Meeting 2022 03

14.06.2022 - 20:00 CEST - mumble.freifunk.net

Attendees

• aiyion (ffh)
• blocktrron (ffda)
• Benjamin (ffsh)
• ce-4 (ffmuc)
• gabor (ffgraz)
• istobic (ffnh) (until 21:05)
• jsc
• lemoer (ffh)
• mkg20001 (ffgraz)
• rotanid (ffa)
• shoragan (ffbs)
• tomh (ffda/ffrn)
• T_X
• xbr (fflux)
• neoraider
• aparcar (OpenWrt)

Topics

• Discussion of Roadmap [👤 lemoer]

  • New activities?
    • No.
  • Finished activities?
    • gluon-usteer was merged to the community packages repo.
  • New wishes?
    • No.

  --> roadmap got updated

• v2022.1:

  • Whishlist:
    • gluon-core: add isolated option to gluon_wired proto #2484
      • allows to really take advantage of the new network configuration options
    • PR: kernel: bridge: readding MLD wakeup call feature #2365 (WIP, T_X)
      • "readding" - double "d" ??? also in commit title -> yes, "to add", not "ad" like advertisement
      • Doesn't seem to be critical.
  • Blockers:
    • Status Page: multiple data collection processes #2468
      • This is one of the most severe bugs to fix (before the next release).
      • Suggestion: Do not consider it as blocker anymore.
        • Maybe if we can't solve it before the release, we could mark it as known bug.
        • This could lead to more people observing the bug.
      • [👤NeoRaider] says, that it is very likely that we will find it, if we start to add debug output to sse-multiplexd.
      • At least two regulars consider it a blocker, so it remains a blocker (as of now).
    • ramips-mt7621: migration of sysfs paths in /etc/config/wireless necessary #2391
      • archer c7 had a similar issue
      • [👤blocktrron] will look into it.
      • [👤blocktrron] says, this it is likely that we can solve this within the next 2 weeks.
      • At least two regulars consider it a blocker, so it remains a blocker (as of now).
    • ramips-mt7621: sysupgrade rejects images with newer SUPPORT_VERSION #2300
      • https://github.com/blocktrron/gluon/tree/dsa-migration
      • [👤blocktrron] says, this it is likely that we can solve this within the next 2 weeks.
      • At least two regulars consider it a blocker, so it remains a blocker (as of now).
    • PR: ath79-generic: (re)add support for UniFi AC Mesh Pro #2462
      • Blocker, unless the commit that (re)adds UAP-AC-PRO (#2439) is reverted.
      • [👤Aiyion] is on it.
      • Will most likely be finished in one or two weeks.
  • Current Blockers: (are they really blockers? how do we solve them?)
    • Issues within the 2022.1 Milestone
  • When?
    • Sooner than later
    • Since this is OpenSource, we can not give ETAs.

• Status of Devices with only few resources:

  • Status of 8/32 devices
    • There are reports that they are currently unusable.
    • People have been doing tests, but it really doesn't work.
    • Currently there is no one that wants to put work in.
  • Status of 8/XX devices
    • not that much flash, maybe issue some kind of warning?
    • TP-Link RE450 might have an unfortunate flash layout, with only 6MB usable for OpenWrt/Gluon, even though it has an 8MB flash chip
    • other devices which may run into problems: Nexx WT3020 8M, TP-Link Archer C20 v1, TP-Link Archer C20i
    • no warning, with regular gluon stuff there's still enough space

• CVE-2022-24884 Aftermath

  • Update progress?
  • Things to improve?
    • Organisational:
      • Kudos to all the / so many communities who were able to update so quickly!
      • Still quite a few communities seemingly still need an update, no update observed in Gluon-Census for these.
    • Code:
      • Add support for SSL
        • configurable as either optional when available (ustream-ssl installed? + https mirror configured) or mandatory
        • should be possible to use SSL instead of manifest signatures, if good_signatures=0 (maybe not that useful for Freifunk context, although Freifunk Dresden does exactly this with their own autoupdater)
        • (SSL option might also make it more suitable to upstream the autoupdater to OpenWrt?)
      • Add support for usign?
        • packages gluon-autoupdater-ecdsautils + gluon-autoupdater-usign, allowing to choose to acccept signatures from either or both tools (manifest format would stay the same)
      • Add an explicit sanity check for duplicate signatures in ecdsautils? Then a good_signatures > 1 would have saved us, too.
      • Security audit of ecdsautils + autoupdater (+ respondd)?

• OLSR2 PR https://github.com/freifunk-gluon/gluon/pull/2535 [👤mkg20001 & 5gbr]

  • please review
  • no clientap, just meshing with olsr2 nodes
  • replace mmfd with getting topology from olsrd?
    • later maybe
  • move l3/mmfd firewall to specific packages instead of babel/olsr
  • graz has devices in production now
  • (unrelated) [👤5gbr] fixed IBSS on ffgraz fork

• Warning label for webui, custom template sections https://github.com/freifunk-gluon/gluon/pull/2530 [👤mkg20001]

  • please review
  • needed for custom stuff in ffgraz community-packages webui packages
  • [👤neoraider] will review

• Config-Mode UI for Interface Role Assignment #2480 [👤lemoer]

  • Discussion about the next steps in this direction.
  • Maybe build the UI without adding a possibility to expand /lan, /wan and /single interfaces in the first place.
  • In the second instance:
    • By default, /lan refers to lan1, lan2, lan3, lan4.
    • If an interface for lan1 is defined, then:
      • lan1 is removed from /lan.
      • So this means that /lan only refers to lan2, lan3, lan4.

• support for devices without WAN port but multiple LAN ports [👤rotanid]

  • future newly added devices will use LAN1 as WAN and further ports are used as LAN