IRC Logs for #crux Saturday, 2019-11-16

*** pedja has quit IRC00:22
*** Romster has quit IRC00:52
*** Romster has joined #crux00:54
*** SovietPony has quit IRC01:29
*** SovietPony has joined #crux01:29
*** tilman_ has joined #crux02:16
*** tilman has quit IRC02:19
Rudolphis there a major difference between alan/openssl and core/openssl?03:11
Rudolphalso, just fyi, the pidentd port looks like it might be dead, since no longer resolves05:05
cruxbot[contrib.git/3.5]: libedit: contrib -> opt05:11
cruxbot[contrib.git/3.5]: gtk-doc: 1.29 -> 1.3205:11
cruxbot[contrib.git/3.5]: qbittorrent: 4.1.8 ->
Romsterwhat is up with opt.git i keep getting timeouts.05:12
cruxbot[opt.git/3.5]: libedit: 20141030-3.1 -> 20191025_3.105:13
cruxbot[opt.git/3.5]: libedit: contrib -> opt05:13
Romsterok it went odd on git fetch but git push just worked05:13
RomsterRudolph, looking at alans' openssl it has 32bit support and makedepend if it 's missing in xorg and it's one version behind on c where we are on d05:17
*** Anselmo has quit IRC05:22
Rudolphah, i'll just leave that alone then. don't need anything 32bit or much from xorg05:26
Rudolphthanks Romster05:27
Romsterpidentd i am looking what can be done for that, though it's not my port tek is quite busy05:28
Rudolphnp, i was just going to compare it to oidentd and happened to see that05:29
Romsterhonestly it looks stale as in it's not had any updates in a long time.05:30
Romsteroidentd looks like that is still being worked on05:32
Rudolphyeah, i know the current maintainer and he's pretty active05:32
Romsteri personally prefer keeping to stuff that's got an active maintainer unless it's very stable05:32
Rudolphyeah, agreed05:33
Romsternot being able to get the source from the ftp server is a big downer to dropping that pidentd port05:33
Rudolphotherwise you get things like debian's xchat support05:33
Romstersince oidentd exists05:33
Romstereww yeah i moved to hexchat and i even maintain that one here05:33
Rudolphhaha nice. part of the reason i love crux. i get why people don't like being on the bleeding edge, but i prefer it to extremely old repos like that05:35
Romsterwouldn't take much to package that05:38
Romsteri got some bleeding edge but i don't push if it don't work05:38
Rudolphcool, that would be great. i was going to maintain a package for it in my private collection but if it gets into contrib that'd be even better05:40
Romsterjust throwing one together now05:43
Romsterhttpup sync oidentd05:50
Romstergive it a try i haven't tested it but i used the arch build to get an idea how it should be for crux.05:50
Rudolphit looks to compile fine, but i get a signature mismatch. do i need a public key for your collection?05:52
Romsteroh yeah that'll happen if you don't have my pub file in /etc/ports/05:52
Romsterand my repo in /usr/ports/romster/05:52
Romsterignore signature05:53
Romsterfor the moment05:53
Rudolphsure thing05:53
Romsteri don't like throwing things in contrib etc until tested05:53
Romsteri'm a heavy irc users and i never really bothered with ident daemon i probably should05:54
Romsteri maintain libnetfilter_conntrack already :D05:54
Rudolphyeah, i don't really need it for my server anyways, but its nice to get rid of the ~ from the ident :>05:55
Rudolphgetting this now:05:55
Rudolphinstall: cannot stat '/usr/ports/romster/oidentd/work/src/identd.rc': No such file or directory05:55
Romsteri thought i added that hgmm05:55
Rudolphill wash and ports -u real quick05:55
Rudolphyeah no dice05:56
Romsteroh i missed the o on it..05:56
Rudolphoh lol05:56
Rudolphthat would do it05:56
Rudolphinstalled your pub key too05:58
Romsterok that should be fixed05:59
Romsterlots of my romster ports are in need of updating and fixes05:59
Romsteri keep the bulk in contrib/opt05:59
Rudolphyep, worked perfectly06:00
Rudolphonce i get this server setup i'd like to try packaging just to play around more with crux. it'd be cool to do shellcheck/gitea/znc06:00
Romsterconfigure that /etc/ file then /etc/rc.d/oidentd start06:01
Rudolphye, i'll probably drop it in rc.conf too06:01
Romsterand add it to SERVICES in /etc/rc.conf for starting on boot.06:01
Romsteryou're onto it :D06:01
Romsterit's so nice to get someone that can figure that stuff out. the customers i work with... windows and they can't even do the basics06:02
Rudolphhaha, i've had to install my vm about 500 times from mistakes and misconfigurations, so i've gotten pretty friendly with the handbook06:02
jaegerVM snapshots could be very handy in those cases :)06:02
Rudolphoof, i know what you mean. I used to do edu/k12 IT support which isn't much better06:03
Rudolphjaeger: yeah :c I really really need to get into the habit of that06:03
jaegerI used to use lots of snapshotted VMs to do clean build tests before containers became bigger... now mostly do it with docker06:03
Romsteri was using docker but i've moved to lxc06:03
Rudolphi'm saving up for a new server to play around with at my apartment. when i get that i think i'll use crux in lxc or docker06:04
jaegerWhat do you like better about lxc? I've got zero lxc experience06:04
Rudolphi was gonna do docker initially but ryuo might have talked me out of it06:04
Romsteri didn't have to touch the backend at all on lxc, it doesn't just run a single process like docker does.06:04
Romsterlxc runs more like a VM than a container with a single process06:05
jaegerIn this case I treat docker sorta like that by running bash as its main process, heh06:05
Romsteronly it uses userspace and hosts kernel still06:05
jaegerbut I understand what you mean06:05
Romsternot a real big difference though06:05
jaegerfair enough06:06
Romsteri still say use the right tool for the job06:06
Rudolphoh, sorry, last thing Romster, the services file has it at /usr/bin/oidentd, but it installs to /usr/sbin06:06
Romsterlxc is serving my needs it's a bit less packages than docker06:06
jaegerseems like the job can be done effectively by both06:06
Romsterah Rudolph06:06
Romsterdocker would be better for services i guess lxc might be less secure06:07
Romsterfor hosting stuff perhaps06:08
Romsterlxc is less restricted but still stuck int eh container06:08
Romsterin the*06:08
RomsterRudolph, fixed06:09
Romsteri am usually not this fast06:10
Rudolphis there a way to tell it to skip pre?06:12
Romsterprt-get has a option i think06:13
Romsterbut it's set in a way it wont hurt to run again06:13
Rudolphah, ok. i'll let it go normally then06:14
Romsteronly makes the user and group if it does not exist06:14
Romsterthat is really one of the unwritten? requirements of pre and post files06:15
Romsteri've not read the handbook in some time06:16
Rudolphyeah, i think that worked! i'll play around with it more in a bit, and test an irc connection too06:16
Romsteralso that user has no shell set so you can't login as that user, it's only for daemon use06:17
Rudolphah, makes sense06:17
Rudolphlike what nginx does06:17
Romsteri honestly wonder why we haven't got a user/group creation thing in pkgmk but this is crux KISS06:18
Romsterso quite secure06:18
Rudolphyeah, if i need to execute things as that user, i'll usually just end up doing something like this anyways: "sudo -u oidentd -g oidentd ..." although i usually only really need to do that for my wordpress site06:19
Romsteror get lazy sudo su oidentd ; do stuff; exit06:20
Rudolphhaha even better06:20
Romsternot sure if that works without a shell or not...06:20
Rudolphif not i think you can do something like -s /bin/bash06:21
Rudolphthat might be a su argument though06:21
Romsteri think it just uses the shell you came from.06:21
cruxbot[opt.git/3.5]: wine: 4.19 -> 4.2007:52
*** uplime has joined #crux08:22
Rudolph^ \o/ it works08:22
*** uplime has quit IRC08:22
RudolphRomster: last thing for realsies, i did some research, and it looks like it needs to run as root initially (to bind to port 113) but then automagicallyy drops to the oidentd user if it exists. for management purposes it probably needs to run through start stop daemon, but im a bit drunk right now, so i can write a patch for that in the morning if you want08:26
*** pedja has joined #crux09:16
*** RashmonIRC[m] has left #crux ("Kicked by : User has been idle for 30+ days.")09:55
cruxbot[opt.git/3.5]: python3-pyparsing: 2.4.2 -> 2.4.511:01
cruxbot[opt.git/3.5]: python-pyparsing: 2.4.2 -> 2.4.511:01
cruxbot[opt.git/3.5]: python3-gobject: 3.32.1 -> 3.34.011:01
cruxbot[opt.git/3.5]: python-gobject: 3.32.1 -> 3.34.011:01
cruxbot[opt.git/3.5]: python3-cairo: 1.18.1 -> 1.18.211:01
cruxbot[opt.git/3.5]: python-cairo: 1.18.1 -> 1.18.211:01
RomsterRudolph, ah or give it a capability for root level ports11:02
cruxbot[contrib.git/3.5]: python3-asn1crypto: 0.24.0 -> 1.2.011:03
cruxbot[contrib.git/3.5]: python3-Automat: 0.7.0 -> 0.8.011:03
cruxbot[contrib.git/3.5]: python-Automat: 0.7.0 -> 0.8.011:03
cruxbot[contrib.git/3.5]: python3-zope-interface: 4.6.0 -> 4.7.111:03
cruxbot[contrib.git/3.5]: python-zope-interface: 4.6.0 -> 4.7.111:03
cruxbot[contrib.git/3.5]: python-pyquery: 1.4.0 -> 1.4.111:03
cruxbot[contrib.git/3.5]: python3-cffi: 1.12.3 -> 1.13.211:03
cruxbot[contrib.git/3.5]: python-cffi: 1.12.3 -> 1.13.211:03
RomsterRudolph, setcap  CAP_NET_BIND_SERVICE /usr/sbin/oidentd11:14
Romstertry that when you are sober later on :D11:14
cruxbot[contrib.git/3.5]: minecraft-launcher: 2.1.7658 -> 2.1.961811:16
cruxbot[contrib.git/3.5]: python3-twisted: 19.7.0 -> 19.10.011:31
cruxbot[contrib.git/3.5]: python-twisted: 19.7.0 -> 19.10.011:31
cruxbot[contrib.git/3.5]: python3-pycryptodome: 3.9.0 -> 3.9.311:31
cruxbot[contrib.git/3.5]: python3-urllib3: 1.25.5 -> 1.25.711:31
cruxbot[contrib.git/3.5]: partclone: 0.3.13 -> 0.3.12 downgrade from unstable to testing11:36
cruxbot[opt.git/3.5]: chromium-pepperflash: dropped as chromium isn't in opt anymore11:44
cruxbot[opt.git/3.5]: xchat: unmaintained use hexchat instead11:44
*** obarun has quit IRC11:50
*** onodera has joined #crux12:07
*** pedja has quit IRC12:15
ryuoRomster: actually you can sandbox LXC pretty heavily. it's just easier to deploy privileged containers by default. you can easily do unprivileged where all users are mapped to high ID regions.12:19
ryuothat's the easiest aspect of sandboxing, iirc.12:20
ryuoyou can also do even more if you choose to modify seccomp.12:20
ryuoLXC, iirc, already uses it to restrict what system calls can be performed in containers.12:21
ryuostuff no container should be doing, namely the kernel module system calls and a few others.12:21
ryuoRomster: iirc, i setup the defaults for the lxc package to use privileged containers just for convenience of the end user but left some stuff to help with enable unprivileged.12:23
Romsteroh i see12:27
ryuoeven possible to setup for non-root instances.12:28
ryuogentoo is very useful for researching how to do stuff without systemd12:28
Romsteri see12:30
ryuoACTION pulls the cord on the Romster action figure. "I see."12:39
*** ryuo has quit IRC12:47
*** ryuo has joined #crux12:52
*** SiFuh has joined #crux13:13
*** SiFuh_ has quit IRC13:16
*** Anselmo has joined #crux13:21
*** pedja has joined #crux13:38
*** zimmer__Dl has joined #crux14:09
*** zimmer_Dl has quit IRC14:12
*** Ergo0 has quit IRC14:54
*** Ergo0 has joined #crux14:55
*** volinthius has quit IRC15:00
*** slek has joined #crux15:29
*** slek has quit IRC16:10
*** pedja has quit IRC16:47
*** pedja has joined #crux18:26
*** zimmer_Dl has joined #crux18:52
*** zimmer__Dl has quit IRC18:54
*** deus_ex has joined #crux19:21
*** pedja has quit IRC19:23
RudolphRomster: oh i like that idea19:40
Rudolphi'll give it a shot, thanks19:40
ryuoRudolph: which idea?19:40
Rudolph/ 719:41
ryuoRudolph: yes sir.19:41
Rudolphthey were packaging oidentd and i was testing some stuff out with it19:41
ryuoACTION cuts Rudolph into 7 pieces.19:41
*** obarun has joined #crux20:51
*** JanC_ has joined #crux21:29
*** JanC has quit IRC21:29
Rudolphis there an acme client in ports?21:56
stenurYou can have my dehydrated if you want.  It works flawlessly for four years i think now.22:01
stenurJust updated it twice (new protocol, and adjusted for HTTP/2 that curl uses if exists: lowercase letters).22:01
Rudolphyeah, that was going to be my fallback. i use it on my git server and afaik haven't had any issues with it22:01
stenurIt is an old version, when it was still called letsencrypt.22:02
ryuoRudolph: none that was maintained that i can tell; apache has a client for it though?22:02
Rudolphoh, i use nginx22:02
Rudolphdehydrated works, i just wanted to make sure there wasn't anything more official22:02
stenurMaybe i should make a port with nice config README.  My old one is just 37 KB.22:03
dlcusa[xfce_4.14/exo updated 0.12.8 -> 0.12.9]22:23
dlcusa[xfce_4.14/parole updated 1.0.4 -> 1.0.5]22:24
dlcusa[xfce_4.14/thunar updated 1.8.10 -> 1.8.11]22:25
*** onodera has quit IRC23:12
*** junland has quit IRC23:59

Generated by 2.14.0 by Marius Gedminas - find it at!