=== chihchun is now known as chihchun_afk === _salem is now known as salem_ === chihchun_afk is now known as chihchun === salem_ is now known as _salem === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun === JanC is now known as Guest89629 === JanC_ is now known as JanC === chihchun is now known as chihchun_afk [05:13] brr.. build/core/product_config.mk:227: *** _nic.PRODUCTS.[[device/xiaomi/cancro/cancro.mk]]: "device/qcom/common/Android.mk" does not exist. Stop. [05:13] can anyone tell me where should i be looking at for that error message for lunch ? === chihchun_afk is now known as chihchun === mcphail_ is now known as mcphail === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun [07:43] guise guise! On rc-proposed, after update screen doesn't lock anymore [07:43] and manually locking it will make screen turn black but not shut down [07:47] brunch875, see the second paragraph in https://lists.launchpad.net/ubuntu-phone/msg21572.html [07:48] thanks oli ☺ [07:48] (not sure if it is related though, ask sil2100 ) [07:48] (but it sounds likely that it could) [07:50] it also seems that the brightness slider doesn't do anything [07:50] Yeah, actually powerd should be used back again, so I would expect less problems [07:50] and the "automatic" toggle is gone [07:50] brunch875: do you have the latest update? [07:50] on rc-proposed, yes [07:50] hmmm [07:51] wasnt there also a new mir ? [07:51] (probably the combo of rolling back one but landing the other causes this) [07:52] brunch875: could you check what version of powerd is installed? (and if it's installed?( [07:52] )) [07:52] sure, how do I do that? [07:53] brunch875: get to the terminal (either through adb, ssh or in the terminal application) and type in apt-cache policy powerd [07:53] 1 se [07:53] Thanks ;) [07:54] ogra: I'm worried that the removal of repowerd was not enough to get rid of it from existing devices... [07:54] yeah, that could be an issue too [07:55] Since we never really had to revert a new package before [07:55] Installed and candidate: 0.16+15.04.2015219-0ubuntu3 [07:55] 20150219* [07:55] hm, ok, looks fine [07:56] brunch875: could you also try apt-cache policy repowerd [07:56] ? [07:56] Just to make sure it's really gone [07:56] uh oh [07:56] No wait, this is really an old version [07:56] Hi, I'm running OTA 11, image 20160524.1 on a Nexus 4 and it seems to be killing the battery more than precedents images [07:56] heh, i was about to say ... [07:57] WTH [07:57] * sil2100 looks at the manifest [07:57] did you get the archive version instead of the overlay ? [07:57] sorry, internet died on me [07:58] sil2100: I got that output from apt-cache [07:58] ogra: holy shit it the images DO HAVE an outdated powerd, no idea why [07:58] Let me check the image build logs, but this is stupid [07:59] brunch8751: obviously all the issues are caused by the image build pulling in some archaic version of powerd - the one the latest rc-proposed images have is from 2015! [07:59] ogra: I think it's related to me removing repowerd from the overlay ;( [07:59] :D [08:00] ogra: I think because repowerd was offering a virtual package of powerd to deprecate it, now that it's gone it also cannot install powerd from the overlay [08:00] Need to consult Colin [08:01] brunch8751: ok, so we'll try to resolve this issue ASAP and rebuild an image [08:01] goodluck and godspeed! [09:18] brunch875: hey! We 'fixed' the problem possibly, building a new image now [09:18] This should fix it hopefully [09:20] tvoss, ping about fingerprint things [09:23] tvoss, specifically this. When you enrol a fingerprint, do you enrol it on the _fingerprint reader_, or the _device_? That is, when the OS asks the fingerprint reader "what did they just scan", does it get told "here is the detail of the fingerprint that got scanned: " and it's the OS's job to work out who that is, or does the OS get told "that was enrolled fingerprint 3" and that's it? [09:24] sil2100: Awesome! I'll keep an eye on the updater [09:41] aquarius_, the actual fingerprint data is not accessible to the os (neither kernel nor user space) at all, the actual data is handled by a trustlet running in the mobicore TEE [09:42] aquarius_, we only get an opaque, numerical handle [09:42] tvoss, ah, that's what I thought (thanks to mzanetti advising me on that). [09:42] tvoss, is trustzone available to Ubuntu phones? That is: can I store keys in the TPM? [09:43] aquarius_, during enrollment, we receive information which areas have been sufficiently covered [09:43] aquarius_, not yet, we don't expose the hw key store [09:43] tvoss, aha, OK. (Is that because it's just not done yet, or is there an actual restriction preventing it from happening?) [09:44] aquarius_, just not done, yet. there is an open topic about establishing a chain of trust as (depending on the implementation) the hw key store might need a signed boot loader [09:45] tvoss, that makes sense, yeah. [09:45] One other question: NFC support is doubtless somewhere on the roadmap. Do you have a sense of whether it's close or not, and whether it's not done because it's difficult or not done just because it hasn't made it to priority 1 yet? [09:46] aquarius_, question of priority, also: we would need a service multiplexing access to the actual hw [09:46] ah. So there's quite a bit of work to be done before NFC support arrives. [09:46] aquarius_, likely, yes [09:46] aquarius_, as usual, help is very welcome :) [09:47] OK, that's useful; thank you, pal! [09:47] sure [09:47] help is indeed welcome. I'll let you know about that. [09:57] tvoss, oh, one other thing :) Full disk encryption? :) [09:57] aquarius_, help welcome :) [09:58] ha! I knew that bit :) Was more thinking: has any thought gone into that already? [09:59] aquarius_, quite some, yes. it mainly requires adjusting the auto-login approach and make user authentication/verification a part of the early boot process [09:59] yeah. I figured there would already be some thinking around this! === chihchun is now known as chihchun_afk [11:00] Hi [11:23] Know something I'd love? To use my utouch as a "wireless trackpad" + keyboard for my desktop/laptop [11:23] could be great for watching youtube or whatever [12:03] hi, porting link do not exist. [12:03] i have a qusetion, is it, and if how, do i chroot to a ubuntu image to set up some software before flashing the image to the phone. [12:04] like i wanted to install ecryptfs before flashing the image to the phones [12:17] Miyagi_, why do you want to do that before flashing (whats the benefit of that) ? [12:18] i want to be able to deploy a image to 100 phones [12:18] with the ecryptfs tools [12:18] or how to i deploy things like this [12:18] any manpage of that? [12:19] nope, i dont think so, and the rootfs isnt designed to be modified ... it would break with a subsequent OTA update === dpm is now known as dpm-afk [12:19] i basicly want to set up some custom tools on our phones, then flash them all with those tools [12:20] you could supply extra bits with a custom tarball, but i dont think that is well documented either (and i dont think you could use debian packages with it) [12:20] with adb shell [12:20] (it would have to be click pacages) [12:20] apt-get install ecryptfs [12:20] it works on the phone, i just need a image to conatin all libs [12:20] wont work without making the rootfs writable ... [12:20] before flash [12:21] which is very likely breaking in a future update [12:21] maybe [12:21] but i just need to do it at the moment [12:21] and makes you leave any supported upgrade paths [12:21] is it possible [12:21] sure, if you dont mind your users to end up with non-booting phones at some point (or some such) [12:22] the OTA deltas require that the rootfs remains unchanged [12:22] but i have tested it, install thing, there is no erro in rebootin [12:22] i just need the ecryptfs be on a flshable image [12:22] then wait til encryption is supported :) [12:23] i cant [12:23] if you do it for actual end users ... the only answer is *don't* [12:23] if you do it for tinkering on a device you re-flash anyway, go ahead ... but i promise you it will break at some OTA [12:24] let me try [12:24] but how [12:24] you cant use apt and OTA at the same time [12:24] and apt upgrades are not supported at all [12:24] so if you chage the content of the rootfs it *will* eventuall break [12:24] i not need any upgrades [12:25] i need a cusom software easy deployed to 100 phones [12:25] so you dont want security fixes and leave your users with open security hiles ? [12:25] *holes [12:25] not right now, no [12:25] well, flash it ... make it writable, run a script via adb [12:26] but dont come askin for help here if your 100 users cant boot their phones anymore [12:26] (which will likely happen) [12:26] :) no, i have tried it - it will boot [12:26] apt support is for tinkering when you develop the system and are prepared to wipe the phone regulary [12:27] but is there not any other mass tools to fix it, adb shell on every single phone sees to hard [12:27] it *will* break as soon as a fil changes that you changed to [12:27] and i not want adb enabled later [12:27] which might not be the nex, but the overnext OTA [12:27] do not give such phones to endusers [12:28] the system is not designed to use apt [12:28] no, i will not give it to end users, i just want to know how i can do a massproduction of cusom software i need [12:28] you engage with canonical and have them create a custom tarball for you ... aftter they packaged your desired software in a click package [12:28] if i need, lets say another software [12:29] it must be able to add some libs [12:29] or you find out how to create a custom tarball yourself and create a click for ecryptfs (though i doubt in this case that is helpful) [12:29] or when do they launch encryption, do you know? [12:29] maybe i can wait [12:29] i guess afterthe switch to snappy [12:30] which will be after th switch to a xenial base [12:30] i use xenial right now [12:30] (the xenia thing is being worked on currently ... but that will still take quite a while) [12:30] xenial isnt for users yet [12:30] completely unsupported and likely to break [12:30] no, i not care about who it is for [12:30] i develop [12:31] and nned to know how to massproduce things in the future [12:31] the actual system developemtn happens in the rc-proposed channel [12:31] ogra: Yakkety? ;) [12:31] not in xenial [12:31] but, i read half of internet by now [12:31] cant find any usefull info abut my problem [12:31] there is no useful solution to your problam [12:31] beyond including ecryptfs in the default rootfs [12:32] so i am fucked [12:32] to say it in a few words [12:32] i it is just for developers, use a script you run after flashing [12:32] !language | Miyagi_ [12:32] Miyagi_: The main Ubuntu channels require that you speak in calm, polite English. For other languages, please visit https://wiki.ubuntu.com/IRC/ChannelList [12:32] (adb push it ... run it via adb ... have it remove itself at the end and disable adb) [12:32] sorry.... [12:33] ok, thi shelped me a lot anyway [12:33] but really, dontuse xenial [12:33] it is far from being ready [12:33] not need to try more, tested a few days allready [12:34] where can i see release info [12:34] (it will sonn change all bits to systemd ... it will most likely break during that to the point of being unbootable for a few updates) [12:34] o no not systemd [12:34] its the default now [12:35] that sucks [12:35] no way around it [12:35] why do you care ? [12:35] since i need to modify it [12:35] * ogra doesnt think it matters much what /sbin/init you use ... effectively systemd doesnt really differ in that bit) [12:35] and there are more easy ways that systemd [12:36] there are many issues with systemd ... /sbin/init surely isnt one ... [12:37] i ust thank you for your support [12:37] m.. [12:37] (i agree about the systemd tree swallowing the whole pumbing layer is an awful idea ... but we're really only talking about init here ... ) [12:37] it saved me a lot of hours from now [12:38] oh, also note that none of the C++ apps in the store will work in xenial ... there was an incompatible ABI change ... [12:40] so [12:40] channel [12:40] ubuntu-touch/stable/bq-aquaris.en [12:40] for me [12:40] or? [12:52] Miyagi_, or rc-proposed if you want to be a bit more on the edge [12:53] edge, wasn't xenial that ? [12:53] :) [12:55] then maybe you know another thing. how can i map screenlock password to a stdin [12:55] screenlockpasswrod then [12:55] run a script on the phone like ./sctipy $1 [12:55] and $1 is as you see passwd === dpm-afk is now known as dpm === _salem is now known as salem_ === dandrader is now known as dandrader|afk [13:02] running xenial on a phone is beyond the edge. [13:05] sill2100 it's all good now, clap clap ☺ === dandrader|afk is now known as dandrader [13:43] anyway [13:43] i solved the problem with custom apps installed via apt-get och build from source [13:44] install build essentials on a phone, build from source the tools you need in a custom folder, add that custom folder when flashing, then you have all libs you need for the ap to run [13:45] then there is a clean phone with a flder with libs and other siftware [13:45] it works, maybe it is not the absolute best way [13:45] i now run stable dist in the phone with the software i needed [13:49] oh so you broke your phone, ok :) [13:50] what software is it that you "need" ? [13:51] oh you're trying to make a custom image with ecryptfs? [13:51] yes [13:53] well, it will work if you never upgrade [13:53] well if you're setting up your own system-image server, and forking ubuntu to do that, you can grab the preinstalled.tar.gz, unpack it, install what you need in it, clean the apt-cache and extra junk that was created and not needed on a phone, and repack the tarball, then use that for your custom images, instead of the official preinstalled.tar.gz [13:53] oh, indeed [13:53] but you are creating a fork of ubuntu at this point, either way you do it, so might as well do it in a more manageable way :) [13:53] * ogra didnt think of the possibility to run your own s-i server :) [13:54] then help me in the right direction [13:55] i need t ofork it, and i would like to do it in the best possible way [13:56] but [13:56] is there not any better way to install [13:56] can i chroot into a image and do the instalation from my laptop [13:57] if you need encrypted ubuntu phones, the best way is "wait for it to be implmeenmted properly" [13:57] right [13:57] thats what i sai hours ago :) [13:57] *said [13:57] but that will likely only happen after the switch to a snappy base [13:59] well, i suppose soemthing could be done to enable encrypted home only, before then, but i think the "best way" for that would probably be "commercial support contract" [14:01] a full set of requirements well beyond "just want encrypted $HOME" would be a good start, ie, what UI is needed, where, and what system integration work would be needed, etc... [14:01] sometimes, you just cant wait [14:01] the prob with full encryption is that you end up with a gigantic initrd ... not sure that would even work with the current boot partition szes we have defined [14:02] i just need home or another dir [14:02] encrypted home shouldnt be to hard but needs login manager integration and such [14:02] but i need it [14:02] so likely a good bunch of patching [14:02] end encryptfs [14:03] (and indeed integration of the crypto bits in the rootfs) [14:03] but [14:03] i fixed a temp working solution [14:04] though i wonder how safe a 4 digit passphrase can actually be and if it is worth the effort :) [14:05] well, it's safe enough [14:05] if your door lock can be opened with a paperclip it doesnt elp to have a steel door [14:06] ogra: steel doors are illegal anyway [14:06] lol [14:07] fire code is the backdoor to the encryption of your home [14:08] and likewise, if the bootloader is unlocked and your encryption only lives in a subdir of an unencrypted partition, it is easy to just grab the content and run scripts on it to decrypt [14:08] ogra: or if your steel door weighs 3 tons, a paperclip being able to pick a keyhole on it probably sin't too bad either :) [14:09] so doing home encryption in the current setup just mimics false security in the end imho [14:10] eh, it's all false security anyway [14:10] why should it do false security [14:10] well, locked bootloader and partition based encryption with a properly long passphrase is relatively safe i'd say [14:10] do you mean ecryptfs is broken [14:10] if not then the security should be the same [14:11] no, i mean it gives you a false sense of being safe [14:11] no it do now [14:11] and 4 digits? my phone has passfrase so, and you not even now how i would unlock the directory [14:11] you only have a 4 digit pass phrase ... the bootloader is open so you can always grab the encrypted dir and push it to a PC to run decryption tools on it [14:11] ogra: well, agaisnt your psycho ex partner maybe, but not necessarily against someone with infinite resources after they shoot you and take your phone :) [14:12] right [14:12] 4 digits, wwll by a new phone then [14:12] ogra: no you don't only have a 4 digit PIN [14:12] well, you could indeed set up password locking [14:12] thanks dobey [14:12] but who does that when he still wants to conveniently use the phone :P [14:13] ogra: which is exactly why your argument is facile :) [14:13] (there are plans to de-couple the login from the passwd DB_, then you can have both) [14:13] even with full disk encryption, nobody is going to want to type a 32 character pass phrase onto a phone [14:13] no [14:13] but when we do FDE we will have the de-coupled stuff in place [14:14] since you not even have an idea of what i will do, you should not think loud [14:14] ogra: it doesn't matter [14:14] for an enduser it does ... [14:14] my mom wouldnt use a 10 digit password [14:14] i can here you are not so deep into the phone business [14:14] since then you would be quiet [14:14] lol [14:14] ogra: it doesn't, because they aren't going to want to type complex secure passwords onto a phone, because it's still an incredible pain in the ass :) [14:15] there is a lot of people who want to type 16 + chars to open a phone [14:15] ogra: it only matters to security nerds who think it matters. for 99% of real people, they will use the same 4 digit pin in both places [14:15] dobey, exactly [14:15] besides [14:15] and ubuntu flash with --password=1234 [14:16] so i set the 16+ passphrase [14:16] not the user [14:16] with your massive 8" phone, i can read your password in clear text from the other side of the coffee shop with ease [14:16] but thats because you are a decade youonger than me :P [14:16] * ogra wuld need goggles [14:17] well, more to the point, cameras are everywhere. so if i can read it, so can the NSA/GCHQ/etc... and they have even more time to parse it, being a recorded video :) [14:18] yay... paranoia ! [14:19] lol, and besides, if the phone is booted, and you are using a 4 number PIN to unlock, then that's all that one needs to get access; so splitting doesn't really make the system more secure :) [14:20] indeed [14:21] yet there are plans to have lightdm not use the passwd DB anymore :) [14:21] and only use that for sudo and stuff ... so you can actually set a safely long PW [14:22] but that would indeed not help much with encryption [14:22] (but then again ... as long as the bootloader is fully open you arent safe anyway) [14:23] well, what i mean is, all i have to do is keep your phone powered, and then guess the unlock PIN, and then enable dev mode and just sync all the data off the device === salem_ is now known as _salem [14:25] anyway [14:25] [14:25] ii think using the open bootloader to copy the whole disk to a PC to run scripts on it is more efficient than having a robot punch in 4 digits til you hit it [14:25] you don't even need to copy the whole disk [14:26] well, the shadow db and the encrypted folder ... [14:26] you just need to copy the encrypted key, and then run password attacks against it [14:26] right in the end just the db [14:26] because the key will have to be encrypted with the password [14:27] yeah [14:27] i wouldn't expect a shadow db to be outside the encrypted disk [14:27] so any encryption you can do in todays setup is just obscuring the data a bit ... [14:27] false feeling of safety after all ... like i said === _salem is now known as salem_ [14:29] also mr robot is a horrible show. i don't understand why people think it's so great [14:30] because it doesnt use kirklands byobou-hollywood setup in every second scene ? [14:31] having computers that make *blip* *blip* *beep* at every keystroke ... [14:31] because it's literally just fight club meets hackers [14:32] well, it is slightly more realistic than the others [14:32] thats all i guess [14:32] not really :) [14:32] slightly :) === dandrader is now known as dandrader|afk === dandrader|afk is now known as dandrader === chihchun_afk is now known as chihchun === Elimin8r is now known as Elimin8er === dandrader is now known as dandrader|afk === chihchun is now known as chihchun_afk [16:26] bregma: hmm, after weeks i tried my unity8 session on my desktop again today ... i cant seem to be able to launch any libertine apps anymore [16:27] ogra__, check if cgmanager is running, we've had spurious complaints about that [16:27] (system is up to date, syslog shows some zeitgeist errors when i click on teh installed hexchat icon in the libertine launcher) [16:27] seems to be running ... [16:28] ChrisTownsend, was there something else we've seen lately? ^^^ [16:28] saldy teh keyboard is still completely broken so i cant type a pipe or at [16:28] (which makes grepping in output a bit awkward) [16:28] ogra__: Do any apps start? [16:29] well, i only have hexchat and vim installed ... hexchat flashes a black screen and is gone again [16:29] ogra__: Aside from libertine apps [16:29] and syslog shows some zeitgeist complaints [16:29] oh, yeah [16:29] i'm typing that in the kiwi irc webapp [16:29] the terminal runs and i have G+ open in its webapp too [16:30] anything in the ~/.cache/upstart logs? [16:30] ogra__: Ok, so not cgmanager. [16:31] bah... clicking teh vim icon gets me an uncloseable terminal with vim icon and spinner [16:31] bregma: what would i look for ? [16:32] i see compressed libertine-lxc-manager logs ... [16:32] ogra__: Look for something like application-legacy_${container_id}_${exe_name}_0.0.log [16:33] ah, found it [16:33] http://paste.ubuntu.com/19511536/ [16:33] note tht i created a fresh container today [16:34] and also freshly installed hsxchat in there [16:34] *hexchat [16:34] mmm, I thought that code was replaced a while ago....... [16:34] oh, wait, that could be from a manual attempt ... [16:35] Yeah, that seems like an old libertine... [16:35] let me wipe that long and try again to see that it actually comes from teh desktop launcher [16:35] I'm seeing the same spinning vim right now, but it was working a couple of hours ago... ChrisTownsend how do I check LXC status again? [16:36] Oh, wait, manual attempt, that would cause that, but that code still looks old... [16:36] ok, i seethe same error in a fresh log [16:36] bregma: Hmm, I've never had luck w/ Vim. [16:36] just wiped it and clicker open (why do we have that and not just launch the app when clicking the icon) [16:36] bregma: But, lxc-ls --fancy -P ~/.cache/libertine-container [16:37] *clicked [16:37] ogra__: That is fixed. I think you need to update. [16:37] i dist upgraded 20min ago [16:37] * ogra__ checks again [16:37] how teh heck do i get rid of that vimm window .. [16:37] ogra__: Look for the Xmir process and kill it. [16:37] ah, right, I'mm seeing the terminal-only vim, I assumed I had installed gvim in that container [16:38] vim seems to be preinstalled [16:38] and brings a terminal .desktop file [16:38] nothing interesting in the dist upgrade [16:38] yes, it but we currently don;t support terminal applications in libertine [16:39] ogra__: But your Libertine is old and the fact that single click won't just launch tells me you have old software. [16:39] it's on the list, it's stuck waiting for me to do something [16:39] ooooh !!! [16:39] during my snapcrafting i disabled the overlay PPA ... [16:39] *schwing* [16:39] ogra__: Some other package pulls in vim, not anything we do. [16:39] lol [16:39] since that messes up stuff [16:39] * ogra__ enables it again and uppgrades [16:40] on the upside, supertux runs fine in my container [16:40] hmpf ... [16:40] i guess i cant get the sw-sources UI up under mir now [16:40] <- lazy ... i like the UI tools :P [16:42] aha ... 20M updates coming down the drain [16:45] ok, it starts but all my themeing is gone now ... sniff [16:45] also complains that it has no access to ~/.config/hexchat [16:47] aha, better [16:47] adding a bind mount to the config helped [16:48] now to get the awful win95 look sorted ... [16:48] oh ! [16:48] ||||@@@@ === dandrader|afk is now known as dandrader [16:48] the kbd is fixed [16:48] yay [16:50] hmm, can i install evolution ? i guess that wont be happy regarding all its background services [16:53] WOW [16:53] that was unexpected [16:54] evolution just works ... including all my data [16:57] hmm, only half ... doesnt display any message [16:57] that bit is webkit [17:00] no, that bit is evo re-syncing 4GB of email for "offline mode" ... it is just busy [17:00] silly stuff [17:00] seems it found my config but not my ~/.evolution folder ... [17:00] so it tries to re-download the world [17:02] hmm [17:03] thats better ... [17:03] what happens if you run a libertine container inside a unity8 that's running inside a libertine container, that's running under unity8? [17:04] try it [17:04] ARGH [17:04] no keyboard repeat in X apps [17:04] and i have atlGr in X apps but not in unity or th terminal [17:04] GRR [17:04] dobey, see if you can do that from Unity 7 running on Bash for Windows [17:05] ogra, yes, the keyrepeat is a low-priority fix in Xmir we're waiting on [17:05] well, that makes me go back to unity8 [17:05] altGr on the other hand, is a Mir fix wending its way through [17:05] bregma: i guess it would be the same, you just end up having to run the child unity8 session under xorg [17:05] i cant really work without that [17:06] bregma, well, it works in libertine, but not in Mir [17:06] which is rather weird [17:06] i cant type a pipe sign in the terminal app [17:06] but here i can ... ||| [17:06]