• New Big-8 Newsgroup

    From Jason Evans@21:1/5 to All on Tue Oct 26 05:42:14 2021
    Hi all,

    Yesterday, a signed control message went out to create
    comp.infosystems.gemini at around 20:00GMT. I can see the control message
    on my server but my INN did not automatically add it to the /var/lib/news/ newsgroups file. Though I do see it in https://ftp.isc.org/pub/usenet/ CONFIG/newsgroups. Previously new groups had been added to my file automatically.

    I am running INN 2.6.2 because that's the version that's being shipping
    with openSUSE Leap 15.3.

    I would appreciate it if anyone running a server could check to see if
    they are carrying this newsgroup. Thanks!

    Jason

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to Jason Evans on Tue Oct 26 08:49:17 2021
    Jason Evans <jsevans@mailfence.com> writes:
    Yesterday, a signed control message went out to create comp.infosystems.gemini at around 20:00GMT. I can see the control message
    on my server but my INN did not automatically add it to the /var/lib/news/ newsgroups file. Though I do see it in https://ftp.isc.org/pub/usenet/ CONFIG/newsgroups. Previously new groups had been added to my file automatically.

    I am running INN 2.6.2 because that's the version that's being shipping
    with openSUSE Leap 15.3.

    I would appreciate it if anyone running a server could check to see if
    they are carrying this newsgroup. Thanks!

    # grep -h gemini /var/lib/docker/volumes/innmantic/_data/var/lib/news/{active,newsgroups}
    comp.infosystems.gemini 0000000000 0000000001 y
    comp.infosystems.gemini Internet Hypertext System, Privacy, Accessibility.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to Jason Evans on Tue Oct 26 10:03:31 2021
    Jason Evans <board@big-8.org> writes:
    On Tue, 26 Oct 2021 08:49:17 +0100, Richard Kettlewell wrote:

    # grep -h gemini
    /var/lib/docker/volumes/innmantic/_data/var/lib/news/{active,newsgroups}
    comp.infosystems.gemini 0000000000 0000000001 y comp.infosystems.gemini
    Internet Hypertext System, Privacy, Accessibility.

    What's the image that your container is based on? I don't see anything
    about "innmantic" on hub.docker.com.

    It’s my own creation.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jason Evans@21:1/5 to Richard Kettlewell on Tue Oct 26 08:43:49 2021
    On Tue, 26 Oct 2021 08:49:17 +0100, Richard Kettlewell wrote:

    # grep -h gemini /var/lib/docker/volumes/innmantic/_data/var/lib/news/{active,newsgroups} comp.infosystems.gemini 0000000000 0000000001 y comp.infosystems.gemini Internet Hypertext System, Privacy, Accessibility.

    What's the image that your container is based on? I don't see anything
    about "innmantic" on hub.docker.com.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Julien_=c3=89LIE?=@21:1/5 to All on Tue Oct 26 12:47:43 2021
    Hi Jason,

    Yesterday, a signed control message went out to create comp.infosystems.gemini at around 20:00GMT. I can see the control message
    on my server but my INN did not automatically add it to the /var/lib/news/ newsgroups file. Though I do see it in https://ftp.isc.org/pub/usenet/ CONFIG/newsgroups. Previously new groups had been added to my file automatically.

    I am running INN 2.6.2 because that's the version that's being shipping
    with openSUSE Leap 15.3.

    Are the PGP keys still present and valid?

    To manually check the signature:

    % grephistory '<cmsg-20211025200002$fdfd@isc.org>' | sm > control.article

    % pgpverify -test < control.article



    As the news user, run the following command to see the currently
    installed keys:

    % gpg --list-keys
    /home/news/.gnupg/pubring.kbx
    -----------------------------
    pub rsa4096 2021-03-14 [SC]
    8E181BEF0BE638962C1A5C98FAFE7B550C18C8B7
    uid [ inconnue] news.announce.newgroups
    sub rsa4096 2021-03-14 [E]


    In <pathlib>/perl/INN/Config.pm you'll find which gpg program is used
    (in case you have gpg1 and gpg2 for instance):

    our $gpgv = '/usr/bin/gpgv';
    our $gpg = '/usr/bin/gpg';

    --
    Julien ÉLIE

    « Vous savez, les idées, elles sont dans l'air. Il suffit que quelqu'un
    vous en parle de trop près, pour que vous les attrapiez ! » (Raymond
    Devos)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to Henning Hucke on Tue Oct 26 12:53:06 2021
    Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> writes:
    On 2021-10-26, Richard Kettlewell <invalid@invalid.invalid> wrote:
    Jason Evans <board@big-8.org> writes:
    On Tue, 26 Oct 2021 08:49:17 +0100, Richard Kettlewell wrote:
    [...]
    What's the image that your container is based on? I don't see
    anything about "innmantic" on hub.docker.com.

    It’s my own creation.

    And why do you put inn into a container anyway?

    Easier long-term management.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Henning Hucke@21:1/5 to Richard Kettlewell on Tue Oct 26 10:43:40 2021
    On 2021-10-26, Richard Kettlewell <invalid@invalid.invalid> wrote:


    Jason Evans <board@big-8.org> writes:
    On Tue, 26 Oct 2021 08:49:17 +0100, Richard Kettlewell wrote:
    [...]
    What's the image that your container is based on? I don't see anything
    about "innmantic" on hub.docker.com.

    It’s my own creation.

    And why do you put inn into a container anyway?

    Regards
    Henning
    --
    In the first place, God made idiots;
    this was for practice; then he made school boards.
    -- Mark Twain

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jason Evans@21:1/5 to All on Tue Oct 26 13:11:17 2021
    On Tue, 26 Oct 2021 12:47:43 +0200, Julien ÉLIE wrote:

    % gpg --list-keys /home/news/.gnupg/pubring.kbx
    -----------------------------
    pub rsa4096 2021-03-14 [SC]
    8E181BEF0BE638962C1A5C98FAFE7B550C18C8B7
    uid [ inconnue] news.announce.newgroups sub rsa4096
    2021-03-14 [E]

    I will add this key to my keychain. What are the odds that other news
    server admins do not have this and so will not respect the newgroup
    request? That's why I posted this to see if other server admins could let
    me know if they are now carrying the goup.

    Jason

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Russ Allbery@21:1/5 to Jason Evans on Tue Oct 26 08:55:53 2021
    Jason Evans <board@big-8.org> writes:
    On Tue, 26 Oct 2021 12:47:43 +0200, Julien ÉLIE wrote:

    % gpg --list-keys /home/news/.gnupg/pubring.kbx
    -----------------------------
    pub rsa4096 2021-03-14 [SC]
    8E181BEF0BE638962C1A5C98FAFE7B550C18C8B7
    uid [ inconnue] news.announce.newgroups sub rsa4096
    2021-03-14 [E]

    I will add this key to my keychain. What are the odds that other news
    server admins do not have this and so will not respect the newgroup
    request? That's why I posted this to see if other server admins could let
    me know if they are now carrying the goup.

    newgroups were posted with both the old and the new keys, so I don't think
    the key transition is the problem. Did you have any keys in your
    keychain? It's not very obvious and it's fairly far down in the INN
    INSTALL instructions.

    (For whatever it's worth, my INN installation processed the newgroup
    without any problems, but that's probably unsurprising.)

    --
    Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

    Please post questions rather than mailing me directly.
    <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jason Evans@21:1/5 to Russ Allbery on Tue Oct 26 16:20:22 2021
    On Tue, 26 Oct 2021 08:55:53 -0700, Russ Allbery wrote:

    newgroups were posted with both the old and the new keys, so I don't
    think the key transition is the problem. Did you have any keys in your keychain? It's not very obvious and it's fairly far down in the INN
    INSTALL instructions.


    I will double check this. Thanks, Russ.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Todd M. McComb@21:1/5 to board@big-8.org on Tue Oct 26 17:53:04 2021
    In article <sl8upl$ji0$2@theuse.news.theuse.net>,
    Jason Evans <board@big-8.org> wrote:
    That's why I posted this to see if other server admins could let
    me know if they are now carrying the goup.

    First post just appeared on the new group. From news.individual.net.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Henning Hucke@21:1/5 to Richard Kettlewell on Tue Oct 26 17:53:52 2021
    On 2021-10-26, Richard Kettlewell <invalid@invalid.invalid> wrote:

    Hello Richard,

    Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> writes:
    [...]
    And why do you put inn into a container anyway?

    Easier long-term management.

    I doubt this. I'm able to do both things; building deb packages as well
    as putting stuff into docker containers and I find it slightly easier
    and for shure less resource intensive to build a deb package. Especially
    since one can easily use/reuse the already existing deb source package
    to build one with a new version of inn on for debian.

    It would be something else if a container would impose more security or
    a more stable runtime environment. But inn is obviously well compilable
    for diverse version of Linux and more than that for debian Linux.

    Anyway. If it works for you do it this way for yourself.

    Best regards
    Henning
    --
    How many bits would a BitBlit blit if a BitBlit could blit bits?
    -- macanespie@waves.pas.ti.com in <1993Nov16.130625.1@waves.pas.ti.com>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Russ Allbery@21:1/5 to Henning Hucke on Tue Oct 26 12:09:35 2021
    Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> writes:

    I doubt this. I'm able to do both things; building deb packages as well
    as putting stuff into docker containers and I find it slightly easier
    and for shure less resource intensive to build a deb package. Especially since one can easily use/reuse the already existing deb source package
    to build one with a new version of inn on for debian.

    They're not mutually exclusive! You can use the Debian package inside a
    Docker container fairly easily, and indeed that's often a sensible thing
    to do (particularly if you're happy with the package that comes with the
    latest stable, which Richard presumably isn't since he's doing active development on INN).

    If the goal is to have a reproducible INN server build from checked-in configuration in Git or the like, you can do that with a config management system like Puppet on a server or you can do that with a Docker build
    script, and I think which one you choose is to a large degree a matter of taste. They have different trade-offs (Docker images are easier to move
    around to different hosts, for instance, but require more fiddling around
    with mounting storage). Personally, I use Puppet but that's probably an artifact of when I started and the fact I already had a Puppet module
    laying around.

    It would be something else if a container would impose more security or a more stable runtime environment.

    It can impose somewhat more security, although it's probably equivalent to
    the systemd unit file provided that you uncomment all the bits that
    require installing a non-setuid MTA.

    --
    Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

    Please post questions rather than mailing me directly.
    <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to Jason Evans on Tue Oct 26 20:14:04 2021
    Jason Evans <jsevans@mailfence.com> writes:
    Richard Kettlewell wrote:
    It’s my own creation.

    Would you consider sharing your Dockerfile or a link to Github/lab/
    whatever?

    It’s rather tied up with a lot of stuff that’s unique to me, both in
    terms of underlying infrastructure and what it shares its git repo
    with. From anyone else’s point of view it’s probably idiosyncratic at
    best! But maybe if I have time.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jason Evans@21:1/5 to Richard Kettlewell on Tue Oct 26 19:05:42 2021
    On Tue, 26 Oct 2021 10:03:31 +0100, Richard Kettlewell wrote:

    It’s my own creation.

    Would you consider sharing your Dockerfile or a link to Github/lab/
    whatever?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thomas Hochstein@21:1/5 to Jason Evans on Tue Oct 26 23:39:25 2021
    Jason Evans schrieb:

    I would appreciate it if anyone running a server could check to see if
    they are carrying this newsgroup.

    The newgroup (one of them ...) has been executed here:
    | Oct 25 22:00:03 weidegrund innd: ctlinnd command k:comp.infosystems.gemini:y:group-admin@isc.org
    | Oct 25 22:00:04 weidegrund innd: SERVER newgroup comp.infosystems.gemini as y

    (Time ist GMT+0200, MEST).

    -thh

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nigel Reed@21:1/5 to Jason Evans on Tue Oct 26 19:27:14 2021
    On Tue, 26 Oct 2021 05:42:14 -0000 (UTC)
    Jason Evans <jsevans@mailfence.com> wrote:

    Hi all,

    Yesterday, a signed control message went out to create comp.infosystems.gemini at around 20:00GMT. I can see the control
    message on my server but my INN did not automatically add it to the /var/lib/news/ newsgroups file. Though I do see it in https://ftp.isc.org/pub/usenet/ CONFIG/newsgroups. Previously new
    groups had been added to my file automatically.


    I would appreciate it if anyone running a server could check to see
    if they are carrying this newsgroup. Thanks!

    I saw the message come through but I don't think my newsserver added it automatically. Whether I have the config correct to do that is really a
    crap shoot. I was just trying to get it up and running. I'll have to
    dig into the config a bit more.

    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Russ Allbery@21:1/5 to Nigel Reed on Tue Oct 26 18:00:01 2021
    Nigel Reed <sysop@endofthelinebbs.com> writes:

    What does one do when there are no keys?
    Do I have to go through the control.ctl file and pull down and import
    each one individually (gpg won't install the first one I got because it
    was PGP-2), or is there a nice list somewhere of all the keys that
    should be imported?

    You can download:

    https://ftp.isc.org/pub/pgpcontrol/PGPKEYS

    and just run gpg --import on it.

    This is mentioned in the INSTALL guide but it's pretty buried (literally
    at the bottom) because there are so many details to installing INN.

    --
    Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

    Please post questions rather than mailing me directly.
    <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nigel Reed@21:1/5 to iulius@nom-de-mon-site.com.invalid on Tue Oct 26 19:51:53 2021
    On Tue, 26 Oct 2021 12:47:43 +0200
    Julien ÉLIE <iulius@nom-de-mon-site.com.invalid> wrote:

    % gpg --list-keys
    /home/news/.gnupg/pubring.kbx


    What does one do when there are no keys?
    Do I have to go through the control.ctl file and pull down and import
    each one individually (gpg won't install the first one I got because it
    was PGP-2), or is there a nice list somewhere of all the keys that
    should be imported?


    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nigel Reed@21:1/5 to Russ Allbery on Wed Oct 27 00:26:45 2021
    On Tue, 26 Oct 2021 18:00:01 -0700
    Russ Allbery <eagle@eyrie.org> wrote:

    You can download:

    https://ftp.isc.org/pub/pgpcontrol/PGPKEYS

    and just run gpg --import on it.

    Doh, totally missed that bit right at the end. Is it expected that most
    of the keys wont import?


    gpg: Total number processed: 103
    gpg: skipped PGP-2 keys: 87
    gpg: imported: 16


    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Julien_=c3=89LIE?=@21:1/5 to All on Wed Oct 27 14:01:31 2021
    Hi Russ,

    This is mentioned in the INSTALL guide but it's pretty buried (literally
    at the bottom) because there are so many details to installing INN.

    Wondering whether we could not add configure options to install
    wide-spread stuff like Cleanfeed, NoCeM and PGP keys for control
    articles (like we already install control.ctl).

    --with-cleanfeed
    --with-pyclean
    --with-all-control-keys
    --with-all-nocem-keys

    This way, all these could be updated at the same time INN is.

    Any thoughts about that?

    --
    Julien ÉLIE

    « Quoi de plus inhumain qu'un sacrifice humain ? » (Alphonse Allais)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Julien_=c3=89LIE?=@21:1/5 to All on Wed Oct 27 14:10:35 2021
    Responding to myself,

    Wondering whether we could not add configure options to install
    wide-spread stuff like Cleanfeed, NoCeM and PGP keys for control
    articles (like we already install control.ctl).

    --with-cleanfeed
    --with-pyclean
    --with-all-control-keys
    --with-all-nocem-keys

    This way, all these could be updated at the same time INN is.

    Any thoughts about that?

    Or probably better, adding 4 scripts to do that. The news admin can
    then execute them whenever he wants.
    Similarly to the buildinnkeyring shipped with the Debian package:

    https://salsa.debian.org/md/inn2/-/blob/master/debian/patches/extra-scripts

    --
    Julien ÉLIE

    « – Ils s'arrêtaient tous les jours à 5 heures, pour boire de l'eau
    chaude…
    – Je prendrai un nuage de lait, je vous prie. » (Astérix)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Russ Allbery@21:1/5 to Nigel Reed on Wed Oct 27 08:22:37 2021
    Nigel Reed <sysop@endofthelinebbs.com> writes:

    Doh, totally missed that bit right at the end. Is it expected that most
    of the keys wont import?

    gpg: Total number processed: 103
    gpg: skipped PGP-2 keys: 87
    gpg: imported: 16

    It is, yes, and most of them are inactive, but I also just realized that I haven't updated the Big Eight control key in that file like I thought that
    I did, so that one also failed to import. :(

    I will try to get that fixed and in the meantime you can get the new key
    from https://www.eyrie.org/~eagle/big-8/key.asc since that's probably one
    of the more interesting ones that you want to import.

    --
    Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

    Please post questions rather than mailing me directly.
    <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)