Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Sep 23 23:22

    dependabot[bot] on pip

    (compare)

  • Sep 23 23:22
    dependabot[bot] closed #549
  • Sep 23 23:22
    dependabot[bot] commented #549
  • Sep 23 23:22
    dependabot[bot] labeled #559
  • Sep 23 23:22
    dependabot[bot] opened #559
  • Sep 23 23:22

    dependabot[bot] on pip

    Bump ansible from 2.8.8 to 4.2.… (compare)

  • Sep 20 19:38

    YanChii on master

    update prompt-config printing (compare)

  • Sep 08 08:13
    YanChii labeled #558
  • Sep 08 08:13
    YanChii labeled #558
  • Sep 08 08:13
    YanChii opened #558
  • Sep 07 23:55
    dependabot[bot] review_requested #557
  • Sep 07 23:55

    dependabot[bot] on pip

    (compare)

  • Sep 07 23:55
    dependabot[bot] closed #545
  • Sep 07 23:55
    dependabot[bot] commented #545
  • Sep 07 23:55
    dependabot[bot] labeled #557
  • Sep 07 23:55
    dependabot[bot] opened #557
  • Sep 07 23:55

    dependabot[bot] on pip

    Bump pillow from 4.2.0 to 8.3.2… (compare)

  • Sep 02 21:34
    n1ete synchronize #148
  • Sep 02 21:29
    n1ete synchronize #148
  • Sep 02 21:22
    n1ete synchronize #148
FilipFrancis
@FilipFrancis
but that does not work
yanchii
@yanchii:matrix.org
[m]
i recommend creating a key outside and just import it into the sandbox
FilipFrancis
@FilipFrancis
tried that and i can see the key in the sandbox
but it always complains about a secret key
so no way to sign for the moment
yanchii
@yanchii:matrix.org
[m]
did you import also the secret key?
FilipFrancis
@FilipFrancis
yes i think so
outside the sandbox i can see the secret key
but inside the sandbox it gives me the following error
gpg2 --list-secret-keys
gpg: NOTE: trustdb not writable
yanchii
@yanchii:matrix.org
[m]
try adding
--no-default-keyring --keyring /opt/local/etc/gnupg/pkgsrc.gpg
FilipFrancis
@FilipFrancis
in the sandbox?
yanchii
@yanchii:matrix.org
[m]
yes
and also with the private key import command
FilipFrancis
@FilipFrancis
hmm not much is happening
gpg2 --no-default-keyring --keyring /opt/local/etc/gnupg/pkgsrc.gpg
gpg: Go ahead and type your message ...
still waiting
yanchii
@yanchii:matrix.org
[m]
I don't remember exactly… it was always pain to setup it… so I try to avoid doing it by keeping the same env running as long as possible
FilipFrancis
@FilipFrancis
yeah i guess man this is a pain in the ....
yanchii
@yanchii:matrix.org
[m]
you miss the subcommand there
gpg --list-secret-keys --no-default-keyring --keyring /opt/local/etc/gnupg/pkgsrc.gpg
FilipFrancis
@FilipFrancis
getting the same error with trustdb
gpg --list-secret-keys --no-default-keyring --keyring /opt/local/etc/gnupg/pkgsrc.gpg
yanchii
@yanchii:matrix.org
[m]
gpg --no-default-keyring --keyring /opt/local/etc/gnupg/pkgsrc.gpg --import secretkey.asc
not sure what's going on
FilipFrancis
@FilipFrancis
gpg2 --list-secret-keys --no-default-keyring --keyring /opt/local/etc/gnupg/pkgsrc.gpg
gpg: NOTE: trustdb not writable
yanchii
@yanchii:matrix.org
[m]
and is the pkgsrc.gpg or /root dir really writable?
FilipFrancis
@FilipFrancis
no i checked and that is not writable
and tried to run sandbox with that /root/.gpg as RW then it does not boot the sandbox
but running outside the sandbox i see the keys and secrets
yanchii
@yanchii:matrix.org
[m]
for some reason you have gpg2 command and I have only gpg
either something has changed since I did it last time or there's something wrong
FilipFrancis
@FilipFrancis
the doc of Joyent was using gpg2
so did everything in gpg2
but even with gpg it still gives me the same error
tried both
yanchii
@yanchii:matrix.org
[m]
ok, now I'm officially out of ideas. Maybe try to start over with older zone. Last zone I've set up from scratch was 2018Q4 (official smartos compile image).
FilipFrancis
@FilipFrancis
k will try tomorrow need to do some other stuff now
thanks
yanchii
@yanchii:matrix.org
[m]
after that I've just updated git and pkgsrc bootstrap
klebed
@klebed:matrix.org
[m]

After moving to dns02 when dns01 died with the server, I realized that my dns01 had some custom settings, which I have to reproduce. I have 2 public bind9 servers which serve all my zones to the public. I've just made pdns to forcefully notify them both of all changes and allow them to query axfr after that. It's simple and versatile way to spread all zones to own nameservers. Maybe it's worth making configurrable options in DC for allow-axfr-ips, also-notify. And also I had to change db connection to the vIPб because by defail it was pointed to mgmt01.

So bringing up dns02 machine isn't just setting metadata and run from image though. =)

BTW, yanchii , What I have to change if I swapping the motherboard? Only change MAC addresses in /usbkey/config ?
yanchii
@yanchii:matrix.org
[m]
yes, that should be all
yanchii
@yanchii:matrix.org
[m]
you're probably lucky… I've implemented zone transfers in latest DC version :)
https://docs.danube.cloud/user-guide/gui/datacenters/dns.html#external-zone-transfers
infinity202
@infinity202
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
I won't say Danube cloud / SmartOS is more secure, but the above news surely gives us back some credits for not using the manstream VM providers 🤭
Jan Poctavek
@YanChii
nice zero day :)
Solaris had very good security… AFAIK no break out of the zone was ever discovered
Jan Poctavek
@YanChii
but there certainly are some possible attack vectors (e.g. metadata daemon running in GZ connectable from every VM, vxlans open kernel port, no ipsec2… and DC GUI on top of it)