**** BEGIN LOGGING AT Mon Aug 05 03:02:02 2019 Aug 05 06:01:47 ynezz: this is something tricky/hacky https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=e92a14709d37f64dcba8c81fa51e61e5f10f439a ("kernel: generic: fix fonfxc uimage parser") Aug 05 06:03:20 ynezz: mtdsplit_uimage_parse_fonfxc() could be called only in two cases: Aug 05 06:03:23 1) DT with "fonfxc,uimage" Aug 05 06:03:37 2) some platform/mtd code explicitly asking for "fonfxc-fw" Aug 05 06:03:55 sorry, replace above 2 with Aug 05 06:04:16 2) trying to parse "firmware" partition Aug 05 06:05:15 oh my, what a hacky workaround by someone not trying to understand the real issue Aug 05 06:05:51 so by doing that: Aug 05 06:06:17 if (!np_mtd || !of_match_node(mtdsplit_uimage_fonfxc_of_match_table, np_mtd)) Aug 05 06:06:19 return -ENODEV; Aug 05 06:06:20 you just made sure this parses fires only when requested from the DT Aug 05 06:06:28 if that is really what you want, then just drop Aug 05 06:06:29 .type = MTD_PARSER_TYPE_FIRMWARE, Aug 05 06:06:33 and don't add that hack Aug 05 06:08:05 ynezz: i'm happy to help reviewing parsers patches, but I need to be e-mailed Aug 05 06:08:11 or pinged here, whatever Aug 05 06:27:56 morning Aug 05 07:05:25 rmilecki: ok, noted, thanks for the post review Aug 05 07:11:26 ynezz: thanks for closing the patchwork ticket for mt7623 Aug 05 07:11:32 i thought i did that already Aug 05 07:11:52 regarding procd=1, you stung into a bees nest, the discussion is ages old Aug 05 07:21:29 blogic: yes, another one, more to come probably Aug 05 07:23:39 it simply seems to me, that USE_PROCD=1 is somehow a default for some time already, so why not make it implicit Aug 05 07:24:07 you had a valid point, that we should still support the sysv init scripts, but this could be made explicit Aug 05 07:25:33 USE_SYSV=1 or `#!/bin/sh /etc/rc.sysv` or something similar Aug 05 07:45:15 rmilecki: so I've re-read the code again, so it seems like `fonfxc,uimage` is uimage with 32 bytes larger header and this 32 bytes are just filled with zeroes Aug 05 07:45:27 ynezz: it will only attract the trolls with no added benefit Aug 05 07:45:31 ynezz: i didn't analyze the format Aug 05 07:45:38 ynezz: just the logic for firing that code (function) Aug 05 07:45:51 ynezz: also we have ike 1000+ packages int he feed that dont use the feature Aug 05 07:46:04 and you wont be able to drop $random init.d script into the rfs Aug 05 07:46:09 ynezz: that new code just makes function return in case it wasn't called based on DT entry Aug 05 07:46:24 rmilecki: so maybe we can just add some magic in that padding and check for that magic instead of this forced type in DT? Aug 05 07:46:25 ynezz: which means function was called due to the MTD_PARSER_TYPE_FIRMWARE Aug 05 07:46:37 yes, I understand this part now, thanks Aug 05 07:46:43 ynezz: so if we really want it to work with DT case ONLY, then just drop MTD_PARSER_TYPE_FIRMWARE Aug 05 07:47:50 it seems to me, that it would be better to have it automagically detected as the other formats Aug 05 07:48:07 the question is if the bootloader is going to allow this magic in that padding Aug 05 07:48:54 if we can't have any magic to check for in that padding, then there's no other option how to distinguish between normal uimage and fonfxc one Aug 05 07:50:21 blogic: I could convert those without USE_PROCD=1 into USE_SYSV=1 in the package feeds (75 packages?) Aug 05 07:52:29 blogic: anyway, it seems that this type of changes brings a lot of friction, and I really don't want to waste more time on this, so I'll simply move on Aug 05 07:55:40 ynezz: that is what i did the last time i oened that can of worms Aug 05 07:58:21 'lo Aug 05 07:58:29 jow: hi there Aug 05 08:00:30 ah the egoless prophet has been active Aug 05 08:04:07 ynezz: the reason for IGNORE_ERRORS="n m" is build resilience Aug 05 08:04:23 ynezz: there's almost always something broken Aug 05 08:04:41 for phase1 we don't care if random bloatware fails to build if its not going to end up in the image Aug 05 08:04:57 for phase2 we would never achieve a complete build if we'd hard fail on errors Aug 05 08:07:27 * russell-- stares at this, longingly: https://patchwork.ozlabs.org/patch/1137962/ Aug 05 08:08:25 jow: ok, then there's something not working properly with the dependencies, as ar71xx/mt7620 have adb-enablemodem=y (in the images) which then depends on adb which fails to build Aug 05 08:08:47 jow: so in order to improve this for next time, should I just add adb to the image dependencies as well? Aug 05 08:08:59 I guess so Aug 05 08:10:13 russell--: I really don't get this, I've explicitly told you, that if the scons is not moved to the package feeds this week, then I'm going to merge this patch as it is Aug 05 08:10:40 i don't understand why just merging it is a problem Aug 05 08:11:12 why link the two things? Aug 05 08:11:20 because then the pending PR against packages needs to get updated, which would then invalide the existing review Aug 05 08:11:22 because it would mean more work, as I would need to update the PR against package feed Aug 05 08:11:34 it would also introduce two failure causes at once in close proximity (move & update) Aug 05 08:12:15 just noting it is breaking olsrd, ultimately right now Aug 05 08:12:26 and that's why I've assigned this patch to myself, so it won't get accidentaly merged by someone else Aug 05 08:12:37 3.1.0 works Aug 05 08:13:27 good, I believe, that once the scons is in the package feeds, it's very likely, that such bumps are getting merged faster Aug 05 08:14:31 the packages feed seems to be the bottleneck right now, or am i wrong? Aug 05 08:15:22 no, I don't have this feeling, I've opposite feeling Aug 05 08:17:29 sigh Aug 05 08:29:53 rmilecki: https://github.com/openwrt/openwrt/pull/2294#issuecomment-518138653 Aug 05 08:30:27 ynezz: thank you Aug 05 09:31:35 blogic: FYI http://buildbot.openwrt.org/master/images/builders/mediatek%2Fmt7622/builds/34 Aug 05 10:00:29 jow: any idea about this one `Package adb is missing dependencies for the following libraries: libcrypto.so.1.1` yet it has `DEPENDS:=+libopenssl` Aug 05 10:02:44 ynezz: thx, will fix it for v4.14 the dts is only in v4.19 Aug 05 10:16:42 ynezz: no, not without further context Aug 05 10:17:05 ynezz: maybe the depdendency is ineffective or wrongly parsed (which would also explain why buildbot does not catch it) Aug 05 10:17:12 check tmp/.packagedeps Aug 05 10:19:58 buildbot is failing on https://git.openwrt.org/ecc829f22d413904a51967a08d98f056d43a1fca Aug 05 10:20:24 and would probably fail later on that openssl dependency which I'm seeing here OR maybe it's just my local hiccup Aug 05 10:25:52 thanks, removing the tmp/.packagedeps did the trick Aug 05 10:58:41 new kernel bumps pushed to staging Aug 05 11:21:24 jow: does it look reasonable https://git.openwrt.org/e16e0b43e839b9db7ddadd55eb78722a84770e29 ? Aug 05 12:15:43 new vulnerabilities in WPA3 https://wpa3.mathyvanhoef.com/#new Aug 05 12:15:43 how is OpenWrt keeping up/pace with source development fixing potential attack vectors, particularly with upcoming 19.07? Aug 05 12:17:28 https://tools.ietf.org/html/draft-harkins-eap-pwd-prime-00 Aug 05 12:38:33 ynezz: I'm not sure how this is supposed to help, can you explain? Aug 05 12:39:35 tmn505: sent pm w/link Aug 05 12:53:17 Edg9vAXYD: fixes/updates are applied/backported as they become available; in case of the new vulnerabilities since they are issues in the standard itself, not implementation, fixing them breaks existing setups, we probably need to wait for a new standard first (wpa 3.1) Aug 05 12:54:12 I mean yes, a wifi where noone can connect is the most secure ;) Aug 05 13:23:12 KanjiMonster: now the builds fail in the image build step, but they should fail in the package/build step, right after adb can't be build Aug 05 13:23:42 so how should I reword the commit message in order to make it more clear? Aug 05 13:23:57 ynezz: I tried, and it didn't. adb is selected by adb-modemsomething, so both stay =m, with and without the patch Aug 05 13:24:40 and IGNORE_ERRORS='n m' by the buildbots makes sure it won't fail in the package/compile step Aug 05 13:26:26 ok, so it makes no sense then, thanks for looking into that! Aug 05 13:27:56 we would either need to introduce a new selection state (device packages), or make the ignore_errors code treat m for things that are device packages as y Aug 05 13:29:13 the opposite direction would be to make rootfs generation due to missing packages non-fatal, and treat it similar as when images grow too large (just spew out some errors, but still continue to build other images) Aug 05 14:39:19 ynezz: KanjiMonster: ah the adb thing is due to per-device rootfs? Aug 05 14:39:29 Can't look closely into it before tomorrow or so Aug 05 14:40:54 jow: ynezz: yupp. it also looks that adb is a pure runtime dependency, as adb-enablemodem builds fine even without it Aug 05 14:41:45 I couldn't decide between "looks like" and "seems that" ... Aug 05 14:56:44 indeed, it's runtime dependency Aug 05 15:08:09 Apparently, make package/.../pkgname/clean does not remove host binaries: 'make package/libs/gmp/clean V=s', then 'find build_dir/ -name "*libgmp*"' reveals the existence of gmp host binaries in build_dir/host/gmp-6.1.2/.libs/. Is there a make command to clean host binaries, other than make dist-clean? Aug 05 15:08:51 make package/foo/host/clean Aug 05 15:10:04 specifically make package/gmp/host/clean Aug 05 15:11:09 jow: just tried it, and nope, the binaries in build_dir/host/gmp-6.1.2/.libs/ are still there Aug 05 15:11:12 very odd Aug 05 15:11:44 Make dirclean also cleans much everything Aug 05 15:12:13 not only in gmp-6.1.2/.libs, but also in gmp-6.1.2. Aug 05 15:12:43 olmari: everything means all libraries, not only the ones for a particular package? Like dist-clean? Aug 05 15:13:10 valku: maybe it was a tool build of gmp Aug 05 15:13:25 there also is tools/gmp/ Aug 05 15:13:31 iirc there#s no clean target for tools Aug 05 15:14:29 tool build? Never heard of it before :-( Should I try simply removing host/gmp-6.1.2 if there is no easy way to use make ... clean? Aug 05 15:15:09 what is the actual problem you're facing? Aug 05 15:16:00 jow: wow, "make tools/gmp/clean V=s" did the trick! Aug 05 15:16:02 host builds of packages go into build_dir/hostpkg/ iirc. The build_dir/host/ directory is used by the buildroot itself for host builds of tools like sed, tar, gmp etc. Aug 05 15:16:16 I was getting errors like configure: error: libgmp not found or uses a different ABI (including static vs shared). Aug 05 15:16:25 ah ok Aug 05 15:16:28 after upgrading my desktop from Ubuntu 16.04 to 18.04 Aug 05 15:18:00 Awesome, my build system is working again now and I no longer get the "different ABI" error. Thank you jow :-) Aug 05 16:01:58 valku dirclean is almost same as distclean, but leaves you config (maybe some other minutiae too, but anyways) not that it matters anymore I see =) Aug 05 16:02:49 olmari: thank you, duly noted. Do you know if dirclean also removes feeds/, like distclean? Aug 05 16:06:43 Btw I found other ABI conflicts. libgmp was just one part of the problem. In the end, I went for distclean to be sure that I have no binary incompatibilities. Apparently, OpenWrt build system is not quite portable from one desktop to another. Rebuilding the build root from scratch seems to be a necessary consequence of upgrading one's desktop OS. Aug 05 17:32:16 Anyone else getting "Error: no suitable libnftnl found" building 19.07? Aug 05 17:32:16 Error had been there for a week or so now for me. nftables is currently broken. Aug 05 17:50:24 5GHz Wifi is currently somehow bad with my Archer C7 v2. Is there anything currently known about openwrt? Very weak signal only to receive. Aug 05 17:54:31 hsp: are you using the -ct driver? Aug 05 17:55:05 -ct ?? Aug 05 17:55:47 there are two drivers for the 5ghz interface available. ath10k and ath10k-ct Aug 05 17:56:26 which one should you take? Aug 05 17:56:46 if one does not work right, change to the other one Aug 05 17:56:58 and where can I change that? Aug 05 17:57:31 System > Software Aug 05 17:58:36 well, there is also ath10k-ct-htt wifi firmware Aug 05 17:58:48 this is correct Aug 05 17:59:23 do I have to install and uninstall what? Aug 05 17:59:52 i am not the expert :) Aug 05 18:00:08 Look for ath10k and -ct after updating the lists of course Aug 05 18:00:24 Install one, remove what you actually have Aug 05 18:02:01 kmod-ath10k-ct Aug 05 18:02:37 currently I have kmod-ath10k Aug 05 18:56:55 cotequeiroz: does it make sense to make the curve configurable Aug 05 18:58:50 hmm actually rsa already is. nvm. Aug 05 19:01:34 I thought it wouldn't hurt much. Aug 05 19:02:03 I don't like the actual syntax I've copied from openssl to px5g, but it works. Aug 05 20:18:37 higher than p256 seems pointless. Aug 05 20:21:27 You have to go up to 384 bits to achieve the maximum score for key exchange on ssllabs.com. Aug 05 20:21:59 lovely... Aug 05 20:22:23 and https://safecurves.cr.yp.to/ says even p384 is not safe Aug 05 20:25:25 stintel: whatever happened with this? https://github.com/openwrt/packages/pull/9451 Aug 05 20:25:29 The problem is that beyond that, browser support is spotty at best and autonegotiation does not seem to be supported. Aug 05 20:26:37 the safecurves thing is a conspiracy :). it mainly points out that it's a slow curve because of really bad decisions by the NSA Aug 05 20:28:15 can't use montgomery ladder, since the cofactor is too big IIRC Aug 05 20:29:08 * mamarley throws hardware at the problem. Aug 05 20:29:30 it's not enough for crypto. crypto is never fast enough. Aug 05 20:31:08 that PR ... I don't understand it. haven't tried hard enough probably. also been roadtripping Aug 05 20:32:56 if the author fixes the indentation issue, I'll merge it, as dedeckeh said it looks fine. I don't use the feature it touches, I think Aug 05 20:35:27 i lied. the cofactor for P256 is 1. It must be more than 1 to convert to montgomery format Aug 05 20:35:45 Maths are hard. Aug 05 20:36:13 well, ECC is not too compilated. It's algebra, not calculus Aug 05 20:36:33 * mamarley runs away at the mention of calculus. Aug 05 20:38:03 hahaha Aug 05 20:39:48 I used ECDSA p256 keys for ustream-ssl instead of RSA 2024 and it was about 5 times faster Aug 05 20:40:18 I should probabaly continue to get ECDSA into ustream-ssl in OpenWrt Aug 05 20:41:15 Hauke: patches are up on the mailing list Aug 05 20:41:24 ah ok Aug 05 20:43:54 mangix: do you have a link? Aug 05 20:47:00 oh never mind. I was thinking of uhttpd: https://patchwork.ozlabs.org/patch/1142422/ Aug 05 20:50:45 Hauke: Doesn't ustream-ssl already support ECDSA well enough? I've just sent patches tweaking the ciphersuite a bit, and enabling TLS 1.3 with wolfssl. Aug 05 20:51:21 https://patchwork.ozlabs.org/patch/1142452/ and https://patchwork.ozlabs.org/patch/1142453/ Patchwork did not get the series right. Aug 05 20:54:47 I need to learn how to come up with series titles that patchwork can understand. Aug 05 21:02:33 I added support for ras na decdsa in parallel Aug 05 21:02:38 *ecdsa Aug 05 21:02:42 but I think this is not needed Aug 05 21:02:49 all browsers support ecdsa by now Aug 05 21:05:02 cotequeiroz: nice Aug 05 21:05:20 cotequeiroz: I think we should increase the exipiery date, currently it is 3 years, I would prefer 10 years Aug 05 21:05:47 We do not have a way to renew certifiactes Aug 05 21:06:48 11 Aug 05 21:11:38 I would consider doing renewal, with a new key instead of using the same key for 10 years.... Aug 05 21:13:32 I got to go now. Aug 05 21:14:22 What is your go-to dynamicdns service? Aug 05 21:14:49 cotequeiroz: a better renewal process would also be nice Aug 05 21:15:14 fwiw, 3-years is the most modern browsers are willing to accept entity certificates for. See Ballot 193 of the CA/Brwoser Forum. Aug 05 21:16:06 pekster: what about self singed certificates? Aug 05 21:16:54 The AVM Fritz box uses a certificate valid for 10 yeras, I have a netIO Power switch there is a button in the Web UI to renew the certificate Aug 05 21:16:59 That might be longer; I don't recall offhand if the intent was to have browsers restrict timeframe as well, or only the issuing CAs with "root keys" in public browser stores. Aug 05 21:18:31 oh lovely. there's a new release of bzip2 Aug 05 21:19:51 don't worry, the new versions are being rewritten in rust… Aug 05 21:20:20 (yes, I do know that the traditional C based branched got updated as well) Aug 05 21:23:57 there's a rust bzip2? is it official? Aug 05 21:24:17 * mangix hates rust for the same reason he hates c++ Aug 05 21:25:43 https://people.gnome.org/~federico/blog/maintaining-bzip2.html Aug 05 21:45:15 CMake??? Aug 05 21:46:05 there seem to be two bzip2 repos. That one and the one at sourceforge Aug 05 21:46:42 *sourceware Aug 05 22:07:15 Hauke: good timing, I was just reading that bmork's rant about broken mvebu :) Aug 05 22:10:45 ynezz: should work again Aug 05 22:35:24 Hey yall, do you know why my lua is sluggishly slow? It started a few updates ago (I update once every 2-3 months) using master branch happens on both wrt1900ac and wrt3200acm Aug 05 22:35:55 like It will take time to load the log in, then enter password but wont load until I press the button twice Aug 05 22:39:58 I don't follow Aug 05 22:40:30 what has Lua common with log in? Aug 05 22:40:48 luci Aug 05 22:41:00 ahh :) Aug 06 01:20:25 thagabe: can you narrow it down a bit more? Aug 06 01:20:40 do you use "privacy" type browser extensions? Aug 06 01:21:08 luci had some patches that changed some caching and variousohter things, but you really need to narrow it down a biit more Aug 06 01:40:21 I'm re-doing my image config, writing down my config so i dont use my config, and finally going to tftpd the img vs sysupgrade Aug 06 01:40:49 I am not using any type of extensions Aug 06 01:40:53 on chrome Aug 06 01:41:48 I would have said i use zram but I only use zram cache on my main router but it also does this on my repeater router which does not have zram cache Aug 06 01:41:57 karlp Aug 06 01:43:58 you're probably going to have to try and and narrow down the luci build more. are you on 18.06, 19.06 or master branches? what are your metrics? Aug 06 01:47:11 I've always been on master but it has happened on 19.06 as thats the one im using right now. What do you mean metrics? Aug 06 01:48:08 what does "sluggish" mean, how are yo measuring it, how could someone else confirm/reject your findings? Aug 06 01:49:24 Ah Aug 06 01:49:37 I can grab a screen capture and show you Aug 06 01:50:43 basically the gui will not load, I have to refresh the browser. Fill in the password, must press enter twice. Sometimes the gui loads sometimes i have to refresh the browser. I am not using luci minimal flag **** ENDING LOGGING AT Tue Aug 06 02:59:57 2019