Parabola Issue Tracker: Issueshttps://labs.parabola.nu/https://labs.parabola.nu/favicon.ico?15367742552023-04-15T13:49:16ZParabola Issue Tracker
Redmine Packages - Bug #3470 (confirmed): arduino: Has a package managerhttps://labs.parabola.nu/issues/34702023-04-15T13:49:16ZGNUtooGNUtoo@cyberdimension.org
<p>The package manager is available in "Tools" -> "Board: [...]" -> "Boards Manager".</p>
<p>I've no idea of it's policies, so we need to look if the repository is fully free software. If it's fully free it might be OK FSDG wise.</p>
<p>I've also added an entry in the Libreplanet Wiki about it: <a class="external" href="https://libreplanet.org/wiki/Group:Software/research/ExternalRepositories">https://libreplanet.org/wiki/Group:Software/research/ExternalRepositories</a></p> Packages - Bug #3469 (confirmed): arduino-avr-core contain binaries (but also their source code)https://labs.parabola.nu/issues/34692023-04-15T13:39:22ZGNUtooGNUtoo@cyberdimension.org
<p>The arduino package isn't useful alone: it needs some extra software to support specific microcontroller boards.</p>
So I know two options so far:
<ul>
<li>Use the builtin package manager to install code to support these boards</li>
<li>Use the Arch Linux / Parabola packages for that</li>
</ul>
<p>The advantage of the later is that it is patched to use Arch Linux packages like avrdude. In contrast the arduino-avr-code installed through the Arduino package manager pulls an avrdude binary for instance (and it more limited than the one build by Arch Linux).</p>
The Arch Linux packaged arduino-avr-core consist of source code that is copied as-is, but it also contains the following bootloaders binaries:
<ul>
<li>Arduino-COMBINED-dfu-usbserial-atmega16u2-Mega2560-Rev3.hex</li>
<li>Arduino-COMBINED-dfu-usbserial-atmega16u2-MegaADK-Rev3.hex</li>
<li>Arduino-COMBINED-dfu-usbserial-atmega16u2-Uno-Rev3.hex</li>
<li>Arduino-usbserial-atmega16u2-Mega2560-Rev3.hex</li>
<li>Arduino-usbserial-atmega16u2-MegaADK-Rev3.hex</li>
<li>Arduino-usbserial-atmega16u2-Uno-Rev3.hex</li>
<li>Arduino-usbserial-mega.hex</li>
<li>Arduino-usbserial-uno.hex</li>
<li>ATmegaBOOT_168_atmega1280.hex</li>
<li>ATmegaBOOT_168_atmega328_bt.hex</li>
<li>ATmegaBOOT_168_atmega328.hex</li>
<li>ATmegaBOOT_168_atmega328_pro_8MHz.hex</li>
<li>ATmegaBOOT_168_diecimila.hex</li>
<li>ATmegaBOOT_168.hex</li>
<li>ATmegaBOOT_168_ng.hex</li>
<li>ATmegaBOOT_168_pro_8MHz.hex</li>
<li>ATmegaBOOT.hex</li>
<li>ATmegaBOOT-prod-firmware-2009-11-07.hex</li>
<li>Caterina-Circuitplay32u4.hex</li>
<li>Caterina-Esplora.hex</li>
<li>Caterina-Industrial101.hex</li>
<li>Caterina-LeonardoEthernet.hex</li>
<li>Caterina-Leonardo.hex</li>
<li>Caterina-LilyPadUSB.hex</li>
<li>Caterina-LininoOne.hex</li>
<li>Caterina-Micro.hex</li>
<li>Caterina-Robot-Control.hex</li>
<li>Caterina-Robot-Motor.hex</li>
<li>Caterina-Yun.hex</li>
<li>Caterina-YunMini.hex</li>
<li>Caterina-Yun-noblink.hex</li>
<li>Esplora-prod-firmware-2012-12-10.hex</li>
<li>gemma_v1.hex</li>
<li>Genuino-COMBINED-dfu-usbserial-atmega16u2-Mega2560-R3.hex</li>
<li>Genuino-COMBINED-dfu-usbserial-atmega16u2-Uno-R3.hex</li>
<li>Genuino-usbserial-atmega16u2-Mega2560-R3.hex</li>
<li>Genuino-usbserial-atmega16u2-Uno-R3.hex</li>
<li>Leonardo-prod-firmware-2012-04-26.hex</li>
<li>Leonardo-prod-firmware-2012-12-10.hex</li>
<li>LilyPadBOOT_168.hex</li>
<li>Mega2560-prod-firmware-2011-06-29.hex</li>
<li>MEGA-dfu_and_usbserial_combined.hex</li>
<li>Micro-prod-firmware-2012-11-23.hex</li>
<li>Micro-prod-firmware-2012-12-10.hex</li>
<li>optiboot_atmega168.hex</li>
<li>optiboot_atmega328.hex</li>
<li>optiboot_atmega328-Mini.hex</li>
<li>optiboot_atmega8.hex</li>
<li>stk500boot_v2_mega2560.hex</li>
<li>UNO-dfu_and_usbserial_combined.hex</li>
<li>wifi_dnld.hex</li>
<li>wifiHD.hex</li>
</ul>
<p>It doesn't seem to contain avrdude.</p>
<p>As the source code is also provided it's probably OK FSDG wise as long as the binaries match the source code. However there is a Parabola policy that requires to have everything built from source in the packages.</p>
So we have 2 options here that aren't mutually exclusive:
<ul>
<li>Remove all these bootloaders binaries (With rm -f)</li>
<li>Compile the bootloaders from source and replace the old binaries with the ones built.</li>
</ul>
<p>The bootloaders are also not needed for normal operation of the arduino program: they are just used to recover boards when the users erased the bootloader. So simply removing them will probably only break that functionality.</p> libretools - Bug #2936 (fixed): librestage not working with pacman-mirrorlisthttps://labs.parabola.nu/issues/29362020-11-23T00:34:38ZGNUtooGNUtoo@cyberdimension.org
<p>I have the following error:<br /><pre>
$ ls
mirrorlist-20201122.txt pacman-mirrorlist-20201122-1.parabola2-x86_64-package.log
pacman-mirrorlist-20201122-1.parabola2-any.pkg.tar.xz pacman-mirrorlist-20201122-1.parabola2-x86_64-prepare.log
pacman-mirrorlist-20201122-1.parabola2-any.src.tar.gz PKGBUILD
$ librestage
==> ERROR: Nothing was staged
</pre></p>
<p>How is it possible to librestage pacman-mirrorlist?</p>
<p>Denis.</p> Packages - Bug #2803 (confirmed): Add patch from eschwartz to use system libs in iceweasel / icec...https://labs.parabola.nu/issues/28032020-06-12T22:02:40ZGNUtooGNUtoo@cyberdimension.orgPackages - Bug #2795 (confirmed): Add support for the TBS TBS2910 and finish the u-boot for I.MX ...https://labs.parabola.nu/issues/27952020-06-12T18:21:01ZGNUtooGNUtoo@cyberdimension.orglibretools - Bug #2648 (info needed): libremakepkg failing on i686 with Operation not permitted o...https://labs.parabola.nu/issues/26482020-03-03T15:41:24ZGNUtooGNUtoo@cyberdimension.orgPackages - Feature Request #2578 (open): ARM: Add back GRUBhttps://labs.parabola.nu/issues/25782019-12-09T22:35:46ZGNUtooGNUtoo@cyberdimension.org
<p>On ARM, we currently use the standard distro booting scheme from u-boot:<br />- It tries boot.scr first<br />- It then try syslinux.cfg which is more familiar to people used to x86.</p>
<p>This can be improved to be even more by using grub which is even more familiar as most people are already using it on x86.</p> libretools - Bug #2103 (not-a-bug): [linux-libre] cannot build due to missing gpg keyhttps://labs.parabola.nu/issues/21032018-11-28T14:41:37ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>I was trying to improve the linux-libre PKGBUILD by trying to fix the bug <a class="issue tracker-1 status-5 priority-3 priority-default closed" title="Bug: [linux-libre] cannot build due to missing gpg key (not-a-bug)" href="https://labs.parabola.nu/issues/2103">#2103</a>, however I cannot build it:<br /><pre>
$ sudo libremakepkg -n parabola-armv7h
[...]
| ==> Verifying source file signatures with gpg...
| linux-libre-4.19-gnu.tar.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
| patch-4.19-gnu-4.19.2-gnu.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
| logo_linux_clut224.ppm ... FAILED (unknown public key 227CA7C556B2BA78)
| logo_linux_mono.pbm ... FAILED (unknown public key 227CA7C556B2BA78)
| logo_linux_vga16.ppm ... FAILED (unknown public key 227CA7C556B2BA78)
| rcn-libre-4.19.2-armv7-x5.patch ... FAILED (unknown public key 227CA7C556B2BA78)
| ==> ERROR: One or more PGP signatures could not be verified!
| ==> ERROR: Could not download sources.
</pre></p> libretools - Housekeeping #2102 (open): librechroot should use the winston mirror exclusivelyhttps://labs.parabola.nu/issues/21022018-11-28T14:38:13ZGNUtooGNUtoo@cyberdimension.org
<pre>
$ sudo librechroot -n parabola-i686 update
[...] # went fine
$ sudo librechroot -n parabola-i686 enter
# pacman -Sy
:: Synchronizing package databases...
repo is up to date
libre is up to date
core is up to date
extra is up to date
community is up to date
pcr is up to date
# pacman -S git
resolving dependencies...
looking for conflicting packages...
Packages (4) perl-error-0.17027-1.0 perl-mailtools-2.20-2.1 perl-timedate-2.30-5.1 git-2.19.1-1.1
Total Download Size: 5.29 MiB
Total Installed Size: 39.93 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
error: failed retrieving file 'perl-error-0.17027-1.0-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'perl-timedate-2.30-5.1-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'perl-mailtools-2.20-2.1-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'git-2.19.1-1.1-i686.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
[root@parabola /]# pacman -S perl-error
resolving dependencies...
looking for conflicting packages...
Packages (1) perl-error-0.17027-1.0
Total Download Size: 0.02 MiB
Total Installed Size: 0.10 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
error: failed retrieving file 'perl-error-0.17027-1.0-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
</pre> Documentation - Bug #1867 (open): Warn users about arbitrary execution of code with full disk enc...https://labs.parabola.nu/issues/18672018-07-03T00:43:36ZGNUtooGNUtoo@cyberdimension.org
<p>Users using full disk encryption without /boot in clear typically expects that it's harder to gain arbitrary execution of code inside the distribution that resides in it.</p>
An attacker would then need to temper with the non-encrypted code that runs before or during the opening of the encrypted partition. For instance:
<ul>
<li>If the user uses GRUB_ENABLE_CRYPTODISK=y the attacker would need to temper with the tiny GRUB code that is embedded on the internal disk.</li>
</ul>
However there are some cases where the attacker might need to reflash the boot software (BIOS, UEFI, etc):
<ul>
<li>If the user uses an external USB key to boot and the internal computer storage is fully encrypted</li>
<li>If users are using Libreboot or Coreboot with GRUB to open the encrypted partition with the internal storage fully encrypted<br />This can be mitigated by adding seals on the laptop screws (such as with nail polish or glue with glider)</li>
</ul>
<p>An other way for an attacker would be to try to temper with the storage device content and/or firmware: Authenticated encryption is pretty new in cryptsetup, and the commonly used encryption algorithms are not authenticated. So there may be ways to gain arbitrary execution of code either by injecting content by manipulating encryption parameters or by trying to implement some way to recover the key by using an oracle (as fsck may correct the corrupted data) but it's probably far from trivial to attempt any of that.</p>
<p>However there is an easier way with Parabola: if the attacker can guess the root= kernel parameter for instance root=/dev/laptop-rootfs, the attacker could stick an SD card with the same vg and lv.</p>
I can reproduce it with:
<ul>
<li>A thinkpad under Coreboot that has an SD card slot</li>
<li>The same VG/LV than the rootfs on a SD card</li>
<li>The encryption key being inside the initramfs</li>
</ul>
<p>I'll try to gather more information on the conditions necessary to trigger that problem (I had the issue several weeks ago).</p>
<p>This probably affects Libreboot too as there is documentation about such setup there too.</p> Packages - Bug #1866 (fixed): [arm] [linux-libre] /sys/class/udc now empty on am335xhttps://labs.parabola.nu/issues/18662018-07-03T00:26:46ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>On a beagle bone green, after a somewhat recent kernel update, /sys/class/udc is now empty and it's not possible to use the USB device port anymore.</p>
<p>Before the kernel upgrade it was like that:<br /><pre>
# ls /sys/class/udc/musb-hdrc.0/device/driver
bind musb-hdrc.0 musb-hdrc.1 uevent unbind
</pre></p>
<p>The BeagleBone green uses an am335x SOC.</p>
<p>Denis.</p> Installation Media - Feature Request #1780 (open): [armv7] do not set user/root password in futur...https://labs.parabola.nu/issues/17802018-05-02T11:11:24ZGNUtooGNUtoo@cyberdimension.org
<p>The <a class="external" href="https://repomirror.parabola.nu/iso/arm/LATEST/ParabolaARM-armv7-LATEST.tar.gz:"lastest">https://repomirror.parabola.nu/iso/arm/LATEST/ParabolaARM-armv7-LATEST.tar.gz:"lastest</a>" (at the time of writing) tarball release has a password set.</p>
<p>After booting the user can't log in.</p>
<p>Having no passwords in the next tarball release (and optionally adding the password to the <a class="external" href="https://wiki.parabola.nu/ARM_Installation_Guide#Change_or_set_the_root_password:"ARM">https://wiki.parabola.nu/ARM_Installation_Guide#Change_or_set_the_root_password:"ARM</a> installation guide" for this release would fix it.</p> Packages - Bug #1779 (open): [armv7] compile [qemu-user-static-binfmt]https://labs.parabola.nu/issues/17792018-05-01T15:31:32ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>Having qemu-user-static-binfmt would be nice to have on ARM, as it could enable users to transparently run x86 code.</p>
<p>On Parabola x86, it works fine to run arm code (with it you can transparently arch-chroot inside a Parabola ARM installation for instance)</p>
<p>Denis.</p> Packages - Bug #887 (not-a-bug): "Any" architecturehttps://labs.parabola.nu/issues/8872015-12-10T12:04:26ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>it seems that arch has an architecture named "any" for architecture-independant packages.<br /><a class="external" href="https://www.archlinux.org/packages/?arch=any">https://www.archlinux.org/packages/?arch=any</a><br />We don't.</p>
<p>Is it an issue? Or is it me that uses stable repositories instead of the -testing ones?</p>
<p>Denis.</p> Documentation - Bug #872 (fixed): Duplicated standalone installation instructions need to be mergedhttps://labs.parabola.nu/issues/8722015-11-22T18:06:11ZGNUtooGNUtoo@cyberdimension.org
<p>Move <a class="external" href="https://wiki.parabola.nu/User:Isacdaavid/Sandbox">https://wiki.parabola.nu/User:Isacdaavid/Sandbox</a> the the main namespace, like <a class="external" href="https://wiki.parabola.nu/Parabola_ARM_installation">https://wiki.parabola.nu/Parabola_ARM_installation</a></p>