DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422022-08-28T14:08:34ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Bug #779 (Resolved): Upgrade NextCloud (from 23.0.8 to 24.0.4)https://projects.duckcorp.org/issues/7792022-08-28T14:08:34ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Upgrade instructions: <code>toushirou</code>@<code>/srv/www/sites/stuff.milkypond.org/README.Duck</code>.</p>
<pre>
2022-08-28T15:34:59+00:00 Disabled incompatible app: breezedark
2022-08-28T15:34:59+00:00 Disabled incompatible app: end_to_end_encryption
2022-08-28T15:34:59+00:00 Disabled incompatible app: epubreader
2022-08-28T15:34:59+00:00 Disabled incompatible app: spreed
2022-08-28T15:34:59+00:00 Disabled incompatible app: twofactor_admin
2022-08-28T15:34:59+00:00 Disabled incompatible app: weather
</pre>
Supported apps:
<ul>
<li><a href="https://apps.nextcloud.com/apps/end_to_end_encryption" class="external">end_to_end_encryption</a></li>
<li><a href="https://apps.nextcloud.com/apps/breezedark" class="external">breezedark</a></li>
<li><a href="https://apps.nextcloud.com/apps/spreed" class="external">spreed</a></li>
</ul>
Unsupported/Unmaintained apps:
<ul>
<li>weather (disabled): <a class="external" href="https://github.com/nextcloud/weather/issues/102">https://github.com/nextcloud/weather/issues/102</a></li>
<li>twofactor_admin (enabled but the <code>occ</code> command <code> twofactorauth:admin:generate-code</code> doesn't appears ?): <a class="external" href="https://github.com/ChristophWurst/twofactor_admin/issues/229">https://github.com/ChristophWurst/twofactor_admin/issues/229</a></li>
</ul>
Patch applied:
<ul>
<li>epubreader: <a class="external" href="https://github.com/e-alfred/epubreader/issues/44">https://github.com/e-alfred/epubreader/issues/44</a> (patch attached)</li>
</ul> DuckCorp Infrastructure - Bug #778 (Resolved): Upgrade NextCloud (from 23.0.7 to 23.0.8)https://projects.duckcorp.org/issues/7782022-08-28T12:36:32ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Upgrade instructions: <code>toushirou</code>@<code>/srv/www/sites/stuff.milkypond.org/README.Duck</code>.</p> DuckCorp Infrastructure - Bug #776 (Resolved): Users are unable to register to projects.duckcorp.orghttps://projects.duckcorp.org/issues/7762022-07-10T10:42:55ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>There is an issue related to the captcha:<br /><pre>
Oops, we failed to validate your reCAPTCHA response. Please try again.
</pre><br />I tried with firefox and chromium.</p>
<p><code>/var/log/redmine/dc/production.log</code> from the <code>redmine</code> LXC container:<br /><pre>
Started POST "/account/register" for 185.238.6.46 at 2022-07-10 12:53:52 +0000
Processing by AccountController#register as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[REDACTED]", "user"=>{"login"=>"pilou_test", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "firstname"=>"pilou", "lastname"=>"pilou_test", "mail"=>"pilou_test@ir5.eu", "language"=>"fr"}, "g-recaptcha-response"=>"[REDACTED]", "commit"=>"Soumettre"}
Current user: anonymous
Rendering plugins/recaptcha/app/views/account/register.html.erb within layouts/base
Rendered plugins/recaptcha/app/views/account/register.html.erb within layouts/base (8.8ms)
Completed 200 OK in 3022ms (Views: 14.7ms | ActiveRecord: 1.4ms)
</pre></p> DuckCorp Infrastructure - Bug #746 (Rejected): unexpected restart of Toushirou hosthttps://projects.duckcorp.org/issues/7462021-12-13T14:16:57ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Today Toushirou was restarted unexpectedly. It seems that this restart wasn't due a command.</p>
<p>The server was restarted after <code>Dec 13 10:07:03</code> (UTC+1). I unlocked the encrypted encryption around 13h15 (UTC+1).</p>
<p><code>syslog</code> contains:<br /><pre>
Dec 13 10:06:52 Toushirou postfix/smtpd[1353160]: disconnect from <redacted> ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Dec 13 10:07:03 Toushirou stunnel: LOG5[8632]: Connection closed: 182 byte(s) sent to TLS, 20 byte(s) sent to socket
@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
[...]
@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Dec 13 13:18:38 Toushirou systemd-udevd[631]: Using default interface naming scheme 'v247'.
Dec 13 13:18:38 Toushirou systemd-udevd[630]: Using default interface naming scheme 'v247'.
Dec 13 13:18:38 Toushirou lvm[578]: 3 logical volume(s) in volume group "extra" monitored
</pre></p>
<p>The filesystem journals were recovered:<br /><pre>
Dec 13 13:18:38 Toushirou systemd-fsck[791]: /dev/md0 was not cleanly unmounted, check forced.
Dec 13 13:18:38 Toushirou systemd-fsck[790]: /dev/mapper/main-ldap: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[790]: /dev/mapper/main-ldap: clean, 14/23616 files, 9468/94208 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-ldap.
Dec 13 13:18:38 Toushirou systemd-fsck[787]: /dev/mapper/main-ftp: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[787]: /dev/mapper/main-ftp: clean, 1042/1966080 files, 4094072/7864320 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-ftp.
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: Clearing orphaned inode 524490 (uid=0, gid=4, mode=0100640, size=186)
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: Clearing orphaned inode 525136 (uid=0, gid=4, mode=0100640, size=2261619)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: clean, 3025/915712 files, 701679/3661824 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-logs.
Dec 13 13:18:38 Toushirou systemd-fsck[797]: /dev/mapper/main-mysql: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[797]: /dev/mapper/main-mysql: clean, 1706/305216 files, 302945/1220608 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-mysql.
Dec 13 13:18:38 Toushirou systemd-fsck[801]: /dev/mapper/main-projects: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[801]: /dev/mapper/main-projects: clean, 15384/977280 files, 2501362/3932160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-projects.
Dec 13 13:18:38 Toushirou systemd-fsck[805]: /dev/mapper/main-stuffcloud: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[805]: /dev/mapper/main-stuffcloud: clean, 184647/8519680 files, 22560629/34078720 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-stuffcloud.
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: Clearing orphaned inode 136445 (uid=0, gid=0, mode=0100664, size=11567160)
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: Clearing orphaned inode 136045 (uid=0, gid=0, mode=0100664, size=9253600)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: clean, 43941/305216 files, 677459/1220608 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-var.
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: Clearing orphaned inode 20 (uid=0, gid=0, mode=0100666, size=0)
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: Clearing orphaned inode 50 (uid=128, gid=136, mode=0100600, size=0)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: clean, 3380/121920 files, 20791/487424 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-tmp.
Dec 13 13:18:38 Toushirou systemd-fsck[814]: /dev/mapper/main-vcs: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[814]: /dev/mapper/main-vcs: clean, 62639/183264 files, 334140/732160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-vcs.
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: Clearing orphaned inode 1314229 (uid=5111, gid=5111, mode=0100600, size=2543956)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: clean, 38189/1966080 files, 3862291/7864320 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-vmail.
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/extra-lxd.
Dec 13 13:18:38 Toushirou systemd-fsck[827]: /dev/mapper/extra-home: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[827]: /dev/mapper/extra-home: clean, 576437/19660800 files, 60022856/78643200 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/extra-home.
Dec 13 13:18:38 Toushirou systemd-fsck[791]: /dev/md0: 348/64000 files (23.9% non-contiguous), 63264/255936 blocks
Dec 13 13:18:38 Toushirou systemd-fsck[819]: /dev/mapper/main-www: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[819]: /dev/mapper/main-www: clean, 417149/9175040 files, 7579187/36700160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-www.
</pre></p>
<p>Thanks to GuiHome and Victor for letting me know that the NextCloud service was unavailable.</p>
<p>Once the server has been restarted there was an error with the hivane network link. Hence some service were unavailable. The nerim link worked. <br /><pre>
root@Toushirou:~# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● apache2.service loaded failed failed The Apache HTTP Server
● ifup@eth\x2dwan\x2dhivane.service loaded failed failed ifup for eth-wan-hivane
● matrix-appservice-irc.service loaded failed failed Matrix AppService IRC
● networking.service loaded failed failed Raise network interfaces
</pre></p>
<pre>
root@Toushirou:~# ifdown --force eth-wan-hivane
RTNETLINK answers: Cannot assign requested address
RTNETLINK answers: Cannot assign requested address
root@Toushirou:~# ifup --force eth-wan-hivane
Waiting for DAD... Timed out
ifup: failed to bring up eth-wan-hivane
</pre>
<p>I remember the timed out issue occurred when the last time the server was moved from a rack to another. I tried the <code>ifdown</code>/<code>ifup</code> commands several times (until the <code>Timed out</code> disappeared).</p>
<p>The logs show that the timed out issue occurred at boot:<br /><pre>
Dec 13 13:18:45 Toushirou sh[1562]: Waiting for DAD... Timed out
Dec 13 13:18:45 Toushirou sh[1496]: ifup: failed to bring up eth-wan-hivane
</pre></p>
<p>Next I restarted <code>apache2.service</code> and <code>matrix-appservice-irc.service</code>, then I updated <code>/lib/systemd/system/lxd.socket</code> in order to fix a typo:<br /><pre>Dec 13 15:48:22 Toushirou systemd[1]: /lib/systemd/system/lxd.socket:8: Unit must be of type service, ignoring: lxd.servcie
</pre><br />After that i ran <code>systemctl daemon-reload</code> and <code>lxc list</code> then the redmine LXC container restarted.</p>
<p>At this time I tried to create this issue using redmine:https://projects.duckcorp.org/ but an issue occurred after i tried to authenticate: the redmine web interface showed an error: <code>"Cannot assign requested address - connect(2) for [2001:67c:1740:9001::c1c8:2ab1]:636"</code>.</p>
<p>The restart of the <code>slapd</code> service (which was listening on IPv6 but not IPv4) fixed this issue.</p> DuckCorp Infrastructure - Bug #727 (Resolved): Websites using ProxyPass directives fail with HTTP...https://projects.duckcorp.org/issues/7272021-07-08T22:46:21ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>On Orfeo, <code>/var/log/apache2/lists.duckcorp.org_ssl_error.log</code> contains:</p>
<pre>
[Fri Jul 09 00:44:01.802174 2021] [authz_core:error] [pid 14299:tid 140662990157568] [client <redacted>:1114] AH01627: AuthType configured with no corresponding authorization directives
</pre>
Same issue with other websites:
<ul>
<li><a class="external" href="https://shizuka-orfeo.duckcorp.org">https://shizuka-orfeo.duckcorp.org</a> (hosted on Orfeo)</li>
<li><a class="external" href="https://irconweb.milkypond.org">https://irconweb.milkypond.org</a> (hosted on Toushirou)</li>
</ul>
<p>It looks like the error occurs since <code>Wed Jun 30 2021</code>.</p> DuckCorp Infrastructure - Review #681 (Resolved): Undefined attribute: mda_usergrouphttps://projects.duckcorp.org/issues/6812019-10-09T10:18:46ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Fix the following error:</p>
<pre>
$ ansible-playbook playbooks/tenants/duckcorp/security.yml -u root
TASK [dc-antivirus : ClamAV Setup -- Connection Type] ***********************************************************************************************************************
fatal: [Orfeo]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'mda_usergroup'\n\nThe error appears to be in '/srv/share/src/duckcorp/duckcorp-infra.git/ansible/roles/dc-antivirus/tasks/main.yml': line 21, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n notify: Reconfigure ClamAV\n- name: ClamAV Setup -- Connection Type\n ^ here\n"}
</pre> DuckCorp Infrastructure - Bug #669 (Resolved): WARNING: Ignoring deprecated option DetectBrokenEx...https://projects.duckcorp.org/issues/6692019-08-24T09:51:43ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>This warning is received on dc-admins mailing list every hour:<br /><pre>
[DC-Admins] Cron <clamav@Toushirou> [ -x /usr/sbin/clamav-unofficial-sigs ] && /usr/sbin/clamav-unofficial-sigs
WARNING: Ignoring deprecated option DetectBrokenExecutables at /etc/clamav/clamd.conf:40
</pre></p> DuckCorp Infrastructure - Bug #659 (Resolved): Toushirou: unable to decrypt root partition at boothttps://projects.duckcorp.org/issues/6592019-07-15T23:53:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Network interface name in initramfs configuration was wrong.</p>
<p>Closed by <a class="changeset" title="Toushirou: fix initramfs iface name This update has been successfully tested and is already appl..." href="https://projects.duckcorp.org/projects/dc-admin/repository/duckcorp-infra/revisions/4278dccfa464a6897d43762720285b4e3a20dd82">4278dccfa464a6897d43762720285b4e3a20dd82</a></p> DuckCorp Infrastructure - Review #634 (Resolved): tt-rss Ansibilize logrotate configurationhttps://projects.duckcorp.org/issues/6342018-09-09T23:35:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>And fix this error:</p>
<pre>
error: skipping "/var/log/tt-rss/tt-rss.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
</pre> DuckCorp Infrastructure - Review #560 (Resolved): Use deb.debian.org in sources.listhttps://projects.duckcorp.org/issues/5602017-06-19T11:49:02ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Branch <code>use_deb.debian.org</code> allows to use <code>deb.debian.org</code> in sources.list.</p> UFWI - Enhancement #396 (New): Use git instead of svn to do configuration versionninghttps://projects.duckcorp.org/issues/3962014-11-25T22:33:05ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Added by Laurent Defert</p> Bip - Bug #262 (In Progress): using ircnet bip crashes if a channel has two nicks different only ...https://projects.duckcorp.org/issues/2622011-11-13T15:30:32ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>nitram reported:<br /><pre>
as soon as i join a channel that has the nicks "~mc" and "mc" on ircnet bip crashes with "11-11-2011 15:55:44 FATAL: Element with key mc already in hash b9495ce0
</pre></p>
<p>I found two problems:</p>
<p><strong>First</strong>, in <code>irc_353</code> function ( <a class="source" href="https://projects.duckcorp.org/projects/bip/repository/bip/revisions/a46b8bd2/entry/src/irc.c#L1362">source:src/irc.c@a46b8bd2#L1362</a> ) we discard '~' character when storing operator/voice mask foreach nickname. For example if the irc server send<br /><code>'ircnet.optilian.net' ':ircnet.optilian.net 353 pilou = #plopplopplop :pilou ~lolll219 lolll219 '</code> (user <code>pilou</code> joining <code>ircnet.optilian.net</code> where tho users <code>~lolll219</code> <code>lolll219</code> are here)<br />we store operator/voice mask of <code>lolll219</code> twice (once for <code>~lolll219</code> and another for <code>lolll219</code>).</p>
<p>This lead to many errors:</p>
<ul>
<li>if either <code>lolll219</code> or <code>~lolll219</code> have a not empty operator/voice mask, then problem reported by nitram appears: the second <code>hash_insert</code> fails.</li>
</ul>
<ul>
<li>when <code>~lolll219</code> or <code>lolll219</code> send irc <code>part</code> command, <code>irc_part</code> function ( <a class="source" href="https://projects.duckcorp.org/projects/bip/repository/bip/revisions/a46b8bd2/entry/src/irc.c#L1498">source:src/irc.c@a46b8bd2#L1498</a> ) encounters problem.<br />If <code>~lolll219</code> quit then his operator/voice mask can not be found (it was not stored) and then <code>irc_part</code> return <code>ERR_PROTOCOL</code>:<br /><pre>
13-11-2011 14:38:22 ERROR: [ircnet] Error in protocol, closing...
13-11-2011 14:38:22 ERROR: [ircnet] reconnecting in 0 seconds
</pre></li>
</ul>
<ul>
<li>If <code>lolll219</code> quit then an assertion fails, indeed the <code>lolll219</code> key is present twice in the operator/voice mask hash:<br /><pre>
13-11-2011 14:37:29 FATAL: 80b3288 appears twice in list
</pre></li>
</ul>
<p><strong>Second</strong> problem: it should not be possible to store two identical key in one hash. <code>list_remove_if_exists</code> function ( <a class="source" href="https://projects.duckcorp.org/projects/bip/repository/bip/revisions/a46b8bd2/entry/src/util.c#L370">source:src/util.c@a46b8bd2#L370</a> ) - called by <code>irc_part</code> - verify this assertion and the assertion fails.</p>
<p>Currently insertion of two identical keys occurs because instead of checking if the hash contains already an identical key, we check if the value corresponding to this key is NULL or not ( <a class="source" href="https://projects.duckcorp.org/projects/bip/repository/bip/revisions/a46b8bd2/entry/src/util.c#L566">source:src/util.c@a46b8bd2#L566</a> ):</p>
<pre>
void hash_insert(hash_t *hash, const char *key, void *ptr)
[...]
if (hash_get(hash, key))
fatal("Element with key %s already in hash %x\n", key, hash);
</pre>
<p>So it's possible to store many identical key associated to 0/NULL value.</p>
<p>And the associated value for the key in operator/voice mask hash can be 0/NULL:<br /><pre>
long int ovmask = 0;
[...]
hash_insert(&channel->ovmasks, nick, (void *)ovmask);
</pre></p> Bip - Bug #212 (Resolved): When global option log is disabled, query are not backloggedhttps://projects.duckcorp.org/issues/2122011-04-07T00:55:25ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="How-to-reproduce"></a>
<h3 >How to reproduce<a href="#How-to-reproduce" class="wiki-anchor">¶</a></h3>
<ol>
<li>set 'log' option to 'false' in bip.conf</li>
<li>(re)start bip, don't connect any client to bip</li>
<li>send a message with another user in a channel where bip is here</li>
<li>send a private message to bip user with another user</li>
<li>connect a client to bip</li>
<li>message in channel is backlogged</li>
<li>private message is not backlogged only "End of backlog" is displayed</li>
</ol> Bip - Bug #192 (Feedback): using "hide ping pong event" in mIRC doesn't work with biphttps://projects.duckcorp.org/issues/1922011-02-09T18:10:25ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Reported by DoDzy, thank to him !<br /><pre>
i still get [10:35] * PONG from oftc <
it used to work when i was using psybnc
nvm, after all it is my client misbehaving
"If mIRC sends a PING with a parameter, it expects a PONG response with that parameter. This
is meant to be standard PING/PONG behaviour. If your bouncer is intercepting the message and
is not replying correctly, then mIRC will not work."
</pre></p> MyCyma - Cosmetic #3 (Rejected): Upper case acute accent is not correctly displayedhttps://projects.duckcorp.org/issues/32008-11-23T21:32:53ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>In Admin UI, see attached file.</p>