From baggins at pld-linux.org Wed Jan 4 13:22:19 2023 From: baggins at pld-linux.org (Jan =?utf-8?Q?R=C4=99korajski?=) Date: Wed, 4 Jan 2023 21:22:19 +0900 Subject: PLD Th 2022 snapshot released Message-ID: 2022 snapshot of PLD/Linux Th has been released. It is available on ftp://ftp.pld-linux.org/dists/th/2022/PLD/ and as poldek sources th-2022. The main highlights of this release are: kernels 6.1.1, 5.15.85, 5.10.161, 5.4.228, 4.19.269, 4.14.302, 4.9.336 and 4.4.302 (4.4 and 4.9 have vserver enabled) RPM 4.17.1.1 OpenSSL 3.0.7 GCC 12.2.0 LLVM 15.0.5 glibc 2.36 GNOME 42 KDE5 5.101 / 22.12 XFCE 4.18 -- Jan R?korajski | PLD/Linux SysAdm | bagginspld-linux.org | http://www.pld-linux.org/ From atler at pld-linux.org Tue Jan 17 12:23:40 2023 From: atler at pld-linux.org (Jan Palus) Date: Tue, 17 Jan 2023 12:23:40 +0100 Subject: x32 builder has network access Message-ID: <20230117112340.x3px3bsnbflcsqcc@pine.grzadka> Noticed during build of kodi-addon-inputstream-adaptive that contrary to x86_64 and i686, x32 builder downloaded external sources successfully: [ 2%] Performing download step (download, verify and extract) for 'bento4' cd /tmp/B.77a99ah0/BUILD/inputstream.adaptive-20.3.2-Nexus/build/bento4/src && /usr/bin/cmake -P /tmp/B.77a99ah0/BUILD/inputstream.adaptive-20.3.2-Nexus/build/bento4/src/bento4-stamp/download-bento4.cmake -- Downloading... dst='/tmp/B.77a99ah0/BUILD/inputstream.adaptive-20.3.2-Nexus/build/download/1.6.0-639-5-Nexus.tar.gz' timeout='none' inactivity timeout='none' -- Using src='https://github.com/xbmc/Bento4/archive/refs/tags/1.6.0-639-5-Nexus.tar.gz' -- Downloading... done From arekm at maven.pl Wed Jan 18 07:54:08 2023 From: arekm at maven.pl (=?UTF-8?Q?Arkadiusz_Mi=c5=9bkiewicz?=) Date: Wed, 18 Jan 2023 07:54:08 +0100 Subject: x32 builder has network access In-Reply-To: <20230117112340.x3px3bsnbflcsqcc@pine.grzadka> References: <20230117112340.x3px3bsnbflcsqcc@pine.grzadka> Message-ID: <50ef2c7b-a25c-e6d0-8da1-8ba2ede86bb5@maven.pl> On 17.01.2023 12:23, Jan Palus wrote: > Noticed during build of kodi-addon-inputstream-adaptive that contrary to > x86_64 and i686, x32 builder downloaded external sources successfully: bind was installed there and seems that even if there is no access to /etc/resolv.conf glibc fallbacks to querying 127.0.0.1:53 Uninstalled. The best would be to change UID of "builder" user used inside of chroot and drop all outgoing packets coming from it at iptables level. -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) From atler at pld-linux.org Wed Jan 18 09:56:14 2023 From: atler at pld-linux.org (Jan Palus) Date: Wed, 18 Jan 2023 09:56:14 +0100 Subject: x32 builder has network access In-Reply-To: <50ef2c7b-a25c-e6d0-8da1-8ba2ede86bb5@maven.pl> References: <20230117112340.x3px3bsnbflcsqcc@pine.grzadka> <50ef2c7b-a25c-e6d0-8da1-8ba2ede86bb5@maven.pl> Message-ID: <20230118085614.nsdje54wvcie3toy@pine> On 18.01.2023 07:54, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > On 17.01.2023 12:23, Jan Palus wrote: > > Noticed during build of kodi-addon-inputstream-adaptive that contrary to > > x86_64 and i686, x32 builder downloaded external sources successfully: > > bind was installed there and seems that even if there is no access to > /etc/resolv.conf glibc fallbacks to querying 127.0.0.1:53 > > Uninstalled. > > The best would be to change UID of "builder" user used inside of chroot > and drop all outgoing packets coming from it at iptables level. Or perhaps modify pld-builder to make each rpmbuild invocation in a new network namespace via `unshare -n -c`. That would effectively cut whole network for the process. From arekm at maven.pl Wed Jan 18 13:02:34 2023 From: arekm at maven.pl (=?UTF-8?Q?Arkadiusz_Mi=c5=9bkiewicz?=) Date: Wed, 18 Jan 2023 13:02:34 +0100 Subject: x32 builder has network access In-Reply-To: <20230118085614.nsdje54wvcie3toy@pine> References: <20230117112340.x3px3bsnbflcsqcc@pine.grzadka> <50ef2c7b-a25c-e6d0-8da1-8ba2ede86bb5@maven.pl> <20230118085614.nsdje54wvcie3toy@pine> Message-ID: <0a3caf78-d790-60c1-ac59-745a4aecd7a2@maven.pl> On 18.01.2023 09:56, Jan Palus wrote: > On 18.01.2023 07:54, Arkadiusz Mi?kiewicz via pld-devel-en wrote: >> On 17.01.2023 12:23, Jan Palus wrote: >>> Noticed during build of kodi-addon-inputstream-adaptive that contrary to >>> x86_64 and i686, x32 builder downloaded external sources successfully: >> >> bind was installed there and seems that even if there is no access to >> /etc/resolv.conf glibc fallbacks to querying 127.0.0.1:53 >> >> Uninstalled. >> >> The best would be to change UID of "builder" user used inside of chroot >> and drop all outgoing packets coming from it at iptables level. > > Or perhaps modify pld-builder to make each rpmbuild invocation in a new > network namespace via `unshare -n -c`. That would effectively cut whole > network for the process. We can try that... commited. -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) From qboosh at pld-linux.org Wed Jan 18 16:08:59 2023 From: qboosh at pld-linux.org (Jakub Bogusz) Date: Wed, 18 Jan 2023 16:08:59 +0100 Subject: rust on carme-x32 Message-ID: <20230118150859.GA5429@mail> Could rust be installed on carme-x32? I'd like to (try to) fix mozjs102 build (required for new gjs), but I cannot install rust myself because of x86_64 packages requirements. -- Jakub Bogusz http://qboosh.pl/ From qboosh at pld-linux.org Wed Jan 18 16:48:28 2023 From: qboosh at pld-linux.org (Jakub Bogusz) Date: Wed, 18 Jan 2023 16:48:28 +0100 Subject: x32 builder has network access In-Reply-To: <0a3caf78-d790-60c1-ac59-745a4aecd7a2@maven.pl> References: <20230117112340.x3px3bsnbflcsqcc@pine.grzadka> <50ef2c7b-a25c-e6d0-8da1-8ba2ede86bb5@maven.pl> <20230118085614.nsdje54wvcie3toy@pine> <0a3caf78-d790-60c1-ac59-745a4aecd7a2@maven.pl> Message-ID: <20230118154828.GA8943@mail> On Wed, Jan 18, 2023 at 01:02:34PM +0100, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > On 18.01.2023 09:56, Jan Palus wrote: > >On 18.01.2023 07:54, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > >>On 17.01.2023 12:23, Jan Palus wrote: > >>>Noticed during build of kodi-addon-inputstream-adaptive that contrary to > >>>x86_64 and i686, x32 builder downloaded external sources successfully: > >> > >>bind was installed there and seems that even if there is no access to > >>/etc/resolv.conf glibc fallbacks to querying 127.0.0.1:53 > >> > >>Uninstalled. > >> > >>The best would be to change UID of "builder" user used inside of chroot > >>and drop all outgoing packets coming from it at iptables level. > > > >Or perhaps modify pld-builder to make each rpmbuild invocation in a new > >network namespace via `unshare -n -c`. That would effectively cut whole > >network for the process. > > We can try that... commited. i686 and x86_64 say: "unshare: unshare failed: Operation not permitted" Still waiting for x32 (seems busy with openjdks). -- Jakub Bogusz http://qboosh.pl/ From atler at pld-linux.org Wed Jan 18 20:22:31 2023 From: atler at pld-linux.org (Jan Palus) Date: Wed, 18 Jan 2023 20:22:31 +0100 Subject: x32 builder has network access In-Reply-To: <20230118154828.GA8943@mail> References: <20230117112340.x3px3bsnbflcsqcc@pine.grzadka> <50ef2c7b-a25c-e6d0-8da1-8ba2ede86bb5@maven.pl> <20230118085614.nsdje54wvcie3toy@pine> <0a3caf78-d790-60c1-ac59-745a4aecd7a2@maven.pl> <20230118154828.GA8943@mail> Message-ID: <20230118192231.nrxycwnkd24hmtxb@pine> On 18.01.2023 16:48, Jakub Bogusz wrote: > On Wed, Jan 18, 2023 at 01:02:34PM +0100, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > > On 18.01.2023 09:56, Jan Palus wrote: > > >On 18.01.2023 07:54, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > > >>On 17.01.2023 12:23, Jan Palus wrote: > > >>>Noticed during build of kodi-addon-inputstream-adaptive that contrary to > > >>>x86_64 and i686, x32 builder downloaded external sources successfully: > > >> > > >>bind was installed there and seems that even if there is no access to > > >>/etc/resolv.conf glibc fallbacks to querying 127.0.0.1:53 > > >> > > >>Uninstalled. > > >> > > >>The best would be to change UID of "builder" user used inside of chroot > > >>and drop all outgoing packets coming from it at iptables level. > > > > > >Or perhaps modify pld-builder to make each rpmbuild invocation in a new > > >network namespace via `unshare -n -c`. That would effectively cut whole > > >network for the process. > > > > We can try that... commited. > > i686 and x86_64 say: > "unshare: unshare failed: Operation not permitted" Unfortunately it appears it's not possible to create user namespaces in a chroot: EPERM (since Linux 3.9) CLONE_NEWUSER was specified in flags and the caller is in a chroot environment (i.e., the caller's root directory does not match the root directory of the mount namespace in which it resides). From arekm at maven.pl Thu Jan 19 09:14:51 2023 From: arekm at maven.pl (=?UTF-8?Q?Arkadiusz_Mi=c5=9bkiewicz?=) Date: Thu, 19 Jan 2023 09:14:51 +0100 Subject: rust on carme-x32 In-Reply-To: <20230118150859.GA5429@mail> References: <20230118150859.GA5429@mail> Message-ID: <28b378e3-0b73-5618-78d2-87e241d15dc8@maven.pl> On 18.01.2023 16:08, Jakub Bogusz wrote: > Could rust be installed on carme-x32? > > I'd like to (try to) fix mozjs102 build (required for new gjs), but > I cannot install rust myself because of x86_64 packages requirements. > > Should be available now. -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) From qboosh at pld-linux.org Fri Jan 20 22:04:17 2023 From: qboosh at pld-linux.org (Jakub Bogusz) Date: Fri, 20 Jan 2023 22:04:17 +0100 Subject: rust on carme-x32 In-Reply-To: <28b378e3-0b73-5618-78d2-87e241d15dc8@maven.pl> References: <20230118150859.GA5429@mail> <28b378e3-0b73-5618-78d2-87e241d15dc8@maven.pl> Message-ID: <20230120210417.GA29356@mail> On Thu, Jan 19, 2023 at 09:14:51AM +0100, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > On 18.01.2023 16:08, Jakub Bogusz wrote: > >Could rust be installed on carme-x32? > > > >I'd like to (try to) fix mozjs102 build (required for new gjs), but > >I cannot install rust myself because of x86_64 packages requirements. > > > > > > Should be available now. I need cargo as well (requires 64-bit curl, libgit2 and openssl libs). -- Jakub Bogusz http://qboosh.pl/ From arekm at maven.pl Sat Jan 21 12:31:59 2023 From: arekm at maven.pl (=?UTF-8?Q?Arkadiusz_Mi=c5=9bkiewicz?=) Date: Sat, 21 Jan 2023 12:31:59 +0100 Subject: rust on carme-x32 In-Reply-To: <20230120210417.GA29356@mail> References: <20230118150859.GA5429@mail> <28b378e3-0b73-5618-78d2-87e241d15dc8@maven.pl> <20230120210417.GA29356@mail> Message-ID: On 20.01.2023 22:04, Jakub Bogusz wrote: > On Thu, Jan 19, 2023 at 09:14:51AM +0100, Arkadiusz Mi?kiewicz via pld-devel-en wrote: >> On 18.01.2023 16:08, Jakub Bogusz wrote: >>> Could rust be installed on carme-x32? >>> >>> I'd like to (try to) fix mozjs102 build (required for new gjs), but >>> I cannot install rust myself because of x86_64 packages requirements. >>> >>> >> >> Should be available now. > > I need cargo as well (requires 64-bit curl, libgit2 and openssl libs). Installed. -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org )