IRC log of #maemo for Tuesday, 2015-12-29

« Monday, 2015-12-28 Index Wednesday, 2015-12-30 »
*** krnlyng has quit IRC00:03
*** eijk has quit IRC00:04
*** futpib has quit IRC00:05
*** sunshavi has joined #maemo00:14
*** krnlyng has joined #maemo00:19
jonwilwe need to find someone who knows enough about openssl to figure out just what the local patches in the maemo openssl0.9.8n are for and which ones we would need going forward...00:31
keriohow many patches are there?00:32
jonwilI dont know what differences/patches there are00:32
jonwilI am going to take a look and find out00:33
*** Pali has quit IRC00:34
*** louisdk has joined #maemo00:40
jonwilhmmm, I cant make sense of all this00:50
OksanaaNice, links?00:57
jonwilnice what?00:58
*** louisdk has quit IRC01:06
NIN101well one of them is actually harmful01:08
NIN10112_valgrind.patch01:09
*** Cor-Ai has quit IRC01:10
*** Cor-Ai has joined #maemo01:10
*** sunshavi has quit IRC01:13
*** krnlyng has quit IRC01:14
*** louisdk has joined #maemo01:19
*** sunshavi has joined #maemo01:24
*** LauRoman has quit IRC01:24
*** Cor-Ai_ has joined #maemo01:38
*** Cor-Ai has quit IRC01:38
*** Cor-Ai_ is now known as Cor-Ai01:38
OksanaaNice idea, to upgrade openssl. And opening links is way easier than finding them...01:45
*** louisdk has quit IRC01:47
*** florian has quit IRC01:53
sunshavimmm, openssl. When You guys finish. I can port it to n800 too01:59
*** krnlyng has joined #maemo02:04
*** louisdk has joined #maemo02:04
*** pigeon has quit IRC02:15
*** louisdk has quit IRC02:17
*** sunshavi has quit IRC02:26
*** drawkula has quit IRC02:26
*** drawkula has joined #maemo02:28
*** pozitrono has quit IRC02:28
*** sunshavi has joined #maemo02:37
jonwilbah, I cant find the source code to upstream openssl (debian version 0.9.8n-1)02:44
*** pozitron has joined #maemo02:48
*** louisdk has joined #maemo02:57
*** Oksanaa has quit IRC03:13
*** Hurrian has quit IRC03:27
*** Hurrian has joined #maemo03:28
*** louisdk has quit IRC03:32
*** xorly has quit IRC03:34
*** jonwil has quit IRC03:43
*** Oksanaa has joined #maemo04:12
*** Hurrian has quit IRC04:29
*** vakkov_ has joined #maemo04:34
*** vakkov has quit IRC04:37
*** LauRoman has joined #maemo04:38
*** Hurrian has joined #maemo04:43
*** Defiant has quit IRC04:46
*** Defiant has joined #maemo04:52
*** Hurrian has quit IRC05:07
*** LauRoman has quit IRC05:14
*** pigeon has joined #maemo05:18
*** Hurrian has joined #maemo05:37
*** svetlana has joined #maemo05:39
*** Hurrian has quit IRC05:43
*** DocScrutinizer05 has quit IRC06:08
*** DocScrutinizer05 has joined #maemo06:09
*** FReaper-PC has joined #maemo06:13
*** Roth has joined #maemo06:14
*** Hurrian has joined #maemo07:13
*** krnlyng has quit IRC07:16
*** sunshavi has quit IRC07:17
*** Hurrian has quit IRC07:27
*** svetlana has quit IRC07:47
*** krnlyng has joined #maemo08:04
*** Hurrian has joined #maemo08:09
*** Roth has quit IRC08:24
*** futpib has joined #maemo09:04
*** Hurrian has quit IRC09:18
*** Hurrian has joined #maemo09:21
*** geaaru has joined #maemo09:49
*** krnlyng has quit IRC09:52
*** futpib has quit IRC09:52
*** krnlyng has joined #maemo10:06
*** florian has joined #maemo10:22
*** freemangordon_ has joined #maemo10:27
bencohmeh, jonwil is offline again10:31
bencohanyway, some of the work (porting / tracking patches) has been done for 0.9.8zf:10:33
bencohhttp://repository.maemo.org/community-testing/pool/fremantle/free/source/o/openssl/10:34
bencohit might be a good start10:34
*** pozitron has quit IRC10:35
*** florian has quit IRC10:39
*** zGrr has joined #maemo10:45
zGrrmoin :)10:46
*** freemangordon_ has quit IRC10:56
*** freemangordon_ has joined #maemo11:04
*** krnlyng has quit IRC11:25
ceenettp://talk.maemo.org/showthread.php?p=1492874#post149287411:36
bencohceene: does openssl s_client work btw?11:38
*** vahe has joined #maemo11:38
ceenei don't know yet11:39
*** krnlyng has joined #maemo11:40
*** flo_lap has joined #maemo11:41
sixwheeledbeastIIRC our version of 0.9.8n is actually 0.9.8n with 0.9.8o patches applied11:45
ceenefrom the changelog it's in fact 0.9.8zf :/11:46
ceeneit's quite complex all this11:46
ceenebut i think there are no maemo patches11:46
ceeneexcept for thumb support, which i've just added11:46
ceeneopenssll s_client works ok11:48
sixwheeledbeastI remember compiling the list of CVE patches applied between 0.9.8o - 0.9.8z.11:49
sixwheeledbeastThe idea then was to backport due to ABI incompatibilities11:50
bencohceene: it is, in -testing11:50
bencohI dont really understand why jonwil doesnt use apt-get source11:50
ceeneyeah, that's what i do11:51
ceenemost of the time at least11:51
sixwheeledbeastah this was the thread http://talk.maemo.org/showthread.php?t=9329611:54
*** freemangordon_ has quit IRC11:55
ceenei've just eedited my post with what i think is the difference between maemo and debian versions11:56
ceenethat is only packaging, not code11:56
*** Pali has joined #maemo12:01
keriosixwheeledbeast: there's no ABI incompatibility :\12:04
kerioif there is, it's a bug12:04
bencohas far as we could tell, there was none indeed12:05
*** jonwil has joined #maemo12:08
ceenewhat i don't think is doable is patching theclosed source bits to use new openssl12:08
jonwilWe dont necessarily need to patch them12:09
keriohow new12:09
kerio?12:09
ceenewe could live with two openssl versions i guess12:10
keriothey'll happily use openssl 0.9.8zh or whatever the latest 0.9.8 is12:10
kerioi don't think any one of us wants to write an openssl shim12:10
ceenenope12:10
jonwilThere is no reason we cant have both 0.9.8zh or whatever it is for the closed source bits and also 1.0.2 for all the FOSS bits12:10
kerioindeed12:10
ceenethat's the way then12:10
jonwilas for what we have, CSSU is using 0.9.8zf12:10
ceenelittle by little the closed bits should be getting RE if at all possible and rewritten using new libs and whatever12:11
sixwheeledbeastI am only recalling the thread from last time.12:11
ceenebut that's far away i think12:11
jonwilbut stock is 9.8.8n-1 from Debian with some local changes12:11
keriocssu is on zf12:12
kerioand no further change was done12:12
bencohno need to work on top of 0.9.8n12:12
jonwilIf I can find the upstream Debian 0.9.8n-1 source, I can figure out exactly whats different between openssl 0.9.9n-1 from Debian and openssl 0.9.8n-1+maemo4+0m5 from Fremantle and then we can identify which of those Maemo-local changes actually matter and need to be somehow handled for any new 1.x.whatever port we may do12:14
jonwilCSSU is "12:14
sixwheeledbeastcssu testing is zf, stable is still 0.9.8n-1.12:14
bencohjonwil: fmg already "ported" those patches to zf12:14
jonwilCSSU is 0.9.8zf with bits from Debian 0.9.8n-1 and bits from Maemo 0.9.8n-1+maemo4+0m512:14
jonwilI know its been ported to zf12:14
bencohso why bother with n?12:14
jonwilI want to know exactly what is different between stock Maemo PR1.3 OpenSSL and upstream Debian OpenSSL (ignoring whatever may have been done in CSSU). That information will confirm once and for all which of the changes Nokia made on top of upstream Debian are necessary in some way for Maemo (and which are just e.g. back-ports from OpenSSL > 0,9.8n or otherwise are no longer necessary with...12:17
jonwil...the latest OpenSSL)12:17
ceenejonwil: does it really matter?12:18
*** eMHa has joined #maemo12:18
ceenei mean, if we're going to stick with the old version for the closed source bits12:19
ceeneand we're gonna try to port open source apps to use the new lib12:19
kerioceene: no, we're going to "stick with" the latest openssl 0.9.8 version12:19
ceenewhy do we care what was done for things that we're not going to touch?12:19
keriobecause bugs are things that exist12:19
ceeneeven if nokia did some changes to openssl12:19
ceenedo we want them?12:19
ceenei mean... it's not like openssl is something that should ever be touched without a stick12:20
bencohI'm not even sure we'd want any 3rd-party patch, considering history :*12:20
bencoh(hey debian, we're looking at you)12:20
ceenemy guess is if they did something, chances are they are for worse12:20
ceeneyeah, that's what i'm saying :)12:20
ceenei trust debian more than the nokia guys on this thing, and look at what debian did12:21
bencohbtw, iirc the 12_valgrind.patch we have isn't the harmful debian one12:21
bencohbut we should check chanlogs12:21
ceenethat patch is still on debian sid12:21
bencohyeah12:21
ceeneso i don't think that's the bad one12:22
bencohthat's what we thought back then as well12:22
ceenereally, touching a library like openssl without very profound knowledge of what you are doing doesn't look like a good idea12:22
ceenei know that i am not able to understand or asses what risks a little change might pose in ssl12:22
jonwilSpecifically I am looking at 22_openssl_psk_0.9.8n-lib.dpatch for example, its a Nokia patch (its full of Nokia copyrights) and its adding something we might actually need (PSK cypersuites)12:23
jonwilthats just an example of something Nokia added that we may somehow need to care about12:23
ceeneoh, if that's added functionality then there's little workaround about that :/12:24
jonwilLooks like https://launchpad.net/debian/+source/openssl/0.9.8n-1 is the source I want actually :)12:24
Palifreemangordon: looks like that patch for "/revision" DT entry will not be accepted and Arnd want to see that ATAG_REVISION will be parsed in that your hook where is save_atags12:25
ceenethat's what i thought, yes12:25
Palifreemangordon: will you extend your patch?12:25
jonwilok, so now I will do a diff between the source from Debian and the source from Maemo and see whats different between the 2 :)12:26
bencohwtf is a CST (20_load-cert.dpatch) ...12:30
keriowhere are the nokia patches?12:35
bencohmixed with the others in debian/patches/12:41
bencohthough I suspect they're the .dpatch ones :)12:41
bencohjonwil: psk support has been added in openssl-1.0.012:45
jonwilok12:46
bencohthe 2005 nokia copyright is a bit surprising12:46
bencohwell... the same copyright is present in vanilla openssl-1.0.012:48
bencohand the psk code has been around in git since at least 200612:49
*** trumee has joined #maemo12:51
bencohopenssl commit ddac197404f585b8da58df794fc3beb9d08e8cd2, code comes from nokia12:51
useretailhey guys, how to extract nolo from firmware image?13:00
*** krnlyng has quit IRC13:01
*** krnlyng has joined #maemo13:03
*** krnlyng has quit IRC13:06
*** krnlyng has joined #maemo13:07
jonwilnew post made http://talk.maemo.org/showthread.php?p=1492878#post149287813:08
jonwiluseretail: There should be a way to extract nolo via flasher-3.513:11
jonwilWhat do you want nolo for anyway?13:11
bencohjonwil: you probably still want the CST (20_load-cert.dpatch) patch13:12
bencohapart from that...13:12
jonwilok, post in the thread then13:12
*** sparetire_ has quit IRC13:13
*** krnlyng has quit IRC13:15
useretailrecently device went to reboot loop, so i'm trying to figure out how booting works13:15
jonwilhow will extracting nolo help with that?13:16
*** krnlyng has joined #maemo13:16
useretaili couldn't find sources for it13:17
*** Mekkis has quit IRC13:29
*** Mekkis has joined #maemo13:30
*** Cor-Ai_ has joined #maemo13:39
*** Cor-Ai has quit IRC13:41
*** Cor-Ai_ is now known as Cor-Ai13:41
*** Hurrian has quit IRC13:53
*** Wizzup has quit IRC13:57
KotCzarny~bootloop13:59
infoboti guess bootloop is when your device has broken rootfilesystem, so during reboot it fails on some service startup or kernel module load and thus reboots. This *drains* battery! And you can't reflash to stop bootloop when battery is drained. Recharge your battery by other means before reflashing. E.g. using ~rescueOS. Or external charger or BL-5J compatible other device.13:59
KotCzarnyrule #1, charge your battery13:59
jonwilthere is no source code for nolo out there btw14:01
*** Wizzup has joined #maemo14:03
*** jon_y_ has joined #maemo14:03
*** phlixi has quit IRC14:04
*** phlixi has joined #maemo14:04
*** Vajb has quit IRC14:04
*** Vajb has joined #maemo14:05
*** jon_y has quit IRC14:05
*** henkjan has quit IRC14:08
*** Hurrian has joined #maemo14:12
*** Hurrian has quit IRC14:14
*** darkschneider has quit IRC14:17
*** darkschneider has joined #maemo14:17
*** Hurrian has joined #maemo14:23
*** at1as has joined #maemo14:29
*** sunshavi has joined #maemo14:32
*** krnlyng has quit IRC14:33
*** SpeedEvil has quit IRC14:46
*** SpeedEvil has joined #maemo14:48
*** vahe has joined #maemo14:53
*** discopig has quit IRC14:55
*** Hurrian has quit IRC14:56
*** Hurrian has joined #maemo14:57
*** pozitrono has joined #maemo14:58
ceenei'm having trouble building qt4 package14:59
ceene/tmp/N900/qt4-x11-4.7.4~git20110505+cssu11/include/QtCore/qstringlist.h:1:86: ../../../qt4-x11-4.7.414:59
ceene~git20110505\+cssu11/src/corelib/tools/qstringlist.h: No such file or directory14:59
ceenewhich is false14:59
KotCzarnyare you are you really sure?14:59
ceeneshouldn't this be straightforward?14:59
KotCzarnythose paths can be misleading15:00
ceenei mean, this is apt-get source'd from scratchbox15:00
ceeneit should build15:00
KotCzarnyalso, change the name of the directory from ~ to -15:00
KotCzarnyand reconfigure15:00
ceeneyeah, i've checked15:00
KotCzarnyapparently ~ got eaten by bash15:00
ceeneno, no, it was in the pasting15:00
ceenethat got cut out to the other line15:00
KotCzarnystill, remove any special chars from the dir name15:01
ceeneif i go to /tmp/N900/qt4-x11-4.7.4~git20110505+cssu11/include/QtCore/, i ../../../qt4-x11-4.7.4~git20110505\+cssu11/src/corelib/tools/qstringlist.h exists15:01
*** eMHa_ has joined #maemo15:01
ceenebut that's the name of the deb package, i mean, that should work15:01
KotCzarnymv /tmp/N900/qt4-x11-4.7.4~git20110505+cssu11/ /tmp/N900/qt4-x11-4.7.4_git20110505_cssu11/15:01
KotCzarnyand redo15:01
KotCzarnyyou may try using bash instead of bb shell15:01
*** eMHa has quit IRC15:02
*** krnlyng has joined #maemo15:03
ceenesame thing15:03
ceenealso, the error comes from gcc15:03
ceeneso shell shouldn't matter15:04
bencohwhy would gcc print an escaped +?15:04
bencoh"~git20110505\+cssu11"15:04
ceenedunno15:05
KotCzarnyceene, did you reran ./configure ?15:06
KotCzarnyand the error msg should be different then15:06
ceenei'm trying to build the whole package, so i use dpkg-buildpackage15:06
ceenethat's what the autobuilder is supposed to do15:07
KotCzarnycheck if patches do something weird15:07
ceeneget the source code and inke dpkg-buildpackage15:07
KotCzarnyhardcoded stuff etc15:07
*** vahe has quit IRC15:07
ceenes/inke/invoke/15:07
infobotceene meant: get the source code and invoke dpkg-buildpackage15:07
ceenei'm gonna remove the +15:09
freemangordonjonwil: those Nokia patches were never upstreamed iirc15:09
freemangordon(openns that is)15:09
freemangordon*openssl15:09
freemangordonand we need them for the supl servers15:09
freemangordonjonwil: BTW I think it is better to look in CSSU openssl, not in the stock15:10
ceenei've had to edit the debian/changelog and replace the + with a -15:15
jonwilWhich nokia patches?15:15
KotCzarnyceene, does it compile now?15:15
bencohfreemangordon: which one?15:15
freemangordon*psk* ones15:16
bencohthey were15:16
freemangordonbencoh: upstreamed?15:16
ceenei can understand that some script is buggy, but i don't understand how is this compiled by the autobuilder15:16
bencohfreemangordon: yeah, see TMO15:16
ceeneKotCzarny: not yet, but it's gonna compile once i finish renaming these things15:16
jonwilhttps://git.openssl.org/?p=openssl.git;a=commit;h=ddac197404f585b8da58df794fc3beb9d08e8cd2 is the upstream commit for the PSK patches15:16
KotCzarnyceene, maybe it uses different shell/env15:16
bencohdidnt know we need it for supl though, thx for the info :)15:17
freemangordonwait, what? 2006?!?15:17
bencohyeah, kinda ... old15:17
bencohlooks like openssl didnt want to release it in the 0.9.x series15:18
freemangordonbut they are missing in 0.9.815:18
freemangordoneven in the latest15:18
freemangordonwell even in 0.9.8zf15:18
bencohfeature vs bugfix I guess15:18
freemangordonhmm, yeah, makes sense15:18
freemangordonBTW, AFAIK 0.9.8 and 1.0.x can coexists15:19
jonwilyes they can15:19
bencohyeah :)15:19
bencohhmm, dunno about headers, but libs can15:19
ceenenow it's compiling15:19
freemangordonso we should not have much of a problems15:19
jonwilheaders can't15:19
KotCzarnyceene, told ya, special chars confuse configure scripts15:20
ceenewell, it serves my purpose now, which is to get it compiling against openssl1.0.2e15:20
ceenei want then to backport some of the ssl related things of qt515:20
bencohceene: really, qt? well, I guess if this one works, everything will, but... :D15:20
ceeneto let it support tlsv12, etc15:20
jonwilanyhow, we should now have all the info we need to have in order to complete items #1, #2 and #3 from the first post in http://talk.maemo.org/showthread.php?t=9629215:21
freemangordonceene: we should patch (or backport from newer) qt fot it to support > tls115:21
ceenefreemangordon: yes, that's the idea15:21
ceenemost apps don't change default ssl options15:21
freemangordonas 4.7 is aware of tls1 and ssl3 only15:21
freemangordonmost in maemo do, as ssl3 is no longer supported :)15:22
ceeneso probably just modifying qssl::secureprotocols or however it's called, i don't remember, would be enough for apps to use the appropriate protocol15:22
bencohregarding curl and tlsv1, stupid thing (libcurl) will default to sslv3 unless told otherwise15:22
freemangordonant is is the default15:22
ceeneprovided backporting protocol support to qt4 is doable15:22
freemangordonbencoh: same for qt15:22
bencohfreemangordon: except curl wont try tslv1 by dfault15:22
freemangordonqt as well :)15:22
bencohat all15:23
bencohah15:23
freemangordonqt sends ssl3 hello, server rejects it and that's all :)15:23
freemangordonor something like that15:23
freemangordonI had that problrm with FB sharing plugin15:24
ceenessl3 should just be removed, as far as i know15:24
bencohyeah15:24
bencohfreemangordon: something like that with curl as well yeah15:24
jonwilCan anyone help make sure the root certificates in https://github.com/community-ssu/maemo-security-certman/commits/master are up to date with what they should be these days?15:24
bencohunless you specify -1 (force tlsv1)15:24
freemangordonbut our curl should be pretty recent iirc15:24
bencoh7.2615:25
jonwilI dont know where the good set of root certificates are these days15:25
freemangordonjonwil: last time I've checked, it was fine15:25
jonwilok15:25
freemangordonbut it was some 2 years ago :)15:25
jonwilwhere does that set of root certificates come from? Mozilla? NSS?15:25
freemangordon"freemangordon       committed       on 30 Aug 2013"15:26
freemangordonmozilla should be ok15:26
freemangordonsomeone with time and patience should check certs if FF agains those in maemo15:26
freemangordon*in FF15:26
ceeneis qt5 something desirable for maemo?15:29
freemangordonwayland?15:29
ceeneor a bump to 4.8 instead of 4.715:29
freemangordonwhat for?15:30
ceenedon't know, just asking15:30
WizzupI would doubt wayland is something that would be useful for maemo now15:38
*** vahe has joined #maemo15:40
*** jon_y_ is now known as jon_y15:45
bencohnot really15:46
*** flo_lap has quit IRC15:48
*** arossdotme has quit IRC15:51
jonwilhmmm, if I knew how all this certificate stuff in maemo-security-certman worked, I would take a look and see if its up-to-date with what it should be.15:51
*** vahe has quit IRC15:51
jonwilI found http://mxr.mozilla.org/nss/source/lib/ckfw/builtins/certdata.txt which contains the current Mozilla root certificate set15:51
*** eijk has joined #maemo15:51
*** vahe has joined #maemo15:52
*** xorly has joined #maemo15:58
*** arossdotme has joined #maemo16:00
jonwilPitty Juhani Mäkelä seems to be gone, otherwise they might be able to tell us how to update the maemo-security-certman certificates using the certdata.txt file16:04
*** eijk has quit IRC16:07
*** jonwil has quit IRC16:12
*** vahe has quit IRC16:12
sunshavican this certificates, can not just only be cped from a working linux workstation?16:13
*** Vajb has quit IRC16:18
*** Vajb has joined #maemo16:19
*** KotCzarny has quit IRC16:43
*** BCMM has joined #maemo16:54
*** pozitrono has quit IRC17:04
*** XDS2010 has quit IRC17:04
*** XDS2010 has joined #maemo17:12
*** Vajb has quit IRC17:17
*** Vajb has joined #maemo17:17
*** LauRoman has joined #maemo17:23
Palisunshavi: no it needs to be in format usable for certman17:23
sunshavipali: Mmm. /etc/ssl/certs/ca-certificates.crt, is not in the required format. Then my assumption was wrong.17:25
*** vakkov_ has quit IRC17:26
sunshavipali: btw: some people get it from cli see: https://wiki.archlinux.org/index.php/Isync#Step_.231:_Get_the_certificates17:26
Paliand?17:26
Palis_client is used for TLS via TCP17:27
sunshavithat pem file is in the format required bi certman?17:27
Paliof course you must be able to download public server cert and CA from server17:27
Palisunshavi: PEM format is some standard format for storing pkcs stuff17:28
Palicertificate is just some asn structure stored either binary or base6417:28
*** vakkov has joined #maemo17:28
Palibut certman needs some special storage17:28
Palisome indexes or what17:29
sunshavimmm. My assumption was the ca-certificates pkg is just some base-64 encoded files. and it should be the same for all distros, like a plain text file. Am I wrong?17:30
*** pozitron has joined #maemo17:45
Palisunshavi: each TLS library needs certificates in own format17:46
PaliNSS, OpenSSL, GnuTLS17:46
Palialso Certman17:46
sunshavimmm, ok17:46
PaliQt4 too :-)17:46
sunshavithey r statically linked then17:46
keriooh yeah about that17:47
keriowe should probably update that crap17:47
kerioand align with the mozilla trust store as a reasonable default17:47
PaliI think that fedora has some project/prgram which take list of CA certificates and generate correct format for NSS, OpenSSL and GnuTLS17:47
keriocan't we just copy debian17:48
kerioand go from there17:48
PaliNSS uses sqlite or db2 for stroring certs (depends on app)17:48
Palifirefox uses db217:48
Palichromium sqlite317:48
Palibut both firefox and chromium ses NSS17:49
bencohhmm... firefox doesnt rely on NSS for certs?17:49
keriochromium doesn't use NSS anymore17:49
keriothey switched to boringssl17:49
Palikerio: really?17:49
Paliand where they store user certs?17:49
kerioi'm fairly sure they did17:49
kerioi dunno17:49
Pali$ readelf -d /usr/lib/chromium-browser/chromium-browser | grep -i nss17:50
Pali 0x0000000000000001 (NEEDED)             Shared library: [libnss3.so]17:50
Pali 0x0000000000000001 (NEEDED)             Shared library: [libnssutil3.so]17:50
Pali$ chromium-browser --version17:50
PaliChromium 45.0.2454.85 Ubuntu 12.0417:50
Palino, still uses NSS17:50
Palinothing boring17:51
keriohttps://code.google.com/p/chromium/issues/detail?id=39331717:51
kerioi don't know lolz17:51
Pali$ readelf -d /usr/lib/chromium-browser/chromium-browser | grep -i ssl17:52
Pali 0x0000000000000001 (NEEDED)             Shared library: [libcrssl.so]17:52
Pali$ readelf -d /usr/lib/chromium-browser/chromium-browser | grep -i crypto17:52
Pali 0x0000000000000001 (NEEDED)             Shared library: [libcrcrypto.so]17:52
Pali 0x0000000000000001 (NEEDED)             Shared library: [libk5crypto.so.3]17:52
*** BCMM has quit IRC17:52
kerioliterally all the libraries17:53
Pali/usr/lib/chromium-browser/libs/libcrcrypto.so17:53
kerioi think libcrcrypto is boringssl's libcrypto17:53
Palilooks like...17:53
Palibut stil uses NSS17:53
Palimaybe just for user cert storage?17:53
sunshavipali: then after openssl (0.9.8z) compilation on n900. I can not backport it to n800. cos finding the right certificates is going to be an issue17:53
kerioPali: probably as a backend17:53
keriochrome tends to use whatever the default for the OS is17:54
kerioi guess that means libnss on linux17:54
bencohkerio: you're mixing two different "NSS"17:54
kerionetwork software something, right17:55
keriothe mozilla tls library17:55
bencohthat one isn't particularly "default" on linux OSes17:56
bencohit's, well... used in mozilla products17:56
kerioyeah but17:57
keriothe mozilla trust store most definetely is17:58
keriowhat else are you going to use? oracle java's?17:58
bencohwhat's the "mozilla trust store"17:59
*** flo_lap has joined #maemo18:00
keriohttps://www.mozilla.org/en-US/about/governance/policies/security-group/certs/18:00
bencohmost linux distrib will ship with the certs included in the mozilla "root store"18:04
bencohbut it doesn't mean they use libnss in any way18:04
bencohthink of the ca-certificates debian package for instance18:04
bencohno libnss there, just a bunch of certs and a wrapper to openssl c_rehash18:06
keriowe should do that thing18:08
bencohPali: do you know where maemosec/certman is used?18:09
Palibencoh: wifi (eapd), modest, paritally microb (browser) and maybe other parts18:10
bencohdoes microb use it through libnss?18:11
Palimicrob links to certman libs18:11
Paliso something is doing with it18:11
bencohhmm18:12
bencohwell, I guess we'd need to read microb-engine source...18:13
bencohfunny ldd on browser.launc doesnt give nss18:14
Palibecause browser does not use nss18:15
Paliit is in lower layer in eal18:15
bencohhmm18:15
Palihttp://browser.garage.maemo.org/docs/browser_paper.html18:16
Palihttp://browser.garage.maemo.org/docs/eal/index.html18:16
bencohright, browserd is linked against it18:16
bencohbrowserd is linked against libnss3/libssl3 and openssl but not against maemosec or certman libs18:18
bencohbrowser is linked against maemosec/certman stuff and openssl, but no libnss3/libssl318:18
*** vakkov has quit IRC18:20
freemangordonPali: certificates are in standart pem format, there is a cmdline tool to rehash them18:20
Palifreemangordon: are you able to update certman package where are certs?18:21
freemangordonjust a sec18:21
freemangordonPali: https://github.com/community-ssu/maemo-security-certman/blob/master/debian/maemosec-certman-common-ca.postinst18:23
bencohat least that's openssl-"standard"18:24
freemangordonPali: according to https://github.com/community-ssu/maemo-security-certman/commit/0be038825a98dae2d80fd411a02cb4c86ed1b36a merlin1991 should be able to change certificates as well :)18:27
*** KotCzarny has joined #maemo18:27
freemangordonI already have too much on the plate, sorry18:27
freemangordonalso, I don;t remember how exactly it is done18:27
sunshavifreemangordon: can i get those certs on n800 and just rehash them too?, for openssl use18:30
freemangordonyep18:30
freemangordonthough the tricky part is that you should rename the certificate after rehashing and rehash again or somesuch18:31
freemangordoncan;t remember exactly18:31
sunshavigreat, well all of we r on Merlin hands then18:31
freemangordonor, you should use cmcli to import the certificate18:31
*** vakkov has joined #maemo18:31
freemangordonsorry, it was 2 years ago I last played with this18:31
sunshavimmm, I have compiled mbsync aka isync for n800. But i can connect to gmail I think it is a certificate issue18:32
sunshaviI would need to dig a little bit about the certificates subject18:33
sunshavis/can/can't/18:33
freemangordonyeah, cmcli is the way18:33
sunshavifreemangordon: thanks18:33
*** zGrr has quit IRC18:34
freemangordoncmcli [-<T|t> <domain>[:<domain>...]] [-<c|p> <domain>]18:34
freemangordon-a <cert-file [<cert-file>...]> -i <pkcs12-file>18:34
freemangordon-a to add a certificate to the given domain18:34
bencohcmcli? is that the way you add certs in maemo?18:34
freemangordonyes18:34
bencohthx :)18:34
freemangordonadd/remove/etc18:34
freemangordonI guess we need "-i to install a PKCS#12 container or a single private key"18:35
sunshavino cmcli on n800, which pkg is part of cmcli?18:39
freemangordonmaemo-security-certman18:40
sunshavilet's search18:40
sunshavifreemangordon: "maemo-security-certman" needs to be backported to n80018:49
sunshaviat least we r in the right path :)18:50
freemangordonsunshavi: could be, but I don;t have such device, feel free to backport it https://github.com/community-ssu/maemo-security-certman18:50
sunshavinice. thanks18:51
freemangordonsunshavi: though i doubt there is no similar tool on n80018:51
freemangordonDocScrutinizer05: what is used to manage ssl certs on n800?18:52
bencohwell, Pali said libcst was renamed to maemosec, so ...18:52
sunshavimmm, what would be the name?, where is that pkg right now?18:52
sunshavibencoh: libcst is a lib. So (no cli tools on lib pkg)18:53
freemangordonsunshavi: what about maemosec-certman-tools18:53
*** esaym153 has quit IRC18:53
bencohyeah, but it might lead you to some other tool18:54
sunshavilet's search18:54
*** zGrr has joined #maemo18:54
freemangordonsunshavi: what is the output of "dpkg -l | grep cst"18:55
freemangordonthere shoule be some *tools* or *bin*  package or somesuch18:56
sunshavi--8<---------------cut here---------------start------------->8---18:56
sunshaviii  libcst                                           1.7.20                                       X509 certificate manager library, dummy pack18:56
sunshaviii  libcst0                                          1.7.20                                       X509 certificate manager library18:56
sunshavi--8<---------------cut here---------------end--------------->8---18:56
sunshavi18:56
sunshavifreemangordon: no match also on "maemosec-certman-tools"18:58
freemangordonsec18:58
*** KotCzarny has quit IRC18:59
freemangordonsunshavi: there is some closed source certificate manager18:59
freemangordoncheck which packages depend on libcst18:59
*** flo_lap is now known as florian19:00
freemangordonsunshavi: http://maemo.org/development/documentation/manuals/3-x/howto_certificate_storage_bora/19:01
freemangordonor is it maemo419:02
freemangordon?19:02
*** KotCzarny has joined #maemo19:02
DocScrutinizer05freemangordon: no idea19:02
DocScrutinizer05freemangordon: I think N8x0 had diablo19:05
DocScrutinizer05not bora19:05
KotCzarnyyes, chinook, then diablo19:06
bencohapt-cache rdepends19:07
freemangordonit seems there is no cli19:08
freemangordonbut UI only19:08
sunshavi--8<---------------cut here---------------start------------->8---19:10
sunshavi~ $ apt-cache rdepends libcst19:10
sunshavilibcst19:10
sunshaviReverse Depends:19:10
sunshavi  certs19:10
sunshavi--8<---------------cut here---------------end--------------->8---19:10
sunshavibencoh: thanks19:10
freemangordonwhat is that package certs?19:10
sunshavidebian is not my main distro19:10
freemangordonsunshavi: dpkg -L certs19:11
freemangordonwill list all the files in the package19:11
sunshavi--8<---------------cut here---------------start------------->8---19:11
sunshavi~ $ apt-cache show certs19:11
sunshaviPackage: certs19:11
sunshaviStatus: install ok installed19:11
sunshaviPriority: optional19:11
sunshaviSection: misc19:11
sunshaviInstalled-Size: 8819:11
sunshaviMaintainer: Yauheni Kaliuta <yauheni.kaliuta@nokia.com>19:11
sunshaviArchitecture: armel19:11
sunshaviVersion: 1.6.219:11
sunshaviDepends: libcst, gconf219:11
sunshaviConffiles:19:11
freemangordonyou'd better use pastebin or something19:11
sunshavi /etc/gconf/schemas/certs.schemas 21cf43d5c2d485c6a77cda341ed2b8cf19:11
DocScrutinizer05please use pastebin!!19:11
sunshaviDescription: A set of X509 certificates19:12
sunshavi This package contains a set of CA certificates, understood19:12
sunshavi by libcst library.19:12
*** ChanServ sets mode: +o DocScrutinizer0519:12
sunshavi--8<---------------cut here---------------end--------------->8---19:12
bencohno tool?19:12
DocScrutinizer05sunshavi: please don't do that!19:12
sunshavipastebin?19:12
sunshavimmm19:12
bencohand yeah, pastebin if you need to paste long stuff19:12
sunshaviok, mo more lines19:12
DocScrutinizer05~pastebin19:12
infobotA "pastebin" is a web-based service where you should paste anything over 3 lines so you don't flood the channel. Here are links to a few: http://www.pastebin.com, http://pastebin.ca, http://channels.debian.net/paste, http://paste.lisp.org, http://bin.cakephp.org/; or install pastebinit with yum or aptitude.19:12
sunshaviok, let's digest pastebin19:13
freemangordonsunshavi: yeah, as you risk doc to kick you :)19:13
*** ChanServ sets mode: -o DocScrutinizer0519:13
DocScrutinizer05also google pastebinit, cmdline tool very useful. python19:15
sunshavimmm, emacs has a pkg 4 pastebin I think19:16
sunshavinow, creating a user on paste.lisp.org19:16
DocScrutinizer05https://packages.debian.org/search?keywords=pastebinit19:17
*** futpib has joined #maemo19:18
DocScrutinizer05could somebody bored do a lil fancy and package https://packages.debian.org/sid/pastebinit for fremantle, then upload to repos?19:19
sunshaviDocScrutinizer05: pastebinit, needs a user?19:22
KotCzarnyyou can use pastebin.com or pastebin.ca19:22
DocScrutinizer05not up til last time I checked19:22
sunshavithen let's try it19:22
KotCzarnyand try to paste 'raw' links (ie. after pasting to the site click 'raw' then paste the link)19:22
*** zGrr has quit IRC19:23
sunshavihttp://pastebin.ca/330756719:24
sunshaviis that ok?19:24
KotCzarnyyeah, though i prefer clicking raw on the left and pasting this form: http://pastebin.ca/raw/330756719:26
bencohhmm... this package doesnt contain much...19:26
sunshaviKotCzarny: nice19:27
sunshavithat was my first pastebin post :)19:27
DocScrutinizer05saturn:~ # head -n 100 /etc/services |pastebinit19:28
DocScrutinizer05http://susepaste.org/1029725219:28
sunshavibencoh: the gtalk plugin from maemo is not working anymore cos cert has expired. :)19:31
freemangordonsunshavi: you can import new certificate from control panel19:34
sunshaviI should retry it then. Now I am connected by jabber to gtalk19:35
DocScrutinizer05jr@saturn:~/bin> ssh root@iron900 dpkg -l|head -n200|pastebinit19:36
DocScrutinizer05http://susepaste.org/3117159219:36
sunshavithen. what is the equivalent to this file on maemo n800 with os2008 /etc/ssl/certs/ca-certificates.crt?19:38
*** zGrr has joined #maemo19:41
*** futpib_ has joined #maemo19:46
*** eijk has joined #maemo19:48
*** futpib has quit IRC19:50
sunshavianother question could be: I am getting this error "SSL error connecting imap.gmail.com (173.194.219.109:993): error:00000007:lib(0):func(0):BUF lib", but "openssl s_client -connect imap.gmail.com:993" works, which could be the issue?19:58
*** trumee has quit IRC20:05
*** trumee has joined #maemo20:07
*** zGrr has quit IRC20:11
*** zGrr has joined #maemo20:28
*** sparetire_ has joined #maemo20:34
Siceloi have no sound out of N900 earpiece during a call now. if i enable loudspeaker that works, and also headset works. device has definitely not been dropped since the last known working state. any ideas?20:38
KotCzarnyreboot?20:39
Siceloi was about to say without reboot :)20:39
KotCzarny:)20:39
KotCzarnybut it might have given up a ghost20:39
KotCzarnyearpieces die in cellphones just from use20:39
Sicelogoing to see if it's not just pulseaudio acting up20:42
*** geaaru has quit IRC20:42
Siceloworked :)20:43
KotCzarny:)20:43
KotCzarnyput an info about it on the wiki (or tmo)20:43
Sicelobut, i seem to think there's 'bigger' problem somewhere .. i noticed this 'silent earpiece' on sunday, but later that day all was ok. and today i received a call and nothing could be heard.20:44
Sicelodunno really20:44
*** louisdk has joined #maemo20:55
*** heroux has quit IRC21:16
*** heroux has joined #maemo21:18
SiceloKotCzarny: by the way, just hit 7 days uptime =)21:21
KotCzarnyum, new battery or new hack?21:28
Siceloi don't get you .. not 7 days on single charge21:30
Siceloi charge daily as this is my main phone, and it is in use for internet a lot21:30
*** mulin0 has joined #maemo21:32
DocScrutinizer05IroN900:~# uptime21:32
DocScrutinizer05 20:32    10 Tage 23:43 an,  0 Benutzer,  Durchschnittslast: 0,12, 0,05, 0,0621:32
KotCzarnyahm, mine's uptime is 19 days 4.47h21:32
Siceloi'd be happy with that .. my N900 has not gone higher than 12 days in a loooong time, due to silly issues that crop up (e.g. this silent earpiece thing)21:36
*** SpeedEvil has quit IRC21:37
*** SpeedEvil has joined #maemo21:37
KotCzarnyi dont know, mine is flashed with stock 1.3.1 and i didnt have any issues since 200921:37
Sicelomost recent restart was due to my stupidity though, haha. had enabled swap on uSD, and 7 days later opened the cover to store a micro-sim temporarily (from the N9 when i gave it back)21:38
KotCzarnyfor me its usually 'low battery', 'no, i won't charge you yet'21:39
*** mulin0 has quit IRC21:48
*** Vajb has quit IRC21:49
*** Vajb has joined #maemo21:51
*** KotCzarny has quit IRC21:59
*** KotCzarny has joined #maemo22:07
*** realitygaps has quit IRC22:18
*** darkschneider has quit IRC22:18
*** darkschneider has joined #maemo22:19
*** realitygaps has joined #maemo22:20
*** Oksanaa has quit IRC22:33
*** SpeedEvil has quit IRC22:34
*** SpeedEvil has joined #maemo22:34
*** trumee has quit IRC22:37
*** florian has quit IRC22:38
*** trumee has joined #maemo22:39
*** pozitron has quit IRC22:54
*** jonwil has joined #maemo23:02
jonwilhi23:03
*** zGrr has quit IRC23:07
*** pozitrono has joined #maemo23:12
*** eijk has quit IRC23:13
*** Natch has quit IRC23:23
*** zGrr has joined #maemo23:34
jonwilhttp://talk.maemo.org/showthread.php?p=1492921#post149292123:40
*** Natch has joined #maemo23:41
*** LauRoman has quit IRC23:47
Palijonwil: hi, I have problem with internet wifi indicator... this is in your RE package?23:48
Paliconnui-internet?23:49
jonwilwifi indicator where? On status bar or on the select network dialog?23:49
Palion both23:50
PaliI'm connected to wifi, but indicator is not visible in status area23:51
Paliand when I'm open menu there is "internet connections" button with subtitle "not connected"23:51
Palibut when I click on it I see button "disconnect <wifi network>23:51
Paliand I'm really connected to wifi network23:52
Paliinternet is working23:52
jonwilweird23:52
Palijonwil: both are parts of connui-internet package?23:52
jonwilI think so23:52
Palilooks like "sudo killall -9 icd2" can cause this state23:52
Paliafter that upstart (or dsme) start icd2 again23:53
Paliand autoconnect cause scanning and connecting to preferred wifi network23:53
Palibut indicator is not updated23:53
Palijonwil: can you look at it?23:54
jonwilIts a clone of stock so it should do whatever stock does23:54
Palithen it is bug :-) which is now possible to fix23:54
PaliI'm not sure if this is present in stock version23:55
« Monday, 2015-12-28 Index Wednesday, 2015-12-30 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!