libera/#devuan-dev/ Saturday, 2019-11-23

fsmithredtorrent appears to be working correctly here00:56
masonMagnet link breaks here.04:17
masonTorrent links seems to be correct, though.04:19
masonbbiab04:19
golinuxmason: Is the the magnet link you tried?04:44
golinuxmagnet:?xt=urn:btih:21c309091f3853e1ac7d80d6c4e2ca4f869e2d77&tr=udp%3a%2f%2ftracker.dyne.org%3a6969&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a8004:44
golinuxMake sure that you refresh the page. You might be trying to access the magnet for 2.0.004:46
BeerbelottHi, my monitoring tool reports to me that since at least 2019-11-22T22:55Z, the 190.64.49.124 mirror, part of deb.devuan.org pool, is not responsive on TCP/80 port anymore10:34
BeerbelottThe defect has been continuous since then (on a check/5 min basis)10:35
BeerbelottWould it be possible to confirm defect & if positive act on it?10:35
onefangI can confirm that, my monitoring scripts say the same.10:37
onefangAs of about half an hour ago it was still responding to deb.devuan.org, just not connecting directly.10:40
onefangI'm part way through cooking dinner, I'll investigate further after eating.10:45
BeerbelottWhat do you mean by "still responding to deb.devuan.org"?10:45
BeerbelottThe IP address is currently still in the pool, yes, but connection to this IP address on TCP/80 is defunct since almost 12h now10:46
onefanghttps://sledjhamr.org/apt-panopticon/results/LOG_deb.devuan.org_190.64.49.124.html is the logs of my checker connecting to that IP as deb.devuan.org.10:46
BeerbelottThe fact a non-responsive TCP/80 address is included in the deb.devuan.org is the problem indeed, as it can be damaging10:47
onefanghttps://sledjhamr.org/apt-panopticon/results/LOG_espejito.fder.edu.uy_190.64.49.124.html is connecting to that IP as espejito.fder.edu.uy.10:47
onefangBRB10:47
BeerbelottI see you use a timeout of 15 seconds on the connections10:48
BeerbelottI used 5 on my test script... which seems to me far more than generous on a mere TCP connection (no data sent)10:48
BeerbelottI am not sure the timeout is the reason you could connect and not me, though. Routing difference? I guess only the mirror's owner could investigate10:53
onefangI just actually downloaded a file from that IP using deb.devuan.org as the host.10:53
onefangHave you tried a traceroute?10:55
onefangcurl --retry 0 -s --path-as-is --connect-timeout 15 --max-redirs 0 --connect-to 190.64.49.124 -H "Host: deb.devuan.org" http://deb.devuan.org/merged/dists/jessie/Release10:57
onefangTime for me to eat.  Back soon.11:02
onefangEven with  timeout of 5 seconds, I get the file.11:14
onefangcurl http://espejito.fder.edu.uy/merged/dists/jessie/Release11:22
onefangcurl: (7) Failed to connect to espejito.fder.edu.uy port 80: Connection timed out11:22
onefangSo as part of the deb.devuan.org pool it's working fine, just not as a stand alone mirror.11:23
* onefang sends an email to the mirror's owner.11:29
onefangBeerbelott: did you get in touch with Evilham about your mirror?11:41
onefangAlso, I can ping both IPs.11:49
Evilhamonefang: it doesn't look like espejito is working fine as part of the RR either, I removed it11:51
onefangHmmm, there might be something wrong with my tests then.  B-(11:52
onefangDoes that above curl test look OK to you?11:53
Evilhamhuh11:59
Evilhaminteresting11:59
Evilhamcurl -H "Host: deb.devuan.org" http://190.64.49.124/merged/dists/jessie/Release11:59
Evilhamdoesn't work11:59
Evilhambut yours does11:59
onefangAh, the --connect-to 190.64.49.124 bit seems to not be doing what I thought it would.  I tried it with -v.11:59
Evilhamalrighty :-p12:00
Evilhamso yeah, it's remove12:00
Evilhamd12:00
EvilhamI have to be away \o12:00
onefang"--connect-to "deb.devuan.org::190.64.49.124:"  is the correct way, and it fails now.12:05
* onefang updates my monitor script.12:05
EvilhamI think --resolve is clearer12:11
Evilhambut also I always just use the IP in the URL and use the hostname header12:11
Evilhamso:12:12
Evilhamcurl --resolve deb.devuan.org:80:190.64.49.124 http://deb.devuan.org12:12
Evilham(where 80 is the port)12:12
onefangAs far as I can tell --connect-to supports SNI properly, and one of the mirrors is using SNI, and my checker was failing on that mirror when I used the IP in the URL.12:13
Beerbelottonefang: I'd weight in favour of --resolve for cURL13:05
BeerbelottIt does what you think it does13:05
BeerbelottIt then allows you to use the hostname in the URL, which conveniently helps populating the HTTP Host field13:06
onefangThe docs for it don't mention SNI though, and the docs for --connect-to do mention SNI.13:06
BeerbelottThe docs for --connect-to mentions SNI to tell it's *not* affecting it13:08
onefangThe problem with writing this sort of in depth checking script is that I can't afford to setup a whole bunch of servers that do the wrong thing.  So I have to wait for actual servers to do the wrong thing before I know I'm checking for that wrong thing incorrectly.  lol13:09
onefang*not* affecting SNI is exactly what I want.13:09
BeerbelottWell when checking for connectivity, you need to separate problems13:10
BeerbelottMy check, which properly failed on this unresponsive host, is quite simple: TCP connection13:10
BeerbelottNot more13:10
onefangI have a TODO item to add that sort of basic test, coz you mentioned it long ago.  B-)13:11
BeerbelottComplex scripts mix up variables, so you do not know which layer is wrong13:11
onefangI'm trying to probe things all the way down the various layers.13:11
BeerbelottWell then you have a test somewhere whoch merely checks TCP connectivity (and not more) telling you this host was down on TCP/80 for half a day13:12
Beerbelott;)13:12
BeerbelottI do not get why you do not want SNI though13:12
BeerbelottChecking a server without SNI... you might be routed to a failing location while the proper one, routed with proper SNI, might be responsive13:13
onefangI do want SNI, and I want it tested for correctly.  Two of our mirrors use SNI, and my previous "use the IP in the URL" test failed for them.13:13
Beerbelott(routed in "application routing")13:13
Beerbelott--resolve is the way to go for SNI13:14
Beerbelottuse the hostname in the URL13:14
onefangWhich is why I now use --connect-no, coz as you mentioned, it hdoes not affect SNI.13:14
BeerbelottI guess we udnerstand the docs differently13:14
onefang--connect-to mentions SNI, --resolve doesn't, so I went with the one that is documented to work with SNI.13:15
BeerbelottI am not sure --connect-to does what you think it does13:15
onefangWhat exactly do you think it does?13:16
BeerbelottAll I know is IIRC --resolve allows you to use a hsotname in a URL, hostname which will then be used in SNI as expected, while resolving said hostname to the precise IP address you wish for tests purpose13:16
BeerbelottI have extensively used --resolve is almost exclusively SNI environments. If SNI wasn't respected, I should have noticed... because I would most of the time not received the content of the proper virtual server ;)13:18
Beerbelottvirtual server -> certificate, my bad13:18
onefangLike I said, --resolve doesn't mention SNI, --connect-to does.  So I went with the one that is documented to work.  I don't see that --resolve gets me anything more than --connect-to does.13:19
BeerbelottAbout your question on my mirror... I did raise the subject on #devuan-infra and got in touch w/ Evilham, to no avail so far. However I am only occasionally connected on IRC, hence I might have slipped past any answer on unlogged channels13:20
BeerbelottI'll reverse the q°: why do you want SNI to be mentioned when it's the expected, default, behaviour?13:21
onefangI was pointing you at Evilham coz you where asking about your mirror at 3AM my time, I figured he would be a lot closer to your timezone.13:21
BeerbelottThe fact SNI is mentioned in your switch means something fishy or at least non-standard seems to be done with it there13:21
Beerbelottcurl has the habit of being pretty standard in its behaviour, auto-filling basic requirements (like the Host header) based on called URI13:22
onefangCoz SNI also not mentioned in using -H "host:" documentation, which DID fail.  So I searched through the docs for SNI, only --connect-to mentioned it.13:22
Beerbelottit does the same at the TLS layer level13:22
BeerbelottHost HTTP header != TLS SNI13:22
Beerbelott-H "Host: ***" fills up... a HTTP header.13:23
onefangSoooo, why should I switch to --resolve if --connected-to works AND is documented to work for SNI?13:23
BeerbelottI thought you said this switch was not doing what you wanted/thought it was doing?13:24
onefangIt was the format of the --connect-to argument that I switched.13:25
BeerbelottI can't comment the --connect-to switch I don't know. And its docs are nto clear to me. --resolve is way clearer to me, much simpler to remember, and allows the called URL to successfully impact both TLS & HTTP layers seamlessly13:25
BeerbelottI'd warmly recommend you to use it. I am not trying to convince you if you *know* better.13:25
BeerbelottI also find elegant that, leveraging the called URL, you do not have to manually feed any -H switch13:26
Beerbelottespecially for the Host HTTP header13:26
onefangI'm not trying to remember it, I'm trying to script it.  B-)13:26
BeerbelottI'd always advise the compactest, leanest & most elegant solutions as to avoid false positives13:27
onefangI was trying several methods of dealing with SNI, using various libraries, using wget or curl command lines.13:29
Beerbelottcurl -svo /dev/null --resolve home:443:127.0.0.1 https://home/13:30
BeerbelottDon't you think that's immediately understandable?13:30
Beerbelottand it does SNI & populates HTTP Host...13:31
BeerbelottThx to using the targeted hostname in the URI part of cURL13:31
onefang--connect-to home:433:127.0.0.1 Is just as understandable.13:32
onefangAnd has the advantage of being documented as working with SNI.13:32
onefangAt that point, after failing with lots of other methods, I stopped looking.13:32
onefangI wasn't gonna start experimenting with stuff that doesn't mention SNI, just on the off chance it would work.13:34
onefangThough now I'm wondering why they bothered with two options which seem to work in exactly the same way?13:36
BeerbelottFWIU --connect-to might allow you to connect to another hostname while retaining the 1st one for SNI & virtual server resolution13:37
Beerbelottie instead of resolving the connection host and then using its IP address in resolve (2 steps) you could do that in a single step13:38
BeerbelottThat's for a hostname -> hostname transition13:38
Beerbelottfor hostname -> IP address, I guess they are equivalent?13:38
BeerbelottPure speculation. I'd do not trust --connect-to myself as its documentation seems unclear to me (personal opinion *2)13:39
BeerbelottYou do what works best to you and what is easiest to maintain. Make sure you scripts do not pretend connecting to unresponsive hosts though ;)13:39
BeerbelottAlso, I was using nc.13:40
BeerbelottOne layer at a time.13:40
onefangIn about half an hour the regularly scheduled checking run will happen on my server, which has better connectivity than my home, especially at this time of night on a Saturday, when others in the house are watching Netflix on our shared WiFi.  I'll see what happens.  B-)13:40
BeerbelottIf you wanna decouple SNI & HTTP layers, I'd use a TLS-specific client for SNI, and reserve cURL for mere HTTP checks13:41
onefanghttps://sledjhamr.org/mantisbt/view.php?id=81 doing the nc thing is a TODO, coz you mentioned it before.  B-)13:41
BeerbelottI'd use nc, then openssl s_client, then cURL13:43
Beerbelott(with --resolve)13:43
onefangSooo, about your mirror.  It's only an ISO mirror, not a package mirror?  Do you intend to add a package mirror later?13:43
BeerbelottI'm doing basic checks so I only consider unresponsive hosts. I am not checking responsive hosts' integrity13:44
BeerbelottI might do... the only problem is disk space13:44
Beerbelottlast I checked it was requiring a little bit short of 60 GiB13:44
Beerbelott(the package repo that is)13:44
BeerbelottThat's the estimate rsync gave me, I dunno if it's accurate13:45
onefangFor an ISO mirror, we just need to list you on https://devuan.org/get-devuan if I recall correctly.  I've mostly been dealing with package mirrors so far.13:45
BeerbelottI suppose so13:46
BeerbelottThe download URI in MIRRORS.txt shall be updated though13:46
onefangThe package mirror walk through says 50GB, pkgmaster currently has 44GB.13:47
Beerbelottbtw I am only providing HTTPS, with also HTTP supported in a HTTP -> HTTPS fashion13:47
onefangSome of our package mirrors do that.13:47
BeerbelottWould not it be interesting to have a torrent for those files?13:48
BeerbelottIt could help duplicating sources without having to manage newcomers/outgoers13:48
Beerbelottwithout having to manage them *manually* at least13:48
onefanghttps://files.devuan.org/devuan_ascii.torrent  and  magnet:?xt=urn:btih:21c309091f3853e1ac7d80d6c4e2ca4f869e2d77&tr=udp%3a%2f%2ftracker.dyne.org%3a6969&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a8013:48
BeerbelottOooh13:48
BeerbelottHow did I miss that?13:49
BeerbelottIt's not on the download page13:49
onefangNo idea, I copied those from the Devuan front page.13:49
BeerbelottYeah this website is a bit of a mess actually :D13:50
BeerbelottYeah it's on the front page but not in the download section13:50
onefangYou need to talk to the people that deal with the website, that's not me.13:50
onefangCurrently it's being redone for the ASCII point release, so some of this stuff might have been cleaned up already.  golinux would know.13:51
BeerbelottGreat!13:53
onefanghttps://sledjhamr.org/apt-panopticon/results/Report-web.html is the current result.  Interesting, I'm getting different responses from espejito's IPv4 and IPv6 addresses.14:12
Evilhamonefang: you should probably check the grafana instance as well :-p17:59
golinuxonefang: Yes, the index page has been updated to point to ASCII 2.118:10
golinuxAnd the point release announcement is linked from the first paragraph: https://devuan.org/os/debian-fork/ascii-point-release-announce-11211918:11
* onefang checks grafana.18:12
golinuxI have requested that jaromil send it to the "announce" list to make it official18:12
onefangCool golinux.  Can you / have you added Beerbelott's ISO mirror?18:13
golinuxAs a response to Beerbelott's comments . . . the index page points to all 3 options to download isos: the mirror list page (get-devuan), the torrent and the magnet.18:16
golinuxI didn't read all that very carefully so didn't catch that he has a mirror that needs to be added.18:16
golinuxonefang: ^^^18:17
golinuxUsually the mirror team relays that info to me once a mirror has been verified.  I would never make that decision on my own.18:18
golinuxYou can pm it to me so as not to flood this channel18:18
onefangI haven't come up to speed on how things go with ISO mirrors, I'm still learning the ropes for package mirrors.18:19
golinuxRight . . . the only thing I'm concerned with on the website are the iso mirrors18:20
golinuxAnd when someone on the team gives me that info, I add it.18:20
onefangFound Beerbellot's mirror message - 2019-11-01 13:02:11  Beerbelott: Hello. I have a Devuan Archive Mirror up & running at https://devuan.rosset.eu.org/18:22
golinuxOnly https?18:24
onefangIt redirects http to https.18:24
golinuxThanks for finding that18:25
golinuxNo ftp or rsync?18:25
onefangNope.18:25
golinuxI'll do that after I get some b'fast.18:26
onefangJust having a quick look around.  Seems up to date, has ASCII 2.1.  My mirror checker script has ISO mirror checking as a TODO item.18:26
onefangEnjoy your brekky.18:28
golinuxYes, 2.1 is available and iiuc, 2.0.0 has been "archived" somewhere.  2.0.0 embedded images are still available though because there are no official 2.1 replacements.18:29
onefangISO mirrors have an "archive" directory with the archived 2.0 ISOs in them.18:30
golinuxWe'll see if the devuan arm community gets it together . . .18:30
onefangBeerbelott's mirror has that to.18:30
golinuxAll that was just sorted at the last meet.18:31
onefangI did manage to sneak in a quick peek at the meeting pad during the 7 AM inspection.18:32
golinuxonefang: https://devuan.rosset.eu.org/ added to get-devuan20:56
onefangThanks.20:56

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!