Friday, December 29, 2023
apps@conference.yunohost.org
December
Mon Tue Wed Thu Fri Sat Sun
        1
 2
 3
4
 5
 6
 7
 8
 9
 10
11 12 13
 14
 15
 16
 17
18
 19
 20
 21
 22
 23
 24
25
 26
 27
 28
 29
 30
 31
             

[01:44:43] <Yunohost Git/Infra notifications> [apps] @yunohost-bot opened [pull request #1941](https://github.com/YunoHost/apps/pull/1941): Add SourceHut to wishlist
[01:44:43] <Yunohost Git/Infra notifications> [apps] @yunohost-bot pushed 1 commit to add-to-wishlist-sourcehut: Add SourceHut to wishlist ([3754c2d4](https://github.com/YunoHost/apps/commit/3754c2d4d2a4a419c3e2a87dfda9a3bc031dae6d))
[01:44:43] <Yunohost Git/Infra notifications> [apps] @yunohost-bot created new branch add-to-wishlist-sourcehut
[12:57:28] <Mateusz Szymański> ffs, I created OpenSSL cnf for localhost and CSR generated is for domain.tld. WTF?
[13:20:11] <Mateusz Szymański> > <@orhtej2:matrix.org> ffs, I created OpenSSL cnf for localhost and CSR generated is for domain.tld. WTF?

ah but I'm stupid, I reconfigured `dovecot` while I should have been fighting `postfix` all along
[13:49:43] <Mateusz Szymański> > <@orhtej2:matrix.org> ah but I'm stupid, I reconfigured `dovecot` while I should have been fighting `postfix` all along

I'm super confused, are self-signed certs isued by YNH considered valid when checking on `localhost`? One would assume they are given they're signed by root CA set on YNH server

[13:58:50] <Aleks (he/him/il/lui)> uuuuuuh, no we don't really create a certificate for `localhost` ever, localhost has a different meaning depending on the machine, i mean, you're not type `https://localhost` in a browser to reach another machine ...
[14:31:54] <Mateusz Szymański> > <@Alekswag:matrix.org> uuuuuuh, no we don't really create a certificate for `localhost` ever, localhost has a different meaning depending on the machine, i mean, you're not type `https://localhost` in a browser to reach another machine ...

yeeeah well yes but actually no or smth :P I want a valid cert for localhost only reachable from localhost so that if I `telnet localhost:25` I can have secure TLS session with cert matching the host
[14:32:17] <Aleks (he/him/il/lui)> dafuq
[14:32:19] <Mateusz Szymański> or else I need to patch every single app that wants to use mail as app users are only allowed to connect to `localhost`
[14:32:51] <Aleks (he/him/il/lui)> what about using the explicit domain name ? 😬
[14:33:11] <Mateusz Szymański> ```
---
Server certificate
subject=CN = localhost

issuer=CN = circledsquareroot.ovh, O = circledsquareroot

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2688 bytes and written 414 bytes
Verification: OK
---
```

I'm getting there :P
[14:33:51] <Mateusz Szymański> > <@Alekswag:matrix.org> what about using the explicit domain name ? 😬

as expemplified by Friendica IIRC connections to `domain.tld` originate from public IP rather than 127.0.0.1
[14:34:00] <Mateusz Szymański> (or that depends on software stack?)
[14:35:50] <Aleks (he/him/il/lui)> that depends on what `domain.tld` resolves to in the context yeah
[14:36:47] <Mateusz Szymański> you're saying simple fix of adding domain.tld 127.0.0.1 to resolv.conf would do the trick?
[14:36:48] <Aleks (he/him/il/lui)> supposedly the main domain should resolve to 127.0.0.1 because we tweak it here https://github.com/YunoHost/yunohost/blob/dev/hooks/conf_regen/43-dnsmasq#L84
[14:36:58] <Aleks (he/him/il/lui)> ah actually that's the "short hostname" wtf
[14:37:26] <Mateusz Szymański> ```
root@circledsquareroot:/etc/yunohost/certs/localhost# ping circledsquareroot.ovh
PING circledsquareroot.ovh(circledsquareroot.ovh (fe80::aab1:6f39:de3f:78f9%eth0)) 56 data bytes
64 bytes from circledsquareroot.ovh (fe80::aab1:6f39:de3f:78f9%eth0): icmp_seq=1 ttl=64 time=0.067 ms
```
[14:37:29] <Mateusz Szymański> not rly
[14:37:39] <Aleks (he/him/il/lui)> zgrbmfl
[14:38:15] <eric_G> I thinking about reverting the PR on PeerTube 🤔
[14:38:21] <Aleks (he/him/il/lui)> what's the big deal ?
[14:38:43] <Mateusz Szymański> ```
root@circledsquareroot:/etc/yunohost/certs/localhost# ping circledsquareroot
PING circledsquareroot (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.054 ms
```

Ah, short hostname :/
[14:38:54] <Aleks (he/him/il/lui)> > <@orhtej2:matrix.org> not rly

i'm trying to think wether or not we should add every domain to /etc/hosts :| I always forgot why we don't do this in the first place
[14:39:47] <Mateusz Szymański> > <@ericg:matrix.org> I thinking about reverting the PR on PeerTube 🤔

https://github.com/YunoHost-Apps/peertube_ynh/issues/405 <- ?
Some wrong setting in `nginx.conf` perhaps?
[14:40:18] <Mateusz Szymański> > <@Alekswag:matrix.org> i'm trying to think wether or not we should add every domain to /etc/hosts :| I always forgot why we don't do this in the first place

that would be something, and probably more elegant solution than me issuing a cert for `lolcathost`
[14:41:33] <Mateusz Szymański> do we actually have a list of well-known subdomains? line `ns`, `xmpp-upload` etc
[14:46:16] <Yunohost Git/Infra notifications> [apps] @oufmilo opened [pull request #1942](https://github.com/YunoHost/apps/pull/1942): Update apps.toml (iceshrimp)
[14:48:33] <Mateusz Szymański> > <@Alekswag:matrix.org> i'm trying to think wether or not we should add every domain to /etc/hosts :| I always forgot why we don't do this in the first place

listing Castopod domain in hosts file actually fixes the mail https://media.giphy.com/media/5GoVLqeAOo6PK/giphy.gif
[14:51:36] <Aleks (he/him/il/lui)> yeah so i think we so far don't do it because it is "not that trivial" .. ie adding the line is easy, but if a domain gets removed, you want to remove the line ... which actually maybe we can do a simple `sed '/foobar.tld/d'` idk
[14:52:12] <Aleks (he/him/il/lui)> the point is you can't easily handle /etc/hosts using the regen-conf workflow etc
[14:52:28] <Aleks (he/him/il/lui)> there's no support for say a `/etc/hosts.d/`
[14:52:54] <Aleks (he/him/il/lui)> but as said maybe we could do it brutally with `sed`s x_x
[14:54:52] <Aleks (he/him/il/lui)> Mateusz Szymański: trying to summarize to be sure I understand clearly
- you are trying to configure mail on an app
- the most obvious "host" field would be "localhost", but then the app wants to use TLS and the certificate is not valid and the app doesn't provide a way to ignore the validity of the certificate ?
- then the next obvious value is "the.domain.tld" but this one is not pratical either becauuuuse (?)
[14:58:23] <orhtej2> > <@Alekswag:matrix.org> Mateusz Szymański: trying to summarize to be sure I understand clearly
> - you are trying to configure mail on an app
> - the most obvious "host" field would be "localhost", but then the app wants to use TLS and the certificate is not valid and the app doesn't provide a way to ignore the validity of the certificate ?
> - then the next obvious value is "the.domain.tld" but this one is not pratical either becauuuuse (?)

@3 because the.domain.tld resolves to external ip and we configured dovecot to only allow app users to connect from localhost
[14:59:35] <Aleks (he/him/il/lui)> ogod okay
[15:00:05] <Aleks (he/him/il/lui)> *check notes*
[15:00:08] <Aleks (he/him/il/lui)> ah yes, here it is :
[15:00:18] <Aleks (he/him/il/lui)> https://botsin.space/@scream
[15:04:14] <Yunohost Git/Infra notifications> [apps] @alexAubin [commented](https://github.com/YunoHost/apps/pull/1942#issuecomment-1872153556) on [issue #1942](https://github.com/YunoHost/apps/pull/1942) Update apps.toml (iceshrimp): Hmmokay but its not clear if its working, I cant see any PR or tests on ci-apps-dev ... did you test it locally ? Can...
[15:08:11] <Aleks (he/him/il/lui)> i guess we could legit create a certificate for localhost 🤦
[15:10:18] <lapineige> > <@ericg:matrix.org> I thinking about reverting the PR on PeerTube 🤔

Before we can make extensive testing, I'd be in favor of this. This is clearly an app where CI-only isn't enough
[15:18:12] <Mateusz Szymański> > <@Alekswag:matrix.org> i guess we could legit create a certificate for localhost 🤦

so far I was able to create one trusted by OpenSSL but not by CURL for some reason
[15:19:23] <Yunohost Git/Infra notifications> [apps] @oufmilo [commented](https://github.com/YunoHost/apps/pull/1942#issuecomment-1872163853) on [issue #1942](https://github.com/YunoHost/apps/pull/1942) Update apps.toml (iceshrimp): In progress ... 😄 https://github.com/YunoHost-Apps/iceshrimp_ynh/pull/4/
[15:26:36] <Aleks (he/him/il/lui)> > <@orhtej2:matrix.org> so far I was able to create one trusted by OpenSSL but not by CURL for some reason

omg yes curl has some epic issue with certs that I noticed in some super werid build stuff
[15:26:54] <Aleks (he/him/il/lui)> i legit lost 50 mental health point trying to debug it and it somewhat vanished randomly and no clue wtf
[15:27:59] <Aleks (he/him/il/lui)> and it was about like, *external* certificates
[15:28:10] <Aleks (he/him/il/lui)> wget was happy about it, but not curl
[15:28:11] <Aleks (he/him/il/lui)> ¯\_(ツ)_/¯
[16:20:01] <Yunohost Git/Infra notifications> [apps] @yunohost-bot opened [pull request #1943](https://github.com/YunoHost/apps/pull/1943): Add Magnetico to wishlist
[16:20:01] <Yunohost Git/Infra notifications> [apps] @yunohost-bot pushed 1 commit to add-to-wishlist-magnetico: Add Magnetico to wishlist ([235fc0b8](https://github.com/YunoHost/apps/commit/235fc0b8627edc433276ffff5b1b85f304c6acf4))
[16:20:02] <Yunohost Git/Infra notifications> [apps] @yunohost-bot created new branch add-to-wishlist-magnetico
[16:24:48] <rodinux> I think I can add a config file for personalisations in the `$data_dir/data/` folder without breaking the code with this PR https://github.com/YunoHost-Apps/paheko_ynh/pull/50
Should I improve this code ? Do you agree ?
[16:26:50] <Yunohost Git/Infra notifications> [apps] @ericgaspar [commented](https://github.com/YunoHost/apps/pull/1943#issuecomment-1872202608) on [issue #1943](https://github.com/YunoHost/apps/pull/1943) Add Magnetico to wishlist: Doubt someone will package what seems to be an abandoned an app
[16:29:17] <Yunohost Git/Infra notifications> [apps] @alexAubin closed [pull request #1943](https://github.com/YunoHost/apps/pull/1943): Add Magnetico to wishlist
[16:29:18] <Yunohost Git/Infra notifications> [apps] @alexAubin deleted branch add-to-wishlist-magnetico
[16:50:56] <eric_G> mmh... so I reverted #391 commit made to master on PeerTube. How do I get https://github.com/YunoHost-Apps/peertube_ynh/pull/391 to a new branch 🤔
[16:51:25] <Tag> Huh I guess you'll need CLI
[16:51:57] <Tag> git checkout <commit sha> and then git checkout -b <new branch name>
[16:52:13] <Tag> something like that
[17:00:37] <Yunohost Git/Infra notifications> [apps] @yunohost-bot opened [pull request #1944](https://github.com/YunoHost/apps/pull/1944): Update app levels according to CI results
[17:00:37] <Yunohost Git/Infra notifications> [apps] @yunohost-bot pushed 1 commit to update_app_levels: Update app levels according to CI results ([72fb45aa](https://github.com/YunoHost/apps/commit/72fb45aae211052659a09a534e88dea7e57f4bbf))
[17:00:38] <Yunohost Git/Infra notifications> [apps] @yunohost-bot created new branch update_app_levels
[17:04:05] <eric_G> > <@tag:lostpod.me> git checkout <commit sha> and then git checkout -b <new branch name>

bon, j'ai failed :/
[17:05:11] <Tag> j'essaye de te faire ça
[17:10:43] <Tag> eric_G: https://github.com/YunoHost-Apps/peertube_ynh/tree/testing-old
[17:13:52] <eric_G> thanks!
[17:16:25] <Tag> eric_G: Oh, this will not work... please wait a bit more
[17:18:37] <Tag> voilà https://github.com/YunoHost-Apps/peertube_ynh/pull/408
[17:29:42] <Yunohost Git/Infra notifications> [apps] @oufmilo [commented](https://github.com/YunoHost/apps/pull/1942#issuecomment-1872234740) on [issue #1942](https://github.com/YunoHost/apps/pull/1942) Update apps.toml (iceshrimp): Failure because the application is not flagged as working in YunoHosts apps catalog ?
[17:31:36] <Yunohost Git/Infra notifications> [apps] @alexAubin [commented](https://github.com/YunoHost/apps/pull/1942#issuecomment-1872235634) on [issue #1942](https://github.com/YunoHost/apps/pull/1942) Update apps.toml (iceshrimp): [alrighty-then](https://github.com/YunoHost/apps/assets/4533074/218844a2-a73c-4d74-a066-2acedbed8cab)
[17:31:39] <Yunohost Git/Infra notifications> [apps] @alexAubin merged [pull request #1942](https://github.com/YunoHost/apps/pull/1942): Update apps.toml (iceshrimp)
[17:31:39] <Yunohost Git/Infra notifications> [apps] @alexAubin pushed 2 commits to master ([a78b586b15f0...694a3d26c5eb](https://github.com/YunoHost/apps/compare/a78b586b15f0...694a3d26c5eb))
[17:31:43] <Yunohost Git/Infra notifications> [apps/master] Update apps.toml - oufmilo
[17:31:47] <Yunohost Git/Infra notifications> [apps/master] Merge pull request #1942 from oufmilo/patch-6 Update apps.toml (iceshrimp) - Alexandre Aubin
[17:51:13] <lapineige> After such a revert, what will happen for end users ? Will they come back to the previous version ?
[17:52:34] <eric_G> > After such a revert, what will happen for end users ? Will they come back to the previous version ?

they will not get a buggy update 😶‍🌫️
[17:52:51] <Tag> And the ones who did will have to restore the backup
[17:53:03] <lapineige> Yeah that's very important. Just wondering about the one who already did it 🤔
[17:53:32] <eric_G> and they will have to wait looooong time before having a new update 😬
[17:54:08] <lapineige> > <@ericg:matrix.org> and they will have to wait looooong time before having a new update 😬

That never were a big deal, let's take the time needed 🙂
[17:54:44] <eric_G> we just need someone to work on it 🫠
[17:55:11] <lapineige> (Ah merci Tag, j'avais pas vu ton `testme`)
[17:55:27] <lapineige> > <@ericg:matrix.org> we just need someone to work on it 🫠

I'm trying it, the issue is that I don't understand what is the problem…
[17:56:05] <lapineige> By the way I've got 2 Peertube instances, one not being a very touchy production server, so I can provide some manual testings 🙂
To me for such an app any major upgrade *should be manually tested, at least with video uploads*.
[22:19:27] <Yunohost Git/Infra notifications> [apps] @OniriCorpe [commented](https://github.com/YunoHost/apps/pull/1926#issuecomment-1872368837) on [issue #1926](https://github.com/YunoHost/apps/pull/1926) Add JItsi BRoadcasting Infrastruct to wishlist: it looks really cumbersome to setup and very hacky, so Im not sure its worth spending so much energy on a package that...
[22:20:04] <Yunohost Git/Infra notifications> [apps] @OniriCorpe [commented](https://github.com/YunoHost/apps/pull/1926#issuecomment-1872368837) on [issue #1926](https://github.com/YunoHost/apps/pull/1926) Add JItsi BRoadcasting Infrastruct to wishlist: it looks really cumbersome to setup and very hacky, so Im not sure its worth spending so much energy on a package that...
[22:21:32] <Yunohost Git/Infra notifications> [apps] @OniriCorpe [commented](https://github.com/YunoHost/apps/pull/1913#discussion_r1438430961) on pull request #1913 Add Gophish to wishlist: oof yes