00:50 <darfo> docker 28.0.1 broke my network setup. Container could ping host but nothing through the host's gateway.

00:51 <darfo> Reviewed changes for 28.0.1. Looks like a lot of changes to fix changes in 28.0.0 where lots of changes to the way iptables is handled.

00:55 <darfo> 28.0.0 says "Port publishing in bridged networks" ... "dockerd now requires ipset support in the Linux kernel" which m kernel doesn't have.

00:55 <darfo> Time for a new kernel option and a reboot.

01:11 <darfo> well it sound sort of like my problem but that didn't fix it.

02:03 <darfo> argh. the packets are being dropped by DOCKER-ISOLATION-STAGE-2 iptables rule. must be something new I have to add to the config.

09:30 <cruxbot> [opt/3.7]: libcupsfilters: forced rebuild for qpdf 12

09:30 <cruxbot> [opt/3.7]: qpdf: updated to version 12.0.0

09:30 <cruxbot> [opt/3.7]: imagemagick: updated to version 7.1.1-45

09:30 <cruxbot> [opt/3.7]: samba: updated to version 4.22.0

09:30 <cruxbot> [contrib/3.7]: remind: updated to version 05.03.04

10:26 <cruxbot> [core/3.7]: libmpfr: updated to version 4.2.1-p1

10:31 <cruxbot> [xorg/3.7]: xorg-xinit: updated to version 1.4.4

11:39 <ivandi> darfo: looks like these modules are loaded when docker starts https://dpaste.org/JtxXD

14:10 <darfo> i only use iptables, no nftables. It doesn't seem to be due to missing kernel support but because it is specifically directing container-to-host traffic to an iptables DROP rule. docker 27.5.1 does not do that, just the newer 28.0.1.

14:13 <darfo> I was mistaken earlier about port publishing. Container doesn't publish any ports for host use, only creates outbound connections and uses host for DNS, etc.

14:15 <darfo> I've been reviewing the changelogs for docker 28.0.0 and 28.0.1 but I haven't found any information about new kernel support required in 28.x that was not required in 27.5.1.

15:30 <jaeger> Does the check-config script from docker tell you anything useful?

15:56 <darfo> no, it has the same output for 27.5.1 and 28.0.1. it may not have been updated yet though.

15:56 <darfo> but that was a great idea to check it

16:03 <darfo> the DOCKER-ISOLATION-STAGE-1 chain is different with 28.0.1. It passes passes the packets to DOCKER-ISOLATION-STAGE-2 where it used to return. And DOCKER-ISOLATION-STAGE-2 is all -j DROP rules and drops the packet because it is supposed to go out to the host bridge interface.

16:07 <darfo> 28.0.0 release three weeks ago. 28.0.1 released two weeks ago to fix 28.0.0. 28.0.0 had a lot of changes so I imagine it is not going to stabilize for all use-cases until a another release or three :)

18:19 <jaeger> Yeah, could be

19:08 <ppetrov^^> libmpfr seems to depend on texinfo

19:13 <SiFuh> zorz https://sputnikglobe.com/20250310/which-of-europes-weapons-would-turn-into-scrap-if-us-pushes-a-kill-switch-1121629330.html

19:13 <SiFuh> Oops, wrong channel

19:17 <farkuhar> ppetrov^^: not to build the library; texinfo is only needed to build the documentation. Makefile targets: html dvi info pdf ps

19:18 <ppetrov^^> well, building libmpfr broke

19:18 <ppetrov^^> i had to install texinfo

19:22 <jue> strange, works for me

19:24 <cruxbridge> <pitillo (@pitillo:crux.nu)> Here on a clean container it worked and on the rpi3 it requires texinfo too (I’m still trying to figure out what’s happening there)

19:26 <farkuhar> ppetrov^^: Can you try inserting `autoreconf -ivf` before ./configure, and see if the build still fails with no texinfo?

19:27 <ppetrov^^> i really need to have some beers right now

19:27 <ppetrov^^> maybe later

19:30 <cruxbridge> <tim> autoreconf does not help for me

19:39 <farkuhar> opt/poppler 25.03 is eagerly linking to something not listed among the hard dependencies, resulting in a footprint mismatch (/usr/include/poppler/JPXStream.h replaced by /usr/include/poppler/JPEG2000Stream.h). Ignoring footprint is probably easier in this case, rather than cluttering the ports tree with another maintainer_clean_footprint.

19:49 <jue> hmm, there is no JPXStream.h in the footprint of poppler?

19:53 <farkuhar> Three previous poppler commits mentioned the JPXStream header: c44b8b29bda8c1b1a6c75768ae53514d4d6fce66 (2023-09-09), 0281dc843974e128588131398be02ab80284c798 (2024-02-04) and 136873f445299ceba55cefa2092bcec4ec74ff7c (2024-05-02). So it seems to find its way back into the footprint somehow. Interestingly, the file only appears in the 3.8 branch; poppler in the 3.7 branch doesn't have JPXStream.h.

20:05 <cruxbot> [core/3.7]: libmpfr: added sed to fix build

20:08 <cruxbot> [opt/3.7]: ccache: 4.10.2 -> 4.11

20:08 <cruxbot> [opt/3.7]: htop: 3.3.0 -> 3.4.0

20:08 <cruxbot> [opt/3.7]: libidn2: 2.3.7 -> 2.3.8

20:08 <cruxbot> [contrib/3.7]: libical: 3.0.19 -> 3.0.20

20:08 <cruxbot> [contrib/3.7]: libreoffice: 25.2.1.2 -> 25.2.2.1

20:08 <cruxbot> [contrib/3.7]: lua-language-server: 3.13.6 -> 3.13.7

20:08 <cruxbot> [contrib/3.7]: pnpm: 10.6.1 -> 10.6.2

20:08 <cruxbot> [contrib/3.7]: p5-business-isbn-data: 20250226.001 -> 20250309.001

20:09 <cruxbot> [contrib/3.7]: python3-findpython: 0.6.2 -> 0.6.3

20:09 <cruxbot> [contrib/3.7]: tinyxml2: 10.0.0 -> 10.1.0

20:38 <cruxbot> [compat-32/3.7]: glib-32: 2.82.5 -> 2.84.0

20:38 <cruxbot> [compat-32/3.7]: kmod-32: 34 -> 34.1

20:38 <cruxbot> [compat-32/3.7]: libcap-32: 2.73 -> 2.75

20:38 <cruxbot> [compat-32/3.7]: libidn2-32: 2.3.7 -> 2.3.8