Hi Matt, Quoting Matt Taggart: > Package: riseup-vpn > Version: 0.21.11+ds1-5+b1 > Severity: grave > > When attempting to run the bookworm riseup-vpn package, it fails to > connect to riseup's servers and gives the following output: > > 2024/05/01 18:21:23 Error fetching eip v3 > json:https://api.black.riseup.net/3/config/eip-service.json > > My understanding is that this is due to the package failing to be able > to verify the current LetsEncrypt cert that host is using. More details at > > https://0xacab.org/leap/bitmask-vpn/-/issues/768 > > (supposedly the current upstream snap has this fixed, but I haven't > tried it) > > As this breaks what the package is supposed to do (at least when using > riseup as provider, maybe there is a way to point it elsewhere?) I think > this is grave. Also I think it might be a good candidate for being fixed > in a stable release update.
If I am not mistaken, as per the said, issue, it is fixed in the commit
referenced here, right?
https://0xacab.org/leap/bitmask-vpn/-/commit/14cf64b10a97c29688f252a7d9d3481c8484aa1d
I tried this in my testing system and it seems I am able to connect to the VPN
with this patch applied. Can you confirm?
Consequently, I also did some work to cherry-pick this and prepare a stable-p-u
upload (not yet uploaded, will do after confirmation) and pushed my changes
at[1]. I have also compiled the `.deb` for stable and it is ready to be
consumed[2]. Do you think you could ask someone to check the same?
Other than that, I also tried to update the package in unstable to the latest
version to fixup this properly. I was able to build it, pushed my changes
here[3] and the `.deb` is available here[4]. Again, if you/someone else could
try this, it'd be great. It is working for me on my debian/testing system.
I would have attemped the update much sooner but unfortunately an update with
0xacab's gitlab broke my d/watch file and I did not notice a new version is out
there sooner.
I was thinking to go ahead with an upload, but there are a few things that I
would like to clarify before I do so (btw thanks to the maintainers for
committing a patch to use with qt6.4):
1. Why is the default provider set to "provider = bitmask" in
providers/vendor.conf? This leads to building the binary called bitmask-vpn
instead of riseup-vpn. Is there a thought of changing the binary name?
In current stage it points to just dummy APIs and hence I overrode it in d/rules
to build riseup-vpn instead.
2. In the vendor/gitlab.com/yawning/obfs4.git/ package, there are 3 license.
BSD-2-Clause, BSD-3-Clause and also GPL-3 for
vendor/gitlab.com/yawning/obfs4.git/internal/x25519ell2/x25519ell2.go - so what
exactly is the exact license? Is it redistributable under all the three? (I
don't think so?)
[1]:
https://salsa.debian.org/go-team/packages/riseup-vpn/-/tree/debian/bookworm-pu?ref_type=heads
[2]: https://people.debian.org/~nilesh/riseup-vpn-stable/
[3]:
https://salsa.debian.org/go-team/packages/riseup-vpn/-/tree/debian/sid?ref_type=heads
[4]: https://people.debian.org/~nilesh/riseup-vpn-0.24.5/
Best,
Nilesh
signature.asc
Description: PGP signature
