IRC log of #maemo-ssu for Sunday, 2015-11-08

« Saturday, 2015-11-07 Index Monday, 2015-11-09 »
*** jonwil has joined #maemo-ssu00:11
*** _rd has quit IRC00:34
*** BCMM has quit IRC01:24
*** xes_ is now known as xes01:33
*** sparetire_ has quit IRC02:09
*** sparetire_ has joined #maemo-ssu02:20
*** futpib has quit IRC02:45
*** jonwil has quit IRC03:17
*** jonwil has joined #maemo-ssu03:17
*** Pali has quit IRC04:05
*** jon_y has quit IRC06:20
*** jon_y has joined #maemo-ssu06:46
*** LauRoman has quit IRC07:28
*** jonwil has quit IRC07:38
*** sparetire_ has quit IRC08:53
*** _rd has joined #maemo-ssu09:04
*** _rd has quit IRC09:22
*** _rd has joined #maemo-ssu09:26
*** jonwil has joined #maemo-ssu09:57
*** _rd has quit IRC11:10
*** _rd has joined #maemo-ssu11:50
*** futpib has joined #maemo-ssu12:16
*** Pali has joined #maemo-ssu13:31
*** _rd has quit IRC13:34
*** _rd has joined #maemo-ssu13:43
*** jonwil has quit IRC14:03
*** _rd has quit IRC14:25
*** _rd has joined #maemo-ssu14:28
keriowhy did we upgrade connui-statusbar-internet?14:36
freemangordondid we?14:50
freemangordonkerio: what is gnutls? any idea why we don;t have it on maemo by default?14:51
kerioi think it's on community-devel14:51
freemangordonFOSS replacement14:51
bencohthe GNU SSL/TLS implementation project?14:52
kerioneat14:52
keriofreemangordon: we don't have it on maemo because we don't need it in the base system i guess14:52
kerio¯\_(ツ)_/¯14:52
freemangordonhmm, but libsoup has ssl (https) disabled because of that14:53
bencohI guess we could build packages with gnutls support where it matters14:53
bencoh(or add a -ssl package like in debian back in the days)14:54
freemangordonlibsoup in SDK repo supports ssl, but it is disabled (because of the missing gnutls)14:54
bencohhmm, looks like gnutls in -extras is quite useless/old14:57
bencoh"TLS 1.0 and SSL 3.0 protocols, without any US-export controlled algorithms"14:57
freemangordonyep, I am going to try to backport the one from wheezy14:58
bencoh:)14:58
freemangordonis that recent enough?14:58
bencohit should at least be maintained14:59
bencohGnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. (wheezy)14:59
bencohshit, that's huge14:59
bencohUncompressed Size: 1,408 k14:59
bencoheven the old one in -extras is ~450k14:59
bencohon wheezy/x86: 772K    /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.415:00
bencoh40K     /usr/lib/x86_64-linux-gnu/libgnutls-extra.so.26.22.415:00
freemangordonhmm, I need libgcrypt as well15:01
freemangordonanyway, /me goes afk for a while15:02
bencohand gmp, and maybe another dep15:02
freemangordonyeah15:03
bencoh(I had to build it on osx recently)15:03
bencohThe Cryptographic library layer, currently supports only libnettle. Older versions of GnuTLS used to support libgcrypt, but it was switched with nettle mainly for performance reasons20 and secondary because it is a simpler library to use. In the future other cryptographic libraries might be supported as well.15:08
keriocan we get a NSS that supports tls 1.2 for microB15:11
kerioi would like that15:11
bencohhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes15:17
bencohNSS 3.20 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.20 shared libraries without recompiling or relinking15:17
bencohmaemo has #define NSS_VERSION  "3.12.6.2" _NSS_ECC_STRING _NSS_CUSTOMIZED15:17
kerioyeah but i bet that the rest of microb needs to know about the new stuff15:18
bencohso in theory it should work15:18
bencohnot necessarily, it depends on how ssl functions were called15:18
bencohwe have to modify every single openssl-depend program because openssl had a fucked up API15:18
bencohlooks like the libnss3 package is shipped with microb-engine in maemo15:20
bencohI hope they didnt do anything silly (like calling private APIs_15:21
bencohokay, it's less fucked up, but we might still have to enable it explicitely15:29
bencohhmmm15:29
bencoh// Now only set SSL/TLS ciphers we knew about at compile time -- security/manager/ssl/src/nsNSSComponent.cpp15:30
bencohLOL15:30
keriostill, microb-engine is open source so maybe we can get away with enabling stuff in a relatively simple way15:42
kerioalso disable the fucking camellia and seed ciphers please15:43
kerio"This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken."15:44
bencohI cant build microb-engine here, so ...15:44
*** _rd has quit IRC15:59
keriofreemangordon did it at some point16:04
*** LauRoman has joined #maemo-ssu16:05
bencohI know, that's why I dont understand why it fails on some cc1 segfault ...16:06
freemangordonbencoh: just make a new SB target and try there16:19
freemangordonalso, mke sure you use SB1, not SB216:19
bencohsb-conf version16:21
bencoh1.0.2616:21
bencohthat part should be good :)16:21
freemangordon:)16:22
freemangordonscratchbox-core 1.0.17 ;)16:23
freemangordon1.0.26 is hathor iirc16:23
bencohhmm, where does that come from?16:24
freemangordonwhich one?16:24
bencohmine comes from .... right, deb http://scratchbox.org/debian/ hathor main16:24
freemangordonexactly16:24
freemangordonbut you need aphophis, not hathor16:24
bencohwhat's wrong with it?16:24
bencohhmmm16:25
bencohthen why is it on wiki?16:25
freemangordonno idea, but anyway this is what I use for all of my builds16:25
freemangordonalso, autobuilder uses the same iirc16:25
freemangordonsee http://scratchbox.org/debian/dists/maemo5-sdk/main/binary-i386/16:26
freemangordonalso, there are no x86 binaries :)16:26
freemangordonso it is a bit tricky to get that installed on 64bit linux16:27
bencohhttps://wiki.maemo.org/Documentation/Maemo_5_Final_SDK_Installation16:27
bencohI'm running x86/32b16:27
freemangordonbencoh: if you check what is in maemo sdk vmware image, you'll see it is aphophis, not hathor16:29
freemangordondon't ask me why it is hathor on that wiki page, I didn't write it :)(16:29
bencohI'll have to try it with http://scratchbox.org/debian/dists/maemo5-sdk/main/binary-i386/ then16:29
freemangordonyes16:30
freemangordonor better -get vmware sdk image16:30
freemangordoni can provide it to you if you wish16:30
*** _rd has joined #maemo-ssu16:35
*** _rd has quit IRC16:45
*** sparetire_ has joined #maemo-ssu16:47
*** _rd has joined #maemo-ssu16:48
*** _rd has quit IRC16:59
*** RedW has quit IRC17:01
*** RedW has joined #maemo-ssu17:05
*** _rd has joined #maemo-ssu19:21
*** NishanthMenon has joined #maemo-ssu19:22
*** LauRoman|Phone has joined #maemo-ssu19:49
*** _rd has quit IRC20:04
*** M4rtinK has joined #maemo-ssu20:08
*** _rd has joined #maemo-ssu20:15
*** BCMM has joined #maemo-ssu20:19
*** BCMM has quit IRC20:46
*** M4rtinK has quit IRC21:12
*** M4rtinK has joined #maemo-ssu21:14
*** _rd has quit IRC21:21
*** _rd has joined #maemo-ssu21:37
*** NishanthMenon has quit IRC21:47
*** jonwil has joined #maemo-ssu22:34
jonwilBencoh: I was able to compile microb-engine (sources from CSSU) just fine the other day and it runs no problems on my N90022:43
bencohjonwil: yeah, the issue is most definitely with my env22:44
jonwilok22:44
bencohlooks like I might be running an incompatible version of sb (hathor vs aphophis)22:44
jonwilit does look like it should be possible to upgrade microb-engine to have newer security though from what I can tell23:22
bencohregarding ssl/tls and newer nss? definitely yes23:23
jonwilyes that23:23
jonwilwe would need to find any local patches or other things Nokia have done to nss though23:23
bencohnot sure we really want to go through that; but ...23:24
bencoh(it's like going through debian patches of openssl - last they tried, they blowed it ;p)23:24
*** futpib has quit IRC23:54
« Saturday, 2015-11-07 Index Monday, 2015-11-09 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!