Saturday, 2021-07-24

T42<edp_17> @elros34 : I have added these two lines into that file, saved it and rebooted. After the reboot, the /data/system/gps/.gps.interface.pipe.to_jni p file was not created until I went to csd/gpsinfo. Then, it was created with the same permission and as root:defaultuser. πŸ˜”09:17
T42<elros34> if it wasn't created at boot then maybe there is typo in that commands09:18
T42<edp_17> Can I issue that command in a command line?09:19
T42<elros34> have you checked that you have mknod in that location//09:19
T42<elros34> without exec sure09:19
T42<edp_17> Okay.09:19
T42<edp_17> Here is the .rc:
T42<edp_17> Yep, the tipo is that mknod is not in /system/xbin/ but /system/bin/09:21
T42<edp_17> There is ap at the end of the command, do I need that or that is a typo?09:22
T42<elros34> use mknod --help and you will see that p is needed09:23
T42<edp_17> Thanks.09:24
T42<edp_17> When I ran the command (with the p at the end), the file created with root:root.09:25
T42<edp_17> Then when I ran the other command: chown gps system /data/system/gps/.gps.interface.pipe.to_jni09:25
T42<edp_17> it gave me: chown: system: No such file or directory09:25
T42<edp_17> and the file owner chnaged to gps:root09:26
T42<edp_17> It seems the csd/gpsinfo works with this.09:26
T42<edp_17> I'll try this after reboot.09:29
T42<edp_17> Yep, with this fix GPS works after reboot. (That x_jni file deleted before the reboot.)09:33
T42<elros34> chown command and in .rc files has slightly different syntax (:)09:33
T42<edp_17> I see. However, the owner of the file is gps:root, so that chmod didn't work either in command line nor in that .rc file.09:34
T42<edp_17> Don't worry about that, I'll play with that to find the correct syntax.09:35
T42<edp_17> Now, I need to find how to include into the build.09:35
T42<edp_17> I have that .rc file in a few locations:09:35
T42<edp_17> mer/android/droid/device/samsung/trelte-common/ramdisk/init.universal5433.rc09:35
T42<edp_17> mer/android/droid/out/target/product/treltexx/root/init.universal5433.rc09:36
T42<edp_17> mer/targets/samsung-treltexx-armv7hl/init.universal5433.rc09:36
T42<edp_17> Which one should I modify? All? 😊09:36
T42<elros34> device/$VENDOR/* then make hybris-hal will  copy it to out/ if not help him:) and then rebuild droid-hal09:37
T42<edp_17> Okay! Thanks for the help!09:40
T42<edp_17> If I rebuilt a package (bluetooth) what else should I do to include the fresh ones into the build?09:41
T42<elros34> just make sure your version is higher then that one provided by devel common repo09:47
T42<edp_17> Okay, so running the mic is enough, right?09:47
T42<elros34> yeah should be09:48
T42<edp_17> Thanks.09:48
rinigusThaodan: would you mind looking into the colors used by Telegram bridge. edp_17 has a yellow handle which is painful to read on white bg (as in riot client)09:56
rinigusin context of luks encryption: has anyone looked into hw assisted key storage and protection on SFOS? maybe we could use android key management facilities to ensure that our data is encrypted10:43
rinigusobviously, with hw backing, having a pin would be sufficient to encrypt home partition properly10:44
ThaodanI don't think using Android key management is secure12:48
Thaodanthe only benefit is using the trust zone which is not trusted at all12:49
rinigusThaodan: I haven't looked into the subject, but doesn't Android have some HW-backed keystore? something like TPM?13:04
piggznow i understand a littel more abour xpolicy.conf i can fix some pinephone bugs13:28
piggzeven though voice calls work, im getting this:13:48
piggzpolicy-group.c: pa_policy_group_move_to(): could not find source for type voicecall name (null)13:48
piggzbut xpolicy looks ok for this....13:48
piggztype   = voicecall13:49
piggzsource = equals:$dev_source13:49
piggzports  = $dev_source:$source_builtin_mic13:49
piggzdev_sourc e==alsa_input.0.HiFi__hw_PinePhone_0__source13:49
piggzsource_builtin_mic == "[In] Mic"13:49
piggzand those values match the output of pactl list sources13:50
Thaodanrinigus: Yes backed by ARM trustzone which has numerous security holes13:56
rinigusThaodan: how large are those holes? if we take the active ports, how easy it would be to extract keys from trustzone?14:31
riniguslet's say right now, I would expect that the brute force attack on SFOS luks encryption would take few minutes on PC. so, compared to that...14:32
rinigusnote that my estimate is based mainly on rumors on the subject, haven't done any proper research on it14:33
ThaodanWhy do you say it would take only a few minutes? Do you expect that the pincode is the luks keycode?14:39
rinigusThaodan: my assumption is that the pin code is used for `luksAddKey`. please correct if it is not. would be interesting to know then how the key is derived14:42
rinigusthanks for links!14:42
rinigusThaodan: reading through those links - yes, there are bugs. however, I'd say it is still better than no hw backed keystore15:25
rinigusbugs sound to hw dependent, some are patched. rather expected in android world.15:26
rinigusThaodan: you haven't commented regarding use of PIN and luksAddKey - was my assumption correct?15:26
rinigusok, you guys are probably covered by NDA regarding these details.17:17
rinigusis sailfish-device-encryption proprietary?17:18
T42<eugenio_g7> last time I checked the pin code was used as a luks key-slot as is, but unsure if things changed recently18:03
rinigus@eugenio_g7: if it is not using any hw backed key generator there aren't much of the options. you can salt it, obscure by some treatment. something that is deterministic, though18:19
rinigusdon't know if luks can benefit from some special encryption support, but probably hw is not really that great in terms of number of iterations used to get master key for luks18:21
T42<eugenio_g7> indeed, I think messing with trustzone would be a fun endeavour, but perhaps allowing at least letters in the slot passphrase would be effective as well :D18:21
rinigus@eugenio_g7: I would expect that trustzone could be more practical if it works out. otherwise we are talking about rather long passords18:22
rinigusestimated password length:
rinigus5.1 section18:24
rinigusI am getting 60 bits of entropy in keepass for 12 char password, includes numbers plus chars in upper+lower case18:28
rinigus@eugenio_g7: ^18:28
T42<eugenio_g7> I think a 12-char password is doable (provided you have a full keyboard)18:29
rinigusthat's if it is fully random.... not sure how many neurons you would loose there18:30
rinigusnow hw backed - even 5-6 digits should be fine. maybe even less, depending on lockout settings18:31
T42<eugenio_g7> :D indeed18:33
T42<eugenio_g7> I guess you also need to check how to make it play with sailfish-device-encryption, i.e. if for example (totally making up stuff, haven't checked) at every pin unlock the luks slot is checked as well... you need to have the "plain" slot stick around18:35
T42<supirlelik96> HABUILD_SDK [] alex@alex-LIFEBOOK-AH502:~$ sudo mkdir -p $ANDROID_ROOT18:36
T42<supirlelik96> sudo: account validation failure, is your account locked?18:36
T42<supirlelik96> HABUILD_SDK [] alex@alex-LIFEBOOK-AH502:~$ sudo chown -R $USER $ANDROID_ROOT18:36
T42<supirlelik96> sudo: account validation failure, is your account locked?18:36
T42<supirlelik96> alex@alex-LIFEBOOK-AH502:~$ ubu-chroot -r $MER_ROOT/sdks/ubuntu18:36
T42<supirlelik96> mount_bind /var/run/dbus: None of these exists on your host - please report this bug18:36
T42<supirlelik96> Env setup for onclite18:36
rinigus@eugenio_g7: if going for hw encryption then no need for plain slots either. but the first step is to make it work in principle, GUI could come later.18:37
T42<supirlelik96> How to fixed problem& (re @supirlelik96: HABUILD_SDK [] alex@...)18:38
T42<supirlelik96> How to fixed problem? (edited) (re @supirlelik96: HABUILD_SDK [] alex@...)18:38
T42<supirlelik96> ubuntu-20.04-chroot in sfossdk18:39
T42<supirlelik96> alex@alex-LIFEBOOK-AH502:~$ ubu-chroot -r $MER_ROOT/sdks/ubuntu18:40
T42<supirlelik96> mount_bind /var/run/dbus: None of these exists on your host - please report this bug18:40
T42<supirlelik96> Unknown ubuntu version18:40
rinigus@supirlelik96: I think there was discussion regarding it few days ago - check the logs. I suggested to look into /etc/sudoers of chroot while you are in the host.18:41
rinigusbut not sure what worked in the end - maybe logs can tell you18:41
T42<supirlelik96> ok18:41
T42<eugenio_g7> rinigus: yes, I was looking at it more from the "homebrewy" side of things... i.e. I'm not sure if it plays well with what is currently there - but sure for testing a new hw-backed slot would work without disrupting things18:45
rinigus@eugenio_g7: just would have to figure out how to interact with that keystore... and how are those hybris android/glibc daemons written. has always been bit of a mystery for me18:46
T42<eugenio_g7> I will follow with interest :)18:54
T42<edp_17> @supirlelik96 : I had that issue few days ago. Solution came from Shou:19:01
T42<edp_17> "you need to add your user account to /etc/shadow"19:01
T42<supirlelik96> OK THANK YOU (re @edp_17: @supirlelik96 : I ha...)19:03
T42<supirlelik96> πŸ‘ (re @edp_17: @supirlelik96 : I ha...)19:03
T42<supirlelik96> How do I add a user there on kubuntu 21.10? (re @edp_17: @supirlelik96 : I ha...)19:09
T42<edp_17> It should be done within chroot not on your host.19:40
T42<edp_17> I've edited that file manually as root with mc, and just created a line at the end based on an other existig line. That's all. (Have not found good example on the net.)19:45
T42<supirlelik96> ok (re @edp_17: It should be done wi...)20:08
T42<supirlelik96> Hello there! What should I do if I have the kernel sources suitable for gitlab ,and I don't know how to specify gitlab in the manifest if github is required there20:27
T42<supirlelik96> My kernel source
T42<shouaccount> <remote name="gitlab_http" fetch="" />20:34
T42<shouaccount> <project name="xyzusername/projectname" path="abc/path" remote="gitlab_http" /> (re @supirlelik96: Hello there! What sh...)20:34
T42<supirlelik96> Thank you! (re @shouaccount: <remote name="gitlab...)20:34
T42<supirlelik96> (re @shouaccount: <remote name="gitlab...)20:38
T42<shouaccount> I'm AFK right now.20:38
T42<shouaccount> Reason: It’s sunday, I am asleep20:38
T42<shouaccount> Last Seen: 1m, 15s ago (re @supirlelik96: https://paste.ubuntu...)20:38
T42<supirlelik96> did I do the right thing? (edited) (re @shouaccount: <remote name="gitlab...)20:38
T42<shouaccount> (re @supirlelik96: https://paste.ubuntu...)20:41
T42<shouaccount> I'm no longer AFK! (re @shouaccount: https://paste.ubuntu...)20:41
T42<shouaccount> You recieved 1 messages while you were away. Check log for more details.20:41
T42<shouaccount> AFK time : 4m, 35s (edited) (re @shouaccount: https://paste.ubuntu...)20:41
T42<supirlelik96> Ok20:41
T42<P_Z3R0> Hey has anyone tried porting sailfish os for Asus M2 pro21:42

Generated by 2.17.1 by Marius Gedminas - find it at!