IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/04/20
zlatinb eyedeekay: we may need to release new easy-install bundles very soon
zlatinb zzz: pls let us know if that affects us ^
zzz coffee
zzz zlatinb, yes we use the JVM's implementation of ECDSA
zlatinb fantastic
zlatinb where is EcDSA used?
zzz currently, just for router family
zzz it was also the default for destinations for a short time, ca. 2014
zzz in between DSA and EdDSA
zzz so there's probably some ECDSA dests out there
zzz I don't believe we ever used it for router identities
zzz also we have one reseed with a self-signed ECDSA SSL cert
zlatinb ok so it's not apocalyptic but serious
zzz I think that's correct
zzz I assume it's on twitter by now?
zlatinb yeah I saw it on str4d's feed
zzz it's java 15-18 only
zlatinb easy-install bundles are with 17.0.1 afaik
zlatinb or 17.0.2
zzz so our recommendation is
zzz update if available
zzz if not, downgrade to 11
zzz if you're running one of our bundles, updates will be available when?
zlatinb I can build Mac today
zzz how about muwire?
zlatinb I waited for 18.0.1 and released 0.8.12 promptly after
zlatinb so they can/should update asap
zzz what are the fix numbers? 18.0.1 and 17.0.3?
zlatinb 18.0.1 for sure, I don't know why I don't see 17.0.3 on the oracle site
zzz I assume we're a few days away from this showing up in debian/ubuntu
zzz I need to wake up more before jumping into the twitter streets
zlatinb after you tweet I'll post on reddit
zzz writing a zzz.i2p post now that you can copy over
zzz posted
zlatinb copied over
mesh ugh that's the real downside of repackaging the jvm
mesh fortunately for us we never repackage the jvm
mesh just "here are some jars, go wild"
zzz who is "us"?
mesh it's us
mesh the people behind the curtain
zlatinb ok at least you're human
zzz up to you, but it's easier to help you if we know what you're working on
mesh well right now it's all speculative tho some money has changed hands
zzz got a couple tweets out, please RT
mesh the code is all going to end up open source tho, I think
mesh it might not make much sense but you can see the what is v2 shaping up at nquoczl5wbgbtsxrc77khmvsntawy5pflyxfafq5o6yqsl6krzvq.b32.i2p/ocean
mesh that code is like a framework for building p2p apps on top of i2p
mesh tho I haven't actually checked in anything to mesh-framework yet. just the component framework
zlatinb zzz: do we need to up the core version to 1.7.1 in order for the automatic update to pick it up? Or is it enough to say 1.7.1 in the su3?
mesh that code is all modular (see the module-info.java files) to support what will be the ability to load modules at runtime. hence why the package names are a big problem ;)
mesh zlatinb: does i2p itself need to be updated or isd it enough to just update the jdk/jvm?
zlatinb just the jvm
zzz zlatinb, you need to update the core version, or else it will want to update again
zlatinb blergh
zlatinb ok, I leave that to you :)
zzz huh?
zlatinb I can't change the CoreVersion in i2p.i2p from i2p-jpackage-mac
zlatinb basically we'll need to branch from the i2p-1.7.0 tag
zlatinb just change the CoreVersion, then tag 1.7.1
zzz then you need to fix your build process, or branch yourself? what do you need me for?
zlatinb I don't have a way of intercepting the update decision from outside the router
zlatinb so either I change CoreVersion to 1.7.1 locally and then build, or we put it in git
zlatinb then eyedeekay has to do the same, so I thought we might as well pu it in git tag
zzz the former sounds easier, but it's your build process
zzz why don't you wait for eyedeekay to wake up and figure it out together
zlatinb yeah was just about to ping him :)
eyedeekay The last time we had to do it we tagged it something like i2p-jpackage-1.7.1, checked out that tag when the build was done
eyedeekay Ready to go
zlatinb eyedeekay: we didn't have update mechanism or any updates pending afaik
zzz eyedeekay has done a few windows releases in the last month or two I think? he should be good at it by now
zlatinb I presume we want to push an update from 1.7.0. to 1.7.1? In that case the new CoreVersion needs to be 1.7.1
eyedeekay What I would do is I would check out 1.7.0 into it's detatched state, git checkout -b i2p-jpackage-1.7.1, change the CoreVersion on that branch and that branch only, then configure the bundle build to build from that branch
zlatinb that works too
zlatinb I prefer branch-from-tag but w/e
zlatinb the i2p-jpackage-1.7.1 does that ever get pushed to gitlab or just stays in the local git repo?
eyedeekay I've been pushing it to gitlab on my fork when I need to
zlatinb I just did the local edit
zlatinb going to certify it now
zlatinb going to up a torrent on postman next
eyedeekay I'll get it up to the mirrors.
eyedeekay In a few minutes I'll have a Windows build ready, I'll need your help to sign it
zlatinb I created the torrent for the mac and updated i2p.newsxml/data/mac/stable/releases.json
zlatinb I presume we're going to use the same news entry for all versions? Simpler that way
zzz same for all bundle versions you mean? If we do one for the main feed it probably needs to be different
eyedeekay I was thinking about it and I probably should do my own news entry, not sure about zlatinb
zlatinb if you do one I"ll do one too
zzz as I've been lobbying for a while, I think it's good practice to have bundle-specific news entries to talk specifically to your users
zlatinb I was hoping to avoid messing with that strange xhtml or whatever it is called :)
zlatinb can we at least share the same blog entry?
zzz yes it's strict xhtml. every tag must be closed. I recommend xmllint to make sure it's valid
zzz see README, I added info a while back on how to do that
zlatinb got it
zzz also, as you know, every news entry requires a link, so time to go write and post your release notes :)
zlatinb that's what I was asking, can we share a single blog entry?
zzz that's up to you two.
zlatinb we should update the main feed too, no?
zzz the link doesn't have to be to the www blog, it could be to muwire.i2p
zlatinb then I'll just link to the post on zzz.i2p
zzz as I said above, I don't know if we need to do the main feed, but if so, it's probably different text
zzz you don't do release announcements on muwire.i2p?
zlatinb not really, I have a in-network pull mechanism
zlatinb and I don't want to use zab.i2p for this either tbh
zzz well, independent of whatever you do with newsxml, I recommend you add release announcements to your site, it's good practice for any software product and it helps the google juice
zlatinb I"ll think about it
zlatinb what's a quick way to generate a random uuid ?
zzz create_new_entry.sh does it for you for the main feed.
zzz I don't know if it's been adapted for sub-feeds somehow
zzz or just run it then move the template from the main feed to your feed
eyedeekay Everything create_new_entry.sh does should honor environment variables now too, so you can do something like:
eyedeekay TITLE="Update for Mac Jpackage 1.7.1" AUTHOR=zlatinb I2P_OS=osx I2P_BRANCH=stable ./create_new_entry.sh
eyedeekay if you want to automate part of it too
zlatinb I did it manually, xmllint passes
zlatinb uuidgen generates an uuid
zlatinb pushed
zlatinb ideally xmllint should be the first step of the sanity check
zlatinb I have some pretty serious sanity checks for the muwire update.json that verify the structure is kosher too
zzz yeah if there's an easy way to validate the json, put that in the README
zlatinb it's not going to be easy but in the end will save everyone time
zzz we've butchered that also, more than once
zlatinb like are all elements & attributes present etc.
zlatinb no duplicate uuids, etc.
zzz I also recommend opening entries.html in a browser, sometimes it's easier to see spelling errors that way
zzz also after changing version from x to y in releases.json, search for x to make sure you got them all
zzz and stare hard at the magnet link to make sure the hash is right
zlatinb except for that last part everything is automate-able
eyedeekay I'm doing my signing now, people who use my news server should be seeing updates soon, I'll do it again after we get Windows out
zzz eyedeekay, what's your version going to be? are you up to 1.7.5 or something?
eyedeekay Browser profile/installer will be version 1.7.4
eyedeekay But those three updates have all happened on the settable-paths branch
zzz your download page says 1.07.2 is that a typo?
eyedeekay I was numbering the profiles independently of the router before I added the jpackage to it
zzz so not-a-typo
eyedeekay That reflects the profile version that they'll get
eyedeekay They're all going to use the same number when I switch to auto-updates for everybody at 1.8.0
zzz eyedeekay, just tried to download it, the in-net mirror mgp6...b32.i2p is returning 503
zzz whose is that?
zzz yeah I don't recommend leading zeros in version numbers, it raises hell in comparisons and might even be interpreted as octal
eyedeekay mgp is me but it was supposed to be temporary, it's also just a proxy of the clearnet mirror so it shouldn't be possible for it to 503...
eyedeekay I am logged in there I'll see what's up
zzz it hangs for maybe a minute and then returns 503, so the tunnel is up but it can't get to the server
eyedeekay I see what's wrong it'll be fixed in a second
zzz yet another thing to add to your monitoring
eyedeekay Yeah I got a lot of stuff to watch
zzz anyway, lets not do .07. type version numbers in the future if possible because then you get to .08. and it explodes
eyedeekay Can do, there's no need for a separate profile version number anymore anyway, when the installer gets updated everything gets updated now
eyedeekay Am I reading this correctly that I'm still waiting on an update before I can be ready to build my bundle? github.com/adoptium/adoptium/issues/140
zzz whats the new version today going to be on the website?
zlatinb if you're using adoptium they take some time
zlatinb eyedeekay: get from oracle
eyedeekay Sure zlatinb
zzz eyedeekay, if you do switch to oracle, make sure you fix all your license statements and meet their requirements
eyedeekay zzz I'll make it 1.7.4 for this release
zzz as necessary. I don't know if the licensing is different
zzz I assume and hope zlatinb has already done the research and changes required
zlatinb Blinded message
zlatinb no I haven't done a thing besides read the blurb on top about GPLv2 + classpath exception
zzz come on guys, this is basic stuff, it's your responsibility when bundling other software
eyedeekay GPL2+Classpath exception for Oracle, EPL for Adoptium
eyedeekay So compliance shouldn't be that different
zzz different is different
zlatinb I'll make sure it's done for 1.8
zlatinb probably just a matter of putting a copy of the exact license in the licenses folder
zzz assuming you do bundle LICENSE.txt and licenses/*, you already have GPLv2, but not classpath exception or EPL
zzz I wouldn't have agreed to your promotion out of beta, or even into beta, without having this all straight
zlatinb sorry
zlatinb mea culpa
zzz iirc you were all good at one point but then I guess you switched to oracle
zzz I also don't understand why you two are using different Java suppliers... why???
zlatinb not sure, I don't remember what was the license before it became EPL
zlatinb Well we started with AdoptOpenJDK because knaccc from i2p-zero said it was good, then they became Adoptium and started lagging behind Oracle releases by a few days
zzz so then why is eyedeekay still on adpotium?
zlatinb lack of coordination
eyedeekay Yes I did not know that I should be switching, if I need to switch to Oracle then that's what I'll do instead
eyedeekay Just need a little while to get everything switched over
zlatinb adoptium is sometimes days behind.. they have a different jvm "J9" which is supposed to be optimized for desktop apps
zlatinb I'm not aware of any other technological differences
eyedeekay It's just what I set up first, learned how to update, and got used to using as far as I'm concerned. Not a big deal to get used to a different one.
zzz ok, lets work smarter and get less siloed on the bundle products, we shouldn't be letting them diverge so much
eyedeekay Oh good an opportunity to make building it a little nicer, fringe benefit of switching JDK's for the first time I guess, highlights the pain points
eche|on back alive
eyedeekay Re: a general announcement about the ECDSA bug, I think we'll need to do one for the sake of Debian folks as well informing them that they may need to downgrade to Java 11 for a couple days
eyedeekay I can write that announcement if need be
zlatinb if you deploy the bundles to getip2.net pls update the reddit post (if I'm not around)
eyedeekay Will do