DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422024-02-04T14:36:07ZDuckCorp Projects
Redmine Bip - Enhancement #807 (New): Add IRCv3 capabilitieshttps://projects.duckcorp.org/issues/8072024-02-04T14:36:07ZLoïc Gomez
<p><a class="external" href="https://ircv3.net/specs/extensions/capability-negotiation.html">https://ircv3.net/specs/extensions/capability-negotiation.html</a></p> Bip - Bug #805 (New): bipmkpw fails compilation (sometimes only?)https://projects.duckcorp.org/issues/8052024-02-04T14:33:13ZLoïc Gomez
<p>While fixing bip/adding code, I've stumbled upon these but not all the time:<br /><pre>
/usr/bin/ld: libbip.a(libbip_a-bip.o):/home/loic/code/bip/src/bip.c:60: multiple definition of `conf_log_system'; bipmkpw-bipmkpw.o:/home/loic/code/bip/src/bipmkpw.c:28: first defined here
/usr/bin/ld: libbip.a(libbip_a-bip.o):/home/loic/code/bip/src/bip.c:43: multiple definition of `conf_log_level'; bipmkpw-bipmkpw.o:/home/loic/code/bip/src/bipmkpw.c:26: first defined here
/usr/bin/ld: libbip.a(libbip_a-bip.o):/home/loic/code/bip/src/bip.c:64: multiple definition of `conf_global_log_file'; bipmkpw-bipmkpw.o:/home/loic/code/bip/src/bipmkpw.c:27: first defined here
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:485: bipmkpw] Error 1
</pre></p> Bip - Bug #803 (New): /bip list connections/all_connections/all_links crashes biphttps://projects.duckcorp.org/issues/8032024-02-04T14:29:06ZLoïc Gomez
<p>In 9.4, listing connections, links crashes bip when there is a long line for on_connect_send option.<br />A fix is available.</p> Bip - Enhancement #801 (New): Update base64 codehttps://projects.duckcorp.org/issues/8012024-02-04T07:32:50ZLoïc Gomez
<p>We need to update the base64 code (and copyright)</p> Bip - Bug #793 (New): AC_PROG_LEX without either yywrap or noyywrap is obsoletehttps://projects.duckcorp.org/issues/7932024-02-02T16:48:56ZLoïc Gomez
<pre>
configure.ac:16: warning: AC_PROG_LEX without either yywrap or noyywrap is obsolete
./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
aclocal.m4:1072: AM_PROG_LEX is expanded from...
configure.ac:16: the top level
</pre> Bip - Bug #792 (New): Handle CAP request/reply on client connectionshttps://projects.duckcorp.org/issues/7922024-02-02T16:43:52ZLoïc Gomez
<p>Some clients will expect BIP to send a CAP reply on client connect.<br />For example, Goguma on Android will send something like this:<br /><pre>
02-02-2024 17:45:21 DEBUG: "CAP LS 302"
02-02-2024 17:45:21 DEBUG: "NICK kyoshiro"
02-02-2024 17:45:21 DEBUG: "USER kyoshiro 0 * kyoshiro"
02-02-2024 17:45:21 DEBUG: "CAP REQ sasl"
02-02-2024 17:45:21 DEBUG: "AUTHENTICATE PLAIN"
02-02-2024 17:45:21 DEBUG: "AUTHENTICATE REDACTED_B64"
02-02-2024 17:45:21 DEBUG: "CAP END"
</pre></p> DuckCorp Infrastructure - Bug #788 (New): needrestart should not restart ppp serviceshttps://projects.duckcorp.org/issues/7882024-01-08T12:29:54ZMarc Dequènesduck@duckcorp.org
<p>It causes the Internet connection to restart but that is not needed. Affects Elwing.</p> DuckCorp Infrastructure - Enhancement #787 (New): Add carddav/caldav SRV records on dc.ohttps://projects.duckcorp.org/issues/7872023-08-17T08:45:40ZMarc Dequènesduck@duckcorp.org
<p><a class="external" href="https://blog.fidelramos.net/software/nextcloud-caldav-carddav-dns">https://blog.fidelramos.net/software/nextcloud-caldav-carddav-dns</a></p> DuckCorp Infrastructure - Enhancement #786 (New): Check services still missing systemd confighttps://projects.duckcorp.org/issues/7862023-07-09T14:14:10ZMarc Dequènesduck@duckcorp.org
<p>This is not cosmetic, this usually causes bugs, like bad tracking fo the service state, no support for the READY notification etc.</p>
<p>We might also be able to remove some workarounds in Ansible.</p> DuckCorp Infrastructure - Enhancement #785 (New): Upgrade and cleanup custom logcheck filtershttps://projects.duckcorp.org/issues/7852023-07-09T14:11:45ZMarc Dequènesduck@duckcorp.org
<p>rsyslog now defaults to “high precision timestamps” and we need to update regexs in our custom filters. Many must be obsolete so let's reintroduce them wehn needed.</p>
<p>Currently the old filters are still installed but let's move them aside and readd rules with updated regex when needed.</p> DuckCorp Infrastructure - Enhancement #784 (New): Do we still need rsyslog?https://projects.duckcorp.org/issues/7842023-07-09T14:08:59ZMarc Dequènesduck@duckcorp.org
<p>Debian is moving towards systemd journals and removing rsyslogd is now possible. I don't think we need special features besides what journald provides so let's check if we can simplify things.</p>
<p>logcheck now supports using systemd but I think not all logs are read from there and I suspect some other services are not ready yet.</p> DuckCorp Infrastructure - Enhancement #773 (New): Investigate Kea usagehttps://projects.duckcorp.org/issues/7732022-06-26T11:59:48ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>ISC doesn't recommend <a href="https://www.isc.org/dhcp/" class="external">ISC DHCP</a> (for new project):</p>
<blockquote>
<p>We recommend that new implementers use Kea and implement ISC DHCP only if Kea does not meet their needs. The Kea distribution does not currently include either a client or a relay.</p>
</blockquote>
<p>The next Debian release provides a <a href="https://packages.debian.org/bookworm/kea" class="external">Kea package</a>.</p> DuckCorp Infrastructure - Bug #767 (New): mailman3-web internal errorhttps://projects.duckcorp.org/issues/7672022-03-27T19:49:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>I just tried to use mailmain3-web to remove my old email address from the the dc-admins list. I encountered an HTTP 500 (twice).<br /><pre>
ERROR 2022-03-27 21:43:42,082 1507813 postorius Mailman REST API not available
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.9/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib/python3.9/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.9/http/client.py", line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 532, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3/dist-packages/six.py", line 718, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.9/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib/python3.9/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.9/http/client.py", line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 107, in call
response = request(
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/contrib/auth/mixins.py", line 52, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/contrib/auth/mixins.py", line 109, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/postorius/views/generic.py", line 74, in dispatch
return super(MailingListView, self).dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 97, in dispatch
return handler(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 183, in post
return self._member_post(request, role)
File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 135, in _member_post
self.mailing_list.unsubscribe(member)
File "/usr/lib/python3/dist-packages/mailmanclient/restobjects/mailinglist.py", line 414, in unsubscribe
self._connection.call(path, method='DELETE')
File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 135, in call
raise MailmanConnectionError(
mailmanclient.restbase.connection.MailmanConnectionError: ('Could not connect to Mailman API: ', "ConnectionError(ProtocolError('Connection aborted.', RemoteDisconnected('Remote end closed connection without response')))")
ERROR 2022-03-27 21:43:42,091 1507813 django.request Service Unavailable: /postorius/lists/dc-admins.lists.duckcorp.org/members/member/
</pre></p> DuckCorp Infrastructure - Enhancement #745 (New): ban IPs that try to authenticate with a nonexis...https://projects.duckcorp.org/issues/7452021-11-24T14:03:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Fail2ban should block the following attemps:<br /><pre>
Nov 24 15:06:46 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:00 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:20 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:30 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:44 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:08:04 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
</pre></p>
<p>Some numbers in order to support the new filter (the oldest entry in the journal is 7 days old):<br /><pre>
root@Toushirou:~# # count all entries
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | wc -l
5032
root@Toushirou:~# # check the regex
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | sed -n 's/.*ldap([^,]\+,\([^,)]\+\)\(,<[^>]\+>\)\?):.*/\1/p' | sort | uniq -c | sort -nr | awk '{print $1}' | paste -sd+ | bc
5029
root@Toushirou:~# # display the most used IPs
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | sed -n 's/.*ldap([^,]\+,\([^,)]\+\)\(,<[^>]\+>\)\?):.*/\1/p' | sort | uniq -c | sort -nr | awk '{print $1}' | head -n 10
741
566
467
362
307
182
177
174
167
161
# There are 697 different IPs, the twenty most used produce 85% of the login failure.
</pre></p> Bip - Bug #431 (New): bip is leaking file descriptorshttps://projects.duckcorp.org/issues/4312015-01-15T02:01:19ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>fran wrote:</p>
<blockquote>
<p>bip is leaking file descriptors on my server, and the fix is pretty easy: on connection.c, on read_socket, whenever read returns <1 and errno is different to EAGAIN and EINTR, the socket MUST be closed <br />because read will not return 0 on the following iterations of select (cause it's not added to the read fd_set after that), plus after read failing with fatal error it keeps returning -1</p>
</blockquote>