**** BEGIN LOGGING AT Wed Apr 01 02:59:57 2020 Apr 01 04:00:53 During the Clone Wars, the Jedi Council began to assign Padawans to Jedi, Padawan is a apprentice or in other words a person learning to be a jedi. See https://bitbucket.org/padavan for further information as well as https://github.com/hanwckf for up to date information. Apr 01 04:19:34 Tapper: btw., I'm not saying that because I'd be ridden by a case of "close-your-eyes-put-your-thumbs-in-your-ears-and-sing-lalala, I can't hear anything", but because at least two of his arguments show that he has no clue about the code he's talking about (thread-safe, there are -by definition- no threads to take care of (even fully grown package managers like dpkg/ rpm are single threaded for a Apr 01 04:19:40 reason) and the assert() claim) and the space removal thing is at best a matter of style/ beauty (reliability into the future, to some extent). the other two remarks would require me to dig deeper into the code than I'd like to, but unless they provoke an "oh sh*t" moment... it just doesn't scale to subscribe to random third party forums or to talk through a middle-man Apr 01 04:28:35 pkgadd: well said sir, and the reason these package managers are single threaded are to keep a structure that runs a command in a specific order rather than allowing for some dynamic algorithm to process multiple commands in a complex manner which makes debugging rather difficult. Apr 01 04:31:26 and because it's simply impossible to do dependency resolution for two concurrent opkg invocations. aside from losing (near-)atomicity of the upgrade process Apr 01 04:31:51 (so if an upgrade would fail for any reason, it would fail hard and leave the system close to unrecoverable) Apr 01 04:48:35 hmm, my gl mt300n-v2 is not booting, something about an lzma error Apr 01 04:49:28 Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover Apr 01 05:02:45 more propaganda: https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/ Apr 01 05:03:22 love how they use Chaos Calmer as a thumbnail Apr 01 05:05:57 gch981213: sounds fine to use that driver. Apr 01 05:25:50 the comment section is comedy gold Apr 01 05:26:00 typical ars technica Apr 01 05:33:17 i think we should simply drop usign Apr 01 05:33:23 it has been a minefiled of problems Apr 01 05:33:37 and it breaks the "dont write your own crypto" rule Apr 01 05:34:00 blogic: you had your first coffee yet? Apr 01 05:34:05 we should switch to BSD signify Apr 01 05:34:22 aparcar: i woke up at 3am and have had fun talking to ODMs Apr 01 05:34:29 oh okay I though you want to switch bag to gpg Apr 01 05:34:49 no Apr 01 05:34:52 blogic: I'm all for to switch to signify and use the upstream version Apr 01 05:34:54 i woud like to see signify Apr 01 05:35:06 jow: ^ Apr 01 05:35:09 ynezz: ^ Apr 01 05:35:22 if there is a rough consensus i would drop a mail on the ML Apr 01 05:35:59 blogic: isn't it literally the same as usign except we have to stick to key nams like .sec and .pub? Apr 01 05:36:57 no idea Apr 01 05:37:01 i just trust bsd Apr 01 05:37:05 and i dont trust usign Apr 01 05:38:58 :) Apr 01 05:39:04 I'll look into that sounds doable Apr 01 05:51:58 hmm. loadaddr of 0x80a00000 gets past the LZMA error, but it's panic'ing later on. Apr 01 05:54:35 anyone here familiar with perl? I'm currently at the very bottom of the build system Apr 01 05:57:15 define "familiar"? Apr 01 05:57:59 russell--: just figured out how to get get only unique values from a list Apr 01 05:58:04 literally my first touch of perl ever... Apr 01 05:58:15 russell--: but thanks for responding Apr 01 06:24:35 blogic: yeah, jow has already suggested that path Apr 01 06:25:30 blogic: and I'm all in as well Apr 01 06:27:46 would be nice to get the signed firmware images into next release Apr 01 06:30:12 ynezz: do you think we can get json in the next release too? Apr 01 06:30:24 how about I port signify and you check my json patch? Apr 01 06:32:31 ldir: indeed, that TARGET_CFLAGS is weird, this should be fixed, it wont build without it so that was probably some workaround I've missed during review Apr 01 06:34:45 hrm i thought usign was BSD based **** BEGIN LOGGING AT Wed Apr 01 06:45:14 2020 **** BEGIN LOGGING AT Wed Apr 01 06:48:05 2020 Apr 01 06:50:02 mt300n-v2 image works after a make dirclean world Apr 01 08:28:34 Tapper: ping Apr 01 08:32:32 how can I compile libbsd for the host? Apr 01 08:33:57 h Apr 01 08:39:45 blogic: fine with me Apr 01 08:40:50 jow: can you help me with the libbsd dependency? I'm currently porting it over Apr 01 09:09:27 aparcar: HostBuild? Apr 01 09:31:47 blogic: for the record, what is the problem with usign? Apr 01 09:32:42 "don't roll your own crypto" Apr 01 09:33:00 "not everything starting with u is better than what it was replacing" Apr 01 09:35:02 karlp: I doubt the second one but the first makes sense Apr 01 09:39:20 well, the whole discussion is literal proof of the second :) Apr 01 09:40:24 what's the size differnce? Apr 01 09:48:25 karlp: wise words :) Apr 01 10:00:37 mangix: usign was modelled after BSD signify Apr 01 10:00:51 it even uses the same flags and file format Apr 01 10:01:10 on the build servers we already use signify to produce the ustream signatures Apr 01 10:01:20 bypassing/ignoring the buildroot usign support Apr 01 10:01:41 sorry, usign signatures, not ustream signatures Apr 01 10:02:34 jow: were there any recent problems with usign or how did this come up? Apr 01 10:02:42 recent ones? no Apr 01 10:02:59 blogic sounded earlier as if something recent happened Apr 01 10:03:42 well the sudden CVE-2020-7982 hype happened, which restarted some already lingering discussions about the crypto / security infrastructure Apr 01 10:04:27 however neither usign, nor own crypto nor any other u* stuff was actually contributing to the issue Apr 01 10:05:06 it was implementation bugs, which can break the best crypto implementations Apr 01 10:07:04 that being said there are legitimate issues (again, implementation ones) which prompted us to reconsider certain u* things Apr 01 10:07:43 the best examples for this were the SHA256 padding bug in usign (not critical, it could only lead to false negatives, never false positives) Apr 01 10:08:30 and certificate integrity checking deficiencies in ustream-ssl leading to data leaks in MITM scenarios Apr 01 10:15:40 jow thanks for the insights Apr 01 10:23:25 I'd be in favor to unify the signify code, however dangole raised this concerns about the size impackt when using libbsd. Apr 01 10:23:56 I wondern how much bigger the apk package manger from alpine is compared to opkg Apr 01 10:31:40 does anyone have 5.4 patches for mvebu target in their staging tree? Apr 01 10:34:48 good email jow Apr 01 10:35:15 kab-el, there's a pull request in the main tree Apr 01 10:35:56 thx Apr 01 10:46:35 hm... question of the day Apr 01 10:46:42 can fgets() ever return a zero length string? Apr 01 10:47:27 on the EOF case I'd expect it to return NULL. If reading a line only consisting of "\n" it would return a char * buffer containing "\n" Apr 01 10:50:56 what would you expect if the file contained a series of NULL ? Apr 01 10:52:18 It's not EOF (yet) but it is a string of just a string terminator. Apr 01 10:52:25 or have I gone mad? Apr 01 10:53:48 easy enough to try out :) Apr 01 10:54:31 the true question is "why would you want to use fgets()"? It's as insecure as it gets ;P Apr 01 11:10:13 f00b4r0: huh? Apr 01 11:10:39 fgets() has a buffer length limit *including* a terminating \0 Apr 01 11:11:16 how is it imsecure? Apr 01 11:11:43 jow: thank you for your mail Apr 01 11:11:57 ldir: yes you're right. It might read null bytes Apr 01 11:11:58 jow: ah i'm confusing fgets/gets, sorry Apr 01 11:12:15 I received your mail, but did not received the mail from this Dan Apr 01 11:12:30 but if you evaluate with strlen() yes you can get a 0-length result Apr 01 11:14:26 Hauke: do contact@ e-mails end up with you or with multiple people? Apr 01 11:17:44 Need some help with cmake please. Apr 01 11:18:13 Borromini: multiple Apr 01 11:18:47 Have include $(INCLUDE_DIR)/cmake.mk in package file, yet the build insists on running the package configure script and goes off into autotools. Apr 01 11:19:14 so with `printf '\0foo\n' > test.bin`, and reading test.bin with `fgets()`, the result will be a zero-length string Apr 01 11:19:27 and I have no idea why. Apr 01 11:19:33 at least as defined by strlen() Apr 01 11:19:54 ldir: include too early or too late? Apr 01 11:20:43 jow: correct Apr 01 11:21:14 it's after package.mk and before define Package/foo Apr 01 11:22:15 jow: typically i prefer to use read/scanf which return info on how much was actually read Apr 01 11:22:54 jow: https://paste.ubuntu.com/p/sZQ78pVsgX/ Apr 01 11:25:22 * ldir goes for lunch Apr 01 11:26:56 ldir: you're actually missing a Package/jansson Apr 01 11:27:15 ldir: I can only assume that your buildroot is actually building an other jansson variant from the feeds, ignoring yours because its invalid Apr 01 11:27:42 ldir: try an `rm package/feeds/packages/jansson Apr 01 11:27:47 Borromini: it is send to everyone who has commit access Apr 01 11:27:49 ` before to nuke the feed symlink before Apr 01 12:11:26 * ldir headdesks - thanks jow! Apr 01 12:26:59 ldir: FPIC can be replaced with -DCMAKE_POSITION_INDEPENDENT_CODE=ON Apr 01 12:27:16 lm should either be removed or made conditional to GLIBC Apr 01 12:27:29 No idea if CMake handles it. Apr 01 12:27:54 Maintainer should be removed, or renamed. He's not active anymore. Apr 01 12:28:09 What does -lm do? and is the -rpath thing relevant ? Apr 01 12:28:21 lm links to libmath Apr 01 12:28:29 musl has it included in libc Apr 01 12:28:32 glibc does not Apr 01 12:29:27 that rpath-link is not relevant anymore Apr 01 12:29:34 I believe it's an old artifact Apr 01 12:30:10 PKG_LICENSE_FILES is also missing Apr 01 12:30:17 well let me see if I can get a build out and I'll go from there Apr 01 12:32:16 I'd be surprised if PIC wasn't enabled anyway 'cos it is a library after all. Apr 01 13:29:01 isn't ath9k supposed to support management frame protection? Apr 01 13:30:13 trying to setup an old tl-wr1032nd as wpa-eap client Apr 01 13:30:26 it connects and authenticates, then fails with "wlan0: WPA: Failed to configure IGTK to the driver" Apr 01 13:31:32 hmm... reloading ath9k with nohwcrypt=1 makes it work Apr 01 13:31:40 thats rather suboptimal ux Apr 01 13:40:44 * ldir grins at "suboptimal ux" Apr 01 13:41:29 * ldir imagines rocket exploding just after launch - "suboptimal" Apr 01 13:42:55 tssks ;) Apr 01 13:54:45 * ldir blinks and misses jansson compiling Apr 01 13:56:50 * ldir notes no one has screamed at him about the cake patches. Yet. Apr 01 13:59:58 * ldir it must be close to 1500 BST - the spaniel has just come crashing through the 'office' door - I guess she wants feeding and ....... W. A. L. K. Apr 01 14:12:30 jow: I was able to do something like that with my MR6400 with ath9k - connected to wpa2 network Apr 01 14:14:20 ldir: the problem is that I actually tried to setup the WPA EAP connection via gui and it ended up in a kind of flapping state Apr 01 14:14:54 ldir: only after inspecting dmesg/logread and googling around I learned that ath9k.ko requires nohwcrypt=1 to handle MFP Apr 01 14:15:43 no ordinary user is going to do that. And even if, editing /etc/modules.d/ath9k and restoring it after every firmware upgrade is not really ideal if the gui makes it appear as if WPA3 / MFP can be simply configured Apr 01 14:16:33 ideally mac80211/ath9k would simply switch to thw non-hw crypto codepath automatically if whatever is configured cannot be handled in hardware Apr 01 14:16:46 but I guess mac80211 lacks the infrastructure for that Apr 01 14:17:41 alternatively expose that setting via sysfs or something so that we can toggle it from mac80211.sh / hostapd.sh etc. Apr 01 14:30:59 interesting. I don't recall ath9k requiring nohwcrypt=1 for MFP Apr 01 14:34:25 blocktrron: were you able to test&compare qca vs. -ct vs. -ct-htt firmwares? Apr 01 14:41:41 I know I've done MFP on the ath9k radio (QCA9563) of my device. Apr 01 14:43:46 Probably client vs AP difference? Apr 01 15:06:12 blogic: you've already some audience! https://forum.openwrt.org/t/desiging-a-network-and-device-map-for-connected-devices Apr 01 15:35:11 * f00b4r0 ponders dumping another few KB of code on the m-l: maybe too soon merely days after the first dump? :) Apr 01 15:43:40 another thing I noticed... the kernel is frequently invoking /sbin/modprobe -q ... - presumably to request module aliases Apr 01 15:43:57 each invokation takes 3-4s real time on the 1043nd Apr 01 15:44:26 we really need to implement some sort of cache, to not scan the modules folder over and over again whenever the kernel requests a module Apr 01 15:49:30 that's my fault for implementing the '-q' option Apr 01 15:50:54 whats weird is that modprobe gets invoked as "modprobe: -q -- netdev-." and "modprobe: -q -- netdev-.." hundreds of time Apr 01 15:51:09 is `netdev-.` and `netdev-..` really a valid module alias` Apr 01 15:51:11 ? Apr 01 15:51:36 that seems.... unlikely! Apr 01 15:52:17 ah! I have an idea Apr 01 15:52:32 * ldir sounds the general alarm Apr 01 15:52:40 the "." and ".." likely correspond to directory entries Apr 01 15:52:45 yep Apr 01 15:52:55 something is probably scanning /sys/class/net/ and doing ioctls or something on each entry Apr 01 15:58:54 Why is grub built for host ? Apr 01 16:03:11 ldir: because grub-install is invoked on the host to install grub in the fs image Apr 01 16:04:47 ah, yes, I think I see $(STAGING_DIR_HOST)/bin/grub-mkimage blah blah -o $(STAGING_DIR_HOST)/lib/grub/grub2-legacy/core.img so some sort of base bootable images Apr 01 16:06:35 hmm, the kernel also requests modprobe net-pf-16-proto-4 each time a netlink is opened Apr 01 16:06:55 which drives the load through the roof Apr 01 16:07:23 *netlink socket Apr 01 16:15:54 DonkeyHotei: qca9884-ct works with WPA2/802.11w on my device ootb Apr 01 16:19:37 jow: module cache? Isn't that depmod's job? Apr 01 16:19:38 jow: ath9k does support 802.11w on Hardware >=AR9160 - the ar9132 in the 1043v1 being a notable exception Apr 01 16:20:23 However if you disable hardware-crypto when loading ath9k it should work even on those old chips Apr 01 16:20:54 Ah, i should scroll down m( Apr 01 16:46:32 f00b4r0: we don't have a module cache and don't use depmod Apr 01 16:46:38 f00b4r0: too big Apr 01 16:50:47 jow: i see. This explains that then I guess Apr 01 17:03:22 blocktrron: does that apply to the ath9k in the archer c7 v2 also? Apr 01 17:19:52 guys, anyone here using user_saml plugin for SSO? (with environment variable) Apr 01 17:23:34 (sorry wrong #) Apr 01 17:57:36 DonkeyHotei: the ath9k in the c7 should support 802.11w Apr 01 18:02:21 ar9223 also? Apr 01 18:03:13 (as an aside) Apr 01 18:04:05 idk whether the ath9k in the c7 would support the 802.11w that is auto-enabled by sae-mixed, though Apr 01 18:11:59 802.11w is not auto-enabled despite being part of the spec Apr 01 18:12:13 on 19.07 it is Apr 01 18:12:19 > ath9k does support 802.11w on Hardware >=AR9160 Apr 01 18:13:12 11w with sae-mixed, too? Apr 01 18:13:22 ah it is indeed auto-activated Apr 01 18:13:52 I don't see a reason why this should not be the case Apr 01 18:14:21 I've had SAE runnind with 11w on a Siemens WS-AP3610i straight from 2007 Apr 01 18:14:37 that's ath9k? Apr 01 18:14:43 Yes Apr 01 18:16:10 MFP causes a big mess on client devices from my experience - MacOS for example advertises WPA3 capability, but they only started with MFP around 2015. Apr 01 18:16:56 i ran a test by setting the ath9k in the c7 to sae-mixed. everything could connect except a macbook air running 10.15.4, and a nexus 5 running lineageos 17.1, but that also did not connect when i set it back to psk2+ccmp without 11w until i brought it closer, so i need to retest that in about 90 min Apr 01 18:17:36 a macbook pro running the same 10.15.4 could connect Apr 01 18:19:37 if i can get the nexus 5 to connect to ath9k with sae-mixed or 802.11r without sae or just plain 11w, it'll give me a baseline to test different ath10k firmwares Apr 01 18:21:14 i need to make sure some sort of roaming/keycache works on ath10k before i upgrade my main phone to lineageos 17.1, released today Apr 01 18:23:31 My Pixel 3 (running the stock Android 10 ROM) has no issues connecting to my ath10k WAP with 802.11w and SAE. Apr 01 18:23:59 mamarley: -ct, -ct-htt, or stock ath10k? Apr 01 18:24:12 DonkeyHotei: -ct-htt. I haven't tried the others. Apr 01 18:24:31 i'm currently running plain -ct iirc Apr 01 18:25:26 I also have an OG Pixel XL that won't connect to the same WAP if it is running the stock Android 10 ROM, but will connect running LineageOS 16. There isn't an official LineageOS 17 ROM for that phone yet. Apr 01 18:28:22 lineageos 16 connects to everything regardless because it's android 9. if there is an unofficial 17 you can try, i predict it will be the same as the stock 10 Apr 01 18:28:52 I expect so too. I'm kind of leaning towards that being a problem with the phone and not the WAP though. Apr 01 18:29:42 when i tried an unofficial 17 on my main phone, it could not connect to ath10k either Apr 01 18:30:28 ath9k is a lower common denominator Apr 01 18:47:49 DonkeyHotei: Actually, I just installed an unofficial 17.1 ROM on the Pixel XL and it does connect to the ath10k-ct-htt WAP with SAE and MFP! Apr 01 18:48:41 interesting Apr 01 18:49:49 "iw dev $DEV station dump" even shows that it is using MFP, which it didn't do at all with Android 9. Apr 01 20:53:13 Hi, so I tried booting from tftpboot an image of a similiar router in my unsupported router with uboot and it crashes at some point. Any idea what does it mean? https://del.dog/crashinitram Apr 01 21:20:01 ldir: could you please check that possible grub2 fix https://github.com/openwrt/openwrt/pull/1968#discussion_r401762682 ? it makes sense to me Apr 01 21:21:04 Toomoch: seems like the bootloader leaves the 2nd cpu core in an unusable condition. try booting with 'nosmp' added to the kernel cmdline Apr 01 21:22:47 ynezz: sure... err, which should I be testing.. the filter out or '-fplt'? or both?! :-) Apr 01 21:24:47 filter out Apr 01 21:25:23 I've tested just this one, it was failing before here, now it builds, didnt booted it yet Apr 01 21:26:48 okey doke. Will be tomorrow morning probably. Apr 01 21:32:28 nice, thanks Apr 01 21:43:25 dangole: how should I input the command? I tried setenv nosmp and then try booting and same error Apr 01 21:45:09 setenv bootargs "$bootargs nosmp" Apr 01 21:45:11 you may have to edit the device-tree and set the kernel cmdline arguments there. Apr 01 21:49:23 ok thanks. is smp even a thing on lantiq xrx200? I throught the extra cores were useless Apr 01 21:52:21 it is a thing on all devices without (active) FXS ports Apr 01 21:53:49 ahh maybe that's what's wrong here Apr 01 21:54:25 fxs is rj11 out to a phone for example right? I think my router has it Apr 01 21:59:33 dangole: still crashing. log: https://del.dog/ricugnuwoj.txt Apr 01 22:00:13 rj11, TAE-6F, the hardware to connect your analogue phones (which needs the FXS firmware loaded, taking hold of one mips core) Apr 02 00:23:11 wpad_basic is 323KB locally Apr 02 00:23:24 iwd is 106KB locally Apr 02 00:23:37 I still have no idea if the latter is a replacement. Apr 02 00:25:21 it's supposed to be, albeit not fully feature complete Apr 02 00:26:23 I'd be quite interested to see how it competes, but... [limited patience in terms of trying to get started with it) Apr 02 00:26:35 I Apr 02 00:26:50 'm sure it would take a lot of work to get it integrated into OpenWrt Apr 02 00:27:24 pretty much all of the uci/ configuration integration would have to be duplicated Apr 02 00:27:43 and then the real issues would start, interoperability testing Apr 02 00:28:00 The DBus support would need to be converted to ubus as well Apr 02 00:28:11 it has quite some interesting approaches though Apr 02 00:31:04 hrm single binary, iwctl Apr 02 00:31:05 nice Apr 02 00:31:50 guess they took the busybox approach Apr 02 00:33:10 the relation with libell is ugly as hell though Apr 02 00:33:13 iwctl ap wlan0 start "ESSID" "password" is all it takes to start a network Apr 02 00:33:26 libell is integrated Apr 02 00:34:01 I didn't bother to import the external library Apr 02 00:34:08 depends, both is possible (libell is maintained externally, but vendored in for static linking - ugly as hell) Apr 02 00:34:39 well, libell can probably be replaced by libubox Apr 02 00:35:03 still, 106KB is pretty good **** ENDING LOGGING AT Thu Apr 02 02:59:57 2020