| + natalie- (~natalie@user/natalie) | 00:06 | |
| - natalie (QUIT: Ping timeout: 248 seconds) (~natalie@user/natalie) | 00:06 | |
| switchy | frickler: I believe I'm seeing the imbalanced cells as well: the "bottom" battery on my pocket is always 0.2-0.3V greater than the top. also significantly dischared even with the power switch off | 00:16 |
|---|---|---|
| switchy | perhaps I'm not looking for the right thing, but I don't see much in the forums -- was there more info about this? | 00:16 |
| - vagrantc (QUIT: Quit: leaving) (~vagrant@2600:3c01:e000:21:7:77:0:50) | 01:34 | |
| - chomwitt (QUIT: Ping timeout: 246 seconds) (~chomwitt@2a02:587:7a13:5400:1ac0:4dff:fedb:a3f1) | 01:50 | |
| + ZylonMaster (~hjcs@syn-098-015-248-249.res.spectrum.com) | 02:10 | |
| - cobra (QUIT: Remote host closed the connection) (~cobra@user/Cobra) | 02:17 | |
| + cobra (~cobra@user/Cobra) | 02:28 | |
| - mjw (QUIT: Ping timeout: 252 seconds) (~mjw@gnu.wildebeest.org) | 02:39 | |
| - ZylonMaster (QUIT: Quit: Leaving) (~hjcs@syn-098-015-248-249.res.spectrum.com) | 03:03 | |
| - cobra (QUIT: Quit: ZNC 1.8.2 - https://znc.in) (~cobra@user/Cobra) | 03:11 | |
| + bkeys (~Thunderbi@50.96.248.167) | 03:19 | |
| - Kooda (QUIT: Ping timeout: 252 seconds) (~kooda@natsu.upyum.com) | 03:29 | |
| - nsc (QUIT: Ping timeout: 252 seconds) (~nicolas@69-98-142-46.pool.kielnet.net) | 03:35 | |
| + nsc (~nicolas@124-96-142-46.pool.kielnet.net) | 03:37 | |
| - BoostisBetter (QUIT: Remote host closed the connection) (4a410829d7@irc.cheogram.com) | 03:45 | |
| - SavagePeanut (QUIT: Remote host closed the connection) (59eaa45ac7@irc.cheogram.com) | 03:45 | |
| + cobra (~cobra@user/Cobra) | 04:03 | |
| - bkeys (QUIT: Ping timeout: 272 seconds) (~Thunderbi@50.96.248.167) | 04:22 | |
| + colinsane (~colinunin@97-113-134-214.tukw.qwest.net) | 04:35 | |
| - colinsane (QUIT: Ping timeout: 252 seconds) (~colinunin@97-113-134-214.tukw.qwest.net) | 04:44 | |
| + jacobk (~quassel@47-186-65-73.dlls.tx.frontiernet.net) | 04:54 | |
| + cobra_ (~cobra@user/Cobra) | 05:15 | |
| - cobra (QUIT: Read error: Connection reset by peer) (~cobra@user/Cobra) | 05:16 | |
| - hairu (QUIT: Remote host closed the connection) (m-uotkmd@user/hairu) | 05:41 | |
| + hairu (m-uotkmd@user/hairu) | 05:43 | |
| + Kooda (~kooda@natsu.upyum.com) | 06:13 | |
| - laumann_ (QUIT: Changing host) (~quassel@2a0a-e5c0-2-2-0-c8ff-fe68-bef1.loves.ipv6.at.ungleich.ch) | 06:38 | |
| + laumann_ (~quassel@user/laumann) | 06:38 | |
| * laumann_ -> laumann | 06:39 | |
| - cow321 (QUIT: Read error: Connection reset by peer) (~deflated8@user/meow/deflated8837) | 07:01 | |
| + cow321 (~deflated8@user/meow/deflated8837) | 07:12 | |
| + colinsane (~colinunin@97-113-134-118.tukw.qwest.net) | 07:26 | |
| - colinsane (QUIT: Ping timeout: 252 seconds) (~colinunin@97-113-134-118.tukw.qwest.net) | 07:31 | |
| + chomwitt (~chomwitt@2a02:587:7a13:5400:1ac0:4dff:fedb:a3f1) | 07:33 | |
| - nybble (QUIT: Ping timeout: 268 seconds) (~sprang@user/csprng) | 07:35 | |
| - GNUmoon (QUIT: Remote host closed the connection) (~GNUmoon@gateway/tor-sasl/gnumoon) | 08:22 | |
| + GNUmoon (~GNUmoon@gateway/tor-sasl/gnumoon) | 08:23 | |
| - wickedshell (QUIT: Ping timeout: 260 seconds) (~wickedshe@2601:8c0:800:4baa:5cb6:f8a6:dfd0:2b7b) | 09:46 | |
| [tj] | how do I add my crypttab to initramfs? | 09:51 |
| josch | [tj]: which operating system? which initramfs generation tool? | 09:52 |
| [tj] | pocket reform? I have no experience doing fde on linux this manually | 09:52 |
| josch | but you want to do it manually? what do you ultimately want to do? | 09:52 |
| [tj] | I migrated with reform-migrate and it implied I had to set up the disk manually | 09:53 |
| josch | in debian, luks is automatically baked into your initramfs | 09:53 |
| josch | if you use reform-migrate, then yes it's up to you to set up the disk the way you want | 09:53 |
| josch | if you want full disk encryption, maybe consider using reform-setup-encrypted-nvme instead? | 09:53 |
| [tj] | thanks for your help | 09:56 |
| [tj] | I am finding this very frustrating, reform-setup-encrypted isn't in the handbook | 09:56 |
| [tj] | there are only 4 tools in the handbook and my default not all are in $PATH | 09:56 |
| josch | [tj]: you are right, i also think these tool should be documented in the handbook | 09:57 |
| [tj] | so I have migrated from emmc to nvme and I have to manually unlock the luks volume. That doesn't seem like a sitation that will lead to good results if I wipe the nvme | 09:58 |
| josch | As you know we talked about PATH yesterday. I'm inclined to just move all tools into /usr/bin and then they will be in PATH by default. | 09:59 |
| [tj] | at a minimum reform-setup-encryped should be mentioned in the help text for reform-migrate. I searched for examples of people doing this and things got very complex very quickly | 09:59 |
| josch | [tj]: i don't understand your message before the last. Can you rephrase please? | 09:59 |
| [tj] | I ran reform-migrate, I now boot from emmc with / on nvme | 10:00 |
| [tj] | but I get dropped to a shell during boot because it can't find /dev/mapper/crypt | 10:00 |
| josch | [tj]: that's a good idea. I will add reform-setup-encrypted-nvme to the --help output and man page of reform-migrate | 10:00 |
| [tj] | so I guess I have two installs now, one on emmc and one on nvme | 10:00 |
| josch | [tj]: maybe it is easiest if you start from scratch now that you know that a tool exists that automates the setup for you? Maybe that's easier than fixing your existing install? Or did you already configure too much for that to be an option? | 10:01 |
| [tj] | I can start from scratch, I didn't want to do anything on the emmc | 10:02 |
| josch | [tj]: please keep asking questions and lets improve the documentation in the process. It helps me if you tell me where you looked for information and then we can add more docs to that place so that the next person looking there will find the answer. | 10:03 |
| + Ar|stote|is (~linx@149.210.0.86) | 10:03 | |
| [tj] | I searched with kagi | 10:04 |
| [tj] | and look in the handbook, the handbook on my poccket doesn't work, so I use the web one | 10:04 |
| - jacobk (QUIT: Ping timeout: 260 seconds) (~quassel@47-186-65-73.dlls.tx.frontiernet.net) | 10:04 | |
| josch | what is kagi? | 10:05 |
| + jacobk (~quassel@47-186-65-73.dlls.tx.frontiernet.net) | 10:05 | |
| [tj] | a search engine | 10:05 |
| josch | what happens with the handbook on the pocket? what error message do you get? | 10:05 |
| [tj] | it starts in firefox and none of the hyperlinks work | 10:05 |
| [tj] | so I can only see the main page | 10:05 |
| josch | /o\ | 10:06 |
| josch | how did nobody see that yet? :( | 10:06 |
| josch | thank you for reporting this | 10:06 |
| [tj] | I am very good at not being able to use computers | 10:06 |
| [tj] | it might be the handbook in the repo rather than the one that ships which is the issue, I didn't check to see if it updated | 10:06 |
| josch | [tj]: i've now added these sentences to the reform-migrate --help output: https://paste.debian.net/hidden/f80806fb/ | 10:18 |
| josch | i hope that helps | 10:19 |
| [tj] | does setup-encrypted also do the migration process? | 10:22 |
| josch | yes | 10:23 |
| josch | [tj]: it should say so in the man page and in the --help output | 10:23 |
| [tj] | cool, I was just check so they text was correct | 10:24 |
| josch | good :) | 10:24 |
| [tj] | does that mean the migration process is implemented twice? | 10:24 |
| josch | [tj]: the migration process is just an rsync invocation | 10:25 |
| [tj] | heh | 10:25 |
| [tj] | but it also reconfigured emmc for boot? | 10:25 |
| josch | yes, unless you tell it otherwise | 10:25 |
| [tj] | so is that implemented in to different shell scripts? | 10:25 |
| [tj] | I should just look, sorry | 10:25 |
| josch | yes, reform-setup-encrypted-nvme calls the other scripts | 10:26 |
| josch | like reform-boot-config | 10:26 |
| [tj] | oh cool, so I could just use reform-boot-config to go back to emmc and then use encrypyed-setup to do the nvme properly | 10:26 |
| [tj] | I'm getting something ready for code review so I'm very distractable today | 10:26 |
| [tj] | and yesterday | 10:26 |
| josch | reform-boot-config will work *if* your rootfs works | 10:28 |
| [tj] | I'll try that first | 10:28 |
| josch | reform-boot-config only sets up the first partitions on either emmc or sd-card to boot the rootfs you have | 10:28 |
| josch | to start from scratch, flash the latest rescue system on an sd-card and boot that | 10:29 |
| josch | i also cannot reproduce the pocket-reform-handbook problem | 10:30 |
| josch | the links work fine over here | 10:30 |
| [tj] | I'll try again before doing anything destructive | 10:31 |
| josch | [tj]: the plan is, that the reform-setup-wizard offers you to run reform-setup-encrypted-nvme automatically. At that point, you don't need to worry anymore about which script to run but just press a button in the GUI | 10:31 |
| [tj] | you should consider the case where someone plays with the pocket first then installs the nvme | 10:31 |
| [tj] | even though I had it to install I used the pocket first | 10:32 |
| josch | this is unfortunately a difficult problem to solve | 10:32 |
| josch | and it's not like other distros have a solution for that either | 10:32 |
| josch | the process of "i install a new hard drive and now want to move my system to it" is generally a manual one | 10:33 |
| [tj] | totally | 10:33 |
| [tj] | a better position would be creating an encrypted dataset for each user, migrating that should be easy and then theres never a clear disk | 10:34 |
| [tj] | but I only really know the terminlogy for zfs let alone lvm | 10:35 |
| josch | the license of zfs does not allow somebody to ship the compiled binary, so we cannot legally distribute a system image using zfs | 10:37 |
| [tj] | I'm going to disagree, but there is no point arguing about it | 10:39 |
| [tj] | can't you do a dataset style thing with lvm? | 10:40 |
| hramrach | what is a dataset? | 10:42 |
| josch | possibly | 10:42 |
| josch | but that will make things even less standard | 10:42 |
| josch | the lvm+luks setup is what debian-installer creates | 10:42 |
| josch | reform-setup-encrypted-nvme tries to mimic that in an effort to be more familiar to existing debian linux users | 10:42 |
| [tj] | smallest change to the norm is best | 10:43 |
| [tj] | hramrach: dataset is basically a virtual disk on top of a storage pool, they are called volumes in apfs | 10:43 |
| hramrach | and you have one per user? how do you unlock it? | 10:45 |
| [tj] | integrate with the log in system and unlock with the users passphrase | 10:46 |
| hramrach | so probably some special PAM module that both logs in the user and unlocks the volume | 10:48 |
| hramrach | which also means no ssh with keys | 10:48 |
| [tj] | maybe not on first boot | 10:51 |
| [tj] | mac os machines also can't do that | 10:51 |
| hramrach | did not come here to find out more things that suck about OS X :) | 10:57 |
| [tj] | :D | 10:57 |
| [tj] | it is a very frustrating thing if you do development on a remote mac (so you can type into a sensible computer). You have to go and log in after each boot | 10:57 |
| hramrach | it's not impossible but sshd would need much tughter integration with the OS authentication stack | 10:59 |
| [tj] | sshd has pam integration, but I'm really at the limit of what I have experience with | 11:02 |
| hramrach | also not sure the scheme would be very sound cryptographically, you would need to store a copy of the passphrase or some other key encrypted with the SSH key, send it to the client, have it decrypt it and send it back, ugh | 11:03 |
| [tj] | you can just encrypt the disk key twice, once with the ssh private key and once with the passphrase | 11:04 |
| hramrach | that would not work, you need an extra step so that you can replace the key that is shared without re-encrypting the disk | 11:07 |
| [tj] | I don't think I was clear, you are only encrpting the disk key, which is then used to access the disk | 11:08 |
| hramrach | yes, you do not use the key directly, you use a passphrase that decrypts that key, and you should do so even if using ssh | 11:09 |
| hramrach | the problem is sshd knows absolutely nothing about that. It only knows about authorized keys | 11:13 |
| [tj] | it is probable than pam can handle this, if you want to implement this I know the pam author | 11:15 |
| gl0b | i joined the slicon-nitride-trackball-club this morning. very happy with it so far! | 11:36 |
| gl0b | i left it out overnight to oxidise at the suggestion of grimmware, but it was barely tracking had a bit of friction to it when i first installed it. after a few minutes of idly rolling it around, it tracks properly and is ridiculously smooth. maybe the finger-grease helped... | 11:38 |
| - chomwitt (QUIT: Ping timeout: 260 seconds) (~chomwitt@2a02:587:7a13:5400:1ac0:4dff:fedb:a3f1) | 11:38 | |
| hramrach | [tj]: it cannot. PAM does not know about SSH keys, SSH does not send keys through PAM | 11:39 |
| josch | i wonder what i'm doing wrong with my silicon nitride ball :( | 11:40 |
| + wickedshell (~wickedshe@2601:8c0:800:4baa:5980:3d01:e7ca:662c) | 11:53 | |
| + mjw (~mjw@gnu.wildebeest.org) | 11:57 | |
| gl0b | josch: not working? | 12:03 |
| josch | it tracks very, very badly | 12:04 |
| + robin_ (~robin@user/terpri) | 12:26 | |
| grimmware | josch: have you tried getting a different one? | 12:26 |
| - robin (QUIT: Ping timeout: 248 seconds) (~robin@user/terpri) | 12:29 | |
| josch | grimmware: not another experiment for 30 EUR with unclear outcome :) | 12:36 |
| grimmware | oof, fair, mine was £5ish for the 15mm one | 12:37 |
| josch | the 25 mm balls are probably a fair bit more expensive | 12:38 |
| hramrach | yes, for the pocket it's much better deal | 13:01 |
| + gustav28 (~gustav@c-78-82-55-220.bbcust.telenor.se) | 13:02 | |
| - mjw (QUIT: Ping timeout: 252 seconds) (~mjw@gnu.wildebeest.org) | 13:35 | |
| - Ar|stote|is (QUIT: Ping timeout: 252 seconds) (~linx@149.210.0.86) | 13:36 | |
| * Guest8537 -> mjw | 13:42 | |
| - jn (QUIT: Ping timeout: 252 seconds) (~quassel@user/jn/x-3390946) | 14:08 | |
| + jn (~quassel@user/jn/x-3390946) | 14:08 | |
| + chomwitt (~chomwitt@2a02:587:7a13:5400:1ac0:4dff:fedb:a3f1) | 14:14 | |
| gl0b | ah ok, mine is a for a pocket and was £6 (shipped) on ebay | 14:16 |
| gl0b | perhaps you need greasier hands... | 14:17 |
| josch | i let my daughter play with it outside -- i think it's had its fair share of dirt on it ;) | 14:21 |
| hramrach | but is it the right kind of dirt? :) | 14:22 |
| + bkeys (~Thunderbi@h167.248.96.50.static.ip.windstream.net) | 14:41 | |
| - bkeys (QUIT: Ping timeout: 252 seconds) (~Thunderbi@h167.248.96.50.static.ip.windstream.net) | 14:57 | |
| grimmware | it needs to be open source dirt | 15:11 |
| grimmware | otherwise you need to enable the nonfree repos for debian to recognize it | 15:12 |
| grimmware | inb4 someone tells me I'm using the wrong FOSS terminology | 15:12 |
| - cow321 (QUIT: Ping timeout: 260 seconds) (~deflated8@user/meow/deflated8837) | 15:13 | |
| + bkeys (~Thunderbi@38-146-94-247.echocast.zone) | 15:29 | |
| - bkeys (QUIT: Client Quit) (~Thunderbi@38-146-94-247.echocast.zone) | 15:33 | |
| josch | drats i knew it was a problem to enable non-free-firmware! | 15:33 |
| + bkeys1 (~Thunderbi@38-146-94-247.echocast.zone) | 15:33 | |
| + bkeys (~Thunderbi@2607:fb90:3f5f:895a:62ed:9:7777:c467) | 15:36 | |
| - bkeys1 (QUIT: Ping timeout: 252 seconds) (~Thunderbi@38-146-94-247.echocast.zone) | 15:38 | |
| - chomwitt (QUIT: Ping timeout: 248 seconds) (~chomwitt@2a02:587:7a13:5400:1ac0:4dff:fedb:a3f1) | 15:50 | |
| + cow321 (~deflated8@user/meow/deflated8837) | 15:56 | |
| [tj] | josch: moving back to emmc for boot worked, running setup-encrypted worked, but seems to have failed to config boot | 16:03 |
| [tj] | so the pocket just booted from emmc | 16:03 |
| [tj] | and now emmc is /dev/mmcblk2p* | 16:04 |
| frickler | [tj]: iiuc you cannot boot from nvme directly, /boot needs to stay on either emmc or sdcard | 16:10 |
| frickler | the question is whether / is on the crypt device properly? | 16:11 |
| [tj] | ah I think migrate didn't run | 16:19 |
| [tj] | I think I typed "Y" rather than "y" | 16:19 |
| [tj] | yeah that was it | 16:23 |
| [tj] | ACTION contemplates porting nomoresecrets shell script to be the disk key prompt | 16:24 |
| + bkeys1 (~Thunderbi@38-146-94-247.echocast.zone) | 16:39 | |
| josch | [tj]: did your problem solve itself? | 16:40 |
| [tj] | I solved it by typing in the correct case | 16:40 |
| josch | hrm... maybe the prompt should be case-insensitive... | 16:41 |
| [tj] | yeah and reject anything other than YyNn | 16:41 |
| - bkeys (QUIT: Ping timeout: 260 seconds) (~Thunderbi@2607:fb90:3f5f:895a:62ed:9:7777:c467) | 16:43 | |
| * bkeys1 -> bkeys | 16:43 | |
| - bkeys (QUIT: Quit: With every step we take, danger will follow closely) (~Thunderbi@38-146-94-247.echocast.zone) | 16:48 | |
| + bkeys (~Thunderbi@38-146-94-247.echocast.zone) | 16:48 | |
| + Ar|stote|is (~linx@149.210.12.183) | 16:51 | |
| - wickedshell (QUIT: Remote host closed the connection) (~wickedshe@2601:8c0:800:4baa:5980:3d01:e7ca:662c) | 17:08 | |
| - kfx (PART: .) (~kfx@wopr.sciops.net) | 17:19 | |
| + rah (rah@verain.settrans.net) | 17:22 | |
| rah | is it expected that the display on the Reform 2 will work out of the box with mainline Linux? | 17:23 |
| rah | I've booted 6.6.77 but I get no console | 17:24 |
| rah | the framebuffer is using something called msxfb rather than imx-dcss on the stock Debian | 17:26 |
| - bkeys (QUIT: Quit: With every step we take, danger will follow closely) (~Thunderbi@38-146-94-247.echocast.zone) | 17:39 | |
| josch | good question, i was meaning to test what works and what does not with mainline | 17:40 |
| + bkeys (~Thunderbi@38-146-94-247.echocast.zone) | 17:40 | |
| rah | it's not expected to work then, I see | 17:40 |
| josch | it is just tested only very seldom | 17:41 |
| josch | it might work | 17:41 |
| rah | but it's not expected to work | 17:42 |
| josch | rah: mainly but with custom dtb, right? | 17:42 |
| josch | *mainline | 17:42 |
| josch | oh no wait, i recently *did* test this | 17:43 |
| josch | no, display does not work with mainline dtb | 17:43 |
| josch | i have a diff here: | 17:43 |
| rah | I'm not sure what you're asking, what do you mean by "custom"? | 17:43 |
| josch | https://source.mnt.re/reform/reform-debian-packages/-/merge_requests/84 | 17:43 |
| josch | mainline linux has a device tree for classic reform with imx8mq | 17:43 |
| rah | what do you mean by "custom"? | 17:44 |
| josch | but with that you don't get display output nor lpc communication | 17:44 |
| josch | custom is the one that gets patched by the gitlab CI pipeline | 17:45 |
| josch | custom in the sense that it is not mainline | 17:45 |
| rah | I don't understand what you're asking | 17:45 |
| josch | the missing bits from mainline are in that merge request i linked above | 17:45 |
| josch | maybe i misunderstand you then? | 17:45 |
| josch | the simple answer to your question is: mainline linux will not get you display output | 17:46 |
| josch | rah: does that answer your question? | 17:49 |
| rah | the question had already been answered thanks but yes | 17:50 |
| + mark_ (~mjw@gnu.wildebeest.org) | 17:50 | |
| [tj] | how do I track the state of the art on suspend/resume? | 17:54 |
| [tj] | is there a wiki? | 17:54 |
| josch | [tj]: https://source.mnt.re/reform/reform-debian-packages/-/wikis/Suspend | 17:55 |
| [tj] | thanks! | 17:55 |
| - L29Ah (PART: !!unknown attribute: msg!!) (~L29Ah@wikipedia/L29Ah) | 17:56 | |
| + nybble (~sprang@user/csprng) | 17:56 | |
| [tj] | I love it! I guess I'll start hacking | 17:56 |
| + vagrantc (~vagrant@2600:3c01:e000:21:7:77:0:50) | 18:00 | |
| + chomwitt (~chomwitt@2a02:587:7a13:5400:1ac0:4dff:fedb:a3f1) | 18:11 | |
| + L29Ah (~L29Ah@wikipedia/L29Ah) | 18:13 | |
| * robin_ -> robin | 18:36 | |
| - L29Ah (PART: !!unknown attribute: msg!!) (~L29Ah@wikipedia/L29Ah) | 19:40 | |
| + L29Ah (~L29Ah@wikipedia/L29Ah) | 20:06 | |
| - bkeys (QUIT: Quit: With every step we take, danger will follow closely) (~Thunderbi@38-146-94-247.echocast.zone) | 20:15 | |
| + bkeys (~Thunderbi@38-146-94-247.echocast.zone) | 20:15 | |
| + wickedshell (~wickedshe@2601:8c0:800:4baa:3e94:e46c:70bd:62d) | 20:28 | |
| - aperezdc (QUIT: Remote host closed the connection) (~aperezdc@46.23.89.43) | 20:46 | |
| + aperezdc (~aperezdc@2a03:6000:6e61:633::43) | 20:47 | |
| - cow321 (QUIT: Ping timeout: 252 seconds) (~deflated8@user/meow/deflated8837) | 21:03 | |
| + cow321 (~deflated8@user/meow/deflated8837) | 21:24 | |
| - Ar|stote|is (QUIT: Ping timeout: 248 seconds) (~linx@149.210.12.183) | 21:40 | |
| + Ar|stote|is (~linx@149.210.17.53) | 21:44 | |
| - gustav28 (QUIT: Quit: Quit) (~gustav@c-78-82-55-220.bbcust.telenor.se) | 22:15 | |
| - kensanata (QUIT: Quit: OK) (~alex@user/kensanata) | 22:35 | |
| + kensanata (~alex@user/kensanata) | 22:35 | |
| - bkeys (QUIT: Ping timeout: 245 seconds) (~Thunderbi@38-146-94-247.echocast.zone) | 22:36 | |
| - chomwitt (QUIT: Ping timeout: 268 seconds) (~chomwitt@2a02:587:7a13:5400:1ac0:4dff:fedb:a3f1) | 23:53 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!