libre #smartos

28 Sep 2022

SmartOS -- A Modern, Open Source, Datacenter Operating System | smartos.org | github.com/TritonDataCenter/smartos-live | github.com/TritonDataCenter/triton | Security -- TritonDataCenter.com/security-issues | Channel logs - log.omnios.org/smartos

• 01:11
  nahamu
  I consider my current fsnotify port to event ports ready to merge / production ready. Please test it, if you find bugs in the illumos bits file issues and tag me on them, etc. I hope it will land soon: fsnotify/fsnotify #371#issuecomment-1248196095
• 02:31
  jesse_
  nahamu, even "test it!" is a bit challenging if you're not go-oriented... and the thing you're using is a binary install=)
• 02:47
  nahamu
  I might be able to help. What software would folks want to test?
• 03:13
  jesse_
  ... traefik for me in this instance
• 13:12
  nikolam
  So, anyone were installing 2FA on Smartos ? Like I got las answer some time ago that I need a separately compiled package for it to work.. Is it still so?
• 13:30
  nbjoerg
  nikolam: 2FA for what?
• 13:30
  nikolam
  hi nbjoerg . 2fa for accessing Smartos root shell over ssh.
• 13:31
  nikolam
  After that could be presumably made for Smartos zones and later LX zones
• 13:31
  nikolam
  I feel uneasy accessing Smartos as root over ssh, without 2FA
• 13:33
  nbjoerg
  nikolam: have you looked at FIDO?
• 13:33
  nbjoerg
  the current version should have support for it out of the box
• 13:51
  sjorge
  Depending on the openssh version, FIDO2 resident keys work fine.
• 13:53
  nbjoerg
  resident keys are generally not what you want
• 13:54
  nbjoerg
  but yeah, from the server side as long as you hae 8.4+, any modern FIDO2/U2F token should work
• 14:02
  nahamu
  I've used TOTP codes on SmartOS in the past. I don't have any notes though, just a tarball with binaries and config files.
• 14:19
  jperkin
  at joyent and mnx we've used duo, there's a package for the pam auth etc, it works fine
• 14:20
  bahamat
  It doesn't work for the global zone though.
• 14:21
  bahamat
  We had to custom compile it because the gz pam stack is 32-bit
• 14:21
  jperkin
  I can work around that similar to the samba compat32 package
• 14:22
  jperkin
  will be a bit more involved for the tools set, but there's already a joyent/duo-unix-compat32 package for the 64-bit set
• 14:23
  bahamat
  Ah...
• 14:27
  bahamat
  Seems to be missing from 21.4.0
• 14:29
  jperkin
  oops, forgot to copy up fixed elfedit, will fix that
• 14:40
  bahamat
  Why doesn't it work for tools?
• 14:54
  jperkin
  the way it works for the regular set is I do a limited 32-bit build first and then bundle the libs from that, there's no corresponding 32-bit build of tools yet so I'd need to set that up first
• 20:07
  nahamu
  jesse_: if I can get you a traefik binary would you be able to test it?
• 20:09
  nahamu
  jesse_: shalman.org/files/traefik if you're feeling brave.
• 20:09
  nahamu
  the replace I used to build it was "github.com/fsnotify/fsnotify => github.com/nshalman/fsnotify v1.4.10-0.20220916160905-9dcb6e29524f"
• 20:12
  Smithx10
  nahamu: with the fsnotify save!
• 20:20
  papertigers
  that change has been a long time coming!
• 20:20
  papertigers
  excited for you to land it :)
• 20:22
  Smithx10
  papertigers: where is our OPTE VPC bro!
• 20:22
  Smithx10
  lol <3
• 20:23
  nahamu
  it still hasn't landed yet.
• 20:23
  nahamu
  getting trolled by a kernel bug along the way was fun.
• 20:23
  Smithx10
  jclulow's fault
• 20:23
  Smithx10
  :P
• 21:22
  jesse_
  nahamu, that's illumos binary?
• 21:39
  jesse_
  nahamu, so far has not failed smoketests. Will have to try more things with it later
• 22:38
  nahamu
  jesse_: thanks!