mcbridematt has quit [Remote host closed the connection]
rsalvaterra has quit [Ping timeout: 480 seconds]
mcbridematt has joined #openwrt-devel
swalker_ is now known as swalker
dangole has quit [Ping timeout: 480 seconds]
rsalvaterra has joined #openwrt-devel
schwicht has joined #openwrt-devel
ktifhfl has quit [Ping timeout: 480 seconds]
ktifhfl has joined #openwrt-devel
schwicht has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
schwicht has joined #openwrt-devel
schwicht has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
tersono has joined #openwrt-devel
<tersono>
I'm looking at the samba4 Makefile as an example of a package that needs python3 on the host and it's using `include ../../lang/python/python3-host.mk` to pull in the relevant definitions. It seems like this relative path works within `feeds/packages` but would no longer be correct once the package is symlinked into `package/feeds/packages'... and how do I go about using python3-host.mk from a package that's in a custom feed?
schwicht has joined #openwrt-devel
<tersono>
Hm lol of course I find the relevant README right after posting the question
tomn has quit [Quit: Lost terminal]
tomn has joined #openwrt-devel
schwicht has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
valku has quit [Quit: valku]
mrkiko has quit [Quit: leaving]
srslypascal is now known as Guest9857
srslypascal has joined #openwrt-devel
Guest9857 has quit [Ping timeout: 480 seconds]
goliath has joined #openwrt-devel
digitalcircuit has quit [Remote host closed the connection]
digitalcircuit has joined #openwrt-devel
srslypascal has quit [Quit: Leaving]
srslypascal has joined #openwrt-devel
srslypascal is now known as Guest9883
srslypascal has joined #openwrt-devel
noahm has quit [Ping timeout: 480 seconds]
robimarko has joined #openwrt-devel
noahm has joined #openwrt-devel
<robimarko>
Now that new WLAN vuln has been mitigated, are there plans for new point releases?
Guest9883 has quit [Ping timeout: 480 seconds]
<slh>
robimarko: there were plans to do that already before the vulnerability, http://lists.infradead.org/pipermail/openwrt-devel/2023-March/040749.html, I (can only-) assume that the vulnerability might delay the situation a week though, to see if that needs further fixups (e.g. only iwlwifi and mt76 have gotten driver specific changes, are the others covered just by the mac80211 side change or do they need
<olmari>
robimarko: bit offtopic, bit interested, what was vulnerable in wifi this time?
<dwfreed>
a nearby attacker could trick an AP into thinking a client was requesting powersave, and then clear the client's pairwise key by half-completing renegotiation; then when the client cleared powersave, the AP would send the buffered packets without any encryption
<olmari>
dwfreed, robimarko: ah, so this would be the "WNM Sleep Mode Fixes"
<f00b4r0>
dwfreed: although correct me if I'm wrong but said "attacker" would have to be already authenticated to the AP.
<f00b4r0>
this affects client isolation, but the attack is rather irrelevant in a typical home wifi setup.
<Znevna>
there's no option to make mss clamping apply to ipv4 only, is it?
<Znevna>
(easy option that is)
<f00b4r0>
Znevna: with iptables you would just add the rule to the v4 ruleset, I would expect a similar restriction can be achieved with nftables?
<dwfreed>
sure, but can't do that with fw3/fw4
<Znevna>
I did turn off mss clamping in LuCI and added a manual rule
<Znevna>
inserted*
<dwfreed>
doing it manually works, but I don't think you can do it via fw3/fw4
<Znevna>
but my wan restarted last night and I forgot about doing that and was about this close to call the ISP about my somewhat broken internet ;P
cbeznea has joined #openwrt-devel
dangole has joined #openwrt-devel
<dwfreed>
Znevna: you can configure a script that does that addition for you
<Znevna>
thought of that, I'll have to look into it. Not that MSS clamping is that bad for IPv6 but it might hide other problems like broken ISPs
bluew has quit [Ping timeout: 480 seconds]
noahm has quit [Ping timeout: 480 seconds]
noahm has joined #openwrt-devel
<dwfreed>
Znevna: honestly MSS clamping is good in general; it's the internet, there's going to be connectivity sometimes where the MTU is less than 1500; IPv6 allows as low as 1280
<Znevna>
sure, but it shouldn't be needed for IPv6
<dwfreed>
it can be
<f00b4r0>
broken ISPs will always be a thing ;P
<robimarko>
They are a feature, I would be worried if everything worked
xback has quit [Ping timeout: 480 seconds]
<f00b4r0>
;)
cbeznea has quit [Ping timeout: 480 seconds]
aiyion_ has joined #openwrt-devel
aiyion has quit [Read error: Connection reset by peer]
Tapper has joined #openwrt-devel
cbeznea has joined #openwrt-devel
xback has joined #openwrt-devel
owrt-2102-builds has quit [Quit: buildmaster reconfigured: bot disconnecting]
owrt-2102-builds has joined #openwrt-devel
owrt-2203-builds has quit [Quit: buildmaster reconfigured: bot disconnecting]
owrt-2203-builds has joined #openwrt-devel
schwicht has joined #openwrt-devel
danitool has joined #openwrt-devel
Atomicly- has joined #openwrt-devel
AtomiclyCursed has quit [Ping timeout: 480 seconds]
Atomicly- is now known as AtomiclyCursed
AtomiclyCursed2 has joined #openwrt-devel
schwicht has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
AtomiclyCursed has quit [Ping timeout: 480 seconds]
AtomiclyCursed2 is now known as AtomiclyCursed
schwicht has joined #openwrt-devel
<hgl>
is it possible to set a list with uci set? "uci show" gives something like network.wan.dns='1.1.1.1' '8.8.8.8', but prefix it with "set " in batch doesn't seem do set a list.
<hgl>
Ansuel, do you have time to take a look at the nginx PR? I'm still looking for a green light from a maintainer.
<Ansuel>
Do you have a link? Is it the bump or nginx-util?
<hgl>
Ansuel, here you go https://github.com/openwrt/packages/pull/19884, I'm looking to ditch nginx-util in favor of dynamic conf, want to know if you would give blessing to this approach. Also I want to model after uhttpd where http and https are separately offered, but Peter thinks it's better to only offer https. Would like your thought on that too.
<Ansuel>
For Https I agree with Peter. Nginx already require openssl and it's a big package. Not much sense to ship stuff with no SSL support if the bin is already big enough to not be suitable for space constraints devices
<Ansuel>
I need some time to read all the backlog for that pr
<hgl>
cool, so we will make nginx redirect to https by default
<hgl>
Ansuel: let me know if it's ok to proceed with further developing the PR.
<hgl>
jow: I looked at the source code if uci. it seems "uci set" can only set an option and not a list?
Borromini has joined #openwrt-devel
<hgl>
Ansuel: actually, there might be some misunderstanding, by "separately offering http and https", I don't mean compile nginx with or without openssl. I mean a solely difference in the default config we offer, you can find more info if you search "offer both http and https" in that PR comments.
<Ansuel>
Nono i got it right and for me I would set the redirect by default
<hgl>
ok
<nick[m]12>
hauke: I can try starting from a very clean state again. However, I thought I did this already.
<rmilecki>
hgl: i think "uci set" is for setting option value only (not a list)
<rmilecki>
some options may be interpreted by init.d scripts or UI code as lists anyway but i'd suggest to keep config files correct instead of depending on some extrae behaviour
<rmilecki>
hgl: so "uci add_list"
<hgl>
rmilecki: got it. so if I want to ensure a list only contains the values I want, i should do "uci delete" and "uci add_list" I guess?
<rmilecki>
hgl: yes I believe so
<hgl>
cool, thanks
Tapper has quit [Read error: Connection reset by peer]
tidalf has joined #openwrt-devel
sorinello has quit [Quit: Leaving]
sorinello has joined #openwrt-devel
xback has quit [Remote host closed the connection]
xback has joined #openwrt-devel
tidalf_ has quit [Ping timeout: 480 seconds]
danitool has quit [Quit: Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos]
tidalf_ has quit [Remote host closed the connection]
tidalf has joined #openwrt-devel
Borromini has quit [Quit: Lost terminal]
tidalf_ has joined #openwrt-devel
rsalvaterra has quit []
rsalvaterra has joined #openwrt-devel
tidalf has quit [Ping timeout: 480 seconds]
tidalf has joined #openwrt-devel
tidalf has quit [Remote host closed the connection]
tidalf has joined #openwrt-devel
tidalf_ has quit [Ping timeout: 480 seconds]
xback has quit [Remote host closed the connection]
xback has joined #openwrt-devel
cbeznea has joined #openwrt-devel
schwicht has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
djfe_ has joined #openwrt-devel
djfe has quit [Ping timeout: 480 seconds]
danitool has joined #openwrt-devel
tidalf_ has joined #openwrt-devel
tidalf has quit [Ping timeout: 480 seconds]
MaxSoniX has joined #openwrt-devel
xes_ has joined #openwrt-devel
xes has quit [Ping timeout: 480 seconds]
MaxSoniX has quit [Quit: Konversation terminated!]
Borromini has joined #openwrt-devel
robimarko has quit [Quit: Leaving]
tidalf has joined #openwrt-devel
tidalf_ has quit [Ping timeout: 480 seconds]
goliath has quit [Quit: SIGSEGV]
philipp64 has quit [Ping timeout: 480 seconds]
Borromini has quit [Quit: Lost terminal]
cbeznea has quit [Quit: Leaving.]
bluew has joined #openwrt-devel
djfe has joined #openwrt-devel
srslypascal has joined #openwrt-devel
srslypascal has quit [Remote host closed the connection]
djfe_ has quit [Ping timeout: 480 seconds]
<tersono>
It seems like when `python3/host` has been installed into `hostpkg/bin` subsequent dl_github_archive.py calls will fail due to lack of pyOpenSSL. Seems like dl_github_archive.py should be called with a different PATH that excludes hostpkg/bin?
<dwfreed>
python3/host should be fixed or eliminated
<dwfreed>
at the same time, I don't see any mention of pyopenssl in dl_github_archive.py ?