| T42 | <edp_17> @elros34 : I have added these two lines into that file, saved it and rebooted. After the reboot, the /data/system/gps/.gps.interface.pipe.to_jni p file was not created until I went to csd/gpsinfo. Then, it was created with the same permission and as root:defaultuser. π | 09:17 |
|---|---|---|
| T42 | <elros34> if it wasn't created at boot then maybe there is typo in that commands | 09:18 |
| T42 | <edp_17> Can I issue that command in a command line? | 09:19 |
| T42 | <elros34> have you checked that you have mknod in that location// | 09:19 |
| T42 | <elros34> without exec sure | 09:19 |
| T42 | <edp_17> Okay. | 09:19 |
| T42 | <edp_17> Here is the .rc: https://paste.ubuntu.com/p/8bQZrmgrRn/ | 09:20 |
| T42 | <edp_17> Yep, the tipo is that mknod is not in /system/xbin/ but /system/bin/ | 09:21 |
| T42 | <edp_17> There is ap at the end of the command, do I need that or that is a typo? | 09:22 |
| T42 | <elros34> use mknod --help and you will see that p is needed | 09:23 |
| T42 | <edp_17> Thanks. | 09:24 |
| T42 | <edp_17> When I ran the command (with the p at the end), the file created with root:root. | 09:25 |
| T42 | <edp_17> Then when I ran the other command: chown gps system /data/system/gps/.gps.interface.pipe.to_jni | 09:25 |
| T42 | <edp_17> it gave me: chown: system: No such file or directory | 09:25 |
| T42 | <edp_17> and the file owner chnaged to gps:root | 09:26 |
| T42 | <edp_17> It seems the csd/gpsinfo works with this. | 09:26 |
| T42 | <edp_17> I'll try this after reboot. | 09:29 |
| T42 | <edp_17> Yep, with this fix GPS works after reboot. (That x_jni file deleted before the reboot.) | 09:33 |
| T42 | <elros34> chown command and in .rc files has slightly different syntax (:) | 09:33 |
| T42 | <edp_17> I see. However, the owner of the file is gps:root, so that chmod didn't work either in command line nor in that .rc file. | 09:34 |
| T42 | <edp_17> Don't worry about that, I'll play with that to find the correct syntax. | 09:35 |
| T42 | <edp_17> Now, I need to find how to include into the build. | 09:35 |
| T42 | <edp_17> I have that .rc file in a few locations: | 09:35 |
| T42 | <edp_17> mer/android/droid/device/samsung/trelte-common/ramdisk/init.universal5433.rc | 09:35 |
| T42 | <edp_17> mer/android/droid/out/target/product/treltexx/root/init.universal5433.rc | 09:36 |
| T42 | <edp_17> mer/targets/samsung-treltexx-armv7hl/init.universal5433.rc | 09:36 |
| T42 | <edp_17> Which one should I modify? All? π | 09:36 |
| T42 | <elros34> device/$VENDOR/* then make hybris-hal will copy it to out/ if not help him:) and then rebuild droid-hal | 09:37 |
| T42 | <edp_17> Okay! Thanks for the help! | 09:40 |
| T42 | <edp_17> If I rebuilt a package (bluetooth) what else should I do to include the fresh ones into the build? | 09:41 |
| T42 | <elros34> just make sure your version is higher then that one provided by devel common repo | 09:47 |
| T42 | <edp_17> Okay, so running the mic is enough, right? | 09:47 |
| T42 | <elros34> yeah should be | 09:48 |
| T42 | <edp_17> Thanks. | 09:48 |
| rinigus | Thaodan: would you mind looking into the colors used by Telegram bridge. edp_17 has a yellow handle which is painful to read on white bg (as in riot client) | 09:56 |
| rinigus | in context of luks encryption: has anyone looked into hw assisted key storage and protection on SFOS? maybe we could use android key management facilities to ensure that our data is encrypted | 10:43 |
| rinigus | obviously, with hw backing, having a pin would be sufficient to encrypt home partition properly | 10:44 |
| Thaodan | I don't think using Android key management is secure | 12:48 |
| Thaodan | the only benefit is using the trust zone which is not trusted at all | 12:49 |
| rinigus | Thaodan: I haven't looked into the subject, but doesn't Android have some HW-backed keystore? something like TPM? | 13:04 |
| piggz | now i understand a littel more abour xpolicy.conf i can fix some pinephone bugs | 13:28 |
| piggz | even though voice calls work, im getting this: | 13:48 |
| piggz | policy-group.c: pa_policy_group_move_to(): could not find source for type voicecall name (null) | 13:48 |
| piggz | but xpolicy looks ok for this.... | 13:48 |
| piggz | [device] | 13:48 |
| piggz | type = voicecall | 13:49 |
| piggz | source = equals:$dev_source | 13:49 |
| piggz | ports = $dev_source:$source_builtin_mic | 13:49 |
| piggz | dev_sourc e==alsa_input.0.HiFi__hw_PinePhone_0__source | 13:49 |
| piggz | source_builtin_mic == "[In] Mic" | 13:49 |
| piggz | and those values match the output of pactl list sources | 13:50 |
| Thaodan | rinigus: Yes backed by ARM trustzone which has numerous security holes | 13:56 |
| rinigus | Thaodan: how large are those holes? if we take the active ports, how easy it would be to extract keys from trustzone? | 14:31 |
| rinigus | let's say right now, I would expect that the brute force attack on SFOS luks encryption would take few minutes on PC. so, compared to that... | 14:32 |
| rinigus | note that my estimate is based mainly on rumors on the subject, haven't done any proper research on it | 14:33 |
| Thaodan | https://news.ycombinator.com/item?id=11798770 | 14:39 |
| Thaodan | Why do you say it would take only a few minutes? Do you expect that the pincode is the luks keycode? | 14:39 |
| Thaodan | https://www.zdnet.com/article/qualcomms-secure-world-virtual-processor-leaks-mobile-payment-data/ | 14:40 |
| rinigus | Thaodan: my assumption is that the pin code is used for `luksAddKey`. please correct if it is not. would be interesting to know then how the key is derived | 14:42 |
| rinigus | thanks for links! | 14:42 |
| rinigus | Thaodan: reading through those links - yes, there are bugs. however, I'd say it is still better than no hw backed keystore | 15:25 |
| rinigus | bugs sound to hw dependent, some are patched. rather expected in android world. | 15:26 |
| rinigus | Thaodan: you haven't commented regarding use of PIN and luksAddKey - was my assumption correct? | 15:26 |
| rinigus | ok, you guys are probably covered by NDA regarding these details. | 17:17 |
| rinigus | is sailfish-device-encryption proprietary? | 17:18 |
| T42 | <eugenio_g7> last time I checked the pin code was used as a luks key-slot as is, but unsure if things changed recently | 18:03 |
| rinigus | @eugenio_g7: if it is not using any hw backed key generator there aren't much of the options. you can salt it, obscure by some treatment. something that is deterministic, though | 18:19 |
| rinigus | don't know if luks can benefit from some special encryption support, but probably hw is not really that great in terms of number of iterations used to get master key for luks | 18:21 |
| T42 | <eugenio_g7> indeed, I think messing with trustzone would be a fun endeavour, but perhaps allowing at least letters in the slot passphrase would be effective as well :D | 18:21 |
| rinigus | @eugenio_g7: I would expect that trustzone could be more practical if it works out. otherwise we are talking about rather long passords | 18:22 |
| rinigus | estimated password length: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#5-security-aspects | 18:24 |
| rinigus | 5.1 section | 18:24 |
| rinigus | I am getting 60 bits of entropy in keepass for 12 char password, includes numbers plus chars in upper+lower case | 18:28 |
| rinigus | @eugenio_g7: ^ | 18:28 |
| T42 | <eugenio_g7> I think a 12-char password is doable (provided you have a full keyboard) | 18:29 |
| rinigus | that's if it is fully random.... not sure how many neurons you would loose there | 18:30 |
| rinigus | now hw backed - even 5-6 digits should be fine. maybe even less, depending on lockout settings | 18:31 |
| T42 | <eugenio_g7> :D indeed | 18:33 |
| T42 | <eugenio_g7> I guess you also need to check how to make it play with sailfish-device-encryption, i.e. if for example (totally making up stuff, haven't checked) at every pin unlock the luks slot is checked as well... you need to have the "plain" slot stick around | 18:35 |
| T42 | <supirlelik96> HABUILD_SDK [] alex@alex-LIFEBOOK-AH502:~$ sudo mkdir -p $ANDROID_ROOT | 18:36 |
| T42 | <supirlelik96> sudo: account validation failure, is your account locked? | 18:36 |
| T42 | <supirlelik96> HABUILD_SDK [] alex@alex-LIFEBOOK-AH502:~$ sudo chown -R $USER $ANDROID_ROOT | 18:36 |
| T42 | <supirlelik96> sudo: account validation failure, is your account locked? | 18:36 |
| T42 | <supirlelik96> alex@alex-LIFEBOOK-AH502:~$ ubu-chroot -r $MER_ROOT/sdks/ubuntu | 18:36 |
| T42 | <supirlelik96> mount_bind /var/run/dbus: None of these exists on your host - please report this bug | 18:36 |
| T42 | <supirlelik96> Env setup for onclite | 18:36 |
| rinigus | @eugenio_g7: if going for hw encryption then no need for plain slots either. but the first step is to make it work in principle, GUI could come later. | 18:37 |
| T42 | <supirlelik96> How to fixed problem& (re @supirlelik96: HABUILD_SDK [] alex@...) | 18:38 |
| T42 | <supirlelik96> How to fixed problem? (edited) (re @supirlelik96: HABUILD_SDK [] alex@...) | 18:38 |
| T42 | <supirlelik96> ubuntu-20.04-chroot in sfossdk | 18:39 |
| T42 | <supirlelik96> alex@alex-LIFEBOOK-AH502:~$ ubu-chroot -r $MER_ROOT/sdks/ubuntu | 18:40 |
| T42 | <supirlelik96> mount_bind /var/run/dbus: None of these exists on your host - please report this bug | 18:40 |
| T42 | <supirlelik96> Unknown ubuntu version | 18:40 |
| rinigus | @supirlelik96: I think there was discussion regarding it few days ago - check the logs. I suggested to look into /etc/sudoers of chroot while you are in the host. | 18:41 |
| rinigus | but not sure what worked in the end - maybe logs can tell you | 18:41 |
| T42 | <supirlelik96> ok | 18:41 |
| T42 | <eugenio_g7> rinigus: yes, I was looking at it more from the "homebrewy" side of things... i.e. I'm not sure if it plays well with what is currently there - but sure for testing a new hw-backed slot would work without disrupting things | 18:45 |
| rinigus | @eugenio_g7: just would have to figure out how to interact with that keystore... and how are those hybris android/glibc daemons written. has always been bit of a mystery for me | 18:46 |
| T42 | <eugenio_g7> I will follow with interest :) | 18:54 |
| T42 | <edp_17> @supirlelik96 : I had that issue few days ago. Solution came from Shou: | 19:01 |
| T42 | <edp_17> "you need to add your user account to /etc/shadow" | 19:01 |
| T42 | <supirlelik96> OK THANK YOU (re @edp_17: @supirlelik96 : I ha...) | 19:03 |
| T42 | <supirlelik96> π (re @edp_17: @supirlelik96 : I ha...) | 19:03 |
| T42 | <supirlelik96> How do I add a user there on kubuntu 21.10? (re @edp_17: @supirlelik96 : I ha...) | 19:09 |
| T42 | <edp_17> It should be done within chroot not on your host. | 19:40 |
| T42 | <edp_17> I've edited that file manually as root with mc, and just created a line at the end based on an other existig line. That's all. (Have not found good example on the net.) | 19:45 |
| T42 | <supirlelik96> ok (re @edp_17: It should be done wi...) | 20:08 |
| T42 | <supirlelik96> Hello there! What should I do if I have the kernel sources suitable for gitlab ,and I don't know how to specify gitlab in the manifest if github is required there | 20:27 |
| T42 | <supirlelik96> My kernel source https://gitlab.com/ubports/community-ports/android9/xiaomi-redmi-7/kernel-xiaomi-onclite | 20:28 |
| T42 | <shouaccount> <remote name="gitlab_http" fetch="https://gitlab.com" /> | 20:34 |
| T42 | <shouaccount> <project name="xyzusername/projectname" path="abc/path" remote="gitlab_http" /> (re @supirlelik96: Hello there! What sh...) | 20:34 |
| T42 | <supirlelik96> Thank you! (re @shouaccount: <remote name="gitlab...) | 20:34 |
| T42 | <supirlelik96> https://paste.ubuntu.com/p/kVXSHtvKZ7/ (re @shouaccount: <remote name="gitlab...) | 20:38 |
| T42 | <shouaccount> I'm AFK right now. | 20:38 |
| T42 | <shouaccount> Reason: Itβs sunday, I am asleep | 20:38 |
| T42 | <shouaccount> Last Seen: 1m, 15s ago (re @supirlelik96: https://paste.ubuntu...) | 20:38 |
| T42 | <supirlelik96> https://paste.ubuntu.com/p/kVXSHtvKZ7/ | 20:38 |
| T42 | <supirlelik96> did I do the right thing? (edited) (re @shouaccount: <remote name="gitlab...) | 20:38 |
| T42 | <shouaccount> https://paste.ubuntu.com/p/fQXnkdfN4W/ (re @supirlelik96: https://paste.ubuntu...) | 20:41 |
| T42 | <shouaccount> I'm no longer AFK! (re @shouaccount: https://paste.ubuntu...) | 20:41 |
| T42 | <shouaccount> You recieved 1 messages while you were away. Check log for more details. | 20:41 |
| T42 | <shouaccount> AFK time : 4m, 35s (edited) (re @shouaccount: https://paste.ubuntu...) | 20:41 |
| T42 | <supirlelik96> Ok | 20:41 |
| T42 | <P_Z3R0> Hey has anyone tried porting sailfish os for Asus M2 pro | 21:42 |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!