Conversation
Notices
-
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:11:42 JST 
Hélène
the pleroma linux distribution (easiest way to release elixir/otp applications) -
Embed this notice
i seethe and (cope@eeeeeeeee.eu)'s status on Tuesday, 13-Sep-2022 21:14:52 JST 
i seethe and
@helene joe armstrong did indent erlang to be a bare metal OS, but like smalltalk, that never went anywhere
you might have luck using https://www.nerves-project.org/ 's elixir aware buildroot tooling to make a great isoHélène likes this. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:15:14 JST
Hélène
@cope yeah there's a lot of neat stuff in the BEAM, but the issue is native dependencies (in OTP or packages) making things quite difficult imo -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:16:18 JST
Hélène
@Maholmire at least 20 Linux distributions per machine, one per Electron application -
Embed this notice
Maholmire (maholmire@outerheaven.club)'s status on Tuesday, 13-Sep-2022 21:16:19 JST 
Maholmire
Do we really need anymore distributions, though? Hélène likes this. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:16:51 JST
Hélène
@lanodan current state is that they're a mess though, OpenSSL and the different libc really mess that up -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 21:16:52 JST 
Haelwenn /элвэн/ :triskell:
@helene Or make some packages, which was the whole point of OTP releases (but I guess people love pulling third-party binaries). -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:20:21 JST
Hélène
@a1ba @lanodan source can do that too, it's an Erlang/OTP feature -
Embed this notice
nya-a1ba (a1ba@expired.mentality.rip)'s status on Tuesday, 13-Sep-2022 21:20:22 JST 
nya-a1ba
@lanodan @helene or just don't and compile from source.
OTP has only one benefit, it somehow can connect elixir console to running pleroma. Other than that, it's only troubles. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:26:41 JST
Hélène
@hj @a1ba @lanodan I’ve done it for debugging
MIX_ENV=prod elixir --sname pleroma --cookie secret_cookie -S mix
iex --name console --remsh "pleroma@localhost" --cookie secret_cookie
-
Embed this notice
narcolepsy and alcoholism :flag: (hj@shigusegubu.club)'s status on Tuesday, 13-Sep-2022 21:26:42 JST 
narcolepsy and alcoholism :flag:
@helene @a1ba @lanodan we've been told the opposite... -
Embed this notice
nya-a1ba (a1ba@expired.mentality.rip)'s status on Tuesday, 13-Sep-2022 21:26:54 JST
nya-a1ba
@helene @lanodan I tried but haven't figured that out. :(
In OTP it's wrapped in shell scripts that gets some magical values from other shell scripts.Hélène likes this. -
Embed this notice
rru142 (rru142@blovice.bahnhof.cz)'s status on Tuesday, 13-Sep-2022 21:26:58 JST 
rru142
@helene @Maholmire
The reincarnatkion of one java runtime per "enterprise" managament application.
(yes, I look at you, blue underpants IBM...)Hélène likes this. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:27:59 JST
Hélène
@Maholmire i was joking don't worryb -
Embed this notice
Maholmire (maholmire@outerheaven.club)'s status on Tuesday, 13-Sep-2022 21:28:01 JST
Maholmire
Federation is a wonderful thing to have, but not at the expense of making everything convoluted.
I'unno, maybe it's just the Arch user in me speaking. But I don't think you really need a distribution to do one thing well when you can just fine-tune the one and have a better overall experience for your troubles.
¯\_(ツ)_/¯ -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:29:48 JST
Hélène
@lanodan I don't agree, and most people want something easy to update and install, and I'd prefer not to deal with outdated Elixir versions. I want Pleroma instances to be easy to setup, and that means having easy to install releases IMO. Most people still run Debian 10, not everyone's going to use Gentoo or anything else... (and Raspbian, too) -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 21:29:51 JST
Haelwenn /элвэн/ :triskell:
@helene To be honest I think we should pull it down, distributing binaries is a mistake. -
Embed this notice
Maholmire (maholmire@outerheaven.club)'s status on Tuesday, 13-Sep-2022 21:32:56 JST
Maholmire
I know, just find myself exasperated by the number of pointless distributions there are. Hélène likes this. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:45:03 JST
Hélène
@lanodan which is why full-static linking would be preferable, so we could have one-binary-runs-everywhere (the only thing that stays mostly consistent are the Linux syscalls, after all) -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 21:45:06 JST
Haelwenn /элвэн/ :triskell:
@helene I meant outside of packages.
Maybe a deb repository could be done, or just giving .deb packages instead of a basic tarball.
I've tried pushing for a proper recipe in the AUR, our OTP builds being for Alpine for the musl flavor and Debian and compatible for the glibc flavor.
We *can't* support distros with other release schedules like Arch, Void, Fedora (or even Ubuntu) via a single OTP build. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:52:13 JST
Hélène
@lanodan so we could just not use glibc then? musl is preferable anyway
and what's the problem with statically linking OpenSSL? if need really be, I'd remove that dependency from OTP in some form lol, I don't particularly like OpenSSL anyway
I still don't understand what the issue of having a 100% static build, it would work no matter the distro
for libnss there can be workarounds -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 21:52:15 JST
Haelwenn /элвэн/ :triskell:
@helene full-static *cannot* work with glibc, specially when stuff linked to nsswitch.conf like hostname resolution is used.
And a static-link with OpenSSL inside is a recipe for horror.
For musl well lol, there is basically just Alpine and Void in terms of distributions with binary packages (let's not try to support gentoo-musl with binaries). -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 21:59:30 JST
Hélène
@lanodan just how many of these would even concern us though, barely any
and even if that is so, I find it less problematic than dynamic linking and dealing with issues
paranoid people can run on source -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 21:59:32 JST
Haelwenn /элвэн/ :triskell:
@helene Static-linking OpenSSL (among other libs pulled by us and erlang) means that any security updates needs to be addressed.
And OpenSSL has a security issue on basically a monthly basis. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 22:07:49 JST
Hélène
@lanodan typical OpenSSL stuff but that just means a rebuild basically -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 22:07:50 JST
Haelwenn /элвэн/ :triskell:
@helene The latest OpenSSL vulnerability is literally a broken RSA implementation…
https://www.openssl.org/news/vulnerabilities.html -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 22:09:28 JST
Hélène
@lanodan isn't the issue the same for any distro though? or docker containers? and OpenSSL would still break ABIs anyway -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 22:11:21 JST
Haelwenn /элвэн/ :triskell:
@helene Yeah, meaning shipping a rebuild *just* for OTP users.
And that's just OpenSSL, full-static should mean watching all the vendored dependencies for similar kind of issues, effectively becoming a distro.
Feel free to try that but that's absolutely not a thing I would maintain.Hélène likes this. -
Embed this notice
Ukko (fake) (ukko@p.enes.lv)'s status on Tuesday, 13-Sep-2022 22:11:31 JST 
Ukko (fake)
@lanodan @helene Problem with dynamic linking is that every distro has different ideas on where libraries have to be, /lib, /usr/lib, /lib64, /usr/x86_64-linux-gnu/lib, /gnu/store/hudfsiuhfw4uhdfiushf4wf0h-openssl-1.4.3a/lib. Now you'll either have fun with RPATH, patchelf, vendoring the libraries (arguably worse than statically linking), or your official binary will support only one small family of distros.. or you could link statically.
In any case, if pleroma decides to go the static linking path, I just have the request of "pls don't force static linking on every person who wants to build it".Hélène likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 22:13:59 JST
Haelwenn /элвэн/ :triskell:
@helene OpenSSL does solib bumps on ABI breaks (ie. libcrypto.so.1.0 → libcrypto.so.1.1), so with a package manager it's goes fine without having to go with static-linking. Hélène likes this. -
Embed this notice
Ukko (fake) (ukko@p.enes.lv)'s status on Tuesday, 13-Sep-2022 22:29:29 JST
Ukko (fake)
>special snowflakes that are GuixSD and NixOS
Shit I've been found out
*hisses as steam exfumes from me, few moments later there's nothing but a wet puddle on the ground*Hélène likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 22:29:32 JST
Haelwenn /элвэн/ :triskell:
@ukko @helene Dynamic linking usually doesn't have that problem at all, see ld.so.conf
It just does for the special snowflakes that are GuixSD and NixOS, it's their problem, they fix it, and in the case of NixOS they more or less did via packaging.
> pls don't force static linking on every person who wants to build it
Shouldn't even need to be said, static-linking on the current state of package builders is quite shooting yourself in the foot. -
Embed this notice
Ukko (fake) (ukko@p.enes.lv)'s status on Tuesday, 13-Sep-2022 22:35:10 JST
Ukko (fake)
@lanodan @helene couldn't it be as simple as just having a nightly build that includes pulling newest versions for all deps? I don't think pleroma has any sort of automatic update checking anyways so doesn't even matter if there's some timestamp making it non-reproducible Hélène likes this. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Tuesday, 13-Sep-2022 22:43:06 JST
Hélène
@lanodan @ukko pretty sure Fedora has OpenSSL 3 -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 22:43:07 JST
Haelwenn /элвэн/ :triskell:
@ukko @helene Yeah, let's ask Debian 10 to have OpenSSL 3 (OpenSSL being an erlang dependency) just because of Arch.
(I'm pointing at Arch because it's probably still the only one with OpenSSL 3 not being stuck to experimental) -
Embed this notice
Ukko (fake) (ukko@p.enes.lv)'s status on Tuesday, 13-Sep-2022 23:04:22 JST
Ukko (fake)
@lanodan @helene And that's why it'd be linked statically Hélène likes this. -
Embed this notice
Ukko (fake) (ukko@p.enes.lv)'s status on Tuesday, 13-Sep-2022 23:14:49 JST
Ukko (fake)
@lanodan @helene Keeping what up-to-date exactly?
The build server can just spin up an unstable Debian container for the nightly build job. (Let's ignore getting a statically linked OTP and everything for now.)
The end-user would run the normal pleroma_ctl update.
And if you're building it from source you'd probably not care about statically linking everything and instead would just build it to dynamically link to whatever your system has anyways.Hélène likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 13-Sep-2022 23:14:51 JST
Haelwenn /элвэн/ :triskell:
@ukko @helene Ah well… meaning that then we need to have half a package manager just to keep it up-to-date.
-
Embed this notice
All GNU social JP content and data are available under the