Redmine: Issueshttp://redmine.audacious-media-player.org/http://redmine.audacious-media-player.org/welcome/favicon.ico?15159353402013-09-05T23:05:21ZRedmine
Redmine Audacious - Bug #343 (Closed): Scrobbler refuses last.fm certificate if built with GnuTLShttp://redmine.audacious-media-player.org/issues/3432013-09-05T23:05:21ZLuís PicciochiPitxyoki@Gmail.com
<p>So, it appears that last.fm has updated its https certificate.<br />Until distributions update their recognised CAs (<a class="external" href="http://packages.debian.org/ca-certificates">http://packages.debian.org/ca-certificates</a> ?), the scrobbler is unable to connect, as the certificate is deemed invalid.<br />At least Debian testing is suffering from this.</p>
I haven't chosen a solution yet. Possibilities thought of thus far:
<ul>
<li>Allow the user to say he doesn't care if the certificate is invalid, and connect anyway.
<ul>
<li>This is possibly the worst solution. The scrobbling URL is not configurable, and so we only connect to last.fm's https address. If the certificate is untrusted, a connection to that address should never established.</li>
</ul>
</li>
<li>Allow the user to select whether to connect using https or http.</li>
<li>Allow the user to select whether to connect using https, with possibility of fallback to http, in case the https connection is not possible.</li>
</ul>
<p>Any of these is sub-optimal, as using plain http leaves the user subject to replay attacks if his traffic is sniffed.</p>
<p>The best solution would be if the certificate was good and recognised by the distro(s).<br />It might be necessary to investigate this further with last.fm and/or to annoy the distros' packagers of CA certificates for this to be correctly addressed.</p>
<pre>
$ wget https://last.fm
--2013-09-05 22:04:53-- https://last.fm/
Resolving last.fm (last.fm)... 195.24.232.203
Connecting to last.fm (last.fm)|195.24.232.203|:443... connected.
ERROR: The certificate of `last.fm' is not trusted.
ERROR: The certificate of `last.fm' hasn't got a known issuer.
$ openssl s_client -showcerts -connect last.fm:443
CONNECTED(00000003)
depth=0 OU = Domain Control Validated, CN = *.last.fm
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = *.last.fm
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, CN = *.last.fm
verify error:num=21:unable to verify the first certificate
verify return:1
---
(...)
---
Server certificate
subject=/OU=Domain Control Validated/CN=*.last.fm
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2
---
(...)
Verify return code: 21 (unable to verify the first certificate)
</pre> Audacious - Bug #285 (Rejected): "Now playing" is only sent when tracks starts to playhttp://redmine.audacious-media-player.org/issues/2852013-04-28T14:13:14ZLuís PicciochiPitxyoki@Gmail.com
<ol>
<li>Play track: now playing is sent</li>
<li>Pause track: now playing stays at the site for the length of the song</li>
<li>Stay paused for, say, one hour.</li>
<li>Resume track: now playing is <strong>not</strong> re-sent</li>
</ol>
<p>Also, when starting Audacious in "paused mode", no "now playing" is sent.</p>
<p>Fix: we can send "now playing"s on resume with the track length that's remaining to be played.</p> Audacious - Bug #271 (Closed): configure.ac depends on PKG_CHECK_VARhttp://redmine.audacious-media-player.org/issues/2712013-03-27T01:52:15ZLuís PicciochiPitxyoki@Gmail.com
<p>The audacious-plugins configure.ac script depends on PKG_CHECK_VAR:<br /><pre>$ grep -n PKG_CHECK_VAR configure.ac
1062:PKG_CHECK_VAR([plugindir], [audacious], [plugin_dir], [], [AC_MSG_ERROR([Cannot retrieve plugin_dir pkgconfig variable])])</pre></p>
<p>However, this macro is only available starting at pkg-config 0.28 (<a href="http://lists.freedesktop.org/archives/pkg-config/2013-January/000912.html" class="external">release notes here</a>).</p>
<p>Either increase the dependency on pkg-config (currently at 2.59) or don't use this macro.<br />As a workaround, I defined the macro locally (ripped from the <a href="http://cgit.freedesktop.org/pkg-config/commit/?id=5b463c927b6caeb332bb147572ea82b1650ceb7d" class="external">upstream commit</a>). I'm not sure if we want to do this even if only when it's not provided by the installed pkg-config.<br /><pre>
$ git diff configure.ac
diff --git a/configure.ac b/configure.ac
index 0d0f839..db28962 100644
--- a/configure.ac
+++ b/configure.ac
@@ -22,6 +22,16 @@ AUD_COMMON_PROGS
BUILDSYS_INIT
BUILDSYS_SHARED_LIB
+ AC_DEFUN([PKG_CHECK_VAR],
+ [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+ AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+ _PKG_CONFIG([$1], [variable="][$3]["], [$2])
+ AS_VAR_COPY([$1], [pkg_cv_][$1])
+ AS_VAR_IF([$1], [""], [$5], [$4])dnl
+ ])# PKG_CHECK_VAR
+
dnl Headers and functions
dnl =====================
AC_CHECK_FUNCS([mkdtemp])
</pre></p> Audacious - Feature #264 (Rejected): Hold back scrobbles when the daily limit is exceededhttp://redmine.audacious-media-player.org/issues/2642013-03-03T01:14:00ZLuís PicciochiPitxyoki@Gmail.com
<p>A track might not be scrobbled due to "daily scrobble limit exeeded".<br />This message comes on the ignoredMessage attribute, inside the XML of the response.<br />We are not dealing with this case currently and are losing that scrobble.</p> Audacious - Feature #263 (Closed): Migration from the old pluginhttp://redmine.audacious-media-player.org/issues/2632013-03-03T01:12:54ZLuís PicciochiPitxyoki@Gmail.com
<p>Support automatic migration from the old scrobbler plugin:</p>
<ul>
<li>import scrobbles from the old scrobble queue;</li>
<li>get a session key from the saved user/password on the old settings</li>
</ul>
<p>See <a class="external" href="http://www.last.fm/forum/21716/_/656492">http://www.last.fm/forum/21716/_/656492</a></p> Audacious - Bug #262 (Rejected): Scrobbler 2.0 may re-scrobble tracks when starting Audacious in ...http://redmine.audacious-media-player.org/issues/2622013-03-03T01:11:53ZLuís PicciochiPitxyoki@Gmail.com
<p>When starting Audacious, if a track is paused, we can scrobble a track even if was already scrobbled before.</p>
<p>This needs to be further investigated to find possible solutions.</p> Audacious - Feature #261 (Closed): Scrobbler 2.0 plugin doesn't scrobble "Listening now"http://redmine.audacious-media-player.org/issues/2612013-03-03T01:10:45ZLuís PicciochiPitxyoki@Gmail.comAudacious - Feature #260 (Rejected): Scrobble up to 50 old, cached tracks in a rowhttp://redmine.audacious-media-player.org/issues/2602013-03-03T01:09:47ZLuís PicciochiPitxyoki@Gmail.com
<p>All scrobbles in the scrobble.log should be sent in a single request.<br />If the log contains more than 50 tracks, send them 50 at a time.</p>
<p>This also implies further interpreting the results received from last.fm. See <a class="external" href="http://www.last.fm/api/show/track.scrobble">http://www.last.fm/api/show/track.scrobble</a>. Tracks ignored because the daily scrobble limit was exceeded (ignoredMessage code="5") should be kept and retried later.</p> Audacious - Feature #189 (Closed): New Scrobbler 2.0http://redmine.audacious-media-player.org/issues/1892012-10-03T01:16:28ZLuís PicciochiPitxyoki@Gmail.com
<p>Hi,</p>
<p>This has been a long-time project of mine. Finally I had the time to implement it and well, it's (almost) done now. :-)<br />You can get it at <a class="external" href="https://github.com/Pitxyoki/audacious-plugins/">https://github.com/Pitxyoki/audacious-plugins/</a>. The source for the plugin itself is at src/scrobbler2.</p>
<ul>
<li>The plugin uses version 2.0 of the scrobbling API, which means no more username/password stored in plaintext on the config file (a revokable session key is stored instead).</li>
<li>Man-in-the-middle/impersonation attacks are a bit more difficult now, though unfortunately this API still has some security flaws. I think we're better with this than we were with the previous version anyway.</li>
<li>Configuration is now easier too. You only have to click a button, go to your last.fm profile, give permission to Audacious and tell it to re-check permissions.</li>
</ul>
<p>I've been using it myself since the last weeks without issues.</p>
Some relevant things to be done before getting it pulled to Audacious:
<ol>
<li>I'm not sure if the configuration window is easy to understand. I did it with a single button (see attachments for the complete flow) - it is simple, but I'm not sure if it isn't <em>excessively</em> simple now. What do you think?</li>
<li>I saw on other plugins that functions like vfs_fopen, vfs_fclose, etc, from libaudcore/vfs.h are used for file manipulation. Should I be using that for handling the scrobble.log instead of the native fopen/fclose? The scrobble.log is a file on the user's config folder and is only written when a new track is ready to be scrobbled and after a track has been scrobbled, like the old scrobblequeue.txt.</li>
<li>I'm not sure where and how to put licensing information. Should each source file mention it? I don't mind the license to be GPLv3 and I'd like to keep a mention on the plugin's source files that I am the initial author. Is there a "standard" way of doing this for Audacious' plugins? Each plugin seems to do it on its own way.</li>
<li>I did <strong>not</strong> test playing Internet streams. There is probably a regression to the current plugin on this.</li>
</ol>
<p>There are other minor features remaining to be implemented. You can see them on github: <a class="external" href="https://github.com/Pitxyoki/audacious-plugins/issues/">https://github.com/Pitxyoki/audacious-plugins/issues/</a>.</p>
<p>With that said, I'd like to know what you think of the current state of the plugin. Is there anything else you'd like to see improved before pulling it? I'm open to criticism. :)</p>
<p>Best regards,<br />Luís Picciochi</p> Audacious - Bug #124 (Closed): A declared dependency version of cdaudio-ng seem to be incorrecthttp://redmine.audacious-media-player.org/issues/1242012-06-10T02:55:22ZLuís PicciochiPitxyoki@Gmail.com
<p>The configure.ac file states that the minimum required version of libcdio is 0.70, but when compiling, the cdio/cdio_unconfig.h file seems to be needed.<br />This file is not available at least until version 0.81 of the libcdio-dev package (in Debian). After installing version 0.83, everything went fine.</p>
<p>Attached is additional info on what I saw when trying to compile and what I did to fix it.<br />Also attached is a simple patch to fix this issue. I only increased the requirement for the relevant dependency. Probably the other, libcd*-related ones should also be increased but I'm not sure of that.</p>
<p>Best regards,<br />Pitxyoki</p>