Re: terminal with right-click = paste?

[Lee]

On 4/11/19, bw  wrote:
> In-Reply-To:  fskl8uw2uims3hufbjob...@mail.gmail.com>
>
>>What I have now:
>>XTerm*.Translations:
>
> See, this is one place where I get confused, and find documentation
> lacking.  I often get different results using one of these...
>
> xterm*whatever
> xterm.whatever
> xterm*VT100.whatever
> xterm.vt100.whatever
> *VT100.whatever
>
> It seems there are different ways to match these resource descripters.
> The caps as well as the * and . make a difference also in how they match.
>
> I'm not sure if it's regex, which I am real limited in, or some other
> voodoo that has some better documentation than the xterm manpage, because
> I have read the manpage and I just don't get it.

I don't understand it yet either.  But it sure looks like some kind of
pattern matching, so I'm guessing that
  XTerm*.whatever
sets the property regardless of what the xterm is pretending to be vs.
  XTerm*vt100.whatever
would set the property only if the xterm is pretending to be a VT100.

It seems like I'd want my settings regardless of what the xterm is
pretending to be, so I'm going with XTERM* settings.  (altho it looks
like there's only two choices - vt100 and tek4014 & I doubt I'll ever
want to emulate a tektronics terminal)

The difference between XTerm.vt100.whatever and XTerm*vt100.whatever
is explained in the man page:

   The following resources are specified as part of the vt100
widget (class VT100).
   They are specified by patterns such as
   “XTerm.vt100.NAME”.

   If your xterm is configured to support the “toolbar”, then
those patterns need an
   extra level for the form-widget which holds the toolbar and
vt100 widget.  A
   wildcard between the top-level “XTerm” and the “vt100” widget makes the
   resource settings work for either, e.g., “XTerm*vt100.NAME”.

so apparently there's something like XTerm.toolbar.vt100.xxx resources?

As for upper/lower case - I dunno.  I copied from the example in the
man page but I just did a quick search & it has

NOTE: some resource files use patterns such as
*font: fixed
which are overly broad, affecting both
xterm.vt100.font
and
xterm.vt100.utf8Fonts.font
which is probably not what you intended.

so I don't know if case is significant or no

Lee

Re: From installation DVD to original ISO file.

[David]

On Thu, 11 Apr 2019 at 01:25, Richard Owlett  wrote:

> The solutions I was given at the time revolved around using "isoinfo".

> I've gone in circles trying to find a package including it in *current*
> Debian repository.

Go here:
https://www.debian.org/distrib/packages

Under the heading "Search the contents of packages", choose
Display = packages that contain files named like this
Distribution = stable
Architecture = any
Type your search Keyword: isoinfo
Click on Search button.

Read this result page:
https://packages.debian.org/search?searchon=contents=isoinfo=exactfilename=stable=any

This answer assumes I've correctly understood the ambiguity in your
question. (ie guessing what "it" actually refers to?)
If not, please improve the question.

Re: install debian on latest Macbook pro

[Jerome BENOIT]

Hello Lina,

On 12/04/2019 02:44, lina wrote:
> Hi,
> 
> When I tried to install the Debian on latest MacBook Pro, I found the
> keyboard and the touchpad does not work.
> 
> It is just the beginning, I know I will meet lots of problems,
> 
> Is there any link providing the information how to install and set up
> the debian on the latest version? The one I can grab is for old
> version.

You want to have a look at https://github.com/Dunedan/mbp-2016-linux

hth,
Jerome


> 
> Thanks, lina
> 

Re: terminal with right-click = paste?

[bw]

In-Reply-To: 

>What I have now:
>XTerm*.Translations:

See, this is one place where I get confused, and find documentation 
lacking.  I often get different results using one of these...

xterm*whatever
xterm.whatever
xterm*VT100.whatever
xterm.vt100.whatever
*VT100.whatever

It seems there are different ways to match these resource descripters.  
The caps as well as the * and . make a difference also in how they match.

I'm not sure if it's regex, which I am real limited in, or some other 
voodoo that has some better documentation than the xterm manpage, because 
I have read the manpage and I just don't get it.

Re: How could I install ecryptfs-utils on Buster

[David Christensen]

On 4/11/19 6:51 AM, Pierre Fourès wrote:

Le jeu. 11 avr. 2019 à 02:52, David Christensen
 a écrit :

How about enfs, gocryptfs, and/or libpam-mount?

2019-04-10 17:48:09 dpchrist@po ~
$ apt-cache search fuse encrypt
afflib-tools - Advanced Forensics Format Library (utilities)
camo - SSL/TLS image proxy to prevent mixed-content warnings
encfs - encrypted virtual filesystem
gocryptfs - Encrypted overlay filesystem written in Go.
libpam-mount - PAM module that can mount volumes for a user session


Thanks David for the pointers.

I gave a look at them and this open viables alternatives to ecryptfs,
would I require to go away from it doesn't get reintegrated in Debian.
This drove me to gave a look to see if ecryptfs is still actively
maintained and it seems to be the case as the last commit dates from
2019-02-16 [1]. The package is also announced in [2] as heavily used
in Ubuntu, ChromeOS and several NAS products, so I hope the bug will
get fixed. If it doesn't, to what I saw in [3], gocryptfs seems really
promising, however I find it still a little young for this kind of
subject (2015 for it first release). As I plan to configure dm-crypt
for our servers, I will first dig deeper on the libpam-mount
opportunity. This could make a good fit to satisfy all my use-cases
while only using the same base ciphering tool. So for now, I will keep
ecryptfs running on the desktops in the next following months and will
first start to setup full disk encryption on the servers, then will I
look back to what to do with the desktops.

[1] 
https://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs.git/log/fs/ecryptfs?h=next
[2] http://ecryptfs.org/about.html
[3] https://nuetzlich.net/gocryptfs/comparison/



Understand that each encryption solution -- dm-crypt, encfs, etc. -- 
provides protection against some limited threat; I have not found one 
that works for all use-cases.



dm-crypt is designed to protect encrypted discs when they are at rest 
(cold) -- e.g. the computer is stolen while powered down, the encrypted 
disc has been removed from a computer, etc..  Once a dm-crypt disc is 
decrypted and operating, the system sees a mapped device node (which 
will typically contain a plaintext file system).  Traditional Unix 
permissions apply -- e.g. root can see everything, other users can see 
whatever their UID's/GID's allow per file and directory ownership, mode, 
extended attributes, etc..



If I remember encfs correctly, encfs is designed to provide exclusive 
access to the user who mounts an encrypted folder -- no other user, 
including root, can see the plaintext.



David

Re: New dual boot laptop: Best file system for a USB live image for installation?

[David Christensen]

On 4/11/19 5:02 AM, Tom Browder wrote:

I'm preparing to install Win 10 and Deb 9 on a new ZaReason laptop which
has no installed OS on it.

It comes with one 120 Gb SSD as its primary drive and has an empty bay
where I will install a Samsung evo 860 1 Tb SSD.


Which model zareason laptop?


Which make, model, form factor, and interface 120 GB SSD?


Which form factor and interface Samsung EVO 860 1 TB SSD?


How much RAM?


Make and model WiFi interface?


David

Re: Carnet du téléphone Android et Linux

[Paul Ezvan]

Le 10/04/2019 6:15, cyri...@bollu.be a écrit :
Je suis probablement assez motivé pour développer ce petit logiciel 
sous

Linux moi même, probablement sous licence GPLv3+. Ma tendre épouse
serait ravie, et pour une fois que je vais coder quelquechose pour 
elle,

moi aussi.

Mais j'ai alors besoin du format de ce fichier. Si j'ai bien compris,
c'est du VCARD. en.wikipedia.org/wiki/VCard



Oui c'est du VCard normalement.

Pour la question du cloud, "nextcloud" est une solution open-source
que vous pouvez installer sur un serveur chez vous. Dans ce cas, vous
pouvez être totalement maitre de l'infrastructure traitant les
données.

Cyrille


Nextcloud c'est un peu lourd juste pour ça, un serveur CaldDav peut 
suffire pour cet usage. Tu peux simplement installer un serveur CalDav 
comme Radicale sur ton PC, et synchroniser les contacts depuis ton 
Android en utilisant DavDroid.


C'est pas dans le cloud, simplement chez toi et uniquement accessible 
localement si tu configures ton pare-feu à cet effet. Tu peux faire la 
même chose avec Nextcloud, mais c'est un peu une usine à gaz inutile 
pour juste ce besoin.


Paul

Re: install debian on latest Macbook pro

[lina]

I also cann't detect the SSD partition I made for debian even I
installed the refind.

On Thu, Apr 11, 2019 at 3:44 PM lina  wrote:
>
> Hi,
>
> When I tried to install the Debian on latest MacBook Pro, I found the
> keyboard and the touchpad does not work.
>
> It is just the beginning, I know I will meet lots of problems,
>
> Is there any link providing the information how to install and set up
> the debian on the latest version? The one I can grab is for old
> version.
>
> Thanks, lina

Re: terminal with right-click = paste?

[Lee]

On 4/11/19, bw wrote:
>>for now I'm still of the opinion that the computer
>>should change to accommodate my work style - not the other way around.
>
> Yeah I'm down with that idea, I didn't say give up.  I like the idea of
> only changing xterm, because the right click is so useful everywhere else
> you would not want to remap it globally...
>
> Looking manpage for xterm I didn't see a resource,

man xterm
  <.. snip ..>
   Default Key Bindings
   The default bindings in the VTxxx window use the SELECT token,
which is set by the selectToClipboard resource.  These are
   for the vt100 widget:
 Shift  Prior:scroll-back(1,halfpage) \n\
  Shift  Next:scroll-forw(1,halfpage) \n\

Which seems to require much prior knowledge to understand, but that
seems par for the course with linux.

What I have now:
$ cat .Xresources
XTerm*.Translations: #override \
:  select-start() \n\
:select-extend() \n\
:select-end(PRIMARY, CUT_BUFFER0) \n\
:  ignore() \n\
:insert-selection(SELECT, CUT_BUFFER0) \n

XTerm*charClass: 45-47:48,95:48,126:48
# Clicking the left pointer button twice in rapid succession (double-clicking)
# causes all characters of the same class (e.g., letters, white space,
punctuation)
# to be selected as a “word”. Since different people have different
preferences for
# what should be selected (for example, should filenames be selected
as a whole or
# only the separate subnames), the default mapping can be overridden through the
# use of the charClass (class CharClass) resource.

# eg. mintty: WordChars=-./_~
#  45: - (dash)
#  46: . (period)
#  47: / (slash)
#  95: _ (underscore)
# 126: ~ (tilde)
# are put in the same character class as letters & digits when selecting 'words'

lee@izzy ~
$

What's really confusing is starting xterm from the xfce4-terminal:
$ xterm &
[1] 819

lee@izzy ~
$ Warning: Actions not found: select-start, select-extend, select-end,
ignore, insert-selection
Warning: Actions not found: select-start, select-extend, select-end,
ignore, insert-selection
Warning: Actions not found: select-start, select-extend, select-end,
ignore, insert-selection

*BUT* clicking in the xterm window & doing something like
$ ls
DesktopDownloads  Pictures  Templates  backup  commands   notes.bash  x_home
Documents  Music  PublicVideos bin notes.apt  syncusb

and then typing "ls -l " move the mouse over "notes.bash", double
click, right click, press enter & I've got
$ ls -l notes.bash
-rw-r--r-- 1 lee lee 1313 Mar 27 16:50 notes.bash

So something fusses about the actions not being found but they still
seem to work anyway.  wtf??

Obvious problem - the default menus don't happen when left or
right clicking in the window.  I could use a pointer to which man page
describes the Meta, ~Meta, Ctrl, ~Ctrl, !Ctrl notation in the xterm
man since I'm not seeing it in 'man xterm'

> (there may be one not
> listed?) but there's an example that has some potential, but on a quick
> test here, it pastes after a right/left combination of clicks...
>
> *VT100*translations:#override \n\
>: insert-selection(PRIMARY, CUT_BUFFER0) \n\
>
> T test or refine the settings, you can drop similar snippets into
> ~.Xresources and run
>
> $ xrdb -merge ~/.Xresources

If I was more confident about how all this worked - yes.  But I'm not,
so I make a change to ~/.Xresources, log out & back in to test.  It's
slower, but seems like much less chance of screwing up :)

Thanks,
Lee

Re: HS: Fabmanager erreur certbot

[G2PC]

> Bonsoir,
>
> Bien que mal à l’aise avec les forums s’il vaut mieux que je poste sur
> celui de fabmanager, dites-moi.
>
> Debian Stretch, docker-ce 5:18.09.4~3-0~debian-stretch
>
> Je me frotte à l’installation de fabmanager en suivant cette doc :
> https://github.com/sleede/fab-manager/blob/master/docker/README.md
>
> Tout semble bien se passer jusqu’à l’étape de démarrage de :
> sudo systemctl start letsencrypt.service
> celui-ci contient cette commande :
> [Unit]
> Description=letsencrypt cert update oneshot
> Requires=docker.service
>
> [Service]
> Type=oneshot  
> ExecStart=/usr/bin/docker run --rm --name letsencrypt -v 
> "/apps/fabmanager/log:/var/log/letsencrypt" -v 
> "/apps/fabmanager/letsencrypt/etc:/etc/letsencrypt" -v 
> "/apps/fabmanager/letsencrypt/config:/letsencrypt-config" 
> quay.io/letsencrypt/letsencrypt:latest -c "/letsencrypt-config/webroot.ini" 
> certonly
> ExecStartPost=-/usr/bin/docker restart fabmanager_nginx_1
>
> Vu qu’une erreur m’est retournée, je teste directement :
> sudo /usr/bin/docker run --rm --name letsencrypt -v
> "/apps/fabmanager/log:/var/log/letsencrypt" -v
> "/apps/fabmanager/letsencrypt/etc:/etc/letsencrypt" -v
> "/apps/fabmanager/letsencrypt/config:/letsencrypt-config"
> quay.io/letsencrypt/letsencrypt:latest -c
> "/letsencrypt-config/webroot.ini" certonly
>
> Avec ce retour :
>
> Warning: This Docker image will soon be switching to Alpine Linux.
> You can switch now using the certbot/certbot repo on Docker Hub.
> /opt/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26:
>  CryptographyDeprecationWarning: Support for your Python version is 
> deprecated. The next version of cryptography will remove support. Please 
> upgrade to a 2.7.x release that supports hmac.compare_digest as soon as 
> possible.
>   utils.PersistentlyDeprecated2018,
> Use of --agree-dev-preview is deprecated.
> usage: 
>   certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
>
> Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
> it will attempt to use a webserver both for obtaining and installing the
> certificate. 
> certbot: error: unrecognized arguments: --Run docker pull 
> quay.io/letsencrypt/letsencrypt:latest
>
> Sauf qu’il n’y a aucun appel à la commande certbot dans ce que j’ai
> tapé.
>
> En vous remerciant d’avance. Je ne suis pas familier de docker.
>
> Cordialement,


Peut être poster aussi sur leur page Github directement, pour leur
permettre d'améliorer leur doc ?

https://github.com/sleede/fab-manager/issues

Re: Error Message

[Mark Fletcher]

On Thu, Apr 11, 2019 at 07:03:08PM +0200, Michael Lee wrote:
> Hello, I would like to know what I am supposed to do about this error
> message. Would appreciate guidance.
> M Lee

> 
> 
> Nicht alle Paketquellenindizes konnten heruntergeladen werden
> 
> Die Software-Paketquelle steht möglicherweise nicht mehr zur Verfügung oder 
> ist aufgrund von Netzwerkproblemen nicht erreichbar. Sofern für diese 
> Software-Paketquelle noch eine ältere Paketliste verfügbar ist, wird diese 
> verwendet. Anderenfalls wird diese Software-Paketquelle gänzlich ignoriert. 
> Bitte prüfen Sie Ihre Netzwerkverbindung und vergewissern Sie sich ebenfalls, 
> dass die Adresse der Software-Paketquelle korrekt in den Einstellungen 
> eingetragen ist.
> 
> 
> The repository 'http://ftp.de.debian.org/debian stretch/updates Release' does 
> not have a Release file.Updating from such a repository can't be done 
> securely, and is therefore disabled by default.See apt-secure(8) manpage for 
> repository creation and user configuration 
> details.http://ftp.de.debian.org/debian/dists/stretch-updates/InRelease: The 
> key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not 
> readable by user '_apt' executing 
> apt-key.http://ftp.de.debian.org/debian/dists/stretch/Release.gpg: The key(s) 
> in the keyring /etc/apt/trusted.gpg are ignored as the file is not readable 
> by user '_apt' executing apt-key.
> 
> 

Looking at the error message (the English part, I can't read the German) 
I suspect the issue is the second part of the message, and the first 
part complaining that ftp.de.debian.org doesn't have a Release file is 
a red herring. It looks like ownership or permissions on your 
/etc/apt/trusted.gpg file are dodgy. Have a look at ownership and 
permissions on that file and, if it's not obvious to you what's wrong, 
post here the output of ls -l /etc/apt/trusted.gpg and hopefully it will 
be obvious to someone on here.

Have you been making changes to your apt configuration recently? If you 
have done anything in that area recently, describe that too as that may 
have a bearing on the problem.

HTH

Mark

install debian on latest Macbook pro

[lina]

Hi,

When I tried to install the Debian on latest MacBook Pro, I found the
keyboard and the touchpad does not work.

It is just the beginning, I know I will meet lots of problems,

Is there any link providing the information how to install and set up
the debian on the latest version? The one I can grab is for old
version.

Thanks, lina

HS: Fabmanager erreur certbot

[Raphaël POITEVIN]

Bonsoir,

Bien que mal à l’aise avec les forums s’il vaut mieux que je poste sur
celui de fabmanager, dites-moi.

Debian Stretch, docker-ce 5:18.09.4~3-0~debian-stretch

Je me frotte à l’installation de fabmanager en suivant cette doc :
https://github.com/sleede/fab-manager/blob/master/docker/README.md

Tout semble bien se passer jusqu’à l’étape de démarrage de :
sudo systemctl start letsencrypt.service
celui-ci contient cette commande :
[Unit]
Description=letsencrypt cert update oneshot
Requires=docker.service

[Service]
Type=oneshot  
ExecStart=/usr/bin/docker run --rm --name letsencrypt -v 
"/apps/fabmanager/log:/var/log/letsencrypt" -v 
"/apps/fabmanager/letsencrypt/etc:/etc/letsencrypt" -v 
"/apps/fabmanager/letsencrypt/config:/letsencrypt-config" 
quay.io/letsencrypt/letsencrypt:latest -c "/letsencrypt-config/webroot.ini" 
certonly
ExecStartPost=-/usr/bin/docker restart fabmanager_nginx_1

Vu qu’une erreur m’est retournée, je teste directement :
sudo /usr/bin/docker run --rm --name letsencrypt -v
"/apps/fabmanager/log:/var/log/letsencrypt" -v
"/apps/fabmanager/letsencrypt/etc:/etc/letsencrypt" -v
"/apps/fabmanager/letsencrypt/config:/letsencrypt-config"
quay.io/letsencrypt/letsencrypt:latest -c
"/letsencrypt-config/webroot.ini" certonly

Avec ce retour :

Warning: This Docker image will soon be switching to Alpine Linux.
You can switch now using the certbot/certbot repo on Docker Hub.
/opt/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26:
 CryptographyDeprecationWarning: Support for your Python version is deprecated. 
The next version of cryptography will remove support. Please upgrade to a 2.7.x 
release that supports hmac.compare_digest as soon as possible.
  utils.PersistentlyDeprecated2018,
Use of --agree-dev-preview is deprecated.
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --Run docker pull 
quay.io/letsencrypt/letsencrypt:latest

Sauf qu’il n’y a aucun appel à la commande certbot dans ce que j’ai
tapé.

En vous remerciant d’avance. Je ne suis pas familier de docker.

Cordialement,
-- 
Raphaël

Re: New dual boot laptop: Best file system for a USB live image for installation?

[Pascal Hambourg]

Le 11/04/2019 à 20:47, deloptes a écrit :


fdisk is not suitable for GPT


Why not ? Current versions support GPT.

Re: XDM maakt cli-weergave in de war, {hoe,dan}

[Rutger van Sleen]

On 4/11/19 8:50 PM, Geert Stappers wrote:
> On Thu, Apr 11, 2019 at 08:26:09PM +0200, Vincent Zweije wrote:
>> xterm is volledig te sturen via settings die in de display server
>> (Xorg/X11) worden bijgehouden; ook de character set die wordt gebruikt. Er
>> vanuit gaande dat je xterm gebruikt, vraag de volgende resultaten eens op:
>>
>> appres XTerm xterm >appres-{xdm,startx}.txt

Vandaag leerde ik van `appres`, vond ik een coole ontdekking, dank je
wel Vincent!

> `appres` blijkt in het package  `x11-utils` te zitten.
> 
> 'XTerm xterm' parameters voor appres
> 
> Maar wat zou de '>appres-{xdm,startx}.txt' moeten doen?

Ik begreep wat Vincent bedoelde: de output van `appres` opslaan,
uitgevoerd in de omgevingen die via xdm en startx gestart waren.

Re: Wondering how long it usually takes for a package to move from stable-p-u

[Francisco M Neto]

On Thu, 2019-04-11 at 18:22 +0100, Brian wrote:
> > With the *occasional* exception of dependency-less packages like a
> > foo-doc package (reading ahead of the game) or a font. For example,
> > I installed fonts-hack-ttf on all my machines, both wheezy and
> > jessie,
> > as soon as I saw it mentioned here (by Gene I believe). Not the best
> > for Unicode glyphs, but wonderful for the eyes.
> 
> I'd extend this latitude a bit further to packages that have
> dependencies satisified by stable and which provide something
> stable doesn't. For example, libsane-hpaio

That's what I had in mind. I assumed that ca-certificates-java
would fulfill a requirement like that, but maybe it doesn't. Or maybe
people are a bit edgy and end up taking suggestions in a very bad way...

-- 
[]'s,

Francisco M Neto 

GPG: 4096R/D692FBF0


signature.asc
Description: This is a digitally signed message part

Re: 'synaptic' removed from buster

[David Wright]

On Thu 11 Apr 2019 at 20:55:20 (+0200), Nazar Zhuk wrote:
> On 4/10/19 10:10 PM, David Wright wrote:
> > On Thu 11 Apr 2019 at 00:34:04 (+0200), Nazar Zhuk wrote:
> > > On 4/10/19 10:58 AM, David Wright wrote:
> > > > On Sat 06 Apr 2019 at 08:42:31 (+0100), Jonathan Dowland wrote:
> > > > > On Fri, Apr 05, 2019 at 09:39:23PM -0500, David Wright wrote:
> > > 
> > > > > > Given a straight toss-up though, I think synaptic has to give way 
> > > > > > because
> > > > > > there are plenty of alternatives. I'd never heard of it until a few 
> > > > > > people
> > > > > > started mentioning it here, and I'd never consider using it myself 
> > > > > > on X except
> > > > > > as an ordinary user.
> > > > > 
> > > > > The severity of the bug in synaptic (which is what has caused its 
> > > > > autoremoval)
> > > > > would not be "serious" if the default desktop was not Wayland. So 
> > > > > changing
> > > > > *that*, would mean synaptic could be reintroduced.
> > > > 
> > > > So Debian should have its policy dictated by bugs in an unrelated
> > > > package. Seems an odd strategy.
> > > 
> > > If a change (Wayland default) is introducing issues to a stable (in a
> > > generic sense) system, shouldn't the change be postponed until the
> > > issues are resolved? Perhaps with the help from the change proponents.
> > 
> > I don't think it's an issue that'll be resolved in the direction you
> > intend. It's the enforcement of a security model that has guided most
> > of us for years: not running GUI applications as root.
> 
> In all of history of UNIX and Linux, root means root. You know what
> you are doing and accept the risks. rm -rf /, vim or wget under root
> are dangerous too.

The first of these examples is only dangerous if you type it into
root's commandline. Once you've pressed , it's suicidal.

The others are why I've never run, say, emacs or mc as root. I've
always used nano (from potato, ae until then) and core utilities.

> And Wayland doesn't actually change that, since nothing can, root is
> still root. You can do:
> 
>   xhost +SI:localuser:root
> 
> and run whatever you want as root. This is exactly what the latest
> gparted does [1].
> 
> So this "security model" boils down to an annoyance.
> 
> [1] https://gitlab.gnome.org/GNOME/gparted/blob/master/gparted.in#L70

Of course it does. Dealing with security is annoying. People lock
their doors, install alarms, can't cut their food on aeroplanes,
can't drink in sports venues.

On linux, you can cut all that out at a stroke, just use root. That's
what many windows users do, they just run as administrator all the
time. And taking those risks is unacceptable here.

> > The normal way of circumventing this is to have a non-GUI program that
> > performs all the work running as root, with a connection to a GUI
> > client program that runs as the user/administrator.
> 
> Yes, that is the Wayland way. And it's now Wayland way or no way for
> all, not just Wayland users.

That's not the "Wayland way"—it's always been the way. Why? Because it
dramatically cuts the amount of security auditing that needs doing.
If you run graphical toolkits as root, you introduce huge amounts of
vulnerable code into the audit. (Look at gparted's dependencies.)

> > ... for synaptic, it might be written in such a
> > way that you can get the resolver to run with your friendly interface
> > as an ordinary user, and then use apt-get, say, to install the list
> > of packages that synaptic has come up with. ...
> 
> Or just wrap it with a shell script that adds/removes root with xhost
> like gparted does, unless somebody has a compelling desire to
> *implement* (as opposed to force someone else to implement) "Wayland
> way".
> 
> I tested this and it works like a charm.

Of course it does. But cross your fingers and cling to your lucky charm
while you're doing so.

> These are the things that should be considered and resolved when
> making a breaking change (Wayland default).

Yes, they have been considered, and found wanting. That's my point.
That's why lots of people laboured to make X run as a user process,
for example. Sensible people prefer not to move backwards.

Cheers,
David.

Re: Verifying authenticity of Debian CDs

[john doe]

On 4/11/2019 6:35 PM, Default User wrote:
> On Fri, Apr 5, 2019, 18:06 Thomas Schmitt  wrote:
>
>> Hi,
>>
>> Chris XX wrote:
>>> I was trying to Verify the authenticity of Debian CDs on your website,
>> but I
>>> don't see instructions that will guide me through the process
>>> (step-by-step).
>>
>> (We are the users. But some Debian Developers are watching, too.)
>>
>> Obviously there is a gap between checksum file verification and .iso image
>> verification.
>>
>> Let's first look at the files offered for download:
>>   https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/
>> has among others
>>
>>   SHA512SUMS.sign
>>   SHA512SUMS
>>   debian-9.8.0-amd64-netinst.iso
>>
>>> https://www.debian.org/CD/verify
>>
>> This publishes the key "fingerprints" by which you can recognize authentic
>> pairs of SHA512SUMS.sign and SHA512SUMS.
>>
>> It points to
>>   https://keyring.debian.org/
>> where you probably shall learn how to obtain the keys in question,
>> namely by the shell commands
>>
>>   gpg --keyserver keyring.debian.org --recv-keys 64E6EA7D
>>   gpg --keyserver keyring.debian.org --recv-keys 6294BE9B
>>   gpg --keyserver keyring.debian.org --recv-keys 09EA8AC3
>>
>> Experienced users of gpg would know that one can check authenticity by
>>
>>   gpg --verify SHA512SUMS.sign SHA512SUMS
>>
>> which should say something like
>>
>>   gpg: Signature made Sun 17 Feb 2019 04:10:30 PM CET using RSA key ID
>> 6294BE9B
>>   gpg: Good signature from "Debian CD signing key <
>> debian...@lists.debian.org>"
>>   gpg: WARNING: This key is not certified with a trusted signature!
>>   gpg:  There is no indication that the signature belongs to the
>> owner.
>>   Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294
>> BE9B
>>
>> The reported fingerprint must be one of the published fingerprints,
>> or else something is fishy.
>> Here it is the Debian one of 2011-01-05. I.e. all is well so far.
>>
>> If you change some character in SHA512SUMS and run above command again
>> then you will see
>>
>>   gpg: Signature made Sun 17 Feb 2019 04:10:30 PM CET using RSA key ID
>> 6294BE9B
>>   gpg: BAD signature from "Debian CD signing key <
>> debian...@lists.debian.org>"
>>
>>
>> So you can trust the content of SHA512SUMS, if gpg --verify says it is
>> good and if the key fingerprint matches one of the Debian fingerprints.
>>
>> Now you have to follow the tiny link "faq" at the bottom to
>>   https://www.debian.org/CD/faq/
>> where you hop to
>>   https://www.debian.org/CD/faq/#verify
>>
>> Between the lines you read that there is a text line in SHA512SUMS which
>> shows the name of the .iso file which you actually want to verify:
>>
>>
>> cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771a7174538f3e26f45a05245
>> debian-9.8.0-amd64-netinst.iso
>>
>> More explicite is the hint to use program "sha512sum". A run of
>>
>>   sha512sum debian-9.8.0-amd64-netinst.iso
>>
>> puts out
>>
>>
>> cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771a7174538f3e26f45a05245
>> debian-9.8.0-amd64-netinst.iso
>>
>> which you should compare with the line in SHA512SUMS.
>>
>> Alternatively you could run
>>
>>   sha512sum --check SHA512SUMS 2>/dev/null
>>
The STDERR redirection to the null device could be avoided by using
'--ignore-missing'.

$ sha512sum -c --ignore-missing 

The '--strict' option could also be used.


"The following five options are useful only when verifying checksums:
...
  --ignore-missing  don't fail or report status for missing files
...
  --strict exit non-zero for improperly formatted checksum lines
..."

--
John Doe

Re: New dual boot laptop: Best file system for a USB live image for installation?

[Felix Miata]

deloptes composed on 2019-04-11 20:47 (UTC+0200):

> Tom Browder wrote:

>> Given that I'm starting with two clean drives, my plan is to use the small
>> disk for Win 10 and the other for Debian and maybe have a small partition
>> to experiment with a BSD OS.

> No Win10 will not be happy with 120GB - better take 300GB from the large
> disk for windows and the rest for data linux, windows or both

I limit Win10 system partitions to 48GB, and disable paging.
-- 
Evolution as taught in public schools is religion, not science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: GPT partions: capability for user friendly labels on partitions for all OSs?

[Felix Miata]

Tom Browder composed on 2019-04-11 08:42 (UTC-0500):

> I run dual boot Deb/Win 10 on several systems, only one of which has UEFI
> capability (the latest, new as of last fall). Unfortunately, I failed to
> use the GPT on the new one, and the Win 10 disk management program doesn't
> show much info on the non-NTFS disks.

> Does GPT partitioning on Windows 10 allow a user-friendly label along with
> its UUID for a partition?

> If so, is that label visible with Debian system administration programs as
> well? 

Should be equivalent with Win10 and Debian to MacOS and openSUSE:
## Linux
# parted -l
Model: ATA ST1000DM003-1SB1 (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags:

Number  Start   End SizeFile systemName Flags
 1  1049kB  387MB   386MB   fat16  EFI  msftdata
 2  387MB   38.3GB  37.9GB  hfsx   sda2 Mac OS X HFS+ system
 3  38.3GB  38.9GB  650MB   hfs+   Recovery HD
 4  38.9GB  500GB   461GB   hfsx   sda4 Mac OS X HFS+ data
 5  500GB   505GB   4429MB  linux-swap(v1) sda5 Linux Swap  swap
 6  505GB   539GB   34.1GB  ext4   sda6 openSUSE Leap
 7  539GB   573GB   34.1GB  ext4   sda7 Linux next
 8  573GB   1000GB  427GB   ext4   sda8 Linux Home

## MacOS
> diskutil list -all
/dev/disk0 (internal, physical):
   #:   TYPE NAMESIZE   IDENTIFIER
   0:  GUID_partition_scheme*1.0 TB disk0
   1:   Microsoft Basic Data EFI 385.9 MB   disk0s1
   2:  Apple_HFS OS X System Partition   37.9 GBdisk0s2
   3: Apple_Boot Recovery HD 650.0 MB   disk0s3
   4:  Apple_HFS sda4 Mac User Data p... 461.4 GB   disk0s4
   5: Linux Swap 4.4 GB disk0s5
   6:   Linux Filesystem 34.1 GBdisk0s6
   7:   Linux Filesystem 34.1 GBdisk0s7
   8:   Linux Filesystem 427.2 GB   disk0s8
> system_profiler SPStorageDataType | egrep 'BSD|UUID|t Poin'
  Mount Point: /Volumes/EFI
  BSD Name: disk0s1
  Volume UUID: B7D872D6-51A3-39A8-AB54-69C5842C7A84
  Mount Point: /
  BSD Name: disk0s2
  Volume UUID: A99B09C3-37C0-3C4D-A3BC-0A2190C8FBE8
  Mount Point: /Volumes/sda4 Mac User Data partition
  BSD Name: disk0s4
  Volume UUID: D1A77490-BA19-3547-AA65-4BE3A2AE08F8
-- 
Evolution as taught in public schools is religion, not science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: 'synaptic' removed from buster

[Nazar Zhuk]

On 4/10/19 10:10 PM, David Wright wrote:

On Thu 11 Apr 2019 at 00:34:04 (+0200), Nazar Zhuk wrote:

On 4/10/19 10:58 AM, David Wright wrote:

On Sat 06 Apr 2019 at 08:42:31 (+0100), Jonathan Dowland wrote:

On Fri, Apr 05, 2019 at 09:39:23PM -0500, David Wright wrote:



Given a straight toss-up though, I think synaptic has to give way because
there are plenty of alternatives. I'd never heard of it until a few people
started mentioning it here, and I'd never consider using it myself on X except
as an ordinary user.


The severity of the bug in synaptic (which is what has caused its autoremoval)
would not be "serious" if the default desktop was not Wayland. So changing
*that*, would mean synaptic could be reintroduced.


So Debian should have its policy dictated by bugs in an unrelated
package. Seems an odd strategy.


If a change (Wayland default) is introducing issues to a stable (in a
generic sense) system, shouldn't the change be postponed until the
issues are resolved? Perhaps with the help from the change proponents.


I don't think it's an issue that'll be resolved in the direction you
intend. It's the enforcement of a security model that has guided most
of us for years: not running GUI applications as root.


In all of history of UNIX and Linux, root means root. You know what you 
are doing and accept the risks. rm -rf /, vim or wget under root are 
dangerous too.


And Wayland doesn't actually change that, since nothing can, root is 
still root. You can do:


  xhost +SI:localuser:root

and run whatever you want as root. This is exactly what the latest 
gparted does [1].


So this "security model" boils down to an annoyance.

[1] https://gitlab.gnome.org/GNOME/gparted/blob/master/gparted.in#L70


The normal way of circumventing this is to have a non-GUI program that
performs all the work running as root, with a connection to a GUI
client program that runs as the user/administrator.


Yes, that is the Wayland way. And it's now Wayland way or no way for 
all, not just Wayland users.



... for synaptic, it might be written in such a
way that you can get the resolver to run with your friendly interface
as an ordinary user, and then use apt-get, say, to install the list
of packages that synaptic has come up with. ...


Or just wrap it with a shell script that adds/removes root with xhost 
like gparted does, unless somebody has a compelling desire to 
*implement* (as opposed to force someone else to implement) "Wayland way".


I tested this and it works like a charm.


These are the things that should be considered and resolved when making 
a breaking change (Wayland default).


--
Nazar

Re: Debugging samba

[deloptes]

Kevin DAGNEAUX wrote:

> But now, i've a dependency problem, version of samba in debian-security
> repo and samba-dbgsym in debian-debug repo are not the sames :

may be a similar problem is the root cause for your crashes, because I am
running samba for years and my wife uses it from windows on daily bases and
I have some virtual machines with Win7 too, but never had a crash in the
past 10+ years.

Why don't you start with the log files - increase log level etc.?

regards

Re: XDM maakt cli-weergave in de war, {hoe,dan}

[Geert Stappers]

On Thu, Apr 11, 2019 at 08:26:09PM +0200, Vincent Zweije wrote:
> On Wed, Apr 10, 2019 at 09:18:59PM +0200, Rutger van Sleen wrote:
> 
> ||  On 10-04-2019 20:28, Vincent Zweije wrote:
> ||  > Ik proef toch een localization probleempje. Dat is vaak door de
> ||  > environment variabelen gestuurd. Dus probeer eens in de twee omgevingen:
> [...]
> ||  > en vergelijk de files. Misschien geeft dat een hint wat er anders is.
> ||
> ||  Helaas. Ter vermaak heb ik de bestanden bijgevoegd. :)
> 
> Ik zie een XDG_SESSION_TYPE die anders is, maar ik zou niet weten hoe
> dat invloed zou hebben op je terminal emulator.
> 
> Gekke vraag misschien, maar is het wel dezelfde terminal emulator? En
> zo ja, welke?
> 
> Nog een andere optie: misschien dat er via dbus andere settings bij je
> terminal emulator uitkomen afhankelijk van je session type.
> 
> Ah, ik bedenk juist: X resources!
> 
> xterm is volledig te sturen via settings die in de display server
> (Xorg/X11) worden bijgehouden; ook de character set die wordt gebruikt. Er
> vanuit gaande dat je xterm gebruikt, vraag de volgende resultaten eens op:
> 
> appres XTerm xterm >appres-{xdm,startx}.txt
> 


`appres` blijkt in het package  `x11-utils` te zitten.

'XTerm xterm' parameters voor appres

Maar wat zou de '>appres-{xdm,startx}.txt' moeten doen?

Het zal ge-expandeerd worden tot

  appress XTerm xterm >appres...

ah, nu zie ik het.  Het zal ge-expandeerde worden tot

  appress XTerm xterm >appres-xdm.txt >appress-startx.txt



Nog steeds een vreemde command line regel.  Dan ook maar uitgeprobeerd

$ appres XTerm xterm >appres-{xdm,starx}.txt
bash: appres-{xdm,starx}.txt: omleiding is niet eenduidig
$ appres XTerm xterm >appres-xdm.txt >appres-startx.txt
$ ls -ltr appres*.txt
-rw-r--r-- 1 stappers stappers0 apr 11 20:46 appres-xdm.txt
-rw-r--r-- 1 stappers stappers 6763 apr 11 20:46 appres-startx.txt
$ 

> en vergelijk dat eens.

Leeg bestand en gevuld bestand, zo een vergelijk laat alleen maar
verschil zien.



Groeten Geert

Re: New dual boot laptop: Best file system for a USB live image for installation?

[deloptes]

Tom Browder wrote:

> I'm preparing to install Win 10 and Deb 9 on a new ZaReason laptop which
> has no installed OS on it.
> 
> It comes with one 120 Gb SSD as its primary drive and has an empty bay
> where I will install a Samsung evo 860 1 Tb SSD.
> 
> I would like to use a live image on a large USB for preparing the disks
> before installing Win 10 and then Deb 9.
> 

if you have network access, I would suggest to take the net version as it is
minimal and you will get all the latest packages from the network during
installation, so consequently you do not need any large usb.

> Some questions:
> 
> 1. What is the best filesystem (FS) to use on the USB? They usually come
> with a FAT32 or exFAT FS, but I have in the past made them exFAT. As I
> understand it, I believe I can just copy the Debian CD live iso image file
> onto the USB and it will be found and booted from fine.
> 

you can dd the netinstall to the usb it should work

> 2. If a straight copy works as in question 1, is there any problem with
> adding other files on the USB? I have a 64 Gb USB I would like to use for
> both a live image as well as storing other files on it.
> 

What you are thinking will not work unless you modify the partition table,
so that it may see the rest of the disk - when you do dd it will write only
the image and the rest of the drive will be not usable

I usually mount the usb and do debootstrap installation, or when you finish
the installation, you can just copy your installation to the stick and make
it bootable.

> Given that I'm starting with two clean drives, my plan is to use the small
> disk for Win 10 and the other for Debian and maybe have a small partition
> to experiment with a BSD OS.
> 

No Win10 will not be happy with 120GB - better take 300GB from the large
disk for windows and the rest for data linux, windows or both

> 3. Any suggestions as to partitioning given the advantages of the new (to
> me) GPT disk formats?
> 

might be better, but remember you have to enable it in bios before booting
the netinstall

> 4. Which partitioning program is best to use? I am used to using fdisk and
> parted, but I see partion manager mentioned.

fdisk is not suitable for GPT

gdisk - GPT fdisk text-mode partitioning tool
parted - disk partition manipulator

Basically read the debian documentation and then try to implement.

Also previously it was advised to install windows first and debian after,
but I do not know how Win10 is behaving in the context of UEFI, as far as I
understand it, the order should not matter for GPT

regards

Re: GPT partions: capability for user friendly labels on partitions for all OSs?

[Tom Browder]

On Thu, Apr 11, 2019 at 12:44 PM Pascal Hambourg  wrote:
>
> Le 11/04/2019 à 15:42, Tom Browder a écrit :
> >
> > Does GPT partitioning on Windows 10 allow a user-friendly label along with
> > its UUID for a partition?
>
> Why do you care ? You can manage it in Debian.

I care because my main Win box stays running Win most of the time
(it's the default) and it not always convenient to reboot.

Thanks, Pascal.

-Tom

Re: XDM maakt cli-weergave in de war

[Vincent Zweije]

On Wed, Apr 10, 2019 at 09:18:59PM +0200, Rutger van Sleen wrote:

||  On 10-04-2019 20:28, Vincent Zweije wrote:
||  > Ik proef toch een localization probleempje. Dat is vaak door de
||  > environment variabelen gestuurd. Dus probeer eens in de twee omgevingen:
[...]
||  > en vergelijk de files. Misschien geeft dat een hint wat er anders is.
||
||  Helaas. Ter vermaak heb ik de bestanden bijgevoegd. :)

Ik zie een XDG_SESSION_TYPE die anders is, maar ik zou niet weten hoe
dat invloed zou hebben op je terminal emulator.

Gekke vraag misschien, maar is het wel dezelfde terminal emulator? En
zo ja, welke?

Nog een andere optie: misschien dat er via dbus andere settings bij je
terminal emulator uitkomen afhankelijk van je session type.

Ah, ik bedenk juist: X resources!

xterm is volledig te sturen via settings die in de display server
(Xorg/X11) worden bijgehouden; ook de character set die wordt gebruikt. Er
vanuit gaande dat je xterm gebruikt, vraag de volgende resultaten eens op:

appres XTerm xterm >appres-{xdm,startx}.txt

en vergelijk dat eens.

Vincent.
-- 
Vincent Zweije| "If you're flamed in a group you
  | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] |-- Paul Tomblin on a.s.r.


signature.asc
Description: PGP signature

Re: DisplayPort y Nvidia GTX1050

[Deiby Herrera]

hadmi no da problemas...pero no tienes otra opcion digo.

El jue., 11 de abr. de 2019 a la(s) 04:31, David (dreyes...@yahoo.es)
escribió:

> *Hola Debianitas:**Me voy a comprar un ordenador de sobremesa con este** 
> monitor **Asus PG248Q 24" LED 3D **y esta tarjeta gráfica **VGA ASUS NVIDIA 
> GTX1050-O2G 2GB GDDR5 DVI HDMI DISPLAY PORT* *¿puede haber problemas al 
> conectar el monitor con la Tarjeta Gráfica mediante DisplayPort? O me 
> recomendais conectarlo con HDMI, **en Debian*
> *Un saludo**  David*
>
>
>

Re: GPT partions: capability for user friendly labels on partitions for all OSs?

[Pascal Hambourg]

Le 11/04/2019 à 15:42, Tom Browder a écrit :


Does GPT partitioning on Windows 10 allow a user-friendly label along with
its UUID for a partition?


Why do you care ? You can manage it in Debian.

Re: retour expérience sur Buster ??

[Haricophile]

Le mardi 09 avril 2019 à 19:03 +0200, Bruno Volpi a écrit :
> pour service c'est ok , je n'avais pas suivi la mise à jour su / su -

En fait c'était déjà une bonne pratique que j'applique systématiquement depuis
une éternité (éternité informatique, au moins depuis 2000 quand j'ai commencé
sérieusement avec Linux). Avec la mise à jour, ils forcent un peu la main pour
de louables raisons.

Re: Wondering how long it usually takes for a package to move from stable-p-u

[Brian]

On Thu 11 Apr 2019 at 10:12:05 -0500, David Wright wrote:

> On Thu 11 Apr 2019 at 09:01:37 (-0400), Greg Wooledge wrote:
> > On Thu, Apr 11, 2019 at 09:51:11AM -0300, Francisco M Neto wrote:
> > > On Thu, 2019-04-11 at 08:20 +0400, Jerome BENOIT wrote:
> > > > And is there any way I can install just that one package as the
> > > > > newer 
> > > > > version on debian stretch without changing the repos to testing for
> > > > > the 
> > > > > whole OS?
> > > > 
> > > > I guess that the best you can do is to build your own package from
> > > > the debian source material.
> > > 
> > >   Alternatively, if the package has been updated in testing you
> > > can download the .deb and install it manually with 'dpkg -i'.
> > 
> > ABSOLUTELY NOT.
> > 
> > Do not EVER install a package from "testing" on a "stable" release.
> > 
> > If there is a backport of the package, you may use that.
> > 
> > If there is not, you may attempt to backport it yourself.  This may be
> > easy, difficult, or impossible, depending on the build dependencies of
> > the package.
> > 
> > If a backport is not feasible, you may build the package manually from
> > upstream sources and install in /opt or /usr/local.
> 
> With the *occasional* exception of dependency-less packages like a
> foo-doc package (reading ahead of the game) or a font. For example,
> I installed fonts-hack-ttf on all my machines, both wheezy and jessie,
> as soon as I saw it mentioned here (by Gene I believe). Not the best
> for Unicode glyphs, but wonderful for the eyes.

I'd extend this latitude a bit further to packages that have
dependencies satisified by stable and which provide something
stable doesn't. For example, libsane-hpaio

-- 
Brian..

Error Message

[Michael Lee]

Hello, I would like to know what I am supposed to do about this error
message. Would appreciate guidance.
M Lee

Nicht alle Paketquellenindizes konnten heruntergeladen werden

Die Software-Paketquelle steht möglicherweise nicht mehr zur Verfügung oder ist 
aufgrund von Netzwerkproblemen nicht erreichbar. Sofern für diese 
Software-Paketquelle noch eine ältere Paketliste verfügbar ist, wird diese 
verwendet. Anderenfalls wird diese Software-Paketquelle gänzlich ignoriert. 
Bitte prüfen Sie Ihre Netzwerkverbindung und vergewissern Sie sich ebenfalls, 
dass die Adresse der Software-Paketquelle korrekt in den Einstellungen 
eingetragen ist.


The repository 'http://ftp.de.debian.org/debian stretch/updates Release' does 
not have a Release file.Updating from such a repository can't be done securely, 
and is therefore disabled by default.See apt-secure(8) manpage for repository 
creation and user configuration 
details.http://ftp.de.debian.org/debian/dists/stretch-updates/InRelease: The 
key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not 
readable by user '_apt' executing 
apt-key.http://ftp.de.debian.org/debian/dists/stretch/Release.gpg: The key(s) 
in the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by 
user '_apt' executing apt-key.

Re: soluções para vários arquivos copia

[Leandro Guimarães Faria Corcete DUTRA]

Le jeudi 11 avril 2019 à 16:57 +, Vitor Hugo a écrit :
> deveria haver um servidor para armazenar estes arquivos e as 10
> maquinas puxarem deste servidor para fazer a edição e salvamento do
> arquivo direto no servidor

Continua confuso, mas parece que basta um servidor de arquivos Samba. 
Estuda-o um pouco e testa, depois relata o resultado — na lista.



-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Simple Linux to Linux(Debian) email

[Jan Claeys]

On Fri, 2019-04-12 at 00:42 +0900, Mark Fletcher wrote:
> On Tue, Apr 09, 2019 at 02:34:30AM +0200, Jan Claeys wrote:
> > Why not use a dynamic DNS provider?
> > 
> > 
> Primarily because it wouldn't solve my problem. IIUC it would allow
> me to map a domain name to the IP address assigned to my home
> internet connection. That means that when the IP address assigned to
> my internet connection changes, I can simply alter the mapping and my
> VPN clients start working again, without any configuration change on
> them.
> Great, but that isn't the problem. The problem is how I know that the
> IP address has changed and hence the DNS mapping needs updating. I
> don't see any way that a dynamic DNS service is going to know when my
> ISP arbitrarily re-assigns my IP. I need the machine that is being
> assigned the IP address to be able to tell me when it changes, and
> that is what  this thread was about (specifically the "how it would
> be able to tell me" -- I'd figured out the "how it would know" for
> myself).

Many routers know how to update popular dynamic DNS providers when the
WAN IP address changes.  If your router can't do this, or your computer
is connected to the internet directly, then there are also several
utilities which can do this in the Debian repositories.


-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: Verifying authenticity of Debian CDs

[Default User]

On Fri, Apr 5, 2019, 18:06 Thomas Schmitt  wrote:

> Hi,
>
> Chris XX wrote:
> > I was trying to Verify the authenticity of Debian CDs on your website,
> but I
> > don't see instructions that will guide me through the process
> > (step-by-step).
>
> (We are the users. But some Debian Developers are watching, too.)
>
> Obviously there is a gap between checksum file verification and .iso image
> verification.
>
> Let's first look at the files offered for download:
>   https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/
> has among others
>
>   SHA512SUMS.sign
>   SHA512SUMS
>   debian-9.8.0-amd64-netinst.iso
>
> > https://www.debian.org/CD/verify
>
> This publishes the key "fingerprints" by which you can recognize authentic
> pairs of SHA512SUMS.sign and SHA512SUMS.
>
> It points to
>   https://keyring.debian.org/
> where you probably shall learn how to obtain the keys in question,
> namely by the shell commands
>
>   gpg --keyserver keyring.debian.org --recv-keys 64E6EA7D
>   gpg --keyserver keyring.debian.org --recv-keys 6294BE9B
>   gpg --keyserver keyring.debian.org --recv-keys 09EA8AC3
>
> Experienced users of gpg would know that one can check authenticity by
>
>   gpg --verify SHA512SUMS.sign SHA512SUMS
>
> which should say something like
>
>   gpg: Signature made Sun 17 Feb 2019 04:10:30 PM CET using RSA key ID
> 6294BE9B
>   gpg: Good signature from "Debian CD signing key <
> debian...@lists.debian.org>"
>   gpg: WARNING: This key is not certified with a trusted signature!
>   gpg:  There is no indication that the signature belongs to the
> owner.
>   Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294
> BE9B
>
> The reported fingerprint must be one of the published fingerprints,
> or else something is fishy.
> Here it is the Debian one of 2011-01-05. I.e. all is well so far.
>
> If you change some character in SHA512SUMS and run above command again
> then you will see
>
>   gpg: Signature made Sun 17 Feb 2019 04:10:30 PM CET using RSA key ID
> 6294BE9B
>   gpg: BAD signature from "Debian CD signing key <
> debian...@lists.debian.org>"
>
>
> So you can trust the content of SHA512SUMS, if gpg --verify says it is
> good and if the key fingerprint matches one of the Debian fingerprints.
>
> Now you have to follow the tiny link "faq" at the bottom to
>   https://www.debian.org/CD/faq/
> where you hop to
>   https://www.debian.org/CD/faq/#verify
>
> Between the lines you read that there is a text line in SHA512SUMS which
> shows the name of the .iso file which you actually want to verify:
>
>
> cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771a7174538f3e26f45a05245
> debian-9.8.0-amd64-netinst.iso
>
> More explicite is the hint to use program "sha512sum". A run of
>
>   sha512sum debian-9.8.0-amd64-netinst.iso
>
> puts out
>
>
> cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771a7174538f3e26f45a05245
> debian-9.8.0-amd64-netinst.iso
>
> which you should compare with the line in SHA512SUMS.
>
> Alternatively you could run
>
>   sha512sum --check SHA512SUMS 2>/dev/null
>
> to get
>
>   debian-9.8.0-amd64-netinst.iso: OK
>   debian-9.8.0-amd64-xfce-CD-1.iso: FAILED open or read
>   debian-mac-9.8.0-amd64-netinst.iso: FAILED open or read
>
> Or you could download
>
>   https://people.debian.org/~danchev/debian-iso/check_debian_iso
>
> and run
>
>   chmod u+x ./check_debian_iso
>   ./check_debian_iso SHA512SUMS debian-9.8.0-amd64-netinst.iso
>
> to get
>
>   Piping 149504 blocks of 'debian-9.8.0-amd64-netinst.iso' through
> 'sha512sum'
>   to verify checksum list item 'debian-9.8.0-amd64-netinst.iso'.
>   149504+0 records in
>   149504+0 records out
>   306184192 bytes (306 MB) copied, 0.882765 s, 347 MB/s
>   Ok: 'debian-9.8.0-amd64-netinst.iso' matches
> 'debian-9.8.0-amd64-netinst.iso' in 'SHA512SUMS'
>
>
> Now let's see what happens if a single byte is altered in the .iso
>
>   dd if=/dev/zero bs=1 count=1 conv=notrunc seek=511
> of=debian-9.8.0-amd64-netinst.iso
>
> Now the proposed verifyier runs yield:
>
>
> 0b0a75b8a0c8dc05a4b43273e44d7b5e3b0ecec6d9b4e1c88a95d9c886cba5ae0dbeb4b7a5a3016106096a9071572b9a3d8b54dd91a50abce15f713fa22ff229
> debian-9.8.0-amd64-netinst.iso
>
> which does obviously not match the line in SHA512SUMS, or
>
>   debian-9.8.0-amd64-netinst.iso: FAILED
>   ...
>
> or
>
>   ...
>   Found:
>  
> 0b0a75b8a0c8dc05a4b43273e44d7b5e3b0ecec6d9b4e1c88a95d9c886cba5ae0dbeb4b7a5a3016106096a9071572b9a3d8b54dd91a50abce15f713fa22ff229
>   Expected:
> cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771a7174538f3e26f45a05245
>   MISMATCH: 'debian-9.8.0-amd64-netinst.iso' checksum differs from
> 'debian-9.8.0-amd64-netinst.iso' in 'SHA512SUMS'
>
> So you know that the checksumers really detect nearly all damages of
> debian-9.8.0-amd64-netinst.iso.
>
> 

Re: soluções para vários arquivos copia

[Guimarães Faria Corcete DUTRA , Leandro]

Le mer. 10 avr. 2019 à 11:41, Vitor Hugo  a écrit :
>
> Estou com um cenário em que possuo vários arquivos (30 mil arquivos)

Achei toda a descrição muito confusa.  Até onde entendi, bastava
colocar um servidor Samba, mas tenho certeza de que entendi errado.
Poderias explicar melhor para a lista?


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Simple Linux to Linux(Debian) email

[mick crane]

On 2019-04-11 17:05, Greg Wooledge wrote:

On Thu, Apr 11, 2019 at 05:02:46PM +0100, mick crane wrote:
I think that is what dynamic ip address services do, change the 
ipaddress

but the service has to be on the ISP's router ?
Do I understand correctly then when your isp/home address changes your 
box

broadcasts its domain new address to the internet ?


It doesn't have to be on the router.  You can set up a hook in Debian
to run an arbitrary command whenever your IP address is changed by 
DHCP.

This hook receives the old and new IP addresses, and some other things,
as environment variables.  It's about 3 lines of code to set it up.  No
parsing of the output of any ip or ifconfig command is needed.

https://mywiki.wooledge.org/IpAddress


I'll have a read but there must be something I don't understand.
Thought there was a hierarchy of domain names mapped to ipaddresses that 
all the different servers can query as to where something is.

mick
--
Key ID4BFEBB31

Re: Simple Linux to Linux(Debian) email

[Dan Ritter]

Mark Fletcher wrote: 
> On Tue, Apr 09, 2019 at 02:34:30AM +0200, Jan Claeys wrote:
> > On Mon, 2019-04-08 at 21:33 +0900, Mark Fletcher wrote:
> > > I've created a very simple script that is capable of parsing the
> > > output of "ip addr" and comparing the returned ip address for the
> > > relevant interface to a stored ip address, and thus being able to
> > > tell if the IP address has changed. What I'd like to do now is make a
> > > means for the LFS box to be able to notify me of the fact that the
> > > external-facing IP address has changed. 
> > 
> > Why not use a dynamic DNS provider?
> > 
> > 
> Primarily because it wouldn't solve my problem. IIUC it would allow me 
> to map a domain name to the IP address assigned to my home internet 
> connection. That means that when the IP address assigned to my internet 
> connection changes, I can simply alter the mapping and my VPN clients 
> start working again, without any configuration change on them. Great, 
> but that isn't the problem. The problem is how I know that the IP 
> address has changed and hence the DNS mapping needs updating. I don't 
> see any way that a dynamic DNS service is going to know when my ISP 
> arbitrarily re-assigns my IP. I need the machine that is being assigned 
> the IP address to be able to tell me when it changes, and that is what 
> this thread was about (specifically the "how it would be able to tell 
> me" -- I'd figured out the "how it would know" for myself).

... if the IP address is being changed by DHCP, do you suppose
your dhcp client has a hook to tell other things about it?

man dhclient-script

...
 After all processing has completed,  /sbin/dhclient-script checks  for
 the  presence  of  an  executable /etc/dhcp/dhclient-exit-hooks script,
 which if present is invoked using  the  '.'  command.  All  executable
 scripts  in  /etc/dhcp/dhclient-exit-hooks.d/*  are also invoked.
...

Not to mention:

man ddclient

...
DESCRIPTION
   A perl based client to update your dynamic IP address at
   DynDNS.com (or other dynamic DNS services such as Hammernode,
   Zoneedit or EasyDNS), thus allowing you and others to use a fixed
   hostname (myhost.dyndns.org) to access your machine.  This client
   supports both the dynamic and (near) static services, MX setting,
   and alternative host. It caches the address, and only attempts
   the update if the address actually changes.
...


-dsr-

Re: Simple Linux to Linux(Debian) email

[Mark Fletcher]

On Thu, Apr 11, 2019 at 11:51:44AM -0400, Greg Wooledge wrote:
> On Fri, Apr 12, 2019 at 12:42:12AM +0900, Mark Fletcher wrote:
> > > Why not use a dynamic DNS provider?
> 
> > The problem is how I know that the IP 
> > address has changed and hence the DNS mapping needs updating.
> 
> By doing it correctly.
> 
>  has an example for Debian.
> Specifically Debian 8 (jessie), but it should still work in newer
> releases.
> 
That page seems to be all about detecting the IP address; thanks, but 
that part was solved before I even opened this thread. Perhaps I phrased 
poorly earlier in the thread. The issue isn't how I tell what my IP 
address is, the issue is how the machine communicates the fact that it 
has changed to me even when I'm not logged into it. And this thread 
solved that.

You did say one very interesting thing that brought me up short on that 
page though; "I need to get my IP address so I can communicate it to my 
dynamic DNS provider" . I guess I need to look into that 
-- if that could be automated, then yes a dynamic DNS provider would be 
another, more automated, way to solve my underlying problem (to which I 
now have a solution I'm happy with)

Thanks

Mark

Re: Simple Linux to Linux(Debian) email

[Greg Wooledge]

On Thu, Apr 11, 2019 at 05:02:46PM +0100, mick crane wrote:
> I think that is what dynamic ip address services do, change the ipaddress
> but the service has to be on the ISP's router ?
> Do I understand correctly then when your isp/home address changes your box
> broadcasts its domain new address to the internet ?

It doesn't have to be on the router.  You can set up a hook in Debian
to run an arbitrary command whenever your IP address is changed by DHCP.
This hook receives the old and new IP addresses, and some other things,
as environment variables.  It's about 3 lines of code to set it up.  No
parsing of the output of any ip or ifconfig command is needed.

https://mywiki.wooledge.org/IpAddress

Re: Simple Linux to Linux(Debian) email

[mick crane]

On 2019-04-11 16:42, Mark Fletcher wrote:

On Tue, Apr 09, 2019 at 02:34:30AM +0200, Jan Claeys wrote:

On Mon, 2019-04-08 at 21:33 +0900, Mark Fletcher wrote:
> I've created a very simple script that is capable of parsing the
> output of "ip addr" and comparing the returned ip address for the
> relevant interface to a stored ip address, and thus being able to
> tell if the IP address has changed. What I'd like to do now is make a
> means for the LFS box to be able to notify me of the fact that the
> external-facing IP address has changed.

Why not use a dynamic DNS provider?



Primarily because it wouldn't solve my problem. IIUC it would allow me
to map a domain name to the IP address assigned to my home internet
connection. That means that when the IP address assigned to my internet
connection changes, I can simply alter the mapping and my VPN clients
start working again, without any configuration change on them. Great,
but that isn't the problem. The problem is how I know that the IP
address has changed and hence the DNS mapping needs updating. I don't
see any way that a dynamic DNS service is going to know when my ISP
arbitrarily re-assigns my IP. I need the machine that is being assigned
the IP address to be able to tell me when it changes, and that is what
this thread was about (specifically the "how it would be able to tell
me" -- I'd figured out the "how it would know" for myself).

But thanks for trying to help anyway!

Mark


I think that is what dynamic ip address services do, change the 
ipaddress

but the service has to be on the ISP's router ?
Do I understand correctly then when your isp/home address changes your 
box broadcasts its domain new address to the internet ?


mick
--
Key ID4BFEBB31

RESOLVED: Simple Linux to Linux(Debian) email

[Mark Fletcher]

On Mon, Apr 08, 2019 at 02:14:33PM +0100, Thomas Pircher wrote:
> Mark Fletcher wrote:
> > mutt won't let me go back and edit the subject line.
> 
> Hi Mark,
> 
> > Short version: Is it reasonable to expect a piece of software to exist
> > that establishes a direct connection to a "remote" MTA and delivers mail
> > there for delivery, without also offering up mail reception
> > capabilities?
> 
> Yes, have a look at the dma or nullmailer packages.  There used to be
> more of these programs in Debian (ssmtp, for example), but on my system
> (Buster) only those two seem to have survived.
> 
> You could also use one of the big MTAs and configure them to listen to
> local connections only, and/or block the SMTP ports with a firewall, but
> both dma and nullmailer do their job just fine. Besides, they are much
> simpler to configure.
> 

So this issue is now resolved; in the end I went with the sSMTP package, 
which pretty much seems precisely designed for situations like mine. I'm 
slightly alarmed by its orphan status in Debian, preventing it from 
getting into testing -- if I had more time on my hands I'd sign up to 
maintain it. But it was extremely simple to build and worked perfectly 
on my LFS machine once built.

The only thing I needed to do was add a PREROUTING rule on my Stretch 
machine's iptables configuration because my Stretch machine's exim4 is 
not listening on the VPN interface, and I didn't want to change its 
configuration to make it do so because the VPN isn't always up and I 
don't want exim4 failing to start because the VPN hasn't been started 
when it starts during a reboot. So instead I am re-routing traffic 
coming into the Stretch machine via the VPN on the SMTP port to the 
machine's local physical IP address, where exim4 is listening. By NOT 
mucking around in POSTROUTING with the source address of the packets, 
the source remains the VPN IP address of the client machine, and thus 
replies from exim4 are correctly routed back through the VPN to the 
client. Perfect.

I made confusion for myself by initially trying to set the target 
address to 127.0.0.1 instead of my local physical IP; that didn't work, 
I suspect because the packets then become invalid because they are 
claiming to be local packets but have a source address that is 
off-machine. I contemplated for a few minutes what I'd have to do to 
work around that, and concluded that simply mapping to the physical 
private IP of the machine was cleaner, and allows for different machines 
on the VPN to leverage my Stretch box as a mail relay in the future 
should I have the need to do that (I don't today).

It works perfectly -- and more to the point of this thread, sSMTP was 
extremely simple to compile, is extremely simple to use, and does the 
job perfectly.

Thanks to all who made suggestions. I did also download dma and will 
play around with that for learning's sake, but for now I'm going with 
sSMTP as a solution to this particular problem.

Mark

Re: Simple Linux to Linux(Debian) email

[Greg Wooledge]

On Fri, Apr 12, 2019 at 12:42:12AM +0900, Mark Fletcher wrote:
> > Why not use a dynamic DNS provider?

> The problem is how I know that the IP 
> address has changed and hence the DNS mapping needs updating.

By doing it correctly.

 has an example for Debian.
Specifically Debian 8 (jessie), but it should still work in newer
releases.

Re: Simple Linux to Linux(Debian) email

[Mark Fletcher]

On Tue, Apr 09, 2019 at 02:34:30AM +0200, Jan Claeys wrote:
> On Mon, 2019-04-08 at 21:33 +0900, Mark Fletcher wrote:
> > I've created a very simple script that is capable of parsing the
> > output of "ip addr" and comparing the returned ip address for the
> > relevant interface to a stored ip address, and thus being able to
> > tell if the IP address has changed. What I'd like to do now is make a
> > means for the LFS box to be able to notify me of the fact that the
> > external-facing IP address has changed. 
> 
> Why not use a dynamic DNS provider?
> 
> 
Primarily because it wouldn't solve my problem. IIUC it would allow me 
to map a domain name to the IP address assigned to my home internet 
connection. That means that when the IP address assigned to my internet 
connection changes, I can simply alter the mapping and my VPN clients 
start working again, without any configuration change on them. Great, 
but that isn't the problem. The problem is how I know that the IP 
address has changed and hence the DNS mapping needs updating. I don't 
see any way that a dynamic DNS service is going to know when my ISP 
arbitrarily re-assigns my IP. I need the machine that is being assigned 
the IP address to be able to tell me when it changes, and that is what 
this thread was about (specifically the "how it would be able to tell 
me" -- I'd figured out the "how it would know" for myself).

But thanks for trying to help anyway!

Mark

Re: Wondering how long it usually takes for a package to move from stable-p-u

[David Wright]

On Thu 11 Apr 2019 at 09:01:37 (-0400), Greg Wooledge wrote:
> On Thu, Apr 11, 2019 at 09:51:11AM -0300, Francisco M Neto wrote:
> > On Thu, 2019-04-11 at 08:20 +0400, Jerome BENOIT wrote:
> > > And is there any way I can install just that one package as the
> > > > newer 
> > > > version on debian stretch without changing the repos to testing for
> > > > the 
> > > > whole OS?
> > > 
> > > I guess that the best you can do is to build your own package from
> > > the debian source material.
> > 
> > Alternatively, if the package has been updated in testing you
> > can download the .deb and install it manually with 'dpkg -i'.
> 
> ABSOLUTELY NOT.
> 
> Do not EVER install a package from "testing" on a "stable" release.
> 
> If there is a backport of the package, you may use that.
> 
> If there is not, you may attempt to backport it yourself.  This may be
> easy, difficult, or impossible, depending on the build dependencies of
> the package.
> 
> If a backport is not feasible, you may build the package manually from
> upstream sources and install in /opt or /usr/local.

With the *occasional* exception of dependency-less packages like a
foo-doc package (reading ahead of the game) or a font. For example,
I installed fonts-hack-ttf on all my machines, both wheezy and jessie,
as soon as I saw it mentioned here (by Gene I believe). Not the best
for Unicode glyphs, but wonderful for the eyes.

Cheers,
David.

Re: terminal with right-click = paste?

[David Wright]

On Thu 11 Apr 2019 at 01:28:18 (-0400), Lee wrote:
> On 4/10/19, David Wright wrote:
> > On Wed 10 Apr 2019 at 17:21:06 (-0400), Lee wrote:
> >> On 4/10/19, Dan Ritter wrote:
> >> > Lee wrote:
> >> >> On 4/10/19, Dan Ritter wrote:
> >> >> > Lee wrote:
> >> >> >> I installed the xfce version of debian 9 & have a terminal icon on
> >> >> >> the
> >> >> >> menu bar that starts xfce4-terminal
> >> >> >>
> >> >> >> Is there some way to configure xfce4-terminal so that a right mouse
> >> >> >> click pastes text?
> >> >> >> What I have now is right-click brings up a menu where I have to
> >> >> >> left
> >> >> >> click on paste.  ick.
> >> >> >
> >> >> > Middle button is probably set to paste right now.
> >> >>
> >> >> It is!!  So how do I change that setting so that right click is set to
> >> >> paste?
> >> >
> >> > You don't! The programmers didn't include that.
> >>
> >> wow.  just.. wow.  I wonder if that omission has anything to do with
> >> the xterm popcon graph showing about 100K users & xfce4-terminal
> >> about 28K
> >>
> >> > You can change your button mapping for all of X with xmodmap.
> >>
> >> but then everywhere I expect a right click to pull up a menu won't -
> >> correct?
> >>
> >> Oh well... I'll give xterm a try.
> >
> > I have a mouse with a wheel, but pressing it (as opposed to scrolling
> > it) is very unreliable. I have changed the middle-click method from
> > pressing the wheel to the old-fashioned way of dealing with 2-button
> > mice: pressing both buttons at once.
> >
> > AFAIK this change is at the level of X and doesn't depend on the term.
> > Here are the steps I used. You might need to tweak the filename
> > ~/.xsession for a DE as I use just startx and fvwm. For setting stuff
> > automatically, you need to ascertain the name of your X startup file.
> 
> I don't know enough to appreciate all this, much less comment on it,
> but still, it looks amazing!
> 
> $ find / -name xinput 2>/dev/null
> $
> 
> so another package I need to install..
> 
> .. which breaks the login process for me :(
> 
> $ echo xinput > ~/.xsession
> 
> logout, try to log in, get a blank screen for a few seconds & I'm back
> at the login screen again.
> 
> ssh in from my windows machine, rm .xsession, and I can log in on the
> debian machine again.
> 
> Dunno if this means anything, but the last few lines in .xsession-errors.old 
> are
[…]
> dbus-update-activation-environment: setting PWD=/home/lee
> ⎡ Virtual core pointer  id=2[master pointer  (3)]
> ⎜   ↳ Virtual core XTEST pointerid=4[slave  pointer  (2)]
> ⎜   ↳ ImPS/2 Generic Wheel Mouseid=9[slave  pointer  (2)]
> ⎣ Virtual core keyboard id=3[master keyboard (2)]
> ↳ Virtual core XTEST keyboard   id=5[slave  keyboard (3)]
> ↳ Power Button  id=6[slave  keyboard (3)]
> ↳ Power Button  id=7[slave  keyboard (3)]
> ↳ AT Translated Set 2 keyboard  id=8[slave  keyboard (3)]
> 
> Why does putting 'xinput' in my .xsession keep me from being able to
> log in & it works just fine for you?

Because, as I wrote, I use startx to run X and fvwm as my WM, so my X
session is configured with a substantial .xsession file (and the
host-specific files it calls) that I've built up over more that two
decades. So you're best to do your investigating first with the direct
commands I gave.

You've got the output of   xinput   quoted above, so now try
$ xinput list-props "ImPS/2 Generic Wheel Mouse"
and see what properties are available. You're likely to see
lines similar to the ones I previously quoted (snipped from here).
So then you might be able to test the effect of a line *like*
$ xinput --set-prop "ImPS/2 Generic Wheel Mouse" "libinput Middle Emulation 
Enabled" 1
If you get it right, it should take immediate effect.

The last step (for you) is to divine which file to *add* this line to,
which depends on your method of starting X. It's likely .xsessionrc
according to Greg who's played with this stuff (or read around it)
more then I have. It's one of the complications that arises from
the flexibility of X: anyone can build a set of interacting
configuration files to get it started just how they want it.

Were you to use my WM (fvwm) to achieve the same ends with the mouse,
we would be having a similar conversation about where to place the
commands for much the same reason: over two decades of evolution in
configuration files.

> > At the end of ~/.xsession I routinely put
> > xinput

A preexisting file as you can see from the snippet below.

> > Your list would look different even with the same hardware because
> > mine shows the effect of the mouse commands I have already added
> > to ~/.xsession:
> > # Pointers tend to be too sensitive.
> > # Leave the last number as 1: the other numbers are ratio'd with it.
> > xinput --set-prop "Logitech M325" "Coordinate Transformation 

Re: Debugging samba

[Roberto C . Sánchez]

On Thu, Apr 11, 2019 at 04:45:53PM +0200, Kevin DAGNEAUX wrote:
> Le 11/04/2019 à 16:27, Roberto C. Sánchez a écrit :
> > On Thu, Apr 11, 2019 at 03:46:11PM +0200, Kevin DAGNEAUX wrote:
> > > Hi,
> > > 
> > > I'm having crash problem with samba 2:4.5.16+dfsg-1+deb9u1 in debian 9.8,
> > > i'm trying to debug it so i can't find the package samba-dbg.
> > > 
> > > Is there a way to debug samba without samba-dbg?
> > > 
> > You might find this helpful:
> > 
> > https://wiki.debian.org/HowToGetABacktrace
> > 
> > Regards,
> > 
> > -Roberto
> 
> Yes it was helpful, thank you !
> 
> But now, i've a dependency problem, version of samba in debian-security repo
> and samba-dbgsym in debian-debug repo are not the sames :
> 
> Les paquets suivants contiennent des dépendances non satisfaites :
>  samba-dbgsym : Dépend: samba (= 2:4.5.16+dfsg-1) mais
> 2:4.5.16+dfsg-1+deb9u1 devra être installé
> 

You might need to add a stretch/updates-debug source as well.

Regards,

-Roberto
-- 
Roberto C. Sánchez

Re: Debugging samba

[Kevin DAGNEAUX]

Le 11/04/2019 à 16:27, Roberto C. Sánchez a écrit :

On Thu, Apr 11, 2019 at 03:46:11PM +0200, Kevin DAGNEAUX wrote:

Hi,

I'm having crash problem with samba 2:4.5.16+dfsg-1+deb9u1 in debian 9.8,
i'm trying to debug it so i can't find the package samba-dbg.

Is there a way to debug samba without samba-dbg?


You might find this helpful:

https://wiki.debian.org/HowToGetABacktrace

Regards,

-Roberto


Yes it was helpful, thank you !

But now, i've a dependency problem, version of samba in debian-security 
repo and samba-dbgsym in debian-debug repo are not the sames :


Les paquets suivants contiennent des dépendances non satisfaites :
 samba-dbgsym : Dépend: samba (= 2:4.5.16+dfsg-1) mais 
2:4.5.16+dfsg-1+deb9u1 devra être installé


Kevin

<>

Re: Wondering how long it usually takes for a package to move from stable-p-u

[Pierre Fourès]

I didn't saw the question sent twice and answered here.

As answered in [1], I think Luke doesn't need such complicated things
to get his update. To my understanding, just adding
stretch-proposed-updates to /etc/apt/sources.list will solve the
requirement.

[1] https://lists.debian.org/debian-user/2019/04/msg00470.html

Regards,
Pierre

Le jeu. 11 avr. 2019 à 15:02, Greg Wooledge  a écrit :
>
> On Thu, Apr 11, 2019 at 09:51:11AM -0300, Francisco M Neto wrote:
> > On Thu, 2019-04-11 at 08:20 +0400, Jerome BENOIT wrote:
> > > And is there any way I can install just that one package as the
> > > > newer
> > > > version on debian stretch without changing the repos to testing for
> > > > the
> > > > whole OS?
> > >
> > > I guess that the best you can do is to build your own package from
> > > the debian source material.
> >
> >   Alternatively, if the package has been updated in testing you
> > can download the .deb and install it manually with 'dpkg -i'.
>
> ABSOLUTELY NOT.
>
> Do not EVER install a package from "testing" on a "stable" release.
>
> If there is a backport of the package, you may use that.
>
> If there is not, you may attempt to backport it yourself.  This may be
> easy, difficult, or impossible, depending on the build dependencies of
> the package.
>
> If a backport is not feasible, you may build the package manually from
> upstream sources and install in /opt or /usr/local.
>

Re: Debugging samba

[Roberto C . Sánchez]

On Thu, Apr 11, 2019 at 03:46:11PM +0200, Kevin DAGNEAUX wrote:
> Hi,
> 
> I'm having crash problem with samba 2:4.5.16+dfsg-1+deb9u1 in debian 9.8,
> i'm trying to debug it so i can't find the package samba-dbg.
> 
> Is there a way to debug samba without samba-dbg?
> 
You might find this helpful:

https://wiki.debian.org/HowToGetABacktrace

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: New dual boot laptop: Best file system for a USB live image for installation?

[Thomas Schmitt]

Hi,

Tom Browder wrote:
> As I
> understand it, I believe I can just copy the Debian CD live iso image file
> onto the USB and it will be found and booted from fine.

Not necessarily. The question is: found by what ?

The computer's firmware (BIOS or EFI, i assume) will ignore such an ISO 9660
image file in any filesystem.
So you would need some bootloader or EFI tool to (kindof) mount the ISO image
and to start the Linux kernel with initrd and appropriate options.

The Debian ISOs for "i386" and "amd64" are prepared for being copied
flatly onto USB sticks. This overwrites the partition table and BIOS boot
code by bytes at the start of the ISO which take over those jobs.
See
  https://www.debian.org/CD/faq/#write-usb
or a bit more elaborate with backup of the stick's old state
  
https://wiki.syslinux.org/wiki/index.php?title=Isohybrid#Copying_onto_USB_stick_by_shell_commands


> 2. If a straight copy works as in question 1, is there any problem with
> adding other files on the USB?

The partition table of the ISO image is intended for booting the ISO, not
so much for creating more partitions for other payload. It is possible,
though.

If you have more USB sticks at hand, use one for the ISO and the others
for extra data.
Else remove the GPT debris and create a new MBR partition as proposed in
  https://lists.debian.org/debian-user/2019/01/msg00568.html

This does not answer the question which filesystem to install in the
new partition. Something that can be mounted read-write on GNU/Linux and
on MS-Windows, obviously. Just try and be prepared to try again.


Have a nice day :)

Thomas

Re: Wondering how long it takes for a package to move from stable-p-u to stable

[Pierre Fourès]

Hi,

You will have to wait for the next point release of Stretch for this
package being integrated in the stable repository. Meanwhile, you can
add the proposed-update repository to your sources.list to grab the
proposed-updates, like described in [1]. Also, looking at [2], we see
ca-certificates-java version ~deb9u2 is there accepted. Adding the
following lines should make it available into your instance.

# proposed updates for the next point release
deb http://http.debian.net/debian stretch-proposed-updates main

[1] https://www.debian.org/releases/proposed-updates.html
[2] https://release.debian.org/proposed-updates/stable.html

Regards,
Pierre.

Le jeu. 11 avr. 2019 à 06:37, Luke Picciau  a écrit :
>
> I have been tracking this package
> https://tracker.debian.org/pkg/ca-certificates-java for about a month
> because the package version 20170929~deb9u1 which is in stable has a bug
> which is blocking my docker image builds. Version 20170929~deb9u2 should
> fix it but the package has been in stable-p-u for a while now. How long
> usually does it take for a package to move from stable-p-u to stable?
> And is there any way I can install just that one package as the newer
> version on debian stretch without changing the repos to testing for the
> whole OS?
>

Re: How could I install ecryptfs-utils on Buster

[Pierre Fourès]

Le jeu. 11 avr. 2019 à 02:52, David Christensen
 a écrit :
>
> On 4/10/19 1:32 AM, Pierre Fourès wrote:
> > Le ven. 5 avr. 2019 à 22:08, David Christensen
> >  a écrit :
> >>
> >> AFAIK dm-crypt is the canonical disc encryption technology on Linux (see
> >> crypttab(5) and cryptsetup(8)).  I like the fact that it operates at the
> >> device level, so everything on an encrypted disc or partition is
> >> automatically and inescapably encrypted.  File system level encryption,
> >> such as ecryptfs(7), might make sense for cloud directories or
> >> sneaker-net media.  I use ccrypt(1) for individual files, but vim(1) has
> >> an encrypted mode that is very appealing for certain use-cases.
> >>
> >
> > Indeed, I've planned to give a serious look at it, especially to
> > encrypt the disks of the servers we rent in remote data-centers, but I
> > haven't took the time yet for it. And when occurred the requirement to
> > crypt the virtual machines, I found ecryptfs an easier thing to set
> > up.
> >
> > I also found ecryptfs a better fit for my requirements.
> >
> > Indeed, I like the fact that I, as an administrator, am not able to
> > access the files of "my" users. I encrypt their home folder then set
> > the requirement to change the password on their first login (with
> > 'chage -d 0 $user'), might it be their physical desktops or their
> > virtual instances. Thus I'm sure I won't ever be able to look into
> > their files without them allowing me. This is known of everybody. This
> > is a double edged sword. They have to take full responsibility to
> > backup somewhere their files as I can't help them if anything goes
> > wrong (and if anything goes wrong I just provide them a new physical
> > or virtual instance and wipe the problematic one), and at the same
> > time it is relieving me from the possibility to be able to see
> > everything everywhere. In a previous company, as not being the system
> > administrator, I never liked this fact that somebody could access all
> > files behind all user's backs. I recall one who did that to an user to
> > look into their personal files (which shouldn't had be there in the
> > first place, admittedly) and I really disliked the « God mode »
> > situation offered to system administrators. Now that I administer the
> > desktops, I went really concerned to lower, by design, my scope of
> > abilities. I didn't want to rely on my will power and my word of mouth
> > about this situation. I wanted it to be established by design.
> > Ciphering user's space with ecryptfs allows me to lock me out very
> > nicely and easily from this possibility. I haven't found this to be
> > possible with dm-crypt in an easy and user-friendly way.
> >
> > Nonetheless, if it's possible to achieve such objective with dm-crypt,
> > I would really appreciate some pointers about how to do it.
>
> How about enfs, gocryptfs, and/or libpam-mount?
>
> 2019-04-10 17:48:09 dpchrist@po ~
> $ apt-cache search fuse encrypt
> afflib-tools - Advanced Forensics Format Library (utilities)
> camo - SSL/TLS image proxy to prevent mixed-content warnings
> encfs - encrypted virtual filesystem
> gocryptfs - Encrypted overlay filesystem written in Go.
> libpam-mount - PAM module that can mount volumes for a user session
>
>
> David
>

Thanks David for the pointers.

I gave a look at them and this open viables alternatives to ecryptfs,
would I require to go away from it doesn't get reintegrated in Debian.
This drove me to gave a look to see if ecryptfs is still actively
maintained and it seems to be the case as the last commit dates from
2019-02-16 [1]. The package is also announced in [2] as heavily used
in Ubuntu, ChromeOS and several NAS products, so I hope the bug will
get fixed. If it doesn't, to what I saw in [3], gocryptfs seems really
promising, however I find it still a little young for this kind of
subject (2015 for it first release). As I plan to configure dm-crypt
for our servers, I will first dig deeper on the libpam-mount
opportunity. This could make a good fit to satisfy all my use-cases
while only using the same base ciphering tool. So for now, I will keep
ecryptfs running on the desktops in the next following months and will
first start to setup full disk encryption on the servers, then will I
look back to what to do with the desktops.

[1] 
https://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs.git/log/fs/ecryptfs?h=next
[2] http://ecryptfs.org/about.html
[3] https://nuetzlich.net/gocryptfs/comparison/

Regards,
Pierre.

Debugging samba

[Kevin DAGNEAUX]

Hi,

I'm having crash problem with samba 2:4.5.16+dfsg-1+deb9u1 in debian 
9.8, i'm trying to debug it so i can't find the package samba-dbg.


Is there a way to debug samba without samba-dbg?

Kevin

<>

GPT partions: capability for user friendly labels on partitions for all OSs?

[Tom Browder]

I run dual boot Deb/Win 10 on several systems, only one of which has UEFI
capability (the latest, new as of last fall). Unfortunately, I failed to
use the GPT on the new one, and the Win 10 disk management program doesn't
show much info on the non-NTFS disks.

Does GPT partitioning on Windows 10 allow a user-friendly label along with
its UUID for a partition?

If so, is that label visible with Debian system administration programs as
well?

Thanks very much.

Warm regards,

-Tom

Re: Wondering how long it usually takes for a package to move from stable-p-u

[Greg Wooledge]

On Thu, Apr 11, 2019 at 09:51:11AM -0300, Francisco M Neto wrote:
> On Thu, 2019-04-11 at 08:20 +0400, Jerome BENOIT wrote:
> > And is there any way I can install just that one package as the
> > > newer 
> > > version on debian stretch without changing the repos to testing for
> > > the 
> > > whole OS?
> > 
> > I guess that the best you can do is to build your own package from
> > the debian source material.
> 
>   Alternatively, if the package has been updated in testing you
> can download the .deb and install it manually with 'dpkg -i'.

ABSOLUTELY NOT.

Do not EVER install a package from "testing" on a "stable" release.

If there is a backport of the package, you may use that.

If there is not, you may attempt to backport it yourself.  This may be
easy, difficult, or impossible, depending on the build dependencies of
the package.

If a backport is not feasible, you may build the package manually from
upstream sources and install in /opt or /usr/local.

Re: Wondering how long it usually takes for a package to move from stable-p-u

[Francisco M Neto]

On Thu, 2019-04-11 at 08:20 +0400, Jerome BENOIT wrote:
> And is there any way I can install just that one package as the
> > newer 
> > version on debian stretch without changing the repos to testing for
> > the 
> > whole OS?
> 
> I guess that the best you can do is to build your own package from
> the debian source material.

Alternatively, if the package has been updated in testing you
can download the .deb and install it manually with 'dpkg -i'.

Not the best approach, but remedies the problem until a better
solution comes along.

HTH
Francisco

-- 
[]'s,

Francisco M Neto 

GPG: 4096R/D692FBF0


signature.asc
Description: This is a digitally signed message part

Re: terminal with right-click = paste?

[Greg Wooledge]

On Thu, Apr 11, 2019 at 01:28:18AM -0400, Lee wrote:
> so another package I need to install..
> 
> .. which breaks the login process for me :(
> 
> $ echo xinput > ~/.xsession

If you use a .xsession file, you have to go all in.  Your ~/.xsession
file will completely replace the system default X11 session.  That means
you have to invoke your window manager (or desktop session manager if
you use one of those), as well as any other programs that you'd like
to start as part of your personally customized X session.

If instead you just want to ADD a program to the system default X session,
Debian created a ~/.xsessionrc file which is run in ADDITION to the
default session, so you don't have to replicate all of the functionality
yourself.

https://wiki.debian.org/Xsession

Re: Fixed: May be silly question, but: Lost my qq(´) and qq(´) key

[Reco]

Hi.

On Thu, Apr 11, 2019 at 10:27:43AM +0200, Martin wrote:
> It's the ibus...something.
> No idea what this does¹, but disabling/uninstalling this does the trick.

Long story short, unless you're writing in Chinese, Japanese or Korean -
you don't need ibus.

Reco

New dual boot laptop: Best file system for a USB live image for installation?

[Tom Browder]

I'm preparing to install Win 10 and Deb 9 on a new ZaReason laptop which
has no installed OS on it.

It comes with one 120 Gb SSD as its primary drive and has an empty bay
where I will install a Samsung evo 860 1 Tb SSD.

I would like to use a live image on a large USB for preparing the disks
before installing Win 10 and then Deb 9.

Some questions:

1. What is the best filesystem (FS) to use on the USB? They usually come
with a FAT32 or exFAT FS, but I have in the past made them exFAT. As I
understand it, I believe I can just copy the Debian CD live iso image file
onto the USB and it will be found and booted from fine.

2. If a straight copy works as in question 1, is there any problem with
adding other files on the USB? I have a 64 Gb USB I would like to use for
both a live image as well as storing other files on it.

Given that I'm starting with two clean drives, my plan is to use the small
disk for Win 10 and the other for Debian and maybe have a small partition
to experiment with a BSD OS.

3. Any suggestions as to partitioning given the advantages of the new (to
me) GPT disk formats?

4. Which partitioning program is best to use? I am used to using fdisk and
parted, but I see partion manager mentioned.

Thanks so much.

Best regards,

-Tom

DisplayPort y Nvidia GTX1050

[David]

 Hola Debianitas:
Me voy a comprar un ordenador de sobremesa con este monitor Asus PG248Q 24" LED 
3D y esta tarjeta gráfica VGA ASUS NVIDIA GTX1050-O2G 2GB GDDR5 DVI HDMI 
DISPLAY PORT ¿puede haber problemas al conectar el monitor con la Tarjeta 
Gráfica mediante DisplayPort? O me recomendais conectarlo con HDMI, en Debian

Un saludo
David

Zenbook Numpad/Touchpad

[Mike Sumner]

Hi, I would like to report a bug which may be driver or firmware related.
I am running Buster KDE on a Asus Zenbook UX433 with the combined
numpad/touchpad.  I was on stock Buster kernel but have also tried the
latest Liquorix kernel 5.0.0-7.1-liquorix-amd64
The options in the control centre are greyed out and settings seem to be
set to a default that cannot be changed, e.g. 2 finger scroll works and tap
to click but these cannot be turned off, and other features cannot be
turned on.  The numpad does not work.  Sensitivity can't be adjusted and
often, the cursor stops moving with your finger movement as though it has
stopped detecting your finger.  How should I file this bug?

Mike Sumner

Fixed: May be silly question, but: Lost my qq(´) and qq(´) key

[Martin]

It's the ibus...something.
No idea what this does¹, but disabling/uninstalling this does the trick.

1) I know, there is documentation...

Re: Tracking the next Stable release

[deloptes]

Francisco M Neto wrote:

> Yes, the freeze began March 12.

Thank you, appreciated!

Re: terminal with right-click = paste?

[tomas]

On Wed, Apr 10, 2019 at 11:20:31PM -0400, Lee wrote:

[...]

> That's something I would have never guessed.  Hold down the  key
> + right click and hold _inside_ the xterm window and I get a menu that
> lets me select "large" as a font size.  So at least the xterm window
> contents are readable now.
> 
> No option to save that setting, but still.. progress, so thank you!

Xterm is configured via X resources. Their defaults live in files,
one system-wide and one per-user. The system-wide resources typically
live in the /etc/X11/Xresources directory, one file for each application,
the user-specific ones, which override the system-wide ones typically live
in your home directory, in one file, ~/.Xresources.

The idea is that the distribution and the sysadmin set the baseline and
each user can change those things which don't fit for her.

The Arch Linux wiki [1] has, as often, a pretty good overview for that,
with links for specific Xterm examples.

I set my preferred Xterm putting this in my .Xresources (NOTE: leading
space here for clarity -- remove that!

  *VT100.faceName:Liberation Sans Mono
  *VT100.faceSize:8
  *VT100.faceSize1:   3
  *VT100.faceSize2:   5
  *VT100.faceSize3:   8
  *VT100.faceSize4:   10
  *VT100.faceSize5:   14
  *VT100.faceSize6:   20

Thus you can set the sizes of all fonts offered to you in that menu
("unreadable", "tiny" ... "huge").

Note also that the sizes given here might be a tad too small for you:
I'm a bit myopic myself :-D

Cheers

[1] https://wiki.archlinux.org/index.php/X_resources

-- t


signature.asc
Description: Digital signature

Re: terminal with right-click = paste?

[Lee]

On 4/11/19, Peter Wiersig wrote:
> Lee writes:
>>
>> But again.. wow.  And not in a good way.  Install putty on debian, run
>> putty, right click on the putty menu bar (title bar?) and the menu is
>> lacking _anything_ to do with how putty behaves.
>
> I never tried PuTTY on linux, but I also grew up with X so middle mouse
> paste is my default operandus.
>
> Under Windows the menu is also available with Ctrl-Rightclick in PuTTY,
> maybe that behaves the same?

Yes, as I found out a short while ago, both ctrl-leftclick and
ctrl-rightclick _inside_ the putty window opens up a putty menu.

> Under Linux a right click on the titlebar is window manager dependant
> behaviour (same as with windows, but PuTTY hooks into MS API).
>
>> Not being able to change things on the fly with the
>> debian version of putty is .. disappointing at best.
>
> I only saw screenshots of linux PuTTY but the settings menu was featured
> in the Gnome Desktop screenshot.

Yes, it's there.  It's a fail on my part - I use the keyboard or I use
the mouse.  I haven't held a key down while clicking the mouse in such
a long time that it didn't even occur to me to try holding down
ctrl/alt/shift keys while clicking inside the putty window

Thanks,
Lee