XSF Discussion - 2019-01-08


  1. MattJ

    Guus: that's provided by a package in Debian

  2. Zash

    If you build it from source you likely need to pass the path to the root keys yourself

  3. Zash

    Also, cloning a repo in a build script? Ugh

  4. jonas’

    Zash, that’s not the worst that thing does :D

  5. jonas’

    there’s a sed invocation in there

  6. Ge0rG

    "there’s a sed invocation in there" -- jonas’' standard answer

  7. Zash

    jonas’: I'm looking forward to your talk "sed - and when not to use it"

  8. Ge0rG

    Zash: 0 slides.

  9. jonas’

    Ge0rG, nah, I officially stated that you don’t wanna implement SCRAM in sed

  10. Ge0rG

    jonas’: you take awk for that?

  11. jonas’

    no, I don’t believe in awk

  12. jonas’

    I only believe in grep and sed

  13. jonas’

    never got around to learn awk (or even cut for that matter)

  14. jonas’

    I knew regular expressions well before I knew bash

  15. Guus

    Zash, could you help out please?

  16. Ge0rG

    I used to have a printout of http://ars.userfriendly.org/cartoons/?id=19990815 in my army locker.

  17. Zash

    Guus: How?

  18. Guus

    Zash: adjust this script to install luaunbound + the desired root key

  19. Guus

    https://github.com/xmpp-observatory/xmppoke/blob/master/Dockerfile

  20. Guus

    Ge0rG was in the army? 😱

  21. Ge0rG

    Guus: not a real army, just Bundeswehr

  22. Zash

    But Docker? :(

  23. Guus

    1. Make it work

  24. Guus

    2. Make it right

  25. Guus

    (also, Docker was requested by iteam for easy deployment, iirc)

  26. Zash

    You want horrible but working? `dig dnskey . > root.keys`

  27. Zash

    Securely obtaining root key material is an entire project of its own

  28. Ge0rG

    securely obtain them on your PC, type "echo $KEY > root.keys" into the dockerfile

  29. Guus

    guys, I do not know what this all means. Can one of you please do a PR with the required changes?

  30. Zash

    add dns-root-data to the apt line

  31. Zash

    and add -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' to CFLAGS when building luaunbound

  32. Guus

    is this the right commit to use? b4b293593d0ef64d623a54a8b8d2c1dea4c5e870

  33. Zash

    No

  34. Zash

    That's from 2015

  35. Guus

    ok, latest/greatest then? 8356eb09ebaa ?

  36. Zash

    Why even clone? Dowloading all history serves absolutely no purpose if you're just going to throw it all away and rebuild it from scratch next time

  37. Zash

    Everything about this is horrifying

  38. Guus

    Zash - at this point, I settle for 'horrifying, but functional'

  39. Guus

    as soon as we get it to work, I'm perfectly happy to wait for someone to improve things

  40. Guus

    but as things are, we have a broken system, with hardly anyone able to spend time on to get it back to work.

  41. Zash

    Even the tarballs like https://code.zash.se/luaunbound/archive/RRRRRRRRRRR.tar.gz would make more sense

  42. Ge0rG

    Ping Alex, what's the status of the Q1 membership election?

  43. Guus

    Zash, how do I properly pass arguments to CFLAGS? (i'm a java guy)

  44. Guus

    this does not compile: CFLAGS=-I/usr/include/lua5.1 -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' make

  45. Zash

    escape the space

  46. Guus

    this does not compile: CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' make

  47. Guus

    like that?

  48. Zash

    That should work

  49. Guus

    oh, that was an unintentional correction of my first message.

  50. Guus

    ok

  51. Ge0rG

    I think if you single-quote the doublequotes, they might become part of the variable

  52. Ge0rG

    but it depends on where you embed that. Either way, you don't need those ""

  53. Zash

    Not?

  54. jonas’

    Ge0rG, not?

  55. jonas’

    isn’t this supposed to become a C string?

  56. jonas’

    I don’t expect the C compiler to add "" to a -D

  57. Ge0rG

    Oh, wait

  58. Ge0rG

    yes, ignore everything I said.

  59. Zash

    I tested before I added all those quotes

  60. Ge0rG

    I'm not awake (yet).

  61. Guus

    Package lua-5.2 was not found in the pkg-config search path. Perhaps you should add the directory containing `lua-5.2.pc' to the PKG_CONFIG_PATH environment variable No package 'lua-5.2' found

  62. Guus

    I'm guessing the first argument is now ignored?

  63. Zash

    Pass LUA_VERSION=5.1

  64. Guus

    how?

  65. Guus

    export LUA_VERSION=5.1 <-- like that?

  66. Zash

    It's a variable just like CFLAGS

  67. Guus

    ok, so: LUA_VERSION=5.1 CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' make

  68. Guus

    ?

  69. Zash

    Don't think you need the path then

  70. Zash

    should be enough with `LUA_VERSION=5.1 CFLAGS='-DIANA_ROOT_TA_FILE="/usr/share/dns/root.ds"'`

  71. Guus

    trying that...

  72. MattJ

    And does the file exist?

  73. Guus

    slightly different fail: https://pastebin.com/wY7nNgaq

  74. Zash

    Try passing them as arguments to make instead of as env variables

  75. Guus

    make LUA_VERSION=5.1 CFLAGS='-DIANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' <-- ?

  76. Zash

    As in, `make LUA_VERSION=5.1 CFLAGS='...'`

  77. Zash

    yes

  78. Guus

    attempting...

  79. Zash

    MattJ: Assuming that package is installed, it should be: https://packages.debian.org/sid/all/dns-root-data/filelist

  80. Guus

    interestingly, the make install does this differently : make LUA_LIBDIR=/usr/local/lib/lua/5.1/ install

  81. Guus

    new error: https://pastebin.com/jzFKvyMx

  82. Zash

    What

  83. Zash

    Can't what

  84. Zash

    So you can't pass stuff to be merged into CFLAGS?

  85. Guus

    I have no clue what I'm doing.

  86. Zash

    Fighting Make

  87. Guus

    I never worked with lua before, I hardly ever touched make.

  88. Ge0rG

    `make lua work`

  89. Zash

    Guus: Ok, go back to passing the path but also do it as argument

  90. Guus

    make LUA_VERSION=5.1 CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"'

  91. Zash

    To

  92. Zash

    Now I get an infinite list of compiler errors

  93. Zash

    aaaah `make -B LUA_VERSION=5.1 CFLAGS='-fPIC -I/usr/include/lua5.1 -DIANA_ROOT_TA_FILE=\"/usr/share/dns/root.ds\"'`

  94. Zash

    Seven layers of escape hell

  95. Guus

    awesome, now make install fails 🙂

  96. Zash

    Why is it doing both that and copying it to ../util/ ?

  97. Guus

    I do not know

  98. Zash

    Try removing make install and copy it to ../ instead

  99. Guus

    that makes it pass, but makes the installation of verse (next Docker RUN) fail. I did comment some other steps to save some time though

  100. Guus

    or does that RUN depend on the environment variables that we're now no longer setting?

  101. Zash

    Which one?

  102. Guus

    RUN cd verse && ./configure && make && make install

  103. Zash

    Pretty sure the scope of variables like that is just that single command

  104. Guus

    hmm, maybe I commented something that was important

  105. Guus

    I'm retrying the entire script now

  106. Guus

    (which takes a while)

  107. Guus

    Successfully built 7322db74fe69

  108. Guus

    yey!

  109. Guus

    let's see if this fixes the bogus dnssec thingy

  110. Zash

    Didn't forget the debian package with the keys?

  111. Guus

    suggestions for a domain to test?

  112. Guus

    I added one package to the apt-get install line

  113. Guus

    the one you suggested.

  114. Zash

    Ought to work then

  115. Zash

    I have DNSSEC+DANE on my domain, zash.se, but I get a bit annoyed from the security alerts triggered by the test

  116. Zash

    Is the Retest link just a simple GET?

  117. Zash

    Probably getting triggered by web crawlers all the time

  118. Guus

    Tests appear to not even start now

  119. Guus

    test starts are a POST

  120. Guus

    bah, the poker process exits with exit code 1

  121. Guus

    whatever that means.

  122. Zash

    The 'Retest' link on individual result pages go to https://xmpp.net/submit.php?domain=DOMAIN&type=server

  123. jonas’

    Guus, you can test search.jabber.network

  124. jonas’

    (s2s)

  125. jonas’

    no wait, that domain doesn’t have DNSSEC

  126. jonas’

    but dreckshal.de should do

  127. Guus

    I currently can't test anything

  128. jonas’

    it has DNSSEC and needs properly working SRV

  129. jonas’

    sure, but when you need a target, you can use that

  130. pep.

    > Zash> Probably getting triggered by web crawlers all the time This ^

  131. jonas’

    Zash, ouch

  132. jonas’

    that needs fixing

  133. jonas’

    and explains *a lot*

  134. Guus

    Indeed - kindly raise an issue in github

  135. jonas’

    I don’t have my GH credentials at hand

  136. Guus

    Jonas', any idea how I can debug the poker?

  137. Guus

    or increase log output?

  138. Zash

    Can it still be run as a CLI script?

  139. jonas’

    Guus, sorry, -EBUSY

  140. Zash

    Guus: https://github.com/xmpp-observatory/xmppoke/issues/5

  141. Guus

    tx

  142. Guus

    Zash does this make sense to you? https://pastebin.com/1uG7ntvA

  143. Guus

    (That's my attempt at running it at the command line, unsure if I did that right)

  144. Zash

    Guus: remove "util." from that

  145. Guus

    util is only in the output

  146. Guus

    the command I issued was: luajit /opt/xmppoke/xmppoke.lua --mode=server --capath=/etc/ssl/certs/ca-certificates.crt -v -d=15 jabber.org

  147. Zash

    Somewhere in the source, there will be `require"util.lunbound"`

  148. Guus

    not in the xmppoke sources, it appears.

  149. Guus

    maybe a third party project?

  150. Zash

    https://code.zash.se/luaunbound-prosody/ probably, but I don't see where it fetches that

  151. Zash

    That stuff was split out into its own repo

  152. Guus

    a local file xmpppoke.lua has it

  153. Guus

    so, where's that in source...

  154. Zash

    https://github.com/xmpp-observatory/xmppoke/blob/master/squishy#L6

  155. Zash

    https://github.com/xmpp-observatory/xmppoke/blob/master/squishy#L8

  156. Guus

    Yeah, I don't know how to fix that.

  157. Zash

    Point it to https://code.zash.se/luaunbound-prosody/ and some more recent commit probably?

  158. Guus

    that got me to the next error: https://pastebin.com/Jscjys6f

  159. Zash

    It's right there: https://github.com/xmpp-observatory/xmppoke/blob/master/ciphertable.lua

  160. Guus

    how do I tell the code that? 😃

  161. pep.

    jonas’, https://github.com/xsf/xmpp.org/pull/501

  162. jonas’

    LGTM, but I don’t have my credentials here

  163. pep.

    k

  164. Guus

    wait, it matters from what directory I execute luajit?

  165. jonas’

    Guus, it might if what you’re running tries to import stuff which only exists in some directory

  166. Guus

    okay

  167. Guus

    so, If I execute from /opt/xmppoke, and move lunbind.so from /utils to the parent dir, something starts but reports a database error

  168. Guus

    that's likely my setup

  169. jonas’

    yeah, it wants to connect to the postgresql thing

  170. jonas’

    you should be able to make it work completely when you use my docker-compose thing

  171. Zash

    And that's where it stopped being useful as a CLI tool :(

  172. Guus

    right

  173. Guus

    okay... giving this another try...

  174. jonas’

    but I can’t really give support for the compose setup right now

  175. Guus

    I have compose set up, somewhat

  176. Zash

    Can I run away and hide from database issues now please?

  177. Guus

    but I had to go CLI to figure out what the error was.

  178. Guus

    You can run, but you cannot hide.

  179. Guus

    Thanks for your help though 🙂

  180. Guus

    success!

  181. Zash

    ÄNTLIGEN

  182. Guus

    Eindelijk!

  183. Ge0rG

    fhpprff!

  184. Guus

    https://github.com/xmpp-observatory/xmppoke/pull/6

  185. Guus

    let's tackle that POST issue too...

  186. Guus

    https://github.com/xmpp-observatory/xmppoke-frontend/pull/6

  187. Guus

    I'm declaring absolute and total succes.

  188. Guus

    those who disagree shall receive git commit access.

  189. Zash

    \o/

  190. pep.

    o/

  191. MattJ

    Yay!

  192. MattJ

    Thanks Guus

  193. pep.

    Guus, don't make it that simple to get git access

  194. Zash

    Let it be said that those who complains gets to fix it

  195. Guus

    I wonder what this does for the load on that machine

  196. pep.

    hmm, maybe we could also have added robots.txt

  197. pep.

    Thought POST is probably more effective

  198. Guus

    Feel free to PR

  199. pep.

    Though POST is probably more effective

  200. oli

    pep.: more effective in which way

  201. Zash

    Web robots aren't supposed to do POST requests

  202. Zash

    GET requests aren't supposed to have any effects

  203. Guus

    Also, as you questioned my absolute and total success: tag, you're it.

  204. pep.

    oli, less likely that bots do POST indeed, even if they ignore robots.txt

  205. Ge0rG

    Zash [12:16]: > Web robots aren't supposed to do POST requests Spam bots will POST every form they see with garbage.

  206. pep.

    I guess we'll see..

  207. pep.

    If I continue receiving alerts after that

  208. oli

    you can put a captcha...

  209. pep.

    please don't

  210. oli

    ;)

  211. oli

    GET is for getting stuff, POST for posting

  212. jonas’

    Ge0rG, sure, but that’s still better than having a standard search engine bot triggering insane amounts of xmpp.net tests because the submit action is a GET

  213. Guus

    Salvation is upon us!

  214. Zash

    At least with search engine bots it's unintentional

  215. Ge0rG

    jonas’: I fully agree

  216. lovetox

    really self ping is in last call?

  217. lovetox

    bit short timeframe to give for clients to implement but ok

  218. Ge0rG

    lovetox: we have two implementations, and it's a godsend.

  219. jonas’

    LC doesn’t need implementations

  220. jonas’

    CFE needs implementations

  221. Ge0rG

    lovetox: if you aren't on the train yet, your own fault

  222. lovetox

    whats cfe?

  223. jonas’

    lovetox, to Final

  224. jonas’

    (as opposed as to Draft)

  225. lovetox

    so thing that never happend since i joined xmpp and probably never will :D

  226. pep.

    I joined the xmpp-observatory org on github, but maybe I shouldn't have. More work for me now. Guus was that related to my comment about robots.txt? :)

  227. Guus

    pep.: That, and my promise. 😉

  228. Guus

    > Also, as you questioned my absolute and total success: tag, you're it. (This)

  229. pep.

    hah

  230. pep.

    I'm more of a RIIR person. But then real life comes in the way and nothing gets done