daniels changed the topic of #freedesktop to: https://www.freedesktop.org infrastructure and online services || for questions about freedesktop.org projects, please see each project's contact || for discussions about specifications, please use https://gitlab.freedesktop.org/xdg or xdg@lists.freedesktop.org
mainrs has joined #freedesktop
mainrs has quit []
alanc has quit [Remote host closed the connection]
Kayden has joined #freedesktop
alanc has joined #freedesktop
dri-logger has quit [Remote host closed the connection]
marcheu has quit [Remote host closed the connection]
marcheu has joined #freedesktop
scrumplex has joined #freedesktop
dri-logger has joined #freedesktop
marcheu_ has joined #freedesktop
scrumplex_ has quit [Ping timeout: 480 seconds]
marcheu has quit [Ping timeout: 480 seconds]
navarre has joined #freedesktop
psykose has quit [Remote host closed the connection]
Guest3669 has quit [Write error: connection closed]
raghavgururajan has joined #freedesktop
psykose has joined #freedesktop
raghavgururajan is now known as Guest4265
glehmann has quit [Remote host closed the connection]
glehmann has joined #freedesktop
navarre has quit []
AbleBacon has quit [Read error: Connection reset by peer]
ghishadow has quit [Ping timeout: 480 seconds]
vx has quit [Quit: G-Line: User has been permanently banned from this network.]
vx has joined #freedesktop
blatant has joined #freedesktop
blatant has quit []
ghishadow has joined #freedesktop
<bentiss>
It's Friday morning and we have a gitlab security update pending... So how about I do it now?
blatant has joined #freedesktop
blatant has quit []
<bentiss>
FWIW, the release notes mention a minor bump of postgresql, so I'll also have to do it once the current gitlab migration ends
ximion has quit [Quit: Detached from the Matrix]
<daniels>
bentiss: go for it - it’s Easter so should be quiet
<bentiss>
hopefully :)
<bentiss>
right now the gitlab migration is still running... hopefully a restart/upgrade of the db will help for the next one
MrCooper has quit [Remote host closed the connection]
MrCooper has joined #freedesktop
f_ has joined #freedesktop
f_ has quit [Remote host closed the connection]
f_ has joined #freedesktop
f_ has quit [Remote host closed the connection]
f_ has joined #freedesktop
flom84 has joined #freedesktop
<emersion>
IPv6 is broken again
flom84 has quit [Quit: Leaving]
MajorBiscuit has joined #freedesktop
MajorBiscuit has quit [Ping timeout: 480 seconds]
MajorBiscuit has joined #freedesktop
vx has quit [Quit: G-Line: User has been permanently banned from this network.]
vx has joined #freedesktop
<__tim>
have sen multiple issues now with merge request merges failing but the commits actually successfully having been added to the main branch fwiw
<__tim>
manually pressing the merge button sorts it after it spins for a long time
mripard has quit [Remote host closed the connection]
MajorBiscuit has quit [Ping timeout: 480 seconds]
<bentiss>
__tim: the migration of the db didn't completely went through, so this is not overly surprising
<bentiss>
re-lauching it ATM
<bentiss>
sigh... main: == 20240212031520 SyncIndexForPCiBuildsPart3: migrated (12752.2315s) ========== that one took a little bit longer than the 1h timeout
MajorBiscuit has joined #freedesktop
guludo has joined #freedesktop
MajorBiscuit has quit [Ping timeout: 480 seconds]
MajorBiscuit has joined #freedesktop
mvlad has joined #freedesktop
MajorBiscuit has quit [Ping timeout: 480 seconds]
sima has joined #freedesktop
vx has quit [Quit: G-Line: User has been permanently banned from this network.]
vx has joined #freedesktop
MajorBiscuit has joined #freedesktop
Haaninjo has joined #freedesktop
MajorBiscuit has quit [Quit: WeeChat 4.2.1]
ximion has joined #freedesktop
<alanc>
Hopefully we don't have sshd installed in too many CI containers, because I know we have xz-utils installled in many of them (for "make distcheck" or "meson dist") and at least some are built using Debian testing or unstable: https://www.openwall.com/lists/oss-security/2024/03/29/4
___nick___ has joined #freedesktop
<mingdao>
Does your sshd link to lzma?
<mingdao>
Ours doesn't.
<mingdao>
xz-utils needs to be downgraded, probably.
<alanc>
apparently that depends on whether patches have been applied for systemd support in sshd
<alanc>
I don't have access to scan the CI containers to see which do or don't - that's a challenge for the gitlab admins
<bentiss>
alanc: our runners are pretty much trashable anytime, and are gate-kept by runner_gating.sh. So if we get attacked through this way, that mean we put too much trust in one person and can probably talk to them
<bentiss>
also you don't need such backdoor to gain access to them, it's fairly easy to escape the container jail given that they ar privileged
<bentiss>
but thanks for the heads up!
<bentiss>
side note: the migration still didn't complete, so that's a tad worrying
* bentiss
now restarts the db
* bentiss
now re-re-restart the db migration for gitrlab 16.10.1
<alanc>
I wasn't worried so much about our users doing bad things as much as someone external being able to break in that way, but I suppose they'd also have to be lucky enough to hit the small windows when each container is running, since for most projects they only run for a few minutes (I know we have some massive outliers like Mesa though)(
<bentiss>
alanc: but that bug shouldn't affect the host, only the container, and you can not directly ssh into a container AFAICT
<bentiss>
(because we already use port 22 on the host, so the container can not bind to it)
<alanc>
oh right, hadn't thought about the port already being bound
<bentiss>
\o/ the db migration now seems to be going further after the restart
<bentiss>
\o/ \o/ migration almost over
<bentiss>
\o/ \o/ \o/ migration done, now we need for webservice to kick in before we enter the era of gitlab 16.10
<bentiss>
alanc: also the containers are using a NAT behind the host, I don't think we use the host network
<bentiss>
and there we go. Gitlab 16.10.1 deployed (finally)
<alanc>
and I know all the CI containers I'd worked on don't have sshd, but I thought I'd seen some way to set it up so you could login to debug stuff, but perhaps I misremembered that
<bentiss>
well, there was a remote service which was doing reverse ssh tunneling that I disabled by redirecting it to 127.0.0.1, but otherwise you probably need some host configuration we don't have
<__tim>
bentiss, nice, seems snappier too, but maybe that's just the public holiday
<bentiss>
__tim: could also be the db that was stuck in limbos, because the migration was hitting some locks that couldn't be released
ghishadow has quit []
DodoGTA is now known as Guest4318
DodoGTA has joined #freedesktop
Guest4318 has quit [Ping timeout: 480 seconds]
__nick__ has joined #freedesktop
___nick___ has quit [Ping timeout: 480 seconds]
___nick___ has joined #freedesktop
__nick__ has quit [Ping timeout: 480 seconds]
vx has quit [Quit: G-Line: User has been permanently banned from this network.]
vx has joined #freedesktop
guludo has quit [Ping timeout: 480 seconds]
ximion has quit [Quit: Detached from the Matrix]
__nick__ has joined #freedesktop
___nick___ has quit [Ping timeout: 480 seconds]
mceier has quit [Quit: leaving]
mceier has joined #freedesktop
__nick__ has quit []
___nick___ has joined #freedesktop
___nick___ has quit []
vyivel has quit [Remote host closed the connection]
vyivel has joined #freedesktop
___nick___ has joined #freedesktop
psykose has quit [Remote host closed the connection]
AbleBacon has joined #freedesktop
flom84 has joined #freedesktop
___nick___ has quit [Remote host closed the connection]
flom84 has quit []
sima has quit [Ping timeout: 480 seconds]
vx has quit [Quit: G-Line: User has been permanently banned from this network.]
vx has joined #freedesktop
i-garrison has quit []
i-garrison has joined #freedesktop
mvlad has quit [Remote host closed the connection]
AbleBacon has quit [Read error: Connection reset by peer]