**** BEGIN LOGGING AT Wed Mar 18 02:59:58 2020 Mar 18 04:32:06 Hello all Mar 18 04:32:29 What's the difference between Mar 18 04:32:31 KERNEL_PATCHVER:=4.19 Mar 18 04:32:32 KERNEL_TESTING_PATCHVER:=5.4 Mar 18 04:57:54 the former is the default, v4.19 - the later (v5.4) can be selected from the buildconfig Mar 18 05:20:18 just built a new img with openssl as the backend instead of luci-ssl but it failed Mar 18 05:20:24 sorry not failed Mar 18 05:20:45 but the load times for each config page on luci take 4-7 seconds Mar 18 07:22:18 hm, https://gitlab.com/openwrt/project/ubus - The default branch (master) has diverged from its upstream counterpart and could not be updated automatically. Mar 18 07:23:19 gitlab has master at 8ebebbda7f4a81bea10905c083dbf51807df7d53 and git.o.o has it at 171469e3138cce191892e20b6fd35b52c9368064 Mar 18 07:23:22 same commit Mar 18 07:23:25 weird Mar 18 07:24:35 all the previous commits seems allright Mar 18 07:26:12 ynezz: that probably was me. I pushed a bad commit and reset the remote to its previous stage, maybe your gitlab already synced then Mar 18 07:26:26 ah, ok then :) Mar 18 07:30:00 https://github.com/mkj/dropbear/commit/3d12521735e7ef7e48be217af0f27d68e23050a7 Mar 18 07:30:56 yubikeys support only RSA :p Mar 18 07:32:17 curve25519 increases binary size by ~2,5kB on x86-64, nice Mar 18 08:15:02 BTW, there're some cheap USB smartcard imitators (e.g. Nitrokey start) all using Gnuk on STM32F103 microcontroller. https://blog.zapb.de/stm32f1-exceptional-failure/ Gnuk encrypts the key with pin though. Mar 18 08:28:12 jow: ping - question on certs for infra Mar 18 08:28:34 PaulFertser: how is that related? :) Mar 18 08:29:12 ynezz: you mentioned yubikey, and that's not the only USB device out there used for ssh authentication. Mar 18 08:30:07 ynezz: I think many hackers were enthusiastic about Gnuk and some might still be using it, so their threat models might need to be amended now that an easy attack on their security is available. Mar 18 08:31:53 PaulFertser: not bulletproof, but still seems much better then having the keys on the table (disk) Mar 18 08:32:55 I wouldn't try to compare some general purpose MCU with yubikey though Mar 18 08:34:09 MCU + some secure elements like ATECC608A/A7101CHUK would work Mar 18 08:34:26 hi Mar 18 08:34:30 ynezz: I agree. Just wanted to warn the gnuk users (if there're any lurking on this channel) that their devices should be considered a bit less secure now. Mar 18 08:34:40 anyone know how to read channel utilisation from mac80211 ? Mar 18 08:35:03 PaulFertser: you need JTAG (physical access) to the key, don't you? Mar 18 08:35:29 s/JTAG/SWD/ Mar 18 08:35:47 blogic: you can see "busy time" and "active time" in "iw dev wlan1 survey dump", is that what you want? Mar 18 08:36:08 ynezz: yes, that attack requires at least SWD. Mar 18 08:37:08 PaulFertser: lets see Mar 18 08:37:16 I get it on 5 GHz with mt76. Mar 18 08:38:16 Probably on intel hardware survey dump also includes noise level. Mar 18 08:39:24 noise: -107 dBm Mar 18 08:39:24 channel active time: 22992 ms Mar 18 08:39:25 channel busy time: 519 ms Mar 18 08:39:27 looks good Mar 18 09:06:30 hello Mar 18 09:06:56 I'm having problem compiling from local disk Mar 18 09:07:12 all my source code and custompackages are on my disk Mar 18 09:07:41 my makefiles are configured for git download Mar 18 09:13:02 blablabla: you're supposed to pastebin full "make -j1 V=sc" log somewhere so that the problem could be understood. Mar 18 09:37:51 blablabla: are you the guest yesterday I linked the package local source override docs to yesterday? Mar 18 09:38:27 i am yeah Mar 18 09:39:34 i think I've fix part of the problem Mar 18 09:40:33 well, like paul says, you'ðll need to be a bit more explicit to give you any more concrete answers :) Mar 18 09:41:10 will do Mar 18 09:42:20 Makefile:61: *** Package/python-certifi-src is missing the TITLE field. Stop. Mar 18 09:42:56 this is the error from logs/feeds/packages Mar 18 09:43:25 but this packages should be downloaded from the web Mar 18 09:45:22 the makefile is faulty Mar 18 09:45:38 could be as simple as a isspelled $(call BuildPackage) macro Mar 18 09:45:49 you need to pastebin this makefile so that we can see whats wrong with it Mar 18 09:47:30 ## This is free software, licensed under the GNU General Public License v2.# See /LICENSE for more information.#include $(TOPDIR)/rules.mkPKG_NAME:=python-certifiPKG_VERSION:=2019.6.16PKG_RELEASE:=1PKG_MAINTAINER:=Eneas U de Queiroz Mar 18 09:47:30 PKG_LICENSE:=MPL-2.0PKG_LICENSE_FILES:=LICENSEPKG_SOURCE:=certifi-$(PKG_VERSION).tar.gzPKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/c/certifiPKG_HASH:=945e3ba63a0b9f577b1395204e13c3a231f9bc0223888be653286534e5873695PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-certifi-$(PKG_VERSION)include Mar 18 09:47:31 $(INCLUDE_DIR)/package.mkinclude $(TOPDIR)/feeds/packages/lang/python/python-package.mkinclude $(TOPDIR)/feeds/packages/lang/python/python3-package.mkPKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)define Package/python-certifi/Default SUBMENU:=Python SECTION:=lang CATEGORY:=Languages TITLE:=Python Mar 18 09:47:31 package for Mozilla's CA Bundle URL:=http://certifi.io/endefdefine Package/python-certifi $(call Package/python-certifi/Default) DEPENDS:=+PACKAGE_python-certifi:python-light VARIANT:=pythonendefdefine Package/python3-certifi $(call Package/python-certifi/Default) DEPENDS:=+PACKAGE_python3-certifi:python3-light VARIANT:=python3endefdefine Mar 18 09:47:32 Package/python-certifi/description Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.endefdefine Package/python3-certifi/description$(call Package/python-certifi/description).(Variant for Python3)endef$(eval $(call Mar 18 09:47:32 PyPackage,python-certifi))$(eval $(call BuildPackage,python-certifi))$(eval $(call BuildPackage,python-certifi-src))$(eval $(call Py3Package,python3-certifi))$(eval $(call BuildPackage,python3-certifi))$(eval $(call BuildPackage,python3-certifi-src)) Mar 18 09:47:51 no no no, noone can read that pasted in here Mar 18 09:48:00 yeah i noticed sorry Mar 18 09:58:36 jow: ping Mar 18 10:02:33 ldir: pong Mar 18 10:46:16 Apologies for the noise - I've been investigating znc setup and checking/resolving some 'funnies' in my config Mar 18 10:49:34 blablabla: so, are you going to paste it somewhere else and share a link or? Mar 18 11:12:32 * f00b4r0 ponders, maybe it is possible to write a routerboot mtd splitter after all Mar 18 11:13:09 hey Mar 18 11:13:57 i've fixed my errors. however now i'm getting: fatal: invalid revision range HEAD Mar 18 11:14:24 any ideas? Mar 18 11:17:32 you probably have a shallow clone of the git repo. Mar 18 11:27:22 will shallow clone be a problem when making an image? Mar 18 11:30:09 blablabla: shouldn't be a problem, you can silence the warnings with https://patchwork.ozlabs.org/patch/1248339/ Mar 18 11:30:43 but it's hard to guess from the context you've provided, if its the same case Mar 18 11:31:18 nbd: ping? Mar 18 11:35:06 well will see then, Mar 18 11:35:19 sorry if i'm spamming, but i have another problem: Mar 18 11:36:24 warring has a build dependency on librpc & libiptc, i've search menuconfig but haven't found there libs. Mar 18 11:38:27 that's the ones that recently got moved to new names by upstream right? Mar 18 11:38:35 tirpc iirc? Mar 18 11:39:58 i have no idea. how do i go about fixing it? Mar 18 11:40:57 I have no idea what warring is, or how it's built so no idea :) Mar 18 11:41:50 https://sourceforge.net/projects/libtirpc/ is meant to be ~compat replacement for old librpc iirc Mar 18 12:17:36 WARNING: Makefile 'package/feeds/packages/collectd/Makefile' has a dependency on 'libiptc', which does not exist Mar 18 12:17:53 this is the warrning i'm getting Mar 18 12:19:03 Are you using collectd? Mar 18 12:24:04 just for reference, what tree/branch are yoiu building too? Mar 18 12:30:35 my guess it the buildroot is master or close and the feeds are a bit behind Mar 18 12:33:22 yeah buildroot is master Mar 18 12:35:29 in that case './scripts/feeds update -a' Mar 18 12:41:45 this is kinda weird ./scripts/feeds -a is stuck Mar 18 12:42:01 update* Mar 18 12:44:07 in that case stop it then 'cd feed/packages ; git pull' Mar 18 12:56:05 * ldir has had a major success with znc & oidentd and does a happy dance Mar 18 14:02:33 ldir: and yet your username is prefixed with ~, that means indent reply wasn't obtained by the freenode servers. Mar 18 14:05:09 PaulFertser: Ah, but if you look at KevinDB ;-) Project in progress, all I'm sayin' Mar 18 14:10:17 ldir: cool :) Mar 18 14:13:09 * ynezz prefers ~ branding instead of having another service exposed to wild internet Mar 18 14:20:56 people still run ident servers in 2020? ;) Mar 18 14:22:18 even IRC bouncers! Mar 18 14:22:22 :) Mar 18 14:22:38 :D Mar 18 14:22:57 OK, I'm old, I get it Mar 18 14:24:01 irssi+screen is not latest&greatest I would say Mar 18 14:24:43 I run ident Mar 18 14:24:59 that's why we don't have ~ in front of our ident Mar 18 14:27:12 * ldir waits for dns to propagate - humpfh Mar 18 14:27:41 waits for "You're running DNS? in 2020?!" Mar 18 14:28:03 right, one does not run DNS nowadays Mar 18 14:28:20 you deliver JSON over HTTPS hosted by Cloudflare on the fabric of the internet itself Mar 18 14:28:23 aren't you surfing on IPv6 IP? :P Mar 18 14:29:30 stintel: I thought all ident daemons were exploit-friendly? Mar 18 14:29:34 (i should know, I wrote one ;) Mar 18 14:30:05 an exploit or an identd daemon? Mar 18 14:30:09 or both?! Mar 18 14:30:15 an exploitable ident daemon :P Mar 18 14:30:22 something like that ;) Mar 18 14:33:19 yay dns change propagated - well a bit of it at least Mar 18 14:34:31 at some point I was considering switching to quassel and use quasseldroid so I can have notification on my phone Mar 18 14:34:52 I used to have this in a previous era, with znc and colloquy (iirc) plugin Mar 18 14:36:08 -rwxr-xr-x 1 stijn staff 116211 Jan 15 2010 ./.znc-bak/modules/colloquy.so Mar 18 14:36:12 yep :) Mar 18 14:36:19 all that's needed now is some SSL fairy dust Mar 18 14:37:53 oh there's even an irssi module to connect to quassel core, so I could keep irssi Mar 18 14:37:59 maybe I should put this on my todo list again Mar 18 14:43:50 so matrix done differently? Mar 18 14:44:03 blogic was right, mtd-eeprom looks like the correct way to deal with on-flash wifi caldata. Let's see if I can make this work on ath79 Mar 18 14:47:22 f00b4r0: this sounds like something hardly upstreamable, nvmem is the latest upstream craze Mar 18 14:47:33 ah? Mar 18 14:47:54 * f00b4r0 googles Mar 18 14:48:02 i've been away from kernel dev too long, obviously Mar 18 14:48:26 it's fast moving target Mar 18 14:48:52 that too. Mar 18 14:50:14 IIRC upstream is still broken regarding nvmem and mtd sub partitions Mar 18 14:50:30 *sigh* Mar 18 14:50:39 patch (or two) are needed to get this working properly Mar 18 14:52:31 https://github.com/ynezz/openwrt/commits/wip/nvmem-mac-address Mar 18 14:54:12 target/linux/generic/pending-4.14/682-nvmem-Update-the-OF-binding-to-use-a-subnode-for-the.patch was rejected upstream and original author give up so this needs to be refreshed Mar 18 14:55:42 ynezz: looks neat, however in the case of mikrotik devices I feel like we should probably have an mtd splitter for the so called "RouterBoot" top partition (if that's something acceptable). Mar 18 14:56:03 if so, the partitions that contains the data of interest (mac_addr, caldata) will be dynamically defined Mar 18 14:56:13 I'm not sure I see how this pans out with nvmem Mar 18 14:57:03 https://github.com/ynezz/openwrt/commit/00360cc2118beee5bb33b8c104ca08c798f04994 Mar 18 14:57:29 my point exactly Mar 18 14:57:43 the equivalent of the "art" partition will be dynamically defined. It will not be defined in DTS Mar 18 14:57:52 s/will/would/g Mar 18 14:58:10 that dynamic part smells Mar 18 14:58:23 DTS is definition of hardware Mar 18 14:58:45 mikrotik has a specific "partition scheme" for a large chunk of the mtd device Mar 18 14:59:15 some sub partitions are tagged (and can be programmatically identified). It appears to be so that they can have a variable size for their bootloader Mar 18 14:59:35 thus it is probably wrong to assume that these partitions will always be at the same place, even on a given device Mar 18 15:00:11 sounds like a fun Mar 18 15:00:28 well, it sounds more like a very simplistic key-value filesystem Mar 18 15:00:32 not really a partition scheme Mar 18 15:01:04 a case in point here: https://github.com/ynezz/openwrt/blob/f2f5c96c5283e72c3155e53e61c638f32f32150f/target/linux/ath79/dts/qca9558_mikrotik_routerboard-922uags-5hpacd.dts#L112 Mar 18 15:01:27 on ar71xx, that partition was dynamically detected. There's nothing that says it will always be at offset 0xc000 Mar 18 15:02:00 (also it really shouldn't be called "art", but I have sent a patch to the m-l about that :) Mar 18 15:02:04 ok, then `compatible = "fixed-partitions";` is wrong Mar 18 15:02:28 well, there's no splitter at this point for this type of partition Mar 18 15:02:48 I could write one. It's bound to be rather ugly, but it can be done Mar 18 15:02:54 (probably) Mar 18 15:03:50 zorun: the key-value part applies within some of the partitions (soft_config/hard_config) Mar 18 15:04:22 (all of this is one of they key reason why I wasn't really psyched about moving the mikrotik boards to DTS right now, I feel the underlying plumbing is not ready) Mar 18 15:04:29 f00b4r0: either way, I would simply prepare some minimal patch or RFC and consulted it upstream to save some time Mar 18 15:04:57 ynezz: about which part of what I just exposed? :) Mar 18 15:05:15 compatible = "mikrotik-partitions"; Mar 18 15:05:21 or such Mar 18 15:05:28 ah, right Mar 18 15:05:57 I would ask first on DT list, Rob is quite responsive Mar 18 15:06:12 you'll need his Ack one day anyway Mar 18 15:06:21 ynezz: I was thinking about (ab)using the mtdsplit driver for this. Bad idea? Note that there are variants of the split scheme depending both on architecture and storage type (NOR/NAND) Mar 18 15:06:45 I'm no authority here, nor I'm following upstream closely Mar 18 15:07:10 maybe rmilecki could provide you with such help Mar 18 15:07:25 yeah I was hoping he'd be around Mar 18 15:08:57 right now i was thinking about something along the lines of 'compatible = "mikrotik,rbath79nor";', 'compatible = "mikrotik,rbramipsnor";', and then do the magic sauce at the splitter level Mar 18 15:09:21 but that still doesn't say how to plug nvmem into that Mar 18 15:09:50 nvmem would simply ask upper layer, mtd for the proper offset Mar 18 15:10:49 I've all of that paged out already, sorry Mar 18 15:10:56 ok but you couldn't use that in DTS if the "art" partition is not defined there? Mar 18 15:11:19 np, your input is very helpful for me to catch up anyway Mar 18 15:13:13 I would just doit somehow, minimal patch showing what are you trying to solve and send it upstream for feedback Mar 18 15:14:46 ok. Mar 18 15:35:30 cripes matrix is slooooooooooow Mar 18 15:37:51 ldir: overloaded matrixorg homeserver certainly Mar 18 15:39:01 I like the proto, I don't agree as "default provider" they do that good job TBH, be the rootcauses where-ever Mar 18 15:41:02 Beauty is it isn't tied nor centralised to anyone or anything, sad part is that per default server, indeed matrixorg does not look any good, which doesn't then look any good to average user Mar 18 18:54:29 anyone with digital ocean droplet experience? Can't get ipv6 configured on the main interface, followed instructions, still no worky. Mar 18 19:08:39 Problem solved - instructions are wrong Mar 18 19:34:08 ldir: submit a patch? :) Mar 18 21:06:40 oooooh! I've got a patch accepted into dropbear - yay Mar 18 21:17:30 ;) **** ENDING LOGGING AT Thu Mar 19 03:00:02 2020