<rsalvaterra>
karlp: Me, personally, not many… but the support is there, why not use it? :)
<rsalvaterra>
Besides, I know of public hotspot deployments which might benefit.
<dangole>
i guess this is more about open filehandles, which is kinda relevant if you have many things connecting to the control socket simultanously
<rsalvaterra>
dangole: I'm looking at the CONFIG_WPS_NFC setting now… Is there any reason it's available on -wolfssl-full but not -openssl-full?
<rsalvaterra>
Actually, it's in both -mesh and -full.
<dangole>
rsalvaterra: i've included that long ago when i packaged wpad-mesh because (at least back then) it didn't build without it as some crypto functions used by SAE would only be built with CONFIG_NFC enabled as well. not even sure if this is still true.
<rsalvaterra>
Ah, nice to know! I'm trying to clean things up a bit, so I'll test SAE with/without this too.
<dangole>
rsalvaterra: i've merged your wpad-basic-openssl patch
<rsalvaterra>
Thanks!
panchen has joined #openwrt-devel
rsalvaterra has quit [Quit: Leaving.]
swex has joined #openwrt-devel
black_ant has joined #openwrt-devel
black_ant has joined #openwrt-devel
black_ant has quit [Changing host]
black_ant has quit [Client Quit]
black_ant has joined #openwrt-devel
black_ant has joined #openwrt-devel
black_ant has quit [Changing host]
<owrt-snap-builds>
build #680 of octeontx/generic is complete: Failure [failed pkgbuild] Build details are at http://buildbot.openwrt.org/master/images/builders/octeontx%2Fgeneric/builds/680 blamelist: Rui Salvaterra <rsalvaterra@gmail.com>, Chuanhong Guo <gch981213@gmail.com>, Daniel Golle <daniel@makrotopia.org>, Paul Spooren <mail@aparcar.org>, Philip Prindeville
<owrt-snap-builds>
<philipp@redfish-solutions.com>, John Thomson <git@johnthomson.fastmail.com.au>, Jo-Philipp Wich <jo@mein.io>
Tsesarevich has quit [Write error: Connection reset by peer]
HeMan has joined #openwrt-devel
Tsesarevich has joined #openwrt-devel
arnd has joined #openwrt-devel
<owrt-snap-builds>
build #675 of oxnas/ox820 is complete: Failure [failed pkgbuild] Build details are at http://buildbot.openwrt.org/master/images/builders/oxnas%2Fox820/builds/675 blamelist: Rui Salvaterra <rsalvaterra@gmail.com>, Chuanhong Guo <gch981213@gmail.com>, Daniel Golle <daniel@makrotopia.org>, Paul Spooren <mail@aparcar.org>, Philip Prindeville <philipp
<owrt-snap-builds>
@redfish-solutions.com>, John Thomson <git@johnthomson.fastmail.com.au>, Jo-Philipp Wich <jo@mein.io>
<owrt-snap-builds>
@redfish-solutions.com>, John Thomson <git@johnthomson.fastmail.com.au>, Jo-Philipp Wich <jo@mein.io>
<owrt-snap-builds>
build #536 of mpc85xx/p2020 is complete: Failure [failed pkgbuild] Build details are at http://buildbot.openwrt.org/master/images/builders/mpc85xx%2Fp2020/builds/536 blamelist: Rui Salvaterra <rsalvaterra@gmail.com>, Chuanhong Guo <gch981213@gmail.com>, Daniel Golle <daniel@makrotopia.org>, Paul Spooren <mail@aparcar.org>, Philip Prindeville <philipp
<owrt-snap-builds>
build #666 of at91/sam9x is complete: Failure [failed pkgbuild] Build details are at http://buildbot.openwrt.org/master/images/builders/at91%2Fsam9x/builds/666 blamelist: Rui Salvaterra <rsalvaterra@gmail.com>, Chuanhong Guo <gch981213@gmail.com>, Daniel Golle <daniel@makrotopia.org>, Paul Spooren <mail@aparcar.org>, Philip Prindeville <philipp
<owrt-snap-builds>
@redfish-solutions.com>, John Thomson <git@johnthomson.fastmail.com.au>, Jo-Philipp Wich <jo@mein.io>
ivanich has quit [Read error: Connection reset by peer]
ivanich_ has joined #openwrt-devel
Slimey__ has joined #openwrt-devel
Slimey has quit [Ping timeout: 272 seconds]
csrf has quit [Ping timeout: 256 seconds]
nitroshift has quit [Quit: Gone that way --->]
slh64 has joined #openwrt-devel
nitroshift has joined #openwrt-devel
ivanich_ has quit [Remote host closed the connection]
csrf has joined #openwrt-devel
ivanich has joined #openwrt-devel
dedeckeh has quit [Remote host closed the connection]
Borromini has quit [Quit: Lost terminal]
eduardas has joined #openwrt-devel
Ycarus has joined #openwrt-devel
Slimey___ has joined #openwrt-devel
rsalvaterra has joined #openwrt-devel
Slimey__ has quit [Ping timeout: 240 seconds]
Redfoxmoon has quit [Changing host]
Redfoxmoon has joined #openwrt-devel
daregap has joined #openwrt-devel
feriman has joined #openwrt-devel
Nick_Lowe has joined #openwrt-devel
Nick_Lowe has quit [Client Quit]
black_ant has joined #openwrt-devel
black_ant has quit [Changing host]
black_ant has joined #openwrt-devel
damex_ has joined #openwrt-devel
damex has quit [Read error: Connection reset by peer]
ivanich_ has joined #openwrt-devel
ivanich has quit [Ping timeout: 260 seconds]
Nick_Lowe has joined #openwrt-devel
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Nick_Lowe has joined #openwrt-devel
Strykar has quit [Quit: /quit]
Strykar has joined #openwrt-devel
fblaese_ has quit [Quit: bye]
Redfoxmoon has quit [Read error: Connection reset by peer]
Redfoxmoon has joined #openwrt-devel
Acinonyx has quit [Ping timeout: 260 seconds]
Acinonyx_ has joined #openwrt-devel
Redfoxmoon has quit [Changing host]
Redfoxmoon has joined #openwrt-devel
fblaese_ has joined #openwrt-devel
Olipro has quit [Remote host closed the connection]
Olipro has joined #openwrt-devel
Olipro has joined #openwrt-devel
Olipro has quit [Changing host]
_whitelogger has joined #openwrt-devel
victhor has joined #openwrt-devel
MichaelOF has joined #openwrt-devel
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
nitroshift has quit [Quit: Gone that way --->]
dedeckeh has joined #openwrt-devel
lynxis has quit [Remote host closed the connection]
zaolin has quit [Remote host closed the connection]
dangole has joined #openwrt-devel
zaolin has joined #openwrt-devel
lynxis has joined #openwrt-devel
daregap has quit [Quit: daregap]
user- has quit [Quit: quit]
feriman has quit [Ping timeout: 264 seconds]
Ycarus has quit [Remote host closed the connection]
Ycarus has joined #openwrt-devel
eduardas has quit [Quit: Konversation terminated!]
Nick_Lowe has joined #openwrt-devel
Ycarus_ has joined #openwrt-devel
Ycarus_ has quit [Remote host closed the connection]
Ycarus has quit [Ping timeout: 260 seconds]
muhaha has joined #openwrt-devel
dangole_ has joined #openwrt-devel
dangole has quit [Remote host closed the connection]
user- has joined #openwrt-devel
goliath has joined #openwrt-devel
user- has quit [Client Quit]
user- has joined #openwrt-devel
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<rsalvaterra>
Been fighting all morning with openssl, trying to persuade it to build with LTO, to no avail. I am disappoint.
dangole_ is now known as dangole
tobleminer-tSYS has quit [Quit: AS4242423214]
Nick_Lowe has joined #openwrt-devel
danitool has joined #openwrt-devel
tobleminer-tSYS has joined #openwrt-devel
eduardas has joined #openwrt-devel
Ycarus has joined #openwrt-devel
ivanich has joined #openwrt-devel
ivanich_ has quit [Read error: Connection reset by peer]
user- has quit [Quit: quit]
user- has joined #openwrt-devel
xback has quit [Remote host closed the connection]
SpaceRat has quit [Ping timeout: 264 seconds]
feriman has joined #openwrt-devel
SpaceRat has joined #openwrt-devel
ivanich has quit [Read error: Connection reset by peer]
SpaceRat has quit [Ping timeout: 240 seconds]
rsalvaterra1 has joined #openwrt-devel
ivanich has joined #openwrt-devel
rsalvaterra has quit [Ping timeout: 264 seconds]
rsalvaterra1 has quit [Quit: Leaving.]
rsalvaterra has joined #openwrt-devel
muhaha has quit [Quit: Connection closed]
<rsalvaterra>
dangole: Mind if I add CONFIG_OWE=y to the basic-{openssl,wolfssl} variants? :)
<dangole>
rsalvaterra: it's worth considering. i'd agree, but we need to watch size increase caused by that. if it's a just few kB, then we should do it.
<rsalvaterra>
Let me do a quick build, I'll tell you the exact difference. But I know it's around 10 kiB.
<rsalvaterra>
12 352 bytes difference for hostapd-basic-openssl (74Kc -O2).
<rsalvaterra>
My final image size didn't change (it's padded to 64 kiB, it seems).
eduardas has quit [Quit: Konversation terminated!]
<rsalvaterra>
It might also be worth noticing that enabling epoll() hasn't changed my hostapd binary size at all.
valku has joined #openwrt-devel
<dangole>
rsalvaterra: i generally agree thew epoll() is of course better than select(). just make sure none of the ubus interfaces hostapd/wpa_supplicant are offering breaks with that change (which is the only breakage I would imagine could happen by such a change)
<rsalvaterra>
dangole: If you're reading this, it's probably working, since I'm already running it on my router. ;)
<dangole>
rsalvaterra: at least config_add/config_remove are working then...
<rsalvaterra>
Anyway, I'm going to let it simmer for a couple of days.
<rsalvaterra>
The OWE patch, however, is good to go.
<damex_>
is there some work done to add amlogic SoC devices (sbc) or i would have to start from scratch with that?
<dangole>
damex: i'm not aware of anything already done on that front.
<grift>
but just to answer that here , obviously that should also be leverage (defense in depth and all)
<grift>
but even so, that is still DAC and subject to the flaws of DAC
<grift>
i mean lets say you have a service with a private identity, that service can still do a chmod o+rwx on any file it owns
<grift>
or even setuid bit
<Hauke>
damex: you could ask xdarklight he works on upstream amlogic
<grift>
SwedeMike: this is how i (briefly) addressed it on the SELinux slide:
<grift>
"Complements DAC (it is not a replacement, and you can -and should- also leverage DAC to the full extent)"
<dangole>
grift: just looked at the slides and like what i see. on a meta-level, it'd be great if you'd also mention how much of a multi-stakeholder process this whole story has been, ie. first thomas and then mike getting the field prepared and then you stepped in to write the actual policy.
<dangole>
grift: apart from the slides, did you address sysupgrade.tgz extraction in the policy? i saw that still failing when i last tried a few days ago...
<grift>
you mean via luci?
<grift>
i mean this works fine: ssh root@"$1" "sysupgrade -b -" >~/Downloads/backup-${1}-$(date +%F).tgz
<grift>
but if you mean via luci then yes thats still a todo item but not the only luci todo item
<dangole>
grift: what i meant is when i do 'sysugprade openwrt.....' then it will come up after having flashed and restore stuff from sysupgrade.tgz
<dangole>
and that triggered a few acl violations
<grift>
show me the avc denials please
<grift>
i cannot produce that issue
<dangole>
grift: didn't log them, i'll test and send in a bit, still busy with something else right now
<grift>
but surely theres rough edges and loose ends
<grift>
goes without saying
<dangole>
grift: just thought that sysupgrade is kinda more essential than having unbound or other things from packages feed...
<grift>
like i said, i cannot produce that sysupgrade issue
<grift>
and believe you me i do that alot
<dangole>
grift: it works slightly different on NOR flash with jffs2, and that could be the cause for what i've been seeing
<grift>
but yes youre touching on the big issue
<grift>
it needs wide scrutiny and broad exposure testing on a wide array of configs
<grift>
booting from mmc probably also needs work
<grift>
thats just scratching the surface
<dangole>
grift: emmc, sata and nvme should be kinda the same in the sense that it's the same type of filesystems used on top of a block device (which surely still is named differently and stuff, but the procedure is the same)
<grift>
yes but mmc is a removeable storage device unlike say sata and selinux is a bit more selective
<grift>
i differentiate between different classes of storage devices so i might have overlooked some access for that somewhere ( i think not but only way to tell for sure is to test it)
<grift>
but yes i guess one could argue whether it makes sense to associate mmc with removable storage in this space, maybe it makes more sense to just associate these types of deviced with fixed storage devices like sata, nvme (btw nvme is not supported currently in my policy)
<grift>
food for thought, but not sure whether its worth it to add extra rules to support nvme
<dangole>
grift: it is worth adding rules for nvme, many people are using PCIe based SSDs with x86 based router boards such as APU3
<olmari>
Some of mine SATAs are hot-pluggable too, but indeed as root device of owrt removing such does not make sense even if support is there.. could make sense for generally supporting, where user wants to do such
<xdarklight>
damex: stintel worked on a meson target some time ago: https://git.openwrt.org/?p=openwrt/staging/stintel.git;a=shortlog;h=refs/heads/meson
<xdarklight>
damex: we're working hard upstream to continuously add support for more hardware bits and also taking care of any bugs. personally I go with "latest = greatest" so don't test with stable kernels very often, but I think all relevant patches are backported to stable kernel versions
<grift>
dangole ok will adds nvme support in, its modular so can just include it be default and allow people to exclude it
<grift>
olmari yes same applies to mmc i guess, so i will consider associating them with fixed disks just like sda/nvme etc
<grift>
its just that booting from mmc isnt that widely supported