slarm64This forum is for the discussion of slarm64.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thanks! Should I comment out the mirror in /etc/slackpkg/mirrors and update? Is that safe to do?
UNcomment your mirror of choice and upgrade to your heart's content. Yes, totally safe to do, I have a Rock64 running slarm64 24/7 as a torrent box and LAN server / update mirror, I keep it upgraded regularly. No problems, highly stable.
Just a quick FYI/bug report. I'm writing up some nice instructions for getting Octoprint up on the Rock64. In doing that, I'm trying to do everything "right". If you do the recommended slackpkg commands, it will brick it. Well, just not boot to that SD again, until you reimage or fix it.
At the beginning of 'slackpkg clean-system', it says that it's going to remove these packages. They're all listed, even though it's obvious that some are totally unrelated. Just trying to be complete.
I'm guessing that some part of the installation for the kernel isn't happening, so removing the files breaks it. There is also nothing in the default /etc/slackpkg/blacklist . I tried to get a serial console up to my board, but that didn't work with either a CP2102 or FTDI FT232RL, at 1500000 8N1N, so I can't give any more useful feedback there. I've done it several times now, and I haven't done anything extra before updating. I'm trying to go through my instructions to make sure they're easy for a layman, so it's by the numbers simple.
Also, there's something wrong with the osdn.net mirrors. Some files on some mirrors are showing 404, and slackpkg is saving a 0 byte file for each. That upsets it when it's trying to install them. It was also throwing md5sum and gpg errors, but I think they were all caused by the 404 thing. Switching to dl.slarm64.org links fixed that. Sorry for sucking up your bandwidth.
If you need any more info, feel free to ask. I don't mind doing stuff to this board for a little while to test. Once it's managing it's printer, I'd like to leave it there.
Just a quick FYI/bug report. I'm writing up some nice instructions for getting Octoprint up on the Rock64. In doing that, I'm trying to do everything "right". If you do the recommended slackpkg commands, it will brick it. Well, just not boot to that SD again, until you reimage or fix it.
At the beginning of 'slackpkg clean-system', it says that it's going to remove these packages. They're all listed, even though it's obvious that some are totally unrelated. Just trying to be complete.
I'm guessing that some part of the installation for the kernel isn't happening, so removing the files breaks it. There is also nothing in the default /etc/slackpkg/blacklist . I tried to get a serial console up to my board, but that didn't work with either a CP2102 or FTDI FT232RL, at 1500000 8N1N, so I can't give any more useful feedback there. I've done it several times now, and I haven't done anything extra before updating. I'm trying to go through my instructions to make sure they're easy for a layman, so it's by the numbers simple.
That's right, the kernel used for rock64 is not vanilla (a number of patches have been applied), so when you purge, you remove the kernel.
Some packages are also removed that are not included in the slarm64 distribution (which repeats the slackware64 package base).
Quote:
Originally Posted by JWSmythe
Also, there's something wrong with the osdn.net mirrors. Some files on some mirrors are showing 404, and slackpkg is saving a 0 byte file for each. That upsets it when it's trying to install them. It was also throwing md5sum and gpg errors, but I think they were all caused by the 404 thing. Switching to dl.slarm64.org links fixed that. Sorry for sucking up your bandwidth.
If you need any more info, feel free to ask. I don't mind doing stuff to this board for a little while to test. Once it's managing it's printer, I'd like to leave it there.
That's right, the kernel used for rock64 is not vanilla (a number of patches have been applied), so when you purge, you remove the kernel.
Some packages are also removed that are not included in the slarm64 distribution (which repeats the slackware64 package base).
Shouldn't kernel-* be added to /etc/slackpkg/blacklist by default? So normal users don't accidentally blow away their kernels? When I saw it, I assumed that it had been upgraded by another kernel-* package, and those were leftovers.
I have updated my instructions to warn about this. Just to not do clean-system, not update the blacklist.
Shouldn't kernel-* be added to /etc/slackpkg/blacklist by default? So normal users don't accidentally blow away their kernels? When I saw it, I assumed that it had been upgraded by another kernel-* package, and those were leftovers.
I have updated my instructions to warn about this. Just to not do clean-system, not update the blacklist.
To be honest, I would not like to remove the ability for the user to control his system (this happened for the first time).
To be honest, I would not like to remove the ability for the user to control his system (this happened for the first time).
osdn.net loading fixed.
Fair enough. I put it in my writeup, with an explanation. I hope someone might use it, but there's a good chance this whole thing will only ever be read by 3 people.
BTW, did you notice that wget doesn't work on https://dl.slarm64.org? It's something with the ZeroSSL CA. I guess it isn't in our cert bundle.
My site (also tested below) was failing with the ca-certificates included on the installation image, but it was fixed after updating ca-certificates to current. That was because of a recent problem with Let's Encrypt, which was fixed recently.
I checked it with wget on the Rock64, and on my Slackware64 14.2 server. Those are both broken It also fails under the Kali WSL on Windows, with the "certificate ... doesn't have a known issuer". I also updated the ca-certificates on the Rock64 with the mainstream Slackware-current package (20220309), and it still fails.
It does work fine with current Chrome on Win11. I know the Chrome folks are more attentive to keeping all the certs updated. It doesn't matter to me, and just using the http:// link works perfectly, but some people may not know or bother to look. I will try building my own updated ca-certificates package with the Slackware-current build scripts, and see if it fixes anything, but that looks like it last gathered the cert data 3 days ago. So it's a problem with ZeroSSL's trust, not slarm64, other than making life difficult for people.
Code:
root@rock64:~# slackpkg search ca-certificates
Looking for ca-certificates in package list. Please wait... DONE
The list below shows all packages with name matching "ca-certificates".
[ installed ] - ca-certificates-20220309-noarch-1
You can search specific files using "slackpkg file-search file".
root@rock64:~# wget https://dl.slarm64.org
--2022-03-12 22:02:18-- https://dl.slarm64.org/
Resolving dl.slarm64.org (dl.slarm64.org)... 193.151.15.132
Connecting to dl.slarm64.org (dl.slarm64.org)|193.151.15.132|:443... connected.
ERROR: cannot verify dl.slarm64.org's certificate, issued by ‘CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT’:
Unable to locally verify the issuer's authority.
To connect to dl.slarm64.org insecurely, use `--no-check-certificate'.
root@rock64:~# wget https://jwsmythe.com
--2022-03-12 22:02:27-- https://jwsmythe.com/
Resolving jwsmythe.com (jwsmythe.com)... 47.206.58.201
Connecting to jwsmythe.com (jwsmythe.com)|47.206.58.201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5281 (5.2K) [text/html]
Saving to: ‘index.html.2’
index.html.2 100%[============================================================>] 5.16K --.-KB/s in 0s
2022-03-12 22:02:27 (18.5 MB/s) - ‘index.html.2’ saved [5281/5281]
root@rock64:~#
BTW, did you notice that wget doesn't work on https://dl.slarm64.org? It's something with the ZeroSSL CA. I guess it isn't in our cert bundle.
My site (also tested below) was failing with the ca-certificates included on the installation image, but it was fixed after updating ca-certificates to current. That was because of a recent problem with Let's Encrypt, which was fixed recently.
I checked it with wget on the Rock64, and on my Slackware64 14.2 server. Those are both broken It also fails under the Kali WSL on Windows, with the "certificate ... doesn't have a known issuer". I also updated the ca-certificates on the Rock64 with the mainstream Slackware-current package (20220309), and it still fails.
It does work fine with current Chrome on Win11. I know the Chrome folks are more attentive to keeping all the certs updated. It doesn't matter to me, and just using the http:// link works perfectly, but some people may not know or bother to look. I will try building my own updated ca-certificates package with the Slackware-current build scripts, and see if it fixes anything, but that looks like it last gathered the cert data 3 days ago. So it's a problem with ZeroSSL's trust, not slarm64, other than making life difficult for people.
Code:
root@rock64:~# slackpkg search ca-certificates
Looking for ca-certificates in package list. Please wait... DONE
The list below shows all packages with name matching "ca-certificates".
[ installed ] - ca-certificates-20220309-noarch-1
You can search specific files using "slackpkg file-search file".
root@rock64:~# wget https://dl.slarm64.org
--2022-03-12 22:02:18-- https://dl.slarm64.org/
Resolving dl.slarm64.org (dl.slarm64.org)... 193.151.15.132
Connecting to dl.slarm64.org (dl.slarm64.org)|193.151.15.132|:443... connected.
ERROR: cannot verify dl.slarm64.org's certificate, issued by ‘CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT’:
Unable to locally verify the issuer's authority.
To connect to dl.slarm64.org insecurely, use `--no-check-certificate'.
root@rock64:~# wget https://jwsmythe.com
--2022-03-12 22:02:27-- https://jwsmythe.com/
Resolving jwsmythe.com (jwsmythe.com)... 47.206.58.201
Connecting to jwsmythe.com (jwsmythe.com)|47.206.58.201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5281 (5.2K) [text/html]
Saving to: ‘index.html.2’
index.html.2 100%[============================================================>] 5.16K --.-KB/s in 0s
2022-03-12 22:02:27 (18.5 MB/s) - ‘index.html.2’ saved [5281/5281]
root@rock64:~#
Looks like someone fixed something. It works now, without running update-ca-certificate. The timestamp on ca-certificates.crt is a few minutes before the tests I commented with.
On a slightly different note, I am running into an issue with u-boot when trying to build a post-"dirty pipe" image for this board. (bold emphasis added)
Code:
UPD include/generated/timestamp_autogenerated.h
CC cmd/version.o
AR cmd/built-in.o
LD u-boot
OBJCOPY u-boot-nodtb.bin
./"arch/arm/mach-rockchip/make_fit_atf.py" \
arch/arm/dts/rk3328-rock64.dtb > u-boot.its
RELOC u-boot-nodtb.bin
MKIMAGE u-boot.itb
/hdd/slarm64/images_build_kit/build/source/u-boot /hdd/slarm64/images_build_kit/build/source/u-boot
tools/mkimage: Can't open /hdd/slarm64/images_build_kit/build/source/rkbin/bin/rk33/rk3328_ddr_333MHz_v1.19.bin: No such file or directory
Error: Bad parameters for image type
Usage: tools/mkimage -l image
-l ==> list image header information
tools/mkimage [-x] -A arch -O os -T type -C comp -a addr -e ep -n name -d data_file[:data_file...] image
-A ==> set architecture to 'arch'
-O ==> set operating system to 'os'
-T ==> set image type to 'type'
-C ==> set compression type 'comp'
-a ==> set load address to 'addr' (hex)
-e ==> set entry point to 'ep' (hex)
-n ==> set image name to 'name'
-d ==> use image data from 'datafile'
-x ==> set XIP (execute in place)
tools/mkimage [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-E] [-B size] [-i <ramdisk.cpio.gz>] fit-image
<dtb> file is used with -f auto, it may occur multiple times.
-D => set all options for device tree compiler
-f => input filename for FIT source
-i => input filename for ramdisk file
-E => place data outside of the FIT structure
-B => align size in hex for FIT structure and header
Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]
-k => set directory containing private keys
-K => write public keys to this .dtb file
-G => use this signing key (in lieu of -k)
-c => add comment in signature node
-F => re-sign existing FIT image
-p => place external data at a static position
-r => mark keys used as 'required' in dtb
-N => openssl engine to use for signing
tools/mkimage -V ==> print version information and exit
Use '-T list' to see a list of available image types
A quick look in the directory with the missing file shows that a version bump is needed in the mentioned binary:
I recall that the last time this happened I worked around it with a symlink. I just wanted to bring it up here in case you wanted to add a more elegant solution.
Hmmm... alright. Now I am getting a different error in roughly the same spot:
Code:
MKIMAGE tpl/u-boot-tpl-rockchip.bin
CAT idbloader.img
CAT u-boot-rockchip.bin
UPD include/generated/timestamp_autogenerated.h
CC cmd/version.o
AR cmd/built-in.o
LD u-boot
OBJCOPY u-boot-nodtb.bin
./"arch/arm/mach-rockchip/make_fit_atf.py" \
arch/arm/dts/rk3328-rock64.dtb > u-boot.its
RELOC u-boot-nodtb.bin
MKIMAGE u-boot.itb
/hdd/slarm64/images_build_kit/build/source/u-boot /hdd/slarm64/images_build_kit/build/source/u-boot
Error: SPL image is too large (size 0x7800 than 0x7000)
Error: Bad parameters for image type
Usage: tools/mkimage -l image
-l ==> list image header information
tools/mkimage [-x] -A arch -O os -T type -C comp -a addr -e ep -n name -d data_file[:data_file...] image
-A ==> set architecture to 'arch'
-O ==> set operating system to 'os'
-T ==> set image type to 'type'
-C ==> set compression type 'comp'
-a ==> set load address to 'addr' (hex)
-e ==> set entry point to 'ep' (hex)
-n ==> set image name to 'name'
-d ==> use image data from 'datafile'
-x ==> set XIP (execute in place)
tools/mkimage [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-E] [-B size] [-i <ramdisk.cpio.gz>] fit-image
<dtb> file is used with -f auto, it may occur multiple times.
-D => set all options for device tree compiler
-f => input filename for FIT source
-i => input filename for ramdisk file
-E => place data outside of the FIT structure
-B => align size in hex for FIT structure and header
Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]
-k => set directory containing private keys
-K => write public keys to this .dtb file
-G => use this signing key (in lieu of -k)
-c => add comment in signature node
-F => re-sign existing FIT image
-p => place external data at a static position
-r => mark keys used as 'required' in dtb
-N => openssl engine to use for signing
tools/mkimage -V ==> print version information and exit
Use '-T list' to see a list of available image types
I have tried switching between the two sources for rkbin as well as u-boot-tools in config/sources/rockchip.inc, but nothing lets me get past the u-boot compilation stage above.
FWIW, I am getting something similar when I try to build images for Quartz64 also. So, maybe something is going on with the rockchip boot sources and I just need to be more patient.
Just for your info, nothing critical. Thanks much.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
It works now, without running update-ca-certificate. The timestamp on ca-certificates.crt is a few minutes before the tests I commented with.
