IRC Logs for #crux-devel Tuesday, 2013-01-08

*** irclogger_ has joined #crux-devel03:35
jueadded a rule for ca-certificates to our ck4up at crux.nu03:45
jueca-certificates  md5  http://curl.haxx.se/ca/cacert.pem  \$RCSfile:.*$03:45
jueit's not so nice because we have to download the whole file, but well ...03:47
mike_kseems not so trivial to get a recent and stripped down version of 'services' file. 'protocols' is more or less OK in NetBSD. will dig into that later. (probably parsing the html would give the best results, as official so-called 'plain text' version is weird)03:53
jaegerregarding the trust issues with certdata.txt, search certdata.txt for CKT_NSS_NOT_TRUSTED - there are more than just TURKTRUST06:26
jaegerSome of them might be tests but there are others that are valid like DigiNotar06:27
jaegerhttp://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt if you need the link06:27
frinnstbut not included in http://curl.haxx.se/ca/cacert.pem ?06:29
jaegerI haven't compared them directly yet, need to do that06:29
frinnstI only see turktrust still in that one, but it was generated before the issue was known06:29
frinnstah, correction. it was removed06:30
jaegerRather than comparing I looked at the mk-ca-bundle.pl script, looks like they're doing the right thing, just needed to update the pre-built .pem file06:30
jaegerline 176:       if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/06:31
jaegerI suppose if I had the right perl modules installed I could generate my own and check it against the one we download but I think it's safe06:33
jaegerhrmm... kernel 3.7.1 doesn't play nicely with the current vmware tools, should we go back to 3.6.11 for the 3.0 ISO or just leave it?06:49
jaegerI'm sure the vmware folks will update the tools but no idea when06:49
juejaeger: the ca-cert update from today only covers the turktrust issue, see the link I put into the commit-message07:20
jaegerjue: right, but it seems like it was correct other than turktrust07:21
juejaeger: looks like they did some improvements to the script already -> https://github.com/bagder/curl/commit/3a0b64489f1ae721d6647fa4fc90b7dbb91dd38707:28
jaegeryeah, that matches my quick look at the script earlier from the curl source tarball07:29
jaegerspecifically lines 176 and 17707:30
jueI've just build a new pem file with mk-ca-bundle from git and compared the it with the file in our port, no difference ;)07:32
jues/the it/it/07:32
juecertdata.txt is still dated 2012/12/2907:34
jaegerok07:45
jaegerI think the turktrust one was the only one that was an issue07:45
jaegerthe diginotar ones were already gone07:45
jaegerI think I'll roll the kernel back to 3.6.11 for the ISO, little bit more flexible that way07:47
jue3.6 is EOL, but if you found issues we should go back08:02
jaegerso far only that vmware doesn't support 3.7 yet08:07
jaegernot the end of the world, I just preferred to have vmware support straight out of the install08:11
jaegerIf you want to go with 3.7 I can easily replace it on my own after installation, so I have no strong preference08:11
jueno, it's entirely ok for me to have 3.6.11 for the ISO08:17
jaegerok08:19
pitillohey teK_, sorry for the delay10:48
teK_no problem10:50
teK_if you send me your public key I will add a new user on crux.nu with commit rights to the e17 repo10:52
pitillogreat10:52
frinnstjaeger: the binary vmwaretools?12:16
jaegeryes12:16
frinnsti've never tried that on crux. how much work is it?12:49
jaegernot very much13:06
jaegerinstall zlib-32, mkdir /etc/pam.d /etc/rc.d/rc{0,1,2,3,4,5,6}.d, then run the installer13:06
jaegerI'll build at least one more RC since we have a new firefox and some other changes17:43
*** horrorStruck has joined #crux-devel17:46
jaegerAnything else we should do before another RC?18:20
*** __mavrick61 has joined #crux-devel19:32
prologicjaeger:  are we going to modify the setup to optionally install pure64 vs. multilib?19:54
prologicIs that on the table?19:54
prologicI'd like to see that happen - I don't mind doing the necessary "programming" of the setup bash scripts19:54
jaegerNo, that wasn't ever part of the plan, honestly22:03
jaegerI'm not comfortable distributing pure64 anyway as I don't use it22:03
jaegerpure64 will remain unsupported as far as I know. That's assuming frinnst is still planning to maintain it, even, which I don't know22:04
jaegerAnyway, going to sleep22:05
Romsterjue, why can't you do something like "curl -sI http://curl.haxx.se/ca/cacert.pem |grep Last-Modified" and store that in the ck4up database?23:34
Romsterfrinnst, will probably do a pure 64bit of core parts. knowing him :)23:37
Romsterprobably can overlay that over 3.0/core later on.23:38
Romsterbut it wont be official.23:38
Romsteroverhead of the multilib tool chain is negligibly23:38
Romsternegligible*23:38

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!