2017-01-03 14:14:39 Hi there ! Quick question for Alpine wizards : Is there a tutorial or article so far that explains how to manage users / groups on Alpine ? 2017-01-03 14:18:44 arnaud__: no different than any other linux system... /etc/passwd /etc/group, adduser addgroup 2017-01-03 14:21:24 scv: And concerning user modification ? Basically what I'm trying to do is change UID of user www-data. I know I can do this with usermod on Ubuntu fir example, but I can't find a way to do this in Alpine 2017-01-03 14:21:40 scv: And concerning user modification ? Basically what I'm trying to do is change UID of user www-data. I know I can do this with usermod on Ubuntu fir example, but I can't find a way to do this in Alpines 2017-01-03 14:22:35 usermod is available in the shadow package 2017-01-03 14:22:45 or you can edit passwd by hand 2017-01-03 14:23:25 scv: ok thank you ! I'll try to look at this package then 2017-01-03 18:08:36 hi so what is the difference between the vanilla kernel and the normal one? 2017-01-03 18:10:44 <_ikke_> normal has grsec patches applied 2017-01-03 18:10:46 <_ikke_> vanilla not 2017-01-03 18:11:26 thank you 2017-01-03 19:03:06 yo guys 2017-01-03 19:04:29 <_ikke_> yo dawg 2017-01-03 19:05:59 do you have this problem with pecl too ? http://stackoverflow.com/questions/40999752/pear-error-xml-extension-not-found-on-ubuntu-14-04-after-installing-php-xml 2017-01-03 19:06:55 php7-pear * 2017-01-04 01:45:55 hiya 2017-01-04 01:46:09 where are all the mirrors at folks? 2017-01-04 01:51:24 I know i can google around for it 2017-01-04 01:51:39 but if it's not on the fuckin' wiki, how the hell do you actually trust it 2017-01-04 01:53:29 https://wiki.alpinelinux.org/wiki/Mirrors 2017-01-04 01:53:42 • This page was last modified on 21 March 2012, at 19:07. 2017-01-04 01:58:40 first distro i -actually- like, and the damn mirrors are nowhere in sight 2017-01-04 02:01:34 apk add alpine-mirrors 2017-01-04 02:01:40 no need to be mean about it 2017-01-04 02:22:05 wasn't trying to be mean 2017-01-04 02:22:08 was just really sad 2017-01-04 02:22:38 see, i'm trying to do it via chroot install to get started 2017-01-04 02:22:49 and i just need a mirror 2017-01-04 02:22:53 muug.ca on the list? 2017-01-04 02:23:02 wait, i can figure that one out all on my own 2017-01-04 02:23:12 ACTION links himself to giyf.com 2017-01-04 02:28:31 just incase anyone else asks this question. http://rsync.alpinelinux.org/alpine/MIRRORS.txt 2017-01-04 02:33:15 pxe: there's some chroot script, are you using that? 2017-01-04 02:33:24 yes 2017-01-04 02:33:28 ok 2017-01-04 02:33:29 :) 2017-01-04 02:33:35 ^^ 2017-01-04 02:33:44 just wanted to make sure you don't run into it 2 days after you're done 2017-01-04 02:33:45 alpine.... is fuckin' awesome 2017-01-04 02:33:51 xD 2017-01-04 02:33:56 only linux that never pisses me off 2017-01-04 02:33:57 that would be fun 2017-01-04 02:34:15 totally would toss a cat out the window if that happened 2017-01-04 02:34:29 :)) 2017-01-04 02:34:51 gl with install, here it's time to call it a night 2017-01-04 02:35:09 ^^ ty, rest well 2017-01-04 02:37:16 is there a way to provide an apk cache the way that apt-cache does? 2017-01-04 02:41:37 have you tried apt-cacher-ng? 2017-01-04 02:42:03 it caches things from cygwin, centos, redhat, opensuse, and a few others as well 2017-01-04 02:42:06 not just deb 2017-01-04 02:42:44 have a look around the apk manuals 2017-01-04 02:42:44 well, how do I configure apk to use it? 2017-01-04 02:42:58 there's a local cache you can configure, but I can't find a way to point it at a network one 2017-01-04 02:43:00 if it's fully matured as i think it is 2017-01-04 02:43:11 it'll have a reference on how to designate a proxy for your apk tool 2017-01-04 02:43:43 if it's not available, setup a reference to your mirror of choice in /etc/hosts 2017-01-04 02:43:54 and have iptables route it to your mirror 2017-01-04 02:44:05 if apt-cacher-ng doesn't work for that 2017-01-04 02:44:11 squid should 2017-01-04 02:45:08 yeah I can use squid although then I have to basically proxy in the OS, which I don't want to do 2017-01-04 02:45:15 (it just gets used as the system socks proxy) 2017-01-04 02:46:09 I just want the packages to land there, not all web access 2017-01-04 02:47:26 (the problem with searching the internet is that apk gets flooded with android crap, so I can't quite craft a query that gets matches of any value) 2017-01-04 02:49:21 I guess this may not be possible - apk itself doesn't seem to have any config or flag to use a specific proxy 2017-01-04 02:51:33 nbastin: it looks at the http_proxy vars 2017-01-04 02:51:46 I tried to set https_proxy, but that didn't seem to work 2017-01-04 02:51:50 hum 2017-01-04 02:51:51 maybe I need to try harder 2017-01-04 02:51:53 i thought it did 2017-01-04 02:52:08 i myself used to have a full local mirror, but don't anymore 2017-01-04 02:52:36 not too many sys and it was nice to have sub-second installs, but i figured 2-3s is also still fast 2017-01-04 02:52:39 err 2017-01-04 02:52:41 yeah, I've pondered it...do you happen to know how big a local mirror is? 2017-01-04 02:53:01 yeah, our problem is internet data caps, not the time, really 2017-01-04 02:53:17 you need to restrict to the releases you want and then you end up around 20-30g 2017-01-04 02:53:31 but if you want to really save traffic a mirror makes no sense :( 2017-01-04 02:53:56 i gtg sorry i just jumped on the active window stupidly 2017-01-04 02:53:56 well, maybe, but 30g is a lot...maybe if I can get it somewhere else on an hdd and then move it 2017-01-04 02:54:00 sure, no worries.. :-) 2017-01-04 05:47:32 is it safe to run edge on a ram install? the instructions only seem to be for the packages, not the kernel or boot media repo. 2017-01-04 05:48:38 <_ikke_> saintdev: safe in what sense? 2017-01-04 05:50:19 what happens on kernel updates? will the packages on the boot media repo cause issues with updates? 2017-01-04 05:57:45 since there isn't an iso to update the boot media for edge 2017-01-04 08:29:18 saintdev: packages are not related to kernel. you can use a 3.5/edge repo just fine with a 3.[01234] kernel. 2017-01-04 08:29:54 if you really want to latest kernel then you need to build your own iso image. 2017-01-04 08:34:39 hello 2017-01-04 09:17:15 I am trying to setup fail2ban with iptables. Everything looks OK, but fail2ban does not ban IP's. Is there someone who can help me? 2017-01-04 09:18:15 my /etc/fail2ban/jail.d/jail.local looks like: [sshd] 2017-01-04 09:18:15 enabled = true 2017-01-04 09:18:15 filter = alpine-sshd 2017-01-04 09:18:15 port = ssh 2017-01-04 09:18:15 logpath = /var/log/messages 2017-01-04 09:18:30 maxretry = 2 2017-01-04 09:20:53 julius_: shouldn't filter be just sshd? 2017-01-04 09:21:47 it points to /etc/fail2ban/filter.d/alpine-sshd.conf which is installed by default 2017-01-04 09:23:01 you can check if its working by running fail2ban-regex /var/log/messages /etc/fail2ban/filter.d/alpine-sshd.conf 2017-01-04 09:23:22 which output "Lines: 1033 lines, 0 ignored, 732 matched, 301 missed" so the regex is working. 2017-01-04 09:24:01 hmm 2017-01-04 09:24:51 are you missing an action directive in the config or did you just omit it here? 2017-01-04 09:26:41 i am missing it in the jail.local, i tried servel different options without any success 2017-01-04 09:27:40 but the default is: banaction = iptables-multiport 2017-01-04 09:28:34 which point to /etc/fail2ban/action.d/iptables-multiport.conf 2017-01-04 09:33:04 julius_: get the commands from actionstart executed? f2b-* 2017-01-04 09:36:02 I think so, I see the rules in iptables, when i run iptables -v -L, i see packets going thru the rules 2017-01-04 09:38:32 init fails after un upgrade in edge. it fails at "loading hardware drivers" - investigating 2017-01-04 09:39:07 (anyone seen this recently with AL?) 2017-01-04 09:43:19 my guess is that I have to define DROP somewhere as droptype 2017-01-04 10:07:30 julius_: so banned ips are getting added to iptables but not dropped? 2017-01-04 10:10:05 nope, i dont see any extra rules in iptables 2017-01-04 10:48:36 does ca-certificates not trust lets encrypt? 2017-01-04 10:52:02 forget, it's ok. just my LE cert seem to be some kind of outdated... 2017-01-04 11:42:33 as in many how-to's, if I define "action = iptables-multiport[name=ssh-test, port=ssh, protocol=tcp] in the jail.local, restart f2b I see my iptables change. But it does not add IP adresses to de DROP or blocked list. 2017-01-04 12:23:17 julius_ - a better solution is to stealth your ssh entirely with fwknop https://it-offshore.co.uk/security/53-stealth-your-ssh-port-ssh-into-lxc-containers 2017-01-04 12:24:33 I will look into it BitL0G1c. But i fixed it after 2 days (sigh). I set my timezone to Europe/Amsterdam but the f2b regex wanted UTC... 2017-01-04 12:25:28 when i used fail2ban I used "banaction = iptables-xt_recent-echo" 2017-01-04 12:26:25 action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 2017-01-04 12:28:31 sshguard is good too & a bit simpler to setup 2017-01-04 12:29:52 i saw it as an alternative, I will look into it. The link to it-offshore.co.uk isnt working 2017-01-04 12:33:07 julius_ - 145.109.194.195 is in set iblocklist - you need to use a different ip 2017-01-04 12:50:24 BitL0G1c: you've got experience with Luks and custom installs right? 2017-01-04 13:28:32 i wonder if i can set up a partitionless btrfs disk and boot off it with syslinux 2017-01-04 14:02:32 ScrumpyJack - yes - the only way I could get btrfs to work was with a separate /boot - to get subvols working in the root partition I used btrfs sub set-default 2017-01-04 14:05:16 do you think snapshots in /boot would work? 2017-01-04 14:05:30 yes I snapshot /boot 2017-01-04 14:05:41 I've been using btrfs for about a year 2017-01-04 14:07:13 So whenever I use gdb inside alpine, musl shits the bed in the __clone() function 2017-01-04 14:08:04 ScrumpyJack - I store the boot snaps in /boot/snaps - btrfs is intelligent enough to ignore the subvols in it when it does a new snapshot 2017-01-04 14:10:55 is there a painless way to deploy alpine via pxe boot? 2017-01-04 14:12:58 https://wiki.alpinelinux.org/wiki/PXE_boot 2017-01-04 14:16:52 BitL0G1c: is your btrfs on the whole device? (dev/sda) or on a partition (dev/sda1 2017-01-04 14:17:30 i use btrfs across the whole device 2017-01-04 14:17:43 neat. 2017-01-04 14:17:50 do you have setup notes? :) 2017-01-04 14:19:42 the trick is to use btrfs sub set-default to get subvols working 2017-01-04 14:19:51 in the root partition 2017-01-04 14:21:06 this makes mounting less hassle if you ever need to repair an installation in a chroot 2017-01-04 14:22:59 use https://it-offshore.co.uk/alpine/setup-partitions to setup a gpt disk with a "boot scheme" 2017-01-04 14:24:00 create the btrfs root partition with a subvol & btrfs sub set-default 2017-01-04 14:24:00 I'm reinstalling a sys install, so perhaps i'll create a apkovl for restore first 2017-01-04 14:42:46 ok, here we go! 2017-01-04 14:54:36 no luck booting 3.5 from a stick :( 2017-01-04 15:02:19 perhaps I'll install 3.4 on top of btrfs 2017-01-04 15:12:48 3.4.3 won't boot either! :( 2017-01-04 15:15:13 I can boot on 3.4 (4.4.22) 2017-01-04 15:16:43 everything after that stops at "Loading hardware drivers" - My monitor is reset, but doesn't regain a signal after that 2017-01-04 15:27:22 hi 2017-01-04 16:41:39 Hello, 2017-01-04 16:41:55 <_ikke_> ohai 2017-01-04 16:42:06 yo 2017-01-04 16:43:51 The Raspberry Pi image does not have the grsec kernel, is there any documentation as to why? (I've tried looking for it and there was only a request: http://forum.alpinelinux.org/forum/kernel-and-hardware/grsec-raspberry-pi 2017-01-04 16:44:08 Can I just create my own image with grsec? If so why is it not the default? 2017-01-04 16:48:07 does anyone here have odroid c2? 2017-01-04 16:48:30 kahiru: I only have UX4 and C1, never got them to boot Alpine =/ 2017-01-04 16:49:02 de_worde: damn :( That's a dealbreaker 2017-01-04 16:49:04 kinda 2017-01-04 16:49:54 kahiru: It may have just been an error on my part trying to get u-boot to work, I did ask and got little/no input 2017-01-04 16:50:36 so what do you run on them? 2017-01-04 16:50:45 I did want to use the c1 for a video display, instead of the rpi3, but I figured out I can use the rpi hardware accelerated video player over firefox so performance is not an issue 2017-01-04 16:51:04 kahiru: I got the debian image working on them, but I don't know how up to date it is now 2017-01-04 16:53:13 well, thanks for the info. I'll reconsider the whole thing 2017-01-04 16:56:44 kahiru: guy to ask just entered I believe - https://wiki.alpinelinux.org/wiki/Alpine_on_ARM 2017-01-04 16:58:24 fabled: hey, any idea if its possible to boot alpine on odroid c2? 2017-01-04 17:00:07 kahiru, have not tried. technically it is matter of having proper kernel config and u-boot. so if it does not work yet out of box, the amount of work to get it running is not big. 2017-01-04 17:00:29 fabled: hmm, sounds doable. thanks 2017-01-04 17:56:15 i'm working with abuild and if for whatever reason i want to re-create my index, i can't seem to be able to do so properly. i've tried 'apk index -o APKINDEX.tar.gz *.apk && abuild-sign APKINDEX.tar.gz' but when i do an 'apk update', it no longer seems to see the packages in my repo 2017-01-04 17:58:08 apk update output >> https://gist.github.com/mbentley/7fee8d0896474800f8511b44e711b2c4 2017-01-04 17:58:56 i'm testing with a local filesystem based repo; same happens when serving with a webserver. i'm guessing i must be doing something incorrectly to generate the index 2017-01-04 18:22:16 hi there 2017-01-04 18:35:55 i installed the proxy package for apache 2017-01-04 18:36:27 and getted the error [proxy_balancer:emerg] [pid 2981] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded?? 2017-01-04 18:37:29 i don't need proxy_balancer so i commented the line that call the module and it works now, i wanted to inform you 2017-01-04 18:37:39 for the strange error 2017-01-04 18:41:47 Hello, I've a small problem: 2017-01-04 18:41:57 apk upgrade 2017-01-04 18:41:57 6 errors; 762 MiB in 244 packages 2017-01-04 18:42:17 Where can I get more informations about this errors? 2017-01-04 18:42:37 apk fix 2017-01-04 18:44:55 Ok, reduced to 2: 2017-01-04 18:45:08 (1/2) Reinstalling php5-cli (5.6.29-r0) 2017-01-04 18:45:08 ERROR: php5-cli-5.6.29-r0: trying to overwrite usr/bin/phpize owned by php-cli-5.6.27-r0. 2017-01-04 18:45:08 ERROR: php5-cli-5.6.29-r0: trying to overwrite usr/bin/php owned by php-cli-5.6.27-r0. 2017-01-04 18:45:08 (2/2) Reinstalling php5-pear (5.6.29-r0) 2017-01-04 18:45:08 ERROR: php5-pear-5.6.29-r0: trying to overwrite usr/bin/peardev owned by php-pear-5.6.27-r0. 2017-01-04 18:45:10 ... 2017-01-04 18:48:38 ah 2017-01-04 18:48:56 php has been renamed to php5 because there is also php7 now 2017-01-04 18:49:23 so you have to apk del php and similar packages 2017-01-04 18:50:11 <_ikke_> Doesn't apk have rename support? 2017-01-04 18:56:40 Does it make sense for multiple apkovl configs to share the same cache directory? 2017-01-04 19:01:34 de_worde, there's few corner cases where it might not work as expected. but for all general use it works, and might be useful. 2017-01-04 19:01:55 we'll plan to explicitly support and fix the issues this year 2017-01-04 19:02:56 S_K - just edit /etc/apk/world to php5.... & apk upgrade 2017-01-04 19:03:35 To late ... I've uninstalled the old one and now I watch roundcube for errors. 2017-01-04 19:07:55 Thanks. 2017-01-04 19:17:57 fabled: Oh right, thanks 2017-01-04 21:13:25 anyone have chefdk installed and working in alpine ? 2017-01-04 21:50:10 Hi, I am running alpine3.5 on virtualbox and it hangs at boot before starting sshd, i checked "/var/log/messages" and it seem that the delay is caused by the following issue "random: nonblocking pool is initialized". So it seeems that it is not gathering enough entropy. If I smash the keyboard on boot solves the problem. 2017-01-04 21:52:59 the issue was not present on alpine3.4 2017-01-04 21:53:15 daingun: if low entropy is the cause you could workaround this by having haveged started before sshd 2017-01-04 22:02:41 kahiru: I have installed haveged and it starts before sshd but the delay after haveged is started is always present. 2017-01-04 22:03:21 I still have to press random keys to generate entropy. 2017-01-04 22:04:04 maybe the issue is related to bug #6607 https://bugs.alpinelinux.org/issues/6607 2017-01-05 06:52:02 <_julius_> morning 2017-01-05 07:07:44 moin 2017-01-05 13:54:47 Hello, I'm trying to follow these PXE boot instructions https://wiki.alpinelinux.org/wiki/PXE_boot, I started with lpxeboot but because it is an UEFI system I followed these: http://www.syslinux.org/wiki/index.php?title=PXELINUX#UEFI 2017-01-05 13:55:18 nevermind actually, it is more to do with DHCP ... 2017-01-05 13:55:40 Although are there any problems booting Alpine using syslinux.efi 2017-01-05 13:55:41 ? 2017-01-05 14:51:34 de_worde, have not tried syslinux.efi but grub2 based efi boot works, so i'd assume syslinux.efi should work too 2017-01-05 16:39:30 I thought the syslinux UEFI support is rather recent... hence I went with Gummiboot itself, but I don't have knowledge of whether it does PXE 2017-01-05 18:12:48 Hello! I was trying https://wiki.alpinelinux.org/wiki/Raspberry_Pi on my Pi3b and got it to boot and install. Now, as it fails to utilize the wifi and probably some other stuff I have not checked for yet, I would like to up build myself an image or update the image with the rpi3 firmware here https://github.com/raspberrypi/firmware. Would you please give me some hints how to go about that? 2017-01-05 19:13:38 noninc: You need to create a 'firmware' folder on your sdcard where the alpine boot files are, directory in there called 'brcm' with 'brcmfmac43430-sdio.(bin & txt) from https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm 2017-01-05 19:23:29 de_worde: thank you! I did try something while i was waiting and added the 80211 firmware to the squashfs image but still no wlan0 interface :/ 2017-01-05 19:24:18 relevant dmesg after rmmod and modprobe: "brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x50" 2017-01-05 19:27:54 noninc: Is that with that firmware folder? you should not need any modules relating to wifi I think, I just have others relating to other devices: snd-bcm2835 i2c-bcm2835 rng-bcm2835 rtc-pcf2127 2017-01-05 19:31:51 de_worde: I did not know it would use the firmware folder on the sdcard so i changed the squashfs image. I will restore the org image and put the firmware in the according folder now, but ls /lib/firmware/brcm shows the right files for me... 2017-01-05 19:32:36 noninc: Yeah, I did try that with squashfs myself at first, something about it being available during the init process 2017-01-05 19:33:26 seems reasonable enough, on it.... 2017-01-05 19:37:00 fabled: That case with the cache maybe not being an issue was an issue in the end, a different config deleted the packages of the other config, had to separate them like the config//.apkovl.tar.gz so cache/ 2017-01-05 19:38:47 Also, another question regarding cache, I have alpine booting on the network (yay) but it does not like the repository being the cache folder for that image, do I have to follow the steps (https://engineering.fundingcircle.com/blog/2015/04/28/create-alpine-linux-repository/) to create a signature and where do I put my key? in the apkovl? in the initfs? 2017-01-05 19:39:41 de_worde: still the same with firmware on sd-root/firmware/... (https://gist.github.com/anonymous/aaa225afae9883cc848698794cbe9ee1( 2017-01-05 19:39:52 sorry, fixed link: https://gist.github.com/anonymous/aaa225afae9883cc848698794cbe9ee1 2017-01-05 19:40:34 noninc: that was fine, deleted the bracket, you need to create the entry in the interfaces file for wlan0 2017-01-05 19:40:44 did that 2017-01-05 19:40:54 and ifup wlan0 ? 2017-01-05 19:41:04 on boot it says ifup: ignoring unkown interface wlan0 2017-01-05 19:43:11 and after boot the same. ignoring unknown interface 2017-01-05 19:43:34 noninc: I have the Pi I setup with the wifi, let me just plug it in ( I was referring to the guide I made ) 2017-01-05 19:44:52 thank you! 2017-01-05 19:45:12 does creating the /firmware on the sdcard overwrite everything of the modloop? cause it now only contains the brcmf firmware 2017-01-05 19:49:29 noninc: Have you installed the raspberrypi package? 2017-01-05 19:50:02 my modloop contains all the firmware with the exception of the wifi one required, which is why its on the sdcard 2017-01-05 19:50:08 that one: https://fr.alpinelinux.org/alpine/v3.5/releases/armhf/alpine-rpi-3.5.0-armhf.tar.gz 2017-01-05 19:50:26 no, just 'apk add raspberrypi' 2017-01-05 19:51:29 is that documented somewhere? did I miss that? 2017-01-05 19:52:56 noninc: Nervermind, looking at the package it is only the set of tools in /opt/vc/bin (which I use): https://pkgs.alpinelinux.org/contents?branch=v3.5&name=raspberrypi&arch=armhf&repo=main 2017-01-05 19:53:29 noninc: I am looking through the image and I really do not see anything different, only several files are altered unrelated to networking except the interface setup 2017-01-05 19:53:53 just in the root firmware/brcm/brcmfmac43430-sdio.(bin|txt) 2017-01-05 19:53:58 of the sdcard 2017-01-05 19:54:29 https://gist.github.com/anonymous/9516e5c13b0103d550a9ed282ee6ba90 2017-01-05 19:55:47 The files end up in /lib/firmware 2017-01-05 19:56:29 yes i noticed. but all other firmware files from the squshfs image were missing after I created the the folder on the sdcard, so i copied all of them there 2017-01-05 19:56:37 still, no wlan0 2017-01-05 19:58:03 only 3x the "brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x50" 2017-01-05 20:00:24 noninc: I may have used this: https://github.com/OpenELEC/wlan-firmware/tree/master/firmware/brcm 2017-01-05 20:00:36 noninc: going to compare the files 2017-01-05 20:00:40 will try those 2017-01-05 20:01:09 You just need the one I named, the others are supliferous 2017-01-05 20:02:17 they differ 2017-01-05 20:03:09 c1f061a9d9a7493a6ec1878fd72d9774 is the md5 of the openelec and 04fc3c9647edd174c2b5d01c4641d8c7 of the firmware-nonfree 2017-01-05 20:03:27 noninc: May be for the newer kernel on the openelec one 2017-01-05 20:06:37 Is that of the bin? I have b24aad300e161782072b227abe9862f7 ... 2017-01-05 20:07:06 the bin, yes 2017-01-05 20:07:08 md5 2017-01-05 20:08:11 hah! the openelec firmware makes wlan0 appear! 2017-01-05 20:09:00 now, should i wonder why the RPi-Distro/firmware-nonfree does not work? 2017-01-05 20:09:21 noninc: I suspect kernel versions 2017-01-05 20:09:34 hmm. 2017-01-05 20:09:56 thank you very much though 2017-01-05 20:11:05 noninc: You're welcome 2017-01-05 20:11:39 just curious, what are you using the pi for 2017-01-05 20:13:14 noninc: number of things, my company has over 100 around the country running a browser kiosk, I also have some running redmine, firewalls, wifi ap, etc. 2017-01-05 20:13:55 all with alpine ofc 2017-01-05 20:15:54 nice! that sounds very interesting. I'll be using it for a web control interface for some temperature control stuff (that an arduino is doing atm) 2017-01-05 20:22:58 df -h 2017-01-05 20:23:08 oh sorry, wrong window 2017-01-05 20:23:51 gonna /part, have a nice day! 2017-01-05 20:26:58 clear; Anyone know a shortcut to adding an apk signature file to the initramfs? I assume changes to mkinitfs which I am already using to get the pxe boot working 2017-01-05 20:29:11 Is it just adding a 'feature' with the .files containing the path to the key in /etc/apk/keys/? 2017-01-05 20:30:51 Oh they keys are in the lbu.. 2017-01-05 20:31:01 the* 2017-01-05 20:39:43 Is there not a way to have a 'partial' apk repository mirror? 2017-01-05 20:39:51 With the offical signatures? 2017-01-05 20:40:02 official* 2017-01-05 20:50:11 Oh I'm not using alpine_dev, does not seem to be a problem however due to booting in memory which is what I want anyway 2017-01-05 23:19:47 hi! I am looking for a nginx 1.11.8 package for arm. anybody that could help? 2017-01-06 01:40:18 I noticed that the installation to a chroot (armhf) failed with several errors - is this normal http://pastebin.ca/3753639 2017-01-06 02:47:12 miasma_: is the current system non armhf? then i think that's possible if it e. g. tries to execute stuff like busybox --install inside the chroot 2017-01-06 03:47:54 Hi there, I have a naive question about the latest Alpine release 2017-01-06 03:48:40 It ships with ZFS on root, other Linux distros failed to provide ZFS because of licensing issues. How is it different for Alpine? 2017-01-06 08:06:35 hello 2017-01-06 08:07:08 how is alpine compared to archlinux? 2017-01-06 08:07:45 <_ikke_> alpine uses grsec kernel, arch not, alpine uses openrc, arch uses systemd, alpine uses musl, arch uses glibc 2017-01-06 08:08:37 <_ikke_> An probably a lot more differences, but these are the main ones 2017-01-06 08:10:04 cool. 2017-01-06 08:10:17 well, alpine is faster right? 2017-01-06 08:10:41 <_ikke_> depends on what you mean with faster 2017-01-06 08:10:56 <_ikke_> It's very loaded, and also hard to compare 2017-01-06 08:11:00 hmm 2017-01-06 08:11:29 As a programmer develop env, is alpine suit for that? 2017-01-06 08:11:54 compare to other distro 2017-01-06 08:12:09 <_ikke_> desktop or server? 2017-01-06 08:12:15 desktop 2017-01-06 08:13:12 <_ikke_> I have very little experience with alpine on desktop 2017-01-06 08:24:05 somaReverse: alpine tries to not get in your way 2017-01-06 08:25:13 somaReverse: alpine is not really desktop oriented. 2017-01-06 08:26:17 somaReverse: we do provide xfce4 2017-01-06 08:26:50 I'm using alpine on desktop right now 2017-01-06 08:27:08 but I think this is not the way of usage which you're looking for 2017-01-06 08:27:33 I can browse the internet, read music, listen to text, watch games and play videos :) 2017-01-06 08:27:56 :) 2017-01-06 08:27:57 But I'm also actually working with it, as a sysadmin 2017-01-06 08:28:21 clandmeter: btw. could you check review my PRs? 2017-01-06 08:28:31 and we dont support gfx blobs like nvidia 2017-01-06 08:29:06 not an issue here, I'm on intel GPU 2017-01-06 08:29:11 skrzyp: ill take a quick look 2017-01-06 08:29:17 dont have much spare time 2017-01-06 08:29:26 server hardware just got in :) 2017-01-06 08:29:28 but even Radeon cards are using now open source drivers, only with proprietary firmware 2017-01-06 08:29:32 clandmeter: okay 2017-01-06 08:29:37 these are mostly desktop stuff 2017-01-06 08:29:44 so don't bother too much if you're in hurry 2017-01-06 08:30:00 im not in a hurry, my boss is. 2017-01-06 08:30:49 lol 2017-01-06 08:30:56 thats the first PR with screenshots ;-) 2017-01-06 08:31:04 vi inventory && ansible-playbook site.yml && coffee 2017-01-06 08:32:13 clandmeter: just wanted to prove it actually works, because someone *cough* disabled dynamic x86 core 2017-01-06 08:32:37 i cannot test if it actually runs 2017-01-06 08:32:50 but as its in testing i can build check it and merge 2017-01-06 08:33:42 hmm 2017-01-06 08:34:02 I feel that alpine is suit for being a USB rescue OS. 2017-01-06 08:34:40 skrzyp: next time put packages deps in the same pr, then CI will work properly. 2017-01-06 08:34:52 clandmeter: ah, okay 2017-01-06 08:35:01 I wan't sure if that works this way 2017-01-06 08:35:03 thanks 2017-01-06 08:35:07 its in the guidelines (which nobody reads) :) 2017-01-06 08:35:24 clandmeter: wiki is another topic which I want to pick up, but not right now 2017-01-06 08:36:02 oh thats ffmpeg... 2017-01-06 08:43:45 <_ikke_> 4* 2017-01-06 08:44:10 5* 2017-01-06 11:44:23 Greetings, is it just me or is mongodb in testing not working? Crashes on rc-service mongodb start 2017-01-06 12:45:06 jomatv6: yes, that's possible. the host is x86-64. would it be possible to make the alpine installation use qemu + binfmt arm support (without running full system qemu)? 2017-01-06 13:18:49 Hello, is there a way to use the apk cache as a http repository mirror without using a custom signature? (USB stick install which also does netboot hosting or can just load a single config) 2017-01-06 13:19:19 I suppose I could setup a key for the usb stick and add it to each config... 2017-01-06 13:19:51 then have the pxe boot config create the signed indexes with it, which will be accepted by the apkovls with the key loaded 2017-01-06 14:15:46 skrzyp: seing that you PR'ed ffmpeg, i'd suggest to also update libas to 0.13.6 (0.13.5 broke API compat without bumping libtool version, 0.13.6 bumps it), and maybe also mpv while at it 2017-01-06 14:15:54 ABI* 2017-01-06 15:05:12 oh, i see there's a PR for mpv too :) 2017-01-06 15:26:00 libass brok abi in minor version? 2017-01-06 15:26:04 largh 2017-01-06 15:53:18 Is sharing the cache with multiple architectures supported? Asking as sharing the cache for multiple apkovl configs is not... 2017-01-06 15:54:09 If it is not then how can I get the same apkovl for different arch have a seperate cache folder to say /media/usb/cache// ? 2017-01-06 16:36:10 I suppose really I want apk to store the cache in the same format as the mirror, /// ... at what point is the /etc/apk/cache folder used by the system during the boot process? is it in the initramfs? 2017-01-06 16:43:44 Can one specify multiple repositories with the alpine_repo kernel argument? 2017-01-06 16:43:56 or specify alpine_repo multiple times? 2017-01-06 16:55:01 avih: libas? not libass? 2017-01-06 16:55:09 skrzyp: +s :) 2017-01-06 16:55:20 avih: comment on ffmpeg PR please, then I won't miss that 2017-01-06 16:55:27 k 2017-01-06 16:56:43 done 2017-01-06 16:57:49 thx 2017-01-06 16:58:16 what's actually with libtool there? 2017-01-06 16:58:32 i actually don't know much about that gnu autoshit 2017-01-06 16:58:50 http://www.cul.de/images/autotoolscg.jpg 2017-01-06 17:03:38 skrzyp: not my cup of tea either, but it's more recent and their release page says not to use 0.13.5, so that should be enough 2017-01-06 17:04:05 gtg, bbl 2017-01-06 17:05:06 It would be nice to have minimum version requirements for dependencies in apkbuilds 2017-01-06 17:23:08 skrzyp: it's already possible 2017-01-06 17:23:38 skrzyp: take a look on mkinitfs APKBUILD for example 2017-01-06 17:26:53 I'm still wondering why mkinitfs as alpine-only package has external patches 2017-01-06 17:27:16 http://vignette1.wikia.nocookie.net/nonsensopedia/images/7/73/Za%C5%82amany_Sznuk.jpg/revision/latest?cb=20130323225433 2017-01-06 17:57:34 hello, I am trying to connect multiple clients (busybox's microcom) to a tty (serial port). what would be the best approach to multiplex? 2017-01-06 18:04:40 skrzyp: late fixes 2017-01-06 18:05:00 skrzyp: and the packager himself did not upload a new version yet 2017-01-06 18:05:06 skrzyp: just like anything else 2017-01-06 18:06:24 ncopa, any updates on vmtoolsd segfault on 3.5 but not on edge? 2017-01-06 18:27:26 Ugh I cannot use the cache packages in the repo because they have the random signature file name before the .apk ... 2017-01-06 20:31:13 does anyone else get 'ERROR: giblib-1.2.4-r8: BAD signature 2017-01-06 20:31:15 ' 2017-01-06 20:31:41 (the scrot screenshot thing depends on this) 2017-01-07 11:47:52 Hi. I have one _old_ laptop. It has Pentium III mobile (900MHz) CPU and ATI Rage Mobility GPU with ~380MB of RAM. I could get ram to 512MB. Do I have any hopes of running Alpine on it? Specifically - does Alpine kernel require some CPU instructions that Pentium III cannot handle? 2017-01-07 11:49:11 <_ikke_> I'm not too familiar with this, but I do believe it should be possible 2017-01-07 11:51:54 I was considering Void Linux before, but it required some instructions that are present from Pentium 4 onwards. 2017-01-07 11:52:10 <_ikke_> hmm 2017-01-07 11:52:52 And askin from reddit r/linuxquerions about this Alpine Pentium III compability only resulted to people offerring me Ubuntu and RedHat/CentOS 6. I got depressed. :| 2017-01-07 11:53:56 I'd had to burn a CD to test this, since that laptop does not support usb booting. 2017-01-07 11:54:22 I meant I need to burn. 2017-01-07 11:54:29 Zuccace: you could try qemu emulating pentium3 as cpu to get some kind of idea how it might work 2017-01-07 11:54:37 (just a wild idea, never tried it) 2017-01-07 11:54:58 it works 2017-01-07 11:55:16 I mean, yes, that processor can run Alpine 2017-01-07 11:55:30 and with that memory too 2017-01-07 11:55:39 kahiru: I've actually tested that with Vector Linux. Installation to CF card (which is the hard drive of the laptop). But failed when tryin to run on actual hardware. 2017-01-07 11:55:47 TBB: Thank you. 2017-01-07 11:56:30 TBB: Ive searched for this answer for about a week now. It seems IRC provides the correct answers every time. :P 2017-01-07 11:56:53 IRC is by no means infallible, but sometimes it works :) 2017-01-07 11:57:20 So. I'll try fist to install ALpine inside Qemu (to the CF card). If that fails I'll find a blank CD somewhere. 2017-01-07 12:07:16 There was some CD image that loads boot contents from USB stick. It's meant for PCs, like the laptop I have, that can't boot directly from USB. 2017-01-07 12:07:57 I guess I could use that too. But again it needs a blank CD. :P 2017-01-07 12:08:38 Well ok. I'll bring that old fart over here and start the Qemu way. 2017-01-07 12:11:21 Zuccace: i've been running Alpine on HP terminal with Transmeta Crusoe TM5* and 64M RAM (shared with graphics iirc) without issues 2017-01-07 12:27:38 scadu: Great. It seems like Alpine is the perfect fit for my laptop. :) 2017-01-07 12:30:24 Zuccace: didn't try to run X thought 2017-01-07 12:31:03 I plan to run i3 or sway as my wm. 2017-01-07 12:31:20 Zuccace: I was happy it runs IRC client and few others small program's 2017-01-07 12:31:31 programs* 2017-01-07 12:32:51 I'll see what I can get out of it. I know it can handle some web browsing. That would be ideal. 2017-01-07 16:55:28 is gpg --keyserver busted? 2017-01-07 16:56:57 use other keyservers 2017-01-07 16:57:01 if yours is not working 2017-01-07 16:57:07 http://pool.sks-keyservers.net:11371/pks/lookup?op=index&fingerprint=on&search=openpkg 2017-01-07 16:57:09 etc 2017-01-07 16:57:25 or add other servers to your keyserver mirror file 2017-01-07 17:00:21 I'm using the sks pool : gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 0527A9B7 2017-01-07 17:01:11 going to try downgrading gpg because it used to work in my previous docker builds, exact same command 2017-01-07 17:04:56 yeah it seems to work in 2.1.15 but not 2.1.17 2017-01-07 17:05:51 it doesn't seem to have the same error but there is this bug open: https://bugs.gnupg.org/gnupg/issue2889 2017-01-07 17:08:07 with --debug 1024 added to the above cmd I get: gpg: DBG: chan_3 <- ERR 167772346 No keyserver available gpg: keyserver receive failed: No keyserver available 2017-01-07 17:13:28 I'm going to go with apk add 'gnupg<2.1.17-r0' as a work around for now. I'd imagine lots of docker images, especially official ones that use gpg key signing on downloads, are failing because of this bug. i.e. high priority 2017-01-07 18:13:30 Is there any way to always identify the boot drive path and fix links for say the cache folder? I never really see the system booting as /media/usb , physical stick was booting /media/sda2 and in VirtualBox it boots as /media/sda (because of just passing the partition through as a disk) 2017-01-07 18:13:54 Is there a boot parameter that always sets the boot drive to say /media/usb or something else? 2017-01-07 18:17:07 Then again it is even a problem in the boot loader if I specify the apkovl... need some relative options... 2017-01-07 18:23:36 Would be cool if we could load the apkovl after the system boots, extract the files and run scripts etc... and also the ability to revert the system before the apkovl was loaded... 2017-01-07 18:23:57 https://hastebin.com/ujegeyemut.vbs <- 2017-01-07 18:24:12 is there someone who can help me fix openrc or the init script so it finally damn works 2017-01-07 18:24:25 because i'm sick of this and it seems to not matter to anyone else 2017-01-07 18:24:38 but i don't know what to do 2017-01-07 18:25:41 darkfader: You should be using 'rc-service 2017-01-07 18:26:18 darkfader: Although it should just work with that way too 2017-01-07 18:26:54 init scripts aren't that hard to write, I've done it before 2017-01-07 18:27:08 I don't use bacula though so it'd take some effort on my part to get familiar with it 2017-01-07 18:27:32 you can read this? 2017-01-07 18:27:47 this is bugs in the process / flagfile handling of openrc 2017-01-07 18:28:04 it doesn't work better with rc-service 2017-01-07 18:28:19 eell actually i'll re-tested that 2017-01-07 18:28:20 it's not starting because it thinks the process is already running 2017-01-07 18:28:37 oh the process is running 2017-01-07 18:28:39 did you check to see if it is actually running, and stop it if it is? 2017-01-07 18:28:48 it's not killing it when it's stopping 2017-01-07 18:28:55 ithat's what it detects 2017-01-07 18:29:02 so the verification in the start case is great 2017-01-07 18:29:06 but the stop case is shit 2017-01-07 18:29:44 many stop scripts won't stop something if it's been started externally to that script, so you should at least kill it once manually and then check to see if it can start/stop properly or not 2017-01-07 18:29:46 Other way, it started it but the script did not notice it started... its probably spawning a separate process or something 2017-01-07 18:30:09 if it still can't stop properly there's a bug 2017-01-07 18:30:12 it wasnt stopped eyternally. its a bug 2017-01-07 18:30:41 its not forking either 2017-01-07 18:30:56 or started externally 2017-01-07 18:31:15 Is the PID present when it starts? 2017-01-07 18:31:44 iirc yes 2017-01-07 18:32:15 brb 2017-01-07 19:34:06 daingun reported a problem with sshd taking forever to start (see irclogger.com/.alpine-linux/2017-01-04). i'm having the same problem in a virtual machine (where entropy is low). anyone have a workaround besides mashing the keyboard? 2017-01-07 19:37:56 using "-object rng-random,id=r1,filename=/dev/urandom" when starting qemu, but that didn't help. i'm using the fr.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-virt-3.5.0-x86_64.iso image 2017-01-07 19:41:53 fanblade - try havged - it's enough to get entropy for luks encryption booting from a cd 2017-01-07 19:44:44 BitL0G1c: thanks, i did try that (as daingun did) and although it starts before sshd, it does not help 2017-01-07 19:45:54 another trick - rngd -r /dev/urandom -o /dev/random 2017-01-07 19:46:26 (see rng-tools) 2017-01-07 19:46:42 there is also /etc/init.d/urandom 2017-01-07 19:50:52 fanblade - haveged may not work because /etc/conf.d/haveged is better with some actual settings - I use: HAVEGED_OPTS="-w 1024" 2017-01-07 19:55:27 haveged* 2017-01-07 20:17:43 urandom to random sounds terrible 2017-01-07 20:18:19 I don't know exactly what about it does, but it sounds weird; better to just direct a service to use urandom 2017-01-07 20:19:24 BitL0G1c: tried rngd (including with -w parameter) didn't work (may have only required 2/3 number of key mashes). tried haveged with options (-w 1024 and -w 10240), didn't work either 2017-01-07 20:19:38 made sure they both started before sshd 2017-01-07 20:19:59 I'm looking at /etc/init.d/urandom now 2017-01-07 20:20:44 fanblade: one thing you could do is check whether your virtualisation platform supports rng passthrough in any way. could be a CPU option that enables hardware rng passthrough or something else 2017-01-07 20:21:38 TBB: i tried the qemu option listed above? 2017-01-07 20:22:03 Now I see in logs: random: rngd: uninitialized urandom read (4 bytes read, 76 bits of entropy available) 2017-01-07 20:22:29 so maybe rngd is failing because urandom is uninitialized 2017-01-07 20:24:34 ah, nevermind, of course it is uninitialized, that is why sshd is not starting... until it is initialized :-) 2017-01-07 20:26:23 skazz_: thanks for your help, I found it's not creating a pidfile, or actually anything at all, under /var when it starts 2017-01-07 20:26:51 question stays how to fix it, and i think that is summed up in this line: 2017-01-07 20:26:55 * /etc/init.d/bacula-sd uses runscript, please convert to openrc-run. 2017-01-07 20:27:19 it seems those init scripts are simply outdated 2017-01-07 20:27:44 aren't those two exactly the same, as in one being a symlink to the other by now 2017-01-07 20:27:54 (not at an Alpine machine right now) 2017-01-07 20:27:55 then why does it give a message 2017-01-07 20:27:56 :) 2017-01-07 20:28:06 might be 2017-01-07 20:28:08 i'll check 2017-01-07 20:28:36 runscript was something reserved by some package in Debian IIRC so it was renamed openrc-run 2017-01-07 20:30:00 different inode but same size and date and md5 2017-01-07 20:30:01 :) 2017-01-07 20:30:33 so first patch would be to call the other version of the same thing to get rid of the useless message 2017-01-07 20:30:49 and then ignore that one should review all of them 2017-01-07 20:35:30 Hello. I just tried out the 3.5 release and I'm having trouble using openssl with the lbu commit system. Has anyone else had trouble with it? 2017-01-07 20:40:34 fanblade - I was getting "uninitialized urandom read" recently with openvswitch - is fixed with a current kernel 2017-01-07 20:42:11 rawf - alpine prefers libressl 2017-01-07 20:42:56 BitL0G1c: It seems that the encryption feature with the lbu system still requires openssl 2017-01-07 20:44:58 which renders if unusable from what I can tell. 2017-01-07 20:49:07 rawf - libressl s/be a drop in replacement https://pkgs.alpinelinux.org/contents?branch=v3.5&name=libressl&arch=x86_64&repo=main 2017-01-07 20:50:09 BitL0G1c: running "4.4.39-2-virtgrsec #3-Alpine SMP Thu Dec 22 09:38:45 GMT 2016 x86_64", no new kernels with apk update/upgrade 2017-01-07 20:50:46 I'm on the same kernel 2017-01-07 20:51:11 I start urandom in sysinit 2017-01-07 20:51:19 & haveged @ boot 2017-01-07 20:51:36 fanblade ^ 2017-01-07 21:03:14 BitL0G1c: i changed mine to match yours with rc-update, still the same amount of keypresses (about 80 to 100) across three keyboard rows before sshd starts 2017-01-07 21:04:05 BitL0G1c: Alpine linux is still expecting the openssl package to be installed when trying to load an encrypted LBU. 2017-01-07 21:05:06 BitL0G1c: do you have a local vm, or cloud hosted? 2017-01-07 21:07:03 BitL0G1c: i have local vm, maybe it is due to lack of network activity, whereas in the cloud there is always background noise 2017-01-07 21:08:41 even though the libressl APK is available, it seems that alpine linux still is searching for the openssl APK when trying to decrypt an apkovl. 2017-01-07 21:16:15 if i hammer the vm with ssh connection attempts, the random pool is initialized in 30 seconds instead of 300 2017-01-07 21:25:49 moving the urandom from 'sysinit' back to the default of 'boot' did not change the time 2017-01-07 21:26:28 removing the haveged service seemed to shave two seconds off the time, down to 28 seconds 2017-01-07 21:30:44 using the 'virtio' nic instead of 'e1000' added another 22 seconds to boot time. so maybe simulated pci interrupts are a good thing. 2017-01-07 21:41:39 rawf: i'm not even sure that network traffic counts in 2017-01-07 21:41:52 on freebsd you used to be able to pick the irq's for seeding that helped a lot 2017-01-07 22:03:15 using virtio for both nic and disk, and adding "dd if=/dev/vda of=/dev/null bs=4k" to line 23 of /etc/init.d/urandom, total boot time is now 5 seconds :-) 2017-01-07 22:03:36 (with no external network activity) 2017-01-07 22:34:36 i guess that could be simplified to "dd if=/dev/root of=/dev/null bs=4k" to work with any root disk 2017-01-07 22:47:11 fanblade: that will gen. roughly the same entropy on each boot though (i myself would not care, just a headsup) 2017-01-07 23:05:54 darkfader: ya, it's just for a local test vm. i'm hoping the production vm's will boot quickly because of the background packet interrupts. 2017-01-08 00:26:01 just to confirm, the default install boots in three seconds on a cloud vm and around 300 seconds in a local qemu instance, with or without haveged, urandom, or rngd services 2017-01-08 01:10:16 fanblade: are you setting -enable-kvm in your local qemu script? 2017-01-08 01:10:58 that's the usual cause of garbage qemu performance in my experience 2017-01-08 01:11:36 heliocat: yes, i also tried "-machine accel=kvm" 2017-01-08 01:11:59 i think it's running at native speed 2017-01-08 01:13:05 when i added "dd if=/dev/root of=/dev/null bs=4k" to line 23 of /etc/init.d/urandom, it booted in 4.5 seconds instead of 300 2017-01-08 01:14:53 fanblade - see https://hastebin.com/ubipanokiw.swift - this got my boot delay down to 1 second (on a cloud server runing from ceph volumes) 2017-01-08 01:15:25 needs rng-tools installed only (no service) 2017-01-08 01:15:37 hm 2017-01-08 01:15:58 why are you dding your entire disk into /dev/null? 2017-01-08 01:16:49 this particular machine runs off a ceph volume - it simulates disk activity for haveged 2017-01-08 01:17:29 ah, yes 2017-01-08 01:17:42 & has reduced boot time from 5 minutes to a few seconds (ovsdb-server needs entropy) 2017-01-08 01:17:45 gitcha, it's the urandom script being lame 2017-01-08 01:18:04 why not save your entropy on shutdown and read it back in on start? 2017-01-08 01:20:16 good point - editing urandom again 2017-01-08 01:20:26 (my alpine system is currently somewhat dysfunctional, and I haven't looked at these scripts too closely in a while) 2017-01-08 01:20:57 heliocat, how do you do that? Writing to /dev/urandom does not increase its entropy. 2017-01-08 01:21:58 writing to the random devices is the standard way of doing userspace re-seeding of the entropy pool 2017-01-08 01:22:39 "Writing to /dev/random or /dev/urandom will update the entropy pool with the data written, but this will not result in a higher entropy count. This means that it will impact the contents read from both files, but it will not make reads from /dev/random faster." 2017-01-08 01:23:59 first, that's talking about /dev/random, not /dev/urandom 2017-01-08 01:24:51 so writing to urandom will restore entropy? 2017-01-08 01:25:38 yes-and-no 2017-01-08 01:26:05 both random devices are CSPRNGs 2017-01-08 01:26:29 which are seeded via some value and also track a nebulous thing called "entropy" 2017-01-08 01:27:02 there's no way to directly impact the entropy value 2017-01-08 01:27:08 starting haveged first & simulating disk reads in urandom works best for me - boot time down from 4-5 mins to 1 second 2017-01-08 01:27:09 specifically, will it initialize the pool so that sshd can start? 2017-01-08 01:27:26 (catting a bunch of files, banging on the keyboard, etc will have a side effect of doing entropy stuff) 2017-01-08 01:28:08 the only difference between random and urandom is that random blocks when the (nebulously defined) entropy pool is too low 2017-01-08 01:28:10 catting them to /dev/urandom or /dev/null? 2017-01-08 01:28:14 or, I should say, "too low" 2017-01-08 01:28:22 to /dev/null 2017-01-08 01:28:36 or, really, to wherever 2017-01-08 01:28:47 ok, well that's basically what i'm doing with the dd when of=/dev/null 2017-01-08 01:28:48 but you probably don't want to seed /dev/urandom with the contents of your disk 2017-01-08 01:28:51 since that's not random 2017-01-08 01:29:16 you're doing "random stuff" and the kernel siphons some of that off to increase the entropy pool 2017-01-08 01:29:27 there's a lot of articles about this 2017-01-08 01:29:30 just for a test vm. in production, this problem doesn't exist i think because of the background network packet interrupts 2017-01-08 01:29:34 no 2017-01-08 01:30:02 it's because there's something dumb happening, either with /dev/urandom or the sshd init script 2017-01-08 01:30:30 which is either causing /dev/urandom to have blocking behavior while the entropy pool is too low 2017-01-08 01:30:37 or is causing sshd to read from /dev/random 2017-01-08 01:30:44 right, that's why this problem only appeared with alpine3.5 (according to daingun) 2017-01-08 01:30:58 your dd is refilling _both_ entropy pools 2017-01-08 01:31:14 well, that's a lie, it's refilling the one entropy pool that they both feed from 2017-01-08 01:31:34 my guess is that the sshd config is wrong and reading from the wrong thing 2017-01-08 01:31:38 unless you're generating new keys on startup 2017-01-08 01:31:40 with is also wrong 2017-01-08 01:31:54 it's a default install, i'm not changing anything 2017-01-08 01:31:56 (key generation is pretty much the only thing that should read from /dev/random) 2017-01-08 01:32:02 not saying it's your fault :) 2017-01-08 01:32:27 if you've got some time, you should read http://www.2uo.de/myths-about-urandom/ 2017-01-08 01:32:28 tinyssh will probably start faster than sshd - I use it in lxc 2017-01-08 01:32:35 ACTION shrugs 2017-01-08 01:32:59 I've used openssh on impressively underpowered systems and it starts up just fine in almost no time 2017-01-08 01:33:28 exactly! which is why i'm pointing out the issue :-) 2017-01-08 01:34:58 fair enough! 2017-01-08 01:35:23 but yeah, urandom should be reseeded on boot and should never block 2017-01-08 01:35:59 (also, dding your entire disk for the entropy isn't a great idea on its own because it'll guarantee that your entropy pool looks almost identical this boot as it did last boot) 2017-01-08 01:36:08 the urandom service is successfully starting, but the pool isn't initialized 2017-01-08 01:36:19 urandom isn't a service 2017-01-08 01:36:42 it's a script to jam your saved random seed back into the device 2017-01-08 01:36:45 nothing more, nothing less 2017-01-08 01:37:20 like I said, the entropy pool is expected to be zero at boot 2017-01-08 01:37:28 urandom doesn't care about that 2017-01-08 01:37:33 the script completes successfully, but the nonblocking pool is not initialized 2017-01-08 01:38:00 that's nuts 2017-01-08 01:38:05 exactly 2017-01-08 01:38:11 unless there's something really broken in kernel-land that should be impossible 2017-01-08 01:38:33 I still think that openssh has been misconfigured to read from the blocking device 2017-01-08 01:38:42 urandom now blocks - "random: ovsdb-server: uninitialized urandom read" 2017-01-08 01:39:56 BitL0G1c, is it blocking at that point in the log, or is that just a notice from the kernel? 2017-01-08 01:40:21 it was blocking for 4-5 minutes on bootup 2017-01-08 01:40:32 the unitialized urandom read means that you haven't poked a seed back in 2017-01-08 01:40:52 a seed is generated on shutdown 2017-01-08 01:41:11 & bootup 2017-01-08 01:41:11 right, and it then it continues when the nonblocking pool is initialized 2017-01-08 01:41:18 sure, but if something tries to read from /dev/urandom before the script runs on boot to put it back in, you'll get that 2017-01-08 01:41:28 it still shouldn't block 2017-01-08 01:41:36 it should just give back impressively non-random data 2017-01-08 01:41:41 now I'm running haveged & urandom in sysinit 2017-01-08 01:41:51 ovsdb-server starts @ boot 2017-01-08 01:41:55 why does sshd start only after the NONBLOCKING pool is initialized? that doesnt't sound very nonblocking! 2017-01-08 01:42:23 you know what it means by non-blocking, right? 2017-01-08 01:42:42 it returns non-random data immediately? 2017-01-08 01:42:45 it means that reads will always succeed 2017-01-08 01:42:50 and stuff will come back 2017-01-08 01:43:02 you still need to seed the random device 2017-01-08 01:43:02 right, but that is not what is happening 2017-01-08 01:43:25 hence my comment about it sounding like it's reading from the wrong random device 2017-01-08 01:43:28 Ok, so it is only non-blocking after initialization? 2017-01-08 01:43:34 urandom does mixing of previous data when it's out of material 2017-01-08 01:43:49 but when there's no previous data... 2017-01-08 01:43:52 afaik it's predicably random before initialization 2017-01-08 01:44:07 and computationally secure afterwards 2017-01-08 01:44:32 that would be fine, except sshd is not starting until the "nonblocking pool" is initialized 2017-01-08 01:44:33 (the seed is zero, or some similarly deterministic thing on boot, and then re-seeded once /etc/init/urandom is run) 2017-01-08 01:44:42 well, sshd reads from both 2017-01-08 01:45:08 er, opens both for reading 2017-01-08 01:45:34 if it does an actual read on /dev/random before the entropy pool is large enough for the kernel to allow the read, it'll look like this 2017-01-08 01:46:19 that's a possibility, I've seen code that reads a little from random and lots from urandom 2017-01-08 01:46:26 that's my guess 2017-01-08 01:46:28 which frankly doesn't make any sense 2017-01-08 01:46:32 yeah, I know 2017-01-08 01:46:53 could be on some other systems it's the right thing to do, even, but not on Linux 2017-01-08 01:47:01 again, the only time anything in ssh land should care about the blocking device is for initial key generation 2017-01-08 01:47:17 fwiw, the BSD's don't have a blocking random 2017-01-08 01:47:43 their /dev/random starts in blockingmode until enough entropy is gathered, and then it switches to non-blocking mode until the system is rebooted 2017-01-08 01:48:00 over there, /dev/random and /dev/urandom are identical about two minutes after boot 2017-01-08 01:48:19 the linux dual behavior is a misfeature from the dawn of time 2017-01-08 01:48:24 (or, really, 1992) 2017-01-08 01:49:02 fanblade: I assume sshd in this case is openssh? 2017-01-08 01:50:40 heliocat: yes. i just straced it and it's only opening /dev/urandom 2017-01-08 01:51:01 oh wait, hold on a sec 2017-01-08 01:51:49 on my debian system here it's only opening /dev/urandom 2017-01-08 01:52:07 sadly, I don't have a functional alpine system right now to double-check on 2017-01-08 01:52:56 getrandom syscall 2017-01-08 01:53:22 do you know what flags getrandom is being passed? 2017-01-08 01:54:22 length=40, flags=0 2017-01-08 01:55:06 so should be nonblocking? 2017-01-08 01:58:08 [pid 1902] getrandom("\35765--+\344B\313\211ni>q\351\22\v\306\2\23\205\260a\\\332\257\232\376\"\320\236\220"..., 40, 0) = 40 2017-01-08 02:10:31 should be non-blocking according to getrandom(2) 2017-01-08 02:10:46 ah! 2017-01-08 02:10:47 haha 2017-01-08 02:10:48 yes 2017-01-08 02:11:00 getrandom(2) blocks against urandom if you haven't initialized urandom yet 2017-01-08 02:11:07 If the urandom source has not yet been initialized, then getrandom() will block, 2017-01-08 02:11:10 unless GRND_NONBLOCK is specified in flags. 2017-01-08 02:11:13 that's your problem 2017-01-08 02:13:17 heliocat, what version of openssh are you running on debian? this is 7.4 2017-01-08 02:14:35 I patched entropy.c in openvswitch to use GRND_NONBLOCK - urandom still blocks 2017-01-08 02:15:33 7.4 2017-01-08 02:16:13 I don't know what patches are applied on either the alpine or debian side of things 2017-01-08 02:16:24 you're running sysvinit as an init, yes? 2017-01-08 02:17:07 my guess is the boot dependencies are screwed up and it's starting openssh in parallel with the urandom call 2017-01-08 02:17:14 the busybox version in the default install 2017-01-08 02:17:21 ACTION nods 2017-01-08 02:18:08 yeah, I'm guessing it's an ordering problem 2017-01-08 02:18:50 anyway, I have to run 2017-01-08 02:20:29 night 2017-01-08 02:21:34 BitL0G1c, how are you invoking the syscall? through musl? 2017-01-08 02:23:49 I patched entropy.c in the openswitch sources 2017-01-08 02:24:54 https://github.com/openvswitch/ovs/blob/master/lib/entropy.c 2017-01-08 02:25:36 to use getrandom() with GRND_NONBLOCK instead of reading /dev/urandom directly 2017-01-08 02:25:58 didn't make any difference - it still took 4-5 minutes to boot 2017-01-08 02:28:11 using 4.4.39-2-virtgrsec ? 2017-01-08 02:29:34 i can see getrandom blocking in sshd (after boot but before the pool is initialized) using strace with that kernel 2017-01-08 05:30:03 using qemu option "-device virtio-rng-pci" enables the "virtio_rng" kernel module to be loaded, which almost instantly initializes the "nonblocking entropy pool", which enables sshd to start immediately 2017-01-08 07:33:09 fanblade: This isn't specific to alpine in general, but you can init your VMs with an entropy pool 2017-01-08 07:33:51 nbastin: sort of like embedded preseed but shared among the VMs? 2017-01-08 07:34:13 Diftraku: well there's an RNGADDENTROPY ioctl specificlaly for this problem 2017-01-08 07:34:54 wonder if network is still bad to use for entropy... 2017-01-08 07:35:14 so that you can either "remember" entropy from your last boot, or "seed" entropy from a "known good" source on a first boot 2017-01-08 07:35:41 it depends on what you mean by "use"... 2017-01-08 07:35:57 doubt it is any better if you use the same preseed across multiple installs 2017-01-08 07:36:17 well right the goal here is to preseed from a host, differently each time 2017-01-08 07:36:33 using a network is bad if there's a chance it's all the same data (broadcast/mcast data, etc.) 2017-01-08 07:36:50 although, you could make the preseed generation a part of the initial installation (dd the image, mount it and preseed it) 2017-01-08 07:36:54 but if you take a long-running system and inject a fresh file into each booting vm with data from random 2017-01-08 07:37:09 then each new vm has a different entropy seed 2017-01-08 07:37:54 (which is basically what systems do on reboot - they take entropy from their old self and inject it into their new self) 2017-01-08 07:38:03 i2c or some other bus based random seed generator :3 2017-01-08 07:38:07 just, first boot obviously can't do this, so you can preseed that from the outside 2017-01-08 07:38:10 for ohysical stuff 2017-01-08 07:38:16 *physical 2017-01-08 07:38:28 FM radios work ok, generally 2017-01-08 07:38:33 (a lot of wifi chips have FM radios) 2017-01-08 07:38:48 I've read people also use air pressure from time to time 2017-01-08 07:39:07 I mean if you're going to add anything special, you can just add a good entropy source 2017-01-08 07:39:12 otherwise you have to use what you already have 2017-01-08 07:39:16 and even the pc speaker for some wave inout 2017-01-08 07:39:40 yeah I mean a pieze sensor (like the speaker) for static, sortof the same as the FM radio trick 2017-01-08 07:39:48 true, but sometimes you're stuck with hardware without proper entropy sources 2017-01-08 07:39:51 they are exploitable, but less than say the network 2017-01-08 07:39:57 yup 2017-01-08 07:40:21 but if you're running VMs, just *inserting* entropy is the best, from the hsot random source 2017-01-08 07:40:45 as it has a CSPRNG that is working for you 2017-01-08 07:40:49 yup, having physical hw out there makes it a bit more interesting 2017-01-08 07:41:09 like when you generate ssh keys 2017-01-08 07:41:35 I mean I would still do that on a system with known-good random pool 2017-01-08 07:41:51 and inject them into PXE, etc. for each individual system 2017-01-08 07:42:23 (you can do the same for a random seed in general) 2017-01-08 07:42:33 wonder how long a known good preseed of random would last between reboots 2017-01-08 07:42:48 well you don't preseed random with values, you preseed it with entropy 2017-01-08 07:42:49 like preseed from known good source once and then put it iut 2017-01-08 07:42:52 and then you're cooking 2017-01-08 07:43:12 the only place you have this "problem" is on initialzation of a fresh system 2017-01-08 07:43:48 yup, you can end up with so similar systems that each initialization is identical to eachother 2017-01-08 07:43:49 once its' rolling you won't need to keep touching it 2017-01-08 07:44:05 well but that's the point of preseeding with a file that is different per install 2017-01-08 07:44:23 the input to RNGADDENTROPY is unique per install 2017-01-08 07:44:46 then you're not dealing with identical images and thus identical entropy pools 2017-01-08 07:45:25 would probably not want to personalize each image but instead do it when the image is installed on the system initially 2017-01-08 07:45:57 well right we seed them for hardware using PXE, and for VMs using cloudinit or whatever the OS provides 2017-01-08 07:47:07 bit different since we use plain old dd: a bootable "flasher" stick that unpacks the upgrade image and dd's it to the specific drive on the PCI tree 2017-01-08 07:47:33 one good thing of having more or less homogenous hardware 2017-01-08 07:47:40 I mean you could write a *really big* file of "entropy" once and then have the installer select a small random piece of it 2017-01-08 07:47:58 that random piece doesn't have to be that random 2017-01-08 07:47:59 that could work as well 2017-01-08 07:48:01 for it to be "different" 2017-01-08 07:48:17 (so you don't need random to work before you're adding entropy. :-)) 2017-01-08 07:48:25 and you don't care about random, just different 2017-01-08 07:48:27 hehe 2017-01-08 07:49:11 if your systems were known hardware, you could base it on things you knew about interface MACs, etc. 2017-01-08 07:49:32 (e.g. we know the high 24 bits are vendor X, and the low 24 bits are always different, since that's required) 2017-01-08 07:49:43 so if we have 24-bits worth of entropy "slots" in this file 2017-01-08 07:49:45 but isn't that considered bad, see d-link and WPS pins :3 2017-01-08 07:49:48 we just use the mac to read our slot 2017-01-08 07:50:10 the MACs are still different 2017-01-08 07:50:21 (the *actual* macs) 2017-01-08 07:50:44 I mean if you get systems with lots of different NIC vendors, then the low 24-bits might be the same, since the OUI is different 2017-01-08 07:50:50 so you have to know your parameters 2017-01-08 07:51:17 but if you "know" they're the same mass-produced system for some off-the-truck data center 2017-01-08 07:51:24 then you can rely on the low-24 bits of the MAC being unique 2017-01-08 07:52:03 for this particular manufacturer, MACs are derived from the board serial 2017-01-08 07:52:12 PC Engines 2017-01-08 07:52:20 I mean it doesn't matter, so long as you can write a file that contains enough "slots" 2017-01-08 07:52:47 so if you need say 1024 bits of entropy to seed the pool 2017-01-08 07:53:58 for a single OUI you only need 16 megabytes of source file 2017-01-08 07:54:08 (if I did the math right at 3am...) 2017-01-08 07:54:11 but it's not a big number 2017-01-08 07:54:25 sure most of that file will never get used 2017-01-08 07:54:41 but each system will have a unique lower-24bit MAC 2017-01-08 07:54:53 and just reads the 1024 bits from the file starting at that slot location 2017-01-08 07:55:14 (e.g. assume a "slot" is 1024 bits, I'm reading the slot) 2017-01-08 07:55:27 it's a matter of random enough, not "is this secure random" 2017-01-08 07:55:52 this would even be "secure" random, except for the fact that a truly malicious actor has potentially access to the entire seed pool.. :-) 2017-01-08 07:56:07 (since each system has the whole file) 2017-01-08 07:56:50 eh, could redo the file every now and then so it doesn't really matter and depends on date of installation at that point 2017-01-08 07:57:01 sure 2017-01-08 07:57:23 but I mean this is basically the same as our PXE server generating the random seed 2017-01-08 07:57:29 you just generated a lot ahead of time 2017-01-08 07:59:00 if you trust the install process you could even just run a service on the network that doled out entropy files on request 2017-01-08 08:02:27 huh those pcengines boards are sortof neat 2017-01-08 08:02:32 (using the googles.. :-)) 2017-01-08 08:02:45 is very nice 2017-01-08 08:02:57 APU2 are even more nice with intel nics 2017-01-08 08:03:07 yeah we require intel nics, so that would be good 2017-01-08 08:03:10 we use jetways now 2017-01-08 08:03:16 switching up to 960mbps 2017-01-08 08:03:33 NAT performance was a bit less due to no hw nat 2017-01-08 08:03:40 yeah we have drivers for the intels to allow for high performance switching without going through the normal kernel stack 2017-01-08 08:04:49 right now we use http://jetwaycomputer.com/JBC311U93.html for tiny router/function-insertion things 2017-01-08 08:04:53 which seems like what these might be good for 2017-01-08 08:05:19 I'd have to test that CPU 2017-01-08 08:06:32 the built-in DRAM is sortof annoying, but not a deal breaker 2017-01-08 08:14:53 also no video out, APU had it on the schematics but never saw one with the option installed 2017-01-08 08:16:13 well that's better from my perspective.. :-) 2017-01-08 08:16:19 the jetway has a bunch of ports I'd rather it didn't 2017-01-08 08:19:10 hehe 2017-01-08 08:19:43 optimally I'd love to have something like this with a C2558 2017-01-08 08:19:46 but no one seems to make that 2017-01-08 08:20:05 (it would have quickassist then, for hw accelerated ipsec tunnels and such) 2017-01-08 08:56:58 \2 2017-01-08 13:08:19 How can I search by binary? I'm trying to find the package which contains execstack 2017-01-08 13:15:00 Chloe: https://pkgs.alpinelinux.org/contents 2017-01-08 13:15:33 doesn't seem that it exists :/ 2017-01-08 13:15:52 is there any other way to make a binary's stack executable on alpine? 2017-01-08 13:21:06 paxctl? 2017-01-08 13:22:19 cant see anything in the manpage to do this 2017-01-08 13:56:59 Can anyone guess the space requirement for basic x86 Alpine + x11 + i3wm or possibly waylan + sway? I just found that I have a faster 4GB CF card and slower 16GB. I could later mount that 16GB (on a slow PCMCIA bus) somewhere to store say package files and maybe /var and /home. 2017-01-08 14:14:13 Zuccace: hm 2017-01-08 14:14:25 vault% df -h / 2017-01-08 14:14:28 Filesystem Size Used Available Use% Mounted on 2017-01-08 14:14:30 /dev/dm-0 111.7G 5.1G 106.7G 5% / 2017-01-08 14:15:03 Zuccace: I'd say 4GB is doable 2017-01-08 14:25:51 Zuccace: alpine + x11 + i3m is likely under 1G, idk the other pieces and the browser 2017-01-08 14:26:53 how much ram do you have? 2017-01-08 14:27:15 if it's a lot you could (i never did for desktop, and rarely at all) use lbu mode and run from ram 2017-01-08 14:30:00 darkfader: ~380MB, but I could potentially get it to 512MB. 2017-01-08 14:30:44 I rather not run the system from RAM. 2017-01-08 14:30:54 yeah that would not work out i think :) 2017-01-08 14:33:29 I've run TinyCore on it sometimes. It kind of worked. 2017-01-08 14:34:10 Now it has Fedora with xfce. It's slow. And Midori crashes maybe because of illegal instruction. 2017-01-08 14:34:33 So I think Fedora offically needs something newer than Pentium 3. 2017-01-08 14:35:09 I kind of like this "challenge" to revive this old laptop. :) 2017-01-08 14:50:30 Zuccace: ++ I also got an old one that should be revived at some point 2017-01-08 14:53:36 darkfader: Nice. :) I've came to a conclusion, that if you want ton run modern Os on x86 hardware that's from before Pentium 3, you have very few choices nowdays. I've narroved them to Alpine, FreeBSD and Gentoo. 2017-01-08 14:54:45 For example Void Linux wan'ts P4 or newer. CentOS 7 no longer supports 32 at all, I think. 2017-01-08 14:55:47 Zuccace: out of pure interest, wouldn't it be more cost effective to get a cheap $200 laptop and be done with it much quicker (and possibly cheaper too, assuming time is money)? 2017-01-08 14:57:05 (i do understand the challenge of course, but you probably effectively pay money to engage in it) 2017-01-08 14:57:37 avih: gotta keep your brain functioning 2017-01-08 14:58:41 darkfader: more than one way to skin a cat 2017-01-08 15:00:49 darkfader: but i wasn't trolling. i think sometimes people think they could save few bucks by reviving an old system, but the time they put into this revival could be worth way more than what was saved 2017-01-08 15:01:17 hence i was asking rather than saying 2017-01-08 15:01:39 yeah i also didn't mean that in a negative way 2017-01-08 16:32:34 avih: I have a better laptop. This project is just for fun/hobby/challenge -thing on mine. :) 2017-01-08 16:34:13 And I have four CF cards lying around, so... Nothing (but time maybe) to lose. 2017-01-08 18:09:10 This apk has coffee making abilities. 2017-01-08 18:09:12 :3 2017-01-08 18:28:56 ncopa, vmtoolsd doesnt crash anymore on 3.5 but it doesnt listen to a graceful shutdown from esxi, its like nothing happened, making an esxi shutdown will hang the shutdown while it waits for alpine to shutdown gracefully but it never does 2017-01-08 18:31:55 does anyone else get 'ERROR: giblib-1.2.4-r8: BAD signature' ? 2017-01-08 18:32:11 after apk add giblib 2017-01-08 20:10:01 Zuccace: what laptop are you reviving? 2017-01-08 21:23:33 rawf: Compaq Armada E500. 2017-01-08 21:53:25 whats the difference between apk add --upgrade busybox and apk add busybox ? 2017-01-08 21:53:44 both will upgrade if the package exist, don't? 2017-01-08 23:44:41 Zuccace: I got Debian / X11 / surf running on a Pentium II 2017-01-08 23:46:42 (Debian 7) 2017-01-08 23:46:57 Toshiba Satellite 4000 CDT, max'd RAM at 160 MB 2017-01-08 23:47:01 vectr0n: just a quick question, does that alpine instance have acpid installed and running? 2017-01-08 23:47:20 good question, sec 2017-01-08 23:51:54 yup its running 2017-01-09 00:09:28 I deleted /etc/apk/keys/* - how can I reinstall apk-keys to fix apk? 2017-01-09 00:21:44 --allow-untrusted perhaps 2017-01-09 00:24:06 apk fix --allow-untrusted alpine-keys #did thee trick 2017-01-09 00:24:10 thanks 2017-01-09 00:28:05 rawf: that's pretty impressive.. what window manager? 2017-01-09 00:28:15 and does it run a web browser? 2017-01-09 00:28:48 it can run a browser, but Firefox especially is a bit too much for a computer like that, probably all Chrome variants too 2017-01-09 00:29:07 yeah, webkit'd be out 2017-01-09 00:29:39 I have a Pentium M with 2 GB of RAM from 2004, the only browser that properly runs on that is links 2017-01-09 00:29:47 lol 2017-01-09 00:30:40 I use lynx anyway.. 2017-01-09 00:30:53 but let's see some more Javascript frameworks and in a couple of years you won't browse without 16 GB ... 2017-01-09 00:30:57 it opens videos in mplayer and images in feh or fbi 2017-01-09 00:32:37 lynx is a pretty good browser if you set it up well. 2017-01-09 00:32:48 except the lic.. 2017-01-09 00:35:23 grugly: I used dwm and surf (a webkit browser) 2017-01-09 00:35:52 what's your ram usage like with surf running? 2017-01-09 00:36:02 does the computer still respond well? 2017-01-09 00:36:02 swap 2017-01-09 00:36:28 wikipedia pages rendered / scrolled smoothly 2017-01-09 00:36:51 but. ram was max'd and swap was necessary. 2017-01-09 00:37:10 and other websites ran out of memory. 2017-01-09 00:37:19 in uzbl on this quadcore with 8gb ram, pages render slowly and scroll terrible 2017-01-09 00:37:47 oh. I had to stop my project because a fan was out and the internal temperature was 85 C and rising. 2017-01-09 00:38:58 I've been testing out the 3.5 alpine release and have had nothing but problems. 2017-01-09 00:39:27 For instance, after setting up udev on a fresh install I reboot into a blank screen after "Loading hardware" 2017-01-09 00:43:06 I think linux in general is currently sufferring from too many users and not enough devs.. 2017-01-09 00:43:32 Linux is practically commercial software now 2017-01-09 00:43:43 yeah 2017-01-09 00:43:53 the kernel has bloated out a fair bit.. 2017-01-09 00:44:06 and ARM support in an intel port of unix is a bit weird 2017-01-09 00:44:07 a lot of devs are being paid to work on it. nothing wrong with that as such, it just makes some things pretty painful 2017-01-09 00:44:28 like for example now having to run two kernels instead of one ;) 2017-01-09 00:44:42 what? 2017-01-09 00:44:44 lol 2017-01-09 00:44:45 (the second being lennartd) 2017-01-09 00:44:58 I don't know of lennartd 2017-01-09 00:45:01 what's this about two kernels? I've been too busy finishing college to be up to speed. 2017-01-09 00:45:12 yes you do grugly, by its other name 2017-01-09 00:45:33 systemd, that is 2017-01-09 00:45:39 ACTION shudders 2017-01-09 00:45:50 my main OS is bananian.. 2017-01-09 00:45:54 well I tried to avoid saying that, I'm sorry :) 2017-01-09 00:46:11 this laptop has systemd.. 2017-01-09 00:46:17 and pulseaudio.. 2017-01-09 00:46:21 it's dirty 2017-01-09 00:46:40 I was playing with alpine on a usb stick.. but I think I might build gentoo again.. 2017-01-09 00:46:57 get a more modern education on what's happening.. 2017-01-09 00:47:03 gentoo is a great way to learn linux 2017-01-09 00:47:40 all I've been able to use alpine for is a boot-to-ram SSH tunneler 2017-01-09 00:48:15 dropping glibc is awesome.. but it's a pretty big restricter 2017-01-09 00:48:46 I love alpine, I want it to work for me.. 2017-01-09 00:49:09 but I think it's just a bit more than I have time for to make it my desktop atm.. 2017-01-09 00:49:35 similar situation for me too 2017-01-09 00:49:52 I'm sticking with jessie (with alsa) for now 2017-01-09 00:49:53 I need to know some more about lbu, too.. 2017-01-09 00:50:10 to make a /home archive I can commit to 2017-01-09 00:50:17 lbu encryption broke in 3.5 2017-01-09 00:51:47 I tend not to encrypt locally.. 2017-01-09 00:51:54 just what I send 2017-01-09 00:52:16 phisycal security of my level of data is overkill.. unless purely for compression 2017-01-09 00:52:51 I'm not an organised person.. encryption keys get lost.. then so does all my data 2017-01-09 00:53:42 same thing for me really, I don't want to go through all the effort it would take for Alpine to become my primary desktop 2017-01-09 00:54:14 I'd like to install alpine on my vps.. I think that's where it's been developed for.. 2017-01-09 00:56:38 I thought alpine was more targetted towards headless devices 2017-01-09 00:56:48 (small headless devices) 2017-01-09 00:57:23 and that kinda thing, yeah.. 2017-01-09 00:57:47 it's had a lot of dev into containers and vm's and whatnot from what I see idling in here and reading the docs 2017-01-09 00:58:48 I'm looking for a boot to ram distro 2017-01-09 00:58:55 I have to get onto some of that real world shit that prevents me spending my time making an alpine desktop 2017-01-09 00:59:16 I really like what alpine has going on.. 2017-01-09 00:59:23 and I think the way alpine linux handles module loading and the LBU is PERFECT 2017-01-09 00:59:34 agreed 2017-01-09 00:59:41 but expanding towards a desktop environment, shit hits the fan. 2017-01-09 00:59:48 yeah 2017-01-09 00:59:55 puppylinux? 2017-01-09 01:00:02 damnsmalllinux? 2017-01-09 01:00:24 I haven't tried either.. 2017-01-09 01:01:41 I can't help but think it's best just to educate as much as I can on Alpine and make it work, submit my fixes, and we all profit.. 2017-01-09 01:04:12 the base is awesome.. and I don't think it will do it itself any time soon.. 2017-01-09 01:07:40 it has occured to me that I haven't tried running a full upgrade of alpine linux before setting up udev.. I'm going to give that a shot. 2017-01-09 01:07:51 bbiab 2017-01-09 01:09:24 let me know how you go.. I have to do some work in my shed 2017-01-09 01:10:47 no. failed. 2017-01-09 01:13:23 I'm traveling and only have one computer to use... so testing is especially painful. 2017-01-09 01:45:50 rawf: I'm going to spend the next 12mths living in a van.. I need a very minimal system to take with me to study with.. I understand :) 2017-01-09 03:28:39 hey. anyone free to help me with bridge configuration to get musl dev infrastructure back up? 2017-01-09 08:17:51 after playing with alpine, and having a deb system, I keep typing apk instead of apt :/ 2017-01-09 08:21:43 on the rare occasions i have to touch debian i often do that 2017-01-09 10:50:49 <_julius_> grugly: you can make an alias :p 2017-01-09 11:20:45 <^7heo> grugly: easy solution: do not use a deb based system. 2017-01-09 11:21:11 <^7heo> (solves multiple other problems too) 2017-01-09 11:21:49 hey 2017-01-09 11:22:11 by the way, i was trying to use alpine linux inside a virtualbox VM, but wasn't able to use the mouse/keyboard once xorg starts up. 2017-01-09 11:22:31 i used to have that problem with some of the BSDs, but i was able to solve that by installing missing xorg packages. 2017-01-09 11:22:31 <^7heo> yeah it's a know problem 2017-01-09 11:22:35 <^7heo> (at least to me) 2017-01-09 11:22:39 okeh 2017-01-09 11:22:43 any hint what to do? 2017-01-09 11:22:49 <^7heo> I don't remember what I did last time 2017-01-09 11:22:53 <^7heo> let alone if I figured it out. 2017-01-09 11:26:32 ^7heo: that's the plan.. 2017-01-09 11:26:40 before systemd it was pretty good.. 2017-01-09 11:27:29 or.. the issues weren's so on the surface 2017-01-09 11:28:23 <^7heo> yeah that's a good way to put it. 2017-01-09 11:29:02 I'll start emerging next week instead, I think.. 2017-01-09 11:29:12 sleep time now 2017-01-09 13:12:28 Anyone have any wild guesses how to get pcmcia compact flash card reader to work? :P 2017-01-09 13:12:59 I have USB2.0 adapter there too and that works. So the pcmcia itself is ok. 2017-01-09 13:13:17 I tried to modprobe pata_pcmcia, but it didn't help. 2017-01-09 13:13:41 I had this working on some distros... 2017-01-09 13:14:01 I should have looked at lsmod then... 2017-01-09 13:41:34 Dang. The last Fedora install wouldn't boot anymore. Systemd went to emergency.target but couldn't run root login program, thus resulting in an infinite loop. 2017-01-09 13:42:50 That's a common problem being not able to login when systemd is in charge. At least I have had several occasions on different machines. 2017-01-09 13:53:38 Alpine sure is much lighter than Fedora (with X off), since, apart from being much faster in _everything_, the CPU idles at 35°C rather than little over 50°C. 2017-01-09 13:57:16 yo guys 2017-01-09 13:57:59 i get a syntax error when I run pecl install apc ; do you know why? 2017-01-09 13:58:05 actually i get this: http://sprunge.us/iFga 2017-01-09 15:25:36 Sandlayth: isn't apcu prefered? php?-apcu is in the Alpine repos. apc is unmaintained :( 2017-01-09 15:26:10 from php.net: "APCu is APC stripped of opcode caching. The first APCu codebase was versioned 4.0.0, it was forked from the head of the APC master branch at the time." 2017-01-09 15:27:10 and for APC "This extension is considered unmaintained and dead" 2017-01-09 15:33:07 I wonder if it's even possible to run any wayland stuff with this ATI Rage Mobility. :P 2017-01-09 15:33:28 Well... I'll get back to it later. 2017-01-09 15:54:31 armin: I got xorg running previously 2017-01-09 15:54:51 I can't get it working in 3.5 though, because I can't get udev to work. 2017-01-09 15:55:47 I installed: udev xorg-server xf86-input-evdev xf86-input-keyboard xf86-input-mouse xf86-video-modesetting 2017-01-09 15:56:00 then a reboot was needed for the mouse/keyboard to actuall get detected 2017-01-09 16:06:43 rawf: oh, in virtualbox? 2017-01-09 16:07:09 rawf: okay, any pointers what the actual issue with udev is? 2017-01-09 16:07:26 rawf: btw, i have planned to install alpine on a notebook, just for fun. 2017-01-09 16:07:34 armin: I was testing on various laptops. 2017-01-09 16:07:38 okeh. 2017-01-09 16:08:18 I think the switch from mdev to udev is the issue 2017-01-09 16:08:24 requiring a full reboot 2017-01-09 16:52:03 ScrumpyJack: i didn't know, thanks, i'll try with apcu 2017-01-09 17:08:33 ScrumpyJack: it seems that pecl/apcu requires PHP (version >= 7.0.0-dev) 2017-01-09 17:08:45 and i need php5 :/ 2017-01-09 17:14:10 ah 2017-01-09 17:14:15 just pecl install channel://pecl.php.net/APCu-4.0.10 2017-01-09 17:14:39 install an older version 2017-01-09 17:18:50 there is php5-apcu and php7-apcu in the repos (in edge at least) 2017-01-09 17:20:01 ah? 2017-01-09 17:20:08 thx :3 2017-01-09 17:20:24 ACTION <- the lost man 2017-01-09 18:49:03 if i install i386 alpine, is it easy to install an x86_64 kernel package to have a 64-bit kernel? 2017-01-09 18:49:20 (so it can run foreign 64-bit static binaries and use full 4gb of user vm space) 2017-01-09 19:25:32 After trying for several hours to get Alpine installed in VMware Workstation--I've come up nil. I've tried this Wiki entry, too. (https://wiki.alpinelinux.org/wiki/Install_Alpine_on_VMware) still nothing. Anyone have any information that might help? 2017-01-09 19:26:59 Specifically, every time I boot the VM it says "Mounting boot media failed. initramfs emergency recovery shell launched. Type 'exit' to continue boot. sh: can't access tty; job control turned off" typing 'exit' displays the same error. 2017-01-09 19:27:24 the installer ISO is doing that? 2017-01-09 19:28:04 I thought it might be the image, so I've tried the "Standard," "Vanilla," "Extended," and "Virtual" images. 2017-01-09 19:28:11 All with the same errors. 2017-01-09 19:28:34 what type of virtual cd drive is configured? 2017-01-09 19:29:14 Not sure if this will help, but these are my settings: https://u.nya.is/sbawvp.png 2017-01-09 19:29:48 have you tried the legacy emulation option / scsi or sata bus for the cdrom? 2017-01-09 19:29:58 it may just be missing drivers in the installer for the vmware ide cdrom 2017-01-09 19:30:14 i find that unlikely but .. who knows 2017-01-09 19:30:15 I'll give that a shot now. 2017-01-09 19:30:26 when you drop into the root shell, do you see /dev/sr0 ? 2017-01-09 19:30:51 That seems to be the issue--I never make it to the root shell: https://u.nya.is/shlhpc.png (with legacy enabled) 2017-01-09 19:31:28 that appears to be a root shell 2017-01-09 19:31:36 # signifying that it is root 2017-01-09 19:32:00 o/ ncopa 2017-01-09 19:32:28 sr0 doesn't seem to be present. https://u.nya.is/zqocun.png 2017-01-09 19:33:09 try sata or scsi for the cdrom option and then check for sr0, since that would be the device node for sure in those cases 2017-01-09 19:38:23 OK, I tried both variations of SATA and SCSI individually and then with Legacy enabled (on both) just to be sure. /dev/sr0 was absent from all combinations. 2017-01-09 19:39:10 hrm 2017-01-09 19:39:15 what version of workstation? 2017-01-09 19:39:57 12.5.1 build-4542065 -- I just reinstalled directly from the VMWare website hoping that would fix the issue. 2017-01-09 19:41:06 hm 2017-01-09 19:41:29 thats really quite odd 2017-01-09 19:44:31 I think I might give VirtualBox a try just incase it just happens to be some issue with VMware. 2017-01-09 19:50:35 Running it in VirtualBox worked the first time without any issues... 2017-01-09 19:51:38 A little embarrassing--but hey, go FOSS! Thanks for all the help. 2017-01-09 20:25:39 when is alpine edge going to adopt new lts kernel? 2017-01-09 20:26:10 it gets updated quite often, that's my observation 2017-01-09 20:26:18 can't give you any specific date tho 2017-01-09 20:26:19 4.4 seems to lack support for intel video 500 added almost a year ago 2017-01-09 20:26:28 by new lts i mean 4.9 2017-01-09 20:27:56 but there are things that affect the release dates for kernels, namely the grsecurity patch 2017-01-09 20:29:01 i use vanilla 2017-01-09 20:29:05 and it doesn't seem like one for 4.9 is available yet; could be the devs have access to a non-public release of the patch tho, I don't know 2017-01-09 20:29:27 <_ikke_> TBB: iirc, they don't 2017-01-09 20:29:40 ah, ok. could be you'll get the vanilla one quicker 2017-01-09 20:30:24 _ikke_: okay. I wonder how much grsecurity would want as a donation in order to give it to Alpine 2017-01-09 20:33:22 maybe i just need to build one myself 2017-01-09 20:33:47 but i don't like bypassing package system 2017-01-09 20:34:05 do it in a package system compliant way then :) 2017-01-09 22:55:26 dalias: (or someone else) any idea where does /usr/include/bits/alltypes.h come from? I don't think i see it at musl's sources, and i try to build tcc on alpine, and while it does make useful progress, it ends with: 2017-01-09 22:55:28 In file included from /usr/include/stdio.h:22: 2017-01-09 22:55:28 /usr/include/bits/alltypes.h:6: error: ';' expected (got "va_list") 2017-01-09 22:55:59 (alpine edge) 2017-01-09 22:59:09 is it a gcc (6.3?) thingy? i don't see this file on ubuntu 16.04 for instance (with gcc 5.4) 2017-01-09 23:00:08 (answering the question of who owns this file won't necessarily get me closer, but hopefully it might) 2017-01-09 23:03:55 it's generated from alltypes.h.in in include/ and arch/*/bits/alltypes.h.in 2017-01-09 23:04:59 tcc is broken and lacks working stdarg support 2017-01-09 23:08:09 dalias: you say that as a fact? it does seem to work on windows (without any "other" implementation from gcc libs etc) and linux in general too 2017-01-09 23:09:06 it depends on using the legacy UB hacks of pointer arithmetic across objects and assuming they're in-place where they were passed on the stack 2017-01-09 23:09:30 you can make tcc work by adding -D__builtin_va_*=[legacy macros] on command line 2017-01-09 23:09:38 but it's not supported usage 2017-01-09 23:10:06 dalias: where * is start/end etc? 2017-01-09 23:10:50 yeah look at musl commit ffaaa6d230512f3a7f3d040b943517728f3dc3cf 2017-01-09 23:11:01 where they were removed 2017-01-09 23:11:10 gotcha. sec 2017-01-09 23:12:16 dalias: oh, that's fairly recent. is alpine's (edge) musl already has this change 2017-01-09 23:12:17 ? 2017-01-09 23:16:23 it's not that tcc worked with musl before 2017-01-09 23:16:34 i suspect they define __GNUC__ 3 anyway 2017-01-09 23:16:42 rather this just shows the way the macros might be defined 2017-01-09 23:17:03 btw the way tcc works on glibc is mimicing the weird glibc split between gcc compiler-provided headers and libc-provided ones 2017-01-09 23:17:07 and it provides its own stdarg.h 2017-01-09 23:17:13 but that conflicts with musl's 2017-01-09 23:17:32 yeah, i don't know if tcc worked with musl before, but it did get a lot of patches and correctnesss improvements in recent months, so i was hoping 2017-01-09 23:18:19 and i was able too work around some stuff not long ago and built and used tc on alpine to generate object files which i then linked into working executable of a hello world program 2017-01-09 23:18:25 to* 2017-01-09 23:18:33 tcc* 2017-01-09 23:19:41 (it might still be the case, i'm now trying unpatched tcc, and it fails while compiling bcheck - which i previously disabled) 2017-01-09 23:23:25 yeah, if i hard-disable bcheck at lib/Makefile, tcc completes the build but fails the first test. i think this is where i got in the past which now doesn't require further hacks (other than bcheck) and that if i'll build an object file and link i, then it would work (testing) 2017-01-09 23:29:47 can't link a file: "ld: warning: cannot find entry symbol _start; defaulting to 0000000000400078" and if i run it it gets killed. 2017-01-09 23:30:12 (after tcc -c test.c) 2017-01-09 23:30:59 and creating an executable directly with tcc segfaults. 2017-01-09 23:32:06 running directly fails too, possibly due to grsec: 2017-01-09 23:32:09 $ ./dist/bin/tcc -run ../test.c 2017-01-09 23:32:09 tcc: error: mprotect failed: did you mean to configure --with-selinux? 2017-01-09 23:32:51 i guess there are too many variables in this setup 2017-01-10 00:55:18 how do i install a self-built (remotely, no local buld dir) kernel on alpine? 2017-01-10 00:57:57 did you build a package, or do you just have the vmlinuz binary 2017-01-10 00:58:02 and your modules 2017-01-10 00:58:33 dalias: ^ 2017-01-10 00:59:29 the latter 2017-01-10 00:59:34 i have the vmlinuz and modules dir 2017-01-10 01:00:43 you can place the files in their respective locations and run the mkinitfs script, but it could be messy conflicting with the installed kernel package 2017-01-10 01:01:02 it'd be ideal if you could build your kernel with the proper APKBUILD 2017-01-10 01:01:15 or is that not an option for your setup? 2017-01-10 01:01:50 not an easy option 2017-01-10 01:01:57 there's no conflict because alpine doesn't have the same version 2017-01-10 01:02:06 whole reason for building my own is needing newer drivers in 4.9 2017-01-10 01:02:56 how do i invoke mkinitfs? 2017-01-10 01:02:59 that's what i'm missing 2017-01-10 01:02:59 you should be able to place the modules in /lib/modules/ and the kernel bin in /boot/vmlinuz 2017-01-10 01:03:04 *nod* 2017-01-10 01:03:11 i named it vmlinuz-mine 2017-01-10 01:03:24 so as to leave the packaged one there and not conflict with the name 2017-01-10 01:03:39 /etc/mkinitfs/mkinitfs.conf for stuff to add to the initramfs if you need additional drivers there 2017-01-10 01:03:43 so i want to end up with initramfs-mine 2017-01-10 01:03:54 /etc/update-extlinux.conf for bootloader-related options including choosing the right kernel image 2017-01-10 01:04:01 so you'll need update-extlinux as well 2017-01-10 01:04:03 if you're booting that way 2017-01-10 01:04:07 *nod* i know that 2017-01-10 01:04:12 okay 2017-01-10 01:04:15 it's the mkinitfs that's the problem 2017-01-10 01:04:17 how to invoke it 2017-01-10 01:04:27 mkinitfs 2017-01-10 01:04:54 don't i need to tell it the output filename? 2017-01-10 01:04:54 defaults will suffice to overwrite the existing files 2017-01-10 01:05:02 which i don't want to do 2017-01-10 01:05:10 i want the output in initramfs-mine 2017-01-10 01:05:18 mkinitfs --help does have some details on the flags it accepts 2017-01-10 01:05:19 so the package isn't clobbered and upgrading the package doesn't clobber it 2017-01-10 01:05:22 and both end up in boot menu 2017-01-10 01:05:33 it'd be -o for the output filename 2017-01-10 01:06:11 ah now it's working 2017-01-10 01:06:19 i must have botched the command beofre somehow 2017-01-10 01:06:40 its all pretty straight-forward, sounds like you had everything you needed in place already 2017-01-10 01:06:47 yeah 2017-01-10 01:07:00 backup your working image so you can revert 2017-01-10 01:07:01 gotta love how simple the alpine tooling is 2017-01-10 01:07:05 i was confused by some error i got from mkinitfs before 2017-01-10 01:07:24 grugly, i'm avoiding overwriting it at all, keeping both in boot menu 2017-01-10 01:08:57 ACTION timestamps for the "I told you so" 2017-01-10 01:09:49 haha 2017-01-10 01:14:00 wow yay i have my old alpine system from dead laptop's hdd up on my new laptop 2017-01-10 01:14:09 with no sw changes except kernel update 2017-01-10 01:14:23 that's damn impressive for a distro that's not even oriented towards desktop 2017-01-10 01:15:03 and apparently someone fixed the hideously-slow usb-2.0 usb-storage 2017-01-10 01:15:29 with new kernel my usb 2.0 hdd enclosure performs comparable to internal hdd (crappy compared to ssd, but not intolerable) 2017-01-10 06:36:23 clandmeter, how i can i remove incorrect flagging of https://pkgs.alpinelinux.org/packages?branch=edge&repo=main&name=musl ? 2017-01-10 07:59:50 is it possible to achieve completely silent boot? (nothing showing on the screen, no init messages, nothing, until X or something starts?) 2017-01-10 08:00:12 depends on various things 2017-01-10 08:00:19 but i do that for my rpi 2017-01-10 08:00:26 how to suppress init messages? 2017-01-10 08:01:10 wasn't previous version of alpine web site looking better? 2017-01-10 08:01:21 in kernel arguments: blacklist=fbcon quiet 2017-01-10 08:01:30 thanks fabled 2017-01-10 08:01:34 it works only if the console is shown via framebuffer device only 2017-01-10 08:02:07 but on rpi it's good. it's all blank (or fbsplash image only) until boot done 2017-01-10 08:02:24 alpine website: present version seems like it does not belong to this project at all, just some general site (subjective opinion) 2017-01-10 08:04:10 alpine website: still no way to donate, is 'donate' section planned? or is financing done purely via sponsors? 2017-01-10 08:06:33 we have been trying to avoid organizational overhead 2017-01-10 08:06:42 donations generally that are listed are hardware related 2017-01-10 08:06:52 individual developers might accept paypal / other donations too 2017-01-10 08:07:50 we usually value services and work donations most :) 2017-01-10 08:08:00 see https://wiki.alpinelinux.org/wiki/Alpine_Linux:Contribute 2017-01-10 08:08:31 and https://wiki.alpinelinux.org/wiki/Alpine_Linux:Developers 2017-01-10 08:19:40 so alpine distances a bit from 'money' like contribution. wouldn't it be a good way to skyrocket it to newer highs though? money covering the hardware/infrastructure costs (which is I believe in sensible scale, no bs around), and then fairly distributed to cover contributors effort, donation overhead used to move the project forward in other ways. 2017-01-10 08:22:49 there is so much potential hidden in this project, yet sadly it's still hidden. it's there, but not used fully, it just seems to be covered in wrong sheet, but the underneath is (near) perfect 2017-01-10 08:25:06 or does anyone know of anything even more on the edge of Linux/other alternatives to use computers? 2017-01-10 08:27:44 that is usable and versatile. there is such a 'stable' feeling regarding alpine, it could be the ideology behind, or the actual way it's done that seems so ... unclogged, light, just as it should be. or I am officially a wannabe-fan. 2017-01-10 08:29:03 I would even love to chat with you fabled, I just want to discuss things, even if it would seem there's no reason to, I just would. technology and life, and technology in life. 2017-01-10 08:30:56 or in here, I just fear being labeled with offtopic, as it would seem so. even if it actually is connected with alpine. 2017-01-10 08:31:51 I have so many questions 2017-01-10 08:33:34 but nobody wants to discuss 2017-01-10 08:35:34 is it ever full of life in here? does anyone actually write here? 2017-01-10 08:36:26 apweiofja, :) 2017-01-10 08:36:35 or is everyone busy with life next to it, seeing this as solved thing, watching the peace with no messages in this room. 2017-01-10 08:36:37 it's sporadic here 2017-01-10 08:36:57 I got literally few thousand ideas what to discuss 2017-01-10 08:37:44 re: donations/hw/running stuff; so far we've had sponsors to take care of that so we don't need to care. we'd rather avoid setting up charity / requiring money to run it. 2017-01-10 08:40:10 fabled: seems sporadic as well, meaning the approach, not necessarily a bad thing. but who would want to contribute in that way (money), has no way to. of course it would take a bit of an effort to set it up, create the structure of how would any donation be used, compliant legally and such. 2017-01-10 08:40:46 the problem is how to use / divide the money if there was a single place to put it? 2017-01-10 08:41:00 we don't need money to run things currently 2017-01-10 08:41:30 i don't think we'd get enough money to actually hire people 2017-01-10 08:41:45 I think it should be a single place (I could be wrong, all I write is subjective from my point of view, not truth), with transparent declaration how it's (going to be) used 2017-01-10 08:42:27 no need to hire anyone, it presumably works fine from all sides now. but what if even current state deserves more than just thank you messages. 2017-01-10 08:43:18 does paypal allow split payments easily? 2017-01-10 08:43:23 we could setup something like that 2017-01-10 08:43:38 not sure about paypal at all 2017-01-10 08:43:46 bitcoin is dead already, right? 2017-01-10 08:44:20 I would be a bit afraid to use it in fact, when it's labeled as shady thing (sadly?), and it's of course a bit unstable, and I would be worried myself about it's future. 2017-01-10 08:44:49 bitcoin is slightly unstable imho 2017-01-10 08:46:36 probably, sadly, it seems as great idea, to use what is used anyway (technology) and dismiss the papers, just being stressed hard way probably, having issues standing straight. 2017-01-10 08:47:01 not sure if there is alternative for paypal, if not, then .. well, paypal. 2017-01-10 08:48:05 all I mean is, the effort of people working on alpine already is ... unbelievable. I think there should be a reward as well, of any kind. 2017-01-10 08:50:04 understand 2017-01-10 08:50:08 if I would be allowed to start rolling my questions and discussions, please just let me know 2017-01-10 08:51:12 hi everyone 2017-01-10 08:52:18 hi dminca 2017-01-10 08:53:19 guys, why has py-scipy=0.17.0-r0 been flagged? 2017-01-10 08:55:50 how is alpine structured from 'maintainer' point of view though? who is on top? I know it's mostly distributed completely, as there are contributors with packages, but someone needs to do the final 'approval' 2017-01-10 08:56:10 apweiofja: hi 2017-01-10 08:56:44 apweiofja: we dont have any formal structure 2017-01-10 08:57:00 ncopa: hello (: 2017-01-10 08:57:07 but i suppose i am the dictator :) 2017-01-10 08:57:15 apweiofja, would patreon be better over paypal? 2017-01-10 08:57:42 ncopa: yeye, I know, I just, wanted to know, if it's just you, or few others with you and such. just informative (not spying on you of course) 2017-01-10 08:59:05 depending on what the question is about, i normally consult with fabled, clandmeter, rnalrd, jirutka 2017-01-10 08:59:10 fabled: patreon uses paypal probably and seems so ... I believe it would be the best to find the clearest/purest way for donations to be done. Not using third party services that uses another third party services and anyone donating would be in need to go to another site and sign up there and proceed through their ideology. 2017-01-10 09:00:05 apweiofja: patreon uses stripe & paypal 2017-01-10 09:00:10 you can use either to donate 2017-01-10 09:00:17 the less formal structure is rare as well in my opinion, love that on alpine so much (personally) 2017-01-10 09:00:23 (so you're not tied in to paypal as a donator) 2017-01-10 09:01:26 apweiofja: we have grown relatively fast latest years so it is a question of time when we need more formal structure and formal processes 2017-01-10 09:01:58 donating/patreon: I just personally believe it would feel so .. unofficial, lame-a-bit to use things like patreon for it. In my view, clear, as the core alpine idea (maybe, or as I see it), straight way to do the donating without anything else would be the best, alpine being standalone in a way, but that would be of course harder from many points of view. 2017-01-10 09:03:09 if completely transparent financing would be achieved, it would be another 'on the edge' mark for alpine I believe. with stable like development in the future. 2017-01-10 09:03:48 but maybe not, it just shouldn't lose that ... free kind of, not centralized feel (and actual underneath structure that really is that) 2017-01-10 09:04:09 i think paypal & etc take also their cut because they use credit cards as backing system which take their cut 2017-01-10 09:04:11 integrating donations could mess with exactly that a bit 2017-01-10 09:04:30 we have tried to avoid extra administration work 2017-01-10 09:04:41 that could be automated hard way I believe 2017-01-10 09:04:46 and there has not been any direct need for donations 2017-01-10 09:04:51 it just need to be thought of in exactly the way alpine is I think 2017-01-10 09:05:10 not 'alright, I take this crown and throne now' 2017-01-10 09:07:45 it should be afterall distributed as well, kind of like packaging is, just having the cover that is necessary, but not building another hardway structured stopped development project that is just centrally controlled. that would be sad, alpine seems so 'exactly not that', and it's the best about it. If it keeps that 'quite equal' community feel with 'someone just needs to do the final moves of course', it has a long way to run 2017-01-10 09:08:09 apweiofja: what i am mostly afraid of is the work to set up the procedure and the discussions how to divide things 2017-01-10 09:08:13 hm 2017-01-10 09:08:50 donating/financing by community itself, and others idea of mine: 2017-01-10 09:09:12 completely transparent, nobody rooted on top as well, community effort kind of 2017-01-10 09:09:25 transparently stated what's going on, how it's divided, everything, nothing in the dark corner 2017-01-10 09:09:44 clearly stating the costs for running 2017-01-10 09:10:16 contributors allowed to decide whether or not they want to be part of the financing as well (receiving) 2017-01-10 09:10:39 donations then either centrallized, meaning, to one place, from which it automatically divides into proper sections 2017-01-10 09:10:47 meaning (to contributors, to cover costs and such) 2017-01-10 09:10:51 in a fair manner 2017-01-10 09:11:07 or those who want to support alpine this way would be able to decide where the money should go 2017-01-10 09:11:58 clearly stating who gets what, how the costs (hardware, technology) are covered 2017-01-10 09:12:04 (typing slower than ever before) 2017-01-10 09:12:57 so 2017-01-10 09:13:00 how about this 2017-01-10 09:13:01 I just think it should be completely transparent. 2017-01-10 09:14:02 we have a place where all the monetary receivers can publish how they can accept donations 2017-01-10 09:14:15 eg their paypal account, bitcoin addr etc 2017-01-10 09:14:31 then you can select who you give to 2017-01-10 09:14:53 that way its not central in any way 2017-01-10 09:15:06 but it is not transparaent either 2017-01-10 09:15:18 because you are not obligated to tell how much you give to whom 2017-01-10 09:15:32 the problem with self-directed donations is that people who do vital but not very visible work always get missed in favour of people who do much more visible work 2017-01-10 09:15:47 correct 2017-01-10 09:16:35 it's not transparent at all, in my view it would be the best to have central structure for this (for donating) through which the donator can choose where it goes, but not manually required to go to this contributor's paypal address, to this one as well. I think it should be that you pick that, divide your donation from one place that would be host by alpine itself. And the results, it all would be visible, auditable. 2017-01-10 09:16:52 again, I can be anytime wrong, take my messages as my current opinions/views 2017-01-10 09:17:03 apweiofja: i think you have interesting ideas 2017-01-10 09:17:24 a few questions though 2017-01-10 09:17:33 how do you define the cost of keeping things running? 2017-01-10 09:17:47 i mean, we have scaleway that sponsor web hosting 2017-01-10 09:18:03 and other companies sponsors also hosting 2017-01-10 09:18:21 and a company hired me to work on alpine 2017-01-10 09:18:38 (was not here for the start of this conversation) 2017-01-10 09:18:48 ncopa: is there a 501c3 for alpine? 2017-01-10 09:19:01 (e.g. are they at least getting tax deducations for donated servers and such?) 2017-01-10 09:19:07 no 2017-01-10 09:19:44 I wouldn't go for classic 'we need $1000000' to run for a year, to pay developers and so on. I believe it should be modest as it is. Clearly stating what does the webhosting and hardware underneath (needed to distribute it) cost. Cost for keeping things running should be equal to just that in my view. As any of us could then provide the new version of Alpine through that. This act of human actions would be part of the second l 2017-01-10 09:20:15 I know it's sponsored now. I would state it anyway, to not be dependent on sponsors. 2017-01-10 09:21:01 how things have worked til now is 2017-01-10 09:21:05 I think the hardware/technology costs are actually quite low. which is, well, good? why waste tons of money on what can be done clearly, quite purely as the core of alpine. 2017-01-10 09:21:14 if there have been a specific need, we have asked 2017-01-10 09:21:26 I understand 2017-01-10 09:21:28 "we need a server for " 2017-01-10 09:21:35 and someone has provided that 2017-01-10 09:21:45 I just throw ideas around. 2017-01-10 09:21:47 if there's interest in this, a logical place to start is at least documenting what provided services are (not in "value", but in literal CPU, disk, and network data) 2017-01-10 09:22:33 also some of the sponsors want to be anonymous, some does not care, and some dont want be anonymous 2017-01-10 09:22:36 I just believe transparency is the way to certain degree. that could afterwards in a bit of time provide more than just good stable feeling about it. 2017-01-10 09:24:01 and could lead to dramatically accelerated development. 2017-01-10 09:24:11 not necessarily stopping at what it is now. 2017-01-10 09:24:55 sane minds should stay sane though. not covered with blanket that is actually a fog that covers the eyes. 2017-01-10 09:25:29 (is that too abstract) 2017-01-10 09:25:34 so far we have been able to avoid the paperwork around things like this and have been able to focus on technical work 2017-01-10 09:26:22 absolutely. maybe it can be done quite automatically without three years of paperwork. maybe not, maybe yes. the actual technical work could provide that in fact. 2017-01-10 09:26:54 s owhat woudl we need to get it running? 2017-01-10 09:27:41 no clue 2017-01-10 09:27:45 we'd need set up a website/webpage with the info, we'd need a paypal account or bitcoin or patreon or flattr 2017-01-10 09:27:55 we'd need software that can distribute it fairly 2017-01-10 09:28:21 we'd need software that can display what comes in and what goes out where 2017-01-10 09:28:31 so it actually is transparent 2017-01-10 09:28:40 website should provide more official like feeling I believe. that can hold more than just few information in light way for the readers/visitors. including the section for this. 2017-01-10 09:28:57 we need to solve things how can you donate anynymously 2017-01-10 09:29:18 we need discuss and come to an agreement on how to distribute it 2017-01-10 09:29:38 should eg scaleway get their cut since they contribute with hosting? 2017-01-10 09:29:52 the first thing is definitely thinking of a proper way for people to donate. paypal? other? is there better alternative that seems to be the good fellow on long run? what are the options? is there non-third-party option at all? 2017-01-10 09:29:52 should fastly get their cut for cdn? 2017-01-10 09:30:11 what do we do if someone dont want use paypal? 2017-01-10 09:30:32 a lot of questions, all can be discussed, leading to actual answers afterwards. 2017-01-10 09:30:43 do we need register a non-profit organisation? 501c3? 2017-01-10 09:30:55 (I think it reasonable to ask existing donation sources of services to ask how they would want to be integrated into any system, like cost offsets, etc.) 2017-01-10 09:31:10 before you do anything else 2017-01-10 09:32:04 who should spend time on solving the above issues? ^^^ 2017-01-10 09:32:27 should the person who does the administrative work get his/her cut too? 2017-01-10 09:32:35 that's part of the fun (hell) of doing foundation-like things 2017-01-10 09:32:58 this is the exact thing i always have wanted to avoid 2017-01-10 09:33:21 i want spend my time on hacking things 2017-01-10 09:33:36 donating / existing sponsors: I would integrate their support into the system. Person would go to the section where he can place donation/support this project. And would see that scaleway covers this amount of the hosting, and such. So the person is left if he wants to add even more to support the hardware/technology beneath, or support something else, e.g. contributor(s). if sponsors are alright with having the amount they gi 2017-01-10 09:34:00 I mean really you want to find someone who cares about this, and who wants their contribution to be this type of thing 2017-01-10 09:34:11 I care about this :D 2017-01-10 09:34:36 I'm putting energy and thought :d 2017-01-10 09:34:39 indeed, and there are people who do this stuff, do it good, and will let you do what you're most interested in 2017-01-10 09:35:00 not anyone can do this I think, if we talk about legal/financing stuff 2017-01-10 09:35:11 it's like having an accountant, there are people who do that for a living and even supposedly enjoy it - for a small fee 2017-01-10 09:35:12 fun does not belong there 2017-01-10 09:35:13 alternatively you can pay someone to do it 2017-01-10 09:35:40 (some people think this IS fun....we think technical things are fun, they're the same about organizational workings.. :-)) 2017-01-10 09:36:47 (meant it: it should be in a serious manner, fully cold, not like doing it just like whatever, that was the meaning of no fun in there) 2017-01-10 09:37:15 fun can come afterwards, if it's desired 2017-01-10 09:37:21 there's no downside to find someone who wants to contribute in this way and finds it fun (e.g. enjoyable) 2017-01-10 09:37:45 but asking existing contributors to take on responsibilities outside their actual interests is a non-starter 2017-01-10 09:38:16 im sure it will be easy to find someone who wants to this work. finding someone that want to do it that I trust is harder 2017-01-10 09:38:20 of course, that person just needs to be 100% competent with what's needed/wanted. 2017-01-10 09:38:38 yup. same thing as in membership in any club; you join for the stuff you want to do, not for getting forced to do administration 2017-01-10 09:38:41 thats part of the job: figure out what is needed/wanted 2017-01-10 09:38:58 are you guys also doing meetings on meetup, just to hang over? 2017-01-10 09:39:06 nope 2017-01-10 09:39:22 well we have an irc channel #alpne-offtopic 2017-01-10 09:39:38 ah oke :D 2017-01-10 09:40:17 what i am a bit afraid of is 2017-01-10 09:40:43 what are we talking about though? necessary paperwork behind? someone taking care of all of this? I believe as much of it should be in fact covered by the community itself, including the software, the infrastructure and everything. this 'PERSON' should just do what nobody else can, the legal stuff behind. Not putting fingers into actuall structure of it. Doing what's required by laws we live in. As an accountant. Possibly givi 2017-01-10 09:41:11 line too long there apweiofja 2017-01-10 09:41:12 we have like 5-6 different companies/organisations that contribute in some way 2017-01-10 09:41:34 TBB: it seems to fit 2017-01-10 09:42:00 apweiofja: IRC clients don't know how many chars get through, you get echoed what you type by your local client 2017-01-10 09:42:06 if we start asking them, hey we are collecting donations, would you be interested in a cut? 2017-01-10 09:42:12 what if they say yes? :) 2017-01-10 09:42:22 apweiofja: in any case, what got through ended in "Possibly givi" 2017-01-10 09:42:42 TBB: understand 2017-01-10 09:42:45 ncopa: that's why the starting point of anything is figuring out how existing constributors want to be integrated, because you want to know if that's going to cause them to take actions that are bad in the short term (stopping) 2017-01-10 09:43:02 ncopa: in my view that's wrong thinking of it 2017-01-10 09:43:14 maybe i end up collecting and redistributing to the current sponsors 2017-01-10 09:43:15 ncopa: if those who sponsors takes donations, something is wrong 2017-01-10 09:43:25 yeah 2017-01-10 09:43:32 its just a worry i have 2017-01-10 09:43:36 probaly unfounded 2017-01-10 09:43:44 they donate, let them 2017-01-10 09:43:48 others can add to that 2017-01-10 09:43:53 and support even contributors itself and such 2017-01-10 09:44:01 not just infrastracture behind, which they could as well 2017-01-10 09:44:01 it's not unreasonable to think they might want to be offset and eventualyl get out, depending on your relationship 2017-01-10 09:44:14 that's definitely something to worry about. 2017-01-10 09:44:25 I probably threw too many inputs around. 2017-01-10 09:45:00 i think its good input 2017-01-10 09:45:03 valid questions 2017-01-10 09:45:03 that's why the first step is find out how existing sponsors feel about adding more small contributors, and then make decisions based on that input 2017-01-10 09:45:07 and valid suggestions 2017-01-10 09:45:20 wouldn't it be the best advertisement for the sponsor if it would be mentioned, part of the donating system 2017-01-10 09:45:24 that it covers this amount of costs 2017-01-10 09:45:24 you can't lose hosting providers in exchange for a few $10 donations.. :-) 2017-01-10 09:45:36 of the hardware etc. (maybe not, maybe they don't want to be seen) 2017-01-10 09:45:49 nbastin: i hear you. valid points 2017-01-10 09:45:52 good pionts 2017-01-10 09:46:36 also, some of the sponsors want be low profile, if we force transparency they might get scared 2017-01-10 09:46:53 (probably not but not impossible) 2017-01-10 09:47:24 "transparency" should probably not mean "non-anonymity", but that's a larger community discussion 2017-01-10 09:47:25 I imagine sponsor the same way anyone else who donates, the sponsor just advertise itself by this action. 2017-01-10 09:47:37 the question i ask then 2017-01-10 09:47:48 why? what is the goal with taking those actions? 2017-01-10 09:48:21 ultimately long term coalescing a community group is not a bad idea, as technical contributors will always have reasons to move on 2017-01-10 09:48:30 if the sponsor has requirements before supporting it, well,.. it would be an issue to integrate donations/financing from the community. 2017-01-10 09:50:09 nbastin: i think that might be the most important reason. make it possible for any contributor to move on without alpine collapsing 2017-01-10 09:50:48 ncopa: right, I mean people get new jobs, families, personal obligations, etc. Anything to solidify things to persist past a given set of contributors is good 2017-01-10 09:50:52 ncopa: but, it adds overhead 2017-01-10 09:50:56 I imagine it being in fact motivating for the sponsors. As they could show themselves off in this alpine's financing/donations structure. But the project itself would not be necessarily dependent on them. 2017-01-10 09:51:23 apweiofja: nothing proposed here (aside from 501c3, anyhow) actually changes the benefit to sponsors though 2017-01-10 09:51:54 they could in theory already do that, so this isn't added benefit (aside from the reasonableness of seeing added stability to the underlying project) 2017-01-10 09:52:34 that's good, of course, but that's also why you start with existing sponsors and try to work with them to move to more structure 2017-01-10 09:53:38 depending on who those people are, they might even be able to help with administrative support 2017-01-10 09:53:51 *nod* 2017-01-10 09:54:21 probably yes. I just imagine the actual hardware/technology costs to be quite low in fact. Not mentioning the actual contributors creating those packages and compiling their way to earth. The actual costs to keep the project running should be in fact incredibly low, or not? It's just hosting of the website and alpine os images. 2017-01-10 09:54:38 in theory converting a sponsor to redirect their monies to administrative instead of hosting support is a really good investment, but it's not a lock that there is such a sponsor 2017-01-10 09:54:52 (I probably go too much under the skin, sorry for that) *slowly disappearing* 2017-01-10 09:55:17 apweiofja: remote-hands support of high-uptime hosting is actually sortof expensive.. :-) 2017-01-10 09:55:45 (I dunno what the SLA "guaranteed" to alpine is, but what you might actually want is expensive) 2017-01-10 09:56:06 new to me 2017-01-10 09:56:26 I just see a website with downloadable files (that someone puts there of course) 2017-01-10 09:56:47 apweiofja: but in fact what is behind that is many servers and many redundant disks, and A/C and power and rack space 2017-01-10 09:56:56 compile servers 2017-01-10 09:56:58 and the staffing to handle those things 2017-01-10 09:57:08 right, and build and test servers as well 2017-01-10 09:57:11 oh so we talk about compile servers 2017-01-10 09:57:19 they are a part of it 2017-01-10 09:57:25 if a compile/test cluster were offline for days, how bad would that be, etc. 2017-01-10 09:57:32 contributors does not do that on their devices? 2017-01-10 09:57:35 (9-5 support cheaper than 24/7 support, etc.) 2017-01-10 09:58:24 some of the infra we use today: 2017-01-10 09:59:40 dns, mail, website hosting, bugtracker hosting, master mirror, git hosting, build server (x86, x86_64, armhf, aarch64), wiki 2017-01-10 10:00:16 build servers for each stable branch we maintain 2017-01-10 10:00:29 dl-cdn.a.o 2017-01-10 10:01:20 i suppose the build server infra is the most expensive 2017-01-10 10:01:51 I'm totally spitballing here, but...quarter rack, 3 data centers...$75k a year if you bought it off the shelf with 9-5 support 2017-01-10 10:02:04 given the platforms, you might actually need more space than that 2017-01-10 10:02:21 we run most of it on alpine 2017-01-10 10:02:40 and I dunno what the data transfers are, so there might be additional costs above normal connectivity 2017-01-10 10:02:44 so its fairly efficient 2017-01-10 10:02:48 yes 2017-01-10 10:03:18 because if we would talk about actual hosting it all on the net, it would cost literally $1 in here. (99,99% uptime, unlimited disk space, ...) not sure what else is needed. As the site is in fact quite... normal site. downloadable files, and such. Could have some 'catches' though. (terms regarding the files hosted) 2017-01-10 10:03:49 apweiofja: this is the type of thing that requires bare metal, not just VPS/VM hosting for serving files 2017-01-10 10:03:56 build servers are another thing of course 2017-01-10 10:03:59 the serving of packages and web sites is actually the easy part 2017-01-10 10:04:29 then the work with backups, redundancy etc... 2017-01-10 10:04:32 apweiofja: those kinds of $1 hosting services tend to kick you off the moment you consume any actual resources 2017-01-10 10:05:07 ncopa: that's why I presume 3 sites, maybe 4 and just one platform at each, although you could virtual x86 and x86_64 at the same location of course (or even all locations) 2017-01-10 10:05:48 https://hosting.wedos.com/en/webhosting.html but as said, not sure at all how could it comply. Probably not at all. Just for fun and comparism and confirmation of your arguments. 2017-01-10 10:06:00 our aarch64 boxes are 5U each, there are probably more compact systems (although they have 144 systems in each chassis) 2017-01-10 10:06:21 but I think you're still in for 1/4 rack everywhere, with PDU/iLo/console/SAN 2017-01-10 10:06:44 so you basically compile all the time 2017-01-10 10:06:47 and then of course someone to care about it, which currently is the sponsor 2017-01-10 10:07:10 gigabyte gave us a thunder-x server, with 48 cores 2017-01-10 10:07:13 it's hard to see it not being high 5 figures 2017-01-10 10:07:29 (not including capital expenses where necessary) 2017-01-10 10:07:33 and a x-gene 2017-01-10 10:09:02 this is excluding the cost of the work 2017-01-10 10:11:49 this is crazy 2017-01-10 10:12:53 apweiofja: this is what actual resource usage costs.. :-) 2017-01-10 10:13:15 low cost providers work on assuming (like insurance companies) that most peopel don't actually use their allocation 2017-01-10 10:13:26 I imagined every contributor somehow compiling it all and that being then put on the actual project on the net. 2017-01-10 10:13:46 apweiofja: you can't guarantee consistent build environments that way 2017-01-10 10:15:08 ncopa: how long does a full platform build on one branch take? (rough estimate?) 2017-01-10 10:15:45 full build? 2017-01-10 10:15:54 I realize it's different per platform 2017-01-10 10:15:57 yes 2017-01-10 10:16:00 well like if someone changed gcc.. :-) 2017-01-10 10:16:04 worst case 2017-01-10 10:16:06 i'd guess a day or two 2017-01-10 10:16:12 3-4 days 2017-01-10 10:16:25 yeah, 48-60 hours of compute time on x86 seems about right 2017-01-10 10:16:34 we do full build every stable branch 2017-01-10 10:16:45 which means every 6 months 2017-01-10 10:17:15 we normally dont do full rebuild of edge 2017-01-10 10:18:41 still, this isn't like canonical-level of costs.. :-) 2017-01-10 10:18:48 which is a good argument for thinking about these things now 2017-01-10 10:19:28 instead of when that back of the napkin estimate is mid 6 figures a year.. 2017-01-10 10:20:40 heard about https://github.com/sabotage-linux/sabotage http://sabotage.tech ? 2017-01-10 10:22:02 I mean the underlying fact is that a sustainable project costs resources, and needs structure, eventually 2017-01-10 10:23:10 if everything wasn't so time consuming to compile, it wouldn't 2017-01-10 10:23:49 apweiofja: well, cpu consuming...fix that problem.. :-)( 2017-01-10 10:24:15 (and power, and A/C, and space, and labor...) 2017-01-10 10:24:52 either make less bloated everything, or less enormous, or get some faster cpu's. 2017-01-10 10:24:58 apweiofja: yes, i know about sabotage 2017-01-10 10:25:07 i believe i have used patches from them 2017-01-10 10:25:14 and i believe they have used patches from us too 2017-01-10 10:25:17 void linux too 2017-01-10 10:27:35 I don't understand a thing, but I can't believe GCC and all this compiling environment has to be such a massive something. GCC seems to be just rooted. Why isn't there a lightweight compiler/compiling environment yet with which you could compile Linux and all the stuff on it. 2017-01-10 10:28:11 GCC is like ... whole world. but I assume there isn't a way back. 2017-01-10 10:28:13 apweiofja: an entire distribution is a few hundred million lines of code, and probably a few dozen gigabytes of source code at least 2017-01-10 10:28:33 apweiofja: the I/O load just to feed that into the compiler is a few hours 2017-01-10 10:28:46 and it has to do actual work.. :-) 2017-01-10 10:28:57 can I post one more link? 2017-01-10 10:29:08 of course 2017-01-10 10:29:42 http://litcave.rudi.ir/ 2017-01-10 10:32:58 neatvi is the craziest 2017-01-10 10:33:04 fbpad as well kind of 2017-01-10 10:33:41 I'm confused about neatvi...vim can edit bidi files 2017-01-10 10:34:11 it's...not totally optimal, but nothing in the readme convinces neatvi is any better for a wide set of encodings 2017-01-10 10:34:25 the lightest yet enough software that I haven't found so clean elsewhere. 2017-01-10 10:34:36 it's not fully loaded at all of course 2017-01-10 10:35:48 it's for the pure seekers, with own definitions of 'pure' 2017-01-10 10:35:57 apparently.. :-) 2017-01-10 10:36:22 I mean vim common files are annoying "large" on disk, but it's pretty small footprint still in RSS 2017-01-10 10:58:50 how do I get alpine linux to use utf-8? 2017-01-10 10:58:53 in bash / tmux 2017-01-10 11:00:18 setting the proper LC_* variables and starting tmux with -u doesn't work? 2017-01-10 11:08:28 hmm seems -u works 2017-01-10 11:08:33 does alpine linux not even support locale? 2017-01-10 11:44:13 hello. After installing openrc into the minimal alpine image, how do I add all the neccessary services for boot from /etc/init.d ? 2017-01-10 11:44:38 <_ikke_> rc-update add default ? 2017-01-10 11:45:24 yes, but where can I find the list of the services I need? Stuff like devfs, proc sysfs, mount from fstab etc 2017-01-10 11:46:16 but default after intsalling openrc there are no services 2017-01-10 11:46:59 <_ikke_> https://paste.fedoraproject.org/524991/40488131/ 2017-01-10 11:47:10 <_ikke_> This is what's enabled for me 2017-01-10 11:51:07 thanks, I'll try it 2017-01-10 11:51:13 is it from initramfs? 2017-01-10 11:54:27 that list can also be found from the Alpine document about installing in a chroot 2017-01-10 11:55:21 https://wiki.alpinelinux.org/wiki/Installing_Alpine_Linux_in_a_chroot - that one 2017-01-10 11:55:52 oh great, thanks 2017-01-10 11:55:59 that's exactly what I was looking for 2017-01-10 11:56:33 unsurprisingly it's in my bookmarks, I need it quite often as I only install Alpine that way 2017-01-10 11:56:36 <^7heo> if you want to install alpine in a chroot, there's simpler and better: https://github.com/jirutka/alpine-chroot-install 2017-01-10 11:58:17 installling alpine in chroot should be easier now with the rootfs image 2017-01-10 12:01:21 I don't know if I asked this earlier... since an apk is basically cat tar1 tar2 > tar3, I'm wondering how I can extract those tars instead of all the files in both 2017-01-10 12:01:33 <^7heo> ncopa: simpler than with the script from jirutka? 2017-01-10 12:02:02 it's probably as simple as a correct switch but I'll admit I'm n00b enough to never have restored stuff from tapes 2017-01-10 12:02:16 ^7heo: meaning that jirutkas script probably can be simplified 2017-01-10 12:02:33 <^7heo> ah 2017-01-10 12:02:39 <^7heo> yeah, well 2017-01-10 12:02:45 TBB: how do you mean? 2017-01-10 12:02:55 <^7heo> I'd rather have it work with older versions than it being oversimplified :) 2017-01-10 12:03:04 gzsplit.c http://sprunge.us/KHEK 2017-01-10 12:03:18 resign.sh http://sprunge.us/MVeY 2017-01-10 12:04:23 we used that to resign aarch64 packages after losing one of our private keys 2017-01-10 12:04:49 ncopa: I have this ... need to re-sign packages 2017-01-10 12:05:45 ncopa: so far I've figured out I need to regenerate, was it, control.tar, contents but I'd much rather just use the original data tar instead of extraction and re-tarring 2017-01-10 12:06:09 TBB: you might want to use the gzsplit.c, it splits the .tar.gz to proper parts 2017-01-10 12:06:32 fabled: i assume you wrote gzsplit? 2017-01-10 12:06:34 <^7heo> yeah resign != re-sign btw. 2017-01-10 12:06:42 :) 2017-01-10 12:06:57 <^7heo> https://www.merriam-webster.com/dictionary/resign 2017-01-10 12:07:02 <^7heo> just saying. 2017-01-10 12:07:16 ha 2017-01-10 12:07:24 I used to correct other people's linguistic mistakes but I've since resigned from doing that :) 2017-01-10 12:07:59 (not trying to be sarcastic, that's just the first example coming to my mind with my grand 5 hours of sleep last night) 2017-01-10 12:08:10 <^7heo> TBB: Yeah, fortunately, other people's mistakes aren't forcing me to do them too. 2017-01-10 12:08:29 <^7heo> TBB: otherwise I'd kill myself. 2017-01-10 12:08:54 yeh, I make enough mistakes and blame myself for them even without repeating those of others 2017-01-10 12:08:57 ncopa, i wonder if i should put gzsplit.c to abuild as 'abuild-splitapk' or so 2017-01-10 12:09:00 <^7heo> anyway, even in the concept of cryptography, it resign has a meaning different than re-sign. 2017-01-10 12:09:11 fabled: sounds lnike a good idea 2017-01-10 12:09:12 <^7heo> so... 2017-01-10 12:09:54 other possible names: apksplit or splitapk 2017-01-10 12:10:11 it's abuild-tar and abuild-sign 2017-01-10 12:10:17 abuild-split ? 2017-01-10 12:10:20 yeah 2017-01-10 12:10:34 or abuild-gzsplit ? 2017-01-10 12:10:41 or abuild-apksplit? 2017-01-10 12:10:55 abuild-gzsplit sounds good 2017-01-10 12:11:08 it is descriptive 2017-01-10 12:11:10 it does have apk level info, as it deduces each part's name from the content 2017-01-10 12:11:29 while the boundary detection happens from gz boundary 2017-01-10 12:12:02 the 'abuild-' prefix says that it is alpine specific 2017-01-10 12:12:09 <^7heo> yeah 2017-01-10 12:12:17 <^7heo> please prefix with abuild- 2017-01-10 12:12:32 <^7heo> because search engines aren't clever enough to get the context of webpages... 2017-01-10 12:12:35 im ok with abuild-gzsplit and abuild-apksplit 2017-01-10 12:12:40 <^7heo> and those of search terms. 2017-01-10 12:13:02 <^7heo> so searching "apk" related things always returns android sstuff. 2017-01-10 12:13:03 <^7heo> stuff* 2017-01-10 12:13:15 too bad google can't google 2017-01-10 12:13:19 apk-tools was before android 2017-01-10 12:13:27 android didnt exist when we picked .apk 2017-01-10 12:13:34 <^7heo> fabled: yes, but guess what, google is bigger than us. 2017-01-10 12:14:16 fableds point still stand. too bad google can google things thats smaller than themselves 2017-01-10 12:14:23 cant* 2017-01-10 12:14:54 <^7heo> what does that mean? 2017-01-10 12:14:59 what i mean, its not our fault that googling apk gives you andoird stuff 2017-01-10 12:15:14 <^7heo> ah definitely not. 2017-01-10 12:15:16 nothing we could done with it at the time we decided to call it apk 2017-01-10 12:15:18 <^7heo> but prefixing would help. 2017-01-10 12:15:22 <^7heo> and that's the best we can do. 2017-01-10 12:15:23 yup 2017-01-10 12:15:26 +1 2017-01-10 12:15:46 <^7heo> and it's better than changing the name "apk" 2017-01-10 12:15:54 agree 2017-01-10 12:17:00 ncopa, TBB, looks good: http://sprunge.us/cDjb ? 2017-01-10 12:17:09 urgh 2017-01-10 12:17:18 better link http://sprunge.us/SbHR 2017-01-10 12:18:20 looks good. maybe add to .gitignore too 2017-01-10 12:18:53 committed 2017-01-10 12:20:06 i'd like the 'rootbld' committed soon too; after figuring out how to configure the package repositories for it 2017-01-10 12:20:43 my current abuild diff for that is http://sprunge.us/OTQP 2017-01-10 12:22:50 TBB, would there be value in providing an 'abuild-re-sign' script in abuild? or you do your own scripts anway? 2017-01-10 12:30:48 why would one want to re-sign packages? (i could understand the need to sign, but re?) 2017-01-10 12:32:04 also, could this need be bypassed if apk supported more than one signer? 2017-01-10 12:32:05 fabled: what are your thoughts regarding bubblewrap after your recent tests? 2017-01-10 12:51:11 fabled: while I'm not sure how wide a need for it is, my project could use it. OTOH, our common friend in the same project supports actually rebuilding the entire distribution right here instead of just re-signing, but that'll have to wait in any case 2017-01-10 12:52:16 if I understand correctly, some other projects with a setup similar to hours with all the laws and requirements in their respective fields have the same demand: that everything needs to be compiled in-house 2017-01-10 12:52:41 (s/hours/ours/ - one can see I'm only thinking about when this workday is going to end) 2017-01-10 12:56:46 TBB: i also know a few places that locally rebuild 2017-01-10 12:57:16 not with alpine but as a general rule so it would apply if they did use it 2017-01-10 13:14:21 I understand it's pretty common in, say, the defense industry 2017-01-10 13:15:50 that, and also just to make sure devs don't lose the sources to something 2017-01-10 13:16:04 so it can be a security and a errr 2017-01-10 13:16:15 sanity? reason 2017-01-10 13:16:31 "if we run it we need to be able to reproduce it" 2017-01-10 13:16:49 i.e. industrial stuff there's often a 10Y liability for supporting devices you sold 2017-01-10 13:16:56 yeah. I actually do that too, I regularly both mirror the package repository and fetch the sources aports fetches 2017-01-10 13:17:02 if you lose the sources you'd doomed 2017-01-10 13:17:27 TBB: ah :) I don't right now since I'm not in those industries atm and so i just enjoy slacking for a few years 2017-01-10 13:17:47 not that anybody would require me to, it's just a habit I've picked up over the years 2017-01-10 13:17:54 sensible one, too 2017-01-10 14:38:32 hi, my alpine hangs at boot somwhere after network. I chrooted and disabled most of the services but still no login promt. Is there a way to force interactive boot? 2017-01-10 14:51:30 think i should touch /var/run/interactive but that doesnt survive reboot and in single user mode I dont have /var, maybe because of fulldisk encryption 2017-01-10 16:13:51 Things are fast and going well... 2017-01-10 16:14:11 But I need to use vesa driver for the GPU. 2017-01-10 16:15:00 Also wayland is a problem. Maybe becuase of that driver. 2017-01-10 16:15:18 So. Using xorg + i3 atm. 2017-01-10 16:19:51 Somehow I even managed to get pcmcia CF card reader to work. I wish I knew how. :P 2017-01-10 16:28:49 Zuccace: what gpu? 2017-01-10 16:29:47 my toshiba needed the xf86-video-chips driver, which is scarce among modern distros. 2017-01-10 16:34:54 rawf: ATI Rage Mobility P/M. Has Mach64 chip. 2017-01-10 16:49:37 rawf: https://dpaste.de/hETn/raw The USB2.0 ports (x2) are on a pcmcia extension card. 2017-01-10 16:51:03 Next step is to run midori without any huge lag. That's gonna be a challenge so I might resort to surf. 2017-01-10 16:56:08 I'd also need to set some cgroup rules... The system get very unresponsive when loads exceed over 1.00 or so. 2017-01-10 17:04:14 Hm. No surf in repos. I think netsurf will do then. 2017-01-10 17:07:34 It maybe even better since surf pulls GTK+. 2017-01-10 17:12:40 netsurf too 2017-01-10 17:13:09 (though i'd still argue netsurf is much lighter. and less capable. but it works) 2017-01-10 17:13:53 i _think_ in alpine javascript is not enabled, though duktape compiles (and works) just fine in alpine 2017-01-10 17:14:05 (that is, in netsurf) 2017-01-10 17:16:10 netsurf actually had quite a few commits since the (very recent) release 2017-01-10 17:34:12 avih: I think I'll have midori and netsurf both. Time will tell which is better for the machine... 2017-01-10 17:34:40 Zuccace: does midory use gecko or webkit/blink these days? 2017-01-10 17:35:30 would be interesting to hear if netsurf is not the fastest 2017-01-10 17:40:20 Midori uses webkit, I think. 2017-01-10 17:41:05 So it may not really be that low on resources. 2017-01-10 17:41:42 Conkeror uses Xulrunner/Gecko. 2017-01-10 17:42:41 But last time I used it,it wasn't very compatible with modern web pages. 2017-01-10 17:46:29 imo you're probably better off just trying firefox/chrome (and netsurf if they're slow) 2017-01-10 17:47:19 though 512M ram is not a lot to play with. i don't think you could find a modern browser with js which would work reasonably well with that 2017-01-10 17:47:52 but maybe... 2017-01-10 17:52:58 actually, alpine+xfce+firefox works surprisingly well with 384M ram (in virtualbox). 2017-01-10 17:53:24 it'd be slower with an older CPU, but it works ram wise 2017-01-10 17:54:25 alpine+xfce4 is ~100M, and seemingly firefox can cope with what's left 2017-01-10 17:55:53 yes, it will gladly cope with all that's left ;) 2017-01-10 17:57:47 i loaded a very heavy page and it didn't exhaust ram actually :) 2017-01-10 17:58:12 (wasn't too far off though, but for single-tab only, seems to be working) 2017-01-10 17:59:50 I've mentioned my 1.8 GHz Pentium M laptop with 2 GB with Alpine + XFCE + Firefox. FF is very, very barely usable with that setup, but I'll admit the disk (SSD) is encrypted and the CPU spends most of its time at 600 MHz 2017-01-10 18:00:50 yeah, i said cpu could be an issue. but surprisingly ram isn't as big an issue i assumed it would be 2017-01-10 18:01:57 also, FWIW, firefox runs just fine on bay trail atom and 2G (on windows). it's perfectly good for a moderate number of tabs and extensive browsing 2017-01-10 18:03:29 (disclaimer: i've been working for mozilla for some years. at the performance team) 2017-01-10 18:03:55 (not anymore though) 2017-01-10 18:38:33 hello! is there any premade ec2 ami? 2017-01-10 20:15:26 SmokedCheese: hi. not that i am aware of 2017-01-10 21:23:02 Does apk have a way to list files some package owns (has installed)? 2017-01-10 21:25:51 Ah. 2017-01-10 21:26:00 apk info seems to have that. 2017-01-10 21:27:06 Yeah. apk info -L 2017-01-10 22:22:09 hello. is somebody working on bumping this to a recent version? https://pkgs.alpinelinux.org/package/edge/testing/x86_64/rust 2017-01-10 22:23:11 <_ikke_> jirutka is apparently maintaining it, but he's only in #alpine-devel 2017-01-11 03:50:10 anyone have tips for how to move an alpine install to a new drive? 2017-01-11 03:51:59 <^7heo> I usually move the drive 2017-01-11 03:52:19 <^7heo> ssds are cheaper than the time it takes to migrate 2017-01-11 03:53:21 the point is to move from a crappy hd to ssd 2017-01-11 03:53:44 is the ssd larger or smaller? 2017-01-11 03:53:49 smaller 2017-01-11 03:53:52 it's actually emmc 2017-01-11 03:54:04 you're better off formatting the ssd yourself and using rsync 2017-01-11 03:54:17 if you'll boot from the ssd you'll need to reinstall the bootloader and whatnot too 2017-01-11 03:54:31 alpine is a boot loader and and archive, yeah? 2017-01-11 03:54:34 yeah but after copying everything what do i do to fix the fstab (uuids), extlinux, etc to boot right on the new one? 2017-01-11 03:54:43 copy the archive, rewrite the boot loader to the ssd? 2017-01-11 03:55:54 ACTION only has a diskless install on a usb stick.. 2017-01-11 03:56:13 oh 2017-01-11 03:56:17 i'm not sure about that setup 2017-01-11 03:57:13 dalias: is your install diskless, partial or a full disk install? 2017-01-11 03:57:19 full disk 2017-01-11 03:57:25 alpine has 3 modes of installation, yeah? 2017-01-11 03:57:29 yes 2017-01-11 03:57:44 ACTION is fairly uneducated on it all 2017-01-11 03:58:09 full disk is just a traditional partition and extlinux as bootloader 2017-01-11 03:58:16 i typically just go for full disk for ease 2017-01-11 03:58:54 the diskless install is my attraction to alpine (also musl and busybox based) 2017-01-11 03:58:59 and minimal as fuck,. 2017-01-11 03:59:16 it isn't applicable to any of my use cases 2017-01-11 04:00:04 he left.. but I think rsync and reinstall a boot loader is the same as copying the archive 2017-01-11 04:00:18 not sure how the archive is managed 2017-01-11 04:00:29 but if it is truly an archive the bootloader is still going to be separate 2017-01-11 04:00:32 with lbu 2017-01-11 04:01:04 the diskless install is beautiful.. every time you reboot, all your cahces and logs are purged because it reloads from the archive 2017-01-11 04:01:06 yea i think its just in a tarball? 2017-01-11 04:01:31 if you want to keep your changes, you use `lbu ci` to update the archive 2017-01-11 04:01:47 i'm familiar with the tool i just don't have any actual use for it in any of my environments 2017-01-11 04:01:52 (mostly kvm instances) 2017-01-11 04:02:26 on the raspberry pi, it's great because of the writing abillity of the sd card 2017-01-11 04:02:42 ah right there's an rpi branch 2017-01-11 04:02:43 on the laptop, it's good because of the limited write capacity of the ssd 2017-01-11 04:02:47 i forgot about that actually :p 2017-01-11 04:03:04 the rpi version of alpine is _so awesome_! 2017-01-11 04:03:10 you're going to be very hard pressed to truly hit an ssd's write capacity on a desktop 2017-01-11 04:03:41 I have noticed vi writes on every keystroke.. 2017-01-11 04:03:48 it takes ~2 years of constant 24/7 read/write abuse using flashcache before i noticed issues on ssd media, in regular usage never 2017-01-11 04:03:51 watching the write light on my usb stick. 2017-01-11 04:03:58 uh 2017-01-11 04:04:09 the fs cache should be catching that ... 2017-01-11 04:04:16 what filesystem are you using? 2017-01-11 04:04:29 presumably vfat 2017-01-11 04:04:34 or ext2 2017-01-11 04:04:34 ? 2017-01-11 04:04:35 the usbstick is ext2 or 4.. can't really remember 2017-01-11 04:04:46 hopefully without a journal 2017-01-11 04:04:46 likely 2 2017-01-11 04:05:05 but either way, the block cache should be catching that usage 2017-01-11 04:05:10 wait 2017-01-11 04:05:12 are you running X? 2017-01-11 04:05:17 should change it to ext4, you think? 2017-01-11 04:05:23 sometimes I run x.. 2017-01-11 04:05:35 i don't think it's vi writing to your disk on every keystroke 2017-01-11 04:05:45 it's very likely your terminal emulator if it's based on libvte. 2017-01-11 04:05:51 st 2017-01-11 04:06:50 wow this looks nice as a rootfs for a laptop 2017-01-11 04:06:52 https://www.amazon.com/SanDisk-Ultra-Low-Profile-SDCZ43-064G-G46-Version/dp/B00YFI1EBC 2017-01-11 04:07:16 especially for anyone who travels 2017-01-11 04:07:29 well i doubt suckless would get anywhere near libvte 2017-01-11 04:07:41 pop it out and in a pocket when going thru security and leave some lame windows install on the internal storage device 2017-01-11 04:07:42 i'd be interested in actually figuring out what is writing to your drive constantly 2017-01-11 04:08:03 dalias: you left, but I agreed with scv about mounting your drive, rsyncing the root filesystem, then reinstalling your bootloader onto the ssd.. 2017-01-11 04:08:07 makes sense, yeah? 2017-01-11 04:08:08 does vi have a mode where it automatically saves the file constantly? i still can't imagine it doing a fsync on each keypress though .... 2017-01-11 04:08:22 and unless it's configured to do so it won't write to disk unless you actually do :w anyway 2017-01-11 04:08:27 scv: vim has a file-backed swap buffer 2017-01-11 04:08:30 so that's why i'm confused 2017-01-11 04:08:35 does it really 2017-01-11 04:08:43 grugly, what's needed to fix the uuids in fstab? 2017-01-11 04:08:47 i'm a filthy nano user so :p 2017-01-11 04:08:50 and is there any reason to have a /boot ? 2017-01-11 04:08:54 if you're using it (and haven't changed the config), there will be a file named ..swp in that directory 2017-01-11 04:09:00 any actual serious editing i tend to do in kate 2017-01-11 04:09:13 my existing install had /boot separate but i dont know why 2017-01-11 04:09:19 good to know nbastin 2017-01-11 04:09:24 it'll fsync on each keypress though? 2017-01-11 04:09:28 that's a bit surprising 2017-01-11 04:09:33 scv: no, it doesn't mess with the VFS layer 2017-01-11 04:09:33 scv: there's a file I found in ~/.vim/ that keeps track of file history and changes n whatnot 2017-01-11 04:09:37 the OS decides when to sync 2017-01-11 04:09:38 ah 2017-01-11 04:09:47 it's just to handle recovery from vim crashes 2017-01-11 04:09:54 not from system crashes.. :-) 2017-01-11 04:10:17 yeah i know typically vfs sync isn't that frequent though, and it can be forced from userland so that's why i was wondering 2017-01-11 04:10:22 (this is particularly useful when you're using vim over the network using X, and your X socket gets borked) 2017-01-11 04:10:23 dalias: you could do that by hand? the disk ids 2017-01-11 04:10:38 my initial guess was libvte which mmap()s a file for its scrollback 2017-01-11 04:10:55 would have similar result of keypress causing a fs write 2017-01-11 04:11:08 but 2017-01-11 04:11:17 this is totally unrelated to your initial query grugly sorry :p 2017-01-11 04:11:23 off on a tangent here 2017-01-11 04:11:33 ACTION goes back outside to weld up the reinforcements he just cut into his trailer 2017-01-11 04:11:57 scv: I never had a query, I was just adding my uneducated 2bob 2017-01-11 04:12:17 see i can't even keep the chat straight 2017-01-11 04:12:18 darnit 2017-01-11 04:12:20 :p 2017-01-11 04:13:12 anybody know if there's wtmp support floating around for musl? i'm thinking about hacking on it if there isn't already an existing patchset 2017-01-11 04:13:27 haven't had any luck from a very brief google but might still dig further 2017-01-11 08:56:03 scv: http://wiki.musl-libc.org/wiki/FAQ#Q:_why_is_the_utmp.2Fwtmp_functionality_only_implemented_as_stubs_.3F 2017-01-11 08:56:16 "that's a HUGE risk to pay for the sake of a basically-useless and possibly-harmful "feature"" 2017-01-11 08:56:31 what is wtmp doing for you that you can't live without 2017-01-11 09:32:48 System of a Down it fucken epic music 2017-01-11 09:32:54 s/it/is/ 2017-01-11 09:33:14 ohh wrong channel ;) 2017-01-11 10:11:52 glib and sqlite3 only seem to be available as dynamic libraries on alpine, or am I missing something? 2017-01-11 12:00:59 hey folks! Might interest you, I've added an mirror for packages on alpine-linux 3.4 to IPFS: https://ipfs.io/ipfs/QmRsvEpJggeu4HhoafzRFobV4sbwVVTXMrdb2p8XWv7bCS 2017-01-11 12:02:23 source for creating the mirror is here: https://github.com/VictorBjelkholm/alpine-mirror 2017-01-11 14:03:03 grugly: System of a D isn't that great of software. :P 2017-01-11 14:43:45 systemd is some kind of raggae band, i saw a sticker 2017-01-11 14:43:50 in a toilet 2017-01-11 17:52:20 when installing a local package e.g. apk add /path/to/linux-vanilla-4.4.39-r2.apk; can i mark this package to not beeing upgraded like here: https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Holding_a_specific_package_back ? 2017-01-11 17:52:58 <^7heo> I am not sure manually installed packages are ever upgraded 2017-01-11 17:53:25 ^7heo: they are... just happening right now on my notebook 2017-01-11 17:53:57 i really like kernel upgrades by kernel is very custom now and i not always have time to rebuild when doing system upgrades 2017-01-11 17:54:06 s/by/but/ 2017-01-11 17:54:19 + my ... :| 2017-01-11 17:55:39 okay, i can copy the package to my custom aports tree and rename it to linux-custom but it would be easier if apk had such a feature... 2017-01-11 17:58:40 <^7heo> hanez: I didn't get what you wrote 2017-01-11 17:58:57 <^7heo> hanez: but it seems you wan funtoo (or gentoo) 2017-01-11 17:59:43 <^7heo> s/wan/&t/ 2017-01-11 18:00:53 ^7heo: i am using gentoo too. moving to alpine on one notebook. gentoo is to hard to compile on that device. 2017-01-11 18:02:00 i really like alpine. just tried to hold a locally installed packe back from upgrading... 2017-01-11 18:02:12 s/packe/package/ 2017-01-11 18:03:26 <^7heo> I don't remember how to pin a package sorry 2017-01-11 18:03:37 but, it would not be to hard to create a copy of linux-vanilla with a new name. then it can't be upgraded through apk. 2017-01-11 18:03:48 it is described here: https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Holding_a_specific_package_back 2017-01-11 18:04:02 but it not works for locally installed packages 2017-01-11 18:04:14 <^7heo> well, ask fabled 2017-01-11 18:04:20 <^7heo> he might know 2017-01-11 18:04:24 hmm, okay... 2017-01-11 18:04:30 thank you! ;) 2017-01-11 18:04:43 <^7heo> I didn't do it! 2017-01-11 18:04:49 <^7heo> ACTION hides 2017-01-11 18:04:55 may he will read my issue here... ;) 2017-01-11 18:04:57 :) 2017-01-11 18:05:39 <^7heo> at some point, he will 2017-01-11 18:07:39 ^7heo: sine i have a lot of packages in my custom aports tree which are not upstream i really can live with a custom kernel package too. that is an aceptable solution to me... 2017-01-11 18:07:56 s/sine/since/ 2017-01-11 18:09:01 <^7heo> yeah you could pin a package to a repo 2017-01-11 18:09:13 <^7heo> that is a much cleaner solution imho 2017-01-11 18:10:07 ah, you mean i add my custom apk's as repo? 2017-01-11 18:10:28 i mean, my local package directory... 2017-01-11 18:11:57 wrong asked... is my /home/hanez/packages directory a apk repo? 2017-01-11 18:12:19 <^7heo> s/\ba\b/an/ 2017-01-11 18:12:50 <^7heo> I dunno 2017-01-11 18:13:01 <^7heo> I always use http transport 2017-01-11 18:13:09 ah, ok 2017-01-11 18:13:34 i'm adding lua5.1 and also, as --virtual .build-deps, i'm adding lua5.1-dev. But when i delete .build-deps, lua5.1 is getting deleted too, whats going on? 2017-01-11 18:13:37 <^7heo> and I would suggest you to do the same 2017-01-11 18:13:56 <^7heo> because it's easier to use on many machines 2017-01-11 18:15:56 yeah, that's a nice idea. i will rsync packages to my webserver and then i will add that repo. makes easy to share for others too... ;) great idea... thanks 2017-01-11 18:16:48 can someone help please? 2017-01-11 18:28:53 hanez: locally installed packages will be held back to the specific fingerprint of the package 2017-01-11 18:28:55 usually 2017-01-11 18:41:53 kaniini: i installed a locally compiled linux-vanilla and it was upgraded during apk upgrade... :| 2017-01-11 18:43:07 hmm, how did you install it exactly 2017-01-11 18:43:38 apk add /path/to/linux-vanilla-4.4.39-r2.apk 2017-01-11 18:44:03 very odd; it should have pinned to the package's fingerprint 2017-01-11 18:44:09 how did you upgrade 2017-01-11 18:44:10 apk --update --update-cache --available upgrade 2017-01-11 18:44:16 aha 2017-01-11 18:44:30 oh, is it the --available option? 2017-01-11 18:44:33 apk --available ignores some pinnings yes 2017-01-11 18:44:44 uh, thank you... 2017-01-11 18:44:58 yep, works... nice 2017-01-11 18:45:57 was not clear to me when reading the --help of upgrade... 2017-01-11 18:48:18 indeed, we should make it more clear that --available ignores pinnings 2017-01-11 18:50:56 kaniini: anyway, it is great that there is a solution for mostly any issue i had in the past month. i am working on one machine on alpine every day and it is great... alpine really rocks! ;) 2017-01-11 18:58:09 there's a few things i want to do in apk-tools but waiting for free time + fabled to merge a bunch of his new stuff :P 2017-01-11 19:03:38 speaking of which, abuild-gzsplit seems to have done what was necessary in order to re-sign and repackage a package. thanks for help fabled! 2017-01-11 19:04:20 I still can't avoid rebuilding from scratch at some point, but for now I at least have the option to delay implementing all that 2017-01-11 20:02:11 i'm adding lua5.1 and also, as --virtual .build-deps, i'm adding lua5.1-dev. But when i delete .build-deps, lua5.1 is getting deleted too, whats going on? 2017-01-11 21:13:42 mmm apparently thats not the issue 2017-01-11 21:13:43 this is: Error: Error loading shared library liblua.so.5.3: No such file or directory 2017-01-11 21:13:55 i have this file /usr/lib/liblua-5.3.so.0 2017-01-11 21:14:01 but not liblua.so.5.3 2017-01-11 21:14:10 why? 2017-01-11 21:27:52 felixjet: don't know why this is wrong but i believe you could fix it by creating a symlink to the existing file 2017-01-11 21:28:00 felixjet: just as a workaround... 2017-01-11 21:28:35 ln -s /usr/lib/liblua-5.3.so.0 /usr/lib/liblua.so.5.3 2017-01-11 21:51:00 is somebody working on bumping rust to 1.14.0 :) ? 2017-01-11 21:51:40 hanez, yeah i did that 2017-01-11 21:51:49 but i wanted to understand why that thing 2017-01-11 22:01:32 felixjet: i believe the package maintainer need to add that symlink to the package... 2017-01-11 22:04:05 uh 2017-01-11 22:17:34 felixjet: ? 2017-01-11 22:44:23 felixjet: i think is a good idea to file a bug report regarding your issue... so then it may get fixed faster... ;) 2017-01-11 22:44:50 it's not an official package 2017-01-11 22:45:00 i compiled manually 2017-01-11 22:51:14 ah, ok. the you need to create those symlinks in the package... ;) 2017-01-11 22:52:53 i don't know about anything about building lua... so you may could take a look at the official lua packages and how it is handled there... 2017-01-12 03:54:13 ncopa, one small request for alpine: it would be nice if mmc were in the default features list for mkinitfs (and extlinux command line?) 2017-01-12 03:54:39 lots of modern laptops seem to have emmc flash rather than sata ssd 2017-01-12 05:31:57 ncopa: Just a ping about: 4 Bind vulnerabilities in Alpine -> update to: 9.10.4-P5 (sent you details in an email) 2017-01-12 05:36:06 :-P 2017-01-12 07:25:27 I just installed oidentd, and for some reason it won't work on ipv6 2017-01-12 07:25:37 I'm using he-tunnel, but it works. 2017-01-12 07:25:47 I added /etc/conf.d/odientd under config 2017-01-12 07:25:49 -a :: 2017-01-12 07:25:51 but it isn't working 2017-01-12 07:26:01 07:16:52 fear@alpine:~$ sudo netstat -a | grep auth 2017-01-12 07:26:02 tcp 0 0 0.0.0.0:auth 0.0.0.0:* LISTEN 2017-01-12 07:26:04 any idea? 2017-01-12 07:40:41 anyone? 2017-01-12 07:51:35 seems it works when I run it as root 2017-01-12 07:56:49 <^7heo> dalias: it's true that eMMC support is needed, but I don't expect that a significant amount of our users would run alpine on 200E laptos anytime soon 2017-01-12 07:58:07 <^7heo> dalias: heck, I don't think that everyone in the dev team uses alpine as their main OS. 2017-01-12 07:58:45 <^7heo> s/lapto/&p/ 2017-01-12 08:00:40 ... 2017-01-12 08:01:13 <^7heo> dalias: moreover, there's a couple of features that are being worked on, and that have been requested half a year ago; so I am not sure eMMC should be focused on first (unless it's a couple of SLOCs change) 2017-01-12 08:03:49 ^7heo, emmc support is just a default config change 2017-01-12 08:03:56 <^7heo> ok 2017-01-12 08:04:29 <^7heo> in that case, please disregard what I wrote. I feared it needed more feature implemented. 2017-01-12 08:36:34 sounds similar to the nvme feature, that one 2017-01-12 09:23:42 why does oidentd run on port 113 okay under user nobody, but on ipv6 it won't even listen? 2017-01-12 09:37:45 Fearful: why do you think those things are even related? 2017-01-12 09:38:02 ports and protocols are totally separate 2017-01-12 09:41:58 I'm trying to forward it to oidentd 2017-01-12 09:42:09 since I can't get it to run under 113 on ipv5 2017-01-12 09:42:11 5 2017-01-12 09:42:12 6 2017-01-12 09:42:27 it won't even listen with -p :: 2017-01-12 09:42:33 it will if I change the port though 2017-01-12 09:52:05 seems it works now using -a :: 2017-01-12 09:52:10 but now ip4 isn't working 2017-01-12 09:52:11 ugh 2017-01-12 09:53:34 I guess nobody knows here what it is... 2017-01-12 09:57:14 why did I install alpine linux on this vps i don't feel like reinstalling to debian 2017-01-12 09:57:15 =\ 2017-01-12 10:06:05 this sounds like oidentd's fault to me, not alpine's 2017-01-12 10:09:34 well it's in the repo 2017-01-12 10:10:07 Fearful: possibly that ipv6 isn't enabled on Alpine, could you try to build your own pkg? 2017-01-12 10:10:20 with --enable-ivp6 2017-01-12 10:11:19 http://git.alpinelinux.org/cgit/aports/tree/main/oidentd/APKBUILD -> isn't configured with --enable-ivp6 2017-01-12 10:11:29 hm 2017-01-12 10:11:41 I don't know if oidentd enables ipv6 by default 2017-01-12 10:12:08 or just file a bug report :D 2017-01-12 10:12:39 screw bug reports 2017-01-12 10:12:44 filed, never get a response 2017-01-12 10:13:35 http://termbin.com/c9o5 2017-01-12 10:13:51 IPv6 and IP masquerade support are enabled by default on platforms that support 2017-01-12 10:13:52 them. 2017-01-12 10:18:12 I just tried it 2017-01-12 10:18:15 tcp 0 0 :::113 :::* LISTEN 3863/oidentd 2017-01-12 10:18:19 so it works here 2017-01-12 10:18:48 but what about ip4 2017-01-12 10:18:53 it won't do both 2017-01-12 10:22:11 xming_: did you add -a :: under /etc/conf.d/oidentd to get it to work? 2017-01-12 10:23:05 (Nice. Alpine has simple BUILD -files for building packages.) 2017-01-12 10:23:46 Linux alpine 4.4.41-0-virtgrsec 2017-01-12 10:23:50 would it be virtgrsec? 2017-01-12 10:24:21 just like this oidentd -a :: 2017-01-12 10:24:44 Fearful: you can add it in /etc/conf.d/oidentd 2017-01-12 10:25:00 I know but then it won't work on ipv4 2017-01-12 10:25:12 0:09:31 fear@alpine:~/oidentd-2.0.8$ sudo netstat -a | grep auth 2017-01-12 10:25:13 tcp 0 0 :::auth :::* LISTEN 2017-01-12 10:25:15 with it 2017-01-12 10:25:23 0:15:02 fear@alpine:~/oidentd-2.0.8$ sudo netstat -a | grep auth 2017-01-12 10:25:24 tcp 0 0 0.0.0.0:auth 0.0.0.0:* LISTEN 2017-01-12 10:25:26 wihtout it 2017-01-12 10:33:08 netstat -anp |grep oidentd 2017-01-12 10:33:09 tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 3894/oidentd 2017-01-12 10:33:09 tcp 0 0 :::113 :::* LISTEN 3894/oidentd 2017-01-12 10:34:25 I blame this on oidentd, not Alpine's fault 2017-01-12 10:34:34 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533604 2017-01-12 10:34:52 you need to do `echo 1 > /proc/sys/net/ipv6/bindv6only` 2017-01-12 10:35:08 freaking work around 2017-01-12 10:39:33 ahh that works 2017-01-12 10:39:45 thanks xming_ 2017-01-12 14:10:37 i ran into an issue which only occurs on alpine, on debian it works fine. i cannot receive tcp responses from processes running on a docker alpine container. i think i'm missing some configuration or package or something but i cannot figure out what the problem is exactly 2017-01-12 14:11:39 Luna_Moonfang, does symptoms match this http://bugs.alpinelinux.org/issues/6651 ? 2017-01-12 14:12:05 other options are firefall MTU issue or similar 2017-01-12 14:12:16 no, nothing is freezing. the program that was running is https://github.com/CastawayLabs/cachet-monitor 2017-01-12 14:12:53 and i also had an issue a while ago with https://github.com/solusipse/fiche 2017-01-12 14:14:07 basically, the program gets the input what i'm sending but i'm not receiving anything on the client even though the server (fiche and cahet-monitor) both show they responded succesfully 2017-01-12 14:15:40 so: client =[working, server receives everything]> server =[not working, connection is closed with no output]> client 2017-01-12 14:21:54 hmm, it seems i can get a response when i'm using a ruby TCPServer, i'll test some more 2017-01-12 15:07:16 Do I need some xdg package or do I just set up the runtime dir in profile file? https://dpaste.de/djHh/raw 2017-01-12 21:46:47 Hey, is there the tool/daemon auditd (from RedHat) packaged with Alpine Linux? The only "audit" package I can find with "apk search" is "aaudit" (Alpine Auditor). 2017-01-12 21:47:56 auditd - if for security auditing, i.e. for intercepting/capturing users activity in the system, e.g. log syscalls, file changes, etc. 2017-01-12 21:48:28 aaudit - a package in Alpine Auditor - what for it this package? Can anybody explain? 2017-01-12 21:54:44 aaudit - a package in Alpine - this package is Alpine Auditor - what for purpose is this package? For the same purpose as auditd, i.e. security auditing? 2017-01-13 01:01:58 czart: i believe it is not for the same purpose... but nice idea... i will build a package for auditd because i use autitd regularly for research stuff... ;) 2017-01-13 01:03:01 when switching my main workstation to alpine i really need auditd... 2017-01-13 01:03:37 hanez: guys on #alpine-devel told me that auditd is not compatibile with Alpine (due to security related topics) and they recommended sysdig instead. 2017-01-13 01:04:34 hanez: czart: we are not using selinux 2017-01-13 01:04:34 but grsecurity, with its RSBAC MAC 2017-01-13 01:04:34 auditd is selinux utility 2017-01-13 01:04:41 ah, ok... i see. but i will try to package it anyway... i believe it needs a custom kernel and the grsec stuff will not work 2017-01-13 01:05:07 ACTION reads the devel backlog... ;) 2017-01-13 01:06:06 i believe you don't need selinux for auditd to work... 2017-01-13 01:06:07 hanez: grand, how can I get notified whether auditd is available as a package in Alpine in the future? Is there any newsletter or something similar? 2017-01-13 01:06:41 uh, i am not an official alpine dev... i could inform you here... may i have time next week to build the package 2017-01-13 01:06:49 hanez: OK, I may also try to install auditd, but currently I am pursuing sysdig installation... 2017-01-13 01:07:10 hanez: Sure, np. 2017-01-13 01:07:59 hanez: I will also share sysdig installation notes on success. 2017-01-13 01:08:44 yay, nice! :) i am reading sysdig's website but i believe that this is not what i want. i really want auditd... ;) 2017-01-13 01:09:25 but it may will not run using the grsec kernel. but i am mostly using the vanilla kernel anyway 2017-01-13 01:10:17 hanez: so what are the features that has auditd and are not in sysdig? 2017-01-13 01:10:52 can i not say actually because i didn't tried sysdig... will do it tomorrow maybe 2017-01-13 01:11:21 hanez: OK, sure. 2017-01-13 01:13:14 the most important thing i need is tracing system calls and send stuff to syslog servers. i did not find that in the documentation for sysdig but a lot more i do not need... but i am very tired and need some sleep so i will go deeper into in in the next days... ;) 2017-01-13 01:14:34 hanez: https://sysdig.com/blog/fascinating-world-linux-system-calls/ 2017-01-13 01:14:46 fascinating world :) 2017-01-13 01:19:20 oh, ok... maybe sysdig is doing the job fine. but, i am familiar with auditd and will give it a try on alpine anyway. since i do not use grsec nor selinux it should run on alpine using the vanilla kernel. but i believe the package will never reach the upstream repository because of alpine security policy... ;) 2017-01-13 01:21:14 hanez: OK. At least it will clear how to install auditd or sysdig in containers. Btw, I am using Docker... 2017-01-13 01:22:00 yeah... :) 2017-01-13 01:22:04 hanez: OK, I understand that vanilla kernel is free of both grsec and selinux modules or you simply switched the options off? 2017-01-13 01:22:42 it is free from grsec, yes. and selinux too i think... 2017-01-13 01:23:02 hanez: OK. 2017-01-13 01:24:01 i don't like grsec and selinux. i believe it is possible to make secure systems without those tools... 2017-01-13 01:25:07 but in enterprise environments like banking infrastructure i have never seen systems without selinux. grsec i have never seen anywhere... 2017-01-13 01:26:16 but they are using redhat or suse and there is selinux available and auditd too so they can not decide because of no alternatives 2017-01-13 01:26:48 hanez: I have studying those topics on my TODO list. Do not know much about them at the moment. 2017-01-13 01:27:57 i am working since 13 years in those kind of environments... ;) 2017-01-13 01:28:50 next week i am starting a new project at a new client in hamburg and i believe it will be redhat + selinux + auditd... :D 2017-01-13 01:29:37 so, i need some sleep now. is 3:30 am here now... you will hear from me here in the next days... ;) 2017-01-13 01:32:49 hanez: I do not have comprehensive knowledge, but auditd is also available in other distributions, e.g. Debian (named "audit") 2017-01-13 01:34:37 hanez: some reading: https://www.linux.com/learn/linux-system-monitoring-and-more-auditd 2017-01-13 01:34:46 hanez: Sure, let us know. 2017-01-13 01:35:00 yes, auditd is available in many distributions. arch and gentoo for example 2017-01-13 01:35:36 OK. 2017-01-13 01:36:42 so, let's get in into alpine... :)) 2017-01-13 01:37:31 :) 2017-01-13 02:57:44 bonjour, je cherche un prestataire proposant des VMs légères sous Alpine 2017-01-13 05:46:11 Cehem: co ty tam do mnie kolego mówisz? bo nie bardzo rozumiem... :) 2017-01-13 06:05:47 lel 2017-01-13 09:00:57 Cehem_: essayes scaleway 2017-01-13 11:50:29 I'm trying to get sway wayland compositor to work. https://dpaste.de/1b0G/raw xorg works ok. My GPU is an ancient one ATI Rage Mobility P/M which is based on Mach 64 chip. There was mach64.ko kernel module back in the days... But I think support for it is long gone. But I'd only want 2D acceleration. I think that's needed for wayland? 2017-01-13 11:51:02 I can start X without problem btw. 2017-01-13 11:52:15 So /dev/dri/card[0-9] being missing is the problem here I guess. I've tried to install some packages, but none of them helped. 2017-01-13 12:59:13 Zuccace: I can't remember what actually creates that device; I think it was something like mdev doing it but udev not doing it, and "fixed" it by adding my own udev rule, but then at some point udev started creating that device without rule additions 2017-01-13 13:27:55 TBB: Thanks. I'll try out with {m,u}dev. 2017-01-13 14:14:07 and if it's okay, keep us updated on your experiments with Wayland :) 2017-01-13 17:41:49 TBB: Didn't find mdev, but tried with eudev. No success. 2017-01-13 17:42:09 I'll keep on investigating. 2017-01-13 20:12:52 hmm.. something recent(-ish?) made the default memory usage go from ~28M down to ~23M 2017-01-13 20:13:03 (as reported by htop) 2017-01-13 20:14:17 possibly either bash (my default shell) or the new kernel 2017-01-13 23:06:06 what does 'bug fixes' in the 'Updates' field on this page mean https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases ? Is 3.5 to be considered stable release? Is there a Ubuntu LTS equivalent? 2017-01-13 23:07:19 sorry i forgot to ask for the disctinction between 'bug fixes' and 'security only' 2017-01-13 23:09:14 aw1▸ bug fixes means that a bug found there will be fixed. if that same bug is found in a security-only version, it wouldn't be fixed 2017-01-13 23:09:49 aw1▸ that page lists how long a particular version will be supported. 2017-01-13 23:09:54 thanks programmerq 2017-01-13 23:09:59 so 3.5 will have support until november of 2018 2017-01-13 23:10:10 it's not as long as a RHEL version, but it's a good chunk of time 2017-01-13 23:10:22 and these are all bug fix support or will those change to security only 2017-01-13 23:10:43 they will probably change to security only at some point, but I'm not sure when that would be 2017-01-13 23:10:54 programmerq, sure it is long enough for us .. i just need to convince my bosses to start using 3.5 2017-01-13 23:11:01 programmerq, i see. thanks. 2017-01-13 23:21:07 aw1: do note that all the "community" packages ( http://git.alpinelinux.org/cgit/aports/tree/community ) only get 6 months support 2017-01-13 23:21:33 avih, thanks for that info. Let me check those packages. 2017-01-13 23:21:44 while "main" is the 2 years support - http://git.alpinelinux.org/cgit/aports/tree/main 2017-01-13 23:21:54 I should mention that we are using alpine for docker images 2017-01-14 09:52:56 kbbbbb6nnttttttttttttttttttttttggggggggggggggggggkgkkkgkggggggzztuerweeeewwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwreeeeeeeeeree hgggggggggggggttrzbbbbhvbzzrlu3uuu3umy ffgggggg | #alpine-devel │ ^7heo │08:04 --> | nhlfr (~nhlfr@178.62.211.20) has joined #grsecurity │ _op__~~~ 2017-01-14 09:52:58 | #alpine-devel │ ^7heo │08:04 --> | nhlfr (~nhlfr@178.62.211.20) has joined #grsecurity │ _op__ 2017-01-14 09:53:00 | #alpine-devel │ ^7heo │08:04 --> | nhlfr (~nhlfr@178.62.211.20) has joined #grsecurity │ _op__ 2017-01-14 09:53:02 | #alpine-devel │ ^7heo │08:04 --> | nhlfr (~nhlfr@178.62.211.20) has joined #grsecurity │ _op__ 2017-01-14 09:53:04 | #alpine-devel │ ^7heo │08:04 --> | nhlfr (~nhlfr@178.62.211.20) has joined #grsecurity │ _op__ 2017-01-14 09:56:19 my bad kid took the laptop :$ 2017-01-14 11:08:53 coredumb: learning to become a hacker early, eh? 2017-01-14 12:09:16 armin: :D 2017-01-14 12:28:14 coredumb: :) 2017-01-14 12:28:59 coredumb: reminds me, if i ever was to get children, i will NOT lose my habit of locking my screen when moving away from my keyboard. ;) 2017-01-14 12:29:50 armin: I never lock my personal laptop 2017-01-14 12:29:57 coredumb: why not? 2017-01-14 12:30:09 it runs i3 it should be sufficient 2017-01-14 12:30:10 :D 2017-01-14 12:30:32 I should just think of putting it on a separate desktop 2017-01-14 12:30:34 then it probably even has a visible terminal somewhere on the screen. :) 2017-01-14 12:31:00 first key bindings i'd try would be super-t, super-return, super-space. 2017-01-14 12:32:17 I run i3 too and even at home I lock the screen with physlock ;x 2017-01-14 12:32:28 you yes but no one else at home 2017-01-14 12:32:40 physlock - lightweight Linux console locking tool 2017-01-14 12:32:44 oh, never heard about it. 2017-01-14 12:33:31 armin: pretty cool. it locks ttys too. 2017-01-14 12:33:47 coredumb: i have bad feelings because i don't even trust my own girlfriend so i always lock my screen. it was consternating for her at first. 2017-01-14 12:33:57 heh 2017-01-14 12:33:59 e 2017-01-14 12:34:14 I trust my wife to not be able to navigate between desktops on i3 2017-01-14 12:34:20 XD 2017-01-14 12:34:21 :D 2017-01-14 12:34:39 coredumb: what about desktops indicator on panel? 2017-01-14 12:34:55 yeah ... nah even that :D 2017-01-14 12:35:31 my girlfriend is always like "this looks too techy for me, i won't touch this" when i run i3, too. ;) 2017-01-14 12:35:47 that's the best protection 2017-01-14 12:36:14 except when the kid opens the laptop and inputs random stuff in my IRC window 2017-01-14 12:36:17 meh, mine was able to navigate on awesome ;x 2017-01-14 12:36:18 >_< 2017-01-14 12:40:00 damn he even broke my G key 2017-01-14 12:44:19 do you run alpine as well for your dekstop envoirement? 2017-01-14 13:27:43 julius___: was that a general question? 2017-01-14 13:27:53 i think so 2017-01-14 13:28:21 i wonder how it runs on a pi. might make a nice simple desktop system 2017-01-14 13:28:22 julius___: i tried to do that once inside a virtualbox vm and failed because i wasn't able to use input devices once Xorg started, but i consider that's more a virtualbox problem. 2017-01-14 13:28:38 julius___: from what i've seen, it should be a fairly decent choice if your hardware is supported. 2017-01-14 13:29:22 julius___: i'm planning to do precisely this on a spare x220 i have lying around and i hope i'll find time this weekend. 2017-01-14 13:30:27 skrzyp: ^ 2017-01-14 13:31:51 julius___: i'm just downloading an alpine iso right now, to try to set up a "desktop system" inside a kvm virtualized vm within virt-manager. i'll let you know how that goes. i hope i find time to try alpine on that x220 later on today. i'll report back how that goes for sure. ;) 2017-01-14 13:33:23 mongodb from edge/testing so outdated :( 2017-01-14 13:34:12 armin: I have apline with xfce inside virtualbox, I tried it once on an old hp6910p but it didnt work 2017-01-14 13:35:05 armin: for now I stick to arch on that laptop, but I only use it for recording audio and sync the recordings with syncthing. But I just wonderd :) 2017-01-14 13:40:51 julius___: if systemd annoys you, voidlinux might be an alternative option for such a system. their iso's are rather outdated, though, and the maintainer who builds the iso's seems to not care. 2017-01-14 13:41:09 julius___: i run voidlinux on some of my notebooks, though, without major complaints. 2017-01-14 13:41:17 julius___: devuan might also be worth a try. 2017-01-14 13:44:32 armin: I just hobby around sometimes, there is no escaping systemd for me I am afraid, we use RHEL at work. Didn't work with systemd much till now 2017-01-14 13:45:25 julius___: was just trying to offer some suggestions, no offense. ;) 2017-01-14 13:46:25 armin: non taken ;) 2017-01-14 13:46:51 julius___: arch is great i think, was running it for many years. 2017-01-14 13:48:19 i'm not getting any output here when trying to start Xorg inside that kvm vm, btw. 2017-01-14 13:48:38 black screen when running startx, and no possibility to get back to a tty, even with ctrl-alt-f1 2017-01-14 13:48:45 armin: yea, the documentation is incredible 2017-01-14 13:48:56 julius___: the arch wiki is DOPE. 2017-01-14 13:49:09 armin: I had the same when I installed it on my hp6910p 2017-01-14 13:49:19 julius___: :( 2017-01-14 13:49:53 armin: I searched the alpine forums with installing xfce and found some topics, then it worked on virtualbox 2017-01-14 13:53:05 julius___: i think it's not an xfce related issue though 2017-01-14 13:53:18 scadu: hmm? 2017-01-14 13:55:58 armin: I don't remember it exacly, but I had to install more packages then the wiki said 2017-01-14 15:41:47 hey, is there anything else I need to know before submiting a patch than https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package and https://wiki.alpinelinux.org/wiki/Creating_patches#Only_the_last_commit_with_.27git_send-email.27 ? 2017-01-14 15:44:48 this one could help: https://wiki.alpinelinux.org/wiki/Alpine_Linux:Contribute and this one: https://github.com/alpinelinux/aports/blob/master/.github/CONTRIBUTING.md 2017-01-14 15:45:03 you don't *have* to send mail any more, you can pick what you prefer 2017-01-14 15:49:04 guess I'll go the github way if it's not an issue 2017-01-14 17:02:44 julius___: alpine runs fine on my desktop... ;) 2017-01-14 17:07:08 hanez: which audio backend do you use? 2017-01-14 17:07:24 hi, can I get kexec on an alpine install? 2017-01-14 17:07:54 depends on the kernel you choose to use, I guess. the grsecurity one doesn't allow it. 2017-01-14 17:08:29 oh I see :( ok, it is a rescue system I'm trying to work in which does indeed use grsec. 2017-01-14 17:09:43 it's not that difficult to build your own though. clone aports, make the configuration change and abuild your own. 2017-01-14 17:09:55 yeah but I can't reboot in to it 2017-01-14 18:23:40 wonder how well docker runs on alpine 2017-01-14 18:23:52 and how well selinux works on alpine 2017-01-14 18:27:43 why would docker run less well on alpine? 2017-01-14 18:29:29 grsec and pax 2017-01-14 18:37:40 selinux on alpine... well, there's not much point in that other than getting to reuse policies from Red Hat 2017-01-14 18:39:09 although since you mentioned docker I guess you were more after something slightly different from that 2017-01-14 18:39:14 we're looking into running some infrastructure as docker containers to get some separation, http://rhelblog.redhat.com/2017/01/13/docker-0-day-stopped-cold-by-selinux/ popped up 2017-01-14 18:39:44 essentially, would like to bulletproof the docker host 2017-01-14 18:42:58 I would imagine grsecurity does pretty much the same thing; I'm aware of what kinds of protections grsec offers, but I'm not familiar enough with SELinux to make a proper comparison 2017-01-14 18:44:10 we're currently plqnning on using ubuntu 16.04 as the docker host 2017-01-14 18:44:17 the main problem is that in order to fully utilize the RBAC you'll be doing a lot of work to get the policies written properly 2017-01-14 18:45:00 but I've been thinking of the possibility of reusing those Red Hat generated policies for SELinux by converting parts of it for grsecurity 2017-01-14 18:46:10 it would be possible to do the same thing as Red Hat does, though; the community could start some sort of a project for gathering and packaging policies for at least the most common services 2017-01-14 18:47:16 I tried playing with grsec rbac once, just out of curiosity 2017-01-14 18:47:20 locked myself out of my machine several times before I gave up 2017-01-14 18:47:42 just running docker doesn't mean the container's internal security should be forgotten but due to how docker runs and the linked exploit, I want to make sure the host would be somewhat resilient 2017-01-14 18:49:12 the good thing is, we control the code that is exposed to internet via nginx 2017-01-14 18:50:25 yeah, layers upon layers upon layers, that's the reasonable approach to security 2017-01-14 18:54:35 it's refreshing to see we're slowly moving away from having all the eggs in the same basket 2017-01-14 18:55:42 eventually I plan to separate our "edge" from the host that runs the applications/docker 2017-01-14 18:56:57 I wish I had the time and the resources to do something like that in my work, but unfortunately our schedules are so tight and unrealistic that I have to stop myself from doing such things 2017-01-14 18:58:24 finally one of the management admitted the initial project spun out of control and later work was just hacked together instead of making generic use APIs that the software uses 2017-01-14 18:59:28 it's really great to work in a smaller company where you can do such a great overhaul of the basic infrastructure 2017-01-14 19:46:17 btw Diftraku have you seen https://news.ycombinator.com/item?id=13398249 ? 2017-01-14 19:46:33 about the selinux stopping docker 0 day 2017-01-14 19:46:45 first comment : 2017-01-14 19:46:47 This post is incorrect. SELinux does not fully mitigate this issue. We recommend users update to 1.12.6. 2017-01-14 19:46:49 I expect Red Hat to issue a retraction shortly. We notified them last night that this post was incorrect. 2017-01-14 19:47:02 from director of security of docker 2017-01-14 19:47:29 also wanting to use SELinux on Ubuntu seems a bit weird to me 2017-01-14 19:47:44 Ubuntu is more oriented to AppArmor 2017-01-14 20:16:23 the thing is, I have no clue regarding AppArmor 2017-01-14 20:18:41 Diftraku: well it's a gazilion times easier to write AppArmor rules from scratch than SELinux 2017-01-14 20:19:09 and already integrated in your host distro 2017-01-14 20:19:59 if you really want SELinux you better go with RHEL/CentOS 2017-01-14 20:20:09 ^ this 2017-01-14 20:20:25 Promise I won't judge you 2017-01-14 20:22:21 SELinux is literally two commands while in permissive to create a policy 2017-01-14 20:22:41 and most stuff has a policy in place already 2017-01-14 20:23:32 but you can't really write them by hand, right? 2017-01-14 20:24:13 I don't even count the number of times where these "two" commands in permissive have not been sufficient 2017-01-14 20:25:29 bonus question: Why not use AL as your docker host ? 2017-01-14 20:26:31 apparently you can write your own policies manually 2017-01-14 20:26:43 oh sure you can 2017-01-14 20:26:47 have you even tried ? 2017-01-14 20:27:43 not personally, nor have I written any apparmor rules 2017-01-14 20:28:35 the thing is, I have more experience in SELinux than AppArmor, so I am more comfortable running an SELinux enabled host 2017-01-14 20:31:31 Diftraku: I can understand that, just not why on Ubuntu though :) 2017-01-14 20:31:55 Hi. I'm trying to create a 'data' Luks with lvm installation following this guide: https://wiki.alpinelinux.org/wiki/LVM_on_LUKS and hit a roadblock. 2017-01-14 20:32:36 is someone familiar with this installation method? 2017-01-14 20:32:44 coredumb: I completely forgot Canonical rolled their own, like they do for most stuff on Ubuntu from Debian 2017-01-14 20:34:11 "'apk fix' will give an error for missing modules - fix with a symlink in /lib/modules & rerun 'apk fix' above" what should I symlink to /lib/modules? 2017-01-14 20:35:03 /lib/modules should be a symlink to /.modloop/modules if i recall 2017-01-14 20:35:34 thank you! I'll try and report back with results 2017-01-14 20:35:41 that's nice, a bug where selinux actually can step in and prevent something 2017-01-14 20:41:02 kahiru_: stupid question: should I symlink $MNT/lib/modules(installation target) or host /lib/modules? 2017-01-14 20:42:39 ircusertest: the host one 2017-01-14 20:45:37 kahiru_: #ln -s /.modloop/modules /lib/modules ==> ln: /lib/modules/modules: Read-only file system 2017-01-14 20:46:23 I booted from standard Alpine Linux x86-64 2017-01-14 20:56:02 kahiru_: it doesn't work. Any other solutions? 2017-01-14 20:57:05 I'm not familiar with the documented LUKS+LVM install, I basically figured out on my own how to do it and then rolled my own installer 2017-01-14 21:00:37 I'm pretty new to alpine linux. Just have some experience with debian/grub/initramfs. so I'm kinda flying blind here 2017-01-14 21:01:36 ircusertest: hard to say :/ 2017-01-14 21:01:54 I think the detail that made me a bit nervous in the first place is when I noticed you mentioned the "data" mode; I'm not too familiar with install types other than the most basic, 'sys' style one 2017-01-14 21:04:04 from my understanding data mode loads everything to RAM except /var. like sys but runs from memory 2017-01-14 21:05:27 TBB - for encrypted & custom installs see https://github.com/itoffshore/alpine-linux-scripts 2017-01-14 21:05:56 that's actually why I opted for alpine linux. for Debian it would be to much hassle to make my own version which load in ram and than syncs to usb when instructed. Alpine Linux has already the LBU mechanism for that. 2017-01-14 21:12:39 going through the code to see if I can understand how it does the last step of creating mkinitfs. Thank you 2017-01-14 21:16:17 BitL0G1c: I had my reasons for rolling my own, at that point in time I was required to support installs for several distros so I'm basically just using my own tools for Alpine installs 2017-01-14 21:16:51 (and I still kind of am required to be able to do that, so it's easier for me that way) 2017-01-15 10:18:51 armin, scadu ... OK I installed i3lock :D 2017-01-15 10:21:57 coredumb: \o/ 2017-01-15 10:27:50 Hi 2017-01-15 10:28:41 After updating from 3.4 to 3.5 apk add shows me that there is 1 error. Is there a way to get information about this error? 2017-01-15 10:30:34 Ganwell: "apk fix" usually fixes that 2017-01-15 10:31:48 coredumb: thx! 2017-01-15 11:40:23 coredumb: oh, regarding i3lock. i've once written a script that grabs a screenshot, pixelates it, and uses it being displayed when locking the screen via i3lock 2017-01-15 11:40:48 coredumb: from distance it looks like you didn't lock your screen and when you get closer you just see pixels but no letters in terminals ;) 2017-01-15 11:41:23 you probably shouldn't do this when watching porn, though, obviously... 2017-01-15 11:42:16 https://gist.github.com/netzverweigerer/a7eb4d1340b4ffd856e6 2017-01-15 11:42:23 don't have a screenshot right now, though ;) 2017-01-15 11:53:27 Does anybody happend to have APKBUILD for latest vanilla-kernel? They seem to have change build procedure. Still trying to figure out whats wrong. 2017-01-15 11:57:41 Ganwell: http://git.alpinelinux.org/cgit/aports/log/?qt=grep&q=vanilla 2017-01-15 11:59:56 armin: pixelized porn art ? so cool 2017-01-15 11:59:58 :D 2017-01-15 12:01:27 Ganwell: i believe dalias built 4.9 recently for alpine, he might have an apk file 2017-01-15 12:07:11 scadu: avih: thx a lot 2017-01-15 12:08:00 dalias: do you happen to have a APKBUILD file for a recent kernel like 4.9? 2017-01-15 13:15:14 the x86_64 giblib package should be rebuilt 2017-01-15 13:15:22 i get ERROR: giblib-1.2.4-r8: BAD signature 2017-01-15 13:15:48 for a long time now, i can fix it locally by a local build, but that does not help other systems 2017-01-15 13:22:01 ganwell, no, i just built it by hand 2017-01-15 13:22:47 copying alpine's .config and using "make menuconfig" to avoid the idiotic oldconfig prompt-spam 2017-01-15 14:07:26 what's the difference between apk add and apk add --upgrade? 2017-01-15 14:07:38 both things upgrade the package if present 2017-01-15 14:07:42 so i don't get it 2017-01-15 14:07:57 i have tar 1.25 2017-01-15 14:08:04 if i run apk add tar or apk add --upgrade tar 2017-01-15 14:08:08 i end up getting 1.29 2017-01-15 14:08:11 same result 2017-01-15 14:23:38 i don't; for me, sometimes add -u doesn't even work 2017-01-15 14:23:54 and i have to add '>x.y.z' to the end even though the version was not pinned before 2017-01-15 17:28:32 so none haves an answer? :( 2017-01-15 17:28:40 what's the difference between apk add and apk add --upgrade? 2017-01-15 17:37:06 -u prefers upgrade 2017-01-15 17:37:51 you mean it apk update before ? 2017-01-15 17:45:08 nsz, what does "prefers" mean here? 2017-01-15 17:45:12 i'm confused about it too 2017-01-15 17:50:16 dalias: i'd guess the package resolution logic might find different solutions and -u will select the one which upgrades packages if there are multiple solutions 2017-01-15 17:55:38 lol https://twitter.com/moyix/status/819941922588528640 2017-01-15 17:56:05 oops meant for #musl but relevant here too i guess 2017-01-15 18:09:01 nsz, but in the case of "tar" package 2017-01-15 18:09:06 why both things upgrade it? 2017-01-15 18:10:50 for example if tar package is present at version 1.25 2017-01-15 18:11:15 if i use "apk add tar", why package gets upgraded instead of reinstalled? 2017-01-15 18:11:24 doesn't seem very "consistent" 2017-01-15 18:11:32 and that "prefers" thing is just more confusing 2017-01-15 18:24:49 the only effect -u has is that if the solver finds two packages that can satisfy some dependency then the installed one is prefered by default and upgrade is preferred with -u 2017-01-15 18:26:01 there are several preference checks (e.g. if a package is selectable without any errors that is prefered independently of installed/upgrade) 2017-01-15 18:26:58 and i dont know if an explicitly added package is special cased or not (as opposed to dependencies) 2017-01-15 18:28:46 hi has anyone used chipsec on alpine? 2017-01-15 18:30:41 don't know of anyone who has 2017-01-15 18:33:40 ok 2017-01-15 20:12:17 nsz, so it's only on the case of deps? 2017-01-16 00:06:25 virt-install reports missing gi module -- where/how do I get this in alpine? 2017-01-16 00:12:56 alpine 3.5.0/edge running under virtualbox 2017-01-16 00:16:27 wtf 2017-01-16 00:16:36 I can't bind() to 127.0.0.1 2017-01-16 00:16:42 but I can bind() to :: 2017-01-16 00:16:56 and I can connect() 127.0.0.1 2017-01-16 00:17:01 but not to :: 2017-01-16 00:18:01 same on UID 0 2017-01-16 00:47:32 likely lo is not up/configured 2017-01-16 00:48:06 of course you can bind to :: but not connect to it 2017-01-16 00:48:13 :: is analogous to 0.0.0.0 2017-01-16 00:48:35 it means you're not binding to any specific address/interface (rather all) 2017-01-16 00:48:47 and it's not an address you can connect to 2017-01-16 00:48:53 ::1 is the ipv6 analog of 127.0.0.1 2017-01-16 00:50:05 is anyone running virt-install under 3.5.0/edge? 2017-01-16 00:50:35 or is it known to have a problem? 2017-01-16 00:57:36 <^7heo> skrzyp: AFAIK it's not possible to bind on IPv4, is it? 2017-01-16 00:57:42 <^7heo> skrzyp: I mean, for local 2017-01-16 00:58:03 <^7heo> skrzyp: binding on IPv6 will also bind on IPv4 2017-01-16 00:58:07 <^7heo> skrzyp: or something like that 2017-01-16 00:58:31 <^7heo> (sorry if I'm writing nonsense I'm exhausted and my brain is trying its best at making sense with very limited data in memory) 2017-01-16 00:59:39 <^7heo> anyway long story short I recall something about binding on v6 working for both v4 and v6 for lo 2017-01-16 01:00:00 hmm 2017-01-16 01:00:03 simple test 2017-01-16 01:00:13 nc -l -p 1337 0.0.0.0 2017-01-16 01:00:23 nc 127.0.0.1 1337 2017-01-16 01:00:32 on separate terms 2017-01-16 01:00:50 nothing happens when I type something+^J on any of them 2017-01-16 01:00:50 <^7heo> and as dalias pointed out, ::1 is not :: 2017-01-16 01:01:03 yep 2017-01-16 01:01:06 :: 0.0.0.0 2017-01-16 01:01:09 is* 2017-01-16 01:01:10 my bad 2017-01-16 01:01:20 <^7heo> yeah, actually it's 0000:0000:...:0000 2017-01-16 01:01:36 <^7heo> but yeah it's "equivalent to 0/0 in IIPv4 2017-01-16 01:01:48 <^7heo> IPv4 even 2017-01-16 01:02:01 IPv7 :) 2017-01-16 01:02:19 <^7heo> huhu 2017-01-16 01:02:31 <^7heo> it'd be v8 if it's released for general public use anyway 2017-01-16 01:02:35 I think no one gets that reference 2017-01-16 01:02:40 <^7heo> v7 would be only for research/development 2017-01-16 01:02:49 <^7heo> I didn't get it no. 2017-01-16 01:03:55 it's from 1998 2017-01-16 01:04:14 https://en.wikipedia.org/wiki/Serial_Experiments_Lain 2017-01-16 01:04:31 awesome series 2017-01-16 01:04:55 spoilers hurr durr 2017-01-16 01:10:17 <^7heo> looks cool 2017-01-16 02:16:10 <|-BRVXA-|> i love lain 2017-01-16 02:42:47 is "apk update && apk add foo" the same as "apk add -U foo" ? 2017-01-16 02:42:50 exactly the same? 2017-01-16 03:23:01 After update/upgrade, I have boot hang, last message "Syncing kernel modules/headers ... [ ok ]" 2017-01-16 03:23:14 ARM server at Scaleway 2017-01-16 03:25:03 Any debug flags I can give to openrc? Anything else I should check? 2017-01-16 03:31:30 Huh, is this bug 6687? Any way to work around it? 2017-01-16 03:35:48 Huh, well thank God this was eval phase. Guess I know whether Alpine would be a good idea... 2017-01-16 05:10:53 does the alpine package manager have C library bindings? 2017-01-16 05:45:42 Xe: yes but they are not really documented 2017-01-16 05:46:19 for practical use (installing packages, etc) would it be better to wrap the commands? 2017-01-16 05:47:15 i would say so 2017-01-16 05:49:52 okay 2017-01-16 05:50:58 quite a bit of the libapk API assumes that the caller is apk(1) 2017-01-16 05:51:11 it mainly exists to support the lua binding 2017-01-16 05:51:32 if you wanted to look at making a Go binding or similar, the lua apk binding might be a good starting point 2017-01-16 05:52:42 i've been working on porting my combination of expect, shell scripts, ansible and sadness to lua scripts via a combination of gopher-lua and a bunch of libraries for tasks all of those things commonly do 2017-01-16 05:53:10 there is already the lua binding, that might suit your needs 2017-01-16 05:54:08 yeah, gopher-lua is a lua-compatible written from scratch thingy, not one that is compatible with arbitrary clua .so files sadly 2017-01-16 05:54:54 i'll take a look though 2017-01-16 05:55:01 oh 2017-01-16 05:55:04 then probably not :P 2017-01-16 05:55:21 the code between the two for lua state manipulation pretty much just follows the go-isms for the C API 2017-01-16 09:55:10 has donating / financing moved anywhere since the last talks? or rather waiting for possible future considerations? 2017-01-16 09:59:21 what init script runs the udhcpc on boot? (I am unable to edit the script, tried the one in init.d, it has no effect - udhcpc still starts on boot) 2017-01-16 10:01:33 asefasdlkfjase: maybe in your /etc/network/interfaces ? 2017-01-16 10:02:21 thanks Lord 2017-01-16 10:03:53 what was the argument to hide all the messages (init ones) on boot? it was something with 'fbcon=...' or something like that 2017-01-16 10:07:37 you could achieve that by editing inittab, at least, I think it was something like adding -q to init level commands 2017-01-16 10:07:45 won't make it totally silent tho 2017-01-16 10:09:34 I want it completely black 2017-01-16 10:18:00 Hey there :) 2017-01-16 10:18:20 hi ZadYree 2017-01-16 10:38:54 morning. happy monday! 2017-01-16 10:51:33 Mission completed: All my systems (desktop, laptop, VPS) now run Alpine Linux!! 2017-01-16 10:54:10 I've still got a kimsufi box to convert, but it needs bootstrapping 2017-01-16 11:05:48 <^7heo> Ganwell: great :) 2017-01-16 11:07:07 <^7heo> ScrumpyJack: you could use the https://github.com/jirutka/alpine-chroot-install script from jirutka :) 2017-01-16 11:33:00 ^7heo: thanks for the pointer 2017-01-16 11:38:23 <^7heo> I hope it doesn't turn out to be a NULL pointer. 2017-01-16 13:15:27 Hello! 2017-01-16 13:15:50 Question: how do I map the caps lock key as an additional escape key? :V 2017-01-16 13:17:25 <^7heo> I would try setxkbmap. 2017-01-16 13:18:40 <^7heo> or xmodmap maybe 2017-01-16 13:19:18 that's for X, isn't it? 2017-01-16 13:19:21 <^7heo> nah setxkbmap 2017-01-16 13:19:22 <^7heo> yes. 2017-01-16 13:19:24 <^7heo> setxkbmap -option caps:swapescape 2017-01-16 13:19:41 what if I am in terminal mode? 2017-01-16 13:20:13 my usual approaches for that seem to not work on alpine at all :L 2017-01-16 13:20:41 <^7heo> I actually do not know without X. 2017-01-16 13:21:22 <^7heo> According to this: http://superuser.com/questions/566871/ 2017-01-16 13:21:30 <^7heo> you can create a custom keymap 2017-01-16 13:22:30 <^7heo> but I can't find the keymaps in Alpine. 2017-01-16 13:22:34 <^7heo> if there's any, 2017-01-16 13:22:51 <^7heo> I wouldn't think there is one. 2017-01-16 13:24:00 Yeah, I that's the first thing I tried 2017-01-16 13:24:09 post-install, there actually is ONE 2017-01-16 13:24:25 but it's in some weird binary format and God knows how to edit THAT 2017-01-16 13:24:25 <^7heo> busybox seems to have loadkmap 2017-01-16 13:24:26 :/ 2017-01-16 13:24:44 <^7heo> usually those weird binary formats are compiled from text files :P 2017-01-16 13:24:56 indeed 2017-01-16 13:25:28 although, the dumpkmap/loadkmap pair in Alpine seem to expect that binary format 2017-01-16 13:25:34 as far as I have tried 2017-01-16 13:25:55 now, how to make that, I do not know 2017-01-16 13:25:56 <^7heo> yep 2017-01-16 13:26:22 (basically the main reason why I came to ask on IRC; I'm out of stuff to try I'd know about) 2017-01-16 13:26:42 web searches seem to come up empty 2017-01-16 13:26:58 that said, I am quite surprised it's not in the wiki/faq 2017-01-16 13:27:56 <^7heo> librin: https://github.com/jiangmiao/dvp/blob/master/dvp.map 2017-01-16 13:28:12 <^7heo> apparently that is what folks on archlinux use to generate a keymap 2017-01-16 13:28:34 <^7heo> but they have an additional software `loadkeys` 2017-01-16 13:28:43 yes, indeed 2017-01-16 13:29:01 <^7heo> also I found that http://mstempin.free.fr/index.php?2005/08/08/14-generating-busybox-binary-keymaps 2017-01-16 13:29:06 and well, yeah, looks almost like the kind of file I had to edit on gentoo 2017-01-16 13:29:22 oh now THIS link seems promising 2017-01-16 13:29:47 I can probably dump my keymap from my gentoo box with this 2017-01-16 13:29:48 thanks! 2017-01-16 13:30:32 <^7heo> however that dude did the opposite of what you need: 2017-01-16 13:30:41 <^7heo> "I decided to write a patch to the kbd package to add a -b option that provides a binary keymap dump capability to loadkeys." 2017-01-16 13:31:21 ...which I could use to dump the keymap from my gentoo box and use it on my alpine laptop 2017-01-16 13:31:30 <^7heo> ah 2017-01-16 13:31:36 but derp, too bad the link to the tool is four-oh-four'd 2017-01-16 13:31:36 <^7heo> yeah if you see it that way, yes. 2017-01-16 13:31:37 :V 2017-01-16 13:31:41 <^7heo> yeeepp. 2017-01-16 13:32:23 <^7heo> Also our dear ncopa wrote that: http://lists.busybox.net/pipermail/busybox/2010-August/073082.html 2017-01-16 13:32:41 <^7heo> probably in an effort to do exactly what you are doing, in the same place, just 7 years ago :D 2017-01-16 13:40:53 well, that patch is no longer used in kbd package there, it seems 2017-01-16 13:41:04 guess I'll have to write a tool myself 2017-01-16 13:49:17 <^7heo> librin: it might pay off to go to busybox and check what they say 2017-01-16 13:49:26 <^7heo> I mean #busybox. 2017-01-16 14:34:11 Hi, the rpi download page says "Does not include grsec patchset", "And much more..." 2017-01-16 14:34:14 what does this mean? 2017-01-16 14:34:21 that it doesn't include a lot of things? 2017-01-16 14:40:16 'and much more...' is the general statement, it's meant to mean 'it includes much more' 2017-01-16 14:40:38 it's a rather unfortuante wording 2017-01-16 15:12:48 some up to discuss technology in general? 2017-01-16 15:15:17 technology is quite broad topic 2017-01-16 17:25:46 ^7heo: I found a solution ;] 2017-01-16 17:46:42 <^7heo> librin: ? 2017-01-16 17:47:34 ^7heo: I mean, I figured out the keyboard layout stuff 2017-01-16 17:47:40 or in other words 2017-01-16 17:47:43 "nevermind..." 2017-01-16 17:48:20 <^7heo> librin: '?' meant "could you please elaborate how you did it?" 2017-01-16 17:48:21 <^7heo> :D 2017-01-16 17:49:51 "I was stupid and didn't notice that gentoo DOES have that patch enabled, still. Once I noticed it, I just dumped the keymap, gziped it and tossed it under /etc/keymaps/, replacing the file that was there" 2017-01-16 17:52:11 <^7heo> yeah I expected Gentoo to have it tbh 2017-01-16 17:52:21 <^7heo> oh ok. 2017-01-16 17:52:26 <^7heo> Well, good for you then ;) 2017-01-16 18:02:57 now I wonder how to make HSDPA work 2017-01-16 18:03:06 the guide in the wiki fail literally on step 2 2017-01-16 18:03:07 xD 2017-01-16 18:06:51 <^7heo> like many docs 2017-01-16 18:07:10 <^7heo> it's really hard to maintain doc on par with code 2017-01-16 18:11:46 well, the failure seems more of a bug 2017-01-16 18:12:05 modprobe fails to find a module that, as find command clearly shows 2017-01-16 18:12:11 is damn friggin' there 2017-01-16 20:49:22 Hi, I have setup my CI pipeline today with docker and alpine based images, everything went great but since 2 hours now the apk add --update command is very very slow like 10 times. Any ideas? I'm in France and apparently it isn't a network problem, I get ~50MB/s on package downloads 2017-01-16 20:52:20 (i'd recommend --no-cache instead of --update for docker images as it reduces the total image size) 2017-01-16 20:52:42 what part of the command is slow, the index fetching itself? 2017-01-16 20:54:23 okay I'll try thanks; this is the install part 2017-01-16 20:54:32 the index is fetching quite fast 2017-01-16 20:56:30 that's odd 2017-01-16 20:57:04 currently running another pipeline with --no-cache 2017-01-16 20:59:24 openssl libffi-dev openssl-dev are instant. But perl, man, taking his time 2017-01-16 21:01:58 python too 2017-01-16 21:02:14 this is not reducing anything.. 2017-01-16 21:11:15 before anything, could someone let me know if this is fixed? https://www.youtube.com/watch?v=-DDe7Y4CM4I 2017-01-16 21:13:12 i'm not sure what this is meant to prove 2017-01-16 21:13:20 'segmentation fault by unprivileged user' 2017-01-16 21:13:26 segfaults don't cross privilege boundaries... 2017-01-16 21:13:38 it's just a local process crash 2017-01-16 21:13:57 alright 2017-01-16 21:14:14 there's no vulnerability here, at least not one that the video shows 2017-01-16 21:14:15 ok, so if I wanted to use this distro, would i have any problem installing nvidia? 2017-01-16 21:14:21 *nvidia prop. drivers 2017-01-16 21:14:52 uuh i think someone in #musl managed to but generally not really doable without a lot of pain iirc 2017-01-16 21:15:00 since the nvidia userspace is linked against glibc 2017-01-16 21:15:06 oh 2017-01-16 21:15:16 i was hoping nouveau would work 2017-01-16 21:15:27 Words never before spoken. 2017-01-16 21:15:34 well nouveau works for a lot of cards in my experience 2017-01-16 21:15:42 and nouveau works fine on alpine 2017-01-16 21:15:44 the free drivers should work fine with musl if they support your card 2017-01-16 21:15:55 it's the hellish proprietary ones that won't work 2017-01-16 21:16:47 good, because if i wanted to use nvidia, the prop. drivers and GRsec dont mix 2017-01-16 21:16:51 something with PaX 2017-01-16 21:17:07 not surprised they do stuff that pax won't like 2017-01-16 21:17:26 (although, *if* the proprietary drivers worked on alpine, moving to the linux-vanilla kernel would solve that) 2017-01-16 21:17:39 but that has a whole host of other security implications 2017-01-16 21:50:54 i'm trying to setup audio for the desktop or video player. i followed https://wiki.alpinelinux.org/wiki/Alpine_Linux:FAQ#Audio and i can indeed play and hear an mp3 file. however: 1. it's only as root 2. the xfce4-menu->accessories->sound-mixer shows an gstreamer error. 3. i built mpv but it claims it has permission denied to /dev/dsp, but if i run it as root it shows another error. 2017-01-16 21:51:04 is there some guide on how to setup desktop audio properly? 2017-01-16 21:52:13 (this is in virtualbox but i guess that if i could play and hear sound following the guide then the vbox hw should suffice) 2017-01-16 21:54:20 (also, preferably also which -dev libs i'd need in order to compile apps with some audio support) 2017-01-16 21:55:48 and i'm quite a noob when it comes to linux audio 2017-01-16 21:58:49 i'm guessing i'd need to setup pulse and/or alsa as backend, but couldn't manage it. pulse seems only in testing, and alsaconf couldn't find any sound cards, including when ran as root 2017-01-16 22:15:19 avih: did you add your own user to the audio group? 2017-01-16 22:15:41 Shiz: i have not. i just followed the guide, literally 2017-01-16 22:15:51 then you should probably do that :p 2017-01-16 22:16:25 Shiz: which backend would that end up using? should there be other packages i'd need to install? is there some guide someplace for it? 2017-01-16 22:16:46 it just allows your user access to the sound devices 2017-01-16 22:16:52 what backend you use is up to your player application 2017-01-16 22:17:06 (/dev/snd/...) 2017-01-16 22:17:28 do i need to first add an "audio" group? 2017-01-16 22:17:38 the audio group should already be present on your system 2017-01-16 22:17:45 how do i check it? 2017-01-16 22:17:54 grep audio /etc/group 2017-01-16 22:18:50 right, i have an "audio" group 2017-01-16 22:19:05 add your user to it and re-login 2017-01-16 22:21:39 Shiz: just edit it? 2017-01-16 22:21:45 (i understand its format) 2017-01-16 22:22:03 (tried "usermod" but apparently it's not available by default) 2017-01-16 22:22:43 # groupadd yourusername audio 2017-01-16 22:22:50 pk, it now plays without root 2017-01-16 22:23:03 ok* (i edited /etc/groups manually) 2017-01-16 22:23:09 group* 2017-01-16 22:23:26 now i'll try at the desktop 2017-01-16 22:27:18 Shiz: thx, everything seems working now :D (including mpv with audio). might be worth adding the group thingy to the faq. 2017-01-16 22:27:34 that faq page seems really old, may be worth updating 2017-01-16 22:27:38 (it mentions alpine 2.2) 2017-01-16 22:28:17 i probably won't create an account just for that, but if someone could update the faq that a "groupadd audio" might be required, i think it could help others 2017-01-16 22:28:33 thanks algitbot 2017-01-16 22:29:31 :) 2017-01-16 22:29:44 i'm not sure it can appreciate your thanks 2017-01-17 01:11:27 there's any how-to install alpine on hdd with full disk encrypt? i'am newbie and feel a bit confuse on wiki. 2017-01-17 01:37:18 what is the policy as far as updates on packages is concerned? I want to understand how the included python versions change, for example if alpine 3.5 includes python3 with the specific version 3.5.2-* right now ... is there any guarantee that until the major and minor versions won't change until the lifetime of alpine 3.5.2 ... please point me to some documentation in case there is any. Thanks. 2017-01-17 02:03:01 aw1: i believe that's the premise, yes. once a release is branched, AFAIK it gets only security fixes but otherwise keeps the version. as for docs, the top blurb here https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases but it doesn't state this explicitly. maybe someone could point to more explicit info on this 2017-01-17 02:03:59 avih, many thanks. Checking out the link you pointed me to 2017-01-17 02:04:31 oh i have seen that page before. 2017-01-17 02:05:29 you can see the "updates" column. 3.5 still gets bug fixes, but it seems 3.4 only gets sec fixes 2017-01-17 02:06:30 senior guys at work insist on compiling python from source in our docker images and put forth the argument that what is alpine starts to ship with a different version of python after some time ... hence this query 2017-01-17 02:08:42 this probably shouldn't be an issue. the recipes for building packages (and their deps) are here, e.g. http://git.alpinelinux.org/cgit/aports/tree/main/python3 and you can use this or a modified recipe to rebuild it yourself 2017-01-17 02:09:50 though again, in stable releases packages versions shouldn't change 2017-01-17 02:10:45 avih, yes that is true but i guess they seek protection in case of simpler dockerfiles that have a directive like "FROM alpine:3.5.2" .. they say may be today you get python3.5.2 with apk but it may happen that you get python3.6 2017-01-17 02:11:11 later 2017-01-17 02:11:38 or is that upto the package maintainer? 2017-01-17 02:12:24 you should probably ask this again in ~10 hours to get response from more knowledgeable people :) 2017-01-17 02:13:08 thanks avih :) 2017-01-17 02:13:15 :) 2017-01-17 02:13:54 btw is alpine based on archlinux ... the git link u pointed me to has a APKBUILD file http://git.alpinelinux.org/cgit/aports/tree/main/python3/APKBUILD which is very similar to PKGBUILD on archlinux 2017-01-17 02:14:22 i guess it is not based on but may be using something similar to what archlinux uses 2017-01-17 02:17:07 building/packaging/updating is using apk tools which afaik is not used elsewhere. not familiar with its origin though. 2017-01-17 08:47:32 tilda 2017-01-17 10:47:09 03:13 btw is alpine based on archlinux ... the git link u pointed me to has a APKBUILD file http://git.alpinelinux.org/cgit/aports/tree/main/python3/APKBUILD which is very similar to PKGBUILD on archlinux 2017-01-17 10:47:10 WHAT 2017-01-17 11:09:32 skrzyp, apologies if that does not make any sense. Just that that the APKBUILD file had a similar format to archlinux's PKGBUILD files 2017-01-17 11:10:32 and that's the only thing in common with Arch ;v 2017-01-17 11:10:55 so arch wiki provides a false information anyway 2017-01-17 11:11:21 which info? 2017-01-17 11:13:09 aw1: https://wiki.archlinux.org/index.php/Arch-based_distributions#Others 2017-01-17 11:13:37 scadu, i see. 2017-01-17 11:27:07 yeah alpine is def not arch based 2017-01-17 11:27:16 although apkbuild is loosely inspired by pkgbuild 2017-01-17 11:28:09 <^7heo> moin Shiz 2017-01-17 11:28:15 <^7heo> yeah I mean 2017-01-17 11:28:20 <^7heo> 'inspired' 2017-01-17 11:28:25 <^7heo> it's a binary yeah... 2017-01-17 11:28:30 <^7heo> it does manage packages... yeah. 2017-01-17 11:28:49 <^7heo> one could say that it's apt inspired the same way. 2017-01-17 11:29:29 <^7heo> scadu: and the arch wiki provides a LOT of information, of which a given proportion is false. 2017-01-17 11:29:50 <^7heo> I generally do not trust it. 2017-01-17 11:30:03 ^7heo: didn't notice. any examples? 2017-01-17 11:30:24 ^7heo: i specifically said apkbuild and pkgbuild 2017-01-17 11:30:26 not apk and pacman 2017-01-17 11:30:49 <^7heo> Shiz: right, sorry. 2017-01-17 11:31:06 <^7heo> scadu: I do not read it actively, so I couldn't provide such a thing; I'd have to search for it. 2017-01-17 11:31:15 <^7heo> scadu: I only have past experience with it. 2017-01-17 11:31:21 <^7heo> scadu: and major disappointments. 2017-01-17 11:32:44 ^7heo: I don't talk about the past. Alpine is on Arch-based distro list *now* which isn't true obviously 2017-01-17 11:33:04 <^7heo> I generally do not trust it. <- it's probably more dependable than alpine's ;) 2017-01-17 11:33:09 Hi, can I install alpine on my rpi without heaving a hdmi cable? 2017-01-17 11:33:26 since it boots without ssh it seems 2017-01-17 11:33:39 <^7heo> avih: that is very true; but alpine one does not pretend to be ;P 2017-01-17 11:33:52 <^7heo> s/ one/'s/ 2017-01-17 11:34:10 <^7heo> avih: and we're working on it. 2017-01-17 11:34:21 <^7heo> onodera: yes you can. 2017-01-17 11:34:21 dunno, the guides at the wiki are not presented as "this is probably outdates, in a nutshell - you're on your own" ;) 2017-01-17 11:34:28 outdated* 2017-01-17 11:34:37 <^7heo> avih: no they are not. 2017-01-17 11:34:48 <^7heo> avih: which is much more harmful when they are incorrect. 2017-01-17 11:35:08 <^7heo> avih: they are presented as "this is the truth, the real and only. You can type without thinking." 2017-01-17 11:35:19 XD 2017-01-17 11:35:34 yup. i like alpine very much, but i've learned over time that its wiki is not its strongest point. it's not useless, but it has much outdated and inaccurate stuff 2017-01-17 11:35:44 <^7heo> it's useless to me... 2017-01-17 11:35:51 <^7heo> can't use it with cat. 2017-01-17 11:35:57 <^7heo> or less 2017-01-17 11:36:13 <^7heo> but then again 2017-01-17 11:36:20 <^7heo> for what I have checked from the arch wiki 2017-01-17 11:36:40 <^7heo> neither could I have used it with either cat or less 2017-01-17 11:36:53 <^7heo> it's just that I don't have the same expectations from the arch wiki 2017-01-17 11:37:01 not sure i get the coment about cat and less 2017-01-17 11:37:05 comments* 2017-01-17 11:37:07 <^7heo> man cat 2017-01-17 11:37:08 <^7heo> man less 2017-01-17 11:37:20 i know what they are. i just don't get the comments 2017-01-17 11:37:36 <^7heo> okay, since you know what they are; think about what they are used for. 2017-01-17 11:37:43 <^7heo> And why I would want to read doc with them 2017-01-17 11:37:48 <^7heo> and why it's not currently possible :) 2017-01-17 11:38:01 yeah, I don't get it 2017-01-17 11:38:03 you mean you can't use the wiki with cat or less? 2017-01-17 11:39:01 <^7heo> avih: yes. 2017-01-17 11:39:30 you can't use gmail with cat either. what's the point? that it's not installed by default as man pages? 2017-01-17 11:39:36 <^7heo> wrong. 2017-01-17 11:39:40 <^7heo> there's mutt for that. 2017-01-17 11:39:43 <^7heo> and many other alternatives. 2017-01-17 11:39:48 ^7heo: how, since alpine boots into diskless mode without having ssh installed 2017-01-17 11:40:18 <^7heo> heck you can even technically represent your IMAP hierarchy as a filesystem 2017-01-17 11:40:27 <^7heo> and browse it with ls, cd, cat, etc. 2017-01-17 11:40:38 <^7heo> onodera: blindly typing stuff 2017-01-17 11:40:42 lol 2017-01-17 11:40:44 <^7heo> what? 2017-01-17 11:40:44 k 2017-01-17 11:40:47 <^7heo> it works... 2017-01-17 11:40:51 ill try 2017-01-17 11:40:56 <^7heo> get a VM at the same time 2017-01-17 11:40:59 <^7heo> do in the vm 2017-01-17 11:41:13 <^7heo> type it on the other system right after. 2017-01-17 11:41:22 <^7heo> think about using ^U for removing a whole line 2017-01-17 11:41:26 <^7heo> ^W for a word 2017-01-17 11:41:39 <^7heo> ^C for interrupting the current line if you're not sure 2017-01-17 11:41:40 <^7heo> etc etc. 2017-01-17 11:41:44 <^7heo> also 2017-01-17 11:41:54 <^7heo> it would be useful to duplicate your keyboard output 2017-01-17 11:41:57 <^7heo> if you can 2017-01-17 11:42:08 <^7heo> so you can "monitor" what happens on your rpi via a VM. 2017-01-17 11:42:14 <^7heo> of course it's easier to get an HDMI cable :D 2017-01-17 11:42:32 <^7heo> but I mean, if the challenge is "without an HDMI cable", that will help. 2017-01-17 11:43:37 ^7heo: sorry, i still don't get your comment about the wiki/cat/less. would you mind spelling it out for me? :) 2017-01-17 11:44:10 thanks a lot ^7heo 2017-01-17 11:44:40 <^7heo> avih: if the wiki was stored as flat files instead of a blob database that only makes sense when interpreted by a PHP application running remotely on a server... 2017-01-17 11:44:53 <^7heo> avih: we could read the information with anything. 2017-01-17 11:44:55 gotcha. so like as a man page 2017-01-17 11:44:59 <^7heo> not really 2017-01-17 11:45:04 plaintext? 2017-01-17 11:45:04 <^7heo> like a repo containing man pages. 2017-01-17 11:45:14 <^7heo> but yeah that's the idea, roughly. 2017-01-17 11:45:23 <^7heo> asciidoc would be better also. 2017-01-17 11:49:10 well.. it's probably not hard exporting the mardown files as a dir structure 2017-01-17 11:51:53 and markdown should be reasonably readable with cat/less 2017-01-17 11:56:37 <^7heo> avih: what markdown files? 2017-01-17 11:56:55 <^7heo> avih: it's a (I'd guess my)SQL database behind a mediawiki... 2017-01-17 11:56:59 <^7heo> avih: it's all but accessible. 2017-01-17 11:57:36 i'm not familiar with mediawiki, but on most wikies you compose the pages with some variant of markdown. i'm guessing that's what's stored at the db too 2017-01-17 11:58:08 (i'm pretty sure the DB doesn't store pages as html, for instance) 2017-01-17 11:58:51 <^7heo> avih: http://ix.io/1QiG 2017-01-17 11:58:58 <^7heo> avih: that's the best I've had so far. 2017-01-17 11:59:30 what about running a local copy and use links/lynx? 2017-01-17 11:59:40 <^7heo> $ curl http://ix.io/1QiG > alwiki; chmod a+x alwiki; ./alwiki Hosting services on Alpine 2017-01-17 11:59:43 <^7heo> for example. 2017-01-17 12:00:01 <^7heo> avih: what about running a local copy in a docker image in KVM on Xen in virtualbox 2017-01-17 12:00:04 <^7heo> ? 2017-01-17 12:00:09 <^7heo> wait I think I can make it more complicated 2017-01-17 12:00:29 <^7heo> we could use apache behind nginx behind lighttpd behind haproxy 2017-01-17 12:00:41 <^7heo> and I could write a flask application to serve that traffic 2017-01-17 12:00:59 <^7heo> which could be called in ruby in java 2017-01-17 12:01:15 <^7heo> all that on a windows host running hyperv. 2017-01-17 12:01:31 are you 16? 2017-01-17 12:01:41 <^7heo> not even in hex. 2017-01-17 12:02:21 <^7heo> Are you 12? 2017-01-17 12:04:59 i'm pretty sure mediawiki has an export function to a local static website 2017-01-17 12:05:10 or at least i'd be surprised if it didn't 2017-01-17 12:05:17 <^7heo> well, I'd be happy if it has. 2017-01-17 12:07:34 https://www.mediawiki.org/wiki/Publishing_from_MediaWiki 2017-01-17 12:09:32 <^7heo> hmm. thanks! :) 2017-01-17 12:14:28 <^7heo> avih: actually, same as the API I use in the code I pasted... if you had read it you'd have seen. 2017-01-17 12:14:38 <^7heo> avih: so it does NOT expert to a local static website. 2017-01-17 12:14:45 <^7heo> I guess I could have saved some time here... 2017-01-17 12:15:57 it seems there are not enough resources to even maintain the wiki and keeping it up to date. you seem capable, create a tool to create a static version of it and add it to the wiki itself :) 2017-01-17 12:16:57 <^7heo> yeah it's what I have pasted above. 2017-01-17 12:17:09 <^7heo> I have however not enough time to have done that in the past. 2017-01-17 12:17:15 <^7heo> it will be done at some point. 2017-01-17 12:17:18 is it at the wiki yet? (tm) 2017-01-17 12:17:19 <^7heo> long story short, our docs suck. 2017-01-17 12:18:58 <^7heo> avih: and I do not want to spend time on something I will not use, so why should I put it in the wiki when you didn't even check what I pasted especially for you? 2017-01-17 12:19:07 <^7heo> it's on my hard drive, where I can read it. With less. 2017-01-17 12:19:27 it's not for me. it's for the next you which complains that the wiki cannot be used with cat and less 2017-01-17 12:19:53 <^7heo> I wouldn't complain so much if you didn't ask so many questions and tried to solve my problem better than I :) 2017-01-17 12:20:04 <^7heo> s/complain/"&"/ 2017-01-17 12:20:32 i refuse to be accused 2017-01-17 12:23:48 ;_; 2017-01-17 12:24:05 <^7heo> famous last words (if you're black in the US) 2017-01-17 15:10:59 after crosscompiling and wifi regdomain the strugle with alpine on rpi3-armhf continues: hardware uart does not work. I suspect that a module or firmware is missing, because in raspbian hw-uart does work. 2017-01-17 15:11:24 inb4 you need to disable bluetooth and put dtoverlay in config.txt: i did that 2017-01-17 17:08:17 hi! how to deal with setup-alpine - partition setup - if i want user another script to manage lvm+luks encrypt? 2017-01-17 17:08:25 should stop setup-alpine? 2017-01-17 17:10:29 i'am searching about this but found anything 2017-01-17 17:11:37 what do you want to do? Install alpine on lvm? 2017-01-17 17:13:31 kahiru_: thanks for answer. https://it-offshore.co.uk/linux/21-linux/alpine-linux-luks-encrypted-instkkations 2017-01-17 17:14:00 lvm+luks using unofficial script 2017-01-17 17:14:32 https://it-offshore.co.uk/linux/21-linux/alpine-linux-luks-encrypted-installations 2017-01-17 17:15:35 i make a search on forum/google/wiki. just found this website on wiki. 2017-01-17 17:16:36 never used it, but apparently you shouldn't use setup-alpine with this 2017-01-17 17:18:24 kahiru_: agree. thanks for the answer. but you know any way to encrypt with setup-alpine? 2017-01-17 17:19:54 afaik it can't be done directly through setup-alpine, you have to setup the encrypted partitions and lvm yourself and run setup-disk, see the wiki https://wiki.alpinelinux.org/wiki/LVM_on_LUKS 2017-01-17 17:21:08 it's a bit of a tricky thing to do as you can both have LVM on LUKS and LUKS on LVM and any combination of those 2017-01-17 17:22:05 Hi. I wonder how to find out (on the command line) whether there are security updates pending for an Alpine installation, in my case Docker containers. 2017-01-17 17:22:10 I basically wrote my own setup script because of that; but once you've done those manually you can continue by following the "install in chroot" document in the Alpine wiki 2017-01-17 17:22:23 Something equivalent to Ubuntu's "/usr/lib/update-notifier/apt-check" 2017-01-17 17:23:39 kahiru_: setup encrypted partitions and lvm, run setup-disk then setup-alpine? 2017-01-17 17:23:56 humbalumba: I think you can do apk update and then apk --simulate upgrade 2017-01-17 17:24:27 humbalumba: can't say that's exactly how to do it, I just fully upgraded mine so I can't test that command 2017-01-17 17:24:52 TTB thx I will look into that. But it sounds like it won't distinguish security from non-security updates - correct? 2017-01-17 17:25:24 (Does Alpine actually distinguish between those two types up updates at all?) 2017-01-17 17:25:26 yeh, that just shows you what would be upgraded 2017-01-17 17:27:05 I'm not aware of such a distinction between packages, but... you could consider stable vs edge something like that. Don't take my word for it tho, I'm not associated with the project 2017-01-17 17:27:23 kahiru_: you're talking about alpine kvm setup right 2017-01-17 17:27:25 probably requires an answer from one of the devs 2017-01-17 17:27:29 i will try 2017-01-17 17:28:42 TBB: alpine kvm setup guide it's the right way to do it? 2017-01-17 17:31:48 humbalumba, currently no, security vs. regular updates are not differentiated. we are thinking on improving apk also in this regard on up coming releases. 2017-01-17 17:39:02 fabled, thx. I have to say I find it odd that a "security-oriented" distro doesn't provide straightforward means to determine whether or not security patches are missing. Just saying ... 2017-01-17 17:40:29 humbalumba, in real life, any bug can be security issue. but yes, we are paying more attention to the "perception" given to user too. "security-oriented" is more about the building blocks like grsec kernel, and musl. 2017-01-17 17:40:49 and gcc being hardware for more secure build options. etc. 2017-01-17 17:40:53 hardwired* 2017-01-17 17:41:33 and Alpine seems to be doing a pretty good job catching CVE's and issuing updates that fix them 2017-01-17 17:41:52 doesn't take very long to receive such updates 2017-01-17 17:47:30 Hi everyone, having a bit of trouble connecting to LDAP server from Alpine (also :edge). Log -> http://pasteguru.com/133770 . Obviously I'm missing libs out of the box to do so, but I can't seem to diagnose which ones aren't allowing the negotiation. 2017-01-17 18:01:22 Thx fabled and TBB. Is there a notification service (Mail, RSS, ATOM, ...) that alerts subscribers about CVEs fixed in Alpine? I've seen Redmine, but it's feed would be TMI for our purposes. 2017-01-17 18:01:44 s/it's/its/ 2017-01-17 18:04:53 humbalumba, ncopa was working on secdb feed 2017-01-17 18:41:50 assuming that seclog is for a stable release, wouldn't all updates to that release be 1. by definition sec fixes only and 2. relatively low volume? e.g. the atom feed for the 3.5 release is this http://git.alpinelinux.org/cgit/aports/atom/?h=3.5-stable 2017-01-17 18:42:53 is the alpine linux version for raspberry pi specific to a particular version of RPI? 2017-01-17 18:44:22 i have all three versions of the RPI and the compute module 2017-01-17 18:48:57 since a recent kernel upgrade on my laptop the fb console does not work 2017-01-17 18:49:29 (when bootlog used to change to different resolution console it just stays black..) 2017-01-17 18:50:21 (i login then startx manually, i can fortunately do that blindly without seeing the prompt) 2017-01-17 18:51:24 (i havent yet looked at how to fix, presumably there is a workaround to disable the fb console thing in the bootmenu but others might run into this) 2017-01-17 18:51:32 avih thx I'll look into that. Is the update policy for stable releases documented somewhere? 2017-01-17 18:53:36 humbalumba: not explicitly that i know of, and i don't know if there's an explicit statement someplace, but in general stable releases get mostly security fixes (and possibly bug fixes if it's a new release). there could be others, but this would be some info https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases 2017-01-17 18:55:13 also see the "updates" column 2017-01-17 19:03:26 how does alpine linux rate in relation to linuxmint and debian? 2017-01-17 19:03:45 rate is probably not the correct word to use 2017-01-17 19:04:16 <_ikke_> compared to what? 2017-01-17 19:04:22 ydobon8649: 1 vs. 0 vs. 0 2017-01-17 19:04:57 depends on what you mean by rate. mint invests heavily in desktops, debian is debian... Alpine is a more security oriented distro that fits into rather small space 2017-01-17 19:05:03 ease of installation would be one 2017-01-17 19:05:06 hiro, LOL 2017-01-17 19:05:45 ease of update would be another 2017-01-17 19:05:50 mint is a terrorist act of the fossil fuel countries to force you to waste more power 2017-01-17 19:06:01 does alpine linux get in the way? 2017-01-17 19:06:38 debian is a terrorist act of the poor countries that is trying to steal as much time from overproducing countries' workers as possible 2017-01-17 19:06:46 well, that's a more difficult one. Alpine's install is a bit like simplified Gentoo - more freeform than that of Mint/Debian but has some specialties that neither of the two offers 2017-01-17 19:07:05 (special install modes, that is) 2017-01-17 19:07:11 ydobon8649: there are no easy updates 2017-01-17 19:07:15 ydobon8649: that's just marketing 2017-01-17 19:07:24 ydobon8649: updates are always infuriating 2017-01-17 19:07:41 ydobon8649: and by definition they are always worse than the last update, and everything breaks 2017-01-17 19:08:15 alpine doesn't get as much in the way as all the crappy open source software in the repos and the linux kernel is broken since forever, too, as usual. 2017-01-17 19:09:14 but if you compare how braindamaged GNU software or linux in general is to how braindamaged debian is you have to admit that debian barely matters. most debian stuff happens on the bureaucratic layer and has no relevance to anyone. 2017-01-17 19:09:23 so it doesn't even matter whether you use it or not 2017-01-17 19:09:29 technically, i mean. 2017-01-17 19:09:36 updates... hmm. updating the stable branch is rather safe; but if you want to stay on the edge then you'll always take some chances by upgrading; but so much happens in the edge that you pretty much want to install at least something from there 2017-01-17 19:09:54 it depends on the software you have to update 2017-01-17 19:09:59 ahh, the braindead state of linux... that's a topic of which I could talk for hours 2017-01-17 19:10:12 normally you run all kinds of horrible bloated shit, so everything always breaks 2017-01-17 19:10:38 I would basically redesign the entire userland, but let's not get into that debate :) 2017-01-17 19:11:01 hiro, you sound like me on a bad day :D 2017-01-17 19:11:19 i had a great day. 2017-01-17 19:11:35 I am not entirely sure I want to see you on a bad day :D 2017-01-17 19:11:42 TBB: I'm kinda curious what your redesigned userland would look like 2017-01-17 19:13:25 but i feel like ydobon8649 is at the beginning of an adventure. a perfect opportunity to prevent life-long linux despair 2017-01-17 19:13:25 i can actually deal with it, but my psychological background is atypical 2017-01-17 19:13:25 kahiru_: try 9front.org 2017-01-17 19:13:25 kahiru_: the userland on there is quite excellent for what it is. 2017-01-17 19:13:29 kahiru_: it's a big, big task all in all and by no means can I claim I have the entire picture clear in my mind. one of my pet peeves is as simple as forcing userland tools to produce both human and machine readable output, as scripting by parsing human-readable output is, frankly, stupid and counterproductive 2017-01-17 19:13:57 TBB: makes sense 2017-01-17 19:14:16 hiro: I've been thinking for some time about giving it a try but never actually got to it 2017-01-17 19:16:02 that would also mean something like improved shells, but a typical counterargument to that is, you can already use Python if your scripts get more advanced. It's not the same thing but it's close enough. ... I also honestly think that Plan 9 got the Unix philosophy much better than Linux ever did, and there are some things I'd borrow from there as well 2017-01-17 19:16:23 but after that my vision is admittedly hazy :) 2017-01-17 19:16:54 still your hazy vision sounds better than what we have now 2017-01-17 19:19:27 I've mainly been doing packaging lately, and that area could use some fresh thinking too. and possibly the whole way things are compiled etc could use an overhaul, but that area is definitely not my expertise, it just seems overly complicated because of legacy and compatibility reasons 2017-01-17 19:19:57 and at this point, the whole thing gets too big for a single person to imagine :D 2017-01-17 19:20:08 fresh thinking nix/guix way or something completely different? 2017-01-17 19:22:24 well, admittedly there's lots and lots of stuff to reuse that would help a lot in reimplementing, but how much of that stuff is limited by compatibility would probably limit what can be reused... there are definitely things that are so good that not reusing them would be madness 2017-01-17 19:23:08 but I imagine fresh thinking would lead into breaking some of the old habits, and that can get difficult :) 2017-01-17 19:23:33 indeed 2017-01-17 19:24:35 20:16 TBB that would also mean something like improved shells 2017-01-17 19:24:42 yes, that's why i mentioned plan9: rc is excellent. 2017-01-17 19:24:53 TBB: python is braindamaged 2017-01-17 19:25:21 I agree :) 2017-01-17 19:25:53 hiro: (please consider I don't know anything about it) what's the selling point of rc? 2017-01-17 19:26:34 kahiru_: it's not bash 2017-01-17 19:26:41 kahiru_: bash sucks 2017-01-17 19:26:44 now I'll have a short break from IRC, but I'll be checking the backlog as I'm sure there will be some interesting stuff waiting for me when I get back 2017-01-17 19:26:49 well, neither is ksh for example 2017-01-17 19:26:57 kahiru_: but it does a lot more than posix shell or bourne shell can do 2017-01-17 19:27:25 TBB: have fun 2017-01-17 19:28:04 rc has nice lists, less weird quoting/eval problems 2017-01-17 19:28:24 and no horrible syntax like all the bash-hacks 2017-01-17 19:28:31 that sounds nice 2017-01-17 19:28:37 it's all very clean and thoughtfully implemented 2017-01-17 19:28:47 like most of plan9 stuff I imagine 2017-01-17 19:29:03 also it's nice that there is no bullshit like terminal functionality sneaked into the rc shell 2017-01-17 19:29:13 there's for example NO HISTORY *outrage* 2017-01-17 19:29:18 cause it's not needed 2017-01-17 19:29:24 history is job of the terminal 2017-01-17 19:29:36 it is really nice because we have a nicer terminal 2017-01-17 19:29:59 all horrible historical design decisions have been reconsidered 2017-01-17 19:30:16 and things got adjusted instead of implementing all the backwards-compatibility layers 2017-01-17 19:30:37 cause once you have to implement all this old weird shit you're better off leaving everything as it was in the first place 2017-01-17 19:30:58 either you break completely and do a fresh build, or you will live with horrible compromises till the end of your life 2017-01-17 19:31:12 you can keep of course the top 10 useful things from the past :) 2017-01-17 19:31:27 provide some compatibility with protocols that are commonly used 2017-01-17 19:31:38 but not all this unix-specific historia 2017-01-17 19:31:41 I'm intrigued right now 2017-01-17 19:32:11 what more goodies are there in the land of plan9? 2017-01-17 19:32:22 and the best part is: there is good documentation and the code is readable 2017-01-17 19:32:55 works in qemu and most old, used cheap thinkpads 2017-01-17 19:33:31 qemu will have to do 2017-01-17 19:35:39 when I'm done with exams and after I get rid of arch from my desktop -.- 2017-01-17 19:38:24 i figured out the mode switch issue: i had my own mkinitfs.conf setting (to add cryptsetup for disk encryption) so apk update did not update my config for the new kernel and (i assume) it was missing some modules 2017-01-17 20:11:00 soo, anyone has any info about installing alpine on zfs? 2017-01-17 20:20:16 kahiru_: add the zfs kernel module to your initramfs, that should be it 2017-01-17 20:20:36 oh, just like that? 2017-01-17 21:48:17 hi! the packages installed during my new fresh install it's going to my new system on hd? 2017-01-17 21:48:36 or they are located on ram 2017-01-17 23:38:33 I can't connect to my up-too-date openssh when SSH compression is enabled (ssh -C $host). Anyone else got that problem, or is it something in my config? 2017-01-18 03:00:59 Entroacceptor: what error message? 2017-01-18 07:04:37 hello 2017-01-18 08:04:23 Xe: none, it just hangs 2017-01-18 13:17:21 <\renaud> hello 2017-01-18 13:17:32 <\renaud> anyone here running alpine on a soekris 4801? 2017-01-18 13:17:59 <\renaud> is there a list of kernel modules needed in the initrd? 2017-01-18 13:41:16 Hi! I got a simple question, if I set 2 partitions in raid1, of one fails, can i still read the other partition without extra software etc ? Will it behave just like any other partition? 2017-01-18 13:41:58 Peasant65: raid1 using what? btrfs? md-raid? something else? 2017-01-18 13:42:35 does that matter? I´m thinking there´s a builtin raid option in windows 8+ now, not sure though 2017-01-18 13:43:23 well, generally raid1 should provide resilience against death of one device 2017-01-18 13:43:32 but better check with the specific implementation 2017-01-18 13:44:36 Peasant65: do you configure raid in your BIOS or OS? 2017-01-18 13:44:39 alright. I was hoping, since it´s a mirror, that the partitions by definition could work independent of each other 2017-01-18 13:45:31 probably OS, I thought there´d be a generic answere to my question :P nvm 2017-01-18 13:56:58 i never understood what does simple/quick/small question mean as an "intro" to the actual question which follows. it's a very common on irc and forums, but it literally means and adds nothing 2017-01-18 13:58:13 when someone is about to reply to a question which was described as "simple", what should he do differently than if it wasn't described as simple? 2017-01-18 13:58:34 (or she, of course) 2017-01-18 14:02:22 avih: just give half the answer? lol 2017-01-18 14:02:30 or give the simple answer 2017-01-18 14:02:52 well.. you always try to give a simple answer where possible 2017-01-18 14:03:11 true i meant the 1000 foot view 2017-01-18 14:03:31 even if it's a complex question. stating that the question is simple/small/quick can only tell about the one which asks it - especially if it's not simple at all 2017-01-18 14:03:38 For me it means I´m not searching for extra advice or a nice chat 2017-01-18 14:05:10 quick is probably more describing than simple 2017-01-18 14:07:31 dunno, personally i'd always start with short reply if there is such 2017-01-18 14:07:53 Some people don´t. 2017-01-18 21:04:15 hi! how to create the most secure partition scheme? any tips? 2017-01-18 21:04:24 i'am thinking abount mount /tmp on ram and create /data 2017-01-18 21:04:38 looks if i umont /data after my system load there's a secure improve 2017-01-18 21:05:10 this config is good? 2017-01-18 21:43:55 aha 2017-01-18 21:48:51 <_errm> so I want to install a package at a particular version, but I just want to take the latest pkgrel 2017-01-18 21:49:21 <_errm> the best I can think of is $ apk add “foo<=2.3.3-r999" 2017-01-18 21:49:55 <_errm> is there anything more elegent I can do to achive the same ... 2017-01-18 22:14:34 <_errm> esp as I would rather fail if there is no version 2.3.3 in my repo, but this will hapily install 2.3.2 ... 2017-01-18 22:33:16 <_errm> the only way I can see to make sure I install the correct version is to do a dance with apk search -a 2017-01-18 23:04:23 does a terminal emulator exists that allows centered text? 2017-01-18 23:05:08 meaning, everything is centered, just as when you center a document or create a textarea in html