Posts by heitbaum

Quote from gregtotheizzo

Sorry to beat a dead horse libreelec works flawless.

I see the request made on git and have also posted Kodi forums

https://github.com/xbmc/xbmc/issues/25313

Is there anyway to edit a conf to disable the SSL requirement in the interim? I know this might not be the best place to post the question since it's confirmed as a Kodi issue. However figured I'd ask in case it might be a simple line I could toss in or in comment.

Thanks again for fixing this originally.

Display More

In LE we have fixed/worked around …. the connector change and the fact that 3.4 can only work with a verified ssl connection.

The below patch to Kodi “should” fix Kodi to alway “not verify” ssl (thus allowing non sls too). I have not submitted it upstream as I have not “fully tested it”.

From 28b0785f4e08ea5bc102e42d7af55108256ce778 Mon Sep 17 00:00:00 2001
From: Rudi Heitbaum <[email protected]>
Date: Mon, 10 Jun 2024 06:12:49 +0000
Subject: [PATCH] mysql: force SSL off
---
xbmc/dbwrappers/mysqldataset.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/xbmc/dbwrappers/mysqldataset.cpp b/xbmc/dbwrappers/mysqldataset.cpp
index e277eefd8f..99f2deb160 100644
--- a/xbmc/dbwrappers/mysqldataset.cpp
+++ b/xbmc/dbwrappers/mysqldataset.cpp
@@ -181,6 +181,11 @@ int MysqlDatabase::connect(bool create_new)
    if (!CWakeOnAccess::GetInstance().WakeUpHost(host, "MySQL : " + db))
      return DB_CONNECTION_NONE;

+    my_bool verify=0;
+    mysql_options(conn, MYSQL_OPT_SSL_ENFORCE, (void *)&verify);
+    my_bool enforce_tls=0;
+    mysql_options(conn, MYSQL_OPT_SSL_ENFORCE, (void *)&enforce_tls);
+
    // establish connection with just user credentials
    if (mysql_real_connect(conn, host.c_str(), login.c_str(), passwd.c_str(), NULL,
                           atoi(port.c_str()), NULL, compression ? CLIENT_COMPRESS : 0) != NULL)
-- 
2.43.0

Quote from MatteN

Atm the latest Pi nightly is from 2024-06-23 with latest update from 2024-06-22 which means the latest 8 changes haven't triggered a new build, any problems?

CI doesn’t really like [does not have capacity to] building both LE12 and LE13 on the same day. (And addons.)

in addition the generic builds overrun their 6 hour allotment so these have been missing out a bit. The overrun when the new job cancels the old being the most distracting.

I have cleared the backlog - so “all” 🤞LE13 nightlies are queued for build.

Fix identified - https://github.com/LibreELEC/eventlircd/pull/4

Squeezelite can be found in the multimedia-tools addon.

The file you are trying to run is a 32bit arm binary, in LE12 RPi4 binaries are now 64bit aarch64.

Fixed https://github.com/LibreELEC/LibreELEC.tv/pull/8971

Looks ok here

nuc12:~ # docker version
Client:
 Version:           26.1.4
 API version:       1.45
 Go version:        go1.22.4
 Git commit:        5650f9b10226d75e8e9a490a31cc3e5b846e0034
 Built:             Thu Jun  6 20:30:59 UTC 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          library-import
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.22.4
  Git commit:       library-import
  Built:            library-import
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          1.7.18
  GitCommit:        ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
 runc:
  Version:          1.1.12
  GitCommit:        51d5e94601ceffbbd85688df1c928ecccbfa4685
 docker-init:
  Version:          0.19.0
  GitCommit:        

The required variable in Kodi would be MYSQL_OPT_SSL_MODE=DISABLED as the current default is PREFERRED https://dev.mysql.com/doc/c-api/5.7/en/mysql-options.html that needs to be called before https://dev.mysql.com/doc/c-api/5.7/…al-connect.html

update to the PR https://github.com/xbmc/xbmc/pull/2566 would be needed in xbmc/dbwrappers/mysqldataset.cpp

Quote from vpeter

Looks like this works:

Diff

diff --git a/packages/databases/mariadb-connector-c/package.mk b/packages/databases/mariadb-connector-c/package.mk
index f77ec39aa7..0a213c77fb 100644
--- a/packages/databases/mariadb-connector-c/package.mk
+++ b/packages/databases/mariadb-connector-c/package.mk
@@ -16,6 +16,7 @@ PKG_CMAKE_OPTS_TARGET="-DWITH_EXTERNAL_ZLIB=ON
                        -DCLIENT_PLUGIN_MYSQL_CLEAR_PASSWORD=STATIC
                        -DCLIENT_PLUGIN_MYSQL_OLD_PASSWORD=STATIC
                        -DCLIENT_PLUGIN_REMOTE_IO=OFF
+                       -DDEFAULT_SSL_VERIFY_SERVER_CERT=OFF
                       "
 
 post_makeinstall_target() {

Display More

Thanks for testing vpeter - for the time being (as this needs a Kodi change) this will need to be the workaround.

It looks like the client has changed the “failure logic”

[MDEV-28634] Client's --ssl-* options (without --ssl-verify-server-cert) are silently ignored if TLS is not possible - Jira
>> The client will only see an error if they also provide the --ssl-verify-server-cert option:<<

I believe the correct fix would be to set sslMode=disabled in the connection from Kodi - as in https://mariadb.com/kb/en/using-tl…java-connector/ (will be the same with c connector I believe)
By default when sslMode is set (not disabled), connector will use "serverSslCert" is set or the default truststore if not. Using default truststore can be disable setting option "fallbackToSystemTrustStore" to false.

Can you confirm it forces ssl or forces ssl verification?

these are the changes

Comparing v3.3.10...v3.4.0 · mariadb-corporation/mariadb-connector-c

MariaDB Connector/C is used to connect applications developed in C/C++ to MariaDB and MySQL databases.The client library is LGPL licensed. - Comparing…

github.com

and this one is the force ssl verification.

make DEFAULT_SSL_VERIFY_SERVER_CERT a cmake option · mariadb-corporation/mariadb-connector-c@82983a3

github.com

Here are the ssl stuff from mariadb and there seems to be some require per user. Without seeing the logs I could not comment further. But is your connection running ssl (and just without the verify?) and it fails with the connector 3.4 (due to the verify) - the comments should be pretty useful in isolating this.

I don’t understand the conversation around the shared library. There has never been a link to /usr/lib for the shared library in LE. The other binaries are correctly linked to the shared library as can be shown by using ldd. I have tried running boblightd via trace and can’t see the library being imported dynamically. Can you please share where you think the dynamic library is being used.

I can see the process running as below (which wouldn’t run if a library is missing.) I can’t run it myself as I don’t have the serial interface that boblightd communicates too.

nuc12:~ # systemctl status service.multimedia.boblightd | cat
● service.multimedia.boblightd.service - boblightd
Loaded: loaded (/storage/.config/system.d/service.multimedia.boblightd.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-05-06 13:37:48 UTC; 22s ago
Main PID: 1958390 (boblightd)
Tasks: 2 (limit: 36590)
Memory: 856.0K (peak: 1.5M)
CPU: 32ms
CGroup: /system.slice/service.multimedia.boblightd.service
└─1958390 boblightd -c /storage/.kodi/userdata/addon_data/service.multimedia.boblightd/boblight.conf

May 06 13:37:48 nuc12 systemd[1]: Started service.multimedia.boblightd.service.
May 06 13:37:48 nuc12 sh[1958414]: cp: can't stat '/storage/.kodi/addons/service.multimedia.boblightd/config/*.sample': No such file or directory

I’m definitely not a bob light expert. I’m assuming that the default /dev/ttyACM0 is the serial port - if that is the same error - then would suggest checking what serial port is on your LE install.

It looks like it doesn’t link to the shared library.

nuc12:~ # ldd .kodi/addons/service.multimedia.boblightd/bin/boblightd
       linux-vdso.so.1 (0x00007fff1bbfd000)
       libusb-1.0.so.0 => /usr/lib/libusb-1.0.so.0 (0x00007ffb71a43000)
       libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007ffb717de000)
       libm.so.6 => /usr/lib/libm.so.6 (0x00007ffb71702000)
       libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007ffb716d5000)
       libc.so.6 => /usr/lib/libc.so.6 (0x00007ffb71508000)
       libudev.so.1 => /usr/lib/libudev.so.1 (0x00007ffb714c8000)
       /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007ffb71a5a000)

I have run the boblightd process and “it seems to run”

Quote

# .kodi/addons/service.multimedia.boblightd/bin/boblightd -c /storage/.kodi/userdata/addon_data/servi
ce.multimedia.boblightd/boblight.conf
(InitLog) start of log /storage/.boblight/boblightd.log
(PrintFlags) starting .kodi/addons/service.multimedia.boblightd/bin/boblightd -c /storage/.kodi/userdata/addon_data/service.multimedia.boblightd/boblight.conf
(CConfig::LoadConfigFromFile) opening /storage/.kodi/userdata/addon_data/service.multimedia.boblightd/boblight.conf
(CConfig::CheckConfig) checking config lines
(CConfig::CheckConfig) config lines valid
(CConfig::BuildConfig) building config
(CConfig::BuildConfig) built config successfully
(main) starting devices
(CClientsHandler::Process) opening listening socket on 127.0.0.1:19333
(CClientsHandler::Process) ERROR: bind() 127.0.0.1:19333 Address already in use
(CDevice::Process) device1: starting with output "/dev/ttyACM0"
(CDevice::Process) device1: setting up
(CDeviceRS232::OpenSerialPort) ERROR: device1: /dev/ttyACM0: open() No such file or directory
(CDevice::Process) ERROR: device1: setting up failed, retrying in 10 seconds
^C(SignalHandler) caught SIGINT
(main) signaling devices to stop
(CClientsHandler::Cleanup) disconnecting clients
(CClientsHandler::Cleanup) closing listening socket
(CClientsHandler::Cleanup) clients handler stopped
(main) waiting for devices to stop
(CDevice::Process) device1: closed
(CDevice::Process) device1: stopped
Segmentation fault (core dumped)

Display More

Quote from mglae

Change download source:

Diff

diff --git a/packages/devel/commons-text/package.mk b/packages/devel/commons-text/package.mk
index c0277ca900..654ba2112a 100644
--- a/packages/devel/commons-text/package.mk
+++ b/packages/devel/commons-text/package.mk
@@ -6,7 +6,7 @@ PKG_VERSION="1.11.0"
 PKG_SHA256="4169cb90571fb28fad4c5eea7c1c994c18f1995452f73e8ea7a86087c0e3822e"
 PKG_LICENSE="Apache-2.0"
 PKG_SITE="https://commons.apache.org/proper/commons-text/"
-PKG_URL="https://dlcdn.apache.org/commons/text/binaries/commons-text-${PKG_VERSION}-bin.tar.gz"
+PKG_URL="https://archive.apache.org/dist/commons/text/binaries/commons-text-${PKG_VERSION}-bin.tar.gz"
 PKG_DEPENDS_TARGET="toolchain"
 PKG_LONGDESC="Apache Commons Text is a library focused on algorithms working on strings"
 PKG_TOOLCHAIN="manual"

Display More

You beat me to it https://github.com/LibreELEC/LibreELEC.tv/pull/8825

It’s using the systemd dynamic user. You can see this in /usr/lib/systemd/system/wsdd2.service; and visibility for review in LE13 - https://github.com/LibreELEC/LibreELEC.tv/pull/8705

Quote from jonian

Thank you for looking at this heitbaum! Unfortunately I can't test that image since I have a Raspberry Pi 5.

I’m not sure why I thought your image was Generic. I have compiled a RPi5 test image https://heitbaum.libreelec.tv for you.

ehoitinga this updates bluez to potentially address a DualShock BT device issue. You may want to test this for your scenario

LE12 image with bluez 5.75+. https://heitbaum.libreelec.tv/LibreELEC-Gene…-f46fff4.img.gz includes https://github.com/LibreELEC/LibreELEC.tv/pull/8820

jonian LE12 image with bluez 5.75+ for you to test. https://heitbaum.libreelec.tv/LibreELEC-Gene…-f46fff4.img.gz includes https://github.com/LibreELEC/LibreELEC.tv/pull/8820