AkkomaGang/akkoma
AkkomaGang
/
akkoma
12
63
Fork 83
Code Issues 169 Pull Requests 16 Packages Projects 2 Releases 13 Wiki Activity

Backport recent security fixes to 2023.03 or to Elixir 1.13.4 #556

New Issue
Closed
opened 2023-05-30 12:39:37 +00:00 by SuperDicq · 5 comments
SuperDicq commented 2023-05-30 12:39:37 +00:00
Copy Link

I've heard from multiple admins (Myself, @a1ba@suya.place and @rosey@neko.computer) that Elixir 1.14 is causing unneeded headaches because this version is still not available in the official Erlang Solutions repository.

A solution to this is to make sure Akkoma runs on 1.13.4, alternatively the security fix can be backported to release 2023.03, which is the last version that still runs on a Elixir version available in the official repository.

If this is not possible and we want to make the asdf version manager the only supported version manager for Akkoma the docs should reflect probably that.

The Soapbox installation guide explains how to use asdf quite well as an example: https://soapbox.pub/install/

I've heard from multiple admins (Myself, @a1ba@suya.place and @rosey@neko.computer) that Elixir 1.14 is causing unneeded headaches because this version is still not available in the official [Erlang Solutions repository](https://www.erlang-solutions.com/downloads/). A solution to this is to make sure Akkoma runs on 1.13.4, alternatively the security fix can be backported to release 2023.03, which is the last version that still runs on a Elixir version available in the official repository. If this is not possible and we want to make the [asdf](https://github.com/asdf-vm/asdf) version manager the only supported version manager for Akkoma the docs should reflect probably that. The Soapbox installation guide explains how to use asdf quite well as an example: https://soapbox.pub/install/
floatingghost commented 2023-05-30 12:53:35 +00:00
Owner
Copy Link

no

no
SuperDicq commented 2023-05-30 13:01:05 +00:00
Author
Copy Link

Could you explain why this is getting completely dismissed without explanation?

I would personally be willing to add asdf instructions to the docs if backporting or lowering the version requirement is not an option.

Could you explain why this is getting completely dismissed without explanation? I would personally be willing to add asdf instructions to the docs if backporting or lowering the version requirement is not an option.
floatingghost commented 2023-05-30 13:05:15 +00:00
Owner
Copy Link

the "backport" suggestion is mindbogglingly silly and should be embarrassing to even think of

we support the version as specified in the documentation, the tools to use the versions specified are listed in the docs

your issue suggests both lowering the requirement which would cause a regression, or doing something idiotic, neither of which are particularly good ideas

the "backport" suggestion is mindbogglingly silly and should be embarrassing to even think of we support the version as specified in the documentation, the tools to use the versions specified are listed in the docs your issue suggests both lowering the requirement which would cause a regression, or doing something idiotic, neither of which are particularly good ideas
SuperDicq commented 2023-05-30 13:14:59 +00:00
Author
Copy Link

The docs do list asdf, but it doesn't give instructions on how to use it.

On the Debian or Ubuntu page for example the docs still suggest to install Elixir using the APT package manager, which is currently impossible. This will result in unnecessary hardship that could prevent some users from installing or updating Akkoma in the first place.

I personally think it is not a good idea to make the minimum required version a version that is not available in most repositories, but you're right it might be "idiotic" to reduce the minimum version at the current point in time and cause regression.

Then please consider this post a suggestion to least think about availability next time before moving the Akkoma to a new Elixir version maybe.

The docs do list asdf, but it doesn't give instructions on how to use it. On the Debian or Ubuntu page for example the docs still suggest to install Elixir using the APT package manager, which is currently impossible. This will result in unnecessary hardship that could prevent some users from installing or updating Akkoma in the first place. I personally think it is not a good idea to make the minimum required version a version that is not available in most repositories, but you're right it might be "idiotic" to reduce the minimum version at the current point in time and cause regression. Then please consider this post a suggestion to least think about availability next time before moving the Akkoma to a new Elixir version maybe.
a1batross commented 2023-05-30 14:26:29 +00:00
Copy Link

the tools to use the versions specified are listed in the docs

Documentation doesn't really tell anything about asdf, and if I didn't know about it beforehand, it would be a complex quest to understand how it works too.

It's unfortunate that latest Elixir can't be installed from repositories, so asdf should be in the docs instead. And it's not like we use outdated operating systems, both Debian Stable and Ubuntu LTS doesn't package latest Elixir, and Elixir Solutions repository simply ignores these Debian/Ubuntu releases.

For myself, I ended up installing asdf to a user Akkoma runs from, which is documented in asdf docs. The only problem was modifying systemd service to directly call asdf wrappers, but it's easy, just replace Environment and ExecStart:

Environment="PATH=/var/lib/pleroma/.asdf/shims:/var/lib/pleroma/.asdf/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
ExecStart=/var/lib/pleroma/.asdf/shims/mix phx.server
>the tools to use the versions specified are listed in the docs Documentation doesn't really tell anything about `asdf`, and if I didn't know about it beforehand, it would be a complex quest to understand how it works too. It's unfortunate that latest Elixir can't be installed from repositories, so `asdf` should be in the docs instead. And it's not like we use outdated operating systems, both Debian Stable and Ubuntu LTS doesn't package latest Elixir, and Elixir Solutions repository simply ignores these Debian/Ubuntu releases. For myself, I ended up installing `asdf` to a user Akkoma runs from, which is documented in `asdf` docs. The only problem was modifying systemd service to directly call `asdf` wrappers, but it's easy, just replace `Environment` and `ExecStart`: ```ini Environment="PATH=/var/lib/pleroma/.asdf/shims:/var/lib/pleroma/.asdf/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ExecStart=/var/lib/pleroma/.asdf/shims/mix phx.server ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
stable
translations
backoff-http
bad-uploader-config-warning
docker
user-expiry-backfill
config-db-keys
ensure-scrubbers-loaded
otp26
code-shaking-does-not-go-brr
elixir1.15
circleci
backup-fixes
mod-task
policy
mrf-coolness
frontend-switcher-9000
contentMap
language-on-posts
rabbit
credo-on-pr
unify-http
normalise-markup-by-default
buildx
v3.13.1
v3.13.0
snac-3.12.1.2
v3.12.2
snac-3.12.1.1
v3.12.1
v3.12.0
v3.11.0
v2.6.2
v2.6.1
v2.6.0
v2.5.5
v3.10.4
v3.10.3
v3.10.2
v3.10.1
v3.10.0
v2.5.4
v2.5.3
v3.9.3
v3.9.2
v3.9.1
V3.9.0
2023.05
v3.8.0
v3.7.1
v3.7.0
v3.6.0
v3.5.0
v2.4.5
v3.4.0
v3.3.1
v2.4.4
v3.3.0
v3.2.3
v3.2.2
v3.2.1
stable-202209
v3.2.0
v3.1.0
stable-2022.07
v3.0.0
v0.0.1
v2.5.2-6
v2.5.2-5
v2.5.2-4
v2.5.2-3
v2.5.2-2
v2.5.2-1
v2.5.2
v2.5.1
v2.5.0-8
v2.5.0-7
v2.5.0-6
v2.5.0-5
v2.5.0-4
v2.5.0-3
v2.5.0-2
v2.5.0-1
v2.5.0
v2.4.3
pre-rebase
v2.4.2
v2.4.1
v2.4.0
soapbox-v1.1.1
soapbox-v1.1.0
soapbox-v1.0.0
v2.3.0
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.91
v1.0.90
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.9.0
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs docs

   
needs tests

   
not a bug

   
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No Label
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#556
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?