IRC log of #maemo-ssu for Tuesday, 2013-01-22

*** toxaris has quit IRC		00:00
*** NIN101 has quit IRC		00:06
*** joshgillies has joined #maemo-ssu		00:18
*** joshgillies has left #maemo-ssu		00:19
*** MrPingu has joined #maemo-ssu		00:27
*** iDont has joined #maemo-ssu		00:32
*** xes has quit IRC		00:38
*** iDont has quit IRC		00:40
*** iDont has joined #maemo-ssu		00:40
*** _rd has joined #maemo-ssu		00:43
*** iDont has quit IRC		00:47
*** MrPingu has quit IRC		00:50
*** MrPingu has joined #maemo-ssu		00:51
*** MrPingu has quit IRC		01:00
*** _rd has quit IRC		01:07
*** Martix_ has quit IRC		01:12
*** andre__ has quit IRC		01:15
*** andre__ has joined #maemo-ssu		01:31
*** joshgillies has joined #maemo-ssu		01:36
*** wumpwoas1 has quit IRC		01:50
*** arcean has quit IRC		02:10
*** kolp has quit IRC		02:39
*** X-Fade has quit IRC		03:20
*** freemangordon has quit IRC		03:25
*** M4rtinK has quit IRC		03:34
*** X-Fade has joined #maemo-ssu		03:57
*** grummund has quit IRC		04:04
*** X-Fade has quit IRC		05:17
*** amiconn has quit IRC		05:27
*** amiconn_ has joined #maemo-ssu		05:27
*** amiconn_ is now known as amiconn		05:27
*** X-Fade has joined #maemo-ssu		05:39
*** DocScrutinizer05 has quit IRC		06:02
*** DocScrutinizer05 has joined #maemo-ssu		06:04
*** nox- has quit IRC		06:19
*** ShadowJK has quit IRC		06:41
*** ShadowJK has joined #maemo-ssu		06:43
*** jon_y has quit IRC		07:14
*** thedead1440 has joined #maemo-ssu		07:15
*** jon_y has joined #maemo-ssu		07:15
DocScrutinizer05	anybody already got my forwarded mail?	07:15
DocScrutinizer05	subject "N900 repo GPG key renewal issue"	07:17
thedead1440	DocScrutinizer05: i received your email	07:17
DocScrutinizer05	fine :-)	07:17
DocScrutinizer05	do you think we (community) can help?	07:18
DocScrutinizer05	in the end we'd help ourselves	07:18
thedead1440	i think the devs here can have a version of CSSU-Security which adds a Security repo on users N900s and that repo is only used in the event of any security updates. This can be communicated to Nokia's representative and would be a good opportunity to get some further sponsorship from Nokia; it would be a 1-for-1 kind of exchange ;)	07:19
DocScrutinizer05	also please keep in mind boards most recent call to mention to then everything HiFo needs to ask Nokia for handing control over to HiFo, to allow sustainable maintenance of maemo infra at large	07:20
DocScrutinizer05	thedead1440: brilliant approach (hehe, I think I know who contributed some aspects ;-D) - I suggest to exploit wiki to draft a concept in cooperation of you experts	07:21
thedead1440	DocScrutinizer05: you want me to put a "proposal to fix expired keys" page on wiki? I thought you didn't want the email on the ML so that it doesn't spread? Oh and yes your ideas ;)	07:23
DocScrutinizer05	it's kinda waste of time if all 20 I BCCed would draft their own version of "Repo 101" as an introduction to how repo security works, then append their own idea of options we/Nokia have	07:23
thedead1440	ok in that case I'll start off a wiki page and everyone can put in their suggestions; ultimately its the developers here who will have to decide	07:24
DocScrutinizer05	thedead1440: yep, I suggest a wiki page "Repositories: basics of operation, security, current issues, options for solutions"	07:24
thedead1440	https://wiki.maemo.org/Repositories is unused; maybe this can be the meta page with sub-sections	07:25
DocScrutinizer05	good idea	07:25
DocScrutinizer05	start with one long page, split into subpages when needed	07:25
DocScrutinizer05	thedead1440: please make that wiki.maemo.org/fremantle/Repositories though	07:27
thedead1440	ok	07:27
DocScrutinizer05	since e.g. for HARM the situation is quite different afaik	07:28
DocScrutinizer05	~seen freemangordon	07:28
infobot	freemangordon <~freemango@130-204-50-168.2074221835.ddns.cablebg.net> was last seen on IRC in channel #maemo, 4h 59m 51s ago, saying: ':nod:'.	07:28
DocScrutinizer05	~seen pali	07:29
infobot	pali <~pali@Maemo/community/contributor/Pali> was last seen on IRC in channel #maemo, 1d 18h 33m 53s ago, saying: 'repository Flash?'.	07:29
DocScrutinizer05	anybody around with thorough expertise regarding repository management that I missed to send the mail to? Please holler	07:30
thedead1440	DocScrutinizer05: the issue and proposed solution 1 have been added to http://wiki.maemo.org/Fremantle/Repositories ; basics of operations I think someone with better knowledge of things adds	07:50
*** jon-kha has quit IRC		07:51
*** joshgillies has quit IRC		08:55
*** freemangordon has joined #maemo-ssu		09:21
freemangordon	DocScrutinizer05: I think it is Pali who can give the idea on what could be done re GPG key. IIRC he said that in theory that key validity could be extended	09:25
DocScrutinizer05	freemangordon: that would be best option, if the key validity is on server side and not encoded into key on device	09:26
freemangordon	yep	09:27
freemangordon	afaik so far we were in the same situation with repos on maemo.org, 1-2 years ago	09:27
DocScrutinizer05	freemangordon: first we need a concise but comprehensive explanation how stuff works, on that wiki page. Not even I have a clear idea of how gear works together	09:27
freemangordon	it was nokia to change something to fix it	09:28
freemangordon	me neither :D	09:28
* DocScrutinizer05 hopes for pali and merlin1991 and woody to step up and contribute a "repo for dummies"		09:28
DocScrutinizer05	also X-Fade and javispedro, though I'm woefully missing the latter since months	09:29
DocScrutinizer05	actually missing both	09:29
*** jonwil has joined #maemo-ssu		09:30
DocScrutinizer05	anyway please proactively further discussion and ping those who might have knowledge to contribute but possibly even didn't get BCCed on that mail	09:31
*** sunkan has joined #maemo-ssu		09:31
freemangordon	hmm, gregoa is our debian expert afaik, he might have some idea :)	09:32
DocScrutinizer05	we can demonstrate to Nokia we're worth it here ;-D	09:32
freemangordon	are we? :D:D:D	09:32
* jonwil reads logs to find out whats being discussed :)		09:33
DocScrutinizer05	so please keep the discussion floating	09:33
freemangordon	jonwil: Nokia needs our help to replace the expired apt key	09:33
freemangordon	DocScrutinizer05: correct?	09:34
DocScrutinizer05	kinda, aiui	09:34
DocScrutinizer05	freemangordon: will you fw the mail to whomever it may concern please?	09:37
jonwil	I intend to get back to looking at the N900 GPRS stuff soon btw (I was in the middle of reverse engineering csd-gprs when my computer failed suddenly, I only got it back from the repair guy yesterday and now I have to do a backup of important stuff before I move on)	09:37
DocScrutinizer05	freemangordon: not indiscriminately though	09:38
DocScrutinizer05	;-)	09:38
freemangordon	DocScrutinizer05: I can't think of anyone outside the guys here who can help	09:38
DocScrutinizer05	I'd like to stay PC here	09:38
*** povbot_ has joined #maemo-ssu		09:41
*** ChanServ sets mode: +v povbot_		09:41
kerio	and/or the files in /usr/share/HAM/keys	09:42
DocScrutinizer05	omfg	09:42
DocScrutinizer05	povbot spawns	09:42
*** Mihanizat0r has joined #maemo-ssu		09:42
*** povbot has quit IRC		09:43
kerio	i asked a dude in #gnupg about modifying the expiration date without having the secret key	09:43
kerio	he said no, unless [condition]	09:43
kerio	and then we checked, and [condition] is false in our case	09:43
kerio	just get nokia to sign the Release file with a different key	09:44
kerio	possibly the maemo.org one	09:44
DocScrutinizer05	in 'our' case nokia is in posession of the secret key	09:44
freemangordon	kerio: you're missing that Nokia is willing to help ;)	09:44
kerio	or maemosw admin	09:45
DocScrutinizer05	no, we are willing to help Nokia	09:45
kerio	DocScrutinizer05: you'd still have to push the key somehow	09:45
freemangordon	DocScrutinizer05: either ways	09:45
kerio	but to push the key you need a working HAM	09:45
kerio	and that's just false, for devices that don't know about cssu	09:45
kerio	the MaemoSW Admin key doesn't expire	09:45
freemangordon	kerio: you suggest Nokia to push PR1.4?	09:46
jonwil	more like 1.3.2 :)	09:46
freemangordon	I don;t think there is enough expertise left for that	09:47
DocScrutinizer05	none of that will fly, via SSU	09:47
DocScrutinizer05	please first get stuff sorted in detail how repo, key, HAM, apt works	09:48
DocScrutinizer05	place a concise but correct explanation of normal operation on wiki page	09:48
DocScrutinizer05	then analyze the problem we're facing	09:48
DocScrutinizer05	put that analysis there as well	09:49
DocScrutinizer05	based on that we can check what are our options	09:49
DocScrutinizer05	basically the analysis is as ashort as "on point 7 of above explanation of normal operation we run into error 'key expired'"	09:51
DocScrutinizer05	"since point 3 and point 8 we can't do anything about it on server/repo side" or similar	09:52
kerio	is nokia willing to issue like two commands?	09:53
kerio	they just need to use a different key for the repo	09:53
kerio	a key that's already on the devices	09:53
kerio	aka one of those in apt-key list	09:53
freemangordon	kerio: you mean to resign the packages with i.e. maemo.org key?	09:54
kerio	server-side change, nothing to do on the devices themselves	09:54
kerio	freemangordon: the packages aren't signed	09:54
kerio	the Release file is signed, and the Release has the md5sum of the Packages* files	09:54
freemangordon	ok	09:54
kerio	and those have the md5sums of every deb, tarball and dsc	09:54
freemangordon	ok,ok	09:54
DocScrutinizer05	freemangordon: you forwarded mail to kerio and gregoa?	09:55
jonwil	so all they need to do is to re-sign the Release file in their repos with a key that works?	09:55
kerio	yep	09:55
freemangordon	DocScrutinizer05: no, I don;t have their mails	09:55
kerio	it has to be a key that we (the n900s) already know of	09:55
jonwil	is there a key that's on the N900s that hasn't expired?	09:55
kerio	jonwil: plenty :)	09:55
jonwil	ok, great	09:55
jonwil	in that case it seems like the problem is simple assuming Nokia still has the private half of a suitable key	09:56
freemangordon	kerio: forwarded	09:56
kerio	jonwil: yep	09:56
kerio	merlin1991: do you have the private key of 2E6D6F9A, "maemo.org community repositories (fremantle) <repositories@maemo.org>"?	09:57
freemangordon	kerio: doesn't key contains for which server it was issued for?	09:57
kerio	freemangordon: no, keys are just gpg keys	09:57
freemangordon	ok	09:57
kerio	oh right, there's maybe another issue	09:57
kerio	HAM has to be happy of the key	09:57
kerio	so it has to be one of the keys listed under nokia-system in ham/domains/variant-domains.xexp	09:58
jonwil	is there a key in that list that isn't expired?	09:58
kerio	"MaemoSW Admin <admin@maemo.research.nokia.com>"	09:58
freemangordon	yep	09:59
kerio	crap, that's the only one, hopefully nokia still has that one	09:59
DocScrutinizer05	ok guys ( thedead1440), I can't be the driving force behind this since my plate is filled with 'other stuff of minor importance ;-P', so are you able to sustain this discussion on your own?	09:59
freemangordon	kerio: what about maemo repos key?	10:01
thedead1440	DocScrutinizer05: me for? I'm reading the backscroll :D	10:01
DocScrutinizer05	thedead1440: you mentioned jonni	10:01
kerio	freemangordon: those aren't listed in the nokia-system/nokia-certified domain	10:02
thedead1440	DocScrutinizer05: ah ok I'll speak to him	10:02
DocScrutinizer05	please invite him and fw mail if you think so	10:02
kerio	it shouldn't matter, mind you, because you'll never upgrade to a package from those repositories anyway	10:02
kerio	but i'm not sure	10:02
thedead1440	ok DocScrutinizer05 I'll speak to him and ask him if he would like to come here and share his view	10:03
kerio	aiui, domain information in HAM prevents the upgrade to a package from a higher domain to a lower domain	10:03
kerio	but i'm not sure if that information is stored across uninstalls, probably yes	10:03
DocScrutinizer05	fine, I'm out of the loop since other pressing affairs like finding a new sponsor for my bagels	10:04
thedead1440	haha	10:04
DocScrutinizer05	oooh, and that negligible issue of maemo migration	10:04
thedead1440	negligible? i thought it was on auto-pilot :D	10:04
DocScrutinizer05	HAHAHAHA	10:05
DocScrutinizer05	only one on auto-pilot is Murphy, as usual	10:05
thedead1440	:D	10:05
kerio	ah crap, maemosw isn't actually on devices	10:06
kerio	why did i have it? :s	10:06
kerio	we might be actually screwed	10:06
freemangordon	kerio: what?	10:06
DocScrutinizer05	he even resort to giving me unbearable tooth-ache	10:06
freemangordon	you mean it is listed, but not present?	10:06
kerio	i just deleted all the keys in apt and reimported the .gpg file from nokia	10:06
kerio	it's listed in HAM	10:06
kerio	or, rather, the fingerprint is stored in HAM	10:07
thedead1440	DocScrutinizer05: take some rest	10:07
kerio	so if we got the key on the device, it would work for HAM	10:07
freemangordon	but we don;t have it?	10:07
kerio	freemangordon: sudo apt-key list	10:07
freemangordon	it is listed there	10:07
kerio	:o	10:07
kerio	DocScrutinizer05: we need your vanilla device for a tiny bit	10:08
kerio	`sudo apt-key list`	10:08
DocScrutinizer05	umm	10:08
freemangordon	pub 1024D/4510B055 2009-03-18	10:08
freemangordon	uid MaemoSW Admin <admin@maemo.research.nokia.com>	10:08
DocScrutinizer05	fsck, no rootsh on vanilla device	10:08
kerio	DocScrutinizer05: haven't you got ssh on it?	10:08
jonwil	I have a vanilla no-CSSU-anything device	10:08
jonwil	with ssh on it	10:08
DocScrutinizer05	neither	10:08
DocScrutinizer05	which vanilla device has ssh?	10:09
kerio	DocScrutinizer05: why do you have it? :o	10:09
kerio	ok, then we need your slightly less vanilla device	10:09
jonwil	my device has no changes to the phone	10:09
freemangordon	jonwil: try it, please	10:09
kerio	jonwil: `sudo apt-key list`	10:09
kerio	freemangordon: i reckon it's one of those key i recvd from a keyserver manually, but i'm not sure	10:09
kerio	i deleted all the keys and readded variant-keys.gpg	10:09
thedead1440	apt-key list shows a number of keys expired at the same time as the key Nokia want to replace; so the issue here is more than 1 key?	10:10
freemangordon	kerio: I am sure i didn;t touch gpg keys here	10:10
kerio	thedead1440: do you see a MaemoSW Admin key?	10:10
freemangordon	he is on -thumb :)	10:10
thedead1440	kerio: pub 1024D/4510B055 2009-03-18	10:10
thedead1440	uid MaemoSW Admin <admin@maemo.research.nokia.com>	10:10
thedead1440	sub 2048g/F18168D7 2009-03-18	10:10
jonwil	http://pastebin.com/vpxedgjE	10:10
jonwil	Thats the output of apt-key list in SSH	10:11
freemangordon	yep, the key is there	10:11
kerio	weird, a phantom key	10:11
DocScrutinizer05	http://paste.ubuntu.com/1557762 FWIW	10:11
kerio	how did it get there?	10:11
freemangordon	why phantom?	10:11
freemangordon	nokia put it there	10:11
kerio	freemangordon: but where?	10:11
freemangordon	NFC :D	10:11
kerio	just a personal curiosity, mind you	10:11
thedead1440	why do i have a MaemoSW key and Doc doesn't have it	10:12
kerio	thedead1440: because you can't read	10:12
kerio	ok, so	10:12
thedead1440	ah scrolling error :D	10:12
jonwil	ok, so does that list I pastebinned help?	10:12
kerio	jonwil: yep	10:12
jonwil	ok, so there is a key on that list we can use?	10:12
jonwil	Assuming Nokia has the private half?	10:12
kerio	it means that nokia MUST sign their Release file with that key	10:13
kerio	yep	10:13
freemangordon	kerio: but, but, if public key is not on the devices?	10:13
kerio	freemangordon: the public key is on the devices	10:13
freemangordon	ok. it was you to ask "where" :P	10:13
kerio	i meant that it's not in the keychains that are shipped in /usr/share/hildon-application-manager/keys	10:14
kerio	usually you ship a file somewhere and apt-key add it in postinst	10:14
jonwil	ok, so we better hope Nokia has the private half of that key	10:14
freemangordon	yep	10:15
DocScrutinizer05	could we sneak in arbitrary keys from postinst with root perm?	10:15
kerio	DocScrutinizer05: most definetely	10:16
kerio	but you also need to make HAM happy, for it to work properly	10:16
kerio	or enable redpill mode and disable the domain verification	10:16
DocScrutinizer05	meh	10:16
freemangordon	kerio: no redpill on pr1.3	10:16
freemangordon	afaik	10:16
kerio	freemangordon: lies	10:16
kerio	you just have to edit ~/.osso/something	10:16
DocScrutinizer05	DOES redpill mode WORK on stock pr1.2+ HAM?	10:16
jonwil	So basically we are going to ask Nokia to re-sign all the Release files with the MaemoSW Admin key (if they have it) and then everything will magically start working again?	10:17
DocScrutinizer05	afaik it got completely nuked in PR1.2	10:17
kerio	jonwil: yep!	10:17
kerio	DocScrutinizer05: i only ever used PR1.2, and i had redpill mode then	10:17
kerio	1.2+, i mean	10:18
jonwil	Assuming Nokia has that key, it seems like a fairly simple request for them :)	10:18
DocScrutinizer05	please verfy and confirm	10:18
kerio	jonwil: that also assumes that there's someone in nokia who knows how to operate a terminal	10:18
DocScrutinizer05	jonwil: basically Nokia is asking us what to do	10:18
freemangordon	:D	10:18
jonwil	ok	10:18
DocScrutinizer05	so if we're polite and don't ask them to do BS, we will have a smooth cooperation	10:19
kerio	grab this other key, sign these two files, KEEP HOSTING THOSE REPOS FOREVER AND EVER	10:20
DocScrutinizer05	there might Nokians show up here and join the discussion, please be nice and welcome them. don't bash them as they're not the ones who messed up stuff	10:20
kerio	the weird thing is, it's probably a lot more reasonable than asking for permission to rehost	10:20
DocScrutinizer05	/mode +q kerio	10:20
kerio	DocScrutinizer05: i promise to not curse at elop too much :3	10:21
freemangordon	kerio: like fhj fhdsfha gfdhghsd dlporew Elop?	10:22
kerio	not the lovecraftian curse	10:22
DocScrutinizer05	kerio: you seem pretty savvy about how stuff in repo signing works, could you write up a short but precise description of the "normal case" on http://wiki.maemo.org/Fremantle/Repositories#Basics_of_Operations please	10:52
DocScrutinizer05	sth so a noob like me is able to grok it	10:53
kerio	i would, if the wiki loaded	10:53
DocScrutinizer05	ummm	10:53
kerio	damn, static. is sloooooooooow	10:53
DocScrutinizer05	a tad slow but basically flawless here	10:53
DocScrutinizer05	yeah, actually right now it's extremely slow	10:55
DocScrutinizer05	so better keep a copy of your edits in copy buffer when hitting "save"	10:56
DocScrutinizer05	kerio: many thanks	10:56
kerio	it's ok, i was actively looking for something to do instead of studying	10:56
kerio	DocScrutinizer05: i don't know what to write D:	11:00
DocScrutinizer05	start at beginning ;-D	11:01
freemangordon	kerio: express yourself :P	11:01
DocScrutinizer05	"once there been a virgin OS, with a signing key shipped on it..."	11:01
freemangordon	"but a bad wizard came and ..."	11:02
DocScrutinizer05	"when user start HAM, it does <foo< <bar> and for that it goes to that signing key... bla bla bla"	11:02
freemangordon	s/wizard/dragon/	11:02
infobot	freemangordon meant: "but a bad dragon came and ..."	11:02
kerio	DocScrutinizer05: does your vanilla HAM at least "refresh" the repos correctly?	11:09
DocScrutinizer05	kerio: right now I doubt anything vanilla does work	11:14
DocScrutinizer05	aah wait, you meant Nokia repos	11:14
kerio	yep	11:15
kerio	so disable extras and do a refresh	11:15
*** joshgillies has joined #maemo-ssu		11:15
kerio	hold on now, why do we have a problem again?	11:19
kerio	cssu ships his own packages	11:19
kerio	do we want nokia to ship something to notify people of CSSU?	11:20
freemangordon	deffinitely	11:21
kerio	DocScrutinizer05: done	11:30
*** ivgalvez has joined #maemo-ssu		11:34
kerio	DocScrutinizer05: i split my explanation in two, half in Basics of Operations and half in Issue 1	11:34
DocScrutinizer05	kerio: I get error "DNS server returned answer without data" for "Nokia SSU" and "Nokia apps" here	11:35
kerio	...wat	11:35
kerio	the fuck does that mean?	11:36
kerio	DocScrutinizer05: iirc HAM has a "log"	11:36
DocScrutinizer05	could not resolve host: downloads.maemo.nokia.com (DNS server returned answer with no data)	11:38
kerio	DocScrutinizer05: connection?	11:38
DocScrutinizer05	meh, wlan fscked	11:39
kerio	lol	11:39
DocScrutinizer05	that looks more like it now	11:41
DocScrutinizer05	or not, seems stalled	11:43
DocScrutinizer05	aaah	11:43
DocScrutinizer05	failed catalogs: maemo.org (no surprise)	11:43
kerio	mr0 and apps update correctly, right? then my analysis is correct	11:44
DocScrutinizer05	however no updates available (20.2010.36.2-2.203.1)	11:44
kerio	is this a pr1.3 or a pr1.3.1 device?	11:45
DocScrutinizer05	^^^	11:45
kerio	yeah, you're missing 1.3.1	11:45
kerio	my analysis is awesome :D	11:45
kerio	DocScrutinizer05: open a terminal, `apt-cache mp-fremantle-generic-pr`	11:45
DocScrutinizer05	haha, missing root to do that	11:46
kerio	just do what i tell you to do	11:46
kerio	i am aware that you have no root access :)	11:46
DocScrutinizer05	you're also aware that this looks like 'syntax error'?	11:46
kerio	...ok, now `apt-cache policy mp-fremantle-generic-pr`	11:47
kerio	the candidate should be 21.2011.38-1	11:47
kerio	and the installed should be less than that	11:47
DocScrutinizer05	unable to locate pkg	11:47
DocScrutinizer05	spellchecking...	11:47
kerio	well, maybe you don't have generic, you have a localized one	11:48
kerio	but why would you not flash Global, anyway?	11:48
DocScrutinizer05	because that's a virgin device	11:48
kerio	...is it still pr1.3?	11:48
DocScrutinizer05	however no updates available (20.2010.36.2-2.203.1)	11:49
kerio	DocScrutinizer05: dpkg -l \| grep mp-fremantle-	11:49
DocScrutinizer05	second time it booted here	11:49
kerio	you haven't even reflashed it yet?	11:50
DocScrutinizer05	nope	11:50
DocScrutinizer05	mp-fremantle-203-pr	11:51
DocScrutinizer05	surprise surprise	11:51
kerio	DocScrutinizer05: ok, apt-cache policy mp-fremantle-203-pr	11:52
kerio	what's 203?	11:52
kerio	like, which nation?	11:52
DocScrutinizer05	nfc	11:52
merlin1991	oh god, they have no plan whatsoever	11:52
kerio	merlin1991: who?	11:52
* merlin1991 just read the mail		11:52
kerio	:D	11:52
DocScrutinizer05	candidate 21.2011.38-1.203.1	11:52
kerio	it's good	11:52
kerio	that means that we can supply our own plan	11:52
kerio	DocScrutinizer05: my analysis is correct	11:53
kerio	^_^	11:53
DocScrutinizer05	good	11:53
merlin1991	DocScrutinizer05: did you email Pali?	11:53
kerio	HAM updates correctly, but doesn't give a fuck	11:53
DocScrutinizer05	it better is, or we'll find you... ;-P	11:53
merlin1991	he's the one who read the important ham code bits, I just talk out of my arse based on what I've experienced playing with the system	11:53
DocScrutinizer05	sure, he already answered awesome elaborate mail	11:54
merlin1991	can you forward that to me too? (I'm interested in the details aswell :D)	11:54
DocScrutinizer05	wonder where he is	11:54
DocScrutinizer05	merlin1991: first 2 letters of your mail pls	11:56
merlin1991	starts with my full name seperated by dot ;)	11:56
merlin1991	also ch	11:56
kerio	merlin.nineteenninetyone	11:57
merlin1991	kerio: :D	11:57
*** Guest44961 has joined #maemo-ssu		11:58
*** Guest44961 is now known as phr3akDom		11:59
DocScrutinizer05	GOD, dafaq, seems Nemein playing with bottleneck again	12:00
DocScrutinizer05	hmm, no, tmo is lightning fast	12:01
DocScrutinizer05	wiki though refuses connection	12:01
merlin1991	DocScrutinizer05: you hit the old address seperated by _ not . ;)	12:01
DocScrutinizer05	phoooooh, once it connects it works like....	12:02
*** ruskie has quit IRC		12:03
*** Estel_ has joined #maemo-ssu		12:03
*** Estel_ has quit IRC		12:03
*** Estel_ has joined #maemo-ssu		12:03
*** Estel_ is now known as djghdsjhnfdsi		12:04
*** djghdsjhnfdsi is now known as Estel_		12:05
*** freemangordon has quit IRC		12:12
*** Estel_ has quit IRC		12:14
jonwil	ok, so do we have a plan to keep the Nokia device repos going in the long term or not?	12:16
jonwil	or is it still to-do?	12:17
DocScrutinizer05	jonwil: for now it seems downloads.maemo.nokia.com is not getting transferred to HiFo, nor planned to get scrapped	12:24
DocScrutinizer05	jonwil: so what do you mean by "we got a plan"?	12:24
jonwil	ok, so the plan is for that repo to keep working and keep being hosted by Nokia and for the key issue to be sorted	12:24
jonwil	but for no further changes to that repo to be made (i.e. no future security updates)	12:25
ivgalvez	a list of repositories hosted at Nokia have been forwarded to Nokia representatives	12:26
ivgalvez	and we have asked them to provide the HiFo the right to redistribute the binaries hosted on those repositories	12:26
*** ruskie has joined #maemo-ssu		12:27
ivgalvez	however is very unlikely that they can give us that permission unless we examine all the content in a per package basis	12:27
jonwil	yeah I suspect there are 3rd party packages there that Nokia cant legally allow HiFo to redistribute	12:28
jonwil	like say Flash	12:28
jonwil	or say Facebook	12:28
ivgalvez	as for 3rd party binaries will be more difficult to obtain that permission	12:28
ivgalvez	yes	12:28
ivgalvez	or worse: TI drivers	12:28
ivgalvez	but we are still negotiating that, and it could take a while, with their legal department	12:28
ivgalvez	in the meantuime we have asked them not to shut down downloads	12:29
jonwil	ok	12:29
ivgalvez	they are also more reluctant with Harmattan stuff	12:29
merlin1991	kerio: who found out that the maemo sw key is still valid, and also linked to the ssu repo domain? (btw nice find :D)	12:30
kerio	i found that today, but iirc i also knew that from the past	12:32
*** arcean has joined #maemo-ssu		12:32
kerio	it's not a nice find, it's a combination of less and apt-key list	12:32
merlin1991	and a bit of gpg unless you can magically build fingerprints in your head :D	12:33
kerio	merlin1991: apt-key finger	12:33
kerio	jonwil: aiui we plan on shipping a single update there	12:33
kerio	to enable a system-level repo controlled by us	12:33
merlin1991	kerio: damn, I went the long road to double check it :D	12:33
jonwil	What would go in this new system-level repo?	12:34
kerio	jonwil: something to tell people "hey, there's cssu if you want more updates"	12:34
jonwil	ok	12:34
kerio	and security updates	12:34
jonwil	so security updates as in the recent changes to maemo-security-certificates-* or whatever?	12:34
jonwil	Anything else we have (e.g. in CSSU) that would count as a security update?	12:35
kerio	whatever we'll need in the future, too	12:35
kerio	yep	12:35
merlin1991	jonwil: a plentora of library upgrades because of known cves	12:35
jonwil	One of these days I want to see someone update Gecko in microb to pick up x number of years worth of security improvements	12:36
kerio	to be fair, we could make it easier and just enable cssu-stable on people	12:36
ivgalvez	I would bet for that	12:37
merlin1991	freemangordon and romaxa have been workign on microb lately	12:37
ivgalvez	instead of yet another CSSU flavour	12:37
jonwil	Do we have any clue if Nokia would even allow this community-repo idea? Or is that something else still under discussion?	12:37
jonwil	great if someone is working on microb	12:38
ivgalvez	they are willing to transfer all support for devices so probably yes	12:38
ivgalvez	from a technical POV they are alligned with us	12:38
merlin1991	from the top of my head we have a newer libxml, openssl, libcurl, pango and even some patches to the microb-engine	12:38
ivgalvez	the problem is with legal department around IP	12:38
jonwil	Why are they more wary regarding Harmattan?	12:39
ivgalvez	that one of the reasons why they asked us to wipe out any reference to Nokia as supporter or maintainer or anything related to warranties from maemo.org	12:39
ivgalvez	probably because Harmattan sold a few millions of devices	12:40
ivgalvez	but let's accept what they offer now and we will push for more later	12:40
ivgalvez	that's the motto	12:40
jonwil	yeah lets do that	12:40
jonwil	Are we asking for permission to redistribute the contents of the nokia-binaries SDK repository?	12:41
ivgalvez	yes	12:41
DocScrutinizer05	ivgalvez: I request to get into the loop as HiFo technical and admin officer	12:41
ivgalvez	no problem with me, we are probably having a meeting tomorrow I will propose it	12:42
ivgalvez	but you must know that they asked for absolutely confidentiallity	12:43
DocScrutinizer05	now that's not a problem with me	12:43
DocScrutinizer05	since I guess that confidentiality is between HiFo at large and Nokia	12:43
ivgalvez	anyway we are pushing during January with any luck or response	12:43
ivgalvez	without	12:43
ivgalvez	at least the technical guys contacted me about the gpg keys	12:44
jonwil	me, I guess the most useful thing I can do here is to go back to working on reverse engineering the GPRS bits (starting with csd-gprs and then moving to libicd-network-gprs and stuff after that)	12:44
*** xes has joined #maemo-ssu		12:44
*** xes has joined #maemo-ssu		12:44
DocScrutinizer05	seems Nokia starts to realize they have some responsibility still for their product that they can't simply drop on community's feet	12:44
ivgalvez	yep	12:45
DocScrutinizer05	they did an awesome job to gain full control over their stuff, now thei're locked in their own prison, so to say	12:46
DocScrutinizer05	and then they dropped the key and lost it, literally ;-P	12:47
ivgalvez	there should be a mess in there right now	12:47
ivgalvez	looking all the movements in staff and technical	12:48
kerio	let's hope they still have the key to the backdoor	12:48
kerio	aka MaemoSW Admin	12:48
ivgalvez	or to the toilets :D	12:48
ivgalvez	DocScrutinizer05 have you talked to rzronline or MAG about the old proposal to create a community repo for Harmattan	12:50
ivgalvez	now we will be in position to do that	12:50
DocScrutinizer05	nope, I didn't	12:51
DocScrutinizer05	ivgalvez: we're also in a good position now to ask Nokia about supporting maemo.org hosting for a bit longer, since it seems they realize they might need us	12:52
ivgalvez	we should have a proper package manager though	12:52
DocScrutinizer05	ivgalvez: you noticed quote of Nemein?	12:52
kerio	doesn't harmattan use yum?	12:52
ivgalvez	yes, as I told you before we are pending response to our latest emails	12:52
ivgalvez	I'd like to have a new conference call with the Nokia guys in order to clarify a few things and to insist about that	12:53
jonwil	I recon Corporate Lawyers need to go on the list of things that should never have been invented :)	12:53
ivgalvez	DocScrutinizer05: as we suspected, the quote is unnafordable	12:54
thedead1440	kerio: no its apt... also Harmattan has the same MaemoSW Admin key as Fremantle	12:56
kerio	thedead1440: just that one key?	12:56
DocScrutinizer05	ivgalvez: it's not exactly unaffordable, it's reasonable and it's scalable	12:57
ivgalvez	unafordable to our current financial status	12:57
thedead1440	kerio: nope the repo signing keys are the same and expired also same on 2012-10-03	12:57
kerio	hm	12:57
kerio	well, here's to hoping that they still have the private key to that key :)	12:58
thedead1440	but no error about the expiry on Harmattan	12:58
thedead1440	this means they should have it since its on Harmattan	12:58
kerio	~seen X-Fade	12:59
infobot	x-fade is currently on #maemo (7h 20m 20s) #harmattan (7h 20m 20s) #meego (7h 20m 20s) #maemo-ssu (7h 20m 20s), last said: 'ZogG_laptop: ?'.	12:59
DocScrutinizer05	ivgalvez: (current status) ack	13:00
DocScrutinizer05	ivgalvez: regarding your question on that gpg mail re flashing a PR1.4: I simply thought it's overly inconventient to most lusers	13:01
*** andre__ has quit IRC		13:06
*** xes has quit IRC		13:07
*** andre__ has joined #maemo-ssu		13:21
*** ivgalvez has quit IRC		13:25
*** kolp has joined #maemo-ssu		13:29
*** Martix_ has joined #maemo-ssu		13:38
*** Mihanizat0r has quit IRC		13:41
*** Estel_ has joined #maemo-ssu		13:58
*** Estel_ has quit IRC		13:58
*** Estel_ has joined #maemo-ssu		13:58
*** lizardo has joined #maemo-ssu		14:11
*** arcean has quit IRC		14:23
*** M4rtinK has joined #maemo-ssu		15:30
*** freemangordon has joined #maemo-ssu		15:39
*** freemangordon has quit IRC		15:47
*** Estel_ has quit IRC		16:00
*** thedead1440 is now known as thedead1440_		16:12
*** jon-kha has joined #maemo-ssu		16:12
*** thedead1440_ is now known as thedead1440		16:12
*** arcean has joined #maemo-ssu		16:19
*** Martix_ has quit IRC		16:22
*** ShadowX has quit IRC		16:38
*** ShadowX has joined #maemo-ssu		16:39
*** NIN101 has joined #maemo-ssu		16:42
*** jonwil has quit IRC		16:53
*** freemangordon has joined #maemo-ssu		16:59
*** Martix_ has joined #maemo-ssu		17:02
*** joshgillies has quit IRC		17:16
*** Lava_Croft has quit IRC		17:23
*** Martix_ has quit IRC		17:31
*** Martix_ has joined #maemo-ssu		17:32
*** toxaris has joined #maemo-ssu		17:58
gregoa	kerio: it seems the "MaemoSW Admin" key is the file /usr/share/keyrings/maemointernal-keyring.gpg, package maemointernal-keyring, and imported by /var/lib/dpkg/info/maemointernal-keyring.postinst	18:02
kerio	ooh, neat	18:02
freemangordon	yay :)	18:02
kerio	freemangordon: it doesn't matter, it just eases my mind	18:02
freemangordon	kerio: so, what is the current status?	18:03
kerio	freemangordon: same as before	18:03
kerio	we tell nokia to look for the matching secret key and we hope that they can find it	18:03
freemangordon	kerio: so a simple resign will do the job?	18:04
kerio	sure, why not?	18:04
freemangordon	great	18:04
freemangordon	we should ask HiFo to ask Nokia if they agree to push a "cssu-enabler" package	18:05
kerio	how do you "push" something like that?	18:06
freemangordon	upgrade xterm for example	18:06
freemangordon	or some other nokia pre-installed application	18:06
kerio	like the metapackage	18:06
kerio	:)	18:06
freemangordon	no nee of metapackage	18:07
kerio	you'd have to push it in a way that makes it uninstallable	18:07
freemangordon	*need	18:07
kerio	yes, need	18:07
kerio	because xterm won't be updated by HAM by itself	18:07
kerio	if we're going with that route, we might as well do it with n900-fmtx-enabler	18:07
*** dhbiker has quit IRC		18:07
freemangordon	every package in user section will do the job aiui	18:07
kerio	yeah	18:07
kerio	once the repo is fixed, we can think of what to do	18:08
freemangordon	and there are a couple of them.	18:08
freemangordon	sure	18:08
kerio	the easiest thing to do would be to decide that cssu-stable is stable enough, and push that	18:08
freemangordon	kerio: iirc there are some links by default on the desktop	18:08
freemangordon	yep	18:08
kerio	especially considering that "backporting" all the security fixes isn't really a possibility	18:09
kerio	DocScrutinizer05: yay or nay?	18:09
freemangordon	btw (if thedead1440 is right and harm has the same sysadmin key) Nokia has not lost the private	18:11
DocScrutinizer05	freemangordon: why would HiFo deal with such topic?	18:11
kerio	freemangordon: it can be a historical relic	18:11
kerio	freemangordon: the harm repos use the same keys as repository.maemo.org	18:11
freemangordon	DocScrutinizer05: because aiui they are the ones to talk to Nokia	18:11
freemangordon	DocScrutinizer05: though it does not really matter who will do it	18:12
DocScrutinizer05	no they are talking to Nokia LAWYERS	18:12
freemangordon	ok	18:12
freemangordon	then the council :)	18:12
thedead1440	freemangordon: you can check it out here: http://pastebin.com/XWCtw0s1	18:12
kerio	thedead1440: will the harmattan package manager accept the maemosw key, though?	18:13
kerio	(and do we care?)	18:13
freemangordon	oh, it is the same as on fremantle	18:13
freemangordon	yeah, could be some leagscy :(	18:13
freemangordon	*legacy	18:13
thedead1440	kerio: what I'm wondering is why when it has the same expiry date as on fremantle does only fremantle have the expired key issue	18:13
kerio	thedead1440: it's a HAM trust issue	18:14
freemangordon	thedead1440: that key has not expired	18:14
kerio	the repos are updated correctly	18:14
thedead1440	freemangordon: it has: expired: 2012-10-03	18:14
kerio	HAM just doesn't like that the key is expired, and won't accept updates to system packages from that repo	18:14
freemangordon	thedead1440: "MaemoSW Admin <admin@maemo.research.nokia.com>"?	18:15
freemangordon	no, it is not	18:15
freemangordon	and aiui it never expiers	18:15
thedead1440	no Nokia repository signing key 4v1 that's the one that is expired on fremantle too	18:15
kerio	thedead1440: which key is used for the repos?	18:15
thedead1440	all the Nokia repository signing keys are expired on both Harm and Fremantle	18:15
freemangordon	thedead1440: which key is used for ovi?	18:16
*** dhbiker has joined #maemo-ssu		18:16
thedead1440	freemangordon: not too sure	18:16
freemangordon	i guess it is either "GenSS (GenSS System)" or "...file distribution..."	18:17
thedead1440	let me ask Jonni	18:18
kerio	freemangordon: the fremantle ovi uses the 4v1 key	18:19
freemangordon	kerio: I asked what harm uses	18:20
*** phr3akDom has quit IRC		18:23
DocScrutinizer05	on HARM there's no HAM	18:29
freemangordon	sure	18:29
thedead1440	but even when you apt-get update on Fremantle you get the W: Error while you don't get the same on Harmattan	18:29
freemangordon	:nod:	18:29
kerio	thedead1440: really?	18:30
DocScrutinizer05	blame aegis and the black magic it introduces	18:30
kerio	hm, i don't know how to check the contents of a .gpg	18:30
thedead1440	yes kerio hence I'm banging on the same thing like a broken record	18:30
kerio	DocScrutinizer05: nah, it's probably just a different key	18:30
thedead1440	if there is a W: Error in one and not in another it means the server can be tweaked to adjust it, no? Device wouldn't need to have any changes be made then?	18:31
thedead1440	after all, Harmattan accesses downloads.maemo.nokia.com too for SSU etc so its the same repo	18:32
kerio	the server can't be tweaked to adjust it	18:34
kerio	it's not the same repo	18:34
*** Lava_Croft has joined #maemo-ssu		18:35
thedead1440	kerio: fremantle hits downloads.maemo.nokia.com/fremantle while harmattan hits downloads.maemo.nokia.com/harmattan so its just a different branch, isn't it?	18:37
kerio	it's a different apt repository	18:38
kerio	there are at least 3 just for fremantle	18:38
thedead1440	same there are 3 for harmattan too	18:38
*** xes has joined #maemo-ssu		18:43
*** xes has joined #maemo-ssu		18:43
*** ShadowX has quit IRC		19:06
*** ShadowX has joined #maemo-ssu		19:06
*** BCMM has joined #maemo-ssu		19:12
*** arcean has quit IRC		19:26
kerio	did someone ask nokia if they have that key?	19:37
thedead1440	freemangordon: GenSS is what is used for the Harmattan keys according to Jonni	20:20
thedead1440	those Nokia signing keys in Harmattan that are expired are not used anywhere confirmed hence no error message; apologies for the false alarm :S	20:27
*** Martix_ has quit IRC		20:30
kerio	who's actually talking to the nokia meego dudes?	20:31
*** Martix_ has joined #maemo-ssu		20:32
thedead1440	DocScrutinizer05 rec'd the email so i would presume him but he also has told them to join here...	20:33
*** jaded has joined #maemo-ssu		20:42
*** jaded has joined #maemo-ssu		20:42
*** jade has quit IRC		20:44
*** arcean has joined #maemo-ssu		21:03
*** arcean has quit IRC		21:09
*** arcean has joined #maemo-ssu		21:23
*** arcean has quit IRC		21:37
*** phr3akDom has joined #maemo-ssu		21:48
*** phr3akDom has quit IRC		21:52
*** arcean has joined #maemo-ssu		22:44
*** arcean has quit IRC		22:44
*** arcean has joined #maemo-ssu		22:44
*** _rd has joined #maemo-ssu		22:46
*** arcean has quit IRC		22:53
*** arcean has joined #maemo-ssu		22:53
*** lizardo has quit IRC		22:53
*** NIN101 has quit IRC		23:07

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!