Re: The possibility of SELinux targeted policy in the default install
On Thu, Sep 14, 2006 at 11:54:34PM +0200, Erich Schubert wrote: Hi Manoj, Russell, Debian-Boot, Thinking some more about it, I have large doubts that we'll have a somewhat working SELinux out of the box with etch. There is still quite some stuff we would need to do some auto setup magic (or at least convince the maintainers). For example both /etc/pam.d/login and /etc/pam.d/ssh need to be modified. The modification in ssh is in, just needs to be uncommented. I think Uwe just contacted the shadow maintainers about the login change. Could you remind me why this module is specific to /etc/pam.d/ssh and /etc/pam.d/login, rather than something that should be enabled in the global config? Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#387470: debian-installer: needs an possibility to load a full font for g-i
level1-5 haven't enough characters because tasksel calls more packages include debconf templates. Indeed, packages installed by tasksel should be listed in level4. However, we did put here the packages that prompt at high priority AND are installed for ANY languages when selecting one of the tasksel tasks. We could maybe add yet another level for packages that: Category 1: -are installed by one of the tasksel tasks -use debconf (but only medium or low priority) Category 2: -are installed by one of the language tasks -use debconf for input These would make a new level (or two new levels) with Category 2 being indeed language dependent (a concept we don't have yet). This *also* should be a post-etch planned change for the D-I i18n infrastructure. These new levels should be listed as level 5 for Category 1, thus moving the current level 5 to level 6. The language-dependent level is mor etricky as, obviously there is no point in translating to French the templates of a package that's installed only with the Japanese task, for instance. With all this, *then* the glyphs used in all levels would make a good subset of the needed glyphs. signature.asc Description: Digital signature
Re: The possibility of SELinux targeted policy in the default install
Quoting Steve Langasek ([EMAIL PROTECTED]): On Thu, Sep 14, 2006 at 11:54:34PM +0200, Erich Schubert wrote: Hi Manoj, Russell, Debian-Boot, Thinking some more about it, I have large doubts that we'll have a somewhat working SELinux out of the box with etch. There is still quite some stuff we would need to do some auto setup magic (or at least convince the maintainers). For example both /etc/pam.d/login and /etc/pam.d/ssh need to be modified. The modification in ssh is in, just needs to be uncommented. I think Uwe just contacted the shadow maintainers about the login change. Could you remind me why this module is specific to /etc/pam.d/ssh and /etc/pam.d/login, rather than something that should be enabled in the global The same question has been asked in #387480 (adding pam_selinux for login), indeed.. signature.asc Description: Digital signature
Re: partman-auto menu reorg and default item
On Fri, September 15, 2006 6:07, Frans Pop said: - It seems like the menu has only been split into two levels for LVM and not for regular partitioning. IMO this is inconsistent. My first round of patches split the regular partitioning into two levels as well. After discussions on IRC, Colin and Joey suggested that I should do it the way it is now...I could change it to two levels for all methods if you want me to? - The device selection dialog is currently also shown when there is only one disk. I suggest leaving it like that for now so that users at least see how many disks have been detected and which one they are selecting. That was indeed intentional as it gives a clear indication which disk is going to be partitioned... - The dialog for removal of existing LVM volumes is also shown when doing regular partitioning (which seems correct), but is somewhat confusing in that case because it says The selected device _already_ contains The already does not make sense when you are not partitioning using LVM. Sure, I can remove the already from the template -- David Härdeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: partman-auto-crypto - round2 :)
On Fri, September 15, 2006 4:45, Frans Pop said: I'd suggest just uploading at standard prio. We can always keep the udeb in unstable if any serious issues are found. Good :) Talking about priorities, have the priorities of other crypto udebs been adjusted already for the only load when needed change? Could you please check and provide a list of udebs that still need changing? Max sent a mail to ftp-masters asking for the priority of partman-crypto-dm and partman-crypto-loop to be lowered to optional. As far as I know it hasn't been done yet. On the other hand, I guess it should be filed as a bug against ftp.debian.org instead...Max? -- David Härdeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: partman-auto menu reorg and default item
On Friday 15 September 2006 09:05, David Härdeman wrote: On Fri, September 15, 2006 6:07, Frans Pop said: - It seems like the menu has only been split into two levels for LVM and not for regular partitioning. IMO this is inconsistent. My first round of patches split the regular partitioning into two levels as well. After discussions on IRC, Colin and Joey suggested that I should do it the way it is now...I could change it to two levels for all methods if you want me to? Can someone update me on that discussion? pgpwKAKOz56v3.pgp Description: PGP signature
Re: powerpc d-i daily ISOs are back but broken. (was: one week out of date. )
On Thursday 14 September 2006 08:41, Sven Luther wrote: /me wonders who is in charge of this breakage right now ? Well, at first glance it seems to me that this could be caused by the change from cramfs to initramfs for which _you_ proposed the patches, so I would normally guess _you_ to deal with the fallout. But that is probably just me blaming the mighty Sven Luther again... Colin will look into it. Seems like a change in debian-cd is required to make things work again. pgpGmoN6ARO27.pgp Description: PGP signature
Re: powerpc d-i daily ISOs are back but broken. (was: one week out of date. )
On Wed, Sep 13, 2006 at 09:44:02PM -0400, Rick Thomas wrote: On Sep 12, 2006, at 3:06 AM, Rick Thomas wrote: The files in http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/ powerpc/iso-cd/ date from September 4th. Just incase nobody's noticed... Well... Now the files there are from September 13th, but the businesscard ISO fails with messages: Freeing unused kernel memory: 176k init /init: exec: 23: /linuxrc: not found Kernel panic - not syncing: Attempted to kill init! 0Rebooting in 180 seconds... Maybe something wrong with the initrd? Or the new 2.6.17 kernel? Actually it was a debian-cd bug. Should be fixed now, thanks (and thanks to Frans for noticing the problem after I'd given up in puzzlement upon finding no relevant mentions of linuxrc anywhere in d-i ...). Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: New cdebconf facility allowing simpler translated choices
On Thu, Sep 14, 2006 at 07:52:35AM +0200, Denis Barbier wrote:
On Mon, Sep 11, 2006 at 06:39:41PM +0100, Colin Watson wrote:
I've added this feature to cdebconf in trunk:
* Allow Choices-C to be listed separately from Choices (etc.) in templates
files. This lets you say Choices: ${CHOICES-TRANS} and Choices-C:
${CHOICES} to substitute reliably into translated and untranslated
templates without having to ensure that ${CHOICES-TRANS} is translated
to the same thing in every language.
This is really great, but I find that the -C suffix is confusing, because this
is not what is displayed in a C locale. Could it be replaced by -internal?
It probably should be what is displayed in a C locale, at least in the
installer. I think that's a bug. Do you agree?
-C is already exposed in the METAGET interface (with the same meaning)
and used by production code, so I think this may be rather difficult to
change without suffering inconsistency. I suppose -internal could be
made an alias ...
--
Colin Watson [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: The possibility of SELinux targeted policy in the default install
Hello Steve, Could you remind me why this module is specific to /etc/pam.d/ssh and /etc/pam.d/login, rather than something that should be enabled in the global config? AFAIK it's because login and ssh are interactive sessions. These might be using different contexts (e.g. sysadm_r, staff_r, user_r), whereas when logging into the imap server this differentiation is not necessary. (well, I could imagine we would need it in courier and dovecot when storing the mail in the users home folder?) We definitely need some selinux wizard for that. best regards, Erich Schubert -- erich@(vitavonni.de|debian.org)--GPG Key ID: 4B3A135C(o_ Which is worse: ignorance or apathy? Who knows? Who cares? //\ Denken ist oft schwerer, als man denkt. V_/_ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: The possibility of SELinux targeted policy in the default install
On Thu, Sep 14, 2006 at 08:49:08PM -0300, Otavio Salvador wrote: Doing that allow us, in grub-installer, check if it's going to be installed and hack menu.lst by default. It is not done if grub supports it, each of them needs to do it. Bastian -- Death, when unnecessary, is a tragic thing. -- Flint, Requiem for Methuselah, stardate 5843.7 signature.asc Description: Digital signature
Re: The possibility of SELinux targeted policy in the default install
On Fri, Sep 15, 2006 at 10:59:07AM +0200, Erich Schubert wrote: Hello Steve, Could you remind me why this module is specific to /etc/pam.d/ssh and /etc/pam.d/login, rather than something that should be enabled in the global config? AFAIK it's because login and ssh are interactive sessions. These might be using different contexts (e.g. sysadm_r, staff_r, user_r), whereas when logging into the imap server this differentiation is not necessary. (well, I could imagine we would need it in courier and dovecot when storing the mail in the users home folder?) We definitely need some selinux wizard for that. Ok. What about cron, su, *dm, sudo, samba, ftp servers...? All of these processes change uids as well after authentication, do they also need selinux support? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: New cdebconf facility allowing simpler translated choices
On Friday 15 September 2006 10:56, Colin Watson wrote: It probably should be what is displayed in a C locale, at least in the installer. I think that's a bug. Do you agree? Hmm. If we are going to put codes or to quote you: identifiers that are convenient for use in code in choices-C then I would prefer to have the English translation displayed if the locale is C (provided of course that LANG=en). Is that indeed what happens currently? pgpWZ2RxD9WEE.pgp Description: PGP signature
Re: powerpc d-i daily ISOs are back but broken. (was: one week out of date. )
On Fri, Sep 15, 2006 at 10:52:19AM +0200, Frans Pop wrote: On Thursday 14 September 2006 08:41, Sven Luther wrote: /me wonders who is in charge of this breakage right now ? Well, at first glance it seems to me that this could be caused by the change from cramfs to initramfs for which _you_ proposed the patches, so I would normally guess _you_ to deal with the fallout. No, i am asking who is in charge of seeing about the health of the powerpc port, not particular details. Colin seems in charge of the powerpc kernel .udebs, and Wouter of the buildd administration, but you still have not found someone who does the whole stuff, right ? It was an honest question, why do you respond so agressively ? Maybe because you threw me out in a hurry, promising our users that everything would be fine, and we have seen many breakage since then ? As for the initramfs changes, it was indeed a breakage that happened something like 2 or more weeks ago while you where partitioning, and i gave my input when Wouter discovered the issue, and JoeyH then said he would fix it, and i let him do it, but there was another issue, and i gave my input to Wouter, who i believe did fix it. But that is probably just me blaming the mighty Sven Luther again... Indeed it is, like you well know, it is not at all a constructive comment, it doens't take into account what really happened while you where vacationing, and issues are not as white-and-black as you paint them, but then you can hardly blame JoeyH, right ? and if you started blaming Wouter ... Colin will look into it. Seems like a change in debian-cd is required to make things work again. Possibly, thanks Colin for that, but this doesn't solve the long time issue. Would it be possible in some way to feed the build log failures of the whole stuff (debian-cd builds, actual image builds, maybe floppy size excesses) into a common mailing list address (d-i-powerpc-porters or something such at the d-i alioth project), where the de-facto team of me, Wouter and Colin, and whoever else would care about it, can be more reactive to breakage of this kind. I know, there is a random assortment of web pages and logs in Wouter's inbox, but as someone arguing against holding discussions on blogs over mailing list should know, having to daily check a couple of web pages, which will usually be fine, is no good way to have a good response time to breakage of this kind ? Why is that so difficult to grasp ? Still hurting, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: powerpc d-i daily ISOs are back but broken. (was: one week out of date. )
On Fri, Sep 15, 2006 at 10:52:19AM +0200, Frans Pop wrote: On Thursday 14 September 2006 08:41, Sven Luther wrote: /me wonders who is in charge of this breakage right now ? Well, at first glance it seems to me that this could be caused by the change from cramfs to initramfs for which _you_ proposed the patches, so I would normally guess _you_ to deal with the fallout. But that is probably just me blaming the mighty Sven Luther again... Actually, the changes in debian-cd fixed by Colin involve the removal of /linuxrc and devfs=mount,dall, and are totally unrelated to the cramfs to initramfs change, which joeyh actually fixed by changing the floppies to ext2, which caused the size problem, both issues which where fixed by joey, wouter and me, while you where vacationing around. So, stop being childish, and try to at least show some hint of trying to solve this now months-overdue dispute. If you can't do that, well, there is no hope in you, but i have done all which was asked of me, and the ball is now in your camp. Still Hurt, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
/sys/class/net/lo missing, no lo interface
I'm not sure where to report this problem. Please advise. I've tried a daily snapshot from http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/i386/iso-cd/debian-testing-i386-netinst.iso, downloaded on 2006-09-13. Installation went fine, but after reboot, the network startup fails somehow and the box comes up with no network interface, the output from the ifconfig command is empty. When I try to manually startup the networking, I get # /etc/init.d/networking start Configuring network interfaces...SIOCSIFADDR: No such device lo: ERROR while getting interface flags: No such device lo: ERROR while getting interface flags: No such device Failed to bring up lo. done. This command does bring up the eth0 interface but not the lo interface. I can access the machine via the network. What I find interesting is this command: # find /sys | grep /net/lo /sys/class/net/lo_temp_temp /sys/class/net/lo_temp_temp/statistics /sys/class/net/lo_temp_temp/statistics/tx_compressed /sys/class/net/lo_temp_temp/statistics/rx_compressed /sys/class/net/lo_temp_temp/statistics/tx_window_errors /sys/class/net/lo_temp_temp/statistics/tx_heartbeat_errors /sys/class/net/lo_temp_temp/statistics/tx_fifo_errors /sys/class/net/lo_temp_temp/statistics/tx_carrier_errors /sys/class/net/lo_temp_temp/statistics/tx_aborted_errors /sys/class/net/lo_temp_temp/statistics/rx_missed_errors /sys/class/net/lo_temp_temp/statistics/rx_fifo_errors /sys/class/net/lo_temp_temp/statistics/rx_frame_errors /sys/class/net/lo_temp_temp/statistics/rx_crc_errors /sys/class/net/lo_temp_temp/statistics/rx_over_errors /sys/class/net/lo_temp_temp/statistics/rx_length_errors /sys/class/net/lo_temp_temp/statistics/collisions /sys/class/net/lo_temp_temp/statistics/multicast /sys/class/net/lo_temp_temp/statistics/tx_dropped /sys/class/net/lo_temp_temp/statistics/rx_dropped /sys/class/net/lo_temp_temp/statistics/tx_errors /sys/class/net/lo_temp_temp/statistics/rx_errors /sys/class/net/lo_temp_temp/statistics/tx_bytes /sys/class/net/lo_temp_temp/statistics/rx_bytes /sys/class/net/lo_temp_temp/statistics/tx_packets /sys/class/net/lo_temp_temp/statistics/rx_packets /sys/class/net/lo_temp_temp/weight /sys/class/net/lo_temp_temp/tx_queue_len /sys/class/net/lo_temp_temp/flags /sys/class/net/lo_temp_temp/mtu /sys/class/net/lo_temp_temp/carrier /sys/class/net/lo_temp_temp/broadcast /sys/class/net/lo_temp_temp/address /sys/class/net/lo_temp_temp/type /sys/class/net/lo_temp_temp/features /sys/class/net/lo_temp_temp/ifindex /sys/class/net/lo_temp_temp/iflink /sys/class/net/lo_temp_temp/addr_len /sys/class/net/lo_temp_temp/uevent If I google for lo_temp_temp, I get no hit. Any advice what to do? -- andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: /sys/class/net/lo missing, no lo interface
Installation went fine, but after reboot, the network startup fails somehow and the box comes up with no network interface, the output from the ifconfig command is empty. Please try updating the package udev to the version currently in unstable. Cheers, FJP pgpG1PH3G1Rh2.pgp Description: PGP signature
Bug#383611: choose-mirror
On 9/13/06, Frans Pop [EMAIL PROTECTED] wrote: On Thursday 24 August 2006 11:19, Tuncer Ayaz wrote: - start installer in expert mode - when asked for Installer Components to load select choose-mirror There should not be any need to load it manually. It will be loaded automatically whenever it is needed and run at the appropriate time. yup, of course. I loaded it as I thought I'd need it and was surprised to see it appear twice because of me loading it manually and d-i loading the module automatically anyway. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383611: choose-mirror
On Friday 15 September 2006 13:10, Tuncer Ayaz wrote: yup, of course. I loaded it as I thought I'd need it and was surprised to see it appear twice because of me loading it manually and d-i loading the module automatically anyway. Well, it is not really the same module as it is called in two completely different places in the installation process (though the main code is shared of course). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Character set mixup in tasksel_po_fi.po and iso-codes_iso_3166.po
The two files mentioned in subject have non-ASCII characters messed up. It seems to me they are not in any valid encoding. I could not get them fixed with recode. The file iso-codes_iso_3166.po was OK in revision 608, but I did not check in which revision exactly the erroneous encoding creeps in. Is there a way in svn to see an individual file in arbitrary revision without checking out the whole source tree each time? -- Tapio Lehtonen [EMAIL PROTECTED] http://www.iki.fi/tapio.lehtonen signature.asc Description: Digital signature
Bug#387615: Debian Testing AMD64 on dell 1950 sas controller not found
Package: installation-reports Boot method: Boot with netinst CD Image version: http://cdimage.debian.org/cdimage/daily-builds/etch_d-i/20060914/amd64/iso-cd/debian-testing-amd64-netinst.iso Date: 20060914 Machine: Dell 1950 Processor: Dual Xeon 3 GHZ 1133 MHZ Memory: 8 GB Partitions: During installation /dev/scsi/host2/bus2/target0/lun0/part1 67062200 262240 63393380 0% /target Output of lspci and lspci -n: Base System Installation Checklist: [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it Initial boot worked:[O] Configure network HW: [O] Config network: [E] Detect CD: [O] Load installer modules: [O] Detect hard drives: [O] Partition hard drives: [O] Create file systems:[O] Mount partitions: [O] Install base system:[O] Install boot loader:[O] Reboot: [E] Comments/Problems: Config network: Interface has set ip but is not pingable, maybe a problem of my local router, does not matter this time. Reboot: When the System is bootet after install the Message: sd 1:0:0:0: Attached scsi removeable disk sda than after a while Done. ALERT! /dev/sdb6 does not exist. Dropping of a shell! (initramfs) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383611: choose-mirror
On 9/15/06, Frans Pop [EMAIL PROTECTED] wrote: On Friday 15 September 2006 13:10, Tuncer Ayaz wrote: yup, of course. I loaded it as I thought I'd need it and was surprised to see it appear twice because of me loading it manually and d-i loading the module automatically anyway. Well, it is not really the same module as it is called in two completely different places in the installation process (though the main code is shared of course). Ah, this is why d-i does not detect it. As it only happens in 'expert' mode it's ok to have-to-know what will happen if you select the module but confusing the first time to someone else. I can live with it as d-i is excellent in other ways compared to Anaconda for example. My actual wishlist-item is supporting ftp:// access to network repos. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Character set mixup in tasksel_po_fi.po and iso-codes_iso_3166.po
is there a way in svn to see an individual file in arbitrary revision
without checking out the whole source tree each time?
svn cat -r $revnum ${SVNPATH}/${FILENAME} arbitrary_name
regards,
Davide
Naviga e telefona senza limiti con Tiscali
Scopri le promozioni Tiscali adsl: navighi e telefoni senza canone Telecom
http://abbonati.tiscali.it/adsl/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: /sys/class/net/lo missing, no lo interface
[EMAIL PROTECTED] wrote: Installation went fine, but after reboot, the network startup fails somehow and the box comes up with no network interface, the output from the ifconfig command is empty. Please try updating the package udev to the version currently in unstable. *And* then delete /etc/udev/rules.d/z25_persistent-net.rules because it probably contains bogus entries. -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Please add commented pam_selinux line
Hi,
This pam_selinux that any user logging in has the proper
security ID and the process created runs in the proper default
security context. Also the controlling tty will have it's security
context modified to match the users. This makes sense only for humans
logging in, so /etc/pam.d/{login,ssh} are the places where it is
required.
Daemons such as cron, proftpd, gdm etc already runs in the
proper security context, for example, and should not be reset to the
default security context of the user it is running as, so
common-account, common-session, or common-password are not
appropriate.
For people interested in the gory details, on
pam_open_session, pam_selinux sets the exec context for the process
to the appropriate context for the user, so that any subsequently
executed programs will transition into that context. On
pam_close_session, pam_selinux restores the exec context to its
original value, so any subsequently executed programs will revert to
the prior behavior.
As an aside, the placement of the line does matter when you
are running SELinux; the principal concern being the impact on helper
programs executed by other pam session modules invoked after
pam_selinux when opening a session, and the impact on helper programs
executed by other pam session modules invoked before pam_selinux when
closing a session, as any such helper programs will end up in the
user's context.
I usually append the line to the files in my machines (it is
simpler to do so using a shell script and the indirection operator
), so I know that works. (How many pam session modules use helper
programs at closing, anyway? I don't seem to have noticed any AVC
denials in my runs)
Perhaps we could have the following appended to the end of the
files /pam.d/{login,ssh}:
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context.
# Uncomment the following line to enable SELinux
# session required pam_selinux.so multiple
thanks
manoj
--
I believe I found the missing link between animal and civilized
man. It is us. -- Konrad Lorenz
Manoj Srivastava [EMAIL PROTECTED]http://www.golden-gryphon.com/
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: /sys/class/net/lo missing, no lo interface
On Fri, 15 Sep 2006 17:46:12 +0200 (CEST), Marco d'Itri [EMAIL PROTECTED] said: [EMAIL PROTECTED] wrote: Installation went fine, but after reboot, the network startup fails somehow and the box comes up with no network interface, the output from the ifconfig command is empty. Please try updating the package udev to the version currently in unstable. *And* then delete /etc/udev/rules.d/z25_persistent-net.rules because it probably contains bogus entries. Thanks, I was cautious and did in addition to the above advices also an 'update-initramfs -u' before the reboot and I got an apparently working lo interface. The interfaces file had auto lo but there was no line as auto eth0 So I added that and after the next reboot I got also a working eth0. Thank you very much! -- andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: powerpc d-i daily ISOs are back but broken. (was: one week out of date. )
On Sep 15, 2006, at 4:53 AM, Colin Watson wrote: On Wed, Sep 13, 2006 at 09:44:02PM -0400, Rick Thomas wrote: 0Rebooting in 180 seconds... Maybe something wrong with the initrd? Or the new 2.6.17 kernel? Actually it was a debian-cd bug. Should be fixed now, thanks Thanks! When should I expect to be able to burn a working businesscard (or netinst) CD? Rick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: powerpc d-i daily ISOs are back but broken. (was: one week out of date. )
On Friday 15 September 2006 19:02, Rick Thomas wrote: When should I expect to be able to burn a working businesscard (or netinst) CD? The CD build starting in about 4 hours should have the changes. Not sure if it will be working :-) pgpHzurnM7Mzw.pgp Description: PGP signature
Re: partman-auto menu reorg and default item
Frans Pop wrote: Can someone update me on that discussion? Alphix joeyh: sorry for nagging youbutfeedback on the partman-auto menu reorg? joeyh I'll try to look at it, but I'm not very good at determining partman's behavior from reading its code Kamion Alphix: is there a bug number? I'm interested Alphix one moment Alphix #384527 Kamion Alphix: https://wiki.ubuntu.com/UbuntuExpress/PartitioningTool may be interesting - I always wanted to implement that layout in partman, but never got round to it Kamion basic idea was choose a disk first, and then choose what to do to it Alphix Kamion: you already know which layout I'm talking about? :) Kamion Alphix: Fabio did some of this sort of thing in Ubuntu's partman-auto - I don't really like the way it's laid out internally though Kamion yours looks better at a first glance Alphix coolreviews are welcomethe layout reorg is currently what's blocking partman-auto-crypto Kamion use [ $method ] [ $disks ] rather than [ -n $method -a -n $disks ] Alphix the reorg would also allow multi-disk auto-partitioning schemes in the future Kamion test(1)'s -a and -o operators are evil and nonintuitive Alphix evil? Kamion the specification for test's behaviour is Kamion much more complicated than you might expect Kamion it's best to keep it simple and use shell operators to do (con|dis)junctions Alphix okey joeyh it's also more portable.. Kamion Alphix: personally, I'd ask for the disk first Alphix it does Kamion oh Alphix no it doesn't :) Alphix sorry Kamion see joeyh's comment above ;) Kamion hmm, I guess that might not interact too well with multiple disks Kamion er, multi-disk partitioning Alphix we need to ask method first cause we don't know if random method supports multiple disks Kamion right, I see what you mean - none of them offer multiselects though [EMAIL PROTECTED] ACTION still feels that asking method first will piss a lot of users off Alphix Kamion: nope, not yet Kamion method first is problematic for certain things Alphix joeyh: why? joeyh at least I am not a big RPN fan :-) Alphix RPN? Kamion so in Ubuntu (I never got round to merging it and it's not obvious how right it is just now), we have an auto-resize method Alphix Kamion: problematic for which things? joeyh reverse polish notation Kamion given a disk, this figures out whether it's possible to shrink a partition enough that you can install into the free space created by doing so Kamion trying to decide up-front whether you can do that for multiple disks seems harder Alphix Kamion: I think I've seen this when installing Ubuntu on my gf's laptop.but the auto-resize doesn't *have* to support multiple disks Kamion that's true, but the UI gets nasty if other methods do and it doesn't Alphix Many methods will just support onebut some, like lvm or crypto/lvm will support several (after Etch) Kamion I suppose it might work actually Kamion you could select auto-resize and then it would offer the disks it can manage to do auto-resizing on Kamion or none if none of them would work Alphix Kamion: not really...you'll get a multiselect debconf dialogue or a select dialogue depending on the method Alphix And the methods are supposed to check if they can be run at all before they add themselves to the first menu Kamion yeah, I guess that's doable Alphix Additionally, if only one disk is available, the second screen should be skipped altogether and immediately go to a confirmation screen Kamion I'm trying to get my head into a mode where I can think about joeyh's point Alphix joeyh: I don't feel that method first, disk later is reverse..it goes along the line of.I want to do a METHOD install to DISK pleasei.e. method first :) Kamion I think it might be OK if you gave a description up-front of e.g. how big each of the disks is Kamion to help the user get their bearings? Alphix in the second menu you mean? joeyh well, consider if you've never used d-i before, you have data you want to keep on /dev/sde, a couple of other partitionable disks, and the first thing it asks you in partitioning is, automartition disk, use lvm, or use raid? Kamion no, the first Kamion joeyh: the questions would have to be phrased as one of your disks or some of your disks Alphix Kamion: how would I give partition size indications when methods are listed? Kamion Alphix: partition size wouldn't really fit of course, but when a partitioner asks me questions, I often find myself reaching for something that will give me some information about what disks are there Alphix http://www.hardeman.nu/~david/files/patches/debian/menuone.png Alphix http://www.hardeman.nu/~david/files/patches/debian/menutwo.png Kamion it's a psychological thing I think Alphix Check those two images, that's the current menu with the patch Kamion just something like You have 2 disks available: sda 1.1GB, sdb 1.1GB Kamion maybe partitioned vs. free space Alphix The second menu option in the first menu Automatically
Re: [Pkg-shadow-devel] Bug#387480: Please add commented pam_selinux line
tags 387480 pending
thanks
Perhaps we could have the following appended to the end of the
files /pam.d/{login,ssh}:
I committed the needed fix for login.
We'll probably upload a new shadow with that line as soon as the
4.0.18.1-2 will enter testing (which requireslibselinux to enter
testing, indeed. libselinx has its urgency pushed by Steve but depends
on libsepol which still needs 8 days to enter testing.
signature.asc
Description: Digital signature
Re: The possibility of SELinux targeted policy in the default install
Hi, On Fri, 15 Sep 2006 02:21:18 -0700, Steve Langasek [EMAIL PROTECTED] said: Ok. What about cron, su, *dm, sudo, samba, ftp servers...? All of these processes change uids as well after authentication, do they also need selinux support? Cron runs properly in crond_t already, ther are domain transition set up since the cron deamon file is labelled on the disk, and the transition from contd_exec_t to crond_t etc is already cone. Same goes for ftp servers and all. *.dm I am not sure about, but I think they called pam.d/login to manage things (I'll need to look that up; been a while since I submitted the xdm patch). ssh and login are different in that knowing the it is ssh accepting connections does not tell you what domain the resulting shell should be created under (sysadmin_t, user_t, staff_t?), and an extra lookup is required based on the user logging in, the domains permitted, and the users choice. Hope this helps. manoj -- The end of the human race will be that it will eventually die of civilization. Ralph Waldo Emerson Manoj Srivastava [EMAIL PROTECTED]http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
[D-I Manual] Build log for en (15 Sep 2006)
A build of the Debian Installer Manual was triggered by an update to SVN.
There were no errors during the build process.
The new version of the manual has been uploaded successfully.
A log of the build is available at:
- http://people.debian.org/~fjp/d-i_manual/log/en.log
===
It is possible to use RSS to track changes to the manual.
For more information, see:
http://d-i.alioth.debian.org/manual/translators.html
===
Note: PDF output is not yet supported for some languages; this
is being worked on.
===
If you have any questions about the build or this message, feel
free to contact me at elendil_at_planet_dot_nl.
===
Updated files ('svn up')
Uen/boot-new/boot-new.xml
Aen/boot-new/mount-encrypted.xml
Updated to revision 40687.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: New cdebconf facility allowing simpler translated choices
On Fri, Sep 15, 2006 at 11:24:02AM +0200, Frans Pop wrote: On Friday 15 September 2006 10:56, Colin Watson wrote: It probably should be what is displayed in a C locale, at least in the installer. I think that's a bug. Do you agree? Hmm. If we are going to put codes or to quote you: identifiers that are convenient for use in code in choices-C then I would prefer to have the English translation displayed if the locale is C (provided of course that LANG=en). Is that indeed what happens currently? I do not know how it is displayed within d-i, but I made tests on cdebconf SVN, and this is indeed what happens, hence my comment. IIRC this feature had been requested years ago, and I objected; I do not remember exactly why and cannot find the bug report, IIRC it was for kbd-chooser, and my objection was that having 2 lists (codes and English text) was error prone. As there have been many errors with translations, it is indeed better to have a single point of failure ;) I agree with Frans that Choices should be displayed in English and C locales; Choices-C is an internal code, this is why I suggested to call it Choices-internal if this is possible without breaking too much things. Denis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
tasksel 2.54 MIGRATED to testing
FYI: The status of the tasksel source package in Debian's testing distribution has changed. Previous version: 2.53 Current version: 2.54 -- This email is automatically generated; [EMAIL PROTECTED] is responsible. See http://people.debian.org/~henning/trille/ for more information. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accessibility theme for the graphical installer
Hi Denis, On Saturday 09 September 2006 09:12, Denis Barbier wrote: With help from Eddy Petrişor, I copied the HighContrastLargePrintInverse theme (from gnome-accessibility-themes) into rootskel-gtk, you can find this package under people/barbier/rootskel-gtk in d-i subversion repository. This theme is currently enabled when the FRONTEND_BACKGROUND=dark boot argument is found. Is it okay to put this stuff into trunk? Do people on d-accessibility have an opinion on this theme and font size? Thanks for coming back to this. Theming for g-i was on the TODO list, but we had not yet really gotten around to it. I guess an accessibility theme is a great place to start. I've checked your changes in rootskel-gtk and I think the implementation can be improved. I've not looked at how the theme looks, only at the technical side of it. I think I have mentioned before that I would like to be able to set themes consistently with other parameters, i.e. using a debconf value like debian-installer/theme (with a shortcut for the boot prompt theme=...) instead of FRONTEND_BACKGROUND or whatever. I have now implemented this in rootskel and preseed (see attached patches). This works for both gtk and newt frontends. I feel that for now it is OK to include the theme file(s) in rootskel-gtk; we may want to split them out later. I don't really like that the theme file and theme name are different; IMO it would be better to have those the same (although we can script around that if there is a good reason for the current name). I don't like just replacing the whole /etc/gtk-2.0/gtkrc file. GTK supports a gtk-theme-name parameter in that file and IMO we should use that. How that translates to a theme definition I don't know, but should be easy to find out. Note that we already had some scripts (currently unused and not really tested yet) to support switching font and theme. See rootskel-gtk/src/usr/bin/ for current versions. I've fixed them up a bit for basic support for your theme (see attached patches). Setting the font as part of the theme is a bad idea as we want to be able to switch fonts for other reasons too. I have resolved this by increasing the font size for this theme in gtk-set-font (see patches). Note that for gtk-set-font to work we need fc-list in the fontconfig udeb. Cheers, FJP Index: rootskel/debian/templates-arch === --- rootskel/debian/templates-arch (revision 40624) +++ rootskel/debian/templates-arch (working copy) @@ -14,3 +14,7 @@ Type: boolean Default: false Description: halt the machine + +Template: debian-installer/theme +Type: string +Description: theme to use for the (newt or gtk) frontend Index: rootskel/src/lib/debian-installer.d/S65theme === --- rootskel/src/lib/debian-installer.d/S65theme (revision 0) +++ rootskel/src/lib/debian-installer.d/S65theme (revision 0) @@ -0,0 +1,12 @@ +theme=`debconf-get debian-installer/theme` + +if [ $theme ]; then + case $DEBIAN_FRONTEND in + newt) + export FRONTEND_BACKGROUND=$theme + ;; + gtk) + gtk-set-theme $theme || true + ;; + esac +fi Index: rootskel/src/lib/debian-installer.d/Makefile === --- rootskel/src/lib/debian-installer.d/Makefile (revision 40624) +++ rootskel/src/lib/debian-installer.d/Makefile (working copy) @@ -17,6 +17,7 @@ files += \ S30term \ S60frontend \ + S65theme \ S72menu-exit ifeq ($(DEB_HOST_ARCH_OS),linux) Index: rootskel-gtk/src/usr/bin/gtk-set-font === --- rootskel-gtk/src/usr/bin/gtk-set-font (revision 40624) +++ rootskel-gtk/src/usr/bin/gtk-set-font (working copy) @@ -2,23 +2,28 @@ set -e +. /usr/share/debconf/confmodule + [ $DEBIAN_FRONTEND = gtk ] || exit 0 -language=$1 CONFFILE=/etc/gtk-2.0/gtkrc - -[ -n $language ] || exit 1 [ -f $CONFFILE ] || exit 1 +if db_get debian-installer/language [ $RET ]; then + language=$RET +else + language=en +fi + DEFAULT_FONT=DejaVu # Default font size; good for 640x480 or 800x600 screens -FONT_SIZE=11 +FONT_SIZE=9 # Set the primary GTK font according to language case $language in ar|fa) FONT_NAME=Nazli - FONT_SIZE=14 + FONT_SIZE=$(($FONT_SIZE + 2)) ;; ja) FONT_NAME=Sazanami Gothic @@ -34,12 +39,16 @@ ;; esac +if db_get debian-installer/theme [ $RET = dark ]; then + # Theme for visually impaired; increase fontsize + FONT_SIZE=$(($FONT_SIZE + 7)) +fi + # Fall back to default if font does not exist; default is assumed to exist if ! fc-list | grep -q $FONT_NAME; then FONT_NAME=$DEFAULT_FONT fi -cp $CONFFILE $CONFFILE.old sed -i s/^gtk-font-name.*$/gtk-font-name = \$FONT_NAME $FONT_SIZE\/ $CONFFILE exit 0 Index: rootskel-gtk/src/usr/bin/gtk-set-theme === ---
Bug#387470: debian-installer: needs an possibility to load a full font for g-i
On Thursday 14 September 2006 16:54, Kenshi Muto wrote: ttf-cjk-compact-udeb and some other font packages for graphical- installer have only limited characters by size problem. But because debian-installer is dynamic system, it's hard to assume what new debconf messages appear (especially after running tasksel and aptitude). If new message has an new character, graphical-installer will show a broken character or just miss it. Note that the newt frontend has exactly the same problem: if a character is not in the needed characters list for a language, it will not be displayed correctly. I see no reason to treat this issue differently in the graphical installer than in the regular one. The team and translators just need to make sure that characters they need are included in the font files. This may take a while to get right and may lead to the occasional minor bug, but I would not expect major problems from this. (BTW. I really like how the graphical frontend just tells you which glyph is missing.) Cheers, FJP pgp9v9X2cUIgC.pgp Description: PGP signature
Re: Bug#385150: Tests with PPPoE connection
On 05/09/06, Gregory Colpart [EMAIL PROTECTED] wrote: Hi, Here are bits from my (nightly) PPPoE tests with d-i. On Sat, Sep 02, 2006 at 03:06:45AM +0300, Eddy Petri??or wrote: Then tell me if things improve? With logs, if not. Same problem with debconf error. I retry/retry/retry with apt-install ppp || true patch and I was wrong, it is not the same problem (grrr, probably too tired during my last tests). Then I don't have red debconf screen but I return to Debian installer main menu. It sounds good but there are little problems with this menu. I go directly on a blank line between 'Install the base system' and 'Select and install software' choices. There is also another blank line between 'Partition disks' and 'Configure the clock'. Logs are here: http://gcolpart.evolix.net/debian/d-i/syslog-for-pppoe.3 (in this logs, I try to select a strange OK choice on the top of menu...) It seems (thanks again Joey) that the problem is the db_stop line which, if commented out should kill the problem appear in both of these cases. Gregory knows this and said he will try to test with this change, but Abel should know about it, too. I would be really happy to find out that both issues disappeared when commenting out db_stop (it appears that I shouldn't do that in D-I). -- Regards, EddyP = Imagination is more important than knowledge A.Einstein -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: powerpc d-i daily ISOs are back but broken. (was: one week out of date. )
On Sep 15, 2006, at 2:05 PM, Frans Pop wrote: On Friday 15 September 2006 19:02, Rick Thomas wrote: When should I expect to be able to burn a working businesscard (or netinst) CD? The CD build starting in about 4 hours should have the changes. Not sure if it will be working :-) Thanks! I'm a tester, so I understand about can't promise it'll work! (-: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
