Re: Alternatief voor bash_history ?

[Arno Schuring]

Hi,

Paul van der Vlis (p...@vandervlis.nl on 2018-03-19 11:57 +0100):
> 
> Het zou behulpzaam zijn, als ik had kunnen nagaan wat ik om 21:15 voor
> commando had gegeven. Om het voor een volgende keer te voorkomen.
> 
> bash_history is een goede zaak, maar eigenlijk zou ik het loggen van
> commando's graag wat beter geregeld hebben. Zoals een timestamp voor
> elk commando. En dat het direct wordt weggeschreven, ook vanuit
> meerdere terminals tegelijk.

Zoals al aangegeven, heb je hiervoor geen alternatief nodig -- beide
zijn mogelijk met bash zelf. Timestamps kun je activeren met de shell
variable HISTTIMEFORMAT (bijvoorbeeld
https://unix.stackexchange.com/questions/174900/histtimeformat-syntax)
en direct wegschrijven van history kun je doen met PROMPT_COMMAND
(bijvoorbeeld
https://unix.stackexchange.com/questions/1288/preserve-bash-history-in-multiple-terminal-windows).
De officiele documentatie is hier:
https://www.gnu.org/software/bash/manual/html_node/Bash-History-Facilities.html,
maar SE is vaak nuttiger.

Ik heb nog wel een alternatief dat werkt ongeacht welke shell je
gebruikt: je kunt NOEXEC:ALL toevoegen aan sudoers, zodat een root
shell niets meer kan, en alle admins worden gedwongen om sudo te
gebruiken voor ieder commando. Het voordeel daarvan is dat je sudo
logging (syslog) kan gebruiken als audit log; het nadeel is dat je
vervolgens wel EXEC:-uitzonderingen moet maken voor alle commando's die
legitiem andere programma's uitvoeren, en dat zijn er helaas best wel
veel.


Groet,
Arno

RE: sexist content in the package openclipart2-png

[Arno Schuring]

(yes, I know, old post, and offtopic. Still, pet peeve...)


> Date: Thu, 31 Dec 2015 11:25:55 -0800
> From: jr...@salford-systems.com
>
> [..] combined with a general contempt for women
> (beautiful or not) as weaklings and inferiors. Thus, while removing
> sexually provacative pictures from collections of clip art *might*
> discourage perverse sexual behavior to a very modest extent, it is
> unlikely to reduce the number of wife-beaters. Treating the latter and
> other bullies as the common criminals they are, and ceasing to make
> excuses for them (together with teaching boys from a young age to respect
> girls and women and protect them from violence) would do a lot more.

I don't think you can have it both ways. There is no way to combine the
perception of "women as weaklings and inferiors" with "teaching boys from
a young age to [protect] girls and women". If you do the latter, you
reinforce the former. Yes, teach boys to respect others. Teach girls the
same. But stop perpetuating the misguided idea that one gender is
reponsible (as either provider or protector) for the other.


Regards,
Arno

  

RE: systemd alternative for Jessie?

[Arno Schuring]

> Date: Wed, 14 Oct 2015 17:05:16 +0300
> From: moonsh...@openmailbox.org
>
> On Wed, 14 Oct 2015 07:49:08 -0500
> Richard Owlett  wrote:
>
>> What has the end-user, with a single machine, gained today from
>> the adoption of systemd?
>
> Speaking for myself:
> 1. It took me an hour of googling to write my own working init script.
> It takes me 10 minutes to write my own systemd unit.

The last time I wrote an init script:

- copy /etc/init.d/skeleton
- edit the DAEMON= and DESC= lines


> 2. Boot times improved.

It's been years since I've seen a system where the OS boot took longer
than the BIOS boot. Linux or Windows alike.


As additional anecdata: my systems  consistently boot to
systemd-rescue mode whenever I try systemd. This is because I make
heavy use of auto-unlockable encrypted volumes, and systemd doesn't
support auto-unlocking. I finally got around to moving all my unlock
scripts to the initramfs, only to find that the effort was futile:
even if a volume is already unlocked, systemd drops to a rescue
shell. Immediately typing 'exit' in the rescue shell boots the system
to completion without further errors.

Well, not a problem, right? Systemd was said to be modular, so I'll
just uninstall the systemd cryptsetup component. Har har.

So for all of my systems, systemd doesn't even work. I hope you
understand I don't care about boot time when the boot is unsuccesful.


Regards,
Arno

  

RE: systemd alternative for Jessie?

[Arno Schuring]

> Date: Wed, 14 Oct 2015 22:26:53 +0200
> From: geo...@nsup.org
>
> Le tridi 23 vendémiaire, an CCXXIV, Arno Schuring a écrit :
>> It's been years since I've seen a system where the OS boot took longer
>> than the BIOS boot. Linux or Windows alike.
>
> You may have noticed that the operator between the time for the POST and the
> time for the OS boot is +, not max().

Of course. But when your BIOS boot time is 15 seconds, it hardly makes
any difference if your OS boots in 3 seconds or in 2.1 seconds, does it?


Regards,
Arno

  

RE: should I get rid of pulse audio ?

[Arno Schuring]

 Date: Mon, 17 Aug 2015 23:16:55 +0200
 To: debian-user@lists.debian.org
[..]

 You can't install gnome without the pulseaudio libraries, but it runs
 perfectly fine without the daemon.


On Debian?

$ aptitude why gnome-core pulseaudio
p   gnome-core Depends pulseaudio

This to me suggests that it doesn't even install without the daemon.


Regards,
Arno

  

RE: should I get rid of pulse audio ?

[Arno Schuring]

 Date: Sun, 16 Aug 2015 13:37:37 -0700
 From: bri...@aracnet.com

[..snip list of PA inadequacies..]

 so soliciting opinions on whether or not getting rid of pulse audio is a good 
 idea.

It's a good thing you're asking for opinions, because that's what
you're gonna get. A lot of it, probably ;)

It can be a good idea, or it may cause your hair to fall out or turn
gray. When I ditched pulseaudio, my idle system load average (as
reported through uptime) dropped from 0.7 to 0.03, which was
vindication enough for me.

If you're running Gnome, ditchting pulseaudio is simply not possible.
Not sure about other full-featured DEs, I think at least KDE still
allows you to use alsa directly. Then there's the case that bluez5 also
requires pulseaudio for any kind of bluetooth audio, and the inability
of modern audio chips to handle more than one audio stream at a time.
If you can live with those limitations (I know I can), you can go pure
alsa.

You may need to read up on configuring alsa through .asoundrc and/or
configuring gstreamer defaults through dconf. You especially might want
to look into the alsa dmix plugin if you expect to have sound output
from multiple programs at the same time.

So yes, it is doable, depending on what other programs you use and
what features you expect.


Regards,
Arno

  

RE: Encrypted swap with cryptsetup won't mount at startup

[Arno Schuring]

 From: somebody.mo...@gmail.com
 Date: Tue, 11 Aug 2015 10:08:05 +0200

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 On 11/08/2015 09:38, Arno Schuring wrote:
 On one of my machines I've gotten this (kinda) working by removing
 the systemd generator and manually creating a service file around
 cryptdisks_start and cryptdisks_stop.


 As I have never wrote a systemd unit, and I can't find a simple doc on
 how to do it, can you show me the service file you wrote ?

This is my /etc/systemd/system/systemd-cryptsetup@cryptswap0.service.
The naming matters, as it should override the systemd-generator name.
The filename suffix (@cryptswap0) and Before= line should match
what you have in /etc/crypttab:

[Unit]
Description=Hack to prevent systemd soiling itself on auto-unlocked encrypted 
volumes
#BindTo=dev-%i.device
Before=dev-mapper-cryptswap0.swap
DefaultDependencies=no
IgnoreOnIsolate=yes

[Service]
Type=oneshot
ExecStart=/usr/sbin/cryptdisks_start %i
ExecStop=/usr/sbin/cryptdisks_stop %i
RemainAfterExit=yes

I have a similar one for my luks-backed lvm volume, but with
Before=lvm2.service instead of Before=$device.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub130-w90bb90b0da96d2600bf84bb8...@phx.gbl

RE: Encrypted swap with cryptsetup won't mount at startup

[Arno Schuring]

 From: somebody.mo...@gmail.com
 Date: Mon, 10 Aug 2015 14:07:11 +0200

 Hi,

 I'm trying to encrypt my swap partition, /dev/sda7. [..]

 At boot, it seems like systemd tries to mount /dev/sda7 as a non
 encrypted swap partition, and fails. Then it tries to mount cryptswap1
 following my crypttab. I have to wait 1 min 30, and then I get a message
 Job dev-mapper-cryptswap1.device/start timed out..

Use sysvinit. Last I checked, systemd has no support for keyscripts,
and no documented workaround. On one of my machines I've gotten this
(kinda) working by removing the systemd generator and manually creating
a service file around cryptdisks_start and cryptdisks_stop.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618862


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub130-w2100c113663687aca21505b8...@phx.gbl

RE: kde fully broken in debian/testing

[Arno Schuring]

 From: hans.ullr...@loop.de
 Date: Thu, 30 Jul 2015 22:18:18 +0200

 Hi folks,

 it looks like kde is fully broken in testing and unstable, due to a big
 version mismatch in the repo.

Yes. It was announced/explained a few days ago:
http://perezmeyer.blogspot.nl/2015/07/plasmakf5-testing-situation.html


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub130-w57ce0fcddc2783d09d34b6b8...@phx.gbl

RE: VLAN config on Jessie

[Arno Schuring]

 Date: Thu, 30 Jul 2015 21:43:25 +0100
 From: aw...@comms.org.uk

 Ive got a Jessie machine acting as a router with eth0 being the WAN
 connection to the internet and eth1 being the LAN connection with 2
 VLANS on it (VLAN1 has addresses 192.168.10.x and VLAN2 192.168.100.x)

Your /e/n/interfaces does not match that description...

 auto eth1
 iface eth1 inet static
 address 192.168.10.254
 broadcast 192.168.10.255
 netmask 255.255.255.0
 up /etc/network/if-up.d/iptables

This configures an untagged connection, which is not the same as vlan 1.
Also, there's no need to set that broadcast address manually, it's inferred
from the netmask.

 auto eth1.2
 iface eth1.2 inet static
 address 192.168.100.254
 netmask 255.255.255.0
 vlan-raw-device eth1


 I want vlan 1 to be the default hence I decared it as eth1 not eth1.1

That is most likely wrong. You set a default interface by configuring
the default gateway with the lowest metric. Other than that, there's no
default between network interfaces.

 Whats the correct way to do this please?

I would expect you only configure eth1.1 and eth1.2, and leave eth1
itself unconfigured. Or perhaps, if that configuration confuses
ifupdown:

iface eth1 inet manual
  up ip link set eth1 up


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub130-w4309ea24d2ff0d1ecd7102b8...@phx.gbl

RE: nano needs curses.h?

[Arno Schuring]

 Date: Thu, 23 Jul 2015 14:06:09 -0400
 From: lee.j.i.win...@gmail.com

[..]
 apt-get source nano

apt-get build-dep nano

 ./configure
 make
 [..]
 nano.h:92:20: fatal error: curses.h: No such file or directory

 Should the nano package include curses.h or is some other package a
 prerequisite for nano?

apt-get source does not install build dependencies.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w15cd7fdd246dc41f22817eb8...@phx.gbl

RE: mdadm: No arrays found in config file or automatically

[Arno Schuring]

 From: embe8...@student.uu.se
 Date: Mon, 20 Jul 2015 01:05:08 +0200

 At this point, I don't know if I even have arrays.
 It is nothing I put there or ever mucked around with,
 for sure.


Assuming all your disks are online, just run blkid (as root). If you
have any (software) raid partitions, they will show up as:

/dev/sdc3: UUID=a6fad59a-fb65-69e0-c230-666b5103eba0 TYPE=linux_raid_member 
for a metadata 0.90 array member

/dev/sdc2: UUID=8c85fc73-c0f2-74f0-7fa0-20dd94538f5d 
UUID_SUB=126427a1-e9c4-d5b6-29a6-609216e54318 LABEL=genie:0 
TYPE=linux_raid_member 
for a metadata 1.2 array member


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w181efa5133b070b18d30deb8...@phx.gbl

RE: cp output format

[Arno Schuring]

 From: andrew.mcglas...@affinityvision.com.au
 Date: Fri, 17 Jul 2015 20:54:16 +1000

 for filex in $(ls); [..]

No. Just no.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w32616e646393c66c1c2d06b8...@phx.gbl

RE: YAGF is a seriously screwed package

[Arno Schuring]

I know I shouldn't, but...

 From: jhas...@newsguy.com
 Date: Sat, 11 Jul 2015 15:58:03 -0500

 Paul E Condon writes:
 Just Hi, has the benefit of fewer key strokes. (;-) And it's
 suitable even for an email addressed to single potted plant.

 I've given up emailing them. They never answer.

There's an app for that:
http://www.parrot.com/usa/products/flower-power/


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w26747a1c6f807c35e66412b8...@phx.gbl

RE: Initrd and USB Keyboard

[Arno Schuring]

 From: deb...@alexkretschmer.de
 Date: Fri, 10 Jul 2015 14:44:14 +0200

 Hello,
 I have a system running raid1, dmcrypt and lvm2.
 Debian Version is jessie / stable
 My disks have a small partition for boot, the rest ist encrypted incl. the 
 system.
 Therefore I'm forced to work with an initrd to at least build the raid, 
 decrypt the 2nd partition and provide the virtual disks before the full 
 system is able to boot.

 Unfortunately I can't get my USB Keyboard to work. Neither in a rescue shell 
 nor to type the decryption password.

You probably are missing hid_generic. You need either that module or
evdev (iirc) for input (hot/cold)plugging to work. Even with those
modules, I still haven't been able to access the usb keyboard connected
through my laptop's docking station, though, so this may not be the
complete answer.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w271c66591d013088560946b8...@phx.gbl

RE: Free GNU/Linux intro class for teens advice? Purchase box? Squeak/Smalltalk programming

[Arno Schuring]

Hi.

 To: debian-user@lists.debian.org
 From: mron...@alumni.upenn.edu


 I am working toward teaching a free introductory class to teens on
 GNU/Linux and the philosophy of free software at the Newton Free
 Library in MA this coming September.

 For the class, the participants will need access to GNU/Linux. After
 reviewing some options, including sdf.org, virtual machines,
 Chromebooks, etc., I am considering just asking participants to
 purchase a dedicated laptop and installing the OS. I may be able to
 direct students to install fests in the area before the class starts.
 I am not sure that this is the best idea, but it offers significant
 advantages including a potentially working box as part of the results
 of the course.

All suggestions offered are fine, I would add one more: use live disks.
This allows your students to bring their own device without the risk of
bricking it. And you can have a few single-board devices for those
without an own device. Having an RPi as a demo model also helps
illustrate that there's no functional difference between a pc and
what the hardware in their phone/tv/gadget can do.


 As a test, I purchased a laptop (Toshiba Satellite C75-B7180) on sale
 for $350 at our local Microcenter in Cambridge and was able to load
 GNU/Linux for my son. I am thinking of working some programming
 assignments in Squeak (Smalltalk), but maybe C is a better choice for
 an OS class?

Choose a language with an interactive interpreter. Bash, Python, Ruby,
Haskell all come to mind. But are you planning to teach OS basics or
programming? Because for an OS class, I would focus more on shell tools
(grep, cut, tail) than programming languages.


 Has anyone tried running a GNU/Linux intro class for teens? Can
 anyone share their experiences, thoughts or suggestions? Feedback
 based on actual experience would be most helpful, I think, but I would
 appreciate any insights.

I am an instructor, but not at that level. For programming, I would
probably use the following progression:
- shell commands
- shell scripts (i.e. sequencing shell commands)
- interactive evaluation
- functions
- source files
- compilation

Something like Haskell would be ideal for the latter steps, as it has
the ability to both interpret a source file (through runghc) and compile
it (though ghc). Not sure if e.g. Go has a similar mode?


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w112d4f776ccadea0dd3619b8...@phx.gbl

RE: Installing glibc-2.21 on debian-8

[Arno Schuring]

 Date: Mon, 6 Jul 2015 08:41:44 +0100
 From: zen75...@zen.co.uk

 On 06/07/15 06:07, Dhiraj Bhor wrote:
 Also wanted to know which are security bugs reported for glibc-2.19-18.
 Thanks for being patient.

 Information about current bugs in Debian packages can be found through
 the Bug Tracking System at https://bugs.debian.org/

 Upstream bug information for GNU libc can be found at
 https://sourceware.org/bugzilla/

There's also https://security-tracker.debian.org/tracker/source-package/glibc


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w3889e0ba209b984db2aa49b8...@phx.gbl

RE: clock losing time after a reboot with HP ZBook G2

[Arno Schuring]

 Date: Fri, 3 Jul 2015 15:07:34 +0200
 From: vinc...@vinc17.net

 When I run hwclock --systohc manually before the reboot, the clock
 is OK after reboot. So, this seems to be a systemd bug. I've reported:

 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790974

Michael, since I've seen you reply on this list as well, could you
please provide a little more rationale than we intentionally broke
your system when closing a bug?


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w162461707e12e0b2036d5fb8...@phx.gbl

RE: clock losing time after a reboot with HP ZBook G2

[Arno Schuring]

 Date: Fri, 3 Jul 2015 15:38:02 +0200
 From: bi...@debian.org

 Am 03.07.2015 um 15:18 schrieb Arno Schuring:

 Date: Fri, 3 Jul 2015 15:07:34 +0200
 From: vinc...@vinc17.net

 When I run hwclock --systohc manually before the reboot, the clock
 is OK after reboot. So, this seems to be a systemd bug. I've reported:

 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790974

 Michael, since I've seen you reply on this list as well, could you
 please provide a little more rationale than we intentionally broke
 your system when closing a bug?

 I didn't say we intentionally broke your system, I said we intentionally
 removed the hwclock-save units. That's a difference.

Without further explanation, there is no difference to the casual
observer. Thank you for the pointer to the rationale. I just wish you
would have included that link in your closing message.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w35e610d6fef357015ddf1b8...@phx.gbl

RE: Installing glibc-2.21 on debian-8

[Arno Schuring]

 Date: Fri, 3 Jul 2015 15:37:03 +0530 
 From: dhirajbho...@gmail.com 
 On Fri, Jul 3, 2015 at 3:31 PM, claude juif  
 claude.j...@gmail.commailto:claude.j...@gmail.com wrote: 
 Hi, 
  
 If you really need latest development tools, i suggest you to switch to  
 Fedora 22. (glibc-2.21-5 and gcc 5.1.1). It will be easier and faster  
 than trying to modify glibc stuff in Debian 8. 
  
 Regards, 
  
 I would like to but its a requirement and i have to do  it. No option. 
 May be if i can patch the glibc with all security patches will be  
 enough for me. 

What exactly is the requirement? That you develop against latest libc
or that you deploy with latest libc? Because you mentioning security
patches makes me suspect it's the latter, in which case it's a seriously
bad idea to build your own. Are you going to subscribe to the CVE lists
and rebuild every security patch yourself? Have you factored the ongoing
maintenance cost of that in your project?

If it's only that your project needs to build against the latest glibc,
I recommend you start with an unstable buildroot (man debootstrap), and
install your latest libraries in there. You don't even need to develop
in the chroot, just develop on your own and run the integration tests in
the chroot.


Regards,
Arno
  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w397696c524f08c62438ac4b8...@phx.gbl

RE: RAID b/w GPT and NON GPT partition.

[Arno Schuring]

 Date: Wed, 1 Jul 2015 18:41:35 -0400
 From: garyd...@torfree.net

 On 01/07/15 03:24 PM, Don Armstrong wrote:
 On Wed, 01 Jul 2015, Gary Dale wrote:
 The size of the RAID array is set by the smallest partition so if you
 want to be able to boot from either drive, then putting the ef02
 partition in the free space on the new drive means that you will
 either not be able to boot from the old drive should the new drive
 fail, or you will have different partition tables on each drive.
 This is precisely why you should have the EF02 partition on every single
 drive in the raid set and run grub-install on all of them (or at the
 very least, one more than the number of drives that can fail and still
 assemble the array).

 You missed the point that this would require different partition tables
 on the two drives.

Whose point was that? It certainly wasn't the OP's, who asked to have a
GPT partition table on the second disk of a raid array, whilst the
first had MBR.

 Moreover, if you ever replaced the original drive
 with a larger one, you would have to install LVM to get around the ef02
 partition

This makes no sense. There is no around if you created the ef02
partition in the first available sectors of the disk, as everyone has
been advocating. Nor would it make sense to work around a partition
of less than 1MB, you would only need to work around it if you made
it unsensibly large, like the 100MB you seem to favour. And why would
you want identical partition tables across drives of different sizes
in the first place?


 [LVM] an added layer of complexity that you shouldn't need.

Sure. Because no one would ever need to resize or migrate volumes
without downtime. Don't patronize people by telling them what they do
or do not need. We have seen more than enough of that already.


 However you seem to have conceded the larger point about UEFI which M$
 is trying to make mandatory.

The way I read the thread is that people have been trying to correct
your misconceptions, not argue with you. But meh, I'm sure I'm reading
it wrong.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w22438138a64c6273aea1dab8...@phx.gbl

RE: RAID b/w GPT and NON GPT partition.

[Arno Schuring]

Hi again,

 Date: Tue, 30 Jun 2015 18:58:36 +0500 
 From: sir...@gmail.com 
  
 but there are few confusions. actually in my old drive. there was a  
 extended partition for SWAP. however when i copy the partition table  
 with gdisk x and u option it created the file successfully however.  
 i can not see extended in the output.

Don't worry about it. There's no such thing as extended, primary or
logical partitions anymore in GPT, there's just partitions.


 my last question is making the new 2TB drive able to boot. 
 when i run the command grup-install it gives me error. 
 # grub-install /dev/sdb 
 /usr/sbin/grub-setup: warn: This GPT partition label has no BIOS Boot  
 Partition; embedding won't be possible!. 
 /usr/sbin/grub-setup: error: embedding is not possible, but this is  
 required when the root device is on a RAID array or LVM volume. 
 if i change the type to ef02 (Bios Boot Partition) i may not be able  
 to attach that partition to my current raid level. this is what i think  
 i haven't don't hit and trial technique as i am working on production  
 server. 
  
 can you guys please share how can i make the new drive bootable? 

As Pascal has said, the easiest is to create a new partition in the
free space before partition 1 (sectors 34-2047). Make sure it has the
correct type for a Bios Boot Partition (gdisk type ef02, with parted
you need to set the Bootable flag). Then reboot, as the kernel won't
load the new partition table immediately. After reboot, the
grub-install command above should work.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w17d26fedd3a7a6f9f36bebb8...@phx.gbl

RE: RAID b/w GPT and NON GPT partition.

[Arno Schuring]

Hi,

 Date: Mon, 29 Jun 2015 14:52:32 +0500 
 From: sir...@gmail.com 
  
 I have been using RAID1 b/w  two 1.5 TB  drives which worked great with  
 fdisk. now one of the drive is failed and there is no more 1.5 TB  
 available in the market. the least available drive is 2TB. Which means  
 fdisk 2TB issue. 

Not necessarily, the MBR partition format can handle addresses up to
2TiB. A new 2TB disk is almost certainly 2TB, so you should be fine
with MBR partitioning.


 in old times i could use sfdisk command to copy partition table now  
 since the new drive is 2TB my question is can i use sfdisk on 2TB  
 drive.? i think this will not work since old drive is non GPT which  
 means copying non GPT partition to a drive supports only GPT will not  
 work. 

Just to be sure: MBR and GPT are on-disk layouts, there is no such
thing as a non-GPT drive. You can use MBR partitioning on a drive
larger than 2TiB (though not recommended for obvious reasons), and you
can use GPT partitioning on a small drive as well. Even my 128GB ssd
uses GPT partitioning.

If you really want to use GPT partitioning, you can either use sfdisk
to duplicate the partition table and then use any gpt-aware partitioner
to convert the layout to GPT, or you can use gdisk which can do both.


 - i want to copy my old drive (1.5TB) partition table (non GPT)  to new  
 2TB partition table (GPT)? 

# gdisk /dev/sdOLD
menu options x, u to replicate (GPT) partition table to /dev/sdNEW
# gdisk /dev/sdNEW
review/resize/add partitions where needed


 - and then further want to replace the bad drive from mdadam?

NOTE: completely untested, please wait for others to correct me:

# mdadm --add /dev/mdX $new_partition

If the failed drive is already removed from the array, you can stop 
here. It should rebuild automatically. But if your drive is still
usable but on its way out (e.g. it just started creating bad sectors),
it may be safer to temporarily grow the array:

# mdadm --grow --raid-devices=3 /dev/mdX

This should start a resync from your old disk to the new. Let it
complete, and then remove the old disk:

# mdadm /dev/mdX --fail $old_partition --remove $old_partition
# mdadm --grow --raid-devices=2 /dev/mdX


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w38dbdb6e0c8163ad347565b8...@phx.gbl

RE: slightly OT: what's the point of vagrant when I have a debian VM

[Arno Schuring]

 From: lisi.re...@gmail.com
 Date: Mon, 29 Jun 2015 21:52:59 +0100

 On Monday 29 June 2015 17:50:13 Sivaram Neelakantan wrote:
 Our IT infra came up to me

 Please - put me out of my misery. I have googled, honest. _What_, when he
 she or it is at home, is an IT infra. I simply can't find infra as a noun!

intrastructure admin /  manager / department, i.e. the network
overlords.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w34ed9c58ca0d3ebe7a8174b8...@phx.gbl

RE: aptitude full-upgrade bug?

[Arno Schuring]

 Date: Sat, 27 Jun 2015 12:38:36 -0400
 From: garyd...@torfree.net

 I've upgraded two machines [..] they failed to
 upgrade the kernel. [..]

 I suspect this could be because the meta-package linux-image-amd64
 wasn't installed, but even that doesn't make a lot of sense. Shouldn't
 a full-upgrade bring all the packages up to the current version?


That makes a lot of sense, actually. Linux kernel images are co-
installable, one version does not replace the other. So in order to
have an upgrade path for these packages, the metapackage
linux-image-$arch exists. If you don't have the metapackage, you
don't get new kernels.

This is not unique to the kernel, for example gcc, python and
postgresql follow the same method. However, in those cases, other
packages depend on the metapackage so you usually can't uninstall it.
The kernel is unique in that no package depends on it.

In any case, jessie should be able to boot with a kernel from wheezy
iirc. So there may be a bug lurking there, but it's not a bug in
aptitude.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w7c4d4701b6cc2eb44e6c4b8...@phx.gbl

RE: Boots into emergency mode. How to analyze?

[Arno Schuring]

Hi,

 Date: Thu, 25 Jun 2015 21:46:33 -0600
 From: b...@proulx.com

 The Wanderer wrote:
 In which case I return to my original comment on that point: although
 there might be situations where this setup could make sense, they would
 _not_ be for the casual user. As a setup for a sole computer intended to
 be administered by its sole user, this is simply a crazy design.

 I, like you, feel that being able to log in using a root password is
 an essential requirement. However it is also true that Ubuntu is
 designed for the non-technical and Ubuntu has chosen to disable the
 root password by default and to provide sudo as the root access
 method. Although I agree with you that it is crazy I have to admit
 that there are a lot of Ubuntu machines out there with root login
 disabled.

Having a single root account for administration is also bad from an
accountability viewpoint: it's essentially an anonymous account. Having
user-based accounts allows for much better control and transparency
over who did what.

So while you think it is crazy to have to use sudo on a single-user
machine, I think it's similarly crazy to enable the root account on
machines that are administered by multiple people. The root account
should be limited to emergency use only, and when your threat model
doesn't include having to defend against physical access, the Debian
approach of locking the root account and allowing passwordless login
through sulogin is a perfectly reasonable and valid setup.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w460a5c57b12873b9424974b8...@phx.gbl

RE: auto-mount NFS shares on boot

[Arno Schuring]

 From: svenj...@gmx.de
 Date: Fri, 26 Jun 2015 19:28:37 +0200

 On 2015-06-26 18:38 +0200, Jonas Meurer wrote:

 # systemctl status var-vmail.mount
 ● var-vmail.mount - /var/vmail
 Loaded: loaded (/etc/fstab)
 Active: failed (Result: exit-code) since Fri 2015-06-26 16:29:02
 UTC; 6s ago
 Where: /var/vmail
 What: nfs-server:/vmail
 Docs: man:fstab(5)
 man:systemd-fstab-generator(8)
 Process: 352 ExecMount=/bin/mount -n nfs-server:/vmail /var/vmail
 -t
 nfs4 -o sec=krb5i,_netdev (code=exited, status=32)

 Jun 26 16:29:02 clt mount[352]: mount.nfs4: an incorrect mount
 option was specified

 mount.nfs4 prints this not very enlightening message if the mount
 syscall fails with EINVAL.

If I've understood the mount scripts correctly, the error is correct:
the _netdev mount option is for mount scripts only, and should /not/
be passed to the mount command.

I would guess that this is another case where systemd breaks
backwards compatibility. Maybe it's mentioned in the release notes?


Regards,
Arno

  

RE: Why Debian 8.1 has no torrents beyond first 3 DVD ISO images

[Arno Schuring]

Hi,

 From: cu...@free.fr
 Date: Mon, 15 Jun 2015 12:39:44 +

 On 2015-06-14, Arno Schuring  wrote:

 $ wget 
 http://cdimage.debian.org/debian-cd/current/amd64/list-dvd/debian-8.1.0-amd64-DVD-{1..13}.list.gz
 [..]
 $ zgrep -E '^(stumpwm|cl-ppcre|sbcl|gcl|mpd|gmpc|feh|libtheora0)_' * | cut 
 -d: -f1|sort|uniq
 
 Wouldn't your regexp also match the sources packages?
 

It probably would, but it looks like the sources are on separate DVDs
(in the [..]/current/source directory), so they wouldn't show up when
grepping the amd64/list-dvd/ files. Either way, you can verify the
output by removing the postprocessing by the cut|sort|uniq pipes.


Regards,
Arno

  

RE: Why Debian 8.1 has no torrents beyond first 3 DVD ISO images

[Arno Schuring]

 From: cu...@free.fr
 Date: Sun, 14 Jun 2015 18:12:11 +
 On 2015-06-14, John Hasler jhas...@newsguy.com wrote:
 arnuld uttre writes:
 Well, I need many packages which normal users don't use, like stumpwm,
 ppcre, sbcl, clisp, gcc, mpd, gmpc, feh, theora etc. I have used
 Debian Sarge (and in those days I only had CDs) and I noticed some
 package I wanted were only in last few CDs

 You don't need the source packages nor the ones for architectures other
 than your own.

 Without having researched the question, is there a simple way
 of knowing which dvds contain what (a package list or something)?

Yes, the list-cd/ and list-dvd/ subdirectories on the cdimage server:

$ wget 
http://cdimage.debian.org/debian-cd/current/amd64/list-dvd/debian-8.1.0-amd64-DVD-{1..13}.list.gz
[..]
$ zgrep -E '^(stumpwm|cl-ppcre|sbcl|gcl|mpd|gmpc|feh|libtheora0)_' * | cut -d: 
-f1|sort|uniq
debian-8.1.0-amd64-DVD-1.list.gz
debian-8.1.0-amd64-DVD-2.list.gz
debian-8.1.0-amd64-DVD-3.list.gz
debian-8.1.0-amd64-DVD-5.list.gz
debian-8.1.0-amd64-DVD-6.list.gz


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w188f0e621287fd69f45d15b8...@phx.gbl

RE: cdda2wav missing

[Arno Schuring]

 To: debian-user@lists.debian.org
 From: rodolfo.med...@gmail.com
 
 In Sid, trying to install cdda2wav that I've always used, the package is no
 more available.  Why, and how to replace it in command line?  I could not work
 it out with Google.

It has been missing for a long time. Since 2010, to be exact:
http://archive.debian.net/etch/cdda2wav

In Etch, cdda2wav was replaced with icedax.


Regards,
Arno

  

RE: changing from BIOS to GPT

[Arno Schuring]

 Date: Mon, 8 Jun 2015 11:24:20 +0200
 From: geo...@nsup.org
 

 More precisely: a conforming UEFI firmware MUST be able to read FAT32
 partitions. It CAN be able to read other types: apple's implementation can
 read apple's proprietary filesystem.
 
 If you KNOW that YOUR firmware supports ext2, you can use ext2. More likely,
 your firmware only supports FAT32, possibly NTFS.
 

Ah, I did not know that the EFI spec didn't mandate FAT32 for the ESP.


   Its partition type in gdisk should be EF00,
   and it should be mounted on /boot/efi.
 
 Not much. It should be mounted there if you want to use grub-install with
 the default options, and probably a few other similar tools, but that is
 all.

Well, default options are default options. Debian tools expect the ESP
to be mounted at /boot/efi. That's enough of a should for me. Debian
has always provided ways to deviate from the default setup, but that
doesn't alter the premise.


 
 [ESP] is required to be present when using EFI boot.
 
 This is not true at all.
 
 When using UEFI boot, you need a bootloader on a supported filesystem in a
 supported partition, pointed by the UEFI variables for the menu. The GPT
 type of the partition is irrelevant.

Yet, the EFI spec only requires the firmware to support FAT32...

 You need an UEFI system partition with the precise characteristics if you
 want your firmware to GUESS the bootloader to use on the device, without a
 boot variable pointing to it.

...and the EFI firmware only looks for bootloaders in a partition of
type 0xEF or C12A7328-F81F-11D2-BA4B-00A0C93EC93B.

That you can find ways to configure your UEFI system to boot without 
a partition of that specific type doesn't invalidate my statement
though. The spec mandates a discoverable partition, and it wouldn't
surprise me if half of the firmwares out there would flatly refuse to read
files from a partition with the wrong type.


 (which we already knew, as Windows does not support booting in EFI mode
 from an MBR-style disk)
 
 I am no windows specialist, but I doubt this is true: I have observed a
 barely-conforming laptop without BIOS emulation booting a windows 8 recovery
 USB stick formated in MBR format.

From https://msdn.microsoft.com/en-us/library/windows/hardware/dn336946.aspx:

[..] you receive the error message: Windows cannot be installed to
this disk. The selected disk is not of the GPT partition style, it's
because your PC is booted in UEFI mode, but your hard drive is not
configured for UEFI mode. You’ve got a few options:

- Reboot the PC in legacy BIOS-compatibility mode. This option lets
  you keep the existing partition style. [..]
- Reformat the drive for UEFI by using the GPT partition style. This
  option lets you use the PC’s UEFI firmware features.
  
  
Regards,
Arno


  

RE: changing from BIOS to GPT

[Arno Schuring]

 Date: Sun, 7 Jun 2015 23:23:26 -0400
 From: garyd...@torfree.net
 

 On top of that, grub installs its stage2 bootloader in the unclaimed
 space between the MBR and the first partition. That space is not unused
 in the GPT disk format, so when you simply convert your existing
 partitions, grub will have no place to install its stage2 and
 grub-install will error out. To have grub-pc boot from a GPT disk, you
 need to have a Bios Boot Partition (gdisk partition type ef02) of at
 least 128kB.
 I added one early on in the process. It's 100M which should be plenty. I 
 later formatted it as FAT32 after reading that it need that, but it 
 didn't help.

There's still some confusion here:
- The ESP (Efi System Partition) is recommended to be around 100-200MB
  and should be formatted as FAT32. Its partition type in gdisk should
  be EF00, and it should be mounted on /boot/efi. It is required to be
  present when using EFI boot.
- The BBP (Bios Boot Partition) is only needed to store grub's second-
  stage loader and doesn't need to be any larger than 1MB. It should
  not be formatted or mounted, as grub will use the raw space. Its
  partition type in gdisk is EF02. It is only needed when using grub
  to bios-boot from a GPT disk.



 Luckily, most partition tools start their first partition at the 1MB
 boundary, so you can usually create that bios boot partition between
 sectors 40 and 2048, but that's not a given.
 The original Windows layout had a recovery partition starting at 2048 
 and the main Windows partition coming after that. There wasn't an EFI 
 partition on the original layout. Nor did I add one when I shrank the 
 main partition and installed Linux. I only added an EFI partition after 
 switching to GPT.

If there wasn't an EFI System Partition, you were not booting through
UEFI but in BIOS mode (which we already knew, as Windows does not
support booting in EFI mode from an MBR-style disk). I can't explain
how grub-efi came to be on your system, but it wasn't what made your
system boot.


Regards,
Arno

  

RE: changing from BIOS to GPT

[Arno Schuring]

(sending again through hotmail's web interface -- apologies for
anything my MUA may do to the content)

 Date: Sun, 7 Jun 2015 14:23:40 -0500
 From: deb...@lionunicorn.co.uk

 Quoting Gary Dale:
 Arno Schuring said:
 reconfigure grub in this case meant uninstalling grub-pc and
 installing grub-efi, right?
 No actually. I never uninstalled grub-pc. The machine seemed to have
 grub-efi-amd64 all along. What I meant was the more mundane
 update-grub sequence. Also, I've been using EF02 as the gpt partition
 type for the efi partition. So far I've never had a problem with that.

 I don't think that matters. I have read that converting a disk from
 MBR to GPT, quite simply, breaks grub, whichever version. So it needs to
 be reinstalled.

It does, but what it breaks is the installed bootloader, not the grub
installation. So it needs to be reinstalled is correct, but aptitude
reinstall grub-pc is the wrong solution. You should be running
update-grub and grub-install, using the package manager will not solve
the issue (except for the fact that both update-grub and grub-install
/may/ be triggered as part of the package installation).

On top of that, grub installs its stage2 bootloader in the unclaimed
space between the MBR and the first partition. That space is not unused
in the GPT disk format, so when you simply convert your existing
partitions, grub will have no place to install its stage2 and
grub-install will error out. To have grub-pc boot from a GPT disk, you
need to have a Bios Boot Partition (gdisk partition type ef02) of at
least 128kB.

Luckily, most partition tools start their first partition at the 1MB
boundary, so you can usually create that bios boot partition between
sectors 40 and 2048, but that's not a given.

Note that the above applies if simply switching from dos-style to
gpt-style partitioning. It doesn't apply when switching from legacy
boot to efi boot.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub124-w49141a0e6d750156db5747b8...@phx.gbl

RE: changing from BIOS to GPT

[Arno Schuring]

Hi,

 Date: Fri, 5 Jun 2015 14:45:04 -0400
 From: garyd...@torfree.net
 
 I have a computer that was set up with an the older style partition 
 table and wanted to convert it to GPT. Since the first partition started 
 at 2048, I figured this wouldn't be a problem. Just use gdisk to write a 
 new partition table after stealing some space from swap for an EFI boot 
 partition. Then reconfigure grub...

reconfigure grub in this case meant uninstalling grub-pc and installing
grub-efi, right?

And that EFI boot partition is mounted on /boot/EFI, is formatted as FAT32,
and has the correct partition type (EF01 in gdisk iirc)?

 [..] created new Linux and Swap partitions that I 
 installed Jessie to. These were extended partitions that gdisk converted 
 to primary (it displays them as primary but with the original numbers).
 

There's no such thing as primary/extended/logical partitions with GPT.

 Now I don't even to get a grub rescue prompt. I've tried reinstalling 
 grub in a chroot after booting with system rescue cd but that didn't 
 work. I've reinstalled grub to /dev/sda but again without success. 
 Update-grub sees the partitions but doesn't give me a bootable system.
 
 BTW: Grub is the grub-efi-amd64 package.
 
 At one point I did get it to boot after using F12 to bring up a boot 
 menu and booting from the first HD, but I haven't been able to repeat that.

That probably wouldn't have worked anyway, as EFI doesn't boot from
HD. That boot from HD option probably tried a legacy boot. Instead,
EFI relies on a list of bootloaders that's stored in nvram. You can use
efibootmgr to query or modify this list.

However, that gives you a nice chicken-and-egg problem. Modifying
the efi boot list can only be done through efi system calls, and the
efi system calls are only available if your system is booted in EFI
mode to begin with.

See http://blog.uncooperative.org/blog/2014/02/06/the-efi-system-partition/
for a description of the boot process. There is a default efi bootloader,
it should be located as /boot/efi/efi/boot/bootx64.efi assuming your
ESP is mounted correctly (see above). Grub is probably installed as
grubx64.efi, you may want to copy the grub efi loader to this
default location and try again.

If that fails, your next attempt at fixing this would be to find a copy of
shellx64.efi on the 'net. It's a part of Intel's EFI SDK, but easily available
as a separate download (eek! downloading unsigned binaries from
random sites). If you put it in the root of the ESP (i.e. 
/boot/efi/shellx64.efi),
your firmware/bios may offer you a separate option to boot this shell
instead. Note the use of may, there is no standard for this.

That shell pretty much behaves as a dos prompt with tab completion,
you can try to start grubx64 from there.

That's pretty all the pointers I can give you. The process above is how
I converted one of my machines from legacy to efi boot. Be prepared
for a lot of reading, trialing, and erroring.


Best of luck,
Arno

  

RE: Old Computers

[Arno Schuring]

 From: lisi.re...@gmail.com
 Date: Tue, 2 Jun 2015 16:46:17 +0100
 On Tuesday 02 June 2015 16:28:30 lostson wrote:
 On Tue, 2015-06-02 at 16:07 +0100, Lisi Reisz wrote:
 On Tuesday 02 June 2015 14:55:51 Sven Arvidsson wrote:

 I thought of DSL.  But it needs an i486. :-(
 http://www.damnsmalllinux.org/
 http://distrowatch.com/table.php?distribution=damnsmall

 Lisi

  How about Tiny Core Linux

 http://distro.ibiblio.org/tinycorelinux/faq.html#req
 
 Needs i486. :-(
 

The Linux kernel itself requires 486, it doesn't build for 386
anymore.

IIRC it's because it uses the CMPXCHG instruction to
implement locking, and that instruction isn't available on 80386.


Regards,
Arno

  

RE: Strange problem with *.local / avahi / zeroconf

[Arno Schuring]

(apologies in advance for any mangling caused by hotmail's web interface)

 From: b-m...@gmx.ch
 Date: Fri, 29 May 2015 21:19:48 +0200
 
 On Friday 29 May 2015 18.11:29 Arno Schuring wrote:
[..]
 
 Sorry, forgot to mention, ping with ip does work, only ping with 
 hostname.local doesn't.
 
 Avahi-discover is great, thanks!
 But I'm only one step further, since now after a reboot, when everything 
 works 
 as expected, it shows the server's hostname as a Workstation. I can get its 
 details (IP address etc.)
 When connections using the hostname stopped working, the hostname is still 
 shown as a Workstation, but I cannot get its details anymore, instead I get 
 the following error:
 org.freedesktop.Avahi.TimeoutError: Timeout reached
 
 What timeout is that, one on the server or one on the client? I still don't 
 get it :-(
 

The timeout error is from the client, but the reason is likely that the server
is no longer reponding to requests. You said you had multiple clients, do they
all fail at the same moments? If all your clients fail at the same time, the
cause is likely to be on the server. If one client fails while the others
still work fine, your problem is more likely to be misconfiguration of the
clients.

My money's on the server being the cause. I have no direct knowledge of
avahi-daemon, but the generic advice is to run the service manually (i.e.
run avahi-daemon --debug on the server), or check /var/log/daemon.log
or /var/log/messages and hope that avahi does useful logging.


Best of luck,
Arno

  

RE: How to boot without GUI

[Arno Schuring]

 From: cu...@free.fr
 Date: Fri, 29 May 2015 20:16:15 +

 That seems to ring a bell, now that you mention it (seems I do remember
 intentionally installing gdm3 at some point on this machine). Except the
 name of the previous package was gdm (version 2.20.11-4) not gdm2.

 So Squeeze never provided a gdm2 package, you're wrong on that point.
 There are two versions of 'gdm' in Squeeze, one named 'gdm' and the other
 'gdm3', corresponding to versions 2.20.11-4 and 2.30.5-6squeeze5.

Reco never stated that there was a package gdm2, just that squeeze
shipped with both versions.

There used to be just one package, gdm, and it installed the display
manager for gnome. That package was called gdm for gnome 1, and
was called gdm for gnome 2. However, gdm became unmaintained
as of gnome 2.20, and was replaced with a complete rewrite as of
gnome 2.30. But the rewrite did not have all the features of gdm (iirc),
so Squeeze shipped with both.

It's only with the introduction of gdm3 that people started referring to
the original gdm as gdm2. Before gdm3, there was only gdm.


Regards,
Arno

  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/dub119-w26cfe89479dd54ddb7178ab8...@phx.gbl

RE: Strange problem with *.local / avahi / zeroconf

[Arno Schuring]

Hi,

 One machine runs apache2 with services like owncloud as well as avahi-daemon. 
 Other machines (clients) connect to it, e.g. with the owncloud client, using 
 hostname.local as URL.
 
 After some time, maybe 2 or 3 minutes or so, the other machines loose the 
 connection. In a browser I cannot connect, I cannot ping, nothing. It's 
 absolute reproducable.

You cannot ping the machine's ip address, or you cannot reach (resolve) the
.local hostname?

 
 If I restart a client, it can reconnect, but only for a few minutes. This 
 happens for both, Jessie and Mac OS clients.
 
 I went already through a reset of the router, no effect.

Your router has nothing to do with it, unless it's actively blocking the 
traffic.
The .local hostnames are resolved through mdns (multicast dns), which
is provided by avahi-daemon on the server side, and libnss-mdns on the client.

You could use a tool like mdns-scan or avahi-discover to list the services on
the current network, to verify the presence or absence of the service.

I suspect you may need to read man avahi-daemon.conf, specifically the
rate-limiting options. Of course there is no mention of what happens when
the limit is reached, or what the default values are. I would point you to
the server's logfiles, but I can't say for certain if avahi logs anything at 
all.


Regards,
Arno

  

RE: strange booting behavior

[Arno Schuring]

Hi,


 On 5/19/15, Arno Schuring aelschur...@hotmail.com wrote:
 
  Note that you can add break=premount to the kernel cmdline
  to force an initramfs shell, then use sh -x /scripts/$phase/$script
  to manually step through the initramfs procedure.
 
  You can use grep maybe_break /usr/share/initramfs-tools/init to
  check the valid break= values, and their order.
 
 stepping sounds like a great way to debug, but i'm out of my depth.  i
 don't know what premount is (is that a phase?  a script?  something
 else?), or what initrd does (all i know is it's a ramdisk and has a
 fake root fs for some reason).  i will of course be happy to try this,
 but i won't know what scripts to run, in what order, or what the
 results will mean.
 

premount is just one of the breakpoints in the initramfs where you can 
break out and get a shell. The init procedure is completely shell-based,
you may try reading /init lines 208-238 to get a feel for it. Basically,
every phase is represented as a directory in /scripts, and the order in
which the scripts are run is determined by a /scripts/$phase/ORDER file
in each directory.

/scripts/local-top/cryptroot is probably the most interesting script for
you to run, and I don't think it has many dependencies since you're
not using lvm. But ORDER is itself a shell script as well :)

Beyond that, I don't think I can be of much help. I only know about this
because I'm using a custom unlock procedure for my rootfs. I can't tell
you about the design of the initramfs, nor do I know if what I'm
advising here is the easiest way.

 
  Also, can you verify that /conf/conf.d/cryptroot exists
  in the initramfs and contains the correct line?
 
 instead of rebooting to determine this and trying to transcribe it, is
 it ok to extract the initrd as it is on disk?  i did so and got this:
 target=toshiba-root,source=UUID=...,key=none,rootdev (where ...
 is the correct uuid according to blkid for /dev/sda3, which is the
 partition on which encrypted root resides).
 
 does that seem correct?

yes, that should be correct.

 
  in fact, in the initrd busybox shell, i can do cryptsetup
  luksOpen /dev/sda3 toshiba-root.  i do not know how or where
  to mount it, however.  mounting it on / not work.
 
  You need to mount it (readonly) on /root. Then exit the initramfs shell
  and the boot should continue normally.
 
 on /root, as in the superuser's home dir for dot files etc.?

Yes. There is no home dir in the initramfs. It's a bit counterintuitive, but
it does make sense to mount the real root filesystem on /root. It's just a
shame that 'root' has more than one meaning.


Regards,
Arno

  

RE: strange booting behavior

[Arno Schuring]

Hi,

 i am still trying to get something to boot and will be grateful for
 any suggestions, including other places to ask.
[..]
 
 grub comes up, i select the default debian version.  the
 kernel loads and starts doing things for 7 seconds.
[..]

Note that you can add break=premount to the kernel cmdline
to force an initramfs shell, then use sh -x /scripts/$phase/$script
to manually step through the initramfs procedure.

You can use grep maybe_break /usr/share/initramfs-tools/init to
check the valid break= values, and their order.

 
 then drops into a shell, initramfs.  the error message is
 roughly like the following (transcribed manually, ... not
 in the original).
 
 Check cryptopts=source= bootarg:cat/proc/command line or
 missing modules, device:cat/proc/modules ls/dev -r ALERT!
 /dev/disk/by-uuid/a892...732 does not exist dropping to a
 shell!
 
 i do not understand this error message.  that partition DOES
 exist.  the uuid refers to /dev/sda3 (the raw partition that
 contains encrypted root).

Does the partition exist, or does the /dev/disk/by-uuid/...
symlink exist? The error message clearly indicates it's looking
for a /dev/disk/by-uuid symlink, so the presence of /dev/sda3 is
not enough.

Also, can you verify that /conf/conf.d/cryptroot exists
in the initramfs and contains the correct line?

 
 in fact, in the initrd busybox shell, i can do cryptsetup
 luksOpen /dev/sda3 toshiba-root.  i do not know how or where
 to mount it, however.  mounting it on / not work.

You need to mount it (readonly) on /root. Then exit the initramfs shell
and the boot should continue normally.

 strangely, despite having dropped into an initramfs shell,
 the kernel keeps spewing USB messages every 30 seconds or
 so.  these start with usb disconnect, then new usb device
 and it mentions my mouses and stuff.  i have to clear the
 screen each time.

I would expect that dmesg -n 1 should solve that, but am not sure
if that works within the initramfs.


Hope this helps,
Arno


  

Re: Services die afhankelijk van elkaar zijn

[Arno Schuring]

Paul van der Vlis (p...@vandervlis.nl on 2012-12-04 11:46 +0100):

 Ik draai een systeem waarbij enkele services afhankelijk van elkaar
 zijn. Als bijvoorbeeld de database herstart wordt, bijvoorbeeld voor
 een security update, dan moet ook een andere service herstart worden,
 want die doet het dan niet meer (en hersteld zich ook niet).
 
 Is er binnen Debian een mechanisme om dit te automatiseren?

Min of meer. Dependencies kunnen worden aangegeven in de LSB-headers van
de init scripts, en insserv (vanaf Squeeze) en systemd snappen deze
dependencies. Zie man 8 insserv. Lees dan vooral ook de sectie over
overrides, zodat dpkg niet bij de volgende upgrade gaat vragen om het
init script te vervangen.

 Dus dat als b.v. de database herstart wordt, ook een andere service
 herstart wordt?

Deze dependencies zijn enkel voor het bepalen van de opstartvolgorde;
bij het herstarten van services worden ze niet meegenomen.

Het ontwerp van Upstart biedt wel deze mogelijkheid (stop on stopping
en start on started events), maar of dit volledig is geïmplementeerd
voor package upgrades weet ik niet.

 Of is er principieel iets mis met een service als deze dusdanig
 afhankelijk is van een andere service, dat die andere service niet
 even herstart kan worden?

Dat hangt af van de service, maar de meeste Unix-services volgen het
client-server model, en daarbij maakt het geen verschil of de services
of dezelfde machine of op verschillende machines draaien. Het hele
Internet is in zekere zin gebaseerd op robuustheid, op het automatisch
kunnen herstellen van verbindingsfouten. Een client service die omvalt
bij de eerste communicatiestoring zou mij in ieder geval niet veel
vertrouwen geven in de maker ervan.

De enige uitzondering daarop die ik ken (en die daarover ook genoeg
kritiek ontvangt) is dbus: als de messagebus-server onderuit gaat zijn
clients niet in staat om opnieuw te verbinden als deze wordt herstart.


Groeten,
Arno


--
To UNSUBSCRIBE, email to debian-user-dutch-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121204201852.2ac4d...@murid.intra.loos.site

Re: OT: The following packages will be REMOVED:

[Arno Schuring]

Ralf Mardorf (ralf.mard...@alice-dsl.net on 2012-11-14 19:41 +0100):
 On Wed, 2012-11-14 at 13:30 -0500, Tom H wrote:
 
 And if for Debian udev still should be available as an
 independent package, then because Debian maintainers extract it from
 systemd, In April 2012, udev's source tree was merged into systemd -
 http://en.wikipedia.org/wiki/Udev
 

Actually, it's because Wheezy's udev version (175) is from before the
systemd merge.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121114230751.44f47...@murid.intra.loos.site

Re: Found problem source - BUG or undocumented feature? - was[Re: Mounting of USB flash drives - observed strangeness]

[Arno Schuring]

Richard Owlett (rowl...@cloud85.net on 2012-11-14 13:05 -0600):
 
 The source of the discrepancy is whether or not a USB flash 
 drive is present (for whatever reason) during Debian 
 installation.
 
 If there has been no USB flash drive present during install, 
 then a labeled device shows up as /media/device label as 
 expected.
 

Having just done some Wheezy usb installs, I can confirm this for
wheezy. However I'm not sure what solution it is you're looking for
(do not create /media entry points for usb removables detected during
install?). If you can explain that, perhaps the formulation of the bug
report follows naturally.

While you're at it, you may want to ask why the installer doesn't allow
putting /media on a separate filesystem.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121114225758.43bc8...@murid.intra.loos.site

Re: debian 6.0.5 ISO installation issue. GRUB .. file not found

[Arno Schuring]

Muhammad Yousuf Khan (sir...@gmail.com on 2012-08-09 16:55 +0500):
 i just installed debian from 6.0.5 amd64 net CD. with basic options.
 
 installation went fine but in first boot. shows me this
 
 Welcome to GRUB
 error : file not found
 grub rescue

If memory serves me right, you need to
rescue set root=(hd0,1)

Assuming that /boot is a separate partition, created as /dev/sda1.
Season to taste. The grub shell has tab-completion, not sure if the
rescue shell has the same. If the installer created one single
partition, you may also need
rescue set prefix=($root)/boot/grub

rescue insmod normal
rescue normal

And from there the regular grub commands (linux, initrd) should work.
There may also be a command to start the menu from there (insmod
gfxmenu?).

An easier but slower solution is to boot again from the installation
disc, start a rescue shell and re-run grub-install and update-grub.

Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120809165340.4d3f0...@viper.intra.loos.site

Re: [OT] what is the correct way of setting up lvm

[Arno Schuring]

Umarzuki Mochlis (umarz...@gmail.com on 2012-03-18 21:08 +0800):
 this not a debian issue but a general linux issue
 
 i had set a LUN (e.g.: /dev/sdb) that can be seen from a server but
 after some time (rsync to this logical volume) it got remounted
 read-only and there's unlinked-inode from dmesg.
 
 my method of creating a ext3 logical volume is
 
 # pvcreate /dev/sdb
 # vgcreate backup /dev/sdb
 # lvcreate -n mailbackup --size 1200g backup
 # lvextend -l +100%FREE /dev/backup/mailbackup
 # mkfs.ext3 /dev/backup/mailbackup

I don't see anything obviously wrong, but using lvextend on a new VG
isn't really necessary. I'd have used
# lvcreate -n mailbackup -l 100%VG backup

The remount action may have been triggered because of a communication
error between the host and the san. Were you sharing the iscsi target
between multiple hosts?


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120318182604.7b590...@viper.intra.loos.site

Re: [OT] how to take care of hand

[Arno Schuring]

lina (lina.lastn...@gmail.com on 2012-02-04 00:57 +0800):
 Hi,
 
 are there some suggestions about how to take care of hand?
 
 for weeks, I felt the hand especially the thumb get strengh-less in 
 typing, and kinda of stiff,

I've never hand problems with my hands, it's always been wrist or
shoulder for me.

 I can't avoid using mouse ( even has changed to a light one) and 
 keyboard, googled some way, a bit horrible, someone even said need do 
 operations.

I'm still using a 10+ year old Logitech Mouseman. It's the one mouse
that somewhat matches my natural hand positioning. I've also swapped
right-button with the thumb button.

As for operations: this is not a medical forum.

 are there some good way of avoiding it. 3 years ago I once had, but
 gone within week. now I get handache about it.

Headaches? Take a good look at your posture. Mousing too far from your
body will imbalance your shoulder, and that will strain your back and
neck muscles. I've found that the most natural position for me is
placing the mouse on my thigh.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120204103321.54caf...@viper.intra.loos.site

Re: ext4 extends implementation question

[Arno Schuring]

Alberto Fuentes (alberto.fuen...@qindel.com on 2012-01-23 09:24 +0100):
 On 01/10/2012 11:31 PM, Arno Schuring wrote:
  afuentes (alberto.fuen...@qindel.com on 2012-01-10 10:33 +0100):
  What happens when you run out of space to allocate new extends in
  ext4? is not allowed to write anymore even tho there are tons of
  blocks available?
 
  I'm unsure what you mean. Extents is only an optimization strategy
  for allocating contiguous blocks. If there are no contiguous
  blocks, ext4 falls back to allocating singular blocks, but with
  normal usage patterns you should never get tons of blocks
  available with none of them contiguous.
 
  At least, that's how I understand it. Are you getting allocation
  failures with still plenty of space available?
 
 
  Regards,
  Arno
 
 
 
 This is how i see it
 
 [X][ ][ ][ ][ ][ ][ ][ ][ ][ ][ ][ ]
 [X][X][X][X][ ][ ][ ][ ][ ][ ][ ][ ]
 [X][X][X][X][X][X][X][X][ ][ ][ ][ ]
 [X][X][ ][ ][ ][ ][ ][ ][ ][ ][ ][ ]
 [X][X][X][ ][ ][ ][ ][ ][ ][ ][ ][ ]
 [-][-][-][-][-][-][-][-][-][-][-][-]
 [-][-][-][-][-][-][-][-][-][-][-][-]
 
 row= extends
 [x]= used
 [ ]= allocated
 [-]= free

That's not how extents work. What you are describing is a large block
granularity, not extents-based allocation. There is no reason why the
next allocation can't happen like this:

[X][ ][ ][ ][ ][ ][ ][ ][ ][ ][ ][ ]
[X][X][X][X][ ][ ][ ][ ][ ][ ][ ][ ]
[X][X][X][X][X][X][X][X][A][A][A][A]
[X][X][ ][ ][ ][ ][ ][ ][ ][ ][ ][ ]
[X][X][X][ ][ ][ ][ ][ ][ ][ ][ ][ ]
[-][-][-][-][-][-][-][-][-][-][-][-]
[-][-][-][-][-][-][-][-][-][-][-][-]


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120123202148.3be5a...@viper.intra.loos.site

Re: Grub cannot fit into boot record

[Arno Schuring]

John Hasler (jhas...@newsguy.com on 2012-01-14 12:25 -0600):
 Panayiotis writes:
  I have another computer running Wheezy with lvm and it's working
  fine. Maybe it's the sum of the md driver + lvm driver that is too
  big to fit in the gap?
 
 Use Lilo.  It doesn't use the gap at all.
That's true, LILO uses a blocklist IIRC.

  IMHO putting critical
 boot software in an unallocated area that other software will (not
 unreasonably) assume contains nothing important is a loony idea.
It's not any more loony than hardcoding the disk sectors in which the
kernel file resides.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120115142440.3fe30...@viper.intra.loos.site

Re: network / nat / port forward -- problem

[Arno Schuring]

YR (zha...@videotron.ca on 2012-01-12 16:34 -0500):
 
 The system has 2 network cards. Debian accesses the internet via eth0 
 without problems. (typical dhcp getting IP from ISP)
 the internet connection is shared, and the xp machine connected to
 eth1 connects to the internet also without problems (none that I saw
 anyway) the dhcp server on debian assigns an ip to the eth1 machine
 successfully in the 10.x.x.x range

First things first -- you have no modem, or the modem is in bridge mode
(i.e. your Debian machine is directly connected to the Internet)? In
what range is the IP address of your Debian box?

 
 my problem is that I cannot access the machine on eth1 when it
 serves. For example, from the machine connected to eth1 I could play
 quake 3 connecting to a server on the internet flawlessly, but I
 cannot host a server myself, others can't connect to me.
 how to I forward the ports to the eth1 machine so that I can have a 
 server on it? (or as routers often call it virtual servers)

You need port forwarding, known as DNAT to friends. The official
documentation is here:
http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO.html

Some examples: http://linux-ip.net/html/nat-dnat.html


 
 I also want to activate the firewall on the debian machine but that
 also has caused problems with the internet connection sharing,
 leaving the machine on eth1 connectionless.

You already have a firewall, or you would have serious issues with
connectivity from your eth1 box. How did you activate the firewall?


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120113005731.494e5...@viper.intra.loos.site

Re: ext4 extends implementation question

[Arno Schuring]

afuentes (alberto.fuen...@qindel.com on 2012-01-10 10:33 +0100):
 What happens when you run out of space to allocate new extends in
 ext4? is not allowed to write anymore even tho there are tons of
 blocks available?

I'm unsure what you mean. Extents is only an optimization strategy for
allocating contiguous blocks. If there are no contiguous blocks, ext4
falls back to allocating singular blocks, but with normal usage
patterns you should never get tons of blocks available with none of
them contiguous.

At least, that's how I understand it. Are you getting allocation
failures with still plenty of space available?


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120110233113.6c2f8...@viper.intra.loos.site

Re: No sound after purged some gnome packages

[Arno Schuring]

Csanyi Pal (csanyi...@gmail.com on 2012-01-10 18:05 +0100):
 Hi,
 
 I have problem with sound. Can't hear anything except PC speaker's
 beep. This PC Speaker is in the PC Box and is small. :)
 
[..]
 Aplay can't find any soundcard.
 aplay -l
 aplay: device_list:242: no soundcards found...
[..]
 What I did is that that I just purged almost all gnome packages from
 my Debian SID and maybe purged some essential packages for sound.
 

Smart money's on a missing alsa-base package.

To be more thorough:

- Is alsa-base still installed?
- Are you still a member of the audio group?
- What are the permissions on /dev/dsp and /dev/mixer?

What is the output of:
$ lsmod | grep snd
$ cat /proc/asound/cards


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120110234554.101e4...@viper.intra.loos.site

Re: SATA disk errors

[Arno Schuring]

Tony van der Hoff (t...@vanderhoff.org on 2011-12-31 18:21 +):
 199 UDMA_CRC_Error_Count0x003e   200   199   000Old_age
 Always -   455

This is your problem (well, symptom). The disk isn't failing
hardware-wise, but it is seeing a lot of transmission errors. The ATA
bus errors in dmesg seem to agree with that.

I'd say you have a problem on the SATA bus. That can be either a faulty
controller, faulty wiring or a faulty SATA chip on the disk. If you
can, try to swap the disk positions or connectors. If the problem
remains on ata3, the problem is in the controller. Similar tests can
help you rule out faulty cables.


Stan Hoeppner (s...@hardwarefreak.com on 2011-12-31 17:04 -0600):
 On 12/31/2011 12:21 PM, Tony van der Hoff wrote:
 
 /dev/sda
1 Raw_Read_Error_Rate 243530983
7 Seek_Error_Rate 18363743
 
 /dev/sdb
1 Raw_Read_Error_Rate 138763088
7 Seek_Error_Rate 1374378
 
 Interestingly, SMART says these two drives have been in service only
 2.6 months:
 
9 Power_On_Hours  1893
 
 This indicates both drives are failing and should be replaced ASAP.

As Camaleon has said, for Seagate drives this isn't necessarily true.
My WD drives keep the raw value strictly at 0, but the Seagates I use
always report very high read error rate (same goes for ECC recovered).
They seem to me more like debug flags than actual counters.

I find it more instructive to look at the longevity indicators in the
middle (VALUE, WORST and THRESH), because they help interpret the raw
data without requiring you to read a data sheet.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120103005853.03f17...@viper.intra.loos.site

Re: Rkhunter warning

[Arno Schuring]

David Baron (d_ba...@012.net.il on 2011-12-27 12:12 +0200):
 Warning: Network TCP port 13000 is being used by /sbin/rpc.statd.
 Possible rootkit: Possible Universal Rootkit (URK) SSH server
  Use the 'lsof -i' or 'netstat -an' command to check this.
 
 rpc.statd is started by nfs-common.
 
 False alarm? Bug? Serous trouble?

If you have installed rpc.statd and have it running, it could be a
false alarm. Have you tried profiling the port (with an ssh client or
nmap)?

You can ask rpcinfo for confirmation:
$ rpcinfo -p
   program vers proto   port
[..]
1000241   udp  20492  status
1000241   tcp  20492  status
# lsof -i |grep stat
rpc.statd 15685statd   5u  IPv4  463090t0  UDP *:1021 
rpc.statd 15685statd   7u  IPv4  463180t0  UDP *:20492 
rpc.statd 15685statd   8u  IPv4  463210t0  TCP *:20492 (LISTEN)


By default, rpc.statd uses a random port number. If you restart
nfs-common, chances are that it will pick a different port number. You
can force a different (static) port by editing /etc/default/nfs-common.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111227202333.5fe6f...@neminis.intra.loos.site

RE: which is the best command to use

[Arno Schuring]

 
 well, I have two files:
 
 File_a.txt
 a
 a
 a
 
 File_b.txt
 b
 b
 b
 
 I wish to get a file_ab.txt as
 a b
 a b
 a b
 

man 1 paste   Regards,Arno

Re: which command I should use to extract the matching part out

[Arno Schuring]

lina (lina.lastn...@gmail.com on 2011-12-19 23:53 +0800):
   sed -n '/^model 1/q;/^model 0/,$p'
 
 Just realize the sed -n '/model 0/,/model 1/'p can also do that. (so
 newbie I was/am).
 
 just still don't understand above sentence. sed -n '/^model
 1/q;/^model 0/,$p'

The semicolon separates two commands. The first one matches on model 1,
and quits sed (stops processing). The second one is a range command,
matches from the model 0 line to the end of the file ($), and prints
the current line.

Arguably, the single range command (/model 0/,/model 1/) is a better
solution because it also works in the aggregate case (cat *|sed instead
of sed *).


Regards,
Arno


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111219192856.4d59a...@neminis.intra.loos.site

Re: How can I find the BusID?

[Arno Schuring]

lina (lina.lastn...@gmail.com on 2011-12-11 00:33 +0800):
 Hi,
 
 I don't know how to find the BusID for:
 
 xorg.conf
 
 Section Device
   Identifier  aticonfig-Device[0]-0
   Driver  fglrx
   BusID   PCI:1:0:0
 
 (Here the one seems not correct) cause there is an warning:
  No matching Device section for instance (BusID PCI:0@1:0:1) found

Your line is correct. The reason for the warning is that your card is
dual-head, and both heads have their own pci address. The message is
harmless as both fglrx and radeon understand the second head without
needing it configured.

 # lspci | grep VGA
 01:00.0 VGA
In my case:
01:00.0 VGA compatible controller: ATI Technologies Inc RV350 AS
01:00.1 Display controller: ATI Technologies Inc RV350 AS (Secondary)

Which is why the second controller doesn't show up, apparently it isn't
VGA-compatible :)

 Another question, How do I check whether there is a 3D acceleration,
 seems 2D have.

Besides the direct rendering, you can also check the opengl version:
$ glxinfo|grep -i opengl
OpenGL vendor string: X.Org R300 Project
OpenGL renderer string: Gallium 0.4 on ATI RV350
OpenGL version string: 2.1 Mesa 7.11.1
OpenGL shading language version string: 1.20


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111211221932.706a2...@neminis.intra.loos.site

Re: voortgang aptitude safe-upgrade

[Arno Schuring]

Geert Stappers (stapp...@stappers.nl on 2011-12-11 16:06 +0100):
 On Sun, Dec 11, 2011 at 03:25:26PM +0100, Geert Stappers wrote:
  
  Hoi,
  
  
  Hoe kun je zien dat `aptitude safe-upgrade` nog vorderingen maakt?
  
  Ik heb al een tijdje deze regel op mijn scherm staan:
  
   open: 1741; closed: 4659; defer: 119; conflict: 80   o
Dit karakter zou moeten pulseren: ^
(de volgorde is dacht ik . o O o)


Groet,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-dutch-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Passwordless root shell is offered when boot problem occurs.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-12-06 01:18 +0700):
 Thank You for Your time and answer, Arno:
 
   a) locking the root account (passwd -l root), which will give you
  sulogin: root account is locked, starting shell
 
 That's the point - sudo is used on the system and the root account is
 blocked.

Que?
http://lists.debian.org/debian-user/2011/12/msg00075.html


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111206201500.3ef0f...@neminis.intra.loos.site

Re: where to get patched older kernel for example 2.6.39

[Arno Schuring]

Jim Green (student.northwest...@gmail.com on 2011-12-06 05:17 +):
 On 6 December 2011 05:07, Bob Proulx b...@proulx.com wrote:
  Do you have any examples of something in the Linux 3.x kernel that
  isn't in the 2.6.38 kernel that is likely to cause trouble?
 
 Actually I don't :) I haven't got the chance to look through the long
 changelogs..
 
 my other concern using the 3.** kernel is my .config for the kernel,
 probbaly it doesn't work for 3.** kernel because of new kernel
 parameters or parameter changes..
I think you'll be pleasantly surprised. I'm sure there are some changes
(I can recall a submenu being moved around sometime in recent history,
which made all parameters appear as NEW), but most of them will be
additional drivers which you can safely ignore.

Just to be sure: you do know about make oldconfig, right?


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111206203328.4b133...@neminis.intra.loos.site

Re: Passwordless root shell is offered when boot problem occurs.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-12-03 17:53 +0700):
 [..] A standard Debian config
 should not offer a passwordless root shell unless you explicitly ask
 for it,
 
 Oh, no! I didn't! :)
 
 Do You have an idea where to look for that? - I have no ideas,
 absolutely.

Just as a pointer, you can get a passwordless root shell by:

- interrupting initramfs: specify break=init on the kernel command
  line
- overriding init: specify init=/bin/bash on the kernel command line
- configuring inittab: either add a bootwait line spawning /bin/*sh
  or tell getty to bypass login with -l /bin/*sh
- setting SULOGIN=yes in /etc/default/rcS, and either
  a) locking the root account (passwd -l root), which will give you
 sulogin: root account is locked, starting shell
  b) deleting root's password (passwd -d root), which will give you
 Press enter for maintenance(or type Control-D to continue)

All four methods above will give you an unconditional root shell. Since
yours only spawns on error, none of the above applies.

 
 On other hand, if we pursue this idea - that physical access makes a
 host absolutely undefended, - we can let root account to be
 password-less - for why worrying?

Setting a root password will still protect you from remote users that
have access to login programs (such as su). Locking the root account
reduces the attack surface to your sudoers configuration.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111203150013.1fa5b...@neminis.intra.loos.site

Re: relocation error: and segmentation fault

[Arno Schuring]

Dennis Wicks (w...@mgssub.com on 2011-12-03 13:38 -0600):
 It looks like I am going to have to restore some libraries 
 at the least.
 
 Is there any way that I can refresh or reinstall my system 
 without wiping out all the other things I have on the same 
 disk? eg /home and other user directories and optional software.

Can you still run dpkg? Then your best bet is to use a different
machine to download just enough to get apt working again (that's only
libc6, libgcc1, libstdc++6 and zlib1g on testing). If some configure
script cannot run because of a missing library, you can postpone it by
using dpkg --unpack instead of dpkg -i.

When you have apt working, you can work on restoring the rest of your
system. My advice would be to (re)install aptitude first, see below why.


You can use ldd to find out which libraries are missing, and dpkg -S to
get the package to which they belong. As an example:

$ ldd `which apt-get`
linux-gate.so.1 =  (0xf7757000)
libapt-pkg.so.4.10 = /usr/lib/libapt-pkg.so.4.10 (0xf7634000)
[..]
libdl.so.2 = /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (..)
libz.so.1 = /usr/lib/libz.so.1 (0xf739)
/lib/ld-linux.so.2 (0xf7758000)
$ dpkg -S /usr/lib/libz.so.1
zlib1g: /usr/lib/libz.so.1

If libraries are missing, they will show as '= not found'. That means
you will have to guess the full path, use another system as reference,
use apt-file to search for the package, or just guess. Most libraries
are in /lib or /usr/lib on Squeeze, but on Wheezy you'll find some in
the old location and most in an architecture-specific location such as
shown above.


When you have aptitude working, you're almost home. A full system
rebuild can be done with
# aptitude reinstall ~i

Or just the libraries:
# aptitude reinstall ~slibs
(Don't about the tons of not installed, so not reinstall messages).


Best of luck,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111204011531.2185c...@neminis.intra.loos.site

Re: Passwordless root shell is offered when boot problem occurs.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-12-02 15:17 +0700):
 
 From here it's all guesswork. You'd need to provide a full bootlog up
 to the point where the shell is started to get any meaningful
 answers.
 
 Hmm. I thought everybody has the same OS behavior in such condition...
 And the problem here is only improper/default configuration.

That could very well be, but I haven't had a boot problem in years
(well, except when trying out systemd). A standard Debian config should
not offer a passwordless root shell unless you explicitly ask for it,
but I can think of at least four ways to get such a root shell -- not
including misconfiguration, bugs or alternative boot devices.

 
 I have grepped through my logs on HDD partition that caused the boot
 stop (because one partition was not mounted that set to be auto
 mounted) - 

I don't think you'll find anything in the system logs. From the little
information you have given, it is clear that the system has not fully
started, so there is no reason to assume that /var/log is accessible or
that syslog is running.

Early boot messages should be found in /var/log/boot, but bootlogd
seems very hitmiss on my systems. Filesystem checks are logged
in /var/log/fsck.

 
 In general, am I correct in understanding the situation, that what I
 gonna do is abnormal behavior in Debian distro., and to have the root
 password-less shell in emergency cases is OK for some (to
 developers / security team) reasons

It's not about emergency situations, although it certainly can be used
as such. It's about accesss: if anyone has physical access to your
machine, there are so many ways to access your system that it is silly
to protect against one of them.

So yes, protecting yourself from physical attacks by insisting on a
root password is abnormal behaviour. How are you going to prevent an
attacker from opening your PC and connecting the harddisk to his own
machine?

 - and in case I want to commit
 what I have targeted, I have to develop the solution myself (that is
 there is no a config. file that I might simply turn on the password
 prompt for root shell in such cases)?

In short, yes. If you really want to be that paranoid (and there are
good reasons for it, especially on laptops), you should be looking at
encryption as your solution (dm-crypt, truecrypt, bitlocker), not
passwords.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111203000543.44f5a...@neminis.intra.loos.site

Re: Passwordless root shell is offered when boot problem occurs.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-12-01 23:54 +0700):
 
 fsck errors should drop into a sulogin shell, which asks for the
 password. The only way you could get a root shell is if your root
 device cannot be found. In that case, there is no way to ask for a
 password because there is no password file.
 
 Well. There is root device - if You mean / mount point. Otherwise
 whence sulogin comes from?

sulogin should be in /sbin on your filesystem, but that is not
the first filesystem where programs are started from. Google early
userspace and initramfs' for background info.

From here it's all guesswork. You'd need to provide a full bootlog up
to the point where the shell is started to get any meaningful answers.

 
 If you must, there might be a way to get what you want by adding
 files to the initramfs by dropping a file
 in /etc/initramfs-tools/hooks/ or
 
 Ahh. I have the dir. empty.
 
 the like. But if you find yourself needing to secure against that,
 then you must also set a bootloader password, lock out alternative
 boot methods, set a BIOS password and put your machine behind lock
 and key. Do you really need that?
 
 At least I want that. Do You know how to do that?
 

I know the theory, that is all I know. The Debian initramfs is generated
from scripts in /usr/share/initramfs-tools. To add files to it, you
need to create a file in /etc/initramfs-tools/hooks that copies the
required files (/sbin/sulogin, /etc/passwd and /etc/shadow) into the
initramfs, and then you need to edit the panic() function
scipts/functions to spawn sulogin instead of a shell.


Regards,
Arno


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111202000209.2394c...@neminis.intra.loos.site

Re: Trouble with remote rsyslog

[Arno Schuring]

Summarizing the other comments and adding my own...

vr (debian-u...@iotk.net on 2011-11-30 00:03 -0500):
 I'm having trouble getting remote rsyslog to work.
 Can anyone look over my config and offer clues what I've done wrong 
 please?
 
 
 SENDING SERVER (99.30.25.3, Squeeze, up to date)
 
 /etc/rsyslog.conf
 $ModLoad imudp
 $UDPServerRun 514
The sender needs omudp (the output module), and is not a UDP server.

 main.info @99.30.25.3
 mail.warn @99.30.25.3
 mail.err  @99.30.25.3
You're sending to the wrong address

 
 /etc/default/rsyslog
 RSYSLOGD_OPTIONS=-c4
 
 
 
 
 RECEIVING SERVER (99.30.25.2, Squeeze, up to date)
 
 /etc/rsyslog.conf
 $ModLoad imudp
 $UDPServerRun 514
This will work, but note that the recommended protocol for
rsyslog-to-rsyslog logging is RFC3195:
$ModLoad imrelp
$InputRELPServerRun 2514

 
 
 /etc/default/rsyslog
 RSYSLOGD_OPTIONS=-r
That file should warn you that -r is deprecated, and it is not needed
if you load the correct modules anyway.

Finally, you're opening your syslog port on a public interface. Please
make sure you have an adequate firewall.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2030230114.46c32...@neminis.intra.loos.site

Re: Passwordless root shell is offered when boot problem occurs.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-11-28 13:47 +0700):
 Once mount error occurs while OS booting, I get root shell - w/o even
 asking for password... How I can change the behavior (to ask for
 password before granting root shell)?
 

Do you get a message 'root account locked, starting shell?'

fsck errors should drop into a sulogin shell, which asks for the
password. The only way you could get a root shell is if your root
device cannot be found. In that case, there is no way to ask for a
password because there is no password file.

If you must, there might be a way to get what you want by adding files
to the initramfs by dropping a file in /etc/initramfs-tools/hooks/ or
the like. But if you find yourself needing to secure against that, then
you must also set a bootloader password, lock out alternative boot
methods, set a BIOS password and put your machine behind lock and key.
Do you really need that?


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2028171700.61ae3...@neminis.intra.loos.site

Re: reduce crypt partition

[Arno Schuring]

scar (s...@drigon.com on 2011-11-25 13:56 -0700):
 i need a little help reducing my crypt partition.  when i first
 installed debian, i used a rather standard /boot on /dev/hda1 and
 crypt on /dev/hda2, using LVM for the rest of the partitions.
[..]
 
 $ sudo fdisk -l
Advice: use fdisk -u. It will allow you to specify partition offsets in
sectors, instead of hoping that your current fdisk aligns partitions at
the exact location that the previous partitioner did.

 
 Disk /dev/hda: 40.0 GB, 40007761920 bytes
 255 heads, 63 sectors/track, 4864 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes
 Disk identifier: 0x3f423f42
 
Device Boot  Start End  Blocks   Id  System
 /dev/hda1   *   1  31  248976   83  Linux
 /dev/hda2  32486438821072+  83  Linux
[..]
 $ sudo pvdisplay
   --- Physical volume ---
   PV Name   /dev/dm-0
   VG Name   graveyard
   PV Size   20.00 GB / not usable 3.81 MB
   Allocatable   NO
   PE Size (KByte)   4096
   Total PE  5119

sectors/PE = 4096*1024 / 512 = 8192
Total sectors = 5119*8192 = 41934848

I don't know if you need additional space for dmcrypt headers, so I
would advise to use more sectors than this minimum.

As a general rule, I always use resize2fs -M to make sure I don't get
caught in conversion errors (1000 vs 1024 etc). Also, after changing
the partitions you should resize the PV to the real size of the
partition (i.e. without size argument). It's your best way to ensure
everything has gone right.


Best of luck,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2027125916.7da06...@neminis.intra.loos.site

Linux 3.1 and r300

[Arno Schuring]

Hi all,

Since the upgrade to the 3.1 kernel, I'm seeing display flickers on
two machines with an older ATI card (a 9600 and X1500). One machine is
very vocal about EDID errors and blinks the display roughly every ten
seconds, making it impossible to work with. The other logs no EDID
errors and only blinks once every hour.

I've had this before, and then it was related to load detection which
can be disabled (doesn't appear to work this time):
$ xrandr --output DVI-0 --set load detection 0

The EDID errors can be resolved by killing output polling (drm.poll=0
on the kernel command line).


Before I file a bug, is anyone else seeing this?


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2027131721.76ad9...@neminis.intra.loos.site

RE: Documentation -- gcc?

[Arno Schuring]

 OK, so gcc documentation is unfree. I have no dog in that fight.

 Save an old man a few days of reading the GFDL flame wars from
 seven years ago, and someone (one) just kindly say where this non-free
 documentation is.

http://packages.debian.org/squeeze/gcc-doc-base
and
http://packages.debian.org/squeeze/gcc-doc

Maybe http://gcc.gnu.org/onlinedocs/ will be faster?



 I have 16 (two architectures) DVDs. Could it be lurking somewhere
 in those 64 GB of compressed files? Or have I been had?

A quick scan of http://cdimage.debian.org/debian-cd/6.0.3/amd64/list-dvd/
shows no sign of these packages. Presumably because the DVDs only contain
the main archive?


Regards,
Arno

  

Re: NCID with no rcS.d

[Arno Schuring]

lrhorer (lrho...@satx.rr.com on 2011-11-24 03:38 -0600):
 OK, so here's the deal.  I compiled and installed ncid on one of my 
 Debian servers  Everything seems to be working just fine.  There's
 one small item, though.  When I took the init scripts and ran
 update-rc.d, it gave me a warning saying stop runlevel arguments (0
 1 6) do not match LSB Default-Stop values (S 0 1 6).  When I looked
 at the scripts, they have the line
 
 # Default-Stop:  S 0 1 6
 
[..]
 First of all, why did the routine put up that warning and fail to
 create the links?
insserv doesn't create the links unless explicitly asked to do so. By
default (as it's called from dpkg), it only determines start/stop
ordering.

I'm not sure how those links are populated initially. It could be that
the package provides them, and is missing that one link.

To restore the defaults, run:
# insserv -vd ncid

  Secondly, what is the potential operational
 impact, here?
Virtually none. You're only missing the kill script that affects
runlevel transitions into runlevel S (iiuc). That transition will never
happen unless you do it manually, and most people reboot into S, not
telinit into it.

 It seems to me this will cause a dirty shutdown of the
 ncid processes, although I'm not sure how really heinous that would
 be.
No, shutdown and reboot are runlevels 0 and 6 respectively. That will
still work.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2024140106.18279...@neminis.intra.loos.site

Re: Disabling NFSv4 on Debian Squeeze

[Arno Schuring]

Israel Bravo (bravo...@gmail.com on 2011-11-20 15:42 +0200):
 How can I disable the NFSv4 on Debian Squeeze (without recompiling the
 kernel)?

man 5 nfs will tell you that you can force a specific nfs version by
adding -o nfsvers=X on the mount command line (or in /etc/fstab).

 
 Or - another possibility - to disable mapping UID and GID to
 nobody/nogroup ?

Have you checked the server is not configured with all_squash?

The mapping is done by the nfs id mapper (man 8 rpc.idmapd). I've found
the documentation to be severely lacking, but maybe
http://linux.die.net/man/5/idmapd.conf will help.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2020211834.1002c...@neminis.intra.loos.site

Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)

[Arno Schuring]

Kramarenko A. Maksim (mc@k-max.name on 2011-11-15 09:51 +0400):
 Arno Schuring aelschur...@hotmail.com писал(а) в своём письме Tue,
 15 Nov 2011 03:30:54 +0400:
 
  Kramarenko A. Maksim (mc@k-max.name on 2011-11-14 13:02 +0400):
  Hello, All!
  Tired of fighting with Kreberos.
  The second week I can not properly configure the server  NFSv4 and
  domain on Win 2k8 R2 via kerberos. Kinit command, etc. work
  properly and get tickets from the KDC:
 
  =
  ...daemon.log.
  Nov 8 13:50:10 archiv rpc.gssd[2067]: WARNING: KDC has no support
  for encryption type while getting initial ticket for principal
  'nfs/archiv.sag.local@SAG.LOCAL' using keytab
 
  If this is the cause, and it seems to be, then your kernel is
  simply too old. The default kernel in Squeeze only support des-cbc
  encryption for NFS, and that is deprecated. On Linux systems the
  workaround is to specify allow_weak_crypto in krb5.conf, but I'm
  not aware of a workaround for Windows.
 
  Maybe try a newer kernel, e.g. from backports?
 
 
  Regards,
  Arno
 
 
 Thanks for the answer.
 Arno,
 I upgraded from backports kernel and NFS (nfs-common and
 nfs-kernel-server), but now I have the following error when mounting:
 ARCHIV ~ # uname -a
 Linux ARCHIV 2.6.39-bpo.2-686-pae #1 SMP Thu Aug 4 11:02:22 UTC
 2011 i686 GNU/Linux
 client:
 ==
[..]
 Nov 15 00:06:32 debian rpc.gssd[1730]: Success getting keytab entry
 for 'nfs/debian.sag.local@SAG.LOCAL'

Seems good...

 === ... and server: === 
 Nov 15 00:06:34 archiv rpc.svcgssd[1097]: ERROR: GSS-API: error in
 handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified
 GSS failure. Minor code may provide more information) - No supported
 encryption types (config file error?)
 Nov 15 00:06:34 archiv rpc.svcgssd[1097]: ERROR: GSS-API: error in
 handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified
 GSS failure. Minor code may provide more information) - No supported
 encryption types (config file error?)

The server does not seem to accept the encryption type, or the KDC
(Windows) is rejecting the negotiation. Does the client keytab contain
multiple encryption types (klist -k -e)?

Can the server mount itself? Try mounting the exported directories on
the server to see if that works.

You might get more response on linux-...@vger.kernel.org


Regards,
Arno


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2016203450.5f556...@neminis.intra.loos.site

Re: KVM networking.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-11-15 20:12 +0700):
 $ /usr/bin/kvm -localtime -m 256 -no-reboot -boot c
 -hda da -net nic,macaddr=$(printf
 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256))) -net tap
 
 kvm: -net tap: could not configure /dev/net/tun (tap%d): Operation not
 permitted
 
 kvm: -net tap: Device 'tap' could not be initialized
 
 I run it under normal user - as You have guessed already - yet in
 sudoers I have for the user (as I understand all the commands
 involved in tap bringing up by KVM):
 
 vmuser ALL = /sbin/ifconfig *, /sbin/ifup br0, /sbin/ifdown
 br0, /sbin/ip *, /sbin/brctl *, /usr/sbin/tunctl *, /sbin/route add
 -host *
 
 How I can solve this?

qemu does not use sudo. -net tap,ifname=$(sudo tunctl -b) doesn't work?

 
 By the way, to overrun the permission problem I have tried running it
 under sudo (root) user when I got the following error:
 
 No protocol specified
 Could not initialize SDL(No available video device) - exiting
 
 So it needs a screen for KVM window running. Do You know how I can
 launch it in such case? - Except to allow root user. :)

Most likely your sudo does not preserve $DISPLAY.

 See my other mail. You can get the network working by using the
 correct routes (I hope). But that won't get you internet access from
 the VM without either NAT or reconfiguring your modem.
 
 My host is connected to router. Do You mean that I need NAT at the
 router or host? - I thought host only.

Yes, NAT at the host should work.


Sthu Deus (sthu.d...@gmail.com on 2011-11-15 01:40 +0700):
 Thank You for Your time and answer, Arno:
 
 I think this setup might need additional configuration on the
 outside, because you need to add the same subnet route on your
 Internet modem/router. I don't think qemu gives you NAT for free...
 
 I've got such a problem w/ NATing:
 
 /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d !
 192.168.1.0/24 -j SNAT --to-source 192.168.0.2
 
 Bad argument `192.168.1.0/24'
 
 Do You have any idea why iptables does not accept the ip nor the ip
 net?

You need to use ! -d addr, not -d ! addr


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2016204900.0743f...@neminis.intra.loos.site

Re: sources.list best practices

[Arno Schuring]

Brad Alexander (stor...@gmail.com on 2011-11-16 10:07 -0500):
 Actually, Andrei, that will fit puppet well. I was just looking for
 methodologies, and I think that you and Tong pointed out a couple of
 important points. First, never cross the streams on stable. I'm
 guessing here that both of you probably use the codename (e.g.
 squeeze, lenny, wheezy, etc) and not the release name (stable,
 testing, unstable) to protect against inadvertent upgrades.

In my case, /etc/apt/sources.list is for all machines the same and
simply lists stable, testing and unstable + security.d.o. I
use /etc/apt/preferences to protect against unplanned upgrades (stable
has higher priority than testing, etc). I only use APT::Default-Release
to refer to a release by name.

If I need more (experimental, dmo, -updates), I add those in
sources.list.d.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2016210650.0b732...@neminis.intra.loos.site

Re: GNOME 3 Alt-Tab takes two hands now?

[Arno Schuring]

Kevin Ross (ke...@familyross.net on 2011-11-13 19:38 -0800):
 If you have two windows open for the same application, the Alt-Tab
 popup combines them into a single icon.  To switch between windows of
 the same application, you have to hit the down arrow while the popup
 is up.  So you have to hit Alt-Tab, and while holding down the Alt
 key, hit the down arrow, then hit Tab multiple times to get to the
 window you want.

You want Alt-Tick (the button above Tab)

 
 Really?  This is an improvement?
Meh. For me the more important issue is that the ordering seems random.
I'm used to having my applications ordered in LRU-style (so pressing
alt-tab gives me my previous application, twice the one before that
etc). That's no longer true in G3.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201450.41df2...@neminis.intra.loos.site

Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)

[Arno Schuring]

Kramarenko A. Maksim (mc@k-max.name on 2011-11-14 13:02 +0400):
 Hello, All!
 Tired of fighting with Kreberos.
 The second week I can not properly configure the server  NFSv4 and
 domain on Win 2k8 R2 via kerberos. Kinit command, etc. work properly
 and get tickets from the KDC:

 =
 ...daemon.log.
 Nov 8 13:50:10 archiv rpc.gssd[2067]: WARNING: KDC has no support for
 encryption type while getting initial ticket for principal
 'nfs/archiv.sag.local@SAG.LOCAL' using keytab

If this is the cause, and it seems to be, then your kernel is simply too
old. The default kernel in Squeeze only support des-cbc encryption for
NFS, and that is deprecated. On Linux systems the workaround is to
specify allow_weak_crypto in krb5.conf, but I'm not aware of a
workaround for Windows.

Maybe try a newer kernel, e.g. from backports?


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2015003054.74f62...@neminis.intra.loos.site

Re: GNOME 3 - Help needed - Testing upgraded from GNOME 2 to GNOME 3

[Arno Schuring]

Selim T. Erdogan (se...@alumni.cs.utexas.edu on 2011-11-13 05:32 -0600):
 Arno Schuring, 12.11.2011:
  
  Ralf Mardorf (ralf.mard...@alice-dsl.net on 2011-11-11 23:51 +0100):
   
   Before I run the upgrade I saved a backup of my GNOME 2 Debian. Is
   there the need to restore Debian from the backup, or is there a
   way to get back a usable DE, by editing GNOME 3?
  Others have pointed out the fallback mode, but if I try that, X
  won't start at all (can't find session gnome-fallback).
 
 There's a separate package, gnome-session-fallback, that I had to 
 install additionally.  (On sid, a few weeks ago.)  Do you have that 
 installed?

Ah thanks for that. No I hadn't, I had assumed it was part of the
gnome-shell package.

And concerning one other gripe:
 And now that I've touched the xrandr system settings, I can no
 longer start g-s-d while in Enlightenment because it f***s up my
 display settings...
$ gsettings set org.gnome.settings-daemon.plugins.xrandr active 'false'


Thanks!
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2013234319.6c76d...@neminis.intra.loos.site

Re: Is GNOME 2 panel still in unstable?

[Arno Schuring]

Camaleón (noela...@gmail.com on 2011-11-13 17:59 +):
 
  and how many people are whining because GNOME 2 is gone? 
 
 We all miss the good job that GNOME2 did. IMO, there is nothing wrong 
 about users whining or complaining because of the change, that's a
 normal reaction that express the love we had for GNOME2 and loving
 GNOME2 is nothing bad.

Now that's a spin that I like :)

However, you can argue whether effectively discontinuing the most-used
DE on Linux is a wise move. I can understand some of the reasoning
behind it, but in my mind, abandoning your old product in favor of some
fad of the day feels like a forced upgrade. And most users use Linux
because they got fed up with the forced upgrade treadmill of certain
proprietary software manufacturers...


Regards,
Arno


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2014013415.673fb...@neminis.intra.loos.site

Re: KVM networking.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-11-11 23:41 +0700):
 
 I have included more options to network script:
 
 /usr/bin/kvm -localtime -m 256 -no-reboot -boot c -hda da
 -net nic -net tap,ifname=$(sudo /usr/sbin/tunctl -b -u $(whoami);
 sudo /sbin/ifconfig tap0 192.168.1.1 up; sudo /sbin/route add -host
 192.168.1.1 dev tap0),script=no,downscript=no

You're adding a host route, whereas you need a network route. Try:
$ sudo ip route add 192.168.1.0/24 via 192.168.1.1

Or, with the older tools (a bit rusty):
$ sudo route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 dev
tap0


I think this setup might need additional configuration on the outside,
because you need to add the same subnet route on your Internet
modem/router. I don't think qemu gives you NAT for free...

Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2012145818.63559...@neminis.intra.loos.site

Re: KVM networking.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-11-11 23:23 +0700):
 Sthu Deus (sthu.d...@gmail.com on 2011-11-08 14:44 +0700):
  1. The bridges take the Internet connections for itself - thus
  leaving the host app.s w/o Internet access, probably routing needed
  here - but they do not make any specifications for that.
  
 That sounds weird. What does brctl show? A default setup with these
 two lines should already work fine:
 
 iface br0 inet dhcp
  bridge_ports eth0
 
 Just remember to leave eth0 unconfigured...
 
 Then how do host's app.s will get to Internet?

Through the bridge. I can't tell what's missing until you show us your
bridge configuration, if you have any. I'll show my config for
comparison:

$ ip addr show eth0
2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast
master br0 state UNKNOWN qlen 1000
link/ether 00:17:31:4a:c6:a3 brd ff:ff:ff:ff:ff:ff
$ ip -4 addr show br0
4: br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state
UP 
inet 172.22.15.221/24 scope global br0

Note the master br0 on the eth0 configuration, and the lack of any IP
addresses. My routing is slightly different, but you can see there are
no routes using eth0 directly:

ladmin@golem:~$ ip -4 route show
default via 172.22.21.1 dev vlan21 
172.22.15.0/24 dev br0  proto kernel  scope link  src 172.22.15.221 


  2. As a workstation - it does not provide access from host to the
  guest.
  
 You mean networking access? I've never needed it, but it should work
 once your host apps have networking access... (just tested: ping
 between host and vm works fine for me).
 
 I mean that DHCP of KVM gives Internet access to guest and having no
 interface from host to guest, I can not reach the guest from host. Of
 course, host app.s and guest's app.s - both have Internet connection,
 but not host-guest connection.

I'm not sure exactly what you're trying to do, but KVM only does DHCP
and basic routing with -net user and not with -net tap FAFAIK.

 
  3. W/ tap - You have seen already the problem - some unknown to me
  permission problem - do You know why is it so?
  
[..]
 
 Now it works - regarding the permission problem, but I need the
 interface (tap).
 
 Of course I can create by root w/:
 
 ifconfig tap0 192.168.1.1 up
 
 route add -host 192.168.1.1 dev tap0
 
 but I want w/o root.

Then you should consider using -net user instead of -net tap, I think.
I agree that it is slightly weird that you can't configure a tap
interface even when you own it, but it makes sense: you're not just
configuring the tap interface (which you can do from inside the VM),
you're also changing the host's routing table.

 And even w/ root - I still can not get network working between host
 and guest - having configured guest w/:
 
See my other mail. You can get the network working by using the correct
routes (I hope). But that won't get you internet access from the VM
without either NAT or reconfiguring your modem.

btw I made a mistake in the previous route command: you shouldn't need
to set a gateway, just the dev tap0 should be enough.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2012151649.4ef2d...@neminis.intra.loos.site

Re: Yikes, 140 held packages

[Arno Schuring]

Harry Putnam (rea...@newsguy.com on 2011-11-12 05:31 -0600):
 Andrei POPESCU andreimpope...@gmail.com writes:
 
  I would suggest you run 'aptitude safe-upgrade' first and then try 
  'aptitude full-upgrade'. Don't worry, aptitude will present all
  changes to you before applying. If you don't like or understand
  what you see just copy-paste it here and we'll have a look.
 
 It happens that I had already run `aptitude full-upgrade' before
 seeing your post... It removed a fairly extensive list of pkgs.  But
 still I see 135 on hold.  I forgot how to list only installed with
 aptitude but running `aptitude search . |grep ^ih' shows 135
(you were look for aptitude search ~i)

What does the following show:
$ aptitude search ~ahold

This should probably give you the list of 135 packages. You can release
the held packages by using the same syntax:
# aptitude unhold ~ahold


If that doesn't work, the packages could be held in dpkg instead, but
the output is slightly different (and aptitude and dpkg easily
disagree):

$ echo xfonts-encodings hold |sudo dpkg --set-selections
$ aptitude search ~ahold
ihA xfonts-encodings - Encodings for X.Org fonts
$ sudo aptitude unhold xfonts-encodings
[..]
$ aptitude search ~ahold
$ dpkg --get-selections|grep hold
xfonts-encodingshold
$ dpkg -l xfonts\*
hi  xfonts-encodin
ii  xfonts-utils
[..]

To quickly unhold packages held by dpkg, you can use this:
$ dpkg --get-selections|awk '$2==hold {$2=install;print}'  list

Review the list before feeding it to set-selections:
$ sudo dpkg --set-selections  list


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2012164057.18359...@neminis.intra.loos.site

Re: Removing evolution but leave gnome intact?

[Arno Schuring]

kei...@strucktower.com (kei...@strucktower.com on 2011-11-10 19:24
-0800):
 I realize it is not necessary, but if possible I'd like to remove
 evolution.
 
 This is what I have tried so far:
 
 # aptitude unmarkauto gnome-control-center evolution-data-server
 # aptitude unmarkauto libedataserverui1.2-11 capplets-data
 # aptitude unmarkauto evolution-data-server-common
 # aptitude unmarkauto gnome-session gnome-panel gnome-applets
 
 # aptitude -s -R remove --purge evolution-data-server /
   evolution-data-server-common libedataserverui1.2-11 /
   gnome-control-center: gnome-panel: gnome-applets: gnome-session:

You cannot remove the data server or evolution libraries, they are tied
into the gnome-panel's clock function. If they had 90% market share,
they would be facing antitrust probes over it ;)

You might be able to fake its presence by using equivs, but there's no
telling whether that will break gnome-panel. Apart from that, removing
the evolution binary is as far as you can go...


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2012172420.4be69...@neminis.intra.loos.site

Re: GNOME 3 - Help needed - Testing upgraded from GNOME 2 to GNOME 3

[Arno Schuring]

Allow me to join the choir :)

I actually had high hopes for some of the stuff. Integrating IM account
control in the top right menu is a great idea, and I like the way
notifications are presented. But empathy is possibly even worse than
Evolution, it won't connect to half of my accounts and invisible mode
still shows me online to my contacts.

If I login to Gnome3 in dual-screen mode, it immediately bails out with
session gnome failed to start. If I start in single-screen mode and
then use xrandr to enable the second screen, Gnome freezes to the point
where only the mouse and Ctrl-Alt-Bksp still work. If I use the
system-settings control panel, the displays flicker and then it resets
to clone mode. Yay!

But the worst part is that gnome-settings-daemon won't keep its grubby
hands off my configuration. By default, even though I'm running
Enlightenment, it reconfigured mouse speed and keyboard even though
I've been fine with those settings for years. And now that I've touched
the xrandr system settings, I can no longer start g-s-d while in
Enlightenment because it f***s up my display settings...


Ralf Mardorf (ralf.mard...@alice-dsl.net on 2011-11-11 23:51 +0100):
 Hahaha :D
 
 GNOME 3 what an odd DE.
 Missing features (weather, restart option etc.), Evolution doesn't
 work, because it can't connect to the network, it tries to force us
 to install pulseaudio, it completely breaks the workflow of sane
 users.
Empathy has a setting for that, maybe Evolution has too?
$ gsettings set org.gnome.Evolution use-conn false

 
 Before I run the upgrade I saved a backup of my GNOME 2 Debian. Is
 there the need to restore Debian from the backup, or is there a way
 to get back a usable DE, by editing GNOME 3?
Others have pointed out the fallback mode, but if I try that, X won't
start at all (can't find session gnome-fallback).

 
 Could it be, that Evolution isn't working anymore, because I didn't
 install pulseaudio, hence gnome-core couldn't be upgraded too?
Could be. Then again, Evolution working properly could also be a sign
of an impending apocalypse...

 
 I can't install pulseaudio, because this would break my DAW.
Join the club :)

You will get no sound in Gnome, but fear not, the most hideous beep at
gdm3 login is back!

 
 How can I get back a theme, window buttons etc.?
$ gsettings set org.gnome.desktop.interface gtk-theme 'greybird'

You need to install xfwm or murrine-themes for that to work though. You
can use gnome-tweak-tool to restore window controls, but I've not yet
found the gsettings incantation for that.

 
 Even NumLock is disabled and the fonts are a PITA.
$ gsettings set org.gnome.desktop.interface font-name 'DejaVu Sans 10'

Apparently you need to install numlockx to get your numlock powers
back...

 
 By default it's the ugliest DE I've ever seen in my life.
Not really, my gtk2 apps look even worse if I start them without
starting g-s-d.


Hope this helps (at the very least, venting always helps me ;)

Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2012233042.6dd19...@neminis.intra.loos.site

Re: KVM networking.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-11-08 14:44 +0700):
 
  /usr/bin/kvm -localtime -m 256 -no-reboot
  -cdrom ./debian-6.0.2.1-amd64-netinst/debian-6.0.2.1-amd64-netinst.iso
  -boot d -hda ./da -net nic -net tap,ifname=tap0,script=no
  
  kvm: -net tap,ifname=tap0,script=no: could not
  configure /dev/net/tun (tap0): Operation not permitted
 
[..]
 But if you are like me and you manage multiple virtual machines and
 you stubbornly insist on using dynamic tap interfaces, you can work
 around this by setting the CAP_NET_ADMIN capability on kvm:
 # setcap cap_net_admin+ep /usr/bin/kvm
 
 I want to make it secure and update independent, let's look may some
 on the list will share his/her knowledge w/ us - I do not believe all
 who use the standard VM-ing make such work arounds.
 
Yes, I agree my solution is suboptimal, but it's the best I could do.
Eagerly awaiting input... :)


 In the KVM manual
 it is clearly written what to do in every case the network one would
 use - just a workstation Internet access, bridges (private/public),
 and tapped w/ latter routing for the interface.
 
 For me it does not work for the following reasons:
 
 1. The bridges take the Internet connections for itself - thus leaving
 the host app.s w/o Internet access, probably routing needed here - but
 they do not make any specifications for that.
 
That sounds weird. What does brctl show? A default setup with these two
lines should already work fine:

iface br0 inet dhcp
bridge_ports eth0

Just remember to leave eth0 unconfigured...

 2. As a workstation - it does not provide access from host to the
 guest.
 
You mean networking access? I've never needed it, but it should work
once your host apps have networking access... (just tested: ping
between host and vm works fine for me).

 3. W/ tap - You have seen already the problem - some unknown to me
 permission problem - do You know why is it so?
 
I can make a guess:

$ ls -l /dev/net/tun
crw-rw 1 root kvm 10, 200 Nov  9 21:36 tun
$ groups
aschuring users kvm [..]
$ /usr/sbin/tunctl -b
TUNSETIFF: Operation not permitted
$ sudo setcap cap_net_admin+ep /usr/sbin/tunctl
$ /usr/sbin/tunctl -b 
tap0


 Or may have an idea
 what else command I have to add to sudoers file for the user or some
 other way by root specify the interface parameters that the user has
 to use the interface w/?

Yes. You can just add tunctl to your list of sudo commands, and use the
output of ifname=$(sudo tunctl -b -u $(whoami)) on the kvm command
line. Alternatively, set the cap_net_admin capability on tunctl and you
won't need sudo (but still upgrade-unsafe)...

This way, kvm will not need to create the interface and you won't run
into permission problems.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2009222614.7ef98...@neminis.intra.loos.site

Re: KVM networking.

[Arno Schuring]

Sthu Deus (sthu.d...@gmail.com on 2011-11-07 02:18 +0700):
 
 I try to run KVM network w/o under normal user w/ the following
 result:
 
 /usr/bin/kvm -localtime -m 256 -no-reboot
 -cdrom ./debian-6.0.2.1-amd64-netinst/debian-6.0.2.1-amd64-netinst.iso
 -boot d -hda ./da -net nic -net tap,ifname=tap0,script=no
 
 kvm: -net tap,ifname=tap0,script=no: could not configure /dev/net/tun
 (tap0): Operation not permitted

Apparently, you need root access to create tap interfaces regardless
of the permissions on the tap device. I have it on good authority
(http://bugs.debian.org/630701#10) that the preferred way is to
precreate the tapX interfaces in /etc/network/interfaces.


But if you are like me and you manage multiple virtual machines and you
stubbornly insist on using dynamic tap interfaces, you can work around
this by setting the CAP_NET_ADMIN capability on kvm:
# setcap cap_net_admin+ep /usr/bin/kvm

However, there are two problems with this:
- every time dpkg upgrades qemu, the capability gets reset
- this is INSECURE, because you're now granting all your users full
  access to your network interfaces. Only do this if you trust your
  users.


The KVM/tap networking documentation seems scattered across the 'net,
most of it is incomplete and sometimes contradictory. If someone has
a pointer to The Definitive Guide(tm), I'd be interested to read it.

 
 user   ALL = /sbin/ifconfig *, /sbin/ifup br0, /sbin/ifdown
 br0, /sbin/ip *, /sbin/brctl *, /sbin/tunctl *

If you precreate the tap interface, you won't need these...


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2007213156.5284c...@neminis.intra.loos.site

Re: Broken packages............

[Arno Schuring]

Charlie (aries...@skymesh.com.au on 2011-10-30 00:12 +1100):
  On Sat, 29 Oct 2011 14:01:16 +0200 Arno Schuring
  aelschur...@hotmail.com suggested this:
 
 DMO?
 
 Sorry, silly question, but. what is DMO? Have been googling it
 and not getting anywhere, and it's late, or early.

Sorry, force of habit. It's short for debian-multimedia.org, as Tom
already said.


Apologies for the confusion,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111029225039.784d4...@neminis.intra.loos.site

Re: Broken packages............

[Arno Schuring]

 On Thu, Oct 27, 2011 at 4:53 PM, Charlie aries...@skymesh.com.au
 wrote:
   On Thu, 27 Oct 2011 14:25:18 +0200 Arno Schuring
   aelschur...@hotmail.com suggested this:
 
 Charlie (aries...@skymesh.com.au on 2011-10-27 16:35 +1100):
 
  libavcodec52:
    Depends: libavutil50 (4:0.6.2-99) but 5:0.7.1-0.1 is to be
  installed or libavutil-extra-50 (4:0.6.2-99) but it is not
  installable
[..]
  deb http://www.debian-multimedia.org testing main non-free
 
  Is that a problem? Does it use an old libavutil50 package?

DMO declares a higher epoch for all its packages (5: vs 4:), which
means that it is not possible to mix packages between DMO and the
original Debian.

The error message above implies that libavcodecs52 is only available in
Debian, and conflicts with the already installed packages from DMO.


Wu-Kung Sun (sunwuk...@gmail.com on 2011-10-28 09:56 -0500):
 It looks like debian-multimedia has xvidcap built against
 libavdevice52 which has since been replaced by libavdevice53.
 http://debian-multimedia.org/dists/testing/main/binary-amd64/package/xvidcap.php
 http://debian-multimedia.org/dists/testing/main/binary-amd64/package/libavdevice53.php
 If I'm right, only the DMO maintainers can fix this so I've copied
 that list which I hope is ok.

Thanks!


Arno


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111029140116.1c0f8...@neminis.intra.loos.site

RE: Fetchmail certificate problem

[Arno Schuring]

 From: jsp...@sun.ac.za
[..]
 fetchmail: Server certificate verification error: self signed certificate
 fetchmail: This means that the root signing certificate (issued for 
 /C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webaster@localhost)
  is not in the trusted CA certificate locations, or that c_rehash needs to be 
 run on the certificate directory. For details, please see the documentation 
 of --sslcertpath and --sslcertfile in the manual page.
 fetchmail: Warning: the connection is insecure, continuing
 anyways. (Better use --sslcertck!)
[..]

 fetchmail: Server CommonName mismatch: localhost != alterit.co.za
This might still cause a problem when you get the certificate working.

 The service provider sent me a certificiate which I did put in the path
 referred to in the configuration but it did not solve the problem.

/etc/ssl/certs is a managed location (yes, I know, not strictly FHS compliant).

You need to put the certificate in /usr/local/share/ca-certificates (from 
memory, please double-check with the ca-certificates documentation) and re-run 
update-ca-certificates.

 
Regards,
Arno
  

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/snt108-w61bac6cecc26fdfd7c4122b8...@phx.gbl

Re: Broken packages............

[Arno Schuring]

Charlie (aries...@skymesh.com.au on 2011-10-27 16:35 +1100):
 
 libavcodec52:
   Depends: libavutil50 (4:0.6.2-99) but 5:0.7.1-0.1 is to be
 installed or libavutil-extra-50 (4:0.6.2-99) but it is not
 installable

Do you have debian-multimedia in your sources.list by any chance? Or
have had it?


Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111027142518.01071...@neminis.intra.loos.site

RE: ubuntu.

[Arno Schuring]

 From: mailingl...@darac.org.uk
 On Tue, Oct 25, 2011 at 11:41:34AM +0200, Tony van der Hoff wrote:
  On 25/10/11 11:23, Luca Cappelletti wrote:
  2011/10/25 Mauromrsan...@gmail.com
  ...
  
  I appear to have subscribed to the wrong mail list. Can anyone here
  point me at the ENGLISH DEBIAN list, please.
 
 There being no language defined *in the address* of this list, I'd
 expect the occasional international discussion. (I'm aware that
 http://lists.debian.org/debian-user/ says Support for Debian users who
 speak English but not everyone visits that page).

Of course, if you need to be pedantic about it, you should also point out that
this list is about written English, not spoken. And I'd hazard a guess that all
discussions on this list are already international.

However, since there is a http://lists.debian.org/debian-italian/ -- it should
be very clear to non-pedants what the intended language of this list is.

 
 There's very little excuse, however, for discussing Ubuntu here.

lol


Arno

  

Re: Sharing files on a local network

[Arno Schuring]

Raf Czlonka (r...@linuxstuff.pl on 2011-10-23 15:39 +0100):
 On Sun, Oct 23, 2011 at 01:52:14PM BST, Harry Putnam wrote:
  I don't understand why a few people have passed over ssh as being
  overkill.
 
 SSH (Secure Shell) - you don't need security on home-only network.
That depends. If you're running a wireless setup, even with WPA2
protection, I'd still advise security.

  Its easiest of all to setup.  (well excepting the nautilus
  suggestion)
 
 IMHO, it's not - dozens of options for both the server and client.
 You simply mount the NFS share and it's transparent to the system.
Well, in all fairness - NFS requires that the user ids on all systems
match. Forcing such a match can be quite troublesome.

 
  I mean with fuse and sshfs, then it acts much the same as nfs far as
  enduser experience.
 
 FUSE as it name suggests is in user-space, NFS is supported in the
 kernel. You don't have the overhead.
Overhead is peanuts :)

No, not really. But for a home setup, convenience trumps performance.
And besides, when's the last time that your desktop machine was pegged
on CPU?


For the current situation, I'd advise sshfs. If it's integrated in
Nautilus, all the better. But SSH is only point-to-point -- as soon as
you're sharing files with more than 2 machines, NFS is the way to go.

My 2 cents: even for Linux-only systems, there really is no
satisfactory answer to the OP's question besides Samba/CIFS. All
(Unix-)native solutions have their roots in enterprise (managed)
networking, which implies manual setup. In terms of autodiscovery and
autoconfiguration, nothing can hold a candle to the original SMB.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111024004654.61be9...@neminis.intra.loos.site

Re: how to get pkg names not upgraded

[Arno Schuring]

Harry Putnam (rea...@newsguy.com on 2011-10-21 19:19 -0500):
 When I run `aptitude full upgrade'  Sometimes I see something in the
 output saying some number of packages will not be upgraded.
 
 Something like [...] 40 pkgs to upgrade 8 pkgs not upgraded. [...]
 
 (That is not verbatim... just close)
 
 How can I get the pkg names, that are not being upgraded?

That should be
$ aptitude search ~U

But it has happened to me that aptitude said that there were packages
not upgraded while search-upgradable would yield no results. YMMV

See
http://algebraicthunk.net/~dburrows/projects/aptitude/doc/en/ch02s03s05.html
for the complete search term reference.


Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111022125158.018df...@neminis.intra.loos.site

Re: bash command

[Arno Schuring]

kuLa (deb...@kulisz.net on 2011-10-20 09:37 +0100):
 On 20/10/11 09:29, Jesus arteche wrote:
  Hey guys,
  
  I want to create  a script to change some words in some sonf files
  at the start up of the system...do you know the command in bash for
  search the word and replace it??
 
 Well, I don't know about bash command but I know about sed.

Theoretically it's possible with bash (=3) as well:
$ VAR=oldword
$ echo $VAR
oldword
$ echo ${VAR/old/new}
newword

And use a read loop over all the lines in the file :)


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111020125802.1ea77...@neminis.loos.site

Re: GPT on BIOS system partitions scheme

[Arno Schuring]

Virgo Pärna (virgo.pa...@mail.ee on 2011-10-17 08:50 +):
 On Mon, 17 Oct 2011 00:16:02 +0200, Arno Schuring
 aelschur...@hotmail.com wrote:
  yudi v (yudi@gmail.com on 2011-10-16 15:20 +1000):
  Partitions will be aligned on 2048-sector boundaries
  This is not necessary. Menu X, D will allow you to change this to 1.
  The 2048 value is just wasteful (an overly safe default). Whether
  you care about losing that 2MB is your call...
 
 
 I'd say, that 8 sectors would be safer than 1. In case the hard
 drive is one with 4096 byte sectors that emulates 512 byte sectors.
 
Certainly, you are correct :)
As general advice, 8 sectors is better because of advanced format. But
then you also have to account for modern SSDs, which have erase block
sizes between 128 and 512kB (256 or 1024 sectors), and for partitioning
hw-raid devices you need to know the stripe size of the underlying
device. When taking that all into account, the MS default of 2048
sectors is quite understandable.

But the drive in question was 600GB (iirc). Too large for an SSD and
too small for advanced format...


Arno


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111017155049.06af8...@neminis.loos.site

Re: GPT on BIOS system partitions scheme

[Arno Schuring]

yudi v (yudi@gmail.com on 2011-10-18 00:09 +1000):
  But the drive in question was 600GB (iirc). Too large for an SSD and
  too small for advanced format...
 
 It's an Advance format, check the fdisk output posted above.

I stand corrected. Then your sector alignment should be a multiple of
8. I didn't know newer disks were all advanced format, even the smaller
models.


Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111017202541.6475f...@neminis.loos.site

Re: OT: harddrive addition for RAID

[Arno Schuring]

Hi,

firstly: this is only offtopic if you're not running Debian.

Richard (richard.b...@blueyonder.co.uk on 2011-10-17 17:39 +0100):
 Hi,
 I'm thinking about adding another 500 GB HD to use RAID.
 2 questions:-
 
 1. does the HD need to be exactly the same as the one its being
 paired with ?
No. Assuming you're going with Linux software raid (md or lvm), you can
do partition-level raid. So even if the disks are not of equal size,
you can create partitions that are and use the remainder of one of the
disks as extra (non-raid) storage.

 2. how easy is it to change from a non RAID config to a RAID config.
 ie.  can I just  put in the second HD and run something to
 automagically change the config to RAID ?
In general, it is not easy, and potentially very dangerous. But it's
not rocket science either. Anyway, you should be prepared to do a lot
of command-line typing where a single typo could possibly destroy your
system. If you are already using LVM, that makes the process slightly
less dangerous and significantly easier.

This list can help you out. Just making sure you know what you're
getting into :)


Regards and good luck,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111018003618.664f9...@neminis.loos.site

Re: GPT on BIOS system partitions scheme

[Arno Schuring]

yudi v (yudi@gmail.com on 2011-10-16 15:20 +1000):
 Could someone using GPT on a BIOS system confirm if I got the GPT
 partitioning right on a BIOS system
 
[..]
 Partition table scan:
   MBR: protective
   BSD: not present
   APM: not present
   GPT: present
 
 Found valid GPT with protective MBR; using GPT.
So far so good...

 Partitions will be aligned on 2048-sector boundaries
This is not necessary. Menu X, D will allow you to change this to 1.
The 2048 value is just wasteful (an overly safe default). Whether you
care about losing that 2MB is your call...

 Total free space is 1058782 sectors (517.0 MiB)
 
 Number  Start (sector)End (sector)  Size   Code  Name
12048  411647   200.0 MiB   EF00  EFI System
2  675840  677887   1024.0 KiB  EF02  BIOS boot
3  942080 3039231   1024.0 MiB  0700  Linux/Windows
4 3303424  1464884942   696.9 GiB   8E00  Linux LVM
Looks great. Do you really need partition 1? If it's a BIOS system, the
first partition has no purpose.

 *Partition3 will be used for  /boot
 partition4 - LVM over LUKS
Do you really need 1G for /boot? 100MB is already overkill on most
systems, maybe if you plan to do kernel development...

 Used Fdisk to mark the first partition as boot.
 
 root@ubuntu:/home/ubuntu# fdisk /dev/sda
 
 WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util
 fdisk doesn't support GPT. Use GNU Parted.
Did you notice the warning? GPT partitions can't be marked active, and
even if they could -- grub doesn't use the active marker, not even on
an MBR disk.


Your partitioning is fine. It's not optimal, but it will work as it
should. Just remember to install grub2 on the whole disk (/dev/sda),
not in a partition.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111017001602.40ef2...@neminis.loos.site

NFSv4: rpc.gssd hangs indefinitely

[Arno Schuring]

Hi,

Any NFSv4 experts on this list? I'm trying to get my fileserver to
incorporate Kerberos security but the mounts fail in the most annoying
way: no error or syslog message, not even a timeout. They just hang.

I've already spent a few hours trying to set it up and debug it, and I
believe I've managed to avoid the usual pitfalls this time around
(principals, keytabs, encryption types, exports). The Kerberos/LDAP
setup itself is not an issue, and non-Kerberized nfs4 mounts work
perfectly -- that is the setup that I've been running for the past year.

So, for those of you who are still listening, here is the problem in
short (server is running Squeeze):

ladmin@genie:~$ sudo mount -v -t nfs4 genie:/ /mnt
mount.nfs4: timeout set for Mon Oct 17 01:32:18 2011
mount.nfs4: trying text-based options
'addr=172.22.21.8,clientaddr=172.22.21.8'
genie:/ on /mnt type nfs4 (rw)

ladmin@genie:~$ sudo mount -v -t nfs4 -o sec=krb5 genie:/ /mnt
mount.nfs4: timeout set for Mon Oct 17 01:32:35 2011
mount.nfs4: trying text-based options
'sec=krb5,addr=172.22.21.8,clientaddr=172.22.21.8'

... and the command prompt never returns. Adding -vvv to the mount
command doesn't reveal anything new, and enabling -vvv on all the
daemons gives the following (among the many interesting lines):

Oct 17 00:39:04 genie rpc.gssd[16110]: Success getting keytab entry for
'nfs/genie.loos.site@'
Oct 17 00:39:04 genie rpc.gssd[16110]: creating context with server
n...@genie.loos.site
Oct 17 00:39:04 genie rpc.svcgssd[15500]: prepare_krb5_rfc1964_buffer:
serializing keys with enctype 4 and length 8
Oct 17 00:39:04 genie rpc.svcgssd[15500]: doing downcall
Oct 17 00:39:04 genie rpc.svcgssd[15500]: finished handling null request
Oct 17 00:39:04 genie rpc.gssd[16110]: prepare_krb5_rfc1964_buffer:
serializing keys with enctype 4 and length
8 Oct 17 00:39:04 genie rpc.gssd[16110]: doing downcall

And there my google-fu ends. Comparing other logs, the downcall here
should result in calls to idmapd. But the id mapper is working fine, as
it's also needed for the non-krb5 case. The idmapd logs show a
deafening silence... until the mount command is killed, in which case I
get stale client in the idmapd logs.


I'm not willing to file a bug yet, I wouldn't know what package to
report it on. Moreover, the last two times that I've reported a bug, I
found a solution within five minutes of sending. So here's hoping... :)


Any pointers/hints/tips are greatly appreciated.

Thanks,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111017020517.79ca2...@neminis.loos.site

Re: how much time do I need to run badblocks

[Arno Schuring]

Long Wind (longwind2...@gmail.com on 2011-09-23 20:07 +0800):
 I bought a 60G disk and test it with badblocks
 
 badblocks -vws /dev/hdb
 
 6 hours has passed and it's still running

That can happen. My last disk was a 2TB low-rpm disk. It took badblocks
over 50 hours to complete the check.

 I can no longer wait and press Ctrl+c
 It have finished with 3 test patterns
 It says nothing about whether bad blocks are found or not
badblocks will only output bad blocks. No output means that everything
is fine.

 I have read its manual and get no answer about my question
 
 I'm still not sure if the disk is reliable

I find smartmontools a better indicator of disk reliability than
badblocks.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110924000633.02f49...@neminis.loos.site

Re: PostgreSQL vraagje

[Arno Schuring]

Paul van der Vlis (p...@vandervlis.nl on 2011-08-24 20:51 +0200):
 Op 24-08-11 18:17, Paul van der Vlis schreef:
  Hallo,
  
  Om PostgreSQL te backuppen per database heb je een scbone lijst met
  databases nodig, zonder allerlei opmaak. Deze lijst generereerde ik
  altijd met zoiets:
[..]
 
 Ik heb iets (maar het kan vast mooier):
 
 su postgres -c psql -q -c 'SELECT datname FROM pg_database' \
   | grep -v 'rows)' | awk 'NR2 {print $1}'

Uiteraard:
$ postgres -tA -c 'SELECT datname FROM pg_database'


Gr,
A


-- 
To UNSUBSCRIBE, email to debian-user-dutch-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Partition not mounted. Was Transplanting old System to New Drive

[Arno Schuring]

Martin McCormick (mar...@x.it.okstate.edu on 2011-08-16 06:30 -0500):
 
   Is there a way to convince fdisk that hdb1 is not
 mounted?
There might be. Try umount -f

The information about current mounts is recorded in /etc/mtab
(basically an old relic, but sadly still not put down). The real
(kernel) information about mounts is in /proc/mounts. When copying root
filesystems or working on a read-only / the mtab file can easily
contain stale information.

If you really know what you're doing, simply remove the file (protip:
after cloning /, always remove /etc/mtab from the clone), or
copy /proc/mounts over it.


Regards,
Arno


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110817213840.78cc2...@neminis.loos.site