#archlinux32 | Logs for 2023-01-31

[00:46:02] -!- GNUtoo_ has joined #archlinux32
[00:46:23] -!- GNUtoo has quit [Ping timeout: 255 seconds]
[01:08:47] -!- T`aZ has quit [Ping timeout: 246 seconds]
[01:16:51] -!- T`aZ has joined #archlinux32
[01:26:55] -!- T`aZ has quit [Ping timeout: 248 seconds]
[01:28:56] -!- T`aZ has joined #archlinux32
[01:34:53] -!- T`aZ has quit [Ping timeout: 252 seconds]
[01:36:54] -!- T`aZ has joined #archlinux32
[01:55:28] <drathir_tor> KitsuWhooa: did You tried with user@ip:/path ?
[01:56:12] <KitsuWhooa> I don't specify user, but effectively, yes
[01:56:22] <KitsuWhooa> if I tab autocomplete, it autocompletes the path, so it knows it exists
[01:56:34] <drathir_tor> KitsuWhooa: also would try connect with bare ssh there could be issue with key exchange matching...
[01:56:49] <KitsuWhooa> that's how I ended up transferring the files I wanted
[01:56:58] <KitsuWhooa> I sshed to the other machine and sent them to the arch32 computer
[01:57:00] <KitsuWhooa> instead of pulling them
[01:57:23] <drathir_tor> oh if able to autocomplete remote side than key exchange seems fine aka not apply that idea...
[01:57:49] <KitsuWhooa> Yeah, that works fine
[02:03:38] <drathir_tor> KitsuWhooa: and asked about full form with userame, bc good keep in mind mostly if no specified user than automatch and connect with local username if pubkey is accepted but users differ there could be file saving permission issues that could explain why see files but cant write them...
[02:04:11] <KitsuWhooa> Wouldn't that throw a permission denied error then?
[02:05:02] <KitsuWhooa> Hmmmm
[02:05:10] <KitsuWhooa> it seems to work now? wtf
[02:05:33] <drathir_tor> KitsuWhooa: probably not sure tbh how specific it is with reporting permission issues not exist could match cant write...
[02:06:10] <KitsuWhooa> Hmmm. It seems like it's something on my end
[02:06:13] <KitsuWhooa> weird
[02:07:39] <KitsuWhooa> It seems to have something to do with escaping special characters
[02:07:54] <drathir_tor> thats quite interesting i would try verify if there isnt any special symbols in path name and as well if good remember lately was some changes with other understanding path ending with "/" and without it however no idea if related...
[02:08:03] <KitsuWhooa> the exact same rsync command works fine on my desktop, but fails on my arch32 laptop
[02:09:15] <KitsuWhooa> I don't have any arch (64) machines to test. Maybe they changed some policy on some upstream project
[02:11:54] <drathir_tor> KitsuWhooa: thats looks a bit like some "issue" change with path translation/matching... but still its just guess...
[02:12:39] <KitsuWhooa> it got even more weird
[02:12:58] <KitsuWhooa> I did mkdir "test folder" in my home folder on the remote machine, and that succeeded
[02:13:10] <KitsuWhooa> as in, rsync was able to send a file to that folder
[02:13:39] <KitsuWhooa> I did rsync file host:test\\\ folder/
[02:13:41] <KitsuWhooa> and it worked
[02:20:56] <drathir_tor> KitsuWhooa: at this point only and thats quite strange idea which come to my mind is some folder in between path have missing r permissions and rsync try recursively listing folders that would explain why locally can can access final path destination and crash while try rsync it...
[02:21:21] <KitsuWhooa> that doesn't explain why it works on one computer and not the other though, right?
[02:24:08] <drathir_tor> KitsuWhooa: yes it should be correct unless other pc used like for exampl connecting from root and at second from noemal user account...
[02:25:25] * drathir_tor slowly empty ideas bucket for this one... ;D
[04:16:27] <KitsuWhooa> abaumann: Assuming you see this in the logs; I got luajit working on i686
[04:19:56] <KitsuWhooa> I also learned that qemu-i386 -cpu pentium3 runs SSE2...
[09:56:09] -!- tmek has joined #archlinux32
[10:49:40] -!- pants has quit [Quit: bye]
[10:53:10] -!- pants has joined #archlinux32
[14:07:35] <bill-auger> the keyring is still meesed up - i can not verify any packages and i can not create any new chroots
[14:42:58] <bill-auger> ive been keeping my precious i686 chroot on life-support, by downloading packages and verifying manually outside the chroot, before installing into the chroot
[14:43:26] <bill-auger> but now im stuck on binutils 2.40 - pacman-key tells me that the key has expired
[14:47:33] <bill-auger> maybe someone else can confirm this - i tried on two different machines
[14:47:39] <KitsuWhooa> I assume you've tried to pacman -U the arch32-keyring package (without a .sig file present)
[14:47:44] <KitsuWhooa> it works for me just fine
[14:48:13] <bill-auger> i have the keyring installed - it has not changed sinve september
[14:48:26] <bill-auger> can you try?
[14:48:29] <KitsuWhooa> try what
[14:48:37] <bill-auger> $ wget http://pool.mirror.archlinux32.org
[14:48:38] <bill-auger> $ wget http://pool.mirror.archlinux32.org
[14:48:55] <bill-auger> sudo pacman-key --verify binutils-2.40-2.0-i686.pkg.tar.zst.sig
[14:48:57] <KitsuWhooa> sure
[14:49:39] <bill-auger> so far today, all other packages have verified in that way
[14:52:13] <KitsuWhooa> > gpg: Good signature from "Andreas Baumann (sign) <mail@andreasbaumann.cc>" [expired]
[14:52:27] <KitsuWhooa> guess we need to double poke abaumann :p
[14:53:23] <KitsuWhooa> fuse also fails for me
[14:53:35] <KitsuWhooa> as in, those packages don't verify either
[14:53:47] <KitsuWhooa> I guess this happened in the past few days
[15:05:53] <bill-auger> https://bugs.archlinux32.org
[15:05:55] <phrik> Title: FS#318 : [multiple]: Note: This key has expired! (at bugs.archlinux32.org)
[15:35:28] -!- abaumann has joined #archlinux32
[15:35:29] <buildmaster> Hi abaumann!
[15:35:29] <buildmaster> !rq abaumann
[15:35:31] <phrik> buildmaster: <abaumann> you can not take the blame all the time.. I also want my share. ;-)
[15:35:37] <KitsuWhooa> right on time :p
[15:35:51] <abaumann> mmh. the key:
[15:35:52] <abaumann> pub rsa2048 2017-11-02 [SC] [expires: 2024-01-29] 16194A82231E9EF823562181C8E8F5A0AF9BA7E7
[15:35:55] <abaumann> uid [ultimate] Andreas Baumann (sign) <mail@andreasbaumann.cc>
[15:35:58] <abaumann> sub rsa2048 2017-11-02 [E] [expires: 2024-01-29]
[15:36:00] <abaumann> ah.
[15:36:06] <abaumann> I think, it is not yet in the arch32 keyring
[15:37:04] <KitsuWhooa> it wouldn't say expired then though, right?
[15:37:25] <abaumann> I think, it would, as the one in the package is old.
[15:37:48] <abaumann> It should work though after a pacman-key --refresh (provided, my key prolongation propagated already)
[15:37:56] <abaumann> https://buildmaster-status.archlinux32.org
[15:38:02] <abaumann> also shows an expired key.
[15:38:09] <KitsuWhooa> that's a 403 :p
[15:38:15] <abaumann> I have to find out, how that graphviz thingy works..
[15:38:33] <abaumann> https://archlinux32.org
[15:38:35] <phrik> Title: Buildmaster for Archlinux32 packages (i486, i686, pentium4, any) (at archlinux32.org)
[15:38:36] <abaumann> sorry :-)
[15:39:07] <abaumann> https://archlinux32.org should be up to date..
[15:40:20] <abaumann> pub rsa4096 2020-01-20 [SC] [expired: 2021-12-31] 33CA3597B0D161AAE4173F65C17F1214114574A4
[15:40:23] <abaumann> uid [ expired] Archlinux 32 Release Key <release@archlinux32.org>
[15:40:30] <abaumann> oups, but cannot be the problem for signed packages..
[15:42:58] <abaumann> error: binutils: signature from "Andreas Baumann (sign) <mail@andreasbaumann.cc>" is unknown trust
[15:43:01] <abaumann> :: File /var/cache/pacman/pkg/binutils-2.40-2.0-pentium4.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
[15:43:04] <abaumann> Do you want to delete it? [Y/n]
[15:43:10] <abaumann> ok, at last, I can reproduce it.. fine.. :-)
[15:44:59] <abaumann> pacman-key --refresh "Andreas Baumann (sign) <mail@andreasbaumann.cc>"^
[15:45:05] <abaumann> refreshes from the Ubuntu server.
[15:46:55] <abaumann> so, that should be ok now.
[15:47:25] <abaumann> I'll make a new archlinux32-keyring package (I just have to find out how I get the keys.php keys automatically into the package or so)
[15:47:44] <abaumann> https://sources.archlinux32.org ah.
[15:47:55] <abaumann> ok, I have to create a source package with the keys first..
[15:48:17] <abaumann> mmh. all my build machines stopped working, could correlate.. :-)
[15:53:33] <abaumann> ldconfig: /usr/lib/libbfd.so is not an ELF file - it has the wrong magic bytes at the start.
[15:53:52] <abaumann> oups. this is a linker text file which is treated as ELF library, this is also wrong upstream.
[15:53:57] <abaumann> just a warning though..
[15:58:00] <abaumann> mmh update-keys in archlinux32-keyring updates _everything_, this sounds wrong..
[16:01:49] <abaumann> ok, I blindly trust this update script.. I have no choice..
[16:02:44] <abaumann> make dist needs a release key..
[16:02:49] <abaumann> I wonder where this one is..
[16:03:11] <bill-auger> IIRC its in the PKGBUILD
[16:03:31] <bill-auger> the validgpgkeys
[16:03:32] <abaumann> I mean, the key itselft for signing the tarball :-)
[16:03:46] <bill-auger> thats on the server in text form IIRC
[16:04:05] <abaumann> ah, maybe on the buildmaster, hang on..
[16:04:51] <abaumann> gpg: skipped "release@archlinux32.org": No secret key
[16:04:57] <abaumann> mmh. the hunt begins..
[16:05:19] <abaumann> release-key.asc
[16:05:23] <abaumann> sounds promising. :-)
[16:06:23] -!- tmek_ has joined #archlinux32
[16:10:03] -!- tmek has quit [Ping timeout: 246 seconds]
[16:52:09] <abaumann> Build master is not sane.
[16:53:20] <abaumann> I just remove the tmp.* files lately..
[16:53:58] <abaumann> so, I have to force build archlinux32-keyring with some prepared build machines not checking certs.. I really hope it works afterwards again..
[17:59:35] <abaumann> Sometimes I really wished I could build a package by hand without the buildmaster and just upload it manually into the repo.
[17:59:51] <abaumann> scheduling the build of archlinux32-keyring took now 1 hour..
[17:59:58] <abaumann> ..and it failed of course..
[18:45:25] <abaumann> gpg: skipped "0xC8E8F5A0AF9BA7E7": Unusable secret key
[18:45:25] <abaumann> gpg: signing failed: Unusable secret key
[18:45:27] <abaumann> huh?
[18:46:51] <abaumann> it's the day of expired PGP keys or what :-)
[18:47:47] <abaumann> Signature(s) is/are not fully trusted:
[18:47:47] <abaumann> find: missing argument to `-exec'
[18:47:57] <abaumann> now the build-package script runs in circles..
[18:50:33] <abaumann> [GNUPG:] NEWSIG
[18:50:33] <abaumann> [GNUPG:] KEYEXPIRED 1675142227
[18:50:33] <abaumann> [GNUPG:] KEY_CONSIDERED 16194A82231E9EF823562181C8E8F5A0AF9BA7E7 0
[18:50:33] <abaumann> [GNUPG:] KEYEXPIRED 1675142227
[18:50:33] <abaumann> [GNUPG:] SIG_ID mVyrfTJ+IxtC+3ZMED3w6Ix9eSw 2023-01-31 1675191000
[18:50:35] <abaumann> [GNUPG:] KEYEXPIRED 1675142227
[18:50:38] <abaumann> [GNUPG:] KEY_CONSIDERED 16194A82231E9EF823562181C8E8F5A0AF9BA7E7 0
[18:50:40] <abaumann> [GNUPG:] EXPKEYSIG C8E8F5A0AF9BA7E7 Andreas Baumann (sign) <mail@andreasbaumann.cc>
[18:50:43] <abaumann> [GNUPG:] VALIDSIG 16194A82231E9EF823562181C8E8F5A0AF9BA7E7 2023-01-31 1675191000 0 4 0 1 8 00 16194A82231E9EF823562181C8E8F5A0AF9BA7E7
[18:50:46] <abaumann> [GNUPG:] KEYEXPIRED 1675142227
[18:50:49] <abaumann> [GNUPG:] KEY_CONSIDERED 16194A82231E9EF823562181C8E8F5A0AF9BA7E7 0
[18:50:51] <abaumann> find: missing argument to `-exec'
[18:50:54] <abaumann> "return-assignment" was running already.
[18:50:56] <abaumann> I start to get rather annoyed..
[19:00:41] <abaumann> mmh. I manually imported the keys to the build machines, something is still wrong..
[19:03:34] <abaumann> I fear I cannot build a package because I'm signing it with a key which is itself not fully trusted.. so somebody else has to trust my key or so.. :-)
[19:03:38] <abaumann> giving up for now.
[19:03:39] -!- abaumann has quit [Quit: leaving]
[19:10:08] <drathir_tor> core/archlinux-keyring 20221220-1 20230130-1 maybe related...
[19:17:43] <drathir_tor> and in theory if package gpg key is outdated disable singing reinstall keyring and enable singing should made a trick...
[20:18:01] <girls> oops abaumann, my patch to the buildmaster has a flaw :)
[20:18:53] <girls> but it only affects the debug output - all the signing errors before that are real :(
[20:19:51] <girls> pub rsa2048 2017-11-02 [SC] [expired: 2023-01-31]
[20:19:51] <girls> 16194A82231E9EF823562181C8E8F5A0AF9BA7E7
[20:19:51] <girls> uid [ expired] Andreas Baumann (sign) <mail@andreasbaumann.cc>
[20:19:59] <girls> this is in the pacman keyring on the buildmaster
[20:20:12] <girls> and that's the reason, why your signature is not trusted anymore ;)
[20:21:02] <girls> I updated your key, you should be safe until 2024-01-30 ;)
[20:27:18] <girls> abaumann: your master key is not intended for releasing the keyring, there's a release key for that (I assumed, you once got a copy of the secret key for that)
[20:35:33] <girls> err, abauamm: your master key C426F2CED2D759ECEA1FA78A4BA3B2E330891150 expired O.o
[20:44:08] <bill-auger> erich's key is also expired - now every single package in the repos will not validate
[20:44:19] <girls> O.o
[20:44:35] <girls> there should be a still-valid version somewhere
[20:44:45] <girls> it might be, that the keyring package only has an expired version
[20:46:06] <bill-auger> the chicken-and-egg problem is that the which signed the keyring package is also expired
[20:46:53] <bill-auger> so even if a new keyring package is made now, every user will need to disable signature checking to install it
[20:47:11] <girls> 5FDCA472AB93292BC678FD59255A76DB9A12601A should be recent in the keyring package
[20:47:23] <girls> yeah, that's unfortunate
[20:47:36] <girls> actually, there *should* be some check in place, that warns beforehand
[20:48:31] <girls> one can always `curl -Ss https://archlinux32.org | gpg --homedir /etc/pacman.d --import`
[20:48:46] <girls> or with any other key-id, that's reported as outdated
[20:48:51] <girls> but still ... ugly
[20:48:53] <bill-auger> that is the expired key https://termbin.com
[20:49:23] <girls> no, that's the recent key
[20:49:30] <girls> $ https://archlinux32.org | gpg --show-keys
[20:49:30] <girls> bash: https://archlinux32.org No such file or directory
[20:49:30] <girls> gpg: no valid OpenPGP data found.
[20:49:32] <girls> bash-5.2$ curl -Ss https://archlinux32.org | gpg --show-keys
[20:49:34] <girls> pub rsa4096 2018-04-09 [SC] [expires: 2023-12-31]
[20:49:36] <girls> 5FDCA472AB93292BC678FD59255A76DB9A12601A
[20:49:38] <girls> uid Erich Eckner (just to sign arch packages) <arch-packages@eckner.net>
[20:49:40] <girls> uid Erich Eckner (just to sign arch packages) <arch@eckner.net>
[20:49:42] <girls> sub rsa4096 2018-04-09 [S] [expires: 2023-12-31]
[20:49:44] <girls> oops, pasted my typo, too :D
[20:51:25] <bill-auger> i understand that, but from pacman's perspective, it is expired - people will need to import the new key with curl | sudo bash
[20:51:45] <girls> yes, but there's no way around that, now
[20:51:58] <bill-auger> i will try it - otherwise i was going to try packaging archlinux32-keyring
[20:52:13] <bill-auger> there is for us - i cuold package it and sign the package with my key
[20:52:35] <girls> yeah, sounds good, feel free to make it less painful for your users :)
[20:53:16] -!- tmek has joined #archlinux32
[20:54:51] <girls> polichronucci's master key is also about to expire
[20:55:04] <girls> I wrote him an email, let's see, when we will have the next keyring package :D
[20:55:26] <girls> on the plus side, we still have 3 valid master keys
[20:56:07] -!- tmek_ has quit [Ping timeout: 252 seconds]
[20:56:49] <girls> err, abaumann: install the new archlinux32-keyring package from [releng] asap on your build slaves, otherwise all package builds fail >:-)
[21:02:26] <bill-auger> i confirm that fixed the problem
[21:03:11] <bill-auger> your command wwas wrong though - the -homedir is /etc/pacman.d/gnupg/
[21:03:18] <girls> I'll make sure to build and sign the new keyring package with my key, too :D
[21:03:32] <girls> ah, right
[21:03:42] <girls> just typed it from the top of my head
[21:05:52] <bill-auger> yes we need a new keyring also - it still wont help for andreas's packagesm unless the users runs pacman-key --refresh-keys
[21:06:12] <girls> It's in the pipes already
[21:06:16] <girls> https://archlinux32.org
[21:06:17] <phrik> Title: Arch Linux 32 - List of Build Slaves (at archlinux32.org)
[21:07:13] <bill-auger> ok wasnt sure - the last we knew <abaumann> giving up for now.
[21:07:31] <girls> yeah, he gave up, because he didn't have/find the release key
[21:16:36] <bill-auger> ok it was tricky but i think i got it
[21:16:37] <bill-auger> 1) import the master key with curl | sudo bash
[21:16:37] <bill-auger> 2) pacman-key --refresh-keys mail@andreasbaumann.cc
[21:16:37] <bill-auger> 3) pacman -S archlinux32-keyring
[21:16:54] <girls> 1) and 2) are basically the same
[21:17:03] <girls> just loads the keys from different locations
[21:17:21] <girls> i.e. you can curl both keys or you can refresh both keys
[21:17:47] <girls> with 1) you rely on our arch32 "keyserver", with 2) you rely on the ubuntu one (or whichever you configured in gpg)
[21:18:34] <bill-auger> no other keyserver would work - ubuntu does not cooperate in the network
[21:18:57] <bill-auger> ppl outside of ubuntu really should not use it
[21:19:23] <bill-auger> but for some strange reason, arch decided to make the ubuntu keyserver the default
[21:19:34] <girls> basically, I don't trust the keyserver network at all
[21:19:44] <girls> that's, why we have our own keyserver php script
[21:19:56] <girls> and all the keys are also in wkd (if my script didn't break)
[21:20:13] <bill-auger> refresh keys is a bad idea too - thats why i also needed to reinstal the keyring package
[21:21:13] <bill-auger> running --refresh-keys tends to destroy the trust level - re-installing the keyring package afterward restores the trust level
[21:21:24] <girls> ah, I see
[21:21:30] <girls> I always wondered, why it made things worse
[21:21:51] <bill-auger> so if abaumann's key can be fetched from the website also? - htat would be a better instructio to give ppl
[21:22:15] <girls> yes, just replace the keyid with his
[21:22:35] <bill-auger> we wondered for years - unexplained keyring issues - we slowly came to realize that --refresh-keys was the problem
[21:22:37] <girls> unfortunately, you need one curl command per key
[21:22:50] <girls> the script is really dumb
[21:23:27] <bill-auger> i would siggest downloading with wget - the running `gpg the.key` to check it
[21:23:56] <girls> importing bogus keys to the keyring is less harmful than it sounds
[21:23:57] <bill-auger> then import it, seeing that the key ID matches the original one in the keyring
[21:24:03] <girls> there's not a big point in checking
[21:24:32] <girls> the worst that can happen, is that you import a poisoned key and DoS you gpg
[21:24:37] <girls> *your
[21:24:57] <girls> it's not that all keys in the keyring will be trusted or something
[21:25:13] <girls> they have to be signed by your local master key
[21:26:26] <bill-auger> yer probably right - if the key was not in the keyring already, then it too would not be trusted upon import, and re-installing the keyring package would not change that
[21:29:03] <girls> hrm, now there's a db-update running on the buildmaster blocking everything :'-(
[21:35:32] <girls> time to go to bed
[21:35:35] <girls> cu
[21:40:13] <bill-auger> alright! it worked for my chroots too - now i can get back to fox wrestling
[21:40:57] <bill-auger> im on day #3 of my "get firefox 109 to compile for i686" journey - this was a relatively small speed bump in the road :)
[21:41:20] <KitsuWhooa> good luck :p
[21:41:21] <bill-auger> thanks for straightening it out so quickly
[21:41:55] <bill-auger> meh it doesnt need luck - just an unreasonable amount of persistence
[21:44:08] <bill-auger> in recent memory, only v105 beat me - one way or another, ive caoxed the other releases into submission
[21:45:06] <bill-auger> and the beauty of that insanity is, i dont know if anyone actually uses them
[21:45:44] <KitsuWhooa> I don't think I've ever tried firefox on i686, but I think my system is not powerful enough for it
[21:45:57] <KitsuWhooa> unless by i686 you mean arch32's pentium4 :p
[21:46:42] <bill-auger> i did about two years ago - if you have at leat 1GB RAM, it is usable except for some beastly websites
[21:47:16] <bill-auger> some websites will brong the computer to a halt
[22:41:21] -!- tmek has quit [Ping timeout: 252 seconds]
[23:32:00] -!- bill-auger has quit [Ping timeout: 264 seconds]
[23:34:47] -!- bill-auger has joined #archlinux32