Re: dell latitude 3510 - bios settings to boot debian netinst

[tomas]

On Fri, Jan 20, 2023 at 03:18:31PM -0500, Jeffrey Walton wrote:
> On Fri, Jan 20, 2023 at 10:35 AM Russell L. Harris  
> wrote:
> >
> > On Fri, Jan 20, 2023 at 12:28:21PM +, Andrew M.A. Cater wrote:
> > > [...]
> > >How did you create the flash device - what command did you use?
> >
> > After downloading the official netinst iso image, I copied it to the
> > flash stick (I routinely do netinst of Debian):
> >
> > # cp debian-11.6.0-i386-netinst.iso /dev/sdb
> > # sync
> 
> I believe you should use dd to preserve the physical layout of the ISO file.

No. Cp is fine. There are good reasons to use dd (for one, you do have
to do `sync' after cp and wait until that returns, this is one risk
of getting a short copy, whereas you can tell dd to work synchronously;
for another, you can tell sync to show you a progress indicator).

But the result is identical. You can also use cat.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: user accounts in docker group

[Yongun Seong]

On 1/21/23 12:42, L L wrote:
> The banner at the top of https://wiki.debian.org/Docker
>  says:
>
> "The Docker daemon has setUID root, and by design allows easy access as root 
> to
> the host filesystem. This makes it trivial for a malicious user to read and
> alter sensitive system files, or for a careless user to allow a malicious
> containerized app to do so. Access to Docker commands effectively grants full
> root power."
>
> I'm trying to test this. I put my own user account in the docker group (and 
> can
> execute docker commands with it).
>
> Then I tried to see if I can use Docker to write a file to a root-owned
> directory without using sudo or su. I used these commands:
> docker run debian -dit /bin/bash#start a container
> docker cp /home/me/some-file container-id:/some-file#put a file into the
> container
> docker cp container-id:/some-file /etc/some-file#copy the file from 
> the
> container into somewhere I shouldn't be able to write to
>
> I got:
> open /etc/some-file: permission denied
>
> Is the wiki out of date and it's completely safe to have user accounts in the
> docker group?
> Is the wiki correct but I'm exploiting group membership wrong?

I would try something like

   docker run -v /:/host -it debian

Which I expect would give you root access to the "host" system inside
the container, under /host.

Re: partition appears to be mounted, but not according to umount or lsblk

[tomas]

On Fri, Jan 20, 2023 at 09:19:16AM +, thyme after thyme wrote:
> 
> Charles and tomas, you were both right in your guesses. Thanks a billion
> for the help!

Glad you found it :)

Cheers
-- 
t


signature.asc
Description: PGP signature

user accounts in docker group

[L L]

The banner at the top of https://wiki.debian.org/Docker says:

"The Docker daemon has setUID root, and by design allows easy access as
root to the host filesystem. This makes it trivial for a malicious user to
read and alter sensitive system files, or for a careless user to allow a
malicious containerized app to do so. Access to Docker commands effectively
grants full root power."

I'm trying to test this. I put my own user account in the docker group (and
can execute docker commands with it).

Then I tried to see if I can use Docker to write a file to a root-owned
directory without using sudo or su. I used these commands:
docker run debian -dit /bin/bash#start a container
docker cp /home/me/some-file container-id:/some-file#put a file into
the container
docker cp container-id:/some-file /etc/some-file#copy the file from
the container into somewhere I shouldn't be able to write to

I got:
open /etc/some-file: permission denied

Is the wiki out of date and it's completely safe to have user accounts in
the docker group?
Is the wiki correct but I'm exploiting group membership wrong?

Re: Postfix fails after upgrade from bullseye to bookworm

[Charles Curley]

On Fri, 20 Jan 2023 21:30:22 +0100
Sven Joachim  wrote:

> Wow.  Looking into the BTS, I found bug #895089[1], changed "c_rehash"
> to "openssl rehash" in /usr/lib/postfix/configure-instance.sh as
> recommended there, and now "systemctl restart postfix.service"
> completes in two seconds!

A similar major improvement for me.

root@white:~# time systemctl restart postfix.service

real0m18.389s
user0m0.081s
sys 0m0.059s
root@white:~# 

vs.

root@white:~# time systemctl restart postfix.service

real4m10.833s
user0m0.081s
sys 0m0.062s
root@white:~# 

Thank you, Sven, for pursuing this.

The patch has been committed, and should be in the pipeline.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Postfix fails after upgrade from bullseye to bookworm

[Max Nikulin]

On 21/01/2023 01:55, Charles Curley wrote:


root@white:~# ps aux | grep -i openssl
root  4586  5.8  0.9   8256  2064 pts/3S+   11:48   0:00 grep 
--colour=auto -i openssl
root  4587  150  2.1     4720 ?R11:48   0:00 
/usr/bin/openssl x509 -subject_hash_old -fingerprint -noout -in 
QuoVadis_Root_CA_2.pem

...> I have no idea what that's about. Maybe someone with SSL experience can

chime in here?


Delays related to cryptography may be caused by lack of entropy. You may 
try to check


cat /proc/sys/kernel/random/entropy_avail

and

ls -l /proc//fs

when such delay happens. Some network activity may increase entropy 
enough to unblock reading random bytes. If my guess is correct then the 
issue may be alleviated by installing the haveged package. VMs are 
affected more than hosts.

Re: Postfix fails after upgrade from bullseye to bookworm

[Charles Curley]

On Fri, 20 Jan 2023 21:30:22 +0100
Sven Joachim  wrote:

> Wow.  Looking into the BTS, I found bug #895089[1], changed "c_rehash"
> to "openssl rehash" in /usr/lib/postfix/configure-instance.sh as
> recommended there, and now "systemctl restart postfix.service"
> completes in two seconds!
> 
> Will follow up on the bug ASAP, if nobody beats me to it.

Fix and everything. Nice! Good work, thank you.

I'll apply the fix later and see what it does on my sclerotic anemic
686 box.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: dell latitude 3510 - bios settings to boot debian netinst

[David]

On Sat, 21 Jan 2023 at 07:19, Jeffrey Walton  wrote:
> On Fri, Jan 20, 2023 at 10:35 AM Russell L. Harris  
> wrote:
> > On Fri, Jan 20, 2023 at 12:28:21PM +, Andrew M.A. Cater wrote:

> > # cp debian-11.6.0-i386-netinst.iso /dev/sdb
> > # sync
>
> I believe you should use dd to preserve the physical layout of the ISO file.

The command run by OP is exactly as instructed in the Debian Installation Guide.
  https://www.debian.org/releases/bullseye/amd64/ch04s03.en.html
Section 4.3.1.

Re: dell latitude 3510 - bios settings to boot debian netinst

[David]

On Sat, 21 Jan 2023 at 02:35, Russell L. Harris  wrote:
> On Fri, Jan 20, 2023 at 12:28:21PM +, Andrew M.A. Cater wrote:
> >On Fri, Jan 20, 2023 at 05:23:06AM +, Russell L. Harris wrote:
> >> On Thu, Jan 19, 2023 at 10:18:33PM -0600, David Wright wrote:
> >> > On Fri 20 Jan 2023 at 03:43:09 (+), Russell L. Harris wrote:

> >> > > I have not figured out how to configure the BIOS of a Dell Latitude
> >> > > 3510 to cause it to see and boot from a Debian netinst image (Debian
> >> > > 11) written to USB flash (8Gbyte Patriot).

> >> The problem is that the "one-time menu" does not include the flash
> >> device.

> >How did you create the flash device - what command did you use?

> After downloading the official netinst iso image, I copied it to the
> flash stick (I routinely do netinst of Debian):

> # cp debian-11.6.0-i386-netinst.iso /dev/sdb
> # sync

A *-i386-netinst.iso file is for a 32 bit CPU.

Dell Latitude 3510 uses a 64 bit CPU, so you should use
a *-amd64-netinst.iso. The "amd" in the name refers to the
CPU architecture, not the chip manufacturer.

You could try the file available from here:
https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/11.6.0+nonfree/amd64/iso-cd/

That image includes non-free firmware which might be required
by your hardware, which could avoid you having to deal with
other annoyances. Alternatively an image file without that firmware
is available here:
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/

Re: Postfix fails after upgrade from bullseye to bookworm

[Sven Joachim]

On 2023-01-20 21:11 +0100, Sven Joachim wrote:

> On 2023-01-20 20:45 +0100, Sven Joachim wrote:
>
>> My hunch is that postfix recomputes all the hashes in
>> /var/spool/postfix/etc/ssl/certs, rather than copying the files from the
>> host system into the chroot which would be a lot faster.
>
> For those who want to dig deeper, /usr/lib/postfix/configure-instance.sh
> is the (Debian-specific) script which sets up the chroot.  Surely it
> should not recompute all the hashes every time postfix is restarted, but
> apparently it does so at least on Charles' and my system.

Wow.  Looking into the BTS, I found bug #895089[1], changed "c_rehash"
to "openssl rehash" in /usr/lib/postfix/configure-instance.sh as
recommended there, and now "systemctl restart postfix.service" completes
in two seconds!

Will follow up on the bug ASAP, if nobody beats me to it.

Cheers,
   Sven


1. https://bugs.debian.org/895089

Re: dell latitude 3510 - bios settings to boot debian netinst

[Jeffrey Walton]

On Fri, Jan 20, 2023 at 10:35 AM Russell L. Harris  wrote:
>
> On Fri, Jan 20, 2023 at 12:28:21PM +, Andrew M.A. Cater wrote:
> > [...]
> >How did you create the flash device - what command did you use?
>
> After downloading the official netinst iso image, I copied it to the
> flash stick (I routinely do netinst of Debian):
>
> # cp debian-11.6.0-i386-netinst.iso /dev/sdb
> # sync

I believe you should use dd to preserve the physical layout of the ISO file.

https://www.google.com/search?q=how+to+use+dd+to+copy+iso+to+thumb+drive

Jeff

Re: Postfix fails after upgrade from bullseye to bookworm

[Christoph Brinkhaus]

Am Fri, Jan 20, 2023 at 08:28:10PM +0100 schrieb Sven Joachim:
> On 2023-01-20 13:39 -0500, Greg Wooledge wrote:
> 
> > On Fri, Jan 20, 2023 at 07:17:37PM +0100, Sven Joachim wrote:

Hello Community,

> >> It seems that postfix's startup time has greatly regressed, on my laptop
> >> there are very long delays both at boot:
> >>
> >> ,
> >> | $ systemd-analyze blame | head -n1
> >> | 33.340s postfix@-.service
> >> `
> >
> > A delay that's a multiple of 30 seconds is very often a DNS lookup
> > failure.  I would imagine your postfix configuration is trying to
> > perform a DNS lookup on some hostname or other, and that this is
> > happening before you're actually "online", for whatever definition of
> > "online" is relevant here.
> 
> That should be NetworkManager-wait-online.service.  In the logs I see
> that systemd starts the postfix service directly after reaching
> network-online.target, as it is supposed to do.  The mystery is why it
> takes another 30+ seconds before any messages from postfix itself appear
> in the logs.
> 
> > That's a total guess, though.  Find your logfiles and read them to see
> > what's actually going on.
> 
> Here is what I see in the journal when I restart postfix.service:
> 
> ,
> | Jan 20 20:16:06 myhost postfix/postfix-script[1470]: stopping the Postfix 
> mail system
> | Jan 20 20:16:06 myhost postfix/master[1307]: terminating on signal 15
> | Jan 20 20:16:06 myhost systemd[1]: postfix@-.service: Deactivated 
> successfully.
> | Jan 20 20:16:06 myhost systemd[1]: Stopped Postfix Mail Transport Agent 
> (instance -).
> | Jan 20 20:16:06 myhost systemd[1]: postfix@-.service: Consumed 36.372s CPU 
> time.
> | Jan 20 20:16:06 myhost systemd[1]: Starting Postfix Mail Transport Agent 
> (instance -)...
> | Jan 20 20:16:41 myhost postfix[1800]: Postfix is using backwards-compatible 
> default settings
> | Jan 20 20:16:41 myhost postfix[1800]: See 
> http://www.postfix.org/COMPATIBILITY_README.html for details
> | Jan 20 20:16:41 myhost postfix[1800]: To disable backwards compatibility 
> use "postconf compatibility_level=3.6" and "pos\
> | tfix reload"
> | Jan 20 20:16:42 myhost postfix/postfix-script[2026]: starting the Postfix 
> mail system
> | Jan 20 20:16:42 myhost postfix/master[2028]: daemon started -- version 
> 3.7.3, configuration /etc/postfix
> | Jan 20 20:16:42 myhost systemd[1]: Started Postfix Mail Transport Agent 
> (instance -).
> | Jan 20 20:16:42 myhost systemd[1]: Starting Postfix Mail Transport Agent...
> | Jan 20 20:16:42 myhost systemd[1]: Finished Postfix Mail Transport Agent.
> `

I have observed something comparable, but with fetchmail for email 
and unbound as a dns resover. Both are started by systemd at almost
the same time. But it takes some time for unbound to fetch keys and so
on. Before unbound is really ready fetchmail has started its first
poll, but without success because the mail servers ip could not be
resolved.

I am only a hobbyist. But may be something similar is happening in the
discussed issue. May be it is worth to have a look how the dns lookup
is set up and how it is starting.

Please just ignore be if this proposal makes no sense.
At work I am no admin :-).

> I have left nothing out, so WTH is postfix waiting for in these 35
> seconds?
> 
> Cheers,
>Sven

BTW: I have resolved my issue by starting fetchmail via systemd by a
wrapper script which probes the dns resolution of the mail server
before starting fetchmail.

Kind regards,
Christoph
-- 
Ist die Katze gesund
schmeckt sie dem Hund.

Re: Postfix fails after upgrade from bullseye to bookworm

[Sven Joachim]

On 2023-01-20 20:45 +0100, Sven Joachim wrote:

> On 2023-01-20 11:55 -0700, Charles Curley wrote:
>
>> On Fri, 20 Jan 2023 19:17:37 +0100
>> Sven Joachim  wrote:
>>
>>> Clearly something fishy is going on here.
>>
>> I concur. What I saw with htop was a slew of calls to SSL. Here's
>> a sample of what it was doing. It is a processor hog.
>>
>> root@white:~# ps aux | grep -i openssl
>> root  4586  5.8  0.9   8256  2064 pts/3S+   11:48   0:00 grep 
>> --colour=auto -i openssl
>> root 4587 150 2.1  4720 ?  R 11:48 0:00 /usr/bin/openssl x509
>> -subject_hash_old -fingerprint -noout -in QuoVadis_Root_CA_2.pem
>
> Indeed I see many calls to openssl in top, apparently they are children
> of a single c_rehash process.  CPU load is low here, though (2-3 %).
>
>> I have no idea what that's about. Maybe someone with SSL experience can
>> chime in here?
>
> My hunch is that postfix recomputes all the hashes in
> /var/spool/postfix/etc/ssl/certs, rather than copying the files from the
> host system into the chroot which would be a lot faster.

For those who want to dig deeper, /usr/lib/postfix/configure-instance.sh
is the (Debian-specific) script which sets up the chroot.  Surely it
should not recompute all the hashes every time postfix is restarted, but
apparently it does so at least on Charles' and my system.

Cheers,
   Sven

Re: Postfix fails after upgrade from bullseye to bookworm

[Jeffrey Walton]

On Fri, Jan 13, 2023 at 11:37 AM Charles Curley
 wrote:
>
> I upgraded an i386 machine from bullseye to bookworm. Postfix now
> refuses to run.
>
> root@white:/var/spool# systemctl start postfix@-.service
> Job for postfix@-.service failed because a timeout was exceeded.
> See "systemctl status postfix@-.service" and "journalctl -xeu 
> postfix@-.service" for details.
> root@white:/var/spool# systemctl status postfix@-.service
> × postfix@-.service - Postfix Mail Transport Agent (instance -)
>  Loaded: loaded (/lib/systemd/system/postfix@.service; enabled-runtime; 
> preset: enabled)
>  Active: failed (Result: timeout) since Fri 2023-01-13 07:55:51 MST; 17s 
> ago
>Docs: man:postfix(1)
> Process: 5170 ExecStartPre=/usr/lib/postfix/configure-instance.sh - 
> (code=killed, signal=TERM)
> CPU: 1min 29.456s
>
> Jan 13 07:54:21 white systemd[1]: Starting Postfix Mail Transport Agent 
> (instance -)...
> Jan 13 07:55:51 white systemd[1]: postfix@-.service: start-pre operation 
> timed out. Terminating.
> Jan 13 07:55:51 white systemd[1]: postfix@-.service: Control process exited, 
> code=killed, status=15/TERM
> Jan 13 07:55:51 white systemd[1]: postfix@-.service: Failed with result 
> 'timeout'.
> Jan 13 07:55:51 white systemd[1]: Failed to start Postfix Mail Transport 
> Agent (instance -).
> Jan 13 07:55:51 white systemd[1]: postfix@-.service: Consumed 1min 29.456s 
> CPU time.
> root@white:/var/spool# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> compatibility_level = 3.6
> inet_interfaces = all
> inet_protocols = ipv4
> mailbox_size_limit = 0
> mydestination = white.localdomain, white.localdomain, white, 
> localhost.localdomain, localhost
> myhostname = white.localdomain
> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost = smtp.localdomain
> smtp_tls_CApath = /etc/ssl/certs
> smtp_tls_security_level = may
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
> defer_unauth_destination
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_security_level = may
> root@white:/var/spool#

You should provide the output of journalctl. That usually has the
details that are useful in diagnosing a problem.

> Does anybody read signatures any more?
>
> https://charlescurley.com
> https://charlescurley.com/blog/

I try to skip them. There's no point in wasting time on them.

Jeff

Re: Postfix fails after upgrade from bullseye to bookworm

[Sven Joachim]

On 2023-01-20 11:55 -0700, Charles Curley wrote:

> On Fri, 20 Jan 2023 19:17:37 +0100
> Sven Joachim  wrote:
>
>> Clearly something fishy is going on here.
>
> I concur. What I saw with htop was a slew of calls to SSL. Here's
> a sample of what it was doing. It is a processor hog.
>
> root@white:~# ps aux | grep -i openssl
> root  4586  5.8  0.9   8256  2064 pts/3S+   11:48   0:00 grep 
> --colour=auto -i openssl
> root 4587 150 2.1  4720 ?  R 11:48 0:00 /usr/bin/openssl x509
> -subject_hash_old -fingerprint -noout -in QuoVadis_Root_CA_2.pem

Indeed I see many calls to openssl in top, apparently they are children
of a single c_rehash process.  CPU load is low here, though (2-3 %).

> I have no idea what that's about. Maybe someone with SSL experience can
> chime in here?

My hunch is that postfix recomputes all the hashes in
/var/spool/postfix/etc/ssl/certs, rather than copying the files from the
host system into the chroot which would be a lot faster.

It is probably time for me to revisit my postfix configuration.

Cheers,
   Sven

Re: Postfix fails after upgrade from bullseye to bookworm

[Charles Curley]

On Fri, 20 Jan 2023 14:28:22 -0500
Greg Wooledge  wrote:

> More multiples of 30 seconds.  I'm still thinking "DNS issue".

In this case, laziness. The default timeout is 60 seconds. I added 30
to that. Then doubled it. Etc. That doesn't mean you are wrong. I'd
like to know what that ssl command is up to.

The problem is not for lack of network. I executed all the commands I
showed in my recent emails via ssh over Ethernet, and that machine has
full access to the Internet.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Web page management. Was: Re: Debian release criteria.

[Dan Ritter]

pe...@easthope.ca wrote: 
> Unwieldly References list truncated.
> 
> From: Stefan Monnier 
> Date: Sat, 07 Jan 2023 12:45:52 -0500
> > I use uMatrix, which I find strikes a fairly good balance between
> > keeping sites working and letting me control how much crap is loaded.
> 
> Another helpful add-on.  Thanks!
> 
> A feature (gingerbread) I'd rather not have in Wikipedia is the popup 
> article preview from hovering the pointer on a link.  Can uMatrix 
> block that?  How?

Yes, because uBlock Origin is the less capable sibling and uBO
can do that. Just block JavaScript on the wikipedia.org domain.
The site remains largely functional but does not do previews.

-dsr-

Re: Postfix fails after upgrade from bullseye to bookworm

[Greg Wooledge]

On Fri, Jan 20, 2023 at 11:55:35AM -0700, Charles Curley wrote:
> My previous timeout vale was 180 seconds, which wasn't enough. So my
> ancient anemic box needed between 180 and 360 seconds to start postfix.
> (But see below.)

More multiples of 30 seconds.  I'm still thinking "DNS issue".

Re: Postfix fails after upgrade from bullseye to bookworm

[Sven Joachim]

On 2023-01-20 13:39 -0500, Greg Wooledge wrote:

> On Fri, Jan 20, 2023 at 07:17:37PM +0100, Sven Joachim wrote:
>> It seems that postfix's startup time has greatly regressed, on my laptop
>> there are very long delays both at boot:
>>
>> ,
>> | $ systemd-analyze blame | head -n1
>> | 33.340s postfix@-.service
>> `
>
> A delay that's a multiple of 30 seconds is very often a DNS lookup
> failure.  I would imagine your postfix configuration is trying to
> perform a DNS lookup on some hostname or other, and that this is
> happening before you're actually "online", for whatever definition of
> "online" is relevant here.

That should be NetworkManager-wait-online.service.  In the logs I see
that systemd starts the postfix service directly after reaching
network-online.target, as it is supposed to do.  The mystery is why it
takes another 30+ seconds before any messages from postfix itself appear
in the logs.

> That's a total guess, though.  Find your logfiles and read them to see
> what's actually going on.

Here is what I see in the journal when I restart postfix.service:

,
| Jan 20 20:16:06 myhost postfix/postfix-script[1470]: stopping the Postfix 
mail system
| Jan 20 20:16:06 myhost postfix/master[1307]: terminating on signal 15
| Jan 20 20:16:06 myhost systemd[1]: postfix@-.service: Deactivated 
successfully.
| Jan 20 20:16:06 myhost systemd[1]: Stopped Postfix Mail Transport Agent 
(instance -).
| Jan 20 20:16:06 myhost systemd[1]: postfix@-.service: Consumed 36.372s CPU 
time.
| Jan 20 20:16:06 myhost systemd[1]: Starting Postfix Mail Transport Agent 
(instance -)...
| Jan 20 20:16:41 myhost postfix[1800]: Postfix is using backwards-compatible 
default settings
| Jan 20 20:16:41 myhost postfix[1800]: See 
http://www.postfix.org/COMPATIBILITY_README.html for details
| Jan 20 20:16:41 myhost postfix[1800]: To disable backwards compatibility use 
"postconf compatibility_level=3.6" and "pos\
| tfix reload"
| Jan 20 20:16:42 myhost postfix/postfix-script[2026]: starting the Postfix 
mail system
| Jan 20 20:16:42 myhost postfix/master[2028]: daemon started -- version 3.7.3, 
configuration /etc/postfix
| Jan 20 20:16:42 myhost systemd[1]: Started Postfix Mail Transport Agent 
(instance -).
| Jan 20 20:16:42 myhost systemd[1]: Starting Postfix Mail Transport Agent...
| Jan 20 20:16:42 myhost systemd[1]: Finished Postfix Mail Transport Agent.
`

I have left nothing out, so WTH is postfix waiting for in these 35
seconds?

Cheers,
   Sven

Re: Postfix fails after upgrade from bullseye to bookworm

[Charles Curley]

On Fri, 20 Jan 2023 19:17:37 +0100
Sven Joachim  wrote:

> Clearly something fishy is going on here.

I concur. What I saw with htop was a slew of calls to SSL. Here's
a sample of what it was doing. It is a processor hog.

root@white:~# ps aux | grep -i openssl
root  4586  5.8  0.9   8256  2064 pts/3S+   11:48   0:00 grep 
--colour=auto -i openssl
root  4587  150  2.1     4720 ?R11:48   0:00 
/usr/bin/openssl x509 -subject_hash_old -fingerprint -noout -in 
QuoVadis_Root_CA_2.pem
root@white:~#

I have no idea what that's about. Maybe someone with SSL experience can
chime in here?

My previous timeout vale was 180 seconds, which wasn't enough. So my
ancient anemic box needed between 180 and 360 seconds to start postfix.
(But see below.)

To repeat your commands:

root@white:~# systemd-analyze blame | grep postfix
4min 24.559s postfix@-.service
35ms postfix.service
root@white:~# time systemctl restart postfix.service

real4m10.833s
user0m0.081s
sys 0m0.062s
root@white:~# 

Meanwhile simply running "postfix start" took much less time.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Web page management. Was: Re: Debian release criteria.

[peter]

Unwieldly References list truncated.

From: Stefan Monnier 
Date: Sat, 07 Jan 2023 12:45:52 -0500
> I use uMatrix, which I find strikes a fairly good balance between
> keeping sites working and letting me control how much crap is loaded.

Another helpful add-on.  Thanks!

A feature (gingerbread) I'd rather not have in Wikipedia is the popup 
article preview from hovering the pointer on a link.  Can uMatrix 
block that?  How?

 Thx,  ... P.
  
- 
mobile: +1 778 951 5147
  VoIP: +1 604 670 0140
https://en.wikibooks.org/wiki/User:PeterEasthope

Re: Postfix fails after upgrade from bullseye to bookworm

[Greg Wooledge]

On Fri, Jan 20, 2023 at 07:17:37PM +0100, Sven Joachim wrote:
> It seems that postfix's startup time has greatly regressed, on my laptop
> there are very long delays both at boot:
> 
> ,
> | $ systemd-analyze blame | head -n1
> | 33.340s postfix@-.service
> `

A delay that's a multiple of 30 seconds is very often a DNS lookup
failure.  I would imagine your postfix configuration is trying to
perform a DNS lookup on some hostname or other, and that this is
happening before you're actually "online", for whatever definition of
"online" is relevant here.

That's a total guess, though.  Find your logfiles and read them to see
what's actually going on.

Re: Postfix fails after upgrade from bullseye to bookworm

[Sven Joachim]

On 2023-01-20 09:34 -0700, Charles Curley wrote:

> On Fri, 13 Jan 2023 11:52:29 -0700
> Charles Curley  wrote:
>
>> That suggests there's something wrong with
>> the way systemd is starting postfix. I will look into that later
>> today.
>
> Not quite "later today", but:
>
> A bit of thinking about it, and I realized that the computer in
> question is an ancient 686 with very limited RAM, physical and swap. So
> I experimented with watching the startup using htop. That got me
> thinking that maybe the start timeout was too short.
>
> I edited postfix@-.service, like so:
>
> systemctl edit postfix@-.service
>
> and added a line to the end of the [service] stanza:
>
> TimeoutSec=360

It seems that postfix's startup time has greatly regressed, on my laptop
there are very long delays both at boot:

,
| $ systemd-analyze blame | head -n1
| 33.340s postfix@-.service
`

as well when restarting postfix:

,
| $ time sudo systemctl restart postfix.service
| sudo systemctl restart postfix.service  0,06s user 0,03s system 0% cpu 38,611 
total
`

Clearly something fishy is going on here.

Cheers,
   Sven

Re: partition appears to be mounted, but not according to umount or lsblk

[Cindy Sue Causey]

On 1/20/23, Anssi Saari  wrote:
> Jude DaShiell  writes:
>
>> I wonder if blkid might be a bit more informative.
>
> I don't know, I usually run mount without arguments to see what's
> mounted or look in the file /proc/mounts.


A super simple grep, e.g. "mount|grep sdc", works on it, too. I do it
all the time because it filters out the (visual) noise.

Every since I realized that, my chroot dismounts never fail. Prior to
that, I was having to mostly reboot to dislodge a chroot that had some
or another too "busy" to umount mount point that I couldn't ferret
out.

Cindy :)
-- 
Talking Rock, Pickens County, Georgia, USA
* runs with birdseed *

Re: Cloning a disk: partclone?

[Tixy]

On Fri, 2023-01-20 at 14:56 +0200, Anssi Saari wrote:
> Tixy  writes:
> 
> > Surely it's also straightforward to just copy the data in the partition
> > then resize the filesystem...
> > 
> >  cp /dev/sdX1 /dev/sdY1
> >  resize2fs /dev/sdY1
> 
> Sure. Partclone, since the OP asked about that, can speed this up for a
> partition since it's smart enough to not copy parts of the partition
> that aren't in use.

Which apart from speed would probably be good if the target is an SSD,
as the disk does have to allocate flash memory for that unused data.
(I'm thinking of the discussion about SSDs we had here a few weeks
ago).

-- 
Tixy

Re: dhcp-proxy con dnsmasq

[Camaleón]

El 2023-01-20 a las 14:28 +0100, trujo escribió:

> El jue, 19-01-2023 a las 20:38 +0100, Camaleón escribió:
> > El 2023-01-19 a las 13:49 +0100, trujo escribió:
> > 
> > > Estoy intentando ponerlo en marcha (con debian estable).
> > > la red en la que esta recibe ipes desde un relay situado en el
> > > conmutador.
> > > Si en el servidor DHCP pongo la opción 66 (next-server) parece
> > > funcionar, si no no funciona.
> > > no deberia dar este parametro el proxy-dhcp.
> > > mi configuración:
> > > port=0
> > > log-dhcp
> > > dhcp-no-override
> > > enable-tftp
> > > dhcp-range=192.168.53.21,proxy
> > > dhcp-boot=terminales/bootcode.bin,192.168.53.4,192.168.53.4
> > > interface=red-pxe
> > > dhcp-option=66,"192.168.53.4"
> > > 
> > > Si desactivo el dhcp-relay no funciona en absoluto, ¿no deberia
> > > funcionar?, ¿donde se le dice cual es el servidor al que debe
> > > pedirle
> > > la ip?
> > 
> > Hum... así a bote pronto el único valor que no veo definido en la 
> > configuración es el directorio raíz del servidor TFTP («tftp-root»), 
> > pero no sé hasta qué punto puede afectar al tener definida la opción
> > de 
> > next-server, no he trabajado nunca con dnsmasq :-?
> > 
> > Echa un vistazo a la wiki de Archlinux que siempre explican de forma 
> > didáctica cómo configurar cada uno de los servicios que admite
> > dnsmasq:
> > 
> > https://wiki.archlinux.org/title/dnsmasq
> > 
> > En cualquier caso, revisa el registro de dnsmaq para ver qué hace 
> > exactamente el demonio y por qué falla en cada caso (p. ej., cuando 
> > defines la opción «66» y cuando no).
> > 
> > 
> Se me olvido copiarlo, pero el problema no es ese el problema, es que
> no funciona.
> Lo monto en consola para poder depurarlo:
> # dnsmasq -d  -C /etc/dnsmasq.d/ipxe 
> dnsmasq: started, version 2.85 DNS disabled
> dnsmasq: opciones de compilación: IPv6 GNU-getopt DBus no-UBus i18n
> IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC
> loop-detect inotify dumpfile
> dnsmasq-dhcp: DHCP, proxy on subnet 192.168.53.1
> dnsmasq-dhcp: DHCP, sockets bound exclusively to interface red-pxe
> dnsmasq-tftp: TFTP root está /srv/tftp/terminales  
> dnsmasq-dhcp: 2554010389 available DHCP subnet:
> 192.168.53.1/255.255.255.0
> dnsmasq-dhcp: 2554010389 vendor class: PXEClient:Arch:0:UNDI:002001

Si se queda ahí, quizá lo que falle es la carga del PXE, que no lo 
detecte correctamente y tengas que forzar de alguna manera que lo 
reconozca para poder iniciar los clientes ligeros.

PXE : dnsmasq dhcp proxy not answering [SOLVED]
https://bbs.archlinux.org/viewtopic.php?id=254774

Que es básicamente lo que recomienda el artículo de la wiki de 
Archlinux (apartado de configuración para el servidor PXE).

> No llega a arrabcar, si añado en el servidor de DHCP principal, es que
> lo que no quiero hacer la opción 66
> En el cliente se ve:
> IP-Config: Complete:
>  device=eth0, hwaddr:xx:xx:xx:xx:xx:xx, ipaddr=192.168.53.13,
> mask=255.255.255.0,gw=192.168.53.1
>  host=192.168.53.13, domain=ea.ea.ea.ea.ea, nis-domain=(none)
>  boorserver=0.0.0.0, rootserver=0.0.0.0, rootpath=
>  nameserver0=8.8.8.8, nameserver1=xxx.xxx.xxx
> 
> 
> Es decir toma los datos dados por el DHCP principal,
> Si desactivo el dhcp-relay del conmutador y hago que dnsmasq actue como
> relay añadiendo la linea:
> dhcp-relay=192.168.53.4,10.xxx.xxx.xxx
> 
> 
> # dnsmasq -d  -C /etc/dnsmasq.d/ipxe 
> dnsmasq: started, version 2.85 DNS disabled
> dnsmasq: opciones de compilación: IPv6 GNU-getopt DBus no-UBus i18n
> IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC
> loop-detect inotify dumpfile
> dnsmasq-dhcp: DHCP, proxy on subnet 192.168.53.1
> dnsmasq-dhcp: DHCP relay from 192.168.53.4 to 10.xxx.xxx.xxx
> dnsmasq-tftp: TFTP root está /srv/tftp/terminales 
> 
> Pero el resto es igual, es decir el relay funciona pero el proxy no.
> La pagina de Arch que me has dicho ya la habia mirado antes y no aporta
> nada, solo que mire en el fichero "/var/lib/misc/dnsmasq.leases" para
> ver los arrendamiento, pero ese fichero esta vacío.
> 
> Lo único que no controlo bien es la linea:
> dhcp-range=192.168.53.1,proxy
> He probado a poner el GW (1), el servidor (192.168.53.4) o una de las
> direcciones arrendadas (13), pero el resultado es siempre el mismo, no
> funciona

¿De qué tipo de clientes ligeros se trata? Quizá requieran algún tipo 
de parámetro o configuración concreto, de ahí que forzando la opción 66 
se cargue el bootloader y los clientes detecten sin problemas el servidor
dnsmasq.

Saludos,

-- 
Camaleón 

Re: EOL and EOS for Debian Softwares

[Greg Wooledge]

On Fri, Jan 20, 2023 at 03:42:39PM +, Bushra Perveen wrote:
> Hi Team,
> 
> Could you please let me know the End of Life and End of Support for the below 
> Debian software's?
> whiptail 0.5 (Linux)
> P11 Glue Utilities 0.2 (Linux)
> virt-what 1 (Linux)
> HTTP Client 6 (Linux)
> virt-what 6 (Linux)
> DStat 0.7 (Linux)

Debian doesn't support individual software pacakges like this, except
for very special cases like Firefox and Chromium.  Instead, Debian
supports releases, and all of the packages within a release.

The two releases that are currently supported are Debian 10 ("buster")
and Debian 11 ("bullseye").  Debian 11 is the current "stable" release,
and as such, has 100% security support.  This will continue until one
year after the release of Debian 12 ("bookworm"), whenever that may be.

Debian 10 is the "oldstable" release, meaning it had full support for
the first year after Debian 11's release, and now has reduced support.
See  for details.

Of all the items on your list, only two (whiptail and virt-what) are
actual Debian package names.  For the others, the first thing you'll have
to do is figure out what binary package name(s) they actually exist as
in Debian, if they're even in Debian at all.  Then, you can see which
versions of those packages are in Debian 10 and Debian 11.  If one of
those releases has the version of the package you're interested in,
then you can estimate the length of time that release will be supported.

Since whiptail is actually in Debian 11, I can tell you its version
number right now.  It's version 0.52.21-4+b3 which means it was built
from upstream version 0.52.21, and this is the third binary-only
non-maintainer upload after the fourth Debian packaging of that upstream
version.

I don't know how "whiptail 0.5" is supposed to map to the actual version
numbers used by the upstream developers, given that "0.52.21" is what
Debian's using.

Debian 11 also has virt-what version 1.19-1 which means it was built
from upstream version 1.19, and this is the first Debian packaging of
that upstream version.

I don't know how "virt-what 1" or "virt-what 6" are intended to map to
the version numbers used by this project either.

Good luck.

Re: [HS] partage de fichiers (pour un nul)

[Jean Bernon]

J'utilise homebank pour gérer un budget familial. Le fichier de comptabilité 
est sur un serveur nextcloud (comme Zaclys) et je peux mettre à jour le fichier 
depuis n'importe quelle machine équipée de homebank et du client nextcloud. En 
revanche une seule machine à la fois peut modifier le fichier partagé. Je 
suppose que Grisbi, que je ne connais pas, est un équivalent de homebank et, si 
les collaborateurs utilisent les fichiers partagés de Mère Zaclys, ils ont 
probablement déjà un client Nexcloud.


- Mail original - 

> De: "Jean Louis Giraud Desrondiers" 
> À: debian-user-french@lists.debian.org
> Envoyé: Jeudi 19 Janvier 2023 11:12:59
> Objet: Re: [HS] partage de fichiers (pour un nul)

> >
> > Quel est le problème concret à résoudre? Comptabilité associative?
> > Familiale? Dans le même bâtiment ou bien intercontinentale? Avec
> > gestion des devises et de leur cours (i.e. €/US$)? Combien
> > d'utilisateurs possibles et simultanés?

> comptabilité familiale simple, c'est pour ça que j'ai choisi Grisbi
> >
> finalement ça n'a pas l'air aussi simple que je le pensais a priori !
> Merci quand même pour toutes vos réponses.
> --
> Cordialement,

> Jean Louis Giraud Desrondiers 

Re: Postfix fails after upgrade from bullseye to bookworm

[Charles Curley]

On Fri, 13 Jan 2023 11:52:29 -0700
Charles Curley  wrote:

> That suggests there's something wrong with
> the way systemd is starting postfix. I will look into that later
> today.

Not quite "later today", but:

A bit of thinking about it, and I realized that the computer in
question is an ancient 686 with very limited RAM, physical and swap. So
I experimented with watching the startup using htop. That got me
thinking that maybe the start timeout was too short.

I edited postfix@-.service, like so:

systemctl edit postfix@-.service

and added a line to the end of the [service] stanza:

TimeoutSec=360

So:

root@white:/etc# diff systemd/system/postfix@-.service 
/lib/systemd/system/postfix@.service 
17d16
< TimeoutSec=360
20c19
< WantedBy=multi-user.target
\ No newline at end of file
---
> WantedBy=multi-user.target
root@white:/etc# 


That seems to have fixed the problem. We'll see, said the zen master.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

EOL and EOS for Debian Softwares

[Bushra Perveen]

Hi Team,

Could you please let me know the End of Life and End of Support for the below 
Debian software's?
whiptail 0.5 (Linux)
P11 Glue Utilities 0.2 (Linux)
virt-what 1 (Linux)
HTTP Client 6 (Linux)
virt-what 6 (Linux)
DStat 0.7 (Linux)

Thanks in advance,
Bushra Perveen


This e-mail communication and any attachments to it are confidential and 
privileged to Hexaware and are strictly intended only for the personal and 
confidential use of the designated recipient(s) named above. If you are not the 
intended recipient of this message, you are hereby notified that any review, 
dissemination, distribution or copying of this message is strictly prohibited 
and may be unlawful.

Please notify the sender immediately and destroy all copies of this message 
along with all attachments thereto.

Re: dell latitude 3510 - bios settings to boot debian netinst

[Russell L. Harris]

On Fri, Jan 20, 2023 at 09:27:39AM -0600, David Wright wrote:

On Fri 20 Jan 2023 at 05:23:06 (+), Russell L. Harris wrote:

On Thu, Jan 19, 2023 at 10:18:33PM -0600, David Wright wrote:
> On Fri 20 Jan 2023 at 03:43:09 (+), Russell L. Harris wrote:
> > I have not figured out how to configure the BIOS of a Dell Latitude
> > 3510 to cause it to see and boot from a Debian netinst image (Debian
> > 11) written to USB flash (8Gbyte Patriot).

BTW you don't say whether you've ever booted it from any kind of stick.


The machine was a gift; this is my first experience with a laptop of
recent manufacture. 


The Service Manual latitude-3510-sm-en-us.pdf (p88/9) says
 ??? Enable USB Boot Support - Allows the system to boot
   from an external USB device (Enabled by default)
 ??? Enable External USB Ports - Allows the user to enable
   or disable the USB ports on the computer (Enabled by
   default)


I checked those.


Page 87 (p89/90 also relevant) explains that you can turn on booting
from an mSD card.

It's worth trying a variety of sticks, and in every available port,
lest it's USB2/3, or just some other inexplicable incompatibility.
I've had laptops showing that behaviour.


This flash stick has booted other machines.

mSD sounds promising.

RLH

Re: dell latitude 3510 - bios settings to boot debian netinst

[Russell L. Harris]

On Fri, Jan 20, 2023 at 12:28:21PM +, Andrew M.A. Cater wrote:

On Fri, Jan 20, 2023 at 05:23:06AM +, Russell L. Harris wrote:

On Thu, Jan 19, 2023 at 10:18:33PM -0600, David Wright wrote:
> On Fri 20 Jan 2023 at 03:43:09 (+), Russell L. Harris wrote:
> > I have not figured out how to configure the BIOS of a Dell Latitude
> > 3510 to cause it to see and boot from a Debian netinst image (Debian
> > 11) written to USB flash (8Gbyte Patriot).
The problem is that the "one-time menu" does not include the flash
device.

How did you create the flash device - what command did you use?


After downloading the official netinst iso image, I copied it to the
flash stick (I routinely do netinst of Debian):

# cp debian-11.6.0-i386-netinst.iso /dev/sdb
# sync

Re: dell latitude 3510 - bios settings to boot debian netinst

[David Wright]

On Fri 20 Jan 2023 at 05:23:06 (+), Russell L. Harris wrote:
> On Thu, Jan 19, 2023 at 10:18:33PM -0600, David Wright wrote:
> > On Fri 20 Jan 2023 at 03:43:09 (+), Russell L. Harris wrote:
> > > I have not figured out how to configure the BIOS of a Dell Latitude
> > > 3510 to cause it to see and boot from a Debian netinst image (Debian
> > > 11) written to USB flash (8Gbyte Patriot).

BTW you don't say whether you've ever booted it from any kind of stick.

> > Typically you'd tap away at F12 after turning it on, and that would
> > give you a one-time menu for where to boot from.
> 
> [ … ]
> 
> Neither do the BIOS screens include the flash device.
> 
> Boot Sequence
> 
> [X] UEFI ST500LM034
> 
> (+) Add Boot Option
> 
> I have searched with Google without success.  The BIOS of this machine
> offers an order of magnitude more options than does the BIOS of other
> Dell machines.  Regrettably, many of the parameters are not
> explained.

The Service Manual latitude-3510-sm-en-us.pdf (p88/9) says
  ● Enable USB Boot Support - Allows the system to boot
from an external USB device (Enabled by default)
  ● Enable External USB Ports - Allows the user to enable
or disable the USB ports on the computer (Enabled by
default)

Page 87 (p89/90 also relevant) explains that you can turn on booting
from an mSD card.

It's worth trying a variety of sticks, and in every available port,
lest it's USB2/3, or just some other inexplicable incompatibility.
I've had laptops showing that behaviour.

Cheers,
David.

Re: Icônes de montage d'une partition ext4

[ajh-valmer]

On Friday 20 January 2023 10:28:44 didier gaumet wrote:
> Le 19/01/2023 à 19:33, ajh-valmer a écrit :
> > Depuis des lustres sous KDE,

> Euh... Trinity plutôt, non? Dans Debian 11, KDE c'est Plama5, alors que 
> tu parles du fork KDE3 maintenu par Trinity. Le but de ma remarque n'est 
> pas d'être désobligeant mais de poser le problème correctement sinon il 
> y a risque de confusion entre des contextes différents (je ne suis pas 
> l'actualité KDE mais je pense qu'entre KDE3 et KDE5 pas mal de choses 
> ont changé)

Aucune désobligeance ressentie,
Comme Trinity est un KDE simplifié, j'ai préféré citer kde, désolé et mes 
excuses.

J'ai trouvé une solution :
Icônes => "Lien vers une application" => commande :
mount /media/sdb2 & konqueror /media/sdb2
et la partition /media/sdb2 s'ouvre.
(il faut avant informer "/etc/fstab" de cette partition).

J'ai abandonné le moyen "Lien vers un périphérique",
impossible, dommage, ça marchait impeccable
avec les précédentes versions de debian et/ou Trinity...

Malgré ces petits aléas, je recommande vivement le bureau Trinity.

Bonne journée,

AJH.Valmer

Re: Server Static IP and At's BGW210

[Tom Browder]

On Fri, Jan 20, 2023 at 05:39 Tom Browder  wrote:

BTW, I just found this link from a guy I recently found on Youtube who
seems to know his stuff:

>
  https://christitus.com/secure-web-server/

-Tom

Re: [HS] partage de fichiers (pour un nul)

[Jean Louis Giraud Desrondiers]

> Bonjour,
bonjour,

> 
> Le 2023-01-19 11:12, Jean Louis Giraud Desrondiers a écrit :
> > finalement ça n'a pas l'air aussi simple que je le pensais a
> > priori ! Merci quand même pour toutes vos réponses.
> 
> Ça peut l'être :)
> 
> J'utilise avec succès depuis des années Grisbi sur plusieurs 
> ordinateurs.
> 
> Je synchronise les données avec Syncthing. On configure un dossier 
> partagé
> sur un ordinateur et on le partage avec l'autre (les deux doivent
> avoir Syncthing installé et fonctionnel, la mise en place du partage
> se fait par
> échange de clés).
> 
> Conseil : syncthing-gtk simplifie le processus pour un non-initié.
J'ai installé syncthing sur mes deux ordis et j'ai configuré le
partage entre les deux ordis : d'après ce que je vois sur
l'interface web les deux ordis ont l'air d'être connectés (sauf que
je viens de m'apercevoir que j'ai configuré deux partages avec le
même nom) ...
> 
> 
> Côté Grisbi rien de spécial à faire, le fichier est local des deux 
> côtés.

...mais comment faire pour partager mes fichiers Grisbi : à aucun
moment syncthing ne m'a demandé quel répertoire ou quels fichiers je
voulais partager ? 



-- 
Cordialement, 

Jean Louis Giraud Desrondiers 

Re: OpenSolaris Boot Environements equivalent

[Christoph Brinkhaus]

Am Fri, Jan 20, 2023 at 02:16:57PM +0100 schrieb Mario Marietto:

Hi Mario,

> I still do not understand why,when I remove files on a ZFS disk using
> commands like (rm and rm -r),the left space does not increase,but it
> decreases. I would like to know what I can do to free some space if
> removing files does not work. 

If you have snapshots in a data set and rm files they still can be
accessed in the hidden .zfs directories. Therefore the free space
should remain almost the same until you delete the snapshos.

> And I don't understand why a ZFS disk goes
> fast out of space. This does not happen with an UFS disk. 

I have not observed that on my systems, but I have not stressed them a
lot.

> From what I've
> understood every snapshot created with the ZFS mechanisms contains a full
> FreeBSD system. Am I right ? Do you confirm this ? If this is true,ZFS is
> too much space consuming and it will explain why the space will end very
> fast on the disk. That's not good for sure. 

A snapshot contains the references to files. Beside of management
overhead a snapshot does not consume any space. If you modify or
delete files on the data set where the snapshot has been taken off
the original files at the time of the snapshot claim their required
space in the snapshots hidden directory instead of the original data
set.

> Recently I've found a Linux
> distro called "NixOS" which uses another method to create snapshots. It is
> based on a large use of sim/soft and hard links to backup different
> versions of the system libraries. This method is useful when the system is
> upgraded. I would like to ask you if you would like to see this kind of
> solution also on FreeBSD. I really want to see the zfs boot menu suggested
> by Anssi on FreeBSD ! I like it very much ! Do you think it is hard to
> implement it there ?

That sounds a little bit like the software "time machine".

Kind regards,
Christoph
-- 
Ist die Katze gesund
schmeckt sie dem Hund.

Re: dhcp-proxy con dnsmasq

[trujo]

El jue, 19-01-2023 a las 20:38 +0100, Camaleón escribió:
> El 2023-01-19 a las 13:49 +0100, trujo escribió:
> 
> > Estoy intentando ponerlo en marcha (con debian estable).
> > la red en la que esta recibe ipes desde un relay situado en el
> > conmutador.
> > Si en el servidor DHCP pongo la opción 66 (next-server) parece
> > funcionar, si no no funciona.
> > no deberia dar este parametro el proxy-dhcp.
> > mi configuración:
> > port=0
> > log-dhcp
> > dhcp-no-override
> > enable-tftp
> > dhcp-range=192.168.53.21,proxy
> > dhcp-boot=terminales/bootcode.bin,192.168.53.4,192.168.53.4
> > interface=red-pxe
> > dhcp-option=66,"192.168.53.4"
> > 
> > Si desactivo el dhcp-relay no funciona en absoluto, ¿no deberia
> > funcionar?, ¿donde se le dice cual es el servidor al que debe
> > pedirle
> > la ip?
> 
> Hum... así a bote pronto el único valor que no veo definido en la 
> configuración es el directorio raíz del servidor TFTP («tftp-root»), 
> pero no sé hasta qué punto puede afectar al tener definida la opción
> de 
> next-server, no he trabajado nunca con dnsmasq :-?
> 
> Echa un vistazo a la wiki de Archlinux que siempre explican de forma 
> didáctica cómo configurar cada uno de los servicios que admite
> dnsmasq:
> 
> https://wiki.archlinux.org/title/dnsmasq
> 
> En cualquier caso, revisa el registro de dnsmaq para ver qué hace 
> exactamente el demonio y por qué falla en cada caso (p. ej., cuando 
> defines la opción «66» y cuando no).
> 
> Saludos,
> 
Se me olvido copiarlo, pero el problema no es ese el problema, es que
no funciona.
Lo monto en consola para poder depurarlo:
# dnsmasq -d  -C /etc/dnsmasq.d/ipxe 
dnsmasq: started, version 2.85 DNS disabled
dnsmasq: opciones de compilación: IPv6 GNU-getopt DBus no-UBus i18n
IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC
loop-detect inotify dumpfile
dnsmasq-dhcp: DHCP, proxy on subnet 192.168.53.1
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface red-pxe
dnsmasq-tftp: TFTP root está /srv/tftp/terminales  
dnsmasq-dhcp: 2554010389 available DHCP subnet:
192.168.53.1/255.255.255.0
dnsmasq-dhcp: 2554010389 vendor class: PXEClient:Arch:0:UNDI:002001

No llega a arrabcar, si añado en el servidor de DHCP principal, es que
lo que no quiero hacer la opción 66
En el cliente se ve:
IP-Config: Complete:
 device=eth0, hwaddr:xx:xx:xx:xx:xx:xx, ipaddr=192.168.53.13,
mask=255.255.255.0,gw=192.168.53.1
 host=192.168.53.13, domain=ea.ea.ea.ea.ea, nis-domain=(none)
 boorserver=0.0.0.0, rootserver=0.0.0.0, rootpath=
 nameserver0=8.8.8.8, nameserver1=xxx.xxx.xxx


Es decir toma los datos dados por el DHCP principal,
Si desactivo el dhcp-relay del conmutador y hago que dnsmasq actue como
relay añadiendo la linea:
dhcp-relay=192.168.53.4,10.xxx.xxx.xxx


# dnsmasq -d  -C /etc/dnsmasq.d/ipxe 
dnsmasq: started, version 2.85 DNS disabled
dnsmasq: opciones de compilación: IPv6 GNU-getopt DBus no-UBus i18n
IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC
loop-detect inotify dumpfile
dnsmasq-dhcp: DHCP, proxy on subnet 192.168.53.1
dnsmasq-dhcp: DHCP relay from 192.168.53.4 to 10.xxx.xxx.xxx
dnsmasq-tftp: TFTP root está /srv/tftp/terminales 

Pero el resto es igual, es decir el relay funciona pero el proxy no.
La pagina de Arch que me has dicho ya la habia mirado antes y no aporta
nada, solo que mire en el fichero "/var/lib/misc/dnsmasq.leases" para
ver los arrendamiento, pero ese fichero esta vacío.

Lo único que no controlo bien es la linea:
dhcp-range=192.168.53.1,proxy
He probado a poner el GW (1), el servidor (192.168.53.4) o una de las
direcciones arrendadas (13), pero el resultado es siempre el mismo, no
funciona

Re: OpenSolaris Boot Environements equivalent

[Mario Marietto]

I still do not understand why,when I remove files on a ZFS disk using
commands like (rm and rm -r),the left space does not increase,but it
decreases. I would like to know what I can do to free some space if
removing files does not work. And I don't understand why a ZFS disk goes
fast out of space. This does not happen with an UFS disk. From what I've
understood every snapshot created with the ZFS mechanisms contains a full
FreeBSD system. Am I right ? Do you confirm this ? If this is true,ZFS is
too much space consuming and it will explain why the space will end very
fast on the disk. That's not good for sure. Recently I've found a Linux
distro called "NixOS" which uses another method to create snapshots. It is
based on a large use of sim/soft and hard links to backup different
versions of the system libraries. This method is useful when the system is
upgraded. I would like to ask you if you would like to see this kind of
solution also on FreeBSD. I really want to see the zfs boot menu suggested
by Anssi on FreeBSD ! I like it very much ! Do you think it is hard to
implement it there ?

Il giorno ven 20 gen 2023 alle ore 14:03 Anssi Saari  ha scritto:

> Yassine Chaouche  writes:
>
> > Hello all,
> >
> > I was wondering if there was anyone working on an equivalent of
> OpenSolaris BE?
>
> A quick search came up with https://docs.zfsbootmenu.org/, does that fit
> your needs?
>
>

-- 
Mario.

Re: partition appears to be mounted, but not according to umount or lsblk

[Anssi Saari]

Jude DaShiell  writes:

> I wonder if blkid might be a bit more informative.

I don't know, I usually run mount without arguments to see what's
mounted or look in the file /proc/mounts.

Re: OpenSolaris Boot Environements equivalent

[Anssi Saari]

Yassine Chaouche  writes:

> Hello all,
>
> I was wondering if there was anyone working on an equivalent of OpenSolaris 
> BE?

A quick search came up with https://docs.zfsbootmenu.org/, does that fit
your needs?

Re: Cloning a disk: partclone?

[Anssi Saari]

Tixy  writes:

> Surely it's also straightforward to just copy the data in the partition
> then resize the filesystem...
>
>  cp /dev/sdX1 /dev/sdY1
>  resize2fs /dev/sdY1

Sure. Partclone, since the OP asked about that, can speed this up for a
partition since it's smart enough to not copy parts of the partition
that aren't in use.

Re: dell latitude 3510 - bios settings to boot debian netinst

[Andrew M.A. Cater]

On Fri, Jan 20, 2023 at 05:23:06AM +, Russell L. Harris wrote:
> On Thu, Jan 19, 2023 at 10:18:33PM -0600, David Wright wrote:
> > On Fri 20 Jan 2023 at 03:43:09 (+), Russell L. Harris wrote:
> > > I have not figured out how to configure the BIOS of a Dell Latitude
> > > 3510 to cause it to see and boot from a Debian netinst image (Debian
> > > 11) written to USB flash (8Gbyte Patriot).
> > 
> > Typically you'd tap away at F12 after turning it on, and that would
> > give you a one-time menu for where to boot from.
> 
> The problem is that the "one-time menu" does not include the flash
> device.
> 

How did you create the flash device - what command did you use?

All best,

Andy Cater

> 
> RLH
> 

Re: Efficacité de spamassassin et de postgrey

[Michel]

Le 20 janvier 2023 Sébastien NOBILI a écrit :

> Pour un usage quasi personnel (3 boîtes réelles sur mon serveur), j'ai
> abandonné ces outils depuis plusieurs années au profit de bogofilter.

Tout comme bogofilter spamassassin a un filtre bayésien qu'on peut
entraîner.

> Inconvénient (ou pas) : la base de bogofilter est gérée par utilisateur,
> mais on doit pouvoir centraliser le tout (ça ne m'intéressait pas).

Oui j'avais mis ça en place pour plusieurs utilisateurs avec 2 boites
mails ham/spam relevées et traitées par cron pour alimenter le filtre
bayésien.

Re: Server Static IP and At's BGW210

[Tom Browder]

On Thu, Jan 19, 2023 at 19:58 David Christensen 
wrote:
…

If your AT U-verse residential gateway is anything like mine (Pace
> 5268AC FXN), it will have a web server/ control panel accessed

…

Yes, mine router is similar

I own and recommend "Networking for System Administrators" by Lucas:
>
> https://mwl.io/nonfiction/networking#n4sa


I do too.

And your email helps.

I certainly have a firewall on the computer to go public. And I’m
restricting external ssh to one of my remote hosts while I build out my
planned set up . I’m just trying to understand the way the ATT router
translates to my physical situation.

Conceptually, it seems to me it’s like having two houses: (1) one with the
private LAN like most internet connected houses these days and (2) a house
like my remote service and hosts at Dedispec where all hosts have one or
more public IPs open to ssh from the internet.

On the ATT router I turn on the public subnet and assign one of the static
IPs to my desired host.

Eventually I’m going to fancify things with other  network hardware, but
not for a while.

Thanks, David.

-Tom

Re: Efficacité de spamassassin et de postgrey

[Basile Starynkevitch]

On 1/20/23 12:03, Sébastien NOBILI wrote:

Bonjour,

Le 2023-01-19 10:08, Francois Mescam a écrit :

J'en suis à me demander s'il est encore utile d'utiliser ces outils
devant leur peu d'efficacité.

Quelqu'un a-t-il des remarques à faire la-dessus ?


Pour un usage quasi personnel (3 boîtes réelles sur mon serveur), j'ai
abandonné ces outils depuis plusieurs années au profit de bogofilter.
Je ne regrette pas.

Je fonctionne avec 4 dossiers.

Deux qui servent de dépose :

    - Spam : les messages qui ont un score suffisamment élevé pour qu'il
  y ait peu de doute sur leur caractère
    - Probable : les messages qui peuvent être du spam ou pas

Deux qui servent à l'apprentissage :

    - Spam : les messages qui n'ont pas été considérés comme spam et qui
  auraient dû l'être
    - NonSpam : les messages qui ont été considérés comme spam ou 
probable

  et qui n'auraient pas dû l'être

Avec une tâche cron qui se charge d'apprendre à partir du contenu de ces
dossiers.

Concrètement :
    - pratiquement tout le spam va dans le dossier qui va bien
    - le dossier "probable" reçoit principalement des newsletters ou des
  messages d'activation de compte

Je dois avoir un à deux messages à traiter manuellement par jour.

Inconvénient (ou pas) : la base de bogofilter est gérée par utilisateur,
mais on doit pouvoir centraliser le tout (ça ne m'intéressait pas).




Dans le même ordre d'idées, je mentionnerais 
https://github.com/xavierleroy/spamoracle




--
Basile Starynkevitch  
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/

Re: [HS] partage de fichiers (pour un nul)

[Sébastien NOBILI]

Bonjour,

Le 2023-01-19 11:12, Jean Louis Giraud Desrondiers a écrit :

finalement ça n'a pas l'air aussi simple que je le pensais a priori !
Merci quand même pour toutes vos réponses.


Ça peut l'être :)

J'utilise avec succès depuis des années Grisbi sur plusieurs 
ordinateurs.


Je synchronise les données avec Syncthing. On configure un dossier 
partagé

sur un ordinateur et on le partage avec l'autre (les deux doivent avoir
Syncthing installé et fonctionnel, la mise en place du partage se fait 
par

échange de clés).

Conseil : syncthing-gtk simplifie le processus pour un non-initié.

Syncthing est dans Debian et il existe une version MacOS.

Côté Grisbi rien de spécial à faire, le fichier est local des deux 
côtés.
Attention tout de même : ouvrir le fichier des deux côtés peut conduire 
à des

conflits. Il faut s'organiser/se discipliner.

Sébastien

Re: Efficacité de spamassassin et de postgrey

[Sébastien NOBILI]

Bonjour,

Le 2023-01-19 10:08, Francois Mescam a écrit :

J'en suis à me demander s'il est encore utile d'utiliser ces outils
devant leur peu d'efficacité.

Quelqu'un a-t-il des remarques à faire la-dessus ?


Pour un usage quasi personnel (3 boîtes réelles sur mon serveur), j'ai
abandonné ces outils depuis plusieurs années au profit de bogofilter.
Je ne regrette pas.

Je fonctionne avec 4 dossiers.

Deux qui servent de dépose :

- Spam : les messages qui ont un score suffisamment élevé pour qu'il
  y ait peu de doute sur leur caractère
- Probable : les messages qui peuvent être du spam ou pas

Deux qui servent à l'apprentissage :

- Spam : les messages qui n'ont pas été considérés comme spam et qui
  auraient dû l'être
- NonSpam : les messages qui ont été considérés comme spam ou 
probable

  et qui n'auraient pas dû l'être

Avec une tâche cron qui se charge d'apprendre à partir du contenu de ces
dossiers.

Concrètement :
- pratiquement tout le spam va dans le dossier qui va bien
- le dossier "probable" reçoit principalement des newsletters ou des
  messages d'activation de compte

Je dois avoir un à deux messages à traiter manuellement par jour.

Inconvénient (ou pas) : la base de bogofilter est gérée par utilisateur,
mais on doit pouvoir centraliser le tout (ça ne m'intéressait pas).

Sébastien

Re: Cloning a disk: partclone?

[hede]

Am 19.01.2023 20:14, schrieb Charles Curley:

On Thu, 19 Jan 2023 12:49:57 -0600
Tom Browder  wrote:


+ Can it do a complete clone on an active disk? Or do I need a live
CD or USB stick?


I wouldn't try backing up a live partition due to issues with
referential integrity. Suppose two interdependent files, A and B, 
change

during the backing up, like so:

A is backed up.
A and B are both changed.
B is backed up.

Your originals are fine, they both have the changes. But the backup is
broken: only one file has the changes.


That's true. Especially for a block based copy of mounted filesystems 
there's a high risk of inconsistency, which results not only in broken 
files but even not mountable filesystems. (i.e. something like a "dd" of 
the /dev/sdX)


Copying files from some mounted filesystem, even some active root 
partition, works for most cases. It's not exactly 100%, but there's a 
high chance everything is fine. I did that several times right in the 
live system and never got real problems. Even including databases 
(SQL+ldap). Yes, it's absolutely preferred to boot the machine by some 
external boot media for system cloning purposes, but if someone wants to 
take the risk, chances are high it works.


It's reliable enough so that many backup solutions don't depend on 
snapshots. And it works. Yet, backing up data _with_ using snapshots is 
to be preferred.


The only exception to that is an LVM logical disk (or similar) where 
you

have taken a snapshot, and you back up the snapshot.


or any other snapshot mechanism like btrfs snapshots.

hede

Re : Re: [HS] confusion d'outils [Was] Re: Swap en mémoire RAM. Est-ce pertinent?

[Hugues Larrive]

Bonjour,

Il me semble, que le but premier de la swap c'est d'augmenter la mémoire 
virtuelle et donc de stocker des pages vides. En dehors d'une situation de 
"pénurie", si un processus a besoin d'utiliser une page (vide) qui était 
"swapée", le système va trouver une page vide d'un autre processus, la swaper 
pour libérer un cadre dans la mémoire vive, et allouer ce cadre à la page que 
le processus veut utiliser. Ainsi seul la table de pages (en mémoire vive) est 
modifiée et tant qu'il reste des pages vides en RAM, ça swap sans jamais 
accéder réellement au stockage de masse. En gros ça permet avant tout d'allouer 
la même portion de mémoire libre à plusieurs processus, les échanges se faisant 
uniquement dans la table de page. Dans la pratique ça permet d'optimiser 
l'utilisation de la mémoire, ça évite par exemple d'avoir à supprimer une page 
de cache disque tant qu'un processus n'a pas réellement besoin de l'utiliser.

@+
Hugues

--- Original Message ---
Le jeudi 19 janvier 2023 à 15:27, Basile Starynkevitch 
 a écrit :


> 

> 

> On 19/01/2023 15:14, hamster wrote:
> 

> > Le 19/01/2023 à 09:50, didier gaumet a écrit :
> > 

> > > Le jeudi 19 janvier 2023 à 08:16 +0100, Olivier backup my spare a
> > > écrit :
> > > [...]
> > > 

> > > > Bêtement, j'ai voulu appliqué un usage lié au raspberry pi sur un
> > > > ordinateur portable.
> > > > Si on supprime ou met le swap d'un raspberry pi en RAM pour épargner
> > > > la carte SD, ça n'a aucun intérêt sur un PC.
> > 

> > 

> > Oh que si. Je le fais systématiquement sur mes PC, et je le fais comme sur 
> > un raspi : en utilisant zram.
> > 

> > Petit récapitulatif a propos de la swap :
> > 

> > Son usage premier, c'est de décharger la RAM quand elle est pleine. Mais 
> > c'est lent, très lent. Avec 32 G de RAM, si tu t'amuse a faire une 
> > partition swap aussi grosse que la RAM et que tu la remplis, ton ordi 
> > devient tellement lent que c'est inutilisable.
> 

> 

> 

> Ca dépend la aussi des cas de figures.
> 

> 

> 

> Première remarque: le coût en € de la RAM comme du disque est (en Europe) 
> faible -en 2023- par rapport au coût mensuel chargé de l'informaticien qui 
> l'utilise.
> 

> 

> 

> Autrement dit: pour un développeur de logiciel, le salaire du dévelopeur 
> coûte (mensuellement) plus cher que la RAM qu'il utilise (sauf cas 
> particuliers tels que calculs par éléments finis de la turbulence autour 
> d'une éolienne).
> 

> Très concretement: au début de ma carrière (1985) l'ordinateur professionnel 
> (Sun3/160) coûtait 3 ans de salaire. actuellement il coûte (au CEA) moins de 
> 2 mois de salaire.
> 

> 

> 

> Pour revenir à la question du swap. Si on est développeur, et que de temps à 
> autre on consulte de la documentation sur son navigateur, on peut attendre 
> 0,5 à 2 secondes que le navigateur (Mozilla Firefox) recharge ses données du 
> disque (rotatif et lent) vers la RAM. Ca peut arriver par exemple en 
> changeant le "focus" de la souris.
> 

> Pour ma part, au bureau comme à la maison j'ai des ordinateurs fixes (sous 
> Linux) dont 50% de la RAM est peu utilisée.
> 

> rimski.x86_64 ~/RefPerSys 15:24 .0 % free -m
> total used free shared buff/cache available
> Mem: 64263 9560 24278 114 30424 53944
> Swap: 2047 0 2047
> 

> Mais de temps à auitre la totalité de la RAM est utile.
> 

> 

> 

> Un exemple qui nécessite beaucoup de RAM, c'est la compilation (en parallèle 
> avec make -j) du code source de Mozilla Firefox (ou même de Qt) ou de GCC.
> 

> Cordialement
> 

> 

> 

> --
> Basile Starynkevitch  
> (only mine opinions / les opinions sont miennes uniquement)
> 92340 Bourg-la-Reine, France
> web page: starynkevitch.net/Basile/

publickey - hlarrive@pm.me - 0xE9429B87.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: Icônes de montage d'une partition ext4

[Basile Starynkevitch]

On 1/20/23 10:28, didier gaumet wrote:

Le 19/01/2023 à 19:33, ajh-valmer a écrit :

Bonsoir,

Depuis des lustres sous KDE,


Euh... Trinity plutôt, non? Dans Debian 11, KDE c'est Plama5, alors 
que tu parles du fork KDE3 maintenu par Trinity. Le but de ma remarque 
n'est pas d'être désobligeant mais de poser le problème correctement 
sinon il y a risque de confusion entre des contextes différents (je ne 
suis pas l'actualité KDE mais je pense qu'entre KDE3 et KDE5 pas mal 
de choses ont changé)


 je place une icône sur le bureau pour

monter et ouvrir une partition ext4, ce qui est très pratique
et évite le mode console, p. ex. "mount /media/sdb2"


C'est pratique mais à mon sens si il s'agit d'un disque externe 
amovible c'est un doublon et un possible conflit avec l'environnement 
de bureau (Trinity) qui doit gérer automatiquement les volumes amovibles


Depuis le passage à Bullseye, la partition ne s'ouvre plus avec ce 
message :

"Impossible de monter le périphérique. L'erreur signalée est :
mount: /media/sdb2: /dev/sdb2 déjà monté sur /media/sdb2".


ça pourrait suggérer qu'effectivement Trinity monte automatiquement 
une partition à l'insertion d'un disque USB


Comme l'a suggéré Basile, une liste des systèmes de fichiers montés 
serait utile pour savoir ce qui se passe (un simple mount ou un cat 
/proc/mounts)



L'icône indique qu'elle n'est pas montée.
Impossible d'ouvrir la partition, elle n'est que montée.


Que veux-tu dire par "Impossible d'ouvrir la partition, elle n'est que 
montée."? Tu as l'air de suggérer qu'il faut une étape supplémentaire 
pour accéder à une partition (en fait un système de fichiers) en plus 
de la monter?



Je tape "umount /media/sdb2" pareil, même message
en cliquant sur l'icône.


essaie plutôt de te référer dans tes commandes au périphérique (ici 
/dev/sdb2) à monter plutôt qu'au point de montage (ici /media/sdb2). 
ça peut avoir son importance en fonction du contenu de /etc/fstab



Le fichier /etc/fstab est correctement écrit, pas d'erreurs.


disons que c'est ce que tu penses mais que donner ici le contenu de 
/etc/fstab aurait permis de vérifier que ton impression est correcte :-)



Si vous avez une idée pour ouvrir directement la partition...



Si le disque est amovible, je suggère d'essayer (sous root) la commande 
/usr/bin/dmesg /_avant_/ et puis /_après_/ le branchement du disque. et 
de comparer les résultats. Le cas écheant, redirigez la sortie standard 
et faites un/usr/bin/diff



Si vous voulez une ouverture automatique au branchement d'un disque 
amovible, en principe ça se fait automatiquement.



Il pourrait être utile, une fois le disque branché et détecté comme 
/dev/sdb de lancer la commande /usr/sbin/fdisk -l /dev/sdb 
voire/usr/sbin/fdisk -x /dev/sdb


Avant de débrancher un disque, il est utile de lancer /usr/bin/sync

Variante: compiler, examiner, _améliorer_ et utiliser mon utilitaire 
https://github.com/bstarynk/misc-basile/blob/master/sync-periodically.c 



Pour reformatter un disque amovible (et donc y *perdre* /*toutes*/ *les 
données*) /usr/sbin/gparted /dev/sdb


Dans certains cas, il faut vérifier et réparer avec /usr/sbin/fsck ou 
/usr/sbin/e2fsck à utiliser avec la plus grande prudence après avoir lu 
la doc.



Un conseil important: un disque s'use, et si vous avez des données (ou 
du code) qui vous est cher ou précieux, sauvegardez les régulièrement 
(je suggère tous les jours travaillés).



La récupération des données sur un disque abimé ou défaillant coûte cher 
(millier d'€).


Bonne chance.

--
Basile Starynkevitch
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/

Re: partition appears to be mounted, but not according to umount or lsblk

[thyme after thyme]

Charles and tomas, you were both right in your guesses. Thanks a billion
for the help!

Re: Icônes de montage d'une partition ext4

[didier gaumet]

Le 19/01/2023 à 19:33, ajh-valmer a écrit :

Bonsoir,

Depuis des lustres sous KDE,


Euh... Trinity plutôt, non? Dans Debian 11, KDE c'est Plama5, alors que 
tu parles du fork KDE3 maintenu par Trinity. Le but de ma remarque n'est 
pas d'être désobligeant mais de poser le problème correctement sinon il 
y a risque de confusion entre des contextes différents (je ne suis pas 
l'actualité KDE mais je pense qu'entre KDE3 et KDE5 pas mal de choses 
ont changé)


 je place une icône sur le bureau pour

monter et ouvrir une partition ext4, ce qui est très pratique
et évite le mode console, p. ex. "mount /media/sdb2"


C'est pratique mais à mon sens si il s'agit d'un disque externe amovible 
c'est un doublon et un possible conflit avec l'environnement de bureau 
(Trinity) qui doit gérer automatiquement les volumes amovibles



Depuis le passage à Bullseye, la partition ne s'ouvre plus avec ce message :
"Impossible de monter le périphérique. L'erreur signalée est :
mount: /media/sdb2: /dev/sdb2 déjà monté sur /media/sdb2".


ça pourrait suggérer qu'effectivement Trinity monte automatiquement une 
partition à l'insertion d'un disque USB


Comme l'a suggéré Basile, une liste des systèmes de fichiers montés 
serait utile pour savoir ce qui se passe (un simple mount ou un cat 
/proc/mounts)



L'icône indique qu'elle n'est pas montée.
Impossible d'ouvrir la partition, elle n'est que montée.


Que veux-tu dire par "Impossible d'ouvrir la partition, elle n'est que 
montée."? Tu as l'air de suggérer qu'il faut une étape supplémentaire 
pour accéder à une partition (en fait un système de fichiers) en plus de 
la monter?



Je tape "umount /media/sdb2" pareil, même message
en cliquant sur l'icône.


essaie plutôt de te référer dans tes commandes au périphérique (ici 
/dev/sdb2) à monter plutôt qu'au point de montage (ici /media/sdb2). ça 
peut avoir son importance en fonction du contenu de /etc/fstab



Le fichier /etc/fstab est correctement écrit, pas d'erreurs.


disons que c'est ce que tu penses mais que donner ici le contenu de 
/etc/fstab aurait permis de vérifier que ton impression est correcte :-)



Si vous avez une idée pour ouvrir directement la partition...

Bonne soirée.

Re: reportbug: don't know: bug in apt [list] or in grep

[Michael]

another excellent example why your posts are almost always worth reading.

thank you! :)