#armbian on 2020-06-19 — irc logs at freenode.irclog.whitequark.org

00:15 xecuter has joined #armbian

00:23 xecuter has quit [Remote host closed the connection]

00:24 xecuter has joined #armbian

00:37 ChriChri_ has joined #armbian

00:39 ChriChri has quit [Ping timeout: 256 seconds]

00:39 ChriChri_ is now known as ChriChri

00:39 xecuter has quit [Remote host closed the connection]

00:44 dddddd has quit [Ping timeout: 260 seconds]

00:45 xecuter has joined #armbian

00:56 epsilonKNOT has quit [Ping timeout: 240 seconds]

00:56 epsilonKNOT_ has joined #armbian

01:02 epsilonKNOT_ has quit [Remote host closed the connection]

01:04 epsilonKNOT has joined #armbian

01:09 <lanefu> hi!

01:21 plntyk has quit [Read error: Connection reset by peer]

02:58 Cruft has joined #armbian

03:44 <Werner> Good morning

03:49 sassinak-work has quit [Ping timeout: 244 seconds]

03:50 sassinak-work has joined #armbian

05:50 indy has quit [Ping timeout: 265 seconds]

06:07 kolla has quit [Quit: %fog relay%]

06:07 indy has joined #armbian

06:08 kolla has joined #armbian

06:10 macc24 has joined #armbian

06:16 <IgorPec> good morning

06:50 <Werner> IgorPec, any changes worth mentioning for 20.05.4 besides the initramfs followup?

08:34 <lanefu> IgorPec: for secrets, the sanest solution I've come up with is. Encrypt the gpg and ssh keys with ccrypt and store on host, store the ccrypt keyword in github secrets and then decrypt with ccat at runtime when needed

08:48 <Cruft> ...

09:40 plntyk has joined #armbian

10:50 rdorsch`away is now known as rdorsch

10:56 Cruft has quit [Quit: Leaving]

11:00 rdorsch is now known as rdorsch`away

11:00 rdorsch`away is now known as rdorsch

11:07 dddddd has joined #armbian

11:16 rdorsch is now known as rdorsch`away

11:29 <chewitt> nekomancer[m] it seems moving vrtc to /dev/rtc1 is as simple as setting an alias in dts

12:02 <nekomancer[m]> Nice!

12:04 macc24 has quit [Quit: WeeChat 2.8]

12:12 indy has quit [Read error: Connection reset by peer]

12:15 macc24 has joined #armbian

12:18 indy has joined #armbian

12:29 <ArmbianTwitter> @SwiftPeru (Swift Peru): @LukaszErecinsk1 @thepine64 I've done the same as described in that tutorial, I guess my question was what image are they using for Ubuntu 20.04 (aarch64) with Panfrost? Last time I tried Ubuntu it had no OpenGL support. Also there is an Armbian version and the one on the Wiki. (3s ago)

12:33 chewitt has quit [Quit: Adios!]

12:43 xecuter has quit [Remote host closed the connection]

12:43 xecuter has joined #armbian

13:11 <IgorPec> Werner: on images? Nothing special. Otherwise enabling GH actions but Jiras need to be sorted out.

13:14 <IgorPec> lanefu: ok, better than leaving them in a plain sight. but this will probably brought up some refactoring. if we just decrypt keys at the start, we didn't acieve noting

13:20 <lanefu> IgorPec: idea is the keys are always in encrypted on the filesystem... on decrypted durrign CI session.. adn values are just like empited into environment vars for CI to use

13:21 <IgorPec> so you mean the actual key gets stored to a ENV variable?

13:22 <lanefu> thats' what i was thinking, but i guess that won't really work for ssh-keys and gpg

13:23 <IgorPec> isn't there any known practice for this'

13:25 <lanefu> well so that pattern works for teh more commo CI cases.. which are usually like passwords and etc.. ex: database.. the app just reads it in that way.. but if we're using tools where the secret needs to be exposed on teh fielsystem its a little different

13:26 <lanefu> let me talk to my infosec buddy some more

13:27 <IgorPec> yeah. but in case this script is on push only, people with push access can do something, right?

13:29 <lanefu> right, so only people with master branch access can get access to teh github secret and actually view it

13:29 <lanefu> idea of having the secrets encrypted on the disk of the runners, is to minimize risk there if runner is compromised.....

13:29 <IgorPec> yes, that too. i am just thinking how to get keys down if one wants them

13:30 <IgorPec> or store keys on GH and place them to the runner right before start?

13:31 <lanefu> well then people with access to master have direct access to the keys

13:31 <lanefu> the idea to have the keys locally encrypted on disk, and decryption key in github is to further obfuscate that

13:32 <lanefu> so that only via the actual CI session are teh keys available

13:32 <IgorPec> yeah, this way would probably suffice ... just how to implement

13:33 <lanefu> i've got it mostly figured out.. just need to iron out this last detail

13:34 <IgorPec> ok

13:39 <lanefu> okay.. still waiting on feedback from by buddy.. but here's the missing piece i think.. decrypt files to /dev/shm.... and have traps in bash script for cleanup.... then on normal scenarious and failures, bash removes them, but if the system is restarted or something, files disappear anyway beacuse /dev/shm

13:39 <lanefu> which /dev/shm methoid is a common practice. you'll see k8s and nomad use that for secrets

14:11 <Werner> IgorPec, okay. I think it makes more sense to announce it once it is fully functional. Until then I leave just the initramfs fix for 20.05.4 in the changelog

14:13 <IgorPec> agree

14:17 <Werner> I added IPv4 as option to connect to a bouncer. So for clients it is no longer restricted to IPv6 only.

14:54 gediz539 has quit [Remote host closed the connection]

15:02 IgorPec has quit [Remote host closed the connection]

15:03 drobo_00 has joined #armbian

15:04 IgorPec has joined #armbian

15:09 drobo_00 has quit [Ping timeout: 260 seconds]

15:32 macc24 has quit [*.net *.split]

15:32 sunshavi has quit [*.net *.split]

15:32 JuniorJPDJ has quit [*.net *.split]

15:32 torv has quit [*.net *.split]

15:32 oida has quit [*.net *.split]

15:32 macc24 has joined #armbian

15:32 sunshavi has joined #armbian

15:32 torv has joined #armbian

15:32 oida has joined #armbian

15:33 archetech has joined #armbian

15:36 agates[m] has quit [Ping timeout: 244 seconds]

15:38 solderfumes[m] has quit [Ping timeout: 246 seconds]

15:38 hyperreal has quit [Ping timeout: 246 seconds]

15:39 nekomancer[m] has quit [Ping timeout: 260 seconds]

16:11 jwb_ is now known as gymnodemi

16:28 xecuter has quit [Remote host closed the connection]

16:29 xecuter has joined #armbian

16:35 rdorsch`away is now known as rdorsch

16:39 LanDi has joined #armbian

16:47 <lanefu> aha! you can use a env var as a file in bash with something like `ssh -i <(echo $MY_SSH_KEY)`

16:49 <lanefu> and even more inline.. ssh -i <(ccat private.key.enc -k ${github.secret.keyword})

16:49 <lanefu> omicronian 12:49 PM

16:59 ChanServ has quit [shutting down]

17:03 macc24 has quit [Quit: WeeChat 2.8]

17:10 xecuter has quit [Ping timeout: 244 seconds]

17:22 rdorsch is now known as rdorsch`away

17:37 ChanServ has joined #armbian

17:37 xecuter has joined #armbian

17:40 solderfumes[m] has joined #armbian

17:40 phantomse[m] has joined #armbian

17:40 JuniorJPDJ1 has joined #armbian

17:40 agates[m] has joined #armbian

17:40 psydruid has joined #armbian

17:40 hyperreal has joined #armbian

17:40 nekomancer[m] has joined #armbian

18:12 macc24 has joined #armbian

18:19 LanDi has quit [Remote host closed the connection]

18:45 Jacki has joined #armbian

18:45 <Jacki> hi

18:46 <Jacki> does recording from mic works on OP4 ?

18:48 psydruid has quit [Remote host closed the connection]

18:49 <Jacki> ???

18:51 <Jacki> (I use runit)

18:52 <Jacki> ops wrong channel!

18:52 <Jacki> btw

18:52 <Jacki> i use artix

18:57 <Jacki> does recording from mic works on OP4 ?

18:58 <Werner> Not sure. I dont have this board.

18:59 PPA has joined #armbian

19:11 xecuter has quit [Remote host closed the connection]

19:13 xecuter has joined #armbian

19:16 rdorsch`away is now known as rdorsch

19:27 archetech has quit [Quit: Konversation terminated!]

19:44 <Jacki> does recording from mic works on OP4 ?

19:58 <IgorPec> never tested that

19:59 IgorPec has quit [Remote host closed the connection]

20:01 IgorPec has joined #armbian

20:01 IgorPec has quit [Changing host]

20:01 IgorPec has joined #armbian

20:07 <Jacki> doesnt seem to work here...

20:07 <Jacki> playback works

20:09 phantomse[m] has quit [Quit: Idle for 30+ days]

20:38 xecuter has quit [Ping timeout: 260 seconds]

20:39 xecuter has joined #armbian

20:40 toketin has quit [Quit: ZNC 1.7.5 - https://znc.in]

20:41 <nekomancer[m]> chewitt: did they accepted your patch?

20:42 toketin has joined #armbian

21:12 Strykar has quit [Quit: /quit]

21:15 Strykar has joined #armbian

21:22 <PPA> Speaking of the OP4, how is it (compared to other RK3399 boards)?

21:23 <PPA> The layout makes attaching a heatsink more awkward than if the SoC was on the bottom, that's obvious

21:23 <PPA> but I read here and there about power supply/voltage, which the Rock Pi 4 seems to have fully covered

21:23 <PPA> while other boards may struggle to power a lot of attached USB devices (drives etc.)?

21:26 Joe22 has joined #armbian

21:27 drobo_00 has joined #armbian

21:27 rdorsch is now known as rdorsch`away

21:27 <Joe22> Hi, I'm trying to verify the download and signature for the RockPRO64 focal current desktop image, but the .xz is for 5.4.46 and the .asc and .sha files are for 5.4.43

21:32 <Joe22> Nevermind, found the correct signature/hash files in the /archive directory

21:34 xecuter has quit [Remote host closed the connection]

21:35 xecuter has joined #armbian

22:04 Joe22 has left #armbian [#armbian]

22:18 drobo_00 has quit [Ping timeout: 240 seconds]

22:29 sassinak-work has quit [Ping timeout: 244 seconds]

22:30 sassinak-work has joined #armbian

22:38 Jacki has quit [Quit: Leaving]

23:07 macc24 has quit [Ping timeout: 240 seconds]

23:31 Elpaulo has quit [Read error: Connection reset by peer]

23:32 Elpaulo has joined #armbian

23:39 macc24 has joined #armbian