|
Packages | Stable | Bug Report | Very Low | Very Low | [fail2ban] update dovecot failregex to support verbose ... | Unconfirmed | |
Task Description
Description: The /etc/fail2ban/filter.d/dovecot.conf file has a failregex with the following:
^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$
and works with things like:
Month day time hostname dovecot: auth: passwd-file(user@domain.com,IP): unknown user
but with verbosity enabled in Dovecot, this output looks like this:
Month day time hostname dovecot: auth: passwd-file(user@domain.com,IP): unknown user (given password: password)
and in this case it doesn’t work, but it does if we fix the failregex if we replace it with:
^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user( \(given password: \S*\))?\s*$
with this new expression, it works with and without verbosity
And regarding postfix, to make it work correctly I “backported” some pieces from newest failregex:
/etc/fail2ban/postfixr-rbl.conf:
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: [45]54 [45]\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
/etc/fail2ban/postfix.conf: (second failregex)
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 45[04] 4\.7\.1 Client host rejected: cannot find your (reverse )?hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
I can create a patch if you want. Note that I haven’t tested all filters, some others may also need some rework
Additional info: * fail2ban-0.9.6-2.hyperbola3
|
|
Packages | Any | Freedom Issue | Medium | Medium | [filesystem] Review of permissions | Unconfirmed | |
Task Description
Description: Packages leaves warnings about installation being within difference of the filesystem. So the package filesystem should get another review in time and warnings get therefore a solution.
|
|
Packages | Any | Bug Report | Low | Medium | [cryptsetup] when dmcrypt start, the "/" filesystem, m... | Assigned | |
Task Description
When dmcrypt service start, the “/” filesystem is remounted, mtab is updated and bootmisc is recording the login users, by waiting time scheduling:
* root: waiting for dmcrypt (50 seconds)
* root: timed out waiting for dmcrypt
* Remounting root filesystem read/write ...
* Remounting filesystems ...
* mtab: waiting for dmcrypt (50 seconds)
* mtab: timed out waiting for dmcrypt
* Updating /etc/mtab ...
* Creating mtab symbolic link
* bootmisc: waiting to dmcrypt (50 seconds)
* bootmisc: timed out waiting for dmcrypt
* Creating user login records ...
These features on dmcrypt service are useless and these lines print above filesystem passphrase order (the printed line), those ones break printed console and print the pressed keyboard digit when I’m setting up password. Sometimes this breaks services startup, and I need press “enter” consecutively to allow run the services.
|
|
Packages | Stable | Bug Report | Very Low | Very Low | [spamassassin] has different directory permissions than... | Deferred | |
Task Description
Description: The /usr/sbin directory in spamassassin has permissions 755 https://git.hyperbola.info:50100/packages/extra.git/tree/spamassassin/PKGBUILD#n88
And ‘filesystem’ sets it to 750 https://git.hyperbola.info:50100/packages/core.git/tree/filesystem/PKGBUILD#n135
So when installing spamassassin, pacman throws a warning
warning: directory permissions differ on /usr/sbin/
filesystem: 750 package: 755
Additional info: * spamassassin 3.4.2-1.hyperbola2
|
|
Packages | Stable | Bug Report | Very Low | Very Low | [postfix] has different directory permissions than 'fil... | Deferred | |
Task Description
Description: The /usr/sbin directory in postfix has permissions 755 https://git.hyperbola.info:50100/packages/extra.git/tree/postfix/PKGBUILD#n115
And ‘filesystem’ sets it to 750 https://git.hyperbola.info:50100/packages/core.git/tree/filesystem/PKGBUILD#n135
So when installing postfix, pacman throws a warning
warning: directory permissions differ on /usr/sbin/
filesystem: 750 package: 755
Additional info: * postfix-3.2.2-1.hyperbola6
|
|
Services | HyperWeb Issue | Bug Report | Very Low | Low | RSS needs fixing | Unconfirmed | |
Task Description
Seems deleted items reappearing in the Hyperbola feeds since it gives its feed items empty ID string.
|
|
Services | Flyspray Issue | Security Issue | Very Low | Low | After account confirmation, crypt: No salt parameter wa... | Unconfirmed | |
Task Description
After confirming the newly created account (typing the confirmation code, the passwoard and its confirmation, and clicking the button to continue), the following error appears:
Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /srv/http/flyspray/includes/class.flyspray.php on line 656
The account login seems to work normaly.
|
|
Services | HyperWiki/DokuWiki | Bug Report | Medium | Low | Wiki search feature is broken, taskrunner has stopped t... | In Progress | |
Task Description
The search feature on our wiki seems to be broken,
Only very early wiki page articles seem to have been tracked. Everything created in the last few years was not tracked, so pages cannot be found on index by search feature, https://www.dokuwiki.org/faq:searchindex. Nontheless we should fix this given currently is already quite hard to find articles, fortunately our wiki is not yet big enough for search to be a necessity.
Has you can see in https://wiki.hyperbola.info/doku.php?id=&do=index the are many pages(articles/files) and namespaces(directories) inside en: namespace but if you search for articles on search you will realize most will not show up https://wiki.hyperbola.info/doku.php?do=search&id=start&sf=1&q=en, another example is when you search “system” this is a word used many times in our wiki, but here you notice again not much references https://wiki.hyperbola.info/doku.php?do=search&id=start&sf=1&q=system
This issue is related to new pages not being tracked by taskrunner on the search index of our wiki, given it doesnt seem to automatically re-create said index like it normally should, https://www.dokuwiki.org/taskrunner. So in the case something is broken on search like it is our case, check https://www.dokuwiki.org/search#some_background_on_the_searchindex for more information and https://www.dokuwiki.org/faq:searchindex could also be relevant.
We have 2 option to fix it: 1. there is a command line tool included in DokuWiki in case you prefer that (and in case you have shell access to the server), https://www.dokuwiki.org/cli#indexerphp. And secondly there is search_index plugin for a admin GUI instead, https://www.dokuwiki.org/plugin:searchindex This won’t fix the search index permanently, the search index needs to be updated whenever a page is changed, ours seams broken, this is normally triggered by this task runner, in a form of a image file that should also be in our custom template (I assume this is the root cause on our problem not being in template, https://www.dokuwiki.org/template): “The indexing process is triggered by a small image embedded in the template which will call the indexing script. If you use a third party template, the template developer might have forgotten to add this “webbug” in the template. You should check your main.php template for the existence of the tpl_indexerWebBug() function.” or maybe (another plugin might be the root cause for this breakage).
Related but irrelevant: So we first need to fix our search index has discribed abouve before trying to use the move plugin again.
TODO > “Add search_index_plugin so wiki admins can also fix this without shell acess to server but through GUI”
|
|
Software Development | chroot-nspawn | Bug Report | Medium | Medium | [chroot-nspawn] Create mount points if mountpoint exit ... | Unconfirmed | |
Task Description
The actual behavior is to create mount points if mountpoint exits with exit status 1, however it may also exit with code 32 and thus creating a real mess:
$ sudo chroot-nspawn
Spawning container megver83 on /var/lib/archbuild/chroot1/megver83
Press ^] three times within 1s to kill container.
mount: /sys/fs/cgroup: mount point does not exist.
mkdir: cannot create directory '/sys/fs/cgroup/blkio': No such file or directory
ln: failed to create symbolic link '/sys/fs/cgroup/cpu': No such file or directory
ln: failed to create symbolic link '/sys/fs/cgroup/cpuacct': No such file or directory
mkdir: cannot create directory '/sys/fs/cgroup/cpu,cpuacct': No such file or directory
mkdir: cannot create directory '/sys/fs/cgroup/cpuset': No such file or directory
mkdir: cannot create directory '/sys/fs/cgroup/devices': No such file or directory
mkdir: cannot create directory '/sys/fs/cgroup/freezer': No such file or directory
mkdir: cannot create directory '/sys/fs/cgroup/memory': No such file or directory
ln: failed to create symbolic link '/sys/fs/cgroup/net_cls': No such file or directory
mkdir: cannot create directory '/sys/fs/cgroup/net_cls,net_prio': No such file or directory
ln: failed to create symbolic link '/sys/fs/cgroup/net_prio': No such file or directory
mkdir: cannot create directory '/sys/fs/cgroup/pids': No such file or directory
mkdir: cannot create directory '/sys/fs/cgroup/systemd': No such file or directory
mount: /sys/fs/cgroup/blkio: mount point does not exist.
mount: /sys/fs/cgroup/cpuset: mount point does not exist.
mount: /sys/fs/cgroup/devices: mount point does not exist.
mount: /sys/fs/cgroup/freezer: mount point does not exist.
mount: /sys/fs/cgroup/memory: mount point does not exist.
mount: /sys/fs/cgroup/pids: mount point does not exist.
So I created a patch to fix this.
P.S.: although I can git clone the repo with ssh access, whenever I do a push I get:
error: remote unpack failed: unable to create temporary object directory
To ssh://git.hyperbola.info:51100/~git/software/chroot-nspawn.git
! [remote rejected] master -> master (unpacker error)
error: failed to push some refs to 'ssh://git.hyperbola.info:51100/~git/software/chroot-nspawn.git'
Do I have the permission to write in this repo? If not, I’d like it, as I’m planning to improve this great script
|
|
Software Development | General | Feature Request | Medium | Low | [Website] Rework for the onion-page | Unconfirmed | |
Task Description
As proposed in a separate thread (https://forums.hyperbola.info/viewtopic.php?id=573): The navigation-bar needs a rework when accessing the website about the onion-protocol.
|
|
Software Development | HyperBK | Implementation Request | Very High | Critical | Develop a BSD descendant kernel for HyperbolaBSD | In Progress | |
Task Description
Develop HyperBK (Hyper Berkeley Kernel), a BSD descendant kernel with GPL-compatible licenses preserved, non-compatible ones removed, and new code written under GPL-3 for HyperbolaBSD.
TODO:
Download OpenBSD kernel source code from OpenBSD site → DONE
Download LibertyBSD scripts to deblob and rebrand kernel from their scripts. → DONE
Remove files under non GPL-compatible licenses → DONE
Import code from another BSD systems under GPL-compatible licenses → IN PROGRESS
Write new code under GPL-3 → IN PROGRESS
PATCHING NOTE
When the check concerns kernel, we obviously want to match with HyperbolaBSD.
Example of triplet check: hyperbolabsd)
Example of uname -s check: HyperbolaBSD)
Example of uname -r check: 0.1)
Example of C macro check: defined(__HyperbolaBSD__)
|
|
Software Development | HyperTools | Implementation Request | Low | Low | [hypertools] create libretools replacement for Hyperbol... | Deferred | |
Task Description
Create hypertools to replace libretools package for HyperbolaBSD and GNU/Linux
It’s long period to develop this package. For now, a systemd-nspawn wrapper is being developed for “libretools”[0]
[0]:https://issues.hyperbola.info/index.php?do=details&task_id=86
|