IRC Logs for #crux-devel Friday, 2016-05-27

deus_exteK_: you might be interested in this (qemu-2.6.0 cve-2016-{4020,4439,4441} and few other fixes) http://pkgs.fedoraproject.org/cgit/rpms/qemu.git/commit/00:47
*** Workster has quit IRC02:30
*** _________mavric6 has quit IRC02:34
*** _________mavric6 has joined #crux-devel02:35
*** Romster has quit IRC03:49
*** Romster has joined #crux-devel03:49
*** Romster has quit IRC04:54
*** Romster has joined #crux-devel04:55
*** Workster has joined #crux-devel05:42
*** Romster has quit IRC06:30
*** Romster has joined #crux-devel06:31
*** Romster has quit IRC06:52
*** Romster has joined #crux-devel06:52
*** Workster has quit IRC07:07
*** Romster has quit IRC07:52
*** Romster has joined #crux-devel07:53
*** Romster has quit IRC08:01
*** Romster has joined #crux-devel08:01
*** onodera has joined #crux-devel08:13
*** Romster has quit IRC09:10
*** Romster has joined #crux-devel09:11
teK_onodera: a packet manager manager (i.e. something like prt-get)09:57
teK_deus_ex: are these cve _in_ 2.6.0 or fixed by 2.6.0?09:57
frinnsta bunch of unpatched CVEs still for qemu10:00
frinnsthttp://www.openwall.com/lists/oss-security/2016/05/26/910:00
teK_just the usual business  . . .10:00
teK_btw frinnst: whats your experience with video reply on linux on vmware player?10:01
teK_I get shitty performance :-)10:02
onoderateK_: is there anywhere I can follow progress or see the code?10:16
teK_I plan on putting it into git(web) soonish10:41
teK_mercurial's certificate is expired11:09
teK_meh11:09
teK_*selenic's11:10
teK_frinnst: yeah but the CVE described at oss-sec is a bit exotic or overrated11:17
teK_you can, as a privileged user, cause the vm to crash. shutdown -h now does something similar ;)11:17
teK_-- provided -- the crash cannot be made into VM escape / arbitrary code exec, of course11:17
teK_thanks deus_ex11:44
pedjateK_: patches apply cleanly, so I would guess *for* 2.6.0 :)13:10
teK_committed already13:11
teK_twice!113:11
pedjaqemu and qemu-all?13:12
teK_yes13:12
teK_see #crux and your inbox13:12
teK_(if your are subscribed to the ML)13:12
pedjadid you push just the cve patches, or the ones for sdl/spice, too?13:13
pedjaof course I am subscribed to the ML, I am an old Crux user :)13:14
teK_http://pkgs.fedoraproject.org/cgit/rpms/qemu.git/diff/?id=f0208c9e13:14
teK_i.e. no spice13:14
pedjaok13:14
teK_well done13:14
jueteK_: you got any feedback, besides me, wrt port signing?13:15
teK_'no time to check iut out, sorry' mostly13:16
teK_I think frinnst or jaeger (sorry) had a quick glance and no objections13:17
teK_sepen raised some concerns in private with Fredrik, thus my mails13:17
jueok13:17
teK_I think we will be able to sort out these issues quickly13:17
teK_it'll be sane to push signatures asap and offer testing to people until we make things official with 3.313:18
teK_I just would like to see broader testing before going full on signing ;)13:18
jueyeah, should work as the new pkgmk is full backwards compatible13:19
teK_yes, but better safe than sorry. Having all signatures mismatch or something still would suck13:19
pedja3.3?Already?Neckbreaking pace of development this is :)13:19
teK_!13:19
jueI'm using it here since several weeks without issues, only my private repo has .signature files13:20
teK_cool13:20
teK_you probably also saw that portdb already is customized and filled for/with signatures :]13:21
jueteK_: btw, you remember the pinentry update/bugfix? ;)13:21
teK_of course not -_-13:21
jueteK_: yeah, saw that ;)13:21
teK_ACTION goes to check the logs soonish13:21
teK_thanks for the reminder13:21
jue-> http://fe6dd47e39afd92e.paste.se/13:22
juewelcome :)13:22
teK_sweet.. even patches13:22
teK_lazy me feels lucky13:22
jueFYI, I withhold the update to make 4.2 because it breaks several ports13:35
jueall have problems with the 'make install' target if parallel building si enabled13:36
teK_oh. syntax issues?13:36
teK_many devs seem to only run make [-j1] during development13:37
teK_which is odd13:37
jueI found perl, dialog, git and xterm but there are probably much more13:37
teK_me, for example :D13:41
teK_% make -j clean pkg13:41
teK_rm -f pkg13:41
teK_make: 'pkg' is up to date.13:41
teK_rm -f adt.o pkg.o13:41
juehere's a about git -> http://lists.gnu.org/archive/html/bug-make/2016-05/msg00041.html13:42
jue*report13:43
teK_so there will be a new git release containing the fix I guess.. the thing is we ought to find out the hard way if additional stuff breaks?13:43
teK_pedja: I just implemented depupdate in 'pkg' :)13:44
teK_(read: I refrained from trying this in prt-get)13:44
pedjayessss13:44
juewell, I hope we will get a make 4.2.1 soon ;)13:45
teK_I had to add _one_ line of code to pkg_depupdate compared to pkg_update, btw13:45
teK_jue: this would be better; if the 'guilty' party was decided to be make..13:45
pedjateK_: great job.now, push it :)13:46
teK_haha13:46
teK_what I didn't tell you:13:46
teK_I added getmail as dep for git13:46
teK_then I ran ./pkg depupdate git13:46
teK_result:13:46
pedja*drumroll*13:47
teK_% sudo ./pkg depupdate git13:47
teK_DUMMY: cd /usr/ports/contrib/getmail; pkgmk && pkgadd $X13:47
teK_DUMMY: cd /usr/ports/opt/git; pkgmk -u13:47
teK_i.e. the fork/execve calls to /usr/bin/pkg* are missing13:47
teK_.. still13:48
pedjabut, we are getting there (and when I say 'we', I mean 'you')13:49
teK_hahah13:49
teK_exactly13:49
pedjaq: will prt-get use it automagically, or someone has to add support for depupdate to it?13:50
teK_I aim for replacing prt-get13:51
teK_decision was driven by having a look at the code and the copyright statement/year and the absence of jws13:52
pedjadespite your hatred for c++, iirc :) ? cool13:52
teK_hatred is too harsh, I just prefer C, python and even Java over C++13:53
pedjas/hatred/dislike/, then13:53
teK_imho it's like with japanese TV shows just too  overloaded and crowded with symbols13:54
pedjawhere *is* jws?I haven't seen him here for a long time13:54
pedja:)13:54
teK_don't know. Switzerland? ;)13:55
onoderateK_: ahaha, these shows always have a "reaction box" in the corner with some celeberty reacting13:55
teK_oh btw jue / frinnst / jaeger any thoughts on the most recent contrib application?13:55
teK_onodera: yes and big bright neon couloured signes and exclamation marks13:55
onoderaanyways, I have a small suggestion for your "pkg" if you don't mind, say there is not package specified, it would be nice if it tries installing Pkgfile in the current working directory (if there is one) (like how pkgmk does)13:56
teK_oh, japanese death row inmates are not told their date of execution. THey wake each day donering if today may be their last, supposedly. Wow.13:57
pedjajapanese shows i watch (rarely/sometimes) are crowded with gorgeous woman...13:57
teK_not my favourite :-)13:57
onoderateK_: isn't it the same in the US? like they only hear it a few days in advance?13:57
teK_dunno13:57
onoderaI'm also pretty sure the japanese proffered method is by hanging13:58
teK_this will end right after President Trump's terms13:58
teK_it is? wow, again..13:58
pedjabeheading draws the wrong crowd, i guess13:59
pedjakeep it clean, no splatters13:59
teK_http://img.pr0gramm.com/2016/01/25/6811eec558ed1cd1.webm13:59
teK_btw13:59
pedjanew olympic sport in 2020.14:00
onoderalol14:01
teK_http://img.pr0gramm.com/2015/07/27/bd4567d247aaabc0.webm14:02
teK_enough now, back to coding ;)14:02
teK_will think about the pkgmk thingy14:02
teK_gobozon is only modestly pirating amazon's logo, right?14:02
onoderathat looks like a pretty cool toy14:02
teK_and totally worth making a tv show with14:03
jueFWIW, if we are talking about cptn resp. prt-get, he is present on github -> https://github.com/winkj14:05
teK_looking dubiously :>14:06
jueand I think he is still working for Sensirion -> https://www.linkedin.com/in/johanneswinkelmann14:07
teK_which does what?14:07
teK_but he's a preacher now14:08
teK_nice14:08
jue:)14:08
pedjasmart sensors.not the IoT kind, it seems.14:10
pedjabecause reflashing the lightbulb, so it actually works, is fucking insane.14:12
pedjain a few years, THE biggest selling point for a device will be 'no Internet conectivity'14:13
pedjaaltough 'botnet of tosters' has a certain ring to it14:15
teK_throw in some internet-facing killer robots and you are up for shitload of fun14:16
teK_because.. what could possibly go wrong?14:16
onoderapedja: the vast majority have a "nothing to hide" mentality14:20
pedjait's like we learned nothing form Terminator documentaries...14:21
pedjaonodera: scary thing is, i get that a *lot* from people in IT, who should really know better.14:22
teK_onodera: http://dpaste.com/3NV5KNT ;)14:23
onoderaohh I can't wait :)14:24
teK_we'll see (bugs, delays, distractions) :o14:24
onoderafsearch would be nice as well btw14:24
teK_I will go and grep all my crux logs to see how prt-get was suggested to be invoked and implement that14:25
jaegerteK_: I don't particularly know svyatoslav but his repo looked fine to me and passes prtverify without any  trouble14:26
teK_we could ask if he'd be willing to pick up orphaned stuff from contrib (i.e. bully him to)14:27
jaegerI suppose, though I'd kinda prefer people take orphaned ports because they want to14:27
teK_a small hint wont hurt :>14:27
teK_otherwhise: throw them away.14:28
pedjaput them in the attic.git14:28
onoderaalpine linux has an orphaned port repo, which is pretty nice14:28
teK_/usr/ports/atomicwastedumpsite14:29
pedjaI've never played with Alpine, looks cool14:29
onoderaor maybe I'm confusing it with freebsd, anyways, some distro/os has it14:29
onoderaI have it installed on my vps and raspberry14:30
onoderathe package manager is /ridiculously/ quick, even on my old raspberry14:30
pedjaDocker is switching to it, iirc14:30
pedjaas a base OS14:30
onodera>The latest version of Alpine Linux v3.3 weighs in at a whopping 5MB. Not bad for a full blown Linux OS considering 5MB is same size as the Windows Start button.14:31
onoderawhahaha, but yeah they are: https://www.brianchristner.io/docker-is-moving-to-alpine-linux/14:32
pedjasmart move14:32
pedjaNano Windows Server is, what, 400Mb?14:33
frinnstits also shit14:33
frinnst:>14:33
teK_haha14:33
teK_good argument! <314:33
jaegersome of my coworkers use alpine docker images for go software14:33
teK_what's in those 5MB?14:33
jaegerit's resulted in some amusing times when they forget that musl and glibc aren't the same thing14:34
teK_hehe14:34
jueteK_: also no objection to Svyatoslav, he is a long time CRUX user, got the first bug reports from him in 201414:35
teK_I'm ok also, that's three +1s14:36
teK_going to contact him.14:36
teK_s/contact/bully/14:36
juebut TBH, I'm a bit unsure if contrib make sense these days14:36
teK_I know ;-)14:37
jueok :)14:37
teK_"gut, dass wir darueber geredet haben"14:38
teK_what's the alternative? throw everything into opt?14:38
juewrt make 4.2: llvm fails to build with it, even with -j1 added to both make targets14:38
teK_yay14:38
jaegerI wouldn't object to getting rid of contrib14:39
jueteK_: at least parts of it and throw away the more or less outdated stuff14:39
onoderaI'm in favor of some "contrib" repo where everyone can make pull requests14:39
jaegerIt doesn't seem like it's much separated from opt these days, functionally, except has a lot more volume (and a lot more stuff that's not actively maintained)14:39
teK_did mikhalil officialy resign?14:39
teK_I dont remeber14:39
teK_*m14:39
pedjaonodera: that wouldn't change much.owner of the port still has to find the time to actually test/push the update.14:42
onoderaoh right14:43
teK_what would a merge fix?14:44
pedjanothing14:44
teK_we could try and separate ports in a way that there will be actually people not having to sync contrib (speeding things up), which is a minor gains also14:44
pedjacontrib-maintained/contrib-dead(ish) ?14:46
juethe big diff between opt and contrib is the state of the maintainers, opt maintainer are official CRUX team members where contrib are not14:49
jueand AFAIKS opt ports are mostly up-to-date compared to contrib14:50
teK_yeah so why remove that distinction? contrib needs a cleanup, yeah14:51
jueand not at least, if all contrib maintainers are opt maintainer as well, which is our current situation, for what do we need contrib?14:51
teK_the future14:51
teK_:-)14:51
teK_the big bright maintainer-rich future14:51
pedjaso send the message to the ML, 'unmaintained ports will be moved to contrib-graveyard on $date.beware.' :)14:52
teK_no maintainers were hurt during this sweep14:55
onoderateK_: I don't think there are enough maintainers for that15:00
onoderathay being  making contrib and opt the same quality, so imo it's a good idea to put the more "high profile" ports in opt and the rest in contrib15:00
pedja How much bigger would Crux iso be, then?Since it contains core,opt and xorg.15:10
jueonly a few opt ports are on the ISO15:11
juecurrently15:12
pedjaah.ok, then.15:12
pedjajaeger once said that it wouldn't be too hard to netboot Crux via something like netboot.xyz.that would be awesome for someone with old hardware/flaky usb ports <---me :)15:16
teK_go for it, tiger15:18
teK_;)15:18
pedjaIt's been a while since I tried it, iirc it boots but can't find the rootfs, or something.Hm...15:19
teK_ this behaviour will change in15:19
teK_              prt-get 0.6, where full path search will be default.15:19
teK_oops ;)15:19
onoderajue: oh I always assumed all opt ports where in there16:28
*** Romster has quit IRC17:53
*** Romster has joined #crux-devel18:01
*** isidore has joined #crux-devel18:06
*** Romster has quit IRC18:33
*** Romster has joined #crux-devel18:33
*** isidore has quit IRC18:43
*** Romster has quit IRC18:56
*** Romster has joined #crux-devel18:56
*** Romster has quit IRC19:03
*** frinnst_ has joined #crux-devel19:21
*** frinnst has quit IRC19:23
frinnstteK_: lighttpd are a few versions behind21:40
frinnst1.4.39 is out, 1.4.35 is in contrib21:42
teK_ok21:42
teK_btw I am attending a birthday party tomorrow21:43
teK_stupid me forogt21:43
teK_1.4.37 is in contrib21:43
frinnstright, sorry21:44
teK_no problem21:45
teK_was just shocked ;)21:45
teK_https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=82539421:55
teK_ systemd kill background processes after user logs out21:55
teK_sounds promising? Money quote:21:55
teK_You see? No reason to complain about.21:55
frinnstlol22:01
teK_BMW announced their new M322:22
teK_74.000EUR22:22
teK_wth man22:22
frinnstcheap22:50
frinnst..22:50
frinnstwhat did the old one cost?22:51
teK_dont remember22:55
teK_similar I guess22:55

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!