Posts by heitbaum

Quote from Kleiner

I update gcc and g++ to version 14.1.0.

I tried lunch build (with fix and without fix(loading new git) ) , but not success.
Now error cmake (013/313)

Code

Log of errors: /home/tod/LibreELEC.tv/build.LibreELEC-Generic.x86_64-13.0-devel/build/cmake-3.30.2/.x86_64-linux-gnu/Bootstrap.cmk/cmake_bootstrap.log
---------------------------------------------
FAILURE: scripts/build cmake:host during configure_host (package.mk)
*********** FAILED COMMAND ***********
../configure --prefix=${TOOLCHAIN} --no-qt-gui --no-system-libs -- -DCMAKE_C_FLAGS="-O2 -Wall -pipe -Wno-format-security" -DCMAKE_CXX_FLAGS="-O2 -Wall -pipe -Wno-format-security" -DCMAKE_EXE_LINKER_FLAGS="${HOST_LDFLAGS}" -DCMAKE_USE_OPENSSL=OFF -DBUILD_CursesDialog=0
**************************************
FAILURE: scripts/build cmake:host has failed!

The following log for this failure is available:
  /home/tod/LibreELEC.tv/build.LibreELEC-Generic.x86_64-13.0-devel/.threads/logs/13.log

>>> cmake:host seq 13 >>>
[013/313] [FAIL] build   cmake:host

Display More

I installed cmake, but not success.

We build our own copy of cmake (it is failing for some reason)

Details will be in the build.LibreELEC-Generic.x86_64-13.0-devel/.threads/logs/13.log log file

1. But first go back to “your working machine” before you added gcc14. Ubuntu doesn’t have a gcc-14

2. Check the build. Run something like the following commands

cd /home/tod

mv LibreELEC.tv old

git clone https://github.com/LibreELEC/LibreELEC.tv.git

cd LibreELEC.tv

# wget … as above

# git am … as above

# we are not going to build open-iscsi yet

# let’s test you build environment

make image

# share your success/logs

# move on to scripts/build open-iscsi

Booting an image with iscsi may not/probably won’t work (or you might need to do some/a lot of work) we haven’t tested an iscsi build for a long time.

Quote from Kleiner

Thx.
On the computer where I am building libreelec (x64 Ubuntu 22.04 - 64bit) is installed. At the moment I am compiling gcc-14, because... This fix, as I understand it, requires version 14. The terminal showed this: Application: open-iscsi: fix build with gcc-14.
I try it and write here.

You won’t need gcc-14 to do the build (it will cause other issues), it looks like it has made your build host unstable.

The patches themselves are for the LE build system (as we compile a copy of gcc during the build)

The LE build will run with no problems on a “clean Ubuntu 22.04 or 24.04” system.

If in your LibreELEC.tv directory you do the following, that patches to fix the compile error will be added.

wget https://github.com/LibreELEC/LibreELEC.tv/pull/9163.patch
git am 9163.patch

# or the following if you are not using a git clone

patch -p1 < 9163.patch

PR is here. https://github.com/LibreELEC/LibreELEC.tv/pull/9163

if you revert cf874452217e5548821dd24c971282e67297fb0d temporarily (until AMLGX is updated to 6.10). For fakeroot - the PR pulling in 1.35.1 has been merged.

I have done a test using noble (with host gcc 14) and needed the 3 patches in my gcc-14 branch (as I had expected) I needed to remove openjdk-21-jre-headless and use openjdk-17-jre-headless

Commits · heitbaum/LibreELEC.tv

Just enough OS for KODI. Contribute to heitbaum/LibreELEC.tv development by creating an account on GitHub.

github.com

Then did scripts/build kodi

The build was successful

Note: le11 11.0.6 was built with the jammy docker image in our GitHub Actions.

duncang92 we are trying to test this ssl issue, and can’t reproduce it yet.

Can your please confirm the password to your mariadb matches between the advancedsettings.xml and the mariadb. The password won’t be “kodi”. Please don’t share your password here - but it should be the ddddd line.

please also test the following line - it should let you in to the database.
# mariadb -h 192.168.68.51 --skip-ssl-verify-server-cert -u kodi -p

nuc12:~ # more .kodi/userdata/addon_data/service.mariadb/settings.xml 
<settings version="2">
   <setting id="MYSQL_ROOT_PASS">ccccc</setting>
   <setting id="MYSQL_KODI_PASS">ddddddd</setting>
</settings>
nuc12:~ # more .kodi/userdata/addon_data/service.mariadb/set_mysql_passwords.sql 
SET PASSWORD FOR 'root'@'localhost'=PASSWORD('cccccc');
CREATE USER IF NOT EXISTS 'kodi';
CREATE USER IF NOT EXISTS 'kodi'@'localhost';
SET PASSWORD FOR 'kodi'=PASSWORD('dddded');
SET PASSWORD FOR 'kodi'@'localhost'=PASSWORD('dddddd');
GRANT ALL ON *.* TO 'kodi';
GRANT ALL ON *.* TO 'kodi'@'localhost';
flush privileges;

Already included in nightlies. https://github.com/LibreELEC/LibreELEC.tv/pull/9048

Quote from gregtotheizzo

Sorry to beat a dead horse libreelec works flawless.

I see the request made on git and have also posted Kodi forums

https://github.com/xbmc/xbmc/issues/25313

Is there anyway to edit a conf to disable the SSL requirement in the interim? I know this might not be the best place to post the question since it's confirmed as a Kodi issue. However figured I'd ask in case it might be a simple line I could toss in or in comment.

Thanks again for fixing this originally.

Display More

In LE we have fixed/worked around …. the connector change and the fact that 3.4 can only work with a verified ssl connection.

The below patch to Kodi “should” fix Kodi to alway “not verify” ssl (thus allowing non sls too). I have not submitted it upstream as I have not “fully tested it”.

From 28b0785f4e08ea5bc102e42d7af55108256ce778 Mon Sep 17 00:00:00 2001
From: Rudi Heitbaum <[email protected]>
Date: Mon, 10 Jun 2024 06:12:49 +0000
Subject: [PATCH] mysql: force SSL off
---
xbmc/dbwrappers/mysqldataset.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/xbmc/dbwrappers/mysqldataset.cpp b/xbmc/dbwrappers/mysqldataset.cpp
index e277eefd8f..99f2deb160 100644
--- a/xbmc/dbwrappers/mysqldataset.cpp
+++ b/xbmc/dbwrappers/mysqldataset.cpp
@@ -181,6 +181,11 @@ int MysqlDatabase::connect(bool create_new)
    if (!CWakeOnAccess::GetInstance().WakeUpHost(host, "MySQL : " + db))
      return DB_CONNECTION_NONE;

+    my_bool verify=0;
+    mysql_options(conn, MYSQL_OPT_SSL_ENFORCE, (void *)&verify);
+    my_bool enforce_tls=0;
+    mysql_options(conn, MYSQL_OPT_SSL_ENFORCE, (void *)&enforce_tls);
+
    // establish connection with just user credentials
    if (mysql_real_connect(conn, host.c_str(), login.c_str(), passwd.c_str(), NULL,
                           atoi(port.c_str()), NULL, compression ? CLIENT_COMPRESS : 0) != NULL)
-- 
2.43.0

Quote from MatteN

Atm the latest Pi nightly is from 2024-06-23 with latest update from 2024-06-22 which means the latest 8 changes haven't triggered a new build, any problems?

CI doesn’t really like [does not have capacity to] building both LE12 and LE13 on the same day. (And addons.)

in addition the generic builds overrun their 6 hour allotment so these have been missing out a bit. The overrun when the new job cancels the old being the most distracting.

I have cleared the backlog - so “all” 🤞LE13 nightlies are queued for build.

Fix identified - https://github.com/LibreELEC/eventlircd/pull/4

Squeezelite can be found in the multimedia-tools addon.

The file you are trying to run is a 32bit arm binary, in LE12 RPi4 binaries are now 64bit aarch64.

Fixed https://github.com/LibreELEC/LibreELEC.tv/pull/8971

Looks ok here

nuc12:~ # docker version
Client:
 Version:           26.1.4
 API version:       1.45
 Go version:        go1.22.4
 Git commit:        5650f9b10226d75e8e9a490a31cc3e5b846e0034
 Built:             Thu Jun  6 20:30:59 UTC 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          library-import
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.22.4
  Git commit:       library-import
  Built:            library-import
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          1.7.18
  GitCommit:        ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
 runc:
  Version:          1.1.12
  GitCommit:        51d5e94601ceffbbd85688df1c928ecccbfa4685
 docker-init:
  Version:          0.19.0
  GitCommit:        

The required variable in Kodi would be MYSQL_OPT_SSL_MODE=DISABLED as the current default is PREFERRED https://dev.mysql.com/doc/c-api/5.7/en/mysql-options.html that needs to be called before https://dev.mysql.com/doc/c-api/5.7/…al-connect.html

update to the PR https://github.com/xbmc/xbmc/pull/2566 would be needed in xbmc/dbwrappers/mysqldataset.cpp

Quote from vpeter

Looks like this works:

Diff

diff --git a/packages/databases/mariadb-connector-c/package.mk b/packages/databases/mariadb-connector-c/package.mk
index f77ec39aa7..0a213c77fb 100644
--- a/packages/databases/mariadb-connector-c/package.mk
+++ b/packages/databases/mariadb-connector-c/package.mk
@@ -16,6 +16,7 @@ PKG_CMAKE_OPTS_TARGET="-DWITH_EXTERNAL_ZLIB=ON
                        -DCLIENT_PLUGIN_MYSQL_CLEAR_PASSWORD=STATIC
                        -DCLIENT_PLUGIN_MYSQL_OLD_PASSWORD=STATIC
                        -DCLIENT_PLUGIN_REMOTE_IO=OFF
+                       -DDEFAULT_SSL_VERIFY_SERVER_CERT=OFF
                       "
 
 post_makeinstall_target() {

Display More

Thanks for testing vpeter - for the time being (as this needs a Kodi change) this will need to be the workaround.

It looks like the client has changed the “failure logic”

[MDEV-28634] Client's --ssl-* options (without --ssl-verify-server-cert) are silently ignored if TLS is not possible - Jira
>> The client will only see an error if they also provide the --ssl-verify-server-cert option:<<

I believe the correct fix would be to set sslMode=disabled in the connection from Kodi - as in https://mariadb.com/kb/en/using-tl…java-connector/ (will be the same with c connector I believe)
By default when sslMode is set (not disabled), connector will use "serverSslCert" is set or the default truststore if not. Using default truststore can be disable setting option "fallbackToSystemTrustStore" to false.

Can you confirm it forces ssl or forces ssl verification?

these are the changes

Comparing v3.3.10...v3.4.0 · mariadb-corporation/mariadb-connector-c

MariaDB Connector/C is used to connect applications developed in C/C++ to MariaDB and MySQL databases.The client library is LGPL licensed. - Comparing…

github.com

and this one is the force ssl verification.

make DEFAULT_SSL_VERIFY_SERVER_CERT a cmake option · mariadb-corporation/mariadb-connector-c@82983a3

github.com

Here are the ssl stuff from mariadb and there seems to be some require per user. Without seeing the logs I could not comment further. But is your connection running ssl (and just without the verify?) and it fails with the connector 3.4 (due to the verify) - the comments should be pretty useful in isolating this.