IRC log of #maemo-ssu for Tuesday, 2013-01-22

*** toxaris has quit IRC00:00
*** NIN101 has quit IRC00:06
*** joshgillies has joined #maemo-ssu00:18
*** joshgillies has left #maemo-ssu00:19
*** MrPingu has joined #maemo-ssu00:27
*** iDont has joined #maemo-ssu00:32
*** xes has quit IRC00:38
*** iDont has quit IRC00:40
*** iDont has joined #maemo-ssu00:40
*** _rd has joined #maemo-ssu00:43
*** iDont has quit IRC00:47
*** MrPingu has quit IRC00:50
*** MrPingu has joined #maemo-ssu00:51
*** MrPingu has quit IRC01:00
*** _rd has quit IRC01:07
*** Martix_ has quit IRC01:12
*** andre__ has quit IRC01:15
*** andre__ has joined #maemo-ssu01:31
*** joshgillies has joined #maemo-ssu01:36
*** wumpwoas1 has quit IRC01:50
*** arcean has quit IRC02:10
*** kolp has quit IRC02:39
*** X-Fade has quit IRC03:20
*** freemangordon has quit IRC03:25
*** M4rtinK has quit IRC03:34
*** X-Fade has joined #maemo-ssu03:57
*** grummund has quit IRC04:04
*** X-Fade has quit IRC05:17
*** amiconn has quit IRC05:27
*** amiconn_ has joined #maemo-ssu05:27
*** amiconn_ is now known as amiconn05:27
*** X-Fade has joined #maemo-ssu05:39
*** DocScrutinizer05 has quit IRC06:02
*** DocScrutinizer05 has joined #maemo-ssu06:04
*** nox- has quit IRC06:19
*** ShadowJK has quit IRC06:41
*** ShadowJK has joined #maemo-ssu06:43
*** jon_y has quit IRC07:14
*** thedead1440 has joined #maemo-ssu07:15
*** jon_y has joined #maemo-ssu07:15
DocScrutinizer05anybody already got my forwarded mail?07:15
DocScrutinizer05subject "N900 repo GPG key renewal issue"07:17
thedead1440DocScrutinizer05: i received your email07:17
DocScrutinizer05fine :-)07:17
DocScrutinizer05do you think we (community) can help?07:18
DocScrutinizer05in the end we'd help ourselves07:18
thedead1440i think the devs here can have a version of CSSU-Security which adds a Security repo on users N900s and that repo is only used in the event of any security updates. This can be communicated to Nokia's representative and would be a good opportunity to get some further sponsorship from Nokia; it would be a 1-for-1 kind of exchange ;)07:19
DocScrutinizer05also please keep in mind boards most recent call to mention to then everything HiFo needs to ask Nokia for handing control over to HiFo, to allow sustainable maintenance of maemo infra at large07:20
DocScrutinizer05thedead1440: brilliant approach (hehe, I think I know who contributed some aspects ;-D) - I suggest to exploit wiki to draft a concept in cooperation of you experts07:21
thedead1440DocScrutinizer05: you want me to put a "proposal to fix expired keys" page on wiki? I thought you didn't want the email on the ML so that it doesn't spread? Oh and yes your ideas ;)07:23
DocScrutinizer05it's kinda waste of time if all 20 I BCCed would draft their own version of "Repo 101" as an introduction to how repo security works, then append their own idea of options we/Nokia have07:23
thedead1440ok in that case I'll start off a wiki page and everyone can put in their suggestions; ultimately its the developers here who will have to decide07:24
DocScrutinizer05thedead1440: yep, I suggest a wiki page "Repositories: basics of operation, security, current issues, options for solutions"07:24
thedead1440https://wiki.maemo.org/Repositories is unused; maybe this can be the meta page with sub-sections07:25
DocScrutinizer05good idea07:25
DocScrutinizer05start with one long page, split into subpages when needed07:25
DocScrutinizer05thedead1440: please make that wiki.maemo.org/fremantle/Repositories though07:27
thedead1440ok07:27
DocScrutinizer05since e.g. for HARM the situation is quite different afaik07:28
DocScrutinizer05~seen freemangordon07:28
infobotfreemangordon <~freemango@130-204-50-168.2074221835.ddns.cablebg.net> was last seen on IRC in channel #maemo, 4h 59m 51s ago, saying: ':nod:'.07:28
DocScrutinizer05~seen pali07:29
infobotpali <~pali@Maemo/community/contributor/Pali> was last seen on IRC in channel #maemo, 1d 18h 33m 53s ago, saying: 'repository Flash?'.07:29
DocScrutinizer05anybody around with thorough expertise regarding repository management that I missed to send the mail to? Please holler07:30
thedead1440DocScrutinizer05: the issue and proposed solution 1 have been added to http://wiki.maemo.org/Fremantle/Repositories ; basics of operations I think someone with better knowledge of things adds07:50
*** jon-kha has quit IRC07:51
*** joshgillies has quit IRC08:55
*** freemangordon has joined #maemo-ssu09:21
freemangordonDocScrutinizer05: I think it is Pali who can give the idea on what could be done re GPG key. IIRC he said that in theory that key validity could be extended09:25
DocScrutinizer05freemangordon: that would be best option, if the key validity is on server side and not encoded into key on device09:26
freemangordonyep09:27
freemangordonafaik so far we were in the same situation with repos on maemo.org, 1-2 years ago09:27
DocScrutinizer05freemangordon: first we need a concise but comprehensive explanation how stuff *works*, on that wiki page. Not even I have a clear idea of how gear works together09:27
freemangordonit was nokia to change something to fix it09:28
freemangordonme neither :D09:28
* DocScrutinizer05 hopes for pali and merlin1991 and woody to step up and contribute a "repo for dummies"09:28
DocScrutinizer05also X-Fade and javispedro, though I'm woefully missing the latter since months09:29
DocScrutinizer05actually missing both09:29
*** jonwil has joined #maemo-ssu09:30
DocScrutinizer05anyway please proactively further discussion and ping those who might have knowledge to contribute but possibly even didn't get BCCed on that mail09:31
*** sunkan has joined #maemo-ssu09:31
freemangordonhmm, gregoa is our debian expert afaik, he might have some idea :)09:32
DocScrutinizer05we can demonstrate to Nokia we're worth it here ;-D09:32
freemangordonare we? :D:D:D09:32
* jonwil reads logs to find out whats being discussed :)09:33
DocScrutinizer05so please keep the discussion floating09:33
freemangordonjonwil: Nokia needs our help to replace the expired apt key09:33
freemangordonDocScrutinizer05: correct?09:34
DocScrutinizer05kinda, aiui09:34
DocScrutinizer05freemangordon: will you fw the mail to whomever it may concern please?09:37
jonwilI intend to get back to looking at the N900 GPRS stuff soon btw (I was in the middle of reverse engineering csd-gprs when my computer failed suddenly, I only got it back from the repair guy yesterday and now I have to do a backup of important stuff before I move on)09:37
DocScrutinizer05freemangordon: not indiscriminately though09:38
DocScrutinizer05;-)09:38
freemangordonDocScrutinizer05: I can't think of anyone outside the guys here who can help09:38
DocScrutinizer05I'd like to stay PC here09:38
*** povbot_ has joined #maemo-ssu09:41
*** ChanServ sets mode: +v povbot_09:41
kerioand/or the files in /usr/share/HAM/keys09:42
DocScrutinizer05omfg09:42
DocScrutinizer05povbot spawns09:42
*** Mihanizat0r has joined #maemo-ssu09:42
*** povbot has quit IRC09:43
kerioi asked a dude in #gnupg about modifying the expiration date without having the secret key09:43
keriohe said no, unless [condition]09:43
kerioand then we checked, and [condition] is false in our case09:43
keriojust get nokia to sign the Release file with a different key09:44
keriopossibly the maemo.org one09:44
DocScrutinizer05in 'our' case nokia is in posession of the secret key09:44
freemangordonkerio: you're missing that Nokia is willing to help ;)09:44
kerioor maemosw admin09:45
DocScrutinizer05no, *we* are willing to help Nokia09:45
kerioDocScrutinizer05: you'd still have to push the key somehow09:45
freemangordonDocScrutinizer05: either ways09:45
keriobut to push the key you need a working HAM09:45
kerioand that's just false, for devices that don't know about cssu09:45
keriothe MaemoSW Admin key doesn't expire09:45
freemangordonkerio: you suggest Nokia to push PR1.4?09:46
jonwilmore like 1.3.2 :)09:46
freemangordonI don;t think there is enough expertise left for that09:47
DocScrutinizer05none of that will fly, via SSU09:47
DocScrutinizer05please first get stuff sorted in *detail* how repo, key, HAM, apt works09:48
DocScrutinizer05place a concise but correct explanation of normal operation on wiki page09:48
DocScrutinizer05then analyze the problem we're facing09:48
DocScrutinizer05put that analysis there as well09:49
DocScrutinizer05based on that we can check what are our options09:49
DocScrutinizer05basically the analysis is as ashort as "on point 7 of above explanation of normal operation we run into error 'key expired'"09:51
DocScrutinizer05"since point 3 and point 8 we can't do anything about it on server/repo side" or similar09:52
keriois nokia willing to issue like *two* commands?09:53
keriothey just need to use a different key for the repo09:53
kerioa key that's already on the devices09:53
kerioaka one of those in apt-key list09:53
freemangordonkerio: you mean to resign the packages with i.e. maemo.org key?09:54
kerioserver-side change, nothing to do on the devices themselves09:54
keriofreemangordon: the packages aren't signed09:54
keriothe Release file is signed, and the Release has the md5sum of the Packages* files09:54
freemangordonok09:54
kerioand those have the md5sums of every deb, tarball and dsc09:54
freemangordonok,ok09:54
DocScrutinizer05freemangordon: you forwarded mail to kerio and gregoa?09:55
jonwilso all they need to do is to re-sign the Release file in their repos with a key that works?09:55
kerioyep09:55
freemangordonDocScrutinizer05: no, I don;t have their mails09:55
kerioit has to be a key that we (the n900s) already know of09:55
jonwilis there a key that's on the N900s that hasn't expired?09:55
keriojonwil: plenty :)09:55
jonwilok, great09:55
jonwilin that case it seems like the problem is simple assuming Nokia still has the private half of a suitable key09:56
freemangordonkerio: forwarded09:56
keriojonwil: yep09:56
keriomerlin1991: do you have the private key of 2E6D6F9A, "maemo.org community repositories (fremantle) <repositories@maemo.org>"?09:57
freemangordonkerio: doesn't key contains for which server it was issued for?09:57
keriofreemangordon: no, keys are just gpg keys09:57
freemangordonok09:57
keriooh right, there's maybe another issue09:57
kerioHAM has to be happy of the key09:57
kerioso it has to be one of the keys listed under nokia-system in ham/domains/variant-domains.xexp09:58
jonwilis there a key in that list that isn't expired?09:58
kerio"MaemoSW Admin <admin@maemo.research.nokia.com>"09:58
freemangordonyep09:59
keriocrap, that's the only one, hopefully nokia still has that one09:59
DocScrutinizer05ok guys ( thedead1440), I can't be the driving force behind this since my plate is filled with 'other stuff of minor importance ;-P', so are you able to sustain this discussion on your own?09:59
freemangordonkerio: what about maemo repos key?10:01
thedead1440DocScrutinizer05: me for? I'm reading the backscroll :D10:01
DocScrutinizer05thedead1440: you mentioned jonni10:01
keriofreemangordon: those aren't listed in the nokia-system/nokia-certified domain10:02
thedead1440DocScrutinizer05: ah ok I'll speak to him10:02
DocScrutinizer05please invite him and fw mail if you think so10:02
kerioit *shouldn't* matter, mind you, because you'll never upgrade to a package from those repositories anyway10:02
keriobut i'm not sure10:02
thedead1440ok DocScrutinizer05 I'll speak to him and ask him if he would like to come here and share his view10:03
kerioaiui, domain information in HAM prevents the upgrade to a package from a higher domain to a lower domain10:03
keriobut i'm not sure if that information is stored across uninstalls, probably yes10:03
DocScrutinizer05fine, I'm out of the loop since other pressing affairs like finding a new sponsor for my bagels10:04
thedead1440haha10:04
DocScrutinizer05oooh, and that negligible issue of maemo migration10:04
thedead1440negligible? i thought it was on auto-pilot :D10:04
DocScrutinizer05HAHAHAHA10:05
DocScrutinizer05only one on auto-pilot is Murphy, as usual10:05
thedead1440:D10:05
kerioah crap, maemosw isn't actually on devices10:06
keriowhy did i have it? :s10:06
keriowe might be actually screwed10:06
freemangordonkerio: what?10:06
DocScrutinizer05he even resort to giving me unbearable tooth-ache10:06
freemangordonyou mean it is listed, but not present?10:06
kerioi just deleted all the keys in apt and reimported the .gpg file from nokia10:06
kerioit's listed in HAM10:06
kerioor, rather, the fingerprint is stored in HAM10:07
thedead1440DocScrutinizer05: take some rest10:07
kerioso if we got the key on the device, it would work for HAM10:07
freemangordonbut we don;t have it?10:07
keriofreemangordon: sudo apt-key list10:07
freemangordonit is listed there10:07
kerio:o10:07
kerioDocScrutinizer05: we need your vanilla device for a tiny bit10:08
kerio`sudo apt-key list`10:08
DocScrutinizer05umm10:08
freemangordonpub   1024D/4510B055 2009-03-1810:08
freemangordonuid                  MaemoSW Admin <admin@maemo.research.nokia.com>10:08
DocScrutinizer05fsck, no rootsh on vanilla device10:08
kerioDocScrutinizer05: haven't you got ssh on it?10:08
jonwilI have a vanilla no-CSSU-anything device10:08
jonwilwith ssh on it10:08
DocScrutinizer05neither10:08
DocScrutinizer05which vanilla device has ssh?10:09
kerioDocScrutinizer05: why do you have it? :o10:09
keriook, then we need your slightly less vanilla device10:09
jonwilmy device has no changes to the phone10:09
freemangordonjonwil: try it, please10:09
keriojonwil: `sudo apt-key list`10:09
keriofreemangordon: i reckon it's one of those key i recvd from a keyserver manually, but i'm not sure10:09
kerioi deleted all the keys and readded variant-keys.gpg10:09
thedead1440apt-key list shows a number of keys expired at the same time as the key Nokia want to replace; so the issue here is more than 1 key?10:10
freemangordonkerio: I am sure i didn;t touch gpg keys here10:10
keriothedead1440: do you see a MaemoSW Admin key?10:10
freemangordonhe is on -thumb :)10:10
thedead1440kerio: pub   1024D/4510B055 2009-03-1810:10
thedead1440uid                  MaemoSW Admin <admin@maemo.research.nokia.com>10:10
thedead1440sub   2048g/F18168D7 2009-03-1810:10
jonwilhttp://pastebin.com/vpxedgjE10:10
jonwilThats the output of apt-key list in SSH10:11
freemangordonyep, the key is there10:11
kerioweird, a phantom key10:11
DocScrutinizer05http://paste.ubuntu.com/1557762 FWIW10:11
keriohow did it *get* there?10:11
freemangordonwhy phantom?10:11
freemangordonnokia put it there10:11
keriofreemangordon: but where?10:11
freemangordonNFC :D10:11
keriojust a personal curiosity, mind you10:11
thedead1440why do i have a MaemoSW key and Doc doesn't have it10:12
keriothedead1440: because you can't read10:12
keriook, so10:12
thedead1440ah scrolling error :D10:12
jonwilok, so does that list I pastebinned help?10:12
keriojonwil: yep10:12
jonwilok, so there is a key on that list we can use?10:12
jonwilAssuming Nokia has the private half?10:12
kerioit means that nokia MUST sign their Release file with that key10:13
kerioyep10:13
freemangordonkerio: but, but, if public key is not on the devices?10:13
keriofreemangordon: the public key is on the devices10:13
freemangordonok. it was you to ask "where" :P10:13
kerioi meant that it's not in the keychains that are shipped in /usr/share/hildon-application-manager/keys10:14
keriousually you ship a file somewhere and apt-key add it in postinst10:14
jonwilok, so we better hope Nokia has the private half of that key10:14
freemangordonyep10:15
DocScrutinizer05could we sneak in arbitrary keys from postinst with root perm?10:15
kerioDocScrutinizer05: most definetely10:16
keriobut you also need to make HAM happy, for it to work properly10:16
kerioor enable redpill mode and disable the domain verification10:16
DocScrutinizer05meh10:16
freemangordonkerio: no redpill on pr1.310:16
freemangordonafaik10:16
keriofreemangordon: lies10:16
kerioyou just have to edit ~/.osso/something10:16
DocScrutinizer05DOES redpill mode WORK on stock pr1.2+ HAM?10:16
jonwilSo basically we are going to ask Nokia to re-sign all the Release files with the MaemoSW Admin key (if they have it) and then everything will magically start working again?10:17
DocScrutinizer05afaik it got completely nuked in PR1.210:17
keriojonwil: yep!10:17
kerioDocScrutinizer05: i only ever used PR1.2, and i had redpill mode then10:17
kerio1.2+, i mean10:18
jonwilAssuming Nokia has that key, it seems like a fairly simple request for them :)10:18
DocScrutinizer05please verfy and confirm10:18
keriojonwil: that also assumes that there's someone in nokia who knows how to operate a terminal10:18
DocScrutinizer05jonwil: basically Nokia is asking us what to do10:18
freemangordon:D10:18
jonwilok10:18
DocScrutinizer05so if we're polite and don't ask them to do BS, we will have a smooth cooperation10:19
keriograb this other key, sign these two files, KEEP HOSTING THOSE REPOS FOREVER AND EVER10:20
DocScrutinizer05there might Nokians show up here and join the discussion, please be nice and welcome them. don't bash them as they're not the ones who messed up stuff10:20
keriothe weird thing is, it's probably a lot more reasonable than asking for permission to rehost10:20
DocScrutinizer05/mode +q kerio10:20
kerioDocScrutinizer05: i promise to not curse at elop too much :310:21
freemangordonkerio: like fhj fhdsfha gfdhghsd dlporew Elop?10:22
kerionot the lovecraftian curse10:22
DocScrutinizer05kerio: you seem pretty savvy about how stuff in repo signing works, could you write up a short but precise description of the "normal case" on http://wiki.maemo.org/Fremantle/Repositories#Basics_of_Operations please10:52
DocScrutinizer05sth so a noob like me is able to grok it10:53
kerioi would, if the wiki loaded10:53
DocScrutinizer05ummm10:53
keriodamn, static. is sloooooooooow10:53
DocScrutinizer05a tad slow but basically flawless here10:53
DocScrutinizer05yeah, actually right now it's extremely slow10:55
DocScrutinizer05so better keep a copy of your edits in copy buffer when hitting "save"10:56
DocScrutinizer05kerio: many thanks10:56
kerioit's ok, i was actively looking for something to do instead of studying10:56
kerioDocScrutinizer05: i don't know what to write D:11:00
DocScrutinizer05start at beginning ;-D11:01
freemangordonkerio: express yourself :P11:01
DocScrutinizer05"once there been a virgin OS, with a signing key shipped on it..."11:01
freemangordon"but a bad wizard came and ..."11:02
DocScrutinizer05"when user start HAM, it does <foo< <bar> and for that it goes to that signing key... bla bla bla"11:02
freemangordons/wizard/dragon/11:02
infobotfreemangordon meant: "but a bad dragon came and ..."11:02
kerioDocScrutinizer05: does your vanilla HAM at least "refresh" the repos correctly?11:09
DocScrutinizer05kerio: right now I doubt anything vanilla does work11:14
DocScrutinizer05aah wait, you meant Nokia repos11:14
kerioyep11:15
kerioso disable extras and do a refresh11:15
*** joshgillies has joined #maemo-ssu11:15
keriohold on now, why do we have a problem again?11:19
keriocssu ships his own packages11:19
keriodo we want nokia to ship something to notify people of CSSU?11:20
freemangordondeffinitely11:21
kerioDocScrutinizer05: done11:30
*** ivgalvez has joined #maemo-ssu11:34
kerioDocScrutinizer05: i split my explanation in two, half in Basics of Operations and half in Issue 111:34
DocScrutinizer05kerio: I get error "DNS server returned answer without data" for "Nokia SSU" and "Nokia apps" here11:35
kerio...wat11:35
keriothe fuck does that mean?11:36
kerioDocScrutinizer05: iirc HAM has a "log"11:36
DocScrutinizer05could not resolve host: downloads.maemo.nokia.com (DNS server returned answer with no data)11:38
kerioDocScrutinizer05: connection?11:38
DocScrutinizer05meh, wlan fscked11:39
keriolol11:39
DocScrutinizer05that looks more like it now11:41
DocScrutinizer05or not, seems stalled11:43
DocScrutinizer05aaah11:43
DocScrutinizer05failed catalogs: maemo.org (no surprise)11:43
keriomr0 and apps update correctly, right? then my analysis is correct11:44
DocScrutinizer05however no updates available (20.2010.36.2-2.203.1)11:44
keriois this a pr1.3 or a pr1.3.1 device?11:45
DocScrutinizer05^^^11:45
kerioyeah, you're missing 1.3.111:45
keriomy analysis is *awesome* :D11:45
kerioDocScrutinizer05: open a terminal, `apt-cache mp-fremantle-generic-pr`11:45
DocScrutinizer05haha, missing root to do that11:46
keriojust do what i tell you to do11:46
kerioi am aware that you have no root access :)11:46
DocScrutinizer05you're also aware that this looks like 'syntax error'?11:46
kerio...ok, now `apt-cache policy mp-fremantle-generic-pr`11:47
keriothe candidate should be 21.2011.38-111:47
kerioand the installed should be less than that11:47
DocScrutinizer05unable to locate pkg11:47
DocScrutinizer05spellchecking...11:47
keriowell, maybe you don't have generic, you have a localized one11:48
keriobut why would you not flash Global, anyway?11:48
DocScrutinizer05because that's a *virgin* device11:48
kerio...is it still pr1.3?11:48
DocScrutinizer05however no updates available (20.2010.36.2-2.203.1)11:49
kerioDocScrutinizer05: dpkg -l | grep mp-fremantle-11:49
DocScrutinizer05second time it booted here11:49
kerioyou haven't even reflashed it yet?11:50
DocScrutinizer05nope11:50
DocScrutinizer05mp-fremantle-203-pr11:51
DocScrutinizer05surprise surprise11:51
kerioDocScrutinizer05: ok, apt-cache policy mp-fremantle-203-pr11:52
keriowhat's 203?11:52
keriolike, which nation?11:52
DocScrutinizer05nfc11:52
merlin1991oh god, they have no plan whatsoever11:52
keriomerlin1991: who?11:52
* merlin1991 just read the mail11:52
kerio:D11:52
DocScrutinizer05candidate 21.2011.38-1.203.111:52
kerioit's good11:52
keriothat means that we can supply our own plan11:52
kerioDocScrutinizer05: my analysis *is* correct11:53
kerio^_^11:53
DocScrutinizer05good11:53
merlin1991DocScrutinizer05: did you email Pali?11:53
kerioHAM updates correctly, but doesn't give a fuck11:53
DocScrutinizer05it better is, or we'll find you... ;-P11:53
merlin1991he's the one who read the important ham code bits, I just talk out of my arse based on what I've experienced playing with the system11:53
DocScrutinizer05sure, he already answered awesome elaborate mail11:54
merlin1991can you forward that to me too? (I'm interested in the details aswell :D)11:54
DocScrutinizer05wonder where he is11:54
DocScrutinizer05merlin1991: first 2 letters of your mail pls11:56
merlin1991starts with my full name seperated by dot ;)11:56
merlin1991also ch11:56
keriomerlin.nineteenninetyone11:57
merlin1991kerio: :D11:57
*** Guest44961 has joined #maemo-ssu11:58
*** Guest44961 is now known as phr3akDom11:59
DocScrutinizer05GOD, dafaq, seems Nemein playing with bottleneck again12:00
DocScrutinizer05hmm, no, tmo is lightning fast12:01
DocScrutinizer05wiki though refuses connection12:01
merlin1991DocScrutinizer05: you hit the old address seperated by _ not . ;)12:01
DocScrutinizer05phoooooh, once it connects it works like....12:02
*** ruskie has quit IRC12:03
*** Estel_ has joined #maemo-ssu12:03
*** Estel_ has quit IRC12:03
*** Estel_ has joined #maemo-ssu12:03
*** Estel_ is now known as djghdsjhnfdsi12:04
*** djghdsjhnfdsi is now known as Estel_12:05
*** freemangordon has quit IRC12:12
*** Estel_ has quit IRC12:14
jonwilok, so do we have a plan to keep the Nokia device repos going in the long term or not?12:16
jonwilor is it still to-do?12:17
DocScrutinizer05jonwil: for now it seems downloads.maemo.nokia.com is not getting transferred to HiFo, nor planned to get scrapped12:24
DocScrutinizer05jonwil: so what do you mean by "we got a plan"?12:24
jonwilok, so the plan is for that repo to keep working and keep being hosted by Nokia and for the key issue to be sorted12:24
jonwilbut for no further changes to that repo to be made (i.e. no future security updates)12:25
ivgalveza list of repositories hosted at Nokia have been forwarded to Nokia representatives12:26
ivgalvezand we have asked them to provide the  HiFo the right to redistribute the binaries hosted on those repositories12:26
*** ruskie has joined #maemo-ssu12:27
ivgalvezhowever is very unlikely that they can give us that permission unless we examine all the content in a per package basis12:27
jonwilyeah I suspect there are 3rd party packages there that Nokia cant legally allow HiFo to redistribute12:28
jonwillike say Flash12:28
jonwilor say Facebook12:28
ivgalvezas for 3rd party binaries will be more difficult to obtain that permission12:28
ivgalvezyes12:28
ivgalvezor worse: TI drivers12:28
ivgalvezbut we are still negotiating that, and it could take a while, with their legal department12:28
ivgalvezin the meantuime we have asked them not to shut down downloads12:29
jonwilok12:29
ivgalvezthey are also more reluctant with Harmattan stuff12:29
merlin1991kerio: who found out that the maemo sw key is still valid, and also linked to the ssu repo domain? (btw nice find :D)12:30
kerioi found that today, but iirc i also knew that from the past12:32
*** arcean has joined #maemo-ssu12:32
kerioit's not a nice find, it's a combination of less and apt-key list12:32
merlin1991and a bit of gpg unless you can magically build fingerprints in your head :D12:33
keriomerlin1991: apt-key finger12:33
keriojonwil: aiui we plan on shipping a single update there12:33
kerioto enable a system-level repo controlled by us12:33
merlin1991kerio: damn, I went the long road to double check it :D12:33
jonwilWhat would go in this new system-level repo?12:34
keriojonwil: something to tell people "hey, there's cssu if you want more updates"12:34
jonwilok12:34
kerioand security updates12:34
jonwilso security updates as in the recent changes to maemo-security-certificates-* or whatever?12:34
jonwilAnything else we have (e.g. in CSSU) that would count as a security update?12:35
keriowhatever we'll need in the future, too12:35
kerioyep12:35
merlin1991jonwil: a plentora of library upgrades because of known cves12:35
jonwilOne of these days I want to see someone update Gecko in microb to pick up x number of years worth of security improvements12:36
kerioto be fair, we could make it easier and just enable cssu-stable on people12:36
ivgalvezI would bet for that12:37
merlin1991freemangordon and romaxa have been workign on microb lately12:37
ivgalvezinstead of yet another CSSU flavour12:37
jonwilDo we have any clue if Nokia would even allow this community-repo idea? Or is that something else still under discussion?12:37
jonwilgreat if someone is working on microb12:38
ivgalvezthey are willing to transfer all support for devices so probably yes12:38
ivgalvezfrom a technical POV they are alligned with us12:38
merlin1991from the top of my head we have a newer libxml, openssl, libcurl, pango and even some patches to the microb-engine12:38
ivgalvezthe problem is with legal department around IP12:38
jonwilWhy are they more wary regarding Harmattan?12:39
ivgalvezthat one of the reasons why they asked us to wipe out any reference to Nokia as supporter or maintainer or anything related to warranties from maemo.org12:39
ivgalvezprobably because Harmattan sold a few millions of devices12:40
ivgalvezbut let's accept what they offer now and we will push for more later12:40
ivgalvezthat's the motto12:40
jonwilyeah lets do that12:40
jonwilAre we asking for permission to redistribute the contents of the nokia-binaries SDK repository?12:41
ivgalvezyes12:41
DocScrutinizer05ivgalvez: I request to get into the loop as HiFo technical and admin officer12:41
ivgalvezno problem with me, we are probably having a meeting tomorrow I will propose it12:42
ivgalvezbut you must know that they asked for absolutely confidentiallity12:43
DocScrutinizer05now that's not a problem with me12:43
DocScrutinizer05since I guess that confidentiality is between HiFo at large and Nokia12:43
ivgalvezanyway we are pushing during January with any luck or response12:43
ivgalvezwithout12:43
ivgalvezat least the technical guys contacted me about the gpg keys12:44
jonwilme, I guess the most useful thing I can do here is to go back to working on reverse engineering the GPRS bits (starting with csd-gprs and then moving to libicd-network-gprs and stuff after that)12:44
*** xes has joined #maemo-ssu12:44
*** xes has joined #maemo-ssu12:44
DocScrutinizer05seems Nokia starts to realize they have some responsibility still for their product that they can't simply drop on community's feet12:44
ivgalvezyep12:45
DocScrutinizer05they did an awesome job to gain full control over their stuff, now thei're locked in their own prison, so to say12:46
DocScrutinizer05and then they dropped the key and lost it, literally ;-P12:47
ivgalvezthere should be a mess in there right now12:47
ivgalvezlooking all the movements in staff and technical12:48
keriolet's hope they still have the key to the backdoor12:48
kerioaka MaemoSW Admin12:48
ivgalvezor to the toilets :D12:48
ivgalvezDocScrutinizer05 have you talked to rzronline or MAG about the old proposal to create a community repo for Harmattan12:50
ivgalveznow we will be in position to do that12:50
DocScrutinizer05nope, I didn't12:51
DocScrutinizer05ivgalvez: we're also in a good position now to ask Nokia about supporting maemo.org hosting for a bit longer, since it seems they realize they might *need* us12:52
ivgalvezwe should have a proper package manager though12:52
DocScrutinizer05ivgalvez: you noticed quote of Nemein?12:52
keriodoesn't harmattan use yum?12:52
ivgalvezyes, as I told you before we are pending response to our latest emails12:52
ivgalvezI'd like to have a new conference call with the Nokia guys in order to clarify a few things and to insist about that12:53
jonwilI recon Corporate Lawyers need to go on the list of things that should never have been invented :)12:53
ivgalvezDocScrutinizer05: as we suspected, the quote is unnafordable12:54
thedead1440kerio: no its apt... also Harmattan has the same MaemoSW Admin key as Fremantle12:56
keriothedead1440: just that one key?12:56
DocScrutinizer05ivgalvez: it's not exactly unaffordable, it's reasonable and it's scalable12:57
ivgalvezunafordable to our current financial status12:57
thedead1440kerio: nope the repo signing keys are the same and expired also same on 2012-10-0312:57
keriohm12:57
keriowell, here's to hoping that they still have the private key to that key :)12:58
thedead1440but no error about the expiry on Harmattan12:58
thedead1440this means they should have it since its on Harmattan12:58
kerio~seen X-Fade12:59
infobotx-fade is currently on #maemo (7h 20m 20s) #harmattan (7h 20m 20s) #meego (7h 20m 20s) #maemo-ssu (7h 20m 20s), last said: 'ZogG_laptop: ?'.12:59
DocScrutinizer05ivgalvez: (current status) ack13:00
DocScrutinizer05ivgalvez: regarding your question on that gpg mail re flashing a PR1.4: I simply thought it's overly inconventient to most lusers13:01
*** andre__ has quit IRC13:06
*** xes has quit IRC13:07
*** andre__ has joined #maemo-ssu13:21
*** ivgalvez has quit IRC13:25
*** kolp has joined #maemo-ssu13:29
*** Martix_ has joined #maemo-ssu13:38
*** Mihanizat0r has quit IRC13:41
*** Estel_ has joined #maemo-ssu13:58
*** Estel_ has quit IRC13:58
*** Estel_ has joined #maemo-ssu13:58
*** lizardo has joined #maemo-ssu14:11
*** arcean has quit IRC14:23
*** M4rtinK has joined #maemo-ssu15:30
*** freemangordon has joined #maemo-ssu15:39
*** freemangordon has quit IRC15:47
*** Estel_ has quit IRC16:00
*** thedead1440 is now known as thedead1440_16:12
*** jon-kha has joined #maemo-ssu16:12
*** thedead1440_ is now known as thedead144016:12
*** arcean has joined #maemo-ssu16:19
*** Martix_ has quit IRC16:22
*** ShadowX has quit IRC16:38
*** ShadowX has joined #maemo-ssu16:39
*** NIN101 has joined #maemo-ssu16:42
*** jonwil has quit IRC16:53
*** freemangordon has joined #maemo-ssu16:59
*** Martix_ has joined #maemo-ssu17:02
*** joshgillies has quit IRC17:16
*** Lava_Croft has quit IRC17:23
*** Martix_ has quit IRC17:31
*** Martix_ has joined #maemo-ssu17:32
*** toxaris has joined #maemo-ssu17:58
gregoakerio: it seems the "MaemoSW Admin" key is the file /usr/share/keyrings/maemointernal-keyring.gpg, package maemointernal-keyring, and imported by /var/lib/dpkg/info/maemointernal-keyring.postinst18:02
kerioooh, neat18:02
freemangordonyay :)18:02
keriofreemangordon: it doesn't matter, it just eases my mind18:02
freemangordonkerio: so, what is the current status?18:03
keriofreemangordon: same as before18:03
keriowe tell nokia to look for the matching secret key and we hope that they can find it18:03
freemangordonkerio: so a simple resign will do the job?18:04
keriosure, why not?18:04
freemangordongreat18:04
freemangordonwe should ask HiFo to ask Nokia if they agree to push a "cssu-enabler" package18:05
keriohow do you "push" something like that?18:06
freemangordonupgrade xterm for example18:06
freemangordonor some other nokia pre-installed application18:06
keriolike the metapackage18:06
kerio:)18:06
freemangordonno nee of metapackage18:07
kerioyou'd have to push it in a way that makes it uninstallable18:07
freemangordon*need18:07
kerioyes, need18:07
keriobecause xterm won't be updated by HAM by itself18:07
kerioif we're going with that route, we might as well do it with n900-fmtx-enabler18:07
*** dhbiker has quit IRC18:07
freemangordonevery package in user section will do the job aiui18:07
kerioyeah18:07
kerioonce the repo is fixed, we can think of what to do18:08
freemangordonand there are a couple of them.18:08
freemangordonsure18:08
keriothe easiest thing to do would be to decide that cssu-stable is stable enough, and push that18:08
freemangordonkerio: iirc there are some links by default on the desktop18:08
freemangordonyep18:08
kerioespecially considering that "backporting" all the security fixes isn't really a possibility18:09
kerioDocScrutinizer05: yay or nay?18:09
freemangordonbtw (if thedead1440 is right and harm has the same sysadmin key) Nokia has not lost the private18:11
DocScrutinizer05freemangordon: why would HiFo deal with such topic?18:11
keriofreemangordon: it can be a historical relic18:11
keriofreemangordon: the harm repos use the same keys as repository.maemo.org18:11
freemangordonDocScrutinizer05: because aiui they are the ones to talk to Nokia18:11
freemangordonDocScrutinizer05: though it does not really matter who will do it18:12
DocScrutinizer05no they are talking to Nokia LAWYERS18:12
freemangordonok18:12
freemangordonthen the council :)18:12
thedead1440freemangordon: you can check it out here: http://pastebin.com/XWCtw0s118:12
keriothedead1440: will the harmattan package manager accept the maemosw key, though?18:13
kerio(and do we care?)18:13
freemangordonoh, it is the same as on fremantle18:13
freemangordonyeah, could be some leagscy :(18:13
freemangordon*legacy18:13
thedead1440kerio: what I'm wondering is why when it has the same expiry date as on fremantle does only fremantle have the expired key issue18:13
keriothedead1440: it's a HAM trust issue18:14
freemangordonthedead1440: that key has not expired18:14
keriothe repos *are* updated correctly18:14
thedead1440freemangordon: it has: expired: 2012-10-0318:14
kerioHAM just doesn't like that the key is expired, and won't accept updates to system packages from that repo18:14
freemangordonthedead1440: "MaemoSW Admin <admin@maemo.research.nokia.com>"?18:15
freemangordonno, it is not18:15
freemangordonand aiui it never expiers18:15
thedead1440no Nokia repository signing key 4v1 that's the one that is expired on fremantle too18:15
keriothedead1440: which key is used for the repos?18:15
thedead1440all the Nokia repository signing keys are expired on both Harm and Fremantle18:15
freemangordonthedead1440: which key is used for ovi?18:16
*** dhbiker has joined #maemo-ssu18:16
thedead1440freemangordon: not too sure18:16
freemangordoni guess it is either "GenSS (GenSS System)" or "...file distribution..."18:17
thedead1440let me ask Jonni18:18
keriofreemangordon: the fremantle ovi uses the 4v1 key18:19
freemangordonkerio: I asked what harm uses18:20
*** phr3akDom has quit IRC18:23
DocScrutinizer05on HARM there's no HAM18:29
freemangordonsure18:29
thedead1440but even when you apt-get update on Fremantle you get the W: Error while you don't get the same on Harmattan18:29
freemangordon:nod:18:29
keriothedead1440: really?18:30
DocScrutinizer05blame aegis and the black magic it introduces18:30
keriohm, i don't know how to check the contents of a .gpg18:30
thedead1440yes kerio hence I'm banging on the same thing like a broken record18:30
kerioDocScrutinizer05: nah, it's probably just a different key18:30
thedead1440if there is a W: Error in one and not in another it means the server can be tweaked to adjust it, no? Device wouldn't need to have any changes be made then?18:31
thedead1440after all, Harmattan accesses downloads.maemo.nokia.com too for SSU etc so its the same repo18:32
keriothe server can't be tweaked to adjust it18:34
kerioit's not the same repo18:34
*** Lava_Croft has joined #maemo-ssu18:35
thedead1440kerio: fremantle hits downloads.maemo.nokia.com/fremantle while harmattan hits downloads.maemo.nokia.com/harmattan so its just a different branch, isn't it?18:37
kerioit's a different apt repository18:38
keriothere are at least 3 just for fremantle18:38
thedead1440same there are 3 for harmattan too18:38
*** xes has joined #maemo-ssu18:43
*** xes has joined #maemo-ssu18:43
*** ShadowX has quit IRC19:06
*** ShadowX has joined #maemo-ssu19:06
*** BCMM has joined #maemo-ssu19:12
*** arcean has quit IRC19:26
keriodid someone ask nokia if they have that key?19:37
thedead1440freemangordon: GenSS is what is used for the Harmattan keys according to Jonni20:20
thedead1440those Nokia signing keys in Harmattan that are expired are not used anywhere confirmed hence no error message; apologies for the false alarm :S20:27
*** Martix_ has quit IRC20:30
keriowho's actually talking to the nokia meego dudes?20:31
*** Martix_ has joined #maemo-ssu20:32
thedead1440DocScrutinizer05 rec'd the email so i would presume him but he also has told them to join here...20:33
*** jaded has joined #maemo-ssu20:42
*** jaded has joined #maemo-ssu20:42
*** jade has quit IRC20:44
*** arcean has joined #maemo-ssu21:03
*** arcean has quit IRC21:09
*** arcean has joined #maemo-ssu21:23
*** arcean has quit IRC21:37
*** phr3akDom has joined #maemo-ssu21:48
*** phr3akDom has quit IRC21:52
*** arcean has joined #maemo-ssu22:44
*** arcean has quit IRC22:44
*** arcean has joined #maemo-ssu22:44
*** _rd has joined #maemo-ssu22:46
*** arcean has quit IRC22:53
*** arcean has joined #maemo-ssu22:53
*** lizardo has quit IRC22:53
*** NIN101 has quit IRC23:07

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!