*** toxaris has quit IRC | 00:00 | |
*** NIN101 has quit IRC | 00:06 | |
*** joshgillies has joined #maemo-ssu | 00:18 | |
*** joshgillies has left #maemo-ssu | 00:19 | |
*** MrPingu has joined #maemo-ssu | 00:27 | |
*** iDont has joined #maemo-ssu | 00:32 | |
*** xes has quit IRC | 00:38 | |
*** iDont has quit IRC | 00:40 | |
*** iDont has joined #maemo-ssu | 00:40 | |
*** _rd has joined #maemo-ssu | 00:43 | |
*** iDont has quit IRC | 00:47 | |
*** MrPingu has quit IRC | 00:50 | |
*** MrPingu has joined #maemo-ssu | 00:51 | |
*** MrPingu has quit IRC | 01:00 | |
*** _rd has quit IRC | 01:07 | |
*** Martix_ has quit IRC | 01:12 | |
*** andre__ has quit IRC | 01:15 | |
*** andre__ has joined #maemo-ssu | 01:31 | |
*** joshgillies has joined #maemo-ssu | 01:36 | |
*** wumpwoas1 has quit IRC | 01:50 | |
*** arcean has quit IRC | 02:10 | |
*** kolp has quit IRC | 02:39 | |
*** X-Fade has quit IRC | 03:20 | |
*** freemangordon has quit IRC | 03:25 | |
*** M4rtinK has quit IRC | 03:34 | |
*** X-Fade has joined #maemo-ssu | 03:57 | |
*** grummund has quit IRC | 04:04 | |
*** X-Fade has quit IRC | 05:17 | |
*** amiconn has quit IRC | 05:27 | |
*** amiconn_ has joined #maemo-ssu | 05:27 | |
*** amiconn_ is now known as amiconn | 05:27 | |
*** X-Fade has joined #maemo-ssu | 05:39 | |
*** DocScrutinizer05 has quit IRC | 06:02 | |
*** DocScrutinizer05 has joined #maemo-ssu | 06:04 | |
*** nox- has quit IRC | 06:19 | |
*** ShadowJK has quit IRC | 06:41 | |
*** ShadowJK has joined #maemo-ssu | 06:43 | |
*** jon_y has quit IRC | 07:14 | |
*** thedead1440 has joined #maemo-ssu | 07:15 | |
*** jon_y has joined #maemo-ssu | 07:15 | |
DocScrutinizer05 | anybody already got my forwarded mail? | 07:15 |
---|---|---|
DocScrutinizer05 | subject "N900 repo GPG key renewal issue" | 07:17 |
thedead1440 | DocScrutinizer05: i received your email | 07:17 |
DocScrutinizer05 | fine :-) | 07:17 |
DocScrutinizer05 | do you think we (community) can help? | 07:18 |
DocScrutinizer05 | in the end we'd help ourselves | 07:18 |
thedead1440 | i think the devs here can have a version of CSSU-Security which adds a Security repo on users N900s and that repo is only used in the event of any security updates. This can be communicated to Nokia's representative and would be a good opportunity to get some further sponsorship from Nokia; it would be a 1-for-1 kind of exchange ;) | 07:19 |
DocScrutinizer05 | also please keep in mind boards most recent call to mention to then everything HiFo needs to ask Nokia for handing control over to HiFo, to allow sustainable maintenance of maemo infra at large | 07:20 |
DocScrutinizer05 | thedead1440: brilliant approach (hehe, I think I know who contributed some aspects ;-D) - I suggest to exploit wiki to draft a concept in cooperation of you experts | 07:21 |
thedead1440 | DocScrutinizer05: you want me to put a "proposal to fix expired keys" page on wiki? I thought you didn't want the email on the ML so that it doesn't spread? Oh and yes your ideas ;) | 07:23 |
DocScrutinizer05 | it's kinda waste of time if all 20 I BCCed would draft their own version of "Repo 101" as an introduction to how repo security works, then append their own idea of options we/Nokia have | 07:23 |
thedead1440 | ok in that case I'll start off a wiki page and everyone can put in their suggestions; ultimately its the developers here who will have to decide | 07:24 |
DocScrutinizer05 | thedead1440: yep, I suggest a wiki page "Repositories: basics of operation, security, current issues, options for solutions" | 07:24 |
thedead1440 | https://wiki.maemo.org/Repositories is unused; maybe this can be the meta page with sub-sections | 07:25 |
DocScrutinizer05 | good idea | 07:25 |
DocScrutinizer05 | start with one long page, split into subpages when needed | 07:25 |
DocScrutinizer05 | thedead1440: please make that wiki.maemo.org/fremantle/Repositories though | 07:27 |
thedead1440 | ok | 07:27 |
DocScrutinizer05 | since e.g. for HARM the situation is quite different afaik | 07:28 |
DocScrutinizer05 | ~seen freemangordon | 07:28 |
infobot | freemangordon <~freemango@130-204-50-168.2074221835.ddns.cablebg.net> was last seen on IRC in channel #maemo, 4h 59m 51s ago, saying: ':nod:'. | 07:28 |
DocScrutinizer05 | ~seen pali | 07:29 |
infobot | pali <~pali@Maemo/community/contributor/Pali> was last seen on IRC in channel #maemo, 1d 18h 33m 53s ago, saying: 'repository Flash?'. | 07:29 |
DocScrutinizer05 | anybody around with thorough expertise regarding repository management that I missed to send the mail to? Please holler | 07:30 |
thedead1440 | DocScrutinizer05: the issue and proposed solution 1 have been added to http://wiki.maemo.org/Fremantle/Repositories ; basics of operations I think someone with better knowledge of things adds | 07:50 |
*** jon-kha has quit IRC | 07:51 | |
*** joshgillies has quit IRC | 08:55 | |
*** freemangordon has joined #maemo-ssu | 09:21 | |
freemangordon | DocScrutinizer05: I think it is Pali who can give the idea on what could be done re GPG key. IIRC he said that in theory that key validity could be extended | 09:25 |
DocScrutinizer05 | freemangordon: that would be best option, if the key validity is on server side and not encoded into key on device | 09:26 |
freemangordon | yep | 09:27 |
freemangordon | afaik so far we were in the same situation with repos on maemo.org, 1-2 years ago | 09:27 |
DocScrutinizer05 | freemangordon: first we need a concise but comprehensive explanation how stuff *works*, on that wiki page. Not even I have a clear idea of how gear works together | 09:27 |
freemangordon | it was nokia to change something to fix it | 09:28 |
freemangordon | me neither :D | 09:28 |
* DocScrutinizer05 hopes for pali and merlin1991 and woody to step up and contribute a "repo for dummies" | 09:28 | |
DocScrutinizer05 | also X-Fade and javispedro, though I'm woefully missing the latter since months | 09:29 |
DocScrutinizer05 | actually missing both | 09:29 |
*** jonwil has joined #maemo-ssu | 09:30 | |
DocScrutinizer05 | anyway please proactively further discussion and ping those who might have knowledge to contribute but possibly even didn't get BCCed on that mail | 09:31 |
*** sunkan has joined #maemo-ssu | 09:31 | |
freemangordon | hmm, gregoa is our debian expert afaik, he might have some idea :) | 09:32 |
DocScrutinizer05 | we can demonstrate to Nokia we're worth it here ;-D | 09:32 |
freemangordon | are we? :D:D:D | 09:32 |
* jonwil reads logs to find out whats being discussed :) | 09:33 | |
DocScrutinizer05 | so please keep the discussion floating | 09:33 |
freemangordon | jonwil: Nokia needs our help to replace the expired apt key | 09:33 |
freemangordon | DocScrutinizer05: correct? | 09:34 |
DocScrutinizer05 | kinda, aiui | 09:34 |
DocScrutinizer05 | freemangordon: will you fw the mail to whomever it may concern please? | 09:37 |
jonwil | I intend to get back to looking at the N900 GPRS stuff soon btw (I was in the middle of reverse engineering csd-gprs when my computer failed suddenly, I only got it back from the repair guy yesterday and now I have to do a backup of important stuff before I move on) | 09:37 |
DocScrutinizer05 | freemangordon: not indiscriminately though | 09:38 |
DocScrutinizer05 | ;-) | 09:38 |
freemangordon | DocScrutinizer05: I can't think of anyone outside the guys here who can help | 09:38 |
DocScrutinizer05 | I'd like to stay PC here | 09:38 |
*** povbot_ has joined #maemo-ssu | 09:41 | |
*** ChanServ sets mode: +v povbot_ | 09:41 | |
kerio | and/or the files in /usr/share/HAM/keys | 09:42 |
DocScrutinizer05 | omfg | 09:42 |
DocScrutinizer05 | povbot spawns | 09:42 |
*** Mihanizat0r has joined #maemo-ssu | 09:42 | |
*** povbot has quit IRC | 09:43 | |
kerio | i asked a dude in #gnupg about modifying the expiration date without having the secret key | 09:43 |
kerio | he said no, unless [condition] | 09:43 |
kerio | and then we checked, and [condition] is false in our case | 09:43 |
kerio | just get nokia to sign the Release file with a different key | 09:44 |
kerio | possibly the maemo.org one | 09:44 |
DocScrutinizer05 | in 'our' case nokia is in posession of the secret key | 09:44 |
freemangordon | kerio: you're missing that Nokia is willing to help ;) | 09:44 |
kerio | or maemosw admin | 09:45 |
DocScrutinizer05 | no, *we* are willing to help Nokia | 09:45 |
kerio | DocScrutinizer05: you'd still have to push the key somehow | 09:45 |
freemangordon | DocScrutinizer05: either ways | 09:45 |
kerio | but to push the key you need a working HAM | 09:45 |
kerio | and that's just false, for devices that don't know about cssu | 09:45 |
kerio | the MaemoSW Admin key doesn't expire | 09:45 |
freemangordon | kerio: you suggest Nokia to push PR1.4? | 09:46 |
jonwil | more like 1.3.2 :) | 09:46 |
freemangordon | I don;t think there is enough expertise left for that | 09:47 |
DocScrutinizer05 | none of that will fly, via SSU | 09:47 |
DocScrutinizer05 | please first get stuff sorted in *detail* how repo, key, HAM, apt works | 09:48 |
DocScrutinizer05 | place a concise but correct explanation of normal operation on wiki page | 09:48 |
DocScrutinizer05 | then analyze the problem we're facing | 09:48 |
DocScrutinizer05 | put that analysis there as well | 09:49 |
DocScrutinizer05 | based on that we can check what are our options | 09:49 |
DocScrutinizer05 | basically the analysis is as ashort as "on point 7 of above explanation of normal operation we run into error 'key expired'" | 09:51 |
DocScrutinizer05 | "since point 3 and point 8 we can't do anything about it on server/repo side" or similar | 09:52 |
kerio | is nokia willing to issue like *two* commands? | 09:53 |
kerio | they just need to use a different key for the repo | 09:53 |
kerio | a key that's already on the devices | 09:53 |
kerio | aka one of those in apt-key list | 09:53 |
freemangordon | kerio: you mean to resign the packages with i.e. maemo.org key? | 09:54 |
kerio | server-side change, nothing to do on the devices themselves | 09:54 |
kerio | freemangordon: the packages aren't signed | 09:54 |
kerio | the Release file is signed, and the Release has the md5sum of the Packages* files | 09:54 |
freemangordon | ok | 09:54 |
kerio | and those have the md5sums of every deb, tarball and dsc | 09:54 |
freemangordon | ok,ok | 09:54 |
DocScrutinizer05 | freemangordon: you forwarded mail to kerio and gregoa? | 09:55 |
jonwil | so all they need to do is to re-sign the Release file in their repos with a key that works? | 09:55 |
kerio | yep | 09:55 |
freemangordon | DocScrutinizer05: no, I don;t have their mails | 09:55 |
kerio | it has to be a key that we (the n900s) already know of | 09:55 |
jonwil | is there a key that's on the N900s that hasn't expired? | 09:55 |
kerio | jonwil: plenty :) | 09:55 |
jonwil | ok, great | 09:55 |
jonwil | in that case it seems like the problem is simple assuming Nokia still has the private half of a suitable key | 09:56 |
freemangordon | kerio: forwarded | 09:56 |
kerio | jonwil: yep | 09:56 |
kerio | merlin1991: do you have the private key of 2E6D6F9A, "maemo.org community repositories (fremantle) <repositories@maemo.org>"? | 09:57 |
freemangordon | kerio: doesn't key contains for which server it was issued for? | 09:57 |
kerio | freemangordon: no, keys are just gpg keys | 09:57 |
freemangordon | ok | 09:57 |
kerio | oh right, there's maybe another issue | 09:57 |
kerio | HAM has to be happy of the key | 09:57 |
kerio | so it has to be one of the keys listed under nokia-system in ham/domains/variant-domains.xexp | 09:58 |
jonwil | is there a key in that list that isn't expired? | 09:58 |
kerio | "MaemoSW Admin <admin@maemo.research.nokia.com>" | 09:58 |
freemangordon | yep | 09:59 |
kerio | crap, that's the only one, hopefully nokia still has that one | 09:59 |
DocScrutinizer05 | ok guys ( thedead1440), I can't be the driving force behind this since my plate is filled with 'other stuff of minor importance ;-P', so are you able to sustain this discussion on your own? | 09:59 |
freemangordon | kerio: what about maemo repos key? | 10:01 |
thedead1440 | DocScrutinizer05: me for? I'm reading the backscroll :D | 10:01 |
DocScrutinizer05 | thedead1440: you mentioned jonni | 10:01 |
kerio | freemangordon: those aren't listed in the nokia-system/nokia-certified domain | 10:02 |
thedead1440 | DocScrutinizer05: ah ok I'll speak to him | 10:02 |
DocScrutinizer05 | please invite him and fw mail if you think so | 10:02 |
kerio | it *shouldn't* matter, mind you, because you'll never upgrade to a package from those repositories anyway | 10:02 |
kerio | but i'm not sure | 10:02 |
thedead1440 | ok DocScrutinizer05 I'll speak to him and ask him if he would like to come here and share his view | 10:03 |
kerio | aiui, domain information in HAM prevents the upgrade to a package from a higher domain to a lower domain | 10:03 |
kerio | but i'm not sure if that information is stored across uninstalls, probably yes | 10:03 |
DocScrutinizer05 | fine, I'm out of the loop since other pressing affairs like finding a new sponsor for my bagels | 10:04 |
thedead1440 | haha | 10:04 |
DocScrutinizer05 | oooh, and that negligible issue of maemo migration | 10:04 |
thedead1440 | negligible? i thought it was on auto-pilot :D | 10:04 |
DocScrutinizer05 | HAHAHAHA | 10:05 |
DocScrutinizer05 | only one on auto-pilot is Murphy, as usual | 10:05 |
thedead1440 | :D | 10:05 |
kerio | ah crap, maemosw isn't actually on devices | 10:06 |
kerio | why did i have it? :s | 10:06 |
kerio | we might be actually screwed | 10:06 |
freemangordon | kerio: what? | 10:06 |
DocScrutinizer05 | he even resort to giving me unbearable tooth-ache | 10:06 |
freemangordon | you mean it is listed, but not present? | 10:06 |
kerio | i just deleted all the keys in apt and reimported the .gpg file from nokia | 10:06 |
kerio | it's listed in HAM | 10:06 |
kerio | or, rather, the fingerprint is stored in HAM | 10:07 |
thedead1440 | DocScrutinizer05: take some rest | 10:07 |
kerio | so if we got the key on the device, it would work for HAM | 10:07 |
freemangordon | but we don;t have it? | 10:07 |
kerio | freemangordon: sudo apt-key list | 10:07 |
freemangordon | it is listed there | 10:07 |
kerio | :o | 10:07 |
kerio | DocScrutinizer05: we need your vanilla device for a tiny bit | 10:08 |
kerio | `sudo apt-key list` | 10:08 |
DocScrutinizer05 | umm | 10:08 |
freemangordon | pub 1024D/4510B055 2009-03-18 | 10:08 |
freemangordon | uid MaemoSW Admin <admin@maemo.research.nokia.com> | 10:08 |
DocScrutinizer05 | fsck, no rootsh on vanilla device | 10:08 |
kerio | DocScrutinizer05: haven't you got ssh on it? | 10:08 |
jonwil | I have a vanilla no-CSSU-anything device | 10:08 |
jonwil | with ssh on it | 10:08 |
DocScrutinizer05 | neither | 10:08 |
DocScrutinizer05 | which vanilla device has ssh? | 10:09 |
kerio | DocScrutinizer05: why do you have it? :o | 10:09 |
kerio | ok, then we need your slightly less vanilla device | 10:09 |
jonwil | my device has no changes to the phone | 10:09 |
freemangordon | jonwil: try it, please | 10:09 |
kerio | jonwil: `sudo apt-key list` | 10:09 |
kerio | freemangordon: i reckon it's one of those key i recvd from a keyserver manually, but i'm not sure | 10:09 |
kerio | i deleted all the keys and readded variant-keys.gpg | 10:09 |
thedead1440 | apt-key list shows a number of keys expired at the same time as the key Nokia want to replace; so the issue here is more than 1 key? | 10:10 |
freemangordon | kerio: I am sure i didn;t touch gpg keys here | 10:10 |
kerio | thedead1440: do you see a MaemoSW Admin key? | 10:10 |
freemangordon | he is on -thumb :) | 10:10 |
thedead1440 | kerio: pub 1024D/4510B055 2009-03-18 | 10:10 |
thedead1440 | uid MaemoSW Admin <admin@maemo.research.nokia.com> | 10:10 |
thedead1440 | sub 2048g/F18168D7 2009-03-18 | 10:10 |
jonwil | http://pastebin.com/vpxedgjE | 10:10 |
jonwil | Thats the output of apt-key list in SSH | 10:11 |
freemangordon | yep, the key is there | 10:11 |
kerio | weird, a phantom key | 10:11 |
DocScrutinizer05 | http://paste.ubuntu.com/1557762 FWIW | 10:11 |
kerio | how did it *get* there? | 10:11 |
freemangordon | why phantom? | 10:11 |
freemangordon | nokia put it there | 10:11 |
kerio | freemangordon: but where? | 10:11 |
freemangordon | NFC :D | 10:11 |
kerio | just a personal curiosity, mind you | 10:11 |
thedead1440 | why do i have a MaemoSW key and Doc doesn't have it | 10:12 |
kerio | thedead1440: because you can't read | 10:12 |
kerio | ok, so | 10:12 |
thedead1440 | ah scrolling error :D | 10:12 |
jonwil | ok, so does that list I pastebinned help? | 10:12 |
kerio | jonwil: yep | 10:12 |
jonwil | ok, so there is a key on that list we can use? | 10:12 |
jonwil | Assuming Nokia has the private half? | 10:12 |
kerio | it means that nokia MUST sign their Release file with that key | 10:13 |
kerio | yep | 10:13 |
freemangordon | kerio: but, but, if public key is not on the devices? | 10:13 |
kerio | freemangordon: the public key is on the devices | 10:13 |
freemangordon | ok. it was you to ask "where" :P | 10:13 |
kerio | i meant that it's not in the keychains that are shipped in /usr/share/hildon-application-manager/keys | 10:14 |
kerio | usually you ship a file somewhere and apt-key add it in postinst | 10:14 |
jonwil | ok, so we better hope Nokia has the private half of that key | 10:14 |
freemangordon | yep | 10:15 |
DocScrutinizer05 | could we sneak in arbitrary keys from postinst with root perm? | 10:15 |
kerio | DocScrutinizer05: most definetely | 10:16 |
kerio | but you also need to make HAM happy, for it to work properly | 10:16 |
kerio | or enable redpill mode and disable the domain verification | 10:16 |
DocScrutinizer05 | meh | 10:16 |
freemangordon | kerio: no redpill on pr1.3 | 10:16 |
freemangordon | afaik | 10:16 |
kerio | freemangordon: lies | 10:16 |
kerio | you just have to edit ~/.osso/something | 10:16 |
DocScrutinizer05 | DOES redpill mode WORK on stock pr1.2+ HAM? | 10:16 |
jonwil | So basically we are going to ask Nokia to re-sign all the Release files with the MaemoSW Admin key (if they have it) and then everything will magically start working again? | 10:17 |
DocScrutinizer05 | afaik it got completely nuked in PR1.2 | 10:17 |
kerio | jonwil: yep! | 10:17 |
kerio | DocScrutinizer05: i only ever used PR1.2, and i had redpill mode then | 10:17 |
kerio | 1.2+, i mean | 10:18 |
jonwil | Assuming Nokia has that key, it seems like a fairly simple request for them :) | 10:18 |
DocScrutinizer05 | please verfy and confirm | 10:18 |
kerio | jonwil: that also assumes that there's someone in nokia who knows how to operate a terminal | 10:18 |
DocScrutinizer05 | jonwil: basically Nokia is asking us what to do | 10:18 |
freemangordon | :D | 10:18 |
jonwil | ok | 10:18 |
DocScrutinizer05 | so if we're polite and don't ask them to do BS, we will have a smooth cooperation | 10:19 |
kerio | grab this other key, sign these two files, KEEP HOSTING THOSE REPOS FOREVER AND EVER | 10:20 |
DocScrutinizer05 | there might Nokians show up here and join the discussion, please be nice and welcome them. don't bash them as they're not the ones who messed up stuff | 10:20 |
kerio | the weird thing is, it's probably a lot more reasonable than asking for permission to rehost | 10:20 |
DocScrutinizer05 | /mode +q kerio | 10:20 |
kerio | DocScrutinizer05: i promise to not curse at elop too much :3 | 10:21 |
freemangordon | kerio: like fhj fhdsfha gfdhghsd dlporew Elop? | 10:22 |
kerio | not the lovecraftian curse | 10:22 |
DocScrutinizer05 | kerio: you seem pretty savvy about how stuff in repo signing works, could you write up a short but precise description of the "normal case" on http://wiki.maemo.org/Fremantle/Repositories#Basics_of_Operations please | 10:52 |
DocScrutinizer05 | sth so a noob like me is able to grok it | 10:53 |
kerio | i would, if the wiki loaded | 10:53 |
DocScrutinizer05 | ummm | 10:53 |
kerio | damn, static. is sloooooooooow | 10:53 |
DocScrutinizer05 | a tad slow but basically flawless here | 10:53 |
DocScrutinizer05 | yeah, actually right now it's extremely slow | 10:55 |
DocScrutinizer05 | so better keep a copy of your edits in copy buffer when hitting "save" | 10:56 |
DocScrutinizer05 | kerio: many thanks | 10:56 |
kerio | it's ok, i was actively looking for something to do instead of studying | 10:56 |
kerio | DocScrutinizer05: i don't know what to write D: | 11:00 |
DocScrutinizer05 | start at beginning ;-D | 11:01 |
freemangordon | kerio: express yourself :P | 11:01 |
DocScrutinizer05 | "once there been a virgin OS, with a signing key shipped on it..." | 11:01 |
freemangordon | "but a bad wizard came and ..." | 11:02 |
DocScrutinizer05 | "when user start HAM, it does <foo< <bar> and for that it goes to that signing key... bla bla bla" | 11:02 |
freemangordon | s/wizard/dragon/ | 11:02 |
infobot | freemangordon meant: "but a bad dragon came and ..." | 11:02 |
kerio | DocScrutinizer05: does your vanilla HAM at least "refresh" the repos correctly? | 11:09 |
DocScrutinizer05 | kerio: right now I doubt anything vanilla does work | 11:14 |
DocScrutinizer05 | aah wait, you meant Nokia repos | 11:14 |
kerio | yep | 11:15 |
kerio | so disable extras and do a refresh | 11:15 |
*** joshgillies has joined #maemo-ssu | 11:15 | |
kerio | hold on now, why do we have a problem again? | 11:19 |
kerio | cssu ships his own packages | 11:19 |
kerio | do we want nokia to ship something to notify people of CSSU? | 11:20 |
freemangordon | deffinitely | 11:21 |
kerio | DocScrutinizer05: done | 11:30 |
*** ivgalvez has joined #maemo-ssu | 11:34 | |
kerio | DocScrutinizer05: i split my explanation in two, half in Basics of Operations and half in Issue 1 | 11:34 |
DocScrutinizer05 | kerio: I get error "DNS server returned answer without data" for "Nokia SSU" and "Nokia apps" here | 11:35 |
kerio | ...wat | 11:35 |
kerio | the fuck does that mean? | 11:36 |
kerio | DocScrutinizer05: iirc HAM has a "log" | 11:36 |
DocScrutinizer05 | could not resolve host: downloads.maemo.nokia.com (DNS server returned answer with no data) | 11:38 |
kerio | DocScrutinizer05: connection? | 11:38 |
DocScrutinizer05 | meh, wlan fscked | 11:39 |
kerio | lol | 11:39 |
DocScrutinizer05 | that looks more like it now | 11:41 |
DocScrutinizer05 | or not, seems stalled | 11:43 |
DocScrutinizer05 | aaah | 11:43 |
DocScrutinizer05 | failed catalogs: maemo.org (no surprise) | 11:43 |
kerio | mr0 and apps update correctly, right? then my analysis is correct | 11:44 |
DocScrutinizer05 | however no updates available (20.2010.36.2-2.203.1) | 11:44 |
kerio | is this a pr1.3 or a pr1.3.1 device? | 11:45 |
DocScrutinizer05 | ^^^ | 11:45 |
kerio | yeah, you're missing 1.3.1 | 11:45 |
kerio | my analysis is *awesome* :D | 11:45 |
kerio | DocScrutinizer05: open a terminal, `apt-cache mp-fremantle-generic-pr` | 11:45 |
DocScrutinizer05 | haha, missing root to do that | 11:46 |
kerio | just do what i tell you to do | 11:46 |
kerio | i am aware that you have no root access :) | 11:46 |
DocScrutinizer05 | you're also aware that this looks like 'syntax error'? | 11:46 |
kerio | ...ok, now `apt-cache policy mp-fremantle-generic-pr` | 11:47 |
kerio | the candidate should be 21.2011.38-1 | 11:47 |
kerio | and the installed should be less than that | 11:47 |
DocScrutinizer05 | unable to locate pkg | 11:47 |
DocScrutinizer05 | spellchecking... | 11:47 |
kerio | well, maybe you don't have generic, you have a localized one | 11:48 |
kerio | but why would you not flash Global, anyway? | 11:48 |
DocScrutinizer05 | because that's a *virgin* device | 11:48 |
kerio | ...is it still pr1.3? | 11:48 |
DocScrutinizer05 | however no updates available (20.2010.36.2-2.203.1) | 11:49 |
kerio | DocScrutinizer05: dpkg -l | grep mp-fremantle- | 11:49 |
DocScrutinizer05 | second time it booted here | 11:49 |
kerio | you haven't even reflashed it yet? | 11:50 |
DocScrutinizer05 | nope | 11:50 |
DocScrutinizer05 | mp-fremantle-203-pr | 11:51 |
DocScrutinizer05 | surprise surprise | 11:51 |
kerio | DocScrutinizer05: ok, apt-cache policy mp-fremantle-203-pr | 11:52 |
kerio | what's 203? | 11:52 |
kerio | like, which nation? | 11:52 |
DocScrutinizer05 | nfc | 11:52 |
merlin1991 | oh god, they have no plan whatsoever | 11:52 |
kerio | merlin1991: who? | 11:52 |
* merlin1991 just read the mail | 11:52 | |
kerio | :D | 11:52 |
DocScrutinizer05 | candidate 21.2011.38-1.203.1 | 11:52 |
kerio | it's good | 11:52 |
kerio | that means that we can supply our own plan | 11:52 |
kerio | DocScrutinizer05: my analysis *is* correct | 11:53 |
kerio | ^_^ | 11:53 |
DocScrutinizer05 | good | 11:53 |
merlin1991 | DocScrutinizer05: did you email Pali? | 11:53 |
kerio | HAM updates correctly, but doesn't give a fuck | 11:53 |
DocScrutinizer05 | it better is, or we'll find you... ;-P | 11:53 |
merlin1991 | he's the one who read the important ham code bits, I just talk out of my arse based on what I've experienced playing with the system | 11:53 |
DocScrutinizer05 | sure, he already answered awesome elaborate mail | 11:54 |
merlin1991 | can you forward that to me too? (I'm interested in the details aswell :D) | 11:54 |
DocScrutinizer05 | wonder where he is | 11:54 |
DocScrutinizer05 | merlin1991: first 2 letters of your mail pls | 11:56 |
merlin1991 | starts with my full name seperated by dot ;) | 11:56 |
merlin1991 | also ch | 11:56 |
kerio | merlin.nineteenninetyone | 11:57 |
merlin1991 | kerio: :D | 11:57 |
*** Guest44961 has joined #maemo-ssu | 11:58 | |
*** Guest44961 is now known as phr3akDom | 11:59 | |
DocScrutinizer05 | GOD, dafaq, seems Nemein playing with bottleneck again | 12:00 |
DocScrutinizer05 | hmm, no, tmo is lightning fast | 12:01 |
DocScrutinizer05 | wiki though refuses connection | 12:01 |
merlin1991 | DocScrutinizer05: you hit the old address seperated by _ not . ;) | 12:01 |
DocScrutinizer05 | phoooooh, once it connects it works like.... | 12:02 |
*** ruskie has quit IRC | 12:03 | |
*** Estel_ has joined #maemo-ssu | 12:03 | |
*** Estel_ has quit IRC | 12:03 | |
*** Estel_ has joined #maemo-ssu | 12:03 | |
*** Estel_ is now known as djghdsjhnfdsi | 12:04 | |
*** djghdsjhnfdsi is now known as Estel_ | 12:05 | |
*** freemangordon has quit IRC | 12:12 | |
*** Estel_ has quit IRC | 12:14 | |
jonwil | ok, so do we have a plan to keep the Nokia device repos going in the long term or not? | 12:16 |
jonwil | or is it still to-do? | 12:17 |
DocScrutinizer05 | jonwil: for now it seems downloads.maemo.nokia.com is not getting transferred to HiFo, nor planned to get scrapped | 12:24 |
DocScrutinizer05 | jonwil: so what do you mean by "we got a plan"? | 12:24 |
jonwil | ok, so the plan is for that repo to keep working and keep being hosted by Nokia and for the key issue to be sorted | 12:24 |
jonwil | but for no further changes to that repo to be made (i.e. no future security updates) | 12:25 |
ivgalvez | a list of repositories hosted at Nokia have been forwarded to Nokia representatives | 12:26 |
ivgalvez | and we have asked them to provide the HiFo the right to redistribute the binaries hosted on those repositories | 12:26 |
*** ruskie has joined #maemo-ssu | 12:27 | |
ivgalvez | however is very unlikely that they can give us that permission unless we examine all the content in a per package basis | 12:27 |
jonwil | yeah I suspect there are 3rd party packages there that Nokia cant legally allow HiFo to redistribute | 12:28 |
jonwil | like say Flash | 12:28 |
jonwil | or say Facebook | 12:28 |
ivgalvez | as for 3rd party binaries will be more difficult to obtain that permission | 12:28 |
ivgalvez | yes | 12:28 |
ivgalvez | or worse: TI drivers | 12:28 |
ivgalvez | but we are still negotiating that, and it could take a while, with their legal department | 12:28 |
ivgalvez | in the meantuime we have asked them not to shut down downloads | 12:29 |
jonwil | ok | 12:29 |
ivgalvez | they are also more reluctant with Harmattan stuff | 12:29 |
merlin1991 | kerio: who found out that the maemo sw key is still valid, and also linked to the ssu repo domain? (btw nice find :D) | 12:30 |
kerio | i found that today, but iirc i also knew that from the past | 12:32 |
*** arcean has joined #maemo-ssu | 12:32 | |
kerio | it's not a nice find, it's a combination of less and apt-key list | 12:32 |
merlin1991 | and a bit of gpg unless you can magically build fingerprints in your head :D | 12:33 |
kerio | merlin1991: apt-key finger | 12:33 |
kerio | jonwil: aiui we plan on shipping a single update there | 12:33 |
kerio | to enable a system-level repo controlled by us | 12:33 |
merlin1991 | kerio: damn, I went the long road to double check it :D | 12:33 |
jonwil | What would go in this new system-level repo? | 12:34 |
kerio | jonwil: something to tell people "hey, there's cssu if you want more updates" | 12:34 |
jonwil | ok | 12:34 |
kerio | and security updates | 12:34 |
jonwil | so security updates as in the recent changes to maemo-security-certificates-* or whatever? | 12:34 |
jonwil | Anything else we have (e.g. in CSSU) that would count as a security update? | 12:35 |
kerio | whatever we'll need in the future, too | 12:35 |
kerio | yep | 12:35 |
merlin1991 | jonwil: a plentora of library upgrades because of known cves | 12:35 |
jonwil | One of these days I want to see someone update Gecko in microb to pick up x number of years worth of security improvements | 12:36 |
kerio | to be fair, we could make it easier and just enable cssu-stable on people | 12:36 |
ivgalvez | I would bet for that | 12:37 |
merlin1991 | freemangordon and romaxa have been workign on microb lately | 12:37 |
ivgalvez | instead of yet another CSSU flavour | 12:37 |
jonwil | Do we have any clue if Nokia would even allow this community-repo idea? Or is that something else still under discussion? | 12:37 |
jonwil | great if someone is working on microb | 12:38 |
ivgalvez | they are willing to transfer all support for devices so probably yes | 12:38 |
ivgalvez | from a technical POV they are alligned with us | 12:38 |
merlin1991 | from the top of my head we have a newer libxml, openssl, libcurl, pango and even some patches to the microb-engine | 12:38 |
ivgalvez | the problem is with legal department around IP | 12:38 |
jonwil | Why are they more wary regarding Harmattan? | 12:39 |
ivgalvez | that one of the reasons why they asked us to wipe out any reference to Nokia as supporter or maintainer or anything related to warranties from maemo.org | 12:39 |
ivgalvez | probably because Harmattan sold a few millions of devices | 12:40 |
ivgalvez | but let's accept what they offer now and we will push for more later | 12:40 |
ivgalvez | that's the motto | 12:40 |
jonwil | yeah lets do that | 12:40 |
jonwil | Are we asking for permission to redistribute the contents of the nokia-binaries SDK repository? | 12:41 |
ivgalvez | yes | 12:41 |
DocScrutinizer05 | ivgalvez: I request to get into the loop as HiFo technical and admin officer | 12:41 |
ivgalvez | no problem with me, we are probably having a meeting tomorrow I will propose it | 12:42 |
ivgalvez | but you must know that they asked for absolutely confidentiallity | 12:43 |
DocScrutinizer05 | now that's not a problem with me | 12:43 |
DocScrutinizer05 | since I guess that confidentiality is between HiFo at large and Nokia | 12:43 |
ivgalvez | anyway we are pushing during January with any luck or response | 12:43 |
ivgalvez | without | 12:43 |
ivgalvez | at least the technical guys contacted me about the gpg keys | 12:44 |
jonwil | me, I guess the most useful thing I can do here is to go back to working on reverse engineering the GPRS bits (starting with csd-gprs and then moving to libicd-network-gprs and stuff after that) | 12:44 |
*** xes has joined #maemo-ssu | 12:44 | |
*** xes has joined #maemo-ssu | 12:44 | |
DocScrutinizer05 | seems Nokia starts to realize they have some responsibility still for their product that they can't simply drop on community's feet | 12:44 |
ivgalvez | yep | 12:45 |
DocScrutinizer05 | they did an awesome job to gain full control over their stuff, now thei're locked in their own prison, so to say | 12:46 |
DocScrutinizer05 | and then they dropped the key and lost it, literally ;-P | 12:47 |
ivgalvez | there should be a mess in there right now | 12:47 |
ivgalvez | looking all the movements in staff and technical | 12:48 |
kerio | let's hope they still have the key to the backdoor | 12:48 |
kerio | aka MaemoSW Admin | 12:48 |
ivgalvez | or to the toilets :D | 12:48 |
ivgalvez | DocScrutinizer05 have you talked to rzronline or MAG about the old proposal to create a community repo for Harmattan | 12:50 |
ivgalvez | now we will be in position to do that | 12:50 |
DocScrutinizer05 | nope, I didn't | 12:51 |
DocScrutinizer05 | ivgalvez: we're also in a good position now to ask Nokia about supporting maemo.org hosting for a bit longer, since it seems they realize they might *need* us | 12:52 |
ivgalvez | we should have a proper package manager though | 12:52 |
DocScrutinizer05 | ivgalvez: you noticed quote of Nemein? | 12:52 |
kerio | doesn't harmattan use yum? | 12:52 |
ivgalvez | yes, as I told you before we are pending response to our latest emails | 12:52 |
ivgalvez | I'd like to have a new conference call with the Nokia guys in order to clarify a few things and to insist about that | 12:53 |
jonwil | I recon Corporate Lawyers need to go on the list of things that should never have been invented :) | 12:53 |
ivgalvez | DocScrutinizer05: as we suspected, the quote is unnafordable | 12:54 |
thedead1440 | kerio: no its apt... also Harmattan has the same MaemoSW Admin key as Fremantle | 12:56 |
kerio | thedead1440: just that one key? | 12:56 |
DocScrutinizer05 | ivgalvez: it's not exactly unaffordable, it's reasonable and it's scalable | 12:57 |
ivgalvez | unafordable to our current financial status | 12:57 |
thedead1440 | kerio: nope the repo signing keys are the same and expired also same on 2012-10-03 | 12:57 |
kerio | hm | 12:57 |
kerio | well, here's to hoping that they still have the private key to that key :) | 12:58 |
thedead1440 | but no error about the expiry on Harmattan | 12:58 |
thedead1440 | this means they should have it since its on Harmattan | 12:58 |
kerio | ~seen X-Fade | 12:59 |
infobot | x-fade is currently on #maemo (7h 20m 20s) #harmattan (7h 20m 20s) #meego (7h 20m 20s) #maemo-ssu (7h 20m 20s), last said: 'ZogG_laptop: ?'. | 12:59 |
DocScrutinizer05 | ivgalvez: (current status) ack | 13:00 |
DocScrutinizer05 | ivgalvez: regarding your question on that gpg mail re flashing a PR1.4: I simply thought it's overly inconventient to most lusers | 13:01 |
*** andre__ has quit IRC | 13:06 | |
*** xes has quit IRC | 13:07 | |
*** andre__ has joined #maemo-ssu | 13:21 | |
*** ivgalvez has quit IRC | 13:25 | |
*** kolp has joined #maemo-ssu | 13:29 | |
*** Martix_ has joined #maemo-ssu | 13:38 | |
*** Mihanizat0r has quit IRC | 13:41 | |
*** Estel_ has joined #maemo-ssu | 13:58 | |
*** Estel_ has quit IRC | 13:58 | |
*** Estel_ has joined #maemo-ssu | 13:58 | |
*** lizardo has joined #maemo-ssu | 14:11 | |
*** arcean has quit IRC | 14:23 | |
*** M4rtinK has joined #maemo-ssu | 15:30 | |
*** freemangordon has joined #maemo-ssu | 15:39 | |
*** freemangordon has quit IRC | 15:47 | |
*** Estel_ has quit IRC | 16:00 | |
*** thedead1440 is now known as thedead1440_ | 16:12 | |
*** jon-kha has joined #maemo-ssu | 16:12 | |
*** thedead1440_ is now known as thedead1440 | 16:12 | |
*** arcean has joined #maemo-ssu | 16:19 | |
*** Martix_ has quit IRC | 16:22 | |
*** ShadowX has quit IRC | 16:38 | |
*** ShadowX has joined #maemo-ssu | 16:39 | |
*** NIN101 has joined #maemo-ssu | 16:42 | |
*** jonwil has quit IRC | 16:53 | |
*** freemangordon has joined #maemo-ssu | 16:59 | |
*** Martix_ has joined #maemo-ssu | 17:02 | |
*** joshgillies has quit IRC | 17:16 | |
*** Lava_Croft has quit IRC | 17:23 | |
*** Martix_ has quit IRC | 17:31 | |
*** Martix_ has joined #maemo-ssu | 17:32 | |
*** toxaris has joined #maemo-ssu | 17:58 | |
gregoa | kerio: it seems the "MaemoSW Admin" key is the file /usr/share/keyrings/maemointernal-keyring.gpg, package maemointernal-keyring, and imported by /var/lib/dpkg/info/maemointernal-keyring.postinst | 18:02 |
kerio | ooh, neat | 18:02 |
freemangordon | yay :) | 18:02 |
kerio | freemangordon: it doesn't matter, it just eases my mind | 18:02 |
freemangordon | kerio: so, what is the current status? | 18:03 |
kerio | freemangordon: same as before | 18:03 |
kerio | we tell nokia to look for the matching secret key and we hope that they can find it | 18:03 |
freemangordon | kerio: so a simple resign will do the job? | 18:04 |
kerio | sure, why not? | 18:04 |
freemangordon | great | 18:04 |
freemangordon | we should ask HiFo to ask Nokia if they agree to push a "cssu-enabler" package | 18:05 |
kerio | how do you "push" something like that? | 18:06 |
freemangordon | upgrade xterm for example | 18:06 |
freemangordon | or some other nokia pre-installed application | 18:06 |
kerio | like the metapackage | 18:06 |
kerio | :) | 18:06 |
freemangordon | no nee of metapackage | 18:07 |
kerio | you'd have to push it in a way that makes it uninstallable | 18:07 |
freemangordon | *need | 18:07 |
kerio | yes, need | 18:07 |
kerio | because xterm won't be updated by HAM by itself | 18:07 |
kerio | if we're going with that route, we might as well do it with n900-fmtx-enabler | 18:07 |
*** dhbiker has quit IRC | 18:07 | |
freemangordon | every package in user section will do the job aiui | 18:07 |
kerio | yeah | 18:07 |
kerio | once the repo is fixed, we can think of what to do | 18:08 |
freemangordon | and there are a couple of them. | 18:08 |
freemangordon | sure | 18:08 |
kerio | the easiest thing to do would be to decide that cssu-stable is stable enough, and push that | 18:08 |
freemangordon | kerio: iirc there are some links by default on the desktop | 18:08 |
freemangordon | yep | 18:08 |
kerio | especially considering that "backporting" all the security fixes isn't really a possibility | 18:09 |
kerio | DocScrutinizer05: yay or nay? | 18:09 |
freemangordon | btw (if thedead1440 is right and harm has the same sysadmin key) Nokia has not lost the private | 18:11 |
DocScrutinizer05 | freemangordon: why would HiFo deal with such topic? | 18:11 |
kerio | freemangordon: it can be a historical relic | 18:11 |
kerio | freemangordon: the harm repos use the same keys as repository.maemo.org | 18:11 |
freemangordon | DocScrutinizer05: because aiui they are the ones to talk to Nokia | 18:11 |
freemangordon | DocScrutinizer05: though it does not really matter who will do it | 18:12 |
DocScrutinizer05 | no they are talking to Nokia LAWYERS | 18:12 |
freemangordon | ok | 18:12 |
freemangordon | then the council :) | 18:12 |
thedead1440 | freemangordon: you can check it out here: http://pastebin.com/XWCtw0s1 | 18:12 |
kerio | thedead1440: will the harmattan package manager accept the maemosw key, though? | 18:13 |
kerio | (and do we care?) | 18:13 |
freemangordon | oh, it is the same as on fremantle | 18:13 |
freemangordon | yeah, could be some leagscy :( | 18:13 |
freemangordon | *legacy | 18:13 |
thedead1440 | kerio: what I'm wondering is why when it has the same expiry date as on fremantle does only fremantle have the expired key issue | 18:13 |
kerio | thedead1440: it's a HAM trust issue | 18:14 |
freemangordon | thedead1440: that key has not expired | 18:14 |
kerio | the repos *are* updated correctly | 18:14 |
thedead1440 | freemangordon: it has: expired: 2012-10-03 | 18:14 |
kerio | HAM just doesn't like that the key is expired, and won't accept updates to system packages from that repo | 18:14 |
freemangordon | thedead1440: "MaemoSW Admin <admin@maemo.research.nokia.com>"? | 18:15 |
freemangordon | no, it is not | 18:15 |
freemangordon | and aiui it never expiers | 18:15 |
thedead1440 | no Nokia repository signing key 4v1 that's the one that is expired on fremantle too | 18:15 |
kerio | thedead1440: which key is used for the repos? | 18:15 |
thedead1440 | all the Nokia repository signing keys are expired on both Harm and Fremantle | 18:15 |
freemangordon | thedead1440: which key is used for ovi? | 18:16 |
*** dhbiker has joined #maemo-ssu | 18:16 | |
thedead1440 | freemangordon: not too sure | 18:16 |
freemangordon | i guess it is either "GenSS (GenSS System)" or "...file distribution..." | 18:17 |
thedead1440 | let me ask Jonni | 18:18 |
kerio | freemangordon: the fremantle ovi uses the 4v1 key | 18:19 |
freemangordon | kerio: I asked what harm uses | 18:20 |
*** phr3akDom has quit IRC | 18:23 | |
DocScrutinizer05 | on HARM there's no HAM | 18:29 |
freemangordon | sure | 18:29 |
thedead1440 | but even when you apt-get update on Fremantle you get the W: Error while you don't get the same on Harmattan | 18:29 |
freemangordon | :nod: | 18:29 |
kerio | thedead1440: really? | 18:30 |
DocScrutinizer05 | blame aegis and the black magic it introduces | 18:30 |
kerio | hm, i don't know how to check the contents of a .gpg | 18:30 |
thedead1440 | yes kerio hence I'm banging on the same thing like a broken record | 18:30 |
kerio | DocScrutinizer05: nah, it's probably just a different key | 18:30 |
thedead1440 | if there is a W: Error in one and not in another it means the server can be tweaked to adjust it, no? Device wouldn't need to have any changes be made then? | 18:31 |
thedead1440 | after all, Harmattan accesses downloads.maemo.nokia.com too for SSU etc so its the same repo | 18:32 |
kerio | the server can't be tweaked to adjust it | 18:34 |
kerio | it's not the same repo | 18:34 |
*** Lava_Croft has joined #maemo-ssu | 18:35 | |
thedead1440 | kerio: fremantle hits downloads.maemo.nokia.com/fremantle while harmattan hits downloads.maemo.nokia.com/harmattan so its just a different branch, isn't it? | 18:37 |
kerio | it's a different apt repository | 18:38 |
kerio | there are at least 3 just for fremantle | 18:38 |
thedead1440 | same there are 3 for harmattan too | 18:38 |
*** xes has joined #maemo-ssu | 18:43 | |
*** xes has joined #maemo-ssu | 18:43 | |
*** ShadowX has quit IRC | 19:06 | |
*** ShadowX has joined #maemo-ssu | 19:06 | |
*** BCMM has joined #maemo-ssu | 19:12 | |
*** arcean has quit IRC | 19:26 | |
kerio | did someone ask nokia if they have that key? | 19:37 |
thedead1440 | freemangordon: GenSS is what is used for the Harmattan keys according to Jonni | 20:20 |
thedead1440 | those Nokia signing keys in Harmattan that are expired are not used anywhere confirmed hence no error message; apologies for the false alarm :S | 20:27 |
*** Martix_ has quit IRC | 20:30 | |
kerio | who's actually talking to the nokia meego dudes? | 20:31 |
*** Martix_ has joined #maemo-ssu | 20:32 | |
thedead1440 | DocScrutinizer05 rec'd the email so i would presume him but he also has told them to join here... | 20:33 |
*** jaded has joined #maemo-ssu | 20:42 | |
*** jaded has joined #maemo-ssu | 20:42 | |
*** jade has quit IRC | 20:44 | |
*** arcean has joined #maemo-ssu | 21:03 | |
*** arcean has quit IRC | 21:09 | |
*** arcean has joined #maemo-ssu | 21:23 | |
*** arcean has quit IRC | 21:37 | |
*** phr3akDom has joined #maemo-ssu | 21:48 | |
*** phr3akDom has quit IRC | 21:52 | |
*** arcean has joined #maemo-ssu | 22:44 | |
*** arcean has quit IRC | 22:44 | |
*** arcean has joined #maemo-ssu | 22:44 | |
*** _rd has joined #maemo-ssu | 22:46 | |
*** arcean has quit IRC | 22:53 | |
*** arcean has joined #maemo-ssu | 22:53 | |
*** lizardo has quit IRC | 22:53 | |
*** NIN101 has quit IRC | 23:07 |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!