Posts by chewitt

Done

LE(13) and RPiOS use the same Linux 6.12.y LTS kernel source so you shouldn't need to touch that. All the mesa patches are long upstreamed by Igalia (on behalf of RPi devs) so just use a recent version. Kodi and ffmpeg still requires downstream patches, as you'll find in our repo. The various build options are in the package.mk files, as you found. Beyond that, I've little experience with compiling Kodi outside our buildsystem so I can't really advise.

popcornmix does RPiOS not have an appropriately patched Kodi (and ffmpeg) version to use out-of-box?

Ahh. Sorry to hear that but glad there's a logical explanation for the erratic network behaviour!

Quote from Reddirt

I can cd /storage but doesn't seem to do anything.

The root user's home folder is /storage so when you login, this is where you are. If you then "cd /storage" you change directory to the same one you are already in. Hence it (correctly) doesn't seem to do anything.

I was originally suspecting a power issue; especially if the drive is being powered from the USB bus, but when power draw is the issue I'd expect to see spurious errors in the log; mount failures or USB errors or .. something to indicate the device probed then trying/failing/trying/failing to mount and then eventually succeeding. Instead the log looks clean, as if the device is probed (once) and then mounts cleanly and correctly (once).

If the device is USB bus powered, is it a 'single' USB cable or a 'dual' (Y) cable that takes power from multiple USB ports. SSD drives might be small but that doesn't necessarily mean they use little/less power - they can be hungry devices.

Just for info, please run "lsusb -tv | paste" and "lsmod | paste" when the drive is connected.

Benchmarks focus on "Which is fastest?" when the better question(s) are "Which is fast-enough for a good experience?" and "Which is best supported?" so they are not telling the whole story.

e.g. RK3588 wins all current ARM SoC benchmarks but is only borderline usable due to incomplete software, whereas comparatively slow RPi5 is more than fast-enough and exceptionally well supported. Intel based hardware also scores big numbers but has been a lottery in recent years due to the never-ending drama from by LSPCON chips (and firmware) in the display chain.

In short: Speed != Value

<?xml version="1.0" encoding="utf-8" ?>
<advancedsettings version="1.0">
  <!-- enable debug logging -->
  <loglevel hide="false">1</loglevel>
</advancedsettings>

First, create /storage/.kodi/userdata/advancedsettings.xml with that ^ content so Kodi is in debug mode for logs.

Second, run "vainfo | paste" and share the URL.

Now two things to experiment with:

a) Force the HDMI connector colourspace profile to Broadcast RGB:

systemctl stop kodi
kmstest -c HDMI-A-3 -P "Broadcast RGB=1" < /dev/null
systemctl start kodi

Any different? - run "pastekodi" and share the URL again.

b) Force Kodi to use the i965 driver profile:

MESA_LOADER_DRIVER_OVERRIDE=i965
LIBVA_DRIVER_NAME=i965

Create /storage/.config/kodi.conf with that ^ content, then reboot and run "pastekodi" and share the URL again. Also run "vainfo |paste" and share the URL.

I'm not expecting to acomplish anything .. but we'll have more information to review.

EDIT: 3rd thing: Do you have a DP to HDMI connector? .. i.e. connect to the DP socket not an HDMI socket. It would be interesting to see if that changes anything. I'm also wondering if the board has native HDMI connectors or internally they are DP with an LSPCON chip providing HDMI .. in which case have you ever updated the BIOS and/or LSPCON firmware?

PROJECT=RPi DEVICE=RPi5 ARCH=aarch64 make image

Or if you really do need to build an image .. start by building the current HEAD commit for either LE12 or master (LE13) branches. It all works. There is no need to muck about with package versions and patches.

Given that RPi5 is now a fully supported device, is there any reason you are not simply using the latest release or nightly image?

WireGuard does not depend on OpenSSL so it will not have the same issue with bad CRL certs (as they are not used). If it has issues they will be entirely WireGuard issues.

warning <general>: [display-info] EDID parser warnings:
warning <general>: [display-info] ----------------------------------------------
warning <general>: [display-info] Block 0, Base EDID:
warning <general>: [display-info]   Some but not all primaries coordinates are unset.
warning <general>: [display-info] 
warning <general>: [display-info] Block 1, CTA-861 Extension Block:
warning <general>: [display-info]   Video Capability Data Block: Set Selectable RGB Quantization to avoid interop issues.
warning <general>: [display-info] 
warning <general>: [display-info] ----------------------------------------------
info <general>: [display-info] make: 'AccuScene Corporation Ltd' model: 'ASLFHD'
info <general>: Found resolution 1920x1080 with 1920x1080 @ 60.000000 Hz
info <general>: Found resolution 1920x1080 with 1920x1080 @ 59.940063 Hz
info <general>: Found resolution 1280x720 with 1280x720 @ 60.000000 Hz
info <general>: Found resolution 1280x720 with 1280x720 @ 59.940063 Hz
info <general>: Found resolution 640x480 with 640x480 @ 60.000000 Hz

The limited number of resolutions/modes suggests to me that you're hooked up to a monitor? .. which is flagging some warnings about EDID data. Most devices flag some kind of EDID warning, but this is showing unusual ones for primaries/quantization which are related to colour .. and you're reporting weird colours.

If you connect the device to another HDMI device (ideally a normal TV) is anything different?

Quote from Grasshopper

How does invalid date get updated/corrected in crl?

It cannot be, hence the problem. The only way to avoid this is not fcuking up your certs with incorrect dates in the first place; then if or when you need to revoke them in the future the revoked certs have valid dates.

Thus the suggested workaround is to remove/disable the CRL function in the OpenVPN config. It's a bad workaround because CRLs have security purpose, but you have no alternative.

Quote from Can'tThinkOfOne

my home is MESHed and signals are decent so may not help.

MESH signal strength is decent when measured from devices that have good antenna's. RPi boards have rubbish antenna's so the assumption may be invalid. Lots of random issues magically go away when WiFi things are moved closer and/or people give up and move to an Ethernet connection.

The system log shows that Kodi starts before the network is up so background checks Kodi does on startup might prompt the "no route to host" error. WiFi connections are often slow to come up so you might need to increase the wait-for-network time in the LE settings add-on.

The connection manager (ConnMan) is configured to prefer Ethernet over WiFi, so if Ethernet is connected and the interface has an active IP address, Ethernet will be the default route. You can also have a WiFi connection active at the same time but this will have a lower interface priority and will not be marked as the default route.

Quote from Reddirt

I see this is a PIA issue so I contacted them. I found this issued has been around for some time so maybe it's time for them to correct it.

I'm not sure it will be fixable. The CRL function in OpenSSL is an important part of the overall SSL security scheme and the certs that were revoked have bad dates (it could even be the reason they were revoked) and preventing the use of revoked certs is normal and correct. However OpenSSL also validates the dates in the certs and thus (also correctly) shows an error. It probably requires a code change in OpenVPN to downgrade the cert error to a warning if the bad cert is a CRL cert, but that kind of change will be politically complicated to get made, and then you need to persuade distro maintainers to adopt an arguably weaker security configuration as the default for their OpenVPN package to not inconvenience only-PIA users. I would expect most maintainers to middle-finger the idea on principle, so I doubt that will ever happen (and PIA will know this, hence the inaction on the issue).

Wireguard is so much nicer than OpenVPN

I'd be interested to see the "pastekodi" output from an LE13 nightly 'Generic' image (not Generic-Legacy)

The problem is local to your network or hardware and is not a general issue. I'm highly confident of that due to a) using RPi4 and RPi5 boards myself to connect to a Synology NAS over Gbit Ethernet (both on the same Gbit switch) without issue, and b) the large number of daily active RPi4 installs and no other users reporting similar issues.

Suggestions:

• Update RPi4 firmwares
• Use different switch ports
• Use different cables
• Test an LE13 nightly

Quote from Reddirt

So if I understand this issue correctly would a clean install of LE13 with OpenSSL 3.5.0 solve this?

If the problem starts with OpenSSL 3.3.0 "and newer" and LE13 is running OpenSSL 3.5.0 .. then no.

Just edit the config and remove the offending <crl-verify> section.

No, because a) it's about ensuring 'correct' colour mapping via ICC profiles and has nothing to do with tonemapping colours on the OSD plane when the DRM connector is in HDR mode, b) we don't use Wayland.