from:"Rick"




On 9/25/23 17:11, Greg Wooledge wrote:

On Mon, Sep 25, 2023 at 04:49:52PM -0600, Rick Macdonald wrote:

Lastly, do I understand correctly that the root of this whole issue is
simply misformed headers in the original spam mail that I receive at my
Dreamhost account? Oh, and does all this lead to the "Frozen Message" emails
I receive (described in a prior email)?

I'm not an exim expert, but it seems the fundamental issue here is
that your actual receiving MTA (Dreamhost) accepted these messages,
but your local exim MTA refused to accept them.  Fetchmail kept trying
to move the messages from the former to the latter, which failed each
time, and caused exim to generate a new bounce message.  Each time.

The same issue would have arisen in any situation where the first MTA
and the second MTA have differing acceptance criteria.  Could be syntax
errors, could be antispam policy, could be anything that's different
between the two MTAs.

One of the big revelations in email administration in the last few
decades is that the original SMTP design, in which messages were
accepted liberally, with bounces generated after the fact if deliveries
were not possible, was flawed.  It led to many kinds of abuse by
malicious senders.

The preferred policy nowadays is to perform all possible checks *during*
the initial SMTP conversation.  If a message fails to meet acceptance
criteria for any reason, it should be rejected during that initial
conversation.  Generating a bounce message almost always ends up sending
spam to an innocent third party address, which the malicious sender has
forged.

How this relates to fetchmail and exim, specifically, I can't say.  These
aren't tools I'm deeply familiar with.  But if you can do it, try to
arrange it so that any message that can't be accepted gets dropped into
a black hole, rather than generating a bounce message.


Thanks Greg. Your summary matches my new understanding. I looked at the 
Dreamhost mail options and don't see where I can change anything, so the 
next time I get an email stuck there I'll try adding the fetchmail 
--nosoftbounce option which should quietly delete the bad message on the 
server, and stop any future bounce messages.


Rick

Re: Are people trying to relay mail through my system?



On 9/25/23 14:58, Rick Macdonald wrote:
Some of the mail in the queue is up to 4 days old. I'm going to clear 
it all out to see what new arrives in this state.


I've made a bit of progress.

First, I deleted the almost 6000 messages in the mail queue:

# mailq | grep 1q | cut -c11-26 | xargs exim4 -Mrm

Then I noticed that I was still getting more, but always the same 4 
messages. I checked on the Dreamhost server where I pull my mail from 
and sure enough found those 4 messages "stuck" there. I deleted the 4 
from Dreamhost, and now all is quiet for the moment.


These 4 messages were all spam. I think the mail in the "mailq" kept 
growing because fetchmail was repeatedly trying but failing to retrieve 
the same messages over and over.


I see a fetchmail option that might help, but I'm wondering if I might 
then lose some non-spam problematic mail that fetchmail can't fetch?



*--nosoftbounce*
(since v6.3.10, Keyword: set no softbounce, since v6.3.10)
Hard bounce mode. All permanent delivery errors cause messages to
be deleted from the upstream server, see "no softbounce" below. 
*--softbounce*

(since v6.3.10, Keyword: set softbounce, since v6.3.10)
Soft bounce mode. All permanent delivery errors cause messages to
be left on the upstream server if the protocol supports that.
Default to match historic fetchmail documentation, to be changed
to hard bounce mode in the next fetchmail release. 



I'm running fetchmail v6.4.37. It appears that --softbounce is still the 
default. Since they intend to change the default someday to 
--nosoftbounce, maybe this option isn't as dangerous as it sounds to me?


Lastly, do I understand correctly that the root of this whole issue is 
simply misformed headers in the original spam mail that I receive at my 
Dreamhost account? Oh, and does all this lead to the "Frozen Message" 
emails I receive (described in a prior email)?


Rick

Re: Are people trying to relay mail through my system?




On 9/25/23 14:25, Andy Smith wrote:

Hi Rick,

Your system has rejected a spam email, not because it worked out it
was spam, but because it was syntactically invalid. That's good, but
unfortunately your system decided to helpfully tell the (spam)
sender what had happened, by trying to send this bounce message
back:

On Mon, Sep 25, 2023 at 12:24:52PM -0600, Rick Macdonald wrote:

# exim4 -Mvb 1qkOYj-001Hnf-2V

1qkOYj-001Hnf-2V-D
--foo-mani-padme-hum-306716-2546159-1695559801
Content-Type: text/plain

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error.

Reason: General SMTP/ESMTP error.

The following address(es) failed:
rickm@localhost
    SMTP error: 550 header syntax

--foo-mani-padme-hum-306716-2546159-1695559801
Content-Type: message/delivery-status

Reporting-MTA: dns; timshel

Final-Recipient: rfc822; rickm@localhost
Last-Attempt-Date: Sun, 24 Sep 2023 06:50:01 -0600 (MDT)
Action: failed
Status: 5.0.0
Diagnostic-Code: 550 header syntax

--foo-mani-padme-hum-306716-2546159-1695559801
Content-Type: text/rfc822-headers

X-Original-To: ri...@timshel.ca
Delivered-To: x2959...@pdx1-sub0-mail-mx207.dreamhost.com
Received: from tulsa.turntext.co (unknown [104.234.25.229])
     by pdx1-sub0-mail-mx207.dreamhost.com (Postfix) with ESMTP id
4RtbVJ37KPz6m2v
     for ; Sat, 23 Sep 2023 23:20:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=turntext.co;
  h=Mime-Version:Content-Type:Date:From:Reply-To:Subject:To:Message-ID;
i=wornkneecartil...@turntext.co;
  bh=CBxd431jRA2owpgtRRwIfhh07HQ=;
  b=gHSMnk0fIYnLGQMVojCZV3z41dNcSDXALZjYjGOQIeWpdDRnH1sBJQfHSP1kzPxUfJa/crsQxxk0
EEY0hk6SjSg1YMK0YDqaT3OXZpz67fAgfVqbB+/ZLA7peSq+mggzKwXIfesN5AC+H7c6pFd6rOii
    E7T+FwmD2FKVnP6z0is=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=turntext.co;
  b=FZY5bgp2/ypBd4Xc/Efzs345ind+OlkYi2NY3G5/m9tEesrUIeIGeE3JR8wlb2+gDhJDNA2BmzYx
53+nwYoiSBgyl/seZvILf1Ojhxg2y0YQWVwzF4LYDunZHfOV8RsiXxhHwL+xjbcTK3zPuKvdOjRF
    1yRVz4iZe7AkjSr5Veo=;
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="21ceb14ceae19fd582462d70f2ee8d8a"
Date: Sat, 23 Sep 2023 23:19:41 -0700
From: "Knee Hurts?" 
Reply-To: "Knee Hurts?" 

One of those two are probably the headers that your Exim objects to,
since they have spaces in the local parts of the address without
quoting.

The whole emails are of course, unwanted spam.

Your other problem, and the reason you have noticed this, is that
your smarthost does not want to accept these helpful bounce messages
that you are generating. They are using a temporary failure code
(451) but their mention of the "AUP" string leads me to believe that
they may suspect the messages are spam or spam-related and want
nothing to do with them.

Either way, they are useless messages and you should stop trying
to send them.


If my system is trying to reply tho them, should I stop it from trying to
reply? (Of course I don't know how to do that!)

You can remove them from your mail queue with:

# eim4 -Mrm 

You can get the ids from the "mailq" command or reading your logs.
You can specify multiple ids per command line.

After doing that you may want to look into how you can avoid sending
bounce messages to emails that your system doesn't want to accept.
These bounce messages are happening outside of the original SMTP
connection (which was between the sender and the MX for your
domain) and are generally "too little, too late". Additionally, it
seems like you may be sending them as rickm@localhost, which is not
helpful even when they are justified.

I'm afraid I'm not familiar with your setup so wouldn't know how to
configure that.


The mailq command shows many of the following:

16m  2.6K 1qks1r-005B1x-2l <>
  6626-879-8427-40-rickm=timshel...@mail.purecuresol.co

15m  3.1K 1qks2o-005BHh-0S <>
  bounce+c764ac.103fa-rickm=timshel...@inputhealth.com

15m  2.6K 1qks2o-005BI0-2K <>
  6595-611-17423-903-rickm=timshel...@mail.turntext.co

15m  2.7K 1qks2p-005BIG-0u <>
  6613-452-119912-590-rickm=timshel...@mail.ikariacool.co

15m  2.6K 1qks2p-005BIL-2m <>
  6626-879-8427-40-rickm=timshel...@mail.purecuresol.co
...etc...
 2m  2.7K 1qksFP-005Hqj-0e <> *** frozen ***
  6613-452-119912-590-rickm=timshel...@mail.ikariacool.co

 2m  2.6K 1qksFP-005Hqs-2U <> *** frozen ***
  6626-879-8427-40-rickm=timshel...@mail.purecuresol.co

 1m  3.1K 1qksGL-005IAq-2A <> *** frozen ***
  bounce+c764ac.103fa-rickm=timshel...@inputhealth.com

 1m  2.6K 1qksGM-005IBF-0n <> *** frozen ***
  6595-611-17423-903-rickm=timshel...@mail.turntext.co

 1m  2.7K 1qksGM-005IBh-2h <> *** frozen ***
  6613-452-119912-590-rickm=timshel...@mail.ikariacool.co

 1m  2.6K 1qksGN-005IBo-1O <> *** froze

Re: Are people trying to relay mail through my system?




On 9/25/23 12:42, Michael Kjörling wrote:


The following address(es) failed:
rickm@localhost
    SMTP error: 550 header syntax

So something running on your local system almost certainly tried to
send mail to either "rickm" or "rickm@localhost", and that triggered
queuing the non-delivery notice which you're seeing evidence of in
your outgoing mail logs.

Do you have something like fetchmail set up in multidrop mode, any
forwarding procmail rules, spam filtering, or anything similar,
especially ones that would be triggered by something being sent to...


Not multi-drop mode, no forwarding procmail rules: only delivery to mail 
folders (and a few to /dev/null).


I did find that I had Thunderbird Return Receipts turned on for some 
cases. I thought it was set to "always ask me". I've used Thunderbird 
forever, and it's asked me maybe once. However, I see now something that 
I missed understanding:



If I'm not in the To or Cc of the message: Ask me


These spam emails would have me in the To field. Could this be the 
origin of these reply attempts?


I've now set it to "Never", but based on your comments and Andy's, this 
doesn't seem to be the source of the messages?


Rick

Re: Are people trying to relay mail through my system?




On 9/25/23 08:29, Michael Kjörling wrote:

On 24 Sep 2023 20:58 -0600, from rickm...@shaw.ca (Rick Macdonald):

My /var/log/.exim4/log file is flooded with messages such as shown below.
I'm not trying to send mail to any of those .co or .com addresses. I use my
ISP (shaw.ca cable provider) as a smarthost.

Are people trying to use my system as a relay?

The log snippet you show doesn't include enough information to tell
for certain where those emails were originally accepted from, but
given what you wrote I wouldn't dismiss the possibility out of hand.


I've sent some more log info just now in a reply to Andy Smith.


If so, can I block them
without cutting myself off from remote access to the IMAP server I run on my
system?

You don't seem to be exposing any SMTP server to the outside world, so
I don't know what might reasonably be going on. Otherwise blocking off
TCP ports 25 and 587 would probably have been a good place to start.

Sorry if I sound lame. I set this up over 20 years ago and haven't done
anything to it since.

If you set it up in the early 2000s and haven't done anything since
then, there's certainly a non-zero probability that it's set up as an
open relay. But although that's a potential problem, it would only be
a _big_ problem if it was accessible from outside of your network,
which does not _immediately_ appear to be the case.


Ports 25 and 587 are not forwarded by my ASUS router. They may well have 
been back in the day.



However, on a semi-unrelated note, you might want to make sure that
the firmware and software is up to date on everything you _do_ expose
to the Internet. It looks like ASUS' web server has had stack-smashing
vulnerabilities previously (not sure if the RT-AC66U is affected), and
whatever is running through Restlet Framework on port 23424 reports a
version of server software that hasn't been updated since 2014. And
that's just some of what I plausibly found barely looking.


Well spotted! Port 23424 was for a server that I stopped running just 
last week. I have now removed it from my port forwarding.


Thanks Michael!

Rick

Re: Are people trying to relay mail through my system?




On 9/25/23 10:03, Andy Smith wrote:

Hi Rick,

On Sun, Sep 24, 2023 at 08:58:04PM -0600, Rick Macdonald wrote:

2023-09-24 20:48:37 1qkRDH-001Zqh-1Z ==
6626-879-8427-40-rickm=timshel...@mail.purecuresol.co R=smarthost
T=remote_smtp_smarthost defer (-54): retry time not reached for any host for
'mail.purecuresol.co'

There isn't anything shown except delivery attempts so we can';t see
how these messages got in to your system. You can see all logs
related to this message with:

# exim4 -Mvl 1qkOYj-001Hnf-2V

and view its headers and body with "-Mvh" and "-Mvb" respectively.
That might give you some more hints.



Thanks Andy!  Here are those lists:

# exim4 -Mvl 1qkOYj-001Hnf-2V

2023-09-24 06:50:01 Received from <> H=(timshel) [::1] P=smtp S=2662
2023-09-24 06:50:05 H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 06:50:08 H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 06:50:08 6595-611-17423-903-rickm=timshel...@mail.turntext.co 
R=smarthost T=remote_smtp_smarthost defer (-45) 
H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP error from remote 
mail server after MAIL FROM:<> SIZE=3752: 451 <> server temporarily 
unavailable. AUP#MXRT
2023-09-24 07:38:45 H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 07:38:48 H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 07:38:48 6595-611-17423-903-rickm=timshel...@mail.turntext.co 
R=smarthost T=remote_smtp_smarthost defer (-45) 
H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP error from remote 
mail server after MAIL FROM:<> SIZE=3752: 451 <> server temporarily 
unavailable. AUP#MXRT
2023-09-24 07:56:28 H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 07:56:31 H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 07:56:31 6595-611-17423-903-rickm=timshel...@mail.turntext.co 
R=smarthost T=remote_smtp_smarthost defer (-45) 
H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP error from remote 
mail server after MAIL FROM:<> SIZE=3752: 451 <> server temporarily 
unavailable. AUP#MXRT
2023-09-24 08:37:50 H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 08:37:53 H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 08:37:53 6595-611-17423-903-rickm=timshel...@mail.turntext.co 
R=smarthost T=remote_smtp_smarthost defer (-45) 
H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP error from remote 
mail server after MAIL FROM:<> SIZE=3752: 451 <> server temporarily 
unavailable. AUP#MXRT
2023-09-24 09:23:46 H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 09:23:49 H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 09:23:49 6595-611-17423-903-rickm=timshel...@mail.turntext.co 
R=smarthost T=remote_smtp_smarthost defer (-45) 
H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP error from remote 
mail server after MAIL FROM:<> SIZE=3752: 451 <> server temporarily 
unavailable. AUP#MXRT
2023-09-24 10:54:59 H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 10:55:02 H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP 
error from remote mail server after MAIL FROM:<> SIZE=3752: 451 <> 
server temporarily unavailable. AUP#MXRT
2023-09-24 10:55:02 6595-611-17423-903-rickm=timshel...@mail.turntext.co 
R=smarthost T=remote_smtp_smarthost defer (-45) 
H=shawmail.glb.shawcable.net [64.59.128.135]: SMTP error from remote 
mail server after MAIL FROM:<> SIZE=3752: 451 <> server temporarily 
unavailable. AUP#MXRT
2023-09-24 12:50:28 H=shawmail.glb.shawcable.net [64.59.136.142]: SMTP 
error from remote mail server after MAIL FROM:&

Are people trying to relay mail through my system?

2023-09-24 Thread Rick Macdonald




My /var/log/.exim4/log file is flooded with messages such as shown 
below. I'm not trying to send mail to any of those .co or .com 
addresses. I use my ISP (shaw.ca cable provider) as a smarthost.


Are people trying to use my system as a relay? If so, can I block them 
without cutting myself off from remote access to the IMAP server I run 
on my system?


Sorry if I sound lame. I set this up over 20 years ago and haven't done 
anything to it since.


2023-09-24 20:48:37 1qkRDH-001Zqh-1Z == 
6626-879-8427-40-rickm=timshel...@mail.purecuresol.co R=smarthost 
T=remote_smtp_smarthost defer (-54): retry time not reached for any host 
for 'mail.purecuresol.co'
2023-09-24 20:48:37 1qkOYj-001Hnf-2V == 
6595-611-17423-903-rickm=timshel...@mail.turntext.co R=smarthost 
T=remote_smtp_smarthost defer (-54): retry time not reached for any host 
for 'mail.turntext.co'
2023-09-24 20:48:37 1qkLEb-000vn2-2D == 
bounce+c764ac.103fa-rickm=timshel...@inputhealth.com R=smarthost 
T=remote_smtp_smarthost defer (-54): retry time not reached for any host 
for 'inputhealth.com'
2023-09-24 20:48:37 1qk8eb-00HQEW-2o == 
bounce+c764ac.103fa-rickm=timshel...@inputhealth.com R=smarthost 
T=remote_smtp_smarthost defer (-54): retry time not reached for any host 
for 'inputhealth.com'
2023-09-24 20:48:37 1qkRGA-001aA2-2k == 
6613-452-119912-590-rickm=timshel...@mail.ikariacool.co R=smarthost 
T=remote_smtp_smarthost defer (-54): retry time not reached for any host 
for 'mail.ikariacool.co'
2023-09-24 20:48:37 1qkDDB-000ChQ-2S == 
bounce+c764ac.103fa-rickm=timshel...@inputhealth.com R=smarthost 
T=remote_smtp_smarthost defer (-54): retry time not reached for any host 
for 'inputhealth.com'
2023-09-24 20:48:37 1qkZIY-002gsG-0D == 
6613-452-119912-590-rickm=timshel...@mail.ikariacool.co R=smarthost 
T=remote_smtp_smarthost defer (-54): retry time not reached for any host 
for 'mail.ikariacool.co'


Rick

Re: [OT] backup inmutable

2023-09-15 Thread Rick Gutierrez

On Thu, Sep 14, 2023 at 10:10 PM Paynalton  wrote:

> Hace unos anyos hice una pequenya infraestructura. Con ansible entraba
> a los equipos desde un servidor para sacar respaldos de forma
> periodica y automatizada. Estos archivos eran transferidos a un NAS
> con un repositorio GIT para versionar los cambios. Un worker tomaba
> esos respaldos y cada semana un worker lo transferia a otro NAS, el
> cual se mantenia siempre apagado y solo se encendia de forma
> automatica por ansible en una subred fisicamente separada del resto.
>
> Asi, aunque cayera un ransom, habia respaldos continuos y nada podria
> penetrar a los respaldos ya que se encontraban separados de la red.
>
> Ah, y aparte cada tres meses se hacia un respaldo mas en un medio
> fisico que se mantenia en una caja fuerte jajajaja. Paranoia al 10
> 000


Interesante, artesanal pero bien elaborado.

>

Re: upgrade to bookworm broke phpmyadmin

2023-08-24 Thread Rick Macdonald




On 8/24/23 07:53, Stefan Monnier wrote:

So, given that I purged everything and re-installed and it still didn't
work, is this indeed a packaging error? I've been running Debian for well
over 25 years (I started with a pre-release before buzz was released) and
I don't remember anything that didn't work after installing.

I don't know the history of this precise thingy, but there can be valid
reasons to install both PHP and Apache, yet not to intend to run PHP
from Apache or not in the way that `a2enmod php8.2` does (especially
given the security risks it entails).

I have a vague recollection of having to explicitly enable/activate PHP
support in Apache's config many years ago, so I believe this is not
a new requirement.


Fair enough, but if somebody installs the phpmyadmin package, which 
requires both PHP and Apache, clearly the intention is to "run PHP from 
Apache in the way that `a2enmod php8.2` does".


So, I finally found the following in 
/usr/share/doc/phpmyadmin/README.Debian:



phpmyadmin for Debian
-


USAGE

  The application will be available at http://localhost/phpmyadmin/
  after install if you use one of supported web servers (Apache and 
Lighttpd

  at time of writing this). Please note that you need to have enabled PHP
  support in your webserver (for Apache you can do this by a2enmod 
php8.2, for

  Lighttpd by lighty-enable-mod fastcgi).


I've been running phpmyadmin for years, so I can't swear I didn't 
manually enable this back in the day. I've done other Debian releases 
along the way but it never broke before.


However, I'm perfectly happy to say it's "my bad": for not scouring 
through these doc files.


Thanks again to all, I REALLY do appreciate the help!

Rick

Re: upgrade to bookworm broke phpmyadmin

2023-08-23 Thread Rick Macdonald


On 8/23/23 18:14, Dan Ritter wrote:

Rick Macdonald wrote:

Silly me though, I see I didn't actually describe the failure when I try to
connect to localhost/phpmyadmin. The browser just opens and shows the text
of the file /usr/share/phpmyadmin/index.php. Is this a clue?

That generally means that the web server -- apache2? nginx? --
does not know how to hand the .php file off to a php processor.

For apache2, you would need to install libapache2-mod-php8.2 and
then run

a2enmod php8.2

and

service apache2 restart


Bingo! That's it! Thank-you so much, Dan!

libapache2-mod-php8.2 was already installed, so I just ran a2enmod and 
restarted.


So, given that I purged everything and re-installed and it still didn't 
work, is this indeed a packaging error? I've been running Debian for 
well over 25 years (I started with a pre-release before buzz was 
released) and I don't remember anything that didn't work after installing.


Rick

Re: Actividad en archivo auth.log

On Wed, Aug 23, 2023 at 3:55 PM Camaleón  wrote:

> E
> Sólo un apunte... en la nueva versión de Debian (12) ha habido cambios
> en cómo se gestionan los registros, y son cambios GORDOTES (spoiler:
> journalctl fagocita a rsylog):
>
> 5.1.7. Changes to system logging
>
> https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#changes-to-system-logging
>
> Mira si SSHD puede verse afectado.
>
> Saludos,
>

Si así es, todo los log se fueron a journalctl, voy a ver si puedo
habilitar los log con rsyslog, hay mucha gente quejándose de esa parte en
debían 12.

> --
> Camaleón
>
> Slds --
rickygm

http://gnuforever.homelinux.com

Re: upgrade to bookworm broke phpmyadmin

2023-08-23 Thread Rick Macdonald



On 8/23/23 11:03, Michael Kjörling wrote:



I don't use roundcube any more. Would it help to uninstall it? Although, at
the moment I have only php5.6 and php8.2 installed. I'm guessing the
bookworm upgrade removed php7.x.

I imagine that uninstalling roundcube won't do anything either way.
However, if it was me, unless there was some compelling reason to keep
it I'd consider uninstalling php5.6 and seeing if that helps.

Can't really help you further at this point because I've never
installed phpmyadmin myself; sorry.



I removed or purged roundecube, squirrelmail, phpmyadmin and every php5* 
package, then reinstall phpmyadmin. No change.


Silly me though, I see I didn't actually describe the failure when I try 
to connect to localhost/phpmyadmin. The browser just opens and shows the 
text of the file /usr/share/phpmyadmin/index.php. Is this a clue?



PHP 7.2.5+ is required.Currently installed version is: ' . 
PHP_VERSION . '');
}

// phpcs:disable PSR1.Files.SideEffects
define('PHPMYADMIN', true);
// phpcs:enable

require_once ROOT_PATH . 'libraries/constants.php';

/**
  * Activate autoloader
  */
if (! @is_readable(AUTOLOAD_FILE)) {
 die(
 'File ' . AUTOLOAD_FILE . ' missing or not 
readable.'
 . 'Most likely you did not run Composer to '
 . 'https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git;>'
 . 'install library files.'
 );
}

require AUTOLOAD_FILE;

global $route, $containerBuilder, $request;

Common::run();

$dispatcher = Routing::getDispatcher();
Routing::callControllerForRoute($request, $route, $dispatcher, 
$containerBuilder);


Rick

Re: Actividad en archivo auth.log

El mié, 23 ago 2023 a las 15:18, Roberto C. Sánchez
() escribió:
>

> Ahora me doy cuenta que tu mensaje original indicó «instalación». En mi
> caso, el sistema es viejo y ha sido actualizado a bookworm a través de
> varias versions anteriores de Debian (desde hace ya muchos años). Si
> instalaste el sistema neevo, entonces seguro que todo estará debajo
> journalctl y no syslog (como dijo Camaleón).
>
es correcto , te comento que no simpatizo mucho con journalctl , creo
que es el hermano de systemd.


-- 
rickygm

http://gnuforever.homelinux.com

Re: upgrade to bookworm broke phpmyadmin

2023-08-23 Thread Rick Macdonald



On 8/22/23 03:08, Michael Kjörling wrote:

On 21 Aug 2023 20:00 -0600, fromrickm...@shaw.ca  (Rick Macdonald):

# dpkg-reconfigure phpmyadmin
Determining localhost credentials from /etc/mysql/debian.cnf: succeeded.
dbconfig-common: writing config to /etc/dbconfig-common/phpmyadmin.conf
dbconfig-common: flushing administrative password
apache2_invoke phpmyadmin: already enabled

$ dpkg -l php php8.2 phpmyadmin

Which exact version of each respective package is installed?


# dpkg -l php php8.2 phpmyadmin
Desired=Unknown/Install/Remove/Purge/Hold
| 
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version Architecture Description
+++-==-===--===
ii  php    2:8.2+93    all  server-side, 
HTML-embedded scripting language (default)
ii  php8.2 8.2.7-1~deb12u1 all  server-side, 
HTML-embedded scripting language (metapackage)
ii  phpmyadmin 4:5.2.1+dfsg-1  all  MySQL web administration 
tool



Also

$ aptitude why php8.2


# aptitude why php8.2
i   roundcube  Depends roundcube-core (= 1.6.1+dfsg-1)
i A roundcube-core Depends php
i A php    Depends php8.2

I don't use roundcube any more. Would it help to uninstall it? Although, 
at the moment I have only php5.6 and php8.2 installed. I'm guessing the 
bookworm upgrade removed php7.x.



_IF_ the version of phpmyadmin which Bookworm ships doesn't work with
the version of PHP which Bookworm ships, that's at a minimum a
packaging bug. But that would be an awfully obvious one that a lot
more people should already have run into in that case, so I'm
reluctant to assume that that's the problem. I'm more inclined to
believe that maybe you're somehow running a non-Bookworm version of
phpmyadmin which for whatever reason doesn't work with PHP 8, or for
some reason your installation of phpmyadmin is being run through a
different version of PHP. Buster and Bullseye were both PHP 7.x; which
could help explain why it worked there but not after you upgraded to
Bookworm.



 Package phpmyadmin

 * buster-backports
   <https://packages.debian.org/buster-backports/phpmyadmin>(web):
   MySQL web administration tool
   4:5.0.4+dfsg2-2~bpo10+1: all
 * bullseye (oldstable)
   <https://packages.debian.org/bullseye/phpmyadmin>(web): MySQL web
   administration tool
   4:5.0.4+dfsg2-2+deb11u1: all
 * bullseye-backports
   <https://packages.debian.org/bullseye-backports/phpmyadmin>(web):
   MySQL web administration tool
   4:5.2.1+dfsg-1~bpo11+1: all
 * bookworm (stable)
   <https://packages.debian.org/bookworm/phpmyadmin>(web): MySQL web
   administration tool
   4:5.2.1+dfsg-1: all
 * trixie (testing)
   <https://packages.debian.org/trixie/phpmyadmin>(web): MySQL web
   administration tool
   4:5.2.1+dfsg-1: all
 * sid (unstable) <https://packages.debian.org/sid/phpmyadmin>(web):
   MySQL web administration tool
   4:5.2.1+dfsg-1: all

Rick

Re: Actividad en archivo auth.log

El mié, 23 ago 2023 a las 9:54, Roberto C. Sánchez
() escribió:

> >
> En auth.log veo una gran cantidad de mensajes parecido a esto:
>
> 2023-08-23T09:48:32.417117-04:00 build01 sshd[3701736]: User root from 
> 103.81.86.208 not allow
> ed because not listed in AllowUsers
> 2023-08-23T09:48:32.685843-04:00 build01 sshd[3701736]: Received disconnect 
> from 103.81.86.208
>  port 42522:11: Bye Bye [preauth]
> 2023-08-23T09:48:32.686043-04:00 build01 sshd[3701736]: Disconnected from 
> invalid user root 10
> 3.81.86.208 port 42522 [preauth]
>
> >  auth,authpriv.*  /var/log/auth.log
> >
> Y tengo lo mismo en /etc/rsyslog.conf.
>
> Tiene que haber algo de mal con tu configuración, pero nos haría falta
> ver /etc/ssh/sshd_config y /etc/rsyslog.conf (o cualquier cosa que
> tienes debajo /etc/rsyslog.d/) para poder prestarte mejor ayuda.
>

esta es la parte de configuracion de mi sshd_config , fuera de eso no
tengo una configuracion especial ni nada.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO
LogLevel VERBOSE

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
MaxAuthTries 3
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server


lo interesante es que si hago un journalctl -u ssh , veo cantidad de
ataques conexiones a mi ssh , pero no lo registra el auth.log

Aug 23 09:16:30 relay.srv sshd[18068]: error:
kex_exchange_identification: Connection closed by remote ho>
Aug 23 10:29:18 relay.srv sshd[19783]: fatal: Timeout before
authentication for 42.51.227.67 port 25073
Aug 23 10:47:21 relay.srv  sshd[20293]: error:
kex_exchange_identification: Connection closed by remote ho>
Aug 23 11:37:39 relay.srv  sshd[21528]: error:
kex_exchange_identification: banner line contains invalid c>
Aug 23 11:37:51 relay.srv  sshd[21542]: fatal: userauth_pubkey: parse
publickey packet: incomplete message>
Aug 23 12:29:23 relay.srv sshd[22814]: fatal: Timeout before
authentication for 178.74.61.156 port 57086
Aug 23 13:07:27 relay.srv  sshd[23768]: error: maximum authentication
attempts exceeded for root from 43.1>
Aug 23 13:07:38 relay.srv  sshd[23780]: error: maximum authentication
attempts exceeded for root from 43.1>
Aug 23 15:21:28 relay.srv sshd[27144]: fatal: Timeout before
authentication for 42.225.45.222 port 46344
Aug 23 15:23:44 relay.srv sshd[27240]: fatal: Timeout before
authentication for 187.73.238.82 port 9190

Actividad en archivo auth.log

Saludos lista, alguien usando debian 12 qué pueda verificar si en el
archivo auth.log esta la actividad de las conexiones ssh, estoy revisando
una instalación qué hice y veo que no registra la actividad de las
conexiones ssh, active el loglevel a verbose y tampoco logro qué funcione?

También revise el rsyslog y veo que la línea qué refiere a la aunteticacion
esta ahí.

auth,authpriv.*  /var/log/auth.log


Alguna idea
樂
-- 
rickygm

http://gnuforever.homelinux.com

upgrade to bookworm broke phpmyadmin

2023-08-21 Thread Rick Macdonald

I've been running phpmyadmin for years. It survived the upgrade to 
bullseye about a month ago but now the upgrade to bookworm broke it.


I don't see any similar bug reports. I do see similar error messages 
around the web from over the years, but I don't expect to have to do a 
manual re-install or repair. I removed it and installed again, but the 
result is the same. My mariadb is accessible from other apps and the 
"mysql" command line program, so it's up and running. "Composer" as 
mentioned in the error message isn't something that I have installed.


PHP 8.2.7 is the default version of php.


PHP 7.2.5+ is required.

Currently installed version is: ' . PHP_VERSION . '

'); } // phpcs:disable PSR1.Files.SideEffects define('PHPMYADMIN', 
true); // phpcs:enable require_once ROOT_PATH . 
'libraries/constants.php'; /** * Activate autoloader */ if (! 
@is_readable(AUTOLOAD_FILE)) { die( '


File ' . AUTOLOAD_FILE . ' missing or not readable.

' . '

Most likely you did not run Composer to ' . '' . 'install library 
files 
<https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git>.


' ); } require AUTOLOAD_FILE; global $route, $containerBuilder, 
$request; Common::run(); $dispatcher = Routing::getDispatcher(); 
Routing::callControllerForRoute($request, $route, $dispatcher, 
$containerBuilder); 


I tried reconfigure, but I didn't select the option to "reinstall the 
database"*:


*

# dpkg-reconfigure phpmyadmin
Determining localhost credentials from /etc/mysql/debian.cnf: succeeded.
dbconfig-common: writing config to /etc/dbconfig-common/phpmyadmin.conf
dbconfig-common: flushing administrative password
apache2_invoke phpmyadmin: already enabled


Any ideas?

Rick

Re: ayuda con algo de script

2023-08-13 Thread Rick Gutierrez

On Sun, Aug 13, 2023 at 5:33 AM Camaleón  wrote:

> El 2023-08-12 a las 15:52 -0400, Rick Gutierrez escribió:
>
> 
> Si estás intentando configurar Carbonio Mesh¹, en el manual te dice que la
> contraseña para esa orden la toma de un archivo accesible por root:


Si es carbonio mesh


>
> 
> To complete Carbonio Mesh installation, run
>
> pending-setups -a
>
> Hint
>
> The secret needed to run the above command is stored in file
> /var/lib/service-discover/password, which is accessible only by the
> root user.
> 
>
> Quizá puedas trabajar con esa variable (me parece que en ese archivo no
> está cifrada²), ahora bien, la cuestión es si la orden acepta parámetros
> o espera simplemente leer el contenido de un archivo.
>
> Quizá en los foros de la aplicación (si se trata de esa, claro) te puedan
> indicar mejor sobre cómo hacer lo que buscas (automatizar la orden de
> configuración):
>
> https://community.zextras.com/forum/carbonio-setup/
>
> 
>
> ¹https://docs.zextras.com/carbonio/html/multi-server-installation.html
> ²
> https://docs.zextras.com/carbonio-ce/html/common/carbonio/mesh/credentials.html
>
> Saludos


Lo haré miraré en los foros, mientras estoy intentando con Expect.
-- 
rickygm

http://gnuforever.homelinux.com

Re: ayuda con algo de script

El sáb, 12 ago 2023 a las 21:20, Zeque () escribió:
>
> Hola!
> No debe soportar tomar datos por STDIN, lo que podes hacer, asumiendo que -a 
> espera la clave como argumento
> pending-setups -a $(echo $passwordcluster)
> Es una variable de reemplazo, el resultado del comando lo pasa como argumento.
>

lo he probado tal como lo enviaste, pero siempre me pide el password
en el pront.

#!/bin/bash
cd /root
passwordcluster="c6966f49d0c6ca09"
pending-setups -a $(echo $passwordcluster)

cuando lo corro, me salta pidiendo el password

Insert the cluster credential password:





http://gnuforever.homelinux.com

Re: ayuda con algo de script

El sáb, 12 ago 2023 a las 21:08, Ramses () escribió:
>

> >
> >
>
> Usa Expect.
>
>
> Saludos
>

creo que expect podria hacer el trabajo , es la primera vez que
escucho de el , vere la documentacion , gracias a todos x los
comentarios.

-- 
rickygm

http://gnuforever.homelinux.com

Re: ayuda con algo de script

El sáb, 12 ago 2023 a las 16:11, Fran Torres
() escribió:
>
> Buenas,
>
>
> tras leer y releer varias veces el mail, me he quedado igual.
>
>En esas líneas que has puesto, no veo el script por ninguna parte.

perdon , solo puse un pedazo de script , lo estoy probando x separado
(un extracto) :)

>
> solo veo un comando (cd /root), veo que creas una variable
>
> passwordcluster="password"
>
> y por último, veo que llamas a la variable con un comando echo (que la
> muestre (echo $passwordcluster) para luego pasarle una pype a
> pending-setups -a

ya lo he probado de esa manera anteriormente y siempre se queda en la
espera del password.

Insert the cluster credential password:

>
>
>con esas tres cosas, la verdad no me queda claro que quieres hacer...
>
> no sé si lo más correcto podría ser algo como esto:
>
>
> #!/sbin/bash
>
> #entiendo que debería ser algo como esto...
>
>
> passwordcluster="password"
>
> pending-setups -a $passwordcluster
>
> #fin del script
>
>
> O por el contrario, si lo que quieres es ejecutar a mano esa cosa y
> pasarle por script el password, entonces creo que podría ser algo como esto:
>
>
> #!/sbin/bash
>
> #posible script
>
> passwordcluster="password"
>
> echo $passwordcluster
>
>
> Y luego, en la terminal...
>
> pending-setups -a < password.sh

no es la idea que busco , aqui es como depender de otros ficheros.

>
>
> Recuerda que todo script debe ir precedido en la primera línea por el
> shell que lo va a ejecutar:
>
> #!/bin/bash
>
> #!/sbin/bash
>
> #!/bin/sh...
>
> cualquier shell que sea el que utilices
>
> y al finalizar, el fichero debe tener permisos de ejecución. De lo
> contrario, no será más que un mero fichero de texto.
>
>
> Fran.
>

como decia es un extracto del script lo que pegue , pero aun asi no
logro pasarle el password por la variable siempre o me pregunta o me
envia el mensaje anterior del primer correo.



-- 
rickygm

http://gnuforever.homelinux.com

ayuda con algo de script

hola lista, estoy instalando un herramienta que la quiero automatizar
con un script , hay un paso donde me pregunta el password para un
servicio y quiero agregar una variable que lleva el password , pero no
me lo acepta:

cd /root
passwordcluster="c6966f49d0c6ca09"
echo $passwordcluster | pending-setups -a

, cuando ejecuto ese pedazo de script me da este mensaje

Insert the cluster credential password: service-discover: error: the
provided file descriptor (0) is not a terminal
Cannot access to bootstrap token

alguna idea q estoy haciendo mal?



-- 
rickygm

http://gnuforever.homelinux.com

Re: gnome-schedule gone from bullseye and bookworm

2023-07-16 Thread Rick Macdonald





On 2023-07-14 16:26, songbird wrote:

   here's the removal bug for more details:

   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808060



BTW, for anybody interested, I found a simple Tcl-based cron/at GUI: 
vcron. No binaries (but requires Tcl/Tk installed) and the tar file is 
set up to put the files into /usr/local/{bin,lib}.


Rick

gnome-schedule gone from bullseye and bookworm

2023-07-14 Thread Rick Macdonald

I fell behind with my major upgrades, and just upgraded from buster to 
bullseye (soon to be followed by bookworm).


I've been using gnome-schedule, a simple cron GUI, for quite some time 
now but it seems to be gone. The upgrade REMOVED it, as shown below. 
Strange thing is, searching the web site I can't even find the old 
buster gnome-schedule package that I had.


What happened to it? Is there an alternative GUI?


The following packages will be REMOVED:
...
  gnome-schedule inkscape kodi kodi-data lib32stdc++-8-dev 
libgfortran-8-dev libmailutils5 libodbcinstq4-1:i386 libphonon4 
libqscintilla2-qt4-13 libqt4-dbus libqt4-dbus:i386

...


Thanks

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Rick Thomas

That seems to have worked (I think)...

On Thu, Jun 22, 2023, at 7:34 AM, Andrew M.A. Cater wrote:
 snip 
> It might be worth looking at precisely what is not installed / removed
> dpkg -C will give you what needs configuring if anything, I think.
>
> I had a similar experience with upgrading Debian WSL - in the end, I 
> found that temporarily removing default-jre-?? helped.
>
> That allowed me to upgrade the system and then to reinstall the JRE.
>
> I think the versions of the Java runtime environment have changed very
> significantly, hence the problem.

What I did was run "dpkg -C" to get a list of problematical packages, which I 
then purged.
aptitude -PVv  purge default-jre openjdk-17-jre:arm64 
openjdk-17-jre-headless
I saved the list of all packages being removed (including several not in the 
original list but removed for dependency reasons).

The purge ran without incident.  I was then able to do "apt-get upgrade" which 
ran to completion without complaint.

I then re-installed all the packages that had previously been removed.  This 
ran without incident, as did "apt-get upgrade" following.

I believe the only thing I've lost at this point is knowledge of which of the 
re-installed packages were originally "auto-installed" due to depends or 
recommends .

I hope this report helps the next person with this kind of problem.  I know I 
learned a lot!

Thanks very much to Andy, Jeff and Sven for all their help!
Rick

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Rick Thomas

Thanks, Jeff!

On Thu, Jun 22, 2023, at 12:04 AM, Jeffrey Walton wrote:
> On Thu, Jun 22, 2023 at 2:49 AM Rick Thomas  wrote:
 snip 
>> In this case, the package is already installed.
>> Unfortunately when I try to reinstall it, I get:
>>
>> rbthomas@pi:~$ sudo -i  apt-get install --reinstall ca-certificates-java
>> Reading package lists... Done
>> Building dependency tree... Done
>> Reading state information... Done
>> 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
>> 4 not fully installed or removed.
>> After this operation, 0 B of additional disk space will be used.
>> E: Internal Error, No file name for ca-certificates-java:arm64
>> rbthomas@pi:~$
>>
>> Any idea that that even means?
>
> I would probably try this next:
> sudo apt-get -f install && sudo dpkg -a --configure
> If that doesn't help, then I am out of ideas.

Sadly, that didn't work.
Do you (or anyone else on the list) have any idea what this message means?
"E: Internal Error, No file name for ca-certificates-java:arm64"

In particular, what directory might contain the file 
ca-certificates-java:arm64. And what does "no filename for..." mean in this 
context?

Thanks!
Rick

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Rick Thomas

On Wed, Jun 21, 2023, at 9:21 PM, Jeffrey Walton wrote:
> On Thu, Jun 22, 2023 at 12:15 AM Rick Thomas  wrote:
>>
>> I have a Raspberry Pi that is running Debian (*not* Raspbian) that I just 
>> upgraded from Bullseye => Bookworm.
>>
>> Following the upgrade whenever I try to install the latest upgrades, I get 
>> errors (see attached transcript).
>>
>> Can anybody see what I've done wrong?  Or what I can do to fix it?
>>
>> I'm not a java user myself, though I suspect there are java programs are 
>> used by programs that I use at the command-line level.   Would it be 
>> possible to simply "purge" the affected packages?
>>
>> Thanks for any help you can give me to get this machine back in operation!
>
> The first command I would run is:
>
>apt-get install ca-certificates-java
>
> If the package is already installed (I can't tell; it looks like
> install may have failed), then:
>
>apt-get install --reinstall ca-certificates-java
>
> If apt-get fails, then I would move on to dpkg.
>
> Jeff

Thanks, Jeff!
In this case, the package is already installed.
Unfortunately when I try to reinstall it, I get:

rbthomas@pi:~$ sudo -i  apt-get install --reinstall ca-certificates-java
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
4 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
E: Internal Error, No file name for ca-certificates-java:arm64
rbthomas@pi:~$ 

Any idea that that even means?

Thanks!
Rick

Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-21 Thread Rick Thomas

I have a Raspberry Pi that is running Debian (*not* Raspbian) that I just 
upgraded from Bullseye => Bookworm.

Following the upgrade whenever I try to install the latest upgrades, I get 
errors (see attached transcript).

Can anybody see what I've done wrong?  Or what I can do to fix it?

I'm not a java user myself, though I suspect there are java programs are used 
by programs that I use at the command-line level.   Would it be possible to 
simply "purge" the affected packages?

Thanks for any help you can give me to get this machine back in operation!

Rick

transcript
Description: Binary data

Re: VirtualBox key is store in deprecated legacy keyring

2023-06-20 Thread Rick Thomas

On Mon, Jun 19, 2023, at 8:27 PM, Jeffrey Walton wrote:
> On Mon, Jun 19, 2023 at 11:15 PM Rick Thomas  wrote:
>>
>> Now when I do "apt update" I get this message:
>> .W: 
>> https://download.virtualbox.org/virtualbox/debian/dists/bullseye/InRelease: 
>> Key is stored in legacy trusted.gpg
>>keyring (/etc/apt/trusted.gpg), see the DEPRECATION section 
>> in apt-key(8) for details.
>> Has anybody else seen this?  If so, what did you do?  And did it help?

> I _think_ the key should be stored in its own file under
> /etc/apt/trusted.gpg.d. Maybe something like
> /etc/apt/trusted.gpg.d/virtual-box.gpg.

This squares with what I get from RTFM, and I'm glad to hear the confirmation, 
but...
Where can I get the text to put into /etc/apt/trusted.gpg.d/virtual-box.gpg ?  
Currently the key seems to be part of /etc/apt/trusted.gpg.  Is there some way 
to use apt-key to extract that part of it?  If not, I forget where I got the 
original from (somewhere on the Oracle website, I guess?)  Can someone point me 
in the right direction?

> Also see https://wiki.debian.org/SecureApt:

Thanks!
Rick

Ethernet device names change Bullseye => Bookworm. How to assign unchanging name to device?

2023-06-20 Thread Rick Thomas

I've been upgrading my machines Bullseye => Bookworm recently.  In a few of 
these upgrades, the name of the ethernet device changed.  (E.g. enP2p32s15f0 => 
enP2p0s15f0)  This required changes to /etc/network/interfaces in order to 
start up the interface.

This is only a minor inconvenience (though it may require me to take a drive 
out 30 miles to the location where a few of these machines reside -- no 
problem, it's a beautiful drive!)

However, I seem to remember that once upon a time there was a way to get (I 
think it involved udev) the system to assign an arbitrary name (e.g. (enet0") 
to a given interface based on something that doesn't change when the 
firmware/driver gets upgraded. For example, the MAC address for an Ethernet 
interface would be a good basis.

The trouble is that it was a while ago and I can't remember how to do that?

Any hints will be appreciated.  Pointers to documentation on the subject would 
be especially helpful!

Thanks in advance!
Rick

VirtualBox key is store in deprecated legacy keyring

2023-06-19 Thread Rick Thomas

I recently upgraded one of my Debian Bullseye machines to Bookworm.  The 
machine's main purpose is to run Virtualbox to allow me to experiment on 
disposable VMs rather than real hardware.

Now when I do "apt update" I get this message:
.W: 
https://download.virtualbox.org/virtualbox/debian/dists/bullseye/InRelease: Key 
is stored in legacy trusted.gpg
   keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in 
apt-key(8) for details.

I've thoroughly RTFM in search of a clue as to how to fix this, but I can't 
figure out what I'm supposed to do.

Has anybody else seen this?  If so, what did you do?  And did it help?

Thanks in advance!
Rick

PS: As an aside,  it appears that the VirtualBox developers at Oracle waited 
until Bookworm was officially released before they started working on getting a 
bookworm version of their software, so I'm still using the Bullseye version -- 
which seems to work fine.  Presumably, fixing this problem would be one of the 
things they might want to do before releasing a new version...  (One can hope, 
anyway...)  Would it be worth filing a bug-report to Oracle?  If so, does 
anyone know how to do that?

Re: disk usage for /usr/lib on bullseye

2023-05-01 Thread Rick Thomas

On Mon, May 1, 2023, at 11:14 AM, Bret Busby wrote:
> On 2/5/23 02:06, David Christensen wrote:
>> On 5/1/23 06:51, Bonno Bloksma wrote:
>>> Hi,
>>>
>>> On my "new" Bullseye machines the root volume starts to fill up. The 
>>> cause seems to be the /usr/lib folder.
>>> On my older Buster (10.13) machine the total /usr directory is 701M, 
>>> the /usr/lib folder is 260M
>>> In my /usr/lib folder on Buster is NO /usr/lib/modules folder
>>>
>>> On my Bullseye machines the /usr/lib folder is 2+GB on the machines 
>>> that have been operating for a while and 1+G on a machine that has 
>>> been operating for a shorter while.
>>>
>>> The cause seems to be the folder /usr/lib/modules#
>>> linams:/usr/lib/modules# du * -sh
>>> 4.7M    5.10.0-10-amd64
>>> 4.7M    5.10.0-11-amd64
>>> 4.7M    5.10.0-12-amd64
>>> 4.7M    5.10.0-13-amd64
>>> 4.7M    5.10.0-15-amd64
>>> 4.7M    5.10.0-16-amd64
>>> 309M    5.10.0-18-amd64
>>> 309M    5.10.0-19-amd64
>>> 309M    5.10.0-20-amd64
>>> 309M    5.10.0-21-amd64
>>> 309M    5.10.0-22-amd64
>>> 4.7M    5.10.0-7-amd64
>>> 4.7M    5.10.0-8-amd64
>>> 4.7M    5.10.0-9-amd64
>>>
>>> And
>>> linutr:/usr/lib/modules# du * -sh
>>> 4.7M    5.10.0-16-amd64
>>> 4.7M    5.10.0-17-amd64
>>> 309M    5.10.0-18-amd64
>>> 309M    5.10.0-19-amd64
>>> 309M    5.10.0-20-amd64
>>> 309M    5.10.0-21-amd64
>>>
>>> And
>>> lola:/usr/lib/modules# du * -sh
>>> 4.7M    5.10.0-13-amd64
>>> 4.7M    5.10.0-19-amd64
>>> 309M    5.10.0-20-amd64
>>> 309M    5.10.0-21-amd64
>>> 309M    5.10.0-22-amd64
>>>
>>> Guessing on what I see these are libraries for older kernel versions. 
>>> I usually clean up older kernel versions by using
>>> # apt autoremove"
>>> All 3 servers have 1 older kernel version installed according to apt 
>>> autoremove.
>>>
>
> Have you tried running also
> apt autoclean
> and
> apt purge
> ?
>
> -- 
> ..
> Bret Busby
> Armadale
> West Australia
> (UTC+0800)
> ..

Another thing I usually do after doing an "apt upgrade" that installs a new 
kernel is:
aptitude -P purge '~o'
aptitude -P purge '~c'

The "-P" tells aptitude to ask permission before actually deleting anything.

Rick

what do I need to add to my sources.list for the new non-free-firmware repository?

2023-01-31 Thread Rick Thomas

I've got a couple of Debian systems that (for various reasons) are running 
"testing" or "sid".  I recently did
 apt update && apt upgrade && aptitude search '~o'
on these machines and found that a number of firmware packages are considered 
"obsolete", presumably because they are no longer in any of the repositories 
listed in sources.list.

So what do I need to add to my sources.list file to get them back now?

Here's what I see:

root@kmac:~# aptitude search '~o'
i A  firmware-amd-graphics - Binary firmware for 
AMD/ATI graphics chips
i firmware-linux - Binary firmware 
for various drivers in the Linux kernel (metapackage) 
i A  firmware-linux-nonfree  - Binary firmware for 
various drivers in the Linux kernel (metapackage) 
i A  firmware-misc-nonfree  - Binary firmware for 
various drivers in the Linux kernel   
root@kmac:~# 

Any thoughts?
Rick

Re: PowerBook G4 OS

2023-01-12 Thread Rick Thomas




On Wed, Jan 11, 2023, at 1:02 PM, Bob Crochelt wrote:
> On Wed, Jan 11, 2023 at 09:59:48AM +0100, didier gaumet wrote:
>> Le mardi 10 janvier 2023 à 16:32 -0800, Bob Crochelt a écrit :
>> > > 
>> > Thanks to all who replied.  I appreciate the help and advice.  Think
>> > I
>> > will just sit tight with the system, as it works fine for what I
>> > need:
>> > email, a little (slow surfing) and some note writing.
>> > 
>> > I imagine you have saved me many hours of frustration.
>> > 
>> > Regards
>> > Bob Crochelt
>> 
>> Hello,
>> 
>> That would leave you with unmaintained software, though, with obvious
>> risks accessing the internet (web, mail, etc...)
>> 
>> Debian port for a Powerbook G4 is unofficial and I don't know the
>> actual state of this port.
>> 
>> NetBSD, OpenBSD and FreeBSD all seem to have an active and official
>> port for the PowerPC G4.
>> 
>>
> Thanks for this information.  I was aware that Jessie is not maintained;
> that was the reason for my inquiry.  I will look into your suggestions
> Regards
> Bob Crochelt

What I have isn't a powerbook, it's a PowerMac G4 Silver, which may or may-not 
make a difference.
In any case, it runs fine on "sid".  Here's what /proc/cpuinfo says about it:

processor   : 0
cpu : 7410, altivec supported
temperature : 35-37 C (uncalibrated)
clock   : 533.32MHz
revision: 1.3 (pvr 800c 1103)
bogomips: 66.58

timebase: 33290001
platform: PowerMac
model   : PowerMac3,4
machine : PowerMac3,4
motherboard : PowerMac3,4 MacRISC2 MacRISC Power Macintosh
detected as : 69 (PowerMac G4 Silver)
pmac flags  : 00000010
L2 cache: 1024K unified
pmac-generation : NewWorld
Memory  : 1536 MB

And "uname -a" says:

Linux dillserver 6.0.0-6-powerpc #1 Debian 6.0.12-1 (2022-12-09) ppc 
GNU/Linux

Rick

Re: Will my reconstructed fstab work?

2022-11-03 Thread Rick Thomas

Sorry to hear of your mishap, Ken ...
In regards to possibly making your system un-bootable, I have two suggestions:
1) First make a backup of everything ASAP! (and make plans for frequent regular 
backups into the future)
2) Always remember that you can boot from the Bullseye install DVD (or USB 
stick, or whatever) and go into "rescue mode".  From there you can chroot (it's 
one of the menu options) into the root partition and fix whatever problems you 
encounter with the fstab.

If you run into problems with either of those, you can always come back to the 
list with questions.

Good luck! and I hope that helps!
Rick

On Wed, Nov 2, 2022, at 9:52 PM, Ken Heard wrote:
> A few days ago using vim I added to my desktop fstab file a line for a 
> new portable storage device.  in the process I somehow managed to screw 
> up fstab.  Unfortunately I saved the screwed up version of fstab before 
> I noticed the damage done to it.
>
> As I had no fstab backup  -- to correct later -- I had to reconstruct 
> fstab using the information produced by blkid for the missing UUIDs.   I 
> think the reconstruction is correct, but I have since been afraid to 
> close the computer if because of a faulty fstab I would be unable to 
> reopen it
>
> I would consequently appreciate help in verifying  the essential fstab 
> lines, numbered 11-20 in the reconstructed fstab quoted below and 
> thereby assuage my reopening fears.  (Lines 26-40 relating to portable 
> storage devices I checked myself; they all work.)
>
> Basic Information:  two internal hard drives, /dev/sda and /dev/sdb, 
> each divided into two small partitions of equal size.  Sda1 is used for 
> /boot/efi, lines 13 and 15. Partition sdb1, line 17, is currently 
> unused; in time I will copy to it what is in sda1.  Partitions sda2 and 
> sdb2 form a RAID1, with the five LVM partitions listed in lines 11, 18, 
> 19 and 20.  Operating system is Debian Bullseye.
>
> If anybody in interested, following the reconstructed fstab  quoted 
> below is quoted further below how the fsab looked right after the screw 
> up.
>
> 01 # /etc/fstab: static file system information.
> 02 #
> 03 # Use 'blkid' to print the universally unique identifier for a
> 04 # device; this may be used with UUID= as a more robust way to name 
> devices
> 05 # that works even if disks are added and removed. See fstab(5).
> 06 #
> 07 # Systemd generates mount units based on this file, see systemd.mount(5).
> 08 # Please run 'systemctl daemon-reload' after making changes here.
> 09 #
> 10 #
> 11 /dev/mapper/Morcom-ROOT /   ext4errors=remount-ro 0 1
> 12 # /boot/efi was on /dev/sda1 during installation
> 13 UUID=3020-1029  /boot/efi   vfatumask=0077  0   1
> 14 # /dos was on /dev/sda1 during installation
> 15 UUID=3020-1029  /dosvfatutf80   0
> 16 # /dos2 was on /dev/sdb1 during installation
> 17 UUID=2AF2-0A16  /dos2   vfatutf80   0
> 18 /dev/mapper/Morcom-HOME_crypt /home   ext4defaults 0   2
> 19 /dev/mapper/Morcom-VAR /varext4defaults0   2
> 20 /dev/mapper/Morcom-SWAP_crypt noneswapswap  0   0
> 21 /dev/sr0/media/cdrom0   udf,iso9660 user,noauto 0   0
> 22 tmpfs  /tmptmpfs   nodev,nosuid,size=20%   0   0
> 23 UUID=c577-7f18-4443-a77b-c5827f977449 /media/fdr ext2 
> user,noauto,noatime 0  0
> 24 UUID=33cebfb3-b568-493f-853b-e1b7ca5cc3a2 /media/fde ext2 
> user,noauto,noatime  0 0
> 25 # -e8b57fb2ac09/media/ssda ext4user,npauto,noatime 0   > 0
> 26 UUID=la449167-8497-4471-ae0c-e8b57fb2ac09 /media/phda ext4 
> user,noauto,noatime 0 0
> 27 UUID=0fee2d01-2441-4699-a4ae-bb45c417b8ee /media/ssda ext4 
> user,noauto,noatime 0 0
> 28 UUID=e26255ab-e6c5-4bcd-941c-7378b7cf4083 /media/ssdb ext4 
> user,noauto,noatime 0 0
> 29 UUID=3DB1-1700 /media/fdg  vfatuser,noauto,noatime 
> 0   0
> 30 UUID=5966-5502 /media/fdp  vfatuser,noauto,noatime 
> 0   0
> 31 UUID=1170-1657 /media/hca  vfatuser,noauto,noatime 
> 0   0
> 32 UUID=0E0A-0F26 /media/hcb  vfatuser,noauto,noatime 
> 0   0
> 33 UUID=1E82-122E /media/hcc  vfatuser,noauto,noatime 
> 0   0
> 34 UUID=1D1F-1032  /media/xca exfat   user,noauto,noatime 
> 0   0
> 35 UUID=1909-1458 /media.xcb  exfat   user,noauto,noatime 
> 0   0
> 36 UUID=6238-3434 /media/xcc  exfat   user,noauto,noatime 
> 0   0
> 37 UUID=206F-163F /media/xcd  exfat   user,noauto,noatime 
> 0

Re: Docker

2022-10-07 Thread Rick Gutierrez

Gracias x compartir.

El El vie, 7 de oct. de 2022 a la(s) 07:26, Fernando Romero <
ffrcaraba...@gmail.com> escribió:

> Hola como están, les dejo el link de un curso completo de docker.
> Me pareció interesante compartirlo ya que hay ejemplos prácticos con
> Debian y varios servicios.
>
> Saludos
>
> https://youtube.com/playlist?list=PLu_htiBDhr8EpdB_xYvWGceFVpWGK8DkR
>
> --
rickygm

http://gnuforever.homelinux.com

Re: failure trying to install bullseye on Cubox-i

2022-07-17 Thread Rick Thomas

On Sun, Jul 17, 2022, at 6:37 PM, Rick Thomas wrote:
> I'm experimenting with installing Bullseye on a Cubox-i4Pro I keep 
> around for testing purposes.
>
> I followed the instructions at:
> 
> 
> http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/SD-card-images/README.concatenateable_images
>
> Then I dd'ed the resulting complete image onto an 8GB microSD card, 
> which I then inserted into the microSD slot in the Cubox-I.  When I 
> applied power, I got the attached log on the serial console.
>
> Does anyone know what I'm doing wrong?  Is this a bug in the installer? 
>  If so, what's the best way for me to volunteer to help as a tester in 
> debugging it.
>
> Rick
> Attachments:
> * screenlog

In case it helps, the two components I used in this experiment are:


http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/20210731+deb11u4/images/netboot/SD-card-images/firmware.MX6_Cubox-i.img.gz

and


http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/20210731+deb11u4/images/netboot/SD-card-images/partition.img.gz

On the web page, these files are dated 2022-07-05 15:57 .

Any clues are appreciated!
Rick

failure trying to install bullseye on Cubox-i

2022-07-17 Thread Rick Thomas

I'm experimenting with installing Bullseye on a Cubox-i4Pro I keep around for 
testing purposes.

I followed the instructions at:

http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/SD-card-images/README.concatenateable_images

Then I dd'ed the resulting complete image onto an 8GB microSD card, which I 
then inserted into the microSD slot in the Cubox-I.  When I applied power, I 
got the attached log on the serial console.

Does anyone know what I'm doing wrong?  Is this a bug in the installer?  If so, 
what's the best way for me to volunteer to help as a tester in debugging it.

Rick

screenlog
Description: Binary data

Re: OT, Recommendation for low cost laptop

2022-07-17 Thread Rick Thomas

On Sun, Jul 17, 2022, at 1:59 PM, Charlie Gibbs wrote:
> On Sun Jul 17 09:16:57 2022 Dekks Herton  wrote:
>
>  > john doe  writes:
>  >
>  >> I'm comtemplating buying a Pinebook pro but I'm not sure if this is
>  >> better then buying a Windows laptop and putting linux on it.
>  >>
>  >> I'm looking for something cheap (max would be around 300 bucks),
>  >> do you have any suggestions/ideas?
>  >
>  > 2nd hand Thinkpad off ebay, craigslist etc, likely easy to upgrade and
>  > certainly straightforward to install linux.
>
> Another place to look is your local laptop store.  My current laptop,
> as well as its predecessor, are refurbished ThinkPads I bought there
> for about $300.  They run Linux just fine.

Or ask your neighbors.  Due to Covid, a lot of people are replacing their 
Windows or Mac machines so they can run Zoom and other "community building 
while isolated" apps.  Most of them don't bother with looking for a good 
trade-in deal, and have the old computer lying around doing nothing.  If you 
let it be known that you will take it of their hands, upgrade it to run modern 
software (like Linux) and make it available to charities in the area, often 
they will donate it to you for free.  

Anyway, that's how I do it...
Rick

Re: Alternatives to ISC dhcp-client ?

2022-05-08 Thread Rick Thomas

On Sat, May 7, 2022, at 7:47 PM, Rick Thomas wrote:
> According to the ISC webpage:
>
>> ISC has ended development on the ISC DHCP client as of early 2022.
>> This client implementation is no longer maintained and should not be
>> used in production any longer.
>
> Can anybody recommend a good replacement?
> Does anybody know what the Debian PTBs are planning for this?
>
> Thanks!
> Rick

Does anybody know what the Debian developers plan to do about this change of 
policy by ISC?  I have a feeling it's going to be a problem that will have to 
be faced reasonably soon.

Rick

Re: Alternatives to ISC dhcp-client ?

2022-05-08 Thread Rick Thomas




On Sat, May 7, 2022, at 9:37 PM, Jeremy Ardley wrote:
> On 8/5/22 11:27 am, Rick Thomas wrote:
>> Thanks for the heads up!
>> Can you describe in detail what one needs to do in order to switch over?
>> I.e. what to remove, what to install?  What to configure?
>
> This is a recent blogpost of mine showing a more complex installation 
> including IPv6 delegation. If you just do the bits that refer to IPv4 it 
> should still work.
>
> https://jeremyardley.blogspot.com/2022/04/configuring-systemd-networkd-with.html
> Jeremy

Thanks!
Rick
PS:  I'll also do the IPv6 part, because I'm interested in that too.

Re: Alternatives to ISC dhcp-client ?

On Sat, May 7, 2022, at 8:19 PM, Jeremy Ardley wrote:
> On 8/5/22 11:14 am, Jeremy Ardley wrote:
>>
>>
>> You can just use systemd-networkd as an IPv4 dhcp client.
>>
>>
>
> Of note: Using systemd-networkd you should not use NetworkManager or 
> networking services. I think both use the ISC dhcp client
>
> Of further note, I moved to systemd-networkd precisely because the ISC 
> dhcp client was badly behaved, and no-one at ISC seemed interested in 
> fixing it.

Thanks for the heads up!
Can you describe in detail what one needs to do in order to switch over?  I.e. 
what to remove, what to install?  What to configure?

Thanks!
Rick

Re: Alternatives to ISC dhcp-client ?

On Sat, May 7, 2022, at 8:14 PM, Jeremy Ardley wrote:
> On 8/5/22 10:47 am, Rick Thomas wrote:
>> ISC has ended development on the ISC DHCP client as of early 2022.
>>> This client implementation is no longer maintained and should not be
>>> used in production any longer.
>> Can anybody recommend a good replacement?
>>
>
> I presently use systemd-networkd which provides its own DHCP v4 and v6 
> clients, and servers if you want.
>
> In my network my dual homed router acts as a dhcp client to the ISP and 
> gets an IPv4 address and is delegated an IPv6 /56 range.
>
> You can just use systemd-networkd as an IPv4 dhcp client.
> Jeremy

Is systemd-networkd automatically installed by Debian?

I ask because my "testing" and "stable" systems all show isc-dhcp-client as 
installed and running.

Thanks!
Rick

Alternatives to ISC dhcp-client ?

According to the ISC webpage:

> ISC has ended development on the ISC DHCP client as of early 2022.
> This client implementation is no longer maintained and should not be
> used in production any longer.

Can anybody recommend a good replacement?
Does anybody know what the Debian PTBs are planning for this?

Thanks!
Rick

Re: Networking book recommendation

You might want to take a look at "Computer Networks" by A.S. Tanenbaum and D.J. 
Wetherall.  It's available for free online at 

https://docs.google.com/viewer?a=v=sites=ZGVmYXVsdGRvbWFpbnxza21pbmh8Z3g6NjQxMTI2MmYxMTAwZmNjZQ

Or you can buy a copy from your local bookseller.

Enjoy!
Rick

Re: Debian 11 on old Macbook

2021-11-25 Thread Rick Thomas

Hold down the  key when you turn the machine on.  Hold it until the  
finishes.  You should see a menu of possible boot disks.  Pick one that has a 
penguin on it.

Hope that helps!
Rick

On Wed, Nov 24, 2021, at 11:11 AM, David Wright wrote:
> On Wed 24 Nov 2021 at 14:59:09 (+0100), fran...@libero.it wrote:
>> I installed Debian 11 (386) on a 2009 Macbook Pro 13 "(5.5).
>> 
>> The installation did not give me any problems except it did not detect wifi 
>> card and touchpad, but I was connected with ethernet and used an external 
>> mouse, so the whole process ended.
>> 
>> During the installation phase of Grub I only chose the hd that appeared in 
>> the window and did all the installer.
>> 
>> I enclose photos of the subdivision that the installer did. I only chose to 
>> install Debian on a partition that I had left empty choosing partitions / 
>> and home Unfortunately Debian does not appear on reboot and neither does 
>> Grub, but Mac OS (Snow Leopard) starts immediately How can I solve this 
>> problem?
>> 
>> If I reinstall using AMD64 instead, what can be the right suggestions to 
>> install Grub in the right place to reboot with it?
>
> You don't mention anything about how you boot. From my great
> experience of Macs (watching people use them in the last
> century), I'm guessing you might have to hold down some key
> while you boot. That's not just for dual-booting (certainly
> not, 30 years ago), but for doing various Mac-ish things,
> so it should be documented somewhere.
>
> Also there were threads here, in late August, about booting Macs.
>
> Cheers,
> David.

Re: disco hot swap

2021-10-20 Thread Rick Gutierrez

El mar, 19 oct 2021 a las 23:43, Camaleón () escribió:
>
>
> Se puede (hay soporte) pero que funcione correctamente es distinto. Yo
> por desconexión en caliente entiendo poder quitar el disco sata sin más
> pasos, es decir, sin tener que ejecutar órdenes previas.
> El problema es que para que eso fucnione debe de existir una armoniosa
> sucesión de circunstancias y eventos que no siempre se dan:
>
> 1. Que el disco duro sata admita hotswap (y lo aplique correctamente)
> 2. Que la controladora sata admita hotswap (y lo aplique correctamente)
> 3. Que el cable sata admita hotswap (y lo aplique correctamente)
> 4. Que el chasis (la cabina de discos) admita hotswap (y lo aplique
> correctamente)
> 5. Que el kernel admita hotwsap
> 6. Que el epacio del usuario admita hotwasp
> n. Etc...
>
> Mi experiencia personal es que no funciona bien, al menos directamente,
> es decir, como sucede con una conexión USB, sin hacer nada (o pocas
> cosas) de manera previa.
>
> En mi equipo de trabajo, con discos que «supuestamente» admiten
> hotswap, si extraigo el disco de su cabina sin más, el kernel se
> queja.
>
> En los servidores, con controladora hardware raid y niveles 1 y 5
> definidos, cuando un disco se cae de la matriz, el sistema sigue
> funcionando y el volumen de datos sigue disponible pero el kernel se
> queja como un cochinillo, el registro se vuelve muy verboso alertando
> de que falta un miembro de la matriz y el sistema se ralentiza en
> exceso. Es mejor reconstruir el raid cuanto antes.
>

bueno os comento un poco en lo que estoy planeando , es una política
de la empresa sacar copias de los backup en un medio, que no sea
"cinta", hemos estado planeando
hacer una cabina clon (partes de calidad) , donde podamos tener discos
hot swapp y la capacidad de sacar  esos discos y poder reconstruir
los raid por software (script automatizados) sin que halla perdida de
datos.

pero si no habia leido que linux puede petar por el kernel, aunque he
visto que freebsd puede hacer la tarea.

espero sus comentarios.



-- 
rickygm

http://gnuforever.homelinux.com

disco hot swap

2021-10-19 Thread Rick Gutierrez

hola lista , posteo una duda que no he logrado de quitar , al dia de
hoy en linux no se puede tener hot swap , estoy queriendo armar una
cabina de discos hot swap y poder quitar y meter discos en caliente.

alguien con mas experiencia en este tema.

-- 
rickygm

http://gnuforever.homelinux.com

Re: "Proper" filesystem for Debian installed on a flash drive

2021-09-30 Thread Rick Thomas

On Thu, Sep 30, 2021, at 6:02 PM, Nate Bargmann wrote:
> * On 2021 30 Sep 15:15 -0500, Marco Möller wrote:
>> SUMMARY:
>> I never observed problems with ext4 on my since 4 years heavily used USB
>> pen-drive.
>> 
>> Good Luck!
>> Marco
>
> Thanks Marco!
>
> That is a very useful review of your experience.  Your taking the time
> to write it up is greatly appreciated.
>
> - Nate

Marco,  would you be kind enough to share the manufacturer and other specs of 
your USB pen drive?

Thanks!
Rick

Re: Always run apt update before clicking on synaptic ?

2021-08-15 Thread Rick Thomas

Synaptic has a button to (essentially) run "apt update"  It's in the upper left 
corner of the window and labeled "Reload" and if you hover over it, it says 
"reload the package information to become informed about new, removed or 
upgraded software packages".

HTH!
Rick

Re: Help: explanation of secure flash?

2021-07-06 Thread Rick Thomas




On Tue, Jul 6, 2021, at 5:43 PM, Rick Thomas wrote:
> On Tue, Jul 6, 2021, at 3:37 PM, rhkra...@gmail.com wrote:
> > I've seen warnings (against hacks) that say (among other things) to enable 
> > "secure flash".  I've been googling to learn more about that, but I haven't 
> > found any good explanation.
...
> Use your favorite search engine to look for "self encrypted ssd" 
> (without the quotes).

In particular:

https://www.crucial.com/articles/about-ssd/self-encrypting-ssd-for-data-security

Re: Help: explanation of secure flash?

2021-07-06 Thread Rick Thomas

On Tue, Jul 6, 2021, at 3:37 PM, rhkra...@gmail.com wrote:
> I've seen warnings (against hacks) that say (among other things) to enable 
> "secure flash".  I've been googling to learn more about that, but I haven't 
> found any good explanation.
> 
> I'm beginning to get hints that it is not so much a thing (to be enabled), 
> but 
> more the (a) process to update the computer's BIOS.  (e.g., "'Unable to start 
> a Secure flash session' error message.")
> 
> Can somebody provide either a little more explanation and / or a link to a 
> (reasonably simple) reference?

There are available on the market SATA  and USB interface flash or SSD drives 
that have built-in encryption.  they require the user to enter an encryption 
key when they start up.  The software to handle requesting and passing the key 
can be in the BIOS or in a user-supplied boot-loader or user-mode app that 
resides on a non-encrypted disk.

The advantage of this mode vs software encryption is that the encryption engine 
resides in the firmware of the disk so it doesn't eat up CPU or GPU cycles that 
should be better applied to running user apps.

Use your favorite search engine to look for "self encrypted ssd" (without the 
quotes).

Does that help?
Rick

X server running on a different machine [Re: Wanted: a special purpose Debian installer]

2021-06-28 Thread Rick Thomas

On Sun, Jun 27, 2021, at 8:33 AM, Peter Ehlert wrote:
> > X clients like MATE don't directly depend on an X server, because in
> > theory, the X server could be on a different machine.

I'd love to be able to do that!  E.g. a headless machine with plenty of RAM and 
CPU power to run Mate, but located in a locked building on the other side of 
campus.

What do I need to install to do that?  And what are the configuration options?

AtDhVaAnNkCsE (thanks in ADVANCE)
Rick

Re: When to reboot after dist-upgrade?

2021-05-03 Thread Rick Thomas

I use the following little script.  If it produces output, then a reboot is 
desirable.

#!/bin/bash -p

set -x

PATH=/usr/bin:/bin

lsof +c0 -w | grep ' DEL  *REG  *[^0 ]' | egrep -v \ 
'(/var/lib/gdm3|/usr/share/mime|/home/[^/]*)/(.cache|.config|.local)'


What it does is look for library (and other) files that are in use but have 
been removed from the filesystem.  The "egrep -v" filters out some files that 
various utilities create, open, then delete without closing so that if the 
utility ends catastrophically without cleaning up, they don't hang around.  
It's not perfect, but it does help.

Rick

On Sun, May 2, 2021, at 9:16 PM, Kenneth Parker wrote:
> 
> 
> On Sun, May 2, 2021, 9:42 PM riveravaldez  wrote:
>> Hi, sorry if this is not the place to ask (and in that case please
>> point me in the proper direction).
>> 
>> I'm trying to distinguish when a system reboot is an absolute need
>> and when it is absolutely safe to keep the system running/working
>> after a `sudo apt-get update && sudo apt-get dist-upgrade`, once
>> I have already performed a complete restart of all needed services
>> through `sudo needrestart' options in Debian testing.
> 
> In general, if the Kernel is updated, plan to Restart.  Usually, dist-upgrade 
> is required, when Version Numbers change, requiring addition of new packages. 
>  The Linux Kernel is a common (but not the only) reason for this. 
> 
> Also beware, because Debian occasionally will update the Kernel without 
> updating the Version Number.  So it is possible that a Restart is required, 
> without a dist-upgrade. 
> 
> Good luck! 
> 
> Kenneth Parker 
> 
>> 
>> So, in a situation like this:
>> 
>> $ sudo apt-get dist-upgrade
>> Reading package list ... Done
>> Creating dependency tree ... Done
>> Reading status information ... Done
>> Calculating the update ... Done
>> The following packages have been withheld:
>>imagemagick inkscape libc-bin libc6 libc6-dbg libcrypt1
>> libpoppler-glib8 local openssh-client openssh-server
>> openssh-sftp-server ssh
>> 0 updated, 0 new will be installed, 0 to remove, and 12 not updated.
>> 
>> $ sudo needrestart
>> Scanning processes...
>> Scanning processor microcode...
>> Scanning linux images...
>> 
>> Running kernel seems to be up-to-date.
>> 
>> Failed to check for processor microcode upgrades.
>> 
>> No services need to be restarted.
>> 
>> No containers need to be restarted.
>> 
>> No user sessions are running outdated binaries.
>> 
>> $ sudo checkrestart
>> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
>>   Output information may be incomplete.
>> Found 6 processes using old versions of upgraded files
>> (1 distinct program)
>> (0 distinct packages)
>> No packages seem to need to be restarted.
>> (please read checkrestart(8))
>> 
>> , would be perfectly safe and right to keep the system running or on
>> the contrary should I perform a (warm/cold?) reboot to be safe?
>> 
>> Thanks a lot in advance for any hint or info.
>> 
>> Kind regards.
>> 
>> PS: `apt-get dist-upgrade` output is translated to English..., system is
>> in Spanish and I keep not-remembering how to force console output
>> to English, sorry...
>>

Re: Adding wine64 to wine installation (buster)

2021-03-27 Thread Rick Macdonald


On 2021-03-25 11:50 p.m., Alexander V. Makartsev wrote:
"wine" command is a 32-bit ELF binary and "wine64" command is a 64-bit 
ELF binary.
In my experience it doesn't matter which one to use, as long as you 
run programs inside a prefix that supports both 32-bit and 64-bit 
(WoW64). [1]


You can use just one prefix for both 32-bit and 64-bit programs, or 
you can have as many prefixes as you want, each could be setup with 
different settings and\or DLLs, tailored specifically for some program.

It is up to you how to manage them all.
I use "q4wine" program (it could be installed from Debian repo) that 
helps to make some things easier.
There is also commercial software "CrossOver" [2] from the authors of 
WINE project, but I've never used it.



[1] https://wiki.winehq.org/Wine_User%27s_Guide#WINEARCH
[2] https://www.codeweavers.com/crossover


Everything is working perfectly now.  Thanks for the help.

Rick

Re: Adding wine64 to wine installation (buster)

2021-03-25 Thread Rick Macdonald

Thanks!

I ran the wineboot --init command and it worked, and I was able to install the 
64bit program with "wine app64.exe", and it launches. Is there a difference 
between the commands wine and wine64?

Now, do I need to reinstall all my previous 32bit programs, or can I use 
WINEPREFIX pointing to the old .wine directory that I renamed ".wine32"?

Rick

On March 25, 2021 12:10:59 p.m. MDT, "Alexander V. Makartsev" 
 wrote:
>On 25.03.2021 22:47, Rick Macdonald wrote:
>> I've been running a few 32bit Windows programs with wine for many 
>> years, but now I need to run some 64bit programs.
>>
>> The Debian wine wiki says "Users on a 64-bit system should make sure 
>> that both wine32 and wine64 (or wine32-development and 
>> wine64-development) are installed".
>>
>> I have "deb https://dl.winehq.org/wine-builds/debian/ buster main" in
>
>> sources.lists. I installed "wine64". The package lists before and 
>> after are below. When I try to install a 64bit program using "wine 
>> 64bitprogram.exe", I get the message:
>>
>> "This program can only be installed on versions of Windows designed 
>> for the following processor architectures: x64".
>>
>> So then I ran "wine64 64bitprogram.exe" and I get the message:
>>
>> "wine: '/home/myacct/.wine' is a 32-bit installation, it cannot 
>> support 64-bit applications."
>>
>> Installing wine64 didn't create a .wine64 directory. It seems like
>I'm 
>> close, but what am I missing? Something to do with WINEPREFIX?
>Correction, command should be:
>$ wineboot --init
>
>
>-- 
>With kindest regards, Alexander.
>
>⢀⣴⠾⠻⢶⣦⠀
>⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
>⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
>⠈⠳⣄

Adding wine64 to wine installation (buster)

2021-03-25 Thread Rick Macdonald

I've been running a few 32bit Windows programs with wine for many years, 
but now I need to run some 64bit programs.


The Debian wine wiki says "Users on a 64-bit system should make sure 
that both wine32 and wine64 (or wine32-development and 
wine64-development) are installed".


I have "deb https://dl.winehq.org/wine-builds/debian/ buster main" in 
sources.lists. I installed "wine64". The package lists before and after 
are below. When I try to install a 64bit program using "wine 
64bitprogram.exe", I get the message:


"This program can only be installed on versions of Windows designed for 
the following processor architectures: x64".


So then I ran "wine64 64bitprogram.exe" and I get the message:

"wine: '/home/myacct/.wine' is a 32-bit installation, it cannot support 
64-bit applications."


Installing wine64 didn't create a .wine64 directory. It seems like I'm 
close, but what am I missing? Something to do with WINEPREFIX?


Before installing wine64:

# dpkg --get-selections|grep wine
fonts-wine  install
libwine:i386    install
libwine-cms:i386    install
libwine-gphoto2:i386    install
libwine-ldap:i386   install
libwine-openal:i386 install
libwine-print:i386  install
libwine-sane:i386   install
wine-stable install
wine-stable-amd64   install
wine-stable-i386:i386   install
winehq-stable   install
winetricks  install


After installing wine64:

# dpkg --get-selections|grep wine
fonts-wine  install
libwine:i386    install
libwine-cms:i386    install
libwine-gphoto2:i386    install
libwine-ldap:i386   install
libwine-openal:i386 install
libwine-print:i386  install
libwine-sane:i386   install
wine-stable install
wine-stable-amd64   install
wine-stable-i386:i386   install
winehq-stable   install
winetricks  install


Thanks, Rick

Re: OT: Router behaviour

2021-02-20 Thread Rick Thomas

On Thu, Feb 4, 2021, at 4:26 PM, Dan Ritter wrote:
> Mark Fletcher wrote: 
> > First apologies for the off-topic post, but I know this community is 
> > full of experts on this topic and my ask in the end is a simple one:
> 
> (and you can use Debian to achieve your ends)
> 
> > Can anyone point me at a reasonably accessible guide to the details of 
> > how IP networks work, in particular the communications that occur 
> > between router devices that are designed to support home networks? I'm 
> > computer science trained but from many years ago and if I ever learned 
> > these specific details I have forgotten them, but I feel equipped to 
> > understand them. I'm after a certain amount of detail and would prefer 
> > to avoid adverts or advice of the "just buy our product, plug it in and 
> > your problems will all be solved" type.
> 
> The most useful single doc is https://lartc.org/lartc.html
> which, although omitting more recent developments, is an
> excellent foundation in networking and routing aimed at the
> small office or family sysadmin.

If you want a complete, comprehensive textbook on networking, take a look at
David J. Wetherall, Andrew Tanenbaum: "Computer Networks, Fifth Edition"
This is e-book, but it's also available in paperback and hardback.


https://bellasias.com/product/e-book-computer-networks-fifth-edition-pdf-epub-david-j-wetherall-andrew-s-tanenbaum/?msclkid=6dce151da1951218f101752d64ca293f

Enjoy!
Rick

Re: Installing Debian Bullseye on Cubox-i4 with eSATA drive... No ethernet detected

2021-02-06 Thread Rick Thomas

On Fri, Jan 29, 2021, at 7:18 PM, Rick Thomas wrote:
> Hi!
> 
> On Fri, Jan 29, 2021, at 1:03 AM, Holger Wansing wrote:
> > On https://www.debian.org/devel/debian-installer/
> > you should look under the daily snapshots.
> > For armhf that would be
> > https://d-i.debian.org/daily-images/armhf/daily/netboot/SD-card-images/
> 
> I downloaded the two-part image from [1] dated 2021-01-30 and tried to 
> install it on my Cubox-i4.
> 
> It booted fine but when it got to the "Detect network hardware" phase, 
> it failed and said:
> 
> No Ethernet card was detected. If you know the name of the driver 
> needed by your Ethernet card, you can select it from the list. 
> Driver needed by your Ethernet card:  
> and gave a long list of available ethernet drivers.
> 
> I couldn't find anything that looked like an Atheros 8035 driver, which 
> seems to be the one in use when I boot with a working system.
> 
> Any suggestions?
> Thanks!
> Rick
> 
> [1] https://d-i.debian.org/daily-images/armhf/daily/netboot/SD-card-images/
>  dated 2021-01-30

I tried it again, this time with the components dated 2021-02-06 (today).
I was hoping that the problem was transient and might have been fixed in the 
intervening week, but I still got the same result: "No Ethernet card was 
detected."

Do I need to file a bug report?  If so, to which package?  If I do, is there 
any chance it will be fixed before Bullseye is released into the wild?
Is there a known workaround that I can apply?

Thanks for any help!
Rick

Re: Installing Debian Bullseye on Cubox-i4 with eSATA drive... No ethernet detected

2021-01-29 Thread Rick Thomas

Hi!

On Fri, Jan 29, 2021, at 1:03 AM, Holger Wansing wrote:
> On https://www.debian.org/devel/debian-installer/
> you should look under the daily snapshots.
> For armhf that would be
> https://d-i.debian.org/daily-images/armhf/daily/netboot/SD-card-images/

I downloaded the two-part image from [1] dated 2021-01-30 and tried to install 
it on my Cubox-i4.

It booted fine but when it got to the "Detect network hardware" phase, it 
failed and said:

No Ethernet card was detected. If you know the name of the driver 
needed by your Ethernet card, you can select it from the list. 
Driver needed by your Ethernet card:  
and gave a long list of available ethernet drivers.

I couldn't find anything that looked like an Atheros 8035 driver, which seems 
to be the one in use when I boot with a working system.

Any suggestions?
Thanks!
Rick

[1] https://d-i.debian.org/daily-images/armhf/daily/netboot/SD-card-images/
 dated 2021-01-30

Re: Installing Debian Buster on Cubox-i4 with eSATA drive.

2021-01-28 Thread Rick Thomas

On Thu, Jan 28, 2021, at 12:08 AM, Rick Thomas wrote:
> On Wed, Jan 27, 2021, at 11:15 PM, Vagrant Cascadian wrote:
> > On 2021-01-27, Rick Thomas wrote:
> > > I'm trying to install Debian Buster [1] on my Cubox-i4P with an eSATA
> > > drive. Everything seems to be fine, but when it comes time to reboot,
> > > it boots into the installer again, rather than the installed system.
> > >
> > > Here's what I did, and what I observed:
> > >
> > > *) I downloaded the two parts of the SDcard install image from [1] and 
> > > followed the instructions in the README to create a 4GB (I didn't have 
> > > anything smaller) SDcard installer.
> > > *) I connected the eSATA disk and plugged the SDcard into the Cubox and 
> > > powered it up.
> > > *) It booted off the SD-card into the installer as expected.
> > ...
> > > *) But when the reboot happened, I found myself back in the installer.
> > > *) I tried removing the SDcard and rebooting, but it failed to boot -- 
> > > after power-on nothing happened.
> > 
> > > What I hoped would happen with the eSATA drive was that the installer
> > > would write the boot firmware (u-boot, etc) to the SDcard, and
> > > configure it to get /boot, root, /home, swap off the eSATA.
> > 
> > U-boot can only be loaded from microSD on that platform, as far as I'm
> > aware.
> > 
> > You can use the bootloader from the installer image, just delete the
> > boot.scr and/or extlinux.conf from the partition on the installer image,
> > or make another partition on the microSD card, and mark it bootable, but
> > don't put anything on it. Then u-boot should fall back to loading the
> > kernel+initrd+device-tree off of the eSATA.
> > 
> > If you interrupt the boot process and get to a u-boot prompt, you should
> > be able to see the order of devices u-boot tries to boot from with:
> > 
> >   printenv boot_targets
> > 
> > 
> > Now that bullseye is in the early phases of freeze, please consider
> > testing bullseye, too, if you can! :)
> 
> Thanks!  This sounds like it ought to work.  I'll give it a try.
> 
> For bullseye, where should I download the latest installer image from?  
> I'd love to give it a try as well!
> Rick

That worked!

Specifically, what I did was:
*) on a different machine, I mounted the installer SDcard first partition
*) renamed boot.scr to oboot.scr
*) sync and umount the SDcard.
*) inserted it in the Cubox
*) powered up and watched it boot from the eSATA disk.

Whoopie!

Observations:
*) => printenv boot_targets
   boot_targets=mmc0 sata0 usb0 pxe dhcp

*) It located the /boot partition on the eSATA drive without any help from me.  
I assume that means it goes down the list of boot_targets one by one looking 
for an active bootable partition containing a file called "boot.scr" which it 
then executes to perform the remainder of the boot process (mostly to load the 
kernel and initrd , then pass control to them).

*) I wonder if it would be possible to change the "boot_targets" environment 
variable to put "sata0" first?  Would that work, if it could be done?  If that 
were done, would it mess up booting from the SDcard when there was no eSATA 
drive?

So now, the next question is: how do we convince the debian installer to 
recognize that it's installing to the eSATA drive and either set "boot_targets" 
appropriately, or mark the boot partition on the SDcard as not bootable.

I've added "debian-boot" to the CC list of this email.  Should I file a bug 
report?  If so, what package should I file it against?

Next thing to test -- can I install bullseye the same way?

Thanks very much to everyone for all your help!
Rick

Re: Installing Debian Buster on Cubox-i4 with eSATA drive.

2021-01-28 Thread Rick Thomas

On Wed, Jan 27, 2021, at 11:15 PM, Vagrant Cascadian wrote:
> On 2021-01-27, Rick Thomas wrote:
> > I'm trying to install Debian Buster [1] on my Cubox-i4P with an eSATA
> > drive. Everything seems to be fine, but when it comes time to reboot,
> > it boots into the installer again, rather than the installed system.
> >
> > Here's what I did, and what I observed:
> >
> > *) I downloaded the two parts of the SDcard install image from [1] and 
> > followed the instructions in the README to create a 4GB (I didn't have 
> > anything smaller) SDcard installer.
> > *) I connected the eSATA disk and plugged the SDcard into the Cubox and 
> > powered it up.
> > *) It booted off the SD-card into the installer as expected.
> ...
> > *) But when the reboot happened, I found myself back in the installer.
> > *) I tried removing the SDcard and rebooting, but it failed to boot -- 
> > after power-on nothing happened.
> 
> > What I hoped would happen with the eSATA drive was that the installer
> > would write the boot firmware (u-boot, etc) to the SDcard, and
> > configure it to get /boot, root, /home, swap off the eSATA.
> 
> U-boot can only be loaded from microSD on that platform, as far as I'm
> aware.
> 
> You can use the bootloader from the installer image, just delete the
> boot.scr and/or extlinux.conf from the partition on the installer image,
> or make another partition on the microSD card, and mark it bootable, but
> don't put anything on it. Then u-boot should fall back to loading the
> kernel+initrd+device-tree off of the eSATA.
> 
> If you interrupt the boot process and get to a u-boot prompt, you should
> be able to see the order of devices u-boot tries to boot from with:
> 
>   printenv boot_targets
> 
> 
> Now that bullseye is in the early phases of freeze, please consider
> testing bullseye, too, if you can! :)

Thanks!  This sounds like it ought to work.  I'll give it a try.

For bullseye, where should I download the latest installer image from?  I'd 
love to give it a try as well!
Rick

Installing Debian Buster on Cubox-i4 with eSATA drive.

2021-01-27 Thread Rick Thomas

I'm trying to install Debian Buster [1] on my Cubox-i4P with an eSATA drive.
Everything seems to be fine, but when it comes time to reboot, it boots into
the installer again, rather than the installed system.

Here's what I did, and what I observed:

*) I downloaded the two parts of the SDcard install image from [1] and followed
the instructions in the README to create a 4GB (I didn't have anything smaller)
SDcard installer.
*) I connected the eSATA disk and plugged the SDcard into the Cubox and powered
it up.
*) It booted off the SD-card into the installer as expected.
*) Everything went as expected, until it got to the partition-disks phase.
*) I chose to use the eSATA disk as the installation target. I told it to use
the whole disk and use the LVM method of partitioning.
*) It created the /boot ext2 partition in /dev/sda1 and put root, /home and
swap in the LVM on /dev/sda5. This is (I think) exactly what I wanted.
*) There was no mention of the SDcard /dev/mmcblk1 (except when initially
choosing the target disk -- I did explicitly NOT choose it at this time)
*) I allowed it to wipe and re-partition the eSATA disk, which it did without
incident.
*) Everything proceeded as expected. I chose a minimal (ssh and base packages)
in tasksel.
*) When it came to "make it bootable" I said go ahead. There was no mention of
/dev/mmcblk1 at this stage.
*) It proceeded from there without any apparent errors.
*) When it came time to reboot, I said go ahead.
*) But when the reboot happened, I found myself back in the installer.
*) I tried removing the SDcard and rebooting, but it failed to boot -- after
power-on nothing happened.

What I hoped would happen with the eSATA drive was that the installer would
write the boot firmware (u-boot, etc) to the SDcard, and configure it to get
/boot, root, /home, swap off the eSATA.

What I suspect has happened is that the boot firmware (u-boot, etc) was written
to the eSATA drive and so it can't be found by the power-up routine without
some reconfiguration to tell it to look at the eSATA, but that isn't happening.

Anybody know what I can do to either:
1) Tell the power-up routines to look at the eSATA?
or
2) Write the boot firmware to the SD card and configure it to get the rest of
the system from the eSATA?

Debug logs were saved, and can be provided upon request.

Thanks in advance for any help!
Rick

PS: In a previous attempt, I used a 64GB SDcard without the eSATA disk --
putting everything onto the SDcard. That worked fine (It put the boot stuff on
the SDcard) but it's horribly slow due to the very low speed of data transfer
to and from the SDcard.

[1]
http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/SD-card-images/

Re: po...@lists.debian.org

2021-01-10 Thread Rick Thomas

This is not the place for a political discussion.  Please confine your comments 
to debian technical questions.

Re: Release status of i386 for Bullseye and long term support for 3 years?

2020-12-21 Thread Rick Thomas

On Mon, Dec 21, 2020, at 3:48 AM, Andrew M.A. Cater wrote:
> On Tue, Dec 15, 2020 at 06:42:41AM -0700, Charles Curley wrote:
> > On Tue, 15 Dec 2020 13:42:37 +0200
> > Andrei POPESCU  wrote:
> > 
> > > That is, if you and other list subscribers care about continued i386 
> > > support you should probably look into contributing.
> > 
> > And how does one do that?
> > 
> > -- 
> > Does anybody read signatures any more?
> > 
> > https://charlescurley.com
> > https://charlescurley.com/blog/
> 
> If you have "real" 686 32 bit hardware that you can press into service that 
> isn't being used: pick up a Debian i386 disk and try reinstalling Debian.
> 
> If you have "real" 686 32 bit hardware - get a copy of a Debian live CD and
> boot it - you may face probelms if there isn't a lot of memory.

Well, as it happens I just did that!  But I didn't have any problems...

Details:
I recently was given an old IBM ThinkPad T60 1953 with an Intel Core Duo 
(Yonah) 32-bit processor. Vintage c 2006.  Output of "cat /proc/cpuinfo" is 
attached.

First I tried booting the Debian 10.7.0 (Buster) amd64 Live DVD.  It said I 
didn't have the right kind of processor, and I should try the i386 version.  So 
I did.  It booted fine and ran a couple of simple commands without incident.  
Then I rebooted and ran the installer from the same DVD.  Again, no problem 
installing a system without GUI.  I then ran tasksel and used it to install the 
Cinnamon desktop, which is working great.

I'll file an installation report soon.  After that, I guess I'll try installing 
Bullseye and file a report on it.

Does anybody know if there's an i386 Live DVD for Bullseye?

Thanks for all your work!
Rickprocessor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 14
model name  : Genuine Intel(R) CPU   T2400  @ 1.83GHz
stepping: 8
microcode   : 0x39
cpu MHz : 997.463
cache size  : 2048 KB
physical id : 0
siblings: 2
core id : 0
cpu cores   : 2
apicid  : 0
initial apicid  : 0
fdiv_bug: no
f00f_bug: no
coma_bug: no
fpu : yes
fpu_exception   : yes
cpuid level : 10
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc arch_perfmon 
bts cpuid aperfmperf pni monitor vmx est tm2 xtpr pdcm dtherm
bugs: cpu_meltdown spectre_v1 spectre_v2 l1tf mds swapgs 
itlb_multihit
bogomips: 3657.32
clflush size: 64
cache_alignment : 64
address sizes   : 32 bits physical, 32 bits virtual
power management:

processor   : 1
vendor_id   : GenuineIntel
cpu family  : 6
model   : 14
model name  : Genuine Intel(R) CPU   T2400  @ 1.83GHz
stepping: 8
microcode   : 0x39
cpu MHz : 997.453
cache size  : 2048 KB
physical id : 0
siblings: 2
core id : 1
cpu cores   : 2
apicid  : 1
initial apicid  : 1
fdiv_bug: no
f00f_bug: no
coma_bug: no
fpu : yes
fpu_exception   : yes
cpuid level : 10
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc arch_perfmon 
bts cpuid aperfmperf pni monitor vmx est tm2 xtpr pdcm dtherm
bugs: cpu_meltdown spectre_v1 spectre_v2 l1tf mds swapgs 
itlb_multihit
bogomips: 3657.32
clflush size: 64
cache_alignment : 64
address sizes   : 32 bits physical, 32 bits virtual
power management:

Re: Buster with MATE without systemd

2020-09-17 Thread Rick Thomas

I too have been using Debian for over a decade, and I've come to rely on it, so 
I hear your concern at having to "switch" to something new.  But I don't think 
Devuan is really all that "new".  

 For almost two years I've had Devuan ascii with mate desktop in a VM that I 
use daily for a variety of jobs.  I did it originally as a lark, but over the 
months, I've come to rely on it.   I'm not a developer, so I'm not tuned to the 
gory details, but from a user point of view, Devuan might as well be Debian -- 
but without the need for systemd.

The only reason I haven't upgraded to beowulf is sheer laziness.  But all this 
talk has gotten me inspired.  I'm definitely planning to upgrade to beowulf 
soon now.

I recommend it!
Rick

Migrating to a new disk.

2020-08-30 Thread Rick Thomas

OK, I've got a Debian computer where the system disk is showing signs of 
flakiness.  I want to replace it with a new disk and retire the old one.

Before I do it for real, I'm doing a dry-run on a vmware virtual machine.  I 
don't *think* the fact that it's virtual should affect my results.  But I put 
it out there, just incase.

Here's what I've done so far:

*) Set up a VM with one virtual SATA disc drive, and installed Buster on it.  
The system has a MBR partitioning with /boot in /dev/sda1 and the rest of the 
disk as an LVM volume-group ("tryout-vg") partition in /dev/sda5 with root, 
swap, and home as LVs.

*) Added a virtual SATA disk drive and partitioned it the same as above -- 
/dev/sdb1 is boot and /dev/sdb5 is the LVM partition.  However, in order to 
have both disks available for mounting (see below) at the same time, the new 
drive's LVM volume-group had to have a different name ("new-vg").

*) Used rsync to copy the contents of the boot, root, and home partitions from 
the original disk to the new one.

*) Modified the /etc/fstab on the new disk to reflect the names and uuid's of 
the partitions on the new disk.

*) Booted the Buster install DVD in rescue mode and ran "reinstall boot loader" 
for the new disk.

*) Rebooted and told the BIOS to boot from the new disk.  It went to the grub 
screen and proceeded to boot.

*) To my surprise, after it booted, I logged in and saw that the root, swap, 
home and boot partitions that were mounted were all from the original disk!

So what am I missing?  How do I tell grub on the new disk to use the root 
partition and volume-group on the new disk?

Thanks for any help!
Rick

Re: Disks renamed after update to 'testing'...?

2020-08-18 Thread Rick Thomas

On Mon, Aug 17, 2020, at 4:42 PM, hobie of RMN wrote:
> Hi, All -
> 
> My brother has been issuing "mount /dev/sdb1" prior to backing up some
> files to a second hard disk.  He lately upgraded to 'testing', and it
> appears (from result of running df) that what the system now calls
> /dev/sdb1 is what he has thought of as /dev/sda1, the system '/'
> partition.
> 
> Thanks to the UUID= mechanism, his system still boots properly, but 'mount
> /dev/sdb1' is inappropriate now, could even be the path to madness. :)
> 
> Two questions, then: (1) What caused this shift of device naming? And (2)
> How do we fix it?  Is this something that can be changed in the BIOS? 
> But, if so, what caused it to change in the first place?
> 
> Thanks for your time and attenton.

The /dev/sdx names for devices have been unpredictable for quite a while.  
Which one is sda and which sdb will depend on things like timing -- which one 
gets recognized by the kernel first.

The best solution is to either use UUID or LABEL when you fsck and/or mount the 
device.  So:

1) Use "df" to find out the device name that the kernel decided to use for your 
backup disk this time.  Let's assume it's /dev/sda1.

2) label that device with the "tune2fs" command (assuming your device contains 
an ext[234] filesystem.  If not, check the man pages for the filesystem you are 
using.)  e.g. "tune2fs -L BACKUP /dev/sda1".

3) then when you want to mount or fsck  the device (you do fsck it before 
mounting it, right?) use "LABEL=BACKUP" instead of "/dev/sdb1".
fsck LABEL=BACKUP
mount LABEL=BACKUP
4) If you're into typing long strings of random characters, you can instead 
skip the label step and do
fsck UUID=..
mount UUID=..
But that's only for masochists, IMHO.

In any case, read the man pages before you try anything, so you'll know what 
your doing.

Enjoy!
Rick

Re: Fw: Fw: How long will this take?

2020-06-13 Thread Rick Thomas

On Thu, Jun 11, 2020, at 11:05 AM, Dan Ritter wrote:
> Matthew Campbell wrote: 
> > The process is complete. The 4 TB drive has been successfully blanked in 
> > less than 40 hours using dd. It got done between 11 pm last night and 12 am 
> > this morning. dd showed an overall average write speed of 28.4 MB/s. It was 
> > never my intention to start a war. My sincere apologies if I have said or 
> > done anything to offend anyone. I prefer to test out new hardware after I 
> > buy it and I prefer to blank new hard drives before partitioning and 
> > writing out new file systems. Thank you to each of you for your assistance.
> > 
> 
> I think you stated your issue well, responded to queries, and
> reported back with the results. Thanks for being part of the
> community.

+1
You didn't start the war, Mathew.  It was there long before you stumbled into 
the battlefield.  Sadly, any list with more than one participant will have 
issues about which people will disagree vociferously.  There's probably 
somebody's law that states that observation...  Something like, "Whenever the 
words 'stupid' or 'idiot' occur in a thread, there's nothing to be gained in 
following it beyond that point."

Enjoy!
Rick

Re: Fw: How long will this take?

2020-06-09 Thread Rick Thomas

This means that reads and writes should be on 4KiB boundaries, and writes 
should be multiples of 4KiB, for optimal performance. As long as those criteria 
are met, there's no harm and some real benefits of reading and writing larger 
blocks than the minimum.

One example benefit, among several possible, is that the OS overhead of one 
single 1MiB write will be much less than 256 individual 4KiB writes. (number of 
system calls performed; overhead inside the OS of merging successive writes to 
optimize the size of actual disk transfers, etc...)

Hope that helps!
Rick

On Mon, Jun 8, 2020, at 9:47 PM, Matthew Campbell wrote:
> fdisk said the minimum and optimal access size for my hard drive was 4096 
> bytes.
> 
> name=Matthew%20Campbell=trenix25%40pm.me
> 
> 
> 
> 
> 
>  Original Message 
> On Jun 8, 2020, 7:42 PM, Dan Ritter < d...@randomstring.org> wrote:
>> 

>> Jude DaShiell wrote:
>>  > Does any optimal formula exist based on hard drive size which minimizes
>>  > time needed for checking and blanking hard drives in connection with the
>>  > block size value?


>> If the disk firmware offers it, a SMART long read/verify test
>>  should be close to optimal. Consult smartctl and the disk manufacturer
>>  for details.


>> For conventional spinning hard disks, the optimal write size would be
>>  a complete cylinder at a time. That varies across the radius of the disk,
>>  and may not be made available to the OS.


>> In lieue of knowing that, writes which are reasonable integer
>>  multiples of the sector size are very good. 1 MB is probably
>>  good for most drives.


>> For SMR spinning disks,the optimal write size is one complete
>>  write zone. I've heard that this is standardizing at 256MB, but
>>  I would want to confirm with the manufacturer. There are a lot
>>  of interactions with PMR caches.


>> For SSD, writing wears out the storage mechanism. A write-all
>>  test won't test reliability; flaws will be detected and remapped
>>  without letting the host know.

>> -dsr-

Re: Smallest Usable EFI Partition?

2020-05-12 Thread Rick Thomas

On Tue, May 12, 2020, at 3:37 PM, Andrea Borgia wrote:
> Il 13/05/20 00:21, Patrick Bartek ha scritto:
> > I can't find anything definitive on this question.  Some say, 100MB is
> > fine; others 215 or 550 is a safe choice.  It all seems to be just
> > opinions.
> I had the same doubts about a year ago and went with the recommendation 
> of a larger partition, about 500MB... of which only 6% is used.
> My office laptop with Windows10 has something in the region of 100MB but 
> it is not dualboot.
> Debian uses about 6MB, MS about 26MB, plus a couple of megs for boot.
> If space is really tight you might want to stick with 100MB in total.

One thing to keep in mind is that, when the contents are being updated, the EFI 
partition and the /boot partition if you have one, will need space for two (or 
even more) copies of stuff.  So don't be too stingy!

Stay well, stay safe!
Rick

Re: Hmmm... /boot is too small. what's the best way to increase it's size?

On Sun, May 10, 2020, at 12:30 PM, David Christensen wrote:

> As for using GRML, I have never heard of it.  The Debian Installer can 
> get the job done.  

GRML [1]  says: "Grml is a bootable live system (Live-CD) based on Debian. Grml 
includes a collection of GNU/Linux software especially for system 
administrators. Users don't have to install anything on fixed storage. Grml is 
especially well suited for administrative tasks like installation, deployment 
and system rescue. Read more..."

There's also Debian Live, which also has all the features I'll need to do a 
full backup, repartition, and restore.  The installer in rescue mode is more 
limited than either of these alternatives.

Rick

[1] http://grml.org

Re: Hmmm... /boot is too small. what's the best way to increase it's size?

On Sun, May 10, 2020, at 3:22 AM, Andrei POPESCU wrote:
> On Du, 10 mai 20, 02:02:45, Rick Thomas wrote:
> > So... Here's another question:
> > 
> > Why is the default size of /boot, as created by the installer, so 
> > small?  Disk (even SSD) is cheap enough these days that the default 
> > size could be as much as a GB without great pain.
> > 
> > Has this been thought about by the PTBs?  Was there a discussion of 
> > possibly raising the default?  Maybe I missed it...
> 
> A quick search in the BTS reveals #893886 and #951709 (both fixed in 
> git).

Thanks for the pointers, Andrei!   Do you think those changes will get into 
Bullseye before it's released?
Rick

Re: Hmmm... /boot is too small. what's the best way to increase it's size?




On Sun, May 10, 2020, at 1:17 AM, David Christensen wrote:
> On 2020-05-09 22:05, Will Mengarini wrote:
> > * Rick Thomas  [20-05/09=Sa 20:05 -0700]:
> >> What's the best way to increase the size of /boot?
> > By creating a reliable backup and reformatting the disk to
> > the new format.  I've never found it to be cost-effective
> > to try anything else. 
> +1

Yeah, that's probably what I'll do.  Fortunately, it's an amd64 machine, so 
I'll be able to use GRML to do the work.
Enjoy!
Rick

Re: Hmmm... /boot is too small. what's the best way to increase it's size?

So... Here's another question:

Why is the default size of /boot, as created by the installer, so small?  Disk 
(even SSD) is cheap enough these days that the default size could be as much as 
a GB without great pain.

Has this been thought about by the PTBs?  Was there a discussion of possibly 
raising the default?  Maybe I missed it...

Stay safe and stay healthy!
Rick

Re: Hmmm... /boot is too small. what's the best way to increase it's size?

> Consider the time you've spent posing this question, waiting for the
> answers, and reading them.  Dump and reload might've finished already.

True, but I wouldn't have learned half so much and wouldn't have had a third so 
much had so much fun learning it!

Stay safe!

Re: Hmmm... /boot is too small. what's the best way to increase it's size?