2024-10-01 04:30:36 that shoudnt matter 2024-10-01 04:30:49 but you can change the timeout in your fork's project settings 2024-10-01 06:17:16 khem: its gobject-introspection scanner (1.82.0) that chokes on _Alignas. https://gitlab.gnome.org/GNOME/gobject-introspection/-/issues/520 2024-10-01 12:44:22 can someone merge the redis/redict MRs? 2024-10-01 12:44:39 for valkey i'd wait until they make a point release. should be later this day 2024-10-01 13:51:55 Would anybody be able to have a look at https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/72271 2024-10-01 13:52:16 Both Newbyte and me are happy with it, and seems to be affecting some users 2024-10-01 14:08:51 fossdd[m]: Ahh thanks for the tip 2024-10-01 14:22:02 hi. I am trying to create a simple package for alpine. here's the apkbuild: https://paste.opensuse.org/pastes/bcd6fb1954b4. the repo's dir is inside the src directory so I am getting this error: error: could not find `Cargo.toml` in `/home/packager/src` or any parent directory 2024-10-01 14:22:47 how do i clone the whole repo directly inside the src instead of it creating a folder of the repo? 2024-10-01 14:25:54 the builddir is the correct path but for some reason its not working 2024-10-01 14:35:39 look inside $srcdir and check how the dir is called, you should set this dir to $builddir="$srcdir/....". 2024-10-01 14:36:27 btw: pkgver's never start with v, you should remove the v and prepend it where nesessary (like in $source or $builddir) 2024-10-01 14:36:56 oh and instead of forcing the target, you should use --target="$CTARGET" 2024-10-01 14:43:35 !72047 is also ready to merge :> 2024-10-01 14:46:18 sandbag: maybe adjust the url to https://github.com/memorysafety/rav1d/archive/v$pkgver/rav1d-v$pkgver.tar.gz 2024-10-01 14:47:04 sandbag: and what fossdd[m] said about the $pkgver, remove the "v", that url worked for me, probably no need to set $builddir 2024-10-01 14:49:38 thank you fossdd[m] mio. that worked 2024-10-01 14:50:29 the v was not needed in the pkgversion 2024-10-01 14:55:26 install: can't stat 'target/release/rav1d': No such file or directory 2024-10-01 14:55:51 should i mention the whole path like "$pkgdir"/target/release/ ? 2024-10-01 14:56:13 i saw multiple rust APKBUILD using just target/release in install() 2024-10-01 15:00:06 oops, the binary name is different. sorry 2024-10-01 15:00:28 is it a good practice to copy everything from release and install it? 2024-10-01 15:21:21 is there any sort of loose timeline set for the next Alpine release? I see the release before last was December (not that Alpine follows a schedule per se). I'm wondering because I need to make some big(ish) changes to Ceph and wondering how much time I have since I missed the cutoff last release 2024-10-01 15:22:54 sandbag: release often contains misc stuff you most likely never need, so you would only copy the bin. If there are further docs like man-pages, or completions for shells, feel free to include them. But there is no need :) 2024-10-01 15:23:32 yeah, i just copied the binary and lib* 2024-10-01 15:24:04 iggy: alpine plans to release every may and november IIRC. https://gitlab.alpinelinux.org/groups/alpine/-/milestones/10 probably needs to be finished before a new release can be tagged 2024-10-01 15:25:22 sandbag: if the libs are relevent, yeah. but note that you should install them to /usr/lib 2024-10-01 15:26:18 iggy: releases are loosely scheduled at May and November 2024-10-01 15:28:27 perfect, thank you, now I need to get the new Ceph tested and expunge the old one 2024-10-01 15:31:10 I wonder if busybox 1.37 is going to be a part of that milestone (or I guess more generally how much are the milestones used to actually plan everything that goes into a release) 2024-10-01 15:31:37 iggy: it's not that strict 2024-10-01 15:31:43 the milestones are more like a reminder 2024-10-01 15:35:12 rgr 2024-10-01 15:56:20 CI is a bit busy atm 2024-10-01 16:06:11 what is the decision making criteria for what security fixes make their way to previous releases or not? or does everything with a CVE need it? 2024-10-01 16:06:34 We try to backport everything that is possible 2024-10-01 16:06:44 Generally only for supported releases 2024-10-01 16:06:53 For community that means only the last stable release 2024-10-01 16:07:49 ok got it. so if i'm updating a package i maintain for a new maintenance release with security fixes i should submit MR against master and also the 3.20-stable branch? 2024-10-01 16:08:09 Yes 2024-10-01 16:08:28 ok great thanks, will do 2024-10-01 16:55:29 why is gitlab so slow in forking (aports repo)? github forks almost instantly 2024-10-01 16:55:35 alpine gitlab* 2024-10-01 17:05:30 aports is pretty big repo with large history 2024-10-01 17:05:52 and alpine has less computational power than github 2024-10-01 17:36:19 Forking public repos in GH is basically a free action because all the forks share the same backing storage of git objects. GL might not be doing that. To be fair the GH behavior creates some surprises too around private <-> public repo conversions 2024-10-01 20:06:30 Apologies for the CI. I've underestimated the build time needed. Qt rebuilds :/ 2024-10-01 20:06:42 chromium is brutal 2024-10-01 20:07:05 Seems like there are no pending jobs anymore 2024-10-02 08:16:29 Hm been working on getting ffmpeg to compile as a part of !72806 with some success. Though since there's a new version, and it seems like fully getting it building is beyond the scope of updating vulkan I was thinking of kicking out the ffmpeg rebuild entirely and starting another issue/draft on it. 2024-10-02 08:28:38 once I tried to bump ffmpeg but that is way beyond my knowledge 2024-10-02 08:35:48 It's going on a couple of archs after some patches. 2024-10-02 08:36:13 Not sure how it compiled in the last bump since I had to backport patches from ffmpeg, and gentoo to fix unrelated errors 2024-10-02 09:35:42 i will start set up the 3.21 builders soonish. this or next week (?) 2024-10-02 09:35:55 do we have everythign we need in of toolchains? 2024-10-02 09:36:26 llvm 19 is out 2024-10-02 09:36:50 maybe we should prioritize get that working properly? 2024-10-02 09:37:03 are we going to kill net6 on that release? 2024-10-02 09:37:45 ncopa: i guess apkv3 will move to 3.22 2024-10-02 09:37:59 what is net6? 2024-10-02 09:38:15 if we can kill it we will kill it 2024-10-02 09:38:24 I mean dotnet6 2024-10-02 09:38:36 if we can we will 2024-10-02 09:38:41 i dont know if we can 2024-10-02 09:38:58 is dotnet6 still supported from upstream? 2024-10-02 09:39:08 until november 2024-10-02 09:39:18 the maintainer mailed me about it 2024-10-02 09:39:25 ok 2024-10-02 09:39:50 what happens if we delete dotnet6? 2024-10-02 09:39:51 https://devblogs.microsoft.com/dotnet/dotnet-6-end-of-support 2024-10-02 09:41:18 we should probably get some consensus of the python venv splitting before 3.21 2024-10-02 09:41:23 llvm 19 2024-10-02 09:41:36 can we delete some older llvm? 2024-10-02 09:41:56 we also need to start write release notes 2024-10-02 09:43:24 anything else that is emergent? 2024-10-02 09:43:26 I've hit a interesting bug with nlplug-findfs when there's a dm-crypt device on top of dm-raid 2024-10-02 09:43:37 what happens if we delete dotnet6? ayakael knows better, but we have some pkgs that uses it (honest its just 5 and 4 of them is on me) 2024-10-02 09:44:02 I'll look into it later, seems like nlplug-findfs seems to skip searching on the dm-raid device even though it has the parameters 2024-10-02 09:44:09 what about the armv7 page size? do we want bump page size to 32k for armv7 at linker level? 2024-10-02 09:44:46 there was this issue of docker images on some qnap NAS 2024-10-02 09:44:55 they bumped the page size to 32k in kernel 2024-10-02 09:45:24 older binutils had 64k page size, so binaires worked with 32k pages on that kernel 2024-10-02 09:45:40 but they fixed that in binutils and the binaries broke on that kernel 2024-10-02 09:46:00 do we want fix that? 2024-10-02 09:46:05 if so, now is the time 2024-10-02 09:46:20 before i start up the 3.21 builders 2024-10-02 09:46:41 ncopa: I've marked https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/72703 as ready, since I'm now available to watch if anything breaks 2024-10-02 09:47:42 PabloCorreaGomez[m]: i trust you. hope nothing breaks... :) 2024-10-02 09:48:44 Hehe, that one I looked over with some care, and there the split-usr option that forces lookups on both /usr and /lib 2024-10-02 09:49:03 Of course there's always a risk, but seems pretty safe, I hope 2024-10-02 09:49:26 Else like in all the other ones, just ping me when people complain that things break 2024-10-02 09:49:53 thank you! 2024-10-02 09:50:43 caskd: there is a test suite for nlplug-findfs. can you try reproduce it there? 2024-10-02 10:00:57 ok. we cannot drop llvm15 due to ghc 2024-10-02 10:28:50 clandmeter: my new flagged out of date email starts with "Dear tvheadend" (the first aport out of date) instead of my name :) 2024-10-02 10:28:58 just wanted to let you know :) 2024-10-02 10:29:30 fossdd[m]: do you mind creating an issue here? https://gitlab.alpinelinux.org/alpine/infra/apkbrowser 2024-10-02 10:29:41 For me it was empty 2024-10-02 10:29:47 yep 2024-10-02 10:33:53 Hiya, would gxlimg be appropriate for alpine? It's a replacement tool for aml_encrypt_gxl, which is used for building images suitable to boot on Amlogic GXL boards. 2024-10-02 10:34:08 I see meson-tools is already packaged, which does the same thing but for GXBB boards. 2024-10-02 10:35:33 https://github.com/repk/gxlimg <- gxlimg repo 2024-10-02 11:08:21 FYI I already talked to the author, and he's fine with it being packaged in alpine. 2024-10-02 13:37:30 PabloCorreaGomez[m]: I think the eudev move broke FDE unlocking on postmarketos for me. Downgrading to old eudev and running mkinitfs fixes things. 2024-10-02 13:37:49 Yes, I know: https://gitlab.com/postmarketOS/pmaports/-/merge_requests/5663 2024-10-02 13:38:04 I guess if it's not just me, I'm going to merge that one without reviews 2024-10-02 13:38:29 Unfortunately, I realized too late. And luckily alpine does not have udev in the initramfs 2024-10-02 13:38:35 So it's "only" downstream 2024-10-02 13:39:19 ah cool, thanks, sorry for "me too"-ing you. 2024-10-02 13:39:23 I think pkgs.a.o "required by" is broken, at least I cant see any 2024-10-02 13:39:56 ok noy any, I can see some, but not all 2024-10-02 13:40:33 elagost: no worries, it helps push up the priority of this 2024-10-02 13:43:17 thanks for your hard work on this - and that's the price I pay running edge, I guess! 2024-10-02 14:01:35 elagost: before I merge, do you have a chance of mrtesting https://gitlab.com/postmarketOS/pmaports/-/merge_requests/5663 2024-10-02 14:01:39 * elagost: before I merge, do you have a chance of mrtesting https://gitlab.com/postmarketOS/pmaports/-/merge\_requests/5663 ? 2024-10-02 14:02:11 PabloCorreaGomez[m]: will do, just got my chromebook back up and running, I'll test now. 2024-10-02 14:06:20 PabloCorreaGomez[m]: hey, it works, latest eudev + this mr makes things work again. 2024-10-02 14:06:43 Thanks a lot, I'm merging then! 2024-10-02 14:07:26 Awesome! Thank you for the quick turnaround. 2024-10-02 14:08:26 Jeje. I'm asking Natanael to merge those risky things the days I'm several hours in a row here exactly for this reason. So far, seems to be working out 2024-10-02 14:15:56 Gonna have to check the git log for your name next time I upgrade my edge machines ;) 2024-10-02 14:53:43 Haha 2024-10-02 14:59:37 i almost thought eudev had an update 2024-10-02 15:00:28 now im afraid of rebooting.... 2024-10-02 15:01:12 This was totally a downstream bug šŸ˜… 2024-10-02 15:01:25 alpine's side gonna come when we move mdev 2024-10-02 15:01:49 Since that one's indeed referenced by alpine's mkinitfs 2024-10-02 15:01:55 As udev is in pmOS 2024-10-02 15:02:18 I'd be very surprised if any alpine user has something as big as udev in the initramfs 2024-10-02 15:02:44 Which is dowstream mostly because android partition tables 2024-10-02 15:02:46 that would be surprising indeed :) 2024-10-02 15:03:18 what's the android partition tables peculiarity that requires udev? 2024-10-02 15:03:54 it is kind of annoying to realize that /dev in initramfs is different from the booted system the hard way, spoken as an udev user... 2024-10-02 15:04:33 skarnet: mr 5000 in pmaports 2024-10-02 15:04:46 thanks 2024-10-02 16:21:48 i trying to update fortify-headers again 2024-10-02 17:45:23 At last :D 2024-10-02 18:03:43 Gitlab has been upgrade to 17.3 2024-10-02 18:14:44 thank you! 2024-10-02 18:17:41 I was wondering do the musl patches related to chromium effect the role of the sandbox or does it work just as effectively as on glibc. <- also said on the other channels not sure what chategory this comes under 2024-10-02 18:24:40 You have to have a bit of patience, this is not some question anyone can answer 2024-10-02 18:27:20 ncopa: https://gitlab.alpinelinux.org/fossdd/aports/-/jobs/1541778 2024-10-02 18:27:25 possibly. looks like we allow a few more syscalls. we could probably deny other syscalls that musl don't need, but nobody has investigated that 2024-10-02 18:33:57 ikke: i pushed a fix for musl: 0920eac441c152c1feeeb8d04fe2930baedd8455 2024-10-02 18:34:06 not sure what version of fortify-headers 2024-10-02 18:40:02 Thanks ncopa 2024-10-02 18:40:39 but its still broken apparently 2024-10-02 18:42:20 https://build.alpinelinux.org/buildlogs/build-edge-x86/community/libindi/libindi-2.0.9-r1.log 2024-10-02 18:42:44 what patches do chimera use for fortify-headers? 2024-10-02 18:44:21 That's unrelated 2024-10-02 18:44:32 /home/buildozer/aports/community/libindi/src/indi-2.0.9/libs/sockets/select.h:190:43: error: invalid conversion from 'const fd_set*' to 'fd_set*' [-fpermissive] 2024-10-02 18:44:58 That's not the strnlen bug 2024-10-02 18:47:20 there is also https://build.alpinelinux.org/buildlogs/build-edge-loongarch64/community/networkmanager/networkmanager-1.48.10-r1.log 2024-10-02 18:47:31 and this https://gitlab.alpinelinux.org/Celeste/aports/-/jobs/1541735 2024-10-02 18:48:51 the networkmanager patch looks like it wasn't built with updated fortify-headers 2024-10-02 18:54:22 Oh, the revert is incomplete -_- 2024-10-02 18:54:32 Not tested :/ 2024-10-02 18:57:51 so fortify-headers is still broken? 2024-10-02 18:59:17 Sorry, give me a minute, it's kind of hard to test with the enforced system-wide fortify-header, need to rework a bit the setup 2024-10-02 19:01:37 It seems that the ā€œrevertā€ patch isn't a revert actually, it just modifies *some* code back, but not what the mentioned commit introduced 2024-10-02 19:01:56 Also, it missed some other instances of strnlen where it breaks C 2024-10-02 19:03:25 let me know if you have a fix. I can apply it tomorrow morning 2024-10-02 19:03:47 Just as a note, https://github.com/jvoisin/fortify-headers/ isn't the official upstream repo 2024-10-02 19:03:51 It's a development repo 2024-10-02 19:05:12 Well, IĀ don't want to interfere with jvoisin's work, I'll talk with him and see if he can push upstream directly 2024-10-02 19:13:21 ok, shared a patch 2024-10-02 20:33:04 ncopa: these https://github.com/chimera-linux/cports/tree/master/main/fortify-headers/patches but we use clang so the headers work differently 2024-10-02 22:30:42 is it the new fortify-headers networkmanager won't build with? 2024-10-02 23:52:14 not sure https://github.com/jvoisin/fortify-headers/commit/114b563adc2b942bc5abd4c5820507076d453f64 was the (right?) fix 2024-10-03 00:26:30 someone who knows anything about something would need to check me on this one https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/72916/diffs?commit_id=d9312140aa375e37daec90095f2c4238925f01b0 2024-10-03 00:26:47 preferably a crescent moon source mage or other 2024-10-03 00:48:18 separate in !72919 2024-10-03 01:39:47 ok, I'll just... 2024-10-03 06:19:12 omni, it was incomplete, I already notified jvoisin yesterday, he should push the fix soon 2024-10-03 08:34:34 the FD_ISSET is broken with fortify-headers 2024-10-03 08:58:11 Sheesh 2024-10-03 13:08:51 abump -s CVE-2024-25590 pdns-recursor-5.1.2 2024-10-03 13:09:00 did not add a secfix 2024-10-03 13:09:02 am i holding it wrong? 2024-10-03 13:10:31 I don't think it supports updating the secfixes section 2024-10-03 13:10:44 oh! it affected the commit message 2024-10-03 13:10:46 got it 2024-10-03 13:11:14 nod 2024-10-03 13:22:43 yeah, i think -s was implemented before secfixes was a thing 2024-10-03 13:23:15 right 2024-10-03 13:46:46 Apparently there are still some fortify issues: https://gitlab.alpinelinux.org/fabricionaweb/aports/-/jobs/1542801 2024-10-03 13:47:32 ah yeah, that is unfortunatelly something I dont understand haha 2024-10-03 15:00:13 oh man.. the USE_NATIVE_CHECK seems to be completely broken 2024-10-03 15:01:58 the github runner for fortify-headers seems to be broken as well. It has a matrix of different gcc versions, but it seems to set a gcc binary for musl, and appears to ginore the complete matrix of ubuntu gcc versions. Running same musl gcc for each step 2024-10-03 15:02:35 it is also broken with -std=c99 2024-10-03 15:03:44 currently the gihub runner does not test it with FORTIFY_USE_NATIVE_CHK at all 2024-10-03 15:05:09 because it sets USE_NATIVE_CHK, which was renamed in https://github.com/jvoisin/fortify-headers/commit/459d202b1bbf7abb817a596ce9374edfb7b4da8f 2024-10-03 15:05:32 so the test suite does not really test much 2024-10-03 15:06:00 i feel this is so broken that I think we should probably revert the upgrade, again :-( 2024-10-03 15:09:23 this is blocking us and no response on anything yet 2024-10-03 15:20:12 ncopa: why do you care about native check stuff? musl does not have it so it's irrelevant 2024-10-03 15:20:58 i care because I want to run the tests when building package, and I want run it on each architecture we support 2024-10-03 15:21:54 i also care becase I want to run the tests on my work desktop which happens to be alpine 2024-10-03 15:22:12 and occasionally it is arm 2024-10-03 15:23:19 fortify-headers got reverted for now. will probably not have time to fix it til after 3.21 release 2024-10-03 15:23:43 and it does not seem like anyone else has the time to fix it either 2024-10-03 15:25:53 i reverted the upgrade for now 2024-10-03 15:36:05 ncopa: native check should not affect tests or whatever though 2024-10-03 15:36:18 that stuff should be always disabled on musl because musl does not have the chk funcs 2024-10-03 15:59:46 that fixed the go pipeline ncopa 2024-10-03 20:15:15 Oh that explains some stuff I was getting 2024-10-04 06:09:04 q66: aha, so FORTIFY_USE_NATIVE_CHK is useless for us 2024-10-04 07:14:25 dne, !72970 is not a security update - any reason you MRed it for 3.20? (i'm not opposed, just curious0 2024-10-04 07:19:47 It looks like a bugfix release? 2024-10-04 07:19:57 it is 2024-10-04 07:20:07 perhaps i'm unclear on backport policies in alpine 2024-10-04 07:20:38 It's not only security fixes that can be backported 2024-10-04 07:20:46 ack 2024-10-04 07:20:48 so less strict than Debian 2024-10-04 07:20:57 who will only backport bug fixes if there are loud debbug tickets ;) 2024-10-04 07:21:00 Bugfix releases are quite appropriate 2024-10-04 07:21:12 wonderful 2024-10-04 07:21:24 It's nice to be proactive 2024-10-04 07:21:37 ok, will keep that in mind 2024-10-04 07:22:49 Our principle is that users should feel safe to upgrade within a stable release 2024-10-04 07:23:27 yeah 2024-10-04 07:23:35 that's our principle too so 4.9.1 -> .2 should be safe 2024-10-04 07:23:40 Nod 2024-10-04 07:39:38 going to bump vaultwarden but I also want to change the way config files works, but will do that separately as I need to test it well 2024-10-04 07:39:57 Habbie: yeah, just nice to have the latest patch release in the current stable release (with quite small effort) 2024-10-04 08:04:22 my git is refusing to pull master changes LOL 2024-10-04 08:04:58 trying git gc 2024-10-04 08:18:30 fabricionaweb, it can sometimes take a while on aports, the master pull 2024-10-04 08:19:12 turns out was my yubi key hanging, somehow now after the sleep I need to reconnect it 2024-10-04 09:29:02 Huh, I have a package that fails to build on aarch64 due to manifest 'build.ninja' dirty after 100 tries. Is ninja broken somehow? 2024-10-04 09:30:51 and works fine on my local machine, also aarch64 šŸ¤” 2024-10-04 09:51:15 I've seen that as well in CI 2024-10-04 09:51:38 I recall it worked after retry, so something flaky