Parabola Issue Tracker: Issueshttps://labs.parabola.nu/https://labs.parabola.nu/favicon.ico?15367742552020-11-23T00:34:38ZParabola Issue Tracker
Redmine libretools - Bug #2936 (fixed): librestage not working with pacman-mirrorlisthttps://labs.parabola.nu/issues/29362020-11-23T00:34:38ZGNUtooGNUtoo@cyberdimension.org
<p>I have the following error:<br /><pre>
$ ls
mirrorlist-20201122.txt pacman-mirrorlist-20201122-1.parabola2-x86_64-package.log
pacman-mirrorlist-20201122-1.parabola2-any.pkg.tar.xz pacman-mirrorlist-20201122-1.parabola2-x86_64-prepare.log
pacman-mirrorlist-20201122-1.parabola2-any.src.tar.gz PKGBUILD
$ librestage
==> ERROR: Nothing was staged
</pre></p>
<p>How is it possible to librestage pacman-mirrorlist?</p>
<p>Denis.</p> libretools - Bug #2648 (info needed): libremakepkg failing on i686 with Operation not permitted o...https://labs.parabola.nu/issues/26482020-03-03T15:41:24ZGNUtooGNUtoo@cyberdimension.orglibretools - Bug #2103 (not-a-bug): [linux-libre] cannot build due to missing gpg keyhttps://labs.parabola.nu/issues/21032018-11-28T14:41:37ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>I was trying to improve the linux-libre PKGBUILD by trying to fix the bug <a class="issue tracker-1 status-5 priority-3 priority-default closed" title="Bug: [linux-libre] cannot build due to missing gpg key (not-a-bug)" href="https://labs.parabola.nu/issues/2103">#2103</a>, however I cannot build it:<br /><pre>
$ sudo libremakepkg -n parabola-armv7h
[...]
| ==> Verifying source file signatures with gpg...
| linux-libre-4.19-gnu.tar.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
| patch-4.19-gnu-4.19.2-gnu.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
| logo_linux_clut224.ppm ... FAILED (unknown public key 227CA7C556B2BA78)
| logo_linux_mono.pbm ... FAILED (unknown public key 227CA7C556B2BA78)
| logo_linux_vga16.ppm ... FAILED (unknown public key 227CA7C556B2BA78)
| rcn-libre-4.19.2-armv7-x5.patch ... FAILED (unknown public key 227CA7C556B2BA78)
| ==> ERROR: One or more PGP signatures could not be verified!
| ==> ERROR: Could not download sources.
</pre></p> libretools - Housekeeping #2102 (open): librechroot should use the winston mirror exclusivelyhttps://labs.parabola.nu/issues/21022018-11-28T14:38:13ZGNUtooGNUtoo@cyberdimension.org
<pre>
$ sudo librechroot -n parabola-i686 update
[...] # went fine
$ sudo librechroot -n parabola-i686 enter
# pacman -Sy
:: Synchronizing package databases...
repo is up to date
libre is up to date
core is up to date
extra is up to date
community is up to date
pcr is up to date
# pacman -S git
resolving dependencies...
looking for conflicting packages...
Packages (4) perl-error-0.17027-1.0 perl-mailtools-2.20-2.1 perl-timedate-2.30-5.1 git-2.19.1-1.1
Total Download Size: 5.29 MiB
Total Installed Size: 39.93 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
error: failed retrieving file 'perl-error-0.17027-1.0-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'perl-timedate-2.30-5.1-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'perl-mailtools-2.20-2.1-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed retrieving file 'git-2.19.1-1.1-i686.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
[root@parabola /]# pacman -S perl-error
resolving dependencies...
looking for conflicting packages...
Packages (1) perl-error-0.17027-1.0
Total Download Size: 0.02 MiB
Total Installed Size: 0.10 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
error: failed retrieving file 'perl-error-0.17027-1.0-any.pkg.tar.xz' from redirector.parabola.nu : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
</pre> Documentation - Bug #1867 (open): Warn users about arbitrary execution of code with full disk enc...https://labs.parabola.nu/issues/18672018-07-03T00:43:36ZGNUtooGNUtoo@cyberdimension.org
<p>Users using full disk encryption without /boot in clear typically expects that it's harder to gain arbitrary execution of code inside the distribution that resides in it.</p>
An attacker would then need to temper with the non-encrypted code that runs before or during the opening of the encrypted partition. For instance:
<ul>
<li>If the user uses GRUB_ENABLE_CRYPTODISK=y the attacker would need to temper with the tiny GRUB code that is embedded on the internal disk.</li>
</ul>
However there are some cases where the attacker might need to reflash the boot software (BIOS, UEFI, etc):
<ul>
<li>If the user uses an external USB key to boot and the internal computer storage is fully encrypted</li>
<li>If users are using Libreboot or Coreboot with GRUB to open the encrypted partition with the internal storage fully encrypted<br />This can be mitigated by adding seals on the laptop screws (such as with nail polish or glue with glider)</li>
</ul>
<p>An other way for an attacker would be to try to temper with the storage device content and/or firmware: Authenticated encryption is pretty new in cryptsetup, and the commonly used encryption algorithms are not authenticated. So there may be ways to gain arbitrary execution of code either by injecting content by manipulating encryption parameters or by trying to implement some way to recover the key by using an oracle (as fsck may correct the corrupted data) but it's probably far from trivial to attempt any of that.</p>
<p>However there is an easier way with Parabola: if the attacker can guess the root= kernel parameter for instance root=/dev/laptop-rootfs, the attacker could stick an SD card with the same vg and lv.</p>
I can reproduce it with:
<ul>
<li>A thinkpad under Coreboot that has an SD card slot</li>
<li>The same VG/LV than the rootfs on a SD card</li>
<li>The encryption key being inside the initramfs</li>
</ul>
<p>I'll try to gather more information on the conditions necessary to trigger that problem (I had the issue several weeks ago).</p>
<p>This probably affects Libreboot too as there is documentation about such setup there too.</p> Installation Media - Feature Request #1780 (open): [armv7] do not set user/root password in futur...https://labs.parabola.nu/issues/17802018-05-02T11:11:24ZGNUtooGNUtoo@cyberdimension.org
<p>The <a class="external" href="https://repomirror.parabola.nu/iso/arm/LATEST/ParabolaARM-armv7-LATEST.tar.gz:"lastest">https://repomirror.parabola.nu/iso/arm/LATEST/ParabolaARM-armv7-LATEST.tar.gz:"lastest</a>" (at the time of writing) tarball release has a password set.</p>
<p>After booting the user can't log in.</p>
<p>Having no passwords in the next tarball release (and optionally adding the password to the <a class="external" href="https://wiki.parabola.nu/ARM_Installation_Guide#Change_or_set_the_root_password:"ARM">https://wiki.parabola.nu/ARM_Installation_Guide#Change_or_set_the_root_password:"ARM</a> installation guide" for this release would fix it.</p> Documentation - Bug #872 (fixed): Duplicated standalone installation instructions need to be mergedhttps://labs.parabola.nu/issues/8722015-11-22T18:06:11ZGNUtooGNUtoo@cyberdimension.org
<p>Move <a class="external" href="https://wiki.parabola.nu/User:Isacdaavid/Sandbox">https://wiki.parabola.nu/User:Isacdaavid/Sandbox</a> the the main namespace, like <a class="external" href="https://wiki.parabola.nu/Parabola_ARM_installation">https://wiki.parabola.nu/Parabola_ARM_installation</a></p> Packages - Bug #805 (not-a-bug): Empty ca-certificates packageshttps://labs.parabola.nu/issues/8052015-09-18T09:44:37ZGNUtooGNUtoo@cyberdimension.org
<p>At the time of writing, It's not empty in arch: <a class="external" href="https://www.archlinux.org/packages/core/any/ca-certificates/files/">https://www.archlinux.org/packages/core/any/ca-certificates/files/</a><br />I guess they have a newer version.</p>
<p>This breaks some software, it's also visible when installing mono:<br />(1/1) reinstalling mono [##########################################] 100%<br />Unknown option or file not found '{0}'.<br />Linux Cert Store Sync - version 4.0.4.0<br />Synchronize local certs with certs from local Linux trust store.<br />Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.</p>
<p>Usage: cert-sync [--quiet] system-ca-bundle.crt<br />Where system-ca-bundle.crt is in PEM format<br />error: command failed to execute correctly</p> Packages - Packaging Request #785 (fixed): Package gwshttps://labs.parabola.nu/issues/7852015-08-17T18:53:26ZGNUtooGNUtoo@cyberdimension.org
<p>gws is a tool that can help manage a big number of local git repositories.</p>
<p>There is a PKGBUILD here: <a class="external" href="https://aur4.archlinux.org/packages/gws/">https://aur4.archlinux.org/packages/gws/</a></p>
<p>Denis.</p> Packages - Packaging Request #759 (fixed): Package navit in PCRhttps://labs.parabola.nu/issues/7592015-07-16T14:43:36ZGNUtooGNUtoo@cyberdimension.org
<p>hi,</p>
<p>There is a pkgconfig (and a patch inside the comments) there: <a class="external" href="https://aur.archlinux.org/packages/navit/">https://aur.archlinux.org/packages/navit/</a></p>
<p>Denis.</p> Packages - Bug #741 (fixed): [kicad-bzr] package a more recent one in PCRhttps://labs.parabola.nu/issues/7412015-06-14T19:03:09ZGNUtooGNUtoo@cyberdimension.org
<ul>
<li>The Kicad project strongly advise to use a recent version.</li>
<li>Some important libraries for the PCB and the footprints are not compatible with the old version</li>
</ul>
<p>A pkgbuild is available here:<br /><a class="external" href="https://aur.archlinux.org/packages/kicad-bzr/">https://aur.archlinux.org/packages/kicad-bzr/</a></p> Packages - Bug #713 (fixed): x86, x86_64: libre/handbrake-svn, libre/handbrake-cli-svn: still lin...https://labs.parabola.nu/issues/7132015-05-06T21:55:40ZGNUtooGNUtoo@cyberdimension.org
<p>They have to be recompiled:</p>
<p>% ghb<br />ghb: error while loading shared libraries: libx264.so.142: cannot open shared object file: No such file or directory</p>
<p>% HandBrakeCLI <br />HandBrakeCLI: error while loading shared libraries: libx264.so.142: cannot open shared object file: No such file or directory</p>
<p>Denis.</p> Packages - Packaging Request #711 (fixed): xf86-video-qxlhttps://labs.parabola.nu/issues/7112015-05-03T16:13:51ZGNUtooGNUtoo@cyberdimension.org
<p>This will make parabola graphics way faster in a vm:<br /> <a class="external" href="https://aur.archlinux.org/packages/xf86-video-qxl/">https://aur.archlinux.org/packages/xf86-video-qxl/</a></p>
<p>Trisquel already has xf86-video-qxl.</p>
<p>Denis.</p> Packages - Bug #533 (fixed): handbrake-svn (and maybe handbrake-cli-svn) needs to be recompiledhttps://labs.parabola.nu/issues/5332014-05-30T20:30:54ZGNUtooGNUtoo@cyberdimension.org
<p>[gnutoo@T60 ~]$ ghb <br />ghb: error while loading shared libraries: libx264.so.138: cannot open shared object file: No such file or directory<br />[gnutoo@T60 ~]$ uname -m<br />i686</p> Packages - Bug #275 (not-a-bug): vlc+totem (/usr/lib/libdvdnav.so.4) segfault while opening a dvd.https://labs.parabola.nu/issues/2752012-12-12T13:03:04ZGNUtooGNUtoo@cyberdimension.org
<p>gdb on totem gives that as the last functions in the stack:<br />#0 0xac3206ec in dvdnav_describe_title_chapters () from /usr/lib/libdvdnav.so.4<br /><a class="issue tracker-1 status-2 priority-5 priority-high3 closed" title="Bug: [bugs/labs] Migrate bug tracker (fixed)" href="https://labs.parabola.nu/issues/1">#1</a> 0xac35e156 in ?? () from /usr/lib/gstreamer-1.0/libgstresindvd.so</p>
<p>I've libdvdread, libdvdnav and libdvdcss...</p>
<p>Denis</p>