**** BEGIN LOGGING AT Sun Sep 03 03:00:02 2017 Sep 03 06:47:34 So. I changed /usr/share/hildon-application-manager/catalogues/variant-catalogues.xexp for the catalogues to point to muarf.org. Next I open HAM. The catalogues are ok. I go for updates. Result: no updates available. Log: http://paste.ubuntu.com/25456343/ (lines 2 and 3 are repeated many times, with many different package names. I just reported them one time in the pastebin). Now I close HAM. I remove (or rename) Sep 03 06:47:34 /usr/share/hildon-application-manager/domains/variant-domains.xexp. Then open Ham. Catalogues ok. Go for updates. Result: one update available (Maemo5 security update). Log empty. Then refresh. Result: same update available. Log: http://paste.ubuntu.com/25456351/. Anybody who may explain to me what's going on? Sep 03 07:48:41 DocScrutinizer05: Use eSATA to avoid SATA↔USB conversion overhead? Sep 03 07:52:13 Has anyone else noticed the conceptual similarity between having an SSD on a PCI Express card and the HDDs on an ISA card used in the 1980s? ☺ Sep 03 07:52:43 isa is already burned down. that witch. Sep 03 07:58:05 KotCzarny: There are Socket T AKA LGA775 (Intel Core 2 era) motherboards with at least 1 ISA slot but, if I recall correctly, Socket 478 (Pentium 4) is the last generation of motherboard with an ISA slot with working DMA for an ISA card. Sep 03 08:03:34 Incidentally: After having a bulging battery in two models of smartphone with a removable battery (Samsung Galaxy Note 3 and Geeksphone Revolution), I do not think I want a mobile computer with a non-removable battery. Sep 03 08:03:34 I was curious how to replace the “non-removable” battery of the BlackBerry KEYone. Sep 03 08:03:34 https://www.ifixit.com/Guide/BlackBerry+KEYone+Motherboard+Disassembly/92149 Sep 03 08:03:34 That looks like a lot of work only to remove an internal battery.  I do not have an electric blow dryer. Sep 03 08:03:34 https://www.phonedog.com/2013/09/26/i-don-t-think-i-ll-ever-understand-the-point-of-non-removable-batteries Sep 03 08:04:45 tbh i do not know how is any samsung phone related to #maemo Sep 03 08:04:48 :P Sep 03 08:59:12 did anyone try to use the 0xFFFF flasher recently? It complains about my libusb version, even though it seems correct Sep 03 09:02:13 rhn_mk1 It needs libusb0.1, not libusb1.0, nor libusb1.0 + compatibility layer to libusb0.1 (I don't remember its name). Sep 03 09:03:04 Enrico_Menotti: hm, maybe I have both versions installed... Sep 03 09:04:36 rhn_mk1 ...and it sees the wrong one. May be. Sep 03 09:05:21 Enrico_Menotti: libusb-devel-0.1.5-7.fc24.x86_64 looks good, doesn't it? Sep 03 09:05:39 do you know what happens if the wrong one is used? Sep 03 09:07:27 Well, as far as I know, libusb1.0 has a different interface from libusb0.1, or something of the kind. They are different packages. And if you use libusb1.0 + compatibility layer, it's too slow, or something of the kind. For further details, better ask Pali, I think. Sep 03 09:07:56 What is your OS? Sep 03 09:08:34 Enrico_Menotti: Fedora 25 Sep 03 09:09:21 the source of the libusb-devel package is hard to understand... Sep 03 09:09:58 I'm not used to it in any way. I managed to get 0xFFFF working on a Mac (yes, made some adjustments and recompiled). And had to install libusb0.1. I may look at the Debian available packages, but don't know whether that would help with Fedora. Sep 03 09:10:37 Enrico_Menotti: worst case there's local installation or Docker :) Sep 03 09:11:07 but I want to improve something, I guess, or I'd just flash with the closed flasher already Sep 03 09:11:52 libusb1.0 is slow Sep 03 09:12:11 so when you combine libusb1.0 + compat layer for 0.1 then it would be slow too Sep 03 09:12:26 you need to use libusb0.1 for 0xFFFF Sep 03 09:13:01 Pali: what are the consequences of the slowness? no detection? fails in the middle? Sep 03 09:13:22 no detection or sometimes no detection Sep 03 09:13:38 fail in the middle can happen, if "middle" means to reconnect Sep 03 09:14:37 Pali: why are delays critical? will the device timeout somehow? Sep 03 09:14:59 yes, you need to start communication with device in time window Sep 03 09:15:00 On Debian the package is libusb-0.1-4. I believe the libusb-devel is not the correct one (but I may be wrong). Sep 03 09:15:29 I just found that Fedora uses libusb-compat Sep 03 09:15:55 Yes, that's the compatibility layer. So you're using libusb1.0 + compat layer. Sep 03 09:16:26 or actually I'm using libusbx + compar layer Sep 03 09:16:51 thanks for the hints Sep 03 09:16:57 Yw. Sep 03 09:18:20 Pali: hello. Could you please have a look at what I asked earlier (08:47 CEST)? Maybe you can help. Sep 03 09:23:25 is there some reputable source hosting N900 flash images? Sep 03 09:24:07 ~lf Sep 03 09:24:07 i guess #maemo lazyflashing is http://wiki.maemo.org/Updating_the_tablet_firmware#The_Lazy_Approach Sep 03 09:24:28 thanks Sep 03 09:24:50 Or also a mirror I found on archive.org, up to PR1.3. Sep 03 09:25:42 http://web.archive.org/web/20131117073524/http://skeiron.org/tablets-dev/nokia_N900/ Sep 03 09:26:25 oh, that's quite good Sep 03 09:28:04 ~flashing Sep 03 09:28:05 hmm... maemo-flashing is http://wiki.maemo.org/Updating_the_tablet_firmware, or - on linux PC - download&extract http://maemo.cloud-7.de/maemo5/patches_n_tools/maemo-my-private-workdir.tgz, cd into it, do sudo ./flash-it-all.sh; or see ~flashing-cmdline, or see ~lazyflashing Sep 03 09:28:20 get the script, run it, forget about downloading anything else Sep 03 09:28:40 all you need is already in the script Sep 03 09:28:56 I don't like running random scripts as root :P Sep 03 09:29:10 i assume you have the ability to read? Sep 03 09:31:16 oh, I just did that Sep 03 10:07:53 freemangordon: jenkins is now up, almost building the first package. we need to change one or two things on the git side to get it to build. then we can look at pushing it to a reprepro repo Sep 03 10:08:06 and then we need more glue to automatically build packages and such, but that's OK Sep 03 10:08:09 at least then the basics work Sep 03 10:08:34 the more complex thing will be to build fremantle packages that depends on other fremantle packages - then we need to ensure it also fetched those build deps ... from its own previously built repo Sep 03 10:53:56 Wizzup: we can ask if/how it works in the devuan setup Sep 03 10:54:05 we could Sep 03 10:54:13 I want to understand how the plugins want it work :p Sep 03 10:54:16 great! Sep 03 10:54:38 in the meanwhile, I am finishing codelockui REing Sep 03 10:54:40 :) Sep 03 10:54:46 sweet! Sep 03 10:54:59 :) Sep 03 10:55:20 BTW, anybody knows what it is used for? Sep 03 10:55:27 I mean - is that devicelock? Sep 03 10:55:57 haha, finishing REing something without knowing where it is used, I like it Sep 03 10:56:01 (and no, I can only guess) :D Sep 03 10:56:21 REing was started by jonwil Sep 03 10:56:42 also, this is the lib used when you choose "remove operator lock" in control panel Sep 03 10:56:55 but I am not sure what it is supposed to do actually Sep 03 11:00:42 freemangordon: I dont exactly remember which is which, but one is used to unlock device Sep 03 11:00:49 and the other is used in control panel Sep 03 11:01:05 yep, this is the one used in cpl Sep 03 11:01:06 iirc codelockui is basically the code dialog Sep 03 11:01:16 yes, it is, but what it is used for? Sep 03 11:01:27 what code is that one? Sep 03 11:01:33 "operator lock"? Sep 03 11:01:42 hmm no, the phone lock Sep 03 11:01:42 WTF is that in terms of n900? Sep 03 11:01:52 no, phonelock is libdevicelock Sep 03 11:01:56 or devicelock Sep 03 11:02:07 ah, you mean this is the ui? Sep 03 11:02:10 exactly Sep 03 11:02:28 make some changes and see where they show up? Sep 03 11:02:34 well, from what I remember, at least Sep 03 11:02:51 haven't fiddled with those for quite a while (1.5y or something) Sep 03 11:03:16 hmm Sep 03 11:03:52 back then I wanted to fix it when in portrait mode... then I realized it was closed-source Sep 03 11:03:59 no more :) Sep 03 11:04:12 yay :) Sep 03 11:04:22 fixing it should be possible soon then :) Sep 03 11:04:48 hm btw, while you're here ... would it be possible to make hildon/mb2 a non-compositing wm? Sep 03 11:04:58 no idea :D Sep 03 11:05:21 and how well would it perform with llvmpipe on arm (has anyone tested it)? Sep 03 11:05:33 (assuming we have to keep it compositing) Sep 03 11:06:16 ok, I managed to lock my dev device and there seems to be a bug in codelockui so I can't unlock it :D Sep 03 11:06:27 haha Sep 03 11:06:33 lol Sep 03 11:06:36 iirc there is some dbus call to unlock it Sep 03 11:07:01 well, I keep the original .so, so I will revert to it, but still, it is funny Sep 03 11:16:11 https://wizzup.org/first-build.png Sep 03 11:17:10 Wizzup: BTW, you clone from github to another repo, right? Sep 03 11:17:23 right now from the maemo gitlab, yeah Sep 03 11:17:30 but we target any git URI Sep 03 11:17:33 s/maemo/devuan/ Sep 03 11:17:51 I think we'll have problems with branches, right? or not Sep 03 11:18:03 yes Sep 03 11:18:11 https://git.devuan.org/maemo/libcal Sep 03 11:18:15 you always build master? Sep 03 11:18:17 parazyd already made some branches/files/tags Sep 03 11:18:26 and we need to fix most of the control files Sep 03 11:18:36 the maemo/ascii branch Sep 03 11:18:37 but we'll get there, I don't have all the anwsers yet Sep 03 11:18:51 ah, ok Sep 03 11:19:09 jonwil: cheers https://github.com/community-ssu/codelockui Sep 03 11:19:32 congratz! :) Sep 03 11:20:54 Good to see that's finished Sep 03 11:21:19 And that hildon-plugins-notify-sv and libplayback also seem to be finished Sep 03 11:21:40 mhm Sep 03 11:22:06 though there are still problems in codelockui, but I am chasing them Sep 03 11:24:51 Great :) Sep 03 11:26:14 Hello everybody. Could you please have a look at the question I asked earlier, around 8.47 CEST? In particular bencoh (muarf.org is your mirror, right?) Sep 03 11:28:03 Enrico_Menotti: hey! the KEYEXPIRED warning isn't related to the mirror. it just means that nokia signing keys have expired (quite a long time ago, actually - even before they closed their mirror) Sep 03 11:31:01 Ah ok, so it's an unavoidable warning which I should live with. But one question: HAM was not working until I removed (renamed, actually) the /usr/share/hildon-application-manager/domains/variant-domains.xexp file. That contains some keys, which I don't know what are needed for. And a key is included also for repository.maemo.org - so I removed that as well, but this doesn't seem to affect that particular repository. Sep 03 11:32:20 that's no question Sep 03 11:32:32 bencoh So what are those keys in variant-domains.xexp? Sep 03 11:32:38 (This is the question.) Sep 03 11:33:48 very interesting if somebody finds an answer that's a) not 15 times the max postlen of freenode, and b) not just "RTFM man apt" Sep 03 11:34:43 Its good that we are getting more and more of the interesting stuff for the N900 (hildon-plugins-notify-sv for example) cloned :) Sep 03 11:36:09 hmm, no idea what variant-domains.xexp is, I've never had to bother Sep 03 11:36:26 (not that I use HAM much, but ... it does work here) Sep 03 11:36:36 DocScrutinizer05 Sorry, why man apt? Is not this related to HAM? Sep 03 11:36:48 ham is apt based Sep 03 11:36:59 DocScrutinizer05: this is still HAM-specific Sep 03 11:37:23 and I doubt he'll find information regarding the HAM-apt glue in the apt manual :) Sep 03 11:37:27 then b) already is off the table :-D Sep 03 11:37:38 remains a) Sep 03 11:38:19 but how are certs HAM specific? I thought that's a genuine apt thing Sep 03 11:38:43 bencoh How did you proceed to update the catalogues to muarf.org? Just disabled the original Nokia catalogues from the HAM GUI and installed the new catalogues? Sep 03 11:39:30 I wouldn't be surprised if the answer is "yes" or "click an install file" Sep 03 11:40:00 I for one never edited sourcelist files Sep 03 11:40:42 I copy them however, in enable-catalogs Sep 03 11:41:00 Ok. When you click the install file, does that also install new keys? Or keys are not needed for the muarf.org mirror? Sep 03 11:41:19 there are no keys for muarf Sep 03 11:41:55 muarf is a mirror that doesn't build&sign stuff itself, so the original nokia keys apply Sep 03 11:42:07 what is stopping maemo team from repacking nokia debs with maemo.org keys? Sep 03 11:42:08 makes you wonder why we can't just resign it. Sep 03 11:42:11 ^^ Sep 03 11:42:22 not that there would be any new package in those repos Sep 03 11:42:25 missing sources? Sep 03 11:42:35 you don't need sources to sign it Sep 03 11:42:40 +1 Sep 03 11:42:49 bfc Sep 03 11:42:59 nfc even. ask the experts Sep 03 11:43:06 define 'experts' Sep 03 11:43:41 I think we looked into that for quite a few months, even Nokia dides did though they had no clue at all Sep 03 11:44:11 devuan does this on a daily basis Sep 03 11:44:15 afaik Sep 03 11:44:30 Ok. So it's correct to "remove" the variant-domains.xexp, I guess. And what about repository.maemo.org? Does not produce any error nor warning without the key. And ehm, the original Nokia keys do not seem to apply to muarf: if I leave them there, I get the log I reported above (wrong domain). Sep 03 11:44:32 I think the issue is that there is no key in the stock firmware that is still valid (not expired) Sep 03 11:44:57 jonwil: right, so cssu can add it Sep 03 11:45:06 but since packages would barf on keyexpireds, does it change anything? Sep 03 11:45:23 this way one can change the repo url and add a key and be done Sep 03 11:45:55 Yeah resigning all the Nokia things with another key belonging to CSSU (and signing all the CSSU packages as well) seems like a good idea. Sep 03 11:46:30 would apt break if pkg key changes? Sep 03 11:47:15 (Brb.) Sep 03 11:47:39 Enrico_Menotti: I'm not a good example, since I added the mirror urls to apt conf. and I don't really remember what I had to do for HAM to work (if any) Sep 03 11:47:46 s/any/anything/ Sep 03 11:47:46 bencoh meant: Enrico_Menotti: I'm not a good example, since I added the mirror urls to apt conf. and I don't really remember what I had to do for HAM to work (if anything) Sep 03 11:49:11 Wizzup: no CSSU can't add it since we have no valid key to sign the new key Sep 03 11:49:39 well, technically CSSU has its own key Sep 03 11:49:41 we would need to instruct users to add the new key manually Sep 03 11:49:43 the one used to sign CSSU Sep 03 11:49:56 that is installed when upgrading (migrating) to CSSU Sep 03 11:50:01 couldnt cssu installer do that? Sep 03 11:50:02 DocScrutinizer05: then people click a link in the browser and add the key Sep 03 11:50:06 whatever, same thing Sep 03 11:51:41 sorry, I really have only a foggy idea about that stuff. Not much more than "Pali, freemangordon, and/or jonwil and others looked into it back when Nokia asked us how to fix their fuckup, and there was no feasible way for CSSU to accomplish that without help from Nokia that never came" Sep 03 11:51:50 I still have the emails Sep 03 11:52:23 My understanding is that there was no valid key in the stock ROMs that could be used to re-sign the Nokia repos Sep 03 11:52:26 because they were thinking about proper fix Sep 03 11:52:34 jonwil: yep Sep 03 11:52:42 i propose just resigning the debs with cssu key Sep 03 11:52:47 there was, but Nokia refused to use it Sep 03 11:53:14 well, another way would be breaking the key Sep 03 11:53:29 or just ignore it Sep 03 11:53:33 breaking onto nokia servers Sep 03 11:53:34 jonwil: but a key can be added via the browser easily Sep 03 11:53:55 *shrug* requiring some user interactions seems fine Sep 03 11:54:12 Wizzup: that been exactly the point Sep 03 11:54:18 it's just that not fixing the re-signing is lame, but I can understand it if the issue is time constraints Sep 03 11:54:25 DocScrutinizer05: is it? people already have to jump through several hoops for cssu Sep 03 11:54:27 prolly yes, with user interaction it's feasible Sep 03 11:54:49 Are CSSU debs currently signed? Sep 03 11:55:05 the concern back when was for doofus users who don't have a clue Sep 03 11:55:19 jonwil: nfc Sep 03 11:55:27 prolly not Sep 03 11:55:53 given they are built and packaged offline Sep 03 11:56:09 so who would be the key owner? Sep 03 11:56:09 they are Sep 03 11:56:27 So they get signed when they get pushed to cssu-testing/cssu-stable/whatever? Sep 03 11:56:29 maemo infra signs then Sep 03 11:56:34 yes Sep 03 11:56:44 ooh fine :-) Sep 03 11:57:07 Ok so is the key that is used to sign those installed by CSSU (or as part of the CSSU process) or what? Sep 03 11:58:30 jonwil: sorry, can't parse, please rephrase Sep 03 11:58:41 took me a while too :-) Sep 03 11:58:49 Ok so CSSU packages are signed by someone Sep 03 11:58:52 your english is better Sep 03 11:59:00 jonwil: in the repo, yes Sep 03 11:59:06 is the pubkey used to verify CSSU signature a part of the CSSU installation process? Sep 03 11:59:09 yes Sep 03 12:00:00 Ok so right now there are 3 possibilities. First is someone running a stock firmware in which case it doesn't matter since they will be pointing at the stock Nokia repos that no longer exist. Sep 03 12:00:20 I will be busy for a couple of hours (F1 race). See you later. Thanks for the discussion so far. Sep 03 12:00:40 The second possibility is someone who is running stock (or like me, stock with various replaced packages) but has changed their repos to point to a mirror Sep 03 12:00:49 The third is someone running CSSU Sep 03 12:01:23 IMO we should do this: Sep 03 12:01:24 jonwil: no CSSU????? o,O shame on you! ;-P Sep 03 12:01:54 mhm Sep 03 12:02:07 I am running a mix of various cloned/updated packages (some I cloned, others cloned or upgraded by someone else) Sep 03 12:02:12 WAAH Pali has a terrible timing Sep 03 12:02:13 anyway, codelockui seems to work :) Sep 03 12:02:53 I'm pretty sure he investigated the whole issue in epic depth back when Sep 03 12:03:49 IMO we should do this: Sep 03 12:03:50 1.We re-sign all the Nokia packages with the CSSU key Sep 03 12:04:03 in general I agree we finally should reclaim contrpol over *all* signature keys, particularly since original Nokia repos are no more Sep 03 12:05:04 so not a single user can run updates without having CSSU installed and repo sourcelists fixed Sep 03 12:05:33 ergo we need to take action about that, finally Sep 03 12:06:24 Wizzup: which branch should I use so it is easier for you? Sep 03 12:06:33 freemangordon: I don't know yet, once I do, I'll let you know Sep 03 12:06:39 I think just a tag is fine Sep 03 12:06:46 ok, I'll use gtk2 sisnce then Sep 03 12:06:47 right now we're making it auto generate and sign a repo :) Sep 03 12:07:01 is that ok? Sep 03 12:07:06 gtk2? sure Sep 03 12:07:08 ok Sep 03 12:09:25 IMO we should do this: Sep 03 12:09:27 1.We re-sign all the Nokia packages with the CSSU key Sep 03 12:09:28 2.We put the re-signed packages in a mirror repo and make the CSSU installer update things to point there instead of the stock repo locations so anyone with CSSU gets all the stock packages properly signed and working again with no user interaction beyond installing or updating CSSU. Sep 03 12:09:30 3.For people who are running a device but dont want to run CSSU, we have the appropriate "click here to add the new key" and "click here to add the new repo" links available somewhere Sep 03 12:09:31 That way anyone who just wants a stock device but wants to be able to pull Nokia packages without key errors can update their repos easily and those who want CSSU get CSSU and get it all done automatically. Sep 03 12:10:07 that should fix all those cssu installs that require manual package installations? Sep 03 12:13:21 Anyone got any comments on whether my idea is good or not? Sep 03 12:15:57 jonwil: I guess the idea is good, but I don;t see who is going to release it Sep 03 12:16:54 jonwil seems to have run out of things to RE, so.. ;) Sep 03 12:17:11 ah, right :) Sep 03 12:17:28 and he is keys expert too Sep 03 12:17:59 jonwil: that is exactly what I thought/meant Sep 03 12:20:37 My idea requires somewhere we can host a nokia repo mirror and someone who has the relavent CSSU key and the ability to download the nokia repo from an existing mirror, sign it all and then upload it to new space. None of which I can help with (I dont have space to put it or keys to sign it with or the bandwidth/speed to do a full repo download and re-upload) Sep 03 12:21:11 jonwil: iirc we are not allowed to host closed source packages Sep 03 12:21:35 jonwil, would you be able to write a script for someone to run oh his server? (ie. bencoh) Sep 03 12:21:36 no idea how relevent is this in 2017, but still Sep 03 12:22:35 I dont think whatever remains of Nokia (either the Microsoft Nokia who was releasing Windows based crap or the other Nokia that is now releasing crap running some different OS) actually cares anymore about what happens to the N900 and its software. Sep 03 12:23:03 I dont know enough about writing shell scripts or signing packages to write such a script :) Sep 03 12:23:48 eager to learn pkg signing then? ;) Sep 03 12:24:25 Actually, I need to stop procrastinating and talking on here and watching crap on YouTube Sep 03 12:25:15 I am exhibiting at https://www.facebook.com/events/259797684501353/ and I have a billion things I need to build and change and prepare before I am ready... Sep 03 12:25:25 So I gotta stop messing about and actually start building :) Sep 03 12:26:37 note that re-signed packages can be host by 3rd parties Sep 03 12:26:54 hosted* Sep 03 12:29:39 (( jonwil: iirc we are not allowed to host closed source packages)) yes exactly Sep 03 12:30:23 we are not even allowed to publish tablets-dev though in fact we always been the ones to host it, on maemo infra Sep 03 12:31:22 are we allowed to RE packages? Sep 03 12:31:24 why are you not allowed? Sep 03 12:31:34 and if you host it anyway, might as well just sign it Sep 03 12:31:37 and to publish/create debs out of the results? Sep 03 12:31:40 Wizzup: because Nokia tells us so Sep 03 12:31:56 but I'm not maemo Sep 03 12:33:13 you may do whatever you want, you are also the one to suffer any consequences. "We" (maemo 'official') do not discourage anybody hosting Nokia proprietary stuff, but Maemo is not allowed to do it Sep 03 12:33:44 :) Sep 03 12:33:51 problem solved Sep 03 12:37:48 I believe the deal that transferred maemo infra to community specified that community doesn't get any of the secret stuff (i.e. anything related to projects.maemo.org) and community isn't allowed to distribute the Nokia device repos. Sep 03 12:38:45 But there is nothing (other than the very very low risk of being sued by the ghost of Nokia) stopping someone that isn't "community" from redistributing the Nokia repos. Sep 03 12:40:20 So we just need someone to come up with a way for whoever has a repo already to re-sign things. Sep 03 12:40:36 Then we make CSSU point to that 3rd party repo Sep 03 12:40:41 and we are in business :) Sep 03 12:41:17 except that we don't want a 3rd-party to resign Sep 03 12:41:56 s/resign/re-sign/ Sep 03 12:41:57 bencoh meant: except that we don't want a 3rd-party to re-sign Sep 03 12:42:11 well "community" (i.e. official infra) can't host a repo. Sep 03 12:42:15 so you'd need maemo to re-sign packages at some point Sep 03 12:42:19 yeah I know :) Sep 03 12:42:36 reprepro can do this in a breeze Sep 03 12:44:18 Ok so then we need someone who has the CSSU key to re-sign an existing (or new not-hosted-by-community) mirror somehow. Sep 03 12:45:00 Then we have a mirror signed by the CSSU key (which is what we want) but not hosted by community in a way that violates any nokia deals. Sep 03 12:45:01 "somehow" yeah :) Sep 03 12:47:13 well, if maemo does not want to be associated, they should not sign it Sep 03 12:47:36 who would you trust then? Sep 03 12:47:37 http://mg.pov.lt/maemo-ssu-irclog/%23maemo-ssu.2013-01-24.log.html#t2013-01-24T13:13:24 Sep 03 12:49:01 Anyhow, this isn't something I can do anything to help with really Sep 03 12:50:11 ohwell, that link has some info regarding the .xexp file as well Sep 03 12:50:20 Enrico_Menotti: ^ Sep 03 12:50:48 (( Then we make CSSU point to that 3rd party repo)) is arguable, but I *think* of manageable risk nowadays Sep 03 12:52:02 So we need to figure out whether we have the repo signed by the CSSU key or by someone else and then make that happen. Sep 03 12:52:27 *somehow* skeiron was exactly that Sep 03 12:52:52 some folks inside maemo went nuts about it Sep 03 12:55:43 a secret guerrilla crew did an awesome job setting up skeiron and mirror *everything* there, and in turn the only "support" by maemo council needed would have been that they finance a totally unrelated backup server as compensation for the infra provided by skeiron team. We all know where that ended (fro those who don't: see my signature in tmo) Sep 03 12:58:06 hail hildon foundation >:-( Sep 03 13:00:03 woody been one of that guerrilla crew, but later blamed me for lying at him. I mean, how insidious can it get? Sep 03 13:00:56 I don't think going through this helps anymore ;) Sep 03 13:01:05 I don't know anything about this, and I do not know what good this does bringing it up again here and now Sep 03 13:01:22 you're right, sorry Sep 03 13:01:33 I just felt deep anger and frustration Sep 03 13:01:44 had to vent Sep 03 13:03:14 We need to stop talking about the past and look at the future. Do we intend to re-sign the repos or not? What mirror do we want to re-sign? And which key do we want to use to re-sign it? Sep 03 13:04:35 I *think* we could create a maemo-hosted mirror with restricted access to host the new-signed stuff Sep 03 13:05:11 as long as "nobody" (but those with the credentials) has access, we're fine with hosting on maemo Sep 03 13:05:46 too bad when the credentials "leak" Sep 03 13:06:01 ;-) Sep 03 13:06:05 DocScrutinizer05: you can actually re-use existing credentials ;) Sep 03 13:06:22 (that's what I did for ovi) Sep 03 13:06:48 bencoh: it must not be too obvious Sep 03 13:07:08 Anyhow, this is 100% out of my hands, I have nothing to do with it :) Sep 03 13:07:21 same here :) Sep 03 13:07:29 e.g. re-implementing that old "please enter your IMEI" thing won't fly Sep 03 13:09:19 I think of really installong a regular .htaccess with user/password, and some folks running a real non-affiliated mirror will find out about those credentials by social engineering, hacking or whatever Sep 03 13:10:21 or similar to tablets-dev which is also still there, just nobody knows about it ;-) Sep 03 13:12:48 NB I do _not_ suggest to use the "upstream secret" URL for sources.list in devices. They should use unaffilated mirrors. Those mirrors should sync to that hidden master Sep 03 13:14:05 by the way ... https://github.com/postmarketOS/pmbootstrap/issues/438 :) Sep 03 13:14:29 (tl;dr: pavelmachek detailing n900 mainline status as a daily driver) Sep 03 13:18:52 nice Sep 03 13:25:10 HMMMMM. about re-signing Nokia mirror: CSSU could validly claim they need a working Nokia mirror for their own building process, so they could host such mirror which is "only available to them" via above mentioned credentials Sep 03 13:25:35 :-D Sep 03 13:26:26 would make more than just some sense when such CSSU "private" mirror had been re-signed by CSSU keys Sep 03 13:27:52 when some "ev17 h4x0r5" crack and mirror that private Nokia CSSU mirror, what could we possibly do? Sep 03 13:29:02 this is a public chan with public logs :p anyway Sep 03 13:29:49 we will diligently change the credentials once a month and run fail2ban and everything against the mirror to protect it. NFC how those evil hax0rs manage to always copy it Sep 03 13:30:05 -_- Sep 03 13:31:31 bencoh: the idea is we don't do anything evil. So we better discuss this publicly to make sure we didn't miss any aspect ;-) Sep 03 13:41:44 meh, the Nokia repos are as static as it can get, we don't need to keep this "infra" dynamically working. It's a one-shot action, just take care the signatures expire no earlier than 2099 ;-) Sep 03 13:43:27 Ok so the first thing we need to do is to figure out who is going to run this 3rd party mirror (either someone running an existing mirror if they are interested or someone with the ability to run a new 3rd party mirror). Once that happens I have a plan to make this all work with minimal risk to maemo infra/community people. Sep 03 13:45:23 keyholder of CSSU keys: merlin1991 Sep 03 13:45:34 afaik Sep 03 13:45:48 ~mirrors Sep 03 13:45:48 i guess mirror is http://maemo-archive.wedrop.it/ http://talk.maemo.org/showthread.php?p=1315143#post1315143 or extras-devel.merlin1991.at - for fighting hashsum error, or see ~rmo-new Sep 03 13:46:09 hmm, no not those Sep 03 13:48:00 jonwil: why would we need "to figure out who is going to run this 3rd party mirror"? Sep 03 13:48:21 I mean we need to figure out which mirror is going to be the one that hosts this re-signed repo. Sep 03 13:48:47 we will see which mirror is it that picks up Sep 03 13:48:49 ;-) Sep 03 13:49:48 I suggest to consider indirection: point to a place with an .install file and only that .install file points to the recently valid mirrors Sep 03 13:51:17 ~jrrepos Sep 03 13:51:17 well, jrrepos is http://maemo.cloud-7.de/maemo5/et_al/HAM-catalogs/ Sep 03 13:52:16 for a really longterm stable URL I'd change this to sth not including cloud-7 though Sep 03 13:52:35 might even be histed on maemo infra Sep 03 13:52:39 hosted* Sep 03 13:53:30 maybe a bootjob could download the .install file and edit the sources.list or /etc/hosts Sep 03 13:55:57 echo "nokiareposymbolic `wget http://maemo.cloud-7.de/maemo5/et_al/HAM-catalogs/ | grep 'URI = '|cut -f 3`" >>/etc/hosts Sep 03 13:56:01 sth like that Sep 03 13:56:32 (obviously buggy, but you get the idea) Sep 03 14:06:47 freemangordon: http://sprunge.us/RANT Sep 03 14:09:51 RANT ? ;-P Sep 03 14:10:17 ;=P Sep 03 14:10:21 yep, lol Sep 03 14:10:25 lol Sep 03 14:10:35 new flavor of bullshit bingo ala sprunge? Sep 03 14:13:33 anyway: this is libcal built from a devuan ascii VM running jenkins Sep 03 14:13:38 it auto generates a repo and signs it with a testing key Sep 03 14:13:58 this could essentially be rsynced to a public http server and we could play with it on a real device Sep 03 14:14:09 we'll add the arm arch once we've figured out the other parts Sep 03 14:14:23 automatically adding new packages, auto fetching new builds, documenting the branches / files required for git builds, and such Sep 03 14:57:53 Wow, I see my original question about HAM generated a lot of discussion. bencoh, I have read the log DocScrutinizer05 linked to. I admit openly that my present knowledge about keys, signatures and so on is null. So although I tried to read all, I didn't understand that much. That log gives some hints about the .xexp files, yes. But I haven't been able to learn substantially anything more than what I had already seen. Sep 03 14:57:53 Recap: I understand the keys for the original Nokia repos are expired, nothing to do about that. So that issues a warning in the HAM log, but nothing else. Still, I didn't understand why apt-worker refuses to use packages from mirrored (on muarf.org) Nokia repos (says "wrong domain"). Next, by removing the domain and key files in /usr/share/hildon-application-manager/ apt-worker doesn't complain anymore. As far as I Sep 03 14:57:53 understand at the moment, in this situation apt-worker has no keys to verify the signatures (is this correct?), so it should complain even louder! Also, I removed the keys for repository.maemo.org together with the others, and neither this repository causes apt-worker to complain! Sorry, I don't understand what's going on. Sep 03 14:58:01 May anybody help me to clarify the situation? Sep 03 14:59:20 how did you add the repositories to your device? Sep 03 14:59:49 ((apt-worker refuses to use packages from mirrored (on muarf.org) Nokia repos)) there's a setting in HAM red-pill mode to allow "3ed party sources" or somesuch, iirc Sep 03 15:01:07 ~redpill Sep 03 15:01:08 extra, extra, read all about it, redpill is http://wiki.maemo.org/Red_Pill_mode Sep 03 15:04:11 HAM "settings"-> "[ ] Ignore packages from wrong domains", "[x] ignore the third party packages policy for SSU" Sep 03 15:04:44 bencoh I edited /usr/share/hildon-application-manager/catalogues/vairant-catalogues.xexp and added to the uri's indicated there the path to muarf.org's mirror: http://maemo.muarf.org/apt-mirror/mirror/. This fixes the standard catalogues by pointing them to muarf.org. HAM is not complaining it can't find the catalogues. Problems arise with apt-worker refusing the domain. Sep 03 15:04:51 not sure which setting they'd need, but... usually your problem doesn't occur here Sep 03 15:06:19 what happens when just using the .install files? Sep 03 15:06:30 generally messing around with config preset files that are not meant to get altered by user and only will install from a verified repo is for sure not the best method to avoid unexpected probelms Sep 03 15:06:33 (I've never tried those, so ...) Sep 03 15:07:42 editing /etc/* is the way to go for *user*, just make sure e.g. HAM is not running concurrently as otherwise it might overwrite your edits when terminating Sep 03 15:08:28 well, actually for *user* the canonical way is to use HAM "catalogs" interface, or click an .install file in microB Sep 03 15:09:24 /60/60 Sep 03 15:10:09 again, I point to my enable-catalogs script that just works to switch different catalog settings, so whatever it does it does it the right way Sep 03 15:12:17 when copying files into /etc/apt/* works, then editing same files must work too, right? Sep 03 15:12:40 Ok, I didn't try the .install files. I was first trying to correct the original Nokia links, so to avoid having disabled catalogues and side by side new ones. Yes, I can use the .install files and see what happens. I agree with the procedure suggested by DocScrutinizer05 , in the sense that this should not be done by the end user. But the original repos are no more, so in my opinion it does not make sense to disable Sep 03 15:12:40 their catalogues and install others: it makes more sense to me to correct the original catalogues. Anyhow, at this point I'd like to understand how the .xexp files work. Sep 03 15:13:15 DocScrutinizer05 /etc/apt/sources.list.d/ you mean? Sep 03 15:13:38 whatever files are there under /etc/apt Sep 03 15:14:16 I can't help with .xexp files, never heard of them before you came up with them Sep 03 15:14:59 I guess THAT is a very HAM specific thing Sep 03 15:15:26 only used once during initial config Sep 03 15:16:44 maybe HAM checks if the .xexp is newer than the files under /etc/apt and /etc/hildon-applicationmanager and if so, it re-initializes the latter files according to the .xexp... Or whatever Sep 03 15:17:44 you probably have to dig deep into HAM sources to get an answer to "how does .xexp work?" Sep 03 15:18:22 all I know is: nobody sugested to mess with .xexp so far Sep 03 15:18:54 the canoical way is via /etc/apt and /etc/hildon-app*ger Sep 03 15:19:26 About /etc/apt: I am asking because I first tried to change the file inside /etc/apt/sources.list.d, but I found out that the HAM modifies this file according to the catalogues indicated in the .xexp files (and the "enabled/disabled" setting, which I have seen is stored in /etc/hildon-application-manager/catalogues: if a catalogue is disabled, its url doesn't appear in /etc/apt/sources.list.d). If one only modifies Sep 03 15:19:27 /etc/apt/sources.list.d, then upon calling HAM GUI again and doing some actions, the sources.list.d files go back to their original content. Sep 03 15:19:45 see http://maemo.cloud-7.de/maemo5/session-log_enable-catalogs_README.txt and http://maemo.cloud-7.de/maemo5/usr/local/sbin/enable-catalogs Sep 03 15:19:53 and http://paste.ubuntu.com/25454201 Sep 03 15:20:08 and particularly the modification dates in there Sep 03 15:20:33 Ok, let me have a look. Sep 03 15:21:24 >>If one only modifies /etc/apt/sources.list.d, then upon calling HAM GUI again and doing some actions, the sources.list.d files go back to their original content.<< no, evidently not, unless maybe you have HAM running concurrently to your edits Sep 03 15:22:58 Well, I didn't remove the OVI catalogue from the /etc/apt/sources.list.d. I disabled it in the HAM GUI. But afterwards it disappeared from the /etc/apt/sources.list.d file as well. Sep 03 15:23:44 The file is /etc/apt/sources.list.d/hildon-application-manager.list. Sep 03 15:24:28 http://paste.ubuntu.com/25458596 Sep 03 15:28:23 Let me do a test. Sep 03 15:29:26 ((I disabled it in the HAM GUI. But afterwards it disappeared from the /etc/apt/sources.list.d file as well.)) yes, that's how HAM manages stuff, it has "enabled"/"disabled" in /etc/hildon-application-manager/catalogues and adjusts the sources.list files accordingly, so apt also *should* use same repos Sep 03 15:29:52 AIUI Sep 03 15:30:22 Wizzup: cool!!! Sep 03 15:30:43 :) Sep 03 15:30:48 that's why you shouldn't just edit sources.list since HAM will interfere. Use HAM "catalogs" GUI instead. Or edit *all* files that need an edit Sep 03 15:30:52 now I have a headache though Sep 03 15:30:57 enough jenkins for today Sep 03 15:31:06 where is the repo? Sep 03 15:31:25 it's not yet online. I can rsync it somewhere if you want to look at it Sep 03 15:31:29 It's on the vm only Sep 03 15:31:32 ah, no, no hurry Sep 03 15:31:40 it's not just any wiskey, it's Jenkins whatthefuck Sep 03 15:31:54 :) Sep 03 15:32:10 so yeah, what's left is what I wrote above Sep 03 15:32:18 should be a bit more work, but doable Sep 03 15:32:46 in the meanwhile I managed to build and run hildon-control-panel in devuan VM :) Sep 03 15:33:52 sweet Sep 03 15:34:04 I'm really looking forward to getting a first devuan up and running with the repos Sep 03 15:34:15 just add the repo; apt-get install hildon-desktop and done Sep 03 15:34:20 DocScrutinizer05 I checked. Yes, if I edit /etc/apt/sources.list.d/hildon-application-manager.list, then open HAM GUI and trigger an action (I went to catalogues, opened the apps one and saved it without any modification), afterwards the /etc/apt/sources.list.d/... file is recreated. So it is enough to edit the .xexp file (/usr/share/hildon-application-manager/catalogues/variant-catalogues.xexp). HAM automatically Sep 03 15:34:21 mirrors the edits in /etc/apt/sources.list.d/hildon-application-manager.list. Sep 03 15:34:24 do we have any known FOSS cpl applet? Sep 03 15:34:29 cpl? Sep 03 15:34:33 control panel Sep 03 15:34:38 aka settings Sep 03 15:35:10 Enrico_Menotti: no, we don't edit .xexp Sep 03 15:35:33 /usr/* is read-only for all that matters Sep 03 15:36:08 freemangordon: I don't know. I would assume so. external keyboard? Sep 03 15:36:13 or operator name? Sep 03 15:36:34 extkbd is mine, but it is qt Sep 03 15:36:46 is that a problem? Sep 03 15:37:04 still no qt Sep 03 15:37:07 ack Sep 03 15:37:25 btw, if anyone knows how to connect to a bluetooth keyboard that seems to do 'auto pair', that would be nice (e.g. you never get to fill in a pin code) Sep 03 15:37:35 it works on android, but the n900 gets stuck in a weird way and wants to fill in a pin Sep 03 15:37:38 (windows has the same problem) Sep 03 15:38:32 Enrico_Menotti: honestly, I have a very simplistic approach to that: make a copy of /etc, then use HAM GUI to add or remove a catalog, then see what it did to /etc (usinf diff tool or whatever you like). So you see what's the correct way to do stuff, then implement that in your script or whatever you are about to create Sep 03 15:39:10 for advanced tasks, use strace to watch what exactly it is HAM is doing Sep 03 15:39:42 when using strace, watch out not to miss forks Sep 03 15:39:56 strace -f follows forks Sep 03 15:40:01 yep Sep 03 15:40:15 that's what I leaft to the reader to figure out ;-) Sep 03 15:41:03 DocScrutinizer05 Ok, I understand your position. However, one can play with his system in the way he likes to. It depends on what one wants to achieve. I'd like to correct the original catalogues instead of creating new ones. By editing the .xexp files this can be done, it seems, with all the risks this implies. Sep 03 15:41:34 About tracing HAM actions: yes, I was thinking about something of the kind. Thanks for the hints. Never used strace. Will investigate. Sep 03 15:41:44 well, what can be done and what will work in the end are two segregate things Sep 03 15:42:28 editing files in /usr is a *very* poor idea since apt itself will override them next time you install/update stuff Sep 03 15:42:33 Segregate? You mean separate? Sep 03 15:42:46 Oh yes I got it. Sep 03 15:43:23 That's absolutely correct. I realise it. One should modify packages on the repository they are fetched from by apt. Sep 03 15:43:29 Right? Sep 03 15:43:32 yes Sep 03 15:43:52 Yeah, I am conscious of this downside. Sep 03 15:46:51 and there's no point in musing about the signing keys in (or next to) /usr/share/hildon-application-manager/catalogues/ for you, since you don't have any alternative keys to provide there anyway Sep 03 15:47:56 how to correctly turn a signed into an unsigned repo for HAM is an entirely different and pretty complicated topic Sep 03 15:49:37 stuff n /etc/apt/trustdb.gpg. And whatnot else Sep 03 15:51:18 probably HAM takes care about that too. So I really suggest using HAM for editing HAM catalogs Sep 03 15:51:52 Right. Is the mirror at muarf.org signed or not? If yes, is the signature the same as for the original Nokia repos? When you use the .install files, do they install any key for verifying the signature, besides creating new catalogues? All questions that arise in my mind. I don't want to annoy you by pretending an answer. It's just what I am thinking about. Sep 03 15:52:20 is there a way to use .install files from command line? Sep 03 15:52:25 And yes, I'd use HAM to edit catalogues, but the default ones cannot be edited that way, as far as I know. They can only be disabled. Sep 03 15:52:36 it's a mirror, so the signatures are original nokia signatures and they don't match the mirror's URL Sep 03 15:53:26 when you use .install they don't explicitly create a new signature key Sep 03 15:53:43 Yeah, that's what I was suspecting! Sep 03 15:55:12 it feels a little pointless to discuss this stuff in epic width without knowing what's the goal of that exercise Sep 03 15:56:07 So if one removes the keys in the .xexp files, or put in another way creates another catalogue without signature by using the .install files, why does that work? Since there are no keys to verify the signature of the repos, should not HAM (or apt-worker) complain? Sep 03 15:56:22 Ok, yes, this is pure speculation (almost pure). Sep 03 15:56:58 The practical goal would be to have the original catalogues working by pointing to a mirror. Sep 03 15:57:23 that's an oxymoron Sep 03 15:57:42 original catalogues != mirror Sep 03 15:58:16 Well, the catalogues are the info on the local system, pointing to a repo, is that right? Sep 03 15:58:21 unless you add a indirection to /etc/hosts Sep 03 15:58:48 I mean I want to modify this info to point to the mirror, instead of disabling it and creating a new one. Sep 03 15:59:02 why? Sep 03 16:00:28 not that it'd be impossible (CSSU done similar), but the purpose is unclear Sep 03 16:01:26 Well, it's a matter of taste, let's say. Since the original repos are down and forever will be, there's no sense in keeping the original catalogues as they are and creating others. This is what I thought initially. Sep 03 16:01:46 Right, the other way in the end produces the same result. Sep 03 16:02:41 why would you want an immutable catalog entry pointing to an arbitrary mirror? Sep 03 16:03:10 would complicate matters to no end for users, once that mirror changes Sep 03 16:03:47 Yes, true. Sep 03 16:04:21 I was not thinking about other users - it's just for my personal use. If the mirror changes, I know how to correct again the catalogue entry. Sep 03 16:04:34 it's arguable if we should remove the original Nokia repos since they are and always will be dead. But replacing them by a random mirror doesn't feel like it's the right thing to do Sep 03 16:05:29 anyway, good luck, I'm afk for today Sep 03 16:05:32 o/ Sep 03 16:06:18 Bye DocScrutinizer05 . I will stop here for now - will investigate later. Sep 03 16:06:21 Thanks. Sep 03 16:31:03 is it possible to use the mirrored repositories with plain apt-get? `apt-get update` complains about old signatures for me Sep 03 16:31:20 complains doesnt equal 'not worky' Sep 03 16:31:28 errors out actually Sep 03 16:31:36 pastebin the error Sep 03 16:36:24 KotCzarny: http://pasted.co/f5a366a5 Sep 03 16:38:45 sources.list: http://pasted.co/d581e5db Sep 03 17:08:20 ~maemo-repos Sep 03 17:08:20 it has been said that maemo-repos is http://wiki.maemo.org/Repository#List_of_Maemo_repositories Sep 03 17:08:38 are you sure those linenoise mirrors match? Sep 03 17:09:08 they do, hmm Sep 03 17:09:32 copied from there Sep 03 17:09:43 but what about: Sep 03 17:09:49 # This is another mirror for the same thing as those above. Temporarily OFFLINE Sep 03 17:10:01 KotCzarny: I tried with muarf with the same error Sep 03 17:10:06 uhum Sep 03 17:10:15 was long time since i last updated Sep 03 17:10:57 but if apt dies on keyexpired it's another reason to resign packages in the mirrors Sep 03 17:11:02 that *does* work with FAM and HAM, but those seem to be using different source lists Sep 03 17:11:11 same URLs, nevertheless Sep 03 17:13:04 rhn_mk1: "W: " is *warning* Sep 03 17:13:24 Err http://maemo.linenoise.info ./ Release Sep 03 17:13:34 shouldnt it be wrn then? Sep 03 17:14:12 look at http://maemo.linenoise.info/, it's not any repo structure Sep 03 17:14:47 there's none of "Release" or any of the module dirs Sep 03 17:15:40 http://maemo.linenoise.info/downloads.maemo.nokia.com/fremantle/ssu/mr0 404, right? Sep 03 17:16:00 hmm actually not Sep 03 17:16:03 nope, loaded Sep 03 17:17:20 rhn_mk1: can you install any pkg from those mirrors via apt? Sep 03 17:17:21 anyway, I guess the error is about Release file not found in one of the places apt looks for them Sep 03 17:17:53 KotCzarny: can you give me an example? Sep 03 17:17:57 it's obviously _not_ a gpg error Sep 03 17:18:35 tutorial-home-applet ? Sep 03 17:18:49 seems safe enough to try Sep 03 17:19:32 if it's already installed you might add --reinstall to force reinstall Sep 03 17:20:27 http://paste.debian.net/984271/ Sep 03 17:20:32 it worked Sep 03 17:20:44 then i guess you can ignore those warnings Sep 03 17:21:05 KotCzarny: can you give me a random package from CSSU? Sep 03 17:21:11 anyway "W: GPG error: http://maemo.linenoise.info ./ Release: The following signatures were invalid: KEYEXPIRED 1349249546 KEYEXPIRED 1349249546 KEYEXPIRED 1349249546" is a *W*arning Sep 03 17:21:24 I'd like to figure out if these work Sep 03 17:21:32 which cssu flavour do you have? Sep 03 17:21:48 stable, if that's what you mean Sep 03 17:22:30 cssu server seems slow Sep 03 17:23:02 status-area-orientationlock-applet Sep 03 17:23:10 thanks Sep 03 17:23:43 also works! Sep 03 17:23:57 did you install cssu via installer ? Sep 03 17:24:15 KotCzarny: yes, and I added the line manually later Sep 03 17:24:41 the point of this exercise was to install CSSU from command line to save myself from typing Sep 03 17:24:49 um Sep 03 17:24:56 not recommended Sep 03 17:25:02 cssu installer does more than just changing repos Sep 03 17:25:08 indeed Sep 03 17:25:14 it should always be installed via recommended method Sep 03 17:25:17 it does, but does it need GUI for that? Sep 03 17:25:22 yes Sep 03 17:25:44 * rhn_mk1 is baffled but okay Sep 03 17:26:06 if you played around and run into troubles remember what you did Sep 03 17:26:07 long answer: not if you know *exactly* what and how to start, in which sequence, from cmdline. and even then a GUI will open Sep 03 17:26:16 easier to debug for cssu folks Sep 03 17:26:54 ack Sep 03 17:27:31 you can try dissecting installer to check if you missed any steps Sep 03 17:27:41 KotCzarny: I'm not concerned about that actually Sep 03 17:28:31 only about making a "simple" script to bring a system up to date, and publishing that if I can Sep 03 17:29:08 i would refrain from publishing, unless it gets blessed by cssu folks Sep 03 17:29:19 otherwise you will create more troubles than help Sep 03 17:29:22 that's why I'm here, asking questions :) Sep 03 17:29:24 rhn_mk1: if that had been any feasible, CSSU would have done it Sep 03 17:30:51 the point (among others) is about CSSU installer changing repos, and for that HAM needs to be inactive. Later on you need HAM again to run the CSSU update Sep 03 17:31:15 CSSU is one piece of the mess, mirrors are another, dead repositories and useless apps are one more Sep 03 17:31:30 thank nokia for that situation Sep 03 17:31:32 :) Sep 03 17:32:14 I thank CSSU people for trying to fix that, but if I can make improvements, why not try? Sep 03 17:32:27 in perfect world we would have already patched firmware update Sep 03 17:32:37 but for various reasons it's not going to happen Sep 03 17:32:48 do you know good lawyer? Sep 03 17:32:49 lazyflashing, click recommended.install, one-click install CSSU and follow the instructions (it actually needs more than one click, which is the point) Sep 03 17:33:07 this is the canonical method to bring a device up-to-date Sep 03 17:33:12 especially one that tackled big corpo issues Sep 03 17:33:21 I figured that's the case Sep 03 17:33:28 if you manage to clear the way, we are golden Sep 03 17:35:16 rhn_mk1: quite a few people looked into CSSU to improve the procedure. If you nevertheless can come up with improvements, don't hesitate to suggest them. However it takes quite some study to avoid the pitfalls in that process CSSU needs to use to switch standard SSU to CSSU Sep 03 17:36:59 DocScrutinizer05: the necessary step to updating (and then to customizing) installation is to get the command line to work. but if you're saying it's impossible to update CSSU this way, then I guess there's nothing to be done Sep 03 17:37:10 s/update/install/ Sep 03 17:37:11 rhn_mk1 meant: DocScrutinizer05: the necessary step to updating (and then to customizing) installation is to get the command line to work. but if you're saying it's impossible to install CSSU this way, then I guess there's nothing to be done Sep 03 17:37:20 huh, neat Sep 03 17:39:37 it's a two-step process where HAM installs CSSU-enabler and then quits. And CSSU-enabler changes the repos (while HAM being inactive) and then starts HAM (and apt) again to do the real update Sep 03 17:39:45 iirc Sep 03 17:40:20 sounds simple enough, thanks Sep 03 17:40:53 does CSSU-enabler use the system-wide sources.list or the HAM one? Sep 03 17:40:57 you can't automate that process in a simple manner, unless you exploit alarmd or whatever to restart stuff after everything terminated Sep 03 17:41:13 cssu enabler uses ham in the process Sep 03 17:41:24 ^^^ Sep 03 17:41:31 I see Sep 03 17:41:40 if I get anywhere, I'll let you know Sep 03 17:41:51 and most tricky part is ham failing quietly for some users with weird repos/packages Sep 03 17:41:57 without reporting it Sep 03 17:42:33 why does it use HAM instead of just apt-get? Sep 03 17:42:35 there's a possible way to schedule a timed execution of CSSU-enabler from CSSU-enabler's post-install script Sep 03 17:42:46 but that's... icky Sep 03 17:43:00 because HAM does more than apt-get Sep 03 17:43:41 that's why you never install core system stuff via apt Sep 03 17:43:48 always use HAM for that Sep 03 17:43:58 that's important advice, I didn't know Sep 03 17:44:04 what is the extra stuff then? Sep 03 17:44:23 stuff like stoping/starting services etc iirc Sep 03 17:44:36 priorities, whatnot else Sep 03 17:44:55 requesters the user needs to nod off Sep 03 17:46:05 when you e.g install sshd from apt, you nevertheless get a GUI requester you need to nod off, or in this case even enter new password iirc Sep 03 17:47:15 there's quite some HAM specisic stuff in some packages, and system updates cause HAM dto take care about needed reboots and service restarts and whatnot Sep 03 17:47:36 I don't know details Sep 03 17:48:15 I just know "NEVER EVER do a apt-get upgrade|dist-upgrade" Sep 03 17:48:43 which is what it basically boils down to Sep 03 17:50:49 ((if I get anywhere, I'll let you know)) the problem with this approach usually is: others been there, done that, and found about the hidden issues during weeks of research and bugfixing Sep 03 17:51:17 it's not as simple as "seems to work for me" Sep 03 17:51:37 indeed Sep 03 17:51:50 now I agree that it's not something I can do in a weekend Sep 03 17:52:24 which is a shame anyway :( scriptability rules Sep 03 17:54:11 we all agree on that, and it's a sticky topic on CSSU. You may consider CSSU as a "as good as it gets" probably Sep 03 17:54:41 if there had been a way to streamline it further, *for sure* it had been implemented Sep 03 17:55:35 the above mentioned alarmd (sort of atd alike cronjob thing) "improvement" has usability / UX issues Sep 03 17:57:17 the device acts weird, starting stuff without clear plan that would be obvious to the user. Also involves timing isses aka race conditions etc Sep 03 17:58:14 I *think* "recently" Pali looked into exactly that Sep 03 17:58:21 I imagine there's also backwards compatibility issue with all the packages which were written assuming they are installed by HAM too Sep 03 17:58:33 yes, of course Sep 03 17:59:05 not in CSSU installation context maybe Sep 03 17:59:11 but generally of course Sep 03 18:07:05 looking at http://wiki.maemo.org/Red_Pill_mode gives an idea what HAM does "behind the scenes" Sep 03 18:07:29 note that red pill got re-activated by CSSU Sep 03 18:10:48 it's similar to what dnf is doing Sep 03 18:11:13 age old stuff but maybe still interesting: http://wiki.maemo.org/Task:Improving_the_Application_manager Sep 03 18:14:05 also note: Sep 03 18:14:09 ~speedyham Sep 03 18:14:09 extra, extra, read all about it, speedyham is 30 times faster than HAM https://github.com/community-ssu/hildon-application-manager, now included in CSSU. Sep 03 18:15:39 is this stable? Sep 03 18:16:20 I'm using it without any known error Sep 03 18:16:56 freemangordon optimized parsing apt list/cache so it is really 30 times faster Sep 03 18:17:58 yes, actually like 32 times Sep 03 18:18:16 it's in CSSU, that says all about being stable Sep 03 18:19:50 https://github.com/community-ssu/hildon-application-manager has a nice readme Sep 03 18:20:00 plus more docs Sep 03 18:20:52 https://github.com/community-ssu/hildon-application-manager/tree/master/doc Sep 03 18:22:19 Enrico_Menotti: https://github.com/community-ssu/hildon-application-manager/blob/master/doc/scripting.txt - for xexp which actually are X-expressions Sep 03 18:25:34 >> - `essential` :: When present, marks the catalogue as essential. Essential catalogues can not be removed or edited by the user.<< Sep 03 18:32:56 >> If you want to test a multi-package installation script, put the Application Manager into red-pill mode; then it will use the multi-package confirmation dialog when there is more than one package to install.<< gives me some ideas :-D Particularly re ~jrtools etc Sep 03 18:37:54 Pali: how about creating a multi-package install file to get a "recommended set of tested and found useful packages" installed by one click? Sounds like a convenient thing for (particularly new) users Sep 03 18:39:00 the multi-package confirmation dialog (known from hildon restore) still allows user to choose which packages to actually get and which to reject Sep 03 18:42:01 * DocScrutinizer05 glares at http://maemo.cloud-7.de/maemo5/et_al/HAM-catalogs/BM.install in light of `with-temporary-catalogues` instruction. Prolly I should fix that Sep 03 18:44:30 hmm wait, that's scripting, not installfiles# Sep 03 18:49:32 LOL! >> Whenever a memory card is inserted that contains a file called `.auto.install`, that file is processed by the Application Manager. Usually, the `.auto.install` file contains a `card\_install` group, of course.<< Sep 03 18:53:51 meh! no `with-temporary-catalogues` in .install files Sep 03 19:01:07 hmm, https://github.com/community-ssu/hildon-application-manager/blob/master/doc/temporary.txt Sep 03 19:16:25 Pali: how am I supposed to install gconf chema file? Sep 03 19:26:34 https://projects.gnome.org/gconf/ >>Schema files Application developers create files called schema files, traditionally ending in the .schemas extension. These are in a nice human-readable format. These files are not used by GConf directly. Instead, when you "make install" or install an RPM/deb package, gconftool can be invoked to take the schemas in the schema file for an application and install them into one of the configuration Sep 03 19:26:35 sources. The schema install process also associates schema names with keys, so GConf can find the right schema for a given key. ...<< Sep 03 19:26:52 I found something called gconf-schema Sep 03 19:28:06 "something"? Sep 03 19:29:07 freemangordon: see some postinst debian script of some package Sep 03 19:29:36 they are installed by postinst scripts Sep 03 19:30:04 freemangordon: so any package on github needs to be packaged, aye? Sep 03 19:30:43 from https://github.com/fremantle-gtk2 Sep 03 19:30:49 Wizzup: excluding one or 2, yes Sep 03 19:31:23 Wizzup: and most (if not all) need debian/changelg fixed, by the autobuilder script or dunno Sep 03 19:31:40 they probably also need control file fixes and such Sep 03 19:31:53 Source-Version has to become $source:Version, and other things Sep 03 19:32:12 I'd probably aim for all deps of hildon-desktop + hildon-desktop itself first Sep 03 19:32:15 should be plenty of fun Sep 03 19:32:21 we have forked gtk2, right? Sep 03 19:34:05 should we call it gtk2 on disk, or perhaps call it mgtk? (yes, we'd have to change everything that depends on it) Sep 03 19:34:08 just wondering Sep 03 19:38:44 no, keep it gtk Sep 03 19:38:53 ok Sep 03 19:39:02 so it won't break 'normal' applications? Sep 03 19:39:02 iirc I changed debian/changelog Sep 03 19:39:05 yes Sep 03 19:39:08 sweet Sep 03 19:39:22 we will have to keep it at a higher version than devuan's, or otherwise lock it somehow Sep 03 19:39:26 so hildon-desktop (or some other package) should depend on that modified version Sep 03 19:39:31 my idea was to add our maemo-devuan things as extra repo Sep 03 19:39:32 ok Sep 03 19:39:39 instead of one 'merged' repo Sep 03 19:39:45 seems easier for us Sep 03 19:39:47 right Sep 03 19:47:53 Wizzup: if you go that way, i'd recommend investigating apt pinning a bit more Sep 03 19:48:22 depending on it, you could have the repo push its priority through a specific (meta)package Sep 03 19:48:55 this of course applies only for packages existing in devuan Sep 03 19:54:43 shouldn't be too hard Sep 03 19:54:48 I've done pinning before I think Sep 03 19:55:09 and to be honest, I don't care if things break in the start, a fix is probably a simple apt-command away Sep 03 19:55:18 Let's just get her going, and then we'll figure out what breaks Sep 03 19:57:15 agree Sep 03 20:15:45 DocScrutinizer05 https://github.com/community-ssu/hildon-application-manager/blob/master/doc/repository.txt explains extensively what I wanted to know about package domains and the domain file. Thanks for pointing me there. What I miss now is: where is the info stored about the domain a package was originally installed from? Sep 03 20:17:07 with a ton of salt: I think it's never stored anywhere. with all the puzzling consequences Sep 03 20:18:41 hildon backup stores a list of package names to re-install, plus a list of cirrently activated repos. If the packages are not mathing the repo list, just too bad Sep 03 20:18:49 it is stored Sep 03 20:18:56 but I can;t remember where Sep 03 20:19:08 I would guess somewhere in /var/ Sep 03 20:19:20 * freemangordon checks Sep 03 20:19:24 maybe inside the .deb cache somewhere Sep 03 20:20:08 I'm pretty sure hildon backup doesn't backup that info, though they rather should Sep 03 20:20:38 It should be stored: >>The AM classifies the package repositories into 'domains' and upgrades Sep 03 20:20:39 to already installed packages must (usually) come from the same domain Sep 03 20:20:40 that the package was originally installed from.<< Sep 03 20:20:50 yes, it is stored Sep 03 20:21:31 hmm, ok. Take that salt for the soups you eat the rest of your life, then :-D Sep 03 20:23:29 :) Sep 03 20:25:16 Enrico_Menotti: /var/lib/hildon-application-manager Sep 03 20:27:12 Thanks. I'm investigating. Sep 03 20:41:15 Maybe I got the whole process. (Or maybe I'm still missing some detail.) I try to recap. Sep 03 20:41:21 >>Repositories are associated with domains based on the key that they Sep 03 20:41:21 have been signed with.<< Sep 03 20:42:15 The association is in /usr/share/hildon-application-manager/domains/variant-domains.xexp. Sep 03 20:42:38 When a package is installed, the domain it is installed from is recorded. Sep 03 20:44:19 In /var/lib/hildon-application-manager there are files beginning with domain. and ending with the domain name, one for each domain defined above. When a package is installed, its name is recorded in the file corresponding to the domain it has been installed from. (Well, I think so.) Sep 03 20:45:12 Now HAM finds, from the catalogues, a new version available for some package, stored in a certain repo, signed with a certain key. Sep 03 20:45:30 From the key, the repo is associated to a domain. Sep 03 20:45:58 also, there are domain priorities :) Sep 03 20:46:17 If the domain the new version comes from is different from the domain the original package had been installed from, HAM issues the "wrong domain" error. Sep 03 20:46:37 you can;t install a package from a domain with a lower priority over a one from a domain with a higher Sep 03 20:46:57 no, wrong domain is only where the priority is lower, iirc Sep 03 20:47:02 *when Sep 03 20:47:22 With the exception that there is the "trust level" (rather than priority): a package may move from a domain to another with higher trust level. Sep 03 20:47:31 freemangordon A min, I'm still writing. Sep 03 20:49:47 Now what I think happens here: the key used for signing the version of the original Nokia repos which is mirrored in muarf.org is not inside my variant-domains.xexp file. As a consequence, the domain associated to the mr0 repo becomes "signed" (it's a fallback of HAM, defined by default). This has trust level 1. Sep 03 20:50:40 The original domain of packages contained in mr0 is nokia-system, which has trust level 600. Sep 03 20:51:07 So a package having a new version in mr0 may not be installed since it would be moved to a domain with lower trust level. Sep 03 20:52:10 If I remove the variant-domains.xexp file, all repos become "signed", but most important the trust levels of all domains are lost. So the nokia-system domain gets trust level 0. Sep 03 20:53:03 At this point all updates may be installed, since packages move to a domain identical to the original one, or to signed, which has trust level 1, higher than the trust level of the original domain. Sep 03 20:53:19 Ok, it's just an hypothesis. Does this make sense? Sep 03 20:53:27 freemangordon Finished, thanks. Sep 03 20:54:49 A check would be by finding out the fingerprint of the key used to sign the original Nokia repos mirrored in muarf.org, and see whether or not it is stored in my variant-domains.xexp. Sep 03 20:55:40 Please let me know your opinion about this reconstruction. Sep 03 20:58:03 sounds about right Sep 03 21:00:38 If things are this way, problem solved: I just need to add the fingerprint of the key used to sign the mr0 repo on muarf.org. How to find it? Sep 03 21:02:11 (Or maybe I get all right when I install the cssu. That should be up to date with keys and so on.) Sep 03 21:33:10 Well, may also be I have the fingerprint, but since the key is expired, the repos are not assigned the corresponding domain. Sep 03 21:53:00 Oh. I changed the year in my N900 clock, by setting it to 2010. At this point the keys are valid. Domains are recognised properly. I get other few "wrong domain" errors, now for repository.maemo.org. I guess the key is newer than 2010. Sep 03 21:58:49 So no way - the repos should be signed with a valid key. I will do a workaround by setting the trust level of nokia-system and nokia-certified to 1, so when the original Nokia repos mirrored at muarf.org are recognised as domain "signed" (since the key has expired), thus with trust level 1, packages may be moved to that domain. The downfall is that packages will be registered as having been installed from domain Sep 03 21:58:49 "signed". Sep 03 22:10:15 Just one correction: I have set the trust level to 0, not 1. This because, in order to switch a package to a different domain, the new domain trust level must be higher (not equal) than the trust level of the old domain. Sep 03 22:10:25 ((If things are this way, problem solved: I just need to add the fingerprint of the key used to sign the mr0 repo on muarf.org)) no, muarf is still signed with original nokia key, but the URL stored in that key doesn't match *muarf* Sep 03 22:11:40 DocScrutinizer05 Well, the error in the log says "expired". In fact if I set the year in the clock to 2010, no more errors. Sep 03 22:13:17 this is no error, it's a warning Sep 03 22:14:41 Yeah but seems the key is not considered valid to identify the domain. If I set the clock to 2010, the domain is correctly identified. Sep 03 22:16:16 Actually it is W: GPG error. Sep 03 22:19:25 Bed time. G'night. Sep 03 22:23:19 whatever, W is Warning, and the Nokia key is expired and can't get updated, and mirrors so far don't use new signing keys but simply copy the original Nokia signature Sep 03 22:26:48 and I really don't get what exactly is the problem. I don't see stuff failing from the expired keys, but maybe that's just me Sep 03 22:29:10 probably when you flash a PR1.2 or PR1.1 repo and then try to upgrade to PR1.3 level via SSU, you actually could run into errors from that. When you flash PR1.3 then I don't see any packages that could get updated from Nokia's repos and thus would fail because of lack of trust Sep 03 22:29:36 s/repo/fiasco image/ Sep 03 22:29:37 DocScrutinizer05 meant: probably when you flash a PR1.2 or PR1.1 fiasco image and then try to upgrade to PR1.3 level via SSU, you actually could run into errors from that. When you flash PR1.3 then I don't see any packages that could get updated from Nokia's repos and thus would... Sep 03 22:30:53 installing "new" packages should still work since there's no previous packahe on your system from a source with higher trust level **** ENDING LOGGING AT Mon Sep 04 03:00:00 2017