-
MattJ
Guus: that's provided by a package in Debian
-
Zash
If you build it from source you likely need to pass the path to the root keys yourself
-
Zash
Also, cloning a repo in a build script? Ugh
-
jonas’
Zash, that’s not the worst that thing does :D
-
jonas’
there’s a sed invocation in there
-
Ge0rG
"there’s a sed invocation in there" -- jonas’' standard answer
-
Zash
jonas’: I'm looking forward to your talk "sed - and when not to use it"
-
Ge0rG
Zash: 0 slides.
-
jonas’
Ge0rG, nah, I officially stated that you don’t wanna implement SCRAM in sed
-
Ge0rG
jonas’: you take awk for that?
-
jonas’
no, I don’t believe in awk
-
jonas’
I only believe in grep and sed
-
jonas’
never got around to learn awk (or even cut for that matter)
-
jonas’
I knew regular expressions well before I knew bash
-
Guus
Zash, could you help out please?
-
Ge0rG
I used to have a printout of http://ars.userfriendly.org/cartoons/?id=19990815 in my army locker.
-
Zash
Guus: How?
-
Guus
Zash: adjust this script to install luaunbound + the desired root key
-
Guus
https://github.com/xmpp-observatory/xmppoke/blob/master/Dockerfile
-
Guus
Ge0rG was in the army? 😱
-
Ge0rG
Guus: not a real army, just Bundeswehr
-
Zash
But Docker? :(
-
Guus
1. Make it work
-
Guus
2. Make it right
-
Guus
(also, Docker was requested by iteam for easy deployment, iirc)
-
Zash
You want horrible but working? `dig dnskey . > root.keys`
-
Zash
Securely obtaining root key material is an entire project of its own
-
Ge0rG
securely obtain them on your PC, type "echo $KEY > root.keys" into the dockerfile
-
Guus
guys, I do not know what this all means. Can one of you please do a PR with the required changes?
-
Zash
add dns-root-data to the apt line
-
Zash
and add -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' to CFLAGS when building luaunbound
-
Guus
is this the right commit to use? b4b293593d0ef64d623a54a8b8d2c1dea4c5e870
-
Zash
No
-
Zash
That's from 2015
-
Guus
ok, latest/greatest then? 8356eb09ebaa ?
-
Zash
Why even clone? Dowloading all history serves absolutely no purpose if you're just going to throw it all away and rebuild it from scratch next time
-
Zash
Everything about this is horrifying
-
Guus
Zash - at this point, I settle for 'horrifying, but functional'
-
Guus
as soon as we get it to work, I'm perfectly happy to wait for someone to improve things
-
Guus
but as things are, we have a broken system, with hardly anyone able to spend time on to get it back to work.
-
Zash
Even the tarballs like https://code.zash.se/luaunbound/archive/RRRRRRRRRRR.tar.gz would make more sense
-
Ge0rG
Ping Alex, what's the status of the Q1 membership election?
-
Guus
Zash, how do I properly pass arguments to CFLAGS? (i'm a java guy)
-
Guus
this does not compile: CFLAGS=-I/usr/include/lua5.1 -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' make✎ -
Zash
escape the space
-
Guus
this does not compile: CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' make ✏
-
Guus
like that?
-
Zash
That should work
-
Guus
oh, that was an unintentional correction of my first message.
-
Guus
ok
-
Ge0rG
I think if you single-quote the doublequotes, they might become part of the variable
-
Ge0rG
but it depends on where you embed that. Either way, you don't need those ""
-
Zash
Not?
-
jonas’
Ge0rG, not?
-
jonas’
isn’t this supposed to become a C string?
-
jonas’
I don’t expect the C compiler to add "" to a -D
-
Ge0rG
Oh, wait
-
Ge0rG
yes, ignore everything I said.
-
Zash
I tested before I added all those quotes
-
Ge0rG
I'm not awake (yet).
-
Guus
Package lua-5.2 was not found in the pkg-config search path. Perhaps you should add the directory containing `lua-5.2.pc' to the PKG_CONFIG_PATH environment variable No package 'lua-5.2' found
-
Guus
I'm guessing the first argument is now ignored?
-
Zash
Pass LUA_VERSION=5.1
-
Guus
how?
-
Guus
export LUA_VERSION=5.1 <-- like that?
-
Zash
It's a variable just like CFLAGS
-
Guus
ok, so: LUA_VERSION=5.1 CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' make
-
Guus
?
-
Zash
Don't think you need the path then
-
Zash
should be enough with `LUA_VERSION=5.1 CFLAGS='-DIANA_ROOT_TA_FILE="/usr/share/dns/root.ds"'`
-
Guus
trying that...
-
MattJ
And does the file exist?
-
Guus
slightly different fail: https://pastebin.com/wY7nNgaq
-
Zash
Try passing them as arguments to make instead of as env variables
-
Guus
make LUA_VERSION=5.1 CFLAGS='-DIANA_ROOT_TA_FILE="/usr/share/dns/root.ds"' <-- ?
-
Zash
As in, `make LUA_VERSION=5.1 CFLAGS='...'`
-
Zash
yes
-
Guus
attempting...
-
Zash
MattJ: Assuming that package is installed, it should be: https://packages.debian.org/sid/all/dns-root-data/filelist
-
Guus
interestingly, the make install does this differently : make LUA_LIBDIR=/usr/local/lib/lua/5.1/ install
-
Guus
new error: https://pastebin.com/jzFKvyMx
-
Zash
What
-
Zash
Can't what
-
Zash
So you can't pass stuff to be merged into CFLAGS?
-
Guus
I have no clue what I'm doing.
-
Zash
Fighting Make
-
Guus
I never worked with lua before, I hardly ever touched make.
-
Ge0rG
`make lua work`
-
Zash
Guus: Ok, go back to passing the path but also do it as argument
-
Guus
make LUA_VERSION=5.1 CFLAGS=-I/usr/include/lua5.1\ -D'IANA_ROOT_TA_FILE="/usr/share/dns/root.ds"'
-
Zash
To
-
Zash
Now I get an infinite list of compiler errors
-
Zash
aaaah `make -B LUA_VERSION=5.1 CFLAGS='-fPIC -I/usr/include/lua5.1 -DIANA_ROOT_TA_FILE=\"/usr/share/dns/root.ds\"'`
-
Zash
Seven layers of escape hell
-
Guus
awesome, now make install fails 🙂
-
Zash
Why is it doing both that and copying it to ../util/ ?
-
Guus
I do not know
-
Zash
Try removing make install and copy it to ../ instead
-
Guus
that makes it pass, but makes the installation of verse (next Docker RUN) fail. I did comment some other steps to save some time though
-
Guus
or does that RUN depend on the environment variables that we're now no longer setting?
-
Zash
Which one?
-
Guus
RUN cd verse && ./configure && make && make install
-
Zash
Pretty sure the scope of variables like that is just that single command
-
Guus
hmm, maybe I commented something that was important
-
Guus
I'm retrying the entire script now
-
Guus
(which takes a while)
-
Guus
Successfully built 7322db74fe69
-
Guus
yey!
-
Guus
let's see if this fixes the bogus dnssec thingy
-
Zash
Didn't forget the debian package with the keys?
-
Guus
suggestions for a domain to test?
-
Guus
I added one package to the apt-get install line
-
Guus
the one you suggested.
-
Zash
Ought to work then
-
Zash
I have DNSSEC+DANE on my domain, zash.se, but I get a bit annoyed from the security alerts triggered by the test
-
Zash
Is the Retest link just a simple GET?
-
Zash
Probably getting triggered by web crawlers all the time
-
Guus
Tests appear to not even start now
-
Guus
test starts are a POST
-
Guus
bah, the poker process exits with exit code 1
-
Guus
whatever that means.
-
Zash
The 'Retest' link on individual result pages go to https://xmpp.net/submit.php?domain=DOMAIN&type=server
-
jonas’
Guus, you can test search.jabber.network
-
jonas’
(s2s)
-
jonas’
no wait, that domain doesn’t have DNSSEC
-
jonas’
but dreckshal.de should do
-
Guus
I currently can't test anything
-
jonas’
it has DNSSEC and needs properly working SRV
-
jonas’
sure, but when you need a target, you can use that
-
pep.
> Zash> Probably getting triggered by web crawlers all the time This ^
-
jonas’
Zash, ouch
-
jonas’
that needs fixing
-
jonas’
and explains *a lot*
-
Guus
Indeed - kindly raise an issue in github
-
jonas’
I don’t have my GH credentials at hand
-
Guus
Jonas', any idea how I can debug the poker?
-
Guus
or increase log output?
-
Zash
Can it still be run as a CLI script?
-
jonas’
Guus, sorry, -EBUSY
-
Zash
Guus: https://github.com/xmpp-observatory/xmppoke/issues/5
-
Guus
tx
-
Guus
Zash does this make sense to you? https://pastebin.com/1uG7ntvA
-
Guus
(That's my attempt at running it at the command line, unsure if I did that right)
-
Zash
Guus: remove "util." from that
-
Guus
util is only in the output
-
Guus
the command I issued was: luajit /opt/xmppoke/xmppoke.lua --mode=server --capath=/etc/ssl/certs/ca-certificates.crt -v -d=15 jabber.org
-
Zash
Somewhere in the source, there will be `require"util.lunbound"`
-
Guus
not in the xmppoke sources, it appears.
-
Guus
maybe a third party project?
-
Zash
https://code.zash.se/luaunbound-prosody/ probably, but I don't see where it fetches that
-
Zash
That stuff was split out into its own repo
-
Guus
a local file xmpppoke.lua has it
-
Guus
so, where's that in source...
-
Zash
https://github.com/xmpp-observatory/xmppoke/blob/master/squishy#L6
-
Zash
https://github.com/xmpp-observatory/xmppoke/blob/master/squishy#L8
-
Guus
Yeah, I don't know how to fix that.
-
Zash
Point it to https://code.zash.se/luaunbound-prosody/ and some more recent commit probably?
-
Guus
that got me to the next error: https://pastebin.com/Jscjys6f
-
Zash
It's right there: https://github.com/xmpp-observatory/xmppoke/blob/master/ciphertable.lua
-
Guus
how do I tell the code that? 😃
-
pep.
jonas’, https://github.com/xsf/xmpp.org/pull/501
-
jonas’
LGTM, but I don’t have my credentials here
-
pep.
k
-
Guus
wait, it matters from what directory I execute luajit?
-
jonas’
Guus, it might if what you’re running tries to import stuff which only exists in some directory
-
Guus
okay
-
Guus
so, If I execute from /opt/xmppoke, and move lunbind.so from /utils to the parent dir, something starts but reports a database error
-
Guus
that's likely my setup
-
jonas’
yeah, it wants to connect to the postgresql thing
-
jonas’
you should be able to make it work completely when you use my docker-compose thing
-
Zash
And that's where it stopped being useful as a CLI tool :(
-
Guus
right
-
Guus
okay... giving this another try...
-
jonas’
but I can’t really give support for the compose setup right now
-
Guus
I have compose set up, somewhat
-
Zash
Can I run away and hide from database issues now please?
-
Guus
but I had to go CLI to figure out what the error was.
-
Guus
You can run, but you cannot hide.
-
Guus
Thanks for your help though 🙂
-
Guus
success!
-
Zash
ÄNTLIGEN
-
Guus
Eindelijk!
-
Ge0rG
fhpprff!
-
Guus
https://github.com/xmpp-observatory/xmppoke/pull/6
-
Guus
let's tackle that POST issue too...
-
Guus
https://github.com/xmpp-observatory/xmppoke-frontend/pull/6
-
Guus
I'm declaring absolute and total succes.
-
Guus
those who disagree shall receive git commit access.
-
Zash
\o/
-
pep.
o/
-
MattJ
Yay!
-
MattJ
Thanks Guus
-
pep.
Guus, don't make it that simple to get git access
-
Zash
Let it be said that those who complains gets to fix it
-
Guus
I wonder what this does for the load on that machine
-
pep.
hmm, maybe we could also have added robots.txt
-
pep.
Thought POST is probably more effective✎ -
Guus
Feel free to PR
-
pep.
Though POST is probably more effective ✏
-
oli
pep.: more effective in which way
-
Zash
Web robots aren't supposed to do POST requests
-
Zash
GET requests aren't supposed to have any effects
-
Guus
Also, as you questioned my absolute and total success: tag, you're it.
-
pep.
oli, less likely that bots do POST indeed, even if they ignore robots.txt
-
Ge0rG
Zash [12:16]: > Web robots aren't supposed to do POST requests Spam bots will POST every form they see with garbage.
-
pep.
I guess we'll see..
-
pep.
If I continue receiving alerts after that
-
oli
you can put a captcha...
-
pep.
please don't
-
oli
;)
-
oli
GET is for getting stuff, POST for posting
-
jonas’
Ge0rG, sure, but that’s still better than having a standard search engine bot triggering insane amounts of xmpp.net tests because the submit action is a GET
-
Guus
Salvation is upon us!
-
Zash
At least with search engine bots it's unintentional
-
Ge0rG
jonas’: I fully agree
-
lovetox
really self ping is in last call?
-
lovetox
bit short timeframe to give for clients to implement but ok
-
Ge0rG
lovetox: we have two implementations, and it's a godsend.
-
jonas’
LC doesn’t need implementations
-
jonas’
CFE needs implementations
-
Ge0rG
lovetox: if you aren't on the train yet, your own fault
-
lovetox
whats cfe?
-
jonas’
lovetox, to Final
-
jonas’
(as opposed as to Draft)
-
lovetox
so thing that never happend since i joined xmpp and probably never will :D
-
pep.
I joined the xmpp-observatory org on github, but maybe I shouldn't have. More work for me now. Guus was that related to my comment about robots.txt? :)
-
Guus
pep.: That, and my promise. 😉
-
Guus
> Also, as you questioned my absolute and total success: tag, you're it. (This)
-
pep.
hah
-
pep.
I'm more of a RIIR person. But then real life comes in the way and nothing gets done