what do we do to solve the real, existent, and worsening problems? Build multiple chroots?
2017-05-18 17:52:05 <kaniini> jirutka: and then i see 2 years later alpine having to do a security update
2017-05-18 17:52:14 <kaniini> TemptorSent: GO USE NIX
2017-05-18 17:52:42 <TemptorSent> How does that solve the problem on Alpine?
2017-05-18 17:52:58 <kaniini> it solves your problem because now you are using a distribution where you do not have this perceived problem
2017-05-18 17:53:14 <kaniini> 99% of alpine users are not having worsening problems from FHS, sorry they are just not
2017-05-18 17:53:38 <TemptorSent> kaniini: It's not a perceived problem, it's a real, significant, and painful problem for MANY people.
2017-05-18 17:54:08 <kaniini> you are wanting things that alpine simply cannot deliver.  sorry about that, really.
2017-05-18 17:54:18 <kaniini> use something that can deliver those things.
2017-05-18 17:54:44 <TemptorSent> Package A only works with an older revision of somelib.so, Package B only works with a new revision of somelib.so, both of which unfortunately have the same major version.
2017-05-18 17:54:44 <kaniini> don't try to force a breaking change for 99% of users because you want multiple versions of a package installed
2017-05-18 17:54:52 <kaniini> THEN REBUILD PACKAGE A
2017-05-18 17:55:14 <TemptorSent> It's impossible to support the newer rev in some cases (yes, REALLY)
2017-05-18 17:55:46 <kaniini> then fix package A
2017-05-18 17:55:49 <TemptorSent> Trying to build GIS tools is one significant area of pain.
2017-05-18 17:56:12 <TemptorSent> Yeah, don't I wish -- deps on proprietary libs aren't so fixable.
2017-05-18 17:56:48 <TemptorSent> JP2000/ECW/MrSID being one set of cases.
2017-05-18 17:57:49 <TemptorSent> Worse is that some tiff libs must be built with explicit support for higher bit depths, which then breaks some other packages.
2017-05-18 17:58:22 <TemptorSent> The only viable solution for those is to have indepentent libs for each and make sure the right one gets linked.
2017-05-18 18:00:16 <kaniini> alpine does not support proprietary software, so your argument is moot
2017-05-18 18:00:20 <TemptorSent> Also, supporting glibc where-needed/as-needed is dependent on having distinct paths if we want to ever support it sanely.
2017-05-18 18:00:56 <TemptorSent> kaniini: Then you're killing the ability to use Alpine in multiple industries.
2017-05-18 18:01:19 <kaniini> TemptorSent: they are killing it by not providing musl versions of their libraries.
2017-05-18 18:01:43 <TemptorSent> kaniini: There are no open-source alternatives for the encoders/decoders required.
2017-05-18 18:01:53 <kaniini> TemptorSent: that's unfortunate
2017-05-18 18:02:01 <kaniini> it's still not our problem
2017-05-18 18:02:05 <TemptorSent> Look up MrSID and ECW
2017-05-18 18:02:17 <kaniini> why?
2017-05-18 18:02:19 <kaniini> it's not our problem
2017-05-18 18:03:00 <TemptorSent> If it's not our problem, then whose is it?
2017-05-18 18:03:31 <kaniini> if those vendors wish to support alpine, then they would provide binaries that work on alpine
2017-05-18 18:03:31 <TemptorSent> If we can't support industry standard file formats, WE have a problem.
2017-05-18 18:03:56 <Shiz> do we?
2017-05-18 18:04:00 <kaniini> no, whoever wishes to consume those file formats on alpine, has a problem
2017-05-18 18:04:05 <kaniini> and they can solve it by not using alpine
2017-05-18 18:04:12 <kaniini> incidentally docker makes that pretty easy
2017-05-18 18:04:19 <TemptorSent> Well, it's supported on other major distributions.
2017-05-18 18:04:37 <TemptorSent> Bloody hell, docker just to run gdal? That's nuts.
2017-05-18 18:04:39 <kaniini> no, it is supported on GNU/Linux distributions
2017-05-18 18:04:49 <kaniini> alpine isn't a GNU/Linux distribution, now is it?
2017-05-18 18:06:22 <TemptorSent> lizardtech offers a SDK for MrSID free of charge for multiple operating systems.
2017-05-18 18:06:55 <TemptorSent> If we ask nicely, they might be willing to support musl directly.
2017-05-18 18:07:30 <asie> couldn't a musl-based static library/binary set work on glibc as well? just not the other way around?
2017-05-18 18:07:33 <TemptorSent> Now to compress MrSID files, you need to install a SDK with a key, which has the same names IIRC.
2017-05-18 18:07:52 <asie> well, the other way around too, but that might have licensing issues
2017-05-18 18:08:19 <TemptorSent> Here's our lib conflict -- same lib, same version even, different api availability.
2017-05-18 18:08:58 <Shiz> asie: yes, it would
2017-05-18 18:09:50 <TBB> (damn, that old c64 guy Mr SID surely doesn't like some proprietary company stealing both his nickname and the .sid file extension...)
2017-05-18 18:10:17 <TemptorSent> *lol*
2017-05-18 18:13:20 <kaniini> blah blah blah
2017-05-18 18:13:30 <kaniini> stop trying to do things with alpine it cannot do
2017-05-18 18:13:40 <kaniini> you are just going to be in for a world of hurt
2017-05-18 18:13:50 <kaniini> yes, pkgfs would be lovely to have, if we were starting from scratch
2017-05-18 18:13:55 <TemptorSent> More like stop trying to make alpine do things it couldn't do before it sounds..
2017-05-18 18:14:13 <kaniini> but the idea of migrating all installs to pkgfs
2017-05-18 18:14:15 <TemptorSent> Okay, forget the pkgfs -- how do I solve my actual problems?
2017-05-18 18:14:20 <kaniini> use docker
2017-05-18 18:14:42 <TemptorSent> Docker is not a solution -- I still need something running UNDER it, right?
2017-05-18 18:14:51 <kaniini> if you need glibc and libc6-compat is not enough
2017-05-18 18:14:52 <kaniini> use docker
2017-05-18 18:14:56 <kaniini> with like debian
2017-05-18 18:14:58 <kaniini> or something
2017-05-18 18:15:48 <Shiz> hmm
2017-05-18 18:16:05 <Shiz> any way to get the current kernel flavor through apk?
2017-05-18 18:16:50 <TemptorSent> Shiz: Rather than using uname -r?
2017-05-18 18:17:19 <Shiz> yes
2017-05-18 18:18:20 <TemptorSent> Shiz: I don't know of any apk magick per-se.
2017-05-18 18:19:22 <TemptorSent> There are files installed in /usr/share/kernel/*/kernel.release where * is the flavor...
2017-05-18 18:19:23 <Shiz> i wish there was an easy way to install a package matching your installed kernel flavor(s)
2017-05-18 18:20:00 <TemptorSent> Yeah, I have that handled in my kerneltool -- it automagically determines the flavor and installes the flavored package if found, otherwise tries unflavored.
2017-05-18 18:20:12 <rdutra> question: I am booting a ppc64le ISO (built it using ./mkimage.sh) and in the login console I tried "root"  user but I got an error message "Login incorrect".  Is the default user really "root" or maybe I am missing something?
2017-05-18 18:20:56 <Shiz> i think this is something that should be handled in the apkbuilds somehow
2017-05-18 18:21:15 <kaniini> yes, it is really root
2017-05-18 18:21:25 <Shiz> e.g.
2017-05-18 18:21:30 <Shiz> if i do
2017-05-18 18:21:32 <Shiz> # apk add wireguard
2017-05-18 18:21:43 <Shiz> i ideally want it to install wireguard-hardened as it infers from me having linux-hardened installed
2017-05-18 18:22:01 <kaniini> Shiz: that is what i intend to fix when i fix all kernel-related APKBUILDs
2017-05-18 18:22:10 <Shiz> :)
2017-05-18 18:22:13 <TemptorSent> Shiz: Yeah, one problem with that is you have both kernel modules and userspace with the same name (zfs-hardened and zfs)
2017-05-18 18:22:20 <Shiz> TemptorSent: sure
2017-05-18 18:22:22 <kaniini> maybe it can be the first feature for my new alpine fork
2017-05-18 18:22:23 <Shiz> you can call it zfs-modules
2017-05-18 18:22:25 <Shiz> doesn't really matter
2017-05-18 18:22:28 <TemptorSent> Exactly.
2017-05-18 18:22:52 <kaniini> (which trust me, if i have to deal with pkgfs migration i am forking)
2017-05-18 18:22:55 <TemptorSent> And it should install the modules for ALL kernels using that.
2017-05-18 18:23:13 <kaniini> i want that to be very well understood, especially by jirutka
2017-05-18 18:24:07 <kaniini> it's the migration i have a problem with, not with having a distribution that has that design
2017-05-18 18:24:25 <kaniini> and i would even be alright with having code in apk-tools to support that type of distribution
2017-05-18 18:24:37 <kaniini> but i cannot support fundamentally changing alpine in that way because the risks are way too high
2017-05-18 18:24:52 <Shiz> i think that is fine
2017-05-18 18:25:04 <Shiz> it may be worth investigating an alternative version of alpine where this happens
2017-05-18 18:25:09 <kaniini> if we break a ton of installs then everything we have done so far is for nothing because the momentum we have is lost
2017-05-18 18:25:11 <Shiz> doesn't have to be The Distribution Called Alpine
2017-05-18 18:25:15 <TemptorSent> kaniini: Okay, how about we look at this the other way - fork a variant that supports pkgfs and allow migration for those who want it.
2017-05-18 18:25:17 <Shiz> anyway
2017-05-18 18:25:27 <kaniini> TemptorSent: yes, that is fine.  i am fine with that
2017-05-18 18:26:09 <Shiz> :)
2017-05-18 18:26:10 <TemptorSent> kaniini: Okay, cool :)
2017-05-18 18:27:53 <kaniini> TemptorSent: what i am not fine with is somebody going "apk upgrade --update --available" and then winding up with pkgfs and their entire setup completely broken
2017-05-18 18:28:22 <kaniini> i will never be fine with that, regardless of how safe it is claimed to be
2017-05-18 18:29:08 <kaniini> and the second that becomes a likely scenario is the second i fork alpine for the good of alpine
2017-05-18 18:30:17 <TemptorSent> kaniini how about allowing something like 'apk migrate' to a new install?
2017-05-18 18:31:30 <TemptorSent> No automatic upgrade would change any structure, and existing packages could be installed in the new install, along with configs.
2017-05-18 18:34:04 <kaniini> what part of "AI hard problem" did you not get
2017-05-18 18:34:04 <TemptorSent> Anyway, it's a solvable problem so long as we don't try to automatically upgrade unconditionally, and supporting both installation types from a common set of packages shouldn't be terribly difficult.
2017-05-18 18:34:49 <kaniini> apk-tools can be adapted to easily handle either scenario
2017-05-18 18:34:49 <TemptorSent> How is installing the same set of packages and copying their config files AI-hard?
2017-05-18 18:35:05 <kaniini> TemptorSent: people go in and modify the files that are installed
2017-05-18 18:35:10 <kaniini> TemptorSent: we want to kepe those modifications in tact
2017-05-18 18:36:11 <kaniini> so here's what i propose
2017-05-18 18:36:12 <TemptorSent> Right, and we can keep them (as long as we have checksums?), but if they run a migration, we warn them that manual changes may need attention.
2017-05-18 18:36:26 <kaniini> if you install alpine and you configure apk-tools
2017-05-18 18:36:34 <kaniini> to use a pkgfs layout
2017-05-18 18:36:35 <TemptorSent> Nothing breaking happens automatically, and nothing changes in the existing install.
2017-05-18 18:36:41 <kaniini> then it will give you that layout
2017-05-18 18:36:42 <kaniini> otherwise
2017-05-18 18:36:45 <kaniini> it will continue as it is now
2017-05-18 18:36:59 <TemptorSent> That would be just fine with me.
2017-05-18 18:37:02 <kaniini> and then if they change the layout to be pkgfs in the future
2017-05-18 18:37:06 <kaniini> they can do this apk migrate thing
2017-05-18 18:37:09 <kaniini> to get pkgfs
2017-05-18 18:37:14 <kaniini> jirutka: is this fine with you? ^^^^^^
2017-05-18 18:38:02 <kaniini> i will work on the layout aspect for 3.7
2017-05-18 18:38:05 <kaniini> if this is fine
2017-05-18 18:38:32 <kaniini> my thing is really simple
2017-05-18 18:38:37 <kaniini> people who have pre-existing installs
2017-05-18 18:38:39 <kaniini> are not going to be happy
2017-05-18 18:38:42 <TemptorSent> I like the concept of apk being able to handle arbitrary layouts using the same core.
2017-05-18 18:38:45 <kaniini> if they are migrated to pkgfs
2017-05-18 18:39:06 <TemptorSent> Agreed - unexpected breakage is to be avoided.
2017-05-18 18:39:18 <kaniini> and i do not think the gain is worth pissing off every alpine user ever
2017-05-18 18:39:29 <kaniini> because they swallowed an upgrade they couldn't handle
2017-05-18 18:39:35 <kaniini> consider unattended upgrades too
2017-05-18 18:39:47 <kaniini> say you have a cron which apk upgrades the box nightly
2017-05-18 18:39:51 <kaniini> (you can install a package which does this)
2017-05-18 18:40:03 <kaniini> and then the next day
2017-05-18 18:40:05 <kaniini> your system is hosed
2017-05-18 18:40:06 <TemptorSent> Right, that's actually my biggest concern personally -- I have machines that I have no physical access to that auto-update.
2017-05-18 18:40:10 <kaniini> by your apk upgrade cron
2017-05-18 18:40:24 <kaniini> but yet i haven't thought this through
2017-05-18 18:40:26 <kaniini> :D
2017-05-18 18:40:56 <TemptorSent> That's why I was hit so hard by the apk bug -- I suddenly started having unusable machines.
2017-05-18 18:41:06 <kaniini> then why on earth
2017-05-18 18:41:07 <kaniini> would you advocate for pkgfs?
2017-05-18 18:41:08 <kaniini> :D
2017-05-18 18:41:50 <TemptorSent> So given that it would only be used for new installations or explicit migrations, pkgfs is sane IMHO. Expecting automatic upgrade to it, not so much.
2017-05-18 18:42:51 <kaniini> yes, but that was what was originally proposed
2017-05-18 18:42:53 <kaniini> and that is my problem
2017-05-18 18:43:13 <kaniini> there are pros and cons to both
2017-05-18 18:43:17 <kaniini> we should support both
2017-05-18 18:43:22 <TemptorSent> I don't recall having an automatic upgrade path being part of the proposal TBH
2017-05-18 18:43:50 <TemptorSent> Agreed - supporting both is preferable, even supporting mixed usage may be desirable in certain cases.
2017-05-18 18:43:53 <kaniini> TemptorSent: that is the only way we could do it and have it be default
2017-05-18 18:44:33 <kaniini> TemptorSent: jirutka used explicit language such as "supporting FHS is painful" etc
2017-05-18 18:44:43 <TemptorSent> kaniini: Once stabilized, it could be the default for all NEW installs if it proves to work properly.
2017-05-18 18:44:51 <kaniini> sure, that is fine
2017-05-18 18:44:56 <kaniini> as long as you can choose FHS
2017-05-18 18:45:25 <TemptorSent> And he's right, it IS painful to support LFHS, especially in cases that have dep hell.
2017-05-18 18:46:10 <TemptorSent> So if we at least have a solution that allows for non LFHS usage, even if it requires manual migration, it can solve those problems where they exist.
2017-05-18 18:46:22 <kaniini> sure but for typical deployments you just made the deployment a lot more complex
2017-05-18 18:46:43 <kaniini> i dont think it is wise to throw out something that people know just because it isn't optimal for some edge cases
2017-05-18 18:47:25 <TemptorSent> It's not just edge cases unfortunately, it's just about any case where multiple versions must be supported.
2017-05-18 18:47:52 <TemptorSent> Many packages essentially handle it themselves (postgresql for instance uses a self-contained directory structure)
2017-05-18 18:47:55 <kaniini> 99% of the time this is not a thing.  citation: nobody asks about it on #alpine-linux or mailing lists.
2017-05-18 18:48:31 <TemptorSent> Multiple GCC versions are similar.
2017-05-18 18:49:19 <kaniini> jirutka: ????????????
2017-05-18 18:49:58 <TemptorSent> Right now, those are kluged and fragile constructs which break if you look at them sideways.
2017-05-18 18:50:55 <kaniini> i'm just trying to figure out if this apk layout proposal of mine will solve jirutka's concerns
2017-05-18 18:51:10 <kaniini> so that we can avoid having to destroy alpine over it
2017-05-18 18:51:15 <TemptorSent> At the very least, we need to find a sane way of specifying lib paths per lib/binary for the loader to fix the actual problem.
2017-05-18 18:51:50 <kaniini> most likely,
2017-05-18 18:52:00 <kaniini> what we would do is have custom ELF interpreter
2017-05-18 18:52:07 <kaniini> for the stubs
2017-05-18 18:52:11 <kaniini> instead of hardlinks
2017-05-18 18:52:22 <kaniini> which would provide that type of functionality
2017-05-18 18:52:24 <TemptorSent> Thats exactly what I'm thinking.
2017-05-18 18:52:42 <kaniini> which you need anyway to do pkgfs properly
2017-05-18 18:52:46 <kaniini> sorry but DJB gets it wrong sometimes
2017-05-18 18:53:08 <Shiz> i don't want to read any of djb's C code
2017-05-18 18:53:11 <kaniini> but hey i haven't thought about this at all
2017-05-18 18:53:12 <Shiz> or use execline for that matter
2017-05-18 18:53:12 <TemptorSent> Or modifying the linker logic to check an xattr perhaps.
2017-05-18 18:53:14 <Shiz> :P
2017-05-18 18:53:50 <kaniini> TemptorSent: yes, that is possibly interesting
2017-05-18 18:54:00 <kaniini> an ld_library_path xattr
2017-05-18 18:54:25 <TemptorSent> It would be both sane, and a good use of xattrs.
2017-05-18 18:54:55 <TemptorSent> Eliminating the problem of keeping the stub and binary paths synced.
2017-05-18 18:55:27 <kaniini> yes, that would work nicely.
2017-05-18 18:55:58 <kaniini> downside: alternatives support would have to live in apk
2017-05-18 18:56:26 <TemptorSent> Not necessarily - there's not reason a general tool couldn't handle that.
2017-05-18 18:56:32 <kaniini> because then you're reconfiguring the emulated FHS
2017-05-18 18:56:44 <kaniini> if i want
2017-05-18 18:56:56 <kaniini> foobar-1.0 to be the selected package in the emulated FHS
2017-05-18 18:57:02 <kaniini> then it needs to change the symlinks
2017-05-18 18:57:17 <kaniini> so it is faster to just have it in apk
2017-05-18 18:58:01 <TemptorSent> Hmm, possibly - if it fits well in apk, I suppose that's fine too.
2017-05-18 18:58:07 <Shiz>   @kaniini │ an ld_library_path xattr
2017-05-18 18:58:11 <Shiz> doesn't -rpath exist for this purpose
2017-05-18 18:58:36 <TemptorSent> rpath is compile time IIRC, possibly changed using elftools?
2017-05-18 18:58:37 <kaniini> Shiz: yes, but we do not want to edit the binaries being installed
2017-05-18 18:58:52 <Shiz> you can use patchelf
2017-05-18 18:58:54 <Shiz> okay
2017-05-18 18:58:59 <kaniini> Shiz: yes, but we do not want to edit the binaries being installed
2017-05-18 18:59:25 <kaniini> if you checksum a binary, it should match what is in apk
2017-05-18 18:59:56 <TemptorSent> Also, the xattr approach would allow us more flexability than -rpath, including pinning a specific version of a lib by checksum if we wanted to.
2017-05-18 19:00:06 <kaniini> by using xattrs, we can attach additional rpaths without editing the binary
2017-05-18 19:00:22 <kaniini> and the change to musl would be very minor
2017-05-18 19:01:19 <TemptorSent> This would also probably allow proper glibc foreign support if we do it right.
2017-05-18 19:01:32 <kaniini> no, it would not
2017-05-18 19:01:43 <kaniini> glibc is a different animal entirely
2017-05-18 19:01:45 <TemptorSent> Why not?
2017-05-18 19:02:00 <kaniini> any binaries that need glibc also need to be built against glibc-linked libraries
2017-05-18 19:02:03 <TemptorSent> We'd have to make a modified ld.so, but thats about it.
2017-05-18 19:02:07 <kaniini> pkgfs will not help you there
2017-05-18 19:02:49 <TemptorSent> Just toss glibc-related packages in their own directory and load the appropriate lib using the xattr.
2017-05-18 19:03:11 <ncopa> fwiw, i actually have pretty strong opinions re FHS, but now is totally wrong time to discuss it
2017-05-18 19:03:36 <kaniini> ncopa: i do not like FHS either
2017-05-18 19:03:44 <kaniini> ncopa: i just do not like breaking everyone's stuff
2017-05-18 19:03:44 <Shiz> i still think we can flesh this out later
2017-05-18 19:03:47 <Shiz> and focus on 3.6 now :)
2017-05-18 19:03:51 <TemptorSent> ncopa: Yeah, we're getting ahead of ourselves here, but at least I think we're finding some solutions.
2017-05-18 19:04:23 <kaniini> i rather find solutions now than have somebody else find solutions i find undesirable later and wind up having to fork alpine to dodge them
2017-05-18 19:04:44 <ncopa> i agree with Shiz
2017-05-18 19:04:55 <ncopa> drop everything else
2017-05-18 19:05:16 <scadu> especially fighting :x
2017-05-18 19:05:20 <ncopa> this FHS idscussion is not productive
2017-05-18 19:05:25 <ncopa> fighting is not productive
2017-05-18 19:06:00 <kaniini> breaking peoples systems is not productive either
2017-05-18 19:06:09 <TemptorSent> I think we can summerize with this: Don't automatically break peoples shit :)
2017-05-18 19:06:12 <Shiz> yes, but we are not anywhere close to start making a decision on the FHS stuff
2017-05-18 19:06:21 <Shiz> so nothing's going to happen either way until after 3.6
2017-05-18 19:06:24 <Shiz> so let's finish 3.6 first
2017-05-18 19:06:26 <Shiz> :)
2017-05-18 19:06:37 <ncopa> kaniini: exactly. lets make sure we dont break things for the 3.6 release
2017-05-18 19:07:03 <asie> just keep a box called "ideas which sound neat but will break people's shit"
2017-05-18 19:07:08 <asie> and keep it around for i don't know alpine 4.0 or something
2017-05-18 19:07:16 <scadu> +9000
2017-05-18 19:07:26 <asie> once you start breaking people's shit, break it once, break it a lot, but break it well.
2017-05-18 19:07:28 <kaniini> i pulled an all-nighter to ensure linux-hardened change did not break people
2017-05-18 19:07:31 <asie> so you don't have to break again
2017-05-18 19:07:33 <ncopa> asie: +1
2017-05-18 19:07:44 <TemptorSent> asie: +1
2017-05-18 19:07:46 <kaniini> i like the apk layout idea
2017-05-18 19:07:48 <asie> but assuming alpine will never break anyone's system ever after an upgrade is misguided
2017-05-18 19:07:57 <asie> eventually something will happen that will unavoidably break things anyway
2017-05-18 19:08:01 <kaniini> asie: it is policy
2017-05-18 19:08:07 <asie> yes, but unexpected things may happen
2017-05-18 19:08:25 <TemptorSent> asie: In that case, it shouldn't happen AUTOMATICALLY, it should require user-intervention to initiate a breaking change.
2017-05-18 19:08:27 <kaniini> sure, but that is different than "lol we should just change everything yolo"
2017-05-18 19:08:34 <asie> that is correct
2017-05-18 19:08:52 <ncopa> we will not change everything
2017-05-18 19:08:55 <asie> TemptorSent: yes, it should require user intervention, ideally with an explanation of what exactly is being broken and, even more ideally, how to fix it
2017-05-18 19:08:58 <skrzyp> well
2017-05-18 19:09:00 <skrzyp> https://a.doko.moe/woefho.jpg
2017-05-18 19:09:09 <TemptorSent> exactly asie.
2017-05-18 19:09:23 <kaniini> ncopa: moving from FHS is basically changing everything.  i like apk layout idea because it allows supporting either configuration.
2017-05-18 19:09:29 <TemptorSent> Which implies a major version number change by standard semantics.
2017-05-18 19:09:55 <ncopa> kaniini: i know, but now is not the time to talk about it
2017-05-18 19:10:07 <TemptorSent> kaniini: flexible apk-tools is a win.
2017-05-18 19:10:09 <skrzyp> 21:07 < asie> once you start breaking people's shit, break it once, break it a lot, but break it well.
2017-05-18 19:10:19 <skrzyp> #whatdoespoetteringsaid
2017-05-18 19:10:25 <ncopa> lol
2017-05-18 19:10:34 <scadu> well, we are not going everywhere atm, so I don't know why some shit exploded here few minutes ago. it's quite sad that we lack of human resources, but something is still burning
2017-05-18 19:10:36 <scadu> because why not
2017-05-18 19:11:00 <asie> scadu: because alpine-devel is a diverse place where 140 people have 140 visions of how a linux distro should work
2017-05-18 19:11:03 <asie> and the 141st is a bot
2017-05-18 19:11:14 <TemptorSent> *LOL*
2017-05-18 19:11:19 <asie> actually, that's incorrect
2017-05-18 19:11:20 <scadu> asie: where you see 140 active people?
2017-05-18 19:11:27 <TemptorSent> Better check the bot's opinion too :)
2017-05-18 19:11:29 <asie> scadu: being inactive doesn't mean they don't have a vision of how a linux distro should work
2017-05-18 19:11:33 <kaniini> 
ACTION mutters and prepares a fork anyway

2017-05-18 19:11:35 <asie> in addition, even if there's people in here without a vision
2017-05-18 19:11:39 <asie> i bet many of us have multiple
2017-05-18 19:11:45 <asie> so it adds up in the end
2017-05-18 19:11:51 <scadu> asie: yep, but you don't have to shit each other
2017-05-18 19:12:08 <asie> scadu: that is correct, but people can get really defensive about potential threats... and "breaking user installations" is a potential threat
2017-05-18 19:12:23 <asie> i do agree that half of this conversation was unnecessary flinging
2017-05-18 19:12:29 <skrzyp> these Krtcek memes are actually accurate
2017-05-18 19:12:31 <skrzyp> https://a.doko.moe/eypsds.jpg
2017-05-18 19:12:37 <kaniini> half of the conversation was jirutka calling me a dickhead
2017-05-18 19:12:40 <kaniini> to be honest
2017-05-18 19:13:20 <Shiz> i can confirm that my bot has strong opinions on linux distros
2017-05-18 19:13:22 <Shiz> anyway
2017-05-18 19:13:24 <Shiz> 3.6
2017-05-18 19:13:27 <Shiz> ncopa: did you see my notes?
2017-05-18 19:13:35 <ncopa> nope
2017-05-18 19:13:40 <ncopa> they drowned in the daily drama
2017-05-18 19:13:42 <scadu> much surprise
2017-05-18 19:13:51 <tmh1999> Shiz : mind update again with some discussed changes ?
2017-05-18 19:14:05 <Shiz> yes i'll upload a new version
2017-05-18 19:14:06 <TemptorSent> What tmh1999 said :)
2017-05-18 19:14:10 <tmh1999> old one : https://txt.shiz.me/ZjBhMWM3YT.txt
2017-05-18 19:14:19 <Shiz> https://txt.shiz.me/Y2RhOTA1Mm
2017-05-18 19:14:22 <Shiz> improved one
2017-05-18 19:16:15 <TemptorSent> re -grsec -> -hardened -- you might mention 'kernel related packages' rather than 'packages'
2017-05-18 19:16:44 <skrzyp> https://a.doko.moe/zdtemr.jpg
2017-05-18 19:16:53 <skrzyp> i think I'm not gonna stop :D
2017-05-18 19:17:18 <asie> i think you eventually are, coinciding with the moment you step on someone's nerves
2017-05-18 19:17:30 <Shiz> lol
2017-05-18 19:17:31 <asie> can we get #alpine-drama?
2017-05-18 19:17:49 <skrzyp> asie: that's not serious business
2017-05-18 19:17:51 <TemptorSent> Also, was that SHA1 -> SHA512 propigated to the .apk format?
2017-05-18 19:17:52 <scadu> asie: erm, this is not -drama? wrong channel then
2017-05-18 19:17:57 <skrzyp> people will still drama, docker will be docker
2017-05-18 19:18:11 <scadu> coconut will be coconut
2017-05-18 19:18:13 <asie> okay, but can we really focus on 3.6 here now? and development? memes can go elsewhere
2017-05-18 19:18:14 <Shiz> TemptorSent: nyet
2017-05-18 19:18:28 <kaniini> can we get 3.6 out the door
2017-05-18 19:18:37 <Shiz> well i wrote relnotes above
2017-05-18 19:18:40 <Shiz> feel free to comment on them
2017-05-18 19:18:40 <TemptorSent> Shiz: Okay - that's the big open issue I guess.
2017-05-18 19:18:47 <kaniini> Shiz: they look fine to me
2017-05-18 19:18:53 <skrzyp> Shiz: is the zfs support finished yet? xD
2017-05-18 19:19:05 <Shiz> I'm not sure what the status on zfs stuff it
2017-05-18 19:19:06 <skrzyp> I mean, relnotes are sometimes too enthusiarstic
2017-05-18 19:19:07 <Shiz> maybe TemptorSent does
2017-05-18 19:19:21 <TemptorSent> kaniini: What is needed to update the .apk checksums to use sha512?
2017-05-18 19:19:22 <skrzyp> there was a "zfs support on roofs" about 6 months ago in relnotes
2017-05-18 19:19:30 <skrzyp> and no one actually tested that
2017-05-18 19:19:33 <kaniini> TemptorSent: abuild
2017-05-18 19:19:37 <kaniini> TemptorSent: i will do it in 3.7
2017-05-18 19:19:42 <skrzyp> I came up with some bug reports, no one bothered
2017-05-18 19:19:57 <Shiz> afaik it has been possible for the rootfs but not the bootfs
2017-05-18 19:19:58 <TemptorSent> kaniini: Oh, that's held for 3.7 -- gotcha.
2017-05-18 19:19:59 <Shiz> or something like that
2017-05-18 19:20:04 <Shiz> but i don't know the status of zfs
2017-05-18 19:20:23 <TemptorSent> ZFS works fine, but the installer tools don't so much.
2017-05-18 19:20:40 <kaniini> ZFS is terrifying to me
2017-05-18 19:20:41 <TemptorSent> The problem is that ZFS handles mounts differently than standard mount
2017-05-18 19:20:51 <kaniini> on freebsd and linux i have had major corruption issues with L2ARC
2017-05-18 19:21:10 <kaniini> so i gave up on trying to use ZFS on root with alpine :P
2017-05-18 19:21:14 <TemptorSent> With ZFS, createing a new dataset creates the directory, rather than mounting to an existing mount point.
2017-05-18 19:21:44 <TemptorSent> So proper installer support will require a bit of work to abstract the directory creation.
2017-05-18 19:22:09 <TemptorSent> That said, it works fine if you manually setup the directory structure.
2017-05-18 19:22:42 <Shiz> do we have any 'breaking' changes other than the grsec -> hardened rename?
2017-05-18 19:23:26 <TemptorSent> Hmm, possibly GCC revision as a breaking change.
2017-05-18 19:24:18 <TemptorSent> Also php7 is a breaking change for some I believe.
2017-05-18 19:24:53 <TemptorSent> php5 finally got the axe, right?
2017-05-18 19:26:01 <TemptorSent> You could also note the fix for apk re: warnings ->stderr
2017-05-18 19:27:04 <Shiz> did we end up removing php5 entirely?
2017-05-18 19:27:31 <TemptorSent> I'm not sure -- there was talk of it at one point..
2017-05-18 19:28:05 <TemptorSent> But it's not the default any longer IIRC, which may break things.
2017-05-18 19:29:04 <TemptorSent> okay, it looks like php5 is now packaged as such, with both php5 and php7 in community
2017-05-18 19:29:27 <TemptorSent> So a note that those requiring php5 need to install php5 packages should do it.
2017-05-18 19:29:43 <TemptorSent> But that's just going by apk policy
2017-05-18 19:31:36 <TemptorSent> I'm not sure if php5 is intended to remain supported long term or if it's going to the deprecation pile.
2017-05-18 19:33:01 <kaniini> php5 is supported for now, deprecated in 3.8
2017-05-18 19:33:05 <kaniini> most likely
2017-05-18 19:33:56 <TemptorSent> Hmm, I need to update my aports repo, but I'm seeing problems with php7 -- it's in both testing and community.
2017-05-18 19:34:08 <ncopa> Shiz: dowe need mention apk there? it sounds like the apk fix is a breaking change
2017-05-18 19:34:21 <Shiz> that is already mentioned, no?
2017-05-18 19:34:27 <Shiz> Noteworthy fixes and breaking changes
2017-05-18 19:34:29 <Shiz> -------------------------------------
2017-05-18 19:34:31 <Shiz> * Bugs in apk(8) dependency handling during upgrades have been fixed;
2017-05-18 19:34:33 <Shiz> or did you mean something else?
2017-05-18 19:34:37 <ncopa> that one
2017-05-18 19:34:46 <ncopa> it sounds like its a braking change
2017-05-18 19:34:55 <Shiz> that's why it's under the breaking changes heading
2017-05-18 19:34:58 <Shiz> :P
2017-05-18 19:35:26 <ncopa> but it is not a breaking change?
2017-05-18 19:35:29 <kaniini> it's not a breaking change though
2017-05-18 19:35:33 <Shiz> right
2017-05-18 19:35:36 <kaniini> it was broken before, then we fixed it
2017-05-18 19:35:39 <TemptorSent> Okay, looks like the php7 was culled from testing.
2017-05-18 19:35:43 <kaniini> it's the opposite of a breaking change :P
2017-05-18 19:35:45 <Shiz> yeah i think i listed it there because of 'noteworthy fix'
2017-05-18 19:35:50 <Shiz> but i can separate that out
2017-05-18 19:35:57 <ncopa> do we need to mention it?
2017-05-18 19:36:01 <TemptorSent> Yes - noteworthy fix.
2017-05-18 19:36:06 <ncopa> how many was affected by it?
2017-05-18 19:36:12 <Shiz> at least kaniini and TemptorSent
2017-05-18 19:36:14 <Shiz> :P
2017-05-18 19:36:16 <ncopa> how many was aware that it was a problem?
2017-05-18 19:36:30 <TemptorSent> Well, considering it keeps us from destroying just about every alpine box on upgrade, I think it's important :)
2017-05-18 19:36:56 <kaniini> i don't think it is really notable
2017-05-18 19:38:08 <TemptorSent> Preventing massive unexpected breakage is notable IMHO.
2017-05-18 19:38:44 <kaniini> not really -- it's what we should be doing every day as a distribution
2017-05-18 19:39:24 <ncopa> i agree with kaniini
2017-05-18 19:39:26 <TemptorSent> The fact that only a few of us were noticing it biting us in other strange ways doesn't reduce the importance of mitigating the future disaster.
2017-05-18 19:39:32 <kaniini> https://media.makeameme.org/created/well-congrats-you.jpg
2017-05-18 19:39:37 <kaniini> all i have to say about that being notable
2017-05-18 19:39:51 <ncopa> i doubt many people noticed it was a problem
2017-05-18 19:39:54 <TemptorSent> But it's relnotes, so whatever works.
2017-05-18 19:40:28 <Shiz> I'll omit it then
2017-05-18 19:40:35 <TemptorSent> If I was a user who had been experiencing strange behavior, a note that it was fixed would be nice.
2017-05-18 19:40:42 <ncopa> the shorter we can make it the better
2017-05-18 19:40:59 <TemptorSent> But it's not a breaking change, it's a bugfix.
2017-05-18 19:41:05 <kaniini> it is technically interesting, but to an end user it is going to come off more like "holy shit the package manager was broken, maybe canonical is right and i shouldn't use alpine"
2017-05-18 19:41:41 <kaniini> do we really want to give canonical more FUD?
2017-05-18 19:42:03 <TemptorSent> Word it 'Improved apk resolver to better handle corner cases during upgrade."
2017-05-18 19:42:11 <kaniini> shit has gotten real with them, they are super salty over what alpine has done to ubuntu server
2017-05-18 19:42:26 <kaniini> they literally blog about how shit alpine is
2017-05-18 19:42:36 <Shiz> do we have anything to add re:noteworthy /new/ packageS?
2017-05-18 19:42:38 <Shiz> I have rust and ghc listed
2017-05-18 19:42:41 <kaniini> such as here: https://insights.ubuntu.com/2016/02/10/docker-alpine-ubuntu-and-you/
2017-05-18 19:42:41 <Shiz> any other big ones?
2017-05-18 19:42:50 <Shiz> over a year ago
2017-05-18 19:42:51 <Shiz> :p
2017-05-18 19:43:28 <TemptorSent> Weren't there some X updates recently as well?
2017-05-18 19:43:31 <kaniini> yes, they have been salty for quite a while shiz
2017-05-18 19:43:32 <kaniini> :)
2017-05-18 19:44:20 <kaniini> if you actually follow this stuff you'll observe canonical people spend non-trivial amounts of time spreading FUD about alpine, and recently docker as well (likely to punish them for their decision)
2017-05-18 19:44:28 <kaniini> on things like hacker news, etc
2017-05-18 19:44:45 <kaniini> whenever anything gets posted about alpine or docker, they show up
2017-05-18 19:44:51 <kaniini> every time
2017-05-18 19:44:59 <kaniini> so i think our release notes should be careful not to give them ammo
2017-05-18 19:45:09 <kaniini> when in reality the bugfix is not notable anyway
2017-05-18 19:46:39 <kaniini> i guarantee you, putting that in the release notes will result in them jumping on it and being like "haha apk hosed people's systems"
2017-05-18 19:47:21 <kaniini> (i know we deleted it from the release note, i am just saying that from a PR perspective we need to be careful about mentioning explicit bugfixes as line items)
2017-05-18 19:47:49 <scadu> kaniini: you don't know if someone from canonical isn't watching -devel :p
2017-05-18 19:47:58 <kaniini> they probably are
2017-05-18 19:48:19 <Shiz> 
ACTION runs $ git diff --name-only --diff-filter=A origin/3.5-stable | grep APKBUILD | grep -v 'testing\|unmaintained' to find new interesting builds

2017-05-18 19:48:25 <kaniini> but at least then it comes off as kooky conspiracy theory rambling instead of "look at this thing in their release notes!  teehee!"
2017-05-18 19:48:36 <kaniini> you know what i mean?
2017-05-18 19:48:43 <scadu> kaniini: yep
2017-05-18 19:48:47 <Shiz> hmm
2017-05-18 19:48:49 <Shiz> emscripten maybe?
2017-05-18 19:48:51 <scadu> kaniini: everything's on plate :p
2017-05-18 19:49:05 <ncopa> kaniini i think we are all done with it
2017-05-18 19:49:29 <kaniini> Shiz: i think emscripten is worth adding
2017-05-18 19:49:39 <kaniini> Shiz: can you pastebin the latest?
2017-05-18 19:49:44 <Shiz> yes
2017-05-18 19:49:49 <kaniini> something about the llvm was bugging me
2017-05-18 19:49:58 <Shiz> https://txt.shiz.me/NDdhMTlhY2
2017-05-18 19:50:23 <kaniini> * The `llvm` package is now provided by the versioned `llvm<X>` package that is selected as default LLVM;
2017-05-18 19:50:35 <Shiz> yeah it's not terrifically worded
2017-05-18 19:50:36 <kaniini> i'm not sure about the wording here
2017-05-18 19:51:19 <Shiz> * The `llvm` package is now provided by a versioned `llvm<X>` package;
2017-05-18 19:51:21 <Shiz> maybe just this?
2017-05-18 19:51:38 <kaniini> - the LLVM package has been provided by a versioned `llvm<X>` package, which is presently `llvm4`
2017-05-18 19:52:26 <Shiz> how's this: * The `llvm` package has been changed to be provided by a versioned `llvm<X>` package, which is presently `llvm4`;
2017-05-18 19:52:36 <Shiz> i want to make clear that it's about the literal package called `llvm`
2017-05-18 19:52:37 <Shiz> :p
2017-05-18 19:54:01 <kaniini> sure
2017-05-18 19:54:16 <kaniini> works for me
2017-05-18 19:54:20 <Tsutsukakushi> reading the CoCk thread on the ML...
2017-05-18 19:54:36 <kaniini> the what?
2017-05-18 19:54:40 <Tsutsukakushi> >and disparaging remarks of any kind,
2017-05-18 19:54:56 <Tsutsukakushi> stuff like this is what makes CoCks suck so much
2017-05-18 19:55:09 <Tsutsukakushi> sometimes people use bad language in a heated argument
2017-05-18 19:55:13 <TemptorSent> I'd simplify that slightly, to: The 'llvm' package is now provided by...
2017-05-18 19:55:59 <Tsutsukakushi> this might have a chilling effect on people in such arguments
2017-05-18 19:56:29 <Tsutsukakushi> ^7heo:
2017-05-18 19:56:56 <kaniini> Tsutsukakushi: thank you for your input, but we are trying to get 3.6 out the door.  can you reply to the ML thread instead?
2017-05-18 19:57:25 <Tsutsukakushi> my mail setup is kind of fucked currently...
2017-05-18 19:57:36 <kaniini> that is unfortunate
2017-05-18 19:57:39 <Tsutsukakushi> it is
2017-05-18 19:57:42 <Tsutsukakushi> and really annoying too
2017-05-18 19:57:55 <Shiz> https://txt.shiz.me/OGQxYWVlYm
2017-05-18 19:58:04 <Shiz> btw, commit stats
2017-05-18 19:58:05 <Tsutsukakushi> tho it has made me use gmane quite a bit
2017-05-18 19:58:08 <Tsutsukakushi> so that's quite nice
2017-05-18 19:58:50 <^7heo> Tsutsukakushi: yes. But at the same time, the goal of the CoC is to avoid people coming over and insulting others.
2017-05-18 19:59:03 <asie> ^7heo: he's just biased. plenty of good CoCs, plenty of bad CoCs.
2017-05-18 19:59:05 <^7heo> Tsutsukakushi: so... it's kinda difficult to make a one-size fits all without being explicit about everything.
2017-05-18 19:59:17 <asie> the very part where he says "CoCk" shows that he is unlikely to be reasoned with in this regard
2017-05-18 19:59:18 <Tsutsukakushi> insulting others during a heated debate is not done out of malice
2017-05-18 19:59:18 <^7heo> asie: CoCs are mostly thrusting everywhere
2017-05-18 19:59:25 <Shiz> ML, please
2017-05-18 19:59:29 <Shiz> or at least, not here right now
2017-05-18 19:59:30 <kaniini> ^
2017-05-18 19:59:35 <^7heo> right, offtopic, people.
2017-05-18 19:59:41 <Tsutsukakushi> but because you are frustrated when you think people don't understand what you are saying
2017-05-18 19:59:55 <asie> nope, -offtopic it is
2017-05-18 20:00:03 <kaniini> Tsutsukakushi: please drop it
2017-05-18 20:00:34 <Shiz> ima take a look at b.a.o
2017-05-18 20:00:40 <Shiz> to see what needs to be done still
2017-05-18 20:00:43 <Tsutsukakushi> kaniini: i had written that message when you said anything
2017-05-18 20:00:47 <Tsutsukakushi> before*
2017-05-18 20:02:19 <kaniini> Shiz: xenqemu ifuncs regression, i already have a fix for it
2017-05-18 20:02:44 <Shiz> i wish i could filter for !resolved
2017-05-18 20:02:46 <Shiz> :|
2017-05-18 20:04:19 <xentec> Shiz: Add filter > Status > is not: resolved
2017-05-18 20:04:20 <Shiz> guess i found something that owrked
2017-05-18 20:04:26 <Shiz> xentec: yeah but that also catches closed
2017-05-18 20:04:33 <xentec> yep
2017-05-18 20:04:35 <Shiz> so bleh
2017-05-18 20:04:44 <TemptorSent> nightmared: #7285 - Once solution would be to simply provide the zfs modules in the initramfs using an appended cpio
2017-05-18 20:04:55 <TemptorSent> nightmared: #7285 - Once solution would be to simply provide the zfs modules in the initramfs using an appended cpio
2017-05-18 20:04:59 <TemptorSent> WTF?!?!
2017-05-18 20:05:07 <TemptorSent> That's RE: not nightmared
2017-05-18 20:07:03 <TemptorSent> That should avoid the legal issue, while still allowing zfs to be used from the initramfs environment
2017-05-18 20:08:19 <kaniini> 3.7
2017-05-18 20:08:40 <TemptorSent> Why? It doesn't require anything other than adding a file to the image.
2017-05-18 20:09:32 <TemptorSent> A single cpio.gz with the contents of /lib/modules from the zfs-hardened package
2017-05-18 20:14:32 <kaniini> because we are already in feature freeze
2017-05-18 20:15:21 <TemptorSent> kaniini: Right, and? No new feature here, just packaging.
2017-05-18 20:15:55 <TemptorSent> kaniini: No other files need to be changed at all, just one added to the boot dir.
2017-05-18 20:16:40 <TemptorSent> kaniini: The user can add the additional append themselves during boot.
2017-05-18 20:32:39 <kaniini> clandmeter: ping
2017-05-18 20:32:51 <clandmeter> pong
2017-05-18 20:32:54 <kaniini> clandmeter: can you give Shiz write access to the bug tracker so he can close bugs
2017-05-18 20:33:06 <kaniini> Shiz: can you tell clandmeter what your login is so he can do that
2017-05-18 20:33:11 <Shiz> it's shiz
2017-05-18 20:33:15 <Shiz> or hi@shiz.me
2017-05-18 20:33:17 <kaniini> sweeeeeeet
2017-05-18 20:33:18 <Shiz> forgot if email was used
2017-05-18 20:38:21 <clandmeter> Shiz, restart your computer and try
2017-05-18 20:38:40 <Shiz> i'll just update systemd that's the same right
2017-05-18 20:38:53 <clandmeter> yes, just kill pid 1
2017-05-18 20:39:58 <Shiz> thanks, works :)
2017-05-18 20:45:25 <rdutra> kaniini: Shiz: is there any link/documentation that describes the steps that run after "setup-alpine" or explaining the entire install process? I found https://wiki.alpinelinux.org/wiki/Installation but did not find this information
2017-05-18 20:45:38 <rdutra> btw. I am booting alpine ppc64le and using qemu
2017-05-18 20:46:01 <kaniini> that recent commit about console=hvc0 doesnt seem right to me
2017-05-18 20:46:06 <TemptorSent> I don't believe it's documented as such rdutra.
2017-05-18 20:46:07 <kaniini> what if we want boot alpine on bare metal
2017-05-18 20:46:40 <TemptorSent> rdutra: What are you running into?
2017-05-18 20:47:37 <Shiz> kaniini: should we disable GRKERNSEC_SYSFS_RESTRICT before branching 3.6?
2017-05-18 20:47:42 <Shiz> there seem to be MESA issues with it
2017-05-18 20:47:59 <kaniini> Shiz: i'm okay with it.  send me an mbox and i will push it
2017-05-18 20:48:06 <Shiz> gotcha
2017-05-18 20:48:21 <Shiz> post-3.6 we might look into modifying it to be a sysctl
2017-05-18 20:48:22 <TemptorSent> Can it be enabled through sysfs after the fact?
2017-05-18 20:48:25 <Shiz> no
2017-05-18 20:48:29 <Shiz> it has no sysctl :(
2017-05-18 20:48:36 <TemptorSent> Drat.
2017-05-18 20:48:55 <TemptorSent> Kernel command line option?
2017-05-18 20:49:14 <TemptorSent> I haven't looked at that specific chunk yet.
2017-05-18 20:50:05 <TemptorSent> If not, we probably need to change that or it's going to be worthless.
2017-05-18 20:50:45 <rdutra> TemptorSent: It stops at: https://hastebin.com/raw/uniwoxalov
2017-05-18 20:51:34 <rdutra> TemptorSent: I am not sure if it is correct, as I do not know the steps it run
2017-05-18 20:52:15 <TemptorSent> rdutra: Hmm, that's an odd place to stop.
2017-05-18 20:53:19 <rdutra> TemptorSent: the setup-alpine script is part of aports repo?
2017-05-18 20:53:20 <Shiz> hmm
2017-05-18 20:53:42 <TemptorSent> Um, not sure right off...
2017-05-18 20:53:45 <TemptorSent> one sec.
2017-05-18 20:54:26 <Shiz> it's part of alpine-conf
2017-05-18 20:54:36 <Shiz> https://github.com/alpinelinux/alpine-conf/blob/master/setup-alpine.in
2017-05-18 20:54:49 <TemptorSent> Thanks Shiz
2017-05-18 20:55:23 <rdutra> thanks
2017-05-18 20:56:05 <rdutra> TemptorSent: not sure if in x86_64 the setup-alpine is working fine and actually is the first time I run this command
2017-05-18 20:56:53 <TemptorSent> rdutra: You might try running the individual setup commmands manually
2017-05-18 20:57:31 <TemptorSent> rdutra: Try setup-sshd
2017-05-18 20:58:36 <rdutra> TemptorSent: yeah, I will see in which part of the script the run stopped
2017-05-18 20:59:03 <rdutra> gotta go now, thanks!
2017-05-18 20:59:42 <TemptorSent> rdutra: I'm going to take a SWAG on setup-disk
2017-05-18 21:40:57 <TemptorSent> Is there any chance we could add an all-archs key to the master alpine keychain an sign the keys package with that, eliminating a very irritating cross-platform target-root chicken and egg problem?
2017-05-18 21:41:48 <TemptorSent> Theoretically, multiple key signatures should be supportable, but I don't know how apk handles trust chains.
2017-05-18 23:22:50 <brentous> ncopa & clandmeter: I'm getting "HTTP/1.1 503 Backend is unhealthy" when trying to pull the APKINDEX from the CDN. I was told I should let you 2 know.
2017-05-18 23:23:13 <Shiz> temp fix is changing mirrors to nl.alpinelinux.org
2017-05-18 23:23:54 <xentec> dl-cdn is really dying the last days, huh
2017-05-18 23:24:55 <brentous> Alright looks like I'll be /etc/host-ing that
2017-05-18 23:25:16 <Shiz> you can just edit it in /etc/apk/repositories
2017-05-18 23:26:57 <brentous> Normally I would do something like that, but I'm working on automation and temporary edits like this are somewhat anathema
2017-05-18 23:27:34 <Shiz> right
2017-05-18 23:27:49 <brentous> Looks like the URIs are different between nl and dl-cdn :o
2017-05-18 23:28:06 <Shiz> should be /alpine for both
2017-05-18 23:28:28 <brentous> `WARNING: Ignoring http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86_64/APKINDEX.tar.gz: No such file or directory`
2017-05-18 23:28:35 <brentous> errr
2017-05-18 23:29:04 <Shiz> likely nl.alpinelinux.org doesn't like it if you give it ah ttp request with Host: dl-cdn.alpinelinux.org
2017-05-18 23:29:07 <brentous> `HTTP/1.1 404 Not Found` for the same URI with nl.alpinelinux.org
2017-05-18 23:29:40 <Shiz> http://nl.alpinelinux.org/alpine/v3.5/main/x86_64/
2017-05-18 23:29:45 <Shiz> works here...
2017-05-18 23:30:04 <brentous> Ah I think you're right: vhosts issue.
2017-05-18 23:30:19 <nathanielks> hiya, alpine team! looks like it may have been reported already, but http://dl-cdn.alpinelinux.org/ appears to be down. should I use nl. instead?
2017-05-18 23:30:35 <Shiz> yep, it is
2017-05-18 23:30:38 <Shiz> use nl. for now, yeah
2017-05-18 23:30:40 <Shiz> or cz.
2017-05-18 23:30:47 <nathanielks> very good, thanks 🤘
2017-05-18 23:31:24 <Shiz> sorry bout the issues, dl-cdn has been having some real issues lately :/
2017-05-18 23:31:37 <brentous> I'll just throw a `sed -i s/dl-cdn/nl/g /etc/apk/repositories` in my local version of the Dockerfile I guess
2017-05-18 23:31:46 <brentous> Thanks for the info Shiz
2017-05-18 23:35:43 <nathanielks> just glad they’re getting worked out :D
2017-05-19 03:21:21 <TemptorSent> kaniini: Is there anything currently in the apk database structure that can not be represented properly as a DAG (optionally with codepedencies)
2017-05-19 03:23:26 <TemptorSent> i.e. valid circular deps at the same level of requirement, etc.
2017-05-19 03:24:49 <TemptorSent> install-dep, runtime-dep, feature-dep, doc-dep, etc.
2017-05-19 07:27:13 <ncopa> hi
2017-05-19 07:27:22 <ncopa> whats up with dl-cdn?
2017-05-19 07:45:47 <clandmeter> seems very unstable lately
2017-05-19 08:10:57 <ncopa> yes
2017-05-19 08:11:13 <ncopa> last week it was dl-4 who broke
2017-05-19 08:11:21 <ncopa> now its fastly
2017-05-19 09:01:27 <clandmeter> Shiz, how did the release notes go?
2017-05-19 09:01:45 <Shiz> nobody seemed to have any more comments since the last revision
2017-05-19 09:02:38 <^7heo> where are the release notes?
2017-05-19 09:08:29 <Shiz> https://txt.shiz.me/MGY0YTIxYz
2017-05-19 09:09:01 <^7heo> thanks Shiz !
2017-05-19 09:09:25 <Shiz> julia is to be added to this once i fix the package
2017-05-19 09:09:45 <fcolista> https://wiki.alpinelinux.org/wiki/How_to_make_a_custom_ISO_image_with_mkimage
2017-05-19 09:09:51 <fcolista> first draft created..
2017-05-19 09:10:04 <fcolista> clandmeter, ncopa ^
2017-05-19 09:10:06 <^7heo> I guess the new mkinitfs will make it in 3.6.1 then
2017-05-19 09:10:16 <^7heo> I didn't yet find the time to test it =/
2017-05-19 09:10:36 <clandmeter> fcolista \o/
2017-05-19 09:11:02 <ncopa> fcolista nice! thanks!
2017-05-19 09:12:00 <fcolista> some points a missing, like the kernel_flavors or the imports of other profiles
2017-05-19 09:12:23 <fcolista> *are
2017-05-19 09:12:34 <fcolista> But at least it's a stard
2017-05-19 09:12:35 <fcolista> *start
2017-05-19 09:12:55 <clandmeter> fcolista, unionfs != overlayfs
2017-05-19 09:14:34 <fcolista> kernel_cmdline="unionfs_size=512M console=tty0 console=ttyS0,115200"
2017-05-19 09:14:41 <fcolista> is that part wrong clandmeter? ^
2017-05-19 09:14:51 <clandmeter> no its not
2017-05-19 09:14:53 <fcolista> ah
2017-05-19 09:14:54 <fcolista> sorry
2017-05-19 09:14:55 <fcolista> This is an example used to have ZFS module, overlayfs (which allows to have /lib/modules in
2017-05-19 09:14:56 <fcolista> this part
2017-05-19 09:15:01 <clandmeter> right
2017-05-19 09:15:05 <fcolista> yes I wrote unionfs
2017-05-19 09:15:13 <^7heo> Shiz: from the packages I could check, I don't think anything's missing there.
2017-05-19 09:15:14 <clandmeter> its not your faulth, its a bit confusing
2017-05-19 09:15:29 <leo-unglaub> morning!
2017-05-19 09:15:31 <clandmeter> initframfs had unionfs support before
2017-05-19 09:15:35 <^7heo> moin leo-unglaub
2017-05-19 09:16:01 <clandmeter> but somebody modificed the code to use overlayfs instead (which was upstreamed)
2017-05-19 09:17:45 <fcolista> umh that was done for ISO creation iirc
2017-05-19 09:17:55 <clandmeter> they kept unionfs_size for backwards compatibility i presume.
2017-05-19 09:18:37 <fcolista> I've a vague remember that overlayfs was introduced in order to get an iso >> dd to usb an make it work
2017-05-19 09:18:42 <fcolista> or something like that
2017-05-19 09:19:29 <fcolista> anyway would be cool having a webif in our website that allows to create a custom iso
2017-05-19 09:19:39 <fcolista> :D
2017-05-19 09:20:26 <fcolista> 
ACTION has always bad ideas :P

2017-05-19 09:20:39 <^7heo> but sometimes they turn out to be quite successful
2017-05-19 09:20:59 <ncopa> hi leo-unglaub how are you doin
2017-05-19 09:21:09 <clandmeter> i dont think overlayfs has anything to do with hybrid iso's
2017-05-19 09:21:37 <leo-unglaub> ncopa:  i am doing great. having a lot of fun with people infected with wannacry coming to me complaining *g*
2017-05-19 09:21:52 <ncopa> Shiz i didnt merge your kbd work, did i?
2017-05-19 09:22:11 <ncopa> leo-unglaub ha :)
2017-05-19 09:22:15 <clandmeter> fcolista, you are free to design such iso generation web application :)
2017-05-19 09:22:27 <clandmeter> but i think there are currently bigger fish to catch :)
2017-05-19 09:22:28 <leo-unglaub> i also did a lot of work / testing with alpine linux in the new openbsd virtual machine implementation
2017-05-19 09:22:40 <leo-unglaub> alpine linux is currently the only linux working in there
2017-05-19 09:22:44 <ncopa> oh cool, i read about it
2017-05-19 09:22:52 <fcolista> leo-unglaub, cool
2017-05-19 09:22:53 <ncopa> but never actually tried it
2017-05-19 09:23:29 <ncopa> im actually pretty excited about that openbsd+alpine thing
2017-05-19 09:23:36 <Shiz> ncopa: don't think you did
2017-05-19 09:23:38 <leo-unglaub> yeah, me to!
2017-05-19 09:24:05 <Shiz> i heard alpine is the only supported linux distro for obsd virt
2017-05-19 09:24:07 <Shiz> ;)
2017-05-19 09:24:14 <leo-unglaub> alpine is handled by openbsd developers as the only usable linux distribution *g*
2017-05-19 09:24:19 <ncopa> when i started with alpine, i had this goal, that if openbsd ppl would use linux they should use alpine :)
2017-05-19 09:24:26 <^7heo> leo-unglaub: which it is.
2017-05-19 09:24:45 <^7heo> ncopa: that's why you have all of us around now
2017-05-19 09:24:47 <leo-unglaub> well, alpine and some parts of void linux yes
2017-05-19 09:24:50 <^7heo> ncopa: for the better of the worse.
2017-05-19 09:25:59 <ncopa> :)
2017-05-19 09:26:35 <ncopa> ok, re upcoiming release
2017-05-19 09:26:52 <ncopa> i have a few things i think needs to be done
2017-05-19 09:27:02 <ncopa> - merge shiz's kbd work
2017-05-19 09:27:41 <Shiz>    @ncopa │ when i started with alpine, i had this goal, that if openbsd ppl would use linux they should use alpine :)
2017-05-19 09:27:45 <Shiz> I talked to peter hessler at FOSDEM
2017-05-19 09:27:50 <Shiz> he named alpine as the 'least bad linux distro'
2017-05-19 09:27:52 <Shiz> :p
2017-05-19 09:28:12 <^7heo> that's also the 'least bad linux distro' IMHO
2017-05-19 09:28:34 <ncopa> - tag and update alpine-conf, abuild? mkinitfs, anything else?
2017-05-19 09:29:04 <^7heo> ncopa: mkinitfs should be tested
2017-05-19 09:29:05 <ncopa> i have a pending  commit to setup-xorg-base
2017-05-19 09:29:17 <^7heo> I have something started to do this
2017-05-19 09:29:21 <^7heo> but I didn't finish
2017-05-19 09:29:30 <ncopa> ^7heo thats why i want tag a mkinitfs-rc1 something
2017-05-19 09:29:36 <ncopa> oh, lddtree too probably
2017-05-19 09:29:48 <ncopa> then
2017-05-19 09:29:56 <^7heo> ncopa: you mean, you want mkinitfs-rc1 in the release?
2017-05-19 09:30:10 <ncopa> a prerelease of new mkinitfs yes
2017-05-19 09:30:18 <^7heo> in the release?
2017-05-19 09:30:30 <ncopa> or at least see at which state mkinitfs git master is
2017-05-19 09:30:36 <ncopa> for alpine 3.6.0_rc1
2017-05-19 09:30:44 <ncopa> which mush go out today
2017-05-19 09:30:47 <ncopa> then
2017-05-19 09:31:07 <ncopa> for scripts/mkimg.*.sh
2017-05-19 09:31:10 <ncopa> the profiles
2017-05-19 09:31:36 <Shiz> ncopa: i'm going to try to get libc++ stuff done then today
2017-05-19 09:31:38 <ncopa> we should include the longer description for each profile there
2017-05-19 09:31:43 <Shiz> i would like it to be in community considering all full tests pass :)
2017-05-19 09:31:45 <Shiz> or most
2017-05-19 09:32:10 <ncopa> as long as it does not stall the arm builder right beore i tag...
2017-05-19 09:32:20 <Shiz> tests have laready been disabled on armhf
2017-05-19 09:32:25 <Shiz> (as have they for llvm, it turns out)
2017-05-19 09:32:34 <Shiz> for the same reason
2017-05-19 09:33:18 <ncopa> then we need make the alpine-mksite script use the long description from scripts/mkimg.*.sh instead of embedding those in the lua scripts
2017-05-19 09:35:28 <ncopa> we should also refactor the way the downloads page is generated
2017-05-19 09:35:49 <ncopa> :q
2017-05-19 09:36:19 <Shiz> ENOTVIM
2017-05-19 09:36:31 <ncopa> someone want to help me look at the bugs.alpinelinux.org, filter on "Resolved"
2017-05-19 09:36:45 <ncopa> and close everything that can be closed
2017-05-19 09:37:30 <^7heo> do you people here know coccinelle?
2017-05-19 09:37:48 <ncopa> that is verify the issue is resolved. that nobody claims its still an issue
2017-05-19 09:37:49 <^7heo> ( http://coccinelle.lip6.fr/ )
2017-05-19 09:38:07 <ncopa> for example: https://bugs.alpinelinux.org/issues/5241
2017-05-19 09:38:28 <ncopa> there is a commit fixing the issue, and nobody has claimed it is still aproblem. it can be closed
2017-05-19 09:38:50 <ncopa> also sec issues with [3.0] or [3.1] marked as resolved can be closed
2017-05-19 09:39:16 <ncopa> since 3.0 and 3.1 is no longer supported
2017-05-19 09:39:30 <ncopa> keep [3.2] and newer open
2017-05-19 09:40:28 <ncopa> anybody can help with that?
2017-05-19 09:53:33 <clandmeter> sorry, not me today
2017-05-19 11:03:29 <mih> Hello ,I want to push my work on pypy, where can I create a PR? On github or on you repo ?
2017-05-19 11:08:33 <ashb> PRs to the the aports repo on github are accepted, yes
2017-05-19 11:14:53 <AlexIncogito> ^7heo: Have you used it ?
2017-05-19 11:19:20 <^7heo> AlexIncogito: nope, just read the description.
2017-05-19 11:19:31 <^7heo> AlexIncogito: but I'm interested in any testimony about it ;)
2017-05-19 11:26:22 <AlexIncogito> How does most people setup their Alpine server ? Permanent install on HDD or new deployment upon each restart ?
2017-05-19 11:27:55 <AlexIncogito> I can see a great benefit to the later solution, to mitigate eventual attackers from putting a permanent foothold on the machine: that is, have a new deployment install from a read-only config loaded at boot time, and another mounted disk for datas
2017-05-19 11:34:59 <tmh1999_> ncopa : I am looking at b.a.o. I will collect a list of those as you mentioned.
2017-05-19 11:35:16 <ncopa> tmh1999_ thank you
2017-05-19 11:57:18 <mih> ashb: thanks! managed to create a PR in https://github.com/alpinelinux/aports/pull/1540
2017-05-19 12:19:59 <ncopa> i am slightly annoyed of udhcpc
2017-05-19 12:20:14 <ncopa> it prints out info on the ip address it got on stderr
2017-05-19 12:20:34 <ncopa> which means we cannot redirect the noise without losing potensial error messages
2017-05-19 12:58:14 <_ikke_> habitat test suite takes ages (even just the unit tests)
2017-05-19 13:07:16 <ncopa> sounds fun :)
2017-05-19 13:08:44 <_ikke_> right
2017-05-19 13:08:59 <_ikke_> wonder whether we want to enable that for each package build
2017-05-19 13:13:32 <xentec> If you're still fixing things, there is one bug that prevents cross-compilation of gcc and I have a patch for it https://gist.github.com/xentec/81856fc05d32bbaa8f8c7df9d3a0c672
2017-05-19 13:26:36 <tmh1999> ncopa : so far http://ix.io/ufG
2017-05-19 13:26:47 <tmh1999> looks like you also did close some
2017-05-19 13:27:55 <ncopa> xentec: bugs.alpinelinux.org if you are afraid that we will forget
2017-05-19 13:39:47 <przemoc> ncopa: I may be able to squeeze some time in the late evening (or night) today or tomorrow, not sur, so I think I could help you a bit with some issues (unless you'll manage to go through them before, of course)
2017-05-19 13:42:28 <przemoc> but I'm afraid I may do some irrelevant stuff along the way, like (re)categorizing and renaming, because I always prefer to have clear view (as clear as possible w/o unbearable effort that is) before I start doing main thing
2017-05-19 13:45:33 <przemoc> wow, there are almost 1000 open issues
2017-05-19 14:09:15 <ncopa> php has some really weird errors sometimes
2017-05-19 14:09:18 <ncopa> https://bugs.alpinelinux.org/issues/7159
2017-05-19 14:14:45 <ncopa> this is somewhat important: https://bugs.alpinelinux.org/issues/6705
2017-05-19 14:15:07 <ncopa> if there are no dhcp server, then will you never get login prompt
2017-05-19 14:15:17 <ncopa> im open to suggestions how to fix it
2017-05-19 14:15:30 <ncopa> do we patch busybox to add -b option?
2017-05-19 14:17:07 <Shiz> from that patch it doesnt seem like it needs a patch?
2017-05-19 14:17:10 <Shiz> just -b set by default
2017-05-19 14:17:20 <ncopa> where do we set it?
2017-05-19 14:17:28 <ncopa> in /etc/network/interfacs?
2017-05-19 14:17:32 <ncopa> in the setup script?
2017-05-19 14:18:02 <ncopa> i also wonder what to do with the redirection
2017-05-19 14:18:23 <Shiz> in the initramfs and the /etc/network/interfaes setup-networking creates
2017-05-19 14:18:24 <ncopa> so udhcp does not print ip addr info when prompting for root password
2017-05-19 14:18:47 <ncopa> thats an option yes
2017-05-19 14:19:02 <ncopa> im not sure i like it
2017-05-19 14:19:24 <Shiz> well it blocks boot otherwise, which is somewhat of a problem
2017-05-19 14:19:26 <Shiz> :P
2017-05-19 14:19:38 <ncopa> yes that problem needs to be solved
2017-05-19 14:19:48 <ncopa> but im not sure i like add option in interfaces
2017-05-19 14:19:56 <ncopa> because you can apk add dhcpcd
2017-05-19 14:20:01 <ncopa> and busybox will pick it up
2017-05-19 14:20:05 <ncopa> eg replace udhcpcd
2017-05-19 14:20:17 <Shiz> yeah but then it'll just ignore udhcpc_opts anyway right
2017-05-19 14:20:21 <ncopa> then you end up with irelevant option in your interfaces
2017-05-19 14:20:25 <ncopa> yes
2017-05-19 14:20:31 <ncopa> it will probably ignore it
2017-05-19 14:20:48 <ncopa> if we are ok with that, then i'll fix it that way
2017-05-19 14:20:55 <xentec> ncopa: (gcc issue) I'd rather create a PR: https://github.com/alpinelinux/aports/pull/1544
2017-05-19 14:21:03 <xentec> waiting for travis now
2017-05-19 14:21:07 <ncopa> xentec: thanks!
2017-05-19 14:21:59 <Shiz> i dont think its a problem but i welcome other opinions :p
2017-05-19 14:22:00 <xentec> ok travis failed, because gcc-gnat is not installed...
2017-05-19 14:22:28 <xentec> gonna test local then
2017-05-19 14:23:43 <mih> Hi,I have recently  managed to create a PR in https://github.com/alpinelinux/aports/pull/1540 .  The build time of my package exceeds 2 hours on a standard computer and the Travis test fails because it runs  for less time than my build time.Is my PR going to be ignored because of that?
2017-05-19 14:25:10 <Shiz> no, it just means that's someone is going to have to test it manually
2017-05-19 14:25:17 <Shiz> may lead to delays
2017-05-19 14:25:34 <Shiz> more importantly, we're in the middle of releasing 3.6 so we kind of *are* ignoring new package aports right now :P
2017-05-19 14:25:38 <Shiz> passing travis or not
2017-05-19 14:25:44 <Shiz> unless they're really important
2017-05-19 14:26:14 <mih> It is a build for PyPy
2017-05-19 14:26:46 <mih> I think is quite important
2017-05-19 14:27:29 <Shiz> I'll at least review it for you
2017-05-19 14:29:13 <mih> That would be nice, thank you!
2017-05-19 14:35:10 <Shiz> done, at least as best as I could without having direct access to build logs
2017-05-19 14:39:28 <Shiz> let me know if anything needs clarification or if you disagree :p
2017-05-19 14:45:07 <ncopa> i tagged 3.6.0_rc1
2017-05-19 14:46:26 <Shiz> woo
2017-05-19 14:46:47 <Shiz> waiting for the ML post ;)
2017-05-19 14:47:06 <tmh1999> \o/
2017-05-19 14:50:44 <xentec> and new /topic :D
2017-05-19 14:54:24 <xentec> gcc finally compiled: no errors. could someone pull https://github.com/alpinelinux/aports/pull/1544 ?
2017-05-19 15:04:25 <clandmeter> \o/
2017-05-19 15:16:38 <ncopa> rnalrd: what was the reason for moving multipath-tools to community?
2017-05-19 15:16:45 <ncopa> xen image needs it
2017-05-19 15:17:02 <ncopa> and everything in releases needs to be in main
2017-05-19 15:17:18 <ncopa> so i wonder if we exclude multipath-tools from xen image or if we move it back to main
2017-05-19 15:19:33 <ncopa> ok its time for way to late lunch
2017-05-19 15:19:47 <ncopa> better eat before i get grumpy
2017-05-19 15:20:00 <^7heo> we should all have tshirts with that.
2017-05-19 17:06:47 <Shiz> ncopa: rc1 feedback re:udchpc_opts:
2017-05-19 17:06:50 <Shiz>    ed │ it's suddenly very aggressive in getting a link on eth0
2017-05-19 17:06:51 <Shiz>    ed │ stuck during booting trying to get a dhcp lease
2017-05-19 17:06:53 <Shiz> i think it's a good idea to enable
2017-05-19 17:06:59 <Shiz> -b
2017-05-19 23:12:47 <Shiz> https://github.com/alpinelinux/aports/pull/1548
2017-05-19 23:12:53 <Shiz> why do we have dpkg in main, lol
2017-05-19 23:16:11 <Shiz> jirutka: ping
2017-05-19 23:16:16 <jirutka> pong
2017-05-19 23:16:24 <Shiz> i upgraded julia :)
2017-05-19 23:16:35 <jirutka> WAT?! why it is in main?
2017-05-19 23:16:49 <jirutka> imo it’s legacy from times when community didn’t exist
2017-05-19 23:16:53 <Shiz> julia is on the latest version and built against llvm 3.9 now
2017-05-19 23:16:54 <jirutka> imo should be moved to community
2017-05-19 23:16:56 <Shiz> in my local tree
2017-05-19 23:16:58 <jirutka> oh great!
2017-05-19 23:16:58 <Shiz> and it works
2017-05-19 23:17:01 <jirutka> you rocks!
2017-05-19 23:17:05 <Shiz> :p
2017-05-19 23:17:11 <Shiz> i'll push a pr in a bit
2017-05-19 23:17:17 <Shiz> imo we can move it to community then if it works
2017-05-19 23:17:23 <jirutka> but ncopa already tagged rc1, not sure if he will allow to move it to community
2017-05-19 23:17:27 <Shiz> right
2017-05-19 23:17:28 <jirutka> we must ask
2017-05-19 23:17:36 <Shiz> hence 'imo' :P
2017-05-20 03:55:14 <kaniini> well
2017-05-20 03:55:16 <kaniini> it comes down to
2017-05-20 03:55:25 <kaniini> how confident are you in it
2017-05-20 03:55:33 <kaniini> (julia)
2017-05-20 09:29:57 <^7heo> moin
2017-05-20 09:34:36 <TemptorSent> I think it's time for me to say goodnight actually :)
2017-05-20 09:47:48 <^7heo> o/
2017-05-20 09:47:51 <^7heo> Sleep tight man.
2017-05-20 09:48:14 <TemptorSent> Thanks - eyes are getting bleary, time to call it.
2017-05-20 09:48:51 <^7heo> You should be sleeping BEFORE that happens ;)
2017-05-20 09:49:38 <TemptorSent> Yeah, yeah - I know. I actually had gone to bed at 11:30, but woke up an hr or two later.
2017-05-20 09:51:39 <TemptorSent> Then got sidetracked reading.
2017-05-20 09:51:53 <TemptorSent> I'm out :)
2017-05-20 09:54:28 <^7heo> o/
2017-05-20 14:22:28 <sybix> Hi
2017-05-20 14:22:54 <sybix> I am in the good place for discussing about pacakge creation ?
2017-05-20 14:24:05 <xentec> ask away
2017-05-20 14:25:26 <sybix> I've done a apkgbuild, but the documentation in the lib is doxygen
2017-05-20 14:26:10 <sybix> But if i include $pkgname-doc, it's fail to build doc
2017-05-20 14:26:36 <Shiz> what does it say?
2017-05-20 14:26:41 <Shiz> and is doxygen in your makedepends?
2017-05-20 14:27:02 <sybix> Have i to create a doc function and copy the doc in $pkgname-doc ?
2017-05-20 14:27:46 <sybix> https://pastebin.com/KRxK0DAe
2017-05-20 14:28:00 <sybix> And yes for the doxygen packages
2017-05-20 14:28:32 <xentec> It seems no docs are generated
2017-05-20 14:30:21 <sybix> I have the same log when add a doc function
2017-05-20 14:30:42 <sybix> i see doxygen output
2017-05-20 14:30:51 <sybix> but i have the same log
2017-05-20 14:31:22 <sybix> do did i need to copy the output to pkg/$pkgname-doc ?
2017-05-20 14:32:49 <jirutka> sybix: what files does the doxygen generate here?
2017-05-20 14:33:01 <sybix> html files
2017-05-20 14:34:09 <sybix> abuild expect a specific format ?
2017-05-20 14:35:53 <jirutka> and where does it install them? how pkg/ looks like after package function is ran?
2017-05-20 14:36:34 <sybix> There is 2 folder, pkgname and pkgname-doc
2017-05-20 14:36:56 <sybix> doxygen build the doc in a html directory in the sources
2017-05-20 14:37:14 <jirutka> tree pkg/$pkgname/
2017-05-20 14:38:04 <Shiz> sybix: the default doc implementation only copies certan types of files, it's possible that the html docs generated by doxygen are not picked up by it
2017-05-20 14:38:14 <Shiz> in which case you have to write your own doc() split function that copies them over to "$subpkgdir"
2017-05-20 14:38:24 <Shiz> but yeah, do what jirutka said
2017-05-20 14:38:26 <Shiz> :P
2017-05-20 14:39:25 <sybix> https://pastebin.com/nDQGKsJn
2017-05-20 14:39:30 <jirutka> Shiz: not entirely true… I’d like to guide him how to resolve this issue, not just say answer
2017-05-20 14:39:53 <xentec> yep. no docs are generated by the build process
2017-05-20 14:40:24 <Shiz> yes, seems like no docs are actually generated
2017-05-20 14:40:29 <jirutka> sybix: well, I don’t see any .html files here, so default -doc split function cannot move them
2017-05-20 14:40:34 <sybix> nop
2017-05-20 14:40:47 <sybix> but when i put a doc() function i see de doxygen output
2017-05-20 14:40:52 <Shiz> maybe therés a separate make rule to install docs
2017-05-20 14:40:57 <Shiz> check if that is the case
2017-05-20 14:41:07 <sybix> It's with doxygen
2017-05-20 14:41:13 <Shiz> that's generating them
2017-05-20 14:41:17 <Shiz> installing them may be something else
2017-05-20 14:41:24 <lxGzx53qO34r> it seems that this is the output of `tree pkg/$pkgname/` - shouldn't it be `tree pkg/$pkgname-doc/` instead?
2017-05-20 14:41:25 <jirutka> sybix: if it just generates them, but not install them into target location, then you must copy them manually inside package() to correct location (/usr/share/doc/$pkgname/)
2017-05-20 14:41:32 <Shiz> lxGzx53qO34r: no, since that doesn't exist
2017-05-20 14:41:48 <sybix> So i need to copy them in pkgname-doc ?
2017-05-20 14:42:04 <sybix> btw html is ok for documentation format ?
2017-05-20 14:42:16 <jirutka> sybix: no, jsut copy them to $pkgdest in package() function, abuild will automatically move them to -doc subpkg
2017-05-20 14:43:03 <Shiz> yeah there is no use overriding doc() here since that's not where the issue is-- the issue is it not installing the docs
2017-05-20 14:43:15 <jirutka> sybix: it depends… I consider them useless and really doubt that anyone use them instead of just finding them online, but someone other ppl wants them
2017-05-20 14:43:25 <Shiz> but before manually moving docs, I'd suggest checking if there's a makefile rule that does install the docs separately
2017-05-20 14:43:35 <jirutka> ^ +1
2017-05-20 14:43:37 <sybix> Without overriding the doc function, i don't see doxygen output
2017-05-20 14:43:51 <jirutka> that’s nonsense
2017-05-20 14:44:09 <Shiz> sybix: what exactly do you do in your overriden doc function
2017-05-20 14:44:11 <Shiz> then
2017-05-20 14:44:12 <jirutka> default_doc does not generate anything, just moves files
2017-05-20 14:44:17 <Shiz> jirutka: calm down ;P
2017-05-20 14:44:24 <jirutka> Shiz: I am calm ;)
2017-05-20 14:45:03 <jirutka> sybix: ah, pardon, I misunderstood you… well, if you define your own doc() and run doxygen here, then no wonder that you suddenly see doxygen output ;)
2017-05-20 14:45:41 <Shiz> sybix: could we see your APKBUILD?
2017-05-20 14:45:49 <Shiz> with the overridden docs function
2017-05-20 14:45:51 <Shiz> I have a hunch...
2017-05-20 14:45:51 <sybix> Shiz, cd "$builddir" doxygen
2017-05-20 14:46:02 <Shiz> okay, so
2017-05-20 14:46:22 <Shiz> from what it seems like the build process is not generating docs, but the solution is not to that in the doc split function
2017-05-20 14:46:32 <Shiz> split functions only move installed files to subpackages after the build process
2017-05-20 14:46:33 <sybix> jirutka, But without, i don't see doxygenoutput
2017-05-20 14:46:34 <Shiz> that's their intention
2017-05-20 14:46:41 <Shiz> so, my suggestion would be:
2017-05-20 14:46:46 <Shiz> drop the overridden doc() function
2017-05-20 14:46:51 <Shiz> add any instructions to generate docs to build()
2017-05-20 14:46:59 <Shiz> (maybe there's a # make docs you can run?)
2017-05-20 14:50:48 <sybix> Shiz, I don't think so, i check
2017-05-20 14:51:00 <sybix> The readme say doxygen for doc
2017-05-20 14:51:48 <Shiz> it seems like the docs aren't really part of the build process then
2017-05-20 14:52:48 <sybix> Yept, maybe juste ignoring the doc is a solution
2017-05-20 14:53:00 <Shiz> I'd suggest running doxygen in build() and overriding doc() to move them "$subpkgdir"/usr/share/doc/$pkgname if you want to include docs
2017-05-20 14:53:09 <Shiz> but if it's simple html docs that are also viewable online, imo it's not necessary
2017-05-20 14:53:14 <Shiz> but that is a case of opinion
2017-05-20 14:53:41 <jirutka> Shiz: it’s generally better to move them in package() function, not in custom doc()
2017-05-20 14:54:10 <Shiz> i guess the default doc also does postprocessing yes
2017-05-20 14:54:14 <Shiz> in that case, in package()
2017-05-20 14:55:35 <sybix> The -doc is not specialy for me, and is also viewable online
2017-05-20 14:56:00 <jirutka> sybix: then you can just omit it
2017-05-20 14:56:13 <Shiz> yeah sounds fine to omit
2017-05-20 14:56:26 <Shiz> jirutka: btw, almost all tests on julia pass :)
2017-05-20 14:56:35 <jirutka> sybix: -doc is mainly used for man pages or textual files, html pages are usually not very useful here
2017-05-20 14:56:42 <jirutka> sybix: which tests fail?
2017-05-20 14:56:49 <sybix> K' then no doc so
2017-05-20 14:56:52 <Shiz> i think you meant to highlight me there
2017-05-20 14:56:58 <jirutka> eh, yes
2017-05-20 14:56:59 <Shiz> the libdl test fails
2017-05-20 14:57:03 <Shiz> because of some odd TLS error
2017-05-20 14:57:21 <Shiz> i was also wondering if we should split the julia package up
2017-05-20 14:57:24 <Shiz> it seems a bit big...
2017-05-20 14:58:25 <jirutka> Shiz: libdl, isn’t it something for dynamic linking? I remember that I needed to rewrite one script for loading dnymaic libs
2017-05-20 14:58:32 <Shiz> yes
2017-05-20 14:58:37 <Shiz> not the same issue
2017-05-20 14:58:47 <Shiz> it seems to be something lowlevel
2017-05-20 14:59:20 <Shiz> but all the other tests pass, modulo one broken test and fakeroot nonsense
2017-05-20 14:59:22 <Shiz> :D
2017-05-20 15:00:20 <jirutka> Shiz: I spent 2 days on upgrading GitLab, 95 % of this time b/c of **** and *** **** *** Google and their *** **** gems
2017-05-20 15:00:31 <jirutka> Shiz: and I’m not done yet, still finding more and more stupid breakages
2017-05-20 15:00:40 <Shiz> this is why i just use gitea
2017-05-20 15:00:41 <Shiz> ;)
2017-05-20 15:01:18 <jirutka> users would kill me for replacing GitLab with gitea…
2017-05-20 15:02:21 <jirutka> and the most problem now is Google crap, so switching to something written entirely on Google craps is really not a solution ;)
2017-05-20 15:02:39 <Shiz> something something false equivalence
2017-05-20 15:02:54 <Shiz> well, i'm not the one bashing my head against upgrading my git hosting service so :p
2017-05-20 15:03:09 <jirutka> …
2017-05-20 15:03:30 <jirutka> I’m not bashing my head b/c of upgrading GitLab, but b/c of dealing with Google craps
2017-05-20 15:03:41 <Shiz> uhuh
2017-05-20 15:03:48 <jirutka> which GL unfortunately started using :(
2017-05-20 15:04:17 <Shiz> you say tomato, i say to-mah-to
2017-05-20 15:04:52 <Shiz> anyway :p
2017-05-20 15:05:01 <Shiz> i'm going to write up that checkroot option patch today
2017-05-20 15:05:05 <Shiz> and then the grsec kernel config that breaks mesa
2017-05-20 15:10:45 <sybix> The final app i'm making apkbuild (profanity) have a serepate repos for python plugin, i guess i need to do a separate package for the plugin
2017-05-20 15:17:46 <scadu> oh, I used to use profanity. pretty cool client ;3
2017-05-20 15:18:17 <sybix> Yept, but it is'nt package for alpine
2017-05-20 15:18:22 <scadu> I remember when someone reported memory leaks and maintainer found another ten and fixed all of them :P
2017-05-20 15:18:29 <scadu> memory leak*
2017-05-20 15:49:40 <scadu> https://bugs.alpinelinux.org/issues/7295 lolwut, why I've been assigned to this XD
2017-05-20 15:55:19 <Shiz> sybix: yes, i'd package it separately
2017-05-20 15:55:36 <Shiz> apparently anta found it needed to assign you
2017-05-20 15:55:38 <Shiz> :p
2017-05-20 15:56:01 <scadu> ;3
2017-05-20 15:56:10 <scadu> redmine 4 life
2017-05-20 15:57:01 <scadu> Shiz: hope (s)he's not one of clients I take care of XD
2017-05-20 15:57:48 <sybix> Shiz, There is more question now :)
2017-05-20 15:58:32 <sybix> How i decide wich flag i enable ?
2017-05-20 15:58:48 <sybix> Because, with the flag, come the dependancy
2017-05-20 15:59:28 <sybix> But security migh by impacted, here this is with otr & gpg option
2017-05-20 16:00:51 <sybix> And a other one, is this ok if i use the usr share profanity folder for plugins
2017-05-20 16:01:31 <Shiz> what does the package use by default?
2017-05-20 16:02:03 <sybix> It does with with -dev the configure found
2017-05-20 16:02:13 <Shiz> what compile options to use is kind of subjective: I personally err on the side of smaller dependencies, but I do include often-used features
2017-05-20 16:02:24 <Shiz> I mean what directory for plugins does it use by default?
2017-05-20 16:03:00 <sybix> duno for the plugin. I have clone the repos in my home
2017-05-20 16:03:29 <sybix> but it store themes in this directory (witch are optional)
2017-05-20 16:03:42 <sybix> plugin are in a separate git repo now
2017-05-20 16:04:58 <sybix> For the options, it depends on the usage. If you use it on a desktop, i assume you'll be hapy with the "desktop" flag
2017-05-20 16:05:15 <sybix> but it come with a lot of deps
2017-05-20 16:05:35 <sybix> maybe i should do a -gtk package
2017-05-20 16:06:17 <sybix> like pinentry
2017-05-20 16:09:28 <sybix> looks like it's not the same way, wireshark make 2 binary
2017-05-20 16:10:12 <sybix> and pientry too
2017-05-20 16:35:43 <mitchty> jirutka: i'm building idris via the change you made yet for https://github.com/alpinelinux/aports/pull/684 but it looks fine, good work and changes, will be a while until i can validate armhf but since its merged its not a huge deal
2017-05-20 16:36:00 <mitchty> question on testing/cabal, that should get put into community as well as ghc without cabal is... not that useful
2017-05-20 16:39:49 <Shiz> kaniini jirutka: https://github.com/alpinelinux/abuild/pull/19
2017-05-20 16:45:11 <mitchty> also i have ghc 8.2 rc2 building and passing its test suite, so should be ready for ghc when 8.2 gets its final release
2017-05-20 16:50:46 <Shiz> cabal seems good to move to community yes, if it works
2017-05-20 16:51:27 <mitchty> if it didn't idris wouldn't have built :)
2017-05-20 16:51:28 <Shiz> mitchty: https://github.com/alpinelinux/aports/blob/HEAD/testing/cabal/APKBUILD#L13
2017-05-20 16:51:32 <Shiz> is this still relevant?
2017-05-20 16:52:13 <mitchty> probably not, i was assuming we'd setup apk like arch aur
2017-05-20 16:52:33 <mitchty> the way it works now is fine though, just a bit of a pain when updates happen
2017-05-20 16:52:56 <mitchty> but thats just when new ghc versions come out so its not a huge problem
2017-05-20 16:52:56 <Shiz> like arch aur?
2017-05-20 16:53:07 <mitchty> like their pkgbuild files
2017-05-20 16:53:21 <mitchty> i was originally going to try porting their tool to take stuff from cabal->apkbuild files
2017-05-20 16:53:49 <mitchty> i got down that path a bit but after talking with jirutka and how he wanted to do rust decided not to go that way
2017-05-20 16:54:49 <mitchty> it basically amounted to not having to rebuild all the dependencies in cabal
2017-05-20 16:55:06 <mitchty> so https://github.com/alpinelinux/aports/blob/HEAD/testing/cabal/APKBUILD#L22-59
2017-05-20 16:55:13 <Shiz> ah
2017-05-20 16:55:31 <mitchty> https://github.com/alpinelinux/aports/blob/HEAD/testing/cabal/APKBUILD#L22-L59 rather
2017-05-20 16:55:38 <mitchty> always forget the syntax for that
2017-05-20 16:57:57 <mitchty> as an example
2017-05-20 16:57:58 <mitchty> https://www.archlinux.org/packages/community/i686/cabal-install/
2017-05-20 16:58:36 <mitchty> what arch has is they basically take cabal the library (cabal is technically cabal-install the tool, its a library and command line tool) and tries to map that out to pkgbuild files
2017-05-20 16:58:37 <Shiz> i don't really disagree with how arch is doing it
2017-05-20 16:58:43 <Shiz> tbh
2017-05-20 16:58:51 <mitchty> there are issues however
2017-05-20 16:59:07 <mitchty> haskell libraries can have a diamond pattern
2017-05-20 16:59:21 <mitchty> aka you can have multiple versions of the same library that can be used
2017-05-20 16:59:53 <mitchty> which means either every haskell thing has to build with the same versions, or you defer to cabal to sort out the issues
2017-05-20 17:00:38 <mitchty> and it'll only get more fun in 8.2+ with this http://blog.ezyang.com/2016/10/try-backpack-ghc-backpack/
2017-05-20 17:00:53 <mitchty> which brings ML style interfaces in play
2017-05-20 17:01:30 <mitchty> aka you could have multiple backend libraries handling a interface type
2017-05-20 17:01:39 <Shiz> :<
2017-05-20 17:02:09 <TemptorSent> GRR! Yeah, not having the vfat module for my existing kernel after upgrading to a new one is NOT making me happy right now. The kernel packaging change can't come soon enough!
2017-05-20 17:21:01 <Shiz> jirutka: ping
2017-05-20 17:30:06 <mitchty> Shiz: should i open a pr to move cabal to community?
2017-05-20 17:30:29 <mitchty> i can nuke that message for now as its probably not constructive as well
2017-05-20 17:31:56 <Shiz> sounds good yes
2017-05-20 17:33:31 <mitchty> i also found out about this http://tiptop.gforge.inria.fr and have a build for it too, its really nice, i'll get that pushed up too
2017-05-20 17:44:56 <Shiz> kaniini: https://github.com/alpinelinux/aports/pull/1552
2017-05-20 17:49:48 <mitchty> ok created https://github.com/alpinelinux/aports/pull/1553
2017-05-20 17:55:53 <kaniini> Shiz: ok ill merge it when back at computer
2017-05-20 17:56:02 <Shiz> danke
2017-05-20 18:23:19 <Shiz> hmm
2017-05-20 18:23:25 <Shiz> default_dbg seems to be killing pax flags
2017-05-20 18:23:27 <Shiz> :|
2017-05-20 18:42:38 <Shiz> ncopa: what do you mean by that last  comment?
2017-05-20 20:27:06 <Shiz> jirutka: ping whenever you're here
2017-05-20 20:27:20 <jirutka> Shiz: I am, but busy
2017-05-20 20:27:36 <Shiz> okay: ping me whenever you're less busy ;)
2017-05-20 21:02:07 <Shiz> this is weird...
2017-05-20 21:02:09 <Shiz> $ getfattr -n user.pax.flags --only-values src/julia-0.5.2/usr/bin/julia
2017-05-20 21:02:11 <Shiz> e
2017-05-20 21:02:13 <Shiz> em
2017-05-20 21:02:29 <Shiz> but:
2017-05-20 21:02:31 <Shiz> $ getfattr -n user.pax.flags --only-values pkg/julia/usr/bin/julia
2017-05-20 21:02:33 <Shiz> pkg/julia/usr/bin/julia: user.pax.flags: No such attribute
2017-05-20 21:02:42 <Shiz> somewhere here something goes wrong
2017-05-20 21:02:44 <Shiz> :/
2017-05-20 21:14:14 <jirutka> Shiz: IIRC xattrs are recorded in fakeroot, but actual files installed into pkg/ do not have them
2017-05-20 21:14:28 <jirutka> Shiz: try to actually install the pkg and check the result
2017-05-20 21:14:59 <jirutka> Shiz: also when I’ve applied paxmark in build function, it somehow didn’t survived
2017-05-20 21:15:03 <Shiz> jirutka: it won't work
2017-05-20 21:15:07 <jirutka> Shiz: I have no idea what magic happens here
2017-05-20 21:15:35 <Shiz> i installed the package and there's no paxmarks
2017-05-20 21:15:38 <Shiz> causing it to fail
2017-05-20 21:15:50 <jirutka> where do you call paxmark?
2017-05-20 21:16:22 <Shiz> it's part of the build process, your patch even :P
2017-05-20 21:16:32 <jirutka> Shiz: aha XD
2017-05-20 21:16:38 <jirutka> Shiz: try to paxmark it in package()
2017-05-20 21:16:40 <Shiz> i'm applying a paxmark in package() now
2017-05-20 21:16:41 <Shiz> yes
2017-05-20 21:16:45 <Shiz> it's building :)
2017-05-20 21:17:14 <Shiz> fwiw: it seems the issue is in cp(1)
2017-05-20 21:17:22 <jirutka> Shiz: it’s really weird, I encountered this issue just few days ago with some other pkg
2017-05-20 21:17:24 <Shiz> xattrs are not preserved even with -p
2017-05-20 21:17:31 <jirutka> aha
2017-05-20 21:17:33 <Shiz> so when # make install  cps the binaries to $pkgdir
2017-05-20 21:17:37 <Shiz> xattrs are gone
2017-05-20 21:17:46 <Shiz> even coreutils cp doesn't with -p
2017-05-20 21:17:48 <jirutka> hm, looks like yet another bug in busybox?
2017-05-20 21:17:51 <jirutka> aha
2017-05-20 21:17:54 <jirutka> really weird
2017-05-20 21:39:16 <xentec> does install work?
2017-05-20 21:44:18 <Shiz> nyet
2017-05-21 13:31:21 <^7heo> Hello everyone.
2017-05-21 13:31:47 <tmh1999> hello ^7heo
2017-05-21 13:36:42 <^7heo> Hey tmh1999
2017-05-21 13:51:38 <Shiz> hi
2017-05-21 13:55:00 <^7heo> Hey Shiz
2017-05-21 22:18:24 <Shiz> https://txt.shiz.me/ZjhiMDA2Ym
2017-05-21 22:18:42 <Shiz> list of busybox <-> package mismatches, meaning busybox symlinks won't be removed when the package is installed
2017-05-21 22:18:49 <Shiz> which may lead to issues depending on $PATH order
2017-05-21 22:19:05 <Shiz> for every pair of lines the top line is the pkg path, the bottom line is the busybox symlink path
2017-05-22 07:22:17 <zakame> hi, how do I compile perl-5.24 without locale support?  I'm experimenting building on alpine linux (which has somewhat incomplete locale support) and was encountering test failures
2017-05-22 07:22:23 <zakame> for context, I'm trying to solve https://github.com/Perl/docker-perl/issues/23
2017-05-22 07:59:46 <tru_tru> zakame: same issue for me (incomplete locale support) and that's why some perl modules dont have "make test"
2017-05-22 08:00:07 <tru_tru> https://gist.github.com/truatpasteurdotfr/e20019cd06027775284e19779ed79d67
2017-05-22 09:58:07 <clandmeter> Shiz, can i close #7257 ?
2017-05-22 10:28:53 <Shiz> yes
2017-05-22 11:32:09 <ncopa> i think we can get rid of ffmpeg2.8 \o/
2017-05-22 11:39:28 <ncopa> can we move grub to main?
2017-05-22 11:39:38 <ncopa> i think its needed for the ppc64le iso
2017-05-22 11:40:05 <^7heo> directly from testing?
2017-05-22 11:43:14 <ncopa> yes
2017-05-22 11:51:02 <^7heo> meh; I don't have a powerPC 64bit little endian.
2017-05-22 11:51:06 <^7heo> So it won't affect me.
2017-05-22 11:51:19 <^7heo> But so far I really tried to stay away from Grub.
2017-05-22 11:51:29 <^7heo> it's kinda insane in complexity.
2017-05-22 11:51:53 <^7heo> Anyway that's not a discussion about that specifically; if there's no other candidate for booting that arch...
2017-05-22 11:51:57 <^7heo> I guess we have no choice.
2017-05-22 11:52:16 <^7heo> But we should tag it as "risky" somehow and make that a very clear exception.
2017-05-22 12:14:32 <ncopa> can someone help me test if grub works at all on x86_64?
2017-05-22 12:14:37 <ncopa> even in a vm
2017-05-22 12:17:32 <^7heo> wait, are we replacing syslinux by grub?
2017-05-22 12:23:42 <ncopa> no
2017-05-22 12:23:49 <ncopa> but we need support grub
2017-05-22 12:23:53 <ncopa> for some arches
2017-05-22 12:24:03 <ncopa> which means we need move the grub package to main
2017-05-22 12:24:21 <ncopa> before doing so i want verify that the package itself is ok
2017-05-22 12:24:23 <ncopa> that it works
2017-05-22 12:49:24 <_ikke_> ncopa: I can try testing it, but that will be only in a couple of hours
2017-05-22 12:50:31 <^7heo> ncopa: I'd love to have an alternative to Grub for those arches.
2017-05-22 12:50:40 <^7heo> s/arches/archs/
2017-05-22 12:50:49 <^7heo> but I guess that time-wise it's not wise (aha)
2017-05-22 12:51:03 <ncopa> :)
2017-05-22 13:12:42 <ncopa> Shiz do you have url to the latest release notes?
2017-05-22 13:24:50 <clandmeter> not sure if this is the latest https://txt.shiz.me/MGY0YTIxYz
2017-05-22 13:27:00 <^7heo> nginx \o/
2017-05-22 13:46:09 <leitao> rdutra, hi
2017-05-22 13:46:20 <rdutra> leitao: hi
2017-05-22 13:46:21 <leitao> rdutra, what qemu command did you use to boot alpine iso on ppc6l4?
2017-05-22 13:46:28 <leitao> rdutra, ncopa wants to try it
2017-05-22 13:47:01 <rdutra> leitao: ncopa: sudo qemu-system-ppc64 -enable-kvm -m 32G -smp 16,sockets=16,cores=1,threads=1 -nodefaults -nographic -serial stdio -cdrom <iso_name>
2017-05-22 13:48:37 <ncopa> rdutra: i get openfirmware interface
2017-05-22 13:48:42 <ncopa> but it does not boot the generated iso
2017-05-22 13:49:06 <ncopa> Trying to load:  from: disk ...
2017-05-22 13:49:06 <ncopa> E3405: No such device
2017-05-22 13:49:06 <ncopa> Trying to load:  from: /vdevice/v-scsi@71000002/disk@8200000000000000 ...
2017-05-22 13:49:06 <ncopa> E3404: Not a bootable device!
2017-05-22 13:49:19 <rdutra> ncopa: umm. how you generated the iso?
2017-05-22 13:49:24 <rdutra> ncopa: I mean, the command
2017-05-22 13:50:08 <ncopa> sh scripts/mkimage.sh ...
2017-05-22 13:50:54 <ncopa> sh scripts/mkimage.sh --outdir out --repository http://dl-cdn.alpinelinux.org/alpine/v3.6/main
2017-05-22 13:51:09 <rdutra> ncopa: I used > ./mkimage.sh --profile vanilla --repository http://rsync.alpinelinux.org/alpine/edge/main/
2017-05-22 13:52:09 <rdutra> ncopa: let me think...I also need to have "grub-ieee1275" installed to generate the correct ISO
2017-05-22 13:52:17 <ncopa> aha
2017-05-22 13:56:00 <ncopa> ha \o/
2017-05-22 13:56:18 <ncopa> Linux localhost 4.9.28 #3-Alpine SMP Thu May 18 20:06:47 GMT 2017 ppc64le Linux
2017-05-22 13:56:23 <leitao> nice
2017-05-22 13:56:36 <rdutra> ncopa: :)
2017-05-22 13:57:52 <ncopa> i suppose the setup script will not work though
2017-05-22 13:58:01 <ncopa> since it hardcodes syslinux iirc
2017-05-22 13:58:08 <ncopa> but at least it boots
2017-05-22 13:58:12 <ncopa> this is great
2017-05-22 14:01:19 <rdutra> ncopa: when I run the "setup-alpine" script, in the part that it calls "setup-disk" it returns "No disks found."
2017-05-22 14:01:46 <rdutra> ncopa: not sure if it is related with syslinux or because booting inside qemu
2017-05-22 14:05:11 <ncopa> probably because the script does someting stupid, like assume that disk should be /dev/sd*
2017-05-22 14:14:18 <leitao> rdutra, which disks do you see when you run the setup script?
2017-05-22 14:17:29 <rdutra> leitao: umm..it does not show me any information about disks
2017-05-22 14:19:18 <leitao> fdisk -l shows anything?
2017-05-22 14:20:14 <rdutra> leitao: no, shows nothing
2017-05-22 14:20:41 <leitao> rdutra, did you attach a disk ?
2017-05-22 14:20:55 <leitao> rdutra, this command " sudo qemu-system-ppc64 -enable-kvm -m 32G -smp 16,sockets=16,cores=1,threads=1 -nodefaults -nographic -serial stdio -cdrom <iso_name>" does not seem to have a disk attached.
2017-05-22 14:22:16 <rdutra> leitao: umm, I will see how to attach a disk do qemu command
2017-05-22 14:22:41 <leitao> rdutra, starts qemu with a disk
2017-05-22 14:22:53 <leitao> it should be easier.
2017-05-22 14:23:49 <ncopa> we build the x86/x86_64 iso images as isohybrids
2017-05-22 14:23:57 <ncopa> so they show up as disks for qemu
2017-05-22 14:53:40 <Shiz> jirutka: >K. Wang, Y. Lin, S. M. Blackburn, M. Norrish, and A. L. Hosking, "Draining the Swamp: Micro Virtual Machines as Solid Foundation for Language Development",
2017-05-22 14:53:44 <Shiz> questionable paper name choices
2017-05-22 15:24:59 <ncopa> do we have anything that needs be fixed before rc2?
2017-05-22 15:26:57 <Shiz> the udhcpc thing preferably imo
2017-05-22 15:27:08 <Shiz> ncopa: also ok to move julia to community?
2017-05-22 15:27:15 <Shiz> most of the testsuite passes
2017-05-22 15:27:25 <ncopa> how long time does it take to build (on arm)
2017-05-22 15:27:37 <Shiz> building doesn't take very long
2017-05-22 15:27:43 <Shiz> the testsuite is a bit longer, we can disable it on arm?
2017-05-22 15:27:51 <ncopa> possibly
2017-05-22 15:27:59 <ncopa> how long does it take?
2017-05-22 15:28:03 <ncopa> its nice to run it though
2017-05-22 15:28:31 <Shiz> it takes about 25 mins to build + test on the x86_64 builder
2017-05-22 15:28:33 <Shiz> iirc
2017-05-22 15:29:01 <ncopa> so atleast an hour on arm
2017-05-22 15:30:38 <Shiz> but it's only enabled for x86_64 right now
2017-05-22 15:30:51 <ncopa> ok
2017-05-22 15:30:54 <ncopa> i suppose then push it
2017-05-22 15:31:01 <Shiz> aight
2017-05-22 15:31:11 <ncopa> re iso vomlume id
2017-05-22 15:31:22 <ncopa> -volid "alpine-$PROFILE $RELEASE $ARCH"
2017-05-22 15:31:28 <Shiz> don't need to bump pkgrel right?
2017-05-22 15:31:37 <ncopa> should not be needed
2017-05-22 15:31:50 <ncopa> you dont need bump pkgrel
2017-05-22 15:32:04 <ncopa> xorriso : WARNING : -volid text problematic as automatic mount point name
2017-05-22 15:32:05 <ncopa> xorriso : WARNING : -volid text does not comply to ISO 9660 / ECMA 119 rules
2017-05-22 15:32:43 <Shiz> hmm
2017-05-22 15:32:46 <Shiz> probably doesn't like spaces?
2017-05-22 15:33:14 <Shiz> it it <= 32 chars?
2017-05-22 15:35:08 <Shiz> ncopa: "Specifies the volume ID text. (32 chars out of [A-Z0-9_])","
2017-05-22 15:36:07 <Shiz> it has to be said that apparently nobody cares about this restriction
2017-05-22 15:36:39 <Shiz> ncopa: do we use joliet?
2017-05-22 15:37:10 <Shiz> because that allows for less restricted volids
2017-05-22 15:38:16 <ncopa> yes we use joilet
2017-05-22 15:38:22 <ncopa> seems loike nobody cares
2017-05-22 15:38:39 <ncopa> OpenBSD/amd64   6.1 boot-only CD
2017-05-22 15:38:39 <ncopa> Gentoo Linux amd64 20170209
2017-05-22 15:38:39 <ncopa> Linux Mint 18.1 MATE 32-bit
2017-05-22 15:38:45 <ncopa> except freebsd
2017-05-22 15:38:46 <Shiz> yep
2017-05-22 15:38:49 <ncopa> seems to comply
2017-05-22 15:38:55 <ncopa> 11_0_RELEASE_P1_AMD64_BO
2017-05-22 15:39:42 <ncopa> i remember having issues with < 32 earlier
2017-05-22 15:39:42 <Shiz> oh
2017-05-22 15:39:46 <Shiz> ncopa: actually
2017-05-22 15:39:54 <Shiz> it seems like it includes a restricted shell char too
2017-05-22 15:40:07 <ncopa> ok?
2017-05-22 15:40:17 <Shiz> that set is limited to [a-zA-Z_-+=:.,~@]
2017-05-22 15:40:25 <Shiz> i guess that's again the space
2017-05-22 15:40:29 <Shiz> that's 'automatic mount point name' warning
2017-05-22 15:40:33 <ncopa> ok
2017-05-22 15:40:57 <ncopa> i am open to suggestion what we set it too
2017-05-22 15:41:07 <ncopa> we keep it as is?
2017-05-22 15:41:29 <Shiz> i think it's fine as it is
2017-05-22 15:43:18 <ncopa> it will likely be difficult to change once we have it implemented in libosinfo
2017-05-22 15:43:32 <ncopa> ok, lets keep it as is
2017-05-22 15:44:23 <ncopa> one thing that would be nice to find out before release, is why did virtharden kernel module doube size (in the 4.4 -> 4.9 upgrade)
2017-05-22 15:45:36 <Shiz> hmm
2017-05-22 15:45:45 <Shiz> what's libosinfo?
2017-05-22 16:16:39 <ncopa> library and database with OS information
2017-05-22 16:16:53 <ncopa> virt-manager uses it when creating new virtual machines
2017-05-22 17:02:04 <_ikke_> ncopa: Do you still need someone to test grub?
2017-05-22 17:03:09 <ncopa> _ikke_: would be nice if you have time
2017-05-22 17:03:39 <_ikke_> sure
2017-05-22 17:04:27 <_ikke_> ncopa: default image?
2017-05-22 17:04:35 <ncopa> sure
2017-05-22 17:55:59 <_ikke_> grub-install returns "failed to get cannonical path of /boot/grub", anyone familiar with that error?
2017-05-22 17:56:11 <_ikke_> (I'm chrooted in the new installation)
2017-05-22 17:57:49 <_ikke_> ok, forgot to mount proc/sys/dev
2017-05-22 18:09:10 <_ikke_> Next issue: cannot find grub drive for /dev/sda1, check your device.map
2017-05-22 18:11:12 <leo-unglaub> hey friends, i have a quick question
2017-05-22 18:11:36 <leo-unglaub> what was the tought behind the current naming convetion of the alpinelinux nameservers?
2017-05-22 18:11:48 <leo-unglaub> currently beeing ns1.alpinelinux.org and ns2.alpinelinux.org
2017-05-22 18:12:10 <leo-unglaub> is it not normal to use a.ns.alpinelinux.org and b.ns.alpinelinux.org for that anymore?
2017-05-22 18:12:34 <Shiz> i don't think i've ever seen a.ns and b.ns
2017-05-22 18:12:41 <Shiz> anywhere, to be honest
2017-05-22 18:13:12 <leo-unglaub> it was an old standard to but got replaced by the ns1 and ns2 in a lot of places
2017-05-22 18:13:18 <_ikke_> Why would you need to refer to them in the first place?
2017-05-22 18:13:30 <Shiz> _ikke_: because how else is it gonna find which nameservers serve your domain? :P
2017-05-22 18:13:31 <leo-unglaub> the reason i am asking is that there was a reason for using a.ns and b.ns but i forgot it
2017-05-22 18:13:44 <leo-unglaub> and i would need that for an article i am writing :(
2017-05-22 18:27:15 <clandmeter> kaniini, can you take a look at #7155
2017-05-22 18:28:00 <_ikke_> Anyone know why grub-probe says cannot find grub device for dev/sda1?
2017-05-22 18:30:25 <Shiz> leo-unglaub: probably just in the spirit of the hierarchical nature of DNS
2017-05-22 18:30:29 <clandmeter> grub is a pita
2017-05-22 18:30:34 <Shiz> "ns.x" hosts all nameservers, "a.ns.x" is the first, etc
2017-05-22 18:30:42 <_ikke_> yeah, I'm trying to test it for ncopa
2017-05-22 18:31:20 <clandmeter> i remember those errors when i needed to boot aarch64
2017-05-22 18:31:28 <lxGzx53qO34r> leo-unglaub: isn't that the naming convention for the root nameservers of which there is more than usually 2?
2017-05-22 18:31:44 <leo-unglaub> yeah, exactly
2017-05-22 18:31:45 <_ikke_> I'm in a chroot right now, it seems to have placed the files in the boot dir, but fails at installing the bootloader
2017-05-22 18:31:46 <leo-unglaub> they use it
2017-05-22 18:32:41 <clandmeter> install bootloader from chroot?
2017-05-22 18:34:20 <_ikke_> clandmeter: yeah
2017-05-22 18:34:31 <_ikke_> That's how you usually, do it, right?
2017-05-22 18:35:07 <clandmeter> let me see if i can find a script i used
2017-05-22 18:36:54 <TBB> you'll need access to the device, which means bind mounting /dev to the chroot, correct?
2017-05-22 18:37:17 <_ikke_> I did
2017-05-22 18:37:54 <_ikke_> mount -obind /dev /mnt/dev
2017-05-22 18:38:07 <Shiz> better is --rbind i think
2017-05-22 18:38:39 <TBB> next on my list of guesses would be a specific grsec option on the host side
2017-05-22 18:47:53 <clandmeter> _ikke_, the script i made is for a bootable hybrid uefi iso with grub, so it wont help you much.
2017-05-22 18:50:26 <_ikke_> ok
2017-05-22 19:04:32 <_ikke_> thanks anyway
2017-05-22 19:28:21 <clandmeter> _ikke_, did you mount proc?
2017-05-22 19:47:24 <_ikke_> clandmeter: I ddi
2017-05-22 19:47:26 <_ikke_> did
2017-05-22 19:47:30 <_ikke_> mount -t proc none /mnt/proc
2017-05-22 19:47:50 <clandmeter> what if you bind mount it?
2017-05-22 19:48:00 <_ikke_> let me try
2017-05-22 19:48:09 <clandmeter> both dev and proc
2017-05-22 19:48:34 <_ikke_> Right, still the same issue
2017-05-22 19:48:41 <_ikke_> mount --rbind /proc /mnt/proc
2017-05-22 19:48:42 <_ikke_> same for dev
2017-05-22 19:48:54 <clandmeter> which error do you get?
2017-05-22 19:50:14 <_ikke_> http://tpaste.us/djbL
2017-05-22 19:50:41 <clandmeter> hmm, it works for me.
2017-05-22 19:52:00 <_ikke_> How did you setup the disk?
2017-05-22 19:54:13 <clandmeter> one partition ext4 and apk install --root...
2017-05-22 19:54:35 <_ikke_> ok, let me try that
2017-05-22 19:54:39 <clandmeter> it doesnt boot though :)
2017-05-22 19:54:45 <clandmeter> but it says its installed
2017-05-22 19:54:45 <_ikke_> hehe
2017-05-22 19:55:11 <clandmeter> i think i need to use ext2
2017-05-22 19:57:56 <clandmeter> _ikke_, http://tpaste.us/40bX
2017-05-22 19:59:44 <_ikke_> apk install is not a command?
2017-05-22 20:00:00 <clandmeter> lol
2017-05-22 20:00:05 <clandmeter> my mistake...
2017-05-22 20:00:20 <clandmeter> just apk add ...
2017-05-22 20:00:24 <clandmeter> with root
2017-05-22 20:00:53 <_ikke_> no such file or directory
2017-05-22 20:01:15 <clandmeter> wait let me give you the whole cmd
2017-05-22 20:03:18 <clandmeter> apk add --keys-dir /etc/apk/keys --repositories-file /etc/apk/repositories --root my/disk --update-cache alpine-base grub-bios
2017-05-22 20:03:37 <clandmeter> thats from my head...
2017-05-22 20:03:45 <_ikke_> 5ok
2017-05-22 20:04:31 <clandmeter> after it installs base alpine you can bind dev and proc
2017-05-22 20:04:43 <clandmeter> and then chroot and grub-install
2017-05-22 20:06:21 <_ikke_> Looks like I'm still missing something in that apk command
2017-05-22 20:08:27 <_ikke_> --initdb?
2017-05-22 20:08:32 <clandmeter> yes
2017-05-22 20:08:33 <clandmeter> sorry
2017-05-22 20:08:36 <clandmeter> missed that one
2017-05-22 20:09:58 <_ikke_> That worked
2017-05-22 20:10:55 <clandmeter> nice
2017-05-22 20:11:03 <clandmeter> grub-install as well?
2017-05-22 20:12:35 <_ikke_> Not yet
2017-05-22 20:12:42 <_ikke_> But I have 2 partitions, one ext2, other ext4
2017-05-22 20:13:00 <_ikke_> You just have one ext4 partition?
2017-05-22 20:13:07 <clandmeter> yes
2017-05-22 20:13:37 <clandmeter> but it shouldnt matter as long you provide the correct device where your boot is located.
2017-05-22 20:13:48 <_ikke_> I do, but still the same error
2017-05-22 20:14:07 <clandmeter> can you add strace and check what happens?
2017-05-22 20:14:15 <_ikke_> I can
2017-05-22 20:15:26 <clandmeter> seems my error is related to vmware
2017-05-22 20:16:41 <clandmeter> you could also try to add --verbose and see if it tells you more.
2017-05-22 20:21:52 <_ikke_> hmm, any way to update /dev nodes? I formatted the disk, but not new /dev/sda* nodes are created
2017-05-22 20:23:00 <_ikke_> already tried partprobe, but not helping
2017-05-22 20:23:26 <_ikke_> mdev -s
2017-05-22 20:39:55 <_ikke_> http://tpaste.us/ELx6
2017-05-22 22:38:02 <leo-unglaub> jirutka: have you ever thought about the security implications of building the entire aports tree statically linked?
2017-05-22 22:40:44 <jirutka> leo-unglaub: yes
2017-05-22 22:40:47 <jirutka> leo-unglaub: why?
2017-05-22 22:41:50 <leo-unglaub> well, i cannot sleep and started thinking ... thats just how my mind works *g*
2017-05-22 22:42:00 <jirutka> leo-unglaub: XD
2017-05-22 22:42:15 <jirutka> leo-unglaub: is your mind statically linked? :P
2017-05-22 22:42:24 <leo-unglaub> yes ... hehehehe
2017-05-22 22:42:43 <leo-unglaub> but think about the implications that would have ... an statically linked alpine
2017-05-22 22:43:03 <leo-unglaub> the disc size would grow up a little bit, but it would get the heck of a lot faster
2017-05-22 22:43:32 <Shiz> i don't think it would be significantly faster
2017-05-22 22:43:49 <jirutka> not sure about performance, but it’d be more secure and unbreakable :P
2017-05-22 22:44:09 <Shiz> more secure, having to replace all binaries when we find another vuln in libressl?
2017-05-22 22:44:11 <Shiz> ;)
2017-05-22 22:44:31 <jirutka> is that a problem?
2017-05-22 22:44:46 <Shiz> yes, people will upgrade less fast if they have to download 200mb of binaries
2017-05-22 22:44:47 <leo-unglaub> well, in my lab i test stuff like this simetimes and it fully depends on the binary created ... but usually with small libraries you get around 10% more speed because you have less different io reads to get all depending .so files
2017-05-22 22:44:59 <Shiz> there's also the thing that not all aports stuff supports static PIE
2017-05-22 22:45:16 <leo-unglaub> download size is not a problem, just do delta updates
2017-05-22 22:45:17 <jirutka> you just need to keep track what pkgs embeds what libs and rebuild/update all of them when sec vul. found
2017-05-22 22:45:17 <Shiz> like go, i think
2017-05-22 22:45:23 <leo-unglaub> even windows 10 does delta updates now
2017-05-22 22:45:34 <Shiz> leo-unglaub: we'd need to rearchitecture apk for that
2017-05-22 22:45:37 <Shiz> not likely to happen anytime soon
2017-05-22 22:45:55 <jirutka> yeah
2017-05-22 22:46:07 <leo-unglaub> Shiz: i am not talking about doing it this weekend ...
2017-05-22 22:46:49 <leo-unglaub> its just part of my job as a security auditor
2017-05-22 22:46:52 <jirutka> IMHO liberation from FHS will bring more benefits than statically linked binaries
2017-05-22 22:46:52 <Shiz> jirutka: 'just need to keep track' is not as easy as it sounds
2017-05-22 22:47:01 <Shiz> oh yeah
2017-05-22 22:47:07 <Shiz> i talked with dalias about the /pkgs stuff
2017-05-22 22:47:13 <Shiz> or /pkg, whatever
2017-05-22 22:47:19 <leo-unglaub> well, keeping track is the easy part
2017-05-22 22:47:27 <leo-unglaub> because we alredy have this information today in apk
2017-05-22 22:47:28 <Shiz> his suggestion was to symlink all libs needed in /pkg/$name/$version/lib
2017-05-22 22:47:34 <leo-unglaub> the automatically dependenty tracker
2017-05-22 22:47:35 <Shiz> and set an rpath of $ORIGIN/../lib in all binaries
2017-05-22 22:47:42 <Shiz> leo-unglaub: nope
2017-05-22 22:47:47 <Shiz> that only works for dynamically linked binaries
2017-05-22 22:47:48 <Shiz> :)
2017-05-22 22:47:53 <Shiz> that is one of its axioms in fact
2017-05-22 22:48:41 <leo-unglaub> yes, but we have the information once ... moving this part into compiletime is not that hard and export a .depends file to keep track of when to recompile
2017-05-22 22:48:48 <leo-unglaub> thats the smallest problem with it
2017-05-22 22:48:48 <Shiz> (btw cc kaniini on this)
2017-05-22 22:49:03 <Shiz> leo-unglaub: the part is already in compiletime
2017-05-22 22:49:16 <Shiz> but it simply can not track dependencies for static output
2017-05-22 22:49:33 <Shiz> you can export from a dynamically linked compile once, but who says it's 1) identical to the static version 2) kept up to date
2017-05-22 22:49:40 <TemptorSent> Tracking the deps isn't all that hard, but it would need to be handled at link time.
2017-05-22 22:49:43 <Shiz> there's also the thing where static linking has no SONAME stuff
2017-05-22 22:49:52 <Shiz> so you don't know when to recompile in light of SONAME bumps
2017-05-22 22:50:16 <leo-unglaub> Shiz: during a static linking just track what the linker does and export the data during every build fpr every version
2017-05-22 22:50:28 <Shiz> what the linker does where?
2017-05-22 22:50:35 <Shiz> you realise a linker may link many binaries
2017-05-22 22:50:42 <Shiz> and not all of them present in the final package
2017-05-22 22:50:50 <Shiz> we don't integrate with build systems on that level
2017-05-22 22:50:57 <leo-unglaub> YET! ;)
2017-05-22 22:51:04 <Shiz> and we won't if i have anything to say about it
2017-05-22 22:51:06 <Shiz> :P
2017-05-22 22:51:39 <jirutka> TemptorSent: btw if you’d like to practice your shell-fu, we still need a proper script for ABI breakage detection; not necessarily real ABI comparison, just need to know if dependent pkgs must be rebuilt when upgrading pkg providing some shared libs
2017-05-22 22:51:45 <Shiz> simply because it's not feasible and doesn't scale
2017-05-22 22:51:45 <TemptorSent> We need some of that to fix the build-deps discovery.
2017-05-22 22:52:09 <Shiz> jirutka: don't we have SONAME checks for that right now?
2017-05-22 22:52:20 <jirutka> Shiz: no, we don’t
2017-05-22 22:52:41 <jirutka> Shiz: we have only checkapk (or apkcheck?) and it do only diff of pkg files, not very usaable for automation
2017-05-22 22:53:10 <Shiz> right
2017-05-22 22:53:28 <TemptorSent> jirutka: I have full revdep detection working for shared libs, but it doesn't look at actual ABI -- that requires build-time modifications.
2017-05-22 22:54:02 <jirutka> TemptorSent: we already know what pkgs depends on the pkg being rebuild
2017-05-22 22:54:03 <TemptorSent> The ABI comparison tools that I've looked at rely on a build with debug symbols.
2017-05-22 22:54:10 <jirutka> TemptorSent: apk tracks shared libs etc.
2017-05-22 22:54:40 <jirutka> TemptorSent: hm, maybe we can build -dbg subpkg automatically for all…?
2017-05-22 22:55:02 <jirutka> TemptorSent: IIRC debian do this, all pkg automatically have some pkg with debug symbols
2017-05-22 22:55:03 <TemptorSent> That's a possibility...
2017-05-22 22:55:16 <kaniini> jirutka no
2017-05-22 22:55:19 <jirutka> no chance without debug symbols?
2017-05-22 22:55:22 <kaniini> it is maintainer opt in
2017-05-22 22:55:24 <TemptorSent> And that would allow us to use the ABI checker tools.
2017-05-22 22:55:36 <jirutka> kaniini: yes, currently… why we can’t make it default?
2017-05-22 22:55:38 <kaniini> ubuntu has -dbgsym which is unconditional
2017-05-22 22:55:44 <kaniini> but debian does not
2017-05-22 22:55:58 <jirutka> doesn’t matter…
2017-05-22 22:56:08 <TemptorSent> Not really anything solid w/o debug symbols because the prototyping isn't stored once debug symbols are removed.
2017-05-22 22:56:13 <Shiz> i don't think it's worth testing for abi breakage aside from SONAME to be honest
2017-05-22 22:56:22 <jirutka> is there some reason why we should not enable -dbg by default for e.g. all pkgs that provides some shared libs?
2017-05-22 22:56:22 <kaniini> i was just clarifying that your example is not correct :)
2017-05-22 22:56:43 <kaniini> no we absolutely should enable -dbg by default
2017-05-22 22:56:44 <Shiz> jirutka: btw, enabling -dbg on julia stripped it down by 25mb
2017-05-22 22:56:46 <Shiz> lol
2017-05-22 22:57:02 <jirutka> eh, what?
2017-05-22 22:57:06 <jirutka> aha, yes
2017-05-22 22:57:10 <jirutka> b/c I did it wrongly before
2017-05-22 22:57:14 <Shiz> from 70mb to a bit over 40mb
2017-05-22 22:57:26 <Shiz> i renamed julia-debug to julia-dbg and called default_dbg in the split func
2017-05-22 22:57:26 <TemptorSent> ABI breakage tessting will allow us to determine if an existing package is going to break when compiled against the new version of a lib.
2017-05-22 22:57:27 <jirutka> our -dbg does not produce full binary with debug symbols, just debug symbols
2017-05-22 22:57:28 <Shiz> :P
2017-05-22 22:57:47 <Shiz> TemptorSent: that's the entire purpose of SONAME
2017-05-22 22:57:59 <kaniini> i agree with shiz soname is fine
2017-05-22 22:58:05 <jirutka> it’s not…
2017-05-22 22:58:09 <kaniini> we just need more intelligence in the build tools
2017-05-22 22:58:10 <jirutka> b/c foo.so.1.2.3
2017-05-22 22:58:31 <kaniini> stupid maintainers are stupid and we fix the soname in those cases
2017-05-22 22:58:32 <jirutka> when foo.so.1.2.3 → foo.so.1.2.4, it’s usually not needed to rebuild all depending pkgs
2017-05-22 22:58:36 <Shiz> jirutka: that's
2017-05-22 22:58:39 <Shiz> not how sonames work
2017-05-22 22:58:43 <kaniini> yes that's not the soname tho
2017-05-22 22:58:44 <jirutka> but this relies on particular versioning schema
2017-05-22 22:58:52 <TemptorSent> SONAME doesn't tell you if an updated lib breaks an existing API/ABI for a particular function.
2017-05-22 22:58:57 <kaniini> the soname is foo.so.1
2017-05-22 22:58:58 <kaniini> anyway
2017-05-22 22:59:02 <jirutka> ??
2017-05-22 22:59:03 <Shiz> it actually does exactly that, TemptorSent
2017-05-22 22:59:12 <Shiz> jirutka: SONAME is a field in the ELF .so file
2017-05-22 22:59:18 <Shiz> when you break ABI, you bump it
2017-05-22 22:59:26 <Shiz> it has little to do with the filename
2017-05-22 22:59:32 <jirutka> uh, aha
2017-05-22 22:59:41 <Shiz> e.g.
2017-05-22 22:59:43 <jirutka> what if author does not bump it?
2017-05-22 22:59:51 <Shiz> then upstream is stupid :p
2017-05-22 23:00:00 <Shiz> it's their responsibility to bump soname when they break ABI
2017-05-22 23:00:02 <TemptorSent> I've quite often run into minor revs that broke specific functions.
2017-05-22 23:00:05 <kaniini> then we fix it downstream
2017-05-22 23:00:12 <Shiz> i think automated ABI testing is better fixed by implementing a check() for all packages
2017-05-22 23:00:14 <Shiz> just saying
2017-05-22 23:00:16 <Shiz> ;)
2017-05-22 23:00:18 <jirutka> yes, it is, we know that, that’s why I think that detecting real ABI breakage would be good
2017-05-22 23:00:22 <kaniini> what shiz says
2017-05-22 23:00:34 <kaniini> anyway
2017-05-22 23:00:52 <jirutka> no, we don’t rerun check in all depending pkgs when we upgrade som epkg…
2017-05-22 23:01:11 <Shiz> the problem is that "ABI testing" is an unsolvable issue
2017-05-22 23:01:30 <Shiz> ABI means literally everything, from the tiniest changes in how a library behaves
2017-05-22 23:01:35 <Shiz> and a lot of changes are justified
2017-05-22 23:01:36 <TemptorSent> Also, detecting NON breaking changes in SONAME bumbs is useful as well, as we can determine if a specific package using a specific API will work with the newer lib or not.
2017-05-22 23:01:41 <Shiz> e.g. if the documentation states you should not rely on something
2017-05-22 23:01:47 <kaniini> this conversation annoys me
2017-05-22 23:01:51 <Shiz> how are you gonna exhaustively test if a library behaves differently
2017-05-22 23:01:52 <kaniini> somebody tell me when 3.6 is out
2017-05-22 23:01:55 <jirutka> $ readelf -a /usr/lib/libcares.so.2.2.0  | grep SONAME  # → 0x000000000000000e (SONAME)             Library soname: [libcares.so.2] … hmm
2017-05-22 23:01:56 <Shiz> and whether those changes are justified
2017-05-22 23:02:00 <Shiz> jirutka: yeah
2017-05-22 23:02:05 <Shiz> you bump the last digit when you break ABI
2017-05-22 23:02:24 <Shiz> so it would be beumped to libcares.so.3
2017-05-22 23:02:48 <kaniini> if you like overengineered solutions i hear Nix and Guix are things
2017-05-22 23:02:49 <jirutka> okay, so back to the task… we need proper script that would compare at least this ;)
2017-05-22 23:02:57 <kaniini> it is all i have to say on it
2017-05-22 23:03:02 <TemptorSent> See https://lvc.github.io/abi-compliance-checker
2017-05-22 23:03:04 <Shiz> jirutka: agree :)
2017-05-22 23:03:20 <jirutka> and just return boolean value, not full diff of all files
2017-05-22 23:03:37 <kaniini> apks contain all soname as providers
2017-05-22 23:03:51 <jirutka> so we can use it for automation, at least automatically add comment to PR that some pkgs needs to be rebuilt
2017-05-22 23:03:54 <jirutka> I know
2017-05-22 23:03:59 <Shiz> jirutka: that sounds fine
2017-05-22 23:04:00 <kaniini> the build scripts can use that data to see what needs rebuild
2017-05-22 23:04:12 <Shiz> TemptorSent: sure, this tests for differences, but it doesn't meaningfully make it automatable
2017-05-22 23:04:14 <Shiz> that is my point
2017-05-22 23:04:40 <Shiz> it tells you what's different, but the problem with ABI breakage is not what is different
2017-05-22 23:04:44 <Shiz> it is what is different AND documented
2017-05-22 23:04:47 <jirutka> but I don’t have time right now to write that script, even when it’d be probably easy, so just letting now ;)
2017-05-22 23:05:02 <TemptorSent> The detection of differences can be automated and if something differs, it can be flagged for manual review.
2017-05-22 23:05:13 <Shiz> then everything will be flagged every update
2017-05-22 23:05:18 <Shiz> have you seen the reports it outputs
2017-05-22 23:05:47 <jirutka> at least if we know that there’s SOME difference, we can trigger rebuild of depending pkgs and if they have check() and proper tests, we would know…
2017-05-22 23:06:06 <TemptorSent> Yeah, I don't love the reporting in that particular one.
2017-05-22 23:06:34 <Shiz> jirutka: talking about soname or the abi checker now?
2017-05-22 23:06:46 <kaniini> TemptorSent: with all due respect there are far more critical needs than this.  SONAME checks are good enough for now.
2017-05-22 23:06:46 <TemptorSent> But the error codes are probably enough for breakage detection.
2017-05-22 23:06:50 <Shiz> because my fear is the abi checker will just flag every package upgrade, keeping us needlessly busy
2017-05-22 23:06:57 <jirutka> ideally ABI checker, but soname would be good enough for now
2017-05-22 23:07:14 <Shiz> anyway yeah, soname checking seems good
2017-05-22 23:07:18 <TemptorSent> kaniini: Agreed - the ABI checking is not immediately critical.
2017-05-22 23:07:36 <TemptorSent> What sonames are NOT checked currently?
2017-05-22 23:08:16 <Shiz> all of them
2017-05-22 23:08:32 <TemptorSent> It seemed that abuild didn't necessarily follow the dep chain to discover packages from solibs.
2017-05-22 23:08:48 <Shiz> actually
2017-05-22 23:08:51 <TemptorSent> On the apk side, this works, right kaniini?
2017-05-22 23:09:07 <Shiz> jirutka: checkapk does in fact check SONAMEs
2017-05-22 23:09:18 <Shiz> separately from the rest of the files
2017-05-22 23:09:19 <kaniini> this channel is getting bad for my health
2017-05-22 23:09:37 <jirutka> Shiz: but the result is quite useless
2017-05-22 23:09:40 <jirutka> currently
2017-05-22 23:09:48 <Shiz> sure, but there's not a lot that needs to be changed to make it useful
2017-05-22 23:09:50 <Shiz> :P
2017-05-22 23:09:54 <TemptorSent> does checkapk recurse the deptree?
2017-05-22 23:10:08 <Shiz> no, why would it
2017-05-22 23:11:08 <Shiz> it only needs to check if the provides change
2017-05-22 23:11:11 <Shiz> for soname
2017-05-22 23:12:21 <kaniini> right then it queries apkindex to learn the depends
2017-05-22 23:12:26 <kaniini> er rdepends
2017-05-22 23:12:48 <jirutka> I need to go sleep now, I must get up very early tomorrow; I hope that you understand what is the goal I’d like to achieve, so please discuss what is the best way to it ;)
2017-05-22 23:12:52 <TemptorSent> Hmm.. The cases I'm concerned with is a bin which deps on a lib which deps on another lib, where the bin uses a header for the second lib but doesn't link it directly.
2017-05-22 23:13:15 <kaniini> 
ACTION headdesks

2017-05-22 23:13:20 <Shiz> that wouldn't matter at all
2017-05-22 23:13:22 <TemptorSent> I'm afraid I'm not sure exactly which problem you're currently working to solve jirutka.
2017-05-22 23:13:24 <jirutka> TemptorSent: uh, what?
2017-05-22 23:13:27 <Shiz> it would flag the intermediate lib, which would need to be rebuilt
2017-05-22 23:13:32 <Shiz> if it doesn't link against it...
2017-05-22 23:13:38 <Shiz> and this all seems extremely corner-casey
2017-05-22 23:13:44 <TemptorSent> Yeah, one I'
2017-05-22 23:13:45 <TemptorSent> ve hit
2017-05-22 23:13:51 <Shiz> anyway
2017-05-22 23:13:56 <jirutka> maybe I’ve missed something, but transitive dependencies are not a problem in this case, are they?
2017-05-22 23:14:05 <Shiz> no
2017-05-22 23:14:12 <TemptorSent> Usually it's a struct defined in the lower level lib that's used in the bin directly.
2017-05-22 23:14:12 <Shiz> jirutka: here's my thought before you go to bed:
2017-05-22 23:14:35 <Shiz> a modification to the travis script and checkapk
2017-05-22 23:14:46 <Shiz> checkapk outputs a list of changed sonames
2017-05-22 23:14:53 <Shiz> and the packages that depend on it
2017-05-22 23:15:04 <Shiz> travis checks at the end of the session if those packages were rebuilt too
2017-05-22 23:15:09 <Shiz> if not, it fails the build
2017-05-22 23:15:10 <TemptorSent> So the transitive deps shouldn't be a problem if the package deps on ALL libs it uses structs of.
2017-05-22 23:15:45 <jirutka> but what about foo.so.1.2.3 → foo.so.1.2.4? does it need rebuild as well? please note that checkapk compares only file names, not real SONAME in ELF binary
2017-05-22 23:15:53 <Shiz> jirutka: wrong
2017-05-22 23:15:56 <Shiz> it checks the real soname
2017-05-22 23:15:59 <TemptorSent> Shiz - That sounds like it would solve the immediate problem quite nicely.
2017-05-22 23:16:11 <jirutka> hm, I need to verify it…
2017-05-22 23:16:20 <Shiz> jirutka: https://git.alpinelinux.org/cgit/abuild/tree/checkapk.in#n82
2017-05-22 23:16:25 <Shiz> it's a separate check from the file list check
2017-05-22 23:16:27 <jirutka> grr, it’s output is really extremely confusing
2017-05-22 23:16:28 <kaniini> jirutka: it checks real soname
2017-05-22 23:16:33 <jirutka> aha
2017-05-22 23:17:03 <Shiz> anyway
2017-05-22 23:17:15 <Shiz> this would enforce that any PR that breaks soname also includes commits to bump the relevant pkgrels
2017-05-22 23:17:20 <Shiz> or the travis build fails
2017-05-22 23:17:28 <TemptorSent> In-depth API/ABI compatability analysis is something to work on for supporting devs and automated bumps.
2017-05-22 23:17:29 <jirutka> but then I don’t understand foo.so.x.y.z, cause I’ve seen many times when checkapk printed diff with just change in <z>
2017-05-22 23:17:36 <jirutka> so are these totally unrelated or what?
2017-05-22 23:17:50 <jirutka> no, it should not fail build
2017-05-22 23:17:52 <Shiz> checkapk prints both a changed filelist and changed sonames
2017-05-22 23:17:54 <jirutka> just warn
2017-05-22 23:17:59 <Shiz> no, it should fail
2017-05-22 23:18:00 <jirutka> aha
2017-05-22 23:18:05 <Shiz> packages will fail to load if the soname was bumped
2017-05-22 23:18:07 <Shiz> they will not work anymore
2017-05-22 23:18:08 <jirutka> no it definitely should not
2017-05-22 23:18:09 <Shiz> at all
2017-05-22 23:18:12 <jirutka> think about consequences
2017-05-22 23:18:18 <Shiz> you break packages if you update soname and not the packages
2017-05-22 23:18:36 <jirutka> look, ideally we need two checks
2017-05-22 23:19:02 <jirutka> so contributor can know if the pkg itself is okay and/or there is need to bump some other pkgs
2017-05-22 23:20:22 <TemptorSent> jirutka: I'm not sure you can do that without first building the newer pkgs to compare with anyway.
2017-05-22 23:20:42 <jirutka> eh?
2017-05-22 23:21:11 <jirutka> okay, I go sleep, it seems that I’m too tired to properly express my thoughts or dunno :)
2017-05-22 23:21:36 <TemptorSent> If anything, the abi checking might be useful to determine the LAST version of a lib to work with a particular version of a package, but checking newer ones requires building the new libs first and comparing against the old.
2017-05-22 23:21:37 <Shiz> :P
2017-05-22 23:22:22 <TemptorSent> jirutka: Get some sleep and poke at it more when you're fresh.
2017-05-22 23:22:34 <jirutka> ofc it requires building one, I thouhht that it is very obvious…
2017-05-22 23:22:58 <jirutka> yeah, lack of sleep is bad :(
2017-05-22 23:23:27 <TemptorSent> Autobumping isn't the easiest to solve, since you don't know what version to bump TO automatically for the deps.
2017-05-22 23:24:30 <TemptorSent> Doing that would require source analysis and comparison of prototypes between both old and new packages and old and new libs (possibly trying many version to match)
2017-05-22 23:24:48 <Shiz> and that's out of scope
2017-05-22 23:24:53 <TemptorSent> Agreed.
2017-05-22 23:27:12 <TemptorSent> A heuristic approach and flagging manual intervention is probably doable, but since we don't build and store every version of every dep, we'll only be able to say a specific build did or did not match, not ask which version did.
2017-05-22 23:28:05 <TemptorSent> (unless the metadata for previous versions of a package is stored somewhere?)
2017-05-22 23:29:49 <TemptorSent> I guess the question that needs to be answerable for proper versioning is 'In which version of $pkg did SONAME last have the value of X and in which version did it first have the value of Y
2017-05-22 23:32:02 <TemptorSent> That would allow you to determine the proper dep version string required.
2017-05-22 23:41:33 <TemptorSent> abi-compliance-checker DOES look very useful as a tool for Contributors and QA, but probably in a semi-automated fashion.
2017-05-23 07:54:12 <ncopa> morning
2017-05-23 07:54:23 <ncopa> i think i have found a bug in th setup-keymap
2017-05-23 07:54:37 <ncopa> after system install, the keymap is not kept
2017-05-23 08:00:31 <ncopa> ok i know why
2017-05-23 08:04:02 <_ikke_> ncopa: I tried to install grub yesterday, but I ran into some issues where it failed to detect a grub drive: http://tpaste.us/ELx6
2017-05-23 08:04:22 <_ikke_> ncopa: clandmeter did not have any issues, but it might be because I used multiple partitions where he only used a single one
2017-05-23 08:04:47 <clandmeter> I have a notebook beside me to test
2017-05-23 08:04:58 <clandmeter> because it seemed to give some issues with vmware
2017-05-23 08:05:07 <clandmeter> i will give that another try
2017-05-23 08:05:12 <ncopa> ok
2017-05-23 08:05:39 <clandmeter> btw, it would be nice if we could add support for alpine in https://netboot.xyz
2017-05-23 08:06:21 <ncopa> yes, indeed
2017-05-23 08:06:23 <clandmeter> Shiz, if you feel bored ;-)
2017-05-23 08:07:29 <clandmeter> not sure how much we need to change to add proper ipxe support.
2017-05-23 08:10:55 <clandmeter> 
ACTION wonders why we dont have curl in the extended release.

2017-05-23 08:11:14 <ncopa> we probably should yes
2017-05-23 08:22:02 <clandmeter> If i want to connected to an open wifi network, i need to create my own script to start it at boot?
2017-05-23 08:25:58 <jirutka> hi
2017-05-23 08:26:27 <jirutka> how can anyone get up so early? *tired*
2017-05-23 08:26:42 <_ikke_> jirutka: By not going to bed so late? :P
2017-05-23 08:30:31 <tru_tru> hi is apkbuild-pypi deprecated? I could find apkbuild-cpan but not apkbuild-pypi
2017-05-23 08:33:07 <clandmeter> jirutka, i know the feeling
2017-05-23 08:33:21 <clandmeter> 3am to sleep, 7am awake...
2017-05-23 08:39:17 <jirutka> tru_tru: not sure if deprecated, but surely outdated
2017-05-23 08:39:32 <jirutka> tru_tru: it’s better to follow https://wiki.alpinelinux.org/wiki/APKBUILD_examples:Python for now
2017-05-23 08:52:58 <clandmeter> wtf, so i need to partition my disk some special way to make for the grub mbr?
2017-05-23 08:53:07 <clandmeter> make space...
2017-05-23 08:56:25 <tru_tru> jirutka: thx
2017-05-23 09:01:02 <_ikke_> clandmeter: iirc, normal partitioning should already by enough
2017-05-23 09:01:14 <_ikke_> mbr
2017-05-23 09:01:21 <clandmeter> doesnt seem like it
2017-05-23 09:01:28 <clandmeter> atleast not the messages im getting from grub
2017-05-23 09:01:38 <_ikke_> what message are you getting?
2017-05-23 09:02:02 <_ikke_> It of course does need enough space for the initial bootloader
2017-05-23 09:02:30 <_ikke_> 63 records apparently
2017-05-23 09:02:38 <_ikke_> stage 1.5
2017-05-23 09:03:44 <_ikke_> Might be that the fdisk shipped with alpine has a different behaviour
2017-05-23 09:03:45 <clandmeter> grub Embedding is not possible
2017-05-23 09:05:34 <clandmeter> going to try with more space at the beginning (if thats the real issue)
2017-05-23 09:06:02 <_ikke_> 63 sectords at least
2017-05-23 09:06:05 <_ikke_> sectors
2017-05-23 09:07:39 <_ikke_> According to a ticket, at least 1M
2017-05-23 09:08:39 <_ikke_> But that's when you have RAID / LVM apparently
2017-05-23 09:17:18 <clandmeter> http://tpaste.us/aQ8M
2017-05-23 09:17:23 <clandmeter> this is what im getting
2017-05-23 09:18:37 <clandmeter> lol
2017-05-23 09:18:38 <clandmeter> im stupid
2017-05-23 09:20:12 <clandmeter> w00t
2017-05-23 09:31:32 <clandmeter> ncopa, seems grub works fine in bios mode
2017-05-23 09:31:42 <ncopa> good
2017-05-23 09:34:55 <jirutka> btw, IIRC setup-* does not support installation without partitions… this is useful for VMs, it’s quite non-sense to create partitions on virtual disks
2017-05-23 09:36:13 <ncopa> how do you install the boot loader without partitions?
2017-05-23 09:40:21 <jirutka> exactly the same way as with partitions?
2017-05-23 09:40:31 <jirutka> boot loader don’t care about partitions ;)
2017-05-23 09:41:01 <jirutka> https://gist.github.com/jirutka/990d25662e729669b3ce
2017-05-23 09:41:12 <jirutka> eh, this part https://gist.github.com/jirutka/990d25662e729669b3ce#d-install-syslinux-bootloader
2017-05-23 09:42:43 <jirutka> eh, this is something different
2017-05-23 09:42:51 <jirutka> this is for partitions setup
2017-05-23 09:43:04 <jirutka> but really there’s no difference for installing bootloader
2017-05-23 10:20:28 <_ikke_> clandmeter: So how did you partition it, I'm still getting the same grub error
2017-05-23 10:20:45 <_ikke_> clandmeter: do you use a chroot?
2017-05-23 10:24:44 <clandmeter> _ikke_, i used the partition instead of the device with grub-install :|
2017-05-23 10:24:56 <clandmeter> no wonder it had no space for the bootloader :)
2017-05-23 10:25:20 <_ikke_> right
2017-05-23 10:25:23 <clandmeter> so i think just a regular one partition setup with ext4 should work
2017-05-23 10:25:29 <clandmeter> mount it
2017-05-23 10:25:45 <clandmeter> install alpine-base kernel and grub
2017-05-23 10:26:00 <clandmeter> with apk add....
2017-05-23 10:26:10 <clandmeter> mount bind proc and dev
2017-05-23 10:26:36 <clandmeter> chroot and grub-install /dev/sda1
2017-05-23 10:26:40 <clandmeter> err
2017-05-23 10:26:41 <clandmeter> chroot and grub-install /dev/sda
2017-05-23 10:26:42 <clandmeter> :)
2017-05-23 10:26:51 <clandmeter> old habits..
2017-05-23 10:37:43 <_ikke_> clandmeter: ugh, even with a single ext4 partition, I still get the same error under qemu
2017-05-23 10:42:24 <clandmeter> _ikke_, can you do a strace on grub-install.
2017-05-23 10:42:43 <_ikke_> yes
2017-05-23 10:44:36 <_ikke_> interesting: open /dev/sda1 operation not permitted
2017-05-23 10:44:57 <_ikke_> is that a grsec thing?
2017-05-23 10:45:21 <clandmeter> check dmesg
2017-05-23 10:45:31 <clandmeter> and yes thatrs highly possible
2017-05-23 10:45:44 <clandmeter> you are restricted in a chroot with grsec
2017-05-23 10:45:55 <_ikke_> right
2017-05-23 10:46:03 <_ikke_> use of CAP_SYS_RAWIO denied
2017-05-23 10:46:18 <clandmeter> you can relax it
2017-05-23 10:46:51 <clandmeter> http://tpaste.us/qMqK
2017-05-23 10:50:36 <_ikke_> clandmeter: w00t, that did it!
2017-05-23 10:50:43 <_ikke_> lol
2017-05-23 11:19:46 <jirutka> clandmeter: one partition setup doesn’t make much sense, just omit partitions… or grub is so stupid that it needs partitions to work?
2017-05-23 12:46:12 <ncopa> jirutka: so there are 440 unused bytes at the beginning of ext4 filesystem?
2017-05-23 12:46:40 <ncopa> where there is room for gptmbr.bin
2017-05-23 12:47:02 <jirutka> ncopa: yes
2017-05-23 12:47:12 <ncopa> is that the same for xfs and others?
2017-05-23 12:48:00 <jirutka> I’m not sure, I do this only with ext4
2017-05-23 12:48:22 <ncopa> but the grpmbr.bin is needed?
2017-05-23 12:48:33 <ncopa> gptmbr.bin
2017-05-23 12:49:54 <jirutka> no, it works with legacy too
2017-05-23 12:50:15 <jirutka> hm…
2017-05-23 12:50:19 <ncopa> i mean, you need some mbr.bin
2017-05-23 12:51:00 <jirutka> tbh I’m not sure now XD give me a sec
2017-05-23 12:53:05 <jirutka> . /usr/share/syslinux/mbr.bin
2017-05-23 12:54:15 <ncopa> does FAT also have space for the mbr.bin?
2017-05-23 12:54:23 <jirutka> but… this is for msdos-like partition table… and there’s no partition table… I use this for years, I know that it works, but now I wonder *how* it actually can work
2017-05-23 12:54:37 <ncopa> that is what i wonder too :)
2017-05-23 12:54:42 <ncopa> how does it actually work
2017-05-23 12:54:47 <ncopa> with partitions
2017-05-23 12:54:48 <jirutka> FAT? I don’t use archaic filesystems
2017-05-23 12:55:01 <ncopa> bios will load boot disk first sector
2017-05-23 12:55:13 <ncopa> where the mbr.bin code is
2017-05-23 12:55:35 <ncopa> the mbr.bin will look up the partition table and find the partition which is marked as "bootable"
2017-05-23 12:55:42 <ncopa> and pass over execution to there
2017-05-23 12:56:05 <_ikke_> but what if there is no partition table
2017-05-23 12:56:18 <ncopa> that was my question
2017-05-23 12:56:29 <ncopa> apparently it will work without parition table
2017-05-23 12:57:26 <_ikke_> And how does it know where to look for files? normally it looks just in the root, but in this case it will probably have to look in /boot
2017-05-23 12:57:32 <ncopa> EFI requires gpt
2017-05-23 12:57:52 <ncopa> to be able to read files it needs to understand filesystem
2017-05-23 12:58:07 <ncopa> syslinux understands fat, ext4, xfs, btrfs
2017-05-23 12:58:13 <ncopa> grub understands more
2017-05-23 12:58:22 <_ikke_> right, but it also need to know where to look, right?
2017-05-23 12:58:44 <_ikke_> if you have a dedicated partition, the files live just in the root
2017-05-23 12:58:48 <jirutka> you’ve really put a bug in my head (not sure if this is translatable…), I use it for more than 5 years, one co-worker thought me that, but I’ve never questioned how it can actually work
2017-05-23 12:58:58 <ncopa> :)
2017-05-23 12:58:58 <_ikke_> haha
2017-05-23 12:59:11 <_ikke_> perhaps there is some logic in grub to handle this sitation
2017-05-23 12:59:24 <jirutka> syslinux
2017-05-23 12:59:28 <ncopa> or syslinux
2017-05-23 12:59:36 <_ikke_> rite
2017-05-23 12:59:40 <jirutka> I’ve never tried that with grub
2017-05-23 13:00:16 <jirutka> (I use only syslinux everywhere for more than 5 years)
2017-05-23 13:01:38 <jirutka> the problem with partitions is that it makes extending the disk harder… w/o partition, you need to just extend size of the virtual disk and then extend FS, that’s all
2017-05-23 13:02:07 <jirutka> so this is all what i need for automated growing of FS in VMs https://github.com/jirutka/one-context/blob/master/scripts/grow-fs
2017-05-23 13:02:33 <_ikke_> right
2017-05-23 13:02:41 <_ikke_> We use LVM mostly for that reason
2017-05-23 13:14:51 <jirutka> it seems that error rate of my English is directly proportional to my fatigue (I’ve read once more time what I wrote this afternoon) :/
2017-05-23 13:16:10 <_ikke_> jirutka: That doesn't seem that strange to me
2017-05-23 13:16:28 <_ikke_> less sleep -> decreased focus -> more errors
2017-05-23 13:27:00 <fcolista> ncopa, for a single security patch, should I move the subproject from security to alpine linux?
2017-05-23 13:27:20 <fcolista> I can't see this in https://bugs.alpinelinux.org/issues/7308
2017-05-23 13:27:25 <ncopa> when closed yes
2017-05-23 13:28:36 <fcolista> Properties I can see are "tracker/status/priority/assigned to/version/activity/% completed"
2017-05-23 13:29:00 <fcolista> cannot see how to change the subproject
2017-05-23 13:29:18 <ncopa> you select "Project"
2017-05-23 13:29:25 <ncopa> the first dropdown box
2017-05-23 13:30:29 <fcolista> maybe is a permission issue...I don't have that box
2017-05-23 13:33:44 <ncopa> just mark it as resolved and progress 100% then
2017-05-23 13:35:27 <fcolista> ncopa: http://i.imgur.com/8K4OZQP.png
2017-05-23 13:35:54 <ncopa> try that "description" "edit"
2017-05-23 13:36:46 <fcolista>  it opens a form with this:
2017-05-23 13:36:47 <fcolista> http://i.imgur.com/8K4OZQP.png
2017-05-23 13:36:48 <fcolista> ops
2017-05-23 13:36:55 <fcolista> PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).
2017-05-23 13:36:55 <fcolista> h3. References:
2017-05-23 13:36:55 <fcolista> https://nvd.nist.gov/vuln/detail/CVE-2017-8934
2017-05-23 13:36:55 <fcolista> h3. Patch:
2017-05-23 13:36:55 <fcolista> https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08
2017-05-23 13:37:05 <fcolista> no box for changing project
2017-05-23 13:37:14 <fcolista> But i remember that i could do that
2017-05-23 13:37:44 <fcolista> mah
2017-05-23 13:38:22 <ncopa> sounds like permission problem or similar
2017-05-23 13:39:35 <ncopa> alpine-xen works
2017-05-23 13:39:41 <ncopa> and dom-u works
2017-05-23 13:40:03 <ncopa> did aonybody test the other iso images?
2017-05-23 13:40:38 <jirutka> not yet, but I’m gonna soon
2017-05-23 13:41:18 <ncopa> ok
2017-05-23 13:41:32 <ncopa> i tested sys install with lvm root
2017-05-23 13:41:35 <ncopa> worked
2017-05-23 13:41:43 <ncopa> im testing the alpine-virt image now
2017-05-23 13:41:46 <ncopa> in vmware
2017-05-23 13:42:38 <ncopa> there is an issue with xen and keymaps
2017-05-23 13:43:01 <ncopa> apparently openrc detect the rc_sys as XENU
2017-05-23 13:43:08 <ncopa> instead of XEN0
2017-05-23 13:43:23 <ncopa> i think it happens because the /prox/xen is not set up at the time openrc starts
2017-05-23 13:44:15 <ncopa> oh, what do we do with busybox udhcpc
2017-05-23 13:44:36 <ncopa> they direct the info to stderr
2017-05-23 13:45:11 <clandmeter> fcolista, can you check your permissions now?
2017-05-23 13:45:49 <fcolista> clandmeter, thx
2017-05-23 13:45:51 <ncopa> http://lists.busybox.net/pipermail/busybox/2017-May/085458.html
2017-05-23 13:46:02 <fcolista> not I see "project" dropbox menu
2017-05-23 13:48:13 <fcolista> ncopa, clandmeter : what's the criteria on security ticket assignments?
2017-05-23 13:48:22 <fcolista> maitnainers tooks care as first?
2017-05-23 13:49:18 <clandmeter> i think if you feel comfortable to do it, just do it.
2017-05-23 13:49:50 <ncopa> yeah
2017-05-23 13:50:57 <fcolista> ok
2017-05-23 13:50:59 <clandmeter> ncopa, will we have virt without grsec?
2017-05-23 13:51:05 <ncopa> not for 3.6
2017-05-23 13:51:51 <ncopa> setup-xorg-base works with vmware
2017-05-23 13:51:53 <clandmeter> is there a fix for grsec on hyperv?
2017-05-23 13:52:09 <ncopa> i don tknow
2017-05-23 13:53:46 <^7heo> yeah
2017-05-23 13:53:48 <^7heo> don't use hyperv.
2017-05-23 13:53:49 <^7heo> Fixed.
2017-05-23 13:53:51 <^7heo> 
ACTION hides

2017-05-23 13:54:05 <ncopa> as long i can remember hyperv has be problemtic
2017-05-23 13:54:13 <ncopa> i think grsec has worked once in a while
2017-05-23 13:55:20 <^7heo> I do not see the appeal of hyperv personally; but that would rather be a subject for -offtopic.
2017-05-23 13:58:02 <ncopa> hyper-v has been problematic as far i can remember
2017-05-23 13:58:22 <ncopa> i remember i ran alpine-vserver in hyper-v for a while
2017-05-23 14:03:09 <Shiz> afternoon
2017-05-23 14:03:27 <Shiz> ncopa: what was the issue in setup-keymap?
2017-05-23 14:04:21 <ncopa> the init.d script says keyword -xenu
2017-05-23 14:04:32 <ncopa> so the service does not start in xenU
2017-05-23 14:04:42 <ncopa> but openrc thinks dom0 is xenU
2017-05-23 14:04:52 <Shiz> ah yes
2017-05-23 14:04:55 <ncopa> so it does not start on dom0
2017-05-23 14:04:57 <Shiz> i actually ran into this before with someone
2017-05-23 14:05:20 <ncopa> the workaroudn is to set rc_sys="xen0" in /etc/rc.conf
2017-05-23 14:09:04 <mitchty> jirutka: curious why this was removed https://git.alpinelinux.org/cgit/aports/commit/?id=f267ad1d8d993fc0ad5e97a85413064231ae1286 as you need a way to bootstrap ghc on new platforms otherwise ghc can't build itself
2017-05-23 14:09:45 <jirutka> mitchty: ’cause fabled told me that ghc-bootstrap is not used and will not be used anymore
2017-05-23 14:11:17 <mitchty> jirutka: ok, though I'd expect you'd want to ensure you can demonstrate the port moving from glibc->alpine linux is still possible to do similar to the debian rebootstrap project, but if not it simplifies my work
2017-05-23 14:13:49 <jirutka> mitchty: it also simplified review a lot, I’ve reviewed and improved ghc already some time ago, but ghc-bootstrap was… quite big issue
2017-05-23 14:14:13 <Shiz> btw did we move cabal to community yet?
2017-05-23 14:14:47 <mitchty> Shiz: i've got some fixes for it i'm testing quick
2017-05-23 14:14:58 <Shiz> right
2017-05-23 14:15:29 <Shiz> btw ncopa jirutka this is somewhat relevant: https://txt.shiz.me/YjVhZjI4ZW
2017-05-23 14:15:36 <Shiz> mismatches between busybox applet locations and the ones in packages
2017-05-23 14:15:43 <mitchty> basically amounts to changing the cabal dependencies to stuff that won't change old-time.cabal::https://hackage.haskell.org/package/old-time-1.1.0.3/revision/1.cabal
2017-05-23 14:15:51 <Shiz> meaning that if the package ones gets installed the busybox ones may still exist and be invoked depending on path order
2017-05-23 14:16:50 <jirutka> …/node_modules/which/bin/which is probably irrelevant
2017-05-23 14:17:00 <Shiz> yes
2017-05-23 14:17:04 <Shiz> and the lzma one too
2017-05-23 15:46:44 <mitchty> did apk change recently, its taking a lot longer to install ghc than in the past, on the order of half an hour so far, its doing a ton of fchown/statat calls to apk-new files and then looks to be opening them
2017-05-23 15:59:29 <jirutka> Very interesting story about ugliness of GNU c++ lib https://www.zerotier.com/blog/2017-05-05-theleak.shtml /cc Shiz
2017-05-23 16:01:10 <mitchty> weird, tried again and it installed straight away
2017-05-23 16:47:38 <^7heo> that's weird
2017-05-23 16:47:47 <^7heo> I boot alpine on my new laptop
2017-05-23 16:47:55 <^7heo> I login in the install system
2017-05-23 16:47:59 <^7heo> no keyboard responds anymore.
2017-05-23 16:48:06 <^7heo> but I can still type "root"
2017-05-23 16:49:27 <_ikke_> You mean you don't get output anymore?
2017-05-23 16:50:25 <^7heo> well, it's different symptoms now
2017-05-23 16:50:34 <^7heo> the first time, everything worked perfectly
2017-05-23 16:50:38 <^7heo> until I logged in
2017-05-23 16:50:43 <^7heo> then the output froze
2017-05-23 16:50:45 <_ikke_> modprobe fbcon?
2017-05-23 16:50:56 <^7heo> but the capslock led wasn't reactive either
2017-05-23 16:51:22 <^7heo> also it's not a matter of login
2017-05-23 16:51:24 <^7heo> it's a matter of time
2017-05-23 16:51:36 <^7heo> after some time, the output does not respond anymore.
2017-05-23 16:51:42 <^7heo> and it does it at random times
2017-05-23 16:51:50 <^7heo> so I think it's a faulty firmware load.
2017-05-23 16:53:35 <^7heo> also it only happens when the laptop is docked
2017-05-23 16:55:21 <^7heo> yeah, inserting the laptop in the dock is freezing the laptop.
2017-05-23 16:56:20 <scadu> when the check() is running? I wanted to run simple test (printing program version :F), but binary is available in $pkgdir, which apparently is created after check() XD
2017-05-23 16:56:40 <scadu> or there's something wrong with me :
2017-05-23 16:57:11 <ncopa> ^7heo: sounds like kernel issue
2017-05-23 16:57:18 <^7heo> ncopa: not a module?
2017-05-23 16:57:49 <ncopa> scadu: check runs after build before $pkgdir is created (before make install)
2017-05-23 17:01:04 <_ikke_> ncopa: still issues geting xorg to work?
2017-05-23 17:02:45 <scadu> ncopa: hm, I run make with DESTDIR="$pkgdir/" install in package(). will look into this, thanks
2017-05-23 17:03:39 <^7heo> ncopa: when I insert it in the dock, there's not even network left there.
2017-05-23 17:03:52 <^7heo> no matter what plug I plug it into (dock or laptop)
2017-05-23 17:08:42 <ncopa> _ikke_: i have given up sort of
2017-05-23 17:09:50 <jirutka> ncopa: I’m still thinking about running check after package phase
2017-05-23 17:11:24 <jirutka> ncopa: for two reasons: to avoid unintended changes in generated binaries by bad build systems; and to make testing some software easier or even actually possible (files layout)
2017-05-23 17:12:20 <^7heo> ncopa: also, I tried a `tail -f /var/log/dmesg` via ssh
2017-05-23 17:12:26 <^7heo> ncopa: inserted the laptop in the doc
2017-05-23 17:12:32 <^7heo> ncopa: no additional line printed...
2017-05-23 17:12:51 <^7heo> so either the laptop freezes before it writes to /var/log/dmesg or the connection drops before.
2017-05-23 17:13:20 <ncopa> it happens when modules are loaded?
2017-05-23 17:13:33 <ncopa> google your hardware and linux
2017-05-23 17:13:44 <ncopa> might be you can add a kernel module option to the module triggering it
2017-05-23 17:13:57 <^7heo> when I boot on the dock, it happens randomly after some time
2017-05-23 17:14:05 <^7heo> sometimes I get the login prompt, sometimes not.
2017-05-23 17:15:39 <scadu> jirutka: would be cool in case like mine :P
2017-05-23 17:16:43 <jirutka> ncopa: and I’m afraid that now it’s the last time we can change w/o bigger problems…
2017-05-23 17:16:50 <ncopa> ok, i think i have everything needed for rc2
2017-05-23 17:17:29 <ncopa> i think changing it will cause major problems already
2017-05-23 17:17:36 <scadu> :c
2017-05-23 17:17:50 <ncopa> you will need take very care when backporting secfixes
2017-05-23 17:18:34 <ncopa> i think doing secfixes already will be a pain due to all the removals of || return 1
2017-05-23 17:19:12 <ncopa> if any of those are cherry-picked by mistake to older stable branches, then we risk silent breakages
2017-05-23 17:21:25 <ncopa> anything else needs fixing before rc3?
2017-05-23 17:21:37 <ncopa> i havent gotten much feedback on the rc1 and rc2
2017-05-23 17:21:45 <jirutka> dunno yet
2017-05-23 17:24:27 <ncopa> if i dont get any feedback on rc3 then i'll tag 3.6.0 tomrrow
2017-05-23 17:24:42 <ncopa> so last chance to fix issues
2017-05-23 17:26:06 <jirutka> tomorrow?!
2017-05-23 17:26:16 <jirutka> give us some time pls :)
2017-05-23 17:31:57 <_ikke_> I'll try rc3
2017-05-23 17:33:34 <scadu> https://github.com/weechat/weechat/blob/master/tools/build-test.sh that's what weechat provides. it's triggered by ENABLE_TESTS=ON flag during build. what should I do in this case? not sure if running this in check() has sense
2017-05-23 17:39:29 <_ikke_> 5So it has no make test?
2017-05-23 18:05:41 <scadu> _ikke_: nope
2017-05-23 18:07:08 <scadu> quite ugly: http://tpaste.us/K6Ko
2017-05-23 18:07:15 <scadu> skrzyp: ^ weechat 1.8
2017-05-23 18:07:52 <jirutka> scadu: what is `sed -i '/pkg_search_module/s/ruby-2.2 …` ? o.O
2017-05-23 18:10:50 <scadu> jirutka: I could adjust the current patch if you would like this way: https://github.com/alpinelinux/aports/blob/master/main/weechat/ruby2.4.patch
2017-05-23 18:11:37 <jirutka> huh, I don’t remember that I wrote this patch… actually don’t remember that I’ve touched weechat at all
2017-05-23 18:11:46 <scadu> jirutka: :p
2017-05-23 18:11:47 <jirutka> anyway, patch file is imo better for this
2017-05-23 18:11:55 <scadu> noted
2017-05-23 18:12:20 <jirutka> if upstream does not randomly move these lines in every realease… :P
2017-05-23 18:12:32 <scadu> jirutka: it fails on 1.8
2017-05-23 18:13:06 <scadu> that's why I did this ugly sed, but…
2017-05-23 18:14:44 <clandmeter> \o/
2017-05-23 18:15:13 <scadu> jirutka: aw yis, it was merged already XD
2017-05-23 18:15:22 <scadu> jirutka: https://github.com/weechat/weechat/commit/8e160c31fe7926b25190b7a3d62bb16877cbf416
2017-05-23 18:16:12 <scadu> I need a cup of coffee :x
2017-05-23 18:16:58 <jirutka> I’m currently drinking one :P
2017-05-23 18:17:10 <scadu> h5
2017-05-23 18:18:21 <ncopa> leitao: does NVME kernel module make sense on ppc64le?
2017-05-23 18:18:33 <ncopa> are there any nvme hardware for ppc64le?
2017-05-23 18:18:57 <leitao> ncopa, yes, we ship them
2017-05-23 18:19:02 <leitao> even nvme over fabrics
2017-05-23 18:19:07 <ncopa> nice
2017-05-23 18:19:09 <ncopa> very nice
2017-05-23 18:19:11 <leitao> what they used to all nvmf
2017-05-23 18:19:19 <ncopa> i'll enable the kernel drivers for that then
2017-05-23 18:19:26 <leitao> 
ACTION loves nvme

2017-05-23 18:20:44 <ncopa> there were some kernelconfig tweaks needed
2017-05-23 18:20:54 <ncopa> there was no vfat support for example
2017-05-23 18:21:10 <ncopa> i also enabled configfs_fs
2017-05-23 18:21:17 <ncopa> so you can modprobe configs
2017-05-23 18:21:26 <ncopa> and see the running kernel's config
2017-05-23 18:25:59 <scadu> jirutka: https://github.com/alpinelinux/aports/pull/1562 :)
2017-05-23 18:36:37 <ncopa> leitao: im pushing this: http://tpaste.us/je5v
2017-05-23 18:37:09 <skrzyp> scadu: co mnir kłamiesz, jeszcze nie ma w repo
2017-05-23 18:37:14 <skrzyp> :/
2017-05-23 18:38:15 <clandmeter> 
ACTION slaps skrzyp with a russian antonov 

2017-05-23 18:38:42 <^7heo> huhu
2017-05-23 18:38:44 <^7heo> that's polish :D
2017-05-23 18:39:13 <clandmeter> an antonov is russian :p
2017-05-23 18:39:22 <^7heo> not that; what they were speaking.
2017-05-23 18:39:23 <leitao> ncopa, Ok. I do not see any issue with that
2017-05-23 18:39:41 <ncopa> leitao: its closer to x86_64 config
2017-05-23 18:39:54 <leitao> ncopa, and it seems to make sense also
2017-05-23 18:40:02 <clandmeter> i know, i didnt say it was russian, it was sarcasm about a different language.
2017-05-23 18:40:02 <skrzyp> clandmeter: can't you see dofference between orc runes and latin alphabet?
2017-05-23 18:42:03 <clandmeter> I had 3 glasses of wine at dinner jsut now, all polish looks like russian now.
2017-05-23 18:43:22 <skrzyp> same with chinese?
2017-05-23 18:44:00 <clandmeter> yes, it looks just like taiwanese
2017-05-23 18:46:52 <clandmeter> 3.6 is getting close
2017-05-23 18:47:44 <clandmeter> so 4.0 is getting close
2017-05-23 18:48:04 <clandmeter> are we also skipping 4.0? :)
2017-05-23 18:48:37 <scadu> wut XD
2017-05-23 18:49:04 <scadu> clandmeter: yes, 25.0 is comming
2017-05-23 18:53:56 <jirutka> lol
2017-05-23 18:57:56 <scadu> skrzyp: przepraszam Cię skrzypku. nie bądź zły, może krecik zmerguje i będzie w 3.6 :c
2017-05-23 19:01:28 <skrzyp> jirutka: krtecek, would you like to update weechat to 1.8? it was released last weekend
2017-05-23 19:04:44 <clandmeter> it has linker issues
2017-05-23 19:06:43 <clandmeter> hmm
2017-05-23 19:09:26 <clandmeter> 
ACTION removes his hands from weechat

2017-05-23 19:11:15 <skrzyp> clandmeter: what haopened?
2017-05-23 19:11:48 <scadu> skrzyp: https://travis-ci.org/alpinelinux/aports/builds/235337697#L461 and so on
2017-05-23 21:20:13 <mitchty> Shiz: ok fixed https://github.com/alpinelinux/aports/pull/1553 with more stable dependencies
2017-05-23 21:22:41 <trfl> clandmeter, any chance the data files used to build the db of pkgs.alpinelinux.org could be made public for rsync or similar? would be convenient to have an offline index for when you don't have internet access or the site is slow/down
2017-05-23 21:23:38 <clandmeter> did you check the footer?
2017-05-23 21:24:17 <trfl> alright, I'll open a ticket :)
2017-05-23 21:24:35 <clandmeter> a ticket?
2017-05-23 21:24:52 <clandmeter> you want the data files to build the db
2017-05-23 21:25:03 <clandmeter> not sure what datafiles are in your view
2017-05-23 21:25:19 <_ikke_> https://github.com/alpinelinux/aports-turbo/blob/master/README.md
2017-05-23 21:25:58 <clandmeter> the db is generated from apk files
2017-05-23 21:26:05 <clandmeter> so you need to have them local to do that.
2017-05-23 21:26:58 <trfl> yeah, I figured it would be something like that :p but was also hoping it would have some sort of intermediate stage where the file listing from the apk files were serialized to some object storage that could be used for other usecases
2017-05-23 21:27:12 <trfl> becoming a full alpine mirror just to search packages feels a bit overkill hehe
2017-05-23 21:27:39 <clandmeter> data is stored in sqlite
2017-05-23 21:27:45 <clandmeter> and its rather large
2017-05-23 21:28:04 <clandmeter> because filelist is large per branch/repo/arch
2017-05-23 21:28:45 <trfl> I wonder how debian and yum does it, with apt-cache and yum provides respectively
2017-05-23 21:29:03 <jirutka> hm, this reminds me yet another thing I wanted to do…
2017-05-23 21:29:36 <clandmeter> when i have more time i will add a small function to add /json to uri's so you can get json from pkgs
2017-05-23 21:31:16 <clandmeter> trfl, pkgs has been slow or down for you recently?
2017-05-23 21:31:35 <trfl> definitely doesn't happen a lot, but right now it was
2017-05-23 21:31:59 <jirutka> clandmeter: yeah, that’s almost exactly what I wanted to do ;)
2017-05-23 21:32:01 <trfl> more often I find myself in situations where I don't have an internet connection and want to figure out which package to install, but those times I do have a full mirror available...
2017-05-23 21:32:06 <clandmeter> im pretty close to it, so cant really judge :)
2017-05-23 21:32:41 <Shiz> trfl: i don't think apt-cache has a file listing
2017-05-23 21:32:47 <Shiz> apt-file does though, which is a separate tool
2017-05-23 21:32:58 <jirutka> clandmeter literally sits next to the server running pkgs.a.o :P
2017-05-23 21:33:03 <clandmeter> trfl, you can add repo's to you repo file and pull the index
2017-05-23 21:33:12 <clandmeter> then you can search also offline
2017-05-23 21:33:30 <clandmeter> except filelist wont work untill you install the pkg.
2017-05-23 21:33:37 <clandmeter> or use pkgs
2017-05-23 21:33:45 <jirutka> heh, you’re telling that like it’s just a little detail ;)
2017-05-23 21:34:09 <jirutka> you usually don’t need to search files then you already have them installed
2017-05-23 21:35:35 <clandmeter> Shiz, did you see my comment about ipxe?
2017-05-23 21:38:09 <clandmeter> jirutka, im going on a holiday this week, so you will have 2 weeks to come up with an patch  for json output else ill beat you to it ;-)
2017-05-23 21:38:27 <jirutka> clandmeter: this sounds like an ultimatum…
2017-05-23 21:39:38 <Shiz> nyet, didn't
2017-05-23 21:39:50 <jirutka> ?
2017-05-23 21:40:02 <Shiz> talking to clandmeter
2017-05-23 21:40:08 <clandmeter> Shiz, https://netboot.xyz/
2017-05-23 21:40:30 <clandmeter> would be nice to have support for it.
2017-05-23 21:40:41 <Shiz> sounds like all it needs is an initramfs with the modloop embedded
2017-05-23 21:40:43 <Shiz> :P
2017-05-23 21:41:20 <clandmeter> or fetch it modloop from initramfs?
2017-05-23 21:41:27 <Shiz> oh, you can just dump an iso into it
2017-05-23 21:41:27 <clandmeter> -it
2017-05-23 21:41:29 <Shiz> lol
2017-05-23 21:41:31 <Shiz> https://github.com/antonym/netboot.xyz/blob/master/src/blackarch.ipxe
2017-05-23 21:41:33 <Shiz> super easu
2017-05-23 21:49:47 <clandmeter> Shiz. i think modloop already has http/ftp support. so we should only need to build a netboot release with network drivers in initramfs and store it on the mirror
2017-05-23 21:51:10 <clandmeter> going to bed. gnite.
2017-05-23 21:52:43 <Shiz> clandmeter: i dont think we need to do anything even
2017-05-23 21:52:47 <Shiz> we can just feed it the iso
2017-05-23 21:52:49 <Shiz> :P
2017-05-23 22:09:07 <^7heo> when I start firefox 52, I get SSL_SendAdditionalKeyShares: symbol not found
2017-05-23 22:09:11 <^7heo> any idea what I'm missing?
2017-05-23 22:09:14 <^7heo> an SSL dep I suppose?
2017-05-23 22:11:58 <^7heo> ncopa: any idea?
2017-05-23 22:12:01 <^7heo> kaniini: same question
2017-05-23 22:12:44 <kaniini> NSS
2017-05-23 22:12:59 <^7heo> thing is
2017-05-23 22:13:02 <^7heo> nss is installed.
2017-05-23 22:13:18 <^7heo> apk version nss
2017-05-23 22:13:18 <^7heo> Installed:                                Available:
2017-05-23 22:13:18 <^7heo> nss-3.27.2-r1                           = 3.27.2-r1
2017-05-23 22:13:47 <kaniini> firefox may need rebuild
2017-05-23 22:13:51 <^7heo> nah
2017-05-23 22:13:53 <^7heo> I got it
2017-05-23 22:13:58 <^7heo> 3.27 is not the right version.
2017-05-23 22:14:14 <^7heo> It's not trivial for most users tho
2017-05-23 22:14:23 <^7heo> you gotta use libnss from edge
2017-05-23 22:15:59 <Shiz> firefox was rebuilt super recently
2017-05-23 22:16:11 <Shiz> ^7heo: 3.5 or edge?
2017-05-23 22:16:18 <Shiz> cc trfl
2017-05-23 22:16:36 <trfl> ay
2017-05-23 22:16:55 <trfl> sure i can do a rebuild, but maybe not tonight :p
2017-05-23 22:17:09 <Shiz> no, i'm just wondering if you know anything about this
2017-05-23 22:17:16 <Shiz> since i don't think we bumped nss since your firefox version bump PR
2017-05-23 22:17:39 <trfl> nah we didn't, but https still worked fwiw
2017-05-23 22:18:40 <Shiz> oh, i think theo is on 3.5
2017-05-23 22:19:05 <^7heo> Shiz: 3.5 but let's be honest, there's no firefox in 3.5
2017-05-23 22:19:07 <^7heo> so edge... ;D
2017-05-23 22:19:15 <Shiz> doesnt 3.5 have firefox-esr?
2017-05-23 22:19:21 <^7heo> I didn't find it
2017-05-23 22:19:25 <Shiz> it does
2017-05-23 22:19:27 <^7heo> but again I was searching for firefox
2017-05-23 22:19:29 <Shiz> http://pkgs.alpinelinux.org/package/v3.5/community/x86_64/firefox-esr
2017-05-23 22:19:31 <^7heo> so there might be that.
2017-05-23 22:19:37 <Shiz> the package is also called firefox-esr in edge though
2017-05-23 22:19:38 <^7heo> right
2017-05-23 22:19:39 <Shiz> :P
2017-05-23 22:19:49 <^7heo> nah
2017-05-23 22:19:56 <^7heo> firefox-52.0.2-r0
2017-05-23 22:19:57 <Shiz> but yeah you know the drill with mixing stable and edge
2017-05-23 22:20:01 <^7heo> yeah...
2017-05-23 22:20:07 <^7heo> it's just not straighforward for lusers
2017-05-23 22:20:13 <^7heo> but since we have -esr, no worries
2017-05-23 22:20:17 <Shiz> ah edge also carries normal firefox
2017-05-23 22:20:21 <Shiz> ... which needs an upgrade
2017-05-23 22:20:23 <Shiz> 
ACTION pokes trfl

2017-05-23 22:20:25 <Shiz> :p
2017-05-23 22:20:44 <^7heo> yeah well, for now, it'll work.
2017-05-23 22:20:50 <^7heo> it's a temp setup for a candidate so...
2017-05-23 22:20:57 <^7heo> I'll just keep it like it is for now
2017-05-23 22:21:08 <^7heo> and when we hire a dude
2017-05-23 22:21:13 <^7heo> that'll be my laptop
2017-05-23 22:21:14 <^7heo> so...
2017-05-23 22:23:23 <trfl> oh dear, yep it's in testing
2017-05-23 22:23:28 <trfl> I only looked in community :x
2017-05-23 22:25:46 <^7heo> :D
2017-05-23 22:25:47 <^7heo> happens.
2017-05-23 22:25:52 <^7heo> that's why we test stuff.
2017-05-23 22:28:43 <Shiz> well, this one is on your own anyway
2017-05-23 22:28:46 <Shiz> dont mix edge and stable
2017-05-23 22:28:48 <Shiz> :P
2017-05-23 22:30:05 <trfl> oh hey, latest firefox requires the rust compiler to build
2017-05-23 22:30:09 <trfl> nice timing Shiz!
2017-05-23 22:30:22 <^7heo> Shiz: well, I didn't know firefox was in stable.
2017-05-23 22:30:49 <Shiz> its not
2017-05-23 22:30:51 <Shiz> but testing is edge
2017-05-23 22:30:57 <Shiz> and you said you ran 3.5
2017-05-23 22:30:58 <Shiz> ;p
2017-05-23 22:31:00 <^7heo> yeah.
2017-05-23 22:31:09 <^7heo> Shiz: also; it's not like alpine is super mature; it's very nicely done deep in the system; but packages aren't exactly bulletproof
2017-05-23 22:31:12 <^7heo> we need better QA
2017-05-23 22:31:20 <^7heo> we don't even have actual systematic testing
2017-05-23 22:31:22 <Shiz> ^7heo: that's why we're adding check()
2017-05-23 22:31:24 <Shiz> and soname rebuilds
2017-05-23 22:31:26 <Shiz> :)
2017-05-23 22:31:27 <^7heo> yeah
2017-05-23 22:31:30 <^7heo> it's getting better
2017-05-23 22:31:33 <^7heo> I know; it's really cool
2017-05-23 22:31:41 <^7heo> but don't blame me for using "what works" ™
2017-05-23 22:31:46 <^7heo> It's been that way for years.
2017-05-23 22:32:37 <Shiz> hey, i've got more leeway to complain to a fellow dev :p
2017-05-23 22:32:38 <_ikke_> ncopa: just installed a new vm with qemu + and setup-xorg-base, lxdm, xfce4 and it worked right awat
2017-05-23 22:33:31 <^7heo> Shiz: myeaah
2017-05-23 22:33:38 <^7heo> Shiz: whatever, I'll beer you, and let's drop it.
2017-05-23 22:33:44 <^7heo> oh wait, you don't beer, do you?
2017-05-23 22:33:44 <Shiz> i was just kidding anyway
2017-05-23 22:33:48 <Shiz> i very much do beer
2017-05-23 22:33:51 <Shiz> i don't do coffee though
2017-05-23 22:36:34 <jirutka> wait, why is Firefox still in testing?
2017-05-23 22:36:55 <jirutka> aha, we have firefox-esr in community, okay
2017-05-23 22:37:48 <trfl> latest version of firefox is gonna be a bit more tricky to build than esr, I'll give it a shot tomorrow if nobody beats me to it
2017-05-23 22:47:53 <Shiz> \o
2017-05-23 23:15:32 <mitchty> jirutka: have a few changes for idris that I ran into building on arm, though i found it on x86_64 as well, i'll validate them a bit more tonight but looks like a new version of the text library caused some shenanigans with the prepare stuff
2017-05-23 23:16:55 <mitchty> and if anyone could check that this move of cabal from testing to community is kosher that would help, have to keep ghc+cabal together generally https://github.com/alpinelinux/aports/pull/1553
2017-05-23 23:24:57 <jirutka> mitchty: https://github.com/alpinelinux/aports/pull/1553#discussion_r118129596
2017-05-23 23:25:42 <jirutka> mitchty: how exactly would it solve the problem – building them in single abuild?
2017-05-23 23:42:52 <TemptorSent> kaniini - just curious, have you pushed the apk manifest code anywhere yet?
2017-05-23 23:43:50 <kaniini> yeah apk-tools.git
2017-05-23 23:45:35 <TemptorSent> Cool, thank you - I'll start playing with it :)
2017-05-23 23:53:48 <kaniini> it's not ready for what you want yet.
2017-05-23 23:55:53 <TemptorSent> Not *quite*, but getting much closer! Can pkg->version be accessed in a simple manner, or do I need to create a buffer and copy it from the blob like the csum_buf?
2017-05-23 23:56:17 <TemptorSent> (type=apk_blob_t)
2017-05-23 23:58:45 <TemptorSent> What are the semantics for BLOB_PRINTF? I'm not groking it right off.
2017-05-24 00:11:08 <TemptorSent> Also, wtf is 'z[]' for in fetch.c?
2017-05-24 01:25:21 <kaniini> it's non-free proprietary software encoded in apk-tools as part of a voluntary NSA implant programme
2017-05-24 01:25:36 <kaniini> didn't you read about it on wikileaks?
2017-05-24 01:25:40 <TemptorSent> *LOL*
2017-05-24 01:26:41 <kaniini> if you really want to know: apk --force fetch coffee
2017-05-24 01:26:58 <TemptorSent> Now, do I build a binary just to dump it and make sure? :P
2017-05-24 01:27:17 <TemptorSent> Okay, that's awesome :)
2017-05-24 01:27:25 <TemptorSent> Well played.
2017-05-24 01:27:28 <kaniini> i am pretty sure it is explanatory in the source, really
2017-05-24 01:29:06 <TemptorSent> ...and RE: BLOB_PRINTF?
2017-05-24 01:29:11 <kaniini> BLOB_FMT is "%.*s" which takes two arguments,
2017-05-24 01:29:25 <kaniini> BLOB_PRINTF is a macro which expands those two arguments for the sake of BLOB_FMT
2017-05-24 01:30:08 <TemptorSent> Okay, so I can use that directly to get the pkg version? Or is there a proper macro for that too?
2017-05-24 01:30:32 <kaniini> if you're wondering that the %.* format modifier does, it defines an upper boundary on how large the supplied buffer (e.g. passed in as argument) may be
2017-05-24 01:30:49 <kaniini> what precisely are you trying to do?
2017-05-24 01:32:26 <TemptorSent> I'm attempting to add an additional manifest format that provides the arch, package name, package version, checksums, filenames, and link targets, as well as uid/gid/mode/size if feasible.
2017-05-24 01:33:07 <kaniini> right now i rather add manifest generation for a given APK file.  as you can tell right now, it only introspects the apkdb
2017-05-24 01:33:35 <TemptorSent> I want to solve the feature request for a package index allowing search by file for uninstalled packages.
2017-05-24 01:34:17 <TemptorSent> Good enough - I'll mess with adding the additional formatting, just want to use the right macros :)(
2017-05-24 01:36:46 <TemptorSent> It looks like it's a rather convoluted path to read an apk file using the same mechanism - I couldn't actually figure out where the hook would go without already having a hash key in an index.
2017-05-24 01:38:35 <kaniini> well
2017-05-24 01:38:38 <kaniini> what i'm saying is
2017-05-24 01:38:48 <kaniini> i'm likely to rewrite the entire tool fundamentally
2017-05-24 01:38:58 <kaniini> which may break your patch
2017-05-24 01:39:22 <kaniini> so if you want to hack on apk manifest i would suggest beating me to the apk file stuff
2017-05-24 01:40:46 <TemptorSent> If I knew where to start on the apk file interface, I'd dig in. Where does it read a .apk file in the code without the information preloaded from the index?
2017-05-24 01:41:02 <TemptorSent> The code for fetch was barking up the wrong tree.
2017-05-24 01:41:15 <kaniini> :D
2017-05-24 01:41:39 <TemptorSent> (sorry, couldn't resist the pun)
2017-05-24 01:43:29 <^7heo> tsss
2017-05-24 01:46:18 <kaniini> another thing done already is
2017-05-24 01:47:04 <kaniini> apk gen --key-file=... --control-dir=... --data-dir=...
2017-05-24 01:48:05 <TemptorSent> Very cool - it automatically handles appending the archives, stripping the extra header, and signing, outputting a valid .apk?
2017-05-24 01:48:18 <TemptorSent> What is the resulting apk name?
2017-05-24 01:48:18 <^7heo> btw
2017-05-24 01:48:30 <^7heo> we should gather again
2017-05-24 01:48:40 <^7heo> last time we didn't exchange kes
2017-05-24 01:48:42 <^7heo> keys
2017-05-24 01:49:03 <kaniini> pgp is for losers
2017-05-24 01:51:04 <kaniini> TemptorSent: no, it just synthesizes a valid apk from scratch
2017-05-24 01:52:37 <TemptorSent> I mean it creates the control archive, including sig, and appends the data archive without an extra empty tar header in the middle.
2017-05-24 01:54:41 <^7heo> kaniini: what would you use instead?
2017-05-24 01:56:48 <kaniini> TemptorSent: that's not a valid apk.  the extra header is used to tell the sections apart.
2017-05-24 01:56:59 <kaniini> ^7heo: signify
2017-05-24 01:58:47 <TemptorSent> kaniini: Hmm, I though it only had a single empty header in the middle, allowing standard tar to read the entire archive without seeing a premature end of archive (two empty headers in a row)
2017-05-24 01:59:41 <kaniini> TemptorSent: yes and it keeps that
2017-05-24 02:02:46 <kaniini> TemptorSent: i also want apk fetch --source to fetch the source files used to generate the APK
2017-05-24 02:03:48 <TemptorSent> Now that would be cool!
2017-05-24 02:04:20 <kaniini> TemptorSent: and for that matter, apk add --make-depends to create a virtual package and add a packages makedepdnds/checkdepends (as recorded in apkindex)
2017-05-24 02:04:54 <TemptorSent> I like it!
2017-05-24 02:05:28 <^7heo> kaniini: http://www.openbsd.org/papers/bsdcan-signify.html
2017-05-24 02:05:40 <^7heo> kaniini: that?
2017-05-24 02:05:59 <Shiz>    @kaniini │ TemptorSent: i also want apk fetch --source to fetch the source files used to generate the APK
2017-05-24 02:06:00 <kaniini> ^7heo: yes
2017-05-24 02:06:05 <Shiz> so they would be embedded in .PKGINFO?
2017-05-24 02:06:08 <TemptorSent> How do we handle building such source? aports?
2017-05-24 02:06:20 <kaniini> Shiz: yes
2017-05-24 02:06:30 <kaniini> TemptorSent: in alpine, abuild
2017-05-24 02:07:06 <TemptorSent> What about the patches/files in each package abuild directory?
2017-05-24 02:07:32 <^7heo> kaniini: that's exactly equivalent to pgp, requirement wise
2017-05-24 02:08:19 <kaniini> ^7heo: yes but has a less hostile user experience
2017-05-24 02:09:01 <kaniini> TemptorSent: aports is just a collection of those :)
2017-05-24 02:09:29 <kaniini> TemptorSent: and, apk is used by distributions other than alpine
2017-05-24 02:09:30 <TemptorSent> Right, but how do you package that in a manner that allows apk fetch --source to work?
2017-05-24 02:09:30 <^7heo> kaniini: sure, that's a good thing
2017-05-24 02:09:45 <^7heo> kaniini: but for now pgp also works
2017-05-24 02:10:05 <kaniini> wouldn't know, don't use it
2017-05-24 02:10:26 <kaniini> i don't use software that makes me angry
2017-05-24 02:10:33 <Shiz> what other distros use apk?
2017-05-24 02:10:36 <Shiz> out of curiosity
2017-05-24 02:10:51 <^7heo> adelie
2017-05-24 02:11:03 <^7heo> but it's modified afaik
2017-05-24 02:11:16 <kaniini> Shiz: adelie which uses its own build system based on portage
2017-05-24 02:11:31 <Shiz> (poor souls?)
2017-05-24 02:11:32 <Shiz> :p
2017-05-24 02:11:37 <^7heo> tsss
2017-05-24 02:11:58 <kaniini> ^7heo: nope.  apk has upstream support for RSA/SHA256 signatures now
2017-05-24 02:12:21 <TemptorSent> What about SHA512?
2017-05-24 02:12:39 <kaniini> yes, that too.
2017-05-24 02:12:59 <TemptorSent> It seems SHA256 is quickly being deprecated.
2017-05-24 02:13:13 <kaniini> apparently the RSA/SHA signatures also works with ECDSA
2017-05-24 02:13:21 <Shiz> that uhm
2017-05-24 02:13:26 <Shiz> i would verify that
2017-05-24 02:13:27 <Shiz> :P
2017-05-24 02:13:35 <kaniini> but i wouldn't recommend it as it's not an officially supported configuration :)
2017-05-24 02:14:26 <kaniini> fuzzy version selection is the only patch adelie has and i'm inclined to incorporate it as well
2017-05-24 02:14:45 <kaniini> it would be useful for alpine users
2017-05-24 02:14:54 <^7heo> yeah
2017-05-24 02:14:56 <Shiz> that seems useful yes
2017-05-24 02:15:03 <TemptorSent> Supporting ec25519 would be nice.
2017-05-24 02:15:47 <TemptorSent> Signing with both sha512 and ec25519 would protect from just about all reasonable collision attacks.
2017-05-24 02:15:49 <kaniini> adelie imo is more of a thought experiment though
2017-05-24 02:15:49 <kaniini> at this point
2017-05-24 02:16:01 <kaniini> because from what i hear gentoo is kinda falling apart these days
2017-05-24 02:16:30 <^7heo> naaah
2017-05-24 02:16:39 <Shiz> TemptorSent: 'both'
2017-05-24 02:16:42 <Shiz> they would be a single scheme
2017-05-24 02:16:52 <kaniini> like there's more alpine devs than active gentoo devs and such
2017-05-24 02:16:53 <Shiz> you can't sign something with sha512, and you can't sign something effectively with just asymmetric crypto
2017-05-24 02:16:55 <Shiz> :P
2017-05-24 02:17:05 <Shiz> kaniini: idk, people have been saying that gentoo is dying for 10 years
2017-05-24 02:17:09 <Shiz> it doesn't seem to be going anywhere
2017-05-24 02:17:49 <kaniini> the people there still working on it i guess are doing good work tho
2017-05-24 02:18:04 <^7heo> if it hasn_t moved for 10 years
2017-05-24 02:18:14 <^7heo> it's probably dead
2017-05-24 02:18:18 <Shiz> by going anywhere i mean going away
2017-05-24 02:18:25 <Shiz> it certainly has moved
2017-05-24 02:18:25 <kaniini> there are also the alpine derivatives
2017-05-24 02:18:26 <^7heo> I knw
2017-05-24 02:18:34 <^7heo> srry I had to
2017-05-24 02:19:26 <TemptorSent> Sorry Shiz, I meant RSA/SHA512 and ED25519
2017-05-24 02:19:45 <Shiz> it would be Ed25519/SHA512 too
2017-05-24 02:19:46 <Shiz> hopefully
2017-05-24 02:19:50 <Shiz> :)
2017-05-24 02:20:02 <TemptorSent> Right, that's how ed25519 is defined IIRC
2017-05-24 02:20:07 <kaniini> umm
2017-05-24 02:20:10 <Shiz> no
2017-05-24 02:20:21 <kaniini> ed25519 is just a asymmetric keypair scheme
2017-05-24 02:20:26 <kaniini> you can use whatever hash you want
2017-05-24 02:20:40 <Shiz> actually
2017-05-24 02:20:42 <Shiz> no he's right
2017-05-24 02:20:45 <Shiz> kaniini: EdDSA is the scene
2017-05-24 02:20:55 <Shiz> ed25519 is EdDSA paramterized to Curve25519 and SHA512
2017-05-24 02:20:56 <TemptorSent> The ed25519 dsa specifies a SHA512 hash
2017-05-24 02:20:57 <Shiz> apparently
2017-05-24 02:21:05 <kaniini> but apk needs proper ed25519 support
2017-05-24 02:21:10 <Shiz> https://en.wikipedia.org/wiki/EdDSA#Ed25519
2017-05-24 02:21:16 <Shiz> see here
2017-05-24 02:21:21 <kaniini> either way
2017-05-24 02:21:26 <Shiz> SHA512 is actually part of ed25519, did not know this either
2017-05-24 02:23:48 <kaniini> there are also internal alpine derivatives too
2017-05-24 02:24:17 <Shiz> at dayjob there's a customized initramfs, does that count as alpine derivative
2017-05-24 02:24:19 <kaniini> i know of a few institutions who rebuild the entire distribution
2017-05-24 02:24:19 <Shiz> :P
2017-05-24 02:24:25 <kaniini> and sign it with their own keys
2017-05-24 02:25:26 <kaniini> adelie kind of started as a thought experiment at day job
2017-05-24 02:25:43 <kaniini> we wanted a backup plan for our alpine machines
2017-05-24 02:25:46 <TemptorSent> Okay, so my question regarding how to make 'apk fetch --source' fetch everything needed to build the package remains... Does it basically mean we include the contents of the package's port directory in the resulting package?
2017-05-24 02:26:14 <kaniini> no
2017-05-24 02:26:26 <kaniini> it would just be URI list generated by abuild
2017-05-24 02:26:33 <TemptorSent> Oh.
2017-05-24 02:26:40 <Shiz> i mean
2017-05-24 02:27:01 <Shiz> you could add the files in the apkbuild directory prefixed by the primary git remote as URLS
2017-05-24 02:27:01 <TemptorSent> So it would lack all the alpine patches/initscripts/etc.?
2017-05-24 02:27:03 <Shiz> :D
2017-05-24 02:27:27 <TemptorSent> That would work if apk could figure out how to fetch from them I guess.
2017-05-24 02:27:34 <Shiz> it was a joke
2017-05-24 02:27:38 <Shiz> i'd prefer that apk not rely on git
2017-05-24 02:28:23 <TemptorSent> Well, not from git itself, but from a http accessible front end to the repo...
2017-05-24 02:28:43 <TemptorSent> That might be a sane solution.
2017-05-24 02:53:15 <TemptorSent> kaniini: Okay, so looking at verify.c, it appears essentially the same code for the input stream would be used, replacing apk_sign_ctx_verify_tar with apk_manifest_from_tar or some such function, yes?
2017-05-24 02:54:51 <awilfox> what about not-abuild generated apks?  just a thought to toss in
2017-05-24 02:55:35 <TemptorSent> awilfox: Good question -- any thoughts on how to handle source in a dist-agnostic fashion?
2017-05-24 02:56:50 <TemptorSent> abuild is rather tightly tied to the .apk format currently it appears (not necessarily the other way around of course)
2017-05-24 02:57:20 <awilfox> TemptorSent: something in the manifest possibly.  thinking something like...   SOURCE: uri://foo.bar/package-1.2.3.txz    SOURCE: uri://foo.bar/package-1.2.3-data.txz   PATCH: uri://distro.org/package/0001-musl.patch
2017-05-24 02:57:27 <awilfox> TemptorSent: oslt
2017-05-24 02:58:21 <TemptorSent> That would work well for handling the discrete patches, but the sed magic and such in APKBUILDS is likely a problem.
2017-05-24 02:58:31 <awilfox> note that there are definitely packages with more than one source tarball (ones I can think of off the top of my head: gimp, torcs, xen)
2017-05-24 02:58:35 <awilfox> and ofc more than one patch
2017-05-24 02:59:13 <TemptorSent> It would take a major overhaul of aports to extract all the magic to agnostic scripts.
2017-05-24 02:59:20 <awilfox> TemptorSent: sed magic is evil, and that sort of thing should be done in patches imo, of course if you are doing version strings then you have more maintenance burden...
2017-05-24 03:00:23 <TemptorSent> Yeah, but often a sed or awk script is required to transform something that's otherwise a moving target.
2017-05-24 03:00:33 <Shiz> apk fetch shouldn't fetch everything needed to build a package
2017-05-24 03:00:39 <awilfox> TemptorSent: over in Adélie I am in the middle of trying to completely revamp the ebuilds we use to have the minimal amount possible of "magic" and get as close to "./configure; make; make install DESTDIR=/usr/src/package/image/" as possible for every package, and that has meant a lot of trying to make people upstream build system fixes
2017-05-24 03:00:41 <TemptorSent> Paths/versions/name-conflicts...
2017-05-24 03:00:41 <Shiz> if you want to do that, clone aports tat the right revision
2017-05-24 03:00:47 <Shiz> jamming everything into the .apk is utterly useless
2017-05-24 03:01:07 <Shiz> s/tat/git at/
2017-05-24 03:01:15 <awilfox> ^ I agree with this, tbh
2017-05-24 03:01:24 <TemptorSent> The problem is most users who want to build one or two packages from source probably don't want to build anythign ELSE from source.
2017-05-24 03:01:25 <awilfox> apk source --fetch means "fetch source", and probably patches
2017-05-24 03:01:30 <awilfox> not "fetch the entire build system"
2017-05-24 03:01:46 <Shiz> it's not like aports is a heavy repo
2017-05-24 03:02:24 <awilfox> with debian (hopefully I am not immediately /kicked for mention the "D" word, I know foul language is prohibited here), apt-get source fetches the .deb stuff from their repo along with the package
2017-05-24 03:02:27 <TemptorSent> Right, but if you build it and it doesn't work as expected without manual intervention, it's going to be rather painful to support.
2017-05-24 03:02:29 <awilfox> but that isn't necessarily a requirement
2017-05-24 03:03:12 <TemptorSent> Right - but including a pointer to the original packaging repo is probably a good way to handle it.
2017-05-24 03:03:12 <Shiz> apk fetch --source is not for building the package
2017-05-24 03:03:19 <awilfox> it's for fetching source
2017-05-24 03:03:24 <Shiz> exactly
2017-05-24 03:03:27 <awilfox> which as I said, can be easily done with   SOURCE:  PATCH:
2017-05-24 03:03:38 <TemptorSent> If desired, you could define more than one for different dists in the same package I suppose.
2017-05-24 03:03:40 <awilfox> zero-or-more of PATCH, one-or-more of SOURCE
2017-05-24 03:03:58 <Shiz> awilfox: there's packages with zero remote sources
2017-05-24 03:04:00 <Shiz> so not quite
2017-05-24 03:04:07 <awilfox> well actually, zero-or-more of SOURCE for packages that have no sources
2017-05-24 03:04:13 <Shiz> :)
2017-05-24 03:04:16 <TemptorSent> Yeah, those are the ones that require the repository :)
2017-05-24 03:04:30 <Shiz> almost every package requires the remote repo
2017-05-24 03:04:37 <Shiz> repeat after me: apk fetch is NOT for building packages
2017-05-24 03:04:42 <TemptorSent> SOURCE-REPO: SOURCE-FILE: PATCH-FILE:
2017-05-24 03:05:14 <TemptorSent> What is the point of fetching source if you're not going to build a local package with it?
2017-05-24 03:05:19 <awilfox> inspection
2017-05-24 03:05:21 <awilfox> gdb stepping
2017-05-24 03:05:25 <awilfox> auditing
2017-05-24 03:05:26 <TemptorSent> That's what kaniini just spent a lot of time making possible.
2017-05-24 03:05:42 <awilfox> I have used `apt-get source` a lot of times, and built a package with it once
2017-05-24 03:05:42 <Shiz> what awilfox said
2017-05-24 03:05:50 <Shiz> it's not for building packages
2017-05-24 03:05:55 <Shiz> and it's not feasible to make it so
2017-05-24 03:05:58 <Shiz> nor desirable
2017-05-24 03:06:04 <TemptorSent> So you DON'T want to manage custom built source with apk?
2017-05-24 03:06:11 <Shiz> correct
2017-05-24 03:06:13 <Shiz> i don't
2017-05-24 03:06:17 <TemptorSent> Tell kaniini.
2017-05-24 03:06:27 <Shiz> i'm sure he already knows my opinion
2017-05-24 03:06:50 <Shiz> apk manages .apks
2017-05-24 03:07:16 <TemptorSent> So now we have to do some sort of 'fake' package crap to satisfy deps, and conflicting files will not resolve?
2017-05-24 03:07:34 <Shiz> nothing fake about it
2017-05-24 03:07:46 <TemptorSent> Why on earth would that be preferable to making .apks easy to build and using apk to manage them?
2017-05-24 03:07:55 <Shiz> .apks are easy to build
2017-05-24 03:07:59 <Shiz> that's the entire purpose of abuild
2017-05-24 03:08:04 <TemptorSent> Um, you install say php from source...
2017-05-24 03:08:20 <TemptorSent> now, you have somethign that depends on it -- now what?
2017-05-24 03:08:40 <Shiz> then you shouldn't stop trying to use the package manager for things that are not packages
2017-05-24 03:08:44 <Shiz> should*
2017-05-24 03:10:41 <TemptorSent> The whole point is to make it EASY to make a package.
2017-05-24 03:10:54 <Shiz> yes, which is abuild's purpose
2017-05-24 03:10:56 <Shiz> not apk's
2017-05-24 03:19:31 <TemptorSent> I don't care about abuild, portage, or whatnot - I'm talking about the actual packaging of an apk.
2017-05-24 03:20:07 <TemptorSent> see 'apk gen' above.
2017-05-24 03:21:17 <TemptorSent> If you're going to fetch source, fetch ALL sources, including the original repo directory contents.
2017-05-24 03:21:49 <Shiz> that's not gonna happen
2017-05-24 03:21:52 <Shiz> i can tell you that much
2017-05-24 03:22:23 <TemptorSent> Why the hell not? You're telling me we can't fetch ONE directory out of aports without cloning the entire thing?
2017-05-24 03:22:47 <Shiz> that is exactly what i'm telling you
2017-05-24 03:25:44 <TemptorSent> Fine, then list EVERY file in the source repo or fetch recursively!
2017-05-24 03:26:10 <Shiz> no
2017-05-24 03:26:25 <TemptorSent> Then what does it mean to fetch the source of alpine-baselayout?
2017-05-24 03:26:34 <Shiz> nothing, probably
2017-05-24 03:26:47 <TemptorSent> You have a dozen files in there.
2017-05-24 03:26:53 <Shiz> the source is identical to the package
2017-05-24 03:27:00 <Shiz> it has no meaningful definition of source
2017-05-24 03:27:19 <TemptorSent> No, it's not -- it generate shadow using awk, for instance.
2017-05-24 03:27:40 <Shiz> in the APKBUILD
2017-05-24 03:27:52 <Shiz> so fetching all files in the git repo wouldnt help anything with that
2017-05-24 03:27:53 <TemptorSent> As well as several other files using echo. (Yes, in the APK build)
2017-05-24 03:28:02 <TemptorSent> So the package != source.
2017-05-24 03:28:48 <TemptorSent> Okay, I give up - we clearly have very different concepts of what the source of a package consists of.
2017-05-24 03:29:23 <Shiz> embedding the source from your definition is not feasible or desirable in the apk
2017-05-24 03:29:51 <TemptorSent> I'm not wanting to embed it in the apk, I just want a link to it's repo in the apk!
2017-05-24 03:30:12 <Shiz> that is what i mean
2017-05-24 03:31:06 <TemptorSent> Why is it logical to provide uris for the source files to build the binaries, but not the source of the REST of the PACKAGE?
2017-05-24 03:31:58 <Shiz> because 1) those urls can't be meaningfully easily determined
2017-05-24 03:32:18 <Shiz> 2) to actually do something with them apk would incur a dependency on whatever protocol the source uses, which is both varying and probably not desirable
2017-05-24 03:33:26 <Shiz> and no, the url of the primary git repo is not meaningful or usable
2017-05-24 03:33:30 <Shiz> git repo remote*
2017-05-24 03:33:37 <TemptorSent> I'm sorry, but your logic isn't making sense. Why would those uris be any harder to determine than the uris for the upstream source? A local package uses local uris.
2017-05-24 03:33:38 <Shiz> because let me show you mine
2017-05-24 03:33:47 <Shiz> » git remote get-url origin
2017-05-24 03:33:49 <Shiz> alpine:aports
2017-05-24 03:34:02 <Shiz> okay, so tell me how you would determine the url
2017-05-24 03:34:19 <Shiz> the upstream source are embedded into the APKBUILDs
2017-05-24 03:34:22 <Shiz> source URLs*
2017-05-24 03:34:23 <TemptorSent> Okay, what's wrong with that for the uri?
2017-05-24 03:34:48 <Shiz> it's not at all meaningful?
2017-05-24 03:34:51 <TemptorSent> algitbot:alpine:aports/...
2017-05-24 03:35:09 <Shiz> nobody can do anything with that url
2017-05-24 03:35:10 <TemptorSent>  git:alpine:aports/.../
2017-05-24 03:35:33 <Shiz> assuming your intent is to allow people to fetch it themselves, that url is literally useless
2017-05-24 03:36:05 <TemptorSent> Assuming we resolve alpine to an alpine git repo, why not?
2017-05-24 03:36:36 <Shiz> that's a big assumption
2017-05-24 03:36:41 <Shiz> this is just local config on my side
2017-05-24 03:36:49 <Shiz> i could call the host mcpoopyhead and it would still be valid for me
2017-05-24 03:37:03 <TemptorSent> Yeah, the user is welcome to resolve it however they want.
2017-05-24 03:37:07 <Shiz> are you going to try to map every possible variation for every developer for every machine to the 'public-reachable' url
2017-05-24 03:37:15 <Shiz> for g.a.o
2017-05-24 03:38:31 <TemptorSent> No, I'm expecting we can list the origin repo by name and resolve it.
2017-05-24 03:39:19 <Shiz> that is not a name, it's a full URL
2017-05-24 03:39:20 <TemptorSent> The user may have to set the appropriate upstream if they want something other than what we resolve.
2017-05-24 03:39:53 <TemptorSent> aports is the repo, alpine is your host, yes?
2017-05-24 03:40:09 <Shiz> aports is the path
2017-05-24 03:40:11 <Shiz> alpine is the host
2017-05-24 03:40:17 <Shiz> it's a SSH URL
2017-05-24 03:40:54 <TemptorSent> aports == aports.git?
2017-05-24 03:41:02 <Shiz> aports == aports
2017-05-24 03:41:28 <TemptorSent> aports is the root of the git repository?
2017-05-24 03:41:40 <Shiz> yes
2017-05-24 03:41:46 <TemptorSent> Close enough.
2017-05-24 03:43:20 <TemptorSent> So if we have a repo name, why don't we just treat it the same way we do the apk dist repos and specify the source repos in /etc/apk/repositories?
2017-05-24 03:43:33 <TemptorSent> (or a parallel file)
2017-05-24 03:43:37 <Shiz> wtf?
2017-05-24 03:45:02 <Shiz> just matching by repo name is awful, for one
2017-05-24 03:45:17 <TemptorSent> If we fetched a .apk from a particular repository, WTF can't we also fetch the package source?
2017-05-24 03:45:35 <Shiz> because they are two separate systems
2017-05-24 03:46:39 <TemptorSent> Because storing a copy of the contents of the package port when it builds the package is hard why?
2017-05-24 03:47:16 <Shiz> not hard, just semantically wrong
2017-05-24 03:47:31 <Shiz> anyway
2017-05-24 03:47:33 <Shiz> im going to bed
2017-05-24 03:47:36 <Shiz> this is tiring
2017-05-24 03:47:44 <TemptorSent> How is it semantically wrong to store the source of the package itself?
2017-05-24 03:48:22 <TemptorSent> call it a .sapk for all I care.
2017-05-24 03:49:54 <kaniini> oh for fucks sake
2017-05-24 03:50:32 <kaniini> TemptorSent: we want to keep apk agnostic of package build systems (other distributions use apk, again)
2017-05-24 03:50:39 <TemptorSent> Sorry kaniini - didn't mean to spam you out.
2017-05-24 03:50:57 <kaniini> TemptorSent: so the sapk would be redundant
2017-05-24 03:51:26 <TemptorSent> kaniini: Understood - but aside from the APKBUILD itself, the contents of the aports directory is in many cases the complete source of a package.
2017-05-24 03:52:25 <TemptorSent> by sapk, I mean a signed tarfile of the package's aport directory.
2017-05-24 03:52:41 <TemptorSent> Or whatever source build system.
2017-05-24 03:52:42 <kaniini> TemptorSent: tell that to adelie
2017-05-24 03:53:02 <TemptorSent> adelie uses portage, right?
2017-05-24 03:53:03 <kaniini> awilfox: can you point me to your collection of APKBUILDs in adelie?
2017-05-24 03:53:22 <TemptorSent> That's why I said ASIDE from the APKBUILD itself.
2017-05-24 03:54:00 <TemptorSent> in portage speak, most of the contents of the aport directories would go in $pkg/files
2017-05-24 03:54:10 <kaniini> TemptorSent: i just want to record the URIs to the source files and allow apk to download them.  you would still use abuild or equivalent to rebuild the package (assuming you wanted to even do that)
2017-05-24 03:54:27 <TemptorSent> I'm not sure how the hooks are handled in adelie
2017-05-24 03:54:55 <TemptorSent> kaniini: Okay, so what does 'apk fetch --source alpine-baselayout' mean?
2017-05-24 03:56:18 <kaniini> it would download the sources in $sources with the aports files being prefixed with http://git.alpinelinux.org/aports/raw/...
2017-05-24 03:56:32 <TemptorSent> At the least, it should probably contain a pointer to 'https://github.com/alpinelinux/aports/master/main/alpine-baselayout/'
2017-05-24 03:56:39 <kaniini> (and yes, also the APKBUILD would be implicitly in the sources list, but that's abuild's job)
2017-05-24 03:56:49 <kaniini> i wasn't aware we officially used github, cool
2017-05-24 03:57:04 <TemptorSent> Er oops :P
2017-05-24 03:57:21 <kaniini> that's basically what shiz was saying above btw
2017-05-24 03:57:40 <kaniini> apk gen is not about providing a source build system either
2017-05-24 03:57:58 <kaniini> it's about separating concerns properly, so that abuild manages source and apk manages actually composing the binaries it handles
2017-05-24 03:58:00 <TemptorSent> I had suggested a link to each of the files in the directory and he said absolutely not.
2017-05-24 03:58:36 <kaniini> well luckily that's not really his decision now is it
2017-05-24 03:58:49 <TemptorSent> My point is that the source of the package includes not just the upstream, but the alpine-created artifacts as well.
2017-05-24 03:59:04 <kaniini> yes, it does absolutely
2017-05-24 03:59:21 <kaniini> but abuild itself should still be used to manage the downloaded artifacts
2017-05-24 03:59:32 <TemptorSent> So fetching a directory in a manner that abuild can then use directly would be desirable.
2017-05-24 03:59:49 <kaniini> i think largely shiz was scared that you were proposing something along the lines of having apk manage the sources
2017-05-24 04:00:01 <TemptorSent> Oh, hell no!
2017-05-24 04:00:39 <Shiz> 3i have my own separate concerns with your proposal
2017-05-24 04:00:48 <Shiz> since where does 'http://git.alpinelinux.org/aports/raw/' get inferred from
2017-05-24 04:00:56 <Shiz> especially for 3rdparty repos
2017-05-24 04:01:04 <Shiz> which may not have web front ends or different ones
2017-05-24 04:01:04 <kaniini> my goal is two-fold:
2017-05-24 04:01:12 <kaniini> 1) make it possible for end-users to be able to easily say "show me the source" and get some sources
2017-05-24 04:01:23 <kaniini> Shiz: abuild config option :)
2017-05-24 04:01:24 <kaniini> Shiz: abuild config option :)
2017-05-24 04:01:38 <Shiz> globally?
2017-05-24 04:01:43 <Shiz> i have one abuild config but multiple repos
2017-05-24 04:01:45 <Shiz> :P
2017-05-24 04:01:50 <kaniini> Shiz: if you disable it, then it does not spit out the urls
2017-05-24 04:02:04 <kaniini> Shiz: in your abuild.conf
2017-05-24 04:02:24 <kaniini> Shiz: i expect apk source metadata to be opt-in anyway
2017-05-24 04:02:37 <kaniini> Shiz: but maybe it would be nice to have repo-specific configs in abuild, too
2017-05-24 04:02:47 <Shiz> i think it would be, since i juggle multiple repos under one user
2017-05-24 04:02:49 <Shiz> :P
2017-05-24 04:02:58 <Shiz> (this would also be nice for the output directory stuff...)
2017-05-24 04:03:18 <Shiz> or just a .abuild.conf in the git root that it finds or whatever
2017-05-24 04:03:19 <Shiz> idc
2017-05-24 04:03:23 <Shiz> some form of repo-specific config
2017-05-24 04:03:34 <kaniini> Shiz: but basically idea is you define it in abuild.conf and if the template is empty, then source metadata wont be emitted
2017-05-24 04:04:29 <kaniini> anyway
2017-05-24 04:04:47 <kaniini> apk gen is not about replacing source managers
2017-05-24 04:05:12 <kaniini> to the contrary, it's about making new source managers easier to write
2017-05-24 04:05:33 <kaniini> based on what we learned from adelie using apk but not abuild
2017-05-24 04:07:27 <kaniini> apk gen and apk fetch --source are completely unrelated things
2017-05-24 04:07:32 <kaniini> apk gen is about simplifying abuild and portage's apk generator
2017-05-24 04:07:33 <kaniini> apk fetch --source is about making it easier for end users to obtain sources for packages (either to examine them or to customize them)
2017-05-24 04:11:09 <TemptorSent> ...it seems that the two functions are complementary, as the only remaining part needed is the actual build tool.
2017-05-24 04:11:12 <kaniini> so hopefully that clears that up
2017-05-24 04:11:47 <kaniini> yes, but the source manager itself is unspecified by apk
2017-05-24 04:11:54 <kaniini> and we wish to keep it that way
2017-05-24 04:12:13 <TemptorSent> Right.
2017-05-24 04:13:03 <kaniini> (this is with my apk hat on, not my alpine hat, to be clear.  abuild is and will always be the source manager of alpine)
2017-05-24 04:13:04 <TemptorSent> alpine packages will have APKBUILDs, adelie packages will have .ebuilds
2017-05-24 04:13:51 <kaniini> and hypothetical distribution C could have something that looks like rpm specfiles
2017-05-24 04:13:57 <kaniini> doesn't matter to me
2017-05-24 04:13:59 <kaniini> :)
2017-05-24 04:14:27 <kaniini> i recently met up with an rpm guy and he told me about how rpm specfiles really work
2017-05-24 04:14:32 <kaniini> and my eyes glazed over and i wished for death
2017-05-24 04:15:03 <awilfox> it would likely be possible to make alien-like things using `apk gen` too
2017-05-24 04:15:08 <awilfox> i.e. deb2apk, rpm2apk, etc
2017-05-24 04:15:08 <kaniini> punch line: apparently it is a giant preprocessor hack
2017-05-24 04:15:32 <awilfox> which I would of course never recommend, but can imagine places it might be useful
2017-05-24 04:15:44 <awilfox> say, spotify or mathematica or other things distributed as (rpm|deb) in binary form
2017-05-24 04:15:57 <TemptorSent> awilfox: especially for script-based applications.
2017-05-24 04:16:00 <kaniini> right that is another reason why we are doing `apk gen`
2017-05-24 04:16:11 <awilfox> [in fact, this is something I was hoping to accomplish anyway, because lsb's tests are packaged in rpm and they are just bash scripts]
2017-05-24 04:16:34 <awilfox> so yeah `apk gen` is a multi-use tool but it should do one thing and do it well: make apks
2017-05-24 04:16:46 <TemptorSent> Exactly.
2017-05-24 04:16:49 <awilfox> likewise, `apk fetch --source` is a multi-use tool but it should do one thing and do it well: fetch *source*
2017-05-24 04:16:59 <awilfox> not APKBUILD or .ebuild or w/e
2017-05-24 04:17:30 <kaniini> awilfox: those are sources
2017-05-24 04:17:33 <kaniini> awilfox: and need to be fetched
2017-05-24 04:17:40 <TemptorSent> awilfox: I disagree with that, it should fetch the entire source of the PACKAGE.
2017-05-24 04:17:50 <awilfox> there is nothing preventing abuild from making a SOURCE: line that points to alpine/abuild.git/blob/$commit/$package/APKBUILD but that is an implementation detail
2017-05-24 04:17:54 <kaniini> awilfox: but you should use your current source manager to manage the downloaded sources
2017-05-24 04:17:55 <kaniini> awilfox: apk shouldnt try to do that
2017-05-24 04:18:10 <kaniini> awilfox: yes
2017-05-24 04:18:32 <TemptorSent> In other words, give me a directory I can use in abuild on alpine in a private repo
2017-05-24 04:18:59 <TemptorSent> Or add to an overlay in portage.
2017-05-24 04:19:06 <kaniini> awilfox: but, if you omit that detail then people will argue about whether or not the file that describes what you're doing to said tarball and patch files, then people will be like herp derp just put that tarballs down
2017-05-24 04:19:33 <awilfox> fair point
2017-05-24 04:19:47 <awilfox> so, yes, you can put link-to-apkbuild or ebuild or whatever in as a SOURCE:
2017-05-24 04:19:56 <TemptorSent> That way I can modifiy it and use the normal build / packaging tools, then manage it like any other package with apk
2017-05-24 04:20:12 <awilfox> and it should likely reference the exact blob ID if possible
2017-05-24 04:20:40 <awilfox> which, unfortunately, makes it a bit harder to test builds before you run them because now you need to have a commit ID
2017-05-24 04:20:52 <kaniini> awilfox: that is my goal :)
2017-05-24 04:20:58 <awilfox> you can either commit but not push, or push and have a builder machine test it (but then master could be broken)
2017-05-24 04:21:03 <kaniini> awilfox: nah
2017-05-24 04:21:16 <awilfox> or just omit the source metadata on test builds
2017-05-24 04:21:16 <kaniini> awilfox: test builds can just use 'dirty' as the hash
2017-05-24 04:21:20 <TemptorSent> You wouldn't necessarily need the blob ID in advance, you use the current, then tag it.
2017-05-24 04:21:23 <kaniini> very easy to get that out of git
2017-05-24 04:21:29 <awilfox> true
2017-05-24 04:22:14 <awilfox> so does apk gen exist in some form that I can test/play with/attempt to grok?  or is it still being discussed?
2017-05-24 04:22:24 <awilfox> just wondering if it warns/errors/whatever if metadata is missing
2017-05-24 04:22:58 <awilfox> I think it should do so but it should choose warning/error based on what metadata it is (name should be fatal, url should be warning, for instance; not all packages have URLs)
2017-05-24 04:23:02 <awilfox> (looking at you, fetchmail)
2017-05-24 04:27:56 <kaniini> awilfox: it exists on my hard disk
2017-05-24 04:28:06 <kaniini> awilfox: i am going to work on manifest first
2017-05-24 04:28:28 <kaniini> awilfox: once that is done, i will integrate and polish up apk gen
2017-05-24 04:30:02 <awilfox> ah okay.  that makes sense.
2017-05-24 04:31:14 <kaniini> TemptorSent: and yes, verify.c is a good template for working with APK files
2017-05-24 04:33:25 <Shiz>  @kaniini │ punch line: apparently it is a giant preprocessor hack
2017-05-24 04:33:28 <Shiz> i sorta knew this, i think
2017-05-24 04:34:24 <Shiz> and debian control files...
2017-05-24 04:34:27 <Shiz> :(
2017-05-24 04:35:46 <TemptorSent> kaniini: Excellent - Is there a macro for creating a package struct and a file struct outside the db?
2017-05-24 04:36:38 <TemptorSent> Also, what parses the .PKGINFO file?
2017-05-24 04:43:15 <TemptorSent> Ahh, finally figured out how to use BLOB_PRINTF correctly -- didn't realized I had to deref the pointer :)
2017-05-24 04:46:04 <TemptorSent> kaniini: Is there any way to determine which checksum function was actually used?
2017-05-24 04:47:35 <TemptorSent> (for now, I guess I'll hard-code sha1 until the rest is ready)
2017-05-24 04:50:31 <TemptorSent> kaniini: Also, how do links work WRT checksums?
2017-05-24 05:15:39 <kaniini> TemptorSent: length field
2017-05-24 05:20:00 <TemptorSent> Okay, it's not implemented the same as the xattr_csum then, got it.
2017-05-24 05:22:18 <TemptorSent> kaniini: Here's what I'm playing with for format right now: http://termbin.com/fu57
2017-05-24 05:27:23 <TemptorSent> We'll probably want to get the user/group names rather than IDs, since the tarfiles have symbolic, not numeric UIDs IIRC?
2017-05-24 05:28:35 <TemptorSent> This is begging to get a format specifier like date(1) uses.
2017-05-24 05:44:37 <TemptorSent> Hmm, do we have any way of distinguishing between distributed and generated files in the apk database? We're going to get two different results with apk manifest on .apk files vs installed packages any time the install scripts create/alter files.
2017-05-24 05:49:01 <TemptorSent> Looking at it further, I believe the logical way forward would be to refactor the .apk file handling into one place, then expose a package struct and diri tree.
2017-05-24 05:49:42 <TemptorSent> That should allow any tool that currently operates only on the database to operate on a .apk file in a logical manner.
2017-05-24 05:50:08 <TemptorSent> Right?
2017-05-24 07:25:54 <baliste> good morning
2017-05-24 07:25:55 <baliste> anyone here
2017-05-24 07:35:50 <trfl> go ahead and ask, people will respond whenever they see your question :>
2017-05-24 07:38:19 <baliste> cool :p
2017-05-24 07:38:30 <baliste> so I was taking a look at apk-tools
2017-05-24 07:38:58 <baliste> i see it doesn't use HTTPS or ssl or anything. how does it protect against MITM attacks?
2017-05-24 07:39:15 <baliste> or just tell me I'm wrong and it does.
2017-05-24 07:39:33 <fcolista> baliste, how did you check then?
2017-05-24 07:40:20 <baliste> fcolista, reading the source
2017-05-24 07:42:34 <fcolista> baliste, and what part you've read that brought you to this conclusion?
2017-05-24 07:44:46 <baliste> fcolista, reading files at src/ (add.c/apk.c)
2017-05-24 07:45:02 <baliste> I mean I see you are verifying the images that's
2017-05-24 07:45:23 <baliste> but the connecting itself goes over http and not https - please correct me if I am wrong on this.
2017-05-24 07:45:42 <baliste> s/http/tcp?
2017-05-24 07:48:08 <_ikke_> baliste: All packages and the index is signed
2017-05-24 07:48:36 <_ikke_> baliste: So the packages cannot be altered without invalidating the signature
2017-05-24 07:49:17 <fcolista> mitm cannot happen due to sha512 sum that verifies the integrity of the package. Apk-tools before installing a package verify the sha512 sum
2017-05-24 07:49:31 <_ikke_> the sha512 sum can be altered
2017-05-24 07:49:33 <fcolista> repositories support http, https and ftp
2017-05-24 07:50:07 <fcolista> _ikke_, you should change the local index too
2017-05-24 07:50:10 <_ikke_> it's an rsa signature that verifies the integerity
2017-05-24 07:50:34 <fcolista> yes correct
2017-05-24 07:50:49 <fcolista> rsa verifies the integrity
2017-05-24 08:31:37 <baliste> maybe this is too much to ask - but can anyone direct me to the code that verifies a package's signature?
2017-05-24 08:32:09 <^7heo> it's in apk
2017-05-24 08:32:25 <_ikke_> baliste: I guess this file: https://git.alpinelinux.org/cgit/apk-tools/tree/src/verify.c
2017-05-24 11:10:46 <pbregener> hi! i know you’re close to a new release, but i’d appreciate someone having a look at (or merging) https://github.com/alpinelinux/aports/pull/1259 (cmake) and https://github.com/alpinelinux/aports/pull/1527 (graphviz)
2017-05-24 11:12:29 <_ikke_> pbregener: I think there was already a feature freeze (rc3 has been tagged and probably the base for the full release)
2017-05-24 11:13:48 <pbregener> _ikke_: i know but given that a bunch of other commits/package upgrades went in after rc3 already, i thought i’d try my luck, too ;)
2017-05-24 12:12:55 <jirutka> pbregener: cmake is used for building a lot of other pkgs, so this should be probably hold until v3.6 release
2017-05-24 12:13:07 <jirutka> ncopa: ^ https://github.com/alpinelinux/aports/pull/1259 ?
2017-05-24 12:13:40 <pbregener> agreed just wanted to make sure it’s still on your radar
2017-05-24 12:15:00 <ncopa> cmake is a thing that builds other packages
2017-05-24 12:15:14 <ncopa> i am afraid that cmake update may result in currently built packages fails to build
2017-05-24 12:15:32 <ncopa> and at thist point we will not rebuild everything that uses cmake to verify that it still builds
2017-05-24 12:15:48 <ncopa> however
2017-05-24 12:15:57 <ncopa> 3.8.0 -> 3.8.1 sounds like a bugfix only
2017-05-24 12:16:28 <ncopa> jirutka: if you have a look at the changelog for cmake, and think it is safe, then im ok to merge
2017-05-24 12:16:51 <ncopa> graphviz is probably ok
2017-05-24 12:17:01 <ncopa> i dont there are many other packages depending on it
2017-05-24 12:22:15 <vakartel> anybody knows? http://patchwork.alpinelinux.org/project is dead? last patches are from 2017-05-04
2017-05-24 12:38:03 <jirutka> vakartel: honest question, are you trying to avoid code reviews? you used to use GH for patches and then suddenly after few review cycles of bad quality PRs you switched to patchwork…
2017-05-24 12:43:25 <vakartel> I use patchwork if I make a single-shot patches (like version upgrades) and use github, if I suspect that there may be a debate and/or changes in the patch
2017-05-24 12:44:59 <vakartel> I really see no sence to create new branch in git to make just a version upgrade
2017-05-24 12:45:33 <_ikke_> branches are cheap
2017-05-24 12:46:56 <jirutka> well, this is new aport, not an upgrade http://patchwork.alpinelinux.org/patch/3370/
2017-05-24 12:47:44 <jirutka> this is actually very controversial change, it triggered even a flamewar on IRC http://patchwork.alpinelinux.org/patch/3362/
2017-05-24 12:52:26 <jirutka> I’ve quickly looked into others and gonna merge some of them at evening
2017-05-24 12:53:51 <jirutka> I’ve marked http://patchwork.alpinelinux.org/patch/3403/ as superseded, someone alredy updated it
2017-05-24 12:58:14 <jirutka> vakartel: ugh, i’ve already told you several times, please do not squash multiple unrelated changes into single commit and always write commit subject that briefly describes all changes made in the commit; this patch http://patchwork.alpinelinux.org/patch/3355/ contain a lot more changes than just “fix user creation in post-install”!
2017-05-24 13:00:25 <vakartel> I can't describe all changes in subject, but it described in body -- "add nut home dir /var/lib/nut used for scheduler
2017-05-24 13:00:25 <vakartel> fix libexec and driver dirs (libexec -> lib)
2017-05-24 13:00:25 <vakartel> add using dns in init-scripts
2017-05-24 13:00:25 <vakartel> remove conf.d files from package because it have no sence for now
2017-05-24 13:00:25 <vakartel> cleanups in APKBUILD and init-scripts"
2017-05-24 13:00:40 <_ikke_> vakartel: that's a sign you need multiple commits
2017-05-24 13:01:23 <jirutka> vakartel: when you do just few unrelated changes when it’d be overkill to split them into separate commits, then use some general commit subject like “fix multiple issues”, “improve abuild” or something like that, but never EVER write “fix user creation in post-install” and then do ten other changes beside this…
2017-05-24 13:04:22 <jirutka> vakartel: it’s especially important to decouple pure refactoring that does not change the resulting package and changes which affects the resulting package
2017-05-24 13:05:18 <jirutka> vakartel: the worst you can do is to bury few functional changes in dozens of refactoring or cosmetic changes
2017-05-24 13:06:47 <jirutka> these are reasons why I have to rewrite all your changes into php package one after the other, b/c it was nearly impossible to understand what the heck you’ve actually changed and how
2017-05-24 13:07:04 <vakartel> yes, it's right. But it's sometimes hard to split all changes I made, because I made it while use it on real working devices. So I posted a combined result of my expirience of using...
2017-05-24 13:07:55 <jirutka> you can split it ex-post… it’s git, not SVN
2017-05-24 13:08:22 <jirutka> git rebase is your friend ;)
2017-05-24 13:11:28 <jirutka> i do it myself, sometimes I change too many things at once when trying to build/fix something and then when I’m finished, I go through the changes I made and split them to multiple commits
2017-05-24 13:15:57 <vakartel> git rebase is my nightmare. I not use git or other cvs-s in my main work. So I know a little about it and try to understand it as needed.
2017-05-24 13:17:17 <vakartel> Ok, I'll try to move all my patches from patchwork to github and split it somehow.
2017-05-24 13:18:39 <jirutka> what VCS do you use at work?
2017-05-24 13:22:19 <vakartel> cvs a little. just for cisco devices configuration history
2017-05-24 13:31:08 <jirutka> CVS? i’m really sorry for you, i’d probably shoot myself or quit the job if forced to use CVS
2017-05-24 13:37:03 <vakartel> it's ok. I made a script 10 years ago that grabs configs from switches and routers  and just updates it in cvs. It was an only expirience with vcs-s.
2017-05-24 15:14:54 <baliste> hi, how can I build my own fork of apk-tools? can I just build it delete the original binaries and use?
2017-05-24 15:23:10 <tmh1999> baliste : you clone aports tree, $ cd aports/main/apk-tools ; abuild -r then add /home/username/packages/main to your /etc/apk/repositories, then install apk-tools from your local repo.
2017-05-24 15:23:42 <tmh1999> @channel : I think we have one or some repositories that do not sync up to date
2017-05-24 15:24:50 <baliste> tmh1999, can I clone apk-tools (via git) - build it with make then make install? or are there issues that can show up
2017-05-24 15:25:35 <tmh1999> dl-6 is unreachable for me
2017-05-24 15:26:11 <tmh1999> baliste : abuild -r step will do the make and make install for you. it is the recipe to build packages in Alpine way
2017-05-24 15:27:15 <baliste> tmh1999, yes that's fair - I just don't want to clone the aports tree
2017-05-24 15:27:36 <baliste> you see I'm building a docker image that should compile my version of apk-tools (and it's the only thing I'm changing)
2017-05-24 15:27:44 <tmh1999> --depth 1 won't kill :D especially if you clone into a tmpfs file system :D
2017-05-24 15:40:56 <tmh1999> http://dl-6.alpinelinux.org/alpine/
2017-05-24 15:40:56 <tmh1999> http://mirrors.cug.edu.cn/alpine/
2017-05-24 15:40:59 <tmh1999> http://mirrors.cicku.me/alpine/
2017-05-24 15:41:08 <tmh1999> unreachable for me :(
2017-05-24 15:41:17 <tmh1999> tried with my remote servers too
2017-05-24 15:43:01 <Shiz> baliste: yes, you can
2017-05-24 16:24:17 <Shiz> ncopa: did you figure out what that keymap issue was caused by?
2017-05-24 17:46:58 <ncopa> with xen?
2017-05-24 17:47:00 <ncopa> yes
2017-05-24 17:47:26 <ncopa> im gonna tag and branch 3.6 now
2017-05-24 17:57:11 <Shiz> did we fix that udhcpc issue?
2017-05-24 18:00:23 <^7heo> Gosh
2017-05-24 18:00:30 <^7heo> crond wants busybox syslog started...
2017-05-24 18:00:36 <^7heo> yet I have syslog-ng installed...
2017-05-24 18:00:40 <^7heo> that sucks.
2017-05-24 18:01:02 <Shiz> why does it want that?
2017-05-24 18:01:09 <^7heo> No idea.
2017-05-24 18:01:19 <^7heo> I stop syslog, it stops crond
2017-05-24 18:01:19 <^7heo> ok
2017-05-24 18:01:23 <^7heo> I start syslog-ng
2017-05-24 18:01:25 <^7heo> I start crond
2017-05-24 18:01:29 <^7heo> it starts syslog
2017-05-24 18:01:30 <^7heo> v_v
2017-05-24 18:04:10 <^7heo> Also some fucking programs overwrites /etc/syslog-ng/syslog-ng.conf or whatnot.
2017-05-24 18:04:15 <^7heo> my configuration is always lost.
2017-05-24 18:05:31 <^7heo> Ok the /etc/syslog-ng/syslog-ng.conf is actually generated at restart
2017-05-24 18:05:34 <^7heo> weird but whatever.
2017-05-24 18:07:28 <^7heo> At least now it works.
2017-05-24 18:07:32 <^7heo> But I still have no crond
2017-05-24 18:07:33 <^7heo> v_v
2017-05-24 18:07:37 <jirutka> Shiz: have you updated release notes (Julia added)?
2017-05-24 18:07:52 <Shiz> nyet
2017-05-24 18:08:04 <Shiz> ncopa: was the cabal PR merged before 3.6?
2017-05-24 18:08:19 <jirutka> Shiz: no, b/c of issues
2017-05-24 18:08:22 <Shiz> okay
2017-05-24 18:08:30 <ncopa> i havent merged anything today
2017-05-24 18:08:51 <jirutka> Shiz: https://github.com/alpinelinux/aports/pull/1553#discussion_r118118737
2017-05-24 18:09:00 <Shiz> yeah just opened the page
2017-05-24 18:09:26 <jirutka> Shiz: but having ghc in community is IMO still huge improvement, even without cabal
2017-05-24 18:09:53 <jirutka> I’m just sad that rust is built only for x86_64 now
2017-05-24 18:11:05 <^7heo> I really really don't get it.
2017-05-24 18:11:12 <^7heo> crond wants 'logger'
2017-05-24 18:11:17 <^7heo> both syslog and syslog-ng provide it
2017-05-24 18:11:29 <^7heo> why is crond starting logger when syslog-ng is started?
2017-05-24 18:11:42 <jirutka> wants? there’s no such dependency keyword in OpenRC, is there?
2017-05-24 18:11:52 <ncopa> Shiz: was this the last edition? https://txt.shiz.me/Y2RhOTA1Mm
2017-05-24 18:12:10 <Shiz> i think it changed a bit, lemme see
2017-05-24 18:12:34 <^7heo> jirutka: needs, not wants, but same difference.
2017-05-24 18:13:00 <Shiz> https://txt.shiz.me/MjU0NjNjN2
2017-05-24 18:13:54 <^7heo> using rc-service instead of /etc/init.d/crond start was the solution
2017-05-24 18:13:58 <^7heo> it's weird tho.
2017-05-24 18:14:08 <Shiz> that... shouldn't make any difference
2017-05-24 18:14:19 <jirutka> Shiz: could you please sort “Significant updates” alphabetically?
2017-05-24 18:14:27 <^7heo> Shiz: I know; but it does.
2017-05-24 18:14:29 <^7heo> OR
2017-05-24 18:14:43 <^7heo> maybe it's me actually removing syslog from the default boot runlevel and adding syslog-ng instead.
2017-05-24 18:14:44 <jirutka> ^7heo: what?! there should not be any difference between starting with /etc/init.d/foo and rc-service
2017-05-24 18:14:51 <^7heo> would THAT be computed when starting crond?
2017-05-24 18:15:11 <^7heo> (to satisfy the 'needs' requirement even if there already is a service running that provides it?)
2017-05-24 18:15:17 <Shiz> https://txt.shiz.me/YTBhZTRiOT
2017-05-24 18:15:19 <Shiz> sorted
2017-05-24 18:15:35 <jirutka> the service must be in runlevel to satisfy needs requirement
2017-05-24 18:15:56 <jirutka> hm, now Go is before most of others… ok, nevermind
2017-05-24 18:16:14 <Shiz> ^7heo: dependencies must be in the same runlevel, afaik
2017-05-24 18:16:17 <Shiz> what jirutka said
2017-05-24 18:16:33 <^7heo> ah SAME runlevel.
2017-05-24 18:16:34 <^7heo> ok.
2017-05-24 18:16:40 <^7heo> now it makese sense.
2017-05-24 18:16:51 <^7heo> syslog-ng was in needed/wanted and crond in default.
2017-05-24 18:17:01 <^7heo> since I placed syslong-ng in default, it's now good.
2017-05-24 18:17:16 <^7heo> Thanks guys.
2017-05-24 18:17:32 <jirutka> I’m trying to remember what other important changes we made
2017-05-24 18:17:52 <jirutka> but it’s hard, I hardly remember what I was doing a week ago
2017-05-24 18:18:00 <^7heo> +1
2017-05-24 18:26:02 <jirutka> we’ve added or moved from testing: rethinkdb, mongodb (not sure if it’s really noteworthy…) , vis, yarn,
2017-05-24 18:47:29 <ncopa> does this look good? http://wwwtest.alpinelinux.org/posts/Alpine-3.6.0-released.html
2017-05-24 18:48:29 <jirutka> wow, I’m at the second place!
2017-05-24 18:50:11 <Shiz> at least i'm in the top 20
2017-05-24 18:50:13 <Shiz> :p
2017-05-24 18:52:28 <ncopa> commit count is not a good meter
2017-05-24 18:52:37 <ncopa> the best meter is clandmeter :)
2017-05-24 18:53:04 <Shiz> :P
2017-05-24 18:53:11 <Shiz> lgtm
2017-05-24 18:53:12 <jirutka> ncopa: added links https://dpaste.de/r6Jb/raw
2017-05-24 18:53:45 <ncopa> jirutka: can you push it directly to alpine-mksite master?
2017-05-24 18:53:52 <jirutka> yes
2017-05-24 18:54:39 <ncopa> is it just me or is rsync.a.o a bit slow?
2017-05-24 18:54:46 <ncopa> i can only dl at 300k/s
2017-05-24 18:57:14 <jirutka> 10 MiB/s
2017-05-24 18:59:21 <^7heo> if I `nohup foo &`
2017-05-24 18:59:29 <^7heo> will foo run forever until it exits/crash?
2017-05-24 18:59:46 <ncopa> yes
2017-05-24 18:59:46 <^7heo> (no matter what else happens - aside from computer reboot or explicit killing)
2017-05-24 18:59:56 <^7heo> great, thanks ncopa
2017-05-24 19:02:26 <jirutka> okay, I’m gonna add v3.6 and new platforms to pkgs.a.o
2017-05-24 19:08:05 <jirutka> ncopa: should be v3.3 and v3.4 still on the list?
2017-05-24 19:09:18 <ncopa> they are still supported
2017-05-24 19:09:23 <jirutka> okay
2017-05-24 19:09:30 <ncopa> https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases
2017-05-24 19:30:42 <jirutka> gosh, we should seriously switch to a *real* database :(
2017-05-24 19:34:43 <kaniini> 2019-15-01 release date ?
2017-05-24 19:34:43 <kaniini> :D
2017-05-24 19:34:46 <kaniini> er support date
2017-05-24 19:39:05 <dsabogal> is 'immediate availability of version 3.6.0' intended? (compared with the 3.5.0 release post)
2017-05-24 20:16:03 <ncopa> dsabogal: im open to suggestions
2017-05-24 20:17:09 <ncopa> im not native english speaking (and i dont think Shiz is either) so help with wording is appreciatet
2017-05-24 20:23:00 <ncopa> does this sound better? We are pleased to announce the release of Alpine Linux 3.6.0, the first in the v3.6 stable series.
2017-05-24 20:24:55 <Shiz> i just took that verbatim from the 3.5.2 announcement
2017-05-24 20:24:57 <Shiz> it is valid english
2017-05-24 20:25:00 <dsabogal> ncopa: yes, it sounds better. i was just pointing out that it seemed to have been copied from a minor release post (where immediate makes sense)
2017-05-24 20:25:18 <ncopa> ok
2017-05-24 20:25:49 <ncopa> we also dont have an "credits" section
2017-05-24 20:25:56 <ncopa> we probably should
2017-05-24 20:26:03 <ncopa> but i am afraid of forgetting someone :)
2017-05-24 20:42:12 <leitao> ncopa, I contributed with two different emails, can I join both contributions together?
2017-05-24 20:42:24 <ncopa> :)
2017-05-24 20:42:28 <ncopa> its git shortlog :)
2017-05-24 20:42:39 <ncopa> i suppose i can join them
2017-05-24 20:42:43 <ncopa> manually
2017-05-24 20:44:40 <leitao> ncopa, cool, thanks!
2017-05-24 20:50:28 <tmh1999> \o/
2017-05-24 20:51:30 <tmh1999> I just find out darkhttp is so cool, which a.o is running. back in the day I was struggling writing my own web server based on libevent.
2017-05-24 20:54:37 <tmh1999> ncopa : https://alpinelinux.org/posts/Alpine-3.6.0-released.html is not found
2017-05-24 20:57:25 <ncopa> tmh1999: http://wwwtest.alpinelinux.org/posts/Alpine-3.6.0-released.html
2017-05-24 20:57:30 <ncopa> not published yet
2017-05-24 20:58:16 <tmh1999> ah right !
2017-05-24 20:58:51 <tmh1999> thought it automatically fetched from alpine-mksite
2017-05-24 21:05:26 <ncopa> it does
2017-05-24 21:05:36 <tmh1999> ncopa : The full list of changes can be found in the git log and bug tracker. gitlog and bug tracker point to b2b.gigabyte.com  and create.io
2017-05-24 21:05:45 <ncopa> i think i just fixed that
2017-05-24 21:05:49 <ncopa> can you refresh?
2017-05-24 21:06:44 <ncopa> ok i think i push it
2017-05-24 21:06:47 <tmh1999> gotcha
2017-05-24 21:07:01 <tmh1999> actually IBM System z is correct :D but it is not a big deal
2017-05-24 21:07:16 <ncopa> leitao asked me to change it to Z
2017-05-24 21:07:37 <ncopa> but i suppose he is a POWER guy :)
2017-05-24 21:07:41 <tmh1999> :D
2017-05-24 21:08:09 <Shiz> lowercase z would be correct yeah
2017-05-24 21:08:17 <ncopa> tmh1999: so what you do now is to ask me change POWER to pOWER ;)
2017-05-24 21:08:18 <leitao> ncopa, sorry about it.
2017-05-24 21:08:39 <leitao> ncopa, my fault.
2017-05-24 21:08:44 <tmh1999> or p0W3r :D
2017-05-24 21:08:55 <leitao> tmh1999: that sounds cool!
2017-05-24 21:08:59 <Shiz> IBM POWA
2017-05-24 21:09:11 <leitao> in fact, I think the correct naming is "IBM z Systems"
2017-05-24 21:09:53 <tmh1999> don't worry it is not a big deal. I have seen people using System Z or System z all the time. To be exact, our Alpine s390x should be "Linux on z" https://en.wikipedia.org/wiki/Linux_on_z_Systems. System z can run many OS. Linux is one of them.
2017-05-24 21:10:14 <ncopa> IBM z System
2017-05-24 21:10:22 <ncopa> sounds more correct to me :)
2017-05-24 21:10:33 <tmh1999> https://en.wikipedia.org/wiki/IBM_System_z
2017-05-24 21:10:45 <tmh1999> leitao is right officially : "IBM z Systems"
2017-05-24 21:10:50 <leitao> IBM System z (officially "IBM z Systems"
2017-05-24 21:10:56 <ncopa> yup
2017-05-24 21:11:10 <tmh1999> but most people I work with usually say System z. so, it's not a big deal.
2017-05-24 21:11:24 <leitao> In fact, Power systems is being renamed also. IBM almost do not like to change names.
2017-05-24 21:11:41 <tmh1999> interesting
2017-05-24 21:13:17 <tmh1999> Shiz : POWA, sounds like a Japanese
2017-05-24 21:13:33 <ncopa> refresh
2017-05-24 21:13:35 <ncopa> ok to push?
2017-05-24 21:13:43 <Shiz> ポワですね？
2017-05-24 21:13:51 <tmh1999> \o/
2017-05-24 21:14:42 <leitao> here we go
2017-05-24 21:17:39 <jirutka> ncopa: please tweet it from @AlpineLinux account ;)
2017-05-24 21:19:25 <leitao> ncopa, should we have ppc64le and s390x images from https://www.alpinelinux.org/downloads/ ?
2017-05-24 21:21:13 <TemptorSent> Don't forget to ping phoronix with the announcement :)
2017-05-24 21:25:12 <ncopa> leitao: yes we should have those images on downloads page, i will fix that tomorrow
2017-05-24 21:25:19 <leitao> ncopa, ok
2017-05-24 21:25:35 <ncopa> TemptorSent: i pinged distrowatch, which is the phoronix email?
2017-05-24 21:25:44 <ncopa> TemptorSent: care to send to phoronix?
2017-05-24 21:26:03 <ncopa> i suppose they could subscribe to alpine-announce if they were interested
2017-05-24 21:26:20 <TemptorSent> Just send it to @phoronix twitter?
2017-05-24 21:27:51 <TemptorSent> I think email is phoronix@phoronix.com
2017-05-24 21:28:04 <TemptorSent> It would be better coming from an @alpinelinux address :)
2017-05-24 21:30:00 <TemptorSent> I'm sure /. will pick it up eventually - I'm not active there other than lurking these days.
2017-05-24 21:32:19 <ncopa> thank you everyone
2017-05-24 21:32:24 <ncopa> im going to bed
2017-05-24 21:32:36 <TemptorSent> Congratulations, and goodnight!
2017-05-24 21:34:00 <Shiz> night ncopa
2017-05-24 21:35:10 <clandmeter> jirutka, how big is the sqlite db now?
2017-05-24 21:35:14 <jirutka> ncopa: good night, sleep well!
2017-05-24 21:35:42 <jirutka> clandmeter: 3.1 GiB
2017-05-24 21:36:10 <clandmeter> and still pretty fast :D
2017-05-24 21:37:01 <jirutka> clandmeter: it almost collapsed when importing v3.6…
2017-05-24 21:38:50 <clandmeter> the smallest table is the slowest i think
2017-05-24 21:39:00 <TemptorSent> Out of curiousity, WTF is sqlite being used for a database that large?
2017-05-24 21:39:08 <jirutka> TemptorSent: exactly
2017-05-24 21:39:26 <clandmeter> because it just works
2017-05-24 21:39:28 <jirutka> TemptorSent: I’m asking the same question every time I see it
2017-05-24 21:39:41 <TemptorSent> Postgres is your friend.
2017-05-24 21:39:47 <jirutka> exactly!
2017-05-24 21:40:38 <TemptorSent> What does the DB contain that it's up to 3.1G in the first place? Every version of every package?
2017-05-24 21:41:03 <clandmeter> filelist of every pkg
2017-05-24 21:41:29 <Shiz> ^this is why we don't want that in the APKINDEX
2017-05-24 21:41:31 <Shiz> :P
2017-05-24 21:41:35 <TemptorSent> Okay, every package EVER?
2017-05-24 21:41:40 <Shiz> no
2017-05-24 21:41:42 <Shiz> every current package
2017-05-24 21:41:45 <Shiz> for 3.3-3.6 and edge
2017-05-24 21:42:03 <jirutka> and the DB schema is not very well designed
2017-05-24 21:42:07 <TemptorSent> Somehow, that seems beyond absurd, but I suppose it's not impossible.
2017-05-24 21:42:16 <jirutka> yes
2017-05-24 21:42:20 <TemptorSent> It should compress VERY well.
2017-05-24 21:42:42 <jirutka> it’s sqlite, embedded DB for tiny things, not for something like this!
2017-05-24 21:42:58 <jirutka> I’m really surprised that it still somehow works…
2017-05-24 21:43:09 <TemptorSent> Well, given enough memory... :)
2017-05-24 21:44:05 <clandmeter> the schema is so bad, it still works at 3.1G :)
2017-05-24 21:44:57 <jirutka> i didn’t say that it’s bad, just not well designed…
2017-05-24 21:45:02 <jirutka> there are even functional problems
2017-05-24 21:45:18 <jirutka> like that bumping pkgrel also erases flag
2017-05-24 21:45:25 <Shiz> is there any other schema you need than (id: int, branch: enum, arch: enum, repo: enum, pkgname, pkgver) and (pkgid: int, path)?
2017-05-24 21:45:36 <jirutka> yes
2017-05-24 21:46:05 <TemptorSent> Especially if you want it fast and enforcing relational integrity.
2017-05-24 21:46:33 <jirutka> relational integrity? there’s no such thing in this db :/
2017-05-24 21:46:45 <TemptorSent> Right.
2017-05-24 21:48:46 <TemptorSent> For what it's primarily used for, the path and hash value for that file/link target for link should form a primay key
2017-05-24 21:50:33 <TemptorSent> With the package relation being a secondary key.
2017-05-24 21:50:53 <Shiz> primary keys have to be unique...
2017-05-24 21:51:05 <TemptorSent> path + hash IS unique.
2017-05-24 21:51:19 <TemptorSent> Or you have the same item :)
2017-05-24 21:51:25 <Shiz> yes, which is often enough the case...
2017-05-24 21:51:43 <TemptorSent> So, why store multiple copies of th metadata?
2017-05-24 21:51:47 <Shiz> also, you're the only one talking about hashes here, i don't see why they need to be added
2017-05-24 21:52:25 <TemptorSent> How else do you tell if a file changed?
2017-05-24 21:52:38 <jirutka> sigh
2017-05-24 21:52:50 <Shiz> you... don't?
2017-05-24 21:52:57 <Shiz> it's a file list, not a file content list
2017-05-24 21:53:29 <jirutka> however, storing hash of every file is not a bad idea, it may be useful for various things
2017-05-24 21:53:44 <Shiz> if you want massive duplicate entries, sure
2017-05-24 21:53:47 <Shiz> :P
2017-05-24 21:53:53 <TemptorSent> If two packages have the same path, it's nice to know if it's in fact the same content or not.
2017-05-24 21:53:54 <clandmeter> we could add many things that "could" be usefull
2017-05-24 21:53:56 <jirutka> actually opposite…
2017-05-24 21:54:17 <Shiz> TemptorSent: you're *again* pulling extra things into scope that is not the point of the discussion
2017-05-24 21:54:19 <Shiz> please stop doing that
2017-05-24 21:54:46 <TemptorSent> Determining whether the version in a given branch is different than the one you currently have isn't useful?
2017-05-24 21:55:05 <jirutka> it is useful, just quite out of scope of pkgs.a.o…
2017-05-24 21:55:07 <Shiz> it's not the point of the file list
2017-05-24 21:55:25 <Shiz> we could add automated beverage making abilities to p.a.o, that doesn't mean it's relevant to it
2017-05-24 21:55:36 <Shiz> please stop trying to pull extra things into scope in discussions about other things
2017-05-24 21:55:44 <jirutka> ^ +1
2017-05-24 21:56:07 <Shiz> it's fine to have those ideas, but have separate discussions for them
2017-05-24 21:56:09 <Shiz> :P
2017-05-24 21:56:12 <TemptorSent> If I have a file on my local machine, I take it's hash, and look at the one in the current package -- if they differ, I might upgrade because of a particular issue, otherwise, I might not care.
2017-05-24 21:57:43 <TemptorSent> Is it a generic file list, or a specific $pkg-$pkgver vs path list?
2017-05-24 21:58:24 <jirutka> file list per each individual pkg
2017-05-24 21:58:27 <TemptorSent> If a file builds differently in one branch than another for the same package, I might want to know that too.
2017-05-24 21:58:44 <Shiz> groan
2017-05-24 21:58:51 <Shiz> please, if you want to have this discussion, start it another time
2017-05-24 21:58:58 <TemptorSent> Using a real database makes asking useful questions much easier.
2017-05-24 21:59:01 <Shiz> not when we are talking about other things
2017-05-24 21:59:23 <clandmeter> pkgs filelist function is to search for filenames, it has not other function. if you need something more advance hook it into apk-tools or some other tool.
2017-05-24 22:00:29 <TemptorSent> apk-tools can't help unless EVERY package you want to query is installed (which is impossible for many reasons)
2017-05-24 22:01:23 <TemptorSent> When I think file list, I'm thinking at least as detailed as tar -tvf, and preferably better.
2017-05-24 22:01:52 <jirutka> TemptorSent: we all know about it
2017-05-24 22:02:03 <jirutka> TemptorSent: IIRC it’s planned to new major version of apk-tools
2017-05-24 22:02:15 <clandmeter> and sqlite is maybe not optimal for large db's, but until now it works acceptable, and the major benefit is less maintenance then mariadb or postgress.
2017-05-24 22:02:22 <TemptorSent> If I'm trying to diagnose something, being able to get as much detail as possible on what I SHOULD have from the web interface would be immeasurably helpful.
2017-05-24 22:02:43 <Shiz>   @Shiz │ it's fine to have those ideas, but have separate discussions for them
2017-05-24 22:02:43 <TemptorSent> I find postgres to be very low maint.
2017-05-24 22:02:46 <Shiz> please.
2017-05-24 22:03:21 <clandmeter> yes, there has been talk to implement filelist into apk-tools as a separate index.
2017-05-24 22:03:32 <TemptorSent> So you're going to consider redesigning the database without considering what information you'd like to be able to retrieve?
2017-05-24 22:04:13 <clandmeter> but still, even if those indexes exist, apk tools wont have the functions to do more adv queries. (and i dont think fabled is planning to implement that).
2017-05-24 22:14:46 <Shiz> btw, question
2017-05-24 22:14:50 <Shiz> why is it called nodejs and nodejs-current
2017-05-24 22:14:56 <Shiz> shouldn't it be something like nodejs and nodejs-lts?
2017-05-24 22:15:45 <jirutka> no
2017-05-24 22:15:53 <jirutka> b/c nodejs is the default
2017-05-24 22:16:14 <jirutka> nodejs-current (“current” is how upstream calls it) is the latest with short support period
2017-05-24 22:16:24 <jirutka> https://github.com/nodejs/LTS
2017-05-24 22:16:35 <Shiz> alright
2017-05-24 22:17:11 <jirutka> some distributions do not provide “current” at all, just LTS named simply as “nodejs”
2017-05-24 22:17:39 <Shiz> i'm almost thinking we should call it nodejs-lts with provides="nodejs"
2017-05-24 22:17:41 <Shiz> :P
2017-05-24 22:17:52 <jirutka> why?
2017-05-24 22:18:02 <jirutka> i’d just confuse users imo
2017-05-24 22:18:15 <Shiz> because semantically it seems more like nodejs is a virtual that could be fulfilled by either nodejs-lts or nodejs-current
2017-05-24 22:18:21 <Shiz> better for dependencies etc
2017-05-24 22:18:40 <jirutka> I think that we should promote stable version, not unstable
2017-05-24 22:18:54 <Shiz> sure, and as such if you # apk add nodejs it will nodejs-lts by default
2017-05-24 22:19:13 <jirutka> nodejs-current has shorter support period than our main repo, that’s why it’s in community
2017-05-24 22:19:23 <Shiz> i know...
2017-05-24 22:19:39 <jirutka> currenty nodejs-current provides=nodejs
2017-05-24 22:20:20 <jirutka> there’s similar situation with nginx, just we don’t have nginx-mainline pkg (yet)
2017-05-24 22:20:43 <jirutka> why to name it nginx-stable and nginx-mainline?
2017-05-24 22:21:49 <Shiz> because a package without suffix is confusing imo
2017-05-24 22:21:56 <jirutka> <Shiz>: "because semantically it seems more like nodejs is a virtual that could be fulfilled by either nodejs-lts or nodejs-current" … yeah, you’re right, but that would require proper support for “alternatives”…
2017-05-24 22:21:56 <Shiz> i search for nodejs* in p.a.o, i see nodejs and nodejs-current
2017-05-24 22:22:08 <Shiz> and i wonder what the difference is :P
2017-05-24 22:22:17 <Shiz> if it was named nodejs-lts i could immediately see the difference
2017-05-24 22:22:30 <jirutka> nodejs-current is not very good name :/
2017-05-24 22:23:09 <jirutka> do you read descriptions? ;) “JavaScript runtime built on V8 engine - LTS version”
2017-05-24 22:23:28 <jirutka> but once again, the main reason for this is our lack of proper support for “alternatives”
2017-05-24 22:23:39 <Shiz> i don't think this is about alternatives, more about virtuals
2017-05-24 22:23:43 <Shiz> :p
2017-05-24 22:24:08 <Shiz> jirutka: descriptions only show when you hover over
2017-05-24 22:24:14 <Shiz> and imo shouldnt be needed to understand the package purpose
2017-05-24 22:24:16 <Shiz> :P
2017-05-24 22:24:27 <jirutka> it’s tightly related
2017-05-24 22:25:43 <jirutka> when you have pkg A and B, both provides=X, you can’t do apk add X
2017-05-24 22:25:54 <jirutka> b/c there’s no mechanism how to decide what is the default
2017-05-24 22:26:44 <jirutka> and since not many ppl understand this problem and we’re all very busy, it’s still not solved
2017-05-24 22:27:00 <jirutka> so we’re still workarounding these limitations of apk :/
2017-05-24 22:27:07 <TemptorSent> Virtuals should be used in cases where installing pkgX results in actually installing pkgX1 ... pkgXn. Alternatives should support 1 (or more) of N possible providers.
2017-05-24 22:28:09 <jirutka> this reminds me that I said some time ago that I’ll document this, so I don’t have to explain it every time this topic appear again, but still haven’t done it :(
2017-05-24 22:28:42 <jirutka> I need a time machine :(
2017-05-24 22:29:02 <jirutka> or longer day or I don’t know
2017-05-24 22:29:05 <TemptorSent> Just don't break down in the past.
2017-05-24 22:30:57 <TemptorSent> Was the conversation logged perchance?
2017-05-24 22:31:20 <jirutka> every conversation here is logged
2017-05-24 22:31:30 <jirutka> but it’s almost impossible to find something in IRC logs…
2017-05-24 22:32:08 <TemptorSent> Well, at least knowing the channel helps -- if it was this one, we might have a chance, if it was -offtopic, all bets are off.
2017-05-24 22:32:34 <jirutka> this one
2017-05-24 22:32:50 <jirutka> we usually don’t discuss on topic things in -offtopic
2017-05-24 22:33:06 <TemptorSent> I recall a discussion on alternatives with kaniini recently.
2017-05-24 22:33:16 <jirutka> yes
2017-05-24 22:33:31 <TemptorSent> Is that the conversation you're referring to?
2017-05-24 22:33:36 <jirutka> no
2017-05-24 22:33:49 <jirutka> but we’ve discussed this alreday many times
2017-05-24 22:33:55 <jirutka> in past a year or more
2017-05-24 22:35:26 <TemptorSent> Okay, so where should this get documented so you don't have to feel like the movie groundhog day?
2017-05-24 22:35:59 <jirutka> on wiki…
2017-05-24 22:36:35 <TemptorSent> Tag as 'apk_TODO'?
2017-05-24 22:36:58 <jirutka> TODO:apk may be better
2017-05-24 22:37:07 <jirutka> I’ve already created https://wiki.alpinelinux.org/wiki/TODO:py3_packages some time ago
2017-05-24 22:37:24 <jirutka> but lists on this page are outdated
2017-05-24 22:37:31 <TemptorSent> Okay, can we start an 'apk_internals' stub to link it to?
2017-05-24 22:37:32 <jirutka> just fyi
2017-05-24 22:37:53 <Shiz> we need to use the new wiki ;)
2017-05-24 22:37:55 <Shiz> speaking of new wiki
2017-05-24 22:38:01 <TemptorSent> New wiki?
2017-05-24 22:38:08 <Shiz> i feel like it would be nice if we could get some semeantic organistaion in the urls there
2017-05-24 22:38:13 <Shiz> https://github.com/alpinelinux/alpine-wiki
2017-05-24 22:38:15 <TemptorSent> Agreed.
2017-05-24 22:38:20 <Shiz> https://docs.alpinelinux.org/Home
2017-05-24 22:38:39 <jirutka> there are SO MANY things needed to do with new wiki to make it usable AND maintainable long-term
2017-05-24 22:39:40 <Shiz> the only thing i can think of is write a bot to merge PRs to it if they don't contain known bad stuff automatically
2017-05-24 22:39:43 <Shiz> like a... wiki :P
2017-05-24 22:39:52 <Shiz> aside from article migration
2017-05-24 22:40:16 <jirutka> ?
2017-05-24 22:40:40 <Shiz> ?
2017-05-24 23:00:15 <TemptorSent> See https://wiki.alpinelinux.org/wiki/Apk_internals
2017-05-24 23:01:03 <TemptorSent> There's a stub to start documenting the internals of apk, and a link to the stub for TODO:apk.
2017-05-24 23:19:44 <minimalism> just read the 3.6 news post, did UEFI not make it?
2017-05-24 23:23:22 <jirutka> Shiz: is there some way how to get version information from static library (*.a)?
2017-05-24 23:23:29 <Shiz> no
2017-05-24 23:24:14 <jirutka> Shiz: even when it’s contained in sources and available in runtime, so it must be there somewhere…?
2017-05-24 23:24:49 <jirutka> Shiz: https://github.com/lua/lua/blob/master/lua.h#L21
2017-05-24 23:26:07 <jirutka> I know that this is for preprocessor, but Lua provides lua variable _VERSION, so it must be here somewhere
2017-05-24 23:28:41 <jirutka> ha, strings! but it just returns all strings without any context
2017-05-24 23:29:04 <Shiz> i mean
2017-05-24 23:29:07 <Shiz> not in a genric way
2017-05-24 23:29:40 <jirutka> i need it only for valid Lua libraries
2017-05-24 23:29:49 <jirutka> so i don’t need a generic way in this case
2017-05-24 23:30:34 <jirutka> but it’d be great if it can determine that it’s really lua library and not just binary that happens to include string "Lua x.y"
2017-05-24 23:42:30 <Shiz> why do you need to determine this from the .a?
2017-05-24 23:43:42 <jirutka> to verify that the given/found static library is in the correct version
2017-05-24 23:58:07 <Shiz> i don't think symbol/string hackery is right...
2017-05-24 23:59:35 <jirutka> me neither, so what is the right solution? :)
2017-05-25 00:29:25 <gqrc> Hello, small question : I see on https://github.com/alpinelinux/mkinitfs/blob/master/nlplug-findfs.c#L877 that nlplug-findfs doesn't search for apkovl in other place than the device root directory, is there a reason why ? Is it considerable to make this configurable or set it to 2 to allow placing apkovl in a sub directory ?
2017-05-25 00:33:42 <gqrc> (also, at least on a rpi, nlplug-findfs seems to take several seconds to run, I guess it could be one of the slow thing in the boot, wouldn't it be a good option to let the user specify the "boot device" instead of scanning everything (from what I see at https://github.com/alpinelinux/mkinitfs/blob/master/initramfs-init.in#L427) ?)
2017-05-25 08:55:56 <ncopa> minimalism: no UEFI did not make it sorry
2017-05-25 09:06:25 <minimalism> ncopa: Is it still planned for a future release like 3.7?
2017-05-25 09:06:33 <ncopa> yes
2017-05-25 09:06:36 <ncopa> the thing is
2017-05-25 09:06:46 <ncopa> you can set up uefi manually
2017-05-25 09:06:58 <ncopa> we just dont support it form the setup script
2017-05-25 09:07:11 <ncopa> i actually looked at it yesterday
2017-05-25 09:07:28 <ncopa> atleast at gpt partitioning
2017-05-25 09:07:37 <ncopa> and realized that it will take some time to fix it
2017-05-25 09:07:40 <ncopa> and will require some testing
2017-05-25 09:08:55 <minimalism> I know you can set it up manually, I was just looking forward to it having default support so I could dd the image to my USB as a rescue disk and easy way to install Alpine.
2017-05-25 09:09:09 <minimalism> That's cool though if it may happen in 3.7. Looking forward to that.
2017-05-25 09:10:13 <ncopa> https://wiki.alpinelinux.org/wiki/Create_UEFI_boot_USB
2017-05-25 10:51:00 <ncopa> tmh1999_2: it woudl be nice to fix the reso of the s390x build errors in testing
2017-05-25 11:10:37 <scadu> hm, I wonder if it would be possible to send e-mail notification to package maintainer if there is a PR pending. not all maintainers have push access, but it might be useful. e.g. pr 1562 /cc ncopa
2017-05-25 11:11:03 <ncopa> scadu: good idea
2017-05-25 11:11:15 <ncopa> the maintainer could review and accept it
2017-05-25 11:11:52 <ncopa> then we could have some bot who will pull all the maintainer-accepted PRs that passes travis
2017-05-25 11:12:33 <scadu> that might be risky
2017-05-25 11:12:36 <^7heo> nice idea
2017-05-25 11:13:00 <^7heo> scadu: depending on our tests
2017-05-25 11:13:18 <scadu> ^7heo: it would require further discussion on ml
2017-05-25 11:13:30 <^7heo> as always :p
2017-05-25 11:13:56 <scadu> welp, as always there is discussion on channel and most of us is not able to take a part in this or even follow the discussion
2017-05-25 11:14:04 <scadu> since it's an offtop after 10 minutes XD
2017-05-25 11:14:31 <scadu> anyway, email notifications to maintainer about pending PRs would be useful. jirutka, what do you think?
2017-05-25 11:14:34 <^7heo> that's why we have -offtopic
2017-05-25 11:14:54 <scadu> ^7heo: you know what I'm talking about :P
2017-05-25 11:22:46 <fcolista> rnalrd, https://bugs.alpinelinux.org/issues/7321
2017-05-25 11:23:05 <fcolista> if abi doesn't break, can we upgrade to 4.5.10 ?
2017-05-25 11:23:44 <rnalrd> should be okay to upgrade
2017-05-25 11:24:09 <fcolista> it requires other -dev pkgs though
2017-05-25 11:24:42 <fcolista> otherwise i apply a patch and leave the smb-package version
2017-05-25 11:24:45 <rnalrd> if they aren't avail in 3.5, then you need to patch
2017-05-25 11:24:55 <fcolista> it's available
2017-05-25 11:25:05 <fcolista> i've added it and is building
2017-05-25 11:25:08 <rnalrd> they need to be in main
2017-05-25 11:25:11 <fcolista> ...so far
2017-05-25 11:25:43 <fcolista> yes
2017-05-25 11:25:47 <fcolista> it's acl-dev
2017-05-25 11:25:52 <fcolista> and it's in main
2017-05-25 11:37:48 <ncopa> fcolista: samba is ok to update
2017-05-25 11:38:46 <ncopa> sasmba has pretty good upstream support for older branches, so for those we can upgrade to latest
2017-05-25 11:39:33 <fcolista> soudns good. I'm building 4.5.10 for 3.5-stable
2017-05-25 11:39:44 <ncopa> +1
2017-05-25 11:40:04 <ncopa> how do you :thumb-up: in irc?
2017-05-25 11:44:07 <^7heo> how did we fix the issue in samba?
2017-05-25 11:45:26 <ncopa> upgrade to latest fixed version
2017-05-25 11:47:16 <ncopa> i am very annoyed by the busybox udhcpc issue
2017-05-25 11:47:26 <ncopa> that it prints info on stderr
2017-05-25 11:49:25 <consus> If this is not the design flaw the would like to merge a patch I guess
2017-05-25 11:49:31 <consus> *they
2017-05-25 12:00:43 <ncopa> consus: it was done on purpose to reduce size
2017-05-25 12:00:55 <ncopa> they removed bb_info_msg
2017-05-25 12:01:00 <ncopa> and replaced tieh bb_error_msg
2017-05-25 12:01:48 <ncopa> fcolista: im working on samba issue on 3.3
2017-05-25 12:03:31 <consus> Err
2017-05-25 12:03:32 <consus> Wow
2017-05-25 12:04:04 <ncopa> consus: which is why i am annoyed :)
2017-05-25 12:04:35 <consus> So they now do not have a distinction between errors and the regular output?
2017-05-25 12:04:49 <ncopa> that is the exact problem
2017-05-25 12:05:01 <consus> In *every* goddamn applet?
2017-05-25 12:05:32 <ncopa> http://lists.busybox.net/pipermail/busybox/2017-May/085458.html
2017-05-25 12:05:44 <ncopa> i think it was udhcp mostly
2017-05-25 12:05:51 <ncopa> check the git log
2017-05-25 12:07:08 <consus> networking/ntpd.c:      bb_error_msg("setting time to %s.%06u (offset %+fs)", buf, (unsigned)tvn.tv_usec, offset);
2017-05-25 12:07:18 <consus> Wow
2017-05-25 12:07:28 <consus> ntpd actually set time
2017-05-25 12:07:43 <consus> That's an error for sure
2017-05-25 12:13:41 <consus> Also it's pretty trivial to make a function that accepts FILE *
2017-05-25 12:13:50 <consus> And two macros for each level
2017-05-25 12:13:54 <consus> stdio/stderr
2017-05-25 12:14:03 <consus> No extra size, everyone is happy
2017-05-25 12:20:10 <ncopa> consus: i actually tried that, but it will add a few bytes
2017-05-25 12:20:15 <ncopa> 100+ bytes i think
2017-05-25 12:20:40 <consus> This is pretty marginal
2017-05-25 12:21:08 <ncopa> i think the reason they removed bb_info_msg was to save fewer bytes than that
2017-05-25 12:21:15 <consus> P_P
2017-05-25 12:21:16 <ncopa> check the git log
2017-05-25 12:21:20 <consus> Yeah
2017-05-25 12:21:21 <consus> 63 bytes
2017-05-25 12:25:14 <consus> Well
2017-05-25 12:25:33 <consus> It does not add anything in my simple stupid test
2017-05-25 12:26:16 <consus> But I should play more with the compiler options
2017-05-25 12:27:15 <jirutka> ncopa: scadu: yes, it’s on my TODO list to write such bot
2017-05-25 12:29:51 <scadu> jirutka: awesome!
2017-05-25 12:33:32 <jirutka> article about Alpine Linux is now on the main page of root.cz (the biggest Czech news server focused on Linux) https://www.root.cz/ !
2017-05-25 12:34:05 <scadu> aw yis
2017-05-25 12:34:34 <fcolista> ncopa, #7319 done
2017-05-25 12:34:34 <jirutka> lol, someone in “discussion” is hating that our virtual variant does not boot on Hyper-V
2017-05-25 12:34:57 <fcolista> jirutka, \o/
2017-05-25 12:35:07 <jirutka> https://bugs.alpinelinux.org/issues/1021
2017-05-25 12:35:25 <scadu> I don't understand nothing, but it's lightweight and focused on security XD
2017-05-25 12:35:38 <jirutka> how the heck use Hyper-V?
2017-05-25 12:36:06 <jirutka> scadu: you said that you can read Czech a little, didn’t you? :)
2017-05-25 12:37:38 <scadu> jirutka: more or less :P
2017-05-25 12:38:45 <jirutka> btw the article is not related to our new release, it’s just a coincidence that Petr published it the same day
2017-05-25 12:39:35 <jirutka> I’ve sent him email right after I noticed that to fix information about ppc64le and s390x being in preparation
2017-05-25 12:44:05 <fcolista> ncopa, I'm going to upgrade samba to 4.4.14 in 3.4-stable
2017-05-25 12:50:11 <ncopa> fcolista, im almost done with amba for 3.4
2017-05-25 12:50:21 <fcolista> ah ok
2017-05-25 12:50:23 <ncopa> there were a couple of libs that disapeared
2017-05-25 12:50:26 <fcolista> acl-dev
2017-05-25 12:50:36 <fcolista> what's the other one?
2017-05-25 12:51:02 <ncopa> acl-dev needed?
2017-05-25 12:51:08 <fcolista> yes
2017-05-25 12:51:12 <ncopa> uhm
2017-05-25 12:51:17 <ncopa> ok, i let you pish it then :)
2017-05-25 12:51:29 <fcolista> it was needed for 3.5-stable as well
2017-05-25 12:51:54 <fcolista> configure requires that
2017-05-25 12:58:30 <ncopa> ok i have samba 4.4.14 built on 3.4
2017-05-25 12:58:34 <ncopa> i think i'll push it?
2017-05-25 12:58:38 <ncopa> ok with you fcolista?
2017-05-25 12:58:48 <fcolista> sounds good ncopa
2017-05-25 12:58:57 <fcolista> my version is still building :)
2017-05-25 13:29:23 <fcolista> ncopa, is #7327 referring to edge?
2017-05-25 13:29:31 <fcolista> when i see 3.7
2017-05-25 13:29:44 <fcolista> this is edge, right?
2017-05-25 13:29:56 <fcolista> so a correct commit is:
2017-05-25 13:29:57 <fcolista> main/libtasn1: security fix for CVE-2017-6891. Fixes #7327
2017-05-25 13:31:11 <ncopa> yes
2017-05-25 13:31:17 <ncopa> 3.7 is git master
2017-05-25 13:32:17 <fcolista> ok cool
2017-05-25 13:32:18 <fcolista> thx
2017-05-25 13:47:12 <leitao> is there a stats of Alpine users per platform? I would like to know how many users will use Alpine on ppc64le.
2017-05-25 13:56:50 <fcolista> ncopa, i'm on libtasn1
2017-05-25 13:59:47 <ncopa> leitao: we dont have much stats
2017-05-25 14:05:29 <jirutka> leitao: that yet another thing on my TODO list, but this depends on new mirrors infra (with MQTT) :)
2017-05-25 14:39:58 <ncopa> g++: internal compiler error: Segmentation fault (program cc1plus)
2017-05-25 14:40:07 <ncopa> i get that when building openjdk8
2017-05-25 14:40:11 <ncopa> dunno what happens
2017-05-25 14:40:12 <Shiz> oh dear
2017-05-25 14:40:50 <ncopa> i have seen it before on my workstation
2017-05-25 14:41:01 <ncopa> but apparently, it does not happen on the builder
2017-05-25 14:47:24 <ncopa> ok, i think i found it
2017-05-25 14:47:38 <ncopa> openjdk will automatically pull inn ccache if it is found
2017-05-25 14:49:36 <^7heo> wait, 3.6 is out already?
2017-05-25 14:53:00 <Shiz> yes
2017-05-25 14:53:53 <ncopa> bah
2017-05-25 14:54:00 <ncopa> im stuck on the g++ segfault
2017-05-25 14:54:11 <^7heo> but but but
2017-05-25 14:54:35 <^7heo> rc2 was out only a couple of days ago
2017-05-25 14:55:09 <^7heo> and there was no rc3
2017-05-25 14:55:15 <^7heo> right?
2017-05-25 14:56:29 <Shiz> ncopa: remove ccache? :P
2017-05-25 14:58:34 <ncopa> yup
2017-05-25 14:59:07 <ncopa> ^7heo: 3.6.0 should have been out 1 May
2017-05-25 15:02:03 <Shiz> ncopa: i wanna go experiment with clang as system compiler btw
2017-05-25 15:02:10 <Shiz> not necessarily for official inclusion anytime soon
2017-05-25 15:02:14 <Shiz> but it seems interesting to pursue
2017-05-25 15:02:20 <ncopa> yes
2017-05-25 15:02:33 <ncopa> i dont think kernel wil build with it yet
2017-05-25 15:02:47 <Shiz> i've got a bunch of patches queued up locally that clean up the llvm-related packages
2017-05-25 15:02:57 <Shiz> yeah it needs the llvmlinux patches for that i think
2017-05-25 15:03:05 <Shiz> but it's okay to have *some* pkgs with gcc build deps
2017-05-25 15:03:40 <Shiz> but the goal is a fully gnu-less toolchain base system :P
2017-05-25 15:03:47 <Shiz> meaning clang, compiler-rt, llvm-libunwind, libc++
2017-05-25 15:03:51 <Shiz> and everything built against that
2017-05-25 15:17:23 <kaniini> hi,
2017-05-25 15:17:29 <kaniini> i'm working on determining viability of moving python2 to community
2017-05-25 15:17:41 <kaniini> i'd like to do this early just to get it out of the way
2017-05-25 15:20:04 <jirutka> I’m afraid that we can’t move python2 to community yet :(
2017-05-25 15:20:23 <jirutka> some non-python pkgs needs python2 to build
2017-05-25 15:21:31 <kaniini> fedora has a lot of patches we can take for that
2017-05-25 15:21:40 <kaniini> they have also been working on making python3 the 'system python'
2017-05-25 15:22:43 <jirutka> hm, yeah, that’s true
2017-05-25 15:27:50 <ncopa> kaniini: sounds like a nice goal for alpine 3.7
2017-05-25 15:27:59 <ncopa> i need to go
2017-05-25 15:28:02 <ncopa> have a nice evening
2017-05-25 15:32:10 <kaniini> yes, i think it's feasible 100%
2017-05-25 15:33:55 <^7heo> Shiz: that would be really great
2017-05-25 15:50:03 <Shiz> i wouldn't make python default to python3
2017-05-25 15:50:11 <Shiz> it's a violation of some or another PEP
2017-05-25 15:52:50 <jirutka> this one https://www.python.org/dev/peps/pep-0394/
2017-05-25 15:55:37 <Shiz> yeah
2017-05-25 16:15:44 <kaniini> yes, the 'python' command will just be unavailable unless you install python2
2017-05-25 16:15:53 <kaniini> which is compliant with PEP-0394
2017-05-25 16:57:20 <Shiz> rebuilding llvm
2017-05-25 16:57:21 <Shiz> :(
2017-05-25 18:01:33 <tmh1999> ncopa : I am working on implementing the EBCDIC in musl, in parallel with making booting s390x in a KVM, whichever comes first I will use it to boot Alpine then we can build packages in testing properly. As a matter of fact, building packages in containers without Alpine kernel brought us some problems.
2017-05-25 18:02:41 <tmh1999> ncopa : so that I postpone working on building/fixing packages in testing, is it okay for now ?
2017-05-25 18:43:44 <kaniini> i'm not ncopa, but seems fine to me
2017-05-25 18:49:09 <ncopa> tmh1999: that is fine with me
2017-05-25 18:49:32 <ncopa> tmh1999: but i think you should talk with #musl ppl re the EBCDIC
2017-05-25 18:49:38 <ncopa> might be they dont want it there
2017-05-25 18:50:24 <tmh1999> ncopa : I talked with dalias last month, he is cool with it, gave me some instructions
2017-05-25 18:50:33 <ncopa> good
2017-05-25 18:50:39 <tmh1999> :D
2017-05-25 18:51:17 <ncopa> im fine with it as long as they are
2017-05-25 18:51:25 <ncopa> point is that we need to cooperate with upstream devs
2017-05-25 18:52:17 <tmh1999> sure I will try. when I have a preliminary patch, I will ask them in irc first then ml
2017-05-25 19:00:14 <tmh1999> actually I booted Alpine s390x in a KVM alright. but that's on my laptop x86_64, which means emulation mode. I still have problem with booting on s390x host, which is "pure" virtualization
2017-05-25 19:00:31 <tmh1999> with some help from kaniini regarding /dev/console last month :)
2017-05-25 19:28:47 <nonarkitten> Has anyone had any issues with 3.6.0 on the Raspberry Pi 2 (either 1.1 or 1.2 boards)?
2017-05-25 19:34:27 <xentec> nonarkitten: which issues?
2017-05-25 20:18:49 <Shiz> it seems permissions on /var/tmp changed with edge?
2017-05-25 20:18:56 <Shiz> from 777+t root:root to 755 root:root
2017-05-25 20:18:59 <Shiz> that seems problematic
2017-05-25 20:20:48 <trfl> at least with certain php5 configurations (not sure if that part is still default), file uploading breaks
2017-05-25 20:20:55 <trfl> php7 uses /tmp rather than /var/tmp so that remains fine
2017-05-25 20:35:59 <TemptorSent> kaniini: Would doing something simple like adding an interposer function between apk_tar_parse and apk_sign_ctx_verify_tar that prints the manifest line for each entry be a reasonable approach to implementing manifest-apk-file?
2017-05-25 20:39:01 <TemptorSent> Doing it in that manner would allow us to mark files failing their verification in the manifest if we so choose.
2017-05-25 20:40:29 <trfl> oh, regarding the php5 issue it looks like the default is /tmp so it wouldn't have been a problem on stock config
2017-05-25 20:54:00 <Shiz> jirutka: ping
2017-05-25 21:14:55 <nonarkitten> 3.6 simply will not boot for me at all
2017-05-25 21:15:16 <nonarkitten> If I overwrite the /boot folder then it's okay
2017-05-25 22:16:17 <jirutka> Shiz: pong
2017-05-25 22:16:55 <Shiz> jirutka: im queuing up a bunch of llvm-related pkg patches
2017-05-25 22:17:00 <Shiz> was wondering if you could take a look at them i na bit :)
2017-05-25 22:17:59 <jirutka> yeah, sure, tomorrow
2017-05-25 22:18:31 <Shiz> sure
2017-05-25 22:18:54 <Shiz> jirutka: id like to make an integrated toolchain from the llvm packages
2017-05-25 22:28:49 <Shiz> e.g.
2017-05-25 22:28:54 <Shiz> clang uses compiler-rt, libc++ and lld
2017-05-25 22:28:56 <Shiz> :P
2017-05-25 22:29:25 <jirutka> I’m curious if clang works on x86 correctly
2017-05-25 22:30:17 <Shiz> what was the current issue w/ it again?
2017-05-25 22:32:31 <jirutka> I don’t remember, please look into git logs for compiler-rt or lld, the commit where I disabled x86 or changed back to use gcc for build
2017-05-25 22:32:47 <jirutka> there’s somewhere log from failed build
2017-05-25 22:34:49 <Shiz> gotcha
2017-05-25 22:45:40 <Shiz> https://github.com/alpinelinux/aports/pull/1574
2017-05-25 22:45:43 <Shiz> there we go
2017-05-25 22:50:49 <jirutka> heh, I must really send GitLab devs some info about my packages… they keep adding more and more bloat and yet my gitlab-ce package decreases in size, b/c on every update I found new ways how to optimize size (i.e. found what is redundant or unused)
2017-05-25 22:51:56 <jirutka> today I found that Bundler is stupid and for unknown reason there are binaries of native extensions in three copies… and also all intermediate files (.o) and sources
2017-05-25 23:18:44 <xentec> If you want bloatless gitlab, you might consider using gitea
2017-05-25 23:19:30 <jirutka> nope
2017-05-25 23:20:05 <jirutka> 1st this is not for myself, but company and faculty I work for and they want all the GitLab features
2017-05-25 23:20:32 <jirutka> 2nd for myself I don’t want any of these, GitLab for bloat, Gitea for Go
2017-05-25 23:20:45 <xentec> I thought so
2017-05-25 23:21:06 <Shiz> why you dismiss something on the language it is written in is a eternal mystery to me
2017-05-25 23:21:13 <Shiz> i don't dismiss clang because it's C++ either :p
2017-05-25 23:21:53 <jirutka> it’s more complicated… there are practical and ideological reasons
2017-05-25 23:22:13 <xentec> I suspect jirutka got scarred by its "elaborate" deps handling
2017-05-25 23:22:30 <jirutka> this is one of them
2017-05-25 23:42:03 <Shiz> i wonder which patches freebsd carries for packagse to work with clang
2017-05-25 23:43:09 <Shiz> jirutka: btw, don't try building LLVM as MinSizeRel
2017-05-25 23:43:15 <Shiz> turns out that doesnt work and breaks the build
2017-05-25 23:43:34 <jirutka> have I tried it?
2017-05-25 23:43:42 <jirutka> I mean, is it currently set to MinSizeRel in abuild?
2017-05-25 23:43:57 <jirutka> I remember that it didn’t work in some pkg, maybe itjs this one
2017-05-25 23:44:53 <Shiz> no, just taking a note
2017-05-25 23:44:55 <Shiz> :P
2017-05-25 23:44:57 <Shiz> i tried it
2017-05-25 23:45:08 <jirutka> okay :)
2017-05-25 23:45:38 <kaniini> TemptorSent: i will try to look at it
2017-05-25 23:45:45 <Shiz> my llvm-tests branch has tests for all llvm packages
2017-05-25 23:45:54 <jirutka> perfect!
2017-05-25 23:45:55 <Shiz> im now working in a system-llvm branch that attempts to make clang the system compiler
2017-05-25 23:45:57 <Shiz> hold my beer, and stuff
2017-05-25 23:46:19 <kaniini> ok
2017-05-25 23:46:38 <kaniini> i'll go ahead and merge 1574
2017-05-25 23:46:53 <jirutka> Shiz: I’ll invite you for a beer on October (at LinuxDays) ;)
2017-05-25 23:47:04 <Shiz> :P
2017-05-25 23:47:18 <Shiz> where's lxdays?
2017-05-25 23:48:19 <jirutka> in Prague
2017-05-25 23:48:33 <jirutka> October 7–8
2017-05-25 23:49:00 <jirutka> where the heck is English version of the conference site…
2017-05-25 23:49:31 <Shiz> i hope ithe conference isn't in czech :P
2017-05-25 23:50:19 <jirutka> more than half of the talks will be in English
2017-05-25 23:51:14 <jirutka> I wrote to the conference organizer to fix this ASAP
2017-05-26 00:00:53 <jirutka> i am dead, must go sleep; gn
2017-05-26 00:02:20 <Shiz> nn!
2017-05-26 00:03:01 <jirutka> nn? not now? XD
2017-05-26 00:03:19 <Shiz> night night
2017-05-26 00:03:21 <Shiz> :p
2017-05-26 00:04:22 <jirutka> ’kay :)
2017-05-26 00:14:45 <Shiz> >>>> llvm4-static*: Package size: 1.7 GB
2017-05-26 00:14:49 <Shiz> something is going awfully wrong here
2017-05-26 00:15:15 <Shiz> don't merge that PR yet kaniini :P
2017-05-26 00:25:33 <Shiz> this is bizarre
2017-05-26 01:01:19 <Shiz> https://bugs.alpinelinux.org/issues/7332
2017-05-26 01:01:23 <Shiz> found issue and filed PR
2017-05-26 01:01:25 <Shiz> filed issue*
2017-05-26 01:01:33 <Shiz> rebased the PR to not include a -dbg subpackage naymore
2017-05-26 01:19:50 <Shiz> https://wiki.freebsd.org/GPLinBase
2017-05-26 01:19:52 <Shiz> interesting
2017-05-26 02:34:23 <kaniini> i have mixed feelings on that
2017-05-26 02:35:05 <kaniini> on one hand, encouraging use of free software is good.  on the other hand, clang is just as free as gcc and likely to improve beyond gcc
2017-05-26 02:35:50 <kaniini> and then personally i'm not a huge fan of GPL for core system utilities
2017-05-26 02:41:19 <Shiz> i am likely to think clang is the way forward as far as at least development effort goes
2017-05-26 02:41:26 <Shiz> apple and google pump a lot of effort into clang
2017-05-26 02:42:45 <Shiz> https://txt.shiz.me/MTI2NTA3Mm
2017-05-26 02:43:02 <Shiz> ^ btw, I think this is how to bootstrap an llvm based system i think
2017-05-26 03:06:28 <Shiz> kaniini: you here?
2017-05-26 03:06:34 <Shiz> i seem to be having some issues running bootstrap stuff
2017-05-26 03:08:11 <Shiz> https://txt.shiz.me/YzAwNGY1Mm
2017-05-26 03:08:44 <kaniini> i think you have to run it as root
2017-05-26 03:08:48 <kaniini> i forget
2017-05-26 03:08:53 <kaniini> looks permissions related :)
2017-05-26 03:09:20 <Shiz> but abuild will refuse to run as root
2017-05-26 03:09:22 <Shiz> :P
2017-05-26 03:09:45 <kaniini> idk
2017-05-26 04:01:49 <skarnet> The s6-2.5.1.0 and s6-rc-0.2.0.1 packages, present in Alpine-3.6.0, exhibit random failures that I cannot reproduce when I build the software by hand.
2017-05-26 04:02:03 <skarnet> One of these failures is a SIGILL, which is a very bad sign.
2017-05-26 04:03:24 <skarnet> I've spent too much time tonight trying to isolate the bug, and I need to sleep.
2017-05-26 04:03:44 <skarnet> but my source definitely looks clean, and SIGILL is a smoking gun pointing at the Alpine binaries.
2017-05-26 04:04:30 <skarnet> There's probably something rotten in the way the s6 and s6-rc packages have been built. If the builders or the toolchain are bad, there may be other impacted packages.
2017-05-26 04:05:45 <skarnet> So, I'm just leaving this here for your morning enjoyment. Hate to be the bearer of bad news, but there's an emergency investigation to undertake here.
2017-05-26 04:06:03 <skarnet> Have a nice day.
2017-05-26 09:11:16 <tmh1999> Shiz : scripts/bootstrap.sh detects directories by using PWD. you need to cd into scripts dir and run : ./bootstrap.sh
2017-05-26 09:20:50 <xentec> Shiz: I look forward to your work. having a single compiler for cross-compilation is a dream coming true.
2017-05-26 10:25:25 <skarnet> Sorry for not making a more precise bug-report earlier.
2017-05-26 10:26:08 <skarnet> The arch I experienced the bug on is x86_64. More precisely, this happens on a Virtualbox VM running a pristine alpine-3.6.0 iso, with rootfs = initramfs.
2017-05-26 10:29:52 <fcolista> umh..interesting
2017-05-26 10:32:56 <skarnet> if it were me, I'd give a long hard look at the 3.6.0 toolchain and the build options
2017-05-26 12:45:41 <Shiz> skarnet: thanks for reporting, this seems problematic
2017-05-26 13:10:19 <fcolista> i've an issue with a bootable usb
2017-05-26 13:10:22 <fcolista> alpine 3.6
2017-05-26 13:10:41 <fcolista> /media/usb is mounted RO, and this is the standard
2017-05-26 13:11:07 <fcolista> an apk upgrade that should write in the /media/usb/cache segfaults because it's RO
2017-05-26 13:11:25 <fcolista> also an apk update returns erroe
2017-05-26 13:11:26 <fcolista> also an apk update returns error
2017-05-26 13:11:50 <fcolista> i need to mount -o remount,rw /media/usb and then apk update works fine
2017-05-26 13:11:54 <fcolista> it's only me?
2017-05-26 13:12:10 <fcolista> it happens with other USB thumbs drive of course
2017-05-26 13:21:40 <fabled> fcolista, https://git.alpinelinux.org/cgit/aports/commit/?id=a4ec74c3e8c1734a64736d2fcab63d83ac51fd82
2017-05-26 13:21:59 <fabled> i thought it made before 3.6.0 tag, but apparently did not
2017-05-26 13:22:02 <fabled> ncopa, ^
2017-05-26 13:22:30 <fcolista> we need to backport it
2017-05-26 13:24:32 <fabled> yes
2017-05-26 18:20:53 <kaniini> most people don't seem to knwo that "apk fix" without arguments syncs system state to the declared state
2017-05-26 18:21:02 <kaniini> maybe we should add "apk sync"
2017-05-26 19:18:40 <_ikke_> hai
2017-05-26 19:18:54 <_ikke_> congratz with the 3.6 release (I was absent the last 2 days)
2017-05-26 20:05:38 <Shiz> ive reached a milestong in clang bootstrapping: musl
2017-05-26 20:12:44 <jirutka> kaniini: what do you mean by “syncs system state to the declared state”?
2017-05-26 20:31:10 <kaniini> jirutka: /etc/apk/world
2017-05-26 20:31:18 <jirutka> aha
2017-05-26 20:31:31 <jirutka> that’s like on Gentoo
2017-05-26 21:30:28 <kaniini> jirutka: you can copy an /etc/apk directory to another host and then run `apk fix` and it will install all the same packages as what is on the other machine
2017-05-26 21:30:52 <kaniini> jirutka: my point is that this behaviour is overlooked frequently, so making an explicit `apk sync` would be nice :)
2017-05-26 21:31:14 <jirutka> or maybe just adding this info into --help ;)
2017-05-26 21:31:32 <jirutka> apk sync is imo quite misleading
2017-05-26 21:31:34 <kaniini> well, apk fix seems unnatural for the functionality
2017-05-26 21:31:56 <jirutka> I think that apk fix is a bit better name then apk sync
2017-05-26 21:32:06 <jirutka> I’d expect this from fix more than from sync
2017-05-26 21:32:13 <kaniini> true
2017-05-26 21:32:15 <kaniini> i don't know
2017-05-26 21:32:33 <jirutka> maybe it’s just because I’m former Gentoo user, but I’d think apk sync is like apk update…
2017-05-26 21:32:38 <jirutka> b/c emerge --sync
2017-05-26 21:33:08 <Shiz> same :P
2017-05-26 21:35:25 <kaniini> yes, that is legitimate
2017-05-26 21:35:27 <kaniini> to consider
2017-05-26 21:35:32 <kaniini> because we do use openrc
2017-05-26 21:35:39 <kaniini> so it feels kind of gentooish
2017-05-26 21:41:12 <Shiz> i like fix because like add/remove, it's straight to the point
2017-05-26 21:41:23 <Shiz> sorry, add/del
2017-05-26 21:41:25 <Shiz> ;p
2017-05-26 21:53:00 <consus> Err
2017-05-26 21:53:01 <consus> Guys
2017-05-26 21:53:23 <Shiz> hi
2017-05-26 21:53:25 <consus> I have /etc/passwd.apk-new and /etc/fstab-new files
2017-05-26 21:53:42 <consus> Something tells me that at least these two should be ignored by update scripts
2017-05-26 21:53:48 <consus> Or I am missing something
2017-05-26 21:54:18 <Shiz> why should they be ignored?
2017-05-26 21:54:22 <Shiz> your old files aren't being overwritten :P
2017-05-26 21:54:29 <consus> Well yes
2017-05-26 21:54:36 <consus> But what's the point in creating new ones
2017-05-26 21:54:47 <consus> Well of course I've edited my passwd file
2017-05-26 21:54:50 <consus> That's what it's for
2017-05-26 21:56:32 <Shiz> there's more in there than just your own users
2017-05-26 21:56:41 <consus> Fair enough
2017-05-26 21:56:42 <consus> Btw
2017-05-26 21:56:42 <Shiz> .apk-new files aren't created when you just edit the file
2017-05-26 21:56:49 <Shiz> they are created when both you and a package updated the file
2017-05-26 21:56:52 <Shiz> (afaik)
2017-05-26 21:56:58 <Shiz> so it may add new system users
2017-05-26 21:57:01 <consus> Well that's what I want to clarify
2017-05-26 21:57:27 <consus> I have /etc/mkinitfs/mkinitfs.conf
2017-05-26 21:57:31 <consus> Which I did not touch
2017-05-26 21:57:44 <consus> But I got a shiny new apk-new file for it
2017-05-26 21:58:24 <Shiz> i'm not sure to be honest
2017-05-26 21:58:51 <consus> Ok
2017-05-26 22:00:10 <Shiz> kaniini likely knows better
2017-05-26 22:02:50 <consus> hm
2017-05-26 22:02:57 <consus> update-extlinux.conf has apk-new
2017-05-26 22:02:58 <consus> Strange
2017-05-26 22:03:02 <consus> I did not touch these files
2017-05-26 22:03:35 <consus> Perhaps alpine-setup
2017-05-26 22:04:37 <consus> -root=UUID=d6cf93bb-bc48-4b2f-9fc5-6ae9c86077cc
2017-05-26 22:04:38 <consus> +root=
2017-05-26 22:04:39 <consus> Yeah
2017-05-26 22:04:43 <consus> Seems likely
2017-05-27 03:01:20 <Shiz> we have an LLVM-built build-base!
2017-05-27 12:03:22 <Ganwell> since 3.6 gdb has a strange quirq: gdb ./a.out; run (this is ok); run (takes very long to start). The second run takes very long to start. Can anybody confirm that? I didn't find any bugs on the internet.
2017-05-27 12:03:31 <Ganwell> quirk
2017-05-27 12:20:14 <Ganwell> correction: its not 3.6, its the fact that I bootet a vanilla kernel, long time ago, just because of this problem and after the update I had to reboot.
2017-05-27 12:21:10 <Ganwell> I do the setfattr -n user.pax.flags -v "emr" a.out
2017-05-27 12:21:52 <Ganwell> Sad, seems like I have to develop on vanilla ¯\_(ツ)_/¯
2017-05-27 15:51:56 <Shiz> Ganwell: -hardened doesn't lend itself well to debugging sadly
2017-05-27 20:06:00 <kaniini> 
ACTION is almost done with python2 deprecation

2017-05-27 20:58:40 <Shiz> im crawling ahead with the llvm stuff
2017-05-27 20:58:44 <Shiz> running into cmake issue after cmake isuse
2017-05-27 20:58:45 <Shiz> :P
2017-05-27 21:03:04 <skarnet> why am I not surprised
2017-05-27 21:03:40 <Shiz> cmake really wants you to have a working C++ compiler before building libc++
2017-05-27 21:03:45 <Shiz> which is not necessarily an issue, but...
2017-05-27 21:03:53 <Shiz> its checks don't pass -nodefaultlins or equivalent
2017-05-27 21:04:09 <Shiz> so it'll fail because the C++ compiler youre building a C++ standard library with has no C++ standard library
2017-05-27 21:04:10 <skarnet> C++ development environment are so SIMPLE to bootstrap
2017-05-27 21:04:31 <Shiz> then there's a cyclic dependency between llvm-libunwind and libc++
2017-05-27 21:04:44 <Shiz> where llvm-libunwind requires <new> and libc++ requires llvm-libunwind to do... anything
2017-05-27 21:05:57 <skarnet> people should be required to do everything you're doing before they're allowed to implement a high-level language with a library written in that language
2017-05-27 21:06:30 <Shiz> there's one positive side
2017-05-27 21:06:35 <Shiz> half of the llvm issues are fixed in git already
2017-05-27 21:06:43 <Shiz> so i can just copy patches wholesale from there
2017-05-27 21:09:05 <skarnet> oh, the design is fixed in git already?
2017-05-27 21:09:09 <skarnet> that's nice to hear
2017-05-27 21:25:18 <kaniini> TemptorSent: http://sprunge.us/XSjA
2017-05-27 21:46:28 <Shiz> -- Found compiler-rt library: /root/sysroot-x86//usr/lib/clang/4.0.0/lib/linux/libclang_rt.builtins-i586.a
2017-05-27 21:46:32 <Shiz> praise baby jesus
2017-05-27 21:46:49 <xentec> \o/
2017-05-27 21:52:13 <Shiz> binutils and make compiled \o/
2017-05-27 21:52:23 <skarnet> grats
2017-05-27 22:06:12 <Shiz> hehe, now apk-tools of everything is giving me issues
2017-05-27 22:24:05 <Shiz> kaniini: i wrote up something i thought of in the shower that could help with alternatives and pkgdir at the same time for APK
2017-05-27 22:24:06 <Shiz> https://txt.shiz.me/ZDNkNTY3MD
2017-05-27 22:26:52 <Shiz> not mentioned there is that obviously unrelocated paths need no entryi n the db, and that if you allow multiple relocation targets per source path you can also tackle the FHS emulation part of pkgdir at the same time
2017-05-27 22:31:04 <przemoc> a bit similar to deb diversion
2017-05-27 22:32:44 <przemoc> [which I learned (and forgot already) years ago to tackle pulseaudio and make it second-class citizen, i.e. in front of alsa, not the other way around]
2017-05-27 22:32:47 <skarnet> Shiz: if the /pkg layout is in the /pkg/$pkgname/$pkgver instead of /pkg/$pkgname-$pkgver, then you need a /pkg/$pkgname/default symlink
2017-05-27 22:32:57 <skarnet> in the ... format
2017-05-27 22:33:21 <Shiz> you would need one in /pkg/$pkgname-$pkgver too, no?
2017-05-27 22:33:31 <Shiz> i don't see how the handling would differ immediately
2017-05-27 22:33:36 <skarnet> you just need /pkg/$pkgname to be a symlink
2017-05-27 22:33:39 <Shiz> right
2017-05-27 22:34:04 <skarnet> it wouldn't be different, but you have to make it explicit if you subdir the versions
2017-05-27 22:34:26 <Shiz> my own primary reason for version subdirs is so that it's easy to reliably partition off certain packages
2017-05-27 22:34:37 <Shiz> as the dirname won't change :P
2017-05-27 22:35:01 <skarnet> that's a good argument, I'm not opposed to subdirs as long as there's a default symlink
2017-05-27 22:35:47 <Shiz> yeah
2017-05-27 22:36:22 <kaniini> pkgdir stuff wont happen in 2.8
2017-05-27 22:36:29 <kaniini> i'm mainly interested in
2017-05-27 22:36:34 <kaniini> apk gen/apk extract
2017-05-27 22:36:46 <skarnet> I like the relocation database idea, it would be diversions done right
2017-05-27 22:36:56 <kaniini> yes
2017-05-27 23:34:03 <Shiz> managed to compile a fair bit now
2017-05-27 23:34:08 <Shiz> next stop: cross-compiling llvm and clang
2017-05-27 23:36:12 <skarnet> not sure your regular chicken blood will be enough for that, and I told you small child blood is expensive to get
2017-05-28 00:30:57 <^7heo> Not if you get some refugee one in the US
2017-05-28 01:41:34 <Shiz> LLVM cross-compiled!
2017-05-28 02:13:10 <skarnet> where did you get the child blood?
2017-05-28 02:25:33 <Shiz> it was on discount
2017-05-28 04:14:44 <trfl> I've noticed on one of my laptops that xfce4-terminal seems to have a memory leak. Over time, and regardless of whether the terminal is idle or not, the memory usage gradually increases infinitely. Any idea how this could be debugged?
2017-05-28 04:15:40 <trfl> additionally, if the terminals are launched with --disable-server, the total memory leaked is the same as if all the terminals shared the same process, however then memory is not freed until all terminals have exited
2017-05-28 05:28:57 <kaniini> trfl: it is possible.  do you observe it also with gnome-terminal?
2017-05-28 05:29:26 <trfl> I'll install it and leave it open, but it'll take 4-6 hours until we know :>
2017-05-28 05:30:31 <trfl> on second thought, alpine doesn't have gnome-terminal... :p
2017-05-28 05:33:07 <trfl> installed urxvt and mate-terminal, I'll leave those open for a while!
2017-05-28 05:34:49 <trfl> looks like it only affects xfce4-terminal, judging by all the other terminals sitting at 0% cpu load however xfce4-terminal is idling at 17%
2017-05-28 05:37:56 <kaniini> cpu usage may not mean anythin
2017-05-28 05:37:57 <kaniini> g
2017-05-28 05:49:22 <Shiz> woot
2017-05-28 05:49:29 <Shiz> thanks algitbot
2017-05-28 05:51:10 <Shiz> anyway
2017-05-28 05:51:21 <Shiz> we have an alpine clang+compiler-rt+libc++ bootstrap
2017-05-28 05:51:23 <Shiz> cc kaniini
2017-05-28 05:51:25 <Shiz> :P
2017-05-28 05:53:10 <kaniini> sick
2017-05-28 05:53:20 <kaniini> now rebuild the entire distro and lets see how broken it is ;)
2017-05-28 05:53:40 <Shiz> to be honest, the most problematic packages were... the LLVM ones
2017-05-28 05:53:54 <Shiz> a few outliers aside, everything went smoothly once i figured out how to bootstrap/fix those
2017-05-28 05:54:04 <Shiz> (said outliers being like... go :P)
2017-05-28 07:00:02 <tmh1999> I am booting alpine in a using qemu/kvm. rc-service start networking throws me  * Starting networking ...awk: out of memory    * ERROR: networking failed to start . What should it be the cause ?
2017-05-28 07:00:41 <tmh1999> kvm option is -m 2048 which is sufficient memory I guess
2017-05-28 07:12:43 <trfl> regarding my xfce4-terminal memory leak, looks like that's the only affected terminal. There's heavy communication between the terminal process and another process called gmain on file descriptor 3 (a unix socket), about 200 KB/s of binary data, in case that might help track it down
2017-05-28 08:54:13 <clandmeter> Shiz, excuse my ignorance, what are you trying to achieve and what are the benefits regarding your work with llvm?
2017-05-28 08:55:06 <clandmeter> Going to the beach now so will read your reply later.
2017-05-28 09:31:35 <^7heo> clandmeter: not depending on gcc.
2017-05-28 09:32:25 <^7heo> basically the same benefits as those listed under "using musl" in ncopa's FOSDEM presentation
2017-05-28 09:33:18 <^7heo> (correcting code, improving portability, etc)
2017-05-28 22:25:28 <kaniini> clandmeter: eventually we want to compile all packages with Control Flow Integrity support (which is kind of like the grsecurity RAP stuff except for userspace)
2017-05-28 22:25:57 <kaniini> clandmeter: CFI is in clang, not in gcc, so we need to evaluate using clang as system compiler to achieve that goal
2017-05-29 00:37:43 <kaniini> tmh1999: what does your /etc/network/interfaces look like
2017-05-29 01:59:41 <tmh1999> kaniini : it has lo and eth0. currently I just replace awk line with a block of code doing the same purpose. not a big deal now. Trying to setup the KVM network interface so the VM in KVM can have internet access.
2017-05-29 02:02:33 <tmh1999> *awk line in /etc/init.d/networking
2017-05-29 02:03:11 <tmh1999> https://git.alpinelinux.org/cgit/aports/tree/main/openrc/networking.initd#n26
2017-05-29 03:44:01 <kaniini> tmh1999: which awk do you have installed ?
2017-05-29 03:44:27 <tmh1999> kaniini : um.. probably default
2017-05-29 03:45:07 <kaniini> awk --help
2017-05-29 03:46:04 <tmh1999> on the go, I will be back on my machine tmr :D Thank you
2017-05-29 07:24:30 <clandmeter> Shiz, any comment regarding my question?
2017-05-29 07:25:40 <fcolista> hi all
2017-05-29 07:25:45 <fcolista> any hint on this issue?
2017-05-29 07:26:03 <fcolista> crc32table.h:11:18: error: initializer element is not constant
2017-05-29 07:26:03 <fcolista>  # define tobe(x) ((uint32_t)__bswap_constant_32(x))
2017-05-29 07:26:31 <fcolista> the code portion is:
2017-05-29 07:26:32 <fcolista> https://github.com/jjzhang/ocfs2-tools/blob/master/libocfs2/crc32table.h
2017-05-29 07:27:31 <Shiz> clandmeter: yeah, couple of reasons
2017-05-29 07:27:34 <fcolista> it complains on the first parenthesis of uint32_t
2017-05-29 07:27:34 <fcolista> crc32table.h:11:18: error: initializer element is not constant
2017-05-29 07:27:34 <fcolista>  # define tobe(x) ((uint32_t)__bswap_constant_32(x))
2017-05-29 07:27:34 <fcolista>                   ^
2017-05-29 07:33:59 <^7heo> showing that via IRC isn't the best idea. it currently shows me the error on the _ between bswap and constant
2017-05-29 07:34:07 <^7heo> because wordwrapping
2017-05-29 07:34:27 <Shiz> sorry, doing a few tthings at once again
2017-05-29 07:34:38 <Shiz> fcolista: that sounds like a compiler bug
2017-05-29 07:34:42 <Shiz> fcolista: what package?
2017-05-29 07:34:56 <Shiz> fcolista: an easy fix is just doing a manual endian swap
2017-05-29 07:35:00 <Shiz> if you remember how to :)
2017-05-29 07:35:30 <Shiz> fcolista: or try replacing it with
2017-05-29 07:35:34 <Shiz> __builtin_bswap32
2017-05-29 07:36:53 <Shiz> clandmeter: so like i said, a couple of reasons
2017-05-29 07:37:07 <Shiz> 1) less dependency on GNU, and multiple system compilers helps with catching bugs
2017-05-29 07:37:25 <Shiz> 2) development wise, clang is far more active and likely the way forward in terms of development power put into it
2017-05-29 07:37:42 <Shiz> 3) security features like CFI and UBSan which are not in gcc
2017-05-29 07:37:53 <^7heo> pretty much what ncopa said about musl
2017-05-29 07:38:04 <^7heo> aside the implementation details
2017-05-29 07:39:16 <clandmeter> Thx guys
2017-05-29 07:39:52 <Shiz> there's also a kernel hardening aspect
2017-05-29 07:40:23 <Shiz> with grsecurity not in the picture for most people anymore, it's mostly up to big companies like google (sadly) to start fixing up security measures for linux
2017-05-29 07:40:25 <Shiz> and well
2017-05-29 07:40:34 <Shiz> companies like google use clang to compile the kernel
2017-05-29 07:40:42 <Shiz> they're not going to write gcc plugins anymore like grsec did
2017-05-29 07:40:49 <Shiz> they'd write clang plugins :P
2017-05-29 07:41:39 <^7heo> what did those plugins do?
2017-05-29 07:41:47 <fcolista> Shiz, it's ocfs2-tools
2017-05-29 07:42:00 <Shiz> i think __builtin_bswap32 should work
2017-05-29 07:42:16 <Shiz> ^7heo: support for PaX's RAP feature, constifying structures, randomizing structures, some other stuff
2017-05-29 07:42:34 <fcolista> Shiz, this is the code:
2017-05-29 07:42:34 <fcolista> https://github.com/jjzhang/ocfs2-tools/blob/master/libocfs2/crc32table.h
2017-05-29 07:42:59 <fcolista> it defines or LITTLE_ENDIAN or BIG_ENDIAN
2017-05-29 07:43:19 <^7heo> Shiz: I see. Thanks
2017-05-29 07:43:21 <xentec> also Shiz: 4) easier cross-compiling
2017-05-29 07:43:25 <Shiz> xentec: nah
2017-05-29 07:43:34 <Shiz> at least cross-compiling for bootstrapping is a pain in the ass
2017-05-29 07:43:36 <Shiz> :P
2017-05-29 07:44:02 <fcolista> i'll patch that from ((uint32_t)__bswap_constant_32(x)) to __builtin__bswap_constant_32(x) then?
2017-05-29 07:44:18 <Shiz> __builtin_bswap32
2017-05-29 07:44:22 <Shiz> no _constant_ there
2017-05-29 07:44:24 <Shiz> :P
2017-05-29 07:45:11 <xentec> Shiz: wouldn't clang (as system cc) with lld support all alpine archs and only require --target to cross-compile?
2017-05-29 07:45:11 <fcolista> oh ok
2017-05-29 07:45:32 <^7heo> fcolista: what if you cast it to 'const uint32'?
2017-05-29 07:45:47 <Shiz> ^7heo: won't work
2017-05-29 07:45:55 <^7heo> Shiz: why?
2017-05-29 07:46:07 <fcolista> so from this: ((uint32_t)__bswap_constant_32(x) to ((uint32_t)__builtin_bswap32(x)
2017-05-29 07:46:12 <Shiz> fcolista: yes
2017-05-29 07:46:24 <Shiz> ^7heo: because the error is that the compiler can't compute the value at compile-time
2017-05-29 07:46:34 <Shiz> not that the return value is a const uint32, which is not meaningfully differet from uint32
2017-05-29 07:46:36 <Shiz> :P
2017-05-29 07:47:05 <^7heo> from what I can read, it's that the compiler does not find a const value
2017-05-29 07:47:10 <fcolista> Shiz, thx
2017-05-29 07:47:17 <^7heo> and that a check failes
2017-05-29 07:47:17 <fcolista> i'm trying and let you know
2017-05-29 07:47:21 <^7heo> failed*
2017-05-29 07:47:35 <^7heo> but yeah I'd have to try to be sure.
2017-05-29 07:47:44 <^7heo> I'm no gcc guru
2017-05-29 07:47:50 <Shiz> no
2017-05-29 07:47:55 <Shiz> it's that the initializer isn't constant
2017-05-29 07:48:00 <Shiz> which is different from a 'const value'
2017-05-29 07:48:01 <^7heo> yes
2017-05-29 07:48:02 <Shiz> :)
2017-05-29 07:48:11 <Shiz> const is a C keyword with very specific meaning
2017-05-29 07:48:24 <Shiz> in this case constant means 'i cant determine this at compile time'
2017-05-29 07:48:32 <Shiz> (since it's being embedded in a static table)
2017-05-29 07:48:37 <^7heo> well, since I don't see where the initializer is used, I can't tell
2017-05-29 07:48:44 <Shiz> a few lines below
2017-05-29 07:48:48 <Shiz> in the file fcolista linked
2017-05-29 07:49:01 <^7heo> ah he linked something?
2017-05-29 07:49:44 <fcolista> ^7heo, : https://github.com/jjzhang/ocfs2-tools/blob/master/libocfs2/crc32table.h
2017-05-29 07:50:36 <^7heo> yeah got it now
2017-05-29 07:50:41 <fcolista>                     ^~~~
2017-05-29 07:50:41 <fcolista> crc32table.h:11:18: error: initializer element is not constant
2017-05-29 07:50:41 <fcolista>  # define tobe(x) ((uint32_t)__builtin_bswap_32(x))
2017-05-29 07:50:41 <fcolista>                   ^
2017-05-29 07:50:52 <fcolista> Shiz, pathc applied
2017-05-29 07:50:54 <Shiz> bswap32
2017-05-29 07:50:57 <Shiz> not bswap_32
2017-05-29 07:51:02 <fcolista> omg..
2017-05-29 07:51:04 <^7heo> :p
2017-05-29 07:51:06 <fcolista> stupid me
2017-05-29 07:51:07 <fcolista> sorry
2017-05-29 07:51:57 <^7heo> Shiz: from what I gathered, 'const' is mainly for compiler checks
2017-05-29 07:52:09 <fcolista> Shiz, good
2017-05-29 07:52:14 <clandmeter> Too much grappa
2017-05-29 07:52:24 <^7heo> not yet
2017-05-29 07:52:28 <fcolista> that part works.
2017-05-29 07:52:35 <Shiz> brb
2017-05-29 07:52:43 <^7heo> to put grappa in coffe you need coffee first
2017-05-29 07:54:48 <clandmeter> I already had my Italian coffee. It's a bit too early for grappa (if you even like that stuff)
2017-05-29 08:01:40 <fcolista> include/strings.h:37:1: error: unknown type name 'errcode_t'
2017-05-29 08:01:40 <fcolista>  errcode_t o2fsck_strings_insert(o2fsck_strings *strings, char *string,
2017-05-29 08:01:41 <fcolista>  ^~~~~~~~~
2017-05-29 08:01:43 <fcolista> sorry
2017-05-29 08:01:47 <fcolista> wrong paste
2017-05-29 08:59:58 <fcolista> I'm looking at http://bugs.alpinelinux.org/issues/7336
2017-05-29 09:01:26 <fcolista> in order to avoid that mosh-server installs mosh-client, it's enough specify depends="" ?
2017-05-29 09:02:48 <fcolista> why if i add mosh-client, mosh-server is not installed, while if i install mosh-server, mosh-client is installed?
2017-05-29 09:05:14 <lxGzx53qO34r> ^7heo: most importantly the rap implementation is a gcc plugin, but also int overflows have been handled with a plugin, more info here https://pax.grsecurity.net/docs/PaXTeam-H2HC13-PaX-gcc-plugins.pdf
2017-05-29 09:15:34 <^7heo> lxGzx53qO34r: thanks.
2017-05-29 11:08:16 <awilfox> ah yes, the alpine vanilla 3.6 iso, with just enough "-ash: vgchange: not found" and "lvm: applet not found" to be completely useless in fixing my initramfs :)
2017-05-29 11:08:57 <awilfox> let's try extended iso
2017-05-29 11:12:58 <awilfox> nope!  but at least it worked enough to let me `apk add lvm2` while booted in the iso environment
2017-05-29 11:13:09 <awilfox> good thing this machine has network that does not need non-free drivers
2017-05-29 11:50:11 <clandmeter> 3.6 vanilla iso does not have lvm2?
2017-05-29 12:57:14 <rnalrd> clandmeter to=<patches@patchwork.alpinelinux.org>, relay=none, delay=420386, delays=420356/0.01/30/0, dsn=4.4.1, status=deferred (connect to patchwork.alpinelinux.org[88.159.20.184]:25: Operation timed out)
2017-05-29 12:57:22 <rnalrd> are you able to fix it? ^^^^
2017-05-29 13:20:54 <ncopa> rnalrd: i fixed the dnat rule for patchwork.alpinelinux.org. should work now
2017-05-29 13:57:24 <blueness> ncopa: ping
2017-05-29 13:57:25 <blueness> ncopa: we have a common problem with respect to grsecurity, we should chat
2017-05-29 14:01:16 <ncopa> blueness: pong
2017-05-29 14:01:30 <ncopa> blueness: where do you want to chat?
2017-05-29 14:01:37 <blueness> we can chat here
2017-05-29 14:01:42 <ncopa> ok
2017-05-29 14:01:50 <ncopa> you are from gentoo, arent you?
2017-05-29 14:01:53 <blueness> so what is alpine's plans wrt grsecurity
2017-05-29 14:02:25 <skarnet> you want kaniini to be part of this conversation too
2017-05-29 14:03:03 <ncopa> the current plan is to support the current 4.9 kernel with unofficial port of grsec
2017-05-29 14:03:09 <blueness> yes i do hardened gentoo and gentoo+musl and gentoo+uclibc
2017-05-29 14:03:17 <blueness> that's doable, but after that?
2017-05-29 14:03:33 <ncopa> we wait and see
2017-05-29 14:03:50 <ncopa> spender talked about releasing testing patch regularilly
2017-05-29 14:03:57 <blueness> okay here's a suggestion, it may be possible to maintain just the pax patch
2017-05-29 14:04:03 <ncopa> but didnt want to promise anything
2017-05-29 14:04:11 <blueness> but its a lot of work
2017-05-29 14:04:15 <ncopa> so he didnt mention it in the public statement
2017-05-29 14:04:19 <^7heo> do you want me to ask strcat to join the chat?
2017-05-29 14:04:42 <ncopa> i think fewer participants is better at this point
2017-05-29 14:04:47 <^7heo> maybe.
2017-05-29 14:05:06 <blueness> well i got my answers, wait and see
2017-05-29 14:05:09 <^7heo> it's just that he also has wishes and plans for grsec afaik
2017-05-29 14:05:11 <^7heo> but mostly for ARM
2017-05-29 14:05:42 <blueness> we can't however, depend on spengler and pipacs anymore, this was too disruptive for use in gentoo
2017-05-29 14:06:10 <blueness> i spent a lot of time working on getting end-to-end xattr support in our package management system
2017-05-29 14:06:22 <blueness> for xattr pax
2017-05-29 14:06:37 <blueness> and i did a lot of the preliminary work in getting xattr pax into the kernel
2017-05-29 14:06:50 <blueness> and now all that machinary is just sitting there dangling
2017-05-29 14:07:16 <blueness> i'm not interested being dependant on a volitile team like grsecurity anymore
2017-05-29 14:07:30 <ncopa> i understand that
2017-05-29 14:07:33 <skarnet> I think that's the general feeling around here too
2017-05-29 14:07:56 <ncopa> what are the options?
2017-05-29 14:08:14 <blueness> try to maintain just pax patch might be possible
2017-05-29 14:08:30 <ncopa> i stil think it iwill be difficult to jump major kernel version
2017-05-29 14:08:31 <skarnet> kaniini spent a good deal of time thinking about this, you really may want his input here
2017-05-29 14:08:50 <ncopa> kaniini tried to split up the pax patch to keep it separate
2017-05-29 14:08:53 <ncopa> but i think he gave up
2017-05-29 14:09:03 <blueness> ncopa: it would be difficult to make sure we don't miss anything
2017-05-29 14:09:24 <ncopa> i have maintained unofficial patch for a while, and i know that upgrading major kernel version is non-trivial
2017-05-29 14:09:30 <blueness> okay i should probably speak to kaniini before trying myself
2017-05-29 14:09:36 <ncopa> and i would personally not even want to try
2017-05-29 14:10:09 <blueness> whoever gets involved can expect this to be his full time job, but it would save the project
2017-05-29 14:10:24 <blueness> also, it might entice pipacs and spengler to reopen their stuff
2017-05-29 14:10:49 <ncopa> im hoping they will release the testing patch once in a while
2017-05-29 14:11:27 <blueness> why woudl they, they've even kicked us from #grsecurity
2017-05-29 14:11:43 <blueness> sounds to me like they've said fu to the community
2017-05-29 14:11:45 <ncopa> "just to keep people away from KSPP"
2017-05-29 14:11:55 <ncopa> and
2017-05-29 14:12:04 <ncopa> "just to prove that its not possible to maintain a community fork"
2017-05-29 14:12:20 <ncopa> those have been the reasons they have mentioned
2017-05-29 14:12:30 <kaniini> it's not possible because they made it impossible
2017-05-29 14:12:43 <kaniini> through monolithic invasive patching
2017-05-29 14:12:50 <ncopa> yes
2017-05-29 14:13:10 <blueness> maybe
2017-05-29 14:13:11 <blueness> kaniini: how far did you get?
2017-05-29 14:14:10 <ncopa> blueness: do you have patches for 3rd party modules?
2017-05-29 14:14:19 <kaniini> far enough to know i am going back to bed with my phone on silent this time
2017-05-29 14:14:20 <ncopa> to work with (unofficial) grsec
2017-05-29 14:14:23 <blueness> ncopa: nope
2017-05-29 14:14:39 <ncopa> blueness: i did spl and zfs only
2017-05-29 14:14:53 <ncopa> they work with 4.9
2017-05-29 14:15:00 <blueness> kaniini: okay so you gave it a serious go and its too much
2017-05-29 14:15:42 <ncopa> pipacs wrote about the kspp, that they picked a patch for older kernel, and added it to newer
2017-05-29 14:15:44 <ncopa> and messed up
2017-05-29 14:15:55 <ncopa> and kspp complained about bugs in pax
2017-05-29 14:16:09 <blueness> i saw that post
2017-05-29 14:16:18 <skarnet> this drama is better than Netflix
2017-05-29 14:16:53 <ncopa> i think that part kind of shows that porting pax to newer major kernels is non-trivial
2017-05-29 14:17:22 <ncopa> the drama itself is good enough reason to avoid grsecurity
2017-05-29 14:17:27 <kaniini> have you people considered that pax
2017-05-29 14:17:35 <kaniini> legitimately has bugs
2017-05-29 14:17:43 <kaniini> like we have reported pax bugs before
2017-05-29 14:17:44 <ncopa> yes
2017-05-29 14:18:06 <ncopa> they have had some
2017-05-29 14:18:58 <kaniini> blueness: some parts are easy
2017-05-29 14:19:15 <kaniini> blueness: the parts that people want in 2017: not so much
2017-05-29 14:19:51 <blueness> kaniini: k
2017-05-29 14:21:25 <^7heo> < blueness> sounds to me like they've said fu to the community
2017-05-29 14:21:26 <^7heo> I guess that being in a position of power makes you able to do so.
2017-05-29 14:21:46 <^7heo> And they wouldn't be in such a powerful position if the community didn't 100% rely ONLY on them for years.
2017-05-29 14:21:49 <^7heo> so...
2017-05-29 14:24:34 <kaniini> what ^7heo said really
2017-05-29 14:24:56 <kaniini> i rather spend my time supporting viable efforts such as clang as system compiler
2017-05-29 14:25:21 <^7heo> strcat says that he could use the help of people knowing the clang backend
2017-05-29 14:25:28 <^7heo> in his linux-hardened project.
2017-05-29 14:25:32 <^7heo> s/says/said/
2017-05-29 14:26:05 <^7heo> I guess that such a person would also be able to implement a lot of security features in other archs too.
2017-05-29 14:26:09 <skarnet> Shiz, kaniini: are we more or less set on /pkg for the non-FHS place to put Alpine packages into?
2017-05-29 14:26:14 <^7heo> (since he's mostly interested in arm, as I said)
2017-05-29 14:33:03 <Shiz> blueness: so here's my perspective on this as someone who has spent a bit of time on it
2017-05-29 14:33:15 <Shiz> 1) PaX and grsecurity are both monolithic and short-term unmaintanable as is
2017-05-29 14:33:33 <Shiz> they are massively complex and hard to understand, especially for just a few people who are not intimately familiar with their internals
2017-05-29 14:33:43 <Shiz> and they touch about every area of the kernel
2017-05-29 14:33:48 <Shiz> not just grsec, but PaX itself too
2017-05-29 14:34:13 <Shiz> as such, I don't think it's viable right now for distros to try and forward-port even just PaX to new major kernel versions
2017-05-29 14:34:17 <blueness> Shiz: obviously we'd have to separate that out if we wanted to maintain it
2017-05-29 14:34:26 <Shiz> yes, but PaX on its own is huge
2017-05-29 14:34:37 <Shiz> the part of grsec that isn't PaX is actually somewhat small in comparison
2017-05-29 14:34:39 <Shiz> (still big, mind you)
2017-05-29 14:35:03 <Shiz> a wholly unscientific size comparison:
2017-05-29 14:35:11 <Shiz> grsec total is about 9mb
2017-05-29 14:35:17 <Shiz> pax split up from that is ~7.7mb
2017-05-29 14:35:23 <Shiz> it touches EVERYTHING
2017-05-29 14:35:24 <blueness> god!
2017-05-29 14:36:21 <royger> port the openbsd kernel, it's going to be easier :P
2017-05-29 14:36:38 <^7heo> any BSD would be easier.
2017-05-29 14:36:43 <Shiz> blueness: so i started up a repo with the effort of splitting pax into smaller, more viable things
2017-05-29 14:36:47 <^7heo> but unfortunately it lacks the drivers.
2017-05-29 14:37:00 <Shiz> so people can learn from it and maybe in time a community-maintained hardened kernel project can spring up
2017-05-29 14:37:07 <Shiz> and that seems to be happening with strcat's linux-hardened
2017-05-29 14:37:21 <Shiz> even though it's not perfect and we have to wait and see how good it will turn out, I sadly think it is the best option for hardened distros right now
2017-05-29 14:37:22 <Shiz> personally
2017-05-29 14:37:37 <^7heo> Shiz: but strcat's tree is aimed at arm only.
2017-05-29 14:37:38 <Shiz> the sad reality is that PaX is too complicated and involved to maintain for a couple of distro maintainers like you and me
2017-05-29 14:37:38 <skarnet> not sure I want anything "hardened" by a person naming themselves "strcat"
2017-05-29 14:37:42 <Shiz> ^7heo: it is not
2017-05-29 14:37:52 <^7heo> Shiz: I mean, he told me he would focus only on ARM
2017-05-29 14:38:00 <Shiz> him personally eys
2017-05-29 14:38:03 <^7heo> Shiz: but that he implemented stuff for any arch
2017-05-29 14:38:04 <Shiz> but there's more contributors to that project/repo
2017-05-29 14:38:05 <^7heo> anyway.
2017-05-29 14:38:09 <^7heo> ah right
2017-05-29 14:38:10 <Shiz> than strcat
2017-05-29 14:40:26 <Shiz> kaniini: speaking of system clang, i just finished splitting up my commits
2017-05-29 14:40:35 <Shiz> they could use a bit more refinement, but it's an initial patch series at least
2017-05-29 14:40:42 <Shiz> gonna push them to github right about... now
2017-05-29 14:40:51 <xentec> \o/
2017-05-29 14:41:02 <xentec> oke
2017-05-29 14:41:10 <xentec> wrong chat damn it
2017-05-29 14:41:27 <^7heo> happens to the best of us.
2017-05-29 14:42:18 <xentec> more like broken autofocus
2017-05-29 14:42:30 <Shiz> my patches also touch abuild
2017-05-29 14:42:32 <Shiz> heh
2017-05-29 14:43:16 <skarnet> Shiz: can you please confirm we'll use /pkg for the optional non-FHS place to install stuff?
2017-05-29 14:43:32 <skarnet> as in /pkg/$foobar/$version ?
2017-05-29 14:44:21 <Shiz> i don't think it's been fleshed out yet, but that is my current preference yes
2017-05-29 14:44:26 <Shiz> any reason you need confirmation? :P
2017-05-29 14:44:57 <skarnet> immediate application for a project I'm working on
2017-05-29 14:45:18 <skarnet> and that absolutely wants to have its own dir because reasons
2017-05-29 14:47:25 <Shiz> well if it's up to me, yes -- but it's not at my sole discretion to make
2017-05-29 14:48:17 <skarnet> ok, thanks. I'll use that as a working hypothesis.
2017-05-29 14:54:56 <Shiz> https://github.com/Shizmob/aports/commits/system-llvm
2017-05-29 15:01:01 <^7heo> is there a way to find the best header for a combination of things?
2017-05-29 15:01:13 <Shiz> hm?
2017-05-29 15:01:22 <^7heo> for instance: I want the "best" header for defining NULL and size_t
2017-05-29 15:01:28 <jirutka> <awilfox>: "ah yes, the alpine vanilla 3.6 iso, with just enough "-ash: vgchange: not found" and "lvm: applet not found" to be completely useless in fixing my initramfs :)" – yeah, I’ve complained some time ago that our ISOs are quite useless, b/c it does not ship even very essential packages like e2fsprogs and someone told me that ”it’s by design”… :/
2017-05-29 15:01:28 <^7heo> there are multiple headers that match.
2017-05-29 15:01:39 <^7heo> 1. how do I list them all without a complicated grep
2017-05-29 15:01:46 <^7heo> 2. how do I chose which is the "best" one?
2017-05-29 15:01:53 <^7heo> 3. does that even matter?
2017-05-29 15:01:57 <skarnet> 3. no
2017-05-29 15:01:59 <^7heo> huhu
2017-05-29 15:02:01 <^7heo> thanks.
2017-05-29 15:02:50 <skarnet> 2. for NULL and size_t, it's stddef.h. Generally, but exceptions are numerous, there's a "canonical" header that defines some type or macro
2017-05-29 15:03:05 <^7heo> I used string.h
2017-05-29 15:03:09 <skarnet> and you want to include that one, but there are also multiple inclusions mandated by POSIX
2017-05-29 15:03:20 <skarnet> that's fine
2017-05-29 15:03:37 <skarnet> string.h is canonical if you want to use stuff such as strcmp() or memmove()
2017-05-29 15:04:28 <skarnet> if you want to do things "right" and "beautifully", you need to look at POSIX and get a feel for what header relates to what
2017-05-29 15:05:30 <skarnet> but as a first step, don't worry about that, grab any header that defines what you want
2017-05-29 15:05:38 <skarnet> you can refine later
2017-05-29 15:06:49 <^7heo> yeah ok
2017-05-29 15:06:52 <^7heo> Thanks ;)
2017-05-29 15:11:40 <Shiz> https://github.com/Shizmob/abuild/commits/system-llvm
2017-05-29 15:11:47 <Shiz> and the needed abuild commits
2017-05-29 15:14:05 <Shiz> jirutka: you may be interested in the above two branches ;p
2017-05-29 15:14:14 <Shiz> i need to refine the commits, add comments and rationales etc
2017-05-29 15:14:35 <Shiz> but this worked for me in getting most of an LLVM system setup through aports scripts/bootstrap.sh
2017-05-29 15:14:38 <Shiz> minus ghc and the kernel
2017-05-29 15:34:51 <ammunta> does the kernel not build
2017-05-29 15:36:17 <Shiz> not with llvm, no
2017-05-29 15:46:34 <^7heo> The kernel historically only built on gcc, right?
2017-05-29 15:52:23 <ncopa> how do we solve the  list of architectures: http://wwwtest.alpinelinux.org/downloads/
2017-05-29 15:53:06 <ncopa> when you download an alpine release, you first select flavor (Eg standard/extended/vanilla/...) and then you select arch?
2017-05-29 15:53:21 <ncopa> or do you select arch first and then flavor?
2017-05-29 15:53:24 <Shiz> hmm
2017-05-29 15:53:35 <Shiz> flavor->arch makes more sense from an UX perspective
2017-05-29 15:53:37 <Shiz> but
2017-05-29 15:53:40 <Shiz> not all archs have every flavour
2017-05-29 15:53:55 <Shiz> ^7heo: yes
2017-05-29 15:54:03 <Shiz> there's the llvmlinux project to remedy this but it's somewhat dead now it seems
2017-05-29 15:54:09 <Shiz> although most of their patches are upstream
2017-05-29 15:54:38 <_ikke_> I also agree with flavor->arch
2017-05-29 15:54:48 <ncopa> ok good, thats a start
2017-05-29 15:55:12 <^7heo> definitely flavor arch/
2017-05-29 15:55:18 <^7heo> s/\//./
2017-05-29 15:55:22 <ncopa> i wonder if we should have a dropdown box for arch?
2017-05-29 15:55:30 <ncopa> or if we should have a separate page for each flavor?
2017-05-29 15:55:35 <^7heo> that means it's then arch -> flavor.
2017-05-29 15:55:35 <ncopa> or something else?
2017-05-29 15:55:58 <^7heo> dropboxes come first, UI wise.
2017-05-29 15:56:02 <^7heo> because they act as a filter.
2017-05-29 15:56:18 <^7heo> s/boxes/downs/
2017-05-29 15:56:26 <ncopa> do we want dropdownbox at all is my question
2017-05-29 15:56:55 <^7heo> well if so, it should be with the flavor.
2017-05-29 15:56:57 <^7heo> not the arch.
2017-05-29 15:57:03 <clandmeter> Yes css Dropbox
2017-05-29 15:57:14 <^7heo> clandmeter: dropboxes are HTML actually.
2017-05-29 15:57:27 <Shiz> ^7heo: i think an additional dropbox next to the listing is intended
2017-05-29 15:57:33 <Shiz> not primary before showing the listing
2017-05-29 15:57:50 <^7heo> Shiz: I see.
2017-05-29 15:58:00 <^7heo> I fear that it's gonna be confusing tho.
2017-05-29 15:58:10 <^7heo> because most people are just gonna assume 'their arch'
2017-05-29 15:58:19 <^7heo> which might be possible since we have the useragent
2017-05-29 15:59:53 <Shiz> ?
2017-05-29 16:02:21 <skarnet> Is it possible to make abuild build a package from a git version, without first performing git snapshot + upload + redownload of the snapshot ?
2017-05-29 16:02:34 <skarnet> um, abuild snapshot*
2017-05-29 16:06:40 <skarnet> anyone?
2017-05-29 16:07:08 <^7heo> skarnet: I do not understand the question: what is a git snapshot?
2017-05-29 16:07:24 <skarnet> <skarnet>um, abuild snapshot*
2017-05-29 16:07:31 <^7heo> ah sory
2017-05-29 16:07:33 <^7heo> sorry*
2017-05-29 16:07:50 <clandmeter> skarnet, sure, just checkout any repo in prepare
2017-05-29 16:08:06 <^7heo> skarnet: abuild -r
2017-05-29 16:08:12 <^7heo> skarnet: or?
2017-05-29 16:08:22 <scadu> ^7heo: wut
2017-05-29 16:08:29 <^7heo> scadu: wat wut?
2017-05-29 16:08:33 <clandmeter> but we dont have any git magic in abuild
2017-05-29 16:08:40 <skarnet> clandmeter: ok, so I need to prepare() by hand
2017-05-29 16:08:44 <scadu> ^7heo: vodka
2017-05-29 16:08:50 <skarnet> can I leave $url empty then?
2017-05-29 16:09:02 <clandmeter> you mean source?
2017-05-29 16:09:04 <^7heo> I have no clue what the question is about.
2017-05-29 16:09:15 <^7heo> I never had to upload anything to build a package...
2017-05-29 16:09:17 <skarnet> ^7heo: cut the noise, please?
2017-05-29 16:09:33 <^7heo> skarnet: how is me trying to understand (and possibly help) noise?
2017-05-29 16:09:34 <^7heo> =/
2017-05-29 16:10:00 <skarnet> because if you can't understand the fucking question, there's no possible way you can help
2017-05-29 16:10:35 <skarnet> clandmeter: uh, yes, source, I guess
2017-05-29 16:11:05 <scadu> iirc you will need to
2017-05-29 16:11:21 <^7heo> tbf I never understood the point of the abuild snapshot. If the source's available, why the heck make a snapshot of it?
2017-05-29 16:11:23 <Shiz>  @clandmeter │ but we dont have any git magic in abuild   <-- just to checkout git repos :P
2017-05-29 16:11:36 <Shiz> ^7heo: because the availability may be spotty or not provide stable tarballs
2017-05-29 16:12:23 <^7heo> ok.
2017-05-29 16:12:44 <^7heo> but doesn't git snapshot require the user to have the rights to upload a snapshot to start with?
2017-05-29 16:13:02 <^7heo> I mean, it's basically the same as me putting the files on my local server, except that locally I have the rights.
2017-05-29 16:13:14 <clandmeter> Grrr WiFi just died on me again.
2017-05-29 16:13:54 <skarnet> clandmeter: prepare() is about applying patches, is there a way for me to basically do a fetch but from a git repo instead of a URL?
2017-05-29 16:14:42 <skarnet> I'll checkout the branch I need in prepare(), but I kinda need the repo to be cloned before prepare()
2017-05-29 16:15:21 <Shiz> skarnet: any specific reason? you can call default_prepare in your prepare() after checking the repo out
2017-05-29 16:15:40 <Shiz> (imo i think snapshot() should provide a file that you can put in source=, if it doesn't right now it should)
2017-05-29 16:15:48 <clandmeter> That's what we do in prepare. You can add it before default_prepair
2017-05-29 16:16:03 <^7heo> in any case, if the point is to snapshot, it's totally possible to snapshot it to localhost and use that in the source=""
2017-05-29 16:16:25 <clandmeter> Sorry I'm on freaking mobile now :|
2017-05-29 16:16:31 <Shiz> but it's not, right now.
2017-05-29 16:16:50 <skarnet> Shiz, clandmeter: my question is about fetching, i.e. is there a "git clone" performed by abuild at some point
2017-05-29 16:16:59 <Shiz> yes
2017-05-29 16:17:01 <skarnet> instead of a wget or curl
2017-05-29 16:17:07 <skarnet> ok, then how can I access it
2017-05-29 16:17:08 <^7heo> Shiz: When Oo
2017-05-29 16:17:26 <skarnet> jeez, am I asking questions in Chinese or what
2017-05-29 16:17:33 <clandmeter> yes, that happens before prepare
2017-05-29 16:17:38 <Shiz> if you call 'abuild snapshot', it will read $giturl from the APKBUILD
2017-05-29 16:17:42 <Shiz> clone the repo
2017-05-29 16:17:46 <clandmeter> which is actually default_prepare
2017-05-29 16:17:49 <Shiz> and tar it up into $pkgname-$pkgver.git
2017-05-29 16:17:51 <Shiz> or something
2017-05-29 16:17:54 <Shiz> .tar.gz
2017-05-29 16:18:08 <Shiz> optionally reporev= in APKBUILD for the revision to checkout
2017-05-29 16:18:29 <skarnet> ok, let me be painfully explicit
2017-05-29 16:18:36 <clandmeter> you could even overide the fetch part i think
2017-05-29 16:18:47 <clandmeter> but i usually just do that stuff in prepare.
2017-05-29 16:18:47 <Shiz> clandmeter: yes by overriding snapshot() :P
2017-05-29 16:19:19 <^7heo> clandmeter: the packages on the repo that I've seen cloning git repos are using the snapshot function for it.
2017-05-29 16:19:29 <^7heo> s/on/in/
2017-05-29 16:19:43 <clandmeter> correct, but that was not skarnet question
2017-05-29 16:19:47 <skarnet> AIUI if I just do "abuild -r" it will only work if the sources are regular URLs, and I need to manually "abuild snapshot" if I want to get sources from a git repo.
2017-05-29 16:19:53 <skarnet> Is my understanding correct?
2017-05-29 16:19:55 <Shiz> yeah
2017-05-29 16:20:19 <Shiz> it's not ideal i'd say
2017-05-29 16:20:26 <^7heo> unless you actually use a local file in source and build that file with prepare/snapshot; right?
2017-05-29 16:20:35 <Shiz> right.
2017-05-29 16:20:36 <^7heo> I never tried if it actually worked, I always assumed it would.
2017-05-29 16:20:51 <Shiz> that would be something like  abuild snapshot && mv src/<thatfile> . and adding <thatfile> to source=
2017-05-29 16:20:55 <Shiz> and running abuild checksum
2017-05-29 16:21:01 <skarnet> ok. Once I've performed "abuild snapshot" and got a local copy, where do I place that copy in order to feed it to the rest of the abuild process so it's as close to a full "abuild -r" as possible?
2017-05-29 16:21:02 <^7heo> the point of making snapshots is then only to get reproducible builds
2017-05-29 16:21:15 <Shiz> skarnet: move it to the same dir as the APKBUILD and add the filename to source=
2017-05-29 16:21:20 <Shiz> and run abuild checksum
2017-05-29 16:21:32 <Shiz> after that, abuild -r should JustWork
2017-05-29 16:21:35 <^7heo> $srcdir I would say?
2017-05-29 16:21:37 <skarnet> yay self-modifying APKBUILDs
2017-05-29 16:21:39 <Shiz> no, not $srcdir
2017-05-29 16:21:54 <^7heo> ah yeah it's creating a link there.
2017-05-29 16:21:58 <^7heo> crap.
2017-05-29 16:22:16 <skarnet> ok, I figured out my workflow now, thanks.
2017-05-29 16:22:25 <Shiz> skarnet: i'd like to fix this someday as it's not great
2017-05-29 16:22:32 <Shiz> but i only knew this whole snapshot business existed like
2017-05-29 16:22:34 <Shiz> two weeks ago
2017-05-29 16:22:36 <Shiz> :p
2017-05-29 16:22:47 <^7heo> Shiz: how would you provide reproducible builds without snapshots?
2017-05-29 16:22:54 <skarnet> hm, next question: can I give a whole directory of stuff to $sources ?
2017-05-29 16:23:07 <Shiz> afaics, no
2017-05-29 16:23:25 <Shiz> if you're feeling daring you could sources="$(find . -type f)" though
2017-05-29 16:23:26 <^7heo> Shiz: and how would you provide snapshots without requiring the rights to upload somewhere?
2017-05-29 16:23:27 <Shiz> :P
2017-05-29 16:23:31 <Shiz> replace . is necessary
2017-05-29 16:23:35 <Shiz> s/is/as/
2017-05-29 16:23:44 <skarnet> so I basically need to tar shit to feed it to abuild
2017-05-29 16:23:57 <Shiz> snapshot() tars it up for you
2017-05-29 16:24:00 <clandmeter> or zip :)
2017-05-29 16:24:21 <skarnet> yeah but I don't want to go through abuild if I'm going to modify the APKBUILD between two invocations
2017-05-29 16:24:35 <Shiz> into $srcdir/$pkgname-$verbase_git.tar.gz
2017-05-29 16:24:41 <Shiz> hmm
2017-05-29 16:24:48 <^7heo> Shiz: wouldn't it be enough just to change snapshot to take a sha1 btw?
2017-05-29 16:24:50 <skarnet> so I'll git clone outside of abuild, make a suitable APKBUILD, and only then call abuild with fully local sources
2017-05-29 16:24:55 <^7heo> Shiz: to make it work without a snapshot...
2017-05-29 16:25:30 <Shiz> skarnet: in that case, yes, source= takes files
2017-05-29 16:25:38 <Shiz> you can use git-archive :P
2017-05-29 16:26:23 <skarnet> good idea, thanks for the pointer
2017-05-29 16:26:26 <Shiz> i don't think adding git:// support to abuild directly is the worst idea, but i've also only ever once seen a package that didn't provide http uris for releases
2017-05-29 16:27:24 <^7heo> all this would be avoided if abuild would know how to work with a RCS repo and a given version.
2017-05-29 16:28:05 <^7heo> Shiz: can you specify a given version in a git:// URL?
2017-05-29 16:28:17 <Shiz> sure, just abuse #
2017-05-29 16:28:37 <^7heo> isn't # part of HTTP?
2017-05-29 16:29:38 <^7heo> Ok HTTP refers to RFC 2396
2017-05-29 16:30:59 <Shiz> its a URI fragment for local processing
2017-05-29 16:31:04 <Shiz> so, exactly what this would be useful for
2017-05-29 16:31:07 <^7heo> yeah I got that part.
2017-05-29 16:31:16 <^7heo> I'm just wondering if git also uses that same RFC
2017-05-29 16:31:56 <Shiz> it doesn't, but that doesn't mean we can't
2017-05-29 16:32:26 <^7heo> Well, that also doesn't mean they can't release a git version that breaks our workflow in XXXXX packages.
2017-05-29 16:32:36 <Shiz> yes it does
2017-05-29 16:32:41 <^7heo> How?
2017-05-29 16:32:41 <Shiz> if we interpret it before passing it to git
2017-05-29 16:32:45 <^7heo> ah.
2017-05-29 16:32:47 <Shiz> remove the fragment
2017-05-29 16:32:51 <^7heo> yeah sure.
2017-05-29 16:32:58 <^7heo> but then if git makes use of that #
2017-05-29 16:33:04 <^7heo> it still breaks our workflow.
2017-05-29 16:33:16 <^7heo> or we have to define a way right from the start to leave it in there.
2017-05-29 16:33:33 <^7heo> (i.e. escape it)
2017-05-29 16:34:30 <^7heo> Another way would be to specify another parameters for git sources
2017-05-29 16:34:37 <^7heo> s/ters/ter/
2017-05-29 16:34:44 <^7heo> i.e. git_source or something
2017-05-29 16:34:53 <^7heo> that way you also can have git_version.
2017-05-29 16:35:02 <^7heo> and that's separated right from the APKBUILD.
2017-05-29 16:35:11 <^7heo> no magic happening in the source= parameter.
2017-05-29 16:35:34 <Shiz> skarnet: anyway, is your use case simply a source that doesn't provide http uris?
2017-05-29 16:36:34 <skarnet> yes.
2017-05-29 16:36:47 <skarnet> because continuous integration, etc.
2017-05-29 16:37:23 <skarnet> also, need to create a package from any branch, any commit, that kind of thing.
2017-05-29 16:38:51 <Shiz> ^7heo: the *point* is that it would be together with the rest in source=
2017-05-29 16:39:28 <^7heo> Shiz: why? It's not processed the same way.
2017-05-29 16:40:03 <^7heo> on the other hand
2017-05-29 16:40:12 <^7heo> we already use pkgver for versions
2017-05-29 16:40:18 <^7heo> we could just pass the sha1 there.
2017-05-29 16:40:29 <^7heo> that would work well.
2017-05-29 16:40:56 <Shiz> sigh
2017-05-29 16:41:10 <Shiz> it *is* processed the same way
2017-05-29 16:41:14 <Shiz> not all sources get wget'd either
2017-05-29 16:41:26 <Shiz> and there is not necessary just a single git repo for every package
2017-05-29 16:41:28 <Shiz> or a single git version
2017-05-29 16:41:37 <^7heo> what I mean is that it's not just read.
2017-05-29 16:42:00 <Shiz> it certainly isn't written to
2017-05-29 16:42:16 <^7heo> well, the real tar.gz *is*
2017-05-29 16:42:24 <Shiz> what real .tar.gz
2017-05-29 16:42:35 <Shiz> there would be no 'real' .tar.gz if there was direct git uri support
2017-05-29 16:42:43 <^7heo> ah you're thinking about that.
2017-05-29 16:42:56 <^7heo> well... that's true.
2017-05-29 16:43:19 <^7heo> I was thinking about a simple way to make it work with the current abuild.
2017-05-29 16:43:32 <Shiz> i'd like for apk to support subdirectory summing actually
2017-05-29 16:43:37 <Shiz> it would solve some issues with cargo as well
2017-05-29 16:43:38 <^7heo> i.e. getting the repo, creating an archive, using that.
2017-05-29 16:43:59 <^7heo> Shiz: you mean, using an entire directory as source?
2017-05-29 16:44:27 <Shiz> not as source, just in checksums=
2017-05-29 16:44:53 <Shiz> things in source= (or the fetch() override) would create those directories
2017-05-29 16:44:57 <^7heo> how would you generate the checksum of a dir?
2017-05-29 16:45:01 <^7heo> cat all the things?
2017-05-29 16:45:04 <^7heo> or tar?
2017-05-29 16:45:12 <Shiz> checksum of a checksum list of the directory
2017-05-29 16:45:16 <Shiz> would be one way
2017-05-29 16:45:19 <^7heo> yeah
2017-05-29 16:45:28 <Shiz> find dir -type f -exec $sum {} \; | $sum -
2017-05-29 16:45:32 <^7heo> yeah yeah
2017-05-29 16:45:37 <^7heo> can get verbose tho
2017-05-29 16:45:52 <Shiz> ?
2017-05-29 16:45:55 <Shiz> it would be a single checksum
2017-05-29 16:46:10 <^7heo> aah `-`
2017-05-29 16:46:13 <^7heo> right.
2017-05-29 16:46:33 <^7heo> but then you're relying on what order find gives you.
2017-05-29 16:46:42 <^7heo> I was thinking about doing the same thing but with a sort in the middle.
2017-05-29 16:47:13 <Shiz> sure
2017-05-29 16:47:17 <^7heo> that way you rely on sort, which is much more reliable than find IMHO
2017-05-29 16:47:37 <^7heo> but yeah that would be a great addition to abuild.
2017-05-29 16:56:56 <ncopa> http://wwwtest.alpinelinux.org/downloads/
2017-05-29 16:57:06 <ncopa> refresh the stylesheet too
2017-05-29 16:57:28 <ncopa> i have modified the script so the flavors comes in a predictable order
2017-05-29 16:57:45 <ncopa> by using lua "array" instead of hashtable
2017-05-29 16:57:51 <skarnet> can a local source for abuild be a non-gzipped .tar ?
2017-05-29 16:58:05 <ncopa> skarnet: yes
2017-05-29 16:58:17 <ncopa> but im not sure it will automatically extract it for you
2017-05-29 16:58:25 <Shiz> it will
2017-05-29 16:58:28 <ncopa> ok
2017-05-29 16:58:34 <skarnet> what stage will? prepare?
2017-05-29 16:58:35 <Shiz> even if it didn't, you can override unpack() to extract it for you
2017-05-29 16:58:38 <Shiz> unpack
2017-05-29 16:58:47 <ncopa> re the downloads page
2017-05-29 16:58:53 <ncopa> i made it 2 columns instead of 3
2017-05-29 16:58:56 <skarnet> where does it unpack it? $srcdir ?
2017-05-29 16:58:58 <ncopa> as a "quickfix"
2017-05-29 16:59:09 <ncopa> yes, under $srcdir
2017-05-29 16:59:12 <skarnet> thanks
2017-05-29 16:59:15 <Shiz> sanitycheck -> builddeps -> clean -> fetch -> unpack -> prepare -> mkusers -> build -> check -> rootpkg -> cleanup
2017-05-29 16:59:18 <Shiz> are the stages
2017-05-29 17:05:22 <ncopa> the ppc64le and s390x release images are there too
2017-05-29 17:05:50 <ncopa> ok nobody is complaining, i think i just push that for production
2017-05-29 17:12:20 <przemoc> looks nice, but maybe putting small sha256 and gpg buttons next to arch download buttons would look even better, because now we have 2 special rows just to hold them
2017-05-29 17:12:49 <ncopa> yes, i agree
2017-05-29 17:29:45 <jirutka> let me introduce you Luapak, the ultimate solution for building standalone, zero-dependencies, possibly statically linked binary for any Lua program! \o/ hello_world dynamically linked with musl is 146 kiB (stripped), statically linked with musl 190 kiB (stripped); https://github.com/jirutka/luapak  /cc ncopa clandmeter
2017-05-29 17:31:20 <skarnet> 190k of overhead doesn't sound too bad indeed :)
2017-05-29 17:31:24 <skarnet> nice job!
2017-05-29 17:31:45 <jirutka> skarnet: yeah, PUC Lua is really very small! :)
2017-05-29 17:32:02 <ncopa> interesting
2017-05-29 17:32:23 <TBB> the snapshot mechanism, now that I just refreshed my memory by re-reading the whole abuild script, seems quite allright to me. I currently have my own wrapper around abuild that runs a part of the command chain Shiz just wrote above to enable "local" builds
2017-05-29 17:32:28 <jirutka> and even when you use LuaJIT for significantly better performance, the resulting size is still not bad (I must laugh really loud when I compare it with Go XD)
2017-05-29 17:32:50 <TBB> -finally- a reason to learn Lua!
2017-05-29 17:33:21 <jirutka> I’m dog fooding, so Luapak is of course built with Luapak :) https://github.com/jirutka/luapak/releases/download/
2017-05-29 17:33:59 <skarnet> please keep a sane bootstrapping process :P
2017-05-29 17:34:48 <Shiz> is there a way to get apk to output just the current installed version of a package?
2017-05-29 17:35:06 <Shiz> ( jirutka ?)
2017-05-29 17:42:19 <TBB> I suppose you need to parse no matter what, but the closest to that would be apk info -v -e pkg, I guess
2017-05-29 18:05:41 <skarnet> Is there a way to tell abuild that it must fetch its makedepends (for abuild -r) from edge, instead of from the current flavor? i.e. a way to tell it to run --repository somethingedgesomething in its apk invocations?
2017-05-29 18:05:48 <skarnet> (don't ask why I want to do that)
2017-05-29 18:06:38 <Shiz> uuuh
2017-05-29 18:07:03 <Shiz> you could uh
2017-05-29 18:07:06 <Shiz> do something like
2017-05-29 18:07:21 <Shiz> SUDO_APK="abuild-apk --repository ..." abuild -r
2017-05-29 18:08:13 <skarnet> thanks for the pointer - I'll see what SUDO_APK does :)  but...
2017-05-29 18:08:25 <skarnet> ... I don't want to do that for all the apks in my makedepends, only 2 of them
2017-05-29 18:08:44 <Shiz> yeah i don't think that's gonna work out :P
2017-05-29 18:08:51 <skarnet> I know it's not supposed to
2017-05-29 18:08:52 <Shiz> you could build them yourself locally?
2017-05-29 18:08:58 <Shiz> it will include your local repo for makedeps
2017-05-29 18:09:03 <Shiz> so if you build from edge yourself
2017-05-29 18:09:20 <Shiz> well by "not gonna work out" I mean "there's no way I know of to get this to work"
2017-05-29 18:09:29 <skarnet> well I can also call apk add myself before calling abuild
2017-05-29 18:09:37 <Shiz> except possibly a tagged repo in /etc/apk/repositories and doing foo@edge as makedepend
2017-05-29 18:09:40 <skarnet> and conveniently omit the packages from makedepends
2017-05-29 18:09:41 <Shiz> that may work
2017-05-29 18:10:00 <skarnet> ah, that's interesting
2017-05-29 18:10:09 <TBB> doesn't work
2017-05-29 18:10:17 <Shiz> doesnt?
2017-05-29 18:10:18 <TBB> tags in deps doesn't, that is
2017-05-29 18:10:25 <skarnet> shame
2017-05-29 18:10:45 <TBB> I ended up writing a wrapper for that as well, since I like doing things in an overly complicated way...
2017-05-29 18:12:29 <skarnet> meh, I was just hoping there was a way to integrate everything into abuild, but it looks like I'll need to do a lot of the ugliness myself
2017-05-29 18:12:51 <ncopa> this download page is tricky
2017-05-29 18:13:29 <ncopa> also, the description is an array with 3 lines
2017-05-29 18:13:36 <Shiz> skarnet: it sounds like you're doing complicated shit
2017-05-29 18:13:38 <Shiz> :P
2017-05-29 18:13:54 <ncopa> i want it to be a single paragraph instead of fixed 3 rows
2017-05-29 18:15:24 <skarnet> Shiz: I am, but I'm getting paid for it so that's ok :P
2017-05-29 18:23:34 <TBB> same thing over here, I work in a restricted environment so I've had to implement lots of silliness just to get things done
2017-05-29 18:24:15 <TBB> gladly I already wrote tools for doing silly things with CentOS so I just added an Alpine library, a couple hundred lines, and Alpine support was included
2017-05-29 18:35:09 <TBB> so basically I can have an extra line for deps residing in tagged repos and my tool catches that, restores a build chroot snapshot, installs those deps and after that builds in the chroot
2017-05-29 18:38:07 <TBB> but then of course, the solution closest to the correct would be to untag edge...
2017-05-29 18:58:59 <ncopa> what do you think about this: http://wwwtest.alpinelinux.org/downloads/
2017-05-29 18:59:11 <ncopa> i think the descriptions should probably be improved
2017-05-29 19:01:31 <scadu> ncopa: buttons for archs different than x86 are broken
2017-05-29 19:01:52 <ncopa> huh?
2017-05-29 19:02:10 <ncopa> they work for me
2017-05-29 19:02:26 <ncopa> did you refresh the css?
2017-05-29 19:02:29 <_ikke_> for me to
2017-05-29 19:02:31 <_ikke_> too
2017-05-29 19:02:35 <scadu> I mean, they are distorted
2017-05-29 19:02:47 <ncopa> shift-ctrl -r
2017-05-29 19:02:52 <scadu> I know ;f
2017-05-29 19:03:20 <ncopa> ok
2017-05-29 19:03:29 <ncopa> i see it now in firefox
2017-05-29 19:03:31 <jirutka> btw assets should be hashed (hash in the name), then there would not be that problem ;)
2017-05-29 19:15:05 <ncopa> ok i think download buttons are fixed
2017-05-29 19:15:57 <scadu> lemme check
2017-05-29 19:16:13 <scadu> ncopa: confirm
2017-05-29 19:22:52 <clandmeter> ncopa, i don't like it
2017-05-29 19:23:43 <clandmeter> I prefer a single do button
2017-05-29 19:23:53 <clandmeter> Dl....
2017-05-29 19:37:09 <clandmeter> ncopa, and why move to a paragraph for selling points?
2017-05-29 19:37:50 <Shiz> i think the selling points really need redoing
2017-05-29 19:38:26 <clandmeter> im not discussing the content, just the layout.
2017-05-29 19:38:52 <clandmeter> if its a selling point, it should be a single line.
2017-05-29 19:39:30 <Shiz> well, i am discussing the content too
2017-05-29 19:39:32 <Shiz> :P
2017-05-29 19:39:47 <clandmeter> sure, go ahead :)
2017-05-29 19:39:53 <clandmeter> i never really liked most of them
2017-05-29 19:40:13 <clandmeter> but nobody at the time gave me alternatives
2017-05-29 19:43:53 <clandmeter> i think a single row of DL/Release shaX GPG would be enough, when you hover/click them it would open a a menu will all arch's
2017-05-29 19:44:25 <clandmeter> this way all flavours would have the same height.
2017-05-29 19:49:31 <Shiz> https://txt.shiz.me/ZTJiYmFjYz
2017-05-29 19:49:42 <Shiz> my proposition for selling poinst (+ changed order)
2017-05-29 19:49:48 <Shiz> only thing I'm struggling with is raspberry pi
2017-05-29 19:51:01 <Shiz> https://txt.shiz.me/MGRlYTEzYj updated
2017-05-29 19:52:14 <clandmeter> why the , and . differences?
2017-05-29 19:54:52 <Shiz> standard gets an extra line because it's the base and two commas would look awkward there
2017-05-29 19:54:54 <Shiz> the rest has no dots?
2017-05-29 19:56:15 <clandmeter> i mean std yes
2017-05-29 19:56:54 <Shiz> although imo generic arm should just be merged with standard
2017-05-29 19:57:01 <Shiz> or vanilla, maybe
2017-05-29 19:57:07 <Shiz> i see no reason for them to be different
2017-05-29 19:57:56 <clandmeter> its not an iso i guess
2017-05-29 20:26:35 <tmh1999> ncopa : I think I get alpine s390x running on KVM. Full virtualization cat /proc/cpuinfo inside KVM the same as in the host. afaik IBM pushed KVM support really good, as good as their mainline virtualization tech (z/VM) which is the original virtualization tech since the 70s
2017-05-29 20:27:12 <tmh1999> I will try to build things, when it is good enough, we might make it the builder :)
2017-05-29 20:27:43 <tmh1999> *I got it runnin
2017-05-29 20:30:42 <jirutka> TemptorSent: kaniini: can we already keep old kernel + modules when upgrading kernel to newer version?
2017-05-29 20:47:46 <kaniini> jirutka: no
2017-05-29 20:48:00 <kaniini> jirutka: the vmlinuz and so on files need to be versioned
2017-05-29 20:48:00 <jirutka> kaniini: what are the blockers?
2017-05-29 20:48:17 <kaniini> jirutka: and the APK itself needs to be versioned in some way (e.g. in the name)
2017-05-29 20:52:13 <jirutka> kaniini: full version number in pkg name is not very nice :/
2017-05-29 20:52:15 <Shiz> kaniini: i've been running into issues with apk not installing build deps properly
2017-05-29 20:52:27 <kaniini> uh oh
2017-05-29 20:52:30 <kaniini> a bug report
2017-05-29 20:52:32 <kaniini> 
ACTION vanishes!

2017-05-29 20:53:18 <Shiz> i have a sneaky suspicion that abuild or apk only install makedepends for the host when they are not installed on builld yet
2017-05-29 20:54:49 <kaniini> honestly the way abuild traces what deps to install is kinda odd
2017-05-29 20:54:52 <kaniini> and yes
2017-05-29 20:54:59 <kaniini> it checks to see what is already there and filters that out
2017-05-29 20:55:44 <Shiz> but
2017-05-29 20:56:03 <Shiz> i want it to install something into the host sysroot, doesn't matter if the build system already has it
2017-05-29 20:56:17 <Shiz> because /usr/lib/zlib.a won't help me when i want ~/sysroot-x86/usr/lib/zlib.a
2017-05-29 20:56:19 <Shiz> :P
2017-05-29 20:57:08 <Shiz> and it's because get_missing_deps only operates on the system apk
2017-05-29 20:57:16 <Shiz> i think?
2017-05-29 20:57:25 <Shiz> gonna debug this some more
2017-05-29 21:00:34 <skarnet> Shiz: does abuild officially support cross-compilation now?
2017-05-29 21:01:07 <Shiz> it has for a while, it's how we bootstrap stuff
2017-05-29 21:02:56 <skarnet> so I just read triples in CBUILD and CHOST?
2017-05-29 21:04:00 <jirutka> ncopa: there’s another blog post (in Czech) about Alpine Linux! it’s about usage of various distributions on vpsFree, Alpine Linux is mentioned as the distro with the highest increment per year  https://blog.vpsfree.cz/linuxove-distribuce-vede-debian-a-ubuntu-nahoru-se-dere-alpine/
2017-05-29 21:05:38 <jirutka> could please someone review https://wiki.alpinelinux.org/wiki/Setting_up_disks_manually, fix outdated info, if any, and remove “This material is work-in-progress ...” ?
2017-05-29 21:05:44 <Shiz> skarnet: that's what you set when building, yes
2017-05-29 21:06:00 <Shiz> the apkbuilds need makedepends= separated into makedepends_build and makedepends_host
2017-05-29 21:06:33 <jirutka> someone (IMO troll) in a discussion about article at root.cz about Alpine has complained about it…
2017-05-29 21:08:42 <jirutka> ncopa: it’s also interesting that Alpine is installed on more VMs at vpsFree than OpenSUSE or even Arch Linux and it’s very close to number of Fedora installations :)
2017-05-29 21:10:34 <Shiz> who would install arch on a server :p
2017-05-29 21:10:41 <Shiz> 
ACTION runs

2017-05-29 21:10:49 <Shiz> kaniini: may have been an error on my part, disregard
2017-05-29 21:11:16 <jirutka> well, I asks who would install Debian or Ubuntu on server and yet, the most ppl :(
2017-05-29 21:11:20 <Shiz> hey jirutka could you test something for me if you have cpu cycles to burn
2017-05-29 21:11:22 <Shiz> :P
2017-05-29 21:11:29 <jirutka> Shiz: yeah
2017-05-29 21:21:34 <Shiz> jirutka: great
2017-05-29 21:22:49 <Shiz> jirutka: https://txt.shiz.me/MWRjMmEzNj
2017-05-29 21:22:54 <Shiz> this, essentially
2017-05-29 21:23:14 <Shiz> oh, uh
2017-05-29 21:23:23 <Shiz> # cd main/libc++ && abuild -r && cd .. , too
2017-05-29 21:23:45 <Shiz> https://txt.shiz.me/MDMxZmQ5OT
2017-05-29 21:23:47 <Shiz> updated
2017-05-29 21:24:29 <jirutka> Shiz: how many CPU cycles does it need? ;)
2017-05-29 21:24:35 <Shiz> uuh
2017-05-29 21:24:43 <Shiz> considering it will compile both llvm4 and clang? :P
2017-05-29 21:24:54 <Shiz> twice, because it also will cross-compile it in bootstrap.sh
2017-05-29 21:25:59 <jirutka> you’ve missed dependencies ;) abuild-tar.c:20:25: fatal error: openssl/evp.h: No such file or directory #include <openssl/evp.h>
2017-05-29 21:27:01 <jirutka> hm, it wants to overwrite some of my system files
2017-05-29 21:27:09 <jirutka> so I should run it in a separate container
2017-05-29 21:27:15 <Shiz> yeah
2017-05-29 21:27:20 <Shiz> what apkbuild is that?
2017-05-29 21:27:30 <Shiz> or do you mean the abuild repo
2017-05-29 21:27:41 <Shiz> because yeah that needs libressl-dev and something else
2017-05-29 21:38:07 <Shiz> hmm, issue in the go package
2017-05-29 21:38:32 <jirutka> burn it, burn it with fire!
2017-05-29 21:40:47 <Shiz> no, it was my own doing
2017-05-29 21:41:03 <jirutka> nevermind, still burn it, just for sure :P
2017-05-29 22:57:54 <tmh1999> Since syslinux is only supported on x86*, how would we do fresh installation (running setup-alpine, setup-disk) on disk (choose sys in sys, data, lvm) on other arches ? https://git.alpinelinux.org/cgit/alpine-conf/tree/setup-disk.in#n811
2017-05-29 23:00:34 <Shiz> I'm not sure if other arches have a unified booting method
2017-05-29 23:00:36 <Shiz> ARM sure doesn't
2017-05-29 23:01:03 <Shiz> which leaves ppc64le and s390x, if they do it would be useful to add :)
2017-05-29 23:02:13 <Shiz> jirutka: https://txt.shiz.me/NjQ0ZjFkMT
2017-05-29 23:02:19 <Shiz> easy script you can just run
2017-05-29 23:02:22 <Shiz> in a container as root
2017-05-29 23:02:24 <Shiz> :P
2017-05-29 23:02:37 <Shiz> correction: https://txt.shiz.me/ZTc2ZDdiY2
2017-05-29 23:04:06 <tmh1999> Shiz: So aarch64, armhf maintainers don't install on disk ?
2017-05-29 23:04:25 <tmh1999> I am wondering how leitao installed the ppcle64 builder
2017-05-29 23:04:54 <tmh1999> for now I boot s390x using the kernel + initfs along with a modified minirootfs
2017-05-29 23:05:13 <tmh1999> it "looks" like a disk (sys) installation.
2017-05-29 23:31:38 <tmh1999> aarch64 uses gummiboot ? hum...
2017-05-29 23:33:37 <Shiz> i guess aarch64 can be efi booted yes
2017-05-29 23:41:00 <awilfox> some aarch64 SoCs do use EFI
2017-05-29 23:41:05 <awilfox> one being the HTC One M9 phone
2017-05-29 23:41:27 <awilfox> the rpi3 and pine64 use uboot though
2017-05-30 00:35:58 <awilfox> fabled: kaniini: is there a planned release date for apk-tools 2.7.2 or 2.8 or whatever master will become?  would love to get my paws on a release that has `manifest` in it
2017-05-30 00:36:33 <kaniini> no
2017-05-30 00:36:51 <kaniini> it will probably be late june
2017-05-30 00:37:05 <awilfox> ah, okay.  I will just build from master then
2017-05-30 02:01:26 <awilfox> heads up: the clone links in alpine cgit point to http instead of https which makes copy/paste more difficult (or potentially insecure if you don't notice)
2017-05-30 02:03:38 <awilfox> or maybe that is on purpose, because cloning with https is timing out..
2017-05-30 02:08:07 <awilfox> hm, maybe it was just temporary issue; works now
2017-05-30 02:22:08 <Shiz> https is mildly redundant with git
2017-05-30 02:22:19 <Shiz> the commit hash verifies the entire repo history
2017-05-30 02:22:21 <Shiz> :P
2017-05-30 02:25:37 <awilfox> Shiz: sure, but someone can dns poison + mitm and give someone a completely different repo
2017-05-30 02:26:00 <awilfox> Shiz: and afaik, commits are not gpg signed in alpine, so there is no guarantee that the Author: line is accurate (and anyone can use --author on git commit
2017-05-30 02:26:02 <awilfox> )
2017-05-30 02:51:44 <Shiz> LLVM-alpine round two: now including lld
2017-05-30 02:51:46 <Shiz> result: bad
2017-05-30 02:51:54 <Shiz> pkgconf was the first thing that failed
2017-05-30 02:51:56 <Shiz> :P
2017-05-30 02:52:44 <Shiz> 
ACTION pokes kaniini

2017-05-30 02:58:52 <TemptorSent> jirutka: In addition to the apk naming, we also need to version the filenames for the kernel artifacts inside the apks, such as vmlinuz -> vmlinuz-4.9.27-1-hardened, same for System map, etc.
2017-05-30 02:59:29 <TemptorSent> jirutka: To make everything clean, there is also some support work needed in handling the bootloader config.
2017-05-30 03:15:01 <Shiz> okay fixed it
2017-05-30 03:15:09 <Shiz> needed to apply two patches to lld to fix libtool stupidity
2017-05-30 03:46:55 <kaniini> Shiz: probably not a pkgconf bug :P
2017-05-30 03:55:41 <Shiz> nope
2017-05-30 03:55:49 <Shiz> kaniini: libtool bug instead
2017-05-30 03:55:51 <Shiz> as expected
2017-05-30 03:56:03 <Shiz> if it doesn't see GNU ld or elf in --help, it will refuse to link dynamic libraries
2017-05-30 03:56:09 <Shiz> and the build will randomly fail because libpkgconf.so doesn't exist
2017-05-30 03:56:51 <kaniini> yes, that would be a problem :)
2017-05-30 04:18:11 <awilfox> I really hope the patch is adding 'elf' and not '(like GNU ld)'
2017-05-30 04:46:35 <Shiz> awilfox: both
2017-05-30 04:46:37 <Shiz> sadly
2017-05-30 04:46:53 <Shiz> # ld.lld --version
2017-05-30 04:46:55 <Shiz> LLD 4.0.0 (compatible with GNU linkers)
2017-05-30 04:56:47 <Shiz> anyway
2017-05-30 04:56:55 <Shiz> the link with ld.lld is progressing
2017-05-30 04:57:04 <Shiz> i'm also building elftoolchain on the side to see if it can help us
2017-05-30 04:57:05 <Shiz> :P
2017-05-30 04:57:41 <kaniini> that may be desirable to certain alpine derivatives
2017-05-30 04:57:42 <kaniini> :)
2017-05-30 04:58:32 <Shiz> ERROR: elftoolchain-0.7.1-r0: trying to overwrite usr/bin/size owned by binutils-2.28-r2.
2017-05-30 04:58:33 <Shiz> hehehe
2017-05-30 05:01:04 <Shiz> apparently elftoolchain has an ld now
2017-05-30 05:10:08 <Shiz> elftoolchain compiled
2017-05-30 06:40:20 <awilfox> http://wiki.adelielinux.org/wiki/APK_internals does anyone want to review this?  I'm trying to document the structure for reasons
2017-05-30 07:42:15 <pickfire> Looks like alpine linux 3.6.0 is broken on raspberry pi
2017-05-30 08:14:32 <clandmeter> Pickfire, no boot I guess?
2017-05-30 08:15:02 <_ikke_> clandmeter: he left
2017-05-30 08:15:12 <clandmeter> Ok
2017-05-30 08:15:16 <clandmeter> Thx
2017-05-30 08:30:17 <fabled> clandmeter, working on rpi kernel now, waiting to build
2017-05-30 08:30:31 <fabled> seems the rpi2 kernel config was accidentally broken on 4.4->4.9 upgrade process
2017-05-30 08:39:09 <awilfox> 
ACTION waves

2017-05-30 09:13:03 <clandmeter> fabled, what is/was wrong?
2017-05-30 09:18:12 <przemoc> awilfox: if by index char you mean how it is stored in db, then replaces -> r, replaces_priority -> q
2017-05-30 09:21:12 <clandmeter> awilfox, I read it a bit and I don't see any mention of the apkindex? Probably intentional.
2017-05-30 09:22:52 <clandmeter> Provides can also include pkgconf entries.
2017-05-30 09:52:11 <awilfox> przemoc: I heard evolving, so any pretty would be good.  also thank you for catching silly error.  fixed!
2017-05-30 11:04:17 <fabled> przemoc, i will probably start certain parts from scratch, but reuse large parts of the codebase
2017-05-30 11:06:09 <przemoc> I suspected that this will be the most probable course of action that you'll take, but wanted to confirm that
2017-05-30 11:30:04 <przemoc> fabled: I don't remember the link to the file where you listed all the planned features.  I think that file index at the beginning of apk would be quite useful (via custom vendor pax extension, possibly).  actually it's a pitty that pax lacks standardized file index extension.  having to scan whole archive to know its content is often burdensome.  having such index at the beginning of .apk would
2017-05-30 11:30:11 <przemoc> also allow implementing file listing for given packages even if they are not installed yet, because you'd need to download only beginning of the .apk.
2017-05-30 11:47:34 <Ganwell> My patch "testing/blind: upgrade to 1.1", didn't go into patchwork. First do I have to take some action? Second did I do something wrong? I thought if I send a patch to the mailinglist during release time, it just gets ignored till after.
2017-05-30 11:48:54 <fabled> przemoc, will likely redesign the file format. possibly to be not .tar; the index would be in the start of the file then
2017-05-30 11:49:25 <fabled> the idea is to have signed blobs in them, and copy those directly to installed-db; so "apk audit" can verify whole system against asymmetrically signed blobs
2017-05-30 11:52:53 <scadu> fabled: aww, sounds promising
2017-05-30 11:52:59 <scadu> skrzyp: ^
2017-05-30 11:54:19 <fabled> i do have some code existing, but it's just drafting it
2017-05-30 11:54:32 <^7heo> that would be neat.
2017-05-30 11:57:32 <przemoc> I see.  using tar-compatible format is nice for debugging, as you can (at least partially) inspect stuff w/o special tools, but tar/pax format is not the nicest thing in the world and there is some historic cruft in it that gives us nothing.  actually I haven't researched whether there are any already-in-use well-thought-out tar replacements
2017-05-30 11:59:21 <fabled> that's my notion too
2017-05-30 11:59:40 <fabled> as option, i was planning to offer "apk convert-to-tar" applet that would convert .apk to .tar
2017-05-30 12:00:05 <fabled> the problem is that, certain things are hard to implement inside tar
2017-05-30 12:00:28 <fabled> alternative, is to have .tar and the first entry be PAX header with a binary blob of all data apk needs
2017-05-30 12:00:45 <fabled> but then the tar headers are just duplication information and just take space
2017-05-30 12:00:59 <fabled> i've found that rarely i need to use tar nowadays to inspect .apk
2017-05-30 12:03:32 <ncopa> Ganwell: we had issues with our infra. it should work again so you can resend
2017-05-30 12:03:34 <ncopa> sorry about that
2017-05-30 12:04:54 <ncopa> fabled: i find the .tar format in apk pretty handy
2017-05-30 12:05:07 <ncopa> would cpio be a better alternative?
2017-05-30 12:05:40 <ncopa> my point is that it is very convenient to be able to extract the .apk with standard tools
2017-05-30 12:09:06 <przemoc> if tar would be ever abandoned for apk, my strong suggestion would be to make pure archive-related part of apk-tools separate with its own lib+bin (format name shouldn't impose it's apk-only), and simply use such lib in apk tools.  that way anyone could reuse archive part and there would be easy tools to at least extract stuff from such apk-ng files, even w/o whole apk-ng machinery.
2017-05-30 12:12:17 <skrzyp> scadu:
2017-05-30 12:12:25 <skrzyp> what?
2017-05-30 12:21:12 <przemoc> ncopa: cpio is a mixed bag, but it's mostly inferior to tar (lack of user/group names for instance) and has worse tooling
2017-05-30 12:53:58 <jirutka> ncopa: I also like that apk is just a simple tar, much better than deb or rpm non-sense Matryoshka doll
2017-05-30 12:58:19 <skarnet> przemoc: all I want from the archive format is to be able to encode user/groups and Unix permissions at archive creation time separately from the files themselves, so you don't need fakeroot to create an archive with multiple uid/gids
2017-05-30 12:58:45 <ncopa> that would be nice yes
2017-05-30 12:59:10 <skarnet> a hierarchy + a permissions file is all I'm asking for
2017-05-30 13:05:27 <przemoc> skarnet: support for providing perms is useful feature, cannot disagree.  it's not that tar format doesn't support such thing (well, it doesn't support is as a separate permission file, that much is obvious).  the only problem is that most commonly used tar/pax utils doesn't expose that kind of functionality
2017-05-30 13:06:13 <skarnet> yeah, that's why I was mentioning it if we're considering an apk-specific lib
2017-05-30 13:07:04 <skarnet> if the backend has to perform horrible hacks to implement the functionality, so be it, as long as I don't have to see it XD
2017-05-30 13:09:27 <przemoc> didn't know you're that lax regarding hidden mess ;)
2017-05-30 13:13:28 <przemoc> gnu tar has some support for overriding file metadata (--owner, --group, --mtime), but it's not a fine-grained stuff
2017-05-30 13:16:31 <skarnet> it's for the whole archive, which is obviously not enough
2017-05-30 14:22:29 <pickfire> clandmeter: red light stays on, green light blink, rainbow screen showed up and stuck.
2017-05-30 14:22:54 <pickfire> _ikke_: I check the logs for the time being, cannot be online 24/7 since pi is down.
2017-05-30 14:23:03 <scadu> I though it will be something like roses are red... :<
2017-05-30 14:23:09 <pickfire> So many things is down. T_T
2017-05-30 14:23:34 <pickfire> scadu: Roses are red, violets are blue, sugar is sweet and so are you.
2017-05-30 14:23:43 <pickfire> Wait, I think that's wrong.
2017-05-30 14:23:49 <scadu> 
ACTION runs

2017-05-30 14:24:10 <skarnet> Roses are red, that much is true, but violets are violet, not fucking blue.
2017-05-30 14:24:49 <skarnet> #ruinaromanticevening
2017-05-30 14:25:02 <pickfire> Haha
2017-05-30 14:25:58 <TemptorSent> skarnet: Would the manifest format with added perms/owners/timestamp be usable for your needs?
2017-05-30 14:29:11 <skarnet> TemptorSent: I suppose it would, yes
2017-05-30 14:29:49 <skarnet> now, obviously, it would need to be a format that accept newlines and special characters in filenames. :P
2017-05-30 14:31:24 <pickfire> 
ACTION regret that it didn't do any backup before the upgrade

2017-05-30 14:31:25 <TemptorSent> Any preferences on escaping?
2017-05-30 14:31:49 <^7heo> skarnet: nice one
2017-05-30 14:33:02 <skarnet> TemptorSent: yes. I would love it if it followed that format: http://skarnet.org/software/s6-portable-utils/s6-quote.html
2017-05-30 14:33:41 <TemptorSent> Off hand, \n and \t are the only issues I'm aware of causing a mess.
2017-05-30 14:33:57 <skarnet> i.e. "filename\nwith\x0cspecial characters"
2017-05-30 14:34:52 <skarnet> anyway, no time to delve into this right now, back to work
2017-05-30 14:34:56 <^7heo> o/
2017-05-30 14:35:23 <TemptorSent> Quoted, spaces intact, all non-alphanum escaped?
2017-05-30 14:35:38 <skarnet> <skarnet>anyway, no time to delve into this right now, back to work
2017-05-30 14:36:16 <^7heo> TemptorSent: from the doc skarnet linked: Quoted strings are guaranteed to be pure printable ASCII, without control characters.
2017-05-30 14:37:09 <^7heo> so to me that means, it'll contain only characters from 0x20 to 0x7E
2017-05-30 14:37:16 <^7heo> (included)
2017-05-30 14:37:22 <TemptorSent> For use in the manifest, the result of "s6-quote -n -u $filename" should work.
2017-05-30 14:40:46 <TemptorSent> The only issue with rendering it with printf in shell is the possible interpretation of the $...
2017-05-30 14:58:25 <Shiz>     @fabled │ i've found that rarely i need to use tar nowadays to inspect .apk
2017-05-30 14:58:28 <Shiz> i do this all the time fwiw
2017-05-30 14:58:30 <Shiz> :P
2017-05-30 15:21:40 <clandmeter> przemoc, many packages have pc: provides. just check APKINDEX.
2017-05-30 15:25:39 <przemoc> indeed.  it's added automatically, though.  I wasn't aware of that pc: thing within p:, so thanks for that
2017-05-30 15:26:23 <clandmeter> yw
2017-05-30 15:26:42 <przemoc> (and my grepping failed, because I used different abbrev of pkgconf)
2017-05-30 15:27:31 <clandmeter> ncopa, are we doing a new release to fix rpi boot issues?
2017-05-30 15:27:49 <ncopa> clandmeter: yes
2017-05-30 15:28:02 <clandmeter> okidoki
2017-05-30 15:28:08 <ncopa> with 4.9.30 kernel too
2017-05-30 15:28:10 <ncopa> and some other fixes
2017-05-30 15:28:56 <clandmeter> i hope this also fixes my rpizw
2017-05-30 15:30:31 <clandmeter> oh it was an older bug... confusing when ppl append to an older bug...
2017-05-30 15:35:42 <Shiz> ncopa: not sure if you caught my llvm progress, but ...
2017-05-30 15:35:54 <Shiz> bootstrapped most of an alpine base system with clang+compiler-rt+libc++lld now
2017-05-30 15:35:56 <Shiz> :P
2017-05-30 15:36:38 <przemoc> https://alpinelinux.org/downloads/ vs http://wwwtest.alpinelinux.org/downloads/ - sha256 and gpg buttons next to archs look indeed better and are even more mobile friendly (but I doubt people check checksums on their smartphones...)
2017-05-30 15:44:15 <clandmeter> ncopa, what if we show the download button as http://getbootstrap.com/components/#btn-dropdowns-single and arch's as childeren?
2017-05-30 15:45:29 <przemoc> then it will be unclear what flavor is available on what arch
2017-05-30 15:45:44 <przemoc> without lot of clicking, that is
2017-05-30 15:46:22 <clandmeter> its a download buttton
2017-05-30 15:47:58 <clandmeter> which means you already know what you want.
2017-05-30 15:48:19 <clandmeter> the vertical alignment really sucks like this
2017-05-30 15:49:31 <clandmeter> and the fontsize of the download buttons looks targeted at visually impaired users.
2017-05-30 15:51:07 <pickfire> I found the font size nice, just the x86_64 arch download is a bit misaligned.
2017-05-30 15:52:48 <clandmeter> by using dropbown buttons we could also put the filetype back into the button.
2017-05-30 15:54:44 <TemptorSent> Hmm, something that may be very interesting just popped up on phoronix - WhiteEgret LSM - Whitelist for executables/libs.
2017-05-30 15:56:08 <TemptorSent> Patch is reasonably short and looks sane on first glance
2017-05-30 16:01:51 <zaolin_> hey guys
2017-05-30 16:01:53 <TemptorSent> And it's well documented, with examples - how novel!
2017-05-30 16:02:47 <TemptorSent> Hello zaolin_.
2017-05-30 16:02:50 <zaolin_> the new 3.6.0 seems to be somehow broken. I can't bind ports anymore.
2017-05-30 16:03:29 <zaolin_> and virthardened does not work for MDADM
2017-05-30 16:04:20 <TemptorSent> Hmm, are the appropriate modules loading?
2017-05-30 16:04:25 <Shiz> you can't bind ports?
2017-05-30 16:04:51 <TemptorSent> What network driver are you using?
2017-05-30 16:06:17 <zaolin_> Yep before 3.6.0 with 3.5.0 it worked
2017-05-30 16:06:31 <skarnet> has my bug-report of getting SIGILL on 3.6.0 binaries gone ignored?
2017-05-30 16:07:11 <skarnet> anyway, different question: testing/ seems only available on edge, not on numbered releases, I assume that's intentional?
2017-05-30 16:07:43 <Shiz> skarnet: no, i just havent been able to repro it
2017-05-30 16:07:45 <Shiz> and yes
2017-05-30 16:07:53 <TemptorSent> skarnet: Missed that -- random illegal instructions or deterministic (compile error?)
2017-05-30 16:09:06 <TemptorSent> I was seeing SIGILL frequently under qemu under edge while testing isos, so it's not entirely new, but I couldn't find any determinism in it.
2017-05-30 16:10:00 <skarnet> Shiz: to repro it: install a pristine Alpine v3.6.0 on a Virtualbox VM, apk add s6-rc, grab a s6-rc source database I can put online, and run "s6-rc-compile compiled main"
2017-05-30 16:10:18 <skarnet> 33% chances of success, 33% chances of busylooping, 33% chances of SIGILL
2017-05-30 16:10:33 <TemptorSent> zaolin_: Modules are the first suspect - see if those are present and loaded.
2017-05-30 16:10:48 <Shiz> skarnet: i'll do that later tonight, thanks
2017-05-30 16:10:57 <Shiz> feel free to pm me a link to such a source database when you have time to upload one :)
2017-05-30 16:11:06 <TemptorSent> skarnet: That's consistent with what I was seeing under qemu - appears to be an issue under HVM.
2017-05-30 16:12:22 <TemptorSent> skarnet: What physical hardware are you running on top of? I'm on a Xeon E5-1620
2017-05-30 16:13:13 <Shiz> meanwhile i've advanced my allvmpine experiment into replacing binutils with elftoolchain
2017-05-30 16:13:19 <Shiz> can't wait to see what will miraculously break
2017-05-30 16:13:21 <Shiz> :P
2017-05-30 16:13:51 <skarnet> Shiz: http//skarnet.org/tmp/main.tgz (nothing secret in there)
2017-05-30 16:14:00 <Shiz> danke
2017-05-30 16:14:03 <TemptorSent> Great progress Shiz - Soon it will be GNULess/Linux :)
2017-05-30 16:14:05 <skarnet> TemptorSent: core i7-4770K
2017-05-30 16:14:18 <Shiz> it seems lld can't link Go on i386
2017-05-30 16:14:20 <Shiz> or at least
2017-05-30 16:14:24 <Shiz> not without providing text relocs
2017-05-30 16:14:29 <Shiz> bfd ld does not have this issue
2017-05-30 16:14:56 <skarnet> TemptorSent: it has to do with something on the guest, can't be the host, because I tried it on a Windows host
2017-05-30 16:15:16 <skarnet> (not saying that Windows doesn't have issues, but that's unrelated :P)
2017-05-30 16:15:58 <TemptorSent> skarnet: Agreed - but underlaying hardware changes how the VM virtualizes certain instructions, which can make debugging on a different gen CPU a royal PITA!
2017-05-30 16:16:43 <skarnet> yeah - but no matter what it is, it points to the toolchain building binaries that the guest interprets badly
2017-05-30 16:16:56 <TemptorSent> VT-d is one that makes all kinds of fun.
2017-05-30 16:17:03 <skarnet> older Alpine releases don't do that, so gcc-7.1.0 looks like a smoking gun
2017-05-30 16:17:15 <skarnet> might be worth it to rebuild 3.6 with gcc-6
2017-05-30 16:17:34 <TemptorSent> Perhaps back into the late 6.x releases based on what I saw a few months ago.
2017-05-30 16:18:02 <Shiz> skarnet: we don't build 3.6 with gcc 7.x
2017-05-30 16:18:08 <Shiz> 3.6 has been built with 6.3
2017-05-30 16:18:42 <skarnet> oh? weird then
2017-05-30 16:18:48 <TemptorSent> What flag changes did we have in libs...
2017-05-30 16:19:08 <Shiz> 7.x was decided against because we were afraid issues like these would pop up
2017-05-30 16:19:09 <TemptorSent> Possible bad optimization.
2017-05-30 16:19:10 <Shiz> :P
2017-05-30 16:19:21 <Shiz> or, I believe so -- i wasn't there at the time
2017-05-30 16:20:27 <skarnet> well issues like these are popping up anyway :P
2017-05-30 16:20:53 <TemptorSent> With the failure mode, a test-and-set on a lock may be acting up when virtualized.
2017-05-30 16:23:02 <zaolin_> TemptorSent: Is it possible to downgrade ?
2017-05-30 16:24:04 <TemptorSent> zaolin_: Not easily at the moment that I'm aware of -- we're working on fixing the kernel version issues in packaging to allow that easily.
2017-05-30 16:24:36 <TemptorSent> kaniini may have a better idea of how to do so currently if it's possible...
2017-05-30 16:25:36 <zaolin_> TemptorSent: ixgbe is the driver
2017-05-30 16:26:20 <kaniini> echo '@3.5 http://dl-cdn.alpinelinux.org/alpine/v3.5/main' >> /etc/apk/repositories
2017-05-30 16:26:25 <kaniini> apk add linux-grsec@3.5
2017-05-30 16:26:27 <kaniini> erf
2017-05-30 16:26:32 <kaniini> apk add --update linux-grsec@3.5
2017-05-30 16:26:36 <kaniini> reboot
2017-05-30 16:27:00 <kaniini> you can also downgrade by just changing /etc/apk/repositories and then doing apk upgrade --available
2017-05-30 16:27:03 <kaniini> it will downgrade it
2017-05-30 16:27:42 <zaolin_> kaniini: thanks
2017-05-30 16:27:57 <zaolin_> I missed the --available
2017-05-30 16:28:44 <TemptorSent> Thanks kaniini -- I wasn't sure how to force it to downgrade without totally confusing apk :)
2017-05-30 16:29:29 <kaniini> zaolin_: always use --available when going between distribution versions
2017-05-30 16:29:42 <kaniini> clandmeter: anyway, you were wondering why we want clang as system compiler.  welp, ^^^^ should cover it
2017-05-30 16:30:23 <TemptorSent> zaolin_: Also, check your dmesg and verify the network device is actually getting assigned and that your interface is established completely.
2017-05-30 16:30:31 <kaniini> it finally happened.  GCC completely screwed a distribution release.
2017-05-30 16:31:28 <TemptorSent> So, Alpine 4.x, GCC-free? :)
2017-05-30 16:31:37 <zaolin_> TemptorSent: That works otherwise I couldn't log into it via ssh
2017-05-30 16:32:05 <zaolin_> I had also issues with the pure grsec kernel regarding kvm and ubuntu guests
2017-05-30 16:32:05 <kaniini> TemptorSent: at this point, definitely.
2017-05-30 16:32:07 <Shiz> its not like lcang wont have bugs
2017-05-30 16:32:45 <kaniini> clang at least has QA
2017-05-30 16:32:52 <kaniini> GCC as a project has literally been falling apart since GCC 5
2017-05-30 16:33:08 <Shiz> would you like to see my LLVM patch queue :P
2017-05-30 16:33:17 <Shiz> i think im up to 15-20 patches or so
2017-05-30 16:33:33 <Shiz> clang fails some basic shit -print-prog-name=ld working properly together with -fuse-ld
2017-05-30 16:33:38 <Shiz> like*
2017-05-30 16:33:41 <TemptorSent> zaolin_: Okay, you have working networking, good :) Next question is did the AF_PACKET module and friends load? I'm not sure if there is a grsec specific option that may be biting as well.
2017-05-30 16:34:11 <kaniini> Shiz: lols
2017-05-30 16:34:11 <TemptorSent> zaolin_: For testing purposes, try the vanilla kernel.
2017-05-30 16:35:07 <TemptorSent> Shiz - At least the LLVM patches might get upstreamed before next centry without a bunch of bickering on the ML.
2017-05-30 16:35:39 <kaniini> skarnet: at what address did you observe the SIGILL being thrown
2017-05-30 16:35:56 <skarnet> I didn't run gdb on it or anything
2017-05-30 16:36:58 <kaniini> the PC address in theory would be dumped on dmesg output
2017-05-30 16:37:18 <skarnet> yeah, I can try again tonight
2017-05-30 16:37:33 <skarnet> but Shiz is more fluent than I am with those things
2017-05-30 16:38:32 <TemptorSent> The PC should tell us whether it's happening in application space or kernel space in theory.
2017-05-30 16:38:47 <kaniini> yes
2017-05-30 16:39:05 <kaniini> i suspect the problem is actually related to grsecurity
2017-05-30 16:39:06 <kaniini> not toolchain
2017-05-30 16:39:07 <kaniini> because
2017-05-30 16:39:14 <kaniini> the kernel build logs have had a lot of scary warnings
2017-05-30 16:39:20 <kaniini> about truncated instruction opcodes
2017-05-30 16:39:23 <TemptorSent> But one problem with running a nice relocatable kernel is that we can't resolve such addresses.
2017-05-30 16:39:43 <kaniini> skarnet: which kernel did you boot when you observed these problems
2017-05-30 16:41:25 <skarnet> can't tell you. The default.
2017-05-30 16:41:26 <TemptorSent> Hmm, have we made sure our kernel headers don't have any major problems that could cause this? Inlining inappropriate code in a macro perhaps?
2017-05-30 16:41:49 <Shiz> s6 doesn't use kernel headers
2017-05-30 16:41:51 <Shiz> i'd hope
2017-05-30 16:41:53 <Shiz> :P
2017-05-30 16:41:55 <skarnet> it doesn't
2017-05-30 16:42:40 <skarnet> unrelated: there's a /usr/lib/libz.a symlink to /lib/libz.a, but no similar /usr/lib/libz.so symlink
2017-05-30 16:42:46 <kaniini> TemptorSent: no i mean i think there is literally illegal opcodes in the kernel image itself
2017-05-30 16:42:50 <skarnet> this breaks stuff
2017-05-30 16:43:40 <skarnet> ncopa: could you please update the zlib APKBUILD so it either uses both /usr/lib/libz.a and /usr/lib/libz.so, or neither?
2017-05-30 16:43:47 <TemptorSent> kaniini: Agreed - I'm just wondering if it's something that one of the grsec patches modified in a header that's biting us in multiple places.
2017-05-30 16:43:54 <kaniini> here
2017-05-30 16:43:54 <kaniini> let me show you
2017-05-30 16:43:55 <kaniini> what i am talking about
2017-05-30 16:43:56 <kaniini> http://build.alpinelinux.org/buildlogs/build-3-6-x86_64/main/linux-hardened/linux-hardened-4.9.29-r0.log
2017-05-30 16:44:19 <kaniini> there's tons of errors like:
2017-05-30 16:44:20 <kaniini> sound/pci/asihpi/hpimsgx.o: warning: objtool: adapter_prepare()+0x44: can't find jump dest instruction at .text+0x50e
2017-05-30 16:44:36 <kaniini> and:
2017-05-30 16:44:39 <kaniini> net/bluetooth/cmtp/core.o: warning: objtool: cmtp_session()+0x866: can't decode instruction
2017-05-30 16:44:55 <skarnet> (some Python stuff uses gcc -shared -L/usr/lib -o foobar.so blahblah -lz, and gcc tries /usr/lib/libz.a, and fails, obviously)
2017-05-30 16:44:58 <kaniini> and:
2017-05-30 16:45:00 <kaniini> sound/soc/intel/boards/cht_bsw_rt5645.o: warning: objtool: cht_codec_init(): can't find starting instruction
2017-05-30 16:45:14 <TemptorSent> Yeah, that's fugly -- my question is why does it show up under virtualization, but not on bare metal?
2017-05-30 16:45:50 <kaniini> TemptorSent: maybe it does show up on bare metal.  you are assuming things.
2017-05-30 16:46:41 <TemptorSent> Okay, I didn't hit it on bare metal with my testing, while under qemu, I was getting a sigill within a few minutes of use pretty reliably.
2017-05-30 16:46:43 <kaniini> although in my experience, feedback is more forceful in VMs than it is on bare metal.
2017-05-30 16:46:44 <kaniini> for example, in bare metal, maybe we just get inconsistent hardware states which cause later instability
2017-05-30 16:47:02 <kaniini> verses in a VM, it's a proven violation so it throws a CPU exception immediately
2017-05-30 16:47:26 <kaniini> qemu proves my point: it doesn't faithfully emulate real hardware
2017-05-30 16:47:40 <kaniini> real hardware is more forgiving
2017-05-30 16:48:14 <TemptorSent> Right - and grsec may be using stupid tricks which depend on real hardware to work.
2017-05-30 16:48:50 <TemptorSent> (such as hard-coding instruction offsets based on known implementation details)
2017-05-30 16:48:53 <kaniini> i'm 99% sure that disabling whatever is causing those errors
2017-05-30 16:48:57 <kaniini> will make the SIGILL go away
2017-05-30 16:49:15 <TemptorSent> I'd 99% agree with that hypothesis :)
2017-05-30 16:49:24 <skarnet> note that busylooping is another possible outcome
2017-05-30 16:49:36 <kaniini> but i want somebody to test linux-hardened vs linux-vanilla to see
2017-05-30 16:49:52 <kaniini> so, can somebody do that please? :)
2017-05-30 16:50:04 <skarnet> sure, but not now
2017-05-30 16:50:13 <kaniini> skarnet: yes, which further points to inconsistent state hypothesis
2017-05-30 16:50:40 <kaniini> well TemptorSent says he is getting SIGILLs all over the place in qemu
2017-05-30 16:50:45 <TemptorSent> Agreed - I don't currently have my test env setup, so it's probably best if skarnet tries a repro tonight.
2017-05-30 16:50:52 <kaniini> so i suspect he can compare
2017-05-30 16:51:01 <kaniini> anyway
2017-05-30 16:51:05 <kaniini> somebody test it and let me know
2017-05-30 16:51:13 <kaniini> if that is indeed the case,
2017-05-30 16:51:28 <kaniini> then i will look at disabling whatever is causing those warnings
2017-05-30 16:51:38 <TemptorSent> grsec :)
2017-05-30 16:52:07 <TemptorSent> Possibly page indirection hack for segmentation.
2017-05-30 16:53:31 <Shiz> there is no segmentation on x86_64
2017-05-30 16:53:42 <kaniini> i'm suspecting this is related to pax_open_kernel/pax_close_kernel
2017-05-30 16:53:45 <kaniini> maybe spender fucked it up
2017-05-30 16:53:48 <TemptorSent> That's why grsec uses an ugly hack.
2017-05-30 16:53:49 <kaniini> as a practical joke
2017-05-30 16:53:56 <kaniini> he is enough of a jackass to do that
2017-05-30 16:53:57 <kaniini> :)
2017-05-30 16:54:52 <Shiz> maybe our fwport is bad :P
2017-05-30 16:55:06 <kaniini> that is another possibility
2017-05-30 16:57:57 <TemptorSent> It looks as though the kernel hardening project that started at gentoo spun off to it's own project -- see https://github.com/thestinger/linux-hardened
2017-05-30 16:57:57 <jirutka> Shiz: kaniini: has anyone investigated the problem skarnet reported few days ago?
2017-05-30 16:58:18 <kaniini> that is what we are talking about.
2017-05-30 16:58:22 <jirutka> aha :)
2017-05-30 17:00:32 <kaniini> i think we are overrunning instead of jumping back to userspace correctly in some cases
2017-05-30 17:00:41 <kaniini> which results in a SIGILL being delivered to the userspace process
2017-05-30 17:02:11 <TemptorSent> UDEREF or constify both have a potential to cause such behavior... Need to determine WHAT is overrunnign to narrow it down.
2017-05-30 17:07:41 <Shiz> btw, so far so good
2017-05-30 17:07:48 <Shiz> the important stuff has linked with lld and elftoolchain
2017-05-30 17:08:01 <xentec> reading all this I'm kinda glad now running only -vanilla on my vms
2017-05-30 17:08:23 <Shiz> i586-alpine-linux-musl-strip: --remove-section=.note: invalid target name
2017-05-30 17:08:27 <Shiz> aand the first error :P
2017-05-30 17:08:32 <Shiz> courtesy of busybox
2017-05-30 17:08:41 <skarnet> .note, invalid?
2017-05-30 17:08:47 <skarnet> that's a good one
2017-05-30 17:09:31 <skarnet> (is i586 even a worthy target? :P)
2017-05-30 17:09:39 <Shiz> i think it's not created in the first place
2017-05-30 17:09:41 <Shiz> the .note section
2017-05-30 17:10:08 <skarnet> run strip -R .note several times on the same binary, it won't error out
2017-05-30 17:10:43 <Shiz> # readelf -a busybox_unstripped 2>/dev/null | grep .note
2017-05-30 17:10:46 <Shiz> #
2017-05-30 17:10:47 <Shiz> yes
2017-05-30 17:10:50 <Shiz> i should patch elftoolchain strip
2017-05-30 17:11:29 <skarnet> ah yes, GNU strip silently ignores nonexistent sections but elftoolchain strip doesnt?
2017-05-30 17:11:50 <Shiz> yea
2017-05-30 17:12:00 <skarnet> how does one create tools that are even more annoying and braindead than GNU ones?
2017-05-30 17:12:44 <TemptorSent> kaniini: So, looking at PAX, the trampoline emulation for sigreturn is something to give a hard look at... Do we have that enabled in virthardened?
2017-05-30 17:13:09 <TemptorSent> skarnet: By starting with GNU tools for inspiration :)
2017-05-30 17:13:49 <Shiz> actually, it may be due to how it is invoked
2017-05-30 17:15:02 <kaniini> skarnet: so what do i need to do to reproduce this?
2017-05-30 17:15:17 <skarnet> wrote it above
2017-05-30 17:15:36 <kaniini> TemptorSent: like i said, i do not think any of that is it: i think it is literally something like RAP fucking shit up
2017-05-30 17:17:04 <kaniini> TemptorSent: those warnings i pointed out int he build log, do not exist on -vanilla, and i do not observe SIGILL problems on -vanilla
2017-05-30 17:17:20 <kaniini> TemptorSent: in VM or otherwise
2017-05-30 17:18:25 <TemptorSent> kaniini: Right, I'm looking at where in PAX it's likely actually propigating, and there are a few that may be questionable on their face.
2017-05-30 17:18:50 <kaniini> it makes no difference to me where the SIGILL is propagating
2017-05-30 17:19:11 <kaniini> PAX is throwing the SIGILL most likely because something is very wrong
2017-05-30 17:19:43 <kaniini> (and yes, PAX basically takes over large chunks of CPU exception handling)
2017-05-30 17:20:46 <Shiz> okay, found the actual issue
2017-05-30 17:20:48 <Shiz> skarnet: are you ready
2017-05-30 17:20:54 <Shiz> elftoolchain strip doesn't like -s
2017-05-30 17:20:55 <Shiz> :P
2017-05-30 17:21:06 <TemptorSent> Also, do we have both GRKERNSEC_CONFIG_VIRT_GUEST and GRKERNSEC_CONFIG_VIRT_HOST defined at the same time? If so, are they actually able to coexist without causing problems?
2017-05-30 17:21:48 <TemptorSent> Same with virt type.
2017-05-30 17:24:28 <TemptorSent> The help-text for PAX_EMUTRAMP makes me very suspect of it (or the lack of it) and interaction with musl
2017-05-30 17:24:59 <kaniini> it's really not that.
2017-05-30 17:33:35 <TemptorSent> According to the stack-validation.txt document from objtool, the 'can't find starting instruction' type errors are a result of data in a text (or other non-data) section.
2017-05-30 17:35:59 <TemptorSent> Perhaps running 'make CONFIG_DEBUG_SECTION_MISMATCH=y' as indicated in the build log would be helpful? :)
2017-05-30 17:40:39 <TemptorSent> Also, reading the build log - there is at least one potentially serious redefinition of COMMAND_SIZE between ftdi-elan.c and scsi_common.h that should be fixed.
2017-05-30 17:47:37 <kaniini> TemptorSent: like i said, it is pointing towards RAP
2017-05-30 17:48:17 <kaniini> but i have actual work to do at the moment
2017-05-30 17:50:27 <TemptorSent> I'm afraid I've only looked at the guts of PaX long enough to get a headache, so if you've got a suspect feature that we can disable to test, that's cool! Whenever you get time :)
2017-05-30 18:22:10 <kaniini> TemptorSent: like i said, it is probably RAP.  but i want somebody to test on vanilla to see if the SIGILL is there.  if i am correct, the SIGILL will not be present on vanilla.
2017-05-30 18:23:48 <kaniini> if the trampoline generated by RAP is wrong, and sysret instruction is called with the incorrect pre-conditions, then the userspace process will raise SIGILL
2017-05-30 18:38:35 <TemptorSent> Let me grab the standard and vanillla release .isos and see if qemu gives the same results.
2017-05-30 18:42:37 <kaniini> mmmkay
2017-05-30 18:46:05 <TemptorSent> Bloody hell -- I can't use the standard images on my system at all because they force framebuffer mode in qemu!
2017-05-30 18:47:24 <TemptorSent> With noautodetect, I'm missing some drivers, but it might work anyway...
2017-05-30 18:57:52 <TemptorSent> kaniini - skarnet's reproducer isn't giving me sigill, rather segv with random run-hang.
2017-05-30 18:58:25 <kaniini> TemptorSent: on which kernel.
2017-05-30 18:59:07 <kaniini> TemptorSent: a segv is another possibility with an incorrect sysret target
2017-05-30 18:59:22 <skarnet> it's not a hang, it's a busyloop (top can show you the cpu is spinning)
2017-05-30 18:59:30 <skarnet> and there's nothing in the user code that can even loop
2017-05-30 18:59:33 <zaolin_> TemptorSend: af_packet is there with vanilla kernel
2017-05-30 19:00:05 <kaniini> in fact, an invalid sysret return can cause ... wait for it...
2017-05-30 19:00:07 <kaniini> - SIGILL
2017-05-30 19:00:09 <skarnet> I'm kinda glad the bug-report I got was a SIGILL, because if it had been a SIGSEGV I'd still be looking for the bug in my code -_-
2017-05-30 19:00:12 <kaniini> - SIGSEGV
2017-05-30 19:00:28 <kaniini> - 100% CPU use (jump to data which is now interpreted as bogus instructions)
2017-05-30 19:01:04 <skarnet> kaniini: how do you explain it works sometimes, too?
2017-05-30 19:01:07 <TemptorSent> kaniini: linux-hardened kernel, getting segv_maperr on close(4) at si_addr=0x6d896e6340e1
2017-05-30 19:01:15 <kaniini> TemptorSent: bingo
2017-05-30 19:01:27 <kaniini> so that means it's 99.999999% likely RAP
2017-05-30 19:01:31 <skarnet> TemptorSent: can you confirm it works on vanilla?
2017-05-30 19:01:52 <kaniini> yes
2017-05-30 19:01:55 <TemptorSent> One moment, have to play games to get it up because the stupid FB autodetect.
2017-05-30 19:01:58 <kaniini> please test vanilla now
2017-05-30 19:02:09 <kaniini> if it works there, it is definitely RAP.
2017-05-30 19:02:20 <kaniini> si_addr is unaligned too
2017-05-30 19:02:31 <kaniini> which is definitely wrong for a sysenter/sysret
2017-05-30 19:05:43 <TemptorSent> Bugger, it's doing the same thing in Vanilla!
2017-05-30 19:05:47 <TemptorSent> Bugger, it's doing the same thing in Vanilla!
2017-05-30 19:05:56 <kaniini> wtf
2017-05-30 19:06:31 <TemptorSent> Oops, sorry for the double-tap :)
2017-05-30 19:06:40 <kaniini> theory 2: try reverting to 3.5 libc
2017-05-30 19:07:05 <kaniini> echo '@3.5 http://dl-cdn.alpinelinux.org/alpine/v3.5/main' >> /etc/apk/repositories; apk add --update musl@3.5
2017-05-30 19:07:26 <TemptorSent> si_addr=0x7f6ed2ac0c0a
2017-05-30 19:07:43 <kaniini> yes, unaligned again.  which means something is fishy here
2017-05-30 19:07:59 <kaniini> can you do the 3.5 musl downgrade as above
2017-05-30 19:08:03 <kaniini> and retry?
2017-05-30 19:10:00 <TemptorSent> Still gettting segv, but this time aligned at least - si_addr=0x7fd63395e294
2017-05-30 19:12:38 <kaniini> okay
2017-05-30 19:12:59 <kaniini> try installing
2017-05-30 19:13:24 <kaniini> echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories; apk add --update s6-rc@edge
2017-05-30 19:13:26 <TemptorSent> repeated runs sometimes run to completion with exit code 111 (a proper error)
2017-05-30 19:14:19 <kaniini> and rerun the testcase
2017-05-30 19:14:53 <kaniini> i'm wondering if 3.6 was built with -Os
2017-05-30 19:14:57 <TemptorSent> Same again, with a couple run-hangs..
2017-05-30 19:15:12 <kaniini> apk add skalibs@edge
2017-05-30 19:15:15 <Shiz> kaniini: it was
2017-05-30 19:15:17 <skarnet> TemptorSent: is there an error message when it exits 111? if it's "compiled already exists" then it's not running
2017-05-30 19:15:23 <kaniini> Shiz: !!!!!
2017-05-30 19:15:28 <kaniini> Shiz: MUSL IS TOTALLY BROKEN WITH -Os
2017-05-30 19:15:30 <Shiz> even edge is still -Os
2017-05-30 19:15:31 <Shiz> lol
2017-05-30 19:15:39 <skarnet> wtf
2017-05-30 19:15:45 <kaniini> no edge is -O2 i am pretty sure
2017-05-30 19:15:52 <skarnet> 1. it's the first time I hear that musl is broken with -Os
2017-05-30 19:16:04 <Shiz> nah
2017-05-30 19:16:06 <Shiz> edge is -Os
2017-05-30 19:16:11 <skarnet> 2. why would you build a general purpose distro with -Os
2017-05-30 19:16:31 <TemptorSent> Wow, AND I'm getting two different valid exit status, one 0 one 111
2017-05-30 19:16:41 <kaniini> Shiz: i am positive edge is not -Os
2017-05-30 19:17:13 <kaniini> TemptorSent: fuck it
2017-05-30 19:17:13 <kaniini> TemptorSent: upgrade everything to edge
2017-05-30 19:17:14 <kaniini> TemptorSent: see if it still happens
2017-05-30 19:17:15 <Shiz> I'm using edge abuild and it passes -Os
2017-05-30 19:17:17 <Shiz> that's all i can say
2017-05-30 19:18:42 <TemptorSent> Runing update...
2017-05-30 19:19:31 <TemptorSent> -Os can actually be FASTER than -O2 if it results in less cache misses, but this should be optimized on a per-arch and per-package level.
2017-05-30 19:20:14 <TemptorSent> kaniini: Still same type of results after 'apk upgrade --update --available'
2017-05-30 19:20:36 <kaniini> argh
2017-05-30 19:21:13 <TemptorSent> skarnet: As for the 111 error, it's happening after wiping the compiled directory each time, sometimes at random -- race condition somewhere?
2017-05-30 19:21:33 <TemptorSent> Previous bad return corrupting subsequent context?
2017-05-30 19:22:04 <skarnet> TemptorSent: exact error message? even better, if you can paste a strace :)
2017-05-30 19:23:30 <TemptorSent> Hmm, lemme see what I can do -- I'm playing in a little tiny window on my console with qemu :)
2017-05-30 19:24:09 <skarnet> apk add sprunge
2017-05-30 19:24:19 <skarnet> voilà, pastebin from your command line
2017-05-30 19:27:49 <TemptorSent> http://termbin.com/c50x
2017-05-30 19:28:21 <skarnet> thanks
2017-05-30 19:28:27 <TemptorSent> The pastebin wasn't the problem, I just had to tee to an output file and retry until I got the error output.
2017-05-30 19:29:46 <TemptorSent> compare to http://termbin.com/jvcw
2017-05-30 19:30:19 <TemptorSent> and http://termbin.com/bhes
2017-05-30 19:30:44 <TemptorSent> run-hangs occur at the same location as the SEGV in the previous log.
2017-05-30 19:31:18 <^7heo> where do we usually install libraries with makefiles?
2017-05-30 19:31:25 <^7heo> /lib?
2017-05-30 19:31:38 <skarnet>  manually? /usr/local/lib
2017-05-30 19:31:39 <Shiz> /usr/lib
2017-05-30 19:31:46 <skarnet> ^ for a distro
2017-05-30 19:31:49 <^7heo> skarnet: nah for the distro
2017-05-30 19:31:49 <Shiz> yea
2017-05-30 19:31:52 <^7heo> yeah got it
2017-05-30 19:32:11 <^7heo> So /usr/lib is in the loading so path?
2017-05-30 19:32:30 <^7heo> (and /usr/local/lib too I presume?)
2017-05-30 19:32:31 <TemptorSent> Generally /lib is for system libraries, /usr/lib for general application libs
2017-05-30 19:32:39 <^7heo> yeah
2017-05-30 19:32:42 <^7heo> ok
2017-05-30 19:33:19 <^7heo> Also does anyone have a mac?
2017-05-30 19:33:30 <scadu> ^7heo: jirutka :f
2017-05-30 19:33:31 <^7heo> I'd like to know where to install libs on MacOS too.
2017-05-30 19:33:41 <jirutka> ?
2017-05-30 19:33:44 <^7heo> To make the makefile portable.
2017-05-30 19:33:49 <jirutka> ah, yeah, I have a Mac
2017-05-30 19:33:49 <TemptorSent> I have a Quadra 950 sitting around somewhere, does that count? :P
2017-05-30 19:33:51 <skarnet> (and of course OpenBSD installs a shitload of things under /usr/local/lib, because they don't give a fuck)
2017-05-30 19:34:14 <skarnet> ^7heo: good luck with that
2017-05-30 19:34:14 <^7heo> you really dislike OpenBSD's policies... I can understand, but I can't really judge, I'm not that used to it.
2017-05-30 19:34:18 <^7heo> skarnet: really?
2017-05-30 19:34:23 <skarnet> well, .a's will work
2017-05-30 19:34:32 <skarnet> .so's, you gotta name them .dylib first
2017-05-30 19:34:33 <^7heo> yeah but it's for another project I'm PRing to
2017-05-30 19:34:40 <^7heo> skarnet: and the guys want .so too
2017-05-30 19:34:47 <skarnet> tough luck
2017-05-30 19:34:49 <^7heo> skarnet: right.
2017-05-30 19:34:58 <^7heo> I forgot about .dylib, that's right.
2017-05-30 19:35:05 <skarnet> I'm sure it can be made to work, but you'll have to specialcase MacOS
2017-05-30 19:35:10 <TemptorSent> Technically, /usr/local is appropriate for installation local to the machine (i.e. not a common network mount)
2017-05-30 19:35:12 <^7heo> Yeah...
2017-05-30 19:35:25 <^7heo> Anyway, thanks guys.
2017-05-30 19:35:46 <TemptorSent> MacOS has packages that contain the application, libs, and most supporting code.
2017-05-30 19:35:46 <jirutka> what’s wrong about -Os?
2017-05-30 19:36:17 <jirutka> abuild sets CFLAGS="-Os" by default
2017-05-30 19:36:18 <TemptorSent> (Actually, if they had been consistent about it, it would have been pretty slick, but it's not, and it's thus a PITA)
2017-05-30 19:36:55 <TemptorSent> Hmm, -Os may well be breaking the ret trampoline code in musl!
2017-05-30 19:37:22 <Shiz> macos dynamic linking is pretty different from linux dynlinking
2017-05-30 19:37:23 <skarnet> #musl says -Os should be ok
2017-05-30 19:37:32 <TemptorSent> A pragma is probably needed.
2017-05-30 19:38:00 <TemptorSent> What other optimization flags are set when musl compiles?
2017-05-30 19:38:49 <kaniini> i think i am thinking about uClibc
2017-05-30 19:38:50 <kaniini> -Os was definitely a no-no there
2017-05-30 19:38:55 <TemptorSent> Bad optimization is a classic cause of such random behaviour, possible a GCC bug.
2017-05-30 19:39:40 <TemptorSent> -Os alone should be okay, but if something isn't inlined that should be or vv., it may break.
2017-05-30 19:39:41 <kaniini> TemptorSent: run it under valgrind please :)
2017-05-30 19:40:21 <TemptorSent> Will give that a shot, let's see if it will work without rebuilding.
2017-05-30 19:40:48 <TemptorSent> *lol* Nope, need to try the whole mess again with enough memory assigned to allow me to install valgrind :)
2017-05-30 19:47:02 <skarnet> TemptorSent: ok, the "exit 111" case is also due to a memory corruption
2017-05-30 19:47:25 <skarnet> it's pretty frightening, because all signs point to a bug in the user code
2017-05-30 19:47:46 <skarnet> I'm going to run the test again on a non-Alpine machine, just to be sure
2017-05-30 19:48:02 <kaniini> skarnet: that is why i asked him to run valgrind
2017-05-30 19:49:19 <TemptorSent> http://termbin.com/0mb1
2017-05-30 19:49:30 <TemptorSent> Appears to be an unaligned read?
2017-05-30 19:49:54 <TemptorSent> Somethign strange is going on there.
2017-05-30 19:51:22 <TemptorSent> http://termbin.com/4gln -- with -v
2017-05-30 19:56:38 <TemptorSent> http://termbin.com/2b92 -- with full leak checks.
2017-05-30 19:58:02 <kaniini> that invalid free
2017-05-30 19:58:09 <kaniini> is bugging me
2017-05-30 19:58:23 <kaniini> okay
2017-05-30 19:58:27 <kaniini> okay
2017-05-30 19:58:31 <TemptorSent> Yeah, combined with the unaligned access.
2017-05-30 19:58:38 <skarnet> I'll run a valgrind on a non-Alpine machine just to be sure
2017-05-30 19:58:40 <kaniini> i want you to do something retarded
2017-05-30 19:58:51 <kaniini> echo '@3.4 http://dl-cdn.alpinelinux.org/alpine/v3.4/main' >> /etc/apk/repositories; apk add --upgrade musl@3.4
2017-05-30 19:59:05 <kaniini> rerun the test
2017-05-30 19:59:14 <TemptorSent> As in 'Hey, hold my beer and watch THIS!'?
2017-05-30 19:59:35 <kaniini> yes something like that
2017-05-30 19:59:45 <skarnet> what was retarded in 3.4 ?
2017-05-30 20:00:01 <kaniini> no, in 3.5/3.6 there are changes to dynlink
2017-05-30 20:00:08 <kaniini> so i am wondering
2017-05-30 20:00:12 <kaniini> if something is fucked there
2017-05-30 20:00:18 <kaniini> and its causing everything to go south
2017-05-30 20:01:24 <TemptorSent> Same behavior in 3.4
2017-05-30 20:01:26 <kaniini> apk add --update musl@3.4
2017-05-30 20:01:27 <kaniini> sorry
2017-05-30 20:01:27 <kaniini> :)
2017-05-30 20:01:58 <zaolin_> TemptorSent: Found the issue. Just saying /etc/init.d/loopback
2017-05-30 20:02:24 <TemptorSent> zaolin_: Ahh, glad you found it!
2017-05-30 20:03:51 <TemptorSent> http://termbin.com/dfjz - both musl and s6-rc pinned @3.4
2017-05-30 20:04:39 <kaniini> ok
2017-05-30 20:04:43 <kaniini> i'm going to just have to dig i think
2017-05-30 20:04:51 <kaniini> thanks
2017-05-30 20:05:00 <TemptorSent> Testing on non-alpine, non-grsec host/guest probably required.
2017-05-30 20:05:35 <TemptorSent> Nothing jumping out as to the specific cause.
2017-05-30 20:13:08 <skarnet> impossible to reproduce the bug on an OpenBSD machine or on a GNU machine, both x86_64
2017-05-30 20:13:18 <TemptorSent> kaniini: Well, considering the only library he linked that's in the common set is musl, it's pretty likely.
2017-05-30 20:14:07 <TemptorSent> Can we try musl compiled with differnt optimization flags perhaps?
2017-05-30 20:14:32 <kaniini> i will dig in a bit.  i need to finish up something i am working n
2017-05-30 20:14:34 <TemptorSent> Bad alignment shouldn't happen.
2017-05-30 20:14:35 <kaniini> on*
2017-05-30 20:14:54 <TemptorSent> The compiler should prevent it.
2017-05-30 20:15:18 <skarnet> can't reproduce on a musl machine either. Static binaries, compiled with a gcc-7.1.0 toolchain using musl-1.1.16.
2017-05-30 20:15:59 <skarnet> I really want to say that the user code is fine.
2017-05-30 20:16:41 <TemptorSent> Even if it isn't, non-deterministic, unaligned memory access shouldn't be happening unless you were doing some VERY strange things in user code.
2017-05-30 20:19:31 <skarnet> I'm not.
2017-05-30 20:19:44 <skarnet> so yeah, the problem happens at a lower level.
2017-05-30 20:19:49 <zaolin_> What's the difference between virtgrsec and grsec. Only UDEREF ?
2017-05-30 20:20:00 <TemptorSent> And it appears that it's a file descriptor which is coming up with an unaligned address, which makes no sense in terms of userspace.
2017-05-30 20:20:36 <skarnet> "int fd = open()" -> fd is unaligned ?
2017-05-30 20:20:40 <TemptorSent> zaolin_: The config options are somewhat differeint IIRC, someone here probably knows off hand where that's described.
2017-05-30 20:20:42 <skarnet> yay borked stack
2017-05-30 20:20:47 <kaniini> what
2017-05-30 20:20:50 <TemptorSent> worse, close(4) is unaligned!
2017-05-30 20:20:59 <kaniini> no
2017-05-30 20:21:00 <kaniini> strace prints syscalls after completion
2017-05-30 20:21:31 <skarnet> it prints open( at call time, and ) at completion time
2017-05-30 20:22:00 <TemptorSent> Okay, the free() within close(4) is unaligned.
2017-05-30 20:22:00 <skarnet> (proof: strace sleep)
2017-05-30 20:22:13 <TemptorSent> (according to valgrind)
2017-05-30 20:22:41 <skarnet> is valgrind making sense with musl now?
2017-05-30 20:22:50 <TemptorSent> Sorta, kinda.
2017-05-30 20:23:03 <Shiz> zaolin_: aside from included drivers?
2017-05-30 20:24:14 <zaolin_> Shiz: Let's say I am running alpine as host. Normally some features like kernexec and uderef have some perf impact. So should I use virtgrsec or grsec ?
2017-05-30 20:24:14 <TemptorSent> It looks like realloc is getting a bad handle
2017-05-30 20:24:45 <Shiz> virt* is for guests
2017-05-30 20:25:37 <zaolin_> Shiz: There are also some features braking the guests. I had two issues, one with freezed the vm and another with the virtio network driver
2017-05-30 20:27:08 <zaolin_> Shiz: I guess there is no package which disables some pax features ?
2017-05-30 20:27:13 <TemptorSent> zaolin_, Shiz: To be honest, having a single all-guest image is less-than-ideal because different virt environments really should use differnt kernel configs as well as needing different userspace tools.
2017-05-30 20:27:39 <Shiz> zaolin_: you can toggle the sysctl knobs
2017-05-30 20:28:58 <zaolin_> not for pax features
2017-05-30 20:29:49 <zaolin_> TemptorSent: We are using kvm as hypervisor and alpine in production with ubuntu guests
2017-05-30 20:29:59 <TemptorSent> (Also, a vm-specific image could be MUCH smaller than current.)
2017-05-30 20:31:09 <TemptorSent> zaolin_: Ouch - that's some overhead! I hope you can use same-page mapping and overprovision a fair bit!
2017-05-30 20:31:45 <Shiz> zaolin_: i don't think there's a halfway pax package, no :(
2017-05-30 20:31:52 <TemptorSent> What's a typical ubuntu image, about a gig?
2017-05-30 20:32:19 <TemptorSent> zaolin_: What features of pax do you need and which do you need to disable?
2017-05-30 20:33:15 <Shiz> kaniini: i'm seeing an issue with libgudev being wiped upon 3.6 upgrade
2017-05-30 20:33:17 <Shiz> its contents
2017-05-30 20:33:22 <Shiz> https://pastebin.com/cDGRjaNg apk info && apk policy
2017-05-30 20:33:39 <zaolin_> TemptorSent: For us it's okay. But the grsec kernel does not work for kvm guests. There is already a grsec option which let you choose the right config for kvm or xen. In my opinion if you offer virtualized images you should provide also linux-xengrsec and linux-kvmgrsec
2017-05-30 20:36:16 <zaolin_> sorry, * images for special hypervisor
2017-05-30 20:38:22 <zaolin_> https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Virtualization_Software
2017-05-30 20:38:28 <TemptorSent> zaolin_: Agreed, now linux-*hardened.
2017-05-30 20:38:45 <zaolin_> sure
2017-05-30 20:38:49 <zaolin_> sorry :)
2017-05-30 20:39:16 <TemptorSent> No worries, over time it will drift further from the existing patch.
2017-05-30 20:41:41 <zaolin_> TemptorSent: Should I help out creating packages for kvm and xen ?
2017-05-30 20:41:45 <TemptorSent> The kernel packaging is in for a major overhaul in the near-to-mid future, part of which should include fixing the 'flavors' and versioning, another will hopefully be the user-generation of custom kernel packages easily.
2017-05-30 20:42:54 <TemptorSent> Creating appropriate .config diffs from the standard -hardend .config would probably be a good way to go about it.
2017-05-30 20:43:33 <TemptorSent> Similarly for -vanilla, since the options may be rather different.
2017-05-30 20:44:24 <TemptorSent> Then we can cross-diff those and determine a working set to apply to each base-flavor to get the appropriate hypervisor-flavored guest.
2017-05-30 20:44:35 <zaolin_> GRKERNSEC_CONFIG_AUTO=y
2017-05-30 20:44:35 <zaolin_> GRKERNSEC_CONFIG_SERVER=y
2017-05-30 20:44:35 <zaolin_> GRKERNSEC_CONFIG_VIRT_HOST=y
2017-05-30 20:44:35 <zaolin_> GRKERNSEC_CONFIG_VIRT_KVM=y
2017-05-30 20:44:35 <zaolin_> GRKERNSEC_CONFIG_VIRT_EPT=y
2017-05-30 20:46:10 <TemptorSent> Right, that handles the GRSEC part, but to make the complete kernel optimized for each hypervisor, we want to disable everything NOT useful under it as well, and identify userspace requirements as well.
2017-05-30 20:46:29 <Shiz> for hypervisor hosts it shouldn't differ that much
2017-05-30 20:46:44 <Shiz> i'm not sure, i'm not a big fan of maintaining N different kernel configs
2017-05-30 20:47:00 <Shiz> i'd much rather have a virtguest kernel that boots/works under most/all hypervisors
2017-05-30 20:47:07 <Shiz> with common virtualised nics like e1000 e.g. enabled
2017-05-30 20:47:10 <TemptorSent> Actually, it differs quite a bit in terms of modules required and config opts to enable guest support for X hypervisor.,
2017-05-30 20:47:11 <Shiz> and vmxnet3/virtio/etc
2017-05-30 20:47:51 <TemptorSent> I'd prefer an image that's not bloated with 75mb of drivers I don't need on a virt kernel :)
2017-05-30 20:48:14 <zaolin_> you mean the micro config feature in the kconfig system of the linux kernel ?
2017-05-30 20:48:15 <TemptorSent> For kvm/qemu, virtio covers pretty much everything.
2017-05-30 20:48:17 <Shiz> that's why i just said, a generic virtguest kernel
2017-05-30 20:48:32 <Shiz> most hypervisors emulate pretty overlapping hardware
2017-05-30 20:48:42 <zaolin_> make tinyconfig
2017-05-30 20:49:12 <Shiz> i guess it would be useful to start from our existing config and strip it down from there
2017-05-30 20:49:14 <Shiz> personally
2017-05-30 20:49:20 <Shiz> the hardened config that is
2017-05-30 20:49:20 <TemptorSent> Some config options may be mutually exclusive with certain hypervisors (XEN), requiring modules rather than allowing drivers built in.
2017-05-30 20:50:22 <TemptorSent> Fixing the kernel build system to make it easy to support multiple configurations of a given flavor would make this all much less painful.
2017-05-30 20:51:02 <Shiz> it's not just the build system that is the issue, it's support and testing
2017-05-30 20:51:15 <zaolin_> Shiz: yeah I agree
2017-05-30 20:51:16 <Shiz> for guests, i really do not see a reason to have more than one generic virt guest config
2017-05-30 20:52:07 <TemptorSent> Generically, perhaps not, but for use in a specific environment, it makes a lot of sense!
2017-05-30 20:52:31 <zaolin_> TemptorSent: Shiz: So do you need help with those basic configurations or not ? I can generate some for kvm and xen based on make tinyconfig
2017-05-30 20:52:59 <Shiz> then that specific environment can compile their own kernels
2017-05-30 20:53:07 <TemptorSent> A few hundred thousand VMs with a few dozen megs of dead-weight and some non-optimal config comprimizes adds up.
2017-05-30 20:53:36 <Shiz> zaolin_: we'd preferably would like to align it with our standard config, so i'd prefer the approach of either taking standard hardened config and stirpping it down
2017-05-30 20:53:39 <Shiz> or the existing virt config and adding stuff
2017-05-30 20:53:59 <zaolin_> Hopefully you do load tests for network drivers and I/O
2017-05-30 20:54:13 <Shiz> if you'd be willing to do some experiments with that, would be most welcome :)
2017-05-30 20:54:18 <Shiz> (the configs i mean)
2017-05-30 20:54:21 <TemptorSent> zaolin_: kaniini and I are working on the packaging side of things to make it possible to support this easier, including user generation to local .apk.
2017-05-30 20:54:31 <zaolin_> the bugs only appeared with the load on the server
2017-05-30 20:55:02 <TemptorSent> The nice thing is we can actually test at least several of the VM configs in integration testing.
2017-05-30 20:57:20 <TemptorSent> zaolin_: Go ahead and generate a minimal config for each VM, then diff it against the standard -hardened, merge as appropriate, and create a diff from -hardened to -${vm}hardened
2017-05-30 20:57:48 <TemptorSent> That will give us somethign we can use to integrate for other flavors as well with minimal pain.
2017-05-30 20:58:13 <zaolin_> did you use make savedefconfig for the current configs ?
2017-05-30 20:58:17 <zaolin_> They look very big
2017-05-30 20:58:21 <TemptorSent> The config diff between -hardend and -vanilla in general is more than I'd like to reconsile manually.
2017-05-30 20:58:46 <TemptorSent> I didn't generate the .configs, I believe they're in the abuild?
2017-05-30 20:59:53 <TemptorSent> But yes, a minimal configuration that can be derrived from the existing configurations through a changeset would probably work well.
2017-05-30 21:00:49 <Shiz> the virt configs should be reltaively modest
2017-05-30 21:01:09 <TemptorSent> Currently, they're not...
2017-05-30 21:06:07 <zaolin_> I am on vacation. I will try to build some :)
2017-05-30 21:44:48 <kaniini> Shiz: does apk fix bring it back afterwards?  if not it may just legitimately not be a dep anymore
2017-05-30 21:44:56 <Shiz> yes it does
2017-05-30 21:45:46 <kaniini> Shiz: 3.5 to 3.6?
2017-05-30 21:45:52 <Shiz> yes
2017-05-30 21:45:55 <Shiz> two separate machines
2017-05-30 21:46:08 <kaniini> maybe origin is different on 3.5 vs 3.6
2017-05-30 21:46:13 <kaniini> humm
2017-05-30 21:46:28 <trfl> should mention that both the machines that broke were originally 3.3, pretty sure the one that survived was originally 3.4
2017-05-30 21:46:37 <trfl> so could have been anything between
2017-05-30 21:47:14 <kaniini> Shiz: so you have seen this or trfl has seen this
2017-05-30 21:47:20 <Shiz> trfl
2017-05-30 21:48:11 <Shiz> rather, me seeing it on trfl's nodes
2017-05-30 21:48:13 <Shiz> :p
2017-05-30 21:50:15 <trfl> I've seen odd behavior from packages that provide the same files before, like cdrkit and xorriso providing mkisofs where uninstalling xorriso will delete mkisofs instead of restoring cdrkit's version of it
2017-05-30 21:50:52 <trfl> maybe something similar happened with the two packages that provided the same files that are in libgudev
2017-05-30 23:32:15 <awilfox> I know this conversation was taking place 12 hours ago but I had to sleep and then catch up with work.  in re: tar or pax or custom for apk, a custom format might be 'cool' but thought needs to be put in to how much effort it would be to make a new format vs just using an 'off the shelf' one.  if tar is becoming inappropriate then there are others that can be used instead.  just my 2c
2017-05-31 00:16:36 <TemptorSent> awilfox: I think the pax FORMAT is workable, but the tools are lacking, and some features may require extensions (such as a manifest in the beginning of the archive)
2017-05-31 00:25:39 <Shiz> progress!
2017-05-31 00:25:48 <Shiz> cross-compiled elftoolchain
2017-05-31 00:25:51 <Shiz> now moving on to llvm
2017-05-31 00:26:09 <TemptorSent> \o/
2017-05-31 02:18:16 <Shiz> https://github.com/Shizmob/aports/commits/system-llvm-elftoolchain
2017-05-31 02:18:29 <Shiz> cross-compiles all the stuff in bootstrap.sh up until go, where it fails because of an lld bug
2017-05-31 02:19:10 <Shiz> also made some new changes here https://github.com/Shizmob/abuild/commits/system-llvm
2017-05-31 03:20:21 <TemptorSent> _spOOn_: You could probably setup a chroot or cross-compiler for the code that requires 32bit compilation.
2017-05-31 03:21:18 <TemptorSent> It doesn't need to run 32bit code on the 64bit system, just build 32bit binaries for use in 32bit guests, right?
2017-05-31 03:23:42 <TemptorSent> Damnit, wrong channel, sorry.
2017-05-31 03:26:01 <Shiz> rather just don't
2017-05-31 03:28:30 <TemptorSent> Shiz, so how far has the llvm-port gotten now? You seem to be hauling right along!
2017-05-31 03:28:43 <Shiz> it builds everything up until community/go
2017-05-31 03:28:45 <Shiz> where lld fails
2017-05-31 03:28:49 <TemptorSent> I'm looking forward to a gcc-less system :)
2017-05-31 03:28:50 <Shiz> (of the packages in bootstrap.sh)
2017-05-31 03:29:00 <awilfox> can llvm build non-x86 kernel?
2017-05-31 03:29:01 <TemptorSent> What's lld bjorking on?
2017-05-31 03:30:14 <TemptorSent> awilfox: Good question :) If the kernel is the only componenet requiring gcc, we can probably live with it for the nonce.
2017-05-31 03:30:41 <Shiz> R_386_PC32 relocs against text
2017-05-31 03:30:43 <Shiz> i think
2017-05-31 03:30:44 <TemptorSent> No gcc/g++ libs is a big win.
2017-05-31 03:31:20 <awilfox> TemptorSent: not just that, there is then officially gnu-less linux
2017-05-31 03:31:36 <Shiz> lord almighty
2017-05-31 03:31:43 <Shiz> virtualbox's build system ships precompiled binaries...
2017-05-31 03:31:47 <Shiz> that it requires...
2017-05-31 03:32:08 <TemptorSent> Yeah, VB is a bloody disaster.
2017-05-31 03:32:33 <TemptorSent> I gave up on it in gentoo because I didn't want to do a full multilib setup just to build it :/
2017-05-31 03:32:58 <awilfox> it no longer needs multilib
2017-05-31 03:33:31 <awilfox> those precompiled binaries are iPXE and seabios right?  I think they ship them because it's hard to build them separately.  I managed to do a full source build of vbox once, to say I did it, but I don't see a reason to
2017-05-31 03:34:17 <Shiz> nope
2017-05-31 03:34:21 <Shiz> they're parts of its kmk build system
2017-05-31 03:34:25 <Shiz> kmk_sed etc
2017-05-31 03:35:57 <awilfox> ok
2017-05-31 03:36:05 <Shiz> i think you can just remove them though
2017-05-31 03:37:33 <TemptorSent> Shiz: Is the issue with reinterpret_cast in lld::reloc32?
2017-05-31 03:38:28 <Shiz> ???
2017-05-31 03:38:31 <Shiz> no, not at all
2017-05-31 03:38:32 <TemptorSent> er lld:::elf::reloc32
2017-05-31 03:38:43 <Shiz> don't randomly guess at things :P
2017-05-31 03:39:02 <TemptorSent> Looking at lld source :)
2017-05-31 03:39:10 <Shiz> i didnt even tell you what the error was
2017-05-31 03:39:24 <Shiz> anyway, it can be fixed with -Wl,-z,notext but that gives you textrels
2017-05-31 03:39:26 <Shiz> which you don't want
2017-05-31 03:39:30 <Shiz> bdf ld doesn't seem to need them
2017-05-31 03:42:45 <TemptorSent> Okay, so lld is stricter/doesn't implement the transparent reloc that bdf ld does?
2017-05-31 03:45:59 <Shiz> it doesn't implement the right reloc that doesn't need textrels, apparently
2017-05-31 03:46:23 <Shiz> https://txt.shiz.me/MmViM2JkY2
2017-05-31 03:46:34 <Shiz> btw, for anyone curious to help -- here's how you can test the bootstrap on your own system
2017-05-31 03:46:46 <Shiz> arm currently fails due to llvm not recognize the sf/hf status of the triple
2017-05-31 03:47:01 <Shiz> i'd also recommend setting your core count properly in /etc/abuild.conf beforehand
2017-05-31 03:47:06 <Shiz> as you'll be compiling clang+llvm twice
2017-05-31 03:56:59 <TemptorSent> Yeah, this might take a moment :)
2017-05-31 03:59:45 <awilfox> it's bfd ld
2017-05-31 03:59:47 <awilfox> not bdf
2017-05-31 04:04:30 <TemptorSent> Attempting to build on my system.
2017-05-31 04:05:17 <TemptorSent> Can't use docker though, so if I break something it's going to be entertaining :P
2017-05-31 04:07:14 <TemptorSent> So, what's the status of GCC plugins & llvm?
2017-05-31 04:08:23 <Shiz> what status
2017-05-31 04:10:19 <TemptorSent> Well, since that's probably the biggest GCC-specific feature used by the kernel, hopefully some porting is happening?
2017-05-31 04:14:24 <Shiz> meh, build error
2017-05-31 04:14:28 <Shiz> i'll continue later
2017-05-31 04:14:37 <Shiz> the kernel barely uses gcc plugins
2017-05-31 04:14:41 <Shiz> grsec does
2017-05-31 04:14:42 <Shiz> though
2017-05-31 04:14:44 <Shiz> andn o
2017-05-31 04:15:04 <TemptorSent> I wonder if dragonegg would be a viable stop-gap?
2017-05-31 04:19:56 <TemptorSent> Hmm, not seeing dragonegg post llvm3.7 :/
2017-05-31 04:25:05 <Shiz> dragonegg is long dead
2017-05-31 04:25:15 <Shiz> and also probably doesnt support plugins
2017-05-31 04:26:10 <TemptorSent> Hmm, considering it used gcc's front end and was a plugin itself, it might have been worth looking at anyway.
2017-05-31 04:27:24 <TemptorSent> What happened to dragonegg? It seems like it was a useful tool.
2017-05-31 04:30:52 <Shiz> deprecated by being useless
2017-05-31 04:34:36 <TemptorSent> Hmm, seems useful for supporting langs llvm doesn't (Ada comes to mind), as well as compiling software that uses gcc features, but I guess that can all become part of llvm itself.
2017-05-31 04:42:49 <Shiz> llvm already supports all relevant gcc features
2017-05-31 04:48:51 <TemptorSent> Shiz - Do I want to bootstrap for x86 or x86_64?
2017-05-31 04:49:21 <Shiz> x86, but i just force-pushed a commit that fixes an error i had made :P
2017-05-31 04:49:23 <Shiz> so git pull --rebase first
2017-05-31 04:50:17 <TemptorSent> Okay - let me give it a spin!
2017-05-31 04:51:06 <TemptorSent> Hmm, no llvm4-tools
2017-05-31 04:51:16 <TemptorSent> er -utils rather
2017-05-31 04:51:49 <Shiz> did you do what the instructions told you
2017-05-31 04:51:56 <Shiz> specifically for pkg in llvm4 clang libc++ lld bmake; do APKBUILD=main/$pkg/APKBUILD options="!check" abuild -r; done
2017-05-31 04:51:57 <Shiz> first
2017-05-31 04:52:13 <TemptorSent> Yes, I did. I'm on x86_64 host.
2017-05-31 04:52:34 <Shiz> and does  apk policy llvm show an llvm-4.0.0-r7?
2017-05-31 04:53:04 <TemptorSent> No, looks like I have a broken path somewhere.
2017-05-31 04:53:21 <Shiz> the instructions also tell you to add ~/packages/main to your /etc/apk/repositories :P
2017-05-31 04:53:25 <Shiz> so you can install the updated packages
2017-05-31 04:53:30 <Shiz> or rather, the bootstrap script can
2017-05-31 04:54:05 <TemptorSent> Yes, have that as well.
2017-05-31 04:55:27 <TemptorSent> It doesn't look as though it built clang-utils, the other packages' .apks are in the packages/main/x86_64 directoryu
2017-05-31 04:55:52 <TemptorSent> apk policy llvm4 works :)
2017-05-31 04:56:17 <Shiz> you want llvm-utils, not clang-utils
2017-05-31 04:56:54 <TemptorSent> Hmm, no llvm4 packages, just clang packages -- odd.
2017-05-31 04:57:23 <Shiz> you should have 5 pairs of packages in your packages dir after above line
2017-05-31 04:57:30 <Shiz> llvm4-*, clang-*, libc++-*, lld and bmake
2017-05-31 04:58:23 <TemptorSent> Nope, no llvm4-*, several additional clang-*
2017-05-31 04:58:44 <Shiz> seems like you didn't build all then
2017-05-31 04:58:58 <TemptorSent> libc++-* and bmake are there
2017-05-31 04:59:14 <Shiz> maybe the llvm4 build failed?
2017-05-31 04:59:17 <TemptorSent> How the hell? Does clang build without llvm4?
2017-05-31 04:59:18 <Shiz> what about lld
2017-05-31 04:59:25 <Shiz> yes, if you already have llvm4?
2017-05-31 04:59:27 <Shiz> like, in the repos? :P
2017-05-31 04:59:28 <TemptorSent> lld seems to not have built a package
2017-05-31 05:00:04 <TemptorSent> Bloody hell.
2017-05-31 05:01:30 <TemptorSent> Running llvm4 individually...
2017-05-31 05:04:29 <TemptorSent> also, how do I force sysroot somewhere other than home for the cross-build?
2017-05-31 05:06:47 <TemptorSent> (my / is mounted on a SD card, with bulk storage mounted elsewhere
2017-05-31 05:07:59 <Shiz> abuild.conf
2017-05-31 05:08:05 <Shiz> REPODEST=
2017-05-31 05:08:19 <TemptorSent> Ahh, danke
2017-05-31 05:09:39 <TemptorSent> Um, nope - that's the package dest, I meant the cross compile sysroot for bootstrap.
2017-05-31 05:10:40 <Shiz> oh right
2017-05-31 05:10:42 <Shiz> uh
2017-05-31 05:11:11 <Shiz> $CBUILDROOT
2017-05-31 05:11:12 <Shiz> in env
2017-05-31 05:11:26 <TemptorSent> Got it, thanks!
2017-05-31 05:11:41 <TemptorSent> (Would be good to add that to the docs somewhere...)
2017-05-31 05:12:27 <TemptorSent> I take it I can't set that in abuild.conf because it won't append the arch if it's specified?
2017-05-31 05:12:54 <Shiz> uh i think you can
2017-05-31 05:13:02 <Shiz> it won't append the arch however, no
2017-05-31 05:13:22 <TemptorSent> Need a CBUILDROOTPREFIX or some such.
2017-05-31 05:15:36 <TemptorSent> Perhaps add the REPODEST and CBUILDROOT exports to your script for documentation purposes? I suspect most testing it will wish to keep it in it's own directory.
2017-05-31 05:15:48 <TemptorSent> At least those not running under docker.
2017-05-31 05:15:58 <Shiz> not my script :p
2017-05-31 05:16:27 <TemptorSent> I mean the one on txt.shiz.me :)
2017-05-31 05:16:36 <Shiz> ah
2017-05-31 05:26:31 <TemptorSent> Okay, it built the packages fine that time, even though it was the exact same command.
2017-05-31 05:27:12 <TemptorSent> Now, the 24,000 dollar question -- do I need to rebuild the rest (clang, libc++, and bmake) along with building lld?
2017-05-31 05:31:38 <TemptorSent> Looks like it's off to the races now!
2017-05-31 05:35:13 <TemptorSent> error - libdwarf.so.3 not found building elftoolchain-x86
2017-05-31 05:35:23 <skarnet> that was a short race
2017-05-31 05:35:54 <awilfox> good, races need to be found and removed, preferably using condvars or mutexes
2017-05-31 05:36:07 <TemptorSent> Hmm, continued anyway... that's odd.
2017-05-31 05:37:00 <TemptorSent> I'm guessing I need to rebuild everything now that I have llvm4 built.
2017-05-31 05:38:04 <Shiz> TemptorSent: that one is expected
2017-05-31 05:38:06 <Shiz> and no, you don't
2017-05-31 05:38:37 <TemptorSent> Oh, damn :P
2017-05-31 05:39:01 <Shiz> only reason to rebuild llvm at all is for the llvm-utils package
2017-05-31 05:39:46 <Shiz> reason to rebuild clang is to fix an issue where it would gladly add -pie when passed -r
2017-05-31 05:40:07 <Shiz> reason to rebuild lld is to make it appear more like GNU ld in --version so that broken-ass libtool thinks it can link .so's
2017-05-31 05:40:08 <TemptorSent> Oh, nice.
2017-05-31 05:40:21 <Shiz> reason to rebuild libc++ is to get it into the main repo at all
2017-05-31 05:40:25 <Shiz> same for bmake
2017-05-31 05:40:57 <TemptorSent> And fixing libtool is nearly impossible because libtool sucks and ships all sorts of crap.
2017-05-31 05:41:57 <Shiz> those patches are already upstream anyway
2017-05-31 05:42:01 <Shiz> so they'll be included in next lld rel
2017-05-31 05:42:16 <Shiz> # ld.lld --version
2017-05-31 05:42:18 <TemptorSent> Gotcha.
2017-05-31 05:42:18 <Shiz> LLD 4.0.0 (compatible with GNU linkers)
2017-05-31 05:42:21 <Shiz> the () was added
2017-05-31 05:49:35 <TemptorSent> If this bloody thing downloads the kernel more than once, I'm going to shoot it.
2017-05-31 05:51:08 <Shiz> it only does it once for the kernel-headers package
2017-05-31 05:51:29 <TemptorSent> Good - 80+MB is far from instantaneous for me :/
2017-05-31 05:54:58 <xentec> TemptorSent: that's why abuild has a cache in /var/cache/distfiles
2017-05-31 05:55:51 <TemptorSent> This would go MUCH faster if it would not install/uninstall/reinstall every damn dep for every package!
2017-05-31 05:56:15 <TemptorSent> Could we at least teach it to only do it once per run somehow?
2017-05-31 05:56:59 <Shiz> no, because that would be harmful
2017-05-31 05:57:14 <TemptorSent> How so?
2017-05-31 05:58:05 <Shiz> because you don't want packages pulling in random dependencies from other packages?
2017-05-31 05:58:24 <Shiz> like a ./configure that detects to compile a python plugin when it sees python installed
2017-05-31 05:58:39 <TemptorSent> So we have to uninstall/reinstall llvm4 every single package?
2017-05-31 05:58:48 <TemptorSent> during bootstrap no less?
2017-05-31 05:59:01 <Shiz> yes
2017-05-31 05:59:11 <TemptorSent> Ouch - this is killing my IO
2017-05-31 05:59:21 <awilfox> ^ personally I asked for the same thing, or at least an "install all deps" command from abuild that would literally install them to the system, even after build was done
2017-05-31 05:59:22 <TemptorSent> It's actually the slowest part of the whole process.
2017-05-31 05:59:37 <xentec> I think it's ok for llvm to be explicitly installed during bootstrap
2017-05-31 05:59:39 <Shiz> awilfox: abuild -rK
2017-05-31 05:59:49 <Shiz> also, llvm *is* explicitly installed during bootstrap
2017-05-31 05:59:53 <Shiz> so i don't know what you're talking about
2017-05-31 06:00:07 <awilfox> Shiz: ah.  well, I asked in 2014
2017-05-31 06:00:12 <awilfox> Shiz: it may have been added since
2017-05-31 06:00:21 <awilfox> from what TemptorSent said, it sounded like it hadn't been
2017-05-31 06:00:37 <Shiz> https://github.com/Shizmob/aports/blob/ed40b1d9e6184e7f08ef4ecfd4bfe85417a91898/scripts/bootstrap.sh#L71-L76
2017-05-31 06:00:39 <TemptorSent> The problem is it reinstalls every common dep for every package built.
2017-05-31 06:01:30 <TemptorSent> Couldn't we just have them added to a virtual as it builds so it only reinstalls the updated packages?
2017-05-31 06:01:45 <xentec> btw Shiz: shouldn't that 'apk add --virt..' be '$SUDO_APK add...'  ?
2017-05-31 06:01:57 <Shiz> yeah probably
2017-05-31 06:02:20 <Shiz> but bootstrap.sh needs to be ran as root anyway
2017-05-31 06:02:28 <TemptorSent> elftoolchain-x86 and the lz4 library are reinstalled nearly every single time a package is built, even if it's a virtual package!
2017-05-31 06:02:55 <Shiz> lz4 is only needed for a single package, so i highly doubt that
2017-05-31 06:02:56 <xentec> are you boostraping a system on a SoC?
2017-05-31 06:03:05 <TemptorSent> Want to bet?
2017-05-31 06:03:09 <xentec> because you really shouldn't do that
2017-05-31 06:03:30 <TemptorSent> lz4 is a dep of something because it's installed every package.
2017-05-31 06:03:53 <Shiz> oh, that single package is elftoolchain-x86
2017-05-31 06:03:55 <Shiz> lol
2017-05-31 06:03:58 <TemptorSent> xentec: No, older xeon, but no disk to speak of.
2017-05-31 06:04:18 <TemptorSent> Yeah, so the whole dep chain gets reinstalled every round.
2017-05-31 06:04:45 <TemptorSent> I should just have built in a tmpfs -- I've got plenty of RAM :)
2017-05-31 06:05:15 <Shiz> xentec: https://github.com/Shizmob/aports/commit/daf123648b533e7ef040eca84593b513160d42c7 thx
2017-05-31 06:05:25 <TemptorSent> Even better, it reinstalls the related -doc packages every time because I installed the doc meta package on my HOST system!
2017-05-31 06:05:52 <Shiz> yes, because elftoolchain-x86 is a HOST package
2017-05-31 06:06:17 <xentec> not quite there yet Shiz: trap 'apk del ..' has the same problem ;)
2017-05-31 06:06:19 <Shiz> or more accurately, a build package
2017-05-31 06:06:23 <Shiz> blast
2017-05-31 06:06:46 <TemptorSent> Yeah, it's just getting a little absurd the number of files being written/deleted/rewriten thousands of times.
2017-05-31 06:06:56 <TemptorSent> Not healthy on my SD card, that's for sure!
2017-05-31 06:07:47 <Shiz> https://github.com/Shizmob/aports/commit/db011396a50f627de863c2353e768b5f846705c2
2017-05-31 06:07:49 <Shiz> 
ACTION whistles

2017-05-31 06:07:55 <Shiz> stop building shit on an sd card is all i can say
2017-05-31 06:09:02 <TemptorSent> Yeah, that's why I had to mess with the CBUILDROOT, I was stalling out my system trying to bootstrap before.
2017-05-31 06:09:39 <TemptorSent> Now it's only slightly better, because the stuff read/write to the root system hits the sd card, but at least the cross root and repo don't
2017-05-31 06:10:55 <xentec> Shiz: are ${} vars parsed inside single quotes here?
2017-05-31 06:10:57 <TemptorSent> Yes, I'm a real-world example of someone who would prefer to have only system essentials installed in / and the rest under /usr, where I can mount a piece of spinning rust
2017-05-31 06:11:14 <Shiz> xentec: no, but they don't have to be
2017-05-31 06:11:18 <Shiz> as what's given to trap is eval'd
2017-05-31 06:11:43 <Shiz> TemptorSent: your solution is not forcing bad solutions on others, but rather throwing away your sd cards
2017-05-31 06:11:45 <Shiz> :P
2017-05-31 06:11:47 <xentec> ah, thx for the fix then
2017-05-31 06:13:26 <TemptorSent> Yeah, I wish - I have a real-world need for root on sd-card to bring up a working system, which may or may not have an attached bulk storage drive.
2017-05-31 06:13:56 <Shiz> then after you bring it up, pivot_root
2017-05-31 06:13:58 <Shiz> problem solved
2017-05-31 06:13:59 <awilfox> TemptorSent: silly question
2017-05-31 06:14:14 <Shiz> or even better, use an initramfs
2017-05-31 06:14:23 <awilfox> TemptorSent: why not make a chroot on a storage device and then chroot in to it and bootstrap from there?
2017-05-31 06:14:50 <TemptorSent> No, I need to be able to RUN from sd-card, even if my bulk storage isn't available.
2017-05-31 06:15:19 <Shiz> initramfs
2017-05-31 06:15:23 <TemptorSent> awilfox: I probably should have.
2017-05-31 06:16:06 <TemptorSent> How does the initramfs solve my problem exactly?
2017-05-31 06:17:12 <TemptorSent> I need no moving parts except when I set the thing on a desk with a drive.
2017-05-31 06:18:53 <TemptorSent> Most of what I do is embedded, and not necessarily even network connected.
2017-05-31 06:19:38 <TemptorSent> Well that's entertaining -- llvm failed to build llvm!
2017-05-31 06:20:13 <TemptorSent> Error 2 at 10% on target LLVMMC
2017-05-31 06:22:38 <Shiz> https://txt.shiz.me/NGRhNzM0MG
2017-05-31 06:22:40 <Shiz> the go problem
2017-05-31 06:22:48 <Shiz> TemptorSent: details?
2017-05-31 06:23:12 <TemptorSent> No details, just that.
2017-05-31 06:26:12 <TemptorSent> Hmm, retry passed that without error it seems.
2017-05-31 06:29:38 <TemptorSent> Very strange.
2017-05-31 06:41:19 <TemptorSent> Worked that time, random failure the previous run is disconcerting.
2017-05-31 06:55:48 <Shiz> https://txt.shiz.me/YmJiOTM3Zj updated
2017-05-31 06:57:28 <TemptorSent> lld failed due to missing python2
2017-05-31 06:59:20 <Shiz> i thought i had fixed that one
2017-05-31 06:59:58 <Shiz> well, zz now
2017-05-31 07:00:00 <Shiz> thanks for testing
2017-05-31 07:01:27 <TemptorSent> No problem :)
2017-05-31 07:01:31 <TemptorSent> Goodnight!
2017-05-31 08:14:35 <clandmeter> More like good morning
2017-05-31 12:33:10 <zaolin_> hey guys
2017-05-31 12:33:11 <_ikke_> Ah, I see the sudo vuln is already patched in master
2017-05-31 12:34:29 <^7heo> clandmeter: UGT.
2017-05-31 12:34:43 <_ikke_> (Universal Greeting Time)
2017-05-31 12:36:28 <rnalrd> lol
2017-05-31 12:57:50 <nidan_> Hahah, another sudo bug. "Luckily" I haven't used sudo for 10+ years...
2017-05-31 12:58:08 <_ikke_> nidan_: You do everything as root?
2017-05-31 12:58:37 <nidan_> _ikke_: No, I use su when I do admin-stuff.
2017-05-31 12:59:27 <ncopa> as i understand this sudo issue, it only affect you if you have compiled sudo with selinux support and have selinux enabled?
2017-05-31 12:59:39 <ncopa> so we are not affected as i understand?
2017-05-31 12:59:55 <nidan_> Or ssh to a specific ssh-instance that runs only on 127.0.0.1/::1.
2017-05-31 13:00:30 <nidan_> s6 has a sort of sudo-daemon, sounds interresting but I haven't looked into it yet.
2017-05-31 13:04:48 <nidan_> _ikke_: One thing I've never really understood with sudo is that it seem to be intended to use for single commands, yet about 100% of the people I know using sudo use it only for one thing, sudo bash... If you did have something like a single command that should run as a specific user you can use su for that too.
2017-05-31 13:07:57 <TBB> password management
2017-05-31 13:08:04 <TBB> clear enough explanation?
2017-05-31 13:08:36 <nidan_> Yeah. 50 admin's personal passwords == root instead of 1.
2017-05-31 13:08:38 <TBB> no root password, no user passwords except your own
2017-05-31 13:11:04 <nidan_> And, if you really don't want a root password, you could do the other thing I wrote about, use a specific ssh instance; 99% chance that you depend on ssh anyway and if it fails your security fails.
2017-05-31 13:13:59 <TBB> if I really wanted to do things right, I'd probably go for some sort of capabilities control which is much more finegrained than the "user or root" model
2017-05-31 13:14:07 <TBB> hell of a lot of work tho
2017-05-31 13:14:14 <nidan_> Yeah..
2017-05-31 13:14:50 <nidan_> SELinux has a lot of that, and RH has done a lot of work on the policies. But it's also a large code base and sometimes complex policies.
2017-05-31 13:15:41 <nidan_> For most systems, imho, there's not much you need to do as root anyway, mount something, install a package.. Either that or something is seriously messed up and you need a root shell.
2017-05-31 13:19:31 <nidan_> Unless you were talking about "doing things right" for a specific service, like some daemon. If designed correctly I don't see many causes for any service to have any specfic privileges. There are edge cases of course, and ofc, I haven't thought about everything. If anyone has examples I'd be happy to hear about them. =)
2017-05-31 13:22:07 <jirutka> ssh login to root account should be always disabled; i hope that the reason is obvious for anyone here
2017-05-31 13:22:13 <^7heo> moin
2017-05-31 13:22:59 <jirutka> one of nice things about sudo is fine grained control about environment, what variables are kept and what not
2017-05-31 13:23:26 <jirutka> and that it sed some useful variables like SUDO_USER, so you can know identity of the original user even when (s)he run sudo sh
2017-05-31 13:23:50 <jirutka> for example I use this with git (versioned /etc)
2017-05-31 13:27:16 <jirutka> and of course another important benefit is that sudo is always logged, so you have a better chance to find out who messed something
2017-05-31 13:36:32 <hiro> 15:22 jirut ssh login to root account should be always disabled; i hope that the reason is obvious for anyone here
2017-05-31 13:36:33 <hiro> no
2017-05-31 13:39:03 <hiro> there is only one useful sudo config ALL=NOPASSWD: ALL
2017-05-31 13:39:24 <hiro> but that's less secure than root ssh login imo.
2017-05-31 13:39:35 <hiro> too many useless layers
2017-05-31 13:39:47 <_ikke_> hiro: I hope you are joking
2017-05-31 13:40:40 <hiro> fuck this root bullshit. everything complaining and crashing when i run it as root
2017-05-31 13:40:52 <hiro> it's a fucking security theater without any winners
2017-05-31 13:41:12 <hiro> freetime open source activists securing the world's infrastructure by having opinions on IRC
2017-05-31 13:41:35 <hiro> there's no proper security design, anywhere, ever.
2017-05-31 13:41:46 <hiro> i've seen too many stupidly administered servers
2017-05-31 13:41:51 <hiro> can't rely on anything anyway
2017-05-31 13:41:59 <jirutka> omfg
2017-05-31 13:42:21 <hiro> bring your own security, deploy more VMs, deploy more machines, don't trust the machines at all.
2017-05-31 13:42:32 <hiro> linux security *engineering* is broken
2017-05-31 13:42:53 <hiro> nobody bothers to seperate things properly into multiple groups and users
2017-05-31 13:43:05 <hiro> and i don't blame them either. it's too much effort probably
2017-05-31 13:44:37 <hiro> everything is full of botnets and as a last resort you can only fix also getting affected with network level security
2017-05-31 13:53:17 <consus> Eh
2017-05-31 13:53:23 <consus> Just fire up a bunch of containters
2017-05-31 13:53:31 <consus> That's how linux separation now works
2017-05-31 13:54:13 <_ikke_> consus: and then still run as root, right? :P
2017-05-31 13:54:20 <consus> Of course :D
2017-05-31 14:36:39 <skarnet> I see the "zeromq" aports also defines a "libzmq" package
2017-05-31 14:36:47 <skarnet> but isn't there a libzmq-dev ?
2017-05-31 14:37:02 <skarnet> for things that need to build against libzmq?
2017-05-31 14:37:23 <skarnet> ncopa ^
2017-05-31 15:11:55 <hiro> consus: yes, what used to be user/groups is nor replaced by containers and cgroups
2017-05-31 15:12:13 <hiro> consus: it's all weird, but none of this happens for *security*
2017-05-31 15:12:42 <hiro> that VMs and NAT nowadays often serve security to people should be a side-effect
2017-05-31 15:13:42 <hiro> but people pretend all this got built this way for them personally and all their security needs are obviously met by some overly consistently presented marketing gig
2017-05-31 15:14:30 <hiro> but the hardware itself, it doesn't actually guarantee much at all
2017-05-31 15:15:51 <hiro> just imagine when people use containers inside of VMs inside a shared server in some datacenter outside of their control... and then start banging their head against the keyboard because a program that works fine as a user doesn't work as root...
2017-05-31 15:16:06 <hiro> it is totally absurd.
2017-05-31 15:16:28 <hiro> perhaps one day sudo will support hardware virtualization.
2017-05-31 15:17:03 <hiro> and with namespaces every javascript in every tab can sudo without error
2017-05-31 15:17:17 <hiro> and then you can have gparted running in a web browser
2017-05-31 15:17:32 <hiro> (cause that's what everybody should have always wanted)
2017-05-31 15:17:47 <skarnet> #howaboutno
2017-05-31 15:20:09 <Shiz> skarnet: it's mysteriously called zeromq-dev
2017-05-31 15:25:44 <ncopa> skarnet: isnt there a zeromq-dev package?
2017-05-31 15:26:36 <skarnet> yes, there is. Thanks.
2017-05-31 15:27:00 <skarnet> ncopa: since you're here, please address the libz.so issue
2017-05-31 15:27:56 <ncopa> jirutka: ssh login as root should be disabled is not obvious to me. ssh root login with password yes, but ssh root login in general no.
2017-05-31 15:28:30 <ncopa> skarnet: what is the libz.so issue?
2017-05-31 15:28:40 <^7heo> skarnet: I think hiro was sarcastic
2017-05-31 15:28:50 <^7heo> 
ACTION == cpt obvious.

2017-05-31 15:29:59 <skarnet> ncopa: zlib-dev installs /lib/libz.a (normal), /lib/libz.so (normal), and a symlink /usr/lib/libz.a -> ../../lib/libz.a
2017-05-31 15:30:07 <skarnet> but no similar symlink for libz.so
2017-05-31 15:30:37 <skarnet> so, stuff using gcc -shared -o foo.so -L/usr/lib foo.o -lz fails
2017-05-31 15:30:42 <hiro> ^7heo: well, i do log into root via ssh.
2017-05-31 15:30:52 <skarnet> because it finds a .a, tries to link against it, and fails
2017-05-31 15:30:57 <hiro> but i have to scold both sides here...
2017-05-31 15:31:22 <skarnet> either the /usr/lib/libz.a must go (and gcc will default to /lib) or a similar symlink for /usr/lib/libz.so must appear
2017-05-31 15:31:53 <hiro> i don't know why jirutka tries to pretend there's things that's obvious to everybody on this channel but then doesn't have the guts to say it out loud
2017-05-31 15:32:27 <ncopa> skarnet: can you check which package provides the /usr/lib/libz.a?
2017-05-31 15:33:17 <skarnet> naively I thought it was zlib-dev
2017-05-31 15:33:24 <skarnet> but it appears not
2017-05-31 15:33:28 <skarnet> that's weird
2017-05-31 15:33:45 <ncopa> thats why i ask, i was trying to fix, but foudn out that it does not come from zlib-dev
2017-05-31 15:33:54 <skarnet> how would I look for this? there's no dpkg -S equivalent
2017-05-31 15:33:54 <ncopa> and i cannot find any symlink in any zlib package
2017-05-31 15:34:19 <ncopa> apk info --who-owns /usr/lib/libz.a ?
2017-05-31 15:34:25 <hiro> just said this on another channel:
2017-05-31 15:34:26 <hiro> sudo - when you don't want to admit you run everything as root
2017-05-31 15:34:41 <skarnet> Could not find owner package
2017-05-31 15:34:43 <skarnet> WTF
2017-05-31 15:34:48 <skarnet> I *did not* add this by hand
2017-05-31 15:35:07 <skarnet> ok, more investigation is necessary, I'll do this tonight
2017-05-31 15:37:12 <^7heo> hiro: me too, depending on what machine.
2017-05-31 15:55:06 <^7heo> Do we have an altenative to atom or sublime in alpine?
2017-05-31 15:57:35 <Shiz> vim
2017-05-31 15:57:50 <^7heo> my current candidate doesn't use vim
2017-05-31 15:57:53 <^7heo> that's why I ask.
2017-05-31 15:58:09 <^7heo> I think I might have to build atom on alpine.
2017-05-31 15:58:23 <^7heo> Both the atom build and the sublime build require glibc-isms
2017-05-31 15:58:28 <^7heo> so they can't run with musl anyway
2017-05-31 16:00:17 <Shiz> woo
2017-05-31 16:00:22 <^7heo> ?
2017-05-31 16:00:27 <Shiz> llvm+elftoolchain now compiles the entire bootstrap.sh system minus linux
2017-05-31 16:00:30 <Shiz> cc ncopa
2017-05-31 16:00:32 <Shiz> :P
2017-05-31 16:00:34 <^7heo> niiiiiice
2017-05-31 16:01:51 <scadu> ^7heo: kakoune ;f
2017-05-31 16:01:54 <scadu> ^7heo: and vis ;3
2017-05-31 16:02:09 <hiro> ed
2017-05-31 16:02:15 <^7heo> dudes. Read what I wrote.
2017-05-31 16:02:39 <hiro> tell your candidate to learn the standard.
2017-05-31 16:02:45 <^7heo> yeah well
2017-05-31 16:02:46 <^7heo> devs.
2017-05-31 16:02:47 <hiro> the standard text editor.
2017-05-31 16:02:50 <^7heo> yeah but no
2017-05-31 16:02:57 <^7heo> you can't force "standards" on people.
2017-05-31 16:03:01 <scadu> ^7heo: kakoune in sublime alternative and does not require running web browser engine XD
2017-05-31 16:03:05 <^7heo> and expect the glibc not to be forced upon you.
2017-05-31 16:03:24 <^7heo> scadu: cat is also a sublime alternative.
2017-05-31 16:03:31 <^7heo> and it's installed.
2017-05-31 16:03:37 <scadu> funny you
2017-05-31 16:04:13 <^7heo> well, funny yourself.
2017-05-31 16:08:31 <scadu> welp, you can check pluma
2017-05-31 16:09:05 <scadu> it's in community
2017-05-31 16:09:08 <^7heo> that's what he is currently using.
2017-05-31 16:09:24 <ncopa> Shiz: congrats!
2017-05-31 16:10:53 <Shiz> i'm impressed by llvm's bug handling
2017-05-31 16:10:59 <Shiz> filed a bug against lld, got fixed within 4 hours
2017-05-31 16:11:01 <Shiz> :P
2017-05-31 16:11:19 <^7heo> wow.
2017-05-31 16:11:23 <^7heo> schnell.
2017-05-31 16:13:53 <ncopa> have you sent the patches upstream?
2017-05-31 16:37:25 <TemptorSent> Shiz - I'm getting a bad signal spec for trap in line 76 of bootstrap.sh now for some reason after pull.
2017-05-31 16:38:11 <Shiz> ncopa: they figured out the issue and patched it themselves :P
2017-05-31 16:38:20 <Shiz> the other patches for llvm+elftoolchain stuff, not yet
2017-05-31 16:38:31 <Shiz> but a good chunk of it is upstream-but-not-in-release-yet-patches
2017-05-31 16:38:41 <Shiz> TemptorSent: try removing ERR from the list
2017-05-31 16:39:21 <TemptorSent> That's my suspect, checking now.
2017-05-31 16:40:13 <TemptorSent> Yep, that's the issue.
2017-05-31 16:40:38 <TemptorSent> Still not pulling python2 :/ (will add manually to bypass)
2017-05-31 16:41:54 <TemptorSent> Missing python2 and py-setuptools for building lld.
2017-05-31 16:43:14 <TemptorSent> Ahh, and it wants them in the buildroot, not on the host, joy.
2017-05-31 16:45:47 <TemptorSent> Shiz - should those be listed in the implicit deps for the toolchain?
2017-05-31 16:53:40 <Shiz> no
2017-05-31 16:54:10 <TemptorSent> Where is the proper place to add them to the bootstrap?
2017-05-31 16:54:38 <Shiz> just pushed a commit that fixes it
2017-05-31 16:54:43 <Shiz> it doesn't need to be added to the bootstrap
2017-05-31 16:55:38 <TemptorSent> Oh, lld doesn't REALLY need them to build, got it :)
2017-05-31 17:05:32 <TemptorSent> Has anyone looked into caitsith or WhiteEgret kernel security modules as of yet?
2017-05-31 17:20:37 <TemptorSent> libcap-ng failed with a bad defn of LONG_BIT in pyport.h
2017-05-31 17:45:08 <Shiz> TemptorSent: remember that i said about a clean build system lol
2017-05-31 17:45:15 <Shiz> that's what happens if your build system has python installed
2017-05-31 17:46:35 <TemptorSent> Bugger - that's highly irritating. I guest I'm at the end of my testing until I setup a new build system.
2017-05-31 17:47:14 <Shiz> it's no prob, it's good to see my system mostly reproduces
2017-05-31 17:47:16 <Shiz> :P
2017-05-31 17:48:11 <TemptorSent> It would be nice to fix the bootstrap so it doesn't crap out when host has additional packages installed.
2017-05-31 17:48:22 <Shiz> can't do that trivialyl
2017-05-31 17:48:59 <TemptorSent> Understood - it's a blue-sky project.
2017-05-31 17:50:40 <skarnet> waitwaitwait
2017-05-31 17:51:09 <skarnet> how on earth do you get something that *fails* if there's *something additional you're not using* on your system?
2017-05-31 17:51:53 <TemptorSent> Because it apparently autodetects headers?
2017-05-31 17:52:19 <skarnet> to me it's an immediate case of grinding my axe for gentle build system editing
2017-05-31 17:52:37 <Shiz> ./configure is magical
2017-05-31 17:52:51 <skarnet> ok, so let's say it autodetects headers
2017-05-31 17:53:06 <skarnet> how would that matter if you're not using them?
2017-05-31 17:53:23 <skarnet> also, related question
2017-05-31 17:53:37 <skarnet> WHY THE FUCK would you use GNU configure in a BOOTSTRAP system
2017-05-31 17:54:39 <skarnet> ok, scratch that, I see what you mean.
2017-05-31 17:54:54 <TemptorSent> Yeah, it's irritating :/
2017-05-31 17:55:04 <Shiz> skarnet: the packages use autoconf
2017-05-31 17:55:08 <Shiz> not the bootstrap system itself
2017-05-31 17:55:16 <skarnet> yes, I just figured that out
2017-05-31 17:55:23 <skarnet> it means more isolation work is needed
2017-05-31 17:55:44 <Shiz> well
2017-05-31 17:55:52 <Shiz> i'm not sure i can do much against a hardcoded probing of /usr/bin
2017-05-31 17:55:54 <Shiz> :P
2017-05-31 17:56:03 <Shiz> or /usr/include
2017-05-31 17:56:06 <skarnet> you may want to check lh-bootstrap, where I go through hell and back to properly isolate the build :P
2017-05-31 17:56:19 <Shiz> link?
2017-05-31 17:56:30 <scadu> https://github.com/skarnet/lh-bootstrap
2017-05-31 17:56:34 <Shiz> danke
2017-05-31 17:56:41 <scadu> 
ACTION bot 0.1

2017-05-31 17:57:21 <skarnet> well if it's about /usr/include hardcoding in gcc, I cheat, since I use mcm-built sysrooted toolchains
2017-05-31 17:58:30 <skarnet> if it's the configure script manually probing files in /usr/include, I'm afraid there's no other solution than building in a chroot :/
2017-05-31 17:58:49 <Shiz> not gcc
2017-05-31 17:58:58 <Shiz> yeah...
2017-05-31 17:59:18 <Shiz> for the clang bootstrap we tell clang to use a sysroot, it will never use /usr/include
2017-05-31 17:59:35 <skarnet> what package causes issues with detection of something it shouldn't be using?>
2017-05-31 17:59:42 <Shiz> libcap-ng apparently
2017-05-31 17:59:56 <skarnet> ok, now's the $1000 question
2017-05-31 18:00:14 <skarnet> in what world does it make sense for libcap-ng to be part of a bootstrap process?
2017-05-31 18:00:23 <Shiz> its a dependency of something
2017-05-31 18:00:25 <TemptorSent> It's using swig, which is probably the culprit.
2017-05-31 18:00:25 <Shiz> lemme check what
2017-05-31 18:00:44 <Shiz> oh yeah
2017-05-31 18:00:47 <Shiz> it's a dep of util-linux
2017-05-31 18:01:08 <skarnet> bootstrap with busybox, not util-linux
2017-05-31 18:01:08 <TemptorSent> We should probably build it without bindings for bootstrap.
2017-05-31 18:01:15 <skarnet> also this
2017-05-31 18:01:43 <Shiz> we also build busybox :P
2017-05-31 18:02:21 <Shiz> this is not an issue that just applies to bootstrap btw
2017-05-31 18:02:35 <Shiz> in general, if your build system aint clean various configure script of packages may pick up extra shit
2017-05-31 18:02:44 <Shiz> because we don't bother to pass a million --disable flags
2017-05-31 18:02:53 <skarnet> you just described your problem
2017-05-31 18:03:12 <Shiz> well, the actual alpine packages are built on clean systems :P
2017-05-31 18:03:24 <skarnet> bothering to pass a million --disable flags is the definition of the job of a distributor
2017-05-31 18:03:25 <Shiz> but I'm not sure modifyin every package to pass a million disable/without flags is much of a solution either
2017-05-31 18:03:34 <TemptorSent> We probably should be explicit in the configure options
2017-05-31 18:03:49 <TemptorSent> At least on bootstrap.
2017-05-31 18:04:20 <TemptorSent> But really, everywhere - otherwise we don't have reproducable builds.
2017-05-31 18:04:27 <skarnet> my previous customer said "we gonna build a distro, and we're not going to use configure flags or CFLAGS or LDFLAGS, we're going to let the packages use the defaults they want"
2017-05-31 18:04:39 <skarnet> I was like "I'm not sure you understand what a distro is, dude"
2017-05-31 18:04:43 <Shiz> 
ACTION wonders what kind of interesting customers skarnet gets

2017-05-31 18:04:56 <TemptorSent> If it requires a clean build env, it should probably build it's own chroot.
2017-05-31 18:05:45 <Shiz> btw ping ncopa once you have time
2017-05-31 18:06:14 <skarnet> yeah, either you bother tuning the configure flags with much accuracy, or you get the big hammer and use a clean reproducible development chroot
2017-05-31 18:15:59 <Shiz> at least chroots are easy
2017-05-31 18:16:44 <Shiz> with apk :P
2017-05-31 18:22:04 <TemptorSent> Perhaps bootstrap.sh should build it's own chroot with exactly the required host packages installed.
2017-05-31 18:22:31 <skarnet> Yes.
2017-05-31 18:22:54 <skarnet> If you're going to build anything remotely complicated in it, yes.
2017-05-31 18:28:45 <TemptorSent> Since it's a pretty common need, it would be nice to either teach apk to spawn a chroot directly or add a small tool for managing them easily.
2017-05-31 18:29:25 <skarnet> apk? certainly not. You mean abuild - and that's the point of buildlab.
2017-05-31 18:31:28 <TemptorSent> Actually, I was thinking apk-tools, since it is 90% of the way there already - All that would be needed is a 'chroot' invocation to the apkroot passing whatever the commandline is.
2017-05-31 18:32:09 <TemptorSent> Not just for use in abuild, but as a general purpose tool.
2017-05-31 18:32:20 <Shiz> general purpose tools don't have a place in apk
2017-05-31 18:32:25 <Shiz> apk has --prefix and that's all it needs
2017-05-31 18:34:08 <skarnet> I have a foobar.tar in the "sources" var of my APKBUILD. It's not unpacked. (abuild unpack does nothing, prints nothing.) How would I go debugging this?
2017-05-31 18:34:08 <TemptorSent> right 'apk --prefix=/mnt/sysroot-x86 chroot $cmd' or some such, which would setup the environment and execute the command in the specified prefix chrooted.
2017-05-31 18:34:53 <TemptorSent> skarnet: Hmm, try gzipping it and see if it will unpack then :)
2017-05-31 18:35:26 <skarnet> it won't, I just tried. I looked in the abuild source, and it handles ungzipped .tar files just as well.
2017-05-31 18:35:43 <TemptorSent> Ahh, figures.
2017-05-31 18:35:48 <Shiz> skarnet: sh -x /usr/bin/abuild unpack
2017-05-31 18:35:52 <Shiz> best debug is trcing
2017-05-31 18:35:54 <Shiz> :P
2017-05-31 18:36:24 <skarnet> yeah, tracing shell scripts isn't my cup of tea...
2017-05-31 18:36:51 <TemptorSent> Usually it's pretty easy -- just look at the last dozen or so lines before failure.
2017-05-31 18:37:31 <TemptorSent> tmux is your friend if you have to review the complete output.
2017-05-31 18:37:39 <kaniini> oh
2017-05-31 18:37:39 <kaniini> sorry
2017-05-31 18:37:49 <skarnet> TemptorSent: if you are unable to give me enough credit to assume that I would not be asking here if it was easy, I will kindly ask you to refrain from participating.
2017-05-31 18:37:51 <kaniini> i did not have time yesterday to trace through skarnet's issue
2017-05-31 18:38:17 <skarnet> I don't need "have you tried turning it off and on again?" level 1 support, thank you.
2017-05-31 18:38:40 <TemptorSent> skarnet: I don't bean debugging your particular issue is easy, I mean the tracing is generally straightforward.
2017-05-31 18:39:26 <kaniini> <TemptorSent> right 'apk --prefix=/mnt/sysroot-x86 chroot $cmd' or some such, which would setup the environment and execute the command in the specified prefix chrooted.
2017-05-31 18:39:33 <kaniini> it's a package manager Jim, not a docker clone
2017-05-31 18:40:58 <TemptorSent> kaniini: True, but a tool of that ilk would be quite useful and eliminate the need for docker in many simple cases.
2017-05-31 18:41:15 <kaniini> sure, but it doesn't need to be in apk
2017-05-31 18:42:09 <Shiz> skarnet: so
2017-05-31 18:42:14 <Shiz> a test tar i just created unpacks fine for me
2017-05-31 18:42:19 <Shiz> automatically
2017-05-31 18:42:31 <kaniini> TemptorSent: and what if i want to run $command in a debian environment
2017-05-31 18:42:46 <kaniini> 
ACTION did docker before docker was cool anyway

2017-05-31 18:43:14 <kaniini> not even kidding: https://bitbucket.org/tortoiselabs/appliancekit-ng
2017-05-31 18:43:16 <TemptorSent> Agreed, but apk already has all of the appropriate information available, knows what arch a given root is using, etc. Perhaps some of the general purpose tools of apk (pax archiver, etc.) could be exposed as their own applets
2017-05-31 18:43:48 <Shiz> skarnet: https://txt.shiz.me/MWYyMTQ3Mj
2017-05-31 18:44:16 <TemptorSent> kaniini: I was looking specifically at alternate apk based environments, since apk already can setup a functional chroot fs hierarchy with just a couple commands.
2017-05-31 18:44:33 <Shiz> skarnet: ah
2017-05-31 18:44:35 <Shiz> skarnet: it should be source=
2017-05-31 18:44:37 <Shiz> not sources=
2017-05-31 18:44:39 <Shiz> that may be your issue :P
2017-05-31 18:45:19 <skarnet> Shiz: just found that out :P
2017-05-31 18:45:28 <skarnet> (but thanks)
2017-05-31 18:46:17 <kaniini> TemptorSent: https://bitbucket.org/tortoiselabs/appliancekit-ng/src/edd84e790b41afc06ee1deb387092087f0ccfb66/appliancekit/specs/alpine-base.spec?at=master&fileviewer=file-view-default
2017-05-31 18:46:21 <kaniini> TemptorSent: see??? i used to think like you, and see how it turned out???
2017-05-31 18:46:22 <kaniini> :D
2017-05-31 18:49:23 <TemptorSent> Holy crap kaniini! Yeah, I'm not quite *THAT* crazy :)
2017-05-31 18:50:35 <kaniini> although
2017-05-31 18:50:41 <kaniini> that came out better
2017-05-31 18:50:44 <kaniini> than it's predecessor
2017-05-31 18:50:51 <kaniini> https://bitbucket.org/systeminplace/appliancekit/src
2017-05-31 18:50:55 <kaniini> which i literally wrote in 2006
2017-05-31 18:50:57 <kaniini> like i said
2017-05-31 18:51:03 <kaniini> i did docker before it was cool
2017-05-31 18:52:13 <TemptorSent> I'm thinking a few lines of bash running something like 'export MYROOT=/mnt/blah/x86; apk --prefix $MYROOT add --initdb $pkglist ; apk --prefix $MYROOT chroot /bin/sh'
2017-05-31 18:52:33 <kaniini> https://bitbucket.org/systeminplace/appliancekit/src/af973c5d96f8617d6583caa2f6f70e3e70410323/ApplianceKit/GenericRPMPreBootstrapTool.py?at=default&fileviewer=file-view-default
2017-05-31 18:52:38 <kaniini> although this hackjob
2017-05-31 18:52:42 <kaniini> i am still kind of proud of
2017-05-31 18:52:44 <kaniini> because it is basically
2017-05-31 18:52:48 <kaniini> debootstrap for RPM
2017-05-31 18:52:49 <kaniini> lols
2017-05-31 18:53:20 <TemptorSent> That's actually kinda slick for what it does :)
2017-05-31 18:53:58 <TemptorSent> er not bash, bourne shell :P
2017-05-31 18:54:36 <kaniini> well, the os.system() is embarassing
2017-05-31 18:54:42 <kaniini> i should have set up proper pipelines
2017-05-31 18:55:01 <kaniini> now
2017-05-31 18:55:05 <kaniini> what appliancekit-ng actually did
2017-05-31 18:55:09 <kaniini> was generate a shell script
2017-05-31 18:55:09 <TemptorSent> *lol* Abusing system is a time-honored tradition :)
2017-05-31 18:55:12 <kaniini> and then run it
2017-05-31 18:55:28 <kaniini> basically
2017-05-31 18:56:48 <kaniini> oh, and the original appliancekit
2017-05-31 18:57:00 <kaniini> referred to CentOS frequently as ShitOS
2017-05-31 18:57:06 <kaniini> oops :p
2017-05-31 18:57:18 <TemptorSent> *LOL*
2017-05-31 18:59:56 <TemptorSent> Anyway, if apk-tools (not necessarily apk itself) can facilitate such contanerization in a consistent manner, it would make alpine much more flexible with minimal overhead.
2017-05-31 19:00:33 <kaniini> yeah?  it might also piss off at least 2 of our main partners (docker & flockport)
2017-05-31 19:01:00 <kaniini> docker used to be buddy buddy with canonical until canonical started playing in their back yard
2017-05-31 19:01:07 <TemptorSent> Why? Docker could integrate it and reduce their overhead even further.
2017-05-31 19:01:24 <kaniini> yeah on systems where alpine exists
2017-05-31 19:01:30 <kaniini> or rather apk exists
2017-05-31 19:02:06 <kaniini> while i would like to see a small lightweight container tool in alpine, i don't think apk-tools is the place for it
2017-05-31 19:03:17 <kaniini> anyway, i cite appliancekit as proof that i got into this whole dev thing as somebody trying to make my life as a sysadmin a lot easier
2017-05-31 19:03:19 <kaniini> lols
2017-05-31 19:03:33 <TemptorSent> Not entirely, certainly, but support for specific functions to facilitate such tools would make them far more easily devloped and maintained.
2017-05-31 19:04:03 <TemptorSent> apk already has the state information database, which I would just as soon not recreate in parallel for the container tool.
2017-05-31 19:04:08 <skarnet> kaniini: isn't it how all system programmers started? :P
2017-05-31 19:04:27 <kaniini> the reason why i started coding IRC stuff
2017-05-31 19:04:30 <kaniini> is again because
2017-05-31 19:04:33 <kaniini> the stuff i was using
2017-05-31 19:04:34 <TemptorSent> That's why exposing some of apk's individual features as their own tools would be quite useful.
2017-05-31 19:04:41 <kaniini> was complete garbage
2017-05-31 19:05:27 <kaniini> skarnet: literally the reason i properly learned C was because i had a nickserv implementation that kept crashing and corrupting its database, so i decided to write my own
2017-05-31 19:05:56 <skarnet> sounds on par with the typical system programmer experience :)
2017-05-31 19:06:15 <TemptorSent> I'd like to hand apk a world file and an overlay, give it an alt root directory, and have it build the root, install the packages, and apply the overlay, then at least give men the proper environment required for the chroot.
2017-05-31 19:06:41 <skarnet> why the heck would you want to do that in apk
2017-05-31 19:06:56 <skarnet> ever heard of "one job, one tool" ?
2017-05-31 19:07:01 <TemptorSent> skarnet: Because it alread does all of those things.
2017-05-31 19:07:12 <skarnet> no?
2017-05-31 19:07:27 <TBB> it does, it's only restricted to the system itself
2017-05-31 19:07:28 <TemptorSent> Yes.
2017-05-31 19:07:28 <kaniini> TemptorSent: it already has primitives for that
2017-05-31 19:07:47 <kaniini> TemptorSent: nothing needs to be added for this
2017-05-31 19:07:53 <TemptorSent> Right, I just want to be able to access the primitives :)
2017-05-31 19:08:04 <kaniini> TemptorSent: you already can
2017-05-31 19:08:35 <TemptorSent> How? I couldn't find where they were exposed.
2017-05-31 19:08:52 <TemptorSent> Some undocumented entrypoint?
2017-05-31 19:10:16 <kaniini> tar zxvf overlay.tar | apk add --overlay-from-stdin
2017-05-31 19:10:28 <kaniini> it will install all files in overlay.tar into apk's database
2017-05-31 19:10:35 <TemptorSent> How can I pass a world file to 'apk add --initdb' without just using a cat sub in the command line?
2017-05-31 19:10:39 <kaniini> it works with --root
2017-05-31 19:11:07 <kaniini> you don't
2017-05-31 19:11:17 <kaniini> you init the db, then install the world file, and run apk fix
2017-05-31 19:11:30 <kaniini> but i am doing an apk add --from-file option
2017-05-31 19:11:34 <TemptorSent> Ahh, that's how it's done sanely...
2017-05-31 19:11:35 <kaniini> for other reasons
2017-05-31 19:11:45 <kaniini> because frequently
2017-05-31 19:11:51 <kaniini> i copy /etc/apk/world to a new host and use apk fix
2017-05-31 19:11:53 <kaniini> to provision it
2017-05-31 19:11:57 <kaniini> which is a cool undocumented trick
2017-05-31 19:12:01 <TemptorSent> Very!
2017-05-31 19:12:07 <kaniini> and i want to expose that more
2017-05-31 19:12:16 <kaniini> because i think it's one of the things that really makes apk unique
2017-05-31 19:12:19 <TemptorSent> That would have saved me HOURS to have known while messing with mkimage.
2017-05-31 19:12:41 <TemptorSent> Those are exactly the types of featuers I'm looking for.
2017-05-31 19:13:12 <TBB> will come in handy, definitely
2017-05-31 19:13:13 <TemptorSent> A general reader for apk's database would be immensely helpful as well.
2017-05-31 19:13:28 <kaniini> that's what apk manifest does
2017-05-31 19:14:50 <TemptorSent> Right, for that portion of the database, but it would also be helpful to be able to ask for a specific tuple by name/path.
2017-05-31 19:16:16 <TemptorSent> such as $package:deps
2017-05-31 19:16:32 <TemptorSent> or :provides, or whatnot.
2017-05-31 19:16:39 <kaniini> that's what apk info does
2017-05-31 19:16:40 <kaniini> but
2017-05-31 19:16:42 <kaniini> yes
2017-05-31 19:16:47 <kaniini> i am not really that happy with apk info
2017-05-31 19:17:03 <TemptorSent> Yeah, apk info is nice for human-readable usage, but useless for scripting.
2017-05-31 19:18:59 <fabled> yes, apk info and search have some non-scripting friendly things due to legacy reasons
2017-05-31 19:19:43 <TemptorSent> Yeah, passing -v and -q at the same time doesn't exactly work when you're trying to get packages with versions and suppress warnings :)
2017-05-31 19:20:54 <TemptorSent> At least the output is now going to stderr so I can 2>/dev/null rather than having to grep -v out the warnings.
2017-05-31 19:23:07 <TemptorSent> What else is needed to provide general pax archive read/write support in a useful manner?
2017-05-31 19:23:29 <fabled> i'm still preferring to change the .apk format
2017-05-31 19:23:53 <TemptorSent> Why? the pax format is actually quite appropriate.
2017-05-31 19:24:31 <fabled> for parsing efficiency, and implementation simplicity
2017-05-31 19:24:56 <fabled> i'd rather expose apk applets to extract files; and build the packages
2017-05-31 19:25:03 <fabled> and/or library api
2017-05-31 19:25:29 <fabled> original apk-tools were a set of scripts using tar
2017-05-31 19:25:39 <fabled> later on we rewrite it in C
2017-05-31 19:25:41 <TemptorSent> Hmm, including a manifest as the first record of the archive would proabably solve the parsing issue nicely, as well as providing another check for the archive integrity.
2017-05-31 19:26:03 <fabled> yes, manifest is needed for various things
2017-05-31 19:26:15 <fabled> but that makes the tar structure redundant
2017-05-31 19:26:57 <fabled> if the only reason to do tar is to have extraction with regular tools, it's dangerous because those would skip signature verification
2017-05-31 19:27:09 <TemptorSent> Not really - the pax format encodes what we need for the filesystem nicely, the manifest describes the contents and can be used to verify the filesystem image.
2017-05-31 19:27:10 <fabled> so also on security side i'm tempted to not do tar
2017-05-31 19:27:41 <fabled> i would be willing to implement "apk convert-to-tar" type functionality though
2017-05-31 19:27:51 <TemptorSent> Being able to create/extract using standard tools is critical to the usablity of the format.
2017-05-31 19:28:50 <fabled> for me it's optional, not a primary priority
2017-05-31 19:28:52 <fabled> it used to be
2017-05-31 19:29:28 <fabled> now security, speed, simplicity and usability are more important
2017-05-31 19:29:46 <TemptorSent> If you want to make security the primary goal, the payloads could be encrypted using their checksum and the package signing signature.
2017-05-31 19:30:19 <TemptorSent> That would make it impossible to extract any record that doesn't match the manifest.
2017-05-31 19:30:59 <TemptorSent> But the archive itself should still be readable regardless.
2017-05-31 19:32:32 <fabled> i have not fully decided my mind yet on it; but currently keeping the tar format does not seem to be that beneficial for me
2017-05-31 19:32:37 <fabled> even if it's tar
2017-05-31 19:32:57 <fabled> I would end up writing binary pax header, which would need special tools (as-in apk-tools) to construct it
2017-05-31 19:33:00 <TemptorSent> Actually, pax is preferable to tar IMHO.
2017-05-31 19:33:16 <TemptorSent> Ug, binary header? Why?
2017-05-31 19:33:43 <fabled> i need the manifest there which is binary and signed
2017-05-31 19:34:02 <TemptorSent> Why would the manifest need to be binary?
2017-05-31 19:34:20 <fabled> to not waste time in parsing text
2017-05-31 19:34:30 <fabled> apk is currently slow because of all files being text
2017-05-31 19:34:47 <fabled> the index, database and apk pax headers
2017-05-31 19:35:08 <fabled> now index, and database are basically collection of subset of individual package headers
2017-05-31 19:35:14 <TemptorSent> Hmm, the database really needs a better representation if that's slowing it down.
2017-05-31 19:35:28 <fabled> and to preserve signatures, we can't modify the manifest data
2017-05-31 19:35:37 <fabled> thus
2017-05-31 19:35:41 <fabled> all three need to be binary
2017-05-31 19:36:08 <fabled> additional index needs to be constructible from packages without re-signing in the planned model
2017-05-31 19:36:23 <TemptorSent> I'm not in favor of binary except in internal representation for databases.
2017-05-31 19:36:40 <fabled> we were originally too
2017-05-31 19:36:54 <fabled> but i want the database to be auditable against asymmetric signatures
2017-05-31 19:37:03 <fabled> that come from packages
2017-05-31 19:37:18 <fabled> thus the packages need to contain the objects in database directly
2017-05-31 19:37:26 <fabled> and to make database fast, it needs to be binary
2017-05-31 19:37:48 <TemptorSent> Okay, so if we sign each package's unique identifer (arch, package name, package version, checksum), we don't need to worry about resigning an index.
2017-05-31 19:37:51 <fabled> note that by "slow" i mean full alpine indexdatabase on
2017-05-31 19:38:03 <fabled> rpi takes now 500ms to load and process
2017-05-31 19:38:17 <TemptorSent> Ouch!
2017-05-31 19:38:27 <fabled> but often we want to sequence those operations; so it may end up to be a lot
2017-05-31 19:38:30 <fabled> on the embedded cpus
2017-05-31 19:38:41 <fabled> on any modern x86/x86_64 it's a lot less
2017-05-31 19:38:59 <TemptorSent> Yeah, the reloading should be that heavy once it's in the DB.
2017-05-31 19:39:11 <fabled> so basically my  design goal si:
2017-05-31 19:39:32 <fabled> - construct index from packages without signing it (so anyone can create boot media with their selection of packages)
2017-05-31 19:39:48 <fabled> - opening database is matter of mmapping it (almost zero load time)
2017-05-31 19:39:57 <TemptorSent> Right
2017-05-31 19:40:20 <fabled> - database contains manifests from packages that are signed so apk audit always works against signatures
2017-05-31 19:40:36 <TemptorSent> A graph-structured DB would be ideal for that, possible with sparse pages for speed.
2017-05-31 19:41:03 <kaniini> fabled: i am already working on extract/build applets
2017-05-31 19:41:07 <kaniini> fabled: and manifest, of course
2017-05-31 19:41:12 <kaniini> as you see :)
2017-05-31 19:41:15 <fabled> yeah
2017-05-31 19:41:30 <kaniini> the apkdb right now is kind of a pain to work with
2017-05-31 19:41:47 <fabled> yes
2017-05-31 19:41:47 <kaniini> mmaping something like sqlite3's btree stuff
2017-05-31 19:41:50 <kaniini> would be good
2017-05-31 19:42:10 <TemptorSent> The manifest itself should be very simple and each line can be signed based on the data content only, not the formatting.
2017-05-31 19:42:37 <fabled> i don't want to parse, and reconstruct signed data because it's slow
2017-05-31 19:42:45 <fabled> and vulnerable to various problems
2017-05-31 19:42:50 <TemptorSent> btrees aren't the best for storing DAGs with attributes really, but it's workable.
2017-05-31 19:43:00 <fabled> i do have a design ready
2017-05-31 19:43:20 <fabled> basically cdb like hashes + recursive tag/value/length encoding
2017-05-31 19:43:29 <kaniini> 
ACTION is just trying to get the core applets ready while fabled does the database stuff :)

2017-05-31 19:43:43 <fabled> i'm happy to keep the applet api if it gets done
2017-05-31 19:43:46 <TemptorSent> *groans* Ouch.
2017-05-31 19:44:07 <kaniini> as well as various nice things like apk add --from-file
2017-05-31 19:44:08 <TemptorSent> Yeah, won't be debugging that by hand.
2017-05-31 19:44:49 <fabled> secure, plaintext, fast; choose any two
2017-05-31 19:45:07 <kaniini> fabled: i also want to make apk info more useful for external consumers
2017-05-31 19:45:13 <fabled> me too
2017-05-31 19:45:17 <kaniini> but haven't figured out what that looks like yet
2017-05-31 19:45:31 <fabled> i wonder if it would make sense to write it as new appliet like "print" or "show"
2017-05-31 19:45:41 <fabled> and deprecate "info" and "search"
2017-05-31 19:45:50 <fabled> make it scriptable with --fields a,b,c
2017-05-31 19:46:17 <fabled> and other flags to control how many matches to show, and from which indexes/installed-db to search against
2017-05-31 19:46:19 <TemptorSent> fabled: How about an extended Merkle-DAG? Fast, secure, and mostly plaintext.
2017-05-31 19:47:07 <kaniini> fabled: that's why i broke manifest out instead of having it in apk info
2017-05-31 19:47:40 <TemptorSent> And also fits the depedency graph much better.
2017-05-31 19:48:49 <fabled> TemptorSent, Merkle tree does not solve all the problems involved
2017-05-31 19:48:51 <TemptorSent> Technically, you could provide a tag with the lenght and offset and parse it as fast as you would the binary version
2017-05-31 19:49:36 <kaniini> TemptorSent: dependencies are stored as a dependency description
2017-05-31 19:49:43 <kaniini> no graph involved
2017-05-31 19:50:08 <TemptorSent> No, they would need to be extended somewhat to fully support our needs, but they should work well as a basis.
2017-05-31 19:51:19 <fabled> i would hope to provide good enough tlv tools to dump the database to text; even in backwards compat. format
2017-05-31 19:51:22 <TemptorSent> kaniini: I'm referring to the file->package mapping, which would allow full dep chain calculations without having to build the memory tree each time.
2017-05-31 19:52:27 <kaniini> that's just a reverse lookup table though
2017-05-31 19:52:35 <fabled> kaniini, thanks for the manifest stuff, the commits i had time to look at look good
2017-05-31 19:53:08 <fabled> TemptorSent, I hope the database/index opening to be mmap + updating shim structures that allow merging multiple files efficiently
2017-05-31 19:53:10 <TemptorSent> Yes, but a merkle tree would allow you to quickly detect if anything lower in the tree has changed.
2017-05-31 19:54:15 <TemptorSent> fabled: Why not just encode the offsets and namespace in the db files themselves?
2017-05-31 19:55:05 <fabled> did you see the executive summary on design concepts? http://sprunge.us/DLSU
2017-05-31 19:55:05 <kaniini> fabled: i have apk unpack almost ready to go in as well.  apk pack after that.
2017-05-31 19:55:18 <TemptorSent> awesome kaniini!
2017-05-31 19:56:22 <TemptorSent> Does apk unpack support specifying paths to extract? i.e. 'apk unpack mykernel-blah.apk boot/'
2017-05-31 19:56:52 <kaniini> TemptorSent: it is planned, but right now i am just concentrating on the core functionality to make sure it's completely legit first
2017-05-31 19:56:58 <kaniini> TemptorSent: like i did with manifest
2017-05-31 19:57:08 <kaniini> (and there's more to do with manifest, like customizing what is actually output)
2017-05-31 19:57:23 <TemptorSent> Very nice!
2017-05-31 19:58:14 <fabled> need to go sleep in a minute. see you tm.
2017-05-31 19:58:17 <TemptorSent> Let me know what testing is needed.
2017-05-31 19:58:29 <TemptorSent> Goodnight fabled!
2017-05-31 19:58:34 <kaniini> i might actually do apk mod
2017-05-31 19:58:40 <kaniini> with --import-from-file
2017-05-31 19:59:19 <fabled> kaniini, my model for apk3 is that .apk packages are the basic component; they are signed and immutable without resigning
2017-05-31 19:59:48 <fabled> index and databases are directly built from .apk header portions and include relevant signature
2017-05-31 20:00:03 <kaniini> fabled: --import-from-file being to import an /etc/apk/world from another machine
2017-05-31 20:00:09 <kaniini> to clarify :)
2017-05-31 20:00:19 <fabled> ah, so kinda add/del combined
2017-05-31 20:00:36 <fabled> i have had that on todo / ideas board for a while
2017-05-31 20:00:41 <kaniini> yes, from your list of things you want to see in apk3
2017-05-31 20:01:15 <kaniini> right now we frequently copy /etc/apk/world to a new host and then use apk fix to provision it
2017-05-31 20:01:18 <TemptorSent> fabled: Why not make the individual files the basic component?
2017-05-31 20:01:27 <kaniini> so the idea is to make that seem less... hacky
2017-05-31 20:01:51 <fabled> TemptorSent, it would slow down things
2017-05-31 20:01:57 <fabled> on various levels
2017-05-31 20:02:24 <fabled> e.g. verifying asymmetric signature is a lot slower than hash
2017-05-31 20:02:35 <TemptorSent> Hmm, I'll have to look at it a bit deeper, but I suspect it could be done in reasonable overhead.
2017-05-31 20:02:39 <kaniini> what i also want to do is enable software like python's pip or luarocks to generate a package with apk pack
2017-05-31 20:02:41 <kaniini> and install it
2017-05-31 20:02:48 <kaniini> so that the package manager is aware of it
2017-05-31 20:02:52 <fabled> right
2017-05-31 20:03:31 <fabled> that would probably be better than the current "auto-generate apkbuild from CPAN" type of approach
2017-05-31 20:03:36 <TemptorSent> Of course, but you can sign a tree of hashes and only have to verify one signature.
2017-05-31 20:04:04 <fabled> TemptorSent, yes, that's why it's called a package
2017-05-31 20:05:31 <TemptorSent> The package contains a lot more than just the signed tree -- and thus more parsing that is only needed once per load.
2017-05-31 20:06:17 <fabled> anyway. that's what i have in mind. i do have some code, but not too much yet. hope to get back hacking it after next week.
2017-05-31 20:06:19 <Shiz> i like apk fix...
2017-05-31 20:06:41 <kaniini> Shiz: sure, but most people don't know you can do that with /etc/apk/world :)
2017-05-31 20:06:50 <kaniini> Shiz: we arent talking about getting rid of apk fix
2017-05-31 20:06:55 <fabled> kaniini, TemptorSent : if you can come up with good info/search replacement applet usage format, that'd be good input
2017-05-31 20:07:25 <fabled> we had discussion about it once few years ago but it didn't end up anywhere
2017-05-31 20:07:28 <TemptorSent> The other win with hash trees is it allows you to verify any subset of files and requires a very small tree.
2017-05-31 20:07:50 <^7heo> I wonder why there's only vim or atom...
2017-05-31 20:07:54 <kaniini> fabled: the other main thing i want is pluggable backends for fetching, so that i can fetch over SSH
2017-05-31 20:07:55 <^7heo> Why isn't there something in between?
2017-05-31 20:08:09 <fabled> kaniini, was planning to go libcurl
2017-05-31 20:08:20 <Shiz> libcurl :(
2017-05-31 20:08:22 <^7heo> libcurl is actually a nice lib.
2017-05-31 20:08:22 <TemptorSent> ^7heo - Do we have 'joe'?
2017-05-31 20:08:29 <^7heo> TemptorSent: I don't think so.
2017-05-31 20:08:40 <^7heo> oh we do.
2017-05-31 20:08:43 <^7heo> my bad
2017-05-31 20:08:47 <^7heo> Shiz: why?
2017-05-31 20:08:58 <TemptorSent> There ya go! I used to use joe quite a bit.
2017-05-31 20:09:00 <Shiz> curl's CVE count, for one
2017-05-31 20:09:08 <^7heo> Yeah well, HTTP.
2017-05-31 20:09:08 <Shiz> and its size
2017-05-31 20:09:10 <kaniini> fabled: yes, i know.  but libcurl's SFTP implementation is limited :)
2017-05-31 20:09:19 <^7heo> Shiz: well, it supports all the things.
2017-05-31 20:09:24 <Shiz> yes, that's the problem
2017-05-31 20:09:38 <Shiz> replacing one monolithic fetching library with another is not a design improvement imo
2017-05-31 20:09:48 <^7heo> true dat
2017-05-31 20:10:05 <TemptorSent> Allowing external fetch makes leveraging dropbear an option for very small systems.
2017-05-31 20:10:07 <fabled> anything better out there then libcurl?
2017-05-31 20:10:30 <skarnet> yes
2017-05-31 20:10:32 <fabled> for regular http it needs to be inbuilt to have connection pooling
2017-05-31 20:10:33 <skarnet> literally anything
2017-05-31 20:10:39 <^7heo> skarnet: :D
2017-05-31 20:10:40 <kaniini> i think we should go back to out-of-process fetch and then have /lib/apk/transport/$scheme
2017-05-31 20:10:50 <skarnet> ^
2017-05-31 20:10:53 <Shiz> kaniini: imo /usr/libexec/apk/apk-fetch-<proto>
2017-05-31 20:10:56 <Shiz> :P
2017-05-31 20:10:56 <TemptorSent> ^^^
2017-05-31 20:10:57 <kaniini> and then /lib/apk/transport/$scheme can use libcurl if it wants
2017-05-31 20:10:59 <fabled> the exec-solution has problems during distro-upgrade
2017-05-31 20:11:03 <kaniini> and then /lib/apk/transport/ssh can use scp
2017-05-31 20:11:12 <^7heo> skarnet, Shiz: I trust both your judgement on code sanity so I won't write stuff like "libcurl is actually a nice lib."
2017-05-31 20:11:16 <fabled> when the plugin and it's dependency libraries are being updated
2017-05-31 20:11:19 <^7heo> but honestly, from the user POV, it IS nice.
2017-05-31 20:11:25 <skarnet> having out-of-process fetch, aka executable plugins, allows much more flexibility and isolation
2017-05-31 20:11:48 <kaniini> fabled: yes, that is the downside
2017-05-31 20:11:53 <Shiz> is that really the case though
2017-05-31 20:12:00 <Shiz> like i presume all fetching would happen BEFORE the upgrade cycle
2017-05-31 20:12:03 <^7heo> fabled: what protocol are you interested in, for the libcurl?
2017-05-31 20:12:04 <TemptorSent> And can make supporting convoluted caching unnecessary.
2017-05-31 20:12:05 <Shiz> before files are being replaced
2017-05-31 20:12:23 <fabled> well, if we cache all .apks before upgrade it's not ap roblem
2017-05-31 20:12:45 <kaniini> Shiz: one of the tricks apk does for speed
2017-05-31 20:12:50 <fabled> well
2017-05-31 20:12:52 <kaniini> Shiz: is to stream the packages onto disk as it consumes them
2017-05-31 20:12:58 <fabled> in future design it's actually not that big issue
2017-05-31 20:13:00 <TemptorSent> Or mark any which are used as fetch protocols and their deps for pre-fetch at least.
2017-05-31 20:13:01 <Shiz> ah okay
2017-05-31 20:13:12 <skarnet> make the executable plugins static. problem solved.
2017-05-31 20:13:16 <fabled> the plan is to extract *everything* first, and then move *everything* to place in one go
2017-05-31 20:13:34 <^7heo> atomic operation then.
2017-05-31 20:13:35 <kaniini> yes, atomic upgrades
2017-05-31 20:13:47 <Shiz> well tbh
2017-05-31 20:13:47 <TemptorSent> Nope! Not going to work for embedded at all :(
2017-05-31 20:13:48 <^7heo> that'd be nice.
2017-05-31 20:13:57 <Shiz> apk already has the notion of upgrading important system libs right
2017-05-31 20:14:05 <Shiz> you can just fetch everything beforehand only in that operation mode
2017-05-31 20:14:14 <^7heo> TemptorSent: well, it could still support a per-package feature I suppose?
2017-05-31 20:14:19 <Shiz> (the usual 'upgrading apk before continuing' mode)
2017-05-31 20:14:36 <fabled> the remaining problem would be to do connection pooling
2017-05-31 20:14:59 <^7heo> fabled: is there a problem with doing it package after package? Like interdependency problem?
2017-05-31 20:15:04 <TemptorSent> Possible, but dangerous. I'd rather see some sort of state snapshotting.
2017-05-31 20:15:15 <^7heo> TemptorSent: how can you snapshot without space?
2017-05-31 20:15:44 <fabled> ok. i really need to sleep now. please email list and/or me if you have additional points/suggestions.
2017-05-31 20:15:44 <TemptorSent> COW
2017-05-31 20:16:02 <fabled> i try to catch up backlog too
2017-05-31 20:16:05 <fabled> z
2017-05-31 20:16:07 <^7heo> o/
2017-05-31 20:16:16 <TemptorSent> Goodnight for real this time fabled :)
2017-05-31 20:17:17 <^7heo> But anyway
2017-05-31 20:17:31 <^7heo> right now, apk is fetching all the things, and THEN installing all the things.
2017-05-31 20:17:46 <^7heo> how would that atomic-operation be different?
2017-05-31 20:17:54 <kaniini> no
2017-05-31 20:17:58 <kaniini> apk fetches 1 thing
2017-05-31 20:17:58 <^7heo> what, no?
2017-05-31 20:18:01 <kaniini> then installs 1 thing
2017-05-31 20:18:05 <kaniini> then fetches 1 thing
2017-05-31 20:18:08 <kaniini> then installs 1 thing
2017-05-31 20:18:08 <^7heo> ah
2017-05-31 20:18:17 <kaniini> in reality
2017-05-31 20:18:23 <kaniini> it is a little more than that
2017-05-31 20:18:30 <kaniini> it fetches 1 thing, and while it fetches, it also installs it
2017-05-31 20:18:41 <kaniini> and then atomically moves it into place
2017-05-31 20:18:46 <kaniini> once everything is verified to be ok
2017-05-31 20:19:01 <^7heo> what's the difference with the new suggestion then?
2017-05-31 20:19:06 <TemptorSent> COW could be implemented by checking file hash collisions between old and new packages and only copying the new, hardlinking the old.
2017-05-31 20:19:13 <skarnet> performing executions before verifying doesn't sound smart
2017-05-31 20:19:48 <^7heo> I'm lost about what we call "execution"
2017-05-31 20:19:50 <kaniini> skarnet: it verifies before actually putting files into place
2017-05-31 20:19:56 <^7heo> unpacking or actual install script execution?
2017-05-31 20:20:14 <skarnet> kaniini: and what does it do in the meantime, install things in a sandbox?
2017-05-31 20:20:24 <kaniini> skarnet: precisely
2017-05-31 20:20:35 <skarnet> you can still get very much DoSsed, if not worse
2017-05-31 20:21:04 <kaniini> well, what it basically does
2017-05-31 20:21:07 <kaniini> is installs all the files with
2017-05-31 20:21:11 <kaniini> .apk-new extension
2017-05-31 20:21:24 <kaniini> at the end
2017-05-31 20:21:27 <kaniini> and then does atomic rename(2) once everything is verified
2017-05-31 20:21:36 <kaniini> which is basically what dpkg and rpm also do
2017-05-31 20:23:59 <TemptorSent> It would probably be very wise to do pre-extraction verification of the contents of the archive.
2017-05-31 20:38:55 <TemptorSent> kaniini - does apk currently check to see if the existing file matches the new file before extracting?
2017-05-31 20:52:05 <^7heo> kaniini: so by "verified" you mean "with a checksum"
2017-05-31 20:52:13 <^7heo> kaniini: not actually tested or anything
2017-05-31 21:11:54 <kaniini> ^7heo: yes
2017-05-31 21:12:16 <^7heo> ok
2017-05-31 22:00:06 <kaniini> ^7heo: no apk sends your file off to a team in china
2017-05-31 22:00:17 <kaniini> ^7heo: who meticulously go over every bit to make sure it is of the FINEST quality
2017-05-31 22:00:53 <kaniini> ^7heo: these are therefore HANDCRAFTED bitstreams that are meant to last a lifetime
2017-05-31 22:02:40 <^7heo> kaniini: go eat an apk
2017-05-31 22:03:10 <^7heo> AFAIK we'd be interested in QA
2017-05-31 22:03:19 <kaniini> ^7heo: cherry or chocolate mint flavour?
2017-05-31 22:03:25 <^7heo> definitely choco mint
2017-05-31 22:03:28 <kaniini> pfft QA
2017-05-31 22:03:31 <kaniini> who needs QA
2017-05-31 22:03:45 <kaniini> your files are inspected by inspector #13
2017-05-31 22:03:51 <kaniini> isn't that good enough?
2017-05-31 22:04:04 <^7heo> "make nice frontpage"
2017-05-31 22:04:06 <^7heo> not sure.
2017-05-31 22:04:18 <kaniini> although sometimes inspector #12 covers for #13 and his work isn't as good
2017-05-31 22:04:33 <^7heo> algitbot abuse!
2017-05-31 22:04:36 <^7heo> BAN HIM!
2017-05-31 22:05:14 <skarnet> relying on crond to make a nice frontpage is definitely not a good idea
2017-05-31 22:05:37 <^7heo> :D
2017-05-31 22:05:48 <^7heo> skarnet, when you are deep down in the pit and need a good laugh.
2017-05-31 22:05:48 <kaniini> hay guise i installed alpine on my galaxy s2
2017-05-31 22:05:56 <kaniini> can it make phone calls yet
2017-05-31 22:06:05 <^7heo> photos or it didn't happen
2017-05-31 22:06:21 <kaniini> https://ollieparanoid.github.io/img/2017-05-26/i9100/firefox.jpg
2017-05-31 22:06:46 <^7heo> Yeah I like gimp too.
2017-05-31 22:06:52 <kaniini> lols
2017-05-31 22:07:22 <Shiz> i find it amusing that postmarket claims to be a GNU/linux
2017-05-31 22:07:29 <^7heo> I find it fucking insulting.
2017-05-31 22:07:36 <^7heo> and that's one of the reasons I dislike it already.
2017-05-31 22:07:51 <^7heo> that and it being mostly a gigantic makefile in python
2017-05-31 22:09:06 <^7heo> it's like if I would make a github repo for "intelligent alternative to systemd that automatically choses what services to start at boot based on what you need at what time recurrently and all" but only made a makefile and got hundreds of stars for it.
2017-05-31 22:09:24 <^7heo> sorry I forgot the "complex" and "evolved"
2017-05-31 22:10:01 <kaniini> GNU SLASH LINUX
2017-05-31 22:10:06 <kaniini> fanfiction now
2017-05-31 22:10:07 <kaniini> pls
2017-05-31 22:10:11 <kaniini> oh shit
2017-05-31 22:10:13 <kaniini> this is -devel not -offtopic
2017-05-31 22:10:14 <^7heo> erotic fanfiction
2017-05-31 22:10:15 <Shiz> https://ollieparanoid.github.io/page/faq/
2017-05-31 22:10:16 <^7heo> yeah
2017-05-31 22:10:27 <skarnet> I'm pretty sure this has already been done hundreds of time
2017-05-31 22:12:15 <awilfox> er, apk definitely verifies the entire archive before running .pre-install
2017-05-31 22:12:46 <^7heo> Shiz: I know, I read that.
2017-05-31 22:13:05 <awilfox> and will not run .pre-install even if --allow-untrusted is passed, if it fails verification
2017-05-31 22:13:20 <kaniini> Shiz: largely alpine does agree with the GNU philosophy
2017-05-31 22:13:30 <kaniini> Shiz: however, i would not say alpine is a GNU/Linux
2017-05-31 22:13:39 <Shiz> well, speak for yourself :p
2017-05-31 22:13:43 <^7heo> Oh come on
2017-05-31 22:13:48 <^7heo> it's definitely GNU
2017-05-31 22:13:54 <^7heo> we love GNU
2017-05-31 22:14:03 <^7heo> and also, can we please have the offtopic discussion in OFFTOPIC?!
2017-05-31 22:14:04 <kaniini> i wouldn't go that far
2017-05-31 22:15:05 <kaniini> Shiz: where alpine disagrees with the GNU philosophy is on a matter of practicality
2017-05-31 22:15:38 <Shiz> i'd say my biggest difference with GNU philosophy is that I think software quality is of secondary importance to software freedom
2017-05-31 22:15:40 <Shiz> :P
2017-05-31 22:15:47 <Shiz> err
2017-05-31 22:15:49 <Shiz> that they think*
2017-05-31 22:15:59 <skarnet> yeah, I was gonna say
2017-05-31 22:16:05 <skarnet> that's exactly what the GNU philosophy is :P
2017-05-31 22:16:47 <kaniini> Shiz: right.  we believe in software freedom, but we also believe quality is an important component of said freedom
2017-05-31 22:17:06 <awilfox> software freedom doesn't help when you get owned, yeah.
2017-05-31 22:17:09 <Shiz> i mean
2017-05-31 22:17:25 <Shiz> i think it's not entirely hhonest to say we agree with GNU philosohpy just because we believe in software freedom
2017-05-31 22:17:33 <Shiz> a lot of people do, but GNU philosophy has many more edges to it
2017-05-31 22:17:41 <Shiz> even in broad strokes so
2017-05-31 22:18:14 <skarnet> if it's going to be #alpine-philosophy-cafe, I'll take a double latte, please
2017-05-31 22:18:44 <Shiz> i think i'll take another rooibos tea
2017-05-31 22:18:55 <kaniini> americano?
2017-05-31 22:19:03 <Shiz> i haven't had caffeine in forever and i have to say i like it that way
2017-05-31 22:19:09 <Shiz> makes it all the more effective when i do need it
2017-05-31 22:19:14 <Shiz> and by caffeine i mean black tea
2017-05-31 22:19:19 <kaniini> just snort coke
2017-05-31 22:19:21 <kaniini> easier
2017-05-31 22:19:33 <kaniini> (the alpine project does not advise you follow my advice)
2017-05-31 22:20:33 <skarnet> ERROR: APKINDEX.tar.gz: UNTRUSTED signature
2017-05-31 22:20:39 <skarnet> what could cause that?
2017-05-31 22:20:56 <kaniini> signing key not in /etc/apk/keys
2017-05-31 22:21:06 <kaniini> (the pubkey)
2017-05-31 22:21:30 <Shiz> https://github.com/llvm-mirror/libcxxabi/commit/7512331622d78a262298560330e4a39d69892203
2017-05-31 22:21:34 <Shiz> honk, llvm patch upstreamed
2017-05-31 22:21:48 <skarnet> but it is
2017-05-31 22:24:25 <Shiz> oh btw kaniini
2017-05-31 22:24:34 <Shiz> i wanted your opinion on how to cleanly split up build-base
2017-05-31 22:24:45 <Shiz> since we now may have one for the gnu toolchain and for the llvm toolchain
2017-05-31 22:26:05 <kaniini> i'm not sure
2017-05-31 22:26:08 <kaniini> what did you have in mind
2017-05-31 22:27:59 <Shiz> i was thinking of having separate build-base-gnu and build-base-llvm packages and some magical selector to make build-base depends on the right one
2017-05-31 22:28:05 <Shiz> the question is how that selector would work
2017-05-31 22:31:20 <^7heo> skarnet: the package might be signed, but not the index.
2017-05-31 22:31:35 <^7heo> or with the wrong signature.
2017-05-31 22:31:37 <Shiz> abuild -r should also sign the index
2017-05-31 22:31:49 <Shiz> skarnet: what if you do
2017-05-31 22:31:55 <Shiz> abuild update_abuildrepo_index from a random pkg directory?
2017-05-31 22:32:15 <^7heo> skarnet: I had that issue when I took more packages (with the right signature) from the official repos and tried to include them in an already existing image.
2017-05-31 22:32:41 <^7heo> skarnet: then I either didn't have them in the officially-signed index, or didn't have an officially-signed index containing them.
2017-05-31 22:32:48 <^7heo> skarnet: either way I wasn't able to use them.
2017-05-31 22:33:05 <^7heo> (unless I was adding my own key and singing all the things (packages and indexes) with it)
2017-05-31 22:33:18 <^7heo> (or I could just have taken the packages from the repo anyway)
2017-05-31 22:36:18 <Shiz> kaniini: in general i'm not sure how we'd embed the toolchain choice anywhere
2017-05-31 22:37:44 <kaniini> Shiz: install_if rule
2017-05-31 22:38:00 <Shiz> yeah, but that just moves the question
2017-05-31 22:38:02 <kaniini> Shiz: build-base-gnu install_if build-base !build-base-clang
2017-05-31 22:38:14 <Shiz> what package would indicate the toolchain :p
2017-05-31 22:38:38 <Shiz> although i guess gnu as default works
2017-05-31 22:38:51 <skarnet> Shiz, ^7heo: thanks for the help. I found a few unrelated issues, going to try a last build, and if it fails, I'll do it tomorrow anyway. :)
2017-05-31 22:39:01 <Shiz> :P
2017-05-31 22:39:04 <kaniini> Shiz: yes and then if we switch the default we just change the rules around.
2017-05-31 22:39:05 <Shiz> always feel free to ask
2017-05-31 22:39:19 <Shiz> i'll do that for now then
2017-05-31 22:39:34 <Shiz> oh btw another thing
2017-05-31 22:39:53 <Shiz> when doing a cross-build abuild install $depends on the build, but I think that should be just on the host
2017-05-31 22:40:42 <kaniini> could go either way
2017-05-31 22:40:44 <skarnet> indeed it should
2017-05-31 22:40:56 <skarnet> and what a wonderful way to find N bugs in the APKBUILDs
2017-05-31 22:41:25 <skarnet> because you can expect depends and makedepends to be joyfully intermingled
2017-05-31 22:42:02 <Shiz> well, depends should be runtime depends, so it makes sense that those are for the host
2017-05-31 22:42:06 <kaniini> ^ that's probably why it isnt that way :)
2017-05-31 22:42:10 <Shiz> makedepends could go either way, and that's why we have _build and _host