XSF Discussion - 2019-01-08

Guus: that's provided by a package in Debian

If you build it from source you likely need to pass the path to the root keys yourself

Also, cloning a repo in a build script? Ugh

Zash, that’s not the worst that thing does :D

there’s a sed invocation in there

"there’s a sed invocation in there" -- jonas’' standard answer

jonas’: I'm looking forward to your talk "sed - and when not to use it"

Zash: 0 slides.

Ge0rG, nah, I officially stated that you don’t wanna implement SCRAM in sed

jonas’: you take awk for that?

no, I don’t believe in awk

I only believe in grep and sed

never got around to learn awk (or even cut for that matter)

I knew regular expressions well before I knew bash

Zash, could you help out please?

I used to have a printout of http://ars.userfriendly.org/cartoons/?id=19990815 in my army locker.

Guus: How?

Zash: adjust this script to install luaunbound + the desired root key

https://github.com/xmpp-observatory/xmppoke/blob/master/Dockerfile

Ge0rG was in the army? 😱

Guus: not a real army, just Bundeswehr

But Docker? :(

1. Make it work

2. Make it right

(also, Docker was requested by iteam for easy deployment, iirc)

You want horrible but working? `dig dnskey . > root.keys`

Securely obtaining root key material is an entire project of its own

securely obtain them on your PC, type "echo $KEY > root.keys" into the dockerfile

guys, I do not know what this all means. Can one of you please do a PR with the required changes?

add dns-root-data to the apt line

and add -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' to CFLAGS when building luaunbound

is this the right commit to use? b4b293593d0ef64d623a54a8b8d2c1dea4c5e870

No

That's from 2015

ok, latest/greatest then? 8356eb09ebaa ?

Why even clone? Dowloading all history serves absolutely no purpose if you're just going to throw it all away and rebuild it from scratch next time

Everything about this is horrifying

Zash - at this point, I settle for 'horrifying, but functional'

as soon as we get it to work, I'm perfectly happy to wait for someone to improve things

but as things are, we have a broken system, with hardly anyone able to spend time on to get it back to work.

Even the tarballs like https://code.zash.se/luaunbound/archive/RRRRRRRRRRR.tar.gz would make more sense

Ping Alex, what's the status of the Q1 membership election?

Zash, how do I properly pass arguments to CFLAGS? (i'm a java guy)

escape the space

this does not compile: CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' make ✏

like that?

That should work

oh, that was an unintentional correction of my first message.

ok

I think if you single-quote the doublequotes, they might become part of the variable

but it depends on where you embed that. Either way, you don't need those ""

Not?

Ge0rG, not?

isn’t this supposed to become a C string?

I don’t expect the C compiler to add "" to a -D

Oh, wait

yes, ignore everything I said.

I tested before I added all those quotes

I'm not awake (yet).

Package lua-5.2 was not found in the pkg-config search path. Perhaps you should add the directory containing `lua-5.2.pc' to the PKG_CONFIG_PATH environment variable No package 'lua-5.2' found

I'm guessing the first argument is now ignored?

Pass LUA_VERSION=5.1

how?

export LUA_VERSION=5.1 <-- like that?

It's a variable just like CFLAGS

ok, so: LUA_VERSION=5.1 CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' make

?

Don't think you need the path then

should be enough with `LUA_VERSION=5.1 CFLAGS='-DIANA_ROOT_TA_FILE="/usr/share/dns/root.ds"'`

trying that...

And does the file exist?

slightly different fail: https://pastebin.com/wY7nNgaq

Try passing them as arguments to make instead of as env variables

make LUA_VERSION=5.1 CFLAGS='-DIANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' <-- ?

As in, `make LUA_VERSION=5.1 CFLAGS='...'`

yes

attempting...

MattJ: Assuming that package is installed, it should be: https://packages.debian.org/sid/all/dns-root-data/filelist

interestingly, the make install does this differently : make LUA_LIBDIR=/usr/local/lib/lua/5.1/ install

new error: https://pastebin.com/jzFKvyMx

What

Can't what

So you can't pass stuff to be merged into CFLAGS?

I have no clue what I'm doing.

Fighting Make

I never worked with lua before, I hardly ever touched make.

`make lua work`

Guus: Ok, go back to passing the path but also do it as argument

make LUA_VERSION=5.1 CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"'

To

Now I get an infinite list of compiler errors

aaaah `make -B LUA_VERSION=5.1 CFLAGS='-fPIC -I/usr/include/lua5.1 -DIANA_ROOT_TA_FILE=\"/usr/share/dns/root.ds\"'`

Seven layers of escape hell

awesome, now make install fails 🙂

Why is it doing both that and copying it to ../util/ ?

I do not know

Try removing make install and copy it to ../ instead

that makes it pass, but makes the installation of verse (next Docker RUN) fail. I did comment some other steps to save some time though

or does that RUN depend on the environment variables that we're now no longer setting?

Which one?

RUN cd verse && ./configure && make && make install

Pretty sure the scope of variables like that is just that single command

hmm, maybe I commented something that was important

I'm retrying the entire script now

(which takes a while)

Successfully built 7322db74fe69

yey!

let's see if this fixes the bogus dnssec thingy

Didn't forget the debian package with the keys?

suggestions for a domain to test?

I added one package to the apt-get install line

the one you suggested.

Ought to work then

I have DNSSEC+DANE on my domain, zash.se, but I get a bit annoyed from the security alerts triggered by the test

Is the Retest link just a simple GET?

Probably getting triggered by web crawlers all the time

Tests appear to not even start now

test starts are a POST

bah, the poker process exits with exit code 1

whatever that means.

The 'Retest' link on individual result pages go to https://xmpp.net/submit.php?domain=DOMAIN&type=server

Guus, you can test search.jabber.network

(s2s)

no wait, that domain doesn’t have DNSSEC

but dreckshal.de should do

I currently can't test anything

it has DNSSEC and needs properly working SRV

sure, but when you need a target, you can use that

> Zash> Probably getting triggered by web crawlers all the time This ^

Zash, ouch

that needs fixing

and explains *a lot*

Indeed - kindly raise an issue in github

I don’t have my GH credentials at hand

Jonas', any idea how I can debug the poker?

or increase log output?

Can it still be run as a CLI script?

Guus, sorry, -EBUSY

Guus: https://github.com/xmpp-observatory/xmppoke/issues/5

tx

Zash does this make sense to you? https://pastebin.com/1uG7ntvA

(That's my attempt at running it at the command line, unsure if I did that right)

Guus: remove "util." from that

util is only in the output

the command I issued was: luajit /opt/xmppoke/xmppoke.lua --mode=server --capath=/etc/ssl/certs/ca-certificates.crt -v -d=15 jabber.org

Somewhere in the source, there will be `require"util.lunbound"`

not in the xmppoke sources, it appears.

maybe a third party project?

https://code.zash.se/luaunbound-prosody/ probably, but I don't see where it fetches that

That stuff was split out into its own repo

a local file xmpppoke.lua has it

so, where's that in source...

https://github.com/xmpp-observatory/xmppoke/blob/master/squishy#L6

https://github.com/xmpp-observatory/xmppoke/blob/master/squishy#L8

Yeah, I don't know how to fix that.

Point it to https://code.zash.se/luaunbound-prosody/ and some more recent commit probably?

that got me to the next error: https://pastebin.com/Jscjys6f

It's right there: https://github.com/xmpp-observatory/xmppoke/blob/master/ciphertable.lua

how do I tell the code that? 😃

jonas’, https://github.com/xsf/xmpp.org/pull/501

LGTM, but I don’t have my credentials here

k

wait, it matters from what directory I execute luajit?

Guus, it might if what you’re running tries to import stuff which only exists in some directory

okay

so, If I execute from /opt/xmppoke, and move lunbind.so from /utils to the parent dir, something starts but reports a database error

that's likely my setup

yeah, it wants to connect to the postgresql thing

you should be able to make it work completely when you use my docker-compose thing

And that's where it stopped being useful as a CLI tool :(

right

okay... giving this another try...

but I can’t really give support for the compose setup right now

I have compose set up, somewhat

Can I run away and hide from database issues now please?

but I had to go CLI to figure out what the error was.

You can run, but you cannot hide.

Thanks for your help though 🙂

success!

ÄNTLIGEN

Eindelijk!

fhpprff!

https://github.com/xmpp-observatory/xmppoke/pull/6

let's tackle that POST issue too...

https://github.com/xmpp-observatory/xmppoke-frontend/pull/6

I'm declaring absolute and total succes.

those who disagree shall receive git commit access.

\o/

o/

Yay!

Thanks Guus

Guus, don't make it that simple to get git access

Let it be said that those who complains gets to fix it

I wonder what this does for the load on that machine

hmm, maybe we could also have added robots.txt

Feel free to PR

Though POST is probably more effective ✏

pep.: more effective in which way

Web robots aren't supposed to do POST requests

GET requests aren't supposed to have any effects

Also, as you questioned my absolute and total success: tag, you're it.

oli, less likely that bots do POST indeed, even if they ignore robots.txt

Zash [12:16]: > Web robots aren't supposed to do POST requests Spam bots will POST every form they see with garbage.

I guess we'll see..

If I continue receiving alerts after that

you can put a captcha...

please don't

;)

GET is for getting stuff, POST for posting

Ge0rG, sure, but that’s still better than having a standard search engine bot triggering insane amounts of xmpp.net tests because the submit action is a GET

Salvation is upon us!

At least with search engine bots it's unintentional

jonas’: I fully agree

really self ping is in last call?

bit short timeframe to give for clients to implement but ok

lovetox: we have two implementations, and it's a godsend.

LC doesn’t need implementations

CFE needs implementations

lovetox: if you aren't on the train yet, your own fault

whats cfe?

lovetox, to Final

(as opposed as to Draft)

so thing that never happend since i joined xmpp and probably never will :D

I joined the xmpp-observatory org on github, but maybe I shouldn't have. More work for me now. Guus was that related to my comment about robots.txt? :)

pep.: That, and my promise. 😉

> Also, as you questioned my absolute and total success: tag, you're it. (This)

hah

I'm more of a RIIR person. But then real life comes in the way and nothing gets done