Friday, September 08, 2023
dev@conference.yunohost.org
September
Mon Tue Wed Thu Fri Sat Sun
        1
 2
 3
4
 5
 6
 7
 8
 9
 10
11
 12
 13
 14
 15
 16
 17
18
 19 20
 21
 22
 23
 24
25
 26
 27
 28
 29
 30
  
             

[14:27:12] <Yunohost Git/Infra notifications> [yunohost] 🔴 Pipeline [#996627135](https://gitlab.com/yunohost/yunohost/-/pipelines/996627135) failed on branch dev
[14:27:12] <Yunohost Git/Infra notifications> [yunohost] @alexAubin merged [pull request #1710](https://github.com/YunoHost/yunohost/pull/1710): Allow system users to send mails from IPv6 localhost.
[14:27:12] <Yunohost Git/Infra notifications> [yunohost] @orhtej2 [commented](https://github.com/YunoHost/yunohost/pull/1710#issuecomment-1710741796) on [issue #1710](https://github.com/YunoHost/yunohost/pull/1710) Allow system users to send mails from IPv6 localhost.: (Python code heavily inspired by FitTrackees e-mail system: https://github.com/SamR1/FitTrackee/blob/master/fittrackee/...
[14:27:12] <kayou> > <@Alekswag:matrix.org> @room : it's contributor's meeting oclock o/ Feel free to ask us for a link that we'll share in DM if you wanna join

may i have the link please? i don't come, but i still read the pad :)
[14:27:12] <Yunohost Git/Infra notifications> [yunohost] @alexAubin edited [pull request #1706](https://github.com/YunoHost/yunohost/pull/1706): [enh] bind heritage in config panel
[14:27:12] <Yunohost Git/Infra notifications> [yunohost/dev] Merge pull request #1710 from orhtej2/patch-1 Allow system users to send mails from IPv6 localhost. - Alexandre Aubin
[14:27:12] <Yunohost Git/Infra notifications> [yunohost] @alexAubin pushed 2 commits to dev ([e1aeacbc494d...ec6bf12a7479](https://github.com/YunoHost/yunohost/compare/e1aeacbc494d...ec6bf12a7479))
[14:27:12] <kayou> ok, i have the link in another room
[14:27:12] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/11.2.4+202309072145 for bullseye/unstable/all.
[14:27:12] <Yunohost Git/Infra notifications> [yunohost/dev] Allow system users to send mails from IPv6 localhost and in no-IP contexts. - orhtej2
[14:27:12] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/11.2.4+202309072145 for bullseye/unstable/all ...
[14:27:43] <Yunohost Git/Infra notifications> [yunohost] @Thovi98 [commented](https://github.com/YunoHost/yunohost/pull/1710#issuecomment-1711104077) on [issue #1710](https://github.com/YunoHost/yunohost/pull/1710) Allow system users to send mails from IPv6 localhost.: Thank you @orhtej2 for your help and the fix 🎉
[14:27:44] <Yunohost Git/Infra notifications> [issues] @kay0u [commented](https://github.com/YunoHost/issues/issues/2050#issuecomment-1711557111) on [issue #2050](https://github.com/YunoHost/issues/issues/2050) Support Debian 12 "Bookworm": > Look for old legacy stuff in the core that can be dropped out I can find: - [ynh_legacy_permissions_exists and ynh_le...
[14:28:28] <Yunohost Git/Infra notifications> [yunohost/update-fail2ban-jail-conf] revert important variables in fail2ban jail.conf - Kay0u
[14:28:28] <Yunohost Git/Infra notifications> [yunohost] @kay0u created new branch update-fail2ban-jail-conf
[14:28:28] <Yunohost Git/Infra notifications> [yunohost] 🔴 Pipeline [#997631282](https://gitlab.com/yunohost/yunohost/-/pipelines/997631282) failed on branch update-fail2ban-jail-conf
[14:28:28] <kayou> the `openssl.cnf` file is super old too, idk what to do
[14:28:28] <Yunohost Git/Infra notifications> [yunohost/update-fail2ban-jail-conf] Update Fail2ban jail.conf file from https://sources.debian.org/src/fail2ban/1.0.2-2/config/jail.conf/ - Kay0u
[14:28:28] <Yunohost Git/Infra notifications> [yunohost] @kay0u opened [pull request #1711](https://github.com/YunoHost/yunohost/pull/1711): Update fail2ban jail conf
[15:21:08] <orhtej2> > <@kayou:matrix.org> the `openssl.cnf` file is super old too, idk what to do

diff shows mostly comment changes between [yunohost version](https://raw.githubusercontent.com/YunoHost/yunohost/dev/conf/ssl/openssl.cnf) and [vendor version](https://raw.githubusercontent.com/openssl/openssl/master/apps/openssl.cnf)
[15:32:06] <kayou> yes, but also some new sections (`tsa` for example)
[15:35:41] <orhtej2> > <@kayou:matrix.org> yes, but also some new sections (`tsa` for example)

indeed, how did I miss that. Does this seem like something YunoHost may benefit from? I thought the point of this config is to spew self-signed certificates?
[15:39:50] <Yunohost Git/Infra notifications> [yunohost] @alexAubin [commented](https://github.com/YunoHost/yunohost/pull/1711#discussion_r1320027753) on pull request #1711 Update fail2ban jail conf: I think 10 was a feature maybe, like 5 is too harsh, too many people end up being banned and complain about it on the ...
[15:54:03] <orhtej2> that failure in yunohost CI is to be expected due to bookworm migration? It's a bit of a deadlock because `bullseye` ships `lua-rex-pcre` and `bookworm` ships `lua-rex-pcre2`. Can we switch to something's that shipped in both releases like `gnu` or `posix`?
[15:54:45] <Aleks (he/him/il/lui)> hmm
[15:54:52] <Aleks (he/him/il/lui)> actually i think it's legacy yeah
[15:54:57] <Aleks (he/him/il/lui)> let me find the relevant code
[15:55:30] <Aleks (he/him/il/lui)> https://github.com/YunoHost/SSOwat/blob/dev/helpers.lua#L30
[15:55:47] <Aleks (he/him/il/lui)> in the past, but quite a while ago, we were using LUA regexes
[15:55:51] <Aleks (he/him/il/lui)> and switched to PCRE at some point
[15:56:20] <Aleks (he/him/il/lui)> that's for the "permission" urls (which back in the days werent even called permission, but something like `protected_regexes`)
[15:56:53] <orhtej2> yeah yeah I found the code, I just wonder if other packages come with compatible API and are drop-in replacements or are there PCRE-specific features in use
[15:56:55] <Aleks (he/him/il/lui)> nowadays almost no app use the regex stuff, not even taking about the lua-type regex, so we could probably safely get rid of the lua regex thing
[16:09:38] <orhtej2> > that failure in yunohost CI is to be expected due to bookworm migration? It's a bit of a deadlock because `bullseye` ships `lua-rex-pcre` and `bookworm` ships `lua-rex-pcre2`. Can we switch to something's that shipped in both releases like `gnu` or `posix`?

I yolochanged it to `lua-rex-posix` and nothing broke so far :P
[16:11:55] <Aleks (he/him/il/lui)> aaah i didnt get that was what you meant
[16:12:29] <Aleks (he/him/il/lui)> i'm confused between string.match(), rex.match(), lua-rex-pcre, etc
[16:12:34] <Aleks (he/him/il/lui)> to me string.match() was the pcre version
[16:13:01] <orhtej2> > <@Alekswag:matrix.org> to me string.match() was the pcre version

No, that's luas built in pattern matching
[16:13:04] <Aleks (he/him/il/lui)> ah but rex is the pcre version, which is the one we want to keep and requires the apt dependency
[16:13:09] <Aleks (he/him/il/lui)> alrighty
[16:13:39] <Aleks (he/him/il/lui)> what's the difference between pcre and posix regexes then ? o_O
[16:19:00] <orhtej2> > <@Alekswag:matrix.org> what's the difference between pcre and posix regexes then ? o_O

Rege syntax itself in some corner cases I guess 🤷
[16:19:13] <Aleks (he/him/il/lui)> hmkay
[16:20:13] <Aleks (he/him/il/lui)> let's go for posix then
[16:20:19] <orhtej2> Idk, such change requires more insight than testing on my single user machine I guess
[16:20:40] <Aleks (he/him/il/lui)> i dunno, we really don't use that much regex, as said, only very few apps to use those, and maybe the core does add a few basic rules like ...
[16:20:58] <Aleks (he/him/il/lui)> https://github.com/YunoHost/yunohost/blob/dev/src/app.py#L1760
[16:21:04] <Aleks (he/him/il/lui)> those
[16:21:07] <Aleks (he/him/il/lui)> but nothing super evolved
[16:22:25] <Aleks (he/him/il/lui)> i mean at least we can yolopush the change to the bookworm branch and see how it goes
[16:22:27] <orhtej2> > <@Alekswag:matrix.org> https://github.com/YunoHost/yunohost/blob/dev/src/app.py#L1760

Yeah but that users pythons built it regex, as I understand it Lua has no built in hence third party bindings were developed
[16:23:01] <Aleks (he/him/il/lui)> those regexes are for ssowat/conf.json so they are those used by ssowat
[17:38:52] <orhtej2> > Idk, such change requires more insight than testing on my single user machine I guess

the more I read about it and the more I look at SSOWat's code and the more I look at actual lua-rex impl the less confident I am this will actually work
[17:39:41] <orhtej2> what's the process of porting over changes between `dev` and `bookworm`? If 11 and 12 are built from different branches then pushing PCRE2 on bookworm makes more sense
[17:40:58] <Aleks (he/him/il/lui)> hmmm not sure what you mean exactly but we merge dev into bookworm from time to time to keep bookworm up to date with dev
[17:42:15] <Yunohost Git/Infra notifications> @orhtej2 forked SSOwat to [orhtej2/SSOwat](https://github.com/orhtej2/SSOwat)
[17:47:11] <orhtej2> I don't get it, [`bookworm` SSOWat already depends on `lua-rex-pcre2`](https://github.com/YunoHost/SSOwat/blob/1b44ec489891cdb8501aeb1dbf34a74415e6b13d/debian/control#L10) why [CI failures](https://gitlab.com/yunohost/yunohost/-/jobs/5047229515) ?
[17:52:16] <Aleks (he/him/il/lui)> ah yes
[17:52:31] <Aleks (he/him/il/lui)> that's because the CI runs on yunohost's branch "update-fail2ban-conf-stuff"
[17:52:52] <Aleks (he/him/il/lui)> and we have some custom logic like "look for a branch with the same name in the ssowat repo, and if it doesnt exist, keep using dev"
[17:53:12] <Aleks (he/him/il/lui)> so CI jobs for `bookworm` precisely may use the `bookworm` branch of SSOwat too
[17:53:29] <Aleks (he/him/il/lui)> but the logic aint evolved and doesnt guess that update-fail2ban-conf-stuff is based on bookworm
[17:56:16] <orhtej2> where's SSOWat built anyway? can we add some tests?
[17:57:08] <orhtej2> not that I'm much of LUA programmer myself :P
[17:57:08] <Aleks (he/him/il/lui)> eeeh it's built during yunohost's CI job, but the "actual .deb build which is served" is on vinaigrette / forge2 ... what kind of test do you mean ?
[17:57:17] <orhtej2> > <@Alekswag:matrix.org> eeeh it's built during yunohost's CI job, but the "actual .deb build which is served" is on vinaigrette / forge2 ... what kind of test do you mean ?

unit tests, like run `helpers.match()` and see what happens
[17:58:35] <Aleks (he/him/il/lui)> i guess the easiest way forward for this would be github actions/workflows
[17:58:45] <Yunohost Git/Infra notifications> [SSOwat] @orhtej2 opened [pull request #221](https://github.com/YunoHost/SSOwat/pull/221): Fix helper for bookworm.
[17:58:53] <orhtej2> > <@yunohostinfra:matrix.org> [SSOwat] @orhtej2 opened [pull request #221](https://github.com/YunoHost/SSOwat/pull/221): Fix helper for bookworm.

Like this could have been prevented I guess
[17:59:05] <Aleks (he/him/il/lui)> but keep in mind we're in the process of refactoring ssowat here https://github.com/YunoHost/SSOwat/pull/217 so uh imho any such kind of work should be based on the new version
[17:59:44] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin pushed 2 commits to bookworm ([1b44ec489891...809a2a93b60a](https://github.com/YunoHost/SSOwat/compare/1b44ec489891...809a2a93b60a))
[17:59:49] <Yunohost Git/Infra notifications> [SSOwat/bookworm] Fix helper for bookworm. - orhtej2
[17:59:51] <orhtej2> https://aria.im/_matrix/media/v1/download/circledsquareroot.ovh/ec50f42fde0786c34832908f6ab8269629b11a3ca33c9fc8c89810524c1ddd2c
[17:59:55] <orhtej2> say no more
[17:59:56] <Yunohost Git/Infra notifications> [SSOwat/bookworm] Merge pull request #221 from orhtej2/pcre2 Fix helper for bookworm. - Alexandre Aubin
[17:59:56] <Aleks (he/him/il/lui)> xD
[17:59:56] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin merged [pull request #221](https://github.com/YunoHost/SSOwat/pull/221): Fix helper for bookworm.
[17:59:58] <Aleks (he/him/il/lui)> yeah there's not even an helpers.lua anymore
[18:00:29] <Aleks (he/him/il/lui)> though it would be useful to keep some stuff factorized if we really do want testing
[18:00:29] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/12.0.0+202309081800 for bookworm/unstable/all ...
[18:01:20] <Aleks (he/him/il/lui)> but hmpf we are almost discussing getting rid of ssowat / lua-middleware entirely and pondering about using the `auth_request` stuff in nginx to handle the auth/ACL logic entirely from python ... i dunno, still have to think a lot about it
[18:01:25] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/12.0.0+202309081800 for bookworm/unstable/all.
[18:04:32] <Aleks (he/him/il/lui)> lua is hell, but the nice thing about the lua middleware thing is that it doesnt depend on a daemon, and i'm kind of paranoid about minimizing the number of daemons to avoid stuff like "X got killed because of OOM" or "X doesnt start anymore because the admins yolo-installed stuff globally using pip install and some random lib conflict makes everything explode"
[18:06:09] <Aleks (he/him/il/lui)> #bigdecisions
[18:07:03] <Aleks (he/him/il/lui)> Same goes for the new portal UI, we went for a SPA for now + the new portal API but maybe we should have like a flask app with a daemon hmff
[20:31:03] <Yunohost Git/Infra notifications> [yunohost] @kay0u [commented](https://github.com/YunoHost/yunohost/pull/1711#discussion_r1320311819) on pull request #1711 Update fail2ban jail conf: suggestion maxretry = 10
[20:31:16] <Yunohost Git/Infra notifications> [yunohost] @kay0u pushed 1 commit to update-fail2ban-jail-conf: set maxretry to 10 ([2bd3dd2b](https://github.com/YunoHost/yunohost/commit/2bd3dd2bba93ec414b368d308d7684ca1ca3591b))
[20:35:53] <Yunohost Git/Infra notifications> [yunohost] 🔴 Pipeline [#998028732](https://gitlab.com/yunohost/yunohost/-/pipelines/998028732) failed on branch update-fail2ban-jail-conf
[21:13:56] <Yunohost Git/Infra notifications> [yunohost] @kay0u pushed 1 commit to bookworm: backup/restore tests from 11.2 ([e77e9a0a](https://github.com/YunoHost/yunohost/commit/e77e9a0a9a804241159468b0024fbcf3e6801a40))
[21:15:21] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.0.0+202309082115 for bookworm/unstable/all ...
[21:16:21] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.0.0+202309082115 for bookworm/unstable/all.
[21:34:55] <Yunohost Git/Infra notifications> [issues] @kay0u edited [issue #2050](https://github.com/YunoHost/issues/issues/2050): Support Debian 12 "Bookworm"
[21:48:10] <Yunohost Git/Infra notifications> [yunohost] @kay0u pushed 1 commit to bookworm: do not skip tests from 11.2 ([aed8ecb6](https://github.com/YunoHost/yunohost/commit/aed8ecb64594f71c0340a172b7bb8fb6ca2d82ed))
[21:50:46] <Yunohost Git/Infra notifications> [yunohost] @alexAubin pushed 4 commits to bookworm ([aed8ecb64594...a16f54ea962b](https://github.com/YunoHost/yunohost/compare/aed8ecb64594...a16f54ea962b))
[21:50:46] <Yunohost Git/Infra notifications> [yunohost] @alexAubin merged [pull request #1711](https://github.com/YunoHost/yunohost/pull/1711): Update fail2ban jail conf
[21:50:49] <Yunohost Git/Infra notifications> [yunohost] @kay0u pushed 2 commits to bookworm ([a16f54ea962b...ea981ee4a614](https://github.com/YunoHost/yunohost/compare/a16f54ea962b...ea981ee4a614))
[21:50:50] <Yunohost Git/Infra notifications> [yunohost] @alexAubin deleted branch update-fail2ban-jail-conf
[21:50:52] <Yunohost Git/Infra notifications> [yunohost/bookworm] revert important variables in fail2ban jail.conf - Kay0u
[21:50:57] <Yunohost Git/Infra notifications> [yunohost/bookworm] set maxretry to 10 - Kayou
[21:50:57] <Yunohost Git/Infra notifications> [yunohost/bookworm] typo - Kay0u
[21:50:58] <Yunohost Git/Infra notifications> [yunohost/bookworm] Merge branch bookworm of github.com:YunoHost/yunohost into bookworm - Kay0u
[21:51:00] <Yunohost Git/Infra notifications> [yunohost/bookworm] Merge pull request #1711 from YunoHost/update-fail2ban-jail-conf Update fail2ban jail conf - Alexandre Aubin
[21:51:38] <Yunohost Git/Infra notifications> [yunohost] 🔴 Pipeline [#998059768](https://gitlab.com/yunohost/yunohost/-/pipelines/998059768) failed on branch bookworm
[22:00:52] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.0.0+202309082200 for bookworm/unstable/all ...
[22:01:44] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.0.0+202309082200 for bookworm/unstable/all.
[23:20:30] <Yunohost Git/Infra notifications> [yunohost] 🔴 Pipeline [#998074978](https://gitlab.com/yunohost/yunohost/-/pipelines/998074978) failed on branch bookworm