On Sun, May 05, 2024 at 09:47:40PM +0530, Nilesh Patra wrote: > On Sat, May 04, 2024 at 08:59:19PM +0530, Nilesh Patra wrote: > > Hi Matt, > > > > Quoting Matt Taggart: > > > Package: riseup-vpn > > > Version: 0.21.11+ds1-5+b1 > > > Severity: grave > > > > > > When attempting to run the bookworm riseup-vpn package, it fails to > > > connect to riseup's servers and gives the following output: > > > > > > 2024/05/01 18:21:23 Error fetching eip v3 > > > json:https://api.black.riseup.net/3/config/eip-service.json > > > > > > My understanding is that this is due to the package failing to be able > > > to verify the current LetsEncrypt cert that host is using. More details > > > at > > > > > > https://0xacab.org/leap/bitmask-vpn/-/issues/768 > > > > > > (supposedly the current upstream snap has this fixed, but I haven't > > > tried it) > > > > > > As this breaks what the package is supposed to do (at least when using > > > riseup as provider, maybe there is a way to point it elsewhere?) I think > > > this is grave. Also I think it might be a good candidate for being fixed > > > in a stable release update. > > > > If I am not mistaken, as per the said, issue, it is fixed in the commit > > referenced here, right? > > > > > > https://0xacab.org/leap/bitmask-vpn/-/commit/14cf64b10a97c29688f252a7d9d3481c8484aa1d > > > > I tried this in my testing system and it seems I am able to connect to the > > VPN > > with this patch applied. Can you confirm? > > I tried with this commit using my stable `.deb` in a fresh stable VM and it > seems things are working.
I got more extensive testing done. This definitely fixes the issue as it helps verify the letsencrypt certificate. > > Consequently, I also did some work to cherry-pick this and prepare a > > stable-p-u > > upload (not yet uploaded, will do after confirmation) and pushed my changes > > at[1]. I have also compiled the `.deb` for stable and it is ready to be > > consumed[2]. Do you think you could ask someone to check the same? > > > > Other than that, I also tried to update the package in unstable to the > > latest > > version to fixup this properly. I was able to build it, pushed my changes > > here[3] and the `.deb` is available here[4]. Again, if you/someone else > > could > > try this, it'd be great. It is working for me on my debian/testing system. > > I asked a friend to check on their testing system and it seems to be working > as > well. I will proceed to upload these in a week or so. Until then I am awaiting > your response. OK, so now the time is up and I've got some spare time now - I am going ahead with an upload. This look fine and the package works. > > I would have attemped the update much sooner but unfortunately an update > > with > > 0xacab's gitlab broke my d/watch file and I did not notice a new version is > > out > > there sooner. > > > > I was thinking to go ahead with an upload, but there are a few things that I > > would like to clarify before I do so (btw thanks to the maintainers for > > committing a patch to use with qt6.4): To be clear: these questions do not apply to the stable update. Only to the unstable one. > > 1. Why is the default provider set to "provider = bitmask" in > > providers/vendor.conf? This leads to building the binary called bitmask-vpn > > instead of riseup-vpn. Is there a thought of changing the binary name? > > > > In current stage it points to just dummy APIs and hence I overrode it in > > d/rules > > to build riseup-vpn instead. I am keeping this as is. > > 2. In the vendor/gitlab.com/yawning/obfs4.git/ package, there are 3 license. > > BSD-2-Clause, BSD-3-Clause and also GPL-3 for > > vendor/gitlab.com/yawning/obfs4.git/internal/x25519ell2/x25519ell2.go - so > > what > > exactly is the exact license? Is it redistributable under all the three? (I > > don't think so?) I found a comment from yawning and added the internal/* under GPL. Going for an upload to unstable followed by an s-p-u. > > [1]: > > https://salsa.debian.org/go-team/packages/riseup-vpn/-/tree/debian/bookworm-pu?ref_type=heads > > [2]: https://people.debian.org/~nilesh/riseup-vpn-stable/ > > [3]: > > https://salsa.debian.org/go-team/packages/riseup-vpn/-/tree/debian/sid?ref_type=heads > > [4]: https://people.debian.org/~nilesh/riseup-vpn-0.24.5/ [5]: https://gitlab.com/yawning/obfs4/-/issues/5 Best, Nilesh
signature.asc
Description: PGP signature
