November 22 2017 @20:30 UTC 🔼

Meet here: https://vdc.dyne.org/devuan

  • Please post notes prior to the meet.
  • Please add your name as 'Present' below when you get to the meet.
  • When adding a comment in someone else's notes, please pre-pend your name like this: (whoever) whatever . . .

Present: blinkdog, evilham, golinux, rrq

Agenda 🔼

Old Business 🔼

  • ACTION: @everybody propose viable solutions for the CDN setup for package mirrors
  • (parazyd) discuss on the email thread
  • atm we have several offers for mirrors
  • 6 package mirrors are active at the moment
  • there are two options:
    • ACTION: rebuild jessie ISOs (point release 1.1?) (with updated packages (~130 out of date (mostly jessie-security) packages)) and including new devuan-keyring
    • (Evilham) this would imply re-building the live isos (fsmithred), arm images (parazyd) and minimal-live (KatolaZ) besides regular installer (jaromil/Centurion_Dan)
    • (fsmithred) No problem with making new live isos. Installer has some corrections and should be updated in the isos.
  • (rejected) leaving isos as is: keeping auto.mirror a CNAME for packages.do
  • ACTION: @everybody make proposals for a suitable backup strategy, on to it. top of instance redundancy
  • utilize the mailinglist for this
  • NEEDS MORE DISCUSSION
  • ACTION: @everybody test all possible install/update/upgrade (IN
  1. paths involving ASCII and document
  • Example of upgrade paths:
    • Fresh ASCII install
    • Debian/Jessie -> Devuan/ASCII
    • Devuan/Jessie -> Devuan/ASCII
    • Debian/Stretch -> Devuan/ASCII
  • (fsmithred) Which display manager for fresh ascii install? Fix slim or change deps in task-xfce-desktop.
  • ACTION: We need to discuss how we will attend the transitional udev
  1. Talk to parazyd for more info.
  • (discuss this meeting)
    • transitional packages (only a control file/empty packages)
    • decision: let's make an entire package with a debian dir on git.do/devuan-packages/udev (will be done by parazyd and gnu_srs)
  • ACTION: base-files were updated by Evilham. Needs review.
  • won't build on jenkins :(
  • also try forcing on build_amd64 to see if ascii/jessie is the culprit try overriding "dh binary-indep"
  • ACTION: https://bugs.devuan.org/db/78/78.html
  • For beowulf+: make a patch for Debian: (add vendor file)
  • For ascii: fork with the vendor file added
  • consider having deb.devuan.org as the round-robin instead of auto.mirror to support all the mirors immediately in ascii
  • ACTION: build util-linux for ascii (KatolaZ, parazyd, Evilham, Centurion_Dan)
  • ACTION: https://bugs.devuan.org/db/12/124.html
  • Jaromil or Centurion Dan have root on packages.do
  • The nginx config on pkgmaster can be used to close this bug.

Dan's Actions 🔼

  • ACTION: @CenturionDan will have a look at building util-linux for ascii (the build is stuck due to circular deps) -- Dan has past experience on that (+ anyone else, please look into this ASAP; ~parazyd)
  • (gnu_srs) @CenturionDan: Please try to find the time to fix the build
  • No progress for six weeks (https://git.devuan.org/devuan-packages/util-linux/activity).
  • this can be blocking (e)udev
    • (gnu_srs) No, it is related to openrc
  • ACTION: more people need access to dak and knowledge about its
  1. we are not able to delete debs from repos, nor do any kind of other operations.
  • dak is also still undocumented in infrastructure_doc
  • ACTION: ascii-proposed and experimental don't offer deb-src.
  • @Centurion_Dan: Please have a look.
  • ACTION: delete our forked openssh packages from the repositories
  • Not only ssh, also openvpn and other packages. (cups comes to mind
  • Proposed ACTION: d1dev Webinar Series (wishlist)
  • Subject: How I Learned to Stop Worrying and Love the Debian Installer
  • Presenter: CenturionDan
  • Time/date/location TBA

Actions in Process 🔼

  • ACTION: @everybody complete the proposed ASCII ROADMAP (IN PROCESS)
  • ACTION there is an instance on ganeti for a newer files.devuan.org (KatolaZ)
  • ACTION: @parazyd MATE ~~and Cinnamon~~ repos by Antofox
  • cinnamon will be attended once MATE is done
  • Packages have now been moved to devuan-packages, and will be built in due time. (from ascii roadmap)
  • ACTION: @KatolaZ GitLab updates
  • see what to do with gitlab updates
    • (golinux) Discuss after ascii gets out the door
  • ACTION: (Evilham) Trying to straighten up devuan-baseconf: https://git.devuan.org/evilham/devuan-baseconf/commits/suites/unstable
  • Delete suites/jessie-proposed as that is behind suites/jessie
  • suites/jessie contains what is currently in suites/jessie
  • New version would be 6.5 in unstable, 6.5+devuan1 in jessie-proposed and 6.5+devuan2 in ascii
  • Related bugs:

Ongoing Actions 🔼

  • (KatolaZ) set up the second new server as soon as it is ordered - Jaromil!
  • (KatolaZ) add documentation to the configuration of pkgmaster (mirror-admin)

New Business 🔼

New Actions 🔼

golinux 🔼

msi 🔼

  • FOD wiki: blinkdog has admin access now.
  • Devuan documentation: Please see https://friendsofdevuan.org/doku.php/devuan_doc:start
  • Is everybody okay with the nomenclature ("(Devuan) manual", "Guides", "Howtos")?
  • It is inspired by Debian's categorization of docs, but more consistent (For example, what Debian calls an installation guide, covers far more than just the installation and may sometimes be called installation manual and such.).
  • While the manual would be the general reference point for what Devuan is, how to install and use it, guides would deal with specific bigger topics (e.g. networking) en detail, while howtos would be more pragmatic problem-solving oriented docs.

KatolaZ (not attending) 🔼

  • all instances are now on newtonia / nemesis still up as secondary
  • included some automatic checks for package mirrors
  • (with rrq) helped facing the DDOS on Sun/Mon. Working on a detailed post-mortem. Will post an update.
  • InBrief: git.devuan.org was DDOSed by two commercial crawlers. gitlab simply cannot stand anything more than a few concurrent connections, and we had hundreds, from hundreds different hosts in
    1. The mitigation consisted in automatically firewalling the offending IPs. The correct solution would be to replace gitlab with something much lighter, IMHO.
  • jaromil bought the new node (identical to newtonia). Will start working at it ASAP, so that we can switch nemesis off soon.

blinkdog 🔼

parazyd (not attending; write below if there are any questions) 🔼

  • amprolla3 is now running as a cron job in production
  • thanks to katolaz i will also receive email alerts if something is wrong
  • still waiting on anyone to look into util-linux/init-system-helpers
  • (KatolaZ) I could not look into it -- sorry. Will try tomorrow if I can
  • didn't do much on the transitional udev packages (need to catch up with gnu_srs)
  • (evilham) is pkgmaster.devuan.org/oldpackages.txt up-to-date and complete? :) there are surprisingly few packages

Centurion Dan: 🔼

  • won't make the meeting due to another appointment
  • will post more notes later...
  • expect me to be much more active beginning next week
  • Ran a refracta ascii snapshot with 4.12 on an AMD Ryzen7 bench test system with ECC ram and ECC works properly!!!
  • see https://transfer.sh/y6yg0/20171122_155430.jpg
  • this is important to me as it will be the base platform for all my "server

Evilham 🔼

  • Fixed pipeline failure with KatolaZ for devuan-www (well, we just removed it, indeed... - KatolaZ)
  • ci.devuan.org - setup monit to restart Jenkins when it misbehaves and a notification should be sent on IRC to #devuan-bot
  • Related to the point before:
  • There is an HTTPS --> IRC gateway running on: https://evilham.com/devuan-bot/ (that way we only monit had to be installed on CI and it's trivial to write notifications for bots)
  • See blinkdog's section for a "PkgShaper" bot.
  • Researched the CDN situation, quite confident mirrorbits is a good solution for Devuan's needs: https://github.com/etix/mirrorbits
  • It was developed for use on VLC, which uses _huge_ amount of bandwidth and many of their mirrors are also FDO mirrors (and full debian mirrors and may be open to be PDO mirrors)
  • In order to deploy that, we'd have to set up a around 3 machines distributed geographically, they can be very tiny but have to be able to host a PDO mirror. TLS certs can be properly set up for these machines.
  • We'd use DNS round robin for them, they'd extremely rarely serve files themselves, the local copy would be used to compare against files on the mirrors.
  • The way mirrorbits works is basically by checking periodically mirror availability and validity When a user hits these mirror entrypoints (to give 'em a name), mirrorbits decides which server is going to be the best and tries to distribute the load amongst nearby mirrors.
  • It uses standard HTTP(S) redirects, basically it'd add a bit of latency to the first connection, after that apt* should deal directly with the "assigned" mirror
  • (anonymous) how much traffic do pdo mirrors / pkgmaster use?
    • (evilham) Who's asking? :) It's a bit unclear, one of the advantages of mirrorbits is that we can help keep bandwidth limits in line. However if users were to use a specific mirror directly, there's nothing we can do.
  • (KatolaZ) what about certificate distribution? This seems a quite delicate problem to me. Either Devuan owns the machines in the CDN, or we would not be able to provide HTTPS support