Page MenuHomePhabricator

Replace ircd-ratbox with something newer/maintained
Closed, DuplicatePublic

Description

Our IRC server is currently running a custom package of ircd-ratbox. This has several issues:

  • It's old code (possibly ridden with security vulnerabilities)
  • We're not properly maintaining it
  • We're missing some features, e.g. TLS
  • The packages are odd, with e.g. the configuration file being under /usr/etc.

So we should replace it with something newer. From a quick search, Debian seems to have lots of IRCd, with these as prime candidates: ircd-hybrid (from which ratbox was forked from), charybdis ("roots in ircd-ratbox and ircu") and ngircd (a lightweight server written from scratch).

charybdis sounds like the easiest migration path for us — the config file is almost the same, so probably compatible.

While at it, the config file should be split into a public section, checked in to puppet, that simple uses the .include facility to include the private parts (which in turn should be cleaned up, tons of ancient ACLs int there).

Event Timeline

12:40 -!- Irssi: Join to #charybdis was synced in 2 secs
..
12:47 < Simon-> it's very similar but not 100% compatible
12:48 < kaniini> there have been divergences in both directions
12:48 < kaniini> but originally, charybdis was a ratbox derivative
..
12:48 < jackal^> mutante, you'll get warnings about gline stuff

12:53 < kaniini> mutante: i would just use the charybdis config as a basis and include relevant elements from your ratbox config. charybdis has a completely different oper privilege system though, so o:lines will have to be converted.
12:53 < jackal^> i guess one of most confusing things will be privset{}
12:54 < kaniini> jackal^: right, his o:lines wont have privilege unless he configures them ;)

@faidon T132427 is about @Muehlenhoff building the ratbox package and the thing is that there is this custom patch in it -> https://github.com/wikimedia/operations-debs-ircd-ratbox/blob/master/ircd-ratbox-notalk.patch from Fred Vassard.

That gives us the "only opers can create channels"-feature that we are using.

<Krenair> The specific features we need: only opers can create channels, only opers can send messages

So a replacement ircd would have to provide this feature, and also see above, i went to the Charybdis channel and they say it's better to start from a fresh config.

This comment was removed by Krenair.

There was activity at some point to deprecate irc.wikimedia.org altogether. I wonder what happened with that.

There was activity at some point to deprecate irc.wikimedia.org altogether. I wonder what happened with that.

see T87780#2031332

Change 286783 had a related patch set uploaded (by Dzahn):
ircserver: move ircd.conf to public repo

https://gerrit.wikimedia.org/r/286783

Change 286783 merged by Dzahn:
ircserver: move ircd.conf to public repo

https://gerrit.wikimedia.org/r/286783

also: https://gerrit.wikimedia.org/r/#/c/286785/ merged

as of today we had ~ 96 users left on the old server and 191 users on the new server

after merging the last 2 changes i restarted ircd on the old server and right after we have now 293 users on new server, so confirmed that pretty much all of them reconnected automatically and are now migrated to new server

Change 345791 had a related patch set uploaded (by Dzahn):
[operations/puppet@production] new profile/role for IRC server using charybdis (WIP)

https://gerrit.wikimedia.org/r/345791

So our ratbox has this custom patch to disallow people creating channels unless they are oper. This https://github.com/wikimedia/operations-debs-ircd-ratbox/blob/master/ircd-ratbox-notalk.patch

So the replacement would have to support that _without_ needing another patch hopefully.

To find that out about charybdis i asked in their Freenode support channel a bit and i got this link, there is an extension to do just that. Happy that exists :)

https://github.com/charybdis-ircd/charybdis/blob/release/3.5/extensions/createoperonly.c

18:24 < amdj> for what you want, you'll be best served by loading extensions/createoperonly, putting +g in default umodes, and putting +m in default cmodes

18:26 < amdj> there's also a lesser version of createoperonly, called createauthonly, that permits identified users to create channels
18:27 < amdj> so if you restrict the nickserv register command in services this means you don't need to give o:lines out to quite so many things
18:27 < amdj> (if that applies)

18:28 < amdj> the modules, autochanmodes, and default_umodes are in reference.conf.

The patches we have for "only ops can create channels" and "only ops can talk" can both be done in core InspIRCd from memory (although it has been a while since i've looked).

Dzahn lowered the priority of this task from Medium to Low.Jun 20 2018, 7:03 AM
Dzahn changed the task status from Open to Stalled.Dec 4 2018, 5:39 PM

Following the "cookie licking on Phab" discussion i'm unassigning this from me because i am not going to work on it soon and T185319 says that Analytics took over stewardship for RC feeds.

Dzahn removed Dzahn as the assignee of this task.Dec 5 2019, 8:26 PM
Dzahn added a subscriber: Dzahn.