2021-04-01 00:15:51 when you follow the git log link http://git.alpinelinux.org/cgit/aports/log/?h=v3.13.4 in the release notes you're 301 redirected to https://git.alpinelinux.org/aports/log/ 2021-04-01 00:38:57 hi ppl 2021-04-01 01:00:24 sup 2021-04-01 01:01:19 all good 2021-04-01 01:01:31 and you? 2021-04-01 01:03:39 got some trouble packaging $subpackage-libs and do not know what is wrong 2021-04-01 01:05:39  /usr/bin/abuild: cd: line 2377: can't cd to /home/builder/aports/testing/rav1e/pkg/rav1e-libs: No such file or directory 2021-04-01 01:54:16 omni: seems like it didn't install anything then 2021-04-01 01:54:34 to the libs subpackage install dir 2021-04-01 01:55:07 they left? 2021-04-01 01:56:41 alas 2021-04-01 01:56:45 sorry for the mishighlight 2021-04-01 01:57:58 no worries 2021-04-01 01:58:29 I beleive it's !19985 2021-04-01 05:01:41 mbuffer fails on armhf / armv7. I believe it's because they are built at the same time, and one test is trying to allocate more then half the memory 2021-04-01 06:55:01 morning 2021-04-01 06:55:11 maybe disable the test that eats the memory 2021-04-01 07:25:04 ceph build is broken 2021-04-01 07:25:21 194bdb909ede4372ab095cbf7c7ac8196bfe761a 2021-04-01 07:25:25 +_py3_sitelib="$(find /usr/lib -iname "site-packages")" 2021-04-01 07:26:18 interesting things happens when there are more than a single "site-packages", forexample if you have had python2 packages installed at some point 2021-04-01 07:54:32 hmm.. how much RAM does the armv7 CI builder have compared to the arm* builders? 2021-04-01 07:59:55 I'm going on a hunch that something else is going on.. 2021-04-01 08:05:46 mbuffer warns that it's allocating more than half of available memory on the x86 builder too, but not on x86_64 2021-04-01 08:07:52 I believe 32G 2021-04-01 08:09:00 can you have a look on !19930 and !19931 ? 2021-04-01 08:10:09 works fine for a few days in testing here 2021-04-01 08:56:14 ikke: they hit SSIZE_MAX, but why only the armv7 and armhf builders and not x86 too? and why no (warning of) trying to allocate half of that on neither of the archs in CI? 2021-04-01 08:56:41 Not sure 2021-04-01 09:00:46 I don't think it's because they're built at (roughly) the same time since it's a short test and they seem to've been built ~2min apart 2021-04-01 09:02:14 Ok, it was just a guess because they are on the same host 2021-04-01 09:04:14 first make (test) create an uncompressed tar archive of the mbuffer source, that shouldn't be too large, then creates a file with an md5 checksum (with openssl) for the test.tar archive 2021-04-01 09:04:22 then the first test is ./mbuffer -i test.tar -p10 | ./mbuffer -q -P 90 | openssl md5 > test0.md5 2021-04-01 09:05:09 where, on 32bit archs, both processes say mbuffer: warning: allocating more than half of available memory 2021-04-01 09:05:52 on the builders 2021-04-01 09:06:11 and on the armv7 & armhf builders go mbuffer: fatal: Cannot address so much memory (16777216*160=2684354560>2147483647). 2021-04-01 09:07:44 mbuffer-20210328/settings.c: fatal("Cannot address so much memory (%lld*%d=%lld>%lld).\n",Blocksize,Numblocks,Blocksize*(long long)Numblocks,(long long)SSIZE_MAX); 2021-04-01 09:16:38 how does Blocksize end up that big? 2021-04-01 09:18:55 right? 2021-04-01 10:06:52 i think its a compiler bug 2021-04-01 10:12:54 on the builders but not CI-builders? 2021-04-01 10:15:01 i can reproduce it in my lxc env 2021-04-01 10:15:06 its super weird 2021-04-01 10:18:26 no.. i think i was tricked by reusing a global var in my debug printf 2021-04-01 10:33:58 hello, it seems like changes between 4.2.0 and 4.1.0 of tiff on the various branches of alpine are creating quite a mess 2021-04-01 10:34:32 since 4.1.0 -> 4.2.0 changes some things that makes apps segfault if they use certain tiff tags and the apps that depend on in need a rebuild 2021-04-01 10:48:52 hmm, why would a rebuild fix it? 2021-04-01 10:49:07 https://abi-laboratory.pro/index.php?view=timeline&l=libtiff 2021-04-01 10:49:14 very little soname changes (2 additions) 2021-04-01 10:49:29 symbols changes* 2021-04-01 10:57:31 the symbols didn't change, but one of the functions takes a variable number of arguments and they changed the number of arguments for one call 2021-04-01 10:57:44 so it segfaults if you don't rebuild 2021-04-01 10:58:45 (at least alpine didn't cherry pick the breaking changes on top of 4.1.0 but didn't update the internal version constants) 2021-04-01 11:03:38 so offically libtiff should have bumped the soname? 2021-04-01 11:04:20 I think so, not sure what the rules are but it breaks at least 2021-04-01 11:04:42 Me neither, but it seems an ABI breaking change 2021-04-01 11:06:08 These packages depend on tiff: https://tpaste.us/ejyV 2021-04-01 11:07:12 it's ony an issue when the applications use the specific call that changed, which is a call for DNG related stuff so it won't be used by most dependencies 2021-04-01 11:07:31 at least megapixels is affected :P 2021-04-01 11:08:02 rawtherapee probably 2021-04-01 11:08:15 darktable 2021-04-01 11:09:21 ok 2021-04-01 11:09:32 Any way to get a list of affected programs, then? 2021-04-01 11:10:42 MartijnBraam: so they broke the ABI 2021-04-01 11:10:59 it's basically all software that uses the TIFFTAG_CFAPATTERN constant 2021-04-01 11:11:07 thsy should have changed the soname 2021-04-01 11:11:17 s/thsy/they/ 2021-04-01 11:11:17 ncopa meant to say: they should have changed the soname 2021-04-01 11:11:39 should be reported upstream 2021-04-01 11:11:44 yeah, I guess that means soname rebuilds would've been done automagically? 2021-04-01 11:12:02 not automatically, but it would have been more visible 2021-04-01 11:12:15 someone would still need to bump the pkgrel on the affected packages 2021-04-01 11:12:18 we wouldnt push it with without rebuild with soname change 2021-04-01 11:12:34 right 2021-04-01 11:12:48 the soname is supposed to change when there are ABI breaking changes to prevent things like this 2021-04-01 11:18:46 oh, its worse... the 4.2.0 release was a security fixes release 2021-04-01 11:18:54 this is bad 2021-04-01 11:18:57 yeah isn't it fun 2021-04-01 11:19:16 also alpine has already done the 4.1.0 -> 4.2.0 -> 4.1.0 -> 4.2.0 thing 2021-04-01 11:19:24 and is now going for an encore on stable 2021-04-01 11:19:45 lol 2021-04-01 11:20:34 do you have any references? with the mentioned ABI breaking changes? 2021-04-01 11:22:51 ncopa: do you know who runs the current CVE bot? 2021-04-01 11:23:03 CVE bot? 2021-04-01 11:23:10 the thing that opens the bug reports on gitlab 2021-04-01 11:23:13 about the CVEs 2021-04-01 11:23:18 i... assume that is a bot 2021-04-01 11:23:24 and not like a person manually opening it 2021-04-01 11:23:35 its not a bot :) 2021-04-01 11:24:02 what the actual fuck 2021-04-01 11:24:16 i mean, i appreciate their dedication 2021-04-01 11:25:11 but i am surprised to learn this 2021-04-01 11:27:48 there's only this basically: https://gitlab.com/libtiff/libtiff/-/blob/master/ChangeLog#L922 2021-04-01 11:33:37 I assumed it wasn't a bot on the basis that the filed bugs actually make sense and aren't garbage security scanner output 2021-04-01 11:34:07 Hello71: there's enough data in the security feeds to generate those reports 2021-04-01 11:34:15 regarding tiff and sonames, I think this is what symbol versioning is supposed to be for 2021-04-01 11:34:25 symbol versioning is evil 2021-04-01 11:34:40 Ariadne: aren't their filed bugs filtered somehow 2021-04-01 11:35:10 it doesn't seem to be "all high cvss scores" which is what the crappy scanners use 2021-04-01 11:39:19 the NVD feed has not just scores but trait data like "0day exploit known to be in the wild," "remotely exploitable," etc 2021-04-01 11:39:53 so if you filter on the right traits, you can find the security issues that matter 2021-04-01 11:40:25 the system i am designing matches based on source package and a configurable set of traits 2021-04-01 11:46:58 hm, ok 2021-04-01 11:47:15 I thought that data was not that reliable 2021-04-01 11:52:22 well, CVSS scores are not really that reliable, imo 2021-04-01 11:52:37 the vector string is though 2021-04-01 11:53:00 assuming the issue reporter fills it out correctly 2021-04-01 11:53:39 but our current system has that problem too, as the security reports, while processed by hand, are not processed by a security engineer 2021-04-01 17:10:57 !20000 2021-04-01 17:14:16 !40000 2021-04-01 17:14:27 ;) 2021-04-01 17:19:32 Ariadne: would your sollution replace secdb? 2021-04-01 17:21:22 no 2021-04-01 17:21:32 i mean, eventually 2021-04-01 17:21:35 but not immediately 2021-04-01 17:22:03 the plan is to keep the secfixes notations in the APKBUILD, but we will likely rewrite the extraction of those notations as part of this 2021-04-01 17:22:30 i believe you mentioned that there was edge cases with it 2021-04-01 17:22:42 Reason why I'm asking is this 2021-04-01 17:22:45 https://gitlab.alpinelinux.org/alpine/infra/docker/secdb/-/merge_requests/2 2021-04-01 17:22:47 yes 2021-04-01 17:22:50 due to lua 2021-04-01 17:23:07 lua cannot differentiate between [] and {} 2021-04-01 17:24:56 yep 2021-04-01 17:25:01 i'll write a new extractor in python 2021-04-01 17:25:09 i need to add additional keywords anyway 2021-04-01 17:25:32 e.g. secfixes-cpe-match-origin: "foo" for cases where our source packages don't match upstream 2021-04-01 19:11:35 skarnet: i'm not sure that its worth arguing with that person 2021-04-01 19:11:45 skarnet: i looked at his other posts and he's basically a concern troll 2021-04-01 19:17:30 How are you creating the AMIs? 2021-04-01 19:17:47 https://alpinelinux.org/cloud/ 2021-04-01 19:17:57 L1Cafe: mcrute is doing that for us 2021-04-01 19:18:28 Maybe they can elaborate, I'd be interested in looking into it and seeing if there's room for improvement 2021-04-01 19:19:03 L1Cafe: the goal is to generalize it more 2021-04-01 19:20:11 For adapting it to other clouds, right ikke ? 2021-04-01 19:20:35 yes 2021-04-01 19:21:16 Ariadne: I just wanted to correct the record, I have no intention of engaging any further. 2021-04-01 19:22:03 sure just thought i would mention it :P 2021-04-01 19:24:40 haha, I saw now that I hadn't looked closely at !19785 after squashing, that I had created a patch file with the same name and similar content as one I had removed because it wasn't used (the test had worked for a couple of releases?) 2021-04-01 19:24:59 uh, no, !18785 2021-04-01 19:25:18 why do the keys move around sometimes? 2021-04-01 19:25:50 what keys? 2021-04-01 19:26:43 the ones I'm pushing to type words and such 2021-04-01 19:26:53 no clue 2021-04-01 19:27:25 some call it "keyboard alignment error" 2021-04-01 19:28:32 since I rarely look them, they may jump around without me noticing, untill I push the big one to the right 2021-04-01 19:59:00 how do i compile with gcc6? 2021-04-01 20:04:22 well, alpine doesn't have gcc6 packaged, IIRC 2021-04-01 20:04:45 postmarketOS do though, for compatibility reasons 2021-04-01 20:04:52 why do you need gcc6 for ? 2021-04-01 20:05:30 gcc6 is in pkgs 2021-04-01 20:06:24 ekhas: export CC="gcc-6" 2021-04-01 20:06:27 trying to compile palemoon patched for 3.8 and abandoned since 2021-04-01 20:06:45 export CXX="g++-6" 2021-04-01 20:06:46 etc 2021-04-01 20:07:09 tried export CC=gcc-6 didn't work 2021-04-01 20:07:14 you need both 2021-04-01 20:07:19 i build it with abuild 2021-04-01 20:07:27 ok 2021-04-01 20:07:36 well you need to put that in your APKBUILD 2021-04-01 20:07:42 did you set it in the APKBUILD? 2021-04-01 20:07:54 no how do i do taht? 2021-04-01 20:08:13 add that as a line 2021-04-01 20:08:19 an APKBUILD is just a shell script 2021-04-01 20:08:33 also, gcc6 will be dropped eventually. it's just there to provide a bootstrap path for java 2021-04-01 20:09:08 i'll build it now and hopefully the binary will work in later version 2021-04-01 20:19:02 how do i add g++6? says libstdc++10 breaks 6 and g++10 breaks 6 2021-04-01 20:21:42 removed gcc but abuild adds it again 2021-04-01 20:25:10 It would only add it as a dependency 2021-04-01 20:25:41 what is a dep of? 2021-04-01 20:25:57 g++6 installs w/out g++6 2021-04-01 20:26:04 sry 2021-04-01 20:26:07 show your deps + makedepends 2021-04-01 20:26:18 gcc6 installs w/out g++6 2021-04-01 20:27:02 i try to add by hand 2021-04-01 20:27:43 i guess gcc6 needs to have a provides= for gcc 2021-04-01 20:27:54 g++6 depends on gcc 2021-04-01 20:27:59 but i do not really want to do a rebuild of gcc6 because i suspect it may FTBFS 2021-04-01 20:28:20 ikke: yes, this is the problem i ran into when i planned to introduce gcc-11 to testing 2021-04-01 20:28:49 Ariadne: would that not be a problem for 3.14? 2021-04-01 20:28:57 if it ftbfs? 2021-04-01 20:29:04 ikke: i guess we will find out :) 2021-04-01 20:29:09 heh 2021-04-01 20:29:46 i have diskless system and just rebooted to start over 2021-04-01 20:30:21 i think you would be better off figuring out why pale moon does not build with gcc 10 2021-04-01 20:30:32 freshly rebooted g++6 won' 2021-04-01 20:30:38 won't get added 2021-04-01 20:30:53 i tried gcc10 2021-04-01 20:31:34 says bad_alloc does not name type in namespace std 2021-04-01 20:32:04 gcc doesn't add g++6 2021-04-01 20:32:40 need to add #include to those files 2021-04-01 20:32:47 that will get you std::bad_alloc 2021-04-01 20:34:05 there's some else 2021-04-01 20:34:14 lemme try compile it with gcc now 2021-04-01 20:37:43 I cannot even install g++6 on edge 2021-04-01 20:37:51 due to conflicts 2021-04-01 20:38:05 i'm on 13 same 2021-04-01 20:38:20 gcc6 installs tho 2021-04-01 20:40:02 compiling it with gcc as is 2021-04-01 20:40:14 will take some time to get to those errors 2021-04-01 20:46:58 this is the palemoon aport https://github.com/tanertas/aports/tree/palemoon/testing/palemoon 2021-04-01 20:47:43 built fine on 3.8 2021-04-01 21:04:05 ok the errors are bad_alloc and nothrow_t not found in std 2021-04-01 21:08:46 and a ton of warnings like dynamic exception specifications deprecated in c++11 2021-04-01 21:23:28 CXXFLAGS="-std=gnu++98" 2021-04-01 21:24:37 ok lemme try 2021-04-01 21:29:03 piling 2021-04-01 21:52:20 same thing bad_alloc and nothro_t in namespace std do not name a type 2021-04-01 21:53:28 at same spot 2021-04-01 22:02:20 https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741 2021-04-01 22:03:23 404? 2021-04-01 22:04:42 checked the log and 1 of the lines has -std=gnu++0x 2021-04-01 22:04:55 cant find 98 2021-04-01 22:05:22 i gues it got overridden 2021-04-01 22:05:48 i guess my export got overridden 2021-04-01 22:09:56 the line containing gnu++0x at the log end which makes sense since that's what prolly needs fixed 2021-04-01 22:24:17 tried CXX="-std=gnu++98" doesn't build at all 2021-04-01 22:24:42 CXXFLAGS 2021-04-01 22:25:01 yea i figured there's difference 2021-04-01 22:25:30 CXXFLAGS didn't work either per above 2021-04-02 01:23:48 nmeum: i can't see it 2021-04-02 08:19:44 morning... sigh... i think we need improve the release process if we are going to make stable releases every week 2021-04-02 08:21:10 i have 1125 commits for the pytho 3.9 rebuilds 2021-04-02 08:27:06 That's quite a project 2021-04-02 08:27:47 and its challenging because the aports tree is alive, so every day i need to rebase and resolve a number of conlifcts and rebuild those 2021-04-02 08:28:22 im skipping a few packages, like py3-adblock, which involves rust and does fails to builds (after buliding for long time) 2021-04-02 08:29:12 py3-openzwave also. it pulls something from git and tries to build that, but does not work with python 3.9. there are posts saying that re-running cython should solve it, but there is no indication on how to do that 2021-04-02 08:30:46 i think i have approx 400 packages left 2021-04-02 08:31:03 i get lots of errors like: 2021-04-02 08:31:06 distutils.errors.DistutilsError: Command '['/usr/bin/python3', '-m', 'pip', '--disable-pip-version-check', 'wheel', '--no-deps', '-w', '/tmp/tmpse2vk2i5', '--quiet', 'colorama>=0.4.3']' returned non-zero exit status 1. 2021-04-02 08:31:20 which is due to missing dep 2021-04-02 08:31:25 its normally trivial to solve 2021-04-02 08:31:51 it just takes time to manually fix those, since they are *many* 2021-04-02 08:33:48 and in this case, its not even in the package im trying to build 2021-04-02 08:33:58 so it must be some of the deps that are broken 2021-04-02 08:41:04 ugh. its py3-twine thats broken 2021-04-02 08:41:16 and it also needs rfc3986 2021-04-02 08:41:32 i have created a few py3-* packages for missing deps so far, but im getting tired 2021-04-02 08:41:43 ncopa: maybe there is a way you can share your progress so far so that others can help fix things? 2021-04-02 08:42:32 if I can share my ~/packages/ over http somehow 2021-04-02 08:42:53 dev.a.o? 2021-04-02 08:42:53 (darkhttpd is really cool) 2021-04-02 08:43:15 other option is to push what i have so far for main and community, and let testing be broken til things are cleaned up 2021-04-02 08:43:21 (but https is nice too) 2021-04-02 08:43:24 Put it in ~/public 2021-04-02 08:43:59 i was more thinking of simply share the dev machine, so people have realtime access 2021-04-02 08:44:03 otherwise i 2021-04-02 08:44:18 otherwise i'll have to rsync in between each build 2021-04-02 08:45:27 but, right now, what woudl help is if someone cleaned up the py3-twine package, added py3-rfc2986 and py3-colorama to the deps 2021-04-02 08:45:31 and check that all other deps are there 2021-04-02 08:45:39 and push to current master 2021-04-02 08:45:46 does releases should be made so often 2021-04-02 08:46:09 or simply createing a py3-rfc3986 package would help 2021-04-02 08:46:36 mps: the way our docker images are built require new releases to get them to update 2021-04-02 08:46:52 docker users should use edge, not stables 2021-04-02 08:47:15 No, that's generally bad advise 2021-04-02 08:47:27 heh 2021-04-02 08:47:45 production users, regardless of docker or not, should use stable 2021-04-02 08:48:14 and that said, we have made 2 stable releases without any edge snapshot yet 2021-04-02 08:48:18 'one size fits all' usually doesn't work well 2021-04-02 08:48:21 There were 2 CVE's that affected packeges included in the base image 2021-04-02 08:48:39 thats why we have both rolling release (edge) and stable releases 2021-04-02 08:49:15 but then you will have to make new release of stable on every change 2021-04-02 08:49:35 yup. thats what im complaining about 2021-04-02 08:49:39 cve or bugfix 2021-04-02 08:50:19 that is big job 2021-04-02 08:50:22 fortunately we dont have that much in the base image, so there are not that often there are changes 2021-04-02 08:50:26 yes, it is 2021-04-02 08:50:47 Adran 2021-04-02 08:50:50 oops 2021-04-02 08:51:06 Ariadne: it's confidential, don't you have access to confidental apk-tools issues? 2021-04-02 08:51:29 ikke: could we give Ariadne permission to view confidential issues on apk-tools? 2021-04-02 08:51:42 ncopa: I wonder if we could have a 3.13 tag that's updated more often 2021-04-02 08:51:47 ncopa: sure 2021-04-02 08:51:49 ty 2021-04-02 08:52:34 Docker tag I mean 2021-04-02 08:53:15 Not sure if that can be done for docker library images 2021-04-02 08:53:17 i guess we could. it was discussed some time ago, and IIRC i suggested more lightweight releases 2021-04-02 08:53:25 for docker only releases 2021-04-02 08:54:24 that is special git tag that only generates the minirootfs 2021-04-02 08:55:02 but at the time i think we concluded that we should probably ship proper releases with updated kernels anyway 2021-04-02 08:59:55 btw, i got a report yesterday that asterisk package messes up the permissions of /tmp 2021-04-02 09:00:10 it looks like the asterisk init.d script might be able to do so 2021-04-02 09:01:20 Ariadne should now have access 2021-04-02 09:13:09 nice, thanks 2021-04-02 09:27:21 then we have fun things like: 2021-04-02 09:27:24 >>> py3-dnsrobocert: Fetching py3-dnsrobocert-3.9.0.tar.gz::https://github.com/adferrand/dnsrobocert/archive/v3.9.0.tar.gz 2021-04-02 09:27:24 >>> py3-dnsrobocert: Checking sha512sums... 2021-04-02 09:27:24 py3-dnsrobocert-3.9.0.tar.gz: FAILED 2021-04-02 09:27:55 FUN 2021-04-02 09:28:54 i can either ignore it and skip the package (unless there are others that depends on it) or i refresh the checksum or spend time investigate why it fails 2021-04-02 09:30:34 no diff on the extracted tarball 2021-04-02 09:30:46 wait 2021-04-02 09:32:42 the diff https://tpaste.us/OQj8 2021-04-02 09:33:15 Woah 2021-04-02 09:33:23 That's a big diff 2021-04-02 09:34:06 Did they tag a wrong commit? 2021-04-02 09:45:25 I reported it upstream https://github.com/adferrand/dnsrobocert/issues/341 2021-04-02 09:46:09 i hope the remaining 400 rebuilds does not have similar problems so we can get python 3.9 before the autumn.... 2021-04-02 10:22:37 but you're saying that we could help by fixing some of the python aports so that you could merge those with your 3.9 efforts? 2021-04-02 10:22:53 if someone hasn't already, I could have a look at the three you mentioned above 2021-04-02 10:31:22 omni: creating a py3-rfc3986 package would help 2021-04-02 10:41:21 ncopa: should I add a reverse proxy to forward http to your container? 2021-04-02 10:52:21 thats an option. i wonder how to share the git stuff though 2021-04-02 10:52:32 yeah, was wondering about that as well 2021-04-02 10:53:02 You could remove the .gitlab-ci.yml and push it to your fork 2021-04-02 10:54:41 i have 1240 commits now 2021-04-02 10:55:36 i wonder if i should just push and once main is built others can help with the remaining testing packages 2021-04-02 10:56:26 yes, I suppose 2021-04-02 10:56:43 we did that for gcc-10 and time_t 64-bits as well 2021-04-02 10:58:59 ncopa: I'm on it 2021-04-02 11:01:03 omni: thanks! can you please `git format-patch -1 --stdout | tpaste` it to me when its done? 2021-04-02 12:26:24 ncopa: https://tpaste.us/JY54 !20022 2021-04-02 12:30:13 although shellcheck didn't like it, perhaps I should try -exec instead of | xargs 2021-04-02 12:37:21 ncopa: https://tpaste.us/8jaW 2021-04-02 12:41:55 find also has -delete 2021-04-02 13:02:01 oh 2021-04-02 13:02:24 I admit I'm one of those lazy find users who often grep its output 2021-04-02 14:37:32 -delete doesn't do the same thing though 2021-04-02 14:39:07 you'd have to do find \( -name __pycache__ -o -path '*/__pycache__/*' \) -delete 2021-04-02 14:39:29 or just -path '*/__pycache__*' -delete if you don't mind deleting __pycache__2 or __pycache__~ 2021-04-02 14:41:15 nmeum: i'm writing validation code for every tar field in an apk package 2021-04-02 14:42:30 Ariadne: good idea, I really think that parser could be improved a lot :D 2021-04-02 14:42:39 well 2021-04-02 14:42:48 haven't found anything else though (yet) 2021-04-02 14:42:52 the apk-tools 3.0 format is much better 2021-04-02 14:43:02 because it is not a tar :) 2021-04-02 14:43:14 but we will have to keep this format around for a while yet 2021-04-02 14:43:19 so it makes sense to harden it 2021-04-02 14:43:19 yep 2021-04-02 14:43:26 because nobody will touch it ever again probably :P 2021-04-02 14:44:19 the tar-pit 🙂 2021-04-02 14:44:46 it's also not the only parser in apk-tools, would be neat to also test others (e.g. apkindex parser, …) 2021-04-02 14:46:27 i think our apkindex parser is ok 2021-04-02 14:48:35 the format is also simpler, but you never know... 2021-04-02 15:04:15 nmeum: you missed a field 2021-04-02 17:19:38 @maribu:matrix.org, Cogitri, maxice8, so it seems for some people Pipewire-pulse has suddenly started replacing pulseaudio on their system, even they did not install pipewire-pulse themselves 2021-04-02 17:19:48 The provider_priority seems to be set correctly, how can this happen? 2021-04-02 17:32:19 Ariadne: the gnu tar format page I read didn't mention that prefix is also null-terminated 2021-04-02 17:32:32 nmeum: :D 2021-04-02 17:32:47 nmeum: it is, in POSIX. 2021-04-02 17:32:51 all strings are 2021-04-02 17:33:13 ACTION < https://matrix.org/_matrix/media/r0/download/matrix.org/iYstuUtCsqDPcVsNTeegtuMU/message.txt > 2021-04-02 17:33:19 > The name, linkname, magic, uname, and gname are null-terminated character strings. All other fields are zero-filled octal numbers in ASCII. 2021-04-02 17:33:30 idk I guess the gnu folks just forgot to mention it 2021-04-02 17:35:15 heh 2021-04-02 17:38:56 nmeum: if that is the same page i was looking at, it seemed to be not the greatest quality :) 2021-04-02 17:41:21 it's a hosted on gnu.org so that checks out :3 2021-04-02 17:41:25 s/a// 2021-04-02 17:41:25 nmeum meant to say: it's hosted on gnu.org so that checks out :3 2021-04-02 18:03:52 PureTryOut (matrix.org) Have you confirmed that a higher number represent a higher priority? It is not uncommon that smaller numbers are used for higher prio. 2021-04-02 18:06:27 I have yes, as seen on the wiki 2021-04-02 18:06:47 https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/src/solver.c#L646 2021-04-02 18:06:48 And I can say that at least on my pulseaudio system it has indeed not randomly installed pipewire-pulse 2021-04-02 18:06:55 "A numeric value which is used by apk-tools to break ties when choosing a virtual package to satisfy a dependency. Higher values have higher priority. " 2021-04-02 18:06:59 /* Prefer highest declared provider priority. */ 2021-04-02 18:08:20 on my system, something insists on installing pipewire-pulse and removing pulseaudio entirely after upgrade. if I try to remove pipewire-pulse, these things say they block that: pipewire-pulse: gnome-tweaks phosh postmarketos-ui-phosh pipewire lang 2021-04-02 18:08:34 nothing explicitly depends on pipewire-pulse 2021-04-02 18:08:51 but it's impossible to remove it and replace it with the real pulseaudio 2021-04-02 18:10:13 hmm 'provides' considers the value to be a virtual package if no version is given (per the wiki), but in this case it's not a virtual package, it (pulseaudio) is a real package 2021-04-02 18:10:18 is that the problem? 2021-04-02 18:10:34 yes 2021-04-02 18:10:59 it should do provides="pulse-$pkgver-r$pkgrel" 2021-04-02 18:11:08 PureTryOut[m]2: ^ 2021-04-02 18:11:13 Hm... 2021-04-02 18:11:35 But doesn't that mean that if pulseaudio has a higher version, it'll get preferred over pipewire-pulse even if you want pipewire-pulse? 2021-04-02 18:12:38 If you have pipewire-pulse installed, I would not expect it to be replaced with pulse 2021-04-02 18:12:46 https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/src/solver.c#L639 2021-04-02 18:12:49 Hmm ok, let's try that then 2021-04-02 18:12:55 /* Prefer installed (matches here if upgrading) */ 2021-04-02 18:18:19 ikke: like this? https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20031 2021-04-02 18:19:27 with an = 2021-04-02 18:19:42 pulseaudio-$pkgver-r$pkgrel -> pulseaudio=$pkgver-r$pkgrel 2021-04-02 18:21:27 Ah yes 2021-04-02 18:48:38 nmeum: going to deploy the hotfix 2021-04-02 18:48:53 Ariadne: I guess we should request a CVE for this? 2021-04-02 18:48:59 yes 2021-04-02 18:49:10 i can do it 2021-04-02 18:49:12 ok 2021-04-02 19:03:27 so now that pipewire-pulse is doing the right thing, my system still thinks pulseaudio is a virtual package(?), and won't let me remove it. 'apk add pulseaudio' is a noop (apk returns without doing anything) 2021-04-02 19:03:51 s/remove it/remove pipewire-pulse/ 2021-04-02 19:03:51 craftyguy meant to say: so now that pipewire-pulse is doing the right thing, my system still thinks pulseaudio is a virtual package(?), and won't let me remove pipewire-pulse. 'apk add pulseaudio' is a noop (apk returns without doing anything) 2021-04-02 19:05:05 I don't see an obvious way to "apk del pipewire-pulse --I-really-know-what-I-am-doing-ignore-reverse-dependencies-and-just-do-it" 2021-04-02 19:05:20 (on Arch it would be 'pacman -Rdd ') 2021-04-02 19:08:33 craftyguy: `apk add '!pipewire-pulse'` 2021-04-02 19:09:04 well that's efffing cool. TIL 2021-04-02 19:09:19 Ariadne: that worked :D thank you 2021-04-02 19:09:30 why the '' ? :) 2021-04-02 19:09:35 ! is not special to shell :) 2021-04-02 19:09:53 ya I ran it without the '' 2021-04-02 19:09:54 2021-04-02 19:09:57 dalias: in bash and ash it can invoke a previous command :) 2021-04-02 19:09:57 Oh wow, that ! is new to me 2021-04-02 19:10:01 Is that a force thing? 2021-04-02 19:10:09 no, nothing is being forced 2021-04-02 19:10:18 PureTryOut[m]2: it marks a conflict 2021-04-02 19:10:20 conflict 2021-04-02 19:10:21 ariadne, yeah it's one of bash's horrible willful conformance bugs 2021-04-02 19:10:24 you are adding a constraint 2021-04-02 19:10:25 and very dangerous 2021-04-02 19:10:38 Ah cool 2021-04-02 19:10:47 that says you do not want pipewire-pulse 2021-04-02 19:10:57 apk add does not actually install anything 2021-04-02 19:11:06 it just adds constraints 2021-04-02 19:11:09 :) 2021-04-02 19:11:12 it updates world 2021-04-02 19:11:20 the installation happens as a side effect 2021-04-02 19:11:41 huh, I hadn't thought of it that way before 2021-04-02 19:11:42 in apk3, it will be possible to defer side effects from apk add/del btw 2021-04-02 19:12:00 yes, it seems most people do not think the way i think :) 2021-04-02 19:12:01 hence it's not called 'apk install' 2021-04-02 19:12:13 Interesting! 2021-04-02 19:12:38 anyway 2021-04-02 19:17:40 this kinda explains why updating is so hard 2021-04-02 19:19:32 wonder if it would be possible to predistribute a world file with fixed version and have people install it afterwards 2021-04-02 19:20:14 that way one could distribute fixed-version install scripts without sharing a tarball 2021-04-02 19:22:17 ikke: my (entirely naive) thought for why it is 'add' and not 'install' is that 'add' is 50% shorter to type :D 2021-04-02 19:27:41 caskd: yes. if you drop in an /etc/apk/world and run `apk fix` it will do exactly that 2021-04-02 19:28:25 ooh 2021-04-02 19:28:28 interesting 2021-04-02 19:30:39 oh that's cool 2021-04-02 19:32:59 so 'apk fix' actually means 'make the actual state match the state as viewed by the apk db' ? 2021-04-02 19:33:16 yes 2021-04-02 19:33:26 or at least, attempt to 2021-04-02 19:33:33 of course 2021-04-02 19:35:41 this `apk add '!pipewire-pulse'` thing is wonderful 2021-04-02 19:35:46 ACTION takes note 2021-04-02 19:36:12 apk is pretty nice 2021-04-02 19:36:26 fell in love at first use 2021-04-02 19:36:30 still love it today 2021-04-02 19:37:57 I love it, except for those weird conflicts where you want to tear apart /etc/apk/world 2021-04-02 19:39:15 nothing weird about wanting to tear apart the world from time to time 2021-04-02 19:40:43 PureTryOut[m]2: Hmm,not sure how to fix that, I guess pulseaudio needs a higher provider_priority for itself 2021-04-02 19:40:50 i absolutely hate the ncurses -> ncurses-libs dep 2021-04-02 19:40:54 it annoys me 2021-04-02 19:41:03 with it's fixed version 2021-04-02 19:41:06 ? 2021-04-02 19:41:07 so i know that feeling 2021-04-02 19:41:50 is that the same as the nasty -dev -> -lib version dep ? 2021-04-02 19:42:00 the one that breaks all upgrades 2021-04-02 19:42:08 PureTryOut[m]2: I can give that providers stuff a go tomorrow, taking a day off for birthday today :p 2021-04-02 19:42:40 nope, it's the one where if a package that depends on something that depends on ncurses wants to upgrade i must upgrade both ncurses and ncurses-libs as well 2021-04-02 19:42:52 happens a lot when i upgrade my unbound config 2021-04-02 19:46:21 Cogitri: already fixed 2021-04-02 19:50:17 Oh, neat 2021-04-02 19:51:41 Cogitri: problem was it was declared as a virtual package 2021-04-02 19:52:54 Ah, I'll have to take a look at the commit later, I still don't have a great understanding of how replaces&provides works 2021-04-02 19:53:38 provides="foo" is a virtual provides 2021-04-02 19:53:53 provides="foo=1-r2" is a concrete provides 2021-04-02 19:54:11 virtual packages should only be used for something that does not actually exist 2021-04-02 19:54:30 craftyguy: that is probably also how we would've fixed the Mesa issues we had in the past... 2021-04-02 19:54:47 PureTryOut[m]2: yeah, in hindsight :P 2021-04-02 19:54:49 PureTryOut[m]2: I think that one was more complex? 2021-04-02 19:55:00 or maybe yes 2021-04-02 19:55:49 I don't believe so 2021-04-02 20:04:35 is anyone else experiencing strange "BAD archive" errors on "apk upgrade" at edge? 2021-04-02 20:04:42 yes 2021-04-02 20:04:47 was just about to say something 2021-04-02 20:04:57 Ariadne: ^ 2021-04-02 20:05:01 ERROR: gcc-10.2.1_git20210328-r0: BAD archive 2021-04-02 20:05:09 hmm 2021-04-02 20:05:12 ERROR: g++-10.2.1_git20210328-r0: BAD archive 2021-04-02 20:05:29 sigh :P 2021-04-02 20:05:33 I have issues on multiple systems with varying packages 2021-04-02 20:05:45 just did rpi4 upgrade, no errors 2021-04-02 20:05:47 kunkku: apk-tools has just been patched 2021-04-02 20:05:48 hotfix worked for me on apk upgrade >_< 2021-04-02 20:05:56 let me relax it 2021-04-02 20:05:58 i know why 2021-04-02 20:07:24 try with new apk-tools -r2 2021-04-02 20:07:37 its because some archives have things they shouldn't 2021-04-02 20:07:53 or, rather are not actually supported by apk-tools 2021-04-02 20:07:59 I noticed this on gitlab CI 2021-04-02 20:08:47 I hope we didn't break the builders :P 2021-04-02 20:09:07 they should just need `apk fix` if we did 2021-04-02 20:09:21 anyway 2021-04-02 20:09:34 -r2 relaxes the hotfix 2021-04-02 20:09:57 can somebody verify that it is working for them please :) 2021-04-02 20:10:31 kunkku: can you repeat with the apk-tools hotfix hotfix version :) 2021-04-02 20:17:04 we backed out the hotfix 2021-04-02 20:17:09 i'm not sure why it is defective 2021-04-02 20:17:23 will dig into it this weekend 2021-04-02 20:39:43 now works 2021-04-02 20:40:47 let me know if you need help in reproducing 2021-04-02 20:41:16 kunkku: it also happened on the builders 2021-04-02 20:41:24 kunkku: what arch were you on? 2021-04-02 20:42:05 x86_64 2021-04-02 20:42:10 ok 2021-04-02 20:42:19 Maybe there were multiple issues :( 2021-04-02 20:42:42 After the first hotfix-fix, things still failed on 32-bits arches 2021-04-02 20:43:21 failing pkgs were linux-lts-5.10.27-r0 and py3-faker-7.0.1-r0 2021-04-02 20:43:45 ERROR: python3-3.8.8-r0: BAD archive 2021-04-02 20:43:51 ERROR: meson-0.57.1-r0: BAD archive 2021-04-02 20:43:55 ERROR: directfb-1.7.7-r3: BAD archive 2021-04-02 20:44:03 ERROR: directfb-dev-1.7.7-r3: BAD archive 2021-04-02 20:44:16 and more 2021-04-02 20:44:53 I saw the same issue on all archs in CI 2021-04-02 20:59:22 ok 2021-04-02 21:03:18 Ariadne: Do you mean this regarding the apk-3.0 field names? https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/src/apk_adb.c#L343 2021-04-02 21:10:47 yup 2021-04-02 21:41:22 oh no i've been hit by the same replace problem with pulse 2021-04-02 21:41:40 pipewire-pulse? 2021-04-02 21:41:43 yep 2021-04-02 21:41:55 git add '!pipewire-pulse' 2021-04-02 21:41:58 apk* 2021-04-02 21:42:01 this is quite annoying tbh 2021-04-02 21:42:26 should be fixed now 2021-04-02 21:42:57 right now? or before i asked? 2021-04-02 21:43:11 before you asked 2021-04-02 21:43:17 uhh, not really 2021-04-02 21:43:19 but you need to run that command to get rid of it 2021-04-02 21:43:24 since i just updated 2021-04-02 21:43:29 the original issue is fixed 2021-04-02 21:43:48 but you need to do something extra to get back to the original situation 2021-04-02 21:44:24 i updated the remote apkindex a few seconds before asking 2021-04-02 21:44:29 so i don't think so 2021-04-02 21:44:52 caskd: did you run `apk add '!pipewire-pulse'`A 2021-04-02 21:44:56 well, yes 2021-04-02 21:45:06 but is this supposed to be default behaviour now? 2021-04-02 21:45:14 pipewire over normal pulse? 2021-04-02 21:45:22 no 2021-04-02 21:45:56 imma test this on my other device as well to see if this fix actually worked 2021-04-02 21:46:43 caskd: it was the result of an incorrect declaration in the pipewire-pulse package 2021-04-02 21:47:04 i understand that 2021-04-02 21:47:19 but i just updated the stuff and it still happened 2021-04-02 21:47:27 without using local apkindex cache 2021-04-02 21:49:23 caskd: what mirror do you use? 2021-04-02 21:49:29 dl-cdn 2021-04-02 21:50:01 hmm, ok 2021-04-02 21:50:16 I test it in docker, and it always installs just pulseaudio for me 2021-04-02 21:50:52 caskd: when do you get pipewire-pulse? 2021-04-02 21:51:07 i'm looking into it 2021-04-02 21:53:36 pulseaudio-alsa still installs it 2021-04-02 21:54:08 it installs pipewire better said 2021-04-02 21:54:12 which replaces pulse 2021-04-02 21:57:54 yes, I see 2021-04-02 23:34:34 https://builds.sr.ht/~postmarketos/job/475926 looks like it suffers from "BAD archive" too 2021-04-03 02:32:45 alexeymin: yes you'll probably have to resubmit the builds that were affected by the botched hotfix 2021-04-03 02:41:32 Ariadne: did you see https://github.com/rust-lang/compiler-team/issues/422 ? 2021-04-03 02:41:50 no 2021-04-03 02:41:52 did they fuck it up 2021-04-03 02:42:21 still reading 2021-04-03 02:42:34 looks ok 2021-04-03 02:42:40 ACTION appreciates the high level of trust Ariadne has on the rust team 2021-04-03 02:43:27 and yes, it looks ok 2021-04-03 02:44:18 it would seem they didn't tag alex explicitly as I think you requested, but if he hasn't complained by now I don't think he's going to veto it later (can he even veto stuff?) 2021-04-03 02:45:08 i dunno 2021-04-03 07:30:49 Ariadne: maybe we should only use the null terminator checks for now 2021-04-03 07:31:28 Ariadne: it somewhat suboptimal that the bug is now public without an applied fix ':) 2021-04-03 07:31:42 *is 2021-04-03 07:36:26 Ah, it was made public already? 2021-04-03 08:06:57 well, a hotfix was applied but then reverted again :S 2021-04-03 08:10:09 Yes 2021-04-03 08:10:28 I was there ;-) 2021-04-03 08:11:29 it was a hot hotfix, so you had to drop it 2021-04-03 08:11:54 ACTION ->[] 2021-04-03 08:12:29 :-D 2021-04-03 11:20:59 qin 1 2021-04-03 11:21:03 uh 2021-04-03 12:57:09 openrc 0.43 is released 2021-04-03 12:58:15 19h ago 2021-04-03 13:01:12 I see minimals patches there 2021-04-03 13:05:43 I'd like to track the Blocksize weirdness discovered on builders for 32bit archs through the mbuffer tests but am not sure how to phrase it in a gitlab issue 2021-04-03 13:09:50 mps: are you working on an update? 2021-04-03 13:16:36 nmeum: no 2021-04-03 13:17:30 I don't have much time now, but if no one start to work on it I will in a few days 2021-04-03 13:17:55 will be good to upgrade it before freeze 2021-04-03 13:18:05 yes 2021-04-03 13:18:57 https://github.com/OpenRC/openrc/compare/0.42.1...0.43 2021-04-03 13:19:59 ikke: there is Changelog file :) 2021-04-03 13:20:22 there is a news file also 2021-04-03 13:20:28 they changed the checkpath behaviour a bit 2021-04-03 13:20:45 https://github.com/OpenRC/openrc/blob/master/NEWS.md#openrc-043 2021-04-03 13:20:49 mps: changelog files can lie :P 2021-04-03 13:20:56 not sure yet but might cause some issues with existing services I guess 2021-04-03 13:21:02 ikke: heh :) 2021-04-03 13:21:31 "Performance improvements and bugfixes" 2021-04-03 13:22:23 nmeum: yes, noticed it as posible issue which will require some more tests and works 2021-04-03 13:23:29 and we have not small number of patches in aport which needs to be carefully checked 2021-04-03 13:23:33 https://github.com/OpenRC/openrc/compare/0.42.1...0.43#diff-86a543adfd1a08d1b33f8507e54a1f0cee357c94d095d9619c57098081a9b29bR26 this one looks fun 2021-04-03 13:25:07 !20056 2021-04-03 13:25:56 a lot of changes are about supervisor 2021-04-03 13:26:02 haven't dared rebooting with this installed yet 2021-04-03 13:26:16 nmeum: you are fast, really 2021-04-03 13:26:39 well, didn't have to rebase any patches so it was kind of easy 2021-04-03 13:26:49 just had to remove the ones already applied 2021-04-03 13:27:01 if it builds I can test on my testing aarch64 box 2021-04-03 13:27:12 it builds 2021-04-03 13:27:22 \o/ 2021-04-03 13:27:24 at least locally x86_64 2021-04-03 13:27:35 *on 2021-04-03 13:29:02 [02:30] Ariadne: maybe we should only use the null terminator checks for now 2021-04-03 13:29:08 yes seems reasonable 2021-04-03 13:29:24 i can prepare a patch that does only that 2021-04-03 13:29:36 if it doesn't cause any regressions that would be nice 2021-04-03 13:29:46 idk fabled also mentioned that he wanted to coordinate this 2021-04-03 13:29:54 because it also needs to be backported to the stable branches 2021-04-03 13:30:00 etc. p.. 2021-04-03 13:30:38 the problem is just that it has been disclosed now, it's not super critical but still unideal I guess 2021-04-03 13:35:00 i prefer to wait for fabled. the vulnerability is minor 2021-04-03 13:35:14 i already made an attempt to hotfix it :p 2021-04-03 13:36:13 lets wait for fabled then 2021-04-03 13:36:29 did you request a cve? 2021-04-03 13:40:56 yes 2021-04-03 13:41:32 i agree that the scope of the original hotfix (plus checking the prefix field) is likely safe 2021-04-03 13:41:42 but we should validate all fields 2021-04-03 13:46:02 OpenRC 0.43 boots for me on my test machine and on my laptop 2021-04-03 13:46:07 i think we can send it 2021-04-03 13:49:06 now it is merged I don't need to test :) 2021-04-03 13:49:26 i tested it for you :) 2021-04-03 13:50:57 heh, I have specific setup, with some specific changes for libudev-zero 2021-04-03 13:51:34 will check after coffee break 2021-04-03 13:58:57 And I guess nobody bothered to backport the curl CVE yet 2021-04-03 14:07:40 nmeum: openrc boots on my aarch64 edge with libudev-zero, some warnings though but nothing serious 2021-04-03 14:07:44 Ariadne: ^ 2021-04-03 14:08:40 what kind of warnings do you get? 2021-04-03 14:09:43 not related to openrc but networking/ifquery. I'll look later why that 2021-04-03 14:15:45 hm, /etc/init.d/chronyd start => ifquery: unrecognized option: auto 2021-04-03 14:17:44 and which ifquery are you using? 2021-04-03 14:18:18 ifupdown-ng has --auto, but maybe Debian ifupdown does not 2021-04-03 14:18:21 ifupdown (not -ng) 2021-04-03 14:18:51 lets try with busybox ifupdown 2021-04-03 14:18:51 well, that seems like a defect with ifupdown (not -ng) :p 2021-04-03 14:18:59 busybox ifupdown does not have ifquery at all 2021-04-03 14:19:25 huh, how then is instaled in my box 2021-04-03 14:19:36 ahm, sorry 2021-04-03 14:19:53 lets reboot 2021-04-03 14:20:05 i'll pray for your networking setup 2021-04-03 14:20:07 :) 2021-04-03 14:21:01 it worked ;) 2021-04-03 14:21:27 only chronyd didn't started 2021-04-03 14:21:51 Hmm, curl did not backport the CVE patches, and they do not apply on older releases :( 2021-04-03 14:21:52 not even 3.13 2021-04-03 14:23:50 hmm, i believe we enter freeze next friday 2021-04-03 14:24:08 i guess i should get ifupdown-ng 0.11 released next week :) 2021-04-03 14:24:14 /etc/init.d/networking need fix for ifquery 2021-04-03 14:25:08 i didn't write it, so it's not my department :p 2021-04-03 14:25:47 Ariadne: any idea about what time the AlpineConf will be held? 2021-04-03 14:25:57 no idea yet :D 2021-04-03 14:26:12 probably afternoon eastern time, morning US time 2021-04-03 14:27:52 right 2021-04-03 14:28:42 wondering if we should set -march=i686 -mtune=generic for x86 2021-04-03 14:28:50 which curl cve? 2021-04-03 14:28:55 2 2021-04-03 14:28:59 https://gitlab.alpinelinux.org/alpine/aports/-/issues/12568 2021-04-03 14:29:11 does anyone actually use alpine chroot on i386 2021-04-03 14:29:16 ikke: can dalias see that? 2021-04-03 14:30:21 dalias: CVE-2021-22876, CVE-2021-22890 2021-04-03 14:30:21 ah, no 2021-04-03 14:33:56 ACTION thinks we should open up this CVE issues 2021-04-03 14:36:10 Hello71: i have alpine in service on i586 class machines 2021-04-03 14:36:56 ok what about march=i586? i don't know what gcc means exactly by "(No scheduling is implemented for this chip.)" but it sounds bad 2021-04-03 14:37:02 for i486 2021-04-03 14:37:31 there is no need to implement instruction scheduling for i486 because i486 implementations do not speculate 2021-04-03 14:37:55 so it is not bad, per se 2021-04-03 14:40:39 Hello71: i also had i486 class machines in service until last year 2021-04-03 14:40:58 Hello71: alpine already requires i486 as baseline anyway 2021-04-03 14:41:35 just wondering if our programs would run faster if we added a -march, but it sounds like there's not much difference between i386 and i486 in userspace anyways 2021-04-03 14:41:50 and also i guess people who care about performance are on x86_64 anyways 2021-04-03 14:42:18 the Via C3 also doesn't speculate 2021-04-03 14:43:01 basically, instruction scheduling means that you can reorder instructions to allow the speculation (stuff like branch prediction) engine to stay running for longer times 2021-04-03 14:43:08 but not relevant on i486 2021-04-03 14:52:42 right 2021-04-03 14:52:52 but what happens when you do -march=i486 -mtune=generic 2021-04-03 14:54:27 Someone from debian backported it: https://salsa.debian.org/debian/curl/-/merge_requests/10/diffs 2021-04-03 14:57:50 I like openrc, it was easy to fix non existing 'ifquery' in /etc/init.d/networking. systemd fix would be mess 2021-04-03 15:08:12 PureTryOut[m]2: terraform-provider-libvirt failed on armhf as well 2021-04-03 15:08:32 I see, will disable 2021-04-03 15:36:24 Ariadne: "Receiving objects: 95% (896794/941961), 993.12 MiB | 9.60 MiB/s" 2021-04-03 15:36:39 installing packages using git clone 2021-04-03 15:45:42 finally got back to !18374 if anyone has time to review 2021-04-03 16:15:56 ikke: ?? 2021-04-03 16:16:23 ikke: installing what packages using git clone? :p 2021-04-03 16:17:14 in general 2021-04-03 16:17:42 my proposal isn't about using git clone to install packages, but to fetch the sources in abuild 2021-04-03 16:18:05 yes, that's what's happening 2021-04-03 16:18:35 are you referring to debian's way of doing packaging? :) 2021-04-03 16:18:42 i still don't follow :P 2021-04-03 16:19:18 this was archlinux (aur) 2021-04-03 16:21:00 ah 2021-04-03 16:43:54 nmeum: Ariadne: hm, /etc/init.d/networking don't need any fix with new openrc, I removed one local 'thing' and it works without any problem 2021-04-03 16:46:03 timlegge: ikke: !18374 2021-04-03 16:47:02 ikke: how to check test on mips64, I'm not sure timlegge have mips64 box to test 2021-04-03 16:48:29 No I don't actually - happy to revert that part though 2021-04-03 16:48:47 I can check it 2021-04-03 16:49:01 Soon(tm) we will have CI for mips64 as well 2021-04-03 16:50:13 so, we can merge it (though I wonder why this pkg is introduced to posix system) 2021-04-03 16:51:31 lets see will it pass builders 2021-04-03 16:51:35 Oh 2021-04-03 16:51:39 I was just building it on mips 2021-04-03 16:51:51 ah, sorry 2021-04-03 16:51:58 but it succeeded 2021-04-03 16:52:20 I thought no one will check it first 2021-04-03 16:52:32 18:48:46 @ikke │ I can check it :-) 2021-04-03 16:53:04 Ariadne: I guess there is no spec (yet) for the abd format 2021-04-03 16:53:15 adb* 2021-04-03 16:53:16 aha, but 'I can' doesn't mean 'I will' 2021-04-03 16:53:31 :) 2021-04-03 16:53:40 In generally that does mean that one will 2021-04-03 16:54:14 yet another 'fine point' of english :P 2021-04-03 16:54:38 it would be kind of strange when someone mentions that they are able to do something, but then refrain from doing that 2021-04-03 16:54:56 "Can you check this for me?" "Yes, I can" 2021-04-03 16:55:04 One could say that. 2021-04-03 16:56:10 One could say a lot 2021-04-03 16:57:03 I can do a lot of 'strange things' but that doesn't mean I will do, quite opposite. but nvm 2021-04-03 16:57:37 rfc854 has a nice set of WILL/WONT/DO/DONT for this 2021-04-03 16:58:16 rfc is different in meaning of these words 2021-04-03 18:39:28 Merging poppler upgrade soon, a few hours (includes libreoffice rebuild due to soname changes) 2021-04-03 19:27:40 [10:53:02] Ariadne: I guess there is no spec (yet) for the abd format 2021-04-03 19:27:45 not yet, i can write on tho 2021-04-03 19:35:01 I have this for the v2 format: https://gitlab.alpinelinux.org/alpine/go/-/merge_requests/1 2021-04-03 19:38:50 py3-rss2email fails with: "/usr/bin/python3: No module named pip" 2021-04-03 19:39:13 please don't add pip 2021-04-03 19:39:30 I won't 2021-04-03 19:39:48 I thought that pip was built-in to python3 now 2021-04-03 19:39:48 thanks, I'm looking into it 2021-04-03 19:39:52 missing py3-sgmllib3k in the depends= 2021-04-03 19:40:28 right, makes sense 2021-04-03 19:40:37 ['/usr/bin/python3', '-m', 'pip', '--disable-pip-version-check', 'wheel', '--no-deps', '-w', '/tmp/tmps4o9v2_4', '--quiet', 'sgmllib3k'] 2021-04-03 19:40:50 wasn't this caught in CI? 2021-04-03 19:41:01 Was this not caught* 2021-04-03 19:41:08 It caught another and I thought it was the last of it 2021-04-03 19:41:13 aha, ok 2021-04-03 22:34:26 merging poppler 2021-04-04 08:54:13 Could it be an issue that I bumped the pkgrel in the first commit instead of the last one in a merge request+ 2021-04-04 08:54:15 ?* 2021-04-04 08:55:01 Like, could it happen that it gets built from the first commit (which doesn't build, requires the last commit)? 2021-04-04 09:13:51 Newbyte: no, it does not matter what commit bumps a pkgrel 2021-04-04 09:14:16 for the build process, commits don't matter at all, it just looks at the final result 2021-04-04 10:48:23 Got it, thanks 2021-04-04 10:48:55 Also, can a package have multiple maintainers? 2021-04-04 10:49:50 No, there is only one possibly entry for maintainers 2021-04-04 10:49:57 But 2021-04-04 10:50:09 I think the idea is that we support teams that maintain packages 2021-04-04 10:50:26 But that would only make sense for teams that maintain a lot of packages 2021-04-04 10:51:06 Yeah, I can think of some odd cases where I'd like to be some sort of co-maintainer of a package without forming a team for that 2021-04-04 11:04:28 Hmm, Assertion failed: sizeof(void *) == 4 (src/boot/system_test.c: system_test: 33) 2021-04-04 11:25:20 that's so cute 2021-04-04 11:32:41 But it's wrong? 2021-04-04 11:33:30 https://www.youtube.com/watch?v=hspNaoxzNbs 2021-04-04 11:33:31 it's wrong on my system ;) 2021-04-04 12:47:31 It incorrectly determines MIPS_64 -s 32-bits 2021-04-04 12:47:40 Or rather, fails to see it as 64-bits 2021-04-04 13:03:16 Ariadne: Is __mips64 a good constant to test against? 2021-04-04 13:21:45 At least it's working 2021-04-04 15:01:34 how does one cross compile with abuild without the build-base-ARCH problems? 2021-04-04 15:07:47 oh, this is -devel 2021-04-04 15:07:49 whoops 2021-04-04 15:11:46 isn't that what -devel is for? 2021-04-04 15:12:11 seems more like a support question 2021-04-04 15:12:14 but i figured it out 2021-04-04 15:12:20 found bootstrap.sh 2021-04-04 15:13:00 note that this is generally just used for cross-compiling a build toolchain 2021-04-04 15:13:11 not for a generic cross-compiler 2021-04-04 15:13:30 oh 2021-04-04 15:13:47 i want to setup a env for building packages on another arch 2021-04-04 15:13:52 wouldn't this be the right way? 2021-04-04 15:14:02 most likely not 2021-04-04 15:14:23 note that we do not cross-compile software except for the build toolchain 2021-04-04 15:14:32 hmm, i see 2021-04-04 15:15:32 postmarketos project does that on the host though, wonder how they do it 2021-04-04 15:15:48 don't want to use the hacky toolchain they have 2021-04-04 15:15:50 qemu perhaps? 2021-04-04 15:16:02 ikke: i think it's related with binfmt 2021-04-04 15:16:08 since i need that mounted for builds 2021-04-04 15:16:18 then it's qemu-user 2021-04-04 15:16:22 oh 2021-04-04 16:15:24 Is the message a sound of CI issue? https://gitlab.alpinelinux.org/andypost/aports/-/jobs/363908#L48 2021-04-04 16:18:54 any of these interesting to get in before freeze? !17891 !19793 !19682 !17649 !19482 !18096 2021-04-04 16:23:32 reading old scrollback.. 2021-04-04 16:25:00 algitbot: ? 2021-04-04 16:25:02 andypost: ? 2021-04-04 16:25:12 ah 2021-04-04 16:30:21 ikke, I mean CI runner's docker 2021-04-04 16:32:31 that the job runs already means docker must be running 2021-04-04 16:33:43 I've retried it to see if it persists 2021-04-04 16:36:37 ikke: does fzf work for you with the default find command? for me it fails (iirc we had this conversation before) 2021-04-04 16:40:03 nmeum: plain `fzf` works for me 2021-04-04 16:40:20 nmeum: what's not working for you? 2021-04-04 16:41:02 > [Command failed: set -o pipefail; command find -L . -mindepth 1 \( -path '*/\.*' \) -prune -o -type f -print -o -type l -print 2> /dev/null | cut -b3-] 2021-04-04 16:41:17 but if I set FZF_DEFAULT_COMMAND it works 2021-04-04 16:41:34 e.g. FZF_DEFAULT_COMMAND="fd --type f" 2021-04-04 16:41:38 nmeum: I thought we fixed that 2021-04-04 16:41:53 yeah I thought so too, strange that it works for you then 2021-04-04 16:42:01 I have find installed 2021-04-04 16:42:19 hmm, but even without, it works 2021-04-04 16:42:34 ah, ash? 2021-04-04 16:42:40 weird, I can't even find an exec call in the strace 2021-04-04 16:42:45 ash does not support pipefail 2021-04-04 16:42:55 I use ksh it should support pipefail 2021-04-04 16:42:56 I run zsh 2021-04-04 16:42:58 oh, ok 2021-04-04 16:43:00 but let me try with a different shell 2021-04-04 16:44:29 hmhmhm 2021-04-04 16:44:41 now it works in the same shell, maybe it's racy somehow I will investigate this further 2021-04-04 16:44:47 thanks for letting me know that it works for you though :) 2021-04-04 16:44:52 np 2021-04-04 18:40:00 ikke: yes 2021-04-04 18:40:07 Ariadne: thanks 2021-04-04 20:59:20 anyone knows does void linux have -with-mode=thumb for gcc on armv7 2021-04-04 21:08:07 https://github.com/void-linux/void-packages/blob/master/common/build-profiles/armv7l.sh 2021-04-04 21:10:21 looks like that are options added to xbps build, though I don't know how xbps works 2021-04-04 21:11:18 I meant to ask, is gcc on armv7 uses -with-mode=thumb by default in void linux 2021-04-05 08:55:27 interesting, some of next kernel will allow x.x.x.0 as normal IP address 2021-04-05 08:59:20 ip add route default 192.168.1.0 will be ok 2021-04-05 09:00:08 network 'version' of /dev/null :) 2021-04-05 09:00:23 depends on the netmask i suppose? 2021-04-05 09:00:32 no 2021-04-05 09:00:37 and yes 2021-04-05 09:01:24 zero (0) will acceptable as last octet for IPv4 2021-04-05 09:02:05 so, 192.168.1.0/29 as ip address will be ok 2021-04-05 09:02:42 maybe even 192.168.0.0/16 2021-04-05 09:03:07 valid ip addresses, I mean 2021-04-05 09:04:05 looks like I have to by some modern book for kernel and not use these 20 and more years old 2021-04-05 09:11:17 maxice8: hey what happened? I see you're orphaning a ton of packages, do you have no need for them anymore? 2021-04-05 10:21:51 I think maxice8 is simply not using these specific packages anymore 2021-04-05 10:53:07 Not using Alpine on my desktop anymore, orphaning packages I don't use 2021-04-05 14:33:45 interesting idea for those who wonts/needs high git commits on aports ;) 2021-04-05 14:34:13 take and remove maintainership of packages daily 2021-04-05 14:35:03 s/wonts/wants/ 2021-04-05 14:35:03 mps meant to say: interesting idea for those who wants/needs high git commits on aports ;) 2021-04-05 14:47:04 [03:02:02] so, 192.168.1.0/29 as ip address will be ok 2021-04-05 14:47:28 Ariadne: yes 2021-04-05 14:47:32 technically they have always been valid, but their lack of validity is a side effect in how BSD implemented routing tables (as a trie) 2021-04-05 14:47:41 right 2021-04-05 14:47:50 linux, windows, etc copied the BSD implementation 2021-04-05 14:48:18 I think I read somewhere that it actually work long time on some (OS) systems 2021-04-05 14:48:38 so what they've done here, is make it possible for a trie node to have subnodes for the host route and the network-wide route 2021-04-05 14:49:08 in other words, it is possible, but it will be less efficient to contact those hosts 2021-04-05 14:49:10 'trie node'? 2021-04-05 14:49:26 a leaf 2021-04-05 14:49:34 aha, thanks 2021-04-05 14:49:47 a node can be either a branch or a leaf 2021-04-05 14:49:53 right 2021-04-05 14:50:32 i don't see the point of this over performing ops to reclaim the /6 used for multicast 2021-04-05 14:51:00 I think that is actually never enforced by any standard, but long time passed when I read these standards 2021-04-05 14:52:03 if you make /29 split network you will one IP address address, which is about 15% increase :) 2021-04-05 14:52:26 s/one/none more/ 2021-04-05 14:52:26 mps meant to say: if you make /29 split network you will none more IP address address, which is about 15% increase :) 2021-04-05 14:53:06 255 is still reserved for broadcast 2021-04-05 14:55:51 linux didn't copy things. they smoked a lot of crack and came up with their own insanity. anyone claiming .0 is 'not a valid address' has been wrong since the advent of classless. 2021-04-05 14:58:46 well, practically it worked always on linux though with 'strange' behavior, if we want to nitpick 2021-04-05 14:59:00 which is, like most things in their ip and routing stack, incorrect behavior. 2021-04-05 15:00:59 if i have 10.10.10.0/23, then 10.10.10.255 and 10.10.11.0 are both valid addresses. otherwise, it's not a /23 2021-04-05 15:02:41 did you check this 2021-04-05 15:04:05 RootWyrm: Linux NET4 is directly based on the BSD networking stack 2021-04-05 15:05:26 isn't it rewriten from scratch long ago 2021-04-05 15:05:59 Ariadne: except it's not because it has specific broken behaviors all over the place 2021-04-05 15:06:07 first versions of linux had BSD net stack practically 2021-04-05 15:06:34 RootWyrm: name me a networking stack that does not have broken behavior :) 2021-04-05 15:06:38 nope, not even back in '94. they were getting things horribly wrong then and many of those broken behaviors are still present 2021-04-05 15:07:11 Ariadne: FreeBSD. Otherwise, you aren't here, period. 2021-04-05 15:07:23 RootWyrm: I can't remember dates, but I'm sure that first linux version had BSD based stack 2021-04-05 15:07:27 JunOS is FreeBSD. Not a lot of modifications to the base stack. 2021-04-05 15:07:33 ACTION lol 2021-04-05 15:08:08 JunOS does not use the host networking stack 2021-04-05 15:08:20 only for connection to the RE for management purposes 2021-04-05 15:08:37 it pushes the learned routing table directly into the FPCs (line cards) 2021-04-05 15:08:58 'JunOS' must be important thing because I can't remember what is/was it ;P 2021-04-05 15:09:14 the management plane OS that runs on juniper devices 2021-04-05 15:09:29 also JunOS is being replaced with a Linux-based solution 2021-04-05 15:09:34 RIP 2021-04-05 15:09:35 aha, thanks again for reminder 2021-04-05 15:10:06 there are also plenty of ways to make the FreeBSD networking stack fall over 2021-04-05 15:10:14 wow, what? that is ... just ... WOW 2021-04-05 15:10:25 and long time didn't read 'word' juniper in IT news 2021-04-05 15:10:57 RootWyrm: yes, they call it JunOS Evolved 2021-04-05 15:11:14 RootWyrm: it is literally built on linuxkit 2021-04-05 15:11:16 Ariadne: lolol that is not even what it is 2021-04-05 15:11:42 ? 2021-04-05 15:11:52 i'm ust telling you what they are doing at juniper 2021-04-05 15:12:15 but hey. whatever. facebook posts make people virologists, why wouldn't hn crank that up to 11? 2021-04-05 15:12:31 i do not read hacker news 2021-04-05 15:12:40 Ariadne: except that's their SDN stuff following on from contrail 2021-04-05 15:12:46 which is not core router 2021-04-05 15:13:11 RootWyrm: you can run JunOS E on MX 2021-04-05 15:15:00 yes, when operating as an edge. where things like 'stability' and 'actually working' are nice-to-haves. 2021-04-05 15:21:35 RootWyrm: anyway, we are talking aobout 10.10.10.0 being valid in 10.10.10.0/24 2021-04-05 15:22:28 ... uh, it's _not_ valid there. 2021-04-05 15:24:40 it can be, in the way that i described (by allowing 10.10.10.0/32 to have a more specific routing table entry) 2021-04-05 15:25:21 many networking stacks outside of the BSD-derived ones allow this since day 1 :) 2021-04-05 15:27:05 uh, wat? 2021-04-05 15:28:08 lo1: inet 172.17.0.0 netmask 0xffffffff 2021-04-05 15:28:16 so, also not a correct statement. 2021-04-05 15:28:57 definitely a correct statement 2021-04-05 15:29:12 you literally just said "BSD can't do this" 2021-04-05 15:29:23 modern BSD can 2021-04-05 15:29:33 that ain't 'modern.' 2021-04-05 15:30:03 when i say "BSD", i talk about the original BSD release back in the 80s :) 2021-04-05 15:30:34 which would then make the statement irrelevant since it hasn't been in use since the 80's. 2021-04-05 15:30:57 no, but the networking stack has been used since the 80's :) 2021-04-05 15:31:12 even bsdi/386 could do that. 2021-04-05 15:31:20 anyway, this conversation is becoming quite hostile 2021-04-05 15:31:26 so, i am going to step away from it :) 2021-04-05 15:31:54 RootWyrm: what is this story with NuGet? 2021-04-05 15:32:14 what story with nuget? 2021-04-05 15:32:26 they want us to retain symantec's soon-to-be-expired root certificates for some period of time 2021-04-05 15:32:38 and plan to "disable signature verification" as a workaround 2021-04-05 15:32:42 "they" who? 2021-04-05 15:32:53 they being Loic Sharma at microsoft 2021-04-05 15:33:26 https://gitlab.alpinelinux.org/alpine/ca-certificates/-/issues/1 2021-04-05 15:33:45 hang on 2021-04-05 15:34:50 oh, yeah, no. so you're all wrong. 2021-04-05 15:36:01 well, a microsoft person reached out to me on twitter and asked if we could retain those CAs for a while, and then loic showed up, and his explanation is a bit... concerning :) 2021-04-05 15:36:30 1) transitioning CAs is not a reasonable ask. the issue is in long lived static packages. you would invalidate and break a LOT of stuff. 2) disabling signature verification is a terrible idea, enough said there. 2021-04-05 15:36:53 yeah, that makes sense 2021-04-05 15:37:50 RootWyrm: is it possible to include the trust root with nuget itself? 2021-04-05 15:38:13 but nuget lives in it's own special hell that i tend to not be a part of. mono, the solution is to use the separate cert store and retain symantec certs. 2021-04-05 15:38:34 but nuget standalone doesn't have an isolated cert store 2021-04-05 15:38:42 i guess what we can do is add a secondary ca-certificates package for the symantec certs 2021-04-05 15:38:56 which installs them into the trust store 2021-04-05 15:39:06 thanks for the background :) 2021-04-05 15:39:15 wait, RootWyrm is from ms? 2021-04-05 15:40:37 sure thing. the real problem is essentially that: nuget relies on code signing certificates. and everybody assumed that CAs wouldn't do stupid shit. (bad assumption.) 2021-04-05 15:40:37 i mean, i'm not into outing people without their consent 2021-04-05 15:40:58 and no, i'm not from MS. not an employee, do not speak for them, etc. I'm part of the .NET Foundation though. 2021-04-05 15:41:25 isn't that just MS with a different logo at this point 2021-04-05 15:41:26 lol 2021-04-05 15:41:47 don't we fucking wish. then we'd have money. 2021-04-05 15:41:49 let me look who is behind .NET Foundation 2021-04-05 15:42:50 ok, 3 "evil" companies and 4 unknown ones 2021-04-05 15:42:52 ;) 2021-04-05 15:43:26 anyhow, the whole way nuget works is: you get a code signing cert (which may have a validity period of basically infinity,) you sign the package with it, then you register the pub on the registry. and because dumb, code signing certificates may not have _any_ expiry from some CAs. 2021-04-05 15:43:44 yep 2021-04-05 15:44:08 and then symantec sold their CA and digicert shut it down 2021-04-05 15:44:12 i got it now :) 2021-04-05 15:44:15 and cookies to follow us :) 2021-04-05 15:44:51 and then, to the surprise of approximately nobody who's actually looked into things, the CAs issuing cheap code signing certs did dumb shit. coupled with "this code hasn't needed to change in 6 years" and yeah, it's just all kinds of fun. 2021-04-05 15:46:00 well, this isn't the first rodeo. remember that there was also root CAs that got breached, which issued code signing certs. 2021-04-05 15:46:21 anyway, gotta run for now 2021-04-05 15:49:35 always wondered why the web/http cookie are not called by real name "cuckoo's egg" 2021-04-05 15:53:37 heh 2021-04-05 16:04:02 I pinged some folks to see what's up with NuGet signing plans, got a feeling the answer is "just going away." 2021-04-05 17:54:16 im seeing the end of the tunnel of the python 3.9 rebuilds 2021-04-05 17:54:26 wow 2021-04-05 17:54:26 i might push python 3.9 today 2021-04-05 17:54:35 firefox is blocking x86 2021-04-05 17:54:38 Neat 2021-04-05 17:54:41 Less neat 2021-04-05 17:54:50 less neat indeed :) 2021-04-05 17:55:12 ncopa: do push 3.9.4, 3.9.3 had an ABI break :( 2021-04-05 17:55:33 python 3.9.3? 2021-04-05 17:55:35 ok 2021-04-05 17:55:35 > out of memory allocating 290004184 bytes after a total of 3305472 bytes 2021-04-05 17:55:36 Yikes 2021-04-05 17:56:13 ncopa: yes 2021-04-05 17:56:23 3.9.4 came out yesterday I think 2021-04-05 17:56:52 Cogitri: ikke: hope you're able to solve that, we didn't manage to :/ 2021-04-05 17:57:01 i hope i dont need to rebuild all the 1000++ packages due to the ABI breakage.... 2021-04-05 17:57:24 Hm, I don't think we can do much about the OOM w/ FF, can we? 2021-04-05 17:57:35 Cogitri: limit jobs? 2021-04-05 17:57:50 i think we can figure out what consumes the memory 2021-04-05 17:57:58 and find some workaround 2021-04-05 17:58:04 what does other distros do? 2021-04-05 17:58:08 That machine has 64G of memory 2021-04-05 17:58:31 no wonder it runs out of memory then. firefox uses alot... :) 2021-04-05 17:58:36 ikke: the problem is that g++ tries to alloc more than 4G per process 2021-04-05 17:58:45 Maybe we can try w/o -pipe 2021-04-05 17:58:57 right, so hence my suggestion to limit the amount of processes 2021-04-05 17:59:24 it runs out of address space, not system memory 2021-04-05 17:59:28 Yes 2021-04-05 17:59:39 Because 32-bit it can't allocate more than 4G 2021-04-05 17:59:39 oh, like that 2021-04-05 17:59:42 understood 2021-04-05 17:59:58 it might be that it tries to allocate based on available memory 2021-04-05 18:00:03 I'll give w/o -pipe a go in my dev container, could someone disable ff on x86 for the time being? 2021-04-05 18:01:19 I can disable it for the time being 2021-04-05 18:02:03 it's already disabled on armhf / armv7 2021-04-05 18:02:40 Oh, okie, wondered how it worked on those already 2021-04-05 18:02:48 yeah, me too 2021-04-05 18:03:39 Hm, there's no flag to disable -pipe in GCC and the FF build system automatically adds it, fun 2021-04-05 18:03:45 Might as well give clang a go first then 2021-04-05 18:03:50 only 2 packages left for the pytho 3.9 rebuild 2021-04-05 18:04:37 whee!!!! \o/ 2021-04-05 18:05:12 now its just to update to python 3.9.4 and rebase again 2021-04-05 18:05:43 edge has a bit of catching up to do 2021-04-05 18:05:47 x86* 2021-04-05 18:09:07 ncopa: re. 3.9.3, it broke ABI from 3.9.2, 3.9.4 restored it. stuff using cython and the C api can break weirdly due to it; we got an error where running `python setup.py cython` segfaulted 2021-04-05 18:09:52 so you shouldn't have to rebuild locally to test, just be sure to have everything in the builders built with 3.9.4 2021-04-05 18:10:34 they decided to ok a change to a public struct's fields because "the padding made it okay", and then broke 32-bit platforms where the padding *wasn't* ok 2021-04-05 18:13:40 ok. thanks for the heads-up. turs out i was using python 3.9.2 2021-04-05 18:13:52 s/turs/turns/ 2021-04-05 18:13:52 ncopa meant to say: ok. thanks for the heads-up. turns out i was using python 3.9.2 2021-04-05 18:18:42 i wonder if i should just push the 1500 commits or spend a few ours trying to group them into a fewer big commits 2021-04-05 18:22:35 I'd say either push all of them or make one gigantic py3.9 commit 2021-04-05 18:22:47 We won't revert them anyway so a giga commit wouldn't be bad 2021-04-05 18:23:22 there are like removal of individual packages, and some new introduced packages and some cleanups etc 2021-04-05 18:23:44 ok, i think I'll just push them as 1500 commits 2021-04-05 18:26:48 i guess I'll have to catch up on some other stuff rest of the week, and then I should start work on getting the 3.14 builders up 2021-04-05 18:27:02 I should also look over abuild and make new release 2021-04-05 18:28:00 python 3.9 pushed! 2021-04-05 18:28:02 \o/ 2021-04-05 18:29:50 there was a handful of packages that i didnt have patience for to fix 2021-04-05 18:30:11 i'll let the maintainers of those deal with it 2021-04-05 18:37:37 segfault on s390x 2021-04-05 18:38:10 make[1]: Leaving directory '/home/buildozer/aports/main/python3/src/Python-3.9.4' 2021-04-05 18:38:12 ugh... 2021-04-05 18:38:13 Segmentation fault 2021-04-05 18:38:21 in the check function 2021-04-05 18:38:31 i guess that will have to wait til tomorrow... 2021-04-05 18:41:26 ...unless someone else beats me to it 2021-04-05 18:42:13 have a nice evening! 2021-04-05 18:43:10 o/ 2021-04-05 18:43:19 Thanks for your work on this :) 2021-04-05 18:53:22 cool! 2021-04-05 19:24:11 there fail2ban failed on x86_64 2021-04-05 19:25:14 yes 2021-04-05 19:25:34 lots of tests failed, strange 2021-04-05 19:25:54 has it succeeded on any other arch? 2021-04-05 19:30:39 doesn't look like it's been run yet 2021-04-05 19:30:57 Right 2021-04-05 19:31:25 but tests are avoided on s390x|mips64|armhf so they shouldn't fail on it 2021-04-05 19:34:34 ugh 2021-04-05 19:35:22 fail2ban is broken but apparently just ignored 2021-04-05 19:36:36 disable tests on all archs until python 3.9 is in? 2021-04-05 19:37:08 disable fail2ban on all arches? :) 2021-04-05 19:37:51 well *shrug* I could have a look at it afterwards 2021-04-05 19:38:09 these tests seem to indicate fail2ban is broken 2021-04-05 19:38:38 I'd like to look at brinding py3-adblock back 2021-04-05 19:38:52 *bringing 2021-04-05 19:39:06 (how did I even manage to spell to that) 2021-04-05 19:39:52 grinding* :) 2021-04-05 19:42:41 yes, I will try to grind py3-adblock back 2021-04-05 19:52:12 is there a way to undelete aports and preserve previous git history? 2021-04-05 19:53:26 I think you can just restore the aport, git should be able to trace back it's history 2021-04-05 19:53:57 checkout commit before delete? 2021-04-05 19:54:45 or git rebase 2021-04-05 19:55:36 oh, yeah 2021-04-05 19:58:04 heh, also I will never learn git 'fine points' 2021-04-05 19:58:28 git checkout path/to/aports 2021-04-05 19:58:36 where is indeed the commit before the delete 2021-04-05 20:03:02 yes, I did that previously but didn't check the history, just assumed/feared it would get lost like when you move a file 2021-04-05 20:03:27 omni: it's not lost 2021-04-05 20:03:34 git does not track moves 2021-04-05 20:03:36 ca28e4dedb7936b30b3b984048ca8c2eedfa0c2d 2021-04-05 20:03:40 it infers them when necessary 2021-04-05 20:04:34 very shoooort^Wlong line in git commit 2021-04-05 20:05:00 wheej 2021-04-05 20:05:44 gitlab is worse than gitolite, I'll dare to say 2021-04-05 20:06:15 shame on me why I advocate gitlab 2021-04-05 20:06:33 advocated* 2021-04-05 20:08:46 ikke: sure, "lost" then, hard to follow 2021-04-05 20:09:06 omni: git log --follow path/to/file 2021-04-05 20:09:56 thanks! 2021-04-05 20:12:36 but that doesn't work on whole directories with contents? 2021-04-05 20:12:45 sure 2021-04-05 20:13:22 sometimes I use git reset $commit_id 2021-04-05 20:13:40 sometimes it works but sometimes doesn't 2021-04-05 20:14:54 Can you elaborate? 2021-04-05 20:15:11 --follow works only for one file 2021-04-05 20:15:31 ikke: you ask me? 2021-04-05 20:15:47 yes, regarding --reset not working 2021-04-05 20:16:16 git reset sometimes doesn't do what i intend 2021-04-05 20:16:37 to resurrect removed things 2021-04-05 20:17:03 just git reset does not restore files 2021-04-05 20:17:09 git checkout 2021-04-05 20:17:16 git reset --hard $commit_id is safer but as result could be risky 2021-04-05 20:17:27 it does something different 2021-04-05 20:17:33 it changes your current branch 2021-04-05 20:18:38 I'm not sure because that was long ago, but I think with git reset I got redmine aport 2021-04-05 20:21:21 sure, git reset --hard restores deletet files, just checked 2021-04-05 20:21:34 yes it does 2021-04-05 20:21:47 but you cannot use it to restore deleted aports from the past 2021-04-05 20:22:15 hmm, then I misunderstood problem 'at desk' 2021-04-05 20:48:57 ACTION impatiently watching paint dry 2021-04-05 21:30:09 oh no! armv7 & x86 failed at fail2ban 2021-04-05 22:28:03 go armhf! go x86! 🏎 2021-04-05 22:49:37 armhf could be the winner! will x86, x86_64 or armv7 catch up? only time will tell! 2021-04-05 23:16:24 working on py3-yarl 2021-04-05 23:18:44 py3-yarl fixed, working on py3-ansicolor 2021-04-05 23:19:51 py3-ansicolor fixed, working on py3-freezegun 2021-04-06 00:28:38 inflection-0.5.1.tar.gz: FAILED 2021-04-06 00:34:54 broken https://distfiles.alpinelinux.org/distfiles/inflection-0.5.1.tar.gz or in retrieval? 2021-04-06 01:42:38 lol ppc64le has python3.8 installed 2021-04-06 01:44:00 and aarch64 2021-04-06 01:50:55 quality 2021-04-06 02:04:03 as far as I can see they (aarch64|ppc64le) have been building py3.8 modules 2021-04-06 04:32:41 hmm 2021-04-06 04:33:59 oh, gdb.. 2021-04-06 04:34:42 oof 2021-04-06 04:38:45 how bad is it ? 2021-04-06 04:39:34 packages in main are indeed built against python 3.8 2021-04-06 04:39:41 for those arches 2021-04-06 04:41:32 I wonder if we could just remove those packages and let the builder rebuild them 2021-04-06 04:45:29 We can try 2021-04-06 04:45:30 we can also try re-using arch="noarch" from other arches and revbump the ones that are arch-specific 2021-04-06 04:46:46 the signatures won't match 2021-04-06 04:49:40 oh 2021-04-06 04:50:13 https://gitlab.alpinelinux.org/alpine/aports/-/issues/12579 2021-04-06 05:02:06 why were many python apps rebuilt? 2021-04-06 05:02:41 oh, python 3.9 2021-04-06 05:27:47 maxice8: py3-tldextract wants to install setuptools_scm, what was the sollution to that? 2021-04-06 05:28:10 remove it and add version = 2021-04-06 05:28:14 I'll take a look 2021-04-06 05:30:05 ah, in the setup.pu? 2021-04-06 05:32:10 yeah I'm working on it, i'll make an MR as an example 2021-04-06 06:38:00 morning 2021-04-06 06:38:06 Morning 2021-04-06 06:38:17 so ppc64le is broke? 2021-04-06 06:38:27 And aarch64 2021-04-06 06:38:56 I removed gdb already, but packages need to be rebuilt 2021-04-06 06:39:39 i suggest we purge everythign in ~/packages older than a given timestamp 2021-04-06 06:42:22 find -type f -newer main/ppc64le/python3-3.9.4-r0.apk 2021-04-06 06:42:29 i can handle ppc64le 2021-04-06 06:43:52 ppc64le is handled 2021-04-06 06:51:20 aarch64 is also taken care of now 2021-04-06 07:51:21 hmm, zathura fail with 'warning: failed to update database table layout: sha256' with latest sqlite-libs 2021-04-06 07:51:50 rebuild should fix this, I think? 2021-04-06 08:15:39 problem with s390x is that it runs out of stack space 2021-04-06 08:18:52 Is anyone using Alpine on a Raspberry Pi 3B? 2021-04-06 08:28:53 what's your question? 2021-04-06 08:29:38 huh, RPI 2021-04-06 08:29:52 worst arm SBC 2021-04-06 08:30:03 Marian[m]1: :) 2021-04-06 08:31:17 ACTION < https://matrix.org/_matrix/media/r0/download/matrix.org/mugBAUZxrkAJBsZEseARsBQT/message.txt > 2021-04-06 08:31:50 Marian[m]1: I don't but some people told earlier they use RPi3 2021-04-06 08:32:04 Downgrading to older firmware fixes the issue. Second, bluetooth stopped working with todays upgrade / reboot. I haven't found the issue yet. 2021-04-06 08:32:54 I can reproduce the issue with wifi on 4 different Rasberry Pi 3B boards, I'm quite certain it is a software issue. All the same behavior: Downgrade firmware and wifi starts to work again. 2021-04-06 08:33:40 I have '[ 5.540359] cfg80211: failed to load regulatory.db' for long time, but wifi always worked 2021-04-06 08:35:15 Marian[m]1: you are university professor, iirc? 2021-04-06 08:38:36 How's the process on aarch64 and ppc64le ? 2021-04-06 08:39:43 Marian[m]1: are you using armv7 or aarch64 flavor on this rpi? 2021-04-06 08:40:28 aarch64 2021-04-06 08:41:15 I have same error you posted in matrix.org link but wifi works quite fine, aarch64 edge and stable 2021-04-06 08:41:28 looking at libblockdev 2021-04-06 08:41:57 i have an rpi3 2021-04-06 08:42:44 but its not running 2021-04-06 08:42:55 im working on python on s390x. it is running out of stack space 2021-04-06 08:43:43 i wonder if we shoudl increase thread stack space for all arches or only s390x 2021-04-06 08:43:55 s390x has a calling convention that uses more stack 2021-04-06 08:44:13 omg, no 2021-04-06 08:44:18 @mps: You're also using a system install, don't you? 2021-04-06 08:44:30 Marian[m]1: yes 2021-04-06 08:44:43 Marian[m]1: is the edge or 3.13.x 2021-04-06 08:44:48 ncopa: increase it on needed arches 2021-04-06 08:45:04 mps: yeah, i think that makes sense 2021-04-06 08:52:05 mps: edge 2021-04-06 08:54:42 Marian[m]1: I use mediatek and rockchip arm64, boot works fine with edge 2021-04-06 08:55:01 @mps: what is your kernel cmdline? Maybe that is the issue for me 2021-04-06 08:55:11 that must be something related to RPi and their firmare, I think 2021-04-06 08:56:07 here: cros_secure console=tty0 earlyprintk=tty0 init=/sbin/init root=PARTUUID=e18b1d35-2e41-0842-83ca-c4252ab610b7/PARTNROFF=1 rootwait rw noinitrd loglevel=7 2021-04-06 08:56:22 but I doubt is useful to you 2021-04-06 09:09:00 @mps: Thanks, it was helpful. I had no `cmdline.txt` at all and the default set up ttyAMA0 (used for bluetooth) as console - which obviously broke bluetooth operation :-/ 2021-04-06 09:12:21 heh 2021-04-06 09:54:50 What's the difference between 'aport built' and 'aport total' in build.a.o ? 2021-04-06 10:19:37 maxice8: if there is a push with 10 updates, the "aport built" will show the progress of those 10 packages. "aport total" is the total packages in the repo. 2021-04-06 10:24:50 ty 2021-04-06 10:57:23 Can I push things again? 2021-04-06 10:57:51 I think so, it's just behind all the python packages 2021-04-06 11:01:25 Okay, wasn't sure how likely the builders are to blow up and I didn't want to inhibit fixing them 2021-04-06 11:02:46 They will just be slotted in between python3 stuff 2021-04-06 11:02:56 if you're lucky they might get built in between the explosions! 2021-04-06 11:03:03 especially things in main 2021-04-06 11:03:21 they will be built first behind the python stuff after a failure 2021-04-06 11:03:33 (because main was already built) 2021-04-06 11:04:35 another day, another CVE 2021-04-06 11:04:54 DoS 2021-04-06 11:53:27 hi all, which packaging phase is the best for locating test results (from cmake/ctest), i would like to submit them to azure devops as customer is using it for cd/ci? 2021-04-06 11:54:45 is builddir removed once abuild finishes job? 2021-04-06 11:55:50 A shocking amount of Python packages seem to download dependencies from Pip rather than use system deps. Actually enforcing `options="!net"` would've given us a whole lot less trouble 2021-04-06 11:57:58 is python broken on edge? 2021-04-06 11:58:47 yes, I see the builders working on 3.9 2021-04-06 11:58:59 it would be nice if large breakages like this could be uploaded atomically 2021-04-06 12:00:04 anyone willing to merge !19817? Its been sitting for 6-7 days since I made the last change to it 2021-04-06 12:05:47 ddevault: Right now it's atomically uploaded, but per-repo 2021-04-06 12:05:56 I see 2021-04-06 12:06:04 So if the builder is done with main, it'll upload all of main but community is broken 2021-04-06 12:18:07 minimal: could you tell what it does in a few words (commit msg is riddle for me, and analyzing changes will take some time) 2021-04-06 12:20:19 mps: normally when sshd init runs for 1st time it automatically creates DSA, ECDSA, RSA, and ED25519 host keys. This MR lets you configure which of these will be created, instead of all 4, and also lets you control the key bit length of ECDSA and RSA host keys. 2021-04-06 12:20:37 its intended for VM and cloud images typically 2021-04-06 12:21:22 how this is handled by running setup-alpine (install alpine) 2021-04-06 12:21:41 its nothing to do with setup-alpine 2021-04-06 12:22:00 lemme see 2021-04-06 12:22:19 its to do with openssh-server (and openssh-server-pam) 2021-04-06 12:22:42 minimal: if it is not related to setup-alpine/setup-sshd why then this is needed at all 2021-04-06 12:22:52 mps: what are you talking about 2021-04-06 12:23:15 minimal: my main concern with this MR is that it makes us liable for the key types generated; if a new key type is added, we'll need to update the script too 2021-04-06 12:23:16 mps: as I explained, its for when someone has build their own Alpine images wih sshd - typically for VM or cloud-images 2021-04-06 12:23:24 Shiz: can't get why this can't be set after installation 2021-04-06 12:23:48 so in a VM image the 1st time you create a VM using such an image sshd will want to create SSH host keys 2021-04-06 12:23:48 i still don't get what you're talking about, what does this have to do with installation 2021-04-06 12:24:35 Shiz: I thought it will somehow change generating keys during installation 2021-04-06 12:24:39 mps: you don't install a VM, you create a VM using a OS image which contains no SSH host keys, so the keys are created once that VM 1st runs 2021-04-06 12:25:53 minimal: you mean prepared VMs will have key, and after you use it to install new VM from it? 2021-04-06 12:26:09 mps: no 2021-04-06 12:26:16 and you want/need new key 2021-04-06 12:26:33 Shiz: the existing ssh init.d runs "ssh-keygen -A" which only generates those 4 types of keys even though there are extra types that could be generated 2021-04-06 12:26:58 minimal: yes, but then the liability lies with openssh to update their keygen tool when they add a new key type 2021-04-06 12:27:00 which they will 2021-04-06 12:27:12 mps: prepared VM images will contain *no* keys, otherwise if you created 2 VMs using the same image they would both have the same host keys, which is bad. 2021-04-06 12:27:24 yes 2021-04-06 12:27:26 (there are no commonly used other types than those 4 right now, and they updated it when they added the ed25519 key type) 2021-04-06 12:27:56 I'm just stating the concern that this will add a maintenance burden, not saying to reject the change, but it is a concern :) 2021-04-06 12:30:36 Shiz: I agree that potentially there's a "minor" maintenance burden, as you pointed out other host key types are not typically used. The idea of this change to to improve security - if someone wants to only use ED25519 host keys for "maximum" security then this config lets them ensure other key types won't be created 2021-04-06 12:31:05 Shiz: "out of the box" this change acts in the same way as before 2021-04-06 12:32:55 my opinion it will be set to ED25519 to be default, rest options are on user to set 2021-04-06 12:33:20 no 2021-04-06 12:34:39 minimal: aside from some minor stylistic things (I'd use ${bit_size:+-b $bit_size} in the command line directly and just set it from an eval, removing some more complex logic), the rest of the MR lgtm 2021-04-06 12:34:44 (but notably it's not my decision to make) 2021-04-06 12:35:37 ncopa is the maintainer but obviously he's up to his neck with Python currently 2021-04-06 12:37:29 I'd expect mcrute to be interested in it for the Alpine AWS images he builds 2021-04-06 12:46:35 Shiz: any chance you could give the MR a thumb-up if you're happy? 2021-04-06 14:46:23 minimal: as I understand this is needed due to some cloud providers has allow/deny-lists for what keys are allowed? 2021-04-06 14:48:27 ncopa: it need as any Alpine VM or Cloud images will have no SSH host keys contained in them and so the keys will be automatically generated when sshd runs during 1st boot. This MR allows the image creator to define which types of host key (and the key bit length of some of them) will be created. 2021-04-06 14:49:04 its a security-related change - enabled the image creator to define a more restrictive host key policy 2021-04-06 14:49:40 who is imposing those policies? the cloud provider? 2021-04-06 14:49:55 the person creating the OS image 2021-04-06 14:50:08 oh , ok 2021-04-06 14:50:25 so for example mcrute may be interested in this for the AWS Alpine images he builfs 2021-04-06 14:50:35 s/builfs/builds/ 2021-04-06 14:50:35 minimal meant to say: so for example mcrute may be interested in this for the AWS Alpine images he builds 2021-04-06 14:50:48 so its not the cloud provider that prevents you to use certain ssh host keys 2021-04-06 14:51:21 i had the impression that could providers requires you to use specific host keys, or forbids you to use some host keys 2021-04-06 14:51:27 nope, host keys have always been created by /etc/init.d/sshd (it typically calls "ssh-keygen -A") 2021-04-06 14:51:45 so it basically does not have anything to do with could providers 2021-04-06 14:52:06 if any of DSA/ECDSA/ED25519/RSA host key files are missing then "ssh-keygen -A" will generate them 2021-04-06 14:52:44 yes, i understand that. that is how upstream openssh works 2021-04-06 14:53:44 yupe, my MR is to change that "blind" lets ensure that all of the 4 types are present logic to be configurable to "lets ensure that the intended key type(s) are present" 2021-04-06 14:54:16 so in my local (KVM) case I only want ED25519 host keys generated 2021-04-06 14:56:18 Just out of curiosity, does it matter what keys the set offers? 2021-04-06 14:59:18 As a client, you could restrict what keys you trust 2021-04-06 15:03:20 I also share Shiz's concern that we need to maintain the key list. If the ssh-keygen -A list changes upstream for whatever reason, we will very likely miss it and use old default list 2021-04-06 15:03:51 ikke: this is from a server perspective, so when hardening a machine I'll change /etc/ssh/sshd_config to only load ed25519. However in case that config accidently gets changed (defaulted) to load other key types I don't want the other key type files around to be accidentally used 2021-04-06 15:03:54 ncopa: 2021-04-06 15:04:41 how about that if the key list is empty, we do -A 2021-04-06 15:04:46 if it's specified, we generate those types 2021-04-06 15:04:52 then default it to empty 2021-04-06 15:04:54 thats definitively better 2021-04-06 15:06:22 ncopa: all I can say is that the ssh-keygen manpage indicates "-A" is only intended to generate those specific 4 types, not all key types that may be added (there are other types already not generated) 2021-04-06 15:07:29 that is true, but it was updated for ed25519 2021-04-06 15:08:07 the other thing i'm thinking of is that we can not be the only ones having this problem. how does other distros handle it? 2021-04-06 15:10:30 seems like the official way is to use `ssh-keygen -A` and then use HostKeyAlgorithms in /etc/ssh/sshd_config to restrict what keys/algos to use. https://security.stackexchange.com/a/159269 2021-04-06 15:11:54 It is also questionable to why you would want restrict some of those keys https://security.stackexchange.com/a/29267 2021-04-06 15:12:29 ncopa: its a OS image issue rather a distro issue. E.g. for Debian maybe Debian Cloud images do this 2021-04-06 15:12:48 how they do it? 2021-04-06 15:12:49 This is not restricted to cloud images 2021-04-06 15:13:11 Hosts would need this as well 2021-04-06 15:13:24 Bare metal 2021-04-06 15:15:47 ikke: yeah I'm actually using it for bare metal as well as KVM VMs 2021-04-06 15:16:46 Shiz: an earlier version of the MR still used "ssh-keygen -A" when the key list was empty - however when I added the configurable key lengths for ECDSA and RSA I had to stop using "-A" in that scenario 2021-04-06 15:17:19 I guess I could add a fallback-fallback where if key list is empty and key length settings are both empty then use "-A" :-) 2021-04-06 15:19:57 ncopa: that stackexchange article doesn't mention ED25519 and its from 2013 so may or may not be relevant for today's security situations... 2021-04-06 15:20:10 oh, good 2021-04-06 15:20:16 somebody is writing a replacement for GNU dialog 2021-04-06 15:26:33 ncopa: an example document that shows disabling of some SSH host key types plus re-generating key types with longer key bit lengths: https://www.sshaudit.com/hardening_guides.html 2021-04-06 16:12:37 PureTryOut[m]2: These packages are missing dependencies. setuptools tries to compensate by installing the packages through pip, but because we don't have pip shipped with python3 (on purpose), it cannot automatically install them 2021-04-06 16:12:45 ncopa: redhat doesn't handle it correctly, fyi 2021-04-06 16:12:58 Because this has been the case for quite some time, lots of packages are missing dependencies 2021-04-06 16:50:34 quite a few py3 packages seems to be signed with some unknown (to my install) key, is that expected? 2021-04-06 16:50:51 e.g. ERROR: py3-requests-2.25.1-r3: BAD signature 2021-04-06 16:51:28 what arch? 2021-04-06 16:51:39 aarch64 2021-04-06 16:52:10 that explains 2021-04-06 16:52:44 We had to purge packages built since yesterday as the python3.9 rebuild was bodged for aarch64 2021-04-06 16:52:51 but dl-cdn still had the old package in cache 2021-04-06 16:52:57 We need to purge it 2021-04-06 16:53:02 ah. but they signing key changed? 2021-04-06 16:53:10 not the key 2021-04-06 16:53:16 but the signature recorded in the apkindex 2021-04-06 16:53:54 ok, so I just need to wait for things to get rebuilt and trickle down to the dl-cdn mirrors? 2021-04-06 16:54:44 craftyguy: I can purge the cache on dl-cdn so that it's forced to download the rebuilt package 2021-04-06 16:55:16 ok that might be helpful for others too 2021-04-06 16:55:21 thank you 2021-04-06 16:55:24 yeah 2021-04-06 17:15:28 craftyguy: for now, could you give a list of packages that you have issues with? Then I can quickly purge those while working on a more exhaustive method 2021-04-06 17:18:35 ikke: ya one sec 2021-04-06 17:19:01 ikke: sounds like it needs a varnish rule 2021-04-06 17:19:27 RootWyrm: we have looked into it in the past, but could not find something trivial 2021-04-06 17:20:01 it's not /strictly/ trivial, no. it's been a while since i've written them so i gotta dredge my old configs. 2021-04-06 17:20:03 ikke: https://bpa.st/raw/27WQ 2021-04-06 17:20:13 craftyguy: thanks 2021-04-06 17:20:27 I can strip the version off and just give a list of packages if that's more helpful 2021-04-06 17:21:06 I need the version 2021-04-06 17:21:08 basically need a cache control pragma on the origin side and i think i had some health checks to trigger certain things. 2021-04-06 17:21:33 RootWyrm: note that dl-cdn is backed by vastly 2021-04-06 17:21:51 ikke: yes, i'm familiar, hence why i said varnish. i'm also a fastly user. 2021-04-06 17:22:02 ok 2021-04-06 17:24:15 I know it was shenanigans with beresp.http.Surrogate-Control and beresp.http.Cache-Control to force a check every ~60 minutes 2021-04-06 17:29:03 craftyguy: can you retry? 2021-04-06 17:30:25 yep 2021-04-06 17:31:21 ikke: nice, they all upgraded. thank you :) 2021-04-06 18:46:39 ikke: I know what is happening. Like I said this would've been caught way earlier if network access was blocked, so setuptools couldn't install it even if it wanted too 2021-04-06 18:46:56 PureTryOut[m]2: not on the builders 2021-04-06 18:47:03 or CI 2021-04-06 18:47:46 Of course it would've on CI. Right now network access in build stage isn't blocked there, but it would've been caught when the package got upgraded if it was blocked 2021-04-06 18:48:58 We need a good way to block network access without relying on bubblewrap 2021-04-06 18:49:18 A crude way would be to just block DNS somehow 2021-04-06 18:50:19 I guess bubblewrap can't be used in containers? 2021-04-06 18:50:27 PureTryOut[m]2: (Sorry, I misunderstood what you were initially saying) 2021-04-06 18:50:35 PureTryOut[m]2: correct, it requires SYS_CAP_ADMIN 2021-04-06 18:50:47 which, as you hopefully understand, is not desired 2021-04-06 18:50:47 Ah too bad 2021-04-06 18:50:55 Yeah I do 😉 2021-04-06 18:55:06 Hmm 2021-04-06 18:55:17 I just tried it again, it seems to work in my container now 2021-04-06 18:56:38 (lxc) 2021-04-06 18:58:31 just create with a null network 2021-04-06 18:59:17 It does need networking 2021-04-06 18:59:23 just not during the build/package phase 2021-04-06 18:59:34 prepare/build/check/package 2021-04-06 18:59:53 Oh that would be good then if it just works 2021-04-06 18:59:55 It needs to be able to fetch packages that are declared as dependencies 2021-04-06 18:59:57 would need to do retrieval outside the container if the package build is in the container 2021-04-06 19:00:18 RootWyrm: That's a larger change 2021-04-06 19:00:27 which means prefetching the whole shebang, which isn't too terrible, but yes. it's a big change. 2021-04-06 19:00:54 hmm? building without networking already works with `abuild rootbld` 2021-04-06 19:00:55 RootWyrm: rootbuild, if it works, pretty much covers it 2021-04-06 19:01:03 PureTryOut[m]2: building, not fetching sources 2021-04-06 19:01:12 Yes that is what I'm saying 2021-04-06 19:01:28 Obviously you need network access to fetch the sources lol 2021-04-06 19:01:39 PureTryOut[m]2: I'm not sure what you were replying to then 2021-04-06 19:02:26 In response to RootWyrm saying you need to do some special things for retrieving sources etc. Building without network access already works, if you use rootbld 2021-04-06 19:04:34 PureTryOut[m]2: in docker it's not working though 2021-04-06 19:04:44 Ah darn 2021-04-06 19:05:01 ikke: what probably works is only allowing network access through a proxy, and only setting http[s]_proxy when desired 2021-04-06 19:05:14 (that bites me every time here) 2021-04-06 19:05:43 what bites? 2021-04-06 19:06:38 for $reasons, network access is limited to a proxy. There is a ridiculous number of things that assumes direct internet access is a right 2021-04-06 19:07:52 maybe doing some tricks with veth or network bridges could help 2021-04-06 19:07:55 (I never tried) 2021-04-06 19:08:09 so that you can enable or disable the interface at wish 2021-04-06 19:08:35 run in a different netns? 2021-04-06 19:09:00 ^ 2021-04-06 19:11:07 shouldn't it be possible to run unshare -Un in docker? 2021-04-06 19:11:26 unshare: unshare(0x0): Operation not permitted 2021-04-06 19:16:34 hm. 2021-04-06 19:16:41 why is it 0x0 2021-04-06 19:16:48 I did not give parameters 2021-04-06 19:16:50 oh, seccomp 2021-04-06 19:16:55 unshare: unshare(0x50000000): Operation not permitted 2021-04-06 19:18:12 it "requires CAP_SYS_ADMIN" in the sense that docker automatically allows it with --cap-add=CAP_SYS_ADMIN 2021-04-06 19:19:20 right 2021-04-06 19:19:50 but I ran into issues before with lxc as well 2021-04-06 19:19:55 but now it seems to just work 2021-04-06 19:46:02 detha: idea: tap device which speaks ip and then tunnels everything through a proxy 2021-04-06 19:54:25 if you can add a tuntap device why not just use iptables 2021-04-06 19:54:31 (netfilter) 2021-04-06 20:05:33 because that is significantly more cpu intensive 2021-04-06 20:05:41 you can just default-route the tunnel 2021-04-06 20:46:28 not sure what use case you're talking about 2021-04-06 20:46:42 iptables -m uid would be much much faster than anything tuntap based 2021-04-06 20:46:55 but your match condition would need to be iptables/netfilter compatible 2021-04-06 20:58:30 netfilter is not faster than a routing table lookup 2021-04-06 23:47:57 py3-fsspec is failing on ppc64le because it has the wrong source archive 2021-04-07 04:49:50 looking at py3-gnupg 2021-04-07 04:50:54 a test failure 2021-04-07 04:55:37 mercurial on x86 is having test failures 2021-04-07 05:00:45 on other arches as well 2021-04-07 05:01:55 s390x, mips64 2021-04-07 05:02:05 aarch64 2021-04-07 07:46:06 is the aarch64 'BAD signature' fixed, or we have to wait 2021-04-07 08:06:48 im working on it, but it seems like the hostname is not set in the dhcp request 2021-04-07 08:08:18 build-edge-aarch64 [~]# (ps xa | grep udhcp && cat /etc/network/interfaces ) | tpaste 2021-04-07 08:08:18 https://tpaste.us/byoZ 2021-04-07 08:08:32 i wonder if that is related the ifupdown-ng update? 2021-04-07 08:09:59 ncopa: there is a setting now 2021-04-07 08:11:24 huh, -ng (Not Good), usually sign of it :) 2021-04-07 08:12:15 use_hostname_for_dhcp 2021-04-07 08:12:31 https://github.com/ifupdown-ng/ifupdown-ng/blob/master/doc/ADMIN-GUIDE.md#ifupdown-ng-configuration 2021-04-07 08:12:47 i think there was a hack to make it backwards compatible with current `hostname $(hostname)` configs 2021-04-07 08:13:16 That setting is the official replacement 2021-04-07 08:13:42 use_hostname_for_dhcp does not seem to help 2021-04-07 08:14:02 ifupdown-ng-0.11.0-r0 2021-04-07 08:16:06 It worked before 2021-04-07 08:16:30 "$IF_DHCP_HOSTNAME" does not appear to be set 2021-04-07 08:16:31 Did you add it to the config file? 2021-04-07 08:16:35 yes 2021-04-07 08:21:33 its a regression 2021-04-07 08:36:31 mps: i have purged the cdn cache for all aarch64 packages newer than python 3.9.4-r0 2021-04-07 08:36:37 so the cache should be ok now 2021-04-07 08:37:10 let me do the same with ppc64le 2021-04-07 08:44:12 ncopa: looks like it is ok now, thanks 2021-04-07 08:55:17 some packages depend on mercurial and need to be disabled too 2021-04-07 09:38:06 👍 2021-04-07 10:43:08 ncopa: dnsrobocert checksum is failing again 2021-04-07 10:43:31 You fixed it 5 days ago 2021-04-07 10:45:03 Oh, I had it set to fetch from distfiles 2021-04-07 11:08:54 andypost: you upgraded protobuf, but not rebuilt dependencies 2021-04-07 11:17:48 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20237 2021-04-07 11:17:53 !20237 2021-04-07 11:21:51 uhh: "protobuf-dev (no such package)" 2021-04-07 11:22:21 fun 2021-04-07 11:22:48 we'll lose a lot of packages on 32-bits due to thsi 2021-04-07 11:24:34 #12584 !14682 2021-04-07 11:24:47 !14628 2021-04-07 11:25:25 Oof 2021-04-07 15:18:23 ncopa: looking into the dhcp regression 2021-04-07 15:20:56 thanks 2021-04-07 15:21:15 im banging my head into the protobuf testsuite 2021-04-07 15:21:43 What is it failing on? 2021-04-07 15:21:58 there are 4 tests that fails on 32 bit 2021-04-07 15:22:07 i disabled those and reported it upstream 2021-04-07 15:22:24 a couple of them caught my attention 2021-04-07 15:23:09 involves something that is called SpaceUsed() which calculate how much space is used 2021-04-07 15:23:29 interestingly enough, it reports that it uses more on 32 bit than on 64 bit 2021-04-07 15:24:36 i kinda thought it had to do with pointer sizes, but I would have expected that it would use more on 64 bit 2021-04-07 15:24:40 but i think i have found it 2021-04-07 15:26:38 https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/arena.cc#L424 2021-04-07 15:26:55 sizeof(AllocationPolicy) is smaller on 32 bit than on 64bit 2021-04-07 15:41:29 i think google just assumes 32-bit doesn't exist anymore 2021-04-07 15:41:31 :) 2021-04-07 15:41:48 Ariadne: what's a 32? 2021-04-07 15:42:00 :) 2021-04-07 15:43:36 ncopa: dhcp hostname fixed. when barbarossa (a debian person working on ifupdown-ng) converted the dhcp terms into the semantic dhcp vocabulary, he forgot about the special handling that hostname has to make $(hostname) work 2021-04-07 15:44:11 i wrote a regression test for it 2021-04-07 15:44:15 nice 2021-04-07 15:48:34 Ariadne: ifupdown-ng fails some tests on aarch64 2021-04-07 15:49:02 thats because ncopa did `set -x` on the dhcp executo 2021-04-07 15:49:03 r 2021-04-07 15:49:11 oh 2021-04-07 15:49:16 Ariadne: I'd expect protobuf to work on 32bit devices, given that it can be useful with microcontrollers and such :/ 2021-04-07 15:49:45 anyway, at least for a chromium OS project I touched, I was informed they don't even have infra set up to run 32-bit tests for that 2021-04-07 15:49:48 though i guess we should fix that and always use the executors bundled with ifupdown-ng 2021-04-07 15:49:50 ericonr: your complaint should be towrads googlee 2021-04-07 15:50:13 ikke: oh yeah, they syck 2021-04-07 15:50:16 suck 2021-04-07 15:50:33 it's just of all their shit, I expected protobuf to be the least fucked ;) 2021-04-07 15:50:51 Any of the packages listed here would not work anymore on 32-bits arches if protobuf is missing: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20237/commits 2021-04-07 15:50:58 s/Any/None 2021-04-07 15:50:58 ikke meant to say: None of the packages listed here would not work anymore on 32-bits arches if protobuf is missing: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20237/commits 2021-04-07 15:52:01 Ariadne: should that be fixed on the aarch64 host? 2021-04-07 15:52:08 yes 2021-04-07 15:52:26 /usr/libexec/ifupdown-ng/dhcp 2021-04-07 15:52:59 fixed 2021-04-07 16:15:25 Ariadne: btw, chimed in on https://gitlab.alpinelinux.org/alpine/ca-certificates/-/issues/1 - no ETA on the timestamping stuff as of yet. 2021-04-07 16:15:40 RootWyrm: thanks for your input 2021-04-07 16:15:56 i presume you intend to nudge them in a... better direction 2021-04-07 16:15:58 The big thing is the NuGet tracking issue 2021-04-07 16:16:15 disabling signature verification seems bad 2021-04-07 16:16:27 Is someone looking into the protobuf fallout already w/ protobuf-c or can I pkgrel bump that? 2021-04-07 16:16:35 That's the better direction, the timestamping stuff. But it's not ready yet. Been on the 'eventually' list ... well ... uh ... what year is it again? 2021-04-07 16:17:14 The timestamping they're talking about is RFC 5816 2021-04-07 16:17:24 thats what i assumed 2021-04-07 16:17:52 Yeah. It's just been on the back burner for a REALLY damn long time because ... I honestly don't know why. 2021-04-07 16:18:08 well i think it is ok to include the symantec certs for some period of time 2021-04-07 16:18:14 in a subpackage 2021-04-07 16:18:38 Yeah, that's easy to back out later too. 2021-04-07 16:18:38 if they are expired, they can't be used in a browser or whatever anyway 2021-04-07 16:18:46 so risk is minimal 2021-04-07 16:18:57 "Don't need 'em, apk del ca-certificates-symantec" 2021-04-07 16:19:15 Cogitri: !20237 2021-04-07 16:19:16 Also as I mentioned, it's a very minor impact with the Docker builds. 2021-04-07 16:21:47 ikke: Whoops 2021-04-07 16:21:49 Ariadne: is this going to affect 3.12 as well? 2021-04-07 16:21:55 no 2021-04-07 16:22:10 OK so it'd only impact .NET 5 and later 2021-04-07 16:22:14 we generally don't update ca-certificates in previous releases 2021-04-07 16:22:26 Cogitri: that's how I realized that it was disabeled on 32-bits 2021-04-07 16:22:33 and the impact 2021-04-07 16:22:34 unless there is some compelling reason 2021-04-07 16:24:05 related: i wish browsers had ux to "detrust" bad root CAs without deleting them 2021-04-07 16:24:15 so that, when you navigate to a site using them 2021-04-07 16:24:23 ikke: Oh, can we merge that now that protobuf is enabled again? 2021-04-07 16:24:36 Cogitri: waiting for the pipeline to succeed 2021-04-07 16:24:40 instead of just a generic cert error you'd see "this site's certificate is signed by a root CA you detrusted..." 2021-04-07 16:24:49 with a manual per-site "allow" option 2021-04-07 16:28:18 Ariadne: well, most folks consider 'actively untrusted certs' a compelling reason ;) 2021-04-07 16:29:06 ikke: Okie 2021-04-07 16:29:09 and there is a means to untrust via CRL 2021-04-07 16:29:25 i.e. Symantec would be cessationOfOperation in a CRL 2021-04-07 16:36:09 i think what dalias was saying is that he would like to see it be easier to make such a CRL 2021-04-07 16:36:21 i.e. click symantec cert, click detrust, done 2021-04-07 16:39:01 firefox already has this? 2021-04-07 16:39:16 hello71, not with the ux i described 2021-04-07 16:39:42 specifically, being informed that the site's cert was signed by a detrusted ca rather than just being invalid 2021-04-07 16:39:47 i mean you can't do it strictly as specified 2021-04-07 16:39:51 with the option to "retrust this ca, but only for this site" 2021-04-07 16:39:58 because there may be multiple possible certification paths 2021-04-07 16:40:48 there's one really shitty root CA, i forget which one but they were implicated in some involvement with a backdoor business and broke root CA rules a few times 2021-04-07 16:41:14 and i deleted them, but i have one credit card whose payment site uses them >_< 2021-04-07 16:41:54 and to be able to pay i have to open developer console, find the subdomains that are not working, try to open those api urls manually in a new tab, then accept and save the "invalid" cert 2021-04-07 16:41:59 and redo this if the cert ever changes 2021-04-07 16:42:32 i want to just have a prompt that says "yourshittycreditcard.com is using a certificate signed by a root CA you chose not to trust. would you like to trust it for this site only?" 2021-04-07 16:44:03 oh and to make it even more fun, it's an amazon store card, and since it's not a physical card you can use anywhere else, they never even sent me the full card number, so it's impossible to call and pay by phone. the site with the broken cert is the ONLY way to pay 2021-04-07 16:45:07 i would just not use it, but the 5% back is really nice and more than pays for my prime membership 2021-04-07 16:52:10 dalias: but it's bank level security 2021-04-07 16:52:17 why do you doubt it 2021-04-07 16:52:17 :D 2021-04-07 16:53:17 <[[sroracle]]> thanks for reminding me to remove the horrible MITM certificate i needed to install for work 2021-04-07 16:53:19 of course they want to do business with the same CA who's selling backdoors to the backdoor enterprise MITM company they buy their asset control shit from :-p 2021-04-07 16:56:02 Cogitri: s390x succeeded :_ 2021-04-07 16:56:06 :) 2021-04-07 17:05:27 Yay :D 2021-04-07 17:10:20 3/6 succeeded (funnily enough, 32-bits is behind) 2021-04-07 17:46:15 The new release is soon https://github.com/protocolbuffers/protobuf/releases/tag/v3.16.0-rc1 it will need to bump all again, foes it make sense for 3.15? 2021-04-07 17:46:40 *does 2021-04-07 17:46:41 depends on how bad the pain level is 2021-04-07 17:47:38 I mean pb has monthly release cycle and it's pain to bump it so often 2021-04-07 17:48:04 Well if tests worked and we didn't have to re-enable it's it's not too bad really 2021-04-07 17:48:13 And if it weren't in the middle of py3.9 rebuilds 2021-04-07 17:49:19 andypost[m]: we _need_ to rebuild, otherwise packages are broken 2021-04-07 17:49:48 Main problem is to split dependency bumps to fit into CI 2021-04-07 17:50:03 andypost[m]: we can split them per repo 2021-04-07 17:50:07 main / community / testing 2021-04-07 17:50:08 Yup 2021-04-07 17:50:21 That's where I stuck in icu upgrade 2021-04-07 17:50:23 And IMHO building them on one arch should be sufficient 2021-04-07 17:50:53 As in build icu/protobuf once on all arches, build rebuilds only on one arch (e.g. in a dev container) 2021-04-07 17:50:56 yeah, I pushed them, even though the job was stopped due to timeout 2021-04-07 17:51:17 Yeah, I doubt such rebuilds would fail on one arch but not another 2021-04-07 17:51:38 Or rather it's so rare that it's ok to just risk it and fix the builders if it really does go wrong 2021-04-07 17:54:11 Cogitri: in this case is was good, in that it caught the 32-bits issue :) 2021-04-07 17:55:31 Fair, but if the same person does all of that at the same time something like that couldn't happen 2021-04-07 17:55:59 right 2021-04-07 17:56:07 they would've just disabled it :P 2021-04-07 18:06:11 is there a reason to have gtest in main and rebuild it every aport? https://gitlab.alpinelinux.org/search?utf8=%E2%9C%93&search=googletest%2Farchive&group_id=2&project_id=1&scope=&search_code=true&snippets=false&repository_ref=master&nav_source=navbar 2021-04-07 18:07:36 the embedded gtests should not be used ideally, but it involves fixing each packagee by hand 2021-04-07 18:20:44 It's not ideal but not too much of a problem since it's just for the test executables, isn't it? 2021-04-07 18:30:07 dalias: there are a number of really shitty root CAs ;) 2021-04-07 18:33:59 :) 2021-04-07 18:34:19 browsers should really just announce an EOL on all but LE 2021-04-07 18:36:22 Cogitri: it is just for tests yes. gtest, at least in the past, was made to be embedded so all projects use it like that. Annoyingly 2021-04-07 18:36:48 i hate gtest 2021-04-07 18:37:01 me too 2021-04-07 18:37:21 and i hate packages that make it hard or nonobvious to build without building their tests 2021-04-07 18:37:27 i tried to use it for something and found myself unimpressed with it 2021-04-07 18:37:33 once i wasted like an hour getting a broken build to compile... 2021-04-07 18:37:45 Same 2021-04-07 18:37:57 hmm, libphonenumber failed on s390x 2021-04-07 18:37:59 only to find out that the project itself was all just python source files that didnt need to be compiled at all and the build was failing in useless tests that needed C test framework shit 2021-04-07 18:38:02 -Werror 2021-04-07 18:38:10 ikke: well i do not think anyone is going to make phone calls on a mainframe 2021-04-07 18:38:14 ikke: in case of libphonenumber, always retry it at least 2 times first before you look into it 2021-04-07 18:38:22 And yeah I doubt anyone needs it on s390x lol 2021-04-07 18:38:23 PureTryOut[m]2: heh 2021-04-07 18:38:29 that sounds terrifying 2021-04-07 18:38:36 can we figure out why it needs to be retried 2021-04-07 18:38:41 dogma around tests is so stupid. tests are for developers and *maybe* for distros 2021-04-07 18:38:44 not for end users 2021-04-07 18:38:57 but mainly for developers 2021-04-07 18:39:47 integration tests can be usefull for distros 2021-04-07 18:39:51 unittests less so 2021-04-07 18:40:48 yeah 2021-04-07 18:41:04 all of my stuff does integration tests mostly 2021-04-07 18:41:10 that's what i like about kyua/atf 2021-04-07 18:41:10 Ariadne: afaik it's a race condition, things compiled in the wrong order. But unsure 2021-04-07 18:41:11 :) 2021-04-07 18:42:08 PureTryOut[m]2: do you know what build system it uses? maybe we can fix it? 2021-04-07 18:42:13 CMake 2021-04-07 18:42:34 maybe we can switch it to use ninja? 2021-04-07 18:42:52 with samu, the build should always be deterministic 2021-04-07 18:43:22 dalias: tests (can) help catch library incompatibilities, so they help distros a lot 2021-04-07 18:43:30 yeah 2021-04-07 18:43:51 and well, not all upstreams are great, so running tests locally also creates bug reports to send their way 2021-04-07 18:44:35 libzstd had a buggy release on 32-bit devices once, for example; OpenSUSE caught it when running the test suite 2021-04-07 18:44:38 ericonr: right, integration tests 2021-04-07 18:45:57 well much of this would be cost if upstream were actually using their own tests to catch their bugs 2021-04-07 18:46:04 rather than oursourcing it to users/distros :-p 2021-04-07 18:46:19 like at the very least test at least one 32-bit target 2021-04-07 18:46:50 there are *so many* projects not testing on 32-bit properly, it's kinda sad :/ 2021-04-07 18:47:42 well it shouldnt even need dedicated testing mostly, but ppl do so much stupid stuff 2021-04-07 18:47:55 long/size/ptr mixup is the worst 2021-04-07 18:48:34 but sometimes it's also "soft" stupid things like assuming vm space is huge 2021-04-07 18:48:48 oh also assuming file sizes fit in size_t/long/whatever 2021-04-07 18:49:30 at least musl doesn't have the LFS madness to 2021-04-07 18:49:36 ... make things even worse 2021-04-07 18:49:45 LFS? 2021-04-07 18:49:50 large file support 2021-04-07 18:49:53 ah 2021-04-07 18:51:07 dalias: anyway, the issues vary; sometimes it's just some weird edge case in the test suite, sometimes it's things that can't even build because the constant is too big to fit in the variable type 2021-04-07 18:51:42 It's not for nothing that our policy is to run the test suite if present 2021-04-07 18:51:59 yes, i pushed hard for that for a reason 2021-04-07 18:52:00 :) 2021-04-07 18:52:31 I recall the nginx incident 2021-04-07 18:52:51 yeah we actually have found CVEs in software just by running the tests 2021-04-07 18:52:52 :) 2021-04-07 18:55:09 :) 2021-04-07 18:55:34 yeah i dont mean to criticize distros for doing it 2021-04-07 18:55:48 rather packages that ship in a way that the tests get built/run when you just want to compile 2021-04-07 19:44:43 armhf is idle :) 2021-04-08 02:19:39 x86-64 is done 2021-04-08 04:37:48 dnsrobocert keeps giving issues 2021-04-08 07:27:55 can we instruct somehow abuild in APKBUILD to ignore error in some commands 2021-04-08 07:28:12 cmd || true 2021-04-08 07:29:02 PureTryOut[m]: Seems like qmlkonsole tries to pull in qt5-qtsvg >= 5.15.3 but we only have 5.15.2 in the repos 2021-04-08 07:29:12 I know, working on it 2021-04-08 07:31:35 Cogitri: thanks, it worked 2021-04-08 07:36:13 Thanks for looking into it :) 2021-04-08 08:10:20 https://pkgs.alpinelinux.org/contents?file=&path=%2Fusr%2Flib%2Fpython3.8%2F*&name=&branch=edge&arch=x86_64 we still have quite a lot of packages which try to use py3.8 I think (?) 2021-04-08 08:15:29 morning 2021-04-08 08:15:50 thank you for helping cleaning up after the python 3.9 update 2021-04-08 08:18:13 bumping stuff for python3.9 rebuilds 2021-04-08 08:19:06 thanks! 2021-04-08 08:31:36 Hmm, I need to update QtWebengine as it has security fixes upstream, but no new tags will be made by The Qt Company. This package includes lots of git submodules, so I can't just get a tarball from a a specific commit and be done with it, as that will exclude the submodules. Gentoo vendors their own tarball created directly from the upstream git repo, can we do the same? 2021-04-08 08:33:43 Yup 2021-04-08 08:34:09 Create a snapshot function in the APKBUILD, then we can upload a tarball to dev.a.o 2021-04-08 08:35:03 Cool thanks 2021-04-08 08:40:58 How would I test this locally? I can't just set the srcurl to dev.a.o as the tarball won't be there yet 2021-04-08 08:41:06 ncopa: I guess we can create a dev account for PureTryOut[m]2? 2021-04-08 08:42:41 ikke: PureTryOut[m]2 has git push access right? 2021-04-08 08:42:48 Yes 2021-04-08 08:43:01 then no problem with account on dev.a.o 2021-04-08 08:43:17 OK, will arrange 2021-04-08 08:43:23 🎉 thanks! 2021-04-08 08:43:34 we should probably come up with a better solution for archive.a.o/dev.a.o so devs can upload files to our archive 2021-04-08 08:53:30 Maybe tied to the gitlab account? 2021-04-08 09:08:06 That would be the easiest if possible yes 2021-04-08 09:16:51 The only thing we need to think about is how to prevent it from being abused 2021-04-08 09:27:00 Only allow people with git push access I guess? 2021-04-08 15:25:52 ikke: regarding the fzf problem: do you have bash installed? 2021-04-08 15:26:44 https://github.com/junegunn/fzf/blob/764316a53d0eb60b315f0bbcd513de58ed57a876/src/reader.go#L103-L112 2021-04-08 15:27:14 if you don't set FZF_DEFAULT_COMMAND it seems to me fzf will force execution with bash and if you don't have bash installed it just fails with "command failed" to execute 2021-04-08 15:28:28 nmeum: yeah, I have bash installed 2021-04-08 15:28:52 that's why the default command works for you but not for me :) 2021-04-08 15:28:56 nod 2021-04-08 15:29:13 not sure what would be the best way to fix this because the error message is very confusing and I think it would be desirable to have fzf work by default 2021-04-08 15:29:28 we can either make it depend on bash or patch it to ensure it doesn't execute the default command with bash 2021-04-08 15:29:49 does it use bash just as a shell to execute that default command? 2021-04-08 15:30:24 We could patch it to use sh 2021-04-08 15:30:29 yes, to make sure the shell supports `set -o pipefail` 2021-04-08 15:30:48 ash supports that 2021-04-08 15:31:04 ok, so just patch it to make it use ash then? 2021-04-08 15:31:07 let me quickly test that :) 2021-04-08 15:31:12 nmeum: thanks 2021-04-08 15:31:17 np 2021-04-08 15:33:29 probably you know this already, but src/reader.go:102 2021-04-08 15:35:22 yeah, linked the code above :) 2021-04-08 15:36:20 ah, missed that 2021-04-08 15:36:26 or overlooked it 2021-04-08 15:41:00 !20288 2021-04-08 15:41:06 works for me 2021-04-08 15:41:28 also note: this is only relevant for people who haven't set FZF_DEFAULT_COMMAND manually so I guess this shouldn't cause any breakage 2021-04-08 15:41:48 s/bash/ash? 2021-04-08 15:41:48 ikke meant to say: does it use ash? just as a shell to execute that default command? 2021-04-08 15:41:56 euhm, no :P 2021-04-08 15:42:08 In the commit message 2021-04-08 15:42:20 hm? 2021-04-08 15:42:30 'do require bash by default' 2021-04-08 15:42:35 Aaaa 2021-04-08 15:42:37 I forgot the "not" 2021-04-08 15:42:40 ah 2021-04-08 15:42:50 good catch! 2021-04-08 15:43:03 fixed :) 2021-04-08 17:09:58 does anyone know if return value from "docker run abuild..." is used for something (tests, CI pipelines..) and if there is any poblem disabling 'set -e' on dabuild script? I'm trying to achieve container/image reuse but I need to handle it after the docker run command (which in case of error interrupts the script) 2021-04-08 17:10:38 We do not use dabuild in CI 2021-04-08 17:13:36 ok so could I just disable set -e? 2021-04-08 17:14:04 I don't know 2021-04-08 17:15:19 ok 2021-04-08 17:59:14 I forked and pushed some changes but I don't see a merge option 2021-04-08 18:04:55 if you got in "merge requests" there should be a large green button 2021-04-08 18:04:59 s/got/go 2021-04-08 18:04:59 afontain_ meant to say: if you go in "merge requests" there should be a large green button 2021-04-08 18:07:01 oh I found it thanks afontain_ 2021-04-08 19:32:54 Hey guys, I'm trying to update the community package for Audacity to 3.0.0, but it seems the latest version requires a custom version of one of the dependencies: wxWidgets and the repo version doesn't cut it. Is there an example of a build using a custom dependency build prior to the actual build for the package in APKBUILD? Thanks 2021-04-08 19:34:42 aptalca: I guess it should be a separate package 2021-04-08 19:35:18 a custom version means an older version? 2021-04-08 19:35:20 gotcha. Any restrictions or guidance on what to name the custom build of the package? 2021-04-08 19:35:35 donoban: a patched version 2021-04-08 19:35:37 no, the audacity team forked the repo and added a bunch of their own custom commits to it 2021-04-08 19:36:03 ouch 2021-04-08 19:36:06 right, a patched version 2021-04-08 19:36:33 we don't negotiate with terrorists, drop the package 2021-04-08 19:36:34 The question is if these packages would conflict 2021-04-08 19:36:35 :) 2021-04-08 19:36:50 Use patched wx3.1.3. from https://github.com/audacity/wxWidgets. If you use a wx3.0 version Audacity will be unstable and crash. 2021-04-08 19:36:55 Ariadne: lol 2021-04-08 19:38:53 This branch is 25 commits ahead, 3294 commits behind wxWidgets:master. 2021-04-08 19:39:21 I'm somewhat familiar with alpine build tools and submitted a few PRs in the past. I thought this would be a simple pkgver update and backport but it got a lot more complicated :) 2021-04-08 19:39:35 yeah, I can imagine 2021-04-08 19:40:59 donoban: like i said, we don't negotiate with terrorists 2021-04-08 19:41:04 :) 2021-04-08 19:41:15 from https://wiki.audacityteam.org/wiki/For_Upstream_wxWidgets "Linux currently needs none of these patches, so it is OK if Debian for example builds with stock wxWidgets (of the version we use, and with accessibility enabled)." 2021-04-08 19:41:46 ah 2021-04-08 19:41:52 hehe Ariadne I'm just pretty surprised about this 2021-04-08 19:41:59 so this is the same situation as how audacious had to patch gtk 2021-04-08 19:42:01 on windows 2021-04-08 19:42:06 because it was hopelessly broken 2021-04-08 19:42:21 something something upstreaming 2021-04-08 19:42:29 afontain_: we tried 2021-04-08 19:42:29 or maybe the wiki is outdted, are you sure that the custom version is needed aptalca ? 2021-04-08 19:42:30 oh, so it only needs it for other OS's 2021-04-08 19:42:40 I tried a local build but get an error about unpatched wxWidgets. Posted in an issue here: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12590 2021-04-08 19:43:19 maybe you can take some patch debian already figured out? 2021-04-08 19:44:02 well those "building for distros" points are largely unacceptable 2021-04-08 19:44:08 we are not going to use bundled libraries 2021-04-08 19:44:31 I don't see 3.0.0 in either debian or ubuntu repos 2021-04-08 19:44:41 likely because they don't negotiate with terrorists either 2021-04-08 19:45:46 cmake-proxies/wxWidgets/CMakeLists.txt:240 2021-04-08 19:46:35 It expects Audacity in the version string of wxwidgets 2021-04-08 19:47:33 probably upstream would accept a patch to make this build used on Windows only, if the intentions of the fork are the what they stated 2021-04-08 19:48:41 "Linux currently needs none of these patches, so it is OK if Debian for example builds with stock wxWidgets (of the version we use, and with accessibility enabled)." 2021-04-08 19:48:49 " Debian for example builds with stock wxWidgets (of the version we use, and with accessibility enabled)." 2021-04-08 19:49:01 You could just patch out that check and see if it works 2021-04-08 19:49:07 we don't negotiate with terrorists 2021-04-08 19:49:25 they are implying if we do not build it the way they want, they will come and terrorize us 2021-04-08 19:51:03 it is my understanding that the custom wxWidget was a requirement for 2.X releases as well, but it wasn't enforced through cmake (at least on linux) but on 3.0.0 it is enforced. I'm wondering if that statement on their wiki is outdated and that linux version of 3.0.0 also requires it 2021-04-08 19:51:50 arch does not have audacity 3.0.0 yet either 2021-04-08 19:52:46 nor does voidlinux 2021-04-08 20:03:51 yeah the void maintainer orphaned the package when that wxwdigets requirement came out lol 2021-04-08 20:04:15 Ariadne: debian patches out terrorists, they skip negotiating :p 2021-04-08 20:04:39 right :) 2021-04-08 20:05:38 do you folks patch out the wxwdigets ABI warning? 2021-04-08 20:10:09 No 2021-04-08 20:10:21 we are trying to figure out what to do about this :) 2021-04-08 20:34:20 mps: no news from kobol, i mail them and the armbian dev directly 2021-04-08 20:34:38 the kobol guy cc'd me the armbian dev, no news since the 5th 2021-04-08 20:46:24 bl4ckb0ne: thanks for info 2021-04-08 20:47:05 bl4ckb0ne: could you give a link to their answer 2021-04-08 20:59:49 nothing much interesting 2021-04-08 21:00:12 i asked for the schematics and they told me they are waiting to recover their nre cost 2021-04-08 21:00:19 but they can share some sections if i ask 2021-04-08 21:01:16 also havent try to poke at the pcie config 2021-04-08 21:02:19 bl4ckb0ne: ok. though I think drivers would be more interesting for us than schematics 2021-04-08 21:11:19 yup 2021-04-08 21:11:31 ill ping you if i get an answer or if i make any progress 2021-04-08 21:13:11 hi all. this patch probably needs to be reverted to fix qt related build errors: https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/qt5-qtsvg/0002-Bump-version.patch 2021-04-08 21:13:12 I'm testing it right now and will make a MR to aports 2021-04-08 21:32:19 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20307 2021-04-08 21:33:22 this will fix build-edge-x86 and probably other builders getting stuck there 2021-04-08 21:34:27 why was the patch added to begin with? do you know? 2021-04-08 21:35:22 ah 2021-04-08 21:35:29 PureTryOut[m]2: ping 2021-04-08 21:38:46 Ariadne: I think PureTryOut is offline. apparently as part of a kde patchset, and kde has forked qt now. looks like patches were cherry picked from there, and this one was included by accident 2021-04-08 21:38:57 I'll check if there are more version bump patches that got in 2021-04-08 21:39:03 yes i did the revert 2021-04-08 21:39:14 thanks 2021-04-08 21:39:14 we should make sure that if we follow the KDE fork that we do it cleanly 2021-04-08 21:40:38 +1 2021-04-08 21:41:01 so looks like no other MODULE_VERSION bump patches: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20234 2021-04-08 21:46:04 Trying to upgrade telegram desktop I discovered this https://github.com/telegramdesktop/tdesktop/blob/dev/docs/api_credentials.md , was old packages working with test api_id/hash? So you need an API key for build some "open source" :S 2021-04-08 23:02:10 donoban: does seem to be using the test id/hash 2021-04-08 23:02:40 donoban: and it does seem to work fine for me 2021-04-08 23:14:50 donoban: though i agree that this is kind of a bummer. just more proof that telegram is not really free software 2021-04-08 23:24:28 -- Build files have been written to: /home/kaniini/aports/community/libphonenumber/src/libphonenumber-8.12.20/cpp/build 2021-04-08 23:24:28 ninja: multiple rules generate '../src/phonenumbers/metadata.h' 2021-04-08 23:24:36 digging into this libphonenumber race condition :) 2021-04-08 23:38:28 ok solved libphonenumber :) 2021-04-09 00:12:27 ty 2021-04-09 01:27:10 i think i have a lead on the sata driver mps 2021-04-09 01:27:52 https://paste.sr.ht/~bl4ckb0ne/587722d08ab44128890f3b4cbee20d43b9921b7b 2021-04-09 01:35:21 starting a build on my side 2021-04-09 05:30:46 if you need context on the 3.15 -> 15 thing 2021-04-09 05:31:16 its because 3.15 will be the 15th release of alpine using the now-evergreen musl "ABI" 2021-04-09 05:31:25 i use ABI very loosely there 2021-04-09 05:31:27 :p 2021-04-09 06:02:43 morning 2021-04-09 06:02:56 seems like firefox build fails on 3.13-stable branch 2021-04-09 06:03:27 bl4ckb0ne: better use modprobe instead of insmod. modprobe will 'resolve' modules dependenciies, while with insmod you have to do that 'manually' one by one 2021-04-09 06:04:15 good morning :) 2021-04-09 07:37:40 Morning 2021-04-09 09:31:38 omni: 3fcd479d3a5eb99e9c7b83b7b1b3429b73625a63 2021-04-09 09:32:01 https://paste.gnome.org/pm4urofes 2021-04-09 09:35:05 huh, thanks! 2021-04-09 09:35:53 Hm, seems like that's a py3.9 think? 2021-04-09 09:35:54 https://build.alpinelinux.org/buildlogs/build-edge-armv7/testing/py3-ssdeep/py3-ssdeep-3.4-r1.log 2021-04-09 09:36:03 ikke: ^ 2021-04-09 09:37:08 Will look at it later 2021-04-09 09:38:07 Thanks 2021-04-09 09:38:09 Cogitri: but weird? 2021-04-09 09:38:20 ey guys, this "'uint32_t' does not name a type" are common musl incompatiblity? https://tpaste.us/nWOp 2021-04-09 09:39:58 Cogitri: it ran 3 tests here 2021-04-09 09:40:01 https://build.alpinelinux.org/buildlogs/build-edge-x86_64/testing/py3-zulip/py3-zulip-0.7.1-r1.log 2021-04-09 09:40:37 @donoban: yes, but it is not musl's fault as far as I understand 2021-04-09 09:41:26 omni: huh,weird 2021-04-09 09:41:34 Maybe because armv7 isn't done building things yet (?) 2021-04-09 09:42:13 maybe there is a wrong included header 2021-04-09 09:47:32 Seems that works adding "#include " :) 2021-04-09 10:18:42 I think that the release tarball is not well done, I found two wrong include references to their own code 2021-04-09 11:06:58 Trying to figure out what's happening with py3-ssdeep 2021-04-09 11:07:06 These errors just happen during the check phase 2021-04-09 11:40:29 what is the standard workflow for creating patches when trying to fix an APKBUILD? 2021-04-09 11:41:48 Submit a MR at gitlab 2021-04-09 11:42:05 https://paste.gnome.org/pwpmw2fja <- fun, the GCC of 3.13 has an ICE trying to build FF :D 2021-04-09 11:42:05 but I mean a patch to the src code of the package 2021-04-09 11:43:12 e.g.: https://tpaste.us/zxyv 2021-04-09 11:44:13 was this created with a git repo clone of telegram? 2021-04-09 11:46:34 Ah, diff,git diff or git format-patch works. You can either do that from a git clone of the repo or just do `abuild unpack` and do `git init` in the source and do you changes 2021-04-09 11:47:01 ah, last seems the best way 2021-04-09 11:58:02 ncopa: Are you already looking into rebuilding the remaining py3.8 packages? 2021-04-09 12:08:09 not really 2021-04-09 12:08:14 not today at least 2021-04-09 12:14:30 Okay, I can start bumping things without clashing with you then 2021-04-09 12:50:39 is it mostly/only testing left? 2021-04-09 12:51:59 omni: https://pkgs.alpinelinux.org/contents?file=&path=%2Fusr%2Flib%2Fpython3.8%2F*&name=&branch=edge all of those are left 2021-04-09 13:07:20 ah 2021-04-09 13:29:50 Cogitri: thank you. I appreciate 2021-04-09 13:31:58 I vote for 'yy-mm' version, 20.06 for example 2021-04-09 13:32:21 21.06, actually :) 2021-04-09 13:33:25 and, 21.06.{1,2,....} 2021-04-09 13:33:48 à la Ubuntu? 2021-04-09 13:34:06 hmm, something like 2021-04-09 13:34:37 personally, I would prefer 21.06.03, i.e. exact date 2021-04-09 13:38:20 and, I'm not against to keep current numbering, i.e. 4.1 ... 2021-04-09 13:40:08 I vote for glyphs, "release 🏆 is out!" 2021-04-09 13:41:49 omni: emoticons would be better than. alpine :), then ;), :/ etc 2021-04-09 13:42:09 Does someone happen what's up with this? https://build.alpinelinux.org/buildlogs/build-edge-x86/testing/umockdev/umockdev-0.15.5_git20210315-r0.log 2021-04-09 13:42:13 Only fails on 32-bit 2021-04-09 13:43:39 mps: then :-, then :\, then :|, then :/ again and so on 2021-04-09 13:45:37 =) 2021-04-09 14:12:42 > kubeadm-bash-completion*: Running split function _kubeadm_bash... 2021-04-09 14:12:42 Segmentation fault 2021-04-09 14:12:44 Yuck 2021-04-09 14:47:16 mps: modprobed the module successfuly and did a rc-service modules restart 2021-04-09 14:47:20 still no output on lspci 2021-04-09 14:47:30 but my kernel build is not done, so there's a bit of hope 2021-04-09 14:48:27 ncopa, when did alpine switch to musl ? the announcement page lacks a date 2021-04-09 14:59:06 bl4ckb0ne: this is strange. is there anything about 'pci' in dmesg output 2021-04-09 14:59:38 nothing beside "libata version 3.00 loaded" 2021-04-09 14:59:52 cant reboot, still building linux-edge 2021-04-09 15:00:06 i tried `echo 1 > /sys/bus/pci/rescan` with no success 2021-04-09 15:00:51 wait, you have PCI interface detected, but not sata driver? 2021-04-09 15:00:59 yep 2021-04-09 15:01:06 aha 2021-04-09 15:01:07 thers some weird stuff going on 2021-04-09 15:01:34 I thought you say PCI subsystem is not detected 2021-04-09 15:01:53 i was going the wrong way 2021-04-09 15:02:08 [ 2.063302] ehci-pci: EHCI PCI platform driver 2021-04-09 15:02:10 [ 2.064923] ohci-pci: OHCI PCI platform driver 2021-04-09 15:02:20 seems that the jmb585 is ahci 2021-04-09 15:02:41 and I doubt that rebuilding kernel will help without patches, for example some from armbian kernel 2021-04-09 15:02:56 yeah 2021-04-09 15:03:01 still no answer from armbian 2021-04-09 15:03:35 im really considering putting it in the closet and throw a couple of bucks to build a x86_64 nas 2021-04-09 15:03:59 I looked at kernel 5.12-rc6 (running it on my rk3399) but there is no sign of that driver 2021-04-09 15:05:20 bl4ckb0ne: option for you could be to use armbian kernel with alpine userspace, ofc if you want/like to use alpine 2021-04-09 15:05:39 interessting 2021-04-09 15:06:49 I 'can imagine' you asking why mps didn't proposed that earlier :) 2021-04-09 17:59:57 Does someone know what https://build.alpinelinux.org/buildlogs/build-edge-armhf/community/ansible-lint/ansible-lint-4.3.7-r4.log is about? 2021-04-09 18:00:44 uhh 2021-04-09 18:00:56 maybe something wrong with the configuration file for setup.py in ansible-lint? 2021-04-09 18:01:10 i admit i have not seen this one ever from setuptools :D 2021-04-09 18:01:34 Not sure if it's similar, but py3-ssdeep is failing attributes missing as well 2021-04-09 18:05:23 don't have specifics, but the armv7 ecosystem in general for python3 is a little weird post-rebuild 2021-04-09 18:06:06 ansible-lint fails on other arches as well now 2021-04-09 18:16:53 yes, fails to build on my aarch64 machine and my x86_64 laptop 2021-04-09 18:21:39 i want to advance gcc snapshot forward to 20210409 2021-04-09 18:21:43 is now a good time to do that? 2021-04-09 18:22:02 or are people going to need the builders idle 2021-04-09 18:22:21 gcc 10.3 is released 2021-04-09 18:22:31 oh, is it 2021-04-09 18:22:39 I think so 2021-04-09 18:22:47 have to check again 2021-04-09 18:22:54 yes, it is 2021-04-09 18:22:58 well, that's fine 2021-04-09 18:23:12 20210409 snapshot will be gcc 10.3 then :) 2021-04-09 18:23:20 about 178 fixes from 10.2 :) 2021-04-09 18:23:54 there are already fixes in 10.3 :) 2021-04-09 18:24:15 heh, I didn't expect otherwise 2021-04-09 18:24:28 I think it'd be nice if the Builders were fixed so py3.9 is completed first 2021-04-09 18:24:40 yeah 2021-04-09 18:24:42 But I don't have time to deal with this today anymore, so I guess gcc can be done first 2021-04-09 18:24:45 lets tackle py3.9 2021-04-09 18:26:16 UserWarning: Unknown distribution option: 'test_suite' 2021-04-09 18:26:21 This happens to ssdeep as well 2021-04-09 18:27:49 [options.entry_points] 2021-04-09 18:27:56 i think if we change this to [entry_points] it will fix 2021-04-09 18:29:19 hmm no 2021-04-09 18:29:42 There seems to be some issue with setuptools / distutils 2021-04-09 18:29:50 https://stackoverflow.com/questions/8295644/pypi-userwarning-unknown-distribution-option-install-requires 2021-04-09 18:33:12 https://bugs.archlinux.org/task/70023 2021-04-09 18:36:32 this ansible-lint seems old 2021-04-09 18:42:29 It needs lots of new deps 2021-04-09 18:43:19 seems to be a setuptools bug 2021-04-09 18:44:55 >>> a = tuple() 2021-04-09 18:44:55 >>> b = tuple() 2021-04-09 18:44:55 True 2021-04-09 18:44:55 >>> a is b 2021-04-09 18:44:57 uhhhhhhh 2021-04-09 18:45:16 let me check python 3.8 2021-04-09 18:45:20 i think this is a bug! 2021-04-09 18:45:56 hmm 2021-04-09 18:46:11 3.8 also deduplicates tuple() 2021-04-09 18:47:35 git blame on setuptools is unenlightening 2021-04-09 18:48:49 well, whatever 2021-04-09 18:48:51 i have a workaround 2021-04-09 18:48:55 it may be "wrong" though 2021-04-09 18:51:42 uhg why do languages even expose things like this... 2021-04-09 18:52:22 Ariadne: I used to in !18606 2021-04-09 18:53:37 Delayed til 3.9 2021-04-09 18:54:51 Ariadne: the dynamic musl rust MCP thingy was posted to reddit 2021-04-09 18:54:52 Meantime I recall few issues because of changes in 1.1 and 1.2 in yaml specs 2021-04-09 18:54:56 88 comments :o 2021-04-09 18:55:01 ericonr: FFS 2021-04-09 18:55:18 :D 2021-04-09 18:55:19 great now we get to fight techbros 2021-04-09 18:55:24 *sigh* 2021-04-09 18:55:32 haven't read yet 2021-04-09 18:55:35 alpine should just stop negotiating with terrorists and drop rust 2021-04-09 18:55:43 i so hate reddit and hn (basically the same thing) 2021-04-09 18:55:59 ikke: i came up with https://tpaste.us/LwWl 2021-04-09 18:56:07 ikke: it allows these packages to build 2021-04-09 18:56:08 ariadne, that means dropping firefox which means being a non-desktop/workstation distro 2021-04-09 18:56:08 Ariadne: linux-next has rust already :PP 2021-04-09 18:56:16 ikke: i have no idea how fucked the idea is tho 2021-04-09 18:56:21 ikke: shall i send it? 2021-04-09 18:56:30 Diversity is not always about terrorism 2021-04-09 18:56:35 ericonr, that's rather a misrepresentation, it's some weird optional junk 2021-04-09 18:57:01 Ariadne: hmm 2021-04-09 18:57:04 andypost[m]: no, but shipping a toolchain which is broken on musl systems is :) 2021-04-09 18:57:12 dalias: for now, I'm curious to see how it progresses into the future 2021-04-09 18:57:20 ericonr, linus won't even allow c++ 2021-04-09 18:57:22 but the fact is, some integration *already* exists 2021-04-09 18:57:25 i dont think you have anything to fear 2021-04-09 18:57:46 fair 2021-04-09 18:58:12 to be fair it takes a lot of discipline to write high quality C++ 2021-04-09 18:58:25 really, rust in kernel is not even as bad as rust in userspace, the target specification and shenanigans would be much simpler 2021-04-09 18:58:27 algitbot: do you flip a coin 2021-04-09 18:58:28 Ariadne: doesn't that mean a lot of metadata will be missing? 2021-04-09 18:58:39 Ariadne: I guess for dependencies that does not matter, but other things? 2021-04-09 18:58:46 ericonr, *nod* but the need for non-bootstrappable tooling is awful 2021-04-09 18:58:50 Ariadne: or is this just for that entry_points? 2021-04-09 18:59:01 hmm 2021-04-09 18:59:07 idk 2021-04-09 18:59:15 i hate this 2021-04-09 18:59:30 Ariadne: My understanding is that setuptools is supposed to monkeypatch distutils (sigh) 2021-04-09 18:59:52 Ariadne: atm I can't get what matrix they are testing https://github.com/swoole/swoole-src/pull/4104/files#diff-34f6f011c8bb8ce30fca0061bae061efa7442bf313759586af21945ff2807adfR96 2021-04-09 19:00:01 dalias: that it is :/ 2021-04-09 19:00:25 i'll just let Cogitri figure it out 2021-04-09 19:00:27 back to GCC :) 2021-04-09 19:00:45 Not sure if letting me figure out python things will work out so well :D 2021-04-09 19:01:51 ikke: i don't think my patch is harmful 2021-04-09 19:02:34 it just removes KeyError for situations where something is unset 2021-04-09 19:02:38 Part of dependencies are needed for tests only so could get skip, and there is never release 2021-04-09 19:02:40 which is fine because we are setting? 2021-04-09 19:02:42 idk 2021-04-09 19:02:49 this is unpleasant 2021-04-09 19:04:39 things will be so much better once there's a rust implementation in gcc 2021-04-09 19:04:54 the ABI mismatches will still exist :/ 2021-04-09 19:05:28 especially if it can bootstrap the llvm one for ppl who want it 2021-04-09 19:05:38 but i would be happy to just throw out all the llvm stuff 2021-04-09 19:06:00 i guess the llvm one is nice to have if you want to target wasm 2021-04-09 19:09:15 ericonr: link to this reddit thread 2021-04-09 19:09:37 I should warn you, it has bad takes 2021-04-09 19:09:49 of coruse it does 2021-04-09 19:09:51 its reddit 2021-04-09 19:09:52 https://www.reddit.com/r/rust/comments/mn76kt/major_change_proposal_update_the_existing_musl 2021-04-09 19:09:53 its rust 2021-04-09 19:09:54 [REDDIT] Major Change Proposal: Update the existing musl targets to be dynamically linked (https://github.com/rust-lang/compiler-team/issues/422) to r/rust | 147 points (96.0%) | 89 comments | Posted by sanxiyn | Created at 2021-04-09 - 02:05:20UTC 2021-04-09 19:11:43 let me put it this way, if these people come and sealion their way into fucking us out of having a usable rust toolchain, i'm just going to spend my time working on ways to end rust 2021-04-09 19:12:33 oh, i will raise hell if that happens 2021-04-09 19:12:41 for calling this a fucking "major change proposal" 2021-04-09 19:12:46 which it is not 2021-04-09 19:12:49 it's a small bugfix 2021-04-09 19:13:09 i raised that in the meeting and was told MCP is just a misnomer for "minor change proposal" 2021-04-09 19:13:20 but if their bad naming screws this up i will be very very mad 2021-04-09 19:13:26 Not every peice of software is maintained. I, personally, have written software that I believe is unmaintained and will be broken by this patch. If the scientists who use it come back to it in two years and try and make a small change this change will probably entirely block them. Warnings for awhile is simply not an adequate excuse to make breaking changes to stable software. 2021-04-09 19:13:31 don't worry mr. rustdragon 2021-04-09 19:13:34 hey, I just read that 2021-04-09 19:13:36 your code won't compile in 2 years anyway 2021-04-09 19:13:41 lmao 2021-04-09 19:13:46 downvote all the shit comments like that 2021-04-09 19:14:12 why do people consider toolchain changes as breaking code 2021-04-09 19:14:18 because half the rust features it uses will have been replaced with new rust features 2021-04-09 19:14:44 also who the fuck uses rust and musl in scientific computing 2021-04-09 19:15:16 all of my attempts at evangelism of musl in the scientific computing world have resulted in "the math library is not the same as glibc, so we can't use it sorry" 2021-04-09 19:16:50 in any case if they screw this up we just continue to patch 2021-04-09 19:16:52 and call rust broken 2021-04-09 19:16:58 which is no different from the status quo 2021-04-09 19:17:09 well, no, it is slightly different 2021-04-09 19:17:21 because now we have, what the children call these days, "reciepts" 2021-04-09 19:17:34 receipts, rather 2021-04-09 19:17:40 so we just cancel them 2021-04-09 19:17:42 or whatever 2021-04-09 19:22:22 no that's not how anything works 2021-04-09 19:28:20 https://www.reddit.com/r/rust/comments/mn76kt/major_change_proposal_update_the_existing_musl/gtyrkjt/?utm_source=reddit&utm_medium=web2x&context=3 2021-04-09 19:28:21 [REDDIT] Major Change Proposal: Update the existing musl targets to be dynamically linked (https://github.com/rust-lang/compiler-team/issues/422) to r/rust | 145 points (96.0%) | 94 comments | Posted by sanxiyn | Created at 2021-04-09 - 02:05:20UTC 2021-04-09 19:28:23 this person's take annoyed me 2021-04-09 19:28:41 to the point that i willingly signed up for a reddit account 2021-04-09 19:28:55 trying to upgrade maturin I found that they did this https://github.com/PyO3/maturin/commit/fe41da6a7d1ad5940bfec161ed1d2d556d0856fb letting target_triple from `rustc -vV` but the platforms crate doesn't know of *-alpine-linux-musl so built maturin will fail to run 2021-04-09 19:30:15 omni: ugh 2021-04-09 19:30:18 :D 2021-04-09 19:30:23 if I let target_triple be (for example) x86_64-unknown-linux-musl it'll run fine (on x86_64, in this case) 2021-04-09 19:30:26 omni: WHICH IS WHY I AM TRYING TO FIX THIS OMG 2021-04-09 19:30:33 omni: it won't 2021-04-09 19:30:37 iirc maturin depends on a crate that replicates the markdown target table 2021-04-09 19:30:43 omni: you'll wind up with musl staticly linked into the python module 2021-04-09 19:30:45 so you need to use official rust targets for it to work right 2021-04-09 19:30:59 python3-setuptools_rust passes the flag for no static musl 2021-04-09 19:31:01 on musl targets 2021-04-09 19:31:03 Ariadne: oh, ah 2021-04-09 19:31:05 oh ok 2021-04-09 19:31:10 I don't remember what maturin does 2021-04-09 19:31:11 well anyway 2021-04-09 19:31:15 this is why i am trying to fix this shit 2021-04-09 19:31:24 the inner workings of the python-rust integration are lost on me 2021-04-09 19:31:40 but we do have a working python3-adblock package on void, at least 2021-04-09 19:31:43 i almost wanted to ask him if he expected his rust code to compile in 2 years 2021-04-09 19:31:51 haha 2021-04-09 19:31:58 Ariadne: I think another commenter did ask that 2021-04-09 19:32:28 i am also confused about scientific computing on musl 2021-04-09 19:32:39 every time anyone from here has tried to evangelize 2021-04-09 19:32:42 people are like 2021-04-09 19:32:48 OMG MUSL MATH LIB SUCKS 2021-04-09 19:33:02 because its not bug compatible with glibc 2021-04-09 19:33:13 apparently all of our science now depends on bug compatibility with glibc 2021-04-09 19:33:15 sad if true 2021-04-09 19:34:12 Ariadne: if scientist-written code *only* depends on bug compatibility and not also random UB, I'd be happy already :p 2021-04-09 19:34:13 It probably invalidates all their research :P 2021-04-09 19:34:52 :) 2021-04-09 19:39:34 /nick kurt_goedel math axsioms are wrong /nick mps :) 2021-04-09 19:39:47 :) 2021-04-09 19:43:13 Is that goedel from goedel, escher, bach? 2021-04-09 19:44:38 no, this one https://en.wikipedia.org/wiki/Kurt_G%C3%B6del 2021-04-09 19:44:39 [WIKIPEDIA] Kurt Gödel | "Kurt Friedrich Gödel (; German: [ˈkʊɐ̯t ˈɡøːdl̩] (listen); April 28, 1906 – January 14, 1978) was a Austrian-German-American logician, mathematician, and analytic philosopher. Considered along with Aristotle and Gottlob Frege to be one of the most significant logicians in history, Gödel had an immense..." 2021-04-09 19:44:51 ok 2021-04-09 19:44:58 can't find anything better right now 2021-04-09 19:45:34 https://en.wikipedia.org/wiki/G%C3%B6del%27s_incompleteness_theorems 2021-04-09 19:45:35 [WIKIPEDIA] Gödel's incompleteness theorems | "Gödel's incompleteness theorems are two theorems of mathematical logic that demonstrate the inherent limitations of every formal axiomatic system capable of modelling basic arithmetic. These results, published by Kurt Gödel in 1931, are important both in mathematical logic and in the philosophy of mathematics..." 2021-04-09 19:46:58 yes, this kurt goedel is the same as in egb 2021-04-09 19:48:01 and people wonders what is wrong with science which is based on math ;) 2021-04-09 20:28:53 "Failed to create a virtualenv: Os" ..hmm... 2021-04-09 20:35:41 Ariadne: did you remove your comment and account again? 2021-04-09 20:35:47 no 2021-04-09 20:35:56 i think reddit is having issues 2021-04-09 20:36:31 huh, ok 2021-04-09 20:38:42 you might be hidden because no karma or something 2021-04-09 20:38:49 reddit also works in mysterious ways 2021-04-09 20:39:43 never ben a fan of forums but I end up reading something there once in a while 2021-04-09 20:39:47 any idea who the OP is? 2021-04-09 20:40:07 the reddit servers are the most dysfunctional of all big social media platforms 2021-04-09 20:40:10 btw, *.reddit.com could be replaced with teddit.net for your convenience 2021-04-09 20:40:15 they're regularly down or partially down 2021-04-09 20:40:21 if it's someone actually involved with the project i want to complain to the rust folks we're in touch with 2021-04-09 20:40:23 the authentication fails on a regular basis 2021-04-09 20:40:23 etc. 2021-04-09 20:40:42 because putting this in front of a bikeshed crowd with no stake in the outcome was an asshole move 2021-04-09 20:42:15 dalias: i have already complained in zulip, they agree this is unfortunate 2021-04-09 20:42:36 good 2021-04-09 20:42:42 it's a random person it seems 2021-04-09 20:42:47 they like to flame debates though 2021-04-09 20:42:56 i think this should be a call to fix the naming of MCPs 2021-04-09 20:43:03 s/Major/Minor/ 2021-04-09 20:43:42 red tape proposal 2021-04-09 20:43:43 :) 2021-04-09 20:44:00 to be honest, this should have been solved years ago 2021-04-09 20:44:09 had i known this was such a disaster, i would have taken action then 2021-04-09 20:44:32 then again, there were only a few hundred million musl installs at the time, so maybe they wouldn't have been swayed so easily 2021-04-09 20:45:00 Alpine has only started to be taken "seriously" in that way in the past 2 years imo 2021-04-09 20:45:43 and in 2017, a gentoo-musl dev tried to fix it and they told them to pound sand 2021-04-09 20:45:48 from seeing him in issues I think he's suffering a lot of burnout, but crichton made some bad decisions on rust :/ 2021-04-09 20:45:55 :/ 2021-04-09 20:46:19 it's so stupid this was even an issue because it's *out of the scope* of the language 2021-04-09 20:46:24 :D 2021-04-09 20:46:28 i think had crichton came and talked to us in #musl we would have been able to find a solution that made everyone happy from day 1 2021-04-09 20:46:30 it's a part of the target specification 2021-04-09 20:46:48 maybe i need to write up a musl abi document that says toolchains produce dynamic binaries by default :-p 2021-04-09 20:46:58 dalias: rust is rustc, rustc tied to cargo, therefore toolchain == language for most folks 2021-04-09 20:47:21 yes that's one of the fundamental problems of rust 2021-04-09 20:47:21 i think if you are going to do weird shit with somebody's work, you should probably go talk to that somebody first 2021-04-09 20:47:40 it is just a matter of politeness 2021-04-09 20:47:43 *nod* 2021-04-09 20:56:03 and in fairness, -dynmusl was something we could have begrudgingly lived with 2021-04-09 20:56:08 they didn't want that 2021-04-09 20:56:17 so obviously we are going to move to protect our interests 2021-04-09 20:56:21 :) 2021-04-09 21:32:30 i wonder how difficult it would be to just build a curses emulation package on top of a good term lib, like notcurses 2021-04-09 21:32:59 i dont want -dynmusl either 2021-04-09 21:36:03 well, i don't either, but it would have been livable 2021-04-09 21:44:28 Ariadne: notcurses depends on ncurses directly :/ 2021-04-09 21:45:05 or is it libtinfo? 2021-04-09 21:47:36 -dynmusl is a declaration that musl is second-class 2021-04-09 21:50:09 ericonr: it’s only libtinfo 2021-04-09 21:50:25 Ariadne: I reached out to the rust devs at the time, it got ignored 2021-04-09 21:50:57 Shiz: so in other words the only reason they care now is because we have 2 billion installs? :) 2021-04-09 21:51:09 tbf i never bothered to ping 2021-04-09 21:51:11 :p 2021-04-09 21:51:33 i suspect it has a lot to do with it 2021-04-09 21:51:34 https://internals.rust-lang.org/t/refining-cross-platform-crt-static-semantics/5085 2021-04-09 21:51:36 was my thread 2021-04-09 21:51:59 btw iirc the static linked musl target is broken still 2021-04-09 21:52:08 it links both their shipped libc and the system one 2021-04-09 21:52:26 so *all* upsteam musl targeting in rust is currently broken 2021-04-09 21:53:50 ouch 2021-04-09 21:54:18 conclusion from the rust folks: musl is broken 2021-04-09 21:54:30 conclusion from the musl folks: rust is broken 2021-04-09 21:55:55 huh? 2021-04-09 21:56:11 the conclusion from the rust developers is now that rust was broken 2021-04-09 21:56:31 the rust users may be a different story, but i don’t think that’s a huge concern 2021-04-09 21:56:32 okok, conclusion from the reddit rust folks :P 2021-04-09 21:56:41 and this is partly a symptom of rust folks not understanding what a cross compiler is 2021-04-09 21:57:05 if you're providing your own system libraries for a target that might be different from host, that's a cross compiler 2021-04-09 21:57:15 it’s only the rust developers that i care about 2021-04-09 21:57:20 if you're using the native system libraries on the host, that's a native compiler 2021-04-09 21:57:41 if you're mixing them, you have a broken toolchain 2021-04-09 21:57:49 guess which one rust is... 2021-04-09 21:58:07 :D 2021-04-09 22:00:17 acting as a cross compiler targeting musl (esp static musl) is great 2021-04-09 22:00:24 but mixing that with linking host libs is not 2021-04-09 22:01:26 since these are mozillians i am just going to start saying their use of musl is equivalently problematic as a modified version of firefox 2021-04-09 22:02:24 "… except that one is broken" 2021-04-09 22:05:35 Ariadne: I don't like that argument 2021-04-09 22:05:41 mozilla's stance sucks 2021-04-09 22:06:55 i’m not a fan of it but they “get it” 2021-04-09 22:07:35 and i’m willing to use language they “get” in order to keep peoples eye on the ball 2021-04-09 22:08:09 it is not even a “wrong” position. we are certainly unhappy about what they have done with musl. 2021-04-09 22:08:39 in the same way mozilla would be if somebody took firefox and broke it and said it was firefox 2021-04-09 22:09:13 sometimes you have to frame things in a way that makes sense to their worldview 2021-04-09 22:09:15 :) 2021-04-09 22:09:44 and the promotion of the idea that musl is for static linking has done harm to musl 2021-04-09 22:09:57 oh man do I want to go to reddit to find out the drama 2021-04-09 22:10:03 as we can see in the reddit post 2021-04-09 22:11:03 i mean the reddit thread is boring 2021-04-09 22:11:09 do as you wish tho 2021-04-09 22:11:24 it’s a lot of bad takes 2021-04-09 22:11:29 not hard to find 2021-04-09 22:11:38 what's actually.. happened? 2021-04-09 22:12:13 nothing has happened, other than the zulip discussion having idiots join and make bad arguments 2021-04-09 22:12:58 and i think we have been nicer than mozilla would be if the situation were reversed 2021-04-09 22:14:10 but a lot of people on rust think alpine and openwrt and so on are static linked 2021-04-09 22:14:14 which is pretty funny 2021-04-09 22:14:57 ACTION nods 2021-04-09 22:15:04 how do they think that works?? 2021-04-09 22:15:11 firefox requires dynamic linking afaik 2021-04-09 22:15:23 and of course python does 2021-04-09 22:16:23 really i think having discovered the true depths of depravity that alex crichton went to with the ride he took musl on 2021-04-09 22:16:38 we have been quite reserved in our response 2021-04-09 22:16:48 we just want it fixed 2021-04-09 22:19:53 firefox dlopen's a whole menagerie of libraries, I doubt it can do static linking 2021-04-09 22:31:26 i don’t really know where the musl == static linking meme came from 2021-04-09 22:31:29 probably hacker news 2021-04-09 22:33:04 as i pointed out when you download a toolchain from musl.cc it doesn’t spit out static binaries unless you ask it to 2021-04-09 22:33:14 so why does rustc? 2021-04-09 22:36:59 should the linter trigger on comments? 2021-04-09 22:44:23 my guess is glibc != static linking, musl != glibc, therefore musl = static linking 2021-04-09 22:44:30 me do good maths 2021-04-09 22:44:39 lol 2021-04-09 23:37:07 it looks like the version number discussion is already resolved against the change, which is the outcome I would have argued for 2021-04-09 23:37:22 so to quickly add my 2c here instead: the existing scheme is also a marketing feature for alpine 2021-04-09 23:37:53 15 => ∞ is a chromium-style versioning scheme that just says we crap out releases whenever we feel like it and there's no meaningful difference between them 2021-04-09 23:38:03 dated releases say we release when the clock shows the appropriate time and just hope it's good 2021-04-09 23:40:27 major.minor.patch says we release it when it's ready, and you can learn something useful from the numbers 2021-04-10 01:19:58 i think Ariadne's point is that the numbers don't have useful information anymore 2021-04-10 01:20:09 right, basically 2021-04-10 01:20:15 it's all numberwang anyway 2021-04-10 01:28:06 that a four is unlikely does not make the 3 unmeaningful 2021-04-10 01:28:37 hindsight is 20:20 anyway, maybe someday there will be a 4 2021-04-10 01:29:12 alpine pre-dates musl entirely, after all 2021-04-10 01:34:45 it seems unlikely that alpine will ever switch from musl 2021-04-10 01:35:02 it seems unlikely that alpine will ever switch from uclibc 2021-04-10 01:35:09 no, that was very likely 2021-04-10 01:35:28 we *forked* uclibc afterall :) 2021-04-10 01:36:09 well, argue it as we might, dropping the major version number is a decision lacking foresight 2021-04-10 01:36:16 and the patch number is definitely useful 2021-04-10 01:36:25 i don't really care what the version number is 2021-04-10 01:36:31 then don't change it 2021-04-10 01:36:42 i was just restarting the conversation since we decided to postpone until after 3.14 2021-04-10 01:36:43 :) 2021-04-10 01:36:44 if you don't care, don't change things. tends to work out better that way 2021-04-10 01:36:56 the root of the problem is that semver is insufficient 2021-04-10 01:37:08 perfect is the enemy of good 2021-04-10 01:37:08 you really need 4 numbers, not 3, to capture an accurate version 2021-04-10 01:37:21 you need 5 numbers 2021-04-10 01:37:24 because the "major" often becomes a "lifetime" number that never changes 2021-04-10 01:37:32 so you can reflect the author's mood at release time 2021-04-10 01:37:35 using numerology 2021-04-10 01:37:36 how about 3 numbers and read the changelog 2021-04-10 01:37:51 you need lifetime.major.minor.patch 2021-04-10 01:38:16 the 3 in Alpine was designed as a major 2021-04-10 01:38:17 "never" is a word that people only ever use on a webshit move-fast-and-break-things timeline 2021-04-10 01:38:20 but has become a lifetime 2021-04-10 01:38:25 I for one hope that alpine is still good in 20 years 2021-04-10 01:38:35 yeah uhh 2021-04-10 01:38:38 it's a very classic evolution in version numbers, but people don't learn 2021-04-10 01:38:46 i'll probably have jumped out of a balcony by then 2021-04-10 01:38:48 and 20 years ago, linux itself wasn't a thing 2021-04-10 01:38:48 soooo 2021-04-10 01:38:50 and stick to 3-number semver because there's a website or something 2021-04-10 01:38:51 :p 2021-04-10 01:39:04 well, at least you won't be proposing version numbering changes anymore :P 2021-04-10 01:39:34 bold of yall to assume tech as we know it will still be a thing in 20 years 2021-04-10 01:39:34 though if alpine drives its devs to jump off of balconies the version numbers don't really matter at that point 2021-04-10 01:39:56 all major air traffic control systems run on technology which has not been upgraded in 30 years or more, skarnet 2021-04-10 01:40:14 oh, that's not what I meant 2021-04-10 01:40:19 honestly i am assuming systemd will gain hard AI capabilities and the US military will have been stupid and deployed systemd on the systems which launch the nukes 2021-04-10 01:40:44 that will only make the apocalypse come sooner and by accident 2021-04-10 01:40:47 and we will all be driving around in a post-nuclear wasteland 2021-04-10 01:40:56 the rover which landed on Mars in February is running VxSphere 2021-04-10 01:40:59 fighting boston robotics robomutts 2021-04-10 01:41:04 which was first released in 1987 2021-04-10 01:41:09 VxWorks 2021-04-10 01:41:13 err, VxWorks 2021-04-10 01:41:15 yall are imagining a future with more tech 2021-04-10 01:41:22 that's not what will happen 2021-04-10 01:41:59 the future will be current tech slowly breaking down due to lack of mineral resources and energy 2021-04-10 01:42:16 and people taping it together with wire and hope 2021-04-10 01:42:26 and yet systemd will still exist 2021-04-10 01:42:38 it will be one of the first things to go away 2021-04-10 01:42:50 because when shtf you go for efficiency 2021-04-10 01:42:55 I can tell you one thing: collapseOS won't be around 2021-04-10 01:43:05 what is collapseOS 2021-04-10 01:43:15 a thing which thinks it will be around after the apocalypse 2021-04-10 01:43:21 and actually contains a fork of some of my code I think 2021-04-10 01:43:24 It is a Forth (why Forth?) operating system and a collection of tools and documentation with a single purpose: preserve the ability to program microcontrollers through civilizational collapse. 2021-04-10 01:43:25 i umm 2021-04-10 01:43:27 ok 2021-04-10 01:43:29 :) 2021-04-10 01:43:33 not as long as your code is Go :P 2021-04-10 01:43:37 z80 assembly in this case 2021-04-10 06:54:09 omni: in general the linter should not act on comments, with a few exceptions 2021-04-10 07:03:31 I know I'm late to reply, but Collapse has a whole page on why forth. And forth is really great for quickly building small self-hosting systems. C exists for most things, but can't be bootstrapped as easily into a full OS. 2021-04-10 07:06:38 forth is 'safe' language because it is simple. used in a lot of NASA, JPL and similar things where reliability is _really_ important 2021-04-10 07:07:19 oh, and israelis jet fighter 2021-04-10 07:07:35 fighters* 2021-04-10 07:08:35 but forth requires some 'changes' in programmers mind, which is hardest thing to achieve 2021-04-10 07:09:47 there are some CPUs in which forth is machine language, RTX2000 and similar 2021-04-10 07:10:53 but forth is different paradigm, though Postscript in actually forth interpreter 2021-04-10 07:11:54 something else, zathura segfaults on edge (aarch64 at least) and rebuild fixes this 2021-04-10 07:12:13 not sure which lib is cause 2021-04-10 07:12:27 probably sqlite-libs upgrade 2021-04-10 07:14:18 so, how should commit msg be written: 'rebuild to fix segfault' 2021-04-10 07:45:39 mps: it would be nice to figure out what change broke abi though, so that everything else that have the dependency can be rebuilt 2021-04-10 08:10:04 afontain_: yes, I agree. but I would have to 'go back' (rewind FS) on my test box, running strace and probably gdb, maybe something more to find what is 'casus belli' 2021-04-10 08:10:28 or, simply rebuild 2021-04-10 08:11:57 and, my intuition says: sqlite-libs. wanna bet? :) 2021-04-10 08:15:27 I lost ;) 2021-04-10 08:15:33 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL 2021-04-10 08:16:17 ' <... ppoll resumed> ) = ?' 2021-04-10 08:18:09 no, I win, removing bookmarks.sqlite fixes problem even without rebuild zathura 2021-04-10 08:18:52 but got 'warning: failed to update database table layout: sha256' 2021-04-10 09:58:08 ikke: it complained when I surrounded with backticks in a comment, so I switched to double quotes 2021-04-10 09:58:22 omni: aha ok 2021-04-10 10:00:44 Do you have a link to the job? 2021-04-10 10:07:35 I'm stuck on this missing header: fatal error: pc/sctp_data_channel.h: No such file or directory which seems part of Google WebRTC but I investigated archlinux and fedora packages, they use the same telegram tarball and I don't find where they get this header file (obv is not inside the tarball) 2021-04-10 10:09:07 and it's not a dependency? 2021-04-10 10:09:52 I guess... 2021-04-10 10:10:00 donoban: https://github.com/archlinux/svntogit-community/blob/packages/telegram-desktop/trunk/PKGBUILD#L21 2021-04-10 10:10:05 there they seem to do something with that 2021-04-10 10:10:09 uhM 2021-04-10 10:10:26 I found it on archlinux, they package it on libtg_owt 2021-04-10 10:10:37 aha 2021-04-10 10:11:24 https://archlinux.org/packages/community/x86_64/libtg_owt/ 2021-04-10 10:11:38 https://github.com/desktop-app/tg_owt 2021-04-10 10:12:07 it's a pretty crazy mix of dependencies 2021-04-10 10:13:04 ikke: sure https://gitlab.alpinelinux.org/omni/aports/-/jobs/368018 the comment was: # enable interpreter `python` hack 2021-04-10 10:13:27 omni: thanks 2021-04-10 10:13:42 This should certainly not trip on comments 2021-04-10 10:14:53 so the "right" way is packagint this tg_owt? and add as make dep for telegram-desktop? 2021-04-10 10:15:16 donoban: I suppose so 2021-04-10 10:16:15 Replaces: libwebrtc 2021-04-10 10:16:20 (on archlinux) 2021-04-10 10:16:37 but telegram-desktop is the only packaga which requires it 2021-04-10 10:16:52 I don't see libwebrtc on alpine 2021-04-10 10:17:07 https://pkgs.alpinelinux.org/packages?name=*webrtc*&branch=edge&arch=x86_64 2021-04-10 10:17:12 ikke: didn't think so either, but I was tired and my friend had left me with a glass of liqour so I didn't want to exclude myself from the equation =) 2021-04-10 10:18:12 well, if I create libtg_owt should do it in testing and move also telegram-desktop to testing? 2021-04-10 10:19:45 donoban: new dependencies can usually be created directly in the repo that needs them 2021-04-10 10:20:02 ok 2021-04-10 10:20:37 better calling it libtg_owt altough upstream calls it tg_owt? 2021-04-10 10:21:07 we tend to prefer upstream naming 2021-04-10 10:21:26 ouch, there are no release nor tagging :\ 2021-04-10 10:21:43 fun 2021-04-10 10:21:55 Can you get a snapshot from a commit? 2021-04-10 10:22:23 yes I think, arch uses libtg_owt 0.git4.2d804d2-1 2021-04-10 10:22:41 https://github.com/desktop-app/tg_owt/archive/e5a67a122e5094eefec7b7da0c41792e036f4f8e.tar.gz 2021-04-10 10:22:51 "tg_owt::git+${url}.git#commit=${_commit}" 2021-04-10 10:23:08 We don't support git urls 2021-04-10 10:23:36 ahm, and I see that they use 3 source origins 2021-04-10 10:23:47 tg_owt, libvpx and libvyuv 2021-04-10 10:24:07 and set as git submodules 2021-04-10 10:24:15 it seems that telegram does a heavy use of git submodules 2021-04-10 10:26:03 another option is try to disable tgcalls 2021-04-10 10:26:10 If it's a submodule, you could include it in the same package 2021-04-10 10:26:11 and build telegram without it :\ 2021-04-10 10:26:31 download the 3 tarballs and then unpack according? 2021-04-10 10:26:46 Yes 2021-04-10 10:26:59 https://tpaste.us/lEew 2021-04-10 10:27:03 there is what arch does 2021-04-10 10:27:18 yeah, they build directly from a git repo 2021-04-10 10:27:40 and the no-tgcalls option? xd 2021-04-10 10:27:56 If you are the maintainer, it's for you to decide :) 2021-04-10 10:28:50 hehe ok 2021-04-10 10:32:26 In the main of keeping it simple, it seems the best decision :D 2021-04-10 10:33:11 In the aim* 2021-04-10 10:47:43 omni: interesting, I've already added a testcase for that, but it has been skipped for now 2021-04-10 11:01:16 omni: it's difficult to exclude comments in the way that we currently implemented linting 2021-04-10 12:02:41 anyone working on nld5 (x86_64 dev containers) right now? 2021-04-10 12:06:49 yes 2021-04-10 12:07:10 but I can stop 2021-04-10 12:07:19 I'm planning to upgrade it 2021-04-10 12:07:35 ok, in a minute I will stop 2021-04-10 12:08:08 finished :) 2021-04-10 12:09:40 lxc-create works with clandmeters patch 2021-04-10 12:09:53 I guess we want to include that? 2021-04-10 12:12:30 I think so 2021-04-10 12:19:45 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20344 2021-04-10 12:29:02 mps: will reboot nld5 soon 2021-04-10 12:29:53 NP 2021-04-10 12:31:05 will you upgrade kernel also 2021-04-10 12:31:51 yes 2021-04-10 12:32:25 that what I'm waiting for long, thanks 2021-04-10 12:46:22 It's up again 2021-04-10 12:46:37 ugh 2021-04-10 12:46:49 still using old kernel 2021-04-10 12:47:17 -vanilla 2021-04-10 12:49:20 huh 2021-04-10 12:49:20 rebooting one more time 2021-04-10 12:49:30 it still had -vanilla, so it was not upgraded 2021-04-10 12:49:49 just wanted to 'scorn' 2021-04-10 12:50:23 rebooting one more time 2021-04-10 12:50:30 go 2021-04-10 12:57:15 nld5-dev1 [~]# uname -r 2021-04-10 12:57:18 5.10.27-0-lts 2021-04-10 12:57:56 I'm happy that we found and fixed the lxc problem with 3.13 2021-04-10 12:57:59 ehm, I expeted 5.11.12-edge ;) 2021-04-10 12:58:04 mps: :P 2021-04-10 12:59:02 we should move clamav to community, imo 2021-04-10 13:00:55 now we have to take risking clamav upgrade for 3.12-stable from 0.102.4 to 0.103.2 2021-04-10 13:18:45 So, does someone know what's with py3-setuptools now knowing some keys (like tests) anymore? 2021-04-10 13:18:55 Cogitri: not really 2021-04-10 13:21:18 :/ 2021-04-10 13:21:41 I don't really know much Python so not sure if I can be of help with that 2021-04-10 13:22:14 I do know python, but not the whole setuptools ecosystem 2021-04-10 13:24:43 is there an issue? 2021-04-10 13:25:20 many packages fail 2021-04-10 13:25:23 when running check 2021-04-10 13:25:47 https://build.alpinelinux.org/buildlogs/build-edge-mips64/testing/py3-pyroma/py3-pyroma-2.6-r1.log 2021-04-10 13:25:50 for example 2021-04-10 13:30:23 i mean filed 2021-04-10 13:30:35 ah 2021-04-10 13:30:40 Not yet 2021-04-10 14:30:45 Cogitri: 'test' is supposedly a deprecated target 2021-04-10 14:30:52 in setuptools 2021-04-10 14:31:01 Huh 2021-04-10 14:31:04 they should print a warning every time you run it 2021-04-10 14:31:08 yes, it does 2021-04-10 14:31:15 Ah, I guess because they're moving away from setup.py? 2021-04-10 14:31:16 but it should at least still work 2021-04-10 14:31:25 did they finally remove it, maybe? 2021-04-10 14:31:35 python packaging is a fucking mess 2021-04-10 14:31:35 No, the target still works 2021-04-10 15:33:33 Are there any updates in the provider_priority problems and pulseaudio-alsa ? 2021-04-10 15:33:41 related to pipewire? 2021-04-10 15:36:12 wdym? 2021-04-10 15:37:09 there was a conflict on installing/upgrading pulseaudio-alsa that resulted in pipewire being installed even though pulse should've been the first by priority 2021-04-10 15:37:46 because pipewire-pulse provides pulseaudio-alsa and that is installed even though the priority is lower 2021-04-10 15:39:34 That has already been fixed a few days ago 2021-04-10 15:39:51 As in, it won't happen to people updating now. But if it has already replaced pulseaudio, it won't automatically undo itself 2021-04-10 15:40:03 https://postmarketos.org/edge/2021/04/02/pipewire-pulse/ 2021-04-10 15:41:22 that's not what i'm talking about 2021-04-10 15:43:10 while the pipewire-pulse problem was fixed, this provides (i assume bug) is still there 2021-04-10 15:43:26 i am gonna dig through the dep solver to see if i can find why this happens 2021-04-10 16:05:11 http://0x0.st/-Ta6.txt line 172750 to 172763 are relevant here 2021-04-10 16:07:24 so apparently because it provides more it is chosen over pulseaudio-alsa 2021-04-10 16:09:10 Makes sense, pulseaudio-alsa doesn't have a priority set 2021-04-10 16:09:16 So I guess that needs changing 2021-04-10 16:09:32 it does 2021-04-10 16:09:39 Oh huh 2021-04-10 16:09:52 Ignore me then 😛 2021-04-10 16:10:18 it solves more package deps with one install 2021-04-10 16:10:33 idk why this would even be a choice other than for saving space 2021-04-10 16:11:18 lemme try to build it without this in the dep calculation and see if anything changes 2021-04-10 16:11:27 and hope that i don't break world and have to restore a snapshot 2021-04-10 16:13:18 yep that does it 2021-04-10 16:13:34 so uhh, should i open a pull request about this or discuss it more? 2021-04-10 16:14:03 since idk if anything else would break as result 2021-04-10 16:14:07 even though i highly doubt 2021-04-10 16:18:11 or even moving it below installed packages helps more 2021-04-10 16:22:10 http://0x0.st/-TaF.diff here's the relevant diff i tested with 2021-04-10 18:19:09 ariadne, good to hear things are going smoothly with rust side :) 2021-04-10 18:19:29 so far 2021-04-10 18:19:44 ariadne, we really should write up the static linking bug (2 libcs) too, but avoid mixing it with this issue 2021-04-10 18:19:59 because i'm pretty sure all existing static linking of musl by rustc is broken, too... 2021-04-10 18:19:59 well both are going to be fixed 2021-04-10 18:20:08 ah are they on it already? 2021-04-10 18:41:36 mps: have that kernel config update script around? 2021-04-10 18:42:12 mps: I just got new hd's to my builder machine so I'll be able to run again some builds 2021-04-10 18:45:37 dalias: from my debugging the double linking didn't seem to happen 2021-04-10 18:46:04 they scrape libc.a from their liblibc.rlib file before linking if one forces normal linking 2021-04-10 18:46:26 ikke Ariadne what do we need to do to get the kubernetes packages into a stable release? They’re currently on edge testing 2021-04-10 18:47:10 L1Cafe: you should ask fcolista to move it to community, by filing a bug 2021-04-10 18:47:36 ericonr, for both dynamic and static linking? 2021-04-10 18:47:43 what does the liblibc.rlib even exist for then?? 2021-04-10 18:47:49 and why does it have a copy of musl inside it? 2021-04-10 18:48:04 Ariadne: they should file a bug or should I do that? 2021-04-10 18:53:57 you should 2021-04-10 18:54:17 dalias: the liblibc.rlib is the rust binding to libc 2021-04-10 18:54:27 dalias: which occasionally embeds musl 2021-04-10 18:55:48 but when does it embed? 2021-04-10 18:55:55 whenever it's doing that it's almost surely broken 2021-04-10 18:55:59 musl is not embeddable 2021-04-10 18:58:28 artok: here https://tpaste.us/5VqE 2021-04-10 18:59:12 thanks 2021-04-10 18:59:22 np :) 2021-04-10 19:24:50 dalias: it embeds it in the target stuff shipped with official rust toolchains (obtained via rustup) 2021-04-10 19:24:58 musl distros patch the embedding out 2021-04-10 19:25:33 when I forced dynamic linking using that toolchain, it stripped libc.a from liblibc.rlib 2021-04-10 19:26:23 I don't think that toolchain supports static linking with an external libc.a (and it doesn't pass -lc to the linker either), so there shouldn't be any situation where we get two libcs in the same file 2021-04-10 19:36:49 do they have an equivalent thing for cross-compiling to glibc target? 2021-04-10 19:36:59 or is this some wacky musl-specific thing they did ? 2021-04-10 19:38:00 i'm pretty sure the last time this was discussed we saw 2 libcs being linked 2021-04-10 20:09:30 dalias: it is musl specific yes 2021-04-10 20:19:07 *sigh* 2021-04-10 20:19:16 why would they do this differently for musl? 2021-04-10 23:44:29 because "create self contained binaries" is a language feature they wanted 2021-04-10 23:44:47 and the only way to do so on linux without reimplementing libc is by linking to musl 2021-04-10 23:45:27 dalias: last time I discussed this here, I also asked on tulip about it, the conclusion seemed to be only one libc 2021-04-11 00:22:23 ok, well we should review it 2021-04-11 05:35:21 is the reporter of https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3976 here? 2021-04-11 05:38:00 Gottox: not here on irc afaik 2021-04-11 05:39:00 okay. afaics the bug is only triggered on musl systems, which is rather strange. 2021-04-11 05:39:47 funny bug. :D 2021-04-11 05:43:23 Can someone with admin rights open this channel in Matrix client and set the room image? 2021-04-11 05:45:02 I don't have matrix setup 2021-04-11 06:31:11 merge !20241 plz 2021-04-11 06:45:29 will be merged 2021-04-11 08:21:15 Gottox: I'm on Matrix, but I'm in this room 2021-04-11 08:23:01 ah, great! 2021-04-11 08:23:27 I actually have no idea how that happens. Did you do any debugging yet? 2021-04-11 08:24:57 Gottox: Well I tried to do some debugging and I have no clue where to even begin/start... I ran the shell in a separate window and have the same issue, I looked into the logs but couldn't see anything obvious. My debugging info is all in the upstream issue. 2021-04-11 08:49:15 I need to find a good place to start debugging... :D 2021-04-11 10:43:26 I'm reading a paper about "Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches" that poses some ideas about the service manager roles that could be interesting now that Alpine is in process of write a new one "from scratch" 2021-04-11 10:45:17 alotugh maybe is too complex for the simplicity priority of alpine, it would be nice if at least the base design allows to expand it 2021-04-11 10:46:46 basically the service manager doesn't just start/stop/kill services, it also has the posiblity of restore them to a "safe" state, and to run them on different degraded state (e.g., with read-only filesystem, CPU quota, network quota...) 2021-04-11 10:48:25 are there any objections prior merging these MR? !17784 and !19094 2021-04-11 10:48:45 https://hal.inria.fr/tel-02417644/document (in case anyone is curious) 2021-04-11 10:49:27 donoban: this is waaaay out of scope for a service manager 2021-04-11 10:49:47 hehe 2021-04-11 10:49:58 it can be done as a specific monitor for services that need it 2021-04-11 10:50:08 but that's about it 2021-04-11 10:50:46 it's more about service monitoring, in a service-specific way, than about "service management" as in machine state management, i.e. startup sequence and state changes 2021-04-11 10:52:30 well the article itself tries to achieve something pretty complicated 2021-04-11 10:53:02 the service monitoring could and should be run as another part, which reads logs and looks for points of interest 2021-04-11 10:53:23 the article uses "service manager" when it really means "process supervisor" 2021-04-11 10:53:44 I really hate it when people use vague terminology without exactly defining what it means 2021-04-11 10:53:52 but then I don't see so out of scope that the service manager handles the low level part of limit the permissions of a service 2021-04-11 10:54:13 that's not the job of a service manager 2021-04-11 10:54:24 that's service policy 2021-04-11 10:54:37 and more precisely, longrun service policy 2021-04-11 10:54:57 so when you say on openRC 2021-04-11 10:55:02 run this service as user X 2021-04-11 10:55:10 is that out of scope? 2021-04-11 10:55:33 no, because openrc is conflating several things 2021-04-11 10:56:17 you should obviously be able to configure service policy in the *interface* 2021-04-11 10:56:30 some of that policy applies to the service manager 2021-04-11 10:56:46 other parts are applied by the process supervisor 2021-04-11 10:57:12 dropping permissions is something that is done at the process supervisor level 2021-04-11 10:57:20 and at this moment in alpine is there no process supervisor? 2021-04-11 10:57:48 supervise-daemon* 2021-04-11 10:58:06 there are several, but by default what is used is either none at all or openrc's own supervise-daemon which does *some* of the work of a process supervisor 2021-04-11 10:58:11 (including dropping permissions) 2021-04-11 10:58:48 so what the interface does is telling either supervise-daemon or start-stop-daemon to drop permissions 2021-04-11 10:59:01 well I don't see any problem if there are different parts 2021-04-11 10:59:21 I very much hope so because that's how you keep stuff small XD 2021-04-11 10:59:44 the objective is that the system could mitigate an instrusion or problem if some service without losing avalaibity in the whole system 2021-04-11 11:00:26 yeah, there are several parts required for that 2021-04-11 11:00:34 a global one, and a local one 2021-04-11 11:00:42 the global one can be run as a normal service 2021-04-11 11:00:52 the local one is just how you run the service you want to monitor 2021-04-11 11:01:26 basically instead of running "foo", you run "service-monitor foo" and service-monitor has service-specific config somewhere 2021-04-11 11:01:29 in the article, the main monitor part is most based on linux auditd 2021-04-11 11:01:58 it's a Ph.D. thesis, not an article :D 2021-04-11 11:02:06 well hehe 2021-04-11 11:02:55 anyway yes you can run an auditd and have the service-monitor part be a client of it 2021-04-11 11:03:21 my point is that it can be done in a 100% modular way without needing to involve the service manager 2021-04-11 11:03:34 "We extend the service manager to checkpoint and restore the stateof services." this sould be task of the service supervisor? 2021-04-11 11:04:03 not even that, if it can be done independently, which I believe it can 2021-04-11 11:04:26 they use CRIU for that 2021-04-11 11:04:31 but if it cannot, then yes, it would be the job of a process supervisor 2021-04-11 11:04:35 CRUI and snapper 2021-04-11 11:05:41 so, in your opinion, what is the problem with openRC so alpine is going to do a new system manager? 2021-04-11 11:06:53 s/system/service/ :D 2021-04-11 11:06:54 donoban meant to say: so, in your opinion, what is the problem with openRC so alpine is going to do a new service manager? 2021-04-11 11:06:55 yeah, you can totally do it in a separate layer (and CRIU looks to be shady stuff which is only portable on x86 and arm) 2021-04-11 11:07:34 so I'd say, there's something there but it's still an academic paper and doing that kind of thing in production would... take time 2021-04-11 11:07:43 especially if we want to do it in a clean way :) 2021-04-11 11:08:11 yes yes I was so pretty excited because I saw that alpine was doing a new service manager 2021-04-11 11:08:20 so I though it would be nice to think a little in the ideas of the paper 2021-04-11 11:08:22 what really grinds my gears is when people need functionality in a service and their first line of thought is "we'll extend the service manager"... that's systemd think 2021-04-11 11:09:07 hehe, look at this: "You can see in Table6.1thedifferent projects we modified where we added in total nearly3600lines of C code" 2021-04-11 11:09:20 2,639 new lines to systemd 2021-04-11 11:09:43 yeah forget it 2021-04-11 11:10:27 academic projects man 2021-04-11 11:10:37 maybe is even simple to achieve something similar on a docker based infraestructure 2021-04-11 11:10:46 "we modified systemd in the following way: A, B, C..." 2021-04-11 11:10:57 and then they think their stuff is production-ready :( 2021-04-11 11:11:59 well I will finish the read, there are interesting things :) 2021-04-11 11:12:01 well containers are the steamroller way of restricting a service 2021-04-11 11:12:19 sure you can get a lot of control if you run a service in a container 2021-04-11 11:12:43 well they use systemd in a containerized wey... each service runs owns namespace/cgroup.. 2021-04-11 11:13:18 yeah well you don't go any heavier than that 2021-04-11 11:13:30 I think that there is an intention of new alpine service manager supports namespaces and cgroups 2021-04-11 11:13:51 again: this is not the job of the service manager 2021-04-11 11:14:06 hehe 2021-04-11 11:14:09 running a service in a container can be done independently 2021-04-11 11:14:51 the service manager interface can support syntax for telling the process supervisor to run a service in specific namespaces/cgroups 2021-04-11 11:15:08 so yeah we'll be able to do it 2021-04-11 11:15:26 but terminology is important :) 2021-04-11 11:15:26 I understand your view but also see pretty comfortable to specify in service description, "run this in a container"... 2021-04-11 11:15:52 it's exactly what I said :) 2021-04-11 11:16:00 you'll be able to do that 2021-04-11 11:16:04 ah 2021-04-11 11:16:06 I see 2021-04-11 11:16:06 with a nice declarative interface 2021-04-11 11:17:07 great 2021-04-11 11:17:17 to answer your earlier question: there are *several* problems with openrc 2021-04-11 11:17:37 you can find some of them here: https://skarnet.com/projects/service-manager.html#comparison 2021-04-11 11:18:09 I haven't listed everything because that page isn't supposed to dive into all the technical details 2021-04-11 11:18:15 but it gives the main ones 2021-04-11 11:19:54 oh, I feel that I've already read it but let's do again :) 2021-04-11 11:21:21 it was published early on Friday so you probably haven't read it before ;) 2021-04-11 11:22:16 hahah lol 2021-04-11 11:22:30 so I read something similar :S 2021-04-11 11:25:57 so you are the same as: https://ariadne.space/2021/03/25/lets-build-a-new-service-manager-for-alpine/ 2021-04-11 11:27:16 for a moment I thought there was a prefork :D 2021-04-11 11:33:57 no, it's the same project :) 2021-04-11 11:41:37 I didn't expect soo many red/orange flags on OpenRC, systemd seems a better option :D 2021-04-11 11:43:36 well, there is a difference between "doesn't do it", and "it does, assuming it work?" 2021-04-11 11:44:31 It depends on how optimistic you are :) 2021-04-11 11:44:38 but yeah, systemd is not that bad generally speaking 2021-04-11 11:45:19 yeah, systemd looks greener, but that's because the comparison is mostly about features, not design 2021-04-11 11:45:42 my experience with half the advanced systemd features is "well, it's supposed to work, but it actually doesn't seem to do anything?" 2021-04-11 11:46:27 if there were more questions about "how is this stuff designed? what's the code quality? how does it respect the user?" etc. then there would be a lot more red in systemd's column 2021-04-11 11:46:28 (but maybe it's just me) 2021-04-11 11:47:00 I haven't used systemd enough to be able to tell you ;) 2021-04-11 11:48:54 I bet :P 2021-04-11 11:50:20 oh, I have used it extensively enough :P 2021-04-11 11:50:27 but I haven't delved into the esoteric features 2021-04-11 11:50:55 you really don't want to unless you want to find out about them and why everyone hates them 2021-04-11 17:17:05 would x86 be i586 ("w/o SSE") or i686? 2021-04-11 17:17:30 We target i586 2021-04-11 17:17:37 thanks! 2021-04-11 18:58:50 even base i686 lacks sse btw 2021-04-11 18:59:06 (at least sse2, which is needed for sse to be of any use; original sse1 was basically useless) 2021-04-11 19:15:46 ok 2021-04-11 19:16:03 how do we know things aren't accidentally built for i686? 2021-04-11 19:19:04 We don't really check for that I think 2021-04-11 19:19:35 There was some talk to just require SSE(2) in future Alpine releases 2021-04-11 19:27:31 I like the idea of being able to run modern software on old hardware, even if I don't think I personallyhave any 32bit x86 that old... (or do I..?) 2021-04-11 19:28:35 is armv7 hf or does this not mean much? https://pkgs.alpinelinux.org/contents?file=*cpython-*.so&path=&name=python3&branch=edge&repo=main&arch=armv7 2021-04-11 19:29:03 Cogitri: that wouldbe unfortunate, as there are many alpine installs in the field based on x86 SoCs that do not support SSE(2) 2021-04-11 19:30:22 armv7 should be hardfloat, right? 2021-04-11 19:30:33 yes, armv7 is hardfloat 2021-04-11 19:31:07 ok, cool 2021-04-11 19:31:21 Cogitri: i hope if we do switch to i686 that we will introduce a new arch for this, so that i can keep i586 alpine going without it being confusing 2021-04-11 19:31:25 how do they differ, though, armv7 and armhf? 2021-04-11 19:31:34 armhf is armv6 2021-04-11 19:31:38 armhf is armv6, with hardfloat (it's optional in armv6) 2021-04-11 19:31:38 ah 2021-04-11 19:31:58 armel is armv5, which we no longer build packages for 2021-04-11 19:32:42 what is armv7l? (= 2021-04-11 19:34:27 Ariadne: I'd rather not go through all that effort for an effectively dead arch 2021-04-11 19:34:43 I'm banging my head against maturin and with some help from upstream I got tests to pass for x86_64 and aarch64 but still have issues with 32bit x86 and armv7 (and armhf might not be possible, can't test) 2021-04-11 19:34:58 We we want to keep i686 SSE free, then so be it but let's not make the overhead of maintaining packages even greater with yet another arch next to no one will use 2021-04-11 19:35:03 omni: I can test for you if you want 2021-04-11 19:35:05 s/We/if/ 2021-04-11 19:35:05 Cogitri meant to say: if we want to keep i686 SSE free, then so be it but let's not make the overhead of maintaining packages even greater with yet another arch next to no one will use 2021-04-11 19:35:59 ikke: cool! I'll tell you if I get the tests to pass for armv7, don't think they'll run on armhf before that.. 2021-04-11 19:36:13 nod 2021-04-11 19:41:45 Cogitri: i agree, it is better to keep x86 on i586, since "desktop" users are all likely to use the x86_64 port instead if they want performance 2021-04-11 19:42:05 but technically, armel is still available 2021-04-11 19:42:08 That would make sense to me 2021-04-11 19:42:30 i do build armel packages for alpine for a specific customer 2021-04-11 19:42:42 (a very limited package set) 2021-04-11 19:43:25 and in the case of x86 becoming i686, i am sure people would ask for the i586 port to be kept going 2021-04-11 19:43:26 for some sort of bsc? 2021-04-11 19:43:29 sbc? 2021-04-11 19:43:29 even if unofficially 2021-04-11 19:43:32 yeah 2021-04-11 19:43:53 very similar to the octeon port 2021-04-11 19:45:09 there's an organization that has tens of thousands of sensors out in the world measuring atmospheric quality 2021-04-11 19:45:22 aha, interesting 2021-04-11 19:45:24 they use alpine, on armel, on these boards, because of the run from ram 2021-04-11 19:45:31 nice 2021-04-11 19:46:00 Interesting 2021-04-11 19:46:19 And I think it's fair that we have a limited package set for those arches 2021-04-11 19:46:31 well publicly we have a 0 package set for armel 2021-04-11 19:46:47 because its not worth supporting at distro level anymore 2021-04-11 19:47:00 though i am planning to start an "alpine ports" project to improve that 2021-04-11 19:47:05 armhf support is only due to rpi zero 2021-04-11 19:47:07 But at times I wonder if having mips64 with all packages enabled by default (or rather lots of them disabled because they don't work and probably more being silently broken) is worth it 2021-04-11 19:48:57 And maybe phasing out armhf would be worth it too 2021-04-11 19:49:07 Cogitri: yes, that's the goal of the alpine ports project 2021-04-11 19:49:45 Cogitri: i plan to introduce mips64hf as a replacement for mips64 architecture that is hardfloat. 2021-04-11 19:49:57 Cogitri: which should be basically same story as s390x 2021-04-11 19:50:26 Cogitri: but i still need to support the mips64 softfloat due to octeon having a broken FPU 2021-04-11 19:51:19 Cogitri: i also plan for mips64el to be hardfloat when we start supporting loongson 2021-04-11 19:51:35 most of the problems with the mips port is that its softfloat 2021-04-11 19:52:38 hardsink? 2021-04-11 19:52:47 ? 2021-04-11 19:53:04 nvm me 2021-04-11 19:53:16 hardfloat means we use the hardware FPU 2021-04-11 19:53:22 softfloat means we emulate an FPU 2021-04-11 19:54:17 I meant broken fpu, that it doesn't float *badum* 2021-04-11 19:54:45 Oh wow I get it now :D 2021-04-11 19:55:00 octeon (until octeon 3) has an FPU that does not properly implement some instructions 2021-04-11 19:55:06 to get around patents 2021-04-11 19:55:44 those patents expired with octeon 3, so they implemented the full MIPS FPU 2021-04-11 19:56:08 there are other mips64 CPUs coming out too, like the fungible NPU 2021-04-11 19:56:20 so there is value in the mips64 port in some way, but probably as a hardfloat port 2021-04-11 19:56:48 So what's the roadmap for arch removal/addition? 2021-04-11 19:56:55 no idea 2021-04-11 19:57:00 Remove mips64 non hardfloat and armhf, add riscv? 2021-04-11 19:57:09 at least armhf will be supported for the time being 2021-04-11 19:57:14 armhf we keep around 2021-04-11 19:57:18 pi zero needs it 2021-04-11 19:57:23 postmarketOS needs it too 2021-04-11 19:57:23 I still want someone to make a 1-bit-addressable machine 2021-04-11 19:57:29 N900 is armhf 2021-04-11 19:57:34 (and support it well enough that I can actually use it) 2021-04-11 19:58:03 hg: so that you can address individual bits? :D 2021-04-11 19:58:04 1-bit addressing could not support even a single byte of ram :) 2021-04-11 19:58:07 heh 2021-04-11 19:58:21 ikke: yes 2021-04-11 19:58:32 oh, i see 2021-04-11 19:58:46 so you could do bitwise math without having to pack it into a byte? 2021-04-11 19:58:51 yes 2021-04-11 19:59:00 So you would need to have 512 bits systems :P 2021-04-11 19:59:03 i think riscv has an extension for that 2021-04-11 19:59:09 and languages with sense could compile booleans down to a single bit 2021-04-11 19:59:13 ugh 2021-04-11 19:59:17 how much I want that 2021-04-11 19:59:22 native dense arrays 2021-04-11 19:59:25 native bitarrays 2021-04-11 19:59:37 please, someone do it 2021-04-11 19:59:39 do it for me 2021-04-11 19:59:41 and for science 2021-04-11 19:59:55 Sounds very expensive 2021-04-11 20:00:19 hell, it could let you have arbitrarily-sized, fixed width integers with hardware accel 2021-04-11 20:00:22 oh my god 2021-04-11 20:00:25 thedesires 2021-04-11 20:07:51 Ariadne: Btw, do you happen to know if there's a way to update the info of an apk_database without closing&opening it again? 2021-04-11 20:08:17 no, an apk2 database has to be rescanned by reopening it 2021-04-11 20:08:24 apk3 it will "just work" 2021-04-11 20:08:25 Ah that's unfortunate 2021-04-11 20:08:37 apk-polkit-rs currently spends a rather significant amount of time closing and opening the db between transactions 2021-04-11 20:08:51 what is a transaction in apk-polkit-rs? 2021-04-11 20:09:14 you should be able to just submit the entire upgrade transaction to libapk and run it as a single tx 2021-04-11 20:09:47 A transaction is a single package upgrade since gnome-software demands that level of control 2021-04-11 20:12:05 gnome software can't batch it? 2021-04-11 20:12:09 wtf :D 2021-04-11 20:12:33 but yah unfortunately due to the way the database format works, you have to rescan it every time 2021-04-11 20:12:53 apk gets around this by batching transactions 2021-04-11 20:13:18 Ah, g-s can batch it, but users have the abilities to click upgrade for each package in the UI 2021-04-11 20:13:34 yeah, so if they do it that way it will be slow 2021-04-11 20:13:40 but if g-s batches it it shouldn't be too bad 2021-04-11 20:13:50 Yeah, then it's not too bad 2021-04-11 20:14:21 Btw, not sure where to submit proposals for apkv3 but would be neat if libapk didn't print things to stdout 2021-04-11 20:14:43 apk-tools project 2021-04-11 20:14:46 or mailing list 2021-04-11 20:15:30 Cogitri: this is fixed in apk3, by the apk_log subsystem 2021-04-11 20:15:37 Great 2021-04-11 20:15:44 I build kernel in arvm7 mode for nokia N900 2021-04-11 20:15:47 you can subscribe to apk_log events and handle them however you want 2021-04-11 20:16:01 mps: and it works? i thought OMAP processors were all armv6 2021-04-11 20:16:31 ikke: I'm not gonna get anywhere with this right now !20321, please try on armhf if you want, see if you get similar or other errors, have suggestions etc 2021-04-11 20:16:50 Ariadne: Yay, excited for apkv3 :) 2021-04-11 20:17:32 Ariadne: yes, it works 2021-04-11 20:18:24 oh, n900 is cortex-a8 2021-04-11 20:18:26 which is armv7 2021-04-11 20:18:27 I have alpine armv7 on it 2021-04-11 20:18:39 Cogitri: it can't be slower than dnf 2021-04-11 20:18:50 does-not-finish? :P 2021-04-11 20:19:17 oh, I thought it was "did not finish" 2021-04-11 20:20:05 even my beaglebone (white) is armv7 2021-04-11 20:21:33 omni: always fun when dnf needs to fetch 120MB of repo data just do I can install some 12KB package 2021-04-11 20:21:42 w0t 2021-04-11 20:21:58 although it's still faster than apt for me 2021-04-11 20:21:59 Cogitri: or just to search for a package... 2021-04-11 20:22:04 Yeah 2021-04-11 20:22:53 especially fun since it fetches repo data again if I do `sudo dnf install` and do `dnf search` without root again afterwards 2021-04-11 20:28:36 also rpi pico (2021-01), all 1 models and compute module 1 seem to be armv6 (but at least those are old) 2021-04-11 23:56:59 qtwebengine package is missing qtwebengine 2021-04-11 23:57:47 Yup, we already have an issue for that I think 2021-04-11 23:57:54 only contains some pdf stuff for some reason 2021-04-11 23:59:43 an mr too... 2021-04-12 00:02:37 with failing builds 2021-04-12 00:12:11 could we revert the latest commit of qt5-qtwebengine until it's fixed? 2021-04-12 00:26:23 where can I find the repo with the e0b4b9436033e9bc376597ed90dd1fca9cdc90ff commit? 2021-04-12 00:27:20 oh, nvm, it's just another branch 2021-04-12 00:44:04 https://github.com/qt/qtwebengine/commit/e0b4b9436033e9bc376597ed90dd1fca9cdc90ff =/ 2021-04-12 01:29:15 I mean, I see why you'd want to update to that, there are also a few other chromium bumps before that commit 2021-04-12 06:00:20 skarnet pure-menu does not working for me (Android): https://skarnet.com/#menu 2021-04-12 06:03:08 alpinelinux.org's working. 2021-04-12 06:33:40 morning 2021-04-12 06:34:03 o/ 2021-04-12 06:34:04 hi 2021-04-12 06:35:48 seems like there happened alot over the weekend. im gonna get some breakfast and then im gonna thank you ppl 2021-04-12 06:51:19 $ apk info --who-owns /usr/lib/python3.8/site-packages/pyparsing.py 2021-04-12 06:51:19 /usr/lib/python3.8/site-packages/pyparsing.py is owned by py3-parsing-2.4.7-r2 2021-04-12 06:51:50 That is already the most recent version. The latest git commit is rebuild against python3.9. Maybe rebuilt again? 2021-04-12 06:53:39 on what arch? 2021-04-12 06:54:02 Never mind, looks like I had local rebuilds installed. 2021-04-12 07:42:08 Seems like kubernetes still SEGFAULTs on aarch64 during build :/ 2021-04-12 08:03:17 Ariadne: thank you for the gcc 10.3 update 2021-04-12 08:04:11 and thank you for raising the alpine 15 release version thing. i think its good to ask the question once in a while. and I don't think we should underestimate the value of marketing 2021-04-12 08:05:13 ikke: thank you for setting the foot down on the mailing list, showing that we don't tolerate harassing 2021-04-12 08:06:50 Ariadne: do we continue use gcc 10.x stable branch git snapshots? why dont we stick to the 10.3 release? 2021-04-12 08:08:55 i will try have a look at the aarch64 kubernetes thingy later today 2021-04-12 08:17:37 Thanks 2021-04-12 08:18:30 Can someone look into meson? 2021-04-12 08:25:51 we need to 'fix' clamav for previous stable releases, 3.12 and back. problem is backporting 'fixes' is a lot of work and questionable safety 2021-04-12 08:26:42 other option upgrade to latest upstream stable on all our supported releases 2021-04-12 08:26:54 nothing depends on clamav-dev 2021-04-12 08:27:40 on older releases problem could appear in some 'interfaces' (options) to other programs 2021-04-12 08:29:30 and we should move such programs to community 2021-04-12 09:22:08 b.a.o says it's building qt5-qtwebengine on aarch64, but clicking on the link to go to the build log returns a 404. Why is that? 2021-04-12 09:22:32 logs are not compied til after the build is done 2021-04-12 09:51:15 That does not seem to be true, I could actively follow the log when it was building it for x86_64 2021-04-12 09:52:10 It's only the case for some builders (like aarch64 and ppc64le I think) 2021-04-12 09:54:27 PureTryOut[m]2: only x86_64 is in 'real-time'. other at the end 2021-04-12 09:54:33 Oh interesting 2021-04-12 09:54:46 afaik, have to add 2021-04-12 10:14:16 yeah, so that is because the distfiles happens to be on the same host as x86_64. It used to be shared with x86 too in the past, over NFS, but now it is only x86_64 2021-04-12 10:14:44 we will likely move that to separate host at somepoint, so then will not even x86_64 be realtime 2021-04-12 10:35:56 i1l-test: I know and I have no idea why it's not working because it's copied directly from the pure site where it works :/ 2021-04-12 10:36:13 if alpinelinux.org's based on the same thing I'll take a look. 2021-04-12 10:51:26 For some reason, meson does not install the meson binary on s390x 2021-04-12 10:52:03 Might be a setuptools issue? 2021-04-12 10:56:56 https://tpaste.us/kkbw 2021-04-12 11:02:44 /usr/lib/python3.9/distutils/dist.py:274: UserWarning: Unknown distribution option: 'entry_points' 2021-04-12 11:02:47 that explains 2021-04-12 11:04:25 are clocks running late on the builders? (like a week) 2021-04-12 11:04:42 omni: what builder? 2021-04-12 11:07:20 Fixed meson on s390x (removed old (newer) py3-setuptools package and rebuilt meson) 2021-04-12 11:08:55 ikke: possibly all of them? I noticed in timestamps on the first line of log files and in file listings on b.a.o/buildlogs 2021-04-12 11:09:17 date returns april 12th 2021-04-12 11:09:24 Mon Apr 12 11:09:06 UTC 2021 2021-04-12 11:09:34 https://build.alpinelinux.org/buildlogs/build-edge-armv7/community/py3-qtwebengine/py3-qtwebengine-5.15.2-r1.log 2021-04-12 11:09:52 That's 5 days ago? 2021-04-12 11:10:04 but it was this morning 2021-04-12 11:10:27 build-edge-armv7 [~]# date 2021-04-12 11:10:30 Mon Apr 12 11:10:18 UTC 2021 2021-04-12 11:12:29 algitbot: what had you trigger? # date ? 2021-04-12 11:12:47 omni: [pr] # 2021-04-12 11:12:59 good answer, bot 2021-04-12 11:13:30 last commit to py3-qtwebengine was about 3 weeks ago 2021-04-12 11:15:28 omni: that log file was created on april 7th 2021-04-12 11:15:29 oooh! *faceapalm* 2021-04-12 11:15:55 did you mean qt5-qtwebengine? 2021-04-12 11:16:15 yes, thought I was looking at that... 2021-04-12 11:16:27 sorry 'bout that 2021-04-12 11:16:35 no problem 2021-04-12 11:19:35 not through my first cup of coffee yet =) 2021-04-12 12:34:50 kubeadm does not segfautl when linked static 2021-04-12 13:07:47 dalias: what's your view on https://github.com/microsoft/mimalloc ? Not for general use but for selective "performance" use (i.e. big Java programs like Elasticsearch). Wondering whether its worth making an official aport for it (I've had it packaged locally for a while) 2021-04-12 13:14:56 ncopa: TEXTRELs? 2021-04-12 13:42:27 I forget, was there a way to get a view what's in the pipeline queue for a builder? 2021-04-12 13:44:22 ericonr: not sure. but it seems it works if i add -buildmode=pie which seems to be unintentional disabled 2021-04-12 13:47:18 sounds like textrel :p 2021-04-12 13:47:28 Go toolchain is kind of weird in some places 2021-04-12 13:47:37 yeah 2021-04-12 13:47:58 readelf -d, if you don't remember the command for it 2021-04-12 13:49:13 im just adding -buildmode=pie now and are also backporting removal of external coreutils/findutils dependency 2021-04-12 14:11:40 minimal, i saw nothing exciting about it. the marketing material muddles that the interesting features they designed it around are only for a custom API they needed for whatever language runtime they were using it with, and aren't available with standard malloc api 2021-04-12 14:12:23 ncopa, uhg what did they do? add -fno-pie of their own? 2021-04-12 14:14:19 no. but our go toolchain no longer do PIE by default, instead we set GOFLAGS=-buildmode=pie in the builder env. The kubernetes APKBUILD overrides the GOFLAGS 2021-04-12 14:14:30 without appending -buildmode=pie 2021-04-12 14:17:45 ... 2021-04-12 14:17:59 if link is pie by default, go probably needs to be setup as pie by default too 2021-04-12 14:46:57 omni: it's not exposed 2021-04-12 14:54:08 ah, then I know =) 2021-04-12 15:33:15 Ariadne: do you know what the status of rust with musl is? 2021-04-12 15:47:50 !20148 2021-04-12 15:54:55 omni: should I still check that on armhf? 2021-04-12 16:32:59 ikke: I have a separate mr where I thought I'd continue to work on arm* 2021-04-12 16:33:08 ok 2021-04-12 16:33:09 but now I can't seem to reach gitlab.a.o? 2021-04-12 16:33:17 up for me 2021-04-12 16:33:21 hmm... 2021-04-12 16:34:41 "took too long to respond" 2021-04-12 16:35:24 gitlab page? 2021-04-12 16:37:45 gitlab everything, I get "TLS handshake timeout" from lab, but it's probably some networking issues at my end of the string, although everything else seem to work fine 2021-04-12 16:42:48 there we go 2021-04-12 17:02:50 ncopa: as previously stated, postponed until 3.15 2021-04-12 17:03:02 ncopa: at the current rate of red tape, that might even be 3.16 2021-04-12 17:03:20 :) 2021-04-12 17:05:25 alpine 4.0: finally with rust support 2021-04-12 17:07:10 Well, we support Rust right now too, just not on some exotic arches and with a downstream patch to patch in our triplets 2021-04-12 17:14:22 yes but he was asking about the fixing of all of this 2021-04-12 17:14:23 :p 2021-04-12 17:25:47 ok. thanks 2021-04-12 19:10:48 hi, if I have many sources in an APKBUILD can I specify where extract some of them? 2021-04-12 19:12:10 donoban: they will always be unpacked in srcdir 2021-04-12 19:12:54 but you can move/copy around, preferrably in a prepare() stage 2021-04-12 19:12:57 If you need to move them to a certain location, you can do that in the prepare stage 2021-04-12 19:12:59 \yes 2021-04-12 19:13:12 uhM 2021-04-12 19:14:10 donoban: https://wiki.alpinelinux.org/wiki/APKBUILD_Reference#prepare.28.29 2021-04-12 19:14:20 problem is that two of them don't have a main dir, a lot of files are dumped to src 2021-04-12 19:14:40 thanks 2021-04-12 19:14:56 donoban: oh, not fun 2021-04-12 19:15:09 what is it? 2021-04-12 19:15:28 telegram-desktop 2021-04-12 19:15:45 or more accurately tg_owt 2021-04-12 19:16:01 where do you get the archive from? 2021-04-12 19:16:02 upstream builds it using two git submodules 2021-04-12 19:16:27 the problematic are like: 2021-04-12 19:16:35 libvpx.tar.gz::https://chromium.googlesource.com/webm/libvpx/+archive/b41ffb53f1000ab2227c1736d8c1355aa5081c40.tar.gz 2021-04-12 19:35:43 looks like build-edge-armv7 has been stuck on community/telepathy-glib for quite a while... all day, if you ask me 2021-04-12 19:42:43 it's stuck on tests 2021-04-12 21:58:59 I'm trying with this "workaround" https://tpaste.us/PKWe 2021-04-12 21:59:33 I don't see other alternative, some files have the same name so get directly overwritten 2021-04-13 00:01:32 hmm... https://pkgs.alpinelinux.org/contents?path=%2A%2F__pycache__&page=10564&branch=edge 2021-04-13 00:01:50 is compiling and packaging python bytecode intentional? 2021-04-13 00:26:39 Yes. We don't want to regenerate bytecode at install time. 2021-04-13 01:20:12 Ariadne: has it ever by thought to package only the Python bytecode and not the py files? 2021-04-13 02:23:32 [20:20] Ariadne: has it ever by thought to package only the Python bytecode and not the py files? 2021-04-13 02:23:35 yes, it has 2021-04-13 02:23:52 we concluded not to do it because backtracked depend on source to be helpful 2021-04-13 06:30:47 good morning 2021-04-13 06:34:48 Morning 2021-04-13 06:34:49 Seems like a got a merge commit on 3.11-stable :/ 2021-04-13 07:21:23 PureTryOut[m]2: error: '__NR_fstatat' was not declared in this scope; did you mean 'sys_fstatat'? on aarch64 w/ qt5-qtwebengine 2021-04-13 08:08:07 Seems like they are trying to do direct syscalls? 2021-04-13 08:09:20 That's probably for allowing some syscalls in the seccomp sandbox 2021-04-13 08:34:07 Cogitri: is that while trying to run it? 2021-04-13 08:37:26 Nop, on the builders 2021-04-13 08:40:31 Ariadne: https://github.com/opencve/opencve 2021-04-13 08:41:11 Cogitri: but qt5-qtwebengine has already successfully built for aarch64? 2021-04-13 08:44:11 Oh, that was armv7, whoops 2021-04-13 08:44:12 https://build.alpinelinux.org/buildlogs/build-edge-armv7/community/qt5-qtwebengine/qt5-qtwebengine-5.15.3_git20200401-r1.log 2021-04-13 08:44:18 But seems like that as an old log? 2021-04-13 08:44:49 Sorry about that, just saw the error message in #alpine-commits this morning 2021-04-13 08:45:57 ncopa: did you read my notes here about clamav upgrade ideas/problems for older stable releases 2021-04-13 08:46:29 I don't want to bother c_landmeter with this because he is 'short with time' 2021-04-13 09:02:07 mps: i saw that yo commented but i didnt look up the details 2021-04-13 09:02:47 but in general, i am in favor of using updated upstream release if possible (it does not break anything or require any config changes) 2021-04-13 09:03:03 i think that is preferred over backporting patches 2021-04-13 09:10:48 ok, I think upgrade to latest stable release for 3.12 and 3.11 will not break users systems 2021-04-13 09:11:47 Cogitri: haha np. Seems armv7 did fail indeed, will look into it 2021-04-13 09:14:03 ncopa: what removes old packages from the builder repositories? py3-setuptools was reverted, but on some arches, the 'newer' version was still present, so it was still used 2021-04-13 09:17:30 PureTryOut[m]2: is it the bundled ninja? could samurai be used instead? 2021-04-13 09:17:49 Why would the bundled ninja be it? 2021-04-13 09:18:02 no, sorry 2021-04-13 09:18:21 dunno 2021-04-13 09:26:50 Funny, the file that is failing hasn't been changed in 7 years... 2021-04-13 09:28:00 bits rust-ed :) 2021-04-13 09:29:00 Maybe it just needs to retry, Qt5Webengine do be like that... 2021-04-13 09:29:02 ikke: after apk repo build is done it will remove old packages 2021-04-13 09:29:19 Ah, OK, explains 2021-04-13 09:36:46 when resurrecting, should I bump py3-adblock? !20148 2021-04-13 09:37:33 I'm leaning towards yes, since it's a rebuild 2021-04-13 09:44:31 so I did, can't hurt 2021-04-13 10:54:48 Any clue of what is trying to rename and why? 2021-04-13 10:54:49 >>> tg_owt-dev*: Running split function dev... 2021-04-13 10:54:51 mv: can't rename '/home/builder/aports/community/tg_owt/pkg/tg_owt/usr/include': Directory not empty 2021-04-13 10:55:55 https://gitlab.alpinelinux.org/alpine/abuild/-/blob/master/abuild.in#L1883 2021-04-13 10:55:58 or 2021-04-13 10:56:03 https://gitlab.alpinelinux.org/alpine/abuild/-/blob/master/abuild.in#L1891 2021-04-13 10:56:24 let me check thanks 2021-04-13 11:07:19 PureTryOut[m]2: unfortunately, the retry didn't succeed 2021-04-13 11:12:17 Noticed 2021-04-13 12:04:13 in !20428 author want to remove CVE id which is related only on windows. 2021-04-13 12:04:49 I'm not sure about this 2021-04-13 12:05:19 do we keep/write unrelated CVEs 2021-04-13 12:11:30 Maybe to satisfy bad security scanners 2021-04-13 12:14:51 has anyone encountered an issue with python aports in which they no longer install binaries 2021-04-13 12:15:13 ddevault: Yes, setuptools==56 broke stuff 2021-04-13 12:15:15 We downgraded back to 52 for the time being 2021-04-13 12:15:40 okay, thanks 2021-04-13 12:15:45 is there a ticket I can read? 2021-04-13 12:16:28 Unfortunately I don't think we have a ticket for that, just IRC logs and 5ec095166176c72ac27a27b0c695e20626ddcb79 2021-04-13 12:16:38 5ec095166176c72ac27a27b0c695e20626ddcb79 2021-04-13 12:16:52 Ugh, clipboard didn't want to work the way I wanted it to :D ca7f4b5b3c6fe3292cb32600417d0fbf49d255ac 2021-04-13 12:17:07 is Leo on IRC? 2021-04-13 12:17:13 maxice8: ^ 2021-04-13 12:17:24 maxice8: have you poked upstream about this? 2021-04-13 12:17:38 No 2021-04-13 12:17:42 can you? 2021-04-13 12:18:28 ikke: didn't understood your answer 2021-04-13 12:20:04 I can try but we de-vendor their dependencies and Arch Linux doesn't have this problem (on 54.2.0) as far as I can tell 2021-04-13 12:20:42 if nothing else, we should write down what we know *somewhere*, so that we can work (gradually) towards a long-term solution 2021-04-13 12:24:45 I added a warning above pkgver= in the APKBUILD, if necessary I can open an issue 2021-04-13 12:28:24 yeah, please do 2021-04-13 12:33:58 opened 2021-04-13 12:44:17 thanks! 2021-04-13 14:55:35 is there a good way to update checksums on a system like macOS? or should I just try and compile abuild to do this? 2021-04-13 14:56:30 Abuild is a shell script 2021-04-13 14:58:21 it looks like there are other abuild-* that are compiled 2021-04-13 14:59:08 Right, the helpers 2021-04-13 14:59:40 But for updating checksums, they are not required 2021-04-13 15:00:05 nice 2021-04-13 15:00:23 But otherwise you'd have to calculate the sha512sums of the source files and upsets them 2021-04-13 15:00:31 Including the names 2021-04-13 15:01:00 ya, i'm too lazy to do that by hand ;) 2021-04-13 15:25:46 there is also a docker wrapper script, docker-abuild https://gitlab.alpinelinux.org/alpine/docker-abuild 2021-04-13 15:31:26 that should get more love, it seems 2021-04-13 15:33:56 it needs love, yes 2021-04-13 15:34:17 who doesn't 2021-04-13 15:34:53 just checked that my edits for that indeed were on the hd that broke 2021-04-13 15:35:24 ACTION forks 2021-04-13 15:45:40 i wish we could remove FIPS support from NSS and OpenSSL 2021-04-13 15:45:55 we are not FIPS-certified, so it seems bad to give people that footgun 2021-04-13 15:47:47 #12313 2021-04-13 15:47:53 i think we solve this by removing FIPS mode 2021-04-13 15:49:17 but that change will piss people off, so *grumble* 2021-04-13 15:55:31 oh, Google is funding reproducible builds for Alpine? 2021-04-13 15:58:16 among other things, yes 2021-04-13 15:59:01 why does stripping inhibit fips mode?? 2021-04-13 15:59:21 dalias: because the cryptographic module is "signed" 2021-04-13 15:59:32 during build 2021-04-13 15:59:57 stripping the module changes the checksum, invalidates the "signature" 2021-04-13 16:00:06 i use quotes here intentionally 2021-04-13 16:00:11 the build also verifies that sources weren't patched, doesn't it? 2021-04-13 16:00:20 nope :D 2021-04-13 16:00:36 FIPS mode is dumb 2021-04-13 16:00:37 oh, that might be openssl, then 2021-04-13 16:00:38 anyway 2021-04-13 16:00:51 I had read some about FIPS, but yeah, it all seemed very dumb 2021-04-13 16:01:07 government at its finest 2021-04-13 16:13:14 207c2384584cd70909e3d00761c770850e475d87 2021-04-13 16:13:32 seems like a mixup happened while ncopa was pushing it removed some packages 2021-04-13 16:13:47 heh 2021-04-13 16:16:31 pushed it all back up 2021-04-13 16:23:30 py3-adblock fails 2021-04-13 16:24:04 This was something ncopa alreayd mentioned and omni is/was trying to address 2021-04-13 16:24:54 disabled for now 2021-04-13 16:32:53 !20148 2021-04-13 16:33:10 nof 2021-04-13 16:33:11 nod* 2021-04-13 16:33:30 You need to rebase it now and fix conflcts 2021-04-13 16:33:45 oh, brb 2021-04-13 16:40:07 What should we do about the curl CVEs (!12568). The provided patches only apply on edge 2021-04-13 16:40:14 #12568 2021-04-13 16:40:30 (https://gitlab.alpinelinux.org/alpine/aports/-/issues/12568 2021-04-13 16:44:49 backport or ask Daniel (upstream) to make proper for older versions 2021-04-13 16:45:01 there, I think I've fixed the conflicts 2021-04-13 16:45:49 omni: for #12568 ? 2021-04-13 16:46:09 no, !20148 2021-04-13 16:46:16 ah 2021-04-13 16:47:23 qutebrowser installs on aarch64, x86 & x86_64 are blocked by its dependency py3-adblock not being available 2021-04-13 18:21:40 regarding coccinelle: https://systeme.lip6.fr/pipermail/cocci/2021-March/008526.html 2021-04-13 21:32:18 Ariadne: not to shame a specific dev (which is why I'm not sharing on zulip), but another instance of musl==static, where someone forces static linkage for all musl targets: https://github.com/benfred/remoteprocess/blob/master/build.rs 2021-04-13 21:32:38 :D :D :D :D :D :D 2021-04-13 21:33:09 my suggestion would be to open a bug 2021-04-13 21:35:30 uhg 2021-04-13 21:35:37 is it this same person? 2021-04-13 21:36:06 hmm one thing cargo probably really needs... 2021-04-13 21:36:10 cargo-c forces static libraries on musl too noe I think 2021-04-13 21:36:23 s/noe/now/ 2021-04-13 21:36:23 Cogitri meant to say: cargo-c forces static libraries on musl too now I think 2021-04-13 21:36:34 a facility for keeping a local patch repository to fix shit like this 2021-04-13 21:36:54 when the upstream is intentionally hostile 2021-04-13 21:37:40 https://github.com/lu-zero/cargo-c/issues/180 2021-04-13 21:38:38 They seem willed to make dynamic musl linking work once rustc has caught up though 2021-04-13 21:38:42 > Once cargo is able to tell the difference between musl-with-dylibs and musl-without it will work out of box. :) 2021-04-13 21:40:41 s,box,crate, 2021-04-13 21:42:11 dalias: debian and fedora create a local crate repository 2021-04-13 21:42:38 but this requires packaging each crate dependency 2021-04-13 21:42:44 so lots of humantime 2021-04-13 21:43:08 i posted there 2021-04-13 21:47:38 Ariadne: we are going to open one 2021-04-13 21:53:47 i think we're going to have to actually write a spec about this 2021-04-13 21:53:48 ;/ 2021-04-13 21:57:25 I don't know if this is related, but I had a undefined reference on telegram-desktop wich I solved using DBUILD_SHARED_LIBS=OFF on tg_owt lib 2021-04-13 22:09:48 rust build.rs system is totally broken anyways 2021-04-13 22:10:14 here's a whole crate of footguns, have your pick 2021-04-13 22:10:24 pun intended 2021-04-14 05:03:05 hmm 2021-04-14 05:03:09 fex isn't packaged for alpine 2021-04-14 05:03:12 I should do that 2021-04-14 05:03:17 and also actually try it out 2021-04-14 06:21:38 good morning 2021-04-14 06:22:10 ikke: re curl CVE, can we upgrade to latest version? I prefer upgrade over backport patches if possible 2021-04-14 06:55:28 aieee! agreed 2021-04-14 06:55:42 and same for clamav? 2021-04-14 07:06:14 !20468 2021-04-14 07:07:03 do we have to rewrite secfixes there or keep them as they are now 2021-04-14 07:29:35 secfixes should be written as in what version of our package a vulnerabilit was patched, right? 2021-04-14 07:32:41 secfixes data/notes are useless for anything except marketing 2021-04-14 07:35:04 i disagree. and i dont think we should underestimate the value of marketing 2021-04-14 07:35:10 well, a user might want to see if they really need to upgrade their package 2021-04-14 07:35:56 there are security scanners out there, that will flag our packages. the seclist comments help those scanners to avoid false positives 2021-04-14 07:36:50 ncopa: have to look if there are soname bumps 2021-04-14 07:37:09 ikke: yeah, im checking it now 2021-04-14 07:37:26 I also saw that there is a bug in 7.76.0 so they did a 7.76.1 2021-04-14 07:37:28 old saying 'lies, damned lies and marketing' :) 2021-04-14 07:37:48 that is why I dislike marketing 2021-04-14 07:38:28 its a somewhat necessary "evil" imho 2021-04-14 07:39:26 I'm just user of alpine, and because that marketing of the alpine doesn't have any value 2021-04-14 07:39:55 to me, forgot to add at the end of previous sentence 2021-04-14 07:40:00 I think that saying is for statistics but, sure, marketing is often to fool someone into buyng something they didn't know they needed 2021-04-14 07:40:01 the alpine project has always been about actually fixing things rather than talking about how good we are 2021-04-14 07:40:14 but besides the point 2021-04-14 07:40:24 for me, quality is important 2021-04-14 07:40:32 "marketing" part has mostly been taken care of by others 2021-04-14 07:40:40 mps: agree 2021-04-14 07:41:44 and to add, I'm not against adding these sec info (and other 'marketing') data, but they are not priority for me 2021-04-14 07:41:50 imho, our job is to work on the high quality part. then others will discover, and others will do the marketing. "have you noticed that alpine docker images are very quick to fix the CVEs?" 2021-04-14 07:42:59 and I understand quite well that my POV is not only one, other people see it differently 2021-04-14 07:43:00 our priority has always been to actually fixing the issues over telling others about it 2021-04-14 07:43:19 reporting the issues has always been secondary 2021-04-14 07:43:30 reproting that things have been fixed that is 2021-04-14 07:43:38 actually fixing has always been priority 2021-04-14 07:44:30 yes, fixing something wrong is what I see as priority 2021-04-14 07:45:50 exactly 2021-04-14 07:47:02 telling people that it is fixed is secondary, but not worthless, imho 2021-04-14 07:47:47 if one wants Alpine to be accepted in corporate environments, one should never underestimate the stupidity of auditors 2021-04-14 07:48:30 detha: I don't want 'Alpine to be accepted in corporate environments' 2021-04-14 07:49:17 I don't care actually, but this shouldn't be 'main goal' 2021-04-14 07:49:37 mps: I would like to be able to use Alpine wherever it fits. And unfortunately, corporate environments are part of that 2021-04-14 07:49:42 if some corporation find it useful I'm not against, ofc 2021-04-14 07:50:43 so, we have make it acceptable by 'stupidity of auditors'? no thanks :) 2021-04-14 07:53:12 Consider it a way of reducing unnecessary work in sending 'yes it is a version <$x, but the patches for CVE-nnn have been backported' responses 2021-04-14 07:53:32 but for the original question, I'd say, don't "rewrite" 'secfixes:', add to it 2021-04-14 07:54:25 if a secfix is later patched in an upstream release it was still patched earlier by us 2021-04-14 07:54:57 omni: my doubt is about thing when the secfixes are already there, added by patching, and new release have it now 2021-04-14 07:55:13 omni: right 2021-04-14 08:03:02 do we have any developer docs for on-boarding new committers? I think we don't 2021-04-14 08:03:35 Not aware of any 2021-04-14 08:03:44 for people who are not active on IRC, and get git push access 2021-04-14 08:04:14 Should be part of the developed handbook 2021-04-14 08:04:29 developers 2021-04-14 08:04:50 i think we should have some sort of mentorship for new committers, have a person that can give the special attention for a period of time 2021-04-14 08:16:49 mps: with the new secfixes service coming online (hopefully friday), it will be more useful, because we will know what has and has not been patched 2021-04-14 08:18:39 but yes, i am skeptical on the whole "patch tuesday" thing 2021-04-14 08:19:07 on the other hand, the lack of a perceived, coherent security response in alpine is something people find detrimental 2021-04-14 08:19:16 which is why i am trying to change this :) 2021-04-14 08:21:02 Ariadne: thanks ;) 2021-04-14 08:21:44 (and the only thing maintainers need to do is just keep doing what they are doing anyway -- keeping secfixes up to date) 2021-04-14 08:23:06 but yes, 'central db' of secfixes is good to have 2021-04-14 08:23:22 obviously, the system i am building won't do anything useful without annotating the secfixes in the APKBUILD 2021-04-14 08:24:39 nvm, you did a first step in right direction, I hope 2021-04-14 08:58:34 maxice8: !20474 2021-04-14 08:58:53 I upgraded it about hour ago 2021-04-14 08:58:58 oh 2021-04-14 08:59:01 forgot to rebase 2021-04-14 08:59:15 heh, happens to me also 2021-04-14 09:30:01 how to add extra -I/dir to cmake 2021-04-14 09:47:30 py3-pikepdf no longer builds in 3.13-stable 2021-04-14 09:47:34 no idea why 2021-04-14 09:47:50 g++: error: build/temp.linux-x86_64-3.8/src/qpdf/page.o: No such file or directory 2021-04-14 09:47:54 no idea how to fix it 2021-04-14 09:48:11 but it prevents us from fixing a cve 2021-04-14 10:14:14 im gonna tag stable releases now. are there anything important that should go in before the release? 2021-04-14 11:36:20 Where should discussions about Alpine as an organisation be brought? 2021-04-14 11:42:17 I doubt that 'Alpine organization' exists 2021-04-14 11:43:26 alpine is more like 'wild life ecosystem' 2021-04-14 11:43:52 and that is good, imo 2021-04-14 13:07:06 Hey Ikke does the aports-qa-bot has admin permissions ? 2021-04-14 13:16:19 reading the backlog here... Alpine is widely used in "corporate environments" at least in the form of the base image for most docker based deployments... 2021-04-14 13:16:29 can confirm, I use it in a corporate environment 2021-04-14 13:18:15 E tu, son Brutus 2021-04-14 13:18:37 tehcloud: :) 2021-04-14 13:19:12 focus on quality is what sells the distro 2021-04-14 13:21:05 what about correctness 2021-04-14 13:21:26 Please don't make a committee 2021-04-14 13:21:29 well... that is part of the quality discussion, as is minimalism 2021-04-14 13:21:43 It worked thus far. Don't change a running system. 2021-04-14 13:21:49 and yes, committees lead to bad decisions because you can't have real discussions anymore, instead you appease people's emotions 2021-04-14 13:22:04 Or we make a comittee of autists 2021-04-14 13:22:15 <--- is autist 2021-04-14 13:22:19 <- is also an autist 2021-04-14 13:22:26 (a little bit only luckily) 2021-04-14 13:22:27 lol.... yes, many of us probably are ;) 2021-04-14 13:22:58 'autist' means? 2021-04-14 13:23:10 anyway, I like this distro as it is now... focus on quality and minimalism 2021-04-14 13:23:11 Do you want my medical history? 2021-04-14 13:23:24 If you're in Switzerland, I could send you a copy. 2021-04-14 13:23:47 build the quality product, and it shall be adopted, catering to corporate interests for the sake of catering to corporate interests does not lead anywhere positive 2021-04-14 13:24:33 tehcloud: keeping it minimal with my local branches 'eats' most of my time for alpine 2021-04-14 13:25:04 so I don't have much time to devote to alpine 2021-04-14 13:26:04 ===== release 3.13.5 ===== and already new kernel version :P 2021-04-14 13:50:11 error: internal error: qemu unexpectedly closed the monitor: Failed to open module: Error relocating /usr/bin/../lib/qemu/ui-spice-core.so: egl_texture_blend: symbol not found 2021-04-14 13:50:17 why 2021-04-14 13:51:50 did you installed all qemu modules 2021-04-14 13:52:00 yes 2021-04-14 13:52:38 qemu-ui-opengl 2021-04-14 13:53:36 I have no idea, didn't had such error 2021-04-14 13:54:06 qemu-ui-egl-headless maybe 2021-04-14 13:55:31 qemu-ui-opengl 2021-04-14 13:56:41 thanks 2021-04-14 13:57:18 np 2021-04-14 13:59:22 MY-R: what is new kernel version? 5.10.30? :) 2021-04-14 14:00:15 also why does power in the east bay have to fail again 2021-04-14 14:01:37 apk add west-bay ;) 2021-04-14 14:02:28 well, apk don't have 'move' subcmd 2021-04-14 14:08:36 mps: ye 5.10.30 :P and it got 3 CVE's in "nfc" :P 2021-04-14 14:09:38 nfc subsystem deserves lifetime CVE 2021-04-14 14:09:46 heh ye 2021-04-14 14:10:15 ugh... i shoudl have done the release yesterday 2021-04-14 14:10:50 no, new kernels are released about hour or two ago 2021-04-14 14:12:12 Date: Wed Apr 14 08:42:14 2021 +0200 2021-04-14 14:12:41 what? +0200 2021-04-14 14:12:53 2021 2021-04-14 14:13:02 hmm 2021-04-14 14:13:12 ah, 14 2021-04-14 14:13:29 :14 2021-04-14 14:13:42 14 2021-04-14 14:13:56 hmm, who can understand algitbot AI 2021-04-14 14:14:17 pr 14 2021-04-14 14:14:34 Apr 14 2021-04-14 14:14:39 :D 2021-04-14 14:17:38 ah 2021-04-14 14:17:48 makes sense 2021-04-14 14:19:01 Hey guys libpwquality is broken 2021-04-14 14:19:10 It doesn't find a symbol that's defined in libintl 2021-04-14 14:19:23 From the start, it was broken. In 3.11 already 2021-04-14 14:19:27 In Edge too. 2021-04-14 14:19:44 How to check? ldd /usr/lib/libpwquality.so.1: 2021-04-14 14:19:53 Error relocating /usr/lib/libpwquality.so.1: libintl_dgettext: symbol not found 2021-04-14 14:20:01 hmm 2021-04-14 14:20:35 you didn't install gettext-tiny right 2021-04-14 14:20:42 its in testing on edge 2021-04-14 14:21:01 though that should coexist fine right now with libintl 2021-04-14 14:23:59 Why should I? It's not a dependency of anything 2021-04-14 14:24:12 And it wasn't in 3.11 either, it's not in the docker image 2021-04-14 14:24:42 i was just pondering that as being a possible problem, but does not seem to be 2021-04-14 14:25:02 anyway, gnu gettext is going away soon 2021-04-14 14:25:12 3.14 will be the last release with it 2021-04-14 14:25:25 so this will fix itself 2021-04-14 14:27:36 Ariadne: is something replacing the GNU's gettext? 2021-04-14 14:27:56 gettext-tiny from sabotage 2021-04-14 14:28:01 interdesting 2021-04-14 14:28:03 ACTION loks into it 2021-04-14 14:28:05 musl itself already has gettext 2021-04-14 14:28:10 we just need the tools 2021-04-14 14:29:26 i think it's a configure problem from mixing gnu gettext and musl 2021-04-14 14:29:47 yes, likely 2021-04-14 14:29:54 configure probably detects that it doesn't need to link gnu libintl for gettext, but then uses the gnu header that alpine shipped in place of musl's 2021-04-14 14:29:58 good thing that is being solved in 3.15 :D 2021-04-14 14:30:06 (by doing a broken symbol-only configure check) 2021-04-14 14:30:12 :) 2021-04-14 14:30:14 yay 2021-04-14 14:42:54 can someone please help me review https://gitlab.alpinelinux.org/alpine/infra/alpine-mksite/-/blob/master/posts/Alpine-3.10.9-3.11.11-3.12.7-released.md 2021-04-14 14:43:16 and https://gitlab.alpinelinux.org/alpine/infra/alpine-mksite/-/blob/master/posts/Alpine-3.13.5-released.md 2021-04-14 14:54:22 fcolista: can you help me with the libosinf db? https://gitlab.com/libosinfo/osinfo-db/-/issues/78 2021-04-14 14:58:00 for some reason dl-cdn contains packages which have long been extinct in aports for instance https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/android-tools-zsh-completion-5.8-r1.apk the current version of the android-tools package is 31.0.0, why is that ancient subpackage is still around on the mirror? 🤔 2021-04-14 15:03:15 dl-cdn caches the packages. check the dl-master.alpinelinux.org/alpine 2021-04-14 15:06:12 automatic maintainer assignment: https://gitlab.alpinelinux.org/Cogitri/aports-qa-bot/-/merge_requests/7 this might interest some 2021-04-14 15:06:48 awesome 2021-04-14 15:07:29 nice! 2021-04-14 15:07:40 ncopa: it's also on the master for some reason http://dl-master.alpinelinux.org/alpine/edge/main/x86_64/android-tools-zsh-completion-5.8-r1.apk 2021-04-14 15:07:57 hi, is there any problem if I modify two APKBUILDS on same merge request? One is a makedep of the another 2021-04-14 15:08:00 it's also on the mirrors idk 2021-04-14 15:08:13 that package needs to be removed somehow 2021-04-14 15:08:40 because I am pushing a new zsh-comletion subpackages but androidt-tools has moved to community/ in the meantime and it would be annoying to have two packages with the same name in different repos 2021-04-14 15:08:43 donoban: thats fine, specially if they are related. might still be nice to have two commits in the PR though 2021-04-14 15:08:53 nmeum: is it in the index? 2021-04-14 15:08:57 yes inside the mr there are separated commits 2021-04-14 15:09:12 donoban: should be ok to have them in same PR 2021-04-14 15:09:19 ok great 2021-04-14 15:09:36 ncopa: shows up with `apk info android-tools-zsh-completion`, so yeah I guess it's still in the APKINDEX for some reason 2021-04-14 15:09:51 apk search --origin --exact android-tools-zsh-completion 2021-04-14 15:10:02 says that it comes from zsh 2021-04-14 15:10:19 ahhh!!!! 2021-04-14 15:10:23 my bad then 2021-04-14 15:10:31 :) 2021-04-14 15:11:02 its confusing indeed 2021-04-14 15:13:47 yes ncopa ! 2021-04-14 15:14:09 maxice8: it should be backed by algitbot, which has admin permissions indeed 2021-04-14 15:14:44 ty, that is vital otherwise using the /Users API doesn't give us the Email address 2021-04-14 15:15:02 I have no clue how to do otherwise short of implemented a txt or something that we populate manually 2021-04-14 15:16:33 fcolista: can you please respond to https://gitlab.com/libosinfo/osinfo-db/-/issues/78 and say that you will follow up? 2021-04-14 15:21:40 maxice8: assuming that they even use the same e-mail address 2021-04-14 15:22:35 It is the only reasonable thing I could find to connect, username used definitively does not as I found out painfully 2021-04-14 15:27:47 ncopa, done 2021-04-14 15:28:29 I'm getting "sha512sum: WARNING: 1 of 1 computed checksums did NOT match" on build pipeline but in my computer checksum seems correct 2021-04-14 15:28:52 donoban: cached filed? 2021-04-14 15:29:09 uhM, let me check 2021-04-14 15:29:17 "dabuild clean" cleans the cache? 2021-04-14 15:29:29 No 2021-04-14 15:29:42 abuild cleancache 2021-04-14 15:29:47 (dabuild) 2021-04-14 15:30:21 yep, new checksums :) 2021-04-14 15:30:28 thanks ikke 2021-04-14 15:30:43 np, the question is why the checksums changed in the first place 2021-04-14 15:31:03 I switched to different versions 2021-04-14 15:31:21 since are git commit versions 2021-04-14 15:31:35 You should add the commit hash to the archive filename than 2021-04-14 15:31:35 maybe I ended with an old cached version :\ 2021-04-14 15:31:45 ok 2021-04-14 15:32:18 or rather 2021-04-14 15:32:23 hmm 2021-04-14 15:32:41 yeah, commit hash is best 2021-04-14 15:33:32 ideally $pkgver should change if you switch to a new commit 2021-04-14 15:33:59 yes main source has already $pkgver reference, the problem is that it needs two external libs 2021-04-14 15:34:04 ah 2021-04-14 15:34:09 and I set a fixed filename 2021-04-14 15:34:24 now adding a $_lib_commit for each one 2021-04-14 19:06:00 Ariadne: I opened an issue regarding the libpwquality breakage: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12608 2021-04-14 19:08:33 I get different sha512sum from the same URL: https://chromium.googlesource.com/libyuv/libyuv/+archive/ad890067f661dc747a975bc55ba3767fe30d4452.tar.gz 2021-04-14 19:08:51 donoban: probably not deterministic :( 2021-04-14 19:09:08 wow ikke, 2021-04-14 19:09:31 maybe it differs due the source IP? 2021-04-14 19:10:04 what should I do in this situation? 2021-04-14 19:10:20 We could mirror it 2021-04-14 19:10:26 Not much else we can do 2021-04-14 19:10:37 yes, but that's not ideal 2021-04-14 19:11:04 uhM, I'm gonna check if I can download it on another format 2021-04-14 19:12:21 I'm gona try to diff the downloaded files... 2021-04-14 19:13:50 donoban: googlesource isn't deterministic 2021-04-14 19:13:56 they create a tarball on the spot 2021-04-14 19:14:06 ah, thanks ericonr 2021-04-14 19:14:16 Other sites as well, but semi deterministic 2021-04-14 19:14:28 so probably is some kind of timestamp which differs 2021-04-14 19:14:31 yes 2021-04-14 19:14:36 yup, I believe that's the case 2021-04-14 19:15:53 I think they reimplement git-archive in a very bad way 2021-04-14 19:16:08 sr.ht used to have this problem as well, but they fixed it 2021-04-14 19:16:16 even tags version are non-deterministic? 2021-04-14 19:16:25 sr.ht changed compression recently, though :( 2021-04-14 19:16:29 broke a bunch of checksums 2021-04-14 19:16:32 right 2021-04-14 19:16:42 sourceforge changed the tar they used too :/ 2021-04-14 19:16:46 gitlab apparently also can be different between versions 2021-04-14 19:17:13 git's official stance is that you should not rely on git archive output being deterministic 2021-04-14 19:20:05 uhM there is a github mirror 2021-04-14 19:20:09 https://github.com/webmproject/libvpx/releases 2021-04-14 19:20:18 that should be more reliable 2021-04-14 19:20:51 what does help is that at least for our builders, we mirror archive on distfiles 2021-04-14 19:21:34 f88c588145b5164e98531b75215e119056cd806a9dbe6599bb9dab35c0af0ecd4b3daabee7d795e412a58aeb543d5c7dc0107457c4bd8f4d434e966e8e22a32d first.tar 2021-04-14 19:21:36 f88c588145b5164e98531b75215e119056cd806a9dbe6599bb9dab35c0af0ecd4b3daabee7d795e412a58aeb543d5c7dc0107457c4bd8f4d434e966e8e22a32d second.tar 2021-04-14 19:21:38 :D 2021-04-14 19:21:50 I hope it builds fine with this version 2021-04-14 19:22:06 yeah github is reliable there, the only issue is that some upstreams don't sync often 2021-04-14 19:22:11 is sha512 encouraged against sha256? 2021-04-14 19:22:18 I guess if it's setup as a mirror it sync automatically 2021-04-14 19:24:46 donoban: abuild uses sha512sum by defautlt 2021-04-14 19:25:22 ok 2021-04-14 19:26:33 This seems an "unoffcial mirror" https://github.com/lemenkov/libyuv 2021-04-14 19:33:00 lol, that guy even opened a issue for an official github mirror https://bugs.chromium.org/p/libyuv/issues/detail?id=851 2021-04-14 19:36:19 repeating question, how to add extra -I/dir to cmake 2021-04-14 19:36:40 extra include dir, I mean 2021-04-14 20:18:58 ikke: should we start to make an effort to move a lot of stuff from testing to community? We talked about this recently and testing is way too full with packages that have been in that repo for years 2021-04-14 20:19:18 PureTryOut[m]2: it should be in cooporation of the maintainer 2021-04-14 20:19:27 s/of/with 2021-04-14 20:19:27 ikke meant to say: PureTryOut[m]2: it should be in cooporation with the maintainer 2021-04-14 20:20:08 Sure, but lots of maintainers either aren't active anymore or just aren't interested in moving it, even though that's not the point of the testing repo 2021-04-14 20:20:38 right, but that means we either have to find a maintainer, or move it to unmaintained 2021-04-14 20:21:04 Yeah ok so let's start tagging maintainers and ask them to move it then, and move to unmaintained if they aren't available anymore 2021-04-14 20:22:03 I can start with my own :P 2021-04-14 20:22:13 That'd be a start haha 2021-04-14 20:22:18 Same here though 2021-04-14 20:33:41 PureTryOut[m]2: And I know at least one maintainer that doesn't want to have the burden of maintaining versions for half a year in community 2021-04-14 20:34:08 Then they probably shouldn't maintain the package though? 2021-04-14 20:34:37 They are / were maintaining the latest version in edge/testing 2021-04-14 20:35:08 And yes, that's not what testing is for 2021-04-14 20:37:23 what package is that? 2021-04-14 20:38:27 not a single package, multiple packages 2021-04-14 21:13:10 abuild supports zip files for source tarballs? 2021-04-14 21:14:06 donoban: https://gitlab.alpinelinux.org/alpine/abuild/-/blob/master/abuild.in#L520 2021-04-14 21:15:08 maybe it fails because some filename already exists 2021-04-14 21:15:54 + unzip -x ../libvpx-19d71f6b351fe992ae34b114eebd872c383a6bdb.zip -d src/third_party/libvpx/source/libvpx/ 2021-04-14 21:15:55 unzip: can't open ../libvpx-19d71f6b351fe992ae34b114eebd872c383a6bdb.zip[.zip] 2021-04-14 21:16:32 uhM, is not abuild command, it seems another line that I added to unpack on the right place 2021-04-14 21:17:59 lol it's may fault, I mixed the .tar with the ,zip :D 2021-04-14 21:18:05 heh 2021-04-14 21:33:43 How do you find out about reverse dependencies with apk? As in, how do I see what depends on some specific package? 2021-04-14 21:34:16 <[[sroracle]]> apk search -qrx package 2021-04-14 21:34:24 <[[sroracle]]> or any atom 2021-04-14 21:35:02 <[[sroracle]]> you can also use apk info -r for locally installed packages 2021-04-14 21:35:20 <[[sroracle]]> (search does both, info does only locally installed) 2021-04-14 21:38:16 Hmm ok thanks. That helps me, but doesn't solve my problem 😢 2021-04-14 21:38:54 <[[sroracle]]> what are you trying to do? 2021-04-14 21:40:24 We are trying to solve an issue where instead of pulseaudio it pulls in pipewire-pulse, but seemingly only on new installs (not upgrade). This seems to happen when one installs both gnome-session and gnome-settings-daemon, but not if you install one or the other 2021-04-14 21:41:11 <[[sroracle]]> is this on alpine installs? 2021-04-14 21:41:17 <[[sroracle]]> or pmOS 2021-04-14 21:41:18 Yes 2021-04-14 21:41:20 Alpine 2021-04-14 21:41:26 And because of that also happens on pmOS 2021-04-14 21:41:33 <[[sroracle]]> let me look at the index 2021-04-14 21:45:55 Ok even worse, `apk add pulseaudio-alsa pulseaudio` reproduces it 2021-04-14 22:00:14 <[[sroracle]]> hmph 2021-04-14 22:00:34 <[[sroracle]]> the mini rootfses should not use HTTPS repositories if they don't also include ca-certificates... 2021-04-14 22:01:13 https://gitlab.alpinelinux.org/donoban/aports/-/pipelines/78896 armv7 fails due a bug they fixed 5days ago but I'm considering disabling it until next release 2021-04-14 22:13:55 <[[sroracle]]> disqualify_package: pulseaudio-alsa-14.2-r5 (conflicting provides) 2021-04-14 22:15:02 <[[sroracle]]> https://tpaste.us/vZxZ 2021-04-14 22:15:37 is not !arm7 enough for disable armv7? 2021-04-14 22:16:09 <[[sroracle]]> !armv7 not !arm7 2021-04-14 22:16:20 oh I read it on the wiki 2021-04-14 22:16:40 "Package architecture(s) to build for. Can be one or several seperated by whitespace of: x86, x86_64, arm7, armhf, aarch64, ppc64le, s390x, mips64, all, or noarch" 2021-04-14 22:16:48 <[[sroracle]]> seems to be a typo to me 2021-04-14 22:16:56 the other are right? 2021-04-14 22:17:03 <[[sroracle]]> yeah those look correct i think 2021-04-14 22:17:14 ok 2021-04-14 22:27:54 <[[sroracle]]> PureTryOut[m]2: what was the rationale for !20031? 2021-04-14 22:28:32 <[[sroracle]]> i think apk does not like it when two provider names conflict AND versions are given, if i'm reading the source correctly 2021-04-14 22:29:13 I think before that pipewire-pulse was overwriting pulse audio for everyone, not just be a drop-in replacement on request 2021-04-14 22:29:32 <[[sroracle]]> what a mess... 2021-04-14 22:31:53 yeah pipewire-pulse had a provides=pulseaudio, which made pulseaudio a virtual package and it overrode the actual pulseaudio package. at least that's my understanding 2021-04-14 22:32:19 PureTryOut[m]2: your patch won't reintroduce that problem again ^^ ? 2021-04-14 22:32:41 oh wait, nevermind, that was the old fix XD 2021-04-14 22:33:20 <[[sroracle]]> the correct solution therefore must be something like the following 2021-04-14 22:34:45 <[[sroracle]]> the provider name should be something more generic, and pipewire-pulse and pulseaudio provide that name(s) instead. this would require rebuilding all rdeps that use those names as well. 2021-04-14 22:35:06 <[[sroracle]]> i'm not sure if alpine has done anything like that to fake "choice" packages but adelie has with /bin/sh. 2021-04-14 22:35:33 <[[sroracle]]> we have bash-binsh and dash-binsh both provide "/bin/sh" name (with NO version), and set provider priority correctly. then people can choose whichever 2021-04-14 22:36:32 <[[sroracle]]> and apk has no problems with this, other than when you switch between the two (a file conflict occurs, but i think that could be fixed with replaces= or something. but that seems obvious enough that we probably already tried that) 2021-04-14 22:36:33 that makes sense. in the meantime could the pipewire-pulse subpackage be dropped until something like that is implemented? 2021-04-14 22:36:55 <[[sroracle]]> i leave that to yall to figure out :) 2021-04-14 22:39:09 <[[sroracle]]> in general though i don't think you can use provides= while also letting both packages exist at the same time (rather it's usually used in order to facilitate package renaming or replacement) 2021-04-14 22:39:20 <[[sroracle]]> with one of them using that name, that is 2021-04-14 22:39:35 <[[sroracle]]> so that would also apply to pulseaudio-bluez and whatever the other one was as well 2021-04-14 23:05:42 [[sroracle]]: as long as the versioned provide isn't 100% equivalent, it is fine. otherwise it needs to be disambiguated with provides_priority 2021-04-14 23:06:16 [16:00:33] <[[sroracle]]> the mini rootfses should not use HTTPS repositories if they don't also include ca-certificates... 2021-04-14 23:06:18 yes 2021-04-14 23:06:29 we should include ca-certificates in alpine-base 2021-04-14 23:06:31 imo 2021-04-14 23:48:04 https://lkml.org/lkml/2021/4/14/1023: Concerning architectures, we already support `x86_64`, `arm64` and `ppc64le`. Adding support for variants of those as well as `riscv`, `s390` and `mips` should be possible with some work. 2021-04-15 00:33:39 Ariadne: I like the idea of gettext-tiny. One potential issue I forsee with gettext going away after Alpine 3.14, gettext package includes envsubst program which I've seen over the years recommended for & used in many Docker containers as a simple way to template config files, and obviously Alpine is used a lot as a base OS for container images........so unless its decided to package up envsubst as a separate package then I forsee 2021-04-15 00:33:39 complaints as various people's containers break 2021-04-15 00:39:08 i don't think (it says) we're killing gettext, just not using it for building packages 2021-04-15 00:42:13 i think you could install tools from gnu gettext, just not the library 2021-04-15 00:42:18 the file format is mostly compatible 2021-04-15 00:42:44 except that we don't do the (non-shareable, contrary to gettext design) SYSDEP strings hack that gnu gettext does 2021-04-15 00:43:09 instead we have the po->mo compiler expand out all possible variants of the SYSDEP-parametrized strings 2021-04-15 00:48:24 Hello71: Ariadne said earlier that gettext was going away after 3.14 so I took that to mean that it would no longer be packaged. I always thought it was strange that envsubst has been part of gettext in the first place. 2021-04-15 00:49:13 minimal: can a replacement envsubst be written? 2021-04-15 00:49:31 minimal: what does it do, etc 2021-04-15 00:50:49 https://github.com/stephenc/envsub seems to be an alternative... written in rust :p 2021-04-15 00:50:53 minimal: dunno, have used it for a couple of years. Like it said its a "poor person's templating tool", you can write shell scripts that use it to replace references to shell variables in a template file, often used as a quick-and-nasty alternative to jinja etc in Docker images 2021-04-15 00:51:02 Ariadne: https://man.archlinux.org/man/envsubst.1 2021-04-15 00:51:28 it's like debian man pages but not three years out of date (although i guess that doesn't really matter here) 2021-04-15 00:51:38 so 2021-04-15 00:51:41 what it does is 2021-04-15 00:51:46 you input 2021-04-15 00:51:48 Hello71: yeah there's various alternatives - was just pointing out the likelyhood of existing Docker images failing in the future when rebuilt again Alpine 3.15 if envsubst is no longer present 2021-04-15 00:51:52 say 2021-04-15 00:51:57 Hello ${WORLD} 2021-04-15 00:52:03 and it replaces ${WORLD} ? 2021-04-15 00:53:00 say you create a quick-and-nasty Docker image for nginx, you could use envsubst to create a working nginx.conf from a template file 2021-04-15 00:53:29 Ariadne: an example article from one of the Prometheus team: https://www.robustperception.io/environment-substitution-with-docker 2021-04-15 00:53:59 nginx seems like a bad use because it already uses the dollar sign for variables 2021-04-15 00:54:08 minimal: so it does what i said? 2021-04-15 00:54:15 although i guess nginx variables are mostly lowercase 2021-04-15 00:54:21 Hello71: that was an off-the-top-of-my-head example 2021-04-15 00:54:54 I'm not saying its a good way to do things, just that its an not-uncommon way some people do things 2021-04-15 00:54:54 ok 2021-04-15 00:55:00 $VAR and ${VAR} only 2021-04-15 00:55:04 i can write this in 5 minutes lmfao 2021-04-15 00:55:21 i dont think this should be in gettext though 2021-04-15 00:55:23 that's crazy 2021-04-15 00:55:37 I was only pointing out a possible future scenario of floods of complaints if/when its gone 2021-04-15 00:55:55 Ariadne: yeah I said earlier I never understood why its in gettext in the first place 2021-04-15 00:57:16 no sure if its possible to batter the gettext configure stuff into submission to only build envsubst 2021-04-15 01:01:15 Hello71: here's someone's nginx example using envsubst: https://thepracticalsysadmin.com/templated-nginx-configuration-with-bash-and-docker/ 2021-04-15 01:04:29 envsubst 2021-04-15 01:04:33 does not even support escaping 2021-04-15 01:04:36 what the fuck 2021-04-15 01:04:37 so I guess the question is whether there's something 100% compatible with envsubst that could be symlinked to /usr/bin/envsubst in the future for backwards compatibility 2021-04-15 01:05:04 Ariadne: yeah, I did say it was for cheap-and-nasty templating lol 2021-04-15 01:05:29 i almost have a replacement for this written lol 2021-04-15 01:06:28 is this part of a future Ariadnebox (busybox, toybox competitor) ? ;-) 2021-04-15 01:15:23 % envsubst \$HOME 2021-04-15 01:15:27 this program is cursed 2021-04-15 06:53:37 https://lkml.org/lkml/2021/4/14/1023 2021-04-15 07:09:51 will it bring zfs in-kernel 🤡 ? 2021-04-15 07:51:22 I'm surprised how many decades I read every years announces about new computer technology which will solve all problems :) 2021-04-15 07:52:54 no, it will not, only will fill 'pockets' of greedy people 2021-04-15 08:57:22 craftyguy: in the meantime not the entire subpackage should be dropped, people depend on it already (willingly). Instead we could temporarily remove the provides instead 2021-04-15 08:59:49 morning 2021-04-15 09:00:03 envsubst might be useful as a busybox applet 2021-04-15 09:02:05 Merged lots of things and closed some stale MRs, let's hope I didn't blow the builders up 2021-04-15 09:02:47 thanks! 2021-04-15 09:02:52 Sure :) 2021-04-15 09:02:54 ncopa: I'd appreciate if you could go through the MRs you've been assigned to and either merge them, leave a suggestion/assign someone else or close them 2021-04-15 09:04:40 I mean no need to do that right now, but some MRs have been stale waiting for review for some months now 😅 2021-04-15 09:40:43 hi, has something changed related to /var/run on edge? Tinyproxy fails on start because /var/run/tinyproxy is removed 2021-04-15 09:41:58 Not really, but files/directories in /var/run are wiped each boot (it's just a tmpfs) 2021-04-15 09:42:10 But that has been the case since basically forever? 2021-04-15 09:42:17 uhM 2021-04-15 09:42:40 until yesterday it was working fine, and here I have alpine 3.13 and also works fine 2021-04-15 09:43:25 the /var/run is normally a symlink to /run and /run is normally a tmpfs so it does not survive reboots. the script that starts tinyproxy should make sure the directory exists 2021-04-15 09:43:30 openrc upgrade? 2021-04-15 09:44:03 so just add 'mkdir -p /var/run/tinyproxy/' ? 2021-04-15 09:44:34 or change it to use /run/tinyproxy 2021-04-15 09:44:39 I tried that too 2021-04-15 09:44:42 if possible 2021-04-15 09:44:48 and get a infite symbolic loop error 2021-04-15 09:44:54 :S 2021-04-15 09:45:02 let me try 2021-04-15 09:45:29 tinyproxy [ crashed ] 2021-04-15 09:45:36 is the /var/run/tinyproxy hardocoded in it 2021-04-15 09:45:39 now it is fresh boot 2021-04-15 09:45:57 hardcoded* 2021-04-15 09:46:11 uhM, on init.d conf no, on tinyproxy... 2021-04-15 09:46:28 yes 2021-04-15 09:46:48 PidFile "/var/run/tinyproxy/tinyproxy.pid" 2021-04-15 09:48:04 note that this line was modified by me 2021-04-15 09:48:11 on default setup it starts but openRC reports it as crashed 2021-04-15 09:50:39 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20078 , this working fine until this morning (on edge) 2021-04-15 09:51:22 yesterday openrc is upgraded, maybe some changes in it causes this 2021-04-15 09:51:42 what openrc version is installed 2021-04-15 09:51:54 openrc (OpenRC) 0.43.2.57c1eaacac 2021-04-15 09:54:19 uh 2021-04-15 09:54:34 apk version openrc? 2021-04-15 09:54:52 openrc-0.43.2-r0 2021-04-15 09:55:30 aha, there is change about removal of the slash, but forgot what 2021-04-15 09:56:30 I'm trying to replace all conf from '/var/run/tinyproxy/tinyproxy.pid' to '/run/tinyproxy.pid' 2021-04-15 09:57:02 uhM 2021-04-15 09:57:39 there are some lines on start_pre() (init.d/tinyproyxy), enforcing the use of a tinyproxy directory 2021-04-15 09:57:48 https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae 2021-04-15 09:58:41 but I doubt this change cause your problem 2021-04-15 10:02:08 https://tpaste.us/DMpO this checks that tinyproxy.pid is not directly '/run/tinyproxy.pid' 2021-04-15 10:03:14 what about adding there 2021-04-15 10:03:32 some "mkdir -p $piddir" = 2021-04-15 10:03:33 ? 2021-04-15 10:04:26 I don't see nothing similar on other init scripts 2021-04-15 10:05:01 and only tinyproxy is using that $piddir var 2021-04-15 10:05:33 /etc/init.d/utmpd: mkdir -p -m 0755 /run/utmps 2021-04-15 10:06:40 or better just remove that useless folder? 2021-04-15 10:06:42 :\ 2021-04-15 10:06:43 you can use "mkdir -p /var/run/tinyproxy" 2021-04-15 10:08:26 I don't understand why it wants to use a custom directory 2021-04-15 10:08:29 proper solution will be patch tinyproxy to use configurable path for pid file 2021-04-15 10:09:12 uhM, maybe it can be set with a commandline option 2021-04-15 10:09:41 uhM, it seems that it doesnt 2021-04-15 10:12:14 I will opt for this two optios: adding a "mkdir -p .." to init.d script vs using only /run/tinyproxy.pid and remove the code that checks the existence of /var/run/tinyproxy dir (in the init.d too) 2021-04-15 10:12:15 config option, #PidFile "@localstatedir@/run/tinyproxy/tinyproxy.pid 2021-04-15 10:12:56 uhm do you mean on /etc/tinyproxy/tinyproxy.conf ? 2021-04-15 10:13:29 don't know, I don't use tinyproxy, but it should be there iiuc 2021-04-15 10:14:09 yes there is a conf file that APKBUILD is already editing 2021-04-15 10:14:47 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20078/diffs#97a1ecbfca7f2f05fc479c13b1b83a365a538c49_25_25 2021-04-15 10:14:57 uhM, lol 2021-04-15 10:15:21 so, maybe 'PidFile /run/tinyproxy.pid' 2021-04-15 10:15:45 problem is that before this morning it seems that openRC or some other thing was auto createing the /run/tinyproxy/ directory 2021-04-15 10:16:20 if we want to use directly /run/tinyproxy.pid, there is some check on /etc/init.d/tinyproxy wich has to bee removed 2021-04-15 10:17:13 https://tpaste.us/BE7W 2021-04-15 10:17:24 see start_pre() func 2021-04-15 10:17:45 tinyproxy.pre-install is problem 2021-04-15 10:18:20 it creates user home dir /var/run/tinyproxy which is removed after reboot 2021-04-15 10:19:27 so better remove that dir and the start_pre() check? 2021-04-15 10:20:27 no, fix /etc/tinyproxy/tinyproxy.conf with 'PidFile /run/tinyproxy.pid' 2021-04-15 10:21:18 yes but if not removed the start_pre() on https://tpaste.us/BE7W 2021-04-15 10:21:26 openRC will complain on rc-service start.. 2021-04-15 10:21:49 hmm, yes 2021-04-15 10:22:10 I saw that error before talking here 2021-04-15 10:22:42 but I suppose that it is nothing important, just use /run/tinyproxy.pid and remove that check right? 2021-04-15 10:23:08 worth trying 2021-04-15 10:25:31 pidfile=$(get_config PidFile /run/${SVCNAME}.pid) 2021-04-15 10:25:44 in init.d file 2021-04-15 10:26:44 ok ok, I will update the MR 2021-04-15 10:27:07 and 'PidFile "/run/tinyproxy.pid" in /etc/tinyproxy/tinyproxy.conf 2021-04-15 10:27:53 huh, what a mess of config 2021-04-15 10:28:11 no, this is one-shot solution 2021-04-15 10:30:30 hehe 2021-04-15 10:31:18 so, 'PidFile "/run/tinyproxy/tinyproxy.pid" in /etc/tinyproxy/tinyproxy.conf 2021-04-15 10:33:25 Ariadne: some time ago python devs asked about help setting up a buildbot node for testing musl for the python test farm. IIRC you volunteered to make that happen? how is that going? if you are busy with other things maybe we should ask someone else set that up? 2021-04-15 10:39:27 ncopa: do you think it makes sense to upgrade sudo as well on stable branches? 2021-04-15 10:39:33 We now carry custom patches for CVEs 2021-04-15 10:41:21 mps: ? so do you want maintain the '/run/tinyproxy/' dir? 2021-04-15 10:41:52 donoban: tinyproxy is not 'in good shape' and should be fixed, init script and pre-install 2021-04-15 10:42:23 donoban: no, I wrote about current state of init script 2021-04-15 10:42:36 ah ok ok 2021-04-15 10:42:42 but this should be fixed (and whole package) 2021-04-15 10:43:17 if you use it please make it in better shape and post MR 2021-04-15 10:43:20 ikke: i absolutely think we should 2021-04-15 10:43:30 ncopa: ok, will work on that 2021-04-15 10:43:32 backporting patches is risky 2021-04-15 10:43:34 yes 2021-04-15 10:44:19 donoban: if you don't want to 'mess' with it, I will try to find some time (which is long time promise :) ) 2021-04-15 10:44:26 i think i had a look at some sudo CVE thats unfixed for 3.10 a couple of weeks ago 2021-04-15 10:44:36 i think the sudo version we use there is unsupported 2021-04-15 10:44:47 ncopa: clamav also 2021-04-15 10:44:52 mps: I can do it, I'm using tinyproxy everyday :) 2021-04-15 10:45:01 if we are note able to upgrade, we might find patches from debian 2021-04-15 10:45:04 ncopa: yes, I backported a fix for 3.11, but 3.10 was not trivial 2021-04-15 10:45:10 donoban: good, do it! 2021-04-15 10:45:21 ncopa: I did look at debian / ubuntu for those backports 2021-04-15 10:45:32 ok :D 2021-04-15 10:45:37 But I think upgrading is better 2021-04-15 10:47:24 ncopa: ikke: clandmeter: can we move clamav to community. afaik nothing depends on it in main 2021-04-15 10:47:47 mps: Users might depend on it in main ;-) 2021-04-15 10:48:11 users of old (alpine stable) geeting a lot of these msgs 'WARNING: Your ClamAV installation is OUTDATED!' 2021-04-15 10:48:26 and 'WARNING: Local version: 0.102.4 Recommended version: 0.103.2' 2021-04-15 10:48:31 right 2021-04-15 10:48:55 So we either move it to community, or upgrade to the latest version in main 2021-04-15 10:49:12 options are, backport stable release to every alpine stable, or move to community 2021-04-15 10:49:20 :) 2021-04-15 10:49:23 :) 2021-04-15 10:50:21 anyway, anyone who use such things shouldn't use outdated releases, be it clamav or alpine 2021-04-15 10:59:46 we should probably move clamav to community if upstream does not provide support for the time we need 2021-04-15 11:00:21 can we upgrade from 0.102.* -> 0.103.x or does that require config file changes? 2021-04-15 11:07:15 ncopa: I did this upgrade yesterday for 3.12-stable 2021-04-15 11:07:49 should work for 3.11-stable but I wanted to test it first 2021-04-15 11:08:33 good 2021-04-15 11:24:26 donoban: !20078 did you read COMMITSTYLE.md 2021-04-15 11:25:00 ;( I didn't, but never its too late :D 2021-04-15 11:25:06 :) 2021-04-15 11:28:43 ikke: regarding the failing zsh tests: couly you tell me if the output of locale(1) differs in the build environment on the builders and the CI? (if that information is easy to obtain for you) 2021-04-15 11:30:13 uhM mps , should handle the case when tinyproxy is already installed and there are both init.d&etc files? 2021-04-15 11:30:18 https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10665 I think this would really be nice to have to ease debugging different build behaviour on the CI and the builders 2021-04-15 11:33:16 donoban: I don't agree. pkgs in repo should be 'clean', removing cruft is on the user/admin shoulders 2021-04-15 11:33:57 keep errors because pkg have errors is false stance 2021-04-15 11:33:58 ok, anyway the actual version is already broken xd 2021-04-15 11:49:26 hmm, looking on clamav upgrade for 3.10-stable 2021-04-15 11:50:07 3.10-stable expires in about half month, it is worth troubles to upgrade clamav on it 2021-04-15 12:15:44 mps: I'm ok with moving to main 2021-04-15 12:16:57 Interesting, mrustc has been upgraded to rust 1.39: https://github.com/thepowersgang/mrustc/ 2021-04-15 12:17:52 But that still means 13 steps to get a working, up-to-date rustc 2021-04-15 12:18:53 Which was how many steps before? 2021-04-15 12:20:09 I think previously it supported 1.29 2021-04-15 12:20:17 So 13 instead of 23 steps 2021-04-15 12:20:49 That's amazing! 2021-04-15 12:32:28 clandmeter: thanks. 2021-04-15 12:32:39 ikke: ncopa: ^ ? 2021-04-15 12:33:02 clandmeter: you mean moving to community ? 2021-04-15 12:52:11 Uhm yes :) 2021-04-15 12:55:52 nmeum: I can look in a couple of hours 2021-04-15 14:03:30 ncopa: we have https://github.com/RPi-Distro/bluez-firmware/ in linux-firmware. and there is https://github.com/RPi-Distro/bluez-firmware/blob/master/broadcom/BCM-LEGAL.txt file 2021-04-15 14:04:13 we need free software lawyer in 'our community' 2021-04-15 14:31:04 Hmm qt5-qtwebengine fails on checksums on the x86 builder which makes no sense as I updated those and the other arches seem to have succeeded 2021-04-15 14:33:03 Let's give it another go for good measure 2021-04-15 14:33:15 It already did twice itself lol 2021-04-15 14:37:30 Oh :D 2021-04-15 14:40:56 Can check in a bit 2021-04-15 14:51:56 Yeah, seems like it failed for a third time, good call PureTryOut[m]2 :D 2021-04-15 14:52:43 Also I have a lot of CI jobs failing because of timing out while downloading sources 😢 2021-04-15 14:52:48 I constantly have to retry them 2021-04-15 15:03:20 Also, how often does https://pkgs.alpinelinux.org get updated? 2021-04-15 15:03:39 It gets updated once the builders upload their stuff 2021-04-15 15:03:52 Ah ok makes sense, thanks 2021-04-15 15:04:09 Darn it x86_64 builders, just hurry up with chromium will ya? 😛 2021-04-15 15:08:05 pkgs.a.o has a 15m sync job 2021-04-15 15:08:20 but it needs to be available on the mirrors before it sees the updates 2021-04-15 15:15:19 hey - could someone please merge !20516 when convenient? thanks! 2021-04-15 15:15:55 nmeum: https://tpaste.us/yN58 2021-04-15 15:15:58 that's on the builder 2021-04-15 15:16:35 skarnet: I'll merge it once CI went over it 2021-04-15 15:16:48 Are any of those upgrades worth backporting? 2021-04-15 15:16:49 nmeum: in docker, none of those are set 2021-04-15 15:18:37 Cogitri: thanks! and no, no fires to extinguish, just a regular update (they fix an annoying build bug but Alpine is not impacted) 2021-04-15 15:25:35 Okie 👍 2021-04-15 16:01:03 PureTryOut[m]2: the archive of distfiles has a different checksum as the file on dev.a.o 2021-04-15 16:01:38 Yes I updated the file on dev.a.o, but I updated the checksum accordingly (and it seems to have worked on CI and all other arches) 2021-04-15 16:02:02 yes, but the builders try to fetch the archive first from distfiles 2021-04-15 16:02:11 and as the archive is available there, that's what they use 2021-04-15 16:02:23 Oh, ugh 2021-04-15 16:02:26 was the old archive not deterministic? 2021-04-15 16:02:58 It was a copy of a git repo and I reverted a commit in that repo, which I then repackaged. I guess I had to take the new latest commit 2021-04-15 16:03:46 https://git.alpinelinux.org/aports/tree/community/qt5-qtwebengine/APKBUILD#n104 2021-04-15 16:04:59 You probably should add $(git rev-parse HEAD) as $_commit in the snapshot funciton 2021-04-15 16:05:02 function* 2021-04-15 16:05:15 Then the archive will always have the proper commit hash 2021-04-15 16:06:54 Wait, how exactly? 2021-04-15 16:08:33 PureTryOut[m]2: maybe it's easier to add that revert as a patch? 2021-04-15 16:08:47 right now, you checkout a commit, but revert that, but get a different commit 2021-04-15 16:08:56 well, revert something on top of that commit 2021-04-15 16:09:09 Yeah I guess as patch will be better... 2021-04-15 16:09:41 so you get a different archive, but with the same hash as the old archive 2021-04-15 16:09:48 in the filename 2021-04-15 16:11:39 That's what causes this issue 2021-04-15 16:11:51 Yeah I get what causes it. I'll just apply that revert as patch 2021-04-15 16:57:21 Ok, wtf? I did just that, the archive should now be the same as before but it's still failing on checksums... 2021-04-15 16:59:49 Seems checksum of new archive isn't the same as before the wrong change... Wtf 2021-04-15 17:01:10 Ok I'll just name the new archive differently to force it to stop using the distfiles one 2021-04-15 17:01:27 I can remove the distfiles archive 2021-04-15 17:02:07 Oh that would work too 2021-04-15 17:03:24 done 2021-04-15 18:00:58 ikke: ah, thanks. that might explain the build failure 2021-04-15 18:06:33 ncopa: i haven't been able to get to it yet, i assumed you wanted the infra team to do it anyway 2021-04-15 18:07:08 Ariadne: what is the idea for it? 2021-04-15 18:09:57 provide an alpine host to the python team for their buildbot 2021-04-15 18:09:59 simple as that :p 2021-04-15 18:10:30 ok 2021-04-15 18:21:04 Ariadne: what dns record did you have in mind again for the cve tracker? 2021-04-15 18:21:17 security.* 2021-04-15 18:21:24 ok 2021-04-15 18:21:46 unless you wanna use something else :p 2021-04-15 18:23:13 no 2021-04-15 19:52:47 2021-04-15 19:53:05 2021-04-15 20:21:19 qt5-qtwebengine on armv7 fail 2021-04-15 20:21:38 yes, still 2021-04-15 20:21:59 ugh 2021-04-15 20:22:15 It cannot find __NR_fstatat 2021-04-15 20:22:28 ah 2021-04-15 20:22:45 Does that ring a bell? 2021-04-15 20:23:58 yes 2021-04-15 20:24:56 on armv7 '/usr/include/bits/syscall.h:#define __NR_fstatat64 327' 2021-04-15 20:25:24 64 bits variant 2021-04-15 20:27:04 grep -r _NR_fstatat /usr/include/ | tpaste => https://tpaste.us/K5J9 2021-04-15 20:27:35 that explains I guess why __NR_fstat cannot be found 2021-04-15 20:28:34 not sure if some other header file contains it on arm32 2021-04-15 20:28:46 maybe something C++ specific 2021-04-15 20:29:37 uh, how big is this source tarball? ;) 2021-04-15 20:30:05 2G :P 2021-04-15 20:30:37 nonsense, and I thought chromium is monster :) 2021-04-15 20:30:44 haha 2021-04-15 20:30:46 qt5-qtwebengine is Qt + chromium 2021-04-15 20:31:07 ah :D 2021-04-15 20:31:30 nonsense^2 2021-04-15 20:31:38 Exactly 2021-04-15 20:32:29 unpacked it is 4GB 2021-04-15 20:34:39 does it makes sense to build it on armv7, chromium can't be built on it afaik 2021-04-15 20:35:06 lots of packages depend on it 2021-04-15 20:35:25 Yes that makes sense, and it has built there before 2021-04-15 20:35:27 At least on postmarketOS it's very useful to have it 2021-04-15 20:37:14 looks like __NR_fstatat is guarded in source by #ifdefs, but it still fails 2021-04-15 20:37:44 #ifndef , I mean 2021-04-15 20:38:46 ACTION hides from this issue 2021-04-15 20:46:38 mps: where did you find that code, I cannot seem to find it? 2021-04-15 20:47:05 which one? 2021-04-15 20:47:20 that's mentioned in the error 2021-04-15 20:48:08 abuild unpack, grep -r _NR_fstatat . 2021-04-15 20:49:32 btw, it fails om x86_64 also, didn't even looked why 2021-04-15 20:50:57 ugh, checksums again 2021-04-15 20:51:05 ikke: guess you didn't remove distfile for x86_64? 2021-04-15 20:51:30 there is just one distfiles 2021-04-15 20:52:05 Oh, huh 2021-04-15 20:52:15 Then why did it fail now... 2021-04-15 20:54:49 9620b9cc8585c108fa1798f6bc98975d0054ce744ce551edea9405505172492a2b9391fda164d34217f099fe352adbcba906e203000ff98916beb653666fbd57 qtwebengine-e0b4b9436033e9bc376597ed90dd1fca9cdc90ff.tar.gz.a41f847d 2021-04-15 21:16:30 Hi, I would like to push some changes on a MR but only for check armv7 builder, is there some way for disable the others without manual cancelling? 2021-04-15 21:16:54 no 2021-04-15 21:17:06 hehe ok 2021-04-15 21:18:08 uhM well, I could set arch=armv7 on APKBUILD until I fix it 2021-04-15 21:18:15 yeah 2021-04-15 21:18:32 don't forget to remove that again, though :) 2021-04-15 21:18:40 hehe yes np 2021-04-15 21:20:19 or could I setup an armv7 build env on my x86_64 pc? 2021-04-15 21:20:55 you could use qemu 2021-04-15 21:21:04 either system or user 2021-04-15 21:21:57 ok I will check another day, I would like to fix the MR first 2021-04-15 21:41:32 ey mps I see that "/var/run/tinyproxy/" is created as tinyproxy user home. If pidfile is moved to "/run/tinyproxy.pid", what should I do with the home dir? Use '/dev/null'? 2021-04-15 21:57:17 ACTION is on edge 2021-04-15 21:59:01 I went from 3.13.5 to edge and my /var/run/xen disappeared so I had to recreate it 2021-04-15 21:59:13 uhM.. 2021-04-15 21:59:27 that seems very similar to my problem this morning with tinyproxy 2021-04-15 22:03:27 omni: could you try to reboot? 2021-04-15 22:03:37 In my case it fails again on each restart 2021-04-15 22:03:56 huh 2021-04-15 22:04:18 yeah, looking at openrc now 2021-04-15 22:04:39 since nothing relevant to this seem to have changed with xen 2021-04-15 22:05:14 there was an openrc update yesterday 2021-04-15 22:05:34 I think that it removes or stopped the creating of /var/run/XXXX dirs 2021-04-15 22:06:02 I was tryint to move /var/run/tinyproxy/tinyrpoxy.pid to /var/run/tinyproxy.pid 2021-04-15 22:06:07 but it the problem is more generic... 2021-04-15 22:07:34 s/it/if/ 2021-04-15 22:07:34 donoban meant to say: but if the problem is more generic... 2021-04-15 22:11:30 perhaps /run should be used instead... after all, /var/run is a symlink to it 2021-04-15 22:12:04 I'll try first to just reboot and see if I get the same issue, then fiddle with the rc script 2021-04-15 22:12:36 since each reboot all the /run && /var/run is lost 2021-04-15 22:12:48 I assume that before the update openrc was creating the directories 2021-04-15 22:22:46 this did it for me: doas sed -i "s,/var/run,/run," /etc/init.d/xendomains 2021-04-15 22:22:53 https://github.com/openrc/openrc/issues/201 2021-04-15 22:24:34 oh great 2021-04-15 22:24:45 so that's all the mistery :D 2021-04-15 22:42:03 lol 2021-04-15 22:42:38 building telegram on armvy, InSnap() is returning True :\, is not Snap it is InAlpine() :@ 2021-04-15 22:43:40 It just gets SNAP env var, what strange... 2021-04-15 23:47:52 hmm.. I seem to have lost the ability to scroll with two parallel fingers on the pad rodent after the upgrade 2021-04-15 23:48:52 oh, only in qutebrowser 2021-04-16 00:00:36 lovely.. 2021-04-16 00:00:48 why is that even application specific? :/ 2021-04-16 00:04:46 no idea 2021-04-16 00:06:26 I forgot to bump pkgrel in !20529 but perhaps it's the only thing that was blocking !20297 ? 2021-04-16 00:07:09 so it could be incorporated in that instead of building 4.14.1-r5 2021-04-16 00:14:08 the builders are having troubles with distfiles 2021-04-16 00:27:40 I'm happy to see that I am not FLoCed by our chromium-browser, even though this does not seem to be due to an active effort at our end 2021-04-16 00:34:14 omni: switch to links 2021-04-16 00:34:25 surely that won't be clealry identifying 😛 2021-04-16 00:39:24 there's the reasonably fast netsurf 2021-04-16 00:39:37 and kristall is pretty nice, it also has support for superior protocols 2021-04-16 00:40:03 I'd love to use netsurf but it crashes on sites I want to use 2021-04-16 00:40:12 not heard of kristall, I'll have to give that a try 2021-04-16 00:40:17 plus, I really do want vim-like browsing 2021-04-16 00:40:48 yeah, me too, unfortunately those two lack that 2021-04-16 00:40:53 ☹ 2021-04-16 00:41:07 I also really like dillo hypothetically, but again, crashy and no vimlike 2021-04-16 00:41:16 clearly what I want isn't widely-wanted 2021-04-16 00:42:34 I think kristall won't even show the sites that crash for you in netsurf, it has pretty limited web-support (does it even show images?) 2021-04-16 00:42:41 hehe 2021-04-16 04:29:20 maxice8: how so? 2021-04-16 06:36:43 donoban: omni: https://bugs.gentoo.org/782808 2021-04-16 06:36:55 will be upgraded soon 2021-04-16 06:39:41 donoban: omni I do recall someone mentioning that the behavior of checkpath changed in regards to following symlinks 2021-04-16 06:40:06 That probably causes this issue 2021-04-16 06:40:34 ikke: I did mentioned it yesterday 2021-04-16 06:41:05 Right 2021-04-16 06:41:38 I created MR, will merge when pass CI 2021-04-16 06:42:10 (hope it is not risk to merge it before morning coffee :) ) 2021-04-16 06:43:09 hmm, a lot of blockers on builders 2021-04-16 06:44:45 So this is an actual bug 2021-04-16 06:48:30 'The issue happens because /var/run is a symlink and the change between 0.43.1 and 0.43.2 broke this case, so I will work on this today' 2021-04-16 06:48:37 Yup 2021-04-16 06:48:47 hope it is fixed now 2021-04-16 07:03:15 ugh 2021-04-16 07:23:36 morning 2021-04-16 07:24:07 seems like edge builderes are stuck due to checksum errors for xen? 2021-04-16 07:24:27 hi all, can i somehow parametrize os release in apkbuild? 2021-04-16 07:25:22 i have from 3rd party archive with binary for 3.12 and 3.13 2021-04-16 07:26:13 is there way to have single apkbuild for two os releases? 2021-04-16 07:30:27 everything is possible. the impossible just takes longer time... 2021-04-16 07:31:32 indy: the better way to do that is to have different repo for 3.12 and 3.13 2021-04-16 07:31:40 the way we do it in alpine is to have separate git branches, which means there are different copies of the same APKBUILD 2021-04-16 07:33:34 checksums of `main/xen` need regenerating, it's failing on the builders 2021-04-16 07:36:54 im on it 2021-04-16 07:40:38 so, the openrc update dropped to use the /var/run thingy? 2021-04-16 07:41:08 py3-pelican and bcc also need their checksums regenerated 2021-04-16 07:41:54 why? 2021-04-16 07:42:06 Because they are failing on the checksum check 😛 2021-04-16 07:42:14 on the builders 2021-04-16 07:42:42 so, when that happens, something is different than expected. are the checksum correct and the files wrong or the files checked in correct and checksum wrong? 2021-04-16 07:43:00 I do not know, just reporting what I see on the logs of the builders 2021-04-16 07:43:05 and how did it end up different than expected 2021-04-16 07:43:31 did someone modify the source to inject a backdoor? 2021-04-16 07:43:55 on 3 completely separate irrelevant packages? Could be but I doubt it 2021-04-16 07:43:58 my point is, its not just to update the checksums 2021-04-16 07:44:04 I get you 2021-04-16 07:44:10 Download the files 2021-04-16 07:44:12 As I said, just reporting what I saw on the builders 2021-04-16 07:44:14 extract them in a jail 2021-04-16 07:44:21 compare the dirs 2021-04-16 07:44:26 if they're the same, it's fine 2021-04-16 07:44:30 thats what i normally do 2021-04-16 07:44:36 Telling PureTryOut[m]2 2021-04-16 07:46:14 👍 2021-04-16 07:46:51 You could do it easy and just make a local git repo and extract into it, commit, extract the second archive over it, check the difference 2021-04-16 07:47:02 OBVIOUSLY only do that if there's no .git dir in any of the archives. 2021-04-16 07:58:00 this is the problem 0f74849ab77c0e032e147b85c0f0e2600d41a833 2021-04-16 07:58:30 -source="$pkgname-$pkgver.tar.gz::https://github.com/iovisor/bcc/releases/download/v$pkgver/bcc-src-with-submodule.tar.gz" 2021-04-16 07:58:38 +source="$pkgname-$pkgver.tar.gz::https://github.com/iovisor/bcc/archive/v$pkgver.tar.gz 2021-04-16 07:59:00 different files are downloaded, same target filename 2021-04-16 07:59:22 so the stored cache fails 2021-04-16 08:01:00 problem is that our file cache is super simple and stupid and people dont expect that 2021-04-16 08:01:09 or dont know that we cache the sources 2021-04-16 08:05:49 i guess we really need a smarter cache 2021-04-16 08:05:51 :-/ 2021-04-16 08:09:18 py3-pelican seems to have exactly the same issue 2021-04-16 08:09:20 68da843018346f66c160a9bc11ad8248bca63612 2021-04-16 08:10:10 I wonder how that last one got through review, we actively prevent $pkgname from being used in the srcurl, so $_pkgname should be kept out as well 2021-04-16 08:10:13 changed the generated tarball fro mgithub to the stored tarball on pythonhosted, with different checksum, but exactly the same filename 2021-04-16 08:12:04 we should document it somehow, somewhere 2021-04-16 08:12:10 tbh, i dont really want a smarter cache 2021-04-16 08:12:18 Me neither 2021-04-16 08:12:39 if you have a filename, then that filename should be unique 2021-04-16 08:12:39 But we need a way to catch this earlier 2021-04-16 08:12:47 sorry for breaking things :'( 2021-04-16 08:12:53 it happens 2021-04-16 08:13:02 it means that we need to document things better 2021-04-16 08:13:15 I still think we should store distfiles in /var/cache/distfiles/$pkgname/ to avoid these kinds of things entirely 2021-04-16 08:13:36 i dont think it would solve those two issues 2021-04-16 08:13:40 and it shouldnt either 2021-04-16 08:14:13 if you have two different files: foo-1.0.tar.gz and foo-1.0.tar.gz, how do you know which is which? 2021-04-16 08:14:19 CI step to verify the hash on distfiles I guess? 2021-04-16 08:14:32 ah, I misread the issue then 2021-04-16 08:14:45 oh you mean the c89dd19072ba4127388f02a0e1fcdc51e163881ded53eb1fb8c342f02ed3b5242318e43999f46c9d976811a7cad0eef2c61d2172eb5c8e13b5ec883b6e8a8058 version of foo-1.0.tar.gz. sorry i though you meant the 0e1fae86ab914cce59c84db97c4661a454674f5e41682785aa82088e34cc9f4170b442f292fdc25c58d4c675269aa26b0652f63ca809596a175fc544d9b5fb61 version 2021-04-16 08:15:00 A CI step to verify the hash on distfiles as ikke suggested sounds good yes 2021-04-16 08:15:46 and if distfiles gives 404 it just moves on with success 2021-04-16 08:18:32 ncopa: I hope openrc bug is fixed in latest upgrade (merged it about hour ago), waiting for it on mirrors to check 2021-04-16 08:18:54 ok. i wasnt even aware that openrc had a bug :) 2021-04-16 08:19:44 well, also I wasn't sure even I posted changed commit url here yesterday 2021-04-16 08:20:27 it looked a little strange, but not as bug to me 2021-04-16 08:21:05 but looks like it is fixed in this morning release. lets see 2021-04-16 08:23:02 thank you for taking care of it 2021-04-16 08:24:55 just upgraded (mirrors, mirrors :) ) and tested with tinyproxy, looks like it is fixed. donoban: can you check 2021-04-16 08:25:16 Ariadne, ncopa i'll try another question, can i use some environment variable in APKBUILD? 2021-04-16 08:25:38 ncopa: I dislike too much 'thanks' 2021-04-16 08:26:07 though they are pleasant, I admit :) 2021-04-16 08:27:17 anyway, thanks for thanks 2021-04-16 08:27:55 you're welcome :) 2021-04-16 08:28:07 Ariadne, ncopa or is everything unset? 2021-04-16 08:28:41 indy: no, everything is not unset. there are env vars like GOFLAGS, CFLAGS, LDFLAGS, PATH etc that are set 2021-04-16 08:29:06 there are also things like CC and JOBS, which might be set 2021-04-16 08:29:46 i think I have used ${CC:-gcc} some places, so we can override the system compiler 2021-04-16 08:29:58 there are also vars like CHOST that are set 2021-04-16 08:30:33 as it is binary i can hence 'misuse' those variables? 2021-04-16 08:30:54 i dont understand, what you mean. sorry 2021-04-16 08:33:38 will write later now must go afk 2021-04-16 08:45:46 ey mps , I could check but what piddfile should I have? 2021-04-16 08:48:31 donoban: default one 2021-04-16 08:49:41 apk del --purge tinyproxy, then remove /etc/tinyproxy/tinyproxy.conf and /etc/init.d/tinyproxy, and the apk add tinyproxy 2021-04-16 08:50:33 ok 2021-04-16 09:15:53 sorry mps I'm a little busy I will check it in a while :D 2021-04-16 09:17:58 donoban: np, no hurry. I already tested 2021-04-16 09:18:11 ok 2021-04-16 09:37:56 re qt5-webengine on armv7. it seems that there are no __NR_fstatat on armv7, only __NR_fstatat64 2021-04-16 09:39:48 it also seems that we dont build chromium for armv7, only aarch64 and x86_64 2021-04-16 09:41:49 Yes but we did build qt5-qtwebengine for armv7 before. And quite a lot of packages depend on it 2021-04-16 09:43:23 looks like they had the issue in void linux previousy https://chocimier.github.io/voidlinux-archive/void-packages:issues:5495.html 2021-04-16 09:45:08 They undefd fstat64 2021-04-16 09:50:52 ncopa, so i have two archives with binaries and 3.12 /3.13 in name, one git repo with APKBUILD. currently i have 3.12 hardcoded in source filename, i was thinking using same APKBUILD for 3.12 and 3.13 putting ${CC} instead of hardcoded 3.12 2021-04-16 09:52:03 and use "CC=3.12 abuild" 2021-04-16 09:53:47 and "CC=3.13 abuild" 2021-04-16 09:56:05 CC is the compiler, you should not use it for other things 2021-04-16 09:56:31 But you can certainly use variables for that 2021-04-16 09:56:41 "CC=tcc" would be interesting :) 2021-04-16 09:56:55 PureTryOut[m]2: so i guess we need to fix qtwebengine. Might be a good first step to report it upstream if it not already is 2021-04-16 09:57:57 this must be bug in chromium code 2021-04-16 10:00:50 likely 2021-04-16 10:01:57 ikke, ncopa it works :) https://dpaste.org/dmpY 2021-04-16 10:02:02 ncopa: upstream (Qt) has no interest in fixing this as they moved to Qt6 2021-04-16 10:02:12 As for Chromium, probably someone with more knowledge about the bug should report it 2021-04-16 10:04:44 sorry 'bout my sloppy xen mr earlier, missing to bump pkgrel and checksums 2021-04-16 10:06:13 was the armv7 gitlab CI builder the same hardware as the arm64 one but running in 32bit mode? 2021-04-16 10:11:30 in general, chromium requires significant amount resources so we only build ig for aarch64 and x86_64 currently 2021-04-16 10:11:56 i dont have time to dig into chromium, so someone else need to step up 2021-04-16 10:16:42 mps: After purge and reinstall it works, after rebooting tinyproxy -> [ crashed ] :( 2021-04-16 10:17:40 also this error: "WARNING: logging deactivated (can't log to stdout when daemonized)" is fixed setting a log option (syslog/file) on tinyproxy.conf 2021-04-16 10:18:29 now I'm like before https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20078 , openRC reports it as crashed but it is running 2021-04-16 10:27:33 donoban: thanks for report 2021-04-16 10:28:29 wops my last push failed due missing checksum 2021-04-16 10:28:39 do you want I fix and try again? 2021-04-16 10:29:05 sorry, I'm too busy now to look at anything on alpine 2021-04-16 10:29:11 ncopa, ikke thanks for help :) 2021-04-16 10:29:17 ok ok, see you later 2021-04-16 11:34:14 chromium actually builds on armv7, but it fails to link 2021-04-16 11:40:51 files installed by community/rust packages are owned by 1000:1000 since when? 2021-04-16 11:54:35 (for me since I went from 3.13.5 to edge, but why?) 2021-04-16 15:09:58 omni: hmm, are they? 2021-04-16 16:06:57 huh, every two or three days new kernel stable release. looks like -rc is more stable, it is released once in a week :) 2021-04-16 16:14:16 hehe 2021-04-16 16:25:29 donoban: I looked at tinyproxy and tested it again. it works fine with upgraded openrc 2021-04-16 16:26:09 ouch 2021-04-16 16:26:13 though warning is there but this should be fixed in conf file, I think 2021-04-16 16:26:26 and rc-status shows it running? 2021-04-16 16:26:28 after reboot 2021-04-16 16:26:45 in what runlevel you put it? 2021-04-16 16:27:22 'WARNING: logging deactivated (can't log to stdout when daemonized)' 2021-04-16 16:28:31 there is no cmdline option for it to control log destination, so this must be fixed in conf file 2021-04-16 16:28:56 on default 2021-04-16 16:29:08 alpine should make tailored tinyproxy.conf 2021-04-16 16:29:17 I fixed it on APKBUILD 2021-04-16 16:29:25 good 2021-04-16 16:29:47 it has to uncomment a log option, I did /var/log/tiniproxy/ instead syslog 2021-04-16 16:29:56 specially because in the default config it floods a lot 2021-04-16 16:29:58 also pidfile should be set in conf file by alpine 2021-04-16 16:30:10 yes 2021-04-16 16:30:23 but the current APKBUILD doesn't take in account that that lines are commented in tinyproxy 2021-04-16 16:30:37 and .pre-install should be fixed to not create home dir for it 2021-04-16 16:31:10 donoban: 'sed' in package() could fix this 2021-04-16 16:31:36 I don't know does tinyproxy really needs home dir 2021-04-16 16:31:58 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20078/diffs#97a1ecbfca7f2f05fc479c13b1b83a365a538c49 I fixed one sed and add another 2021-04-16 16:32:05 wopcs 2021-04-16 16:32:09 I always confuse the bot :\ 2021-04-16 16:32:44 so better just unset the home folder? or set /dev/null? 2021-04-16 16:35:57 don't create home (-H) 2021-04-16 16:36:45 'adduser -h' to see options 2021-04-16 16:37:12 ah ok ok 2021-04-16 16:37:37 I just checked /etc/fstab and see that almost users have some home dir 2021-04-16 16:37:45 so I though that maybe was useful for something 2021-04-16 16:37:58 lol 2021-04-16 16:38:09 s/fstab/passwd/ 2021-04-16 16:38:10 donoban meant to say: I just checked /etc/passwd and see that almost users have some home dir 2021-04-16 16:38:43 take a look, almost all users have some home dir 2021-04-16 16:38:55 and some have /dev/null 2021-04-16 16:39:28 home could be set to /dev/null I think, but maybe some thinks differently 2021-04-16 16:45:17 ok 2021-04-16 17:19:39 PureTryOut[m]2: what about temporary disable qt5-qtwebengine on armv7 to deblock builder? 2021-04-16 19:24:26 mps: I guess temporarily it's fine yes. I just don't know how to fix it and a lot of packages depend on it 😢 2021-04-16 19:24:35 I'll make an issue for it at least 2021-04-16 19:28:17 disabled 2021-04-16 19:28:38 PureTryOut[m]2: the void issue that ncopa linked to mentioned #undefing fstat64 2021-04-16 19:28:54 The source already does that though 2021-04-16 19:29:05 PureTryOut[m]2: thanks 2021-04-16 19:29:42 yes, it is complicated to find solution for such big code 2021-04-16 19:29:54 ikke: https://invent.kde.org/qt/qt/qtwebengine-chromium/-/blob/33.0.1750.170-based/chromium/third_party/lss/linux_syscall_support.h#L132 2021-04-16 19:30:12 ok 2021-04-16 19:30:42 although maybe it needs to undef fstatat instead? 2021-04-16 19:31:37 perhaps 2021-04-16 19:34:54 ikke: yes, and I've also chowned files root:root, reinstalled the package with 'apk fix' and had their files reverted to 1000:1000 ownership 2021-04-16 19:35:28 omni: what package 2021-04-16 19:35:33 this is the rust package itself and any of its subpackages 2021-04-16 19:36:05 @edge 2021-04-16 19:36:48 omni: I see, they seem to be owned by buildozer 2021-04-16 19:37:15 https://tpaste.us/wPyK 2021-04-16 19:38:25 whose uid:gid is 1000:1000, so any system with it installed will have them owned by the first user 2021-04-16 19:39:06 yes 2021-04-16 19:39:13 but I didn't really see what should've introduced this 2021-04-16 19:39:51 between 1.47.0-r2 and now 2021-04-16 19:40:46 well, there are these tar steps... 2021-04-16 19:41:24 :-p 2021-04-16 19:41:38 that should probably be fixed in general infrastructure 2021-04-16 19:41:47 it should not be possible to package files owned by inappropriate uids 2021-04-16 19:42:21 right? 2021-04-16 19:43:01 We first need to figure out what's causing this in the first place 2021-04-16 19:43:03 was it through this 04ecd3b0271b8a9e4bf6679499bc329859c00d42 ? 2021-04-16 22:20:59 do not revert 04ecd3b0271b8a9e4bf6679499bc329859c00d42 2021-04-16 22:25:17 --no-same-owner extract files as yourself (default for ordinary 2021-04-16 22:25:17 users) 2021-04-16 22:25:19 this is why 2021-04-16 22:25:21 fakeroot 2021-04-16 22:31:01 pushing fix 2021-04-16 22:32:21 omni: http://dup.pw/alpine/aports/15cd4972fbd2 2021-04-16 23:12:08 funny thing is, i think linux-firmware has the same problem 2021-04-16 23:19:01 Ariadne: kewl! 2021-04-16 23:25:36 still think I agree with dalias though 2021-04-16 23:29:02 yes,that will be fixed in apk3 2021-04-16 23:46:41 great stuff! 2021-04-16 23:51:40 seems like some packages have been rebuilt but kept their $pkgver-r$pkgrel, like pmbootstrap 2021-04-16 23:52:16 but I guess I should've remembered to add -a to 'pkg upgrade' anyway 2021-04-17 00:52:14 Ariadne: pkgs.alpinelinux.org shows 2 gettext-tiny packages! One maintained by you in testing and another maintained by TBK in community. 2021-04-17 00:52:39 minimal: mine supercedes the one maintained by TBK 2021-04-17 00:53:12 minimal: it is all going to plan 2021-04-17 00:54:02 so if someone does a "apk add gettext-tiny" in Edge which one gets installed? 2021-04-17 00:56:29 Ariadne: ^^ 2021-04-17 00:57:25 who knows 2021-04-17 00:57:26 who cares 2021-04-17 00:57:36 (answer: mine) 2021-04-17 00:58:44 Ariadne: is gettext-tiny ready to be used yet? I'm working on some MRs for a couple of packages and at least one of them currently uses gettext and was wondering whether to change to gettext-tiny 2021-04-17 01:59:32 minimal: no 2021-04-17 02:00:00 minimal: it depends, if the software does not depend on libintl it should be fine 2021-04-17 02:01:01 ok, I'll hold off on that for now 2021-04-17 02:29:03 minimal, nothing needs gettext-tiny as a runtime dep. it might need it as a build dep for the po->mo tools 2021-04-17 02:31:27 dalias: I was thinking in terms of a package currently using gettext-dev as a makedepends and whether to change that to gettext-tiny-dev 2021-04-17 02:34:09 gettext-tiny-dev just provides a libintl.a stub for really special programs 2021-04-17 02:34:30 usually you don't want it 2021-04-17 02:34:52 unless you have a really special (and i don't mean that in a nice way) program which looks for weird GNU libintl symbols 2021-04-17 02:40:58 Ariadne: it was procps I was looking at that uses libintl 2021-04-17 04:05:03 I am working on adding my first package to alpine (in testing). It's a prometheus exporter. I see some prometheus exporter have a prefix of `prometheus-`, is this required ? 2021-04-17 05:38:39 tomleb: it should ideally match the name of the upstream project 2021-04-17 11:16:18 from https://releases.llvm.org/12.0.0/docs/ReleaseNotes.html → Many Sanitizers (asan, cfi, lsan, msan, tsan, ubsan) have support for musl-based Linux distributions. 2021-04-17 12:02:24 Hi, I would like to diable a build option only for armv7 2021-04-17 12:02:37 what kind of build option?" 2021-04-17 12:02:54 disable dbus integration 2021-04-17 12:03:05 it fails on armv7 2021-04-17 12:03:09 but works fine on others 2021-04-17 12:04:41 case $CARCH in; armv7) ;; *) add_build_option;; esac 2021-04-17 12:04:47 something like that 2021-04-17 12:05:05 if it fails on armv7, I guess it fails on armhf as well 2021-04-17 12:05:23 arhmf is disable already due missing dependency 2021-04-17 12:05:29 ok 2021-04-17 12:05:38 any idea why it's just failing on armv7? 2021-04-17 12:06:05 uhM, I don't remeber exactly had other problems later let me check 2021-04-17 12:07:43 main problem is that upstream doesn't support officially arm 2021-04-17 12:08:17 https://gitlab.alpinelinux.org/donoban/aports/-/jobs/372405#L4653 2021-04-17 12:08:53 some undefined vars or methods on glibmm, also tried with different version 2021-04-17 12:09:13 finally discovered that it could be avoided disabling dubs integraton 2021-04-17 12:09:18 ok 2021-04-17 12:09:25 means no notifications, I guess 2021-04-17 12:09:49 well at least in the desktop integrated method 2021-04-17 12:09:59 maybe it uses some alternative like send-notify 2021-04-17 12:10:23 I can't test armv7, maybe I should buy some device 2021-04-17 12:10:29 raspberry pi? 2021-04-17 12:10:38 rpi3 I guess 2021-04-17 12:10:50 rpi4 is aarch64 2021-04-17 12:11:11 ok 2021-04-17 12:17:34 any rpi 2 and up should do with armv7 2021-04-17 12:18:04 does rpi4 aarch64 support 32-bits mode? 2021-04-17 12:18:31 ikke: why you give bad advises around :P 2021-04-17 12:19:11 donoban: don't buy anything with broadcom 2021-04-17 12:27:08 ikke: yeah it does 2021-04-17 12:28:50 ikke: they tend to run armhf "official" raspberry pi os on all boards 2021-04-17 12:50:32 mps: anything with broadcom? 2021-04-17 12:51:43 it seems that my laptop is broadcom free :D 2021-04-17 12:54:08 donoban: exynos, rockchip, allwinner based boards are usually more open and linux friendly 2021-04-17 12:54:16 not perfect ofc 2021-04-17 12:54:48 ok good to know 2021-04-17 12:55:54 I forgot to mention ammlogic also (and there is more but writting from head) 2021-04-17 12:58:10 donoban: iirc you asked about qemu armv7 guest on x86_64? 2021-04-17 13:19:14 Ariadne: Ok, thanks 2021-04-17 13:25:24 mps: I asked some days ago yes 2021-04-17 14:32:27 Is it okay for a APKBUILD to have something like _commit="$pkgver" to make it easier to test other git commits? For example, let's say I have a git tag of 0.0.1, then I wouldn't need something like _commit="..", but it does make it easier later to test non tagged releases. 2021-04-17 14:36:18 I couldn't find any package using this so I'll assume that it's better to not use that. I'll just use $pkgver. 2021-04-17 14:37:56 tomleb: I don't see what would be different with having _commit variable that you change instead of changing pkgver? 2021-04-17 16:00:49 this tmpfs mount is failing on firejail: mount("tmpfs", proc, "tmpfs", flags|MS_NOSUID|MS_NODEV, options) , it just says "Invalid argument" 2021-04-17 16:01:49 proc seems something like '/proc/self/fd/...' 2021-04-17 16:24:29 >>> firejail: Package is up to date , could I force dabuild to build again without removing it or modifying the APKBUILD version? 2021-04-17 16:24:54 It just checks for the last modified date 2021-04-17 16:25:12 you could open your text editor, save the file immediately without doing changes and build again 2021-04-17 16:25:16 uhM, the last modified that of ..? 2021-04-17 16:25:18 APKBUILD? 2021-04-17 16:25:24 Yes 2021-04-17 16:25:26 ok 2021-04-17 16:26:05 it doesnt work :\ 2021-04-17 16:27:19 Should work if your editor allows saving unchanged files 2021-04-17 16:27:24 e.g. nano does it just fine 2021-04-17 16:27:35 donoban: -f 2021-04-17 16:28:04 Oh, or that works too :D 2021-04-17 16:28:20 I read the help and -f says force to run as root 2021-04-17 16:28:32 ahh 2021-04-17 16:28:34 it was -F 2021-04-17 16:28:39 ehh 2021-04-17 16:28:40 :) 2021-04-17 16:31:44 ouch, it ended overwriting my changes -_- 2021-04-17 16:33:34 I should used build arg 2021-04-17 16:39:55 if I run: "dabuild -kKr build" it fails due "configure: error: "*** gawk not found ***"", if remove the 'build', it builds fine but downloads again the sources 2021-04-17 16:40:52 donoban: deps build 2021-04-17 16:41:06 ahmM, thanks 2021-04-17 16:48:17 Cogitri: Humm, iirc pkgver can't be a git commit, I'll have to try again though just to be sure 2021-04-17 16:48:42 it cannot 2021-04-17 17:00:42 maybe what I'm trying to do is just not possible, I want to modify some lines in the source, run dabuild, run apk upgrade, test the changes. It seems that runninng 'dabuild -kKrf deps build' doesn't create a new package 2021-04-17 17:01:03 I mean doing this without incrementing pkgrel 2021-04-17 17:01:32 to create the actual package, you need more: 2021-04-17 17:02:26 if incrementing the pkgrel is easier path... I will do it :) 2021-04-17 17:02:33 the whole sequence is: deps unpack prepare build rootpkg index 2021-04-17 17:02:44 oh, also check 2021-04-17 17:02:51 uhM ok 2021-04-17 17:03:29 I guess that apk upgrade won't work if the version/release is the same right? 2021-04-17 17:03:34 I should remove and add again? 2021-04-17 17:03:53 apk upgrade -a 2021-04-17 17:10:17 donoban: I have some scripts to install armv7 in qemu on x86_64 2021-04-17 17:10:35 oh great 2021-04-17 17:11:04 have to check did they still works, but I think they will 2021-04-17 17:11:25 Warning: MOunting: /proc/self/fd/5 flags: 32 ops: mode=2755,uid=1000,gid=1000W 2021-04-17 17:11:38 this is the mount that fails 2021-04-17 17:12:21 is direct qemu based or libvirt? 2021-04-17 17:12:35 qemu only 2021-04-17 17:12:39 hehe I supposed 2021-04-17 17:12:52 I'm thinking removing libivrt 2021-04-17 17:12:59 why? sorry for curiosa ;) 2021-04-17 17:13:04 ah 2021-04-17 17:13:15 well, mostly because I don't like it modifies firewall rules 2021-04-17 17:13:23 just because I have also docker and my own rules 2021-04-17 17:13:37 so it's likely to fail something 2021-04-17 17:13:37 I tried libvirt long ago on debian and concluded that is not useful 2021-04-17 17:14:42 well it is useful specially if you don't all the different qemu options, devices, etc... 2021-04-17 17:14:56 yes, all these helper are more hassle than useful 2021-04-17 17:15:03 if you don't know* 2021-04-17 17:15:23 if 'you' don't know then don't 'do' 2021-04-17 17:15:55 or by windows :P 2021-04-17 17:15:55 hehe, that will limite computers for very few people.... 2021-04-17 17:16:48 there are a lot of free jobs around for people who don't like to learn ;) 2021-04-17 17:16:52 maybe if I want to use more VM's could be interesting, but I only need 1 at this moment, directly connected to host, so libvirt is not very helpful 2021-04-17 17:17:27 directly I mean without even NAT ^^ 2021-04-17 17:18:10 yes, I run qemu in default net mode or with tuntap bridged to host 2021-04-17 17:18:40 these are simple and stable, and fully under 'my' control 2021-04-17 17:18:53 I would like to fix this firejail error :\ 2021-04-17 17:19:34 maybe should ask in #linux 2021-04-17 17:19:53 let me prepare tea and after that I will check my qemu armv7 script 2021-04-17 17:20:02 ok thanks 2021-04-17 17:20:58 ideas about this is from clandmeter 2021-04-17 17:21:26 and I had a hope that the ncopa will make armv7 install iso image 2021-04-17 17:22:33 uhM, there isn't? 2021-04-17 17:23:44 no, not yet 2021-04-17 17:23:52 lol, (talking about libvirt) 2021-04-17 17:23:53 localhost:~$ sudo iptables -L LIBVIRT_OUT -n | wc 2021-04-17 17:23:55 90 625 6519 2021-04-17 17:24:15 it seems it's duplicating its rules eac reboot 2021-04-17 17:24:45 at least it forced iptables to run after it 2021-04-17 17:24:52 I* 2021-04-17 17:25:18 NAT is/was bad idea from the start 2021-04-17 17:25:37 uhM.. It's hard to say 2021-04-17 17:26:12 but it is not NAT, it's something related with domains names 2021-04-17 17:26:53 but it ignores that there already rules because I use iptables-save... 2021-04-17 17:27:11 I will try to run it in user mode before removing :D 2021-04-17 17:58:10 donoban: https://tpaste.us/8jYk 2021-04-17 17:58:20 👍 2021-04-17 17:58:38 you will have to tweak it for your use case 2021-04-17 17:59:17 and this is not alpine officiall, I made these things for testing booting armv7 in efi mode 2021-04-17 17:59:37 as you can see there debian efi for armv7 is used 2021-04-17 17:59:40 well, I would like to have build some package and test it 2021-04-17 18:00:22 I discovered something with my firejail problem :\ 2021-04-17 18:01:04 if I use --private=~/someDIr , it works the first time, but the second I get the same error 2021-04-17 18:02:04 the most rare is that my debug info don't appear in the working case :\ it seems a different path 2021-04-17 18:02:42 bah, I'm gonna postpone this until I upgrade to edge 2021-04-17 18:04:27 looks a simple script 2021-04-17 18:05:32 why does it need qemu-efi-arm_2021 from debian? 2021-04-17 18:13:07 armhf and armv7 failed over distfiles again 2021-04-17 18:13:11 for boost1.76 2021-04-17 18:13:25 maxice8: curl: (22) The requested URL returned error: 404 2021-04-17 18:13:32 distfiles does not even have it 2021-04-17 18:13:36 this is the shared local distfiles issue 2021-04-17 18:13:52 ok 2021-04-17 18:16:30 donoban: we don't have it in alpine 2021-04-17 18:18:31 I see 2021-04-17 18:36:41 one doubt guys, this error: "/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/libtg_owt.so.0.0.0: undefined reference to `webrtc::ScreenDrawerLock::Create()'", means that libtg_owt.so is wrong, or since it was build with -DBUILD_SHARED_LIBS=ON , maybe the current env is missing some lib which contains that reference? 2021-04-17 18:37:21 building it with -DBUILD_SHARED_LIBS=OFF works... 2021-04-17 18:42:32 building tg_owt with shared libs or tdesktop? 2021-04-17 18:44:13 uhM, both 2021-04-17 18:44:27 what the hell 2021-04-17 18:44:27 tg_owt off, tdesktop on, works 2021-04-17 18:44:37 ah sorry 2021-04-17 18:44:51 i have no clue why building shared libs would even change the available symbols 2021-04-17 18:45:24 thanks for going through the hell me a Newbyte didn't want to go through :)) 2021-04-17 18:45:31 the latest versions are a mess 2021-04-17 18:45:47 well, I was happy becoming a mantainer of a package 2021-04-17 18:45:54 if knew all this stuff before 2021-04-17 18:46:00 I probably will selected another :D 2021-04-17 18:46:07 understandable 2021-04-17 18:46:23 i would've bumped it myself but yeah... you see why i kinda gave up 2021-04-17 18:46:43 well one option is to use -DBUILD_SHARED_LIBS=OFF for this release 2021-04-17 18:46:50 and on the next one try to fix again 2021-04-17 18:47:04 if Cogitri is agree :) 2021-04-17 18:47:19 yeah, hopefully the main devs will fix the build system mess they have 2021-04-17 18:47:46 also there is another problem, libvpxv is already packaged but tdkestop telegram uses the source directly 2021-04-17 18:47:50 digging through the endless cmakefiles and bolierplate code is a pain 2021-04-17 18:48:07 donoban: yeah, you have to modify some things and header includes 2021-04-17 18:48:11 I would like to use alpine pacakge but it will require modify some cmake and I'm very noob with it 2021-04-17 18:48:25 donoban: cmake is easy if you keep it clean 2021-04-17 18:48:29 problem is, they don't 2021-04-17 18:52:57 I think this is the only difference: 2021-04-17 18:52:58 if (BUILD_SHARED_LIBS) 2021-04-17 18:53:00 set(CMAKE_POSITION_INDEPENDENT_CODE ON) 2021-04-17 18:53:02 endif() 2021-04-17 18:53:15 that shouldn't change anything though 2021-04-17 18:53:43 (related to this problem) 2021-04-17 18:55:49 well I'm gonna push with static link and rethink tomorrow 2021-04-17 18:56:53 does it build fine if you do it that way? 2021-04-17 18:57:02 yes 2021-04-17 18:57:13 it worked some days ago but armv7 failed 2021-04-17 18:57:26 now armv7 works too disabling dbus integration and small patches 2021-04-17 19:06:57 automaintainer has been merged into aports-qa-bot 2021-04-17 19:18:43 So once we update the bot, it can automatically assign the`Maintainer` of an APKBUILD to a MR 2021-04-17 19:19:05 lol 2021-04-17 19:19:18 I though that it was going to auto update packages :D 2021-04-17 19:19:49 Ah no, it doesn't have the brains for that :D 2021-04-17 19:20:00 s/though/tought 2021-04-17 19:20:00 donoban meant to say: I tought that it was going to auto update packages :D 2021-04-17 19:20:19 hehe 2021-04-17 19:20:35 Cogitri: what do you think about the SHARED_LIB problem? 2021-04-17 19:20:55 in any case it is not a lib used for anything else :\ 2021-04-17 19:57:46 Hm, if we really can't avoid it we can go for static for now 2021-04-17 19:57:54 As long as upstream knows about it 2021-04-17 20:12:52 upstream says they only support static link :\ 2021-04-18 11:01:49 FYI: I'm going to upgrade the gitlab instance now, so it will become unavailable for a bit 2021-04-18 11:10:41 good luck 2021-04-18 11:10:43 ;) 2021-04-18 11:12:30 I'm always a bit nervous :) 2021-04-18 11:12:42 altough I've already tested the upgrade before 2021-04-18 11:13:23 hehe, many things in there 2021-04-18 11:13:39 could you rollback if goes wrong? 2021-04-18 11:13:55 We make a db backup before the upgrade 2021-04-18 11:14:14 great 2021-04-18 11:14:20 in the worst case, we could restore a machine backup as well 2021-04-18 11:15:10 it's all under control :D 2021-04-18 11:15:43 donoban: there is new tinyproxy upstream release 2021-04-18 11:16:04 oh, secfix? 2021-04-18 11:16:14 no 2021-04-18 11:16:21 'normal' 2021-04-18 11:17:10 if you are interested to make upgrade, please do, else I will do in next few days 2021-04-18 11:17:48 ok, but should I do a separate PR? or merge it with the pid/log problems PR? 2021-04-18 11:18:48 It's starting again 2021-04-18 11:19:38 ikke: so gitlab.alpinelinux.org is all alpine hosted? 2021-04-18 11:19:45 donoban: yes 2021-04-18 11:19:46 donoban: I would create new MR with upgrade and fixes, but you are free to do however you like. if you intend to maintain pkg 2021-04-18 11:19:50 I thought it was a "private" part of gitlab 2021-04-18 11:19:57 donoban: we host our own instance :) 2021-04-18 11:20:14 And it's up :) 2021-04-18 11:20:18 \o/ 2021-04-18 11:20:58 :) 2021-04-18 11:21:07 What's new! 2021-04-18 11:22:13 The ? on the top right has a "What's new" entry 2021-04-18 11:22:30 yes it auto popups on enter 2021-04-18 11:22:51 (or I clicked accidentally :P) 2021-04-18 11:23:52 https://about.gitlab.com/releases/2021/01/22/gitlab-13-8-released/ 2021-04-18 11:24:01 https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/ 2021-04-18 11:24:10 (We jumped from 13.7 to 13.9) 2021-04-18 11:26:21 Does someone know what's up with pdns on the builders? I'd like to merge the all-java MR but would be neat to have clean builders for that 2021-04-18 11:27:07 https://about.gitlab.com/releases/2021/01/22/gitlab-13-8-released/#click-and-drag-multiline-merge-request-comments 2021-04-18 11:27:32 You can now click+drag to comment on multiple lines in code reviews 2021-04-18 11:27:56 I'm thinking of packaging that cursed font, should it go under /usr/share/fonts/misc? what is /usr/share/fonts/local? 2021-04-18 11:28:10 Cogitri: let me grab the logs 2021-04-18 11:30:12 Cogitri: https://tpaste.us/V7Lz 2021-04-18 11:38:31 mps: instead creating a new, I will rename the current :D 2021-04-18 11:39:24 Is possible to check on a builder if a openRC service starts correctly? 2021-04-18 11:40:49 You mean as part of a test? 2021-04-18 11:40:57 yes 2021-04-18 11:41:05 The builders do not run as root, so you cannot start/stop services 2021-04-18 11:41:17 oh I see 2021-04-18 11:46:32 "WARNING: obsolete config item on line 200" uHM 2021-04-18 11:47:25 it seems that they deprecated some configuration options 2021-04-18 11:47:56 Who are they? 2021-04-18 11:48:01 tinyproxy 2021-04-18 11:48:04 ah 2021-04-18 11:48:11 hehe 2021-04-18 11:49:27 well I guess that it's not alpine problem right? 2021-04-18 11:50:35 no 2021-04-18 11:51:09 uhM, I'm also considering moving logfile from '/var/log/tinyproxy/tiniproxy.log' , to '/var/log/tinyproxy.log" 2021-04-18 11:56:32 mps: if you want to take a look https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20078 2021-04-18 12:10:02 donoban: as I wrote 'do whatever you like' but also I wrote what I would do. 'read context of my msg' :) 2021-04-18 12:11:10 ACTION tinyproxy author here 2021-04-18 12:11:31 oh :D 2021-04-18 12:11:47 heh 2021-04-18 12:12:34 i'd suggest to run tinyproxy in foreground from openrc 2021-04-18 12:12:43 without pidfiles and antiquated shit like that 2021-04-18 12:13:10 tinyproxy -d -c tinyproxy.conf and make openrc redirect stdout/stderr to log 2021-04-18 12:14:02 uhM, I see 2021-04-18 12:14:29 by redirect to log is it possible to a custom log file? default config is very verbose, a pain if it goes to messages 2021-04-18 12:14:51 sh4rm4^bnc: does it need some dirs to keep caches or something else 2021-04-18 12:14:53 i'm not too familiar with openrc but runit does it automatically 2021-04-18 12:15:00 mps: not any more 2021-04-18 12:15:15 ah, good improvement 2021-04-18 12:15:52 suppose I should wait for a few days to submit an update for the zrepl package 2021-04-18 12:15:52 my runit script looks like this 2021-04-18 12:15:53 yes, running daemons with runit is quite easy 2021-04-18 12:15:55 SUSER=rodaemon 2021-04-18 12:15:56 SHOME=/home/$SUSER/tinyproxy 2021-04-18 12:15:56 # tp needs to be statically compiled! 2021-04-18 12:15:56 exec chpst -/ $SHOME -u $SUSER:$SUSER \ 2021-04-18 12:16:08 /src/tinyproxy -d -c tinyproxy.conf 2021-04-18 12:17:11 that's chrooted so you need a resolv.conf in there 2021-04-18 12:17:31 or void linux runit script :) 2021-04-18 12:17:34 but you can also just remove the chroot flag to chpst 2021-04-18 12:17:53 mps, what does void do differently ? 2021-04-18 12:18:17 https://tpaste.us/maLV 2021-04-18 12:18:56 sh4rm4^bnc: is there any way for reloading filter list without restarting the service? 2021-04-18 12:19:01 huh, why tpaste.us is unstable from yesterday 2021-04-18 12:19:06 some service reload 2021-04-18 12:19:41 donoban, sighup in daemon mode or sigusr1 in any mode 2021-04-18 12:20:26 mps, what that tinyproxy_ thing they copy around ? 2021-04-18 12:20:36 I will like handling it properly 2021-04-18 12:21:22 sh4rm4^bnc: I newer used voil linux, so don't know, but looks like group settings 2021-04-18 12:21:36 s/voil/void/ 2021-04-18 12:21:36 mps meant to say: sh4rm4^bnc: I newer used void linux, so don't know, but looks like group settings 2021-04-18 12:30:29 makedepends="asciidoc" can be removed 2021-04-18 12:30:54 tarball ships with pre-generated manpages 2021-04-18 12:31:05 ok 2021-04-18 12:31:18 if they need to be redone, it's now done with pod2man (ships with perl5) 2021-04-18 12:34:21 I would like to know skarnet opinion about running it in foreground/background 2021-04-18 12:34:59 but I'm trying to setup it as you said ^^ 2021-04-18 12:35:08 i'd personally also do user/group stuff via chpst rather than setting it via config 2021-04-18 12:36:21 is not user/group integrated in openrc? 2021-04-18 12:36:46 mps: good question (re tpaste) 2021-04-18 12:36:54 donoban, maybe 2021-04-18 12:39:11 so imo the complete sed statement on line 23 could be removed, unless openrc requires the pidfile 2021-04-18 12:39:24 command_user="user:group" 2021-04-18 12:39:45 yeah I'm trying to do it 2021-04-18 12:40:02 but now get stuck on the log: WARNING: logging deactivated (can't log to stdout when daemonized) 2021-04-18 12:40:18 tinyproxy -d 2021-04-18 12:40:22 it's already 2021-04-18 12:40:35 uhM 2021-04-18 12:40:48 uhM 2021-04-18 12:41:09 it is ignoring this: command_args_foreground="-d -c ${CONFFILE}" 2021-04-18 12:41:11 uch 2021-04-18 12:41:37 problem is that if remove the _foreground part (which seemst that it ignroes), it gets trapped on rc-service restart 2021-04-18 12:41:39 openrc seems a whole lot more complicated than runit ^_^ 2021-04-18 12:41:57 maybe I had to explicit tell that its not daemonized 2021-04-18 12:42:04 donoban: you need to set a supervisor 2021-04-18 12:42:09 command_background=false ? 2021-04-18 12:42:25 https://github.com/OpenRC/openrc/blob/master/supervise-daemon-guide.md 2021-04-18 12:42:47 ah ok 2021-04-18 12:42:55 thanks ikke 2021-04-18 12:43:02 openrc expects by default that services fork themselves 2021-04-18 12:43:20 (or does for them, if they don't do it) 2021-04-18 12:44:51 just to note from my yesterday look at tinyproxy, I feel it would be good to have more cli options. though I don't use tinyproxy so my opinion is irrelevant 2021-04-18 12:46:08 2527 root 0:00 supervise-daemon tinyproxy --start /usr/bin/tinyproxy -- -d -c /etc/tinyproxy/tinyproxy.conf 2021-04-18 12:46:12 it's either "configuration via config file" or "configuration via commandline", having both usually results in a mess 2021-04-18 12:49:18 uhM, this way you end having an additional process for the service 2021-04-18 12:49:35 I'm not sure if I prefer the pidfile :D 2021-04-18 12:49:45 I got to go for a while, see you guys 2021-04-18 12:50:28 the additional process is for free, the supervisor is already loaded for other services 2021-04-18 13:06:58 sh4rm4^bnc: no, each process gets its own supervisor process 2021-04-18 13:07:00 with openrc 2021-04-18 13:07:06 It's kind of 'hacked on'; 2021-04-18 13:07:24 yeah, but the process image is already mapped to r/o memory 2021-04-18 13:08:06 hacked on ? 2021-04-18 13:08:06 Right 2021-04-18 15:12:04 donoban: that, or you can use the runit script exactly as it is on void, and just launch it under s6, which exists on Alpine :P 2021-04-18 15:12:49 uhM, I'm currently running the process on foreground, and letting openRC move it to background and generate the pidfile 2021-04-18 15:13:26 that's start-stop-daemon doing it on openrc's behalf 2021-04-18 15:13:36 it's the "regular" way of doing it when you don't have a supervisor 2021-04-18 15:13:57 and it sucks, but supervise-daemon sucks as well for other reasons, so, pick your poison. :P 2021-04-18 15:13:57 I like to have all the stuff (user, pidfile, log file), on the same place 2021-04-18 15:14:02 and it seems a good way for achieve it 2021-04-18 15:14:27 what is the real benefit of supervise-daemon? auto restart the service if crashes? 2021-04-18 15:14:56 that's about it. They didn't understand all the benefits of supervision, so wrote a half-assed thing and that's about all it does. 2021-04-18 15:15:49 with s6, you also have better logging management, service addressing without knowing the pid, and other control features. 2021-04-18 15:16:11 uhM yeah but what about the alpine default package setup? 2021-04-18 15:16:26 I really don't have any preference, if it just works... 2021-04-18 15:16:50 default alpine atm is use openrc, with or without supervise-daemon 2021-04-18 15:16:53 again, pick your poison 2021-04-18 15:16:59 hehe 2021-04-18 15:17:23 so I think that running it with -d, removing al sed -e tinyproxy config, and let openRC set user/group, pidfile and logfile 2021-04-18 15:17:43 boost upgrade is going well with versioned version 2021-04-18 15:17:53 aside from the fact I messed it up a bit 2021-04-18 15:18:03 donoban: that's probably the simplest. Short of a real supervision suite it's about the same thing 2021-04-18 15:23:17 donoban: default for alpine is still openrc as skarnet told 2021-04-18 15:24:04 yes yes 2021-04-18 15:24:36 that means you have to make needed changes in aports for tinyproxy 2021-04-18 15:25:09 don't forget home dir fix 2021-04-18 15:25:32 I noticed that the original version, was getting some variables in the init.d script from the /etc/tinyproxy/tinyproxy.conf , even if that option are commented, which is pretty difficult to understand 2021-04-18 15:25:47 now all openRC related things are inside the init.d script 2021-04-18 15:26:09 I feel that is more easy to manage 2021-04-18 15:26:48 init.d should be mechanism and .conf files policy 2021-04-18 15:27:03 packaging is not about 'easy' but to follow distro style 2021-04-18 15:27:30 hehe ok ok 2021-04-18 15:28:11 I would do a lot of things differently but have to 'obey' alpine style 2021-04-18 15:28:23 well 2021-04-18 15:28:35 the function that tinyproxy uses for get variables from the other file config 2021-04-18 15:28:46 is not used in any other init.d script..., so it is not too much alpine likely 2021-04-18 15:29:23 well, there are a lot of crap^W'things' which do not follow style 2021-04-18 15:31:53 maybe it comes from gentoo 2021-04-18 15:32:07 it has: # Copyright 1999-2018 Gentoo Authors 2021-04-18 15:33:28 could be, a lot of alpine pkgs have this 2021-04-18 15:33:43 copy-paste ;) 2021-04-18 15:35:52 https://tpaste.us/9j54 2021-04-18 15:36:10 do you see 'obeying' alpine style? 2021-04-18 15:37:30 command_args_foreground is not necessary 2021-04-18 15:38:11 and I'm going to add a reload handler :D 2021-04-18 15:42:42 donoban: command_args_foreground is only necessary when the program needs to be explicitly told to remain on the foreground and you are using a supervisor 2021-04-18 15:42:50 yes yes I removed it 2021-04-18 15:43:11 I forgot to delete with deleting supervisor 2021-04-18 15:43:23 do you know what is needed for add a reload() func? 2021-04-18 15:43:50 when used for filtering is nice to reload the config without killing the process 2021-04-18 15:44:49 donoban: the service needs to support it 2021-04-18 15:45:01 usualy through a signal (USR1, for example) 2021-04-18 15:45:11 yes yes I know it arleady 2021-04-18 15:45:18 here is what I missed: extra_started_commands="reload" 2021-04-18 15:45:22 ah 2021-04-18 15:49:38 localhost:/etc/init.d$ sudo rc-service tinyproxy reload 2021-04-18 15:49:40 * Reloading tinyproxy ... 2021-04-18 15:49:57 NOTICE Apr 18 17:49:27.782 [19520]: Reloading config file 2021-04-18 15:51:14 :) 2021-04-18 15:52:11 uhM... 2021-04-18 15:52:38 it seems that it reloads config but no filter file 2021-04-18 15:52:45 sh4rm4^bnc: is that possible? 2021-04-18 15:53:23 it reloads filter file too 2021-04-18 15:53:51 uhm.. 2021-04-18 15:54:09 maybe I had already a connection opened? 2021-04-18 15:54:24 now I tested from filtered to unfiltered and it worked :) 2021-04-18 15:56:41 if it doesnt display "filter file reloaded" maybe that should be added 2021-04-18 15:57:13 well don't bother, I just thought it was not reloading it 2021-04-18 16:03:27 APKBUILD:12:variable set to empty string: makedepends="" so just remove it? 2021-04-18 16:03:49 yes 2021-04-18 16:03:53 ok 2021-04-18 18:49:30 fcolista: thanks for handling openvas 2021-04-18 19:42:50 So, it's working NOW, but in the future, if a make a package that has occasional test failures due to timeouts due to build server load, should I just skip the tests or? 2021-04-18 19:43:18 Maybe increase the timeouts? 2021-04-18 19:43:58 it's in the go tests, not even sure how to tbh 2021-04-18 19:44:42 as it is if I get failures I just rerun them until they all pass: last time it was just one, but this time I had to rerun like 3 times 2021-04-18 19:44:55 yeah, that's not ideal 2021-04-18 19:45:03 seems like those timeouts are too tight 2021-04-18 19:46:06 https://gitlab.alpinelinux.org/ShaRose/aports/-/jobs/374524 at least I'm ASSUMING it's timeouts 2021-04-18 19:48:37 https://github.com/zrepl/zrepl/blob/master/util/optionaldeadline/optionaldeadline_test.go#L74 2021-04-18 19:51:13 Would be interesting to see the actual amount of time passed 2021-04-18 22:36:32 Hm, what way did provider_priority count again? The higher the number, the higher the importance? 2021-04-18 22:37:53 yeah 2021-04-19 06:11:03 @maxice8, np. I didn't realized immedatedly that was failing at x86 :-/ 2021-04-19 06:20:08 Cogitri: just think of it as a version 2021-04-19 06:25:47 <[[sroracle]]> ah that is a useful way to think of it :) 2021-04-19 06:49:42 Oh indeed :) 2021-04-19 07:52:39 ncopa: any progress about making armv7 virt iso 2021-04-19 07:52:50 nope 2021-04-19 07:53:00 ok 2021-04-19 07:53:04 im currently moving some of the builders to new arm server 2021-04-19 07:54:48 Cogitri: why is there glibmm with version 2.66 (and being outdated) and glibmm2.68? 2021-04-19 08:00:50 PutryTryOut[m]2: Because they broke the API with glibmm2.68 2021-04-19 08:00:57 Also changed the pkgconfig file and so on 2021-04-19 08:01:48 Same for cairomm1.16, pangomm2.48 etc. 2021-04-19 08:08:21 Oh darn, ok 2021-04-19 08:16:56 mps: btw, did you work on the ovmf update? 2021-04-19 08:31:15 ncopa: I tried again previous week but without any progress :( 2021-04-19 08:32:18 I don't understand why it fails nearly at the end of build. Tried to apply some 'tricks' from debian but without results 2021-04-19 08:32:46 searched net, again without any success 2021-04-19 08:40:31 ok 2021-04-19 08:59:48 maybe someone who understand python could help 2021-04-19 09:23:59 understand python code or python interanls? 2021-04-19 09:24:16 s/interanls/internals 2021-04-19 09:24:16 donoban meant to say: understand python code or python internals? 2021-04-19 09:35:04 donoban: python failed for some strange on MR !18588 2021-04-19 09:35:21 and I don't understand how to debug this 2021-04-19 09:37:39 " This job is archived. Only the complete pipeline can be retried. " can I read the logs with "the complete pipeline"? 2021-04-19 09:38:52 well I will try to build myself 2021-04-19 09:46:16 restart failed CI 2021-04-19 09:47:24 hmm, no option to restart archived ones 2021-04-19 09:47:56 I'm trying to clone your branch on my repository 2021-04-19 09:48:09 tried with git fetch without success 2021-04-19 09:48:30 lets try to fake it by rebase :) 2021-04-19 09:49:06 uhM, not sure what exactly do 2021-04-19 09:49:39 do I need to add your repository to some remote? 2021-04-19 09:50:18 donoban: I use this https://tpaste.us/49Q1 to download MR and apply it locally 2021-04-19 09:51:18 I don't know much about add repositories and messing with them 2021-04-19 09:51:20 mmM, I would prefer the "native git way" 2021-04-19 09:52:20 * [new branch] edk2-0.0.202011-r2 -> mps/edk2-0.0.202011-r2 2021-04-19 09:52:23 :D 2021-04-19 09:53:02 I don't intend to become git usage expert :) 2021-04-19 09:53:30 hehe me neither 2021-04-19 09:55:34 actually I know how to trigger it on CI, 'git push --force mps' will work I think 2021-04-19 09:56:52 the error is not very informative 2021-04-19 09:57:05 build.py... 2021-04-19 09:57:07 : error 7000: Failed to execute command 2021-04-19 09:57:09 make tbuild [/home/builder/aports/community/edk2/src/edk2-edk2-stable202011/Build/OvmfX64/RELEASE_GCC5/X64/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib] 2021-04-19 09:57:40 hmm, 'git push --force mps' doesn't work on archived MR 2021-04-19 09:58:05 let me run it locally 2021-04-19 09:58:49 donoban: yes, this ' build.py...' 2021-04-19 09:59:50 'apk search cmd:tbuild' doesn't show anything 2021-04-19 10:00:17 and I concluded it must be something in python 2021-04-19 10:01:28 donoban: btw, I merged tinyproxy this morning 2021-04-19 10:01:31 I don't know, I could investigate it at night 2021-04-19 10:01:39 yeah I saw it! great :D 2021-04-19 10:02:05 I noticed that there are identations errors on init.d file 2021-04-19 10:02:14 but beh, better fix on next release 2021-04-19 10:02:59 yes, or you can do that without pkgrel bump, to not forget 2021-04-19 10:04:18 well, just removed an if clause and didnt' removed the \tabs in the two lines inside 2021-04-19 10:04:33 do you think is worth to bump pkgrel? 2021-04-19 10:09:29 I don't have strong opinion, but if you are 'git commit number hunter' then yes 2021-04-19 10:10:17 anyway, fix is good always, especially if it not breaks :) 2021-04-19 10:11:06 though I skip such things because I don't like to waste time on 'small things' 2021-04-19 10:11:30 hehe is my feeling about it 2021-04-19 10:11:40 is less than small 2021-04-19 10:12:43 I usually make notes on such things for next upgrade and usually forgot them on next upgrade :) 2021-04-19 10:13:04 👍 noted :P 2021-04-19 10:53:09 mps: the real problem seems not related with python: make: *** [GNUmakefile:315: /home/builder/aports/community/edk2/src/edk2-edk2-stable202011/Build/OvmfX64/RELEASE_GCC5/X64/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib/DEBUG/BootMaintenanceManager.c] Illegal instruction (core dumped) , could be GNU<->musl problem? 2021-04-19 10:59:56 huh, how I missed this in build log :/ 2021-04-19 11:01:19 hehe because is not properly separated from the std log 2021-04-19 11:02:51 also it seems that the file 'BootMaintenanceManager.c' doesn't exist :\ 2021-04-19 11:03:55 maybe it's generated on build but I'm theorically keeping all files with abuild -k 2021-04-19 11:04:50 I got to go for the rest of the day, I will continue at night if I'm not too tired 2021-04-19 11:06:48 donoban: thanks for help 2021-04-19 11:07:16 np, see you :) 2021-04-19 11:21:27 Cogitri: uh, glib-dev seems broken. It fails to include it's own files. `/usr/include/glib-2.0/glib.h:30:10: fatal error: glib/galloca.h: No such file or directory` 2021-04-19 11:22:51 Also the pkgconfig file points to `/usr/include` while it's files are actually in `/usr/include/glib-2.0` 2021-04-19 11:23:17 That seems to be just fine to me? 2021-04-19 11:23:32 Since you do #include 2021-04-19 11:23:51 This particular application I'm trying to compile doesn't, and glib-dev itself doesn't 🤔 2021-04-19 11:24:48 Ah whoops it's include 2021-04-19 11:25:19 Still, why does `/usr/include/glib-2.0/glib.h` fail to include `glib/galloca.h`? 2021-04-19 11:25:20 `Cflags: -I${includedir}/glib-2.0 -I${libdir}/glib-2.0/include` 2021-04-19 11:25:27 Is in the pkgconfig file 2021-04-19 11:25:35 So it seems A-OK to me 2021-04-19 11:25:58 includedir= is the system includedir, not the includedir of that particular package 2021-04-19 11:26:02 The pkgconfig file sure but as said, glib fails to include it's own files. Or is this a case of the build system of this particular application being broken? 2021-04-19 11:26:25 I very much suspect the latter 2021-04-19 11:26:50 It doesn't pass -I/usr/include/glib-2.0 to the CC when the Cflags field in the pkg-config file says it should 2021-04-19 11:27:29 Hmm ok annoying 2021-04-19 11:28:28 PureTryOut[m]2: have you verified that glib/galloca.h is actually present 2021-04-19 11:28:49 It is 2021-04-19 11:29:05 It is indeed 2021-04-19 11:29:17 The problem is just that it doesn't include glib's cflags 2021-04-19 11:29:21 mps: fwiw if you go ahead and opt-in to using remake as system make ahead of time, it will show those errors more clearly 2021-04-19 11:29:22 Things which happen if the application doesn't use meson :p 2021-04-19 11:29:38 mps: this is the main reason i want to replace GNU make with remake, the error output is *much* more intuitive 2021-04-19 11:29:39 (or CMake, or any other sane build system) 2021-04-19 11:29:44 This is still using a plain Makefile damn it 2021-04-19 11:29:54 Ugh 2021-04-19 11:30:10 https://github.com/AsteroidOS/mce/blob/master/Makefile#L279 2021-04-19 11:30:13 sorry i was talking about mps's issue with OVMF 2021-04-19 11:30:15 :) 2021-04-19 11:30:18 You'd think that would do the trick no? 2021-04-19 11:30:45 yes, that should do the trick 2021-04-19 11:31:04 do you have a build log? 2021-04-19 11:31:07 Could you paste the entire log? 2021-04-19 11:31:12 Ah, beat me to it :D 2021-04-19 11:31:15 In a sec 2021-04-19 11:33:21 Oh, huh. I noticed I was missing some other deps still and added those to get a cleaner log without "missing dep" warnings, and now it suddenly is able to find glib without problems 2021-04-19 11:34:04 Ariadne: thanks for info, it is worth trying 2021-04-19 11:34:23 mps: yes, that is why i want to make remake the default make instead of gmake 2021-04-19 11:34:44 how it is used? just 'remake' instead of 'make' or need something else/more 2021-04-19 11:35:01 remake will, assuming that the build system is not clobbering the jobserver, display the entire failure path at the end of the build log 2021-04-19 11:35:41 yes, if you just use remake package 2021-04-19 11:35:45 `remake` will work 2021-04-19 11:35:50 if you add remake-make 2021-04-19 11:35:54 it will replace gmake with remake 2021-04-19 11:36:03 in which case you don't have to do *anything* : 2021-04-19 11:36:06 :P* 2021-04-19 11:36:33 Ariadne: heh, so simple 2021-04-19 11:37:29 https://twitter.com/ariadneconill/status/1382508590028574720 shows the improved error tracing in remake 2021-04-19 11:37:31 :) 2021-04-19 11:37:49 the part at the bottom will always be at the end of the build log 2021-04-19 11:38:26 that's a very nice feature but doesn't justify replacing a package in itself over trying to upstream the feature into gmake 2021-04-19 11:38:42 I'm not married to gmake and if remake is compatible I'm happy 2021-04-19 11:38:44 PureTryOut[m]2: Ah, no proper error handling in make, nice :) 2021-04-19 11:38:58 but replacing a package sounds like more work than upstreaming a feature 2021-04-19 11:39:11 unless of course there are *other* additional reasons for replacing a package 2021-04-19 11:39:17 skarnet: remake is a fork of gmake, and it passes the gmake 4.3 testsuite 2021-04-19 11:39:19 :) 2021-04-19 11:39:26 gmake itself is dead upstream 2021-04-19 11:39:31 Cogitri: yup, screw this "build system" 2021-04-19 11:39:34 Ariadne: Could you please check that gobject-introspection and things using its m4 macros still work with your make replacement? 2021-04-19 11:39:35 oh? shame 2021-04-19 11:39:48 Cogitri: it's not mine, but it does 2021-04-19 11:39:57 Cogitri: i've been using it for a few months now 2021-04-19 11:39:59 :) 2021-04-19 11:40:08 i have even built OpenJDK wth it 2021-04-19 11:40:09 one of the two GNU packages that build easily 2021-04-19 11:40:17 shame that it's dead :/ 2021-04-19 11:40:24 Okie, just figured it'd be worth mentioning since it seems like some BSDs have problems with that since g-i assumes that GNU make is used 2021-04-19 11:40:35 Cogitri: for all purposes, remake *is* gmake 2021-04-19 11:40:36 :) 2021-04-19 11:40:46 Ok 👍 2021-04-19 11:41:20 someone mentioned some time ago that s/he made PKGBUILD to ABUILD convert script, anyone knows about this, url or hint 2021-04-19 11:41:55 in fact, gmake 4.3 is just some things backported from remake 2021-04-19 11:41:56 Ariadne: just used remake and it works, though didn't fixed edk2 build :) 2021-04-19 11:42:12 mps: yeah it won't fix anything, but it makes tracing easier 2021-04-19 11:43:17 skarnet: the author of remake does not wish to assign his copyright to FSF anyway 2021-04-19 11:43:24 skarnet: so a fork was unfortunately the only way :p 2021-04-19 11:43:49 the GPL made another victim 2021-04-19 11:43:57 well no 2021-04-19 11:44:11 not the GPL, the FSF's copyright assignment policy 2021-04-19 11:44:56 (I understand the idea behind the GPL, I do not understand the idea behind the copyright assignment policy) 2021-04-19 11:46:55 skarnet: https://remake.readthedocs.io/en/latest/features.html outlines basically the motivations for why he forked it into remake, and he previously worked on gmake too 2021-04-19 11:48:54 he makes a lot of good points but none of those are motivations to fork the project. Copyright assignment would be one but it's not listed here. :P 2021-04-19 11:49:33 the FSF did not want those features :P 2021-04-19 11:50:26 "we do not want to make our software better" explains a lot about GNU in general :P 2021-04-19 11:52:21 anyway, remake has been quite helpful for me in debugging weird build problems 2021-04-19 11:52:34 and it passes the entire GNU make 4.3 testsuite 2021-04-19 11:52:40 there will likely never be a GNU make 4.4 2021-04-19 11:53:36 well if remake is fully compatible and is actually developed and maintained by someone with experience with make then I'm fully onboard with it 2021-04-19 11:54:59 the problem is that GNU's idea of portable code is, well 2021-04-19 11:55:03 stuck in the 1980s 2021-04-19 11:55:13 yeah, I've seen the ifdef forests 2021-04-19 11:55:32 and the chief GNUsiance is especially a nuisance when it comes to removing all of that 2021-04-19 12:00:05 and the best part of remake is 2021-04-19 12:00:17 the remake maintainer rebases on whatever gmake is doing 2021-04-19 12:00:23 so if there is ever a gmake 4.4 2021-04-19 12:00:28 it will be compatible :p 2021-04-19 12:01:53 but for gmake 4.3 and current gmake git, it is just badly done backports from remake 2021-04-19 12:02:00 which is why 4.3 shipped with bugs :D 2021-04-19 12:20:40 pushed !20619 for review and testing by minimal (not on the chan atm) who's working on utmps integration, please DO NOT merge it before his approval 2021-04-19 12:21:11 Best to mark it as WIP then 2021-04-19 12:21:19 So it can't be merged by accident 2021-04-19 12:21:35 ah yes, forgot about that 2021-04-19 12:22:02 not that it would break anything if it was merged, but I don't want it to go under the radar before he has a chance to see what I modified XD 2021-04-19 12:23:03 I used the "mark as draft" button on the gitlab UI, it says "Draft:" instead of "WIP:" but I suppose it serves the same purpose 2021-04-19 12:27:29 donoban: building edk2 got this in dmesg out: [775790.568724] traps: VfrCompile[47569] trap invalid opcode ip:5626fa3849da sp:7ffef035c710 error:0 in VfrCompile[5626fa381000+65000] 2021-04-19 12:28:16 on x86_64 2021-04-19 12:32:29 what the absolute fuck 2021-04-19 12:32:48 is VfrCompile a binary blob or something 2021-04-19 12:36:22 yes 2021-04-19 12:37:04 I think it is built locally in first phase in build 2021-04-19 12:48:21 mps: toapk 2021-04-19 12:49:30 ikke: thanks 2021-04-19 12:55:35 Ariadne: do you have any recommendation for a unit test framework for C? would like to add some unit tests for abuild-fetch 2021-04-19 12:55:42 atf-c 2021-04-19 12:55:48 and kyua :) 2021-04-19 12:57:07 ok. whats good with it? 2021-04-19 12:57:20 certainly not the docs... :) 2021-04-19 13:13:07 :D 2021-04-19 13:13:20 https://www.mankier.com/3/atf-c-api 2021-04-19 13:13:25 the docs are, ok 2021-04-19 13:13:27 the docs suck :D 2021-04-19 13:18:14 skarnet: by the way, the GPL is the main reason apk-tools directly uses OpenSSL 2021-04-19 13:18:29 skarnet: as a result, we can argue that OpenSSL is a "system library" 2021-04-19 13:18:39 which makes it compatible with GPL programs when it otherwise would not be 2021-04-19 13:18:56 but OpenSSL 3.x is switching to Apache-2 2021-04-19 13:18:58 soooooo 2021-04-19 13:19:14 :) 2021-04-19 13:19:31 and, bluntly, removing OpenSSL from the base system would sure be a security win 2021-04-19 13:19:37 oh, definitely 2021-04-19 13:20:14 well if you want to port it to bearssl I'm definitely willing to help, but I don't know the apk-tools code well enough 2021-04-19 13:20:28 i think we port the TLS part to use libtls 2021-04-19 13:20:47 and then include a lightweight cryptographic ops library with apk-tools 2021-04-19 13:21:15 the latter is already "planned" anyway 2021-04-19 13:21:27 what kind of ops? 2021-04-19 13:21:45 RSA signature verification, Curve25519 signature verification, etc 2021-04-19 13:21:50 i assume libsodium would work here 2021-04-19 13:21:59 yeah it should 2021-04-19 13:22:42 the tls helper in our busybox package was written against libtls to allow us to switch the implementation later anyway 2021-04-19 13:22:52 depending on the parts of openssl apk-tools is currently using it may or may not be simpler to port it to libtls than to raw bearssl 2021-04-19 13:22:54 like, we seriously have no love for OpenSSL here :p 2021-04-19 13:23:15 if it's simpler then libtls will be fine, for the underlying implementation we have mcf :P 2021-04-19 13:23:19 skarnet: there's two parts 2021-04-19 13:23:40 the TLS part and the verification part? 2021-04-19 13:23:43 right 2021-04-19 13:23:54 the TLS part is basically textbook openssl TLS code 2021-04-19 13:23:57 nothing special there 2021-04-19 13:24:15 yeah so libtls/bearssl will work, and libsodium will work for signatures 2021-04-19 13:24:50 well i am not sure 2021-04-19 13:24:54 does libsodium actually do RSA? 2021-04-19 13:25:01 i thought it only did curve25519 etc 2021-04-19 13:26:00 yeah 2021-04-19 13:26:04 it only does the DJB stuff 2021-04-19 13:26:24 since apk-tools uses RSA, we need to support that, just with something more pleasant than libcrypto 2021-04-19 13:26:25 well there are RSA signature primitives in bearssl as well :P 2021-04-19 13:27:14 i think the first step would be to factor the cryptographic ops so that a chosen crypto module can be compiled in at build time 2021-04-19 13:27:23 then we just write whatever backend we need 2021-04-19 13:27:25 yeah 2021-04-19 13:28:05 which is technically on the proverbial roadmap for apk-tools 2021-04-19 13:28:18 i'll open a bug 2021-04-19 13:28:26 so we can come up with a solid design 2021-04-19 13:29:27 with openssl moving to an acceptable license, we no longer need that "system library" exception 2021-04-19 13:43:23 skarnet: feel free to deposit your thoughts here: https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10744 2021-04-19 13:44:23 Hmm. `qml-asteroid` is not in the repo for ppc64le even though it isn't disabled there and the builder for that arch is idle 2021-04-19 13:50:14 fcolista: no worries 2021-04-19 13:57:09 Ariadne: I have tried porting parts of void's xbps to BearSSL, the crypto APIs are so close to each other that porting is actually really simple 2021-04-19 13:57:32 the abstraction would mostly allow picking one or the other at compile time, I guess 2021-04-19 13:57:32 ericonr: yes, but it is nice to have an abstraction layer 2021-04-19 13:58:21 fair 2021-04-19 13:58:48 hm, you folks also carry a vendored in libfetch 2021-04-19 13:59:14 I have aspirations of porting it to use bearssl instead of openssl, though for now that'd come at the cost of tls 1.3 support 2021-04-19 13:59:16 its a fork 2021-04-19 13:59:18 of libfetch 2021-04-19 13:59:20 actually 2021-04-19 13:59:22 :D 2021-04-19 13:59:43 ours is... quite modified! 2021-04-19 13:59:50 well, it's not a system library :P 2021-04-19 14:00:11 does libtls give enough control for libfetch shenanigans? 2021-04-19 14:00:26 likely! 2021-04-19 14:00:45 we literally wrote the TLS code our fork uses :) 2021-04-19 14:01:14 ah, neat :) 2021-04-19 14:03:11 Ariadne: your version still has this bug: https://github.com/void-linux/xbps/pull/349/files 2021-04-19 14:03:26 we hit it when downloading things from sourceforge 2021-04-19 14:03:49 abuild-fetch uses curl(1) 2021-04-19 14:03:50 it didn't work in normal mode but worked in verbose mode 2021-04-19 14:04:10 anyway 2021-04-19 14:04:13 well, I expect some weird mirror could also trigger it 2021-04-19 14:04:17 maybe we should collaborate on a libfetch fork 2021-04-19 14:04:18 :p 2021-04-19 14:04:31 it seems everyone has a libfetch fork 2021-04-19 14:04:45 the netbsd and freebsd version are quite different :/ 2021-04-19 14:05:54 but yes, more people working on a canonical version would be nice 2021-04-19 14:06:49 btw, that bug above is a logic one (not a missing workaround for weird hosts), though it's unlikely to ever be hit 2021-04-19 14:38:45 Can anyone explain to me why qml-asteroid is missing from ppc64le, even though the builder has moved on to other packages committed later? 2021-04-19 14:40:12 PureTryOut[m]2: Seems like it's still building things in testing/ 2021-04-19 14:40:27 It'll only upload the entire changeset of testing/ once it's done building the entirety of testing/ 2021-04-19 14:40:30 Right now yes but earlier it was idle and the package wasn't their either 2021-04-19 14:40:45 I asked about this about an hour ago as well and it was idle back then 2021-04-19 14:40:53 Hum, maybe it didn't upload for some reason then - but I suppose ikke would now more about that 2021-04-19 14:41:13 Weird that it was idle earlier though - I merged the openjdk bump yesterday 2021-04-19 14:41:15 Maybe that was just a display bug (?) 2021-04-19 14:41:43 I guess it already finished the openjdk build? 2021-04-19 15:02:38 OpenJDK7 is failing on aarch64 btw 2021-04-19 15:18:00 PureTryOut[m]2: qml-asteroids has not been built 2021-04-19 15:19:24 OpenJDK7: > You must have autoconf 2.59 or later installed. 2021-04-19 15:19:26 Wat 2021-04-19 15:19:42 How does this happen now 2021-04-19 15:21:31 autoconf policy: 2021-04-19 15:21:34 2.71-r0: 2021-04-19 15:21:49 (37/244) Installing autoconf (2.71-r0) 2021-04-19 15:21:55 so it's drunk 2021-04-19 15:22:41 it seems ppc64le has not pulled the commits with qml-asteroid yet 2021-04-19 15:23:50 PureTryOut[m]2: I expect it to be built after openjdk is finished 2021-04-19 15:27:52 Ok then b.p.o was bugged I guess 2021-04-19 15:45:02 ACTION < https://matrix.org/_matrix/media/r0/download/matrix.org/bQyAKWBBWJpawHGYcExpDygR/message.txt > 2021-04-19 15:45:14 Ariadne, ericonr: curl can now be built against bearssl, so although it's still something big, depending on curl for fetching is doable now 2021-04-19 15:45:57 i puahsed autoconf 2.70 first, then upgraded int to 2.71 2021-04-19 15:46:00 bearssl has all the same memory safety verification capabilities rust gives anyway, from T0 2021-04-19 15:46:01 :p 2021-04-19 15:46:03 im working on openjdk7 now 2021-04-19 15:46:13 Thanks 2021-04-19 15:47:13 Ariadne: T0 is only used in the X509 decoder engine though IIRC 2021-04-19 15:47:23 skarnet: nope 2021-04-19 15:47:33 wait autoconf was upgraded ? 2021-04-19 15:47:45 skarnet: it is used in the SSL engine too 2021-04-19 15:47:45 in parts of the TLS engine as well? I didn't look too deep inside 2021-04-19 15:47:50 well, TLS 2021-04-19 15:48:01 it seems to be used anywhere that memory safety needs to be verified :) 2021-04-19 15:48:14 yes, i upgraded it 2021-04-19 15:48:22 that's cool 2021-04-19 15:48:47 wanted to upgrade autoconf before we start bootstrap the 3.14 builders 2021-04-19 15:49:07 also need to tag new abuild release, but need to fix the abuild-fetch problem first 2021-04-19 15:49:23 to me the killer feature is "zero malloc, all the engine is in the stack" though 2021-04-19 15:49:42 because buffer overflows are easier to avoid than memory leaks 2021-04-19 15:49:48 yes, bearssl looks good 2021-04-19 15:50:22 sure, i'm just saying that bearssl checks the box that some ask about rustls for 2021-04-19 15:50:31 well if it even has mps's approval then it's awesome, confirmed :P 2021-04-19 15:50:40 :D 2021-04-19 15:50:45 rustls is, incidentally, not something i want to deal with 2021-04-19 15:50:56 We should make a mps seal of approval ;-) 2021-04-19 15:51:04 literally, it is the ASM crypto code from openssl, wrapped in rust 2021-04-19 15:51:15 so basically the exact opposite of what i want :P 2021-04-19 15:51:21 Ariadne: the more you say "rust" the more I want to run away 2021-04-19 15:51:30 can we please talk about *good* software 2021-04-19 15:51:35 skarnet: i'm okay with using rust where it makes sense 2021-04-19 15:51:45 it's a pity I don't have time to deep learn all about bearssl 2021-04-19 15:51:47 to rust away 2021-04-19 15:51:48 yeah, to write browsers :P 2021-04-19 15:52:34 ikke: only if it makes seal noises *oink* 2021-04-19 15:52:43 oink is pigs, what does the seal say? 2021-04-19 15:52:43 huh, CI don't know about remake https://gitlab.alpinelinux.org/mps/aports/-/jobs/375143#L97 2021-04-19 15:53:03 mps: it's still in testing 2021-04-19 15:53:15 so community packages cannot depend on it 2021-04-19 15:53:20 can I ask removal of skarnet from this channel 2021-04-19 15:53:28 You can always ask 2021-04-19 15:53:37 then do this 2021-04-19 15:53:53 mps doesn't like seals? but they're cute :( 2021-04-19 15:54:00 literally, it is the ASM crypto code from openssl, wrapped in rust 2021-04-19 15:54:04 lol 2021-04-19 15:54:12 i hate how that happens 2021-04-19 15:54:15 "safety" 2021-04-19 15:54:16 dalias: yes this makes it somehow memory safe 2021-04-19 15:54:20 new lang, exciting for safety... 2021-04-19 15:54:22 dalias: no, i don't get it either 2021-04-19 15:54:32 then all the actual libraries you have to use are FFI to existing known-shitty C 2021-04-19 15:54:51 i did a call with a rustls person last week 2021-04-19 15:54:55 and i was like 2021-04-19 15:54:57 this was going on with ocaml ~7 years ago 2021-04-19 15:55:06 "but it's just wrapping the openssl ASM code" 2021-04-19 15:55:11 "crypto in ocaml!" 2021-04-19 15:55:30 "no, actually only the high level logic is in ocaml. all the primitives are the same shitty C+asm" 2021-04-19 15:55:41 well the high level TLS part is in rust! 2021-04-19 15:55:51 yeah that's the boring part 2021-04-19 15:55:57 not really 2021-04-19 15:56:22 the high level part is the part that's not trivially memory safe 2021-04-19 15:56:32 true 2021-04-19 15:56:45 the asm doesn't deal with any object lifetimes 2021-04-19 15:56:54 it's just "input buffer here, output buffer there" 2021-04-19 15:57:11 I suspect a Rust X509 parser is just as ugly as a C one :P 2021-04-19 15:57:16 you could even make a model for rust to prove its memory safety, i suspect 2021-04-19 15:57:24 skarnet: i think a rust X509 parser can be done cleanly 2021-04-19 15:57:39 i wrote one in elixir, which is another ML-like 2021-04-19 15:57:43 it was not too bad 2021-04-19 15:57:44 Ariadne: yes, write a Rust backend for T0 2021-04-19 15:57:44 as much as i criticize it i'm actually rather excited about the possibilities of rust 2021-04-19 15:57:56 i'd really love to see it not suck 2021-04-19 15:58:05 dalias: working on it 2021-04-19 15:58:15 im worried about the no-stable-ABI part 2021-04-19 15:58:18 just found out about the "stdlib assumes malloc can't fail" bs and *facepalm* 2021-04-19 15:58:26 but i think it's fixable 2021-04-19 15:58:47 ncopa: i have some ideas on how we can solve that 2021-04-19 15:58:58 ncopa, i'm not so worried about ABI because i'd like to *get rid of* ABI (unnecessary shared library boundaries) as much as possible 2021-04-19 15:59:13 ideally most things can be static linked 2021-04-19 15:59:29 dalias: unfortunately dynamically linked crates is the only way we can slim things down 2021-04-19 15:59:44 static linked hello world is like 700KB 2021-04-19 15:59:52 without dynamic linked crates 2021-04-19 15:59:57 that's exactly why I hate giant runtimes 2021-04-19 15:59:58 yeah but that's a linking bug in rust 2021-04-19 16:00:09 or in their stdlib implementation 2021-04-19 16:00:11 dynamic libs is the only way that security fixes wil actually be fixed 2021-04-19 16:00:14 librsvg is 9MB 2021-04-19 16:00:19 because rust 2021-04-19 16:00:21 :D 2021-04-19 16:00:22 ncopa, that's an old myth 2021-04-19 16:00:32 its not 2021-04-19 16:00:37 ncopa: security bugs in Rust? that can't possibly happen, didn't you get the memo? Rust is SAFE 2021-04-19 16:00:59 if you have a package system that documents dependencies you can just fix all the packages depending on the insecure lib, automatically 2021-04-19 16:01:01 we wont rebuild 20k packages that depend on musl because it gets a CVE 2021-04-19 16:01:26 yes, we can automatically set up the rebuilds 2021-04-19 16:01:27 ok, I revoke request of skarnet removal 2021-04-19 16:01:30 ariadne, you wouldnt have to tho 2021-04-19 16:01:34 we do not want that :p 2021-04-19 16:02:02 say there's a CVE in wcsnrtombs 2021-04-19 16:02:16 you rebuild the one package that used it :-p 2021-04-19 16:02:28 yeah our tools arent that smart 2021-04-19 16:02:29 :p 2021-04-19 16:02:43 this Arch guy, did a check on the status of go apps, for known cves in go 2021-04-19 16:02:54 haha :D 2021-04-19 16:02:55 ah yes, let's maintain a list of every libc entry point that every package uses 2021-04-19 16:03:00 I can't see any drawback to that 2021-04-19 16:03:04 skarnet, you don't have to do it manually 2021-04-19 16:03:12 and checked how many of the apps was rebuild with the fixed go. the numbers was depressing 2021-04-19 16:03:21 ncopa, lol :) 2021-04-19 16:03:54 anyway even if you do static linking to libc and system libs, i think dynamic-linked crates are probably a bad idea 2021-04-19 16:03:55 so, while, yes, it is theoretically possible to solve the issue, but in practice that does not happen 2021-04-19 16:04:17 except possibly for ones that really are major shared functionality with stable API/ABI and need for upgrades 2021-04-19 16:04:25 sorry 2021-04-19 16:04:27 i meant 2021-04-19 16:04:33 anyway even if you do dynamic linking to libc and system libs, i think dynamic-linked crates are probably a bad idea 2021-04-19 16:04:44 you have a link to this arch guys effort/report? 2021-04-19 16:04:45 and rebuilding 1000 packages every time there is a security vulnerability will likely not happen in practice 2021-04-19 16:04:53 it was on twitter 2021-04-19 16:04:53 dalias: its mainly libstd i want to link dynamically :p 2021-04-19 16:05:03 ariadne, i think that's fairly reasonable 2021-04-19 16:05:08 and it was not very scientific. just a check 2021-04-19 16:05:30 dalias: the microdeps i think are not a big deal 2021-04-19 16:05:44 making shared libs out of the microdeps sounds liek an awful idea 2021-04-19 16:05:51 especially if they're not designed to do that upstream 2021-04-19 16:05:57 precisely 2021-04-19 16:06:36 btw, personally i've started building everything i build by hand as static-linked now 2021-04-19 16:06:45 btw https://github.com/mitls/mitls-curl - should be safe, it's formally verified... 2021-04-19 16:06:50 because alpine keeps breaking shared libs (removing old soname when new version is released, etc :-p) 2021-04-19 16:07:29 wdtTP2O82Kft: https://twitter.com/MortenLinderud/status/1363785029957152769 2021-04-19 16:07:34 Having shared libs/std wouldn't necessarily fix CVEs if the vulnerable function is generic though 2021-04-19 16:07:47 thanks ncopa! 2021-04-19 16:08:01 Then you'd have to rebuild the package anyway since the implementation was copy/pasted into the final application (like with C++ templates) 2021-04-19 16:08:16 cogitri, indeed. there always *will* be potential scenarios where you have to rebuild 10000 packages to fix a cve 2021-04-19 16:08:32 like if the compiler has a codegen bug that introduces vulns in everything (or a backdoor :) 2021-04-19 16:08:33 Cogitri: that's not why 2021-04-19 16:08:38 yes, so the problem is that sable ABI alone will not solve the problem 2021-04-19 16:08:48 thats why im saying that it worries me 2021-04-19 16:08:49 this is true even now 2021-04-19 16:09:16 if you built the whole system with gcc 11.1 and found out gcc 11.1 introduces wrong codegen that bypasses a certain type of range check... 2021-04-19 16:09:22 you'd have to rebuild the whole system 2021-04-19 16:09:32 yup. and that does not happen in practice 2021-04-19 16:09:49 things almost that bad have happened 2021-04-19 16:09:57 with wrong codegen bugs 2021-04-19 16:10:13 i mean, the rebuild of the world does not happe 2021-04-19 16:10:24 :( 2021-04-19 16:10:27 we clearly need to do codegen at run time to avoid rebuilds because of compiler bugs 2021-04-19 16:10:32 lol 2021-04-19 16:10:41 :) 2021-04-19 16:10:52 Cogitri: the reason why i want dynamic std crate is to cut down the install sizes of rust dependencies 2021-04-19 16:11:01 that's it 2021-04-19 16:11:01 just interpret and you can dynamically replace the interpreter if there's a bug :) 2021-04-19 16:11:03 that's all 2021-04-19 16:11:05 :p 2021-04-19 16:11:16 Something like that should also be possible for go, right? 2021-04-19 16:11:25 no idea 2021-04-19 16:11:27 probably not 2021-04-19 16:11:31 I see references to shared linking 2021-04-19 16:11:32 Ariadne: Ah, that's fair, but I wonder how much of an impact it makes when LTO and generics are a thing 2021-04-19 16:11:33 go has same problem, also link static 2021-04-19 16:11:34 in the help 2021-04-19 16:11:36 the go people hate shared linking 2021-04-19 16:11:48 people of rust hate shared linking 2021-04-19 16:11:51 Cogitri: LTO hello world is still 600kb 2021-04-19 16:12:05 Cogitri: dynamic libstd hello world is 17kb (C version is 14kb) 2021-04-19 16:12:39 go build -linkshared 2021-04-19 16:12:45 fascinating 2021-04-19 16:12:50 go build -buildmode=shared 2021-04-19 16:12:50 we should do it then 2021-04-19 16:13:39 i would like to see more alpine tools written in rust/go/etc :) 2021-04-19 16:13:49 i think swift is interesting https://gankra.github.io/blah/swift-abi/ 2021-04-19 16:13:55 mainly because its easier to not shoot yourself in the foot with these languages 2021-04-19 16:13:59 Ariadne: Sure, but a hello-world isn't really a reallife example 2021-04-19 16:14:00 yeah, me too 2021-04-19 16:14:16 Cogitri: ifupdown-ng is 61KB 2021-04-19 16:14:23 i'd like a go library for parsing apkindex, apkbuilds etc 2021-04-19 16:14:26 cogitri, there's plenty of real-life code that should be <100k or even <50k 2021-04-19 16:14:27 Cogitri: the rust version would still be 10x larger 2021-04-19 16:14:38 making each of those binaries 700k is awful 2021-04-19 16:14:40 ncopa: is there a C library for that? 2021-04-19 16:14:43 ^^^^ 2021-04-19 16:14:51 especially since all the duplicated code will be resident in memory in multiple instances 2021-04-19 16:14:54 evicting stuff you want 2021-04-19 16:14:59 halosghost: not really, but there is Lua 2021-04-19 16:15:04 ooh 2021-04-19 16:15:16 ACTION wants moar lua in the world 2021-04-19 16:15:27 i started to write an APKBUILD parser in C that spit out json 2021-04-19 16:15:30 minimal: what is paths.h ? 2021-04-19 16:15:30 but that stalled 2021-04-19 16:15:32 ncopa: https://gitlab.alpinelinux.org/alpine/go 2021-04-19 16:15:33 hey, don't forget zig. quite exciting without the c++ aftertaste 2021-04-19 16:15:35 i wonder how well (poorly) ksm works vs overly static linked binaries 2021-04-19 16:15:36 dalias: Sure, but a usual Rust app would use generics whereas a hello world doesn't 2021-04-19 16:15:48 wdtTP2O82Kft: I loved where zig started; I should take another look at it 2021-04-19 16:15:53 https://gitlab.alpinelinux.org/alpine/go/-/tree/add-apkindex 2021-04-19 16:16:03 i guess it requires the code to be aligned properly 2021-04-19 16:16:10 wdtTP2O82Kft: 5 minutes ago you suggested a TLS implementation which requires .NET :) 2021-04-19 16:16:11 i actually have a server that i run in production, that i wrote in zig 2021-04-19 16:16:18 I wonder if anyone is working on making frama-c work with zig… 2021-04-19 16:16:24 ikke: nice! 2021-04-19 16:16:25 although didn't someone say that aix does that nonsense 2021-04-19 16:17:16 Cogitri: there is still significant code reduction 2021-04-19 16:17:26 by the way, anyone here who wants to rewrite alpine in rust 2021-04-19 16:17:31 Ariadne: i thoght that mitls-curl is c-only, they output c code from their f# model. 2021-04-19 16:17:31 my thinking is that C isn't really going anywhere, even if there are those modern C-replacement languages 2021-04-19 16:17:32 this is something you are REQUIRED to solve 2021-04-19 16:17:59 "why not use uutils to replace busybox" somebody asked 2021-04-19 16:18:05 heh 2021-04-19 16:18:07 and the answer is simple 2021-04-19 16:18:13 it would belike 15MB binary 2021-04-19 16:18:14 it'd be 100MB 2021-04-19 16:18:28 ncopa: Yes, if only because C works really nicely for dynamic linking 2021-04-19 16:18:29 uutils is rust? 2021-04-19 16:18:32 Yup 2021-04-19 16:18:45 writing such low-level utilities in Rust is also nonsensical 2021-04-19 16:18:56 skarnet: not sure i agree 2021-04-19 16:19:01 i see benefits to it 2021-04-19 16:19:06 we don't have to agree on everything 2021-04-19 16:19:18 skarnet: its from musl-dev package 2021-04-19 16:19:36 my position is that C is *the* language for low-level utilities, and Rust has a place, but a bit higher in the food chain 2021-04-19 16:19:52 minimal: thanks, let me check 2021-04-19 16:19:54 they are pushing for rust in the linux kernel 2021-04-19 16:20:02 yeah, rewriting tools in rust that have the threatmodel of calc.exe, claiming doing it for safety is nonsense 2021-04-19 16:20:05 skarnet: i think there is a lot of value to teaching people to write C to MISRA standard 2021-04-19 16:20:27 are there good / free references for the MISRA standard? 2021-04-19 16:21:41 dalias: is musl's /usr/include/paths.h meant to emulate what glibc does, or is it like your bits/alltypes.h to centralize definitions? 2021-04-19 16:21:49 skarnet: as musl doesn't support utmp/utmpx it defined "dummy" values for utmp/wtmp files there 2021-04-19 16:22:11 minimal: yes, I understand that, I'm just wondering about the nonstandard header file 2021-04-19 16:22:41 because there should be zero reason for applications to ever include directly 2021-04-19 16:22:56 and am wondering whether patching busybox to remove that is the correct fix 2021-04-19 16:23:14 ikke: https://misra.org.uk/Publications/tabid/57/Default.aspx 2021-04-19 16:23:33 mps: thanks 2021-04-19 16:23:35 ikke: yes, cppcheck, clang-analyzer and gcc 11 -fanalyzer will all warn about MISRA violations 2021-04-19 16:24:45 skarnet: busybox certainly use a "#include " and I'm sure I've seen at least one other package do that (to get non-utmp-related defines) 2021-04-19 16:25:47 I suspect that's something to be fixed but I'm waiting for dalias's confirmation 2021-04-19 16:26:24 ikke: the link you want is https://misra.org.uk/LinkClick.aspx?fileticket=vfArSqzP1d0%3d&tabid=57 2021-04-19 16:26:47 finding it in the list of publications is ugh 2021-04-19 16:26:52 yeah, thanks 2021-04-19 16:27:29 skarnet: coreutils, linux-pam, openrc, shadow, and util-linux all reference paths.h 2021-04-19 16:28:11 all famous paragons of good C 2021-04-19 16:28:19 but I guess it's a de facto standard 2021-04-19 16:28:44 I'll modify utmps to work around it then 2021-04-19 16:29:31 skarnet: all on my list to kill 2021-04-19 16:29:33 :) 2021-04-19 16:29:43 ah, no, that's annoying, I can't redefine it because then it makes the #include order change things 2021-04-19 16:29:53 ACTION uploaded an image: (1KiB) < https://matrix.org/_matrix/media/r0/download/matrix.org/iiZkTiPxGdvHxqPtjPFxEZRW/Screenshot_20210419_182947.png > 2021-04-19 16:30:04 Can someone please remove that white pixel from the favicon of Gitlab? 2021-04-19 16:30:12 no 2021-04-19 16:30:15 skarnet: of all of those busybox is the only one I'm (currently) having the duplicate defines issues with 2021-04-19 16:30:16 the problem is that utmp definitions should be confined to and , not spread around in generic headers 2021-04-19 16:30:17 like literally 2021-04-19 16:30:18 It has been bothering the living hell out of me all day 2021-04-19 16:30:22 it is impossible 2021-04-19 16:30:29 gitlab itself is putting it there 2021-04-19 16:30:30 :/ 2021-04-19 16:30:32 How is that impossible lol 2021-04-19 16:30:33 PureTryOut[m]2: hmm, does not show up for me 2021-04-19 16:30:41 It still retrieves it from somewhere 2021-04-19 16:30:53 gitlab has JS 2021-04-19 16:30:59 which regenerates the favicon 2021-04-19 16:31:02 oh, mitls-curl indeed depends on an external mitls install. meh. sorry for bringing it up. 2021-04-19 16:31:04 its a bug in gitlab 2021-04-19 16:31:11 I have 2 tabs on gitlab, one with the white pixel, the other one without it 2021-04-19 16:31:27 😢 2021-04-19 16:31:57 Oh refreshing the tab made it dissapear. But I guess it'll be back then 2021-04-19 16:32:15 PureTryOut[m]2: Probably has to do with things like notifications / new comments 2021-04-19 16:32:18 ^ 2021-04-19 16:32:40 yes go complain to gitlab 2021-04-19 16:32:42 :D 2021-04-19 16:32:47 That would be one shitty way to show it 2021-04-19 16:32:57 If it stays like this I will haha 2021-04-19 16:32:59 minimal: the issue is that utmps needs to redefine the path to wtmp, it's doable in utmps/utmpx.h, but it's not doable if the musl definition is in paths.h 2021-04-19 16:33:02 I can not work like this! 2021-04-19 16:35:54 mps: i can move remake to community or something 2021-04-19 16:36:07 skarnet: yeah I was surprised to see musl putting UTMP and WTMP defs in paths.h rather than /usr/include/utmp.h - I'm guessing that musl did this to handle some software that included paths.h but not utmp.h and expected those defines. 2021-04-19 16:36:21 mps: i wasn't planning to move it from testing until 3.14 was branched 2021-04-19 16:36:22 btw, MISRA is not something special, that I how I learned C 30 years ago 2021-04-19 16:36:39 oh yeah misra isn't anything special at all 2021-04-19 16:36:50 Ariadne: ok, I will revert to make 2021-04-19 16:37:21 my plan was just to replace make with remake in main after 3.14 is branched 2021-04-19 16:37:38 remake will not fix bug in edk2 anyway :) 2021-04-19 16:38:09 minimal: yeah, and now I probably need to just remove the definition of _PATH_UTMP and _PATH_WTMP in utmps/utmpx.h, but software that links against utmps should just never use those macros 2021-04-19 16:38:16 because the paths.h values will be incorrect 2021-04-19 16:38:32 the only legit macro is WTMPX_FILE 2021-04-19 16:38:45 and we probably should patch busybox so it uses that instead 2021-04-19 16:38:57 of course not, the benefit of remake is having actually useful error output (as long as the build system doesn't clobber the jobserver anyway) 2021-04-19 16:40:46 Ariadne: right, but anyway thanks for pointing to it, it will be useful for local testing builds 2021-04-19 16:40:58 skarnet: I thought about patching busybox for that. Whatever changes you decide to make to utmps may well change build behaviour for the other packages using paths.h/utmp.h/utmpx.h so I'd have to then rebuild those to see what, if anything, may change and need fixed. Down the rabbithole we go.....lol 2021-04-19 16:41:31 oh wait actually _PATH stuff is only is Ariadne's utmp.h addition 2021-04-19 16:42:05 yeah the real fix is to patch bb so it doesn't use utmp.h 2021-04-19 16:42:13 make it use utmpx.h instead 2021-04-19 16:42:30 and WTMP_FILE instead of _PATH_WTMP 2021-04-19 16:44:25 alternatively just remove the paths.h inclusion... probably less effort. And there's no perfect solution anyway. 2021-04-19 16:46:10 Ariadne: does that work with recursive make? 2021-04-19 16:46:39 skarnet: and what about the file defines in paths.h pointing to the wrong place? 2021-04-19 16:46:40 Hello71: yes, as long as the jobserver doesn't get clobbered 2021-04-19 16:46:41 particularly thinking of kbuild/openjdk where the error is frequently hundreds or thousands of lines up 2021-04-19 16:46:54 Hello71: yes, it works for those 2021-04-19 16:47:02 hm, ok 2021-04-19 16:47:15 not sure i understand how but i'll take your word for it 2021-04-19 16:47:22 minimal: as long as the software doesn't include paths.h we don't care 2021-04-19 16:47:29 Hello71: gnu make has a "job server" 2021-04-19 16:47:36 yes 2021-04-19 16:47:43 the thing with the pipes 2021-04-19 16:48:09 minimal: again the *only* thing we need with those paths is to give clients read access to wtmp 2021-04-19 16:48:11 (that hangs half the time when i use make -l, but that's a seprate issue) 2021-04-19 16:48:12 Hello71: the job server is extended in remake to know about the origin of every job 2021-04-19 16:48:48 minimal: so _PATH_UTMP is totally irrelevant (and software that uses it should be fixed anyway to stop accessing the file directly) and _PATH_WTMP should be patched into WTMPX_FILE 2021-04-19 16:48:54 but how does it pass up the error 2021-04-19 16:48:59 or does it not actually print the error at the end 2021-04-19 16:49:08 it does, at the end 2021-04-19 16:49:15 skarnet: and software that needs to include paths.h for other defines in there? 2021-04-19 16:49:19 right, i see how you can have a proper backtrace 2021-04-19 16:49:27 but how does it move the error to the end 2021-04-19 16:49:41 minimal: then they need to be checked for _PATH_[UW]TMP use, and patched if necessary 2021-04-19 16:49:46 ninja-like buffering? 2021-04-19 16:49:55 if they don't use them, it's fine 2021-04-19 16:49:58 idk i haven't looked into it too deeply 2021-04-19 16:50:06 i just know the jobserver tracks the errors 2021-04-19 16:50:46 perhaps it uses socketpairs instead of pipes :) 2021-04-19 16:51:23 hm, i guess it necessarily buffers the errors, or at least does a tee 2021-04-19 16:52:15 it would buffer the errors 2021-04-19 16:52:25 but they could be communicated via socketpair back to the jobserver 2021-04-19 16:52:34 its pretty straightforward really 2021-04-19 16:52:39 mm. 2021-04-19 16:53:01 then when jobserver terminates, errors are printed 2021-04-19 16:53:18 Hello71: note, it does not capture the *compiler* error 2021-04-19 16:53:24 oh 2021-04-19 16:53:27 minimal: I pushed the WTMP_FILE change in !20619, please approve when you're done and I'll remove the draft tag so it can be merged 2021-04-19 16:53:32 yeah, sorry it's not that good :p 2021-04-19 16:53:34 i think i misread your screenshot earlier 2021-04-19 16:53:44 iirc ninja can do that 2021-04-19 16:53:49 or maybe it's meson 2021-04-19 16:54:07 ninja and samurai can do that yes 2021-04-19 16:54:45 Hello71: however, even though it does not capture compiler error output, it is still useful 2021-04-19 16:54:48 skarnet: having a look now 2021-04-19 16:54:56 yes 2021-04-19 16:54:59 Hello71: because you can just check the backtrace at the end 2021-04-19 16:55:07 and go 2021-04-19 16:55:21 oh arch/x86_64/whatever.o failed to compile 2021-04-19 16:55:38 which on its own doesnt tell you much, but then you can retry it 2021-04-19 16:55:45 the cool thing is 2021-04-19 16:56:01 you can have remake actually retry the failed job at the end 2021-04-19 16:56:10 which *does* get you compiler output 2021-04-19 16:58:11 only if it properly restores all the context 2021-04-19 16:58:32 given the number of makefiles that break with just -j2, i'm not optimistic :p 2021-04-19 16:58:56 you can also do 2021-04-19 16:59:00 make --post-mortem 2021-04-19 16:59:14 and when there's an error, instead of just terminating 2021-04-19 16:59:25 you can inspect the make engine's state at the moment of the job failure 2021-04-19 16:59:38 it has a debugger :D 2021-04-19 16:59:55 mm. 2021-04-19 17:00:12 is it time for APKBUILD sh -> make conversion? :p 2021-04-19 17:00:28 :D 2021-04-19 17:00:34 full circle 2021-04-19 17:01:16 lets not and say we didn't 2021-04-19 17:01:26 imho even though makefile is a little clunky, the issue is that gnu make debugging sucks 2021-04-19 17:01:35 yes 2021-04-19 17:01:41 remake fixes *that* problem 2021-04-19 17:01:43 :p 2021-04-19 17:03:27 Hello71: APKBUILD.spec 2021-04-19 17:03:44 can we ban maxice8 pls 2021-04-19 17:03:57 ok 2021-04-19 17:04:02 im kidding 2021-04-19 17:04:04 ^_^ 2021-04-19 17:04:13 /mode +b maxice8 2021-04-19 17:04:31 ono 2021-04-19 17:04:42 skarnet, paths.h is just a junk header that was included because some stuff used it. 2021-04-19 17:04:48 musl does not use it whatsoever 2021-04-19 17:05:08 does remake parse faster than gnu make? i remember waiting several seconds for buildroot to just parse 2021-04-19 17:05:17 in particular it's not a source of configuration or policy 2021-04-19 17:05:29 Hello71: no, 2021-04-19 17:05:38 dalias: yeah that's what I suspected, the problem is that it contains utmp macros outside of utmp.h and utmpx.h so those macros are pretty hard to redefine 2021-04-19 17:05:44 i mean i haven't benchmarked it 2021-04-19 17:05:51 skarnet, i see... 2021-04-19 17:05:53 but i doubt there is any difference in parsing speed 2021-04-19 17:05:55 just because of macros on macros on macros on includes on macros 2021-04-19 17:06:02 i would just have alpine patch musl's paths.h to match the utmp policy 2021-04-19 17:06:25 we can do that 2021-04-19 17:06:32 what should it have ? 2021-04-19 17:06:43 _PATH_WTMP should be /var/log/wtmp 2021-04-19 17:06:44 and that's it 2021-04-19 17:06:55 paths.h has lots of stuff in it that's "policy content" and not policy that libc really has any care over 2021-04-19 17:07:06 so it's totally reasonable for distros to change that if it conflicts 2021-04-19 17:07:27 _PATH_UTMP is totally irrelevant for utmps but the macro definition could be removed, to check for software that uses it and patch it 2021-04-19 17:07:42 :) 2021-04-19 17:08:15 ok 2021-04-19 17:08:28 i don't want to do that right now since we are already in a soft freeze 2021-04-19 17:08:36 can it wait until 3.14 is branched? 2021-04-19 17:08:39 totally 2021-04-19 17:09:02 minimal is working on building alpine with utmps, that's why we're looking at those things now 2021-04-19 17:09:02 cool, ping me when we do that i guess :) 2021-04-19 17:09:14 oh good 2021-04-19 17:09:19 i am glad minimal is finishing it 2021-04-19 17:09:34 yeah I think we're pretty close 2021-04-19 17:09:36 Ariadne: I'm the one who triggered this conversation as I'm testing utmp stuff locally. I can tested the suggested changes locally for now and once it all appears working we can look at them after 3.14 2021-04-19 17:09:55 since i got busy with other things :p 2021-04-19 17:10:13 minimal: i guess just open an MR against the musl package 2021-04-19 17:10:20 Ariadne: how come? it *never* happens to you. :P 2021-04-19 17:10:42 Ariadne: I will once I'm sure it all works :-) 2021-04-19 17:11:07 skarnet: i haven't perfected human cloning yet 2021-04-19 17:11:25 sheep cloning works and bunnies are smaller 2021-04-19 17:12:15 bunnies clone themselves if they are not fixed 2021-04-19 17:13:01 or at least if you have two bunnies, you'll wind up with 2^6 bunnies by the end of the month 2021-04-19 17:13:02 :p 2021-04-19 17:13:42 we need to harness that wonderful food source 2021-04-19 17:13:48 ACTION exits, fast 2021-04-19 17:14:16 the only bunnies i have are artificial 2021-04-19 17:14:24 no food source here :) 2021-04-19 17:52:24 Ariadne: forking your alpine-gcc-patches on gitlab takes ages :D maybe it's quicker if you just git-am(1) my git-format-patch? 2021-04-19 17:53:21 > Forking in progress: Please wait while we import the repository for you. 2021-04-19 17:53:30 💤 2021-04-19 17:53:42 :D 2021-04-19 17:53:58 no rush on it 2021-04-19 17:54:04 just send me an MR when you can 2021-04-19 17:54:09 so i don't lose the patch 2021-04-19 17:54:26 because i rebase all the patches when i update to a new git snapshot 2021-04-19 17:55:15 yeah, I really like the idea of keeping larger patchsets in a dedicated repo. I do the same locally for busybox 2021-04-19 17:55:25 ok, gitlab is done forking 2021-04-19 18:01:14 done 2021-04-19 18:43:00 looks like armv7 CI is stuck 2021-04-19 19:44:09 hi 2021-04-19 19:45:04 I've just read it mps VfrCompile is part of edk2? 2021-04-19 19:50:18 ey Cogitri , I thought that it is rare that packaged libvpx causes the link error because it is not include in APKBUILD, I take a look and it seems that there is a definition in a .asm file and other .c file 2021-04-19 19:52:01 e.g. one duplicated reference is between and intrapred_neon.c.o intrapred_neon_asm.asm.S.o :S 2021-04-19 19:54:31 donoban: yes, it is built during build process 2021-04-19 19:54:59 donoban: here is new (upgrade to latest edk2) MR !20626 2021-04-19 19:55:19 and it also fails? :D 2021-04-19 19:55:32 yes 2021-04-19 19:55:41 hehe 2021-04-19 19:56:07 but this time because of illegal instruction 2021-04-19 19:58:27 any idea what caused 35% size cut "graphviz: 6944 KiB -> 4548 KiB"? https://gitlab.alpinelinux.org/andypost/aports/-/jobs/375293#L6375 2021-04-19 20:02:29 You'd have to compare the packages 2021-04-19 20:02:39 there are no files missing (otherwise checkapk would have shown that) 2021-04-19 20:21:13 Ariadne: skarnet: rustls is a complete joke 2021-04-19 20:21:22 it only works on ARM, aarch64 and x86 2021-04-19 20:21:47 they don't carry almost any fallback code for archs not supported by the ASM that they import from BoringSSL 2021-04-19 20:23:34 which would have been a fine way of showing that Rust can be fast/portable, and to test asm impls vs a reference thing 2021-04-19 20:23:59 but no, any project using rustls is very limited on what it can even be built for 2021-04-19 20:28:03 Ariadne: i've done bearssl ports for several packages using libcrypto. as ericonr said, the apis are close enough that it is usually pretty easy. coming up with a nice abstraction layer should be quite doable 2021-04-19 20:28:30 the main gotcha for rsa with bearssl is that the private key decoder drops the public key parts, and can only recompute them for keys where p and q are 3 mod 4 (about 25% of keys i believe) 2021-04-19 20:34:12 ah, a correction 2021-04-19 20:34:23 rustls's limitations are due to ring 2021-04-19 20:34:28 which is the underlying crypto library 2021-04-19 20:34:57 rustls could in fact be entirely portable if there was any interest in a properly portable backend 2021-04-19 21:21:04 ikke: locally I see no difference, maybe some settings in CI is different but on builders result is different https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20632#note_153298 2021-04-19 21:21:48 You know you can download the package from ci? 2021-04-19 21:22:10 ah, thank you! 2021-04-19 22:55:51 !20619 can be merged now, thanks minimal :) 2021-04-20 00:40:26 hmm, did i just DOS git.al.org with my crappy connection ? 2021-04-20 00:43:06 no 2021-04-20 00:43:14 :) 2021-04-20 00:47:18 still getting 502's 2021-04-20 01:12:48 [14:28:28] the main gotcha for rsa with bearssl is that the private key decoder drops the public key parts, and can only recompute them for keys where p and q are 3 mod 4 (about 25% of keys i believe) 2021-04-20 01:12:49 uhhh 2021-04-20 01:12:53 that sounds bad? 2021-04-20 01:50:19 well, when signing something with RSA, you only need the private key 2021-04-20 01:50:47 yeah you shouldn't even have a public key in an encoded private key file 2021-04-20 01:51:38 i suppose the main issue for apk-tools is that there is no RSA public key decoder, it can only decode the public key from within a X.509 cert 2021-04-20 01:52:32 but where are public keys encoded if not in certs? 2021-04-20 01:53:15 oh, you mean for /etc/apk/keys which are not in a cert? those are RSA? 2021-04-20 01:57:53 mcf: yes, the lack of a decoder sucks; I actually sent an email to Pornin asking about adding that API, he answered with a guide on how to write one :) 2021-04-20 01:57:55 yeah, i believe the public keys are just some inner ASN.1 structure, not certs (not sure exactly the format) 2021-04-20 01:58:08 I can forward it to you, in that case 2021-04-20 01:58:11 if you wish 2021-04-20 01:58:52 sure, i'd be interested in that 2021-04-20 01:59:01 for that matter, the esp8061 arduino repo carries a bearssl fork for which they implemented an RSA decoder 2021-04-20 01:59:32 ugh 2021-04-20 01:59:42 esp8266 2021-04-20 02:06:42 mcf: https://github.com/esp8266/Arduino/tree/da6ec83b5fdbd5b02f04cf143dcf8e158a8cfd36/tools/sdk/ssl and https://github.com/esp8266/Arduino/tree/da6ec83b5fdbd5b02f04cf143dcf8e158a8cfd36/tools/sdk/ssl 2021-04-20 02:07:11 https://github.com/earlephilhower/bearssl-esp8266/commit/0c27e4145af5886156c4dfb59292ffbbd041e6c0 2021-04-20 02:07:33 well anyway, that is certainly a blocker for using bearssl in apk-tools itself 2021-04-20 02:09:18 until someones write a public RSA key decoder :P 2021-04-20 02:11:13 like the one ericonr just linked? :P 2021-04-20 02:11:20 that would indeed be nice to see in upstream bearssl 2021-04-20 02:12:37 mcf: forwarded the guide your way as well 2021-04-20 02:13:18 did that guy actually take the time to understand T0 and write a decoder in it? o.O 2021-04-20 02:14:41 since the work since to already have been done there's a small chance pornin could upstream it 2021-04-20 02:14:45 I can try and press him 2021-04-20 02:14:51 since the work seems* 2021-04-20 02:16:21 ericonr: thanks :) those in-depth replies from thomas pornin are always fantastic 2021-04-20 02:17:49 ericonr: can I please read it too? 2021-04-20 03:02:04 skarnet: query 2021-04-20 06:08:07 Please anyone review this MR 2021-04-20 06:08:08 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20638 2021-04-20 06:39:48 hi all, what is proper way to get some 'backport' from master (edge) to 3.13? 2021-04-20 06:40:41 Make a branch based on 3.13-stable on your fork, cherry pick the commit you want to backport, make a MR against upstream/3.13-stable 2021-04-20 06:42:58 b8d1f2ee7911 lol 2021-04-20 06:43:27 https://git.alpinelinux.org/aports/commit/?id=b8d1f2ee7911 I guess that's one way to check for autoconf >= 2.59too :D 2021-04-20 06:51:31 hm, we have upgraded autoconf, probably some packages will need to be checked with it 2021-04-20 06:54:09 If they have similarly (broken) tests for the version, yup 2021-04-20 06:59:01 Fixing openjdk8 for the same thing now 2021-04-20 06:59:25 i think there are a number of packages that will break with new autoconf, but i also expect other distros to have patches 2021-04-20 07:01:23 could always just package old autoconf 2021-04-20 07:01:26 thats what freebsd do 2021-04-20 07:01:27 :D 2021-04-20 07:03:07 new openssh pass !20640 2021-04-20 07:04:04 Cogitri, thanks - https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20641 2021-04-20 07:04:31 can someone else test it doesn't break login on remotes. It works for me but at least one test in different setup would be good before merge 2021-04-20 07:07:18 is someone with gnome 40 running on alpine here an can verify this issue? https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4148 2021-04-20 07:08:26 Gottox: Sounds like https://gitlab.alpinelinux.org/alpine/aports/-/issues/12605 2021-04-20 07:10:16 Interesting. They marked it as a dup for a glibc issue. 2021-04-20 07:10:33 But I can't reproduce it here with similiar hardware. 2021-04-20 07:10:46 here = glibc 2021-04-20 07:13:45 I don't have the problem on F34 Silverblue on my desktop either 2021-04-20 07:14:29 On my laptop it sometimes likes to flash when I resume (as in I see the lock screen, then it goes black again and then after a few seconds it shows GDM again) 2021-04-20 08:20:06 Can abuild not create empty directories in packages? 2021-04-20 08:46:22 ppc64le seems to be stuck on openjdk16, I swear it was building it yesterday evening as well 2021-04-20 08:49:08 ncopa: regarding edk2, I create yet another MR (!20626) which is upgrade to latest upstream release, but also this fails but with different error than previous MR 2021-04-20 08:50:09 it fails with 'illegal instruction' when running one binary which is built during compiling 2021-04-20 08:51:28 we can create bug report on gitlab.a.o about this and post url to upstream on github 2021-04-20 08:52:00 I would do all this but I don't have GH account 2021-04-20 10:06:47 hi 2021-04-20 10:06:52 GH is GitHub? 2021-04-20 10:10:37 donoban: yes 2021-04-20 10:11:15 i.e. 'General Headquarter' of free software ;> 2021-04-20 10:11:22 ok I can post it 2021-04-20 10:11:24 hehe 2021-04-20 10:11:51 " we can create bug report on gitlab.a.o", where is it? 2021-04-20 10:12:01 well there you go 2021-04-20 10:12:03 :p 2021-04-20 10:12:59 donoban: algitbot knoows some of $.a.o 2021-04-20 10:13:10 yeah I see 2021-04-20 10:13:43 I meant, is the bug report already opened? 2021-04-20 10:14:04 no, not yet 2021-04-20 10:21:57 donoban: I have to boot my x86_64 box to try build edk2 and collect all relevant info (even dmesg out) for filling bug report 2021-04-20 10:22:43 will do later today (don't use x86_64 much in last times) 2021-04-20 10:22:57 ok ok 2021-04-20 10:23:11 what is your main arch? 2021-04-20 10:23:48 arm64 and sometime arm32 2021-04-20 10:25:23 I would have to consider when buying next computer, all my life in x86 ^^ 2021-04-20 10:25:33 about 5 years ago I switched to arm for workstation 2021-04-20 10:27:09 though I used asus transfomer with dock with keyboard as a 'notebook' from about 10 years ago, with debian on it 2021-04-20 10:27:50 tf101 asus is also arm32 2021-04-20 10:29:31 I'm happy with Lenovo Thinkpad :D 2021-04-20 10:31:32 I would like to use/have risc-V notebook designed as chromebooks are 2021-04-20 10:31:59 but that will not happen soon, I fear 2021-04-20 10:57:32 b.p.o is being weird recently. Right now it says it's building community/ceph on aarch64, but according to the build log it has already finished 2021-04-20 10:59:47 well, it _is_ building ceph 2021-04-20 11:03:38 Huh but the log showed it was finished 🤔 2021-04-20 11:04:09 Oh actually no it didn't finish, it failed 2021-04-20 11:04:16 > No space left on device. 2021-04-20 11:04:19 PureTryOut[m]2: one trick: it should end with "signing the index" 2021-04-20 11:04:20 That seems like an issue 2021-04-20 11:04:30 if it does not end with that, it was not succesfully built 2021-04-20 11:04:37 Ok good to know 2021-04-20 11:04:45 So is the aarch64 builder out of space then? 2021-04-20 11:04:49 no 2021-04-20 11:05:08 at least, not the new builder :) 2021-04-20 11:05:11 I don't understand what is happening then... 2021-04-20 11:09:31 ikke: could you verify what's up with the aarch64 builder then? Something is definitely off 2021-04-20 11:10:13 Sun, 18 Apr 2021 16:30:14 +0000 2021-04-20 11:10:21 I think this is before ncopa move the builders 2021-04-20 11:11:14 So maybe b.p.o is just still looking at the old builder then? 2021-04-20 11:11:22 no 2021-04-20 11:11:30 it's the old log your are looking at 2021-04-20 11:11:51 these logs are not updated live 2021-04-20 11:12:21 That I realize. But why does b.p.o still show it's building community/ceph then and link to some old log? 2021-04-20 11:12:57 b.a.o just links to a predicted location for the log 2021-04-20 11:13:04 right now, that location still has the old version 2021-04-20 11:13:15 once the build is finished, the new version of the log will be uploaded 2021-04-20 11:13:22 It's not a very smart system 2021-04-20 11:14:06 So because it failed earlier, it's now redoing the build but it still points to the log of the failed builed? 2021-04-20 11:14:09 *build 2021-04-20 11:14:12 yes 2021-04-20 11:14:20 Ah, yes that's confusing 2021-04-20 11:21:52 ncopa: found this nice overview about different types of locking in linux: https://gavv.github.io/articles/file-locks/ 2021-04-20 11:30:11 ikke: im reading the manpage, and i think i know what the problem is 2021-04-20 11:32:26 nice overview btw 2021-04-20 12:04:37 can anybody please look at https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20641 ? 2021-04-20 12:11:57 mps: somehow we get this with emacs-nox: emacs: could not load dump file "/usr/lib/emacs/27.2/aarch64-alpine-linux-musl/emacs.pdmp": out of memory 2021-04-20 12:12:21 mps: nuking that file allows emacs to run though 2021-04-20 12:16:20 tmlind: sorry, but I don't use emacs and don't have experience with it. and can't remember that I worked anything on it for alpine 2021-04-20 12:16:53 tmlind: or I don't understand your comment 2021-04-20 12:17:58 hmm, I'm laying, I enabled it on aarch64 2021-04-20 12:19:22 mps: heh ok :) 2021-04-20 12:19:51 I recently added a new package to aports (my first package!) and the APKBUILD was creating a new user so that it doesn't run as root. I now realize that it must run as root, do I need to do some special upgrade script to remove the user? Or I just remove the pre-install script and let it be. 2021-04-20 12:25:18 ikke: i believe the file lock problem is due to posix record locks are associated with pid, so the lock is not visible accross pid-namespaces (containers) 2021-04-20 12:29:20 Aha, would make sense 2021-04-20 12:44:48 tomleb: I think that apk never removes users 2021-04-20 12:45:22 ncopa: NOTES mentions l_pid can be kinda useless with NFS, and I would expect the same principles to apply to ns 2021-04-20 12:45:32 the kernel even has: static pid_t locks_translate_pid(struct file_lock *fl, struct pid_namespace *ns) 2021-04-20 12:47:08 tomleb: let it be, we'll reconsider when we're out of uids :D 2021-04-20 12:47:36 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=4acd47644ef1e1c8f8f5bc40b7cf1c5b9bcbbc4e 2021-04-20 12:47:59 Red IBM, (Extend, Embrace ....) 2021-04-20 12:48:54 tomleb: in general, removing a user is a security issue because the uid can get reassigned and files created under the old user will have the wrong permissions. In your case it's not a real issue but "never remove users" is good policy; you can leave a comment in your APKBUILD that says "olduser" is unused and was a mistake, and that's it 2021-04-20 12:49:30 just don't create it in newer versions of your package :) 2021-04-20 12:51:03 mps: wtf 2021-04-20 12:54:07 ericonr: you read it? :( 2021-04-20 12:55:54 well, if that's quoted exactly it sucks hard 2021-04-20 12:55:58 very healthy employer rules 2021-04-20 12:56:25 I'd understand "you're being paid to do this, please use your corporate email here" 2021-04-20 12:56:49 i bet they get fired for posting it publicly 2021-04-20 12:57:21 Hello72: maybe this is her/his intention 2021-04-20 12:58:56 and this is 'revenge' to such bad employer (or just bad manager) 2021-04-20 12:59:45 but that shows how is bad that linux now tied too much too much to big corporations 2021-04-20 13:02:26 omg :\ 2021-04-20 13:03:23 Hello72: by posting to the ML, you mean? 2021-04-20 13:03:30 yes 2021-04-20 13:03:36 https://lore.kernel.org/netdev/161887560929.13803.2397044457894925895.git-patchwork-notify@kernel.org/T/#t <-- "You are awesome, thank you!" ironic 2021-04-20 13:07:21 :D 2021-04-20 13:34:45 ikke: ncopa: linux 5.12 will have idmap mounts which will solve some of these propblems I think. https://lore.kernel.org/lkml/20210213130042.828076-1-christian.brauner@ubuntu.com/T/#u 2021-04-20 14:01:37 mps: Cogitri I belive the armv7 builder is stuck 2021-04-20 14:10:53 Thermi: You mean the CI runner? 2021-04-20 14:10:58 Cogitri: yes 2021-04-20 14:11:18 I think ikke was working on that already (?) 2021-04-20 14:18:18 Cogitri: Well, at the moment it's still not doing any of the jobs that are relevant to me, so I don't know if it's still suck or just working on the queue 2021-04-20 14:18:35 Content of my message thus: Unknown if problem is solved or not 2021-04-20 14:18:36 i am not able to reproduce he locking issue with unshare(1) either 2021-04-20 14:18:51 weird. i have no clue whats going on 2021-04-20 14:24:29 skarnet: Thanks, good point on the security issue as well, I hadn't thought of that. I'll just remove the pre-install script and remove the pkgusers=, pkggroups= fields in APKBUILD 2021-04-20 15:45:41 i can tell you if i had a manager talk to me like in that IBM commit, i would quit 2021-04-20 15:48:19 First ask compensation for the 100% time 2021-04-20 15:49:07 ikke: this is possible only in Europe :) 2021-04-20 15:49:58 I mean european countries 2021-04-20 15:54:07 when I was employed in former Yugoslavia every minute of overtime work was payed and at double rate 2021-04-20 15:54:50 Thermi: Cogitri armv7 is not stuck atm 2021-04-20 15:55:14 but we made 'big' step forward (to nowhere) 2021-04-20 15:56:09 (old good times. (I'm old obviously)) 2021-04-20 16:32:15 uhM, if I uderstand correctly the IBM guy wants to continue working on it but the company moved him to other thing so he changed the mail to his personal account? 2021-04-20 16:32:58 could be 2021-04-20 16:40:32 stupid question, with regarde to https://gitlab.alpinelinux.org/alpine/aports/-/commit/68da843018346f66c160a9bc11ad8248bca63612 2021-04-20 16:40:43 the source archive was updated 2021-04-20 16:40:45 by kep the same name 2021-04-20 16:40:52 is there a way to tell the mirrors to get the new one? 2021-04-20 16:41:00 because currently, they're serving the old (broken) one 2021-04-20 16:41:44 jvoisin: You mean distfiles? 2021-04-20 16:42:24 maybe? 2021-04-20 16:42:35 (check the commit, you'll see the issue) 2021-04-20 16:42:45 Yes, I did check the commit 2021-04-20 16:42:55 That would only show up on the actual builders 2021-04-20 16:43:07 It's something we would need to fix manually 2021-04-20 16:43:32 can I help to make this happen? 2021-04-20 16:43:41 I can do it now 2021-04-20 16:43:56 oh 2021-04-20 16:43:58 amazing, thanks ♥ 2021-04-20 16:45:03 I've renamed it 2021-04-20 16:46:54 This was already a couple of days ago?> 2021-04-20 16:47:33 the issue of not having the package rebuilt with the "new" source archive has always been there, since the merging of the commit 2021-04-20 16:48:05 There is a duplicate gettext-tiny in testing/ and community/ 2021-04-20 16:50:51 maxice8: yeah I pointed this out last week - Ariadne indicated its intentional lol 2021-04-20 16:51:01 and temporary 2021-04-20 16:52:40 I see 2021-04-20 18:41:39 indy: why do you split pkg in !20659 and then add all them to depends 2021-04-20 18:42:41 mps: to have a single meta-package that gets you everything if you want? 2021-04-20 18:43:59 ikke: util-linux have a lot of binaries, so we should split them all? 2021-04-20 18:44:35 mps, to keep subpackages part of util-linux for those who installs whole util-linux 2021-04-20 18:44:57 I can't see usefulness of such splits 2021-04-20 18:45:48 mps, our customer needs only flock, uuidgen and logger. as he wants to have containers smaller as possible, such split make sense 2021-04-20 18:46:25 oh, no. customers dictates alpine development :) 2021-04-20 18:47:09 mps, 2021: oh no, minimalism dictates alpine development 2021-04-20 18:47:22 (kidding) 2021-04-20 18:47:25 mps, :) to me, i would go even further, like in openwrt 2021-04-20 18:47:38 afontain_, +1 :) 2021-04-20 18:47:39 afontain_: besides pmOS :) (also kidding) 2021-04-20 18:48:51 anyway, I'm not against splits where it makes sense 2021-04-20 18:50:00 indy: believe me or not I contemplated idea to make openwrt desktop and forget alpine :) 2021-04-20 18:57:50 mps, :) i'm contemplating moving from openwrt to yocto 2021-04-20 18:58:28 mps, related request in !20659 2021-04-20 18:58:37 mps, for edge 2021-04-20 19:01:19 indy: yes, commented it above 2021-04-20 19:48:54 Cogitri: I built tg_owt with packaged libvpx :D, now building... telegram-desktop :) 2021-04-20 19:55:47 Nice 👍 2021-04-20 20:02:01 it was lot easier than I thought 2021-04-20 20:38:40 beh, same error :\ 2021-04-21 02:15:09 ERROR: unable to select packages: 2021-04-21 02:15:09 openjdk11-jre-headless (no such package): 2021-04-21 02:15:11 WTF did you dooooo 2021-04-21 02:15:15 (On builders) 2021-04-21 02:17:30 aaaah nvm 2021-04-21 02:17:52 only available on x86_64 and sx390 because of the arch field in the APKBUILD of openjdk11 2021-04-21 02:18:56 Nvm, more than those. Just no 32 bit arches 2021-04-21 02:18:57 Are there good reasons to prevent reading some pid file? For example, I see /run/syslogd.pid is 0640 instead of 0644. 2021-04-21 02:19:08 AFAIK not. 2021-04-21 02:19:38 As long as hidepid for procfs is set to 0, anybody can see any thread/process. 2021-04-21 02:19:56 With 2, you can't see those anymore. Maybe the PID is useful for anything else then. 2021-04-21 02:20:28 Same for chrony, where /run/chrony/ is 0640 (although this one contains both chronyd.pid and chronyd.sock) 2021-04-21 02:20:41 Probably because of the umask of the process 2021-04-21 02:20:59 Could this be considered as a "bug" that needs fixing? 2021-04-21 02:21:23 Report it and see if anybody gives it any priority. 2021-04-21 02:21:41 Search for it first though, obviously. 2021-04-21 02:22:29 Would https://gitlab.alpinelinux.org/alpine/aports/-/issues be the right place? 2021-04-21 02:22:36 Yes 2021-04-21 02:22:50 Alright, thank you. Yeah, I'll do a search first and report if I don't find anything 2021-04-21 02:23:26 w 2021-04-21 02:23:26 yw 2021-04-21 02:51:03 Couldn't find any issues that exists already so I created this: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12623 2021-04-21 06:09:23 Ariadne: Would be nice if it were possible to filter security.a.o by maintainer 2021-04-21 06:45:05 Cogitri: consider opening issues on the project as feature requests 2021-04-21 06:55:54 Cogitri: yes, coming soon :) 2021-04-21 06:59:36 Nice 👍 2021-04-21 07:00:09 ikke: Ah yes, will do next time :) 2021-04-21 07:00:29 Just saw the announcement when I was eating breakfast so I took a quick look on my phone 2021-04-21 07:12:59 !20619 can now be merged 2021-04-21 09:58:22 did we have a problem with libtiff? 2021-04-21 09:58:26 the ABI broke? 2021-04-21 10:26:15 Is there a way to make abuild use GNU make for a particular package? I'm testing something but adding "make" to the makedepends still seems to call non-GNU make 2021-04-21 10:28:57 Oh never mind, I'm confusing make and automake 2021-04-21 10:29:03 PureTryOut[m]2: alpine default make is gnu make 2021-04-21 10:29:06 ah, 2021-04-21 10:32:27 I was wondering if it was about the remake make replacement package from testing 2021-04-21 10:32:46 (but no) 2021-04-21 11:48:30 do we need to enable hidpi mouse on armv7, #12618 2021-04-21 11:49:04 new kernels will be released in few minutes 2021-04-21 11:49:45 Why not? At least 1 user would like it 2021-04-21 11:50:28 and user nick is PureTryOut[m]2 ? ;) 2021-04-21 11:50:46 No not me personally haha, but the user reporting that issue 2021-04-21 11:51:40 I didn't noticed armv7 is mentioned there 2021-04-21 11:52:21 Oh sorry, they asked for the kernel in general 2021-04-21 11:52:30 Then probably not, I doubt many people are using armv7 desktops. aarch64 is more useful 2021-04-21 11:54:09 yes, I think aarch64 and x86_64 makes sense, not sure for other 2021-04-21 11:54:42 though I have one armv7 notebook/chromebook 2021-04-21 11:54:57 and it have hdmi 2021-04-21 11:55:40 ok, for now aarch64 and x86_64 are enough, if someone asks we can enable it on other 2021-04-21 11:56:39 going to coffee to read changelog in quiet room 2021-04-21 11:57:17 and I wonder when the people will learn to not chat while they are making coffee :D 2021-04-21 12:21:01 PureTryOut[m]2: interesting, this two are already enabled on armv7 in linux-edge :) 2021-04-21 12:21:27 Ha 2021-04-21 12:26:12 and in -lts is CONFIG_USB_EHCI_TT_NEWSCHED=y but not CONFIG_USB_EHCI_ROOT_HUB_TT is not set 2021-04-21 12:26:16 ncopa: ^ 2021-04-21 12:34:46 Please Review this MR. 2021-04-21 12:34:46 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20673 2021-04-21 12:38:41 Did a review, please apply the comments I made 2021-04-21 12:38:51 https://fossbytes.com/secure-linux-distros-privacy-anonymity/, interesting only alpine is based on alpine :) 2021-04-21 12:44:16 sorry if this was asked as i don't keep up with this chat as much but is everyone afriad of the breakage on python packages 2021-04-21 12:44:25 both youtube-dl and qutebrowser are broken on edge 2021-04-21 12:44:52 youtube-dl works fine for me? 2021-04-21 12:44:55 is everyone aware* 2021-04-21 12:45:00 PureTryOut[m]2: on edge? 2021-04-21 12:45:11 Yes 2021-04-21 12:45:30 ModuleNotFoundError: No module named 'youtube_dl' 2021-04-21 12:45:33 hmm 2021-04-21 12:45:42 same with qutebrowser 2021-04-21 12:46:35 falling back to latest-stable works fine 2021-04-21 12:47:10 Please make sure you are running Python 3.9 and you have the latest packages 2021-04-21 12:47:19 caskd: apk update ; apk upgrade -a 2021-04-21 12:47:52 I had this problem when python 3.9 was not built completely 2021-04-21 12:48:17 after full upgrade problem disappeared 2021-04-21 12:48:58 Exactly 2021-04-21 12:50:33 hm, that should be it 2021-04-21 12:50:36 had 3.8 2021-04-21 12:50:51 gonna wait until it's done to confirm 2021-04-21 13:13:23 ok, yeah it was python version 2021-04-21 13:30:29 mps: yes i would like to see it :) 2021-04-21 13:36:38 Ariadne: what? hidpi mouse on usb? 2021-04-21 13:36:46 yes 2021-04-21 13:37:12 heh, install linux-edge 5.11.16 and you will have it :) 2021-04-21 13:37:13 i dont think those options are actually about hidpi mice though 2021-04-21 13:37:27 i think they have to do with enabling a specific buggy hidpi mouse 2021-04-21 13:37:28 right, it is general 2021-04-21 13:37:55 anyway, an alpine desktop using friend complained about having to patch his kernel to enable the option 2021-04-21 13:37:56 could be usable for other buggy devices too 2021-04-21 13:37:59 so i told him open a bug :P 2021-04-21 13:38:24 yes, I saw your twit (though I don't use twitter) 2021-04-21 13:39:51 all these drivers are strange, few days ago I discovered that I have to enable sunxi touchscreen driver to read SOC sensors 2021-04-21 13:40:59 :D 2021-04-21 13:41:27 maybe it enables an I2C driver as a side effect? 2021-04-21 13:42:03 no, I2C was enabled long time ago 2021-04-21 13:44:43 but it is strange, will look deeply on it when find some time 2021-04-21 13:45:07 could be that it enables something else 2021-04-21 13:49:56 shut up 2021-04-21 13:50:54 idc 2021-04-21 13:50:58 oh 2021-04-21 13:51:01 wait wrong chat 2021-04-21 13:51:03 damn irssi 2021-04-21 13:51:04 mb 2021-04-21 14:16:19 interesting times for linux https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/ 2021-04-21 14:16:48 GKH banned university of Minesota to send patches to kernel 2021-04-21 14:25:31 so, yes, upgrade your kernels ASAP 2021-04-21 14:26:05 in short, they posted intentionally patches with bugs 2021-04-21 14:27:25 and we will have probably new release today 2021-04-21 14:34:39 holy shit... 2021-04-21 14:39:49 popcorn time! 2021-04-21 14:44:44 :\ 2021-04-21 14:48:00 I hope BDFL^W'Alpine' can learn something from this ;) 2021-04-21 14:49:10 do you know what he refers with "and published a paper based on that work."? 2021-04-21 14:50:40 read GKH msgs in thread there, url is given but I wouldn't go again over all thread 2021-04-21 14:50:57 I understood the patches never made it to a release 2021-04-21 14:51:11 donoban: They made a scientific paper describing what they did 2021-04-21 14:55:34 1https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf 2021-04-21 14:55:45 lol 2021-04-21 14:55:52 thats the worse option that I was thinking 2021-04-21 14:58:26 ikke: GKH do some reverts, so probably it is already merged 2021-04-21 14:59:06 Yes, was apparently included in stable branches 2021-04-21 14:59:25 I'm out, and my kernel git tree is not with me so can't look now 2021-04-21 15:00:04 "A lot of these have already reached the stable trees" 2021-04-21 15:01:36 https://security.alpinelinux.org/ looks fancy 2021-04-21 15:02:05 yeah it seems very nice :) 2021-04-21 15:03:35 ooh fancy 2021-04-21 15:13:39 It is interesting though that these patches made it through 2021-04-21 15:15:06 I wonder if the paper had considered the importance of being some reputable university, maybe the same patches sent from an uknown anonymous guy would be analyzed more deeply and rejected :\ 2021-04-21 15:15:25 ikke: IMO, all it proves is that (noting Linus's Law) the kernel doesn't quite have “enough eyeballs” yet 2021-04-21 15:15:48 personally, I kind of think that professor should be fired wholesale 2021-04-21 15:16:16 (doing research (which is so clearly done on-people it's not even funny) without talking to an IRB at all is kind of insane) 2021-04-21 15:16:17 donoban: The wisdom goes that it should not matter who is providing a patch 2021-04-21 15:16:17 there is never 'enough' eyeballs 2021-04-21 15:16:35 donoban: You should not accept a patch just because it's from someone you know 2021-04-21 15:16:36 Ariadne: I don't necessarily disagree 2021-04-21 15:16:45 Ariadne: but if that's the case, then was there any point to the research at all? 2021-04-21 15:16:49 anyway this is not surprising to me! 2021-04-21 15:17:00 i've written about this before 2021-04-21 15:17:16 if you are a nation state actor or whatever and you want to poison a source tree 2021-04-21 15:17:19 it makes sense 2021-04-21 15:17:24 to send in patches that are legit 2021-04-21 15:17:30 until they get lax with reviewing your shit 2021-04-21 15:17:32 ikke: yeah, the classic security dilema, who trusting? do you want to untrust everyone? you cant :\ 2021-04-21 15:17:42 then you start slipping in backdoors 2021-04-21 15:17:55 people were like "nah nobody will try that" 2021-04-21 15:17:56 haha 2021-04-21 15:18:03 yes, their problem is that they were lazy and started out with the crap 2021-04-21 15:18:09 correct 2021-04-21 15:19:14 what is worse, who knows how many such things exists in code which are still not detected 2021-04-21 15:19:27 donoban: What I'm saying is that (I know the reality is different) is that trust should not play a role at all when reviewing patches 2021-04-21 15:20:47 yes I agree :), maybe some kind of patch review where all the authors are hidden... uhM 2021-04-21 15:20:50 ie, the reason why (at least git.git) is not relying on GPG signatures is that they do not care who the uahtor is 2021-04-21 15:20:53 author* 2021-04-21 15:21:59 why is f7f0e8106bd5fcacd5384c50187c1159f11fc9eb using a static param struct instead of what's passed to sched_setscheduler? 2021-04-21 15:23:25 maribu[m]: ^ 2021-04-21 15:23:36 its a backdoor 2021-04-21 15:23:38 obv 2021-04-21 15:23:49 heh 2021-04-21 15:24:35 :D 2021-04-21 15:25:21 hm 2021-04-21 15:25:26 doesn't this make rtkit a noop? 2021-04-21 15:25:36 they got the patch from UMN 2021-04-21 15:25:39 obviously 2021-04-21 15:25:42 lol 2021-04-21 15:26:41 late Jon Postel robustness rule should be reverted to 'be conservative in what you accept and be conservative in what you send' :) 2021-04-21 15:27:09 isn't the robustness rule what fucked the internet anyway :p 2021-04-21 15:27:14 basicallhy 2021-04-21 15:27:16 -h 2021-04-21 15:27:19 "take all the crap in" 2021-04-21 15:27:20 ericonr: right :) 2021-04-21 15:27:40 anyway, in secfixes-tracker v0.2 2021-04-21 15:27:47 you can fetch all of that data as JSON-LD 2021-04-21 15:27:48 (just deployed) 2021-04-21 15:28:03 did you add linux-lts? 2021-04-21 15:28:11 if any of you people work for a security company and aggressively scrape it, you will be banned 2021-04-21 15:28:46 donoban: there's no mapping rule for that yet 2021-04-21 15:29:09 Ariadne: you mean 'security theatre' ;p 2021-04-21 15:29:16 ey Ariadne it would be nice to add an sec-acf too, but maybe based on apk3? 2021-04-21 15:29:22 mps: yes 2021-04-21 15:29:36 donoban: a what? 2021-04-21 15:29:44 acf module I guess 2021-04-21 15:29:45 an acf page for security report 2021-04-21 15:29:48 yes 2021-04-21 15:29:52 i mean, i guess 2021-04-21 15:29:55 not my department 2021-04-21 15:30:03 you'd have to ask ttrask 2021-04-21 15:30:10 there's like 3 different panels you can install for alpine 2021-04-21 15:30:14 acf is just one of them 2021-04-21 15:30:47 mps: quite a large revert list: https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/ 2021-04-21 15:31:11 I have POC for acf-docker, it needs a few things 2021-04-21 15:31:15 minimal: yes, I saw this 2021-04-21 15:31:37 Ariadne: what you mean with "panels"? 2021-04-21 15:31:57 web-based interface? 2021-04-21 15:32:05 minimal: now you understand why I'm so conservative with your patches :P 2021-04-21 15:32:24 donoban: yes 2021-04-21 15:32:35 uhM, I only knew acf 2021-04-21 15:32:46 mps: I'm a white hat - honest! ;-) 2021-04-21 15:32:50 there is acf and then ACF2 2021-04-21 15:32:54 and then some other one 2021-04-21 15:32:59 that i dont remember the name of right now 2021-04-21 15:33:03 i dont use any of that stuff :p 2021-04-21 15:33:18 mps: my white hat just got a little gray in the wash lol 2021-04-21 15:33:19 minimal: jk, but I think you understand 2021-04-21 15:33:29 hehe, it's useful on some cases 2021-04-21 15:41:33 better gray than red hat :) 2021-04-21 15:41:40 Please review the MR 2021-04-21 15:41:40 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20676 2021-04-21 15:42:59 I see kernel patches from this guy going back at least 2 years - not saying they are all necessarily suspect but they seem to fit the pattern of submitting memory "protection" patches 2021-04-21 15:45:55 hah, so this is long planned and carefully conducted operation 2021-04-21 15:47:01 Sun Tzu section on spies, classic :) 2021-04-21 15:47:31 and Machiavelly wrote about this 2021-04-21 15:48:46 cue every security company hammering security.alpinelinux.org 2021-04-21 15:48:53 its fine 2021-04-21 15:49:00 we will start to return rickroll to them :) 2021-04-21 15:49:18 package: "never", cve: "gonna give you up" 2021-04-21 15:49:38 no idea, I just noticed that 4.19.47 seems to have 5 patches from him: https://lore.kernel.org/lkml/20190531093132.GB23111@amd/T/ 2021-04-21 15:51:51 @ericonr: As written in the patch, I just took the implementations of https://git.musl-libc.org/cgit/musl/commit/?id=61be1cfec1f5da66c68f92a6939e3a38e673c9d6 - I don't know what the reason is to only pass over the scheduling policy and not the priority. It is not given in that patch set. 2021-04-21 15:54:04 mps: fwiw i agree with you that almost all of these security companies are not really doing anything useful 2021-04-21 15:54:53 maribu[m]: thing is, it isn't passing anything 2021-04-21 15:54:58 + return syscall(SYS_sched_setscheduler, pid, 0, &def); 2021-04-21 15:55:08 musl's version at that time was a stub 2021-04-21 15:55:32 instead of using sched, it used 0, instead of using params, it used def 2021-04-21 15:55:42 Ariadne: yes, I know from personal experience :) 2021-04-21 15:56:13 I think copying from glibc makes more sense, since theirs is the version that works with rtkit 2021-04-21 15:56:34 I was owner of one small such 'company' 2021-04-21 15:57:26 Yes, it should have passed over sched instead of 0. I copied the wrong path :-/ 2021-04-21 15:58:45 that patch is reason I didn't merged it 2021-04-21 15:59:13 though I didn't analyzed it 2021-04-21 15:59:30 https://sourceware.org/git/?p=glibc.git;a=blob;f=posix/sched_sets.c;h=83023caed8628b150a8744352fa68e0534baba86;hb=HEAD - looks like glibc isn't doing something reasonable as well... 2021-04-21 15:59:39 and not sure how useful this pkg 2021-04-21 15:59:51 maribu[m]: it's glibc :p 2021-04-21 16:00:11 ah, you're looking at the wrong file 2021-04-21 16:00:26 see, glibc has multiple implementations of each function spread across their code base 2021-04-21 16:00:38 posix/ is mostly the stub stuff that all returns ENOSYS 2021-04-21 16:01:23 mps: I used to work at a well known internet security firm and couldn't understand on my 1st day why everyone had wireless keyboards (unencrypted model to save $5 per keyboard). 2021-04-21 16:02:09 maribu[m]: and if you grep for sched_setscheduler, you get 81 files with results :) 2021-04-21 16:02:47 But none implementing it... 2021-04-21 16:03:10 I'm trying to find it, I had it once 2021-04-21 16:03:59 I can find an implementation for hurd and the fallback posix one. 2021-04-21 16:05:28 minimal: you asked and give answer, to save money ;P 2021-04-21 16:05:36 that' why 2021-04-21 16:05:52 that's why 2021-04-21 16:06:37 maribu[m]: disassembling libc.so.6 I can see sched_setscheduler definitely calls a syscall 2021-04-21 16:06:59 so it's *somewhere* 2021-04-21 16:06:59 mps: I showed site IT Admin a website on how to build cantenna-based circuit to log these keyboards from 20+ metres away and pointed out the public parking spots down the side of the building near my desk......he just didn't care :-( 2021-04-21 16:09:11 Well, security companies are selling a sense of security. It is just like anti virus. It doesn't work. But when things break, you can say: But we did everything we could, even bought an anti virus!!!111eleven 2021-04-21 16:09:59 lol 2021-04-21 16:11:36 yes, real security problem are managers. so someone have to invent 'antivirus' to remove them from IT 2021-04-21 16:11:59 There are companies that sell alibis for when you want to have an affair. I think many security companies are like this. Replace having an affair with "not giving a shit about security" and alibi with "some magic security voodoo". 2021-04-21 16:12:36 maribu[m]: just run a program linked against sched_setscheduler under gdb and you can find the file where the functions is defined :p 2021-04-21 16:12:40 very practical 2021-04-21 16:12:51 mps: simple solution, just add someone to work between managers and IT. we will call it, uh... "middle management" 2021-04-21 16:12:58 Breakpoint 1, sched_setscheduler () at ../sysdeps/unix/syscall-template.S:120 2021-04-21 16:13:22 Hello72: aieee! yet another layer in security :) 2021-04-21 16:13:35 anyway, that would lead me to assume the function is a thin wrapper around the syscall 2021-04-21 16:14:19 so it would pass all the args 2021-04-21 16:14:28 ericonr: I agree. I will adapt the wrapper to just pass the args as is. 2021-04-21 16:17:48 :) 2021-04-21 16:18:24 Let's see if I can get sound on firefox with super low latency without cracking noises now. If I do, I'm pretty sure rtkit works as expected. 2021-04-21 16:28:09 Cool: Sound is working fine in online videos in firefox with default pipewire config while maxing out all cores compiling. (Previously, it was stuttering without increasing latency for me even without other load on the system.) 2021-04-21 16:30:41 ACTION < https://matrix.org/_matrix/media/r0/download/matrix.org/aJkDxeqseYIlQKjuVTydFDhp/message.txt > 2021-04-21 16:32:22 Just the nice level part (with also previously worked) did already help quit a bit, though. 2021-04-21 16:33:25 (Btw: Does the pasting of the log messages is reasonably disabled in IRQ? I have no idea how the matrix <--> IRQ bridge handles this.) 2021-04-21 16:34:18 it sends a link 2021-04-21 16:35:27 maribu[m]: IRC, I was surprised by IRQ 2021-04-21 16:36:17 @mps: :-D 2021-04-21 20:35:34 There's a problem in Java on s390x: https://gitlab.alpinelinux.org/Thermi/aports/-/jobs/376680#L13319 2021-04-21 20:35:34 Known? 2021-04-21 20:35:43 > # SIGFPE (0x8) at pc=0x000003ffaa4da612 (sent by kill), pid=4014, tid=4036 2021-04-21 20:36:31 Known. 2021-04-21 20:36:34 !12275 2021-04-21 20:36:43 #12275 ? 2021-04-21 20:36:46 There. 2021-04-21 20:41:32 :D 2021-04-21 20:42:13 Cheap fun. 2021-04-21 20:50:38 @ncopa Please let me know your thoughts: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20664#note_153486 2021-04-21 20:57:39 I kind of hate that I always step into such issues like the one with s390x 2021-04-21 21:03:52 Thermi: I just wonder if setting proxy settings (even if they are different for maven) is the responsibility of the user? 2021-04-21 21:14:26 ikke: I don't understand that question. If the user sets a proxy in the environment, he/she/it surely wants it to be used for building packages, too?! 2021-04-21 21:14:57 If he/she/it doesn't want that, then he variables surely wouldn't be set, at the very least not for the invocation of abuild? 2021-04-21 21:15:05 sure, but is it abuilds responsibility to account for differences? 2021-04-21 21:15:55 The alternative is that the user needs to investigate any failure to use the proxy when it's encountered and manually adjust the environment at a maximum of X times for X packages, even if the problem is known upstream 2021-04-21 21:16:12 At the very least it'd be very convenient to have that problem taken care off for any user 2021-04-21 21:16:17 (and at least for maven) 2021-04-21 21:16:45 If they would build manually with maven, they would run in the same issue 2021-04-21 21:17:22 Yes, but people don't build packges for fun but to use the software. 2021-04-21 21:17:26 Thermi: in fact, if they would run maven manually to test things, it would not work 2021-04-21 21:17:58 would be strange if building with abuild magically works, but not without it 2021-04-21 21:18:08 So generally, you want stuff to work at a maximum of times it would work without intervention by any of the bguild tools? 2021-04-21 21:18:48 That will result in any user trying to build any package that has a build system with such works to ... 1) Investigate the issue by him/her/itself 2) fix it by him/her/itself 2021-04-21 21:18:54 And that TBH just sucks. 2021-04-21 21:19:06 Because then the effort is duplicated X*N times 2021-04-21 21:19:26 (X := number of distinct build systems with such issues; N := number of users) 2021-04-21 21:20:04 I think it is reasonable to fix it in abuild, but print a message on stdout or stderr that says that this is done 2021-04-21 21:20:37 or just warn 2021-04-21 21:20:48 E.g. "Detected maven in maedepends. Fixing up envs MAVEN_OPTS[...]" 2021-04-21 21:20:51 maven is broken, make sure to set these proxy settings to make it less broken 2021-04-21 21:21:12 If we just warn then it's again an effort being duplicated X*N times. 2021-04-21 21:21:35 Yes, but it's explicit 2021-04-21 21:21:47 And what does that get us? 2021-04-21 21:21:56 and abuild does not need to know how maven sets proxy settings 2021-04-21 21:22:02 How does that help anyone? 2021-04-21 21:22:55 If it's not fixed up in abuild, the code to fix the proxy settings needs to be included in every APKBUILD, or set by each user after the proxy is set so the environment envs for maven are fixed up before maven is invoked 2021-04-21 21:24:00 We can make an effort to get maven devs to fix this in maven itself. Until then, the best solution is to just fix it in abuild. That way there's no duplication, usability is improved. 2021-04-21 21:24:23 The point of computers is to reduce effort. I think having abuild deal with this for the time being is going exactly into that direction. 2021-04-21 21:24:45 good luck trying to get CCupstream to do *anything* 2021-04-21 21:25:03 Pfff. Then we can just patch it in aports. 2021-04-21 21:25:35 usually, that's the approach distro maintainers take, yes 2021-04-21 21:26:00 (I have my own opinion on distro maintainers ususally patching stuff, but I'll hold my tongue now) 2021-04-21 21:26:03 patching it would make more sense then to add the logic to abuild 2021-04-21 21:26:22 The latter is the smallest effort to improve the situation for all users right now. 2021-04-21 21:26:45 Thermi: well, either we patch is, they patch it, or we ignore it. if option 2 isn't going to happen, then what do you prospose? 2021-04-21 21:26:49 Thermi: I have a feeling that people who use proxies and maven already know about it 2021-04-21 21:27:23 ikke: The ones that do that _right now_ *probably* already know it. And then there is the unknown amount of people that will encounter this problem in the future. 2021-04-21 21:27:44 I really, REALLY don't want to have to improve my understanding of java to patch this. 2021-04-21 21:29:14 building good software is also a matter of setting good boundaries, and I feel that network settings our out of scope for abuild 2021-04-21 21:29:17 c705: Like I wrote, fix it in abuild until it's patched in maven. Then we can remove the fix in abuild. 2021-04-21 21:29:44 then people with old versions of maven ask it to restore it 2021-04-21 21:29:52 Why would they? 2021-04-21 21:29:55 because they've come to rely on it 2021-04-21 21:29:59 How? 2021-04-21 21:30:05 Seperate proxies for maven and other software? 2021-04-21 21:30:12 No proxy for using maven? 2021-04-21 21:31:39 Rely on maven not using a configured proxy? 2021-04-21 21:31:58 rely on abuild setting correct proxy settings 2021-04-21 21:32:00 Or rely on maven using a different proxy than the one set in http_proxy and other "normal" vars for setting http proxies? 2021-04-21 21:32:15 Ah, you mean if we theoretically fixed this up in abuild? 2021-04-21 21:32:20 yes 2021-04-21 21:32:33 https://xkcd.com/1172/ 2021-04-21 21:32:34 https://xkcd.com/1172 | Workflow | Alt-text: There are probably children out there holding down spacebar to stay warm in the winter! YOUR UPDATE MURDERS CHILDREN. 2021-04-21 21:32:34 I understood it as rely on how it is right now (no fix up in abuild) 2021-04-21 21:33:04 Also, I doubt that when have the hack in abuild it'd ever get removed 2021-04-21 21:33:33 I still think that since the builders don't need it'd be fine to just ignore this 2021-04-21 21:33:40 ikke: That xkcd is absurd, but I see your point. 2021-04-21 21:33:52 It's not going to get tested by us anyway so it's just a matter of time until it breaks 2021-04-21 21:34:30 The proposed code in abuild just sets up maven env vars (adds -Dopt=val for proxy settings). It translates the stuff in http_proxy and no_proxy, and ..., to maven opts. 2021-04-21 21:35:57 Thermi: the absurdity is ofcourse part of the humor of the xkcd 2021-04-21 21:36:24 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20664/diffs#6c0f4f6b244560a13f17c5fdf7bdbc261645af88_0_25 2021-04-21 21:36:40 That's the code in question. 2021-04-21 21:36:53 It jsut sets MAVEN_OPTs and JAVA_TOOL_OPTIONS. 2021-04-21 21:36:55 *just sets 2021-04-21 21:37:10 3333https://www.hyrumslaw.com/ 2021-04-21 21:37:12 We can of course make it append the settings to the current values 2021-04-21 21:37:46 maybe a separate maven helper :) 2021-04-21 21:37:58 ofcourse that still means that it would need to be fixed for each aport 2021-04-21 21:38:00 Does something like that already exist for something different? 2021-04-21 21:38:09 Fixing it for every aport sucks. 2021-04-21 21:38:16 *every pertained 2021-04-21 21:38:38 It already sucks for the three packages for jitsi. 2021-04-21 21:38:58 I guess because you use a proxy 2021-04-21 21:39:18 I agree with Cogitri on this one 2021-04-21 21:39:19 My employer uses a proxy. I just am the poor dude tasked with moving that into aports. 2021-04-21 21:39:21 abuild-meson exists 2021-04-21 21:39:47 as a separate helper 2021-04-21 21:39:52 If we really have to include this, I'd day make an abuild-maven that takes care of it instead od making abuild do iy 2021-04-21 21:40:03 ikke: Good thinking 2021-04-21 21:41:42 even in a sepaarate helper it won't get tested by us as we are not using this feature, causing it to break eventually 2021-04-21 21:41:58 There are currently 4 packages using maven in aports 2021-04-21 21:42:16 Not many users are pertained by this. 2021-04-21 21:42:33 yes, all the more reason not to put it in abuild 2021-04-21 21:42:33 commons-daemon, java-jansi-native, java-postgresql-jdbx and clojure 2021-04-21 21:42:49 the usecase if very limited 2021-04-21 21:43:13 my feeling is that the numbers are too low for it to make sense 2021-04-21 21:43:21 +1 2021-04-21 21:43:48 The use case is anybody building any package using maven at any time, in an environment that requires the usage of an explicite proxy. 2021-04-21 21:44:17 then they run into it, google how to set proxy settings for maven, fix it, and be done with it 2021-04-21 21:44:26 Done N times. 2021-04-21 21:44:40 yes, but my feeling is that N is low 2021-04-21 21:45:43 it's impossible to quantify it 2021-04-21 21:46:38 https://stackoverflow.com/questions/1251192/how-do-i-use-maven-through-a-proxy 2021-04-21 21:47:56 https://github.com/eirslett/frontend-maven-plugin/issues/323 2021-04-21 21:48:22 And those users wouldn't use abuild nor our helper 2021-04-21 21:48:51 So really, if you want to lessen the amount of people running into it, it'd have to be fixed upstream instead of us working around it 2021-04-21 21:49:51 Okay. We'll discuss it. 2021-04-21 22:42:40 We discussed it. We'll fix it locally using a script in profile.d. 2021-04-21 22:42:50 And maybe report it upstream. 2021-04-22 00:53:28 I'm trying to learn how to build packages. I've gotten the build of a "hello, world" program to work but abuild tries to sign the package, it says it can't read my key file. 2021-04-22 00:53:45 https://pastebin.com/Dk5sErcb 2021-04-22 00:56:59 It looks like it's prepending a colon to the path of my signing key's path? Not sure how that's getting there. 2021-04-22 01:22:36 thycoticent: Look inside ~/.abuild/abuild.conf 2021-04-22 01:23:23 That was it, tomleb! Thanks. 2021-04-22 03:28:24 Is it possible to get abuild to stop saying "Packages must not put anything under /srv, /usr/local or /opt" ? 2021-04-22 03:32:07 don't let packages install files there? 2021-04-22 03:33:07 I'm trying to pack up a proprietary binary for my company to use internally. The programs are installed to /opt/ and expect all their files to be there. 2021-04-22 03:33:48 Was kinda hoping I could override it somehow so the developers can just apk add this package I built. 2021-04-22 03:34:16 add `options="!fhs"` 2021-04-22 03:35:35 to the APKBUILD 2021-04-22 03:36:07 Perfect. Thanks, maxice8! 2021-04-22 08:02:37 good morning 2021-04-22 08:09:06 hi 2021-04-22 08:13:28 Morning 2021-04-22 08:16:27 hello ^^ 2021-04-22 08:32:40 Ariadne: Thanks again for s.a.o, fixed (almost) all of the pending CVEs for the packages I maintain now :) 2021-04-22 08:32:59 https://security.alpinelinux.org/srcpkg/gnome-autoar <- That seems odd though? It displays CVE-2021-28650 as both resolved and unresolved 2021-04-22 08:33:30 cuantic bug :P 2021-04-22 08:36:57 I installed and started utmps, have an empty file on /var/run/utmp but firejail complains "Warning: cannot find /var/run/utmp" 2021-04-22 08:51:40 Gm 2021-04-22 09:01:41 @Cogitri might be because of the older version which is listed as well? Idk 2021-04-22 09:38:23 donoban: /var/run/utmp is not used with utmps, openrc mistakenly creates it because it encodes policy (obviously), minimal has patches to fix it 2021-04-22 09:38:57 and I don't know how firejail works but it may have a setting for utmp which would need to be adjusted 2021-04-22 09:41:07 uhM thanks skarnet , if some app is designed to work with utmp should work also with utmps? 2021-04-22 09:41:32 after properly adjustment :) 2021-04-22 09:41:35 if the app has been written correctly, yes 2021-04-22 09:42:11 unfortunately utmp is very much underspecified and people rarely fill in the blanks with correct behaviours and policies 2021-04-22 09:42:17 ok i will take a look on firejail internals, at least I see lot of things fixed betwen alpine 3.13 and edge 2021-04-22 09:42:35 I thought that trying to fix them before upgrading to edge was a waste of time 2021-04-22 09:42:36 so you have lots of wild assumptions running around, such as the place where the utmp file lives (which apps should *never* access directly) 2021-04-22 09:43:20 uhM, they should use some kernel syscall or service? 2021-04-22 09:43:37 any work to fix utmp support in apps is appreciated :) but sync up with minimal, who's centralizing all that info 2021-04-22 09:43:51 honestly I don't have idea about utmp/s, probably should read something before disturb you :) 2021-04-22 09:43:57 apps should only use the getutx* and pututxline() functions 2021-04-22 09:44:12 which make no mention of where the actual utmp db is 2021-04-22 09:44:30 anything else is a glibc extension and cannot be made to work in a secure way 2021-04-22 09:45:13 the only underspecified thing that apps have a legit reason to know is the location of the wtmp file, and it's in order to *read* it, not write it 2021-04-22 09:45:21 so if firejail says: "Warning: cannot find /var/run/utmp", looks bad 2021-04-22 09:45:44 yeah, they assume something 2021-04-22 09:46:04 ok 2021-04-22 09:58:08 Cogitri: it is because the old version does not get marked as "unpublished" 2021-04-22 09:59:01 Cogitri: also a CVE can be both in resolved/unresolved state if for example 3.12 isn't fixed 2021-04-22 10:00:02 Ahh, got it, that makes sense :) 2021-04-22 10:01:32 i'm going to improve the display of CVEs to make it more obvious 2021-04-22 10:01:53 Ariadne: having also report for edge won't be useful? 2021-04-22 10:02:16 donoban: we do not presently build a security database for edge, so the system cannot track anything 2021-04-22 10:02:24 once edge has a security database, it will be enabled 2021-04-22 10:02:25 :) 2021-04-22 10:02:31 ah ok, great :) 2021-04-22 10:02:34 all of that is config work :) 2021-04-22 10:03:59 anyway, secfixes-tracker 0.3 has improved heuristics 2021-04-22 10:04:07 so false positives should be substantially reduced 2021-04-22 10:36:55 firejail depends on dbus, why? 2021-04-22 10:41:17 it has dbus filtering options 2021-04-22 10:41:50 you can disable dbus for a process or limit its domain for talk/listen/own 2021-04-22 10:41:55 is it needed on systems without dbus installed? 2021-04-22 10:42:17 uhM, I don't think it needs it for run 2021-04-22 10:42:51 but I should check to confirm, probably it assumes that there is dbus is running in some cases 2021-04-22 10:43:02 we should remove dbus from depends in firejail 2021-04-22 10:43:22 I had some problems because it doesn't found dbus session socket 2021-04-22 10:43:34 but if you run same process with --noprofile it worked fine 2021-04-22 10:44:30 actually I built it locally without dbus and use it 2021-04-22 10:45:13 :) 2021-04-22 10:48:30 I build too much pkgs locally, maybe I could fork alpine :) 2021-04-22 10:52:14 hehe, well, your fork of aports is like an alpine fork 2021-04-22 10:53:11 why don't you use dbus? just trying to be mininal? 2021-04-22 10:53:30 no, I just have too much branches for particular pkgs 2021-04-22 10:53:37 because dbus is a fdo PoS, that's why 2021-04-22 10:54:18 simply, I don't need dbus 2021-04-22 10:54:38 and e/udev, btw 2021-04-22 10:54:45 hMm.., fdo Point Of Sale? :\ 2021-04-22 10:54:54 piece of shit. 2021-04-22 10:54:58 ahh 2021-04-22 10:55:02 :D 2021-04-22 10:55:25 hehe 2021-04-22 10:58:37 donoban: to clarify, I'm not against all these dbus,udev,pulseaudio,pipewire,... but these should be optional for people who want to use them and not installed by default 2021-04-22 10:59:39 Having recently added a package to aports/testing, what is the process to make it into community? 2021-04-22 11:00:02 tomleb: verify that it works, make a merge request that moves it 2021-04-22 11:00:21 And make sure everything it depends on is also in community 2021-04-22 11:00:30 yes I understand, I'm currently using KDE, some days ago I changed my wifi and thought about installing network-manager but reconfigured it using setup-interfaces and yeah, I don't feel that I need a network manager 2021-04-22 11:01:39 Ok 2021-04-22 11:01:46 donoban: you know for iwd and iwgtk? 2021-04-22 11:02:06 uhM no I don't 2021-04-22 11:02:24 hehe, apk info iwd 2021-04-22 11:02:47 I saw that wicd is unmaintained, I used it long time ago :D 2021-04-22 11:02:55 though, it depends on dbus, lol 2021-04-22 11:03:34 and guess who is maintainer, rofl 2021-04-22 11:03:57 iwd is a replacement for wpa_supplicant? 2021-04-22 11:04:34 iwd is NG wifi daemon 2021-04-22 11:05:42 it have dhcp client in it, FILS implementation and more 2021-04-22 11:06:16 But you use it without dbus? 2021-04-22 11:06:20 How 2021-04-22 11:06:26 exception: no 2021-04-22 11:06:54 O 2021-04-22 11:07:03 but I'm just testing version without dbus, and will add it to alpine in few days 2021-04-22 11:07:11 What is the policy for naming font packages? Should they be prefixed with ttf-? 2021-04-22 11:08:50 PureTryOut[m]2: that is right question, which I ask myself. I 'feel' font-... is best naming scheme but not sure 2021-04-22 11:09:16 Hmm both ttf- and font- are used a lot it seems 2021-04-22 11:09:28 Well, majority font- 2021-04-22 11:09:31 I guess I'll go for that then 2021-04-22 11:10:02 I agree :) 2021-04-22 11:54:48 donoban: wicd is very obsolete 2021-04-22 11:54:57 same with wireless-tools (which we should remove from setup-interfaces) 2021-04-22 11:58:40 Hello72: wireless-tools is still used by ifupdown-ng to connect to non-WPA networks 2021-04-22 12:05:58 hehe I only felt a little nostalgic about wicd 2021-04-22 12:21:23 Hi, is the server busy or i did something wrong in APKBUILD, arch64 is so there for the package 2021-04-22 12:21:23 https://pkgs.alpinelinux.org/packages?name=paperde&branch=edge 2021-04-22 12:25:47 Just wait, it takes a bit sometimes for the packages to appear on pkgs.a.o and in the repos 2021-04-22 12:26:33 heh, some people thinks that alpine devs only work for them ;> 2021-04-22 12:27:50 You don't ?! 2021-04-22 12:30:35 Ariadne: :| 2021-04-22 12:30:53 is there any reason to use it over iw? 2021-04-22 12:31:27 probably not 2021-04-22 12:32:02 then we can probably also remove wext from kernel, which i think some distros have already done? 2021-04-22 12:32:13 at some point ys 2021-04-22 12:32:31 i'll look into switching ifupdown-ng 2021-04-22 12:32:36 maybe we can do it in 3.15 2021-04-22 12:51:15 What's the timeline for 3.14? 2021-04-22 12:51:21 Can I still fit LLVM12 in? :) 2021-04-22 12:55:25 Milestone says something like 14 may or something like it 2021-04-22 13:20:23 Cogitri: we are already in soft freeze 2021-04-22 13:20:41 thats why i have been focusing on security.a.o 2021-04-22 13:48:27 donoban: yes as skarnet said I'm working on package utmps-enablement. Haven't looked at firejail yet so not sure whether a simple rebuild to enable utmps support is all that is needed or whether any patching is needed. 2021-04-22 14:06:33 Ariadne: Alrighty then 2021-04-22 14:07:59 Ariadne: what does soft freeze mean in this case? 2021-04-22 14:08:50 PureTryOut[m]2: think very carefully about pushing big stuff 2021-04-22 14:09:08 PureTryOut[m]2: if it can wait until after 3.14 release, at this point, it is better to wait 2021-04-22 14:09:20 And when is 3.14 due? 2021-04-22 14:09:27 in may :) 2021-04-22 14:09:38 alpineconf 2021 is basically "alpine 3.14 release party" 2021-04-22 14:09:38 :) 2021-04-22 14:09:39 Oh that's quick damn, thanks 2021-04-22 14:24:31 Cogitri: how risky is LLVM12? 2021-04-22 14:34:29 KDE Gear 21.04 got released today which I still want in really if CI goes green 2021-04-22 14:35:09 Ariadne: Not sure really, haven't really looked at it much other than the release notes yet 2021-04-22 14:51:13 minimal: ok 2021-04-22 14:51:42 I use firejail for almost everything, I will try to investigate it 2021-04-22 14:52:17 donoban: isn't firejail a trashfire security-wise? 2021-04-22 14:53:53 uhM, I like the concept 2021-04-22 14:55:36 what jvoisin said 2021-04-22 14:55:40 don't use firejail 2021-04-22 14:55:42 it's garbage 2021-04-22 14:55:47 we should honestly rm it from alpine 2021-04-22 14:55:48 :D 2021-04-22 14:55:54 donoban: as firejail is using namespace and seccomp then that could be affecting its ability to access /var/run/utmp but as skarnet mentioned that file isn't actually used - firejail would need to be rebuilt to use the correct on that utmps manages 2021-04-22 14:57:14 Ariadne jvoisin and do you like some app isolation alternive or just run them? 2021-04-22 14:57:31 its called lxc 2021-04-22 14:57:37 ^ 2021-04-22 14:58:50 uhM, lxc containers? I should try them but I don't hope that graphics/sound are easily handled 2021-04-22 14:59:56 lxc: https://linuxcontainers.org/ 2021-04-22 15:00:12 https://linuxcontainers.org/lxc/introduction/ even 2021-04-22 15:02:54 ok I will try it 2021-04-22 15:04:40 Ariadne: I agree with removing firejail from Alpine. It's useless at best, often harmful 2021-04-22 15:06:12 i thought the main problem with firejail is it's basically free privilege escalation for anyone who can run it (which is everybody by default) 2021-04-22 15:06:37 but other than that, how did you enjoy the play 2021-04-22 15:06:49 you need to enable it for custom users 2021-04-22 15:07:36 it has a /etc/firejail/firejail.users 2021-04-22 15:08:06 https://github.com/netblue30/firejail/commit/fb9f2a5fb3ac1ebbb14302ecdf3c840b70b090da#diff-49473dca262eeab3b4a43002adb08b4db31020d190caaad1594b47f1d5daa810 <-- their vuln "fix" for overlayfs kinda bothered me :/ 2021-04-22 15:08:19 I'm agree that it can be a risk for systems with many local users 2021-04-22 15:09:38 donoban: yes but by default this file does not exist (at least upstream), so everybody can use 2021-04-22 15:11:27 hM, I don't know 2021-04-22 15:11:34 I'm gonna try removing it 2021-04-22 15:12:51 yep it has that behaviour, maybe it should created by default 2021-04-22 15:13:20 but well the common usage is run sudo firecfg after install, wich creates it 2021-04-22 15:18:41 ericonr: well it's just disabled until properly fixed :\ safe solution :D 2021-04-22 15:19:03 the safe solution is to rm firejail 2021-04-22 15:19:08 but people keep bringing it back 2021-04-22 15:19:10 :p 2021-04-22 15:19:36 replace it with an empty script 2021-04-22 15:19:38 "firejail" sounds kinda secure... and it actually gains privileges? 2021-04-22 15:19:57 just for using such a name and gaining privileges it should go to trash jail 2021-04-22 15:19:58 but the privilege gain is from the local user 2021-04-22 15:20:07 do I look like I care 2021-04-22 15:20:16 not for the app you are running "firejailed" 2021-04-22 15:20:31 at least with other cve's not sure with this overlayfs bug 2021-04-22 15:20:42 yeah well that would be a very, very low bar to clear now wouldn'tit 2021-04-22 15:20:58 "ohey I made a container that doesn't give root to the contained app!" 2021-04-22 15:21:06 applause please 2021-04-22 15:23:53 it needs privileges to set up the sandbox around the program 2021-04-22 15:24:21 for that matter, bwrap on some distros is suid as well 2021-04-22 15:24:30 well 2021-04-22 15:24:40 those programs should run as daemons started by root and have a client-server model 2021-04-22 15:24:49 no suid required 2021-04-22 15:24:51 I know that there are better isolation alterantives, firejail is just very easy to use 2021-04-22 15:25:05 oh, undoubtedly 2021-04-22 15:25:12 that's just an argument against the sudo model 2021-04-22 15:25:29 i actually don't know of any firejail vulnerabilities specifically related to suid 2021-04-22 15:25:30 the passwordless sudo hehe 2021-04-22 15:25:33 yes, yes it is 2021-04-22 15:25:42 bwrap doesn't have a horrible history of trivial privesc 2021-04-22 15:26:09 the problem is that firejail offers too much unchecked functionality, which it could do just as well (poorly) as a daemon 2021-04-22 15:26:14 uhM, I think that they imply privlege scalation due the suid 2021-04-22 15:30:34 all i am hearing here is git rm */firejail/* 2021-04-22 15:30:37 :) 2021-04-22 15:31:16 haha there are also some comments about firejail and utmps ;) 2021-04-22 15:31:27 skarnet: what would be great is if we had capsicum in alpine 2021-04-22 15:31:52 skarnet: then we could have a daemon which hands out permissions (as sealed capability descriptors passed via SCM_RIGHTS) as a client-server model 2021-04-22 15:33:20 maybe 2021-04-22 15:34:07 I'm still of the opinion that capabilities and similar initiatives have a lesser bang for the buck than just using the unix basic permissions the right way 2021-04-22 15:35:16 like suid? :p 2021-04-22 15:35:27 "the right way to use suid is not to" 2021-04-22 15:35:37 exactly 2021-04-22 15:36:00 isn't it awesome when you try to gotcha me and realize we were in agreement all along? 2021-04-22 15:36:16 capabilities suck because CAP_SYS_ADMIN was overloaded :/ 2021-04-22 15:36:23 that as well 2021-04-22 15:38:06 yes, firejail is not serious solution to security 2021-04-22 15:38:54 I used it about 4-5 years ago on debian a little for firefox but removed after few days 2021-04-22 15:39:10 qemu is solution 2021-04-22 15:39:29 ah yes, the legendary minimalist and lightweight solution 2021-04-22 15:39:36 :D 2021-04-22 15:39:40 Qubes OS 2021-04-22 15:40:14 but for 'simple' isolation I use lxc 2021-04-22 15:54:35 aiee, looks like firefox finally doesn't crash on armv7 2021-04-22 16:24:12 wow yeah looks like i can now view the local weather forecast that uses javascript with firefox 2021-04-22 16:51:14 tmlind: nice to hear 2021-04-22 17:05:18 \o latest edge dnsmasq doesn't print its version with `dnsmasq --version`, which breaks lxd bringing its network up 2021-04-22 17:05:42 this should probably be added to the check() function (just `dnsmasq --version | grep -q "$pkgver"` should do, I think) 2021-04-22 17:11:01 hah, yes 2021-04-22 17:11:11 interesting 2021-04-22 17:12:09 I built it plainly with my scuffed metabuild system from HEAD and didn't have any such issues, so it's probably a patch or something similar breaking it 2021-04-22 17:16:53 hmm, don't see fix on https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary 2021-04-22 17:21:02 let me see if building the tag does anything 2021-04-22 17:22:29 building the tag itself also works as expected, so it's definitely something in the APKBUILD or a patch or something like that that's misbehaving 2021-04-22 17:24:53 bld/get-version 2021-04-22 17:26:25 unknown sort type 2021-04-22 17:27:13 aha, that'd do it 2021-04-22 17:27:28 I build from git, and it uses git logic in those scenarios, so that also explains it 2021-04-22 17:27:34 it needs coreutils in makedepends to 'find' version 2021-04-22 17:28:29 or patching bld/get-version to fix sort 2021-04-22 17:28:42 makes sense, yeah 2021-04-22 17:29:01 coreutils is easier ;) 2021-04-22 17:29:49 will fix it later in evening, thanks for report 2021-04-22 17:29:57 ^^ nw \o 2021-04-22 17:30:35 btw, nice to see you again 2021-04-22 17:30:46 thanks :) 2021-04-22 17:31:06 I'm not really around per se, work and so on and so forth, but if I find something in edge that isn't in a release, it's usually best if I at least make sure people are aware, eh 2021-04-22 17:31:50 yes 2021-04-22 17:32:41 Ariadne: does the new cve tracking system pick up when the latest lts kernel is avaliable from upstream? 2021-04-22 17:33:00 c705: no 2021-04-22 17:33:46 c705: it only tracks CVEs 2021-04-22 17:34:05 c705: and we are still associating upstream CPE matches with our own source package names 2021-04-22 17:34:29 do you think it would be a good idea to have something like that in place? linux-lts-5.10.29-r0 is the latest avaliable under 3.13x but upstream is shipping .32 2021-04-22 17:35:25 no, i don't 2021-04-22 17:35:38 releases are releases 2021-04-22 17:35:38 why? 2021-04-22 17:35:44 we will update the kernel when we update the kernel 2021-04-22 17:36:18 but .29 is old. it doesn't get security fixes 2021-04-22 17:36:31 yes 2021-04-22 17:37:06 and when we do 3.13.x update we bump the kernel to latest version at that tim 2021-04-22 17:37:08 e 2021-04-22 17:38:00 but how often does that happen? doesn't the kernel remain susceptable during that time when upstream ships a new version and we decide we're going to update 3.13 2021-04-22 17:38:29 if there is a CVE in linux 2021-04-22 17:38:33 then we would update it 2021-04-22 17:39:08 and the new cve tracker would catch that I imagine? 2021-04-22 17:40:16 ideally, yes 2021-04-22 17:40:39 however, i suspect a CPE rewrite rule will be needed to match it up 2021-04-22 17:41:07 if you are aware of a recent linux CVE, i can check to see 2021-04-22 17:41:09 :) 2021-04-22 17:41:11 okay, thanks for the info 2021-04-22 17:41:44 i am not, but I have often seen a vulnerable kernel shipped with lts alpine, last I remember was during the sudo fiasco last year 2021-04-22 17:42:04 I had to push hard to get that patched, but I understand now if I have a cve it will be easier to do 2021-04-22 17:43:36 Ariadne: you can actually check CVE-2021-29155. not sure if that affects 5.10.x 2021-04-22 17:43:51 you can check it too 2021-04-22 17:43:58 https://security.alpinelinux.org/vuln/ CVE-2021-29155 2021-04-22 17:44:00 er 2021-04-22 17:44:02 https://security.alpinelinux.org/vuln/CVE-2021-29155 2021-04-22 17:44:28 answer: no match rules 2021-04-22 17:44:29 :( 2021-04-22 17:45:38 no CPE data at all 2021-04-22 17:45:40 wow 2021-04-22 17:45:49 good work US government 2021-04-22 17:46:57 I think this is fixed in linux-edge 5.11.16 ;) 2021-04-22 17:47:04 no secfixes data at all for this CVE 2021-04-22 17:47:06 er 2021-04-22 17:47:08 for linux-lts 2021-04-22 17:47:15 yeah, right, that makes sense 2021-04-22 17:47:19 so i dont think any scanner is triggering 2021-04-22 17:47:29 on linux-lts 2021-04-22 17:47:31 hmmph 2021-04-22 17:47:38 you can do umm 2021-04-22 17:47:48 curl 'https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-2021-29155' | jq 2021-04-22 17:48:15 yeah, i was using that as an example, but it doesn't affect 5.10.x 2021-04-22 17:48:41 if you do 2021-04-22 17:48:44 curl 'https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-2021-29155' | jq .result.CVE_Items[0].configurations.nodes[0] 2021-04-22 17:48:48 I don't see anything recent, but if something severe comes through, I'll check. i keep an eye on oss-security 2021-04-22 17:48:48 given some CVE 2021-04-22 17:48:58 it will output the CPE rules 2021-04-22 17:49:11 we consume those CPE rules and map them to alpine source package names (APKBUILDs) 2021-04-22 17:49:49 but that CVE has no CPE rules 2021-04-22 17:50:17 so we will have to check kernel CVEs until we find a CPE match rule 2021-04-22 17:50:25 then we can set up the mapping 2021-04-22 17:51:30 hope that explains it :) 2021-04-22 17:51:45 yeah, much better than what was there before (nothing). appreciate the efforts 2021-04-22 18:27:06 hi, in order for wifi to work on the pi4 linux-firmware-cypress needs to be installed, can anyone look at this merge request? 2021-04-22 18:27:08 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20738 2021-04-22 18:29:58 i left a review 2021-04-22 18:32:34 apk add linux-firmware-cypress? 2021-04-22 18:34:15 what if someone doesn't like to use wifi? 2021-04-22 18:35:51 i guess we should remove linux-firmware-brcm dependency from the kernel then 2021-04-22 18:36:39 probably 2021-04-22 18:37:25 SpaceToast: pushed fix for dnsmasq, hope it will be on mirrors in 15-30 minutes 2021-04-22 18:37:46 I'll try to remember to check then, if you don't hear from me it's because I forgot 2021-04-22 18:38:00 :) 2021-04-22 18:55:47 mps: looks good from what I'm seeing 2021-04-22 19:02:49 SpaceToast: thanks for testing and confirm 2021-04-22 20:01:39 Why always `exit 0` in post- and pre- scripts? 2021-04-22 20:02:39 don't exit 0 if you encounter a sufficiently serious error that you want to fail the package installation 2021-04-22 20:03:15 I suppose most nonzero exit codes in those scripts aren't that fatal. :) 2021-04-22 21:39:33 <[[sroracle]]> regarding bwrap, it doesn't need suid on alpine last i checked because alpine allows unprivileged users to create new user namespaces. would be nice to migrate towards removing the suid bit on it 2021-04-22 21:39:47 <[[sroracle]]> (which i have been using that way on Adélie for months now, including building software inside it :) 2021-04-22 23:21:11 I think it already is 2021-04-22 23:50:48 <[[sroracle]]> ah, you switched it over in december :) thank you for that 2021-04-22 23:53:43 <[[sroracle]]> maxice8: i think options=suid should be removed in that case so that it doesn't sneak back in 2021-04-23 00:47:42 nice catch 2021-04-23 00:49:17 take the opportunity and see if tests can be enabled too 2021-04-23 05:19:37 Can anyone see why this package's arch64 is missing 2021-04-23 05:19:37 https://pkgs.alpinelinux.org/packages?name=paperde&branch=edge 2021-04-23 05:23:05 aarch64 builder is hanging on openjdk 2021-04-23 05:27:20 any idea when it will be free? 2021-04-23 08:18:13 Ariadne: Since you know the berkeley-db situation better: Mind commenting on https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/8569#note_154036 ? 2021-04-23 08:50:40 it's banned, there is no room for debate 2021-04-23 08:52:35 Yes, it's banned, but I wasn't sure what's the reason for it 2021-04-23 08:52:53 They mentioned that upstream doesn't see the problem with using berkeley and as such won't swith away from it 2021-04-23 08:55:28 why do we need to package AGPL web apps? 2021-04-23 08:57:02 but sure, Thermi is right that AGPL is compatible with AGPL 2021-04-23 09:00:19 Cogitri: the talking point is likely something like "distros are deprecating and *removing* bsddb" 2021-04-23 09:14:22 Right, but why are they removing it? 2021-04-23 09:20:31 Does anybody know how to search where "XTestGrabControl" is included? I thought it was on /usr/lib/libXtst.so but still complaining about undefined symbol 2021-04-23 09:20:58 Cogitri: because AGPL for a *library* is insane 2021-04-23 09:28:03 it seems there: 00000000000044ea T XTestGrabControl 2021-04-23 09:34:12 are the -l flags in the right order? 2021-04-23 09:34:32 uhM, I don't know 2021-04-23 09:34:58 I tpaste the link command 2021-04-23 09:35:02 I can* 2021-04-23 09:36:12 https://tpaste.us/g6r5 2021-04-23 09:37:17 it seems that puts libxtst.so between .a files without any -l flag 2021-04-23 09:38:17 but there are others .so files 2021-04-23 09:38:34 I don't know exactly how to tell cmake to add it 2021-04-23 09:38:55 libtg_owt.so is not linked against libXtst 2021-04-23 09:39:01 thats your problem 2021-04-23 09:39:22 ah, so I need to add id and rebuild tg_owt? 2021-04-23 09:39:33 yes 2021-04-23 09:39:40 ok, thanks Ariadne 2021-04-23 09:39:49 I hope it works finally :D 2021-04-23 09:47:08 [29/29] Linking CXX executable telegram-desktop , No errors! great 2021-04-23 09:47:50 (4/4) Upgrading telegram-desktop (2.4.11-r0 -> 2.7.1-r0) :D 2021-04-23 11:58:27 Cogitri: i havent started bootstrap the 3.14 builders yet, so i think it should be ok to squeeze in llvm12 2021-04-23 11:58:40 as i understand there was no big/dramatic changes there 2021-04-23 11:59:01 and it will probably help maintain the stable branch in the future 2021-04-23 12:01:08 Okay 👍️ 2021-04-23 12:05:15 Did anything recently happen with openrc on edge? init.d/networking disappeared 2021-04-23 12:05:43 Hmmm, you are the 2nd to face this 2021-04-23 12:07:21 Building a docker netbox with aports packages instead of everything with pip: 2 minutes build time instead of 20 2021-04-23 12:07:35 docker netbox image 2021-04-23 12:09:59 reinstalling the package is fine 2021-04-23 12:10:04 odd that it happened though 2021-04-23 12:10:15 Yes k 2021-04-23 13:38:25 https://gitlab.alpinelinux.org/alpine/aports/-/issues/12047 - Packages in community that link to OpenSSL and are GPL but have no exception 2021-04-23 13:38:37 pdns and pdns-recursor do have that exception, but apparently not in a place where you could spot it 2021-04-23 13:38:39 how can i help? 2021-04-23 13:38:41 (i'm with powerdns) 2021-04-23 13:45:47 just mak a note on the issuee 2021-04-23 13:46:47 that was just a list of packages to check based on SPDX data 2021-04-23 13:47:01 if you say there is an OpenSSL exception, you can add the OpenSSL SPDX tag to $license 2021-04-23 13:47:28 if you want to go that far anyway :) 2021-04-23 13:54:33 that sounds like it would enable automation 2021-04-23 13:56:46 it also looks like a bunch of work, so i'll make a ticket for ourselves and comment on the issue 2021-04-23 13:59:13 thanks Ariadne 2021-04-23 13:59:52 yes it seems that the powerdns way of doing the openssl exception is not already covered by SPDX 2021-04-23 14:00:24 i found one for openvpn though :) 2021-04-23 14:00:56 we just put a bunch of text in a lot of comments 2021-04-23 14:01:04 and in our debian/ dirs ;) 2021-04-23 14:04:10 there is text in NOTICE 2021-04-23 14:05:07 ah there it is 2021-04-23 14:05:13 'git grep -i openssl' on our tree was overwhelming so i missed it 2021-04-23 14:12:02 would it be frowned upon if in https://gitlab.alpinelinux.org/Habbie/aports/-/pipelines/79809 2021-04-23 14:12:22 i marked it WIP and re-enabled aarch64 just to have your Gitlab CI show me what's broken? 2021-04-23 14:14:45 No 2021-04-23 14:14:53 that's fine 2021-04-23 14:15:56 thanks 2021-04-23 14:26:56 by the way we love when upstream acts as package maintainer in alpine 2021-04-23 14:27:04 so, you know, feel free to claim maintainership of powerdns :p 2021-04-23 14:29:03 especially if upstream use alpine ;) 2021-04-23 14:30:04 well yeah :p 2021-04-23 14:31:12 hm, question: how to cut out newline character when reading line from file in ash? 2021-04-23 14:31:45 (use Perl, Luke :) ) 2021-04-23 14:37:30 only sed? 2021-04-23 14:37:34 `cat file` will chomp; read line will chomp as well 2021-04-23 14:38:09 Ariadne, i was just pondering (walking outside does that to a person) i should at least -notice- when you mark things broken :) 2021-04-23 14:38:23 :D 2021-04-23 14:38:24 mps, we don't use alpine a lot, sorry :) 2021-04-23 14:38:33 'cat with chomp'? where is chomp? 2021-04-23 14:38:41 mps: it's normally pretty rare that newlines are an annoyance in shell, if there's ONE thing that the shell gets more or less right, it's ease of working around newlines 2021-04-23 14:38:51 Ariadne, for debian we have a buildbot job that scans their 'about to be deleted' yaml, i think we should be including more distros 2021-04-23 14:38:54 no, the backticks will autochomp 2021-04-23 14:39:12 i.e. a = `cat file` -> the last newline isn't in $a 2021-04-23 14:39:24 besides 'open tickets' and 'marked broken in the APKBUILD', can you suggest any other places we could check automatically to see that our help might be welcome? 2021-04-23 14:39:44 skarnet: I did this but looks like I messed something 2021-04-23 14:40:04 if you have 2 newlines at the end you'll still have to deal with one :D 2021-04-23 14:40:19 Habbie: not sure :) 2021-04-23 14:40:43 skarnet: no, just one. probably messed something else. thanks for hint 2021-04-23 14:40:55 Habbie: officially we should make tickets and assign them to the maintainer 2021-04-23 14:41:57 ikke, right, but i see that hasn't happened for existing tickets and the current maintainer either :) 2021-04-23 14:42:05 Habbie: I was long time debian user and now I'm sorry for those who didn't swithed to alpine, yet :) 2021-04-23 14:42:23 Yes, that's something we should improve on 2021-04-23 14:42:24 should i have arch="all" or no arch line at all in my APKBUILD? 2021-04-23 14:42:32 Former 2021-04-23 14:42:35 ta 2021-04-23 14:45:06 skarnet: hah, yes. I messed something else in script. thanks again for hint 2021-04-23 14:45:24 np 2021-04-23 14:53:35 mm, gitlab search has RSS 2021-04-23 14:55:18 please be nice to our servers if you use that :p 2021-04-23 14:55:37 i'll trust evolution-rss to be nice :) 2021-04-23 14:57:26 default is 60 minutes 2021-04-23 14:57:34 there was a security company that was scraping our secfixes data by spidering the cgit 2021-04-23 14:57:36 :D 2021-04-23 14:58:00 hah 2021-04-23 15:03:07 got arm32 workstation with alpine edge fully working, 4GB ram, 8 cpus, 1920x1080 display, 16GB emmc. not bad :) 2021-04-23 15:05:00 hmm, Merge Request search does not have rss 2021-04-23 15:08:05 do you prefer a single squashed commit once I'm done? or does that depend on how many things I changed in an APKBUILD? 2021-04-23 15:11:39 Habbie: depends, if you make related and not big final change than squash 2021-04-23 15:11:58 mps, thanks, i'll use my usual judgment then 2021-04-23 15:12:30 heh, I wanted to say 'use common sense' :) 2021-04-23 15:12:47 fixes to earlier commits should be fixed up 2021-04-23 15:13:05 ACTION is known as kind person ;) 2021-04-23 15:13:09 ikke, of course, coherent story and all 2021-04-23 15:13:10 mps, haha 2021-04-23 15:17:19 find: unrecognized: -ls 2021-04-23 15:17:20 oh no 2021-04-23 15:19:23 ah, the APKBUILD i stole some code from installs findutils :) 2021-04-23 16:00:35 ikke: could you do me a favor and run `abuild snapshot` for !20656 ? 🥺 2021-04-23 16:05:10 done 2021-04-23 16:05:30 I think you should be able to get an account on dev.a.o so that you can do it yourself 2021-04-23 16:14:30 yeah that would be neat 2021-04-23 16:14:55 can you just extract my ssh key from my gitlab account or should I send it to you? 2021-04-23 16:15:02 thanks though for taking care of it 2021-04-23 17:40:44 Do you have a script for building X packages from aports while resolving interdependencies and ordering them correctly? 2021-04-23 17:41:05 e.g. I want to build B which depends on A, and I don't have A. So the script automatically builds A first 2021-04-23 17:41:29 ap builddirs (from aports-lua) 2021-04-23 17:41:34 thx 2021-04-23 17:41:52 that script only lists the order to build them in ftr 2021-04-23 17:42:15 was lua-aports 2021-04-23 17:42:28 oh, thanks, yes 2021-04-23 17:55:23 Hrmpf. No tool to just feed output into xargs abuild or something 2021-04-23 17:55:23 :( 2021-04-23 17:56:02 That's what we do for our CI 2021-04-23 17:56:08 or at least, something like that 2021-04-23 18:36:29 who is Leo and why are they pushing to my MR? :) https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20756 2021-04-23 18:38:49 Habbie: alpine developer, maxice8 here 2021-04-23 18:39:24 maxice8, hi! you pushed to my MR, a rebase i think? but you reverted part of my work :) 2021-04-23 18:39:34 Yes it was a rebase 2021-04-23 18:39:51 Apologies if it removed part of the work 2021-04-23 18:40:05 or perhaps i had not pushed that yet, that's also possible, i realise now 2021-04-23 18:40:17 maxice8: do you use --force-with-lease? 2021-04-23 18:40:20 anyway, i pushed again, and gitlab says i need to rebase, but there's nothing to rebase 2021-04-23 18:41:17 @Ikke no 2021-04-23 18:41:25 maxice8: maybe a good habbit to learn :) 2021-04-23 18:41:30 i should also learn that habit 2021-04-23 18:41:39 I have it by default but have -f for `maintainer-push` 2021-04-23 18:41:42 Habbie: your commit's parent is 8919461d, master is at 0239e25b 2021-04-23 18:42:08 i see my mistake 2021-04-23 18:42:14 habbie git@gitlab.alpinelinux.org:Habbie/aports.git (fetch) 2021-04-23 18:42:16 habbie git@gitlab.alpinelinux.org:Habbie/aports.git (push) 2021-04-23 18:42:19 origin git@gitlab.alpinelinux.org:Habbie/aports.git (fetch) 2021-04-23 18:42:20 origin git@gitlab.alpinelinux.org:Habbie/aports.git (push) 2021-04-23 18:42:23 spot the difference :D 2021-04-23 18:42:28 $ git config --global --get-regexp '^alias.p' 2021-04-23 18:42:29 alias.p push --force-with-lease 2021-04-23 18:42:38 Habbie: I guess the answer is no :P 2021-04-23 18:42:44 ikke, :) 2021-04-23 18:43:49 http://ix.io/30XK I just use this 2021-04-23 18:44:32 blank 2021-04-23 18:45:35 I need a new paste provider 2021-04-23 18:46:42 i see it but it took a while to load 2021-04-23 18:47:04 for me it remains blank 2021-04-23 18:48:47 try again, works now for me 2021-04-23 18:50:01 now it shows me garbage 2021-04-23 18:50:10 tpaste works https://tpaste.us/49l1 2021-04-23 19:07:05 hmm https://gitlab.alpinelinux.org/mps/aports/-/jobs/378124#L125 x86 doesn't have asm/hwcaps.h ? 2021-04-23 19:07:37 hwcap.h* 2021-04-23 19:15:34 bpaste.net is also a good paste provider 2021-04-23 19:50:21 Hi guys 2021-04-23 19:50:30 o/ 2021-04-23 19:50:38 so as I was saying it's obviously donoban's fault 2021-04-23 19:50:42 I wanted to revert two commits but for not adding more revert commits I decided to reset 2021-04-23 19:50:50 yeah sure 2021-04-23 19:51:03 if something is broken 99% I am the responsable :D 2021-04-23 19:51:16 always blame the person who just joined 2021-04-23 19:51:30 if you don't know why, they do! 2021-04-23 19:51:36 well, can I push after rebase my repo or gitlab will always reject it? 2021-04-23 19:51:48 rebase/reset 2021-04-23 19:52:19 ohh 2021-04-23 19:52:22 --force did the trick 2021-04-23 19:52:41 when in doubt, use the Force 2021-04-23 19:52:47 ;) 2021-04-23 19:53:43 I try two or three times on local until works, then push and instantly see trivial errors 2021-04-23 19:53:51 trying to fix that errors all fails :( 2021-04-23 19:53:59 it's a nightmare 2021-04-23 19:54:04 git is a harsh mistress 2021-04-23 19:54:28 well my problem is with abuild patching 2021-04-23 19:55:03 >>> tg_owt: cmake_fixes.patch 2021-04-23 19:55:05 patching file CMakeLists.txt 2021-04-23 19:55:11 he is happy this time :) 2021-04-23 20:16:26 the depencies of a package are gerenated when building it right? 2021-04-23 20:17:29 I wonder what is really needed to add in depends="" 2021-04-23 20:17:53 are /var/run and /run/ considered different? 2021-04-23 20:18:04 On some distros the latter is symliked to the former 2021-04-23 20:18:13 I think that /var/run is a symlink 2021-04-23 20:18:26 22 09:23 run -> /run 2021-04-23 20:18:29 It is. 2021-04-23 20:18:34 basically /run made /var/run obsolete, so it should be a symlink nowadays 2021-04-23 20:18:37 not that it really matters 2021-04-23 20:19:10 the point of those directories is that they're writable (but only by root) even when / is read-only 2021-04-23 20:19:54 historically /var/run was used because /var is by definition writable, but at some point people realized they needed an *early* writable filesystem, before /var is mounted 2021-04-23 20:20:00 and so /run was created 2021-04-23 20:20:30 (and it's normally a tmpfs) 2021-04-23 20:20:56 and since the amount of data in /var/run has always been very small, it doesn't make much sense to keep a separate directory 2021-04-23 20:21:14 so, everything goes to /run and there's a symlink to keep everyone happy. 2021-04-23 20:27:02 https://gitlab.alpinelinux.org/donoban/aports/-/jobs/378199 ouch this failed but it doesn't seem "my fault" 2021-04-23 20:27:56 I don't know what happened :\ 2021-04-23 20:28:12 (dinner time) 2021-04-23 20:32:09 I have an issue here where openrc-run doesn't do the checkpaths in start_pre 2021-04-23 20:33:08 Also, stdout and stderr are not captured by syslog 2021-04-23 20:36:18 stdout and stderr are never captured by syslog, you need a specific service setup if that's what you want 2021-04-23 20:38:13 Hrm. 2021-04-23 20:38:27 not even as part of openrc? 2021-04-23 20:55:23 openrc doesn't do magic, it can't plug stuff that is not syslog into syslog XD 2021-04-23 20:55:48 there's a specific program for that, called 'logger', idr which package provides it 2021-04-23 20:56:12 but tbh if a daemon is logging to stderr (which is the right thing), redirecting its output to syslog is a waste 2021-04-23 20:56:40 better use a dedicated logger reading on the daemon's stderr, so you don't have to pay the cost of the fan-in fan-out mechanism of syslog and your logs are more greppable 2021-04-23 20:57:02 logger is in util-linux 2021-04-23 21:03:19 ah right 2021-04-23 21:04:39 skarnet: you know, openrc executing a service can plug stdin, stdout, and stderr anywhere they want. Like systemd can do. 2021-04-23 21:05:40 they can redirect it to any file descriptor, yes, but syslog is not a regular file descriptor. 2021-04-23 21:05:47 it's a specific API. 2021-04-23 21:10:31 skarnet: I know that. You can do a select over fds though. It is possible. Just not implemented in openrc I guess. 2021-04-23 21:11:21 Thermi: your problem with checpaths is related with /var/run? 2021-04-23 21:11:51 donoban: I do not know if it is caused by anything having to do with the path or openrc just not running that section. I have to check that first. 2021-04-23 21:12:06 It's a new problem though. 2021-04-23 21:12:15 Well I think that they did some some fixes related with checpath and symblinks 2021-04-23 21:12:22 it's not implemented for good reason: 1) it's useless, because daemons that log to stderr know what they're doing and generally do NOT want their logs to go to syslog, else they would use syslog(). 2) there's already a tool to do that, logger. 2021-04-23 21:12:30 it broke tinyproxy start and other services 2021-04-23 21:12:57 At least throw an error goddamnit. 2021-04-23 21:13:14 This "silent failure" thing is the worst. 2021-04-23 21:14:22 /usr/lib/libtg_owt.so.0.0.0: undefined reference to `webrtc::VectorDifference_SSE2_W32(unsigned char const*, unsigned char const*)' 2021-04-23 21:14:24 collect2: error: ld returned 1 exit status 2021-04-23 21:14:30 the nightmare doesn't end :\ 2021-04-23 21:24:34 maxice8, thanks! 2021-04-23 21:25:00 welcome 2021-04-23 21:25:48 maxice8, i believe 20756 should also be good to go now 2021-04-23 21:26:04 I'll look at it soon, I'm looking at !20755 2021-04-23 21:26:17 !20756 2021-04-23 21:26:24 sure, did not mean to rush, mentioned in case you saw the flux on it earlier and figured i might not be done :) 2021-04-23 21:29:23 does anyone know if ppc64le supports SSE2? 2021-04-23 21:29:36 SSE2 is x86(_64) specific 2021-04-23 21:29:44 ok 2021-04-23 21:29:46 Their feature set is probably called something different 2021-04-23 21:30:00 @Ikke: ty 2021-04-23 21:30:11 :) 2021-04-23 21:30:21 maxice8, i see that you rebase before merge - is that so you don't generate a merge commit? 2021-04-23 21:30:34 yes, no merge commits are allowed 2021-04-23 21:30:40 ah 2021-04-23 21:30:50 is the rebase a button in gitlab? 2021-04-23 21:31:35 yes but I use a script that uses glab which uses the API 2021-04-23 21:31:36 no, because we talked about push -f earlier 2021-04-23 21:31:37 http://ix.io/2Twz 2021-04-23 21:31:51 Habbie: yes, we rebase everything in aports 2021-04-23 21:31:58 maxice8, ah 2021-04-23 21:31:58 gitlab checks if it can rebase without conflicts 2021-04-23 21:32:02 if it can then it offers a button 2021-04-23 21:32:04 ah! 2021-04-23 21:32:10 if not it prompts you to check the branch locally, resolve the conflict and push 2021-04-23 21:32:16 so slightly different than github's buttons to merge without merge commits 2021-04-23 21:32:31 maxice8, and that's what you did earlier because the license fix caused a conflict, i realised later :) 2021-04-23 21:32:31 gitlab doesn't have a rebase&&merge like github 2021-04-23 21:32:58 and we don't have merge trains (paid feature) 2021-04-23 21:34:35 oh wow 2021-04-23 21:34:41 i've wanted that in github for ages 2021-04-23 21:35:22 (i just read https://docs.gitlab.com/ee/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/ ) 2021-04-23 21:35:59 every few months we have two back-to-back merges that 'break eachother' 2021-04-23 21:41:49 What is the Contributor comment for in APKBUILD files? What is the difference between the Maintainer one? (Sorry, couldn't find this on the wiki after a quick search) 2021-04-23 21:43:04 judging from community/pdns, there's a maintainer and also a bunch of people that contributed changes at some point 2021-04-23 21:43:36 and I guess I forgot to add myself to that today ;) 2021-04-23 21:43:50 but it's also possible my guess about the meaning of the fields is completely wrong 2021-04-23 21:43:53 contributor field should be removed 2021-04-23 21:44:34 it is misleading 2021-04-23 21:45:29 mps, what does it mean/did it mean? 2021-04-23 21:46:57 I think it is intended for serious contribution to pkg, and to contact contributor if maintainer is unreachable 2021-04-23 21:47:26 ah 2021-04-23 21:47:36 but nowadays all devs can be contacted in such cases 2021-04-23 21:47:42 then i did not forget to add myself; although i would like to be contacted about the ports i touched ;) 2021-04-23 21:47:51 right, makes sense 2021-04-23 21:48:41 don't worry, we will 'find' you from git log :) 2021-04-23 21:48:49 :) 2021-04-23 21:49:07 i'm not worried, and also i added this channel to my autojoin 2021-04-23 21:49:42 if you are upstream you may ask to take maintainership 2021-04-23 21:49:53 yes, somebody else suggested that earlier as well 2021-04-23 21:50:00 and if we used alpine ourselves, we'd do that 2021-04-23 21:50:05 but we don't, so i'm still pondering 2021-04-23 21:50:46 you are talking about pdns? 2021-04-23 21:51:03 ah, well 2021-04-23 21:51:07 yes 2021-04-23 21:51:37 but I can't remember that I see current maintainer active for long time 2021-04-23 21:52:04 and pdns-recursor and dnsdist have no maintainer listed 2021-04-23 21:52:31 last commit from s/he is bc84f7f31fc5d955514638e4570bae10ff1189fc 2021-04-23 21:52:40 2011 2021-04-23 21:52:46 year 2021-04-23 21:52:48 mps, just saw that too, yes 2021-04-23 21:52:54 so then better me than 'nobody' 2021-04-23 21:53:01 I agree 2021-04-23 21:53:05 where i'm counting somebody who has not been seen as 10 years as 'nobody' too, without wanting to be rude 2021-04-23 21:53:15 mps, do i just do a MR and put myself in there? 2021-04-23 21:53:17 np 2021-04-23 21:53:53 usual practice is to send mail to maintainer and CC to alpine-devel ML 2021-04-23 21:54:05 ah, i'm not subscribed (yet?) 2021-04-23 21:54:15 let's see how busy that is 2021-04-23 21:54:27 alpine-devel or alpine-aports? 2021-04-23 21:54:33 if no answer in a week or two then you will be 'accepted' 2021-04-23 21:54:49 oh, only a few mails a week, awesome 2021-04-23 21:55:01 alpine-devel, alpine-aports is practically dead 2021-04-23 21:55:16 ok 2021-04-23 21:55:30 Your subscription to ~alpine/devel is confirmed! To unsubscribe in the future, send an 2021-04-23 21:55:34 it.. did not ask for a confirmation 2021-04-23 21:55:36 that's a bit icky 2021-04-23 21:56:19 actually all alpine MLs are dead for me ;) 2021-04-23 21:56:23 why? 2021-04-23 21:56:50 don't ask, don't want yet another round of flame war here 2021-04-23 21:56:55 alright 2021-04-23 22:42:10 well, i got one ringing endorsement on alpine-devel :) 2021-04-23 22:49:57 Yeah I was surprised not to see lot of patches in ~alpine/aports 2021-04-23 22:50:12 https://bugzilla.mozilla.org/show_bug.cgi?id=1707316 2021-04-23 22:50:18 didn't we recently talk about fx segfaulting? :) 2021-04-23 22:51:07 What machines are people using for ppc64le? 2021-04-23 22:51:39 i have a ppc64 VM from IBM 2021-04-23 23:14:11 Can I assume that the build machine has more than 1G of RAM? I'm packaging an app that crashes if I don't configure a minimum amount of RAM for the build. 2021-04-23 23:28:03 Yes 2021-04-23 23:30:23 Thank you 2021-04-24 00:48:05 when should checkpath be used in openrc services? If I'm already creating the directory in the package() function 2021-04-24 02:51:03 tomleb: i have an IBM SC812 (POWER8) and IBM S922 (POWER9) 2021-04-24 02:51:31 er, S812LC 2021-04-24 03:17:21 right, a server, however in the bugzilla above, its a firefox user. So I'm wondering who's using that arch for desktop :) 2021-04-24 03:39:10 Ariadne: What are using these servers for? Just regular server or ppc builds? 2021-04-24 03:40:26 tomleb: there are people using alpine on Talos 2021-04-24 03:40:34 tomleb: which is a workstation ppc64 board 2021-04-24 03:41:23 From raptors? 2021-04-24 03:42:27 I've seen them before, too expensive for me 2021-04-24 03:58:31 i have a blackbird, it is very ok 2021-04-24 04:00:59 In alpine, is it necessary to build golang apps with -extldflags '-static' ? 2021-04-24 04:18:50 for what purpose? 2021-04-24 04:18:58 you should not do that if you're building an APK 2021-04-24 04:19:11 if you're building a binary you plan to redistribute to others, it probably makes sense to do that 2021-04-24 04:22:48 Ok, well I see a few examples of packages that do that. For example k3s. 2021-04-24 04:40:47 I'm currently using alpine-chroot-install for my dev environment. So far so good. I'm wondering how to start services in /etc/init.d. Currently, if I run rc-service servie start, it says my service is already started. Any idea ? 2021-04-24 04:41:25 Ah, I should've read.. It's right there. touch /run/openrc/softlevel 2021-04-24 06:15:36 tomleb: there aer a few exceptions where some binaries are built that will run on guest systems 2021-04-24 06:15:41 so they need to be static 2021-04-24 06:15:50 (re golang -static) 2021-04-24 06:16:46 tomleb: re checkpath: one usecase is for creating directories in /run, which is tmpfs 2021-04-24 07:42:18 PureTryOut[m]2: konsole has a test failure on armv7 2021-04-24 07:46:45 huh, github is a stupid thing 2021-04-24 07:47:07 and gitlab also 2021-04-24 07:49:49 gitlab just messed my latest 'git push mps' from branch in master 2021-04-24 07:50:12 what happened 2021-04-24 07:50:45 there is ' You pushed to 3.13-stable 4 minutes ago' and button 'create merge request' 2021-04-24 07:51:11 before that I merged dovecot xapian to 3.13 2021-04-24 07:51:42 and after that I pushed new branch to gitlab, wireguard-tools 2021-04-24 07:52:32 mps: what does 'git config push.default' return for you? 2021-04-24 07:52:34 lets play more 2021-04-24 07:53:08 empty answer 2021-04-24 07:59:29 I guess you already removed 3.13-stable from your fork 2021-04-24 08:05:04 no, I merged to 3.13 from other contributor, not my MR 2021-04-24 08:06:41 hah, I merged another MR and it is now cleaned 2021-04-24 08:07:18 very interesting :) 2021-04-24 08:25:52 algitbot: retry master 2021-04-24 08:25:58 It works 🎉 2021-04-24 08:26:00 :) 2021-04-24 08:54:25 did bratkartoffel invented real AI finally :) so much MRs in short time 2021-04-24 08:55:19 sounded good in my head to file it as separate MRs... but after looking at it now I think it was a bad idea 2021-04-24 08:56:03 at least I learned something about the gitlab api and why I should not use it 2021-04-24 08:56:34 sorry... hope I didn't break something? 2021-04-24 08:56:37 bratkartoffel: no, it is ok imo 2021-04-24 08:57:27 jk because I surprised by bug number in short time 2021-04-24 08:57:49 s/bug/MRs/ 2021-04-24 08:57:49 mps meant to say: jk because I surprised by MRs number in short time 2021-04-24 08:58:30 (if you fight with they will inhabit your brain :) ) 2021-04-24 08:58:42 (if you fight with bugs they will inhabit your brain :) ) 2021-04-24 08:59:31 Hi 2021-04-24 09:00:12 there is any problem with syslog and chronyd pidfiles being readable by anynone? I was reading this issue https://gitlab.alpinelinux.org/alpine/aports/-/issues/12623 2021-04-24 09:04:16 hehe I was surprised too about the long round of MR's 2021-04-24 09:04:54 bratkartoffel: what problems did you have? 2021-04-24 09:08:20 maribu[m]: what keeps upgrade avarice to 2.14 2021-04-24 09:10:15 btw, and dfu-util to 0.10 2021-04-24 09:31:12 uhM, lol 2021-04-24 09:31:28 complains about: Warning: cannot find /var/run/utmp 2021-04-24 09:31:52 but it instead looks for: Looking: /dev/null/utmp 2021-04-24 09:34:20 @mps: I'll have a look at avarice and dfu-util tonight 2021-04-24 09:36:14 I think texlive should also have a new release. They usually have them in April 2021-04-24 09:37:20 maribu[m]: thanks, you saved me some time :) 2021-04-24 09:38:55 and I always forget to explain my idea about gcc-avr. actually I wanted to keep it in previous release 2021-04-24 09:39:59 i.e. 9.2 series 2021-04-24 09:40:28 maybe I will create new package with name gcc-avr9 2021-04-24 09:43:14 and then you could do what you planned with current releases 2021-04-24 09:43:19 maribu[m]: ^ 2021-04-24 09:47:53 I need help from someone who know ppc64le build, this https://gitlab.alpinelinux.org/mps/aports/-/jobs/378820#L184 2021-04-24 09:48:24 !20824 2021-04-24 11:00:29 I have an issue with lvm2-2.02.187-r1, lvdisplay works, lvextend/lvcreate throws 'No command with matching syntax recognised.', not sure how it is possible to compile lvm2 without create/extend support... same with `lvm lvcreate` or `lvm lvextend` 2021-04-24 11:02:16 ok nevermind, syntax was wrong. apologies. 2021-04-24 11:17:42 ikke: thanks and thanks 2021-04-24 12:22:11 Thermi: so kopano is a microsoft exchange server emulator, right? 2021-04-24 12:22:33 Thermi: how can an end-user of kopano comply with the AGPL license to have a prominent link to download kopano source code if there is no UI for that part? 2021-04-24 12:22:59 i think we are going to have to reject kopano in alpine, unless there is a good answer to that question 2021-04-24 12:23:25 i am honestly thinking about amending our policies to disallow AGPL period 2021-04-24 12:23:48 it seems to me that there is a new meme with AGPL, and that is, license violation entrapment 2021-04-24 12:23:56 +1 2021-04-24 12:24:29 and i don't think it is nice to put our users in a situation where they become non-compliant with a license out of the box 2021-04-24 12:24:41 yes 2021-04-24 12:25:36 the latest being minio 2021-04-24 12:25:51 we need some kind of written policy for some things 2021-04-24 12:25:59 make a software, then once people are hooked, change the license so everyone is screwed 2021-04-24 12:26:17 open the gates, invite everyone in, shut the gates 2021-04-24 12:26:24 like mongo or qt 2021-04-24 12:26:28 (i fail to see how minio itself can be AGPL compliant, it has no UI) 2021-04-24 12:26:45 well, qt pulled a dick move, but they only restricted LTS 2021-04-24 12:27:20 wait, their greed is not yet grown enough :) 2021-04-24 12:27:34 Qt has always been a licensing shitshow 2021-04-24 12:27:48 I recall that being part of the motivation to build GNOME back in the good old days 2021-04-24 12:27:53 mps: there is always KDE's "free Qt foundation" 2021-04-24 12:28:03 so if they pull some mega dick move 2021-04-24 12:28:04 tehcloud: that was reason I never tried to learn it 2021-04-24 12:28:08 we will have Qt under BSD license 2021-04-24 12:28:09 :D 2021-04-24 12:28:48 I tried learn gtk 2021-04-24 12:28:54 the toolkit situation is generally bad 2021-04-24 12:28:56 i think this AGPL stuff is far worse than the Qt situation 2021-04-24 12:29:05 I had to abandon GTK and now I am using FLTK for UI stuff :p 2021-04-24 12:29:10 ugly but works 2021-04-24 12:29:19 heh, FLTK was nice 2021-04-24 12:29:28 these companies are doing this with AGPL because they want to entrap people into having to pay license fees 2021-04-24 12:29:42 they're not using AGPL for software freedom 2021-04-24 12:29:44 :D 2021-04-24 12:30:07 yes, and this is why I'm against companies involvement in alpine 2021-04-24 12:30:12 yeah, AGPL is a bit fishy overall... it's really on the extreme end 2021-04-24 12:31:25 software freedom integrists: let's do a license that will force corporations to release their source code! 2021-04-24 12:31:39 I don't know for sure english meaning of word 'company' but as I understand it from latin it means a gang to go in war to robe all around 2021-04-24 12:31:46 corporations: hmmm... oh hey! we could use that license to force people to pay us more! 2021-04-24 12:32:09 software freedom integrists: 2021-04-24 12:34:04 have to repeat Descartes words: if the people understand true meaning of words at least half of all world dellusions will disappear 2021-04-24 12:35:03 that is... not what Descartes said 2021-04-24 12:35:25 I wrote from head with my bad english 2021-04-24 12:36:44 Descartes's point about delusions is that we can only perceive the world through our senses 2021-04-24 12:36:55 he probably said it En Francais 2021-04-24 12:37:18 and our senses are lying to us, so we need Reason in order to make up a correct representation of the world 2021-04-24 12:37:53 I don't think he said anything about "half of all the world's delusions disappearing" 2021-04-24 12:37:58 [06:30:06] yes, and this is why I'm against companies involvement in alpine 2021-04-24 12:38:01 that is other thing, and true 2021-04-24 12:38:03 well that ship sailed a decade ago 2021-04-24 12:38:34 I mean to answer skarnet 2021-04-24 12:39:34 but i do think that rejecting software that is VC-funded might not be an unreasonable idea 2021-04-24 12:39:54 since this seems to keep happening 2021-04-24 12:40:45 another option is something along the lines of the Debian "non-free" strategy if someone does care to package stuff up that is not aligned with the distro's philosophy 2021-04-24 12:40:53 it is not problem if the software funded by companies, problem is awkward licenses 2021-04-24 12:41:44 the problem is when VC-funded companies bait and switch licenses 2021-04-24 12:42:58 yes, minio went from MIT to AGPL 2021-04-24 12:43:12 but there is no way that i see for a minio install to be compliant with AGPL 2021-04-24 12:43:19 it is a web server 2021-04-24 12:43:26 there is no GUI 2021-04-24 12:43:38 (there is an optional GUI for it, but the core does not have one built in) 2021-04-24 12:43:56 a web *server* with a *GUI*? 2021-04-24 12:44:08 yes, it allows you to browse the filesystem it is serving 2021-04-24 12:44:20 (minio is a web server that implements the Amazon S3 API) 2021-04-24 12:44:24 2021-04-24 12:44:39 Btw I don't think llvm12 for 3.14 will happen, more IR test failures in llvm12 and clang changed things in the buildsystem and I won't have time to look into that until next weekend or so 2021-04-24 12:44:57 minio itself makes sense 2021-04-24 12:45:12 because a lot of software supports S3 for file uploads etc 2021-04-24 12:45:29 but i dont see how it can be compliant with AGPL 2021-04-24 12:48:37 ghostscript is compliant because it isnt used in a network setting 2021-04-24 13:00:51 if there is no user interface or menu, then that clause does not apply is my reading of it 2021-04-24 13:01:35 if there is, and you make changes, you can as well include the required notice 2021-04-24 13:08:30 Ariadne: is it though? what if i run mediawiki and imagemagick calls ghostscript for thumbnails 2021-04-24 13:09:16 ikke: if that's true then why is ghostscript AGPL? 2021-04-24 13:09:17 :) 2021-04-24 13:09:50 Hello71: who knows, this is why i don't like AGPL so much anymore :) 2021-04-24 13:15:44 nice rce in exiftool CVE-2021-22204 2021-04-24 13:17:06 no CPE data provided in that CVE 2021-04-24 13:17:09 harrumph 2021-04-24 13:19:06 we're not vulnerable in edge 2021-04-24 13:20:06 ah, because our source packagename is perl-image-exiftool 2021-04-24 13:21:21 oh, no, there's no CPE data for real 2021-04-24 13:21:24 yuck :) 2021-04-24 13:55:57 my bandwidth for riscv64 is 1-2 weeks every 4-5 months 2021-04-24 13:57:31 plus the occasional serendipitous "I need to use riscv64 for something and I might as well fix some alpine issues so I have a useful host to work from" 2021-04-24 13:57:43 :D 2021-04-24 13:58:17 ddevault: well, i think if rvs wants this and is willing to do the work, maybe that makes the most sense 2021-04-24 13:58:25 indeed 2021-04-24 13:58:27 because he works on a downstream derivative of alpine full time 2021-04-24 13:58:44 I can provide shell access on an rv64 host to anyone who intends to work on it 2021-04-24 13:59:00 i think we will wind up doing the builds with qemu-user 2021-04-24 13:59:07 but yes, real porting hardware is good to have 2021-04-24 13:59:27 well, one of the major issues that needs to be addressed to move rv64 forward is that the boot story is full of holes on real hardware 2021-04-24 13:59:47 (i'm not thrilled about qemu-user, but i think the real hardware options are all too slow to keep up at a reasonable pace) 2021-04-24 13:59:55 though working on that remotely would be annoying for anyone 2021-04-24 14:00:11 i suspect rvs is able to get rv64 hardware 2021-04-24 14:00:14 Ariadne: is there an advantage to qemu-user rather than qemu-system? 2021-04-24 14:00:19 depends on the amount of money you want to spend 2021-04-24 14:00:20 ikke: it is way faster 2021-04-24 14:00:23 Ariadne: aha 2021-04-24 14:00:26 enough slow hosts working in parallel can keep up with a large build queue 2021-04-24 14:00:43 and they're not really that slow, I did the entire bootstrapping effort so far on a native host 2021-04-24 14:00:45 our current build infra does not handle parralel builds sadly 2021-04-24 14:00:47 yes, but our current build system doesn't support distributing jobs yet 2021-04-24 14:00:55 solvable problem 2021-04-24 14:01:10 yes, but not short term 2021-04-24 14:01:15 yes, we can switch to apkfoundry 2021-04-24 14:01:19 we will not have working rv64 in the short term 2021-04-24 14:01:24 Ariadne, wait, which one is faster? qemu-user or qemu-system? 2021-04-24 14:01:30 Habbie: -useer 2021-04-24 14:01:35 right, i hoped so :) 2021-04-24 14:01:45 this damn keyboard is dying on mee 2021-04-24 14:01:57 Ariadne: I have the same with my laptop keyboard 2021-04-24 14:02:01 very anoying 2021-04-24 14:02:04 thankfully i get paid next week and will be going immdiately to best buy to get a temporary machine 2021-04-24 14:02:21 you can take your pick from my pile of keyboards if you want 2021-04-24 14:02:28 it's next to the pile of monitors 2021-04-24 14:02:33 hah 2021-04-24 14:02:57 well regarding hw in the long term 2021-04-24 14:03:03 we can probably get sifive to sponsor hw 2021-04-24 14:03:27 ncopa has ideas for the build infra btw 2021-04-24 14:03:31 they weren't super receptive when I spoke to them about getting hw for builds.sr.ht runners a couple of years ago 2021-04-24 14:03:54 or rather they were somewhat receptive, but lacked an org structure which could fulfill such a request 2021-04-24 14:05:20 if not, sifive, then i suspect linux foundation could fulfill the request, since they want it anyway for EVE 2021-04-24 14:05:22 :p 2021-04-24 14:58:54 Ariadne: it was an eval in perl: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800L233 2021-04-24 14:59:31 wdtTP2O82Kft: yep i saw. i have done the security upgrade in 3.13 2021-04-24 15:13:57 ACTION < https://matrix.org/_matrix/media/r0/download/matrix.org/eiTNgsIqiNxhZgLrGZwccbWw/message.txt > 2021-04-24 15:14:12 s/1/-1/ 2021-04-24 15:16:55 huh 2021-04-24 15:17:35 sending url without any word about context? 2021-04-24 15:18:02 heh my partner who is a lawyer says the minio license change may actually be illegal, as there is no evidence of a CLA or relicensing campaign 2021-04-24 15:18:05 :D 2021-04-24 15:31:04 the bigger problem might be selling "Commercial" license without CLA: https://min.io/pricing 2021-04-24 15:56:51 . 2021-04-24 17:20:27 Hello71: yes, i don't see how that is possible 2021-04-25 08:22:56 If I wanted to package a musical instrument tuner that supports alsa, oss, pulseaudio, and jack, would the proper convention be to make different packages for each of the supported sound libraries rather than making all of those dependencies? 2021-04-25 08:24:50 Dadrophenia: That would be appreciated (separate subpkacages) 2021-04-25 08:41:23 +1 2021-04-25 08:41:57 same should be for firefox, mpv etc ... :) 2021-04-25 08:47:22 Issue is that it's quite expensive in time to build a project like firefox multiple times 2021-04-25 09:17:09 if 'exensive' is so important I think building these packages without cruft^Wpulse,pipewire,jack... will be less expensive :P 2021-04-25 09:20:08 It's always a matter of trade-offs. In different situations, you have to make different choices 2021-04-25 09:21:26 What's cruft for one person, is a bare necessity for the other. Who should we cater for? 2021-04-25 09:21:38 hah, interesting. trade basic principle for 'commodity' 2021-04-25 09:22:12 we should cater for 'small and simple' 2021-04-25 09:22:22 small, simple and limited? 2021-04-25 09:22:38 right, I forgot limited ;p 2021-04-25 09:23:33 seriously, I don't see strong reason to use alpine if it is as debian/ubuntu/fedora/arch 2021-04-25 09:23:47 because of musl? 2021-04-25 09:24:28 yes, musl is good reason but waste my time with other problems on alpine is not worth for me 2021-04-25 09:25:02 The issue is that it's not easy to have optional dependencies if the software does not support it 2021-04-25 09:25:19 a lot less effort would be run debian with openrc, or maybe arch if it can work without systemd 2021-04-25 09:26:05 ACTION wants alpine as it was 2-3 years ago 2021-04-25 09:26:35 I wonder if it would be possible to create shims for these dependencies that get replaced if you install the actual implementation 2021-04-25 09:26:36 don't tell me 'use 3.9' 2021-04-25 09:28:21 ok, enough grumble from me for today. sunny day is outside :) 2021-04-25 09:28:49 If we had inifinite resources (build time, mirror space, developer time)l, we would just provide all possible combinations that people might want 2021-04-25 09:30:13 hehe, space and time are infinite, say mps with quantum physic hat on 2021-04-25 09:30:13 mps: don't get me wrong, I do feel your 'pain' 2021-04-25 09:31:26 ikke: I don't feel pain about these anymore as with other open source 'things' :) 2021-04-25 09:31:43 s/anymore/more/ 2021-04-25 09:31:43 mps meant to say: ikke: I don't feel pain about these more as with other open source 'things' :) 2021-04-25 09:31:58 s/anymore/more than/ 2021-04-25 09:31:59 mps meant to say: ikke: I don't feel pain about these more than as with other open source 'things' :) 2021-04-25 10:11:22 hi 2021-04-25 10:12:05 mps: with debian/ubuntu/fedora/arch, you mean as a desktop? 2021-04-25 10:14:04 donoban: probably as desktop and *bsd on servers 2021-04-25 10:15:01 sure, I know they are not perfect 2021-04-25 10:15:15 hehe 2021-04-25 10:15:47 well, I'm currently using alpine as desktop like a football team holigan 2021-04-25 10:16:17 all my family use alpine as desktop 2021-04-25 10:16:25 great! :D 2021-04-25 10:17:24 xfce4 and awesome wm, no so called big DEs 2021-04-25 10:17:25 so you are only worried about big programs like firefox not being properly subpackaged? 2021-04-25 10:17:54 I'm not woried, I don't like useless cruft in them 2021-04-25 10:18:08 i have some ideas 2021-04-25 10:18:24 my ears ready 2021-04-25 10:18:25 the main point is making aports integrate better with the system 2021-04-25 10:18:41 then you can rebuild packages with different option selections like freebsd 2021-04-25 10:19:20 but Ariadne the problem is when the upstream are not worried about this, like in telegram 2021-04-25 10:19:46 donoban: well that's too bad for telegram 2021-04-25 10:20:00 Ariadne: does this idea means user should rebuild packages 2021-04-25 10:20:22 I suppose that in firefox there are similar problems 2021-04-25 10:20:29 mps: yes, if they do not like the defaults 2021-04-25 10:20:50 i.e. specific package I want to be different than it is in release 2021-04-25 10:21:01 yep 2021-04-25 10:21:05 i want to make that easy 2021-04-25 10:21:11 there's a few ways we can do it 2021-04-25 10:21:22 heh, that is what I do in my local branches 2021-04-25 10:21:27 having a @local tagged repo and pinning packages to @local for example 2021-04-25 10:22:01 the larger issue is making abuild aware of build-options 2021-04-25 10:22:15 ncopa and i talked about that a few years ago but then life happened and it got tabled :P 2021-04-25 10:22:52 yes, like what happens with most good ideas 2021-04-25 10:23:04 well today reality is a lot different 2021-04-25 10:24:12 things are more stable for a lot of the developers working on these ideas :) 2021-04-25 10:25:10 Off Topic: I'm considering removing firejail xd 2021-04-25 10:25:50 from aports? 2021-04-25 10:25:56 lol no 2021-04-25 10:26:00 from my computer 2021-04-25 10:26:17 I had a hope :) 2021-04-25 10:26:21 hahaha 2021-04-25 10:26:36 I honestly don't bother if there are things on aports that I don't use 2021-04-25 10:26:38 i mean 2021-04-25 10:26:46 i'm considering removing firejail :) 2021-04-25 10:26:48 but I suppose that for you is pretty different 2021-04-25 10:26:54 from aports :) 2021-04-25 10:27:11 no objections from me ;) 2021-04-25 10:27:17 the problem is somebody will put it back 2021-04-25 10:27:21 because they don't know better 2021-04-25 10:27:22 :D 2021-04-25 10:27:30 the maintainer? it seems a nice guy 2021-04-25 10:27:35 he* 2021-04-25 10:27:37 :\ 2021-04-25 10:27:48 it does not matter if the maintainer is nice if the software he is maintaining is a security hole :D 2021-04-25 10:27:59 my job is literally removing security holes from alpine 2021-04-25 10:28:24 uhM, I'm not sure if "security hole" is exagerated 2021-04-25 10:28:30 Ariadne: iirc, once upon a time you talked about making list of packages for removal 2021-04-25 10:28:38 yes 2021-04-25 10:28:40 but I only will install it on single user desktops 2021-04-25 10:28:49 never on servers, or shared systems 2021-04-25 10:29:06 donoban: you might not want to download random programs from the internet too 2021-04-25 10:29:11 because i guarantee you 2021-04-25 10:29:16 i could root your box via firejail 2021-04-25 10:29:18 if i wanted to 2021-04-25 10:29:30 i mean, i'm not that kind of person obviously 2021-04-25 10:29:39 but if you `curl | sh` shit 2021-04-25 10:29:48 that shit could root you via firejail 2021-04-25 10:29:49 100% sure 2021-04-25 10:29:56 yes 2021-04-25 10:29:58 uhM 2021-04-25 10:30:01 the problem 2021-04-25 10:30:06 is that in my currnet computer 2021-04-25 10:30:12 is near the same to become donoban that become root 2021-04-25 10:30:20 there is nothing more value for root that for donoban 2021-04-25 10:30:30 that's not true 2021-04-25 10:30:33 like in most single user deskstops 2021-04-25 10:30:35 root is very valuable 2021-04-25 10:30:38 even on single user machine 2021-04-25 10:30:50 uhM 2021-04-25 10:30:54 for example i can install a rootkit that you won't be aware of 2021-04-25 10:31:06 and then exfiltrate your data without your knowledge 2021-04-25 10:31:32 I will consider the game lost before that 2021-04-25 10:31:40 if you can't be root 2021-04-25 10:31:43 the game was lost as soon as you installed firejail :D 2021-04-25 10:31:45 what will you do? 2021-04-25 10:31:46 game is lost long ago 2021-04-25 10:31:49 hehe 2021-04-25 10:32:35 if i am an attacker, i could serve you a webpage (via an advert or whatever) that gets code execution in your browser and then use firejail to privesc 2021-04-25 10:33:13 uhM, but theorically in that sceneario firejail should protect me 2021-04-25 10:33:38 anyway I open most random links with torbrowser on flatpak which uses brwap 2021-04-25 10:33:44 no, what protects you in that scenario is firefox using seccomp to block exec(2) syscall 2021-04-25 10:34:21 (there have literally been browser to root privesc using firejail btw) 2021-04-25 10:35:06 well I honestly was happy with it, but tried to fix some errors and uhM.. 2021-04-25 10:36:17 It complains about ("cannot find /var/run/utmp\n"), but in reallity it was trying to open "/dev/null/utmp" 2021-04-25 10:36:38 which is pretty uggly debug warning 2021-04-25 10:36:43 do someone keep notes for next stable? I just moved clamav from main to community and this should be mentioned in release notes 2021-04-25 10:36:49 that means they are using paths.h for no reason 2021-04-25 10:36:50 :D 2021-04-25 10:37:06 and see some blocks of code just commented, pretty rare on an official release 2021-04-25 10:37:17 I feel that they are trying to achieve more than they can afford 2021-04-25 10:37:29 because they try to support a lot of programs configuration by default 2021-04-25 10:37:36 yes this might be why i keep saying to not use it :D 2021-04-25 10:37:38 mps: https://wiki.alpinelinux.org/wiki/Draft_Release_Notes_for_Alpine_3.14.0 2021-04-25 10:38:08 mps: I can add it for you if you want 2021-04-25 10:39:01 ikke: please do, and thanks 2021-04-25 10:41:28 mps: https://wiki.alpinelinux.org/wiki/Draft_Release_Notes_for_Alpine_3.14.0#ClamAV_moved_to_community 2021-04-25 10:41:45 can we delete firejail :D 2021-04-25 10:44:00 ikke: thanks, especially about nice explanation. I couldn't do such explanation 2021-04-25 10:48:06 Ariadne: We could open an issue on gitlab and ping @itoffshore 2021-04-25 10:48:58 i just question the value of shipping a package that is fundamentally conceptually flawed 2021-04-25 10:49:09 that describes itself as "security" tool 2021-04-25 10:49:42 if you really want this, you should use bubblewrap which does this without being SUID 2021-04-25 10:50:09 yes, it's just polite to do this in discussion with the maintainer 2021-04-25 10:50:43 https://github.com/igo95862/bubblejail 2021-04-25 10:50:45 :) 2021-04-25 10:51:02 i could see a postmarketOS user installing firejail to their phone 2021-04-25 10:51:10 and then getting utterly owned 2021-04-25 10:51:11 another problem is that many profiles are broken in the default setup, mainly due utmpfs and some mount errors 2021-04-25 10:51:34 haha so its broken too :D 2021-04-25 10:51:50 it needs a little love to work 2021-04-25 10:51:52 hehe 2021-04-25 10:52:03 this is quickly becoming meme security 2021-04-25 10:52:29 well, I suppose that this problems are related with alpine 2021-04-25 10:52:35 the profiles are mostly based on ubuntu/debian 2021-04-25 10:53:02 but it would be a pain to adapt a lot of profiles for alpine specifics things 2021-04-25 11:00:15 donoban: no, the problem with firejail is that it exists at all 2021-04-25 11:00:41 :) 2021-04-25 11:02:05 https://seclists.org/oss-sec/2017/q1/25 2021-04-25 11:02:44 "any non-privileged user could mount a tmpfs over any location. Eg mount over /etc to get root shell: 2021-04-25 11:08:49 lik 2021-04-25 11:08:51 e 2021-04-25 11:08:54 i don't get it 2021-04-25 11:09:00 is this thing a troll? 2021-04-25 11:09:16 or some elaborate hoax created by an APT? 2021-04-25 11:09:21 they recommend using it with tor! 2021-04-25 11:09:52 hM, how? 2021-04-25 11:12:58 well an APT would want to convince users to use a trivially defeated security tool because then your average person will think they have security they don't actually have 2021-04-25 11:14:45 do you mean the thread that I pasted? do you see it as a firejail defense? 2021-04-25 11:18:20 i see it as more proof that firejail is a troll 2021-04-25 11:18:32 not allowing users to mount over /etc is security 101 2021-04-25 11:18:56 where did you see they recommend use it with tor? 2021-04-25 11:19:03 it is recommended on firejail website! 2021-04-25 11:19:55 this HOWTO: Firejailed Tor Browser ? 2021-04-25 11:19:57 yes 2021-04-25 11:20:00 and like 2021-04-25 11:20:04 the picture of the cat 2021-04-25 11:20:14 the cat can clearly escape that box 2021-04-25 11:20:14 LOL 2021-04-25 11:20:18 hahaha 2021-04-25 11:20:21 this has to be a troll 2021-04-25 11:20:24 hahahahaha 2021-04-25 11:20:42 I didn't see the cat lol 2021-04-25 11:20:48 its epic, Firejailed! 2021-04-25 11:21:00 completely meaningless 2021-04-25 11:21:07 just like firejail itself 2021-04-25 11:25:37 (1/1) Purging firejail (0.9.64.4-r1), I will miss the cat :\ 2021-04-25 11:26:07 Firejail-cat-as-a-service 2021-04-25 11:26:17 hehe 2021-04-25 11:26:55 the current version in community has open CVE 2021-04-25 11:27:01 i think i am going to just nuke this thing 2021-04-25 11:27:11 lol 2021-04-25 11:27:36 that's because I want https://security.alpinelinux.org/ for edge :D 2021-04-25 11:28:27 uhm it was fixed on edge 2021-04-25 11:28:38 well "fixed", I think that it just disabled overlays 2021-04-25 11:28:50 donoban: I'm working on updating the secfix db generator 2021-04-25 11:29:01 oh great ikke :) 2021-04-25 11:29:05 It will use the new alpinelinux.org/releases.json 2021-04-25 11:29:50 donoban: :D :D :D :D :D :D :D :D :D :D :D 2021-04-25 11:30:09 what happens? hehe 2021-04-25 11:30:18 well, now it is gone 2021-04-25 11:30:23 alpine/aports:master | Ariadne Conill | community/firejail: remove | http://dup.pw/alpine/aports/a583a65eab6c 2021-04-25 11:30:23 so that happened :P 2021-04-25 11:30:24 I opened an issue yesterday on firejail github 2021-04-25 11:30:36 yeah i wouldn't waste your time 2021-04-25 11:30:40 this guy is clearly trolling 2021-04-25 11:30:53 soon he will probably publish a paper about it 2021-04-25 11:31:01 like those guys who got vulnerabilities into linux 2021-04-25 11:31:02 hehe I don't think that 2021-04-25 11:31:17 I feel that his project has too big scope for being a security thing 2021-04-25 11:31:27 security is too complex 2021-04-25 11:31:51 i pray that it does not return 2021-04-25 11:31:55 i have removed it before 2021-04-25 11:31:59 haha 2021-04-25 11:32:12 We should have some kind of flag on options="suid" packages 2021-04-25 11:32:25 the CI should scream bloody murder about options=suid 2021-04-25 11:32:52 But it should allow existing / approved suid programs 2021-04-25 11:33:01 yes agree 2021-04-25 11:35:14 Now I see that they totally ignored my issue 2021-04-25 11:35:29 there are 3 newer issues with answers 2021-04-25 11:35:46 but well, there other issues withoy any answer too 2021-04-25 11:36:09 yeah 2021-04-25 11:36:12 thats because 2021-04-25 11:36:13 I think the title is pretty expresive: "Warning: cannot find /var/run/utmp" but looks for "/dev/null/utmp" instead xd 2021-04-25 11:36:16 this whole thing is a troll 2021-04-25 11:36:42 we are being trolled right now by it in fact 2021-04-25 11:36:44 at least you could fix your warning message 2021-04-25 11:36:50 because we are continuing to discuss this troll 2021-04-25 11:37:03 nah hehe 2021-04-25 11:37:11 it's enought for today, I laught a lot with the cat photo 2021-04-25 11:37:13 :D 2021-04-25 11:37:37 anyway for the love of god, please do not bring firejail back from the dead again 2021-04-25 11:38:51 I will MR, zombiejail 2021-04-25 11:39:47 bubblejail looks nice enough 2021-04-25 11:39:51 package that :p 2021-04-25 11:40:04 it at least uses a sandboxing technology that is actually reasonable 2021-04-25 11:40:30 uhM 2021-04-25 11:40:36 python + brwap? 2021-04-25 11:40:43 it seems a better start 2021-04-25 11:41:56 I have to try, I want sandbox for just work organization more than security itself 2021-04-25 11:42:16 I removed firejail but still have some apps running on firejails 2021-04-25 11:42:25 I need some replacement 2021-04-25 11:59:32 pkgdesc="Bubblejail's design is based on observations of Firejail's faults." 2021-04-25 12:11:03 hmm again, ' You pushed to 3.13-stable 1 minute ago' and button 'Create merge request' 2021-04-25 12:11:41 mps: what is the output of the git push command that you did? 2021-04-25 12:13:14 I merged one MR, alpine/aports:3.13-stable | Duncan Bellamy | community/dcc: upgrade to 2.3.168 | http://dup.pw/alpine/aports/1865ed243012 2021-04-25 12:14:15 maybe it will disappear after some time, like yesterday 2021-04-25 12:19:36 mps: Yes, it'll disappear after a while 2021-04-25 12:20:03 gitlab just detects that you've "pushed" (merged) to a branch that's not the default branch and as such offer you to make a merge request to the default branch 2021-04-25 12:26:35 Cogitri: aha, thats what happened yesterday. thanks for explanation 2021-04-25 12:32:07 this is new annoyance^Wfeature after gitlab upgrade 2021-04-25 12:35:43 ah yes, I should have known 2021-04-25 13:06:58 donoban: ha 2021-04-25 13:07:17 donoban: it is probably better to use $pkgdesc for what it actually does though. 2021-04-25 13:10:46 donoban: the utmp file warning is due to the location of the utmp file defined differently in 2 different include files - I have a patch locally for musl to fix this (part of the utmps-enablement patches I'm working on) 2021-04-25 13:12:29 Ariadne: what are you thoughts on my comment on !20659 ? 2021-04-25 13:14:21 minimal: NAK on revert 2021-04-25 13:14:30 minimal: fix it in a way that retains the subpackages 2021-04-25 13:14:39 Ariadne: I didn't ask for a revert, mps did. 2021-04-25 13:15:10 It was about util-linux having deps to drag in all the other subpackages 2021-04-25 13:15:36 oh 2021-04-25 13:15:40 i think that should be fixed 2021-04-25 13:15:50 i dont have any opinion on fixing it 2021-04-25 13:16:18 however you think it can be fixed without removing the subpackages is fine 2021-04-25 13:16:22 so if I install util-linux to use 1 or 2 of the binaries in it I don't really want hexdump, cfdisk, etc also installed 2021-04-25 13:16:40 then install the individual tools you need? 2021-04-25 13:17:04 thats why the previous MR split out those 3 tools yes 2021-04-25 13:17:16 i think solution is to split out more tools and have util-linux as a metapackage 2021-04-25 13:17:22 yes, exactly 2021-04-25 13:17:34 install util-linux, you get everythign 2021-04-25 13:17:41 need just a specific tool, install that 2021-04-25 13:17:45 ok well somebody do that :P 2021-04-25 13:17:57 or i can look at it later 2021-04-25 13:18:06 right now i am working on wpa-supplicant CVE 2021-04-25 13:19:00 I'm working on the secdb generator 2021-04-25 13:19:06 ikke: any when I install util-linux for "mount" or "fstrim" or one of the other 20-30-odd binaries that are in the main util-linux package I'm also getting 9 other subpackages auto installed that I don't want 2021-04-25 13:19:12 s/any/and/ 2021-04-25 13:19:12 minimal meant to say: ikke: and when I install util-linux for "mount" or "fstrim" or one of the other 20-30-odd binaries that are in the main util-linux package I'm also getting 9 other subpackages auto installed that I don't want 2021-04-25 13:19:56 minimal: the subpackages should not have those as dependencies 2021-04-25 13:20:04 if they do, that should be fixed 2021-04-25 13:20:19 ikke: the subpackages don't - its the main package that has *all* the subpackages as deps 2021-04-25 13:20:25 ACTION nominates minimal to fix it 2021-04-25 13:20:44 minimal: yes, doesn't it make sense that when you install util-linux, you get everything? 2021-04-25 13:20:54 fix it by splitting more stuff out 2021-04-25 13:20:57 :) 2021-04-25 13:21:05 this really is the right way 2021-04-25 13:21:16 split every utility out that anyone actually wants 2021-04-25 13:21:24 then leave the miscillaneous stuff in util-linux 2021-04-25 13:21:35 that is how i would fix it anyway 2021-04-25 13:21:37 nope, if I want "mount" for example as Busybox's mount doesn't support something that util-linux's mount do I may not want "apk add util-linux" to also trigger the install of "lsblk" to replace busybox's lsblk 2021-04-25 13:21:51 ok, so do "apk add lsblk" 2021-04-25 13:21:54 and "apk add mount" 2021-04-25 13:21:59 yes, exactly 2021-04-25 13:22:01 that's what we are telling you 2021-04-25 13:22:08 install mount if you just want moount 2021-04-25 13:22:09 split out everything 2021-04-25 13:22:11 Ariadne: yes the ultimate fix is to split every single binary into a subpackage, but that would be 30+ subpackage - not sure if many would be happy with that 2021-04-25 13:22:18 who cares 2021-04-25 13:22:32 i am sure people will live with it 2021-04-25 13:22:33 :P 2021-04-25 13:23:10 minimal: the issue is that everyone would have a different opinion of what should be included in a minimum util-linux 2021-04-25 13:23:48 minimal: agreed, that's why I mentioned needing a "general decision" 2021-04-25 13:24:00 are you mentioning yourself now? :P 2021-04-25 13:24:06 the 'general decision' is 'split every command' 2021-04-25 13:24:57 i'm just telling you what the logic was when we started splitting util-linux 2021-04-25 13:25:02 from his comment mps doesn't want subpackages, so who gets to merge or reject merge for subpackages? 2021-04-25 13:25:27 Maintainer Natanael Copa 2021-04-25 13:25:38 :D 2021-04-25 13:25:51 christ 2021-04-25 13:26:06 i will deal with this in a minute 2021-04-25 13:27:26 we will just make every single program its own package and then have util-linux be a metapackage, as originally intended 2021-04-25 13:29:03 Ariande: that's what I'd thought, and then individual package maintainers can decide whether to depend on util-linux in general or define a list of individual subpackages deps instead 2021-04-25 13:29:56 yes 2021-04-25 13:29:59 do that 2021-04-25 13:30:04 that's what we've been saying :p 2021-04-25 13:30:37 apart from mps 2021-04-25 13:32:24 i don't think that was what he was asking for 2021-04-25 13:32:29 rather for it to be made consistent 2021-04-25 13:32:34 or the previous split be reverted 2021-04-25 13:32:45 he can certainly correct me if i am wrong :) 2021-04-25 13:33:29 Ariadne: boolean logic, he used an "and", not an "or" ;-) 2021-04-25 13:34:38 anyway I can work on an MR for 1 binary per subpackage, obviously for after 3.14 2021-04-25 13:36:07 that's a hell of a way to approach granularity 2021-04-25 13:36:35 :D 2021-04-25 13:36:43 skarnet: everyone suffers 2021-04-25 13:37:04 I mean it's probably adequate for util-linux, but other packages may have more integration between binaries and natural granularity may be JUST A BIT more coarse 2021-04-25 13:37:18 well, my proposal is not every single binary 2021-04-25 13:37:23 but have like, the ones people actually want 2021-04-25 13:37:26 split out 2021-04-25 13:37:31 and then have util-linux-misc 2021-04-25 13:37:33 for the rest 2021-04-25 13:37:38 and then util-linux pulls it all 2021-04-25 13:37:40 :P 2021-04-25 13:37:53 instead of having $depends list, _mv_bin() could generate an install-if rule 2021-04-25 13:38:16 i'll outline my thoughts 2021-04-25 13:38:18 in a moment 2021-04-25 13:38:23 Ariadne: that's what I'd originall thought - but if the util-linux package (containing less commonly used binaries) still drags in all the other subpackages via deps then you'd be right back to the current situation 2021-04-25 13:38:32 I'm down for that experiment on util-linux, and then analyze server logs to see how many people install separate parts as opposed to the full util-linux metapackage 2021-04-25 13:38:35 minimal: no 2021-04-25 13:38:43 my guess is that most people will just get the whole thing 2021-04-25 13:38:44 minimal: the rest of the bins would go in *util-linux-misc* 2021-04-25 13:38:53 minimal: util-linux would just be metapackage 2021-04-25 13:39:05 minimal: i'll respond on the MR 2021-04-25 13:40:11 ok, thanks Ariadne. 2021-04-25 13:44:20 minimal: i am merging !20659 for now, but feel free to work on the solution i outlined for 3.15 2021-04-25 13:45:06 skarnet: I'm thinking in terms of other package's deps rather than what people manually install - e.g. I maintain the cloud-utils-growpart subpackage and the guy's working on the official Alpine AWS images mentioned its deps were too "heavy" so I tweaked it to use various util-linux subpackages to make it more lightweight (they still ended up writing their own code rather than using cloud-utils-growpart) 2021-04-25 13:45:31 this is not good, I have to say 2021-04-25 13:46:23 yes everything we do is not good 2021-04-25 13:46:29 thanks for the doom and gloom report 2021-04-25 13:46:51 minimal: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12637 2021-04-25 13:46:57 when I wanted to split vim there were objections, and vim with all its files is a lot bigger than util-linux 2021-04-25 13:47:01 you can like self-assign i guess if you want 2021-04-25 13:47:06 mps: Sorry, but I have a feeling this is quite contradictory to what you normally say 2021-04-25 13:47:25 mps: objections from who ? 2021-04-25 13:47:37 mps: i definitely support having a vim-minimal 2021-04-25 13:47:56 there is stalled MR, can't find now because i fixing laptop 2021-04-25 13:48:00 to the extent that i can support that 2021-04-25 13:48:06 since i do not use vim 2021-04-25 13:48:07 :p 2021-04-25 13:48:27 mps: its not specifically about size, its about wanting to use a binary but not wanting other binary to also be installed that will override Busybox's equivalent 2021-04-25 13:48:32 ^ 2021-04-25 13:48:51 yes this is basically 2021-04-25 13:49:06 busybox's implementation of some util-linux programs are better than the util-linux one 2021-04-25 13:49:09 and vice versa 2021-04-25 13:49:18 so allowing people to choose the individual programs is the right way 2021-04-25 13:49:29 for example i prefer busybox top over util-linux one 2021-04-25 13:49:54 minimal: as I wrote in MR, I agree with you 2021-04-25 13:50:04 can someone please merge !20775, !20781 and !20782? with these build tools merged I think the my other MRs will go green on CI 2021-04-25 13:50:07 then why are you mad that we are implementing that :p 2021-04-25 13:50:39 Ariadne: I think we are too chaotic nowadays 2021-04-25 13:50:52 that is main problem for me 2021-04-25 13:51:04 as you've been saying for the past several years 2021-04-25 13:51:17 we 'don't know' right way to do things 2021-04-25 13:51:20 the vim one is !13680 2021-04-25 13:51:32 Sheila: thanks 2021-04-25 13:51:55 and I'm not sure 'save ~2MB from 2-3dozen MB package' is actually sound 2021-04-25 13:52:29 mps: in that MR, the consensus was to create a more generic vim-minimal package instead of just splitting syntax files 2021-04-25 13:52:32 Sheila: this is intended as first in serie 2021-04-25 13:52:42 that's what maxice8 was saying 2021-04-25 13:52:46 by "yes, do that" 2021-04-25 13:53:08 as we have for iproute2 2021-04-25 13:53:13 Ariadne: yes, I know and all this I explained here when created MR 2021-04-25 13:53:38 and I'd prefer to see an actually minimal approach versus piecemeal axing away at things 2021-04-25 13:54:01 so what are you complaining about? the feedback in !13680 is that splitting out the vim syntax files isn't enough verses just making a vim-minimal subpackage 2021-04-25 13:54:04 :p 2021-04-25 13:54:16 e.g. I'd expect vim-minimal to have at least a *few* syntax files, e.g. for config 2021-04-25 13:54:44 Ariadne: :P 2021-04-25 13:55:04 they did not say "don't work on this", they said go farther than just splitting syntax files 2021-04-25 13:55:28 ^ 2021-04-25 13:55:51 (I maintain vim package for Adélie, so I'm interested in this work too) 2021-04-25 13:56:03 ehm, I don't have more time now, have to fix wifi driver on this new-old chromebook which is my workstation 2021-04-25 13:56:06 bratkartoffel: i'll look at it in a sec, i'm just wrapping up hostapd security fixes 2021-04-25 13:56:12 mps: :) 2021-04-25 13:56:35 mps: yes, fixing wifi driver is better than arguing over this :) 2021-04-25 13:56:58 btw, built kernel on arm32 in about 45 minutes. not bad 2021-04-25 13:57:42 my oak chromebook is pretty speedy with the work you did to get mainline kernel going on it 2021-04-25 13:57:43 lets reboot and see did I had luck with driver fixes 2021-04-25 13:57:48 almost as fast as my honeycomb 2021-04-25 13:58:11 yes, oak is really fast, though it is old model 2021-04-25 13:58:35 but I broke keyboard on it :( 2021-04-25 13:58:36 i'm not complaining, i only paid 150$ for it new 2021-04-25 13:59:04 the POS laptop i have that is dying on me now cost almost 3 grand 2021-04-25 13:59:14 and the chromebook is nearly as fast as that thing too 2021-04-25 14:00:05 alright, pushed hostapd and wpa-supplicant fixes 2021-04-25 14:00:32 bratkartoffel: i don't know shit about java 2021-04-25 14:00:38 bratkartoffel: what order do i need to push these in 2021-04-25 14:01:21 iirc ant is needed for maven, not sure about gradle 2021-04-25 14:02:17 yeah thats what i figured 2021-04-25 14:03:23 bratkartoffel: ok merged 2021-04-25 14:09:59 Ariadne: thanks, i'll keep an eye on the build 2021-04-25 14:12:26 Ariadne: the pkgdesc was a joke :D 2021-04-25 14:13:13 I'm getting this error on rootpkg: "mv: can't rename '/home/builder/aports/testing/bubblejail/pkg/Bubblejail/usr/share/fish/completions': No such file or directory" 2021-04-25 14:13:42 ah I think that I discovered the problem 2021-04-25 14:25:39 it uses "fish/vendor_completions.d'", should I patch it to 'fish/completions' ? 2021-04-25 14:59:05 yes 2021-04-25 14:59:13 just rename it in prepare() 2021-04-25 14:59:22 prepare() { default_prepare; mv whatever whatever } 2021-04-25 14:59:35 o whatever 2021-04-25 14:59:37 idk 2021-04-25 15:00:57 ah, I patched the meson.build file 2021-04-25 15:01:09 well, I think that the dir doesn't exist before build 2021-04-25 15:10:07 test fails due undefined KeyError: 'XDG_RUNTIME_DIR' 2021-04-25 15:10:19 should I define it arbitrary in check()? 2021-04-25 15:10:45 XDG_RUNTIME_DIR=/run/user/1000 ? 2021-04-25 15:13:51 uhM, maybe is not possible to run this checks on a container/builder since it will try to seccomp some process 2021-04-25 15:31:25 localhost:~/.local/share/bubblejail/instances/FirefoxInstance$ bubblejail run FirefoxInstance 2021-04-25 15:31:27 b"bwrap: Can't find source path /etc/ld.so.cache: No such file or directory\n" 2021-04-25 15:36:09 :D 2021-04-25 15:36:14 its gonna have to be patched i guess 2021-04-25 15:36:18 that's a glibc file 2021-04-25 15:36:23 we dont have that here 2021-04-25 15:36:39 yeah I had some idea about it 2021-04-25 15:36:50 it seems that it's directly brwap error 2021-04-25 15:37:13 but maybe is a bubblejail passing some wrong option 2021-04-25 15:37:26 yes 2021-04-25 15:37:33 see solution in https://gitlab.gnome.org/GNOME/gnome-desktop/-/merge_requests/107 2021-04-25 15:38:19 ah great 2021-04-25 15:48:29 ohh it works! 2021-04-25 15:49:00 I noticed it changes my user home with an standard user name 2021-04-25 15:49:03 file:///home/user/Downloads/ 2021-04-25 15:49:08 +1 for privacy lol 2021-04-25 15:50:46 :) 2021-04-25 15:51:07 see, its nice to use actually good software 2021-04-25 15:51:09 verses firejail 2021-04-25 15:51:13 which is actually a troll 2021-04-25 15:52:04 yeah 2021-04-25 16:01:44 !20852 2021-04-25 16:02:32 probably it needs more testing 2021-04-25 16:06:07 donoban: see the notes i left 2021-04-25 16:07:35 ok thanks 2021-04-25 16:09:05 Ariadne: what line do you see redundat? the builddir=$srcdir ? 2021-04-25 16:09:13 yes 2021-04-25 16:09:25 if I remove it, it fails patching 2021-04-25 16:09:32 >>> bubblejail: Unpacking /var/cache/distfiles/bubblejail-0.4.2.tar.gz... 2021-04-25 16:09:34 >>> ERROR: bubblejail: Is $builddir set correctly? 2021-04-25 16:09:36 >>> ERROR: bubblejail: prepare failed 2021-04-25 16:09:46 hmm, what is in $srcdir 2021-04-25 16:09:57 let me check 2021-04-25 16:10:15 normally builddir is initialized to "$srcdir"/$pkgname-$pkgver 2021-04-25 16:10:27 ah 2021-04-25 16:10:37 the problem is that it has all the tarball on src 2021-04-25 16:10:45 i guess keep it then 2021-04-25 16:10:45 it doesnt has a $pkgname-$pkgver dir 2021-04-25 16:10:58 ok 2021-04-25 16:11:06 though we should figure out why 2021-04-25 16:11:25 maybe is just the way they created the tar.gz? 2021-04-25 16:11:42 guess so 2021-04-25 16:12:17 maybe the unpack could check if there is a main dir or not, and in the second case create it 2021-04-25 16:12:23 ehh 2021-04-25 16:12:30 nah 2021-04-25 16:12:35 it will break too many things 2021-04-25 16:12:37 xd 2021-04-25 16:12:38 yes, tarball is improperly packed 2021-04-25 16:12:59 PureTryOut[m]2: i note in https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20844#note_154415 you say to remove a pmOS-specific comment about qmlplugindump failing 2021-04-25 16:13:09 PureTryOut[m]2: is there anything we can do from our side to solve that? 2021-04-25 16:14:46 if you use https://github.com/igo95862/bubblejail/archive/refs/tags/0.4.2.tar.gz instead of https://github.com/igo95862/bubblejail/releases/download/0.4.2/bubblejail-0.4.2.tar.gz you get a properly-packed tarball 2021-04-25 16:15:07 ah, i guess https://bugs.launchpad.net/qemu/+bug/1895305 is this issue 2021-04-25 16:16:09 i have some ideas as to what this might be 2021-04-25 16:16:12 i'll dig into it 2021-04-25 16:19:40 ah, ok Sheila I will fix it 2021-04-25 17:12:59 z3ntu: i'm working on fixing qemu 2021-04-25 17:13:18 oh cool :D 2021-04-25 17:14:00 Ariadne: keep me updated on what you find :) 2021-04-25 17:14:45 z3ntu: glibc signals SIGRT32 for a thread cancel, musl signals SIGRT33 2021-04-25 17:16:04 the other difference is that musl uses tkill(2) instead of tgkill(2) 2021-04-25 17:16:26 so, the next step is to check how qemu handles tkill/tgkill redirections 2021-04-25 17:16:48 probably uninitialized or truncated data somewhere 2021-04-25 17:16:58 thats what it was last time i debugged this sort of thing 2021-04-25 17:19:39 rt_sigprocmask(SIG_SETMASK, ~[BUS KILL SEGV STOP RTMIN RT_1 RT_2], NULL, 8) = 0 2021-04-25 17:19:39 tkill(1352, SIGRT_4) = ? 2021-04-25 17:19:39 +++ killed by SIGRT_4 +++ 2021-04-25 17:19:40 hmm :) 2021-04-25 17:20:43 so i think something isnt being set up right by qemu 2021-04-25 17:23:08 hmm 2021-04-25 17:23:09 ignore-signals-33-and-64-to-allow-golang-emulation.patch 2021-04-25 17:25:28 i'm pretty sure it is this 2021-04-25 17:27:18 \h:\w\$ qemu-aarch64 ./musl-static.out 2021-04-25 17:27:18 zsh: unknown signal qemu-aarch64 ./musl-static.out 2021-04-25 17:27:27 so the RT36 comes from ash 2021-04-25 17:27:28 ok 2021-04-25 17:32:10 i dont think we need this patch anymore anyway 2021-04-25 17:32:19 because go uses a different signalling mechanism these days 2021-04-25 17:33:57 i'm checking 2021-04-25 17:39:03 ok 2021-04-25 17:39:06 yeah 2021-04-25 17:39:08 its this patch 2021-04-25 17:39:11 which we dont even need anyway 2021-04-25 17:40:04 nanabozho:~/aports/community/qemu/src/qemu-5.2.0/build-static/aarch64-linux-user$ ./qemu-aarch64 ~/qemu-pthread_cancel/musl-static.out 2021-04-25 17:40:04 OK, alive 2021-04-25 17:42:31 z3ntu: got it ^ 2021-04-25 17:42:40 z3ntu: this is our bug, it doesn't affect upstream 2021-04-25 17:44:45 I do recall seeing this patch in aports, not sure why I didnt try without this patch... 2021-04-25 17:45:25 5.2.0-r5 has the patch removed 2021-04-25 17:45:27 we don't need it 2021-04-25 17:45:34 go uses a totally different signalling mechanism now 2021-04-25 17:45:39 with eventfd 2021-04-25 17:45:58 and i suspect the patch was broken anyway 2021-04-25 17:52:43 Ariadne: did you write soemthing to firejail maintainer? I suppose that it's something really minor but maybe would be nice to add to https://wiki.alpinelinux.org/wiki/Draft_Release_Notes_for_Alpine_3.14.0 , for users that currently using it 2021-04-25 17:56:36 donoban: why would i write to a troll and/or APT? 2021-04-25 17:57:18 uHM, are you sure is he a troll? 2021-04-25 17:57:26 yeah 2021-04-25 17:57:29 i'm pretty sure 2021-04-25 17:57:42 https://pkgs.alpinelinux.org/packages?name=&branch=edge&maintainer=Stuart+Cardall 2021-04-25 17:57:43 you have to work at making such a broken software 2021-04-25 17:57:48 oh 2021-04-25 17:57:52 the package maintainer 2021-04-25 17:57:55 yes 2021-04-25 17:57:57 :D 2021-04-25 17:58:00 i did notify him that it was removed 2021-04-25 17:58:22 ok 2021-04-25 17:59:17 Ariadne: Hanlon's razor cuts again 2021-04-25 17:59:46 skarnet: nah 2021-04-25 18:00:02 skarnet: firejail is so bad that you would have to intentionally do it this badly 2021-04-25 18:00:22 that can be said of a lot of bad things in the world, and yet 2021-04-25 18:00:48 but still 2021-04-25 18:01:00 what value can be derived with talking to an upstream that produced ... that 2021-04-25 18:01:12 at some point you just have to cut your losses 2021-04-25 18:01:31 oh, I agree 2021-04-25 18:01:40 it doesn't change the outcome 2021-04-25 18:01:59 its ok 2021-04-25 18:02:04 well at least there is a promising alternative 2021-04-25 18:02:57 i'm planning to use firejail as an example program to break in future cybersecurity curriculum that i teach, if i ever wind up doing that again 2021-04-25 18:03:31 even the most novice reverse engineer should be able to jailbreak from firejail 2021-04-25 18:03:33 :) 2021-04-25 18:03:40 firejailbreak 2021-04-25 18:04:24 z3ntu: anyway thanks for your work on the testcase 2021-04-25 18:08:55 donoban: i accepted your bubblejail package 2021-04-25 18:09:38 Ariadne: forgot to squash commits 2021-04-25 18:09:45 f 2021-04-25 18:10:11 great :D 2021-04-25 18:10:20 I wil test intensively this week 2021-04-25 18:10:27 probably I should push some fix 2021-04-25 18:10:29 donoban: would be nice if you could squash / fixup commits 2021-04-25 18:10:47 uhM, how? 2021-04-25 18:10:53 git rebase 2021-04-25 18:11:14 no point in doing it now 2021-04-25 18:11:32 well but I don't know exactly what to do next time 2021-04-25 18:11:54 I have an opened MR 2021-04-25 18:11:55 git rebase --interactivee 2021-04-25 18:11:56 with tons of commits 2021-04-25 18:12:03 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20480 2021-04-25 18:12:13 could I fix this? 2021-04-25 18:12:22 yes 2021-04-25 18:12:37 let me try 2021-04-25 18:12:39 yes with git rebase --interactive 2021-04-25 18:13:22 let "noop" as comment? 2021-04-25 18:13:40 git rebase -i master 2021-04-25 18:14:10 uhM 2021-04-25 18:14:49 conflicts :\ 2021-04-25 18:15:17 git rebase --abort 2021-04-25 18:15:37 What branch did you base your feature branch on? 2021-04-25 18:15:53 uhmM 2021-04-25 18:16:06 note that I first did: git rebase --interactiv 2021-04-25 18:16:21 I suppose that it's based on master 2021-04-25 18:16:29 but probably on a older master 2021-04-25 18:18:02 currently I see all commits on git log 2021-04-25 18:18:19 maybe should pull from upstream master before doing the rebase? 2021-04-25 18:18:27 git pull --rebasee 2021-04-25 18:18:30 git pull --rebase 2021-04-25 18:18:33 then do 2021-04-25 18:18:43 git rebase origin/master --interactive 2021-04-25 18:19:06 git pull --rebase or git pull upstream --rebase? 2021-04-25 18:19:15 first only does 2021-04-25 18:19:17 localhost:~/aports$ git pull --rebase 2021-04-25 18:19:19 ⚠ redirecting to https://gitlab.alpinelinux.org/donoban/aports.git/ 2021-04-25 18:19:21 Already up to date. 2021-04-25 18:19:33 ok then 2021-04-25 18:19:39 git rebase origin/master --interactivee 2021-04-25 18:19:45 it should only show you your own commits 2021-04-25 18:19:56 yes 2021-04-25 18:20:06 great 2021-04-25 18:20:09 ahh 2021-04-25 18:20:10 conflict agian 2021-04-25 18:20:13 same conflict than before 2021-04-25 18:20:15 :D 2021-04-25 18:20:22 localhost:~/aports$ git rebase origin/master --interactive 2021-04-25 18:20:23 Auto-merging community/tg_owt/APKBUILD 2021-04-25 18:20:25 CONFLICT (content): Merge conflict in community/tg_owt/APKBUILD 2021-04-25 18:20:35 resolve it 2021-04-25 18:20:36 can I force my version? 2021-04-25 18:20:36 then do 2021-04-25 18:20:48 git add community/tg_owt/APKBUILD *after* fixing the file with your editor 2021-04-25 18:20:54 then git rebase --continue 2021-04-25 18:21:10 ok 2021-04-25 18:26:07 something is wrong here 2021-04-25 18:27:18 this source: libyuv-$_libyuv_commit.zip::https://codeload.github.com/lemenkov/libyuv/zip/$_libyuv_commit is totally lost when I do the rebase 2021-04-25 18:27:36 it's replaced with googlesource URLS that were problematic with checksums 2021-04-25 18:27:56 I try to fix the conflict and the right URL has dissapeared :\ 2021-04-25 18:28:25 uhM 2021-04-25 18:32:37 I'm gonna save the file before rebasing and then replacing it 2021-04-25 18:36:50 >>> tg_owt: Updating the sha512sums in APKBUILD... 2021-04-25 18:36:52 sha512sum: can't open 'cmake_fixes.patch': No such file or directory 2021-04-25 18:36:54 >>> ERROR: tg_owt: sha512sum failed 2021-04-25 18:36:56 great, it removed it :| 2021-04-25 18:37:43 maybe is easier to close this MR and reopen another 2021-04-25 18:37:44 :D 2021-04-25 18:42:56 nah, `git rebase --abort` and check the log for your commits specifically, then rebase with that range. 2021-04-25 18:43:12 uhM 2021-04-25 18:43:53 Ariadne: not really, it's a Qemu bug afaik. More details in https://gitlab.com/postmarketOS/pmbootstrap/-/issues/1970 2021-04-25 18:44:05 it is 2021-04-25 18:44:11 we fixed it already 2021-04-25 18:44:11 :p 2021-04-25 18:44:49 or rather i did 2021-04-25 18:44:55 earlier today 2021-04-25 18:45:39 Oh lol nice. But we don't have packages in pmOS anymore with that problem 😛 Thanks for any future packages though! 2021-04-25 18:45:49 Got a link to the fix so I can mention it in the issue? 2021-04-25 18:46:03 i updated it 2021-04-25 18:46:18 Oh derp lol 2021-04-25 18:47:34 Sheila: it seems that I end on the same problems 2021-04-25 18:50:03 `git rebase -i FirstCommitOfInterest...LastCommitOfInterest`, I think? 2021-04-25 18:50:11 yes 2021-04-25 18:50:27 well, without the ... 2021-04-25 18:51:48 honestly is more simple to go master and overrwite the files 2021-04-25 18:51:48 ah, well, that's why it didn't work. you want to specify the range of commits, not the first and last, hence the ... 2021-04-25 18:52:13 uhm , I always get something like this 2021-04-25 18:52:34 https://tpaste.us/axbB 2021-04-25 18:53:06 but then it conlficts and conflicts and conflicts 2021-04-25 18:53:20 I fix, git commit add, git rebase --continue, conflict 2021-04-25 18:53:58 I can save both tg_owt, telegram dirs, create a new branch from master overwrite them and just commit 2021-04-25 18:54:06 community/telegram-desktop: upgrade to 2.7.1 (add maintainer) :D 2021-04-25 18:54:27 you could also try `git rebase -i HEAD~5`, given how recent it is. 2021-04-25 18:54:43 let's try :D 2021-04-25 18:54:47 (maybe ~6) 2021-04-25 18:55:29 Successfully rebased and updated detached HEAD. 2021-04-25 18:55:39 but I guess it is not final yet 2021-04-25 18:56:38 uhM, now git status says: 2021-04-25 18:56:43 HEAD detached at refs/heads/telegram-newtry 2021-04-25 18:58:48 you were able to merge your commits in to one, though, right? 2021-04-25 18:58:58 s/merge/rebase/ 2021-04-25 18:58:58 Sheila meant to say: you were able to rebase your commits in to one, though, right? 2021-04-25 18:59:23 uhM, with last command? 2021-04-25 19:05:20 yes. 2021-04-25 19:07:49 sorry Sheila , I appreciate your effort on doing it with the right way, but I give up for today :) 2021-04-25 19:07:58 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20855 2021-04-25 19:09:56 oh my god 2021-04-25 19:10:01 build failed :( 2021-04-25 19:15:26 well, now I have an easy game 2021-04-25 19:15:33 could I mix this two commits? https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20855/commits 2021-04-25 19:15:48 I tried "git rebase -i" and "git rebase -i master" 2021-04-25 19:19:37 so what did you do when the screenful of commits popped up? cos the process is basically just replacing 'pick' with 'fixup' for the commits *after* the one you want to use the commit message for, and you can reorder commits to make it easier. 2021-04-25 19:20:51 I didn't modify nothing 2021-04-25 19:22:33 okay, then here you would do `git rebase -i HEAD~2` and change 'pick' before the last commit in the list to 'fixup', then save and quit. 2021-04-25 19:22:53 well I did pulled from upsteram 2021-04-25 19:23:00 and now I have another commit 2021-04-25 19:23:33 let's try... I hope not to end your patience :S 2021-04-25 19:24:13 okay. in the future, before you do any work, do `git checkout -b somebranchname` and don't pull on anything while in that branch. (you can switch branches via `git branch`) 2021-04-25 19:24:34 yes yes I've already do that 2021-04-25 19:24:45 let me show you 2021-04-25 19:25:15 https://tpaste.us/qgmy 2021-04-25 19:25:33 my two commits and the third from upstream 2021-04-25 19:25:49 okay. `pick da10fc61cc Add missing files` -> `fixup da10fc61cc Add missing files` 2021-04-25 19:26:18 and cut and paste the third one so that it's the first in the list. 2021-04-25 19:26:19 should I rename to community/telegram-desktop: upgrade to 2.7.1 (add maintainer) ? 2021-04-25 19:26:31 no, don't touch anything else. 2021-04-25 19:26:57 ah 2021-04-25 19:27:07 so I should replaced all the picks with fixup? 2021-04-25 19:27:18 no. only the one I specifically told you. 2021-04-25 19:27:29 i mean when I had 50 commits 2021-04-25 19:28:09 again, no. only the commits you are specifically flattening in to the parent commit. 2021-04-25 19:30:04 the 99% 2021-04-25 19:30:10 the idea is not left just 1 commit? 2021-04-25 19:30:30 lol 2021-04-25 19:30:32 Sheila⏪ 2021-04-25 19:30:44 now the other commit is on my MR 2021-04-25 19:30:46 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20855/commits 2021-04-25 19:31:11 yes, that is why I told you to put it at the top. 2021-04-25 19:31:21 I did it! 2021-04-25 19:31:49 in my git log it is before my commit 2021-04-25 19:32:00 maybe 2021-04-25 19:32:02 okay, brainfart on my end; it should have been `drop`ed 2021-04-25 19:32:02 if I rebase the MR 2021-04-25 19:32:25 (that is, replace `pick` before it with `drop` when you rebase) 2021-04-25 19:32:33 ok 2021-04-25 19:32:57 and don't pull upstream mid-work again ;) 2021-04-25 19:33:36 fixup a682714fd6 Use different URL for get properly packed tarball 2021-04-25 19:33:38 drop 11d0ca3667 community/cloud-utils: add growpart reliability patch 2021-04-25 19:33:40 pick 5f3d8af279 community/telegram-desktop: upgrade to 2.7.1 (add maintainer) 2021-04-25 19:33:54 hehe yes sorry 2021-04-25 19:34:21 no, leave that first one alone since its parent commit isn't listed here 2021-04-25 19:34:45 uhM, I don't get it 2021-04-25 19:35:31 the commit you're want to flatten that first one in to isn't in the list, so it should be left alone. 2021-04-25 19:35:58 should redo with HEAD~4? 2021-04-25 19:38:41 if those commits are already upstream, it's best to leave it alone. 2021-04-25 19:39:28 Successfully rebased and updated refs/heads/telegram. 2021-04-25 19:39:36 this seems good 2021-04-25 19:40:21 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20855/commits 2021-04-25 19:40:24 yeah! :D 2021-04-25 19:41:09 so the policy is 1 upgrade / new packet / similar... -> 1 commit ? 2021-04-25 19:41:18 :toot: 2021-04-25 19:42:33 donoban: https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/COMMITSTYLE.md 2021-04-25 19:42:53 oh yes :) 2021-04-25 19:43:14 I will read before doing anything 2021-04-25 19:44:36 Is it better/faster to use gitlab for patches or mailing list? My patch still hasn't been added and I have no feedback on it. Am I too impatient? :) 2021-04-25 19:46:06 tomleb: gitlab is better 2021-04-25 19:47:07 usually faster also 2021-04-25 19:49:27 :fmt.Printf("%#v", releases) 2021-04-25 19:58:23 i was wondering, if firejail sucks, but bubblewrap doesnt (i suppose its not suid?), then i wonder what about minijail or nsjail, how do all these compare to each other, why does bubblewrap come out on top? 2021-04-25 19:59:01 We already use bubblewrap 2021-04-25 20:00:00 oh? where and how? 2021-04-25 20:00:48 abuild uses bubblewrap when you use rootbuild 2021-04-25 20:01:18 oh. right. that makes sense. but that is more of a dev feature, and less of a security feature i guess? 2021-04-25 20:01:29 Right 2021-04-25 20:02:22 but firejail,bubblewrap,nsjail and minijail are marketed as security tools. and i wonder about them in that context 2021-04-25 20:03:33 firejail is just not a security tool, despite attempts to market it as one. 2021-04-25 20:04:09 I can't comment on nsjail or minijail, though. 2021-04-25 20:08:28 well, i guess it also depends on the threatmodell, it might make sense to use firejail to sandbox things and increase security in terms of rce, but on the otherhand it also decreases security when it comes to lpe - or is there more to it? 2021-04-25 20:13:20 firejail is incredibly broken and not developed with real security in mind, is the problem. 2021-04-25 20:14:11 do you have references for this? i'm very interested in learn about this (and also in comparison to the other 3 tools i listed) 2021-04-25 20:17:21 oh. cloudflare also built something similar with very good seo in mind, called it sandbox 2021-04-25 20:17:42 >sandbox >good seo >mfw 2021-04-25 20:18:03 Why does abuild think " masked in: --no-network" 2021-04-25 20:18:06 ? 2021-04-25 20:18:06 Ariadne did some poking this morning, hence it being removed from Alpine (again) 2021-04-25 20:18:44 I'm just invoking abuild 2021-04-25 20:19:10 Thermi invoking it how 2021-04-25 20:19:30 https://bpa.st/DXHA 2021-04-25 20:19:39 Pasted into the shell directly 2021-04-25 20:19:47 no idea 2021-04-25 20:19:51 Fucking abuild 2021-04-25 20:19:59 it shouldn't be invoking apk with --no-network theree 2021-04-25 20:21:09 wdtTP2O82Kft: firejail has had a gazillion CVEs 2021-04-25 20:21:21 wdtTP2O82Kft: it is also SUID 2021-04-25 20:22:36 wdtTP2O82Kft: one of the CVEs was so utterly stupid, you could bind-mount over /etc and then root the system that way (e.g. by replacing /etc/shadow) 2021-04-25 20:23:10 yeah, i saw that, but looking at https://firejail.wordpress.com/download-2/cve-status/ - it seems there was a bunch in 2016, but only 2 / year in the last to years. 2021-04-25 20:23:30 yes, well the correct number is zero 2021-04-25 20:23:38 we will not be readding it 2021-04-25 20:24:18 Ariadne: apk lies: https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/src/commit.c#L425 2021-04-25 20:24:18 there's not many packages with 0, based on that argument, alpine would be easily maintained :P 2021-04-25 20:24:33 there are vulnerabilities in it even today, or so I was told this morning. 2021-04-25 20:24:41 basic newbie-tier shit. 2021-04-25 20:25:32 and i guess it has to be suid if it wants to do container stuff 2021-04-25 20:25:34 Thermi: ah, you have some orphaned dependency i guess 2021-04-25 20:25:45 wdtTP2O82Kft: no it doesn't 2021-04-25 20:26:22 you can do clone(2) into a new userns without root privilege 2021-04-25 20:26:31 Guess I have to rebuild the VM then. I didn't do any esoteric shit in it. 2021-04-25 20:26:43 Or the notebook's HW (likely) fucks with me. 2021-04-25 20:26:48 Thermi try using apk fix 2021-04-25 20:27:01 ariadne, lol wtf how could you root the system by bind-mounting over /etc/shadow? 2021-04-25 20:27:17 dalias: supply new /etc/shadow :) 2021-04-25 20:27:19 bind mount a shadow file over it with a known root password 2021-04-25 20:27:38 yes but then there's nothing that will be interpreting your replacement with top-level-user-namespace root 2021-04-25 20:27:48 nono 2021-04-25 20:27:50 only things running inside your namespace 2021-04-25 20:27:52 which run as you 2021-04-25 20:27:53 nonono 2021-04-25 20:27:58 you're assuming it's using namespaces. 2021-04-25 20:27:58 :D 2021-04-25 20:28:04 firejail was doing this outside the namespace 2021-04-25 20:28:16 lmao wtf 2021-04-25 20:28:30 it was using unionfs wrong 2021-04-25 20:28:33 or some shit 2021-04-25 20:28:37 there's a CVE about it 2021-04-25 20:28:50 this sounds like it would jut be world-breaking 2021-04-25 20:28:55 but basically 2021-04-25 20:28:59 before you even get to the 'this is a vuln' stage 2021-04-25 20:29:02 you could give some flag to firejail 2021-04-25 20:29:03 like everything on the system would break 2021-04-25 20:29:08 yeah so 2021-04-25 20:29:13 you could give some flag to firejail 2021-04-25 20:29:15 zomg so much more jailing tools: https://www.linuxor.sk/index.php?cat=linkz&doc=technologies-linux-sandbox 2021-04-25 20:29:17 because you fucked up the top-level mount namespace's /etc 2021-04-25 20:29:20 like --mount /etc:/whatever 2021-04-25 20:29:25 and the top level /etc 2021-04-25 20:29:27 gets replaced 2021-04-25 20:29:34 why is firejail suid anyway?? 2021-04-25 20:29:40 mps: thanks, I'll use gitlab for following patches 2021-04-25 20:29:48 you can do anything it *should* be doing without root 2021-04-25 20:30:28 because it's badly-written software. 2021-04-25 20:30:38 :-p 2021-04-25 20:30:41 (which is precisely why it shouldn't be) 2021-04-25 20:31:37 https://seclists.org/oss-sec/2017/q1/25 2021-04-25 20:31:43 the --tmpfs thing still works to this day 2021-04-25 20:32:03 just build yourself a nice chain of SUID commands to run 2021-04-25 20:32:07 its so stupid 2021-04-25 20:32:15 but basically you can --tmpfs /etc 2021-04-25 20:32:44 the system is entirely screwed of course if you actually do this 2021-04-25 20:32:47 but it will let you gain root 2021-04-25 20:32:48 ;) 2021-04-25 20:32:51 "--tmpfs allowd only as root user" 2021-04-25 20:32:54 yeah 2021-04-25 20:33:03 there's ways around that :p 2021-04-25 20:33:37 anyway a good jail operates on least-privilege. firejail...fails that egregiously. 2021-04-25 20:34:55 "--tmpfs /sbin" is much funnier 2021-04-25 20:35:58 like i said 2021-04-25 20:36:01 this software is so bad 2021-04-25 20:36:04 it has to be a troll 2021-04-25 20:37:42 i don't want to sound elitist but i feel like "security software" shipped by alpine should be written by people with some level of clue 2021-04-25 20:37:52 not... whatever this is 2021-04-25 20:39:06 please sound elitist and own it 2021-04-25 20:39:13 ^ 2021-04-25 20:39:16 tech desperately needs it 2021-04-25 20:40:23 also the last time this came up 2021-04-25 20:40:28 firejail had code like 2021-04-25 20:40:38 if (!strcmp(getenv("USER"), "root")) {...} 2021-04-25 20:40:42 sooooooo 2021-04-25 20:40:45 :) 2021-04-25 20:40:55 lmfao 2021-04-25 20:41:33 i don't wanna kink shame but... 2021-04-25 20:41:41 that's still not "troll" to me, that's "first year compsci student who wants to become famous with securitah" 2021-04-25 20:42:54 isn't that the same thing tho 2021-04-25 20:43:21 now that you put it that way 2021-04-25 20:43:49 but anyway, if you can gain euid=0 2021-04-25 20:43:58 then it will gladly let you play with --tmpfs 2021-04-25 20:44:01 sooooooo 2021-04-25 20:44:10 just throwing that out there 2021-04-25 20:44:29 tbh with euid=0 I don't need firejail to do kinky shit with tmpfs :P 2021-04-25 20:44:58 i think the only reason why this has a lack of CVEs is because any security person who comes near it just starts laughing hysterically 2021-04-25 20:45:56 but its gone from alpine again 2021-04-25 20:46:00 should sponsor a student-level hackathon with prizes for best exploit, etc. 2021-04-25 20:46:02 and hopefully this time it remains gone 2021-04-25 20:46:03 from alpine 2021-04-25 20:46:05 :) 2021-04-25 20:47:15 but yeah if you can get by its (broken) root checks 2021-04-25 20:47:21 it will let you do all sorts of kinky shit 2021-04-25 20:47:22 :p 2021-04-25 20:47:55 i suspect at least 50% of the people on this channel could break it 2021-04-25 20:47:58 env USER=root firejail ... 2021-04-25 20:47:58 :p 2021-04-25 20:48:09 Sheila: for certain versions yes 2021-04-25 20:48:18 not sure if that one is still usable 2021-04-25 20:48:26 i'm sure there's something equally moronic tho 2021-04-25 20:59:24 ikke: maybe we should replace all of lua-aports with your Go stuff? 2021-04-25 20:59:53 Slowly working on it 2021-04-25 22:12:17 wdtTP2O82Kft: I just started today with bubblejail and I feel that apart that it uses bwrap (which is theorically more robust and tested than firejail, and optionally nosuid) and written in python (theorically safer and arch indepent), I feel that it has a better design 2021-04-25 22:15:28 firejail uses a massive set of rules defined on /etc/firejail/, at least in alpine most applications fail in some rule so or just use --noprofile and adapt to your needs or modifiy the configuration files 2021-04-25 22:19:52 donoban: i think you're supposed to define your own "local" profiles that override the defaults, but yeah, same idea 2021-04-25 22:20:10 with bubblejail you have a few predefined profiles and services and you then define instances, I think that its a more organized way than hundreds of files on /etc/firejail 2021-04-25 22:21:22 yes but if I have to set up my own pofiles don't ship it with hundreds of them supposed to work 2021-04-25 22:22:24 bubblejail only has 8 profiles and at least firefox works as shipped :D 2021-04-25 22:22:52 donoban: it's preconfigured for systemd systems. 80% of the time they work 2021-04-25 22:23:19 yes I guess that it's mostly based on ubuntu/debian/arch... but well 2021-04-25 22:23:21 better than shipping it with nothing. and most of the configuration works, it's just you might need minor teaks here and there which is what the local config do 2021-04-25 22:23:36 is it perfect? nah. but it's a pretty easy way to get sandboxing going 2021-04-25 22:24:05 I don't know if removing it was really needed but here it does not have much affection 2021-04-25 22:24:52 and i probably wouldn't call python a "safe" language, but i've used firejail for a while and it works well for me 2021-04-25 22:26:36 well I think it should be less error prone / memory safe / easy to maintain... 2021-04-25 22:27:17 memory safe, easy to maintain sure. but the duck typing leads to runtime throws, espcially if it was developed like shit 2021-04-25 22:28:52 hehe well I don't know what to say, I was using fireijail until day, in fact I have some firejail process still running 2021-04-25 22:29:46 I'm excited about migrate to bubblejail but I understand your feeling if you are using firejail for long time 2021-04-25 22:32:21 it's time for sleep! good night guys see you tomorrow :D 2021-04-25 22:36:02 hmm, my question was not so much in defense of firejail, it was more like, what other solutions are there and how do they compare, see also nsjail, minijail for example 2021-04-26 00:14:24 from what i read above, firejail is *much* worse than nothing 2021-04-26 00:14:52 there is utterly no excuse for a sandbox to be suid 2021-04-26 00:16:02 ariadne, how does dropping a horribly insecure package interact with security? 2021-04-26 00:16:06 i'm confused, it seems both nsjail and minijail also need suid for some features 2021-04-26 00:16:36 is there a notification of any sort that it was dropped for unfixed vuln reasons and that if you still have the last version that was available, it's insecure and should be removed? 2021-04-26 00:17:00 wdttp2o82kft, presumably because ppl making this stuff don't know what they're doing ... ? 2021-04-26 00:17:15 minijail is the sandbox on android 2021-04-26 00:17:53 on android it might be because there are still devices with 15-year-old kernels... 2021-04-26 00:18:08 dalias: sandboxes not requiring root is more of a linux thing with user namespaces than a general *nix thing, right? 2021-04-26 00:24:42 ericonr, if so, only because nobody else has bothered to do it right 2021-04-26 00:31:52 hmmm, i just tried minijail works if i don't give it '-u nobody', however if i do, only with a sudo prefix it works. my kernel is 5.10, and i have minijail0 cap_setuid=eip 2021-04-26 00:41:27 it's probably just minijail being misdesigned 2021-04-26 01:33:00 why would building an app that uses getcontext fail only on ppc64? https://gitlab.alpinelinux.org/craftyguy/aports/-/jobs/379942#L956 2021-04-26 01:33:07 (all other archs are fine) 2021-04-26 02:47:31 maybe a bug in libucontext? 2021-04-26 02:59:08 how? the failure is from ld: undefined reference to symbol 'getcontext' 2021-04-26 02:59:28 even though libucontext-dev is installed, and no other arch have that problem 2021-04-26 02:59:37 so maybe it's incomplete on ppc64 ? 2021-04-26 03:01:19 ah this (libucontext) is Ariadne's project, maybe you know what's up with that :) 2021-04-26 03:11:27 add -lucontext to $LIBS 2021-04-26 03:17:14 (basically what's happening is that it doesn't know it needs to link libucontext, so however you tell meson to do that is what will fix it.) 2021-04-26 03:17:44 it's weird that it's only ppc64el that fails, though. 2021-04-26 03:18:06 craftyguy: ^ 2021-04-26 03:29:49 ah thanks, I'll try that 2021-04-26 03:38:02 Sheila: nice that worked, thanks for the help :) 2021-04-26 04:19:47 Ariadne: I figured out what changed and broke at the very least my kopano service scripts. It looks like openrc circular dependency resolving broke because it doesn't break weak dependencies (want) first. Instead it just deadlocks. 2021-04-26 05:56:51 tomleb: I forgot to add that gitlab have APKBUILD linter and CI (which are very useful for review patches) and integrated bug/issue system 2021-04-26 05:57:09 (and not so good web interface :) ) 2021-04-26 06:13:02 craftyguy could be that its build scripts conditionally link differently depending on architecture, for example 2021-04-26 06:13:30 dalias: well i did drop the package :p 2021-04-26 06:18:29 security is like a God, no one knows what is it but everyone talk about it 2021-04-26 06:18:48 good morning 2021-04-26 06:19:00 and there are even churches and priests of security 2021-04-26 06:19:09 Thermi: yes, it seems like lots of regressions in openrc 0.43.x 2021-04-26 06:19:11 good morning :) 2021-04-26 06:19:17 Thermi: i'm disappointed so far with it 2021-04-26 06:20:50 dalias: as for package removal announcement, i can send a notice to alpine-devel list and make a note in the 3.14 release notes 2021-04-26 06:22:23 Ariadne: I see that you merged nvme-cli. does it build on ppc64le? 2021-04-26 06:23:13 i can check but our ppc64le builder is MIA anyway 2021-04-26 06:23:47 which is not good since we're about to do the 3.14 rebuild i guess 2021-04-26 06:23:49 yes, it is. nvme-cli failed in CI on ppc64le 2021-04-26 06:24:13 let me check it on my ppc64le box 2021-04-26 06:24:33 but first let me `apk fetch --force coffee` IRL 2021-04-26 06:24:51 sure, I just did that :) 2021-04-26 06:26:38 Newbyte: yeah, it's probably something like that 2021-04-26 06:29:13 mps: >>> nvme-cli: Building community/nvme-cli 1.14-r0 (using abuild 3.7.0-r1) started Mon, 26 Apr 2021 00:28:44 -0600 2021-04-26 06:29:40 nvme-rpmb.c:201:19: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'AF_MAX'? 2021-04-26 06:29:42 indeed 2021-04-26 06:29:47 but this is easy to fix 2021-04-26 06:30:20 yes, I think we had patch for this in some previous git commit for it 2021-04-26 06:31:03 can't access my dev lxcs right now to check 2021-04-26 06:32:26 its because they aren't including limits.h 2021-04-26 06:32:52 i guess on other platforms it winds up included somehow 2021-04-26 06:34:09 probably (black/white magic) 2021-04-26 06:35:47 i'll send a PR to them in a moment 2021-04-26 06:39:22 why are old versions of packages deleted from pkgs.alpinelinux.org? they don't seem to actually take that much space, I've been archiving them for about 4 months and it takes up under 20gb (just the latest version of everything is about 15gb) 2021-04-26 06:42:13 tbodt: Because old packages break when sonames are bumped 2021-04-26 06:42:44 ah I guess if you want the old version of something you also need the APKINDEX from that point 2021-04-26 06:45:51 mps: https://github.com/linux-nvme/nvme-cli/pull/1019 2021-04-26 06:46:33 tbodt: i want to set up an archive where you can get the alpine package tree at any date (for reproducible builds) 2021-04-26 06:46:45 I did this actually 2021-04-26 06:46:55 wow, great! 2021-04-26 06:47:10 Ariadne: I see, you are so fast :) 2021-04-26 06:47:24 apk.ish.app/v3.12-2021-04-24/main/x86/APKINDEX.tar.gz 2021-04-26 06:47:49 however I only did it for x86 and 3.12 2021-04-26 06:55:21 ACTION mubles "something something testing suites" 2021-04-26 06:55:26 ACTION *mumbles 2021-04-26 07:07:10 Thermi: more like lets find somebody willing to pour gas on s6 so we can get off this ride 2021-04-26 07:29:36 How are pkgusers coordinated between builder and installed location? I got 'pkggroups="kopano http"' in the APKBUILD, but the http group doesn't exist on the system after installing and even after defining it, the gid doesn't match up 2021-04-26 07:29:54 So what magic do I have to perform for that to work? For nginx it at the very least seems to work without post install chown 2021-04-26 07:37:31 pre-install script 2021-04-26 07:40:54 Generally, how is it guaranteed that uids and gids generated at build time using pkgusers and pkggroups don't conflict between different packages? 2021-04-26 07:41:52 tar matches it by name 2021-04-26 07:41:54 Is the uid and gid of the users and groups recorded in the packages and then at install time a lookup in /etc/groups and /etc/shadow is done? 2021-04-26 07:41:59 Hmmmh. 2021-04-26 07:42:02 HMMMH, 2021-04-26 07:42:03 I see. 2021-04-26 07:42:08 So basically what I guessed it does. 2021-04-26 07:42:53 If the name is not found, it will use the actual uid/gid 2021-04-26 09:19:30 so I'm the maintainer of retroarch package and 2 weeks ago without any notice or approval a version was merged including a new patch provided in it 2021-04-26 09:19:55 is there a policy somewhere about why being a maintainer seems to be just a "name figuring" in APKBUILD? 2021-04-26 09:22:14 I'm talking about !20220 2021-04-26 09:22:56 while I think it's cool that other people may look at the package you're maintaining, it's not cool that you aren't notified at all 2021-04-26 09:23:22 especially since this merge request forgot to update other packages as well (retroarch-assets for example) 2021-04-26 09:24:00 markand: Sorry about that. We're currently working on aports-qa-bot so that it automatically assigns you to review MRs that touch your packages 2021-04-26 09:25:06 Usually we'd wait a week or two for the maintainer to respond and if they don't respond and the change is only minor (e.g. a minor version bump), we'd merge it. If there's a bigger change we'd wait longer for the maintainer/assign a new maintainer if they don't respond any more 2021-04-26 09:25:31 the merge request was merged the next day it was proposed for this one 2021-04-26 09:25:43 submitted on april 6, merged on april 7 2021-04-26 09:29:51 i think it would be nice to have a field indicating whether "fast" non-maintainer changes are welcome 2021-04-26 09:30:26 Hm, not sure if that's worth it 2021-04-26 09:30:49 If the maintainer doesn't respond within X days, do we really want to block the MR for (potentially) ever? 2021-04-26 09:30:57 I would definitely appreciate such a field 2021-04-26 09:31:07 Cogitri: of coure not 2021-04-26 09:31:21 I think a general guideline ("please wait X days for the maintainer to respond") would be best 2021-04-26 09:31:40 Cogitri: yes, but some are OK with fast changes 2021-04-26 09:31:52 Cogitri: so having a field makes sense 2021-04-26 09:32:05 If the maintainer does not respond, do they still maintain that package? 2021-04-26 09:32:12 ^ 2021-04-26 09:33:06 in other distros, there is a cutoff after 14-21 days usually where a non-maintainer change is allowed, unless the maintainer opts into fast changes 2021-04-26 09:34:31 having a field allows for a maintainer to signal specific policy regarding each package 2021-04-26 09:34:55 for example, with gcc, i don't want "fast" changes, because i want new patches to be sent to my patch queue 2021-04-26 09:35:22 but for audacious, i don't care 2021-04-26 09:35:57 Sure, but it's yet another thing contributors and reviewer have to check 2021-04-26 09:37:26 aren't you writing a bot? :p 2021-04-26 09:38:18 Sure, we can try to automate part of it 2021-04-26 09:38:31 we plan to add other fields to APKBUILD for other purposes, why not add fields explaining the disposition of the package 2021-04-26 09:38:55 we also allow maintainers to maintain packages without actually having git push access, right? would be nice to have a bot setting a label "maintainer" or similar, which means it likely can be fast-tracked 2021-04-26 09:39:48 Yes, most of the time maintainers don't have push access 2021-04-26 09:39:52 Ariadne: btw, would it make sense to have an IRC channel or similar for alpineconf? 2021-04-26 09:39:57 We do need a good way to map maintainers to gitlab users 2021-04-26 09:40:10 Yup 2021-04-26 09:40:14 the email address? 2021-04-26 09:40:17 Would be nice if we solved that first 2021-04-26 09:40:40 ncopa: We bot currently tries that but not everyone has the same email in gitlab and the APKBUILD 2021-04-26 09:40:59 understand. solving that is a prerequisite 2021-04-26 09:41:11 you guys already have meta-fields like bump restrictions. bump policy isn't far-fetched at all. 2021-04-26 09:41:29 is it possible to have multiple emails connected to a gitlab account? 2021-04-26 09:41:32 ncopa: yes likely 2021-04-26 09:41:33 Yup 2021-04-26 09:42:02 You can have multiple emails connected. One is the primary notification email (where you get emails), the others are in there for things like GPG keys 2021-04-26 09:42:16 yes but how do you reverse map 2021-04-26 09:42:41 im thinking we could start with searching for the maintainer email in gitlab and set the "fast-track" label based on that 2021-04-26 09:43:08 maintainers who dont have that email in gitlab won't get the fast-track label 2021-04-26 09:43:13 there is also #alpine-security now 2021-04-26 09:43:19 awesome! 2021-04-26 09:43:40 It was there already for quite some time 2021-04-26 09:43:44 ncopa: But it's a per-package, not a per-maintainer setting so I don't see what that'd be for? 2021-04-26 09:43:46 Just not used 2021-04-26 09:44:15 /j #alpine-security 2021-04-26 09:44:16 meh 2021-04-26 09:44:20 :) 2021-04-26 09:44:44 good monday morning jvoisin :) 2021-04-26 09:45:14 Merry Monday to you as well ncopa :) 2021-04-26 09:53:07 you could even have something like 2021-04-26 09:53:13 # NMC-Threshold: 14d 2021-04-26 09:53:15 or 2021-04-26 09:53:21 # NMC-Threshold: 0d 2021-04-26 09:53:49 thus would allow a maintainer to ask explicitly "please give me X days to review this package" 2021-04-26 09:54:37 Sure 2021-04-26 09:55:25 Maybe we could have a kanban board with a queue for MRs which are ready for "general" review and another one for MRs which need maintainer approval 2021-04-26 09:56:44 would security bumps bypass the review threshold? 2021-04-26 09:56:51 (e.g. CVE attached) 2021-04-26 10:09:33 Sheila: yes, obviously 2021-04-26 10:11:26 figured, but thought it worth bringing up so it's explicit. :) 2021-04-26 10:41:34 14 days in absence of field in APKBUILD seems correct IMHO 2021-04-26 10:43:19 still would like to be at least notified on any NMU, even if the "wait for the maintainer to approve" part is skipped for security fixes 2021-04-26 10:48:30 We could have different values: need-approval, notify, accept, or something liek that 2021-04-26 11:01:42 I think we should always notify the maintainer 2021-04-26 11:02:04 I don't see the value of a maintainer when they don't know what's going on with the package 2021-04-26 11:02:55 So the bot would always assign the maintainer to review the thing and if the maintainer doesn't answer in the specified timeframe move the MR to the "general review" queue 2021-04-26 11:07:38 Cogitri: I agree 2021-04-26 11:08:40 though there are maintainers who explicitly stated to me that I can freely work on their pkgs 2021-04-26 11:09:09 so, maybe not always wait for maintainer answer 2021-04-26 11:09:28 I would say 'use common sense' (as usual) 2021-04-26 11:09:56 there is no bot who can replace human brain 2021-04-26 11:10:16 No, and it will not do so 2021-04-26 11:10:29 But it can make things a bit easier 2021-04-26 11:10:50 yes, I see it is a helpful tool 2021-04-26 12:21:27 that's why you may add an optout keyword in the APKBUILD 2021-04-26 12:21:37 but by default *IT MUST* requires maintainer approval 2021-04-26 12:21:51 otherwise I'd need to edit a bunch of APKBUILD to tell "make sure to notify me" 2021-04-26 12:45:44 no one is owner of anything in alpine 2021-04-26 12:54:20 yes, if you want a distro where maintainer approval is required and therefore nothing ever gets done then go to gentoo or debian 2021-04-26 12:55:01 debian barely works because there's enough people that it slowly grinds forward. gentoo doesn't and doesn't 2021-04-26 12:55:04 kernel 5.12 have some new features, https://kernelnewbies.org/Linux_5.12 2021-04-26 12:55:52 idmap is interesting for containers 2021-04-26 12:56:30 and also preemt mode select from boot cmdline 2021-04-26 12:56:50 preempt* 2021-04-26 13:03:56 Hello71: it is generally polite to allow a maintainer to review changes though 2021-04-26 13:04:30 i am a supporter of fast non-maintainer changes, but the default should not be that. 2021-04-26 13:04:37 yes, but it needs to be a social expectation, not a policy 2021-04-26 13:04:50 otherwise you start having policy policies and meeting meetings 2021-04-26 13:05:04 even in debian you can NMU any package at any time 2021-04-26 13:05:49 however if you do so in bad faith, it will make it harder for you to get things cosigned in the future 2021-04-26 13:06:49 that is basically the guideline we have always followed here until lately 2021-04-26 13:07:02 sometimes things get pushed too quickly. 2021-04-26 13:10:00 the maintainer should always be able to specify their preferences 2021-04-26 13:10:11 within reason. 2021-04-26 13:11:34 so i propose a way to allow maintainers to signal those preferences, which would be combined with a conservative default review window (7 or 14 days) 2021-04-26 14:19:32 will someone merge !20853 please? 2021-04-26 15:13:42 ACTION meeting meetings sniffing mittens, like real elbonian 2021-04-26 18:40:07 ncopa: https://pkg.go.dev/gitlab.alpinelinux.org/alpine/go/pkg/releases@v0.2.0 :) 2021-04-26 18:45:20 while we are bashing firejail: https://github.com/netblue30/firejail/blob/master/src/firejail/fs.c#L1080 2021-04-26 19:14:07 ikke: awesome 2021-04-26 19:14:31 some WIP I have in my tree: https://tpaste.us/5Vl7 2021-04-26 19:15:03 ncopa: working on secdb generator in go now 2021-04-26 19:15:41 gitlab.alpinelinux.org/alpine/go is meant as a collection of libraries that can be reused 2021-04-26 19:27:21 understand. I had something like this in mind: https://tpaste.us/vZXW 2021-04-26 19:28:00 the NewFromBuffer was to make it easier to add testcases 2021-04-26 19:28:12 Right, is a good improvement 2021-04-26 19:28:17 I just created something quickly 2021-04-26 19:28:45 But having it in a repo makes it easy to improve upon 2021-04-26 19:29:19 yes, very good 2021-04-26 19:29:26 need to go now. thanks! 2021-04-26 19:29:29 o/ 2021-04-26 22:10:58 i made a feature comparison between bubblewrap, nsjail and minijail: https://ctrlc.hu/~stef/jails.txt 2021-04-26 22:54:34 Ariadne: only read the beginning of your service manager aritcle so far (it's on my to-read list tonight), but I'm already really excited for it 2021-04-26 22:56:21 hedonist: got a link? 2021-04-26 22:56:44 https://ariadne.space/2021/03/25/lets-build-a-new-service-manager-for-alpine/ 2021-04-26 22:56:57 that is old :P 2021-04-26 22:57:14 haha 2021-04-26 22:57:23 how old? (no date shown on the article itself) 2021-04-26 22:57:39 if you want the technical details, they're here: https://skarnet.com/projects/service-manager.html 2021-04-26 22:57:43 Ariadne: it was posted on lobsters, so it's the first I've seen it and will likely get a fair bit more traffic 2021-04-26 22:57:57 oh no 2021-04-26 22:57:59 skarnet: :D 2021-04-26 22:58:03 i'll have to go into nginx 2021-04-26 22:58:10 and redirect to rickroll.mp4 2021-04-26 22:58:42 wait until it's posted to hackernews, then do that 2021-04-26 22:59:29 Ariadne: lol 2021-04-26 22:59:29 oh, incidentally, don't worry about it too much, lobsters just went down 2021-04-26 22:59:29 ☺ 2021-04-26 22:59:32 yeah 2021-04-26 22:59:39 strange coincidence 2021-04-26 23:00:16 it's back 2021-04-26 23:00:32 (possibly, it was never down and instead my internets were) 2021-04-26 23:02:39 well at least the comment section for both of those submissions aren't clownworld 2021-04-26 23:03:21 i was expecting 2021-04-26 23:03:38 WOMAN IN TECH IS COMPLAINING ABOUT SOMETHING, SHE IS WRONG, HONK HONK HONK 2021-04-26 23:04:19 is lobsters like that? 2021-04-26 23:04:52 skarnet: yes 2021-04-26 23:05:03 it's double-hipster /. 2021-04-26 23:05:05 skarnet: so are all places on the internet I've been present 2021-04-26 23:05:23 hedonist: you need to hang in better circles 2021-04-26 23:05:51 I have a pretty good success rate at avoiding that kind of nonsense. 2021-04-26 23:05:51 skarnet: lobsters, however, is one of the communities where a large contingent of users proposed a code of conduct, and the mods / a very vocal (I believe, minority) of users rejected it out-of-hand 2021-04-26 23:05:55 skarnet: so, that's awesome 2021-04-26 23:06:08 Ariadne: I'm sorry that's what you've come to expect :( 2021-04-26 23:06:15 skarnet: also, I just try to stop hanging out in those places 2021-04-26 23:06:31 skarnet: e.g., I still look at lobsters for news but I haven't posted / logged in in a very long time 2021-04-26 23:06:37 (and I try to avoid the comments) 2021-04-26 23:07:00 i don't even have an account on that site, or want one 2021-04-26 23:07:14 anyway this is like an #alpine-offtopic thing 2021-04-26 23:08:17 Damn, and I just created openrc-exporter to monitor my alpine services. Well, I guess the s6-rc replacement isn't yet ready anyway 2021-04-26 23:08:58 you still have time 2021-04-26 23:09:21 Ariadne: indeed 2021-04-26 23:09:23 but if you need real supervision for your daemons, s6 is packaged for alpine ;) 2021-04-26 23:09:51 I'm very much looking forward to playing with s6; I've never worked with it personally, but I've heard only good things 2021-04-26 23:11:25 skarnet: what do you mean by this? (Also I join #alpine-offtopic in case we want to move that discussion there) 2021-04-26 23:11:40 hedonist: well you can start right away, but the final version of the nextgen service manager will look nothing like what exists today ^^ 2021-04-26 23:11:56 skarnet: haha 2021-04-26 23:12:05 skarnet: my migration to alpine is… incremental 2021-04-26 23:12:15 so, there's some time left ☺ 2021-04-26 23:12:31 there is some time left indeed because I need to *write* it first, too :P 2021-04-26 23:13:08 tomleb: what is "this" that I should elaborate on? 2021-04-26 23:13:25 skarnet: I've heard that can get in the way of people using something ☺ 2021-04-26 23:17:28 skarnet: in #alpine-offtopic 2021-04-26 23:48:27 I keep seeing "Fast-forward merge is not possible. Rebase the source branch onto the target branch". Does this prevent merging and I need to rebase? For !20872 2021-04-26 23:53:17 tomleb: sounds like it 2021-04-26 23:53:29 tomleb: pro-tip; `git pull --rebase` is a hell of a drug 2021-04-26 23:54:20 hedonist: I already have this by default, yes. 2021-04-27 00:00:57 fast-forward merge generally only works in the blessed case when you're the only one working on a project. :P 2021-04-27 00:01:40 those pesky devs who insist on modifying master while you're working on your branch! 2021-04-27 00:16:27 lol 2021-04-27 00:28:03 skarnet: out of interest, have you considered using any formal methods for the new service manager? (e.g., frama-c) 2021-04-27 00:29:02 I don't think it would be useful tbh 2021-04-27 00:29:23 it's still in the range of complexity I can handle without such tools 2021-04-27 00:29:47 fer nuff 2021-04-27 00:30:29 the problems with C appear when you have a large shared codebase with implicit assumptions and too loose guidelines 2021-04-27 00:30:44 indeed 2021-04-27 00:31:00 though, I do long for a world where all C software is complimented by formal methods 2021-04-27 00:31:01 people make changes according to a set of assumptions that isn't the same the previous committer made 2021-04-27 00:31:08 and boom, you introduce a bug 2021-04-27 00:31:19 that's the kind of thing formal methods can avoid 2021-04-27 00:31:39 for a small team project under a certain level of complexity, the overhead just isn't worth it 2021-04-27 00:31:51 you just need to pay attention to what you're doing :) 2021-04-27 00:31:57 :) 2021-04-27 08:37:00 mcrute: hehe, alpine/aports:master | Mike Crute | community/bird: move to community, from where not from to 2021-04-27 09:03:42 anyone know what C lib or include is needed for __free_fn_t 2021-04-27 09:23:22 hi guys 2021-04-27 09:26:25 wdtTP2O82Kft: very nice, interesting the code base difference altough brwap misses resources limiting freatures. 2021-04-27 09:28:55 hah, glibc /usr/include/search.h 2021-04-27 09:30:42 libc6-dev:amd64: /usr/include/search.h 2021-04-27 09:39:08 so, musl doesn't have __free_fn_t 2021-04-27 10:01:07 mps: no, it's a GNU-ism 2021-04-27 10:04:38 yes, I looked at glibc source 2021-04-27 10:04:49 thanks for confirmation 2021-04-27 10:11:06 generally speaking any __-prefixed symbol in an application is bad news 2021-04-27 10:13:27 skarnet: iiuc, use them in appications 2021-04-27 10:15:00 on the contrary: *do not* use __ stuff in applications if you want your applications to be portable 2021-04-27 10:16:26 skarnet: sorry, I meant to say 'not use' instead of 'use'. need another coffee round 2021-04-27 10:16:41 right XD 2021-04-27 10:20:40 ncopa: just to add context, this __free_fn_t is in drbd-utils 9.17.0 2021-04-27 10:21:22 because that I made !20912, so no latest and shinny upgrade :) 2021-04-27 12:14:13 skarnet: what do you mean, I'm not supposed to be using __compar_fn_t in my code?? 2021-04-27 12:14:36 seriously though, it would have been nice of glibc to have removed that from headers by now, then upstreams would have been forced to fix their shit 2021-04-27 12:32:22 https://openwrt.org/releases/21.02/notes-21.02.0-rc1 OpenWRT switched from mbedTLS to WolfSSL 2021-04-27 12:33:58 i think the message is a bit misleading, since previously the default was "no tls" 2021-04-27 12:34:22 previously = in 19.07 2021-04-27 12:34:49 i think it changed during 21.02 release process 2021-04-27 12:47:26 uhg wolfssl is so bad 2021-04-27 12:50:35 but it's paying for the development of curl :P 2021-04-27 13:16:29 :-p 2021-04-27 13:17:15 TBH i think a lot of the badness was that the client i worked with who was using it insisted on some ridiculous nondefault flags for the bignum code and stuff 2021-04-27 13:17:24 that made it malloc every limb or something 2021-04-27 13:19:18 it claims to be an embedded SSL library, so I'd hope it can also do stuff in non allocation-heavy manners :/ 2021-04-27 13:19:41 their licensing is kind of heavy, though 2021-04-27 13:27:19 i prefer BearSSL personally. 2021-04-27 13:29:33 I favour menagerieSSL (that is, everyone just implement libtls API) :v 2021-04-27 13:32:10 hmm 'scanelf: rpath_security_checks(): Maybe? sec problem with DT_RPATH='lib/scribus/plugins/' in ...' 2021-04-27 13:33:02 first time see this when building pkg. do I need some special settings in APKBUILD? 2021-04-27 13:35:14 Ariadne: I think it's the main (only?) "embedded" library that claims compatibility with OpenSSL 2021-04-27 13:37:15 (wolfssl) 2021-04-27 13:39:21 mps, it's a bug in whatever built that 2021-04-27 13:40:24 either they put a build-dir-relative rpath in the binary as a bad hack to let yoy run it in the build dir without installing, or they mistakenly think relative paths are origin-relative (that needs ${ORIGIN}) rather than working-dir-relative 2021-04-27 13:43:19 dalias: thanks for explanation 2021-04-27 14:03:31 gcc 11.1 released https://gcc.gnu.org/pipermail/gcc/2021-April/235922.html 2021-04-27 14:03:53 too late for alpine 3.14 2021-04-27 14:12:23 mps: gcc 11 is not happening until 3.16 at least 2021-04-27 14:13:15 (though i have rebased the patchset) 2021-04-27 14:17:25 Ariadne: yes, I know that you added some patches to 10.2 2021-04-27 14:17:38 we're on 10.3 2021-04-27 14:17:44 the patchset is already rebased on 11 2021-04-27 14:17:49 aha, didn't looked 2021-04-27 14:18:01 i want to stick with 10.x through 3.15 though 2021-04-27 14:18:25 we're having a pretty good run with gcc 10 now, and i don't want to have more fires to deal with on that front just yet 2021-04-27 14:18:41 I would like to stick with 8.2 (or it was 8.3) :) 2021-04-27 14:19:33 ericonr: i dont see OpenSSL compatibility as a feature tbh :p 2021-04-27 14:19:49 not in a library that has like 20 ssl backends anyway 2021-04-27 14:26:13 dalias: just fyi, solved above rpath issue for scribus by adding -DWANT_DISTROBUILD=True to cmake 2021-04-27 14:28:11 *sigh* 2021-04-27 14:28:25 this is not only needed for distro 2021-04-27 14:28:34 it's needed not to have a severe bug in the binary 2021-04-27 14:32:44 well, I don't care much, hope original poster to include scribus in alpine will take maintainership in near future 2021-04-27 14:33:17 I don't like much such big software 2021-04-27 14:34:21 just wanted to help, because OP had illness and couldn't continue work on it 2021-04-27 14:48:47 Ariadne: thanks for upgrade dnsmasq in 3.13. obviously I forgot this when upgraded for edge 2021-04-27 15:51:21 Ariadne: Do you have a moment for a query? I want to talk about the AGPL situation 2021-04-27 15:53:49 Thermi: sure 2021-04-27 16:37:46 maribu: seems you're the maintainer of opencv. Any chance you could move it to community at some point? 2021-04-27 17:52:03 I stopped using it, so I'm relying on user feedback for issues and new releases :-( I only needed it for a single demo project, and likely will never need it again. I don't think I'm the right person to push it to community. 2021-04-27 17:52:04 But feel free to adopt the package! 2021-04-27 18:15:04 Oh sure, that'd be fine 2021-04-27 23:06:07 mps: Taking a chance, are you Michal, helping me get navidrome packaged? 2021-04-28 00:17:31 i dont think so 2021-04-28 00:21:04 btw i'm still looking into nsjail/minijail/bwrap. and i noticed, that bwrap expects compiled bpf files for seccomp, but has no tool on it's own to do so. nsjail comes with its own dls: kafel - which allows for some nice definition of rules. but minijail i think goes further, it has some nice tools to generate policy files from strace/audit.log and a python script to compile it down to bpf, 2021-04-28 00:21:06 might be worth packaging... 2021-04-28 00:23:44 sure, as long as you maintain it 2021-04-28 00:26:24 wdttp2o82kft, what are you trying to accomplish with a sandbox? 2021-04-28 00:26:44 didnt we find minijail had serious flaws? 2021-04-28 00:27:44 no that was firejail 2021-04-28 00:28:20 minijail is the chromeos/android tool used by google to sandbox everything. 2021-04-28 00:28:39 i don't want any "jail" that is SUID 2021-04-28 00:29:05 well. bwrap is not suid 2021-04-28 00:29:14 yes, i know :) 2021-04-28 00:29:23 but needs something that feeds it binary bpf files if you wanna use seccomp 2021-04-28 00:29:56 i am just saying anything that is suid would be rejected 2021-04-28 00:29:57 and what i'm talking about are two such solutions from the other two tools i look at 2021-04-28 00:30:09 i am trying to reduce the number of SUID programs in alpine 2021-04-28 00:30:11 :P 2021-04-28 00:30:29 i'm talking about tools that generate seccomp bpf files 2021-04-28 00:30:31 not jails 2021-04-28 00:30:36 yeah thats fine 2021-04-28 00:30:55 i am just saying please do not package anything that requires options=suid :p 2021-04-28 00:31:06 i'm not saying anything like that 2021-04-28 00:31:17 i'm talking about tools that spit out binary bpf files 2021-04-28 00:31:22 that can be fed into bwrap 2021-04-28 00:31:57 since brwap does not support anything else but reading these rules from an open fd 2021-04-28 00:35:21 fwiw seccomp is nearly impossible to make into a viable sandbox 2021-04-28 00:35:52 it doesn't have facilities to intercept and rewrite things that can't be blocked but also can't be allowed directly 2021-04-28 00:36:20 it's useful for very specific known code where you have whole swarths of functionality you can nuke and still get done what you want but that's about all 2021-04-28 00:36:28 namespaces are much more powerful for actual sandboxing 2021-04-28 00:41:19 i guess that's true for firefox, but a simple dhcp client for example might be possible, possibly also daemons like unbound 2021-04-28 00:41:54 it's a lot of work and error-prone to sandbox them with seccomp 2021-04-28 00:42:01 it's trivial to sandbox them with namespaces 2021-04-28 00:42:36 now seccomp is a great mitigation for bugs in the kernel (turn off access to syscalls that have nothing to do with the functionality) 2021-04-28 00:42:54 but just allowlisting syscall patterns you know they use is likely to break with updates to the application *or libc* 2021-04-28 00:43:17 sure 2021-04-28 00:45:36 btw note that unshare(1) is more powerful and useful *without any actual programming*, or just some shell script 'programming', than most big sandbox implementations 2021-04-28 00:45:53 for example see my https://github.com/richfelker/usand 2021-04-28 00:56:22 yes i am very skeptical about seccomp sandboxing too, for the reasons dalias mentions 2021-04-28 06:25:04 tomleb: no, I'm not. my username on gitlab is also mps as nick here 2021-04-28 06:39:10 hi all, any timeframe for branching of π? 2021-04-28 06:40:03 i havent started work on the 3.14 builders yet. i would guess we have it out at the end of May 2021-04-28 06:41:04 ncopa, thanks 2021-04-28 10:08:50 hi, is it possible to move bubblejail to community before 3.14 release? 2021-04-28 10:15:10 yes open an MR doing it 2021-04-28 10:18:23 ok, I tested so far firefox/telegram and electrum, all working fine 2021-04-28 10:19:08 well, I don't have sound in telegram maybe because it uses alsa instead pulseaudio 2021-04-28 11:20:51 FYI: i am planning to do a mass orphan of packages which have not had maintainer involvement in security fixes after 3.14 release 2021-04-28 11:28:16 good 2021-04-28 11:48:29 ncopa: mps: ping 2021-04-28 11:50:19 ncopa: mps: qemu 5.2.0 in alpine has a lot of unpatched security vulnerabilities. all of which are fixed in 6.0.0-rc5. should we upgrade to 6.0.0-rc5? 2021-04-28 11:56:13 Once a package has been pushed to edge/testing, what's the next step? I know I can move it to community eventually. But that's still for edge isn't ? So how are packages updated for older version (eg: 3.12)? 2021-04-28 11:58:14 Ariadne: if we want to upgrade qemu why not wait for 6.0.0 release? I expect it JIT (just-in-time) for 3.14 :) 2021-04-28 11:58:24 mps: okay :) 2021-04-28 11:58:34 tomleb: they're not 2021-04-28 11:58:47 tomleb: there is no way to go from edge/testing to something already released 2021-04-28 11:59:13 though I asked for preparing upgrade to 3.14 earlier and 'no' as answer 2021-04-28 11:59:34 mps: i am ok with upgrade to qemu 6.0 in 3.14 2021-04-28 11:59:42 s/and/and got/ 2021-04-28 11:59:42 mps meant to say: though I asked for preparing upgrade to 3.14 earlier and got 'no' as answer 2021-04-28 11:59:42 some of these issues look pretty nasty 2021-04-28 11:59:50 i would like to see them fixed 2021-04-28 12:00:12 I still think we should upgrade 2021-04-28 12:01:07 yes, i agree 2021-04-28 12:01:11 you have my support to do it 2021-04-28 12:01:12 :) 2021-04-28 12:01:18 :) 2021-04-28 12:01:56 the alternative is backporting like 50 patches 2021-04-28 12:02:01 i dont think its worth it 2021-04-28 12:02:09 better to just go to 6.0 2021-04-28 12:02:15 even for 3.13 imo 2021-04-28 12:02:26 or perhaps just tell people who use qemu to upgrade to 3.14 2021-04-28 12:02:41 iirc, BDFL was against. maybe he is now convinced ;) 2021-04-28 12:07:01 tomleb: Ariadne: I think we had moving from testing to stable branch few times, though for really exceptional cases 2021-04-28 12:13:00 maybe i remove firejail from 3.13 too 2021-04-28 12:13:02 :) 2021-04-28 12:13:36 mps: lets just do it :) 2021-04-28 12:13:49 i guess wait for 6.0 release tho 2021-04-28 12:18:31 Ariadne: Let's say I have a community package in 3.12, and now we're 3.13, can I update the package in 3.12 (eg: security fixes)? I guess I'm having issues understanding the lifecycle of a package. 2021-04-28 12:18:52 tomleb: yes, you open an MR with a fix 2021-04-28 12:19:05 tomleb: pinging @teams/security will likely get a fast review :) 2021-04-28 12:19:38 but, you can't go from edge/testing into a stable release generally. 2021-04-28 12:19:45 like for a new package 2021-04-28 12:19:53 oh my god 2021-04-28 12:19:59 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20941/commits 2021-04-28 12:20:11 git is not my friend :\ 2021-04-28 12:21:51 yeah I fixed it! :D 2021-04-28 12:58:35 Hi there! Can I ask here questiones regarding APKBUILD? 2021-04-28 12:59:16 sure 2021-04-28 13:00:06 if a program use code with different licenses (i.e. src/ under AGPL-3 and lib/ under MIT) should both be mentioned in the license tag? 2021-04-28 13:01:04 Yes, combined with AND 2021-04-28 13:01:38 license="AGPL-3.0 && MIT" is it correct? 2021-04-28 13:01:58 The word 'AND' 2021-04-28 13:02:05 I see, thanks! :) 2021-04-28 15:12:20 mcf: ping 2021-04-28 15:13:31 mcf: i'm being asked about https://github.com/michaelforney/samurai/pull/74/files, the person asking alleges that alpine is violating your copyright on samurai, because we just declare the license in the APKBUILD (using SPDX labels) and do not physically install the LICENSE file. 2021-04-28 15:13:39 mcf: what is your opinion on this? 2021-04-28 15:20:24 donoban: one thing you can do that won't require rebasing is using `git commit --amend`; that will add your current set of changes to the last commit. 2021-04-28 15:22:16 Huh, what's up with the ppc64le builder? It's not available on b.a.o? 2021-04-28 15:23:48 PureTryOut[m]2: it's awol 2021-04-28 15:24:25 Fun 2021-04-28 15:24:33 ibm is looking at it, but they need to physically access the device 2021-04-28 15:24:50 if it does not get un-AWOL soon, i'll make arrangements to have my POWER8 machine reracked 2021-04-28 15:25:02 (it's the faster of the two i have) 2021-04-28 15:25:16 thanks Sheila but I'm not sure exactly in what case I should use it. Maybe I wrongly created that branch from telegram branch instead master. 2021-04-28 15:28:56 donoban: mostly it'd allow you to make changes without having to rebase. for branches, I recommend `git checkout master; git checkout -b blah` specifically as that way later branches won't interfere with earlier ones or vice-versa. 2021-04-28 15:30:45 so, I try do a PR, some revisor says, "there is an error there", I fix it and use 'commit --amend'? then push :) 2021-04-28 15:31:36 yeah 2021-04-28 15:32:48 But only do that if the fix should go in the last commit 2021-04-28 15:33:07 if you have multiple commits, and that fix fixes something in an earlier commit, git commit --amend is not appropriate 2021-04-28 15:33:19 ^ 2021-04-28 15:33:30 I see I see 2021-04-28 15:34:09 yes, in that case make a new commit and rebase so that you can roll the fix in to the commit you're fixing. 2021-04-28 15:34:13 but common aport commits, "community/pkg: upgrade X", almost any fix could be ammended to it 2021-04-28 15:34:55 It requires a bit of common sense 2021-04-28 15:35:01 thanks for the tip :) 2021-04-28 15:35:18 small fixes can indeed go into the same commit, if the amount of changes become larger, it might make sense to split it up 2021-04-28 15:35:37 yeah, I understand :D 2021-04-28 16:03:17 TIL that setting the APK environment variable can screw up your abuild runs.... 2021-04-28 16:03:48 [0] [me@alpox00 ~/ports/aports/community/IshyTinker]$ abuild checksum; echo $? 2021-04-28 16:03:51 >>> IshyTinker: Updating the sha512sums in APKBUILD... 2021-04-28 16:03:54 0 2021-04-28 16:03:56 [0] [me@alpox00 ~/ports/aports/community/IshyTinker]$ APK=1 abuild checksum; echo $? 2021-04-28 16:04:00 127 2021-04-28 16:04:53 yes 2021-04-28 16:05:09 this should probably be documented 2021-04-28 16:05:19 but ${APK} is supposed to reference the /sbin/apk binary 2021-04-28 16:05:32 this is to allow abuild to be used on non-alpine systems 2021-04-28 16:12:47 Yeah, a wiki entry would be helpful. Took me a hot minute to figure that one out. 2021-04-28 17:53:01 i'm learning how to package the dotnet sdk. on the dotnet website it says to extract the files into DOTNET_ROOT and add that to path. of course that doesn't work for a global package. should my package extract it to /opt and make a symlink of dotnet in /usr/local/bin? 2021-04-28 17:53:30 DOTNET_ROOT being /home/$USER/dotnet anyways 2021-04-28 18:03:48 donoban: are you around? I created bug report (finally, I'm bad on these tasks) about edk2 failed build #12640 2021-04-28 18:12:18 I didn't 'see' tbk for some time here 2021-04-28 18:12:47 2 months ago 2021-04-28 18:13:45 I create !20937 and it failed on CI on x86_64 and aarch64, but pass fine on my lxcs 2021-04-28 18:14:08 and tbk is maintainer, not sure what to do with this 2021-04-28 18:14:24 (no, will not send mail to ML) 2021-04-28 18:15:40 Seems to be timing related 2021-04-28 18:15:47 xpected 114968 >= 100000 && 15 >= 5 && 15 <= 10 (context: type eval line 27 cmd {assert {$omem >= 100000 && $time_elapsed >= 5 && $time_elapsed <= 10}} proc ::test) 2021-04-28 18:16:17 It takes 15 (seconds?), but expected to be between 5 and 10 2021-04-28 18:16:50 [err]: Client output buffer soft limit is not enforced if time is not overreached in tests/unit/obuf-limits.tcl 2021-04-28 18:42:59 yes 2021-04-28 18:43:59 does it make sense to merge in hope that builder will be fast enough 2021-04-28 18:52:11 @Ariadne Do you want to be mentioned in issues regarding AGPL-3.0 compliance in aports? 2021-04-28 18:52:47 Thermi: lets hold off for now. we can do this audit after 3.14 is released. 2021-04-28 18:53:02 Ariadne: Alright. I just opened an issue for bareos. 2021-04-28 18:53:15 Like 10 seconds before you wrote it. 2021-04-28 18:53:23 Thermi: i do appreciate your taking initiative to audit our packages for compliance though :) 2021-04-28 18:53:32 Ariadne: Well, you told me to open issues. :P 2021-04-28 18:53:53 Opening issues is fine 2021-04-28 18:53:56 yes, because you inquired about auditing :) 2021-04-28 18:54:08 It's about 55 packages that need to be audited 2021-04-28 18:54:20 and we should check all of our AGPL packages to make sure they are actually providing the source code notice 2021-04-28 18:54:25 Takes about 5 minutes each 2021-04-28 18:54:37 Ariadne: afaik, that's only requried if there are modifications, not? 2021-04-28 18:54:45 Well, only the ones having changed source code need to provide notices 2021-04-28 18:54:51 right 2021-04-28 18:55:04 ikke: the ones that are changed need their URLs changed, but all of them are really supposed to have the notice 2021-04-28 18:55:16 Why? 2021-04-28 18:55:17 this was the opinion of the FSF when Pleroma and Mastodon enquired about it 2021-04-28 18:55:35 If we did not change it, and upstream does not provide it, why does that matter? 2021-04-28 18:55:45 it means upstream itself is not in compliance 2021-04-28 18:55:48 which is a bug 2021-04-28 18:55:56 How can upstream not be in compliance? 2021-04-28 18:55:57 just not a bug that is of grave severity to *us* :) 2021-04-28 18:56:05 They can do whatever they want 2021-04-28 18:56:09 Assuming upstream is the actual copyright holder 2021-04-28 18:56:12 yes 2021-04-28 18:56:13 the software upstream provides must comply with the license they choose 2021-04-28 18:56:26 if they don't obey their own license, then the license is arguably void 2021-04-28 18:56:36 don't look at me, i didn't invent this stuff 2021-04-28 18:56:38 Upstream can just distribute the source under a second or third license 2021-04-28 18:56:45 yep 2021-04-28 18:56:48 They just distribute it to themselves under a "do whatever" license 2021-04-28 18:56:53 I guess the issue is when there are multiple copyright holders? 2021-04-28 18:57:07 but if they slap AGPL on it and then don't provide the source link, it's still a dick move 2021-04-28 18:57:08 :p 2021-04-28 18:57:14 https://writing.kemitchell.com/2021/01/24/Reading-AGPL.html 2021-04-28 18:57:17 I can only shrug to that. 2021-04-28 18:57:32 Ariadne: I sent an email to FSF regarding clarification clause 13. I think then we have definitive answer. 2021-04-28 18:57:39 Or it spins of into another discussion. 2021-04-28 18:58:16 would someone be able to spoon feed me just a bit. i'm trying to package dotnet. https://pastebin.com/raw/tQcDcwCg this fails when i `abuild -r` saying `/usr/bin/abuild: cd: line 2377: can't cd to /home/arwn/packages/community/dotnet/pkg/dotnet: No such file or directory` 2021-04-28 18:58:48 Does that directory exist? 2021-04-28 18:58:48 arwn: seems like nothing is installed in $pkgdir 2021-04-28 18:59:13 Thermi: it does not, but if i mkdir it, it's deleted and i get the same error 2021-04-28 18:59:21 When is it deleted? 2021-04-28 18:59:32 Thermi: abuild -r does clean, which removes $pkgdir 2021-04-28 18:59:36 Okay. 2021-04-28 18:59:49 arwn: in the package() function, you need to copy things to $pkgdir 2021-04-28 18:59:52 arwn: to be clear, we won't accept an APKBUILD that repackages random binaries downloaded from somewhere 2021-04-28 19:00:02 nod 2021-04-28 19:00:10 ikke: I guess just install -Dm xxx foo bar 2021-04-28 19:00:20 AFAIR -D mkdirs all dirs in the path 2021-04-28 19:00:23 Wasn't there someone from the dotnet community that was looking into packaging dotnet for alpine? 2021-04-28 19:00:27 Thermi: yes, correct 2021-04-28 19:00:38 Just checked. It's correct. :P 2021-04-28 19:00:39 ikke: yes 2021-04-28 19:00:41 ikke: ty 2021-04-28 19:00:47 Ariadne: i'm just learning right now, but if this is easy enough i could see about building it from source so i can submit it. 2021-04-28 19:01:03 arwn: https://github.com/dotnet/core/tree/main/tools/dotnet-bootstrap 2021-04-28 19:01:15 arwn: it depends on microsoft doing a lot of stuff atm. they are working to make it possible 2021-04-28 19:01:22 arwn: these things are generally 'not easy' (tm) 2021-04-28 19:01:31 this is largely a "patiently wait" situation atm 2021-04-28 19:01:43 we are waiting on them to finish rolling out their new build system (Arcade) 2021-04-28 19:02:12 arwn: problem is that bootstrapping is tricky, you need something to start from 2021-04-28 19:02:26 generally, these languages are built on top of itself 2021-04-28 19:04:38 We could try to urge upstreams to provide an option to show the source location in the interface 2021-04-28 19:05:15 Ariadne: that seems to be a legal question about alpine packages in general rather than samurai in particular. some other alpine packages (e.g. ninja or curl) also don't package the license file 2021-04-28 19:05:42 mcf: yes, it is our policy to just use the SPDX labels 2021-04-28 19:05:44 it doesn't seem to be common practice for the package itself to install its license file, but some distributions add it to their packages 2021-04-28 19:05:51 i mean, that seems fine to me 2021-04-28 19:06:15 some are of the opinion that the license should be shipped with the software 2021-04-28 19:06:48 it is an interesting topic 2021-04-28 19:07:08 if a user has an alpine livecd, with no working internet connection, then that scenario i suppose would be non-compliant 2021-04-28 19:07:28 one possible workaround would be to include a set of common licenses as part of alpine-base 2021-04-28 19:07:48 though there are also the copyright statements, too 2021-04-28 19:08:14 i think SPDX should create a vocabulary for specifying copyright statements as they have licenses (with both the SPDX URIs and the SPDX short labels) 2021-04-28 19:10:02 if they did that, then gitlab and github and so on could provide those copyright assertions in linked-data way, as we do with SPDX 2021-04-28 19:21:38 okay 2021-04-28 19:21:43 i think i have a solution to this 2021-04-28 19:21:52 we just add some metadata to the APKBUILDs 2021-04-28 19:22:13 copyright="$srcdir/COPYING" 2021-04-28 19:22:35 and then we can extract all of that into a tree of linked objects using the SPDX vocabulary 2021-04-28 19:22:44 and then deduce the ones we need on the livecd 2021-04-28 19:22:50 and voila, we are compliant 2021-04-28 19:24:50 next SPDX meeting is on may 6 2021-04-28 19:24:56 i'll call in and ask them about this 2021-04-28 19:27:45 :) 2021-04-28 19:28:15 silly solution: make each package 'depend on' a package that provides its license text :-p 2021-04-28 19:29:11 and yes, for licenses that require including the license text with binaries i think you need to have a copy somewhere *offline* in the distributed files 2021-04-28 19:29:20 some only require including it with source tho 2021-04-28 19:33:49 iirc debian and fedora provide the license for foo in the foo-doc package, as a file under /usr/share/foo 2021-04-28 19:34:13 or /usr/share/doc/foo 2021-04-28 19:37:08 debian does that but generally not in a separate -doc package 2021-04-28 19:37:33 :/usr/share/doc $ ls */copyright | wc -l 2021-04-28 19:37:34 585 2021-04-28 19:37:36 debian 2021-04-28 19:38:46 where should a package stick a monolithic folder of "stuff" that all needs to be together to run, if not in /opt? 2021-04-28 19:52:47 /opt isn't for packages is it? 2021-04-28 19:52:53 aiui it's for unpackaged software 2021-04-28 19:53:11 i mean it's kind of a "shurg" area 2021-04-28 19:53:18 skarnet, that ends up duplicating a lot of files 2021-04-28 19:54:10 arwn left 2021-04-28 19:55:17 duplicating a lot of files? if you install the sources along, sure 2021-04-28 19:55:33 if you don't... that's just a license file. 2021-04-28 19:55:53 regarding licenses, arch has a fairly KISS solution: a chunky "licenses" package that is required by "base" metapackage and installs /usr/share/licenses/*. then, each package states license=GPL-2 or whatever, which you can look up yourself in /usr/share/licenses. if a package uses a license not in the standard set, it should put it at /usr/share/doc/$pkgname/LICENSE or similar (in its own 2021-04-28 19:55:56 package) 2021-04-28 19:57:22 skarnet: i think dalias' point is that we don't want to install 100 identical copies of gpl-2.0.txt. i guess it would be fine if they're all symlinks 2021-04-28 19:58:04 ah, ok, that makes sense 2021-04-28 20:30:48 hi 2021-04-28 20:32:39 mps: do you want forward it to upstream? 2021-04-28 20:45:08 donoban: do whatever you think 2021-04-28 20:45:49 hehe ok 2021-04-28 20:46:37 I don't have github account 2021-04-28 20:46:57 I checked their github repository but they don't handle the issues there 2021-04-28 20:47:06 they use a bugzilla server 2021-04-28 20:47:25 https://bugzilla.tianocore.org/ 2021-04-28 20:47:28 also I didn't saw issue tracker there 2021-04-28 20:48:04 huh, is registration required to post bug? 2021-04-28 20:48:18 yes 2021-04-28 20:48:49 don't worry I'm gonna search and post one if I don't find anything useful 2021-04-28 20:48:57 huh.huh 2021-04-28 21:07:46 ough this bugtrack is pretty uggly, I will ping you if they answer something 2021-04-28 21:07:55 https://bugzilla.tianocore.org/show_bug.cgi?id=3363 2021-04-28 21:08:03 I've attached the full log from pipeline 2021-04-28 21:15:57 donoban: thanks, I'm really grateful to you 2021-04-28 21:16:27 np, I hope they reply :) 2021-04-28 21:16:43 yes, I have bugzilla account on kernel.org, it is ugly but less than github/gitlab :) 2021-04-28 21:17:11 hehe, at lest they have emoticons :P 2021-04-28 21:17:58 I'm going to sleep, see you tomorrow :) 2021-04-28 21:19:26 emoticons? you mean these two characters ':)' 2021-04-28 21:19:46 also I'm going to bed, good night 2021-04-28 21:19:52 o/ 2021-04-28 21:20:06 \o 2021-04-28 21:20:34 :laught: :D 2021-04-28 21:20:45 what happened to my emoj plugin -_- 2021-04-28 21:21:30 well good night :) 2021-04-28 21:23:32 edge repos are now also tracked on https://security.alpinelinux.org 2021-04-28 21:23:59 donoban, mps: this appears to be fortify-related 2021-04-28 21:24:44 which means VfrCompile is doing something wrong 2021-04-28 21:24:54 (except testing, we do not track security for testing, you're on your own, there) 2021-04-28 21:24:55 uh, why do you take my sleep ;) 2021-04-28 21:25:15 i can look into it 2021-04-28 21:25:44 thanks, and good night also to you (and all) 2021-04-28 21:28:28 I'm out as well 2021-04-28 21:29:56 have a good sleep 2021-04-28 21:30:06 i think i will investigate this after having dinner :) 2021-04-29 05:44:25 maribu[m]: texmf-dist has build issues 2021-04-29 05:44:34 on armv7 and aarch64 2021-04-29 06:00:26 Thanks, will take a look. 2021-04-29 06:03:36 opinions on !20949 ? 2021-04-29 06:20:17 ah, Aisha 2021-04-29 06:20:44 will look later more 2021-04-29 07:10:16 morning 2021-04-29 07:10:44 eselect is kinda scary. where do we draw the limit? 2021-04-29 07:12:19 maxice8: nack for !20949 2021-04-29 07:12:30 Yeah, and we'd usually just solve this with providers/replace instead of something as complex as eselect 2021-04-29 07:12:44 it depends on bash and having bash in alpine base is not good idea 2021-04-29 07:17:10 good morning 2021-04-29 07:17:46 ncopa: I would like to draw limits little above the base 2021-04-29 07:19:55 just to put it out there as I wander off: there's nothing about eselect that fundamentally requires bash; sure there'd be a bit of a rewrite involved but if you think that you need eselect and you don't want bash, it's entirely doable. 2021-04-29 07:21:15 rewrite anything is doable 2021-04-29 07:44:14 hi 2021-04-29 07:48:59 ikke: nice 2021-04-29 07:52:04 I'm not sure if this applies to openvpn community version https://security.alpinelinux.org/vuln/CVE-2020-7224 2021-04-29 07:55:27 ikke: redis failed on builder with same reason as on CIs 2021-04-29 07:57:06 disable these tests or tweak builders? 2021-04-29 08:08:53 If it's purely a timing issue, perhaps increase time? 2021-04-29 08:09:03 But maybe we should ask upstream about it 2021-04-29 08:10:23 not sure what to do, tbh 2021-04-29 08:24:48 @ikke: Can you give me a link to the build log? My RPi (aarach64) builds texfmf-dist just fine :/ 2021-04-29 08:26:05 https://build.alpinelinux.org/buildlogs/build-edge-aarch64/community/texmf-dist/texmf-dist-2021.58710-r0.log 2021-04-29 08:31:34 How like is a file corruption during the build being the cause? 2021-04-29 08:33:36 Are checksums checked during unpack()? The APKBUILD is overwriting the default `unpack()` function to unpack the script files during packaging instead, as texmf-dist is noarch and no building is done. 2021-04-29 08:34:42 If the zip file was just not correctly downloaded but the checksum check was skipped by overloading unpack, this would explain the log. (And obviously, the checksum check should be re-added.) 2021-04-29 08:36:24 Yep. I just modified the checksum in the APKBUILD by hand and it still builds :/ At least the source code is downloaded via HTTPS. I'll check if I can fix this. 2021-04-29 08:40:11 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20958 2021-04-29 08:51:00 These arches share the same builder 2021-04-29 09:08:45 i think im gonna tag an abuild release 2021-04-29 11:14:17 maribu[m]: you are welcome :) 2021-04-29 11:16:04 ncopa: is the new abuild version supposed to contain the concurrent download fix? 2021-04-29 11:16:30 ikke: yes 2021-04-29 11:16:36 ok, good :) 2021-04-29 11:16:54 there are more work to do with abuild, but i think i need to limit myself and ship it 2021-04-29 11:16:58 It seems the texmf-dist package is hitting it as well 2021-04-29 11:17:05 ncopa: yes, makes sense 2021-04-29 11:17:16 most work has been on adding tests 2021-04-29 11:17:22 which is very good 2021-04-29 11:17:29 i think we should have tests for as much as possible 2021-04-29 11:17:38 https://github.com/AppImage/appimage.github.io/blob/master/code/worker.sh#L213 2021-04-29 11:17:41 and preferrible we should write the tests before we write the code :) 2021-04-29 11:17:48 i saw this eldritch horror, so now you all must too 2021-04-29 11:18:03 aw! 2021-04-29 11:18:08 please let me un-see that 2021-04-29 11:18:11 :D 2021-04-29 11:18:26 ncopa: anything keeping https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/85 from being merged? 2021-04-29 11:18:33 i was thinkgin that we should try move things like newapkbuild, abump, apkgrel etc to atools 2021-04-29 11:18:54 and i think abuild should call things liks secfixes-check if its available 2021-04-29 11:20:46 its sure going to be funny when we flip the switch and apks aren't tarballs anymore 2021-04-29 11:21:45 ikke: i guess not. just need to verify that it works as intended :) 2021-04-29 11:23:12 cue: "how can we get firejail back in alpine" 2021-04-29 11:23:15 ikke: might need to be rebased 2021-04-29 11:23:28 answer: rewrite it from scratch so it's actually secure and not requiring SUID 2021-04-29 11:23:28 :D 2021-04-29 11:23:37 "use bubblejail instead" 2021-04-29 11:25:15 oh well, i fully believe removing firejail was the absolutely right thing for us to do 2021-04-29 11:25:32 when you're the first distro to do something, you're going to have pain like thi 2021-04-29 11:25:33 s 2021-04-29 11:30:04 this is good start, there are a lot more candidates ;> 2021-04-29 11:30:57 till all finish in /dev/melting_pot 2021-04-29 11:31:34 and we are all secure, small and simple :D 2021-04-29 12:51:53 Is it possible to get the pid file from a daemon started with supervise-daemon? 2021-04-29 12:52:13 From an init.d script 2021-04-29 12:55:54 I know that it stores it in /run/supervise-.pid.. Maybe I can rely on that. 2021-04-29 13:45:32 the better question is, if you're using a supervisor, why would you ever need the pid? 2021-04-29 13:45:53 the *point* of a supervisor is to provide an interface to control the process *without* having to rely on the pid 2021-04-29 13:46:08 but maybe that's just another basic thing openrc did not understand :/ 2021-04-29 13:47:10 wait, supervised process with openrc supervise-daemon have pid? 2021-04-29 13:47:34 mps, every process on Unix has a pid, you should know that by now 2021-04-29 13:47:37 ACTION runs 2021-04-29 13:48:29 but yes, apparently they have a pid file, which they kinda have to have internally, but it should not be user-visible 2021-04-29 13:48:33 I mean, in some files 2021-04-29 16:03:34 skarnet: right, in my case it's because the app supports user signals to trigger some stuff (eg: reload, etc). I'm already using supervise-daemon to supervise the process, I just need to be able to kill -SIGUSR1 to it too 2021-04-29 16:06:01 donoban: Ariadne: I fixed 'Illegal instruction' failure in !20626 by adjusting previous patch which I overlooked 2021-04-29 16:06:38 tomleb: wouldn't you use openrc then to forward those signals? 2021-04-29 16:06:48 mps: that's naughty 2021-04-29 16:07:03 great :) 2021-04-29 16:07:17 adjusted previous patch by adding "#define _FORTIFY_SOURCE 0" :D 2021-04-29 16:07:17 but pipeline failed? 2021-04-29 16:07:26 ikke: I'm trying to add a extra_started_commands= command, yes, just not sure how to do it with supervise-daemon 2021-04-29 16:07:29 but it still fail on some build.py invocations 2021-04-29 16:07:41 Ariadne: :) 2021-04-29 16:07:48 yeah it probably still crashes :p 2021-04-29 16:08:07 tomleb: if supervise-daemon doesn't offer you an interface to do that, you could run your app under s6, and it would work. ;) 2021-04-29 16:08:11 fortify is about fail fast 2021-04-29 16:08:16 tomleb: maybe ask in #openrc 2021-04-29 16:08:24 there is a dedicated channel 2021-04-29 16:08:43 Yeah, should've asked there first. thanks! 2021-04-29 16:09:48 https://gitlab.alpinelinux.org/mps/aports/-/jobs/382256#L665 2021-04-29 16:10:07 make: *** No rule to make target 2021-04-29 16:11:02 and more of these 2021-04-29 16:11:06 huh 2021-04-29 16:42:40 Ariadne: saw your tweet about not using tar to unpack apks... in the new world how does one bootstrap apk itself? currently the AMI script is using the tar trick but I'm thinking about ways to improve it 2021-04-29 16:42:59 one downloads, and uses apk-tools-static. 2021-04-29 16:43:03 as they should do now :) 2021-04-29 16:43:13 isn't that itself an apk? 2021-04-29 16:43:29 yes but we will provide it in another form for bootstrapping 2021-04-29 16:44:30 Can anyone direct me to a "how to" tutorial on building Alpine from source? I'm trying to learn how to build Alpine for Docker containers... 2021-04-29 16:44:59 oh prefect, that's what I'm doing already so we'll probably just need to make a minor tweak to pull a different tar in the future :-) 2021-04-29 16:47:23 Cody: what exactly do you mean with building alpine from source? 2021-04-29 16:47:27 any objection to me merging the setup-cloud-images script (by a different name of course) into alpine-conf? I think it would be valuable to share some of the logic already there 2021-04-29 16:55:50 ugh... nm... I now remember why I didn't do that in the first place 2021-04-29 16:56:22 you have to bootstrap alpine then do the alpine install within the bootstrapped alpine from within another OS image otherwise it's "chicken meet egg" time 2021-04-29 17:00:15 Ariadne: the security db stuff is super awesome! one of my favorite features is being able to see at a glance what versions of a package are in all releases :-D 2021-04-29 17:03:47 ikke - Like however the alpine .tar.gz's are generated? Similar to the ones listed in the downloads page?: https://alpinelinux.org/downloads/ 2021-04-29 17:04:08 Whatever that process is? 2021-04-29 17:04:27 Cody: look aports/scripts 2021-04-29 18:02:54 @mps I did get that far, but I'm having trouble running `mkimage.sh`. Seem like it relies on `apk` and a few other build-type dependencies. 2021-04-29 18:03:10 Like, I need alpine to build alpine? 2021-04-29 18:03:34 Building the images, yes 2021-04-29 18:04:34 building alpine from scratch would mean you first bootstrap a chroot, including apk-tools 2021-04-29 18:04:42 a build toolchain 2021-04-29 18:04:53 then you start building more and more packages 2021-04-29 18:05:17 then, after all packages are built, you can make an image 2021-04-29 18:08:47 Is there a guide somewhere that demonstrates how to do this? I tried googling it, but didn't find any resources. 2021-04-29 18:10:05 Like, if you take a look at: 2021-04-29 18:10:05 https://github.com/alpinelinux/docker-alpine/blob/489953694b9dd165f615dc01971971ddf55701f8/x86_64/Dockerfile 2021-04-29 18:10:06 I want to know the least steps in order to generate the tar.gz shown on line 2. 2021-04-29 18:10:06 Does that require the build toolchain you mentioned? 2021-04-29 18:12:50 You need at least apk-static 2021-04-29 18:13:04 then you can manually create a chroot from pre-built packages 2021-04-29 18:15:16 Gotcha, I'll start there, I guess 2021-04-29 19:31:05 hello, with the help of the postmarketos irc channel, i have made an APKBUILD for a simple colorpicker, that i would like to submit 2021-04-29 19:31:37 jona: welcome 2021-04-29 19:31:42 what is the preferred way, gitlab or mailing list? 2021-04-29 19:31:49 gitlab is preferred 2021-04-29 19:32:04 do i need an account at gitlab for that? 2021-04-29 19:32:26 yes, though you could connect your gitlab.com or github.com account 2021-04-29 19:35:10 ok, will do 2021-04-29 19:36:44 I 'give up' with !20626 don't understand all this complicated build in it 2021-04-29 19:37:12 for my use cases will use these things from debian 2021-04-29 19:41:03 mps: i will try to look into it next week 2021-04-29 19:41:09 mps: can you assign the bug you opened to me? 2021-04-29 19:44:14 sure, and thanks 2021-04-29 19:44:59 done 2021-04-29 19:58:07 do any alpine folks have a beagle-v? :) 2021-04-29 19:59:26 is it risc-v? 2021-04-29 19:59:33 one of the zededa guys has one 2021-04-29 20:00:08 that's not directly alpine, but in the alpine universe 2021-04-29 20:14:32 yes, it seems viable to build with 2021-04-29 20:33:27 8gb ram is still a bummer 2021-04-29 20:33:36 but i guess better than nothing 2021-04-29 20:35:40 8gb is 4x what my laptop has so... 2021-04-29 20:36:07 stuff like firefox 2021-04-29 20:36:14 requires like 20gb ram to build 2021-04-29 20:36:16 excited to get it up and running. it's probably faster than most if not all of my x86 boxes 2021-04-29 20:36:17 ;/ 2021-04-29 20:36:28 what x86 boxes are that 2021-04-29 20:36:34 atoms and celerons 2021-04-29 20:36:37 oh 2021-04-29 20:36:39 ok :) 2021-04-29 20:36:45 i was like, whaaaaaaaaa 2021-04-29 20:36:57 oh i have the core i7 low-power thing but it's been shelved since spectre 2021-04-29 21:06:55 so i tried to do a merge request but the build failed at 'Executing "step_script" stage of the job script' with "fatal: could not read Username for 'https://gitlab.alpinelinux.org': No such device or address" 2021-04-29 21:11:14 Chrome requires ∞GB of RAM to build 2021-04-29 21:16:21 I'm being sorely tempted to build a couple of boxes with these https://www.asrockrack.com/general/productdetail.asp?Model=EPYC3451D4I2-2T#Specifications 2021-04-29 21:16:40 512GB in ITX, why not? 2021-04-29 21:19:54 only infinity GB? 2021-04-29 21:20:05 i feel like it needs more still :) 2021-04-29 21:20:49 heres an idea 2021-04-29 21:20:52 what if we use zram 2021-04-29 21:20:57 and shitty SSDs 2021-04-29 21:21:01 from micro center 2021-04-29 21:21:03 as "RAM" 2021-04-29 21:21:05 :D 2021-04-29 21:21:19 hey now. they're not shitty. they're just without brand premiums. 2021-04-29 21:21:27 nah i'm talking like 2021-04-29 21:21:35 those really slow write MLC ones 2021-04-29 21:21:44 that you can get for 20 bucks 2021-04-29 21:21:49 that are basically SD cards 2021-04-29 21:22:12 those aren't MLC, those are TLC/QLC and should be burned. 2021-04-29 21:22:20 yo what 2021-04-29 21:22:36 those epyc boards look pretty... epyc 2021-04-29 21:22:41 haaaaaaa 2021-04-29 21:22:48 i might have to get me one of those for my colo 2021-04-29 21:22:53 or two 2021-04-29 21:23:05 this is the one to get though: https://www.asrockrack.com/general/productdetail.asp?Model=EPYC3451D4U-2L2T2O8R#Specifications 2021-04-29 21:23:15 "here we gave you 4x10GbE" 2021-04-29 21:23:27 hmm 2021-04-29 21:23:41 "what? no, not 2SFP/2RJ split. 2+2" 2021-04-29 21:24:02 i wish it was 4xSFP 2021-04-29 21:24:12 then i could hook up a QSFP to SFP breakout cable 2021-04-29 21:24:16 i have a ton of em 2021-04-29 21:43:14 hehe, did I told yesterday that I expect qemu 6.0.0 release soon :) 2021-04-29 21:43:25 i don't think the CS4227 can do breakout 2021-04-29 21:43:49 oh wait, wrong direction. nevermind. i've been stuck switch shopping today. 2021-04-29 23:45:38 Is armhf ddge builder hanging on community/dssim 3.0.1-r0 2021-04-30 00:28:14 andypost[m]: sure looks like it 2021-04-30 03:15:28 aports-qa-bot now assigns maintainers when possible 2021-04-30 06:44:12 good morning 2021-04-30 06:44:58 Ariadne: nice work on alpineconf. didnt even notice it had already so many proposals for talks. 2021-04-30 07:14:39 clandmeter: good morning :) 2021-04-30 07:14:46 good morning to all 2021-04-30 07:23:01 ncopa: postfix 3.6.0 is release yesterday. should we upgrade it for 3.14 alpine or after? 2021-04-30 07:23:15 released* 2021-04-30 07:24:40 it have important and incompatible changes, '3.6 deprecates terminology that implies white is better than black. Instead, Postfix prefers 'allowlist', 'denylist' :) 2021-04-30 07:26:23 another important pkg is qemu 6.0.0 (also released yesterday) 2021-04-30 07:27:18 it has secfixes, which we will have to backport to 5.2.0 if we do not upgrade 2021-04-30 07:29:28 Ariadne and I already 'voted' for qemu upgrade 2021-04-30 08:27:10 mps: +1 for both postfix 3.6 and qemu 6 2021-04-30 08:33:09 good, already started on qemu, have to check all our patches 2021-04-30 08:34:24 have to finish some $day_jobs first 2021-04-30 08:43:03 hah, auto assign works now 2021-04-30 08:44:52 Yup, the bot should automatically assign the maintainer now (if author != maintainer), feel free to ping me or maxice8 if something doesn't work 2021-04-30 08:46:30 it works, just wonder how ncopa handle his mailbox :) 2021-04-30 08:46:43 will handle* 2021-04-30 08:50:58 would someone add to release notes for 3.14 this url http://www.postfix.org/announcements/postfix-3.6.0.html for postfix 2021-04-30 09:13:00 ikke: what do you think about doing the test like this? https://tpaste.us/DMll?hl=true 2021-04-30 09:15:38 updated patch that actually works: https://tpaste.us/BElR?hl=true 2021-04-30 09:25:24 ncopa: looks fine to me 2021-04-30 09:40:19 If the test suite for a package only does linting and type checking, should it be run in the Alpine package? 2021-04-30 09:47:21 Sure, doesn't hurt 2021-04-30 09:47:39 It fails though … :( 2021-04-30 09:48:06 Best to ask upstream about it then 2021-04-30 09:49:17 Also: I packaged community/mirage as mirage, but upstream prefers it to be packaged as mirage-im I learnt now. The reasoning is that there is other software called mirage, so it's better to make the distinction. However, Alpine doesn't have any other software called mirage, and if I put that mirage-im provides mirage you couldn't really have a mirage package anyway 2021-04-30 09:49:21 What do you think? 2021-04-30 09:51:17 What will users try to install? 2021-04-30 09:51:30 Probably mirage 2021-04-30 09:51:39 Some distributions call it matrix-mirage though 2021-04-30 09:52:04 What does their readme suggest? 2021-04-30 09:58:54 What do you mean? 2021-04-30 09:59:09 The readme just says mirage in the top heading 2021-04-30 09:59:17 but their contributing guide suggests to package it as mirage-im 2021-04-30 10:12:07 Hi guys, I like mirage-im, with just mirage I would confuse it with ocaml mirage 2021-04-30 10:12:50 don't language-specific packages usually have some sort of prefix or such? 2021-04-30 10:13:02 like how all python packages start with py3- 2021-04-30 10:14:03 However, there is an image viewer called mirage 2021-04-30 10:14:09 Like, just mirage 2021-04-30 10:14:22 uhM, I didn't know it 2021-04-30 10:14:29 In Fedora the "mirage" package is this image viewer 2021-04-30 10:14:34 So it could be confusing 2021-04-30 10:14:51 it looks nice 2021-04-30 10:15:07 " A fast and simple image viewer " 2021-04-30 10:15:22 it misses "secure" :D 2021-04-30 10:16:54 or they migrate the project from sourceforge or it semes abandoned 2021-04-30 12:26:38 lrwxrwxrwx 1 root root 72 Apr 8 17:15 /usr/include/systemd -> /home/buildozer/aports/community/elogind/pkg/elogind/usr/include/elogind 2021-04-30 12:26:39 wut 2021-04-30 12:27:06 $ apk info -W /usr/include/systemd 2021-04-30 12:27:06 /usr/include/systemd is owned by elogind-dev-246.10-r2 2021-04-30 12:27:07 hmm 2021-04-30 12:35:22 well i fixed that :) 2021-04-30 12:48:04 clandmeter, hi, I am looking for the issue in the ppc-builder hosted by unicamp. So, did you see the Rafael's emails about the ETA and an alternative machine? 2021-04-30 12:49:29 ow! my bad, you are not on the thread, kevin and nathael are. 2021-04-30 12:49:47 ncopa, ^ 2021-04-30 12:50:02 ikke, ^ 2021-04-30 12:59:34 hi 2021-04-30 13:00:46 ncopa, I am talking about the Rafael's email from Unicamp/IBM to support the ppc builder. 2021-04-30 13:00:58 walbon: i guess a vm will work but it will require some work to set it up I guess 2021-04-30 13:01:23 I see 2021-04-30 13:02:10 walbon: do you know if there are any hope to get it back? 2021-04-30 13:02:23 ncopa: hmm, abuild is failing to build on x86 2021-04-30 13:02:39 ncopa, actually we don't how much effort will be need to able again the machine back. 2021-04-30 13:02:54 worst case scenario, i have an IBM S812LC i can set up as builder 2021-04-30 13:03:00 ncopa, yes, it will be back but not soon i guess 2021-04-30 13:03:51 i would prefer to not have to do that though, i'm running near the limit of power i am alloted at my colo 2021-04-30 13:03:52 not soon means "not til monday" or "not within a month/year"? 2021-04-30 13:04:41 not till monday 2021-04-30 13:04:50 oh, thats fine then :) 2021-04-30 13:04:54 Yes 2021-04-30 13:05:17 i think if we get it early next week will be fine 2021-04-30 13:05:26 ok 2021-04-30 13:06:47 i wonder if taking out the disks and put them in a new machine is an option 2021-04-30 13:07:17 i would assume that is what they would do 2021-04-30 13:07:50 at least on my S812LC and S922 the disks are on sleds 2021-04-30 13:07:57 just like any other server 2021-04-30 13:08:24 petitboot is petitboot, it doesn't require any special variables in NVRAM to work 2021-04-30 13:08:32 so swapping the disks should work 2021-04-30 13:08:38 unless its the disks that are dead 2021-04-30 13:08:43 in which case, we cry :) 2021-04-30 13:09:02 walbon: thank you very much for helping us with this. the machine is very useful, and kinda essential for the ppc64le port :) 2021-04-30 13:09:20 if the disks are dead we'll probably panic, yes :) 2021-04-30 13:11:46 ncopa, welcome. If possible answer the Rafael's emails, he is in charge of laboratory. 2021-04-30 13:15:21 what's the origin system? 2021-04-30 13:15:50 walbon: will do. thank! 2021-04-30 13:16:27 ncopa, you're welcome 2021-04-30 13:26:29 RootWyrm_: original system? i think it is an S812LC like mine 2021-04-30 13:27:07 they might have upgraded it to a POWER9 machine though 2021-04-30 13:27:41 then possibly swappable if it's whole machine partitioned. 2021-04-30 13:27:58 yeah they should be able to just swap the disks 2021-04-30 13:28:10 it's not a VM or anything 2021-04-30 13:28:25 Partition != VM 2021-04-30 13:28:39 S812LC does whole machine, IVM, and HMC. 2021-04-30 13:30:03 Ikke: thanks for reporting the ERRors that come out of aports-qa-bot to Cogitri 2021-04-30 13:30:11 I also don't recall if the S812L does serial locking in OPAL unfortunately. 2021-04-30 13:32:06 RootWyrm_: yeah i mean that it's not an LPAR 2021-04-30 13:32:10 its powernv 2021-04-30 13:32:17 That's IVM 2021-04-30 13:32:46 (Which I will always hate the name of.) 2021-04-30 13:32:47 hmm? powernv is bare metal 2021-04-30 13:32:56 isn't it? 2021-04-30 13:33:02 i thought PowerNV = Power Non-Virtualized 2021-04-30 13:33:11 Oh wait, yeah... forgot OPAL does _that_ 2021-04-30 13:34:10 all my Alpine ppc64le are baremetal and report OPAL/PowerNV in cpuinfo :) 2021-04-30 13:34:20 so i think all they need to do is swap the disks 2021-04-30 13:34:50 Possibly, but as I said, I don't remember if the S812L does serial locking. Since it's still got MIC. 2021-04-30 13:36:56 admittedly, i've never swapped disks on mine, so i dunno either :) 2021-04-30 13:37:21 but it seems to me like all you would have to do is 'approve' the change in MIC 2021-04-30 13:37:32 how one does that i have no idea :) 2021-04-30 13:37:41 Oh god no. It's nowhere near that simple. 2021-04-30 13:38:15 my understanding is that the MIC serial locking feature is mostly for mitigating 'evil maid' style attacks 2021-04-30 13:38:24 so i am surprised it is more complex than that 2021-04-30 13:38:39 Very much not the case. S812L's still have classical ASMI as I recall. 2021-04-30 13:40:41 Plus OPAL's abysmal.. one of the many, many reasons I keep L's out of any environment. It's actually easier to swap disks on an HMC partitioned system. 2021-04-30 13:41:00 im looking at the abuild issue on x86 builder 2021-04-30 13:41:51 maxice8: yes, will keep an eye on it 2021-04-30 13:59:28 i have pushed abuild 3.8.0_rc1 to edge 2021-04-30 13:59:47 please keep an eye on breakages 2021-04-30 14:10:29 >Plus OPAL's abysmal.. 2021-04-30 14:10:30 rude 2021-04-30 14:38:24 opal: hahaha, sorry. ;) 2021-04-30 14:46:59 is Marian Buschsieweke in this channel? 2021-04-30 14:47:12 maribu[m]: ^ 2021-04-30 14:47:50 maribu[m]: I think the latest tex updates broke some of my documents 2021-04-30 14:47:54 maribu[m]: xdvipdfmx:fatal: Cannot proceed without .vf or "physical" font for PDF output... 2021-04-30 14:51:35 maribu[m]: I fixed it with this series of commands: https://paste.sr.ht/~sircmpwn/fd974e8b992d3361eb8ed7676799e69ffbf417fc 2021-04-30 14:51:42 maribu[m]: might be something for the post-update, dunno 2021-04-30 15:54:40 ncopa: is fresh abuild changed format of checksums? 2021-04-30 15:55:37 yes 2021-04-30 16:27:56 ddevault: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/21009 should hopefully fix the issue for others affected. I think running fmtutil-sys again on texlive updates might make sense anyway. 2021-04-30 16:28:42 thanks maribu[m] 2021-04-30 16:40:01 you're welcome. Thanks for reporting! 2021-04-30 17:03:29 mps: Ariadne "If VfrCompile contained undefined behavior, I wouldn't be surprised. Please compile VfrCompile with conservative / permissive compiler settings." would he refer to gcc flags? Maybe the VfrCompile problem is already fixed and unrelated with next error 2021-04-30 17:03:47 donoban: can you step back from the tianocore thing 2021-04-30 17:05:46 what you want 2021-04-30 17:06:12 i'm looking into why VfrCompile crashes with fortify 2021-04-30 17:06:39 playing telephone is just adding noise, not actual signal 2021-04-30 17:10:20 Ariadne: we should express kindness to people who want to help 2021-04-30 17:10:54 donoban: i do appreciate your opening a bug with the tianocore bugzilla though :) 2021-04-30 17:11:27 maybe donoban didn't noticed our talk last night 2021-04-30 17:11:42 andypost[m]: yes https://gitlab.alpinelinux.org/alpine/abuild/-/commit/f523aabce3101c941d796baa84c2666b8a7dbecc 2021-04-30 17:11:45 hehe it's the only thing that ocurred to me 2021-04-30 17:11:57 uhM, probably I missed something 2021-04-30 17:12:09 mps: well i noted it on the bugzilla too :) 2021-04-30 17:12:27 tianocore saying they don't care if their code is buggy doesn't tell us anything helpful :) 2021-04-30 17:12:51 donoban: I assigned issue to Ariadne and forgot it existed ;) 2021-04-30 17:13:13 he said "he is not surprised" maybe he really cares :) 2021-04-30 17:13:35 that's... not the vibe i get from that message :D 2021-04-30 17:14:35 well, I was going to say that the makefile error is on a clean build 2021-04-30 17:15:07 lets focus on diagnosis first 2021-04-30 17:15:26 the makefile error is whatever 2021-04-30 17:15:40 we will fix it, after we fix VfrCompile 2021-04-30 17:16:13 ok ok 2021-04-30 18:10:32 is there method to revert some changes in git branch after 'git add ; git commit' 2021-04-30 18:11:55 git reset HEAD^ 2021-04-30 18:12:05 it will "uncommit" the last commit 2021-04-30 18:12:26 or specifically, change the branch so that it points to the commit you passed 2021-04-30 18:12:44 (--hard will also remove the changes in your work dir) 2021-04-30 18:13:36 afontain_: no, I don't want to revert commit 2021-04-30 18:14:11 probably asking something hard to explain and actually imposible to be done 2021-04-30 18:14:28 well, it's not a "git revert" 2021-04-30 18:15:34 did it 'manually' by copying back deleted files 2021-04-30 18:17:52 looks like that worked 2021-04-30 19:13:51 barely anything is impossible, just not straight forward (or, when it comes to git, consistent) 2021-04-30 19:15:51 !21007 2021-04-30 19:16:25 you can check out a deleted file from history if you know a commit hash where it existed, or checkout relative to the hash where it was deleted (~1) 2021-04-30 19:16:51 omni: I was talked about single commit 2021-04-30 19:27:32 mps: your latest commit removed the file? 'git checkout HEAD~1 -- ' 2021-04-30 19:36:18 omni: thanks, but I can't test this now because I did this manually by copying deleted file from archive and added it again 2021-04-30 19:36:54 good to remember 2021-04-30 19:45:52 I got a couple of packages merged into testing that were `arch="all"` with all their pipelines passing, but they didn't seem to get into the repos for ppc64le. This is causing issues for that arch with my package that depends on these already-merged packages. Anyone know what's going on here? 2021-04-30 19:46:14 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/20999 2021-04-30 19:47:01 Dadrophenia: ppc64 builder is on 'vacation' 2021-04-30 20:24:53 Dadrophenia: as mps said, ppc64 builder is presently down due to a hardware fault. the current sponsor (Unicamp) is looking at fixing the hardware fault. hopefully it will be back on monday. 2021-04-30 20:25:28 if not, i am staging a POWER8 machine i took out of service as a replacement builder. :) 2021-04-30 20:44:26 Sounds good, thanks for the responses! 2021-04-30 21:17:26 Hum, just me or abuild-keygen does not work anymore on edge? I'm getting no output, just exit code 1 2021-04-30 21:48:48 seems to work for me 2021-04-30 23:02:12 maybe alpine-chroot-install is broken somehow now.. weird 2021-04-30 23:05:13 It's been working fine until today 2021-04-30 23:11:12 This is the faulty commit. I removed `set -e` and it started working again. https://gitlab.alpinelinux.org/alpine/abuild/-/commit/754270e4607d31f7ffed502411e616251cb49460 2021-04-30 23:17:59 Gonna be pushing a fix 2021-04-30 23:27:43 My fix here: https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/93