marcan changed the topic of #asahi-dev to: Asahi Linux: porting Linux to Apple Silicon macs | General development | GitHub: https://alx.sh/g | Wiki: https://alx.sh/w | Logs: https://alx.sh/l/asahi-dev
maor26 has quit [Ping timeout: 265 seconds]
snalty has quit [Ping timeout: 240 seconds]
kettenis has quit [Ping timeout: 240 seconds]
kettenis has joined #asahi-dev
riker77 has quit [Ping timeout: 264 seconds]
riker77 has joined #asahi-dev
dougall has joined #asahi-dev
bgb has joined #asahi-dev
bgb has left #asahi-dev [#asahi-dev]
bgb has joined #asahi-dev
PhilippvK has joined #asahi-dev
phiologe has quit [Ping timeout: 260 seconds]
<bgb> marcan: how did you get mini hdmi output showed on your host screen by just typing "hdmi" shell cmd?
KindOne has quit [Ping timeout: 240 seconds]
KindOne has joined #asahi-dev
<marcan> bgb: it's aliased to ffplay yada yada from a USB HDMI capture box
<marcan> ffplay -input_format yuv422p -video_size hd1080 -f v4l2 /dev/v4l/vxis
<bgb> ok, cool! I'd like to try to get rid of mini's screen, thanks
Necrosporus has quit [Killed (orwell.freenode.net (Nickname regained by services))]
Necrosporus has joined #asahi-dev
narmstrong has quit [Ping timeout: 240 seconds]
bgb has quit [Ping timeout: 272 seconds]
hatf0 has quit [Read error: Connection reset by peer]
jkkm has quit [Read error: Connection reset by peer]
bgb has joined #asahi-dev
eric_engestrom has quit [Ping timeout: 240 seconds]
titanous has quit [Read error: Connection reset by peer]
narmstrong has joined #asahi-dev
hatf0 has joined #asahi-dev
eric_engestrom has joined #asahi-dev
jkkm has joined #asahi-dev
titanous has joined #asahi-dev
bgb has quit [Ping timeout: 246 seconds]
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 240 seconds]
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 256 seconds]
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 246 seconds]
VinDuv has joined #asahi-dev
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 240 seconds]
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 256 seconds]
VinDuv has quit [Quit: Leaving.]
<arnd> tarzeau: the most likely path at the moment is that I'll create a separate branch in https://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git/ and pull in material for 5.13 as soon as it's been sufficiently reviewed and marcan sends it to soc@kernel.org. It will then show up in https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/ a day later, and in torvalds/linux.git during the 5.13 merge window
<arnd> http://phb-crystal-ball.org/ projects 5.13-rc1 for 2021-05-09, and the official 5.13 for 2021-07-04
<marcan> arnd: do you want v2 CCed to soc@, or wait until the next cycle?
<marcan> that's a handy website, bookmarked :)
<arnd> marcan: no, don't cc soc@kernel.org on patches unless I they have been reviewed and are ready to get picked up
<marcan> ah, then I messed up on v1, sorry, I didn't quite understand the flow then
<marcan> by the way, did you see the bounces from that alias?
<arnd> no worries
<arnd> no, if you get a bounce, please forward that to me at arnd@kernel.org and arnd@arndb.de (in case one of the two bounces as well)
<arnd> I've had problems with arnd@arndb.de recently and started using the other one
<marcan> <linux+soc@armlinux.org.uk> is bouncing, I figured you'd have gotten them too since I think replies CCed soc@ too
<arnd> ah, that is Russell's address
<marcan> yeah, thought so
<tarzeau> arnd: thanks, fun link the crystall ball! ;)
<marcan> running the devicetree checks now.... and I need to decide if I set up DKIM first or not :)
<marcan> since apparently my earlier series landed in some spamboxes
<marcan> at least I added DMARC, which I hear matters
amw has quit [Ping timeout: 240 seconds]
nhlism[m] has quit [Quit: Idle for 30+ days]
thresh has quit [Remote host closed the connection]
thresh has joined #asahi-dev
Chainsaw has quit [Remote host closed the connection]
odmir has quit [Read error: Connection reset by peer]
thestr4ng3r has quit [Quit: ZNC 1.8.1 - https://znc.in]
the-mentor has quit [Quit: Ping timeout (120 seconds)]
thestr4ng3r has joined #asahi-dev
odmir has joined #asahi-dev
the-mentor has joined #asahi-dev
snalty has joined #asahi-dev
Gaelan_ has joined #asahi-dev
Gaelan has quit [Read error: Connection reset by peer]
maor26 has joined #asahi-dev
<j`ey> arnd: how does linux-next know which branches to pull from your soc.git?
<arnd> j`ey: the process is to send an email to sfr to ask him to add a branch. What I did specifically is to have a 'for-next' branch and I merge all of my branches into that
<j`ey> arnd: ah ok, so you'll just merge the new branch into for-next
<j`ey> I have a patch in will's for-next, so I guess that will be in 5.12
<arnd> marcan: do you have a git tree somewhere other than github.com that you can use for sending pull requests? For the initial merge, separate patches will be fine, but in general, I prefer pull requests, and github is slightly annoying: it's often really slow for pulling kernel trees for some reason, and its generally less trusted than an tree on kernel.org or one you host yourself
<marcan> I can set something up real quick; I have git.marcan.st but that's on the wrong continent, I can make git.asahilinux.org happen :)
<arnd> marcan: note that you can ask for a kernel.org account that allows you to host git trees and one email alias there once you are listed in the MAINTAINERS file and have a sufficiently connected gpg key
<marcan> that works too, though my gpg key isn't terribly well connected (and honestly I should probably rethink that thing and make a new one, it's kind of old)
<arnd> marcan: ok either one of those is fine for pull requests, or you keep using separate patches until you have a kernel.org account
<arnd> if the gpg key is really old, it might be too short, I think the minimum is now 2048 bits
<j`ey> arnd: is the mailing list process still the same with pull requests? just that you also have a branch on git somewhere?
<arnd> j`ey: yes, you just send an email with the subject containing [GIT PULL] instead of [PATCH], and the body generated by 'git request pull', and pointing to a tag with gpg signature and a description
<marcan> oh, it's 4K, it's not *that* old, but I've never been terribly happy with the security of it, especially considering I do better in other places these days (e.g. yubikeys)
<marcan> but SSH and U2F let me use many yubikeys, while I can only have one gpg key... and I don't want to mix GPG and SSH usage...
<j`ey> arnd: I see, I'd only seen that (so far) for requesting Linus to pull, not indudvidual series that needed review
<arnd> j`ey: review is always by email on the list, the pull request is what you'd send once the series is fully reviewed and ready to be merged. I usually do some final checks on the pull request to make sure the contents match up with the description, and the signature is valid then
<arnd> I assume yubikey works the same
<marcan> yeah, for signing kernel tags honestly that's probably the easiest way, it would just be a key dedicated-ish to that; I just don't want to make that "my" gpg key for email/etc, because then that ties me to the physical thing
<marcan> I should dig up that ROCA-vulnerable yubikey from a drawer somewhere; those are fine if you import keys externally, which I would want to do to keep an offline backup anyway (I don't mind having a backup, I have a pretty safe place for that stuff, as long as I don't have to access it normally)
<marcan> hm, maybe I can use the subkeys stuff to make this more sensible
<arnd> marcan: regarding signatures on the key, the document I linked to says you need at least one signature from someone who is connected to torvalds, but IIRC the requirement for getting a kernel.org account is three such signatures. If you have trouble finding kernel folks to sign your kernel locally, we can probably arrange for me to sign your kernel through some video chat
<marcan> locally might be tricky, especially with the pandemic :-)
<marcan> arnd: this isn't blocking for the v2 review, right?
<arnd> marcan: no, I'm happy to apply the patches from email, or by applying with the same amount of care when I get a pull request
<marcan> I'll send out v2 shortly then, and spend some time this week giving a bit of thought to this
<arnd> and once I pulled from you once, I would generally also assume it's fine if future pull requests are signed by the same key. The 'one connected signature' requirement is specifically if you send a pull request to torvalds yourself
<marcan> ah, right
<marcan> and for the account stuff
<arnd> having signatures on the does give a better feeling about it of course
<arnd> for the account, I don't think there is a way around the minimum three signatures
<arnd> maybe check if any of the people that signed your old key are already on the kernel keyring
<marcan> unlikely, but I'll check :)
<marcan> anyway, I'll probably wind up with a new key, this has been on my TODO list for a while
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 240 seconds]
<maximus64> I also used yubikey for my gpg key and I keep my master key offline on air gap computer. Downside to this is everytime you need to renew or sign other keys, I have to do it on the offline computer
bgb has joined #asahi-dev
Necrosporus has quit [Ping timeout: 246 seconds]
bgb has quit [Ping timeout: 264 seconds]
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 265 seconds]
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 240 seconds]
bgb has joined #asahi-dev
bgb has quit [Ping timeout: 265 seconds]
<modwizcode> I've tried a few times to maintain a key and I always lose it, but I don't have much reason to use it for anything.
<modwizcode> I think my current key is actually safe, when keybase came out I setup everything so that worked. So keybase has an encrypted copy of my key and I think I have a backup printout and the password I actually remember.
<modwizcode> I think that's how that all works
<modwizcode> GPG is kind of meaningless without signatures on your key and people to use it with
bgb has joined #asahi-dev
bgb has left #asahi-dev [#asahi-dev]
marcan_ has joined #asahi-dev
marcan_ has quit [Client Quit]
Necrosporus has joined #asahi-dev
maor26 has quit [Ping timeout: 265 seconds]
<sven> I have an offline master key with subkeys on yubikeys (signing/authentication ones generated on the device, encryption key imported with an offline backup). the only two things I used it for are ssh and encrypted backups
<sven> the whole ux is quite unfortunate :(
hir0 has joined #asahi-dev
hir0 has quit [Quit: hir0]
sven- has joined #asahi-dev
sven has quit [Ping timeout: 246 seconds]
sven- is now known as sven
hir0 has joined #asahi-dev
bisko has joined #asahi-dev
bisko has quit [Quit: Textual IRC Client: www.textualapp.com]
<Glanzmann> marcan: If you have a yubikey with the broken random number generator, you could apply for a new. This is how I got two new yubikeys for free.
<Glanzmann> marcan: I had for a very long time my gpg key, and still have, but no longer use it, on a yubikey. I did with three keys, one master, one for authentication, one for signature. I still use it for ssh also. I sometimes have to work on windows. where there is no good gpg agent forwarding, so I can't use gnupg remotely. If I should send you my notes, let me know.
<Glanzmann> If you guys need help with mutt, let me know. I wrote 17 years ago or so the mutt header cache and I'm a mutt power user. I also configured vim to strip consecutive empty lines out and do other stuff that is helpful for inline answering.
<marcan> Glanzmann: I did, I just still have the old one
<Glanzmann> Nitrokeys are nice, I read about them earlier, I think, but they did not support 4Kbit RSA which I sue for quite a while.
<Glanzmann> marcan: I see. :-)
<marcan> but it makes sense to use it for a master key with a backup, because then you're generating keys externally anyway, so the bug does not matter
<marcan> it's not a broken RNG, it's a broken algorithm :)
<Glanzmann> My old one broke down, so I replaced it with a new one. the one that you put in the usb slot and does not look out.
<Glanzmann> marcan: Oic.
<Glanzmann> I only remeber, that when you gernate keys on it, they're weak. But I would never do it, because devices break or get lost.
<marcan> well, it's fine for ssh keys, which is what I use yubikeys for
<marcan> since I have a bunch of them
<marcan> I also use them for OATH TOTP and for that, I always put the seeds into two, so I have a backup
<Glanzmann> Same for me. :-)
<Glanzmann> And of course, I have an offline backup as well.
VinDuv has joined #asahi-dev
<marcan> Glanzmann: re nitrokey, it's not fully open source; not the proper secure element ones anyway
<marcan> same proprietary NDA'd SE as everything else, also the open code for the SE is written in... BASIC.
nkaretnikov has quit [Ping timeout: 264 seconds]
eric_engestrom has quit [Ping timeout: 272 seconds]
nkaretnikov has joined #asahi-dev
titanous has quit [Ping timeout: 264 seconds]
eric_engestrom has joined #asahi-dev
titanous has joined #asahi-dev
HeN has quit [Ping timeout: 260 seconds]
HeN has joined #asahi-dev
<marcan> the first semi serious one I've seen so far is solo v2: https://www.kickstarter.com/projects/conorpatrick/solo-v2-safety-net-against-phishing
<marcan> that one is, as far as I can tell, fully open source, and using a micro which claims some amount of security
<marcan> I pledged for 4, that's going to be a fun one to try to audit at some point :)
hir0 has quit [Ping timeout: 265 seconds]
<Glanzmann> marcan: I see, good to know.
<Glanzmann> marcan: I see, but can the solo-v2 do rsa and gpg? Or just u2f?
<marcan> just u2f/piv but it's firmware
<marcan> I assume a gpg applet will come at some point
<marcan> and it's updatable (though only by them if you get the "normal" version, by you if you get the "hacker" version)
<marcan> and supposedly you can provision secureboot yourself for the latter, i.e. make it only run code you sign
<Glanzmann> I see.
hir0 has joined #asahi-dev
hir0 has quit [Quit: hir0]
hir0 has joined #asahi-dev
hir0 has quit [Client Quit]
VinDuv has quit [Quit: Leaving.]
leah2 has quit [Ping timeout: 264 seconds]
leah2 has joined #asahi-dev
sbingner has quit [Ping timeout: 258 seconds]
sbingner has joined #asahi-dev
JTL has quit [Quit: WeeChat 2.9]
JTL has joined #asahi-dev
JTL has quit [Client Quit]
JTL has joined #asahi-dev
JTL is now known as JLT
amw has joined #asahi-dev
JLT is now known as JTL