#archlinux32 | Logs for 2018-03-26

[00:23:21] -!- belanthor has quit [Ping timeout: 240 seconds]
[00:24:24] -!- belanthor has joined #archlinux32
[01:11:04] -!- Mart|n has quit [Remote host closed the connection]
[01:43:58] -!- Mart|n has joined #archlinux32
[04:28:21] -!- belanthor has quit [Ping timeout: 240 seconds]
[06:37:18] -!- titus_livius has joined #archlinux32
[06:46:32] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.2018-03-26T06:46:31.NTnxwz"?.
[06:46:55] <girls> badly timed reboot :-(
[06:48:04] -!- buildmaster has quit [Remote host closed the connection]
[06:49:35] -!- buildmaster has joined #archlinux32
[06:52:18] * buildmaster resumes sanity.
[08:48:53] -!- deep42thought has joined #archlinux32
[08:57:20] * buildmaster goes insane.
[08:58:21] * buildmaster resumes sanity.
[09:16:21] * buildmaster goes insane.
[09:17:20] * buildmaster resumes sanity.
[09:33:10] -!- buildmaster has quit [Ping timeout: 246 seconds]
[13:51:49] <tyzoid> hey deep42thought: https://bbs32.test.tyzoid.com
[13:51:59] <tyzoid> It's currently running on the same database, do you want me to fork the database over too?
[13:56:15] <deep42thought> no, same db is fine
[13:56:27] <deep42thought> I do not intend to actually manipulate the database interaction
[13:56:37] <deep42thought> only the php part
[13:56:40] <deep42thought> btw: thanks!
[13:58:26] <tyzoid> Alright.
[13:58:44] <tyzoid> I also added a warning in the header, just to make it easier to identify which one is the testing version
[13:58:54] <deep42thought> I saw
[13:59:05] <deep42thought> btw: is this ip restricted or public?
[13:59:06] <tyzoid> I've worked with the same setup before, and I'd apply a change and be stuck for hours before realizing I had jumped to the non-test version
[13:59:09] <tyzoid> public
[13:59:11] <deep42thought> ok
[13:59:13] <tyzoid> I can ip restrict if you want
[13:59:25] <deep42thought> no, it's fine
[13:59:36] <tyzoid> Ok. Actually, you should be able to with a .htaccess in root
[14:00:57] <deep42thought> if it's public, you (or someone else) can easily comment on a proposed change
[14:01:29] <tyzoid> Sounds good.
[14:01:40] <tyzoid> let me know if you do want to fork the database at some point
[14:01:45] <tyzoid> since that's where user registrations are stored
[14:02:06] <deep42thought> will do
[14:22:20] eschwartz is now known as anyone
[15:56:12] <tyzoid> hey deep42thought: Just an FYI, I just rented a new dedi that I'm planning on moving the backups to, so you should be hearing more details about that coming later this week.
[15:56:34] <deep42thought> nice :-)
[15:56:49] <deep42thought> will you put the mysql duplicate on that one, too?
[15:57:47] <tyzoid> I can, sure.
[15:58:56] <tyzoid> I'm planning on moving the repo archive over to that server too
[16:04:54] -!- deep42thought has quit [Quit: Leaving.]
[16:24:04] <tyzoid> deep42thought / girls: Have you done PHP dev before?
[16:24:44] <tyzoid> I know you did some stuff for the buildmaster, but from before that
[17:24:47] -!- dopsi has joined #archlinux32
[17:27:10] -!- deep42thought has joined #archlinux32
[17:27:26] <deep42thought> tyzoid: only small stuff
[17:27:29] <deep42thought> nothing serious
[17:27:45] <deep42thought> but actually, I've not programmed anything "serious" before ...
[17:27:50] <tyzoid> Lol
[17:27:52] <tyzoid> makes sense
[17:28:02] <deep42thought> I'm a physisict, not a programmer
[17:28:08] <tyzoid> If you've got any questions, I did 4 years of PHP dev
[17:28:30] <deep42thought> I know stackoverflow, though ;-)
[17:28:41] <deep42thought> but yeah, I'll also consult you :-D
[17:28:43] <tyzoid> Oh, excuse me, mr 10000 yrs experience PHP developer
[17:29:06] <deep42thought> hmm?
[17:29:19] <tyzoid> Collective PHP experience on StackOverflow
[17:29:24] <tyzoid> >=10000 hours
[17:29:24] <deep42thought> ah, right
[17:30:38] <deep42thought> I thought, I had missed some sarcasm in your statement
[17:49:49] -!- Mart|n has quit [Remote host closed the connection]
[17:50:41] -!- Mart|n has joined #archlinux32
[18:03:58] -!- Mart|n has quit [Remote host closed the connection]
[18:11:13] <tyzoid> Oh, there was
[18:11:19] <tyzoid> but that's what it was based off of
[18:11:30] <tyzoid> True sarcasm always has a kernel of truth to it
[18:13:55] <deep42thought> tyzoid: do you happen to have "the original" linux-4.14.13-1.0 kernel from our february (or was it the january?) iso lying around somewhere?
[18:14:40] <tyzoid> deep42thought: If it's not in the archive, it could be on a paccache on some random vm
[18:15:14] <deep42thought> it's not on the archive
[18:15:39] <deep42thought> btw: it would be nice to have a "transposed" view of the archive too
[18:15:47] <tyzoid> Yeah, I've been meaning to add it
[18:15:54] <tyzoid> Need to add that to the bash script
[18:17:29] <tyzoid> I've got 4.13.12-1
[18:18:33] <tyzoid> I don't think I've got that particular version. Is there a particular reason you need that specific version?
[18:24:40] <deep42thought> no
[18:24:47] <deep42thought> that one would be good to test, too
[18:34:30] -!- buildmaster has joined #archlinux32
[18:34:48] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.2018-03-26T18:36:29.yM41O9"?.
[18:34:50] -!- buildmaster has quit [Remote host closed the connection]
[18:43:30] -!- buildmaster has joined #archlinux32
[19:16:44] * buildmaster resumes sanity.
[19:17:01] <deep42thought> \o/
[19:26:49] -!- belanthor has joined #archlinux32
[19:43:49] -!- isacdaavid has joined #archlinux32
[19:50:37] <deep42thought> isacdaavid: I guess, pandoc is one line in that file: https://buildmaster.archlinux32.org
[19:54:45] <isacdaavid> woah, most of them are due to haskell libs
[19:54:54] <deep42thought> exactly
[19:58:47] <deep42thought> either there are circular dependencies or something else is horribly wrong (on my end)
[20:58:49] <tyzoid> deep42thought: https://dl.tyzoid.com
[20:58:59] <deep42thought> thx
[21:00:14] <buildmaster> vala is broken (says buildknecht3).
[21:00:47] <deep42thought> but I'll first run the current test (which will probably not crash): running this box with all the software that uses to run there (in possibly different versions) from the live-usb-stick
[21:01:04] <deep42thought> so I might try this tomorrow or wednesday, then :-)
[21:01:12] <tyzoid> No problem.
[21:01:38] <tyzoid> deep42thought: I'm thinking about creating an offline iso (includes the packages of base / base-devel + sigs directly on the iso)
[21:01:45] <tyzoid> Any thoughts/opinions for or against?
[21:02:17] -!- oaken-source has joined #archlinux32
[21:04:42] -!- bill-auger has joined #archlinux32
[21:04:52] <girls> tyzoid: I'm not sure, that something like that is really useful
[21:05:43] -!- Mart|n has joined #archlinux32
[21:05:44] <tyzoid> Well, the parabola guys have an iso like that, so perhaps bill-auger has thoughts?
[21:06:26] <anyone> would not be opposed to this for Arch... :p
[21:06:36] <bill-auger> i literally just joined the channel - i did not see the question
[21:06:46] <tyzoid> oh, lol
[21:06:56] <deep42thought> we got logs :-)
[21:07:08] <tyzoid> "I'm thinking about creating an offline iso (includes the packages of base / base-devel + sigs directly on the iso)"
[21:07:10] <bill-auger> life is to short for logs
[21:07:15] <deep42thought> titus_livius: you got them, right?
[21:07:31] <tyzoid> I'll take that as a yes
[21:07:35] <bill-auger> yes that is exactly what i did for parabola
[21:07:40] <anyone> [21:01:38] <tyzoid> deep42thought: I'm thinking about creating an offline iso (includes the packages of base / base-devel + sigs directly on the iso)
[21:07:40] <anyone> [21:01:45] <tyzoid> Any thoughts/opinions for or against?
[21:08:14] <bill-auger> besides the obvious benefit of keeping the ISO to install on multiple machines and also while offline
[21:08:44] <anyone> We've got instructions for putting it a second usb drive instead...
[21:08:45] <bill-auger> it has the added benefit of having the keyring not be out of sync with the packages in the repo
[21:09:10] <anyone> which is obviously awkward
[21:09:11] <deep42thought> that's actually a nice one
[21:09:30] <bill-auger> because the repo is on the CD and it ws put there at the same time the keyring was current
[21:09:54] <anyone> probably convenient for people who have weird hardware like macbooks with no internet
[21:10:03] <deep42thought> on the other hand, our keyring does not change that often
[21:10:15] <tyzoid> yes, but we also produce -dual isos
[21:10:27] <deep42thought> ah right
[21:10:36] * deep42thought totally forgot about upstream's keyring
[21:10:42] <tyzoid> :)
[21:10:50] <deep42thought> hey, let's recompile x86_64, too :-D
[21:11:00] <tyzoid> arch32x64
[21:11:17] <deep42thought> arch2048?
[21:11:24] <bill-auger> even if the keyring members do not change the keys get untrusted if they expire
[21:11:24] <tyzoid> lol
[21:11:32] <tyzoid> True too
[21:11:37] <bill-auger> and signing keys are recommended to be short lived
[21:12:55] <deep42thought> tyzoid: "/dev/sdc 3,6T 233G 3,2T 7% /srv" - I got plenty of space - if you like the idea, just create such an iso and upload it
[21:13:20] <tyzoid> Well, it's less of the space of your system, and more about the syncing mirrors
[21:13:30] <tyzoid> unless you'd prefer I put it elsewhere
[21:13:47] <deep42thought> well, we could structure the archiso folder more
[21:14:03] <deep42thought> and mark the offline-iso one optional
[21:14:04] <tyzoid> True, especially if we clean out old isos
[21:14:30] <deep42thought> how large would that iso become anyway?
[21:14:35] <tyzoid> Besides, I'm targeting <1.5gb for the i686 one, and <3gb for the -dual one
[21:14:46] <tyzoid> I'm not going to include the whole repo, probably just core stuff
[21:14:46] <deep42thought> well, that should be fine with any mirror
[21:14:58] <tyzoid> We should probably have a discussion on what gets included
[21:14:59] <deep42thought> core, base, base-devel
[21:15:02] <anyone> bill-auger: kind of silly really since anyone hacking the key could extend it too.
[21:15:10] <tyzoid> but I'm thinking just as a start, base, base-devel, vim, grub
[21:15:22] <anyone> It's only ever useful for an "I'm dead, ignore me" indicator
[21:15:23] <tyzoid> Yeah, probably all of core would be good
[21:15:27] <deep42thought> anyone: how would you extend a key?
[21:15:36] <anyone> gpg --edit-key
[21:15:50] <tyzoid> Doesn't that invalidate sigs on the key, though?
[21:17:42] <anyone> Uh, I thought they remained valid but I could be wrong
[21:18:09] <anyone> I would think it makes more sense to have a signature which expires though...
[21:18:48] <tyzoid> Yeah, that would be a cool feature
[21:19:17] <tyzoid> That's essentially how x.509 works
[21:20:00] <bill-auger> the parabola ISOs weigh at about 400MB per architectyre for arch netinstall - add another 400MB per architectyre for the repo on disc
[21:20:26] <tyzoid> Yeah, ours are a bit more, but IIRC, we've got a bit more on the iso
[21:21:01] <bill-auger> the "complete" ISO that is above 3GB is dual arch LXDE dektop with all packages
[21:22:06] <tyzoid> bill-auger: how big is your mirror?
[21:22:19] <bill-auger> about the keys - letting your signing key expire should never be a problem - people do not sign your signing key - they sign your master key - that one should be long lived
[21:23:01] <bill-auger> but even the laster key should expire say every year or two - keys can always be extended even after expired - it does not affect the signatures
[21:23:06] <anyone> Yeah, I'm pretty sure you don't need to re-sign someone's key when they extend the expiry date
[21:23:15] <tyzoid> That's dumb
[21:23:37] <bill-auger> whats dumb about it?
[21:24:01] <anyone> thinking that expiry dates is a security protocol is dumb
[21:24:03] <bill-auger> signatures are valid unless the person who signed revoke the signature
[21:24:20] <deep42thought> if something about a key is changed - especially its best-before date - its signatures should become invalid
[21:24:27] <anyone> expiry does force users to look for updates including possible revocation, so there is that
[21:24:49] <tyzoid> Idk, might just be me working in x.509 land for ${DAYJOB}, but it seems like if any piece of a key cert changes, the signatures of that should become invalid as a result
[21:24:51] <anyone> dunno why we'd need to bloat everything by signing the expiry date too
[21:24:52] <bill-auger> expiry is a security feature - but it must be revoked as soon as it is comprimised
[21:25:08] <anyone> not in pgp it isn't
[21:25:32] <anyone> it is at best a keep-alive mechanism for looking up security features
[21:25:33] <deep42thought> if I bruteforce a 20year old key with a signature from some archlinux master key should I be trusted to sign packages then?
[21:25:52] <anyone> no, because the master keys revoked it
[21:25:58] <tyzoid> hopefully someone will have revoked it/it wouldn't be included in the keyring
[21:26:05] <bill-auger> hm well ya know i dont think anyone ever considered a 20 year old key
[21:26:24] <bill-auger> probably they recommend not to keep any keys for that long
[21:26:29] <tyzoid> bill-auger: anyone in particular? or anyone in general?
[21:26:35] <anyone> The master keys are only ever used to sign/revoke keyring keys
[21:26:44] <bill-auger> i mean anyone who invented PGP
[21:26:59] <bill-auger> or any kind of crypto
[21:27:13] <bill-auger> im sure amazon would not use the same SSL cert for 20 years
[21:27:28] <tyzoid> mostly because certs from 20 years ago used md2, iirc
[21:27:41] <tyzoid> wait, that would be 1998, maybe md5 by then
[21:28:44] <anyone> keys from *@master-key.archlinux.org listed on https://www.archlinux.org are religiously used for the one purpose, and we open bug tickets to track every single dev/TU to sign their keys or retire them from the packaging team
[21:29:02] <anyone> this is how you do it right...
[21:31:34] <tyzoid> deep42thought: speaking of ^, should we send each other revocation certs for our master keys?
[21:31:45] <deep42thought> yes
[21:32:11] <deep42thought> and also track what keys are signed / revoked with master keys
[21:32:16] <deep42thought> :-/
[21:33:55] <deep42thought> we should probably set up a similar site like upstream's
[21:34:43] <tyzoid> Do you think it makes sense to just fork archweb? We originally didn't iirc since we didn't think we needed all the stuff
[21:34:50] <tyzoid> plus it would take more effort to maintain
[21:35:18] <deep42thought> I don't know how big the effort would be, but: probably yes
[21:36:04] <deep42thought> but we could also just gradually cherry-pick stuff, we wanted ...
[21:36:32] <tyzoid> Once I migrate the big stuff off my primary server, I'll look at moving some services around
[21:39:32] <deep42thought> tyzoid: the test environment of the forum does not work as intended - I guess, there are some references to bbs.archlinux32.org
[21:39:55] <tyzoid> Yeah, links/etc. Plus probably some hidden stuff.
[21:40:00] <tyzoid> Want me to fork the db?
[21:40:14] <deep42thought> the hostname is in the db?
[21:40:30] <tyzoid> In some places, iirc. Mostly for link generation
[21:40:39] <tyzoid> plus, links in the posts themselves
[21:41:25] <tyzoid> Though I think that's more for the registration emails
[21:42:12] <tyzoid> Plus, if I fork the db, you don't need to worry about accidentally messing up prod, and you can change whatever you want
[21:42:17] <deep42thought> "$redirect_url = get_base_url(true).'/index.php';"#
[21:42:18] <deep42thought> ...
[21:42:34] <deep42thought> yeah, ok
[21:42:42] <deep42thought> it's probably better
[21:43:03] <tyzoid> IIRC that function just gets the request domain from $_SERVER, but not sure.
[21:43:04] <tyzoid> one sec
[21:43:05] <deep42thought> keep the script for forking around, in case I need a fresh copy ;-)
[21:43:25] <tyzoid> It's literally mysqldump followed by mysql < dump.sql
[21:44:01] <deep42thought> plus "sed 's/bbs\.archlinux32\.org/bbs32.test.tyzoid.com/g'"
[21:50:21] <deep42thought> stupid me
[21:50:41] <deep42thought> I found, why the build slave died
[21:50:50] <deep42thought> or rather "froze"
[21:51:53] <deep42thought> I accidentally activated an old cronjob which takes much longer currently - and thus blocks everything :-/
[21:52:30] <deep42thought> it took the buildmaster about one day to finally lock up due to this :-D
[21:54:24] <tyzoid> ah
[21:54:29] <tyzoid> Also, hmm.
[21:54:40] <tyzoid> Forked the db, but still thinks it's the old domain
[21:54:50] <tyzoid> taking a deeper look
[21:54:58] <deep42thought> take your time, I'll go to bed now anyway
[21:54:59] -!- deep42thought has quit [Quit: Leaving.]
[21:57:57] -!- oaken-source has quit [Ping timeout: 246 seconds]
[22:29:28] <tyzoid> btw: https://archstrike.org
[22:29:37] <tyzoid> AS announced that they're continuing i686 support
[23:00:51] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.2018-03-26T23:00:10.zcCGsU"?.