| 00:19.44 | *** join/#oe infobot (ibot@rikers.org) |
| 00:19.44 | *** topic/#oe is OpenEmbedded Developer Lounge | Web: http://openembedded.org | Repositories: http://git.openembedded.org/ | Primary Repo Mirrors: https://github.com/openembedded | This is not a distro or machine support channel |
| 01:08.38 | *** join/#oe snowkidind (~textual@216.15.40.124) |
| 02:18.00 | *** join/#oe armpit (~armpit@2601:202:4000:1184:34b1:53bf:ee45:2976) |
| 02:42.54 | *** join/#oe LocutusOfBorg (LocutusOfB@gateway/shell/panicbnc/x-dkdutrpawnowgxkb) |
| 02:43.17 | *** join/#oe ljp (~quassel@2001:8003:645f:c300:ba27:ebff:febb:59b) |
| 03:05.45 | *** join/#oe jkridner (~jkridner@pdpc/supporter/active/jkridner) |
| 05:13.23 | *** join/#oe AndersD (~anders@194.237.220.218) |
| 05:20.31 | *** join/#oe t0mmy (~tprrt@217.114.201.133) |
| 06:27.11 | *** join/#oe rovanceo__ (~rovanceo@80.97.64.55) |
| 06:47.26 | *** join/#oe ant_home (~ant__@host254-202-dynamic.51-79-r.retail.telecomitalia.it) |
| 07:04.43 | *** join/#oe ao2 (~ao2@host102-86-dynamic.13-79-r.retail.telecomitalia.it) |
| 07:12.33 | *** join/#oe ntl (~nathanl@65-36-80-8.dyn.grandenetworks.net) |
| 07:20.39 | *** join/#oe cpriouzeau (~cpriouzea@164.129.115.76) |
| 07:21.29 | *** join/#oe florian (~florian_k@Maemo/community/contributor/florian) |
| 09:05.41 | *** join/#oe tom_nov (~Tomas@176.74.132.138) |
| 09:52.30 | *** join/#oe yegorich (~yegorich@mail.visionsystems.de) |
| 10:59.14 | *** join/#oe jkridner (~jkridner@pdpc/supporter/active/jkridner) |
| 11:35.29 | *** join/#oe ldnunes (~ldnunes_@187.23.153.102) |
| 11:45.35 | *** join/#oe khem (~khem@unaffiliated/khem) |
| 11:46.35 | *** join/#oe dv_ (~dv@62.178.50.190) |
| 11:49.31 | *** join/#oe jkridner (~jkridner@pdpc/supporter/active/jkridner) |
| 11:50.54 | smurray | moto-timo: Tartarus has been tinkering with the IMA stuff from one of the meta-secure-core layers, has it working reasonably well |
| 11:51.53 | *** join/#oe georgem_home (uid210681@gateway/web/irccloud.com/x-pbbpthkzzbolhmbf) |
| 11:56.56 | *** join/#oe ant_home (~ant__@host254-202-dynamic.51-79-r.retail.telecomitalia.it) |
| 12:37.50 | *** join/#oe nerdboy (~sarnold@gatekeeper.gentoogeek.org) |
| 12:47.16 | *** join/#oe gbritton (~Adium@static-173-76-34-203.bstnma.fios.verizon.net) |
| 13:07.04 | *** join/#oe marka (~masselst@184.175.21.48) |
| 13:14.32 | georgem | smurray: Tartarus mentioned he was working with it but I hadn't heard much about what he was using for policies. Other system design choices like file system layout and update mechanism can help or hurt the ability to write effective policies. Without using selinux labels on systemd unit files and then writing an IMA policy to enforce IMA signatures on that type I'm not sure how you'd protect those from modification for instance. |
| 13:15.27 | georgem | I'm kind of wondering if he's ventured into EVM or he's found that as infeasible as I did. |
| 13:16.04 | georgem | Or possibly some of the path based policy patches (pretty sure those were never upstreamed) |
| 13:20.13 | *** join/#oe vmeson (~rmacleod@192-0-133-4.cpe.teksavvy.com) |
| 13:20.15 | smurray | georgem: Tartarus can elaborate, thereâs been some work on more complicated policies, but I donât think weâve added selinux into the mix yet. |
| 13:24.01 | georgem | Ah, now I'm recalling he said someone else may have been handling some of the policy work |
| 13:28.43 | *** join/#oe brendank310 (d1d9d0e2@gateway/web/freenode/ip.209.217.208.226) |
| 13:32.17 | Tartarus | georgem: Yeah, so, to me one important part of meta-secure-core is that it does have all of the right hooks (afaict) in order to have your custom policy be dropped in via a layer and applied at boot time in the initramfs |
| 13:32.31 | Tartarus | The provided default policy is one of the "trivial" ones |
| 13:33.47 | georgem | Tartarus: ah. yeah I have a custom policy being applied in the initramfs as well |
| 13:34.35 | Tartarus | with m-s-c it's just a small bbappends to install and package your policy and then the init.ima script will check for and apply it |
| 13:35.10 | georgem | yeah. sounds like it's probably more straightforward |
| 14:07.50 | *** join/#oe rovanceo (~rovanceo@80.97.64.55) |
| 14:10.31 | *** join/#oe rcw (~rcw@128.224.252.2) |
| 15:18.34 | *** join/#oe AbleBacon (~AbleBacon@unaffiliated/ablebacon) |
| 15:32.57 | *** join/#oe stephano (~stephano@c-67-189-76-218.hsd1.or.comcast.net) |
| 16:00.27 | *** join/#oe t0mmy (~tprrt@ram31-1-82-234-79-177.fbx.proxad.net) |
| 16:14.12 | *** join/#oe georgem (~georgem@216.21.169.52) |
| 16:19.30 | *** join/#oe dv_ (~dv@62-178-50-190.cable.dynamic.surfer.at) |
| 16:21.31 | *** join/#oe florian_kc (~florian_k@Maemo/community/contributor/florian) |
| 16:37.13 | *** join/#oe AbleBacon_ (~AbleBacon@unaffiliated/ablebacon) |
| 16:40.17 | *** join/#oe icanicant (~icanicant@dsl-217-155-248-78.zen.co.uk) |
| 18:09.59 | *** join/#oe blight (~greg@80-109-10-222.cable.dynamic.surfer.at) |
| 18:09.59 | *** join/#oe blight (~greg@reactos/developer/blight) |
| 18:26.36 | *** join/#oe armpit (~armpit@c-71-204-143-8.hsd1.ca.comcast.net) |
| 18:27.48 | *** join/#oe florian_kc (~florian_k@Maemo/community/contributor/florian) |
| 18:40.01 | *** join/#oe gbritton (~Adium@static-173-76-34-203.bstnma.fios.verizon.net) |
| 19:01.28 | *** join/#oe rcw (~rcw@128.224.252.2) |
| 19:33.52 | *** join/#oe rcw (~rcw@128.224.252.2) |
| 19:56.11 | *** join/#oe ao2 (~ao2@host102-86-dynamic.13-79-r.retail.telecomitalia.it) |
| 19:59.12 | *** join/#oe ant_home (~ant__@host32-227-dynamic.182-80-r.retail.telecomitalia.it) |
| 20:06.16 | *** join/#oe dqx (~dqx@unaffiliated/dqx) |
| 20:36.19 | ant_home | khem, argh ... Alignment traps on armv5t with gcc 7.3 |
| 20:37.35 | ant_home | https://pastebin.com/FRQpXibj |
| 20:43.43 | georgem | hmmm. evince seems unable to open a PDF without abort()ing unless gsettings-desktop-schemas is installed. I suppose I ought to send a patch to add that as an RDEPENDS. |
| 20:46.50 | *** join/#oe rcw (~rcw@128.224.252.2) |
| 20:50.10 | khem | georgem: yes that would be good |
| 20:51.03 | georgem | k. will do |
| 20:51.29 | georgem | found that while testing the poppler patch |
| 20:51.56 | khem | ant_home: what is your build configuration, do you have thumb on or not ? |
| 20:53.32 | ant_home | khem, yes. It is a while I don't run-test userspace.. |
| 20:54.46 | ant_home | TARGET_SYS = "arm-oe-linux-musleabi" |
| 20:54.46 | ant_home | MACHINE = "c7x0" |
| 20:54.46 | ant_home | DISTRO = "nodistro" |
| 20:54.46 | ant_home | DISTRO_VERSION = "nodistro.0" |
| 20:54.46 | ant_home | TUNE_FEATURES = "arm armv5 thumb dsp" |
| 20:54.47 | ant_home | TARGET_FPU = "soft" |
| 20:55.17 | ant_home | master of today |
| 20:58.54 | *** join/#oe florian_kc (~florian_k@Maemo/community/contributor/florian) |
| 21:47.00 | *** join/#oe JaMa (~martin@217.30.68.212) |
| 22:15.42 | ant_home | khem, should I check gcc8 or gcc6 to verify it's gcc? |
| 22:16.13 | ant_home | (armv4 kernel seems miscompiled as well so I'd say gcc) |
| 22:16.42 | ant_home | I can fire a build overnite |
| 22:22.26 | *** join/#oe mattsm (~mattsm@75-13-95-234.lightspeed.austtx.sbcglobal.net) |
| 22:42.26 | *** join/#oe georgem_home (uid210681@gateway/web/irccloud.com/x-rswrmxnbwmrbyzjh) |
| 22:44.20 | *** join/#oe Jybz (~jibz@2a02:8071:9289:5900:4a51:b7ff:fe84:99e6) |
| 23:36.23 | *** join/#oe behanw (uid110099@gateway/web/irccloud.com/x-zaxnuwuyuszltkwd) |
| 23:53.48 | *** join/#oe armpit (~armpit@2601:202:4000:1184:34b1:53bf:ee45:2976) |