**** BEGIN LOGGING AT Mon Aug 19 02:59:57 2019 Aug 19 06:32:49 *yawn* Aug 19 07:01:42 Hauke: No, I didn't run-tested it yet. just red somewhere you had compile issues :-) Aug 19 08:42:55 jow: i'd like you give you some idea how I'd like LuCI to behave when doing sysupgrade and see if that sounds good to you Aug 19 08:42:57 i'd like LuCI to 1) upload firmware 2) validate firmware using /sbin/check_image 3) if firmware is not valid but can be forced, display a proper warning + info why image validation has failed Aug 19 08:43:21 jow: see [PATCH RFC] base-files: add /sbin/check_image Aug 19 08:53:02 rmilecki: why a new one-off script with an overly generic name instead of "sysupgrade -c" ? Aug 19 08:53:47 (didn't see the RFC mail yet, will read it now) Aug 19 08:55:42 1) I find /sbin/sysupgrade too big/messy already Aug 19 08:55:46 2) it's meant to be somehow independent as I want to expose it as a separated ubus method in the future Aug 19 08:55:47 3) it's not meant to mess with /sbin/sysupgrade variables Aug 19 08:56:19 i'd like sysupgrade to be fully exposed using ubus at some point Aug 19 09:10:02 ldir: Thanks for merging my firewall3 patch. I have to admit that I had forgot about it, and I have some local fixes to the patch. I will prepare another patch with my fixes and hopefully submit later today Aug 19 09:51:39 rmilecki: I do not like the idea at all to have firmware image checks outside of sysupgrade Aug 19 09:51:56 hmm. i'm getting a kernel panic on boot of a meraki mr24 (which had been working okay a little while ago), did a dirclean, panic persists. and yet another recent image boots. https://paste.debian.net/1096534/ Aug 19 09:52:18 and I see no difference in difficulty to either expose "/sbin/check_image %s" or "/sbin/sysupgrade -c %s" Aug 19 09:53:13 i wonder if the rootfs is too big? Aug 19 09:53:47 rmilecki: before exposing sysupgrade to ubus, you need to think about large file/blob handling first Aug 19 09:54:31 luci right now uses out-of-band facilities for that (upload the image via HTTP POST + CGI program to fixed location, thne have ubus methods to operate on that) Aug 19 09:54:48 jow: i didn't mean to change that part Aug 19 09:55:33 we also have an "fwtool" already Aug 19 09:55:46 what about it? Aug 19 09:55:54 so we'll end up with three idependant, wildly different names tools all somehow dealing with firmware images Aug 19 09:56:02 fwtool, check_image and sysupgrade Aug 19 09:56:08 *named Aug 19 09:56:59 intuitively I'd expect fwtool to deal with all things related to firmware images, I'd expect check_image to belong to imagemagick or something and sysupgrade to be something like apt-get upgrade Aug 19 09:57:09 or apt-get dist-upgrade rather Aug 19 09:57:37 so basically move my changes into fwtool? Aug 19 09:57:44 but thats not your fault obviously, just an illustration of the current mess Aug 19 09:58:03 that /sbin/sysupgrade is mess I've hard time to deal with Aug 19 09:58:11 why? because its shell? Aug 19 09:58:17 no, just file design Aug 19 09:58:22 amount of variables, options, calls Aug 19 09:58:47 i can clean it up, see if you like it, but after all, i'd like to simplify it to the minimum anywya Aug 19 09:58:47 we should refactor it then instead of adding yet another half-finished tool in parallel Aug 19 09:58:54 so I don't want to waste time cleaning it up Aug 19 09:59:20 but maybe I should clarfiy Aug 19 09:59:22 i want /sbin/sysupgrade to be just a command line interface for ubus call system sysupgrade Aug 19 09:59:26 correct Aug 19 09:59:37 that means firmware validation won't belong there Aug 19 09:59:47 so if you put your check_image into /usr/libexec/ and have sysupgrade call that internally to verify its images, then fine for me Aug 19 10:00:01 but please do not make it a user-facing utility in $PATH Aug 19 10:00:12 jow: fine, that sounds good to me Aug 19 10:00:15 we already have too many wildly inconsistent badly designed CLI tools Aug 19 10:00:19 i have no problem with that Aug 19 10:00:28 i never meant /sbin/check_image to be called directly Aug 19 10:00:37 okay, the /sbin/ somehow implied that Aug 19 10:00:41 so I probaly should have used /usr/libexec/ since the beginning Aug 19 10:00:44 my bad Aug 19 10:01:23 jow: do you have any idea for extenging that check_image with platform checks & JSON output? Aug 19 10:01:27 *extending Aug 19 10:02:35 well first I'd refactor sysugprade (or /lib/upgrade/* code rather) to not use "echo" or "printf" for outputting messages but a log function, something like msg_info(), msg_warn(), msg_err() Aug 19 10:03:01 then you can add a global switch (e.g. env var) which is used by these functins to decide whether to print the message or to append it to some internal json stack Aug 19 10:04:59 the platform_* checks are invoked anyway from a list iirc (something like `for fn in $platform_checks; do $fn ...; done) so you can simply fgather your json in the same place Aug 19 10:05:42 jow: i may need some example... so should I have something like "platform_check_image" or "platform_check_image2" that woudl do... what? Aug 19 10:05:44 msg_err "trx_checksum" "Firmware has wrong checksum" Aug 19 10:05:53 and that msg_err should either print or call json_add_string? Aug 19 10:06:08 or json_add_boolean rather Aug 19 10:06:08 e.g. json_add_object; for fn in $platform_checks; do $fn ...; test $? = 0 && json_add_bool "$fn" 1 || json_add_bool "$fn" 0; done; json_close_object Aug 19 10:06:52 ah, so a new variable with a list of platform functiosn perorming validation checks Aug 19 10:07:06 iirc sysupgrade already is structured this way Aug 19 10:07:09 yes Aug 19 10:08:13 what if I have one platform function that could and should perform few validation checks? Aug 19 10:08:16 i may have e.g. "platform_validate_asus_trx" that may want to perform "trx_checksum" validation AND "asus_device_match" validation Aug 19 10:10:21 I'd say maintain a list variable holding the check functions to call Aug 19 10:11:03 instead of declare platform_check_image() { } do something like append PLATFORM_CHECK_FUNCTIONS trx_checksum; append PLATFORM_CHECK_FUNCTIONS asus_device_match Aug 19 10:11:38 then have a global platform_check_image() implementation that loops $PLATFORM_CHECK_FUNCTIONS, records the success state for each and finally returns true or false depending on whether all checks were true Aug 19 10:11:52 i understand that Aug 19 10:11:59 it just may not be fully optimal Aug 19 10:12:27 if I can do few validation checks with a single image read, i'd like to have one platform check function report few validation results Aug 19 10:13:06 e.g. i don't want to have "asus_device_match", "asus_checksum" and "asus_version_check" read the some firmware header Aug 19 10:13:15 well then have a single procedure and give it some notification mechanism callback Aug 19 10:13:43 is using callback functions in bash OK? Aug 19 10:13:45 just asking Aug 19 10:13:53 well, that's interesting. i rm a 90k PNG file from the files overlay, image flashes fine. Aug 19 10:13:56 notify_check_result asus_device_match 1; notify_check_result asus_checksum 1; notify_check_result asus_version_check 0 Aug 19 10:14:12 jow: that would solve my problem Aug 19 10:14:42 jow: ok, thanks for all the tips, i'll be back working on that in next days Aug 19 10:14:51 * rmilecki is going to eat sth Aug 19 10:16:39 splitting the platform_image_check into subchecks would make it easier to add a generic way of ignoring certain checks (by e.g. adding something like "-F asus_device_match" you would ignore the result of the asus_device_match check, but would still fail if the checksum is wrong etc) Aug 19 10:22:56 KanjiMonster: great, more features; ) Aug 19 10:22:57 ;) Aug 19 13:40:56 Can you build a specific package using make, e.g. make -j32 libcap ? Aug 19 13:41:25 (Not in general ... I mean specifically owrt's toplevel makefile) Aug 19 13:42:51 yes Aug 19 13:42:52 https://openwrt.org/docs/guide-developer/build.a.package Aug 19 13:43:14 "make package/foo/prepare" then "make package/owhttpd/compile" Aug 19 13:43:23 but you need a full build once to handle dependencies properly Aug 19 14:34:08 zorun: Hauke: HI guys, I've seen your logs & ML topics & source branch regarding support for MikroTik hAP ac² (which I got yesterday). Apparently it builds fine, but I haven't booted it yet - is there anything what I should be aware of? Or, maybe more general, what's the current state of these efforts? Aug 19 14:34:49 (the branch I was building from is at https://github.com/mmaker/openwrt/commits/device/hAP-ac%C2%B2 ) Aug 19 14:42:04 skrzyp: I do not know if wifi is working now Aug 19 14:42:14 currently I do not have access to this device any more Aug 19 14:50:38 Hauke: we'll see :) Aug 19 14:51:40 The only thing I'm irritated about is the process of reverting back to RouterOS - it requires proprietary Windows tool and can't be just simply booted from DHCP+TFTP server, as well as erasong/unpacking/verifying takes soooo long. Aug 19 15:14:06 skrzyp: we used an exploint in the FW to get root on routeros Aug 19 15:14:59 Hauke: to flash OpenWRT? Aug 19 15:16:10 this one https://github.com/0ki/mikrotik-tools/tree/master/exploit-defconf Aug 19 15:16:23 when we had root on routeros we activated the serial with dd Aug 19 15:16:34 and this allowed us to play with the boot loader Aug 19 15:16:46 you can also do a full flash backup when you have ropot Aug 19 15:16:48 root Aug 19 15:17:34 ahhh Aug 19 15:17:54 but regular TFTP booting works without modifying? Aug 19 15:18:35 I am not sure any more Aug 19 19:05:15 so, i unpacked the rootfs from the mr24 tarball i built, and it unpacks fine. not sure what the problem is. Aug 19 19:34:39 Hauke: apparently the uImage.elf produced by openwrt buildsystem doesn't seem to boot, but there should be other way as the is being worked on Aug 19 20:04:36 well, that's weird. not size. i *added* a dummy file, and it boots fine. Aug 19 20:18:08 libcap isn't install'ing for me on openwrt-19.07 which leads to dependency errors Aug 19 20:18:22 Prevents ip-tiny/ip-full Aug 19 21:14:38 Hauke: serial with dd? How? Aug 19 21:14:46 rewriting a part of the flash? Aug 19 22:21:42 skrzyp: the initramfs image should boot over TFTP. what doesn't work: wifi. what wasn't tested: booting from flash Aug 19 22:22:31 I don't know if the unmodified bootloader can boot over TFTP, but most mikrotik boards do Aug 19 22:23:02 you have to configure it from routeros (in the routerboot configuration) or play with the reset button Aug 19 22:28:26 zorun:I know how to put it into etherboot mode (using a reset buton as well as /system routerboard set …) and it works fine - advertises on my dnsmasq server as ARM_boot Aug 19 22:28:42 it even "eats" the provided file from TFTP Aug 19 22:28:58 but then it reboots back to RouterOS Aug 19 22:29:42 I should probably solder a tx/rx wires on boards and put a serial-USB converter next to the usb port Aug 19 22:29:56 and modify routerboot to allow serial output, of course Aug 19 22:30:29 or I could just screw that all and order a Turris Omnia Aug 19 23:18:58 skrzyp: what about the omnia? Aug 19 23:21:55 mangix: nothing yet, I'm just considering it Aug 19 23:22:22 considering for what? Aug 19 23:23:51 for a current MT (hAP ac lite) replacement, especially with gigabit ethernet, SFP socket, option to add LTE in miniPCIe card and lots of CPU and RAM power, as I'm going to route myself through WireGuard network Aug 19 23:25:22 SFP doesn't work eith OpenWrt at the moment. The Omnia's SFP port is a bit...special Aug 19 23:25:56 if you don't plan on using SFP, check out PCEngines APU Aug 19 23:26:49 and of course dual bgn/ac wireless - on current hAP lite wireless tends to hang for a while, even without WG (and I'm not using Candela Technologies ath10k driver variant, as it has serious memory leaks on my board) Aug 19 23:27:05 The USB on it is also pretty weak. Compatibility with devices is hit and miss. Both the USB ports share power. Can't connect two drives at once. Aug 19 23:27:31 skrzyp, the issues you're talking about are with openwrt? Aug 19 23:28:07 Mister_X: yes, of course - in other case I wouldn't even mention them here Aug 19 23:28:36 currently I'm running 19.07-SNAPSHOT, r10306-d97c6d9f09 Aug 19 23:28:38 well, you could have been considering openwrt Aug 19 23:28:40 just for clarity Aug 19 23:28:47 Mister_X: oh yes. Enable 802.11w and watch the driver die in less than three days. Aug 19 23:29:11 ath10k-ct? Aug 19 23:29:17 Firmware crash takes down the driver basicaslly Aug 19 23:29:24 no, stock Aug 19 23:29:51 I'm pretty sure I'm running 802.11w and I haven't had any problem Aug 19 23:30:21 capable Aug 19 23:30:25 For me, it's totally unstable. Aug 19 23:30:43 On my Omnia and Archer C&v2 Aug 19 23:30:49 *C7 Aug 19 23:30:52 Mister_X: only apu*c4 seems to be working for me, as I need at least 4 ethernet ports. Of course I could plug in unmanaged switch, but in that case it's starting to be an overkill Aug 19 23:31:09 i'm running 802.11w with 802.11r on -ct-htt and it's not stable Aug 19 23:31:47 skrzyp: turris mox is another option but I don't know if they sell it. They have a module with 8 ethernet ports Aug 19 23:32:11 skrzyp, if you find the hardware you're looking for, let me know Aug 19 23:32:23 speaking of omnia, i recently ran out of ram. OOM killer killed the web interface Aug 19 23:32:25 that would be ideal for me but I haven't found one with all that stuff Aug 19 23:32:33 lol mangix Aug 19 23:32:45 I have the 2GB version too Aug 19 23:32:49 mangix: MOX is available for some shops as well, but I think it's more like an experiment instead of a regular product, the CPU seems to be underpowered compared to Omnia as well just the quarter of RAM Aug 19 23:33:34 well, it is ARM64 vs ARM32 Aug 19 23:34:07 it's also cortex A8 and not A9 based Aug 19 23:34:11 i don't care about bitness as long as OpenWRT (or its forks) support that prticular arch :) Aug 19 23:34:16 skrzyp, have you seen gateworks products Aug 19 23:34:25 just thought about them, there might be something Aug 19 23:34:57 GW6400 Aug 19 23:35:12 http://www.gateworks.com/product/item/newport-gw6400-single-board-computer Aug 19 23:35:19 Mister_X: just hearing the name for the first time Aug 19 23:35:30 expensive Aug 19 23:35:37 yep Aug 19 23:36:24 you'll have to go with GW6404 for SFP Aug 19 23:36:35 I'm feeling bad for cluttering your -devel channel with the platform choosing discussion though, even when I started to be demanding power-user on network routing hardware Aug 19 23:37:09 speaking of power user platforms, what about x86? Aug 19 23:37:11 Mister_X: the SFP is not a solid requirement right now, but I'm sure it will come to me at some point, as most national ISPs start to serve FTTH Aug 19 23:37:42 don't they force their own modem? Aug 19 23:37:55 and I'd love to tell them to fsck off with these ISP boxes or even media converters and plug my router straight to them Aug 19 23:39:11 Mister_X: it depends on ISP. Orange for example can be tricked to deliver you an older router because it's considerably smaller (yes it's a valid argument for them) but it doesn't support SFTP so they came to you with this router and media converter, so you put your box to such converter and hide their router to the shelf Aug 19 23:39:27 this looks nice https://www.aliexpress.com/item/32914307678.html?spm=a2g0o.productlist.0.0.55ab63be7SD7f5&algo_pvid=62663146-29bc-4fd2-b1b8-b8c051fe6aa4&algo_expid=62663146-29bc-4fd2-b1b8-b8c051fe6aa4-5&btsid=dd837660-b1f6-4b53-b07f-da3391214cf5&ws_ab_test=searchweb0_0,searchweb201602_10,searchweb201603_53 Aug 19 23:39:45 even has a com port Aug 19 23:40:08 And recently the whole specification of triple play fiber (voip, iptv, network) "leaked" onto the public forum with MikroTik-oriented instructions how to route that properly Aug 19 23:40:16 looks decent Aug 19 23:41:20 those look like separate LAN interfaces. Not sure that there's a switch Aug 19 23:42:10 that pfsense with windows logo is so cute Aug 19 23:42:19 mangix, "We free pre-install cracked version Windows 7/8/10" Aug 19 23:43:08 Well, China. Aug 19 23:43:48 I don't think Windows can handle networking properly. Especially not WireGuard Aug 19 23:43:55 it's just another culture Aug 19 23:44:07 mangix: of course I'll put OpenWRT there Aug 19 23:45:02 but I see they found a niche and filled it nicely, advertising as "VPN CHANNEL" (whatever that means) as most conscious users in China need to manage a VPN edge somehow Aug 19 23:45:45 I wonder if that CPU is socketed Aug 19 23:46:04 Actually, yeah it definitely is Aug 19 23:46:25 yes, they offer 2 different options Aug 19 23:47:32 It's funny how available gigabit ethernet is. Not so much 2.5 or 5 Aug 19 23:47:34 you'll either need mini itx if you want to choose the CPU Aug 19 23:48:04 2.5 or 5 need pcie cards Aug 19 23:48:20 mangix: and the antennas Aug 19 23:49:08 does SFP support 2.5/5? or do you already need SFP+ for that? Aug 19 23:49:49 ah, you meant 5gbps Aug 19 23:50:01 i thoguth you were referencing 2/5GHz wifi Aug 19 23:50:04 lol Aug 19 23:51:21 there's one main company making those products. aquantia. I updated the firmware on my 2.5 NIC and it started causing me problems. I can't downgrade. FML. Aug 19 23:53:08 this has wifi. cool. https://www.aliexpress.com/item/33044443278.html?spm=a2g0o.productlist.0.0.55ab63be7SD7f5&algo_pvid=62663146-29bc-4fd2-b1b8-b8c051fe6aa4&algo_expid=62663146-29bc-4fd2-b1b8-b8c051fe6aa4-52&btsid=dd837660-b1f6-4b53-b07f-da3391214cf5&ws_ab_test=searchweb0_0,searchweb201602_10,searchweb201603_53 Aug 19 23:54:57 same cpu as APU Aug 19 23:55:09 nvm, same ethernet controller Aug 19 23:55:24 APU uses AMD cpu, no? Aug 19 23:55:29 yes Aug 19 23:55:52 I don't know why I said CPU when I was thinking ethernet controller Aug 19 23:56:01 getting old and senile I guess Aug 19 23:56:20 HMMM Aug 19 23:56:26 hmmm * Aug 19 23:56:38 I think I'll look more into apu4c4 Aug 19 23:56:48 even with no SFP, it has almost everything I need Aug 19 23:57:30 and it claims to draw only 10W on full load where Omnia says 60W Aug 19 23:58:02 no way the omnia draws more Aug 19 23:58:55 dealer says 40W Aug 19 23:59:02 and I think I've seen 60W on another site Aug 20 00:00:28 that's as much as the average laptop Aug 20 00:00:32 under load Aug 20 00:00:43 yes, and that's why I'm wondering Aug 20 00:01:04 maybe Marvell Armada SoCs aren't energy efficient enough? Aug 20 00:03:39 I don't have a way to measure, but no way it's that much Aug 20 00:04:04 some UPS can display the amount of power used Aug 20 00:04:05 the power supply it comes with is ~40 watts Aug 20 00:04:28 but that probably takes into account hard drives as well Aug 20 00:04:46 not that there was a NAS edition released that also provides power for two hard drives Aug 20 00:04:52 *note Aug 20 00:05:17 mangix: I think watt-o-meters are $5, if it's real it might be worth to measure that when board is running iperf (to head the switch chip) as well as "stress" Aug 20 00:05:37 top end ARMv8/ IPQ8074 uses around 19 watts Aug 20 00:06:12 I would imagine the omnia being similar Aug 20 00:06:36 no way the turris omnia is significantly above that, as long as you don't connect harddrives or LTE cards (and even those won't bring it into the vincinity of 40 or 60 watts) Aug 20 00:07:22 so the specification might be just overlooked Aug 20 00:07:37 nothing new for me :) Aug 20 00:08:49 ok, anyways - I'll look tomoorow into apu/apu4c4 more as probably going into embedded x86 might solve my performance needs and reduce stress Aug 20 00:09:11 and I have another topic, more OpenWRT related Aug 20 00:13:05 do you guys used RouterOS/Cisco IOS/JunOS/VyOS via telnet? They all follow the same data-oriented CLI design so you navigate though a tree of key:struct pairs instead of filesystem. While there's UCI on OpenWRT which actually delivers all of the data needed and the config format already looks like Juniper configs, why there's still a plain ash shell as default instead of more domain-specific one? That Aug 20 00:13:07 might ease the operation for non-Linux people (most network admins are still deep into Cisco/Windows land) and sometimes make operation faster, instead of manually editiong /etc/config/* and callling reload_config every time Aug 20 00:13:16 heck, the uci even implements commit/rollback system Aug 20 01:30:37 mrkiko: these two files are needed to run an exploit in recent router os to get root: https://github.com/0ki/mikrotik-tools/tree/master/exploit-defconf Aug 20 01:30:57 mrkiko: then you can modify the flash with dd Aug 20 01:31:32 mrkiko: some bit in some configuration partition has to be changed to activate the UART **** ENDING LOGGING AT Tue Aug 20 03:01:37 2019