6 Aug 2021 |
linsui | In reply to @festplattenschnitzel:matrix.org linsui regarding https://gitlab.com/fdroid/fdroiddata/-/issues/2433#note_644994224: It's a really stupid error. You need to install "emulator" with "sdkmanager"; see https://github.com/NativeScript/nativescript-cli/issues/4265. You can add it here https://gitlab.com/fdroid/fdroiddata/-/blob/master/metadata/com.vishnuraghav.EnRecipes.yml#L34. Oh, weird bug... | 14:30:21 |
linsui | How can I install it? | 14:34:45 |
linsui | sdkmanager 'emulator'? | 14:35:30 |
linsui | Since image is not needed, this should be enough. | 14:37:55 |
linsui | https://github.com/tailscale/tailscale/issues/2603#issuecomment-894254713 | 14:58:05 |
linsui | Should we build go from source? | 14:58:17 |
_hc | In reply to @_oftc_jochensp:matrix.org Sylvia: the proposed solution is to integrate a HSM and transfer the keys to it This is the proposed solution for backing up the keys, then we can store the password to use the HSM separately. Speeding up signing of apps is purely a matter of coding it in fdroidserver. Anyone can do it using the ansible setup for the complete buildserver. | 15:40:16 |
Sylvia | But isn't the real issue that signing has bus factor 1? | 15:45:23 |
cde | I'd say there's 3 things that would help, I wanted to bring it up in the meeting but we ran out of time. | 16:24:52 |
cde |
- hsm signing
- buildbot
- multiple buildservers
| 16:26:45 |
proletarius101 | In reply to @cdesai:matrix.org
- hsm signing
- buildbot
- multiple buildservers
Since the build servers are in vms, we can naively scale out vms | 16:28:56 |
proletarius101 | The scheduling is handled in the outer vm anyway | 16:29:30 |
cde | proletarius101: with 3 I meant https://gitlab.com/fdroid/fdroidserver/-/issues/776 | 16:38:37 |
proletarius101 | In reply to @cdesai:matrix.org proletarius101: with 3 I meant https://gitlab.com/fdroid/fdroidserver/-/issues/776 That's great to have. Does that break our security model since it's built and signed by completely different parties? (Or we are already doing that?) | 16:49:41 |
cde | proletarius101: it'd technically still be built by fdroid I guess | 16:55:14 |
proletarius101 | In reply to @cdesai:matrix.org proletarius101: it'd technically still be built by fdroid I guess By security model I mean the chain of trust | 17:01:26 |
proletarius101 | Users have already blindly trusted fdroid as an entity, but do they need also to trust calyx? | 17:02:24 |
proletarius101 | If so, maybe that could be explicit | 17:02:36 |
proletarius101 | * If so, maybe that could be made explicit | 17:02:45 |
proletarius101 | (not saying calyx is not trustworthy. I trust it personally | 17:03:25 |
cde | yeah no I see what you're saying. | 17:03:34 |
cde | but the second server doesn't have to be calyx, it could be something fdroid gets some other way too. | 17:04:28 |
cde | this was more of an issue when there was constant virtualbox failures | 17:05:00 |
proletarius101 | In reply to @cdesai:matrix.org this was more of an issue when there was constant virtualbox failures Sure | 17:15:45 |
| Licaon_Kter left the room. | 17:39:23 |
| Licaon_Kter joined the room. | 19:49:46 |
| Licaon_Kter left the room. | 21:33:20 |
7 Aug 2021 |
proletarius101 | Not sure if it's expected, but
curl -I https://ftp.lysator.liu.se/pub/fdroid/repo/xyz.deepdaikon.xeonjia_8.apk
HTTP/1.1 200 OK
date: Sat, 07 Aug 2021 02:07:42 GMT
content-type: text/plain
content-length: 22840375
last-modified: Fri, 11 Jun 2021 05:46:14 GMT
etag: "60c2f8a6-15c8437"
accept-ranges: bytes
where content-type: text/plain won
| 02:12:34 |
proletarius101 | * Not sure if it's expected, but
curl -I https://ftp.lysator.liu.se/pub/fdroid/repo/xyz.deepdaikon.xeonjia_8.apk
HTTP/1.1 200 OK
date: Sat, 07 Aug 2021 02:07:42 GMT
content-type: text/plain
content-length: 22840375
last-modified: Fri, 11 Jun 2021 05:46:14 GMT
etag: "60c2f8a6-15c8437"
accept-ranges: bytes
where content-type: text/plain won't initiate a download
| 02:12:47 |
proletarius101 | *ftp.lysator.liu.se is our mirror origin | 02:13:51 |