RE: Porting in 2019 - a true journey

@advocatux said in Porting in 2019 - a true journey:

@wgarcia we have mailing lists but nobody uses them

Yes, nobody uses them because they are not promoted by the UBports core team. In the times of UbuntuTouch (Canonical) we have had very successful communication over the list ubuntu-phone@lists.launchpad.net (the list is even still active and from time to time I get mails from it or ask there for help).
When Canonical closed the "shop" and we moved to UBports, started this idea "we don't need mailing lists, we need this ongoing gaggle in the tg groups" which is not archived and not searchable and full of posts which have nothing to do with technical problems, full of jpegs/gifs/emotions etc. When we (wgarcia and I) tried to subscribe in December 2017 the list has even been moderated and subscription was a mess.

The forum here is better, at least archived and searchable. But one needs a browser and to be online, while mails could be read offline. I.e. the forum is far away from being as useful as a mailing list.

Just my humble opinion on this.

Matthias

I run a BQ E4.5 since March 2015 as my daily phone. Meanwhile, also my wife and my 11 years old son do. It has all the apps we need (Dekko, Telegram, browser, sms, phone calls, cam, uNav, ...) and, even more important, it is free of spy ware and phoning-home apps. I do not need FB and What's Ape and so I really do not miss them.

Matthias

@simplicissimax said in What are must have apps? Things you can do:

@guru Thank you for your reply! I'm afraid I don't have experience with chroot, but what I have read sounds promising Some questions remain, but I feel I should gain some experience before asking them here. I will experiment with this

Start reading here: https://gurucubano.gitbooks.io/bq-aquaris-e-4-5-ubuntu-phone/content/en/chapter27.html

I read the May update (as all other updates as well) ... interesting that it seems that they make a mobile version of the MUA Geary which I tested already on my FreeBSD laptop. In general, I think that we're far away from any delivery to us, the backers.

My new feature list for OTA 3:

• BQ E4.5 as core device (due to number of used devices)
• configureable UserAgent string for the browser
• Dekko: threaded view/deletion
• Dekko: correct display of attachments
• cursor movement keys in the OSK

Thx for the hard work to all of you.

matthias

To answer my own question:

root@ubuntu-phablet:/# apt-get install gcc
root@ubuntu-phablet:/# apt-get install libc-dev
root@ubuntu-phablet:/# apt-get install make

HIH

@tydell The tg app in UT does not support such groups. You have to use the web app for tg.

En general, I'd like to have a mailing list for technical discussions and not a tg group or a forum. But this does not seem to be the opinion of others here.

matthias

Maybe someone could make a table of all the good proposals or feature requests and we can all vote up/down the requests and have at the end a list what matters most.

Using GnuPG-card in the UbuntuPhone BQ E4.5:

Create a complete Linux system into ~phablet/myRoot/ :

phablet@ubuntu-phablet-bq:~$ mkdir myRoot 
phablet@ubuntu-phablet-bq:~$ cd myRoot 
phablet@ubuntu-phablet-bq:~$ sudo tar xzf ubports-touch.rootfs-xenial-armhf.tar.gz

phablet@ubuntu-phablet-bq:~$ sudo chroot myRoot/

Install additional packages into the Linux system:

root@ubuntu-phablet:/# apt-get install pinentry-curses
root@ubuntu-phablet:/# apt-get install pass
root@ubuntu-phablet:/# apt-get install libudev-dev
root@ubuntu-phablet:/# apt-get install gcc
root@ubuntu-phablet:/# apt-get install libc-dev
root@ubuntu-phablet:/# apt-get install make

compile in myRoot the following pieces (in the given order):

libgpg-error-1.33
libassuan-2.5.1
libksba-1.3.5
npth-1.6
libgcrypt-1.8.4
gnupg-2.2.12

always with ./configure && make && sudo make install; the software ends
up below /usr/local (which is /home/phablet/myRoot/usr/local when one looks from outside the chroot'ed phone system);

note: gpg2 is /usr/local/bin/gpg

Now from the phone system configure:

$ mkdir ~/.gnupg
$ chmod 0700 ~/.gnupg

$ cat .gnupg/gpg.conf
#
agent-program  /home/phablet/myRoot/usr/local/bin/gpg-agent

$ cat .gnupg/gpg-agent.conf 
pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses
scdaemon-program /home/phablet/myRoot/usr/local/libexec/scdaemon
log-file /home/phablet/gpg-agent.log
log-file /dev/null
debug-level guru
max-cache-ttl 10

Due to the nature of the installation in the chrooted system we
need small wrapper scripts to set PATH, LD_LIBRARY_PATH, ... and
other stuff;

$ cat ~/gpg.sh
#!/bin/sh
LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH
PATH=/home/phablet/myRoot/usr/local/bin:$PATH      export PATH
GNUPGHOME=/home/phablet/.gnupg    export GNUPGHOME
GPG_TTY=$(tty)                    export GPG_TTY
/home/phablet/myRoot/usr/local/bin/gpg-agent    \
            --homedir /home/phablet/.gnupg      \
            --daemon                            \
            --pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses
/home/phablet/myRoot/usr/local/bin/gpg-connect-agent /bye
/home/phablet/myRoot/usr/local/bin/gpg $*

run and create for test a keypair (later we want to use the GnuPG-card
for this)

$ ~/gpg.sh --full-generate-key
gpg-agent[2973]: enabled debug flags: mpi crypto memory cache memstat hashing ipc
gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
...

This starts the gpg-agent as:

$ ps ax | grep gpg-a
 2974 ?        Ss     0:00 /home/phablet/myRoot/usr/local/bin/gpg-agent --homedir /home/phablet/.gnupg --daemon --pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses

Now we can use the the pass command we installed in the chroot'es system with

$ cat pass.sh
#!/bin/sh
LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH
PATH=/home/phablet/myRoot/usr/local/bin:$PATH      export PATH
GNUPGHOME=/home/phablet/.gnupg    export GNUPGHOME
GPG_TTY=$(tty)                    export GPG_TTY
unset GPG_AGENT_INFO
/home/phablet/myRoot/usr/bin/pass $*

Init the pass storage as:

$ ./pass.sh init Matthias
Password store initialized for Matthias
web/bla: reencrypting to A62DCD2809AC14F6


$ find .password-store/
.password-store/
.password-store/.gpg-id

Insert some password for test:

$ ./pass.sh insert -m web/bla
Enter contents of web/bla and press Ctrl+D when finished:

password-bla
Username: guru

$ ./pass.sh web/bla

                 ┌────────────────────────────────────────────────────────────────┐
                 │ Please enter the passphrase to unlock the OpenPGP secret key:  │
                 │ "Matthias Apitz (test) <guru@sisis.de>"                        │
                 │ 2048-bit RSA key, ID 93A6FBF52FA76DB0,                         │
                 │ created 2017-09-22 (main key ID 3FECB79DDDA409E4).             │
                 │                                                                │
                 │                                                                │
                 │ Passphrase: ***_______________________________________________ │
                 │                                                                │
                 │         <OK>                                    <Cancel>       │
                 └────────────────────────────────────────────────────────────────┘
password-bla
Username: guru

We now can use gpg2 and pass directly in the phone to have always our secrets, PIN's etc. with us.

I have here two screen-shots, taken of the terminal-app: In the 1st I have typed in the command ./pass.sh web/foo asking for the (cleartext) values of web/foo (which could be your bank account, login credentials or whatever you can think of). The result visible in this screen (xxx yyy) is only shown after entering the passphrase to unlock your GnuPG secret key, see screen 2. The key is 4096 bits RSA. The key store remains 10 seconds (configurable) unlocked, after which you're asked again for the passphrase.

Matthias

@twinkybot I found an easy way to bring the BQ to the UNIX laptop screen to show something live; see the fotos. A small VGA cam is "mounted" into a lamp over the BQ.

In the most recent post of Kyle Rankin, Chief Security Officer of Purism https://puri.sm/posts/snitching-on-phones-that-snitch-on-you/ is a pointer to an investigation about the facts what iOS or Android phones are doing when you think they do nothing: they are phoning home to Google or Apple with a lot of your sensitive data, details here: https://www.scss.tcd.ie/doug.leith/apple_google.pdf

The fact that our beloved Ubuntu phones are running an Android kernel and some other stuff behind the Ubuntu shell let me ask: Does the Android in our phones does the same, at least in parts?

It seems on all my other BQ E4.5 which are still running the latest Canonical OTA-15 that there have been coming down this night an update to "Version37" and there is also some more rumor about this in the mailing-list ubuntu-phone@lists.launchpad.net

Ofc, this is nearly off-topic here, but maybe someone from Canonical or BQ is reading this and could shet a bit light on it...

Thx

matthias

1990: Give me UNIX or give me a typewriter.
2022: Give me an UBports phone or a Nokia 3310.

@cheniek said in How to hide/show my ID on phone calls?:

@guru Your suggestion has helped when I entered and "called" *31# my number has started to appear on receivers screens- is not Private anymore. Thank You!

These codes are the so called GSM-codes. The exact implementation maybe provider specific. When other mobile systems have some GUI feature to control this kind of function, I think they just fire up the same GSM-code.

Raised Percent :
100.51%

Something which comes into my thinking: the SMS is stored into a table on a sqllite database and if this allows triggers to fire...

Please elaborate about the near future and milestones of Dekko2. I do not see any progress for weeks. During the day I use the MUA on my FreeBSD laptops (mutt), when I'm on "the road" I do (or try to) use Dekko2 in my BQ E4.5. Due to its ongoing crashes and other issues (see the tracker) I'm forced to return to my M10 FHD which still runs the latest UT version of Canonical with the old Dekko

This situation is, at least for me, really a showstopper.

Thanks

Matthias

@bq4.5 said in Push your vendor:

Well as an owner of BQ E4.5, knowing that we wont get any support anymore other then for some bugs made by the new flashed ubport version. I have decided to go back to android till i see in the future an ubport software stable with more apps and the ability to install some work apps made only for ios or android and running on a high end phone.

Till then i wish you guys all the luck you need and till we meet again.

Hmmm, check the archives of the mailing list ubuntu-phone@lists.launchpad.net ; there have been reports of E4.5 users who switched to Android and came back crying. I, personally, would never switch to a system with proprietary apps which are phoning home and/or spying after you. When I would have to drop my BQ E4.5 I would rather go and buy and old Nokia 3310, or a Siemens S4, S10.

Matthias

Final step is getting support for the GnuPG-card to not have to key-in
longish passphrases with the OSK.

We need the 'pcscd' daemon.
Its build is a bit tricky because it must later, on start from outside the
chrooted syste, find the ccid driver.

We compile the following pieces inside the chroot'ed system in that order:

pcsc-lite-1.8.23
ccid-1.4.30

first we need some more packages:

phablet@ubuntu-phablet-bq:~$ sudo chroot myRoot
phablet@ubuntu-phablet-bq:~# su - phablet
phablet@ubuntu-phablet-bq:~$ sudo apt-get install libusb-dev
phablet@ubuntu-phablet-bq:~$ sudo apt-get install libusb-1.0-0-dev
phablet@ubuntu-phablet-bq:~$ sudo apt-get install pkg-config

now we make pcsc-lite-1.8.23 with the following options set on ./configure ...

phablet@ubuntu-phablet-bq:~$ cd pcsc-lite-1.8.23
phablet@ubuntu-phablet-bq:~/pcsc-lite-1.8.23$ ./configure --enable-usbdropdir=/home/phablet/myRoot/usr/local/lib/pcsc/drivers --enable-confdir=/home/phablet/myRoot/etc/reader.conf.d --disable-libsystemd

...
PC/SC lite has been configured with following options:

Version:             1.8.23
System binaries:     /usr/local/sbin
Configuration dir:   /usr/local/etc/reader.conf.d


Host:                armv7l-unknown-linux-gnueabihf
Compiler:            gcc
Preprocessor flags:  -I${top_srcdir}/src
Compiler flags:      -Wall -fno-common -g -O2
Preprocessor flags:  -I${top_srcdir}/src
Linker flags:
Libraries:           -ldl  -lrt

PTHREAD_CFLAGS:      -pthread
PTHREAD_LIBS:
PCSC_ARCH:           Linux

pcscd binary            /usr/local/sbin/pcscd
polkit support:         no
polkit policy dir:
libudev support:        yes
libusb support:         no
USB drop directory:     /home/phablet/myRoot/usr/local/lib/pcsc/drivers
ATR parsing messages:   false
ipcdir:                 /var/run/pcscd
use serial:             yes
use usb:                yes
systemd unit directory: /lib/systemd/system
serial config dir.:     /home/phablet/myRoot/etc/reader.conf.d
filter:                 no

PCSCLITE_FEATURES:       Linux armv7l-unknown-linux-gnueabihf serial usb libudev usbdropdir=/home/phablet/myRoot/usr/local/lib/pcsc/drivers ipcdir=/var/run/pcscd configdir=/home/phablet/myRoot/etc/reader.conf.d

checking that generated files are newer than configure... done
...

phablet@ubuntu-phablet-bq:~/pcsc-lite-1.8.23$ make
phablet@ubuntu-phablet-bq:~/pcsc-lite-1.8.23$ make install

ok, now the 'ccid' driver, installed (copied) to be seen by the daemon:

phablet@ubuntu-phablet-bq:~$ cd ccid-1.4.30
phablet@ubuntu-phablet:~/ccid-1.4.30$ ./configure -enable-usbdropdir=/home/phablet/myRoot/usr/local/lib/pcsc/drivers
...
libccid has been configured with following options:

Version:             1.4.30
User binaries:       /usr/local/bin
Configuration files: /usr/local/etc


Host:                armv7l-unknown-linux-gnueabihf
Compiler:            gcc
Preprocessor flags:
Compiler flags:      -g -O2
Preprocessor flags:
Linker flags:
Libraries:

PCSC_CFLAGS:         -pthread -I/usr/local/include/PCSC
PCSC_LIBS:           -L/usr/local/lib -lpcsclite
PTHREAD_CFLAGS:      -pthread
PTHREAD_LIBS:
BUNDLE_HOST:         Linux
DYN_LIB_EXT:         so
LIBUSB_CFLAGS:       -I/usr/include/libusb-1.0
LIBUSB_LIBS:         -lusb-1.0
SYMBOL_VISIBILITY:   -fvisibility=hidden
NOCLASS:

libusb support:          yes
composite as multislot:  no
multi threading:         yes
bundle directory name:   ifd-ccid.bundle
USB drop directory:      /home/phablet/myRoot/usr/local/lib/pcsc/drivers
serial Twin support:     no
serial twin install dir: /home/phablet/myRoot/usr/local/lib/pcsc/drivers/serial
serial config directory: /home/phablet/myRoot/etc/reader.conf.d
compiled for pcsc-lite:  yes
syslog debug:            no
class driver:            yes

...

phablet@ubuntu-phablet:~/ccid-1.4.30$ make
phablet@ubuntu-phablet:~/ccid-1.4.30$ sudo make install

the driver libccid.so and its control file Info.plist ended up as configured:

phablet@ubuntu-phablet:~$ find /home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/
/home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/
/home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux
/home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
/home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist

but if we rund the daemon from outside the chrooted system, it must be in
/usr/local/lib/pcsc/drivers/ifd-ccid.bundle because /home/phablet/myRoot gets
added in front; so we copy them over to the correct place:

phablet@ubuntu-phablet:~$ sudo mkdir -p /usr/local/lib/pcsc/drivers/ifd-ccid.bundle
phablet@ubuntu-phablet:~$ sudo cp -rp /home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents /usr/local/lib/pcsc/drivers/ifd-ccid.bundle
phablet@ubuntu-phablet:~$ find /usr/local/lib/pcsc/drivers/ifd-ccid.bundle
/usr/local/lib/pcsc/drivers/ifd-ccid.bundle
/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents
/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux
/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist

from outside the chrooted system we can now start the daemon as:

$ sudo /home/phablet/myRoot/usr/local/sbin/pcscd --foreground --debug | tee pcscd.log

and check the log file pcscd.log to see if it sees the card attaching;

Now we start in the phone the pcscd daemon as:

$ sudo /home/phablet/myRoot/usr/local/sbin/pcscd
$ ps ax | grep pcscd
31669 pts/53   Sl     0:00 /home/phablet/myRoot/usr/local/sbin/pcscd

to restart the pcscd after device reboot we put the above line into
a small script ~phablet/pcscd.sh; this script allows to start and stop the daemon:

$ ./pcscd.sh 
[sudo] password for phablet: 
started pcscd pid 9187

$ ./pcscd.sh 
killing pcscd pid 9187

its logic is simple:

$ cat ./pcscd.sh 
#!/bin/sh
  
# if pcscd is running, we only kill it, else we start it
#
test -f /run/pcscd/pcscd.pid &&  {
    echo killing pcscd pid `cat /run/pcscd/pcscd.pid`
    sudo kill `cat /run/pcscd/pcscd.pid`
    rm -f /run/pcscd/pcscd.pid
    exit 0
}
sudo /home/phablet/myRoot/usr/local/sbin/pcscd --auto-exit
test -f /run/pcscd/pcscd.pid && echo started pcscd pid `cat /run/pcscd/pcscd.pid`

We can now run the gpg --card-status to see if it finds the card on attach:

$ ./gpg.sh --card-status
Reader ...........: Identiv uTrust 3512 SAM slot Token [CCID Interface] (55511514602745) 00 00
Application ID ...: D27600012401020100050000532B0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 0000532B
Name of cardholder: Matthias Apitz
Language prefs ...: en
Sex ..............: unspecified
URL of public key : http://www.unixarea.de/ccid--export-key-guru.pub
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 457
Signature key ....: 5E69 FBAC 1618 562C B3CB  FBC1 47CC F7E4 76FE 9D11
      created ....: 2017-05-14 18:20:07
Encryption key....: EB62 00DA 13A1 9E80 679B  1A13 61F1 ECB6 25C9 A6C3
      created ....: 2017-05-14 18:20:07
Authentication key: E51D D2D6 C727 35D6 651D  EA4B 6AA5 C5C4 51A1 CD1C
      created ....: 2017-05-14 18:20:07
General key info..: [none]

We rename ~/.gnupg (to save the *.conf files) and copied over from my
real netbook the ~/.password-store and the key material for the GnuPG-card;

phablet@ubuntu-phablet:~$ mv .gnupg .gnupg-localkey
phablet@ubuntu-phablet:~$ mv .password-store .password-store-localkey
phablet@ubuntu-phablet:~$ mkdir .password-store
phablet@ubuntu-phablet:~$ chmod 0700 .password-store

from the host:

$ scp -rp .gnupg-ccid     phablet@10.42.0.1:.
$ scp -rp .password-store phablet@10.42.0.1:.

phablet@ubuntu-phablet:~$ mv .gnupg-ccid .gnupg
phablet@ubuntu-phablet:~$ cp -p .gnupg-localkey/*.conf .gnupg

let's see if ./pass.sh can unlock the card (via the gpg-agent) and decipher the
crypted information:

$ ./pass.sh cards/cuba

                          ┌─────────────────────────────────────────────┐
                          │ Please insert the card with serial number:  │
                          │                                             │
                          │ 0005 0000532B                               │
                          │                                             │
                          │      <OK>                       <Cancel>    │
                          └─────────────────────────────────────────────┘

                          ┌──────────────────────────────────────────────┐
                          │ Please unlock the card                       │
                          │                                              │
                          │ Number: 0005 0000532B                        │
                          │ Holder: Matthias Apitz                       │
                          │                                              │
                          │ PIN ________________________________________ │
                          │                                              │
                          │      <OK>                        <Cancel>    │
                          └──────────────────────────────────────────────┘

4711
$

on the 2nd run it does not need anymore the PIN:

$ ./pass.sh askubuntu.com/guru@unixarea.de
4711

i.e. all is fine! The OpenPGP card remains unlocked until power-off, i.e.
until withdraw the card.

Could you please address the WPA2 security issue. Thanks

matthias