Parabola Issue Tracker: Issueshttps://labs.parabola.nu/https://labs.parabola.nu/favicon.ico?15367742552023-03-08T23:19:21ZParabola Issue Tracker
Redmine Packages - Bug #3451 (fixed): community/bass lacking source codehttps://labs.parabola.nu/issues/34512023-03-08T23:19:21ZGNUtooGNUtoo@cyberdimension.org
<p>The <a href="https://downloads.sourceforge.net/scummvm/bass-cd-1.2.zip" class="external">source code zip</a> has the following files:<br /><pre>
bass-cd-1.2/sky.dnr
bass-cd-1.2/sky.dsk
bass-cd-1.2/readme.txt
bass-cd-1.2/sky.cpt
</pre></p>
<p>And the license is the following (from readme.txt):<br /><pre>
1) You may distribute this game for free on any medium, provided this readme
and all associated copyright notices and disclaimers are left intact.
2) You may charge a reasonable copying fee for this archive, and may distribute
it in aggregate as part of a larger & possibly commercial software distribution
(such as a Linux distribution or magazine coverdisk). You must provide proper
attribution and ensure this readme and all associated copyright notices, and
disclaimers are left intact.
3) You may not charge a fee for the game itself. This includes reselling the
game as an individual item.
4) You may modify the game as you wish. You may also distribute modified
versions under the terms set forth in this license, but with the additional
requirement that the work is marked with a prominent notice which states that
it is a modified version.
5) All game content is (C) Revolution Software Ltd. The ScummVM engine is (C)
The ScummVM Team (www.scummvm.org)
6) THE GAMEDATA IN THIS ARCHIVE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING AND NOT LIMITED TO ANY IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
</pre></p>
<p>The same readme.txt has:<br /><pre>
Some time ago, we (ScummVM) had the good fortune to come in contact with Tony
Warriner at Revolution Software Ltd. With their blessing and support, we then
obtained the original source code for Beneath a Steel Sky and added support for
it to our adventure game interpreter, ScummVM. And now, on the eve of ScummVM
0.5.0 (the first release featuring B.A.S.S support), Revolution Software Ltd.
has decided to release Sky to the public as freeware!
</pre></p>
<p>So that is probably OK FSDG wise as this data could be considered as non-functionnal and that we get permissions to redisrtibute it even commercially.</p>
<p>However AFAIK Parabola has a free culture requirement, so even if we have the right to modify it, we might lack the information to do that (the source code).</p>
<p>Though maybe some people have more information about the game format and all, so maybe I'm mistaken?</p> Packages - Bug #3386 (fixed): Blacklist hooks are brokenhttps://labs.parabola.nu/issues/33862022-12-09T15:47:40ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>When pushing a modification to the blacklist repository I have:<br /><pre>
remote: ==> Retrieving sources...
remote: -> Downloading your-freedom-blacklist-93594561c961cb641aed9e349926ac7b759f7fcf.txt...
remote: % Total % Received % Xferd Average Speed Time Time Time Current
remote: Dload Upload Total Spent Left Speed
remote: 100 78864 100 78864 0 0 1283k 0 --:--:-- --:--:-- --:--:-- 1305k
remote: ==> Generating checksums for source files...
remote: [master eb165180a] Update libre/your-freedom
remote: 1 file changed, 3 insertions(+), 3 deletions(-)
remote: pacman: /usr/lib/libc.so.6: version `GLIBC_2.34' not found (required by /usr/lib/libcrypto.so.1.1)
remote: pacman: /usr/lib/libc.so.6: version `GLIBC_2.34' not found (required by /usr/lib/libcurl.so.4)
remote: pacman: /usr/lib/libc.so.6: version `GLIBC_2.34' not found (required by /usr/lib/libgpgme.so.11)
remote: pacman: /usr/lib/libc.so.6: version `GLIBC_2.34' not found (required by /usr/lib/libzstd.so.1)
remote:
remote: ==> ERROR: An unknown error has occurred. Exiting...
remote: ./hooks/post-receive: line 2: 3688173 User defined signal 1 ~autobuilder/.local/bin/autobuild libre/your-freedom blacklist.txt
remote: HEAD is now at 4eef26124 libre: linux-libre-vanilla: update to 6.0.10
remote: -> Updating abslibre git repo...
remote: Fetching origin
remote: Already on 'master'
remote: Your branch is up to date with 'origin/master'.
remote: From git://git.parabola.nu/abslibre/abslibre
remote: * branch master -> FETCH_HEAD
remote: Already up to date.
remote: ==> No new changes were committed, nothing to do
remote: HEAD is now at 4eef26124 libre: linux-libre-vanilla: update to 6.0.10
remote: -> Updating abslibre git repo...
remote: Fetching origin
remote: Already on 'master'
remote: Your branch is up to date with 'origin/master'.
remote: From git://git.parabola.nu/abslibre/abslibre
remote: * branch master -> FETCH_HEAD
remote: Already up to date.
remote: ==> No new changes were committed, nothing to do
To ssh://git.parabola.nu:1863/~git/blacklist.git
f81bd06..9359456 HEAD -> master
</pre></p> Packages - Bug #3373 (fixed): systemd in initramfs broken without openssl-1.1https://labs.parabola.nu/issues/33732022-11-11T23:41:34ZGNUtooGNUtoo@cyberdimension.org
<p>When running pacman -Syu on parabola x86_64 we have:<br /><pre>
( 7/16) Updating linux initcpios...
==> Building image from preset: /etc/mkinitcpio.d/linux-libre-lts.preset: 'default'
-> -k /boot/vmlinuz-linux-libre-lts -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-libre-lts.img
==> Starting build: 5.15.72-gnu-1-lts
-> Running build hook: [base]
-> Running build hook: [udev]
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/lib/systemd/systemd-udevd'
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/bin/udevadm'
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/bin/systemd-tmpfiles'
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/lib/udev/ata_id'
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/lib/udev/ata_id'
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/lib/udev/ata_id'
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/lib/udev/scsi_id'
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/lib/udev/scsi_id'
==> ERROR: binary dependency `libcrypto.so.1.1' not found for `/usr/bin/udevadm'
-> Running build hook: [autodetect]
-> Running build hook: [modconf]
-> Running build hook: [block]
-> Running build hook: [encrypt]
-> Running build hook: [lvm2]
-> Running build hook: [filesystems]
-> Running build hook: [resume]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
==> ERROR: file not found: `extundelete'
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-libre-lts.img
==> WARNING: errors were encountered during the build. The image may not be complete.
</pre></p>
<p>Installing openssl 1.1 and running mkinitcpio makes it work again, though if users reboot in between their system cannot boot anymore.</p> Packages - Freedom Issue #3095 (fixed): u-boot has nonfree fileshttps://labs.parabola.nu/issues/30952021-09-16T17:38:38ZGNUtooGNUtoo@cyberdimension.org
<p>We have at least the following files that are nonfree in arch/x86/dts/microcode/:<br /><pre>
$ git grep "reverse engineering"
arch/x86/dts/microcode/m0220661105_cv.dtsi: * .No reverse engineering, decompilation, or disassembly of this software is
arch/x86/dts/microcode/m12206a7_00000029.dtsi: * .No reverse engineering, decompilation, or disassembly of this software is
arch/x86/dts/microcode/m12306a9_0000001b.dtsi: * .No reverse engineering, decompilation, or disassembly of this software is
arch/x86/dts/microcode/m7240651_0000001c.dtsi: * .No reverse engineering, decompilation, or disassembly of this software is
arch/x86/dts/microcode/mc0306d4_00000018.dtsi: * .No reverse engineering, decompilation, or disassembly of this software is
</pre></p>
<p>For the rest they may be documented in a somewhat recent thread in the linux-libre mailing list, so we could remove them in a second time once we understand if these are code or data.</p>
<p>There is also some documentation that contains instructions to build u-boot with nonfree binaries to remove and there too they could be removed once we find them.</p>
<p>In any case I don't know how to properly remove files in PKGBUILDs as I lost track of if the Parabola modifications to build processed source tarballs worked or not if they were removed or not and so on.</p>
<p>So if someone has an example to follow that works today I could do that modification.</p>
<p>If not I don't know what to do or how to do it.</p> Packages - Bug #2972 (fixed): Update symbiflowhttps://labs.parabola.nu/issues/29722021-01-29T10:10:28ZGNUtooGNUtoo@cyberdimension.orglibretools - Bug #2936 (fixed): librestage not working with pacman-mirrorlisthttps://labs.parabola.nu/issues/29362020-11-23T00:34:38ZGNUtooGNUtoo@cyberdimension.org
<p>I have the following error:<br /><pre>
$ ls
mirrorlist-20201122.txt pacman-mirrorlist-20201122-1.parabola2-x86_64-package.log
pacman-mirrorlist-20201122-1.parabola2-any.pkg.tar.xz pacman-mirrorlist-20201122-1.parabola2-x86_64-prepare.log
pacman-mirrorlist-20201122-1.parabola2-any.src.tar.gz PKGBUILD
$ librestage
==> ERROR: Nothing was staged
</pre></p>
<p>How is it possible to librestage pacman-mirrorlist?</p>
<p>Denis.</p> Packages - Freedom Issue #2909 (fixed): fwupd has a nonfree repository Was: Do check fwupdhttps://labs.parabola.nu/issues/29092020-10-11T01:11:59ZGNUtooGNUtoo@cyberdimension.org
<p>We ship the fwupd package unmodified from the various archlinux GNU/Linux distributions.</p>
<p>On i686 it comes from community:<br /><pre>
$ pacman -sS fwupd
community/fwupd 1.4.6-1.0 [installed]
Simple daemon to allow session software to update firmware
community/gnome-firmware 3.36.0-2.0
Manage firmware on devices supported by fwupd
</pre></p>
<p>fwupd is a daemon that is meant to update various firmwares<sup><a href="#fn1">1</a></sup> regardless of if they are free or not.</p>
<p>So it's a bit like a package manager for firmwares.</p>
<p>So if it has not been done already, it would be a good idea to check if its configuration is ok or not.</p>
<p>As at least one firmware (for the color huges if I recall the name well) is free software and known to be available through this system, so it might be a good idea to check if free firmwares are completely ok and keep such firmwares if that's easy to do.</p>
<p id="fn1" class="footnote"><sup>1</sup> Here firmware means code that is in various devices and not part of the operating system, so from SSD firmwares to even BIOS/UEFI.</p> libretools - Bug #2648 (info needed): libremakepkg failing on i686 with Operation not permitted o...https://labs.parabola.nu/issues/26482020-03-03T15:41:24ZGNUtooGNUtoo@cyberdimension.orgPackages - Bug #2141 (fixed): libremakepkg failing to build package due to read-only startdir in ...https://labs.parabola.nu/issues/21412019-01-18T14:34:15ZGNUtooGNUtoo@cyberdimension.org
<p>I've tried building it inside an i686 chroot with:</p>
<pre>$ sudo libremakepkg -n parabola-i686</pre><br />and this gives:<br /><pre>
INSTALL sound/usb/snd-usb-audio.ko
INSTALL sound/usb/snd-usbmidi-lib.ko
INSTALL sound/usb/usx2y/snd-usb-us122l.ko
INSTALL sound/usb/usx2y/snd-usb-usx2y.ko
INSTALL sound/x86/snd-hdmi-lpe-audio.ko
INSTALL virt/lib/irqbypass.ko
DEPMOD 4.19.8-gnu-1
-> Installing hooks...
/startdir/PKGBUILD: line 466: /startdir/linux.install.pkg: Read-only file system
==> ERROR: A failure occurred in package_linux-libre().
Aborting...
</pre>
<p>related: <a class="external" href="https://lists.parabola.nu/pipermail/dev/2019-May/007207.html">https://lists.parabola.nu/pipermail/dev/2019-May/007207.html</a></p> libretools - Bug #2103 (not-a-bug): [linux-libre] cannot build due to missing gpg keyhttps://labs.parabola.nu/issues/21032018-11-28T14:41:37ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>I was trying to improve the linux-libre PKGBUILD by trying to fix the bug <a class="issue tracker-1 status-5 priority-3 priority-default closed" title="Bug: [linux-libre] cannot build due to missing gpg key (not-a-bug)" href="https://labs.parabola.nu/issues/2103">#2103</a>, however I cannot build it:<br /><pre>
$ sudo libremakepkg -n parabola-armv7h
[...]
| ==> Verifying source file signatures with gpg...
| linux-libre-4.19-gnu.tar.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
| patch-4.19-gnu-4.19.2-gnu.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
| logo_linux_clut224.ppm ... FAILED (unknown public key 227CA7C556B2BA78)
| logo_linux_mono.pbm ... FAILED (unknown public key 227CA7C556B2BA78)
| logo_linux_vga16.ppm ... FAILED (unknown public key 227CA7C556B2BA78)
| rcn-libre-4.19.2-armv7-x5.patch ... FAILED (unknown public key 227CA7C556B2BA78)
| ==> ERROR: One or more PGP signatures could not be verified!
| ==> ERROR: Could not download sources.
</pre></p> libretools - Housekeeping #2102 (open): librechroot should use the winston mirror exclusivelyhttps://labs.parabola.nu/issues/21022018-11-28T14:38:13ZGNUtooGNUtoo@cyberdimension.org
<pre>
$ sudo librechroot -n parabola-i686 update
[...] # went fine
$ sudo librechroot -n parabola-i686 enter
# pacman -Sy
:: Synchronizing package databases...
repo is up to date
libre is up to date
core is up to date
extra is up to date
community is up to date
pcr is up to date
# pacman -S git
resolving dependencies...
looking for conflicting packages...
Packages (4) perl-error-0.17027-1.0 perl-mailtools-2.20-2.1 perl-timedate-2.30-5.1 git-2.19.1-1.1
Total Download Size: 5.29 MiB
Total Installed Size: 39.93 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
error: failed retrieving file 'perl-error-0.17027-1.0-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'perl-timedate-2.30-5.1-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'perl-mailtools-2.20-2.1-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'git-2.19.1-1.1-i686.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
[root@parabola /]# pacman -S perl-error
resolving dependencies...
looking for conflicting packages...
Packages (1) perl-error-0.17027-1.0
Total Download Size: 0.02 MiB
Total Installed Size: 0.10 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
error: failed retrieving file 'perl-error-0.17027-1.0-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
</pre> Documentation - Bug #1867 (open): Warn users about arbitrary execution of code with full disk enc...https://labs.parabola.nu/issues/18672018-07-03T00:43:36ZGNUtooGNUtoo@cyberdimension.org
<p>Users using full disk encryption without /boot in clear typically expects that it's harder to gain arbitrary execution of code inside the distribution that resides in it.</p>
An attacker would then need to temper with the non-encrypted code that runs before or during the opening of the encrypted partition. For instance:
<ul>
<li>If the user uses GRUB_ENABLE_CRYPTODISK=y the attacker would need to temper with the tiny GRUB code that is embedded on the internal disk.</li>
</ul>
However there are some cases where the attacker might need to reflash the boot software (BIOS, UEFI, etc):
<ul>
<li>If the user uses an external USB key to boot and the internal computer storage is fully encrypted</li>
<li>If users are using Libreboot or Coreboot with GRUB to open the encrypted partition with the internal storage fully encrypted<br />This can be mitigated by adding seals on the laptop screws (such as with nail polish or glue with glider)</li>
</ul>
<p>An other way for an attacker would be to try to temper with the storage device content and/or firmware: Authenticated encryption is pretty new in cryptsetup, and the commonly used encryption algorithms are not authenticated. So there may be ways to gain arbitrary execution of code either by injecting content by manipulating encryption parameters or by trying to implement some way to recover the key by using an oracle (as fsck may correct the corrupted data) but it's probably far from trivial to attempt any of that.</p>
<p>However there is an easier way with Parabola: if the attacker can guess the root= kernel parameter for instance root=/dev/laptop-rootfs, the attacker could stick an SD card with the same vg and lv.</p>
I can reproduce it with:
<ul>
<li>A thinkpad under Coreboot that has an SD card slot</li>
<li>The same VG/LV than the rootfs on a SD card</li>
<li>The encryption key being inside the initramfs</li>
</ul>
<p>I'll try to gather more information on the conditions necessary to trigger that problem (I had the issue several weeks ago).</p>
<p>This probably affects Libreboot too as there is documentation about such setup there too.</p> Installation Media - Feature Request #1780 (open): [armv7] do not set user/root password in futur...https://labs.parabola.nu/issues/17802018-05-02T11:11:24ZGNUtooGNUtoo@cyberdimension.org
<p>The <a class="external" href="https://repomirror.parabola.nu/iso/arm/LATEST/ParabolaARM-armv7-LATEST.tar.gz:"lastest">https://repomirror.parabola.nu/iso/arm/LATEST/ParabolaARM-armv7-LATEST.tar.gz:"lastest</a>" (at the time of writing) tarball release has a password set.</p>
<p>After booting the user can't log in.</p>
<p>Having no passwords in the next tarball release (and optionally adding the password to the <a class="external" href="https://wiki.parabola.nu/ARM_Installation_Guide#Change_or_set_the_root_password:"ARM">https://wiki.parabola.nu/ARM_Installation_Guide#Change_or_set_the_root_password:"ARM</a> installation guide" for this release would fix it.</p> Documentation - Bug #872 (fixed): Duplicated standalone installation instructions need to be mergedhttps://labs.parabola.nu/issues/8722015-11-22T18:06:11ZGNUtooGNUtoo@cyberdimension.org
<p>Move <a class="external" href="https://wiki.parabola.nu/User:Isacdaavid/Sandbox">https://wiki.parabola.nu/User:Isacdaavid/Sandbox</a> the the main namespace, like <a class="external" href="https://wiki.parabola.nu/Parabola_ARM_installation">https://wiki.parabola.nu/Parabola_ARM_installation</a></p> Packages - Packaging Request #676 (fixed): [openfwwf] add package to use broadcom wifi cardshttps://labs.parabola.nu/issues/6762015-02-19T13:48:57ZGNUtooGNUtoo@cyberdimension.org
<p>Some broadcom wifi cards do work with free software, thanks to the openfwwf (<a class="external" href="http://www.ing.unibs.it/~openfwwf/index.php">http://www.ing.unibs.it/~openfwwf/index.php</a>) free software firmware.<br />In fact Trisquel packages it.</p>
<p>Denis.</p>