Parabola Issue Tracker: Issueshttps://labs.parabola.nu/https://labs.parabola.nu/favicon.ico?15367742552018-10-28T19:05:00ZParabola Issue Tracker
Redmine dbscripts - Bug #2046 (open): The package ttf-pfc-20150920-1-any.pkg.tar.xz has a bad signature b...https://labs.parabola.nu/issues/20462018-10-28T19:05:00Zaniani@fsfe.org
<p>This is what happens when I try to install ttf-pfc:</p>
<p>:: Proceed with installation? [Y/n] <br />:: Retrieving packages...<br /> ttf-font-awesome-5.... 166.2 KiB 542K/s 00:00 [############] 100%<br />(35/35) checking keys in keyring [############] 100%<br />(35/35) checking package integrity [############] 100%<br />error: ttf-pfc: signature from "Márcio Silva <<a class="email" href="mailto:coadde@hyperbola.info">coadde@hyperbola.info</a>>" is marginal trust<br />:: File /var/cache/pacman/pkg/ttf-pfc-20150920-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).<br />Do you want to delete it? [Y/n] <br />error: failed to commit transaction (invalid or corrupted package)<br />Errors occurred, no packages were upgraded.</p>
<p>I recall that I have been at the devs numerous times about this but I fail to find a bug report about it when searching for it here.</p>
<p>I have tried to do most things when I first encountered this. "pacman-key --refresh-keys" is tried as well as "pacman-key --updatedb". If I remember correctly I have also tried to flush the entire PGP database that Pacman uses without anything changing in terms of success.</p> dbscripts - Bug #2015 (open): sgid on directories isn't workinghttps://labs.parabola.nu/issues/20152018-09-26T20:22:27Zlukeshulukeshu@parabola.nu
<p>There are a handful of directories in /srv/repo/main that don't have the sgid bit set, and a whole bunch of files that are :users instead of :repo (not all of which are in the directories without the bit set).</p>
<p>I'm not sure what's causing the sgid bit to be ignored in some cases.</p> Documentation - Bug #2004 (open): [How to Blacklist a package]: describes an outdated procedurehttps://labs.parabola.nu/issues/20042018-09-23T21:53:08Zbill-auger
<p>this currently instructs to cd into a 'blacklist' user's home to pull changes from git - that user does not exist and the git repo has a hook to handle the building of 'your-freedom' automatically now on git push</p>
<p><a class="external" href="https://wiki.parabola.nu/How_to_Blacklist_a_package">https://wiki.parabola.nu/How_to_Blacklist_a_package</a></p> Documentation - Bug #1867 (open): Warn users about arbitrary execution of code with full disk enc...https://labs.parabola.nu/issues/18672018-07-03T00:43:36ZGNUtooGNUtoo@cyberdimension.org
<p>Users using full disk encryption without /boot in clear typically expects that it's harder to gain arbitrary execution of code inside the distribution that resides in it.</p>
An attacker would then need to temper with the non-encrypted code that runs before or during the opening of the encrypted partition. For instance:
<ul>
<li>If the user uses GRUB_ENABLE_CRYPTODISK=y the attacker would need to temper with the tiny GRUB code that is embedded on the internal disk.</li>
</ul>
However there are some cases where the attacker might need to reflash the boot software (BIOS, UEFI, etc):
<ul>
<li>If the user uses an external USB key to boot and the internal computer storage is fully encrypted</li>
<li>If users are using Libreboot or Coreboot with GRUB to open the encrypted partition with the internal storage fully encrypted<br />This can be mitigated by adding seals on the laptop screws (such as with nail polish or glue with glider)</li>
</ul>
<p>An other way for an attacker would be to try to temper with the storage device content and/or firmware: Authenticated encryption is pretty new in cryptsetup, and the commonly used encryption algorithms are not authenticated. So there may be ways to gain arbitrary execution of code either by injecting content by manipulating encryption parameters or by trying to implement some way to recover the key by using an oracle (as fsck may correct the corrupted data) but it's probably far from trivial to attempt any of that.</p>
<p>However there is an easier way with Parabola: if the attacker can guess the root= kernel parameter for instance root=/dev/laptop-rootfs, the attacker could stick an SD card with the same vg and lv.</p>
I can reproduce it with:
<ul>
<li>A thinkpad under Coreboot that has an SD card slot</li>
<li>The same VG/LV than the rootfs on a SD card</li>
<li>The encryption key being inside the initramfs</li>
</ul>
<p>I'll try to gather more information on the conditions necessary to trigger that problem (I had the issue several weeks ago).</p>
<p>This probably affects Libreboot too as there is documentation about such setup there too.</p> dbscripts - Bug #1662 (open): Merge [db-check-*] in to [integrity-check]https://labs.parabola.nu/issues/16622018-03-17T04:30:50Zlukeshulukeshu@parabola.nu
<p>From README:</p>
<pre>
Now, we'd like to be able to check that the repos are all OK, so we
have
- `cron-jobs/integrity-check`
Instead of enhancing `integrity-check`, Parabola developers have decided
to write multiple stand-alone tools that should probably be merged
into `integrity-check`
- `db-check-*`
</pre> dbscripts - Bug #1661 (open): Merge [ftpdir-cleanup] and [db-cleanup]https://labs.parabola.nu/issues/16612018-03-17T04:29:28Zlukeshulukeshu@parabola.nu
<p>From README:</p>
<pre>
When we remove a package from a repository, it stays in the package
"pool". We would like to be able to eventually remove packages from
the pool, to reclaim the disk space:
- `cron-jobs/ftpdir-cleanup`
- `cron-jobs/db-cleanup`
Both of these programs do the exact same thing. Parabola developers
decided to write their own from scratch, instead of modifying
`ftpdir-cleanup`. They should eventually be merged.
</pre> dbscripts - Bug #1189 (open): [db-import] armv7h packages aren't represented in abshttps://labs.parabola.nu/issues/11892017-01-21T00:54:05Zlukeshulukeshu@parabola.nu
<p>They aren't.</p> Branding - Bug #1075 (open): ASCII logo for Parabolahttps://labs.parabola.nu/issues/10752016-08-06T08:40:46Zkesara
<p>I couldn't find any ASCII logo for Parabola GNU/Linux-libre<br />I guess it'll be great to have one.</p> Branding - Bug #981 (open): Package and rebrand grub2-theme-antergoshttps://labs.parabola.nu/issues/9812016-04-11T20:57:55Zpizzaiolo
<p>Antergos by default uses this custom grub2 theme, which should be rebranded. This is particularly useful for users who migrate from Antergos to Parabola, making the transition seamless.</p>
<p>The codebase is at: <a class="external" href="https://github.com/Antergos/grub2-theme-antergos">https://github.com/Antergos/grub2-theme-antergos</a></p> Branding - Bug #781 (open): lukeshu screwed up the tittle in the "i"s in the logotypehttps://labs.parabola.nu/issues/7812015-08-13T02:39:45Zlukeshulukeshu@parabola.nu
<p>In the originals of the logotypes, Shackra had manually rotated the tittle on the "i"s in "Linux-libre" to make them diamonds ( <code><></code> ) instead of squares ( <code>[_]</code> ). When I converted them to use the plain <code><text></code> SVG element, I did not preserve this. I missed this because of the size I was rendering them at.</p> Branding - Bug #615 (open): Parabola theme for the bug trackerhttps://labs.parabola.nu/issues/6152014-12-13T16:56:59Zaurelienaurelien@hackers.camp
<p>Redmine offer different ways for theming.</p>
<p><a class="external" href="http://www.redmine.org/projects/redmine/wiki/Theme_List#A1-theme">http://www.redmine.org/projects/redmine/wiki/Theme_List#A1-theme</a></p>
<p>It could be great to apply Parabola theme to the bugtracker.</p> dbscripts - Bug #569 (open): The torrent making code should be integrated into the other repo scr...https://labs.parabola.nu/issues/5692014-07-02T20:03:09Zxylonjoseph@xylon.me.uk
<p>This should not be hard, I'll work out what needs to be done.</p> Branding - Bug #372 (in progress): some wallpapers for re-brandinghttps://labs.parabola.nu/issues/3722013-07-21T21:18:32Zshackraelcorreo@deshackra.com
<p>I did some wallpapers, in both 16:9 and 4:3 proportions (although the sizes are the same and they aren't SVG files). They could be used as default wallpapers for live session without installing Parabola, etc.</p>
<p>I hear proposals for more wallpapers :)</p>
<p>here they are:</p>
<p><a class="external" href="https://my.owndrive.com/public.php?service=files&t=74479bcf5ee371224999b5df2c866f87&download&path=/PNG/wallpaper%201%20-%204-3%20aspect%20ratio.png">https://my.owndrive.com/public.php?service=files&t=74479bcf5ee371224999b5df2c866f87&download&path=/PNG/wallpaper%201%20-%204-3%20aspect%20ratio.png</a><br /><a class="external" href="https://my.owndrive.com/public.php?service=files&t=74479bcf5ee371224999b5df2c866f87&download&path=/PNG/wallpaper%201%20-%2016-9%20aspect%20ratio.png">https://my.owndrive.com/public.php?service=files&t=74479bcf5ee371224999b5df2c866f87&download&path=/PNG/wallpaper%201%20-%2016-9%20aspect%20ratio.png</a><br /><a class="external" href="https://my.owndrive.com/public.php?service=files&t=74479bcf5ee371224999b5df2c866f87&download&path=/PNG/wallpaper%202%20-%204-3%20aspect%20ratio.png">https://my.owndrive.com/public.php?service=files&t=74479bcf5ee371224999b5df2c866f87&download&path=/PNG/wallpaper%202%20-%204-3%20aspect%20ratio.png</a><br /><a class="external" href="https://my.owndrive.com/public.php?service=files&t=74479bcf5ee371224999b5df2c866f87&download&path=/PNG/wallpaper%202%20-%2016-9%20aspect%20ratio.png">https://my.owndrive.com/public.php?service=files&t=74479bcf5ee371224999b5df2c866f87&download&path=/PNG/wallpaper%202%20-%2016-9%20aspect%20ratio.png</a></p>
<p>the license is CC-BY-SA 3.0 Costa Rica</p> Branding - Bug #272 (open): Parabola Logos and Artwork website sectionhttps://labs.parabola.nu/issues/2722012-12-06T05:38:32Zloic.vaumerel
<p>Hi,</p>
<p>I think it could be great to put wallpaper avaible here (in other posts of this project) in the Parabola Logos and Artwork website section (<a class="external" href="https://parabolagnulinux.org/art/">https://parabolagnulinux.org/art/</a>).<br />We can create a gallery or something similar.</p>
<p>It think a gallery of user's desktop screenshots could be a good idea too.</p>
<p>Thanks and regards</p> dbscripts - Bug #212 (open): [dbscripts] make a check-signature scripthttps://labs.parabola.nu/issues/2122012-10-31T07:36:39Zfaunofauno@parabola.nu
<p>this can be done with `gpg --verify public/$repo/os/$arch/$pkgname-$pkgver-$pkgrel.pkg.tar.?z.sig` but you know :P</p>