See https://forums.puri.sm/t/pureos-better-integration-with-pureboot/14765
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Sep 22 2021
Won't users have to sign the package with their email address? So won't the email address have to be in the keyring? Or is there a workaround?
This is a good question. Since it affects security in the archive I'd like to have consensus and have Matthias' view.
I think this is an issue with the runtime that Gitg uses.
Sep 20 2021
Sep 10 2021
Sep 7 2021
Sep 3 2021
The name "Hephaestus" is going to be deprecated and removed in favor of just the version number, e.g. PureOS 9 Amber, Pureos 10 Byzantium, etc.
Aug 13 2021
Aug 12 19:25:07 sigyn kernel: PM: suspend entry (deep)
Aug 12 19:25:07 sigyn systemd-sleep[14674]: Suspending system...
Aug 12 19:25:07 sigyn systemd[1]: Starting Suspend...
Aug 12 19:25:07 sigyn systemd[1]: Reached target Sleep.
Aug 12 19:25:07 sigyn kernel: r8169 0000:02:00.0 enp2s0: Link is Down
Aug 12 19:25:07 sigyn NetworkManager[617]: <info> [1628810707.6702] device (enp2s0): state change: disconnected -> unmanaged (reason 'sleeping', sys-iface-state: 'managed')
For completeness, you're referring to https://pureos.net/ ?
Jun 17 2021
Jun 2 2021
In general I feel it's better that we receive into PureOS Debian packages as maintained by our upstream, namely Debian. It gives me pause that in this case, the maintainer of libpam-poldi and the person doing a lot of commits in the GitHub mirror are the same person: https://github.com/gpg/poldi/commits/master I don't know what it means that the package hasn't been updated in Debian - does the maintainer not have enough time? Is the patch still undergoing testing?
PureOS 10 has
We should not use this tool (Phabricator) to host source code.
I've uninstalled diffusion. Apparently this is sufficient to remove it from the various menus and it says "uninstalled" here: https://tracker.pureos.net/applications/view/PhabricatorDifferentialApplication/
May 21 2021
May 14 2021
May 10 2021
The link goes to Debian branded page with little or no useful content at the moment. Filed issue.
May 8 2021
Apr 29 2021
Yes, let's create a PureOS Policy document. To be clear, we base it on Debian Policy and we add the parts where PureOS deviates. The document is meant to be an authoritative requirements document so ought to use nomenclature to indicate requirement levels either identical to Debian's nomenclature or the IETF nomenclature: https://tools.ietf.org/html/rfc2119
Using pureos/byzantium or pureos/amber with or without -phone is somewhat easier for me since it clarifies which branch is destined for which target suite. In my mind, pureos/latest points to the branch that you work from to create pureos/*.
I reverted to an older document because the NEW Queue is 404'ing at the moment.
Let's keep in mind that we also implement, in the PureOS case, the tools that do package processing. This means we can mandate a set of git tags along with git (obviously) and gbp. I guess the issue with git tags is that some Debian packages do not use git tags, but we can add them for PureOS without much issue no?
Apr 26 2021
Apr 20 2021
Apr 18 2021
Apr 16 2021
@guido Yes, okay to update. I'll do it unless you get to it first.
Then let's go with g) until / unless we determine this is unsuitable. It may lead to tags like "fixed in Byzantium" or "fixed in Amber" but those ought to be easily managed and I think we already have a "fixed in Byzantium" tag.
Apr 6 2021
Architecturally this should actually be implemented in such a way that a bugtracker change emits a new message on Laniakea's ZeroMQ-based message-bus, and that message is then picked up by the Matrix bot and relayed to the channel
that way, other consumers can pick up the messages as well and act on them for other purposes than showing a channel message (that's how automatic bug closing was implemented in the past, actually)
(but "in the past" means deep in the past where Trac was used for bugtracking)
The messages Laniakea sends are multipart-ZeroMQ messages with a header/subject in rDNS form, like _lk.archive.new-package and a JSON body with a few standardized fields and one freeform "data" part. The JSON part is signed with an Ed25519 signature from the messaging relay, so messages can be authenticated as correct
(message submission happens via a Curve25519-encrypted connection to a relay, from where they are distributed to interested parties)
and yes, this should absolutely be documented properly ;-)
Fortunately, the Laniakea Python module has helpers for this stuff so you don't have to touch it directly - in theory all this needs is a consumer of bug tracker events that submits them to the relay, and then the Matrix bot only needs to be told how to convert the messages into human-readable form
https://github.com/lkhq/laniakea/tree/master/src/mirk is the tool we use to push to Matrix.
With which version of openvpn? Some of the links you provided indicated older versions of openvpn were the issue, we have a newer version in Byzantium now.
Apr 5 2021
I guess the next step is to try to reproduce with Librem Tunnel.
In Byzantium, I see openvpn at version 2.5.1-1. I created a new Purist openvpn certificate, loaded that cert into Network Manager, and as expected received the tun0 interface. I then used the browser to determine my IP and the browser returned 'Your IP address is in Gunzenhausen, Bayern, Germany (91710)' which is the end point of the VPN apparently because normally my address is in Oakville, Connecticut, United States (06779).
Apr 4 2021
Glad to hear you got it up an running!
Mar 31 2021
I still get this in Byzantium;
You'll need a recent kernel which is why Amber won't run - I'm using 5.10.0-4-amd64 #1 SMP Debian 5.10.19-1 (2021-03-02) x86_64 GNU/Linux but I'm surprised the one from the OEM ISO didn't work for you. Did you use this to install: http://downloads.pureos.net/byzantium/gnome-oem/2020-11-20/?
Mar 26 2021
Which hardware? Which version of plymouth? Amber or Byzantium?
Added to debian/control file, patch merged.
Mar 25 2021
Mar 18 2021
Merge request holding Vcs fields here: https://source.puri.sm/Librem5/debs/squeekboard/-/merge_requests/3
I'll inquire with MLS to see how we get a key.
Mar 17 2021
Mar 16 2021
Are we trying to get an API key from Mozilla Location Services?
What are we trying to achieve?
I don't know if we have a formal policy around the Mozilla location services though I don't think we should be using Debian's. I think we need to create a policy or at least have a process to do so.
Mar 15 2021
Mar 11 2021
Mar 9 2021
Good points.
Mar 8 2021
I made the changes to the debian/control file (maintainer email address, VCS-*) mandatory.
I can confirm this;
I did two runs of 1000 calls to the server and did not see any anomalies.
Certificate version: 3 Valid from: Oct 7 19:21:40 2020 GMT Valid to : Sep 29 19:21:40 2021 GMT Public key is 2048 bits The issuer name is /O=Digital Signature Trust Co./CN=DST Root CA X3 The subject name is /C=US/O=Let's Encrypt/CN=R3 Extension Count: 8 Peer certificate Certificate version: 3 Valid from: Feb 27 18:12:29 2021 GMT Valid to : May 28 18:12:29 2021 GMT Public key is 2048 bits The issuer name is /C=US/O=Let's Encrypt/CN=R3 The subject name is /CN=downloads.pureos.net Extension Count: 9 Transport Protocol :TLSv1.2 Cipher Suite Protocol :TLSv1.2 Cipher Suite Name :ECDHE-RSA-AES128-GCM-SHA256 Cipher Suite Cipher Bits:128 (128) SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 39DB1E294804DA2D5AB727DE4CF12062B4FA46A36F9DFA278CD675B3535CE0FD Session-ID-ctx: Master-Key: BCF95A63D726D1B9685B5293C6212D1CBD8620E94904D9D3A4CA8B6A9EAA6CF5976F668441B9F8F4DF24A70F457C5422 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86400 (seconds) TLS session ticket: 0000 - b1 a5 92 f4 25 9b 67 fc-d5 c9 5e 0b 0d ba e7 5e ....%.g...^....^ 0010 - 66 2e d9 f2 68 3a 4f e9-3e 00 9d 33 7b e2 66 49 f...h:O.>..3{.fI 0020 - ff 93 f6 af 6a a0 64 7b-84 eb fc 07 f1 bf 10 ba ....j.d{........ 0030 - 48 55 66 ca 4a 9e 44 de-3b 5e 7b f9 e0 e9 23 6a HUf.J.D.;^{...#j 0040 - 88 6f 52 da 28 43 c3 92-2b 9a da f7 d4 f1 3b 9c .oR.(C..+.....;. 0050 - 2e 6f 9c a3 71 78 cf f2-4d e6 b1 62 16 87 c3 01 .o..qx..M..b.... 0060 - 58 7d b4 9f 89 e2 e2 98-39 71 3b bd 05 06 5d 22 X}......9q;...]" 0070 - 0e b6 fc 17 2c 86 08 13-3c e3 65 24 a3 7b 45 9a ....,...<.e$.{E. 0080 - 31 10 70 30 1e d7 64 92-09 b4 10 bf 09 e9 be 10 1.p0..d......... 0090 - 18 56 32 e6 60 bf 0f 24-10 ae df 8f 48 b9 8f 48 .V2.`..$....H..H 00a0 - 1c e3 fa bc 2b a7 d2 52-da 1f cf 28 d1 01 cd 95 ....+..R...(.... 00b0 - 91 6b c6 b2 9d 60 96 a1-24 51 18 92 19 c9 ab 3b .k...`..$Q.....;
Server Software: nginx/1.10.3 Server Hostname: repo.pureos.net Server Port: 443 SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128 Server Temp Key: X25519 253 bits TLS Server Name: repo.pureos.net