00:20.53 | *** join/#maemo-ssu sparetire_ (~sparetire@unaffiliated/sparetire) |
01:17.26 | *** join/#maemo-ssu jonwil (~jonwil@27-33-80-219.tpgi.com.au) |
04:46.03 | *** join/#maemo-ssu jon_y (~enforcer@2001:e68:4074:56ac:e01f:8e6d:cdca:d0e5) |
07:04.13 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
07:26.14 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
07:57.28 | *** join/#maemo-ssu jonwil (~jonwil@27-33-80-219.tpgi.com.au) |
09:50.19 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
10:16.48 | *** join/#maemo-ssu futpib (~futpib@176.104.194.78) |
11:31.13 | *** join/#maemo-ssu Pali (~pali@Maemo/community/contributor/Pali) |
11:43.17 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
12:28.23 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
12:36.21 | kerio | why did we upgrade connui-statusbar-internet? |
12:50.42 | freemangordon | did we? |
12:51.16 | freemangordon | kerio: what is gnutls? any idea why we don;t have it on maemo by default? |
12:51.33 | kerio | i think it's on community-devel |
12:51.52 | freemangordon | FOSS replacement |
12:52.22 | bencoh | the GNU SSL/TLS implementation project? |
12:52.24 | kerio | neat |
12:52.36 | kerio | freemangordon: we don't have it on maemo because we don't need it in the base system i guess |
12:52.39 | kerio | ¯\_(ã)_/¯ |
12:53.01 | freemangordon | hmm, but libsoup has ssl (https) disabled because of that |
12:53.55 | bencoh | I guess we could build packages with gnutls support where it matters |
12:54.08 | bencoh | (or add a -ssl package like in debian back in the days) |
12:54.36 | freemangordon | libsoup in SDK repo supports ssl, but it is disabled (because of the missing gnutls) |
12:57.34 | bencoh | hmm, looks like gnutls in -extras is quite useless/old |
12:57.53 | bencoh | "TLS 1.0 and SSL 3.0 protocols, without any US-export controlled algorithms" |
12:58.12 | freemangordon | yep, I am going to try to backport the one from wheezy |
12:58.19 | bencoh | :) |
12:58.39 | freemangordon | is that recent enough? |
12:59.03 | bencoh | it should at least be maintained |
12:59.15 | bencoh | GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. (wheezy) |
12:59.39 | bencoh | shit, that's huge |
12:59.43 | bencoh | Uncompressed Size: 1,408 k |
12:59.54 | bencoh | even the old one in -extras is ~450k |
13:00.42 | bencoh | on wheezy/x86: 772K /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.4 |
13:00.44 | bencoh | 40K /usr/lib/x86_64-linux-gnu/libgnutls-extra.so.26.22.4 |
13:01.57 | freemangordon | hmm, I need libgcrypt as well |
13:02.29 | freemangordon | anyway, /me goes afk for a while |
13:02.49 | bencoh | and gmp, and maybe another dep |
13:03.00 | freemangordon | yeah |
13:03.25 | bencoh | (I had to build it on osx recently) |
13:08.43 | bencoh | The Cryptographic library layer, currently supports only libnettle. Older versions of GnuTLS used to support libgcrypt, but it was switched with nettle mainly for performance reasons20 and secondary because it is a simpler library to use. In the future other cryptographic libraries might be supported as well. |
13:11.01 | kerio | can we get a NSS that supports tls 1.2 for microB |
13:11.05 | kerio | i would like that |
13:17.09 | bencoh | https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes |
13:17.31 | bencoh | NSS 3.20 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.20 shared libraries without recompiling or relinking |
13:17.46 | bencoh | maemo has #define NSS_VERSION "3.12.6.2" _NSS_ECC_STRING _NSS_CUSTOMIZED |
13:18.08 | kerio | yeah but i bet that the rest of microb needs to know about the new stuff |
13:18.13 | bencoh | so in theory it should work |
13:18.31 | bencoh | not necessarily, it depends on how ssl functions were called |
13:18.52 | bencoh | we have to modify every single openssl-depend program because openssl had a fucked up API |
13:20.51 | bencoh | looks like the libnss3 package is shipped with microb-engine in maemo |
13:21.14 | bencoh | I hope they didnt do anything silly (like calling private APIs_ |
13:29.21 | bencoh | okay, it's less fucked up, but we might still have to enable it explicitely |
13:29.50 | bencoh | hmmm |
13:30.08 | bencoh | // Now only set SSL/TLS ciphers we knew about at compile time -- security/manager/ssl/src/nsNSSComponent.cpp |
13:30.12 | bencoh | LOL |
13:42.59 | kerio | still, microb-engine is open source so maybe we can get away with enabling stuff in a relatively simple way |
13:43.08 | kerio | also disable the fucking camellia and seed ciphers please |
13:44.14 | kerio | "This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken." |
13:44.35 | bencoh | I cant build microb-engine here, so ... |
14:04.56 | kerio | freemangordon did it at some point |
14:05.32 | *** join/#maemo-ssu LauRoman (~LauRoman@5-14-1-85.residential.rdsnet.ro) |
14:06.03 | bencoh | I know, that's why I dont understand why it fails on some cc1 segfault ... |
14:19.47 | freemangordon | bencoh: just make a new SB target and try there |
14:19.56 | freemangordon | also, mke sure you use SB1, not SB2 |
14:21.52 | bencoh | sb-conf version |
14:21.52 | bencoh | 1.0.26 |
14:22.00 | bencoh | that part should be good :) |
14:22.41 | freemangordon | :) |
14:23.16 | freemangordon | scratchbox-core 1.0.17 ;) |
14:23.31 | freemangordon | 1.0.26 is hathor iirc |
14:24.03 | bencoh | hmm, where does that come from? |
14:24.13 | freemangordon | which one? |
14:24.32 | bencoh | mine comes from .... right, deb http://scratchbox.org/debian/ hathor main |
14:24.44 | freemangordon | exactly |
14:24.55 | freemangordon | but you need aphophis, not hathor |
14:24.57 | bencoh | what's wrong with it? |
14:25.00 | bencoh | hmmm |
14:25.15 | bencoh | then why is it on wiki? |
14:25.35 | freemangordon | no idea, but anyway this is what I use for all of my builds |
14:25.45 | freemangordon | also, autobuilder uses the same iirc |
14:26.12 | freemangordon | see http://scratchbox.org/debian/dists/maemo5-sdk/main/binary-i386/ |
14:26.45 | freemangordon | also, there are no x86 binaries :) |
14:27.07 | freemangordon | so it is a bit tricky to get that installed on 64bit linux |
14:27.12 | bencoh | https://wiki.maemo.org/Documentation/Maemo_5_Final_SDK_Installation |
14:27.32 | bencoh | I'm running x86/32b |
14:29.05 | freemangordon | bencoh: if you check what is in maemo sdk vmware image, you'll see it is aphophis, not hathor |
14:29.27 | freemangordon | don't ask me why it is hathor on that wiki page, I didn't write it :)( |
14:29.59 | bencoh | I'll have to try it with http://scratchbox.org/debian/dists/maemo5-sdk/main/binary-i386/ then |
14:30.18 | freemangordon | yes |
14:30.40 | freemangordon | or better -get vmware sdk image |
14:30.50 | freemangordon | i can provide it to you if you wish |
14:35.32 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
14:47.05 | *** join/#maemo-ssu sparetire_ (~sparetire@unaffiliated/sparetire) |
14:48.15 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
15:05.08 | *** join/#maemo-ssu RedW (~redw@89-76-164-87.dynamic.chello.pl) |
17:21.51 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
17:22.27 | *** join/#maemo-ssu NishanthMenon (nmenon@nat/ti/x-cmbkhzvlfrfugneh) |
17:49.34 | *** join/#maemo-ssu LauRoman|Phone (~yaaic@5-14-1-85.residential.rdsnet.ro) |
18:08.48 | *** join/#maemo-ssu M4rtinK (~M4rtinK@ip-89-177-124-111.net.upcbroadband.cz) |
18:15.11 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
18:19.40 | *** join/#maemo-ssu BCMM (~user@unaffiliated/bcmm) |
19:14.07 | *** join/#maemo-ssu M4rtinK (~M4rtinK@ip-89-177-124-111.net.upcbroadband.cz) |
19:37.06 | *** join/#maemo-ssu _rd (~rd@p5B2C743B.dip0.t-ipconnect.de) |
20:34.05 | *** join/#maemo-ssu jonwil (~jonwil@27-33-80-219.tpgi.com.au) |
20:43.38 | jonwil | Bencoh: I was able to compile microb-engine (sources from CSSU) just fine the other day and it runs no problems on my N900 |
20:44.28 | bencoh | jonwil: yeah, the issue is most definitely with my env |
20:44.35 | jonwil | ok |
20:44.55 | bencoh | looks like I might be running an incompatible version of sb (hathor vs aphophis) |
21:22.41 | jonwil | it does look like it should be possible to upgrade microb-engine to have newer security though from what I can tell |
21:23.18 | bencoh | regarding ssl/tls and newer nss? definitely yes |
21:23.23 | jonwil | yes that |
21:23.45 | jonwil | we would need to find any local patches or other things Nokia have done to nss though |
21:24.21 | bencoh | not sure we really want to go through that; but ... |
21:24.40 | bencoh | (it's like going through debian patches of openssl - last they tried, they blowed it ;p) |
22:51.54 | *** join/#maemo-ssu infobot (ibot@69-58-76-73.ut.vivintwireless.net) |
22:51.54 | *** topic/#maemo-ssu is Maemo Community Seamless Software Update "CSSU" channel, http://wiki.maemo.org/Community_SSU | Known bugs: http://j.mp/communityssu-bugs | Channel logs: http://mg.pov.lt/maemo-ssu-irclog/ | Sources: https://github.com/community-ssu | Latest version: Testing(2015-04-11): 21.2011.38-1Tmaemo11; Stable(2014-09-03): 21.2011.38-1Smaemo7 |
22:51.54 | *** mode/#maemo-ssu [+v infobot] by ChanServ |