NishanthMenon changed the topic of #openocd to: this is the place to discuss all things OpenOCD | Logs: https://libera.irclog.whitequark.org/openocd/
emeb has quit [Ping timeout: 250 seconds]
emeb has joined #openocd
boru` has joined #openocd
boru has quit [Killed (NickServ (GHOST command used by boru`))]
boru` is now known as boru
emeb has quit [Quit: Leaving.]
c4017__ has quit [Quit: Leaving]
c4017 has joined #openocd
<PaulFertser> Any takers to test authentication on https://review.openocd.org ? Both Google and Github are supposed to work and land you in your account.
<PaulFertser> Need to make sure that works, then can start real migration.
sbach has quit [Read error: Connection reset by peer]
sbach has joined #openocd
<PaulFertser> ok, stopping all instances for real migration now.
<PaulFertser> New instance will all current data running.
<PaulFertser> Both google and github login should work.
<w00tSpeaks_> google works
<w00tSpeaks_> And it looks like TLS is working now.
<PaulFertser> w00tSpeaks_: yes, but TLS is not important for Gerrit as we already discussed. You always push changes over SSH, Gerrit is just a web-interface to view them.
<borneoa_> PaulFertser: looks ok. Google, TLS and also redirect from old openocd.zylin.com
<w00tSpeaks_> If ssh had worked for me, that I'd agree. However, the last time I tried, it didn't.
<w00tSpeaks_> Anyway. It looks nice.
<w00tSpeaks_> Is it an upgrade?
<w00tSpeaks_> I'm curious. Do you think I don't know what gerrit is?
<borneoa_> PaulFertser: I will check again later from a PC. On the small screen of the smartphone is hard to judge layout and all the features
<PaulFertser> w00tSpeaks_: it can't be not working otherwise you wouldn't be able to upload any patches.
<PaulFertser> borneoa_: awesome, thanks.
<w00tSpeaks_> https://review.openocd.org/admin/repos/openocd <-- where's the ssh clone option?
<w00tSpeaks_> I only see http and anonymous http
<PaulFertser> w00tSpeaks_: I was talking about uploading changes, you can clone from any mirror, official tree is at SF.net or you can clone from github or repo.or.cz . Gerrit is not supposed to be used for hosting this way but you can actually clone from <yourgerritlogin>@review.openocd.org:29418/openocd.git if you wish
<w00tSpeaks_> my google and github logins are apparently different
<w00tSpeaks_> I guess it doesn't know to use the same account since I they both have the same email address?
<w00tSpeaks_> And now i can't add my email to my account when using github login because the account from my google login has my email address associated with it.
<w00tSpeaks_> The bad one has user id 1001913
<w00tSpeaks_> Can I delete it somehow?
<PaulFertser> w00tSpeaks_: huh, I've mentioned in HACKING that you're supposed to link another identity rather than just try logging in.
<PaulFertser> (the link button is currently hidden unfortunately due to a bug but it's easy to workaround and I'll send a fix upstream too)
<PaulFertser> And once you created duplicated accounts you can't merge then on your own, only delete one of them.
<w00tSpeaks_> Can I delete it, or do you have to ?
<PaulFertser> I'm afraid I have to.
<w00tSpeaks_> Can you delete 1001913?
<PaulFertser> w00tSpeaks_: please stay on channel, I'll soon learn how to do that and delete your 1001913 and explain how to link identities properly.
<w00tSpeaks_> thx
<PaulFertser> The trick is to log in with any of your existing identities, then to change url to https://review.openocd.org/login/?link and you'll see a login page again but this time it'll properly link another account.
Steffann has joined #openocd
Steffanx has quit [Ping timeout: 240 seconds]
<PaulFertser> w00tSpeaks_: and which is your good account?
<w00tSpeaks_> looking
<w00tSpeaks_> 1001909 <-- this is the one I want to keep
<w00tSpeaks_> username "wt"
<w00tSpeaks_> FWIW, I just tried to link and was greeted with "Forbidden"
<PaulFertser> Yes, because that other account already exists.
<PaulFertser> w00tSpeaks_: manually merged your google oauth info to 1001909
<w00tSpeaks_> thanks
<PaulFertser> Please check
<w00tSpeaks_> doing it now
<w00tSpeaks_> okay
<w00tSpeaks_> so the good news is they are linked
<w00tSpeaks_> I thought I wasn't able to add my email, but I clicked the old verification email link.
<w00tSpeaks_> That seems to have worked.
<PaulFertser> Cool
<w00tSpeaks_> Do you have the ssh fingerprint of the ssh server posted anywhere?
<w00tSpeaks_> So I can verify it?
<w00tSpeaks_> It was in the old UI where I added my ssh key, but I don't see it in this one.
w00tSpeaks_ is now known as w00tSpeaks
w00tSpeaks is now known as w00tSpeaks_
w00tSpeaks_ has quit [Remote host closed the connection]
<borneoa_> PaulFertser: the patch you have just merged will not be taken by the ntfreak GitHub because it changes the GitHub workflow. Tarek or ntfreak have to push it manually. The other repo not on GitHub should be in sync
<borneoa_> PaulFertser: repo.or.cz is ok
<PaulFertser> borneoa_: that's what I'm checking atm, probably github is not accepting it due to some other key related issues too
<PaulFertser> WARN org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication : Public key authentication requested signature type rsa-sha2-512 but got back ssh-rsa from github.com/140.82.121.4:22
<borneoa_> PaulFertser: it's an old problem with GitHub workflow. Automatic sync are refused and repo owner has to push them manually. So far no solutions. Tarek got admin permission from ntfreak. We have to wait ...
<borneoa_> PaulFertser: that's maybe a new issue
<PaulFertser> borneoa_: hm, indeed it pushed to github, just the change is not accepted apparently.
<PaulFertser> borneoa_: I got admin permissions too there, just not sure what to press :)
<borneoa_> PaulFertser: no idea either. Let me check if I can contact Tarek.
<PaulFertser> borneoa_: https://github.com/openocd-org/openocd/actions it was pushed and running building
<PaulFertser> I didn't do anything
<borneoa_> PaulFertser: yes, looks ok
<PaulFertser> borneoa_: stopping gerrit to update replication config
<PaulFertser> Starting
<borneoa_> PaulFertser: I will not run any action. I let you complete your work.
<borneoa_> PaulFertser: if you need, feel free merging some more patch from my list
<PaulFertser> borneoa_: I've already started it, please feel free to continue testing.
<borneoa_> PaulFertser: agree with w00tSpeaks_, the ssh fingerprint should be available on the web interface. I had to accept it without the possibility to verify it
<PaulFertser> borneoa_: do you feel like filing a ticket with them? :)
<PaulFertser> The reason it was shown before and not now is that a completely new UI is used, called PolyGerrit and it was GWT or something before.
<borneoa_> PaulFertser: ticket for openocd or for gerrit project at Google?
<PaulFertser> borneoa_: for gerrit of course
<borneoa_> PaulFertser: I will try
<PaulFertser> borneoa_: I will send them a patch to fix the lack of "link identity" button. Another issue we found.
nerozero has joined #openocd
<PaulFertser> Anyone spots any other issues?
<borneoa_> PaulFertser: the ticket is still open. The lib they propose to replace has already been replaced. Don't understand...
<borneoa_> PaulFertser: all the old commits in git report the gerrit link under Reviewed-on: with openocd.zylin.com. Do you plan to keep the DNS name active?
<PaulFertser> borneoa_: I do not see why not
<PaulFertser> Unless zylin.com goes out of business altogether but that's unlikely.
<PaulFertser> And in that case we can just get that domain :)
<borneoa_> PaulFertser: ok, good
<borneoa_> PaulFertser: I try to merge one patch. Or do you prefer I wait?
<PaulFertser> borneoa_: the ticket means that they're using one library to parse the host keys to show the fingerprints and another to actually work with ssh.
<PaulFertser> borneoa_: please merge
<PaulFertser> So it's not about all keys, just ed25519 keys.
<borneoa_> PaulFertser: yes. But not clear if other keys are displayed under polygerrit
<PaulFertser> The ticket implies they're.
<PaulFertser> Let me try to find where it's supposed to be visible...
<borneoa_> PaulFertser: merge successful. Now gerrit can merge a whole series in one shot. To be tested...
<borneoa_> PaulFertser: eventually you could hardcode the current ssh fingerprint, until it get fixed upstream
<PaulFertser> borneoa_: hardcoding anything in dynamic pages that gerrit shows is problematic.
<PaulFertser> Probably just list all fingerprints on the sign in pagee in the footer, idk.
<borneoa_> PaulFertser: checked on another gerrit installation 2.16.7 with RSA key and it doesn't show the key too! Maybe the feature is missing in polygerrit or has to be configured. Can you add the key in openocd webpage?
<PaulFertser> borneoa_: looks like it's completely missing in polygerrit, yes, so a separate bugreport should better be created. I'll add the keys somewhere, either to Sign In page or to the "blog".
<PaulFertser> I was grepping through polygerrit but failed to see anything related to host keys.
<PaulFertser> Sent https://gerrit-review.googlesource.com/c/gerrit/+/315964 , no idea if it's even sane, Typescript is not something I know :) But usually even semi-sensible patches get more attention than bug reports.
<PaulFertser> borneoa_: btw, had to use some CI build for google oauth, something you need to remember if you admin another gerrit instance :/
<PaulFertser> OK to restart now?
<PaulFertser> borneoa_: visible in the sign in page now, do you think that's good enough?
<PaulFertser> The font for the ascii sig is wrong even though it's <pre> wtf
<borneoa_> PaulFertser: it's ok to keep it in that page. The font get huge at the icon beside launchpad ID, then returns normal at the first fingerprint
<PaulFertser> Probably it's my chromium doing wrong with "font-family: monospace"?
<PaulFertser> borneoa_: for me the problem is that the ascii thing is not shown right because the font is not fixed-width. But probably it's a client side issue.
<borneoa_> Firefox and chrome on Linux look ok. Is chrome on smartphone that show the huge font
<PaulFertser> I guess it's all right then.
<PaulFertser> borneoa_: so do you see any issues with the system currently?
<borneoa_> PaulFertser: nothing bad so far. I already mentioned the missing tab of conflicts, but no rush to enable it
<PaulFertser> if (changeIsOpen(change) && this.mergeable) {
<PaulFertser> Easy to patch out but running self-build gerrit for that, hm, not sure.
<PaulFertser> Probably can be done with some "simple" plugin.
<borneoa_> Apparently it is already available. https://gerrit-review.googlesource.com/Documentation/user-review-ui.html#related-changes has "Conflicts With:". But cannot find a patch in gerrit showing it.. still looking
<PaulFertser> borneoa_: it's available when the current change is "mergeable".
<PaulFertser> borneoa_: but since we mostly cherry-pick it almost never is.
<borneoa_> I see it in the code. No idea how plugins work in gerrit.
<PaulFertser> borneoa_: it's typescript that's translated to javascript and works in the web browser.
<borneoa_> I was wrong about merging the whole series in one shot. I have to merge one by one, probably because of the merge strategy. But that's ok, I will not get sick by clicking few times more, I can check carefully what I do
tarekb has joined #openocd
<PaulFertser> Hey tarek
<PaulFertser> Got any bad news?
<Steffann> Want bad news?
<PaulFertser> Steffann: not really but if there're any I'll have to deal with it anyway
<tarekb> Hey PaulFertser: nah everythink is green :D
<tarekb> I love the new gerrit and UI
<tarekb> github is synced gracefully this time, or maybe some one synced it ?
<PaulFertser> tarekb: awesome, glad to hear that, it was surprisingly busy week for me preparing for all this
<PaulFertser> Not sure why it's taking so much effort but at least for me it's like plenty of real work :)
<PaulFertser> Happy to finally be doing something for OpenOCD again :)
<tarekb> I know, migration is a box of surprises
<PaulFertser> tarekb: I didn't push anything manually, no.
<tarekb> where you have to learn new stuff that changed meanwhile
<PaulFertser> tarekb: but I did approve the key as something belonging to a trusted application. Can forward you an e-mail I got from github, want it?
<PaulFertser> tarekb: and plenty of stuff changed indeed, and the previous system was all configured by Spencer.
<tarekb> yes Spencer did a good job, and you as well ! thanks for this transparent migration !!
<PaulFertser> tarekb: in the morning I added new server to google oauth but it didn't allow me to keep the old http://openocd.zylin.com url (insisting on https) so we didn't have a clean backtrack option after that :)
<PaulFertser> (guess if really needed I'd install LE on the old server too and that would allow google to reuse the accounts with older system etc)
<tarekb> in fact I love the redirect to review.openocd.org
<tarekb> specially after we removed zylin support, hahah
<PaulFertser> tarekb: we have two known issues atm: linking identities possible only if you know the "magic URL"; conflicting changes need to be viewed manually.
<PaulFertser> tarekb: we would have performed it earlier but back then google didn't really allow changing domain for oauth without all the accounts getting invalid. Luckily it's not the case anymore.
<tarekb> linking identities is not an issue, the conflicst are aimportant
<PaulFertser> We also got some new options with OAuth now: gitlab, phabricator etc.
<tarekb> awesome
<PaulFertser> tarekb: regarding the conflicts, it's hardcoded in TS code. I think one can write a plugin to fix it or we can run a self-assembled Gerrit version :/
<tarekb> for the conflicst do we need a plugin for that ?
<PaulFertser> tarekb: the problem is that current UI doesn't show conflicts unless the current change is "mergeable" on its own, and it rarely is since we have cherry-pick strategy.
<tarekb> ah, TypeScript, I have followed a full week of training of that shit
<tarekb> maybe I can help
<PaulFertser> tarekb: but one can always manually view conflicting changes by searching for "conflicts:<change>"
<tarekb> seems a good solution for the moment
<tarekb> now we have a new fresh UI, we need to continue contributing to the project, I have been so happy for the project since the 0.11.0
<tarekb> after 0.12.0 I will even more happier & motivated to contribute ;)
<tarekb> now besides the topic, there is the new hashtags feature, I love it
<PaulFertser> tarekb: regarding the plugin, the docs are here: https://gerrit-review.googlesource.com/Documentation/pg-plugin-dev.html and the problematic condition in Gerrit sources is in polygerrit-ui/app/elements/change/gr-related-changes-list/gr-related-changes-list.ts "if (changeIsOpen(change) && this.mergeable) {" . If this same code can be run from a plugin, we can regain the functionality I guess.
tarekb has quit [Read error: Connection reset by peer]
Hawk777 has joined #openocd
nerozero has quit [Ping timeout: 240 seconds]
<zapb_> PaulFertser, httpS for Gerrit, nice! :D
<PaulFertser> zapb_: not only that :)
<zapb_> PaulFertser, any chance we get httpS for the website too? :)
<PaulFertser> zapb_: I'm still undecided about where to host the website, on the same build server or on SF.net, but https with both is possible.
<zapb_> +1 for *not* SF.net :D
<PaulFertser> zapb_: I guess you might like a full-screen text interface to Gerrit which support working while not connected to the internet and then automatically syncing?
<zapb_> PaulFertser, working on Reviews in Gerrit you mean?
<PaulFertser> zapb_: yes
<zapb_> PaulFertser, yes, sounds like a nice feature :) How does it work?
<PaulFertser> zapb_: using HTTP API and the interface reminds me of some DOS programs. Basically, "apt install gertty", take this config https://paste.debian.net/1208605/ , add your username and http password there and start "gertty". And press F1 for help :)
<PaulFertser> It seems to be nicely integrated with python3 virtualenv too, and it's easy to try it right from their git: https://opendev.org/ttygroup/gertty#repo-readme
<PaulFertser> zapb_: regarding SF.net website, what's bad about hosting the blog there? They seem to have many servers so we can spare the load, and since we own the domain and the blog is just static HTML we can migrate anywhere at any time.
<zapb_> PaulFertser, no good reason, I just don't like SF.net :D
<PaulFertser> zapb_: btw, since tomorrow morning where I needed to add https uri for new gerrit instance to google oauth there was no way back, google used to allow but not anymore http:// uris for oauth apps.
<PaulFertser> today's morning I mean
<PaulFertser> zapb_: also, I made replies to _comments_ via e-mail work
<zapb_> Yes, they also rank websites without https down :)
<zapb_> PaulFertser, oh nice :)
<zapb_> I already noticed that the Gerrit mails look a bit different now
<PaulFertser> zapb_: I'm writing an announce mail soon.
<PaulFertser> Well, we jumped from 2.13.6 to 3.4.0
<PaulFertser> And that's completely new UI which has some downsides unfortunately.
<Hawk777> Looks like I now have three “identities” all for the same e-mail address, presumably due to various OAuth changes over Gerrit’s history. Any way to know which is which and tidy up the old cruft?
<Hawk777> Or is that a bad idea, and I should leave all of them?
<Hawk777> I’ve got one that’s just a number, one that’s the same number with “google-oauth:” prefixed, and one that starts with “https://www.google.com/accounts/o8/id”.
<zapb_> PaulFertser, anyway, thanks a lot for the upgrade!
<PaulFertser> Hawk777: you only need the prefixed one. Bare number was "migrated" to the prefixed first time you logged in today. And the last one is I guess OpenID which google discontinued :(
<PaulFertser> zapb_: please share your thoughts about gertty when you feel like that
<zapb_> PaulFertser, yep!
<Hawk777> OK, thanks for clarifying!
<Hawk777> Hm, is there a way I can self-serve add a second OAuth account to my existing Gerrit account? I didn’t see anything in preferences for merging two accounts or adding a new identity, only a button to delete existing identities.
<PaulFertser> Hawk777: self-serving OAuth unlikely (each provider requires dedicated support in plugin!) but you can self-serve OpenID (as I do), interested?
<Hawk777> It’s a second Google account.
<PaulFertser> Hawk777: merging accounts possible only manually by me
<Hawk777> OK, should I /query you here to request that?
<PaulFertser> Hawk777: linking accounts possible by you, but you must be registered with only one before trying to link. The button is absent but you should just use https://review.openocd.org/login/?link URL after logging in with existing account.
<Hawk777> It looks like I already had two Gerrit accounts, actualy.
<Hawk777> So merging would be needed.
<PaulFertser> Hawk777: hm, I can merge identity from account you do not need to the account that you need. The one you do not need will just stale, is that ok?
<Hawk777> Yes, that would be perfect.
<Hawk777> One of the accounts doesn’t have anything in it.
<PaulFertser> Hawk777: please tell me your _correct_ account id and the one that has just the needed external id and not needed.
<Hawk777> In here is fine? The ID isn’t private information?
<PaulFertser> is already assigned to account 1001381; cannot create external ID ... with the same email for account 1000716.
<PaulFertser> ID not private, no.
<PaulFertser> So which one is not needed?
<Hawk777> OK, the ID of the account I want to keep using is 1000716; the ID of the account I want to stop using and merge into it is 1001381.
<PaulFertser> Need to restart gerrit for offline account reindexing
<PaulFertser> Hawk777: please try it now
<Hawk777> Looks like that worked, with the weird exception that it took the Full Name field from 1001381 while taking everything else from 1000716. Easily corrected in the control panel, of course. Thanks!
<PaulFertser> Hawk777: :)
<PaulFertser> Hawk777: I was just writing an e-mail asking not to login and instead link identities :)
<Hawk777> Ah, I don’t think that would have helped me as it looks like 1001381 already existed before today.
<Hawk777> At least, it had the old-format OAuth ID number.
<PaulFertser> Hawk777: right
<PaulFertser> Hawk777: I've put a note about that in HACKING long time before though ;)
<PaulFertser> borneoa_: of course if you find some interesting setting in gerrit docs that we should enable, I'm open to ideas :)
<borneoa_> PaulFertser: sure, I will ping you. Thanks for the gerrit update. It works fine. I just need to get used at the new UI.
<borneoa_> PaulFertser: yes, gertty is the tool I tried to use several years ago and then I dropped it. I will give it a second chance.
<PaulFertser> borneoa_: I just viewed a diff with it, and left a useless comment for Tarek. Seems to be a nice tool, even though I'm not used to all F-keys and cursor movement etc anymore, feels as if I'm running TurboVision Borland C++ again :)
w00tSpeaks has joined #openocd
<w00tSpeaks> hi. I'm trying to clone over ssh. I get the following:
<w00tSpeaks> Cloning into 'openocd'...
<w00tSpeaks> wt@review.openocd.org: Permission denied (publickey).
<w00tSpeaks> fatal: Could not read from remote repository.
<w00tSpeaks> Please make sure you have the correct access rights
<w00tSpeaks> and the repository exists.
<w00tSpeaks> I just deleted and readded my ssh pub key in my user.
<w00tSpeaks> I am able to use it for other services like github.
<w00tSpeaks> Is there any chance my other user had this key and that is messing something up?
<PaulFertser> w00tSpeaks: hm, haven't heard about it before
<PaulFertser> w00tSpeaks: hm, you're not specifying the port, that's why
<w00tSpeaks> FTR, I used this command to try to clone: git clone "ssh://wt@review.openocd.org:29418/openocd" && scp -p -P 29418 wt@review.openocd.org:hooks/commit-msg "openocd/.git/hooks/"
<w00tSpeaks> I was able to verify the fingerprint of the host key.
<w00tSpeaks> I found the key fingerprints on the login page.
<PaulFertser> w00tSpeaks: that should work with the port, yes, I just tried it, clones fine.
<PaulFertser> w00tSpeaks: I added it to the login page footer after you reported :)
<w00tSpeaks> I wish it were somewhere more relevant, but that is a good place if no other. Thanks for adding it.
<w00tSpeaks> Does the other user I had still exist in the DB?
<w00tSpeaks> I did add my ssh key to that user. Is it possible that the ssh key is listed for that user as well?
<w00tSpeaks> need to restart, brb
w00tSpeaks has quit [Remote host closed the connection]
<Fleck> PaulFertser: help, I can't upload to board w/o holding reset (STM32h743VIT6), and after upload I need to reset again :D
<PaulFertser> Fleck: connect physical reset line and use -c "reset_config srst_only connect_assert_srst"
<Fleck> Hmmm, why? Stm32cube programmer works and uploads just fine like this :/
<PaulFertser> Fleck: without reset line connected to programmer?
<Fleck> yeah just with SDIO and SDCLK
<PaulFertser> Fleck: how do you upload with OpenOCD, what commands exactly?
<Fleck> sec
<Fleck> openocd -f $(OPENOCD_CFG) -c "program $(BUILDDIR)/$(TARGET).elf verify reset exit"
<PaulFertser> Fleck: looks good. And what happens without reset?
<PaulFertser> Fleck: and what's in config?
w00tSpeaks has joined #openocd
<w00tSpeaks> I'm back
<Fleck> source [find interface/stlink-v2.cfg]
<Fleck> source [find target/stm32h7x.cfg]
<PaulFertser> w00tSpeaks: so I tried disabling your other account, it has the same ssh key indeed, and I guess that might be problematic.
<PaulFertser> w00tSpeaks: can you retry please?
<w00tSpeaks> yes
<PaulFertser> Fleck: please show -d3 log then.
<w00tSpeaks> ➜ openocd git clone "ssh://wt@review.openocd.org:29418/openocd" && scp -p -P 29418 wt@review.openocd.org:hooks/commit-msg "openocd/.git/hooks/"
<w00tSpeaks> Cloning into 'openocd'...
<w00tSpeaks> wt@review.openocd.org: Permission denied (publickey).
<w00tSpeaks> fatal: Could not read from remote repository.
<w00tSpeaks> Please make sure you have the correct access rights
<w00tSpeaks> and the repository exists.
<w00tSpeaks> can you remove the key from the other account?
<PaulFertser> w00tSpeaks: I can tomorrow
<PaulFertser> Fleck: where's line 80 from?
<PaulFertser> w00tSpeaks: too tired now, afraid to break something
<PaulFertser> Fleck: did you change the target config, why?
<Fleck> no I did not change anything...
<PaulFertser> Fleck: srst_only means you tell OpenOCD reset line is physically present and connected.
<Fleck> how do I tell otherwise? :D
<PaulFertser> I see, it's in upstream config, wow, odd
<Fleck> :D
<PaulFertser> Fleck: add -c "reset_config none"
<Fleck> ok sec
<w00tSpeaks> PaulFertser: coolio
<w00tSpeaks> Thanks.
<Fleck> thank you, thank you, thank you PaulFertser - perfect! :)
<w00tSpeaks> PaulFertser: where are you located?
<w00tSpeaks> I'm in USA/California.
<PaulFertser> w00tSpeaks: russia
<w00tSpeaks> Neat.
<PaulFertser> Ahem, I'm not so sure
<w00tSpeaks> Fair.
<Fleck> ;D
<Fleck> spasibo PaulFertser!!!
<PaulFertser> Fleck: welcome :) Do you feel like reporting a bug? I think there're very high chances the config is going to be fixed if you do. srst_only in target config is absolutely nuts unless the target really can't work with hardware reset line.
<Fleck> I guess I should, this would help others like me :D
<w00tSpeaks> PaulFertser: Thx for all your help so far.
<PaulFertser> w00tSpeaks: I'm glad to be of help to such a nice project and community :)
<PaulFertser> w00tSpeaks: I just found a safe way to delete ssh key from 1001913, can you retry please?
<karlp> yeah, a reset config in the f7 target sounds like dangling refactorings going wrong :|
<w00tSpeaks> yes
<w00tSpeaks> same
<PaulFertser> karlp: no, I think it was deliberate and nobody noticed since 2017.
<PaulFertser> w00tSpeaks: do you use key in default location ~/.ssh/id_rsa.pub or a custom one?
<Fleck> what should I choose under Owner PaulFertser?
<w00tSpeaks> yes
<w00tSpeaks> I just generated a new key.
<w00tSpeaks> let me try it
<PaulFertser> w00tSpeaks: I guess I know why, probably your wt name is not unique enough, checking
<karlp> PaulFertser: well, I agree it's a bug to have it in the target config :)
<PaulFertser> Hm, no, false lead.
<w00tSpeaks> that did not work
<PaulFertser> w00tSpeaks: for testing you can just use "ssh" and it has -i and -vv options to help cross-checking everything.
<w00tSpeaks> I've used wt on other gerrits without an issue.
<PaulFertser> I just thought it might be some other openocd gerrit user had claimed the name and gerrit failed to notice and allowed you.
<w00tSpeaks> It doesn't like the sig algorithm
<Fleck> OK I created ticked, dunno if I did everything right, hope they understand :D
<w00tSpeaks> ebug3: authmethod_lookup publickey
<w00tSpeaks> debug3: remaining preferred: keyboard-interactive,password
<w00tSpeaks> debug3: authmethod_is_enabled publickey
<w00tSpeaks> debug1: Next authentication method: publickey
<w00tSpeaks> debug1: Offering public key: /home/wt/.ssh/id_rsa RSA SHA256:LBbmjdek87TRjXUHDIaRr1yTww2VWO5TVv+ZgVCsXoI
<w00tSpeaks> debug1: send_pubkey_test: no mutual signature algorithm
<w00tSpeaks> Is there a limit on what types of ssh keys are allowed?
<PaulFertser> w00tSpeaks: oh, that would explain it. Why are you not using ed25519 btw?
<w00tSpeaks> I used the default.
<w00tSpeaks> is ed25519 better?
<PaulFertser> Better, shorter keys, high security.
<w00tSpeaks> ok, sure, I can do that
<PaulFertser> Regarding signature algorithms, I can't tell atm, it's internal gerrit java ssh implementation or something like that.
<w00tSpeaks> do I want the sk one?
<w00tSpeaks> or the non sk one?
<PaulFertser> w00tSpeaks: non sk I guess
<w00tSpeaks> what is the sk one?
<PaulFertser> tbh, no idea
<w00tSpeaks> oh, it has something to do with fido
<Fleck> karlp: and not f7, but h7, dunno, maybe f7 also has such problems
<Fleck> but afaik no...
<PaulFertser> Fleck: thanks for reporting
<Fleck> thanks for helping out! You as usually - super helpful!
<w00tSpeaks> Is there any way to make gerrit complain when the key is not usable?
<w00tSpeaks> The UI said it was a valid key
<PaulFertser> Fleck: good luck figuring out your hardfaults
<PaulFertser> w00tSpeaks: https://phabricator.wikimedia.org/T276486 found
<Fleck> PaulFertser: thanks, have to wait few days until it hardfaults :/
<PaulFertser> w00tSpeaks: it's _your client_ apparently who refuses to use rsa sha1
<Fleck> I suspect stm32duino core :D
<w00tSpeaks> clone totally works now
<w00tSpeaks> I was using sha256
<w00tSpeaks> not sha1
<w00tSpeaks> sha1 has been deprecated afaik
<PaulFertser> w00tSpeaks: yes, and gerrit asked you to use sha1 for signature, and your client could do that even with this key.
<PaulFertser> Running ssh with -v was fruitful, with that https://phabricator.wikimedia.org/T276486 was easy to find and it answers all the questions.
<w00tSpeaks> It just not helpful that gerrit UI told me the key was valid.
<PaulFertser> w00tSpeaks: you could have cloned from plain https://review.openocd.org/openocd.git without any auth :)
<w00tSpeaks> seems to work now. Thx for the help.
<PaulFertser> w00tSpeaks: the key _is_ valid
<w00tSpeaks> I know it's a valid ssh key
<PaulFertser> w00tSpeaks: and it can be used if your ssh is reconfigured a bit
<w00tSpeaks> but it isn't valid for your gerrit server
<PaulFertser> I mean this very key with this same gerrit and your same ssh client can be used.
<w00tSpeaks> So, I have to allow a deprecated algorithm?
<PaulFertser> w00tSpeaks: it's your client setting that makes the connection impossible, not the key
<PaulFertser> I do not think gerrit can tell you've the deprecated algorithm disabled by inspecting your key.
<w00tSpeaks> I do find it weird that gerrit didn't support the sha256 sig
<w00tSpeaks> Does it just use the ssh daemon on the server?
<PaulFertser> w00tSpeaks: no, that's the point, it use a separate java implementation.
<w00tSpeaks> right
<w00tSpeaks> Okay. I guess they really waited to support the new alg. I had been using that key for a few years.
<Fleck> karlp, PaulFertser btw strange, if I compile this function ( https://p.rullz.lv/bixelufibi.cpp ) and call it from main() with gcc/hal (w/o stm32duino), I get awesome bt in gdb: https://p.rullz.lv/zecukiwaze.coffeescript, but with stm32duino I get in random IRQ handlers... sometimes WWDG sometimes others... and no stack info
<PaulFertser> w00tSpeaks: and that very key can still work if you just enable insecure signature algorithm.
<w00tSpeaks> I see
<Fleck> ahh no, I get good backtrace if I use different GDB, what is going on??
<Fleck> or no, maybe this was because of that srst thing??
<Steffann> If wwdg shows up is probably because you have no fault handler and it calls the default handler.
<Fleck> yep I end up in WWDG_IRQHandler
<Steffann> Yeah thats the symbol your default handler ends up with (or whatever the specific reason was)
<Fleck> now the question is, why stm32duino doesn't have Default_Handler :D
<Fleck> https://p.rullz.lv/ujeyovarap.cpp << says I already have Default_Handler :D
<Fleck> so confusing all this
<Fleck> OK, bedtime, thanks karlp, PaulFertser, Steffann for your help/time! :)
<borneoa_> PaulFertser: I pushed a patch series in gerrit. All the patches triggered a warning from server that "subject>50 characters". Not a blocker but annoying.
<borneoa_> PaulFertser: plus I have not received email alert about the new patches in gerrit. I'm only receiving the build results from Jenkins. Checked again my user's config and I have all the notifications enabled. Let's see tomorrow