2017-04-01 03:09:52 <Oooohboy_> sory connection dropped... I'm having trouble install freeswitch using apk add freeswitch
2017-04-01 03:10:28 <Oooohboy_> I get an ERROR: unstatisfiable constraints using raspberry-pi
2017-04-01 03:11:26 <Oooohboy_> Sorry in a docker container on raspberry pi
2017-04-01 07:06:40 <urda> hey so I'm pretty new to Alpine but, when will something like "python 3.6" go from "Edge" to say 3.5?
2017-04-01 07:09:26 <Shiz> it won't
2017-04-01 07:09:36 <Shiz> 3.5 is a stable release, those typically don't get major updates like that
2017-04-01 07:09:51 <Shiz> it will be in 3.6 though
2017-04-01 07:10:03 <Shiz> if it's in edge right now
2017-04-01 07:20:09 <urda> Oh ok
2017-04-01 07:20:29 <urda> again still pretty new to Alpine! I wasn't aware of how packages and releases are done
2017-04-01 07:20:41 <urda> Thanks for the tid bit Shiz
2017-04-01 07:20:50 <Shiz> no prob
2017-04-01 07:20:57 <Shiz> new releases are typically done by snapshotting edge
2017-04-01 07:21:02 <Shiz> at least, the x.y.0 release
2017-04-01 07:21:10 <Shiz> after that, they are in their own branch for maintenance updates/patches
2017-04-01 07:21:57 <urda> So is https://bugs.alpinelinux.org/projects/alpine/roadmap my best friend for releases or is there a better way to track alpine versions?
2017-04-01 07:22:48 <urda> or maybe https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases
2017-04-01 07:23:16 <Shiz> both work, yeah
2017-04-01 07:23:27 <Shiz> another avenue is the mailing list where release candidates are announced
2017-04-01 07:23:34 <urda> oh good point, ok thanks :)
2017-04-01 07:23:43 <urda> I'll need to wait to do python 3.6 stuff until then
2017-04-01 17:55:55 <luxio> When I do "startx", xfce4 doesn't start. x just prints some loading messages and then it freezes.
2017-04-01 17:56:04 <luxio> Is this a known bug?
2017-04-01 18:05:23 <scv> luxio there are hundreds of potential reasons for that
2017-04-01 18:05:26 <scv> need more info
2017-04-01 18:05:31 <scv> like the contents of those messages perhaps
2017-04-01 18:05:36 <scv> or parts of the Xorg log file
2017-04-01 18:05:53 <kahiru> or if you have some obscure hardware
2017-04-01 18:10:53 <uriah> I'm certain this has been asked >1000 times before, but what aspects of the grsec patch would be used if one were to apply it to the rpi kernel sources (albeit likely with a decent amount of manual fix ups) and what is missing from arm architecture + kernel code compared to the x86_64 specific implementation?
2017-04-01 18:11:42 <uriah> Would be nice if someone had a bookmarked discussion about this that I could read ;-)
2017-04-01 18:26:06 <uriah> I mean, I'm aware that the rpi involves an unaudited blob which almost makes the effort pointless, but wouldn't "better than nothing" be a reasonable concept to consider wrt alpine providing at least an experimental rpi/grsec frankenkernel?
2017-04-01 18:28:23 <uriah> Of course, the system would remain potentially vulnerable due to the proprietary blobs but would still become more robust from attacks by a majority of perpetrators, wouldn't it?
2017-04-01 18:30:38 <uriah> Or, is it more that nobody has been willing to take on the maintenance role for such proposed development given the lack of resources?
2017-04-01 18:32:26 <uriah> I mean, if it's actually wanted, I could give it a bit of time in the relatively near future... but I'm wondering, is it worth it, or wanted/needed?
2017-04-01 18:37:34 <uriah> But would an apkbuild for such a monstrosity even be accepted into the testing repo?
2017-04-01 18:41:51 <uriah> Anyway... I'll try to stick around in the hopes of getting a reply, but I don't currently have an irc bouncer so I may disconnect frequently at some point
2017-04-01 19:06:34 <TBB> uriah, I think grsecurity is on the way out so putting effort to it wouldn't probably be sensible anymore
2017-04-01 19:11:38 <TemptorSent> Your time would probably be better spent analyzing specific grsec/pax features that could be reimplemented in a clean, cross-platform manner.
2017-04-01 19:12:42 <yGweSm1OzVHe> many of the features are hardenings of the kernel, which are platform independent
2017-04-01 19:12:57 <yGweSm1OzVHe> like the sys restrictions
2017-04-01 19:13:09 <yGweSm1OzVHe> also the various gcc-plugins
2017-04-01 19:13:13 <yGweSm1OzVHe> etc
2017-04-01 19:13:22 <TemptorSent> The code in grsec is not designed with multiple archs in mind, and is thus a nightmare to support new systems with.
2017-04-01 19:13:30 <yGweSm1OzVHe> most of this should work on arm too
2017-04-01 19:13:44 <yGweSm1OzVHe> depends on which part you mean
2017-04-01 19:13:51 <yGweSm1OzVHe> there's a lot which is arch independent
2017-04-01 19:13:58 <TemptorSent> yGweSm1OzVHe: Should, but the implementation is not very clean.
2017-04-01 19:14:28 <yGweSm1OzVHe> again depends
2017-04-01 19:14:41 <TemptorSent> yGweSm1OzVHe: It would be better to extract those features to a clean, cross platform implementation.
2017-04-01 19:15:19 <TemptorSent> yGweSm1OzVHe: The problem is that it started as x86 centric, and adding support for arm was a late thought.
2017-04-01 19:15:37 <yGweSm1OzVHe> hrmpf
2017-04-01 19:15:48 <yGweSm1OzVHe> let me repeat: depends on which part you talk about.
2017-04-01 19:15:55 <TemptorSent> yGweSm1OzVHe: So many basic implementation details are tied up in arch-specifc stuff where they don't need to be.
2017-04-01 19:16:11 <yGweSm1OzVHe> let me repeat: depends on which part you talk about.
2017-04-01 19:17:20 <TemptorSent> yGweSm1OzVHe: The usefulness of the grsec/pax features as a whole is dependent on them actually functioning in a running kernel.
2017-04-01 19:17:36 <yGweSm1OzVHe> stop hiliting me pls
2017-04-01 19:17:52 <TemptorSent> Sorry.
2017-04-01 19:18:14 <TemptorSent> Anyway, to use those features, you need to enable the base support for grsec/pax, which is not portable.
2017-04-01 19:19:33 <TemptorSent> If the features could be extracted from the non-portable implementation and applied cleanly, we would actually be able to support it.
2017-04-01 19:20:46 <uriah> Ah I see...
2017-04-01 19:21:12 <uriah> Will anything be replacing grsec?
2017-04-01 19:21:26 <uriah> As it's apparently on its way out
2017-04-01 19:21:27 <TemptorSent> I haven't looked at the most recent patches before they closed the sources, but the last I looked at was rife with #ifdefs and macros. Ask kaniini :)
2017-04-01 19:22:15 <TemptorSent> uriah: The intent is to port the good code I believe.
2017-04-01 19:23:07 <TemptorSent> Or reimplement functionality... It is somewhat of a mess.
2017-04-01 19:23:12 <uriah> Ok. Has this porting effort begun in a git repo somewhere?
2017-04-01 19:23:40 <TemptorSent> Not that I know of, but ask around when the devs show up.
2017-04-01 19:23:54 <uriah> Ok will do...
2017-04-01 19:24:12 <TemptorSent> Check the irc logs for the discussion.
2017-04-01 19:24:20 <uriah> Good idea
2017-04-01 19:26:07 <uriah> TemptorSent: how long ago was this discussed, afayk?
2017-04-01 19:26:33 <TemptorSent> If you've got some kernel chops, I'm sure the help would be appreciated in putting eyeballs on code and figuring out what's worth keeping and not.
2017-04-01 19:26:42 <TemptorSent> Past several weeks IIRC
2017-04-01 19:31:00 <uriah> Hmm, well, my development skills are limited to a dirty hack of an unreleased openbsd driver that turns off the nvidia optimus gpu in my laptop (my first C coding experience tbh, so it works but it likely wouldn't get merged into obsd upon submission) and I used to mess around with kernel patching during the Gentoo kernel mod craze as well as one small effort to update the gp2x kernel... lol
2017-04-01 19:33:07 <uriah> So idk what help I could provide aside from just patching all of grsec onto rpi sources and manually fixing what breaks, then testing and running it till the next oops/panic hits ;-)
2017-04-01 19:34:39 <uriah> I've mostly been running vanilla for a while but I'm interested in grsec, but I guess if it's being reimplemented by the alpine devs there must be good reasons
2017-04-01 19:35:31 <TemptorSent> uriah: grsecurity took it closed source, which leaves them with a fork to maintain of not terribly portable code.
2017-04-01 19:36:18 <uriah> Ah... well their test patch is still downloadable for free, no?
2017-04-01 19:36:36 <asie> AFAIK that's about to change
2017-04-01 19:36:38 <TBB> not even that
2017-04-01 19:36:42 <uriah> Darn
2017-04-01 19:37:05 <TemptorSent> uriah: If you could backport the more useful features of grsec (PaX could be nice) to vanilla and remove the rest of the code deps to the remainder of the patch, it would be greatly helpful
2017-04-01 19:37:07 <uriah> I see why then... not fully by choice
2017-04-01 19:37:23 <asie> not at all by choice
2017-04-01 19:37:34 <TemptorSent> Yeah, forking would be a good option, if the code base wasn't so fragile.
2017-04-01 19:38:00 <TemptorSent> I know a couple people here have taken a close look at it.
2017-04-01 19:39:25 <uriah> Hmm... well, I guess I'll see when/if I get to a point where I can spend time on this.
2017-04-01 19:40:11 <uriah> Also, I'll see who has looked into it before and find out the verdict wrt porting
2017-04-01 19:57:04 <yGweSm1OzVHe> doesn't look very much unavailable to me: https://grsecurity.net/test/grsecurity-3.1-4.9.20-201703310823.patch
2017-04-01 19:58:22 <yGweSm1OzVHe> so much fud
2017-04-01 20:00:20 <asie> not fud per se
2017-04-01 20:00:24 <asie> rather, going from logs from the gentoo-hardened IRC
2017-04-01 20:00:37 <asie> where it was announced that the test patches would soon become unavailable, with an indeterminate soon
2017-04-01 20:00:46 <yMGJRgi997ZH> also fud
2017-04-01 20:00:49 <yMGJRgi997ZH> fud everywhere
2017-04-01 20:00:54 <asie> we cannot trust anyone
2017-04-01 20:00:58 <asie> people close to devs, people who are near devs
2017-04-01 20:00:59 <yMGJRgi997ZH> !! ;)
2017-04-01 20:01:00 <asie> nobody
2017-04-01 20:01:04 <asie> and the biggest fud is you
2017-04-01 20:01:06 <asie> ;)
2017-04-01 20:01:13 <ScrambledAuroras> o_O
2017-04-01 20:01:16 <asie> pointing out fud is creating fud!!
2017-04-01 20:01:21 <asie> you know
2017-04-01 20:01:23 <yMGJRgi997ZH> oh? sorry bout that
2017-04-01 20:01:25 <asie> nah
2017-04-01 20:01:29 <edgar_> hi guys!
2017-04-01 20:01:30 <asie> i'm not being entirely serious
2017-04-01 20:01:48 <asie> dQw4w9WgXcQ: i recognize this URL
2017-04-01 20:01:59 <yMGJRgi997ZH> nice nick you have there dQw4w9....
2017-04-01 20:03:11 <ScrambledAuroras> looool
2017-04-01 20:03:16 <dQw4w9WgXcQ> asie: indeed, i probably linked it to you many times in te past
2017-04-01 20:03:36 <asie> the past.
2017-04-01 20:03:52 <dQw4w9WgXcQ> yes
2017-04-01 20:03:56 <asie> yes, i know.
2017-04-01 20:03:57 <dQw4w9WgXcQ> grasshopper
2017-04-01 20:03:59 <asie> it's just... the past.
2017-04-01 20:04:35 <asie> back when i didn't spend days pulling my hair out due to being unable to find peace with the direction i chose for my life: computer technology
2017-04-01 20:05:12 <asie> and, instead, i simply had fun with things
2017-04-01 20:05:14 <asie> simpler things
2017-04-01 20:05:28 <dQw4w9WgXcQ> things like mienkarft
2017-04-01 20:05:36 <asie> which i still help make mods for
2017-04-01 20:05:42 <asie> as a timefiller
2017-04-01 20:11:36 <Shiz> re:pax
2017-04-01 20:11:38 <Shiz> https://grsecurity.net/~paxguy1/
2017-04-01 20:11:42 <Shiz> PaX test patches are still uploaded here
2017-04-01 20:11:46 <Shiz> which are the... PaX parts of grse
2017-04-01 20:11:48 <Shiz> c
2017-04-01 20:12:07 <yMGJRgi997ZH> btw i can recommend to look at commit msg 08e03c1434f26e9b56f00a6ce8236320bd557494 in the grsec repo, where you might find hints of other projects doing something with grsec - also some sourness regarding their contributions back, could be releated to them being unhappy and not so eager to share
2017-04-01 20:12:21 <asie> yMGJRgi997ZH: there's many issues grsec has with other projects
2017-04-01 20:12:33 <kaniini> it's not known if the pax guy will stop too
2017-04-01 20:12:36 <Shiz> also: what grsec repo
2017-04-01 20:12:50 <asie> ultimately, it's their choice, and the backstory behind it doesn't change the fact alpine can't afford a volume license for every single one of its users
2017-04-01 20:12:57 <yMGJRgi997ZH> https://grsecurity.net/changelog-test.txt grep here for the hash shiz
2017-04-01 20:13:08 <Shiz> thats not a repo, just a changelog
2017-04-01 20:13:10 <Shiz> p
2017-04-01 20:13:12 <Shiz> :p
2017-04-01 20:13:30 <yMGJRgi997ZH> nevertheless an alternative to see the content of the commit message
2017-04-01 20:13:57 <asie> also, honestly
2017-04-01 20:14:06 <asie> did he expect people to just pay him money and not exercise the GPLv2 to rip his patches back into the vanilla kernel?
2017-04-01 20:14:23 <kaniini> blah blah blah
2017-04-01 20:14:28 <Shiz> i won't comment much on the situation, but it seems like spender just sees the GPL as a nuisance and not much else
2017-04-01 20:14:30 <asie> we've had this discussion before.
2017-04-01 20:14:36 <Shiz> and will go to a ton of lengths to attempt to bypass it
2017-04-01 20:14:48 <kaniini> i'm tired of stupid grsec trolls
2017-04-01 20:15:03 <yMGJRgi997ZH> sorry
2017-04-01 20:15:08 <kaniini> if you want it get spender on thorazine
2017-04-01 20:17:58 <kaniini> i could honestly give two shits
2017-04-01 20:18:49 <kaniini> the unpleasant grsec advocates that show up always
2017-04-01 20:19:03 <kaniini> is enough reason to drop it
2017-04-01 20:19:04 <kaniini> tbh
2017-04-01 20:19:36 <kaniini> who the fuck do you people think you are
2017-04-01 20:20:26 <kaniini> do you employ us?
2017-04-01 20:25:16 <Xe> kaniini: april fools day announcement should have been alpine picking up systemd, avconv and upstart
2017-04-01 20:25:50 <asie> Xe: too easy
2017-04-01 20:26:14 <asie> april fools day announcement should have been moving to the plan 9 kernel
2017-04-01 20:28:31 <edgar_> exit
2017-04-01 20:30:13 <kazblox> lowland linux
2017-04-01 20:32:57 <Shiz> plan 9 from kernel space
2017-04-01 20:39:34 <TBB> forking grsec and having negotiated a deal with Linux for immediate inclusion maybe
2017-04-01 20:39:43 <TBB> nah. nobody would've taken that seriously.
2017-04-01 20:47:23 <kaniini> yMGJRgi997ZH: well?
2017-04-01 21:00:50 <cartwright> Pretty sure that paxguy page will slowly go away as paxguy was all in favor of not continuing public patches immediately.
2017-04-01 21:28:41 <uriah> kaniini: sorry about getting people riled up about this issue again, my mistake. I was genuinely curious and unaware of the implications
2017-04-01 21:29:48 <uriah> However, looks like grsec is being abandoned due to their abandonment of gpl, which is understandable
2017-04-01 21:29:57 <kaniini> uriah my point is every time spender has some mood swing and says he is going to take grsec private
2017-04-01 21:30:23 <kaniini> all these people show up and demand we do some unspecified thing about it
2017-04-01 21:30:49 <uriah> Ah
2017-04-01 21:31:21 <yMGJRgi997ZH> uriah they don't abandond the gpl, they cannot, the linux kernel is gpl2.0, they cannot derive without staying gplv2.0 themselves.
2017-04-01 21:31:47 <uriah> Yeah, that wasn't exactly what I was getting at, more like is there anything I could do to help/is it worthwhile, which has been adequately addressed ;-)
2017-04-01 21:32:09 <kaniini> see and then they say stupid shit like the above
2017-04-01 21:32:50 <uriah> yMGJRgi997ZH: oh... but they're circumventing it to an extent, are they not?
2017-04-01 21:33:04 <TemptorSent> kaniini: The gist I got from previous discussion was port what's worth porting and dump the rest, right?
2017-04-01 21:33:21 <scv> so pretty much pax stuff
2017-04-01 21:33:31 <TemptorSent> Focusing on hardening the rest of the layers better.
2017-04-01 21:33:57 <kaniini> oldschool PaX is not even really worth porting
2017-04-01 21:33:59 <TemptorSent> I think the gcc-plugins were mentioned as being interesting.
2017-04-01 21:34:03 <kaniini> the really interesting stuff in PaX these days are the GCC plugins
2017-04-01 21:34:09 <uriah> TemptorSent: mind if I pm you?
2017-04-01 21:34:25 <kaniini> anyway
2017-04-01 21:34:29 <kaniini> the bottom line is
2017-04-01 21:34:32 <TemptorSent> uriah: Go right ahead, but I'm about to head out for the afternoon.
2017-04-01 21:34:48 <kaniini> - spender is having some tantrum and he has threatened to take it fully private
2017-04-01 21:34:58 <kaniini> - it is not yet known if he is going to actually do so
2017-04-01 21:35:07 <scv> oh spender threw another tantrum?
2017-04-01 21:35:09 <scv> is it public?
2017-04-01 21:35:57 <scv> i want some fun reading
2017-04-01 21:36:01 <kaniini> - either way, this isn't the first time he has threatened this, and as a distro we can't really bet on somebody who keeps threatening to take his patch private when he doesnt get his way
2017-04-01 21:37:15 <kaniini> we certainly cannot commit to an LTS release of alpine with grsecurity anymore, and probably not a full release cycle (2 years) of grsecurity either
2017-04-01 21:37:47 <kaniini> scv: i don't know, apparently some weeks ago he had some huge rant in #grsecurity about how upstream is incorporating the gcc plugins and other hardening stuff from grsecurity and now he is taking it private
2017-04-01 21:37:48 <Shiz> i'm glad i compile my own kernels anyway
2017-04-01 21:38:05 <kaniini> exactly
2017-04-01 21:38:20 <kaniini> if you care that much and want to use grsecurity, go buy your patch from spender or whatever
2017-04-01 21:38:24 <kaniini> and compile it yourself
2017-04-01 21:39:01 <scv> aw i was hoping for a whole heap of mailing list drama
2017-04-01 21:41:12 <kaniini> i don't know/care, i dont have time for his stupid shit
2017-04-01 21:42:55 <kaniini> tho i want to point out also
2017-04-01 21:43:00 <kaniini> that the last grsec troll that showed up
2017-04-01 21:43:07 <kaniini> runs some child porn hentai site shit
2017-04-01 21:43:13 <scv> lovely
2017-04-01 21:43:27 <kaniini> so i mean, apparently that's the type of people who really need grsec
2017-04-01 21:43:44 <Shiz> guilt by association much
2017-04-01 21:44:02 <kaniini> hey i am just saying
2017-04-01 21:44:16 <kaniini> i dont even think that dude used alpine
2017-04-01 21:44:16 <Shiz> of course you are
2017-04-01 21:44:24 <kaniini> so i have no idea why he came here and demanded shit from us
2017-04-01 21:44:27 <uriah> Double edged sword security is
2017-04-01 21:44:28 <kaniini> oh right, because he's a troll
2017-04-01 21:46:13 <cartwright> is it even worth mentioning that you compile your own kernels if both pipacs and spender are committed to having the testing patches private and you're not on the cool kids list?
2017-04-01 21:46:52 <kaniini> you can buy your way onto the cool kids list
2017-04-01 21:47:05 <cartwright> need a company first
2017-04-01 21:47:23 <kaniini> wow it's B2B only?
2017-04-01 21:47:42 <uriah> On one side you've got the ones who rightfully need it, such as journalists/activists in oppressed areas, on another you've got criminal minded people trying to hide... sadly this probably won't change, unless all people realize security is needed everywhere
2017-04-01 21:51:19 <cartwright> either you're part of the cool kids list or you speak to jake over at sales on behalf of a company and discuss your exact needs.
2017-04-01 21:52:28 <kaniini> uriah: well then hopefully someone forks it because upstream doesnt seem to care about activists, only about money
2017-04-01 21:52:40 <uriah> Sad
2017-04-01 21:55:04 <kaniini> as for PaX, i looked into it, the changes are too invasive to separate into modular patches (which makes rebasing a lot easier)
2017-04-01 21:56:09 <uriah> I'll try not to start rambling about how money needs to become less relevant to life cause I just want to be able to get something done today ;-)
2017-04-01 21:56:30 <uriah> Ah I see
2017-04-01 21:58:45 <kaniini> either way, i am tired of idiots coming in here and going on about how great grsec is, when in reality, we mainly use PaX from grsec and not many other features
2017-04-01 21:59:02 <kaniini> if they care, they should present a solution
2017-04-01 21:59:17 <kaniini> if they want to bitch, they would be better off bitching at spender
2017-04-01 21:59:22 <uriah> Agreed... I was just uninformed
2017-04-01 21:59:43 <cartwright> should ask them why aren't they fighting kspp instead
2017-04-01 21:59:53 <kaniini> if we do not have a dependable source of patches (as in it's not going to go away in the middle of a release cycle), we can't ship grsec
2017-04-01 22:00:01 <kaniini> well
2017-04-01 22:00:04 <cartwright> waste of time bothering people here, you can't do anything significant about this
2017-04-01 22:00:07 <kaniini> i can tell you why they do not like kspp
2017-04-01 22:00:12 <kaniini> it is pretty simple
2017-04-01 22:00:18 <kaniini> kspp is going to hurt their revenue
2017-04-01 22:00:28 <kaniini> because it will be "good enough" for a lot of their customers
2017-04-01 22:01:05 <kaniini> when it comes down to it, that is why they do not like it
2017-04-01 22:01:34 <kaniini> cartwright: so who the hell is 'jake' over at sales for grsec
2017-04-01 22:01:55 <cartwright> I'm aware, I meant asking the people who bother this channel, why don't they spend their ``valuable'' time antagonizing kspp instead, maybe something will become of that instead.
2017-04-01 22:02:34 <kaniini> like is that for real?  they have an actual sales rep now?
2017-04-01 22:02:54 <cartwright> for a while since stable went private.
2017-04-01 22:03:13 <kaniini> shit son
2017-04-01 22:03:28 <kaniini> wait i have a solution
2017-04-01 22:03:38 <kaniini> docker could just buy out open source security, inc
2017-04-01 22:03:48 <kaniini> they have billions they dont know what to do with
2017-04-01 22:03:54 <kaniini> so maybe they can do that
2017-04-01 22:04:16 <cartwright> docker bought mirage to do nothing with after all
2017-04-01 22:04:16 <kaniini> i'm sure a cool 20-30 mil will be enough to close it
2017-04-01 22:05:02 <cartwright> but nah, doubt that'd work out.
2017-04-01 22:05:27 <kaniini> anyway if people have not been paying attention, we have been deprecating grsec already for over a year
2017-04-01 22:05:43 <kaniini> it's restricted to x86, x86-64 and 32-bit arm
2017-04-01 22:05:51 <kaniini> there is no plan to enable it on any other arch
2017-04-01 22:11:15 <uriah> If I had a working computer I'd type up something in the wiki explaining the situation so people wouldn't bother anyone in the channel about it...
2017-04-01 22:11:35 <uriah> Give me a few days/weeks and I can
2017-04-01 22:12:23 <uriah> I don't really feel like performing such a task on my phone ;-)
2017-04-01 22:13:44 <kaniini> well part of it is we havent formally made a go or no-go decision for grsec in 3.6
2017-04-01 22:15:55 <uriah> Ok
2017-04-01 22:19:23 <uriah> Is there a way to make a compile hook in apk that calls alpine-sdk to build linux-grsec on a per-user basis for those who want to pay for a license? Could be a solution... I know it's a bit wonky but it might be the best of both worlds
2017-04-01 22:21:27 <kaniini> we would just supply an APKBUILD for it in non-free
2017-04-01 22:21:38 <uriah> Ah ok
2017-04-01 22:21:45 <uriah> Much simpler
2017-04-01 22:22:57 <uriah> Are binaries compiled with the grsec patched gcc compatible with a vanilla kernel?
2017-04-01 22:23:15 <kaniini> there is no grsec patched gcc
2017-04-01 22:23:19 <kaniini> lol
2017-04-01 22:23:19 <uriah> Oh
2017-04-01 22:23:23 <uriah> My mistake
2017-04-01 22:23:40 <uriah> <-- still uninformed ;-)
2017-04-01 22:25:17 <uriah> I must have been thinking about something else
2017-04-01 22:29:51 <uriah> Well that about concludes the discussion, thankfully... sorry I initiated it, seems to have taken quite some time away from higher priorities
2017-04-02 00:36:34 <rjbadger> hello all, I read a while back something about alpine linux considering moving to toybox over busybox. Im trying to find information about it again, but cant find anything. Did i just read a bad article or is this something that is being considered?
2017-04-02 00:37:19 <shodan45> what's the latest on running stuff that requires glibc? https://wiki.alpinelinux.org/wiki/Running_glibc_programs is quite old :/
2017-04-02 00:39:00 <dalias> it might be possible long-term but toybox is not complete enough yet
2017-04-02 00:39:07 <dalias> you'd need both
2017-04-02 00:44:08 <rjbadger> thats what I thought, its an interesting project though so I was just curious
2017-04-02 00:50:59 <kaniini> shodan45: essentially it is, apk add libc6-compat -- if that works, great.  if that doesn't work, then follow the instructions on that wiki
2017-04-02 02:20:57 <shodan45> how do I mount a raid device on boot?
2017-04-02 02:22:13 <shodan45> putting /dev/md0 in fstab doesn't work... I assume because that happens before mdadm runs?
2017-04-02 02:30:12 <shodan45> nm, figured it out
2017-04-02 02:32:17 <shodan45> to someone with write access to the wiki - https://wiki.alpinelinux.org/wiki/Setting_up_a_software_RAID_array
2017-04-02 02:32:51 <shodan45> towards the bottom, it says "rc-update add mdadm-raid" - this should (probably) be "rc-update add mdadm-raid boot"
2017-04-02 02:37:26 <pickfire> shodan45: Depends.
2017-04-02 02:37:40 <pickfire> I use raid withh btrfs.
2017-04-02 02:37:56 <pickfire> Everytime on boot, I need to go to the emergency shell.
2017-04-02 03:35:24 <budric[m]> hi, i installed alpine on raspberry pi with openssh, however when I log in it tells me the password has expired and changing it just doesn't fix it - still says expired next login.  The date on the system is correct and i disabled hwclock
2017-04-02 03:35:40 <budric[m]> has anyone ran into this problem?
2017-04-02 04:08:34 <pickfire> budric[m]: I don't.
2017-04-02 04:09:20 <budric[m]> it seems to happen for root user, I configured sudo and another user and can login via ssh as that user
2017-04-02 04:11:23 <TemptorSent> budric[m]: Ahh, yes -- password authentication should be disabled for root! Use a ssh key to enable a direct root login. You can change the setting in sshd's config file.
2017-04-02 04:13:02 <budric[m]> no I enabled PermitRootLogin, and would log in, but all I would get is "password expired" error message.  I just wanted something quick and dirty at the time, but now I setup sudo so i'll just use that
2017-04-02 04:14:17 <TemptorSent> budric[m]: I'd have to look, but I suspect the root password was intentionally set with an expiry in the past to force change.
2017-04-02 04:14:53 <TemptorSent> budric[m]: Take a look at your shadow file and see if it has extra fields set for the timeout.
2017-04-02 04:14:54 <budric[m]> i see, but i don't get that when logging in at the console
2017-04-02 04:15:20 <TemptorSent> budric[m]: I'm not sure bb's login enforces it...
2017-04-02 04:17:32 <pickfire> budric[m]: root password is disabled for ssh.
2017-04-02 04:19:28 <budric[m]> TemptorSent: you're right looks like shadow file had those fields set
2017-04-02 04:20:08 <TemptorSent> budric[m]: I think the intent was to make you have to work to shoot yourself in the foot :)
2017-04-02 04:20:47 <budric[m]> that's fair enough =)
2017-04-02 04:25:18 <TemptorSent> pickfire: Disabled the safety net for password authenticated root login
2017-04-02 04:25:55 <budric[m]> pickfire: I changed /etc/ssh/sshd_config to allow root logins.  I know that's not something you normally do but I wanted quick access to system I'm setting up.  However when I logged in it would ask me to change the password, and then kick me out, then I would log in again and it would ask me to change password, and boot met out...etc
2017-04-02 04:26:24 <pickfire> Ah
2017-04-02 04:26:25 <pickfire> Why?
2017-04-02 04:27:14 <budric[m]> because I'm just playing around with a raspberry pi and alpine linux
2017-04-02 07:56:49 <Shiz> budric[m]: might be a fucky rtc?
2017-04-02 07:56:59 <Shiz> i don't think passwd(1) sets expirations by default, though
2017-04-02 07:57:20 <Shiz> :p
2017-04-02 08:01:05 <ncopa> the alpine variant seems nice :) https://store.docker.com/images/pants?tab=description
2017-04-02 08:26:43 <avih> would anyone mind installing nano and nano-syntax on edge, then echo 'include "/usr/share/nano/*.nanorc"' >> ~/.nanorc and then run nano? i get fucktons of errors/warnings. seem to be related to https://lists.gnu.org/archive/html/help-nano/2013-01/msg00001.html and the suggested workaround works. though it might also be possible to use a configure --with-wordbounds to fix it, haven't tried yet. but would first appreciate if others can reproduce the
2017-04-02 08:26:43 <avih> issue.
2017-04-02 08:31:48 <avih> (did you know that nano's autogen clones gnulib?!?)
2017-04-02 08:36:33 <avih> yeah, this fixes the issue for me. seems once a reply to that mailing list message was posted, it was added to configure.ac, though i can't find the rest of that thread. but this fixes it for me: ./configure --with-wordbounds
2017-04-02 12:23:44 <avih> dalias: is this a correct statement? musl does support gnu-style word boundaries (\< and \>) but doesn't support posix style ([[:<:]] and [[:>:]]
2017-04-02 13:09:16 <dalias> avih, huh? how would the latter be "posix style"?
2017-04-02 13:09:45 <nsz> [:foo:] is character class foo in posix
2017-04-02 13:10:44 <nsz> additional carchter classes may be defined for an LC_CTYPE category, but it cannot mean word boundary
2017-04-02 13:12:44 <nsz> \b \B \< \> are supported for word boundary
2017-04-02 13:13:03 <nsz> \char is allowed extension in posix
2017-04-02 13:13:40 <avih> dalias: that's why i asked if the statement is correct in general, as i figured i might have gotten my assumptions wrong (and i'm far from a regex guru). regardless i got past this issue (see next)
2017-04-02 13:15:59 <avih> i'm trying to figure out why nano 2.8 configure on alpine fails to detect that word boundary (\< and \>) chars are supported (and as a result falls back to assume that [[:<:]] is supported instead - which is not - resulting on nanorc syntax files failing to parse), while if i run configure with --with-wordbounds (which effectively tells configure that \< and \> are supported), then everything runs fine and nano can parse its syntax files.
2017-04-02 13:17:34 <avih> i narrowed it down to the conftest file which tests it. in main() there's this:
2017-04-02 13:17:37 <avih>     if (regcomp(&r, "\\>", REG_EXTENDED|REG_NOSUB)) return 1;
2017-04-02 13:17:37 <avih>     if (regexec(&r, "word boundary", nmatch, &pmatch, 0)) return 1;
2017-04-02 13:17:37 <avih>     return 0;
2017-04-02 13:18:55 <avih> which works fine in musl, however, the proceeding conftest defines at the same file include stuff like "#define regcomp rpl_regcomp" and it fails with ld not finding rpl_regcomp
2017-04-02 13:19:42 <avih> however, while compiling nano itself it does not seem to be an issue. so either it doesn't add those replacement defines, or it does, but they are defined someplace while compiling nano but not while compiling the conftest
2017-04-02 13:26:33 <avih> i think something gnu-ish defines those replacement symbols, but i still can't find it. the other option is that nano itself is not compiled with the replacements, but for some reason they're defined for the conftest.
2017-04-02 13:29:29 <avih> i know their usage comes from m4/regex.m4 , but not sure where their definition is supposed to be.
2017-04-02 13:32:06 <avih> possibly at lib/regex* , but i can't find them directly yet
2017-04-02 13:54:20 <avih> i think it does use the replacement while building nano, but failing to (build and?) link with it while compiling the conftest.
2017-04-02 14:05:48 <avih> the conftest determines that musl's regex is not good enough for nano, and so decides to use its own lib/regex* implementation (which is fine, it segfaults at runtime if i force it not to). maybe it should not test that \< and \> are supported, knowing that they use their own implementation to begin with?
2017-04-02 14:05:57 <john3voltas> greetings
2017-04-02 14:07:19 <john3voltas> i've been looking all over the place for instructions on how to run virtualbox from alpine-linux but i can't find anything. i only find the other way around, that is, running alpine-linux as a virtualbox vm.
2017-04-02 14:07:27 <john3voltas> any tips?
2017-04-02 14:10:38 <avih> john3voltas: what's exactly the issue? alpine runs fine as a vm in vbox
2017-04-02 14:11:34 <avih> sorry, i misread. you want to run vbox inside alpine.
2017-04-02 14:13:59 <avih> i don't think i see a vbox package for alpine, which might suggest there's no pre-built binary for vbox which you can install with apk. i _think_.
2017-04-02 14:17:49 <dalias> avih, a configure-time test is inherently broken because it won't work with cross compiling
2017-04-02 14:18:10 <dalias> i'm not sure what the right fix would be. imo they should just use portable constructs
2017-04-02 14:18:21 <avih> dalias: right, but while cross compiling it explicitly issues a warning exactly about that.
2017-04-02 14:19:28 <dalias> like searching for a larger match with adjacent non-word characters then stripping them off
2017-04-02 14:19:35 <avih> i think the problem is that if it uses its own regex implementation, then it should automatically answer "yes" for "are \< and /> supported", but it doesn't. instead it tries to run it with the replacement #defines, but without the actual object files, and fails.
2017-04-02 14:20:07 <dalias> yeah that makes sense. but i wonder why it's replacing it
2017-04-02 14:20:26 <dalias> easy way to do this is something like:
2017-04-02 14:20:47 <avih> could be related to your 32 bit something also on 64 systems
2017-04-02 14:20:58 <avih> sec, i'll point you to their test program
2017-04-02 14:21:06 <dalias> (^|[nonwordchars])([wordchars]+)([nonwordchars]|$)
2017-04-02 14:21:28 <dalias> then just use parenthesized subexpr 2
2017-04-02 14:22:23 <avih> i'm not going to fix nano or try to interact with the gnu people. i think i figured out the issue - at their configure.ac, as i mentioned before.
2017-04-02 14:22:50 <avih> dalias: for your curiosity why it fails to satisfy its regex requirements, sec, trying to find the source online.
2017-04-02 14:24:32 <avih> this system is so fucked up. i can see it in configure, but not in configure.ac
2017-04-02 14:25:03 <dalias> *nod* you shouldn't have to
2017-04-02 14:25:20 <dalias> i just like raising what the portable clean fix would be in case you end up interacting with them
2017-04-02 14:25:45 <dalias> if it's in configure but not .ac it's probably pulled in from m4/something
2017-04-02 14:25:56 <avih> i'll extract the section from config.log
2017-04-02 14:26:07 <avih> it includes the invocation as well as the failed program itself.
2017-04-02 14:31:38 <avih> dalias: that's how they test if the system regex is good enough for them. once they decide that no, then they add the replacement defines, and also compile and link with lib/regex* . the word boundary test comes later, and fails for the reason i described.
2017-04-02 14:31:40 <avih> https://pastebin.com/26cjPfUn
2017-04-02 14:32:29 <john3voltas> avih: then i would have to compile it myself, right?
2017-04-02 14:33:29 <avih> john3voltas: i'd wait for at least another confirmation that there's no vbox package. it could be quite the journey to do it yourself and then find out you didn't have to ;)
2017-04-02 14:34:07 <john3voltas> oh. you mean it might not be as trivial as configure/make?
2017-04-02 14:34:29 <john3voltas> alpine newbie here
2017-04-02 14:35:56 <avih> it might, but i wouldn't bet my mortgage on it :)
2017-04-02 14:39:07 <john3voltas> ok. i'll standby then and see if someone else might give me a second opinion. thanks
2017-04-02 14:39:37 <avih> you could give it a go. it might work for you. but don't spend on it more than half an hour before you know you have to.
2017-04-02 14:42:14 <john3voltas> hmmm, what about snap/flak packages? can i use them on alpine? guess not, right?
2017-04-02 14:43:05 <avih> dalias: while they do really seem to need their own implementation (i forced build without it and the resulting nano segfaulted), the funny/sad thing is that musl's regexp actually supports their boundary chars just fine, but fails to compile due to their general shenanigans.
2017-04-02 14:45:04 <avih> john3voltas: if the snap/flak packages assume glibc exists, which i _think_ most/all do, then it won't be a walk in the park.
2017-04-02 14:45:25 <avih> (because alpine doesn't have glibc. it has musl)
2017-04-02 14:45:57 <john3voltas> got it. i meant flatpak, of course.
2017-04-02 14:46:02 <avih> yes
2017-04-02 14:46:10 <john3voltas> ;-)
2017-04-02 14:46:15 <avih> :)
2017-04-02 14:48:26 <john3voltas> well, it doesn't matter because i just noticed that they don't have vbox as a flatpak either...
2017-04-02 14:48:37 <pickfire> budric[m]: I used raspberry pi with alpine linux for quite some time.
2017-04-02 14:51:20 <john3voltas> darned. i'm just looking for something very small in both size and ram footprint that can run virtualbox and an webserver for phpvirtualbox. i guess i could make do with xen but i'm used to vbox and don't know zip about xen... :-(
2017-04-02 15:17:45 <dalias> avih, ok so they're testing for the gnu regex api
2017-04-02 15:17:54 <avih> seems like it.
2017-04-02 15:18:46 <dalias> they really shouldn't do that because it's awful and backwards
2017-04-02 15:18:59 <dalias> but if they do they shouldn't be testing for properties of it anyway
2017-04-02 15:19:09 <dalias> since afaik there's only one implementation of gnu regex
2017-04-02 15:19:28 <dalias> and either you have it in libc or you provide your own copy of it from gnulib
2017-04-02 15:20:06 <avih> i'm filing a bug just to have a reference, but i'm not likely to followup afterwards.
2017-04-02 15:20:15 <avih> (with gnu nano)
2017-04-02 15:20:44 <avih> dalias: indeed their autogen clones gnulib... :/
2017-04-02 15:21:33 <dalias> of course it does
2017-04-02 15:21:42 <dalias> if you see "rpl_*" anywhere, that's gnulib
2017-04-02 15:22:19 <avih> k, i figured as much, but now i know :p
2017-04-02 17:40:17 <TemptorSent> dalias: Is musl's regex support documented somewhere convenient by chance?
2017-04-02 18:54:19 <budric[m]> hi, when running alpine from ram what's a good way to add and commit several empty mount points (/mnt/a and /mnt/b)?  If I add /mnt to lbu.list and mount some shares, the next lbu_commit will try to save all data in those shares as well.  However if I don't add mnt to the list, then when i reboot the folders I created under /mnt are gone
2017-04-02 18:56:35 <uriah> budric[m]: lbu include not working?
2017-04-02 18:57:11 <budric[m]> uriah: it is, but it wants to save /mnt/a/* and /mnt/b/* as well which is nfs mount with several terabytes
2017-04-02 18:57:46 <uriah> Oh... unmount them before running commit?
2017-04-02 18:58:09 <budric[m]> uriah: ok, it's a little cumbersome i thought there was a better way
2017-04-02 18:58:33 <uriah> Maybe there's also lbu exclude, not sure
2017-04-02 18:58:50 <budric[m]> oh i see i'll try to look that up
2017-04-02 18:59:48 <uriah> There might be an exclamation point syntax for lbu.list, dunno
2017-04-02 19:01:35 <budric[m]> looks like lbu exclude adds -mnt/a to the list, thanks
2017-04-02 19:03:10 <uriah> No problem :-) we both learned
2017-04-02 19:04:09 <uriah> budric[m]: btw, not sure what your use case is, but you may want to look into sshfs
2017-04-02 19:04:11 <budric[m]> do you know how to define nfs entries in fstab so they mount on boot?  Now that portion doesn't work =).  I think it's because it doesn't wait for network to come up
2017-04-02 19:04:49 <uriah> Yeah, I think you need to add netmount to a runlevel or something
2017-04-02 19:05:03 <budric[m]> uriah: sshfs is quite cpu intensive as it encrypts all traffic
2017-04-02 19:05:08 <uriah> True
2017-04-02 19:05:28 <budric[m]> I'm running this on a rpi and don't have much CPU cycles to spare
2017-04-02 19:05:34 <uriah> Depending on what CPU you have that may or may not be irrelevant ;-D
2017-04-02 19:05:50 <uriah> Ah ok
2017-04-02 19:06:08 <uriah> Which rpi do you have?
2017-04-02 19:06:22 <budric[m]> rpi 3
2017-04-02 19:06:40 <uriah> Should be fine, no?
2017-04-02 19:06:59 <uriah> Doesn't that have 4 cores anyway?
2017-04-02 19:09:01 <budric[m]> yes it's 4 cores, still I have nfs server setup already
2017-04-02 19:09:33 <TemptorSent> Good afternoon :)
2017-04-02 19:09:36 <uriah> Ok, as long as it's a local network :-P
2017-04-02 19:09:42 <uriah> Hey TemptorSent
2017-04-02 19:09:46 <uriah> How goes?
2017-04-02 19:09:55 <TemptorSent> Fairly well, yourself?
2017-04-02 19:10:03 <uriah> Well enough.
2017-04-02 19:10:22 <uriah> Keeping calm :-P
2017-04-02 19:10:42 <TemptorSent> FWIW, NFS mounts should mount with netmount, but make sure to put _netdev in their options :)
2017-04-02 19:11:19 <uriah> In fstab you mean right?
2017-04-02 19:11:25 <budric[m]> TemptorSent: oh ok thanks
2017-04-02 19:12:11 <TemptorSent> budric[m]: It runs mount -a -O _netdev, which will attempt to mount all filesystesm with the option _netdev in their options list.
2017-04-02 19:12:43 <TemptorSent> Yes, in fstab.
2017-04-02 19:12:52 <uriah> Keeping it simple \o/
2017-04-02 19:12:58 <uriah> Heh
2017-04-02 19:13:59 <TemptorSent> budric[m]: Let us know if that works :)
2017-04-02 19:18:19 <budric[m]> TemptorSent: unfortunately doesn't work on boot.  After boot, manually doing mount -a works
2017-04-02 19:18:59 <uriah> budric[m]: what runlevel is netmount in?
2017-04-02 19:20:26 <TemptorSent> You probably want netmount in default
2017-04-02 19:20:32 <uriah> Yup
2017-04-02 19:21:09 <budric[m]> how do I get info for that service?
2017-04-02 19:21:12 <TemptorSent> Oh, just noticed nfsmount is split off too :)
2017-04-02 19:21:15 <TemptorSent> rc-update
2017-04-02 19:21:30 <uriah> Ah :-)
2017-04-02 19:21:33 <TemptorSent> you'll want to add nfsmount and netmount to default
2017-04-02 19:21:43 <uriah> budric[m]: ^
2017-04-02 19:24:16 <budric[m]> cool that works now, thanks!
2017-04-02 19:24:26 <uriah> Good :-)
2017-04-02 19:24:32 <TemptorSent> Good deal.
2017-04-02 19:47:57 <TemptorSent> Signal-Noise-Ratio Ratio (for added redundancy)
2017-04-02 22:03:10 <terra> ncopa: after recent nano package update, I got syntax error messages when using nano.
2017-04-02 22:03:45 <terra> ncopa: error messages: https://paste.ee/p/04vb7 || my .nanorc : https://paste.ee/p/KD7sf
2017-04-02 22:21:46 <terra> ncopa: https://forum.synology.com/enu/viewtopic.php?t=61288#p233977  fixed for me btw.
2017-04-02 22:21:47 <avih> terra: there are two PRs for this from today. should be merged tomorrow probably.
2017-04-02 22:22:18 <avih> i also filed upstream https://savannah.gnu.org/bugs/?50705
2017-04-02 22:23:40 <terra> avih: thanks..which link to follow PR ?
2017-04-02 22:24:04 <terra> I mean for Alpine port specific.
2017-04-02 22:24:38 <avih> terra: https://github.com/alpinelinux/aports/pull/1189 and 1190
2017-04-02 22:25:14 <avih> (i sent the PR 10 mins later, but i did analyze it and file a bug upstream first ;) )
2017-04-02 22:48:35 <shodan45> is there a "right way" to manage busybox symlinks?
2017-04-02 22:49:12 <TemptorSent> shodan45 busybox --install -s should do the hard work of installing them.
2017-04-02 22:49:37 <shodan45> TemptorSent: err no, I want to get rid of some ;)
2017-04-02 22:49:49 <TemptorSent> shodan45: Aside from that, they're just symlinks, so rm -f works great :)
2017-04-02 22:49:51 <shodan45>  /usr/bin/top
2017-04-02 22:49:55 <shodan45> ok
2017-04-02 22:50:34 <TemptorSent> ls -ald /usr/bin/top ; rm -if /usr/bin/top if you want to be safe about it.
2017-04-02 22:50:53 <TemptorSent> er rm -i :)
2017-04-02 22:54:58 <TemptorSent> avih: Any chance you've come across anywhere in the apk sources that the pax headers magically get read besides when writing a .apk-new for a protected file?
2017-04-02 22:57:52 <avih> TemptorSent: i don't think i ever got close to anything PAX related... :)
2017-04-02 22:58:53 <TemptorSent> avih: Not PaX, pax - the header type in the tar files that stores APK-TOOLS.checksum.SHA1 values.
2017-04-02 22:59:12 <avih> that too, yes :p
2017-04-02 22:59:33 <avih> (i.e. no clue what you're talking about ;) )
2017-04-02 22:59:43 <avih> (IOW: no :) )
2017-04-02 22:59:59 <TemptorSent> avih : Okay, thanks -- Just hoping someone had stumbled across it.
2017-04-02 23:00:20 <TemptorSent> I'm getting the impression that it's not actually used currently.
2017-04-02 23:01:06 <TemptorSent> I was looking for a code-path to abuse to generate a manifest of checksums vs. origin files to include in the initfs.
2017-04-03 17:49:20 <mnp_> greets
2017-04-03 17:50:01 <mnp_> we're having trouble finding anything about alpine licenses, eg, busybox, when distributing alpine containers
2017-04-03 17:50:33 <mnp_> has this bene written up anywhere?
2017-04-03 17:51:07 <Xe> mnp_: https://busybox.net/license.html https://www.musl-libc.org/intro.html
2017-04-03 17:51:23 <mnp_> yeah, we're aware of those
2017-04-03 17:51:33 <mnp_> thinking higher level, eg alpine itself?
2017-04-03 17:51:55 <Xe> sec
2017-04-03 17:52:04 <mnp_> lots of distros have a /usr/share/licenses directory to handle informing the user
2017-04-03 17:52:46 <Xe> http://pkgs.alpinelinux.org/package/edge/main/aarch64/alpine-baselayout says gpl2 for at least the base layout, the packages it depends on will tell you what else makes up the base system
2017-04-03 17:53:30 <mnp_> i see
2017-04-03 17:53:37 <Xe> http://pkgs.alpinelinux.org/package/edge/main/aarch64/apk-tools apk seems to be GPL2
2017-04-03 17:53:53 <Xe> my understanding is that the license text is not shipped to the disk to save space
2017-04-03 17:54:26 <mnp_> i don't see anything in the repos either, am i missing it?
2017-04-03 17:55:03 <Xe> https://github.com/alpinelinux/aports/blob/master/main/apk-tools/APKBUILD#L23
2017-04-03 17:55:56 <Xe> also
2017-04-03 17:55:58 <mnp_> so i guess that's pkg-by-pkg basis for all the apks
2017-04-03 17:56:01 <Xe> random file in apk-tools: https://git.alpinelinux.org/cgit/apk-tools/tree/src/add.c#n1
2017-04-03 17:56:27 <TBB> grep -e ^L:/lib/apk/db/installed
2017-04-03 17:56:33 <TBB> and
2017-04-03 17:56:39 <TBB> add a space between the : and the /lib part
2017-04-03 17:57:23 <mnp_> yeah, that's good for cataloging pkgs
2017-04-03 17:58:07 <mnp_> github usually bugs you for a top-level LICENSE file
2017-04-03 17:59:49 <mnp_> if I wanted to submit a PR to clarify licenses, should it go to the github repo?
2017-04-03 21:28:03 <untoreh> mkinitfs does not copy some libraries when the root has been usrmoved
2017-04-03 21:28:47 <untoreh> the targets of symlinks don't get copied leaving some links hanging
2017-04-03 21:31:46 <TemptorSent> untoreh: Can you give a bit more detail on what's hanging and how you got it that way? I'm working on  rewrite of the mkinitfs scripts.
2017-04-03 21:35:40 <untoreh> https://pastebin.com/raw/ZXLEpRyy
2017-04-03 21:36:18 <untoreh> I mean the usr merge, moving /bin /sbin /lib* in /usr and linking /bin -> /usr/bin etc
2017-04-03 21:37:30 <TemptorSent> untoreh : Ahh, not surprising with the current implementation, since it's globbing in the base filesystem.
2017-04-03 21:39:18 <TemptorSent> untoreh: Okay, so what is linked where exactly? ls -ld /* /usr/*
2017-04-03 21:40:23 <TemptorSent> untoreh: But clearly you're not getting the libs you need...
2017-04-03 21:40:40 <untoreh> the changes are just these https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge/
2017-04-03 21:41:54 <TemptorSent> First problem -- it relates to systemd :P
2017-04-03 21:42:24 <untoreh> it's just a change for making an ostree setup, not really much with systemd
2017-04-03 21:42:48 <untoreh> if you can directly the support for ostree in the init script that would be nice
2017-04-03 21:42:52 <TemptorSent> honestly, I find it idiotic, as it breaks the entire reason for the seperation in the first place!
2017-04-03 21:43:08 <untoreh> directly add*
2017-04-03 21:43:29 <Shiz> the entire separation is silly
2017-04-03 21:43:32 <Shiz> so i don't disagree
2017-04-03 21:43:44 <TemptorSent>  /bin and /sbin should work without /usr mounted, as /usr is often on another filesystem or even remote!
2017-04-03 21:43:59 <Shiz> 'often' being in reality 'never'
2017-04-03 21:44:00 <Shiz> :p
2017-04-03 21:44:01 <TBB> not anymore :D
2017-04-03 21:44:12 <Shiz> the original reason was boot disks being small
2017-04-03 21:44:19 <Shiz> or at least, too small to host all system binaries
2017-04-03 21:44:21 <TemptorSent> Split configs e something I do regully still!
2017-04-03 21:44:28 <Shiz> this is very evidently not the case these days
2017-04-03 21:45:31 <TemptorSent> Shiz: It's not just th (WTF? I just lost my lowercAse A key.
2017-04-03 21:46:05 <TBB> you were blaspheming on systemd
2017-04-03 21:46:28 <TemptorSent> BRB, my keybrd won't let me type lower cAse A Anymore.
2017-04-03 21:46:32 <Shiz> lol
2017-04-03 21:46:35 <TBB> fear the revenge of the men in red hats
2017-04-03 21:47:08 <TemptorSent> *LOL* YeAh, wouldn't be the first time I hAd someone go After me.
2017-04-03 21:49:12 <TemptorSent> That was weird :P
2017-04-03 21:49:13 <TemptorSent> Anyway, I regularly run systems with my root mounted RO and /usr mounted later.
2017-04-03 21:49:26 <TemptorSent> (helps to be in the right channel too :P )
2017-04-03 21:49:40 <untoreh> ostree initramfs support https://ostree.readthedocs.io/en/latest/manual/adapting-existing/#booting-and-initramfs-technology
2017-04-03 21:50:24 <Shiz> imo separate /usr is deprecated by initramfs
2017-04-03 21:51:10 <TemptorSent> Shiz: Only where people have totally ignored the fact that /bin and /sbin are supposed to be the minimal tools.
2017-04-03 21:51:24 <Shiz> i don't see how that changes anything
2017-04-03 21:51:35 <Shiz> it's supposed to be the minimal tools to get your system booted up
2017-04-03 21:51:39 <Shiz> exactly what initramfs is for
2017-04-03 21:51:52 <TemptorSent> Fedora is justifying it based on the fact that they already have ~450MB in the root directory.
2017-04-03 21:52:21 <TemptorSent> Shiz: No, I can USE a system with just / mounted.
2017-04-03 21:52:45 <Shiz> good for you, but that's not what it was "supposed" for
2017-04-03 21:52:47 <Shiz> :p
2017-04-03 21:53:20 <TemptorSent> Shiz: Actually, that's exactly what it was for, and I used it for that purposed extensivley back in the SunOS days all the way to present.
2017-04-03 21:54:04 <Shiz> well, sunOS did about everything wrong, so i'm not surprised by that
2017-04-03 21:54:06 <Shiz> at all
2017-04-03 21:54:34 <TemptorSent> Shiz; When you're running a system that needs to boot even if it can't mount it's net mounts and you're working in a constrained environment, it's quite helpful.
2017-04-03 21:55:07 <Shiz> that's what initramfs is for, again
2017-04-03 21:55:29 <TemptorSent> If / was only ever mounted as the tempfs (which I do VERY frequetly), then usr is broken if not mounted from some media.
2017-04-03 21:55:51 <TemptorSent> Shiz: rootfs IS a tmpfs
2017-04-03 21:56:09 <TemptorSent> Shiz: Anything you mount stacks on top of that.
2017-04-03 21:56:26 <Shiz> https://linux.die.net/man/8/pivot_root
2017-04-03 21:56:32 <TemptorSent> Shiz: So if my initfs comes up and my netmount doesn't, I'd like to actually be able to use it.
2017-04-03 21:56:36 <TemptorSent> Shiz: Not used.
2017-04-03 21:56:45 <Shiz> used by all mkinitramfses out there
2017-04-03 21:56:46 <Shiz> :)
2017-04-03 21:56:46 <TemptorSent> Shiz: In fact, not even enabled in our BB
2017-04-03 21:57:05 <Shiz> i'm saying your specific boot situation is not relevant enough to justify a separate /usr
2017-04-03 21:57:14 <Shiz> since the same situation can be done by initramfses just fine
2017-04-03 21:57:17 <TemptorSent> Shiz: No, type busybox | grep pivot_root
2017-04-03 21:57:47 <TemptorSent> Shiz: You can't magically make a netdev fs mount when I'm running out of ram from something booted off rom!
2017-04-03 21:58:00 <Shiz> ?
2017-04-03 21:58:42 <Shiz> also you're right, it's switch_root
2017-04-03 21:58:44 <Shiz> :)
2017-04-03 21:58:45 <TemptorSent> Shiz: Bootstrap on many embedded projects is flash chip.
2017-04-03 21:58:51 <Shiz> yes, and?
2017-04-03 21:59:02 <Shiz> https://git.alpinelinux.org/cgit/mkinitfs/tree/initramfs-init.in#n673
2017-04-03 21:59:04 <Shiz> btw
2017-04-03 21:59:11 <TemptorSent> Shiz: Right, which has much different side-effects than pivot root, and essentially just mounts over the top.
2017-04-03 22:00:03 <Shiz> it does not
2017-04-03 22:00:12 <TemptorSent> Shiz: Yes, it does. Read the kernel docs.
2017-04-03 22:00:23 <Shiz> this is not a kernel function
2017-04-03 22:00:26 <Shiz> it's a user-space utility
2017-04-03 22:00:40 <TemptorSent> The switch_root semantics are kernel-derrived.
2017-04-03 22:00:57 <Shiz> nope
2017-04-03 22:01:06 <Shiz> pivot_root(2) exists, but its main use is initrd, not initramfs
2017-04-03 22:01:24 <Xe> wait, initrd != initramfs?
2017-04-03 22:01:25 <Shiz> which have different semantics as to where to tempfs is stored and how its created/destroyed
2017-04-03 22:01:28 <Shiz> yes
2017-04-03 22:01:31 <Xe> TIL
2017-04-03 22:01:33 <Shiz> initrd is a very old kernel mechnaism nobody should use
2017-04-03 22:01:36 <TemptorSent> So what happens with switch_root is that it mounts a new filesystem, wipes the old one, and does a chroot.
2017-04-03 22:01:40 <Shiz> often when people refer to initrd they mean initramfs
2017-04-03 22:02:14 <TemptorSent> Shiz: Correct, and with the initrd went the actual change of the root fs.
2017-04-03 22:02:29 <Shiz> TemptorSent: you're wrong btw
2017-04-03 22:02:33 <Shiz> you forget one important step
2017-04-03 22:02:34 <Shiz> the move mount
2017-04-03 22:02:38 <TemptorSent> pivot_root actually changed the location of the root, while switch_root simply does a chroot.
2017-04-03 22:02:43 <Shiz> wrong
2017-04-03 22:02:57 <Shiz> switch_root move-mounts the new fs to /
2017-04-03 22:02:58 <TemptorSent> Shiz: The move mount is only for convenience.
2017-04-03 22:03:02 <Shiz> the location of the root is actually changed
2017-04-03 22:03:25 <TemptorSent> Nope, other way around, it moves everything else to the new $sysroot, then does exec chroot $sysroot
2017-04-03 22:03:31 <Shiz> you should probably read the busybox docs :)
2017-04-03 22:03:47 <TemptorSent> Shiz: I have, at great lenght, as well as the kernel docs and source.
2017-04-03 22:04:10 <Shiz> maybe we are just confusing terminology them
2017-04-03 22:04:28 <Shiz> by moving the root i mean the proper rootfs is now at / and the old rootfs is gone in all meanings of the word
2017-04-03 22:04:35 <Shiz> (mount presence, kernel memory, etc.)
2017-04-03 22:04:46 <TemptorSent> Shiz: /dev/root remains mounted at /, and the rest of the system believe /sysroot is / because of the chroot call.
2017-04-03 22:05:07 <Shiz> that is not true
2017-04-03 22:05:12 <Shiz> since you don't chroot into /sysroot
2017-04-03 22:05:14 <Shiz> you chroot into .
2017-04-03 22:05:21 <TemptorSent> Shiz: Nope, it is EXPLICITLY stated that the rootfs remains regardless of what you do.
2017-04-03 22:05:23 <Shiz> after the move-mount
2017-04-03 22:05:25 <TemptorSent> REad the kernel docs.
2017-04-03 22:05:46 <Shiz> TemptorSent: "Since initramfs is a ramfs, deleting its contents frees up the memory it uses."
2017-04-03 22:05:51 <TemptorSent> Shiz: Actually you cd $sysroot; chroot . ; cd .
2017-04-03 22:05:52 <Shiz> the old rootfs is gone.
2017-04-03 22:06:03 <Shiz> TemptorSent: no.
2017-04-03 22:06:15 <TemptorSent> Shiz: No, the CONTENTS may be gone, but the rootfs mount is NOT removed.
2017-04-03 22:06:17 <Shiz> from busybox switch_root.c:
2017-04-03 22:06:20 <Shiz> mount(".", "/", NULL, MS_MOVE, NULL)
2017-04-03 22:06:28 <Shiz> xchroot(".");
2017-04-03 22:06:29 <TemptorSent> Linus went on a very long rant about exactly how this all works.
2017-04-03 22:06:54 <Shiz> you cd, then you move-mount, then you chroot, then you cd .
2017-04-03 22:07:40 <TemptorSent> move-mount doesn't do anything magical, it is essentially the same as doing a bind/unmount
2017-04-03 22:08:10 <TemptorSent> So it doesn't move the rootfs, it just moves anything you happened to have mounted on top of /.
2017-04-03 22:09:09 <TemptorSent> You could just as easily switch root without deleting anything, but it'd waste the ram and not be terribly useful.
2017-04-03 22:10:41 <Shiz> 00:04:46      TemptorSent │ Shiz: /dev/root remains mounted at /, and the rest of the system believe /sysroot is / because of the chroot call.
2017-04-03 22:10:46 <Shiz> immunity:~# cat /proc/mounts | grep -F ' / '
2017-04-03 22:10:48 <Shiz> /dev/vda3 / ext4 rw,relatime,data=ordered 0 0
2017-04-03 22:10:50 <Shiz> ? :p
2017-04-03 22:11:10 <TemptorSent> Shiz: So, where's /dev/root?
2017-04-03 22:11:15 <Shiz> nowhere
2017-04-03 22:11:22 <Shiz> immunity:~# grep /dev/root /proc/mounts
2017-04-03 22:11:24 <Shiz> immunity:~#
2017-04-03 22:11:30 <TemptorSent> Shiz: Not according to Linus or the source!
2017-04-03 22:12:14 <Shiz> embargo:~$ mount | grep ' / '
2017-04-03 22:12:16 <Shiz> /dev/mapper/enc_root on / type btrfs (rw,relatime,space_cache,subvolid=5,subvol=/)
2017-04-03 22:12:18 <Shiz> embargo:~$ grep /dev/root /proc/mounts
2017-04-03 22:12:20 <Shiz> embargo:~$
2017-04-03 22:12:26 <Shiz> replication on another system that does LUKS so you know it needs an initramfs to boot
2017-04-03 22:12:27 <Shiz> :)
2017-04-03 22:12:54 <TBB> I seem to remember something about systemd based systems being able to return to their initramfs
2017-04-03 22:13:17 <TBB> in other words, shutting down the entire system to the pre-switchroot state
2017-04-03 22:13:46 <Diftraku> only place I found /dev/root was on my Asus router running AdvancedTomato
2017-04-03 22:13:59 <Shiz> i think /dev/root is an initrd artifact...
2017-04-03 22:14:09 <Diftraku> granted, most ppaces I check run systemd and ubuntu/fedora
2017-04-03 22:14:27 <TemptorSent> Nope, it's where the kernel mounts the device it boots from
2017-04-03 22:14:27 <Shiz> # ls -lh /dev/root
2017-04-03 22:14:29 <Shiz> lrwxrwxrwx    1 root     root           4 Mar 28 14:59 /dev/root -> vda3
2017-04-03 22:14:31 <Shiz> :p
2017-04-03 22:14:42 <Shiz> # ls -lh /dev/root
2017-04-03 22:14:44 <Shiz> ls: /dev/root: No such file or directory
2017-04-03 22:14:46 <Shiz> on the other node
2017-04-03 22:14:49 <Shiz> and yes, /dev is a devtmpfs
2017-04-03 22:15:18 <TemptorSent> The device is just a link to it, the fs is the one the kernel mounts
2017-04-03 22:15:25 <Shiz> well
2017-04-03 22:15:29 <Shiz> not according to /proc/mounts
2017-04-03 22:15:31 <Shiz> :)
2017-04-03 22:16:03 <TemptorSent> Like I said, read the kernel source.
2017-04-03 22:17:58 <TemptorSent> You can mount over the top of it and chroot so you're referring to a differnt location as /, but all that does is hide it, since its dirent isn't accessible under the new root.
2017-04-03 22:20:07 <TemptorSent> Since we ran the chroot with exec, we see all mounts relative to the $sysroot directory and no longer see rootfs. Try it using rdinit=/bin/sh
2017-04-03 22:20:43 <TemptorSent> To verify, setup a chroot, then take a look at /proc/$pid/mountinfo for your shell.
2017-04-03 22:22:42 <TemptorSent> But the point is that having / be the minimal system, while /usr contains the 'normal' system is especially useful to something like alpine if we do it right.
2017-04-03 22:22:52 <Shiz> nope.
2017-04-03 22:23:07 <TemptorSent> That gives us minimal, possibly cut-down utilities in /, while supporting fully-functional utils in /usr
2017-04-03 22:24:07 <TemptorSent> And bringing BACK /usr/x11 would allow us to put libs/bins built for use with X there while not contaminating the rest of the namespace.
2017-04-03 22:24:13 <Shiz> oh HELL no
2017-04-03 22:24:49 <TemptorSent> Shiz: Okay, you maintain three different versions of the same package and keep them from conflicting when they all have the same names.
2017-04-03 22:25:04 <Shiz> i don't think alpine is what you're looking for, then
2017-04-03 22:25:20 <Shiz> have you considered gobo linux
2017-04-03 22:25:21 <Shiz> :p
2017-04-03 22:25:25 <TemptorSent> I don't want X11 deps in my system unless I'm using X, thanks.
2017-04-03 22:25:43 <Shiz> me neither, so i don't install shit that uses X
2017-04-03 22:25:46 <Shiz> pretty easy
2017-04-03 22:26:01 <TemptorSent> Yeah, now what do you do with libs that have X as an optional dep.
2017-04-03 22:26:23 <Shiz> you split them up
2017-04-03 22:26:32 <TemptorSent> Shiz: You have to compile them both ways.
2017-04-03 22:26:56 <Shiz> you realize apk has replaces= and conflicts=
2017-04-03 22:26:57 <Shiz> :p
2017-04-03 22:27:05 <TemptorSent> Shiz: Now, you have say libgd built with X and libgd built without X
2017-04-03 22:27:15 <TemptorSent> How do you make sure you have the one you need?
2017-04-03 22:27:38 <Shiz> you install the one you need
2017-04-03 22:27:41 <TemptorSent> Shiz: Easy way, if you're using X, include the /usr/x11 directory
2017-04-03 22:28:07 <TemptorSent> Shiz: Yeah, let me know how many unresolved symbols pop up when someone has the wrong version
2017-04-03 22:28:07 <Shiz> let's make subhierarchies for all possible package features!
2017-04-03 22:28:14 <Shiz> TemptorSent: they won't?
2017-04-03 22:28:22 <Shiz> because the X version will rely on libX11 or xcb
2017-04-03 22:28:24 <Shiz> or whatever it uses
2017-04-03 22:28:28 <Shiz> dependencies are not hard
2017-04-03 22:28:39 <Shiz> (overly, anyway)
2017-04-03 22:28:45 <TemptorSent> Shiz: What I mean is how do you know whether you're using a version that supports X or not?
2017-04-03 22:28:58 <Shiz> you check # apk info?
2017-04-03 22:29:08 <TemptorSent> Shiz: At RUNTIME?
2017-04-03 22:29:19 <Shiz> please don't highlight me every line
2017-04-03 22:29:21 <Shiz> it's rather annoying
2017-04-03 22:29:37 <Shiz> as opposed to?
2017-04-03 22:29:45 <TemptorSent> Sry.
2017-04-03 22:29:46 <Shiz> by 'you' i'm presuming 'the user'
2017-04-03 22:30:02 <TemptorSent> User usually, yes.
2017-04-03 22:30:03 <Shiz> any package that would rely on the X11 version of libgd would depends= on it
2017-04-03 22:30:10 <Shiz> the user, yes they can just check apk info?
2017-04-03 22:30:12 <Shiz> what is wrong with that
2017-04-03 22:30:50 <TemptorSent> Do you run apk-info $somedep before you run say 'convert blah.jpg blah.png'
2017-04-03 22:31:17 <Shiz> your point is utterly lost on me
2017-04-03 22:31:27 <Shiz> no, because i'm expecting it to work, just as i would for that
2017-04-03 22:31:29 <TemptorSent> And realize that the version of imagemagick you're using is compiled against X.
2017-04-03 22:31:50 <TemptorSent> Yeah, real problem that came up was a request to enable X for imagemagick :)
2017-04-03 22:32:06 <Shiz> well
2017-04-03 22:32:09 <Shiz> alpine is not gentoo
2017-04-03 22:32:18 <Shiz> we're not gonna offer unlimited different packages for different option configs
2017-04-03 22:32:21 <Shiz> in the first place
2017-04-03 22:32:21 <TemptorSent> No, but it could take a few good hints.
2017-04-03 22:32:26 <Shiz> i'd rather it not
2017-04-03 22:32:39 <TemptorSent> Shiz: X vs not is a pretty big split.
2017-04-03 22:32:50 <Shiz> no less big than libintl vs not
2017-04-03 22:33:13 <TemptorSent> Shiz: Much larger in terms of deps/installed size.
2017-04-03 22:33:43 <Shiz> i don't see any reason for imagemagick to have X support in the first place
2017-04-03 22:33:48 <Shiz> so my argument would be for disabling it
2017-04-03 22:33:53 <TemptorSent> And pretty clear in most cases, although there are a few packages that use X that don't actually need the head.
2017-04-03 22:34:03 <Shiz> and good software should already have a split between gui/non-gui components
2017-04-03 22:34:14 <TemptorSent> Shiz: Because it's necessary to use it in X configurations properly.
2017-04-03 22:34:44 <Shiz> sounds nonsense
2017-04-03 22:34:51 <TemptorSent> Shiz: I believe it actually interacts with the internals of X when enabled for things such as setting root image, grabbing frame data, etc.
2017-04-03 22:34:54 <Shiz> unless you mean stuff like import(1)
2017-04-03 22:34:59 <Shiz> which should be cleaned anyway
2017-04-03 22:35:01 <Shiz> and never used
2017-04-03 22:35:07 <Shiz> i mean, imagemagick should be cleansed, but that especially
2017-04-03 22:35:24 <TemptorSent> Shiz: As well as color management, font rendering, etc
2017-04-03 22:35:38 <Shiz> doesn't need it for that
2017-04-03 22:35:42 <Shiz> i can promise you that
2017-04-03 22:35:54 <TemptorSent> Shiz; Yes, actually it does if you're using it in X for graphics.
2017-04-03 22:35:57 <Shiz> the only thing it needs X for are features that are relevant to X
2017-04-03 22:36:01 <Shiz> which are not relevant
2017-04-03 22:36:05 <Shiz> and often bad
2017-04-03 22:36:12 <Diftraku> why would you need monitor color management if you are converting pictures with imagemagick?
2017-04-03 22:36:36 <TemptorSent> Shiz: If you break imagemagick under X for people who need it, you get to deal with the angry mob :)
2017-04-03 22:37:02 <TemptorSent> Diftraku: Because the color management is part of the equation for conversion.
2017-04-03 22:37:12 <Shiz> sure, i'll tell them to use better software for whatever they're trying to use imagemagick for that is relevant to X
2017-04-03 22:37:17 <Diftraku> but you don't need X for that?
2017-04-03 22:37:25 <Shiz> yeah, you don't.
2017-04-03 22:37:53 <TemptorSent> Diftraku: It's using the CMS for your monitor to set the gamma/curves.
2017-04-03 22:38:01 <Diftraku> I sure as hell don't need X on a server doing conversions with imagemagick
2017-04-03 22:38:21 <TemptorSent> I'm not aware of CMS that works without the X server.
2017-04-03 22:38:26 <Shiz> if it's doing that, it's 100% doing stuff wrong
2017-04-03 22:38:43 <TemptorSent> Shiz: Okay, how would you proposed to do CMS?
2017-04-03 22:38:47 <Diftraku> why would you need X to do the conversion if you are never displaying it?
2017-04-03 22:38:54 <Shiz> not in imagemagick
2017-04-03 22:38:55 <Shiz> presto
2017-04-03 22:39:02 <Shiz> CMS is part of the rendering system
2017-04-03 22:39:05 <Shiz> not of the image conversion system
2017-04-03 22:39:08 <Shiz> so whatever image viewer you use
2017-04-03 22:39:10 <Shiz> or video player
2017-04-03 22:39:23 <TemptorSent> Diftraku: Because you're working with files in your colorspace and trying to convert them to a standard colorspace.
2017-04-03 22:39:46 <Shiz> i see the wtf here
2017-04-03 22:39:56 <Diftraku> sure, they have colour spaces but I don't need the monitor colour management for it
2017-04-03 22:39:59 <Shiz> it's having files in a monitor colorspace but not having the colorspace info available otherwise
2017-04-03 22:40:02 <Diftraku> when the damn tool does it internally
2017-04-03 22:40:04 <TemptorSent> CMS is MUCH more than that - it's not about output to the screen, it's about matching across multiple scanners, camera, monitors, printers, etc.
2017-04-03 22:40:05 <Shiz> except through X
2017-04-03 22:40:19 <TemptorSent> And nailing them all to a pantone or other spec using a calibration tool.
2017-04-03 22:41:22 <Shiz> and it simply assuming input images are in your magical monitor monorspace it gets from X are even more of a WTF
2017-04-03 22:41:26 <TemptorSent> Try some 4 color DTP layouts and see how many bluelines it takes before you get something that even comes close to what you're seeing.
2017-04-03 22:42:08 <Shiz> TemptorSent: convert can read .icc files through -profile
2017-04-03 22:42:11 <Shiz> no X11 support needed
2017-04-03 22:42:43 <Shiz> or +profile
2017-04-03 22:42:46 <TemptorSent> Shiz: It works like this: You create content on your workstation, which has your monitor - then you want to send those files for rendering in some other application on another machine.
2017-04-03 22:42:51 <Shiz> yes
2017-04-03 22:42:57 <Shiz> so what you should do is send along your monitor .icc
2017-04-03 22:43:03 <Shiz> or convert it locally using that .icc
2017-04-03 22:43:10 <Shiz> not with magic info obtained from X that may or may not be accurate
2017-04-03 22:44:07 <TemptorSent> Shiz: The CMS and the X server need to work together to get the proper information.
2017-04-03 22:44:13 <Shiz> no...
2017-04-03 22:44:16 <Shiz> .icc
2017-04-03 22:44:18 <Shiz> again
2017-04-03 22:44:19 <TemptorSent> Shiz: the .icc profile is only part of the picture.
2017-04-03 22:44:25 <Shiz> it really isn't...
2017-04-03 22:44:42 <Shiz> .icc contains everything you need to normalize the image to a standard Adobe RGB/sRGB/what-have-you profile
2017-04-03 22:45:04 <TemptorSent> Shiz: That's nice, but CMS isn't just about RGB/sRGB -- that's easy!
2017-04-03 22:45:58 <TemptorSent> Shiz: I work in CMYK, CMmYyKk, HSB, LAB, and spot-color.
2017-04-03 22:46:29 <Shiz> and?
2017-04-03 22:46:33 <Shiz> the point is removing the device-dependence
2017-04-03 22:46:48 <Shiz> whatever you want to do with it afterwards has little relevance to the monitor
2017-04-03 22:46:50 <Shiz> :p
2017-04-03 22:46:59 <TemptorSent> Shiz: And how are you supposed to get what you expect if you're not running CMS in your x-server?
2017-04-03 22:47:31 <Shiz> by using the damn .icc to convert it to a standard RGB profile
2017-04-03 22:47:33 <Diftraku> does imagemagick actually depend on libX11 beyond some GUI tooling it might have?
2017-04-03 22:47:33 <TemptorSent> Shiz: The display OUTPUT needs to use the icc
2017-04-03 22:47:46 <Shiz> whatever renderer you need can then apply image correction again if it needs to to display on your monitor
2017-04-03 22:47:56 <TemptorSent> Diftraku: It can use the font server and color management, but doesn't need it
2017-04-03 22:48:14 <Diftraku> but does it depend on libX11 on a modern distro
2017-04-03 22:48:23 <Diftraku> that's what I'm curious about
2017-04-03 22:48:28 <TemptorSent> Shiz: And you know which monitor it's on at the moment HOW without the Xserver?
2017-04-03 22:48:46 <TemptorSent> Diftraku: In many cases, yes I believe.
2017-04-03 22:48:52 <Diftraku> because purely command-line tools running on a headless server with only a TTY shouldn't install X11
2017-04-03 22:49:07 <Diftraku> and I could find X11 in imagemagicks deps on xenial
2017-04-03 22:49:15 <Shiz> TemptorSent: the
2017-04-03 22:49:17 <Shiz> icc
2017-04-03 22:49:19 <Shiz> profile
2017-04-03 22:49:21 <Shiz> you pass it
2017-04-03 22:49:28 <TemptorSent> Diftraku: That was my original point, and why I'm a fan of sticking X stuff back in /usr/x11 where it belongs.
2017-04-03 22:49:32 <Shiz> Diftraku: it doesn't
2017-04-03 22:49:41 <Shiz> modern imagemagick in distros does not depend on x11
2017-04-03 22:49:46 <Diftraku> then why are we blabbing about X11 and imagemagick?
2017-04-03 22:49:49 <Diftraku> :3
2017-04-03 22:49:56 <Shiz> because TemptorSent is trying to justify /usr/x11
2017-04-03 22:49:57 <Shiz> :p
2017-04-03 22:50:03 <TemptorSent> Shiz: Okay, I run 3-4 monitors and move my work between them freely.
2017-04-03 22:50:18 <Diftraku> but shouldn't they use something that actually depends on X11 for those arguments?
2017-04-03 22:50:20 <TemptorSent> Shiz: So which color profile is display supposed to use now?
2017-04-03 22:50:25 <Shiz> TemptorSent: ?
2017-04-03 22:50:38 <Shiz> what color profile for display output is automatically done by your renderer
2017-04-03 22:50:52 <Shiz> if your program SAVES display-specific profile pics that is a wtf
2017-04-03 22:50:56 <Shiz> Diftraku: perhaps
2017-04-03 22:51:04 <Diftraku> also, if we do go for /usr/x11 we should also make /usr/mir and /usr/wayland
2017-04-03 22:51:08 <TemptorSent> Diftraku: My argument was that the imagemagick libs built without X belong in /usr/* while those built with X would be better off in /usr/x11/*
2017-04-03 22:51:29 <TemptorSent> Diftraku: Actually, that would be sane imho.
2017-04-03 22:52:23 <TemptorSent> Shiz: I'm talking about workflow, which include displaying images on your local system and converting them to a foreign profile, then previewing the expected output where possible.
2017-04-03 22:52:47 <Shiz> and both displaying and previewing should be color-corrected by your renderer
2017-04-03 22:52:52 <Shiz> not the thing that converts it
2017-04-03 22:53:06 <TemptorSent> Shiz: ImageMagick IS the renderer!
2017-04-03 22:53:21 <Shiz> and that is where the issue is
2017-04-03 22:53:26 <Shiz> imagemagick shouldn't be a renderer
2017-04-03 22:53:29 <Shiz> there's better shit for that
2017-04-03 22:53:33 <TemptorSent> Shiz: So what should?
2017-04-03 22:53:39 <Shiz> your image viewer
2017-04-03 22:53:55 <TemptorSent> Shiz: Um, that's nice, except that's what I use imagemagick for.
2017-04-03 22:54:01 <Shiz> well
2017-04-03 22:54:03 <Shiz> get a better image viewer
2017-04-03 22:54:25 <TemptorSent> Shiz: Find me one that I can do everything I can do with 'convert' and 'display'
2017-04-03 22:54:43 <Shiz> convert is not a renderer.
2017-04-03 22:54:51 <TemptorSent> That's what it's designed to do, not much else out there that does.
2017-04-03 22:54:59 <Shiz> the image conversion and rendering steps are distinc and separate
2017-04-03 22:55:05 <TemptorSent> Shiz: Actually, that's exactly what it is.
2017-04-03 22:55:06 <Shiz> as rendering adjusts for local configuration, like your monitor colors
2017-04-03 22:55:26 <TemptorSent> Shiz: It renders from one format to another, applying whatever kernels you want.
2017-04-03 22:55:56 <Shiz> yes, and local kernels should be separate and not represented in the file on-disk
2017-04-03 22:56:03 <Shiz> that's like escaping html and then putting it i na database
2017-04-03 22:56:12 <Shiz> local kernels should be applied just-in-time in the viewing phase
2017-04-03 22:56:34 <TemptorSent> Shiz: By kernels, I'm referring to in the image processing term, not the linux kernel :)
2017-04-03 22:56:45 <TemptorSent> Shiz: Transforms/filters/etc.
2017-04-03 22:56:48 <Shiz> ... why would you assume I thought otherwise?
2017-04-03 22:57:05 <Shiz> I know what a kernel is, I do image processing and rendering too
2017-04-03 22:57:33 <TemptorSent> Just making sure the overloaded term wasn't leading to confusion.
2017-04-03 22:58:27 <TemptorSent> But using a framebuffer as a target and rendering to it is the cleanest way of doing many of the manipulations.
2017-04-03 22:59:04 <Shiz> not particularly
2017-04-03 22:59:06 <TemptorSent> So unless you want to kill framebuffers too, it's helpfull to have a framebuffer that knows its color context.
2017-04-03 22:59:14 <Shiz> and by that
2017-04-03 22:59:19 <Shiz> i mean a virtual framebuffer is more than fine too
2017-04-03 22:59:24 <Shiz> you don't at all need X11 framebuffers for this
2017-04-03 22:59:57 <TemptorSent> Again, I have an image spanning a couple monitors, how does it get displayed?
2017-04-03 23:00:19 <TemptorSent> It needs both the colorspace for the image and the colorspace for both monitors
2017-04-03 23:00:31 <Shiz> you're again talking about displayin
2017-04-03 23:00:37 <TemptorSent> Only part of which I'd expect imagemagick to handle.
2017-04-03 23:00:39 <Shiz> im arguing the entire time imagemagick should not handle this
2017-04-03 23:01:10 <TemptorSent> Yes, because I'm talking about a workflow where imagemagick is rendering images to a framebuffer or using the display tool
2017-04-03 23:01:41 <Shiz> yes, and i'm saying it has no business doing that
2017-04-03 23:01:44 <Shiz> again
2017-04-03 23:01:45 <TemptorSent> Something needs to tell the display server which color profile the source is.
2017-04-03 23:01:50 <TemptorSent> So what does?
2017-04-03 23:02:34 <TemptorSent> ImageMagick (and GraphicsMagic) are the tools that everything else is built on for such usese.
2017-04-03 23:02:35 <Shiz> your image viewer
2017-04-03 23:02:43 <Shiz> 'everything else'?
2017-04-03 23:02:54 <Shiz> i literally only see IM and GM used because of convert(1)
2017-04-03 23:02:57 <TemptorSent> No 'image viewer' per-se involved.
2017-04-03 23:03:00 <Shiz> and the bindings
2017-04-03 23:04:23 <TemptorSent> Oh, and I'm already not happy about all the deps it drags in on a headless system dbus? Avahi? really?
2017-04-03 23:04:55 <TemptorSent> Take a look at 'display'
2017-04-03 23:05:42 <TemptorSent> And at the more useful features of convert, where it can basically build an image on the fly.
2017-04-03 23:10:06 <TemptorSent> Basically, I'd like to have all those whiz-bang feature available only when I need them, and install a more minimal tool by default.
2017-04-03 23:56:43 <Nobabs27> I installed ngircd, all I get is "connection timed out" when trying to connect...
2017-04-04 01:32:24 <fishin> Has anyone managed to build a successfully AWS AMI off the 3.5.x releases? The documentation on the wiki seems out of date.
2017-04-04 01:33:11 <fishin> When I do a grub-install, I'm hitting: boot/grub/stage1 not read correctly
2017-04-04 01:33:49 <Shiz> fishin: https://gist.github.com/kennwhite/d89174749ce468f7c455
2017-04-04 01:33:56 <Shiz> this seems more updated than the wiki entry, i think?
2017-04-04 01:34:55 <fishin> Shiz: tried that one too...still running up against the same issue
2017-04-04 01:35:49 <fishin> I'm using the standard image...
2017-04-04 01:36:01 <fishin> for 3.5.2
2017-04-04 01:36:50 <Shiz> hmm
2017-04-04 01:38:19 <fishin> Having the same issue from that gist and the wiki as the two commenters on that gist. After swapping in the volumes and starting the instance, the instance dies...no logs
2017-04-04 01:38:51 <grayhemp> fishin: spin up a surrogate ubuntu ec2, mount an ebs volume where your future alpine will be, wget apk-static + apk add alpine-base, update resolv.conf and apk/repositories where you installed alpine-base, chroot there and run setup-alpine
2017-04-04 01:38:53 <fishin> So figured grub, but grub won't install the bootloader correctly
2017-04-04 01:39:28 <fishin> problem could be im using the standard amazon instance?
2017-04-04 01:40:03 <Shiz> fishin: what about adampointer's comment?
2017-04-04 01:40:16 <grayhemp> fishin: diskopts='-s 0 -m sys -k virtgrsec <your EBS device>'
2017-04-04 01:40:41 <Shiz> grayhemp: that's for setup-alpine, though
2017-04-04 01:40:52 <grayhemp> fishin: then unbind the EBS device and take an ami
2017-04-04 01:40:58 <fishin> i already did the setup-alpine via virtual box
2017-04-04 01:41:10 <fishin> then ran lbu to create the zip
2017-04-04 01:41:40 <fishin> s/zip/gz; then extracted that into the ebs volume
2017-04-04 01:42:09 <fishin> but ill give that a shot. thanks.
2017-04-04 01:42:40 <grayhemp> no need to do lbu and all that if you are taking my approach
2017-04-04 01:43:37 <fishin> yours sounds more sane
2017-04-04 01:43:42 <fishin> TBH
2017-04-04 01:43:47 <grayhemp> the idea is to simulate a minimal booted system with chroot and then run setup-alpine against the EBS volume disk
2017-04-04 01:45:08 <fishin> Any issues you've seen running k8s minions/masters on alpine?
2017-04-04 01:45:45 <grayhemp> never run them TBH
2017-04-04 01:45:56 <grayhemp> sorry, need to fly away
2017-04-04 01:46:01 <fishin> thanks
2017-04-04 01:46:04 <grayhemp> yw
2017-04-04 06:57:28 <mepholic> I made a package for qrencode and pass (password store) for alpine linux if anyone is interested
2017-04-04 06:57:38 <mepholic> separate packages obviously
2017-04-04 12:33:25 <Shiz> mepholic: feel free to submit them to aports :)
2017-04-04 16:44:47 <mepholic> cool :)
2017-04-05 16:18:43 <freeve> Guys, I've built an alpine chroot environment that is attached to an EBS volume, but I'm having trouble getting it to boot. The guides I'm following for creating an AMI on the wiki and the gists online seem outdated. Any pointers as far as init'ing the MBR, etc?
2017-04-05 16:34:23 <darkfader> hm
2017-04-05 16:34:34 <darkfader> i also only got some old notes but it was also chroot-ish
2017-04-05 16:34:36 <darkfader> i'll dig for it
2017-04-05 16:35:43 <darkfader> http://confluence.wartungsfenster.de/display/Adminspace/Reinstallation+log
2017-04-05 16:35:49 <darkfader> look for extlinux in there
2017-04-05 16:36:02 <darkfader> and mbr.bin
2017-04-05 16:36:15 <darkfader> i don't mind you can just follow that, but see if you miss any of that steps
2017-04-05 20:46:30 <terra> ncopa: xarchiver version on repo is outdated, it doesn't show rar files properly..Can you please use the latest version here: https://github.com/ib/xarchiver/releases
2017-04-05 20:52:19 <TBB> wonder how much effort it would be to automate checking of newer versions from various upstreams and see if they build without changes...
2017-04-05 20:54:17 <budric[m]> hi, when running from ram how can I modify /etc/inittab file and persist the change - i want to disable ttyS0 respawn as my system doesn't have /dev/ttys0?  lbu commit commits it, but on reboot that last line gets appended back top open ttyS0
2017-04-05 21:05:41 <darkfader> TBB: that would be so cool
2017-04-05 21:05:48 <darkfader> maintainer notifications via that too
2017-04-05 21:06:16 <darkfader> i think freshports had something with that
2017-04-05 21:06:21 <darkfader> but it's too long to remember
2017-04-05 21:15:16 <TBB> ah well, it seems the project I'm working on is coming to an end and I'll have a bit of free time for a change; maybe I'll give it some more thought
2017-04-05 22:07:20 <Shiz> budric[m]: I think that may be too early in the boot process
2017-04-06 01:20:30 <buddydude> Has anybody run into issues with some packages in APK hanging? I'm trying to install gcc with "apk add gcc" and I get the following: https://pastebin.com/iKEpJ3xD
2017-04-06 01:20:44 <buddydude> and it just hangs on the "installing gcc" for a very long time
2017-04-06 01:20:48 <buddydude> sometimes it will fail with an IO error
2017-04-06 01:20:58 <buddydude> other times it will never fail and just sit there until I kill it
2017-04-06 01:21:13 <buddydude> (the IO error just says "IO error", nothing more informative. --verbose doesn't help either)
2017-04-06 01:39:41 <budric[m]> Shiz: thanks looks like it's a known issue and requires changing boot/config.txt https://bugs.alpinelinux.org/issues/7024
2017-04-06 02:19:40 <buddydude> (the error is "ERROR: gcc-5.3.0-r0: IO ERROR")
2017-04-06 03:09:27 <kaniini> buddydude are you running from ram ?
2017-04-06 08:53:23 <rollniak> Hello everyone :D
2017-04-06 08:55:38 <kahiru> yo rollniak, what's up?
2017-04-06 08:57:49 <rollniak> i play with Alpine and Xen \o/
2017-04-06 08:58:07 <kahiru> how's it going?
2017-04-06 11:16:12 <buddydude> Has anybody run into issues with some packages in APK hanging? I'm trying to install gcc with "apk add gcc" and I get the following: https://pastebin.com/iKEpJ3xD
2017-04-06 11:16:16 <buddydude> and it just hangs on the "installing gcc" for a very long time. Eventually (after 5-10 minutes, I'd say) it fails with "ERROR: gcc-5.3.0-r0: IO ERROR"
2017-04-06 11:16:53 <nsz> strace -f
2017-04-06 11:26:18 <buddydude> Unfortunately I get an strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted when doing "strace apk add gcc" as root
2017-04-06 11:26:34 <buddydude> this is docker, for what it's worth
2017-04-06 11:27:14 <kahiru> buddydude, does other networking work in the container?
2017-04-06 11:27:33 <kahiru> oh, does, nevermind
2017-04-06 11:28:07 <buddydude> it does, because I had to do apk add strace
2017-04-06 11:28:19 <buddydude> it's interesting because I can do apk adds of other packages
2017-04-06 11:28:29 <buddydude> but gcc and sometimes something related to python3-dev hangs
2017-04-06 11:28:32 <nsz> strace docker then
2017-04-06 11:29:53 <nsz> (or drop the nonsense security policy that prevents ptrace)
2017-04-06 11:31:20 <nsz> maybe docker run --cap-add SYS_PTRACE
2017-04-06 20:51:28 <echoes> Hello there
2017-04-06 20:54:51 <echoes> I'm trying to use pyglet with alpine ; but cannot get it working stuck with a "Library GLU not found"
2017-04-06 20:56:37 <echoes> Trying to find a way to install opengl
2017-04-06 20:57:42 <echoes> Someone got it working already or could give me a hint ?
2017-04-06 20:57:59 <TBB> mesa something
2017-04-06 20:58:12 <TBB> and that's not a Jar Jar Binks quote
2017-04-06 20:58:26 <echoes> mesa-devel ?
2017-04-06 20:58:54 <Shiz> mesa-gl
2017-04-06 20:59:12 <Shiz> also glu
2017-04-06 20:59:15 <Shiz> just 'glu'
2017-04-06 20:59:41 <echoes> woaw
2017-04-06 20:59:43 <echoes> thanks
2017-04-06 21:00:22 <echoes> Would not have found it without wasting some time
2017-04-06 21:01:05 <Shiz> http://pkgs.alpinelinux.org
2017-04-07 02:15:36 <danzarov> Hello, guys! Can someone please help me? I'm trying to create my custom iso with some pre-installed packages on it (binaries). For example, I'd like to generate an iso already containing rtorrent package and binary, ready to use, right after booting it, even before running the setup-alpine installer. Well, what I'm doing right now is basically, creating a apkovl file with lbu pkg, then adding the binary
2017-04-07 02:15:38 <danzarov> using 'lbu inc -v /path/to/bin/rtorrent', then adding these package names to /etc/apk/world file  and finally creating the iso using the make process and specifying the apkovl.tar.gz file as a APKOVL parameter (make PROFILE=<alpine~> APKOVL=<http..<file>.apkovl.tar.gz> iso). It kinda works, but it messed up the setup-alpine installer and a bunch of other things..any hint on where i should look at to
2017-04-07 02:15:40 <danzarov> accomplish this?
2017-04-07 02:28:09 <Shiz> danzarov: seems much easier to add the rtorrent .apk to the .iso and then rtorrent to etc/apk/world in your apkovl
2017-04-07 02:30:01 <Shiz> in the apks/$arch directory on the isoy
2017-04-07 02:30:09 <Shiz> you may need to updat the APKINDEX.tar.gz for that, however
2017-04-07 02:30:34 <Shiz> definitely don't add the binary to the lbu
2017-04-07 02:31:12 <Shiz> danzarov: in fact, just adding rtorrent to alpine.packages should do the trick
2017-04-07 02:31:19 <Shiz> in the alpine-iso dir
2017-04-07 02:32:07 <Shiz> and then rtorrent to /etc/apk/world in the lbu
2017-04-07 02:44:23 <danzarov> Shiz: thank you very much for the help! i'll try this! :))
2017-04-07 06:29:07 <hendry> hi guys, I need to run a shell script as well as nginx in an Alpine docker container, do you guys recommend a particular supervisor for running them reliably?
2017-04-07 06:47:12 <hiro> hendry: sh
2017-04-07 06:47:44 <hiro> i'd run a shell script from a shell script
2017-04-07 06:53:47 <hendry> hiro: CMD foo.sh and foo.sh has nginx & and myscript() ... yeah
2017-04-07 06:56:23 <hiro> yeah, i'd just try to start nginx in foreground so that you can keep a subshell blocking so that nginx can restart automatically
2017-04-07 07:01:54 <hendry> foreground you mean myscript & nginx -g daemon off? https://github.com/nginxinc/docker-nginx/blob/master/stable/alpine/Dockerfile#L140
2017-04-07 07:13:54 <hiro> i don't know nginx' command line syntax
2017-04-07 07:14:25 <hiro> i just mean that it should keep a process in the foreground as long as it runs and not fork away and then close the process you started first
2017-04-07 07:14:56 <hiro> so that you can keep a shell blocked and run it in a while
2017-04-07 07:19:40 <hiro> so yeah, something like "don't background" "stay in foreground" "don't deamonize" is normally the right one
2017-04-07 07:19:46 <hiro> but check what it does in detail
2017-04-07 07:20:09 <hiro> you don't wanna disable any shit you need for performance or so :)
2017-04-07 07:20:24 <hiro> i have *tried* to look it up, but their man page is shit
2017-04-07 15:48:40 <CharlesN> I have an application crashing on /lib/ld-linux.so.2: not found.Segmentation fault (core dumped), libc6-compat is already installed
2017-04-07 15:49:28 <CharlesN> it's an old application but was working on rhel
2017-04-07 16:10:34 <BitL0G1c> CharlesN - glibc & musl c are not binary compatible - the application would need to be built under musl c
2017-04-07 16:10:57 <Xe> BitL0G1c: libc6-compat
2017-04-07 16:11:02 <Xe> CharlesN: `apk add libc6-compat`
2017-04-07 16:13:17 <BitL0G1c> there are still small differences between the c libraries that are enough to cause a segfault. The simplest way to setup a build environment is to create an alpine lxc container
2017-04-07 16:15:05 <BitL0G1c> & apk add alpine-sdk
2017-04-07 16:15:16 <CharlesN> Xe, libc6-compat is already installed
2017-04-07 16:15:31 <Xe> CharlesN: build it on alpine yeah
2017-04-07 16:16:42 <CharlesN> BitL0G1c, Xe I don't have the source code of this program
2017-04-07 16:16:59 <Xe> CharlesN: try ubuntu then, you're screwed
2017-04-07 16:21:35 <CharlesN> Xe, ok, I'll do that
2017-04-07 16:36:40 <uriah> hmm... seeing what BitL0G1c just wrote makes me think my current work is to no avail
2017-04-07 16:38:16 <CharlesN> Xe, it worked on centos7 with the  glibc.i686
2017-04-07 16:38:18 <CharlesN> package
2017-04-07 16:39:01 <uriah> i was hoping i'd be able to get widevine working in alpine just by patching musl with an implementation of the missing symbols for libwidevinecdm.so (firefox), but i guess those "small differences" probably would cause it to segfault anyway
2017-04-07 16:39:27 <uriah> who knows, though... it isn't like the code i wrote would be up to par :-/
2017-04-07 16:39:37 <uriah> s/par/standards/
2017-04-07 16:43:45 <uriah> BitL0G1c: do you think things might be different/similar in my case?
2017-04-07 16:59:59 <BitL0G1c> uriah - in every case it would be best to build completely under musl. if alpine hasn't done it yet - void linux probably has
2017-04-07 17:01:57 <uriah> BitL0G1c: well libwidevine.so is a blob shipped by google, but i think it's compiled for glibc
2017-04-07 17:02:22 <kaniini> the glibc emulation is very much work in progress
2017-04-07 17:03:59 <uriah> kaniini: do you mean libc6-compat?
2017-04-07 17:04:11 <kaniini> yes
2017-04-07 17:04:13 <uriah> ok
2017-04-07 17:04:54 <kaniini> however, widevine is something we want to have work
2017-04-07 17:04:59 <uriah> ok
2017-04-07 17:04:59 <kaniini> so i will probably look at it soon
2017-04-07 17:05:00 <uriah> well
2017-04-07 17:05:18 <uriah> there is this thread: http://www.openwall.com/lists/musl/2015/06/17/1
2017-04-07 17:05:42 <uriah> and i've "tried" to get the suggestions in that thread implemented, but i really think i screwed up / don't know what i'm doing
2017-04-07 17:06:03 <uriah> but of course you've already seen what i've been saying in #musl ;)
2017-04-07 17:07:10 <uriah> i'd submit my current patch to their mailing list, but i have a feeling something is terribly wrong with it, as it triggers grsec limits
2017-04-07 17:09:37 <uriah> so i'm waiting, i have some friends who might be able to take a look / be my second set of eyes/brains... but until then, not sure, as i'm pretty exhausted lately (been dealing with increased inner madness), and don't really feel like i have the energy to figure out things properly
2017-04-07 17:10:23 <uriah> anyway
2017-04-07 17:11:16 <uriah> there's also the fact that i haven't yet run the test c code for these functions which is shipped with glibc code
2017-04-07 17:11:34 <uriah> it's pretty pointless to submit a patch when it's untested imho
2017-04-07 17:12:16 <uriah> but yeah, as i said, i think i need to refresh myself by taking a break from it for 1/2 day to a day or two
2017-04-07 17:14:51 <uriah> kaniini: if you're interested at all, and have a bit of free time to review what i did (it really won't be up to standards in some places), you can look at the latest patch/incremental patch set here: http://sprunge.us/dOhJ [full patch, includes both patches from thread] - http://sprunge.us/BYPf [incremental, shows changes i made to the first patch, and includes non-erroneous changes made from second
2017-04-07 17:14:57 <uriah> patch itt]
2017-04-07 17:15:05 <uriah> but yeah, you probably don't want to run it
2017-04-07 17:15:09 <uriah> not in its current form
2017-04-07 17:15:44 <TemptorSent> uriah: What would probably help is to make a matrix showing the inputs and results in the glibc test files, then determine the logic required to get the same results, rather than trying to reinvent them.
2017-04-07 17:16:32 <TemptorSent> I think you're running in circles trying to make the code 'right' when the behavior expected may not reflect what you expect.
2017-04-07 17:16:39 <uriah> agreed
2017-04-07 17:16:56 <uriah> i've just exhausted myself, and require a breather, i think
2017-04-07 17:17:03 <TemptorSent> Good plan.
2017-04-07 17:17:08 <uriah> :.
2017-04-07 17:17:10 <uriah> :>
2017-04-07 17:17:44 <uriah> most of what i did is, to be honest, "monkey see, monkey do"
2017-04-07 17:17:47 <uriah> which i know is wrong
2017-04-07 17:18:32 <TemptorSent> Yeah, considering glibc is using some strange semantics in places that don't translate to musl.
2017-04-07 17:19:44 <uriah> hmm...
2017-04-07 17:25:22 <uriah> TemptorSent: you're probably pretty busy with things, but would you mind taking a look at the sanity of __realpath_chk() in that patch for me please?
2017-04-07 17:25:31 <uriah> i probably made it wrong heh
2017-04-07 17:26:02 <uriah> anyway
2017-04-07 17:26:08 <uriah> i'm going to go play some drums
2017-04-07 17:26:16 <uriah> and maybe take a walk
2017-04-07 17:26:28 <uriah> cause i feel like i'm intellectually drained
2017-04-07 17:26:35 <uriah> it'll likely help me continue
2017-04-07 17:26:38 <uriah> ttyl ;)
2017-04-07 17:29:39 <TemptorSent> uriah: post the link here please?
2017-04-07 17:34:20 <kaniini> overall the patch looks mostly okay
2017-04-07 17:34:35 <uriah> TemptorSent: original patch: http://www.openwall.com/lists/musl/2015/06/17/1 - my full patch: http://sprunge.us/dOhJ - changes between the two: http://sprunge.us/BYPf
2017-04-07 17:35:32 <uriah> kaniini: well, the conditionals are probably mistaken in some places
2017-04-07 17:35:42 <uriah> and i do some rather messy stuff, i think, in some of the functions
2017-04-07 17:37:09 <tmh1999> kaniini : what should I do if the builder has network problem fetching packages (404, timeout,etc.) but my local builder does not ?
2017-04-07 17:40:46 <kaniini> i'm not sure
2017-04-07 17:40:58 <kaniini> the builder maintainer i guess should fix it :p
2017-04-07 17:45:24 <uriah> kaniini: if you've spotted any obvious issues, please let me know and i'll try to work on them.
2017-04-07 17:46:14 <kaniini> __vasprintf_chk doesnt check anything
2017-04-07 17:46:32 <kaniini> same for vdprintf
2017-04-07 17:46:32 <kaniini> etc
2017-04-07 17:46:44 <uriah> ok
2017-04-07 17:47:04 <kaniini> stuff like this is wrong:
2017-04-07 17:47:06 <kaniini> +	if (count > buflen && r > buflen) a_crash();
2017-04-07 17:47:14 <uriah> those are from the original patch, if it's wrong it must not have been noticed by musl devs
2017-04-07 17:47:16 <kaniini> you should check count > buflen before making the syscall
2017-04-07 17:47:27 <uriah> hmm, ok
2017-04-07 17:47:33 <uriah> i'll change all of those then
2017-04-07 17:47:47 <uriah> so i split them into two conditionals, with the syscall between them?
2017-04-07 17:47:55 <kaniini> that way you know which condition caused it
2017-04-07 17:47:57 <kaniini> yes
2017-04-07 17:47:59 <uriah> true ok
2017-04-07 17:48:02 <uriah> thanks
2017-04-07 17:48:10 <uriah> that shouldn't be too difficult to deal with
2017-04-07 17:48:30 <kaniini> security 101 is never check your inputs at the same time that you check your outputs
2017-04-07 17:48:41 <uriah> good point
2017-04-07 17:48:43 <kaniini> inputs should be checked first, then the wrapped function, then the output should be checked
2017-04-07 17:51:22 <uriah> ok
2017-04-07 17:53:18 <dalias> kaniini, are you sure?
2017-04-07 17:53:41 <kaniini> i am quite sure
2017-04-07 17:53:47 <uriah> uh oh :-/
2017-04-07 17:54:40 <dalias> kaniini, not sure about confstr but for some calls that's definitely wrong and for others it's arguably wrong
2017-04-07 17:54:58 <dalias> for instance this is well-defined
2017-04-07 17:55:03 <kaniini> well i guess it depends
2017-04-07 17:55:18 <dalias> char buf[2]; snprintf(buf, 100, "%c", 65);
2017-04-07 17:55:39 <dalias> it's awful style but well-defined
2017-04-07 17:57:26 <dalias> in the case of __read_chk, the second test "r > buflen" will always be false
2017-04-07 17:57:37 <dalias> i don't know a good way to write this
2017-04-07 17:58:20 <dalias> well..
2017-04-07 17:58:28 <dalias> it would always be false except that this is backwards i think:
2017-04-07 17:58:29 <dalias> buflen>count ? buflen : count
2017-04-07 17:58:33 <uriah> oh ok
2017-04-07 17:58:36 <uriah> sorry about that
2017-04-07 17:58:37 <dalias> should be < rather than > i think, right?
2017-04-07 17:59:17 <uriah> dalias: it's probably wrong everywhere i put it then
2017-04-07 17:59:38 <dalias> yeah i think you did max where you meant min in all those places
2017-04-07 17:59:44 <uriah> ok
2017-04-07 17:59:47 <uriah> my mistake
2017-04-07 18:00:50 <uriah> yeah i see what i did wrong there
2017-04-07 18:00:52 <uriah> i'll fix it
2017-04-07 18:01:05 <uriah> dalias: so, you don't want me to split the conditionals, though?
2017-04-07 18:01:19 <dalias> hm?
2017-04-07 18:01:24 <uriah> like kaniini was suggesting i do
2017-04-07 18:01:25 <dalias> it's not a matter of splitting them or not splitting them
2017-04-07 18:01:34 <dalias> it's a matter of when you can determine that UB was invoked
2017-04-07 18:01:50 <kaniini> yes, what i was really saying is
2017-04-07 18:01:53 <kaniini> you should check
2017-04-07 18:02:03 <kaniini> and make sure that you crash at earliest possible opportunity
2017-04-07 18:02:10 <uriah> ok
2017-04-07 18:02:16 <kaniini> so that if you run gdb
2017-04-07 18:02:23 <dalias> kaniini, i think what you're saying is the problem with the original patch, though
2017-04-07 18:02:24 <uriah> sorry, but could you guys clarify what UB means?
2017-04-07 18:02:24 <kaniini> you know what specifically caused the problem
2017-04-07 18:02:42 <kaniini> uriah: undefined behaviour
2017-04-07 18:02:44 <uriah> oh ok
2017-04-07 18:02:47 <kaniini> doing something you shouldn't be
2017-04-07 18:02:47 <uriah> ty
2017-04-07 18:02:49 <dalias> it caught lots of caller_passed_len > compiler_determined_buf_len cases that were not undefined behavior
2017-04-07 18:02:52 <dalias> like my snprintf example
2017-04-07 18:03:01 <kaniini> dalias: indeed
2017-04-07 18:03:15 <dalias> and in many of them, like read(), i don't know a good fix...
2017-04-07 18:03:16 <kaniini> dalias: so its a little trickier
2017-04-07 18:03:19 <dalias> yes
2017-04-07 18:03:26 <dalias> there's a lot of trickiness/subtlety to this
2017-04-07 18:03:40 <dalias> and some of it is even about things where the correct interpretation of the standard is unclear :(
2017-04-07 18:03:48 <uriah> :-/
2017-04-07 18:04:16 <uriah> i see...
2017-04-07 18:04:18 <dalias> fwiw passing (size_t)-1 to read() for "unlimited length", which seems (per posix) like it should be safe and valid as long as the actual file size is bounded and fits in the buffer...
2017-04-07 18:04:26 <dalias> ...causes the kernel to return -EFAULT
2017-04-07 18:05:14 <uriah> hmm...
2017-04-07 18:05:20 <dalias> and i don't see any valid way to work around that
2017-04-07 18:05:36 <dalias> so it's possible that posix is just wrong/unclear and passing a value larger than the buffer size should just be UB
2017-04-07 18:05:50 <dalias> in which case it would be fine to do what kaniini suggests and a_crash() immediately if that happens
2017-04-07 18:06:03 <dalias> so part of what has been stalling this issue is not missing code
2017-04-07 18:06:09 <dalias> but missing interpretation of the standard :(
2017-04-07 18:06:13 <uriah> i see
2017-04-07 18:06:48 <kaniini> it seems to me that it should be undefined behaviour in the _chk() case
2017-04-07 18:07:20 <kaniini> but that is based on about 5 minutes of thinking about the problem
2017-04-07 18:08:00 <uriah> dalias: kaniini: btw thanks for taking time out of your day for this... i'll try not to disappoint
2017-04-07 18:09:38 <uriah> but yeah, sorry if some of the later code changes i made make you cringe :-/
2017-04-07 18:10:36 <kaniini> dalias: in my opinion, i stand by what i originally said -- checked calls must be UB if the value is larger than buffer size
2017-04-07 18:10:57 <kaniini> dalias: because silent truncation is arguably a security risk in many cases
2017-04-07 18:11:19 <kaniini> which is really the alternative
2017-04-07 18:11:57 <dalias> i gave you a strong example where that's not valid -- the snprintf one
2017-04-07 18:12:06 <dalias> the ultimate example of this is all uses of sprintf
2017-04-07 18:12:13 <dalias> which are just calls to snprintf with n==SIZE_MAX
2017-04-07 18:12:33 <dalias> others are less clear
2017-04-07 18:13:28 <uriah> dalias: you might call me on this later, but yeah, i can see why it's important for this kind of info to be put on the mailing list instead of in an irc channel...
2017-04-07 18:13:50 <dalias> another pretty good example is wc[r]tomb where in general you need to know the conversion will fit
2017-04-07 18:14:10 <dalias> but if you already measured before starting the conversion, just passing MB_LEN_MAX on each call makes sense
2017-04-07 18:14:59 <dalias> when it comes time to convert the terminating null char there will only be 1 byte left in the buffer, but the call with MB_LEN_MAX is still valid because the code already determined that the total length fits
2017-04-07 18:16:23 <kaniini> right that is basically what i'm saying
2017-04-07 18:16:26 <dalias> so it's not a matter of "are there cases where you can't assume UB just because n>bos?"
2017-04-07 18:16:41 <dalias> but rather "where is the cutoff point where assuming n>box implies UB?"
2017-04-07 18:18:13 <TemptorSent> Hmm, shouldn't any attempt that exceeds the bounds explicitly given fail?
2017-04-07 18:19:06 <TemptorSent> And only then check if the result would fit in the specified buffer if it's SMALLER than the max allowable?
2017-04-07 18:20:48 <kaniini> yes
2017-04-07 18:20:50 <TemptorSent> The three options for behavior in the _chk functions are a_crash, return <error value>, or return value that function returns.
2017-04-07 18:20:55 <kaniini> that is what i am saying :p
2017-04-07 18:21:26 <dalias> the goal is to crash if performing the operation would invoke ub
2017-04-07 18:21:55 <dalias> the problem is that sometimes you can't determine if the operation would invoke ub without performing it
2017-04-07 18:22:05 <TemptorSent> If the specified output buffer is larger than the max size returned by the function, it's safe to call the function.
2017-04-07 18:22:29 <uriah> ah...
2017-04-07 18:22:44 <dalias> in the case of snprintf you can
2017-04-07 18:22:53 <dalias> pass min(n, buf_size)
2017-04-07 18:23:05 <TemptorSent> If it's smaller, we need allocate a buffer of the max size the function can return, evaluate the function to that buffer, then crash if it wouldn't fit, otherwise return the result.
2017-04-07 18:23:11 <uriah> dalias: i guess in these cases there would need to be a special helper function that could somehow determine whether UB would be invoked on the kernel level?
2017-04-07 18:23:19 <dalias> then crash if return value is >buf_size
2017-04-07 18:23:35 <kaniini> isnt it possible to find out from snprintf
2017-04-07 18:23:39 <kaniini> how much space is actually required
2017-04-07 18:23:42 <dalias> right
2017-04-07 18:23:45 <kaniini> i recall doing this once
2017-04-07 18:23:50 <TemptorSent> The safe way to do it is waste some known stack rather than heap.
2017-04-07 18:23:51 <dalias> snprintf returns the space actually required (-1)
2017-04-07 18:24:00 <kaniini> right -1 indeed
2017-04-07 18:24:00 <kaniini> :)
2017-04-07 18:24:13 <dalias> temptorsent, no, that's just going to overflow your stack
2017-04-07 18:24:15 <dalias> which is even worse
2017-04-07 18:24:28 <kaniini> yeah dont use stack for that
2017-04-07 18:24:33 <TemptorSent> dalias: Not when you allocate a FIXED size.
2017-04-07 18:24:58 <dalias> depends on how large it is, but in order to do that for read you'd need to allocate an arbitrarily large temp buffer i think...
2017-04-07 18:25:02 <TemptorSent> LiENUS: char tmp[PATH_MAX]
2017-04-07 18:25:11 <TemptorSent> ie  char tmp[PATH_MAX]
2017-04-07 18:25:23 <dalias> for readlink it should be safe to do that
2017-04-07 18:25:36 <uriah> is readlink actually ok?
2017-04-07 18:25:46 <TemptorSent> For anything you have a known limit, that should be safe.
2017-04-07 18:25:58 <dalias> temptorsent, depends on how high that known limit is
2017-04-07 18:26:01 <TemptorSent> for snprintf, you could do it chunkwise I suppose.
2017-04-07 18:26:04 <dalias> 4k, sure, ok
2017-04-07 18:26:12 <kaniini> yes path_max is sane for readlink
2017-04-07 18:26:14 <kaniini> imo
2017-04-07 18:26:15 <dalias> temptorsent, snprintf cannot be done chunkwise but it's not needed at all
2017-04-07 18:26:24 <dalias> snprintf returns the amount that would have been needed
2017-04-07 18:26:34 <kaniini> yes with snprintf you use -1
2017-04-07 18:26:42 <dalias> -1?
2017-04-07 18:26:48 <dalias> snprintf only returns -1 on error
2017-04-07 18:26:57 <kaniini> for the size
2017-04-07 18:26:59 <dalias> the -1 i said above was -1 offset from buffer size
2017-04-07 18:27:10 <dalias> you don't pass -1 either
2017-04-07 18:27:12 <uriah> hmm...
2017-04-07 18:27:13 <kaniini> yes
2017-04-07 18:27:16 <kaniini> exactly
2017-04-07 18:27:21 <kaniini> bufsize-1
2017-04-07 18:27:30 <uriah> ok there's another problem with my code then i think, this being read
2017-04-07 18:27:30 <dalias> you do vsnprintf(buf, min(n, buf_size), fmt, ap);
2017-04-07 18:27:38 <kaniini> if it returns that it needs more
2017-04-07 18:27:38 <kaniini> fail
2017-04-07 18:27:41 <dalias> and then if the return value is >= buf_size you crash
2017-04-07 18:27:44 <uriah> see all of that strnlen(foo, bar) + 1 stuff?
2017-04-07 18:27:47 <kaniini> yep
2017-04-07 18:27:55 <uriah> it probably shouldn't be everywhere, right?
2017-04-07 18:28:05 <dalias> that safely checks for UB in the caller without invoking UB
2017-04-07 18:28:06 <TemptorSent> Sorry, not snprintf, v*printf
2017-04-07 18:28:25 <TemptorSent> That's the set that needs chunking.
2017-04-07 18:28:40 <dalias> chunking is just not possible at all
2017-04-07 18:28:50 <kaniini> vsnprintf does not need chunking
2017-04-07 18:28:52 <dalias> you can't break up format strings
2017-04-07 18:28:58 <dalias> thankfully you don't need to
2017-04-07 18:29:01 <kaniini> you handle it like snprintf
2017-04-07 18:29:05 <TemptorSent> No, I mean in checking the allocation.
2017-04-07 18:29:08 <dalias> the snprintf api is nice
2017-04-07 18:29:34 <TemptorSent> You can check the buffer, then check the result size and crash at both points if it exceeds.
2017-04-07 18:30:29 <TemptorSent> So you can avoid passing bad params to snprintf, then check the return, then evaluate.
2017-04-07 18:30:56 <TemptorSent> Which doesn't work for reading streams.
2017-04-07 18:32:48 <TemptorSent> But I guess if we're going to crash anyway, we probably don't care if we read more than we actually processed from the stream.
2017-04-07 18:33:10 <TemptorSent> Although that could break certain corner cases.
2017-04-07 18:33:13 <dalias> read() writes data to memory
2017-04-07 18:33:26 <dalias> the overread from the stream is rather irrelevant
2017-04-07 18:33:48 <dalias> it's the overwrite to memory that could give an attacker a way in
2017-04-07 18:34:02 <dalias> even if you would catch it later after the syscall returns
2017-04-07 18:34:33 <uriah> hmm...
2017-04-07 18:34:36 <TemptorSent> True, but the overread will leave the stream at an unexpected point, so the next reader may get unexpected input.
2017-04-07 18:34:59 <dalias> temptorsent, that happens anyway if you called a non-checking read()
2017-04-07 18:35:05 <dalias> it's UB anyway
2017-04-07 18:35:17 <dalias> one of the manifestations of UB is leaving files seeked to the wrong position
2017-04-07 18:35:44 <TemptorSent> Yeah, it should probably either reset or close the fd, not sure if a_crash does that...
2017-04-07 18:35:47 <dalias> we're just trying to reduce or eliminate the scope of manifestations that an attacker can easily exploit
2017-04-07 18:35:55 <dalias> no, it shouldn't
2017-04-07 18:36:14 <dalias> doing anything else after UB is detected increases the likelihood that an attacker can gain control
2017-04-07 18:36:19 <dalias> you just need the process to die asap
2017-04-07 18:36:28 <dalias> making syscalls is not even safe
2017-04-07 18:37:17 <TemptorSent> Hmm, something should clean up stale fds and other open resources or it will zombie.
2017-04-07 18:37:44 <dalias> when a process dies all of its files are closed
2017-04-07 18:37:46 <TemptorSent> I haven't looked at how a_crash actually crashes.
2017-04-07 18:37:58 <dalias> it executes a faulting or illegal instruction
2017-04-07 18:38:20 <dalias> ideally it would raise SIGKILL
2017-04-07 18:38:26 <TemptorSent> Okay, that should break a blocked io I guess, unlike sigkill.
2017-04-07 18:38:29 <dalias> but that requires making a syscall that's more work to do securely
2017-04-07 18:39:06 <dalias> and something trappable is more nice if you want to run it under a debugger
2017-04-07 18:39:08 <TemptorSent> The kernel will kick it out on illegal instruction.
2017-04-07 18:39:16 <dalias> the kernel will raise SIGSEGV or SIGILL
2017-04-07 18:39:35 <dalias> SIGILL is preferable because it's less likely the program traps it
2017-04-07 18:39:45 <TemptorSent> Yeah, but it also will zombie if the kernel doesn't kick it with a blocked open resource, or at least it did.
2017-04-07 18:40:07 <dalias> if the process has threads in a D state that's not something you can fix
2017-04-07 18:40:11 <dalias> zombie is the wrong word
2017-04-07 18:40:19 <dalias> it has a specific meaning that's completely different
2017-04-07 18:40:28 <dalias> D state is a kernel bug
2017-04-07 18:40:52 <TemptorSent> zombies are processes that can't close but aren't scheduled last I checked.
2017-04-07 18:40:55 <dalias> no
2017-04-07 18:41:11 <dalias> zombies are process ids from processes whose parents have not yet waited on them
2017-04-07 18:41:33 <dalias> they carry with them some minimal accounting data that's waiting for the parent to see it
2017-04-07 18:41:48 <dalias> normally they only exist momentarily
2017-04-07 18:41:59 <dalias> but some buggy programs make child processes and don't wait on them
2017-04-07 18:42:04 <dalias> and then the zombie hangs around
2017-04-07 18:42:20 <TemptorSent> Right, what happens when we crash? Any child processes end up Z
2017-04-07 18:42:24 <dalias> eventually if the parent dies the zombie will be reparented to pid 1 (init) and init will wait on it
2017-04-07 18:42:28 <dalias> no
2017-04-07 18:42:38 <dalias> if a process's parent dies it gets reparented to init
2017-04-07 18:42:48 <dalias> and init waits on all children that exit
2017-04-07 18:43:20 <TemptorSent> Okay, so a_crash is seen as legitimate exit point and is handled like a termination and avoids that, good!
2017-04-07 18:43:51 <dalias> all it does is cause the process to crash the same way it would if the cpu caught it doing UB
2017-04-07 18:44:01 <dalias> like dereferencing a null pointer
2017-04-07 18:44:23 <TemptorSent> Things have improved a bit since I was messing with the libc/kernel guts back in the late '90s
2017-04-07 18:44:59 <uriah> 
ACTION feels like TemptorSent is finding a renewed calling :)

2017-04-07 18:45:39 <TemptorSent> *lol* uriah -- yeah, I need a few things to work :)
2017-04-07 18:45:48 <uriah> :>
2017-04-07 18:46:33 <uriah> does anyone here know how long sprunge.us keeps pastes hosted for?
2017-04-07 18:46:46 <dalias> uriah, seemingly forever :-p
2017-04-07 18:46:49 <uriah> nice
2017-04-07 18:47:08 <dalias> i think they have some heuristic where huge ones, or ones from clients that send abusively many, get purged quickly
2017-04-07 18:47:17 <dalias> but everything else just sticks around
2017-04-07 18:47:25 <uriah> ok that's surprising though
2017-04-07 18:47:33 <dalias> i don't know exactly how it works
2017-04-07 18:47:35 <uriah> cause they only have a certain amount of addresses possible, right?
2017-04-07 18:47:39 <dalias> the sw is all open source tho
2017-04-07 18:47:48 <dalias> i don't think they reuse addresses at all
2017-04-07 18:47:51 <TemptorSent> Does a_crash itself provide anything to help unwind the call stack for the debugger?
2017-04-07 18:47:55 <dalias> the number of addresses should be unlimited
2017-04-07 18:48:08 <dalias> temptorsent, no, the compiler already does that
2017-04-07 18:49:10 <TemptorSent> Okay, so no additional state about the crash is stored. How well does that work out with stripped binaries?
2017-04-07 18:49:56 <TemptorSent> I haven't gotten into fortify far enough to see how they're doing things internally.
2017-04-07 18:51:38 <TemptorSent> Obviously they build a little black-magick in to the code-generation...
2017-04-07 18:52:38 <TemptorSent> I guess delving into that is on my todo list, since I need it for an upcoming project anyway.
2017-04-07 18:53:25 <uriah> kaniini: how often do the channel logs rotate / get pushed to the web? i'm going to be rebooting before resuming work on this stuff, and am running in a live environment
2017-04-07 18:53:45 <uriah> would be good to reference myself from the things discussed here
2017-04-07 18:56:02 <uriah> seems to be live - good :)
2017-04-07 18:56:05 <TemptorSent> uriah: The appear to be long-lived and updated nearly real time.
2017-04-07 18:56:09 <uriah> nice
2017-04-07 19:01:24 <uriah> 
ACTION wishes he had more than a stack of blank dvd's to back things up on externally before rebooting

2017-04-07 19:01:37 <uriah> the dvd burner i have is uh... slightly malfunctioning
2017-04-07 19:03:15 <uriah> anyway, i'll use the burner
2017-04-07 19:16:29 <uriah> ok, bbl
2017-04-07 19:16:35 <uriah> shutting down, and will grab a bite to eat
2017-04-07 19:57:51 <uriah> ahh... replenished.
2017-04-07 19:58:06 <uriah> nothing like living in a country where tim horton's is just down the street
2017-04-07 20:14:48 <uriah> kaniini: is it normal for the execution of `./path/to/ld-musl-x86_64.so.1 /path/to/test/bin` to segfault with a grsec catch shown in dmesg out-of-the-box in alpine, or would that be due to errors in my code making a bad request?
2017-04-07 20:15:18 <uriah> (i suspect the latter)
2017-04-07 20:15:38 <uriah> it's one of those RLIMIT_CORE catches
2017-04-07 20:21:17 <uriah> anyway... wrt to me changing my patch, does one of you have time to specify where UB would be a problem wrt calling the function before checking please? i understand now how it's a sticky situation, considering the conditional can't really be split, because the second condition needs to be matched for the first condition not to have false positives
2017-04-07 20:21:31 <uriah> iirc, it's not the case everywhere
2017-04-07 20:21:46 <uriah> oops iiuc*
2017-04-07 21:54:35 <darkfader> hmm, any ideas about when we get the last xen security patch?
2017-04-07 21:55:52 <uriah> :)
2017-04-07 23:48:30 <minimalism> Can any of Alpine's ISOs boot in UEFI mode during installation?
2017-04-08 00:37:41 <kaniini> no
2017-04-08 00:37:53 <kaniini> we need to work on it
2017-04-08 00:40:00 <TemptorSent> kaniini: ^^^ In reference to?
2017-04-08 00:40:21 <kaniini> UEFI
2017-04-08 00:40:52 <TemptorSent> Ahh, okay - I have support for it in mkimage, but no testing with grub actually enabled :)
2017-04-08 00:41:38 <TemptorSent> It should be straightforward to get it working.
2017-04-08 00:42:47 <TemptorSent> If someone can give me a known-working config and command line to build the iso, I can fix that pretty quick.
2017-04-08 00:45:50 <TemptorSent> kaniini: Question regarding swtich to sha512 sums in apk pax headers -- any idea on timeline?
2017-04-08 00:54:29 <tmh1999> kaniini : looks like you made some APKBUILD commits to fetch packages from distfiles.alpinelinux.org and now they are 404 :(
2017-04-08 00:55:47 <tmh1999> not some, but unzip in particular
2017-04-08 00:58:44 <tmh1999> can you bring distfiles.alpinelinux.org up ?
2017-04-08 01:55:23 <tmh1999> kaniini : looks like dev.alpinelinux.org/archive is up
2017-04-08 02:00:50 <kaniini> TemptorSent: not sure yet
2017-04-08 02:00:53 <kaniini> TemptorSent: sorry
2017-04-08 02:16:34 <TemptorSent> kaniini: No problem, just trying to make plans on how I handle checksums.
2017-04-08 02:17:04 <kaniini> tmh1999: that is an infra thing sorry :p
2017-04-08 02:17:50 <TemptorSent> kaniini: For now, I'll checksum modules using sha512, then compare that to a manifest generated off the files extracted from the apk, which I'll calculate both the sha512 and sha1
2017-04-08 02:20:05 <TemptorSent> kaniini: Also, any thoughts on any reason NOT to compress modules?
2017-04-08 02:26:17 <minimalism> kaniini: TemptorSent: There are plans to include UEFI in the ISO?
2017-04-08 02:26:40 <kaniini> yes, but probably wont make 3.6 cut
2017-04-08 02:26:53 <kaniini> you can master your own
2017-04-08 02:27:32 <minimalism> hm
2017-04-08 02:27:34 <kaniini> https://wiki.alpinelinux.org/wiki/Create_UEFI_boot_USB
2017-04-08 02:28:35 <minimalism> Would there be a chance it's in 3.7?
2017-04-08 02:28:51 <Shiz> likely
2017-04-08 02:29:17 <kaniini> minimalism: yes, including secure boot
2017-04-08 02:29:31 <minimalism> Great. I use Alpine mostly on servers and other smaller devices, but I was thinking I'd like to use it on my USB as a rescue disk and such.
2017-04-08 02:32:00 <TemptorSent> minimalism: Mastering you own will be quite easy as soon a I finish mkimage and friends.
2017-04-08 02:33:02 <minimalism> mkimage?
2017-04-08 02:33:18 <minimalism> Is that a new util to create custom Alpine images?
2017-04-08 02:33:30 <kaniini> yes
2017-04-08 02:33:47 <minimalism> neat
2017-04-08 02:34:09 <minimalism> If UEFI is being supported in future releases, would that mean utils like efibootmgr would be added in the package repositories?
2017-04-08 02:34:22 <kaniini> yes.  we already have gummiboot
2017-04-08 02:34:32 <kaniini> and it is possible to boot alpine on UEFI already
2017-04-08 02:34:35 <kaniini> just a little shakey
2017-04-08 02:34:44 <minimalism> yeah, but it would be great if it were a first class citizen
2017-04-08 02:35:06 <kaniini> that is the plan for 3.7
2017-04-08 02:41:27 <TemptorSent> minimalism: If you want to help on the bleeding edge, my working branch is currently at https://github.com/TemptorSent/aports/tree/mkimiage-refactor-scripts/scripts/mkimage
2017-04-08 02:41:54 <TemptorSent> minimalism: It will be moving to the top-level alpine repo in the next week or so as soon as I finish cleaning up the kerneltool.
2017-04-08 02:42:23 <TemptorSent> minimalism: So any testing/comments you may be able to help with before that would be quite helpful.
2017-04-08 02:43:39 <minimalism> I was thinking about installing Alpine Linux on my desktop's spare SSD
2017-04-08 02:43:55 <minimalism> will have to look into how practical that is for booting though.. I don't use a bootloader
2017-04-08 02:44:08 <minimalism> it just fires straight to gentoo with the instructions set in my UEFI by efibootmgr
2017-04-08 02:44:35 <TemptorSent> minimalism can you do a one-off usb boot from uefi bios?
2017-04-08 02:45:36 <minimalism> yeah, I have to hit one of my function keys
2017-04-08 02:47:42 <TemptorSent> minimalism: That's a good way to get a setup running and testing... actually, I'm still running off a bloody sd card on my xeon because I haven't bothered to plug in a real drive yet :)
2017-04-08 03:11:36 <kaniini> i have an alpine laptop
2017-04-08 03:11:41 <kaniini> gets 16 hours battery
2017-04-08 03:11:47 <kaniini> in ubuntu it gets 3
2017-04-08 03:11:49 <kaniini> hahah
2017-04-08 03:20:56 <luxio> The instructions on the wiki for installing GNOME say to install the "gnome-base" package, but I'm getting an "unsatisfiable contraints" error.
2017-04-08 03:21:02 <luxio> I've configured apk to use community packages too.
2017-04-08 03:21:28 <Shiz> good news everyone
2017-04-08 03:21:28 <kaniini> which gnome are you looking for?
2017-04-08 03:21:33 <Shiz> Rust for Alpine is working
2017-04-08 03:21:37 <Shiz> both static and dynamic linking
2017-04-08 03:21:46 <kaniini> now do it without depending on voidlinux
2017-04-08 03:21:46 <kaniini> :p
2017-04-08 03:22:33 <TemptorSent> holy shit! I've got a thunderstorm roaring around me dropping half inch chunks of clear, solid ICE and keeping the sky lit for minutes at a time!
2017-04-08 03:22:53 <Shiz> kaniini: we already do
2017-04-08 03:22:55 <Shiz> :p
2017-04-08 03:23:03 <Shiz> https://txt.shiz.me/OGViNmYxYW
2017-04-08 03:23:05 <Shiz> ^ proof
2017-04-08 03:23:10 <TemptorSent> Loosing all coms at random.
2017-04-08 03:23:32 <kaniini> proof that we do not depend on void to bootstrap ? :p
2017-04-08 03:23:37 <Shiz> no, proof that it works
2017-04-08 03:23:46 <Shiz> kaniini: now that we have our own builds, we don't need to rely on void anymore
2017-04-08 03:23:49 <Shiz> we can just... use our own builds
2017-04-08 03:23:51 <Shiz> :p
2017-04-08 03:23:53 <kaniini> works for me
2017-04-08 03:24:15 <Shiz> we need a small patch to our libunwind though
2017-04-08 03:24:21 <Shiz> well, not a patch
2017-04-08 03:24:24 <Shiz> just a configure option and pkgrel bump
2017-04-08 03:24:31 <Shiz> --enable-cxx-exceptions
2017-04-08 03:25:23 <kaniini> ok
2017-04-08 03:25:29 <kaniini> toss me an mbox
2017-04-08 03:25:32 <TemptorSent> Oops, wasn't in offtopic when I repopped.
2017-04-08 03:25:37 <kaniini> and i will do the needful
2017-04-08 03:26:50 <luxio> When I type "slim" in the console, nothing happens
2017-04-08 03:26:57 <luxio> It's like a command that does nothing
2017-04-08 03:27:12 <kaniini> luxio: which gnome do you want.  gnome 2 or 3?
2017-04-08 03:27:22 <kaniini> luxio: if you want gnome 2, mate is better supported
2017-04-08 03:27:40 <kaniini> luxio: gnome right now is in process of being updated now that the systemd dependencies have been separated
2017-04-08 03:27:43 <luxio> kaniini: I'm not sure which to get, or whether to get xfce
2017-04-08 03:27:54 <kaniini> luxio: probably either mate or xfce tbh
2017-04-08 03:28:03 <luxio> yeah I was thinking xfce
2017-04-08 03:29:12 <Shiz> kaniini: https://txt.shiz.me/NmM3MzRlZD.txt
2017-04-08 03:29:53 <kaniini> ok
2017-04-08 03:29:56 <TemptorSent> Would someone please k-line chatter29 and their subnet?
2017-04-08 03:29:57 <Shiz> subject should say main/libunwind, ah well
2017-04-08 03:30:11 <kaniini> TemptorSent: try #freenode but expect no response
2017-04-08 03:30:40 <TemptorSent> Yeah, it was mostly rhetorical...
2017-04-08 03:32:20 <TemptorSent> I long for the days when a handfull of us could effectively blackhole entire subnets with a couple of BGP pubs.
2017-04-08 03:32:51 <kaniini> Shiz: done
2017-04-08 03:32:55 <Shiz> \o
2017-04-08 03:34:01 <TemptorSent> Alpine-rust, that should be the name of a color of paint or something ;)
2017-04-08 03:34:36 <luxio> sorry my computer froze when i did startx for some reason
2017-04-08 03:35:54 <luxio> http://i.imgur.com/rAUb1KK.jpg
2017-04-08 03:36:02 <luxio> That's what happens when I do startx.
2017-04-08 03:36:18 <luxio> When I have "nomodeset" as a kernel option, it starts xfce, but my resolution is stuck at a low setting
2017-04-08 03:36:26 <luxio> When I remove that option, the above happens
2017-04-08 03:50:24 <kaniini> did you run setup-xorg-base ? :p
2017-04-08 03:53:20 <luxio> I just installed the packages but I'll run it anyway
2017-04-08 03:53:42 <luxio> oh
2017-04-08 03:53:44 <luxio> LOL
2017-04-08 03:53:51 <luxio> i forgot to install xf86-video-modesetting
2017-04-08 03:54:06 <luxio> 1 sec lemme see if it works now
2017-04-08 03:57:05 <luxio> kaniini: Hrm, it's still not working. Did I have to run that on the installation cd environment?
2017-04-08 04:02:56 <luxio> kaniini: Should I just reinstall?
2017-04-08 04:03:01 <luxio> [alpine]?
2017-04-08 04:03:12 <kaniini> no
2017-04-08 04:03:22 <kaniini> but you might need to disable nomodeset
2017-04-08 04:03:38 <kaniini> and ensure kms is enabled in initramfs
2017-04-08 04:03:57 <luxio> kaniini: Removing nomodeset is what caused the freezing problem
2017-04-08 04:04:01 <luxio> kaniini: How do I check for kms?
2017-04-08 04:04:32 <kaniini> mkinitfs.conf
2017-04-08 04:04:51 <kaniini> in /etc/mkinitfs
2017-04-08 04:05:27 <luxio> kaniini: should that be features="..."?
2017-04-08 04:05:33 <luxio> I don't see kms in that string
2017-04-08 04:07:01 <kaniini> yes add kms there
2017-04-08 04:07:11 <kaniini> then run mkinitfs
2017-04-08 04:08:22 <luxio> kaniini: ok. but why wasn't it there?
2017-04-08 04:09:22 <kaniini> right now the installer doesn't really ask what features you want :(
2017-04-08 04:09:53 <luxio> kaniini: what is kms? kernel modesetting i assume? and what's modesetting?
2017-04-08 04:09:56 <luxio> just curious about this
2017-04-08 04:10:45 <kaniini> some drivers have the kernel drive the gpu
2017-04-08 04:10:52 <kaniini> that's what kms is
2017-04-08 04:11:21 <kaniini> mode setting is an api provided by kernel to allow the kernel to set the graphics mode
2017-04-08 04:14:56 <TemptorSent> kaniini: The module mess is being straightened out as we speak!
2017-04-08 04:16:37 <luxio> kaniini: I've added kms to mkinitfs.conf, removed nomodeset from extlinux.conf, run nomodeset and setup-xorg-base, still freezing
2017-04-08 04:52:52 <luxio> kaniini: did I forget something?
2017-04-08 04:53:24 <kaniini> humm weird
2017-04-08 04:53:30 <kaniini> should do the trick
2017-04-08 04:53:33 <kaniini> does for me anyway
2017-04-08 04:53:46 <uriah> Hey all
2017-04-08 04:55:49 <uriah> Kinda feeling a bit sad atm... pretty sure the stuff I've been trying to get working for musl is way more than what I have the knowledge to do...
2017-04-08 04:56:31 <TemptorSent> Okay, I now have modules finding and checksumming ALL of their deps (including the ones depmod missed for some reason), including firmware. That should represent a sane basis to build out from, since I actually check the module vermagic string agaist the kernel release.
2017-04-08 04:56:41 <luxio> uriah: the national suicide prevention lifeline is 1-800-273-8255
2017-04-08 04:56:48 <uriah> Ugh
2017-04-08 04:56:58 <uriah> That's not what I meant but thanks
2017-04-08 04:57:17 <uriah> Also, wrong country
2017-04-08 04:57:44 <luxio> wrong
2017-04-08 04:57:48 <luxio> america is the only country
2017-04-08 04:58:07 <uriah> Nice, TemptorSent, congrats
2017-04-08 04:59:15 <TemptorSent> I'm sick of having a broken system every time it updates!
2017-04-08 05:00:01 <uriah> Well sounds like you're close
2017-04-08 05:00:14 <luxio> i believe in you
2017-04-08 05:01:08 <TemptorSent> Grr.. How, exactly, is it sane to update the kernel and modules, and delete the modules of the CURRENTLY running kernel?
2017-04-08 05:01:23 <uriah> Ouch
2017-04-08 05:02:10 <TemptorSent> Yeah, that's why this is front-burner for me ;)
2017-04-08 05:02:20 <uriah> :-)
2017-04-08 05:02:55 <TemptorSent> I suspect people on fast, reliable internet connections don't see the problem because they get relatively atomic updates.
2017-04-08 05:12:02 <Guest42159> Heading out for the night
2017-04-08 05:12:09 <Guest42159> Later
2017-04-08 05:45:44 <TemptorSent> Is there any way of getting a list of all firmware or module containg packages in a machine-readable way?
2017-04-08 18:36:30 <Zucca> I'm getting "symbol not found" errors when xorg is trying to load drivers... Do I have an abi mismatch there?
2017-04-08 18:38:59 <Zucca> ”Failed to load /usr/lib/xorg/modules/drivers/modesetting_drv.so: Error relocating /usr/lib/xorg/modules/driver”
2017-04-08 18:39:21 <Zucca> s/modesetting_drv.so: glamor_set_screen_pixmap: symbol not found
2017-04-08 19:01:33 <luxio> hey
2017-04-08 19:02:33 <luxio> anyone know why i'd get this error? https://ghostbin.com/paste/j5a9r
2017-04-08 19:02:57 <luxio> i'm trying to run the "terminator" terminal emulator
2017-04-08 19:14:43 <avih> luxio: try "apk add py-psutil" and if that doesn't work py2-psutil or py3-psutil according to the main python version you have installled
2017-04-08 19:15:45 <luxio> avih: well at least i'm getting a different error now lol
2017-04-08 19:15:48 <luxio> You need to install the python bindings for gobject, gtk and pango to run Terminator.
2017-04-08 19:16:03 <luxio> can't find the pango python binding
2017-04-08 19:16:15 <avih> yeah, it needs a lot of deps, including some py-gtk ones
2017-04-08 19:20:46 <avih> luxio: seems you're trying 1.9x, which indeed complains about those on my system too. but apparently i have enough deps to run 1.0, so IMO start with that
2017-04-08 19:21:27 <luxio> avih: I don't see 1.0 in my repositories
2017-04-08 19:21:32 <avih> 1.0 it was released on 2016-11-23, so not too old
2017-04-08 19:21:50 <avih> https://launchpad.net/terminator/+download https://launchpad.net/terminator/trunk/1.0/+download/terminator-1.0.tar.gz
2017-04-08 19:24:32 <avih> luxio: where did you get the version you just tried from?
2017-04-08 19:26:41 <luxio> avih: `apk add terminator`
2017-04-08 19:27:06 <luxio> avih: my repos are main and community
2017-04-08 19:27:33 <avih> oh, i wasn't aware there was an alpine package for it. in that case, sounds like the package is broken, since it should have also installed whatever deps it needs
2017-04-08 19:27:42 <avih> file a bug IMO
2017-04-08 19:28:20 <avih> regardless, i was able to download 1.0 from the link above and install enough deps to get it working.
2017-04-08 19:33:02 <luxio> avih: I did that, didn't even need to install deps. Seems to work
2017-04-08 19:33:38 <avih> well, it does need some non default deps, just seems you have them installed already.
2017-04-08 19:34:14 <avih> probably got installed when you installed terminator with apk
2017-04-08 19:35:13 <luxio> brb
2017-04-08 22:29:51 <Shiz> kaniini: maybe it'sa good idea to have an option to have apk run check() but not fail if it doesn't return 0
2017-04-08 22:30:22 <kaniini> why would we want that
2017-04-08 22:30:59 <Shiz> broken/volatile tests/wip apkbuilds
2017-04-08 22:31:06 <Shiz> that you may still want partial results of
2017-04-08 22:31:28 <Shiz> although i guess you can always just do || : in check()
2017-04-08 22:31:40 <kaniini> options=!check
2017-04-08 22:31:50 <kaniini> obviously :)
2017-04-08 22:32:00 <Shiz> !check won't run it...
2017-04-09 00:54:25 <luxio> When I do `apk add luarocks`, I don't have a luarocks command. Bug?
2017-04-09 01:18:53 <luxio> Also when I do alsamixer, I get this error: cannot open mixer: No such file or directory
2017-04-09 01:18:56 <luxio> It works as root, just not as my user.
2017-04-09 01:18:59 <luxio> My user is in the audio group.
2017-04-09 01:19:12 <bougyman> luxio: in your current session?
2017-04-09 01:19:23 <bougyman> what does `id` return?
2017-04-09 01:19:30 <bougyman> does it show you in the audio group?
2017-04-09 01:19:39 <bougyman> and... are you using pulseaudio?
2017-04-09 01:21:16 <luxio> uid=1000(blep) gid=1000(blep) groups=1000(blep)
2017-04-09 01:21:24 <luxio> bougyman: I'm not sure how to check if I'm using pulseaudio
2017-04-09 01:21:46 <bougyman> ok, so your current user's session isn't in the audio group
2017-04-09 01:21:50 <bougyman> you have to log in again.
2017-04-09 01:21:53 <luxio> ah ok
2017-04-09 01:21:55 <luxio> brb then
2017-04-09 01:23:05 <luxio> bougyman: working now, thanks! :)
2017-04-09 02:55:23 <dalias> can anyone explain to me wtf modloop is, why it fails to start, and why update-kernel's mkinitfs depends on modloop?
2017-04-09 03:01:27 <BitL0G1c> dalias - on a normal hard disk install - I disable the modloop service - it doesn't seem to cause any problems
2017-04-09 03:02:32 <dalias> but update-kernel is aborting  with "Module loopback device not mounted"
2017-04-09 03:02:55 <Shiz> modloop is part of the initramfs
2017-04-09 03:02:58 <Shiz> so that's probably hwy
2017-04-09 03:03:07 <Shiz> or well, used in
2017-04-09 03:03:22 <dalias> i need an initramfs to get generated with my config
2017-04-09 03:03:29 <dalias> otherwise necessary modules to boot are missing
2017-04-09 03:03:35 <dalias> but it fails to run because of this
2017-04-09 03:04:58 <Shiz> why not just call # mkinitfs?
2017-04-09 03:05:08 <Shiz> only update-kernel needs modloop
2017-04-09 03:05:37 <dalias> *sigh* that seems to work
2017-04-09 03:05:47 <dalias> but i want it to work automatically when i install a new kernel
2017-04-09 03:05:51 <dalias> otherwise i'll get bricked
2017-04-09 03:07:34 <Shiz> mkinitfs should get called when the kernel is updated
2017-04-09 03:07:47 <BitL0G1c> I have some notes on the wiki for how I configured luks in lvm with a custom initramfs
2017-04-09 03:08:34 <Shiz> dalias: update-kernel is not for usage outside of initial setup i think
2017-04-09 03:08:40 <Shiz> mkinitfs is the intended scirpt :p
2017-04-09 03:09:46 <BitL0G1c> /etc/update-extlinux.conf - add the modules you need in the initramfs in there
2017-04-09 03:10:03 <Shiz> that's
2017-04-09 03:10:09 <Shiz> cool but he's not using a custom initramfs...
2017-04-09 03:10:10 <dalias> bitl0g1c, i have them there
2017-04-09 03:10:19 <Shiz> anyway
2017-04-09 03:10:23 <dalias> but they also need to be in mkinitfs.conf i think
2017-04-09 03:10:37 <dalias> and weren't at the time of kernel pkg upgrade
2017-04-09 03:10:40 <dalias> now they should be
2017-04-09 03:10:46 <dalias> and it seems to have worked
2017-04-09 03:10:51 <dalias> i have 4.9.20 running now
2017-04-09 03:11:58 <BitL0G1c> if you ever need to rebuilt the initramfs - "fix linux-grsec" (or vanilla) - will regenerate it
2017-04-09 03:12:12 <Shiz> zzz
2017-04-09 03:13:45 <BitL0G1c> beats messing around with mkinitfs
2017-04-09 03:25:48 <dalias> yay thanks
2017-04-09 04:13:52 <luxio> How do I change my shell from ash to zsh?
2017-04-09 04:27:15 <BitL0G1c> edit /etc/passwd - change /bin/ash to /bin/zsh
2017-04-09 04:27:33 <BitL0G1c> chsh /bin/zsh - may work too
2017-04-09 04:29:00 <BitL0G1c> chsh is in shadow https://pkgs.alpinelinux.org/contents?file=chsh&path=&name=&branch=&repo=&arch=
2017-04-09 04:29:44 <BitL0G1c> luxio ^^
2017-04-09 04:37:21 <kaniini> hi
2017-04-09 04:42:18 <luxio> BitL0G1c: I changed that, but something's setting PS1
2017-04-09 04:42:35 <luxio> and the prompt looks like this \h:\w\$
2017-04-09 04:44:21 <BitL0G1c> luxio - see /etc/profile.d/color_prompt.sh
2017-04-09 04:45:00 <luxio> BitL0G1c: not enabled, it's just `color_prompt`
2017-04-09 04:45:47 <BitL0G1c> see /etc/profile
2017-04-09 04:46:07 <luxio> BitL0G1c: yeah that's setting PS1
2017-04-09 04:46:09 <luxio> what is it
2017-04-09 04:47:13 <dunx> BitL0G1c: it's never a good idea to edit /etc/passwd directly
2017-04-09 04:47:34 <dunx> chsh is the desired way to change shell.\
2017-04-09 04:48:11 <BitL0G1c> yes i said that too - but changing a shell manually has never caused me any problems
2017-04-09 04:58:03 <dunx> well silly people will select the wrong shell
2017-04-09 04:58:17 <dunx> and that is kind of hard to get out of if said shell does not exist!
2017-04-09 05:09:38 <kaniini> huh
2017-04-09 05:09:44 <kaniini> there is an alpine linux japanese community
2017-04-09 05:09:57 <kaniini> i wonder if it is worth reaching out to them
2017-04-09 05:11:04 <dalias> yes, they're rather active on twitter it seems
2017-04-09 05:12:29 <BitL0G1c> dunx - yes very true
2017-04-09 06:13:30 <TemptorSent> dalias, Shiz: update-kernel and mkinitfs are horribly broken at current, I'm just about done with a rewrite that fixes it.
2017-04-09 06:20:12 <TemptorSent> Shiz: Update kernel runs every time you upgrade your kernel version, and it unfortunately is prone to getting mismatched versions if something goes sideways during fetch if you retry.
2017-04-09 07:27:51 <kaniini> dalias: it is so strange to discover stuff like that.  in my experience, they never ever make contact with the actual project, but if you reach out to them, then they are usually on board
2017-04-09 07:29:09 <kaniini> dalias: like in the early days of maintaining audacious, this guy in japan ported a lot of plugins from XMMS people wanted, but i had no idea for 2 years -- reached out to him and he was like "oh it didn't occur to me to ask about sending these to you"
2017-04-09 07:31:52 <kaniini> dalias: i think largely it is because japanese people use their own social media and publishing platforms and when you see them on twitter and stuff it's mostly because it is being syndicated from elsewhere
2017-04-09 07:35:01 <kaniini> what would be really neat is if someone could make a tool which cross-references all social media (western platforms like twitter, japanese platforms like hatena, etc.)
2017-04-09 07:36:37 <echelon> hey guys
2017-04-09 07:36:56 <echelon> what's causing this error.. The command '/bin/sh -c apk --no-cache add      bash    litespeed       certbot' returned a non-zero code: 1
2017-04-09 07:37:18 <echelon> trying to use alpine:edge
2017-04-09 07:39:08 <echelon> ERROR: unsatisfiable constraints:
2017-04-09 07:39:10 <echelon>   litespeed (missing):
2017-04-09 07:39:12 <echelon>     required by: world[litespeed]
2017-04-09 09:09:58 <Zucca> echelon: litespeed -package isn't in repositories.
2017-04-09 10:36:15 <stevenroose> I'm thinking about installing Alpine to run a simple Go-based server application
2017-04-09 10:36:29 <stevenroose> Any thoughts? All I actually need is Git + Golang
2017-04-09 10:36:51 <stevenroose> It'll be an Intel NUC box
2017-04-09 13:09:04 <echelon> zucca1, thanks.. seems to be in testing repo
2017-04-09 19:34:31 <kallenp> Hi all. I am sorry, I am new at Alpine Linux. It´s look verry well. Is support possible in this IRC channel ? Thanks for answer, Petr, Czech Republic
2017-04-09 19:37:24 <TBB> hello and welcome. you'll get answers to some of your questions here, I'm sure.
2017-04-09 19:37:27 <_ikke_> kallenp: depends on the kind of support you are expecting, but if you ask clear questions, people will help if you have patience
2017-04-09 19:44:34 <kallenp> OK and thanks :-) I will try it later :-)
2017-04-09 20:06:40 <mlu> hey guys, I'm curious: does anyone here use Alpine as a desktop OS? if so, how is it?
2017-04-09 20:07:12 <_ikke_> I know some do, I myself don't
2017-04-09 20:07:36 <Shiz> i do
2017-04-09 20:07:47 <Shiz> and trfl does as well
2017-04-09 20:08:11 <mlu> any particular annoyances / surprises?
2017-04-09 20:08:55 <mlu> primarily since I've never actually used a musl-based distro as my primary desktop before
2017-04-09 20:08:57 <Shiz> X.org can be a bit annoying to get to work with nouveau
2017-04-09 20:09:08 <Shiz> but there's a backport for the fix in musl for some issues there in edge
2017-04-09 20:09:24 <mlu> how's the stability?
2017-04-09 20:09:49 <mlu> 
ACTION is glad he has a dedicated gaming box

2017-04-09 20:22:36 <kaniini> it is alright
2017-04-09 20:31:57 <Shiz> has been stable for me
2017-04-09 20:39:49 <mlu> thanks for the info: looks like I might have a new adventure :)
2017-04-09 20:40:15 <Sandlayth> hi
2017-04-09 20:40:46 <Sandlayth> i can't install postgresql-dev, i have this message when i try to: http://sprunge.us/hHTa
2017-04-09 20:41:29 <Sandlayth> any idea?
2017-04-09 20:51:46 <Shiz> Sandlayth: apk del openssl-dev
2017-04-09 20:52:10 <Sandlayth> yep, i saw this
2017-04-09 20:52:17 <Sandlayth> hum, it's strange
2017-04-09 20:52:26 <Sandlayth> i'm trying to build https://github.com/tootsuite/mastodon/blob/master/Dockerfile
2017-04-09 20:52:40 <Sandlayth> which is based on ruby
2017-04-09 20:53:21 <Sandlayth> the fact is that ruby seems to depend on openssl
2017-04-09 20:57:15 <Shiz> it likely doesn't
2017-04-09 20:57:18 <Shiz> just needs libressl-dev
2017-04-09 21:20:45 <kaniini> lmao tootsuite
2017-04-09 21:20:46 <kaniini> i get it
2017-04-09 21:20:50 <kaniini> hootsuite
2017-04-09 21:20:52 <kaniini> hahahahaha
2017-04-09 21:22:06 <Sandlayth> huhu
2017-04-09 21:22:34 <Sandlayth> i'll just rebuild ruby using openssl instead of libressl
2017-04-09 21:23:05 <kaniini> actually that error is saying to rebuild ruby against libressl.
2017-04-09 21:23:11 <kaniini> which is fixed in edge
2017-04-09 21:23:19 <kaniini> so you might change the Dockerfile to use edge
2017-04-09 21:23:52 <Sandlayth> actually
2017-04-09 21:23:59 <Sandlayth> i'm building everything alone
2017-04-09 21:24:09 <Sandlayth> given that i'm on an armv7l architecture
2017-04-10 00:06:55 <Nobabs27> https://pastebin.com/S3VQGPHF
2017-04-10 00:06:59 <Nobabs27> I get bad password
2017-04-10 00:08:52 <Nobabs27> ngircd
2017-04-10 00:10:08 <Shiz> well yes
2017-04-10 00:10:20 <Nobabs27> ?
2017-04-10 00:10:30 <Shiz> wait, misread
2017-04-10 00:10:38 <Nobabs27> ok
2017-04-10 00:11:02 <Shiz> check if your mask matches
2017-04-10 00:12:24 <Nobabs27> how would I do that (im on HexChat) ?
2017-04-10 00:13:53 <Shiz> /whois yourself on the server..
2017-04-10 00:14:01 <Nobabs27> ah kk
2017-04-10 00:16:53 <Nobabs27> still bad password
2017-04-10 00:17:27 <Shiz> well, does your mask match the one in the config
2017-04-10 00:18:19 <Nobabs27> yes
2017-04-10 00:18:24 <Nobabs27> my whois says its ~babs@c-50-142-84-112.hsd1.tn.comcast.net
2017-04-10 00:18:58 <Nobabs27> ill try jsut turning off the mask'
2017-04-10 00:19:42 <Nobabs27> nope still bad password even after ;ing the mask
2017-04-10 00:27:36 <Nobabs27> new one (that still doesnt work @Shiz
2017-04-10 00:27:37 <Nobabs27> https://pastebin.com/nPzQdD6N
2017-04-10 00:29:16 <Shiz> ngircd log should tell you why /oper failed
2017-04-10 00:30:29 <Nobabs27> where is the log?
2017-04-10 00:35:00 <echelon> hi
2017-04-10 00:35:04 <Nobabs27> hi
2017-04-10 00:35:20 <echelon> i'm trying to use alpine:latest repo to get this package.. https://pkgs.alpinelinux.org/packages?name=litespeed
2017-04-10 00:35:34 <Nobabs27> ok
2017-04-10 00:35:43 <Shiz> /var/log/messages, probably
2017-04-10 00:35:57 <Shiz> echelon: litespeed is not in latest
2017-04-10 00:36:03 <Shiz> as the package browser tells you, it's in edge
2017-04-10 00:36:11 <echelon> i tried edge too
2017-04-10 00:36:15 <Shiz> latest is the latest stable release
2017-04-10 00:36:20 <Shiz> you need to add the testing repository too
2017-04-10 00:36:31 <echelon> oh
2017-04-10 00:36:49 <Shiz> echo '@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories
2017-04-10 00:36:53 <Shiz> apk add --no-cache litespeed@testing
2017-04-10 00:37:08 <echelon> ah, thanks
2017-04-10 00:37:31 <Shiz> if your whole system/image is based on edge, you can drop the @testing prefix from both the echo and the apk add
2017-04-10 00:37:42 <Nobabs27> all it says is rejected (connection 9): Bad password! XD
2017-04-10 00:38:01 <echelon> ok, lemme try it
2017-04-10 00:38:04 <Nobabs27> 10/10 descriptive
2017-04-10 00:38:35 <Shiz> Nobabs27: ...
2017-04-10 00:38:38 <Shiz> well there's your problem
2017-04-10 00:38:44 <Shiz> you're trying to enter your oper password as your server password
2017-04-10 00:38:51 <Shiz> server passwords are for connecting, not opering up
2017-04-10 00:38:58 <Nobabs27> where do I enter the oper password?
2017-04-10 00:39:14 <Shiz> are you sure you're fit to run an ircd if you're having trouble even locating the logfile? :P
2017-04-10 00:39:21 <Shiz> /oper username password in your client once connected
2017-04-10 00:40:27 <echelon> using alpine:edge, it fetches from http://dl-cdn.alpinelinux.org/alpine/edge/main/ only
2017-04-10 00:40:43 <Shiz> echelon: did you add the repository properly using the echo command?
2017-04-10 00:40:50 <Shiz> even :edge still needs that repository explicitly added
2017-04-10 00:40:57 <Shiz> since it's the testing repository
2017-04-10 00:41:01 <echelon> ok
2017-04-10 00:41:07 <Nobabs27> its not connecting to the server though ._.
2017-04-10 00:41:21 <echelon> echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories ..should be sufficient?
2017-04-10 00:41:26 <Shiz> correct
2017-04-10 00:41:29 <echelon> cool
2017-04-10 00:41:49 <Nobabs27> and I thought the password for the server was supposed to be disabled ?
2017-04-10 00:42:02 <echelon> Shiz: awesome, thanks :)
2017-04-10 00:42:07 <Shiz> np :)
2017-04-10 00:42:19 <Shiz> the testing repository is not implicitly added because well.. it's not well-tested yet
2017-04-10 00:42:28 <echelon> gotcha :)
2017-04-10 00:43:03 <Shiz> if you're having success with software in there, reporting it is always appreciated so we can determine what to move to the community repos at some point
2017-04-10 00:43:10 <Shiz> s/we/the devs/
2017-04-10 00:43:52 <Shiz> Nobabs27: yes, it is
2017-04-10 00:44:21 <Nobabs27> ...
2017-04-10 00:44:27 <Shiz> that is, the server password
2017-04-10 00:44:29 <Shiz> not the oper password
2017-04-10 00:44:46 <Nobabs27> ok, then why am I getting disconnected?
2017-04-10 00:44:59 <Shiz> because you're sending a server password with your client
2017-04-10 00:45:02 <Shiz> when the server has none set
2017-04-10 00:45:04 <Shiz> so it will reject you
2017-04-10 00:45:48 <Nobabs27> still bad password even with non set
2017-04-10 00:46:14 <Nobabs27> ive even tried weechat too
2017-04-10 00:49:50 <Shiz> not sure then
2017-04-10 00:49:53 <Shiz> tried asking #ngircd? :P
2017-04-10 00:49:58 <Nobabs27> already have
2017-04-10 00:50:04 <Nobabs27> no one on apparently
2017-04-10 00:50:16 <Shiz> on irc.barton.de?
2017-04-10 00:50:19 <Nobabs27> yep
2017-04-10 00:50:40 <Nobabs27> no one on as in no has responded I mean
2017-04-10 00:52:04 <Diftraku> well, it's the wee-hours in the morning on EU, so you might have a better luck trying again later
2017-04-10 00:52:15 <Nobabs27> perhaps
2017-04-10 03:32:10 <pepedelosbosques> Hi. I'm getting started with awall. I need to insert a Custom iptables Rule. Can anyone help me with an example of the structure of the key:value?
2017-04-10 05:58:05 <hendry> i shelled into my alpine container
2017-04-10 05:58:13 <hendry> and ran halt, hoping it would shut down the container
2017-04-10 05:58:16 <hendry> and it didn't work
2017-04-10 05:58:27 <hendry> also killing PID 1 seemed to have no impact
2017-04-10 05:58:43 <hendry> so how does one shut down a container... from within a container ?
2017-04-10 06:00:08 <Shiz> docker stop containerid
2017-04-10 06:00:22 <Shiz> halt doesn't do anything as it would normally message init
2017-04-10 06:00:32 <Shiz> a container has no init system
2017-04-10 06:01:38 <hendry> Shiz: i need to be able to kill the container from within the container
2017-04-10 06:02:19 <Shiz> run a supervisor as pid1
2017-04-10 06:02:37 <Shiz> that provides some way for you to tell it to exit
2017-04-10 06:02:58 <hendry> I'm a bit suprised kill PID 1 isn't enough to make my entry.bash script to exit
2017-04-10 06:03:13 <Shiz> pid1 can't be killed.
2017-04-10 06:03:15 <Shiz> that's the issue
2017-04-10 06:03:18 <Shiz> it blocks all signals
2017-04-10 06:03:26 <hendry> Shiz: ah
2017-04-10 06:03:37 <hendry> Shiz: what supervisor do you recommend I use ?
2017-04-10 06:03:39 <hendry> open-rc ?
2017-04-10 06:03:51 <Shiz> openrc isn't a supervisor, but an init system
2017-04-10 06:03:56 <Shiz> one sec
2017-04-10 06:03:59 <hendry> k
2017-04-10 06:11:56 <Shiz> hendry: supervisord is often used
2017-04-10 06:12:41 <hendry> CMD supervisord -n -c /etc/supervisord.conf type paradigm in a Dockerfile right?
2017-04-10 06:13:47 <hendry> And how does shut down supervisord? http://stackoverflow.com/questions/14479894/stopping-supervisord-shut-down is a little unclear
2017-04-10 06:13:51 <Shiz> the -c ... part isn't really needed since that's the default location
2017-04-10 06:13:57 <Shiz> http://supervisord.org/running.html#signals
2017-04-10 06:13:59 <Shiz> like this
2017-04-10 06:14:39 <hendry> a signal to $CWD/supervisord.pid ...
2017-04-10 06:14:45 <hendry> Shiz: thanks for the tips
2017-04-10 06:14:56 <Shiz> that pid will always be 1
2017-04-10 06:14:58 <Shiz> btw
2017-04-10 06:15:00 <Shiz> for docker images
2017-04-10 06:16:41 <Shiz> # supervisorctl shutdown   also works btw
2017-04-10 06:16:44 <Shiz> should do the same thing
2017-04-10 06:18:02 <^7heo> Shiz: is that supervisord part of alpine?
2017-04-10 06:20:33 <Shiz> ^7heo: http://pkgs.alpinelinux.org/packages?name=supervisor*&branch=&repo=&arch=&maintainer=
2017-04-10 06:20:37 <Shiz> you should know how to figure that one out
2017-04-10 06:20:39 <Shiz> :P
2017-04-10 06:22:12 <^7heo> dude, that requires a working browser, it's not even 9 yet.
2017-04-10 06:22:27 <^7heo> I want to wait a little before I hit the browser part of the day...
2017-04-10 06:22:56 <^7heo> I guess I could have used grep in aports...
2017-04-10 06:23:03 <^7heo> meh, I'll do that.
2017-04-10 06:23:50 <Shiz> or apk search
2017-04-10 06:24:28 <^7heo> apk search doesn't display as much info as there is in the APKBUILD file, or?
2017-04-10 06:29:03 <hendry> https://s.natalian.org/2017-04-10/1491805678_1268x676.png hmmm, doesn't like command = /usr/sbin/nginx
2017-04-10 06:29:20 <Shiz> oh it likes it just fine
2017-04-10 06:29:23 <Shiz> your nginx however, does not
2017-04-10 06:30:30 <hendry> command = /usr/sbin/nginx -g "daemon off;" // works
2017-04-10 06:31:34 <hendry> Shiz: supervisorctl shutdown # works!
2017-04-10 06:31:40 <hendry> Shiz: THANK YOU :)
2017-04-10 06:31:44 <Shiz> np
2017-04-10 06:54:31 <hendry> any tips for getting a colour motd or show disk stats and such like ubuntu does by default ?
2017-04-10 07:01:20 <IcePic> most shells have one init file for the first login shell and one for all subsequent shells, I guess one might be able to put fancy stuff in the first (.profile) and fixing PATH and setting up other env things in the second (.kshrc)
2017-04-10 07:01:41 <IcePic> or, get a cron job to replace the motd at times to hold what you like to see
2017-04-10 07:25:48 <Shiz> yeah, just edit /etc/profile or ~/.profile to show stuff you like
2017-04-10 08:42:29 <glend> Hello, I'm not sure where can I post a strange behavior I get with PHP intl extension in Alpine Linux?
2017-04-10 08:43:17 <clandmeter> bugs.alpinelinux.org
2017-04-10 09:37:18 <ScrumpyJack> morning
2017-04-10 09:59:49 <^7heo> moin ScrumpyJack
2017-04-10 12:46:33 <dminca> where is `apk` cache located on my filesystem?
2017-04-10 12:50:22 <clandmeter> dminca, /etc/apk/cache is mostly a symlink to some place in /var...
2017-04-10 12:58:31 <dminca> clandmeter nvm, I found it. It's in /var/cache/apk/*
2017-04-10 12:58:31 <john3voltas> greetings guys
2017-04-10 12:58:42 <john3voltas> newbie on alpine linux here
2017-04-10 12:59:12 <john3voltas> any document available to help me get going with alpine and kvm/qemu host
2017-04-10 12:59:13 <john3voltas> ?
2017-04-10 12:59:41 <dminca> https://wiki.alpinelinux.org/wiki/Main_Page <-- john3voltas
2017-04-10 12:59:46 <dminca> the wiki mainly :)
2017-04-10 13:01:16 <john3voltas> dminca: thanks for replying. but where is the info on running alpine as a kvm host? i can only find info on running alpine as a kvm/qemu vm
2017-04-10 13:05:18 <yMGJRgi997ZH> not sure there's many alpine specific things about kvm/qemu hosting on alpine
2017-04-10 13:05:35 <yMGJRgi997ZH> you should be good with any generic manual/howto
2017-04-10 13:06:28 <yMGJRgi997ZH> i'm running kvm/qemu without any problems here. except you might wonder, but by default only vnc frontends are supported, no sdl or other graphical output.
2017-04-10 13:06:45 <transhuman_> join #httpd
2017-04-10 13:17:03 <john3voltas> yMGJRgi997ZH: thanks for replying. so far i've been able to modprobe kvm and virtio but when i install qemu with apk add qemu i don't get the qemu-img command so that i can create the disks. am i doing anything wrong here? would i go any better with xen instead?
2017-04-10 13:26:36 <john3voltas> darned newbie
2017-04-10 13:26:44 <yMGJRgi997ZH> it's in the qemu-img pkg
2017-04-10 13:26:50 <john3voltas> qemu-img is a separate package
2017-04-10 13:26:55 <john3voltas> lol
2017-04-10 13:26:58 <yMGJRgi997ZH> yes
2017-04-10 13:27:01 <john3voltas> sorry bout that mate
2017-04-10 13:27:28 <john3voltas> i was going nuts and just figured it out too
2017-04-10 13:27:43 <john3voltas> thanks for your help
2017-04-10 13:28:43 <john3voltas> how do i manage the vm's? vnc/rdp?
2017-04-10 13:29:02 <yMGJRgi997ZH> vnc
2017-04-10 13:29:06 <john3voltas> i mean is there a vm console?
2017-04-10 13:29:30 <yMGJRgi997ZH> how do you mean? a graphic frontend for handling vms? dunno, never needed that
2017-04-10 13:30:13 <john3voltas> hmmm, when you're deploying a new vm, how do you set it up then? imagine it's a windows vm
2017-04-10 13:30:34 <john3voltas> during setup we need to access the vm's console screen
2017-04-10 13:30:55 <john3voltas> but i guess this is completely out of the scope of this channel
2017-04-10 13:32:31 <yMGJRgi997ZH> vms console screen i access via vnc if i understand you correctly
2017-04-10 13:33:43 <IcePic> for kvm-qemu, the libvirt stuff has a gnome VM-admin thing which includes console view
2017-04-10 13:34:07 <john3voltas> i see. thanks guys
2017-04-10 13:37:03 <john3voltas> gotta go. cheers
2017-04-10 18:17:46 <ddd_> is there a command to apply security updates?
2017-04-10 18:25:27 <_ikke_> ddd_: There is not command to apply _just_ security updates
2017-04-10 18:26:15 <_ikke_> ddd_: alpine linux does not differentiate between security fixes and other updates
2017-04-10 18:27:58 <ddd_> so just apk update, then?
2017-04-10 18:30:09 <_ikke_> apk upgrade -U
2017-04-10 18:30:16 <_ikke_> (same as apk update && apk upgrade)
2017-04-10 18:33:24 <Klowner> I've never successfully installed diskless mode.. is there some weird final thing you have to do after setup-alpine? I reboot and it just boots back into the installer
2017-04-10 18:34:21 <ddd_> thx!
2017-04-10 18:34:45 <_ikke_> Klowner: iirc, that should be enough
2017-04-10 18:35:17 <_ikke_> Klowner: "Note: When the setup-alpine script asks for a disk, say "none". It will then prompt whether you'd like to preserve modifications on any writable medium.
2017-04-10 18:35:18 <_ikke_> "
2017-04-10 18:36:13 <_ikke_> Klowner: You might need to run lbu ci before everything is comitted though
2017-04-10 19:25:18 <Klowner> hmm, it's persisting my hostname and some settings
2017-04-10 19:25:26 <Klowner> but nothing gets reinstalled
2017-04-10 19:29:18 <Klowner> everything is listed in the world file at least
2017-04-10 19:29:30 <_ikke_> ok
2017-04-10 19:29:47 <_ikke_> and are they present on the boot media?
2017-04-10 19:30:03 <_ikke_> cache dir or static pkgs dir?
2017-04-10 19:30:10 <Klowner> ah, most likely not
2017-04-10 19:30:28 <_ikke_> Klowner: Well, it should setup the cache dir so that it would
2017-04-10 19:31:13 <Klowner> I have an external caching proxy set up so I figured I'd avoid the internal cache. Didn't realize that was necessary for installing at boot
2017-04-10 19:31:29 <_ikke_> ok
2017-04-10 19:31:48 <Klowner> I'll try enabling that :)
2017-04-10 19:43:25 <TBB> jeez, what a day again. on the other hand, securebootability took another leap forward
2017-04-10 19:55:00 <Klowner> there we go, that works
2017-04-10 20:06:28 <TemptorSent> TBB What's news on the secureboot front?
2017-04-10 20:20:50 <TBB> nothing much really, I've just worked on a secure boot using install for some time
2017-04-10 20:21:45 <TBB> and it's not that tough, it's just that what works in one system won't necessarily work in another unless you follow the spec to the letter
2017-04-10 20:23:00 <TBB> just objcopy vmlinuz, initramfs, boot parms in a text file and some related stuff into an EFI binary, sign it and write your keys to the firmware and you're done
2017-04-10 20:23:53 <TBB> and you'll protect not only your kernel but initramfs against tampering
2017-04-10 20:25:17 <TemptorSent> TBB: If you can document the specifics, we can add it to the image builder and kernel tool before 3.6 if it's not ugly.
2017-04-10 20:27:09 <TBB> it's mostly the key management that's ugly, the procedure itself is rather simple
2017-04-10 20:28:48 <TemptorSent> What tools are required? is a good place to start I guess.
2017-04-10 20:29:57 <TBB> depends a bit on what approach you take. the basic set is sbsigntool and efitools, both of which I've got APKBUILDs for
2017-04-10 20:31:41 <TBB> it's just that sbsigntool is ugly as hell - it uses CCAN as a dependency, and that's a braindead approach (CCAN is basically CPAN for C code). And it also does things like generates its own key installation tool that generates keys and embeds them in its binary, which is, frankly, stupid
2017-04-10 20:32:18 <TBB> and efitools depends on sbsigntool :(
2017-04-10 20:32:50 <TBB> (well, some of it)
2017-04-10 20:34:04 <TBB> but you generate your keyset using openssl and some of sbsigntools, use some of those keys to sign your single-file kernel and use efitools to write the appropriate entries into the firmware registers controlling SB and that's it
2017-04-10 20:34:23 <TBB> then it's just a question of how and where you store your keys
2017-04-10 20:49:02 <Koopz> aloha
2017-04-10 20:53:37 <Koopz> i'm having problems trying to get a script to run properly. https://github.com/Koopzington/freenas-docker-jdownloader/blob/master/startJD2.sh#L35 i'm not a linux pro but i tried to echo something after that "exec su" line, that echo however can't be seen. Shouldn't "exec su" ensure that the command in the following lines are NOT being run as the mentioned user?
2017-04-10 21:52:43 <TemptorSent> ^7heo: I'm working on solving that problem permentently :)
2017-04-10 21:57:14 <darkfader> hm
2017-04-10 21:57:25 <darkfader> 3.5 still doesn't have the xen security patch
2017-04-10 21:57:48 <darkfader> is there anyone but royger or ncopa who can work on that?
2017-04-10 21:57:57 <darkfader> it's too much for me that much i do know
2017-04-10 23:11:20 <ali1234> how do i build an alpine cross-chroot?
2017-04-10 23:15:43 <ali1234> hmm okay this doesn't look too hard
2017-04-11 06:50:36 <ncopa> darkfader: i'll try fix it later today
2017-04-11 09:18:57 <dminca> hi guys
2017-04-11 09:19:26 <dminca> I noticed there's no keytool package on Alpine, I need to create a APKBUILD for that?
2017-04-11 09:19:33 <dminca> an*
2017-04-11 09:50:36 <ScrumpyJack> anyone good with laptop and external vga monitor?
2017-04-11 09:50:52 <ScrumpyJack> (no X11 involved)
2017-04-11 09:59:49 <bougyman> ScrumpyJack: sure
2017-04-11 10:01:51 <hiro> i use full-blown Xorg with xrandr whenever i have an external monitor attached
2017-04-11 10:02:04 <hiro> ScrumpyJack: you hate X11, using only console tools? :)
2017-04-11 10:04:36 <ScrumpyJack> ok, just tried X11 and i get the same. xrandr to the rescue!
2017-04-11 10:06:17 <ScrumpyJack> basically, in X I end up with two devices LVDA1 1024x600+0+0 and VGA1 1920x1080+0+0 on the same physical external monitor
2017-04-11 10:08:14 <ScrumpyJack> LVDA1 is mirrored on laptop and external VGA monitor
2017-04-11 10:08:58 <ScrumpyJack> just remove LVDA1 with xrandr?
2017-04-11 10:10:09 <antranigv> ^7heo: ! :)
2017-04-11 10:14:02 <ScrumpyJack> or maybe i should have two screens, currently i don't have one
2017-04-11 10:14:59 <^7heo> heeey antranigv
2017-04-11 10:15:03 <^7heo> ;)
2017-04-11 10:45:50 <ScrumpyJack> would be cool to have X11 on vga and termainl on laptop
2017-04-11 10:46:06 <avih> i _think_ xf86-video-vesa needs to be rebuilt against xorg 1.19.3 . that's my log https://pastebin.mozilla.org/9018640  not sure when it broke since i don't run xorg often (typically i use it headless), but i think in the past 2 weeks or so, during which xorg updated to 1.19.3
2017-04-11 10:47:33 <avih> (this is inside virtualbox but without any guest addition or modules installed, and xorg used to work on this machine)
2017-04-11 10:49:53 <avih> could this be a result of vesa not loading? "(EE) open /dev/dri/card0: No such file or directory"
2017-04-11 12:11:16 <parazyd> do the generic arm images support being on a btrfs fs?
2017-04-11 12:38:51 <parazyd> actually, how do i use the armhf tarballs?
2017-04-11 13:11:46 <hiro> parazyd: mount the containing files as root?
2017-04-11 13:11:57 <hiro> parazyd: boot and done...
2017-04-11 13:12:16 <parazyd> didn't work on a lime2
2017-04-11 13:12:25 <parazyd> falls back to FEL
2017-04-11 13:12:40 <hiro> you put it on whatever filesystem you want, with a kernel that works for your fs
2017-04-11 13:13:03 <hiro> what is lime2 and FEL?
2017-04-11 13:13:36 <hiro> 12:45 Scrum would be cool to have X11 on vga and termainl on laptop
2017-04-11 13:13:40 <hiro> i don't think that's common
2017-04-11 13:13:50 <hiro> in any way i neither think it's very cool
2017-04-11 13:14:09 <hiro> i didn't get your problem using xrandr
2017-04-11 13:14:23 <^7heo> hey hiro
2017-04-11 13:14:34 <hiro> ScrumpyJack: you're saying LVDA1 is broken?
2017-04-11 13:14:38 <hiro> ^7heo: hi :)
2017-04-11 13:15:13 <hiro> ScrumpyJack: you say you "should" have two screens but currently you have none, so where do you read LVDA1 1024x600+0+0 and VGA1 1920x1080+0+0?
2017-04-11 13:15:20 <hiro> if not on a screen where can it be displayed?
2017-04-11 13:15:58 <hiro> you should put only one cable between your external monitor and your computer
2017-04-11 13:19:33 <parazyd> hiro: a lime2 is an arm board from olimex, and FEL is an allwinner chip boot mode
2017-04-11 13:20:00 <parazyd> in any case, it seems i have to build u-boot myself in order to use this tarball?
2017-04-11 13:20:50 <hiro> well, if you stay in boot mode then that means no kernel has been loaded successfully
2017-04-11 13:21:05 <hiro> how to load a kernel is not alpine specific
2017-04-11 13:21:13 <parazyd> that's what i'm implying
2017-04-11 13:21:13 <hiro> check your board's docs
2017-04-11 13:21:20 <parazyd> the tarball says uboot is included
2017-04-11 13:21:26 <parazyd> ... not really
2017-04-11 13:21:37 <hiro> oh, you're talking of the *other* tarball then
2017-04-11 13:21:38 <hiro> sorry.
2017-04-11 13:21:58 <hiro> i only used the empty ones without kernel or bootloader stuff
2017-04-11 13:22:00 <hiro> i didn't know.
2017-04-11 13:22:27 <parazyd> you mean the mini rootfs?
2017-04-11 13:22:35 <hiro> yeah
2017-04-11 13:22:39 <parazyd> ah ack
2017-04-11 13:22:47 <darkfader> ncopa: thanks
2017-04-11 13:23:10 <hiro> most arm boards i have need special kernels anyway
2017-04-11 13:23:21 <hiro> i don't get why there's images that pretend that they can be used with any arm board
2017-04-11 13:23:25 <parazyd> the sunxi stuff is pretty generic
2017-04-11 13:23:28 <hiro> arm SoCs are way too fragmented
2017-04-11 13:27:27 <IcePic> noone wonders why x86 can be a thousand versions and same kernel+modules work there, but for arm its fine to have per-board images?
2017-04-11 13:28:05 <IcePic> its not like x86 machines span the whole spectrum from small nan-itxes and whatnot to humungous servers with TBs of ram.
2017-04-11 13:28:36 <darkfader> IcePic: arm is like with android, the vendors sell mostly to OEM customers and an get away with it / sell SDK's
2017-04-11 13:29:00 <darkfader> just look at sunxi, how LONG it took to just get 90% of stuff supported in mainline
2017-04-11 13:29:33 <darkfader> in the x86 we all already fought that battle with the vendors
2017-04-11 13:29:34 <TomJepp> IcePic: ARM tends to have non-discoverable buses
2017-04-11 13:29:49 <TomJepp> which makes things a nightmare, because you can't genericise everything
2017-04-11 13:29:55 <TomJepp> you need a build with the right device tree already in it
2017-04-11 13:30:04 <IcePic> darkfader: yes, but customers/consumers should keep battling on new arches too
2017-04-11 13:30:18 <dd_s> Hi all! Who try to install  Samba 4 AD as DC with AD user's auth from windows and linux guests?
2017-04-11 13:35:47 <parazyd> hiro: ok so the tarball does work if i flash my own uboot
2017-04-11 13:36:35 <hiro> parazyd: ah, excellent
2017-04-11 13:37:08 <parazyd> stuck here  * WARNING: clock skew detected!
2017-04-11 13:37:13 <parazyd> hmm let's wait a bit
2017-04-11 13:38:04 <parazyd> nope, stuck
2017-04-11 13:39:09 <hiro> parazyd: huh?
2017-04-11 13:39:13 <hiro> parazyd: what are you doing?
2017-04-11 13:39:21 <parazyd> booting it
2017-04-11 13:39:50 <parazyd> http://sprunge.us/QcVS
2017-04-11 13:40:10 <hiro> yeah, doesn't matter
2017-04-11 13:40:20 <parazyd> well it doesn't proceed
2017-04-11 13:40:25 <hiro> so the kernel started successfully
2017-04-11 13:40:48 <hiro> sounds like it worked
2017-04-11 13:41:21 <hiro> perhaps just no tty is started on that serial port
2017-04-11 13:41:28 <parazyd> sort of, i was expecting a shell
2017-04-11 13:41:33 <parazyd> yes, let's give it a look
2017-04-11 13:42:13 <hiro> just enable network, start dropbear or something, reboot and ssh in
2017-04-11 13:42:29 <hiro> s/reboot/boot/
2017-04-11 13:44:31 <parazyd> kewl!
2017-04-11 13:44:42 <parazyd> appending console=ttyS0,115200 to the cmdline helped
2017-04-11 13:45:41 <parazyd> heh no ethernet was found
2017-04-11 13:46:28 <hiro> that's why i'm not sure these device tree abstractions are so useful
2017-04-11 13:46:36 <hiro> there's always device specific shit you have to do
2017-04-11 13:46:54 <hiro> whether it's changing some hardcoded shit or enabling certain uncommon drivers
2017-04-11 13:47:04 <hiro> it's all the same to me... i don't need it abstracted.
2017-04-11 13:47:06 <parazyd> no actually, not with allwinner
2017-04-11 13:47:16 <parazyd> it can be the device tree is too old
2017-04-11 13:47:38 <hiro> whatever you say :P
2017-04-11 13:47:43 <parazyd> but that implies me compiling a new kernel
2017-04-11 13:48:11 <TomJepp> yes, but imagine for a moment if it was like x86 and you didn't need a specific device tree :)
2017-04-11 13:48:18 <parazyd> ^_^
2017-04-11 13:48:47 <hiro> TomJepp: yes, and then you get broken tables in acpi
2017-04-11 13:48:56 <TomJepp> hiro: very true. :)
2017-04-11 13:49:19 <hiro> the only real solution is to not have shitty unnecessarily complex designs
2017-04-11 13:49:21 <TomJepp> that's usually because asus or gigabyte's bios engineers shouldn't be allowed pocket calculators
2017-04-11 13:49:27 <TomJepp> let alone dev tools
2017-04-11 13:49:31 <hiro> so that all information fits into short datasheets
2017-04-11 13:50:02 <TomJepp> (and it's *always* those two that I have ACPI problems with)
2017-04-11 13:50:08 <hiro> TomJepp: it's the same problem in all other companys
2017-04-11 13:50:42 <hiro> the reason people aren't haveing more ACPI problems is that linux now pretends to be windows 7 or something
2017-04-11 13:51:11 <hiro> you just do what the majority userbase does, and conceal your linux crap from the acpi devils
2017-04-11 13:53:51 <hiro> if everything was simple then it wouldn't be so much work to just add relevant information from each datasheet
2017-04-11 13:54:14 <hiro> but once they use abstractions like bios, efi or some crap from those horrible SDKs all bets are off
2017-04-11 13:54:31 <hiro> everything is perpetually broken
2017-04-11 13:55:01 <hiro> and then there are these devices that make no sense at all with 100Mbit ethernet on the board
2017-04-11 13:55:08 <hiro> why are they even made, it's just sad imo.
2017-04-11 13:55:25 <hiro> and the worst ones with 100Mbit usb-ethernet
2017-04-11 13:55:46 <hiro> while the good old kirkwood for example already had gigabit ethernet. why is this so hard?!
2017-04-11 13:55:56 <parazyd> the lime2 has gigabit
2017-04-11 13:56:00 <hiro> nobody should be supporting such useless boards! :P
2017-04-11 13:56:09 <hiro> parazyd: the A20 though!
2017-04-11 13:56:22 <parazyd> *sigh*
2017-04-11 14:00:34 <darkfader> i got the "docker torture chamber" built on a lot of super slow ARM boards
2017-04-11 14:00:55 <darkfader> the 100mbit ones will be apache solr nodes for a search engine so they don't need too fast networking :)
2017-04-11 14:01:05 <darkfader> and i think for many people playing around at home the perf doesn't matter much
2017-04-11 14:01:06 <hiro> docker torture chamber?
2017-04-11 14:01:40 <hiro> darkfader: i think it matters
2017-04-11 14:01:50 <hiro> darkfader: it's so cheap to include gigabit ethernet, there's just no excuse
2017-04-11 14:02:09 <darkfader> hiro: basically i use bleeding edge hipster software only, and put it on slow ARM boards and make it serve the geocities archive
2017-04-11 14:02:17 <hiro> hahahahahaha
2017-04-11 14:02:53 <darkfader> and yeah, it should be gigabit only
2017-04-11 14:03:04 <darkfader> they can use power save modes or turn down to 100mbit if needed
2017-04-11 14:03:18 <TomJepp> hiro: the 'good old kirkwoord' wasn't very good at filling said gigabit ethernet though
2017-04-11 14:03:19 <TomJepp> :p
2017-04-11 14:03:31 <darkfader> i think some vendors just want to buy a lot of surplus parts
2017-04-11 14:03:33 <TomJepp> *kirkwood
2017-04-11 14:04:17 <hiro> TomJepp: 35MB vs 12MB/s is a significant difference when serving files via samba
2017-04-11 14:04:32 <TomJepp> I really do wish there was some magic reasonably priced ARM board with actual decent I/O capabilities... :(
2017-04-11 14:04:46 <hiro> TomJepp: i'd rather have a somewhat CPU limited gigabit port than a CPU limited 100Mbit usb ethernet port
2017-04-11 14:05:17 <hiro> and if you look at common wifi speeds for example kirkwood might hold up quite well
2017-04-11 14:05:22 <darkfader> odroid c2 is so far my favorite, but only for network IO, disk gets expensive
2017-04-11 14:05:57 <TomJepp> hmm, about £50. that's not bad
2017-04-11 14:06:16 <darkfader> i got mine running of SD cards and it's only got USB2
2017-04-11 14:06:35 <darkfader> so you can't saturate the network except from memory or buy eMMC for $$$
2017-04-11 14:06:39 <TomJepp> darkfader: hows the mainline kernel support?
2017-04-11 14:06:41 <darkfader> but the cpu power is good
2017-04-11 14:06:52 <hiro> TomJepp: i wish there was an ARM board with pci-e and bios
2017-04-11 14:06:57 <darkfader> i don't remember if i have a stock kernel on it
2017-04-11 14:07:01 <darkfader> i can check tonight
2017-04-11 14:07:13 <hiro> TomJepp: and obviously enough bandwidth on th eubs
2017-04-11 14:07:17 <hiro> *the bus
2017-04-11 14:07:26 <hiro> TomJepp: then i can just put how many ethernet cards i want
2017-04-11 14:07:27 <darkfader> hiro: yeah, then suddenly you need to put down $350 :/
2017-04-11 14:07:56 <hiro> yep. my home server is an old thinkpad in it's docking station, exposing two sata ports.
2017-04-11 14:07:58 <TomJepp> hiro: well, ARM with BIOS is done... there were some ARM boards with EFI even
2017-04-11 14:08:10 <TomJepp> just in case you want even more hideously overcomplicated blobs in your boot chain
2017-04-11 14:08:19 <hiro> in addition i can put a minipcie card to add one or two more ports, but only one at decent speeds.
2017-04-11 14:08:45 <hiro> "ARM boards with EFI" better kill me now
2017-04-11 14:08:55 <darkfader> hehe
2017-04-11 14:09:04 <hiro> i'm not gonna touch EFI just because of arm boards, hell no.
2017-04-11 14:09:05 <^7heo> yeah...
2017-04-11 14:09:13 <IcePic> with the EFI being more scriptable and more complete of an OS than what you load in it later. ;)
2017-04-11 14:09:39 <hiro> btw i still use my kirkwood as wifi router today.
2017-04-11 14:09:46 <hiro> and there the gigabit ethernet also makes a difference
2017-04-11 14:10:06 <hiro> once i finally put that 3-stream atheros card with 5GHz support everything went crazyfast
2017-04-11 14:10:31 <hiro> but then i realized i can also just put it into that old thinkpad, haha
2017-04-11 14:10:39 <hiro> so now my file server is also my router and wifi ap
2017-04-11 14:10:45 <hiro> cause why the hell not!
2017-04-11 14:11:00 <hiro> i'm not hitting any cpu limits like i would on arm :P
2017-04-11 14:11:31 <TomJepp> hiro: I think I made my feelings about EFI clear. ;)
2017-04-11 14:11:40 <hiro> yeah
2017-04-11 15:15:45 <ncopa> darkfader: pushed xen fix.
2017-04-11 15:15:48 <ncopa> thanks for the ping
2017-04-11 15:20:07 <darkfader> Thanks!
2017-04-11 15:29:27 <Kaylas> hi, i'm using alpine for docker, but when try to start a any daemon the file is not reconized
2017-04-11 15:29:50 <Kaylas> i've already try to add it on $PATH but the result is same
2017-04-11 15:30:22 <Kaylas> /tmp/opt # ls -lah /opt/nginx/latest/sbin/nginx
2017-04-11 15:30:23 <Kaylas> -rwxr-xr-x    1 web      web        24.3M Apr 10 13:01 /opt/nginx/latest/sbin/nginx
2017-04-11 15:30:23 <Kaylas> /tmp/opt # /opt/nginx/latest/sbin/nginx -V
2017-04-11 15:30:23 <Kaylas> /bin/ash: /opt/nginx/latest/sbin/nginx: not found
2017-04-11 15:30:23 <Sandlayth> what do you mean by "the file is not recognized"?
2017-04-11 15:31:15 <Kaylas> Sandlayth it return "not found"
2017-04-11 15:31:38 <Sandlayth> what about ./opt/nginx/latest/sbin/nginx ?
2017-04-11 15:31:49 <Kaylas> same
2017-04-11 15:32:35 <Kaylas> /opt/nginx/1.11.13/sbin # ./nginx -v
2017-04-11 15:32:35 <Kaylas> /bin/ash: ./nginx: not found
2017-04-11 15:33:23 <^7heo> Kaylas: you're missing a dynamic dependency.
2017-04-11 15:33:33 <^7heo> Kaylas: can you ldd nginx?
2017-04-11 15:33:49 <Kaylas> oh fuck
2017-04-11 15:34:07 <^7heo> yes.
2017-04-11 15:34:28 <Kaylas> x.x thanks ^7heo
2017-04-11 15:34:32 <^7heo> You're welcome ;)
2017-04-11 16:24:40 <context> anyone here run alpine as desktop in vmware [fusion], trying to get framebuffer and/or X to work properly when i resize/fullscreen
2017-04-11 16:31:08 <context> xrandr is getting me better sizes :)
2017-04-11 18:46:58 <silva> hello, where can I get more MIBs in adition to https://pkgs.alpinelinux.org/contents?branch=edge&name=net-snmp-libs&arch=x86_64&repo=main
2017-04-11 19:53:44 <_ikke_> silva: I download them from where I can find them (manually)
2017-04-11 19:54:25 <_ikke_> silva: I don't think there really is a single place to get more, each manufactured distributes there own (there are sites that aggregate them, but not in an easy to download fashion)
2017-04-11 19:56:33 <avih> _ikke_: could you trigger a rebuild? i _think_ xf86-video-vesa needs to be rebuilt against xorg 1.19.3 . that's my log https://pastebin.mozilla.org/9018640  not sure when it broke since i don't run xorg often (typically i use it headless), but i think in the past 2 weeks or so, during which xorg updated to 1.19.3
2017-04-11 19:57:09 <_ikke_> avih: sorry, I'm not a core developer
2017-04-11 19:57:19 <avih> k, thx
2017-04-11 20:02:14 <silva> _ikke_: ok thanks
2017-04-11 20:17:13 <Arc1> Hello
2017-04-11 20:37:12 <ciaobello> I do work in a virtualbox with apine-linux. I do start it from the virtaldisk and by booting it takes about 2 minutes from busybox crond [ok] till starting sshd [ok] appears? how can i make this faster?
2017-04-11 20:44:49 <clandmeter> Are all services slow starting?
2017-04-11 20:45:44 <ciaobello> no, just the last one is special slow.
2017-04-11 20:45:56 <ciaobello> sshd
2017-04-11 20:46:16 <clandmeter> sshd is slow?
2017-04-11 20:47:17 <ciaobello> till ok messages comes and i can log in
2017-04-11 20:47:31 <ciaobello> aprox 2 minutes
2017-04-11 20:47:36 <clandmeter> Check dmesg
2017-04-11 20:47:59 <clandmeter> Add utill-linux
2017-04-11 20:48:11 <clandmeter> Dmesg -T
2017-04-11 20:48:40 <clandmeter> See if there is a big time gap
2017-04-11 20:52:49 <ciaobello> i do have problems to install util-linux ... have to change the repo to the original one ...
2017-04-11 20:52:58 <ciaobello> brazil is not reachable
2017-04-11 20:55:18 <clandmeter> Use cdn
2017-04-11 21:20:58 <ciaobello> clandmeter , thx for the moment ... i could not see anything with Dmesg -T , i will chack later agina.
2017-04-11 22:01:16 <luxio> alpine is pretty cool
2017-04-12 01:48:19 <tw> Is gnu mailutils packaged under a different name or yet to be packaged? https://ftp.gnu.org/gnu/mailutils/
2017-04-12 01:48:51 <Shiz> unpackaged
2017-04-12 01:49:00 <tw> Okay, thank you.
2017-04-12 01:49:39 <Shiz> btw, it's easier to check this by yourself by doing a contents search for a known filename of the package
2017-04-12 01:49:41 <Shiz> :)
2017-04-12 01:49:44 <Shiz> http://pkgs.alpinelinux.org/contents
2017-04-12 01:49:52 <Shiz> i used frm: http://pkgs.alpinelinux.org/contents?file=frm&path=&name=&branch=&repo=&arch=
2017-04-12 01:50:37 <tw> Makes sense, I was just searching the package name. I'll keep that in mind.
2017-04-12 01:52:27 <dalias> is there a way to do contents search with the apk command rather than website?
2017-04-12 01:53:17 <Shiz> dalias: not afaik, as the APKINDEX doesn't index file names
2017-04-12 01:53:59 <dalias> yeah i figured as much
2017-04-12 04:41:26 <mitchty> can do this for now https://forum.alpinelinux.org/forum/general-discussion/how-find-out-which-package-provides-some-feature-or-file its hacky tho
2017-04-12 04:43:10 <mitchty> i use that to figure out what packages have the binary i need, would be nice for a what provides feature for apk
2017-04-12 05:40:27 <emacsomancer> is there any way to/info about installing alpine to a zfs /?
2017-04-12 06:47:08 <_ikke_> Someone happen to have or know where to find an alpine 2.3.2 iso
2017-04-12 06:47:43 <_ikke_> sorry, version 2.2.3
2017-04-12 06:48:39 <IcePic> google seems to point only to somewhat shady places
2017-04-12 06:51:02 <IcePic> and mirrors tend to hold from 2.3 and forward as far as I can see. 8-(
2017-04-12 06:51:13 <_ikke_> yes, that's what we noticed too
2017-04-12 11:11:21 <^7heo> moin
2017-04-12 11:20:31 <hiro> moin moin :)
2017-04-12 11:22:00 <^7heo> Wie gehts?
2017-04-12 11:28:29 <avih> dalias: fwiw re the regex issues with nano and gnulib, seems to have been fixed quite quickly and 2.8.1 (with this and other fixes) should be released today. nice of them :) https://savannah.gnu.org/bugs/?50705
2017-04-12 11:31:53 <ncopa> darkfader: i am looking at #6962
2017-04-12 11:32:03 <ncopa> i have been abale to reproduce it
2017-04-12 11:32:19 <ncopa> pv-grub does boot from ext2 though
2017-04-12 11:32:44 <ncopa> what is weird is that the problem seems to be in alpine 3.3 too
2017-04-12 11:32:59 <ncopa> and alpine 3.2 was just broken (in my vmware fusion setup)
2017-04-12 11:44:22 <avih> ncopa: who's the maintainer of xorg related packages? i _think_ xf86-video-vesa needs to be rebuilt against xorg 1.19.3 . that's my log https://pastebin.mozilla.org/9018640  not sure when it broke since i don't run xorg often (typically i use it headless), but i think in the past 2 weeks or so, during which xorg updated to 1.19.3
2017-04-12 11:45:09 <avih> oh, the pastebin file expired. i can upload it again though if someone wants to look at it.
2017-04-12 12:18:30 <darkfader> ncopa: i've attached the pv-grub i had in backup
2017-04-12 12:18:36 <darkfader> i think i went 3.2->3.5
2017-04-12 12:20:59 <ncopa> do you have the exact xen version number?
2017-04-12 12:21:03 <ncopa> which works
2017-04-12 12:21:45 <ncopa> avih: i think xf86-video-vesa was rebuild against xorg 1.19
2017-04-12 12:21:53 <ncopa> commit 5e39a11f17159b3b3bef21d75c63caa85dfc089e
2017-04-12 12:21:53 <ncopa> Author: Natanael Copa <ncopa@alpinelinux.org>
2017-04-12 12:21:53 <ncopa> Date:   Tue Apr 4 11:57:27 2017 +0000
2017-04-12 12:21:53 <ncopa>     main/xf86-video-vesa: rebuild against xorg-server-1.19
2017-04-12 12:22:08 <stevenroose> How would I deploy a very simple (Go-written) daemon program on Alpine?
2017-04-12 12:22:59 <avih> ncopa: thanks. rechecking stuff. will followup when I have more info.
2017-04-12 12:27:43 <avih> ncopa: i still get the same issue "(EE) vesa: module ABI major version (20) doesn't match the server's version (23)" full log: https://pastebin.mozilla.org/9018781 and this is after "sudo apk upgrade -U -a" ended up without any updates. fwiw, on edge with both community and testing repos enabled.
2017-04-12 12:30:40 <avih> (i don't know if the vesa failure is a red herring as i never looked at this log in the past. but i do know "startx" worked and launched xfce4 desktop in the past, and now it doesn't)
2017-04-12 12:33:04 <avih> (i.e. now it fails to launch X, the display never blinks/resize, and then it returns to the the terminal prompt).
2017-04-12 12:34:05 <avih> (i also deleted /var/log/Xorg.0.log before trying and posting the output at pastebin)
2017-04-12 12:34:47 <ncopa> huh
2017-04-12 12:35:05 <ncopa> oh
2017-04-12 12:35:08 <ncopa> i know why
2017-04-12 12:35:11 <ncopa> avih: you are right
2017-04-12 12:35:24 <avih> ah :)
2017-04-12 12:43:29 <avih> ncopa: huh.. no rel version bump in APKBUILD?
2017-04-12 12:44:17 <avih> this would be weird though. i also tried apk del --purge xf86-video-vesa and then i added it again. if it's a missing version bump, shouldn't it still get the new file?
2017-04-12 12:52:02 <ncopa> avih: that was the problem, pkgrel was not bumped
2017-04-12 12:56:02 <markand> hello
2017-04-12 12:58:36 <darkfader> TomJepp: i checked the odroid's kernel, it is running a non-upstream kernel so i lose :)
2017-04-12 12:58:44 <markand> I'm testing discovering alpine in a VM and I'm loving the quality of apk!
2017-04-12 12:58:49 <TomJepp> darkfader: :(
2017-04-12 12:59:05 <markand> the documentation is also good
2017-04-12 12:59:36 <darkfader> my colleague is just saying things like
2017-04-12 12:59:36 <darkfader> no
2017-04-12 12:59:38 <darkfader> please no
2017-04-12 12:59:41 <darkfader> don't say it
2017-04-12 12:59:49 <darkfader> so i think he shredded some ssh auth :)
2017-04-12 13:00:00 <darkfader> glad i got my coffee
2017-04-12 13:01:16 <TomJepp> I'm glad I use GPG for SSH auth. I have to actually lose my physical token ;)
2017-04-12 13:01:28 <darkfader> :)
2017-04-12 13:06:35 <avih> ncopa: vesa confirmed fixed. xfce desktop now starts. thanks :)
2017-04-12 13:07:27 <avih> (after "Upgrading xf86-video-vesa (2.3.4-r1 -> 2.3.4-r2)")
2017-04-12 13:37:52 <PowerWing> Hey, anyone awake in here? :-) I was wondering if there was some sort of shorthand for zfs on root for alpine. Or if I should just follow similar configurations as for debian and the like. I can't find anything on the wiki/forum.
2017-04-12 13:52:11 <tw> I would probably try the regular installer with ROOTFS=zfs. According to the news release, alpine 3.5 has support...
2017-04-12 13:52:49 <ncopa> its still a bit inconvenient to set up root as zfs
2017-04-12 13:52:56 <tw> Oh, not that cool yet? =/
2017-04-12 13:52:57 <ncopa> but its possible
2017-04-12 13:53:22 <ncopa> yeah, because zfs kernel module is not included in the release iso
2017-04-12 13:53:44 <tw> Licensing, or just a todo item?
2017-04-12 13:54:00 <context> people like zfs more than btr ?
2017-04-12 13:54:05 <ncopa> i was a bit scared of licensing
2017-04-12 13:54:09 <ncopa> so i left it out
2017-04-12 13:54:19 <ncopa> or more i was in doubt re licensing
2017-04-12 13:54:27 <context> yeah
2017-04-12 13:55:07 <ncopa> but after thinking of it a bit, i dont think there should be any problems with it really
2017-04-12 13:55:46 <ncopa> we'd just ship a precompiled binary kernel module
2017-04-12 13:56:09 <clandmeter> does it actually matter? does our iso have a specific license?
2017-04-12 13:56:18 <ncopa> it doesnt
2017-04-12 13:56:25 <ncopa> i dont thin it matter really
2017-04-12 13:56:31 <ncopa> i left it out because i was in doubt
2017-04-12 13:57:51 <john3voltas> greetings folks
2017-04-12 14:00:09 <PowerWing> How much effort would it be for me to compile an iso which does have the zfs module included?
2017-04-12 14:00:42 <consus> Hi folks
2017-04-12 14:00:53 <consus> What is the right method to set timezone in alpine?
2017-04-12 14:02:53 <tw> The zfs-installer thing is questionable. If you could pull an installer module from the internet as a separate download at install time, there would be no question, but shipping it on the ISO as a so called "combined work" is iffy; the GPL wants to enforce relicensing of everything in the package as GPL.
2017-04-12 14:03:07 <tw> (this is my understanding and does not constitute legal advice XD)
2017-04-12 14:04:10 <PowerWing> noted :-)
2017-04-12 14:06:30 <clandmeter> consus, setup-timezone?
2017-04-12 14:06:40 <consus> clandmeter: /etc/TZ is still UTC
2017-04-12 14:06:44 <consus> clandmeter: Is that normal?
2017-04-12 14:07:15 <clandmeter> mine is CET-1CEST,M3.5.0,M10.5.0/3
2017-04-12 14:07:22 <IcePic> GPL3 is iffyer on "compilations", isn't it?
2017-04-12 14:07:41 <inpothet> Good day i have a small question
2017-04-12 14:07:47 <consus> setup-timezone -z Israel
2017-04-12 14:08:00 <consus> /etc/zoneinfo/Israel -- ok
2017-04-12 14:08:06 <consus> cat /etc/TZ gives me UTC
2017-04-12 14:08:24 <consus> date says it's allright
2017-04-12 14:08:26 <inpothet> i have added nginx to the default runtime with rc-update but when i reboot or i boot it doesnt start
2017-04-12 14:08:42 <consus> But now I'm curious why the difference
2017-04-12 14:18:19 <consus> clandmeter: Is it legacy of some sort?
2017-04-12 14:19:22 <clandmeter> i never provide it options
2017-04-12 14:19:55 <consus> clandmeter: According to the wiki (https://wiki.alpinelinux.org/wiki/Alpine_Linux:FAQ) it was used in Alpine pre 2.2
2017-04-12 14:20:14 <clandmeter> where does etc/localtime point to?
2017-04-12 14:20:19 <context> i seem to be running into this issue: https://bugs.alpinelinux.org/issues/6029. even if i `go build -a -v std` as root it still tries to rebuild stdlib stuff as normal user
2017-04-12 14:21:21 <consus> To the right file in /etc/zoneinfo/Israel
2017-04-12 14:21:42 <consus> I do not give it -i so it's copying tzdata instead of making symlinks
2017-04-12 14:27:13 <consus> Hmm
2017-04-12 14:27:21 <consus> Service hostname is used?
2017-04-12 14:27:23 <consus> Or not?
2017-04-12 14:34:26 <john3voltas> today i noticed that there's a couple of packages that are not available on the v3.5 main repo but that are available in other repos like edge community. is there a way to install such packages without having to go on edge?
2017-04-12 14:35:23 <context> tagging
2017-04-12 14:35:49 <context> https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Repository_pinning
2017-04-12 14:35:53 <context> pinning. sorry
2017-04-12 14:36:36 <john3voltas> thanks for the reading material, context. ;-)
2017-04-12 15:42:39 <avih> dalias: "Is there a simple way to detect that nano is being compiled on Alpine or musl? So that we can do something like:  #ifdef ..." here https://savannah.gnu.org/bugs/?50787#comment8  so for musl it's "it's against its religion", and i'm guessing similarly with alpine?
2017-04-12 15:43:31 <avih> he suspects an issue between ncurses and musl
2017-04-12 16:10:36 <nsz> it would be nice to get a library call trace in the fixed and unfixed cases to see what libc api calls differ
2017-04-12 16:10:46 <nsz> but there is no easy way to get that
2017-04-12 16:13:01 <avih> gs, but this (comparing traces between musl and glibc) is probably a bigger effort than i want to put into this.
2017-04-12 16:13:32 <avih> s/gs/i can probably test stuff/
2017-04-12 16:13:38 <nsz> not between glibc and musl
2017-04-12 16:13:39 <avih> (wtf...)
2017-04-12 16:13:43 <nsz> but between musl and musl
2017-04-12 16:13:50 <Shiz> nsz: the patch just forces a redraw afaik
2017-04-12 16:13:54 <Shiz> it's nothing revolutionary
2017-04-12 16:13:55 <avih> yeah
2017-04-12 16:14:09 <nsz> ok but what libc call is made to do the redrwa
2017-04-12 16:14:13 <nsz> *draw
2017-04-12 16:14:19 <avih> seems he stilll prefers to not do it unconditionally as it's not required elsewhere
2017-04-12 16:15:03 <nsz> terminal stuff can be iffy, but it would be nice to know what the problem is
2017-04-12 16:15:28 <avih> sure. that's why i suggested that he summarizes his suspicions and maybe we can take it from there.
2017-04-12 16:18:19 <nsz> (i once had a terminal redraw issue.. turned out to be gcc-4.x bug after lot of debugging.. so the rabbit hole can go deep)
2017-04-12 16:19:27 <avih> the weird thing is if nano is invoked without any argument, then the title color is correct, which seems to suggest some ordering issue inside nano itself, but... not necessarily.
2017-04-12 16:20:24 <avih> he surely knows the code flow better than me, and following the patches results i think he suspects it's outside of nano.
2017-04-12 16:20:50 <avih> nsz: could you reproduce the issue?
2017-04-12 16:21:17 <avih> just to make sure it's not some issue on my specific system/setup
2017-04-12 16:25:51 <avih> fwiw, i think i bumped into a completely different issue which might also suggest something fishy between musl and ncurses - where curses.ungetmouse(0, 0, 0, 0, 0) (from python) segfaults. i reported it here https://bugs.alpinelinux.org/issues/6839
2017-04-12 16:44:51 <inpothet> Hi
2017-04-12 16:45:07 <inpothet> sorry i had to leave earlier so i coudnt see if i have gotten a reply
2017-04-12 16:46:16 <inpothet> but basicly when i set nginx in the default runtime so it would start at boot it doesnt work
2017-04-12 16:46:27 <inpothet> it sets the lvl but doesnt start
2017-04-12 16:51:36 <emacsomancer> how do I install alpine to a zfs root?  Or should I just install to ext4 and then copy the files over to a zfs dataset?
2017-04-12 17:12:14 <Shiz> https://twitter.com/OpenBSD_src/status/852196432740098048 via leah2
2017-04-12 18:28:09 <tw> Is udhcpc.conf documented?
2017-04-12 18:30:07 <Shiz> tw: not particularly
2017-04-12 18:31:20 <Shiz> tw: https://txt.shiz.me/M2MxYTMzMT
2017-04-12 18:31:26 <Shiz> i think those are the values you can modify
2017-04-12 18:31:30 <Shiz> minus $UDHCPC and $UDHCPC_CONF
2017-04-12 18:33:57 <tw> That looks right to me. I don't see a -doc package for busybox-initscripts; if there should be a doc file or manpage, where would it go?
2017-04-12 18:35:20 <Shiz> as in filesystem location or package name?
2017-04-12 18:37:44 <tw> Shiz: both?
2017-04-12 18:38:00 <tw> If there's an existing package, I can probably make some educated guesses as to filesystem location.
2017-04-12 18:38:04 <Shiz> ah
2017-04-12 18:38:09 <Shiz> there is no existing package that i know of
2017-04-12 18:38:20 <Shiz> but if one is to be created, it would likely be called busybox-initscripts-doc
2017-04-12 18:38:23 <Shiz> (very creative)
2017-04-12 18:38:39 <Shiz> manpages typically go in /usr/share/man, as udchpc.conf is a file format, it would go into the man5 subdirectory of that dir
2017-04-12 18:38:42 <tw> That sounds like an inspired package name.
2017-04-12 18:40:14 <tw> okay. I'll try to write up something at least halfass when I get some free time and open an issue against busybox-initscripts. Probably the right thing to do.
2017-04-12 18:43:08 <Shiz> :P
2017-04-12 18:43:19 <Shiz> if you've never written manpages before, it's ... something
2017-04-12 18:48:04 <tw> As good a time as any to learn, I guess. Aside from the usual linux-like format, are there any alpine-specific standards I should be aware of?
2017-04-12 18:49:05 <Shiz> i think we prefer mdoc format?
2017-04-12 18:49:07 <Shiz> not sure though
2017-04-12 18:49:45 <Shiz> for possible reference, this was the first (and only) time i wrote mdoc manpags: https://github.com/Shizmob/finite/blob/master/docs/sysvinit/inittab.5
2017-04-12 18:51:22 <Shiz> also: http://mdocml.bsd.lv/man/mdoc.7.html
2017-04-12 19:01:53 <tw> Shiz: okay, much appreciated.
2017-04-12 19:22:27 <inpothet> i followed the nignx guide and for some reason after setting the runlevel to default it doesnt boot at start what may be the cause its a fresh install of 3.5 with the virtualization kernel
2017-04-12 19:26:15 <Shiz> inpothet: just to be sure, this is not in a container, right?
2017-04-12 19:27:54 <Koopz> shouldn't it be possible to run a process as a user without an assigned shell?
2017-04-12 19:28:53 <Shiz> Koopz: that should be possible, yes
2017-04-12 19:30:56 <Koopz> su -pc "java -Djava.awt.headless=true -jar /opt/JDownloader/JDownloader.jar 2>&1 >/dev/null" jdownloader
2017-04-12 19:31:24 <Koopz> that's what i tried to execute in a bash script, running JDownloader as the user "jdownloader"
2017-04-12 19:32:15 <Shiz> right, that won't work
2017-04-12 19:32:20 <Koopz> not?
2017-04-12 19:32:29 <Shiz> as su -c executes your user shell with -c ...
2017-04-12 19:32:33 <Shiz> and if your user shell is invalid...
2017-04-12 19:33:14 <Shiz> you could use -s instead of -c
2017-04-12 19:33:20 <Shiz> but this seems like maybe a better case for su-exec
2017-04-12 19:33:37 <Shiz> apk add su-exec
2017-04-12 19:33:48 <Shiz> su-exec jdownloader sh -c "java -Djava.awt.headless=true -jar /opt/JDownloader/JDownloader.jar 2>&1 >/dev/null"
2017-04-12 19:34:00 <Shiz> (you still need sh since you're doing a shell output redirection)
2017-04-12 19:35:39 <Koopz> can i ommit the output redirection?
2017-04-12 19:36:57 <Koopz> adding -s /bin/sh would surely work, why install su-exec for that?
2017-04-12 19:38:01 <Shiz> that also works, yes
2017-04-12 19:57:00 <inpothet> shiz: no its in vmware
2017-04-12 19:57:14 <Shiz> that should work...
2017-04-12 19:57:20 <Shiz> does it indicate trying to start nginx?
2017-04-12 19:57:25 <inpothet> nop
2017-04-12 19:58:51 <inpothet> let me make a screenshot
2017-04-12 19:59:21 <inpothet> http://i.imgur.com/s5GswBW.png
2017-04-12 20:00:03 <stevenroose> Does Alpine allow connections on port 22 when installed?
2017-04-12 20:00:17 <stevenroose> I did the installation at work, installed OpenSSH during
2017-04-12 20:00:33 <Shiz> stevenroose: only if you started openssh
2017-04-12 20:00:35 <Shiz> :)
2017-04-12 20:00:43 <stevenroose> And now at home (don't have a monitor :D) I get connection refused on the device
2017-04-12 20:00:58 <stevenroose> Shiz, hmm, does it autostart when connected?
2017-04-12 20:01:03 <stevenroose> booted*
2017-04-12 20:01:04 <inpothet> it does
2017-04-12 20:01:13 <inpothet> but rootlogin is disabled at begin
2017-04-12 20:01:17 <Shiz> stevenroose: only if you rc-update add sshd default
2017-04-12 20:01:19 <Shiz> :p
2017-04-12 20:01:21 <stevenroose> damn
2017-04-12 20:01:28 <stevenroose> the installer did not create a new account
2017-04-12 20:01:31 <Shiz> inpothet: does /etc/runlevels/default/nginx exist?
2017-04-12 20:02:01 <stevenroose> so basically I need a monitor to make a new user? :D
2017-04-12 20:02:04 <inpothet> yes it exists
2017-04-12 20:02:17 <inpothet> or you can edit the sshd and enable rootlogin
2017-04-12 20:02:33 <stevenroose> inpothet, you mean blindly?
2017-04-12 20:02:47 <Shiz> root login is only disabled if you use a password
2017-04-12 20:02:49 <Shiz> :P
2017-04-12 20:03:03 <stevenroose> I did set a root password
2017-04-12 20:03:39 <Shiz> right
2017-04-12 20:03:46 <Shiz> it's not disabled if you use key-based auth
2017-04-12 20:03:48 <Shiz> :p
2017-04-12 20:04:15 <inpothet> shiz if i do rc-update show than it also lists nginx
2017-04-12 20:04:17 <Shiz> inpothet: hmm...
2017-04-12 20:04:34 <inpothet> and i can used init.d to manualy start it so and nginx -t says config is fine
2017-04-12 20:04:45 <Shiz> what about # rc-status?
2017-04-12 20:04:59 <stevenroose> now that you're here, how would I go about running a simple executable daemon on Alpine?
2017-04-12 20:05:05 <stevenroose> it's a Go program
2017-04-12 20:05:05 <Shiz> does it say runlevel: default at the top?
2017-04-12 20:05:10 <Shiz> stevenroose: as in, with openrc?
2017-04-12 20:05:19 <inpothet> rc-status nginx ?
2017-04-12 20:05:24 <Shiz> inpothet: just rc-status
2017-04-12 20:05:25 <stevenroose> Shiz, I don't know
2017-04-12 20:05:33 <Shiz> stevenroose: that's what i'd use at least
2017-04-12 20:05:37 <Shiz> write a simple initscript for it
2017-04-12 20:05:54 <stevenroose> an openrc initscript?
2017-04-12 20:06:07 <Shiz> right.
2017-04-12 20:06:39 <stevenroose> k
2017-04-12 20:06:48 <stevenroose> might go about doing that :)
2017-04-12 20:06:49 <stevenroose> thanks
2017-04-12 20:06:57 <inpothet>  rc-status does not list nignx
2017-04-12 20:07:03 <inpothet> *nginx
2017-04-12 20:07:11 <Shiz>   Shiz │ does it say runlevel: default at the top?
2017-04-12 20:07:16 <Shiz> stevenroose: a very simple example:
2017-04-12 20:07:25 <Shiz> https://txt.shiz.me/YmVkMmE1Zj
2017-04-12 20:07:41 <Shiz> you may need to add a depend() { ... } section to have it run after networking is up etc, but that's the skeleton
2017-04-12 20:07:44 <Shiz> man openrc-run for details
2017-04-12 20:07:46 <Shiz> :P
2017-04-12 20:08:00 <Shiz> also make sure the program runs in the foreground like this, or find command_args that make it run in the foreground
2017-04-12 20:11:10 <stevenroose> Shiz, thanks a lot!
2017-04-12 20:11:17 <stevenroose> about running in the foreground
2017-04-12 20:11:32 <stevenroose> what it change if it doesnt?
2017-04-12 20:11:40 <Shiz> it won't be able to managed by openrc
2017-04-12 20:11:44 <Shiz> so openrc can't know when it crashed
2017-04-12 20:11:54 <stevenroose> oh
2017-04-12 20:12:04 <Shiz> and stuff like stop/restart may not work
2017-04-12 20:12:07 <Shiz> so it's pretty important
2017-04-12 20:12:08 <stevenroose> oh you mean the executable itself should not deamonize the process?
2017-04-12 20:12:19 <stevenroose> it should stay attached to stdout etc?
2017-04-12 20:12:42 <Shiz> yes
2017-04-12 20:12:44 <Shiz> :)
2017-04-12 20:12:44 <stevenroose> f.e. not like transmission-daemon does
2017-04-12 20:13:00 <stevenroose> yeah Go programs normally don't do that, so I think I'm fine, thanks a lot!
2017-04-12 20:13:06 <Shiz> right
2017-04-12 20:13:12 <inpothet> Shiz: http://i.imgur.com/cZSRFmU.png
2017-04-12 20:13:15 <Shiz> so in transmission-daemon's case, you would put -f in command_args=
2017-04-12 20:13:20 <Shiz> to make it not daemonize
2017-04-12 20:13:35 <Shiz> inpothet: how very odd
2017-04-12 20:18:53 <inpothet> want to know a more fun ome
2017-04-12 20:19:03 <inpothet> let me take a screen of rc-update show
2017-04-12 20:19:52 <inpothet> http://i.imgur.com/wkzSy5e.png
2017-04-12 20:24:09 <inpothet> can it be because i made the machine as small as i could for test
2017-04-12 20:37:59 <Shiz> inpothet: hmm?
2017-04-12 20:40:16 <inpothet> i made the VM with 1 core, 128mb ram and 1gb storage to see how low i could go
2017-04-12 20:41:02 <Shiz> right, that shouldnt be an issue i think
2017-04-12 21:04:36 <inpothet> I will make a new vm with the standart image tomorow and try again mabye its bad luck with the virtual machine image
2017-04-12 21:15:51 <christophler> Hello #alpine. I would like to have the uuid program installed inside my alpine container. A google for "alpine apk uui package index" doesnt win. How should I look for the package? Is it available?
2017-04-12 21:16:05 <christophler> *d
2017-04-12 21:17:30 <qman__> christophler: http://pkgs.alpinelinux.org/contents?file=uuid&path=&name=&branch=&repo=&arch= for searching for files in packages
2017-04-12 21:30:09 <christophler> qman__: thanks
2017-04-12 22:32:39 <ash_mobile> Does alpine not need security updates?
2017-04-12 22:35:02 <Shiz> ash_mobile: ?
2017-04-12 22:36:01 <TBB> I think ash is referring to critical updates. No, the update model is not quite like that; you do get your security updates just like you would get your regular ones
2017-04-12 22:36:20 <Shiz> so, immediately whenever they are pushed
2017-04-12 22:36:22 <Shiz> :P
2017-04-12 22:42:21 <ash_mobile> Just like the regular ones.... Immediately? ... So, you don't need to do something like `apk update` to get security updates.
2017-04-12 22:53:21 <TBB> you'll have to do that, and that's how you do it in practically every distribution isn't it?
2017-04-12 22:53:54 <TBB> in other words, nothing -pushes- you security updates, but your system regularly -polls- them
2017-04-12 23:02:38 <Shiz> ash_mobile: you do need apk update, like any other package manager
2017-04-12 23:02:58 <Shiz> but as soon as a commit made to the 3.5-stable branch of the aports repo, it's available in the repos whenever the buildbots are done with it
2017-04-12 23:03:08 <ash_mobile> I don't get it... It sounds like, "yes, you have to do `apk update`" but "polls regularly sounds contradictory
2017-04-12 23:03:24 <Shiz> well, TBB means "apk update" by polling
2017-04-12 23:03:40 <Shiz> you can set a cronjob to apk update && apk upgrade automatically for instnace
2017-04-12 23:08:25 <tw> How long does APKINDEX stay cached locally? Does it pull every time?
2017-04-12 23:08:55 <ash_mobile> So do people generally have something like that in place when deploying docker on alpine?
2017-04-12 23:09:08 <tw> Every time someone uses apk update, I mean.
2017-04-12 23:09:13 <ash_mobile> (An image built on alpine)
2017-04-12 23:09:25 <Shiz> ash_mobile: i think docker has auto-builds for this
2017-04-12 23:09:35 <Shiz> that'll update whenever your base image updates
2017-04-12 23:10:16 <ash_mobile> So anytime the container starts it polls for updates?
2017-04-12 23:10:51 <Shiz> sadly not, just new images get pushed to docker hub according to your Dockerfile whenever the base alpine image changes
2017-04-12 23:11:00 <Shiz> you'd still need to # docker pull regularly
2017-04-12 23:11:05 <Shiz> and yeah, it's a big criticism of docker
2017-04-12 23:15:48 <ash_mobile> But people deploy with docker all the time... I guess they have to have something updating it
2017-04-12 23:19:43 <Shiz> i wouldn't be so optimistic
2017-04-12 23:19:59 <Shiz> but that's mer personally :P
2017-04-13 02:37:50 <ChainsawBaby> How can I install a package for a specific version?
2017-04-13 02:38:28 <ChainsawBaby> I use edge branch, but certbot on edge doesn't work on my server, so I want to install it from v3.5
2017-04-13 02:41:59 <ChainsawBaby> Oh right, I didn't have the correct repo
2017-04-13 09:46:21 <consus> Hmm
2017-04-13 09:47:49 <consus> When I install shadow it's pulling pam in
2017-04-13 09:48:23 <consus> Which makes my login shell managed through pam
2017-04-13 09:48:35 <consus> And my ssh sessions managed not through pam
2017-04-13 09:49:28 <consus> But SSH is built without PAM
2017-04-13 09:49:42 <consus> So can I somehow reach the consistency here?
2017-04-13 09:51:26 <^7heo> go deeper.
2017-04-13 09:51:31 <^7heo> it's eventually consistent.
2017-04-13 09:51:40 <^7heo> the laws of physics demand it.
2017-04-13 09:51:49 <consus> E.g. limits.conf
2017-04-13 09:52:14 <^7heo> I don't know what you're doing...
2017-04-13 09:52:24 <^7heo> but by the sounds of the backlog, it sounds really wrong.
2017-04-13 09:52:39 <consus> What sounds wrong?
2017-04-13 09:52:41 <^7heo> you make it sound you're using red hat and not alpine
2017-04-13 09:52:52 <consus> What?
2017-04-13 09:52:57 <^7heo> PAM
2017-04-13 09:53:00 <^7heo> PAM is wrong.
2017-04-13 09:53:05 <consus> Why?
2017-04-13 09:53:23 <^7heo> wait.
2017-04-13 09:53:32 <^7heo> Are you using alpine linux because it is the official docker image?
2017-04-13 09:53:37 <consus> Nope
2017-04-13 09:53:56 <consus> I'm using it because it looks like a nice clean distro with more-or-less up-to-date package base
2017-04-13 09:54:24 <^7heo> yeah
2017-04-13 09:54:26 <consus> So I can use it for my cgit/reviewboard/smtp-server/ci stuff
2017-04-13 09:54:42 <^7heo> So if you wanna keep it clean and nice why on earth would you install PAM?
2017-04-13 09:54:47 <consus> Hm
2017-04-13 09:54:52 <consus> So that's the issue :D
2017-04-13 09:55:02 <consus> I want to use some kind of orchestration
2017-04-13 09:55:06 <consus> ansible for that matter
2017-04-13 09:55:20 <consus> Because I do not want to keep track of configs myself
2017-04-13 09:55:34 <consus> And some of my services need useradd/groupadd
2017-04-13 09:55:41 <consus> Because ansible requires it
2017-04-13 09:55:46 <consus> So I have two options
2017-04-13 09:55:55 <consus> 1. Install shadow and have no troubles
2017-04-13 09:56:02 <consus> 2. Make a wrapper for useradd/groupadd
2017-04-13 09:56:37 <consus> The first looked easier
2017-04-13 09:56:40 <consus> But...
2017-04-13 09:56:46 <consus> The rest of the story in my original post
2017-04-13 09:57:27 <hiro> consus: so don't use ansible
2017-04-13 09:57:34 <consus> Err
2017-04-13 09:57:48 <consus> It looks much more nicer than everything else
2017-04-13 09:58:30 <consus> And I'm done with ssh-walk and other kind of crap
2017-04-13 09:58:42 <^7heo> consus: No, it lokks much less BAD than everything else.
2017-04-13 09:58:50 <^7heo> s/kk/ok/
2017-04-13 09:58:57 <consus> Yep
2017-04-13 09:59:04 <^7heo> but it's still shit.
2017-04-13 09:59:09 <consus> Any other options?
2017-04-13 09:59:16 <^7heo> provisionning wise there's nothing okay, let alone good.
2017-04-13 09:59:18 <^7heo> I'm writing one
2017-04-13 09:59:22 <^7heo> at the reason of one line per month
2017-04-13 09:59:28 <consus> Err
2017-04-13 09:59:32 <^7heo> should be ready just before I die, by my calculations.
2017-04-13 09:59:44 <^7heo> if I live long enough to witness the year 2542
2017-04-13 09:59:44 <consus> So I have no other options
2017-04-13 09:59:50 <^7heo> which is a long shot.
2017-04-13 10:00:06 <consus> Except for manually editing every goddamn configuration file on all my machines
2017-04-13 10:00:11 <^7heo> consus: at work I use packer.
2017-04-13 10:00:19 <^7heo> consus: it's the only option that doesn't make me puke atm.
2017-04-13 10:00:34 <^7heo> consus: mostly because it's still bad, but nothing executes on the remote.
2017-04-13 10:00:43 <consus> Errr
2017-04-13 10:00:48 <consus> It builds images
2017-04-13 10:00:51 <^7heo> yeah
2017-04-13 10:00:55 <^7heo> which is a very sane way to do it
2017-04-13 10:01:00 <^7heo> and you can do some missing management via ssh/make
2017-04-13 10:01:10 <consus> I do not want to rebuild iso's when I want to change a configuration option in rsyslog
2017-04-13 10:01:18 <consus> This is just fucking stupid
2017-04-13 10:01:28 <^7heo> dude
2017-04-13 10:01:37 <^7heo> immutable instances aren't stupid.
2017-04-13 10:01:38 <^7heo> it's reliable.
2017-04-13 10:01:49 <^7heo> it's exactly what google does.
2017-04-13 10:01:54 <consus> AHa
2017-04-13 10:02:05 <consus> Because google has a zillion tons of servers
2017-04-13 10:02:09 <^7heo> no.
2017-04-13 10:02:11 <consus> And it's easier to just replace an image
2017-04-13 10:02:17 <consus> Oh yeah
2017-04-13 10:02:22 <^7heo> because they don't need to change the content of their instances that often.
2017-04-13 10:02:26 <^7heo> it has nothing to do with the scale.
2017-04-13 10:02:43 <^7heo> and everything to do with the constant environment.
2017-04-13 10:02:48 <consus> It has everything to do with the scale, at least in my experience
2017-04-13 10:02:57 <^7heo> well, then you need more of it
2017-04-13 10:03:03 <consus> :D
2017-04-13 10:03:17 <^7heo> trust me, immutability has to do with constance of the content more than scale.
2017-04-13 10:03:22 <consus> I have 6 servers
2017-04-13 10:03:22 <^7heo> I mean fuck, it's even the definition of it.
2017-04-13 10:03:27 <^7heo> so do I atm.
2017-04-13 10:03:31 <^7heo> and I still use packer.
2017-04-13 10:03:40 <consus> And I do not want to reinstall my system every time
2017-04-13 10:03:43 <^7heo> the only problem I have with it is the fact that I don't have a DNS
2017-04-13 10:03:57 <consus> I want to change a line in rsyslog
2017-04-13 10:04:02 <^7heo> first off
2017-04-13 10:04:05 <^7heo> don't use rsyslog.
2017-04-13 10:04:15 <consus> I want to
2017-04-13 10:04:15 <^7heo> dude you seem to have an utterly poor taste in software.
2017-04-13 10:04:47 <consus> Anything better?
2017-04-13 10:04:53 <consus> syslog in busybox is crap
2017-04-13 10:05:40 <^7heo> ever heard of syslog-ng?
2017-04-13 10:05:44 <consus> Yes
2017-04-13 10:05:47 <consus> Configuration is shit
2017-04-13 10:06:06 <consus> The old rsyslog configuration files are much more readable
2017-04-13 10:06:16 <consus> Not that new script kinda crap
2017-04-13 10:06:16 <^7heo> Ok I'm done here.
2017-04-13 10:06:17 <^7heo> Good luck.
2017-04-13 10:06:34 <^7heo> Also if alpine doesn't work for you, I heard good things about SlItAz
2017-04-13 10:06:44 <consus> Alpine works for me
2017-04-13 10:07:36 <consus> Also what's your thing with rsyslog?
2017-04-13 10:08:04 <^7heo> what's my thing with PAM, rsyslog, systemd, etc...
2017-04-13 10:08:22 <consus> You like to show off or something?
2017-04-13 10:08:27 <^7heo> look I won't just take days to explain that to someone who's obviously oblivious to my reasons.
2017-04-13 10:08:35 <^7heo> No, I don't like wasting my time.
2017-04-13 10:08:40 <^7heo> I also don't want to make a scene.
2017-04-13 10:08:42 <consus> E.g. I can say why I do not like systemd
2017-04-13 10:08:45 <^7heo> So I said "I'm done here"
2017-04-13 10:08:53 <^7heo> please let me go now ;)
2017-04-13 10:08:58 <^7heo> Anyway, I gtg so...
2017-04-13 10:08:58 <consus> Err
2017-04-13 10:08:58 <^7heo> o/
2017-04-13 10:09:07 <consus> That was really weird
2017-04-13 10:12:17 <hiro> calm down everybody
2017-04-13 10:12:32 <consus> Relax
2017-04-13 10:12:36 <hiro> computer won't run away. you can fix it tomorrow when you know how :)
2017-04-13 10:12:46 <consus> He's gone
2017-04-13 10:12:49 <consus> You are safe now
2017-04-13 10:12:50 <hiro> there's another thing.
2017-04-13 10:12:57 <stwa> consus: to your first question, why do you need openssh build against pam? isn't shadow enough with "proper" configuration for useradd/groupadd?
2017-04-13 10:13:03 <hiro> you can try to rebuild that software, perhaps it can be built without PATM
2017-04-13 10:13:06 <hiro> *PAM
2017-04-13 10:13:22 <hiro> stwa: not openssh
2017-04-13 10:13:24 <consus> stwa: is install login
2017-04-13 10:13:34 <consus> stwa: which enforces pam in my login shell
2017-04-13 10:13:40 <consus> *installs
2017-04-13 10:13:47 <consus> shadow depends linux-pam
2017-04-13 10:13:50 <consus> *depends on
2017-04-13 10:14:10 <consus> Okay, I guess it's easier to make I wrapper
2017-04-13 10:14:14 <stwa> ah, /bin/login, ok
2017-04-13 10:14:25 <hiro> perhaps we should remove that
2017-04-13 10:14:33 <consus> The next step is to make a proper patch to ansible
2017-04-13 10:14:45 <consus> To support busybox adduser/addgroup
2017-04-13 10:14:46 <hiro> yeah, that would be a good idea
2017-04-13 10:15:14 <stwa> consus: i would love to see this, too
2017-04-13 10:15:35 <consus> The thing is -- guys have a lot's of non-implemented in busybox features
2017-04-13 10:16:05 <consus> Like support for non-unique
2017-04-13 10:16:19 <hiro> what is that?
2017-04-13 10:16:30 <consus>   -o, --non-unique              allow to create users with duplicate
2017-04-13 10:16:30 <consus>                                 (non-unique) UID
2017-04-13 10:16:39 <consus> I can't say why anybody needs this
2017-04-13 10:16:40 <consus> But still
2017-04-13 10:16:51 <consus> adduser is not a drop-in
2017-04-13 10:17:12 <consus> Maybe I can patch a busybox :-P
2017-04-13 10:17:28 <hiro> can't you just write into /etc/passwd manually?
2017-04-13 10:17:38 <consus> I want to use a generic interface
2017-04-13 10:17:39 <hiro> why is there adduser in the first place?
2017-04-13 10:17:44 <hiro> i never got it
2017-04-13 10:17:48 <consus> well
2017-04-13 10:18:08 <consus> I want to reuse some code from my other playbooks for non-alpine distros
2017-04-13 10:18:21 <consus> So I want to use a generic interface that works everywhere
2017-04-13 10:18:36 <hiro> ok, well it doesn't. now what?
2017-04-13 10:19:08 <hiro> isn't it easier to build that interface by using the basic principles that are shared and the same everywhere?
2017-04-13 10:19:13 <hiro> like /etc/passwd ...
2017-04-13 10:19:35 <consus> I mean ansible interface
2017-04-13 10:19:41 <consus> They have a user module
2017-04-13 10:19:53 <consus> That works almost everywhere
2017-04-13 10:19:57 <consus> Except for alpine :D
2017-04-13 10:20:00 <hiro> yeah, can't you fix their user module so that it doesn't require adduser/useradd at all?
2017-04-13 10:20:14 <hiro> throw out all special casing in there and replace it with simple /etc/psaswd usage
2017-04-13 10:20:15 <consus> I guess they won't accept such a patch
2017-04-13 10:20:19 <hiro> why not?
2017-04-13 10:20:33 <consus> Eh
2017-04-13 10:20:34 <hiro> i thought they try to be a generic solution
2017-04-13 10:20:43 <hiro> if it doesn't work on alpine they have failed
2017-04-13 10:20:51 <hiro> if you fix it they should be happy or not?!
2017-04-13 10:20:53 <consus> I guess they just don't care
2017-04-13 10:20:57 <consus> About alpine
2017-04-13 10:21:04 <hiro> then they are not generic :)
2017-04-13 10:21:10 <consus> They are generic
2017-04-13 10:21:15 <consus> For their use cases
2017-04-13 10:21:23 <consus> Because almost everywhere we have ubuntu/rhel
2017-04-13 10:21:23 <hiro> their use cases aren't generic though!
2017-04-13 10:21:26 <hiro> they are limited
2017-04-13 10:21:38 <consus> They covered 95% of the market
2017-04-13 10:21:44 <consus> They don't care about other 5%
2017-04-13 10:21:52 <hiro> so then you shouldn't hope their software does anything useful for you on alpine :)
2017-04-13 10:21:57 <hiro> write your own code
2017-04-13 10:21:59 <consus> Why not?
2017-04-13 10:22:05 <hiro> cause you just said they don't care about alpine
2017-04-13 10:22:07 <consus> It does work for all other stuff
2017-04-13 10:22:10 <hiro> then why use their software on alpine
2017-04-13 10:22:15 <consus> They have an apk module
2017-04-13 10:22:24 <consus> Managed my someone
2017-04-13 10:22:40 <hiro> ok, then we should get this dude into the interrogation chamber.
2017-04-13 10:22:46 <hiro> is he in here?
2017-04-13 10:23:47 <consus> author: "Kevin Brebanov (@kbrebanov)
2017-04-13 10:24:26 <consus> Wow
2017-04-13 10:24:40 <consus> They actually support openbsd
2017-04-13 10:24:42 <consus> Nice
2017-04-13 10:25:16 <hiro> this is getting more and more scary
2017-04-13 10:25:38 <consus> Hehe
2017-04-13 10:25:44 <consus> https://github.com/ansible/ansible/blob/eb1214baad0cbe2c4b7304caebb9ae1c7dc0d8db/lib/ansible/modules/system/user.py
2017-04-13 10:25:51 <hiro> oh it's python
2017-04-13 10:25:55 <hiro> haha
2017-04-13 10:25:56 <consus> It seems trivial to implement the necessary support for alpine
2017-04-13 10:26:21 <hiro> oh this is horrible
2017-04-13 10:26:43 <consus> Well it's better than the shell for that's sake
2017-04-13 10:26:57 <consus> I used to patch dracut
2017-04-13 10:32:40 <consus> Also how I change a user's shell?
2017-04-13 10:38:56 <kahiru> I always edited /etc/passwd by hand...
2017-04-13 10:39:03 <consus> wow
2017-04-13 10:39:06 <consus> Why?
2017-04-13 10:40:25 <consus> And how do you automate things? Like adding/removing user to a group?
2017-04-13 10:40:44 <kahiru> well, I usually do it once in a lifetime of the machine
2017-04-13 10:40:55 <consus> Hm
2017-04-13 10:41:06 <consus> Okay
2017-04-13 10:41:51 <hiro> consus: by writing programs
2017-04-13 10:42:04 <PowerWing> "like ansible" :P
2017-04-13 10:42:19 <hiro> consus: i like to use programs that would do exactly what i normally do when i touch things manually
2017-04-13 10:42:29 <hiro> this way i know exactly what *must* have happened when there's a problem.
2017-04-13 10:43:03 <hiro> nobody even reads this horrible ansible code before using it, so there's no way to know what effects it will have and you can only hope the manual will be documenting at least the most important parts
2017-04-13 10:43:16 <hiro> while i have to know how to add a user/group, etc. anyway.
2017-04-13 10:43:30 <hiro> i need to know how it works on all these crappy systems under my control
2017-04-13 10:43:48 <hiro> otherwise everything would be broken, lol.
2017-04-13 10:44:06 <hiro> ansible is an abstract horrible mess
2017-04-13 10:44:14 <hiro> all object oriented and shit
2017-04-13 10:44:25 <hiro> for something simple like generating a string for a single command
2017-04-13 10:44:32 <hiro> everything is spanning 50 if clauses
2017-04-13 10:44:42 <hiro> i don't need their generalizations
2017-04-13 10:44:51 <hiro> they only automate the trivialities, mostly wrongly or incomplete.
2017-04-13 10:45:13 <hiro> i need to automate everything anyway. they don't help me with that.
2017-04-13 10:45:29 <hiro> too much magic and unreadable code
2017-04-13 11:36:35 <consus> err
2017-04-13 11:36:42 <consus> It works pretty realiable for me
2017-04-13 11:37:22 <consus> The output is shit though
2017-04-13 11:37:35 <consus> All that u'string' python crap and such
2017-04-13 11:37:52 <consus> But still, I failed to find something else that is easy to use and gets the job done
2017-04-13 11:38:10 <consus> Without reinstalling my whole OS a minor package update lol
2017-04-13 11:38:18 <consus> *on a
2017-04-13 12:13:19 <DOTSLASHLINUX> Hi
2017-04-13 12:13:59 <DOTSLASHLINUX> How does Alpine Linux perform in terms of daily usage on a late-2013 laptop?
2017-04-13 12:18:48 <clandmeter> in what way?
2017-04-13 12:18:51 <clandmeter> as desktop?
2017-04-13 12:18:59 <DOTSLASHLINUX> Yes
2017-04-13 12:19:25 <DOTSLASHLINUX> Not an intensive one
2017-04-13 12:19:32 <DOTSLASHLINUX> merely for web browsing-development
2017-04-13 12:19:44 <clandmeter> we are not really orientated at desktop, but we have support for it.
2017-04-13 12:20:15 <clandmeter> xfce4 works rather well
2017-04-13 12:20:19 <DOTSLASHLINUX> Basic X support?
2017-04-13 12:20:27 <DOTSLASHLINUX> Ah I'm not even intending to use something that bloated
2017-04-13 12:20:32 <DOTSLASHLINUX> dwm or openbox
2017-04-13 12:20:44 <clandmeter> then you will feel right at home :)
2017-04-13 12:20:52 <DOTSLASHLINUX> That's what I wanted to here
2017-04-13 12:21:13 <clandmeter> ppl that find xfce bloated are mostly happ here
2017-04-13 12:21:50 <DOTSLASHLINUX> Not only bloated, but that crap compositor mutter or so has done it for good...
2017-04-13 12:22:22 <DOTSLASHLINUX> Alrightie I'll give it a try in a VM
2017-04-13 12:22:53 <DOTSLASHLINUX> I'm seeing lots of download options.
2017-04-13 12:23:30 <DOTSLASHLINUX> standard-vanilla-extended?
2017-04-13 12:24:08 <tw> or virt, and perform an install.
2017-04-13 12:24:48 <clandmeter> Extended means the pkgs it provides
2017-04-13 12:25:35 <DOTSLASHLINUX> Which one do you recommend for use on a laptop?
2017-04-13 12:26:02 <clandmeter> The only real difference is the kennel
2017-04-13 12:26:20 <clandmeter> Vanilla grsec or virtual
2017-04-13 12:26:42 <DOTSLASHLINUX> why not standard? thanks for the suggestion! Please excuse my ignorance...
2017-04-13 12:26:54 <clandmeter> Standard is grsec afaik
2017-04-13 12:27:48 <DOTSLASHLINUX> alright
2017-04-13 12:27:59 <DOTSLASHLINUX> and virtual is for use in a vm ?
2017-04-13 12:28:50 <clandmeter> Right
2017-04-13 12:28:52 <tw> reduced modules because only a few drivers are used commonly for VMs
2017-04-13 12:32:04 <DOTSLASHLINUX> alright thanks a lot
2017-04-13 12:34:04 <avih> clandmeter: i also wondered what are the exact differences between the packages, and as far as i can tell one could just add/remove packages (post install) to match the different download options, but it would have been nice if there was a table showing the exact diffs (package lists) between the downloads
2017-04-13 12:34:45 <clandmeter> avih, we dont want to cluther the dl page that much.
2017-04-13 12:35:07 <avih> clandmeter: i didn't say you must host it there, but,, you know.. the web.. links ;)
2017-04-13 12:36:09 <clandmeter> avih, create a wiki page describing them so we can link it.
2017-04-13 12:36:25 <avih> clandmeter: i don't know the exact diff...
2017-04-13 12:36:49 <avih> but someone does - whoever builds the ISOs
2017-04-13 12:37:29 <clandmeter> avih, https://github.com/alpinelinux/aports/tree/master/scripts
2017-04-13 12:42:44 <avih> clandmeter: that's probably enough as link from the downloads page of "Build scripts for the various images". and actually https://github.com/alpinelinux/aports/blob/master/scripts/mkimg.standard.sh covers a lot of things/diffs very clearly.
2017-04-13 12:44:58 <avih> so standard/vanilla/extended/virt are covered by that. it would have been great if it also covered the rest with the same crispness, but maybe the arm and xen images are not easily to integrate like that
2017-04-13 12:48:09 <avih> maybe if all the profile_* functions were in a single file (it seems they could), it would have the ultimate clarity about the relations between the images.
2017-04-13 12:50:28 <avih> but even as is, it's not hard to examine e.g. mkimg.xen.sh and figure things out. so, the link you posted would be a great starting point for someone trying to understand the different images better.
2017-04-13 12:50:53 <avih> and IMHO would serve well if it's linked form the download page
2017-04-13 13:42:55 <ncopa> darkfader: do you know if the bundled pv-grub works on ext4 on other distros?
2017-04-13 13:43:04 <ncopa> seems like grub2 has xen support
2017-04-13 13:43:27 <ncopa> so people seems to use grub2 instead of the xen bundled grub-0.97
2017-04-13 13:43:39 <kn330> Hi
2017-04-13 13:43:41 <ncopa> i just tested testing/grub2
2017-04-13 13:43:45 <ncopa> and it seems to work
2017-04-13 13:43:52 <kn330> I am trying to edit a wiki entry but it isn't allowing me to do so
2017-04-13 13:44:23 <kn330> On this page: https://wiki.alpinelinux.org/wiki/Docker
2017-04-13 13:45:02 <ncopa> kn330: are you logged in?
2017-04-13 13:45:02 <darkfader> ncopa: no idea unfortunately
2017-04-13 13:45:30 <kn330> yes
2017-04-13 13:45:34 <darkfader> how would grub2 work with alpine and it's grub compat wrapper
2017-04-13 13:45:52 <kn330> It says that new users aren't allowed to modify url's. Contact admin
2017-04-13 13:45:52 <ncopa> xen bundles the old grub 0.97 + a patch for ext4 support, but i have no evidence that it actually works :)
2017-04-13 13:45:56 <kn330> Who's the admin?
2017-04-13 13:46:08 <ncopa> darkfader: i am investigating how to use grub2 atm
2017-04-13 13:46:12 <ncopa> i got command line
2017-04-13 13:46:21 <ncopa> but i have no idea how the new syntax is :)
2017-04-13 13:46:22 <darkfader> ncopa: i would prefer the standard thing to work because it does work
2017-04-13 13:46:36 <ncopa> agree
2017-04-13 13:46:39 <darkfader> but yeah, if grub2 can boot alpine that would of course also be ok
2017-04-13 13:46:50 <ncopa> but im not convinced that standard thing actually works
2017-04-13 13:47:04 <darkfader> how do you think i'm booting my vms?
2017-04-13 13:47:22 <darkfader> i mean, the 3.5 pv-grub is obv. broken
2017-04-13 13:47:28 <darkfader> but it used to be ok :)
2017-04-13 13:47:38 <ncopa> right
2017-04-13 13:48:06 <ncopa> what i mean is that it might always been "broken", but happened to work with old compiler "by luck"
2017-04-13 13:48:30 <ncopa> or to be more specific: i dont know why it does not work recently
2017-04-13 13:48:33 <ncopa> :)
2017-04-13 13:49:01 <darkfader> i had a linkedin request from wei liu who would know... just i never used linkedin ... meh
2017-04-13 13:49:17 <ncopa> kn330: the admin tend to hide for that exact reason :)
2017-04-13 13:50:12 <ncopa> kn330: which is your login name in the wiki?
2017-04-13 13:50:20 <ncopa> im might be able to unlock you
2017-04-13 13:50:41 <ncopa> darkfader: i wonder if i shoudl continue dig in lgacy grub or if we should rely on grub2
2017-04-13 13:50:47 <ncopa> legacy*
2017-04-13 14:05:08 <nsz> hi i have an aarch64 desktop now.. there seem to be no aarch64 firefox package in alpine is there some fundamental issue there?
2017-04-13 14:06:00 <ncopa> do you have firefox-esr?
2017-04-13 14:06:18 <ncopa> aarch64 desktop, what kind of hw is that?
2017-04-13 14:06:28 <ncopa> can you ge aarch64 laptop?
2017-04-13 14:06:37 <nsz> it's custom built
2017-04-13 14:06:45 <ncopa> ha :)
2017-04-13 14:08:01 <nsz> ok installing firefox-esr
2017-04-13 14:08:07 <ncopa> apparently testing/firefox was disabled for aarch64
2017-04-13 14:08:28 <nsz> (the machine has ubuntu now but i want to try alpine.. chroot only for now because of custom kernel)
2017-04-13 14:08:57 <ncopa> https://git.alpinelinux.org/cgit/aports/commit/testing/firefox/APKBUILD?id=90313b0dfaf092d29ed15b9069b9dd8945d65122
2017-04-13 14:09:04 <ncopa> i supposed it failed to build for some reason
2017-04-13 14:09:34 <nsz> it crashes
2017-04-13 14:09:51 <ncopa> whoops
2017-04-13 14:10:43 <ncopa> im not very suprised though
2017-04-13 14:10:51 <ncopa> it does not work on 32 bit x86 either i think
2017-04-13 14:11:38 <ncopa> you are in untested area
2017-04-13 14:11:59 <ncopa> oh, we should probably also upgrade firefox
2017-04-13 14:12:47 <kn330> ncopa, my login name is techmaniack
2017-04-13 14:14:33 <clandmeter> ncopa, you can?
2017-04-13 14:14:42 <clandmeter> i thought i needed x days
2017-04-13 14:15:23 <ncopa> i dont know
2017-04-13 14:15:27 <ncopa> im looking into it
2017-04-13 14:15:32 <ncopa> i dont know how...
2017-04-13 14:15:45 <clandmeter> :p
2017-04-13 14:16:15 <ncopa> oh
2017-04-13 14:16:24 <ncopa> Blocks new user from adding new links to wiki for 5 hours after account creation... Was something like 10 days.
2017-04-13 14:16:32 <ncopa> i foudn that ^^
2017-04-13 14:16:53 <ncopa> kn330: might be the spamfilter that blocks you if you have links
2017-04-13 14:17:40 <clandmeter> it is
2017-04-13 14:17:50 <clandmeter> it blocks you from posting links for x days
2017-04-13 14:17:58 <kn330> Ohkay
2017-04-13 14:18:04 <ncopa> i think he changed it to 5 hours
2017-04-13 14:18:06 <kn330> I'm editing a link btw
2017-04-13 14:18:18 <kn330> "http://dl-6.alpinelinux.org/alpine/edge/community"
2017-04-13 14:18:19 <kn330> this one
2017-04-13 14:18:21 <ncopa> try again after 5 hours from user was created
2017-04-13 14:18:22 <kn330> it doesn't work
2017-04-13 14:18:26 <kn330> ncopa, cool
2017-04-13 14:18:39 <ncopa> and thanks for fixing the page
2017-04-13 14:18:45 <ncopa> sorry about the fuzz
2017-04-13 14:18:59 <clandmeter> fix it!
2017-04-13 14:19:04 <kn330> just to to confirm, I'm changing dl-6 to dl-cdn
2017-04-13 14:19:11 <clandmeter> :)
2017-04-13 14:19:18 <kn330> that would be better, right?
2017-04-13 14:19:24 <ncopa> yes
2017-04-13 14:19:27 <kn330> ncopa, hey your welcome :)
2017-04-13 14:21:43 <kn330> I am trying to build alpine box for vagrant with docker installed. Couldn't find one on google so trying to build one.
2017-04-13 14:29:30 <nsz> ncopa: firefox-esr works! (i just did not have chroot xauth set up properly)
2017-04-13 14:30:11 <ncopa> ah cool!
2017-04-13 14:30:12 <nsz> hm it says ubuntu
2017-04-13 14:30:17 <ncopa> lol
2017-04-13 14:30:28 <nsz> maybe it communicates with some firefox daemon outside the chroot..
2017-04-13 14:30:37 <nsz> that creates the window
2017-04-13 14:30:49 <ncopa> possibly
2017-04-13 14:31:02 <nsz> the binary is linked against musl.. but the window that appears is the ubuntu one :P
2017-04-13 14:31:44 <ncopa> this is the build failure: https://dpaste.de/XNvt
2017-04-13 14:32:46 <ncopa> maybe wi disable neon?
2017-04-13 14:32:58 <nsz> there are non pic relocs
2017-04-13 14:33:13 <nsz> i guess there is some asm that is not position independent
2017-04-13 14:33:22 <ncopa> probably yes
2017-04-13 14:34:37 <nsz> hm there is no thunderbird
2017-04-13 14:34:46 <nsz> i wanted to try that too
2017-04-13 14:34:59 <ncopa> correct, thunderbird was a pain :-(
2017-04-13 14:35:15 <ncopa> i have used claws-mail
2017-04-13 14:35:27 <ncopa> i am using claws-mail
2017-04-13 14:35:33 <ncopa> we also have evolution
2017-04-13 14:36:16 <nsz> ok if there is no firefox running outside the chroot, and i have xauth set up in the chroot then firefox crashes in libxul.so
2017-04-13 14:41:19 <kn330> What would be the alternative for "sudo usermod -aG docker $USER" on alpine?
2017-04-13 14:41:23 <nsz> it seems firefox clamps a pointer to 47bits.. this machine has 48bit address space for userspace and things are mapped into the top half..
2017-04-13 14:41:27 <kn330> I want to run docker without sudo
2017-04-13 14:42:21 <nsz> i guess if the jit engine does pointer mangling then it needs to know the address space size.. i dont know how that is configured
2017-04-13 14:42:48 <nsz> anyway i wont have time to debug this now
2017-04-13 14:43:22 <ncopa> i dont know either, and im also busy with other stuff
2017-04-13 14:46:58 <antranigv> hi all
2017-04-13 14:51:18 <consus> Seems like ssh is not logging failed attempts to /var/log/auth.log
2017-04-13 14:51:30 <consus> Only successful ones
2017-04-13 14:52:32 <consus> What am I doing wrong?
2017-04-13 14:52:50 <consus> Ah, it's not logging even succesfull ones
2017-04-13 14:52:55 <consus> It's sudo
2017-04-13 14:58:21 <consus> Eh, my bad. Sorry for the noise.
2017-04-13 17:47:11 <kn330_> hey ncopa that edit was accepted \m/
2017-04-13 18:08:48 <Unode> hi everyone
2017-04-13 18:09:05 <Unode> I'm trying to compile a software using alpine running in a docker container
2017-04-13 18:09:39 <Unode> and I'm running into problems. Google isn't helping. The error is: /usr/include/bits/stdio2.h:97: undefined reference to `__fprintf_chk'
2017-04-13 18:10:04 <Unode> or one other printf variant
2017-04-13 18:10:13 <Unode> am I missing some library?
2017-04-13 18:12:07 <dalias> that does not look like alpine
2017-04-13 18:12:13 <dalias> bits/stdio2.h is part of glibc
2017-04-13 18:12:44 <Unode> and please ignore ... seems like the previous environment was somehow leaking through the configure steps.
2017-04-13 18:12:57 <dalias> if it is alpine you probably randomly copied/overwrote a bunch of system headers with glibc stuff from some other system
2017-04-13 18:13:07 <Unode> starting with a fresh folder seems to have helped. Currently doing some progress.
2017-04-13 18:13:15 <Unode> and success
2017-04-13 18:13:58 <Unode> by the way, are all alpine libraries also available for static compilation?
2017-04-13 18:14:17 <Unode> I noticed I didn't have to install anything extra to make a static build
2017-04-13 18:17:23 <Unode> dalias: thanks again for the help. Your comment about "not look like alpine" and "glibc" helped looking at the right place.
2017-04-13 18:18:46 <dalias> i think the devel packages provide static libs
2017-04-13 18:18:48 <dalias> but not 100% sure
2017-04-13 18:19:00 <Unode> ok seems like not all libs can be statically linked. curl just failed
2017-04-13 18:19:10 <Unode> works if non-static though.
2017-04-13 18:19:58 <Unode> and then retrying the static worked...
2017-04-13 18:20:02 <Unode> odd
2017-04-13 18:20:32 <Unode> oh well... happy user. Got what I wanted. Thanks for making it great!
2017-04-13 19:05:41 <shodan45> how do I "configure" busybox? I installed procps to get /bin/top, and removed the /usr/bin/top symlink.... but a recent upgrade of linux-grsec recreated the symlink
2017-04-13 19:16:47 <terra> Guys, what is the procedure for taking over an unmaintained package? Should I contact with maintainer first?
2017-04-13 19:17:56 <shodan45> I assume "Executing busybox-1.25.1-r0.trigger" is the culprit... can I configure that? or at least see what that does?
2017-04-13 19:22:14 <shodan45> (random aside: busybox has an http server?!)
2017-04-13 19:28:41 <haarts> I'm installing the latest Alpine to a harddisk. But 'setup-disk' bails on me when selecting 'sys' with the message 'ERROR: unsatisfiable constraints: sfdisk, syslinux'
2017-04-13 19:28:49 <haarts> What is that about?
2017-04-13 19:29:31 <haarts> 'apk add sfdisk' doesnt work either
2017-04-13 19:30:10 <haarts> 'WARNING: Ignoring APKINDEX.392882fe4.tar.gz: No suck file or directory'
2017-04-13 19:30:31 <shodan45> haarts: ISTR having the same problem a while back.... is your network connection up?
2017-04-13 19:30:34 <shodan45> and internet?
2017-04-13 19:31:10 <haarts> I'll be damned
2017-04-13 19:31:41 <shodan45> haarts: was that it? :)
2017-04-13 19:32:25 <haarts> shodan45: no internet, that's for sure
2017-04-13 19:35:42 <haarts> I wonder why.
2017-04-13 19:35:48 <haarts> Just DHCP on eth0
2017-04-13 19:35:48 <shodan45> haarts: what version of alpine? standard?
2017-04-13 19:35:54 <haarts> yeah
2017-04-13 19:43:20 <haarts> shodan45: during the first run of 'setup-alpine' my network cable was detached. I fixed that and reran but somehow the network wasnt kicked off. /etc/init.d/networking restart helped
2017-04-13 19:43:53 <haarts> 'Failed to add partition: Invalid argument'
2017-04-13 19:43:55 <haarts> :(
2017-04-13 19:44:05 <haarts> I'd say there are some rough edges?
2017-04-13 19:44:37 <CrashOverride> sorry guys
2017-04-13 19:44:49 <CrashOverride> sometimes I forget that I'm in actual serious channels on this network
2017-04-13 19:45:53 <shodan45> haarts: sort of. When alpine works, it works great. But yes, sometimes there are rough edges.
2017-04-13 19:46:59 <haarts> fdisk to the rescue (+ a bit of Googleing)
2017-04-13 19:47:17 <haarts> What fs will it install anyway?
2017-04-13 19:47:28 <shodan45> ext4
2017-04-13 19:47:40 <haarts> solid
2017-04-13 19:47:42 <yMGJRgi997ZH> read the setup script, it's  shell script
2017-04-13 19:48:06 <haarts> yMGJRgi997ZH: didn't think of that but obviously!
2017-04-13 19:48:58 <shodan45> alpine has the best, and worst, installer ever :)
2017-04-13 19:49:23 <yMGJRgi997ZH> depends on your level of expertise ;)
2017-04-13 19:49:36 <shodan45> and google-fu ;)
2017-04-13 19:50:02 <shodan45> and how "normal" your config is
2017-04-13 19:59:38 <haarts> errr. Is there smt special I need to do to log in via SSH? I'm pretty sure I typed my pass correctly.
2017-04-13 19:59:48 <haarts> (openssh)
2017-04-13 20:04:24 <avih> root is not allowed to login via ssh by default, and you might need to check your options at /etc/ssh/sshd_config
2017-04-13 20:07:20 <haarts> ahhh, different defaults
2017-04-13 20:07:29 <haarts> check!
2017-04-13 20:07:30 <haarts> tnx
2017-04-13 20:22:19 <mepholic> ☁ Ｔｈｅ Ｃｌｏｕｄ ☁
2017-04-13 20:23:12 <inpothet> I made a new vm with the standart image and installed nginx and added it to the default runtime using rc-update
2017-04-13 20:23:31 <inpothet> it still isnt starting when sshd etc starts
2017-04-13 20:28:52 <BitL0G1c> inpothet -nginx-naxsi starts without any problems & has built in service supervision
2017-04-13 20:36:00 <inpothet> I'm just following the guide of the wiki
2017-04-13 20:37:19 <inpothet> and the packege your talking about is a WAF i mean nginx it self as web server
2017-04-13 20:50:48 <tdtrask> consus: ansible apk module author @kbrebanov has been unresponsive to my git pull
2017-04-13 20:50:56 <tdtrask> if you reach him, ping him on https://github.com/ansible/ansible/pull/22886
2017-04-13 20:51:02 <consus> tdtrask: Errr
2017-04-13 20:51:08 <consus> tdtrask: I don't know that guy
2017-04-13 20:51:13 <tdtrask> because current apk module is very limited
2017-04-13 20:51:18 <tdtrask> yeah, me neither
2017-04-13 20:51:31 <consus> tdtrask: Well okay, sure
2017-04-13 20:51:48 <tdtrask> you mentioned him in backlog, and I'm grasping at straws :)
2017-04-13 20:51:49 <consus> tdtrask: If I'll ever reach him I'll tell him about that
2017-04-13 20:52:15 <consus> tdtrask: But I guess he's just on vacation or smthing
2017-04-13 20:52:30 <consus> or dead
2017-04-13 20:52:35 <tdtrask> 
ACTION is going to create another github pull request for ansible module for awall, and probably another for lbu

2017-04-13 20:52:47 <consus> Like that guy who wrote yum
2017-04-13 20:52:53 <inpothet> good luck
2017-04-13 20:53:03 <consus> Good ol' karma
2017-04-13 20:53:34 <inpothet> ffs even added it to the boot runtime and nginx is still not booting time for some good old manual reading
2017-04-13 20:53:40 <tdtrask> hopefully it's vacation, but I submitted the request 22 days ago
2017-04-13 20:53:49 <consus> =/
2017-04-13 20:53:59 <consus> Maybe you can jump it
2017-04-13 20:54:23 <consus> I guess ansible devs would be glad to have another maintainer for that module
2017-04-13 20:54:35 <Xe> consus: i pinged the dev on the github issue
2017-04-13 20:54:50 <Xe> at the least, it makes the fact that someone wants an update a publicly known fact outside of just this IRC channel
2017-04-13 20:54:56 <tdtrask> consus: yeah, I am willing to maintain it
2017-04-13 20:55:09 <Xe> tdtrask: ask #ansible?
2017-04-13 20:55:14 <consus> tdtrask: So talk to them :)
2017-04-13 20:55:25 <tdtrask> Xe: I've asked a few times and gotten no response :(
2017-04-13 20:55:26 <consus> tdtrask: Maybe you'll get a nice clean maintainer badge
2017-04-13 20:56:11 <consus> For fuck's sake... Busybox does not have a usermod %)
2017-04-13 20:56:25 <Xe> tdtrask: have you tried asking _anyone_ on the ansible team instead?
2017-04-13 20:57:06 <tdtrask> Xe: recommendations?
2017-04-13 20:57:28 <tdtrask> 
ACTION has simply posted requests on #ansible

2017-04-13 20:58:09 <tdtrask> don't know any dev to ping directly
2017-04-13 20:58:53 <Xe> tdtrask: look for anyone with a leading sigil
2017-04-13 20:59:58 <timhaute> Hi there. After latest alpine upgrade deluge-1.3.14-r0 cannot start anymore, it is failing with a python error: "ImportError: No module named incremental"
2017-04-13 20:59:59 <tdtrask> Xe: seems rude
2017-04-13 21:00:21 <Xe> tdtrask: sometimes getting shit done means being a little uncouth to get the contact you need
2017-04-13 21:00:56 <Xe> timhaute: the GUI or daemon side of deluge?
2017-04-13 21:01:15 <timhaute> deluged is failing to start, daemon
2017-04-13 21:01:34 <Xe> do you use any custom repos?
2017-04-13 21:02:00 <tdtrask> Xe: thanks, I'll give it a try when I return to my keyboard
2017-04-13 21:02:00 <timhaute> deluge is coming from edge/testing
2017-04-13 21:02:15 <Xe> but the system base is not edge/testing?
2017-04-13 21:02:49 <timhaute> everything else is edge/main and edge/community
2017-04-13 21:03:01 <Xe> perfect, lemme test in a container
2017-04-13 21:03:12 <timhaute> sweet thanks
2017-04-13 21:03:55 <Xe> timhaute: `apk add deluge` is how you installed it?
2017-04-13 21:05:06 <timhaute> I think that I had to specify the testing repo
2017-04-13 21:05:26 <Xe> yeah
2017-04-13 21:05:38 <timhaute> @testing http://mirror.leaseweb.com/alpine/edge/testing
2017-04-13 21:05:40 <Xe> it looks like the deluge package doesn't have dependencies it needs
2017-04-13 21:06:20 <timhaute> a rebuild may be needed
2017-04-13 21:06:43 <Xe> https://gist.github.com/Xe/8dea70e280aadecf589f3d29d613846a
2017-04-13 21:07:23 <Xe> this info will be useful for the maintainer, contact the email listed here: https://git.alpinelinux.org/cgit/aports/tree/testing/deluge/APKBUILD#n2
2017-04-13 21:08:18 <timhaute> ok thanks will do
2017-04-13 21:08:49 <Xe> :+1:
2017-04-14 00:30:47 <darkfaded> "Continuing the upgrade transaction with new apk-tools:"
2017-04-14 00:30:50 <darkfaded> oh that's so cool
2017-04-14 00:30:57 <darkfaded> thanks whoever added that
2017-04-14 00:31:41 <Shiz> :P
2017-04-14 00:32:51 <Shiz> pretty old functionality by now i think already
2017-04-14 01:14:01 <darkfaded> xen48:~# vgchange -ay
2017-04-14 01:14:01 <darkfaded> Error relocating /sbin/vgchange: dm_report_group_push: symbol not found
2017-04-14 01:14:05 <darkfaded> seen that by chance?
2017-04-14 01:14:13 <darkfaded> i am a bit ... uncertain lol
2017-04-14 01:16:37 <darkfaded> i can see coredumb hit it 3 mo ago
2017-04-14 01:16:37 <darkfaded> http://lists.alpinelinux.org/alpine-devel/5532.html
2017-04-14 01:16:40 <darkfaded> :))
2017-04-14 01:17:17 <darkfaded> works
2017-04-14 01:17:28 <luxio> What package do I install for the `java` command?
2017-04-14 01:17:31 <darkfaded> no idea why it's only on this one sys
2017-04-14 01:24:34 <luxio> which package is non-headless java?
2017-04-14 01:30:05 <Shiz> luxio: openjdk8-jre perhaps?
2017-04-14 01:30:34 <Shiz> openjdk8-jrebase is the GUI-less version, openjdk8-jre should have GUI support
2017-04-14 04:20:59 <Nobabs27> how do I install chsh?
2017-04-14 09:15:50 <ncopa> darkfaded: this xen issue annoys me
2017-04-14 09:16:02 <ncopa> i think i have an explanation
2017-04-14 09:16:14 <ncopa> i think there are 2 different errors
2017-04-14 09:17:09 <ncopa> the one error that you got when upgrading
2017-04-14 09:17:28 <ncopa> and the ext4 incompatibility problem
2017-04-14 09:18:26 <ncopa> i think that recent mke2fs.ext4 will enable: Support for more than 2^32 filesystem blocks (EXT4_FEATURE_INCOMPAT_64BIT)
2017-04-14 09:18:54 <ncopa> which never been supported by the pv-grub from xen
2017-04-14 09:19:35 <ncopa> i think the "solution" to that is to disable that when mkfs the /boot partition
2017-04-14 10:31:21 <ncopa> darkfaded: can you check if your problematic xen boot partition has 64bit support?
2017-04-14 12:46:11 <Klowner> anyone know offhand what the syntax is to add a second ip to an interface?
2017-04-14 12:46:52 <_ikke_> through the interfaces file?
2017-04-14 12:46:57 <Klowner> ya
2017-04-14 12:48:06 <_ikke_> Does alpine support hooks>
2017-04-14 12:48:08 <_ikke_> ?
2017-04-14 12:48:31 <_ikke_> cannot find a reference
2017-04-14 12:50:08 <Klowner> hooks?
2017-04-14 12:52:14 <_ikke_> debian/ubuntu has interface hooks, where you can run scripts / commands before or after an interface goes up/down
2017-04-14 12:52:44 <Klowner> ah, ya, can do up/down/post-up/post-down
2017-04-14 12:52:50 <Klowner> suppose I could just add the ip like that
2017-04-14 12:53:25 <_ikke_> ip addr add dev <interface> x.x.x.x/y
2017-04-14 12:54:22 <Klowner> good thinkin
2017-04-14 13:07:32 <^7heo> hey Klowner
2017-04-14 13:07:42 <Klowner> howdy, ^7heo !
2017-04-14 13:07:46 <^7heo> ;)
2017-04-14 13:07:50 <^7heo> Klowner: do you use ZFS?
2017-04-14 13:08:36 <Klowner> ya
2017-04-14 13:31:28 <^7heo> Klowner: does it work well?
2017-04-14 13:34:05 <amosbird> hi
2017-04-14 13:34:11 <amosbird> how can I make middle button as a  modifier
2017-04-14 13:35:44 <^7heo> sudo make-middle-button-modifier
2017-04-14 13:42:29 <amosbird> hehe
2017-04-14 13:49:07 <victorbjelkholm> hey, hit a issue that I'm not sure how to resolve. If I'm without internet connection in Alpine, it won't even try to request localhost or 127.0.0.1. My repository is running on localhost and I'm trying to apk even though I don't have any internet connection. Can I configure it somehow to try to hit localhost even though I don't have a connection to the
2017-04-14 13:49:07 <victorbjelkholm> internet backbone?
2017-04-14 14:03:45 <Shiz> w 44
2017-04-14 14:05:01 <Klowner> ^7heo: ya it works great
2017-04-14 14:05:32 <^7heo> Shiz: missed.
2017-04-14 14:06:05 <^7heo> Klowner: ok. But I think I asked you already
2017-04-14 14:06:16 <^7heo> Klowner: about the encryption, right? You don't use any...
2017-04-14 14:10:49 <Shiz> ^7heo: super sharp shooter shooting sharp
2017-04-14 14:15:48 <^7heo> Shiz: super
2017-04-14 14:54:05 <ncopa> _ikke_: yes alpine support debianstyle /etc/network/interfaces hooks
2017-04-14 14:57:52 <inpothet> if i install a package using apk add and set the runlevel to default using rc-update it should boot at start right ?
2017-04-14 14:58:30 <Klowner> inpothet: yep
2017-04-14 14:58:55 <inpothet> well wierd i made 2 vm's one with VM image and one with standart and nginx will not boot
2017-04-14 14:59:19 <Shiz> were you the same person who had issues with this a few days ago?
2017-04-14 14:59:27 <inpothet> yep
2017-04-14 14:59:30 <inpothet> still not working
2017-04-14 14:59:39 <inpothet> even made a new vm
2017-04-14 15:00:58 <Shiz> how very odd
2017-04-14 15:01:11 <inpothet> i'm currently trying with 3.5.2
2017-04-14 15:01:25 <Klowner> installation method? need to lbu commit?
2017-04-14 15:01:39 <inpothet> installed in sys mode
2017-04-14 15:02:17 <Klowner> just running rc-update shows nginx with default next to it?
2017-04-14 15:02:24 <inpothet> yep
2017-04-14 15:03:21 <inpothet> http://i.imgur.com/wkzSy5e.png
2017-04-14 15:04:44 <inpothet> been fighting with it for 3 days now
2017-04-14 15:04:56 <Shiz> it's a very odd situation
2017-04-14 15:05:10 <inpothet> i know
2017-04-14 15:05:45 <Shiz> victorbjelkholm: i think you just want to do # service networking start
2017-04-14 15:05:48 <Shiz> that'll at least bring up lo
2017-04-14 15:06:05 <Shiz> inpothet: the only thing i can think of is that the initramfs somehow rewrites your /etc/runlevels...
2017-04-14 15:06:15 <Shiz> inpothet: can you show me your /boot/extlinux.conf?
2017-04-14 15:06:15 <avih> inpothet: is it possible you have another httpd service running which already occupies the port?
2017-04-14 15:07:02 <avih> also, it's possible to enable rc logs, so iit might shed some light on what's attempted/failing
2017-04-14 15:07:06 <inpothet> @shit let me make a screen @avih nop only installed nginx and nano
2017-04-14 15:07:14 <inpothet> how do i enable the rc logs
2017-04-14 15:07:44 <Shiz> >@shit
2017-04-14 15:07:46 <Shiz> well that's rude
2017-04-14 15:07:56 <inpothet> sorry shiv xD
2017-04-14 15:08:15 <inpothet> i dont know how i made that fuck up
2017-04-14 15:08:39 <avih> lol. no rest for the wiced
2017-04-14 15:08:45 <Klowner> nginx config busted maybe?
2017-04-14 15:08:46 <avih> inpothet: i don't recall. checking.
2017-04-14 15:09:03 <inpothet> nginx -t tells me config is okay
2017-04-14 15:09:47 <inpothet> extlinux.conf
2017-04-14 15:09:47 <inpothet> http://i.imgur.com/FPwrBBY.png
2017-04-14 15:10:28 <inpothet> result of nginx -t
2017-04-14 15:10:44 <inpothet> http://i.imgur.com/1wicZmB.png
2017-04-14 15:14:10 <avih> inpothet: /etc/rc.conf and in it uncomment rc_logger="YES"
2017-04-14 15:15:00 <avih> maybe it tries to run nginx as a not-fully-valid user?
2017-04-14 15:15:21 <inpothet> lets see
2017-04-14 15:16:12 <avih> also, on boot do you see nginx failing to start when rc starts the services? or does it show in green with [OK] ?
2017-04-14 15:16:20 <inpothet> doesnt show at all
2017-04-14 15:16:25 <avih> huh
2017-04-14 15:16:33 <inpothet> okay
2017-04-14 15:16:43 <inpothet> in rc.log i see someting nginx related
2017-04-14 15:17:27 <inpothet> WTF
2017-04-14 15:17:29 <inpothet> now it works
2017-04-14 15:17:47 <inpothet> wait 1 sec
2017-04-14 15:17:52 <avih> (why is rc.conf directly at /etc and not /etc/conf.d ?
2017-04-14 15:18:36 <inpothet> what
2017-04-14 15:18:48 <inpothet> after enableing the rc_logger it starts
2017-04-14 15:19:12 <avih> could be an openrc or config bug which ends up in a race someplace
2017-04-14 15:19:13 <Shiz> que
2017-04-14 15:19:24 <Shiz> avih: conf.d is for specific rc services
2017-04-14 15:19:33 <Shiz> /etc/conf.d/$name applies to /etc/init.d/$name
2017-04-14 15:19:38 <Shiz> rc.conf is global rc config
2017-04-14 15:19:45 <inpothet> let me try on my second vm
2017-04-14 15:19:46 <avih> inpothet: can you reproduce that it fails when disabling the logging again?
2017-04-14 15:19:56 <inpothet> going to test it now
2017-04-14 15:21:01 <avih> Shiz: doesn't sound unreasonable, but took me more than it should have to find it. nevertheless, thanks :)
2017-04-14 15:21:10 <inpothet> starting fine now
2017-04-14 15:21:17 <inpothet> testing my sec vm
2017-04-14 15:21:34 <Shiz> :P
2017-04-14 15:22:58 <inpothet> wierd
2017-04-14 15:24:22 <inpothet> may have found a glitch
2017-04-14 15:24:41 <inpothet> it wont start untill rc-logger has been enabled once
2017-04-14 15:25:06 <Shiz> o.o
2017-04-14 15:25:10 <inpothet> going to make a brand new VM to see if i can replicate
2017-04-14 15:25:18 <avih> inpothet: so now you can't make it fail again?
2017-04-14 15:25:35 <inpothet> after enableing rc_logger once it will stay running
2017-04-14 15:26:12 <avih> once in what? the lifetime of the vm install? boot session?
2017-04-14 15:26:12 <inpothet> http://i.imgur.com/4J8Lvop.png
2017-04-14 15:26:19 <inpothet> vm install
2017-04-14 15:26:48 <inpothet> specs of new vm
2017-04-14 15:27:30 <avih> you mean that even after commenting out rc_logger="YES", it still write new logs on subsequent boots?
2017-04-14 15:27:49 <inpothet> the logs wont write but nginx starts
2017-04-14 15:28:12 <inpothet> and jezus im getting to used to installing alpine already done with install xD
2017-04-14 15:28:25 <avih> <inpothet> after enableing rc_logger once it will stay running <-- ah, so "it" is nginx?
2017-04-14 15:28:31 <inpothet> yea
2017-04-14 15:28:46 <inpothet> sorry may have needed to clarify that haha
2017-04-14 15:30:05 <inpothet> clean install of alpine
2017-04-14 15:30:05 <inpothet> http://i.imgur.com/fMlzHsz.png
2017-04-14 15:30:07 <iron_houzi> How do I build a custom alpine iso for virtualization? I've tried finding info on kernel flavor, but there's only grsec, vserver and pae .. and I cannot find any more information about this. Can someone please explain what all this means, or refer to a resource?
2017-04-14 15:30:15 <avih> try deleting the log file and boot again. maybe it does different things if a log file exists
2017-04-14 15:30:48 <inpothet> after reboot
2017-04-14 15:30:49 <inpothet> http://i.imgur.com/CRjXy45.png
2017-04-14 15:31:43 <inpothet> activated RC_Logger
2017-04-14 15:32:04 <iron_houzi> Oh, nvm -- examples are available in the github repo..
2017-04-14 15:32:29 <inpothet> WTF
2017-04-14 15:32:38 <inpothet> 
ACTION tableflips

2017-04-14 15:35:50 <inpothet> 
ACTION gives up

2017-04-14 15:35:54 <inpothet> brand new VM
2017-04-14 15:36:12 <inpothet> enabled rc_logger, removed and added nginx back to default
2017-04-14 15:36:16 <inpothet> nothing
2017-04-14 15:36:41 <avih> inpothet: would you mind trying his: edit /etc/init.d/nginix and inside the depends() function replace "net" with "sshd" ?
2017-04-14 15:36:51 <avih> this*
2017-04-14 15:37:00 <inpothet> sure
2017-04-14 15:37:47 <avih> (that's clearly incorrect, but i want to see if it fixes it anyway)
2017-04-14 15:38:00 <inpothet> nop
2017-04-14 15:38:07 <avih> doesn't fix?
2017-04-14 15:38:25 <inpothet> http://i.imgur.com/aEMpoR2.png
2017-04-14 15:38:28 <avih> and you never see "nginx" on screen during boot?
2017-04-14 15:38:53 <inpothet> this is starting to become wierd
2017-04-14 15:39:03 <inpothet> should i try with a older alpine version ?
2017-04-14 15:39:22 <avih> yeah. it does sound like a bug someplace, but i don't know enough to analyze it further.
2017-04-14 15:39:32 <inpothet> i will try with 3.0
2017-04-14 15:40:23 <darkfaded> waxh0012:~# xen-livepatch list
2017-04-14 15:40:23 <darkfaded>  ID                                     | status
2017-04-14 15:40:24 <darkfaded> ----------------------------------------+------------
2017-04-14 15:40:24 <darkfaded> Failed to list 0/0: 38(Function not implemented)!
2017-04-14 15:40:26 <darkfaded> sniff sniff
2017-04-14 15:40:55 <darkfaded> but i read the manual for making the patches and it's, um, time-intense
2017-04-14 15:41:22 <darkfaded> makes a lot of sense once you got 100's of hosts but not for the 2 i got atm
2017-04-14 15:41:45 <inpothet> brb
2017-04-14 15:58:55 <inpothet> i'm back
2017-04-14 15:59:48 <inpothet> i have noticed 1 thing
2017-04-14 16:00:09 <inpothet> if i do rc-status default nginx isnt in the list
2017-04-14 16:14:33 <Klowner> weird.. who from coreutils seems to never output anything
2017-04-14 16:18:10 <Shiz> Klowner: not really weird
2017-04-14 16:18:16 <Shiz> musl doesn't do utmp
2017-04-14 16:18:34 <Shiz> http://wiki.musl-libc.org/wiki/FAQ#Q:_why_is_the_utmp.2Fwtmp_functionality_only_implemented_as_stubs_.3F
2017-04-14 16:26:17 <BitL0G1c> inpothet - try the nginx initd from nginx-naxsi - https://hastebin.com/padohozadi.bash
2017-04-14 16:28:05 <inpothet> okay let me change the initd
2017-04-14 16:34:46 <inpothet> BitL0G1c changed the init.d and it didnt work
2017-04-14 16:35:16 <BitL0G1c> tail /var/log/nginx/error.log
2017-04-14 16:35:52 <inpothet> http://i.imgur.com/hPkEq9z.png
2017-04-14 16:36:46 <BitL0G1c> do you have a /run directory ?
2017-04-14 16:36:52 <inpothet> but that is of a hour ago
2017-04-14 16:37:02 <inpothet> yep
2017-04-14 16:37:50 <inpothet> i can start the service by hand using the init
2017-04-14 16:39:01 <BitL0G1c> did you rc-update add nginx ? (so the service starts on boot up)
2017-04-14 16:39:07 <inpothet> yep
2017-04-14 16:39:26 <inpothet> http://i.imgur.com/tTLJMGn.png
2017-04-14 16:50:26 <inpothet> will be back in 3 hours, will try again then
2017-04-14 16:50:39 <BitL0G1c> mount|grep run
2017-04-14 16:51:00 <inpothet> http://i.imgur.com/6UzyLOH.png
2017-04-14 17:02:57 <inpothet> but im off for now
2017-04-14 17:04:41 <darkfader>   /usr/sbin/cache_check: execvp failed: No such file or directory
2017-04-14 17:04:41 <darkfader>   Check of pool vgxen/xen48_data_cache failed (status:2). Manual repair required!
2017-04-14 17:04:44 <darkfader>   /usr/sbin/cache_check: execvp failed: No such file or directory
2017-04-14 17:04:45 <darkfader> yay.
2017-04-14 17:05:29 <darkfader> ah, it's /sbin
2017-04-14 17:06:56 <darkfader> and edge-testing
2017-04-14 17:49:39 <Shiz> what's alpine's x86 triple?
2017-04-14 18:50:02 <xentec> Shiz: https://git.alpinelinux.org/cgit/abuild/tree/functions.sh.in#n6
2017-04-14 18:50:48 <Shiz> cheers
2017-04-14 20:28:48 <darkfader> wow, why won't get this new sys an ip
2017-04-14 20:29:01 <darkfader> i can see the port has link, i see rx packets
2017-04-14 20:30:04 <darkfader> another ifup after setup-interfaces works
2017-04-14 20:30:08 <darkfader> ifconfig didnt
2017-04-14 20:30:10 <darkfader> that is sick
2017-04-14 20:39:52 <Unode> Any suggestion how to deal with: "kthread.c:70:2: error: unknown type name 'int64_t'" ?
2017-04-14 20:40:04 <darkfader> why are the lizardfs packages gone...
2017-04-14 20:41:04 <darkfader> we already had them
2017-04-14 20:41:26 <darkfader> in testing
2017-04-14 20:41:32 <darkfader> but in edge/testing they're not there
2017-04-14 20:41:59 <darkfader> somehow i feel like something tried to make this a real shit day
2017-04-14 21:21:44 <inpothet> I'm back got windows updated
2017-04-14 21:21:49 <inpothet> ffs
2017-04-14 21:22:03 <inpothet> came back and was greeted with hi we have some updates for you
2017-04-15 12:59:59 <skyroveRR> Hey guys, what are the typical UNIX permissions on the "locate" and "updatedb" binary programs from the mlocate software package?
2017-04-15 13:06:31 <^7heo> damn good question.
2017-04-15 13:06:39 <^7heo> I wouldn't know, I use find...
2017-04-15 13:06:51 <^7heo> locate only needs to read the updatedb's db
2017-04-15 13:07:04 <^7heo> but updatedb needs root to read the filesystem's root files I'd say.
2017-04-15 13:07:12 <^7heo> it gets as simple as this, I would believe.
2017-04-15 13:08:26 <skyroveRR> I'm actually *not* using alpine linux, and it sucks having to use root for running updatedb and locate as root.
2017-04-15 13:10:15 <skyroveRR> ^7heo: so.. what does ls -lh $(which locate) tell you? And ls -lh $(which updatedb) ? :)
2017-04-15 13:11:49 <^7heo> command not found: locate
2017-04-15 13:11:52 <^7heo> so...
2017-04-15 13:11:55 <skyroveRR> ...
2017-04-15 13:12:07 <skyroveRR> Well, install mlocate :P
2017-04-15 13:12:32 <^7heo> findutils is actually in main.
2017-04-15 13:12:36 <^7heo> mlocate is in testing.
2017-04-15 13:12:52 <^7heo> http://pkgs.alpinelinux.org/contents?branch=v3.5&name=findutils&arch=aarch64&repo=main
2017-04-15 13:13:23 <^7heo> and find is aliased to busybox when it's not installed from findutils.
2017-04-15 13:13:54 <^7heo> I mean, that's http://pkgs.alpinelinux.org/contents?branch=v3.5&name=findutils&arch=x86_64&repo=main the link for my arch
2017-04-15 13:13:57 <^7heo> but yeah.
2017-04-15 13:14:54 <skyroveRR> find is way less interesting to me than mlocate/slocate :)
2017-04-15 13:16:04 <^7heo> skyroveRR: why?"
2017-04-15 13:16:24 <hiro> locate sucks
2017-04-15 13:16:32 <hiro> use du
2017-04-15 13:16:33 <^7heo> that's not the question ;)
2017-04-15 13:16:36 <^7heo> du?!
2017-04-15 13:16:40 <^7heo> find, you mean...
2017-04-15 13:16:58 <^7heo> https://pagure.io/mlocate/blob/master/f/src
2017-04-15 13:17:04 <hiro> yes, if it's installed, but i use find like du
2017-04-15 13:17:04 <^7heo> here is the mlocate tree.
2017-04-15 13:17:09 <hiro> find|grep bla
2017-04-15 13:17:15 <hiro> cause fuck this stupid find syntax, too.
2017-04-15 13:17:26 <^7heo> it's not that optimal
2017-04-15 13:17:31 <^7heo> but yeah ok.
2017-04-15 13:17:41 <hiro> find -yourmom -yourname -yourfathername
2017-04-15 13:17:46 <^7heo> :D
2017-04-15 13:17:56 <_ikke_> find . -name '*test*'
2017-04-15 13:17:56 <skyroveRR> ^7heo: I've got the source already....
2017-04-15 13:17:57 <^7heo> sure, but how would you use du instead of find?
2017-04-15 13:18:05 <hiro> _ikke_: sorry i always forget the .
2017-04-15 13:18:05 <^7heo> _ikke_: you don't need the .
2017-04-15 13:18:13 <hiro> ^7heo: you don't??
2017-04-15 13:18:13 <^7heo> at least with zsh
2017-04-15 13:18:19 <^7heo> not with zsh no
2017-04-15 13:18:21 <hiro> ^7heo: well, i wouldn't know
2017-04-15 13:18:30 <^7heo> same as doing grep -rni 'foo' .
2017-04-15 13:18:41 <^7heo> you can just do `grep -rni 'foo'`
2017-04-15 13:18:50 <hiro> find is too confusing
2017-04-15 13:18:56 <hiro> nobody in their right mind can remember all it's options
2017-04-15 13:19:05 <^7heo> well, also works fine with busybox's ash
2017-04-15 13:19:08 <^7heo> find -name 'test'
2017-04-15 13:19:13 <^7heo> finds stuff.
2017-04-15 13:19:18 <hiro> du|grep test is shorter
2017-04-15 13:19:28 <^7heo> ahh I see what you mean.
2017-04-15 13:19:36 <^7heo> du is actually listing the files for their size
2017-04-15 13:19:50 <^7heo> and du is half the effort to type
2017-04-15 13:19:57 <^7heo> so it works better for you ;)
2017-04-15 13:19:59 <hiro> yeah, but it works. everywhere. without -yourmom or . or zsh
2017-04-15 13:20:05 <^7heo> yeah
2017-04-15 13:20:08 <^7heo> but on the other hand
2017-04-15 13:20:15 <hiro> btw. apropro zsh :P
2017-04-15 13:20:16 <^7heo> find works without the . by spec I'd say
2017-04-15 13:20:22 <^7heo> because it works with ash too.
2017-04-15 13:21:05 <hiro> as one of the few people actually using simple (a)sh based shells: watching this right now: https://www.youtube.com/watch?v=2kEJoWfobpA
2017-04-15 13:21:50 <^7heo> so yeah, find works without the '.'
2017-04-15 13:22:03 <hiro> 15:19 ^7heo du is actually listing the files for their size
2017-04-15 13:22:05 <hiro> find also does that
2017-04-15 13:22:11 <hiro> it can do a hell lot more than that
2017-04-15 13:22:11 <skyroveRR> Oh, found the permissions :P
2017-04-15 13:22:20 <hiro> it's fucking insane
2017-04-15 13:22:37 <^7heo> yeah I dunno
2017-04-15 13:22:42 <^7heo> skyroveRR: what are they?
2017-04-15 13:22:47 <skyroveRR> In the Makefile
2017-04-15 13:22:50 <skyroveRR> In the source.
2017-04-15 13:23:05 <skyroveRR> chmod g+s,go-w "$(DESTDIR)$(binddir)/locate
2017-04-15 13:24:26 <^7heo> aaaah
2017-04-15 13:24:33 <^7heo> THAT is what you meant for the permissions of locate.
2017-04-15 13:24:49 <^7heo> not what permissions it need to run
2017-04-15 13:24:54 <^7heo> but what permissions the FILE has.
2017-04-15 13:24:58 <skyroveRR> What did you mean when I said "UNIX permissions"..
2017-04-15 13:25:16 <skyroveRR> * What did you think when I said "UNIX permissions"...
2017-04-15 13:25:21 <hiro> he said root, which i understood as synonymous with suid :D
2017-04-15 13:25:38 <hiro> so i was wondering wtf the problem was haha
2017-04-15 13:25:38 <^7heo> skyroveRR: I just wrote what I thought.
2017-04-15 13:25:44 <^7heo> yeah ;)
2017-04-15 13:26:18 <^7heo> well it guid tho.
2017-04-15 13:26:24 <^7heo> it's*
2017-04-15 13:26:34 <hiro> g + suid bit, no?
2017-04-15 13:26:50 <hiro> it applies to the group...
2017-04-15 13:26:51 <^7heo> yeah that's what I meant.
2017-04-15 13:27:09 <skyroveRR> In case anyone in the future wants them...
2017-04-15 13:27:10 <skyroveRR> $ ls -lh /bin/updatedb
2017-04-15 13:27:13 <skyroveRR> -rwxr-sr-x 1 root root 90K Apr 13 20:18 /bin/updatedb*
2017-04-15 13:27:15 <skyroveRR> $ ls -lh /bin/locate
2017-04-15 13:27:18 <skyroveRR> -rwxr-sr-x 1 root root 111K Apr 13 20:18 /bin/locate*
2017-04-15 13:27:37 <^7heo> yeah
2017-04-15 13:28:25 <^7heo> I wonder why it's group suid and not user suid
2017-04-15 13:28:49 <hiro> in case you wanna give it to a group named like fs or admin
2017-04-15 13:33:43 <hiro> users shouldn't be allowed to locate in dirs that are off their reach
2017-04-15 18:13:09 <hiro> but what's that about dude! :D
2017-04-15 18:13:43 <hiro> sry
2017-04-15 21:01:13 <Xe> is there a way to add authentication information to an apk repo?
2017-04-15 21:02:21 <^7heo> wat?
2017-04-15 21:04:44 <Xe> HTTP basic auth
2017-04-16 01:49:50 <Nobabs27> ngircd https://pastebin.com/ewa0PwgZ "bad password" ??
2017-04-16 03:56:42 <snappy> q: is there any information on how zfs on root for alpine works?
2017-04-16 06:52:39 <Sandlayth> hi
2017-04-16 06:53:03 <Sandlayth> i'm trying to install php7
2017-04-16 06:53:08 <Sandlayth> and i get
2017-04-16 06:53:11 <Sandlayth> ERROR: unsatisfiable constraints:
2017-04-16 06:53:13 <Sandlayth>   so:libwebp.so.7 (missing):
2017-04-16 06:53:29 <Sandlayth> i tried to apk add --no-cache  --repository http://dl-cdn.alpinelinux.org/alpine/edge/main --repository  http://dl-cdn.alpinelinux.org/alpine/edge/community  docker
2017-04-16 06:53:43 <Sandlayth> as described in https://forums.docker.com/t/docker-apk-package-for-alpine-linux-has-an-unresolved-dependency-to-libseccomp/9604/3
2017-04-16 06:53:55 <Sandlayth> or even in https://bugs.alpinelinux.org/issues/5377
2017-04-16 06:54:21 <Sandlayth> any idea?
2017-04-16 07:05:54 <_ikke_> Sandlayth: Seems like a dependency is missing, try installing the libwebp package
2017-04-16 07:07:55 <Sandlayth> uh
2017-04-16 07:08:00 <Sandlayth> it works
2017-04-16 07:08:26 <Sandlayth> but, apk should install the dependency by itself, shouldn't it?
2017-04-16 07:08:49 <_ikke_> yes, if the dependency was declared properly
2017-04-16 07:08:57 <_ikke_> but apparently it isn't
2017-04-16 07:09:12 <Sandlayth> i should open an issue
2017-04-16 07:09:43 <snappy> going to repeat question from earlier since there's activity: is there any information on using alpine with zfs on root - i saw an article that as of 3.5 it is supported
2017-04-16 07:10:08 <Sandlayth> wth
2017-04-16 07:10:26 <Sandlayth> on https://pkgs.alpinelinux.org/package/edge/community/x86_64/php7-gd libwebp seems to exist
2017-04-16 07:11:36 <_ikke_> subpackages can have different dependencies
2017-04-16 07:12:29 <_ikke_> snappy: Sorry, don't know much about it
2017-04-16 07:13:17 <Sandlayth> i don't understand
2017-04-16 07:13:25 <Sandlayth> if i previously got this error:
2017-04-16 07:13:25 <snappy> all good, thnaks
2017-04-16 07:13:27 <Sandlayth> ERROR: unsatisfiable constraints:
2017-04-16 07:13:29 <Sandlayth>   so:libwebp.so.7 (missing):
2017-04-16 07:13:31 <Sandlayth>     required by:
2017-04-16 07:13:33 <Sandlayth>                  php7-gd-7.0.17-r4[so:libwebp.so.7]
2017-04-16 07:13:43 <Sandlayth> it only concerns php7-gd, right?
2017-04-16 08:01:50 <luxio> Are there any nonfree components of Alpine?
2017-04-16 08:57:18 <hiro> i'm using a bunch of nonfree packages
2017-04-16 09:02:47 <clandmeter> hiro, which are?
2017-04-16 09:03:27 <hiro> the iwl firmware and opera
2017-04-16 09:03:44 <hiro> sorry, i forgot opera is just chrome, which is basically "free", lol
2017-04-16 09:03:51 <hiro> though nobody ever managed to read the code.
2017-04-16 09:04:37 <clandmeter> Other then FW most of the non free are going based am mostly useless
2017-04-16 09:05:03 <clandmeter> Glibc based...
2017-04-16 09:05:18 <hiro> yeah
2017-04-16 09:05:55 <hiro> but real freedom comes from within, from clarity of code and small size.
2017-04-16 09:06:02 <hiro> so it's not like it matters really
2017-04-16 09:08:39 <clandmeter> We have exception's like flash player on chrome
2017-04-16 09:09:09 <clandmeter> It's in our non free repo
2017-04-16 09:09:39 <hiro> ah yeah, i forgot about flash!
2017-04-16 09:10:03 <hiro> probably other stuff, too, but i must have forgotten
2017-04-16 09:10:53 <hiro> also i keep on confusing my multiple installed OS, especially since nowadays i sometimes even use them at the same time through chroots
2017-04-16 10:27:05 <ryonaloli> >opera is just chrome
2017-04-16 10:27:12 <ryonaloli> yeah without the security :P
2017-04-16 10:33:44 <hiro> ryonaloli: security?!
2017-04-16 10:33:54 <hiro> i mean the web browser...
2017-04-16 10:34:40 <ryonaloli> yeah i mean the web browser
2017-04-16 10:35:00 <ryonaloli> chrome == secure. opera == extremely insecure.
2017-04-16 10:35:25 <hiro> ryonaloli: wtf
2017-04-16 10:35:34 <hiro> ryonaloli: is this some kind of in-joke that i don't get?
2017-04-16 10:35:44 <ryonaloli> no?
2017-04-16 10:35:51 <hiro> ryonaloli: well, how do you back up your claim?
2017-04-16 10:36:00 <ryonaloli> you could sell a chrome 0day for $300,000. you could sell an opera 0day for maybe $10,000 or less.
2017-04-16 10:36:17 <hiro> hahaha, so because of market size?
2017-04-16 10:36:26 <ryonaloli> easy to back it up. look at the internals and how chrome does mitigations using its memory allocator (partitionalloc), sandboxing, etc.
2017-04-16 10:36:38 <hiro> oh my fucking...
2017-04-16 10:36:39 <ryonaloli> as well as how google does 24/7 fuzzing on hundreds of cores, is looking into CFI.
2017-04-16 10:36:45 <hiro> hahahahaha
2017-04-16 10:37:00 <hiro> you're fucking insane
2017-04-16 10:37:03 <ryonaloli> heh
2017-04-16 10:37:10 <hiro> there's nothing less insecure than all this complex web shit
2017-04-16 10:37:19 <ryonaloli> i'm talking about which is more secure
2017-04-16 10:37:25 <ryonaloli> i'm not saying that one of them is perfectly secure :P
2017-04-16 10:37:25 <hiro> this is so stupid
2017-04-16 10:37:32 <ryonaloli> lol ok
2017-04-16 10:37:55 <hiro> if you aren't saying it you're leaving away the crucially important disclaimer that both are still nearly just as insecure
2017-04-16 10:38:08 <hiro> fucking googletroll
2017-04-16 10:38:13 <ryonaloli> they're miles apart in terms of insecurity
2017-04-16 10:38:18 <hiro> hahaha
2017-04-16 10:38:19 <hiro> MILES
2017-04-16 10:38:29 <hiro> RISC miles or CISC miles?
2017-04-16 10:38:55 <ryonaloli> oh i get it, you're just one of those people who doesn't like chrome/chromium because of the origin, and is willing to commit a genetic fallacy for your only argument.
2017-04-16 10:39:07 <ryonaloli> regardless of how the browsers actually work.
2017-04-16 10:39:21 <ryonaloli> do note that i am talking exclusively about security, not privacy defaults.
2017-04-16 10:39:35 <hiro> ryonaloli: no. i just hate all browsers that have the size of the linux kernel and do mostly nothing useful for me.
2017-04-16 10:39:44 <ryonaloli> that's fair
2017-04-16 10:39:56 <ryonaloli> it's fine to say that all browsers are vulnerable and all browsers are pieces of shit
2017-04-16 10:40:07 <hiro> as i said, you're dilluting this fact.
2017-04-16 10:40:09 <ryonaloli> some are just a good bit more shit than others
2017-04-16 10:40:12 <Nycatelos> It's just that some of them are bigger pieces of shit
2017-04-16 10:40:19 <ryonaloli> precisely
2017-04-16 10:40:22 <hiro> 12:40 ryona some are just a good bit more shit than others
2017-04-16 10:40:24 <hiro> totally irrelevant
2017-04-16 10:40:42 <hiro> there's no way adding more paint to the webkit turd is gonna improve anything
2017-04-16 10:40:49 <ryonaloli> hiro: were you under the impression that i was trying to say that chrome/chromium could not be compromised?
2017-04-16 10:41:06 <hiro> ryonaloli: you were marketing it's security "technology"
2017-04-16 10:41:29 <hiro> ryonaloli: there's nothing secure about that 'technology", and still you dare to use words like security
2017-04-16 10:41:38 <ryonaloli> its security "technology" are techniques which are not at all unique to chrome, and are used pretty ubiquitously.
2017-04-16 10:41:48 <ryonaloli> nothing to market there.
2017-04-16 10:41:58 <hiro> ryonaloli: pretending there's any way to weigh any more a metric amount of "security"
2017-04-16 10:42:12 <ryonaloli> there's no pretending. that's how infosec works.
2017-04-16 10:42:13 <hiro> ryonaloli: then why do you sound like some google advertisement
2017-04-16 10:42:14 <ryonaloli> it's all about raising the bar.
2017-04-16 10:42:19 <hiro> "how browsers work"
2017-04-16 10:42:22 <ryonaloli> maybe because you have an irrational hatred for google.
2017-04-16 10:42:25 <hiro> "how infosec works"
2017-04-16 10:42:36 <ryonaloli> and anything it creates, you hate it due to google being unethical.
2017-04-16 10:42:47 <Nycatelos> dude everything is just as bad and we should just use unpatched webkit
2017-04-16 10:42:51 <hiro> i don't care about google's ethics
2017-04-16 10:43:42 <hiro> as if you had any amount of meaningful understanding how these browser work apart from the shitty tech journalist articles that you skipped over that made you catch a couple buzzwords
2017-04-16 10:44:17 <hiro> you're pretending you know something about a topic, that every programmer that works on has to admit he knows nothing about.
2017-04-16 10:44:28 <ryonaloli> hiro, i'm a security consultant and i work for a small defense contractor. i've done exploit brokering. i understand how browsers work without reading shitty tech journalist articles.
2017-04-16 10:44:31 <hiro> hahahahaha
2017-04-16 10:44:33 <hiro> a consultant
2017-04-16 10:44:43 <ryonaloli> do you know what a security consultant is?
2017-04-16 10:44:58 <ryonaloli> you would pay me $200 an hour for my consultation.
2017-04-16 10:45:16 <hiro> ryonaloli: fucking condescending piece of shit
2017-04-16 10:45:24 <ryonaloli> try looking in a mirror.
2017-04-16 10:45:39 <ryonaloli> i only respond in kind.
2017-04-16 10:46:10 <ryonaloli> < hiro> as if you had any amount of meaningful understanding how these browser work apart from the shitty tech journalist articles that you skipped over that made you catch a couple buzzwords
2017-04-16 10:46:14 <ryonaloli> ^ i'm such a condescending piece of shit :)
2017-04-16 10:46:30 <hiro> ryonaloli: you're fucking retarded.
2017-04-16 10:46:41 <ryonaloli> kk
2017-04-16 10:47:14 <hiro> ryonaloli: as if i would care about your fucking security business partners with their fucked up market which only exists because of insane people stacking turd software on top of turd software
2017-04-16 10:47:21 <ryonaloli> Nycatelos: why unpatched webkit? let's just go back to early netscape with a totally broken prng :D
2017-04-16 10:47:36 <hiro> ryonaloli: when we talk about security on #alpine-linux we are not talking about webkit memory allocators.
2017-04-16 10:47:41 <Nycatelos> ryonaloli: I need to run my javascript faster :p
2017-04-16 10:47:45 <hiro> ryonaloli: it's about low complexity.
2017-04-16 10:47:53 <ryonaloli> hiro: infosec *promotes* low complexity.
2017-04-16 10:48:08 <hiro> ryonaloli: if you want *actual* security, not what your stupid tribe tries to sell us, you make it possible to HANDLE the code, directly.
2017-04-16 10:48:16 <ryonaloli> you see the infosec community constantly lambasting antivirus companies for their high complexity.
2017-04-16 10:48:34 <hiro> ryonaloli: like my granny complaining about windows changing her background image
2017-04-16 10:49:04 <ryonaloli> this is why it's a core goal to reduce the trusted computing base of applications with a large attack surface area (which chrome/chromium does, IE/edge does, firefox will eventually do, and opera does not do at all)
2017-04-16 10:49:17 <ryonaloli> hiro: what are you talking about?
2017-04-16 10:50:32 <hiro> ryonaloli: nothing is gonna change the fact that nobody is able to handle the amount of complexity that is *already there*
2017-04-16 10:51:01 <hiro> ryonaloli: all this security snakeoil technology is not gonna fix the broken architecutral decisions that made webkit a piece of shit
2017-04-16 10:51:10 <ryonaloli> are you just talking about UX related stuff?
2017-04-16 10:51:13 <hiro> no
2017-04-16 10:51:18 <hiro> i'm talking about overall complexity
2017-04-16 10:51:26 <ryonaloli> so code/architecture complexity
2017-04-16 10:51:32 <hiro> a concept anybody can understand without having to look at the detail of this fucking browser
2017-04-16 10:51:39 <hiro> ryonaloli: yes.
2017-04-16 10:52:19 <hiro> just because infosec trolls antivirus companies doesn't mean chrome is more secure.
2017-04-16 10:52:54 <ryonaloli> what makes chrome more secure is the smaller TCB
2017-04-16 10:52:59 <ryonaloli> the reduced complexity in the TCB
2017-04-16 10:53:22 <ryonaloli> now sure, crap like libnss not being sandboxed is an issue, because libnss is a piece of shit
2017-04-16 10:53:46 <ryonaloli> but you still have imlib2, webkit, the javascript engine, etc. all sandboxed.
2017-04-16 10:55:05 <ryonaloli> all it means is, if a target of mine is using opera, i say "phew!", if they are using firefox, i say "well i guess i'll have to ask around", and if they are using chrome/chromium, i say "god dammit, let's try to find another angle of attack"
2017-04-16 10:55:45 <ryonaloli> (unless i was working for raytheon or leidos or some shit, in which case i might just use part of my budget to buy a chrome exploit :P)
2017-04-16 10:56:15 <ryonaloli> so yes, it *is* more secure. is it absolutely secure? no, it's a giant fucking browser with insane complexity. but is it more secure than firefox or opera? definitely.
2017-04-16 10:56:43 <ryonaloli> and no amount of saying "everything is too complex i wish things were more simple" is gonna change that
2017-04-16 10:59:14 <hiro> ryonaloli: i don't care about targeted attacks
2017-04-16 10:59:26 <hiro> ryonaloli: i care about actual security AND STABILITY
2017-04-16 10:59:44 <hiro> ryonaloli: if people can gather up 10k to attack me it's already too late
2017-04-16 10:59:47 <ryonaloli> then you still want chrome. its isolation allows it to isolate faults in individual tabs.
2017-04-16 10:59:57 <^7heo> talking about targeted attacks
2017-04-16 11:00:07 <^7heo> chrome is closed source.
2017-04-16 11:00:26 <ryonaloli> ^7heo: chromium is not, though. and chrome is 99.99% open, with the RLZ beacon being the only closed source part.
2017-04-16 11:00:36 <ryonaloli> and the mp4 decoder and flash if you count that.
2017-04-16 11:00:54 <^7heo> therefore it is totally impossible to know what "additions" google (or any party with the needed legislative power) might have done to it.
2017-04-16 11:01:04 <hiro> ryonaloli: i don't think that *everything* is too complex.
2017-04-16 11:01:05 <^7heo> ryonaloli: chromium has much LESS of a market share than opera.
2017-04-16 11:01:08 <ryonaloli> ^7heo: i generally recommend chromium
2017-04-16 11:01:13 <^7heo> ryonaloli: your argument then doesn't stand.
2017-04-16 11:01:17 <^7heo> it's valid for CHROME
2017-04-16 11:01:21 <hiro> ryonaloli: just your stupid mainstream shitsoftware that you can find on your stupid infosec marketplaces
2017-04-16 11:01:21 <^7heo> not chromium.
2017-04-16 11:01:22 <ryonaloli> ^7heo: chromium's source code is identical in terms of what makes it a browser
2017-04-16 11:01:28 <^7heo> how do you know?
2017-04-16 11:01:30 <hiro> ryonaloli: it's shit i explicitly want to avoid
2017-04-16 11:01:34 <^7heo> chrome is closed source...
2017-04-16 11:01:38 <^7heo> how CAN you know?
2017-04-16 11:01:44 <ryonaloli> ^7heo: because you can look at how much is added?
2017-04-16 11:01:45 <^7heo> you just assume.
2017-04-16 11:01:48 <ryonaloli> you see that the RLZ code is added
2017-04-16 11:01:53 <^7heo> assuming makes for GREAT security.
2017-04-16 11:01:56 <^7heo> great chat man.
2017-04-16 11:01:56 <ryonaloli> and you can see plugins are added
2017-04-16 11:01:58 <^7heo> great chat.
2017-04-16 11:01:59 <ryonaloli> lol
2017-04-16 11:02:13 <ryonaloli> ^7heo: you realize chrome is built from chromium, right?
2017-04-16 11:02:21 <ryonaloli> all the actual development from chrome is done in chromium
2017-04-16 11:02:35 <ryonaloli> there is close to 0 development that is chrome-specific.
2017-04-16 11:02:49 <^7heo> I realize that I don't know in what measure chrome is built from chromium; and neither do you.
2017-04-16 11:02:58 <^7heo> I realise that I'm not assuming anything in that regard; but you are.
2017-04-16 11:02:59 <ryonaloli> yes i do lol
2017-04-16 11:03:04 <^7heo> s/se/ze/
2017-04-16 11:03:10 <ryonaloli> ok you need to look into how the build process works
2017-04-16 11:03:15 <^7heo> I realize that I'm happy to avoid ANY web interaction anyway.
2017-04-16 11:03:22 <^7heo> No I do not.
2017-04-16 11:03:28 <^7heo> I'm not using any product labelled google.
2017-04-16 11:03:29 <ryonaloli> but you can happily use chromium if you don't trust the RLZ beacon
2017-04-16 11:03:48 <^7heo> and while I will have to, soon, I can at least try to keep it to a bare minimum.
2017-04-16 11:03:51 <ryonaloli> ah another genetic fallacy~
2017-04-16 11:04:01 <ryonaloli> it's a shame, because a good portion of the linux kernel is written by google
2017-04-16 11:04:11 <ryonaloli> especially many of the security features
2017-04-16 11:04:11 <^7heo> I know. I try to avoid it where I can.
2017-04-16 11:04:20 <ryonaloli> you can't. they aren't configurable
2017-04-16 11:04:32 <ryonaloli> i'm not talking about android :P
2017-04-16 11:04:36 <^7heo> Oh sorry, I didn't realize that BSD was derived of Linux...
2017-04-16 11:04:40 <ryonaloli> what
2017-04-16 11:04:44 <ryonaloli> oh
2017-04-16 11:04:45 <^7heo> I guess you know what you're talking about.
2017-04-16 11:04:53 <^7heo> I'll leave you then.
2017-04-16 11:04:56 <ryonaloli> i assumed you were using linux, given the channel you were in
2017-04-16 11:05:01 <^7heo> Assumed.
2017-04-16 11:05:05 <^7heo> Mr Assumer.
2017-04-16 11:05:06 <^7heo> Yeah.
2017-04-16 11:05:10 <^7heo> Be secure ;)
2017-04-16 11:05:13 <^7heo> But not too close to me please.
2017-04-16 11:05:14 <^7heo> o/
2017-04-16 11:05:20 <ryonaloli> mm more fallacies~
2017-04-16 11:05:55 <ryonaloli> making a safe assumption now implies i use assumptions rather than checking the actual development process of a major browser. that's not a good way to go about logical thinking.
2017-04-16 11:06:03 <ryonaloli> heh
2017-04-16 11:06:24 <hiro> ryonaloli: look. let's be less insulting for a last time, and explain just as a summarry the problem here: #alpine-linux is concerned with making a small base that throws away heavy baggage like glibc, particularly for love of simplicity and fear of needless complexity. You on the other hand are trying to promote the thoughts of a *business* that inherently profits from needless complexity, which gives
2017-04-16 11:06:25 <hiro> it attack vectors for *lots* of simple exploits, and a whole market of security-snakeoil countermeasures. We are not part in this whole scharade.
2017-04-16 11:07:07 <ryonaloli> hiro: the infosec community is strongly against complexity. i think you're misrepresenting the snakeoil industries for the infosec community.
2017-04-16 11:07:25 <hiro> ryonaloli: no, infosec is not aligned with your opinion.
2017-04-16 11:07:34 <hiro> ryonaloli: which otoh doesn't matter, because this is not #infosec
2017-04-16 11:07:41 <ryonaloli> we profit off of reducing complexity. i develop a custom operating system which may be switching to modified musl, even.
2017-04-16 11:07:43 <hiro> ryonaloli: i have no wish to find out more about them on this channel.
2017-04-16 11:07:49 <ryonaloli> specifically because it is easier to audit and modify.
2017-04-16 11:08:02 <hiro> ryonaloli: but as chrome is a part of alpine linux it deserves the warning i gave here.
2017-04-16 11:08:05 <ryonaloli> well then, you will continue to have your false believe that infosec tries to profit off of reducing security and adding complexity.
2017-04-16 11:08:18 <ryonaloli> s/believe/belief/
2017-04-16 11:10:00 <hiro> ryonaloli: as i said, i wish to remain completely ignorant of infosec in terms of this channel.
2017-04-16 11:10:37 <hiro> ryonaloli: it's a stupid, boring topic.
2017-04-16 11:10:39 <ryonaloli> then i sure hope you are not using alpine linux for anything security-critical, and i sure hope you do not try to give advice to anyone in this channel without explicitly asking them if they care one bit about security with their use of alpine linux.
2017-04-16 11:10:54 <ryonaloli> otherwise you are doing yourself and others a great disservice.
2017-04-16 11:10:56 <hiro> i give loads of security advice here
2017-04-16 11:11:03 <ryonaloli> oh dear
2017-04-16 11:11:10 <hiro> for example i tell people all the time not to use computers to discuss sensitive issues
2017-04-16 11:11:14 <ryonaloli> i better add your nick to my highlight list
2017-04-16 11:11:24 <hiro> the fix is so much easier than creating an account on your secret forums
2017-04-16 11:11:34 <hiro> hell, it's even easier than installing TOR
2017-04-16 11:11:43 <hiro> ryonaloli: i sure hope so.
2017-04-16 11:13:10 <hiro> 13:04 ryona i assumed you were using linux, given the channel you were in
2017-04-16 11:13:27 <hiro> nowadays it's easy and cheap to have multiple computers and VMs
2017-04-16 11:13:42 <hiro> i don't know any computer geeks that only use one OS
2017-04-16 11:13:44 <ryonaloli> indeed, but it seems he meant he was not using linux at all.
2017-04-16 11:14:07 <ryonaloli> all i cared about was if he used linux at all, even if his primary OS was HP-UX or TempleOS :P
2017-04-16 11:14:16 <hiro> "checking the actual development process of a major browser."
2017-04-16 11:14:22 <hiro> nobody can follow that pace
2017-04-16 11:14:37 <ryonaloli> that's what ESR is for
2017-04-16 11:14:40 <ryonaloli> (for firefox at least)
2017-04-16 11:14:52 <hiro> no, it's still too much code.
2017-04-16 11:15:09 <ryonaloli> plenty of people can follow it. that's how browser forks are maintained.
2017-04-16 11:15:26 <ryonaloli> i mean you have to be dedicated if you want to follow it very well, but you can have a pretty good idea.
2017-04-16 11:15:31 <hiro> so you're telling me i have to trust "plenty of people"?
2017-04-16 11:15:36 <hiro> no, you can't
2017-04-16 11:15:43 <ryonaloli> have you ever tried?
2017-04-16 11:15:43 <hiro> you *feel* like you have a pretty good idea.
2017-04-16 11:15:49 <hiro> and that was my main complaint here from th ebeginning
2017-04-16 11:15:55 <hiro> you are wrong.
2017-04-16 11:16:14 <hiro> how about you start with downloading the source code of fucking chromium and doing a wc -l ?
2017-04-16 11:16:20 <hiro> then read 10 lines of code
2017-04-16 11:16:26 <hiro> and interpolate how long it would take to read all of them
2017-04-16 11:16:40 <ryonaloli> i've grepped through the entire chromium source and read every memmove() and looked at how it interacted with the rest of the code.
2017-04-16 11:16:54 <ryonaloli> (yes it was painful)
2017-04-16 11:17:04 <hiro> ryonaloli: that's just the low hanging fruits
2017-04-16 11:17:18 <ryonaloli> but who said you had to read it all? i'm talking about following the progress of a browser, not knowing the entire codebase like the back of your hand.
2017-04-16 11:17:36 <hiro> ryonaloli: which is btw the other complaint that i keep on making about infosec: there is NO VALUE in picking low hanging fruits, if the whole stem is completely rotten inside out
2017-04-16 11:17:58 <ryonaloli> there's value to the people selling them :P
2017-04-16 11:18:06 <hiro> ryonaloli: cause if you kick the stem one time really hard you get the whole tree falling with all those infosec duddes falling out the branches trying to pick their stupid fruits
2017-04-16 11:18:19 <hiro> it's worthless.
2017-04-16 11:18:20 <ryonaloli> (it's true though. there is no value in picking low hanging fruits. it's better to create entire mitigations which destroy all those low hanging fruits at once)
2017-04-16 11:18:27 <ryonaloli> e.g. UDEREF
2017-04-16 11:18:36 <hiro> ryonaloli: abstraction isn't successful
2017-04-16 11:18:50 <ryonaloli> takes out all NULL ptr deref-based attacks at once. no need to hunt down every NULL ptr deref in the kernel.
2017-04-16 11:19:13 <ryonaloli> er, vm.mmap_min_addr
2017-04-16 11:19:19 <ryonaloli> UDEREF does more
2017-04-16 11:19:56 <ryonaloli> hiro: i'm not talking about abstraction, i'm talking about mitigations that take out classes of bugs.
2017-04-16 11:20:00 <ryonaloli> instead of hunting individual bugs.
2017-04-16 11:20:30 <hiro> also
2017-04-16 11:20:30 <hiro> 13:15 ryona plenty of people can follow it. that's how browser forks are maintained.
2017-04-16 11:20:38 <hiro> then how come all those browsers are completely buggy all the time
2017-04-16 11:20:42 <hiro> and crash every five minutes
2017-04-16 11:20:48 <ryonaloli> i'm talking about things like tor browser that follow ESR
2017-04-16 11:20:49 <hiro> doesn't sound very "maintained" to me
2017-04-16 11:20:53 <ryonaloli> not like iron broser crap which split off
2017-04-16 11:20:55 <ryonaloli> and go their own way
2017-04-16 11:21:56 <ryonaloli> forks that go their own way are gonna have a tough time. forks that pull in from ESR or a stable tree are gonna have better luck.
2017-04-16 11:21:59 <hiro> "but who said you had to read it all?" -> that's the only way to know that something is even moderately well designed, and thus whether it has *any* chance in being secure.
2017-04-16 11:22:31 <ryonaloli> you talking about just knowing whether or not it's well designed? not talking about a full audit?
2017-04-16 11:22:50 <ryonaloli> because you really don't need to read the whole thing to get an idea of how good it is. just read a bit of imlib2 and you'll understand how bad it is :P
2017-04-16 11:23:12 <hiro> i don't care about *classes of bugs*
2017-04-16 11:23:19 <hiro> again: these are just low hanging fruits
2017-04-16 11:23:22 <hiro> they don't concern me.
2017-04-16 11:23:43 <hiro> firefox is also too big
2017-04-16 11:23:58 <hiro> tor browser includes JAVASCRIPT via firefox
2017-04-16 11:24:15 <ryonaloli> that's why you use noscript to disable javascript, if you want to reduce your attack surface.
2017-04-16 11:24:25 <ryonaloli> a nice little security slider lets you turn it off, and more (like svg images)
2017-04-16 11:24:32 <hiro> totally great idea, running somebody else's, who i explicitly don't trust thus using TOR browser, program, on my computer
2017-04-16 11:24:39 <hiro> then yo uget shit like webgl
2017-04-16 11:24:44 <hiro> intrinsically insecure.
2017-04-16 11:24:52 <ryonaloli> also disabled on tor browser (and yeah, webgl is a disgusting monster)
2017-04-16 11:24:55 <hiro> and how do you teach people not to use it?
2017-04-16 11:24:58 <hiro> it's useless
2017-04-16 11:25:25 <hiro> whatever snakeoil they put will never make up for all the thousands of ways you can trick your users into helping you execute untrusted code
2017-04-16 11:25:36 <hiro> which is normally not needed, cause javascript is typically enabled BY DEFAULT
2017-04-16 11:25:59 <ryonaloli> well and even with the slider on high, you got nasty image decoders running
2017-04-16 11:26:06 <hiro> 13:22 ryona you talking about just knowing whether or not it's well designed? not talking about a full audit?
2017-04-16 11:26:24 <hiro> i know that shit is not designed well if it does nothing for me, has millions of lines of code, and crashes under my ass all the fucking time
2017-04-16 11:26:31 <hiro> i don't need a full audit
2017-04-16 11:26:42 <ryonaloli> firefox/chrome crashes for you all the time?
2017-04-16 11:26:44 <hiro> though i'd like one just for the sake of argument against you
2017-04-16 11:26:52 <hiro> YOU should make a full audit, personally.
2017-04-16 11:26:54 <hiro> and then come back here
2017-04-16 11:27:09 <hiro> (i hope it gives me some time to do something more useful in the meantime)
2017-04-16 11:27:14 <ryonaloli> oh dear, i could never audit a major browser. no one can. those things are horrific.
2017-04-16 11:27:22 <hiro> imlib2 is my smallest concern.
2017-04-16 11:27:32 <hiro> it's REALLY small in comparison
2017-04-16 11:27:44 <ryonaloli> imlib2 is one of my biggest, because i know it has a 0day for tor browser that doesn't need js :P
2017-04-16 11:27:54 <ryonaloli> (well imlib2 and/or its constituent decoders)
2017-04-16 11:28:14 <ryonaloli> s/has/suffers/
2017-04-16 11:28:36 <hiro> the DOM got complex enough i'd bet there's less bugs in imlib2 even
2017-04-16 11:28:57 <hiro> i know you have a *feeling* that decoding images should be more complex than displaying text
2017-04-16 11:29:01 <hiro> but sadly... it's not.
2017-04-16 11:29:04 <ryonaloli> i know
2017-04-16 11:29:16 <hiro> because of... the software you're trying to support here.
2017-04-16 11:29:25 <ryonaloli> fun fact: it's easier to pwn firefox with text/plain than it is to pwn a fully loaded apache server
2017-04-16 11:29:31 <hiro> 13:27 ryona oh dear, i could never audit a major browser. no one can. those things are horrific.
2017-04-16 11:29:32 <hiro> see
2017-04-16 11:29:34 <hiro> now you agree
2017-04-16 11:29:43 <ryonaloli> i never said that browsers weren't horrific :P
2017-04-16 11:30:16 <ryonaloli> again, all i want to bring home is that some are far worse than others, not that browsers aren't nasty things.
2017-04-16 11:31:13 <hiro> metaphorically you tried to put them onto a scale without showing the algorithm you used for scaling the axis, also you left away the zero.
2017-04-16 11:31:37 <ryonaloli> the scale is >, <, or =
2017-04-16 11:31:52 <ryonaloli> (or >> or <<)
2017-04-16 11:31:55 <hiro> like there's all kinds of normal software near 1000 suck, all kinds of random shit between 1000 and 10000 suck, and you're somewhere at 1000^1000 suck and pretend that a +1 difference there is meaningful in any way
2017-04-16 11:32:10 <ryonaloli> it's extremely meaningful
2017-04-16 11:32:13 <ryonaloli> in many real-life scenarios
2017-04-16 11:32:18 <hiro> nope
2017-04-16 11:32:28 <ryonaloli> the difference between chrome and firefox security has caused me a *lot* of trouble
2017-04-16 11:32:53 <hiro> because in real-life average people like us #alpine-linux members aren't actually targetted by people that want to fuck our lifes over if only they could spend 10k on that act.
2017-04-16 11:33:19 <hiro> it's just NOT the realistic median attack scenario
2017-04-16 11:33:36 <hiro> if you belong to the most targetted, it's easy to get by without computer altogether
2017-04-16 11:33:58 <hiro> while otoh most other people just want certain minimum quality standards, which BRING SECURITY as a SIDEEFFECT
2017-04-16 11:34:33 <hiro> you think average people really care how secure their browser is? they just don't want it to crash every 5 minutes, that's all, they want to get their fucking work done.
2017-04-16 11:34:48 <ryonaloli> you realize that first, paying the money is a one-time thing. i have exploits worth more than that, and it's not like i have to go and waste $100k each time i use it. many people don't even *buy* exploits, they find them or trade for them.
2017-04-16 11:34:56 <hiro> and right now that's impossible, because instead of fixing the mess at the root most companies are polishing their turds
2017-04-16 11:35:16 <ryonaloli> second of all, having a less secure browser means you're more likely to be caught up in between the time a massive vulnerability is found in public and the time you upgrade.
2017-04-16 11:35:48 <ryonaloli> or because insecure browsers have many unfixed but mild public bugs that can be chained together to make a bigger, nastier bug (firefox ESR has that issue)
2017-04-16 11:36:15 <hiro> ryonaloli: you're just bragging about your stupid exploits, there's enough people with better proven background that have written about the market.
2017-04-16 11:36:19 <hiro> i don't want to hear from you AGAIN.
2017-04-16 11:36:31 <hiro> i don't believe your anecdotal "evidence"
2017-04-16 11:36:47 <ryonaloli> nothing here is bragging. these came from my job. i did not any of the valuable bugs myself.
2017-04-16 11:37:10 <hiro> 13:35 ryona second of all, having a less secure browser means you're more likely to be caught up in between the time a massive
2017-04-16 11:37:10 <hiro>             vulnerability is found in public and the time you upgrade.
2017-04-16 11:37:13 <hiro> total bullshit
2017-04-16 11:37:17 <ryonaloli> the point is to show that there is not necessarily money involved for each use of an exploit.
2017-04-16 11:37:46 <ryonaloli> hiro: that's not at all true. compare the time it tags for a bug to be reported on, e.g. full-disclosure and to be fixed for various browsers.
2017-04-16 11:37:53 <ryonaloli> chrome and firefox tend to fix bugs quite quickly.
2017-04-16 11:38:04 <ryonaloli> IE/Edge can be pretty slow at fixing bugs, same with opera.
2017-04-16 11:38:04 <hiro> ryonaloli: money, time, ressources
2017-04-16 11:38:10 <hiro> ryonaloli: i don't care as long as they are interchangeable
2017-04-16 11:38:25 <hiro> ryonaloli: if you need to register on the infosec forums first, that also takes time
2017-04-16 11:39:18 <ryonaloli> sometimes all you have to do is get a core impact subscription. then even if you're not a target, you become low hanging fruit.
2017-04-16 11:39:32 <ryonaloli> or a script kiddie manages to get a cracked version of core impact.
2017-04-16 11:39:35 <ryonaloli> or CANVAS or something.
2017-04-16 11:39:50 <ryonaloli> they're written in python. easy to extract exploits from.
2017-04-16 11:40:08 <hiro> i don't care how long it take the browsers to fix low-hanging fruits
2017-04-16 11:40:25 <ryonaloli> even if it's an RCE?
2017-04-16 11:40:37 <ryonaloli> or a severe infoleak?
2017-04-16 11:40:49 <hiro> it's *trivial* to close the browser
2017-04-16 11:41:00 <hiro> i care more about services that are always turned on on servers
2017-04-16 11:41:25 <hiro> also, while for most this is probably difficult, i can still choose what websites i visit
2017-04-16 11:41:27 <ryonaloli> most people with computers do not run servers. securing a server is a totally different matter.
2017-04-16 11:41:38 <hiro> exactly
2017-04-16 11:41:47 <hiro> which is a good opportunity to remind you that this is #alpine-linux
2017-04-16 11:41:50 <hiro> not #infosec
2017-04-16 11:41:50 <ryonaloli> choose what websites you visit, eh? tell that to XSS :P
2017-04-16 11:41:57 <hiro> i don't XSS
2017-04-16 11:42:09 <ryonaloli> or are you the first person who only uses websites which set anti-xss headers and use proper csp?
2017-04-16 11:42:25 <hiro> wtf, no, i just plain out don't run everybody's javascript on my computer
2017-04-16 11:42:51 <hiro> as i said, i'm not your average attack vector. to pwn me you have to use different tricks than just add me on facebook
2017-04-16 11:43:10 <hiro> you have to apt-get your debian rootkit-installation-wizard
2017-04-16 11:43:18 <ryonaloli> right, like use that image exploit that was used in the wild in actual advertisements against the masses like what, 6 months ago?
2017-04-16 11:43:22 <ryonaloli> 4 months?
2017-04-16 11:44:13 <hiro> look, there's the big problem, summarized for you again: most people have javascript enabled on most websites, half of them uses NO ADBLOCKER, half of them can be tricked to allow webgl, flash, and half of those again even freaking outdated JAVA!
2017-04-16 11:44:36 <hiro> the reason this state exists is because they are not fucking freaked out about running completely insecure, complex, unmaintainable machines
2017-04-16 11:44:57 <ryonaloli> so tell them to use a browser that auto-updates, has a small TCB that even sandboxes webgl, which is cracking down hard on flash and java, etc.
2017-04-16 11:45:00 <hiro> the other reason is that browser vendors and their mates keep on making useless changes that only increase complexity and do nothing for the user.
2017-04-16 11:45:05 <ryonaloli> one which is objectively harder to attack than another.
2017-04-16 11:45:07 <ryonaloli> simple as that.
2017-04-16 11:45:15 <hiro> 13:44 ryona so tell them to use a browser that auto-updates, has a small TCB that even sandboxes webgl, which is cracking down hard on
2017-04-16 11:45:18 <ryonaloli> who cares that some people use IE8?
2017-04-16 11:45:24 <hiro> that's not helping
2017-04-16 11:45:26 <ryonaloli> those people are fucked anyway
2017-04-16 11:45:30 <hiro> there's still javascripts run
2017-04-16 11:45:35 <hiro> on mostly any website they visit
2017-04-16 11:45:44 <hiro> even if i managed to teach them how to install an adblocker (normally fails)
2017-04-16 11:45:45 <ryonaloli> javascript increases attack surface, but it's not game over.
2017-04-16 11:45:51 <hiro> it's just an example
2017-04-16 11:46:18 <hiro> all the rest is getting more complex, too, probably you can identify many other components that are always active and turing complete by now
2017-04-16 11:46:30 <ryonaloli> yeah HTML5+CSS3
2017-04-16 11:46:33 <hiro> isn't CSS for example turing complete already?
2017-04-16 11:46:43 <ryonaloli> only when combined with HTML5
2017-04-16 11:46:48 <hiro> so not, ok.
2017-04-16 11:46:58 <hiro> but whatever, it wouldn't have surprised me, and *that's* the point.
2017-04-16 11:47:16 <hiro> so this is the median attack vector
2017-04-16 11:47:26 <hiro> the root of insecurity is plain obvious
2017-04-16 11:47:41 <hiro> we on #alpine have a tendency to avoid all of this
2017-04-16 11:48:04 <ryonaloli> i still don't get what you have against recommending using something that is objectively more secure, even if the popular options are all not ideal.
2017-04-16 11:48:13 <hiro> if people here need security i'm sure they're able to setup their adblocking in a more adjusted method
2017-04-16 11:48:44 <ryonaloli> setting up adblock doesn't mean they know that chrome is more secure than firefox. most people think it's the other way around, which is unfortunate.
2017-04-16 11:48:48 <hiro> ryonaloli: your "objective wisdom" is more harmful than saying nothing.
2017-04-16 11:49:17 <ryonaloli> there's no wisdom in here. this is a fact which, if someone wants to avoid exploitation, is something people need to know.
2017-04-16 11:49:43 <hiro> i don't care that exploits on YOUR stupid infosec forums are more expensive for chrome.
2017-04-16 11:49:46 <ryonaloli> when people are looking for anonymity, i direct them to tor browser. when someone is looking for security and a generic day to day browser, i say chrome (well, chromium)
2017-04-16 11:50:01 <ryonaloli> this is not about market price (and there are no forums involved)
2017-04-16 11:50:03 <hiro> i do care though not to send google telemetry about me
2017-04-16 11:50:21 <hiro> so, why should i assume other people don't have the same issue when i were to recommend them a browser?!
2017-04-16 11:50:29 <ryonaloli> you know, you *can* just turn off the checkmarks for "enable predictive searches", right?
2017-04-16 11:50:31 <hiro> i have a very simple way of teaching all my non-IT friends.
2017-04-16 11:50:47 <hiro> i tell them: if you have a lot of money, don't do transactions on the internet
2017-04-16 11:50:56 <ryonaloli> whenever i recommend chromium, i tell people that they can turn off predictive searches and such if they don't want the urls they put into the omnibar to go to google.
2017-04-16 11:50:56 <hiro> don't trust your computer.
2017-04-16 11:51:00 <hiro> case closed.
2017-04-16 11:51:05 <ryonaloli> do note that firefox actually does the same thing.
2017-04-16 11:51:10 <ryonaloli> that's how mozilla gets money.
2017-04-16 11:51:20 <hiro> now, we more technical people should treat things mildly different.
2017-04-16 11:51:26 <hiro> but what you add is completely worthless imo.
2017-04-16 11:51:31 <hiro> it's non-technical buzzword bingo.
2017-04-16 11:51:42 <ryonaloli> what i add provides both security, and privacy.
2017-04-16 11:52:00 <hiro> you should just say *nothing* about practical security in (l)unix environments
2017-04-16 11:52:07 <ryonaloli> what you add provides reduced security, and a false impression of privacy (with the exception of the recommendation to avoid computers for important things, which is good)
2017-04-16 11:52:24 <hiro> "when people are looking for anonymity, i direct them to tor browser." -> wrong.
2017-04-16 11:52:29 <hiro> you shouldn't give them any false hopes
2017-04-16 11:52:32 <hiro> you're just making it worse.
2017-04-16 11:52:43 <hiro> you're increasing their trust in the broken technology.
2017-04-16 11:52:44 <ryonaloli> so are you one of those people who just tell everyone to give up?
2017-04-16 11:53:07 <ryonaloli> leading them to continue using IE/Edge or chrome for their most sensitive communications with people in other countries?
2017-04-16 11:53:07 <hiro> 13:49 ryona there's no wisdom in here. this is a fact which, if someone wants to avoid exploitation, is something people need to know.
2017-04-16 11:53:11 <hiro> this otoh i can subscribe
2017-04-16 11:53:36 <hiro> 13:50 ryona you know, you *can* just turn off the checkmarks for "enable predictive searches", right?
2017-04-16 11:53:40 <hiro> ryonaloli: are you so clueless?
2017-04-16 11:53:50 <hiro> ryonaloli: have you never snooped on what chrome does on the network when you do nothing?
2017-04-16 11:54:00 <ryonaloli> yes, i have :/
2017-04-16 11:54:02 <hiro> ryonaloli: even with all the bullshit features turned off?!
2017-04-16 11:54:07 <ryonaloli> and again, i have
2017-04-16 11:54:09 <hiro> there's *always* bullshit happening.
2017-04-16 11:54:14 <ryonaloli> the only thing it does is use google dns
2017-04-16 11:54:16 <ryonaloli> and check for updates
2017-04-16 11:54:24 <ryonaloli> the google dns is only for updates and such, at that.
2017-04-16 11:54:25 <hiro> and yes, i have to say i don't like google auto updates.
2017-04-16 11:54:29 <hiro> it's the same principle
2017-04-16 11:54:41 <ryonaloli> good thing they don't work on linux when installed via apt-get or another package manager.
2017-04-16 11:54:58 <ryonaloli> they only apply on windows (and i don't do microsoft consultation or help with windows users in general)
2017-04-16 11:55:07 <hiro> the whole idea that this is even necessarry is enough proof that browsers are inherently insecure and useless for any security topic.
2017-04-16 11:55:29 <hiro> 13:50 ryona whenever i recommend chromium, i tell people that they can turn off predictive searches and such if they don't want the urls
2017-04-16 11:55:29 <hiro>             they put into the omnibar to go to google.
2017-04-16 11:55:32 <hiro> too much work for my granny
2017-04-16 11:55:37 <hiro> she wouldn't get it anyway
2017-04-16 11:55:45 <ryonaloli> granny is not gonna be my target audience
2017-04-16 11:55:52 <ryonaloli> you have to tell them to do that for firefox too
2017-04-16 11:55:55 <hiro> if the default isn't what those people want, then the whole product is rotten.
2017-04-16 11:55:58 <ryonaloli> so it wouldn't work whether it's chrome or firefox
2017-04-16 11:56:07 <ryonaloli> and i notice you are only answering my older answers so you cannot respond when i respond
2017-04-16 11:56:21 <ryonaloli> either you're being intellectually dishonest, or you're scroll log is very small.
2017-04-16 11:56:35 <ryonaloli> try to get in sync
2017-04-16 11:57:00 <hiro> 13:52 ryona so are you one of those people who just tell everyone to give up?
2017-04-16 11:57:04 <hiro> no, the opposite
2017-04-16 11:57:10 <ryonaloli> because pretty much everything you've said so far has been either incorrect, a misunderstanding, or already applies to all other browsers.
2017-04-16 11:57:21 <hiro> i'm saying people like you with infosec, picking low hanging fruits, selling security snakeoil, YOU have given up
2017-04-16 11:57:39 <hiro> i demand more productive activities from you
2017-04-16 11:57:58 <hiro> 13:53 ryona leading them to continue using IE/Edge or chrome for their most sensitive communications with people in other countries?
2017-04-16 11:58:04 <hiro> i tell them specifically not to do that
2017-04-16 11:58:05 <ryonaloli> 1) i do not pick low hanging fruit for these purposes. 2) i do not sell security snake oil. that is what antivirus companies do. and 3) you were clearly referring to people who use tor browser, not to me.
2017-04-16 11:58:11 <ryonaloli> sigh
2017-04-16 11:58:15 <ryonaloli> i think you're doing this on purpose
2017-04-16 11:58:43 <ryonaloli> stay in sync. if you're answering something and i'm moving on, tell me that. don't start answering backlog or i'll respond to that answer and we'll get farther and farther out of sync.
2017-04-16 11:58:59 <hiro> 13:56 ryona try to get in sync
2017-04-16 11:59:00 <hiro> patience
2017-04-16 11:59:04 <ryonaloli> and you, unlike me, will only respond once to each line, in an attempt to get the last word.
2017-04-16 11:59:51 <hiro> "or already applies to all other browsers." -> i'm not saying firefox or others are better in any meaningful way.
2017-04-16 12:00:04 <ryonaloli> this line for example, i have a feeling you will respond to it without allowing an actual back and forth conversation to occur. you will see it, respond to it, i will respond to your respond, and you will have already moved on to the next line, not seeing my response and leaving it hanging.
2017-04-16 12:00:15 <hiro> 13:58 ryona i think you're doing this on purpose
2017-04-16 12:00:28 <hiro> no, i have to multitask here. time is limited.
2017-04-16 12:00:54 <ryonaloli> if you have to multitask and are slow to answer, then answer the latest thing on your scroll log.
2017-04-16 12:01:25 <hiro> ryonaloli: i admit i mix up things from the first and the last lines still visible on my scroll buffer
2017-04-16 12:01:43 <ryonaloli> you can't just tell that the bottom line is the most recent?
2017-04-16 12:01:50 <hiro> ryonaloli: there is an intrinsic asynchronous nature in irc conversations sadly
2017-04-16 12:02:02 <hiro> cause you will not wait for me to finish my thought, and i won't wait for you either.
2017-04-16 12:02:23 <hiro> i don't want to miss out on calling you out for previous misunderstandings
2017-04-16 12:02:38 <ryonaloli> you're trying to answer every single line, in such a way that i would have to go back up and answer lines out of order to respond to them.
2017-04-16 12:02:51 <hiro> else you will sneak in some obscene misinformation again and then force me to ignore it by blabbering too fast.
2017-04-16 12:02:53 <ryonaloli> that's not just asynchronous. that's an out of order conversation.
2017-04-16 12:03:07 <ryonaloli> there is no misinformation being presented here.
2017-04-16 12:03:07 <hiro> correct.
2017-04-16 12:03:16 <hiro> it's out of order :)
2017-04-16 12:03:39 <hiro> that's why i used the word "admit". i recognize the confusion it results in now.
2017-04-16 12:04:06 <ryonaloli> so then we agree that both firefox and chromium have privacy issues and send data back to google.
2017-04-16 12:04:15 <ryonaloli> and we both agree that chromium is better for resisting exploitation.
2017-04-16 12:04:18 <hiro> but it's ok, I decided at this point extreme confusion and hilarious performance is the only thing that will result in meaningful closure about this topic
2017-04-16 12:04:40 <hiro> 14:04 ryona so then we agree that both firefox and chromium have privacy issues and send data back to google.
2017-04-16 12:04:41 <hiro> yes
2017-04-16 12:04:51 <ryonaloli> we both agree that you can mitigate the privacy issues on both browsers, but it may not be possible for granny.
2017-04-16 12:04:52 <hiro> 14:04 ryona and we both agree that chromium is better for resisting exploitation.
2017-04-16 12:04:55 <hiro> not really
2017-04-16 12:05:04 <hiro> *significantly*
2017-04-16 12:05:13 <ryonaloli> hiro: i'm saying that it's relatively better, not that it's objectively *good*
2017-04-16 12:05:23 <hiro> it's not even objectively, relatively better
2017-04-16 12:05:25 <ryonaloli> compared to, say, a patched up elinks with a custom sandbox in a tight selinux policy.
2017-04-16 12:05:32 <hiro> because there are *many* differences on unrelated layers
2017-04-16 12:05:35 <ryonaloli> hiro: you ever seen it compete in pwn2own? :P
2017-04-16 12:05:43 <hiro> i don't care about such events
2017-04-16 12:05:46 <ryonaloli> or read the phrack analysis on presarena?
2017-04-16 12:06:08 <ryonaloli> no? then why do you say that it is not objectively better?
2017-04-16 12:06:26 <hiro> i sometimes skimmed over and nothing gave me confidence that any single browser figured out a way to maximize security
2017-04-16 12:06:39 <hiro> there's the crucial and only solution: lowered complexity
2017-04-16 12:06:39 <ryonaloli> that's irrelevant
2017-04-16 12:06:54 <hiro> i don't care about benchmarks, staged fights, etc.
2017-04-16 12:07:03 <hiro> i don't trust nobody in the browser business
2017-04-16 12:07:19 <hiro> they're all working together to what it's worth to me
2017-04-16 12:07:23 <ryonaloli> still irrelevant. this isn't about whether or not a browser is truly secure.
2017-04-16 12:07:26 <hiro> mainly against my interests.
2017-04-16 12:07:39 <ryonaloli> because no browser is truly secure. even links/lynx/elinks/w3m are nasty pieces of shit.
2017-04-16 12:07:47 <ryonaloli> (mostly because no one cares about securing them though, tbh)
2017-04-16 12:07:57 <hiro> 14:04 ryona we both agree that you can mitigate the privacy issues on both browsers, but it may not be possible for granny.
2017-04-16 12:07:58 <hiro> not sure
2017-04-16 12:08:15 <hiro> you can prevent *some* telemetry being sent
2017-04-16 12:08:19 <ryonaloli> well try it out, and analyze what is actually happening
2017-04-16 12:08:20 <hiro> not sure if it's all.
2017-04-16 12:08:30 <ryonaloli> because on chromium, you can prevent 100% of private information from being sent.
2017-04-16 12:08:30 <hiro> there is *so much* being sent i can't keep an overview
2017-04-16 12:08:38 <ryonaloli> (chromium, not chrome)
2017-04-16 12:09:37 <hiro> i don't trust it.
2017-04-16 12:09:40 <_ikke_> no software is secure
2017-04-16 12:09:49 <ryonaloli> indeed
2017-04-16 12:09:50 <hiro> but that's beside the point: because i don't *need* to trust it enough.
2017-04-16 12:10:08 <ryonaloli> _ikke_: i'm only talking about relative security
2017-04-16 12:10:18 <hiro> ryonaloli: there is no such thing as relative security
2017-04-16 12:10:19 <ryonaloli> _ikke_: (also, you can formally verify software, so within certain constraints...)
2017-04-16 12:10:32 <ryonaloli> hiro: what are you talking about? like i said before, security is *all about* raising the bar
2017-04-16 12:10:37 <hiro> ryonaloli: the only valid topic is *practical* security against *practical* attack vectors
2017-04-16 12:10:47 <ryonaloli> yes, and that's all relative
2017-04-16 12:11:05 <hiro> nope. there is no single scale with just two axis.
2017-04-16 12:11:25 <hiro> there are too many orthogonal features, all compromising security in different ways.
2017-04-16 12:11:36 <ryonaloli> hiro: are you claiming that product X cannot be more or less secure than product Y, when they both have the same threat model and process the same type of data?
2017-04-16 12:12:03 <ryonaloli> "same threat model" negates "compromising security in different ways"
2017-04-16 12:12:05 <hiro> ryonaloli: i'm saying there cannot be a meaningful *definition* of what should be considered more secure in the first place.
2017-04-16 12:12:12 <ryonaloli> and "processing the same types of data" negates "too many orthoganal features"
2017-04-16 12:12:22 <ryonaloli> hiro: of course there is. that's what threat modeling is all about.
2017-04-16 12:12:33 <hiro> ryonaloli: more buzzword bingo
2017-04-16 12:12:37 <ryonaloli> people spend hours, days, weeks doing threat model analysis.
2017-04-16 12:12:49 <ryonaloli> you realize that threat modeling is a real thing, right?
2017-04-16 12:12:53 <ryonaloli> it's not just a buzzword.
2017-04-16 12:13:00 <hiro> i dont care about *their* threat model.
2017-04-16 12:13:10 <hiro> it doesn't take me into account...
2017-04-16 12:13:27 <hiro> if it even barely managed to at least cover average interest perhaps i'd be more curious.
2017-04-16 12:13:33 <ryonaloli> a program's threat model is a formal thing, unrelated to the term you might be familiar with in layman's opsec.
2017-04-16 12:13:48 <hiro> but for example it doesn't include the demand that i and most people share that a browser should be simple, lightweight, stable.
2017-04-16 12:14:04 <_ikke_> that has nothing to do with security per-se
2017-04-16 12:14:06 <ryonaloli> a program's threat model is expressed in call flow graphs and mathematics. it has nothing to do with you wanting to use specific sites.
2017-04-16 12:14:16 <ryonaloli> or with your own opsec and desires.
2017-04-16 12:14:22 <hiro> for me one of the most concrete threats to my personal security is software bloats
2017-04-16 12:14:32 <hiro> (as long as i'm sitting in front of the computer)
2017-04-16 12:14:38 <ryonaloli> why?
2017-04-16 12:14:47 <hiro> because i can understand simple software.
2017-04-16 12:14:49 <ryonaloli> are you allergic to it?
2017-04-16 12:14:52 <_ikke_> bigger attack surface
2017-04-16 12:14:56 <hiro> i get confused when i use complex software.
2017-04-16 12:14:59 <ryonaloli> _ikke_: i understand what he's getting at
2017-04-16 12:15:00 <hiro> *I* make errors.
2017-04-16 12:15:07 <hiro> ryonaloli: i can't read the manual if it's too long.
2017-04-16 12:15:08 <ryonaloli> i want to see if he is able to understand that that's not part of a threat model
2017-04-16 12:15:20 <hiro> ryonaloli: my admin might not be able to read *his* manual if it's too long
2017-04-16 12:15:39 <hiro> ryonaloli: my programmer might not be able to understand the function API of the shitty lib he's using if it's too long.
2017-04-16 12:16:01 <_ikke_> software is inherently complex, if you like it or not
2017-04-16 12:16:08 <ryonaloli> hiro: it sounds like you don't actually know what this term means. yes, more code complexity can increase attack surface. what does that have to do with threat model? what does that say about the adversary, the assets, the resources?
2017-04-16 12:16:24 <ryonaloli> does that tell you if you're using biba? bell lapadula? no ACL?
2017-04-16 12:16:26 <ryonaloli> RBAC? ABAC?
2017-04-16 12:16:52 <hiro> 14:13  hiro i dont care about *their* threat model.
2017-04-16 12:17:11 <ryonaloli> hiro: again, a program's threat model is *not* what you might think about when you think "threat model"
2017-04-16 12:17:48 <ryonaloli> it's a very specific, formal thing, and yes, you do care about it (or you should)
2017-04-16 12:18:05 <hiro> 14:16 _ikke software is inherently complex, if you like it or not
2017-04-16 12:18:16 <hiro> of course, but i want no *unnecessarry* complexity
2017-04-16 12:18:39 <hiro> 14:16 ryona does that tell you if you're using biba? bell lapadula? no ACL?
2017-04-16 12:18:43 <hiro> more name-dropping
2017-04-16 12:18:58 <_ikke_> hiro: The only way to get that is to build all software yourself
2017-04-16 12:18:58 <hiro> what's the point of this discussion for you?
2017-04-16 12:19:08 <_ikke_> hiro: then you only get the amount of complexity that you require
2017-04-16 12:19:09 <ryonaloli> hiro: to see why you think the way you think. that is the point.
2017-04-16 12:19:20 <ryonaloli> and these are things you can look up on wikipedia. these aren't complex terms.
2017-04-16 12:19:23 <hiro> _ikke_: or use practical metrics that reduce the chances of having to deal with bad quality software
2017-04-16 12:19:48 <hiro> _ikke_: you can try software and count how often it crashes during a typical preselected testing task
2017-04-16 12:19:49 <ryonaloli> the point of that "namedropping", fwiw, was to bring home the point that a program's threat model has nothing at all to do with your personal threat model as it applies to your own opsec.
2017-04-16 12:19:54 <_ikke_> hiro: simple software can still be bad quality, and complex software can still be good quality
2017-04-16 12:20:05 <hiro> _ikke_: i'm not making an argument against complexity.
2017-04-16 12:20:14 <ryonaloli> _ikke_: yup, compare netscape and chromium :P
2017-04-16 12:20:20 <ryonaloli> *cough* tls key gen *cough*
2017-04-16 12:20:26 <hiro> _ikke_: i'm making an argument about complexity that is used to solve simple problems in extremely useless complex ways
2017-04-16 12:20:36 <hiro> s/about/against/
2017-04-16 12:20:55 <ryonaloli> hiro: is anyone disagreeing with you?
2017-04-16 12:21:02 <ryonaloli> on that matter, at least
2017-04-16 12:21:25 <_ikke_> hiro: how are you determining if it's useless complexity or necessary complexity?
2017-04-16 12:21:38 <_ikke_> hiro: Doesn't that depend on usecases?
2017-04-16 12:21:49 <hiro> _ikke_: sure, let's say i want to read a piece of text
2017-04-16 12:21:49 <ryonaloli> your argument was that there is no such thing as relative security, which i disagreed with. that chromium and firefox and opera did not differ in terms of which was more secure in any meaningful way (which is completely bogus). if you said that they were all exploitable, i'd agree. if you said that they were all too complex, i would agree.
2017-04-16 12:22:07 <hiro> _ikke_: do I need to allocate 3GB of memory for reading 10kB of text?
2017-04-16 12:22:12 <ryonaloli> curl -s "${url}" | less
2017-04-16 12:22:12 <ryonaloli> :P
2017-04-16 12:22:17 <hiro> _ikke_: or might that be a sign of horrible software quality?
2017-04-16 12:23:04 <_ikke_> hiro: Well, that's a very limited usecase
2017-04-16 12:23:23 <hiro> sure.
2017-04-16 12:23:28 <_ikke_> ryonaloli: something with netcat would be even more simple
2017-04-16 12:23:34 <hiro> but this is obviously just an example
2017-04-16 12:23:46 <ryonaloli> _ikke_: yeah but then you don't get tls
2017-04-16 12:23:57 <ryonaloli> and openssl s_client needs an annoyingly long flag if you want to secure it
2017-04-16 12:23:57 <hiro> experience can show you how defined tasks/features have been solved/provided in the past and what ressources that needed
2017-04-16 12:24:07 <_ikke_> right, so if security is a requirement, it adds complexity
2017-04-16 12:24:16 <ryonaloli> yay heartbleed
2017-04-16 12:24:45 <_ikke_> hiro: but your requirements may differ from someone elses requirements
2017-04-16 12:24:51 <ryonaloli> hiro: nothing is stopping you from using curl/wget/nc/telnet/s_client/CM-MX-butterfly for viewing plain text
2017-04-16 12:24:53 <hiro> i don't have a formal procedure to determining this, but for many common use cases that most people agree in how they should look it's quite obvious for most people without any formal prior definitions
2017-04-16 12:25:06 <hiro> ryonaloli: who's telling you i'm not already doing this?
2017-04-16 12:25:11 <_ikke_> hiro: You seem to think the web is only to display text
2017-04-16 12:25:17 <ryonaloli> hiro: your complaints make it seem that way
2017-04-16 12:25:18 <hiro> ryonaloli: that's precisely why i'm here on #alpine-linux
2017-04-16 12:25:40 <hiro> _ikke_: nope
2017-04-16 12:25:53 <ryonaloli> you ever seen that unix koan?
2017-04-16 12:25:53 <hiro> _ikke_: and wget can also download images.
2017-04-16 12:25:57 <ryonaloli> with awk vs sed?
2017-04-16 12:26:10 <hiro> i'm not interested in this topic. i use both awk and sed.
2017-04-16 12:26:27 <ryonaloli> http://www.catb.org/esr/writings/unix-koans/shell-tools.html
2017-04-16 12:27:15 <hiro> "no such thing as relative security" -> i admit that's a bold claim.
2017-04-16 12:27:36 <hiro> it might be utterly wrong indeed, but i wanted to provoke the thought nonetheless :)
2017-04-16 12:27:50 <_ikke_> hiro: people expect certain features from web browsers. More features is more complexity
2017-04-16 12:28:00 <ryonaloli> snippet: "Why, then, are there several tools with similar capabilities in text processing: sed, awk and Perl? With which one can I best practice the Unix way?" "Master Foo asked the novice: If you have a text file, what tool would you use to produce a copy with a few words in it replaced by strings of your choosing?" "When you are hungry, eat; when you are thirsty, drink; when you are tired, sleep.
2017-04-16 12:28:06 <ryonaloli> " "Upon hearing this, the novice was enlightened."
2017-04-16 12:28:07 <ryonaloli> ^ use the tools you need for the job
2017-04-16 12:28:14 <_ikke_> while you might not need all those features, browsers cannot be tailored to one specific type of user
2017-04-16 12:28:16 <hiro> _ikke_: actually most people don't explicitly demand all those features
2017-04-16 12:28:24 <ryonaloli> if you need extreme security, use curl and less, and don't complain that browsers exist and do too much
2017-04-16 12:28:30 <ryonaloli> when you need javascript, use a browser
2017-04-16 12:28:33 <hiro> _ikke_: it's a small elite that gets to decide on what the rest of the world has to bear with in the browsers
2017-04-16 12:28:35 <_ikke_> hiro: not all people require the same feaures
2017-04-16 12:29:34 <hiro> _ikke_: correct. which is why 99% of those features are useless bloat to me personally, and >50% are probably bloat to anybody else who thought about it.
2017-04-16 12:29:53 <ryonaloli> some things i agree are absolutely stupid
2017-04-16 12:29:56 <ryonaloli> webgl, asmjs
2017-04-16 12:30:06 <ryonaloli> the insane complexity added to javascript and HTML5
2017-04-16 12:30:27 <ryonaloli> but we can all agree that simplicity is a good thing for security. you won't find anyone sane who disagrees.
2017-04-16 12:30:29 <_ikke_> people want the web to be a complete platform
2017-04-16 12:30:46 <ryonaloli> you can find people who argue about the merit of having a complex browser because it is featureful, sure.
2017-04-16 12:31:00 <ryonaloli> but this all started because i said that chromium was more secure than firefox.
2017-04-16 12:31:07 <kallenp> Hi all from Czech Republic. Does anyone have any idea howto configure/setup Alpine linux on Raspberry PI to stream only the picture from USB connected webcam ? I am need any tips for software. Verry thanks, Petr Kallen
2017-04-16 12:31:15 <ryonaloli> not because i said that we need more complexity (which i obviously don't believe)
2017-04-16 12:32:18 <hiro> 14:28 ryona ^ use the tools you need for the job
2017-04-16 12:32:24 <hiro> this only works if the tools are *seperated*
2017-04-16 12:32:28 <hiro> into individual tools
2017-04-16 12:32:48 <hiro> orthogonal concepts, that interlock well to create one bigger solution to even complex problems
2017-04-16 12:32:50 <ryonaloli> websites tend to need a lot at once :P
2017-04-16 12:33:23 <kallenp> ?
2017-04-16 12:33:29 <hiro> yeah, but as in your complaint from esr the components web sites are built from do not provide orthogonal features
2017-04-16 12:33:36 <ryonaloli> i do wish to separate things like webgl (just download a trusted program and use opengl), asmjs is... well fuck it, that's what the x86 ISA is for.
2017-04-16 12:33:55 <hiro> 14:28 ryona if you need extreme security, use curl and less, and don't complain that browsers exist and do too much
2017-04-16 12:34:00 <hiro> i'll complain as much as i feel like
2017-04-16 12:34:22 <hiro> and i'm joining in with many other people who do the same, so you don't really have much hope not to hear about this topic
2017-04-16 12:34:31 <ryonaloli> hiro: that's fair, i complain a fair amount about browsers and other software too.
2017-04-16 12:34:51 <ryonaloli> but at least don't try to claim that chromium is not more secure than firefox (which was my original and only main point)
2017-04-16 12:35:00 <ryonaloli> well, opera was my main point, but it applies to ff too
2017-04-16 12:35:20 <hiro> 14:30 _ikke people want the web to be a complete platform
2017-04-16 12:35:21 <hiro> not really
2017-04-16 12:35:26 <hiro> they wanna lick google's ass
2017-04-16 12:35:40 <_ikke_> hiro: ...
2017-04-16 12:35:41 <ryonaloli> most people don't give a shit about who makes the browser
2017-04-16 12:35:45 <hiro> we had great ideas about the web in the 90s
2017-04-16 12:35:52 <hiro> now all the progress has been reversed
2017-04-16 12:35:57 <hiro> it's completely inaccessible horrible shit
2017-04-16 12:36:32 <hiro> the majority will decide, over and over again, completely ill-informed.
2017-04-16 12:36:49 <_ikke_> The majority does not care
2017-04-16 12:36:57 <hiro> most decisions by the majority are not based on rational thinking
2017-04-16 12:37:16 <hiro> and even so, they have nothing to say.
2017-04-16 12:37:32 <hiro> the only people who can do something useful with complaints would be developers
2017-04-16 12:38:03 <hiro> but hopefully they are busy selling snake-oil themselves to finance a roof above their heads :)
2017-04-16 12:39:37 <ryonaloli> i think you have too much hatred for google to actually understand what goes into writing a browser or what influences the web.
2017-04-16 12:40:00 <ryonaloli> the developers and even the people in charge of the majority of the direction chromium goes do not get involved in silly "web 3.0" bullshit
2017-04-16 12:40:03 <hiro> 14:34 ryona but at least don't try to claim that chromium is not more secure than firefox (which was my original and only main point)
2017-04-16 12:40:11 <hiro> lets settle on this: i won't claim the *opposite*
2017-04-16 12:40:28 <ryonaloli> then you are asking to settle on something which is not true
2017-04-16 12:40:44 <hiro> i'm asking to settle on a refusal of claim
2017-04-16 12:41:03 <hiro> i'm not claiming your opinion, nor the opposite.
2017-04-16 12:41:08 <_ikke_> How do you determine if software is more or less secure than other software?
2017-04-16 12:41:10 <hiro> it should be easy to accept :)
2017-04-16 12:41:11 <ryonaloli> i mean you can say "agree to disagree", but that doesn't change the facts. it's better to just say "i don't want to discuss this" than to try a petty copout like that.
2017-04-16 12:41:22 <hiro> _ikke_: yeah, that was my point.
2017-04-16 12:41:31 <ryonaloli> _ikke_: many ways. in the case of chromium, there is the memory allocator, the sandboxing, the multiprocess architecture.
2017-04-16 12:41:43 <ryonaloli> the 24/7 fuzzing of all components involved (from the core of chromium to things like ffmpeg)
2017-04-16 12:41:53 <ryonaloli> there's the lack of 2 MiB heaps caused by jemalloc.
2017-04-16 12:41:53 <hiro> noooooooo, it starts from 0 again.
2017-04-16 12:42:44 <hiro> 14:39 ryona i think you have too much hatred for google to actually understand what goes into writing a browser or what influences the web.
2017-04-16 12:42:44 <ryonaloli> and, of course, you can just look at how easy it is to compromise firefox compared to chromium, whether in real-life, in competitions, or through the market (either through the monetary value of 0days, or how difficult it is to get them)
2017-04-16 12:42:48 <hiro> ryonaloli: i can't hate google.
2017-04-16 12:42:53 <hiro> ryonaloli: i only hate *individuals*
2017-04-16 12:43:04 <_ikke_> funny, often it's the other way around
2017-04-16 12:43:08 <ryonaloli> hiro: i'm the other way around. i prefer to hate corporations than individuals.
2017-04-16 12:43:09 <hiro> ryonaloli: when i say i hate software i imagine actual people sitting there and writing that crap.
2017-04-16 12:43:12 <ryonaloli> _ikke_++
2017-04-16 12:43:52 <ryonaloli> even something like oracle. i despise it with every bone in my body and want burned to the ground, but i would give the ceo nothing more than a mean look.
2017-04-16 12:44:04 <_ikke_> To ben honest, I'm more pragmatic in these things
2017-04-16 12:44:06 <ryonaloli> and maybe not even that.
2017-04-16 12:44:39 <ryonaloli> hiro: i hate imlib2, but i think the author is just an idiot. i don't hate him.
2017-04-16 12:44:56 <hiro> ryonaloli: yeah, i understand defining hatred is hard.
2017-04-16 12:45:23 <hiro> ryonaloli: it's just a feeling, i can't explain it :)
2017-04-16 12:45:32 <ryonaloli> sometimes there are individuals i can strongly dislike because of their personality. i dislike both systemd (the software) and lennart and kay (the people)
2017-04-16 12:45:46 <ryonaloli> but not because they wrote systemd
2017-04-16 12:46:00 <_ikke_> I'm probably in a minority here to like systemd :-)
2017-04-16 12:46:02 <hiro> i have no problem with systemd if it was just a software as opposed to the political project it is in reality that manages to install the software on MY COMPUTER
2017-04-16 12:46:14 <ryonaloli> _ikke_: well i admit it can do good things, and if it were only an init, i'd like it!
2017-04-16 12:46:21 <hiro> it's the summated action of individuals to me
2017-04-16 12:46:23 <ryonaloli> because sysv *does* have problems, and openrc isn't for everyone.
2017-04-16 12:46:24 <hiro> they all fucked up, together.
2017-04-16 12:46:43 <ryonaloli> if only using it didn't make journald mandatory, and pull in crap like their own buggy ntpd etc.
2017-04-16 12:47:08 <ryonaloli> and their own cron and udevd ad nauseum.
2017-04-16 12:47:35 <ryonaloli> hiro: but it's the sum, still.
2017-04-16 12:47:36 <_ikke_> Most of those services are not required (I can stop them at will and use alternatives(
2017-04-16 12:47:40 <ryonaloli> each individual didn't do much.
2017-04-16 12:47:44 <ryonaloli> _ikke_: not journald
2017-04-16 12:47:52 <ryonaloli> it's one of the things i have the biggest problems with, and it's mandatory.
2017-04-16 12:48:15 <ryonaloli> not to mention, you have to configure your kernel specifically for systemd. i cannot use a lightweight custom kernel. i would have to use ugly, bloated configuration features that i otherwise would disable.
2017-04-16 12:48:31 <hiro> 14:47 ryona each individual didn't do much.
2017-04-16 12:48:35 <hiro> ryonaloli: i do admit that
2017-04-16 12:48:40 <hiro> ryonaloli: and i also complain about it a lot!
2017-04-16 12:48:52 <_ikke_> well, it's those features that make systemd what it is, isn't it?
2017-04-16 12:49:15 <_ikke_> not sure which exact feature you are talking about
2017-04-16 12:49:19 <hiro> 14:46 ryona if only using it didn't make journald mandatory, and pull in crap like their own buggy ntpd etc.
2017-04-16 12:49:21 <ryonaloli> _ikke_: nah, things like cgroups? i mean it can be useful for some people, but why should systemd segfault when it's not enabled? what if i just want to be able to not use sysv init scripts and instead use systemd as an init?
2017-04-16 12:49:25 <ryonaloli> or what about things like mqueue?
2017-04-16 12:49:26 <hiro> "if only chrome didn't pull in webgl"
2017-04-16 12:49:32 <hiro> i see an analogy here.
2017-04-16 12:49:35 <ryonaloli> or posix message queues
2017-04-16 12:50:02 <_ikke_> ryonaloli: Doesn't systemd use cgroups to track processes?
2017-04-16 12:50:03 <hiro> "I can stop them at will and use alternatives" -> I can't practically.
2017-04-16 12:50:07 <ryonaloli> hiro: if there were something analogous to chrome which did not pull in webgl, i would jump to it immediately.
2017-04-16 12:50:31 <ryonaloli> _ikke_: yes but i don't see why it would need to.
2017-04-16 12:51:14 <hiro> ryonaloli: :)
2017-04-16 12:51:29 <hiro> web browsers take *all choice*
2017-04-16 12:51:39 <ryonaloli> but i'm one of the old school guys who wants to be able to: kill -9 `cat /var/run/somedaemon.pid` if i need
2017-04-16 12:51:40 <_ikke_> ryonaloli: because it allows systemd to accurately see what process was started for a particular daemon (which other init systems often have difficulty to do)
2017-04-16 12:51:56 <hiro> you guys said that it's SUPPOSED to be a "platform"
2017-04-16 12:52:08 <ryonaloli> hiro: yeah i agree, they're too bloated
2017-04-16 12:52:25 <ryonaloli> they do too much. a race to the bottom, as i heard someone put it.
2017-04-16 12:52:29 <hiro> 14:50 _ikke ryonaloli: Doesn't systemd use cgroups to track processes?
2017-04-16 12:52:36 <hiro> i think they might be fixing that.
2017-04-16 12:52:41 <hiro> they learned from... android hahaha
2017-04-16 12:52:53 <ryonaloli> oh nice
2017-04-16 12:53:02 <hiro> but that's just one curious detail.
2017-04-16 12:53:09 <hiro> the rest is probably just as fucked as before :P
2017-04-16 12:53:24 <_ikke_> hiro: How are they fixing that? (curious)
2017-04-16 12:53:29 <hiro> _ikke_: by using users
2017-04-16 12:53:40 <hiro> _ikke_: user seperation...
2017-04-16 12:53:44 <hiro> _ikke_: no need for cgroups
2017-04-16 12:53:47 <_ikke_> ah ok
2017-04-16 12:54:03 <_ikke_> a separate uid per service?
2017-04-16 12:54:24 <ryonaloli> neato
2017-04-16 12:54:28 <hiro> that's my guess
2017-04-16 12:54:32 <hiro> i only skimmed over
2017-04-16 12:54:38 <hiro> been quite a while i've read that.
2017-04-16 12:54:40 <_ikke_> right
2017-04-16 12:54:51 <hiro> google for it :) cgroups systemd android user seperation
2017-04-16 12:55:51 <_ikke_> hiro: cannot seem to find anything related
2017-04-16 12:56:25 <hiro> perhaps it was docker and not systemd?
2017-04-16 12:56:38 <hiro> i can't find it either :(
2017-04-16 12:57:02 <_ikke_> systemd also uses cgroups to allow to set limits
2017-04-16 12:57:58 <hiro> yeah, but perhaps you could get rid of most cgroups code in the kernel by setting the limits per user and not having a seperate group abstraction for something that's completely the same anyway
2017-04-16 12:58:07 <hiro> i wish i had pointers still
2017-04-16 13:21:52 <hiro> The Android platform takes advantage of the Linux user-based protection as a means of identifying and isolating application resources. The Android system assigns a unique user ID (UID) to each Android application and runs it as that user in a separate process. This approach is different from other operating systems (including the traditional Linux configuration), where multiple applications run with
2017-04-16 13:21:52 <hiro> the same user permissions.
2017-04-16 13:21:57 <hiro> from https://source.android.com/security/overview/kernel-security
2017-04-16 13:32:40 <_ikke_> Right, that I already knew
2017-04-16 13:37:35 <Shiz> sp many words
2017-04-16 13:37:47 <Shiz> yet for the part i cared to read, ryonaloli was more right
2017-04-16 13:39:58 <hiro> sorry, i didn't add a single useful, new information during all this talk. i feel like it was all a complete failure oO
2017-04-16 13:40:26 <hiro> mainly just repetition, confusion and misunderstanding
2017-04-16 13:40:38 <hiro> nobody learned anything news
2017-04-16 13:40:39 <hiro> *new
2017-04-16 13:42:43 <_ikke_> hiro: I still found it an interesting discussion
2017-04-16 13:43:03 <hiro> that's a relief then :)
2017-04-16 15:44:19 <atomi> happy easter lol
2017-04-16 16:19:44 <kallenp> Hi all. Please, what's I'm doing wrong ? I'm need install motion on Alpine Linux
2017-04-16 16:20:01 <kallenp> alpine:~# apk update
2017-04-16 16:20:01 <kallenp> fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/main/armhf/APKINDEX.tar.gz
2017-04-16 16:20:01 <kallenp> 3.5.2 [/media/mmcblk0p1/apks]
2017-04-16 16:20:01 <kallenp> v3.5.2-45-g70721263c1 [http://dl-cdn.alpinelinux.org/alpine/v3.5/main]
2017-04-16 16:20:01 <kallenp> OK: 5597 distinct packages available
2017-04-16 16:20:02 <kallenp> alpine:~# apk upgrade
2017-04-16 16:20:02 <kallenp> OK: 17 MiB in 34 packages
2017-04-16 16:20:03 <kallenp> alpine:~# apk add motion
2017-04-16 16:20:03 <kallenp> ERROR: unsatisfiable constraints:
2017-04-16 16:20:04 <kallenp>   motion (missing):
2017-04-16 16:20:04 <kallenp>     required by: world[motion]
2017-04-16 16:20:05 <kallenp> alpine:~#
2017-04-16 16:25:17 <luxio> kallenp: use a pastebin next time please
2017-04-16 16:27:06 <kallenp> luxio: I'm sorry. I'm "novice" in IRC. What's it pastebin ?
2017-04-16 16:28:36 <kallenp> luxio: OK, I found it on google. Sorry again...
2017-04-16 16:31:20 <kallenp> 	1	alpine:~# apk update
2017-04-16 16:31:20 <kallenp> 	2	fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/main/armhf/APKINDEX.tar.gz
2017-04-16 16:31:21 <kallenp> 	3	3.5.2 [/media/mmcblk0p1/apks]
2017-04-16 16:31:21 <kallenp> 	4	v3.5.2-45-g70721263c1 [http://dl-cdn.alpinelinux.org/alpine/v3.5/main]
2017-04-16 16:31:21 <kallenp> 	5	OK: 5597 distinct packages available
2017-04-16 16:31:21 <kallenp> 	6	 
2017-04-16 16:31:21 <kallenp> 	7	alpine:~# apk upgrade
2017-04-16 16:31:22 <kallenp> 	8	OK: 17 MiB in 34 packages
2017-04-16 16:31:22 <kallenp> 	9	 
2017-04-16 16:31:23 <kallenp> 	10	alpine:~# apk add motion
2017-04-16 16:31:23 <kallenp> 	11	ERROR: unsatisfiable constraints:
2017-04-16 16:31:24 <kallenp> 	12	  motion (missing):
2017-04-16 16:31:24 <kallenp> 	13	    required by: world[motion]
2017-04-16 16:31:25 <kallenp> 	14	alpine:~#
2017-04-16 16:32:51 <pickfire> kallenp: curl ix.io
2017-04-16 16:33:01 <pickfire> Please don't flood the irc channel.
2017-04-16 16:34:11 <pickfire> kallenp: That error happens probably because motion is not in the package index.
2017-04-16 16:34:54 <pickfire> I think it is in the repo community instead of main.
2017-04-16 16:35:56 <kallenp> OK and thanks for your answer. I am need stream video from my USB webcamera to web. I found "motion".
2017-04-16 16:39:50 <kallenp> motion is in testing repo, thanks
2017-04-16 18:57:20 <shodan45> Any recommendations for web based kvm admin front-end?
2017-04-16 18:58:11 <shodan45> Or any virtualization tech, really
2017-04-16 18:58:40 <shodan45> libvirt stuff
2017-04-16 19:07:37 <emacsomancer> any tips for installing alpine w/ a zfs root?
2017-04-16 19:11:41 <dirac1> If i want to recover my system from a full system backup, what i have to do?
2017-04-16 19:20:01 <_ikke_> how was this backup created?
2017-04-16 20:24:59 <kjsaihs> how can i allow non local bind on Alpine linux?
2017-04-16 20:30:52 <kjsaihs> fixed - forgot to reload
2017-04-16 21:44:46 <d0t> hi. I can't start openntpd on alpine because of the following: /usr/sbin/ntpd: unrecognized option: N
2017-04-16 21:44:56 <d0t> there's an error in the init script
2017-04-16 22:01:14 <Shiz> d0t: this doesn't seem to be set by the init script
2017-04-16 22:01:43 <Shiz> you sure you don't set NTPD_OPTS= to anything containing -N in /etc/conf.d/openntpd ?
2017-04-16 22:02:55 <d0t> Shiz: nope, it's a fresh install
2017-04-16 22:03:18 <d0t> rpi image
2017-04-16 22:03:52 <d0t> i haven't done anything other than run apk add openntpd and setup-ntp
2017-04-16 22:04:04 <Shiz> d0t: right
2017-04-16 22:04:16 <Shiz> you should use # service openntpd start, not # service ntpd start
2017-04-16 22:04:27 <Shiz> (or /etc/init.d/openntpd vs /etc/init.d/ntpd)
2017-04-16 22:04:40 <d0t> oh
2017-04-16 22:04:41 <d0t> thanks
2017-04-16 22:04:51 <d0t> i thought those were the same
2017-04-16 22:04:56 <Shiz> ntpd is busybox ntpd :)
2017-04-16 22:05:09 <d0t> alright then
2017-04-17 04:04:02 <babs__> how do I install man on alpine>
2017-04-17 04:04:03 <babs__> ?
2017-04-17 04:07:23 <babs__> nvm it was apk add mdocml-apropos
2017-04-17 04:13:05 <Shiz> or just # apk add man
2017-04-17 04:13:44 <babs__> ?
2017-04-17 04:13:49 <babs__> well then
2017-04-17 04:14:23 <Shiz> :P
2017-04-17 04:14:57 <babs__> @Shiz Im trying to install ircservices but their site is down
2017-04-17 04:15:06 <babs__> and I didnt find any good docs on it
2017-04-17 04:15:06 <Xe> babs__: don't
2017-04-17 04:15:10 <babs__> oh
2017-04-17 04:15:12 <Xe> it's so out of date
2017-04-17 04:15:16 <babs__> k then
2017-04-17 04:15:19 <Shiz> "Services for IRC Networks (also known as Services, IRC Services, or ircservices) is no longer being developed"
2017-04-17 04:15:23 <Shiz> yeah i uhm
2017-04-17 04:15:26 <Xe> it's like giving yourself a few billion secholes at once
2017-04-17 04:15:26 <Shiz> wouldn't go for that
2017-04-17 04:15:29 <babs__> what would be better?
2017-04-17 04:15:54 <Shiz> whatver the latest relevant fork of atheme is, probably
2017-04-17 04:16:05 <Xe> as someone who has been in the IRC space for way too long, use an IRC server someone else set up
2017-04-17 04:16:15 <Xe> it's just too much complexity
2017-04-17 04:16:27 <Xe> it's stupid that it has to be that complicated, but it is
2017-04-17 04:16:27 <babs__> well im using it for a specific purpose
2017-04-17 04:16:35 <Shiz> oh did atheme un-die
2017-04-17 04:16:45 <Xe> Shiz: i have no idea anymore
2017-04-17 04:17:11 <babs__> http://atheme.net/atheme.html
2017-04-17 04:17:18 <Shiz> my recommendation for an irc setup is the same then as it was years ago
2017-04-17 04:17:29 <Xe> if atheme isn't dead, go atheme and something simple like ngircd
2017-04-17 04:17:30 <Shiz> whatever relevant fork of charybdis that has +h/+a/+q for ircd
2017-04-17 04:17:35 <Shiz> and atheme for services
2017-04-17 04:17:53 <babs__> im using ngircd, does that matter?
2017-04-17 04:18:05 <Xe> ngircd has the least pain in setting up
2017-04-17 04:18:13 <Xe> the other options aren't worth the hassle
2017-04-17 04:18:17 <babs__> lol k
2017-04-17 04:18:24 <babs__> took me days to figure out how to set it up
2017-04-17 04:18:35 <babs__> stupid "bad password" error
2017-04-17 04:18:46 <babs__> xd
2017-04-17 04:19:08 <babs__> https://github.com/atheme/atheme
2017-04-17 04:19:13 <babs__> last commit an hour ago
2017-04-17 04:19:17 <babs__> @Xe @Shiz
2017-04-17 04:19:21 <Shiz> yes i saw
2017-04-17 04:19:26 <Xe> my name is Xe
2017-04-17 04:19:28 <Xe> not @Xe
2017-04-17 04:19:39 <Xe> this is IRC, not slack or twitter
2017-04-17 04:19:53 <babs__> I just do @ cuz it makes sense visually
2017-04-17 04:20:04 <Xe> es
2017-04-17 04:20:06 <Xe> yes*
2017-04-17 04:20:16 <Xe> but if you say just "Xe" it pings me
2017-04-17 04:20:26 <babs__> ah
2017-04-17 04:20:39 <babs__> @ Xe then XD
2017-04-17 08:36:30 <LangeOortjes> Is there a way to boot Linux with a serial console from the ISOLINUX boot prompt?
2017-04-17 08:36:35 <LangeOortjes> Alpine Linux rather
2017-04-17 09:15:19 <clandmeter> Lang
2017-04-17 09:15:34 <clandmeter> Langeoortjes, yes
2017-04-17 09:16:21 <clandmeter> Check out wiki
2017-04-17 09:16:45 <clandmeter> Our... Mobile keyboard
2017-04-17 09:59:37 <LangeOortjes> clandmeter: Thanks. I realise I should have been more precise. I am trying to do a headless install using a serial console. And I get to the ISOLINUX boot: prompt, but then I struggle to figure out how to pass additional parameters to the kernel
2017-04-17 10:09:13 <ekarlso> yo
2017-04-17 10:09:25 <ekarlso> /usr/include/fortify/stdlib.h: In function 'realpath':
2017-04-17 10:09:27 <ekarlso> /usr/include/fortify/stdlib.h:42:2: error: #error PATH_MAX unset. A fortified realpath will not work.
2017-04-17 10:12:48 <ekarlso> how do I get that fixed if anyone knows ?
2017-04-17 11:33:11 <ncopa> ekarlso: according google, the PATH_MAX is from <limits.h>
2017-04-17 11:33:21 <ncopa> so you need to make sure you #include <limits.h>
2017-04-17 11:36:15 <ekarlso> ncopa: well the same build order works fine in x86_64
2017-04-17 11:38:27 <ekarlso> ncopa: so what can be wrong ?
2017-04-17 12:26:34 <ncopa> ekarlso: check that the source actually includes <limits.h>
2017-04-17 12:26:39 <ncopa> if it doesnt, its a bug
2017-04-17 12:26:56 <ncopa> if it wrks without include <limits.h> then that is by luck
2017-04-17 12:27:05 <ncopa> and  you cannot guarantee that it will work on all archs
2017-04-17 13:13:22 <LangeOortjes> turns out you can enable a serial console on the ISOLINUX prompt by specifying /boot/kernel initrd=/boot/initramfs console=ttyS0,115200 followed by the other options specified in /boot/syslinux/syslinux.cfg
2017-04-17 13:23:40 <Shiz> right
2017-04-17 15:23:14 <nszceta> I find that the standard edition of alpine works with my virtualbox networking setup but the virt edition does not. How do I add the kernel modules missing in virt to bring my virt install to at least standard
2017-04-17 15:29:27 <Death_Syn> does virtualbox not present virtio drivers?
2017-04-17 15:29:35 <Death_Syn> s/drivers/devices/?
2017-04-17 15:30:17 <Shiz> no
2017-04-17 15:30:48 <nszceta> for some reason i can get virtualbox networking to work fine on virtualbox on my mac and it fails for my coworker on windows 32 bit
2017-04-17 15:30:59 <nszceta> of course I am running the 32 bit edition of alpine
2017-04-17 15:31:20 <Shiz> maybe they use different NICs on different platforms by default
2017-04-17 15:31:24 <Shiz> have you checked that?
2017-04-17 15:31:45 <nszceta> i'll check that. when i copy and paste the virtual machine to his machine his doesn't have functional networking.
2017-04-17 15:31:58 <Shiz> yeah, seems like a different default NIC then
2017-04-17 15:31:59 <nszceta> i'll have to get back to you on that because of a time zone difference :P
2017-04-17 15:32:06 <Shiz> caused by different platforms/vbox versions, possibly
2017-04-17 15:32:22 <nszceta> same version of virtualbox. i'll look into the nic.
2017-04-17 15:34:35 <nszceta> just to verify you are referring to this setting: Intel PRO/1000 MT Desktop (82540EM) ?
2017-04-17 15:35:41 <nszceta> i'm going to try and boot several times each time with a different NIC to see if i can induce breakage if it is indeed a NIC problem. or maybe there is something else going on
2017-04-17 15:35:54 <Shiz> yeap, that's the one
2017-04-17 15:36:32 <nszceta> gah i'm so dumb. should have run with the virtio networking driver from the get go but i forgot it existed as an option haha
2017-04-17 15:37:03 <nszceta> anyway, fingers crossed and thanks for the suggestions. hopefully in a few hours i will know whether this suggestion worked :) but this approach seems sound
2017-04-17 15:37:21 <Shiz> :P
2017-04-17 15:37:48 <Shiz> imo the virt configuration could do with some tiny added =y's for common emulated hardware
2017-04-17 15:38:55 <ekarlso> ncopa: https://pastebin.com/xqQgBsit
2017-04-17 15:39:24 <ekarlso> is the error message I have checked the file ./src/core/lib/tsi/transport_security_interface.h and it's missing there but present in the rest of the mentioned in the trace
2017-04-17 18:34:57 <shodan45> is there a good kvm/qemu/libvirt web frontend for alpine?
2017-04-17 20:11:08 <nszceta> shodan45 have you tried https://www.ovirt.org/
2017-04-17 20:11:32 <nszceta> there are a few interesting projects in https://www.google.com/search?q=kvm+web+interface
2017-04-17 20:28:59 <shodan45> nszceta: is there an apk for it? I was hoping for something "supported" by alpine.
2017-04-17 20:29:35 <nszceta> ah :(
2017-04-17 20:30:50 <shodan45> maybe I could use virt-manager or something, with a magical x11-to-web "thing"
2017-04-17 20:33:56 <nszceta> hm
2017-04-17 20:50:35 <shodan45> actually..... that's plausible since webassembly
2017-04-17 20:53:25 <nszceta> i can't wait for a webassembly VM backend
2017-04-17 20:53:43 <nszceta> linux on kvm on webassembly on chrome on linux
2017-04-17 20:53:51 <nszceta> how deep does the rabbit hole go
2017-04-17 21:00:35 <scv> there's already an x86.js or w/e
2017-04-17 21:21:00 <avih> <nszceta> how deep does the rabbit hole go <-- infinitely deep. as long as you keep digging!
2017-04-17 21:28:17 <chamunks> Does Alpine have anything like AppArmor?
2017-04-17 21:30:13 <Shiz> there's the grsec RBAC
2017-04-17 21:30:41 <Shiz> https://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System
2017-04-17 21:32:42 <chamunks> Shiz is it reasonably easy to profile apps with this?
2017-04-17 22:16:27 <max_trouble> hi how can i start php7-fpm?
2017-04-17 22:16:41 <max_trouble> rc-service php7-fpm start
2017-04-17 22:16:46 <max_trouble> returns the error:
2017-04-17 22:17:04 <max_trouble> * rc-service: service `php7-fpm' does not exist
2017-04-17 22:17:04 <max_trouble>  * rc-service: service `php7-fpm' does not exist
2017-04-17 22:17:05 <max_trouble>  * rc-service: service `php7-fpm' does not exist
2017-04-17 22:21:09 <max_trouble> ?
2017-04-17 23:55:43 <terra> Guys, how can I set timeout for /etc/init.d/networking service? It hangs the system during boot if modem/router goes offline.
2017-04-17 23:56:41 <Shiz> you mean for dhcp?
2017-04-17 23:56:50 <terra> of course
2017-04-17 23:57:13 <Shiz> depends on the dhcp client youve got installed
2017-04-17 23:57:54 <terra> udhcpc of busybox
2017-04-17 23:58:32 <Shiz> udhcpc_opts -T <new timeout>
2017-04-17 23:58:37 <Shiz> in /etc/network/interfaces
2017-04-17 23:58:43 <Shiz> below the relevant interface
2017-04-17 23:58:58 <Shiz> i think
2017-04-17 23:59:00 <Shiz> lemme doublecheck
2017-04-17 23:59:34 <Shiz> yeah that should be the one
2017-04-18 00:00:10 <terra> auto wlan0 \n udhcpc_opts -T 10
2017-04-18 00:00:19 <terra> right?
2017-04-18 00:00:34 <Shiz> below the iface wlan0 stanza, i think
2017-04-18 00:02:19 <terra> Shiz: Ok I just set it but I will test it on next reboot. Thanks.
2017-04-18 02:22:08 <hendry> don't quite get logging with supervisord, my logger commands don't appear in the log afaict
2017-04-18 06:26:02 <chamunks> Shiz do you have a possible link to RBAC docs for Alpine because the only thing I can find is some closed source company grsecurity
2017-04-18 06:56:23 <ScrumpyJack> morning climbers
2017-04-18 06:57:19 <TBB> unfortunately that's the only documentation you get for the RBAC
2017-04-18 06:57:57 <ryonaloli> go to the wikibooks website
2017-04-18 06:58:06 <ryonaloli> and grsecurity is not a closed source company
2017-04-18 06:58:15 <ryonaloli> though the stable patches are private
2017-04-18 07:37:56 <iron_houzi> How can I automate installation step for setting root password, or skipping it all together? The answer file doesn't seem to allow for this..
2017-04-18 08:27:15 <TBB> passwd can take input from stdin, so you can pipe the root password to it
2017-04-18 08:40:28 <iron_houzi> TBB: THanks!
2017-04-18 16:31:20 <mmlb> My aports PR bringing ipmitool into testing was merged 4 days ago. When can I expect to see it in mirrors? I'm checking http://dl-cdn.alpinelinux.org/alpine/edge/testing/ and do not see anything
2017-04-18 16:31:47 <mmlb> Is there a public page with official builder status ala fedora/debian somewhere?
2017-04-18 16:54:46 <clandmeter> mmlb, i used it today
2017-04-18 16:55:12 <mmlb> hmmm
2017-04-18 16:56:31 <mmlb> clandmeter: what repo/mirror do you use?
2017-04-18 17:03:48 <mmlb> now I'm confused... navigating from dl-cdn.alpinelin.org -> alpine -> edge -> testing -> x86_64 keeps the url as dl-cdn... and chrome does not find ipmitool, but if I go to http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64 directly it goes to dl-4. and ipmitool is there.
2017-04-18 17:04:01 <mmlb> oh well, chrome being weird/caching I guess
2017-04-18 17:20:52 <clandmeter> mmlb check pkgs.a.o
2017-04-18 17:23:08 <mmlb> clandmeter: ty
2017-04-18 17:28:31 <clandmeter> Strange
2017-04-18 17:28:51 <clandmeter> It should not redirect
2017-04-18 17:29:13 <clandmeter> Ncopa, since when does cdn redirect?
2017-04-18 17:45:36 <mmlb> hmm looks like a corner case in proxy config file
2017-04-18 17:45:49 <mmlb> if I hit a url with trailing `/` no redirect
2017-04-18 17:45:56 <mmlb> without `/` redirect
2017-04-18 17:46:40 <mmlb>  http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64 -> redirects,  http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/ no redirects
2017-04-18 17:47:17 <mmlb> and it looks like  http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/ (no redirect) is not in sync? I can't find `ipmitool` there, but I can in `dl-4` when I get redirected
2017-04-18 17:47:22 <mmlb> clandmeter: ^
2017-04-18 18:15:32 <clandmeter> mmlb, don't look at it, just used it then it works.
2017-04-18 18:16:14 <mmlb> yeah I should have just tried installing it instead of watching 1 mirror
2017-04-18 18:44:46 <ncopa> clandmeter: i didnt know it redirects
2017-04-19 04:58:59 <luxio> Is there a pinta package?
2017-04-19 05:00:44 <_ikke_> luxio: https://pkgs.alpinelinux.org/packages?name=pinta&branch=&repo=&arch=&maintainer=
2017-04-19 10:01:40 <nindustries> Hi, so linuxkit is built on alpine?
2017-04-19 10:14:35 <Shiz> from not knowing what linuxkit was until 2 minutes ago, looks like it
2017-04-19 10:21:35 <ncopa> nindustries sort of yes
2017-04-19 10:21:48 <ncopa> userpsace bits
2017-04-19 10:23:37 <Shiz> kinda disappointed they use a vanilla kernel
2017-04-19 10:29:45 <_ikke_> Does it matter for a container image?
2017-04-19 10:30:18 <Shiz> as far as i can see this is to host containers
2017-04-19 10:30:52 <nindustries> Shiz: what could they have changed in the kernel?
2017-04-19 10:30:59 <Shiz> https://grsecurity.net
2017-04-19 10:31:00 <_ikke_> Shiz: host containers?
2017-04-19 10:31:03 <Shiz> _ikke_: yes
2017-04-19 10:31:06 <Shiz> as in, run them
2017-04-19 10:31:08 <Shiz> not be ran in them
2017-04-19 10:31:18 <_ikke_> Right, host os
2017-04-19 10:31:39 <_ikke_> Shiz: my grammar parser failed me on that sentence
2017-04-19 11:03:57 <tuxlof> so speaking of Docker containers running 1 process, is Alpine's image considered more hardened then let's say, Debian's
2017-04-19 11:08:04 <Sandlayth> what do you mean by "hardened"?
2017-04-19 11:09:00 <Sandlayth> it's just a way uncluttured
2017-04-19 11:13:55 <avih> also alpine apps are compiled with some herdening compiler options by default.
2017-04-19 11:14:38 <avih> and the hardened includes thingy
2017-04-19 12:24:16 <ScrumpyJack> any docker users about?
2017-04-19 12:25:35 <Sandlayth> docker on alpine or alpine on docker?
2017-04-19 12:27:34 <ScrumpyJack> docker in general. i've never used it. wondering about networking. it seems like it creates a bridge then attached veths to it?
2017-04-19 12:29:38 <Sandlayth> you've #docker ^^
2017-04-19 12:30:04 <ScrumpyJack> yeah, i suppose so
2017-04-19 12:37:50 <kpcyrd> the rust package was updated \o/ awesome
2017-04-19 19:00:20 <Nobabs27> how do I restart networking?
2017-04-19 19:01:39 <TBB> service networking restart
2017-04-19 19:01:44 <Nobabs27> never mind fig-
2017-04-19 19:01:46 <Nobabs27> ye
2017-04-19 19:01:57 <Nobabs27> I was using rc-status by mistake lol
2017-04-19 19:28:38 <avih> is it possible to keep a copy of the compress downloaded packages which get installed with apk?
2017-04-19 19:28:56 <avih> compressed*
2017-04-19 19:33:55 <consus> Am I the only one who cannot clone any repos hosted on git.alpinelinux.org? I've tried several different ISP (even VPN) with no luck =/
2017-04-19 19:35:16 <avih> consus: i don't recall if i tried g.a.o but there's a github mirror https://github.com/alpinelinux/aports/
2017-04-19 19:35:36 <consus> Github works okay
2017-04-19 19:35:52 <consus> It's g.a.o
2017-04-19 19:36:00 <avih> let me try. sec
2017-04-19 19:38:10 <avih> consus: http:// didn't work for me just now, but this worked: git clone git://git.alpinelinux.org/aports
2017-04-19 19:38:21 <consus> Hmmm
2017-04-19 19:38:51 <consus> Weird
2017-04-19 19:39:18 <avih> (or maybe http was slow, but i aborted after ~20s without any messages. but git:// worked right away)
2017-04-19 19:39:28 <consus> Nah
2017-04-19 19:39:34 <consus> I've tried for several hour
2017-04-19 19:39:36 <consus> *hours
2017-04-19 19:39:40 <consus> Still no progres
2017-04-19 19:39:44 <avih> and git:// ?
2017-04-19 19:40:05 <consus> git:// is fine
2017-04-19 19:40:36 <avih> maybe cgit is misconfigured. maybe https would work.
2017-04-19 19:41:12 <consus> https does not work
2017-04-19 19:41:17 <consus> http redirects me to it
2017-04-19 19:41:44 <avih> could be an issue then. good thing git:// works ;)
2017-04-19 19:49:37 <luxio> is alpine good as a desktop os?
2017-04-19 19:52:00 <TBB> depends entirely on what's good for you
2017-04-19 19:52:09 <TBB> if your answer is Ubuntu, probably not
2017-04-19 21:29:10 <kpcyrd> git:// is pretty scary. you should only use ssh:// or https://
2017-04-19 22:48:01 <avih> sure. but on this case neither of those worked, while git did
2017-04-19 22:50:01 <dirac1> Alpine is dead?
2017-04-19 22:51:12 <Shiz> ?
2017-04-19 22:52:04 <clandmeter> The email client?
2017-04-19 23:10:24 <darkfader> dirac1: thanks for your contribution to our conversation
2017-04-20 00:40:10 <transhuman> whats the alpine equivalent of apachectl?
2017-04-20 00:40:20 <transhuman> I would like to forground apache
2017-04-20 00:41:51 <Shiz> apachectl
2017-04-20 00:41:53 <Shiz> it's in apache2-utils
2017-04-20 00:41:58 <Shiz> http://pkgs.alpinelinux.org/contents?file=apachectl&path=&name=&branch=&repo=&arch=
2017-04-20 00:42:03 <Shiz> your best friend, content search, still
2017-04-20 00:45:23 <transhuman> thanks
2017-04-20 14:15:30 <darkfader> i just learned about CONFIG_PSTORE in another chan, does one of you use that?
2017-04-20 14:15:33 <darkfader> in alpine
2017-04-20 14:16:26 <Shiz> its enabled in the alpine kernel
2017-04-20 14:20:14 <darkfader> that's a good starting point :>
2017-04-20 15:24:27 <tw> If I install libressl2.5 from edge, will it break my 3.5 install? I get an unsatisfied dependency error trying to upgrade an edge package that I'm trying to sort out. https://paste.debian.net/928558/
2017-04-20 16:14:59 <BitL0G1c> tw - the only problem I've had with libressl is fixed with https://github.com/alpinelinux/aports/pull/1277 - you need to pin the edge repo & 'apk add libressl@edge'
2017-04-20 16:18:03 <BitL0G1c> tw - you may have an /etc/ssl/certs directory that's no longer used (ca-certificates now uses /usr/share) - you just need the symlink for curl as shown in the PR
2017-04-20 17:02:42 <tw> BitL0G1c: okay, thank you. It sounds like they are slotted differently so that should work ~indefinitely.
2017-04-20 17:06:52 <BitL0G1c> tw - I also use libressl in a chroot without any problems - ca-certificates is not really required any more
2017-04-20 17:08:32 <tw> I pull my ca-certs from cfengine.
2017-04-20 17:08:43 <tw> So it's not going to affect me.
2017-04-20 17:08:53 <BitL0G1c> libressl on it's own is enough for phpmailer to work (php 5.6 validates certs now)
2017-04-20 17:09:10 <ScrumpyJack> anyone running AL on a macbook? what xorg drivers and kernel modules needed?
2017-04-20 17:21:42 <ScrumpyJack>  NVIDIA GeForce 9400M
2017-04-20 17:21:48 <ScrumpyJack> so nouveau then
2017-04-20 18:08:35 <ironzorg> Hi, I've looked at the APKG for chromium and mpv, and they don't support pulseaudio, what's the reason for that and will it change if I create an issue on the tracker?
2017-04-20 18:29:57 <yMGJRgi997ZH> i have no authority on alpine, but pulseaudio is something that should be used less rather than more. any of the alternatives are better than pa
2017-04-20 18:38:41 <darkfader> i would prefer for no pulseaudio eithe
2017-04-20 18:38:43 <darkfader> +r
2017-04-20 18:39:03 <darkfader> i mean, yeah, audio is quite nice. bad alsa should do
2017-04-20 18:39:07 <darkfader> *but
2017-04-20 18:39:12 <darkfader> sorry, too much other work
2017-04-20 18:39:18 <darkfader> but please no PA
2017-04-20 18:43:59 <ironzorg> that's great but in a docker container setting up alsa isn't an option
2017-04-20 18:58:22 <yMGJRgi997ZH> try jackd then.
2017-04-20 18:58:34 <yMGJRgi997ZH> jackd is superior in all aspects
2017-04-20 19:00:18 <yMGJRgi997ZH> may i ask why put chrom* mpv into a docker container?
2017-04-20 19:03:34 <darkfader> why a container?
2017-04-20 19:03:48 <darkfader> don't see anything about docker in that
2017-04-20 19:18:42 <ScrumpyJack> do we know what happened to gnome-themes-standard, if anything?
2017-04-20 19:54:58 <stevenroose> Hmm, for some reason the Alpine box that I made does not show up in my nmap
2017-04-20 19:55:23 <stevenroose> I don't have a monitor though, so I cannot attach to it except for ssh
2017-04-20 19:55:41 <stevenroose> I did a fresh install using a monitor and now hooked it up to the network at home
2017-04-20 21:15:48 <avih> dalias: ping. where should __builtin_va_list be implemented/defined? someone pushed a musl support patch to tcc. he stated on the mailing list that he's testing on alpine and that using tcc as lib (i think) doesn't yet work well. i built it successfully and confirm the failed tests. however, when i tried to build another project with it (st), it fails with those missing definitions of __builtin_va_list . any idea?
2017-04-20 21:16:53 <avih> that's the patch fwiw http://repo.or.cz/tinycc.git/commitdiff/0ac29b53
2017-04-20 21:17:40 <avih> (it seems that with the grsec kernel there are more issues, though the basic hello world test does pass, but everything else fails)
2017-04-20 21:18:52 <avih> maybe they should be with different names?
2017-04-20 21:30:03 <ekarlso> hey guys
2017-04-20 21:30:17 <ekarlso> if I build a package from git why do I need to set the version then ?
2017-04-20 21:30:21 <ekarlso> there's no version tagged atm
2017-04-20 21:49:11 <dalias> avih, it needs to be a compiler intrinsic
2017-04-20 21:49:30 <dalias> if the compiler has some other way of making it work, you can #define it with -D on the command line to use that other way
2017-04-20 21:50:27 <avih> dalias: it _seems_ to be implemented in tcc, but doesn't seem to work. so basically it shouldn't care which libs is used when implementing it?
2017-04-20 21:50:40 <avih> libc*
2017-04-20 21:51:04 <dalias> it has nothing to do with libc; it's purely a compiler thing
2017-04-20 21:51:19 <avih> i see. l, thx.
2017-04-20 21:51:27 <avih> ok*
2017-04-20 22:58:21 <luxio> I'm trying to run Minecraft with `java -jar Minecraft.jar`, however I'm getting this error? https://ghostbin.com/paste/c3d4x
2017-04-20 22:58:30 <luxio> Is it a problem with the Java package? X?
2017-04-20 23:07:48 <TBB> symbol not found... sounds like a mixture of stable and edge packages
2017-04-20 23:08:27 <TBB> either that or some deeper problem that would require further investigation
2017-04-20 23:08:44 <luxio> TBB: This is my /etc/apt/repositories: http://termbin.com/3pnp
2017-04-20 23:08:48 <Shiz> ekarlso: what do you mean by 'set version'
2017-04-20 23:09:55 <TBB> luxio, interesting, so you're on edge only. did you also do your entire install with edge only?
2017-04-20 23:10:24 <luxio> TBB: No. Should I apk upgrade?
2017-04-20 23:12:17 <TBB> possibly, because that error is usually caused by a package and the libray it is using being "out of sync", for example by having a package from stable and a library from edge or vice versa
2017-04-20 23:13:05 <TBB> but don't take my word for this; I'm keeping my systems as strictly stable as possible so I'm not sure if going all edge will break something
2017-04-21 00:03:19 <luxio> TBB: yeah it broke modesetting and didn't fix
2017-04-21 00:03:22 <luxio> do i need to reinstall
2017-04-21 00:13:44 <avih> luxio: try apk upgrade -U -a
2017-04-21 00:14:09 <luxio> avih: what do those flags do?
2017-04-21 00:14:27 <luxio> avih: also it just did 3 "fetch" and then "OK"
2017-04-21 00:14:33 <luxio> doesn't look like it updated anything
2017-04-21 00:14:53 <avih> not sure, but i was recommended to use them to make sure it upgrades "better".
2017-04-21 00:15:22 <chatter29> hey guys
2017-04-21 00:15:24 <chatter29> allah is doing
2017-04-21 00:15:29 <avih> (as far as i can tell there's man entry for apk...)
2017-04-21 00:15:29 <chatter29> sun is not doing allah is doing
2017-04-21 00:15:31 <chatter29> to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger
2017-04-21 00:15:46 <Shiz> every day
2017-04-21 00:15:48 <Shiz> until you like it
2017-04-21 00:15:50 <avih> :)
2017-04-21 00:15:57 <TemptorSent> Who's got the K-line?!
2017-04-21 00:19:25 <Shiz> -U to apk updates the cache from the repositories
2017-04-21 00:19:56 <Shiz> -a to apk upgrade upgrades versioned dependencies too
2017-04-21 00:21:40 <avih> so basically "better" :p
2017-04-21 00:23:21 <avih> Shiz: i think it wouldn't hurt to have a man entry for apk... (assuming there isn't and it's not just me not finding it)
2017-04-21 00:23:42 <Shiz> wel, apk --help and apk upgrade --help gave me all that info :P
2017-04-21 00:24:19 <avih> hmm.. i used --help, but not upgrade --help. iirc i tried --help upgrade
2017-04-21 00:25:21 <avih> yeah, upgrade --help is more than i found so far. thanks :)
2017-04-21 00:37:20 <luxio> so how do I fix whatever I just broke?
2017-04-21 00:37:22 <luxio> is that possible
2017-04-21 03:05:38 <chatter29> hey guys
2017-04-21 03:05:47 <TemptorSent> Get rid if it now!
2017-04-21 03:11:56 <ryonaloli> < Shiz> every day < Shiz> until you like it <- allahfish when
2017-04-21 03:30:06 <TemptorSent> xentec: It's going to get a big chunk of crap cut out of it as soon as I finish the new kernel/initfs handling and scrub the old code.
2017-04-21 03:30:38 <xentec> good to know. wrong channel btw ;)
2017-04-21 07:20:05 <ScrumpyJack> o/
2017-04-21 07:27:59 <ScrumpyJack> anyone running nextcloud with onlyoffice (docker) on AL? (http://helpcenter.onlyoffice.com/server/docker/document/docker-installation.aspx)
2017-04-21 08:42:05 <consus> Does anyone have an APKBUILD for schroot?
2017-04-21 14:55:13 <sigtrm> Hey!
2017-04-21 14:55:33 <sigtrm> Anyone here set up Alpine on a Raspberry Pi 2?
2017-04-21 14:58:55 <sigtrm> I have tried every version almost from version 3.2.0 and I can't get further than either the rainbow screen or a black screen or just no signal on my screen
2017-04-21 14:59:20 <sigtrm> I have followed both the bug report fix and just the normal install on the wiki and nothing has worked. Any advice?
2017-04-21 15:48:22 <clandmeter> sigtrm, I dont have a rpi2 on hand but it should be similar like rpi3
2017-04-21 15:48:47 <clandmeter> sigtrm, which tarball did you use?
2017-04-21 18:48:10 <ragechin_> Is -linux or -devel the best place to ask regarding creating custom packages?
2017-04-21 18:51:45 <_ikke_> -devel
2017-04-21 18:54:56 <ragechin_> Thanks
2017-04-21 19:47:35 <luxio> Is there a way to undo something I did on apk? I did `apk upgrade -U -a`, and it messed up my system, I don't think modesetting is working anymore because my screen is at a low resolution
2017-04-21 19:47:39 <luxio> Also it deleted my xfce background
2017-04-21 19:49:55 <luxio> wait brb
2017-04-21 19:57:38 <luxio> Nevermind, fixed it. Apparently running `apk upgrade` adds `nomodeset` to kernel options
2017-04-21 19:57:58 <Shiz> huuh
2017-04-21 19:58:05 <Shiz> that sounds like maybe a mkinitfs thing
2017-04-21 19:58:11 <Shiz> or update-extlinux rather
2017-04-21 19:58:24 <Shiz> luxio: # grep -rF nomodeset /etc/update-extlinux.conf
2017-04-21 19:58:26 <Shiz> default_kernel_opts="nomodeset quiet"
2017-04-21 19:58:28 <Shiz> might wanna change that part :)
2017-04-21 19:58:45 <luxio> Shiz: ah, gotcha
2017-04-21 19:58:50 <dalias> uhg, why would they add that?
2017-04-21 19:58:51 <luxio> thanks
2017-04-21 19:59:02 <Shiz> if you change params in /boot/extlinux.conf manually, they'll get overwritten by update-extlinux whenever the kernel is updated
2017-04-21 19:59:06 <Shiz> probably what happened to you
2017-04-21 19:59:11 <luxio> TBB: by the way, i'm still getting that error when trying to run the .jar file
2017-04-21 19:59:16 <Shiz> :(
2017-04-21 19:59:39 <luxio> dalias: can that be changed?
2017-04-21 19:59:46 <dalias> i don't see it on my system
2017-04-21 19:59:59 <dalias> wonder who/what added it...
2017-04-21 20:00:04 <luxio> TBB: this https://ghostbin.com/paste/c3d4x
2017-04-21 20:00:18 <Shiz> it sounds like something that my be solved with the lazy loading
2017-04-21 20:00:20 <Shiz> emulation
2017-04-21 20:00:50 <Shiz> luxio: what does # ldd /usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/libfontmanager.so  say?
2017-04-21 20:01:01 <dalias> shiz, or it might just be a missing version dependency
2017-04-21 20:01:04 <dalias> i hit that a lot on alpine
2017-04-21 20:01:15 <dalias> one lib depends on latest version of another but the dependency isn't recorded :(
2017-04-21 20:02:26 <luxio> Shiz: https://ghostbin.com/paste/7vrxd
2017-04-21 20:02:45 <Shiz> hmm
2017-04-21 20:02:48 <Shiz> libawt should have that symbol
2017-04-21 20:03:10 <luxio> Shiz: I don't have that package in any repos
2017-04-21 20:03:23 <Shiz> well, it's on your file system right there
2017-04-21 20:03:30 <Shiz> "libawt.so => /usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/libawt.so (0x75cc32471000)"
2017-04-21 20:03:32 <Shiz> :P
2017-04-21 20:03:34 <Shiz> luxio: could you do
2017-04-21 20:03:56 <Shiz> objdump -T /usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/libawt.so | grep AWTFontDefaultChar
2017-04-21 20:04:09 <luxio> Shiz: no output
2017-04-21 20:04:14 <Shiz> hmmm
2017-04-21 20:07:39 <Shiz> ah
2017-04-21 20:07:50 <Shiz> apparently it's in libxawt...
2017-04-21 20:08:39 <Shiz> or...
2017-04-21 20:08:41 <Shiz> hmmm
2017-04-21 20:09:41 <Shiz> jdk's build system is kind of confusing :P
2017-04-21 20:09:55 <Shiz> but it seems to imply it should be in libawt...
2017-04-21 20:19:50 <luxio> Shiz: ~ > objdump -T /usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/libawt_xawt.so | grep AWTFontDefaultChar
2017-04-21 20:19:52 <luxio> that returns something
2017-04-21 20:20:00 <luxio> 0000000000021350 g    DF .text 0000000000000004  SUNWprivate_1.1 AWTFontDefaultChar
2017-04-21 20:51:06 <luxio> so...
2017-04-21 20:51:09 <luxio> any way to fix?
2017-04-21 20:51:24 <luxio> anyone else able to run minecraft?
2017-04-21 20:53:16 <Shiz> hmm
2017-04-21 21:01:11 <sigtrm> clandmeter sorry for replying late, I am using the ones downloaded under the armhf that has rpi in their name
2017-04-21 21:13:09 <transhuman> hi! I notice that in some places apachectl references /var/www I would like to change this to a different location. I also notice that apachectl -S shows Main DocumentRoot /usr/htdocs...how do i change this?
2017-04-21 21:14:47 <luxio> transhuman: /etc/apache2/conf/httpd.conf
2017-04-21 21:15:00 <luxio> what does it say?
2017-04-21 21:16:51 <Chloe> luxio: are there static builds maybe?
2017-04-21 21:17:37 <luxio> Chloe: how do I find out?
2017-04-21 21:19:09 <Chloe> Google?
2017-04-21 21:20:07 <transhuman> luxio that directory doesnt exist
2017-04-21 21:20:08 <luxio> Chloe: of minecraft?
2017-04-21 21:20:20 <transhuman> I have httpd.conf in /etc/apache2
2017-04-21 21:20:44 <Chloe> luxio: i mean look for a static build of java
2017-04-21 22:41:46 <stevenroose> My boot gets stuck on "Starting busybox crond..." seemingly indefinitely, but when I hit enter, "Starting sshd..." appears and it starts normally
2017-04-21 22:43:19 <Shiz> that's odd
2017-04-21 22:43:30 <Shiz> what if you manually # service crond restart ?
2017-04-22 07:12:18 <stevenroose> Where do I put openrc scripts?
2017-04-22 08:20:59 <kahiru> isn't it the lack-of-entropy issue again?
2017-04-22 08:53:27 <darkfader> stevenroose: /etc/init.d?
2017-04-22 08:58:08 <stevenroose> darkfader, found it, but thanks!
2017-04-22 08:58:19 <stevenroose> By default (extended install), there is no firewall installed, right?
2017-04-22 08:58:42 <stevenroose> command not found: iptables
2017-04-22 08:58:50 <stevenroose> command not found: awall
2017-04-22 08:58:54 <stevenroose> so I guess not
2017-04-22 08:59:11 <stevenroose> Because I can't seem to connect to it on a non-standard port
2017-04-22 13:11:57 <pharvey> Gave Alpine a proper go on real hardware today, awesome work!
2017-04-22 13:12:27 <pharvey> What's the equivalent of DKMS packages in alpine if I want to maintain an out-of-tree driver on my system?
2017-04-22 13:28:37 <pharvey> Never mind, I see in old irc logs that this isn't really a thing.
2017-04-22 16:37:54 <mepholic> i'm having trouble with a python package I'm building
2017-04-22 16:38:05 <mepholic> https://pypi.python.org/pypi/rdflib
2017-04-22 16:38:48 <mepholic> here's my apkbuild
2017-04-22 16:38:52 <mepholic> https://paste.ee/p/2cpFu#Ue7pXWzyZRDLEXTKELaFnaEzkLSsTqrX
2017-04-22 16:39:27 <mepholic> and the apkbuild for the py-isodate dependancy
2017-04-22 16:39:32 <mepholic> https://paste.ee/p/1Pinz#of06OMDgeR5tSeR8D4Ty3WtEEKG8Z2DC
2017-04-22 16:39:47 <mepholic> isodate works fine in python 2 and 3
2017-04-22 16:40:09 <mepholic> rdflib works fine in python 3, but it throws the following error in python 2
2017-04-22 16:40:45 <mepholic> https://paste.ee/p/oTPA5#zvTOE0qpEQn70NgHzBTG44GWwdOTJKht
2017-04-22 16:41:09 <mepholic> if I look at /usr/lib/python2.7/site-packages/rdflib/term.py, line 46
2017-04-22 16:41:46 <mepholic> it contains the following: from urllib.parse import urlparse, urljoin, urldefrag
2017-04-22 16:43:35 <mepholic> but when I abuild unpack, the py-rdflib/src/rdflib-4.2.2/rdflib/term.py file contains the following on line 46
2017-04-22 16:43:36 <mepholic> from urlparse import urlparse, urljoin, urldefrag
2017-04-22 16:43:45 <mepholic> which works fine in python 2.7
2017-04-22 16:44:07 <mepholic> my question is, why is this happning? does anyone have any ideas or tips to lead me in the right direction?
2017-04-22 16:50:36 <mepholic> it looks like the python2 package is somehow getting cross contaminated with the python3 build
2017-04-22 16:51:48 <mepholic> cause I just built it by hand and it worked fine (put the proper cooresponding lines from above in the corresponding python version lib directories)
2017-04-22 16:56:47 <mepholic> when I say cross-contaminated, I mean both packages seem to contain the python3 code
2017-04-22 17:01:02 <TemptorSent> pharvey: Do the drivers you need use the standard kbuild system?
2017-04-22 18:17:14 <mepholic> i figured it out
2017-04-22 18:17:25 <mepholic> i just nuked the build section entirely and it works fine
2017-04-22 18:17:43 <mepholic> it was running 2to3 in the python3 build
2017-04-22 21:43:10 <mlu> if I want to setup UEFI boot on my system, do I currently need to setup the partitions manually?
2017-04-22 21:43:48 <mlu> or is there something nifty going on in edge right now?
2017-04-22 21:50:00 <TBB> I've just done that manually
2017-04-22 21:50:47 <mlu> which bootloader did you end up using?
2017-04-22 21:51:11 <TBB> gummiboot
2017-04-22 21:51:49 <mlu> any issues with blank screens, etc.?
2017-04-22 21:52:14 <TBB> only one specific laptop model has ever given me that
2017-04-22 21:52:37 <TBB> no such problems with any others
2017-04-22 21:52:37 <mlu> wonder if it's my laptop: Asus Zenbook UX501VW
2017-04-22 21:53:51 <mlu> thanks for the info
2017-04-22 21:53:54 <mlu> 
ACTION continues the adventure

2017-04-22 21:53:56 <TBB> there's always the possibility, of course, of having bugs in the UEFI firmware. but also make sure you have the necessary options
2017-04-22 21:54:51 <mlu> gummiboot showed up as expected but everything goes to a blank screen as soon as I load linux
2017-04-22 21:55:04 <mlu> tried with syslinux too: same results
2017-04-22 21:55:30 <TBB> unsurprisingly that same model that gave me occasional blank screens had other bugs in the firmware too, some of the type that got really frustrating... which was hilarious in a way: the brand uses another company's UEFI firmware in their low end models and it works 100%; their high end ones have firmware developed by themselves and it is both buggy and annoying as fuck to use
2017-04-22 21:56:00 <mlu> which leads me to believe that this is probably that efifb issue based on a quick google
2017-04-22 21:56:32 <mlu> haha, maybe that outsourced firmware company specializes in firmware
2017-04-22 21:57:25 <nsz> screen can be blank at that point for many reasons
2017-04-22 21:58:03 <nsz> may depend on kernel boot params, kernel modules loaded, hardware issue, firmware issue,..
2017-04-22 21:58:21 <TBB> I think the low-end model firmware was InsydeH2O or something, and it worked just fine
2017-04-22 21:58:29 <mlu> I did have a complicated setup and (nvme, lvm, crupt, btrfs) and am wondering if I should try a more basic one first
2017-04-22 21:59:41 <TBB> I don't have UEFI systems at home right now so I can't really investigate this, but fbcon springs to mind, and now that I think of it...
2017-04-22 22:00:00 <TBB> ... if your system has two graphics adapters then you might have to "configure away" one of them
2017-04-22 22:00:51 <mlu> will give that a bit more of a shot: my system has both an nvidia and intel graphics
2017-04-22 22:01:10 <TBB> configure away as in prevent it from being used at boot; some Dell model I used required preventing the use of its Radeon to get it to boot right
2017-04-22 22:02:09 <mlu> my next steps: prepare a UEFI boot install medium (vs using BIOS boot to install) and see if I can reproduce the issue
2017-04-22 23:04:35 <dave0x6d> dirac1: which host did you get 48c734d2506e4328d6bfe256e0b6c8e596ab285c386e85ececb0342e2981933d from?
2017-04-22 23:04:53 <arch3y> yeah I was a bit confused by that
2017-04-22 23:05:14 <dave0x6d> dirac1: I checked two mirrors and got the same hash. http://sprunge.us/RYaV
2017-04-22 23:06:24 <dirac1> This: --2017-04-22 18:34:05--  https://nl.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-extended-3.5.2-x86_64.iso
2017-04-22 23:07:30 <dave0x6d> dirac1: you used that mirror for both files?
2017-04-22 23:08:24 <dirac1> https://nl.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-extended-3.5.2-x86_64.iso.sha256
2017-04-22 23:09:19 <dirac1> waitup.
2017-04-22 23:10:10 <dirac1> Yes, the same.
2017-04-22 23:12:23 <dave0x6d> dirac1: k, one second.
2017-04-22 23:18:11 <dave0x6d> dirac1: hmm, I'm getting the exact same hash every time from that host. http://sprunge.us/CXaG
2017-04-22 23:18:34 <dirac1> So.. i'm doing the hashing wrong?
2017-04-22 23:18:41 <dirac1> or someone modified my iso? o.o
2017-04-22 23:21:08 <dave0x6d> dirac1: can you paste the output of `7z l <bad-iso-file-here`?
2017-04-22 23:21:53 <dave0x6d> let's see what happened to the corrupt ISO. Full command: 7z l alpine-extended-3.5.2-x86_64.iso
2017-04-22 23:25:28 <dirac1> one moment.
2017-04-22 23:28:20 <dirac1> dave0x6d: https://ptpb.pw/PqN3
2017-04-22 23:28:34 <dirac1> I'm downloading the iso again, but is quite slow.
2017-04-22 23:29:33 <Shiz> have you tired from dl-cdn?
2017-04-22 23:29:36 <Shiz> might be faster
2017-04-22 23:29:55 <Shiz> tried*
2017-04-22 23:30:28 <arch3y> nl.alpinelinux.org worked fine for me with the extended iso and the sha256 sum
2017-04-22 23:31:32 <dirac1> Maybe i'm the one doing something wrong :/
2017-04-22 23:31:54 <arch3y> I put both in my downloads folder ie iso and sum file
2017-04-22 23:32:06 <arch3y> the ran sha256sum -c blah.sha256 file
2017-04-22 23:32:17 <arch3y> instant verification of iso
2017-04-22 23:35:35 <dirac1> Yeah well mine failed o.o
2017-04-22 23:36:01 <dirac1> I downloaded it with wget, and at some point stopped and i simply restarted.
2017-04-22 23:36:04 <dave0x6d> dirac1: thanks, one minute.
2017-04-22 23:36:10 <arch3y> gotcha
2017-04-22 23:36:15 <arch3y> well thats unfortunate
2017-04-22 23:36:39 <dirac1> Yeah, but i used the wget -c, so i restarted and it started in the same spot.
2017-04-22 23:37:30 <arch3y> maybe something like aria2c  would pull it down faster before it potentially died or maybe try a different mirror
2017-04-22 23:37:45 <arch3y> but it sounds like dave0x6d has you covered so Ill bow out]
2017-04-22 23:39:38 <dave0x6d> dirac1: looks like wget started from the beginning and appended to the ISO instead of resuming.
2017-04-22 23:39:58 <dirac1> :O
2017-04-22 23:40:10 <dirac1> Appended inside the iso file?
2017-04-22 23:41:49 <dave0x6d> dirac1: my guess is that the download died at 120.2 MB, correct?
2017-04-22 23:42:12 <dirac1> Can't remenber, maybe.
2017-04-22 23:43:05 <dirac1> dave0x6d, see this:
2017-04-22 23:43:38 <dave0x6d> the file probably looks like this: [first 120 MB of ISO] + [full 260 MB of ISO] = [380 MB of corrupt ISO]
2017-04-22 23:45:06 <dirac1> i used nohup to Desattach the process from the tty, let me get the nohup.out
2017-04-22 23:46:01 <mepholic> huh
2017-04-22 23:46:21 <mepholic> so I just built ardour and it's dependencies for alpine
2017-04-22 23:46:23 <mepholic> and it works
2017-04-22 23:46:25 <mepholic> :)
2017-04-22 23:47:45 <dirac1> dave0x6d: https://ptpb.pw/ywGO
2017-04-22 23:54:22 <dave0x6d> dirac1: yeah I can't tell exactly where the length got broken, but the corruption was definitely caused locally. The server is reporting "Length: 261095424 (249M)" on every request there.
2017-04-22 23:55:40 <dirac1> dave0x6d, so.. i didn't get hacked? xD
2017-04-22 23:55:49 <dave0x6d> doesn't appear so.
2017-04-22 23:56:06 <dave0x6d> dirac1: I'd suggest using aria2 instead of wget, it'll probably help a lot.
2017-04-22 23:56:07 <Shiz> mepholic: :)
2017-04-22 23:56:28 <dirac1> dave0x6d, i'll download it, thanks for your time.
2017-04-22 23:56:35 <dave0x6d> np.
2017-04-22 23:56:55 <dave0x6d> tbh I was hoping your ISP injected some malicious binary so I could analyze it :p
2017-04-22 23:57:08 <dirac1> lol
2017-04-22 23:57:34 <dirac1> I'm not from a smart country...(but it is a dictatorship)
2017-04-22 23:59:17 <dave0x6d> dirac1: if you have another device or VM I can ssh into, I'd be willing to look at it more in-depth to make sure.
2017-04-22 23:59:32 <dave0x6d> i'd usually suggest uploading it.. but that's not gonna work with your internet speed.
2017-04-23 00:00:02 <dirac1> I have, i downloaded the iso from my home server but is closed to the outside.
2017-04-23 00:02:17 <dirac1> but i don't want to open ports or register an domain, because is a small pogo plug just to download stuffs and maintain a smb inside my lan.
2017-04-23 00:16:50 <TBB> I'd suggest using curl directly instead of using aria2 to use curl :P
2017-04-23 00:26:19 <dave0x6d> TBB: aria2 is completely different than curl.
2017-04-23 00:30:48 <dirac1> dave0x6d, downloaded again and now the hash are ok.
2017-04-23 00:31:00 <dirac1> is ok*
2017-04-23 00:31:09 <dave0x6d> yeah not too surprising =)
2017-04-23 00:31:25 <dave0x6d> I downloaded it around half a dozen times earlier and it checked out every time.
2017-04-23 00:34:46 <dirac1> lol
2017-04-23 00:34:49 <dirac1> Ok
2017-04-23 01:07:06 <Dirac1> dave0x6d, you there?
2017-04-23 01:07:20 <dave0x6d> Dirac1: probably
2017-04-23 01:07:24 <Dirac1> i have a question about creating the bootable usb for alpine, but using UEFI
2017-04-23 01:07:59 <Dirac1> The wiki have an tutorial.. but it uses packages from the alpine-conf... :l.
2017-04-23 01:08:48 <dave0x6d> sorry, I don't use alpine
2017-04-23 01:09:14 <Dirac1> Oh...
2017-04-23 01:09:20 <Dirac1> OH...
2017-04-23 01:11:56 <Dirac1> gummiboot is now systemd-boot.
2017-04-23 01:12:00 <Dirac1> Oh my god this is old.
2017-04-23 01:12:06 <dalias> :-p
2017-04-23 01:12:32 <Dirac1> dalias, could you help me out?
2017-04-23 01:14:24 <Shiz> i wonder if dalias has a highlight on systemd
2017-04-23 01:15:56 <dalias> haha no just saw activity in this channel
2017-04-23 01:16:05 <dalias> dirac1, sorry i probably don't know anything about it
2017-04-23 01:16:13 <dalias> i just :-p'd at systemd-creep
2017-04-23 01:16:21 <Dirac1> this isn't about systemd.
2017-04-23 01:16:29 <Dirac1> This is about a guide in the alpine wiki
2017-04-23 01:16:39 <Dirac1> https://wiki.alpinelinux.org/wiki/Create_UEFI_boot_USB
2017-04-23 01:17:04 <transhuman> Hi! Apache is giving me this group of errors notice the heartmonitor error. I believe the module wont load because some support for slotmem isn't compiled in the alpine-linux kernel or something like that http://sprunge.us/dOKM   anyone able to confirm with apache2?
2017-04-23 01:17:14 <dalias> yeah but thats not a topic i know much about
2017-04-23 01:17:18 <dalias> i just disable uefi :)
2017-04-23 01:17:23 <Dirac1> Oh my god.
2017-04-23 01:19:28 <dalias> ?
2017-04-23 02:13:28 <tmh1999> disable uefi is a go-to I guess
2017-04-23 02:16:01 <dave0x6d> don't do that.
2017-04-23 02:16:25 <dave0x6d> Diftraku: anyway, Arch works with UEFI out of the box.
2017-04-23 02:16:44 <dave0x6d> oops, meant to tab Dirac1 (who left)./
2017-04-23 02:20:03 <dalias> why would you want uefi enabled if you have an option to disable it?
2017-04-23 02:20:31 <dalias> it's just more unwanted, potentially buggy/malicious code running at low level before boot and probably persisting in a way that it remains dangerous after
2017-04-23 02:24:12 <dave0x6d> dalias: No common motherboards allow "disabling" UEFI. Using UEFI CSM is still UEFI.
2017-04-23 02:25:04 <Shiz> yeah there is no option to disable uefi
2017-04-23 02:25:18 <Shiz> at most you run CSM/disable UEFI boot options
2017-04-23 02:25:27 <Shiz> but thats a whole different thing
2017-04-23 02:26:07 <dave0x6d> yep, it's annoying that there's this myth that somehow UEFI CSM without any signatures is more "secure" than proper UEFI.
2017-04-23 02:27:18 <dalias> i suspect that's an oversimplification
2017-04-23 02:28:11 <dalias> recently i read about systems destroying a flash chip and bricking themselves because the uefi writes the flash at every boot
2017-04-23 02:28:19 <dalias> and iirc "disable uefi" was a workaround
2017-04-23 02:28:57 <dalias> i'm not an expert on the topic, but i suspect "disabling" it does disable a significant amount of the malicious crap
2017-04-23 02:29:42 <Dirac1> i followed the steps in the tutorial.. but nothing.
2017-04-23 02:30:03 <Dirac1> The laptop dectect the UEFI file, but when it tries to but.. blackscreen.
2017-04-23 02:31:29 <Dirac1> The only part i didn't exactly as the guide is this command " cd /mnt && uniso < /path/to/alpine-3.4.0-x86_64.iso ", because i don't have the uniso bin... logically because i don't have alpine installed.. -.-
2017-04-23 02:33:05 <dave0x6d> dalias: assuming an attacker can flash your firmware (which is *usually* difficult without physical access), having an operating system in UEFI CSM or just UEFI really doesn't matter.
2017-04-23 02:34:30 <dalias> that's not my assumption
2017-04-23 02:34:30 <dave0x6d> you don't load the operating system and /then/ your bootkit. You load the bootkit first (UEFI) and then the operating system (which you can set to run with UEFI CSM).
2017-04-23 02:34:37 <Shiz> dalias: ive dived into a fair amount of BIOS internals, and in my experiencen o such thing exists.
2017-04-23 02:34:55 <Shiz> UEFI doesnt supplement legacy BIOS
2017-04-23 02:34:58 <Shiz> it subsumes and replaces it
2017-04-23 02:34:58 <dalias> my assumption is physical security
2017-04-23 02:35:02 <Shiz> there is nothing else than the UEFI
2017-04-23 02:35:06 <Shiz> and thus it can't be turned off
2017-04-23 02:35:23 <Shiz> maybe it was a specific UEFI feature that was turned off in the BIOS, that might be a different thing, although it wouldn't be one I know of
2017-04-23 02:35:33 <Shiz> but you can't turn off that which has no replacement :p
2017-04-23 02:36:04 <dalias> shiz, my guess would be that "turning it off" just boots with a minimal uefi program that provides legacy bios and passes off execution to the os
2017-04-23 02:36:14 <Shiz> that is not a thing
2017-04-23 02:36:18 <Shiz> there is no legacy bios
2017-04-23 02:36:21 <Shiz> in UEFI systems
2017-04-23 02:36:23 <dalias> *sigh*
2017-04-23 02:36:28 <dalias> you misunderstadn what i mean
2017-04-23 02:36:36 <Shiz> let me put it like this
2017-04-23 02:36:41 <dave0x6d> dalias: so why do you think an attacker wouldn't put their bootkit before the 'minimal uefi program'?
2017-04-23 02:36:49 <Shiz> there is no such thing as minimal UEFI either
2017-04-23 02:36:50 <dalias> by "provides legacy bios" i mean the sw-interrupt-based api
2017-04-23 02:37:00 <dalias> dave0x6d, THAT IS NOT MY THREAT MODEL
2017-04-23 02:37:26 <dalias> my threat model assumes physical security
2017-04-23 02:37:27 <Shiz> dalias: i get what you mean, you're talking about the legacy BIOS interface (which is CSM)
2017-04-23 02:37:34 <dave0x6d> what threat model has attackers who can write UEFI malware but doesn't know how to deal with UEFI CSM?
2017-04-23 02:37:45 <dalias> it doesn't have attackers who write uefi malware
2017-04-23 02:37:56 <Shiz> nobody's talking about attackers or threat models afaik
2017-04-23 02:37:59 <dalias> it has buggy crap
2017-04-23 02:38:01 <Shiz> dalias was talking about a uefi firmware bug
2017-04-23 02:38:07 <Shiz> supposedly
2017-04-23 02:38:27 <Dirac1> So.. anyone could help me creating the UEFI bootable usb?
2017-04-23 02:38:33 <Shiz> :P
2017-04-23 02:38:33 <Dirac1> u_u
2017-04-23 02:38:54 <dalias> in my ideal model, there would be no uefi or bios, kernel would be in flash and the first insn the cpu executed would be the first byte of that flash
2017-04-23 02:39:05 <Shiz> absolutely not
2017-04-23 02:39:08 <dave0x6d> 10:28:57 PM <dalias> i'm not an expert on the topic, but i suspect "disabling" it does disable a significant amount of the malicious crap
2017-04-23 02:39:08 <dave0x6d> I assumed that "malicious" implied security issues, not just bugs.
2017-04-23 02:39:13 <Shiz> the kernel dealing with low levle hw init seems like the worstp ossible thing
2017-04-23 02:39:19 <Shiz> especially since low level hw init can often NOT be detected
2017-04-23 02:39:29 <Shiz> but this seems a case for -offtopic
2017-04-23 02:40:06 <dave0x6d> dalias: ironically that would cause the thing that people (falsely) assume UEFI of causing: complete Windows lock-in.
2017-04-23 02:40:25 <dave0x6d> since each vendor would only bother getting Windows to work :p
2017-04-23 02:40:41 <Shiz> it'd turn UEFI into the mess that is ARM hardware booting right now
2017-04-23 02:40:49 <Shiz> which only works somewhat right on linux at all because linux is what most people run on ARM
2017-04-23 02:41:00 <Shiz> anyway
2017-04-23 02:41:02 <dalias> shiz, device tree is the right solution to that
2017-04-23 02:41:05 <Shiz> -offtopic, anyone?
2017-04-23 02:41:06 <dalias> in any case its's getting highly off-topic
2017-04-23 02:41:36 <Shiz> Dirac1: there are some people who booted it through UEFI before, but sadly i'm not one of them
2017-04-23 02:41:58 <Shiz> Dirac1: however, gummiboot is still very much in the alpine repos, so it's not necesarily outdated
2017-04-23 02:42:03 <Shiz> did you run into any issues using the wiki stuff?
2017-04-23 02:42:10 <Shiz> ah, blackscreen
2017-04-23 02:42:22 <Dirac1> Yes... it doesn't boot.
2017-04-23 02:42:39 <Shiz> hmm
2017-04-23 02:42:49 <Shiz> it may boot but not yield a usable text console
2017-04-23 02:42:56 <Dirac1> but the "timeout" command is working, if i change the seconds.. it wait for that amount of time.
2017-04-23 02:43:11 <Shiz> timeout in...?
2017-04-23 02:44:04 <Dirac1> loader.conf
2017-04-23 02:44:18 <Dirac1> https://wiki.alpinelinux.org/wiki/Create_UEFI_boot_USB
2017-04-23 03:00:05 <Shiz> my guess would be that it doesn't have an early terminal, and because you didn't extract the iso to the boot part, early init fails and it dies
2017-04-23 03:00:20 <Shiz> because it has no boot medium
2017-04-23 03:09:31 <Dirac1> Wait up
2017-04-23 03:16:38 <Dirac1> Shiz, ok now i have a screen telling me taht i don't have any kernel.
2017-04-23 03:49:28 <Dirac1> Fuck! finally did it.
2017-04-23 03:58:15 <Xe> did 3.6 drop?
2017-04-23 04:10:56 <Dirac1> i did it.
2017-04-23 04:14:15 <reeed> ls
2017-04-23 05:25:16 <chatter29> hey guys
2017-04-23 05:25:19 <chatter29> allah is doing
2017-04-23 05:25:25 <chatter29> sun is not doing allah is doing
2017-04-23 05:25:27 <chatter29> to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger
2017-04-23 05:26:28 <ryonaloli> you have successfully converted me
2017-04-23 05:26:36 <ryonaloli> i will now wage jihad on puppies
2017-04-23 05:36:53 <TemptorSent> *LOL* How about a jihad ond 65.49.77.110?
2017-04-23 05:37:32 <TemptorSent> And WTF does it take to get that damn thing K-Lined?
2017-04-23 05:40:36 <ryonaloli> it just keeps coming back from new ips
2017-04-23 05:41:04 <Xe> TemptorSent: i've seen it use over 500 IP's over years
2017-04-23 05:43:36 <_ikke_> Xe: Have you been tracking it over the years?
2017-04-23 05:44:04 <Xe> _ikke_: i'm going off the times i've seen it on literally every other IRC network including freenode
2017-04-23 05:44:17 <Xe> it occasionally hits my testnet
2017-04-23 05:44:21 <Xe> where there's all of two users
2017-04-23 05:45:28 <ryonaloli> is your testnet available via search engines or could it only have found it via masscan?
2017-04-23 05:47:37 <Xe> \
2017-04-23 05:47:45 <Xe> ryonaloli: i have no idea
2017-04-23 05:49:54 <untoreh> hello, what is required to make /usr/bin/wall work on alpine ? doesn't ootb
2017-04-23 05:58:26 <untoreh> it must be because of "The system's default login accounting file is /dev/null/wtmp."
2017-04-23 06:03:06 <jailbox> http://wiki.musl-libc.org/wiki/FAQ#Q:_why_is_the_utmp.2Fwtmp_functionality_only_implemented_as_stubs_.3F
2017-04-23 08:16:33 <mlu> finally got Alpine booting with EFI on my system: turns out I had to use vesamenu instead of menu in syslinux, and that the mkinitfs.conf didn't include nvme when it should have
2017-04-23 08:20:33 <scadu> mlu: please fill a bug report providing with all the details then ;)
2017-04-23 10:09:33 <grzes_> hi there
2017-04-23 10:11:53 <grzes_> ERROR: unsatisfiable constraints: so:libcrypto.so.41 (missing): php7-openssl-7.1.3-r1[so:libcrypto.so.41]
2017-04-23 10:12:14 <grzes_> any ideas what could be wrong? my docker container stopped building lately
2017-04-23 10:12:41 <grzes_> basically i'm using php7.1 from testing repository
2017-04-23 10:14:43 <scadu> grzes_: use edge
2017-04-23 10:29:19 <grzes_> scadu: https://gist.github.com/anonymous/e4399f0382e4ee7594778c2c8e5587a8 - so what should i change?
2017-04-23 10:36:59 <grzes_> scadu: you mean base image alpine:edge right?
2017-04-23 10:42:47 <scadu> grzes_: mkay, so you use edge anyway. I thought you mixed repositories. as jirutka said on -devel -- php at the moment is broken
2017-04-23 10:43:20 <scadu> grzes_: please continue the topic on one of channels
2017-04-23 10:50:09 <scadu> grzes_: you can try with alpine:edge if you use any of the stable releases, but I'm not sure if php in testing is working nowadays as said above
2017-04-23 12:10:18 <trfl> when installing with SWAP_SIZE=0, setup-disk creates a 512byte /dev/sda2. Same behavior if I use -s 0. I expected /dev/sda2 to become sysroot. Is this intended behavior?
2017-04-23 12:35:13 <haarts> How do I add a user to a group? usermod doesn't seem to be a thing in Alpine?
2017-04-23 12:37:41 <haarts> Asking the question was answering it. I started looking in the logical place: add<tab><tab> and selected addgroup
2017-04-23 12:54:24 <trfl> fwiw, the following workaround/hack results in a working system with only sda1 and sda2 in my scenario: https://pastebin.com/V3APdVEk
2017-04-23 13:16:20 <sigtrm> Still struggling with Alpine on a RPi 2 and would like advice
2017-04-23 15:27:03 <xentec> sigtrm, does your boot partition has a label?
2017-04-23 15:27:23 <sigtrm> It does
2017-04-23 15:27:25 <xentec> remove it
2017-04-23 15:27:33 <sigtrm> Okay, is that a problem?
2017-04-23 15:27:37 <xentec> had the same trouble with rpi3
2017-04-23 15:27:58 <sigtrm> Wow, would have never guessed something like that could cause problems
2017-04-23 15:28:05 <sigtrm> I will try it out now
2017-04-23 15:28:28 <xentec> I guess the GPU boot code doesnt like FAT labels
2017-04-23 15:28:43 <xentec> had the same issue on my rpi3, drove me nuts
2017-04-23 15:30:06 <xentec> and make sure have FAT32 partition with type 0x0c and boot flag set
2017-04-23 15:30:37 <sigtrm> Yes that part I have done
2017-04-23 15:46:40 <sigtrm> xentec, thank you for your advice, preliminary results with 3.5.2 just gives me a no signal on my screen
2017-04-23 15:46:58 <sigtrm> I'll not try 3.4.6 since that one gives me the rainbow screen
2017-04-23 15:50:05 <sigtrm> Now try, not NOT try
2017-04-23 15:50:06 <sigtrm> sorry
2017-04-23 15:56:23 <sigtrm> xentec, it works with 3.4.6 now!
2017-04-23 15:56:26 <sigtrm> Finally!
2017-04-23 15:56:29 <sigtrm> Thanks for the help
2017-04-23 15:58:43 <xentec> sigtrm: no problem. you should be able to update to 3.5 with `apk` and `update-kernel`. at least on rpi3 alpine continued booting on 3.5
2017-04-23 15:59:19 <sigtrm> Why is there no infor about this bug(?) on the wiki or any other place?
2017-04-23 16:01:08 <sigtrm> Or a fix
2017-04-23 16:01:12 <sigtrm> Well anyways, thank you
2017-04-23 16:01:31 <sigtrm> I appreciate the help, I'll see if I can get the 3.5.x branch going
2017-04-23 16:01:52 <xentec> good luck!
2017-04-23 17:15:52 <darkfader> what was wrong? 3.5.2 no worky in general?
2017-04-23 17:16:19 <darkfader> i got a scaleway C1 again, and upgraded to 3.5 OK
2017-04-23 17:16:37 <darkfader> (probably "their" kernel though
2017-04-23 18:03:52 <dirac1> Hello i need some help with grub
2017-04-23 18:16:01 <untoreh> dirac1: make sure you have packages installed like util-linux and multipath-tools, which are not included in the dependencies..
2017-04-23 20:24:02 <chatter29> hey guys
2017-04-23 20:24:07 <chatter29> allah is doing
2017-04-23 20:24:10 <chatter29> sun is not doing allah is doing
2017-04-23 20:24:11 <chatter29> to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger
2017-04-23 20:24:12 <TemptorSent> Get lost!
2017-04-23 20:58:24 <chatter29> hey guys
2017-04-23 20:58:27 <chatter29> allah is doing
2017-04-23 20:58:31 <chatter29> sun is not doing allah is doing
2017-04-23 20:58:33 <chatter29> to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger
2017-04-23 20:58:34 <scv> lol
2017-04-23 20:58:36 <Xe> chatter29: you here?
2017-04-23 20:58:38 <Xe> like
2017-04-23 20:58:40 <Xe> a human?
2017-04-23 20:58:48 <Xe> aww
2017-04-23 20:58:51 <scv> i've been seeing this spam for over a year now in different channels
2017-04-23 20:59:02 <Xe> scv: i made a mastodon bot satirizing it
2017-04-23 20:59:04 <Xe> https://mst3k.interlinked.me/@almarid
2017-04-23 20:59:05 <scv> hah
2017-04-23 20:59:11 <Xe> (it means disciple in arabic)
2017-04-23 20:59:22 <scv> yeah X is doing has sort of become a meme around irc
2017-04-23 21:14:52 <Shiz> ncopa: kaniini clandmeter: can you ban chatter*!*@gateway/web/*
2017-04-23 21:15:50 <stevenroose> My openrc seems to randomly kill my process
2017-04-23 21:16:42 <Xe> why do you think it's openrc killing it?
2017-04-23 21:17:44 <stevenroose> Xe, this is the sccript
2017-04-23 21:17:45 <stevenroose> https://gist.github.com/stevenroose/4ed5a76dd84e3e21b7ac8cad4654e21f
2017-04-23 21:18:00 <stevenroose> Becacuse I tail the logs and I know when it normally fails
2017-04-23 21:18:18 <stevenroose> It doesn;t show the panic or error log, just stops doing anything and the process disappears
2017-04-23 21:19:44 <Shiz> i think its a bit unlikely that openrc kills the process
2017-04-23 21:20:00 <stevenroose> Shiz, yeah I don't mean that it kills it explicitely
2017-04-23 21:20:04 <Shiz> what does # service btcd status  say?
2017-04-23 21:20:12 <stevenroose> But I suspect that something about the run environment makes it die somehow
2017-04-23 21:20:21 <Shiz> ah right
2017-04-23 21:20:50 <stevenroose> Shiz, didn't try when it hangs, will try next time, happens like after running for a minute or an hour, depends
2017-04-23 21:21:51 <stevenroose> Shiz Xe, status: crashed
2017-04-23 21:22:19 <stevenroose> It's weird because I see no abnormal logs
2017-04-23 21:22:50 <Xe> what does `pstree` say?
2017-04-23 21:22:56 <Xe> does it show btcd as alive?
2017-04-23 21:23:18 <stevenroose> Quick question: if I have two processes with an executable that has the same name, is that a problem? They are in separate locations
2017-04-23 21:23:27 <Shiz> no
2017-04-23 21:23:28 <Shiz> should not be
2017-04-23 21:23:29 <Xe> no
2017-04-23 21:23:42 <Xe> not unless you have an admin that is too judicious with `killall`
2017-04-23 21:23:48 <Shiz> stevenroose: right, crashed means that the pidfile doesn't refer to a process that exists anymore
2017-04-23 21:23:56 <Shiz> so i presume the process died as well
2017-04-23 21:24:22 <stevenroose> I have these two
2017-04-23 21:24:23 <stevenroose> https://gist.github.com/stevenroose/4ed5a76dd84e3e21b7ac8cad4654e21f
2017-04-23 21:24:41 <stevenroose> The executable is not the same (different version in the git tree)
2017-04-23 21:25:25 <Shiz> yeah that shouldn't be an issue
2017-04-23 21:25:48 <Shiz> couldnt it be that they refer to the same config file and try to do weird stuff in any directories specified there?
2017-04-23 21:25:52 <Shiz> and conflicting with eachother as a result
2017-04-23 21:25:54 <Shiz> just guessing
2017-04-23 21:26:03 <Shiz> oh its not the same config file
2017-04-23 21:26:50 <stevenroose> It's a different config file
2017-04-23 21:26:55 <stevenroose> (mind the 't')
2017-04-23 21:27:02 <stevenroose> Oh, you noticed :D
2017-04-23 21:27:18 <stevenroose> It's a different config folder, it's really weird that it failes without a notice
2017-04-23 21:27:33 <stevenroose> Is there anything non-openrc-related that can kill processes somehow?
2017-04-23 21:29:49 <Shiz> well, any shell with root access
2017-04-23 21:29:51 <Shiz> heh
2017-04-23 21:29:58 <Shiz> stevenroose: maybe try assigning a supervisor to it
2017-04-23 21:30:12 <Shiz> add to your rc file:
2017-04-23 21:30:14 <Shiz> supervisor=supervise-daemon
2017-04-23 21:31:15 <stevenroose> Shiz, what about ram shortage?
2017-04-23 21:31:26 <Shiz> well, that would be the kernel
2017-04-23 21:31:31 <Shiz> invoking its oom killer
2017-04-23 21:31:35 <Shiz> but you'd get messages in dmesg about that
2017-04-23 21:32:29 <stevenroose> What does the supervisor do? Should I install supervise-daemon?
2017-04-23 21:33:45 <Shiz> nah, it's part of openrc
2017-04-23 21:34:02 <Shiz> instead of launching your daemon, it will launch a supervisor that will launch your daemon
2017-04-23 21:34:09 <Shiz> and restart it when the daemon process exits
2017-04-23 21:36:19 <stevenroose> Shiz, that's not really a solution to the fact that it crashes. I can use it as a workaround in case I cannot solve it
2017-04-23 21:36:29 <stevenroose> Thanks, but I'd like to find the cause first :) crashed again
2017-04-23 21:36:30 <stevenroose> hmm
2017-04-23 21:37:14 <Shiz> stevenroose: its more that supervise-daemon may at least give you the reason why it crashed
2017-04-23 21:37:20 <Shiz> as in, its exit code or if it was through a signal
2017-04-23 21:53:11 <stevenroose> Oh
2017-04-23 21:53:37 <stevenroose> Shiz, how do I use supervise to do that?
2017-04-23 21:54:30 <Shiz> it passes info automatically through syslog
2017-04-23 21:54:39 <Shiz> so check your /var/log/message
2017-04-23 21:54:41 <Shiz> s
2017-04-23 21:56:43 <stevenroose> huh?
2017-04-23 21:57:23 <stevenroose>  /var/log/what?
2017-04-23 21:57:56 <Shiz> /var/log/messages
2017-04-23 22:02:09 <stevenroose> What goes there?
2017-04-23 22:02:18 <Shiz> your entire syslog
2017-04-23 22:02:27 <Shiz> including what supervise-daemon logs about its child processes dying
2017-04-23 22:05:25 <stevenroose> Wow, I added the line `supervisor=supervise-daemon` and rc-service tbtcd start started spewing the stdout instead of logging it
2017-04-23 22:05:35 <stevenroose> That's not what should happen, right?
2017-04-23 22:05:42 <Shiz> uh probably not
2017-04-23 22:05:51 <Shiz> you may need to change command_args to command_foreground_args
2017-04-23 22:06:00 <Shiz> https://github.com/OpenRC/openrc/blob/master/supervise-daemon-guide.md
2017-04-23 22:06:41 <stevenroose> It doesn't fork
2017-04-23 22:06:44 <stevenroose> Anyways
2017-04-23 22:06:54 <stevenroose> Maybe I don't need the background=yes, then?
2017-04-23 22:07:23 <Shiz> mmmaybe
2017-04-23 22:08:14 <stevenroose> I can't find dcumentation on command_background
2017-04-23 22:08:40 <stevenroose> Someone in this channel gave me that skeleton init script and I just used it :)
2017-04-23 22:10:04 <Shiz> stevenroose: that was probably me
2017-04-23 22:10:06 <Shiz> :p
2017-04-23 22:10:19 <stevenroose> :)
2017-04-23 22:10:22 <stevenroose> Thanks :)
2017-04-23 22:10:29 <stevenroose> So when do I need background?
2017-04-23 22:10:45 <stevenroose> The daemon I run does not go to the background, it stays in the foreground
2017-04-23 22:12:06 <stevenroose> Ok, if I don't put the background, I get all the stuff in the foreground
2017-04-23 22:12:10 <stevenroose> I guess I found the panic
2017-04-23 22:12:23 <stevenroose> The panic is in stderr, so it doesn't get logged
2017-04-23 22:13:03 <stevenroose> The reason was that for some concurrency reason, sometimes the error log message causing the panic was not printed
2017-04-23 22:13:38 <Shiz> aha
2017-04-23 22:13:59 <Shiz> so did that figure out what it was? :o
2017-04-23 22:16:55 <stevenroose> I think I did, yea
2017-04-23 22:17:01 <stevenroose> Thanks anyway for the help!
2017-04-23 22:17:29 <Shiz> for reference:
2017-04-23 22:17:47 <Shiz> command_background is needed when no supervisor is specified and the command stays in the foreground
2017-04-23 22:18:08 <Shiz> because the default supervisor (ssd, which isn't really a supervisor at all) needs to force everything to the background
2017-04-23 22:18:21 <Shiz> the reason i use that skeleton i gave you is that it makes it easier to switch between supervisors
2017-04-23 22:18:26 <Shiz> (if you remove command_background, I guess?)
2017-04-23 22:26:21 <Dirac1> Hello i'm trying to configure connman on alpine, but in boot appears this error: RTNETLINK answers: file exists, and when i try to use connman scan wifi, it says is not supported the device
2017-04-23 23:14:13 <Dirac1> Help?
2017-04-23 23:14:16 <Dirac1> Hello i'm trying to configure connman, but in boot appears this error: RTNETLINK answers: file exists, and when i try to use connman scan wifi, it says is not supported the device
2017-04-23 23:34:16 <BitL0G1c> Dirac1 - I've not used connman - but this works for wifi on alpine https://it-offshore.co.uk/linux/alpine-linux/46-alpine-linux-automatic-wireless-configuration
2017-04-23 23:35:07 <Dirac1> yes wpa_supplicant worked for me, i wanted to use connman.. :/
2017-04-23 23:51:54 <Dirac1> fuck it i'll use wpa_supplicant don't know what's wrong with connman
2017-04-24 01:04:22 <luxio> How do I fix my time? `date` says this: Sun Apr 23 17:03:58 EDT 2017
2017-04-24 01:04:29 <luxio> Interestingly enough, xfce displays the correct time.
2017-04-24 01:04:36 <luxio> It's 9:04 PM where I live.
2017-04-24 01:05:55 <luxio> nvm fixed.
2017-04-24 01:06:40 <Shiz> you set the TZ variable
2017-04-24 01:06:41 <luxio> wait no
2017-04-24 01:06:42 <Shiz> :P
2017-04-24 01:06:47 <luxio> ?
2017-04-24 01:06:48 <Shiz> in your ~/.profile
2017-04-24 01:06:57 <Shiz> immunity:~$ cat ~/.profile
2017-04-24 01:06:59 <Shiz> export TZ=Europe/Amsterdam
2017-04-24 01:07:02 <luxio> Shiz: I don't have that file
2017-04-24 01:07:06 <Shiz> you create it
2017-04-24 01:07:14 <Shiz> also apk add tzdata for that to work
2017-04-24 01:07:58 <luxio> Shiz: what now?
2017-04-24 01:08:12 <Shiz> set TZ to your actual timezone
2017-04-24 01:08:17 <Shiz> then re-open your shell
2017-04-24 01:08:24 <Shiz> it should work now
2017-04-24 01:08:28 <Shiz> (in ~/.profile)
2017-04-24 01:08:34 <luxio> brb
2017-04-24 01:08:51 <kaniini> Shiz: banning is not doing, allah is doing
2017-04-24 01:09:02 <Shiz> allah is not banning, kaniini is banning
2017-04-24 01:09:22 <Xe> xD
2017-04-24 01:10:16 <Shiz> danke
2017-04-24 01:11:23 <kaniini> i use matrix because it is easiest to get push notifications to my phone, so it took a minute to figure out how to make their janky IRC gateway set a ban
2017-04-24 01:11:27 <kaniini> :p
2017-04-24 01:11:31 <luxio> alright yeah the time seems to work now
2017-04-24 01:11:35 <luxio> but tor still isn't starting
2017-04-24 01:11:44 <luxio> it's stuck at Apr 23 21:09:57.000 [notice] Bootstrapped 100%: Done
2017-04-24 01:12:59 <Xe> luxio: is it not opening ports?
2017-04-24 01:13:16 <luxio> Xe: how do I find out?
2017-04-24 01:13:46 <kaniini> ryonaloli: serious question do you actually use alpine
2017-04-24 01:14:02 <psychi[m]> 😄
2017-04-24 01:14:03 <Xe> luxio: netstat -tnlp
2017-04-24 01:15:17 <luxio> Xe: https://ghostbin.com/paste/zd6gp
2017-04-24 01:15:36 <Xe> luxio: what does your torrc look like?
2017-04-24 01:15:57 <luxio> Xe: I don't think I have one
2017-04-24 01:16:10 <Xe> ah
2017-04-24 01:16:22 <Xe> it's binding to port 9050, that's a good sign
2017-04-24 01:16:28 <Xe> do you have torsocks/torify installed?
2017-04-24 01:17:06 <luxio> I don't see a torify package but I just did apk add torsocks
2017-04-24 01:17:09 <luxio> didn't seem to help
2017-04-24 01:17:18 <luxio> still no torrc
2017-04-24 01:17:32 <Xe> yeah, it should fallback to default settings then
2017-04-24 01:17:40 <Xe> lemme check my notes (I am the tor maintainer for alpine)
2017-04-24 01:17:44 <luxio> Apr 23 21:16:47.063 [notice] Configuration file "/etc/tor/torrc" not present, using reasonable defaults.
2017-04-24 01:18:14 <TemptorSent> Thank you kaniini!
2017-04-24 01:19:22 <TemptorSent> We need an 'allah is not doing, banning is done' bot :)
2017-04-24 01:20:34 <Xe> TemptorSent: i made one for mastodon: https://mst3k.interlinked.me/@almarid
2017-04-24 01:20:41 <TemptorSent> Nice :)
2017-04-24 01:20:51 <Xe> it's shuffling through /usr/share/dict/words
2017-04-24 01:20:53 <kaniini> that guy is a troll
2017-04-24 01:21:10 <kaniini> he is trying to make people think that muslims spam
2017-04-24 01:21:25 <kaniini> i called him out on it once on some irc channel
2017-04-24 01:21:32 <kaniini> he said fuck you and quit
2017-04-24 01:22:17 <mepholic> ncopa: lol
2017-04-24 01:22:29 <mepholic> you built a hydrogen package?!
2017-04-24 01:22:29 <TemptorSent> Spammers can fuckoffanddie
2017-04-24 01:22:35 <mepholic> are you into music?
2017-04-24 01:22:41 <mepholic> like creating music?
2017-04-24 01:23:13 <mepholic> ncopa: I built ardour for alpine
2017-04-24 01:23:19 <TemptorSent> I don't care what flavor, I hate it, but regligious spam is particularly obnoxious.
2017-04-24 01:23:27 <mepholic> I'm having a buddy review my packages, I'll submit them soon
2017-04-24 01:23:49 <Xe> luxio: default config in alpine:edge works for me, try $ torsocks curl https://check.torproject.org/
2017-04-24 01:23:51 <TemptorSent> mepholic: Hmm, how much of the audio-processing chain have you packaged?
2017-04-24 01:23:54 <Xe> pipe it to less of unsure
2017-04-24 01:23:56 <Xe> if*
2017-04-24 01:24:14 <mepholic> TemptorSent: what do you mean the audio-processing chain?
2017-04-24 01:24:20 <mepholic> if you're asking about the dependencies
2017-04-24 01:24:23 <mepholic> all of them
2017-04-24 01:24:36 <mepholic> it took like 12 hours of dicking around yesterday
2017-04-24 01:24:38 <mepholic> but i did it
2017-04-24 01:24:41 <mepholic> and it mostly works
2017-04-24 01:24:43 <TemptorSent> mepholic: Nice!
2017-04-24 01:24:53 <TemptorSent> mepholic: JACK backend?
2017-04-24 01:24:55 <mepholic> yep
2017-04-24 01:25:03 <mepholic> i havent tested it yet
2017-04-24 01:25:10 <TemptorSent> Any RT optimization?
2017-04-24 01:25:13 <mepholic> i need to build a qjackctl backend
2017-04-24 01:25:21 <mepholic> and no RT stuff yet
2017-04-24 01:25:25 <luxio> Xe: https://ghostbin.com/paste/9nza3
2017-04-24 01:25:31 <TemptorSent> Gotcha.
2017-04-24 01:25:37 <mepholic> would be cool if we could get some guys together to build an rt kernel
2017-04-24 01:25:45 <TemptorSent> mepholic: Keep me in the loop on it, I'm highly interested.
2017-04-24 01:25:49 <mepholic> i know a bit about it, but I'd like some advice
2017-04-24 01:26:35 <TemptorSent> I haven't played with the hardrt stuff since 2.6 era, but recent sched_rt improvements might be sufficient to get latency controlled.
2017-04-24 01:26:52 <Xe> luxio: $ echo "HI" | nc 127.0.0.1 9050
2017-04-24 01:26:58 <Xe> it'll make tor shit out an error message
2017-04-24 01:27:18 <Xe> does that work?
2017-04-24 01:28:25 <luxio> Xe: doesn't output anything
2017-04-24 01:28:36 <mepholic> TemptorSent: http://i.imgur.com/UPkXTU8.jpg
2017-04-24 01:28:44 <Xe> luxio: you upgraded to the latest tor?
2017-04-24 01:28:46 <luxio> oh, tor wasn't running. DURR.
2017-04-24 01:28:49 <Xe> oh
2017-04-24 01:28:51 <Xe> that'd do it
2017-04-24 01:28:53 <Xe> xD
2017-04-24 01:29:10 <Shiz> lol
2017-04-24 01:29:15 <luxio> Xe: http://termbin.com/7q45
2017-04-24 01:29:25 <Xe> yeah
2017-04-24 01:29:32 <Xe> tor takes ~3 min to spin up
2017-04-24 01:29:35 <Shiz> and now oyu can use torsocks
2017-04-24 01:29:38 <Shiz> prolly
2017-04-24 01:30:06 <Xe> Shiz: IME 3 minutes is the sweetspot
2017-04-24 01:30:12 <TemptorSent> Looking good mepholic!
2017-04-24 01:30:29 <Xe> luxio: suggestion: service start tor && sleep 3 && echo "HI" | nc 127.0.0.1 9050
2017-04-24 01:30:43 <Xe> wait
2017-04-24 01:30:46 <Xe> that's seconds not minutes
2017-04-24 01:30:55 <Shiz> lol
2017-04-24 01:31:01 <Xe> i've been on a plane for too long
2017-04-24 01:31:16 <Xe> and these freenode spambots are trying to send me antivirus false positives in a PM
2017-04-24 01:31:47 <luxio>  * service: service `start' does not exist
2017-04-24 01:31:50 <luxio> heheh
2017-04-24 01:32:08 <mepholic> TemptorSent: i did see one
2017-04-24 01:32:10 <mepholic> Apr 23 00:03:35 cataclysm kern.info kernel: [433936.782580] traps: ardour-5.8.0[7220] general protection ip:7fdeca7587ad sp:7fff37392f78 error:0 in ld-musl-x86_64.so.1[7fdeca735000+88000]
2017-04-24 01:32:10 <Shiz> it's service tor start
2017-04-24 01:32:12 <Shiz> not service start tor
2017-04-24 01:32:14 <mepholic> :<
2017-04-24 01:32:15 <luxio> ik
2017-04-24 01:32:15 <Shiz> xe is a bit silly
2017-04-24 01:32:18 <Xe> luxio: sorry, used to sysemctl
2017-04-24 01:32:20 <Xe> systemctl*
2017-04-24 01:32:36 <luxio>  * You need to setup /etc/tor/torrc first, see /etc/tor/torrc.sample for example
2017-04-24 01:32:37 <luxio>  * ERROR: tor failed to start
2017-04-24 01:32:52 <Xe> oh
2017-04-24 01:32:53 <Shiz> hmm, that seems like a wrong initd then
2017-04-24 01:32:54 <Xe> well
2017-04-24 01:32:58 <Shiz> since torrc is not required
2017-04-24 01:33:01 <Xe> cp /etc/tor/torrc.sample /etc/tor/torrc
2017-04-24 01:33:21 <Xe> Shiz: yeah, i'll fire up my aports VM
2017-04-24 01:33:32 <luxio> now I wait 3 mins?
2017-04-24 01:34:25 <Xe> try now
2017-04-24 01:34:28 <Xe> luxio: *
2017-04-24 01:34:37 <mepholic> anyways TemptorSent, it was about 16 packages I had to build, and I'm willing to maintain them
2017-04-24 01:35:04 <luxio> Xe: try what now?
2017-04-24 01:35:14 <luxio> the command? I did
2017-04-24 01:35:20 <Xe> got a HTTP error?
2017-04-24 01:35:32 <luxio> no, the last message I got is "* Starting tor ..."
2017-04-24 01:35:40 <luxio> [ ok ]
2017-04-24 01:36:31 <luxio> yeah now I got an error
2017-04-24 01:36:36 <Xe> perfect
2017-04-24 01:36:45 <luxio> https://ghostbin.com/paste/37meh
2017-04-24 01:36:48 <Xe> now try to curl the torproject check site
2017-04-24 01:37:35 <luxio> ...was I supposed to leave it running?
2017-04-24 01:37:53 <Xe> tor?
2017-04-24 01:37:56 <luxio> yeah
2017-04-24 01:38:00 <Xe> yeah
2017-04-24 01:38:02 <Xe> that's the point
2017-04-24 01:38:15 <Xe> very light in resource usage
2017-04-24 01:38:24 <luxio> [Apr 23 21:38:16] PERROR torsocks[3558]: socks5 libc connect: Connection refused (in socks5_connect() at socks5.c:185)
2017-04-24 01:38:25 <luxio> curl: (6) Couldn't resolve host 'check.torproject.org'
2017-04-24 01:38:34 <luxio> that's the error when I do that torsocks curl command
2017-04-24 01:38:43 <luxio> and I'm getting an error when running the `tor` command now
2017-04-24 01:38:54 <luxio> https://ghostbin.com/paste/jvfca
2017-04-24 01:40:30 <Xe> great
2017-04-24 01:40:47 <Xe> looks like i messed up the alpine tor package
2017-04-24 01:40:56 <Shiz> hehe
2017-04-24 01:41:38 <TemptorSent> mepholic Hmm, set it to dump a core.
2017-04-24 01:42:31 <mepholic> the real trick is reproducing it
2017-04-24 01:42:49 <mepholic> i'm also having a hell of a time getting /etc/security/limits.conf to work
2017-04-24 01:42:51 <TemptorSent> Yeah, just run it with the core size unlimited
2017-04-24 01:44:07 <TemptorSent> You probably want to look at musl for the culprit there :/
2017-04-24 01:44:40 <TemptorSent> And the fact that pam is not in use :)
2017-04-24 01:44:40 <mepholic> musl is part of the reason I use alpine
2017-04-24 01:44:42 <mepholic> :)
2017-04-24 01:44:44 <Shiz> that's a big assumption
2017-04-24 01:44:45 <Shiz> to make
2017-04-24 01:44:49 <mepholic> it really is
2017-04-24 01:45:08 <mepholic> considering how complex ardour is
2017-04-24 01:45:24 <Shiz> besides the fact that 9 out of 10 times musl was blamed for something, it turned out it was the application not following the C standards...
2017-04-24 01:45:27 <Shiz> in my experience
2017-04-24 01:45:32 <TemptorSent>  /etc/security/limits.conf uses pam, it appears.
2017-04-24 01:45:48 <TemptorSent> Intentional non-support, not a bug.
2017-04-24 01:46:25 <mepholic> aha
2017-04-24 01:46:27 <mepholic> that explains it
2017-04-24 01:46:31 <mepholic> i didn't even think of that
2017-04-24 01:46:33 <Shiz> im not even sure why /etc/security exists if PAM is not installed...
2017-04-24 01:46:35 <TemptorSent> In other words, you may have to use a different mechanism.
2017-04-24 01:46:50 <mepholic> so how would I go about setting my limits
2017-04-24 01:46:58 <Shiz> mepholic: # ulimit -c unlimited
2017-04-24 01:47:03 <Shiz> then start ardour from terminal
2017-04-24 01:47:47 <TemptorSent> For other limits, consider a wrapper or profile to source.
2017-04-24 01:48:46 <TemptorSent> You can also twiddle them in /proc and /sys variously.
2017-04-24 01:54:18 <mepholic> interesting
2017-04-24 01:54:20 <mepholic> good to know
2017-04-24 01:54:22 <mepholic> thanks :)
2017-04-24 01:55:29 <dalias> shiz, :)
2017-04-24 01:56:07 <Shiz> dalias: aside of course from the unwind stuff :p
2017-04-24 01:56:31 <TemptorSent> And irritations like _check functions.
2017-04-24 01:56:44 <Shiz> hmm?
2017-04-24 01:57:12 <TemptorSent> fortify crap in glibc.
2017-04-24 01:58:11 <TemptorSent> Most of what I've found that doesn't work in musl either was broken or ambiguous in the reference implementation.
2017-04-24 01:58:26 <Xe> Shiz: you mean funwind
2017-04-24 01:58:48 <TemptorSent> I think it was stack-unwinding.
2017-04-24 01:59:38 <TemptorSent> Something fugly cropped up in their work on rust IIRC.
2017-04-24 02:01:54 <Shiz> just a bug in musl
2017-04-24 02:02:09 <Shiz> where dl_iterate_phdr wouldn't work on static PIE binaries
2017-04-24 02:02:16 <Shiz> and thus unwinding would crash/fail
2017-04-24 02:03:23 <TemptorSent> Always good for moral ;)
2017-04-24 02:04:39 <dalias> :)
2017-04-24 02:04:47 <dalias> glad we tracked that down
2017-04-24 02:06:21 <luxio> Xe: thing is though, if I download tor and do "./start-tor-browser.desktop", that doesn't work either
2017-04-24 02:06:31 <luxio> this is the only message I get:
2017-04-24 02:06:32 <luxio> Launching './Browser/start-tor-browser --detach'...
2017-04-24 02:19:24 <TemptorSent> dalias: Things are looking good in musl land, great work :)
2017-04-24 09:31:45 <ScrumpyJack> thinking of moving from grsec to vanilla on a particular box. do i need to do more than just replace the kernel?
2017-04-24 10:02:25 <Shiz> ScrumpyJack: modules too
2017-04-24 10:13:32 <ScrumpyJack> ok
2017-04-24 10:21:38 <ScrumpyJack> i wounder if apk add linux-vanilla would be enough?
2017-04-24 10:26:06 <xentec> actually yes. the kernel select the current modules through flavor definition
2017-04-24 10:26:30 <xentec> you just have to set the right kernel to boot
2017-04-24 10:28:25 <ScrumpyJack> neat, it's running mkinitfs
2017-04-24 10:31:44 <ScrumpyJack> rebooting now
2017-04-24 10:38:37 <ScrumpyJack> hmm, that didn't work
2017-04-24 14:08:08 <armin> alpine01:~# apk add ca-certificates
2017-04-24 14:08:09 <armin> (1/1) Installing ca-certificates (20161130-r1)
2017-04-24 14:08:10 <armin> Executing busybox-1.25.1-r0.trigger
2017-04-24 14:08:11 <armin> Executing ca-certificates-20161130-r1.trigger
2017-04-24 14:08:12 <armin> OK: 410 MiB in 56 packages
2017-04-24 14:08:13 <armin> alpine01:~# update-ca-certificates
2017-04-24 14:08:14 <armin> WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
2017-04-24 14:08:15 <armin> alpine01:~#
2017-04-24 14:08:16 <armin> anyone a clue what to do here?
2017-04-24 14:08:38 <armin> it's working, nevertheless. :)
2017-04-24 14:21:03 <asdfls> hi, few questions. does the alpine for raspi have the 'fbtft' kernel module inbuilt?
2017-04-24 14:22:29 <asdfls> and is it possible anyhow to run alpine on nanopi/orangepi with allwinner cpu ( http://nanopi.org/NanoPi-M1_Feature.html )
2017-04-24 14:25:01 <asdfls> |r last one, wiki page ( https://wiki.alpinelinux.org/wiki/DIY_Fully_working_Alpine_Linux_for_Allwinner_and_Other_ARM_SOCs )
2017-04-24 14:34:59 <ScrumpyJack> asdfls: yes, fbtft is in
2017-04-24 14:35:39 <asdfls> ScrumpyJack: so lcds like 3.5 tft from NeoSec ( http://www.neosecsolutions.com//products.php?28&cPath=17 ) will work?
2017-04-24 14:36:04 <asdfls> they informed that it's this module that (probably alone?) make this lcd to work
2017-04-24 14:38:01 <dirac1> Hey guys why zsh-completions isn't in the packages, but it is zfs-zsh-completiosn?
2017-04-24 18:29:01 <feuerteufel> Hello @ all
2017-04-24 18:29:59 <Shiz> hi
2017-04-24 18:30:37 <feuerteufel> Someone here who Knows about this lvm2 error:
2017-04-24 18:30:44 <feuerteufel> http://lists.alpinelinux.org/alpine-user/0124.html
2017-04-24 18:32:19 <Shiz> ?
2017-04-24 18:32:24 <feuerteufel> I get mostlikly the same prob
2017-04-24 18:33:07 <feuerteufel> I get the Errors during boot
2017-04-24 18:33:39 <feuerteufel> for example:
2017-04-24 18:33:44 <feuerteufel> Error relocating /sbin/vgs: dm_report_group_push: symbol not found
2017-04-24 18:34:02 <Shiz> did you use # apk upgrade -a
2017-04-24 18:34:53 <feuerteufel> Yes, Itried that, but nothing heppened ... still the same
2017-04-24 18:35:31 <feuerteufel> Oh, I'm in 3.5.2
2017-04-24 18:36:17 <Shiz> do you have any edge repositories enabled?
2017-04-24 18:36:38 <feuerteufel> No
2017-04-24 18:38:01 <feuerteufel> Only this places:
2017-04-24 18:38:06 <feuerteufel> http://dl-3.alpinelinux.org/alpine/v3.5/main
2017-04-24 18:38:06 <feuerteufel> http://dl-3.alpinelinux.org/alpine/v3.5/community
2017-04-24 18:38:06 <feuerteufel> http://download.eisfair.org/v3.5/main
2017-04-24 18:38:06 <feuerteufel> http://download.eisfair.org/v3.5/backports
2017-04-24 18:38:51 <feuerteufel> The only spesial ist that there is XEN running
2017-04-24 18:39:34 <feuerteufel> This Prob heppend after upgrading from 3.4 to 3.5.2
2017-04-24 18:40:32 <feuerteufel> btw. it's not a Big one I just get this errors during boot
2017-04-24 18:40:35 <Shiz> ah
2017-04-24 18:40:42 <Shiz> if it's during boot, you may just need to regenerate your initramfs
2017-04-24 18:40:47 <Shiz> # mkinitfs
2017-04-24 18:41:38 <feuerteufel> just a sec, I'll try
2017-04-24 18:48:51 <feuerteufel> Great!! The errors are gone thanks a lot!!
2017-04-24 18:53:09 <Shiz> :)
2017-04-24 19:12:48 <sigtrm> Hey, when storing config files for a raspberry pi, should I use mmcblk0p1 which is the boot partition or use the mmcblk0p2 which is the main storage device?
2017-04-24 19:20:23 <feuerteufel> sigtrm: On my raspi, the first one is mounted to "/boot" the otherone to "/"
2017-04-24 19:20:41 <feuerteufel> Hope it help's
2017-04-24 19:20:45 <sigtrm> Thank you
2017-04-24 19:20:49 <sigtrm> It's the same here
2017-04-24 19:21:02 <sigtrm> But during the setup-apline scipt it asks where to save the config files
2017-04-24 19:21:08 <sigtrm> I have no idea what it is talking about
2017-04-24 19:21:27 <sigtrm> The default is mmcblk0p1 which is the /boot
2017-04-24 19:21:35 <sigtrm> Is this correct?
2017-04-24 19:21:46 <sigtrm> Or best practice?
2017-04-24 19:23:09 <feuerteufel> I'm sorry, on my raspi run's Raspian
2017-04-24 19:24:02 <sigtrm> It's okay, I appreciate the help
2017-04-24 19:27:21 <tw> if you're going to use them for a later install, you should back them up off-device.
2017-04-24 19:31:51 <sigtrm> okay
2017-04-24 19:34:30 <sigtrm> Thanks
2017-04-24 19:41:05 <feuerteufel> cu
2017-04-24 21:57:54 <ryonaloli> <@kaniini> ryonaloli: series question do you actually use alpine
2017-04-24 21:58:28 <ryonaloli> yes. i have a mini-cluster of 15 or so computers. i run alpine on them.
2017-04-24 22:39:29 <kaniini> we were just wondering ;)
2017-04-24 22:50:21 <ryonaloli> thought i was in here to troll or something? :P
2017-04-24 23:23:32 <kaniini> i still think that :)
2017-04-24 23:24:04 <scv> does anybody actually use alpine
2017-04-24 23:24:08 <scv> or do they just take part in the shared experience
2017-04-24 23:24:27 <kpcyrd> we're all here because of docker images, right?
2017-04-24 23:24:42 <scv> because of wut
2017-04-24 23:25:46 <Nobabs27> I do
2017-04-24 23:25:49 <Nobabs27> scv ^
2017-04-24 23:26:02 <Nobabs27> for a server anyway
2017-04-24 23:26:09 <Nobabs27> never used docker once xd
2017-04-24 23:26:22 <scv> the only way to do it
2017-04-24 23:26:42 <Nobabs27> ?
2017-04-24 23:29:28 <darkfader> haha
2017-04-24 23:29:41 <darkfader> so, uh, alpine is in docker because it's quite good
2017-04-24 23:29:47 <darkfader> but docker shows a very small subset
2017-04-24 23:29:58 <scv> what is this docker you folks keep talking about
2017-04-24 23:29:59 <darkfader> so yeah, like, 15% of the awesomeness
2017-04-24 23:30:03 <darkfader> oh
2017-04-24 23:30:06 <darkfader> it's like tar
2017-04-24 23:30:07 <scv>  /s
2017-04-24 23:30:11 <darkfader> :ppp
2017-04-24 23:37:52 <ryonaloli> kaniini: hey, trolls need alpine too!
2017-04-25 01:12:08 <avih> Shiz: do you know if it's intentional that main/apk-tools includes only some of the patches since the last release of the main apk-tools repo?
2017-04-25 01:13:02 <avih> (i'd expect it to either include critical fixes or include all of them, but it doesn't look that way)
2017-04-25 01:14:00 <Shiz> avih: the un-included commits are like a few hours old
2017-04-25 01:14:40 <avih> Shiz: i think it's the other way around. it has recent commits but not older ones
2017-04-25 01:14:57 <Shiz> ?
2017-04-25 01:15:06 <Shiz> aside from the 3 newest ones, it only doesn't have the shorter progress bar one
2017-04-25 01:15:08 <avih> unless i'm looking at it wrongly
2017-04-25 01:15:46 <avih> Shiz: https://git.alpinelinux.org/cgit/aports/log/main/apk-tools shows new patches but not older ones
2017-04-25 01:15:58 <Shiz> im looking at both that and https://git.alpinelinux.org/cgit/apk-tools/log/
2017-04-25 01:16:09 <Shiz> it's missing your patch and the newest 3 ones, right
2017-04-25 01:16:25 <avih> yes. that's the discrepancy i'm talking about
2017-04-25 01:16:33 <Shiz> well
2017-04-25 01:16:38 <avih> (i don't mind. i'm just asking if it's intentional)
2017-04-25 01:16:50 <Shiz> my patch and the 3 newest ones were committed by kaniini who immediately updated the apk-tools abuild with them
2017-04-25 01:16:57 <Shiz> your patch was committed by fabled, who i guess didn't :P
2017-04-25 01:17:09 <avih> :)
2017-04-25 01:17:31 <Shiz> not intentional i think
2017-04-25 01:17:37 <avih> k
2017-04-25 01:21:29 <avih> Shiz: if you don't mind, another question. i noticed recently a lot of llvm updates, but i don't recall that i installed llvm (i may recall wrongly though, i'm not at the machine now). is it an implied dependency of some dev package? i typically use gcc
2017-04-25 01:21:58 <avih> i mean llvm updates after i did apk upgrade.
2017-04-25 01:22:03 <Shiz> may be a dependency of something, that's what # apk info -r llvm is for
2017-04-25 01:22:06 <tmh1999> avih : you can loop through aports/*/APKBUILD to see if there is any llvm deps
2017-04-25 01:22:14 <Shiz> that seems a bit excessive
2017-04-25 01:22:54 <tmh1999> right . haha dumb me
2017-04-25 01:23:39 <avih> :) (i never seem to recall the apk cli options/syntax for anything i don't use frequently... maybe it means i need to use info -r more frequently :p )
2017-04-25 01:24:27 <avih> (and i know the help exists.. but... well.. i'm still baffled sometimes)
2017-04-25 02:07:26 <kaniini> avih: i only backported the patches relevant to the project TemptorSent is working on
2017-04-25 02:07:48 <kaniini> i might tag apk-tools 4.7.1 if fabled doesn't show up within a week :P
2017-04-25 02:07:53 <kaniini> erf 2.7.1
2017-04-25 05:13:38 <vectr0n> ncopa, open-vm-tools is back to crashing as it did before you worked some magic lol https://pastebin.com/FLjXqcGt
2017-04-25 07:23:30 <ScrumpyJack> morning
2017-04-25 07:38:13 <ncopa> vectr0n i think its the RAP feature. i havent had time to look at it
2017-04-25 07:46:35 <dragoonis> Hey!
2017-04-25 07:46:36 <dragoonis> echo '@testing http://nl.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories
2017-04-25 07:46:52 <dragoonis> apk add --no-cache  php5-redis@testing
2017-04-25 07:47:11 <dragoonis> ERROR: unsatisfiable constraints:
2017-04-25 07:47:11 <dragoonis>   php5-redis (missing):
2017-04-25 07:47:11 <dragoonis>     required by: world[php5-redis]
2017-04-25 07:47:21 <dragoonis> Can someone please advise what's happened to this package
2017-04-25 08:54:27 <armin> anyone a clue why i can't open a tap-device on my setup?
2017-04-25 09:03:07 <ncopa> armin maybe you dont have permissions to the /dev/tap device?
2017-04-25 09:19:41 <armin> ncopa: i'm root. :-)
2017-04-25 09:21:07 <ncopa> is the device there?
2017-04-25 09:21:19 <ncopa> did you modprobe the tuntap module?
2017-04-25 09:51:25 <armin> ncopa: thanks, "modprobe tun" solved that.
2017-04-25 10:04:30 <armin> yup that works like a charm
2017-04-25 10:04:32 <armin> <3
2017-04-25 10:34:00 <trfl> on a server with matrox mga-g200, modeset seems to randomly choose either 1024x768 or 1280x1024 on boot. Is there a way to force a particular resolution?
2017-04-25 10:34:12 <trfl> the only google results i can find seem to regard Xorg...
2017-04-25 11:36:49 <ScrumpyJack> anyone using spacefm successfully as a desktop icon manager on AL? seg faults for me on x68_64 and armhf
2017-04-25 11:36:57 <ScrumpyJack> spacefm --desktop
2017-04-25 13:03:01 <consus> Hi guys
2017-04-25 13:03:19 <consus> I'm having trouble running some lua code that depends on lua-crypto
2017-04-25 13:04:55 <consus> Basically it doesn't want to run because of this: https://paste.pound-python.org/show/HNv509RfGA1Yq3zNcS68
2017-04-25 13:05:05 <consus> I'm using alpine v3.5.2 and lua5.2
2017-04-25 13:05:14 <consus> Anyone've seen this?
2017-04-25 13:06:26 <consus> The lua stuff I have installed: https://paste.pound-python.org/show/TPZJlYOcitHQVcDsigNF/
2017-04-25 13:06:59 <clandmeter> consus, did you try apk --update-cache upgrade --available ?
2017-04-25 13:07:38 <consus> Yep
2017-04-25 13:07:39 <consus> Nothing
2017-04-25 13:07:57 <consus> I'm still able to reproduce
2017-04-25 13:08:10 <consus> Maybe I have an outdated mirror, I'll switch to the alpine one
2017-04-25 13:08:47 <consus> Switched to dl-cdn.alpinelinux.org, nothing changes
2017-04-25 13:11:30 <clandmeter> consus, can you paste your repositories file?
2017-04-25 13:11:35 <consus> Sure thing
2017-04-25 13:11:41 <clandmeter> did you mix repo's?
2017-04-25 13:11:46 <consus> No
2017-04-25 13:11:58 <consus> I used to install edge but I removed that stuff already
2017-04-25 13:12:04 <consus> *from edge
2017-04-25 13:12:09 <consus> Only two packages
2017-04-25 13:12:15 <consus> via pkg@edge
2017-04-25 13:12:55 <consus> Worth posting the world file too, right?
2017-04-25 13:15:05 <consus> Sweeet
2017-04-25 13:15:25 <consus> wgetpaste refuses to paste data from /etc/apk/repositories because it's look like spam
2017-04-25 13:15:45 <clandmeter> apk add tpaste :)
2017-04-25 13:16:17 <consus> Done
2017-04-25 13:16:21 <consus> Damn it's slow
2017-04-25 13:16:39 <consus> Ah, stdin
2017-04-25 13:16:40 <consus> http://tpaste.us/xWKv
2017-04-25 13:16:41 <consus> Here
2017-04-25 13:17:09 <consus> http://tpaste.us/yao0
2017-04-25 13:17:10 <consus> World
2017-04-25 13:19:09 <clandmeter> looks good
2017-04-25 13:19:15 <consus> =/
2017-04-25 13:19:30 <consus> I did apk fix -d lua5.2-crypto
2017-04-25 13:19:32 <consus> But no luck
2017-04-25 13:19:39 <consus> Still the same issue
2017-04-25 13:19:51 <consus> Maybe ldd does not see /usr/lib/lua5.2?
2017-04-25 13:20:45 <consus> Since there is no ld.conf.d
2017-04-25 13:22:06 <clandmeter> you are sure you did apk upgrade --available
2017-04-25 13:22:20 <consus> # apk upgrade --available
2017-04-25 13:22:21 <consus> OK: 667 MiB in 165 packages
2017-04-25 13:22:23 <consus> Pretty damn sure
2017-04-25 13:23:26 <clandmeter> do you have a test case i can try?
2017-04-25 13:23:34 <consus> cgit lua filters
2017-04-25 13:23:45 <consus> I may write you a test app if you want
2017-04-25 13:23:52 <consus> Since that will be much easier
2017-04-25 13:23:54 <clandmeter> just a simple lua file
2017-04-25 13:24:00 <consus> Sec
2017-04-25 13:26:01 <consus> Hm
2017-04-25 13:26:06 <consus> Well that's interesting
2017-04-25 13:27:51 <consus> It seems to work from cli
2017-04-25 13:28:30 <consus> But i keep seeing this
2017-04-25 13:28:32 <consus> fatal: Lua error in /usr/lib/cgit/filters/email-gravatar.lua: error loading module 'crypto' from file '/usr/lib/lua/5.2/crypto.so':
2017-04-25 13:28:35 <consus> 	Error relocating /usr/lib/lua/5.2/crypto.so: luaL_checkint: symbol not found
2017-04-25 13:28:38 <consus> Via uwsgi
2017-04-25 13:28:54 <clandmeter> maybe permissions?
2017-04-25 13:28:58 <consus> Nah
2017-04-25 13:29:14 <consus> I checked, it's allowed for this user to reach /usr/lib
2017-04-25 13:29:50 <consus> hmm
2017-04-25 13:30:00 <consus> Maybe that's it
2017-04-25 13:30:46 <consus> lua5.2 knows where to look for lua5.2-*.so
2017-04-25 13:30:54 <consus> And ldd does not
2017-04-25 13:32:08 <consus> So interpreter works fine, but code embedding does not
2017-04-25 13:32:31 <consus> I'll write a simple C program that loads the lua file
2017-04-25 13:35:40 <consus> It's a shame that ldconfig -p does not work =/
2017-04-25 13:35:46 <consus> Would be much easier
2017-04-25 13:36:01 <consus> musl sucks at diagnostics =\
2017-04-25 13:41:56 <consus> luaconf.h wants limits.h
2017-04-25 13:42:02 <consus> but there is no limits.h in /usr/include
2017-04-25 13:42:14 <consus> Ah, musl-dev
2017-04-25 13:45:33 <consus> hm
2017-04-25 13:45:34 <consus> Okay
2017-04-25 13:45:36 <consus> Were we go
2017-04-25 13:46:46 <consus> http://tpaste.us/YnVZ
2017-04-25 13:46:48 <consus> Source code
2017-04-25 13:47:06 <consus> gcc -I/usr/include/lua5.2 -L/usr/lib/lua5.2 -llua -o test test.c
2017-04-25 13:47:11 <consus> How I do compile it
2017-04-25 13:47:30 <consus> The result: https://paste.pound-python.org/show/CbRX43Z8f12ZEBzzPRPP/
2017-04-25 13:47:42 <consus> Exactly the same code compiles very well on my Gentoo box
2017-04-25 13:47:57 <consus> clandmeter:
2017-04-25 14:00:13 <consus> # objdump -T liblua.so | grep luaL_newstat
2017-04-25 14:00:14 <consus> 0000000000017178 g    DF .text	000000000000002b luaL_newstate
2017-04-25 14:00:28 <consus> As you can see there is a symbol
2017-04-25 14:01:29 <clandmeter> ncopa, can you take a look here? ^
2017-04-25 14:01:51 <ncopa> hi
2017-04-25 14:02:00 <ncopa> whatsup
2017-04-25 14:02:10 <consus> I'm whining again xD
2017-04-25 14:02:16 <consus> lua this time
2017-04-25 14:03:21 <ncopa> the ldd thingy
2017-04-25 14:03:23 <ncopa> is normal
2017-04-25 14:03:35 <ncopa> ldd /path/to/luamodule.so
2017-04-25 14:03:40 <ncopa> will show errors
2017-04-25 14:03:56 <consus> The thing is -- it does not compile
2017-04-25 14:04:02 <consus> That's what bothers me
2017-04-25 14:04:10 <ncopa> what is the error?
2017-04-25 14:04:15 <consus> https://paste.pound-python.org/show/CbRX43Z8f12ZEBzzPRPP/
2017-04-25 14:04:21 <consus> code: http://tpaste.us/YnVZ
2017-04-25 14:04:28 <consus> command: gcc -I/usr/include/lua5.2 -L/usr/lib/lua5.2 -llua -o test test.c
2017-04-25 14:04:45 <consus> The very same code compiles on Gentoo
2017-04-25 14:05:46 <consus> I encountered this error while trying to install some lua: hook in cgit
2017-04-25 14:06:16 <consus> I saw this error in log files -- fatal: Lua error in /usr/lib/cgit/filters/email-gravatar.lua: error loading module 'crypto' from file '/usr/lib/lua/5.2/crypto.so':
2017-04-25 14:06:29 <consus> Error relocating /usr/lib/lua/5.2/crypto.so: luaL_checkint: symbol not found
2017-04-25 14:06:52 <ncopa> do you have the test.c?
2017-04-25 14:07:03 <consus> Yes, I posted it
2017-04-25 14:07:09 <consus> 17:03 < consus> code: http://tpaste.us/YnVZ
2017-04-25 14:13:40 <consus> Any thoughts?
2017-04-25 14:13:42 <ncopa> consus: try: gcc -I /usr/include/lua5.2 -L /usr/lib/lua5.2 -o test test.c -llua
2017-04-25 14:14:02 <consus> Hm
2017-04-25 14:14:05 <consus> It works
2017-04-25 14:14:33 <consus> It's that gcc optimization, right? -Wlas-needed?
2017-04-25 14:15:15 <consus> Okay, so now I have to find out what's wrong with cgit =/
2017-04-25 14:15:16 <ncopa> yeah i think its --as-needed
2017-04-25 14:15:30 <ncopa> what lua version is cgit linked against?
2017-04-25 14:15:31 <consus> Because it still doesn't work
2017-04-25 14:15:40 <consus> 5.2 I guess
2017-04-25 14:15:50 <ncopa> double check that
2017-04-25 14:15:59 <consus> I installed it from edge
2017-04-25 14:16:03 <ncopa> readelf -d /usr/bin/cgit or what it is
2017-04-25 14:16:06 <consus> It was built against 5.3
2017-04-25 14:16:12 <consus> So installed 5.3 as well
2017-04-25 14:16:16 <ncopa> that might explain
2017-04-25 14:16:27 <ncopa> you might port the module to 5.3
2017-04-25 14:16:38 <consus> There is a pacakged for that
2017-04-25 14:16:42 <consus> lua5.3-crypto
2017-04-25 14:16:50 <consus> I installed it along with lua5.3-libs
2017-04-25 14:17:15 <ncopa> error loading module 'crypto' from file '/usr/lib/lua/5.2/crypto.so':
2017-04-25 14:17:22 <ncopa> looks like it picks wrong?
2017-04-25 14:17:25 <ncopa> says 5.2
2017-04-25 14:17:26 <consus> That was my handbuild
2017-04-25 14:17:31 <consus> Against 5.
2017-04-25 14:17:34 <consus> *Against 5.2
2017-04-25 14:17:45 <consus> I built my own cgit from source in order to check it against 5.2
2017-04-25 14:18:08 <consus> Okay, I guess it would be easier to install edge and check there
2017-04-25 14:18:41 <consus> Since you guys want to release 3.6 anyway it would be nice to check this
2017-04-25 14:19:18 <consus> Are there edge installers or do I have to upgrade from 3.5?
2017-04-25 14:19:56 <ncopa> https://www.lua.org/manual/5.3/manual.html#8.3
2017-04-25 14:20:06 <ncopa> Macros to project non-default integer types (luaL_checkint, luaL_optint, luaL_checklong, luaL_optlong) were deprecated.
2017-04-25 14:20:54 <consus> Deprecated or removed?
2017-04-25 14:20:54 <ncopa> consus: its very easy to do it with docker if you have that
2017-04-25 14:21:04 <ncopa> docker run --rm -it alpine:edge
2017-04-25 14:21:04 <consus> Nah, it's a vm
2017-04-25 14:21:16 <ncopa> you can upgrade from 3.5
2017-04-25 14:21:18 <consus> Seems I only have to edit repos
2017-04-25 14:21:21 <consus> and run upgrade
2017-04-25 14:21:24 <consus> https://wiki.alpinelinux.org/wiki/Edge
2017-04-25 14:21:25 <ncopa> yeah
2017-04-25 14:21:27 <ncopa> apk ugprade -U -a
2017-04-25 14:21:28 <consus> If this article is accurate
2017-04-25 14:21:51 <ncopa> yeah
2017-04-25 14:22:09 <consus> Cooll, will be back in several minutes
2017-04-25 14:23:14 <consus> Also what lua-crypto is for?
2017-04-25 14:23:27 <consus> It's not a virtual and it seems to be empty
2017-04-25 14:38:42 <dethos> Hello, while building a container that uses an alphine image, i'm getting the following error when I try to install a ruby gem (nio4r): "checking for unistd.h... *** extconf.rb failed ***". I guess some package is missing, but I'm not sure which one. Does anyone know how could I solve this?
2017-04-25 14:47:37 <clandmeter> musl-dev?
2017-04-25 14:48:41 <clandmeter> but i would add build-base instead
2017-04-25 14:57:21 <consus> ncopa: You were right
2017-04-25 14:57:48 <consus> ncopa: There is no luaL_checkint symbol in lua5.3
2017-04-25 15:01:45 <consus> The project seems daed but there is a fork luacrypto-ng
2017-04-25 15:37:47 <tw> How do I newgrp without dipping into edge? I need to change my egid as an unprivileged user to another one of the user's groups.
2017-04-25 15:38:36 <Kachel> Will there be lxqt support on Alpine?
2017-04-25 15:47:51 <ncopa> Kachel probably not for 3.6
2017-04-25 17:03:50 <vectr0n> ncopa, okie did you need to report it anywhere? or was mentioning it here good enough?
2017-04-25 17:11:00 <ncopa> vectr0n sorry, i have forgotten what it was about?
2017-04-25 17:11:21 <vectr0n> open-vm-tools crashing again, you mentioned could be something with RAP you hadnt had time to look yet
2017-04-25 17:11:54 <vectr0n> https://pastebin.com/FLjXqcGt
2017-04-25 17:31:12 <ncopa> vectr0n maybe file a bug on bugs.alpinelinux.org
2017-04-25 17:31:21 <ncopa> i will forget otherwise
2017-04-25 17:31:28 <ncopa> thanks
2017-04-25 17:37:52 <vectr0n> ncopa, np :)
2017-04-25 19:14:04 <klaxa> are there any plans to get php7 >= 7.0.17 into a future 3.5 release? (i know this is quite specific)
2017-04-25 19:14:55 <klaxa> my situation is as follows: i'm using a docker image based on 3.5 and php7 7.0.16 is just one patch level shy of supporting randomness functions on kernel <= 3.16
2017-04-25 19:15:42 <klaxa> not really a usecase for regular users as 4.4.52 is used...
2017-04-25 19:16:05 <darkfader> i don't think anyone will object the bump
2017-04-25 19:16:25 <darkfader> can oyu go to bugs.alpinelinux.org and open a request or whatever looks most suited
2017-04-25 19:16:38 <klaxa> alright thanks for pointing me in the right direction!
2017-04-25 19:17:33 <klaxa> oh, there is already a different bugreport that could potentially offset my issue
2017-04-25 19:18:19 <klaxa> quite orthogonal to my problem, but if nginx would properly install on alpine:edge that would possibly eliminate the need for php 7.0.17 for me
2017-04-25 19:18:24 <klaxa> i'll just subscribe to that one
2017-04-25 19:19:32 <klaxa> and there is also an issue for php 7.1.X for 3.5.3
2017-04-25 19:19:42 <klaxa> i guess i'll have to live without that container for a while...
2017-04-25 19:25:21 <klaxa> it's nice living in dependency hell, cozy and hot...
2017-04-25 19:25:24 <klaxa> have a good one!
2017-04-25 21:24:12 <newbie|3> hi there! ... I'm porting our build system to Alpine. We use ASAN for our unit tests. But I cannot see libasan.so in a package. Is it not supported on Alpine?
2017-04-25 21:27:01 <TBB> not ported so far, I guess; an exhaustive package contents search at pkgs.alpinelinux.org didn't find anything like that
2017-04-25 21:29:44 <newbie|3> But libasan.a and libtsan.a is listed here .... https://git.alpinelinux.org/cgit/aports/tree/main/gcc/APKBUILD#n343
2017-04-25 21:30:22 <newbie|3> Maybe it is just forgotten in "configure"??
2017-04-25 21:34:09 <newbie|3> something like this on ArchLinux: https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/gcc#n190
2017-04-25 21:34:48 <newbie|3> https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/gcc#n119
2017-04-25 21:43:11 <TBB> I wouldn't be surprised; that's an APKBUILD from hell
2017-04-25 21:44:12 <Shiz> i wonder if asan/tsan even work with musl
2017-04-25 23:35:49 <vectr0n> do all the isos require a inet connection to complete?
2017-04-26 00:12:01 <Shiz> vectr0n: no
2017-04-26 00:14:19 <vectr0n> ive tried a few with no luck, what one can be installed w/o internet access? stupid ovh and their failover ips lol
2017-04-26 00:16:43 <vectr0n> better question.. if networking is configured before setup-alpine will the installer know that and skip the ip/subnet/gw/etc?
2017-04-26 00:30:57 <Shiz> i think it will, eys
2017-04-26 00:31:10 <Shiz> i dont think you need internet access at all to install
2017-04-26 00:38:37 <vectr0n> all 3 isos ive tried so far do, when you get to the ssh and ntp options, fails to install
2017-04-26 00:45:01 <Shiz> vectr0n: simply select none for ssh and busybox for ntp
2017-04-26 00:45:15 <vectr0n> but i dont want to ;p
2017-04-26 00:45:19 <vectr0n> so i will try bringing networking up first
2017-04-26 00:45:30 <vectr0n> thx for the tips/info :)
2017-04-26 00:46:55 <Shiz> (which isos did you try, btw?)
2017-04-26 02:25:56 <vectr0n> Shiz, standard, vanilla, and virtual
2017-04-26 02:26:09 <Shiz> i think -extended may have helped you better
2017-04-26 02:26:12 <Shiz> lol
2017-04-26 02:26:36 <vectr0n> "Runs from RAM" doesnt really fit my environment tho lol
2017-04-26 02:27:09 <Xe> vectr0n: the standard iso doesn't netinstall
2017-04-26 02:27:27 <vectr0n> well when you want the non-default ssh/ntp.. sure do it seems
2017-04-26 02:27:35 <Xe> yeah
2017-04-26 02:27:43 <Xe> the default packages are baked into the standard iso
2017-04-26 02:27:50 <vectr0n> i know now..
2017-04-26 02:27:50 <Shiz> vectr0n: i mean they all run from RAM
2017-04-26 02:27:52 <Shiz> if you want to
2017-04-26 02:27:59 <Shiz> its a bit of a weird description since it's not a difference
2017-04-26 02:28:02 <Shiz> -extended just has more packages on-iso
2017-04-26 02:28:05 <Shiz> that's the only difference
2017-04-26 02:28:13 <vectr0n> so its a dual type thing? maybe the desc should be updated a bit lol, super confusing
2017-04-26 02:28:17 <Shiz> you can still do a regular old sys install with it
2017-04-26 02:28:23 <Shiz> yeah every alpine iso can be installed to disk or setup to run from ram
2017-04-26 02:28:37 <vectr0n> ok makes more sense now :)
2017-04-26 02:28:56 <Xe> vectr0n: wait i'm a moron, they made the old "standard" into the new extended
2017-04-26 02:28:59 <Xe> you want extended
2017-04-26 02:29:03 <Shiz> :p
2017-04-26 02:29:15 <vectr0n> nah to bring up networking first is the easier lol
2017-04-26 02:29:20 <vectr0n> easiest*
2017-04-26 02:29:28 <Xe> ya
2017-04-26 02:29:35 <vectr0n> anyone who has used ovh over the years will understand, lol
2017-04-26 02:29:40 <vectr0n> and i dont have a box w/ nat on the host
2017-04-26 02:29:52 <Xe> i use ovh for my main personal server
2017-04-26 02:29:56 <Xe> trust me i know the pain
2017-04-26 02:30:00 <vectr0n> i have a whole bunch lol
2017-04-26 02:30:00 <Shiz> i use online.net
2017-04-26 02:30:02 <vectr0n> ew
2017-04-26 02:30:03 <Shiz> i know the pain too
2017-04-26 02:30:08 <vectr0n> ya its the same
2017-04-26 02:30:36 <vectr0n> gets frustrating after awhile for some things, even after years and years of using them lol
2017-04-26 02:30:43 <vectr0n> thx guys/gals for more info :) lol
2017-04-26 02:30:48 <Xe> np
2017-04-26 02:30:52 <Shiz> dont get me started on ipv6...
2017-04-26 02:31:05 <vectr0n> theirs really SUCKS
2017-04-26 02:31:16 <Xe> Shiz: you ain't had an ipv6 headache until you've had a comcast ipv6 headache
2017-04-26 02:31:39 <vectr0n> ok i agree on that, have some friends on the us on comcast.. lol
2017-04-26 02:31:40 <Xe> it's the kind of insanity where you have to use intentionally wrong settings to get it to work
2017-04-26 02:31:52 <vectr0n> in*
2017-04-26 02:32:03 <vectr0n> im glad rogers (canada) is fully native and works as expected lol
2017-04-26 02:32:10 <Shiz> at least you've got domestic ipv6....
2017-04-26 02:32:15 <vectr0n> even the cell towers are native v6
2017-04-26 02:32:16 <Shiz> i'm still stuck with a HE tunnel
2017-04-26 02:32:33 <Xe> vectr0n: ipv6 being the only supported ip stack on LTE kinda forced this
2017-04-26 02:32:44 <Xe> most carriers do 6to4
2017-04-26 02:33:14 <vectr0n> i was surprised they did real native v6 on the cell network
2017-04-26 02:33:20 <Xe> yeah
2017-04-26 02:33:31 <Xe> probably only because the standards mandated it hard stop lol
2017-04-26 02:33:46 <vectr0n> lol
2017-04-26 02:34:18 <vectr0n> it was only a day or two once the "landlines" got v6 that the cell towers got it as well (and makes sense totally)
2017-04-26 03:01:15 <kvda> yo how do i change the keyboard layout?
2017-04-26 03:01:42 <Shiz> setup-keymap
2017-04-26 05:37:53 <luxio> Xe: Anything on Tor yet?
2017-04-26 05:38:12 <Xe> i have been on a buisiness trip
2017-04-26 05:38:22 <luxio> ah
2017-04-26 07:11:06 <ScrumpyJack> morning climbers
2017-04-26 10:05:30 <xsteadfastx> is thre a way to abort udhcpc on boot? it looks like it never times out and tries and tries and tries to obtain a ip of eth0 (which is not connected)
2017-04-26 10:37:23 <ryonaloli> https://grsecurity.net/passing_the_baton.php grsecurity closed
2017-04-26 10:37:26 <ryonaloli> (private)
2017-04-26 10:37:31 <ryonaloli> rip
2017-04-26 10:53:04 <xsteadfastx> what package do i need to install to get lbu?
2017-04-26 10:53:22 <_ikke_> ahttps://pkgs.alpinelinux.org/contents?file=lbu&path=&name=&branch=&repo=&arch=
2017-04-26 11:06:13 <Shiz> ryonaloli: aaand they removed the testing patch
2017-04-26 11:08:27 <xsteadfastx> _ikke_: thanks
2017-04-26 11:09:01 <xsteadfastx> the docs for the rpi are wrong about lbu... when following the docs the cache is on a read only partition
2017-04-26 11:17:15 <itsfemme[m]> Shiz: get it from a scraper on github
2017-04-26 11:29:36 <Shiz> already done so
2017-04-26 11:29:39 <Shiz> it's still a shitty move
2017-04-26 11:38:31 <itsfemme[m]> Shiz: https://grsecurity.net/~spender/grsecurity-3.1-4.9.24-201704252333.patch
2017-04-26 11:38:43 <itsfemme[m]> still up there
2017-04-26 11:39:23 <Shiz> that's something i guess
2017-04-26 11:39:33 <Shiz> although something tells me you had to be in the grsec irc to know that one
2017-04-26 12:02:38 <_ikke_> xsteadfastx: probably because the fs is iso9660?
2017-04-26 12:03:54 <xsteadfastx> _ikke_: its fat32
2017-04-26 12:04:55 <xsteadfastx> ah ok... sorry
2017-04-26 12:04:59 <xsteadfastx> there is a wiki article about it
2017-04-26 12:05:02 <xsteadfastx> my bad
2017-04-26 12:20:38 <xsteadfastx> i cant get openssh working with root account on a fresh alpine
2017-04-26 12:20:47 <xsteadfastx> it tells me the root account is expired
2017-04-26 12:20:55 <xsteadfastx> but i cant find anything about it online
2017-04-26 12:21:17 <Shiz> have you set PermitRootLogin to yes or key-only (or whatever it was)
2017-04-26 12:22:09 <IcePic> expired doesnt sound like an sshd_config thing, rather something in the passwd or pam
2017-04-26 12:22:42 <IcePic> ssh will only ever say "you cant get in" or let you in, it won't tell you why you wont get in at a certain time.
2017-04-26 12:23:56 <xsteadfastx> ok but PermitRootLogin yes did the job
2017-04-26 12:24:05 <xsteadfastx> but still strange /v/l/m message
2017-04-26 12:24:47 <IcePic> where did you see "account is expired", the sshd logs or on the client side?
2017-04-26 12:25:55 <xsteadfastx> server side
2017-04-26 13:42:42 <Sofia__> Hello, Are CoreOS and Alpine Linux comparable ?
2017-04-26 13:44:09 <_ikke_> comparable in what way?
2017-04-26 13:48:06 <Sofia__> @_ikke_: in any way, but specially as a linux distro. Because I was need to create some environment to deploy docker containers. I gave a go to CoreOS and now I was looking for alternatives
2017-04-26 13:48:31 <IcePic> and what should that alternative bring?
2017-04-26 13:48:43 <IcePic> or remove, for that matter
2017-04-26 13:48:58 <Sofia__> ease of use, I found CoreOS super difficult
2017-04-26 13:49:38 <Shiz> coreos and alpine differ in a number of ways
2017-04-26 13:49:46 <Shiz> in my opinion, CoreOS is not actually particularly light
2017-04-26 13:50:03 <Shiz> it also doesn't seem to have particular interest in security, but that may be my lack of research
2017-04-26 13:50:12 <Shiz> and well... alpine has a package manager :P
2017-04-26 13:50:42 <Shiz> Sofia__: if you're asking whether you can use alpine for a container host system, yes, you can do that just fine
2017-04-26 13:50:46 <Shiz> in fact, that is one of my deployments of it
2017-04-26 13:51:22 <Sofia__> Shiz: well yes, but I wonder whether CoreOS or Alpine Linux is better
2017-04-26 13:51:33 <Sofia__> (this is going to be to sell docker hosting)
2017-04-26 13:51:41 <Shiz> well you're asking the salesman here :P
2017-04-26 13:51:54 <Shiz> in my opinion alpine is vastly better, but you may get better commercial support with CoreOS
2017-04-26 13:52:28 <_ikke_> right, alpine does not have a support team available
2017-04-26 13:52:37 <Sofia__> Shiz: Probably yes since they charge between 5.000 and 10.000 USD a day of training hahah
2017-04-26 13:52:46 <Sofia__> but I can not afford that
2017-04-26 13:53:08 <_ikke_> alpine imo is pretty simple
2017-04-26 13:53:13 <Shiz> brb
2017-04-26 13:53:31 <Sofia__> do you use alpine with kubernetes ?
2017-04-26 14:00:47 <Shiz> not personally, but I know it's packaged :)
2017-04-26 14:00:52 <Shiz> I run straight Docker myself
2017-04-26 14:01:18 <Sofia__> Shiz, but how many containers do you have to manage at the same itme ?
2017-04-26 14:01:20 <Sofia__> *time
2017-04-26 14:01:56 <Shiz> currently running about 20, it's a personal Docker host, not a public service
2017-04-26 14:02:10 <Shiz> so my use case is somewhat different
2017-04-26 14:05:49 <kahiru> hey, how would I go about creating an initramfs for another arch?
2017-04-26 14:14:12 <Shiz> kahiru: don't think that's really possible right now as it simply copies files from the host
2017-04-26 14:14:37 <Shiz> kahiru: you might be able to cross-install alpine packages into a chroot and pass that as the -b argument to mkinitfs
2017-04-26 14:14:41 <Shiz> no guarantees though :)
2017-04-26 14:15:13 <kahiru> hmm, sounds doable
2017-04-26 14:16:54 <kahiru> some background: I'm trying to get alpine working on odroid c2 which requires 3.14.something kernel with loads of patches from hardkernel. So I guess I could run another distro on it, set up alpine chroot, copy the current kernel and its modules and generate the initramfs there and then try booting it
2017-04-26 14:17:49 <Shiz> kahiru: i'll get something for you in a sec
2017-04-26 14:17:52 <Shiz> it's not actually that hard turns out
2017-04-26 14:17:54 <Shiz> :P
2017-04-26 14:19:12 <kahiru> O.o
2017-04-26 14:21:52 <Shiz> kahiru: https://txt.shiz.me/N2QxYTk3OT
2017-04-26 14:21:55 <Shiz> something like this should work
2017-04-26 14:22:15 <Shiz> make chroot, init apk database, copy over repos and keys, update apk database, add base files
2017-04-26 14:22:53 <kahiru> well, it still needs the custom kernel and its modules need to be in the initramfs, right?
2017-04-26 14:23:13 <Shiz> you can copy over /lib/modules to that chroot
2017-04-26 14:24:07 <Shiz> the kernel isn't needed as file
2017-04-26 14:24:15 <kahiru> right
2017-04-26 14:56:33 <kahiru> Shiz: if you take let's say the rpi image, how is the /boot/apks generated? Is it just the output of apk cache?
2017-04-26 15:58:41 <armin> so what's a good way to ensure a custom VPN daemon i installed is always running (e.g. restart it when it dies)? i consider supervisord to be a good pointer here, but is there something even easier maybe?
2017-04-26 15:59:23 <kahiru> never used supervisord, but I occasionally use s6 if I need something being kept alive
2017-04-26 15:59:34 <armin> what's s6? any pointers?
2017-04-26 15:59:53 <kahiru> this suite http://www.skarnet.org/software/s6/
2017-04-26 16:00:00 <armin> okeh.
2017-04-26 16:01:19 <armin> ok supervisord doesn't seem like the worst at least. :)
2017-04-26 16:01:53 <armin> also the fact that s6 supports socket activation scares me.
2017-04-26 16:02:25 <kahiru> well, noone forces you to use all of its parts :)
2017-04-26 16:03:06 <arch3y> Id use something like monit for that but just a preference of mine
2017-04-26 16:03:21 <armin> i admit there was some irony to this. :)
2017-04-26 16:04:21 <arch3y> lol love the securitybreaches page on skarnet
2017-04-26 16:04:54 <arch3y> I guess s6 would replace daemontools
2017-04-26 16:20:23 <BitL0G1c> armin - openrc also has supervise-daemon built in - nginx-naxsi / elasticsearch / logstash use it
2017-04-26 16:21:12 <BitL0G1c> I've started switching from runit to supervise-daemon - it also works for exim
2017-04-26 16:27:31 <kahiru> BitL0G1c: any docs on that?
2017-04-26 16:28:23 <BitL0G1c> yes hold on
2017-04-26 16:29:25 <BitL0G1c> kahiru - see https://github.com/OpenRC/openrc/blob/1edb5f6fd9c4827e5d4ed5c854bc322ba8a7df73/supervise-daemon-guide.md
2017-04-26 16:32:08 <BitL0G1c> kahiru - see also https://github.com/itoffshore/aports/blob/master/testing/nginx-naxsi/nginx.initd
2017-04-26 16:38:14 <armin> BitL0G1c: consider me a noob, what's nginx-naxsi? would i get an initscript that uses that functionality when doing an "apk add nginx" so i can crib how to implement that for my own daemons?
2017-04-26 16:39:16 <armin> oh you just pasted 2 links about that.
2017-04-26 16:39:23 <armin> BitL0G1c: thanks!
2017-04-26 16:39:27 <BitL0G1c> nginx doesn't use it - nginx-naxsi is my version in testing - it does not disable PaX
2017-04-26 16:39:36 <BitL0G1c> np
2017-04-26 16:41:54 <armin> ok so from what i see, supervise-daemon is already installed by default on a fresh alpine installation so i could just write my own initscript that makes use of it, right?
2017-04-26 16:42:12 <armin> that seems quite convenient and i don't even have to fiddle around with supervisord.
2017-04-26 18:42:57 <vectr0n> when it comes to net-snmp and grsec, its clearly not grabbing all the info due to some of the grsec protections, without recompiling the kernel to add the snmpd user in the grsec part, is there another way?
2017-04-26 18:44:08 <consus> There is a vanilla kernel in Alpine
2017-04-26 18:44:26 <_ikke_> Isn't there a group you can add the snmpd user too to give it more access?
2017-04-26 18:44:44 <vectr0n> consus, im aware, dont want it
2017-04-26 18:45:03 <consus> There is a procfs setup
2017-04-26 18:45:05 <consus> AFAIR
2017-04-26 18:45:06 <vectr0n> _ikke_, not sure how the kernel was compiled or where to look for the options it uses
2017-04-26 18:45:18 <_ikke_> Me neither
2017-04-26 18:45:20 <vectr0n> i know in the past on deb ive had to recompile a grsec kernel to exempt the snmp user
2017-04-26 18:45:41 <vectr0n> ill keep digging, ty :)
2017-04-26 18:45:52 <consus> https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#GID_exempted_from_.2Fproc_restrictions_2
2017-04-26 18:45:55 <consus> Here
2017-04-26 18:45:59 <consus> This GID may also be chosen at boot time
2017-04-26 18:45:59 <consus> via "grsec_proc_gid=" on the kernel commandline.
2017-04-26 18:46:18 <consus> The group you select may also be chosen at boot time
2017-04-26 18:46:18 <consus> via "grsec_proc_gid=" on the kernel commandline.
2017-04-26 18:46:19 <vectr0n> all depends on the kernel compile options..
2017-04-26 18:46:35 <_ikke_> there is the readproc group
2017-04-26 18:46:47 <consus> Yes
2017-04-26 18:46:51 <consus> # grep GRKERNSEC_PROC_USERGROUP /boot/config-grsec
2017-04-26 18:46:52 <consus> CONFIG_GRKERNSEC_PROC_USERGROUP=y
2017-04-26 18:47:02 <consus> And this option is enabled in Alpine kernel
2017-04-26 18:47:11 <vectr0n> sorry im not as advanced as you.
2017-04-26 18:47:18 <consus> So there is absolutely no need to recompile the kernel
2017-04-26 18:47:30 <_ikke_> addgroup snmpd readproc
2017-04-26 18:47:44 <consus> Yes
2017-04-26 18:47:49 <consus> _ikke_ is right
2017-04-26 18:47:55 <vectr0n> _ikke_, i will give that a try, ty
2017-04-26 18:48:22 <consus> BTW
2017-04-26 18:48:50 <consus> grsec folks realeased a communique today
2017-04-26 18:48:56 <_ikke_> yes,
2017-04-26 18:48:59 <_ikke_> has been linked here
2017-04-26 18:49:12 <consus> So any roadmap on this?
2017-04-26 18:49:34 <_ikke_> consus: iirc, alpine well no longer use grsec
2017-04-26 18:49:56 <_ikke_> will*
2017-04-26 18:50:02 <dalias> good riddance
2017-04-26 18:50:28 <kpcyrd> is there nobody who feels like maintaining it?
2017-04-26 18:50:40 <consus> There is another way around this
2017-04-26 18:50:52 <consus> Someone large enough could just buy a subscription
2017-04-26 18:50:57 <consus> And then share the code
2017-04-26 18:51:20 <consus> I heard that Gentoo folks are considering this
2017-04-26 18:51:31 <_ikke_> consus: when they share the code, they loose access
2017-04-26 18:51:48 <consus> =/
2017-04-26 18:51:50 <kpcyrd> _ikke_: ehm, isn't this GPL after all?
2017-04-26 18:51:57 <consus> Well
2017-04-26 18:51:59 <consus> You got the code
2017-04-26 18:52:00 <consus> :D
2017-04-26 18:52:16 <consus> The one you paid for
2017-04-26 18:52:45 <_ikke_> Right, but you want to be able to use newer kernels
2017-04-26 18:52:55 <consus> Yep
2017-04-26 18:52:59 <consus> So no sharing
2017-04-26 18:53:01 <consus> A shame
2017-04-26 18:53:25 <consus> What a wonderful day to migrate my infrastructure to alpine -_____-
2017-04-26 18:53:42 <kpcyrd> in theorey somebody who knows how to write kernel patches could try to upstream some of the patches of the existing patchset so at least those aren't lost
2017-04-26 18:53:56 <consus> Eh
2017-04-26 18:54:02 <consus> They had 16 years to do it
2017-04-26 18:54:11 <consus> And AFAIR they've tried a lot
2017-04-26 18:54:11 <_ikke_> kpcyrd: I think the reason why grsec exists is because the main kernel did not accept these kinds of patches
2017-04-26 18:54:13 <kpcyrd> yeah, but now is a good day to retry
2017-04-26 18:54:20 <consus> No
2017-04-26 18:54:27 <consus> Who will maintain it?
2017-04-26 18:54:43 <consus> The kernel guys?
2017-04-26 18:55:00 <consus> It's like reiser4 thing
2017-04-26 18:55:00 <kpcyrd> well, so openbsd it is then?
2017-04-26 18:55:13 <consus> I use it on routers
2017-04-26 18:55:17 <consus> Works for me
2017-04-26 18:55:31 <consus> The best OS for a router/vpn in my experience
2017-04-26 18:56:12 <consus> And since they now have sysupdate... :D
2017-04-26 18:56:48 <consus> There is m:tier of course, but it's nice to have native stuff
2017-04-26 18:56:50 <kpcyrd> half my devices run grsec, I don't really feel like migrating back to vanilla and openbsd is the only alternative
2017-04-26 18:58:56 <kpcyrd> another idea: some of those linux foundations take some money and buy an extra pricey grsec subscription that allows distribution?
2017-04-26 18:59:16 <consus> Do they have one?
2017-04-26 18:59:20 <koollman> probably cheaper to integrate part of the code :)
2017-04-26 19:00:27 <dalias> <@_ikke_> consus: when they share the code, they loose access
2017-04-26 19:00:49 <dalias> if that happens to anyone, there'll be a giant lawsuit and the asshats at grsec will be pummeled
2017-04-26 19:01:14 <consus> Why?
2017-04-26 19:01:27 <dalias> because it's infringing the terms of the gpl
2017-04-26 19:01:31 <consus> Really?
2017-04-26 19:01:33 <consus> How?
2017-04-26 19:01:33 <dalias> yes
2017-04-26 19:01:43 <dalias> imposing additional requirements
2017-04-26 19:02:06 <consus> Well I need to consult a lawyer
2017-04-26 19:02:20 <dalias> you can't get around that just by making the additional requirements silent threats that aren't written down
2017-04-26 19:02:48 <dalias> "of course you have your rights under the gpl, but if you exercise them we'll stop doing business with you" is not going to fly
2017-04-26 19:03:09 <kpcyrd> let's ask rms about this
2017-04-26 19:03:27 <dalias> there's no need to ask on a case by case basis
2017-04-26 19:03:35 <consus> hmm
2017-04-26 19:03:36 <dalias> this kind of threat was discussed 3 decades ago
2017-04-26 19:03:45 <consus> You have a link?
2017-04-26 19:03:58 <koollman> dalias: that's what redhat does, and have been doing for quite a while
2017-04-26 19:04:03 <dalias> not offhand, i'd have to dig up stuff
2017-04-26 19:04:10 <dalias> koollman, no
2017-04-26 19:04:33 <kpcyrd> koollman: isn't redhat all about support only?
2017-04-26 19:04:40 <dalias> that's utter misrepresentation
2017-04-26 19:04:47 <_ikke_> how does GPL work if you aren't offering any product? just code..
2017-04-26 19:05:04 <_ikke_> (patches)
2017-04-26 19:05:11 <kpcyrd> _ikke_: isn't the gpl all about code?
2017-04-26 19:05:18 <consus> not exactly
2017-04-26 19:05:24 <consus> It covers stuff like distribution
2017-04-26 19:05:24 <koollman> now I have to dig up stuff to back my claim
2017-04-26 19:05:34 <dalias> koollman, or just admit that it was wrong
2017-04-26 19:05:39 <koollman> https://lwn.net/Articles/431854/ and https://lwn.net/Articles/432012/
2017-04-26 19:06:07 <koollman> old. but relevant. when the policy changed to "some of our modifications are really just for us and our customers"
2017-04-26 19:06:08 <kpcyrd> consus: yeah, but due to copy left the GPL applies to their patches
2017-04-26 19:06:26 <consus> Of course
2017-04-26 19:06:28 <consus> BUT
2017-04-26 19:06:50 <_ikke_> kpcyrd: from what I understood is that GPL requires you to provide the code to the users of the code, you are not required to make it generally available
2017-04-26 19:06:56 <consus> They share the code with you. No additional restrictions. Yout paid -> here the code.
2017-04-26 19:07:12 <dalias> koollman, the first of those links does not back up your claim at all; rather it refutes it
2017-04-26 19:07:18 <consus> And I have no idea about support cancellation
2017-04-26 19:07:25 <dalias> moreover..
2017-04-26 19:07:26 <consus> I really need to consult my lawyers
2017-04-26 19:07:30 <koollman> dalias: it makes an argument about why redhat is wrong in their move
2017-04-26 19:07:41 <koollman> dalias: implying they did
2017-04-26 19:07:56 <kpcyrd> _ikke_, consus: that made sense at first, but I think dalias has a very good point with "imposing additional requirements"
2017-04-26 19:08:14 <dalias> even what RH does shipping a giant tarball of source with no documentation of which patches are applied and how is likely infringing
2017-04-26 19:08:20 <_ikke_> "merely because the GPL is silent on whether or not you must keep someone as your customer""
2017-04-26 19:08:28 <dalias> because GPL requires that you document the date and authorship of _each change_
2017-04-26 19:08:37 <koollman> dalias: absolutely correct. Yet, redhat is still happily around
2017-04-26 19:08:53 <dalias> because kernel folks don't care about strict enforcement of minor details
2017-04-26 19:09:05 <vectr0n> _ikke_, thx your suggestion worked perfectly :)
2017-04-26 19:09:06 <dalias> that's why the busybox lawsuits happened
2017-04-26 19:09:42 <dalias> because busybox was the wedge that could be used on vendors when kernel copyright holders refused to go after infringement
2017-04-26 19:10:02 <koollman> dalias: so ... how is that different from another set of kernel patches (grsecurity/pax) ?
2017-04-26 19:10:06 <dalias> just because someone is infringing doesn't necessarily mean they'll be forced to stop; the copyright holders have to care
2017-04-26 19:10:49 <kpcyrd> _ikke_: I think you need a good reason to cancel a subscription somebody paid for?
2017-04-26 19:11:00 <dalias> making effectively closed-source derivatives where you threaten your customers into not exercising their rights is a lot different, and more likely to be litigated, than just failing to document changes in exactly the way gpl said you need to
2017-04-26 19:11:38 <consus> Errr
2017-04-26 19:11:43 <consus> Nobody threatens anyone
2017-04-26 19:11:47 <dalias> yes they do
2017-04-26 19:11:53 <consus> Err
2017-04-26 19:11:53 <consus> No
2017-04-26 19:12:08 <_ikke_> kpcyrd: depends on the contract I guess
2017-04-26 19:12:13 <dalias> the claim is that there's an implicit threat you'll no longer be able to get grsec (contract not renewed) if you release the source
2017-04-26 19:12:14 <kpcyrd> _ikke_: you mean the GPL?
2017-04-26 19:12:22 <dalias> that is a threat
2017-04-26 19:12:29 <dalias> and it's a clear gpl violation
2017-04-26 19:12:54 <consus> Again, what part? It does not impose additional restriction on getting the code.
2017-04-26 19:12:59 <dalias> the gpl requires you to make parties who receive copies from you fully aware of their rights under the gpl and not to impede their ability to exercise those rights
2017-04-26 19:13:06 <consus> It imposing additional restriction on getting the next release
2017-04-26 19:13:14 <dalias> no
2017-04-26 19:13:18 <consus> How so?
2017-04-26 19:13:52 <dalias> "You may not impose any further
2017-04-26 19:13:52 <dalias> restrictions on the recipients' exercise of the rights granted herein."
2017-04-26 19:14:03 <consus> They do not.
2017-04-26 19:14:10 <consus> On getting *this* version of code
2017-04-26 19:14:19 <dalias> you're missing the point
2017-04-26 19:14:28 <dalias> it has nothing to do with versions
2017-04-26 19:14:30 <kpcyrd> consus: "you have the right to do X, Y, Z but we're making sure you aren't doing anything of that"
2017-04-26 19:14:51 <consus> kpcyrd: nope
2017-04-26 19:14:51 <dalias> if they said "if you share the source, we'll shame on on twitter" that's a restriction on the recipient's exercise of the rights granted"
2017-04-26 19:15:24 <dalias> any retaliation, regardless of whether it pertains to obtaining this or a future version of the sw, is a restriction on the exercise of those rights
2017-04-26 19:15:31 <_ikke_> dalias: is that actually tested, or is that a desired interpretation?
2017-04-26 19:15:32 <kpcyrd> can we all agree for a moment that grsec is GPL software?
2017-04-26 19:15:45 <consus> I do not think that this is the right interpretation
2017-04-26 19:15:53 <koollman> dalias: I offer you my new release. you can do what you want with it. however, I decide to distribute releases only to the people I like. you may or may not be in this group for the next release.
2017-04-26 19:16:05 <consus> So again, I will consult my pet lawyers as I'm really interested in this grey area :D
2017-04-26 19:16:13 <koollman> dalias: I am not limiting your rights. just chosing not to distribute in the future
2017-04-26 19:16:20 <consus> I do not have the full picture to continue the discussion
2017-04-26 19:16:26 <dalias> this is stupid libertard fantasy-land
2017-04-26 19:16:31 <koollman> kpcyrd: agreed
2017-04-26 19:17:09 <dalias> courts are not fond of retaliation against parties for exercising their contractual rights
2017-04-26 19:17:15 <kpcyrd> somebody should seriously email rms about this
2017-04-26 19:17:23 <consus> rms reads mail?
2017-04-26 19:17:33 <_ikke_> he does
2017-04-26 19:18:00 <koollman> dalias: and if it goes to court, yes, the argument can be made. but the question really is 'will it go there'
2017-04-26 19:18:27 <consus> Well... we do have a bunch of GPL fanatics
2017-04-26 19:18:30 <dalias> imagine an employment contract says you get N days of personal time off, but every employee who uses them gets fired
2017-04-26 19:18:32 <consus> That will go in court
2017-04-26 19:18:38 <consus> But the thing is
2017-04-26 19:18:39 <dalias> if you can show the court such a pattern
2017-04-26 19:18:48 <dalias> the court will almost surely determine breach of contract
2017-04-26 19:19:08 <consus> Why are we even here? The major security suite that was not included in Linux kernel for SIXTEEN goddamn years.
2017-04-26 19:19:12 <dalias> same if every grsec customer who shares the source gets denied contract renewal
2017-04-26 19:19:18 <consus> So maybe the real problem lies here
2017-04-26 19:19:19 <dalias> consus, because it's crap
2017-04-26 19:19:26 <dalias> and it's always been crap
2017-04-26 19:19:40 <dalias> a _very few_ ideas in grsec were useful and innovative
2017-04-26 19:19:46 <dalias> most of them just break stuff randomly
2017-04-26 19:19:50 <consus> So why bother then
2017-04-26 19:20:01 <koollman> pax ideas are pretty nice, and the implementation do work
2017-04-26 19:20:03 <dalias> because gpl infringers deserve a smackdown
2017-04-26 19:20:07 <consus> Nah
2017-04-26 19:20:15 <consus> Nobody wants to waster their time on this
2017-04-26 19:20:25 <koollman> some do :)
2017-04-26 19:20:28 <dalias> lots of people do
2017-04-26 19:20:31 <consus> Well yeah
2017-04-26 19:20:37 <consus> We do have a couple of fruitcases
2017-04-26 19:20:39 <consus> Still
2017-04-26 19:20:59 <dalias> the value isn't keeping grsec source available
2017-04-26 19:21:17 <dalias> the value is in demonstrating that you can't make up stupid loopholes to make closed-source linux kernels
2017-04-26 19:21:36 <consus> Someone on the Internet is not right. Let's waste our time instead of writing the really good security for the Kernel :D
2017-04-26 19:22:07 <koollman> writing security is way harder than arguing on the internet. Even worse for good security ;)
2017-04-26 19:22:08 <dalias> "you have all the rights the gpl says, but of course i'll cut you off if you use them, and of course i'm not writing that down anywhere because it would obviously be illegal if i wrote it down" is utter bullshit
2017-04-26 19:22:12 <dalias> and everybody knows it
2017-04-26 19:24:03 <consus> Sigh
2017-04-26 19:24:06 <consus> Okay
2017-04-26 19:24:10 <kpcyrd> consus: "I sell you 4k chicken nuggets I made from free chicken for $1. You can buy as many additional 4k chicken nuggets for $1 and since this is free chicken, I'm legally required to allow you eating your nuggets, but if you actually do, I won't sell you any more chicken nuggets while keeping the free chicken"
2017-04-26 19:24:17 <consus> Back to the ground
2017-04-26 19:25:51 <consus> kpcyrd: *YOU* can use the code. You just can't give it to anyone else without losing the ability to update.
2017-04-26 19:26:01 <consus> As simple as that
2017-04-26 19:26:16 <_ikke_> But do you have the right to get updates?
2017-04-26 19:26:34 <dalias> it's not that you have a right to get updates
2017-04-26 19:26:37 <consus> GPL does not say anything about updates :)
2017-04-26 19:26:48 <dalias> that's a distraction
2017-04-26 19:27:01 <kpcyrd> consus: I can't use the code if the only usecase is distribution which is allowed by their own license
2017-04-26 19:27:10 <dalias> it's that you have a right not to be discriminated against on the basis of having exercised your rights under the gpl
2017-04-26 19:27:15 <consus> kpcyrd: Distribute as much as you want
2017-04-26 19:29:04 <dalias> because this happening, or even the threat that it might happen, imposes a restriction on the exercise of the rights that were nominally granted
2017-04-26 19:29:40 <consus> What if I put an ASCII hitler in the code?
2017-04-26 19:29:46 <consus> Will it violate GPL?
2017-04-26 19:29:57 <consus> Because sharing the code will bring SJWs around
2017-04-26 19:30:09 <consus> And you will be punished for an ASCII Hitler
2017-04-26 19:30:23 <dalias> i'm going to go even further and say that, even if they didn't refuse to renew any real customers' subscriptions...
2017-04-26 19:30:23 <consus> Hence restrictions
2017-04-26 19:31:05 <dalias> if they made up a bunch of fake customers and posted fake stories by those fake customers saying their subscription renewal had been denied on the basis of sharing source...
2017-04-26 19:31:12 <dalias> (to make real customers scared to do so)
2017-04-26 19:31:25 <consus> Yeah-yeah, but what about Hitler?
2017-04-26 19:31:27 <dalias> that would constitute a violation of the requirement
2017-04-26 19:31:39 <dalias> i'm not even going to acknowledge that idiotic question or continue to talk to you
2017-04-26 19:31:42 <consus> This is a nice GPL paradox
2017-04-26 19:31:51 <dalias> because you've shown yourself to be a troll aligned with deplorable people
2017-04-26 19:31:55 <dalias> good day
2017-04-26 19:34:35 <consus> Aw come on
2017-04-26 19:34:38 <consus> Don't be like that
2017-04-26 19:36:01 <kpcyrd> unrelated to gpl: does anybody know how much a grsec subscription costs if I want to keep my personal devices on grsec? Is it affordable for regular people?
2017-04-26 19:36:51 <consus> https://grsecurity.net/purchase.php
2017-04-26 19:36:57 <consus> You can write them
2017-04-26 19:37:12 <kpcyrd> "you can write them" is usually "you can't afford it"
2017-04-26 19:38:07 <_ikke_> Right, I don't think they cater to small users
2017-04-26 19:38:42 <dalias> kpcyrd, if it were available at prices where they'd have significant sales volumes, this wouldn't even be a question, since it would be easy to just keep making new customers to get and share each new version...
2017-04-26 19:41:27 <consus> > Grsecurity (pricing begins at $200/month)
2017-04-26 19:41:39 <consus> That's affordable
2017-04-26 19:41:56 <kpcyrd> consus: depends on your budget
2017-04-26 19:42:01 <consus> Of course
2017-04-26 19:42:10 <consus> Still it's not $3000 per machine
2017-04-26 19:42:31 <kpcyrd> true
2017-04-26 19:43:05 <darkfader> rhel subsription is like $600/y and that also just gets you updates and lets you look at the tech notes where they describe their regressions
2017-04-26 19:43:54 <darkfader> $200 is quite overpriced IMO but also not horrible
2017-04-26 19:44:20 <darkfader> easily saved on panic mode if it's a web platform
2017-04-26 19:45:48 <consus> Does alpine support virtio disks?
2017-04-26 19:46:16 <consus> Seems likely
2017-04-26 19:46:50 <kpcyrd> grsec is still officially dead for appliances?
2017-04-26 19:47:07 <consus> Huh?
2017-04-26 19:47:14 <xentec> consus, CONFIG_VIRTIO_BLK=m
2017-04-26 19:47:24 <consus> Yeah
2017-04-26 19:47:31 <consus> I'm talking about the installer and stuff
2017-04-26 19:47:52 <consus> Maybe it's ignored in disk chooser etc
2017-04-26 19:47:58 <darkfader> consus: i only migrated after install :/
2017-04-26 19:48:07 <consus> Well I'm going to find out lol
2017-04-26 19:48:10 <darkfader> :)
2017-04-26 19:48:14 <consus> Not that it will take enormous time
2017-04-26 19:48:22 <kpcyrd> consus: if I ship appliances using grsec I'm legally required by the gpl to share my source with my customers which you put my subscription on risk
2017-04-26 19:48:36 <consus> Ah
2017-04-26 19:48:37 <kpcyrd> s/you put/would put/ sry
2017-04-26 19:48:45 <consus> Yeah, something like that
2017-04-26 19:48:49 <consus> If it's true
2017-04-26 19:48:56 <consus> That you will lose the subscription
2017-04-26 19:49:16 <consus> I'm not aware of such restriction, my knowledge of grsec is very limited
2017-04-26 19:50:10 <kpcyrd> I'm not a lawyer in the end. I'm just sad that grsec in distros is not going to be a thing in the future.
2017-04-26 19:57:01 <consus> darkfader: Yep
2017-04-26 19:57:06 <consus> darkfader: Works fine with vda
2017-04-26 19:57:14 <consus> ^^
2017-04-26 19:57:23 <consus> Alpine is very sweet
2017-04-26 19:57:33 <consus> Though musl sometimes sucks
2017-04-26 19:57:53 <consus> Like with that utmp/wtmp thing
2017-04-26 20:06:46 <consus> And now I have fully ansible-provisioned git server ^^
2017-04-26 20:07:00 <consus> Damn I like alpine much
2017-04-26 20:43:36 <Shiz> kahiru: it's from the alpine-iso project
2017-04-26 20:53:11 <BitL0G1c> has anyone got gpg-agent's ssh-support working in alpine ?
2017-04-26 21:19:30 <bougyman> how does https://grsecurity.net/passing_the_baton_faq.php affect alpine?
2017-04-26 21:20:21 <Shiz> there is currently no solid decision on how to move forward afaik
2017-04-26 21:20:24 <Shiz> it's too early for that
2017-04-26 21:21:37 <bougyman> sad day for linux security
2017-04-26 21:21:52 <consus> Well
2017-04-26 21:21:53 <consus> Depends
2017-04-26 21:22:05 <Shiz> it could turn out to be either way
2017-04-26 21:22:17 <Shiz> for all you know this is the day a beautiful community-maintained open hardening kernel patch project is born
2017-04-26 21:22:19 <Shiz> ;)
2017-04-26 21:22:44 <consus> Or kernel guys will start to think about security more
2017-04-26 21:23:06 <Shiz> well, they already do to a degree -- see also KSPP
2017-04-26 21:23:14 <Shiz> the argument from others is that its inadequate, but at least they care a bit more
2017-04-26 21:23:21 <consus> :D
2017-04-26 21:49:13 <TBB> well, we already know grsecurity's opinion on the matter: "good luck with whatever you attempt because you sure as hell aren't getting anywhere near what we can do"
2017-04-26 21:49:33 <consus> :D
2017-04-26 21:49:45 <darkfader> hm
2017-04-26 21:50:02 <darkfader> it's more like "because you sure as hell are just gonna pretend you got as far and not walk the walk"
2017-04-26 21:50:16 <consus> For folks who were not able to push their stuff mainline FOR SIXTEEN GODDAMN YEARS this is a pretty strong opinion
2017-04-26 21:50:44 <darkfader> mainline has often enough set back development for years
2017-04-26 21:50:57 <darkfader> see all the praise on removing locks vs. what they said about it in end-90s
2017-04-26 21:51:07 <consus> Well
2017-04-26 21:51:13 <consus> No BKL anymore
2017-04-26 21:51:14 <darkfader> "no issue now, low impact, hard to code, blah"
2017-04-26 21:51:16 <darkfader> yeah
2017-04-26 21:51:23 <consus> Since 2008
2017-04-26 21:51:24 <consus> AFAIR
2017-04-26 21:51:29 <darkfader> but it was a BIG decision to keep it and years were spent saying it's ok
2017-04-26 21:51:42 <darkfader> and pushing back on attempts to do something about it
2017-04-26 21:52:07 <consus> Yes
2017-04-26 21:52:08 <consus> Still
2017-04-26 21:52:18 <darkfader> so any major arch improvement in linux needs willingless to go against windmills for 10y+, or (or!) you have just to be the guy they love
2017-04-26 21:52:29 <consus> Sixteen years is more than a half of the Linux kernel lifetime
2017-04-26 21:52:34 <darkfader> yeah
2017-04-26 21:52:39 <darkfader> but it's not surprise
2017-04-26 21:52:59 <consus> Hmm
2017-04-26 21:53:02 <darkfader> linux "core" is a one of the worst and hostile groups humanity has ever grwon
2017-04-26 21:53:11 <darkfader> not for us techs who are used it
2017-04-26 21:53:21 <consus> > hostile
2017-04-26 21:53:22 <darkfader> but imagine you showed and fully explained it to someone outside of tech
2017-04-26 21:53:24 <consus> Wha?
2017-04-26 21:53:33 <consus> >  So set --with-path-mbox=/var/spool/mail to fix spoll path
2017-04-26 21:53:35 <consus> Dammit
2017-04-26 21:53:39 <darkfader> :))
2017-04-26 21:53:52 <consus> It's the other way around
2017-04-26 21:53:56 <darkfader> 
ACTION goes back to wring docs

2017-04-26 21:53:58 <consus> /var/mail should replace it
2017-04-26 21:54:13 <consus> Gotta whine in #alpine-devel some more
2017-04-26 22:00:30 <consus> Okay, whined
2017-04-26 22:43:35 <vectr0n> ncopa, https://bugs.alpinelinux.org/issues/6997 appears someone already posted one beginning of march
2017-04-27 00:48:55 <emacsoma`> does anyone know anything about what will happen with the grsec kernel in alpine?
2017-04-27 00:49:19 <dalias> i don't know specifics
2017-04-27 00:49:45 <dalias> but the plan for a long time has been trying to get useful stuff merged upstream and getting away from grsec, i think
2017-04-27 00:50:16 <dalias> disclosure: i'm not a fan of grsec
2017-04-27 00:59:03 <nwmcsween> should never have been imo
2017-04-27 00:59:47 <dalias> ?
2017-04-27 01:00:10 <emacsoma`> dalias: that does sound like a good plan
2017-04-27 01:00:26 <emacsoma`> I'm slightly dubious of Spengler given that he doesn't seem to eat his own dogfood...
2017-04-27 01:02:41 <nwmcsween> alpine w/ grsec
2017-04-27 01:03:40 <nwmcsween> I thought he used gentoo hardened?
2017-04-27 01:05:39 <duncaen> https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
2017-04-27 01:05:48 <nwmcsween> I told spender that his stuff would just get reimplemented unless he tried to upstream it
2017-04-27 01:06:12 <nwmcsween> tbh I think he didn't want to upstream it
2017-04-27 01:06:57 <emacsoma`> from https://slo-tech.com/clanki/10001en
2017-04-27 01:07:13 <dalias> my personal view is that grsec was a mistake of early alpine, much like uclibc was
2017-04-27 01:07:15 <emacsoma`> Spengler: I use Windows 7 actually -- the Cheddar Bay video was on the RC I think. I use it because the only fiddling around I want to do with Linux is testing and improving grsecurity. I used to use Linux as my primary desktop back in high school and in college, but nowadays I just want to get stuff done -- so Linux stays in VMs. Linux was much simpler back then too, in both the kernel and userland. You had known confi
2017-04-27 01:07:16 <emacsoma`> edited them some 'intelligent' process wouldn't go and change it behind your back, you wouldn't have to modify SELinux policy because you wanted to host something from a location different from the system default. There was more of a feeling of freedom on it then -- something I think it's losing the more it becomes commercialized. Also: games; I play them. New ones. And if Pidgin notifies me that a new release is availa
2017-04-27 01:07:16 <emacsoma`> download a Pidgin executable; I'm not forced to update 100+ packages at the same time, always risking that something will go wrong.
2017-04-27 01:07:52 <dalias> :-p
2017-04-27 01:08:07 <dalias> grsec does provide some useful additional hardening here and there
2017-04-27 01:08:21 <emacsoma`> I mean, if you work on Linux security, maybe you know too much to feel comfortable on Linux, but then to use Windows.....
2017-04-27 01:08:46 <duncaen> but from reading the tweets and the blog working with them seems hard
2017-04-27 01:08:57 <nwmcsween> that's an understatement
2017-04-27 01:09:25 <dalias> but it's also a big nuisance. breaks lots of stuff, and the quality of the code is questionable
2017-04-27 01:10:36 <nwmcsween> it would be nice if Linux had something like pledge
2017-04-27 01:10:55 <dalias> it does, seccomp
2017-04-27 01:11:05 <duncaen> no :S
2017-04-27 01:11:07 <nwmcsween> not the same though
2017-04-27 01:11:14 <dalias> it kinda is
2017-04-27 01:11:21 <nwmcsween> pledge is function
2017-04-27 01:11:31 <duncaen> you cant use seccomp for stuff that execs other binaries
2017-04-27 01:11:37 <dalias> a library providing pledge could do exactly the same as bsd pledge using seccomp as the mechanism
2017-04-27 01:11:40 <duncaen> with pledge you restrict each binary
2017-04-27 01:11:46 <duncaen> i have a library
2017-04-27 01:11:58 <duncaen> https://github.com/Duncaen/playground
2017-04-27 01:14:16 <psychi[m]> Yeah, i am also concerned about Grsec. and what will Alpine do...
2017-04-27 01:14:33 <nwmcsween> they will have to use vanilla
2017-04-27 01:14:38 <dalias> the practical impact on security is very minimal just switching to linux-vanilla
2017-04-27 01:15:04 <dalias> or someone can sponsor alpine a subscription to grsec
2017-04-27 01:15:33 <duncaen> could they provide the source in this case?
2017-04-27 01:15:33 <dalias> and then we can watch the fireworks and grab some popcorn when grsec tries to retaliate and ban alpine for sharing the source...
2017-04-27 01:15:42 <duncaen> :D
2017-04-27 01:15:44 <emacsoma`> dalias: :)
2017-04-27 01:16:19 <dalias> almost makes me want to shell out the $$ to do it
2017-04-27 01:16:34 <nwmcsween> meh pledge looks worse than I thought, I assumed it was per func e.g. pledge("printf foo")
2017-04-27 01:16:47 <duncaen> no this is good
2017-04-27 01:17:03 <duncaen> its a shitshow to restrict each syscall
2017-04-27 01:17:17 <duncaen> your library adds a new one? have fun rebuilding
2017-04-27 01:17:21 <nwmcsween> restricting funcs isn't the same as syscalls
2017-04-27 01:17:40 <duncaen> pledge resticts groups of syscalls
2017-04-27 01:17:56 <nwmcsween> which sort of sucks imo
2017-04-27 01:18:16 <nwmcsween> why does impl foo use the same syscalls as impl bar?
2017-04-27 01:18:29 <duncaen> no, libressl uses getrandom(2), everything that uses seccomp needs to be patched
2017-04-27 01:19:22 <duncaen> different libcs use different syscalls too
2017-04-27 01:19:23 <dalias> the idea is that pledge is supposed to be easy to use and not overly restrictive
2017-04-27 01:19:28 <dalias> so that it's practical to use
2017-04-27 01:19:48 <dalias> whereas seccomp requires knowing library implementation details
2017-04-27 01:19:52 <dalias> details that might change with versions
2017-04-27 01:20:35 <dalias> a good easy-to-use seccomp library would always whitelist all the relatively-harmless syscalls
2017-04-27 01:20:38 <duncaen> https://github.com/kristapsdz/acme-client-portable/blob/master/Linux-seccomp.md
2017-04-27 01:20:39 <dalias> to have less chance of breaking things
2017-04-27 01:21:01 <duncaen> thtas what my lib does, first a whitelist, then blacklisting
2017-04-27 01:21:25 <duncaen> and then there are some filters for arguments too
2017-04-27 01:21:28 <nwmcsween> yeah I'm not advocating seccomp, i'm advocating per function restriction
2017-04-27 01:21:49 <duncaen> but thats what seccomp does?
2017-04-27 01:22:03 <nwmcsween> no it does syscalls
2017-04-27 01:22:15 <duncaen> oO
2017-04-27 01:22:23 <duncaen> how would per function even work
2017-04-27 01:23:08 <dalias> well it would need to be per-functionality-group or something
2017-04-27 01:24:03 <nwmcsween> there would have to be a mapping of some sort or a tool to figure stuff out at compile time(?)
2017-04-27 01:24:35 <duncaen> but how to restrict this, you can just go around it at runtime
2017-04-27 02:09:14 <minimalism> Does this grsecurity news affect Alpine at all?
2017-04-27 02:19:57 <dirac1> What news?
2017-04-27 02:23:40 <duncaen> it has to
2017-04-27 02:24:03 <duncaen> if somene would sponsor it then it would probably not be possible to provide the source
2017-04-27 02:36:21 <minimalism> dirac1: https://grsecurity.net/passing_the_baton.php
2017-04-27 02:40:10 <emacsoma`> minimalism: we had a bit of discussion here earlier on that topic
2017-04-27 02:41:24 <dirac1> minimalism, thanks, oh wow.
2017-04-27 02:41:31 <dirac1> So... no more "security" in alpine
2017-04-27 02:42:20 <dirac1> For some time at least, it will take some time for the comunity to organize and start maintaining and patching grsec.
2017-04-27 02:43:08 <dirac1> (expecting that the comunity will drive and maintain the grsec source)
2017-04-27 02:45:02 <dirac1> Is my opinion btw.
2017-04-27 02:46:25 <duncaen> i hope not
2017-04-27 02:46:49 <duncaen> kernsec should just upstream usefull features
2017-04-27 02:47:24 <emacsoma`> how do I get mkinit to build zfs modules to allow alpine to boot from zfs / ?
2017-04-27 02:47:39 <dirac1> One interesting about the news is... the part when they say... there's no widely developed alternative to kernel security like grsec.
2017-04-27 02:48:43 <duncaen> why? because they cant upstream it?
2017-04-27 02:49:13 <duncaen> everyone else wants to get their stuff upstreamed, why maintain patches for years
2017-04-27 03:43:39 <ifbizo> hi! i'm trying to install and enable serial console with alpine 3.5.2 x86_64 using freebsd 11.0's bhyve and getting strange behavior. serial output gets stuck at "starting ntpd" and i can ping the host. i try to reboot and use installer to enable sshd but then it oddly gets stuck at "loading hardware drivers". any ideas?
2017-04-27 05:50:15 <psychi[m]> So the story is about....( curious
2017-04-27 06:27:43 <kaniini> guys, security is dead at alpine linux because grsec is dead, everyone can go home now
2017-04-27 06:27:48 <kaniini> haha i am just kidding
2017-04-27 06:28:00 <kaniini> there's a lot more to what we do security wise than just grsec
2017-04-27 06:30:26 <scv> like not including the kitchen sink
2017-04-27 06:32:21 <kaniini> that is indeed a good starting point
2017-04-27 07:16:57 <codingfabian> Hello, is the projected Alpine 3.6 release in less than a week realistic? We want to upgrade docker in 3.5, but I would rather wait a bit than to use edge now.
2017-04-27 07:21:28 <xentec> codingfabian, afaik it's scheduled for end of May
2017-04-27 07:38:48 <codingfabian> xentec thanks, I was checking https://bugs.alpinelinux.org/versions/115 - good to know it is at least a month away
2017-04-27 08:13:49 <feuerteufel> I've a question to "apk":
2017-04-27 08:13:59 <feuerteufel> apk upgrade -v
2017-04-27 08:13:59 <feuerteufel> 1 errors; 146 packages, 1867 dirs, 17768 files, 727 MiB
2017-04-27 08:14:46 <feuerteufel> How do I find out where the error come's from?
2017-04-27 08:22:08 <Kachel> I can't extract the alpine tar.gz file into an SD card for a raspberry pi
2017-04-27 08:22:27 <Kachel> Running as root doesn't work either
2017-04-27 08:29:02 <codingfabian> I am back with a new questionregarding docker 1.17 :) I fail to install it on an alpine 3.5. I did add a tagged repo (@edge http://dl-cdn.alpinelinux.org/alpine/edge/main) and then user apk add docker@edge - but it still installs 1.12. any pointers?
2017-04-27 08:30:18 <IcePic> Kachel: perhaps you can expand a bit on "I cant extract", its hard to know if your SD card is write protected, or if tar is acting up or if you mean "the resulting files will not boot ok when I test it later on".
2017-04-27 08:31:29 <Kachel> I used tar -pvxzf alpine-rpi-3.5.2-armhf.tar.gz -C alpine-install/
2017-04-27 08:32:00 <Kachel> And no it isn't write protected because some files were able to be on the SD card
2017-04-27 08:32:22 <Kachel> But some apk files not
2017-04-27 08:33:27 <IcePic> I didn't specifically mean that SD being RO was a very plausable reason, just that "I did something and it didn't work" is a bit vague and covers huge possibilities.
2017-04-27 08:33:44 <IcePic> computers tend to be able to NotWork(tm) in millions of weird ways.
2017-04-27 08:35:12 <Kachel> Now it works after mounting and unmounting...
2017-04-27 08:35:23 <Kachel> no errors atleast
2017-04-27 08:36:32 <Kachel> But is the full rpi install of alpine really intended to be on only one partition?
2017-04-27 09:38:29 <clandmeter> it runs from memory
2017-04-27 11:05:42 <armin> BitL0G1c: btw i completely don't understand this guide here: https://github.com/OpenRC/openrc/blob/1edb5f6fd9c4827e5d4ed5c854bc322ba8a7df73/supervise-daemon-guide.md
2017-04-27 11:06:10 <armin> BitL0G1c: i do understand the supervise-daemon, nevertheless, but the kind that guide is written is not clarifying anything to me...
2017-04-27 11:52:16 <IcePic> armin: yeah, I think you are right in that
2017-04-27 12:03:51 <armin> so i wrote a custom init-script and enabled that service. however, when rebooting my machine, all i see on the tty is the output from my program, but i don't see any login prompt. anyone a clue what i got wrong here?
2017-04-27 12:24:10 <armin> ok, now i'm screwed it seems: even after removing the symlink for my program from a live environment, my boot hangs, but now stops after "Starting busybox crond ..."
2017-04-27 12:24:26 <armin> ah now it goes on.
2017-04-27 12:24:27 <armin> weird.
2017-04-27 12:30:48 <BitL0G1c> armin - could be missing entropy if you are running openssh server - installing / enabling haveged & enabling urandom service fixes entropy - for supervise-daemon examples it may be clearer to search git for 'supervise-daemon' in the log messages to see the changes I made to enable it
2017-04-27 12:35:55 <armin> BitL0G1c: it's not too terrible, takes about 30sec to start. i also was able to solve the init script issue by adding command_background="yes" to that init script
2017-04-27 13:28:29 <mmlb> hmm regarding 3.6, who can I ping to add Bug #7037 and subsequent mkinitfs PR #12 to the release?
2017-04-27 13:28:41 <mmlb> 1/2 algitbot
2017-04-27 13:29:57 <mmlb> maybe even #6713 since it looks like an alpine issue from patching busybox and makes `set -e` do the wrong thing in one (maybe more) case
2017-04-27 13:36:10 <IcePic> armin: 30 sec delays sounds a bit like "tries to backwards resolve an ip and fails on first resolver"
2017-04-27 13:36:33 <IcePic> especially if you dont see load during those 30 secs
2017-04-27 13:42:36 <armin> IcePic, BitL0G1c: thanks a lot for those pointers!
2017-04-27 13:43:32 <BitL0G1c> armin - np - boot up should be about 4-5 seconds
2017-04-27 14:01:02 <armin> BitL0G1c, IcePic: not sure what that is still - looks like this when this happens for about 40-50 sec: http://base.m2m.pm/shot.png
2017-04-27 14:32:22 <BitL0G1c> armin - disable chronyd (it didn't use to background itself) - sntpc is nice & light - just configure /etc/conf.d/sntpc
2017-04-27 14:50:57 <Marc1n> hello all
2017-04-27 17:45:33 <Shiz> successfully replaced Debian on scaleway's new aarch64 servers with Alpine :D
2017-04-27 17:45:35 <Shiz> remotely
2017-04-27 17:46:19 <arch3y> nice was just reading the article about it on hackernews
2017-04-27 17:52:21 <TemptorSent> Do you know if that was from within the deb host or if there was OOB management available as a safety net?
2017-04-27 17:56:08 <Shiz> TemptorSent: within the deb host
2017-04-27 17:56:12 <Shiz> there's no rescue mode
2017-04-27 17:56:14 <Shiz> :)
2017-04-27 17:56:21 <Shiz> this is how I did it: https://txt.shiz.me/NTM4Yzg1MT
2017-04-27 18:05:54 <TemptorSent> Shiz: Nice.
2017-04-27 18:08:07 <Shiz> https://txt.shiz.me/ZGE2YzZlNW slightly updated to get a working inittab
2017-04-27 18:08:23 <TemptorSent> Shiz: I see the find -xdev bug didn't bite you in that case, luckily!
2017-04-27 18:08:30 <Shiz> hmm?
2017-04-27 18:09:15 <TemptorSent> Find -xdev doesn't actually check the mount point.
2017-04-27 18:10:02 <dwreck> hey. I have an init script I wrote (badly obviously) that is hanging startup. is there a keystroke that will kill it? ctrl-c doesn't work.
2017-04-27 18:11:13 <TemptorSent> dwreck: reboot and add 'single' to the kernel command line. You could also try a magick SysRQ
2017-04-27 18:13:54 <dwreck> /etc/init.d doesn't get created during single user (tried it), tried mount -a to mount any tmpfs junk. are those scripts stored somewhere else before that runlevel fires off?
2017-04-27 18:15:14 <jeffyoungs> Hey guys- I've been stuck for a while now trying to get apk working from behind a proxy (basically this issue: https://github.com/gliderlabs/docker-alpine/issues/191 but the fix there isn't working). I know my http_proxy, https_proxy and http_proxy_auth are setup correctly because GNU wget works, but busybox wget fails at the 407 Authentication Required (whereas gnu wget gets that message, but continues).
2017-04-27 18:15:52 <jeffyoungs> Is there any way to get apk to just use /usr/bin/wget ? the docs say explicitly that it uses busybox
2017-04-27 18:27:59 <feuerteufel> Hello everybody - I still try to feind out, "apk" is logging the errors. I can't find a logfile. Any hints?
2017-04-27 18:28:23 <Shiz> apk doesn't log to any logfile that i know of
2017-04-27 18:28:30 <Shiz> it's all stdout/stderr
2017-04-27 18:29:37 <feuerteufel> I get the following:
2017-04-27 18:29:56 <feuerteufel> apk upgrade -v
2017-04-27 18:29:56 <feuerteufel> 1 errors; 146 packages, 1867 dirs, 17768 files, 727 MiB
2017-04-27 18:30:40 <feuerteufel> I try to find put, whre the error comes from
2017-04-27 18:30:56 <feuerteufel> *out
2017-04-27 18:31:44 <Shiz> have you tried # apk fix ?
2017-04-27 18:32:30 <feuerteufel> Just for one pakage, but i'll do
2017-04-27 18:32:36 <jeffyoungs> Also try -vv
2017-04-27 18:34:51 <TemptorSent> feuerteufel do you by chance have the -docs package installed and both libedit and readline installed as deps for other packages?
2017-04-27 18:37:22 <feuerteufel> Here ist the output: https://pastebin.com/VRhNKzcV
2017-04-27 18:39:04 <TemptorSent> Ahh, gotcha -- uninstall php-cli and install php5-cli if that's what you want, otherwise, upgrade php :)
2017-04-27 18:40:14 <TemptorSent> Someone that knows the guts of the recent php changes can probably give you a better answer.
2017-04-27 18:41:23 <Shiz> hmm that's problematic
2017-04-27 18:41:36 <Shiz> but yeah apk del php-cli && apk add php5-cli would probably do the trick
2017-04-27 18:44:35 <feuerteufel> Shiz: I think, i have to uninstall the hole "php" Stuff because:
2017-04-27 18:44:56 <feuerteufel> World updated, but the following packages are not removed due to:
2017-04-27 18:44:56 <feuerteufel>   php-cli: php-pdo php-pdo_mysql php-mysql
2017-04-27 18:45:23 <Shiz> hmm.
2017-04-27 18:45:42 <feuerteufel> Is there a trick?
2017-04-27 18:59:33 <dwreck> how can I get /etc/init.d/ populated in single user mode?
2017-04-27 18:59:48 <Shiz> it should already be populated?
2017-04-27 18:59:55 <Shiz> it's part of the busybox-initscripts
2017-04-27 18:59:57 <Shiz> package
2017-04-27 18:59:59 <Shiz> among others
2017-04-27 19:01:06 <feuerteufel> Shiz: I think, Ifound the problem: It looks like there is a conflict between the alpine and the eis-ng packages
2017-04-27 19:01:14 <Shiz> eis-ng?
2017-04-27 19:01:37 <dwreck> it is not
2017-04-27 19:03:14 <feuerteufel> So what do I have to do, if not?
2017-04-27 19:03:29 <Shiz> i don't know what eis-ng is
2017-04-27 19:03:48 <Shiz> dwreck: what does /etc/apk/world contain, and does apk info -L busybox-initscripts contain anything?
2017-04-27 19:04:46 <dwreck> that first path is non-existent in single user mode, the second command fails to read database state
2017-04-27 19:05:38 <Shiz> uuhm
2017-04-27 19:06:00 <Shiz> i think you may be caught in something that is not your install then
2017-04-27 19:06:19 <feuerteufel> Shiz: It's a distri based on Alpine
2017-04-27 19:06:34 <dwreck> init scripts run fine on full boot, it's just hanging on a crappy one I wrote
2017-04-27 19:06:35 <Shiz> dwreck: sure your rootfs is actually your partition?
2017-04-27 19:07:24 <feuerteufel> Shiz: I think, I have to talk to those folks ... thank's
2017-04-27 19:07:27 <dwreck> hmmm
2017-04-27 19:07:40 <dwreck> I am not sure at all. this is a pretty vanilla install in a vm though
2017-04-27 19:08:02 <help-im-stuck> so.. are there any howto or guide out there on how to user alpine linux as a xen host for virt-manager?
2017-04-27 19:08:10 <Shiz> dwreck: check the output of # mount
2017-04-27 19:09:04 <dwreck> yeah it says /
2017-04-27 19:09:14 <Shiz> mounted from?
2017-04-27 19:09:23 <Shiz> mine says /dev/vda3 on / type ext4 (rw,relatime,data=ordered) for instance :P
2017-04-27 19:10:26 <dwreck> yeah but I'm in single user
2017-04-27 19:10:46 <dwreck> I wonder if I can just get into another runlevel to do this
2017-04-27 19:11:26 <Shiz> what does /proc/mounts say
2017-04-27 19:11:36 <Shiz> for /
2017-04-27 19:12:10 <Shiz> dwreck: ah: single user mode gives you a shel in the initramfs
2017-04-27 19:12:14 <Shiz> meaning your root part isn't mounted yet
2017-04-27 19:12:19 <dwreck> ahhh
2017-04-27 19:12:23 <dwreck> oh!
2017-04-27 19:12:24 <dwreck> duh
2017-04-27 19:12:28 <dwreck> I need to just mount it somewhere
2017-04-27 19:12:35 <Shiz> yup
2017-04-27 19:12:40 <Shiz> that's why i inquired about your mounts
2017-04-27 19:12:49 <dwreck> I should know better
2017-04-27 19:12:50 <dwreck> thanks
2017-04-27 19:18:33 <Shiz> feuerteufel: why do you have php and phhp5 installed at the same time?
2017-04-27 19:20:53 <feuerteufel> That's what I try to find out ;)
2017-04-27 19:22:37 <feuerteufel> It looks like there is a renamed package ...
2017-04-27 19:45:38 <feuerteufel> Shiz: OK, I got told what to do ...
2017-04-27 19:47:15 <feuerteufel> In /etc/apk/world I had to change php-mysql and php-pdo-mysql to php5-mysql and php5-pdo-mysql
2017-04-27 19:47:31 <feuerteufel> Then a "apk fix"
2017-04-27 19:47:47 <feuerteufel> The error ist gone!!
2017-04-27 19:48:12 <feuerteufel> Shiz: Thank's again!!
2017-04-27 19:49:22 <Shiz> np
2017-04-27 19:50:14 <TemptorSent> feuerteufel You may have been caught by an apk bug that kaniini is working on where apk fails to resolve some updates properly - #7250.
2017-04-27 19:52:14 <TemptorSent> kaniini: BTW, I finally managed to force APK to install a kernel by purging every reference to grsec and manually doing apk add linux-hardened.
2017-04-27 19:52:35 <kaniini> odd.  the virtual should have handled the transition
2017-04-27 19:53:59 <TemptorSent> kaniini: Ahh, the 'S' word, the foulest word in computing ;)
2017-04-27 19:54:26 <mepholic> shit
2017-04-27 19:57:43 <feuerteufel> Hopfully I don't drive someone upset, I'm sorry then!!
2017-04-27 19:57:44 <TemptorSent> Cool, something worked right and libressl updated cleanly at least :)
2017-04-27 19:58:38 <feuerteufel> algitbot: TemptorSent: Thank's!
2017-04-27 19:58:48 <Shiz> don't worry about it
2017-04-27 19:59:18 <TemptorSent> feuerteufel: It's a bigger problem than your issue, breaking kernel upgrades in fun ways :)
2017-04-27 19:59:57 <TemptorSent> feuerteufel: No problem.
2017-04-27 20:01:35 <kaniini> the kernel upgrade problem is mostly worked around for now :P
2017-04-27 20:02:12 <TemptorSent> Yep, after I unbroke my fubared apk database it all seems happy :) Thanks kaniini!
2017-04-27 20:02:24 <emacsoma`> TemptorSent: is linux-hardened an alpine package?
2017-04-27 20:02:33 <kaniini> emacsoma`: yes.  it replaces linux-grsec
2017-04-27 20:02:52 <emacsoma`> kaniini: is that new, or something which has been around?
2017-04-27 20:02:55 <Shiz> it's new
2017-04-27 20:02:58 <emacsoma`> ah
2017-04-27 20:03:17 <Shiz> because grsecurity insists on not using the grsec name for products that aren't stable latest grsecurity
2017-04-27 20:03:26 <Shiz> and since we don't pay for grsec kernels, we can't use that name
2017-04-27 20:03:29 <kaniini> emacsoma`: the rename is new, but has been pending for some time
2017-04-27 20:03:36 <TemptorSent> There was a brief snafu with a dep resolution that I happened to update during, but with mismatched repos, so I totally hosed my system.
2017-04-27 20:03:40 <Shiz> so we replaced it with -hardened in the interest of providing a potentially more general package too
2017-04-27 20:04:07 <kaniini> Shiz: and also to dispel the whole "100% of alpine security is because of grsec" belief
2017-04-27 20:04:11 <emacsoma`> Shiz: so it might change from being grsec-centric?
2017-04-27 20:04:17 <kaniini> which really is prettymuch not true at all
2017-04-27 20:04:26 <kaniini> emacsoma`: there is no grsec anymore
2017-04-27 20:04:33 <kaniini> emacsoma`: the grsec guy is peddling compiler plugins now
2017-04-27 20:04:58 <kaniini> emacsoma`: see also: https://grsecurity.net/passing_the_baton_faq.php
2017-04-27 20:05:08 <Shiz> emacsoma`: right.
2017-04-27 20:05:20 <Shiz> in fact, it has to, since grsecurity is not going to be releasing any more public patches now
2017-04-27 20:05:30 <Shiz> how alpine is going to handle this is still under discussion :p
2017-04-27 20:05:33 <emacsoma`> kaniini: right, I know about that, but I mean does this suggest a change towards hardening based on other resources?
2017-04-27 20:05:39 <emacsoma`> Shiz: ok
2017-04-27 20:05:53 <TemptorSent> grsec has a few useful features, but generally doesn't do much for intrinsic security without a lot of hoop-jumping, and even then it's far from perfect.
2017-04-27 20:06:07 <Shiz> eh, grsec does a fair bit for intrinsic security
2017-04-27 20:06:10 <TemptorSent> PaX seems to be the best of it.
2017-04-27 20:06:26 <kaniini> emacsoma`: alpine's security story is not just grsec
2017-04-27 20:06:34 <Shiz> ^ is definitely true
2017-04-27 20:06:42 <kaniini> emacsoma`: there are differences in userspace and many other initiatives
2017-04-27 20:06:52 <emacsoma`> ok
2017-04-27 20:07:24 <kaniini> emacsoma`: for example new policy requiring all packages to pass conformance testing has caused us to discover a CVE in libressl 2 days ago
2017-04-27 20:07:33 <Shiz> kaniini: speaking of, global switch to tcb-shadow when
2017-04-27 20:07:48 <kaniini> Shiz: hoping for 3.7, we need to make busybox aware of it
2017-04-27 20:07:58 <TemptorSent> Shiz: Yeah, if you configure everything properly, it has some big wins, but it's easier to get a higher level of security with proper configuration of the system and pacakages.
2017-04-27 20:08:06 <kaniini> Shiz: i am also looking at clang as default system compiler so we can build packages with the new CFI stuff
2017-04-27 20:08:18 <Shiz> TemptorSent: disagree
2017-04-27 20:08:32 <Shiz> kaniini: we need to patch clang a bunch more to be as viable as gcc right now, probably
2017-04-27 20:08:38 <kaniini> Shiz: yes
2017-04-27 20:08:38 <Shiz> but that's definitely something i'm interested in
2017-04-27 20:09:23 <kaniini> Shiz: i think what TemptorSent is saying is that you can have all the kernel security in the world and it means basically fuck all if you don't have app security
2017-04-27 20:09:42 <Shiz> sure, but it's parallel levels of security
2017-04-27 20:09:46 <kaniini> right
2017-04-27 20:09:47 <Shiz> so "higher level" doesn't really apply imo
2017-04-27 20:09:52 <Shiz> but yeah
2017-04-27 20:09:54 <TemptorSent> Shiz: Okay, what does it gain us by default without any configuration? You can still make a hole big enough to drive a truck through by misconfiguring the system.
2017-04-27 20:09:56 <Shiz> with that rephrasing I agree
2017-04-27 20:10:34 <kaniini> these days, where everyone is using docker or some other VPS/jail type thing, app security is more important than grsec
2017-04-27 20:10:43 <TemptorSent> That's the issue -- it's only picks up where proper application configuration leaves off, and too many apps are FUBAR.
2017-04-27 20:10:49 <kaniini> because most installs aren't multiuser
2017-04-27 20:10:52 <Shiz> kaniini: even then, I argue they're parallel
2017-04-27 20:10:58 <Shiz> because good kernel sec implies better container isolation
2017-04-27 20:11:02 <kaniini> sure, but point is
2017-04-27 20:11:03 <Shiz> can you count the vulns in linux user namespaces
2017-04-27 20:11:05 <Shiz> :P
2017-04-27 20:11:15 <darkfader> kaniini: nack, kernel sec is more important ...
2017-04-27 20:11:18 <kaniini> grsec is mostly related to things like shell boxes
2017-04-27 20:11:29 <darkfader> we got 1000ths of nicely contained applications
2017-04-27 20:11:44 <kaniini> darkfader: sure, kernel sec is important for containers
2017-04-27 20:11:45 <darkfader> but the one safely available vector is the kernel
2017-04-27 20:11:56 <kaniini> darkfader: but if you are running under say, xen or kvm, doesnt matter so much
2017-04-27 20:12:06 <TemptorSent> Yes, grsec can provide some safety against certain classes of exploits in otherwise properly configured systems, but it can't help with bad configurations much.
2017-04-27 20:12:21 <kaniini> grsec won't protect you from a wordpress 0day though
2017-04-27 20:12:31 <Shiz> or a libressl one
2017-04-27 20:12:34 <kaniini> :)
2017-04-27 20:12:37 <TemptorSent> Exactly.
2017-04-27 20:13:20 <kaniini> emacsoma`: so what i am trying to say is, we've been trying to pivot away from grsec being the story in our docs and so on for about 2 years now
2017-04-27 20:13:35 <TemptorSent> I'd suggest that time is better spent working on the kernel features that provide the most generally useful security enhancements and minimize the overall complexity of maintaining them.
2017-04-27 20:13:40 <kaniini> it was, possibly, 'good marketing' at the time to highlight the collaboration
2017-04-27 20:14:08 <kaniini> but it downplayed a lot of other things that go into alpine for security
2017-04-27 20:14:12 <Shiz> TemptorSent: people have been planning that since the grsec announcement actually
2017-04-27 20:14:17 <Shiz> (and got banned from #grsecurity for it)
2017-04-27 20:14:36 <emacsoma`> kaniini: that make sense, and seems like a good idea. I've had reservations about spender.
2017-04-27 20:14:37 <TemptorSent> *lol* Yeah - it's the right approach.
2017-04-27 20:15:08 <TemptorSent> And doing things the right way has a tendency of pissing off people who want it their way regardless.
2017-04-27 20:15:36 <kaniini> emacsoma`: we have been kind of in a bad place for a while in terms of communicating our plans because spender also makes us nervous.  but now he can't really do anything to us he hasn't already done
2017-04-27 20:15:59 <emacsoma`> kaniini: i see
2017-04-27 20:16:12 <kaniini> but overall, we are not that concerned about it
2017-04-27 20:16:27 <Shiz> we should probably discuss our overall plans what to do with grsec after 3.6 gets out
2017-04-27 20:16:28 <kaniini> if the community steps up and produces grsec derived patches, we'll carry them
2017-04-27 20:16:33 <Shiz> and make a formal decision
2017-04-27 20:16:53 <kaniini> if not, we built some prototype LSMs a few years ago as a backup plan to emulate things like W^X
2017-04-27 20:17:02 <kaniini> well, not emulate, but implement
2017-04-27 20:17:14 <kaniini> we have quite a few options available to us
2017-04-27 20:17:52 <kaniini> arguably we have more options available to us now than we did previously, as we were kind of painted into a grsec corner
2017-04-27 20:19:07 <kaniini> calling the hardened package what it is gives us quite a bit of flexibility in that regard too
2017-04-27 20:19:09 <TemptorSent> What's the thought on SELinux support? Too much of a mess?
2017-04-27 20:19:14 <kaniini> docker want it
2017-04-27 20:19:24 <kaniini> you can probably get it from them in their linuxkit stuff
2017-04-27 20:19:33 <kaniini> which is some sort of thing that cobbles together an alpine-esque distro
2017-04-27 20:19:37 <kaniini> from alpine pieces
2017-04-27 20:19:41 <kaniini> with some broken kernel
2017-04-27 20:19:43 <kaniini> and blah blah
2017-04-27 20:19:54 <Shiz> im not a huge fan of selinux, but if people want it it can probably be done
2017-04-27 20:19:59 <Shiz> i think gentoo has a decent collection of policies
2017-04-27 20:20:01 <Shiz> we could nab
2017-04-27 20:20:03 <Shiz> if it's the case
2017-04-27 20:20:07 <TemptorSent> It might be worth considering going into hardened as an option...
2017-04-27 20:20:08 <kaniini> i think apparmor is a better win than selinux personally
2017-04-27 20:20:26 <kaniini> it's more in line with what we would want
2017-04-27 20:20:45 <kaniini> selinux is about declarative policies, we just want to define what sane behaviour for an app is
2017-04-27 20:20:46 <TemptorSent> Agreed on apparmor, but SELinux has some functionality that is critical to certain classes of users.
2017-04-27 20:21:01 <kaniini> i'm nto against carrying selinux personally
2017-04-27 20:21:20 <kaniini> i just don't think it's the appropriate 'default' for alpine
2017-04-27 20:21:25 <TemptorSent> I think it would give Alpine a lot more potential users.
2017-04-27 20:21:29 <TemptorSent> Fully agreed.
2017-04-27 20:21:31 <Shiz> kaniini: -selinux subpackages here we go :P
2017-04-27 20:21:44 <Shiz> with the appropriate metapkg
2017-04-27 20:21:49 <kaniini> Shiz: yes, exactly.  and then install_if rules to determine if they should be installed :)
2017-04-27 20:21:54 <Shiz> :)
2017-04-27 20:21:59 <TemptorSent> Although basic support for selinux can be enabled in most things without requring it be in the kernel.
2017-04-27 20:22:09 <TemptorSent> (FS attributes being the big one)
2017-04-27 20:22:11 <kaniini> TemptorSent: it's fine to have it in the kernel as an LSM
2017-04-27 20:22:18 <kaniini> just not as default (for us)
2017-04-27 20:22:31 <Shiz> it can even be in the kernel but not active by default
2017-04-27 20:22:33 <Shiz> surely it has a sysctl toggle
2017-04-27 20:22:38 <kaniini> Yama + AppArmor is more familiar to what people get out of grsec kernels right now
2017-04-27 20:23:40 <kaniini> ideally, i would like personally -hardened to just be vanilla except with more aggressive security selections and built with Clang+CFI
2017-04-27 20:24:04 <Shiz> personally disagree :p
2017-04-27 20:24:14 <kaniini> which despite spender's hype, is actually pretty close to what we're doing with grsec
2017-04-27 20:24:48 <kaniini> Shiz: by more aggressive security selections i mean some sort of PaX clone, etc
2017-04-27 20:24:56 <Shiz> right
2017-04-27 20:25:00 <Shiz> i understood selections as CONFIG_*
2017-04-27 20:25:02 <Shiz> lol
2017-04-27 20:25:04 <kaniini> although PaX has a lot of stuff that is not really relevant
2017-04-27 20:25:06 <kaniini> anymore
2017-04-27 20:25:42 <kaniini> IMO the most relevant part of PaX is the GCC plugins work
2017-04-27 20:25:54 <kaniini> so i am hopeful KSPP team can extract it
2017-04-27 20:26:01 <Shiz> ehh
2017-04-27 20:26:09 <Shiz> im more interested in the memory protection features
2017-04-27 20:26:11 <Shiz> lol
2017-04-27 20:28:17 <kaniini> Shiz: most of the modern memory protection features are done by the GCC plugins
2017-04-27 20:29:08 <Shiz> PAGEEXEC and MPROTECT?
2017-04-27 20:50:58 <help-im-stuck> How do I use Alpine linux as host for xen and manage it with virt-manager?
2017-04-27 21:03:12 <BitL0G1c> help-im-stuck - lookup "virsh" & libvirt - then you can manage vm's without a desktop - if you really want a desktop perhaps consider kvm https://it-offshore.co.uk/linux/alpine-linux/30-alpine-linux-spice-kvm-desktop
2017-04-27 21:09:38 <help-im-stuck> BitL0G1c, my cpu does not have support for kvm if i should belive virt-manager
2017-04-27 21:14:46 <BitL0G1c> help-im-stuck - the same cpu extensions are needed for xen too - check manually with https://www.cyberciti.biz/faq/linux-xen-vmware-kvm-intel-vt-amd-v-support/
2017-04-27 21:15:57 <qman> help-im-stuck: your CPU may have the extensions but have support disabled in BIOS
2017-04-27 21:16:20 <help-im-stuck> there must be something wrong with virt-managers cpu reporting at the time i tried it
2017-04-27 21:16:29 <help-im-stuck> I'v enabled svn in bios
2017-04-27 21:17:13 <help-im-stuck> so i guess it supports kvm..
2017-04-27 21:17:19 <help-im-stuck> it has to do :)
2017-04-27 21:17:34 <help-im-stuck> svm*
2017-04-27 21:19:50 <BitL0G1c> help-im-stuck - virsh + pac manager works well for kvm
2017-04-27 21:23:38 <help-im-stuck> on alpine?
2017-04-27 21:24:18 <help-im-stuck> I still don't understand apk fully.. and the keymap i select via setup-keymap does not stick..
2017-04-27 21:24:32 <help-im-stuck> after reboot
2017-04-27 21:32:11 <help-im-stuck> if i manage to solve that.. alpine is my choice
2017-04-27 21:32:32 <Shiz> hmm
2017-04-27 21:32:35 <Shiz> are you in a sys install?
2017-04-27 21:33:09 <help-im-stuck> yes
2017-04-27 21:33:30 <help-im-stuck> installed the xen version
2017-04-27 21:33:41 <help-im-stuck> changed to the edge repos
2017-04-27 21:33:45 <help-im-stuck> updated the system
2017-04-27 21:36:50 <help-im-stuck> and i'm looking for a firewall too, as simple as possible
2017-04-27 21:37:09 <darkfader> firewall: "awall"
2017-04-27 21:37:13 <help-im-stuck> but i need to create bridges because i'm going to virtulize pfsense
2017-04-27 21:41:35 <BitL0G1c> openvswitch works ok as a bridge - I use it with lxc - if you use libvirt it will create a nat bridge virbr0
2017-04-27 21:42:20 <help-im-stuck> yes, i know :)
2017-04-27 21:42:31 <help-im-stuck> can pacmanager handle xen then?
2017-04-27 21:43:04 <BitL0G1c> I use it with local & remote kvm without issues
2017-04-27 21:43:44 <BitL0G1c> no pac manager in alpine unfortunately - author will not provide vt libraries for musl
2017-04-27 21:45:22 <help-im-stuck> ok, but alpine got the latest libvritd in it's edge repos.. so why not use virt-manager?
2017-04-27 21:46:00 <BitL0G1c> in alpine virt manager is probably your best bet
2017-04-27 21:46:40 <BitL0G1c> i just prefer virsh in arch - less dependencies - less to go wrong
2017-04-27 21:46:50 <help-im-stuck> how would a setup look like? are there any howto's on how to get everything working? I had some problems with I/O-stuff last time i tried
2017-04-27 21:47:01 <help-im-stuck> word
2017-04-27 21:48:27 <help-im-stuck> do you have the time to be some kind of moral support?
2017-04-27 22:10:17 <help-im-stuck-ag> BitL0G1c :)
2017-04-27 22:11:30 <help-im-stuck-ag> when setup-alpine are about to partition the disk it says failed to add partition invalid argument
2017-04-27 22:14:01 <help-im-stuck-ag> fixed it
2017-04-27 22:16:01 <BitL0G1c> help-im-stuck-ag - rebooting the vm normally does - these scripts may be useful for installing https://it-offshore.co.uk/linux/alpine-linux/25-alpine-linux-luks-encrypted-installations
2017-04-27 22:26:46 <help-im-stuck-ag> BitL0G1c, nice, but the biggest problem i'v got now is that my settings aren't saved. Like which network card to use or the keymap
2017-04-27 22:28:31 <BitL0G1c> you are doing a sys install ? (setup-disk -m sys /mnt)
2017-04-27 22:33:01 <help-im-stuck-ag> i did it with the setup-alpine script
2017-04-27 22:33:36 <help-im-stuck-ag> and i set lbu to /var and now i'm updating the system from edge repos
2017-04-27 22:35:10 <Shiz> well
2017-04-27 22:35:18 <Shiz> setup-keymap writes to /etc
2017-04-27 22:35:21 <Shiz> so if your lbu doesn't save that :P
2017-04-27 22:35:41 <help-im-stuck-ag> I'm new to alpine :)
2017-04-27 22:36:01 <help-im-stuck-ag> Seams like an interesting project.. that's why i'm spending time with it
2017-04-27 22:36:10 <Shiz> any reason for your lbu config to not save /etc? it does that by default even iirc
2017-04-27 22:36:28 <Shiz> does lbu status -a  include anything from /etc?
2017-04-27 22:36:53 <help-im-stuck-ag> yes, alot
2017-04-27 22:36:56 <help-im-stuck-ag> allot
2017-04-27 22:37:06 <Shiz> okay, so you do save etc
2017-04-27 22:37:08 <help-im-stuck-ag> even from var/www/localhost
2017-04-27 22:37:30 <Shiz> help-im-stuck-ag: what does rc-status | grep keymaps  say?
2017-04-27 22:37:46 <Shiz> if nothing, you need to # rc-update add keymaps boot
2017-04-27 22:37:53 <Shiz> and that's the fix
2017-04-27 22:37:55 <Shiz> :P
2017-04-27 22:38:44 <help-im-stuck-ag> Shiz, it's empty
2017-04-27 22:38:52 <Shiz> there you go
2017-04-27 22:38:57 <Shiz> just add the keymaps service to boot
2017-04-27 22:39:01 <Shiz> the service that actually sets up your keymaps ;)
2017-04-27 22:39:49 <help-im-stuck-ag> keymaps already installed in runlevel 'boot' i says
2017-04-27 22:40:22 <Shiz> hmm
2017-04-27 22:40:28 <Shiz> oh right, it's a one-shot, so doesn't show in rc-status
2017-04-27 22:40:52 <Shiz> help-im-stuck-ag: does tail -n1 /etc/conf.d/keymaps  list your desired keymap?
2017-04-27 22:41:02 <Shiz> moreover, does the file it references exist?
2017-04-27 22:42:24 <help-im-stuck-ag> yes, after I runt setup-keymap it's there
2017-04-27 22:43:22 <Shiz> was it there before you did?
2017-04-27 22:44:37 <help-im-stuck-ag> did not check.. i'll reboot again.. but rc-status says that xenqemu crashed.. but that's a problem for later
2017-04-27 22:46:18 <help-im-stuck-ag> and the keymap there.. but my keyboard is still set to en/us
2017-04-27 22:46:34 <Shiz> hmm...
2017-04-27 22:46:36 <help-im-stuck-ag> the keymap is there*
2017-04-27 22:46:43 <Shiz> in /etc/conf.d/keymaps?
2017-04-27 22:46:49 <Shiz> does the boot log say anything about setting keymap?
2017-04-27 22:47:35 <help-im-stuck-ag> no, but rc-update says that the keymap is loaded on boot
2017-04-27 22:48:10 <Shiz> what about this
2017-04-27 22:48:20 <Shiz> lbu status -a | grep etc/runlevels
2017-04-27 22:48:57 <help-im-stuck-ag> nothing
2017-04-27 22:49:46 <Shiz> when is your apkovl applied?
2017-04-27 22:50:33 <help-im-stuck-ag> apkolv?
2017-04-27 22:50:40 <help-im-stuck-ag> ovl
2017-04-27 22:50:48 <Shiz> the thing that lbu generates when you do # lbu commit
2017-04-27 22:51:08 <Shiz> or # lbu package
2017-04-27 22:52:18 <help-im-stuck-ag> lbu commit gives me the help page
2017-04-27 22:52:43 <Shiz> uuh
2017-04-27 22:52:52 <help-im-stuck-ag> the keymap file is in /etc/keymap but it does not seam to be loaded
2017-04-27 22:53:00 <Shiz> do you have a sys install or a ram install
2017-04-27 22:53:25 <help-im-stuck-ag> ooh.. lbu commit said failed to mount /media/var
2017-04-27 22:53:57 <help-im-stuck-ag> it's a sys install
2017-04-27 22:54:10 <Shiz> then you don't need lbu at all
2017-04-27 22:54:12 <Shiz> lol
2017-04-27 22:54:21 <Shiz> lbu is if you're running a ram install
2017-04-27 22:55:07 <help-im-stuck-ag> so i'll setup-lbu to none then=?
2017-04-27 22:55:28 <Shiz> sure
2017-04-27 22:56:30 <help-im-stuck-ag> but the thing with my keymap is weird.. the file exist in /etc/keymap and rc-thingy says that the keymap is loaded at boot..
2017-04-27 22:56:40 <Shiz> try this
2017-04-27 22:56:57 <Shiz> zcat /etc/keymap/<your-desired-keymap>.bmap.gz | loadkmap
2017-04-27 22:57:28 <Shiz> does that fix the keymap at least?
2017-04-27 22:59:24 <help-im-stuck-ag> without doing the setup-keymap before?
2017-04-27 23:00:12 <help-im-stuck-ag> yes, it fixes the keymap
2017-04-27 23:00:38 <help-im-stuck-ag> so should i do an ungly'hack' and put that line in some rc.local-file?
2017-04-27 23:02:16 <Shiz> nah, i think i have an idea what sgoing on
2017-04-27 23:03:41 <Shiz> help-im-stuck-ag: can you paste the output of:
2017-04-27 23:03:45 <Shiz> grep rc_sys= /etc/rc.conf
2017-04-27 23:04:40 <help-im-stuck-ag> it's commented and empty
2017-04-27 23:04:48 <help-im-stuck-ag> #rc_sys=""
2017-04-27 23:04:58 <Shiz> right
2017-04-27 23:05:00 <Shiz> try to uncomment it
2017-04-27 23:05:29 <Shiz> and then reboot
2017-04-27 23:06:19 <help-im-stuck-ag> sure thing
2017-04-27 23:08:40 <help-im-stuck-ag> lol, on tty1 the keymap is really fkd up.. if i change to another tty and login.. it's the right keymap :)
2017-04-27 23:09:25 <Shiz> right, as i thought
2017-04-27 23:09:47 <Shiz> fun exercise: try commenting rc_sys= again and tell me what rc --version gives you
2017-04-27 23:09:54 <Shiz> specifically what comes after OpenRC
2017-04-27 23:11:30 <Shiz> (then comment it again)
2017-04-27 23:11:34 <help-im-stuck-ag> OpenRC [XEN0] 0.24.1...
2017-04-27 23:11:39 <Shiz> :)
2017-04-27 23:11:41 <Shiz> so what happens is
2017-04-27 23:11:50 <Shiz> it detects you're a xen dom0 and disables the keymaps initscripts
2017-04-27 23:12:08 <Shiz> because the keymaps initscript says:   keyword -openvz -prefix -uml -vserver -xenu -lxc
2017-04-27 23:12:18 <Shiz> which somehow also disables dom0
2017-04-27 23:14:13 <help-im-stuck-ag> okey
2017-04-27 23:14:21 <Shiz> so you can do two things
2017-04-27 23:14:33 <Shiz> uncomment rc_sys to set it to "" as I told you
2017-04-27 23:14:39 <Shiz> or modify the keymaps initscripts to remove that line
2017-04-27 23:14:52 <Shiz> i think it's a bug, as that shouldn't match xen0 but it does
2017-04-27 23:15:30 <Shiz> help-im-stuck-ag: oh, maybe even easier, although i'm not sure if it works:
2017-04-27 23:15:43 <Shiz> try commenting out rc_sys= in /etc/rc.conf as before
2017-04-27 23:15:52 <Shiz> but adding rc_sys="" to /etc/conf.d/keymaps
2017-04-27 23:16:01 <Shiz> that'll only set rc_sys to "" for the keymaps service
2017-04-27 23:16:12 <Shiz> not sure if it works, but worth a shot
2017-04-27 23:17:15 <help-im-stuck-ag> under the rc_sys there are a rc_tty_number=12 and it describes that it is used in consolefont, keymaps, numlock service scripts.. does it have anything to do with the keymap?
2017-04-27 23:17:53 <Shiz> not that i know of
2017-04-27 23:18:00 <Shiz> it just tells you the number of ttys it will spawn
2017-04-27 23:18:03 <Shiz> by default
2017-04-27 23:18:15 <help-im-stuck-ag> so I comment the rc_sys and add rc_sys="" in keymaps.. where the right keymap is present
2017-04-27 23:19:25 <Shiz> correct, in /etc/conf.d/keymaps
2017-04-27 23:19:45 <Shiz> with the caveat that i'm not sure if it will work
2017-04-27 23:19:47 <Shiz> :P
2017-04-27 23:19:56 <help-im-stuck-ag> oh.. there is a file in /etc/conf.d that has the name keymaps.apk.new :o
2017-04-27 23:20:31 <help-im-stuck-ag> both files are set to keymap "us"
2017-04-27 23:21:34 <Shiz> yeah you can disregard .apk.new files
2017-04-27 23:21:36 <Shiz> even delete them
2017-04-27 23:21:52 <Shiz> the important part is the KEYMAP= at the bottom of /etc/conf.d/keymaps
2017-04-27 23:21:55 <Shiz> that one is correct, right?
2017-04-27 23:22:04 <help-im-stuck-ag> no, both are wrong
2017-04-27 23:22:18 <help-im-stuck-ag> but if i change it.. and reboot.
2017-04-27 23:22:21 <Shiz> huh...
2017-04-27 23:23:36 <help-im-stuck-ag> but at the end of the keymap file there is a path to the right keymap
2017-04-27 23:23:44 <help-im-stuck-ag> the .gz  file
2017-04-27 23:23:49 <Shiz> yeah
2017-04-27 23:23:54 <Shiz> that's why i said 'at the bottom'
2017-04-27 23:23:56 <Shiz> ;)
2017-04-27 23:25:29 <help-im-stuck-ag> missed that
2017-04-27 23:26:08 <help-im-stuck-ag> so i should put rc_sys="" after the keymap link?
2017-04-27 23:29:06 <help-im-stuck-ag> or am i too tired for this right now?
2017-04-27 23:35:42 <Shiz> help-im-stuck-ag: after KEYMAP=, yes
2017-04-27 23:43:35 <help-im-stuck-ag> Shiz, it's already there.. above the keymap line
2017-04-27 23:43:51 <Shiz> rc_sys?
2017-04-27 23:44:01 <Shiz> in /etc/conf.d/keymaps?
2017-04-27 23:45:20 <help-im-stuck-ag> yes, maybe i put it there.. but still the same result
2017-04-27 23:45:31 <help-im-stuck-ag> should it be the eof?
2017-04-27 23:45:45 <Shiz> i think you put it there :P
2017-04-27 23:45:49 <Shiz> nah, it's fine if it doesn't work
2017-04-27 23:45:56 <Shiz> i thought it may work, but i guess it doesn't
2017-04-27 23:46:07 <Shiz> feel free to remove it and do either of the previous two sings i said
2017-04-27 23:46:19 <Shiz> (put rc_sys="" in /etc/rc.conf or remove the relevant keywords line from /etc/init.d/keymaps)
2017-04-27 23:55:38 <help-im-stuck-ag> how long have alping linux been around?
2017-04-27 23:59:34 <Shiz> help-im-stuck-ag: at least 10 years
2017-04-27 23:59:37 <Shiz> http://git.net/ml/linux.leaf.devel/2005-08/msg00039.html says 12
2017-04-28 00:00:23 <help-im-stuck-ag> ok, cool. But still no fix for the keymap :)
2017-04-28 00:01:09 <Shiz> did you do what I said?
2017-04-28 00:01:12 <Shiz> 01:46:19             Shiz │ (put rc_sys="" in /etc/rc.conf or remove the relevant keywords line from /etc/init.d/keymaps)
2017-04-28 00:01:35 <Shiz> did it not work?
2017-04-28 00:04:01 <help-im-stuck-ag> the relevant keywords line? the whole line? with -openvz and such?
2017-04-28 00:04:32 <Shiz> yeah
2017-04-28 00:05:37 <help-im-stuck-ag> it "works"
2017-04-28 00:05:47 <help-im-stuck-ag> but i have to change tty for it to apply
2017-04-28 00:06:19 <Shiz> that one is weird...
2017-04-28 00:06:37 <Shiz> what kind of, in your own words, fucked up, keymap do you get?
2017-04-28 00:07:15 <help-im-stuck-ag> i get ? on _
2017-04-28 00:07:34 <help-im-stuck-ag> and squares on most keys
2017-04-28 00:07:40 <Shiz> lol oh my
2017-04-28 00:08:11 <Shiz> can you blind login in that terminal and type reset<enter> in the shell?
2017-04-28 00:08:38 <help-im-stuck-ag> i can login, and i'll give it a try
2017-04-28 00:09:17 <help-im-stuck-ag> same thing
2017-04-28 00:09:54 <Shiz> wow, that is odd
2017-04-28 00:10:02 <Shiz> what if you type # service keymaps restart
2017-04-28 00:10:09 <Shiz> minus the # of course
2017-04-28 00:10:46 <help-im-stuck-ag> same thing
2017-04-28 00:10:51 <help-im-stuck-ag> but only on tty1
2017-04-28 00:11:11 <Shiz> how odd...
2017-04-28 00:11:27 <Shiz> i'd almost think this is a busybox bug
2017-04-28 00:11:45 <help-im-stuck-ag> and if i type a ' and get the > prompt i can't get out of it with ctrl+x/c
2017-04-28 00:11:55 <Shiz> hah
2017-04-28 00:12:31 <help-im-stuck-ag> maybe i should try another version of alpine.. and install xen manually
2017-04-28 00:12:54 <help-im-stuck-ag> or maybe it's the computer :o
2017-04-28 00:14:26 <Shiz> its a weird issue for sure
2017-04-28 00:15:21 <help-im-stuck-ag> I'll try another version
2017-04-28 00:17:09 <help-im-stuck-ag> standard this time
2017-04-28 00:20:09 <Shiz> i doubt it differs much there
2017-04-28 00:23:02 <help-im-stuck-ag> works -better- but i still have to change tty to get the right keymap :)
2017-04-28 00:24:06 <TemptorSent> help-im-stuck-ag : Hmm, it almost sounds like your initfs is setting the wrong keymap
2017-04-28 00:24:47 <TemptorSent> Try removing everything but the correct keymap from /etc/keymap, then doing an update-kernel
2017-04-28 00:25:06 <Shiz> TemptorSent: nothing wrong with his initfs
2017-04-28 00:25:10 <Shiz> initfs doesn't setup the keymap
2017-04-28 00:25:17 <TemptorSent> Yes, actually it does.
2017-04-28 00:25:18 <Shiz> at least, not here anymore :P
2017-04-28 00:25:36 <Shiz> huh
2017-04-28 00:25:44 <Shiz> shouldn't the openrc keymap override that?
2017-04-28 00:25:47 <Shiz> good catch nonetheless
2017-04-28 00:25:48 <TemptorSent> Or at least it can -- make sure the mkinitfs options are corret.
2017-04-28 00:26:03 <TemptorSent> the 'keymap' feature might be getting you.
2017-04-28 00:26:06 <Shiz> no you're right, it does always set the keymap if it has keymap files
2017-04-28 00:26:13 <Shiz> good catch
2017-04-28 00:26:33 <TemptorSent> Yeah, I've been having fun trying to fix the brandeadness there.
2017-04-28 00:27:15 <TemptorSent> That's part of the whole pile of problems with what's configuration and what's installation.
2017-04-28 00:27:30 <TemptorSent> And one of the reasons mkinitfs breaks things badly at random.
2017-04-28 00:27:37 <help-im-stuck-ag> TemptorSent, when I runt setup-keymap i downloads just the one file for my keyboard
2017-04-28 00:28:02 <TemptorSent> You install some new package, and then mkinitfs uses a file it never had before and boom, no boot :)
2017-04-28 00:28:03 <help-im-stuck-ag> it*
2017-04-28 00:28:18 <TemptorSent> take a look in /etc/keymap and make sure that's the only thing there.
2017-04-28 00:28:34 <help-im-stuck-ag> yes, it's the only file there
2017-04-28 00:28:49 <TemptorSent> then run update-kernel or mkinitfs directly to make sure that's what's built into the initfs, not possibly somethign else.
2017-04-28 00:28:50 <help-im-stuck-ag> sv-latin1.bmap.gz
2017-04-28 00:28:57 <Shiz> before oyu run that
2017-04-28 00:28:59 <Shiz> first
2017-04-28 00:29:07 <Shiz> grep keymap /etc/mkinitfs/mkinitfs.conf
2017-04-28 00:29:08 <TemptorSent> You can look at your initfs
2017-04-28 00:29:12 <Shiz> return anything?
2017-04-28 00:29:38 <help-im-stuck-ag> Shiz, no output
2017-04-28 00:29:47 <TemptorSent> zcat /boot/initramfs-<flavor> | cpio -tv | grep keymap
2017-04-28 00:30:54 <help-im-stuck-ag> 45852 blocks  it says
2017-04-28 00:30:57 <TemptorSent> If that returns nothing, then it's probably not an initfs problem, but best to make sure because it'd be a bitch to track down otherwise.
2017-04-28 00:31:22 <TemptorSent> Must be stderr :)
2017-04-28 00:31:53 <TemptorSent> Okay, carry on with beating up on init scripts (maybe inittab?)
2017-04-28 00:32:45 <TemptorSent> Hmm, tty1 is initilized before the openrc scripts run, and I suspect not closed and reinitilized at any point, which may be the issue.
2017-04-28 00:32:59 <Shiz> i don't think it needs to be, though
2017-04-28 00:33:12 <TemptorSent> Open FDs.
2017-04-28 00:33:23 <Shiz> his keymap wasn't messed up before the keymaps initscript ran
2017-04-28 00:34:04 <TemptorSent> Right, it works fine for newly initilized ttys, but not for changing the existing one it sounds like.
2017-04-28 00:34:43 <TemptorSent> So it's biting the dust on updating the current tty.
2017-04-28 00:35:22 <TemptorSent> help-im-stuck-ag If you exit the shell in term 1, does it respawn with the right keymap?
2017-04-28 00:35:36 <help-im-stuck-ag> i'll try
2017-04-28 00:36:07 <TemptorSent> If so, it's in getty, and maybe needs looking at by dalias.
2017-04-28 00:36:31 <Shiz> i mean, this wouldn't be a musl issue - tty handling is done in the kernel
2017-04-28 00:36:47 <Shiz> all loadkmap does is send some ioctl()s
2017-04-28 00:36:54 <help-im-stuck-ag> could it be my cheap usb keyboard i'm using?
2017-04-28 00:36:59 <TemptorSent> The tty handling itself yes, but the call to push the console status is what I'm thinking.
2017-04-28 00:37:12 <Shiz> that's just an ioctl()
2017-04-28 00:37:17 <Shiz> gets sent straight to kernel
2017-04-28 00:37:29 <Shiz> just looked at loadkmap.c :P
2017-04-28 00:37:30 <TemptorSent> Okay, and the respawning?
2017-04-28 00:37:32 <Shiz> help-im-stuck-ag: unlikely
2017-04-28 00:37:39 <Shiz> there is no respawning
2017-04-28 00:37:44 <help-im-stuck-ag> no, still the same problem after logging in to tty1 and logging out, and then logging in again
2017-04-28 00:37:58 <TemptorSent> Okay, just making sure it wasn't something simple.
2017-04-28 00:38:11 <help-im-stuck-ag> :)
2017-04-28 00:38:46 <TemptorSent> Hmm, what happens if you point loadkeymap at /dev/console?
2017-04-28 00:38:57 <Shiz> loadkmap hard-codes /dev/console
2017-04-28 00:38:59 <Shiz> actually
2017-04-28 00:39:02 <Shiz> it doesn't use your current TTY
2017-04-28 00:39:24 <Shiz> https://github.com/mozilla-b2g/busybox/blob/master/libbb/get_console.c#L39
2017-04-28 00:39:26 <Shiz> function used by it
2017-04-28 00:39:31 <TemptorSent> Gotcha.
2017-04-28 00:40:01 <Shiz> it tries /dev/console, /dev/tty and /dev/tty again
2017-04-28 00:40:47 <help-im-stuck-ag> I've really got the taste for alpine, it's small and have allot of updated software, just what i anyone would fall in love with.. so it's a shame that the keymap bugs out
2017-04-28 00:40:59 <help-im-stuck-ag> -i
2017-04-28 00:41:01 <TemptorSent> Hmm, I wonder if there's something in that sequence that's causing it... let's see.
2017-04-28 00:42:12 <TemptorSent> Um, what are perms on /dev/console at boot? I'm betting it can't open /dev/console for writing and fails to the next on tty1...\
2017-04-28 00:42:24 <Shiz> it won't fail to tty1
2017-04-28 00:42:33 <Shiz> it tries /dev/console, /dev/tty and /dev/tty
2017-04-28 00:42:35 <Shiz> not tty1
2017-04-28 00:42:53 <TemptorSent> Right, but if you're sitting on tty1, it's going to fail to open /dev/console, and proceed to the next.
2017-04-28 00:43:01 <Shiz> right, to /dev/tty
2017-04-28 00:43:04 <Shiz> not /dev/tty1 :P
2017-04-28 00:43:12 <Shiz> but /dev/console params are 0600
2017-04-28 00:43:14 <Shiz> so it shouldn't fail
2017-04-28 00:43:18 <Shiz> as loadkmap is invoked as root
2017-04-28 00:43:18 <TemptorSent> Then, later, /dev/console is used again...
2017-04-28 00:43:46 <TemptorSent> Open FD...
2017-04-28 00:43:57 <TemptorSent> From init.
2017-04-28 00:44:14 <Shiz> ?
2017-04-28 00:44:20 <TemptorSent> Init should close all file descriptors before finishing, but may not..
2017-04-28 00:44:25 <Shiz> uhm
2017-04-28 00:44:32 <TemptorSent> To /dev/console
2017-04-28 00:44:35 <Shiz> the initramfs init process exits
2017-04-28 00:44:39 <Shiz> and thus the kernel closes all its fds
2017-04-28 00:44:44 <Shiz> nothing special about this
2017-04-28 00:44:56 <TemptorSent> I mean openrc init.
2017-04-28 00:45:28 <Shiz> immunity:~# echo 1 > /dev/console
2017-04-28 00:45:30 <Shiz> immunity:~# echo $?
2017-04-28 00:45:32 <Shiz> 0
2017-04-28 00:45:34 <Shiz> :P
2017-04-28 00:45:45 <TemptorSent> At the time the keymap is loaded, is /sbin/init holding the fd for /dev/console open?
2017-04-28 00:46:03 <TemptorSent> Like since there is no logging target...
2017-04-28 00:46:37 <Shiz> btw it doesnt even try /dev/console on my machine
2017-04-28 00:46:39 <Shiz> just /dev/tty
2017-04-28 00:46:43 <Shiz> # zcat /etc/keymap/us.bmap.gz | strace -e open loadkmap
2017-04-28 00:46:45 <Shiz> open("/dev/tty", O_RDWR)                = 3
2017-04-28 00:46:47 <Shiz> open("/dev/tty0", O_RDWR)               = 3
2017-04-28 00:46:52 <TemptorSent> Hmm...
2017-04-28 00:47:12 <TemptorSent> help-im-stuck-ag : Can you run the same strace?
2017-04-28 00:47:43 <TemptorSent> (with appropriate keymap of course)
2017-04-28 00:47:52 <Shiz> ah
2017-04-28 00:47:59 <Shiz> that's because it opens its options in reverse order
2017-04-28 00:48:07 <Shiz> first it tries /dev/tty, then /dev/tty, then /dev/console
2017-04-28 00:48:12 <TemptorSent> Possible bug?
2017-04-28 00:48:25 <Shiz> no, i think it's intentional
2017-04-28 00:48:32 <TemptorSent> Or at least causing an issue if /dev/console is in use?
2017-04-28 00:48:52 <Shiz> no, because it always tries /dev/tty first
2017-04-28 00:48:54 <Shiz> lol
2017-04-28 00:49:27 <TemptorSent> I mean does it ever set /dev/console if it's attached?
2017-04-28 00:49:44 <Shiz> no
2017-04-28 00:49:59 <help-im-stuck-ag> TemptorSent, it gives me open "dev/tty", o_rdwd = 3 exited with 0
2017-04-28 00:50:17 <TemptorSent> No /dev/tty0?
2017-04-28 00:50:21 <help-im-stuck-ag> no
2017-04-28 00:50:39 <Shiz> im not quite sure why it even attempts tty0 on my host too
2017-04-28 00:50:48 <TemptorSent> Hmm... looks like /dev/tty isn't mapping to the real tty device on your system
2017-04-28 00:51:03 <Shiz> how do you infer?
2017-04-28 00:51:29 <TemptorSent> Shiz: Because it resolves the actual tty console device from the reference in /dev/tty (or /dev/console)
2017-04-28 00:51:34 <Shiz> wut
2017-04-28 00:52:04 <Shiz> on MY device tty is not mapped to a rael tty device
2017-04-28 00:52:06 <Shiz> on his it is
2017-04-28 00:52:13 <Shiz> from strace without -e open:
2017-04-28 00:52:15 <Shiz> open("/dev/tty", O_RDWR)                = 3
2017-04-28 00:52:17 <Shiz> ioctl(3, KDGKBTYPE, 0x3b712a453e7)      = -1 ENOTTY (Not a tty)
2017-04-28 00:52:19 <Shiz> close(3)
2017-04-28 00:52:21 <Shiz> :P
2017-04-28 00:52:24 <Shiz> if his only attempts /dev/tty, it is a TTY
2017-04-28 00:52:57 <TemptorSent> Right, bit it appears his vt isn't actually mapped to the console by /dev/tty
2017-04-28 00:53:28 <help-im-stuck-ag> it's 3 in the morning here.. and i'm tired and i don't want to take more adhd meds..need to rest :p but i'll be here tomorrow trying to figure out some more.
2017-04-28 00:53:53 <Shiz> sleep well!
2017-04-28 00:53:57 <help-im-stuck-ag> thank's for the feedback guys :)
2017-04-28 00:54:10 <help-im-stuck-ag> you too, when it's time
2017-04-28 00:54:19 <TemptorSent> help-im-stuck-ag: No problem, the solution may strike you in the morning :)
2017-04-28 00:54:30 <help-im-stuck-ag> hope so :)
2017-04-28 00:54:48 <TemptorSent> Ah, corner cases - what fun :)
2017-04-28 00:55:16 <emacsoma`> is there any easy/straightforward way of installing alpine w/ a zfs root?
2017-04-28 00:56:38 <Shiz> emacsoma`: point setup-disk to a previously setup mounted root part
2017-04-28 00:56:44 <Shiz> by previously setup i mean file system setup
2017-04-28 00:56:53 <TemptorSent> Not entirely straightforward at current, but it's not too difficult. You will need a separate boot device.
2017-04-28 00:56:54 <Shiz> and add zfs to features="..." in /etc/mkinitfs/mkinitfs.conf
2017-04-28 00:56:59 <Shiz> TemptorSent: is that so?
2017-04-28 00:57:08 <Shiz> i thought the mkinitfs could handle it with the zfs feature being landed
2017-04-28 00:57:17 <emacsoma`> when I've tried to install to a zfs disk before, it complains that zfs is not an allowed fs
2017-04-28 00:57:21 <TemptorSent> Not quite entirely.
2017-04-28 00:57:52 <ogres> anyone selling boards?
2017-04-28 00:57:58 <ogres> raspi/orangepi, or any alt;s
2017-04-28 01:03:46 <TemptorSent> (sorry, had to help lay up a sheet of sheetrock real quick)
2017-04-28 01:04:52 <TemptorSent> The initfs itself should handle things okay, but the bootloader options need to be modified and you need to use a boot device with the kernel and initramfs to allow zfs full-disk access.
2017-04-28 01:05:30 <emacsoma`> TemptorSent: is it just a matter of editing the shell script and adding 'zfs' to allowed options?
2017-04-28 01:05:54 <TemptorSent> I haven't used the installer as such, I just did it from a live boot :)
2017-04-28 01:06:12 <Shiz> so why do you need to use a separate boot device?
2017-04-28 01:06:21 <Shiz> shouldn't the initfs already load the zfs kern mod?
2017-04-28 01:06:29 <emacsoma`> TemptorSent: Right, I mean from a live boot, but you didn't use the 'install to disk' option after that?
2017-04-28 01:06:34 <TemptorSent> Because I'm not aware of any of our bootloaders that know how to read ZFS directly
2017-04-28 01:07:01 <TemptorSent> I just mounted it and installed to a new root
2017-04-28 01:07:06 <emacsoma`> TemptorSent: I think GRUB might be able to
2017-04-28 01:07:07 <TemptorSent> from single-user.
2017-04-28 01:07:30 <TemptorSent> I'll have to look at it -- it still didn't work last I tried, but it's been a while.
2017-04-28 01:07:55 <Shiz> ah right
2017-04-28 01:08:00 <Shiz> extlinux needs to support zfs
2017-04-28 01:08:03 <Shiz> right about that
2017-04-28 01:08:07 <Shiz> forgot that detail
2017-04-28 01:08:36 <TemptorSent> But that's the biggest limitation. I think grub works for mirrored or individual disks under zfs, but didn't do raidz last I checked.
2017-04-28 01:08:44 <TemptorSent> Yeah, minor, but important detail.
2017-04-28 01:09:07 <emacsoma`> TemptorSent: ah
2017-04-28 01:09:29 <TemptorSent> So basically what I did was installed as normal to my boot device, then in single user moved everything to my zfs root.
2017-04-28 01:09:48 <emacsoma`> TemptorSent: ok, that's what I was in the middle of doing
2017-04-28 01:10:01 <TemptorSent> It works, but is sub-optimal.
2017-04-28 01:10:02 <emacsoma`> TemptorSent: is that the easier way?
2017-04-28 01:10:07 <emacsoma`> *easiest
2017-04-28 01:10:24 <TemptorSent> I'm working on a better solution in mkimage, but initfs work is also needed to make it reliablally installable.
2017-04-28 01:11:19 <TemptorSent> ZFS isn't like other mounts, it wants to CREATE the mount point, not mount to it, so you have to wipe the root clean then do your zfs dataset building, then copy back.
2017-04-28 01:12:03 <TemptorSent> the current initramfs init script doesn't play nicely with that.
2017-04-28 01:12:42 <TemptorSent> So you have problems if you have a dataset for say /bin or /tmp
2017-04-28 01:13:20 <TemptorSent> In fact, there are a number of places that assumptions are made about mountpoint behavior that breaks things under zfs.
2017-04-28 01:14:00 <emacsoma`> ok
2017-04-28 01:14:02 <TemptorSent> So I'm not sure the existing setup-disk will work properly on zfs, depending on your hierarchy.
2017-04-28 01:14:19 <TemptorSent> We almost need to do a mkdir wrapper.
2017-04-28 01:14:28 <emacsoma`> TemptorSent:so just doing an install to another fs and then copying it over is the best bet?
2017-04-28 01:14:57 <TemptorSent> You can just get a minimal boot, mount it, and install with apk.
2017-04-28 01:15:22 <TemptorSent> No real magic to the installer.
2017-04-28 01:15:45 <TemptorSent> Once you've got it mounted, exit single and proceed as normal.
2017-04-28 01:16:09 <TemptorSent> Your boot is already setup, so the rest is just a matter of installing the components you want.
2017-04-28 01:16:16 <emacsoma`> TemptorSent: ok
2017-04-28 01:16:30 <TemptorSent> Don't foreget to fix fstab and get rid of the old-style mounts.
2017-04-28 01:16:51 <TemptorSent> And swapfiles are a no-no on zfs, so use a zvol instead.
2017-04-28 01:17:06 <emacsoma`> TemptorSent: right, the other zfs stuff I think I have a handle on
2017-04-28 01:17:44 <TemptorSent> Yeah, just make sure nothing automatic takes too much for granted and you should be good from there.
2017-04-28 01:18:20 <emacsoma`> TemptorSent: Right. Ta.
2017-04-28 01:20:27 <TemptorSent> zfs create -p is your friend :)
2017-04-28 01:22:03 <emacsoma`> TemptorSent: for creating nested datasets?
2017-04-28 01:22:07 <TemptorSent> So build a list of your leaf nodes and create the entire tree, then do the copy.
2017-04-28 01:22:24 <emacsoma`> TemptorSent: you mean /bin, /usr &c.?
2017-04-28 01:22:36 <TemptorSent> Yeah, the entire fs if you so choose.
2017-04-28 01:22:55 <TemptorSent> That lets you snapshot any directory at any point instantly
2017-04-28 01:23:27 <TemptorSent> Especially things such as /home
2017-04-28 01:23:42 <TemptorSent> and /var
2017-04-28 01:23:46 <emacsoma`> TemptorSent: I'm still figuring out which directories should be their own datasets. I get the general notion of being to snapshot things separately.  (/home, of course)
2017-04-28 01:23:57 <emacsoma`> TemptorSent: /var because of logs, no?
2017-04-28 01:25:17 <TemptorSent> Not just /var, you want the entire tree under seperate datasets, so /var /var/log /var/cache /var/tmp /var/spool, and their subdirectories as well, such as /var/spool/mqueue /var/cache/apk, etc.
2017-04-28 01:26:07 <TemptorSent> In zfs speak, zfs create -p is pretty much equal to mkdir -p :)
2017-04-28 01:27:53 <emacsoma`> TemptorSent: right - that's the sort of thing I'm still figuring out: which subdirectories make sense as separate datasets. So for /var, in theory, lots of separate datasets could be useful it seems.
2017-04-28 01:29:08 <TemptorSent> Even system directories, including /lib /etc and /bin are quite useful, as you can easily rollback changes or take diffsets
2017-04-28 01:29:50 <TemptorSent> In fact, you probably want each config directory in /etc it's own dataset
2017-04-28 01:30:01 <emacsoma`> TemptorSent: So far on my systems, I've just used a zfs /home (with various subdirectories as datasets), but of course having a zfs root is really useful, as you say, for rolling back system changes
2017-04-28 01:30:34 <TemptorSent> It's great for development, because you can REALLY test things live, and have a quick rollback if you need it.
2017-04-28 01:31:02 <TemptorSent> Or clone it, or zfs-send it or whatever.
2017-04-28 01:31:37 <emacsoma`> TemptorSent: it's been great for my the /home's of my systems, just to make incremental backups easy as well as facilitating easy recovery when I do something stupid (deleting something I didn't intend to)
2017-04-28 01:31:50 <TemptorSent> The reason it's good to have tight datasets is because you can then zfs send/receive that dataset easily for configuration changes.
2017-04-28 01:32:25 <TemptorSent> So a backup plan reduces to a chron job and a list of datasets to sync :)
2017-04-28 01:33:09 <TemptorSent> And with small datasets, you can roll forward what works and drop what doesn't easily.
2017-04-28 01:34:59 <emacsoma`> TemptorSent: I've been using znapzend for nice automated incremental backup of non-system stuff (/home and music & media &c.)
2017-04-28 01:57:38 <TemptorSent> Nice emacsoma`, just extend that to the rest of your system and you're set.
2017-04-28 02:03:03 <TemptorSent> But wow, that's a sickening use of PERL!
2017-04-28 02:05:45 <TemptorSent> I like the concept, but I'm not so sure on the implementation.
2017-04-28 02:12:52 <emacsoma`> TemptorSent: It's worked well so far. I haven't really looked at the underlying code.
2017-04-28 02:13:44 <nwmcsween> does zol still have it's own page cache?
2017-04-28 02:15:50 <nwmcsween> which is imo broken
2017-04-28 02:16:26 <TemptorSent> Hmm, I'd have to look... Last I checked it was pretty much directly ported, but there may have been some modifications.
2017-04-28 02:16:41 <TemptorSent> What was broken about the page cache?
2017-04-28 02:17:58 <nwmcsween> it doesn't use it
2017-04-28 02:18:06 <nwmcsween> it uses it's own
2017-04-28 02:18:21 <TemptorSent> Well, no, it uses the adaptaive replacement cache.
2017-04-28 02:21:09 <TemptorSent> Which does a good deal more than just cache pages.
2017-04-28 02:21:36 <TemptorSent> If anything, the kernel has a bug with memory allocation biasing.
2017-04-28 02:21:56 <nwmcsween> arc is an algorithm
2017-04-28 02:22:03 <nwmcsween> a page cache algorithm
2017-04-28 02:22:17 <nwmcsween> well not page cache exactly
2017-04-28 02:22:21 <nwmcsween> but like lru
2017-04-28 02:22:23 <TemptorSent> It caches not just pages, but other metadata.
2017-04-28 02:22:56 <TemptorSent> And that's where much of the ZFS magic lies, especially things like dedup (although I'd very rairly recommend using that particular feature)
2017-04-28 02:50:40 <TemptorSent> Hmm, it looks like grub2 *might* support raidz... documentation is non-existent :/
2017-04-28 02:52:17 <TemptorSent> Ahh, it appears raidz1, raidz2, and raidz3 modes are supported
2017-04-28 02:54:20 <TemptorSent> In that case, we should be able to support complete zfs-only systems.
2017-04-28 02:54:49 <TemptorSent> May be EFI only for that?
2017-04-28 02:56:05 <Shiz> why EFI only
2017-04-28 02:57:55 <TemptorSent> Because it doesn't appear that zfs can support the bios booting scheme, while it supports GPT with EFI system partition natively.
2017-04-28 03:04:07 <Shiz> wut
2017-04-28 03:04:17 <Shiz> what does it need to support it
2017-04-28 03:04:58 <TemptorSent> The feature request was closed with will-not-implement, so that's not happening :)
2017-04-28 03:05:18 <TemptorSent> Something about mirroring MBRs
2017-04-28 03:05:46 <TemptorSent> see zfsonlinux issue $1061
2017-04-28 03:07:08 <TemptorSent> Best bet is to use a boot device for kernel/initfs, next is to partition the drives and loose some of the zfs awesomeness.
2017-04-28 03:12:09 <TemptorSent> Poking will be needed.
2017-04-28 03:13:59 <TemptorSent> I think we might be able to coerce grub2 actually, but I'm not sure how sane that would end up.
2017-04-28 03:15:35 <TemptorSent> If you can get a system to boot from an GPT-only drive with no boot partition, then it should work, but it seems many systems won't try without the protective MBR, which breaks things IIRC.
2017-04-28 03:16:11 <TemptorSent> The other trick is we need a way of installing grub to ALL devices in the raid every time.
2017-04-28 03:16:44 <TemptorSent> So there is some minor insanity to fix to make it work, and then it won't work everywhere.
2017-04-28 03:16:58 <TemptorSent> But it still would be great to have where it can be used.
2017-04-28 03:20:10 <TemptorSent> Shiz: If you're bored, take a look at grub2 a test zfs raidz2 pool on a few usb sticks. I bet you can figure out a way to make it work, it just won't be "supported" by ZoL officially at the moment.
2017-04-28 03:20:49 <TemptorSent> Perhaps port beadm?
2017-04-28 03:26:08 <kaniini> grub2 boots off zfs just fine
2017-04-28 03:27:49 <TemptorSent> kaniini: Right, looking at raidz in whole-disk use.
2017-04-28 03:29:04 <TemptorSent> So if the first disk in the array fails, it still boots.
2017-04-28 03:30:05 <TemptorSent> It's not really a zfs issue, its more of a question of configuring grub on multiple disks in a ZFS friendly manner.
2017-04-28 03:30:37 <TemptorSent> Since it looks like the parity support is now grub2.
2017-04-28 03:31:18 <TemptorSent> The case that doesn't work without some effort is a BIOS boot that doesn't support GPT tables and EFI boot partition
2017-04-28 03:32:24 <TemptorSent> The rest should just be a matter of installing the grub stage1 (or whatever grub2 calls it) to all devices in the array.
2017-04-28 03:36:53 <TemptorSent> kaniini: I'd love to know of an easy way - unfortunately the grub2 docs suck in that respect.
2017-04-28 03:43:09 <TemptorSent> kaniini: Might as well... After all, it can't break any worse, right?
2017-04-28 03:44:03 <kaniini> wrong channel :P
2017-04-28 03:44:21 <TemptorSent> *lol*
2017-04-28 04:01:35 <imnotarobot> i see lots of "armhf" on https://www.alpinelinux.org/downloads/
2017-04-28 04:01:45 <imnotarobot> which arm instruction set version is that?
2017-04-28 04:02:02 <TemptorSent> ARM HardFloat ABI
2017-04-28 04:02:14 <imnotarobot> sure, but which number?
2017-04-28 04:02:41 <TemptorSent> I'm not sure what the minimal instruction set supported is.
2017-04-28 04:04:21 <TemptorSent> It looks like arm6/arm7 with hardfloat
2017-04-28 04:08:44 <imnotarobot> arm6 or armv6?
2017-04-28 04:09:45 <TemptorSent> imnotarobot see https://wiki.alpinelinux.org/wiki/Alpine_on_ARM for devices, armv6 it appears.
2017-04-28 04:11:06 <imnotarobot> :(
2017-04-28 06:50:15 <xentec> TemptorSent: quite hidden, but the clearest reference is https://git.alpinelinux.org/cgit/abuild/tree/functions.sh.in#n6 ;)
2017-04-28 08:31:07 <Ayyad> Is there any news thread that I can follow with regards to how alpine linux is planning to deal with the grsec news?
2017-04-28 08:34:33 <clandmeter> mailing list is your best bet
2017-04-28 08:35:49 <voidsyntax> wheeee
2017-04-28 08:36:09 <voidsyntax> so this setup here is pretty nice.
2017-04-28 08:37:03 <voidsyntax> just a tiny alpine linux VM i set up automated via a script. ipv6 connectivity via a layer 2 VPN, static ipv6 address incl. reverse DNS, running at home on a little KVM virtualization host built out of electronic waste.
2017-04-28 08:37:45 <voidsyntax> actually with a custom init-script for my peervpn vpn daemon that automatically respawns it when it dies.
2017-04-28 08:37:56 <voidsyntax> i'm impressed how well this setup works.
2017-04-28 08:38:18 <voidsyntax> so yes thank you for this good usable operating system.
2017-04-28 08:38:20 <Ayyad> clandmeter, thank you
2017-04-28 08:38:22 <voidsyntax> <3
2017-04-28 08:39:14 <Shiz> :)
2017-04-28 08:39:21 <Shiz> good to see it works for you
2017-04-28 08:41:08 <voidsyntax> it's perfect for little kvm hosts for me.
2017-04-28 08:41:32 <voidsyntax> i'm fairly impressed by it. also all issues i had with prior versions are solved for me.
2017-04-28 08:41:41 <voidsyntax> nice!
2017-04-28 08:42:41 <voidsyntax> i want plush print t-shirts btw!
2017-04-28 10:09:35 <help-im-stuck> hello world
2017-04-28 10:13:11 <Shiz> goodbye sweet world
2017-04-28 10:14:47 <help-im-stuck> are you still awake?
2017-04-28 10:16:42 <help-im-stuck> did you calibrate more about tty:s and such last night?
2017-04-28 10:19:42 <help-im-stuck> I gave my "pant" to a begger today
2017-04-28 10:19:54 <help-im-stuck> she got happy :)
2017-04-28 10:20:59 <help-im-stuck> pant = recycled soda cans and beer cans and such.. we pay 1sek more for every bottle/can we buy and then we take the empty cans back to the store and get the 1 sek back. Good for the environment
2017-04-28 10:38:05 <war10ck_> hey guys, has anybody of you managed to get the alpine standard iso image on an usb stick and to boot it with the console=ttyS0 parameter?
2017-04-28 10:38:26 <war10ck_> want to install it on a pcengines apu2c4 board that has only a serial output
2017-04-28 10:38:48 <_ikke_> war10ck_: something like described at https://wiki.alpinelinux.org/wiki/Enable_Serial_Console_on_Boot has worked for me
2017-04-28 10:40:34 <war10ck_> _ikke_: yeah i already saw that
2017-04-28 10:40:49 <war10ck_> but i want the installation image to use the ttyS0
2017-04-28 10:43:22 <_ikke_> That should work too
2017-04-28 13:47:08 <help-im-stuck> how do I open a port in awall?
2017-04-28 13:53:04 <TBB> you make ahole
2017-04-28 13:53:11 <TBB> (sorry, couldn't resist)
2017-04-28 13:55:33 <help-im-stuck> lol
2017-04-28 13:57:13 <fcolista> TBB rotfl
2017-04-28 14:00:19 <scadu> XD
2017-04-28 14:05:17 <IcePic> TBB made a good start of this weekend with that joke. ;)
2017-04-28 14:11:00 <help-im-stuck> https://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall#Create_your_own_service_definitions
2017-04-28 14:11:16 <help-im-stuck> found this one.. trying to do: https://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall#Create_your_own_service_definitions
2017-04-28 14:11:23 <help-im-stuck> You can add your own service definitions into your Policy files:
2017-04-28 14:21:39 <help-im-stuck> nevermind.. found ufw in the testing repos...
2017-04-28 16:13:51 <avih> i noticed that "grsec" was changed to "hardened", but at least the initial comment said it's otherwise the same, however, htop now shows processes from other users, and previously it did not. how so?
2017-04-28 16:14:23 <avih> (not running as root)
2017-04-28 16:16:18 <avih> ok, i also have vanilla kernel and somehow by default it now uses it. previously the default was grsec, and if i manually choose hardened then it's indeed the same and i don't see other users.
2017-04-28 16:16:49 <avih> maybe i touched a config file?.. hmm
2017-04-28 16:19:31 <avih> /boot/extlinux.conf has DEFAULT menu.c32 (and menu.c32 is binary) and otherwise i don't see a directive to choose the vanilla one. it does come first at the conf file though.
2017-04-28 16:21:45 <avih> /boot/extlinux.conf.old is the same (vanilla first, grsec second), but it did boot grsec by default (assuming this file haasn't been modified at some stage)
2017-04-28 16:24:42 <avih> grr.. i don't know how to change the default. i think i once found it, but not anymore.
2017-04-28 16:39:38 <dalias> yeah iirc i was confused how to set the default too...
2017-04-28 16:39:54 <dalias> for me it wasn't grsec vs vanilla (i removed the former) but vanilla vs custom-built
2017-04-28 16:42:28 <TBB> /etc/update-extlinux.conf ?
2017-04-28 16:47:30 <dalias> oh yes
2017-04-28 16:59:54 <ncopa> so update-extlinux already handles the linux-grsec -> linux-hardened rename? thats nice
2017-04-28 17:00:30 <ncopa> oh except for picking the correct default
2017-04-28 17:00:44 <ncopa> i wonder how it deals with it if you have only linux-grsec
2017-04-28 19:26:57 <war10ck_> hey, i've just set up alpine on my apu2c4 pcengines board, everything works perfectly except the lm_sensors stuff.. as the CPU is a passive cooled one i want to monitor the temperature
2017-04-28 19:27:20 <war10ck_> i've found a bug report here: https://bugs.alpinelinux.org/issues/4657
2017-04-28 19:27:52 <war10ck_> i thought maybe you know some solution for this
2017-04-28 19:28:36 <war10ck_> i've installed lm_sensors and lm_sensors-detect, run the sensors-detect command. just the same as in the bug report
2017-04-28 19:28:40 <Shiz> maybe you just need to load the correct kernel module?
2017-04-28 19:29:13 <Shiz> does dmesg say anything?
2017-04-28 19:32:39 <war10ck_> not really
2017-04-28 19:33:17 <war10ck_> seems to be working now altough nothing changed
2017-04-28 19:33:31 <war10ck_> weird.. but thanx for the quick response :)
2017-04-28 19:43:21 <war10ck_> oh i am silly
2017-04-28 19:43:27 <war10ck_> i know why this was happening
2017-04-28 19:43:54 <war10ck_> and the guy who has written this bug report https://bugs.alpinelinux.org/issues/4657 had the same issue
2017-04-28 19:44:25 <war10ck_> when you execute the sensors command as a regular user you get the "sensors_init: Kernel interface error" error
2017-04-28 19:45:14 <war10ck_> maybe somebody in here is able to close this bug report as it could confuse other users?
2017-04-28 19:48:43 <avih> ah, just tried, note to self, after modifying /etc/update-extlinux.conf, one needs to run update-extlinux :p (it works, thanks)
2017-04-28 19:49:24 <avih> it had gesec as default
2017-04-28 19:50:02 <avih> r*
2017-04-28 20:39:49 <testerbeta> i've two questions
2017-04-28 20:40:21 <testerbeta> 1 how gonna be the alpine's reaction against the grsec's anouncement (we dont give more free kernels)
2017-04-28 20:40:54 <testerbeta> https://grsecurity.net/passing_the_baton.php
2017-04-28 20:41:06 <testerbeta> we dont have more updates (linux49)
2017-04-28 20:41:11 <testerbeta> and new kernels free (410
2017-04-28 20:41:26 <testerbeta> 2 how can i port archlinux cute apps (inox=
2017-04-28 20:41:39 <testerbeta> to         alpine with desktop (i see chromium at alpine repo
2017-04-28 20:42:11 <testerbeta> https://www.theregister.co.uk/2017/04/26/grsecurity_linux_kernel_freeloaders/
2017-04-28 21:01:37 <emacsoma`> i'm suddenly getting 'connection refused' from all of the alpine repo mirrors
2017-04-28 21:30:26 <testerbeta> emacsoma hi
2017-04-28 21:39:36 <emacsoma`> testerbeta: hi
2017-04-28 22:10:19 <testerbeta> emacsoma hi
2017-04-28 22:40:05 <Shiz> emacsoma`: still?
2017-04-29 04:31:01 <help-im-stuck> So.. why does the keymap reset on every reboot?
2017-04-29 10:07:54 <help-im-stuck> so.. I need some serious guidelines here..
2017-04-29 10:08:35 <help-im-stuck> Can't find much info on how to use alpine xen with virt-manager and libvirtd..
2017-04-29 10:09:21 <help-im-stuck> even thou the latest libvirtd packages are available at the edge repos
2017-04-29 11:28:38 <medivih> Hello
2017-04-29 11:29:32 <medivih> I'm trying to install Alpine on virtualBox, and got a lot of errors, I can't find nothing on documentations, Could you please help me?
2017-04-29 11:31:16 <medivih> "ERROR: unsatisfiable constraints:
2017-04-29 11:31:27 <medivih> docker(missing)
2017-04-29 11:31:50 <medivih> required by: world[docker]
2017-04-29 11:33:05 <medivih> So I've add http://dl-cdn.alpinelinux.org/alpine/edge/community on /etc/apk/repositories
2017-04-29 11:33:13 <medivih> but got still errors
2017-04-29 11:37:26 <medivih> WARNING: Ignoring APKINDEX.b53994b4.tar.gz No such file or directory -  and followed by "ERROR: unsatisfiable constraints:"docker(missing) required by: world[docker]
2017-04-29 11:41:56 <medivih> nobody?
2017-04-29 11:54:24 <_ikke_> did you run apk update after you added the repository?
2017-04-29 11:55:26 <medivih> got same error
2017-04-29 11:58:55 <medivih> yes, I've ran, got same "WARNING: Ignoring APKINDEX.b53994b4.tar.gz No such file or directory"
2017-04-29 12:00:32 <_ikke_> That's just a warning, nothing serious
2017-04-29 12:00:56 <medivih> yeah, but I can't install docker :(
2017-04-29 12:01:10 <medivih> ERROR: unsatisfiable constraints:"docker(missing) required by: world[docker]
2017-04-29 12:01:23 <_ikke_> medivih: can you try a different mirror (not dl-cdn)?
2017-04-29 12:01:33 <medivih> sure, which one?
2017-04-29 12:01:54 <_ikke_> Just any one from http://dl-cdn.alpinelinux.org/alpine/MIRRORS.txt
2017-04-29 12:02:10 <medivih> thank you
2017-04-29 12:03:40 <medivih> Same error :(
2017-04-29 12:07:46 <ncopa> medivih sounds like you have some problem with your network seup
2017-04-29 12:07:52 <ncopa> can you ping 8.8.8.8?
2017-04-29 12:07:59 <ncopa> can you ping google.com?
2017-04-29 12:08:36 <medivih> you right
2017-04-29 12:08:39 <medivih> I can't ping
2017-04-29 12:22:34 <medivih> @ncopa thank you very much!
2017-04-29 12:58:51 <xn0r> is linux-virtgrsec being superseded by linux-virthardened?
2017-04-29 12:59:20 <xn0r> linux-virtgrsec is ~40 MB while the hardened is ~80 MB .. why?
2017-04-29 13:10:22 <_ikke_> xn0r: virt ommits some things
2017-04-29 13:12:48 <_ikke_> hardened supersedes grsec
2017-04-29 14:15:29 <xn0r> _ikke_: but why is virthardened 2x the sizè installed?
2017-04-29 14:17:37 <ncopa> xn0r: did the virthardened kernel go up from 40 -> 80 MB?
2017-04-29 14:17:45 <ncopa> that sounds like a bug
2017-04-29 14:18:36 <xn0r> https://pkgs.alpinelinux.org/package/v3.5/main/x86_64/linux-virtgrsec
2017-04-29 14:18:43 <xn0r> https://pkgs.alpinelinux.org/package/edge/main/x86_64/linux-virthardened
2017-04-29 14:25:26 <ncopa> do you have the size for the previous linux-virtgrsec? eg 4.9 kernel
2017-04-29 14:25:41 <ncopa> might be introduced with the upgrade to 4.9
2017-04-29 14:45:38 <ncopa> seems like every kernel module has doubled its size
2017-04-29 14:45:53 <ncopa> i wonder if its rap
2017-04-29 14:50:05 <dirac1> hi ncopa, there has been doubts about what will happen with the modified grsec kernel used by Alpine after the grsec news.
2017-04-29 14:50:28 <ncopa> dirac1 im in doubt myself
2017-04-29 14:50:47 <ncopa> for now i want try maintain a port
2017-04-29 14:51:18 <ncopa> xn0r the size of kernel modules has doubled from 4.4 to 4.9
2017-04-29 14:51:25 <ncopa> i dont know why yes
2017-04-29 14:51:27 <ncopa> yet*
2017-04-29 14:51:32 <dirac1> Oh ok.. well.
2017-04-29 14:51:47 <xn0r> ncopa: I see, that is a bit strange
2017-04-29 14:51:59 <ncopa> xn0r yes indeed
2017-04-29 14:52:05 <ncopa> im trying figure out why
2017-04-29 14:52:18 <ncopa> might be debuggin symbols or something got enabled by mistake
2017-04-29 14:52:33 <ncopa> or it is RAP
2017-04-29 14:53:19 <ncopa> in any case, its not the virtgrsec -> virthardened rename
2017-04-29 15:25:07 <ekarlso> how do you run ldconfig to link libraries in alpine  ?
2017-04-29 15:26:43 <Shiz> there is no ldconfig in alpine, as it's not needed
2017-04-29 15:26:51 <Shiz> or rather, it exists but it does almost nothing
2017-04-29 15:27:33 <ekarlso> Shiz: hmm then why are my libs not found ?
2017-04-29 15:27:45 <Shiz> i don't know, where are they located
2017-04-29 15:27:47 <ekarlso> /usr/bin/ld: warning: libgrpc++.so.1, needed by gateway, not found (try using -rpath or -rpath-link)
2017-04-29 15:27:57 <ekarlso> /usr/lib
2017-04-29 15:28:21 <Shiz> what's your ld command line
2017-04-29 15:31:05 <ekarlso> Shiz: I was just running "ld binary"
2017-04-29 15:31:12 <ekarlso> to see what it was linked towards
2017-04-29 15:31:21 <Shiz> you probably want to use ldd for that
2017-04-29 15:31:23 <Shiz> not ld
2017-04-29 15:31:29 <Shiz> that's something entirely different
2017-04-29 15:31:37 <ekarlso> hmm, ah
2017-04-29 15:31:48 <ekarlso> do I need to set LD_LIBRARY_PATH for it to be found or ?
2017-04-29 15:31:59 <Shiz> you shouldn't need to
2017-04-29 15:32:02 <Shiz> try seeing what ldd tells you
2017-04-29 15:35:14 <dalias> what are you trying to do?
2017-04-29 15:35:55 <ekarlso> https://pastebin.com/GgADPi9j
2017-04-29 15:36:06 <ekarlso> seems the libgrpc files are missing
2017-04-29 15:37:32 <Shiz> right
2017-04-29 15:37:41 <Shiz> is this binary from an alpine package or?
2017-04-29 15:38:27 <ekarlso> Shiz: no I have made a package for grpc github.com/ekarlso/alpine-grpc.git
2017-04-29 15:39:00 <Shiz> in that case you should also package libgrpc++, it seems
2017-04-29 15:39:39 <ekarlso> Shiz: well, https://pastebin.com/jitQwJWN
2017-04-29 15:39:54 <Shiz> right
2017-04-29 15:40:01 <Shiz> it's linked against libgrpc++.so.1
2017-04-29 15:40:08 <Shiz> but you have libgrpc++.so.4
2017-04-29 15:41:13 <Shiz> meaning you should probably recompile that binary against the grpc package you created
2017-04-29 16:05:51 <ekarlso> Shiz: uhm it is compiled against it .
2017-04-29 16:06:18 <Shiz> considering it's linking against the wrong so version, something went wrong there it seems
2017-04-29 16:07:11 <ekarlso> Shiz: so I recompiled it now and it's still failing...
2017-04-29 16:07:34 <Shiz> i'd search your build system for any trace of libgrpc++.so.1
2017-04-29 16:07:51 <ekarlso> Shiz: you mean the package or ?
2017-04-29 16:07:55 <ekarlso> or the app
2017-04-29 16:08:05 <Shiz> i mean the system you use to compile the app
2017-04-29 16:08:29 <Shiz> because evidently it's finding libgrpc++.so.1 somewhere, despite it not being part of your grpc package
2017-04-29 16:09:51 <ekarlso> https://pastebin.com/58MzSbRd < Shiz hmmm
2017-04-29 16:10:36 <Shiz> try this
2017-04-29 16:11:03 <Shiz> readelf -d /usr/lib/libgrpc++.so | grep soname
2017-04-29 16:11:22 <ekarlso>  0x0000000e (SONAME)                     Library soname: [libgrpc++.so.1]
2017-04-29 16:11:37 <Shiz> well, there you go
2017-04-29 16:11:42 <Shiz> it seems like your grpc is miscompiled
2017-04-29 16:12:16 <Shiz> it claims that libgrpc++.so.1 exists and is the correct version, while only libgrpc++.so.4 exists
2017-04-29 16:12:17 <ekarlso> what is it typically that decides that ?
2017-04-29 16:12:25 <Shiz> the build system of grpc, i'd expect
2017-04-29 16:12:44 <Shiz> i can try to see if i can repro this if you'd like
2017-04-29 16:13:18 <ekarlso> Shiz: sure!
2017-04-29 16:14:49 <ekarlso> Shiz: so soname is a kind of alias I presume
2017-04-29 16:16:11 <arch3y_> so alpine is not rolling release since you tag versions, and edge is consider rolling release but its testing right
2017-04-29 16:16:51 <_ikke_> arch3y_: there is a separate testing repo
2017-04-29 16:17:12 <arch3y_> is edge considered rolling release though
2017-04-29 16:17:28 <arch3y_> just trying to make sure I keep up, Im used to a rolling release process
2017-04-29 16:17:34 <Shiz> edge is rolling, yes
2017-04-29 16:17:46 <_ikke_> but there might be some unstableness in edge
2017-04-29 16:17:53 <arch3y_> thats fine
2017-04-29 16:17:56 <_ikke_> (like with the change from openssl to libressl
2017-04-29 16:18:04 <arch3y_> Im just using it to hep build pkgs for you guys
2017-04-29 16:18:19 <arch3y_> Ill have to upgrade my 3.5 box to edge
2017-04-29 16:18:24 <_ikke_> edge basically is the master branch on aports
2017-04-29 16:18:52 <arch3y_> cool and as a pkg is submitted as a pr it is built by travis ci then merged in by hand
2017-04-29 16:19:08 <arch3y_> or does it get pushed to builders once its been built and cleared by travis ci
2017-04-29 16:19:38 <_ikke_> once it's merged, the builders will pick it up
2017-04-29 16:19:52 <_ikke_> (not sure how often/soon)
2017-04-29 16:19:56 <arch3y_> k I will stop pushing prs until things are merged
2017-04-29 16:20:10 <arch3y_> cause I dont want to cause even more pkgs to be reviewed its getting up there in the number of prs
2017-04-29 16:20:31 <arch3y_> I completely understand you guys have alot more on your plate that needs to be handled
2017-04-29 16:21:06 <Shiz> haha
2017-04-29 16:21:09 <Shiz> kinda
2017-04-29 16:21:22 <arch3y_> just  saying I wont push anything for awhile
2017-04-29 16:21:33 <Shiz> PRs are merged by hand yes, simply because travis can't pick up on subtleties like 'is this the proper way to do it, even if it works'
2017-04-29 16:21:39 <arch3y_> Id love to help out more with the core stuff but you dont need any more chefs in the kitchen either
2017-04-29 16:21:40 <Shiz> and 'do our patches have descriptions of what they do'
2017-04-29 16:22:06 <arch3y_> yeah for sure I understand they are merged by hand to maintain a intergrity  of the apkgbuilds
2017-04-29 16:22:19 <arch3y_> and to uphold your standards
2017-04-29 16:22:55 <Shiz> also, i'm sure more help would be welcome in reviewing PRs :P
2017-04-29 16:23:10 <arch3y_> well Im still new to how things are done in alpine
2017-04-29 16:23:33 <arch3y_> so Im sure my prs could use some tweaks as well, but I know the ones I have built everything passes with flying colors
2017-04-29 16:23:39 <TemptorSent> Shiz: Is there a document somewhere on the PR review criteria?
2017-04-29 16:23:43 <arch3y_> but I know that style is a big thing as well
2017-04-29 16:23:56 <Shiz> TemptorSent: not sure if there's any formal stuff right now...
2017-04-29 16:24:02 <arch3y_> just upgrading my 3.5 box to edge to test the process
2017-04-29 16:24:31 <TemptorSent> If you could scratch together notes of what you look for and dump them on the wiki, it would be very helpful.
2017-04-29 16:24:46 <arch3y_> I would agree with that, it would be nice to see
2017-04-29 16:24:47 <TemptorSent> Both for reviewers and for committers.
2017-04-29 16:24:58 <arch3y_> when you guys have time as course
2017-04-29 16:25:03 <arch3y_> documentation is an evil thing
2017-04-29 16:25:06 <arch3y_> but necessary
2017-04-29 16:25:10 <Shiz> i'll try something after i look at ekarlso's grpc thing
2017-04-29 16:25:19 <TemptorSent> Thank you Shiz.
2017-04-29 16:56:46 <Shiz> ekarlso: ive made a new apkbuild for grpc since yours was a bit... lacking
2017-04-29 16:56:53 <Shiz> testing it now
2017-04-29 18:26:56 <ekarlso> Shiz: any progress ? :p
2017-04-29 18:27:57 <Shiz> fighting with grpc's testing infra
2017-04-29 18:27:59 <Shiz> lol
2017-04-29 18:31:21 <ekarlso> Shiz: anyways I can see it's defined in the Makefile
2017-04-29 18:31:24 <ekarlso> the soname
2017-04-29 18:32:08 <Shiz> as it should be
2017-04-29 18:32:30 <Shiz> (this is a prohibitively long makefile...)
2017-04-29 18:34:01 <Shiz> ekarlso: seems there is a bug in this makefile
2017-04-29 18:34:03 <Shiz> :/
2017-04-29 18:35:51 <Shiz> it's a mystery how this ever worked
2017-04-29 18:38:08 <Shiz> ekarlso: this seems easy enough to fix
2017-04-29 18:38:19 <Shiz> but... how did this makefile evr work
2017-04-29 18:38:22 <Shiz> maybe nobody compiles it with make
2017-04-29 18:47:25 <Shiz> ekarlso: currently compiling with cmake
2017-04-29 18:47:27 <Shiz> seeing what happens
2017-04-29 18:58:09 <ekarlso> Shiz: any idea ? : P
2017-04-29 18:59:50 <Shiz> cmake is equally broken
2017-04-29 18:59:54 <Shiz> i'm just gonna patch the makefile
2017-04-29 19:00:37 <ekarlso> : p
2017-04-29 19:09:12 <Shiz> ekarlso: almost there
2017-04-29 19:11:46 <xn0r> openvpn 2.4.1 fails with a TLS error when trying to connect to a server
2017-04-29 19:12:12 <xn0r> it cannot verify the certificate
2017-04-29 19:16:33 <xn0r> same config works on another host
2017-04-29 19:17:01 <xn0r> "OpenSSL: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed"
2017-04-29 19:19:11 <Shiz> ekarlso: fixed.
2017-04-29 19:19:21 <ekarlso> Shiz: kk
2017-04-29 19:19:57 <Shiz> APKBUILD: https://txt.shiz.me/YjAxZjE3NG
2017-04-29 19:20:21 <Shiz> fix-soname-mismatch.patch: https://txt.shiz.me/Y2VmMTczZT
2017-04-29 19:20:27 <Shiz> i'm gonna throw that last patch upstream, probably
2017-04-29 19:20:55 <Shiz> oh, it's a bit malformed...
2017-04-29 19:21:02 <Shiz> regardless, it should work for building
2017-04-29 19:22:05 <ekarlso> Shiz: get the package into community ? : o
2017-04-29 19:22:32 <arch3y_> Shiz: may I ask whats on txt.shiz.me program wise
2017-04-29 19:22:48 <Shiz> arch3y_: https://github.com/Shizmob/upaste
2017-04-29 19:22:57 <Shiz> although the one running live may have a few more random fixes
2017-04-29 19:23:01 <Shiz> https://txt.shiz.me/self
2017-04-29 19:23:09 <arch3y_> Shiz: thats cool
2017-04-29 19:23:56 <Shiz> :)
2017-04-29 19:24:05 <arch3y_> I like how lightweight it is
2017-04-29 19:24:10 <arch3y_> and thats pretty useful
2017-04-29 19:24:11 <Shiz> ekarlso: dunno, i'm not using grpc so i can't make that call
2017-04-29 19:24:26 <Shiz> packages in community need some real world testing over a period of time before they get moved there
2017-04-29 19:28:52 <TBB> I guess this is one way to spend a Saturday, at work trying to figure out how to get plymouth to reset a tty at exit
2017-04-29 19:32:29 <Shiz> ekarlso: https://github.com/grpc/grpc/pull/10923
2017-04-29 19:32:31 <Shiz> submitted upstream
2017-04-29 19:32:41 <Shiz> anyway, feel free to use that fixed apkbuild and patch in your builder thing
2017-04-29 19:32:43 <Shiz> :)
2017-04-29 19:41:32 <ekarlso> Shiz: hmmmms
2017-04-29 19:41:57 <ekarlso> Shiz: I do curl https://txt.shiz.me/Y2VmMTczZT.txt -o fix-soname-mismatch.patch and I get wrong checksum
2017-04-29 19:42:29 <Shiz> ekarlso: actually, it's better to use this patch anyway
2017-04-29 19:42:37 <Shiz> https://patch-diff.githubusercontent.com/raw/grpc/grpc/pull/10923.patch
2017-04-29 19:42:42 <Shiz> since it has a proper description and such
2017-04-29 19:42:44 <Shiz> :)
2017-04-29 19:42:53 <Shiz> oh, but that won't apply against 1.3.0
2017-04-29 19:42:55 <Shiz> hmm
2017-04-29 19:42:57 <Shiz> ekarlso: sec
2017-04-29 19:43:46 <Shiz> ekarlso: https://txt.shiz.me/ZGJjMTRhN2.txt
2017-04-29 19:43:49 <Shiz> patch got mangled somehow
2017-04-29 20:48:17 <shadoh> so... are the core differences between the xen version and the standard version just the kernel options and some packages, or is there more to it than that?
2017-04-29 20:48:59 <Shiz> it's just that
2017-04-29 20:49:33 <Shiz> im not sure if they even use a different kernel config
2017-04-29 20:49:40 <Shiz> https://git.alpinelinux.org/cgit/alpine-iso/tree/alpine-xen.conf.mk
2017-04-29 20:49:42 <Shiz> looks like no
2017-04-29 20:54:31 <shadoh> so it sounds like there wouldn't be much harm to install the zen version and add whatever other packages I want/need
2017-04-29 20:54:48 <Shiz> right
2017-04-29 20:54:48 <shadoh> leave me the option to use zen if/when I decide to, or not, if I never get around to it
2017-04-29 20:56:08 <shadoh> I might do that, then... I figured I'd mainly use the box as a docker host, but having the flexibility/option to set up zen or similar vm hosting(even something as basic as virtualbox) would be nice
2017-04-30 02:39:59 <tidux> so what's the future of Alpine now that grsec is closing up?
2017-04-30 02:40:02 <tidux> vanilla kernels only?
2017-04-30 02:40:07 <tidux> some other patchset?
2017-04-30 02:40:52 <Shiz> "the future of Alpine" is continuing being Alpine
2017-04-30 02:41:33 <Shiz> as it looks now grsec will still be supported for 3.6
2017-04-30 16:27:00 <Kooda> Hey there. :)  Is it normal that the paxctl package isn’t available in the edge repository?
2017-04-30 16:27:58 <_ikke_> looks like it is removed
2017-04-30 16:28:26 <kaniini> Kooda: yes, i removed it because it is obsolete.  use paxmark instead.
2017-04-30 17:13:30 <Kruge> Afternoon all
2017-04-30 19:59:49 <armin> anyone a hint how to get the "host" program on alpine linux? can i apk add some dns related package?
2017-04-30 20:00:29 <_ikke_> https://pkgs.alpinelinux.org/contents?file=host&path=&name=&branch=&repo=&arch=
2017-04-30 20:00:45 <armin> hey ikke, nice. thanks for the quick reply!
2017-04-30 20:01:01 <_ikke_> np
2017-04-30 20:01:50 <armin> _ikke_: would that be possible without using a webbrowser, e.g. does apk have an option to do that?
2017-04-30 20:02:33 <_ikke_> 1No
2017-04-30 20:02:51 <armin> fair enough, thanks for your help!
2017-04-30 20:07:47 <qman__> armin: FILE="host"; curl -s "https://pkgs.alpinelinux.org/contents?file=$FILE" | grep package | cut -d\> -f3 | cut -d\< -f1 | uniq
2017-04-30 20:12:11 <armin> qman__: works like a charm. thank you.
2017-04-30 20:12:52 <qman__> you can probably create an alias or a script or something with that to provide yourself a simpler command
2017-04-30 20:16:06 <armin> qman__: https://gist.github.com/7e900ed833347e1f9ce599016dafeb6b
2017-04-30 20:28:23 <trfl> I presume pkgs.alpinelinux.org works by keeping a listing of each package somewhere... would be cool if that was made public somewhere, much cheaper than having to rsync a mirror to build it yourself
2017-04-30 23:58:11 <__number5__> trfl: don't get what you mean, pkgs.alpinelinux.org is public available
2017-04-30 23:59:07 <Shiz> probably he means available in data form