<arjun_>
I am trying to block scp for other users using acl (setfacl –m o::0 usr/bin/scp) when i add this command to /etc/uci-defaults script during image building it doesnt work i have added acl package to the build. Any suggestions?
arjun_ has quit [Quit: Page closed]
arjun has joined #openwrt-devel
<arjun>
I am trying to block scp for other users using acl (setfacl –m o::0 usr/bin/scp) when i add this command to /etc/uci-defaults script during image building it doesnt work i have added acl package to the build. Any suggestions?
goliath has joined #openwrt-devel
bazz has joined #openwrt-devel
<bazz>
I would like to use the OpenWRT Toolchain that was built to compile my OpenWRT installation to compile a side-project that uses Makefile and has a configure script. I know my toolchain is located around the area build_dir/toolchain-arm_cortex-a15+neon-vfpv4_gcc-8.4.0_musl_eabi/gcc-8.4.0/gcc, but I'm not quite sure how to correctly reference all of the tools that might be needed from eg. Makefile. Any tips?
<bazz>
Typically I can use prefix= and CROSS_COMPILE to reference the right tools all at once. Not sure if the situation is different here.
<bazz>
I think I got this on my own
philipp64 is now known as Guest429
philipp64 has joined #openwrt-devel
Guest429 has quit [Ping timeout: 480 seconds]
victhor has quit [Remote host closed the connection]
arjun has quit [Quit: Page closed]
arjun has joined #openwrt-devel
<arjun>
I am trying to block scp for other users using acl (setfacl –m o::0 usr/bin/scp) when i add this command to /etc/uci-defaults script during image building it doesnt work i have added acl package to the build. Any suggestions?
arjun has quit [Remote host closed the connection]
danitool has quit [Ping timeout: 480 seconds]
goliath has quit [Quit: SIGSEGV]
bazz has quit [Quit: Page closed]
minimal has quit []
rua has quit [Ping timeout: 480 seconds]
rua has joined #openwrt-devel
Slimey has quit [Remote host closed the connection]
srslypascal has quit [Remote host closed the connection]
srslypascal has joined #openwrt-devel
GNUmoon has joined #openwrt-devel
valku has quit [Quit: valku]
dedeckeh has joined #openwrt-devel
Luke-Jr has quit [Ping timeout: 480 seconds]
Luke-Jr has joined #openwrt-devel
Tapper has joined #openwrt-devel
danitool has joined #openwrt-devel
danitool has quit []
danitool has joined #openwrt-devel
srslypascal is now known as Guest458
srslypascal has joined #openwrt-devel
Guest458 has quit [Ping timeout: 480 seconds]
pmelange has joined #openwrt-devel
goliath has quit [Quit: SIGSEGV]
nitroshift has quit [Remote host closed the connection]
nitroshift has joined #openwrt-devel
<neggles>
stintel / dangole: i know this was two days ago now, but, you definitely don't need 802.3bt to do PoE with 2.5/5/10G-T, it's just going to depend on the quality of the traces/magnetics in your injector & how long of a cable run you have...
<neggles>
oh dangole is not in here atm
<rsalvaterra>
neggles: Probably the PoE injector wiring is just crap… :/
<neggles>
yeaaaaaaaaaaah... I think I'd trust those about as far as I can throw them with 2.5G
<neggles>
on the other hand, I have... six or seven? here
mattytap_ has quit [Ping timeout: 480 seconds]
\x has quit [Ping timeout: 480 seconds]
pmelange has left #openwrt-devel [#openwrt-devel]
<neggles>
aaaaand 2.5G link up
<neggles>
admittedly the 2.5G device in question isn't PoE powered... don't have anything that is Nbase-T and PoE
<neggles>
but it does work
<neggles>
p/n POE-48-24W-G-WH, which is one of the slightly newer white ones - incidentally I also get link up through a positively ancient microsemi powerdsine 802.3af injector
<neggles>
s/link up/link up at 2.5G
<stintel>
I have a POE-48-24W-G, I could test 2.5G through it with a PoE-PD device
<stintel>
hmm, maybe not
<nitroshift>
stintel, do you have any idea why a n /ac card used as a client doesn't show any ac networks, only n ones?
\x has joined #openwrt-devel
<neggles>
is it stuck only showing 2.4ghz?
<nitroshift>
neggles, yes
<neggles>
oh sorry, I mean, is it actually scanning on both bands? chipset?
<nitroshift>
chipset is rtl8822ce, using rtw88 driver
<stintel>
Speed : 2500, Loopback: NONE
<nitroshift>
don't know how to check what band is scanning
<neggles>
heh, is power_save off?
<nitroshift>
neggles, let me check
<stintel>
so even with a PoE-PD device I can do 2.5G through the POE-48-24W-G
<neggles>
found a whole bunch of complaints about cards with rtl8822ce chips having 5GHz disappear/not show up with power_save turned on
<neggles>
stintel: neat - makes sense really, 802.3at 'doesn't support' nbaseT because nbaseT didn't exist at the time
<neggles>
and you probably can't trust most injectors to handle 10G-T over much distance
<neggles>
same as how you can't* run 10G over cat5e... :P
<nitroshift>
neggles, turned off power save (iwconfig wlp19s0 power off), still no joy
<neggles>
boo, hiss
<nitroshift>
rofl
<stintel>
neggles: I used to run 10G over CAT5e :P
<neggles>
nitroshift: what does `iw wlp19s0 info` / `iw phy0 info` show
<stintel>
awwww yissss 2x Samsung 980 Pro NVMe just arrived
<stintel>
about time I replaced these slowass SATA SSDs
<neggles>
hehehe, yeah, it'll work, you just don't wanna do it if you can avoid it
<rsalvaterra>
stintel: Going for RAID-0? :P
<neggles>
and use NbaseT stuff both ends if you can so it'll drop down rather than die entirely
<stintel>
rsalvaterra: RAID1, always RAID1
<nitroshift>
iw wlp19s0 info shows details of the network it's connected to at the moment (2.4GHz)
<neggles>
hmm.
<neggles>
if you disconnect, does it show up?
<nitroshift>
iw phy0 info shows ac mode and related frequencies
<neggles>
maybe it won't scan the other band while connected
<stintel>
actually I will go for RAID10 later, I want to replace 2x1TB RAID1 / and 2x2TB RAID /home with 2x4TB RAID1 / but there don't seem to be 4TB Samsung NVMe drives
<stintel>
so I'm going for 4x2TB RAID10 /
<stintel>
but the shop where I ordered the 980 Pro only had 2 in stock
<neggles>
yeah the only way to fit 4TB into an M.2 2280 at the moment is with QLC
<neggles>
which... ew
<stintel>
yeah my /home is 2x2TB 860 QVO
<stintel>
one of them borks on fstrim
<stintel>
I will probably just keep them for spare
<stintel>
trying to bring up an mt7621 board and keep hitting WARNING: CPU: 1 PID: 225 at drivers/regulator/core.c:2151 _regulator_put.part.0+0x180/0x188
<neggles>
dpk appears to be some kind of internal RF chain calibration thing
<rsalvaterra>
stintel: I have to disagree… RAID-0 makes sense for working data when you need utmost speed (e.g. video editing).
<stintel>
any suggestions what to look at ?
<neggles>
not sure if it actually matters
<stintel>
rsalvaterra: I told you how much a day of downtime costs me :)
<rsalvaterra>
I know, and you don't do video editing. :P
<stintel>
I do :P
<stintel>
sometimes
<neggles>
if your backup is on a QLC NVMe drive (which still has perfectly adequate read speeds) it doesn't take very long to recreate your R0 with one less drive and restore :D
<stintel>
in the case of RAID0 there is no recovery possible
<stintel>
and no, I don't have backups on SSD :P
<neggles>
of course, but if you've got a 4-drive RAID-0 that's snapshotted and replicated hourly to a slower drive in the same box / over a fast network connection (like I do)
<neggles>
if a drive does happen to fail it's not hugely time consuming to re-RAID0 the other 3 and restore (assuming you've got space)
<neggles>
(and it was cheaper to zfs stripe 4x250GB SATA disks I already had than buy another 1TB NVMe)
<rsalvaterra>
I need to build a storage server, one day… depending on "the cloud" is no way of living.
<stintel>
scary
<stintel>
what if one of the 4 SATA disks fails during restore ?
<rsalvaterra>
And my dad still stores his photos on DVDs, which is borderline insane, in the long term.
<neggles>
well they're MLC samsung SATA SSDs that *aren't* one of the models that like to just fall over and die, so their likelihood of failure isn't very high, and the only data on there is stuff i'm actively working on
<stintel>
famous last words ;)
<neggles>
*shrug* it's not my main workstation, it's the poweredge-in-disguise in the rack 6 feet to my right that I do builds on
<neggles>
everything on that array is replaceable in short order
<neggles>
anything that isn't gets copied to the RAID-6 storage server which archives itself to LTO-5 every night
<neggles>
it cut full clean rebuild time from like 45+ minutes to 15, which is on par with running off an SN750 1TB, so, worth it :P
<neggles>
also, because I know it's RAID-0 and could eat itself at any moment, I'm a lot more diligent about making sure things are actually backed up than I am with redundant arrays...
<stintel>
oh I have proper local and offsite backups too
<neggles>
nitroshift: you could try updating the realtek firmware, depending on how old the version on your system is - and, uh, Have You Tried Turning It Off And On Again? ;P
<neggles>
there might also be a driver opt or an iw option to try and force 5GHz-only operation
<neggles>
stintel: ah, but how often do you test that you can actually restore them? :P
<neggles>
rsalvaterra: I've started putting irreplaceable stuff like photos on LTO tapes (as well as cloud stuff) since those seem to be the best bet for "take it out of the box in a decade and you can still read it" that doesn't cost an absolute fortune
<neggles>
sony's Archive Drive stuff is really nice - they put 12? ~special~ double-sided triple-layer BDXL discs in a cartridge with a huge amount of ECC, latest gen is 5.5TB, but the drives are almost ten grand
<rsalvaterra>
neggles: Oh, I have been looking around for LTO tape drives, but they're horribly expensive.
<neggles>
LTO-4 is very cheap now, 800GB/cartridge, but you need to make sure you get a drive with low hours/cycles on it - most of them are close to worn out - or immediately get it refurbished/calibrated
<neggles>
LTO-5 is coming down to reasonable prices, 1.5TB/cartridge and the drives are significantly more reliable
<neggles>
anything newer is $$$
<neggles>
up to LTO-8 the drives can read back two generations and write back one generation
<neggles>
the 124T is prone to mechanical failures in the autoloader
<rsalvaterra>
:(
<neggles>
it uses a rubber belt to move cartridges around
<neggles>
but the TL2000/TS3100/MSL2024 autoloaders are the same 2U, more reliable, more common, and not usually any more expensive
<neggles>
you can use a Dell or IBM or Quantum/Sun drive in any of the other autoloaders, but HP's 1/8 G2 / MSL2024 / MSL4048 will only work with HP drives and HP drives will only work in them
<neggles>
I can buy driveless TL2000s for about AU$200 here
mattytap has joined #openwrt-devel
<neggles>
and I paid AU$425 for an MSL2024 with two HH fibre channel LTO-5 drives a couple months ago - as luck would have it, both drives have hardly been used at all
<rsalvaterra>
Oh, the TL2000 supports LTO6 drives, I see.
<neggles>
it supports any LTO drive
goliath has joined #openwrt-devel
<neggles>
the TL2000 is identical to the TS3100 and the MSL2024 and whatever the Sun/StorageTek one is named, they're all made by Quantum
<neggles>
HPE ones just have custom firmware with arbitrary locks.
<rsalvaterra>
In true HPE style. W***rs…
<neggles>
don't be afraid of the fibre channel drives, either - an 8G FC HBA costs next to nothing, and you can just plug it in directly to the drive
<neggles>
they're usually cheaper
<neggles>
it looks like the HPE stuff is more plentiful in your neck of the woods
<neggles>
if you keep an eye on listings you usually don't have to wait too long to find one listed as just 'HP tape library' / 'Dell LTO autoloader' / etc. by someone who's not really sure what it is that happens to have two L5/L6 drives in it for a steal
<rsalvaterra>
Maybe, I haven't tried to look for HPE stuff… :)
<neggles>
tapes are cheap, too. brand new L5 cartridge costs about AU$30
<rsalvaterra>
I wonder if the firmware could be replaced…
<neggles>
yes*
<rsalvaterra>
In that case, even HPE hardware would be fine.
<neggles>
*you would need to get a response from one of the 3 people who've mentioned they successfully changed the drive manufacturer ID on a HP drive to a Dell one or vice-versus on reddit, or get a dump of the EEPROM from someone with the kind of drive you're trying to clone
<neggles>
but it looks like there's no shortage of cheap HPE autoloader drives in the UK, there's more than there are dell ones
<neggles>
ebay search for `(msl2024,msl4048,tl2000,tl4000,ts3100,ts4100) -(lto3,lto2)` usually finds most of it, then `(hp,hpe,dell,ibm,lenovo) (library,autoloader)` for the ones listed by people who don't know what they are
<neggles>
latest generation of LTO tape holds 18TB which is wild
<rsalvaterra>
18 TB per tape… uncompressed, right? (I never understood the point of the compressed figures in specs.)
<neggles>
yup, LTO-8 is 12TB (or 9TB on an LTO-7 tape that's not been used before)
<neggles>
I don't know why they bother with the inline compression either, but you *can* technically use an LTO tape as a block device...
<neggles>
LTFS is absolutely cursed
<neggles>
on the other hand, it's an ISO/IEC standard with widespread support, using it for long-term archival might make sense just so you're not reliant on backup software that might not be easy or possible to find a copy of in a decade or two
<neggles>
stintel: hmm that looks like a bug in the mt7530 driver's interactions with the dummy regulators it's spawning
<dangole>
neggles: thanks for the hint. the injector is genuine Ubiquiti 802.2at injector, I use 2x 1.5m Cat.6e STP cables (both quite new). so i guess the injector just isn't good enough then (because the wires are both fine with 10GE)
<neggles>
dangole: what's the model # on the ubiquiti injector?
<neggles>
POE-48-24W-G(-WH)?
<dangole>
neggles: no, it's a newer model: GP-H480-065G, pn: U-POE-at
<neggles>
ahhh that's one of the smaller ones
<neggles>
yeah, that'll be your problem
<neggles>
amusingly a ten year old microsemi 15.4w injector passes it just fine, as does my 48-24W-G-WH and a tp-link TL-POE150S
<neggles>
I only have the 802.3af small ubiquiti bricks, not the AT ones
mattytap has quit [Remote host closed the connection]
mattytap has joined #openwrt-devel
xes_ has joined #openwrt-devel
mattytap_ has joined #openwrt-devel
<dangole>
neggles: and i thought i'd be the newest and best genuine injector to max my chances -- turns out a random 10 years old one would have been better...
xes has quit [Ping timeout: 480 seconds]
<neggles>
well, not quite - IIRC the U6-LR does actually need PoE+
<neggles>
but there's not a lot that's special about most PoE injectors, and Ubiquiti very much build down to a price - the newer one, being smaller, probably has a noisier power supply
<dangole>
neggles: it does eat more than 15W when both radios are busy, yes...
<neggles>
on the plus side, stintel's black POE-48-24W-G works too, and both it and the -WH are quite cheap 2nd hand
<blocktrron>
dangole: as you are online - The Ubiquiti af/at injectors are NOT af/at - it is passive 48V and we've already bricked proper PoE devices with it
<stintel>
yikes
<blocktrron>
Actually, Ubiquiti never mentions 802.3af with them - they just call them "something-af". Only some shops do.
<blocktrron>
stintel: Cambium offered trial APs from their cnPilot series.
<blocktrron>
Distributer sent them with UBNT af injectors, as the cambium bundles were out of stock.
<blocktrron>
This Ubiquiti abnormation bricked the AP
<blocktrron>
*slowclap*
ecloud has quit [Ping timeout: 480 seconds]
<blocktrron>
They also have passive bt injectors, if that's your liking 🔥
<stintel>
:P
ecloud has joined #openwrt-devel
<stintel>
mattytap_: didn't really get your question btw
<stintel>
mattytap_: but have a look at include/target.mk - there are common default packages
<mattytap_>
its about what I can and cannot do, I can determine what works through trail and error or reading up, but what is the openwrt best way to do something, such as avoiding adding subtargets
<mattytap_>
will do
<mattytap_>
thanks
SamantazFox has quit [Ping timeout: 480 seconds]
<PaulFertser>
mattytap_: I think if you share more details about your target and hardware you'll get more replies.
<PaulFertser>
mattytap_: starting with architecture
vchrizz has quit [Ping timeout: 480 seconds]
<stintel>
neggles: the cause of the regulator warnings was ... configuring port 5 of the mt7530
<stintel>
yes, that document is what lead me to remove port@5 from the dts
vchrizz has joined #openwrt-devel
Misanthropos has quit [Read error: Connection reset by peer]
<dangole>
blocktron: thanks for the warning. just to be sure: this injector is white and roundish and even got [at] printed on it (hence suggesting it would conform with 802.3at).
<dangole>
@blocktrron, sorry
Slimey has joined #openwrt-devel
<blocktrron>
Correct
<blocktrron>
dangole:
srslypascal has quit [Remote host closed the connection]
srslypascal has joined #openwrt-devel
srslypascal has quit [Remote host closed the connection]
srslypascal has joined #openwrt-devel
<dangole>
blocktrron: ok, so ubnt has successfully deceived me into buying this thing, which is something-at but not 802.3at :(
<blocktrron>
I guess this is their goal
<stintel>
conclusion: stop buying ubnt ;)
<blocktrron>
dangole: i'm not implying this is the cause 2.5GE is not working
<blocktrron>
I just wanted to warn you from killing another board with this thing
<stintel>
was there a way to use nvmem-cells to get mac that is stored in ascii format ?
<dwmw2_gone>
dangole: The -512m suffix is purely for legacy anyway; not sure we need it at all if you really want to ditch legacy. We *used* to hard-code the amount of memory. But now U-Boot gets it from the preloader, and the kernel gets it from the DT that U-Boot hands it. So there's no need to hard-code it (and my board seems to have 1GiB anyway)
<dangole>
dwmw2_gone: will merge dts and dtsi into a single file named -emmc.dts then and also give that name for the image.
<dangole>
dwmw2_gone: (as NAND version is listed on UniElec site, we may split it up again for -emmc.dts and -nand.dts at a later point)
<Borromini>
stintel: are you still testing the EAP235-Wall?
<stintel>
Borromini: no
<stintel>
I'm running 2x EAP615-Wall and I'm never going back :P
<aparcar>
stintel: I'll test it myself :)(
minimal has quit []
<Borromini>
stintel: ok :P
<Borromini>
i have a mind of selling at least one if not two. and getting an EAP615-Wall as well...
<stintel>
it's wifi5 anyway and these are low prio at work
<stintel>
esp since we found ~30$ wifi6 ap with 256MB NAND and 512MB RAM
<Borromini>
and also mt76?
<stintel>
same as eap615-wall
<Borromini>
neat
<Borromini>
can you link to them?
<stintel>
I haven't found them myself :P
<Borromini>
oh :P
<stintel>
z-router zr-2662
<rsalvaterra>
stintel: Searching gets me your gist as the first result. :P
<Borromini>
:P
<stintel>
aparcar: it'll be next weekend probably before I have time for OpenWrt related stuff aside from my day job
<rsalvaterra>
Where did you hear about it? It's basically non-existent on the internet.
<Borromini>
seems like Asia/China only stuff
<stintel>
rsalvaterra: work had 2 units shipped to me
<rsalvaterra>
Oh…!
<stintel>
afk
<rsalvaterra>
So they aren't vapourware…
<rsalvaterra>
They're stintelware, because only stintel has them. :P
<Borromini>
:P
srslypascal has quit [Quit: Leaving]
srslypascal has joined #openwrt-devel
Luke-Jr has quit [Ping timeout: 480 seconds]
PaulFertser has quit [Ping timeout: 480 seconds]
PaulFertser has joined #openwrt-devel
pmelange has joined #openwrt-devel
Luke-Jr has joined #openwrt-devel
mattytap__ has joined #openwrt-devel
Borromini has quit [Quit: leaving]
mattytap_ has quit [Ping timeout: 480 seconds]
dedeckeh has quit [Remote host closed the connection]
mattytap_ has joined #openwrt-devel
mattytap__ has quit [Ping timeout: 480 seconds]
SamantazFox is now known as Guest510
Guest510 has quit [Read error: Connection reset by peer]
SamantazFox has joined #openwrt-devel
<rsalvaterra>
Uh… is it just me, or qosify fails at make download because it's trying to check for the clang version when, well… it doesn't exist yet (in the staging_dir)…? (With CONFIG_USE_LLVM_BUILD.)
<mangix>
Sounds about right
<rsalvaterra>
:P
* rsalvaterra
hates to be right.
<dangole>
dwmw2: i've updated the tree doing the re-merge of the dtsi and only-user dts file as well as renaming. would be great if you can give that one (hopefully) last round of testing and then i'd say it's good to go.
<mangix>
What is this bad block table thing?
<dangole>
mangix: mediatek's legacy way to deal with SLC NAND flash. it is implemented in their bootchain, so if we want to keep that, devices have to support it.
<mangix>
Wonder if my e7350 has it.
<rsalvaterra>
Or my RM2100…
<dangole>
mangix: the recent changes by nbd allows using it selectively only on areas of the flash where we want it, which allows to use UBI anywhere else (ie. for rootfs and rootfs_data, to gain better wear-leveling and LVM-like abstraction from UBI)
<dangole>
mangix: using UBI in that way (ie. only for rootfs and rootfs_data) is already common on other platforms, eg. mvebu. just combining it with mediatek's legacy bad-block management didn't work well before that.
<dangole>
mangix: more recent mediatek SDK no longer comes it but also use UBI. but devices using it are now already out there.
xsw has joined #openwrt-devel
xsw has left #openwrt-devel [#openwrt-devel]
cmonroe has quit [Ping timeout: 480 seconds]
cmonroe has joined #openwrt-devel
<stintel>
moved my 2nd M300 into production as backup router! RIP APU2 :)
<stintel>
I might actually take the APU2 to Belgium, join it with its sybling and do a HA setup there as well
cmonroe has quit [Ping timeout: 480 seconds]
<aparcar>
stintel: before it rods away I'm happy to take it I just thought about buying one today
<aparcar>
stintel: btw I tested enabling nftsupport for iptables and that alone doesn't seem to break anything
<aparcar>
I'll merge it so people can start installing iptables-nft if they like
<stintel>
aparcar: last time I was in Belgium I was actually talking to my parents about replacing the ISP all-in-one-with-shitty-wifi by stuff under my control. if I'm going that route it *has* to be a redundant setup, and as there is already an APU there currently ...
<aparcar>
stintel: fair enough
cmonroe has joined #openwrt-devel
cmonroe has quit [Remote host closed the connection]
cmonroe has joined #openwrt-devel
<mangix>
dangole: hrm as configured I think my e7350 uses ubi for just overlay