boru has quit [Killed (NickServ (GHOST command used by boru`))]
boru` is now known as boru
w00tSpeaks_ has quit [Quit: Konversation terminated!]
w00tSpeaks has joined #openocd
<w00tSpeaks>
Hi. I noticed that the behavior of openocd when detaching doesn't continue the program before exiting like it is supposed to. Where is the best place to file a bug. I am not clear from the website.
<Hawk777>
Is that even a bug? I thought it left the target in its prior state on exit, intentionally (though maybe it not used to), but I thought it was also customizable with an event handler.
<w00tSpeaks>
Detaching is supposed to continue execution vs quit which doesn't change the exec state.
<w00tSpeaks>
From the help for detach: If a process, it is no longer traced, and it continues its execution.
<Hawk777>
Is that from the GDB help for the GDB detach command?
<w00tSpeaks>
yes. There are other docs that indicate the same.
<Hawk777>
Hmmm, one could argue that a device connected via OpenOCD is not “a process” and therefore exempt from that rule, but I don’t know.
<Hawk777>
Anyway, if you want to file a bug there’s a bug tracker link right on the front page of the website.
<Hawk777>
I’m not saying it’s supposed to behave either way; I honestly don’t know.
<w00tSpeaks>
Is there some place other than the gerrit to submit a patch? I see that it is not secured. I can't clone the repo from there of https or ssh.
<Hawk777>
That said, it looks like the behaviour was discussed here <openocd.zylin.com/5600/> and left as no-resume intentionally.
<urja>
I'm feeling like if you fix it now, you'll break someones workflow/expectations ... also i dunno it might be adapter/target specific too
<w00tSpeaks>
disconnect just disconnects without detaching
crabbedhaloablut has quit [Remote host closed the connection]
crabbedhaloablut has joined #openocd
<w00tSpeaks>
urja: I hear that. But I'm wondering if we could have a config if that is a concern.
<w00tSpeaks>
If patches are only taken via gerrit, how does one submit a patch securely?
<w00tSpeaks>
I also have a config for a new board that I'd like to contribute.
<Hawk777>
If you’re concerned about Gerrit’s security, I suppose you could sign your commits?
<Hawk777>
Though they will be rebased (and therefore de-signed) when added to master.
<Hawk777>
Which means if you really care a lot about security, you finding a secure way to send a patch to the OpenOCD maintainers will not really accomplish anything, given that an MITM between an OpenOCD maintainer and Gerrit (showing them something different than what will actually be committed) already provides a hole for malicious code to be added to the repo.
<Hawk777>
So you might as well just use Gerrit.
<w00tSpeaks>
I am concerned about doing anything over on a website without TLS.
<w00tSpeaks>
I guess I can just submit a patch in a ticket on sf, which I haven't used in years.
nerozero has joined #openocd
<w00tSpeaks>
Even sf.net uses Let's Encrypt certs.
<Hawk777>
You’ll probably just get asked to send it to Gerrit instead.
<Hawk777>
But I suppose you can try.
<PaulFertser>
w00tSpeaks: when you push to Gerrit you do it over ssh
<PaulFertser>
w00tSpeaks: what's not secure about it?
<PaulFertser>
w00tSpeaks: https for review is in the works but what does it really help? Your communication with Gerrit when sending or getting patches is going over an e2e ssh channel, so what the concern is?
<Hawk777>
I suppose if a reviewer reviews a patch over HTTP, they could approve it even though what they see is not what’s really in the patch.
<Hawk777>
But that doesn’t affect submitters, only reviewers.
sbach has quit [Read error: Connection reset by peer]
sbach has joined #openocd
<Hawk777>
Or they could just have their session stolen and used to approve malicious patches. But again, doesn’t affect submitters, only reviewers.
<PaulFertser>
Hawk777: right.
<PaulFertser>
But the mailing list will see the patch unaltered.
<Hawk777>
True… not that SMTP is much better.
Haohmaru has joined #openocd
<PaulFertser>
Hawk777: I do not think most mail providers accept mail unencrypted.
<Hawk777>
Most probably offer opportunistic encryption; however, my understanding was that most senders, knowing that not *all* recipients support encryption, still allow sending unencrypted if STARTTLS is not offered as a capability by the recipient. Also, I was under the impression that certificate validation for SMTP was not very good (if done at all), because the certificate offered was generally for the mailserver hostname, not the envel
<Hawk777>
domain name, further requiring MX validation via DNSSEC, which is also not deployed everywhere yet.
<Hawk777>
So, lots of holes, though things *can* be non-terrible.
<Hawk777>
Anyway, I personally don’t see it as a big deal for OpenOCD.
<PaulFertser>
There's also SPF
<boru>
So, why not just use PGP to sign the patches? Not sure what TLS delivers here, really. Surely all you want to know is that the patches came from who they say they came from.
<boru>
Then you can just send that plain text over TLS or unencrypted links alike.
<Hawk777>
Well, at that point you’re back to just doing signed git commits.
<Hawk777>
Which is reasonable, if the reviewer doesn’t rely on Gerrit.
<boru>
I have probably missed some context here, since I haven't read the entire scrollback, but that doesn't affect sending patches to the ML.
<boru>
That said, I don't really have much experience with gerrit, either.
<PaulFertser>
boru: the idea is that w00tSpeaks is hesitating sending his or her board support config and probably other patches to Gerrit because its web interface is plain http.
<boru>
Can gerrit eat PGP signed text? Or does it require raw git patches or something?
<boru>
The former being patch + appended signature.
<boru>
As in plaintext.
<boru>
On many, if not most, FOSS projects, you'll find the main contributors making use of PGP for this purpose. You can't control MTAs all the way to every client, so PGP will at least verify that the patches are coming from the person who posted them, regardless of the security of the link.
<boru>
TLS is nice, but I'm not sure what the problem is with people being able to see patches you're contributing to a FOSS project...
<PaulFertser>
boru: gerrit is accessed with git over ssh.
<Haohmaru>
boru hiding from $boss?
<boru>
Well, what's the problem with the web interface, then?
Hawk777 has quit [Quit: Leaving.]
<PaulFertser>
boru: I assumed there is supposed to be some MITM attack so that the patch is amended along the way, so what w00tSpeaks submits would be changed in nefarious ways. Or MITM on Gerrit maintainers to show them a "good" patch for some "bad" patch submitted on purpose so that the maintainers would be thinking they approve one content when in fact something else would be merged.
<boru>
I'm very well aware of the risks of not using TLS. What I am advocating is signing patches which essentially makes the problem moot.
<boru>
Which is why I asked if gerrit can accept signed patches.
<boru>
Signed patches, or just text, whatever, could be sent over HTTP.
<PaulFertser>
boru: what should the maintainers do with the signatures? And if someone connected over ssh to send a patch then the authentication phase is already performed, the person proved the posession of the corresponding private ssh key, right?
<PaulFertser>
boru: signed patches will make cherry-picking odd, right? The maintainers will have to assume the ownership and re-sign in this case?
<boru>
I just asked if gerrit's web interface can accept signed patches, or whatever this other user is trying to submit through the web interface.
<PaulFertser>
boru: the web interface doesn't accept patcehs at all
<boru>
How is this board configuration being submitted, then?
<PaulFertser>
boru: via ssh to gerrit server
<boru>
Further back you mentioned it was via a web interface over HTTP.
<boru>
So I'm confused, now.
<boru>
IIUC, the problem is not submitting patches, but reviewing them via HTTP?
<PaulFertser>
boru: patch review process happens over HTTP currently, yes. Patch submission is over ssh. w00tSpeaks complained about the HTTP part but in the context of patch submission.
<boru>
Okay, I understand now.
<PaulFertser>
So the w00tSpeaks point is confusing :)
<boru>
I read you wrong, sorry.
<PaulFertser>
But we took the opportunity to discuss all related issues and random thoughts.
<boru>
Then I would agree that TLS is probably sensible to deploy and serve over HTTPS only.
<boru>
Yeah, that would be useful if someone is submitting a patch on someone else's behalf.
<PaulFertser>
And I think normal GPG signatures in commits are also accepted, but the problem is when you press "Submit" Gerrit by default adds the review URL to the commit message so the signature won't be valid.
<boru>
That's a bit annoying.
<PaulFertser>
boru: would you prefer to annoy the contributors so that even if patch can be cleanly cherry-picked they would still need to resend on top of current master so that the signature would be valid. And that when you later look at git log you'd see no list of reviewers who approved it and no link to see the discussion?
<boru>
Well, seeing as you have a commit hash, that is your breadcrumb to go and find those things on your $git_web_thing to find the MR or equivalent with relevant discussion or review comments.
<boru>
I don't really see the utility of having that information in two places, personally.
<PaulFertser>
boru: the commit hash will change to incorporate reviewers S-o-b
<boru>
IME, signatures needn't be evaluated by your $git_web_thing either; I've worked on projects and in places where there were "trusted" mergemasters whose job would be to pgp verify and push to master. In which case, you can put whatever you want in the commit message.
<PaulFertser>
And what would be the verification in case of a project accepting public contributions?
<boru>
I think our requirements differ a bit, maybe. And as I said, I have practically no experience working with gerrit in anger.
<boru>
The verification would be people with commit access for master verify the patches.
<PaulFertser>
But it's not about Gerrit really, it's about a Git workflow. Gerrit is just a convenience tool on top of it.
<PaulFertser>
So I have commit access for master, what am I supposed to do with the signature from a random person?
<boru>
But you just said you want some sort of trail to the discussion and or reviews. Where do those live?
<boru>
You verify it to determine it came from them. What else would you do with it?
<PaulFertser>
boru: in case of Gerrit they live in its database. In case of patchwork, the patchwork instance.
<boru>
That is the point of what I am suggesting.
<boru>
Right, so therefore it _is_ about gerrit, in this case, and not just the workflow. Gerrit is an integral part of your workflow.
<PaulFertser>
boru: so some random person submits a patch, do I need to verify that the GPG key was signed by me or my direct peers or what?
<PaulFertser>
I think it'd work the same with Patchwork.
<boru>
Point being that $git_web_thing is part of you workflow. Better?
<PaulFertser>
It currently is, right.
<PaulFertser>
But I do not think it is the reason for GPG-signed commits to be useless for a project like OpenOCD.
<boru>
I am beginning to regret getting involved in this discussion. Feel free to disregard anthing I've suggested.
<boru>
I have a lot of work to do today.
* PaulFertser
too
<PaulFertser>
Thank you boru , please take no offense.
<boru>
Don't worry, I'm not offended. I just wasn't expecting a protracted discussion. It was merely a suggestion, but I misunderstood the problem at the beginning anyway.
<PaulFertser>
Sometimes discussions like that really help.
<boru>
Well, I am missing a lot of context about how you (and the other contributors) prefer to work, so that doesn't really help, either.
<boru>
It's something I will probably have to encounter again soon, since I have a bunch of things sitting in a fork which I'd like to push upstream at some point. Mostly riscv stuff.
<boru>
When I have the time™...
<PaulFertser>
Feel free to ask for details.
<PaulFertser>
You can also consider sending them to riscv fork, and probably Tim will eventually take care of submitting everything needed upstream.
<boru>
You pointed me to some documentation a while ago.
<boru>
I'd rather not -- the riscv fork is a bit of a mess.
<boru>
I had a look at some of their implementation for a particular device, and I thought it would be better just to write something from scratch...
<PaulFertser>
Oh, I wasn't aware.
<boru>
My fork is based off current upstream, and nothing has really changed other than support for a few devices. The existing JTAG implementation works fine with it, so a riscv fork seems very unnecessary to me anyway.
<PaulFertser>
Good to know. I'm ready to answer specific questions about the submission procedure. It should be reasonably painless.
<boru>
Once I get back to tidying up what I've got and making sure it's format compliant etc, I'll get back to you.
<PaulFertser>
Thank you!
* boru
nods.
Steffann has joined #openocd
Steffanx has quit [Read error: Connection reset by peer]
ildar[m] has quit [Quit: Bridge terminating on SIGTERM]
Ulli[m] has quit [Quit: Bridge terminating on SIGTERM]
Jybz[m] has quit [Quit: Bridge terminating on SIGTERM]
Helmholtz has quit [Quit: Bridge terminating on SIGTERM]
lh has quit [Quit: Bridge terminating on SIGTERM]
LinuxHackerman has quit [Quit: Bridge terminating on SIGTERM]
Jybz[m] has joined #openocd
Helmholtz has joined #openocd
LinuxHackerman has joined #openocd
lh has joined #openocd
Ulli[m] has joined #openocd
ildar[m] has joined #openocd
* karlp
regrets reading the scrollback.
<PaulFertser>
As if you waste less time reading ##stm32 scrollbacks.
<Haohmaru>
aww
<karlp>
stm32 stuff is normally more rational
<boru>
Okay, I'll bite. Which part do you think was irrational?
<PaulFertser>
It probably sounded like a typical discussion on a TV show, everybody talked about their own mildly related topic :)
<boru>
I think SASL is forced, which means you must identify before connecting to freenode.
<boru>
For "security".
<Haohmaru>
i heard that
<boru>
Ergo, you must be registered. Makes it a bit annoying if you want to report a bug or ask for help.
<Haohmaru>
annoying? who would even wanna use freenope?!
<boru>
GCC would be in the same boat if OFTC forced registration, since their development channel is there.
<Haohmaru>
i assume OFTC is run by.. sane humans
<Haohmaru>
altho i heard they do have some weird requirement
<Haohmaru>
don't tell me redi is still on freenope :/
<boru>
I doubt it.
<boru>
All of the binutils people have moved, I think.
<boru>
And most of the GCC people never moved from OFTC to begin with.
<Haohmaru>
yeah, sure.. the official channels have been there all the time
cp- has quit [Read error: Connection reset by peer]
emeb has joined #openocd
emeb has quit [Ping timeout: 248 seconds]
emeb has joined #openocd
Haohmaru has quit [Remote host closed the connection]
Guest70 has joined #openocd
emeb has left #openocd [#openocd]
tarekb has joined #openocd
nerozero has quit [Ping timeout: 268 seconds]
c4017w has joined #openocd
Guest70 has quit [Quit: Client closed]
PaulFertser has quit [*.net *.split]
rue_shop2 has quit [*.net *.split]
braunr has quit [*.net *.split]
Getty has quit [*.net *.split]
PaulFertser has joined #openocd
braunr has joined #openocd
<Fleck>
is that common thing, if I want to transfer (write) to SPI, and then read - I need to PULSE CS pin?
<Fleck>
w/o pulse it seems like the chip stays at write mode and never responds...
<Fleck>
MAX31865 in this case...
<Fleck>
or maybe I am trying to read too fast, hmm...
<Fleck>
*too soon
<Steffann>
If its mandatory it would be in the datasheet;)
<Fleck>
well, kinda, if you know it, then while reading datasheet, you may get a feeling thats the case :D did not find it clearly stated tho, thats why I asked, maybe it's by default so
rue_shop2 has joined #openocd
<urja>
how else would the chip know when the write ends...
<Fleck>
yeah, that kinda makes sense urja! :)
tarekb has quit [Read error: Connection reset by peer]