On Sat, May 04, 2024 at 08:59:19PM +0530, Nilesh Patra wrote: > Hi Matt, > > Quoting Matt Taggart: > > Package: riseup-vpn > > Version: 0.21.11+ds1-5+b1 > > Severity: grave > > > > When attempting to run the bookworm riseup-vpn package, it fails to > > connect to riseup's servers and gives the following output: > > > > 2024/05/01 18:21:23 Error fetching eip v3 > > json:https://api.black.riseup.net/3/config/eip-service.json > > > > My understanding is that this is due to the package failing to be able > > to verify the current LetsEncrypt cert that host is using. More details at > > > > https://0xacab.org/leap/bitmask-vpn/-/issues/768 > > > > (supposedly the current upstream snap has this fixed, but I haven't > > tried it) > > > > As this breaks what the package is supposed to do (at least when using > > riseup as provider, maybe there is a way to point it elsewhere?) I think > > this is grave. Also I think it might be a good candidate for being fixed > > in a stable release update. > > If I am not mistaken, as per the said, issue, it is fixed in the commit > referenced here, right? > > > https://0xacab.org/leap/bitmask-vpn/-/commit/14cf64b10a97c29688f252a7d9d3481c8484aa1d > > I tried this in my testing system and it seems I am able to connect to the VPN > with this patch applied. Can you confirm?
I tried with this commit using my stable `.deb` in a fresh stable VM and it seems things are working. > Consequently, I also did some work to cherry-pick this and prepare a > stable-p-u > upload (not yet uploaded, will do after confirmation) and pushed my changes > at[1]. I have also compiled the `.deb` for stable and it is ready to be > consumed[2]. Do you think you could ask someone to check the same? > > Other than that, I also tried to update the package in unstable to the latest > version to fixup this properly. I was able to build it, pushed my changes > here[3] and the `.deb` is available here[4]. Again, if you/someone else could > try this, it'd be great. It is working for me on my debian/testing system. I asked a friend to check on their testing system and it seems to be working as well. I will proceed to upload these in a week or so. Until then I am awaiting your response. > I would have attemped the update much sooner but unfortunately an update with > 0xacab's gitlab broke my d/watch file and I did not notice a new version is > out > there sooner. > > I was thinking to go ahead with an upload, but there are a few things that I > would like to clarify before I do so (btw thanks to the maintainers for > committing a patch to use with qt6.4): > > 1. Why is the default provider set to "provider = bitmask" in > providers/vendor.conf? This leads to building the binary called bitmask-vpn > instead of riseup-vpn. Is there a thought of changing the binary name? > > In current stage it points to just dummy APIs and hence I overrode it in > d/rules > to build riseup-vpn instead. > > 2. In the vendor/gitlab.com/yawning/obfs4.git/ package, there are 3 license. > BSD-2-Clause, BSD-3-Clause and also GPL-3 for > vendor/gitlab.com/yawning/obfs4.git/internal/x25519ell2/x25519ell2.go - so > what > exactly is the exact license? Is it redistributable under all the three? (I > don't think so?) > > [1]: > https://salsa.debian.org/go-team/packages/riseup-vpn/-/tree/debian/bookworm-pu?ref_type=heads > [2]: https://people.debian.org/~nilesh/riseup-vpn-stable/ > [3]: > https://salsa.debian.org/go-team/packages/riseup-vpn/-/tree/debian/sid?ref_type=heads > [4]: https://people.debian.org/~nilesh/riseup-vpn-0.24.5/ > > Best, > Nilesh Best, Nilesh
signature.asc
Description: PGP signature