| plasma41 | Notes sent to the mailing list | 04:45 |
|---|---|---|
| LeePen | o/ | 10:14 |
| LeePen | Thanks to jaromil for updating the build hosts. | 10:15 |
| LeePen | Is there somebody who has perms to retry the failed policykit-1-binary arm64 #73 build, please? | 10:17 |
| LeePen | Or give me the ability to trigger it? I don't think I can build for beowulf at the moment. | 10:18 |
| LeePen | Thanks | 10:18 |
| * rrq is a bit tired today .. but can do some fiddling .. | 10:54 | |
| rrq | btw I think I need to bump the version on util-linux.. it still got different version for i386 and amd64 (didn't update i386) | 11:00 |
| rrq | might need to make it 2.33.1-0.1+devuan2~beowulf1 | 11:00 |
| rrq | (seems 2.33.1-0.1+devuan1~beowulf1 is not later than 2.33.1-0.1+devuan1 ?) | 11:01 |
| fsmithred | the plus is mightier than the tilde? | 11:15 |
| fsmithred | is someone working on udisks2? We have an older version in beowulf/ceres that's incompatible with gparted. | 11:29 |
| LeePen | fsmithred: Yes, I have udisks2 in hand. | 11:44 |
| LeePen | rrq: thanks. amd64 policykit is fixed. :) | 11:45 |
| LeePen | Most of my udisks2 builds have failed with "/tmp/hooks/B20autopkgtest: 60: /tmp/hooks/B20autopkgtest: adt-run: not found" | 15:00 |
| LeePen | Has anybody seen this before? It is new to me. | 15:01 |
| LeePen | But on a positive note, policykit-1 and consolekit2 are now built for beowulf. :) | 15:01 |
| LeePen | OK, this might be related to Debian #876399 | 15:10 |
| LeePen | Looks as though the /tmp/hooks/B20autopkgtest needs updating for autopkgtest 5.0. adt-* commands are no longer available. | 15:22 |
| LeePen | Or pbuilder >= 0.229. | 15:29 |
| mason | I'm curious - checked last night, and I saw that the Apache security update finally made it in, and I haven't seen anything on the lists mentioning what happened there. | 16:13 |
| Joril | Leepen: YAY for Beowulf going forward! :) | 16:57 |
| LeePen | Joril: :) | 18:27 |
| mason | Jjp137: Do you know what happened that addressed the issue with Apache? | 19:00 |
| golinux | I'm not Joril but have seen nothing recently apache related. Most everyone here has likely moved on to nginx | 19:06 |
| xrogaan | golinux: which email client do you use? | 19:20 |
| golinux | Roundcube on the dyne server | 19:23 |
| golinux | That's webmail. | 19:24 |
| golinux | It's only happening on the dyne ML. Didn't used to be that way. | 19:25 |
| xrogaan | dyne updated their software, as pointed out by somebody on the ML? | 19:29 |
| xrogaan | oh, it's the same ML for both dyne and devuan? | 19:30 |
| onefang | I'm still using Apache, though I'll be experimenting with Lighttpd soon. | 19:43 |
| Jjp137 | mason, someone probably gave amprolla a swift kick to make it learn about the update; beyond that, I have no idea really | 19:47 |
| mason | Jjp137: That's a worry. Thought it was all automatic. | 19:47 |
| mason | golinux: The issue is that Debian has released a fix, but Amprolla wasn't showing that fix for a good week or two, which is a window of vulnerability. Knowing how it resolved would point to how likely it is to happen again in future. | 19:48 |
| mason | golinux: Re: nginx, it's entirely possible the same thing could happen with an nginx vulernability. That it was Apache is almost incidental, except that it's often facing the public Internet. | 19:52 |
| golinux | That defect in amprolla has been happening for a very long time and is being ignored by those capable of fixing it. | 20:03 |
| golinux | IIRC a solution was offered but the hurdle of "proof" required to having it applied was not feasible to accomplish | 20:05 |
| mason | Hrm. Do we know what it is and it just needs to be fixed, or is there some diagnostic work required? | 20:05 |
| golinux | I think it self-corrects at some point. | 20:05 |
| mason | And do we know what the workaround was in this case, to help identify the problem? | 20:05 |
| golinux | I'll try to find it | 20:06 |
| mason | I guess I want to snag the code and see what it's doing. | 20:06 |
| mason | Cool, if you see anything I'd be happy to look. Reimplementing it was something that showed up in one of the videos I watched, so maybe I can assess the feasibility of this. | 20:06 |
| golinux | Here you go: https://lists.dyne.org/lurker/message/20190914.151803.224e1f02.en.html | 20:08 |
| golinux | The final word in that thread: https://lists.dyne.org/lurker/message/20190924.203227.69fa9513.en.html | 20:10 |
| mason | golinux: Thank you. And I've pulled down https://github.com/parazyd/amprolla now and am digging a bit. | 20:11 |
| mason | Oh, I remember that thread. I hadn't connected that with this. | 20:11 |
| golinux | Thanks for doing that. | 21:22 |
| fsmithred | mason, pkgmaster tends to lag behind packages.devuan.org sometimes, and when it does, it's usually just ascii-security. | 21:40 |
| fsmithred | But I've seen packages.devuan lag a couple times, too. | 21:41 |
| mason | fsmithred: But is that all Amprolla? | 21:48 |
| golinux | There is no other thing messing with it | 21:49 |
| fsmithred | yeah, it's amprolla. There are two instances running. | 21:50 |
| fsmithred | auto.mirror mirrors packages.d.o. deb.devuan mirrors pkgmaster. | 21:51 |
| mason | I'm going to write up a design doc for it, and if that looks accurate to everyone maybe I can implement something new and have it be both talkative and paranoid. | 21:53 |
| fsmithred | talk to rrq. I know he's looked at it and might know what the problem is. | 21:54 |
| mason | I really dislike Python, though. More fun to have a clean start. | 21:54 |
| mason | Plus, it'll be useful having a design document. | 21:56 |
| golinux | You must have seen this by now: https://dev1galaxy.org/files/amprolla.png | 21:59 |
| mason | golinux: Yes. | 22:00 |
| golinux | That's the general flow though I understand that it is slightly different now | 22:00 |
| mason | My understanding is that it uses redirects so we don't host things that are unmodified Debian, but I'm more or less taking this on faith. | 22:01 |
| mason | Haven't finished a readthrough yet. | 22:01 |
| golinux | That is correct. | 22:02 |
| golinux | We only host devuan-specific packages | 22:02 |
| rrq | mason: if you look into the Packages file(s) you'll see that every package has their access filename as a url with ether DEVUAN or DEBIAN as path component, which the repository server(s) use as key for dispatching to either a local file or a deb.debian.org file | 22:32 |
| mason | rrq: kk, ty | 22:33 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!
