alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2020-01-24T12:32:22Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11158Please remove XChat2020-01-24T12:32:22ZSadie PowellPlease remove XChatXChat has not had a release in a decade and has had no SVN changes since 2013.
XChat also has several unfixed security issues including but not limited to CVE-2013-7449 and CVE-2011-5129. Additionally, it only supports SSLv3 (no TLSv1+)...XChat has not had a release in a decade and has had no SVN changes since 2013.
XChat also has several unfixed security issues including but not limited to CVE-2013-7449 and CVE-2011-5129. Additionally, it only supports SSLv3 (no TLSv1+) which is disabled by modern IRC servers so it can not be used securely and has a bug which prevents it from reading messages sent by the current stable branch of InspIRCd.
A fork of XChat called HexChat exists and is already packaged. Most distributions have switched to this already.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10670Package signatures should not use SHA-12022-12-22T12:32:16ZReid RankinPackage signatures should not use SHA-1While investigating the APK format, I've realized that the signatures on packages are still done using SHA-1. This is odd, because the signature is over control.tar.gz -- which is bound to data.tar.gz using a SHA-256 hash. In any case, n...While investigating the APK format, I've realized that the signatures on packages are still done using SHA-1. This is odd, because the signature is over control.tar.gz -- which is bound to data.tar.gz using a SHA-256 hash. In any case, now that relatively inexpensive SHA-1 preimage attacks are publically known, we should move to eliminate the use of SHA-1 quickly.
While apk-tools/src/package.c seems to indicate some support for checking "RSA256" signatures, abuild will never make them, and I'm suspicious of apk_sign_ctx_init's seemingly exclusive use of SHA-1. And while we're at it, the APK-TOOLS.checksum.SHA1 tar attribute should probably be replaced (or augmented) with a SHA256 version. (Pretty sure this is just a change at abuild/abuild-tar:383)v3.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/11122sudo: setrlimit(RLIMIT_CORE): operation not permitted2021-04-18T15:40:36ZKevin Daudtsudo: setrlimit(RLIMIT_CORE): operation not permittedsudo, since version 1.8.29 started to emit an error when running it, though it still works:
```sh
$ sudo true
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
```
This error is not Alpine Linux related, other distros have the is...sudo, since version 1.8.29 started to emit an error when running it, though it still works:
```sh
$ sudo true
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
```
This error is not Alpine Linux related, other distros have the issue as well:
https://bugzilla.redhat.com/show_bug.cgi?id=1773148
One possible workaround suggested is to add the following to `/etc/sudoers.conf`:
```
Set disable_coredump false
```
Though I'm not sure what the implications of this are.Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10983feature request: enable busybox script and scriptreplay2023-03-04T21:58:56ZRyan Campofeature request: enable busybox script and scriptreplayI would like to use script and scriptreplay without having to install the full util-linux pkg. Would it be ok to enable these options in busybox?
```
# CONFIG_SCRIPT is not set
# CONFIG_SCRIPTREPLAY is not set
```I would like to use script and scriptreplay without having to install the full util-linux pkg. Would it be ok to enable these options in busybox?
```
# CONFIG_SCRIPT is not set
# CONFIG_SCRIPTREPLAY is not set
```Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10914Issue using gdal=2.4.0-r42020-05-27T16:20:38ZUdbhav GuptaIssue using gdal=2.4.0-r4I've started getting: `Error relocating /usr/lib/libgdal.so.20: _ZNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEC1Ev: symbol not found` when using the gdal library (by invoking `gdalinfo` for example)
This happened after upg...I've started getting: `Error relocating /usr/lib/libgdal.so.20: _ZNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEC1Ev: symbol not found` when using the gdal library (by invoking `gdalinfo` for example)
This happened after upgrading to `2.4.0-r4` from `2.4.0-r3`, so I'm guessing it might be related to https://gitlab.alpinelinux.org/alpine/aports/commit/99982b7dde8f6e09281daa6cf30a3594ca421936https://gitlab.alpinelinux.org/alpine/aports/-/issues/10861modprobe returns message: can't change directory to '/lib/modules' on docker ...2019-10-11T18:57:56ZF1 Outsourcing Developmentmodprobe returns message: can't change directory to '/lib/modules' on docker imagebash-5.0# modprobe
modprobe: can't change directory to '/lib/modules': No such file or directory
bash-5.0# uname -a
Linux 75359ae0b2dd 3.10.0-1062.1.2.el7.x86_64 #1 SMP Mon Sep 30 14:19:46 UTC 2019 x86_64 Linux
bash-5.0# cat /etc/alpin...bash-5.0# modprobe
modprobe: can't change directory to '/lib/modules': No such file or directory
bash-5.0# uname -a
Linux 75359ae0b2dd 3.10.0-1062.1.2.el7.x86_64 #1 SMP Mon Sep 30 14:19:46 UTC 2019 x86_64 Linux
bash-5.0# cat /etc/alpine-release
3.10.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/10846[package] GraphicsMagick 1.3.32 in alpine 3.10 is broken when processing PNGs2020-04-28T12:35:44ZTikiTDO[package] GraphicsMagick 1.3.32 in alpine 3.10 is broken when processing PNGsSee bug:
https://sourceforge.net/p/graphicsmagick/bugs/610/
And associated fix:
https://sourceforge.net/p/graphicsmagick/code/ci/f30492f40f78d867b43422215057dd21de4ba447/
Currently the only way to fix this is to pull GM 1.3.33 from e...See bug:
https://sourceforge.net/p/graphicsmagick/bugs/610/
And associated fix:
https://sourceforge.net/p/graphicsmagick/code/ci/f30492f40f78d867b43422215057dd21de4ba447/
Currently the only way to fix this is to pull GM 1.3.33 from edge-community. Would be nice to see this backported to 3.10.https://gitlab.alpinelinux.org/alpine/aports/-/issues/10837Package request: php7-pecl-smbclient2021-03-01T22:16:09ZpommetjehorlepiepPackage request: php7-pecl-smbclientA PHP wrapper for libsmbclient
URL: [SMB client](https://pecl.php.net/package/smbclient)
Required if you want SMB/CIFS integration in Nextcloud (see [Installation on Linux](https://docs.nextcloud.com/server/17/admin_manual/installation...A PHP wrapper for libsmbclient
URL: [SMB client](https://pecl.php.net/package/smbclient)
Required if you want SMB/CIFS integration in Nextcloud (see [Installation on Linux](https://docs.nextcloud.com/server/17/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation))3.14.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/10773c-client patch needed - php-imap not working with TLS 1.3 x gmail2019-09-12T09:34:19ZOndřej Exnerc-client patch needed - php-imap not working with TLS 1.3 x gmailUbuntu and Debian already fixed this in uw-imap, from what I could find, this corresponds to c-client package in Alpine Linux (https://pkgs.alpinelinux.org/package/v3.10/main/x86_64/c-client)
Ubuntu bug https://bugs.launchpad.net/ubuntu...Ubuntu and Debian already fixed this in uw-imap, from what I could find, this corresponds to c-client package in Alpine Linux (https://pkgs.alpinelinux.org/package/v3.10/main/x86_64/c-client)
Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/php-imap/+bug/1834340
Could this package be updated with the ubuntu/debian patch please?3.10.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/10733Moving GNOME to community2019-10-12T10:05:36ZRasmus Thomsenoss@cogitri.devMoving GNOME to communityAlthough I'm a bit unsure if others are invested in this (I think at least PmOS people are though), I thought it might be worth laying out a short overview of how I plan to move GNOME into community
1. Wait for GNOME 3.34, which will be...Although I'm a bit unsure if others are invested in this (I think at least PmOS people are though), I thought it might be worth laying out a short overview of how I plan to move GNOME into community
1. Wait for GNOME 3.34, which will be released in September. It brings along a bunch of improvements, so I think it's worth waiting for it
2. Move core GNOME packages to community. Some are already in community (e.g. gnome-desktop), while others like mutter and gnome-shell aren't. The first batch of moved packages should just be core ones.
3. Slowly move over non-core packages (e.g. gnome-maps and friends) to community once they're ready, but before due date.
4. Move gnome metapackage to community & add missing applications to it
CC: @PureTryOut3.11.0Rasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.dev2019-10-31https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10638Vagrant VirtualBox image for Alpine2019-08-03T06:35:50ZMichael AldridgeVagrant VirtualBox image for AlpineI have a series of scripts and a packer template for both Vagrant Virtualbox and for an Amazon AMI. I can clean up both from my organization's internal repository and provide them to the Alpine project if there is interest. I do not kn...I have a series of scripts and a packer template for both Vagrant Virtualbox and for an Amazon AMI. I can clean up both from my organization's internal repository and provide them to the Alpine project if there is interest. I do not know the best way to do this though, as I am not currently a contributor to Alpine. I also do not think Alpine is currently in control of the atlas namespace (https://app.vagrantup.com/alpine) as there is no official branding on the account.
Lets assume we start with the work on Vagrant, what's the best way for me to proceed here? I can contribute the parts but not take care of the release process for images (I have a personal policy of only maintaining the release train for one distro, and Void already occupies that slot).https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10655No easy way to find out which version of a package is installed2019-12-27T14:57:24ZLuca WeissNo easy way to find out which version of a package is installedFor example: `apk info mesa-dev` outputs the info from all versions available with no indication which one is installed, `apk info --installed mesa-dev` just outputs me `mesa-dev` and nothing else. But I can use `apk list --installed mes...For example: `apk info mesa-dev` outputs the info from all versions available with no indication which one is installed, `apk info --installed mesa-dev` just outputs me `mesa-dev` and nothing else. But I can use `apk list --installed mesa-dev` and it gives me the information I want: `mesa-dev-9999-r8 aarch64 {mesa} (MIT SGI-B-2.0 BSL-1.0) [installed]`https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10654Outputs from dependency conflicts is confusing2022-12-21T20:16:50ZLuca WeissOutputs from dependency conflicts is confusinge.g.
```
ERROR: unsatisfiable constraints:
mesa-gbm-9999-r8:
breaks: mesa-dev-19.1.2-r0[mesa-gbm=19.1.2-r0]
satisfies: .pmbootstrap-20190724.153513[mesa-gbm><Q1YbqZCJEaCfSpIZTKafhzgOstQkc=]
mesa-egl-9999-r8[so:li...e.g.
```
ERROR: unsatisfiable constraints:
mesa-gbm-9999-r8:
breaks: mesa-dev-19.1.2-r0[mesa-gbm=19.1.2-r0]
satisfies: .pmbootstrap-20190724.153513[mesa-gbm><Q1YbqZCJEaCfSpIZTKafhzgOstQkc=]
mesa-egl-9999-r8[so:libgbm.so.1]
mesa-glapi-9999-r8:
breaks: mesa-dev-19.1.2-r0[mesa-glapi=19.1.2-r0]
satisfies: mesa-gl-9999-r8[so:libglapi.so.0]
mesa-gles-9999-r8[so:libglapi.so.0]
mesa-dri-lima-9999-r8[so:libglapi.so.0]
mesa-osmesa-9999-r8[so:libglapi.so.0]
mesa-egl-9999-r8[so:libglapi.so.0]
mesa-dri-kmsro-9999-r8[so:libglapi.so.0]
mesa-egl-9999-r8:
breaks: mesa-dev-19.1.2-r0[mesa-egl=19.1.2-r0]
satisfies: .pmbootstrap-20190724.153513[mesa-egl><Q1vQlXBST7EqRj4HVUUlVaEoM4yE0=]
mesa-gl-9999-r8:
breaks: mesa-dev-19.1.2-r0[mesa-gl=19.1.2-r0]
satisfies: charging-sdl-0.1-r0[mesa-gl]
osk-sdl-0.53-r0[mesa-gl]
mesa-gles-9999-r8:
breaks: mesa-dev-19.1.2-r0[mesa-gles=19.1.2-r0]
satisfies: .pmbootstrap-20190724.153513[mesa-gles><Q1d1oWm/SAHFQnkGD5wwu4BPQX558=]
mesa-osmesa-9999-r8:
breaks: mesa-dev-19.1.2-r0[mesa-osmesa=19.1.2-r0]
satisfies: .pmbootstrap-20190724.153513[mesa-osmesa><Q1n6K1CY0HvBdqenbEVW7mHOepS7I=]
mesa-xatracker-9999-r8:
breaks: mesa-dev-19.1.2-r0[mesa-xatracker=19.1.2-r0]
satisfies: .pmbootstrap-20190724.153513[mesa-xatracker><Q1LqA8tncs0Vb7oEpNUQPYRCYZ6Ac=]
mesa-dev-19.1.2-r0:
breaks: .pmbootstrap-20190724.153513[mesa-dev><Q1Gbq2eh3ETXm0BdZgtvnwb2of48A=]
satisfies: libepoxy-dev-1.5.3-r0[mesa-dev]
libepoxy-dev-1.5.3-r0[pc:egl]
libepoxy-dev-1.5.3-r0[pc:gl]
```https://gitlab.alpinelinux.org/alpine/awall/-/issues/9640Awall silently ignores wrong attributes in policy files2021-11-25T13:35:47ZPhilippe FryciaAwall silently ignores wrong attributes in policy filesUnknown attributes in policy files are ignored, which may lead to
unexpected iptables configuration.
E.g.:
"filter":
[
{
"family": "inet",
"proto": "tcp",
"port": 22,
"action":...Unknown attributes in policy files are ignored, which may lead to
unexpected iptables configuration.
E.g.:
"filter":
[
{
"family": "inet",
"proto": "tcp",
"port": 22,
"action": "accept"
}
]
Will translate without warning, but will allow all traffic (which is
probably not what was intended), because only the action is translated,
and the expected service is not present.
Maybe at least a warning could be generated if a known attribute is used
at a wrong place like in the above example.
Ideally, anything unexpected should be reported.
*(from redmine: issue id 9640, created on 2018-11-12)*https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/7102Information available via 'apk info' on a package is incomplete with respect ...2022-12-21T20:00:36ZChris GiorgiInformation available via 'apk info' on a package is incomplete with respect to contents of .PKGINFO.Currently ‘apk info’ can not retrieve all information of interest on a
package, especially once Issue \#7101 is implemented.
‘apk info’ (or perhaps a more direct ‘apk query’) should be able to
extract any information stored in a .apk f...Currently ‘apk info’ can not retrieve all information of interest on a
package, especially once Issue \#7101 is implemented.
‘apk info’ (or perhaps a more direct ‘apk query’) should be able to
extract any information stored in a .apk file in raw or slightly cooked
form suitable for use in scripts.
*(from redmine: issue id 7102, created on 2017-04-07)*v3.1https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/5977Parallel Downloads for "apk add"2024-02-23T12:34:41ZNoah NordrumParallel Downloads for "apk add"I think it would be great to have the option to do parallel downloads of
packages, with a configurable amount of threads. Something like “apk
—no-cache —parallel=8 add openjdk8”. (with a default of 1)
You could also grab the various AP...I think it would be great to have the option to do parallel downloads of
packages, with a configurable amount of threads. Something like “apk
—no-cache —parallel=8 add openjdk8”. (with a default of 1)
You could also grab the various APKINDEXes using that same thread pool.
If you didn’t want to hammer the CDNs, you could add a hard-coded
exemption to \*.alpinelinux.org or something.
I’m running a local mirror of dl-cdn.alpinelinux.org, so I would really
like to take advantage of my internal bandwidth.
Since all the dependency information is in APKINDEX, I would think it
wouldn’t be too painful to throw it in a prioritized queue and delegate
to an executor of some kind, but I haven’t looked at the internals
(yet).
*(from redmine: issue id 5977, created on 2016-07-27)*v3.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/abuild/-/issues/9016Support GnuPG public keys as an alternative to checksums2024-03-24T16:17:48ZalgitbotSupport GnuPG public keys as an alternative to checksumsSigned packages provide more security than checksums, e.g. in the case
of corrupt mirrors or download sites.
The private key is only owned by the devs or release managers. All users
can use the well known public key to verify their dow...Signed packages provide more security than checksums, e.g. in the case
of corrupt mirrors or download sites.
The private key is only owned by the devs or release managers. All users
can use the well known public key to verify their downloads. As an
additional feature, the key can be fetched from keyservers, so
corrupt/revoked keys will throw an error.
e.g. in the case of nginx:
Fetch B0F4253373F8F6F510D42178520A9993A1C052F8 in the APKBUILD and fetch
the \*.asc together with the tarball/signed git tag.
*(from redmine: issue id 9016, created on 2018-06-16)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10544Add ZFS support to netboot files.2021-03-21T10:22:40Zm trioAdd ZFS support to netboot files.I find it incredibly handy being able to netboot Alpine Linux, however,
not being able to use ZFS is a deal-breaker for me.
Adding the module(s) at runtime is problematic due to the read-only
nature of a netboot environment.
Would it ...I find it incredibly handy being able to netboot Alpine Linux, however,
not being able to use ZFS is a deal-breaker for me.
Adding the module(s) at runtime is problematic due to the read-only
nature of a netboot environment.
Would it be possible to add zfs kernel modules to the netboot images?
*(from redmine: issue id 10544, created on 2019-06-07)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10478Package 'nginx-mod-http-lua' breaks nginx2021-06-13T01:14:21ZZach van RijnPackage 'nginx-mod-http-lua' breaks nginxRecent versions of <code>nginx-mod-http-lua</code> have broken nginx
with the default configuration. There has been [much
activity](https://git.alpinelinux.org/aports/log/main/nginx) on this
package lately, and therefore it is not easy t...Recent versions of <code>nginx-mod-http-lua</code> have broken nginx
with the default configuration. There has been [much
activity](https://git.alpinelinux.org/aports/log/main/nginx) on this
package lately, and therefore it is not easy to pinpoint the breaking
change.
A [related
discussion](https://github.com/openresty/lua-nginx-module/issues/1509)
has determined that one must add <code>lua\_load\_resty\_core
off;</code> to the nginx configuration.
I have tested this issue on Alpine 3.8 and 3.9 as of 2019-05-19.
**To Reproduce:**
1. Launch a fresh copy of Alpine, update and upgrade.
2. <code>\# apk add nginx-mod-http-lua</code>
3. <code>\# nginx</code>
You will be greeted with something like:
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [emerg] open() "/run/nginx/nginx.pid" failed (2: No such file or directory)
One might think we need to install OpenResty:
<code>\# apk add $(apk search **resty** | awk <s>F’\[</s>\]’ ‘{print $1
“-” $2 “-” $3}’)</code>
This does not resolve the issue. It appears that we need
<code>lua-resty-core</code>, but this is not packaged on Alpine at this
time.
**Possible Workaround:**
If we instead add <code>lua\_load\_resty\_core off;</code> to the nginx
<code>http { }</code> configuration, we still get the OpenResty warning
above, but not the missing libraries, and nginx starts as expected.
A better solution would be to fix the package. This type of issue
catches system administrators by surprise and can be incredibly
frustrating.
ZV
*(from redmine: issue id 10478, created on 2019-05-21)*Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9694Provide software package "freeipa-client"2022-01-01T21:53:55ZThomas SchneiderProvide software package "freeipa-client"Hello!
Can you please provide this software
freeipa-client
on Alpine Linux?
This software is required with IPA authentication for use on clients.
There’s an AUR PKGBUILD available here:
https://aur.archlinux.org/packages/freeipa-...Hello!
Can you please provide this software
freeipa-client
on Alpine Linux?
This software is required with IPA authentication for use on clients.
There’s an AUR PKGBUILD available here:
https://aur.archlinux.org/packages/freeipa-client/
THX
*(from redmine: issue id 9694, created on 2018-11-26)*