Bug#1050465: ITS: code2html
On Thu, 24 Aug 2023, Bastian Germann wrote: > Source: code2html > Severity: important > > code2html does not seem to be maintained anymore. I intend to salvage it > with the plan to orphan it in three weeks. Please notify me if you object. Go for it, but given that you would /also/ need a new upstream, I'm not sure orphaning will do any good. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#1033937: system does a poweroff instead of reboot
Source: linux-signed-amd64
Version: 6.1.12+1~bpo11+1
Severity: normal
Hi!
While running linux-image-6.1.0-0.deb11.5-amd64 on bullseye (with stable
systemd or with backports systemd), when I type reboot, the system goes
down for reboot but then powers off.
This issue is not present in the stable kernel, but I have also observed
it in linux-image-6.0.0-0.deb11.6-amd64.
The system is a ProLiant DL360 Gen10 Plus (P28948-B21).
| Starting virtual serial port.
| Press 'ESC (' to return to the CLI Session.
|
| [1203707.236892] watchdog: watchdog0: watchdog did not stop!
| [1203707.766484] systemd-shutdown[1]: Failed to finalize DM devices, ignoring.
| [1203708.709332] reboot: Restarting system
[several seconds later]
| The server is not powered on. The Virtual Serial Port is not available.
and:
| hpiLO-> power
|
| status=0
| status_tag=COMMAND COMPLETED
| Tue Apr 4 10:45:22 2023
|
|
|
| power: server power is currently: Off
It'd be nice if the system actually rebooted on a reboot :)
Cheers,
weasel
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#1033791: check_running_kernel fails to find version on bookworm/arm64
On Sat, 01 Apr 2023, Peter Palfrader wrote: > --- /usr/lib/nagios/plugins/check_running_kernel2023-03-08 > 11:28:49.0 +0100 > +++ ./check_running_kernel 2023-04-01 11:35:33.643925332 +0200 > @@ -164,6 +164,8 @@ > cat_vmlinux "$image" "\x89\x4c\x5a\x4f\x00\x0d\x0a\x1a" "lzop -dc" 0 > # zstd compressed image > cat_vmlinux "$image" "\x28\xb5\x2f\xfd" "zstd -dc" 0 Hm. Maybe guard this cat with it being able to find the linux version string too: Something like if strings "$image" | grep -q 'Linux version'; then > + > + cat "$image" fi > > echo "ERROR: Unable to extract kernel image." 2>&1 > exit 1 weasel -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#1033791: check_running_kernel fails to find version on bookworm/arm64
Package: monitoring-plugins-contrib Version: 42.20230308 Severity: normal Hi! check_running_kernel fails on my arm64 system: Linux nautilus 6.1.0-7-arm64 #1 SMP Debian 6.1.20-1 (2023-03-19) aarch64 GNU/Linux root@nautilus:~# /usr/lib/nagios/plugins/check_running_kernel WARNING: Running kernel does not match on-disk kernel image: [Linux version 6.1.0-7-arm64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP Debian 6.1.20-1 (2023-03-19) != Linux version 6.1.0-7-arm64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) # SMP Debian 6.1.20-1 (2023-03-19)] It seems just using the image as is, with cat, would help: root@nautilus:~# ./check_running_kernel OK: Running kernel matches on disk image: [Linux version 6.1.0-7-arm64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP Debian 6.1.20-1 (2023-03-19)] --- /usr/lib/nagios/plugins/check_running_kernel2023-03-08 11:28:49.0 +0100 +++ ./check_running_kernel 2023-04-01 11:35:33.643925332 +0200 @@ -164,6 +164,8 @@ cat_vmlinux "$image" "\x89\x4c\x5a\x4f\x00\x0d\x0a\x1a" "lzop -dc" 0 # zstd compressed image cat_vmlinux "$image" "\x28\xb5\x2f\xfd" "zstd -dc" 0 + + cat "$image" echo "ERROR: Unable to extract kernel image." 2>&1 exit 1 root@nautilus:~# Cheers, weasel -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#1024720: d-i fails at grub when another installer is on disk
Package: installation-reports Severity: normal Boot method: USB Image version: firmware-testing-amd64-netinst.iso (https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-builds/amd64/iso-cd/; 2022-11-21) Date: Wed, 23 Nov 2022 20:27:28 +0100 Machine: Lenovo Thinkpad X13 Yoga Gen3 This machine came with an Ubuntu Installer on disk, in nvme0n1p2. This confused the grub on the installer image as it did not find the correct root partition: } grub> search --file --set=root /.disk/info } grub> echo $root } hd0,gpt2 As opposed to (cd0). A workaround was to rename the .disk/info file on nvme0n1p2. A fix might be if each installer image used and searched for a unique file. Cheers, weasel -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#998681: tor: fails to start on boot, needs manual restart later
On Wed, 16 Nov 2022, Domenico Cufalo wrote: > Package: tor > Version: 0.4.7.11-1~bpo11+1 > Followup-For: Bug #998681 > > Dear Maintainer, > > this bug still persists. > > As far it seems, tor service needs to be launched AFTER networking. (1) I think think should be fixed in git. If you want, you could try the nightly builds on deb.torproject.org. https://gitlab.torproject.org/tpo/core/debian/tor/-/commit/46e6de4646204a8b81d15a30d2f7045dfa38b8a8 Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#1004399: does not support booting mini.iso
Package: virtinst
Version: 1:3.2.0-3
Severity: normal
Tags: patch
vrit-install appears to not support installing off a Debian mini.iso:
Starting install...
ERRORCouldn't find kernel for install tree.
Domain installation does not appear to have been successful.
The following patch makes that work:
--- ./urldetect.py 2022-01-26 19:25:19.835922099 +
+++ /usr/share/virt-manager/virtinst/install/urldetect.py 2022-01-26
19:25:22.447863479 +
@@ -751,7 +751,7 @@
kpair = ("boot/linux_vm", "boot/root.bin")
else:
kpair = ("install/vmlinuz", "install/initrd.gz")
-self._kernel_paths += [kpair]
+self._kernel_paths += [kpair, ('/linux', '/initrd.gz')]
return True
def _detect_version(self):
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#1003609: readlink: invalid option -- 'b' in /lib/lsb/init-functions.d/40-systemd
On Wed, 12 Jan 2022, Michael Biebl wrote: > Am 12.01.22 um 16:04 schrieb Peter Palfrader: > > /lib/lsb/init-functions.d/40-systemd calls > >readlink -f "$executable" > > which causes warnings if an executable starts with -, like in "-bash" when > > /lib/lsb/init-functions is sourced from a login shell. > > > > ] root@yukon:~# . /lib/lsb/init-functions > > ] readlink: invalid option -- 'b' > > ] Try 'readlink --help' for more information. > > ] root@yukon:~# > > > > This happens for instance with the slony init script: > > > > | adns002:~# grep 'init-functions ' /etc/init.d/slony1 > > | su -c ". /lib/lsb/init-functions ; umask 027 ; > > start_daemon -p $(pidfile $1) $DAEMON -f $(conffile $1) -p $(pidfile $1) > > >>$(logfile $1) 2>&1 > Oh my, not the prettiest way to start a daemon. > Christoph, maybe this is actually better addressed on the slony1-2 side. I completely agree that it should /also/ be addressed there, but nevertheless, init-functions should be sourceable from login shells. Cheers! -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#1003609: readlink: invalid option -- 'b' in /lib/lsb/init-functions.d/40-systemd
Package: systemd Version: 247.3-6 Severity: normal Tags: patch Hi! /lib/lsb/init-functions.d/40-systemd calls readlink -f "$executable" which causes warnings if an executable starts with -, like in "-bash" when /lib/lsb/init-functions is sourced from a login shell. ] root@yukon:~# . /lib/lsb/init-functions ] readlink: invalid option -- 'b' ] Try 'readlink --help' for more information. ] root@yukon:~# This happens for instance with the slony init script: | adns002:~# grep 'init-functions ' /etc/init.d/slony1 | su -c ". /lib/lsb/init-functions ; umask 027 ; start_daemon -p $(pidfile $1) $DAEMON -f $(conffile $1) -p $(pidfile $1) >>$(logfile $1) 2>&1 https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#1000436: logrotate script uses rsyslog-rotate
Package: haproxy Version: 2.4.8-2 Hi! haproxy in buster, bullseye, etc, has this logrotate snippet: postrotate /usr/lib/rsyslog/rsyslog-rotate endscript which fails if rsyslog is not installed. Clearly the postrotate script should only call rsyslog-rotate if that binary exists. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#995374: do chain checks also with starttls
Package: monitoring-plugins-contrib
Version: 35.20210512
Severity: normal
Tags: patch
For "normal" https/ssl checks, check_ssl_cert checks the entire chain,
but for checks for a given protocol (openssl s_client -starttls ),
this is not being done. However, it should.
} weasel@sarek:~/ssl$ ./check_ssl_cert.1.1 --ignore-ocsp -H
'2600:3c01::f03c:91ff:fe2c:2b9f' -p 25 -P smtp --cn ms.lwn.net
} SSL_CERT OK - x509 certificate 'ms.lwn.net' from 'R3' valid until Nov 16
00:39:50 2021 GMT (expires in 46 days)|days_chain_elem1=46;20;15;;
} weasel@sarek:~/ssl$ ./check_ssl_cert.2.1 --ignore-ocsp -H
'2600:3c01::f03c:91ff:fe2c:2b9f' -p 25 -P smtp --cn ms.lwn.net
} SSL_CERT OK - x509 certificate 'ms.lwn.net' from 'R3' valid until Nov 16
00:39:50 2021 GMT (expires in 46 days)|days_chain_elem1=46;20;15;;
days_chain_elem2=1446;20;15;; days_chain_elem3=1096;20;15;;
Patch attached.
[This is on top the patched version in #995372]
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
--- check_ssl_cert.1.1 2021-09-30 13:22:51.765139931 +
+++ check_ssl_cert.2.1 2021-09-30 13:33:02.675979505 +
@@ -1345,51 +1345,51 @@
if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" != 'http' ] && [ "${PROTOCOL}"
!= 'https' ] && [ "${PROTOCOL}" != 'h2' ] ; then
case "${PROTOCOL}" in
pop3|ftp)
-exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL}
-connect ${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}"
+exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL}
-showcerts -connect ${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}"
RET=$?
;;
pop3s|ftps)
-exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect
${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}"
+exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -showcerts -connect
${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}"
RET=$?
;;
smtp)
-exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL}
-connect ${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2>
${ERROR} 1> ${CERT}"
+exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL}
-showcerts -connect ${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2>
${ERROR} 1> ${CERT}"
RET=$?
;;
smtps)
-exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect
${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2>
${ERROR} 1> ${CERT}"
+exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -showcerts -connect
${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2>
${ERROR} 1> ${CERT}"
RET=$?
;;
irc|ldap)
-exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO}
${CLIENT} ${CLIE
Bug#995372: check_ssl_cert: cannot handle ipv6 address literals
Package: monitoring-plugins-contrib
Version: 35.20210512
Severity: normal
Tags: patch
Hi!
Using check_ssl_cert with an ipv6 address host does not work as
expected:
| weasel@sarek:~/ssl$ ./check_ssl_cert.0 --ignore-ocsp -H
2001:858:10f:100::19:1 -p 443 --cn www.palfrader.org --sni www.palfrader.org
| SSL_CERT UNKNOWN: Cannot resolve 2001:858:10f:100::19:1
| weasel@sarek:~/ssl$ ./check_ssl_cert.0 --ignore-ocsp -H www.palfrader.org
--resolve 2001:858:10f:100::19:1 -p 443 --cn www.palfrader.org --sni
www.palfrader.org
| SSL_CERT CRITICAL www.palfrader.org: 2001:858:10f:100::19:1 is not a valid
hostname
The attached patch makes it work. As a side effect, it does require
giving a --cn if host is an ipv4 or ipv6 literal. If you disagree about
that chnge, feel free to drop that part.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
--- check_ssl_cert.02021-09-30 13:08:32.0 +
+++ check_ssl_cert.1.1 2021-09-30 13:22:51.765139931 +
@@ -489,6 +489,14 @@
}
+optional_brackets_for_ipv6() {
+if echo "$1" | grep -q -E '^[a-fA-F0-9:]*$' ; then
+echo "[$1]"
+else
+echo "$1"
+fi
+}
+
# Exits with a critical message
# Params
@@ -1330,56 +1338,58 @@
IGN_EOF='-ign_eof'
fi
+HOST_ADDR_SCLIENT="$(optional_brackets_for_ipv6 ${HOST_ADDR})"
+debuglog "Made host addr for openssl purposes '${HOST_ADDR_SCLIENT}'"
+
# Check if a protocol was specified (if not HTTP switch to TLS)
if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" != 'http' ] && [ "${PROTOCOL}"
!= 'https' ] && [ "${PROTOCOL}" != 'h2' ] ; then
-
case "${PROTOCOL}" in
pop3|ftp)
-exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL}
-connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}"
+exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL}
-connect ${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}"
RET=$?
;;
pop3s|ftps)
-exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect
${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT}
-verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS}
${DANE} 2> ${ERROR} 1> ${CERT}"
+exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect
${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}"
RET=$?
;;
smtp)
-exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL}
-connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2>
${ERROR} 1> ${CERT}"
+exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL}
-connect ${HOST_ADDR_SCLIENT}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY}
${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION}
${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2>
${ERROR} 1> ${CERT}"
RET=$?
;;
smtps)
-exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect
${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT}
-verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS}
${DANE} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}"
+exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client
${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect
Bug#995347: check_ssl_cert: needs to call file with --brief
Package: monitoring-plugins-contrib
Version: 35.20210512
Severity: normal
Tags: patch
check_ssl_cert can be called with a local file and it will check the
certificate (chain) contained in that file.
To figure out the format, it will call /usr/bin/file on the input file,
and grep its output. if file says "data", the contents are assumed to
be in DER format and the checking script attempts to convert it.
However, if the file*name* already contains data, this will also
trigger.
} # file data.pem
} data.pem: PEM certificate
} # file data.pem | grep -E -q '(data|Certificate)' && echo 'clearly a DER
file, right?'
} clearly a DER file, right?
| # sudo -u nagios ./check_ssl_cert_file -H localhost --ignore-ocsp -c 10 -w 20
-f ./data.pem -n data.example.com
| unable to load certificate
| 139687717052480:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong
tag:../crypto/asn1/tasn_dec.c:1148:
| 139687717052480:error:0D07803A:asn1 encoding
routines:asn1_item_embed_d2i:nested asn1
error:../crypto/asn1/tasn_dec.c:308:Type=X509
| unable to load CRL
| 139951627083840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header
too long:../crypto/asn1/asn1_lib.c:101:
| Invalid command ''; type "help" for a list.
| unable to load certificate
| 140600045199424:error:0906D06C:PEM routines:PEM_read_bio:no start
line:../crypto/pem/pem_lib.c:686:Expecting: TRUSTED CERTIFICATE
| unable to load certificate
| 14014082464:error:0906D06C:PEM routines:PEM_read_bio:no start
line:../crypto/pem/pem_lib.c:686:Expecting: TRUSTED CERTIFICATE
| unable to load certificate
| 140645747900480:error:0906D06C:PEM routines:PEM_read_bio:no start
line:../crypto/pem/pem_lib.c:686:Expecting: TRUSTED CERTIFICATE
| unable to load certificate
| 139760670384192:error:0906D06C:PEM routines:PEM_read_bio:no start
line:../crypto/pem/pem_lib.c:686:Expecting: TRUSTED CERTIFICATE
| Invalid command ''; type "help" for a list.
| Invalid command ''; type "help" for a list.
| Invalid command ''; type "help" for a list.
| Invalid command ''; type "help" for a list.
| unable to load certificate
| 140287147626560:error:0906D06C:PEM routines:PEM_read_bio:no start
line:../crypto/pem/pem_lib.c:686:Expecting: TRUSTED CERTIFICATE
| SSL_CERT CRITICAL ./data.pem: './data.pem' is not a valid certificate file
| Error(s):
| SSL_CERT CRITICAL : Cannot find Signed Certificate Timestamps (SCT)
| SSL_CERT CRITICAL : invalid CN ('CN unavailable' does not match
'data.example.com')
| SSL_CERT CRITICAL ./data.pem: './data.pem' is not a valid certificate file
One fix is to call file with --brief:
} # file --brief data.pem
} PEM certificate
| # sudo -u nagios ./check_ssl_cert_file.new -H localhost --ignore-ocsp -c 10
-w 20 -f ./data.pem -n data.example.com
| SSL_CERT OK - x509 certificate 'data.example.com' from 'R3' valid until [...]
Patch attached.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
--- check_ssl_cert_file.orig 2021-09-30 09:43:17.069332490 +0200
+++ check_ssl_cert_file 2021-09-30 09:44:15.509147025 +0200
@@ -941,7 +941,7 @@
exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --location \\\"${ELEMENT_ISSUER_URI}\\\" > ${ISSUER_CERT_TMP}"
fi
-debuglog "OCSP: issuer certificate type (1): $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )"
+debuglog "OCSP: issuer certificate type (1): $(${FILE_BIN} --brief "${ISSUER_CERT_TMP}" | sed 's/.*://' )"
if echo "${ELEMENT_ISSUER_URI}" | grep -F -q 'p7c' ; then
debuglog "OCSP: converting issuer certificate from PKCS #7 to PEM"
@@ -952,12 +952,12 @@
fi
-debuglog "OCSP: issuer certificate type (2): $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )"
+debuglog "OCSP: issuer certificate type (2): $(${FILE_BIN} --brief "${ISSUER_CERT_TMP}" | sed 's/.*://' )"
# check the result
-if ! "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -E -q ': (ASCII|PEM)' ; then
+if ! "${FILE_BIN}" --brief "${ISSUER_CERT_TMP}" | grep -E -q ': (ASCII|PEM)' ; then
-if "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -E -q '(data|Certificate)' ; then
+if "${FILE_BIN}" --brief "${ISSUER_CERT_TMP}" | grep -E -q '(data|Certificate)' ; then
debuglog "OCSP: converting issuer certificate from DER to PEM"
@@ -965,7 +965,7 @@
Bug#992688: nmu: tor_0.4.5.10-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu tor_0.4.5.10-1 . ANY . unstable . -m "Rebuild against new debhelper (cf: #992554)." Please rebuild tor in unstable with debhelper >= 13.4.1 to actually fix (the fallout of) #992554 (debhelper moved generators to /usr where systemd would not look for them). Also please do the same for experimental. At a guess that's nmu tor_0.4.6.7-1 . ANY . experimental . -m "Rebuild against new debhelper (cf: #992554)." A build of the arch -all package is not needed as that does not ship systemd files. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#992469: WARNING: dh_installsystemd is moving unit files to /usr/lib/systemd/system
On Thu, 19 Aug 2021, Luca Boccassi wrote: > > Installing those files in /usr/lib/systemd/system is fine. > > > > This is indeed the right thing to do moving forward, so updating > Lintian would be the best outcome. Thanks! It seems that generators in /usr/lib/systemd are being ignored. This causes #992554 in tor. The tor amd64 package build on the buildds has the systemd files in /usr/lib/systemd, and this results in a broken package. Moving /usr/lib/systemd/system-generators/tor-generator tor /lib/systemd/system-generators "fixes" the issue. Probably debhelper should not move generators to /usr until systemd also checks that tree for generators. Or I'm missing something else. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#992554: not really a libgpg-error0 problem
On Fri, 20 Aug 2021, Ivan Sergio Borgonovo wrote: > Even if after upgrade of libgpg-error0 newer version of tor seemed to > work... after a reboot it stopped working again. > > Downgrading to 0.4.5.9-1, this time even without downgrading libgpg-error0, > makes it work again. The binary produced by the buildds has the systemd files in /usr/lib/systemd while my own builds have them in /lib/systemd as expected. Hm. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#991424: mirror submission for debian.mithril.re
On Tue, 27 Jul 2021, Jean-Noël Rouchon wrote: > I added the sources and maintainer in the ftpsync configuration. Great, thanks. > I understood that it is not safe to use the ftp.fr.debian.org repository, but > how to find the site that currently backing ftp.fr.debian.org ? > I'm not sure about this.. Can you tell me which mirror I could sync from ? Currently, debian.proxad.net is the server providing ftp.fr. That could be a good upstream for you. I am adding your mirror to the git. From there it will make it to https://mirror-master.debian.org/status/mirror-status.html and from there to the website in time. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#990735: [Ticket ID: 724832] Re: Bug#990735: mirror submission for mirror.mia.velocihost.net
On Tue, 27 Jul 2021, Customer Support wrote: > This issue has been fixed. Please, do not hesitate to contact us if you > have any questions or concerns. Ok great. We have added your mirror to our git. From there it should make it to https://mirror-master.debian.org/status/mirror-status.html and eventually also to the website. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#991424: mirror submission for debian.mithril.re
Hi!
On Fri, 23 Jul 2021, Jean-Noel Rouchon wrote:
> Submission-Type: new
> Site: debian.mithril.re
> Type: leaf
> Archive-architecture: amd64
> Archive-http: /debian/
> Maintainer: Jean-Noel Rouchon
> Country: RE Réunion
> Location: Reunion (Indian Ocean)
> Sponsor: Mithril Informatique https://mithril.re
I noticed the following issues with your mirror:
o The tracefile at
http://debian.mithril.re/debian/project/trace/debian.mithril.re
is missing some required information.
We expect at least the Maintainer and Upstream-mirror values to be filled in,
and your tracefile is missing one or both of them.
o we recommend mirrors not sync directly from service aliases such as
ftp..debian.org (only http is guaranteed to be available at
ftp..d.o sites). Maybe change your config to sync from
the site currently backing the ftp..debian.org service you sync
from?
o Your mirror appears not to carry source packages.
To comply with the licenses of various pieces of software that you
distribute on that mirror, you will probably need to also include
sources.
To be listed as a Debian mirror in our mirror-list you MUST include
sources, e.g. by adding "source" as an included architecture in ftpsync.conf.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#990869: Revision on Archive-architecture
On Sat, 10 Jul 2021, Seksi Jaringan DSI Universitas Airlangga wrote:
> Site: mirror.unair.ac.id
Added, thanks.
Please note that we recommend mirrors not sync directly from service
aliases such as ftp..debian.org (only http is guaranteed to be
available at ftp..d.o sites). Maybe change your config to sync from
the site currently backing the ftp..debian.org service you sync
from?
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#990408: mirror submission for debian.hostiran.ir
Hi! On Tue, 29 Jun 2021, Reza Behroozi wrote: > I use the following version > [root@mirror]# cat bin/ftpsync | grep "VERSION" > VERSION="20180513" > > Which I have downloaded from the link below > https://ftp-master.debian.org/ftpsync.tar.gz Thanks! Any idea why http://debian.hostiran.ir/debian/project/trace/debian.hostiran.ir would be an empty file then? ftpsync should have written some data to it. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#990408: mirror submission for debian.hostiran.ir
Which version of ftpsync are you using?
On Mon, 28 Jun 2021, HostIran wrote:
> Package: mirrors
> Severity: wishlist
> User: mirr...@packages.debian.org
> Usertags: mirror-submission
>
> Submission-Type: new
> Site: debian.hostiran.ir
> Type: leaf
> Archive-architecture: amd64 i386
> Archive-http: /debian/
> Archive-rsync: debian/
> Maintainer: HostIran
> Country: IR Iran, Islamic Republic of
> Location: Tehran
> Sponsor: HostIran https://hostiran.net/
>
>
>
>
> Trace Url: http://debian.hostiran.ir/debian/project/trace/
> Trace Url:
> http://debian.hostiran.ir/debian/project/trace/ftp-master.debian.org
> Trace Url: http://debian.hostiran.ir/debian/project/trace/debian.hostiran.ir
>
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#990068: unblock: tor/0.4.5.9-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tor unblock tor/0.4.5.9-1 This is a security update fixing the same issues as have been fixed for stable already in DSA 4932-1, viz. Debian#99000, CVE-2021-34548, CVE-2021-34549, CVE-2021-34550 -- https://bugs.debian.org/99. The version already passes autopkgtests, and so should migrate by itself after 20 days, cf. https://qa.debian.org/excuses.php?package=tor However, it'd be greate if this could be changed to something less, say 5 days or even sooner? Thanks, weasel -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#990000: tor: CVE-2021-34548 CVE-2021-34549 CVE-2021-34550
On Thu, 17 Jun 2021, Salvatore Bonaccorso wrote:
> CVE-2021-34548[1], CVE-2021-34549[2] and CVE-2021-34550[3].
Uploaded a 0.3.5.15-1 source package to security master with
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.15
Thanks,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#989928: mirror submission for mirrors.cloud.tencent.com
On Thu, 17 Jun 2021, Peter Palfrader wrote: > On Wed, 16 Jun 2021, Peter Palfrader wrote: > > > On Wed, 16 Jun 2021, shaynefei wrote: > > > > > Package: mirrors > > > Severity: wishlist > > > User: mirr...@packages.debian.org > > > Usertags: mirror-submission > > > > > > Submission-Type: new > > > Site: mirrors.cloud.tencent.com > > > Type: leaf > > > Archive-architecture: amd64 arm64 armel armhf i386 mips mips64el mipsel > > > powerpc ppc64el s390x > > > Archive-http: /debian/ > > > Maintainer: shaynefei > > > Country: CN China > > > > Something is wrong/weird with this mirror. > > > > The tracefile at > > http://mirrors.cloud.tencent.com/debian/project/trace/mirrors.cloud.tencent.com > > appears to be broken/partial. Can you investigate? > > Now the tracefile appears to be complete. Previously it started > with "te: " and a timestamp. Any idea how that happened? I looked at the wrong file. Now there is no tracefile at all. Are you running (latest) ftpsync? -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989928: mirror submission for mirrors.cloud.tencent.com
On Wed, 16 Jun 2021, Peter Palfrader wrote: > On Wed, 16 Jun 2021, shaynefei wrote: > > > Package: mirrors > > Severity: wishlist > > User: mirr...@packages.debian.org > > Usertags: mirror-submission > > > > Submission-Type: new > > Site: mirrors.cloud.tencent.com > > Type: leaf > > Archive-architecture: amd64 arm64 armel armhf i386 mips mips64el mipsel > > powerpc ppc64el s390x > > Archive-http: /debian/ > > Maintainer: shaynefei > > Country: CN China > > Something is wrong/weird with this mirror. > > The tracefile at > http://mirrors.cloud.tencent.com/debian/project/trace/mirrors.cloud.tencent.com > appears to be broken/partial. Can you investigate? Now the tracefile appears to be complete. Previously it started with "te: " and a timestamp. Any idea how that happened? -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989928: mirror submission for mirrors.cloud.tencent.com
On Wed, 16 Jun 2021, shaynefei wrote:
> Package: mirrors
> Severity: wishlist
> User: mirr...@packages.debian.org
> Usertags: mirror-submission
>
> Submission-Type: new
> Site: mirrors.cloud.tencent.com
> Type: leaf
> Archive-architecture: amd64 arm64 armel armhf i386 mips mips64el mipsel
> powerpc ppc64el s390x
> Archive-http: /debian/
> Maintainer: shaynefei
> Country: CN China
Something is wrong/weird with this mirror.
The tracefile at
http://mirrors.cloud.tencent.com/debian/project/trace/mirrors.cloud.tencent.com
appears to be broken/partial. Can you investigate?
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#989926: purging fails when removing users
Package: onionbalance Version: 0.2.0-3 Severity: important [This is actually 0.2.0-3~bpo10+1 ] The onionbalance package tries to remove the role user on purge. Whether or not that is even desirable is a different question (I am of the strong opinion that users should not be removed). However, it fails even at that. First time purging: } Removing user `onionbalance' ... } Warning: group `onionbalance' has no more members. } userdel: user onionbalance is currently used by process 2689 } /usr/sbin/deluser: `/usr/sbin/userdel onionbalance' returned error code 8. Exiting. } dpkg: error processing package onionbalance (--purge): So I make sure that no processes are run by that user, but now: } /usr/sbin/deluser: The user `onionbalance' is not a member of group `debian-tor'. } dpkg: error processing package onionbalance (--purge): And the package can no longer be purged. (without modifying the maintainer script.) I'd get rid of the whole deluser stuff. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989559: closed by Peter Palfrader (Bug#989559 fixed in mirrors)
On Tue, 15 Jun 2021, Rudi wrote: > Hi, > > > When will our site be listed on the mirrors page, > https://www.debian.org/mirror/list ? https://mirror-master.debian.org/status/mirror-info/mirror.hostafrica.co.za.html shows your mirror is mostly working, so its score is steadily rising. When the score hits 50, your mirror will be listed in https://mirror-master.debian.org/status/Mirrors.masterlist and then, when the website gets rebuilt next time (which should happen at least daily), your mirror should end up on www.debian.org Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989680: mirror submission for debian.obspm.fr
On Thu, 10 Jun 2021, Philippe Hamy wrote:
> Site: debian.obspm.fr
Thanks!
I notice / also has a debian-backports. That repository has been
retired many many years ago when it was included in the main /debian/
tree. You should probably remove /debian-backports from your server.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#989605: mirror submission for mirror.alwyzon.net
On Tue, 08 Jun 2021, Michael Hohl wrote:
> Sure, I'm just not sure why you would think that Alwyzon.com runs on
> one Nameserver? There are two nameservers, ns1.alwyzon.net and
> ns3.alwyzon.net (for historical reasons, there is no longer a ns2).
> Both have IPv4 addresses assigned and run in geographically separate
> locations (Austria and the Netherlands):
However, your mirror is in the alwyzon.net domain:
;; AUTHORITY SECTION:
alwyzon.net.172800 IN NS ns1.hohl.it.
alwyzon.net.172800 IN NS ns2.hohl.it.
And when I checked yesterday, I only got an A record for one of them.
Seems that has changed now.
> Btw. your mail setup seems a bit off: the email has a "Reply-To: Debian
> Mirror Team <989...@debian.org>" header set, but that address doesn't seem to
> exist.
Thanks. Badly hand-edited. :)
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#989605: mirror submission for mirror.alwyzon.net
Hi! On Tue, 08 Jun 2021, Alwyzon wrote: > Submission-Type: new > Site: mirror.alwyzon.net > Type: leaf > Archive-architecture: amd64 i386 > Archive-http: /debian/ > Maintainer: Alwyzon > Country: AT Austria > Location: Vienna > Sponsor: Alwyzon https://www.alwyzon.com/ Can you tell us a bit more about your DNS setup? It seems alwyzon.com only has a single IPv4 nameserver, and both nameservers share the same IPv6 address. How does the dns service for this domain provide availability against spof? Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989559: mirror submission for mirror.hostafrica.co.za
Hi Rudi! On Mon, 07 Jun 2021, Rudi wrote: > Submission-Type: new > Site: mirror.hostafrica.co.za > Type: leaf > Archive-architecture: amd64 hurd-i386 > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: Rudi > Country: ZA South Africa > Location: Johannesburg Can you please set the INFO_MAINTAINER field in your ftpsync.conf? -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989473: choose-mirror: switch mirror list from salsa to mirror-master
On Sat, 05 Jun 2021, Philip Hands wrote: > c) filter the old masterlist to only include entries that are also in > the new list, and then use the result of that, perhaps with a tweak > to promote deb.d.o > > c) is a bit of a cludge, but seems like the only one that's got a chance > of happening before the release, and gets most of the benefit of the new > list. The Type info in the salsa Masterlist is also probably not correct in a lot of cases. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989473: choose-mirror: switch mirror list from salsa to mirror-master
On Sat, 05 Jun 2021, Philip Hands wrote:
> Philip Hands writes:
>
> ...
> > c) filter the old masterlist to only include entries that are also in
> > the new list, and then use the result of that, perhaps with a tweak
> > to promote deb.d.o
>
> BTW Promoting deb.d.o can be done thus:
>
>
> https://salsa.debian.org/philh/choose-mirror/-/commit/70caed09fbf4bfbcc9eca82168cf3936868d8394
>
> which produces this menu ordering:
>
> https://openqa.debian.net/tests/6101#step/mirror_selection/2
And then add a line that maybe gives some number (6, 7?) to other things
matching ~/\.debian\.org$/?
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#989472: mirror submission for mirror.estone.ca
On Fri, 04 Jun 2021, Mike Egglestone wrote: > Submission-Type: new > Site: mirror.estone.ca > Type: leaf > Archive-architecture: amd64 > Archive-http: /debian/ > Maintainer: Mike Egglestone > Country: CA Canada > Location: Prince George BC Added to our list, thanks. Please note that we recommend mirrors not sync directly from service aliases such as ftp..debian.org (only http is guaranteed to be available at ftp..d.o sites). Maybe change your config to sync from the site currently backing the ftp..debian.org service you sync from? Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989473: choose-mirror: switch mirror list from salsa to mirror-master
On Fri, 04 Jun 2021, Holger Wansing wrote:
> Hi,
>
> Cyril Brulebois wrote (Fri, 04 Jun 2021 18:39:44 +0200):
> > Filing this on behalf of Peter Palfrader who suggested we switched from
> > the manually curated mirror list hosted on salsa[1] to I suppose a live
> > one published on mirror-master[2], that would be more representative of
> > the current state of mirrors when release time approaches.
> >
> > 1.
> > https://salsa.debian.org/mirror-team/masterlist/raw/master/Mirrors.masterlist
> > 2. https://mirror-master.debian.org/status/Mirrors.masterlist
>
> Hmm, what exactly is the benefit?
> Sourcing a file from a git repo on Salsa seems reasonable to me, given that
> we have revision tracking there, which would be a good basis for debugging
> d-i's mirror list in case of problems or questions...
on salsa you get all the down and broken mirrors. on mirror-master,
they are filtered out.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#989165: mirror submission for mirrors.xtom.ee
On Thu, 27 May 2021, xTom wrote: > Site: mirrors.xtom.ee Seems that mirror is not kept in sync. It last updated Tuesday. Will you fix that? > Trace Url: http://mirrors.xtom.ee/debian/project/trace/ > Trace Url: http://mirrors.xtom.ee/debian/project/trace/ftp-master.debian.org > Trace Url: http://mirrors.xtom.ee/debian/project/trace/mirrors.xtom.ee -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989032: mirror listing update for debian.qontinuum.space
Qontinuum schrieb am Monday, dem 24. May 2021: > I also added mips, mipsel, mips64el and s390x to the mirror (I don't know if > you have seen it since I forgot to mention it in the comments section) I hadn't, thanks for the reminder. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#989032: mirror listing update for debian.qontinuum.space
reassign 989032 www.debian.org
retitle 989032 Monaco missing from countries list
tags 989032 = patch
thanks
Qontinuum schrieb am Monday, dem 24. May 2021:
> Submission-Type: update
> Site: debian.qontinuum.space
> Type: leaf
> Archive-architecture: amd64 arm64 armel armhf i386 mips mips64el mipsel
> powerpc ppc64el s390x
> Archive-http: /debian/
> Archive-rsync: debian/
> Maintainer: Qontinuum
> Country: MC Monaco
> Comment: I also mirror `source'
> I have been added in the mirrors list but there is no country above my
> server.
All our mirrors carry sources, so that's not listed specifically.
The country missing is a bug in the website creation. I have prepared a
patch and I'm reassigning the bug.
cf. https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/691
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#986441: mirror listing update for mmc.geofisica.unam.mx
On Sat, 22 May 2021, Antonio Carrillo Ledesma wrote: > The server is out of order and due to covid we cannot lift it. Any idea when you'll be able to get to it? Should I just close the ticket for now and you can file a new one when things are working? All the best, Peter > > El sáb., 22 de mayo de 2021 15:17, Peter Palfrader > escribió: > > > It seems I'm unable to connect to > > http://mmc.geofisica.unam.mx/debian/project/trace/ > > > > is that supposed to be up? > > > > Cheers, > > > > On Tue, 06 Apr 2021, Antonio Carrillo Ledesma wrote: > > > > > Package: mirrors > > > Severity: minor > > > User: mirr...@packages.debian.org > > > Usertags: mirror-list > > > > > > Submission-Type: update > > > Site: mmc.geofisica.unam.mx > > > Type: leaf > > > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > > > Archive-http: /debian/ > > > Archive-rsync: debian/ > > > Maintainer: Antonio Carrillo Ledesma > > > Country: MX Mexico > > > Location: Instituto de Geofisica, UNAM > > > Sponsor: Grupo de Geofísica Computacional http://mmc.geofisica.unam.mx/ > > > > > > > > > > > > > > > Trace Url: http://mmc.geofisica.unam.mx/debian/project/trace/ > > > Trace Url: > > http://mmc.geofisica.unam.mx/debian/project/trace/ftp-master.debian.org > > > Trace Url: > > http://mmc.geofisica.unam.mx/debian/project/trace/mmc.geofisica.unam.mx > > > > > > > -- > > | .''`. ** Debian ** > > Peter Palfrader | : :' : The universal > > https://www.palfrader.org/ | `. `' Operating System > > | `-https://www.debian.org/ > > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#986441: mirror listing update for mmc.geofisica.unam.mx
It seems I'm unable to connect to http://mmc.geofisica.unam.mx/debian/project/trace/ is that supposed to be up? Cheers, On Tue, 06 Apr 2021, Antonio Carrillo Ledesma wrote: > Package: mirrors > Severity: minor > User: mirr...@packages.debian.org > Usertags: mirror-list > > Submission-Type: update > Site: mmc.geofisica.unam.mx > Type: leaf > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: Antonio Carrillo Ledesma > Country: MX Mexico > Location: Instituto de Geofisica, UNAM > Sponsor: Grupo de Geofísica Computacional http://mmc.geofisica.unam.mx/ > > > > > Trace Url: http://mmc.geofisica.unam.mx/debian/project/trace/ > Trace Url: > http://mmc.geofisica.unam.mx/debian/project/trace/ftp-master.debian.org > Trace Url: > http://mmc.geofisica.unam.mx/debian/project/trace/mmc.geofisica.unam.mx > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#986902: mirror listing update for mirror.pit.teraswitch.com
Thanks! I've update the arch list, url, and maintainer. I am not quite sure where cd mirrors are coordinated these days, though. I'll ping people. Cheers, On Tue, 13 Apr 2021, Justin Goetz wrote: > Package: mirrors > Severity: minor > User: mirr...@packages.debian.org > Usertags: mirror-list > > Submission-Type: update > Site: mirror.pit.teraswitch.com > Type: leaf > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: Justin Goetz > Country: US United States > Location: Pittsburgh, Pennsylvania > Sponsor: TeraSwitch Inc. https://teraswitch.com/ > Comment: Hello! > > We have maintained a debian package repository mirror for a couple years > now, and we recently received a hardware upgrade on our mirror infrastructure > that allows us to now also host a debian-cd mirror. > > Please find our updated URLs for the debian-cd repo below: > > (http/https)://mirror.pit.teraswitch.com/debian-cd/ > rsync://mirror.pit.teraswitch.com/debian-cd/ > > Please let me know if any additional information is required. Thanks! > > > > > > Trace Url: http://mirror.pit.teraswitch.com/debian/project/trace/ > Trace Url: > http://mirror.pit.teraswitch.com/debian/project/trace/ftp-master.debian.org > Trace Url: > http://mirror.pit.teraswitch.com/debian/project/trace/mirror.pit.teraswitch.com > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#988633: mirror submission for mirror.djvg.sg
Thanks, added!
On Mon, 17 May 2021, Daan van Gorkum wrote:
> Package: mirrors
> Severity: wishlist
> User: mirr...@packages.debian.org
> Usertags: mirror-submission
>
> Submission-Type: new
> Site: mirror.djvg.sg
> Type: leaf
> Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386
> kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
> Archive-http: /debian/
> Maintainer: Daan van Gorkum
> Country: SG Singapore
> Location: Singapore
>
>
>
>
> Trace Url: http://mirror.djvg.sg/debian/project/trace/
> Trace Url: http://mirror.djvg.sg/debian/project/trace/ftp-master.debian.org
> Trace Url: http://mirror.djvg.sg/debian/project/trace/mirror.djvg.sg
>
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#988761: mirror submission for mirror.bjtu.edu.cn
Thanks, added
On Wed, 19 May 2021, Chestnut wrote:
> Package: mirrors
> Severity: wishlist
> User: mirr...@packages.debian.org
> Usertags: mirror-submission
>
> Submission-Type: new
> Site: mirror.bjtu.edu.cn
> Type: leaf
> Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386
> kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
> Archive-http: /debian/
> Maintainer: Chestnut
> Country: CN China
> Location: Beijing
> Sponsor: Beijing Jiaotong University https://bjtu.edu.cn/
>
>
>
>
> Trace Url: http://mirror.bjtu.edu.cn/debian/project/trace/
> Trace Url:
> http://mirror.bjtu.edu.cn/debian/project/trace/ftp-master.debian.org
> Trace Url: http://mirror.bjtu.edu.cn/debian/project/trace/mirror.bjtu.edu.cn
>
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#988568: mirror submission for debian.qontinuum.space
Thanks, added!
Qontinuum schrieb am Saturday, dem 15. May 2021:
> Package: mirrors
> Severity: wishlist
> User: mirr...@packages.debian.org
> Usertags: mirror-submission
>
> Submission-Type: new
> Site: debian.qontinuum.space
> Type: leaf
> Archive-architecture: amd64 arm64 armel armhf i386 powerpc ppc64el
> Archive-http: /debian/
> Archive-rsync: debian/
> Maintainer: Qontinuum
> Country: MC Monaco
> Comment: It can also be considered in france
>
>
>
>
> Trace Url: http://debian.qontinuum.space/debian/project/trace/
> Trace Url:
> http://debian.qontinuum.space/debian/project/trace/ftp-master.debian.org
> Trace Url:
> http://debian.qontinuum.space/debian/project/trace/debian.qontinuum.space
>
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#988633: mirror submission for mirror.djvg.sg
On Sat, 22 May 2021, Peter Palfrader wrote:
> Thanks, added!
Note:
o we recommend mirrors not sync directly from service aliases such as
ftp..debian.org (only http is guaranteed to be available at
ftp..d.o sites). Maybe change your config to sync from
the site currently backing the ftp..debian.org service you sync
from?
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#987067: mirror submission for mirrors.pardisco.co
Hi!
I added your mirror but I noticed it has both of its nameservers at the
same address. Please fix.
On Fri, 16 Apr 2021, Amir Fouladvand wrote:
> Package: mirrors
> Severity: wishlist
> User: mirr...@packages.debian.org
> Usertags: mirror-submission
>
> Submission-Type: new
> Site: mirrors.pardisco.co
> Type: leaf
> Archive-architecture: amd64 i386
> Archive-http: /debian/
> Archive-rsync: debian/
> Maintainer: Amir Fouladvand
> Country: IR Iran, Islamic Republic of
> Location: Tehran
> Sponsor: Pardis Co. https://www.pardisco.co
>
>
>
>
> Trace Url: http://mirrors.pardisco.co/debian/project/trace/
> Trace Url:
> http://mirrors.pardisco.co/debian/project/trace/ftp-master.debian.org
> Trace Url: http://mirrors.pardisco.co/debian/project/trace/mirrors.pardisco.co
>
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#986133: mirror submission for mirrors.layerbridge.com
Added, thanks! On Tue, 30 Mar 2021, LayerBridge wrote: > Package: mirrors > Severity: wishlist > User: mirr...@packages.debian.org > Usertags: mirror-submission > > Submission-Type: new > Site: mirrors.layerbridge.com > Type: leaf > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: LayerBridge > Country: RO Romania > Location: Bucharest > Sponsor: LayerBridge https://www.layerbridge.com > > > > > Trace Url: http://mirrors.layerbridge.com/debian/project/trace/ > Trace Url: > http://mirrors.layerbridge.com/debian/project/trace/ftp-master.debian.org > Trace Url: > http://mirrors.layerbridge.com/debian/project/trace/mirrors.layerbridge.com > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#986088: mirror submission for uk.mirrors.clouvider.net
Hi!
We added a bunch of your mirrors; I hope I got them all. Thanks!
One thing that out checking script noticed is:
o we recommend mirrors not sync directly from service aliases such as
ftp..debian.org (only http is guaranteed to be available at
ftp..d.o sites). Maybe change your config to sync from
the site currently backing the ftp..debian.org service you sync
from?
Cheers,
On Mon, 29 Mar 2021, Maciej Kupiec wrote:
> Package: mirrors
> Severity: wishlist
> User: mirr...@packages.debian.org
> Usertags: mirror-submission
>
> Submission-Type: new
> Site: uk.mirrors.clouvider.net
> Type: leaf
> Archive-architecture: amd64 arm64 armel armhf i386 mips mips64el mipsel
> ppc64el s390x
> Archive-http: /debian/
> Maintainer: Maciej Kupiec
> Country: GB United Kingdom
> Location: London
> Sponsor: Clouvider Limited https://clouvider.co.uk
>
>
>
>
> Trace Url: http://uk.mirrors.clouvider.net/debian/project/trace/
> Trace Url:
> http://uk.mirrors.clouvider.net/debian/project/trace/ftp-master.debian.org
> Trace Url:
> http://uk.mirrors.clouvider.net/debian/project/trace/uk.mirrors.clouvider.net
>
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#988634: unblock: tor/0.4.5.8-1
tags -1 - moreinfo
On Mon, 17 May 2021, Sebastian Ramacher wrote:
> On 2021-05-17 06:53:02 +0000, Peter Palfrader wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> >
> > I would like to update Tor in bullseye from 0.4.5.7-1 to 0.4.5.8-1.
> > Tor 0.4.5.8 is an upstream stable release.
>
> ACK, please remove the moreinfo tag once the new version is available in
> unstable.
Thanks!
The package has been uploaded to unstable, accepted, built, and installed.
For reference, here is the interdiff between the .diff.gz files.
diffstat:
changelog |6 +
micro-revision.i |2 -
misc/build-tor-sources | 57 -
3 files changed, 7 insertions(+), 58 deletions(-)
Note that debian/misc/build-tor-sources is only used locally in
preparing the source package; it is not used when building the Debian
binary packages from the Debian source.
Cheers,
weasel
diff -u tor-0.4.5.7/debian/changelog tor-0.4.5.8/debian/changelog
--- tor-0.4.5.7/debian/changelog
+++ tor-0.4.5.8/debian/changelog
@@ -1,3 +1,9 @@
+tor (0.4.5.8-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Peter Palfrader Wed, 19 May 2021 08:51:43 +0200
+
tor (0.4.5.7-1) unstable; urgency=high
* New upstream version, fixes two security issues:
diff -u tor-0.4.5.7/debian/micro-revision.i tor-0.4.5.8/debian/micro-revision.i
--- tor-0.4.5.7/debian/micro-revision.i
+++ tor-0.4.5.8/debian/micro-revision.i
@@ -1 +1 @@
-"db2cbdb54bf4485d"
+"e0a924350405684c"
diff -u tor-0.4.5.7/debian/misc/build-tor-sources
tor-0.4.5.8/debian/misc/build-tor-sources
--- tor-0.4.5.7/debian/misc/build-tor-sources
+++ tor-0.4.5.8/debian/misc/build-tor-sources
@@ -101,13 +101,6 @@
fi
}
-remove_libzstd() {
- if grep -q libzstd-dev debian/control; then
- sed -i -e '/^Build-Depends/ s/, *libzstd-dev\(
*\[[^]]*\]\)\?//' debian/control
- dch --append "Remove libzstd-dev build dependency for backport."
- fi
-}
-
remove_runit() {
if grep -q dh-runit debian/control; then
sed -i -e '/^Build-Depends/ s/, *dh-runit\([^,]*\)\?//'
debian/control
@@ -121,47 +114,6 @@
sed -i -e '/^Build-Depends/ s/debhelper [^,]*, */debhelper (>=
9.20160114), dh-systemd [linux-any], /' debian/control
}
-old_debug_pkg() {
- # do not mess with debian/control for 0.2.x. packages that
already/still have a tor-dbg defined there.
- grep -x 'Package: tor-dbg' debian/control && return
-
- patch debian/rules << EOF
-diff --git a/debian/rules b/debian/rules
-index 6950e6d3c..af002ae52 100755
a/debian/rules
-+++ b/debian/rules
-@@ -70,7 +70,10 @@ override_dh_install-arch:
- cp debian/tor.apparmor-profile.abstraction
debian/tor/etc/apparmor.d/abstractions/tor
- dh_apparmor --profile-name=system_tor -ptor
-
-+override_dh_installdocs:
-+ dh_installdocs -ptor-dbg --link-doc=tor
-+ dh_installdocs
- override_dh_strip:
-- dh_strip --dbgsym-migration='tor-dbg (<< 0.3.1.5-alpha)'
-+ dh_strip --dbg-package=tor-dbg
- override_dh_installinit:
- dh_installinit --error-handler=tor_error_init
-EOF
- cat >> debian/control << 'EOF'
-
-Package: tor-dbg
-Architecture: any
-Depends: tor (= ${binary:Version}), ${misc:Depends}
-Suggests: gdb
-Priority: extra
-Section: debug
-Description: debugging symbols for Tor
- This package provides the debugging symbols for Tor, The Onion Router.
- Those symbols allow your debugger to assign names to your backtraces, which
- makes it somewhat easier to interpret core dumps.
-EOF
-
- dch --append "Restore building of tor-dbg."
- sed -i -e '/^Build-Depends/ s/debhelper [^,]*, */debhelper (>= 9), /'
debian/control
- dch --append "Downgrade debhelper build dependency to just >= 9."
-}
-
bp1() {
@@ -194,15 +146,6 @@
#
# null
- # jessie
- #
- bp1 $pkg $dir $sid_debian_version jessie
- (cd $dir; remove_libzstd)
- (cd $dir; old_dh_systemd)
- (cd $dir; old_debug_pkg)
- (cd $dir; remove_runit)
- bp2 $pkg $dir $origtar
-
# stretch
#####
bp1 $pkg $dir $sid_debian_version stretch
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#988634: unblock: tor/0.4.5.8-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock I would like to update Tor in bullseye from 0.4.5.7-1 to 0.4.5.8-1. Tor 0.4.5.8 is an upstream stable release. unblock tor/0.4.5.8-1 Please let me know if I may upload to unstable. An upstream diff is attached. I cut the geoip databases and the fallback directory mirror lists. The ./debian/ diff is expected to contain only an update to the changelog. It does not yet exist, but I can provide it when needed. The upstream changelog entry follows. Cheers, } Changes in version 0.4.5.8 - 2021-05-10 } Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes } from the 0.4.6.x series. } } o Minor features (compatibility, Linux seccomp sandbox, backport } from 0.4.6.3-rc): } - Add a workaround to enable the Linux sandbox to work correctly } with Glibc 2.33. This version of Glibc has started using the } fstatat() system call, which previously our sandbox did not allow. } Closes ticket 40382; see the ticket for a discussion of trade-offs. } } o Minor features (compilation, backport from 0.4.6.3-rc): } - Make the autoconf script build correctly with autoconf versions } 2.70 and later. Closes part of ticket 40335. } } o Minor features (fallback directory list, backport from 0.4.6.2-alpha): } - Regenerate the list of fallback directories to contain a new set } of 200 relays. Closes ticket 40265. } } o Minor features (geoip data): } - Update the geoip files to match the IPFire Location Database, as } retrieved on 2021/05/07. } } o Minor features (onion services): } - Add warning message when connecting to now deprecated v2 onion } services. As announced, Tor 0.4.5.x is the last series that will } support v2 onions. Closes ticket 40373. } } o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha): } - Fix a regression that made it impossible start Tor using a bridge } line with a transport name and no fingerprint. Fixes bug 40360; } bugfix on 0.4.5.4-rc. } } o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc): } - Allow a custom "ar" for cross-compilation. Our previous build } script had used the $AR environment variable in most places, but } it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. } } o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): } - Fix a non-fatal BUG() message due to a too-early free of a string, } when listing a client connection from the DoS defenses subsystem. } Fixes bug 40345; bugfix on 0.4.3.4-rc. } } o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): } - Fix an indentation problem that led to a warning from GCC 11.1.1. } Fixes bug 40380; bugfix on 0.3.0.1-alpha. } } o Minor bugfixes (controller, backport from 0.4.6.1-alpha): } - Fix a "BUG" warning that would appear when a controller chooses } the first hop for a circuit, and that circuit completes. Fixes bug } 40285; bugfix on 0.3.2.1-alpha. } } o Minor bugfixes (onion service, client, memory leak, backport from } 0.4.6.3-rc): } - Fix a bug where an expired cached descriptor could get overwritten } with a new one without freeing it, leading to a memory leak. Fixes } bug 40356; bugfix on 0.3.5.1-alpha. } } o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha): } - Fix pattern-matching errors when patterns expand to invalid paths } on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by } Daniel Pinto. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/ diff --git a/ChangeLog b/ChangeLog index a2052fa55f..1c3cbdc82f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,65 @@ +Changes in version 0.4.5.8 - 2021-05-10 + Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes + from the 0.4.6.x series. + + o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc): +- Add a workaround to enable the Linux sandbox to work correctly + with Glibc 2.33. This version of Glibc has started using the + fstatat() system call, which previously our sandbox did not allow. + Closes ticket 40382; see the ticket for a discussion of trade-offs. + + o Minor features (compilation, backport from 0.4.6.3-rc): +- Make the autoconf script build correctly with autoconf versions + 2.70 and later. Closes part of ticket 40335. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): +- Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): +- Update the geoip files
Bug#981648: tor FTBFS on hppa
Helge Deller schrieb am Tuesday, dem 02. February 2021:
> tor fails to run the testsuite on hppa architecture, as can be seen here:
> util/socket_ipv4: [forking]
> FAIL ../src/test/test_util.c:5989: assert(fd_is_nonblocking(fd2) OP_EQ 1):
> 0 vs 1
> [socket_ipv4 FAILED]
> util/socket_ipv6: [forking]
> FAIL ../src/test/test_util.c:5989: assert(fd_is_nonblocking(fd2) OP_EQ 1):
> 0 vs 1
> [socket_ipv6 FAILED]
>
> https://buildd.debian.org/status/fetch.php?pkg=tor=hppa=0.4.5.5-rc-1=1612278093=0
>
> Reason for this is, that on hppa the value of O_NONBLOCK
> has been changed upstream Linux kernel.
>
> I've sent a patch/pull-request to upstream tor development:
> https://github.com/torproject/tor/pull/2128
>
> Maybe this patch can be applied in debian before upstream picks it up?
Thanks for the patch. We expect 0.4.5.5-rc to be the last RC of the
series, and a 0.4.5.6 (final) to show soon, certainly within February.
As such, I'm tempted to wait for 0.4.5.6 which should almost certainly
include your change. Would that be ok?
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#975977: tor generates invalid adress for hiddenservice when runninf on armv5tel architectures
Hi Bernhard! On Sun, 13 Dec 2020, Bernhard Übelacker wrote: > Dear Maintainer, > I tried to collect some more information and compared this > situation on real hardware armv5tel with an armv7 and > it looks like in keccak_finalize the following instruction > stores different data to memory depending on the arm hardware: > >0x005c4ac0 :f0 20 c4 e1 strdr2, [r4] > > In the failing case this is stored: > (gdb) x/8xb &((keccak_state *) 0xbeffef5c)->a > 0xbeffef5c: 0x6f0x6e0x200x630x000x000x00 > 0x00 > > And in the good case this: > (gdb) x/8xb &((keccak_state *) 0xbeffef5c)->a > 0xbeffef5c: 0x2e0x6f0x6e0x690x6f0x6e0x20 > 0x63 > > While on both the registers r2 and r3 contain: > r2 0x696e6f2e 1768845102 > r3 0x63206e6f 1663069807 > > In the attached files are some more details leading to the above result. Can you try to rebuild tor with __attribute__((aligned(8))) for the keccak_state as suggested in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975977#44 and then let us know if the issue is still there? -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#975977: tor generates invalid adress for hiddenservice when runninf on armv5tel architectures
On Tue, 15 Dec 2020, George Kadianakis wrote:
> Bernhard Übelacker writes:
>
> > Dear Maintainer,
> > I tried to collect some more information and compared this
> > situation on real hardware armv5tel with an armv7 and
> > it looks like in keccak_finalize the following instruction
> > stores different data to memory depending on the arm hardware:
> >
> > 0x005c4ac0 :f0 20 c4 e1 strdr2, [r4]
> >
> > In the failing case this is stored:
> > (gdb) x/8xb &((keccak_state *) 0xbeffef5c)->a
> > 0xbeffef5c: 0x6f0x6e0x200x630x000x000x00
> > 0x00
> >
> > And in the good case this:
> > (gdb) x/8xb &((keccak_state *) 0xbeffef5c)->a
> > 0xbeffef5c: 0x2e0x6f0x6e0x690x6f0x6e0x20
> > 0x63
> >
> > While on both the registers r2 and r3 contain:
> > r2 0x696e6f2e 1768845102
> > r3 0x63206e6f 1663069807
> >
> > In the attached files are some more details leading to the above result.
> >
>
> Woah Bernhard, that's some top-notch detective work!
>
> I wonder what this means? Does this mean that strd is broken on that
> armv5tel, or that we are running gcc with the wrong flags for this
> architecture?
Arnd Bergmann on #debian-arm points out that
113 setout8(const uint8_t *src, uint8_t *dst, size_t len) {
114 const uint64_t *si = (const uint64_t*)src; // Always aligned.
line 114 of src/ext/keccak-tiny/keccak-tiny-unrolled.c has undefined behavior
and that 0xbeffef5c is not actually aligned.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#975977: tor generates invalid adress for hiddenservice when runninf on armv5tel architectures
On Fri, 27 Nov 2020, Jean-Francois Paris wrote:
> I believe that tor generates invalid hidden service onion addresses when
> running on armv5tel platform
I don't have access to an armv5tel system, but at least running armel on
ARMv7 cpus (both abel.d.o and harries.d.o) I cannot reproduce this
issue.
Here's what I tried:
} [sid_armel-dchroot] weasel@harris:~$ cat torrc
} HiddenServiceDir /home/weasel/hs
} HiddenServicePort 80 127.0.0.1:8080
} [sid_armel-dchroot] weasel@harris:~$ mkdir hs
} [sid_armel-dchroot] weasel@harris:~$ chmod go-rwx -R hs
} [sid_armel-dchroot] weasel@harris:~$
} [sid_armel-dchroot] weasel@harris:~$ echo
'PT0gZWQyNTUxOXYxLXNlY3JldDogdHlwZTAgPT0AAACg6zoxlQ2hy7C6fUoTgIa0GLMk/YdVs2ic6jUDCzztZeLWcfqwCQ5/KoPk9v99cuWKO5mNpVrDtbOc27UUyC7e'
| base64 -d > hs/hs_ed25519_secret_key
} [sid_armel-dchroot] weasel@harris:~$ echo
'6bff2f57fcd69049091dcfa42b08fb84919d60dac919cbb16e3df1d960bb7843
./hs/hs_ed25519_secret_key' | sha256sum -c
} ./hs/hs_ed25519_secret_key: OK
} [sid_armel-dchroot] weasel@harris:~$ /usr/sbin/tor -f torrc Log 'info stdout'
} # And kill it using ^C after a few seconds
And then I get
} [sid_armel-dchroot] weasel@harris:~$ cat hs/hostname
} upxkcswnvepfls7vcy5vuixy54hlugfjnzhvl5ygfbjtm7znkyahcvad.onion
on armel, armhf, and also amd64.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#975939: tor: Tor fails to boot when SOCKSPORT set to anything but localhost
On Thu, 26 Nov 2020, mike wrote: > I have a server on the LAN that hosts a few minor Tor hidden services. > I'd like it to also allow connections from the LAN to allow other > computers on the LAN to use the SOCKSPORT rather than each one have to > individually run their own tor proxy. In torrc if I set the following > the tor daemon fails to bootstrap when I restart the machine. > /var/log/tor/notices.log is empty upon boot and systemctl status tor > shows as loaded, but the daemon doesn't allow connections from nyx or > any other application. > Changing to SOCKSPORT :9100 results in the same problem. On reboot tor > fails to load without error, but when restarting tor via systemd tor > works fine. Does it work if you set SocksPort to 0.0.0.0:9100? What does syslog say in either case? -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#975297: buster-pu: package tor/3.5.12-1
On Fri, 20 Nov 2020, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> Hi,
>
> On Fri, 2020-11-20 at 07:43 +, Peter Palfrader wrote:
> > Stable currently has Tor 0.3.5.10.
> >
> > Upstream released 0.3.5.11 and 0.3.5.12 since, which bring some
> > security fixes, update the list of fallback directory servers, and a
> > few things more.
> >
> > See
> > https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.12
> > for a full list.
> >
> > I would like to build and upload packages for tor 3.5.12.
>
> Based on previous updates, I'd be happy with that, but please attach a
> debdiff to this bug log once it's built / uploaded, for completeness.
} iweasel@orinoco:~/projects/debian/debian/tor/0.3.5.X/0.3.5.12-1$ debdiff
../0.3.5.10-1/tor_0.3.5.10-1_source.changes tor_0.3.5.12-1_source.changes
} File lists identical (after any substitutions)
} weasel@orinoco:~/projects/debian/debian/tor/0.3.5.X/0.3.5.12-1$ debdiff
../0.3.5.10-1/tor_0.3.5.10-1_amd64.changes tor_0.3.5.12-1_amd64.changes
} [The following lists of changes regard files as different if they have
} different names, permissions or owners.]
}
} Files in second .changes but not in first
} -
} -rw-r--r-- root/root
/usr/lib/debug/.build-id/18/bd700da967b9476719cb90673f0f4583c8a6a7.debug
} -rw-r--r-- root/root
/usr/lib/debug/.build-id/45/2e6cbd2fb513558a8cd34c7c4f3976187558de.debug
} -rw-r--r-- root/root
/usr/lib/debug/.build-id/e0/7c60e61bff7a6889d4ec421b7bed8cf26d0791.debug
} -rw-r--r-- root/root
/usr/lib/debug/.build-id/ea/4bdaf3cfd226cd4d215276517548b9f34ba5b9.debug
}
} Files in first .changes but not in second
} -
} -rw-r--r-- root/root
/usr/lib/debug/.build-id/02/7122fe11c07cce9682d43c677dc1e072b35e5a.debug
} -rw-r--r-- root/root
/usr/lib/debug/.build-id/0b/6fdffb0e845324489080a83d64f683c156d2ac.debug
} -rw-r--r-- root/root
/usr/lib/debug/.build-id/a1/ece546e7fe6bd69b13ed10faaee7ab7067144d.debug
} -rw-r--r-- root/root
/usr/lib/debug/.build-id/cb/fd02ab0ee4b42164806ad4c3176679cc7077d3.debug
}
} Control files of package tor: lines which differ (wdiff format)
} ---
} Installed-Size: [-5071-] {+5074+}
} Version: [-0.3.5.10-1-] {+0.3.5.12-1+}
}
} Control files of package tor-dbgsym: lines which differ (wdiff format)
} --
} Build-Ids: [-027122fe11c07cce9682d43c677dc1e072b35e5a
0b6fdffb0e845324489080a83d64f683c156d2ac
a1ece546e7fe6bd69b13ed10faaee7ab7067144d
cbfd02ab0ee4b42164806ad4c3176679cc7077d3-]
{+18bd700da967b9476719cb90673f0f4583c8a6a7
452e6cbd2fb513558a8cd34c7c4f3976187558de
e07c60e61bff7a6889d4ec421b7bed8cf26d0791
ea4bdaf3cfd226cd4d215276517548b9f34ba5b9+}
} Depends: tor (= [-0.3.5.10-1)-] {+0.3.5.12-1)+}
} Installed-Size: [-5367-] {+5368+}
} Version: [-0.3.5.10-1-] {+0.3.5.12-1+}
}
} Control files of package tor-geoipdb: lines which differ (wdiff format)
} ---
} Depends: tor (>= [-0.3.5.10-1)-] {+0.3.5.12-1)+}
} Installed-Size: [-8358-] {+8361+}
} Version: [-0.3.5.10-1-] {+0.3.5.12-1+}
(I'll only upload the source one)
Source diffs attached.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
diff -u tor-0.3.5.10/debian/changelog tor-0.3.5.12/debian/changelog
--- tor-0.3.5.10/debian/changelog
+++ tor-0.3.5.12/debian/changelog
@@ -1,3 +1,9 @@
+tor (0.3.5.12-1) buster; urgency=medium
+
+ * New upstream version, updating Tor in stable (cf. #975297).
+
+ -- Peter Palfrader Wed, 25 Nov 2020 08:44:12 +0100
+
tor (0.3.5.10-1) buster-security; urgency=medium
* New upstream version.
diff -u tor-0.3.5.10/debian/micro-revision.i tor-0.3.5.12/debian/micro-revision.i
--- tor-0.3.5.10/debian/micro-revision.i
+++ tor-0.3.5.12/debian/micro-revision.i
@@ -1 +1 @@
-"48bd3fbaa3edb9b0"
+"d02a75ee30269081"
diff -u tor-0.3.5.10/debian/misc/backport tor-0.3.5.12/debian/misc/backport
--- tor-0.3.5.10/debian/misc/backport
+++ tor-0.3.5.12/debian/misc/backport
@@ -77,6 +77,7 @@
disco disco 1
eoan eoan 1
focal focal 1
+groovy groovy 1
EOF
)
if [ -z "$result" ] ; then
diff -u tor-0.3.5.10/debian/misc/build-tor-sources tor-0.3.5.12/debian/misc/build-tor-sources
--- tor-0.3.5.10/debian/misc/build-tor-sources
+++ tor-0.3.5.12/debian/misc/build-tor-sources
@@ -221,6 +221,11 @@
bp1 $pkg $dir $sid_debian_version focal
bp2 $pkg $dir $origtar
+ # groovy (EOL: 2021-07)
+ #
+ bp1 $pkg $dir $sid_debian_version groovy
+ bp2 $pkg $dir $origtar
+
##
Bug#975297: buster-pu: package tor/3.5.12-1
On Fri, 20 Nov 2020, Peter Palfrader wrote:
> I would like to build and upload packages for tor 3.5.12.
Actually, that's 0.3.5.12, and the package would be 0.3.5.12-1.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#975297: buster-pu: package tor/3.5.12-1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi! Stable currently has Tor 0.3.5.10. Upstream released 0.3.5.11 and 0.3.5.12 since, which bring some security fixes, update the list of fallback directory servers, and a few things more. See https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.12 for a full list. I would like to build and upload packages for tor 3.5.12. Please ack? -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#961956: tor: After upgrade to Unstable tor doesn't start automatically
Hi Russell!
On Mon, 01 Jun 2020, Russell Coker wrote:
> Package: tor
> Version: 0.4.3.5-1
> Severity: normal
>
> After upgrading tor to the version in Unstable on two systems they both don't
> start it on boot, I have to run "systemctl restart tor@default.service" to
> start it.
>
> I expect it to just start on boot, as it did previously.
It's supposed to start automatically, and it does for me.
What does journalctl say about the service? Anything in the
torlog/syslog?
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#942309: [linux-...@okhysing.is: New Debian mirror submission (mirrors.opensource.is)]
On Mon, 14 Oct 2019, Peter Palfrader wrote:
> o The tracefile
> http://mirrors.opensource.is/debian/project/trace/mirrors.opensource.is
> suggests that the ftpsync version you are using is very old. Please
> upgrade.
>
> Using a modern ftpsync ensures updates are done in the correct order
> so apt clients don't get confused. In particular, it processes
> translations, contents, and more files that have been added to the
> archive in recent years in the correct stage. It also should produce
> trace files that contain more information that is useful for us and helps
> downstream mirrors sync better.
>
> http://ftp.debian.org/debian/project/ftpsync/ftpsync-current.tar.gz
Ping.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#944810: mirror submission for mirrors.mivocloud.com
Hi!
On Fri, 15 Nov 2019, MivoCloud wrote:
> Site: mirrors.mivocloud.com
I added this mirror, however, there are some issues you may want to
resolve:
o we recommend mirrors not sync directly from service aliases such as
ftp..debian.org (only http is guaranteed to be available at
ftp..d.o sites). Maybe change your config to sync from
the site currently backing the ftp..debian.org service you sync
from?
o The nameservers for mirrors.mivocloud.com are all in the same AS. For
reliability we
recommend having nameservers in more than one location.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#944246: mirror listing update for mirror.nbtelecom.com.br
Unfortunately your mirror still redirects to https. On Wed, 06 Nov 2019, Pedro Alves wrote: > Submission-Type: update > Site: mirror.nbtelecom.com.br > Type: leaf > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: Pedro Alves > Country: BR Brazil > Location: Rio de Janeiro > Sponsor: NB Telecom https://www.nbtelecom.com.br -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#942060: closed by Peter Palfrader (reply to Debian Mirror Team ) (Re: Bug#942060: mirror submission for us.mirror.nsec.pt)
Hi! On Tue, 29 Oct 2019, Yev G wrote: > Looks like we had some issues with the cron, by ftpsync logs(and > trace) that should be fixed. > > So I'm reopening the ticket for the same purpose. I added your mirror, thanks. Our checker still has this to say: $ ./mirror-check.py us.mirror.nsec.pt | o The tracefile at | http://us.mirror.nsec.pt/debian/project/trace/us.mirror.nsec.pt | is missing some required information. | | We expect at least the Maintainer and Upstream-mirror values to be filled in, | and your tracefile is missing one or both of them. | | o The nameservers for us.mirror.nsec.pt are all in the same AS. For reliability we | recommend having nameservers in more than one location. Also, > I'd like to add a new mirror to the official Debian mirror list. For > now it only has public http but we are also thinking about adding > ftp. I don't think supporting ftp:// in this day and age is anything you need to spend any time on. Feel free to do it, but I just don't see the benefit. If you want to add another protocol to support, then offering rsync access would be useful for downstreams :) Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#942451: mirror submission for mirror.ufro.cl
On Wed, 23 Oct 2019, Jonathan Gutiérrez wrote: > Hello! I updated ftpsync and the trace file should have the required > information now. Please check it out and tell me if there's still something > else that needs to be fixed. It seems you dropped sources. What are your ARCH_* settings? If you want a full mirror, you can just not set any of them. I suspect all ARCH_INCLUDE='*' might also work. > About the nameservers, sadly, that's not in my hands, but I'll ask about > that to the right people anyway. Please do. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#941903: snapshot.debian.org: 404 error for one snapshot.debian.org IP address but not for the other
Evan Jones schrieb am Monday, dem 21. October 2019: > THANK YOU and whoever else is involved in maintaining this. Just letting > you know that I appreciate the work here. I don't work for Google, but I do > use Distroless [1], a lightweight Debian-based container runtime that uses > snapshot to have reproducible builds, so this was definitely annoying to > work around. Thanks! > > [1] https://github.com/GoogleContainerTools/distroless I'm tempted to think that this tool should not use snapshot but the real mirrors that can handle the load way better. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#942451: mirror submission for mirror.ufro.cl
Hi! On Wed, 16 Oct 2019, Jonathan Gutierrez wrote: > Site: mirror.ufro.cl > Type: leaf > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: Jonathan Gutierrez > Country: CL Chile > Location: Temuco, Chile > Sponsor: Universidad de La Frontera https://www.ufro.cl/ I have added your mirrror, however: o The tracefile at http://mirror.ufro.cl/debian/project/trace/mirror.ufro.cl is missing some required information. We expect at least the Maintainer and Upstream-mirror values to be filled in. o The tracefile http://mirror.ufro.cl/debian/project/trace/mirror.ufro.cl suggests that the ftpsync version you are using is very old. Please upgrade. Using a modern ftpsync ensures updates are done in the correct order so apt clients don't get confused. In particular, it processes translations, contents, and more files that have been added to the archive in recent years in the correct stage. It also should produce trace files that contain more information that is useful for us and helps downstream mirrors sync better. http://mirror.ufro.cl/debian/project/ftpsync/ftpsync-current.tar.gz o The nameservers for mirror.ufro.cl are all in the same /24 network. For reliability we recommend having nameservers in more than one location. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#940152: Please add 'verbose' option to show transfers
Hi Daniel!
On Fri, 13 Sep 2019, Daniel Baumann wrote:
> when doing a manual 'ftpsync sync:archive:foo' invocation, it would be
> nice to be able to specify something like '--verbose' to show the output
> of rsync on the console directly.
>
> Having to walk to /var/log/ftpsync and doing a 'tail -f' on the correct
> logfile is inconvenient.
Sounds like a good idea. Can you provide a patch?
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#932503: mirror submission for repo.iut.ac.ir
On Tue, 15 Oct 2019, IT Center wrote: > Hello > > Our source: mirror.de.leaseweb.net Not what I meant. You must ship the sources for all the binaries. For instance at http://repo.iut.ac.ir/debian/pool/main/n/ncdu/ there are no source files (tar.gz and dsc). In ftpsync, you should list source as an architecture to include. (Also, names are cut off) Cheers, > On 2019-10-14 15:19, Peter Palfrader wrote: > > > Control: retitle -1 mirror submission for repo.iut.ac.ir [sources] > > Control: tag -1 +moreinfo > > > > Hi! > > > > On Sat, 20 Jul 2019, ITCenter Software Group wrote: > > > >> Submission-Type: new > >> Archive-architecture: amd64 arm64 > > > > To comply with the licenses of various pieces of software that you > > distribute on that mirror, you will probably need to also include > > sources. > > > > To be listed as a Debian mirror in our mirror-list you MUST include > > sources. > > > > Please let us know how you want to proceed. > > > > Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#941216: mirror submission for mirror.nbtelecom.com.br
On Wed, 16 Oct 2019, Pedro Alves wrote: > > Is it a problem if we redirect all http requests to https ? Yes. Please don't do that. It's ok to also offer a https version, but redirecting clients may break them if their systems don't trust all of the CAB Forum. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#941903: snapshot.debian.org: 404 error for one snapshot.debian.org IP address but not for the other
Michael Rogers schrieb am Monday, dem 07. October 2019: > When trying to fetch package lists and packages from the > buster/updates repository I get 404 errors at random, depending on > which IP address of snapshot.debian.org my machine chooses for each > request. Requests that go to 193.62.202.27 succeed, while requests > that go to 185.17.185.185 fail with 404 errors. > The requested URL /file/02424f70567c5695ef02c2410dd9bca446a86437 was not > found on this server. Thanks for the report. It seems that the farm broke. Should be fixed now, sync is still in progress. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#921500: [20190206] mirror.poliwangi.ac.id: unreliable sync
Control: retitle -1 [20191015] mirror.poliwangi.ac.id: ghost updates On Wed, 06 Feb 2019, Peter Palfrader wrote: > According to our monitoring, mirror.poliwangi.ac.id is not at keeping up > to date. The archive updates every 6 hours (4 times a day), but as seen > on > https://mirror-master.debian.org/status/mirror-info/mirror.poliwangi.ac.id.html > your mirror often is many days behind. It seems the mirror is now keeping up, which is great. However, there are weird updates to the tracefile, usually three in total, after every mirror run. See the bold entries in the sitetrace column at https://mirror-master.debian.org/status/mirror-info/mirror.poliwangi.ac.id.html Any idea what's going on there? Please investigate. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#931758: mirror submission for repo.jztkft.hu
On Mon, 14 Oct 2019, Birincsik Gábor wrote:
> I misunderstood, I changed to BME server, and doing a force sync.
>
> Will I get the approval for being an official debian mirror?
Your mirror should make it to the website and the debian installer when
they are next re-built. This can take a while.
Thanks for your support!
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#932709: mirror listing update for mirrors.netix.net
On Tue, 15 Oct 2019, Krasen Tsnevski wrote:
> Now is:
>
> RSYNC_HOST=ftp.de.debian.org
This is *NOT* recommended.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#941216: mirror submission for mirror.nbtelecom.com.br
I have removed your mirror again, as it's broken now. | weasel@orinoco:~$ wget -O - http://mirror.nbtelecom.com.br/debian/project/trace/mirror.nbtelecom.com.br -q | | | 400 Bad Request | | Bad Request | Your browser sent a request that this server could not understand. | Reason: You're speaking plain HTTP to an SSL-enabled server port. | Instead use the HTTPS scheme to access this URL, please. | Hint: https://nbtelecom.dl.sourceforge.net/;>https://nbtelecom.dl.sourceforge.net/ Please re-submit your mirror should it come back. On Thu, 26 Sep 2019, Pedro Alves wrote: > Trace Url: > http://mirror.nbtelecom.com.br/debian/project/trace/mirror.nbtelecom.com.br > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#932709: mirror listing update for mirrors.netix.net
On Tue, 15 Oct 2019, Krasen Tsnevski wrote: > I put the latest version of ftpsync and let it sync. > Can you now see if everything is all right? I added it, but I still noticed this: o we recommend mirrors not sync directly from service aliases such as ftp..debian.org (only http is guaranteed to be available at ftp..d.o sites). Maybe change your config to sync from the site currently backing the ftp..debian.org service you sync from? Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#918357: mirror listing update for mirror.unesp.br
While I added your mirror, at least one of the issues below have not been addressed. On Sun, 06 Jan 2019, Peter Palfrader wrote: > Control: retitle -1 mirror.unesp.br: upstream-name > Control: tag -1 +moreinfo > > On Sat, 05 Jan 2019, Erley Barbosa da Silva / Valdir Barbosa wrote: > > > Site: mirror.unesp.br > > Type: leaf > > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > > Archive-http: /debian/ > > Archive-rsync: debian/ > > Maintainer: Erley Barbosa da Silva / Valdir Barbosa > > Country: BR Brazil > > Location: Sao Paulo > > Sponsor: Universidade Estadual Paulista (UNESP) https://www.unesp.br > > Comment: Mirror at the university. > > Hi! > > o According to > http://mirror.unesp.br/debian/project/trace/mirror.unesp.br > you use ftp.br.debian.org as an upstream mirror. > > Please, do not use ftp.*.debian.org. First, ftp.*.debian.org services > only guarantee that http is available on /debian, no guarantee for > rsync access exists. Even if an ftp.CC.debian.org supports rsync now, > there is no guarantee that it will in the future. Second, > ftp.CC.debian.org might be a round robin of different sites, so you > would not always pull from the same upstream. > > Better pick an individual name, such as debian.c3sl.ufpr.br which > currently is ftp.br.debian.org. > > o Your mirror seems to not have updated for almost a day. Are you sure > you are running ftpsync four times a day? > Or, once you correct your upstream name, you could also try running > ftpsync-cron every hour or two instead. It will check the upstream > trace file > http://debian.c3sl.ufpr.br/debian/project/trace/debian.c3sl.ufpr.br > to see if an update is required and run ftpsync if so. > > Cheers, > > PS: I'm currently writing https://etherpad.wikimedia.org/p/debian-mirror -- > let me know if it's helpful or is missing anything. > > Cheers, > -- > | .''`. ** Debian ** > Peter Palfrader | : :' : The universal > https://www.palfrader.org/ | `. `' Operating System > | `-https://www.debian.org/ > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#942309: [linux-...@okhysing.is: New Debian mirror submission (mirrors.opensource.is)]
Control: retitle -1 mirror submission for mirrors.opensource.is [ftpsync-version] Control: tag -1 +moreinfo Hi, o The tracefile http://mirrors.opensource.is/debian/project/trace/mirrors.opensource.is suggests that the ftpsync version you are using is very old. Please upgrade. Using a modern ftpsync ensures updates are done in the correct order so apt clients don't get confused. In particular, it processes translations, contents, and more files that have been added to the archive in recent years in the correct stage. It also should produce trace files that contain more information that is useful for us and helps downstream mirrors sync better. http://ftp.debian.org/debian/project/ftpsync/ftpsync-current.tar.gz On Mon, 14 Oct 2019, Peter Palfrader wrote: > Package: mirrors > Severity: wishlist > User: mirr...@packages.debian.org > Usertags: mirror-submission > > - Forwarded message from "linux-...@okhysing.is" > - > > From: "linux-...@okhysing.is" > Subject: New Debian mirror submission (mirrors.opensource.is) > To: mirr...@debian.org > Date: Fri, 09 Aug 2019 12:50:45 + > Message-Id: > X-Spam-Status: No, score=-2.7 required=5.0 tests=ALL_TRUSTED,BAYES_00, > HEADER_FROM_DIFFERENT_DOMAINS autolearn=no autolearn_force=no version=3.4.2 > X-Original-To: pe...@palfrader.org > > Submission-Type: new > Site: mirrors.opensource.is > Type: leaf > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > Archive-http: /debian/ > Maintainer: linux-...@okhysing.is > Country: IS Iceland > Location: Iceland > Sponsor: Opin Kerfi https://opinkerfi.is/en > Comment: We are also hosting /debian-cd so we would like it to be added as > well. > > > > > Trace Url: http://mirrors.opensource.is/debian/project/trace/ > Trace Url: > http://mirrors.opensource.is/debian/project/trace/ftp-master.debian.org > Trace Url: > http://mirrors.opensource.is/debian/project/trace/mirrors.opensource.is > > > - End forwarded message - > > -- > | .''`. ** Debian ** > Peter Palfrader | : :' : The universal > https://www.palfrader.org/ | `. `' Operating System > | `-https://www.debian.org/ > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#931758: mirror submission for repo.jztkft.hu
As I said, RSYNC_HOST=ftp.hu.debian.org is NOT recommended. On Mon, 14 Oct 2019, Birincsik Gábor wrote: > Hello, > > Here my configuration file: > MIRRORNAME="repo.jztkft.hu" > TO="/srv/repo/mirror/debian" > # MAILTO="$LOGNAME" > # HUB=false > > > ## Connection options > > > RSYNC_HOST=ftp.hu.debian.org > RSYNC_PATH="debian" > # RSYNC_USER= > # RSYNC_PASSWORD= > > This is how it is setup. > > Gábor > > On 2019.10.14. 13:45, Peter Palfrader wrote: > > Hi > > > > On Wed, 10 Jul 2019, Gabor Birincsik wrote: > > > > > Submission-Type: new > > > Site: repo.jztkft.hu > > > Trace Url: http://repo.jztkft.hu/debian/project/trace/ > > > Trace Url: > > > http://repo.jztkft.hu/debian/project/trace/ftp-master.debian.org > > > Trace Url: http://repo.jztkft.hu/debian/project/trace/repo.jztkft.hu > > says > > | Upstream-mirror: ftp.hu.debian.org > > > > o we recommend mirrors not sync directly from service aliases such as > >ftp..debian.org (only http is guaranteed to be available at > >ftp..d.o sites). Maybe change your config to sync from > >the site currently backing the ftp..debian.org service you sync > >from? > > > > Cheers, > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#934449: mirror submission for mirror.realcompute.io
Hi! On Sun, 11 Aug 2019, Andrew Yager wrote: > Site: mirror.realcompute.io > > Trace Url: > http://mirror.realcompute.io/debian/project/trace/mirror.realcompute.io says | Upstream-mirror: ftp.au.debian.org o we recommend mirrors not sync directly from service aliases such as ftp..debian.org (only http is guaranteed to be available at ftp..d.o sites). Maybe change your config to sync from the site currently backing the ftp..debian.org service you sync from? Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#933404: mirror submission for debian.voipgrow.com
Hi!
On Tue, 30 Jul 2019, Saban wrote:
> Submission-Type: new
> Site: debian.voipgrow.com
> Trace Url: http://debian.voipgrow.com/debian/project/trace/debian.voipgrow.com
says
| Upstream-mirror: ftp.nl.debian.org
o we recommend mirrors not sync directly from service aliases such as
ftp..debian.org (only http is guaranteed to be available at
ftp..d.o sites). Maybe change your config to sync from
the site currently backing the ftp..debian.org service you sync
from?
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#933852: mirror submission for debmirror.hbcse.tifr.res.in
Hi!
On Sun, 04 Aug 2019, Ashish Kumar Singh wrote:
> Site: debmirror.hbcse.tifr.res.in
> Trace Url:
> http://debmirror.hbcse.tifr.res.in/debian/project/trace/debmirror.hbcse.tifr.res.in
says
| Upstream-mirror: ftp.sg.debian.org
o we recommend mirrors not sync directly from service aliases such as
ftp..debian.org (only http is guaranteed to be available at
ftp..d.o sites). Maybe change your config to sync from
the site currently backing the ftp..debian.org service you sync
from?
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#932503: mirror submission for repo.iut.ac.ir
Control: retitle -1 mirror submission for repo.iut.ac.ir [sources] Control: tag -1 +moreinfo Hi! On Sat, 20 Jul 2019, ITCenter Software Group wrote: > Submission-Type: new > Archive-architecture: amd64 arm64 To comply with the licenses of various pieces of software that you distribute on that mirror, you will probably need to also include sources. To be listed as a Debian mirror in our mirror-list you MUST include sources. Please let us know how you want to proceed. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#929864: mirror submission for debianmirror.una.ac.cr
On Sun, 02 Jun 2019, Maykol Phillips wrote: > Submission-Type: new > Site: debianmirror.una.ac.cr > Trace Url: > http://debianmirror.una.ac.cr/debian/project/trace/debianmirror.una.ac.cr says: | Upstream-mirror: ftp.us.debian.org o we recommend mirrors not sync directly from service aliases such as ftp..debian.org (only http is guaranteed to be available at ftp..d.o sites). This holds double for those backed by more than one server, as the target you're syncing against keeps changing. Maybe change your config to sync from a specific site. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#931758: mirror submission for repo.jztkft.hu
Hi On Wed, 10 Jul 2019, Gabor Birincsik wrote: > Submission-Type: new > Site: repo.jztkft.hu > Trace Url: http://repo.jztkft.hu/debian/project/trace/ > Trace Url: http://repo.jztkft.hu/debian/project/trace/ftp-master.debian.org > Trace Url: http://repo.jztkft.hu/debian/project/trace/repo.jztkft.hu says | Upstream-mirror: ftp.hu.debian.org o we recommend mirrors not sync directly from service aliases such as ftp..debian.org (only http is guaranteed to be available at ftp..d.o sites). Maybe change your config to sync from the site currently backing the ftp..debian.org service you sync from? Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#929699: mirror submission for mirror.xaas.ir
Control: retitle -1 mirror submission for mirror.xaas.ir [syncscript]
Control: tag -1 +moreinfo
On Wed, 29 May 2019, ali bahramiyan wrote:
> Submission-Type: new
> Site: mirror.xaas.ir
> Type: leaf
> Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386
> kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
> Archive-http: /debian/
> Archive-rsync: debian/
> Maintainer: ali bahramiyan
> Country: IR Iran, Islamic Republic of
> Location: Tehran
> Sponsor: XaaS Cloud Computing https://www.xaas.ir
>
> Trace Url: http://mirror.xaas.ir/debian/project/trace/
> Trace Url: http://mirror.xaas.ir/debian/project/trace/ftp-master.debian.org
> Trace Url: http://mirror.xaas.ir/debian/project/trace/mirror.xaas.ir
Thank you for your support in mirroring Debian.
o trace file:
I notice there is no tracefile matching your site name. See link
above.
Please use our ftpsync script to mirror Debian.
It should produce the trace files we require, and do the mirroring in a way
that ensures the mirror is in a consistent state even during updates.
http://ftp.debian.org/debian/project/ftpsync/ftpsync-current.tar.gz
Using a modern ftpsync ensures updates are done in the correct order
so apt clients don't get confused. In particular, it processes
translations, contents, and more files that have been added to the
archive in recent years in the correct stage. It also should produce
trace files that contain more information that is useful for us and helps
downstream mirrors sync better.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#928998: mirror submission for debian.blue3.com.br
Control: retitle -1 mirror submission for debian.blue3.com.br [tracefile-name mirror-gone?] Control: tag -1 +moreinfo Seems that mirror changed name. At least http://debian.blue3.com.br/debian/project/trace/debian.blue3.com.br is no longer a thing. What's the status? On Tue, 14 May 2019, Samir Hanna Verza wrote: > Package: mirrors > Severity: wishlist > User: mirr...@packages.debian.org > Usertags: mirror-submission > > Submission-Type: new > Site: debian.blue3.com.br > Type: leaf > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 > kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: Samir Hanna Verza > Country: BR Brazil > Location: Porto Alegre / RS > Sponsor: BLUE3 http://blue3.com.br > Comment: [2019] 20Gbps with PTTRS RPN, 1Gbps with ISP > > > > > Trace Url: http://debian.blue3.com.br/debian/project/trace/ > Trace Url: > http://debian.blue3.com.br/debian/project/trace/ftp-master.debian.org > Trace Url: http://debian.blue3.com.br/debian/project/trace/debian.blue3.com.br > -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#932709: mirror listing update for mirrors.netix.net
Control: retitle -1 mirror submission for mirrors.netix.net [tracefile-info syncscript] Control: tag -1 +moreinfo Hi! On Mon, 22 Jul 2019, Krasen Tsonevski wrote: > Site: mirrors.netix.net > Trace Url: http://mirrors.netix.net/debian/project/trace/ > Trace Url: http://mirrors.netix.net/debian/project/trace/ftp-master.debian.org > Trace Url: http://mirrors.netix.net/debian/project/trace/mirrors.netix.net o The tracefile linked above suggests that the ftpsync version you are using is very old. Please upgrade. Using a modern ftpsync ensures updates are done in the correct order so apt clients don't get confused. In particular, it processes translations, contents, and more files that have been added to the archive in recent years in the correct stage. It also should produce trace files that contain more information that is useful for us and helps downstream mirrors sync better. http://ftp.debian.org/debian/project/ftpsync/ftpsync-current.tar.gz -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#929918: Acknowledgement (mirror submission for mirror.ipb.de)
Stefan Funke schrieb am Friday, dem 26. July 2019:
> We registered our Debian mirror about ~2 month ago and didn’t receive any
> update/reply.
> Any update on this? Is there anything we can do?
Added,
Cheers
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#942309: [linux-...@okhysing.is: New Debian mirror submission (mirrors.opensource.is)]
Package: mirrors Severity: wishlist User: mirr...@packages.debian.org Usertags: mirror-submission - Forwarded message from "linux-...@okhysing.is" - From: "linux-...@okhysing.is" Subject: New Debian mirror submission (mirrors.opensource.is) To: mirr...@debian.org Date: Fri, 09 Aug 2019 12:50:45 + Message-Id: X-Spam-Status: No, score=-2.7 required=5.0 tests=ALL_TRUSTED,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS autolearn=no autolearn_force=no version=3.4.2 X-Original-To: pe...@palfrader.org Submission-Type: new Site: mirrors.opensource.is Type: leaf Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x Archive-http: /debian/ Maintainer: linux-...@okhysing.is Country: IS Iceland Location: Iceland Sponsor: Opin Kerfi https://opinkerfi.is/en Comment: We are also hosting /debian-cd so we would like it to be added as well. Trace Url: http://mirrors.opensource.is/debian/project/trace/ Trace Url: http://mirrors.opensource.is/debian/project/trace/ftp-master.debian.org Trace Url: http://mirrors.opensource.is/debian/project/trace/mirrors.opensource.is - End forwarded message - -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#940227: please provide the policy as one big file
On Sat, 14 Sep 2019, Charles Plessy wrote:
> Le Sat, Sep 14, 2019 at 09:13:22AM +0000, Peter Palfrader a écrit :
> >
> > https://www.debian.org/doc/debian-policy/ is pretty and all,
> > but it's really hard to grep in it since it's split into different files
> > for each section.
> >
> > Please provide a version where everything is in one file.
>
> Hi Peter,
>
> please find it at:
>
> https://www.debian.org/doc/debian-policy/policy.txt
>
> Links for the different formats:
>
> https://www.debian.org/doc/devel-manuals#policy
>
> Have a nice week-end,
Thanks. Could this please be linked from
https://www.debian.org/doc/debian-policy/ also, as this is the URL
google actually has (and I wasn't the only one on IRC who didn't know
of or find that text version).
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#940229: uses killall in logrotate snippet
Package: mosquitto
Version: 1.5.7-1
Severity: important
Regarding severity, see [1].
| root@raven:~# systemctl --failed
| UNIT LOAD ACTIVE SUBDESCRIPTION
| ● logrotate.service loaded failed failed Rotate log files
| root@raven:~# journalctl -u logrotate.service
| -- Logs begin at Fri 2019-09-13 13:14:46 CEST, end at Sat 2019-09-14 10:46:55
CEST. --
| Sep 14 00:00:01 raven systemd[1]: Starting Rotate log files...
| Sep 14 00:00:02 raven logrotate[17281]: logrotate_script: 2:
logrotate_script: /usr/bin/killall: not found
| Sep 14 00:00:02 raven logrotate[17281]: error: error running non-shared
postrotate script for /var/log/mosquitto/mosquitto.log of
'/var/log/mosquitto/mosquitto.log '
| Sep 14 00:00:02 raven systemd[1]: logrotate.service: Main process exited,
code=exited, status=1/FAILURE
| Sep 14 00:00:02 raven systemd[1]: logrotate.service: Failed with result
'exit-code'.
So, there's a few things wrong with this logrotate setup:
| root@raven:~# grep -A1 postro /etc/logrotate.d/mosquitto
| postrotate
| /usr/bin/killall -HUP mosquitto
First, you should never use killall (or pkill) to send signals to
processes by name out of system scripts. You may only send things to
your processes, and you don't control which other things on the system
might be called mosquitto.
Second, *if* you use killall, you need to ensure it's actually
installed. killall is shipped by the psmisc package, which is not
Essential, yet the mosquitto packages doesn't depend on it. Further,
the postrotate snippet probably should NOT supply the full path to the
script[2].
However, what the script probably should do is reload its service using
something like apache2 does:
| postrotate
| if invoke-rc.d apache2 status > /dev/null 2>&1; then \
| invoke-rc.d apache2 reload > /dev/null 2>&1; \
| fi;
| endscript
This will call the service's reload thing. Your sysV init script
already correctly sends a HUP only to the service process. It seems
the systemd service file doesn't. I don't know if this is the proper
way to deal with this issue but the following should work:
@@ -8,6 +8,7 @@
Type=notify
NotifyAccess=main
ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
+ExecReload=/bin/kill -HUP ${MAINPID}
Restart=on-failure
[Install]
Cheers,
PS: please consider updating the version in stable.
Cheers,
1: This could be serious, since "Packages must include a "Depends:" line
listing any other packages they require for operation", but then it's
"just" logrotation. Either way, please fix :)
2: | Programs called from maintainer scripts should not normally have a
| path prepended to them. [...] These considerations really apply to
| all shell scripts.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#940227: please provide the policy as one big file
Package: www.debian.org Severity: wishlist Hi! https://www.debian.org/doc/debian-policy/ is pretty and all, but it's really hard to grep in it since it's split into different files for each section. Please provide a version where everything is in one file. Cheers, weasel -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#940226: broken link to source from policy manual
Package: www.debian.org Severity: normal Hey! https://www.debian.org/doc/debian-policy/ has a "Show Source" link to https://www.debian.org/doc/debian-policy/_sources/index.rst.txt which doesn't exist. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#939873: qla2xxx .. Async-gnlist failed
Package: src:linux Version: 4.19.67-2 Severity: important The buster kernel, as well as the backports kernel (linux-image-5.2.0-0.bpo.2-amd64 5.2.9-2~bpo10+1) fail to boot sibelius.debian.org, which has some storage attached to it via, presumably, FC. The kernel keeps printing | qla2xxx [...]-...: Async-gpdb failed - hdl=.. ... and systemd keeps waiting for the devices to appear. Screenshot of remote console attached. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#939310: missing systray icon for blueman-applet
On Tue, 03 Sep 2019, Christopher Schramm wrote: > Hi Peter, > > sounds like there's some issue with the libappindicator-based icon > implementation which disables the GTK-based one. Your edit effectively > avoids the latter. > > Did you try blueman 2.1.1-1 yet? I built it on stable and tried it. Same problem. } weasel@orinoco:~$ blueman-applet } } (blueman-applet:6950): Gtk-WARNING **: 10:45:02.006: Theme parsing error: gtk.css:127:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version } } (blueman-applet:6950): Gtk-WARNING **: 10:45:02.006: Theme parsing error: gtk.css:128:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version } } (blueman-applet:6950): Gtk-WARNING **: 10:45:02.006: Theme parsing error: gtk.css:132:46: The style property GtkScrolledWindow:scrollbars-within-bevel is deprecated and shouldn't be used anymore. It will be removed in a future version } blueman-applet version 2.1.1 starting } Stale PID, overwriting } blueman-tray version 2.1.1 starting } Stale PID, overwriting } Terminating blueman-tray } blueman-applet 10.45.02 WARNING PluginManager:147 __load_plugin: Not loading PPPSupport because its conflict has higher priority } blueman-applet 10.45.02 WARNING PluginManager:147 __load_plugin: Not loading DhcpClient because its conflict has higher priority } blueman-applet 10.45.02 ERRORAgentManager:18 on_register_failed: /org/bluez/obex/agent/blueman org.bluez.obex.Error.AlreadyExists Agent already exists } blueman-tray version 2.1.1 starting } Stale PID, overwriting } } (blueman-tray:6968): Gtk-WARNING **: 10:45:02.477: Theme parsing error: gtk.css:127:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version } } (blueman-tray:6968): Gtk-WARNING **: 10:45:02.477: Theme parsing error: gtk.css:128:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version } } (blueman-tray:6968): Gtk-WARNING **: 10:45:02.477: Theme parsing error: gtk.css:132:46: The style property GtkScrolledWindow:scrollbars-within-bevel is deprecated and shouldn't be used anymore. It will be removed in a future version but no systray icon. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#939310: missing systray icon for blueman-applet
Package: blueman Version: 2.0.8-1 Severity: normal Hi! I run awesomewm with KDE. When I start blueman-applet, an icon briefly flickers in my awesomewm systray, but then is no longer visible and I don't see any way to get it to stay visible. If I edit /usr/lib/python3/dist-packages/blueman/plugins/applet/AppIndicator.py to set self.Applet.Plugins.StatusIcon.props.visible to True at the end of on_load() then everything works as it should and I see and can interact with blueman-applet's icon. It would be great if editing files in /usr wasn't necessary for that, though :) Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
Bug#939195: broken config file location
Package: barrier
Version: 2.1.2+dfsg-1
Severity: normal
The manpage says barriers reads it config from:
| If no configuration file pathname is provided then the first of the
| following to load successfully sets the configuration:
| $HOME/.local/share/barrier/barrier.conf /etc/barrier.conf
Apart from the fact that this probably should be ~/.config/barrier.conf,
the code does not match the documentation:
| weasel@orinoco:~$ strace -f barriers -a 127.0.0.1 2>&1 | grep -i open
[..]
| openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
| openat(AT_FDCWD, "/home/weasel/.local/share/barrier/.barrier.conf", O_RDONLY)
= -1 ENOENT (No such file or directory)
| openat(AT_FDCWD, "/etc/barrier.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
So it actually seems to try $HOME/.local/share/barrier/.barrier.conf
(extra dot before barrier.conf).
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
Bug#935886: does not email properly, violating RFC821
Package: bacula-director Version: 9.4.2-1 Severity: normal This is actually against 9.4.2-1~bpo9+1 on stretch. With postfix setting strict_rfc821_envelopes = yes and | root@dictyotum:~# grep bacula-service /etc/bacula/ -r | /etc/bacula/bacula-dir.conf: mail on error = bacula-serv...@torproject.org = all, !skipped | /etc/bacula/bacula-dir.conf: operator = bacula-serv...@torproject.org = mount | /etc/bacula/bacula-dir.conf: mail = bacula-serv...@torproject.org = all, !skipped emails don't work: | root@dictyotum:~# cat /var/log/mail.warn-20190827 | Aug 26 19:13:40 dictyotum/dictyotum postfix/smtpd[1301]: warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: <(Bacula) bacula-serv...@torproject.org> Cheers -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/
