jaeger changed the topic of #crux to: CRUX 3.7 | Homepage: https://crux.nu/ | Ports: https://crux.nu/portdb/ https://crux.ninja/portdb/ | Logs: https://libera.irclog.whitequark.org/crux/
tilman has quit [Ping timeout: 268 seconds]
tilman has joined #crux
groovy3shoes has quit [Ping timeout: 260 seconds]
crash_ has quit [Server closed connection]
crash_ has joined #crux
remiliascarlet has quit [Quit: remiliascarlet]
remiliascarlet has joined #crux
deltahotel has joined #crux
<deltahotel> hi, does crux installation need an internet connection?
<ukky> deltahotel: no
<deltahotel> ukky: thanks
<ukky> but you need internet to get all packages up to date
<deltahotel> yes
<ukky> deltahotel: you can get help in this channel via your cell phone at https://web.libera.chat if you loose internet on your system
<deltahotel> ok interesting
Guest64 has joined #crux
Guest64 has quit [Client Quit]
<deltahotel> but using revolution irc on android nox
<deltahotel> now
lavaball has quit [Remote host closed the connection]
deltahotel has quit [Quit: Quit]
deltahotel has joined #crux
<cruxbot> [contrib.git/3.7]: faad2: 2.11.0 -> 2.11.1
<cruxbot> [contrib.git/3.7]: flatpak: 1.15.4 -> 1.15.6
<cruxbot> [contrib.git/3.7]: gitea: 1.20.5 -> 1.21.0; notice: public asset directory changed, see changelog upstream
<cruxbot> [contrib.git/3.7]: intel-ucode: 20230808 -> 20231114
<cruxbot> [contrib.git/3.7]: python3-tomlkit: 0.12.2 -> 0.12.3
<cruxbot> [contrib.git/3.7]: lua-language-server: 3.7.2 -> 3.7.3
<cruxbot> [contrib.git/3.7]: p5-business-isbn-data: 20231110.001 -> 20231114.001
<cruxbot> [contrib.git/3.7]: pnpm: 8.10.4 -> 8.10.5
<cruxbot> [contrib.git/3.7]: python3-phonenumbers: 8.13.24 -> 8.13.25
<cruxbot> [contrib.git/3.7]: python3-trove-classifiers: 2023.11.13 -> 2023.11.14
<cruxbot> [opt.git/3.7]: fmt: 10.0.0 -> 10.1.1
<cruxbot> [opt.git/3.7]: libgcrypt: 1.10.2 -> 1.10.3
ax has quit [Server closed connection]
ax has joined #crux
braewoods_ has quit [Server closed connection]
braewoods_ has joined #crux
ppetrov^ has joined #crux
magnahelix has quit [Quit: ZNC 1.8.2 - https://znc.in]
magnahelix has joined #crux
ppetrov^ has quit [Quit: Leaving]
ppetrov^ has joined #crux
tarxvfz has joined #crux
brian|lfs has quit [Read error: Connection reset by peer]
tarxvfz has quit [Quit: tarxvfz]
plow has quit [Server closed connection]
plow has joined #crux
tarxvfz has joined #crux
lavaball has joined #crux
magnahelix has quit [Quit: ZNC 1.8.2 - https://znc.in]
magnahelix has joined #crux
<cruxbot> [contrib.git/3.7]: wasi-libc: 20231011 -> 20231115
<cruxbot> [contrib.git/3.7]: wasi-libc++: 17.0.4 -> 17.0.5
<cruxbot> [contrib.git/3.7]: wasi-compiler-rt: 17.0.4 -> 17.0.5
<cruxbot> [contrib.git/3.7]: bftpd: 6.1 -> 6.2
ppetrov^ has quit [Quit: Leaving]
deltahotel has quit [Ping timeout: 246 seconds]
deltahotel has joined #crux
ppetrov^ has joined #crux
deltahotel has quit [Ping timeout: 256 seconds]
deltahotel has joined #crux
groovy2shoes has joined #crux
deltahotel has quit [Ping timeout: 268 seconds]
deltahotel has joined #crux
lavaball has quit [Remote host closed the connection]
lavaball has joined #crux
tarxvfz has quit [Quit: tarxvfz]
magnahelix has quit [Quit: ZNC 1.8.2 - https://znc.in]
magnahelix has joined #crux
ppetrov^ has quit [Quit: Leaving]
<deltahotel> I'm new to crux, what is the relationship between crux and openbsd?
<ukky> SiFuh: ^
<ukky> deltahotel: /usr/bin/busybox_static
<ukky> deltahotel: scratch busybox path, wrong paste
<jaeger> There's no link, particularly
<cruxbot> [opt.git/3.7]: bindutils: update to 9.18.20
<cruxbot> [opt.git/3.7]: mupdf: update to 1.23.6
<cruxbot> [opt.git/3.7]: btrfs-progs: update to 6.6.2
<deltahotel> I'm going to move from openbsd to crux soon. I hope it's gonna be all right...
<jaeger> I'd suggest trying it for a while in a VM to see what you think
<jaeger> Or on some extra hardware if you have it
<SiFuh> deltahotel: For a non BSD distro, CRUX is probably the closest of the Linux to OpenBSD. There isn't much of a relationship at all since they are two entirely different things but there are many similarities in some ways.
<ukky> deltahotel: what is the motive behing the decision? I'm just curious, switched to CRUX myself recently.
<cruxbot> [core.git/3.7]: cmake: update to 3.27.8
<deltahotel> ukky: my hardware is not recognized, no driver for my wifi card and my touchpad. but on the security side obd is great.
<ukky> deltahotel: okay.
<deltahotel> SiFuh: can you explain why crux is closest to obsd than other linux distrubutions?
<SiFuh> BSD-style initscripts
<jaeger> Also a ports system similar to BSDs
crash_ has quit [Quit: leaving]
groovy2shoes has quit [Ping timeout: 268 seconds]
groovy2shoes has joined #crux
stoffepojken has quit [Quit: ZNC 1.8.2 - https://znc.in]
stoffepojken has joined #crux
stoffepojken has quit [Remote host closed the connection]
<SiFuh> jaeger: CRUX's fsearch is the coolest feature
<jaeger> definitely handy
stoffepojken has joined #crux
<SiFuh> Yeah, shame most distros don't have this feature
<ukky> fsearch is probably the most often used prt-get command on my side. This is a must for source-based distro.
<deltahotel> note that I am going to install crux on an HP 15-dw1000nk laptop
lavaball has quit [Remote host closed the connection]
deltahotel has quit [Quit: Quit]
<cruxbot> [opt.git/3.7]: c-ares: 1.21.0 -> 1.22.0
<cruxbot> [opt.git/3.7]: nodejs: 21.1.0 -> 21.2.0
<cruxbot> [opt.git/3.7]: p11-kit: 0.25.2 -> 0.25.3
<cruxbot> [contrib.git/3.7]: sccache: 0.7.1 -> 0.7.2
<cruxbot> [contrib.git/3.7]: sslscan: 2.1.1 -> 2.1.2
root has joined #crux
root is now known as Guest9824
<Guest9824> hello. does crux support building Pkgfiles inside sandbox?
<ukky> Guest9824: I build all CRUX packages as restricted user. Adding packages and removal is done as root.
<ukky> Some devs build packages in the containers
<Guest9824> ukky: im aware of that pkgmk option to build as restricted user. however i would like to isolate more, such as building within containers.
<Guest9824> thank you for your answer.
<ukky> Packages for Install ISO are built in chrooted environment
<Guest9824> will look into that
<Guest9824> thank you
<ukky> any time
<Guest9824> would also appreciate if anyone can write how you build within containers, lxc i assume.
crash_ has joined #crux
<cruxbot> [contrib.git/3.7]: grafana: 10.2.0 -> 10.2.1
<cruxbot> [contrib.git/3.7]: stylua: 0.19.0 -> 0.19.1
<cruxbot> [contrib.git/3.7]: yarn: 1.22.19 -> 1.22.21
<jaeger> Yes, you can certainly build in a container if you want
<jaeger> Same way as you would build outside a container, you'd need to install the required dependencies and then copy or map the built packages out of the container at the end
<Guest9824> thank you, i find it easier to deal with virtualized machines which also give better isolation than containers.
<Guest9824> will go with qemu with ssh
<jaeger> That would also work fine
<Guest9824> right now building initramfs from scratch, trying to implement dropbear to boot early and provide ssh for disk decryption.
<Guest9824> neat distribution, thank you
<Guest9824> managed to get triple cipher serpent(twofish(aes())) + whirlpool to work with cryptsetup and custom initramfs
<SiFuh> Yeah, I pushed for that
<Guest9824> but it's kind of slow, even with nvme and 32 cores
<Guest9824> pushed? :-)
<SiFuh> Yeah, asked jaeger to include it
<Guest9824> include what?
<SiFuh> I use the serpent on another machine
<SiFuh> Both serpent and cryptsetup on the ISO
<cruxbot> [compat-32.git/3.7]: libgcrypt-32: 1.10.2 -> 1.10.3
<cruxbot> [compat-32.git/3.7]: p11-kit-32: 0.25.2 -> 0.25.3
<ukky> Guest9824: you need to benchmark all algo and choose which one performs the best. If you blindly enable all, it will be slow
<Guest9824> ah. i used veracrypt cli to crypt the partition, and 'cryptsetup open --type tcrypt --veracrypt --debug --veracrypt-query-pim /dev/nvme0n1p2 crypt' for decryption from initramfs
<SiFuh> Guest9824: we also have dracut, are you using this for your initramfs?
<crash_> jaeger: is your updated isos working? i have not tried it for awhile
<Guest9824> SiFuh: im building my own initramfs, manually. statically building busybox and cryptsetup, including dax, dm-mod, dm-crypt kernel modules and writing script that does switch_root further.
<Guest9824> and decrypts of course
<Guest9824> i don't like dracut, it's full of everything
<jaeger> crash_: as far as I know, but haven't hand-tested the latest
<SiFuh> Point taken
<ukky> crash_: I think I installed CRUX on one of the systems using the latest that jaeger has. I can tell which one exactly if you need.
<SiFuh> Guest9824: https://gitlab.com/SiFuh/Documentation/-/raw/master/encrypted-CRUX-without-dracut.txt encryption without needing dracut or type in a password. I don't consider it secure though
<Guest9824> ukky: will do more benchmarks, need to choose something faster
<SiFuh> Guest9824: https://gitlab.com/SiFuh/Documentation/-/raw/master/CRUX-3.6-Encrypted.txt Another but for a recycled encrypted swap upon boot
<ukky> Guest9824: Run 'cryptsetup benchmark' and check the results
<SiFuh> The best benchmarked encryption I found was aes-cbc-essiv:sha256
<SiFuh> Although I often use serpent-xts-plain64 -s 512
<Guest9824> let me redo veracrypt benchmarks, will take a while.
<ukky> I mostly use '--cipher aes-xts-plain64 --key-size 512 --hash sha256', sometimes '--cipher aes-xts-plain64'
<crash_> jaeger: Thanks then i will try it tomorrow on my "new" for me thinkpad x280, then i would't have to many things to update after a new install
<crash_> ukky: Please do :)
<ukky> crash_: checking...
<jaeger> crash_: if it does fail for some reason let me know and I'll sort it out
<crash_> jaeger: i will :) does your iso also include the /crux/kernel/contrib/config?
<ukky> crash_: The ISO was created on 2023-08-27 at 16:33 (EDT). Tested and marked as 'works for me'. It has NVMe support.
<jaeger> "my" updated ISO is built from the same tree as the official ISO... just with updated packages weekly
<jaeger> So it should have everything the official one does
<SiFuh> And more!
<jaeger> Currently I need to add rdfind to it as a new dep for linux-firmware, though
<ukky> s/sometimes '--cipher aes-xts-plain64'/sometimes '--cipher serpent-xts-plain64'/
<crash_> jaeger: nice to know :) i'm not sure what the contributed kernel is based on? i mostly use the standard crux kernel .config but i might try this contributed config on this machine this time.
<crash_> jaeger: nice to know :) i'm not sure what the contributed kernel is based on? i mostly use the standard crux kernel .config but i might try this contributed config on this machine this time.
<jaeger> It's a contribution from SiFuh so he can give details on that
<crash_> I see thanks
<jaeger> Hrmm... I just grabbed the latest ISO to do a quick chroot tests and it has some problems
<jaeger> duplicate packages
<jaeger> I wonder how that happened
<jaeger> So maybe don't use that one yet until I figure out what went wrong
<ukky> jaeger: do you mean DB is corrupted?
<jaeger> No, just that it has more than one copy of for example linux-firmware in the packages directory
<jaeger> which means the automated process that cleans out old packages before building the new ones failed
<ukky> Then you probably reused the same build directory, perhaps?
<SiFuh> crash_: It's just a fully modular kernel for x86/amd64 so that pretty much everything standard (Some non-standard things) exists.
<ukky> jaeger: It is unofficial ISO. So, having older package versions besides the latest is not an issue. The kernel options is what is important.
<SiFuh> ukky: Thought it was named unofficial because it is not an officially public release
<ukky> SiFuh: Yes. And only a few people know where it can be found :-)
<SiFuh> Including google ;-)
<crash_> SiFuh: Thanks for the info, so most of the drivers and things should work with yout kernel then :)
<ukky> But google doesn't know there are older versions of packages in the latest ISO...
<crash_> jaeger:Oh do you have older working isos as well or just the current built one?
<SiFuh> crash_: Yep. I use it as is on laptops. But on a PC I use it as the foundation for creating a custom kernel.
<crash_> nice :)
<SiFuh> crash_: https://crux.ninja/updated-iso/ <-- jaeger's
<jaeger> Generally just the latest, it gets replaced automatically
<jaeger> ukky: part of the automation cleans old build artifacts... and usually that works fine
<crash_> jaeger: maybe it's better to use the standard crux 3.7 iso until you have fixed the duplicated packages
<ukky> jaeger: cannot argue. When I was building CRUX ISO I modified Makefile heavily to build it as restricted user, and only as root in chrooted environment. Original Makefile, if used as root, can destroy the root file system when build is interrupted, and then re-run as root again.
<cruxbot> [contrib.git/3.7]: npm: 10.2.3 -> 10.2.4
<jaeger> yep, it can
<jaeger> crash_: yeah, though I intend to get this fixed quickly... just gotta diagnose the cause
<crash_> jaeger: if you want you can give me a headsup if you have fixed the problem and have made a new iso :)
<jaeger> sure
lavaball has joined #crux
<crash_> thanks