**** BEGIN LOGGING AT Tue Sep 01 02:59:57 2020 Sep 01 03:15:00 dangole: SQRL? Sep 01 03:17:36 Grommish: ? Sep 01 03:18:03 Sorry, i was back-reading the log. the QR-Code based authentication Sep 01 03:18:17 It wasn't until after I sent it that I realized I wasn't anywhere NEAR "current" Sep 01 04:57:32 Hi guys, i am trying to get another ath79 device running, a Belkin AC1750 DB, and the initramfs-kernel fails to uncompress during boot with "Uncompressing Kernel Image ... ERROR: LzmaDecode.c, 543". it is a QCA9558 device. Is this due to a dictionary size issue? if so, how do I change it ? Sep 01 05:12:03 ok, I found "KERNEL_INITRAMFS := kernel-bin | append-dtb | lzma -d20 | uImage lzma" so will try that out Sep 01 05:12:18 the -d20 maybe? Sep 01 05:12:24 If you look in ./scripts Sep 01 05:12:29 Tapper: ping Sep 01 05:12:33 All of those flags are defined there Sep 01 05:13:37 Opps. its in include/image-commands.mk Tusker Sep 01 05:13:55 Check that out to see what all the flags that are avail and what they do Sep 01 05:36:04 Grommish: OK, thanks, I'll experiment Sep 01 05:49:32 the factory dictionary size is 8388608 bytes, -d20 makes the dictionary size 1048576 Sep 01 05:56:09 so, not a dictionary size issue afterall... will try with gzip... Sep 01 06:01:56 OK, maybe it can't handle the dtb inside the kernel...:| Sep 01 06:22:00 OK, it's not liking compression... gzip or lzma both fail, with or without dtb... let's see how an uncompressed one goes... any hints for ath79 ? Sep 01 06:25:02 that boots at least, so maybe can try an initrd image with an uncompressed kernel Sep 01 06:27:49 I wonder if your kernel has lzma support? or the build? Sep 01 06:28:15 hmm, wouldn't that be a default within ath79 ? Sep 01 06:28:33 pretty sure it's uboot itself barfing on uncompression, not passed control to the kernel yet Sep 01 06:28:37 Does anyone know the $() code that would give me the TARGET arch in arm_cortex-a9_musl_eabi or mips64_unknown_octeon3_musl? Sep 01 06:28:57 Well, yeah, if your uboot doesn't support it :) that would be an issue hehe Sep 01 06:29:06 In which case you can turn compression off easy enough Sep 01 06:30:13 *sigh* One more time, coherently: Does anyone know the $() code that would give me the TARGET arch triple form: eg arm_cortex-a9_musl_eabi or mips64_unknown_octeon3_musl Sep 01 06:33:35 not off hand, sorry Sep 01 07:08:43 aparcar[m] pong Sep 01 07:19:27 Tapper: up for some selinux? I haven't written it up yet but I could guide you through it Sep 01 07:19:53 OK just let me do a git pull and update packages. Sep 01 07:20:52 make sure you have a recovery method if you're going to experiment with selinux Sep 01 07:21:03 OK thanks Sep 01 07:21:09 you might lock yourself out at some point Sep 01 07:21:26 I am on the wrt3200acm so can flip over to the 2nd partition. Sep 01 07:22:01 you might be able to pass selinux=0 on the cmdline but that could be difficult without serial console Sep 01 07:23:38 I do have serial if the worst comes to it! lol Sep 01 07:24:31 aparcar[m] I am ready to take one for the team! lol Sep 01 07:25:10 hehe Sep 01 07:25:25 Hi, I've recently been trying to update my OpenWRT to a newer version (from a 2017 LEDE build). I'm using a pcengines APU4 but on the newest OpenWRT I cannot seem to get Wifi to work. It gives me the following message; ath10k_pci 0000:05:00.0: pdev param 0 not supported by firmware. If I swap the msata with the 2017 build, wifi simply works so Sep 01 07:25:25 bios/hardware is not an issue. Sep 01 07:25:33 Wifi card is https://www.pcengines.ch/wle600vx.htm this one. Anyone got a clue what I could try? I've already tried to copy the /lib/firmware/QCA/ath10k/firmware-5.bin to the new box but to no avail. Sep 01 07:25:51 Tapper: Global Build Settings - Sep 01 07:25:59 Enable rootfs security labels Sep 01 07:26:20 MPbic did you save your configs. Sep 01 07:26:26 - Kernel build options - Sep 01 07:26:47 Yes, i've copied settings and everything is the same except for the openwrt/lede version Sep 01 07:26:48 NSA SElinux support, boot parameter, dev support Sep 01 07:27:40 ./scripts/feeds install policycoreutils checkpolicy Sep 01 07:28:01 select procd-selinux and busybox-selinux instead of the regular versions Sep 01 07:28:11 that should do the trick Sep 01 07:28:30 MPbic reflash with out configs Sep 01 07:29:19 clean one gives the same error in dmesg on boot, i cannot figure out what the pdev param 0 is Sep 01 07:30:12 What do you meen by NSA SElinux support, boot parameter, dev support ? Sep 01 07:30:24 Tipe that in to the cli? Sep 01 07:31:13 Tapper: selinux was contributed to linux by the NSA Sep 01 07:31:24 white hat division I think Sep 01 07:31:30 cool Sep 01 07:34:01 MPbic: that pdev param 0 is most likely unrelated. please post a full dmesg and/or logread output Sep 01 07:34:33 aparcar[m] Ooo.. I want to try this hehe Sep 01 07:35:01 aparcar[m] Sep 01 07:35:01 What do you mene by the line NSA SElinux support, boot parameter, dev support Sep 01 07:37:31 stintel https://pastebin.pl/view/557b11a1, I'm building a new image now and will see if the message changes with the -ct drivers Sep 01 07:37:46 Tapper its a kernel option Sep 01 07:38:09 aparcar[m] where do I find it? Sep 01 07:38:34 MPbic: that's still not a full dmesg or logread Sep 01 07:38:35 Grommish: please do and ping me if you need help Sep 01 07:38:56 It'll get my mind off this rustc stuff, so.. sure :) Sep 01 07:39:03 I'll give one as soon as the build is finished, already overwritten the card Sep 01 07:39:24 Maybe you need to edit the kernel line manually Sep 01 07:43:09 aparcar[m] I have flipped all the switches in make menuconfig it's just that line I don't know what to do with it. Sep 01 07:43:20 aparcar[m] is there a PR I should be looking at? Sep 01 07:50:47 aparcar[m]: build failed Sep 01 07:51:03 stintel https://pastebin.pl/view/15113c4e dmesg from the openwrt built last week. This is a clean build without any configs apart from setting wireless radio 0 disabled = 0 Sep 01 07:52:57 aparcar[m]: SELinux is the equivilant to a manual transmission in a sports car.. It feels right, it works better, but by god the brutal learning curve if you can't already drive stick ;p Sep 01 07:54:45 Grommish vrummm vrummm vrummm BANG! ouch Sep 01 07:55:04 Best anti-theft device you can have these days is a stickshift Sep 01 07:55:36 and a really stiff sports clutch :D Sep 01 07:58:50 Grommish: Only in the USA, of course. :P Sep 01 07:59:09 I know it COST more in the UK to drive stick :) Sep 01 07:59:17 and it's a seperate test Sep 01 07:59:37 But yes, mostly in the US hehe Sep 01 07:59:43 Automatic shifting is too boring for words. Sep 01 07:59:50 Indeed Sep 01 08:00:32 I've got a 2003 Focus SVT on Eibach Stage 2s, a 28.6mm solid RSB, and a Spec Stage 2 clutch to the Getrag 6 speed Sep 01 08:00:39 Its.. sporty Sep 01 08:01:43 Even though nowadays it's more fuel-economic (for robotised gearboxes with normal clutch) than manual. Sep 01 08:06:19 Grommish: i can't say selinux is similar at all to a manual transmission Sep 01 08:06:43 selinux for the longest time was a pain in the ass Sep 01 08:06:56 i still disable it on android Sep 01 08:07:13 And speaking of craziness, last week I saw an effin' Dodge Ram. Petrol (possibly V8, by the sound), here in Portugal (Algarve), with a Portuguese registration plate (so, no tourist). Sep 01 08:07:22 it's surprisingly painless on RHEL/CentOS Sep 01 08:07:30 but I gave up on getting it configured on Gentoo Sep 01 08:07:38 mangix: That's where I first ran into it back when i was making ROMs Sep 01 08:07:46 When petrol costs about 1,4 € *per litre*. Sep 01 08:08:16 rsalvaterra: if you don't drive long distances it's fine Sep 01 08:08:22 or if you have plenty of money ... Sep 01 08:08:36 stintel: For some value of "fine". :P Sep 01 08:09:03 Yeah, I complain about US$2/gallon, but I remember when it was under .99 Sep 01 08:09:06 rsalvaterra: my car averages ~12l/100km Sep 01 08:09:28 and if I don't get out of the city it's more like 15 Sep 01 08:09:55 and if it's crazy traffic 20+ Sep 01 08:10:02 I am happy with my body, so i drive a small car with 3,6l/100 Sep 01 08:10:05 stintel: I have a very light foot. I can do less than 6 l / 100 km on my car. :) Sep 01 08:10:24 blogic: LOL! Sep 01 08:10:28 blogic: :) Sep 01 08:10:40 you're a gym junkie, I prefer race tracks Sep 01 08:10:42 to each their own Sep 01 08:10:44 lets talk about interesting stuff like pcs or software Sep 01 08:10:49 I have a 7.3l turbo diesel in the ambulance :D Sep 01 08:10:50 no need to make hidden penis compensation jokes lol Sep 01 08:11:01 Diesel sucks Sep 01 08:11:07 stintel: :P Sep 01 08:11:21 BTW, I'm trying to get SELinux to show up.. the depends on it are .. everywhere Sep 01 08:11:26 blogic: Is Gentoo still rice? :P Sep 01 08:11:38 no idea, never used it Sep 01 08:11:52 Host 'starbuck', running Linux 5.4.55-gentoo-x86_64 - Cpu0: Intel Xeon E 3700 MHz Cpu1: Intel Xeon E 3700 MHz; Up: 30d+11:54; Users: 0; Load: 0.00; Free: [Mem: 40/487 Mio] [Swap: 0/0 Mio] [/: 8777/19965 Mio] [/boot: 421/488 Mio]; Vpenis: 41.3 cm; Sep 01 08:11:54 * stintel hides Sep 01 08:12:32 stintel: https://www.shlomifish.org/humour/by-others/funroll-loops/Gentoo-is-Rice.html Sep 01 08:12:34 OK, so I am trying to run edimax_fw_header to build a compatible firmware for a belkin ac1750, and I want to pass in $(IMAGE_PREFIX), but for some reason it is picking up a different build filename, should I be using $(IMAGE_PREFIX) in ath79/image/generic.mk ? seems to be not Sep 01 08:12:39 I did a make dirclean so waiting now for it to rebuild Sep 01 08:12:52 rsalvaterra: yeah yeah I know the jokes Sep 01 08:13:17 I used Gentoo too, so… :P Sep 01 08:13:39 look if I'm running a binary distro I end up having to rebuild existing packages because horribly outdated and full of bugs, so if I'm going to be compiling anyway, I'll just use gentoo Sep 01 08:13:44 stintel: it took a while for red hat to refine their selinux support Sep 01 08:13:57 I had to make dirclean too, since the gcc update. My build failed with linking errors. Sep 01 08:14:15 mangix: No feeds for policycoreutils or checkpolicy when I tried to install them Sep 01 08:14:26 selinux on android is very restrictive Sep 01 08:15:00 Grommish: I am not involved with the selinux stuff. That's dango Sep 01 08:15:07 mangix: Are you running OEM Android, or LineageOS? How do you disable SELinux? Sep 01 08:15:40 rsalvaterra: custom kernel :) Sep 01 08:15:48 Oh, i thought you were looking for testers haha Sep 01 08:16:26 mangix: I was worried you'd say that. I have no machine with enough RAM to build Android. :P Sep 01 08:17:04 stintel: https://github.com/openwrt/packages/pull/13201 Sep 01 08:17:28 mangix: what device? Sep 01 08:17:52 kill yourself android phones Sep 01 08:18:04 Aw, it wasn't that bad Sep 01 08:18:05 HTC One and Moto G4 Sep 01 08:18:26 Did you ever try any OctOs roms? Sep 01 08:18:33 kill yourself = old and unsupported Sep 01 08:18:47 no Sep 01 08:19:02 I have a LeEco Le Max 2 running LineageOS 17.1. Surprisingly good phone, minus the lack of a 3.5 mm jack. Sep 01 08:19:32 funny enough, I used one of those android phones to jailbreak an iphone Sep 01 08:19:37 such heresy Sep 01 08:19:40 (Dead, at the moment. Battery committed suicide, will be replaced today.) Sep 01 08:20:16 I've got a Note10+ currently that I refuse to mess with the bootload on.. but a Note 4 I am going to turn into a DriveDroid AIO device Sep 01 08:20:36 Samsung? Sep 01 08:20:41 Yes Sep 01 08:20:46 what's stupid is that my desktop could not jailbreak my iphone but my android phone could Sep 01 08:21:04 Samsung is weird. I mean, why Odin? Everyone else uses fastboot. Sep 01 08:21:15 NIH Sep 01 08:21:16 Licensing issue Sep 01 08:21:19 I believe it was Sep 01 08:21:28 Meh… Sep 01 08:21:34 Odin works.. Heimdall is .. well.. Odin works Sep 01 08:22:10 And waaaaaaay overpriced. My LeMax 2 cost about 250 €. It's a 6/128 GiB phone with IPS LCD (I don't touch xOLED with a ten foot pole). Sep 01 08:22:31 And this was over three years ago. Sep 01 08:23:15 *nod* I personally like OLED, but I've been using an OLED since my S4 days Sep 01 08:24:11 One thing worried me, though: the bootloader came *unlocked*. I have no idea what they've done to it, but the poor thing never even booted the factory OS, so it's fine. :P Sep 01 08:24:52 Any one give me the command to pipe my build log in to a text file pleas SELinux will not build for me. Sep 01 08:25:10 make -j1 V=sc | tee build.log Sep 01 08:25:33 Thank you Sep 01 08:27:07 mangix: I'm building this now.. let's see if it blows up :) Sep 01 08:29:58 rsalvaterra: motorola phone have a big fat warning that the device is unsafe for use as the bootloader is unlocked... Sep 01 08:32:10 Samsung blows an efuse when you do it Sep 01 08:32:17 Big thumbs down Sep 01 08:33:04 HTC still allows unlocking the bootloader? I had read that Samsung is locking all loaders down regardless of the Dev edition or not ;/ Sep 01 08:36:04 Grommish: htc one is a very old phone Sep 01 08:36:18 lollipop era Sep 01 08:36:34 Yeah, we made ROMs for it I believe Sep 01 08:36:41 I'd have to check, we were mostly Samsung Sep 01 08:36:46 and LG Sep 01 08:37:17 actually if I remember, I needed to use an exploit to unlock the bootloader Sep 01 08:37:27 i think it was called firewater Sep 01 08:39:21 Yeah, most manufacturers treat their customers like complete idiots. Sep 01 08:39:40 Most customers are idiots though, in fairness Sep 01 08:40:16 I had someone using the ROM where he soft-bricked it.. easy to recover, except he went into it knowing he had a bad USB port on the phone Sep 01 08:41:03 mangix: This built out, I'm going to flash it.. anything SELInux related you can have me check to verify? Sep 01 08:41:09 Grommish: s/America/people/ http://bash.org/?4753 Sep 01 08:42:00 Grommish: no comment on swlinud Sep 01 08:42:11 *selinux Sep 01 08:42:20 Damnit Sep 01 08:42:32 It's late.. Sorry.. I mixed you up with aparcar[m].. fuuuh Sep 01 08:42:45 re Sep 01 08:42:51 sorry I hate some cereal Sep 01 08:42:53 *had Sep 01 08:42:57 *ate Sep 01 08:42:58 SElinux.. Built Sep 01 08:43:04 right Sep 01 08:43:06 Booting now into it Sep 01 08:43:07 I'm not against stern warnings, but blowing efuses and voiding the warranty? That's just evil. Sep 01 08:43:11 one sec I'll check the log Sep 01 08:43:43 Is there something I can test for you, I guess is the question.. and, best way to verify selinux actually made it in.. the flags were all over the kernel Sep 01 08:46:08 car talk, brilliant Sep 01 08:46:15 haha Sep 01 08:46:37 well run it on a router and see what sestatus tellsyou Sep 01 08:47:16 SELinux status: disabled Sep 01 08:47:16 sestatus: libselinux returns unknown state: No such file or directory Sep 01 08:47:25 how can I easily extend the kernel line of a ath79 device btw? Sep 01 08:47:35 Grommish: okay thats a start Sep 01 08:48:03 aparcar[m] I had to go into kernel_menuconfig to enable the selinux stuff, it wouldn't show on menuconfig directly Sep 01 08:48:22 w00t Sep 01 08:48:25 that sounds wrong Sep 01 08:48:58 Global build settings - Kernel build options - SELinux foobar Sep 01 08:49:05 no kernel_menuconfig Sep 01 08:49:50 There is no SELinux anything under Kernel build Options Sep 01 08:49:57 What kernel are you targetting? I'm on 5.4 Sep 01 08:50:02 gcc10.x Sep 01 08:50:03 blogic: you got commit acess, right? https://patchwork.ozlabs.org/project/openwrt/patch/20200827091634.269685-1-mail@aparcar.org/ Sep 01 08:50:18 Grommish: git pull? Sep 01 08:50:38 One sec... Sep 01 08:50:53 or do a rm -r tmp/ Sep 01 08:51:32 aparcar[m]: commit message is backwards, no? you meant to say with a relative path? Sep 01 08:52:41 stintel: the commit message is grammatically adventurous but the content should be correct Sep 01 08:52:41 aren't the paths setup to point ot staging dir already? Sep 01 08:53:02 karlp: I recompiled it with the fix and the imagebuilder got 3mb smaller Sep 01 08:53:15 aparcar[m]: you're right. I read "with" Sep 01 08:53:18 instead of without Sep 01 08:54:09 Grommish: Tapper https://github.com/openwrt/openwrt/pull/3207#issuecomment-660555489 Sep 01 08:54:34 aparcar[m]: do you have a host sstrip then? Sep 01 08:55:14 karlp: no, therefore the script fails silently. With the patch applied the filesize becomes smaller Sep 01 08:59:58 should it fail silently? Sep 01 09:00:18 that's how it is right now Sep 01 09:00:29 no it should not, ideally Sep 01 09:02:41 I would say the fix is correct, the same is used in rules.mk Sep 01 09:04:15 stintel: well then let' improve the patch by using something like $(STRIP) Sep 01 09:05:12 stintel: do you mind adopting and merging that? Sep 01 09:05:23 $(STRIP) should automatically work Sep 01 09:09:11 aparcar[m] https://pastebin.com/GNuWJ93X Sep 01 09:13:12 yey dependency hell Sep 01 09:13:39 I swapped out that packages feed for the main one Sep 01 09:13:48 did a script/feeds update -a and a install -a -f Sep 01 09:14:10 then did the install called for on the comment.. Sep 01 09:14:33 I have a lot of these options in the kernel, but nothing in menuconfig Sep 01 09:16:10 let me do some checks Sep 01 09:16:24 I think audit/host must be libaudit/host because it's been split Sep 01 09:18:26 Grommish: is gcc 10.2 worth it? Sep 01 09:18:31 like, recompile everything Sep 01 09:21:22 Grommish: I'm doomed anyway https://pastebin.com/z4pjYXeZ Sep 01 09:25:43 aparcar[m]: not right now (day job) Sep 01 09:28:46 aparcar[m] I have no issues with gcc10.x but then i didn't have issues with musl1.2.0 Sep 01 09:29:10 I can build with whateve ryou want though Sep 01 09:29:24 no 10.x should be fine Sep 01 09:29:39 dangole: ping Sep 01 09:29:43 It only takes 30 minutes or so to recompile after rm -rf bin/ build_dir/ staging_dir/ tmp/ Sep 01 09:29:52 I'll go to bed soonish but dangole can take over the dayshift Sep 01 09:30:27 Grommish: no the problems are based on the complex dependencies not of gcc versions (I hope) Sep 01 09:30:49 It's 5:30am here, so i'll probably only be on for a bit more unless I get invested hehe Sep 01 09:31:30 Grommish: wait so you're day or night shift? Sep 01 09:31:42 aparcar[m] I'm whenever :D Sep 01 09:31:51 that's the spirit Sep 01 09:32:00 literally. I'll go sleep when I get bored or tired or bored and tired Sep 01 09:32:24 you're the perfect fit to early test selinux then Sep 01 09:32:30 woohoo Sep 01 09:32:50 Plus, I can recover a brick :) Sep 01 09:38:02 stintel this is the latest one https://pastebin.com/18YJT5q4 did a fresh pull/install on the openwrt directory and built it. Still no wifi even though 'wifi status' shows it as up Sep 01 09:39:33 aparcar[m] I cant get selinux to build. Sep 01 09:39:55 Tapper: I'm facing some problems here too Sep 01 09:40:08 * Tapper nods Sep 01 09:40:10 I didn't use the packages.git stuff before but only things from openwrt.git Sep 01 09:41:01 aparcar[m] yeah, that github you linked has you switch package feeds, but I didn't have any of the policycore whatever in the packages on master Sep 01 09:44:21 I think the problem right now is libaudit Sep 01 09:46:55 okay, one day at a time. I'm off to sleep but wrote dango some updates Sep 01 09:47:05 see you in 8h, I'm off to sleep Sep 01 09:48:38 Night sir Sep 01 09:57:22 aparcar[m] So, I should have just gone to bed.. i figured out my derp and I'll let you know if it builds out Sep 01 11:17:36 ping tapper, ping groomish Sep 01 11:18:18 aparcar told me to ask you what went wrong with libaudit while i was asleep (among other minor things which went wrong last night, including buildbot breakdown...) Sep 01 11:18:49 ping Grommish Sep 01 11:18:58 sorry for the misspelling... Sep 01 11:19:05 Hey Sep 01 11:19:19 I'm attempting to build out the selinux PR Sep 01 11:19:43 but, I'm getting dep warnings on 2 packages.. Waiting for this to die and I'll get which oens Sep 01 11:19:46 and why it ides Sep 01 11:20:57 dangole: did you fix the package build in buildbot? Sep 01 11:21:12 I just saw that the faillog contains more or less all packages Sep 01 11:21:15 https://downloads.openwrt.org/snapshots/faillogs/mipsel_74kc/base/ Sep 01 11:22:07 Hauke: yes, this should be fixed by commit 29a75c3b2 build: unbreak fakeroot in SDK. Sep 01 11:22:18 Hauke: watching http://buildbot.openwrt.org/master/packages/builders/arm_cortex-a7/builds/250/steps/compile/logs/stdio Sep 01 11:22:44 Hauke: looks better, hopefully all the others will also recover when picking up SDK which includes the patch Sep 01 11:23:04 dangole: ok thanks Sep 01 11:23:53 dangole: there is still this error: WARNING: Makefile 'package/libs/libsemanage/Makefile' has a build dependency on 'audit/host', which does not exist Sep 01 11:24:06 Yeah, thats one of the ones I'm seeing Sep 01 11:24:13 what is the use case of these cahnges? Sep 01 11:25:09 I'm getting a wolfssl dep error as well Sep 01 11:30:53 Grommish: a right, that should be changed to libaudit/host, now that audit was split into the library and the executable part, i'll fix that. Sep 01 11:31:51 Hauke: the idea is to have optional SELinux support as in having the option to build an SELinux-enabled IB (which uses the normal binary repositories) Sep 01 11:31:59 Ok.. i can correct locally if that is what borks my build Sep 01 11:33:32 Grommish: just pull 3ce21b8797d2 from git, I just fixed it there Sep 01 12:12:58 dangole Hi Is the building with selinux fixt now? Sep 01 12:13:30 Tapper: should be... let's see :) Sep 01 12:14:05 dangole So to build with selinux I flip on the 3 packages in make menuconfig and then rebuild? Sep 01 12:20:52 dangole: ping Sep 01 12:21:48 blogic: pong Sep 01 12:22:45 Tapper: you have to select CONFIG_TARGET_ROOTFS_SECURITY_LABELS and use procd-selinux instead of procd, busybox-selinux instead of busybox Sep 01 12:23:01 Tappper: that should then allow you to start playing. Sep 01 12:23:39 Tapper: far from production ready, but good enough for people familiar with SELinux (but not into the deepness of OpenWrt) to start writing policies, improve labeling, etc. Sep 01 12:29:33 dangole still does not build for me. Sep 01 12:30:05 Tapper: please send buildlogs with pm Sep 01 12:30:48 dangole I did make -j1 V=sc | tee build.log Sep 01 12:31:01 But it did not save the end of the log Sep 01 12:31:04 lol Sep 01 12:38:17 dangole: https://pastebin.com/pEg1XD1g Sep 01 12:42:22 Grommish: ah, damn, libaudit still lacks the actual host-build Sep 01 12:42:31 Grommish: give me 5 minutes :) Sep 01 12:42:36 no problem :) Sep 01 13:24:57 Grommish: commit d136848b8b808 should fix the libaudit host build Sep 01 13:25:11 Grommish: refpolicy is still failing for me now, I'll tackle that next Sep 01 13:25:38 Picked, rebased, cleaned, building Sep 01 13:25:41 I'll let you know **** BEGIN LOGGING AT Tue Sep 01 13:36:18 2020 Sep 01 13:37:00 Sorry :) it's 930am and I've not slept yet :) I should go eventually Sep 01 13:37:07 Pulled, cleaned, building **** BEGIN LOGGING AT Tue Sep 01 13:39:16 2020 **** BEGIN LOGGING AT Tue Sep 01 13:43:30 2020 Sep 01 13:51:15 dangole: not your fault Sep 01 13:51:30 octeon3_64_musl/root-octeon/lib/libustream-ssl.so Sep 01 13:51:30 But that file is already provided by package * libustream-wolfssl20200215 Sep 01 13:51:30 * opkg_install_cmd: Cannot install package libustream-openssl20200215. Sep 01 13:51:42 These openssl to wolfssl is going to cause me headaches yet Sep 01 13:52:35 yeah, you can't hve multiple libustream implementions set to y, you have to set the others to m, if you want them built at all **** BEGIN LOGGING AT Tue Sep 01 13:56:12 2020 Sep 01 13:56:14 the Wolfssl version should have gotten the new package name Sep 01 13:59:17 I mean, I know it's a space saving thing, but the openssl has been the default and all the sudden isn't without warning, under the same name :x Sep 01 14:00:00 it's not even a space saving thing, it's a "some people broke wifi, so we're rushing out wpa3" Sep 01 14:00:32 karlp: that would work just as well with OpenSSL, but that's too large to work on many devices Sep 01 14:01:12 karlp: best would be if someone would implement support for mbedtls in hostapd/wpa_supplicant. but that's a lot of work. Sep 01 14:02:17 even getting hostapd to work with wolfssl once support had been added by wolfssl devs was quite a procedure Sep 01 14:02:17 right, but the whole _need_ for this ssl library standard is the rush to wpa3 Sep 01 14:02:35 stil lgetting ustream errors Sep 01 14:02:45 sigh Sep 01 14:02:52 karlp: yes. you could say it's the lack of ECDH support in hostapd's internal crypto Sep 01 14:03:19 My chipset supports ECDH, but I never turned it on Sep 01 14:03:51 Ok.. So.. Sep 01 14:04:17 This is broken Sep 01 14:04:46 BOTH libopenssl and libwolfssl are now set to manditory ;p Sep 01 14:04:56 -*- on both Sep 01 14:05:49 I bet it's that px5g-wolfssl change.. That was a new package forme Sep 01 14:06:25 Grommish: px5g never used openssl, nor did luci-ssl Sep 01 14:06:40 But it does set wolfssl Sep 01 14:06:44 Grommish: menuconfig should tell you what polls in libopenssl Sep 01 14:06:49 which conflicts with my openssl Sep 01 14:07:10 check_data_file_clashes: Package libustream-openssl20200215 wants to install file /home/grommish/openwrt/build_dir/target-mips64_octeon3_64_musl/root-octeon/lib/libustream-ssl.so Sep 01 14:07:10 But that file is already provided by package * libustream-wolfssl20200215 Sep 01 14:07:10 * opkg_install_cmd: Cannot install package luci-ssl-openssl. Sep 01 14:07:26 Which is what I was complaining about with the luci_ssl change heeh Sep 01 14:07:51 Grommish: you should only need libustream-wolfssl. what's pulling in libustream-openssl? Sep 01 14:07:57 because it went from mbedtsl to wolf without warning and it's going to conflict Sep 01 14:08:03 dangole: Dunno yet Sep 01 14:08:17 Grommish: just check in menuconfig, should tell you Sep 01 14:08:31 OPENSSL_ENGINE Sep 01 14:08:55 OPENSSL_PREFER_CHACHA_OVER_GCM Sep 01 14:09:03 OPENSSL_WITH_ASM Sep 01 14:09:11 OPENSSL_WITH_CHACHA_POLY1305 Sep 01 14:09:12 etc etc Sep 01 14:09:46 all are tied to libopenssl Sep 01 14:10:28 is there a wolfssl luci variant? Sep 01 14:10:41 Borromini: yes, and it replaced the mbedtsl Sep 01 14:10:41 Grommish: ok, so you have to use openssl then and that won't work with the luci-ssl metapackage (and never did, as also libustream-openssl and libustream-mbebdtls would conflict just as well) Sep 01 14:11:00 dangole: I'm just going to assume it's something I set wrong :) Sep 01 14:11:08 Grommish: neat. it annoyed me a bit to need mbedtls for luci and wolfssl for wpa if you didn't have the space to fit openssl. Sep 01 14:11:15 I did all my security stuff thru kernel_menuconfig Sep 01 14:11:31 because I had to enable SoC specific things Sep 01 14:11:33 Grommish: just unselect luci-ssl and manually select 'px5g' (standalone), 'libustream-openssl', 'wpad-openssl' Sep 01 14:11:36 Ah, see.. I don't use wpa :) Sep 01 14:11:44 So I avoid all the fun yo uall have Sep 01 14:11:50 No Wifi on device Sep 01 14:12:11 Grommish: wait. where's luci-ssl depending on wolfssl because master still has it depending on mbedlts? Sep 01 14:12:15 * mbedtls Sep 01 14:12:17 is this a PR? Sep 01 14:12:35 Borromini: https://github.com/openwrt/luci/pull/4401 Sep 01 14:12:45 Borromini: CONFIG_PACKAGE_luci-ssl to replace mbedtsl Sep 01 14:12:50 with wolfssl Sep 01 14:13:06 I'm just going to turn luci off for now Sep 01 14:13:12 Not like I'm going to use it to test right now Sep 01 14:13:25 dangole: cool thanks Sep 01 14:13:47 ah! Sep 01 14:13:53 i forgot to update the feeds of course. Sep 01 14:13:59 just don't select the luci-ssl meta package, and pick pieces yourself too Sep 01 14:14:08 :) Sep 01 14:14:28 karlp: *nod* That'll be for later when I'm on my own time ;p right now, dangole is waiting to see if it'll compile hehe Sep 01 14:21:57 if it fails out because of the ssl conflict I'm just rm'ing my .config Sep 01 14:26:45 Ok, I trashed my .config and started over.. building now Sep 01 14:37:44 dangole: Compiled.. I'll flash it Sep 01 14:41:07 dangole: So, what's next? ;p Sep 01 14:42:29 now you get to see how much doesn't work anymore because it's "secure" now :) Sep 01 14:42:49 Oh, I remember Android Sep 01 14:43:18 But, I don't have to make it WORK.. just provide proof it can! hehe Sep 01 14:43:53 ...are we putting SELinux into enforce without writing the policies first? Sep 01 14:43:55 :P Sep 01 14:44:09 Namidairo: Is there _any_ other way to do it? ;p Sep 01 14:45:31 If anyone is bored and want to see if rustup breaks your build..... :D https://github.com/openwrt/packages/pull/13040 and https://github.com/Itus-Shield/packages/commit/16cf24d65ca8fb1bac868021c32eaede608bbcd6 hehe Sep 01 14:46:36 The code to find the rustc triple is still very much broken for anything that isn't mips64_musl I think Sep 01 15:16:17 Grommish: you change kernel cmdline set 'selinux=1 enforcing=0' Sep 01 15:16:19 Grommish: but then you will need auditd so see what's happening... and that hasn't been packaged yet Sep 01 15:19:45 I can change the cmdline easy enough Sep 01 15:20:41 Rebuilding Sep 01 15:22:00 Oof Sep 01 15:23:33 Grommish: while you are at, it also consider https://github.com/openwrt/packages/pull/10664 Sep 01 15:24:29 Grommish: @flyn-org now did package audit incl. auditd, so installing that and all of policycoreutils, checkpolicy, ... will allow you to get started with policy fiddling Sep 01 15:24:48 Grommish: and, of course, procd-selinux was just the first baby-step, still lots missing there as well Sep 01 15:25:02 Grommish: but lets plow the field first and then plant things Sep 01 15:27:13 dangole: What am I doing wrong? I doing a gh pr checkout 10664 in feeds/packages Sep 01 15:27:30 Oh. I know Sep 01 15:28:15 Got it Sep 01 15:29:51 dangole: I'm unexperienced and zero knowledge in SELinux, but I can follow directions :) So, I'm all about learning the basics Sep 01 15:30:01 Do I need to enable audit in menuconfig? Sep 01 15:31:00 I'll turn it on anyway since it's showing (NEW).. Building out Sep 01 15:31:49