*** jonwil has joined #maemo-ssu | 00:11 | |
*** _rd has quit IRC | 00:34 | |
*** BCMM has quit IRC | 01:24 | |
*** xes_ is now known as xes | 01:33 | |
*** sparetire_ has quit IRC | 02:09 | |
*** sparetire_ has joined #maemo-ssu | 02:20 | |
*** futpib has quit IRC | 02:45 | |
*** jonwil has quit IRC | 03:17 | |
*** jonwil has joined #maemo-ssu | 03:17 | |
*** Pali has quit IRC | 04:05 | |
*** jon_y has quit IRC | 06:20 | |
*** jon_y has joined #maemo-ssu | 06:46 | |
*** LauRoman has quit IRC | 07:28 | |
*** jonwil has quit IRC | 07:38 | |
*** sparetire_ has quit IRC | 08:53 | |
*** _rd has joined #maemo-ssu | 09:04 | |
*** _rd has quit IRC | 09:22 | |
*** _rd has joined #maemo-ssu | 09:26 | |
*** jonwil has joined #maemo-ssu | 09:57 | |
*** _rd has quit IRC | 11:10 | |
*** _rd has joined #maemo-ssu | 11:50 | |
*** futpib has joined #maemo-ssu | 12:16 | |
*** Pali has joined #maemo-ssu | 13:31 | |
*** _rd has quit IRC | 13:34 | |
*** _rd has joined #maemo-ssu | 13:43 | |
*** jonwil has quit IRC | 14:03 | |
*** _rd has quit IRC | 14:25 | |
*** _rd has joined #maemo-ssu | 14:28 | |
kerio | why did we upgrade connui-statusbar-internet? | 14:36 |
---|---|---|
freemangordon | did we? | 14:50 |
freemangordon | kerio: what is gnutls? any idea why we don;t have it on maemo by default? | 14:51 |
kerio | i think it's on community-devel | 14:51 |
freemangordon | FOSS replacement | 14:51 |
bencoh | the GNU SSL/TLS implementation project? | 14:52 |
kerio | neat | 14:52 |
kerio | freemangordon: we don't have it on maemo because we don't need it in the base system i guess | 14:52 |
kerio | ¯\_(ツ)_/¯ | 14:52 |
freemangordon | hmm, but libsoup has ssl (https) disabled because of that | 14:53 |
bencoh | I guess we could build packages with gnutls support where it matters | 14:53 |
bencoh | (or add a -ssl package like in debian back in the days) | 14:54 |
freemangordon | libsoup in SDK repo supports ssl, but it is disabled (because of the missing gnutls) | 14:54 |
bencoh | hmm, looks like gnutls in -extras is quite useless/old | 14:57 |
bencoh | "TLS 1.0 and SSL 3.0 protocols, without any US-export controlled algorithms" | 14:57 |
freemangordon | yep, I am going to try to backport the one from wheezy | 14:58 |
bencoh | :) | 14:58 |
freemangordon | is that recent enough? | 14:58 |
bencoh | it should at least be maintained | 14:59 |
bencoh | GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. (wheezy) | 14:59 |
bencoh | shit, that's huge | 14:59 |
bencoh | Uncompressed Size: 1,408 k | 14:59 |
bencoh | even the old one in -extras is ~450k | 14:59 |
bencoh | on wheezy/x86: 772K /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.4 | 15:00 |
bencoh | 40K /usr/lib/x86_64-linux-gnu/libgnutls-extra.so.26.22.4 | 15:00 |
freemangordon | hmm, I need libgcrypt as well | 15:01 |
freemangordon | anyway, /me goes afk for a while | 15:02 |
bencoh | and gmp, and maybe another dep | 15:02 |
freemangordon | yeah | 15:03 |
bencoh | (I had to build it on osx recently) | 15:03 |
bencoh | The Cryptographic library layer, currently supports only libnettle. Older versions of GnuTLS used to support libgcrypt, but it was switched with nettle mainly for performance reasons20 and secondary because it is a simpler library to use. In the future other cryptographic libraries might be supported as well. | 15:08 |
kerio | can we get a NSS that supports tls 1.2 for microB | 15:11 |
kerio | i would like that | 15:11 |
bencoh | https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes | 15:17 |
bencoh | NSS 3.20 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.20 shared libraries without recompiling or relinking | 15:17 |
bencoh | maemo has #define NSS_VERSION "3.12.6.2" _NSS_ECC_STRING _NSS_CUSTOMIZED | 15:17 |
kerio | yeah but i bet that the rest of microb needs to know about the new stuff | 15:18 |
bencoh | so in theory it should work | 15:18 |
bencoh | not necessarily, it depends on how ssl functions were called | 15:18 |
bencoh | we have to modify every single openssl-depend program because openssl had a fucked up API | 15:18 |
bencoh | looks like the libnss3 package is shipped with microb-engine in maemo | 15:20 |
bencoh | I hope they didnt do anything silly (like calling private APIs_ | 15:21 |
bencoh | okay, it's less fucked up, but we might still have to enable it explicitely | 15:29 |
bencoh | hmmm | 15:29 |
bencoh | // Now only set SSL/TLS ciphers we knew about at compile time -- security/manager/ssl/src/nsNSSComponent.cpp | 15:30 |
bencoh | LOL | 15:30 |
kerio | still, microb-engine is open source so maybe we can get away with enabling stuff in a relatively simple way | 15:42 |
kerio | also disable the fucking camellia and seed ciphers please | 15:43 |
kerio | "This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken." | 15:44 |
bencoh | I cant build microb-engine here, so ... | 15:44 |
*** _rd has quit IRC | 15:59 | |
kerio | freemangordon did it at some point | 16:04 |
*** LauRoman has joined #maemo-ssu | 16:05 | |
bencoh | I know, that's why I dont understand why it fails on some cc1 segfault ... | 16:06 |
freemangordon | bencoh: just make a new SB target and try there | 16:19 |
freemangordon | also, mke sure you use SB1, not SB2 | 16:19 |
bencoh | sb-conf version | 16:21 |
bencoh | 1.0.26 | 16:21 |
bencoh | that part should be good :) | 16:21 |
freemangordon | :) | 16:22 |
freemangordon | scratchbox-core 1.0.17 ;) | 16:23 |
freemangordon | 1.0.26 is hathor iirc | 16:23 |
bencoh | hmm, where does that come from? | 16:24 |
freemangordon | which one? | 16:24 |
bencoh | mine comes from .... right, deb http://scratchbox.org/debian/ hathor main | 16:24 |
freemangordon | exactly | 16:24 |
freemangordon | but you need aphophis, not hathor | 16:24 |
bencoh | what's wrong with it? | 16:24 |
bencoh | hmmm | 16:25 |
bencoh | then why is it on wiki? | 16:25 |
freemangordon | no idea, but anyway this is what I use for all of my builds | 16:25 |
freemangordon | also, autobuilder uses the same iirc | 16:25 |
freemangordon | see http://scratchbox.org/debian/dists/maemo5-sdk/main/binary-i386/ | 16:26 |
freemangordon | also, there are no x86 binaries :) | 16:26 |
freemangordon | so it is a bit tricky to get that installed on 64bit linux | 16:27 |
bencoh | https://wiki.maemo.org/Documentation/Maemo_5_Final_SDK_Installation | 16:27 |
bencoh | I'm running x86/32b | 16:27 |
freemangordon | bencoh: if you check what is in maemo sdk vmware image, you'll see it is aphophis, not hathor | 16:29 |
freemangordon | don't ask me why it is hathor on that wiki page, I didn't write it :)( | 16:29 |
bencoh | I'll have to try it with http://scratchbox.org/debian/dists/maemo5-sdk/main/binary-i386/ then | 16:29 |
freemangordon | yes | 16:30 |
freemangordon | or better -get vmware sdk image | 16:30 |
freemangordon | i can provide it to you if you wish | 16:30 |
*** _rd has joined #maemo-ssu | 16:35 | |
*** _rd has quit IRC | 16:45 | |
*** sparetire_ has joined #maemo-ssu | 16:47 | |
*** _rd has joined #maemo-ssu | 16:48 | |
*** _rd has quit IRC | 16:59 | |
*** RedW has quit IRC | 17:01 | |
*** RedW has joined #maemo-ssu | 17:05 | |
*** _rd has joined #maemo-ssu | 19:21 | |
*** NishanthMenon has joined #maemo-ssu | 19:22 | |
*** LauRoman|Phone has joined #maemo-ssu | 19:49 | |
*** _rd has quit IRC | 20:04 | |
*** M4rtinK has joined #maemo-ssu | 20:08 | |
*** _rd has joined #maemo-ssu | 20:15 | |
*** BCMM has joined #maemo-ssu | 20:19 | |
*** BCMM has quit IRC | 20:46 | |
*** M4rtinK has quit IRC | 21:12 | |
*** M4rtinK has joined #maemo-ssu | 21:14 | |
*** _rd has quit IRC | 21:21 | |
*** _rd has joined #maemo-ssu | 21:37 | |
*** NishanthMenon has quit IRC | 21:47 | |
*** jonwil has joined #maemo-ssu | 22:34 | |
jonwil | Bencoh: I was able to compile microb-engine (sources from CSSU) just fine the other day and it runs no problems on my N900 | 22:43 |
bencoh | jonwil: yeah, the issue is most definitely with my env | 22:44 |
jonwil | ok | 22:44 |
bencoh | looks like I might be running an incompatible version of sb (hathor vs aphophis) | 22:44 |
jonwil | it does look like it should be possible to upgrade microb-engine to have newer security though from what I can tell | 23:22 |
bencoh | regarding ssl/tls and newer nss? definitely yes | 23:23 |
jonwil | yes that | 23:23 |
jonwil | we would need to find any local patches or other things Nokia have done to nss though | 23:23 |
bencoh | not sure we really want to go through that; but ... | 23:24 |
bencoh | (it's like going through debian patches of openssl - last they tried, they blowed it ;p) | 23:24 |
*** futpib has quit IRC | 23:54 |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!