LeePen | amesser: how is your testing of tomcat9 going? | 08:58 |
---|---|---|
jaromil | from maemo-leste a heads up and question about this bug: https://bugs.devuan.org/cgi/bugreport.cgi?bug=353 | 11:40 |
jaromil | any takers? (thanks Evilham for filing it!) | 11:40 |
Evilham | I didn't file it btw | 11:49 |
jaromil | ah was confused | 11:50 |
jaromil | you are the package maintainer | 11:50 |
jaromil | do you think you can handle this? | 11:50 |
jaromil | AFAIK there are no devuan specific flags so the last remark about checking can be satisfied | 11:51 |
Evilham | I got interrupted before finishing replying, sorry | 12:26 |
Evilham | doesn't this get "fixed" on beowulf by not having lsb-release be different? | 12:28 |
Evilham | oh I see, yeah, that's an issue | 12:33 |
Evilham | I'm unsure I'll have the time bandwidth until next week, so if you want to take a go at it, go aheadc | 12:33 |
LeePen | Evilham: I have just cloned base-files. I can have a go if you want. Codenames for unstable need updating too. | 12:51 |
Evilham | it should be just adding the line that the reporter mentioned | 13:04 |
Evilham | and compiling and testing :-D | 13:04 |
Evilham | but I can't really imagine booking the time for that this week '-.- | 13:04 |
jaromil | ack, thanks! yes LeePen go ahead if you can | 14:22 |
jaromil | maemo-leste will be presented at fosdem and a fix now will facilitate their work | 14:22 |
jaromil | indeed i also thought could be fixed by lsb-release but no | 14:23 |
LeePen | jaromil: Evilham: Fixes for #353 in unstable (10.3+devuan4) and beowulf-proposed-(10.3+devuan3.2) | 15:12 |
Evilham | LeePen: amazing, thank you, will test when pkgmaster picks it up | 15:14 |
LeePen | Debian has version 11 which I have done a test merge locally for ceres, but not pushed yet. It makes a few changes that need more review first. | 15:16 |
Evilham | yeah, but that's for chimaera | 15:16 |
Evilham | IIRC buster had just 10.3 as well | 15:17 |
Evilham | or am I misremembering? | 15:17 |
Evilham | LeePen: it's purrfakt | 15:40 |
Evilham | *purrfekt | 15:40 |
LeePen | Goodie!" | 17:43 |
Evilham | meowie | 17:46 |
fsmithred | I was away for a few minutes. What's going on? | 17:47 |
golinux | You need to get on znc. Nothing ever lost. | 17:50 |
fsmithred | yeah, I could go to doc's logs, too | 17:52 |
fsmithred | but as usual, I'm doing three things at once | 17:53 |
LeePen | Wow: fixing #353 has fixed the sawfish build failure that yeti reported a few days ago!!!!! | 18:16 |
LeePen | It makes me wonder how many of our packages are built with the wrong flags? | 18:17 |
LeePen | Possibly all? Does it matter? | 18:19 |
Evilham | \o/ | 18:24 |
jaromil | LeePen:amazing!!! \o/ | 18:26 |
Evilham | I wouldn't think it matters enough to rebuild packages just because of that, but I'm unsure tbh :-p | 18:39 |
LeePen | I suspect the hardening flags may not have been used. | 18:46 |
jaromil | I am not sure is always the case that flags are ignored | 19:00 |
LeePen | It might be worth working out if and since when they have. | 19:01 |
jaromil | reading https://wiki.debian.org/HardeningWalkthrough | 19:15 |
jaromil | script: https://raw.githubusercontent.com/mrash/fwknop/master/test/hardening-check | 19:16 |
jaromil | tested on beowulf for /usr/bin/sshd and has the hardening flags | 19:17 |
jaromil | I think only a few packages are affected | 19:17 |
jaromil | bbl | 19:20 |
LeePen | jaromil: openssh-server isn't forked in beowulf. I think it is forked binaries that need checking. | 21:18 |
Centurion_Dan | LeePen: I think #353 is something that changed for buster/beowulf so potentially any package might be effected. But also check to see how that flag is used by dpkg-buildpackage and if it has any potential to introduce systemd binary dependencies... | 22:30 |
mason | Centurion_Dan: Will we be rebuilding apt? libelogind0 is systemd even if it's renamed. | 22:37 |
mason | Centurion_Dan: Which is to say, I think we should rebuild it without that dependency. | 22:38 |
LeePen | mason: amesser has a fork of apt without libsystemd0 in his git.d.o. | 22:49 |
golinux | mason: Removing libelogind0 from packages is not a viable option. | 22:54 |
golinux | At least until we could automate the removal of libsystemd0 which is unlikely. | 22:55 |
fsmithred | mason, I did an encrypted lvm install today and tested the patch. Looks like it works. | 23:02 |
LeePen | Centurion_Dan: Thanks. I'll have a look tomorrow. | 23:23 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!