Re: Debian DSA-5095-1 : linux - security update

[Ben Hutchings]

On Wed, 2022-03-16 at 23:46 +0530, Sona Das wrote:
> Hi Team,
> 
> We are having High level threat in our Debian systems detected by our 
> vulnerability scanners 
> Debian DSA-5095-1 : linux - security update
> 
> Debian DSA-4994-1 : bind9 - security update
> 
> We tried to upgrade our Debian systems using the Debian repo but the affected 
> packages didn’t received the package upgrade which takes care of the 
> vulnerability. Below packages are affected and are not getting upgraded:
> linux-headers-5.10.0-10-amd64_5.10.84-1

This was replaced by linux-headers-5.10.0-11-amd64.  So long as you
install the metapackage linux-headers-amd64, replacements like this
should be upgraded automatically.

> libirs-export161_1:9.11.19+dfsg-2.1

This is the only version available in Debian.  It is built separately
from bind9 and is only used by the ISC DHCP server.

Ben.

-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered
an expert.


signature.asc
Description: This is a digitally signed message part

Re: Debian Buster update error

[Ben Hutchings]

On Thu, 2019-09-26 at 07:55 +, c...@riseup.net wrote:
> Hi,
> When update buster, it gives the following errors:
> 
> Setting up linux-image-4.19.0-6-amd64 (4.19.67-2+deb10u1) ...
> /etc/kernel/postinst.d/initramfs-tools:
> update-initramfs: Generating /boot/initrd.img-4.19.0-6-amd64
> 
> gzip: stdout: No space left on device
> E: mkinitramfs failure cpio 141 gzip 1
> update-initramfs: failed for /boot/initrd.img-4.19.0-6-amd64 with 1.
> run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return
> code 1
> dpkg: error processing package linux-image-4.19.0-6-amd64 (--configure):
>  installed linux-image-4.19.0-6-amd64 package post-installation script
>  subprocess returned error exit status 1
>  Errors were encountered while processing:
>   linux-image-4.19.0-6-amd64
>   E: Sub-process /usr/bin/dpkg returned an error code (1)
> 
> Any ideas how to solve it?
[...]

There are several things you can try:

* Remove outdated kernel packages with "apt autoremove"
* Expand the /boot partition (but it seems you already found this is
  impossible)
* Exclude unneeded modules from the initramfs:
  - Change the MODULES setting in /etc/initramfs-tools/initrams.conf
to MODULES=dep
  - Run "update-initramfs -u"
  If you do this, the disk probably won't be bootable if you move it to
  another computer.
* Compress the initramfs harder:
  - Change the COMPRESS setting in initramfs.conf to COMPRESS=xz
  This will make kernel/initramfs updates very slow, though.

Ben.

-- 
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein




signature.asc
Description: This is a digitally signed message part

Re: Installer can't find network interface on Intel NUC BOXNUC8i3BEH1

[Ben Hutchings]

On Wed, 2019-02-13 at 16:17 -0500, Laurent Dumont wrote:
> I'm not sure if it's the exact same case but I had the same issue with a
> more recent motherboard. Debian failed to detect the network card with the
> E1000 drivers.
> 
> I tried an iso with the non free repo without success.
> 
> A base Ubuntu iso install was able to detect and configure the network
> driver.
> 
> I'll see if I can find the adapter version. It was an Intel based adapter.
[...]

Unfortunately the various chips supported by e1000e are all subtly
different and each new chip seems to need extra code in the driver. 
Debian 9 still has Linux 4.9 and we haven't backported those driver
changes.

There is supposed to be an optional installer build that uses a newer
kernel version, but that hasn't officially happened yet.

At this point you might be better off using the alpha release of the
installer for Debian 10 "buster".

Ben.

-- 
Ben Hutchings
When in doubt, use brute force. - Ken Thompson




signature.asc
Description: This is a digitally signed message part

Re: image created by debootstrap does not work

[Ben Hutchings]

On Fri, 2017-09-22 at 19:07 +, 慕 冬亮 wrote:
> Hi all,
> 
> The image created by debootstrap does not work in the qemu
[...]

debootstrap doesn't create images, your script does - so that's where
the bug is.

Rather than trying to fix your script, why not try vmdebootstrap which
is designed for exactly this purpose?

Ben.

-- 
Ben Hutchings
Horngren's Observation:
  Among economists, the real world is often a special case.



signature.asc
Description: This is a digitally signed message part

Re: jessie won't install/boot on a Dell Poweredge R815

[Ben Hutchings]

On Mon, 2016-06-27 at 11:58 -0400, Jeffrey Mark Siskind wrote:
>    The non-determinism in which identifiers are shown might be a bug in the
>    installer, or it might be caused by failure of ID commands to the
>    drives.
> 
>    I think most of the problems you're still having must be caused by a
>    bug in the RAID driver, mpt2sas (or its firmware, if that's not
>    embedded in the BIOS).
> 
> Thanks. Please let me know how I can report the potential bug(s) and what I
> can do to help track them down.

Please test a more recent kernel version, like Linux 4.6
(available as linux-image-4.6.0-0.bpo.1-amd64 in jessie-backports).

Then use 'reportbug' to submit a bug report against that package if the
bug is still present, or the jessie package if it's fixed there, giving
a summary of the problems you've described.

Ben.

-- 

Ben Hutchings
If at first you don't succeed, you're doing about average.


signature.asc
Description: This is a digitally signed message part

Re: jessie won't install/boot on a Dell Poweredge R815

[Ben Hutchings]

On Tue, 2016-06-28 at 00:49 +0200, deloptes wrote:
> Jeffrey Mark Siskind wrote:
> 
> >    I had big issues with mptsas and 3.16 in jessie, so I am still using
> >    3.2.0-4-rt-amd64
> > 
> > Will jessie run with 3.2.0-4-rt-amd64? If so, where do I get it and how do
> > I install it on a fresh jessie install that wasn't dist-upgraded from
> > wheezy?
> > 
> > Jeff (http://engineering.purdue.edu/~qobi)
> 
> Yes I run it with that kernel since wheezy. You can get it from wheezy
> https://packages.debian.org/wheezy/linux-image-3.2.0-4-rt-amd64

Any particular reason why you use the -rt variant?

> https://packages.debian.org/wheezy/linux-headers-3.2.0-4-rt-amd64
> https://packages.debian.org/wheezy/linux-image-3.2.0-4-rt-amd64-dbg

The proper way is to add the wheezy-security suite to
/etc/apt/sources.list.  (All updates to wheezy now go to the wheezy-
security suite.)

> Here is what I have and bit of background
> 
> # uname -a
> Linux lisa 3.2.0-4-rt-amd64 #1 SMP PREEMPT RT Debian 3.2.68-1+deb7u4 x86_64
> GNU/Linux
> 
> # cat /etc/debian_version
> 8.5
> 
> - Disk controller is mptsas here not mpt2sas as you posted - no idea what is
> the difference.
[...]

So far as I can see, mptsas is for SAS 1.0 (3 Gbps) controllers and
mpt2sas is for SAS 2.0 (6 Gbps) controllers.  They are two entirely
separate drivers, probably with different sets of bugs.

Ben.

-- 

Ben Hutchings
If at first you don't succeed, you're doing about average.


signature.asc
Description: This is a digitally signed message part

Re: jessie won't install/boot on a Dell Poweredge R815

[Ben Hutchings]

On Mon, 2016-06-27 at 08:07 -0400, Jeffrey Mark Siskind wrote:
[...]
> Whenever I observe any of the behavior reported in this email, it is
> almost always associated with dmesg reporting the same error on the same
> sector 2056 (sometimes 2058 or 2062). Given the dozens of attempted
> reinstalls and reboots, at this point, I have seen this on almost all, if
> not all, of the six disks on each of the four machines. I don't believe
> that 24 disks all have the same bad sectors.

The first partition probably starts at an offset of 1MB, which is 2048
sectors.  So these errors are presumably occurring while reading a
filesystem label near the start of that partition, which is pretty much
the first thing that will happen after the array is assembled.

[...]
>  D. In step (4), there appears to be nondeterminism in the serial numbers of
> the disks that get reported in the menu of options of where to install
> grub. Sometimes, the disks get reported as ata-*, sometimes as scsi-*.
> Note that all of my disks are SATA so the ones reported as scsi-* are
> clearly in error. If I do fresh installs multiple times on the same
> machine, each time it reports different serial numbers for the disks.

Linux uses an ATA/SCSI translation layer (libata), so that each ATA
drive is also seen as a SCSI drive and has two such identifiers.  The
non-determinism in which identifiers are shown might be a bug in the
installer, or it might be caused by failure of ID commands to the
drives.

[...]
> Note that there is a lot of nondeterministic behavior (all cases above where I
> say "sometimes"). In all cases, I do exactly the same thing over and over to
> the same machine and get different behavior.

This is an unfortunate effect of doing multiple things in parallel,
which is really the only way to make them go fast.

I think most of the problems you're still having must be caused by a
bug in the RAID driver, mpt2sas (or its firmware, if that's not
embedded in the BIOS).

Ben.

-- 

Ben Hutchings
Humour is the best antidote to reality.


signature.asc
Description: This is a digitally signed message part

Re: make ping executable by normal users?

[Ben Hutchings]

On Tue, 2016-06-07 at 14:56 -0800, Britton Kerin wrote:
> On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila  wrote:
> > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote:
> > > On my old debian system I could ping as a normal user.  The ping
> > > binary had the suid bit set.  Now I get:
> > > 
> > > $ ping www.google.com
> > > ping: icmp open socket: Operation not permitted
> > > 2 $
> > > 
> > > presumably because the bit isn't set.
> > > 
> > > What's the right fix?  I could setuid it but then if I understand
> > > correctly it might get changed back by an upgrade.  Does it use
> > > capabilites or something?
> > 
> > Yes, it uses capabilities. The simple fix is to do this:
> > 
> > dpkg-reconfigure iputils-ping
> 
> Well, that works, thanks.  But I really don't get the overall behavior.
> It says this:
> 
>  root@debian:/home/bkerin# dpkg-reconfigure iputils-ping
>  Setcap worked! Ping(6) is not suid!
>  root@debian:/home/bkerin#
> 
> And then ping works for non-root users.
> 
> How, just by executing dpkg-reconfigure, did I tell it this is what
> I wanted?  If that's the default, why wasn't it that way to begin with?

It probably was, but see bug #770492.

> More generally, is it somehow possible to still run debian without
> capabilities?
[...]

Capabilities are a non-optional feature of Linux.  There are Debian
ports to other kernels where this may not be the case.

Ben.

-- 
Ben Hutchings
Any smoothly functioning technology is indistinguishable from a rigged
demo.



signature.asc
Description: This is a digitally signed message part

Re: Bug report - ext4: Unknown symbol __getblk_gfp (err 0)

[Ben Hutchings]

On Thu, 2016-02-18 at 13:18 +0100, Miroslav Svoboda wrote:
> Dear Debian team, 
> 
> I have problem with debian Jessie PXE installation with preseed. I'm
> trying to install Debian Jessie on amd64 server. The installation goes
> fine until partitionning and fails right after when trying to mount the
> newly created partitions with ext4 filesystem. Dmesg give us an idea
> about the error that seems related to filesystem module:
> 
> ext4: Unknown symbol __bread_gfp (err 0)
> ext4: Unknown symbol __getblk_gfp (err 0)
>
> uname -a:
> Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt7-1 (2015-03-01) x86_64
> GNU/Linux
[...]

This is the original kernel image for jessie (from 8.0).  Not all the kernel 
modules from current jessie (8.3) will work with it.
You must update your netboot images after each point release.

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

signature.asc
Description: This is a digitally signed message part

Re: IMPORTEND squid3 stable needs update

[Ben Hutchings]

On Fri, 2016-01-15 at 19:47 +, startrekfan wrote:
> Hello,
> 
> I'm not sure which mailing list I should chose. So I'll try my luck here.
> 
> I didn't subscribed to the mailing list. So* please put my mail address
> into cc*. thanks.
> 
> *squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This
> version is outdated and has some security risks!!*. Version 3.5 is more
> secure but unfortunately it's only marked as unstable

You seem a bit confused about how Debian releases work.  Within any
stable release, we apply bug fixes only - unless it's impossible for us
to provide security support for the old upstream version.

Our package of squid 3.4.8 does have a security fix on top of the
upstream version: https://tracker.debian.org/news/702659

So far as we know, there are no important security issues still
affecting the version in jessie:
https://security-tracker.debian.org/tracker/source-package/squid3

Do you know otherwise?

Ben.

> So I'd like to request to mark Version 3.5 as stable.(But Version 3.5 in
> stable state)
> 
> thank you
-- 
Ben Hutchings
The program is absolutely right; therefore, the computer must be wrong.

signature.asc
Description: This is a digitally signed message part

Re: Problem with systemd-sleep in Jessie

[Ben Hutchings]

On Sat, 2014-10-25 at 23:34 +0200, Michael Biebl wrote:
> Am 25.10.2014 um 23:12 schrieb ~Stack~:
> > On 10/25/2014 04:01 PM, ~Stack~ wrote:
> >> On 10/24/2014 10:55 AM, Michael Biebl wrote:
> >>> Am 24.10.2014 um 17:23 schrieb Michael Biebl:
> >>>> What do you get if your that program when your lid is closed/opened?
> >>>
> >>> The output of
> >>> $ cat /proc/acpi/button/lid/LID/state
> >>> when lid is closed / open would be helpful as well.
> >>>
> >>> If you don't have an external monitor, you can run
> >>>
> >>> sleep 30 && cat /proc/acpi/button/lid/LID/state
> >>>
> >>> and then quickly close your lid.
> >>
> >> Greetings,
> >>
> >> I ran:
> >> $(for i in {0..100}; do cat /proc/acpi/button/lid/LID/state ; sleep 1; 
> >> done)
> >>
> >> I get "state: open" when the lid is open and "state: closed" when closed.
> > 
> > Eureka!! I think I have a lead!
> > 
> > So when I do a fresh reboot and have _not_ closed the lid but run the
> > code you send and cat'ing the state, it seems to think the lid is
> > closed. When I close the lid the state remains as a closed lid. When I
> > open the lid, it finally triggers as being open.
> > 
> > So now the question is, why does it think my laptop lid is closed on a
> > fresh boot?
> 
> That sounds like either a bug in the firmware or in the kernel.
> 
> Ben, what's your take on this?

You're probably right but I don't know how to debug such things.

Ben.

-- 
Ben Hutchings
I'm not a reverse psychological virus.  Please don't copy me into your sig.


signature.asc
Description: This is a digitally signed message part

Re: Mainboard for Debian stable

[Ben Hutchings]

On Mon, 2012-01-16 at 09:49 +0100, Paul van der Vlis wrote:
> Op 29-12-11 23:32, Paul van der Vlis schreef:
> > Op 29-12-11 22:24, Andrei Popescu schreef:
> >> On Jo, 29 dec 11, 21:50:46, Paul van der Vlis wrote:
> >>>
> >>> I see here: "I just *did* backport r8169 from 3.0 into squeeze."
> >>> http://lists.debian.org/debian-wnpp/2011/11/msg00347.html
> >>
> >> You probably meant:
> >> http://lists.debian.org/debian-wnpp/2011/11/msg00346.html (From: Ben 
> >> Hutchings).
> > 
> > Correct, my mistake.
> > 
> >>> But where can I find that backport?
> >>
> >> It is the kernel itself. See the changelog:
> >>
> >> linux-2.6 (2.6.32-36) stable; urgency=low
> >> ...
> >>   [ Ben Hutchings ]
> >>   ...
> >>   * r8169: Backport changes up to Linux 3.0.2 (Closes: #627704)
> >> - Fix support for RTL8102E and RTL8168DP
> >> - Add support for RTL8105E, RTL8168E and another variant of RTL8168DP
> >> - Add support for D-Link DGE-530T rev C1
> > 
> > Great! Thanks for the info.
> > 
> > Very complex those names. In the specs they have different names then in
> > lspci. For Google: This means the Realtek 8111E should work with Debian
> > Squeeze.
> > 
> >> If you have devices that don't work with this module I'm sure the kernel 
> >> developers will want to know.
> 
> I've tested it with an Asus M5A78L-M/USB3 mainboard and I can tell that
> the network driver does not work.

Did you install firmware-realtek?  This board has one of the chips that
needs a firmware patch to make reliable links.

Ben.

> At the moment I do not have the mainboard here anymore, I had to give it
> to the customer (I've used a PCI network card). But I hope to get
> another one.
> 
> I did not test the backport kernel for Debian stable.


-- 
Ben Hutchings
When in doubt, use brute force. - Ken Thompson


signature.asc
Description: This is a digitally signed message part

Re: Bug#636123: Info received (Bug#636123: linux-image-2.6.39-2-amd64: root filesystem not recognised -> new bug report)

[Ben Hutchings]

On Wed, 2011-10-05 at 04:44 +0100, Luke Kenneth Casson Leighton wrote:
> right - _finally_ i've encountered a requirement to upgrade a 2nd
> system that has lvm2 and (in this 2nd case 2.6.18-486) a linux kernel
> image, and have encountered the *exact* same problem as is in bugs
> 636123 and 638896.  this time, however, i was anticipating that
> something might go wrong, so was watching out for it.

It is documented that you should completely upgrade from one stable
release to the next, before upgrading further:
<http://www.debian.org/releases/lenny/i386/release-notes/ch-upgrading.en.html#system-status>,
 
<http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.en.html#system-status>.

We do not attempt to support or test upgrades that skip a stable
release; if they work at all then consider yourself lucky.

> the error that is causing the problem is when the linux kernel has
> been installed, but then when lvm is upgraded from lvm1 to lvm2.
> lvm-common is *removed*, including removing /sbin/vgchange, but that's
> not all.

Expected because lvm2 conflicts with lvm-common.

> here's what happens when the postinst mkinitramfs is called:
> 
> mkdir: cannot create directory /tmp/mkinitramfs_tF5045/lib/udev: File exists
> cpio: ./sbin/vgchange: No such file or directory
> 
> now, in this particular test case, the postinst mkinitramfs appears to
> have been triggered twice, so the file /boot/initrd-2.6.32-5-686
> exists and is not of zero size.
> 
> in the case of the system(s) under bugs 636123 and 638896, the initrd
> file wasn't created - at all.

So it's not the exact same problem, is it?

> this definitely warrants further investigation.

Can you try to reproduce this in an etch-lenny-squeeze upgrade?

Ben.

-- 
Ben Hutchings
Never put off till tomorrow what you can avoid all together.


signature.asc
Description: This is a digitally signed message part

Re: cgroup OOM killer loop causes system to lockup (possible fix included)

[Ben Hutchings]

On Mon, 2011-05-30 at 21:03 +0100, Cal Leeming [Simplicity Media Ltd]
wrote:
> More strangeness..
> 
> If I keep the kernel module loaded, but disable the entry
> in /etc/network/interfaces for eth0, the oom_adj problem disappears.
> But then ofc, I'm left with no network interface. I then tried
> binding /etc/ssh/sshd_config to only listen on 127.0.0.1.. effectively
> bypassing the eth0 interface, whilst still allowing it to be loaded.
> But the problem still happens.
[...]

My guess is that sshd tries to protect itself against the OOM-killer so
that you can still log in to a system that has gone OOM.  If there is no
network available, it doesn't do this because you cannot log in remotely
anyway.

The bug seems to be that sshd does not reset the OOM adjustment before
running the login shell (or other program).  Therefore, please report a
bug against openssh-server.

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.


signature.asc
Description: This is a digitally signed message part

Testing new hardware support for Debian 6.0.2

[Ben Hutchings]

[Also posted to Planet Debian.]

The Debian kernel team regularly backports driver updates to the Linux
kernel in stable releases to add support for new hardware, and I've
prepared several updates intended for point release 6.0.2. Since the
kernel team does not have a large collection of hardware on which to
test driver changes, we would appreciate test reports from users. It is
important to test not just that new devices are supported properly, but
that there are no regressions in support for older devices.

Changes
---

I have updated these drivers to the versions found in Linux 2.6.38,
modulo driver API changes:

  * bna: New driver for Brocade Ethernet adapters. (#627699) 
  * e1000e: Add support for i82567V-4, i82579. Bug fixes for i82577,
i82578, i82583. (#627700) 
  * hpsa: New driver for HP Smart Array controllers. It also
supports some devices that are currently handled by cciss, but I
have disabled that for 'squeeze'. (#627701) 
  * igb, igbvf: Add support for i82576-ET2, 82580, DH89xxCC, i350.
(#627702) 
  * pm8001: New driver for PMC-Sierra SAS/SATA HBAs. (#627703) 
  * r8169: Add full support for RTL8168DP. Bug fixes for RTL8102E.
(#627704) 
  * tg3, broadcom: Add support for BCM5717, BCM5719, BCM57765, and
BCM50610M and BCM5241 PHYs. Bug fixes for BCM5755. (#627705) 

I have also cherry-picked some small changes:

  * bnx2i: Add support for BCM5771E 
  * wl1251: Add support for PG11 chips 
  * bnx2x: Add support for BCM84823 
  * ar9170usb: Add several additional USB device IDs 

There are more drivers that I think should be added or updated (see
#624794) but they will probably have to wait for release 6.0.3.

Packages


The source package and binary packages for i386 and amd64 are available
on people.debian.org. They can be verified by the checksums in the
signed changes file.

The current packages are version 2.6.32-35~test1, but there may be
further test versions before an official stable update.

How to test
---

For network drivers, I suggest the following regression tests:

 1. If the driver tries to load firmware (only required for some
chips), does this work once the firmware file(s) are installed? 
 2. Can you receive and transmit VLAN-tagged frames after creating a
VLAN interface? 
 3. Does the interface work after suspend and resume? 
 4. Does the interface work after removing the cable for 10 seconds
and reinserting it? 
 5. Does multicast configuration work? (IPv6 autoconfiguration or
mDNS will cover this.) 
 6. Can the interface send and receive TCP/IP across a LAN at the
same speed, before and after these changes? (Use e.g. netperf to
test this, but don't forget to remove the netperf package after
use.) 
 7. Are any warnings or errors logged by the kernel during the
preceding tests? 

For storage drivers, unfortunately I don't have a good idea of what
tests would be suitable. In any case, please don't test on disks storing
valuable data!

Please send test reports to the bug reports linked above, stating the
driver name, the PCI ID for the device you tested (from lspci -n) and
any other device identification that the kernel log (for example, r8169
logs the 'XID' of the device).

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.


signature.asc
Description: This is a digitally signed message part

Re: Trunk version of linux-image ISSUE

[Ben Hutchings]

On Sat, 2010-04-17 at 08:37 -0500, JW Foster wrote:
> I', sent this previously but so far no reply. Can anyone tell me how to
> get rid of this issue. I did an update & the trunk version of
> linux-image was installed as the upgraded version. A few weeks later I
> tried to install the newer regular version & after a few attempts it
> finally installed & grub configured it. However it is not properly
> configured according to the installer as it keeps trying to configure
> the non-trunk version every time I do an update. Now I've been able to
> select the non-trunk version & have my system running it, even though
> it's not properly configured. I tried to then remove the trunk ver. &
> this is the error message I get.
[...]

This looks like a bug in extlinux, as the failing script belongs to it.
Please run 'reportbug extlinux'.

For future reference, the primary list for kernel-related questions is
normally debian-ker...@lists.debian.org.

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.


signature.asc
Description: This is a digitally signed message part

Re: Question about my Ethernet Cards

[Ben Hutchings]

On Wed, Jan 14, 2009 at 09:10:01PM -0500, Boxuan Gu wrote:
> Hello, Ben,
> 
> Thank you for your email very much! However, when I used apt-get
> source linux-2.6, it seemed that the patch 12 has been applied
> automatically. Do I need to apply patch 12 again?

Since there are many different and mostly independent patches, they
are not included directly in the Debian patch (.diff.gz) which apt-get
applies automatically.  Instead they are created as separate files
under debian/patches, which are applied as part of the build process
controlled by debian/rules.  By using the kernel build system directly
you have avoided applying those patches.

> What I am confused is that, the kernel image gotten from "updating"
> can support tg3 but the kernel image built from its source codes
> (Linux Kernel 2.6.26) can't. I don't know why.
[...]

The package is built using dpkg-buildpackage, which calls debian/rules,
which applies those patches.  But this takes a very long time because it
builds several configurations and each of those enables most of the
drivers and optional features.  If you want just a single configuration,
use linux-source-2.6.26.

Ben.

-- 
Ben Hutchings
Usenet is essentially a HUGE group of people passing notes in class.
  - Rachel Kadel, `A Quick Guide to Newsgroup Etiquette'


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Question about my Ethernet Cards

[Ben Hutchings]

On Wed, 2009-01-14 at 17:56 -0500, Boxuan Gu wrote:
> Hello,
> 
> When I opened "/usr/src/linux_2_6_26/drivers/net/Kconfig", I found the
> following:
> 
> config TIGON3
>tristate "Broadcom Tigon3 support"
>depends on BROKEN
>depends on PCI
> 
> I don't know what does "BROKEN" mean. I couldn't find where to set BROKEN.
> 
> I removed "depends on BROKEN" and then executed "make menuconfig", I
> could find the option for tg3. However, during the building of the
> kernel, there were many comoiling errors for  tg3.c. I think some
> symbols in tg3.c depend on other source files.
> 
> Could you please tell me why? What does "BROKEN mean" ?  How can I
> solve this problem? Thank you very much!

The "upstream" tarball for linux-2.6 is patched to remove much of the
firmware that we do not have source code for.  This causes the drivers
that included that firmware to be broken, so they are marked as such.
The Debian diff includes patches that fix most of these drivers so that
they can load firmware from separate files.  However "apt-get source"
does not apply those patches; you need to use debian/rules to do that.

It is usually easier to build your own kernel from linux-source-$VERSION
which has those patches already applied (but not patches for special
flavours like xen).

Ben.



signature.asc
Description: This is a digitally signed message part

Re: RFH: rt2570 -- RT2570 wireless network drivers

[Ben Hutchings]

Development of the rt2570 driver is nearly dead upstream - it is
replaced by the rt2x00 drivers, but they may not yet work as well for
everyone.  There are unlikely to be any more official, well-tested,
releases.

None of the developers currently in the pkg-ralink group have access to
devices supported by the rt2570 driver.  So we need some users of this
driver to test new versions of the package before we upload them.  If
you are willing to do this, please respond to this bug.

Ben.

-- 
Ben Hutchings
Tomorrow will be cancelled due to lack of interest.


signature.asc
Description: This is a digitally signed message part

Re: RFH: rt2400 -- RT2400 wireless network drivers

[Ben Hutchings]

I wrote:
> There is no-one on the Ralink driver packaging team who owns any rt2400
> hardware.  There are no new cards with this chipset in them, and I have
> been unable to buy a second-hand card.
> 
> The "legacy" rt2x00 drivers are nearly dead upstream.  Unless someone
> can offer to provide us with such a card, or to test pre-release
> packages against it, we cannot support this driver in any meaningful
> way.

Popcon shows 46 installations of the rt2400 driver, so I suspect at
least one rt2400 user is subscribed to this list.  Please can one of you
offer to test new packages?

Ben.

-- 
Ben Hutchings
The generation of random numbers is too important to be left to chance.
- Robert Coveyou


signature.asc
Description: This is a digitally signed message part

Re: RFH: rt2400 -- RT2400 wireless network drivers

[Ben Hutchings]

There is no-one on the Ralink driver packaging team who owns any rt2400
hardware.  There are no new cards with this chipset in them, and I have
been unable to buy a second-hand card.

The "legacy" rt2x00 drivers are nearly dead upstream.  Unless someone
can offer to provide us with such a card, or to test pre-release
packages against it, we cannot support this driver in any meaningful
way.

Ben.

-- 
Ben Hutchings
Lowery's Law:
 If it jams, force it. If it breaks, it needed replacing anyway.


signature.asc
Description: This is a digitally signed message part

Security bug in CAPI code; please test updates

[Ben Hutchings]

There is a potential buffer overflow in logging of CAPI messages in
libcapi20 (part of isdnutils; bug 408530). The same broken code from
libcapi20 is present in the Linux kernel (bug 411294). Also, the
affected functions are not thread-safe and are unlikely to be made so
without API changes; multithreaded programs calling them must use a
mutex to avoid another security flaw; (such as asterisk-chan-capi; bug
411293).

I have prepared updates of asterisk-chan-capi and isdnutils for sarge
and sid but I have no ISDN hardware to test them with. I would
appreciate it if users of these packages would test the updates and
report their results to the associated bugs.

The patches can be found attached to the bug reports. Updated packages
are at:

deb http://womble.decadent.org.uk/debian/ distribution/
deb-src http://womble.decadent.org.uk/debian/ distribution/

(the repository is signed with my personal GPG key).

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption] would be
development of an easy way to factor large prime numbers. - Bill Gates


signature.asc
Description: This is a digitally signed message part

Re: telnet problem

[Ben Hutchings]

Jacco Hoeve wrote:
Andreas Janssen wrote:
Jacco Hoeve (<[EMAIL PROTECTED]>) wrote:
One more quick question:
I am used to typing "telnet 0 port" .. but after I upgraded woody to
sarge "telnet 0" gives:
server01:/etc# telnet 0 25
telnet: could not resolve 0/25: Name or service not known
It does the same in woody.
Use the full IP address or name of the host you want to connect to.
I know that's the way ..but why doesn't 0 work? It's a RFC guideline thing..
just like "ping 0".
Please cite the RFC that specifies this.  So far as I know, the only 
standard way to write IPv4 addresses is as a dotted quad.  The formats 
that use 1 to 3 parts are Berkeley-isms.  POSIX requires inet_addr to 
support them, but it doesn't specify the telnet command.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: su: Permission denied, (Ignored)

[Ben Hutchings]

martin f krafft wrote:
I have just encountered a weird message by /bin/su:
master:/tmp# su -c id collector 
su: Permission denied
(Ignored)
uid=200(collector) gid=200(collector) groups=200(collector)

root su's to the collector user (pam_rootok allows this), and the
command is executed. But where do the messages come from.
strace says:
[...]
stat64("/root", {st_mode=S_IFDIR|0700, st_size=116, ...}) = 0
stat64(".", 0xba00) = -1 EACCES (Permission denied)
brk(0)  = 0x80ec000
brk(0x80ee000)  = 0x80ee000
getcwd("/root", 4096)   = 6
getpid()= 15728
getppid()   = 15727
stat64(".", 0xba30) = -1 EACCES (Permission denied)

The failing call seems to be a stat of the CWD, which is /tmp,

The cwd here is /root (though I don't see why) and collector presumably 
doesn't have execute permission on /root so it can't even look up ".".

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: network install over nVidia nForce 3 ethernet interface

[Ben Hutchings]

I wrote:
If you have a drive larger than 137 GB (128 GiB) then you must use a 2.6 
kernel to avoid disk addresses wrapping around beyond that point.
Sorry, I got this wrong.  2.4 should be fine as well, so I don't know 
what the problem might have been.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: network install over nVidia nForce 3 ethernet interface

[Ben Hutchings]

Alexandru Cabuz wrote:
Hello,
My question concerns the correct course of action when installing
Sarge on a computer whose only way to connect to the internet is
through an nVidia nForce 3 ethernet interface which needs the driver
provided by nVidia at
http://www.nvidia.com/object/linux_nforce_amd64_1.0-0292
I don't think you need that driver.
without having to burn 14 CDs.
The first CD is more than sufficient to install a base system.

I have tried to install a basic system and then worry about the driver
later, but the installation didn't work. I set up the partitions,
everything going smooth, until reboot. After reboot I got flooded with
messages like
nv_sata : Primary device mounted
nv_sata : Primary device mounted
nv_sata : Secondary device mounted
nv_sata : Secondary device mounted
nv_sata : Secondary device unmounted
nv_sata : Secondary device unmounted
nv_sata : Primary device unmounted
nv_sata : Primary device unmounted
Or maybe it was "loaded" instead of "mounted"... I forgot. Anyway,
something like that.
This appears to be a known bug in the driver.  This message
 suggests a 
solution.


Should I just try another build of the netinstall CD or (and this
would really be sweet) is there any way to get a hold of a netinstall
CD with the forcedeth driver corresponding to the particular kernel ON
IT already...?
forcedeth has been part of the standard kernel since versions 2.4.26 and 
2.6.5.

A man can dream can't he?
Oh by the way, in the meantime, grub and the master boot sector got
all messed up somewhere along the way, and so I can't even boot into
my windows partition I had installed for recovery purposes... :-) now
I lost my windows partition too.
Great.
If you have a drive larger than 137 GB (128 GiB) then you must use a 2.6 
kernel to avoid disk addresses wrapping around beyond that point.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Still can't get mplayer to play Car Talk!

[Ben Hutchings]

Adam Funk wrote:
As I mentioned in a previous post, I'm using the current unstable
version of mplayer-k6 from ftp.nerim.net and all the relevant packages.

My /etc/mplayer/codecs.conf contains the following lines:
audiocodec racook
  info "RealAudio COOK"
  status working
  format 0x6B6F6F63 ; "cook"
  driver realaud
  dll "cook.so.6.0"

The cook.so.6.0 file exists on my system (/usr/lib/win32/cook.so.6.0:
ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), stripped)
but not the other two.

Shouldn't it be in /usr/lib since it's a native ELF shared library and 
not a Win32 DLL?

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: critical install failure, most hardware attempting to use irq 1.

[Ben Hutchings]

Levi Waldron wrote:
I just tried to install sarge, using the pre-rc2 debian-installer, on
an eMachines T1742 Celeron 1.7 GHz desktop system (82845G/GL
[Brookdale-G] mainboard chipset).  After installing the base system,
the floppy drive, network card, and sound card do not work.  Although
they are supported hardware, there appear to be numerous irq conflicts
(these devices sharing irq 1 with the keyboard) and possibly memory
conflicts.
It's entirely possible for PCI devices to share IRQs but since the 
keyboard controller is normally on a vestigial ISA bus it can't share 
and this configuration doesn't make sense.  It looks like the BIOS may 
be returning nonsensical results for ACPI queries by the kernel. 
Unfortunately there are a lot of broken ACPI implementations out there.

> I have included below some output showing the symptoms.
Note that I have the same problems when trying Knoppix 3.2 in this
box.  This seems to be a major compatibility failure.  Any advice on
where to go from here?  (ie try to fix it, go to kernel or developer's
mailing lists, give up and get a new computer?)

Try putting "pci=noacpi" on the boot command line.  If you do that then 
the kernel will use the older PCI BIOS interface to find out the PCI 
configuration and is more likely to get correct answers.  I'm afraid I 
haven't used d-i yet so I don't know quite how you edit the boot command 
line.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Redirecting stdout and stderr into a file

[Ben Hutchings]

Upayavira wrote:
Otto Wyss wrote:
Sorry I can't remember how I can redirect the stdout and stderr together
into a file. I can
grep > logfile
grep 2> logfile
but how can I redirect both together?
 

cat foo 2>&1 > logfile
or, to append to the file:
cat foo 2>&1 >> logfile
Should do it.
Redirections are processed in the order they appear on the command line. 
 So "2>&1 >logfile" redirects stderr to the same as current stdout 
(normally the terminal) and then redirects stdout to logfile.  You need 
to swap the two redirections to send both streams to logfile.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Limiting User Commands

[Ben Hutchings]

Michael Graham wrote:
Ben Hutchings wrote:
Christopher Swingley wrote:
Change the ownership and permissions on their .bash_profile and .bashrc
to root:root 644:
   -rw-r--r--1 root root  420 Sep 21 13:05
   .bash_profile -rw-r--r--1 root root  746 Sep 21
   13:05 .bashrc
You should also add the sticky bit to their directory (chmod +t) to
prevent them from replacing these files.

I feel the need to learn something new today. How could the user replace
the root owned files in a directory that they own?
By renaming or unlinking them.  Linux treats this as an operation on the 
directory, not the file, so it's controlled by the directory's permissions.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Limiting User Commands

[Ben Hutchings]

Christopher Swingley wrote:

This is what I've done when I wanted to reduce the set of commands a 
user could run.  I'm sure a reasonably competant Unix user could easily 
circumvent these restrictions, but it's a good first start, and making 
such attempts would result in account suspension.

Change their shell to /bin/rbash in /etc/passwd:
bbonds:x:50539:50539:Barry Bonds,,,:/home/bbonds:/bin/rbash
Change the ownership and permissions on their .bash_profile and .bashrc 
to root:root 644:

-rw-r--r--1 root root  420 Sep 21 13:05 .bash_profile
-rw-r--r--1 root root  746 Sep 21 13:05 .bashrc

You should also add the sticky bit to their directory (chmod +t) to 
prevent them from replacing these files.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: File System crash

[Ben Hutchings]

david.lozano wrote:
Hi all,
I've got a new PC and I've just installed that:
On a 160 Gbytes HD, three partitions:
hda1 with Windows 2000 (119 Gbytes), NTFS
hda2 with a Linux swap partition (1 Gbyte)
hda3 with an ext2 file system (40 Gbytes)
My linux installation is a Debian Woody (just downloaded the image files
using jigdo a month ago).
My problem: after rebooting from Linux (ctrl+alt+del) the FS crashed. I
was told to run fsck on /dev/hda3 manually, so I did. I had to use the -y
option because the huge amount of question I was asked (several
thousands). Windows 2000 worked fine.
After running fsck Debian started fine again, but Windows 2000 FS didn't.
It seemed as fsck had done something wrong on hda1... very strange.
I had to install Windows 2000 from scratch again.
Then, two days later I got the same error. Debian startup didn't work, I
was told again to run fsck manually. Just to check, I rebooted and started
Windows 2000: it worked fine. I run then fsck on /dev/hda3, rebooted, and
hda1 was broken again (hda3 was clean).
It seems clear to me that the fsck utility does something on hda1, even
when run on hda3. Is it a known bug?

That cannot be due to a bug in fsck, because if it opens hda3 then it 
only has access to that partition and not to hda1.  I think the problem 
is at a lower level.  I'm pretty sure that changing the filesystem type 
will *not* fix it.

The LBA mode which has been the normal mode of addressing IDE disks for 
some years uses 28 address bits and can only address 128 GiB (2^28 
sectors * 512 bytes/sector).  There is a newer mode called LBA-48 that 
uses 48 address bits, but older kernels and IDE interfaces do not 
support it.  I suspect that at some level disk addresses beyond 128 GiB 
are wrapping around so that when the kernel intends to write to the last 
part of the disk (the second half of hda3) it actually writes to the 
first part of the disk (hda1).

Since you say it's a "new PC" I would imagine that the IDE interface is 
compatible with LBA-48, so I would check your kernel version.  LBA-48 
was added to the various IDE drivers during the 2.4 series so if you're 
using the 2.2 kernel you must upgrade.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Problems with DHCP Setup

[Ben Hutchings]

Joshua J. Brickel wrote:
Hi Folks,
I was hoping that someone might be able to help me with this or direct 
me to another internet group that would

Summary:
DHCP is not getting set-up correctly on the Linux side.

The 
present problem is that the initial dhcp connection does not seem to be 
properly setup. 
Is there anything that actually does not work, or are you just surprised 
to get a slightly different configuration?


Things that I have noticed here are:
1) the IP address that the card binds to 172.25.221.21 is the same 
address each time and is NOT the same as on the Windows side.
Not a problem.
2) The message "SIOCADDRT: Network is unreachable" can not be good.
Well, it doesn't *look* good, but it might not really indicate a problem.

Finally the difference in the route tables are:...
Linux:
andromeda:/etc# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse 
Iface
172.25.192.0*   255.255.224.0   U 0  00 eth0
andromeda:/etc#
Hmm, no gateway.  I'm not sure why that is; if a DHCP server gives a 
gateway address then it should normally become the default gateway. 
However you can configure dhclient to selectively ignore what the server 
tells it.

While Windows is something huge...
C:\Documents and Settings\Joshua>route print
===
Interface List
0x1 ... MS TCP Loopback interface
0x2 ...00 e0 50 02 89 88 .. Asound 10/100M Based Fast Ethernet Card 
- Pack
Scheduler Miniport
===
===
Active Routes:
Network DestinationNetmask  Gateway   Interface  Metric
  0.0.0.0  0.0.0.0 172.25.224.1172.25.207.86  20
This is the default route which is missing under Linux.
127.0.0.0255.0.0.0127.0.0.1   127.0.0.1   1
This is the loopback route which is not needed under Linux.
 172.25.192.0255.255.224.0172.25.207.86172.25.207.86  20
This is the local network route which is present under Linux (though 
with a different local address).

172.25.207.86  255.255.255.255127.0.0.1   127.0.0.1   20
   172.25.255.255  255.255.255.255172.25.207.86172.25.207.86  20
224.0.0.0240.0.0.0172.25.207.86172.25.207.86  20
  255.255.255.255  255.255.255.255172.25.207.86172.25.207.86  1
I think these special routes are not needed under Linux because its 
network stack works differently.

Default Gateway: 172.25.224.1
===
Persistent Routes:
  None
Of which none of the routes match the one put in by linux.
The only important difference from the routes active under Linux is the 
existence of the default gateway.

One final note, I can ping the eth0 card directly, so it does indeed 
seem to be working on some level.  Also it definently appears to begin 
to get the dhcp info.  For instance the addresses is resolv.conf match 
those stated as the DNS servers by Windows.

So here I am wondering if perhaps I need t change something in the 
dhclient.conf file, although nothing I have done so far seems to have 
moved this problem along.
You shouldn't need anything in there.
If anyone has any idea of what I can try next I would be gratefull.
If you do have anything in dhclient.conf other than comments, try 
commenting it out and reinitialising the interface (ifdown eth0 && rm 
/var/lib/dhcp/dhclient.leases && ifup eth0).

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: change IP and default route.

[Ben Hutchings]

Dr. David Kirkby wrote:

Thank you very much for that - and everyone else that replied. I had not 
seen your post before I see others mentioning /etc/network/interfaces, 
so edit that. so was not sure what to put for the broadcase, although 
since the original ended in .255, I went for that too.

Reading the man pages I found the gateway was optional, which rather 
surprised me. Perhaps the broadcast will get a response from the gateway 
- I am not sure I must admit.

There need not *be* a gateway.  Not every LAN is connected to a wider 
network.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: su : must be run from a terminal

[Ben Hutchings]

Gilbert, Joseph wrote:
There are two other standard ways to have scripts run with root privileges.
1) For automated tasks, schedule it in root's crontab.  'man crontab' for
more info
2) Use setuid for scripts or programs that are to be run by users who need
root perms to perform a specific task programmed into that script.  You need
to think about security on this one though.  See 'man setuid' and 'man
chmod' for more info.
setuid has long been disabled for scripts, because an attacker could do 
something like this:

ln setuid-script foo; (./foo &); ln -f evil-script foo
If the timing was just right the kernel would read the setuid bit, owner 
and script interpreter from setuid-script but the interpreter would read 
evil-script.  This problem could be avoided if the kernel would pass the 
script to the interpreter using a file descriptor instead of an 
argument, but that's not backward-compatible.

What one can do is to write a specific wrapper for the script in some 
language that can be compiled to executable code, and make that setuid. 
  It's possible to write a generic wrapper in C and use preprocessor 
macros to substitute the name of the specific script when compiling it. 
 The script and its directory should be appropriately protected so that 
only the owner can modify or replace it.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: missing files in install cd - built using jigdo

[Ben Hutchings]

tom midgley wrote:
I built an iso, using 
'http://non-us.cdimage.debian.org/jigdo-area/3.0_r2/jigdo/i386/woody-i386-7.jigdo'. 

The installer gave the the following message  :
"The installation program couldn't find any directory containing the 
files rescue.bin, drivers.tgz"
- it was right, they weren't on the CD.

On ungzipping the .jigdo file they weren't listed in there either. 
Presumably they weren't on the iso from which the .jigdo was built.
This is similar to Bug#221266
So it looks as if there is an iso build script somewhere which misses 
these files.

I don't think so.  They belong on disc 1 along with the installer, not 
on disc 7.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bizarre NFS Problem

[Ben Hutchings]

Derek "The Monkey" Wueppelmann wrote:
Hello All,
I'm currently running debian 3.0 r3 and have run into an interesting
issue with my NFS mounts. On one of my debian systems (I have just done
an apt-get update/upgrade on all my systems) when copying or creating a
file on one of the NFS mounted directories I get an input/output error.
The interesting thing is that this only happens for a file size of
between 4833-4840 inclusive or any multiple of 8192 + 4833-4840. My
mount point has been setup in fstab with the following options:
rw,auto,soft,rsize=8192,wsize=8192
Another interesting thing is that if I go to another of my debian
systems that is running the exact same version of mount and nfs the copy
works just fine. I am incredibly perplexed as to why this is happening,
if anybody could shed some light on this that would be great.

Perhaps it's something to do with IP fragmentation?  That works on 
64-bit (8-byte) units so if there's some kind of bug in fragment 
reassembly somewhere along the route then it might well affect fragments 
in an 8-byte range of sizes.  See if the problem goes away if you reduce 
the sizes to 1024, which should prevent fragmentation.  (This is bad for 
performance so it's not a good solution, but it might help to identify 
the source of the problem.)

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Setting samplerate on /dev/dsp

[Ben Hutchings]

ognjen Bezanov wrote:
Hi all, while not technically debian related it has something to do with
linux.
I want to capture data from my /dev/dsp device but the devices defaults
are 8bit mono sound, i want to know how to set the samplerate and
mono/stereo from the command line, a google search showed me only how to
do it in C++ (using ioctl). is it possible?
if not is there are program out there which would let me set the
samplerate before capture?
If you're using ALSA, the arecord command from the alsa-utils package 
should do the job.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: executing spamassassin from sieve on some of the messages

[Ben Hutchings]

Vadim wrote:
Henrique de Moraes Holschuh wrote:
That's my understanding as well, then, is there any other way I can 
sort messages with cyrus?
Sure, filter them before they get to Cyrus.  If you want to do all 
decision
making with Sieve, make sure the filters add headers you can test 
against.
So if I use say procmail, how do I tell cyrus which folder to put it 
in?  What I want to do, is to sort all messages from known sources in to 
some folders, ans then run spamc on the rest (I really don't want to 
test all debian-user messages).
Use the -m option to cyrdeliver, but note that you need to have 'post' 
access to the folder in question.  If you don't it will silently deliver 
to INBOX instead, if I remember correctly.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Yanking a USB Hard Drive/ReiserFS causes Kernel Panic

[Ben Hutchings]

John L Fjellstad wrote:
William Ballard <[EMAIL PROTECTED]> writes:

I have an external USB 2.0 2.5" hard drive, shows up as /dev/sda, with 
an ReiserFS partition.  If I yank it with it mounted ReiserJS panics.
I have the fstab entry marked as sync, rw.

I think it might be because reiserfs is a journaling filesystem. I know
I sometimes forget and remove my usbkey (which has FAT) without
unmounting, and don't see the problems you see.  Even ext2 should be
fine.
Absolutely not.  The point of keeping a journal is to preserve the 
integrity of the filesystem even in an operation is unexpectedly 
interrupted (whether by a crash or a power failure).  This should 
provide resilience to disconnection, too, but that doesn't mean 
disconnection without warning would be safe: the integrity of the 
filesystem is not the same as the integrity of every file within it.

If an ext2 filesystem is not cleanly unmounted then there is no 
guarantee that it will be consistent or quickly repairable.  It must 
generally be fully scanned and repaired by e2fsck.  If the filesystem is 
not mounted with metadata ordering enabled, even that won't necessarily 
work.

FAT isn't resilient to interruption either.  FAT filesystem 
implementations tend to be extremely conservative in ordering of 
changes, which may make it relatively safe to disconnect a FAT 
filesystem without unmounting it.  However, there's no way of telling 
whether a FAT filesystem has been cleanly umounted or not, so filesystem 
damage can easily go unnoticed for some time, giving a false sense of 
the safety of this practice.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: regd max file size

[Ben Hutchings]

David Clymer wrote:
On Thu, 2004-10-28 at 05:49, Micheal Mukherji wrote:
My apologies if you feel its not a thing related to debian.
Is the 'maximum file size' a constraint of a particular file system
implementation or the constraint of operating system?
Both, I believe. For example, 32bit versions of linux are limited to
smaller filesizes than are 64bit versions.
This is no longer the case.  Linux and glibc now have Large File Support 
(LFS), which allows 64-bit file sizes and offsets on 32-bit architectures.

> However, there are filesize
limits that are particular to filesystems as well - Resierfs has a
maximum of 8TB^8 whereas fat32 has a maximum of 4GB (according to
wikipedia). So its possible that a given filesystem could allow larger
filesizes than the kernel can address or vis versa.
There are also compatibility constraints, both at the binary and the 
source level.  Since Linux and glibc used to be limited to 32-bit file 
sizes on 32-bit architectures, they must continue to support programs 
compiled to use them.  In addition, there is a concern to avoid data 
loss in software that stores file sizes in variables of 32-bit types 
(e.g. int or size_t), so programs compiled now will use the 32-bit 
system calls and library functions by default.  So most programs are 
still limited to 2^31-1 bytes (2 GB - 1 byte) on 32-bit architectures 
even though they can theoretically use files up to 2^63-1 bytes in size.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Replacing root device on a running system

[Ben Hutchings]

Micha Feigin wrote:
Is it possible to change the root device on a running linux system?
Yes; use the pivot_root system call.  I don't know of any command that 
provides access to that, though.  It is mainly used to switch from the 
initrd to the normal root filesystem.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Fixing errant partitions

[Ben Hutchings]

David Baron wrote:
Partitions, created by linux fdisk, seem to have errors (disabling 
parted/qtparted, etc.) The table looks like this (I do not know whether it 
made it this way--I only gave fdisk types and sizes, or other things caused 
the errors. There were originally two fat32s plus one linux and swap on this 
disk, made by PartionMagic--one fat32 was eliminated and the space taken for 
several ext3 partitions made using linux fdisk):

   Device Boot  Start End  Blocks   Id  System
/dev/hdb1   *   65520   77600 6088635   83  Linux
/dev/hdb2   1   6551933021544+   f  W95 Ext'd (LBA)
/dev/hdb3   77600   79640 1028160   82  Linux swap
/dev/hdb5   1   3875319531449c  W95 FAT32 (LBA)
/dev/hdb6   38753   46504 3906250+  83  Linux
/dev/hdb7   46504   52704 3125000+  83  Linux
/dev/hdb8   52704   56579 1953125+  83  Linux
/dev/hdb9   56580   60455 1953125+  83  Linux
/dev/hdb10  60455   65519 2552603   83  Linux
Partition table entries are not in disk order
Fdisk 'v' command complains about hdb5 and hdb6 overlap. Appears as if the 
same is true for hdb6 and hdb7.  How do I SAFELY fixe this up?
Backup, repartition, remake filesystems and restore.
You could try shortening the partitions with parted after backing up. 
If that works then you might not need to restore.

> hdb2 is either not needed or needs to be shrunk to same size

On the contrary, it is needed and should be kept at its current size. 
You can only have 4 partitions in the main partition table on a PC and 
you need this "extended partition" to contain the second partition table 
and all the additional partitions.

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Backup to dvd

[Ben Hutchings]

David Berg wrote:
Need some help hammering out a tar/mkisofs command to backup my disks to
dvd.  I'm looking to burn two root level directories (/home,/var and
/usr, /) to they're own dvd.  Problem is I don't have room to build the
tarball or iso on the hard disk before I burn it.  Using a command such
as 

mkisofs -R -o backup.iso /home /var 

looses some directory structure
and if I use graft points I loose directory ownership & permission
information.  At least I haven't yet figured out how not to.  I also
can't figure out how to make mkisofs read from stdin for its directories
so that I can have tar pipe its output directly to mkisofs.  
You need to use the -stream-media-size option.  RTFM for the details.
I'd rather use just mkisofs and have each individual file than one tarball
but I don't want to run into any problems with restoring from backup
either since I plan on doing it shortly (only using half of harddrive
and fdisk for some reason won't let me put a partition on the rest)
Did you by any chance create 4 primary partitions of which none is 
extended?  If so then you should be able to fix the problem by deleting 
the swap partition and creating an extended partition.  Having done 
that, you can create an unlimited number of "logical" partitions 
(including a new swap partition).

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Building binaries for older versions of libc6

[Ben Hutchings]

I have a C++ program which requires g++ 3.4 to build due to parser bugs 
in older versions of g++.  I'm currently building on a development 
machine running mostly woody with some packages from sarge, including 
g++-3.4 of course.  This requires version 2.3.2 of libc6 itself, and any 
binaries I build with it appear to require version 2.3.  Now, while I 
prefer to do development on Debian, I need to build binaries that will 
run on Red Hat Enterprise Linux 2.1, which has version 2.2.4 of libc6.

I'm wondering whether it's possible to build binaries with g++ 3.4 that 
will require only libc6 2.2, and if so, how.  If I remove g++-3.4, 
downgrade to woody and then build and install g++ from source, is that 
likely to work?

Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]