On 10/16/15 08:06, Harald Dunkel wrote:
> Hi folks,
>
> Now I have to install a new iscsi target (using Jessie, hopefully).
> Which iscsi solution would you recommend?
>
PS: Here is what I found so far:
* iSCSI Enterprise Target (http://sourceforge.net/projects/iscsitarget/
Hi folks,
Some years ago I have setup an iscsi target using targetcli 2.0 on
Wheezy. Actually it works pretty well, but there were some serious
upgrade problems to 2.1 and 3.0, making targetcli go away for Jessie.
See #764005 and #751226. I lost confidence in a newer version.
Now I have to
Hi Reco,
On 10/16/15 08:17, Reco wrote:
>
> tgt works for me in Jessie. I would not call it that user-friendly, though.
>
Not bad. I have missed this one.
Searching for tgt I stumbled over istgt.
(http://shell.peach.ne.jp/aoyama/archives/3122).
Thanx very much
Harri
If you are using startx/xinit: Try installing xserver-xorg-legacy.
I had the same problem.
Good luck
Harri
Hi folks,
this morning I found "apt-get update" getting stuck due to an
unresponsive host:
# cat /etc/apt/sources.list
deb http://ftp.debian.org/debian sid main contrib non-free
deb-src http://ftp.debian.org/debian sid main contrib non-free
# apt-get update
Err:1
Hi folks,
Problem: Deploying a custom ssh authentication scheme common to
all Debian hosts in the lan appears to be apita, esp. since the
next openssh upgrade might put the default config files upside
down again.
What would you consider best practice to keep your ssh hosts (>300)
in sync wrt the
Hi folks,
https://www.debian.org/doc/debian-policy/ap-pkg-diversions.html says
"Do not attempt to divert a conffile, as dpkg does not handle it well."
So I wonder what would you suggest to override a conffile (e.g.
/etc/ssh/sshd_conf and /etc/ssh/ssh_conf) from another package
depending upon
Hi Andy,
On 02/02/17 11:17, Andy Smith wrote:
>
> Also through the use of override config files that are included into
> the main config file, you can avoid being prompted about changes to
> the main config file. For sshd the config directive is "Include".
>
Are you sure about this?
Hi Andy,
On 02/02/17 17:43, Andy Smith wrote:
> Hi Harald,
>
> On Thu, Feb 02, 2017 at 02:50:09PM +0100, Harald Dunkel wrote:
>>
>> Exactly. The central place in my case is a debian source package. It
>> provides binary meta-packages referencing other packages
On 02/23/2017 04:25 PM, Christian Seiler wrote:
>
> There's a policy which are going to be preferred. man 5 systemd.link
> tells you what the options are and /lib/systemd/network/99-default.link
> tells you what the default setting is (the first successful one is
> used).
Of course I stumbled
On 02/24/2017 10:10 AM, Harald Dunkel wrote:
>
> Now I got confused: Who is responsible for renaming the NIC names?
> Is this a systemd feature, is this the job of udev, or are the NICs
> renamed by the kernel very early at boot time? Shouldn't I get the
> same predictabl
On 02/16/2017 12:47 PM, Christian Seiler wrote:
>
> On a system with predictable names running? Or on a system
> pre-upgrade?
>
Its more "pre-installation". I boot a USB stick and run
my own installer (using debootstrap or creating a clone).
The NIC name is needed to setup
Hi folks,
I understand that the predictable nic names can be turned off
using
net.ifnames=0
on the kernel command line, but I wonder if there is a shell
script to actually predict the "enpYsZ" from the old style
"ethX" initially assigned by the kernel? Something like
%
Hi Don,
On 02/08/17 23:36, Don Armstrong wrote:
>
> If this is a private package which you are using to enforce your local
> configuration, just change the conffile in your postinst [possibly after
> checking that the conffile hasn't been modified.]
>
This can become pretty difficult,
Hi folks,
short question about /lib/systemd/system: AFAICS the config
files here are supposed to be overridden by local config files
in /etc/systemd/system, using the same path, as described in
systemd.unit(5)
How can I make sure that there is a conflict dialog at upgrade
time, if I have to
Hi folks,
how can I define a bridge in /etc/network/interfaces without
assigning it an IP address and netmask? It is supposed to
be IPv6 link-layer only.
Regards
Harri
On 12/29/2016 11:49 AM, Reco wrote:
>
> auto br0
> iface br0 inet6 auto
> bridge-ports ...
> bridge-maxwait 0
>
> Please note that you have to specify *something* in 'bridge-ports'
> stanza.
>
Thanx, I was too blind to see.
Regards
Harri
Hi Christian,
On 02/24/17 12:43, Christian Seiler wrote:
>
> udev will then rename the device once it encounters it.
>
> In newer udev versions, it will use some (but not all) settings from
> systemd.link files. The other settings are interpreted by
> systemd.networkd. (And if you don't use
On 03/05/17 21:29, Michael Biebl wrote:
>
> Keep in mind, that in most cases you don't need to override the package
> provided service file completely by making a full copy of it in
> /etc/systemd/system
>
> You can extend/override individual bits via drop-in files (e.g. adding
> additional
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/28/17 15:23, Dominique Dumont wrote:
>
> I don't understand why a change in /lib/systemd/system should trigger a
> conflict warning.
>
A unit file provided by the package maintainer might introduce new
dependencies, for example. Maybe an
Hi folks,
the Debian Policy Manual still talks about "run levels" and
"init.d scripts" on
https://www.debian.org/doc/debian-policy/ch-opersys.html#s-sysvinit .
No word about systemd and others.
What is the right way to restart a service from the postinst
script for Stretch and newer?
Reason
Hi folks,
I have the impression that sometimes invoke-rc.d fails to
restart services with children, e.g. zabbix-agent, sssd or
opensmtpd. The service and its children are stopped, but
not started again. Looking at "simple" services (without
children) there is no such problem.
It appears to be
Hi Dejan,
On Mon, 24 Jul 2017 09:43:30 +0200
Dejan Jocic <jode...@gmail.com> wrote:
> On 24-07-17, Harald Dunkel wrote:
> >
> > Apparently systemd ignores the restricted memory. How can I tell
> > systemd to keep the limits?
> >
> >
> > Every he
Hi folks,
I have to restrict memory.limit_in_bytes to 16GByte for my LXC
containers. Problem: The containers based on Stretch and systemd
show
% for i in $(find /sys/fs/cgroup/memory/lxc/lxc1 -name memory.limit_in_bytes);
do \
echo $i $(cat $i) \
done | column -t
Hi Christian,
On Sun, 6 Aug 2017 09:34:31 +0200
Christian Seiler wrote:
>
> For things that are only available on systemd (for example if you
> have split the service additionally for systemd, while sysvinit is
> still just a single script) you should use the code that is
>
Hi folks,
since kdm is not in anymore I wonder which display manager
to consider for Stretch?
No assumption about the desktop environment should be made.
The local Debian users are free to choose.
Of course I saw https://wiki.debian.org/DisplayManager, but
it appears to be out-of-date. And it
Hi folks,
after the upgrade of nvidia-graphics-drivers to version 390.59-1 bzflag seems
to use mesa instead of the nvidia libs. Running
dpkg-reconfigure glx-alternative-nvidia
doesn't help. Other games (e.g. tuxracer) are fine, so I wonder WTH? I haven't
found the problem yet.
Every
Hi folks,
I see a weird effect of pidofproc (defined in /lib/lsb/init-functions):
If there is no local daemon with a given search path running, then it
returns the PIDs the daemons running in the LXC containers. AFAICT this
affects the startup scripts of
apache2
opensmtpd
Hi Reco,
you mean this is a known issue???
Harri
Hi Reco,
On 02/14/18 14:55, Reco wrote:
True. There's one tiny bit though - try
pidof -o %PPID -x /usr/sbin/sshd
and watch it output several pids as well.
Yes, indeed. If pidofproc would rely upon the pidfile only, then
there is no reason to call pidof.
And you don't have to spawn yet
Hi Reco,
wrt "pgrep --ns 1 -f /usr/sbin/sshd":
The executable path simply doesn't tell if this is the right service
to stop. If I run 2 services in parallel (e.g. for different network
interfaces), then this approach is already broken. Sample:
# pgrep --ns 1 -f /usr/sbin/sshd
12602
# ps -ef |
Hi folks,
would you mind to take a look at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888743
The fix is pretty easy. Whats really bugging me is that nobody
dares to touch the complex code of lsb-base. IMHO this is a clear
indication that Debian lost the blessed path other Unixes
Hi Reco,
On 7/15/18 1:44 PM, Reco wrote:
Hi.
On Sun, Jul 15, 2018 at 12:16:20PM +0200, Harald Dunkel wrote:
Hi folks,
would you mind to take a look at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888743
The fix is pretty easy.
But does not address all the cornercases
On 7/16/18 10:45 AM, Jonathan Dowland wrote:
My suggestion is unless you are prepared to adopt and maintain lsb-base,
(as Didier has made clear he wants to orphan it), find an alternative
tool to achieve what you want.
I am already running my private lsb-base package for several months.
The
Hi folks,
is anybody maintaining lxc in Debian? I have the impression that
it has been orphaned. And I don't dare to hope for #768073 anymore.
Does everybody interested in virtualization use Ubuntu now?
Regards
Harri
On 7/10/18 12:36 PM, Jonathan Dowland wrote:
> On Fri, Jul 06, 2018 at 09:56:58AM +0200, Harald Dunkel wrote:
>> is anybody maintaining lxc in Debian? I have the impression that
>> it has been orphaned. And I don't dare to hope for #768073 anymore.
>
> Ah yes I'd fo
On 03/21/18 17:18, Greg Wooledge wrote:
On Wed, Mar 21, 2018 at 04:46:16PM +0100, Harald Dunkel wrote:
Its pretty painful to resolve config file conflicts in (lets say)
dovecot at upgrade time, putting EMail access for +200 users at risk.
I have to check in advance. Resolving config file
Hi folks,
How can I view the diffs between my local modified config file
(maybe modified 2 years ago) and the maintainer's config file
included in the currently installed package or in a pending
package upgrade? I would like to review my diffs, before running
"apt upgrade".
I am a big fan of
PS: Please note that there are 2 "branches" of config
file we work with:
- the "orig" config files included in the *.deb file
- the local config files active on the server
Both branches might change over time, so manually backing
up a config file to *.orig at first time modification
doesn't
On 03/21/18 12:44, The Wanderer wrote:
On 2018-03-21 at 04:13, Harald Dunkel wrote:
So... are you entirely sure that you even need to check it *before*
initiating the upgrade? The mid-upgrade prompt might be enough.
Yes, I am sure.
Its pretty painful to resolve config file conflicts
Hi folks,
apparently the new OpenSMTPD 6.4 depends upon libressl (see
https://www.opensmtpd.org/announces/release-6.4.0.txt), so
I wonder what will become of #754513? Is there a chance to
get libressl (optionally) into Buster? Is there a naming
conflict?
Every insightful comment is highly
On 11/1/18 4:16 PM, Reco wrote:
>
> It's rather a short release cycle and a lack of feature parity with
> openssl.
>
I don't see a short release cycle as a bad feature. Its a sign of
active and agile development.
Openssl has a bad reputation for introducing security problems,
partly due to its
On 11/3/18 4:42 PM, Reco wrote:
> Hi.
>
> On Sat, Nov 03, 2018 at 03:37:06PM +0100, Harald Dunkel wrote:
>>
>> I don't see a short release cycle as a bad feature. Its a sign of
>> active and agile development.
>
> And in Debian stable that also me
Hi Ansgar,
I highly appreciate your detailed response. I had not expected
that the keyserver is restricted to developer keys.
Thanx very much
Harri
Hi folks,
I am running a local mirror of the security.debian.org
repository for in-house use. It seems to be available for
Buster as well, except that there is an error message
ERROR: Condition '7638D0442B90D010' not fulfilled for
Hi folks,
how good is test coverage of proposed-updates? Its pretty unknown
(IMHO), so I wonder if there are numbers from the popularity
contest?
Regards
Harri
Hi folks,
how good is test coverage of proposed-updates? This repository
is pretty much unknown (IMHO), so I wonder if there are numbers
from the popularity contest?
Regards
Harri
Hi folks,
how good is test coverage of proposed-updates? This repository
is pretty much unknown (IMHO), so I wonder if there are numbers
from the popularity contest?
Regards
Harri
PS: Sorry for sending this thrice. I did not receive a copy
due to some misconfiguration.
Harri
Hi folks,
question about IPv6 support in sid: Whose job is it to bother
about the IPv6 addresses dynamically bound to eth0?
AFAIU the kernel sees the prefix delegation on eth0, sets the
old IPv6 address to "deprecated" and registers the new one. How
comes that avahi daemon and dhcpcd and
On 2020-01-13 10:52, john doe wrote:
What about 'systemctl disable gdm'?
Doesn't work, either.
"systemctl status gdm" claims that gdm is masked (or disabled),
but nevertheless it *is* started.
root@usbpc:~# systemctl status gdm
* gdm.service - GNOME Display Manager
Loaded: loaded
Hi folks,
what is the recommended procedure to disable gmd3 using
systemctl in Buster?
"systemctl mask gdm" does not work as advertised. The "masked"
seems to be ignored.
Every helpful hint is highly appreciated
Harri
On 2020-01-13 10:58, john doe wrote:
https://wiki.debian.org/GDM#systemd
PS: Changing the default target is not an option (but it
works, AFAICT).
Regards
Harri
Hi Andrei,
On 2020-01-13 23:40, Andrei POPESCU wrote:>
> Display Managers are handled a little bit different than "regular"
> services, since only one can run at a time (if you have several
> installed), but at least one should be running (to not leave a
> potentially inexperienced user in front
Hi folks,
according to https://tracker.debian.org/pkg/lxc lxc is in bad shape.
I would love to help. How can I help?
I already filed a patch for #966998, verified lxc 4.0.4 (#969229)
and (meaning no offense, but) #961584 looks like a home-made problem
to me. Anyway, lxc 4.0.4 is supposed to fix
Hi folks,
I've got a problem with upgrading a private package in Stretch. The control
file says:
Package: sample-lxc
Architecture: all
Depends: ${misc:Depends}
, cgmanager | systemd
, debootstrap
, lxc
,
On 8/5/20 6:29 PM, Sven Joachim wrote:
I am not sure I understand what you actually want to do, though.
I am maintaining a set of meta packages, referencing the packages
to install on my hosts. To avoid having separate meta packages for
each new Debian version I have to use conditional
Hi folks,
after booting my desktop PC this morning it seems that /dev/fd is
missing. This breaks dkms.
How comes? Which tool/package/service was supposed to create the
symlink for /dev/fd?
Every insightful comment is highly appreciated
Harri
On 8/5/20 11:03 AM, Sven Joachim wrote:
I am surprised to read that, considering that your installed lxc version
does not actually fulfill the dependency. Note the epoch.
$ dpkg --compare-versions 1:2.0.11-1~xgo90+1 lt 3 || echo 'Got it!'
Got it!
Maintaining the sample-lxc package I have
On 2020-07-27 11:17, Sven Hartge wrote:
Debian uses their own CA to sign this certificate, which is fine for
SMTP, which normally only uses opportunistic encryption.
But if the client SMTP-Server is set to *verify* the certificate, it
will fail.
Certificate verification is optional on my
Hi folks,
I've got a ssl handshake problem with bugs.debian.org on sending an EMail.
My mta (OpenBSD 6.7, i.e. libressl) in the office says in its logfile
:
Jul 27 10:23:37 gate5a smtpd[67056]: d4df9298d18e1596 mta connecting
address=smtp://209.87.16.39:25 host=buxtehude.debian.org
Jul 27
On 2020-07-27 13:49, Sven Hartge wrote:
Does your MTA present a client certificate? Maybe buxtehude does not
like that?
Yes, it has a certificate. Whether buxtehude likes it I cannot say,
but it looks OK to me. Its a wildcard certificate, though:
Certificate:
Data:
Version: 3
Hi folks,
how comes there is not Tora for Bullseye?
Regards
Harri
Hi folks,
On 2/19/21 2:47 PM, Harald Dunkel wrote:
I already cleared the cache of apt-cacher-ng, but the problem comes back.
What would you suggest how to proceed?
Mystery solved: apt-cacher-ng used /var/cache/apt-cacher-ng instead
of /export/cache/apt-cacher-ng I had configured some time
Hi folks,
aptitude shows
E: Failed to fetch
http://deb.debian.org/debian/pool/main/s/spectre-meltdown-checker/spectre-meltdown-checker_0.42-1_all.deb:
Hash Sum mismatch
Hashes of expected file:
- SHA256:a5b777497c860a51ce1f1fd888f727531ea60be625ffe6787aebf12823177e2f
-
After the most recent update of a host running sid there was a
password change dialog:
You are required to change your password immediately (administrator enforced).
You are required to change your password immediately (administrator enforced).
That would be me, but I cannot remember having set
Hi folks,
how comes ifupdown is dropped at upgrade time to bullseye, leaving the
(headless) system without network connection while the upgrade is not completed
yet, and breaking network on the next reboot?
Regards
Harri
On 8/17/21 21:55, Sven Joachim wrote:
On 2021-08-17 19:59 +0200, Harald Dunkel wrote:
How can I make sure I don't have to change passwords on 400+ hosts?
Do not run sid on 400+ hosts. Do not run testing either, especially in
the first months after a release.
Of course not. But sid
On 9/3/21 11:40, Erwan David wrote:
I would do this the other way (but not eay tpo migrate) : add your users
in another directory (/srv/home or something else) where you mpount your
remote home directory, and keep system using /home.
I agree, but unfortunately this is not an option.
On 9/3/21 13:57, Roberto C. Sánchez wrote:
That sounds like potentially buggy behavior. Can you give a specific
example?
ntp (Debian)
sane (Debian)
gitlab-runner (not Debian)
zabbix-agent (not Debian)
Apparently the postinst scripts of ntp and sane have been
Hi folks,
how can I tell the debhelper scripts to not install home directories
for system services in /home (managed on a remote host in my environment),
but to use /var/lib instead?
I know I can block dpkg using apparmor, but this would break many
postinst scripts, at least for 3rd-party
Hi folks,
trying to build git 2.34.0-1 for bullseye I get 2 segfaults (see #991214).
Apparently they pop up during the built-in tests, so I wonder if this is a
FTBFS? If this is nothing to worry about, how comes that these segfaults
are not caught like the others?
Regards
Harri
Hi folks,
apparently it takes about 10 minutes between filing a bug report (no
attachments) and sending the confirmation EMail. Thats quite a long
time. Imagine you have to forward Debian's bug number to your own
in-house BTS.
There are about 10^6 bug reports in Debian's BTS. Maybe 1% is
Hi folks,
apparently /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt expired last
year:
% openssl x509 -in /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt -noout
-dates
notBefore=Sep 30 21:12:19 2000 GMT
notAfter=Sep 30 14:01:15 2021 GMT
I wonder why it is still included in
On 2022-06-14 01:48:16, David Wright wrote:
Perhaps calling the new interface naming scheme "predictable" is
somewhat overselling it, but "persistent" (a better choice IMHO)
was already in use, both in the way quoted above, and as one of
the choices for MAC address generation.
The changed
Hi folks,
I do not like my cron jobs in /etc/cron.daily being ignored or
delayed for some obfuscated reasons, so I wonder what is the
recommended alternative to anacron with propper logging by
default? Will systemd take care?
Regards
Harri
Hi folks,
after the upgrade to Debian 11 some network interfaces in my
Dell R740 got renamed. Before:
# lshw -class network -short
H/W path Device Class Description
/0/2/0eno1network
If I have to hardwire the interface names to their Mac address as you
suggested, then I don't see a significant difference to the old-style
/etc/udev/rules.d/70-persistent-net.rules we had till Debian 10, except
that the former was auto-generated and easier to modify.
Regards
Harri
Hi folks,
what is Debian's policy wrt bugs reported for a package in Stable (e.g.
some daemon eating up 100% CPU)? Looking at the "Closes:" feature for
debian/changelog I have the impression that a fix in Unstable is seen
to be sufficient "to get rid" of the bug report.
Surely "Closes:" is very
Hi folks,
Would it be possible to ignore the micro version number of
python 3.9 and get 3.9.12 for Bullseye?
Hiding 3.9.12 in Bookworm is useless. I doubt that the users
running Testing or Sid are scared of python 3.10.
Regards
Harri
Hi BM
if your VPN is IPsec, then you might want to examine charon's output via
journalctl. Probably openvpn, wireguard and others can be found there, too.
Another thing to try is to establish the VPN connection using nmcli in a
terminal window, e.g.
nmcli con up "VPN name"
Maybe you
Hi folks,
I wonder why openexr-viewers hasn't made it into Bookworm, yet?
The bug tracker mentions just an ancient SIGSEGV (opened in 2010).
?
https://packages.debian.org/source/sid/openexr-viewers
Regards
Harri
Hi folks,
AFAIU apache2 2.4.56-1 has been included in Bullseye to mitigate
CVE-2023-27522 and CVE-2023-25690 (both some mod_proxy issue
with high severity). Good thing.
Unfortunately this introduced 2 regressions for mod_rewrite and
http2, see
On 2023-04-03 14:49:16, Vincent Lefevre wrote:
What about apache2 2.4.56-2?
This version is not in Bullseye. Only 2.4.56-1, introducing
the regressions.
Found it, it doesn't build (#1017547). Its been filed against the
source package.
Regards
Harri
Hi Tim,
On 2023-07-04 19:35:35, Tim Woodall wrote:
On Tue, 4 Jul 2023, Harald Dunkel wrote:
I'm not exactly clear what you're doing but I guess you're creating a
package that provides the config file?
Yes, together with other things (other config files, package depen-
dencies, etc
On 2023-07-04 14:36:19, Charles Curley wrote:
No. All changes the local administrator makes should go under
/etc/systemd because you risk updates over-writing things in
/lib/systemd and elsewhere.
As for dh_installsystemd, the first paragraph of the man page for it
says,
Hi folks,
what is the recommended way to override logrotate.timer from a
metapackage to get hourly logfile rotation (depending on size
and age of the logfile, as usual)?
I had added
etc/systemd/system/logrotate.timer.d/hourly.conf
to the package install file, but at upgrade time it
Hi folks,
which dput/method would you suggest for uploading packages to
a private repo via ssh? By now I tried
- dput/rsyncfails to upload files in a reproducible sequence,
breaking inoticoming on the receiver side
- dput/scp "permission denied", ssh_config_options
Hi folks,
Looking at a set of installed binary packages built from the same source
package, I would like to keep the version numbers consistent. There might
be exceptions, but in general you won't like to mix unstable and experimental
binary packages from the nvidia-graphics-drivers, for
On 2023-12-06 15:55:58, Michael Kjörling wrote:
Which ones?
ftp.de.debian.org
ftp2.de.debian.org
deb.debian.org
That package is in the non-free-firmware component; are you bringing
that in?
https://packages.debian.org/bookworm/firmware-nvidia-gsp
There is still the old version
Hi folks,
I have tried to upgrade to 12.3, but apparently the dependencies
of the new nvidia-kernel-dkms version cannot be fulfilled.
firmware-nvidia-gsp (= 525.147.05) is missing. I tried several
repositories.
Hopefully I am not too blind to find the bug report (the new
version fixes a CVE, ie
Hi folks,
apparently the jessie archive repository is still alive, but if I try to
update the package list there is an error message
W: GPG error: http://archive.debian.org/debian jessie Release: The
following signatures couldn't be verified because the public key is
not
On 2023-12-06 17:20:16, Sven Joachim wrote:
Maintainer uploads to (old)stable are staged in proposed-updates, so you
would have to enable bookworm-proposed-updates to install the new
version of firmware-nvidia-gsp.
I missed the non-free-firmware for bookworm-updates and
Hi folks,
is it just me, or is https://packages.debian.org/ down? I had a
similar problem yesterday morning.
Regards
Harri
Hi folks,
the repositories listed on https://www.debian.org/distrib/archive have
been signed using expired keys. Unfortunately this page doesn't deal
with this problem.
Do you think this could be improved?
Regards
Harri
96 matches
Mail list logo