profile
viewpoint

edenhill/kcat 3822

Generic command line non-JVM Apache Kafka producer and consumer

lldpd/lldpd 457

implementation of IEEE 802.1ab (LLDP)

felixr/docker-zsh-completion 252

zsh completion for docker

rgbkrk/libvirt-go 168

[DEPRECATED] Go bindings for libvirt

vincentbernat/awesome-configuration 125

My ~/.config/awesome directory

vincentbernat/bootstrap.c 69

Boilerplate for small C projects (autotools)

pyr/warp 27

simple controller for parallel script execution

vincentbernat/bootstrap.c-web 9

Boilerplate for small C projects (autotools) exporting a REST+SSE+WS API

vincentbernat/ansible-custom-module-examples 6

See https://vincent.bernat.ch/en/blog/2020-custom-ansible-module

pyr/warp-agent 3

simple agent for parallel script execution

issue commentnextdns/nextdns

nextdns upgrade hosed my install

Can you try with 1.37.3 instead?

petebocken

comment created time in 8 hours

push eventvincentbernat/nixops-take1

Vincent Bernat

commit sha f9e00f4dee9a62a20a3fe15654fd52b04b8abd72

nixops: upgrade to 21.11

view details

push time in 8 hours

issue commentnextdns/nextdns

nextdns upgrade hosed my install

  1. Fix your DNS by using nameserver 8.8.8.8 in /etc/resolv.conf
  2. wget https://github.com/nextdns/nextdns/releases/download/v1.37.4/nextdns_1.37.4_linux_armv6.deb
  3. dpkg -i nextdns_1.37.4_linux_armv6.deb
  4. nextdns install
petebocken

comment created time in 8 hours

issue commentnextdns/nextdns

nextdns upgrade hosed my install

Which Pi do you have? On Debian, armhf requires armv7 while on Raspbian it requires armv6. Sorry for that. It is fixed in #624. In the meantime, you can install the previous version: https://github.com/nextdns/nextdns/releases/download/v1.37.4/nextdns_1.37.4_linux_armv6.deb (download, then use dpkg -i to install). To be able to fix the issue you currently have, you may have to put nameserver 8.8.8.8 in /etc/resolv.conf.

petebocken

comment created time in 9 hours

PR opened nextdns/nextdns

github: fix mapping for Debian-like distributions

Debian says armhf is armv7 min, but Raspbian allows armv6. So, fix the mapping. Fix #623.

+2 -2

0 comment

1 changed file

pr created time in 9 hours

create barnchvincentbernat/nextdns

branch : fix/arm-deb

created branch time in 9 hours

issue commentlldpd/lldpd

NetBSD 9 reports "bridge0 is a bridge too big. Please, report the problem"

Would you be able to recompile with the following patch:

diff --git a/src/daemon/interfaces-bsd.c b/src/daemon/interfaces-bsd.c
index c8e466b0bf9b..8988857c45ad 100644
--- a/src/daemon/interfaces-bsd.c
+++ b/src/daemon/interfaces-bsd.c
@@ -72,7 +72,7 @@ ifbsd_check_bridge(struct lldpd *cfg,
     struct interfaces_device_list *interfaces,
     struct interfaces_device *master)
 {
-       struct ifbreq req[64];
+       struct ifbreq req[512];
        struct ifbifconf bifc = {
                .ifbic_len = sizeof(req),
                .ifbic_req = req

If it works, could you try this patch instead:

diff --git a/src/daemon/interfaces-bsd.c b/src/daemon/interfaces-bsd.c
index c8e466b0bf9b..d7079909735c 100644
--- a/src/daemon/interfaces-bsd.c
+++ b/src/daemon/interfaces-bsd.c
@@ -103,8 +103,8 @@ ifbsd_check_bridge(struct lldpd *cfg,
 #endif
        if (bifc.ifbic_len >= sizeof(req)) {
                log_warnx("interfaces",
-                   "%s is a bridge too big. Please, report the problem",
-                   master->name);
+                   "%s is a bridge too big (%zu). Please, report the problem",
+                   master->name, bifc.ifbic_len);
                return;
        }
        for (int i = 0; i < bifc.ifbic_len / sizeof(*req); i++) {
hfath

comment created time in 9 hours

startedchinhodado/persona5_calculator

started time in 12 hours

push eventvincentbernat/puppet-workstation

Vincent Bernat

commit sha 5b1d747c978f3357f2405afe3e0007c038456a53

system: ensure tlp is not installed on desktop systems It does too much magic stuff. Notably, by default, it enables WOL!

view details

Vincent Bernat

commit sha 82ae168717a2ac6fea7c72b5a6a2e5fcee49e19c

desktop: install anydesk

view details

Vincent Bernat

commit sha a3c488c0186fd96dca5104b0ad2b5a32990faf17

desktop: zoom permissions are now ok by default

view details

push time in a day

push eventvincentbernat/zshrc

Vincent Bernat

commit sha 452ca250e6aef850b6a854b58e9b0e7796b3f39d

alias: compatibility with older versions of Zsh The expansion flag A does not exist. And "z" does not return an array if there is only one word.

view details

push time in 2 days

PR closed nextdns/nextdns

Compile with Go 1.16.5

This version has been verified to work with several people. I am keeping this PR pristine if people want to get back to this version after testing a faulty version.

+3 -9

2 comments

3 changed files

vincentbernat

pr closed time in 2 days

pull request commentnextdns/nextdns

Compile with Go 1.16.5

No need for this one as #618 works.

vincentbernat

comment created time in 2 days

pull request commentnextdns/nextdns

Revert "Switch to go 1.17"

This one seems good enough until we figure the root cause. Let's merge it.

vincentbernat

comment created time in 2 days

push eventvincentbernat/zshrc

Vincent Bernat

commit sha e543bf8a45d3aae3e55a300d737255fac086e4de

alias: use a proper derivation for nix-shell

view details

push time in 2 days

push eventvincentbernat/i3wm-configuration

Vincent Bernat

commit sha a7ecfeea3680f8369f2b230e471709c494b1a63d

rofi: updated to 1.7.1

view details

push time in 3 days

push eventvincentbernat/zshrc

Vincent Bernat

commit sha 5e07f0f1fbebea4067344a430cf6604c54cbd32a

zshenv: do not put /tmp in PATH Our nix-shell does that because the expression is stored in /tmp.

view details

push time in 3 days

push eventvincentbernat/zshrc

Vincent Bernat

commit sha 9ee8c09802ab0574f08c28ef873cdd59e0e9ca00

zshenv: fix entry inside pure nix shell

view details

Vincent Bernat

commit sha 7acc328dc919e91c59b83052dd82137b486106cf

alias: also clean old pbuilder build directories

view details

push time in 3 days

issue commentnextdns/nextdns

wrong GOARCH detected

From Go documentation:

  • GOARM=5: use software floating point; when CPU doesn't have VFP co-processor
  • GOARM=6: use VFPv1 only; default if cross compiling; usually ARM11 or better cores (VFPv2 or better is also supported)
  • GOARM=7: use VFPv3; usually Cortex-A cores
Mile-Lile

comment created time in 3 days

push eventvincentbernat/i3wm-configuration

Vincent Bernat

commit sha 9902884c833135f9daed77c7467292cf5e5d0999

polybar: use a cat for CPU icon Nothing makes sense.

view details

Vincent Bernat

commit sha 1e5c2f2bda02f1705d88a5024fbf86bb3134c085

picom: don't blur rofi background

view details

Vincent Bernat

commit sha 68aa70ef618e261e5a93ba8fa72700ef1197cdc7

rofi: update for Rofi 1.7.1

view details

push time in 3 days

issue commentnextdns/nextdns

wrong GOARCH detected

That's expected. If you don't have "vfp" in the features, it fallbacks to arm5. vfp is SIMD (fpa is hardware floating point, maybe we should check that instead). You can override by prepending the install command by env FORCE_GOARCH=armv7. That's not recommended because your kernel will have to emulate the floating point operations.

Mile-Lile

comment created time in 3 days

push eventlldpd/lldpd

Vincent Bernat

commit sha f6f22f6fb1940672bfc3894c2f5893db82f714b3

build: simplify a bit default.nix

view details

Vincent Bernat

commit sha 848fc0c66397c1f2215c1f0ba116ad0ac05a509f

build: add git and check to default.nix

view details

Vincent Bernat

commit sha 13b873027d65725895b8d179525fbfdb22f1cd85

tests: fix compilation warning in marshalling test

view details

push time in 3 days

issue closedlldpd/lldpd

Missing SECCOMP rules

Missing SECCOMP rules

I am trying to use lldpd on gentoo Linux with glib 2.33 and Linux Kernel 5.14.21. With seccomp enabled the process does not start.

Steps to reproduce the problem

  1. Compile and install lldpd:
./autogen.sh 
./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --docdir=/usr/share/doc/lldpd-1.0.13 --htmldir=/usr/share/doc/lldpd-1.0.13/html --with-sysroot=/ --libdir=/usr/lib64 --without-embedded-libevent --with-privsep-user=lldpd --with-privsep-group=lldpd --with-privsep-chroot=/run/lldpd --with-lldpd-ctl-socket=/run/lldpd.socket --with-lldpd-pid-file=/run/lldpd.pid --disable-cdp --disable-doxygen-man --disable-doxygen-pdf --disable-doxygen-html --enable-dot1 --enable-dot3 --disable-edp --disable-fdp --disable-doxygen-dot --enable-lldpmed --disable-oldies --disable-sonmp --disable-static --with-readline --disable-sanitizers --with-seccomp --without-snmp --with-xml
make
make install
  1. Try to run lldpd:
$ strace -o /tmp/strace.txt /tmp/sbin/lldpd -d
2021-11-27T16:55:18 [INFO/main] unable to create control socket because it already exists
2021-11-27T16:55:18 [INFO/main] check if another instance is running
2021-11-27T16:55:18 [WARN/control] unable to connect to socket /run/lldpd.socket: Connection refused
2021-11-27T16:55:18 [INFO/main] old control socket is present, clean it
2021-11-27T16:55:18 [INFO/main] protocol LLDP enabled
2021-11-27T16:55:18 [INFO/event] libevent 2.1.12-stable initialized with epoll method
Bad system call
2021-11-27T16:55:18 [WARN/lldpctl] unable to get configuration from lldpd. A failure occurred during callback processing
2021-11-27T16:55:18 [INFO/lldpctl] an error occurred while executing last command
  1. Get information from strace log:
$ tail -n3 /tmp/blub.txt
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=02510476115, st_size=0, ...}, 0) = 262
--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x7fc01521e0aa, si_syscall=__NR_newfstatat, si_arch=AUDIT_ARCH_X86_64} ---
+++ killed by SIGSYS +++
  1. Retrying with seccomp rule for newfstatat patched in:
$ sudo strace -o /tmp/strace.txt /tmp/sbin/lldpd -d
2021-11-27T16:58:30 [INFO/main] unable to create control socket because it already exists
2021-11-27T16:58:30 [INFO/main] check if another instance is running
2021-11-27T16:58:30 [WARN/control] unable to connect to socket /run/lldpd.socket: Connection refused
2021-11-27T16:58:30 [INFO/main] old control socket is present, clean it
2021-11-27T16:58:30 [INFO/main] protocol LLDP enabled
2021-11-27T16:58:30 [INFO/event] libevent 2.1.12-stable initialized with epoll method
2021-11-27T16:58:30 [WARN/seccomp] invalid syscall attempted: pread64(17)
2021-11-27T16:58:30 [CRIT/seccomp] invalid syscall not allowed: stop here
1 bene@hulk /tmp/lldpd $ 2021-11-27T16:58:30 [WARN/lldpctl] unable to get configuration from lldpd. A failure occurred during callback processing
2021-11-27T16:58:30 [INFO/lldpctl] an error occurred while executing last command

Expected outcome

lldpd should start.

Current outcome

lldpd is not starting.

Additional information

  • Output of lldpd -vv: not possible
  • lldpd master branch from git
  • Built on gentoo Linux with glib 2.33, gcc 11.2.0 on Linux Kernel 5.14.21.
  • Output of ps -fp $(pgrep -d, -x lldpd): not possible
  • Output of uname -sro: Linux 5.14.21-gentoo GNU/Linux

Patch

The following patch fixes the issue for me:

From 7665a50c0444e630bb00e2c58d05bea659c50d1e Mon Sep 17 00:00:00 2001
From: Benedikt Neuffer <benedikt.neuffer@kit.edu>
Date: Sat, 27 Nov 2021 17:07:50 +0100
Subject: [PATCH] Linux: add missing SECCOMP rules

Signed-off-by: Benedikt Neuffer <benedikt.neuffer@kit.edu>
---
 src/daemon/priv-seccomp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c
index 6d2736a..5608c5f 100644
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -176,6 +176,8 @@ priv_seccomp_init(int remote, int child)
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendmmsg), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(gettimeofday), 0)) < 0 ||
+	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat), 0)) < 0 ||
+	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(pread64), 0)) < 0 ||
 	    /* The following are for resolving addresses */
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||
-- 
2.32.0

closed time in 3 days

ogelpre

issue commentlldpd/lldpd

Missing SECCOMP rules

Thanks for the patch! It happens from time to time. The way we use seccomp is not great. Fixed in e57bf5ea66a7.

ogelpre

comment created time in 3 days

push eventlldpd/lldpd

Benedikt Neuffer

commit sha e57bf5ea66a70ff87bba5c39c0e10c071b4af824

linux: add missing SECCOMP rules Signed-off-by: Benedikt Neuffer <benedikt.neuffer@kit.edu>

view details

push time in 3 days

push eventvincentbernat/zshrc

Vincent Bernat

commit sha d1a59208ac8e116fc8cb4b8d9d850e9e7749d398

alias: don't require zsh/regex Not available with zsh-static.

view details

push time in 3 days

pull request commentnextdns/nextdns

Revert "Switch to go 1.17"

If this snapshot fails for you, feel free to revert to the one in #620. I'll keep #620 unmodified from now on and will try to bisect the issue using #618. Currently, everyone reported that Go 1.16.5 works and @deman3417 reported that Go 1.16.10 fails. I am waiting for a second report to try Go 1.16.8. A lot of changes where introduced in 1.16.10, but picking 1.16.8 will reduce the number of tries is the problem is in a previous version.

vincentbernat

comment created time in 3 days

PR opened nextdns/nextdns

Compile with Go 1.16.5

This version has been verified to work with several people. I am keeping this PR pristine if people want to get back to this version after testing a faulty version.

+3 -9

0 comment

3 changed files

pr created time in 3 days

create barnchvincentbernat/nextdns

branch : fix/go-1.16-working

created branch time in 3 days

pull request commentnextdns/nextdns

Revert "Switch to go 1.17"

OK, only recently accessed tarballs are still in the cache. If you happen to want to rollback to the previous version, you can fetch it from here: https://github.com/nextdns/nextdns/actions/runs/1510763854 (the dist archive). I let another person confirm the problem appears with f535f8c while it did not happen with 9483d8b before reaching any conclusion.

vincentbernat

comment created time in 3 days

push eventvincentbernat/nextdns

Vincent Bernat

commit sha 6da13a4c12fcc32d04a10ca020824e7f25e83875

Temporarily disable static checks for Windows

view details

push time in 4 days

more