#archlinux32 | Logs for 2018-05-02

[00:05:14] * deep42thought found it - the buildmaster would black list packages if their checkdependencies could not be met ... it's fixed now :-)
[00:30:05] -!- deep42thought has quit [Quit: Leaving.]
[01:11:30] <buildmaster> gcr is broken (says buildknecht2).
[01:19:31] <buildmaster> nodejs-emojione is broken (says buildknecht3).
[01:22:38] <buildmaster> pm2 is broken (says rechenknecht).
[01:25:26] <buildmaster> linux is broken (says buildknecht3).
[01:27:23] <buildmaster> linux-zen is broken (says rechenknecht).
[01:32:54] <buildmaster> python-beaker is broken (says buildknecht3).
[01:34:47] -!- bill-auger has quit [Read error: Connection reset by peer]
[01:35:25] -!- bill-auger has joined #archlinux32
[01:52:29] -!- isacdaavid has quit [Quit: Leaving.]
[03:38:20] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.stdin.2018-05-02T03:38:01.zkQBej"?.
[04:25:53] -!- buildmaster has quit [Ping timeout: 276 seconds]
[05:32:23] -!- davor has quit [Ping timeout: 268 seconds]
[05:38:30] -!- davor has joined #archlinux32
[06:48:07] -!- titus_livius has joined #archlinux32
[09:00:09] -!- deep42thought has joined #archlinux32
[09:25:21] -!- davor has quit [Ping timeout: 240 seconds]
[09:27:51] -!- eduardoeae has quit [Ping timeout: 240 seconds]
[09:31:31] -!- davor has joined #archlinux32
[09:58:29] -!- AndrevS has joined #archlinux32
[11:22:56] -!- eduardoeae has joined #archlinux32
[11:35:05] -!- eduardoeae has quit [Ping timeout: 240 seconds]
[11:43:51] -!- eduardoeae has joined #archlinux32
[11:47:03] <deep42thought> tyzoid: How about that: https://github.com ?
[11:47:04] <phrik> Title:GitHub - masonicboom/ipscrub: IP address anonymizer module for nginx (at github.com)
[12:32:15] <tyzoid> hey deep42thought: archlinux32-keyring in releng doesn't conflict / replace archlinux32-keyring-transition
[12:32:30] <deep42thought> should it?
[12:32:38] <tyzoid> I'd also like the transition keyring in releg
[12:32:40] <tyzoid> releng*
[12:32:41] <deep42thought> you're not supposed to install the transition keyring
[12:32:46] <deep42thought> hmm
[12:32:52] <deep42thought> hmmmmm
[12:32:57] <deep42thought> yeah, sounds valid
[12:33:15] <tyzoid> Makes it so that we don't need to sign any keys with pacman-key
[12:37:11] -!- buildmaster has joined #archlinux32
[12:37:15] <deep42thought> buildmaster: wb!
[12:37:54] <deep42thought> tyzoid: it's in git now, as soon as my perma-build of qgis-git finishes, I'll schedule a build of these packages
[12:38:17] <tyzoid> deep42thought: Ok. Just fyi, this is what's holding up the iso build right now
[12:39:30] <deep42thought> in that case, I'll abort my build
[12:43:00] <deep42thought> ok, should be there
[12:59:20] <tyzoid> not seeing it, did you update the repo db?
[13:01:20] <deep42thought> yes, but probably not the lastsync
[13:21:27] <tyzoid> sweet, that's working now
[13:21:33] <deep42thought> :-)
[13:21:45] <tyzoid> btw, I updated the releng scripts on github. I'll merge it once it completes successfully
[13:21:54] <deep42thought> ok
[14:07:47] <deep42thought> it seems, the only way to let nginx not log ip addresses in the error log is to not have an error log at all
[14:11:39] <eschwartz> tyzoid: multiple keyring packages can install the same key :)
[14:12:06] <deep42thought> yeah, but to keep things clean, the transition package should go away after the transition :-)
[14:12:34] <eschwartz> Yes, which is why it is important that multiple packages can install the same key
[14:12:52] <deep42thought> ah, yes
[14:13:34] <eschwartz> IIUC tyzoid suggested that keeping the transition package avoids the need for users to lsign keys themselves... Which is wrong
[14:14:12] <deep42thought> no, I think, he wanted to have the transition package in x86_64/releng, so his vboxes can create the isos without manual signing any keys
[14:24:14] <bill-auger> anyone know whats up with gksu ? https://packages.archlinux32.org
[14:24:15] <phrik> Title:Arch Linux 32 - gksu 2.0.2-6 (i686) (at packages.archlinux32.org)
[14:24:49] <deep42thought> hmm?
[14:25:07] <bill-auger> package is not in arch anymore - im trying to find the PKGBUILD so i can rebuild it but the link on archlinux32 website links back only to the missing arch page
[14:25:21] <deep42thought> well, we should simply delete it, then
[14:25:35] <bill-auger> where do you guys keep your PKGBUILDs
[14:25:41] <bill-auger> it has depends
[14:25:47] <deep42thought> we only have the modification
[14:25:49] <bill-auger> * dependents*
[14:25:57] <deep42thought> ... if any :-)
[14:27:45] <bill-auger> i tried to checkout from arch SVN and it says there ws no such package
[14:27:54] <deep42thought> huh?
[14:27:55] <deep42thought> strange
[14:28:35] <deep42thought> should be in revision 755a9e9882b27e39a710083b7b7c1729ef9839a0
[14:29:07] <deep42thought> there was!
[14:29:34] <deep42thought> (this is a git revision, obviously)
[14:54:14] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.stdin.2018-05-02T14:54:14.5aRr6j"?.
[14:57:06] -!- AndrevS has quit [Quit: umount /dev/irc]
[14:58:17] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.stdin.2018-05-02T14:58:16.oTiFa8"?.
[15:05:59] <tyzoid> eschwartz: Ditto what deep42thought said: the x86_64 releng repo is only for our build tools, so it will allow me to get the keyrings added without having to manually define key ids in the scripts
[15:06:46] <deep42thought> tyzoid: the question is, how long this approach will work
[15:07:13] <deep42thought> some day, all the keys signed in archlinux32-keyring-transition will be expired and you'll need another transition package ...
[15:08:15] <tyzoid> At some point, but it seems more maintainable this way anyway, since this is how arch32 is architected anyway.
[15:08:30] <deep42thought> yeah, I'm just saying
[15:08:49] <tyzoid> deep42thought: The other option is to tell the vm to set the time to 2018-05-02T1200Z
[15:08:55] <deep42thought> lol
[15:08:57] <tyzoid> so the keys will always be valid
[15:09:10] <deep42thought> only if they're not being rejected at the end of their live
[15:09:14] <deep42thought> *life
[15:09:30] <tyzoid> How's it gonna know? We're not going to give it the revocations xD
[15:10:24] <deep42thought> yeah, probably it won't try to refresh all the keys in the keyring
[15:10:29] <deep42thought> but I'm not sure
[15:10:55] <tyzoid> i686 iso is available for testing: https://dl.tyzoid.com
[15:10:56] <phrik> Title:Index of /arch/iso/testing (at dl.tyzoid.com)
[15:11:03] <deep42thought> :-)
[15:11:23] <tyzoid> x86_64 iso is uploading. Unfortunately, I needed to build the iso on my home computer, not my servers :/
[15:11:32] <tyzoid> So that's why it's going slower
[15:11:34] <deep42thought> take your time
[15:11:51] <deep42thought> btw: I tested this nginx-mod-ipscrub and it looks good so far
[15:11:54] <tyzoid> Yeah, just annoying. Since proxmox runs kvm, virtualbox won't run, since VT-x is already in use.
[15:11:55] <tyzoid> Nice
[15:12:04] <tyzoid> Yeah, install whatever you need on that box
[15:12:18] <tyzoid> oh, can you give me the log dir so I can exclude that from the backups?
[15:12:19] <deep42thought> maybe you want that on the forum and bugtracker, too?
[15:12:29] <tyzoid> forum / bugtracker run apache
[15:12:29] <deep42thought> /var/log/nginx
[15:12:33] <deep42thought> ah, crap
[15:12:51] <tyzoid> Besides, having the IPs in the logs are important for the forum at least
[15:13:01] <tyzoid> I'll probably just configure logrotate to only keep logs for a week or two
[15:13:16] <deep42thought> do you blacklist ips?
[15:14:20] <tyzoid> Not in apache, but there are a few ip bans on the forum
[15:14:28] <tyzoid> imo they're not that effective.
[15:16:40] <deep42thought> so what do you need the ips for anyway, then?
[15:17:13] <tyzoid> For tracking behaviour
[15:17:35] <tyzoid> i.e. if a spammer registers or makes a post, I can cross-reference the registration IP and/or post IP with the IP in the logs
[15:18:02] <deep42thought> well, the with this ipscrub thing, you can do this, too, as long, as it happens within the configured interval of salt-change
[15:47:35] <tyzoid> I just prefer to grep through the log on the bbs
[15:47:54] <tyzoid> I'd personally rather rotate the logs out than obfuscate them
[15:48:15] <deep42thought> yeah, I understand that
[15:48:33] <deep42thought> but as I understand it, one is not allowed to collect the data in the first place
[15:50:13] <tyzoid> If we're looking at GDPR rules, we still coud, yes. IIRC we determined that we're not required to follow them, but we decided to reevaluate data collection as a general good practice
[15:50:14] <tyzoid> could*
[15:50:31] <tyzoid> It's under the "Legitimate Interest" rules
[15:50:38] <eschwartz> tyzoid: don't you build with an archlinux32 vm containing archlinux32-keyring?
[15:50:50] <tyzoid> eschwartz: archiso requires x86_64 to run
[15:51:08] <eschwartz> does it? hmm
[15:51:11] <deep42thought> tyzoid: yeah, if it's "legitimate use", then you can collect it, but need to delete it (after the legitimate use expired)
[15:51:15] <eschwartz> if you're only building a 32-bit ISO, why?
[15:51:19] <deep42thought> this might apply, indeed
[15:51:24] <tyzoid> We could probably get it working with an arch32 system, but we haven't patched it yet.
[15:51:27] <eschwartz> ...well, you do do dual ISOs too
[15:51:29] <tyzoid> eschwartz: We also still build dual
[15:51:32] <tyzoid> yeah
[15:52:03] <eschwartz> how old is the transition package?
[15:52:15] <deep42thought> from last year
[15:52:23] <tyzoid> late 2017? Early november, iirc, right before i686 was officially dropped
[15:52:24] <eschwartz> have the keys expired yet? :p
[15:52:25] <tyzoid> btrln signed it
[15:52:39] <deep42thought> mine has
[15:52:42] <deep42thought> :-/
[15:52:51] <eschwartz> I guess if you really want I could sign you another one :)
[15:54:17] <deep42thought> if you'd like to do so, you can build the current archlinux32-keyring (with name -> archlinux32-keyring-transition, and replaces=... and conflicts=... removed) and sign it :-)
[15:54:37] <deep42thought> this would avoid users the hassle of installing archlinux32-keyring right after archlinux32-keyring-transition
[15:55:06] <tyzoid> well, it'll get to that point anyway
[15:55:20] <tyzoid> I think the easiest thing is if one of us becomes TU on upstream, we can sign periodically.
[15:56:08] <eschwartz> tyzoid: City-busz is a TU... I'm perfectly okay to be pinged any time with requests like this too. :)
[15:56:42] <tyzoid> eschwartz: I'm aware. I don't really count him as core team of arch32, though
[15:57:12] <tyzoid> but sure, if it works for you, that's probably the way we'll go. Thanks!
[16:07:50] <eschwartz> By the way... please upload signed release tarballs. :)
[16:08:09] <tyzoid> signed release tarballs of?
[16:08:19] <eschwartz> the keyring32
[16:08:21] <eschwartz> $ git config --get alias.github-release
[16:08:21] <eschwartz> !f() { local repo=$(basename "$(pwd)") tag=$1; git archive --prefix=${repo}-${tag#v}/ -o ${repo}-${tag#v}.tar.gz ${tag}; }; f
[16:08:22] <phrik> eschwartz: The answer is 42.
[16:08:36] <eschwartz> It's easy to sign the thing you get from github
[16:09:17] <tyzoid> ah, I see
[16:10:16] <deep42thought> eschwartz: the keyring should be signed
[16:10:42] <deep42thought> https://github.com
[16:10:44] <phrik> Title:Release v20180411 · archlinux32/archlinux32-keyring · GitHub (at github.com)
[16:10:48] <deep42thought> has a valid signature
[16:11:13] <eschwartz> Only if I git clone it, not if I build the PKGBUILD
[16:11:24] <eschwartz> ideally do both :)
[16:11:32] <deep42thought> and commit the signature where?
[16:11:46] <eschwartz> upload it to the github releases page
[16:11:58] <deep42thought> oh, one can do that?
[16:12:00] <deep42thought> hmmm
[16:12:07] <eschwartz> source=("${pkgname}-${pkgver}.tar.gz::${url}/archive/v${pkgver}.tar.gz"
[16:12:07] <eschwartz> "${url}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.gz.sig")
[16:13:03] <eschwartz> you could even upload your tarball to, just in case... but github creates them with git-archive which should be deterministically reproducible
[16:13:56] <eschwartz> also see https://git.archlinux.org
[16:13:57] <phrik> Title:archlinux-keyring.git - Arch Linux PGP keyring (at git.archlinux.org)
[16:14:50] <tyzoid> deep42thought: hit a snafu with the iso testing
[16:15:02] <tyzoid> lightdm / lightdm-gtk-greeter appears glitched
[16:15:37] <tyzoid> switching to a tty and back fixes the graphical glitch
[16:18:56] <tyzoid> deep42thought: here's a screenshot: https://i.imgur.com
[16:19:40] <eschwartz> deep42thought: how many keys do you have, and why don't you just --edit-key to extend the expiry period?
[16:22:31] <deep42thought> eschwartz: I consider keys as worn out, once they expired
[16:22:57] <deep42thought> plus I just recently learned, you could extend the validity with out making the signatures invalid
[16:23:21] <tyzoid> at a certain point, x.509 seems to be (weirdly) making more sense than whatever pgp does.
[16:23:55] -!- titus_livius has quit [Remote host closed the connection]
[16:23:59] <eschwartz> yes :p in fact "considering them worn out" is considered bad practice, because it becomes confusing to determine which the current key is
[16:24:05] <buildmaster> girls, my database is dirty again ...
[16:24:16] <eschwartz> x.509 is a totally different model
[16:24:27] <deep42thought> well, the one, that has not expired is the current one
[16:24:38] <tyzoid> I'm aware. I'm saying the more I work with both, x.509 seems to make more sense to me.
[16:24:46] <deep42thought> yeah, but it appears I'm thinking more like x509 is designed
[16:26:47] <eschwartz> the current keyring is signed by DE9F7688CACF04FEB81A6C590AEEC90755DA7B5A which is not in the keyring brtln signed...
[16:27:08] <eschwartz> the key is also not signed with a transition message from the old key which brtln signed
[16:27:33] <eschwartz> if you're going to switch keys, at least sign the new key with the old key :p
[16:27:38] <deep42thought> oops
[16:28:05] <tyzoid> uh
[16:28:07] -!- titus_livius has joined #archlinux32
[16:28:08] <eschwartz> this is totally valid when people update from dsa1024 to rsa4096, for example :D
[16:28:37] <eschwartz> also totally valid, but also slightly weird, when they move to a new key of the same strength just because the old one expired.
[16:28:47] <tyzoid> Oh, right. deep42thought: I signed archlinux32-keyring last, but your builder must have replaced it
[16:28:58] <deep42thought> yeah, I do this with my normal key, but I forgot with the build key
[16:29:05] <deep42thought> tyzoid: crap
[16:29:08] * buildmaster resumes sanity.
[16:29:28] <deep42thought> that's another reason why an updated transition keyring makes sense
[16:33:44] <tyzoid> deep42thought: When you have a min, can you see if you can reproduce the issue using the new iso?
[16:34:03] <deep42thought> I'm afraid, I don't have that min right now :-/
[16:34:20] <tyzoid> doesn't need to be right now. Would you have time at all today?
[16:34:29] <deep42thought> maybe in the evening
[16:34:45] <tyzoid> Ok. Other than that, the isos seem to work, so I'll send them over to the mirror.
[16:34:53] <deep42thought> ok :-)
[16:35:01] <tyzoid> this is more of a system issue
[16:35:04] <tyzoid> than an iso issue
[16:42:01] <buildmaster> qemu is broken (says rechenknecht).
[16:43:13] <deep42thought> "Something went really wrong, and we can’t process that file." when trying to upload the signature
[16:43:25] <deep42thought> I have seen this before and didn't get it working
[16:45:12] -!- isacdaavid has joined #archlinux32
[16:47:31] <eschwartz> deep42thought: the key used to sign v20180411 is not in the keyring, it is not signed by keyring keys, etc.
[16:47:51] <eschwartz> I have *no clue* where the key comes from, how can I in good faith sign it?
[16:48:06] <deep42thought> you do not sign that key
[16:48:14] <eschwartz> I tried looking at brtln's signed package to bootstrap my PGP faith...
[16:48:25] <eschwartz> How do I sign the things it signs?
[16:48:33] <eschwartz> it's a useless signature
[16:50:32] <deep42thought> better?
[16:51:03] <eschwartz> is what better?
[16:51:09] <deep42thought> the signature now
[16:52:11] <deep42thought> I should not use -a, makepkg doesn't like it apparently
[16:53:00] <eschwartz> I'm not sure what you want me to look at
[16:53:09] <eschwartz> Did you try to overwrite the tag, but fail?
[16:53:26] <deep42thought> https://github.com
[16:53:27] <phrik> Title:Release v20180411 · archlinux32/archlinux32-keyring · GitHub (at github.com)
[16:53:30] <deep42thought> https://github.com
[16:53:36] <eschwartz> oh, that
[16:53:39] <deep42thought> isn't that what you wanted?
[16:53:49] <eschwartz> right, I was still looking at the git tag :p
[16:54:33] <deep42thought> I forgot --detach-sign
[16:54:34] <deep42thought> sry
[16:56:26] <deep42thought> ah, crap
[16:56:32] <deep42thought> yet another mistake on my end ...
[16:57:18] <deep42thought> ok, now it should be fine
[16:57:50] <eschwartz> pls create archlinux32-keyring-20180411.tar.gz.asc, not v20180411.tar.gz.asc :p
[16:58:21] <deep42thought> ah, that's why it was put in a different location?
[16:58:52] <eschwartz> right
[16:59:27] <deep42thought> nope, still wrong
[16:59:30] <deep42thought> but I gotta go
[16:59:33] <eschwartz> git config --get alias.github-release ==> !f() { local repo=$(basename "$(pwd)") tag=$1; git archive --prefix=${repo}-${tag#v}/ -o ${repo}-${tag#v}.tar.gz ${tag}; }; f
[16:59:56] <deep42thought> sry, I have to leave
[16:59:58] -!- deep42thought has quit [Quit: Leaving.]
[17:24:50] <buildmaster> dsniff is broken (says rechenknecht).
[19:05:17] -!- isacdaavid has quit [Quit: Leaving.]
[19:06:22] -!- deep42thought has joined #archlinux32
[19:06:22] <buildmaster> Hi deep42thought!
[19:06:50] <deep42thought> eschwartz: I don't really like the workflow with github signatures - it involves my mouse too much
[19:09:32] <deep42thought> hmm, we could put the release tarball and signature on github pages (as tyzoid suggested for the static content)
[20:03:01] -!- abaumann has joined #archlinux32
[20:03:01] <buildmaster> Hi abaumann!
[20:03:42] <deep42thought> Hi Andreas!
[20:04:10] <abaumann> Hi :-)
[20:04:29] <abaumann> Just autoinstalled the new iso..
[20:05:02] <abaumann> ..all seem fine.
[20:05:14] <deep42thought> :-)
[20:07:13] <deep42thought> could you reproduce tyzoids graphics issue?
[20:07:36] <abaumann> ah. not yet.
[20:07:43] <abaumann> My autoinstall is all text. :-)
[20:14:42] -!- AndrevS has joined #archlinux32
[20:17:14] <deep42thought> dopsi: Do you have some time to create torrents and magnet links for the may iso?
[20:33:57] <abaumann> deep42thought: I can reproduce tyzoids monitor picture on testing..
[20:34:20] <deep42thought> oh, so this is not related to the iso, then?
[20:34:30] <abaumann> but it's disappearing afterwards when sddm starts up.
[20:37:54] <abaumann> mmh. now I can not reproduce it anymore. maybe it was a slow mode switch?
[20:39:10] <buildmaster> vault is broken (says rechenknecht).
[20:57:55] <abaumann> mmh. no problem. installed from iso, using lightdm/lightdm-gtk-greeter and xfce4
[21:47:13] -!- abaumann has quit [Quit: leaving]
[23:30:47] <buildmaster> liferea is broken (says buildknecht3).
[23:36:13] -!- yans has joined #archlinux32
[23:37:17] <buildmaster> python-beaker is broken (says rechenknecht).
[23:42:11] <buildmaster> linux-zen is broken (says rechenknecht).
[23:51:25] -!- deep42thought has quit [Quit: Leaving.]