2021-04-05 16:51:34 <nmeum> clandmeter: https://gitlab.alpinelinux.org/alpine/infra/turbo-paste/-/issues/4
2021-04-05 16:52:23 <ikke> nmeum: thanks
2021-04-05 17:07:01 <nmeum> np
2021-04-06 12:15:54 <clandmeter> ncopa: ping
2021-04-06 14:36:19 <ncopa> clandmeter: pong
2021-04-06 15:55:34 <clandmeter> ncopa: https://github.com/lxc/lxc/issues/3640
2021-04-06 15:55:42 <clandmeter> wonder if thats related to our issue
2021-04-06 17:52:34 <mps> clandmeter: Hi friend
2021-04-06 17:52:52 <mps> looks like this fixes CAP_SYS_ADMIN
2021-04-06 17:53:27 <mps> just applied it and tested locally, looks like it works fine
2021-04-06 17:53:58 <ikke> mps: which commit did you pick? clandmeter said it did not apply
2021-04-06 17:54:16 <mps> I have 'lxc.cap.drop = sys_admin' in lxc config
2021-04-06 17:54:25 <mps> first one
2021-04-06 17:54:40 <mps> https://github.com/brauner/lxc/commit/d524a35c49bdbf7132f91ac7678cbb9876091a68.patch
2021-04-06 17:54:40 <ikke> So https://github.com/brauner/lxc/commit/d524a35c49bdbf7132f91ac7678cbb9876091a68
2021-04-06 17:54:44 <ikke> right
2021-04-06 17:55:12 <mps> lxc started without any issue
2021-04-06 17:55:35 <mps> should I prepare MR?
2021-04-06 17:55:41 <ikke> fine with me
2021-04-06 17:56:17 <mps> ok, after coffee break
2021-04-06 17:56:17 <ikke> (gotta love commits without context: "fix cgroups mounting"
2021-04-06 17:56:30 <ikke> heh, I just grabbed a coffee myself)
2021-04-06 18:07:29 <mps> ikke: btw, do we have bug opened for this issue
2021-04-06 18:07:55 <ikke> https://gitlab.alpinelinux.org/alpine/aports/-/issues/12281
2021-04-06 18:08:08 <mps> 12281
2021-04-06 18:08:12 <ikke> :)
2021-04-06 18:08:32 <mps> ah, still don't know good method to search bugs
2021-04-06 18:08:52 <ikke> I just searched for lxc cgroup
2021-04-06 18:08:54 <mps> only know for 'brute force', i.e. string
2021-04-06 18:09:00 <ikke> https://gitlab.alpinelinux.org/alpine/aports/-/issues
2021-04-06 18:09:14 <mps> hmm, I searched for 'lxc' only
2021-04-06 18:09:25 <ikke> even then, it's the first result for me
2021-04-06 18:09:31 <mps> yes
2021-04-06 18:09:36 <mps> also for me
2021-04-06 18:09:54 <ikke> Funny enough, this mentioned they _need_ to drop SYS_CAP_ADMIN
2021-04-06 18:11:27 <mps> believe me that using this web interface is quite annoying and complicated on my workstation with only touchpad and not real mice
2021-04-06 18:12:17 <ikke> glab issue list --search lxc
2021-04-06 18:15:39 <mps> installed glab but didn't setup it
2021-04-06 18:16:42 <mps> !20206
2021-04-06 18:25:51 <mps> !20207 is for 3.13-stable
2021-04-06 18:26:56 <ikke> mps: 'CAP_SYS_ADMIN not working' is misleading btw :)
2021-04-06 18:27:14 <ikke> the problem is that it's not working _without_ it
2021-04-06 18:28:09 <mps> right
2021-04-06 18:28:31 <ikke> maybe 'fix mounting cgroups without SYS_CAP_ADMIN'?
2021-04-06 18:28:35 <mps> my bad english
2021-04-06 18:29:52 <mps> not sure I understand this sentence
2021-04-06 18:30:46 <mps> but please, update MRs commit msgs however you think is best
2021-04-06 18:30:51 <ikke> "fix mounting cgroups"
2021-04-06 18:31:00 <ikke> the issue that we face
2021-04-06 18:31:13 <ikke> "without SYS_CAP_ADMIN", the condition that causes this issue
2021-04-06 18:31:40 <mps> aha, patch msg is ' fix cgroup mounting'
2021-04-06 18:31:47 <ikke> yeah
2021-04-06 18:32:02 <ikke> That's the error that it gives when it fails
2021-04-06 18:32:07 <mps> let me reword it and push update
2021-04-06 18:32:19 <ikke> conf.c: lxc_mount_auto_mounts: 728 Cross-device link - Failed to mount "/sys/fs/cgroup"
2021-04-06 18:33:24 <mps> 'main/lxc:  fix cgroup mounting, close #12281' ?
2021-04-06 18:34:05 <mps> with one space less :)
2021-04-06 18:34:28 <mps> does this sounds correct?
2021-04-06 18:35:06 <mps> or just 'main/lxc: fix cgroup mounting'
2021-04-06 19:05:39 <clandmeter> Hello
2021-04-06 19:05:45 <ikke> o/
2021-04-06 19:05:52 <clandmeter> Glad you guys solved it
2021-04-06 19:05:55 <ikke> :)
2021-04-06 19:05:58 <ikke> can you test it?
2021-04-06 19:06:03 <ikke> if you still have your env
2021-04-06 19:06:06 <clandmeter> Nope
2021-04-06 19:06:09 <ikke> ok
2021-04-06 19:06:12 <clandmeter> I'm on phone
2021-04-06 19:06:17 <clandmeter> That's hard
2021-04-06 19:06:21 <ikke> Kinda difficult, yes
2021-04-06 19:06:32 <clandmeter> Would be nice
2021-04-06 19:06:39 <clandmeter> Android lxc
2021-04-06 19:07:35 <mps> I tested and it works in my case, but would be good if someone else can test
2021-04-06 19:09:02 <mps> interesting 'part' is that I looked this patch when the issue is reported and we discussed it, but commit msg mislead me
2021-04-06 20:18:12 <clandmeter> mps: the fix is in edge?
2021-04-06 20:18:18 <clandmeter> or also in stable?
2021-04-06 20:21:18 <ikke> they are still MRs
2021-04-06 20:21:20 <ikke> not merged yet
2021-04-06 20:21:30 <ikke> but there is an MR for 3.13
2021-04-06 20:30:54 <clandmeter> maybe apply it to edge?
2021-04-06 20:31:01 <clandmeter> else im not sure how i can try
2021-04-06 20:31:21 <ikke> grab the package from CI? :P
2021-04-06 20:33:46 <mps> ikke: I assigned it to you
2021-04-06 20:33:56 <mps> they*
2021-04-06 20:34:03 <mps> huh
2021-04-06 20:34:38 <mps> I think edge could be merged, it is 'edge' at the end
2021-04-06 20:35:55 <mps> ikke: do you agree?
2021-04-06 20:36:53 <ikke> yes
2021-04-06 20:38:08 <mps> ok
2021-04-07 06:10:21 <ncopa> morning. i tested lxc from edge and it seems like dropping sys_admin caps works. good job mps!
2021-04-07 06:19:53 <ikke> Nice 
2021-04-07 06:46:08 <mps> good morning
2021-04-07 06:47:21 <mps> good job is done by clandmeter by reminding me to try patch. rest was just 'manual work'
2021-04-07 06:49:40 <mps> we should also merge MR for 3.13-stable? 3.12-stable version is ok, iirc
2021-04-07 07:17:01 <clandmeter> morning friends
2021-04-07 07:18:16 <mps> good morning my friend, nice to see you active :)
2021-04-07 07:18:22 <clandmeter> i think we also need to fix the lxc alpine template
2021-04-07 07:18:46 <clandmeter> or am i the only one bumping into these mkdev issues?
2021-04-07 07:19:04 <mps> what issue?
2021-04-07 07:20:02 <clandmeter> when creating an alpine container
2021-04-07 07:20:09 <clandmeter> with -t alpine
2021-04-07 07:21:08 <mps> with lxc-create?
2021-04-07 07:21:16 <clandmeter> si
2021-04-07 07:21:53 <mps> could you give complete cmd line, so I can check this evening
2021-04-07 07:23:28 <mps> not check, but confirm. I don't have any doubt in whatever you say
2021-04-07 07:23:50 <clandmeter> lxc-create -t alpine foobar
2021-04-07 07:24:09 <mps> thanks
2021-04-07 07:26:24 <clandmeter> https://imgur.com/a/alkl6XX
2021-04-07 07:27:05 <clandmeter> i think more recent rootfs has default devices included
2021-04-07 07:30:48 <mps> looks like you are right (as usual)
2021-04-07 09:39:02 <clandmeter> ikke: im unable to fetch my ssh keys again from gitlab?
2021-04-07 09:39:26 <ikke> Sign 
2021-04-07 09:39:46 <ikke> Sigh*
2021-04-07 09:40:03 <clandmeter> sign in is the soluition yes :)
2021-04-07 09:40:26 <ikke> Hehe 
2021-04-07 09:40:56 <ikke> Should add an acceptance test for that 
2021-04-07 09:48:13 <ikke> Should be fixed in 13.9
2021-04-07 09:48:39 <clandmeter> i thoughjt it was already fixed?
2021-04-07 09:50:36 <ikke> https://gitlab.com/gitlab-org/gitlab/-/issues/296620
2021-04-07 09:50:46 <ikke> Yes, and then regressed again 
2021-04-07 09:54:22 <clandmeter> ncopa: did you get issues with lxc-create and device creations?
2021-04-07 09:55:21 <clandmeter> i think ive seen it before where devices are already existing, or they are regular files by some mistake.
2021-04-07 09:57:15 <clandmeter> i made a patch to add some checks. https://tpaste.us/ejBX
2021-04-07 10:16:22 <ikke> I recall him getting the same errors 
2021-04-07 10:16:33 <ikke> And I ran into it to 
2021-04-07 11:36:54 <ncopa> yup, i bumped into the same
2021-04-07 18:16:57 <mps> clandmeter: yes, 'lxc-create -t alpine foobar' says 'mknod: dev/zero: File exists'
2021-04-07 18:55:27 <Ariadne> when a secfix is recorded, i would like our system to email an advisory to a mailing list.
2021-04-07 18:55:47 <Ariadne> should we create a list for security advisories, or use the announce list for this?
2021-04-07 18:59:31 <ikke> Good question, not sure what the expectation is from people who are subscribed to the announce list
2021-04-07 19:08:08 <Ariadne> i guess lets make a list for security announcements
2021-04-07 19:11:12 <ikke> right
2021-04-07 19:11:44 <ikke> security-announcements?
2021-04-07 19:49:24 <Ariadne> sure
2021-04-07 19:54:00 <ikke> mps: clandmeter I guess that should be easy enough to fix, not?
2021-04-07 19:55:50 <mps> ikke: clandmeter posted this https://imgur.com/a/alkl6XX this morning
2021-04-07 19:56:10 <mps> uh
2021-04-07 19:56:14 <ikke> yes, that's what I was referring to
2021-04-07 19:56:15 <mps> no, sorry
2021-04-07 19:56:17 <ikke> ok
2021-04-07 19:57:32 <mps> he posted something to tpaste but I can't find it now
2021-04-07 19:57:53 <ikke> https://tpaste.us/ejBX
2021-04-07 19:58:08 <mps> yes, this
2021-04-07 19:58:24 <mps> looks as safe change to me
2021-04-07 20:16:35 <Ariadne> ikke: let me know once the security-announcements list is ready :)
2021-04-07 20:24:19 <ikke> https://lists.alpinelinux.org/~alpine/security-announcements
2021-04-07 20:36:42 <Ariadne> thx
2021-04-07 20:36:55 <ikke> I've restriced access to posting there
2021-04-07 20:38:45 <Ariadne> yes, we will a specific email for the bot
2021-04-07 20:38:57 <Ariadne> whatever you want it to be, it will be in the config file for the service
2021-04-09 07:43:48 <ncopa> terraform is pretty cool
2021-04-09 07:44:03 <ncopa> i got it running here on my local machine with libvirt
2021-04-09 07:44:17 <ncopa> i can spin up N ubuntu vms in less than a minute
2021-04-09 13:38:35 <Cogitri> distfiles.a.o https' cert has run out I think
2021-04-09 13:55:29 <ikke> Hmm
2021-04-09 13:56:19 <ikke> So it appears 
2021-04-09 13:56:35 <ikke> It still has a dedicated cert
2021-04-09 17:11:01 <ikke> Cogitri: cert is fixed, but not sure why it was not renewed
2021-04-09 17:21:27 <Cogitri> ikke: Thanks for looking into it :)
2021-04-09 17:26:54 <Ariadne> can we block ledest@gmail.com from posting
2021-04-09 17:26:55 <Ariadne> thx
2021-04-09 17:27:09 <Ariadne> this is the third time he decided to violate our CoC in the past week
2021-04-09 17:43:46 <ikke> Is it fair to give one final warning?
2021-04-09 17:44:07 <ikke> I agree that this inappropriate
2021-04-09 17:44:26 <ikke> I'll respond
2021-04-09 17:44:27 <Ariadne> can somebody else do so then? :)
2021-04-09 17:44:29 <ikke> yes
2021-04-09 17:45:35 <Ariadne> i mean, i only revived a topic that was pushed down the pipeline for further discussion later :p
2021-04-09 17:45:54 <ikke> These are just ad-hominem remarks without any substance
2021-04-09 17:47:13 <Ariadne> and i do not really care if we change the version number to 15 or to 4 or keep it as 3.x tbh
2021-04-09 17:47:46 <Ariadne> i would prefer to drop the 3.x but :P
2021-04-09 17:48:18 <ikke> I do kind see value in being able to signal major changes
2021-04-09 17:48:22 <ikke> kind of*
2021-04-09 17:48:27 <ikke> but alas
2021-04-09 17:49:59 <mps> huh, not good
2021-04-09 17:52:35 <Ariadne> what is "not good"
2021-04-09 17:52:46 <Ariadne> that Led person has been harassing me all week
2021-04-09 17:53:02 <Ariadne> i have kindly asked him to stop several times now
2021-04-09 17:54:04 <mps> hmmm
2021-04-09 17:54:41 <mps> I would ignore such things
2021-04-09 17:55:25 <Ariadne> you are free to do so, i would like to have a community where that is not needed :)
2021-04-09 17:56:02 <ikke> We try to keep Alpine Linux a friendly community. For one person it's easier to shrug these kind of comments of as for another
2021-04-09 17:56:30 <mps> community is amorphous entity
2021-04-09 17:56:34 <ikke> yes
2021-04-09 17:57:02 <Ariadne> the other thing is, if people do not push back against that, it discourages other people from participating
2021-04-09 17:57:03 <ikke> But at least on the communication channels that we procide, we expect people to be nice to eachother
2021-04-09 17:57:09 <mps> ofc, also I don't like to see bad people around
2021-04-09 17:57:20 <ikke> Yeah, it creates a bad atmosphere
2021-04-09 17:57:26 <Ariadne> there are a lot of people who can easily have their confidence broken by such crap
2021-04-09 17:57:31 <Ariadne> which is why that person is doing it
2021-04-09 17:58:04 <mps> there are some which I dislike to be around but never wanted to ask ban on them
2021-04-09 17:58:36 <ikke> mps: are these people personally harassing you?
2021-04-09 17:58:41 <mps> I simply ignore
2021-04-09 17:58:51 <mps> ikke: yes
2021-04-09 17:58:58 <Ariadne> who are they?
2021-04-09 17:59:09 <mps> will not say
2021-04-09 17:59:10 <Ariadne> cause that's not cool
2021-04-09 17:59:26 <mps> as I told I don't care
2021-04-09 17:59:43 <Ariadne> well, do know that i appreciate your work on alpine even if we sometimes disagree :)
2021-04-09 18:00:16 <mps> Ariadne: no, you are not one of these, no worries :)
2021-04-09 18:00:50 <mps> we disagree sometimes and I don't think this is bad 'thing'
2021-04-09 18:01:40 <ikke> No, certainly not
2021-04-09 18:02:17 <Ariadne> well, for example, this started with that person jumping on me for proposing we look at netbsd curses as a lighterweight and simpler (thus more secure) alternative to GNU ncurses
2021-04-09 18:02:33 <Ariadne> and implied i hated GNU and then asked why
2021-04-09 18:02:36 <ikke> yes
2021-04-09 18:02:38 <mps> I'm trying to follow late Jon Postels robustness principle for the internet: be liberal in what you receive, be conservative in what you send
2021-04-09 18:02:56 <ikke> https://lists.alpinelinux.org/~alpine/devel/%3Ce12847f2-4cea-c3e8-84c3-e98b92553f8e%40dereferenced.org%3E#%3CCAAO3vZ_EDSvMtM5Xg0qK3aAKi3nhaXYLHsUiHSfy4hvO1oXSmA@mail.gmail.com%3E
2021-04-09 18:02:59 <Ariadne> i just hate crappy code regardless of where it comes from
2021-04-09 18:03:11 <Ariadne> unfortunately there is a lot of crappy code in GNU :)
2021-04-09 18:03:32 <mps> yes, because most code is GNU ;)
2021-04-09 18:04:01 <mps> though MIT starting to prevail nowadays
2021-04-09 18:04:22 <mps> but I didn't made any statistics, tbh
2021-04-09 18:07:12 <Ariadne> well using GPL does not mean something is GNU :p
2021-04-09 18:07:15 <Ariadne> apk is GPL
2021-04-09 18:10:42 <mps> you know what I mean, I'm sure :)
2021-04-09 18:11:46 <Ariadne> well the MIT X Server is certainly a pile of crap too :)
2021-04-10 05:07:07 <Ariadne> build-edge-s390x seems MIA
2021-04-10 05:07:24 <Ariadne> can someone check it?
2021-04-10 06:48:22 <ikke> mps: checking
2021-04-10 06:48:26 <ikke> \ar*
2021-04-10 06:48:28 <ikke> Ariadne: *
2021-04-10 06:48:58 <ikke> stuck on pygls
2021-04-10 06:49:04 <Ariadne> ah
2021-04-10 06:49:05 <ikke> somehow pytest still hangs from time to time
2021-04-10 13:01:56 <ikke> clandmeter: upgraded nld5 to alpine 3.13 :)
2021-04-10 13:36:53 <PICCORO> .1
2021-04-10 15:44:24 <clandmeter> ikke: Nice
2021-04-10 15:44:56 <clandmeter> Al ok with Ampere?
2021-04-10 15:46:23 <ikke> sorry?
2021-04-10 15:47:26 <clandmeter> The new box
2021-04-10 15:49:24 <ikke> mtjade
2021-04-10 15:49:42 <ikke> clandmeter: I backported your fix for lxc-templates-lxc
2021-04-10 15:50:00 <ikke> We still need to sync all containers to this box
2021-04-10 15:50:36 <ikke> clandmeter: I'm testing terraform + linode
2021-04-10 15:51:13 <ikke> https://tpaste.us/axKl
2021-04-10 15:54:42 <clandmeter> Right
2021-04-10 15:54:50 <clandmeter> Didn't I try that before
2021-04-10 15:54:56 <clandmeter> I don't remember
2021-04-10 15:55:01 <clandmeter> Getting old
2021-04-10 15:58:37 <ikke> I created a bucket in the storage account where the state is kept
2021-04-10 15:58:55 <ikke> So we could run it in a pipeline and maintain the dns records in gitlab
2021-04-10 18:38:25 <ikke> clandmeter: https://gitlab.alpinelinux.org/alpine/infra/linode-tf/-/jobs/368601
2021-04-11 08:16:42 <ikke> clandmeter: https://gitlab-test.alpinelinux.org/clandmeter.keys
2021-04-12 06:34:42 <ikke> ncopa: played a bit with tf this weekend ^
2021-04-12 06:35:20 <Ariadne> i plan to have an initial version of the security tracker ready for deploy at end of week
2021-04-12 06:35:48 <Ariadne> how does the infra team deploy services?  docker, right?
2021-04-12 06:36:04 <ikke> Yes, docker + compose
2021-04-12 06:38:03 <ikke> ncopa: we should be ready to migrate to usa9
2021-04-12 06:40:37 <Ariadne> this application has a lot of tasks that need to be run as cron jobs
2021-04-12 06:48:09 <ikke> We usually have a dedicated cron container for those kinds of jobs 
2021-04-12 06:57:49 <Ariadne> ok
2021-04-12 06:58:06 <Ariadne> well more urgently, what the f is going on with our edge s390x builder
2021-04-12 06:58:18 <Ariadne> because i can rebuild gdk-pixbuf just fine on my s390x machine
2021-04-12 06:58:43 <ikke> I can look into it later today 
2021-04-12 06:58:56 <Ariadne> well can you just do
2021-04-12 06:59:03 <Ariadne> head -n1 /usr/bin/meson
2021-04-12 06:59:42 <Ariadne> on that container
2021-04-12 07:03:39 <ikke> There is no meson binary 
2021-04-12 07:03:54 <ikke> Someone reported it was missing
2021-04-12 07:05:44 <Ariadne> what the mcfuck
2021-04-12 07:05:57 <Ariadne> but i have a meson binary on my s390x machine
2021-04-12 07:07:57 <ikke> Sorry, the builder uninstalled the deps again 
2021-04-12 07:09:23 <ikke> Still missing
2021-04-12 07:09:33 <ikke> Only abuild-meson
2021-04-12 07:43:56 <ikke> Ariadne: I think you still have the old version, while the builder is using the latest version which has not been synced yet 
2021-04-12 08:07:13 <ncopa> ikke: great! I'll move the arm contaienrs today then
2021-04-12 08:07:54 <mps> so, I have to make backups, just in case
2021-04-12 08:08:09 <ncopa> good. thanks
2021-04-12 08:08:55 <mps> heh, I mean my devel containers, not system wide
2021-04-12 08:09:06 <ncopa> yeah, i figured
2021-04-12 08:09:08 <clandmeter> ikke: are all ci's going to run in qemu?
2021-04-12 08:09:14 <mps> I don't have access to bare metal there
2021-04-12 08:09:41 <ikke> clandmeter: same as now, I guess? 
2021-04-12 08:09:50 <clandmeter> i dont know :)
2021-04-12 08:10:02 <clandmeter> i hear libvirt and similar
2021-04-12 08:11:53 <ncopa> libvirt needs a bit more work
2021-04-12 08:12:03 <ncopa> need to fix the ovmf stuff for arm
2021-04-12 08:12:10 <ncopa> and add 32 bit arm
2021-04-12 08:13:07 <clandmeter> ikke: i dont know if we are still using old ways to gen le certs, but here $work some certs expired due to ACMEv1 is eol.
2021-04-12 08:13:39 <ikke> Jirutka had an init file for qemu vms right? 
2021-04-12 08:13:52 <clandmeter> its a project yes
2021-04-12 08:14:00 <clandmeter> i think you can apk add it
2021-04-12 08:14:06 <ncopa> qe,u-openrc
2021-04-12 08:14:11 <clandmeter> openrc-qemu or similar
2021-04-12 08:14:24 <clandmeter> yeah qemu-openrc
2021-04-12 08:15:40 <clandmeter> ovmf is broken?
2021-04-12 08:15:46 <clandmeter> i know its missing arm32
2021-04-12 08:15:57 <clandmeter> but last time i tried ovmf it worked
2021-04-12 08:16:00 <ncopa> well, depends on how you define "broken"
2021-04-12 08:16:17 <ncopa> iirc the first issue was that the files was not installed/named the way libvirt expected
2021-04-12 08:16:22 <ncopa> i guess a symlink fixes that
2021-04-12 08:16:23 <clandmeter> its a bit of pain in the ass to build it i believe.
2021-04-12 08:16:39 <clandmeter> oh yes thats possible
2021-04-12 08:16:54 <clandmeter> i think i added a symlink before to the pkg
2021-04-12 08:17:10 <ncopa> but then i discovered that the APKBUILD is kinda broken as it builds old version, and not the version pkgver indicates
2021-04-12 08:17:30 <clandmeter> yes i think mps did something iirc
2021-04-12 08:17:52 <ncopa> and then i discovered that latest version does not build
2021-04-12 08:17:54 <ncopa> so...
2021-04-12 08:17:57 <clandmeter> i looked into ovms
2021-04-12 08:17:57 <ncopa> needs some work
2021-04-12 08:18:03 <clandmeter> f
2021-04-12 08:18:16 <clandmeter> but like you said, it does not just build
2021-04-12 08:19:05 <ncopa> i played with terraform and libvirt last week. its pretty nice
2021-04-12 08:19:22 <mps> I made !18588
2021-04-12 08:19:53 <ncopa> mps: thank you. seems like it does not build also
2021-04-12 08:20:09 <mps> but this error with python is 'showstopper' for me, I don't understand much of pythin
2021-04-12 08:20:16 <mps> python*
2021-04-12 08:20:32 <ncopa> i don think i will have time to look at ovmf today, but hopefully later this week
2021-04-12 08:21:23 <mps> maybe we can use 'binary release' temporarily, idk
2021-04-12 08:22:30 <mps> ncopa: I mean error with python in edk2, not python in general
2021-04-12 08:23:06 <clandmeter> i think nomad also looks nice
2021-04-12 08:23:11 <clandmeter> it also supports qemu
2021-04-12 08:27:53 <ncopa> havent looked at nomad
2021-04-12 11:17:24 <ikke> Ariadne: fixed meson on s390x
2021-04-12 17:04:33 <Ariadne> ikke: alright
2021-04-12 17:08:35 <ikke> If you want, I can help with packaging the security tracker
2021-04-13 11:29:31 <mps> so, arm devs lxcs are not yet moved to new host?
2021-04-13 12:06:15 <clandmeter> mps, i dont think thats an priority atm
2021-04-13 12:14:10 <ikke> I could already do that 
2021-04-13 12:14:59 <ikke> ncopa takes care of the build containers 
2021-04-13 12:21:49 <mps> ok, I'm not in a hurry, but stopped yesterday to use mine in hope it will be easier to move
2021-04-13 12:53:40 <clandmeter> easier would be, you wake up and its done ;-)
2021-04-13 12:57:04 <mps> you mean, wake up after winter hibernation? I need something like this
2021-04-13 14:38:40 <ncopa> not done yet. sorry
2021-04-13 14:38:51 <ncopa> was busy with other stuff today.
2021-04-13 14:39:14 <ncopa> i did start with my lxc containers though... (to make sure they still work after move)
2021-04-13 14:39:46 <ncopa> it might be there is need for minor config change to make them run on new host
2021-04-13 14:49:10 <mps> np, as I told I'm not in any hurry
2021-04-13 14:56:05 <ikke> I'll do the dev containers tonight 
2021-04-13 16:01:55 <ikke> that's an old commit
2021-04-14 08:02:01 <ncopa> do we have any developer docs for on-boarding new committers?
2021-04-14 08:02:12 <ncopa> i think we dont
2021-04-14 08:02:41 <ncopa> hum i should ask in #alpine-devel
2021-04-16 07:47:41 <Ariadne> ikke: i found a few edge cases i want to fix, can we postpone to tomorrow or monday?
2021-04-16 07:48:24 <ikke> Sure 
2021-04-16 07:48:41 <Ariadne> thx
2021-04-16 20:25:15 <clandmeter> ikke: equinix block storage is going eol
2021-04-16 20:26:10 <ikke> hmm
2021-04-16 20:26:15 <ikke> are we using it for something?
2021-04-16 20:26:19 <ikke> qemu storage?
2021-04-16 20:26:57 <clandmeter> Yes
2021-04-16 20:27:10 <clandmeter> Iscsi based
2021-04-16 20:27:26 <ikke> hmm,
2021-04-16 20:27:43 <ikke> I guess only for the arm based vms, right?
2021-04-16 20:27:58 <clandmeter> Nod
2021-04-16 20:28:15 <ikke> So we will move that anyway soon
2021-04-16 20:29:25 <clandmeter> Probably
2021-04-16 20:29:30 <clandmeter> Check mail
2021-04-16 20:31:09 <clandmeter> Going to bed. Gnite
2021-04-16 20:31:14 <ikke> nite
2021-04-17 13:25:09 <ikke> clandmeter: updating directories when starting gitlab takes a long time, I assume because there are quite many files/directories nowayds
2021-04-17 13:25:12 <ikke> nowadays
2021-04-17 13:37:21 <ikke> Ariadne: I've already created a security.a.o domain record
2021-04-17 13:47:10 <ikke> clandmeter: also, I'm managing linode domain records via terraform
2021-04-17 15:59:27 <clandmeter> ikke: does it come from our scripts the updates?
2021-04-17 16:00:22 <ikke> clandmeter: https://gitlab.alpinelinux.org/alpine/infra/docker/gitlab/-/blob/13.7-stable/overlay/usr/local/bin/entrypoint.sh#L130
2021-04-17 23:22:15 <Ariadne> ikke: great :)
2021-04-18 11:13:11 <ikke> clandmeter: I notice there are many empty artifact directories, that can explain
2021-04-18 11:24:21 <ikke> clandmeter: gitlab has been upgraded to 13.9
2021-04-18 11:50:49 <clandmeter> Maybe delete the empty dirs
2021-04-18 11:51:21 <ikke> I did
2021-04-18 14:02:08 <ikke> clandmeter: btw, I've also upgraded the host to alpine 3.13
2021-04-18 20:35:38 <ikke> clandmeter: https://netbox-new.alpin.pw/
2021-04-18 20:36:00 <ikke> (if you resolve it to 172.16.14.1, it works)
2021-04-18 20:36:12 <ikke> netbox 2.11
2021-04-19 06:20:47 <ncopa> morning
2021-04-19 06:21:02 <ncopa> usa1.alpinelinux.org was out of diskspace
2021-04-19 06:21:22 <ncopa> i have cleaned it up a bit and are now copying over build-edge-aarch64 to usa9
2021-04-19 08:19:05 <ikke> 👍
2021-04-19 08:40:31 <ncopa> im moving the build-edge-a* to usa9, all of them
2021-04-19 08:46:58 <ikke> https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10026
2021-04-19 08:47:09 <ikke> This will become more relevant on usa9
2021-04-19 08:47:26 <ikke> I wonder why the flock is not solving this 
2021-04-19 09:19:41 <ncopa> im planning to have a look at it soonish
2021-04-19 09:19:54 <ncopa> we should try reproduce it in a testcase
2021-04-19 09:51:32 <ikke> Yes, good plan 
2021-04-19 09:52:48 <ncopa> question is how
2021-04-19 10:07:22 <ncopa> ikke: you already moved kdaudt-edge-aarch64 to usa9?
2021-04-19 10:17:07 <ikke> Yes
2021-04-19 10:17:15 <ikke> You can remove the old one 
2021-04-19 10:23:28 <ncopa> deleted
2021-04-19 10:51:28 <ikke> ^ is also an issue
2021-04-19 10:52:30 <ncopa> yeah
2021-04-19 10:52:35 <ncopa> not sure how to solve it
2021-04-19 10:53:22 <ikke> I wonder if we still need the mirrors there
2021-04-19 10:53:43 <ikke> We have 2 dedicated mirror hosts
2021-04-19 10:54:00 <ikke> But I'm not sure if that has been switched over yet or not
2021-04-19 10:54:43 <ikke> clandmeter: ^
2021-04-19 18:16:14 <ikke> netbox now has a journal for items
2021-04-19 20:34:14 <clandmeter> ikke: hi
2021-04-19 20:34:41 <ikke> hey!
2021-04-19 20:37:22 <clandmeter> nice work on gitlab and netbox!
2021-04-19 20:38:37 <clandmeter> did  we start using the new linode mirrors with geodns?
2021-04-19 20:38:39 <ikke> thanks
2021-04-19 20:38:43 <ikke> I have no idea
2021-04-19 20:38:52 <clandmeter> heh
2021-04-19 20:38:58 <ikke> I suspect not yet
2021-04-19 20:39:01 <clandmeter> well if you didnt enable it, i guess that means no
2021-04-19 20:39:13 <clandmeter> i think i verified geodns worked
2021-04-19 20:41:34 <ikke> clandmeter: did you also see that we can manage all DNS records with terraform?
2021-04-19 20:41:40 <ikke> for alpinelinux.org
2021-04-19 20:41:48 <clandmeter> i think i saw something
2021-04-19 20:42:30 <ikke> https://gitlab.alpinelinux.org/alpine/infra/linode-tf
2021-04-19 20:45:34 <clandmeter> is this in production?
2021-04-19 20:46:18 <ikke> Yes
2021-04-19 20:46:42 <ikke> In the sense that, when you make changes and run the deploy pipeline (manual trigger), then it would apply it
2021-04-19 20:47:21 <ikke> You basically run 2 steps. first you create a plan, which shows you what would be changed
2021-04-19 20:47:28 <ikke> and then you apply that plan, which makes the actual changes
2021-04-19 20:47:37 <ikke> The basic idea is quite simple
2021-04-19 20:49:34 <ikke> when you make no changes, nothing happens
2021-04-19 20:52:01 <ikke> clandmeter: btw, do you have access to dmvpn2?
2021-04-19 20:52:52 <clandmeter> i guess so
2021-04-19 20:53:16 <ikke> trying to keep our infra up-to-date
2021-04-19 20:56:10 <clandmeter> try now
2021-04-19 20:57:45 <ikke> thanks, I'm in
2021-04-19 20:59:55 <ikke> I already found a bug in netbox 2.11.0, which also has been fixed already :P
2021-04-19 21:04:04 <danieli> journal, as in an audit / change log?
2021-04-19 21:04:17 <ikke> manual changelog
2021-04-19 21:04:30 <ikke> separate from the automatic changelog
2021-04-19 21:21:44 <danieli> ah i see, that could be very useful
2021-04-19 21:22:08 <danieli> where i work we're preparing to move off a Nokia IPAM in favor of netbox
2021-04-19 21:25:14 <ikke> Aha
2021-04-19 21:30:33 <ikke> Ariadne: need help with docker-compose?
2021-04-20 00:44:27 <Ariadne> ikke: docker in general melts my brain :)
2021-04-20 04:26:53 <ikke> Ariadne: maybe I can try to build it in docker?
2021-04-20 04:27:18 <Ariadne> sounds like a good plan.  i should have the final version ready shortly
2021-04-20 04:27:46 <Ariadne> i am just writing some basic rewrite rules for the CPEs right now, so it will automatically map python CVEs to py-XXX source packages and so on
2021-04-20 04:28:32 <ikke> alright
2021-04-20 07:23:15 <danieli> Ariadne: sounds like progress, nice!
2021-04-20 11:11:06 <Ariadne> either our secfixes data is woefully incomplete, or 3.13 has a lot of unpatched packages :(
2021-04-20 11:11:37 <ikke> :-/
2021-04-20 11:11:38 <Ariadne> probably a mix of both, but still
2021-04-20 11:22:16 <Ariadne> okay, so our secfixes data covers ~70% of identified vulnerabilities
2021-04-20 11:22:22 <Ariadne> that is not too bad
2021-04-20 11:57:20 <Ariadne> hmmph
2021-04-20 11:57:21 <Ariadne> I: Evaluating <CPEMatch cpe:2.3:*:vault:1.6.0:*:*:*:*:*:*:*:*:*> for <Vulnerability CVE-2021-3282> against <PackageVersion vault-1.5.4-r0>
2021-04-20 11:57:22 <Ariadne> I: No fix recorded against any <Package vault> version for <Vulnerability CVE-2021-3282>
2021-04-20 12:03:04 <Ariadne> D: wut? <APKVersion 1.5.4-r0> <APKVersion 1.6.0> True
2021-04-20 12:03:07 <Ariadne> u wot m8
2021-04-20 12:09:55 <Ariadne> oic
2021-04-20 12:11:34 <Ariadne> fixed it
2021-04-20 12:11:44 <Ariadne> ctypes was passing it as wchar_t :D
2021-04-20 14:16:49 <Ariadne> ikke: can you make https://gitlab.alpinelinux.org/kaniini/secfixes-tracker public?
2021-04-20 14:16:57 <Ariadne> ikke: also the readme should cover what needs to be dockerized
2021-04-20 14:17:10 <ikke> I can do it in a bit 
2021-04-20 14:18:22 <Ariadne> for the cron, you only need to run the `import-nvd recent` task
2021-04-20 14:18:33 <Ariadne> you don't have to reimport the yearly feeds :p
2021-04-20 15:11:46 <ncopa> ikke: i wonder if you can help me setting up a CI for abuild git repo, that runs `make && make check` basically
2021-04-20 15:27:40 <ikke> ncopa: sure
2021-04-20 15:51:29 <ikke> Ariadne: repo is public
2021-04-20 16:12:47 <ikke> Ariadne: it seems the example config file is missing
2021-04-20 17:49:17 <ikke> hmm
2021-04-20 18:00:16 <mps> where is this nld9? in NL?
2021-04-20 18:00:34 <ikke> yes
2021-04-20 18:00:49 <mps> and it is new developers box?
2021-04-20 18:01:06 <ikke> it's the x86_64 builder
2021-04-20 18:01:17 <mps> ah, ok
2021-04-20 18:01:31 <mps> thanks for info
2021-04-20 18:01:35 <ikke> usa9 is the arm/aarch builder
2021-04-20 18:02:21 <mps> RTT to usa is somewhat annoying when typing
2021-04-20 18:03:44 <ikke> Yes, usa9 is in delaware
2021-04-20 18:04:02 <ikke> Sorry, Dallas
2021-04-20 18:04:33 <mps> I mean, usa4 developers arm host
2021-04-20 18:04:47 <mps> but probably same RTT
2021-04-20 18:05:15 <ikke> That one is New-York, so it might increase a bit even
2021-04-20 18:05:29 <ikke> Newark
2021-04-20 18:06:43 <mps> linode in Frankfurt is fast
2021-04-20 18:06:53 <mps> for me ofc :)
2021-04-20 18:06:57 <ikke> yes, for me as well
2021-04-20 18:07:49 <mps> ok, move all builders to usa and dev hosts to frankfurt :)
2021-04-20 20:46:09 <ikke> Ariadne: https://security.alpinelinux.org/
2021-04-20 20:49:14 <ikke> No cron-jobs yet
2021-04-21 02:10:57 <Ariadne> ikke: sick
2021-04-21 02:12:26 <Ariadne> i wonder what the CPE is for https://security.alpinelinux.org/vuln/CVE-2021-28832 hahaha
2021-04-21 02:13:10 <Ariadne> cpe:2.3:a:vim_project:vim:*:*:*:*:*:visual_studio_code:*:*
2021-04-21 02:13:14 <Ariadne> WTF
2021-04-21 02:13:43 <Ariadne> well, that's what secfixes-exclude is going to be for :p
2021-04-21 04:32:11 <ikke> Ariadne: this is the docker project: https://gitlab.alpinelinux.org/alpine/infra/docker/secfixes-tracker
2021-04-21 04:44:14 <ikke> btw, for some reason, uwsgi does not like the . imports in __init__.py
2021-04-21 06:15:04 <ncopa> what is secfixes-exclude?
2021-04-21 06:15:21 <ncopa> i think in the past version 0 has been used as "exclude"
2021-04-21 06:15:45 <ncopa> so CVE-this-and-that fixed in version 0
2021-04-21 06:16:04 <ncopa> to indicate that it never affected us
2021-04-21 06:22:03 <ncopa> good job on the secfixes thingy
2021-04-21 06:22:53 <ncopa> i guess there is no point in marking the sec known isses in gitlab as confidential
2021-04-21 06:24:08 <ncopa> the thinking behind making them confidential, even if the issues are publicly known, was to not provide a source for automatted attacks
2021-04-21 06:24:54 <ncopa> it would ofc be fully possible to create a list for automatted attacks from known sources, but the attacker would need to do the job.
2021-04-21 06:26:05 <ncopa> that was the reasoning at least
2021-04-21 06:26:58 <ncopa> is the update db a costly operation? would it be possible to update it on every git push?
2021-04-21 06:27:18 <ncopa> i mean, would it make sense to update it on git push
2021-04-21 06:27:47 <ncopa> then will updated secfixes data be visible directly after push and not up to 24 hours later
2021-04-21 06:55:11 <Ariadne> it is not terribly costly
2021-04-21 06:55:27 <Ariadne> importing the NVD feed is the costliest
2021-04-21 06:56:30 <ikke> 2019 should be imported now
2021-04-21 06:57:49 <ikke> How far back do we want to go? 
2021-04-21 07:10:49 <Ariadne> i wouldn't go back too far yet
2021-04-21 07:11:02 <Ariadne> i'm going to have to change the schema to support the maintainer reports Cogitri requested
2021-04-21 07:13:52 <ikke> Ok
2021-04-21 07:14:18 <Cogitri> Thanks for looking into it! :)
2021-04-21 07:15:10 <ikke> Ariadne: I used sqlite for now, should not be an issue, right? 
2021-04-21 07:15:19 <Ariadne> i've been testing with sqlitee
2021-04-21 07:15:26 <Ariadne> postgresql would be speedier of course
2021-04-21 07:16:00 <ikke> Once it's settled, we can switch to pg
2021-04-21 07:17:11 <Ariadne> yep
2021-04-21 07:17:21 <Ariadne> makes sense, since i have not used alembic
2021-04-21 07:17:38 <Ariadne> (i just didn't see the point in using alembic, since the database is meant to be reconstructed anyway)
2021-04-21 08:19:26 <ncopa> this is kinda interesting also https://repology.org/projects/?inrepo=alpine_edge&vulnerable=1
2021-04-21 08:32:13 <clandmeter> Ariadne: nice work!
2021-04-21 08:33:07 <Ariadne> ncopa: yes, repology takes a similar approach as mine
2021-04-21 08:34:31 <clandmeter> Ariadne: the branch page is bit slower compared to other pages, is it caused by the db?
2021-04-21 08:35:09 <Ariadne> clandmeter: yes, it scans the branch for vulnerabilities at the time of generating the report
2021-04-21 08:35:17 <Ariadne> one possibility might be to add caching
2021-04-21 08:35:39 <clandmeter> its using indexes properly?
2021-04-21 08:35:40 <Ariadne> SQL is not really my area of expertise so there's probably some stupid shit i am doing too :)
2021-04-21 08:35:50 <clandmeter> :D
2021-04-21 08:35:58 <Ariadne> clandmeter: it could be optimized with a join, but i have not figured out how to do joins in sqlalchemy
2021-04-21 08:36:37 <clandmeter> its not that bad, i dont think anybody will notice it.
2021-04-21 08:37:00 <Ariadne> i am sure sombody will come along and optimize it
2021-04-21 08:37:42 <clandmeter> well what we notice is that sec related services tend to get hammered by the community.
2021-04-21 08:37:54 <ikke> Yup 
2021-04-21 08:38:12 <Ariadne> clandmeter: the hot paths are all optimized :)
2021-04-21 08:38:20 <Ariadne> and we can just cache the reports
2021-04-21 08:38:41 <Ariadne> or optimize with a join :)
2021-04-21 08:38:55 <Ariadne> i'm sure it is not that hard to do a join in sqlalchemy, just have not looked into it yet
2021-04-21 08:39:17 <Ariadne> writing 'web' stuff is not really what i usually do
2021-04-21 08:39:44 <Ariadne> i'm just doing this so that we have the tool
2021-04-21 08:39:59 <Ariadne> so we can move onto more interesting initiatives
2021-04-21 08:49:53 <Ariadne> ikke: tagged v0.1.1
2021-04-21 08:51:31 <ikke> Alright, will deploy in a bit 
2021-04-21 08:58:34 <clandmeter> ikke: cd ;-)
2021-04-21 08:58:52 <ikke> ? 
2021-04-21 08:59:32 <ikke> Continuous deployment I guess 
2021-04-21 09:01:00 <clandmeter> yup
2021-04-21 09:01:05 <clandmeter> perfect world senario
2021-04-21 09:02:10 <ikke> I could deploy a gitlab runner that does the deployment 
2021-04-21 09:45:33 <ikke> Ariadne: docs is a false positive 
2021-04-21 09:46:06 <ikke> It's matched to the docker docs image 
2021-04-21 09:48:29 <Ariadne> :D
2021-04-21 09:48:45 <Ariadne> i'm thinking we add a config item that lists packages which should be excluded entirely
2021-04-21 09:48:47 <Ariadne> like docs
2021-04-21 09:48:48 <Ariadne> :)
2021-04-21 09:51:31 <ikke> I guess any virtual package? 
2021-04-21 10:05:57 <Ariadne> yes
2021-04-21 10:06:03 <Ariadne> i'll add a heuristic for that
2021-04-21 10:23:35 <Ariadne> i've also added:
2021-04-21 10:23:37 <Ariadne> CUSTOM_REWRITERS = {
2021-04-21 10:23:37 <Ariadne> }
2021-04-21 10:23:37 <Ariadne>     'jenkins:*': lambda x: 'jenkins',
2021-04-21 10:23:41 <Ariadne> this allows us to uhh
2021-04-21 10:23:51 <Ariadne> mitigate some of these really dumb CPE rules
2021-04-21 10:38:21 <ikke> Ariadne: running import-nvd recent, import-apkindex, import-secfixes, update-states in sequence hourly should suffice for the cronjobs?
2021-04-21 10:38:27 <Ariadne> yes
2021-04-21 10:42:43 <Ariadne> working on merging the JSON-LD stuff
2021-04-21 10:51:22 <ikke> hmm, what would be the best way to run crond scripts (or commands) as a specific user
2021-04-21 10:51:38 <ikke> maybe easiest to use a crontab with a user specification?
2021-04-21 10:55:53 <clandmeter> ikke: in docker?
2021-04-21 10:55:59 <ikke> yes
2021-04-21 10:56:40 <clandmeter> i dont think crond can run as a different user?
2021-04-21 10:57:32 <clandmeter> or use su-exec
2021-04-21 10:57:44 <clandmeter> if you want to run from root
2021-04-21 10:58:00 <ikke> easiest would be a /etc/periodic/hourly script
2021-04-21 10:58:29 <ikke> maybe that script should su-exec itself if run as root?
2021-04-21 11:05:13 <clandmeter> i guess you can run the container as a different user?
2021-04-21 11:06:04 <ikke> The uwsgi process runs as a normal user
2021-04-21 11:06:15 <ikke> then I need a cron container with crond
2021-04-21 11:06:23 <ikke> which afaik needs to run as root
2021-04-21 11:07:27 <clandmeter> i just tried it and it runs as a diff user
2021-04-21 11:07:35 <Ariadne> this is the part which melts my brain :p
2021-04-21 11:07:37 <ikke> https://tpaste.us/oPzE
2021-04-21 11:07:59 <Ariadne> import-apkdb?
2021-04-21 11:08:02 <Ariadne> its apkindex
2021-04-21 11:08:06 <ikke> ah, thanks
2021-04-21 11:08:24 <clandmeter> you need a container which uses that same uid as the other process 
2021-04-21 11:08:32 <ikke> I will reuse the same image
2021-04-21 11:08:42 <clandmeter> yes, thats what i normally do
2021-04-21 11:08:51 <ikke> because it needs all the dependencies as well
2021-04-21 11:08:55 <clandmeter> nod
2021-04-21 11:09:06 <ikke> I learned from the best :P
2021-04-21 11:09:16 <clandmeter> and the uids are the same :)
2021-04-21 11:22:42 <ikke> Ariadne: deployed v0.1.1, I'll finish the crond part later
2021-04-21 11:24:55 <ikke> Ariadne: oh, I guess the db would need to be created
2021-04-21 11:25:05 <Ariadne> :P
2021-04-21 11:36:27 <Ariadne> yes, uhh
2021-04-21 11:36:33 <Ariadne> seems to not be working :p
2021-04-21 11:36:39 <Ariadne> is that DB still down? :p
2021-04-21 12:06:05 <ikke> F5
2021-04-21 12:11:56 <Ariadne> i just tagged v0.2 with the json-ld stuff; no schema change
2021-04-21 12:16:48 <Ariadne> imo if some security company abuses this service, we should ban them
2021-04-21 12:17:05 <Ariadne> because the code is available, the data is available, they have no excuse not to run their own API server :p
2021-04-21 12:17:14 <ikke> We already did for git.a.o secdb
2021-04-21 12:17:32 <ikke> Through user agent
2021-04-21 12:17:34 <Ariadne> :D
2021-04-21 12:17:52 <Ariadne> i mean, bluntly, they can set up their own API server
2021-04-21 12:17:58 <Ariadne> the code is FOSS
2021-04-21 12:18:00 <Ariadne> the data is public
2021-04-21 15:27:23 <ikke> Ariadne: 0.2 is deployed
2021-04-21 16:08:16 <ikke> clandmeter: you can add user crontabs in /var/spool/cron/crontabs/<username>
2021-04-21 16:20:32 <ikke> Ariadne: I have cron working, testing to see if it can properly update packages, and will be deploying that
2021-04-21 16:20:57 <Ariadne> yep
2021-04-21 16:37:16 <ikke> Ok, it's doing somethin now :)
2021-04-21 16:45:08 <ikke> Ariadne: Should it be possible to run any of the jobs concurrently?
2021-04-21 16:45:28 <Ariadne> sure as long as the update-states runs after the import jobs
2021-04-21 16:46:00 <ikke> right, was expecting that
2021-04-21 16:48:23 <ikke> btw, getting this warning: https://tpaste.us/DMJz 
2021-04-21 16:48:28 <ikke> just fyi
2021-04-21 16:54:52 <Ariadne> yes known issue
2021-04-21 16:55:00 <ikke> ok
2021-04-21 16:57:21 <ikke> ok, crons should be in place now
2021-04-21 16:57:28 <ikke> or cron :)
2021-04-21 16:58:41 <ikke> https://gitlab.alpinelinux.org/alpine/infra/docker/secfixes-tracker/-/commit/f83f00e95857dc0e666bd7a994648bb8bb4b6b42
2021-04-22 08:06:47 <ncopa> Ariadne: are there any estimate when 3.11-main and 3.10-main will show up on security.a.o?
2021-04-22 08:10:56 <ikke> It needs to be configured 
2021-04-22 08:31:21 <ncopa> is security.a.o supposed to create issues in the bugtracker?
2021-04-22 08:31:36 <ikke> Not yet 
2021-04-22 08:32:01 <ikke> It currently only lists them
2021-04-22 08:33:41 <ncopa> i mean is there a plan to make it create issues?
2021-04-22 08:35:05 <ncopa> it seems like we can no longer expect alicha create issues, so i think we sort of depend on security.a.o now
2021-04-22 08:36:06 <ncopa> so i think its kinda high prio to fix the remaining things in security.a.o now
2021-04-22 08:41:05 <ncopa> another issue: https://security.alpinelinux.org/vuln/CVE-2021-3121
2021-04-22 08:42:45 <ncopa> reports that protobuf before 1.3.2 is vulnerable to that specific CVE, but also state that it has version 3.13.0-r2
2021-04-22 08:46:24 <ncopa> i guess it means i have to spend time create the #secfixes entry for historical CVE issue that has not affected anyone ever (first protobuf version seems to 2.4.0)
2021-04-22 08:47:27 <ncopa> actually, it is different package
2021-04-22 08:47:32 <ncopa> its gogo protobuf
2021-04-22 08:50:23 <ncopa> hum.... seems that i created a MR to my fork not to Ariadne's git repo https://gitlab.alpinelinux.org/ncopa/secfixes-tracker/-/merge_requests/1
2021-04-22 08:51:14 <ncopa> This merge request is from an internal project to a public project.
2021-04-22 08:51:14 <ncopa> Review the target project before submitting to avoid exposing internal changes.
2021-04-22 08:52:16 <Ariadne> ncopa: i can have it create issues :)
2021-04-22 08:56:19 <ncopa> i added an (untested)  MR for adding a search in our bugtracker
2021-04-22 08:56:35 <ncopa> might be convenient to search if anyone already reported it
2021-04-22 09:00:52 <ncopa> i can share a bit what the thinking behind the previous, manual, process was
2021-04-22 09:01:30 <Ariadne> the URI template looks ok
2021-04-22 09:02:09 <ncopa> the idea was to make sure that as many as possible real vulnerabilities was actually fixed
2021-04-22 09:02:18 <Ariadne> yes
2021-04-22 09:02:24 <ncopa> eg reduce the number of unfixed issues as possible
2021-04-22 09:02:43 <Ariadne> right now we are in the "teach the system what real vulnerabilities are" stage
2021-04-22 09:02:50 <Ariadne> which is why i dont want it to open bugs quite yet
2021-04-22 09:02:58 <ncopa> to achieve that, i wanted to make it as easy as possible to fix them
2021-04-22 09:03:07 <ncopa> ok. i was only wondring if that was on the roadmap or not
2021-04-22 09:03:37 <Ariadne> yep, it is, i just don't want to set it loose on the bug tracker until we have mitigations in place for some of these really awful CPE strings
2021-04-22 09:03:46 <Ariadne> like cpe:2.3:a:vim_project:vim:*:*:*:*:*:visual_studio_code:*:* for vscodium :)
2021-04-22 09:04:09 <Ariadne> right now, it looks at vim_project:vim and goes "ok, this affects vim"
2021-04-22 09:04:20 <Ariadne> because somebody at NVD decided it did
2021-04-22 09:05:21 <ncopa> if there was a lot steps involved for the devs to fix them, or if there were many false positives, the fear was that the devs would not care in the end
2021-04-22 09:05:41 <Ariadne> yep
2021-04-22 09:05:53 <Ariadne> the goal is to keep the workflow exactly the same
2021-04-22 09:06:01 <Ariadne> e.g. patch bug, put it in secfixes
2021-04-22 09:06:26 <ncopa> that is also why we added the secfixes in the APKBUILD, because the dev would need to go in there to bump the version anyway
2021-04-22 09:06:27 <Ariadne> secfixes-exclude was supposed to be a way to allow maintainers to reject CVEs
2021-04-22 09:06:35 <ncopa> so less resistance to update the "db"
2021-04-22 09:06:52 <ncopa> brb...
2021-04-22 09:18:49 <ncopa> what is secfixes-exclude? i previously thought that setting version '0' as the fixed version to be "exclude"
2021-04-22 09:19:48 <ncopa> to keep things simple
2021-04-22 09:20:12 <Ariadne> that approach also works :)
2021-04-22 09:21:26 <Ariadne> however, i am looking at some of these CPE nodes in the NVD feed and i think i might be able to clean some of this up heuristically
2021-04-22 09:21:36 <Ariadne> for example mosquitto
2021-04-22 09:21:56 <ncopa> good
2021-04-22 09:21:56 <Ariadne> we are given a CPE that matches all versions, but there is an additional annotation in the JSON
2021-04-22 09:22:11 <Ariadne> so i am going to pull the annotations from the JSON if available
2021-04-22 09:22:17 <Ariadne> instead of depending on the CPE version field
2021-04-22 09:22:36 <ncopa> sorry if i sound a bit grumpy. changes are always hard. i think we are on right track with security.a.o
2021-04-22 09:22:52 <ncopa> and thank you for taking care of organizing a security response team
2021-04-22 09:28:14 <Ariadne> beats porting alpine to weird machines :p
2021-04-22 09:28:36 <Ariadne> we need to talk about riscv though
2021-04-22 09:28:44 <Ariadne> people want the port, but the builder situation is, well
2021-04-22 09:28:47 <Ariadne> not good :D
2021-04-22 09:29:11 <Ariadne> i think we should just hold our nose and use qemu-user on a threadripper
2021-04-22 09:29:13 <mps> is qemu 'good enough'
2021-04-22 09:29:22 <mps> ah
2021-04-22 09:29:31 <Ariadne> mps: for riscv, i think so, considering riscv foundation says it is a reference simulator
2021-04-22 09:29:54 <Ariadne> however i am a bit skeptical of course
2021-04-22 09:30:00 <mps> I'm interested in risc-v
2021-04-22 09:30:16 <Ariadne> when i was bootstrapping the mips64 port, i found that qemu would hang in cases where real hardware would not
2021-04-22 09:30:18 <mps> but for now I can only try with qemu
2021-04-22 09:31:05 <mps> and best machine I have is i7 with 8GB ram
2021-04-22 09:31:10 <mps> not much
2021-04-22 09:31:16 <Ariadne> random quirkiness with s390x on qemu is also a thing
2021-04-22 09:31:34 <Ariadne> which is why i asked that java bug reporter yesterday if they were running on qemu
2021-04-22 09:31:52 <Ariadne> but for riscv i guess it is "production quality"
2021-04-22 09:31:59 <mps> I just would like to get some feeling about risc-v, even if it is emulator
2021-04-22 09:33:21 <mps> kernel 5.13 will have some improvements for risc-v, would be nice if we can test it
2021-04-22 09:33:28 <Ariadne> ncopa: anyway i appreciate alicha's work on this
2021-04-22 09:33:41 <Ariadne> hopefully they are not too miffed
2021-04-22 09:33:55 <mps> btw, I always wonder is alicha real person or bot
2021-04-22 09:34:28 <Ariadne> no comment!
2021-04-22 09:34:42 <Ariadne> i mean i did get to the bottom of that
2021-04-22 09:34:42 <mps> hmm?
2021-04-22 09:35:04 <Ariadne> it is a person related to an alpine developer, but they choose to remain anonymous
2021-04-22 09:35:14 <Ariadne> so i am not going to say who it is, though i do know :)
2021-04-22 09:35:18 <mps> ah, thanks for explanation
2021-04-22 09:35:43 <mps> I can only guess
2021-04-22 09:36:14 <Ariadne> it is also a pseudonym
2021-04-22 09:36:43 <mps> my brain pointed me to .... :)
2021-04-22 09:39:30 <Ariadne> testing things out with these annotations
2021-04-22 09:41:34 <Ariadne> this apkindex parser is so slow :(
2021-04-22 09:41:48 <Ariadne> i should figure out how to hook into libapk
2021-04-22 09:42:04 <Ariadne> as i do for version compare
2021-04-22 09:43:00 <Ariadne> i should also mark all packages in a given repo as unpublished before crawling the APKINDEX data
2021-04-22 09:43:16 <Ariadne> e.g. https://security.alpinelinux.org/vuln/CVE-2021-20272 is fixed
2021-04-22 09:43:33 <Ariadne> but 3.0.31-r0 is still marked "published"
2021-04-22 09:43:39 <Ariadne> so the branch is "vulnerable"
2021-04-22 10:30:30 <Ariadne> okay i think i got our false positive rate down to something realistic
2021-04-22 10:31:07 <ikke> Let me know if I should deploy something
2021-04-22 10:33:31 <Ariadne> th boltcms issue needs a rewrite rule (which is a config thing)
2021-04-22 10:51:13 <ikke> clandmeter: when you have time, can we look at the new mirror setup?
2021-04-22 11:12:53 <ikke> Ariadne: what was the reason '"jenkins:*": lambda x: "jenkins",' again?
2021-04-22 11:13:22 <ikke> are those plugins all belonging to jenkins?
2021-04-22 11:16:28 <Ariadne> yes
2021-04-22 11:16:48 <ikke> after config changes, should any jobs be run?
2021-04-22 11:16:49 <Ariadne> same for boltcms:*
2021-04-22 11:16:50 <ikke> update-states?
2021-04-22 11:17:13 <Ariadne> yes
2021-04-22 11:17:23 <Ariadne> you'll have to rebuild the DB
2021-04-22 11:17:37 <Ariadne> because the rewrite happens when the match rules are created
2021-04-22 11:17:40 <ikke> right
2021-04-22 11:17:51 <Ariadne> i would wait a bit, i am about to cut 0.3
2021-04-22 11:17:56 <Ariadne> which improves a lot
2021-04-22 11:17:58 <ikke> ok
2021-04-22 11:18:13 <ikke> I'm currently adding all config in the docker/secfixes-tracker project
2021-04-22 11:18:42 <Ariadne> yeah anything where an override is appropriate should go there
2021-04-22 11:18:44 <Ariadne> imo
2021-04-22 11:18:49 <ikke> Ariadne: thinking about it, we maybe also need a way / audit things that do not match
2021-04-22 11:19:21 <Ariadne> problem is, not much i can do about situation where 2 different projects use same name
2021-04-22 11:19:36 <Ariadne> other than rewrite one
2021-04-22 11:19:37 <Ariadne> :)
2021-04-22 11:19:41 <Ariadne> just like aports
2021-04-22 11:19:48 <ikke> yeah, nod
2021-04-22 11:19:56 <ikke> repology has tons of rewrites
2021-04-22 11:21:27 <Ariadne> 0.3 shows the CPE rule that was supplied to us
2021-04-22 11:21:33 <ikke> aha, nice
2021-04-22 11:21:38 <Ariadne> so it should make configuring the rewrites a lot easier :)
2021-04-22 11:22:40 <Ariadne> a tool to remove stale matchers is something we should add
2021-04-22 11:22:48 <Ariadne> but i haven't the slightest idea how to do that yet
2021-04-22 11:23:34 <ikke> Ariadne: https://gitlab.alpinelinux.org/alpine/infra/docker/secfixes-tracker/-/compare/master...config-in-repo
2021-04-22 11:23:53 <ikke> have to go now
2021-04-22 11:25:13 <Ariadne> yep
2021-04-22 11:25:15 <Ariadne> looks good
2021-04-22 11:28:57 <Ariadne> ikke: just pushed 0.3 whenever you wanna rebuild the DB :p
2021-04-22 16:22:42 <ikke> Ariadne: 0.3 is deployed
2021-04-22 16:24:20 <Ariadne> i think things look pretty good
2021-04-22 16:24:49 <ikke> 2021 is still importing
2021-04-22 16:25:42 <Ariadne> ah :)
2021-04-22 16:29:09 <ikke> done
2021-04-22 16:29:53 <Ariadne> 0 false positives in main :)
2021-04-22 16:30:03 <ikke> :)
2021-04-22 20:33:37 <ikke> I've added 3.11 and 3.10 repos as well
2021-04-23 08:28:06 <ncopa> morning!
2021-04-23 08:28:22 <ncopa> im moving machines from usa4 to usa9 now
2021-04-23 08:28:28 <ncopa> starting with build-edge-armv7
2021-04-23 08:32:04 <mps> where will be arm developors lxcs after this
2021-04-23 08:37:40 <ncopa> i was thinking the build-3* after edge, but i can move the *-mos first if you prefer
2021-04-23 08:42:18 <mps> no, do how you planed. I'm not in a hurry, just curious
2021-04-23 10:28:56 <GreyXor> Hello everyone, I have a "GreyXor" account on alpine's gitlab. I created this account not with the email but with the association of my gitlab.com account. but now I deleted and recreated a new gitlab account, I'm afraid that my greyxor account of alpine is not available anymore. can you help me with this case?
2021-04-23 10:30:45 <ikke> GreyXor: hello
2021-04-23 10:31:52 <GreyXor> ikke hello, it is this account : https://gitlab.alpinelinux.org/greyxor
2021-04-23 10:32:00 <ikke> There is an e-mail address associated with that account
2021-04-23 10:32:47 <GreyXor> I created it by associating it with my gitlab.com account. but I have since deleted and recreated my gitlab.com account. so I'm afraid it will be a problem and I want to keep my name "GreyXor" on the alpine gitlab
2021-04-23 10:32:57 <ikke> Right
2021-04-23 10:33:28 <GreyXor> What can i do ? To be sure to recover access ? maybe you can delete account and i just recreate it ?
2021-04-23 10:35:23 <ikke> I sent an e-mail to you
2021-04-23 10:37:37 <GreyXor> I send you the token via /msg
2021-04-23 10:38:02 <ikke> For some reason I did not receive it
2021-04-23 15:16:38 <ikke> Ariadne: https://gitlab.alpinelinux.org/alpine/infra/gitlab-tf/-/merge_requests/1
2021-04-23 16:26:43 <ncopa> seems like something is happening with the ppc64le host
2021-04-23 16:27:02 <ncopa> maybe the openjdk13 build made it catch fire...
2021-04-23 16:27:06 <ikke> hmm
2021-04-23 16:27:36 <ikke> seems to happen every once in a while
2021-04-23 16:27:50 <ikke> ncopa: btw, I think we should be able to use cgroups to limit a container to a certain numa domain
2021-04-23 16:27:59 <ncopa> oh cool
2021-04-23 16:28:28 <ncopa> but that also means no container gets more than 80 cores....
2021-04-23 16:28:46 <ikke> which is kind of what we want, not?
2021-04-23 16:28:52 <ncopa> i guess
2021-04-23 16:28:57 <ikke> using more adds little more
2021-04-23 16:29:13 <ikke> the idea is that it's very expensive to switch numa domains
2021-04-23 16:30:02 <ikke> "The “cpuset” controller provides a mechanism for constraining the CPU and memory node placement of tasks to only the resources specified in the cpuset interface files in a task’s current cgroup. This is especially valuable on large NUMA systems where placing jobs on properly sized subsets of the systems with careful processor and memory placement to reduce cross-node memory access and contention can improve overall system performance."
2021-04-23 16:30:04 <ikke> https://www.kernel.org/doc/html/v5.4/admin-guide/cgroup-v2.html
2021-04-23 16:31:55 <ncopa> guess that is what we want
2021-04-23 16:32:43 <ikke> I guess we do not have oob access to the ppc64le builder?
2021-04-23 16:33:00 <ncopa> not that i know
2021-04-23 16:33:04 <ikke> ok
2021-04-23 16:33:21 <ncopa> im not even sure who is our contact in ibm either anymore
2021-04-23 16:33:25 <ikke> I'm heading out now, it's nice weather
2021-04-23 16:33:31 <ncopa> enjoy!
2021-04-23 16:45:43 <Ariadne> ikke: sick :)
2021-04-23 17:07:37 <ikke> Ariadne: idea is that people can make merge requests against that repo
2021-04-23 17:07:55 <Ariadne> i like it
2021-04-23 17:08:08 <Ariadne> so if somebody wants to add somebody to a team
2021-04-23 17:08:12 <ikke> just a MR
2021-04-23 17:08:13 <Ariadne> they just open an MR
2021-04-23 17:08:26 <Ariadne> hmm, and that makes nominating developers an open process too :)
2021-04-23 17:08:31 <ikke> yes
2021-04-23 17:21:24 <mps> arm lxcs from usa4 are moved?
2021-04-23 17:43:59 <ikke> mps: yes
2021-04-23 17:44:40 <ikke> oh, sorry, usa4 not yet
2021-04-23 17:44:47 <ikke> at least, not the dev containers
2021-04-23 17:58:50 <Ariadne> i tagged secfixes-tracker 0.3.1 with some minor tweaks to the reports
2021-04-23 17:59:08 <Ariadne> i think we will be able to test gitlab monday :)
2021-04-23 18:01:45 <mps> ikke: I can't access them
2021-04-23 18:02:27 <ikke> seems like ncopa was still working on it, they are stopped
2021-04-23 18:02:39 <mps> aha, ok
2021-04-23 18:04:31 <Ariadne> i assume that people are largely happy with the format of the bug reports alicha used to file, right?
2021-04-23 18:10:26 <ikke> mps: you should be able to reach your containers on usa9-dev1.alpinelinux.org ports 22110 22111
2021-04-23 18:24:43 <ikke> ncopa: lxc.cgroup.cpuset.cpus = 0-79 in the container config seems to work
2021-04-23 18:24:56 <mps> ikke: thanks, lets check
2021-04-23 18:25:04 <ikke> physcpubind: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
2021-04-23 18:25:06 <ikke>  39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 7
2021-04-23 18:25:08 <ikke> 8 79
2021-04-23 18:28:49 <mps> ikke: ssh hangs on 'debug1: Connecting to usa9-dev1.alpinelinux.org [147.75.35.197] port 22111'
2021-04-23 18:29:08 <ikke> Hmm, let's see
2021-04-23 19:01:09 <Ariadne> ikke: this terraform stuff looks pretty great
2021-04-23 19:01:17 <Ariadne> i'll write up some docs for it
2021-04-23 19:01:20 <ikke> yeah
2021-04-23 19:01:40 <ikke> it's conceptually quite simple
2021-04-23 19:04:30 <Ariadne> configuration-defined governance :)
2021-04-23 19:05:25 <ikke> yeah, I saw your twee
2021-04-23 19:05:28 <ikke> t
2021-04-23 19:05:37 <mps> programming by configuring
2021-04-23 19:06:17 <Ariadne> i mean, we're not quite there, but this gets us pretty close
2021-04-23 19:07:55 <Ariadne> literally being able to nominate new developers through an MR is a big fucking deal though
2021-04-23 19:13:44 <ikke> mps: can you try again?
2021-04-23 19:15:53 <mps> ikke: same result
2021-04-23 19:17:16 <ikke> anoying, in htop, our new builder, when I switch to tree mode, I suddenly only see the processes of one container, the processes of other containers disappear
2021-04-23 19:18:43 <Ariadne> weird
2021-04-23 19:19:01 <ikke> yes
2021-04-23 19:43:36 <ikke> mps: I guess ncopa needs to look at it
2021-04-23 19:43:46 <ikke> I cannot find where the traffic is blocked
2021-04-23 19:44:31 <mps> ikke: ok, thanks for trying
2021-04-23 19:56:30 <ikke> Ariadne: https://gitlab.alpinelinux.org/groups/team/security/-/group_members :)
2021-04-23 20:58:22 <ncopa> mps. sorry i moved it
2021-04-23 20:59:05 <ikke> ncopa: portforwarding is not working for some reason
2021-04-23 20:59:47 <ncopa> ikke: did you start them all?
2021-04-23 20:59:58 <ikke> no, just those from mps
2021-04-23 21:00:28 <ncopa> ok
2021-04-23 21:03:28 <ikke> I've alreayd started setting numa settings for some builders
2021-04-23 21:03:33 <ncopa> ok good
2021-04-23 21:03:50 <ncopa> i've started the rest now i think
2021-04-23 21:04:06 <ncopa> now its only the qemu vms left to move
2021-04-23 21:04:29 <ncopa> i guess we should at some point also try reboot it to see that all containers comes up as expected
2021-04-23 21:04:33 <ncopa> but not today
2021-04-23 21:04:35 <ikke> right
2021-04-23 21:04:59 <ikke> ncopa: we need some way to devide the different containers over the 2 CPUs'
2021-04-23 21:05:43 <ncopa> no opinion there
2021-04-23 21:05:59 <ncopa> we could do 64 bit vs 32 bit, but we have both armv7 and armhf
2021-04-23 21:06:14 <ncopa> or we coudl do build-* vs dev boxes
2021-04-23 21:06:17 <ikke> and htop is acting strange on this host when I switch to tree view :(
2021-04-23 21:06:30 <ncopa> or odd/even on ip addr
2021-04-23 21:07:51 <ncopa> ok? strange how?
2021-04-23 21:08:14 <ikke> normal view, I see processes for all countainers
2021-04-23 21:08:24 <ikke> in tree-view, only one container remains
2021-04-23 21:08:45 <ikke> Missing lots of processes
2021-04-23 21:09:15 <ncopa> indeed. interesting
2021-04-23 21:11:47 <ncopa> im going to bed. have a nice weekend!
2021-04-23 21:11:59 <ikke> o/
2021-04-23 21:13:26 <mps> ncopa: ikke: np, no hurries
2021-04-24 07:33:56 <ikke> ppc64le host is still awol
2021-04-24 13:57:30 <ikke> Ariadne: what do we need for alpineconf, maybe we can host it ourselves?
2021-04-24 14:26:18 <Ariadne> i was hoping to use bigbluebutton, since it allows for people to just jump in and ask questions
2021-04-24 14:26:24 <Ariadne> but we could use jitsi or something else
2021-04-24 14:26:40 <Ariadne> bigbluebutton is the nicest one i've seen, and its just some java application
2021-04-24 14:27:37 <Ariadne> the other thing is, we do need to plan for some reasonably large amount of viewers
2021-04-24 14:27:47 <Ariadne> which consumes bandwidth
2021-04-24 14:28:02 <Ariadne> i have friends at CCC, i am considering asking them to see if they could help us with this
2021-04-24 14:28:21 <Ariadne> they have all of this already set up :)
2021-04-24 14:28:39 <ikke> right, makes sense
2021-04-24 14:29:03 <Ariadne> fosshost got scared when i said we might have 3000+ viewers at any time
2021-04-24 14:29:19 <Ariadne> (i don't know if we will have that much, but for capacity planning you want to overshoot, not undershoot)
2021-04-24 15:09:08 <Cogitri> ikke: Hej, just tagged a first release of aports-qa-bot. I think you mentioned that we could tag the docker images with the tag of aports-qa-bot so we could rollback in case things go wrong, not sure where to start with that though
2021-04-24 15:12:07 <ikke> If you create a tag in the repo, it will push a tagged image with that version
2021-04-24 15:16:05 <Cogitri> Ah, so I just create the same tag in the docker repo and it should just work?
2021-04-24 15:20:38 <Cogitri> https://gitlab.alpinelinux.org/alpine/infra/docker/aports-qa-bot/-/jobs/378917
2021-04-24 15:20:49 <Cogitri> > Please specify $DOCKER_PASSWORD
2021-04-24 15:20:55 <Cogitri> I guess the repo is missing a secret?
2021-04-24 15:22:25 <ikke> are you doing it in a fork?
2021-04-24 15:22:54 <Cogitri> No, I pushed directly to that repo
2021-04-24 15:23:05 <Cogitri> https://gitlab.alpinelinux.org/alpine/infra/docker/aports-qa-bot/-/commits/0.1.0
2021-04-24 15:46:44 <ikke> ah, tags need to be protected
2021-04-24 15:49:53 <ikke> Cogitri: now it works
2021-04-24 15:50:24 <ikke> Created manifest list docker.io/alpinelinux/aports-qa-bot:0.1.0
2021-04-24 15:55:13 <Cogitri> Oh great, thanks :)
2021-04-24 15:57:02 <Cogitri> Maybe you could pull the compose too, adjust the config and restart the bot?
2021-04-24 15:57:57 <Cogitri> Instead of a DryRun: true it now has per-action toggles for Disabled/DryRun/Enabled
2021-04-24 15:58:27 <Cogitri> With the new release the auto maintainer thingie and cancelling MR pipelines when a MR is merged/closed was added, maybe you could set those to DryRun and the rest to Enabled
2021-04-24 16:00:44 <ikke> Cogitri: should I now use the tagged version?
2021-04-24 16:01:04 <ikke> or just latest?
2021-04-24 16:03:20 <Cogitri> Yup
2021-04-24 16:03:26 <Cogitri> Yup to tagged version :)
2021-04-24 16:03:33 <Cogitri> We'll use tags now for future releases
2021-04-24 16:03:56 <ikke> ok
2021-04-24 16:05:50 <ikke> Ok, updated
2021-04-24 16:10:37 <Cogitri> Thanks :)
2021-04-24 16:11:10 <Cogitri> I guess we can take a look at the logs tomorrow to check that the new features behave in dry run and then enable them too
2021-04-24 16:14:29 <ikke> I had AutoCancel set to enabled (changed it now)
2021-04-24 16:14:35 <ikke> 2021/04/24 16:10:13 Couldn't cancel MR pipeline due to error POST https://gitlab.alpinelinux.org/api/v4/projects/1/pipelines/79955/cancel: 404 {message: 404 Not found}
2021-04-24 16:18:16 <ikke> Cogitri: You might have received another mention about the mentors group, I accidentaly removed it (yay automation :P)
2021-04-24 16:25:20 <Cogitri> Oh yes, wondered what that was about already :D
2021-04-24 16:25:47 <Cogitri> ikke: Oh, thanks for the notification, maybe AutoCancel needs more work to work with forks, I had hoped it'd work as-is
2021-04-24 17:46:41 <ikke> clandmeter: upgraded gbr2-dev1 to alpine 3.13
2021-04-24 18:02:11 <Ariadne> fwiw i think danieli should be added to the security team if he wishes to be
2021-04-24 18:03:04 <ikke> btw, there is also #alpine-security
2021-04-24 18:07:26 <ikke> Ariadne: feel free to open an MR :P
2021-04-24 18:08:00 <Ariadne> he should really be in on this if he wants to be
2021-04-24 18:08:06 <ikke> yes
2021-04-24 18:08:07 <Ariadne> he did try to make this happen sooner, afte all
2021-04-24 18:08:14 <ikke> But not sure if he has the time
2021-04-24 18:09:36 <Ariadne> well he can be honorarily involved :D
2021-04-24 18:34:12 <danieli> Ariadne: I'm not sure I have the trust from the community or developers after being out of the picture for so long, but I'll gladly help out wherever I can
2021-04-24 18:34:33 <danieli> I'd recommend joining ##distro-security, it can be a nice forum to discuss overarching issues and ask for input
2021-04-24 18:36:49 <Ariadne> well, i trust you :p
2021-04-24 18:37:00 <Ariadne> that should count for something
2021-04-24 18:37:40 <danieli> I suppose, I just want to help improving things and make alpine better
2021-04-24 18:39:13 <ikke> I still could use help with alpine infra, especially now that clandmeter is quite busy
2021-04-24 18:39:21 <ikke> (which is also sucurity related)
2021-04-24 18:39:55 <danieli> fair enough, i have a lot on my plate at work, but it's not nearly as draining as my last dayjob
2021-04-24 18:40:16 <danieli> are there any major changes worth mentioning since the last time i was actively involved?
2021-04-24 18:40:28 <danieli> I pop by and read the backlog a few times a week but it's not fresh in memory
2021-04-24 18:41:24 <ikke> No major changes
2021-04-24 18:41:45 <danieli> just stuff moving around, changing names, new versions?
2021-04-24 18:41:52 <ikke> started to use terraform to manage things in applications
2021-04-24 18:41:55 <ikke> yes
2021-04-24 18:42:06 <danieli> did you ever get the time to delve into ansible?
2021-04-24 18:42:11 <danieli> or are you thinking of using terraform instead
2021-04-24 18:42:29 <ikke> terraform does not handle the OS layer
2021-04-24 18:43:41 <ikke> clandmeter set something up with ansible in gitlab
2021-04-24 18:48:25 <ikke> danieli: do you still have access to netbox?
2021-04-24 18:48:50 <danieli> I used to, but I gave clandmeter a list of all my alpine accounts around the time I left so they could be disabled
2021-04-24 18:48:57 <danieli> the VPN profile has probably expired long ago
2021-04-24 18:51:54 <danieli> I have gitlab, linode, mediawiki, netbox, patchwork, redmine, the lounge and zabbix listed in my password manager under the 'alpine' folder
2021-04-24 18:52:05 <ikke> lately I have been slowly upgrading our infra
2021-04-24 18:52:13 <ikke> many hosts were still alpine 3.10/11
2021-04-24 18:52:34 <danieli> focusing more on upgrading the OS or the software?
2021-04-24 18:52:37 <ikke> OS
2021-04-24 18:52:46 <ikke> and keeping gitlab up-to-date
2021-04-24 18:52:52 <ikke> netbox has been upgraded
2021-04-24 19:02:12 <Ariadne> well, we are building a whole new chapter for the project imo
2021-04-24 19:19:13 <Ariadne> so much great stuff happening lately :D
2021-04-24 19:19:37 <ikke> heh
2021-04-24 19:23:30 <Ariadne> danieli: what is your gitlab username
2021-04-24 19:23:37 <Ariadne> i'mma try this out
2021-04-24 19:24:19 <ikke> @daniel
2021-04-24 19:24:23 <danieli> Ariadne: iirc @daniel 
2021-04-24 19:24:29 <danieli> i registered pretty early on
2021-04-24 19:24:41 <Ariadne> yes it is
2021-04-24 19:42:01 <ikke> Ariadne: fyi, CI is still a bit of an issue, because it requires credentials
2021-04-24 19:42:23 <Ariadne> yeah obviously we don't want to have it go and like
2021-04-24 19:42:28 <Ariadne> do the thing
2021-04-24 19:42:38 <Ariadne> based on some random idiot (me) opening an MR
2021-04-24 19:42:40 <Ariadne> :D
2021-04-24 19:43:00 <ikke> Right, but it would nice to be able to see the plan (ie, the changes it would do)
2021-04-24 19:43:08 <ikke> but even for the plan, you need full access
2021-04-24 19:43:37 <Ariadne> anyway i opened an MR
2021-04-24 19:43:40 <Ariadne> to do the thing
2021-04-24 19:44:01 <ikke> nod
2021-04-24 20:19:36 <clandmeter> ikke: i just moved places :)
2021-04-24 20:19:46 <ikke> aha
2021-04-24 20:19:49 <clandmeter> so i think i will have some more time
2021-04-24 20:19:58 <clandmeter> we can look at the mirror setup
2021-04-24 20:20:05 <clandmeter> but not today :)
2021-04-24 20:23:21 <ikke> clandmeter: fyi, the ppc64le builder is awol 
2021-04-24 20:23:29 <ikke> No response yet from ibm
2021-04-24 20:23:36 <clandmeter> I saw your email
2021-04-24 20:33:30 <ikke> clandmeter: do you mind generating a new cert for daniel?
2021-04-24 20:33:47 <clandmeter> ovpn?
2021-04-24 20:33:49 <ikke> yes
2021-04-24 20:33:56 <clandmeter> yes i can do that tmomorrow
2021-04-24 20:34:00 <clandmeter> im going to bed
2021-04-24 20:34:04 <ikke> sure
2021-04-24 20:34:08 <clandmeter> bit tired after moving
2021-04-24 20:34:12 <ikke> no hurry
2021-04-24 20:46:44 <ikke> Ariadne: fyi, the scraping of secdb@git.a.o is still going on
2021-04-24 20:46:59 <Ariadne> replace with rickroll.mp4
2021-04-24 20:47:00 <Ariadne> tbh
2021-04-24 20:47:14 <ikke> We return http 429 atm
2021-04-24 20:47:37 <ikke> Ariadne: does http4s-blaze
2021-04-24 20:47:40 <ikke> user agent
2021-04-24 20:47:48 <ikke> ring any bell?
2021-04-24 20:51:11 <Ariadne> nope
2021-04-24 20:51:14 <ikke> k
2021-04-24 20:51:27 <Ariadne> https://github.com/http4s/blaze
2021-04-24 20:51:35 <Ariadne> seems to be some java shite
2021-04-24 20:51:47 <ikke> yeah, but a generic library
2021-04-24 20:51:50 <ikke> so could be anythign
2021-04-24 21:23:16 <danieli> clandmeter: congrats on the nwe place then :)
2021-04-24 21:39:03 <Ariadne> ikke: any ip blocks?
2021-04-24 21:39:14 <ikke> comes from all over the world
2021-04-24 21:40:24 <Ariadne> wtf URIs do they fetch?
2021-04-24 21:40:31 <Ariadne> i dont even see secdb on cgit anymore
2021-04-24 21:40:49 <Ariadne> this must be some garbage tier security scanner
2021-04-24 21:40:51 <ikke> Oh, it's not secdb actually
2021-04-24 21:41:05 <ikke> "GET /aports/log/?ofs=103500 HTTP/1.1
2021-04-24 21:47:00 <ikke> Ariadne: seems like they do respond to 429 now
2021-04-25 06:12:23 <clandmeter> danieli: thx
2021-04-25 06:43:28 <Ariadne> ikke: :D
2021-04-25 06:46:07 <ikke> cpu usage of that host dropped significantly
2021-04-25 07:14:07 <Ariadne> which host
2021-04-25 07:14:58 <ikke> that hosts cgit (deu1)
2021-04-25 07:15:11 <Ariadne> ah
2021-04-25 07:16:27 <ikke> and apparently they scrape that for a list of recent commits I guess?
2021-04-25 07:16:34 <ikke> which, in bulk, is quite costly
2021-04-25 07:17:10 <ikke> /cgit/aports/log/?qt=grep&q=cve&showmsg=1
2021-04-25 07:17:34 <ikke> Well, they don't get any of that anymore
2021-04-26 06:28:19 <ncopa> so the ppc64le machine hasn't returned. Do we know who to contact at IBM?
2021-04-26 06:28:43 <ncopa> I have an email from august 2020 i could try
2021-04-26 06:29:28 <mps> I think ikke tried by mail
2021-04-26 06:33:51 <ncopa> ah, good i found it now - after i knew what to search for :)
2021-04-26 06:43:35 <mps> ncopa: my arm lxcs are not accessible, ssh hangs on this msg: debug1: Connecting to usa9-dev1.alpinelinux.org [147.75.35.197] port 22110
2021-04-26 06:43:49 <mps> when you find time, no hurries
2021-04-26 07:11:04 <ncopa> oh, ok. i wonder if you have vpn access?
2021-04-26 07:12:18 <mps> yes, I have
2021-04-26 07:12:32 <mps> but also didn't worked
2021-04-26 07:14:31 <ikke> mps-edge-aarch64.usa9.alpin.pw
2021-04-26 07:15:24 <mps> ssh: Could not resolve hostname mps-edge-aarch64.usa9.alpin.pw: Name does not resolve
2021-04-26 07:15:48 <mps> I don't use alpin.pw resolver
2021-04-26 07:16:08 <ikke> 172.16.23.110
2021-04-26 07:16:16 <ikke> And 111
2021-04-26 07:17:02 <mps> it ask password 'mps@172.16.23.110's password:'
2021-04-26 07:20:29 <mps> ikke: I connected to one
2021-04-26 07:20:39 <mps> logged in, i mean
2021-04-26 07:21:04 <mps> had to change IP aliases for new ip addresses
2021-04-26 07:21:33 <mps> though I swapped them :)
2021-04-26 07:25:06 <mps> both 'works' now. thank you both :)
2021-04-26 07:32:10 <mps> 512GB RAM? :)
2021-04-26 07:33:53 <mps> and first 'Illegal instruction', trying to run cpufetch ;)
2021-04-26 07:37:16 <mps> 160 CPUs, huhu
2021-04-26 08:45:06 <mps> what cpu number we should use in abuild.conf on this machine?
2021-04-26 08:45:35 <mps> 64? :)
2021-04-26 08:48:39 <mps> 5 min to build kernel!? aiee! :)
2021-04-26 08:49:20 <mps> I need to write praise letter to those who gave this machine to alpine
2021-04-26 08:56:23 <clandmeter> mps: send email to arm :)
2021-04-26 08:57:13 <mps> is it from arm company?
2021-04-26 08:57:34 <mps> I mean, they 'donated' it to alpine?
2021-04-26 08:59:06 <mps> hehe, they have to write praise letter to me^Wall of us because we work hard for distro to run very good on arm
2021-04-26 08:59:11 <clandmeter> arm supports the community yes
2021-04-26 08:59:40 <clandmeter> previously it was WoA program, not sure its still the same.
2021-04-26 09:10:22 <ikke> mps: we will limit your container to a single cpu
2021-04-26 09:10:39 <ikke> (80 cores) 
2021-04-26 09:11:51 <mps> ikke: iiuc I can set 80 in abuild.conf ;)
2021-04-26 09:13:05 <ikke> Yes, but we do this for performance reasons. They recommend limiting applications to a single NUMA domain 
2021-04-26 09:20:18 <mps> for me 16 is usually ok, maybe sometimes 32 will help, don't need so much cpus
2021-04-26 09:20:53 <mps> anyway thanks for generosity
2021-04-26 09:22:06 <ikke> Yes, you can still do that 
2021-04-26 09:22:45 <ncopa> mps: thanks for helping with alpine! hopefully the new machine will make your alpine work more fun :)
2021-04-26 09:23:45 <ncopa> and don´t be afraid of using cpu cores, specially if the builders are idle
2021-04-26 09:23:58 <mps> fun is a bonus, usability and quality are main incetive
2021-04-26 09:24:24 <mps> ah, builders are there also
2021-04-26 09:24:34 <ncopa> everythign is there now
2021-04-26 09:24:45 <ncopa> well, not CI - yet
2021-04-26 09:24:57 <mps> good to know to be 'kind citizen'
2021-04-26 09:25:06 <ncopa> appreciate that
2021-04-26 09:25:49 <mps> but now, breakfast is waiting ;)
2021-04-26 09:26:00 <ncopa> but please dont be afraid of doing 5min kernel builds. no need to restrict to 32 cores for that
2021-04-26 09:26:23 <mps> 5 min was with -j16
2021-04-26 09:26:41 <ncopa> try -j80 or something
2021-04-26 09:26:57 <mps> sure, but breakfast is waiting
2021-04-26 09:27:04 <ncopa> enjoy!
2021-04-26 09:27:10 <mps> thaks
2021-04-26 12:12:28 <Ariadne> [00:28:18] <ncopa> so the ppc64le machine hasn't returned. Do we know who to contact at IBM?
2021-04-26 12:12:52 <Ariadne> worst case scenario, i can get my power8 machine back up
2021-04-26 12:14:23 <Ariadne> i presently have it powered down because it's at equinix and i don't want to pay for additional power there, but i can have somebody it move it to my main colo
2021-04-26 12:14:53 <Ariadne> the only ppc64 machine i have up right now is my blackbird because its low power
2021-04-26 12:15:07 <Ariadne> but thats only quad coree
2021-04-26 12:31:56 <ikke> We just got a reply, they're looking into it 
2021-04-26 13:16:10 <Ariadne> also if we need s390x backup, i can do that too
2021-04-26 13:16:29 <Ariadne> i'm confident in the stability of my frankenframe
2021-04-26 13:16:30 <Ariadne> ;)
2021-04-26 13:49:47 <PICCORO> useslove onereer
2021-04-26 13:58:34 <Ariadne> ?
2021-04-26 14:14:59 <ncopa> sounds like PICCORO needs to change password :)
2021-04-26 14:16:41 <Ariadne> probably
2021-04-26 14:26:52 <PICCORO> XD XD XD .. ncopa is ther pidgin notification.. it raised the windo and i typed  XD XD XD
2021-04-26 14:29:33 <PICCORO> Ariadne ncopa the pidgin client where I have centralized everything including telegram is raised each notification their own window
2021-04-26 14:29:33 <PICCORO> because IRC protocol sends too many messages of everything, making me write in the channel, I have already deactivated the notifications XD XD ... I had not done it because I was lazy.
2021-04-26 14:41:18 <ncopa> you are not the first one... :)
2021-04-26 15:03:27 <ikke> They need to physically access the ppc64le machine 
2021-04-26 15:32:28 <PICCORO> mps ncopa ikke still there's no way to autodetect the default kernel of a brand/release of alpine?
2021-04-26 15:33:05 <PICCORO> at the packagin build time?
2021-04-26 15:33:33 <ikke> Look at how other kernel module packages are built
2021-04-26 15:34:57 <ikke> For example, zfs-lts
2021-04-26 15:38:08 <PICCORO> thanks ikke
2021-04-26 17:34:15 <Ariadne> https://gitlab.alpinelinux.org/alpine/infra/alpine-mksite/-/merge_requests/21 for whoever wants to deal with that :)
2021-04-26 20:09:51 <Cogitri> ikke: Pushed new aports-qa-bot release (0.1.1), could you pull the new image and restart the bot please? :)
2021-04-26 20:10:00 <ikke> In a bit
2021-04-26 20:28:49 <Cogitri> Sure, thanks for looking into it :)
2021-04-26 20:33:43 <ikke> Cogitri: I'm maybe missing something, but docker-compose says the container is up-to-date
2021-04-26 20:34:20 <Cogitri> Oh, maybe some arch isn't done building the container yet, and as such it didn't upload it yet, sorry
2021-04-26 20:35:15 <Cogitri> Started the build at 10pm (so 30 minutes ago) and just assumed it'd be finished by now - I guess 0.1.1 should show up tomorrow then. No need to update it immediately anyway, I suppose :)
2021-04-27 08:59:39 <Cogitri> ikke: I think 0.1.1 should be tagged now on dockerhub
2021-04-27 10:39:44 <Cogitri> Also, I was looking into the artifacts downloading API for the bot (for commenting changed files/sonames) and it seems like we have the choice between either downloading the entire archive or only downloading a single file whose name we already know
2021-04-27 10:40:46 <Cogitri> Since the checkapk logs are named after the package they checked (so we don't know the name) and gitlab doesn't have API for listing the files in the artifacts we'd have to download the entire archive which would be less than optimal since the included .apks could be huge
2021-04-27 10:41:11 <Cogitri> Maybe we can put the checkapk output into another archive which has a predictable name?
2021-04-27 10:41:17 <ikke> right, that should be possible
2021-04-27 10:41:21 <Cogitri> Or just concact all checkapk files together and name it checkapk.log ?
2021-04-27 10:42:54 <ikke> Cogitri: deployed v0.1.1
2021-04-27 10:44:47 <Cogitri> Thanks 👍️
2021-04-27 10:48:45 <ikke> Hmm, no log output, I would expect at least something?
2021-04-27 10:54:40 <ikke> Cogitri: https://gitlab.alpinelinux.org/alpine/infra/compose/aports-qa-bot/-/merge_requests/1
2021-04-27 11:23:41 <Cogitri> ikke: Oh, whoops, I think I forgot to add the log info key to the config
2021-04-27 11:24:28 <Cogitri> https://gitlab.alpinelinux.org/alpine/infra/compose/aports-qa-bot/-/commit/8929965d7b57ca15fa54c60cef30e09744432121
2021-04-27 11:42:49 <ikke> OK will add that later 
2021-04-27 11:46:09 <Cogitri> 👍
2021-04-27 11:47:32 <ikke> Cogitri: so if you want to deploy a new version, you can bump it in that override.yml
2021-04-27 11:47:47 <ikke> prod.yml
2021-04-27 11:48:13 <Cogitri> Oh okie
2021-04-27 17:57:06 <ikke> clandmeter: for secdb, what is the reason you use nq to run the generate script, rather than running it directly?
2021-04-27 18:03:44 <Cogitri> ikke: Btw, have you looked at the configs of the bot? Any errors left? If not, we could enable the services which are currently set to DryRun
2021-04-27 18:04:00 <ikke> Ah, needed to enable the logs again
2021-04-27 18:04:22 <Cogitri> Okie 👍️
2021-04-27 18:05:35 <ikke> I've added the loglevel to conf.override.json, but it still does not log
2021-04-27 18:07:23 <Cogitri> Huh
2021-04-27 18:07:37 <Cogitri> I don't think you need to specify it in the override, should be in the base config now 
2021-04-27 18:08:43 <ikke> right, I pulled now
2021-04-27 18:09:52 <ikke> Ok, now getting log output again
2021-04-27 18:10:09 <ikke> Colored output, nice :)
2021-04-27 18:10:26 <ikke> What library are you using?
2021-04-28 05:23:40 <clandmeter> ikke: to prevent it from running multiple times at ones from mqtt i think
2021-04-28 05:26:57 <ikke> clandmeter: ok, I see
2021-04-28 06:10:23 <Cogitri> ikke: Ah, we're using zerolog now, it's pretty nice since it offers structured logging 
2021-04-28 06:10:30 <Cogitri> Nice that logging works now :)
2021-04-28 08:02:32 <clandmeter> ikke: if you can find a nicer way to handle a queue, let me know.
2021-04-28 08:03:44 <ikke> No, was just thinking about how to get the output of the generate command 
2021-04-28 08:04:49 <clandmeter> docker and nq does not play that nice with output
2021-04-28 08:04:55 <ikke> Nod
2021-04-28 08:06:30 <clandmeter> i searched high and low for something easy that just outputs to stdout
2021-04-28 08:14:22 <ikke> But it should also wait until the previous invocation finished 
2021-04-28 08:14:45 <ikke> What about flock? 
2021-04-28 08:16:18 <clandmeter> you could use flock, but you would mis invocations.
2021-04-28 08:17:04 <clandmeter> lets say it runs and you get another run but its locked, it would not run the missing one. you will need to wait for the next one.
2021-04-28 08:17:58 <clandmeter> for mirror rsync, i would use flock and run one every hour or so to catch missing ones.
2021-04-28 08:18:19 <ikke> flock waits until it can get the lock 
2021-04-28 08:20:53 <clandmeter> what happens of multiple flocks are waiting?
2021-04-28 08:20:58 <clandmeter> if
2021-04-28 08:21:25 <ikke> I think the order is not defined 
2021-04-28 08:23:37 <clandmeter> if you think just using flock will work, please go ahead and change it.
2021-04-28 17:21:57 <ikke> Cogitri: I've enabled the remaining options
2021-04-28 18:28:26 <Cogitri> ikke: Nice, let's hope nothing blows up (but I'm fairly sure that it'll be fine :)
2021-04-28 18:34:49 <ikke> Cogitri: I guess this can be closed now / soon: https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10691
2021-04-28 18:41:10 <Cogitri> Yup, maybe we'll want to wait a day or so and see if it works nicely
2021-04-28 18:42:25 <ikke> fine with me
2021-04-29 07:24:52 <Cogitri> ikke: Seems like automaintainer doesn't quite work yet, could you fetch the logs so we can work on fixing it? Maybe something in the email search doesn't work yet since we can't test that without admin permissions
2021-04-29 07:25:02 <clandmeter> ikke: git gets hammered again?
2021-04-29 08:53:05 <Cogitri> Ah, we found the bug in aports-qa-bot, there's a 0.1.2  release now which should fix it.
2021-04-29 11:22:06 <ikke> sigh
2021-04-29 11:23:15 <ikke> restart uwsgi, should make it stable again
2021-04-29 11:25:56 <clandmeter> what is the cause?
2021-04-29 15:24:28 <ikke> clandmeter: Not sure, but every so often uwsi starts becoming unstable and does not respond to requests
2021-04-29 19:57:10 <Cogitri> ikke: Have you looked into updating the bot already? :)
2021-04-29 19:57:36 <ikke> Cogitri: no, thanks for reminding me
2021-04-29 19:59:28 <ikke> done
2021-04-29 20:03:12 <Cogitri> Thanks 👍
2021-04-30 04:45:53 <ikke> Cogitri: ERR Failed to assign maintainer error="author and maintainer are the same" MR=20990 Project=1 component="MergeRequestJob Processor" service=AutoMaintainer
2021-04-30 06:50:36 <clandmeter> ikke: what do you want to do with those mirrors?
2021-04-30 06:51:09 <ikke> Which? 
2021-04-30 06:51:39 <clandmeter> you mention me few days ago
2021-04-30 06:52:12 <ikke> I guess we need to finish the distributed mirror setup? 
2021-04-30 06:52:23 <clandmeter> we need to finish many things :)
2021-04-30 06:52:37 <ikke> Yes, but that as well
2021-04-30 06:52:44 <clandmeter> nod
2021-04-30 06:52:53 <clandmeter> should be simple i think to finish up
2021-04-30 06:53:05 <clandmeter> and we need to finish the arm server part
2021-04-30 06:53:11 <clandmeter> i think they will sh ortly msg us again
2021-04-30 06:54:31 <ikke> Cpu usage is still not good I think 
2021-04-30 06:55:37 <Cogitri> ikke: Oh, I suppose we should downgrade that message to INFO, it's not really an error, it's just unnecessary to assign the author to the MR
2021-04-30 06:55:53 <ikke> Cogitri: I suspected as much 
2021-04-30 08:18:52 <ncopa> im gonna send a ping to the ppc64le ppl
2021-04-30 12:10:01 <ikke> Oof, hardware failure 
2021-04-30 12:43:19 <Ariadne> do i need to get my POWER8 machine up?
2021-04-30 12:45:52 <Ariadne> though if i do, that's going to suck
2021-04-30 12:46:00 <Ariadne> since i guess we would have to rebuild all of edge
2021-04-30 13:28:48 <ncopa> anyone seen the mips64 machine recently? it also seems to be missing
2021-04-30 13:29:40 <Ariadne> i will poke aag about that one
2021-04-30 13:30:33 <Ariadne> i am planning to get a replacement ubiquiti edgerouter infinity and put it in my colo
2021-04-30 13:31:10 <Ariadne> to replace the sketchy setup we have now for mips64 :)
2021-04-30 13:35:45 <ncopa> i said that a ppc64le vm would be ok, but actually, i think it would be good if we could have a physical machine so we can test alpine in ppc64le vms
2021-04-30 13:35:54 <ncopa> we havent done that so far though
2021-04-30 14:15:10 <danieli> ikke: ouch
2021-04-30 18:04:22 <mcrute> could a GitLab admin create a cloud sub-group under the alpine project and make mcrute the owner/admin of that? I don't think I have permission to do that
2021-04-30 18:26:18 <ddevault> someone asked me to set up the lists.sr.ht <> gitlab mirror for gitlab.a.o+lists.a.o
2021-04-30 18:26:21 <ddevault> do we want to pick that back up?
2021-04-30 21:01:30 <Ariadne> it seems reasonable.  i have heard some complaints from users on slow connections (central american users in the unofficial alpine telegram chat) that gitlab is quite painful for them to interact with just to send in a patch