libera/#devuan/ Tuesday, 2020-06-09

Guest15994what is a stupid simple static-only minimal attack surface webserver I can use for verifying ACME challenges in beowulf with dehydrated.sh?00:04
Guest15994I would normally use suckless quark but that's not in the repositories00:04
Acaciabusybox httpd maybe? It was 2500 limes of C last time I checked00:07
gnarfacelighttpd and nginx are both known for being lightweight and simple to configure00:13
gnarfacepersonally i'd still use apache and just unload any modules i'm not using00:14
Guest15994all those are way too bloated for what i'm looking for00:14
gnarfacewell... you can serve http pages from netcat if you want00:14
gnarfacewon't get much simpler than that00:14
gnarfacebut at a certain point more simple != more secure00:15
gnarfacei'm certain you can find a bash + netcat httpd script somewhere00:15
gnarfacei recall someone collected a library of really bad ideas involving netcat00:16
gnarfacei just don't remember the url00:16
gnarfacethere's also a httpd built directly into the kernel now but i don't have any experience with it, so i can't tell you if it's easy or not00:18
Guest15994i just need a webserver in ~1000 lines of C and all it does is chroot itself, de-escalate privs, and serves static files from a directory00:18
gnarfacewell the only other suggestion i have is "apt-cache search httpd"00:20
gnarfacei'm seeing several now in ceres that i haven't heard of00:20
gnarfacesome of them seem to match the description of your use case00:21
gnarfacecan you see webfs or micro-httpd in your version?00:21
Guest15994thanks00:22
Guest15994i might just put quark in there myself00:22
gnarfacefyi, it is "apt-cache search [regexp]"00:22
gnarfaceso if you know some simple patterns you can get better search results00:22
Guest15994btw, gnarface check this out when you get some time00:22
Guest15994http://tools.suckless.org/quark/00:22
Guest15994it's really good00:23
Guest15994super easy to modify to your needs00:23
Guest15994audit the whole thing in a couple of minutes00:23
gnarfacehmm, i've heard of quark, i wonder why it's not in the repo...00:23
Guest15994400 lines in main.c00:24
Guest15994600 lines in http.c00:24
yetiprivate opinion: sucless software typically sucks more03:11
yetie.g. compile time configuration03:11
yetithat does not fit well to a binary distribution03:11
yetia minimal htp server as plugin for (x)inetd would even be shorter and suck less03:13
yeti:-Þ03:13
rrqanyone daring could try https://gitea.devuan.dev/rrq/newlisp-ftw/src/branch/master/hobby-http.lsp03:34
golinuxThe hobby-http is MAGIC!03:53
Guest15994yeti, I'm using quark in a lot of places already, including a CDN04:09
Guest15994it's a fine webserver04:09
Guest15994rrq, oh lisp04:10
rrqwell. newlisp.04:10
yetibut e.g. for adding a new mime info it needs rcompiling04:11
yetiit is in a header, not a config04:11
yetithat would need a rebuild infastructue like source kernel modules in a binary distro04:12
yetiput it in /opt or /usr/local and be happy... but it doesnt fit as *.deb04:13
yetihmmm... classic lisp should have been called consp04:35
yetiif lisps were named by their most basic sructure04:36
golinuxyeti . . . you are missing the point that is an amazing tool to serve local file local files.  I used it to prepare the new restructured devuan website for beowulf.04:48
golinuxYes, you are seeing double!  Sorry about that.04:48
yetithere are gazillions of toools to serve local files04:49
golinuxIn a browser?04:49
yetiand amazing is a purely subjective attribution04:49
yetimy autistic brain half even refuses to notice such attributions04:50
golinuxstart it and open the html page like magic.04:50
golinuxIt is quite compatible with my pointy, clicky brain04:50
golinuxAnd got the job done.04:51
yetia browser is a huge heap of code.  I'd prefer smaller tools for that job.  others have other preferences.04:52
yetiI'm a fan of diversity04:52
yetibut your "amazing" can be my "*cough!!!*"04:53
yetinothing wrong with that04:53
yetiwe are all the same: different.04:54
devuanhello guys,05:05
devuanI am using openbox05:06
devuanI want my pendrive to be visible, and be able to mount it05:06
devuanI saw 2 packages05:06
devuangvfs-fuse, and gvfs-backends05:07
devuandoes I will need them?05:07
devuanthanks in advance05:07
yetiI've no idea about clicky stuff05:09
yetimaybe this?  —>  http://openbox.org/wiki/Openbox:Pipemenus:obdevicemenu05:13
aitorhi08:44
Guest52853i have in mind to build a pipemenu for openbox using didier kryn's hopman project08:44
Guest52853https://git.devuan.org/kryn/hopman08:47
WonkaAny idea when the chimaera-security repository will exist?11:54
gnarfaceWonka: not until after it goes stable i would think11:57
Wonka"If you are tracking testing or the next-stable code name, you should always have a corresponding deb http://security.debian.org <"testing" or codename>-security main entry in your apt sources." says https://wiki.debian.org/DebianTesting12:00
Wonkashouldn't Devuan follow them there?12:00
Wonkareasoning as in https://www.debian.org/security/faq#testing12:00
gnarfaceoh, well maybe i'm wrong then12:01
gnarfacebut i don't think chimera has been live for long so it's probably still being set up12:02
Wonkahttps://wiki.debian.org/Status/Testing says "There does exist a testing-security repository but it is empty. It is there so that people can have the line in their SourcesList to facilitate easily changing it to the next release name. To be clear, there are no security updates in this repository."12:02
WonkaI'd like that here too, exactly because "so that people can have the line in their SourcesList to facilitate easily changing it to the next release name."12:03
Wonkabut well, for now I can comment out that line for chimaera, if there's not going to be something in it until release anyway.12:04
specingHow does one see init script execution order?13:51
specingnvm, didn't googl13:52
specingHow does one change it?14:01
specingThere is this: https://askubuntu.com/questions/753922/how-to-change-the-order-of-execution-of-services-at-startup14:02
specingwhich calls update-rc.d <service> defaults <number>14:02
specingbut the <number> is not documented in manpage and it doesen't change anything14:02
specing(and it's an ubuntu forum, so they might have fiddled with that program as well)14:03
gnarfaceif you actually want to change the order you may need to edit the lsb header in the init scripts themselves14:04
specinggnarface: alright, how do I make a particular script execute first?14:04
gnarfacehttps://wiki.debian.org/LSBInitScripts14:05
gnarfacethis is probably still relevant14:05
specing> Is it possible to specify that a given script should start before another script?14:06
specing    There is no such standard-defined header, but there is a proposed extention implemented in the insserv package (since version 1.09.0-8). Use the X-Start-Before and X-Stop-After headers proposed by ?SuSe.14:06
gnarfacedon't do it that way14:07
gnarfaceuse Required-Start and Required-Stop14:07
specingBut I want it to start before all others14:07
specingthose two tags are useless14:07
gnarfaceno14:08
gnarfaceyou can make something else require it14:08
gnarfacelike the thing that is currently starting first14:08
specing....14:08
onefangOr just rename the link to S00-14:08
gnarfacehe was saying that part didn't work14:09
gnarfacebut if it works, then it works...14:09
gnarfaceif it doesn't, then there's always the dependency approach14:09
specingonefang: I like that approach14:10
specinggnarface: I did not know about that part14:10
onefangIn theory the scripts are started in numeric order of their symlink name.  Been a long time since i last hacked that stuff.14:10
gnarfacei think the link numbers may not be as relvant anymore due to parallel booting14:12
specing/etc/init.d/.depend.boot has "TARGETS = mountkernfs.sh eudev keyboard-setup.sh mountdevsubfs.sh brltty bootlogd urandom mountall.sh mountall-bootclean.sh hwclock.sh mountnfs.sh mountnfs-bootclean.sh alsa-utils networking checkroot.sh hostname.sh procps checkfs.sh checkroot-bootclean.sh bootmisc.sh kmod espeakup screen-cleanup x11-common stop-bootlogd-single apparmor"14:12
specingI want to start apparmor at start, otherwise dhclient started by networking will be unconfined14:12
specingor, at least that is my working hypothesis for now14:12
onefangMessing with the dependency LSB headers might be a better option then.14:13
nemohttps://news.ycombinator.com/item?id=23464965  gonna be a fun day in the distros14:14
specingI think I'm going to install Beowulf14:14
specingapparmor support should be better there14:14
specingelse SELinux/CentOS is still an option14:18
specingoh well14:18
nemohttps://packages.debian.org/sid/libgnutls30  oh yay - 3.6.14 with this gaping security hole fixed is in sid14:36
nemoso now just has to end up in backports14:36
nemohm. wonder what the odds are that I could install the sid package for a deep dependency. probably not high ☺14:36
nemobullseye has it too...14:37
Wonkabackports? I'd expect that special fix to be put in -security14:42
WonkaIff anything was ever done on oldstable, this would be a case for that.14:43
nemook. so 3.6.7-4+deb10u4 is what I need to find14:46
nemohmmm beowulf-security is updated but not ascii14:58
nemowelloh wait no. I fail at reading14:59
Wonkaascii is oldstable14:59
nemohttps://security-tracker.debian.org/tracker/source-package/gnutls2814:59
nemo3.5.8-5+deb9u4 is the stretch fix14:59
nemoand it is in ascii14:59
nemohowever it looks like ascii gnutls has other vulnerabilities. less serious ones15:00
brocashelmdevuan folks: thoughts on dnscrypt + libredns?15:29
nemobrocashelm: as opposed to DoH?15:31
brocashelmnemo: libredns does support doh15:35
brocashelmi was just wondering what the channel's thoughts are on using these for their dns configs15:36
nemobrocashelm: I was thinking more dnscrypt vs doh15:39
bgstack15i'm kinda lame; I just use bind9 and that's it15:58
humpelstilzchen[me too15:58
bgstack15and real resolv.conf; none of that weird new-fangled stuff that says resolv.conf is deprecated15:59
bgstack15but i fully expect the room to agree with me, because of what projects tend to "deprecate" resolv.conf...15:59
systemdlete2People who hate resolve.conf can deprecate it all they want.  But software doesn't care if it is insulted or not ("deprecate" means to insult, not to obsolesce.  "Obsolesce" means to obsolesce.  I'm starting a fund to provide software developers with dictionaries.)16:16
systemdlete2It is far more likely that the person who wrote the software will feel insulted.16:18
systemdlete2I'm just sayin'.16:18
fsmithredto pray for deliverance from16:21
MinceRthey do want software engineers to feel insulted16:21
MinceRand praying for deliverance is totally fit for a cult like that of systemd :>16:21
fsmithredthat was my first thought16:21
systemdlete2fsmithred:  Was your remark in reference to mine?  Or someone else?  (I'm confused)16:22
fsmithredyours16:23
fsmithredit's one of the definitions of deprecate16:23
systemdlete2deprecate doesn't mean to pray for deliverance... so?16:23
fsmithredaccording to dictionary.com it's an archaic meaning of the word16:24
systemdlete2hmmm.  Thanks.16:24
fsmithredThe earliest meaning of deprecate was "to pray against, as an evil," and soon after this first meaning it took on the additional sense "to express disapproval of."16:26
fsmithred- Merriam-Webster16:26
systemdlete2"soon after?"16:26
fsmithredlol, yeah probably less than 100 years16:26
systemdlete2But really... what was wrong with "obsolesce"16:26
systemdlete2Wait, I thought you said "archaic?"16:27
fsmithreddeprecated features are not obsolete - they still work16:27
fsmithredfor now16:27
systemdlete2Old IBM manuals, and others from that era, used the term "obsolescent"16:27
systemdlete2It didn't mean they disappeared.  It just meant to stop using them because they would eventually stop being supported.  Same as your own definition.16:28
systemdlete2So "obsolete" really is sufficient.16:28
systemdlete2But I did not know about the other defs of deprecate.16:30
systemdlete2fsmithred:  I see the article link from the m-w.com entry.  Very interesting.16:35
systemdlete2I am surprised, even disappointed, that neither the entry nor the linked article mentioned obsolescent.16:36
systemdlete2Thanks again for that info.16:36
systemdlete2BTW, I also note that the use of "deprecate" in respect to tech was only added in June 2018.16:42
fsmithredno way16:43
fsmithredthat word has been used in linux for many years16:44
tomtasticBeowulf is stable, wonderful. Chimaera however, I was expecting would have a chimaera-security repo available,... and it does not,... yet17:18
tomtasticIs this likely to happen in the future, or should I remove that source from my apt config ?17:19
cosurgiuh-oh. aptitude sarted giving me this error: Failed to fetch http://packages.devuan.org/merged/dists/beowulf/InRelease17:26
cosurgiFailed to fetch http://packages.devuan.org/merged/dists/beowulf-security/InRelease17:26
cosurgiFailed to fetch http://packages.devuan.org/merged/dists/beowulf-updates/InRelease17:26
cosurgiany way to fix this? Or jus wait for the servers to be back online?17:27
cosurgihey wow: https://devuan.org/os/releases we have Chimaera ! :)17:28
fsmithredtomtastic, there will be a chimaera-security when there is a bullseye-security, which will be when bullseye is released as stable. Maybe around a year from now.18:05
systemdletefsmithred:  I first noticed the use (or misuse) of "deprecate" in the Perl book by John Christianson et al back in the early 90's.  I had never seen it used like that prior to that.  The term had always been "obsolescent"19:06
systemdleteBut that June 2018 date is when m-w added it.19:07
fsmithredyeah, I figured that was the case19:07
systemdleteThere is no question it has been used for a long time.19:11
tomtasticfsmithred thats clear, thank you19:23
plasma41cosurgi: Change the domain names to either pkgmaster.devuan.org or deb.devuan.org. I'm pretty sure packages.devuan.org doesn't exist.20:00
fsmithredit does, but it won't last forever20:02
onefangdeb.devuan.org is preferable to pkgmaster.devuan.org, helps to spread the load.  pkgmaster.devuan.org is the upstream all the other package mirrors sync to, deb.devuan.org is a DNS round robin that spreads the load to a bunch of our package mirrors.20:55
tomtasticI like my updates to come from HTTPS though, and deb.devuan.org doesn't work for that21:56
onefangPick a nearby HTTPS mirror from https://pkgmaster.devuan.org/mirror_list.txt then.  There's plenty.22:06
cosurgiplasma41, onefang : thanks! It solved the problem :)22:07
* cosurgi uses deb.* now22:07
plasma41cosurgi: np22:09
Guest3495Hello. My ZNC is currently down so I've rejoined using a shitty web client22:58
Guest3495I need help22:58
Guest3495I was the one who recently upgraded from v2 to v322:58
Guest3495I thought I resolved my depenendency hell, but now it seems I have hundreds of permission errors22:59
Guest3495I try to reinstall packages with apt, and it fails22:59
Guest3495The latest error is this22:59
Guest3495God damn I hate webirc22:59
Guest3495It was this22:59
Guest3495ERROR: /usr/bin/msmtp is setgid. torsocks will not work on a setgid executable.23:00
Guest3495So my permissions are bonked23:00
Guest3495I can't run cmus23:00
Guest3495I get a library error23:00
Guest3495cmus: error while loading shared libraries: libcue.so.1: cannot open shared object file: No such file or directory23:00
Guest3495This is despite reinstalling every dependency by hand23:00
Guest3495The latest kernel is broken, when my thinkpad is not on its dock init stalls on the irqloader and makes clicking sounds with the internal buzzer23:01
Guest3495When I boot on the previous kernel, it does not stall but presents several errors surrounding laptop mode following the irqsequencer23:01
Guest3495Or whatever the hell it is called23:01
Guest3495Is anyone avalible to aide me in fixing htis23:01
Guest3495I can't mail to dng, my mail setup is fucked23:08
Guest3495Is there anyone here who can possibly help me23:08
Guest3495This is a somewhat urgent issue and I do not myself know the full extent of what has gone wrong23:09
tomtasticRestore from backup ?23:13
Guest3495I have no backup23:13
Guest3495I upgraded the system several days ago with guidence from this channel, using the dist-upgrade method23:13
Guest3495During that time I reached dependency hell at least 5 times23:14
Guest3495I believed it was rectified, but these errors continue to come up23:14
Guest3495Now I've discovered that the interupt sequencer is broken, I have no laptop-tools, numerous libraries are gone despite being installed and reinstalled, I can't send and recieve mail with my fetchmail+mutt+Msmtp setup23:15
Guest3495I can't play music with cmus due to the error, I keep running into issues as they come up23:15
Guest3495I do not know the full extent of damage23:15
Guest3495The interupt sequencer is scary enough, but when I run bleachbit to clean my swap it fails to come back up23:16
Guest3495I guess I have to idle here until other people see my plea23:20
plasma41Guest3495: Do you have aptitude installed?23:52
Guest3495yes23:52
plasma41Can you run it? It's dependency resolver is top-notch. I wouldn't dare run the crazy hybrid config I use were it not for aptitude.23:54
Guest3495This is broken23:55
Guest3495https://freespeechextremist.com/notice/9vv4wheXzrIN7lJR1U23:56
Guest3495plasma4123:56
plasma41Guest3495: If you want to send me an image, do it without a website that requires javascript, please.23:57
Guest3495It's free javascript under stallmanism, but ok23:58
Guest3495https://freespeechextremist.com/media/44c6ab71-0aff-43e4-9756-dceb4cc905dd/2020-06-09-145442_484x602_scrot.png?name=2020-06-09-145442_484x602_scrot.png23:58
Guest3495https://freespeechextremist.com/media/4434ccee-9f6d-4ba6-9291-121bf1b34090/2020-06-09-145544_1366x768_scrot.png?name=2020-06-09-145544_1366x768_scrot.png23:58
Guest3495https://freespeechextremist.com/media/e433cc59-c05a-4846-8704-97929a39cad5/2020-06-09-145549_1366x768_scrot.png?name=2020-06-09-145549_1366x768_scrot.png23:58
Guest3495https://freespeechextremist.com/media/8c4455dd-7175-4c9f-9505-a8fc35b11e4a/2020-06-09-145553_1366x768_scrot.png?name=2020-06-09-145553_1366x768_scrot.png23:58
Guest3495https://freespeechextremist.com/media/5f9e27d4-765e-4115-9494-e343ca6e1f0c/2020-06-09-145923_484x602_scrot.png?name=2020-06-09-145923_484x602_scrot.png23:59
plasma41https://www.debian.org/doc/manuals/aptitude/ch02s03s03.en.html Is the best thing since sliced bread for dependency resolution.23:59

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!