Re: Bookworm: IBM DSD3300 iSCSI connection problem [solved]

[Greg]

On 6/17/24 11:04, Timothy M Butterworth wrote:



On Sun, Jun 16, 2024 at 3:41 PM Greg > wrote:


Hi there,

I'm trying to mount iscsi share exported from old IBM DS3300.
Unfortunately I get the following error:

ping timeout of 5 secs expired, recv timeout 5, last rx
4405941922, last
ping 4405943173, now 440598


DS3300 is in "Optimal" state.

Thanks in advance for any help

More info from dmesg:

[444198.925420] scsi 10:0:0:31: Attached scsi generic sg7 type 0
[444209.025722]  connection12:0: ping timeout of 5 secs expired, recv
timeout 5, last rx
4405941922, last
ping 4405943173,
now 440598
[444209.025765]  connection12:0: detected conn error (1022)
[444211.083687] sd 10:0:0:0: Power-on or device reset occurred
[444221.313734]  connection12:0: ping timeout of 5 secs expired, recv
timeout 5, last rx 4405944962, last ping 4405946240, now 4405947520
[444221.313780]  connection12:0: detected conn error (1022)
[444223.373262] sd 10:0:0:0: Power-on or device reset occurred
[444233.601772]  connection12:0: ping timeout of 5 secs expired, recv
timeout 5, last rx 4405948034, last ping 4405949312, now 4405950592
[444233.601814]  connection12:0: detected conn error (1022)


According to these errors a ping test is failing. Can you ping and 
traceroute to the DS3300 from the client? It looks like you have a 
connectivity problem. If you recently setup a firewall then you need to 
open ICMP echo-request and echo-reply.


Thanks for the tip. The problem is definitely related to firewall.

Regards
Greg

Re: Upgrading Buster LTS (10) to Bookworm (current stable) concerns

[Jeffrey Walton]

On Mon, Jun 17, 2024 at 3:38 AM Nick Sal  wrote:
>
> I plan to upgrade a server running Buster to Bookworm.
> Server is running: {web,mail} servers, mysql and postregre, docker, ssh, 
> ldap, ferm (firewall), and few other non-critical services.
>
> I'd like to appeal to your experience for a couple concerns:
>
> 1) Should I upgrade in two steps from Buster to Bullseye (oldstable), and 
> then to Bookworm? Or should I go directly from Buster to Bookworm in one step?
> The upgrade will be done by changing sources.list

If I recall correctly, simply changing sources.list is not
recommended. That's because there are post-upgrade scripts that should
be run to finalize a configuration on occasion.

You should follow
<https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html>,
<https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html>
and friends.

> 2) To the best of your knowledge, do docker images break between such 
> upgrades? Unfortunately, I don't have many details on docker because it was 
> set-up by a previous admin.
>
> If any big break/incompatibility comes to mind for the above services, please 
> don't hesitate to share your story :)

Jeff

Re: Bookworm: IBM DSD3300 iSCSI connection problem

[Timothy M Butterworth]

On Sun, Jun 16, 2024 at 3:41 PM Greg  wrote:

> Hi there,
>
> I'm trying to mount iscsi share exported from old IBM DS3300.
> Unfortunately I get the following error:
>
> ping timeout of 5 secs expired, recv timeout 5, last rx 4405941922,
>  last
> ping 4405943173, now 440598
>


> DS3300 is in "Optimal" state.
>
> Thanks in advance for any help
>
> More info from dmesg:
>
> [444198.925420] scsi 10:0:0:31: Attached scsi generic sg7 type 0
> [444209.025722]  connection12:0: ping timeout of 5 secs expired, recv
> timeout 5, last rx 4405941922,
>  last ping 4405943173,
>  now 440598
> 
> [444209.025765]  connection12:0: detected conn error (1022)
> [444211.083687] sd 10:0:0:0: Power-on or device reset occurred
> [444221.313734]  connection12:0: ping timeout of 5 secs expired, recv
> timeout 5, last rx 4405944962, last ping 4405946240, now 4405947520
> [444221.313780]  connection12:0: detected conn error (1022)
> [444223.373262] sd 10:0:0:0: Power-on or device reset occurred
> [444233.601772]  connection12:0: ping timeout of 5 secs expired, recv
> timeout 5, last rx 4405948034, last ping 4405949312, now 4405950592
> [444233.601814]  connection12:0: detected conn error (1022)
>

According to these errors a ping test is failing. Can you ping and
traceroute to the DS3300 from the client? It looks like you have a
connectivity problem. If you recently setup a firewall then you need to
open ICMP echo-request and echo-reply.


> and so on...
> On DS3300 error log I see:
>
> Date/Time: 6/16/24 9:27:04 PM
> Sequence number: 621
> Event type: 180D
> Description: Session terminated unexpectedly
> Event specific codes: 0/0/0
> Event category: Internal
> Component type: iSCSI Initiator
> Component location: iqn.1993-08.org.debian:01:bc2c2e478b92
> Logged by: Controller in slot A
>
> Raw data:
> 4d 45 4c 48 03 00 00 00 6d 02 00 00 00 00 00 00
> 0d 18 49 02 88 3c 6f 66 00 00 00 00 00 00 00 00
> 00 00 00 00 04 00 00 00 19 00 00 00 19 00 00 00
> 26 00 00 00 69 71 6e 2e 31 39 39 33 2d 30 38 2e
> 6f 72 67 2e 64 65 62 69 61 6e 3a 30 31 3a 62 63
> 32 63 32 65 34 37 38 62 39 32 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 01 00 00 00 00 00 00 00 00 00 00 00
>
>  From DS3300 service console:
>
> 06/16/24-19:26:55 (GMT) (IOSched): NOTE:  DDB Changed on port 0
> mbox[0-5] 8014 0001 0038 0021 f 
> 06/16/24-19:26:55 (GMT) (IOSched): NOTE:  QLUtmConnection: Calling UTM
> with initiator ID 0x38 Request 0x2
> 06/16/24-19:26:55 (GMT) (IOSched): NOTE:  CloseConnectionNotification:
> Free connection object for InitiatorId 0x38   pPortal
> 06/16/24-19:26:55 (GMT) (IOSched): NOTE:  QLUpdateInitiatorData: [38]
> Not connected - prev 25
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  DDB Changed on port 0
> mbox[0-5] 8014 0001 0039 0023  
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  QLUtmConnection: Calling UTM
> with initiator ID 0x39 Request 0x1
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  QLUpdateInitiatorData: [39]
> Connected - prev 21
> 06/16/24-19:26:57 (GMT) (IOSched): WARN:  LoginPduContinue:
> ClosingSession (all conns) to allow new login. pSession = 1C25240
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  CloseSession:
> Session:0x1c25248, Tsih:0x1d1dbf4  pSessionItn:0x40e872c.
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  InstantiateSession:
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:Session:0x0x1c25248
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:Initiator
> Name:iqn.1993-08.org.debian:01:bc2c2e478b92
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:Target
> Name:iqn.1992-01.com.lsi:1535.600a0b8000496dab666d0069
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:Target Obj:0x0x2fabd1c
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  InstantiateSession:
> SES_TYPE_NORMAL, SES_STATE_ACTIVE, SES_TRAN_IN_LOGIN.
> 06/16/24-19:26:57 (GMT) (IOSched): WARN:  AddConnectionToSession: Add
> new connection to this session,
>  Type:2 HostCID:0 TSIH:48 ConnCnt:1 MaxConns:1 MaxConnNeg:0
> pSession:0x1c25248
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  LoginPduContinue:
> SES_STATE_LOGGED_IN - normal
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:
> Initiator = iqn.1993-08.org.debian:01:bc2c2e478b92
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:
> Target = iqn.1992-01.com.lsi:1535.600a0b8000496dab0009
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:   CID:
> , SSID: 3dafefe
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  LoginPduContinue: eitItn
> allocated was 0x40e872c for initiator [39] Session:0x01c20
> 06/16/24-19:26:57 (GMT) (IOSched): WARN:  DdbSetParms:Session:0x1c25248
> Conn:0x3dafed8 sNegotiated.MaxRecvDataSegmentLength 0
> 06/16/24-19:26:57 (GMT) (setAliasAltTask): NOTE:  snrAliasAltTask:
> IconSendInfeasibleException Error
> 06/16/24-19:26:57 (GMT) (IOSched): NOTE:  

Re: Upgrading Buster LTS (10) to Bookworm (current stable) concerns

[Michael Kjörling]

On 17 Jun 2024 03:41 +, from specialrou...@proton.me (Nick Sal):
> 1) Should I upgrade in two steps from Buster to Bullseye
> (oldstable), and then to Bookworm? Or should I go directly from
> Buster to Bookworm in one step?
> The upgrade will be done by changing sources.list 

NEVER skip major Debian releases during an upgrade cycle. Doing so is
unsupported and can lead to any number of problems.

Treat each major version upgrade (10 -> 11; 11 -> 12) as a separate
upgrade. I would go as far as to suggest letting the system run on, in
this case, Debian 11 for a while before proceeding to the upgrade to
12, to catch any issues that take a while to manifest themselves.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Upgrading Buster LTS (10) to Bookworm (current stable) concerns

[Nick Sal]

Hi,

I plan to upgrade a server running Buster to Bookworm. 
Server is running: {web,mail} servers, mysql and postregre, docker, ssh, ldap, 
ferm (firewall), and few other non-critical services.

I'd like to appeal to your experience for a couple concerns:

1) Should I upgrade in two steps from Buster to Bullseye (oldstable), and then 
to Bookworm? Or should I go directly from Buster to Bookworm in one step?
The upgrade will be done by changing sources.list 

2) To the best of your knowledge, do docker images break between such upgrades? 
Unfortunately, I don't have many details on docker because it was set-up by a 
previous admin.

If any big break/incompatibility comes to mind for the above services, please 
don't hesitate to share your story :)

Cheers!
Nick

Bookworm: IBM DSD3300 iSCSI connection problem

[Greg]

Hi there,

I'm trying to mount iscsi share exported from old IBM DS3300. 
Unfortunately I get the following error:


ping timeout of 5 secs expired, recv timeout 5, last rx 4405941922, last 
ping 4405943173, now 440598


DS3300 is in "Optimal" state.

Thanks in advance for any help

More info from dmesg:

[444198.925420] scsi 10:0:0:31: Attached scsi generic sg7 type 0
[444209.025722]  connection12:0: ping timeout of 5 secs expired, recv 
timeout 5, last rx 4405941922, last ping 4405943173, now 440598

[444209.025765]  connection12:0: detected conn error (1022)
[444211.083687] sd 10:0:0:0: Power-on or device reset occurred
[444221.313734]  connection12:0: ping timeout of 5 secs expired, recv 
timeout 5, last rx 4405944962, last ping 4405946240, now 4405947520

[444221.313780]  connection12:0: detected conn error (1022)
[444223.373262] sd 10:0:0:0: Power-on or device reset occurred
[444233.601772]  connection12:0: ping timeout of 5 secs expired, recv 
timeout 5, last rx 4405948034, last ping 4405949312, now 4405950592

[444233.601814]  connection12:0: detected conn error (1022)

and so on...
On DS3300 error log I see:

Date/Time: 6/16/24 9:27:04 PM
Sequence number: 621
Event type: 180D
Description: Session terminated unexpectedly
Event specific codes: 0/0/0
Event category: Internal
Component type: iSCSI Initiator
Component location: iqn.1993-08.org.debian:01:bc2c2e478b92
Logged by: Controller in slot A

Raw data:
4d 45 4c 48 03 00 00 00 6d 02 00 00 00 00 00 00
0d 18 49 02 88 3c 6f 66 00 00 00 00 00 00 00 00
00 00 00 00 04 00 00 00 19 00 00 00 19 00 00 00
26 00 00 00 69 71 6e 2e 31 39 39 33 2d 30 38 2e
6f 72 67 2e 64 65 62 69 61 6e 3a 30 31 3a 62 63
32 63 32 65 34 37 38 62 39 32 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 00 00 00 00 00 00 00 00 00 00 00

From DS3300 service console:

06/16/24-19:26:55 (GMT) (IOSched): NOTE:  DDB Changed on port 0 
mbox[0-5] 8014 0001 0038 0021 f 
06/16/24-19:26:55 (GMT) (IOSched): NOTE:  QLUtmConnection: Calling UTM 
with initiator ID 0x38 Request 0x2
06/16/24-19:26:55 (GMT) (IOSched): NOTE:  CloseConnectionNotification: 
Free connection object for InitiatorId 0x38   pPortal
06/16/24-19:26:55 (GMT) (IOSched): NOTE:  QLUpdateInitiatorData: [38] 
Not connected - prev 25
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  DDB Changed on port 0 
mbox[0-5] 8014 0001 0039 0023  
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  QLUtmConnection: Calling UTM 
with initiator ID 0x39 Request 0x1
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  QLUpdateInitiatorData: [39] 
Connected - prev 21
06/16/24-19:26:57 (GMT) (IOSched): WARN:  LoginPduContinue: 
ClosingSession (all conns) to allow new login. pSession = 1C25240
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  CloseSession: 
Session:0x1c25248, Tsih:0x1d1dbf4  pSessionItn:0x40e872c.

06/16/24-19:26:57 (GMT) (IOSched): NOTE:  InstantiateSession:
06/16/24-19:26:57 (GMT) (IOSched): NOTE:Session:0x0x1c25248
06/16/24-19:26:57 (GMT) (IOSched): NOTE:Initiator 
Name:iqn.1993-08.org.debian:01:bc2c2e478b92
06/16/24-19:26:57 (GMT) (IOSched): NOTE:Target 
Name:iqn.1992-01.com.lsi:1535.600a0b8000496dab666d0069

06/16/24-19:26:57 (GMT) (IOSched): NOTE:Target Obj:0x0x2fabd1c
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  InstantiateSession: 
SES_TYPE_NORMAL, SES_STATE_ACTIVE, SES_TRAN_IN_LOGIN.
06/16/24-19:26:57 (GMT) (IOSched): WARN:  AddConnectionToSession: Add 
new connection to this session,
Type:2 HostCID:0 TSIH:48 ConnCnt:1 MaxConns:1 MaxConnNeg:0 
pSession:0x1c25248
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  LoginPduContinue: 
SES_STATE_LOGGED_IN - normal
06/16/24-19:26:57 (GMT) (IOSched): NOTE: 
Initiator = iqn.1993-08.org.debian:01:bc2c2e478b92
06/16/24-19:26:57 (GMT) (IOSched): NOTE: 
Target = iqn.1992-01.com.lsi:1535.600a0b8000496dab0009
06/16/24-19:26:57 (GMT) (IOSched): NOTE:   CID: 
, SSID: 3dafefe
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  LoginPduContinue: eitItn 
allocated was 0x40e872c for initiator [39] Session:0x01c20
06/16/24-19:26:57 (GMT) (IOSched): WARN:  DdbSetParms:Session:0x1c25248 
Conn:0x3dafed8 sNegotiated.MaxRecvDataSegmentLength 0
06/16/24-19:26:57 (GMT) (setAliasAltTask): NOTE:  snrAliasAltTask: 
IconSendInfeasibleException Error
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  DDB Changed on port 0 
mbox[0-5] 8014 0001 0039 0025  
06/16/24-19:26:57 (GMT) (IOSched): NOTE:  QLUpdateInitiatorData: [39] 
Logged In.

Re: NVidia 340 video driver in Bookworm?

[Van Snyder]

Hans:

Thanks for the note. It seems that nouveau is a bit more stable in
Debian 12.5 than it had been in Debian 10.1. At least I hope it is. So
far, it hasn't crashed.

MfG,
Van

On Mon, 2024-06-10 at 10:11 +0200, Hans wrote:
> No, the NV6800M needs 340xx driver, not 390xx as I prior posted. However, I 
> have a GF-119 in my Lenovo T520, where nvidia-detect says, it needs 340xx. 
> But, although I got 340xx compiled for the kernel, it did not start.
> 
> I then build 390xx, which worked like a charm. This happened on my notebook 
> and also on an older graphics card in my desktop pc (forgot, which graphic 
> chip it was).
> 
> The 340xx I never got compiled in bookworm, even when downloaded the sources 
> from bullseye and downgraded compiler and other things (except of kernel).
> 
> The issue: During build, the nvidia-sources were looking for some files, 
> which 
> were no more existent in the kernel headers since that version. So the build 
> failed. 
> 
> I asked the developers of the kernel headers, to fix this, but they claimed, 
> that NVidia has to fix it, not the developers. 
> 
> One can now argument for both sides. 
> 
> 1. Either tell Nvidia, "hey fix your old drivers to our new headers, we 
> removed some libs!"
> 
> or 
> 
> 2. Tell the developers "Hey, please put back the libs, so that the kernel 
> module of this old driver can be build again!"
> 
> In real life no one wants to care of it! Nvidia not, because this costs money 
> and the developers not, because this is Nvidia and proprietrary (what is not 
> quite correct, because the kernel-module, which is the part, that can not be 
> build, is open-source).
> 
> 
> Before you try: It is also not possible, to download the driver from the 
> NVidia site directly, because you will run into the same issue again: It can 
> not be build!
> 
> Personally I can not understand, why this is not beeing fixed. It is not a 
> problem with the kernel-module itself (I mean, no bug in the function), but 
> it 
> just can not be build. This is the least, I would expect! However, this is 
> just my own very personal Opinion and no one shall be feel blamed here with!
> 
> Hope, this makes a little bit clearer.
> 
> Oh, and of course, modern cards supported by 470 and higher, of course this 
> can be build! But they do not support older cards (legacy cards).
> 
> Best
> 
> Hans
> > Did the 470 driver work for the GeForce 8600M? I tried to install the
> > 390 driver, but it said "This driver will ignore your GPU" so I didn't
> > finish the installation.
> 
> 
> 
> 

Re: NVidia 340 video driver in Bookworm?

[Stefan Monnier]

> In real life no one wants to care of it! Nvidia not, because this
> costs money  and the developers not, because this is Nvidia and
> proprietrary (what is not  quite correct, because the kernel-module,
> which is the part, that can not be  build, is open-source).

Since you say it's "open source", then "anyone" should be allowed to
update the code to adapt to the new kernel code.  IOW *you* can fix it,
or if you don't have the time/energy you may be able to find someone
else to fix it (potentially paying them for it).


Stefan

Re: NVidia 340 video driver in Bookworm?

[Hans]

No, the NV6800M needs 340xx driver, not 390xx as I prior posted. However, I 
have a GF-119 in my Lenovo T520, where nvidia-detect says, it needs 340xx. 
But, although I got 340xx compiled for the kernel, it did not start.

I then build 390xx, which worked like a charm. This happened on my notebook 
and also on an older graphics card in my desktop pc (forgot, which graphic 
chip it was).

The 340xx I never got compiled in bookworm, even when downloaded the sources 
from bullseye and downgraded compiler and other things (except of kernel).

The issue: During build, the nvidia-sources were looking for some files, which 
were no more existent in the kernel headers since that version. So the build 
failed. 

I asked the developers of the kernel headers, to fix this, but they claimed, 
that NVidia has to fix it, not the developers. 

One can now argument for both sides. 

1. Either tell Nvidia, "hey fix your old drivers to our new headers, we 
removed some libs!"

or 

2. Tell the developers "Hey, please put back the libs, so that the kernel 
module of this old driver can be build again!"

In real life no one wants to care of it! Nvidia not, because this costs money 
and the developers not, because this is Nvidia and proprietrary (what is not 
quite correct, because the kernel-module, which is the part, that can not be 
build, is open-source).


Before you try: It is also not possible, to download the driver from the 
NVidia site directly, because you will run into the same issue again: It can 
not be build!

Personally I can not understand, why this is not beeing fixed. It is not a 
problem with the kernel-module itself (I mean, no bug in the function), but it 
just can not be build. This is the least, I would expect! However, this is 
just my own very personal Opinion and no one shall be feel blamed here with!

Hope, this makes a little bit clearer.

Oh, and of course, modern cards supported by 470 and higher, of course this 
can be build! But they do not support older cards (legacy cards).

Best

Hans
> Did the 470 driver work for the GeForce 8600M? I tried to install the
> 390 driver, but it said "This driver will ignore your GPU" so I didn't
> finish the installation.

Re: NVidia 340 video driver in Bookworm?

[Van Snyder]

On Mon, 2024-06-10 at 01:13 +0200, Toni Mas Soler wrote:
> El Fri, 07 Jun 2024 14:56:23 -0700Van Snyder <
> van.sny...@sbcglobal.net> va escriure el següent:
> > On Fri, 2024-06-07 at 22:47 +0200, Hans wrote:
> > > Just a hint: Sometimes the nvidia-config module says, you
> > > need340.xx, but this is not always true. My card (with th
> > > eolderkernel) was running 390.xx, although th esystem told me, I
> > > have touse 340.xx. 390.xx was running like a charm, 340.xx
> > > crashed. So itlied.
> > > Sorry, that I can help no further and for the bad news, but do
> > > nottry too much - I fear, you will fail!  
> > 
> > So far, this is the best advice, so don't apologize.
> > I had assumed that when NVidia said I need 340 that it is
> > undoubtedlytrue. I'll try 390.
> 
> 
> 
> Have you tried "nvidia-detect" package? This tells you what driver
> youneed.
> In my machine, I installed nvdia-tesla-470-driver and it works fine.

Did the 470 driver work for the GeForce 8600M? I tried to install the
390 driver, but it said "This driver will ignore your GPU" so I didn't
finish the installation.

Re: NVidia 340 video driver in Bookworm?

[Toni Mas Soler]

El Fri, 07 Jun 2024 14:56:23 -0700
Van Snyder  va escriure el següent:

> On Fri, 2024-06-07 at 22:47 +0200, Hans wrote:
> > Just a hint: Sometimes the nvidia-config module says, you need
> > 340.xx, but this is not always true. My card (with th eolder
> > kernel) was running 390.xx, although th esystem told me, I have to
> > use 340.xx. 390.xx was running like a charm, 340.xx crashed. So it
> > lied.
> > 
> > Sorry, that I can help no further and for the bad news, but do not
> > try too much - I fear, you will fail!  
> 
> So far, this is the best advice, so don't apologize.
> 
> I had assumed that when NVidia said I need 340 that it is undoubtedly
> true. I'll try 390.
> 




Have you tried "nvidia-detect" package? This tells you what driver you
need.

In my machine, I installed nvdia-tesla-470-driver and it works fine.

Re: [SOLVED] Re: Debian bookworm fails to install

[Andrew M.A. Cater]

Hi Hans!

On Sat, Jun 08, 2024 at 11:43:38AM +0200, Hans wrote:
> Hello!
> 
> For those, who are interested in my discovering with bootcd, I attached a 
> screenshot of the 
> message, the installer told and why grub can not be installed. It might 
> explain more.
> 

You might want to try OFTC IRC channel #debian-live or the debian-live
or debian-boot mailing lists?

All the very best, as ever,

Andy
(amaca...@debian.org)

[SOLVED] Re: Debian bookworm fails to install

[Hans]

Hello!

For those, who are interested in my discovering with bootcd, I attached a 
screenshot of the 
message, the installer told and why grub can not be installed. It might explain 
more.

However, I suppose, there are not many people in the world, building 
a live-system + installer + bootcd on it and want to install this. I believe, 
the package bootcd is 
only known by very few people at all.

But as we are always want to improve things, I feel it important, to tell about 
this problem. 

As I said before: Dunno, whom I should file a bugreport! 

Anyway, take a look at the picture and you know more. 

For me, it looks like a dependency problem

Have fun!

Hans

Re: [SOLVED] Re: Debian bookworm fails to install

[Brad Rogers]

On Sat, 8 Jun 2024 11:45:49 +0700
Max Nikulin  wrote:

Hello Max,

>On 08/06/2024 00:48, Hans wrote:
>> BUT - grub-efi-amd64-bin conflicts with grub-efi-amd64-bin-signed  
>No it does not. I have both installed. I think, the latter needs .mod 

The pedant in me would point out that actually, no, you don't.  Read that
second package name again.  It doesn't exist.

Of course, I'm pretty certain that Hans typed the wrong thing and meant
to type 'grub-efi-amd64-signed'.  No -bin-.  From my (limited)
searching, it seems 'signed' & 'bin' are mutually exclusive in grub
package names and thus, if you have a '-signed' package, there must be a
corresponding '-bin' package installed for things to work.

Typographical mistakes are the main reason error messages, commands,
and what-not, should be copy/pasted in their entirety and not typed from
memory.

Remember:
Mistakes, like bad news, travel fast.
:-)

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
We don't need no-one to tell us what's right or wrong
The Modern World - The Jam


pgpBDcHX9UGs3.pgp
Description: OpenPGP digital signature

Re: NVidia 340 video driver in Bookworm?

[Max Nikulin]

On 08/06/2024 03:29, Van Snyder wrote:

Has anybody been able to install the NVidia 340.108 video driver in
Debian 12?


I am not aware of current state of affairs. Several years ago it was 
possible to rebuild the .deb package (that uses DKMS) with additional 
patches to make the code compatible with changed kernel API. On that 
machine I had Ubuntu installed, but the procedure should be similar

https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/+bug/1737750
You may try to find patches for newer kernels.

I do not remember graphics card model. The noveau driver caused more 
image artifacts that time.

Re: [SOLVED] Re: Debian bookworm fails to install

[Max Nikulin]

On 08/06/2024 00:48, Hans wrote:

BUT - grub-efi-amd64-bin conflicts with grub-efi-amd64-bin-signed


No it does not. I have both installed. I think, the latter needs .mod 
files provided by the former.

Re: [SOLVED] Re: Debian bookworm fails to install

[Jeffrey Walton]

On Fri, Jun 7, 2024 at 1:48 PM Hans  wrote:
>
> Got it! Found the reason and a fix for it.
>
> Just not easy to find. It is an dependency-problem!
>
> What happened?
>
> Well, in ~config/mylist.list.chroot I added the package "bootcd", which shoul 
> exist in my live-system. During build this made no problems and all 
> dependencies are ok. But - during install it appears, that there is a 
> dependency conflict with the installer as bootcd needs grub-efi-amd64-bin.
>
> However, when bootcd wants to install, this package will be installed, too as 
> it is dependent. So far, so well.
>
> BUT - grub-efi-amd64-bin conflicts with grub-efi-amd64-bin-signed
>
> and forces it to deinstall,
>
> which, you guess it, the debian-installer needs.
>
> And so the grub-installer crashes!
>
> Now the question, who should be asked for help? Maintainers of bootcd? 
> Maintainers of debian-installer? Or Maintainers of packages?
>
> I do not know, and as long as I do not know, I can not file a bugreport as 
> none of them (and this is fully correct and understandable) is responsible 
> from his sight on.
>
> However, the problem can easily be reproduced.

Forgive my ignorance... How does this translate into an intermittent
problem? It seems like you would never encounter it, or always
encounter it. What makes the problem come and go?

Jeff

Re: Debian bookworm fails to install

[Jeffrey Walton]

On Fri, Jun 7, 2024 at 3:08 PM Hans  wrote:
>
> Hi folks,
>
> I am running into an issue, I can not explain.
>
> Let me please shortly describe:
>
> For my own purposes I am building a live-debian ISO with installer. As I am
> finetuning some things (not related to the system itself), I am building
> several ISOs a day.
>
> The live-build is set to bookworm (not bullseye, as lb config does).
>
> However, everything is going fine., the live-system is booting well.
>
> But: When I want to install it, the installer always breaks, when it wants to
> install grub. (grub-installer fails).
>
> As I am doing always a fresh install with completely formatting the harddrive,
> it can not be explained, why this happens.
>
> And more strange: When I build one version, it is working well. Changing
> nothing, and building again, suddenly the installer crashes at grub
> installation and then it will never work again.
>
> To declare: I can build several times, and every installation is working well,
> and suddenly without any reason, it breakes. Doing then using one version
> before (the last one, which worked well), it is still working, but the next
> build is crashing.
>
> Ok, I think you understood, what I meant. Well, one reason I could imagine,
> that the debian mirror, I add during installation process is changing. I am
> using "deb.debian.org", but when using another mirror in my near, I am running
> into the same issue.
>
> I also tried to install grub manually in the console during installation
> process, using "grub-installer /target", but this did neither work nor show
> much usefull information.
>
> Any idea, why this is happening? I saw similar messages in some forums, but
> they are all related to Debian 10, which is rather old (and I suppose, these
> bugs are fixed).

You might have a look at grub2 bugs in Bookworm, and see if any look
like they apply to you:
<https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=grub2;dist=stable>.

Jeff

Re: NVidia 340 video driver in Bookworm?

[Van Snyder]

On Fri, 2024-06-07 at 22:47 +0200, Hans wrote:
> Just a hint: Sometimes the nvidia-config module says, you need 340.xx, but 
> this is not always true. My card (with th eolder kernel) was running 390.xx, 
> although th esystem told me, I have to use 340.xx. 390.xx was running like a 
> charm, 340.xx crashed. So it lied.
> 
> Sorry, that I can help no further and for the bad news, but do not try too 
> much - I fear, you will fail!

So far, this is the best advice, so don't apologize.

I had assumed that when NVidia said I need 340 that it is undoubtedly
true. I'll try 390.

Re: NVidia 340 video driver in Bookworm?

[Hans]

Am Freitag, 7. Juni 2024, 22:29:30 CEST schrieb Van Snyder:
Hi! Sadly to tell, that I treid hard to get 340.xx running in Bookworm. The 
problem is: You can not get it build with the actual kernel sources.

I checked and the developers missed some dependencies, the NVidia driver needs 
at build time.

You can get running it, if you are using an old kernel, like th eone from 
buster, maybe bullseye. In these kernels the dependencies and the libs, the 
sources are searching, are existent.

However, maybe you can trick the build by adding the needed dependencies and 
things, the driver is searching. But I dunno, if this is a good idea.

I also tried the orginal sources from nvidia.com, but here the same dependency 
problem appeared.

In some former mails I asked the kernel developers for help, but there was no 
big interest in fixing things with closed source drivers (however, the kernel 
module is not closed source as far as I know). 

Most people are pointing to nouveau, but this is pita. Development in nouveau 
is also not much any more people told.

Thus, with this old graphics card in linux is a problem, although they are in 
many notebooks people still use (I am running a Lenovo T520, several years 
old, but still fast enough). It has also a NVidia-card built in which needs 
340.xx but I can not use it due to the lack of the kernel driver.

Just a hint: Sometimes the nvidia-config module says, you need 340.xx, but 
this is not always true. My card (with th eolder kernel) was running 390.xx, 
although th esystem told me, I have to use 340.xx. 390.xx was running like a 
charm, 340.xx crashed. So it lied.

Sorry, that I can help no further and for the bad news, but do not try too 
much - I fear, you will fail!

Have a nice day!

Hans 


> Has anybody been able to install the NVidia 340.108 video driver in
> Debian 12?
> 
> The messages I found said "Support for it ended in 2019. Use nouveau."
> 
> But I seem to have trouble with nouveau. When I was running Debian 10
> on a Dell Vostro 1700 laptop with NVidia GeForce 8400M graphics, I had
> been able to install the driver, and had no trouble. I made the mistake
> of installing Debian 12.5 on the same partition, so I don't have the
> Debian 10 install anymore. It freezes so completely that the keyboard
> doesn't work, so I can't switch to a TTY screen. Even if I "ssh" to it
> from my desktop, I can't kill and restart the graphics. I have a script
> to restart KDE, but it does nothing. Even "init 3" doesn't do the
> trick. I have to hold down the power key to reboot. I don't think it's
> a hardware problem that amazingly manifested simultaneously with a new
> install.
> 
> Here's some too-late advice I've given to myself: Never blow away your
> old install that appears to be working. If you don't have a new disk,
> and you have room on the old one, make new boot and root partitions.
> Mark only the new boot partition as the bootable one. Hook both boot
> partitions to grub.

NVidia 340 video driver in Bookworm?

[Van Snyder]

Has anybody been able to install the NVidia 340.108 video driver in
Debian 12?

The messages I found said "Support for it ended in 2019. Use nouveau."

But I seem to have trouble with nouveau. When I was running Debian 10
on a Dell Vostro 1700 laptop with NVidia GeForce 8400M graphics, I had
been able to install the driver, and had no trouble. I made the mistake
of installing Debian 12.5 on the same partition, so I don't have the
Debian 10 install anymore. It freezes so completely that the keyboard
doesn't work, so I can't switch to a TTY screen. Even if I "ssh" to it
from my desktop, I can't kill and restart the graphics. I have a script
to restart KDE, but it does nothing. Even "init 3" doesn't do the
trick. I have to hold down the power key to reboot. I don't think it's
a hardware problem that amazingly manifested simultaneously with a new
install.

Here's some too-late advice I've given to myself: Never blow away your
old install that appears to be working. If you don't have a new disk,
and you have room on the old one, make new boot and root partitions.
Mark only the new boot partition as the bootable one. Hook both boot
partitions to grub.

Re: [SOLVED] Re: Debian bookworm fails to install

[Hans]

Looks like a typo from me. 

apt-cache search grub-efi-amd | grep signed 
grub-efi-amd64-signed - GRand Unified Bootloader, version 2 (amd64 UEFI signed 
by Debian) 
grub-efi-amd64-signed-template - GRand Unified Bootloader, Version 2 
(Signaturvorlage für 
EFI-AMD64)

It is grub-efi-amd64-signed. 

Sorry for that. 

I checked after install: If I want to install package bootcd after 
installation, no packages will be 
deinstalled, just several added.

Not sure, what is the difference, between the installation process and the 
finished installation. 

Best

Hans


> 
> I can't find the package grub-efi-amd64-bin-signed.
> Where should I look?
> 
> Cheers,
> David.

Re: [SOLVED] Re: Debian bookworm fails to install

[David Wright]

On Fri 07 Jun 2024 at 19:48:21 (+0200), Hans wrote:
> Got it! Found the reason and a fix for it.
> Just not easy to find. It is an dependency-problem!
> 
> What happened?
> 
> Well, in ~config/mylist.list.chroot I added the package "bootcd", which shoul 
> exist in my live-
> system. During build this made no problems and all dependencies are ok. But - 
> during install it 
> appears, that there is a dependency conflict with the installer as bootcd 
> needs grub-efi-amd64-
> bin.
> 
> However, when bootcd wants to install, this package will be installed, too as 
> it is dependent. So 
> far, so well. 
> BUT - grub-efi-amd64-bin conflicts with grub-efi-amd64-bin-signed 
> and forces it to deinstall, 
> which, you guess it, the debian-installer needs. 
> 
> And so the grub-installer crashes!

I can't find the package grub-efi-amd64-bin-signed.
Where should I look?

Cheers,
David.

[SOLVED] Re: Debian bookworm fails to install

[Hans]

Got it! Found the reason and a fix for it.
Just not easy to find. It is an dependency-problem!

What happened?

Well, in ~config/mylist.list.chroot I added the package "bootcd", which shoul 
exist in my live-
system. During build this made no problems and all dependencies are ok. But - 
during install it 
appears, that there is a dependency conflict with the installer as bootcd needs 
grub-efi-amd64-
bin.

However, when bootcd wants to install, this package will be installed, too as 
it is dependent. So 
far, so well. 
BUT - grub-efi-amd64-bin conflicts with grub-efi-amd64-bin-signed 
and forces it to deinstall, 
which, you guess it, the debian-installer needs. 

And so the grub-installer crashes!

Now the question, who should be asked for help? Maintainers of bootcd? 
Maintainers of debian-
installer? Or Maintainers of packages? 

I do not know, and as long as I do not know, I can not file a bugreport as none 
of them (and 
this is fully correct and understandable) is responsible from his sight on.

However, the problem can easily be reproduced.

Thanks for reading this, hope it helps. For me, this issue can be closed.

Best regards

Hans

Re: Debian bookworm fails to install

[Hans]

Am Freitag, 7. Juni 2024, 18:24:11 CEST schrieb Michael Kjörling:
Hi Michael,
> On 7 Jun 2024 18:01 +0200, from hans.ullr...@loop.de (Hans):
> > For my own purposes I am building a live-debian ISO with installer.
> 
> How are you doing this?
I am starting with lb config (to get a straight live-build environment).

After this I am edititing all entries in ~/config/bootstrap | binary | common 
from "bullseye" to 
"bookworm".

At last I am editing the entry for the name of the image from "live-image" to 
"RustDesk-live-
image" (I want it so be named).

Then lb config --purge.

After this, I am starting with my own shell script, which contents this line:



...

lb config --purge

lb config --debian-installer live --bootappend-live "boot=live username=myname 
hostname=my_hostname..." (keyboard definitions and so on)

lb build



This worked, but from one day to another no more, and this is strange! 
I also did a fresh live-build-environment installation, then it worked 3 or 4 
times, and then it 
broke again.



> 
> Can you post a script (or something similar) which reliably
> demonstrates the issue when executed within a fresh Debian system?
> 

The issue is not in the Debian itself, but it happens, when I want to install 
it. It happens as well 
on a native system as in Virtualbox itself.

Maybe I could upload the ISO somewhere, it can be used in Virtualbox and shows 
the crash 
there, too. However, the ISO is 700MB and you need 8GB harddrive in Virtualbox. 
Think, not a 
goo idea.

> > I also tried to install grub manually in the console during installation
> > process, using "grub-installer /target", but this did neither work nor
> > show
> > much usefull information.
> 
> Should we take this to mean that it did show _some_ "useful
> information"? If so, what _did_ it show?

No, it did not show any usefull information. Messages like "grub-installer 
failed" is no usefull 
information! No reason why...
> 
> It appears that you are trying something; having some issue; see
> symptoms; draw conclusions; and then tell us about your conclusions
> and ask for a solution to your issue so as to be able to continue with
> what you're trying to do. But without us being able to see what you
> are doing and what happens when you do, _in full_, it's nearly
> impossible to guess from your conclusions what might cause the issue
> you're having in the first place.
> 
Yeah, I know. If I got more information for myself, maybe I could find the 
reason for myself, 
too. But the installer does not show 

> Show us _exactly_ what's happening, as far as you are able. At a
> minimum, make it easy for others to recreate a situation in which you
> see the specific problem.
> 
> In other words, a minimal (non)working example.

At the moment, I try to use the installer from bullsyeye and the system of 
bookworm. It can be 
set in the live-build configurations.

Maybe it is a problem with the debian-bookworm repo (mirroring in process, 
whatever) and 
tomorrow it will magiacally work again.

So, I suppose, we should wait. I will try some things here and maybe I can fix 
it though.

Thanks for help anyway.

Best regards


Hans

Re: Debian bookworm fails to install

[Michael Kjörling]

On 7 Jun 2024 18:01 +0200, from hans.ullr...@loop.de (Hans):
> For my own purposes I am building a live-debian ISO with installer.

How are you doing this?

Can you post a script (or something similar) which reliably
demonstrates the issue when executed within a fresh Debian system?


> I also tried to install grub manually in the console during installation
> process, using "grub-installer /target", but this did neither work nor show
> much usefull information.

Should we take this to mean that it did show _some_ "useful
information"? If so, what _did_ it show?

It appears that you are trying something; having some issue; see
symptoms; draw conclusions; and then tell us about your conclusions
and ask for a solution to your issue so as to be able to continue with
what you're trying to do. But without us being able to see what you
are doing and what happens when you do, _in full_, it's nearly
impossible to guess from your conclusions what might cause the issue
you're having in the first place.

Show us _exactly_ what's happening, as far as you are able. At a
minimum, make it easy for others to recreate a situation in which you
see the specific problem.

In other words, a minimal (non)working example.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Debian bookworm fails to install

[Hans]

Hi folks,

I am running into an issue, I can not explain.

Let me please shortly describe:

For my own purposes I am building a live-debian ISO with installer. As I am 
finetuning some things (not related to the system itself), I am building 
several ISOs a day. 

The live-build is set to bookworm (not bullseye, as lb config does).

However, everything is going fine., the live-system is booting well.

But: When I want to install it, the installer always breaks, when it wants to 
install grub. (grub-installer fails). 

As I am doing always a fresh install with completely formatting the harddrive, 
it can not be explained, why this happens.

And more strange: When I build one version, it is working well. Changing 
nothing, and building again, suddenly the installer crashes at grub 
installation and then it will never work again. 

To declare: I can build several times, and every installation is working well, 
and suddenly without any reason, it breakes. Doing then using one version 
before (the last one, which worked well), it is still working, but the next 
build is crashing.

Ok, I think you understood, what I meant. Well, one reason I could imagine, 
that the debian mirror, I add during installation process is changing. I am 
using "deb.debian.org", but when using another mirror in my near, I am running 
into the same issue.

I also tried to install grub manually in the console during installation 
process, using "grub-installer /target", but this did neither work nor show 
much usefull information.

Any idea, why this is happening? I saw similar messages in some forums, but 
they are all related to Debian 10, which is rather old (and I suppose, these 
bugs are fixed).

Thanks for any hints and help!

Best regards

Hans   

Re: about 10th new install of bookworm!

[Felix Miata]

gene heskett composed on 2024-06-05 22:08 (UTC-0400):

> Felix Miata wrote:

>> ...or disabling the motherboard's
>> sound device in BIOS setup, whichever is applicable, before beginning
>> installation, as a possible thwart to the Gnome must have everything 
>> paradigm, if
>> blocking Gnome entirely is unacceptable.

> That might be useful advice, but the sound card is not readily 
> removable, its built into this asus motherboard

Hence, removing its functionality by disabling sound device in UEFI BIOS setup.
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: about 10th new install of bookworm!

[gene heskett]

On 6/5/24 21:05, Felix Miata wrote:

gene heskett composed on 2024-06-05 11:21 (UTC-0400):


I always get re-install instructions.  Frustrating.


Should you choose to accept any fresh installation suggestion by doing another,
consider removing the sound card from its slot, or disabling the motherboard's
sound device in BIOS setup, whichever is applicable, before beginning
installation, as a possible thwart to the Gnome must have everything paradigm, 
if
blocking Gnome entirely is unacceptable.


That might be useful advice, but the sound card is not readily 
removable, its built into this asus motherboard. An Asus PRIME Z370-A II.


As a side note to installation: as soon as a fresh installation seems suitably
complete, but before adding any additional software, create a compressed /
filesystem partition backup image to facilitate any need for a consequent 
do-over.

gene heskett composed on 2024-06-05 17:08 (UTC-0400):


So this is the umptieth time I've asked how to fix it, and got recipes
for re-installing the basic system as an answer. Mike gave me instructs
to run a couple commands, once normally, once while it was hung but the
2nd comnnand I fed to wc -l and got almost 300k lines. Difficult to do
in real time because the command itself is subject to the lockout lag.


Answering a help request like this one is a toughie. It's commonly necessary to
reproduce both hardware configuration and software configuration in order to try
to address the problem. That can be quite complicated, and time consumptive. 
Here
it seems we may have a shortage from both helper and helpee, not necessarily a
fault of either, but a puzzle with missing pieces, in addition to some pieces 
that
don't belong to the puzzle (history tomes; not being concise). Could it also be
that we have too many cooks in the kitchen here too?


Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: about 10th new install of bullseye BUT its not Bullseye, its bookworm!

[David Christensen]

On 6/5/24 08:21, gene heskett wrote:> 
But in asking how to get rid of [orca], the subject 
is always changed and I always get re-install instructions.  



Because that is the most practical and correct answer for your 
situation; especially given the disk access issues.



AIUI assistive technologies have been standard on FOSS graphical 
workstations for years.  It should be possible to turn assistance off, 
but it might not be possible to eliminate the machine code throughout 
the entire software stack.



I install Debian with the Xfce desktop, SSH server, and standard system 
utilities onto minimal hardware.  It takes a known amount of time and 
usually works.  I have successfully ignored assistive technologies for 
years (decades?).  Yes, the assistive technologies are wasting storage, 
memory, and cycles, and they create a larger threat surface, but those 
risks and costs are cheaper than me trying to understand and control all 
of the details.



Succeeding with software requires that you devise strategies to work 
within the limitations of the software.  Alternatively with FOSS, you 
can change the software.



David

Re: about 10th new install of bookworm!

[Felix Miata]

gene heskett composed on 2024-06-05 11:21 (UTC-0400):

> I always get re-install instructions.  Frustrating.

Should you choose to accept any fresh installation suggestion by doing another,
consider removing the sound card from its slot, or disabling the motherboard's
sound device in BIOS setup, whichever is applicable, before beginning
installation, as a possible thwart to the Gnome must have everything paradigm, 
if
blocking Gnome entirely is unacceptable.

As a side note to installation: as soon as a fresh installation seems suitably
complete, but before adding any additional software, create a compressed /
filesystem partition backup image to facilitate any need for a consequent 
do-over.

gene heskett composed on 2024-06-05 17:08 (UTC-0400):

> So this is the umptieth time I've asked how to fix it, and got recipes
> for re-installing the basic system as an answer. Mike gave me instructs
> to run a couple commands, once normally, once while it was hung but the
> 2nd comnnand I fed to wc -l and got almost 300k lines. Difficult to do
> in real time because the command itself is subject to the lockout lag.

Answering a help request like this one is a toughie. It's commonly necessary to
reproduce both hardware configuration and software configuration in order to try
to address the problem. That can be quite complicated, and time consumptive. 
Here
it seems we may have a shortage from both helper and helpee, not necessarily a
fault of either, but a puzzle with missing pieces, in addition to some pieces 
that
don't belong to the puzzle (history tomes; not being concise). Could it also be
that we have too many cooks in the kitchen here too?
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: about 10th new install of bullseye BUT its not Bullseye, its bookworm!

[David Wright]

On Wed 05 Jun 2024 at 11:21:04 (-0400), gene heskett wrote:
> 
> I have removed orca by removing its exec bits. But the system then
> will not reboot, waiting forever for orca to start.  The only recovery
> possible is a re-install, which accounts for about the first 23
> installs. But just like now, no one has told me how to REMOVE THEM
> ONCE INSTALLED BY THE BROKEN INSTALLER. Finally i was instructed to
> remove ALL usb stuff. Which did not remove them, but did not configure
> them to run like I was blind. Some macular degeneration due to my age
> but not blind yet at 89. And I still have both orca and brltty but
> unconfigured.  That I can tolerate. But in asking how to get rid of
> it, the subject is always changed and I always get re-install
> instructions.  Frustrating.

Can we assume that you have turned off autostarting orca in
its configuration file?

Can we assume that you've disabled/masked the brltty service?

Cheers,
David.

Re: about 10th new install of bullseye BUT its not Bullseye, its bookworm!

[gene heskett]

oot, waiting forever for orca to start.  The only recovery 
possible is a re-install, which accounts for about the first 23 
installs. But just like now, no one has told me how to REMOVE THEM ONCE 
INSTALLED BY THE BROKEN INSTALLER. Finally i was instructed to remove 
ALL usb stuff. Which did not remove them, but did not configure them to 
run like I was blind. Some macular degeneration due to my age but not 
blind yet at 89. And I still have both orca and brltty but unconfigured. 
 That I can tolerate. But in asking how to get rid of it, the subject 
is always changed and I always get re-install instructions.  Frustrating.



apt-rdepends -r orca tells me:

# apt-rdepends -r orca
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
orca
   Reverse Depends: gnome (>= 1:3.38+3)
   Reverse Depends: gnome-orca (3.38.2-2)
   Reverse Depends: orca-sops (1.0.2-2)
gnome
gnome-orca
orca-sops

So removing orca would also take gnome, and that probably is 
unacceptable to you. Accordingly, you need to tame orca to find the 
process that causes it to run and persuade it not to do that.


I found, on a bookworm install (I have no bullseye with gnome and orca), 


This is bookworm.

that running orca -s from a terminal will bring up a settings panel with 
a check box for "Enable speech" under the "Speech" tab. Unchecking that 
box and selecting the "Apply" button will silence Orca. I think that 
leaves some of its subtasks running, as children of the systemd --user 
task; I am far from expert here. They do not seem to use significant 
resources, however.


Alternatively, you can find orca's process, for instance, with "ps -ef | 
grep orca", and kill it. The -HUP signal is enough. Or you can kill its 
parent process (third column in the ps -ef output) if it is not a 
necessary one, or maybe teach it how to not start orca in the first place,


I hope this is useful. Things like this can be very annoying.


An understatement Tom.
Thanks tom.
But when is trixie official.



Regards,
Tom Dial




.


Cheers, Gene Heskett, CET.


.


Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: Bookworm and its kernel: any updates coming?

[Timothy M Butterworth]

On Mon, Jun 3, 2024 at 8:52 PM  wrote:

> On 6/3/24 09:40, Tom Browder wrote:
> > I keep getting emails concerning the serious kernel vulnerability in
> > kernels 5.14 through 6.6.
> >
> > I have not seen any updates and uname -a shows: 6.1.0-13-amd64
> On 6/3/24 09:40, Tom Browder wrote:
> > I keep getting emails concerning the serious kernel vulnerability in
> > kernels 5.14 through 6.6.
> >
> > I have not seen any updates and uname -a shows: 6.1.0-13-amd64
> >
> > Anyone concerned?
>
> I have the same kernel, and no updates.
>
> eben@cerberus:~$ sudo apt-get update
> [sudo] password for eben:
> Hit:1 http://deb.debian.org/debian bookworm InRelease
> Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
> Hit:3 http://deb.debian.org/debian bookworm-proposed-updates InRelease
> Hit:4 http://deb.debian.org/debian bookworm-backports InRelease
> Hit:5 http://deb.debian.org/debian-security bookworm-security InRelease
> Hit:6 https://deb.torproject.org/torproject.org bookworm InRelease
> Hit:7 https://www.deb-multimedia.org bookworm InRelease
> Reading package lists... Done
>
> eben@cerberus:~$ apt list --upgradable
> Listing... Done
>
> eben@cerberus:~$ apt-cache policy linux-image-amd64
> linux-image-amd64:
>Installed: (none)
>Candidate: 6.1.90-1
>Version table:
>   6.7.12-1~bpo12+1 100
>  100 http://deb.debian.org/debian bookworm-backports/main amd64
> Packages
>

The above line shows that you have kernel 6.7.12 from Debian Backports
installed. You will not get any new 6.1.x kernel packages because 6.7.12 is
newer and has a priority of 100. To verify your kernel version try
running `uname
-a`. If it doesn't report 6.7.12 then try rebooting.


>   6.1.90-1 500
>  500 http://deb.debian.org/debian bookworm-proposed-updates/main
> amd64 Packages
>  500 http://deb.debian.org/debian-security bookworm-security/main
> amd64 Packages
>   6.1.76-1 500
>  500 http://deb.debian.org/debian bookworm/main amd64 Packages
>   6.1.67-1 500
>  500 http://deb.debian.org/debian bookworm-updates/main amd64
> Packages
>
> What am I doing wrong?  Also, I'm not sure how to interpret the apt-cache
> output.
>
>
> --
>
>This message was created using recycled electrons.
>
>

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Re: Bookworm and its kernel: any updates coming?

[eben]

On 6/3/24 15:06, Greg Wooledge wrote:

On Mon, Jun 03, 2024 at 02:18:40PM -0400, e...@gmx.us wrote:

eben@cerberus:~$ apt-cache policy linux-image-amd64
linux-image-amd64:
   Installed: (none)
   Candidate: 6.1.90-1



What am I doing wrong?


You haven't installed the linux-image-amd64 metapackage, which means
you will not be offered new kernel versions automatically.  This isn't
technically "wrong", but it's not (or should not be) a common choice.


eben@cerberus:~$ apt-cache policy linux-image-amd64
linux-image-amd64:
  Installed: 6.1.90-1
  Candidate: 6.1.90-1

Excellent, thank you.

Also, if you happen to have a bit of a post selected in Tbird when you hit
"Reply List", it starts your reply with just that piece.  That's a
reasonable action, I guess, just not what I expected.

--
LEO:  Now is not a good time to photocopy your butt and staple it
to your boss' face, oh no.  Eat a bucket of tuna-flavored pudding
and wash it down with a gallon of strawberry Quik.  -- Weird Al

Re: Bookworm and its kernel: any updates coming?

[Greg Wooledge]

On Mon, Jun 03, 2024 at 02:18:40PM -0400, e...@gmx.us wrote:
> eben@cerberus:~$ apt-cache policy linux-image-amd64
> linux-image-amd64:
>   Installed: (none)
>   Candidate: 6.1.90-1

> What am I doing wrong?

You haven't installed the linux-image-amd64 metapackage, which means
you will not be offered new kernel versions automatically.  This isn't
technically "wrong", but it's not (or should not be) a common choice.

Re: Bookworm and its kernel: any updates coming?

[eben]

On 6/3/24 09:40, Tom Browder wrote:

I keep getting emails concerning the serious kernel vulnerability in
kernels 5.14 through 6.6.

I have not seen any updates and uname -a shows: 6.1.0-13-amd64

On 6/3/24 09:40, Tom Browder wrote:

I keep getting emails concerning the serious kernel vulnerability in
kernels 5.14 through 6.6.

I have not seen any updates and uname -a shows: 6.1.0-13-amd64

Anyone concerned?


I have the same kernel, and no updates.

eben@cerberus:~$ sudo apt-get update
[sudo] password for eben:
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
Hit:3 http://deb.debian.org/debian bookworm-proposed-updates InRelease
Hit:4 http://deb.debian.org/debian bookworm-backports InRelease
Hit:5 http://deb.debian.org/debian-security bookworm-security InRelease
Hit:6 https://deb.torproject.org/torproject.org bookworm InRelease
Hit:7 https://www.deb-multimedia.org bookworm InRelease
Reading package lists... Done

eben@cerberus:~$ apt list --upgradable
Listing... Done

eben@cerberus:~$ apt-cache policy linux-image-amd64
linux-image-amd64:
  Installed: (none)
  Candidate: 6.1.90-1
  Version table:
 6.7.12-1~bpo12+1 100
100 http://deb.debian.org/debian bookworm-backports/main amd64 Packages
 6.1.90-1 500
500 http://deb.debian.org/debian bookworm-proposed-updates/main
amd64 Packages
500 http://deb.debian.org/debian-security bookworm-security/main
amd64 Packages
 6.1.76-1 500
500 http://deb.debian.org/debian bookworm/main amd64 Packages
 6.1.67-1 500
500 http://deb.debian.org/debian bookworm-updates/main amd64 Packages

What am I doing wrong?  Also, I'm not sure how to interpret the apt-cache
output.


--

  This message was created using recycled electrons.

Re: Bookworm and its kernel: any updates coming?

[Michael Kjörling]

On 3 Jun 2024 11:29 -0500, from tom.brow...@gmail.com (Tom Browder):
> Thanks for your concern and help.

You're welcome. Glad you got it sorted.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Bookworm and its kernel: any updates coming?

[Tom Browder]

On Mon, Jun 3, 2024 at 09:15 Michael Kjörling <2695bd53d...@ewoof.net>
wrote:

> On 3 Jun 2024 08:40 -0500, from tom.brow...@gmail.com (Tom Browder):
> > I keep getting emails concerning the serious kernel vulnerability in
> > kernels 5.14 through 6.6.
> >
> > I have not seen any updates and uname -a shows: 6.1.0-13-amd64
>
> Something's broken on your end.
>
> Bookworm is currently at ABI 6.1.0-21 / kernel 6.1.90-1 since May 6


Michael, on one my hosts I discovered both 13 and 21 pkgs are installed. I
did a reboot and I get uname -a = 6.1.0-21-amd4;

I must have missed a msg at some point.

Thanks for your concern and help.

-Tom

Re: Bookworm and its kernel: any updates coming?

[Michael Kjörling]

On 3 Jun 2024 09:51 -0500, from tom.brow...@gmail.com (Tom Browder):
> But another remote host seems to have the same problem. Each host comes
> from a different provider and had slightly different default pinnings in
> '/etc/apt/sources.list'.
> 
> I'll double-check my pinnings.

Try: apt-cache policy linux-image-amd64

Here's the output of that from my system, only slightly anonymized,
for comparison:

> linux-image-amd64:
>   Installed: 6.1.90-1
>   Candidate: 6.1.90-1
>   Version table:
>  *** 6.1.90-1 500
>     500 http://security.debian.org bookworm-security/main amd64 Packages
> 100 /var/lib/dpkg/status
>  6.1.76-1 500
> 500 https://mirror.debian.example/debian bookworm/main amd64 Packages
>  6.1.67-1 500
>     500 https://mirror.debian.example/debian bookworm-updates/main amd64 
> Packages

I also double-checked, and 6.1.0-13 is indeed the ABI version
immediately preceding the kernel bugs incident. The kernels affected
by that in mainline Debian were 6.1.0-14/6.1.64* and 6.1.0-15/6.1.66*;
the latter by unrelated bug #1057967 which may or may not affect you.
This further reinforces my belief that the problem is likely to be an
errant apt pin meant to exclude those kernels from being installed
accidentally, and which ended up matching too much. (The other obvious
possibility would be that the mirror you're using stopped updating
around that time, but frankly that seems less likely, especially if
you are seeing the same behavior across two different hosting
providers.)

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Bookworm and its kernel: any updates coming?

[Tom Browder]

On Mon, Jun 3, 2024 at 09:15 Michael Kjörling <2695bd53d...@ewoof.net>
wrote:
...

> > I have not seen any updates and uname -a shows: 6.1.0-13-amd64
>
...

> Something's broken on your end.

...

Check your apt pins to ensure that you're not
> blocking too much.


Thanks, Michael.

My system is a remote host, and I'm in the process of a reinstall on one.

If I correctly read the links you sent, the latest kernel has that CVE
covered.

But another remote host seems to have the same problem. Each host comes
from a different provider and had slightly different default pinnings in
'/etc/apt/sources.list'.

I'll double-check my pinnings.

-Tom

Re: Bookworm and its kernel: any updates coming?

[Michael Kjörling]

On 3 Jun 2024 08:40 -0500, from tom.brow...@gmail.com (Tom Browder):
> I keep getting emails concerning the serious kernel vulnerability in
> kernels 5.14 through 6.6.
> 
> I have not seen any updates and uname -a shows: 6.1.0-13-amd64

Something's broken on your end.

Bookworm is currently at ABI 6.1.0-21 / kernel 6.1.90-1 since May 6
[1]. Bookworm Backports seems to have a 6.7.12 kernel.

https://packages.debian.org/bookworm/linux-image-amd64

https://tracker.debian.org/news/1527641/accepted-linux-signed-amd64-61901-source-into-stable-security/

IIRC (but without having checked) 6.1.0-13 was around the kernel data
corruption bug incident. Check your apt pins to ensure that you're not
blocking too much.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Bookworm and its kernel: any updates coming?

[Tom Browder]

I keep getting emails concerning the serious kernel vulnerability in
kernels 5.14 through 6.6.

I have not seen any updates and uname -a shows: 6.1.0-13-amd64

Anyone concerned?

-Tom

Re: Strange difference between bullseye and bookworm.

[Tim Woodall]

On Tue, 28 May 2024, Tim Woodall wrote:


On Tue, 28 May 2024, Tim Woodall wrote:


I start a new user namespace as follows:
(The special bashrc is just because there are some things in my default
one that (expectedly) don't work in the lxc user namespace)




I then mount an overlayfs on top of that:
fuse-overlayfs -o lowerdir=lower,upperdir=overlay,workdir=work mount




And it appears that fuse-overlayfs is the problem. Downgrading to the
version from bullseye fixes:

root@bookworm19:~# apt-get install fuse-overlayfs=1.4.0-1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be DOWNGRADED:
 fuse-overlayfs


The problem only seems to trigger when lower is a squashfs mount...



And upgrading to the version in trixie (doesn't even need to be
backported, the package installs as is) also fixes.

Re: moving some packages back to bookworm stable

[Max Nikulin]

On 29/05/2024 00:51, Michael Grant wrote:

The culprits that seemed to be causing the massive dependencies were
libsasl2-2 and libsasl2-modules-db.  Though not libsasl2-modules which
i also have installed.


With adjusted priorities these packages are not an issue for "apt upgrade".

More serious concern may be whether data written by newer versions are 
readable by older applications or whether some command in package 
scripts can fail due to downgrade of libc or some other library. That is 
why I consider downgrade as a last resort option. Trying it you should 
be prepared to a severe failure and clean reinstall.


Actually the config I posted is incomplete. There is a pitfall similar 
to APT::Default-Release (and -t option). Besides bookworm (or stable) it 
is necessary to explicitly specify bookworm-security and 
bookworm-updates (stable-security, stable-updates). Anyway it can be 
easily spotted in


apt policy

output that has to be run to check effect of changed config files.

Re: Strange difference between bullseye and bookworm.

[Tim Woodall]

On Tue, 28 May 2024, Tim Woodall wrote:


I start a new user namespace as follows:
(The special bashrc is just because there are some things in my default
one that (expectedly) don't work in the lxc user namespace)




I then mount an overlayfs on top of that:
fuse-overlayfs -o lowerdir=lower,upperdir=overlay,workdir=work mount




And it appears that fuse-overlayfs is the problem. Downgrading to the
version from bullseye fixes:

root@bookworm19:~# apt-get install fuse-overlayfs=1.4.0-1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be DOWNGRADED:
  fuse-overlayfs


The problem only seems to trigger when lower is a squashfs mount...

Re: moving some packages back to bookworm stable

[Michael Grant]

Max, your list looks very similiar to what I'm seeing.

I seem to have suceeded in removing all of the testing packages from
my backup instance, now, just need to flip the ips around and see if
the ship still floats.

The culprits that seemed to be causing the massive dependencies were
libsasl2-2 and libsasl2-modules-db.  Though not libsasl2-modules which
i also have installed.

Using apt to try and remove the first 2 were causing this:

The following packages will be REMOVED:
  apache2 apache2-bin clamav clamav-daemon clamav-freshclam clamav-milter 
clamav-unofficial-sigs clamdscan colord curl dirmngr git gnupg gnupg2 
gpg-wks-client
  libapache2-mod-php8.2 libapache2-mod-ruid2 libaprutil1-ldap libclamav11 
libcurl3-gnutls libcurl4 libgphoto2-6 libldap-2.5-0 libmailutils9 
libmemcached11 libpq5 libsane1
  libsasl2-2 mailutils mongo-tools opendkim opendkim-tools python-apt 
python3-certbot-apache python3-debianbts python3-pycurl python3-pysimplesoap 
python3-reportbug reportbug
  sane-utils sendmail sendmail-bin sensible-mda

I sucked down those 3 packages and downgraded them via 'dpkg -i' and
was able to uninstall and reinstall sendmail by apt and now, no more
packages from testing.

Whew, I won't do that again.  But it's good to know how these things work!

Thanks all for your help.


signature.asc
Description: PGP signature

Strange difference between bullseye and bookworm.

[Tim Woodall]

I start a new user namespace as follows:
(The special bashrc is just because there are some things in my default
one that (expectedly) don't work in the lxc user namespace)

lxc-usernsexec -m b:0:689824:65536 -- /bin/bash --rcfile ~/.bashrc.lxc

Inside there I mount a squash fs image that includes the normal tools
for building packages

squashfuse bookworm.amd64.build-deb.sqfs lower

I then mount an overlayfs on top of that:
fuse-overlayfs -o lowerdir=lower,upperdir=overlay,workdir=work mount

I bind mount /dev/null into there
cd mount
touch dev/null
mount -o bind /dev/null dev/null

and then I chroot:
/sbin/chroot .

This all appears to be working perfectly on both bookworm and bullseye
hosts.

But in bookworm, apt-get update fails in a weird way:

root@dirac:/# apt-get update
Get:1 http://aptmirror.home.woodall.me.uk/local bookworm InRelease [18.9 kB]
Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB]
Err:1 http://aptmirror.home.woodall.me.uk/local bookworm InRelease
  Couldn't execute /usr/bin/apt-key to check 
/var/lib/apt/lists/partial/aptmirror.home.woodall.me.uk_local_dists_bookworm_InRelease
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 
kB]
Err:2 http://deb.debian.org/debian bookworm InRelease
  Couldn't execute /usr/bin/apt-key to check 
/var/lib/apt/lists/partial/deb.debian.org_debian_dists_bookworm_InRelease
Err:3 http://deb.debian.org/debian-security bookworm-security InRelease
  Couldn't execute /usr/bin/apt-key to check 
/var/lib/apt/lists/partial/deb.debian.org_debian-security_dists_bookworm-security_InRelease

Notice that "Couldn't execute /usr/bin/apt-key"

Running exactly the same on a bullseye host and this "just works"

Running:
strace -f apt-get update |& less

[pid  6619] execve("/usr/bin/apt-key", ["/usr/bin/apt-key", "--quiet", "--readonly", "verify", "--status-fd", 
"3", "/tmp/apt.sig.xWh7oI", "/tmp/apt.data.JpfP2n"], 0x5566c9baafc0 /* 48 vars */) = -1 EOPNOTSUPP (Operation not supported)

This is my problem!

If I unpack the squashfs image but otherwise follow the same steps (i.e.
lower is a normal directory) then this works.

When I compare other things I see this in the working one:
[pid  6701] openat(AT_FDCWD, "/proc/self/fd", 
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)

while I see this in the non-working one:
[pid  6701] openat(AT_FDCWD, "/proc/self/fd", 
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EOPNOTSUPP (Operation not supported)

ENOENT is expected as I don't have /proc mounted in the namespace.

execve works for other tasks:
[pid  6693] execve("/usr/bin/dpkg", ["/usr/bin/dpkg", 
"--print-foreign-architectures"], 0x7ffe96e5ffa0 /* 42 vars */) = 0
works on both the bullseye and bookworm hosts, there's something special
about apt-key. Weirdly, copying dpkg over apt-key and I still get this
EOPNOTSUPP error. But deleting it completely and I get ENOENT from the
execve call.

Does anyone have any ideas what might be be wrong here, what I could try
to get this working again?

Tim.

Re: moving some packages back to bookworm stable

[Max Nikulin]

On 29/05/2024 00:00, Michael Grant wrote:


4) dpkg -i libc6_whatever.deb libwhomever.deb 

5) Repeat until it works.

Apt is NOT built for downgrading.


Agree.


Ah I see, I did not realise that's what you meant by downgrading it,
thanks.


The thread is becoming excessively long. Have you posted output of "apt 
policy" to figure out what is your current configuration? You must have 
either additional config or pinning besides sources list for testing.


Out of curiosity I have tried to install sendmail and openssh-server 
from testing. I removed testing from sources list, dropped the following 
file


/etc/apt/preferences.d/80-downgrade.pref
Package: *
Pin: release n=bookworm
Pin-Priority: 1001

and after

 apt upgrade

only a couple of packages from testing survived:

libdb5.3t64/now 5.3.28+dfsg2-7 amd64 [installed,local]
libssl3t64/now 3.2.1-3 amd64 [installed,local]

I have no idea if all sendmail state and spool files have compatible 
format. So arbitrary failures may be expected.


Before downgrade it was:

libc-bin/testing,now 2.38-11 amd64 [installed]
libc-l10n/testing,now 2.38-11 all [installed,automatic]
libc6/testing,now 2.38-11 amd64 [installed]
libdb5.3t64/testing,now 5.3.28+dfsg2-7 amd64 [installed,automatic]
libsasl2-2/testing,now 2.1.28+dfsg1-6 amd64 [installed,automatic]
libsasl2-modules-db/testing,now 2.1.28+dfsg1-6 amd64 [installed,automatic]
libsasl2-modules/testing,now 2.1.28+dfsg1-6 amd64 [installed,automatic]
libssl3t64/testing,now 3.2.1-3 amd64 [installed,automatic]
libzstd1/testing,now 1.5.5+dfsg2-2 amd64 [installed]
locales/testing,now 2.38-11 all [installed]
openssh-client/testing,now 1:9.7p1-5 amd64 [installed]
openssh-server/testing,now 1:9.7p1-5 amd64 [installed]
openssh-sftp-server/testing,now 1:9.7p1-5 amd64 [installed,automatic]
openssl/testing,now 3.2.1-3 amd64 [installed,automatic]
sendmail-base/testing,now 8.18.1-3 all [installed,automatic]
sendmail-bin/testing,now 8.18.1-3 amd64 [installed,automatic]
sendmail-cf/testing,now 8.18.1-3 all [installed,automatic]
sendmail/testing,now 8.18.1-3 all [installed]
sensible-mda/testing,now 8.18.1-3 amd64 [installed,automatic]

Re: moving some packages back to bookworm stable

[Greg Wooledge]

On Tue, May 28, 2024 at 01:00:24PM -0400, Michael Grant wrote:
> So once I've done this dpkg -i to install a package, I can do that
> without removing the old one first?

Yes, dpkg will upgrade or downgrade the existing package.

> And, once I've hammered a package into place with dpkg, in the future,
> will apt take it into account as a dependency of things already
> installed even though apt itself didn't install or rather downgrade
> the package itself?

Yes.  Dpkg is the lower level tool.  Apt is the higher level tool.
The set of installed packages is tracked by dpkg (it's in the file
/var/lib/dpkg/status which you can read if you like).  Apt calls dpkg
to do all of the installing, removing, etc.  Apt just calculates the
dependency tree and downloads the .deb files for dpkg to use.

Re: moving some packages back to bookworm stable

[Michael Grant]

> > # apt remove -s libc6
> 
> DO NOT do this.
> 
> Downgrade it.  DO NOT remove it and then hope to reinstall it later.
> Removing libc6 will break everything.
> 
> You seem to be flailing, so let me spell this out as explicitly as
> possible.  When I say "downgrade a library package", I mean:
> 
> 1) Download the .deb file for the bookworm(-security) version of the
>library package.
> 
> 2) Run "dpkg -i libc6_whatever.deb".
> 
> 3) When you inevitably get dependency conflicts, download the additional
>library packages that need to be downgraded at the same time, and add
>them to the list.
> 
> 4) dpkg -i libc6_whatever.deb libwhomever.deb 
> 
> 5) Repeat until it works.
> 
> 6) Helpful post-mess cleanup commands include "dpkg --configure -a" and
>"apt-get -f install".  (Yes, that last one has install with no package
>names.)
> 
> Apt is NOT built for downgrading.  If you happen to get any positive
> results from an apt command that involves downgrading, you can consider
> that a pleasant surprise.  Usually you need to invoke dpkg directly.

Ah I see, I did not realise that's what you meant by downgrading it,
thanks.

So once I've done this dpkg -i to install a package, I can do that
without removing the old one first?

And, once I've hammered a package into place with dpkg, in the future,
will apt take it into account as a dependency of things already
installed even though apt itself didn't install or rather downgrade
the package itself?  The fact that I am dpkg installing it over a
package that apt itself installed, perhaps this keeps apt happy?

Thanks for your help.  I use apt all the time to do upgrades but
rarely do I ever need to get into weeds with it.  It's a bit of a
black box to me.




signature.asc
Description: PGP signature

Re: moving some packages back to bookworm stable

[Greg Wooledge]

On Tue, May 28, 2024 at 09:12:18AM -0400, Michael Grant wrote:
> > You will most likely need to remove the testing versions of these packages
> > (apache2, git and so on) and then install the bookworm versions afterward.
> 
> Those dependent packages (most if not all) are not from testing.
> apache2, perl, they are all installed from bookworm or
> bookworm-security.

I am skeptical of this.

> That db5.3 from testing is uninstalled and reinstalling from stable is
> causing these other packages from stable to be uninstalled.  I find
> that confusing.

Let's say that you're right.  You actually *did* download and downgrade
these packages (and just didn't show us the details for some reason), but
the packaging system is unhappy about what you're telling it to do,
and it gets overly aggressive and wants to remove some things that you
feel could remain in place.

You could just *let it remove them*, and then reinstall them.  If you've
already downloaded and downgraded them to bookworm versions, then you
probably still have the .deb files, so it wouldn't even require another
download.

> But what about libc6?  That one really worries me.

As it should!

> # apt remove -s libc6

DO NOT do this.

Downgrade it.  DO NOT remove it and then hope to reinstall it later.
Removing libc6 will break everything.

You seem to be flailing, so let me spell this out as explicitly as
possible.  When I say "downgrade a library package", I mean:

1) Download the .deb file for the bookworm(-security) version of the
   library package.

2) Run "dpkg -i libc6_whatever.deb".

3) When you inevitably get dependency conflicts, download the additional
   library packages that need to be downgraded at the same time, and add
   them to the list.

4) dpkg -i libc6_whatever.deb libwhomever.deb 

5) Repeat until it works.

6) Helpful post-mess cleanup commands include "dpkg --configure -a" and
   "apt-get -f install".  (Yes, that last one has install with no package
   names.)

Apt is NOT built for downgrading.  If you happen to get any positive
results from an apt command that involves downgrading, you can consider
that a pleasant surprise.  Usually you need to invoke dpkg directly.

Re: moving some packages back to bookworm stable

[Michael Grant]

> So, which part are you confused about?  Did you think there was some
> easy way to FIX a frankendebian?  Are you confused because you keep
> thinking "there must be some single apt command that will do all the
> work for me"?
> 
> There's not.  You get to do all the work by hand.

I am trying to do it by hand.  There's not many packages to deal
with at this point, doing this by hand looks like 10 or so packages.

> You will most likely need to remove the testing versions of these packages
> (apache2, git and so on) and then install the bookworm versions afterward.

Those dependent packages (most if not all) are not from testing.
apache2, perl, they are all installed from bookworm or
bookworm-security.

That db5.3 from testing is uninstalled and reinstalling from stable is
causing these other packages from stable to be uninstalled.  I find
that confusing.

But what about libc6?  That one really worries me.

# apt remove -s libc6
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
a few pages of dependicies...

> The things to watch out for are config files (hence your backup), and
> any crazy dependency situations.  In the ideal case, you'll simply be
> able to remove all the packages that aren't libs, then downgrade the
> libs, then reinstall the packages.  And make sure you have sensible
> config files.  If you get stuck, there's always the big hammer
> (dpkg --force-depends and so on).
> 
> If/when it breaks, you get to reinstall from scratch.

I have a running second week old version of the same vm.  I'm rapidly
moving to abandon this and just swapping the instances around.

> This is why we tell people DO NOT MIX BINARY PACKAGES FROM MULTIPLE
> RELEASES.

Yup.  But this whole experience does make me wonder if there are
situations where it is safe.  For instance, if the thing you're
installing from a different release does not cause an update anything
from the current release to a new release.  It feels like apt might be
able to suss that out and if so, pop an "Are you sure??? (y/N)" in the
terminal.


signature.asc
Description: PGP signature

Re: moving some packages back to bookworm stable

[fxkl47BF]

On Tue, 28 May 2024, Michael Grant wrote:

> On Mon, May 27, 2024 at 12:59:34PM -0500, David Wright wrote:
>> So what did it say after that?
>
> Sorry, here's the entire output of one of the tries:
>
> [bottom /etc/mail #1168] apt install libdb5.3/bookworm db5.3-util/bookworm 
> db-util/bookworm
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3'
> Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 
> 'db5.3-util'
> Selected version '5.3.2' (Debian:12.5/stable [all]) for 'db-util'
> The following packages were automatically installed and are no longer 
> required:
>  acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base 
> colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs 
> ipp-usb libapr1 libaprutil1
>  libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 
> libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 
> libhashkit2 libieee1284-3 libldap-common
>  liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 
> libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 
> librbl1 librtmp1 libsane-common
>  libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 
> python2-minimal python3-augeas sane-airscan update-inetd usb.ids
> Use 'apt autoremove' to remove them.
> The following additional packages will be installed:
>  php8.2-fpm
> Suggested packages:
>  php-pear
> The following packages will be REMOVED:
>  apache2 apache2-bin clamav clamav-daemon clamav-freshclam clamav-milter 
> clamav-unofficial-sigs clamdscan colord curl dirmngr git gnupg gnupg2 
> gpg-wks-client libapache2-mod-php8.2
>  libapache2-mod-ruid2 libaprutil1-ldap libclamav11 libcurl3-gnutls libcurl4 
> libdb5.3t64 libgphoto2-6 libldap-2.5-0 libmailutils9 libmemcached11 libpq5 
> libsane1 libsasl2-2
>  libsasl2-modules-db mailutils mongo-tools opendkim opendkim-tools python-apt 
> python3-certbot-apache python3-debianbts python3-pycurl python3-pysimplesoap 
> python3-reportbug reportbug
>  sane-utils sasl2-bin sendmail sendmail-bin sensible-mda
> The following NEW packages will be installed:
>  libdb5.3 php8.2-fpm
> The following packages will be DOWNGRADED:
>  db-util db5.3-util
> 0 upgraded, 2 newly installed, 2 downgraded, 46 to remove and 0 not upgraded.
> Need to get 1,743 kB/2,507 kB of archives.
> After this operation, 234 MB disk space will be freed.
> Do you want to continue? [Y/n] n
> Abort.
>
>>> Is there some way to get apt to reinstall a package such that it does
>>> not think it has to uninstall things which depend on it because it's
>>> being immediatly reinstalled?
>>
>> That is the idea behind reinstall, though downgrading is always
>> a test of its ability to succeed.
>
> What it says it's going to do is actually remove those 46 packages and
> not reinstall them.  I believe it!  Clearly apt is unwinding the
> dependencies.  It seems like it's not taking into account the
> downgraded libdb5.3 is a valid dependency for all the things it's
> about to uninstall so it doesn't need to uninstall those things.  I
> thought it should do that, but for some reason, it's not doing that
> for me.
>
>

i ran into exactly this same situation
apt and apt-get wanted to remove a passel of packages
i tried aptitude and it removed only the package i wanted
the system still works fine
just my experience

Re: moving some packages back to bookworm stable

[Dan Ritter]

to...@tuxteam.de wrote: 
> On Mon, May 27, 2024 at 02:02:47PM -0400, Stefan Monnier wrote:
> 
> ISTR that "apt-get install =" will unconditionally
> install  of , if necessary pulling in dependencies.
> 
> But I've never tried it :-)

That pulls in dependencies but does not install packages that
would otherwise be forbidden by the priority system.

E.g.: if you have foobar 1.5 in stable and foobar 2.1 in
backports, and they each depend on libfoobar of the same version
number, then

apt-get install foobar=2.1

will fail saying that it requires libfoobar 2.1 but version 1.5
is to be installed.

You can then solve that by saying

apt-get install foobar=2.1 libfoobar=2.1

but many interesting packages will have a web of dependencies,
and sometimes following them will get you to a place it is hard
to escape.

The backports repository is generally safe (or safe-ish) because
the packages in it are meant to work in a mostly-stable system.

Other repos are less accomodating.

-dsr-

Re: moving some packages back to bookworm stable

[Greg Wooledge]

On Tue, May 28, 2024 at 07:09:16AM -0400, Michael Grant wrote:
> On Tue, May 28, 2024 at 06:59:50AM -0400, Greg Wooledge wrote:
> > On Tue, May 28, 2024 at 06:10:11AM -0400, Michael Grant wrote:
> > > The following packages will be REMOVED:
> > >   [...] libdb5.3t64 [...]
> > 
> > You've *clearly* still got testing packages installed.
> 
> YES.  As I originally said, I created this mess by installing sendmail
> from testing.  And then, a month or so later, I did an
> apt-get upgrade (to do updates, not a full upgrade) which pulled in
> some more things from testing.  I'm trying to get back to all being
> from stable.

So, which part are you confused about?  Did you think there was some
easy way to FIX a frankendebian?  Are you confused because you keep
thinking "there must be some single apt command that will do all the
work for me"?

There's not.  You get to do all the work by hand.

You will most likely need to remove the testing versions of these packages
(apache2, git and so on) and then install the bookworm versions afterward.

The things to watch out for are config files (hence your backup), and
any crazy dependency situations.  In the ideal case, you'll simply be
able to remove all the packages that aren't libs, then downgrade the
libs, then reinstall the packages.  And make sure you have sensible
config files.  If you get stuck, there's always the big hammer
(dpkg --force-depends and so on).

If/when it breaks, you get to reinstall from scratch.

This is why we tell people DO NOT MIX BINARY PACKAGES FROM MULTIPLE
RELEASES.

Re: moving some packages back to bookworm stable

[Michael Grant]

On Tue, May 28, 2024 at 06:59:50AM -0400, Greg Wooledge wrote:
> On Tue, May 28, 2024 at 06:10:11AM -0400, Michael Grant wrote:
> > The following packages will be REMOVED:
> >   [...] libdb5.3t64 [...]
> 
> You've *clearly* still got testing packages installed.

YES.  As I originally said, I created this mess by installing sendmail
from testing.  And then, a month or so later, I did an
apt-get upgrade (to do updates, not a full upgrade) which pulled in
some more things from testing.  I'm trying to get back to all being
from stable.

Unless this is somehow easily fixable, I am leaning towards reverting
to my backup before the apt-get upgrade which has just sendmail from
testing.  I can more easily remove that and reinstall that before
doing the update.

The more I futz with this live machine, the deeper I seem to dig
myself into a hole.


signature.asc
Description: PGP signature

Re: moving some packages back to bookworm stable

[Greg Wooledge]

On Tue, May 28, 2024 at 06:10:11AM -0400, Michael Grant wrote:
> The following packages will be REMOVED:
>   [...] libdb5.3t64 [...]

You've *clearly* still got testing packages installed.

Re: moving some packages back to bookworm stable

[Michael Grant]

On Mon, May 27, 2024 at 12:59:34PM -0500, David Wright wrote:
> So what did it say after that?

Sorry, here's the entire output of one of the tries:

[bottom /etc/mail #1168] apt install libdb5.3/bookworm db5.3-util/bookworm 
db-util/bookworm
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3'
Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'db5.3-util'
Selected version '5.3.2' (Debian:12.5/stable [all]) for 'db-util'
The following packages were automatically installed and are no longer required:
  acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base 
colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs 
ipp-usb libapr1 libaprutil1
  libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 
libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 libhashkit2 
libieee1284-3 libldap-common
  liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 
libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 
librbl1 librtmp1 libsane-common
  libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 
python2-minimal python3-augeas sane-airscan update-inetd usb.ids
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  php8.2-fpm
Suggested packages:
  php-pear
The following packages will be REMOVED:
  apache2 apache2-bin clamav clamav-daemon clamav-freshclam clamav-milter 
clamav-unofficial-sigs clamdscan colord curl dirmngr git gnupg gnupg2 
gpg-wks-client libapache2-mod-php8.2
  libapache2-mod-ruid2 libaprutil1-ldap libclamav11 libcurl3-gnutls libcurl4 
libdb5.3t64 libgphoto2-6 libldap-2.5-0 libmailutils9 libmemcached11 libpq5 
libsane1 libsasl2-2
  libsasl2-modules-db mailutils mongo-tools opendkim opendkim-tools python-apt 
python3-certbot-apache python3-debianbts python3-pycurl python3-pysimplesoap 
python3-reportbug reportbug
  sane-utils sasl2-bin sendmail sendmail-bin sensible-mda
The following NEW packages will be installed:
  libdb5.3 php8.2-fpm
The following packages will be DOWNGRADED:
  db-util db5.3-util
0 upgraded, 2 newly installed, 2 downgraded, 46 to remove and 0 not upgraded.
Need to get 1,743 kB/2,507 kB of archives.
After this operation, 234 MB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

> > Is there some way to get apt to reinstall a package such that it does
> > not think it has to uninstall things which depend on it because it's
> > being immediatly reinstalled?
> 
> That is the idea behind reinstall, though downgrading is always
> a test of its ability to succeed.

What it says it's going to do is actually remove those 46 packages and
not reinstall them.  I believe it!  Clearly apt is unwinding the
dependencies.  It seems like it's not taking into account the
downgraded libdb5.3 is a valid dependency for all the things it's
about to uninstall so it doesn't need to uninstall those things.  I
thought it should do that, but for some reason, it's not doing that
for me.



signature.asc
Description: PGP signature

Re: moving some packages back to bookworm stable

[tomas]

On Mon, May 27, 2024 at 02:02:47PM -0400, Stefan Monnier wrote:
> >> > # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin
> >> 
> >> I can never remember exactly what `-t` really does, but I suspect you'll
> >> need things like
> >> 
> >> apt install libc-bin/bookworm
> >
> > To install a single backported (or other release) package, 
> > apt-get install packagename/releasename
> >
> > and to install a backported package plus dependencies which
> > are also from that specific release, use 
> > apt-get -t releasename packagename
> 
> But that's not the whole story of what `-t` does since the above does
> not explain why his attempt to use `-t` to downgrade some packages
> resulted in `apt` saying " is already the newest version".

ISTR that "apt-get install =" will unconditionally
install  of , if necessary pulling in dependencies.

But I've never tried it :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: moving some packages back to bookworm stable

[Max Nikulin]

On 28/05/2024 01:02, Stefan Monnier wrote:

But that's not the whole story of what `-t` does since the above does
not explain why his attempt to use `-t` to downgrade some packages
resulted in `apt` saying " is already the newest version".


My guess is that -t increases priority of the specified release. However 
the value is not enough to allow downgrades.


Another issue is the libdb5.3t64 explicit argument. This package does 
not exist in bookworm.

Re: moving some packages back to bookworm stable

[David Wright]

On Mon 27 May 2024 at 21:46:24 (+0200), Detlef Vollmann wrote:
> On 5/27/24 20:02, Stefan Monnier wrote:
> > > > > # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin
> > > > 
> > > > I can never remember exactly what `-t` really does, but I suspect you'll
> > > > need things like
> > > > 
> > > >  apt install libc-bin/bookworm
> > > 
> > > To install a single backported (or other release) package,
> > > apt-get install packagename/releasename
> > > 
> > > and to install a backported package plus dependencies which
> > > are also from that specific release, use
> > > apt-get -t releasename packagename
> > 
> > But that's not the whole story of what `-t` does since the above does
> > not explain why his attempt to use `-t` to downgrade some packages
> > resulted in `apt` saying " is already the newest version".
> 
> Sometimes '-t' works for me, and does what I expect, and sometimes
> it doesn't.

And, of course, what would interest the list is what it says
when it doesn't work.

> So I generelly use now the explicit version:
> 
> apt install libc-bin=2.36-9+deb12u7

Cheers,
David.

Re: moving some packages back to bookworm stable

[Detlef Vollmann]

On 5/27/24 20:02, Stefan Monnier wrote:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin


I can never remember exactly what `-t` really does, but I suspect you'll
need things like

 apt install libc-bin/bookworm


To install a single backported (or other release) package,
apt-get install packagename/releasename

and to install a backported package plus dependencies which
are also from that specific release, use
apt-get -t releasename packagename


But that's not the whole story of what `-t` does since the above does
not explain why his attempt to use `-t` to downgrade some packages
resulted in `apt` saying " is already the newest version".


Sometimes '-t' works for me, and does what I expect, and sometimes
it doesn't.  So I generelly use now the explicit version:

apt install libc-bin=2.36-9+deb12u7

  Detlef

Re: moving some packages back to bookworm stable

[David Wright]

On Mon 27 May 2024 at 14:02:47 (-0400), Stefan Monnier wrote:
> >> > # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin
> >> 
> >> I can never remember exactly what `-t` really does, but I suspect you'll
> >> need things like
> >> 
> >> apt install libc-bin/bookworm
> >
> > To install a single backported (or other release) package, 
> > apt-get install packagename/releasename
> >
> > and to install a backported package plus dependencies which
> > are also from that specific release, use 
> > apt-get -t releasename packagename
> 
> But that's not the whole story of what `-t` does since the above does
> not explain why his attempt to use `-t` to downgrade some packages
> resulted in `apt` saying " is already the newest version".

Neither syntax will specify a newer version for plain "install"
to install or upgrade.

Cheers,
David.

Re: moving some packages back to bookworm stable

[Stefan Monnier]

>> > # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin
>> 
>> I can never remember exactly what `-t` really does, but I suspect you'll
>> need things like
>> 
>> apt install libc-bin/bookworm
>
> To install a single backported (or other release) package, 
> apt-get install packagename/releasename
>
> and to install a backported package plus dependencies which
> are also from that specific release, use 
> apt-get -t releasename packagename

But that's not the whole story of what `-t` does since the above does
not explain why his attempt to use `-t` to downgrade some packages
resulted in `apt` saying " is already the newest version".


Stefan

Re: moving some packages back to bookworm stable

[David Wright]

On Mon 27 May 2024 at 12:23:41 (-0400), Michael Grant wrote:
> [ … ]
> so I thought I'd try the same process with db5.3, but removing db5.3
> wants to remove a slew of packages:
> 
> # apt reinstall -s libdb5.3/bookworm
> ...
> Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3'
> The following packages were automatically installed and are no longer 
> required:
>   acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base 
> colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs 
> ipp-usb libapr1 libaprutil1
>   libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 
> libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 
> libhashkit2 libieee1284-3 libldap-common
>   liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 
> libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 
> librbl1 librtmp1 libsane-common
>   libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 
> python2-minimal python3-augeas sane-airscan update-inetd usb.ids
> Use 'apt autoremove' to remove them

So what did it say after that?

> Is there some way to get apt to reinstall a package such that it does
> not think it has to uninstall things which depend on it because it's
> being immediatly reinstalled?

That is the idea behind reinstall, though downgrading is always
a test of its ability to succeed.

Cheers,
David.

Re: moving some packages back to bookworm stable

[Dan Ritter]

Stefan Monnier wrote: 
> > # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin
> 
> I can never remember exactly what `-t` really does, but I suspect you'll
> need things like
> 
> apt install libc-bin/bookworm

To install a single backported (or other release) package, 
apt-get install packagename/releasename

and to install a backported package plus dependencies which
are also from that specific release, use 
apt-get -t releasename packagename

-dsr-

Re: moving some packages back to bookworm stable

[Michael Grant]

Hans, thanks for that but I am a bit confused following your
instructions.  Did you mean to I should remove the lines for 'stable'
from sources.list?  Or remove the lines for 'testing'?  I am trying to
get the packages to go back to stable.

I am more familiar with apt than aptitude.

I managed to do part of what Greg recommended.  I removed sendmail and
sasl2-bin and reinstalled them from stable.  That seemed to work fine,
I have fewer testing pkgs installed now:

$ apt-show-versions | g testing
db-util:all/testing 5.3.3 uptodate
db5.3-util:amd64/testing 5.3.28+dfsg2-7 uptodate
libc-bin:amd64/testing 2.38-11 uptodate
libc-dev-bin:amd64/testing 2.38-11 uptodate
libc-devtools:amd64/testing 2.38-11 uptodate
libc-l10n:all/testing 2.38-11 uptodate
libc6:amd64/testing 2.38-11 uptodate
libc6-dev:amd64/testing 2.38-11 uptodate
libdb5.3t64:amd64/testing 5.3.28+dfsg2-7 uptodate
libmilter1.0.1:amd64/testing 8.18.1-3 uptodate
libsasl2-2:amd64/testing 2.1.28+dfsg1-6 uptodate
libsasl2-modules:amd64/testing 2.1.28+dfsg1-6 uptodate
libsasl2-modules-db:amd64/testing 2.1.28+dfsg1-6 uptodate
libssl3t64:amd64/testing 3.2.1-3 uptodate
libzstd1:amd64/testing 1.5.5+dfsg2-2 uptodate
locales:all/testing 2.38-11 uptodate
openssh-client:amd64/testing 1:9.7p1-5 uptodate
openssh-server:amd64/testing 1:9.7p1-5 uptodate
openssh-sftp-server:amd64/testing 1:9.7p1-5 uptodate
openssl:amd64/testing 3.2.1-3 uptodate
zstd:amd64/testing 1.5.5+dfsg2-2 uptodate

so I thought I'd try the same process with db5.3, but removing db5.3
wants to remove a slew of packages:

# apt reinstall -s libdb5.3/bookworm
...
Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3'
The following packages were automatically installed and are no longer required:
  acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base 
colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs 
ipp-usb libapr1 libaprutil1
  libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 
libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 libhashkit2 
libieee1284-3 libldap-common
  liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 
libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 
librbl1 librtmp1 libsane-common
  libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 
python2-minimal python3-augeas sane-airscan update-inetd usb.ids
Use 'apt autoremove' to remove them

Is there some way to get apt to reinstall a package such that it does
not think it has to uninstall things which depend on it because it's
being immediatly reinstalled?

And for those of you telling me to have a backup, I do.  I have booted
a snapshot from about a week ago.  However, to make that the live one
and dump this one, it's not so easy but possible.  That snapshot has
only sendmail from testing. Hard to know what is more work, going down
this route or making the other instance live.  I'm starting to think
about abandoning this and reconfiguring the backup instance.


signature.asc
Description: PGP signature

Re: moving some packages back to bookworm stable

[Hans]

Doing "apt-get upgrade" will only upgrade all installed packages, but no new 
ones (even, if they are needed).

Better is to do an "apt-get full-upgrade", which will install the whole system 
from stable to testing. However, this might also uninstall some wanted 
packages, thus often it is calles the "intelligent" upgrade. Intelligent does 
not mean, the upgrade is intelligent, but the one doing this upgrade (mostly 
the person, who is root) should be intelligent.

Downgrading is not an easy way, but managable. But it is a lot of intelligent 
work.

How can you do this? This is, how I am figured out (best way for me!)

First, remove the entry from stable off your sources.list.

Then start aptitude and update the list. 

Next manually search all packages you want to downgrade to the needed 
versions. The last apt-get or aptitude log should help.


Mark all installed versions to "remove" (magenta coluur) and needed versions 
to "install" (green colour).

Now, dive manually into all dependencies (these are marked with the red 
coulour)  and do the same as above (mark the installed version first "remove" 
then the correct as "install").

Important: Check that ALL dependencies are correct and no libs or anything 
else is set with red colour.

This process must be done very, very correct! 

After this press "g" (which is for "install now") and if everything was set 
correct, all packages are now downgraded.

Note: If you have missed something, you have to restart again!

>From my experiences this doing so is still faster, than to setup a new system.

Hope this helps.

Good luck!

Best

Hans 


 

Re: moving some packages back to bookworm stable

[Max Nikulin]

On 27/05/2024 21:28, Michael Grant wrote:

What I want to do is get the system back to just using the packages
from stable rather than testing.


I have never tried the following, so it is better to test it in a 
virtual machine or inside a container. I would try to set priority of 
bookworm release high enough to allow downgrade. See apt_preferences(5) 
for details concerning pinning. However downgrade of libc makes "apt 
upgrade" really risky.


Do not forget to remove configuration with excessive priority afterwards.

Re: moving some packages back to bookworm stable

[Stefan Monnier]

> I needed to install a version of sendmail from testing a while back to
> test it.

Downgrading Debian packages is not well supported, by and large.
So installing `testing` packages into a `stable` install is manageable
(tho it itself can bring trouble) but going back to `stable` afterwards
tends to be a lot more complicated.

Transitions like the t64 transition going on right now in `testing` make
it yet more troublesome.

I recommend the use of snapshots when you want to try such a thing with
the intention of "going back" later.

> # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin

I can never remember exactly what `-t` really does, but I suspect you'll
need things like

apt install libc-bin/bookworm

to state more explicitly what you want.
Maybe you can do something like

apt install $(apt-show-versions | sed -n 's|/testing.*|/stable|p')


- Stefan

Re: moving some packages back to bookworm stable

[David Wright]

On Mon 27 May 2024 at 09:56:54 (-0400), Michael Grant wrote:
> What's the best way to get back to running just the bookworm stable
> packages?  I tried what I thought was the obvious way to fix this by
> running:
> 
> # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin 
> libc-devtools libc-l10n libc6 libc6-dev libdb5.3t64 libmilter1.0.1 libsasl2-2 
> libsasl2-modules libsasl2-modules-db libssl3t64 libzstd1 locales 
> openssh-client openssh-server openssh-sftp-server openssl sasl2-bin sendmail 
> sendmail-base sendmail-bin sendmail-cf sensible-mda zstd

As Greg wrote: backups come first.

But in the above, you need reinstall, either as a command, or
as an option --reinstall.

Cheers,
David.

Re: moving some packages back to bookworm stable

[Greg Wooledge]

On Mon, May 27, 2024 at 10:28:37AM -0400, Michael Grant wrote:
> On Mon, May 27, 2024 at 10:19:48AM -0400, Greg Wooledge wrote:
> > On Mon, May 27, 2024 at 09:56:54AM -0400, Michael Grant wrote:
> > > I needed to install a version of sendmail from testing a while back to
> > > test it.
> > 
> > Your subject header says "bookworm stable".  You don't install binary
> > packages from testing on a stable system.  You use backports instead.
> 
> ugh no, wait, I may be using the wrong terminology.  I'm not wanting
> to install special packages and definitely don't need to build my own.
> 
> What I want to do is get the system back to just using the packages
> from stable rather than testing.  Only those few packages before
> things get worse in the next update.  There's not many.

Downgrading essential libraries (libc6 and friends) that were brought
in when you tainted your stable system with testing packages is going
to be risky.

Definitely make a backup before you do ANYTHING.

Once that's done, you can try purging the non-essential testing packages,
and then downgrading the essential ones.  If at any point the system
becomes utterly broken, reinstall stable, and then restore your backup.

Re: moving some packages back to bookworm stable

[Michael Grant]

On Mon, May 27, 2024 at 10:19:48AM -0400, Greg Wooledge wrote:
> On Mon, May 27, 2024 at 09:56:54AM -0400, Michael Grant wrote:
> > I needed to install a version of sendmail from testing a while back to
> > test it.
> 
> Your subject header says "bookworm stable".  You don't install binary
> packages from testing on a stable system.  You use backports instead.

ugh no, wait, I may be using the wrong terminology.  I'm not wanting
to install special packages and definitely don't need to build my own.

What I want to do is get the system back to just using the packages
from stable rather than testing.  Only those few packages before
things get worse in the next update.  There's not many.



signature.asc
Description: PGP signature

Re: moving some packages back to bookworm stable

[Greg Wooledge]

On Mon, May 27, 2024 at 09:56:54AM -0400, Michael Grant wrote:
> I needed to install a version of sendmail from testing a while back to
> test it.

Your subject header says "bookworm stable".  You don't install binary
packages from testing on a stable system.  You use backports instead.

https://backports.debian.org/Instructions/

There is already a bookworm backported version of sendmail available:

https://packages.debian.org/search?keywords=sendmail=names=all=bookworm-backports

If that one isn't new enough, then you may need to build your own backport
package.  This is usually either trivially easy ("type these commands")
or utterly impossible, depending on which dependencies have changed
since bookworm.  There's no in-between.

moving some packages back to bookworm stable

[Michael Grant]

I needed to install a version of sendmail from testing a while back to
test it.  On friday, I ran 'apt upgrade' which looked like it was
going to uninstall and then reinstall the sendmail packages.  I let it
run, when it was done, only some of the sendmail packages had
re-installed.  Basically, I shot myself in the foot with the
dependencies.  In the end, this was not a good idea.

I really do not want to reinstall the entire box, there's a lot of
config that has gone into this over the years.  What I'd like to do is
just get back to stable bookworm packages.

Before the update, these are the packages that were installed from
testing:

$ apt-show-versions | grep testing
libmilter1.0.1:amd64/testing 8.18.1-3 uptodate
libsasl2-2:amd64/testing 2.1.28+dfsg1-4+b1 upgradeable to 2.1.28+dfsg1-6
libsasl2-modules:amd64/testing 2.1.28+dfsg1-4+b1 upgradeable to 2.1.28+dfsg1-6
libsasl2-modules-db:amd64/testing 2.1.28+dfsg1-4+b1 upgradeable to 
2.1.28+dfsg1-6
sasl2-bin:amd64/testing 2.1.28+dfsg1-4+b1 upgradeable to 2.1.28+dfsg1-6
sendmail:all/testing 8.18.1-3 uptodate
sendmail-base:all/testing 8.18.1-1 upgradeable to 8.18.1-3
sendmail-bin:amd64/testing 8.18.1-1 upgradeable to 8.18.1-3
sendmail-cf:all/testing 8.18.1-1 upgradeable to 8.18.1-3
sensible-mda:amd64/testing 8.18.1-3 uptodate

After a day of frantically trying to get things working again, I found
I had some package that depended on some t64 version of some library.
In the end, I think it was sasl2-bin.  I ended up installing sasl2-bin
from testing, then sendmail started working again.  This is what I
ended up with installed from testing:

$ apt-show-versions | grep testing
db-util:all/testing 5.3.3 uptodate
db5.3-util:amd64/testing 5.3.28+dfsg2-7 uptodate
libc-bin:amd64/testing 2.38-11 uptodate
libc-dev-bin:amd64/testing 2.38-11 uptodate
libc-devtools:amd64/testing 2.38-11 uptodate
libc-l10n:all/testing 2.38-11 uptodate
libc6:amd64/testing 2.38-11 uptodate
libc6-dev:amd64/testing 2.38-11 uptodate
libdb5.3t64:amd64/testing 5.3.28+dfsg2-7 uptodate
libmilter1.0.1:amd64/testing 8.18.1-3 uptodate
libsasl2-2:amd64/testing 2.1.28+dfsg1-6 uptodate
libsasl2-modules:amd64/testing 2.1.28+dfsg1-6 uptodate
libsasl2-modules-db:amd64/testing 2.1.28+dfsg1-6 uptodate
libssl3t64:amd64/testing 3.2.1-3 uptodate
libzstd1:amd64/testing 1.5.5+dfsg2-2 uptodate
locales:all/testing 2.38-11 uptodate
openssh-client:amd64/testing 1:9.7p1-5 uptodate
openssh-server:amd64/testing 1:9.7p1-5 uptodate
openssh-sftp-server:amd64/testing 1:9.7p1-5 uptodate
openssl:amd64/testing 3.2.1-3 uptodate
sasl2-bin:amd64/testing 2.1.28+dfsg1-6 uptodate
sendmail:all/testing 8.18.1-3 uptodate
sendmail-base:all/testing 8.18.1-3 uptodate
sendmail-bin:amd64/testing 8.18.1-3 uptodate
sendmail-cf:all/testing 8.18.1-3 uptodate
sensible-mda:amd64/testing 8.18.1-3 uptodate
zstd:amd64/testing 1.5.5+dfsg2-2 uptodate

I did not manually install most of that.  Only sasl2-bin and sendmail
from testing.

What's the best way to get back to running just the bookworm stable
packages?  I tried what I thought was the obvious way to fix this by
running:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin 
libc-devtools libc-l10n libc6 libc6-dev libdb5.3t64 libmilter1.0.1 libsasl2-2 
libsasl2-modules libsasl2-modules-db libssl3t64 libzstd1 locales openssh-client 
openssh-server openssh-sftp-server openssl sasl2-bin sendmail sendmail-base 
sendmail-bin sendmail-cf sensible-mda zstd
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
db-util is already the newest version (5.3.3).
db5.3-util is already the newest version (5.3.28+dfsg2-7).
libc-bin is already the newest version (2.38-11).
libc-dev-bin is already the newest version (2.38-11).
libc-devtools is already the newest version (2.38-11).
libc-l10n is already the newest version (2.38-11).
libc6 is already the newest version (2.38-11).
libc6-dev is already the newest version (2.38-11).
libdb5.3t64 is already the newest version (5.3.28+dfsg2-7).
libmilter1.0.1 is already the newest version (8.18.1-3).
libsasl2-2 is already the newest version (2.1.28+dfsg1-6).
libsasl2-modules is already the newest version (2.1.28+dfsg1-6).
libsasl2-modules-db is already the newest version (2.1.28+dfsg1-6).
libssl3t64 is already the newest version (3.2.1-3).
libzstd1 is already the newest version (1.5.5+dfsg2-2).
locales is already the newest version (2.38-11).
openssh-client is already the newest version (1:9.7p1-5).
openssh-server is already the newest version (1:9.7p1-5).
openssh-sftp-server is already the newest version (1:9.7p1-5).
openssl is already the newest version (3.2.1-3).
sasl2-bin is already the newest version (2.1.28+dfsg1-6).
sendmail is already the newest version (8.18.1-3).
sendmail-base is already the newest version (8.18.1-3).
sendmail-bin is already the newest version (8.18.1-3).
sendmail-cf is already the newest version (8.18.1-3).
sensible-mda is already the newest version (8.18.1-3).
zstd is already the newest

Re: Bookworm: Weird Firefox issue

[Roland Müller]

Hello,

sometimes some cooperative sites had similar problems e.g MS's O365 or 
Oracle's support site. In these cases removing stored cookies and 
website data helped.


In addition cache can be deactivated in FF Developer Console 
(Ctrl-Shift-k) in the tab "Network(ing)". Here you have a checkbox for 
deactivating the cache in the top row of the tab.


Then check FF's privacy protection for blocked trackers.

BR,

Roland

On 23.5.2024 15.39, Henning Follmann wrote:

On Thu, May 23, 2024 at 12:09:42PM +0200, local10 wrote:

May 23, 2024, 02:11 by 2695bd53d...@ewoof.net:


Works fine for me too, on the same firefox-esr package version.

If clearing the browser cache doesn't help, try with a brand new fresh
profile. `firefox --no-remote --new-instance --ProfileManager` should
be a good start. If it works in a brand new profile, it's _something_
about your Firefox settings.


I've tried the following but it didn't help:

    1. FF 115.11.0esr (64-bit) with a new profile
    2. FF v126 with a new profile
    3. Purged (aptitude purge) and reinstalled FF 115.11.0esr again


[...]

I had a similar issue 6 month ago.
I also tried those steps without any success.

Then I created a new account and there the issue did not appear.
So, I thought, it has to be something account specific.

I deleted these directories:
~/.cache/mozilla/firefox
~/.mozilla/firefox

At the next launch firefox greated me with the new user welcome.
You have to start from scratch but it resolved the issue.

-H

Re: Bookworm: Weird Firefox issue

[Henning Follmann]

On Thu, May 23, 2024 at 12:09:42PM +0200, local10 wrote:
> May 23, 2024, 02:11 by 2695bd53d...@ewoof.net:
> 
> > Works fine for me too, on the same firefox-esr package version.
> >
> > If clearing the browser cache doesn't help, try with a brand new fresh
> > profile. `firefox --no-remote --new-instance --ProfileManager` should
> > be a good start. If it works in a brand new profile, it's _something_
> > about your Firefox settings.
> >
> 
> I've tried the following but it didn't help:
> 
>    1. FF 115.11.0esr (64-bit) with a new profile
>    2. FF v126 with a new profile
>    3. Purged (aptitude purge) and reinstalled FF 115.11.0esr again
> 
[...]

I had a similar issue 6 month ago.
I also tried those steps without any success.

Then I created a new account and there the issue did not appear.
So, I thought, it has to be something account specific.

I deleted these directories:
~/.cache/mozilla/firefox
~/.mozilla/firefox

At the next launch firefox greated me with the new user welcome.
You have to start from scratch but it resolved the issue.

-H


-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Bookworm: Weird Firefox issue

[local10]

May 23, 2024, 02:11 by 2695bd53d...@ewoof.net:

> Works fine for me too, on the same firefox-esr package version.
>
> If clearing the browser cache doesn't help, try with a brand new fresh
> profile. `firefox --no-remote --new-instance --ProfileManager` should
> be a good start. If it works in a brand new profile, it's _something_
> about your Firefox settings.
>

I've tried the following but it didn't help:

   1. FF 115.11.0esr (64-bit) with a new profile
   2. FF v126 with a new profile
   3. Purged (aptitude purge) and reinstalled FF 115.11.0esr again

Looked into this further (using Web Developer Tools, Ctrl+Shift+I, Network 
tab)) and it appears that when the log in page is loading  the 
"gui-base-TfJ0d3Pr.js "  script 
fails to fully load with the "NS_ERROR_NET_PARTIAL_TRANSFER" error.

Am really puzzled as to why this script fails to load now. Tutanota had worked 
fine for me for years until this issue showed up a week ago.

 The FF console shows the following:

Loading failed for the 

Re: Bookworm: Weird Firefox issue

[Michael Kjörling]

On 22 May 2024 15:17 -0600, from charlescur...@charlescurley.com (Charles 
Curley):
>> about a week ago when I started
>> to get a blank empty white page when trying to access the Tutanota
>> login page: https://mail.tutanota.com/login
> 
> I get what looks like a proper log-in page on both firefox and vivaldi

Works fine for me too, on the same firefox-esr package version.

If clearing the browser cache doesn't help, try with a brand new fresh
profile. `firefox --no-remote --new-instance --ProfileManager` should
be a good start. If it works in a brand new profile, it's _something_
about your Firefox settings.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Bookworm: Weird Firefox issue

[Charles Curley]

On Wed, 22 May 2024 23:02:17 +0200 (CEST)
local10  wrote:

> Have been using Debian + Firefox with Tutanota email for a number of
> years and everything was fine until about a week ago when I started
> to get a blank empty white page when trying to access the Tutanota
> login page: https://mail.tutanota.com/login
> 
> Tried https://mail.tutanota.com/login in Chromium and it works as it
> should, that is, shows a proper log in page with the ID and password
> fields, no issues. Tried https://mail.tutanota.com/login in Firefox
> v126 but still got an empty white page.
> 
> Any ideas? Thanks
> 
> $ aptitude show firefox-esr
> Package: firefox-esr 
> Version: 115.11.0esr-1~deb12u1

I get what looks like a proper log-in page on both firefox and vivaldi
(a derivative of chromium).

BTW, they are advising of a change in log-in URL.

charles@hawk:~$ pre firefox vivaldi
firefox-esr 115.11.0esr-1~deb12u1   amd64
vivaldi-stable  6.7.3329.31-1   amd64
charles@hawk:~$ 

Try a hard refresh to clear your cache: ctl-r.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Bookworm: Weird Firefox issue

[local10]

Hi,

Have been using Debian + Firefox with Tutanota email for a number of years and 
everything was fine until about a week ago when I started to get a blank empty 
white page when trying to access the Tutanota login page: 
https://mail.tutanota.com/login

Tried https://mail.tutanota.com/login in Chromium and it works as it should, 
that is, shows a proper log in page with the ID and password fields, no issues. 
Tried https://mail.tutanota.com/login in Firefox v126 but still got an empty 
white page.

Any ideas? Thanks

$ aptitude show firefox-esr
Package: firefox-esr 
Version: 115.11.0esr-1~deb12u1

Operating System: Debian GNU/Linux 12
KDE Plasma Version: 5.27.5 KDE Frameworks Version: 5.103.0 Qt Version: 5.15.8
Kernel Version: 6.1.0-21-amd64 (64-bit)
Graphics Platform: X11

Re: selinux on bookworm

[Antonio Russo]

Everyone,

First of all thanks for the input.  Unfortunately, I have to apologize,
because the actual problem was somewhat silly: selinux appears to be
preventing only *root* login at the tty, which I neglected to mention.
(Also, I neglected to check until now).

Regular user logins are fine.  I'll open an issue.

Best,
Antonio

OpenPGP_0xB01C53D5DED4A4EE.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: selinux on bookworm

[Tom Dial]

On 5/17/24 02:02, George at Clug wrote:

Is AppArmor already installed and running?  It is on my system, maybe this 
would conflict with SeLinux?

# aa-status
https://wiki.debian.org/AppArmor/HowToUse


  Disable AppArmor

AppArmor is a security mechanism and disabling it is not recommended. If you 
really need to disable AppArmor on your system:


https://reintech.io/blog/securing-debian-12-with-selinux
By default, Debian comes with AppArmor, another security module, so you may 
need to switch to SELinux manually. Here's how you can enable SELinux on your 
Debian 12 system:

|sudo apt-get update sudo apt-get install selinux-basics selinux-policy-default 
auditd

|

George.


On Friday, 17-05-2024 at 14:49 Antonio Russo wrote:

Hello,

I'm trying to get selinux working on a fresh, gui-free installation of
bookworm.  I'm not trying to run any servers, nor use standard desktop
utilities (yet).  I was hoping this setup would be simple enough that
selinux would be simple to get going.

I'm following [1], which is very straightforward.  The problem I'm
getting is that it seems woefully incomplete.

I cannot even login (com="agetty" is showing up in audit2why).  Now,
obviously, I could follow the instructions and use audit2allow, and go
down the rabbit hole for configuring policies.  But, really?  No one
has fixed the login-at-the-console use case?  I'm sure I must be doing
something wrong.  All I've really done is:

apt-get install selinux-basics selinux-policy-default auditd
selinux-activate

(reboot)


At this point, you should be running in permissive mode. And you should run 
either audit2why to identify conditions that may (as you have found) cause 
operational problems.


(set enforcing=1 in grub)
update-grub
touch /.autorelabel


Unless you made changes, relabeling should not be necessary here. The above is done by 
running selinux-activate without the argument "disable".


(reboot)

And then I cannot log in.  Going back and unsetting enforcing=1 in grub,
and I can use audit2why.  Does anyone who actually uses selinux have any
hints?


Post in this thread the complete output of "audit2why --boot" - this will show 
all enforcement errors since the most recent boot. Without that information it is 
unlikely that anyone can offer detailed advice about fixing things.

Using audit2allow will produce a corresponding file you can use to prepare a 
local module to permit those things that cause problems. It is a text file that 
is input to the module compiler, so you can remove items that you want to 
disallow before compiling and installing a corrective module. See the 
instructions in [1] at #7.




Best,
Antonio

[1] https://wiki.debian.org/SELinux/Setup 
<https://wiki.debian.org/SELinux/Setup>



It probably is a good idea to disable apparmor if you're going to use SELinux. 
The kernel interface is supposed to be compatible with either or both security 
modules, but only one really should be necessary and, without intending to 
spawn a flame war, I will put forward my opinion that the SELinux security 
model is superior to that of AppArmor. The latter has the advantage of being 
the distribution default, but I have not found SELinux especially hard to 
administer on a stable Debian system, apart from the fact that it comes with a 
learning curve.

Regards,
Tom Dial

Re: selinux on bookworm

[Richard]

As you found out yourself, by default it's installed and running. And it's
quite likely they would interfere.

Still, the question remains. Why do you need SELinux? Do you have an actual
need for it? If not, go with what's already there. This will be much easier
to set up and handle.

Richard

Am Fr., 17. Mai 2024 um 14:23 Uhr schrieb George at Clug <
c...@goproject.info>:

> Is AppArmor already installed and running?  It is on my system, maybe this
> would conflict with SeLinux?
>
> # aa-status
> https://wiki.debian.org/AppArmor/HowToUse
> Disable AppArmor AppArmor is a security mechanism and disabling it is not
> recommended. If you really need to disable AppArmor on your system:
>
>
> https://reintech.io/blog/securing-debian-12-with-selinux
> By default, Debian comes with AppArmor, another security module, so you
> may need to switch to SELinux manually. Here's how you can enable SELinux
> on your Debian 12 system:
>
> sudo apt-get update
> sudo apt-get install selinux-basics selinux-policy-default auditd
>
> George.
>
>

Re: selinux on bookworm

[Richard]

Is there a specific reason why you want to use SELinux? AppArmor is already
there and much easier to configure. SELinux usually causes more issues than
AppArmor too as it's not as granular, especially on distros not made
specifically for it, at least in my experience. And on Debian, some apps
already have AppArmor configs in their packages. Question only is if they
are in notify or enforcing mode.

Best,
Richard

Am Fr., 17. Mai 2024 um 11:05 Uhr schrieb Antonio Russo :

> Hello,
>
> I'm trying to get selinux working on a fresh, gui-free installation of
> bookworm.  I'm not trying to run any servers, nor use standard desktop
> utilities (yet).  I was hoping this setup would be simple enough that
> selinux would be simple to get going.
>
> I'm following [1], which is very straightforward.  The problem I'm
> getting is that it seems woefully incomplete.
>
> [...]
>
> Best,
> Antonio
>
> [1] https://wiki.debian.org/SELinux/Setup

Re: selinux on bookworm

[George at Clug]

Is AppArmor already installed and running?  It is on my system,
maybe this would conflict with SeLinux? 

# aa-status
https://wiki.debian.org/AppArmor/HowToUse



DISABLE APPARMOR

AppArmor is a security mechanism and disabling it is not recommended.
If you really need to disable AppArmor on your system: 





https://reintech.io/blog/securing-debian-12-with-selinux
By default, Debian comes with AppArmor, another security module, so
you may need to switch to SELinux manually. Here's how you can enable
SELinux on your Debian 12 system: sudo apt-get update sudo apt-get
install selinux-basics selinux-policy-default auditd


George.





On Friday, 17-05-2024 at 14:49 Antonio Russo wrote:


Hello,

I'm trying to get selinux working on a fresh, gui-free installation of
bookworm.  I'm not trying to run any servers, nor use standard
desktop
utilities (yet).  I was hoping this setup would be simple enough
that
selinux would be simple to get going.

I'm following [1], which is very straightforward.  The problem I'm
getting is that it seems woefully incomplete.

I cannot even login (com="agetty" is showing up in audit2why).  Now,
obviously, I could follow the instructions and use audit2allow, and go
down the rabbit hole for configuring policies.  But, really?  No
one
has fixed the login-at-the-console use case?  I'm sure I must be
doing
something wrong.  All I've really done is:

apt-get install selinux-basics selinux-policy-default auditd
selinux-activate

(reboot)

(set enforcing=1 in grub)
update-grub
touch /.autorelabel

(reboot)

And then I cannot log in.  Going back and unsetting enforcing=1 in
grub,
and I can use audit2why.  Does anyone who actually uses selinux have
any 
hints?

Best,
Antonio

[1] https://wiki.debian.org/SELinux/Setup

selinux on bookworm

[Antonio Russo]

Hello,

I'm trying to get selinux working on a fresh, gui-free installation of
bookworm.  I'm not trying to run any servers, nor use standard desktop
utilities (yet).  I was hoping this setup would be simple enough that
selinux would be simple to get going.

I'm following [1], which is very straightforward.  The problem I'm
getting is that it seems woefully incomplete.

I cannot even login (com="agetty" is showing up in audit2why).  Now,
obviously, I could follow the instructions and use audit2allow, and go
down the rabbit hole for configuring policies.  But, really?  No one
has fixed the login-at-the-console use case?  I'm sure I must be doing
something wrong.  All I've really done is:

apt-get install selinux-basics selinux-policy-default auditd
selinux-activate

(reboot)

(set enforcing=1 in grub)
update-grub
touch /.autorelabel

(reboot)

And then I cannot log in.  Going back and unsetting enforcing=1 in grub,
and I can use audit2why.  Does anyone who actually uses selinux have any 
hints?

Best,
Antonio

[1] https://wiki.debian.org/SELinux/Setup

OpenPGP_0xB01C53D5DED4A4EE.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

apt-mirror can't read bookworm-updates

[fxkl47BF]

my config file has a single repo

deb-src https://deb.debian.org/debian bookworm-updates main contrib non-free 
non-free-firmware

the following is what i get
it seems the bookworm-updates sources file has no line "Files:"



apt-mirror@odroid2:~$ apt-mirror /etc/apt/mirror.list
Downloading 23 index files using 20 threads...
Begin time: Sat May 11 16:54:06 2024
[20]... [19]... [18]... [17]... [16]... [15]... [14]... [13]... [12]... [11]... 
[10]... [9]... [8]... [7]... [6]... [5]... [4]... [3]... [2]... [1]... [0]...
End time: Sat May 11 16:54:08 2024

Processing translation indexes: []

Downloading 0 translation files using 0 threads...
Begin time: Sat May 11 16:54:08 2024
[0]...
End time: Sat May 11 16:54:08 2024

Processing DEP-11 indexes: []

Downloading 0 dep11 files using 0 threads...
Begin time: Sat May 11 16:54:08 2024
[0]...
End time: Sat May 11 16:54:08 2024

Processing cnf indexes: []

Downloading 0 cnf files using 0 threads...
Begin time: Sat May 11 16:54:08 2024
[0]...
End time: Sat May 11 16:54:08 2024

Processing indexes: [SUse of uninitialized value $lines{"Files:"} in split at 
/usr/bin/apt-mirror line 929,  line 1.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 2.A
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 3.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 4.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 5.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 6.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 7.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 8.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 9.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 10.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 11.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 12.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 13.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 1.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 1.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 1.
Use of uninitialized value $lines{"Files:"} in split at /usr/bin/apt-mirror 
line 929,  line 2.

0 bytes will be downloaded into archive.
Downloading 0 archive files using 0 threads...
Begin time: Sat May 11 16:54:08 2024
[0]...
End time: Sat May 11 16:54:08 2024

0 bytes in 0 files and 0 directories can be freed.
Run /data/backups/apt-mirror/var/clean.sh for this purpose.

Running the Post Mirror script ...
(/data/backups/apt-mirror/var/postmirror.sh)


Post Mirror script has completed. See above output for any possible errors.

Re: debian bookworm japanese kana input disabled

[冨澤守治]

Hi

Updated and upgraded,autoremoved. This matter has been fixed.
The problem is currently resolved.

Nice follow up! I appreciate it.
Best wishes

--
Moliharu  Tomizawa

Re: debian bookworm japanese kana input disabled

[Eike Lantzsch ZP5CGE / KY4PZ]

On Donnerstag, 9. Mai 2024 08:48:03 -04 Brad Rogers wrote:
> On Thu, 9 May 2024 10:06:29 +
> Michael Kjörling <2695bd53d...@ewoof.net> wrote:
> 
> Hello Michael,
> 
> >However, I seem to have had a similar issue even after upgrading to
> >the first regression-fixed glib2.0 packages on Bookworm.
> >Specifically, dead keys no longer working with the Swedish keyboard
> >layout, and instead acting as though I didn't press any key at all.
> 
> Is it possible that, without at least logging out and back in, the
> broken version of the library is still in use?

Hi Michael
and hello 

冨澤守治[1]


I don't know if it was related but with the same Debian Sid upgrade Firefox 
(and only 
Firefox) lost the ability to enter äöüáéí€ß ... that is it ignored anything 
which was not pure 
ASCII, however entering the accented characters in a terminal or other 
applications (here 
KDE) still worked.
After today's upgrade everything was back to normal but I *had* to reboot.
So logging out and back in again might work although I suspect that at least 
restarting the 
X server will be necessary. I didn't try it because I had to reboot anyway.

All the best to you all
-- 
Eike Lantzsch KY4PZ / ZP5CGE



[1] mailto:
%3D%3Futf-8%3FB%3F5Yao5r6k5a6I5rK7%3F%3D%20%3Cmolitz%40coffee.ocn.ne.jp%3E

Re: debian bookworm japanese kana input disabled

[Brad Rogers]

On Thu, 9 May 2024 10:06:29 +
Michael Kjörling <2695bd53d...@ewoof.net> wrote:

Hello Michael,

>However, I seem to have had a similar issue even after upgrading to
>the first regression-fixed glib2.0 packages on Bookworm. Specifically,
>dead keys no longer working with the Swedish keyboard layout, and
>instead acting as though I didn't press any key at all.

Is it possible that, without at least logging out and back in, the
broken version of the library is still in use?

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
Words as weapons, sharper than knives
Devil Inside - INXS


pgpLB3jEQkwp1.pgp
Description: OpenPGP digital signature

Re: debian bookworm japanese kana input disabled

[Michael Kjörling]

On 9 May 2024 09:14 +0200, from f.rou...@free.fr (Florent Rougon):
>> Last night (JST) I did some apt update && apt upgade.
>> But all of sudden I can't input kana and even print any editer or calc cell.
>> (Roman alphabet has no problem on printing.)
> 
> This may be due to a recent glib2.0 update:
> 
>   https://lists.debian.org/debian-security-announce/2024/msg00094.html

That was my thought as well.


> “The update for glib2.0 released as DSA 5682-1 caused a regression in
>  ibus affecting text entry with non-trivial input methods. Updated
>  glib2.0 packages are available to correct this issue.”
> 
> Hopefully, you just need to update again.

However, I seem to have had a similar issue even after upgrading to
the first regression-fixed glib2.0 packages on Bookworm. Specifically,
dead keys no longer working with the Swedish keyboard layout, and
instead acting as though I didn't press any key at all.

The key press did show up in xev:

KeyPress event, serial 33, synthetic NO, window 0x2a1,
root 0x6aa, subw 0x0, time 1153798, (397,298), root:(1268,818),
state 0x10, keycode 35 (keysym 0xfe57, dead_diaeresis), same_screen YES,
XLookupString gives 0 bytes: 
XFilterEvent returns: False

KeyRelease event, serial 33, synthetic NO, window 0x2a1,
root 0x6aa, subw 0x0, time 1153862, (397,298), root:(1268,818),
state 0x10, keycode 35 (keysym 0xfe57, dead_diaeresis), same_screen YES,
XLookupString gives 0 bytes: 
XFilterEvent returns: False

but despite my attempts nothing showed up in any input field; trying
with both Xfce's Mousepad text editor, KeepassXC and gnome-terminal to
cover various UI toolkits, with the same result everywhere. The
combination of the key press showing up in xev and nothing showing up
in any application I tried with running under X pointed strongly
toward the input translation layer.

However, another physical computer also running Bookworm which I
upgraded to latest at around 09:40 May 9 UTC _didn't_ seem to have the
same issue, despite being set up similarly.

Turned out that there is _another_ upgrade to libglib2.0-0 and friends
taking those packages to package version 2.74.6-2+deb12u2; after
installing _that_ upgrade and rebooting, dead keys again seem to work
normally. (It's entirely possible that the reboot wasn't needed, but
as I had only just rebooted the system and so didn't have much of
anything already open, it seemed an easy enough way to actually ensure
that everything was running at the newly upgraded version.)

So if you're still having the same issue, _try once more_ apt-get
update && apt-get -u dist-upgrade; double-check that you get the
+deb12u2 or newer glib package versions; and see if that fixes the
problem before you poke around too much with the configuration (and
risk breaking something else in the process). Then let us know whether
you're still having the same issue or whether that resolved it.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: debian bookworm japanese kana input disabled

[Florent Rougon]

Hi,

Le 09/05/2024, 冨澤守治  a écrit:

> Hellow!
>
> Thanks you for your supprting everyday.
>
> Last night (JST) I did some apt update && apt upgade.
> But all of sudden I can't input kana and even print any editer or calc cell.
> (Roman alphabet has no problem on printing.)

This may be due to a recent glib2.0 update:

  https://lists.debian.org/debian-security-announce/2024/msg00094.html

“The update for glib2.0 released as DSA 5682-1 caused a regression in
 ibus affecting text entry with non-trivial input methods. Updated
 glib2.0 packages are available to correct this issue.”

Hopefully, you just need to update again.

Regards

-- 
Florent

Re: debian bookworm japanese kana input disabled

[Richard]

/var/log/apt/history will tell you what apt also has been showing you
during that process. Never just mindlessly agree to what apt tells you it's
about to do, especially pay attention to the app list for "remove" and
"auto-remove". Things can always go wrong. So if apt told you it will
remove some package for whatever reason that's needed for kana, it will
have done so. So check the history and have a look at any packages from
that timestamp that where set to be removed.

Best
Richard

Am Do., 9. Mai 2024 um 03:45 Uhr schrieb 冨澤守治 :

> Hellow!
>
> Thanks you for your supprting everyday.
>
> Last night (JST) I did some apt update && apt upgade.
> But all of sudden I can't input kana and even print any editer or calc
> cell.
> (Roman alphabet has no problem on printing.)
>
> yours sincerely
>
> --
> Moriharu Tomizawa
>
>

debian bookworm japanese kana input disabled

[冨澤守治]

Hellow!

Thanks you for your supprting everyday.

Last night (JST) I did some apt update && apt upgade.
But all of sudden I can't input kana and even print any editer or calc cell.
(Roman alphabet has no problem on printing.)

yours sincerely

--
Moriharu Tomizawa

Uninterruptible sleep apache process while aceessing nfs on debian 12 bookworm

[El Mahdi Mouslih]

Hi

We recently migrated to new nfs server running on debian 12 bookworm

On the client Apache processes started randomly switching to D state,

In apache fluststatus Process 93661 a mis 10786 sec
=

4-1 93661 1598/ W 15.92 10786 0 2367404 0.0 71.45 142.44 172.20.1.47 http/1.1 
sisca.groupe-mfc.fr:80 POST 
/deverrouille-fiche-ajax.php?sTable=prospects=243239



ps aux ==> Process 93661 un interruptible sleep

root@hexaom-v2-vm-prod-front2:~# while true; do date; ps auxf | awk 
'{if($8=="D") print $0;}'; sleep 1; done
Fri 26 Apr 2024 12:37:59 PM CEST
www-data   93661  0.1  1.4 315100 120468 ?   D08:45   0:14  \_ 
/usr/sbin/apache2 -k start
www-data  119374  0.2  0.0  0 0 ?D11:33   0:10  \_ [apache2]
www-data  127425  0.1  0.8 214520 68308 ?D12:27   0:00  \_ 
/usr/sbin/apache2 -k start



process stack :  (can't attach using gdp gcore etc )
===
root@hexaom-v2-vm-prod-front2:~# cat /proc/93661/stack
[<0>] wait_on_commit+0x71/0xb0 [nfs]
[<0>] __nfs_commit_inode+0x131/0x180 [nfs]
[<0>] nfs_wb_all+0xb4/0x100 [nfs]
[<0>] nfs4_file_flush+0x6f/0xa0 [nfsv4]
[<0>] filp_close+0x2f/0x70
[<0>] __x64_sys_close+0x1e/0x60
[<0>] do_syscall_64+0x30/0x80
[<0>] entry_SYSCALL_64_after_hwframe+0x62/0xc7
=



In the client  debian 11
=
 rpcdebug -m nfs -s all
Apr 26 11:30:15 hexaom-v2-vm-prod-front2 kernel: [51318.693854] 
decode_attr_fs_locations: fs_locations done, error = 0
Apr 26 11:30:15 hexaom-v2-vm-prod-front2 kernel: [51318.693871] 
nfs41_sequence_process: Error 0 free the slot
Apr 26 11:30:15 hexaom-v2-vm-prod-front2 kernel: [51318.694161] 
nfs41_sequence_process: Error 0 free the slot
Apr 26 11:30:15 hexaom-v2-vm-prod-front2 kernel: [51318.694301] 
nfs41_sequence_process: Error 0 free the slot
=

No error in nfds server even with debug all : rpcdebug -m nfsd -s all

Information :  on client and server
***



client :


root@hexaom-v2-vm-prod-front2:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/;
SUPPORT_URL="https://www.debian.org/support;
BUG_REPORT_URL="https://bugs.debian.org/;


root@hexaom-v2-vm-prod-front2:~# uname -a
Linux hexaom-v2-vm-prod-front2 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 
(2024-01-31) x86_64 GNU/Linux


root@hexaom-v2-vm-prod-front2:~# dpkg -l | grep -i nfs
ii  liblockfile1:amd641.17-1+b1 
 amd64NFS-safe locking library
ii  libnfsidmap2:amd640.25-6
 amd64NFS idmapping library
ii  nfs-common1:1.3.4-6 
 amd64NFS support files common to 
client and server


fstab:
192.20.2.30:/NFS/sessions_v2 /srv/sessions nfs 
defaults,rw,relatime,vers=4.1,hard,timeo=100,retrans=4,_netdev 0 0


=




Server:
=
root@SERVSESSION01:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/;
SUPPORT_URL="https://www.debian.org/support;
BUG_REPORT_URL="https://bugs.debian.org/;


Linux SERVSESSION01 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 
(2024-02-01) x86_64 GNU/Linux

*
root@SERVSESSION01:~# dpkg -l | grep nfs
ii  libnfsidmap1:amd641:2.6.2-4   amd64 
   NFS idmapping library
ii  nfs-common1:2.6.2-4   amd64 
   NFS support files common to client and server
ii  nfs-kernel-server 1:2.6.2-4   amd64 
   support for NFS kernel server
root@SERVSESSION01:~# dpkg -l | grep rpc
ii  libtirpc-common   1.3.3+ds-1  all   
   transport-independent RPC library - common files
ii  libtirpc3:amd64   1.3.3+ds-1  amd64 
   transport-independent RPC library
ii  rpcbind   1.2.6-6+b1  amd64 
   converts RPC program numbers into universal addresses
root@SERVSESSION01:~#
**


*
root@SERVSESSION01:~# cat /etc/default/nfs-common
# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".

# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=

# Options for rpc.sta

Re: LTS bulleye ou bookworm

[Th.A.C]

Le 06/04/2024 à 10:10, jc gucci a écrit :
je ne comprends pas comment la 11 peut etre disponible alors qu'elle est 
prevu pour le 15 aout et la 12 pour 2026.

Que dois-je choisir - en lts - ?
merci.


Tu t'es trompé de date ;-)

la 12 est sortie en juin 2023
et la 11 deux ans avant (aout 2021)...

https://wiki.debian.org/DebianReleases

Re: LTS bulleye ou bookworm

[Gaëtan Perrier]

Pour la version stable les depots backport fournissent les versions récentes 
des logiciels "utilisateur".

Gaëtan 

Le 6 avril 2024 10:58:06 GMT+02:00, Jean-Pierre Giraud 
 a écrit :
>Bonjour,
>Le samedi 06 avril 2024 à 10:10 +0200, jc gucci a écrit :
>> je ne comprends pas comment la 11 peut etre disponible alors qu'elle est
>> prevu pour le 15 aout et la 12 pour 2026.
>> Que dois-je choisir - en lts - ?
>> merci.
>À la différence de certaines distribution Linux, Toutes les versions stables
>de Debian ont le même cycle de vie :
>Statut testing : pendant environ 2 ans, c'est la période de préparation de
>la future version stable. Actuellement, c'est la version Debian 13, alias
>Trixie
>Statut stable : quand l'équipe de publication estime qu'elle est prête (ne
>contient plus de bugs critiques s'opposant à sa publication), elle est
>publiée comme version stable. C'est actuellement Debian 12, alias Bookworm,
>publiée le 6/10/2023.
>Statut olsdstable : c'est la version stable précédente, actuellement Debian
>11, alias Bullseye. Elle continue à faire l'objet de publication de mises à
>jour régulières (dernière mise à jour 11.9 publiée le 10 février 2024) et à
>être suivie par l'équipe de sécurité de Debian qui s'occupe de façon
>privilégiée de la version stable pendant une certaine période, jusqu'à sa
>"fin de vie" prévue en août 2024, après une ultime mise à jour.
>À cette date, Bullseye recevra des mises à jour de sécurité de l'équipe LTS.
>Vous trouverez plus de détail sur la page du wiki
>https://wiki.debian.org/fr/LTS.
>Il est conseillé de choisir la distribution stable en cours actuellement
>Debian 12 Bookworm qui est une version mature, suivie par l'équipe de
>sécurité de Debian. Les seuls reproches que l'on peut lui faire est de ne
>pas fournir les versions les plus récentes des logiciels : ce sont les
>version à jour au moment de sa publication (seulement une partie des mises à
>jour de sécurité contiennent aussi des mises à jour de fonctionnalités).
>Vous pouvez lire avec profit aussi ces pages :
>https://wiki.debian.org/fr/DebianReleases (en français)
>https://wiki.debian.org/DebianSoftware (pas encore traduite)
>amicalement,
>Jean-Pierre Giraud (jipege)
>

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

Re: LTS bulleye ou bookworm

[Jean-Pierre Giraud]

Bonjour,
Le samedi 06 avril 2024 à 10:10 +0200, jc gucci a écrit :
> je ne comprends pas comment la 11 peut etre disponible alors qu'elle est
> prevu pour le 15 aout et la 12 pour 2026.
> Que dois-je choisir - en lts - ?
> merci.
À la différence de certaines distribution Linux, Toutes les versions stables
de Debian ont le même cycle de vie :
Statut testing : pendant environ 2 ans, c'est la période de préparation de
la future version stable. Actuellement, c'est la version Debian 13, alias
Trixie
Statut stable : quand l'équipe de publication estime qu'elle est prête (ne
contient plus de bugs critiques s'opposant à sa publication), elle est
publiée comme version stable. C'est actuellement Debian 12, alias Bookworm,
publiée le 6/10/2023.
Statut olsdstable : c'est la version stable précédente, actuellement Debian
11, alias Bullseye. Elle continue à faire l'objet de publication de mises à
jour régulières (dernière mise à jour 11.9 publiée le 10 février 2024) et à
être suivie par l'équipe de sécurité de Debian qui s'occupe de façon
privilégiée de la version stable pendant une certaine période, jusqu'à sa
"fin de vie" prévue en août 2024, après une ultime mise à jour.
À cette date, Bullseye recevra des mises à jour de sécurité de l'équipe LTS.
Vous trouverez plus de détail sur la page du wiki
https://wiki.debian.org/fr/LTS.
Il est conseillé de choisir la distribution stable en cours actuellement
Debian 12 Bookworm qui est une version mature, suivie par l'équipe de
sécurité de Debian. Les seuls reproches que l'on peut lui faire est de ne
pas fournir les versions les plus récentes des logiciels : ce sont les
version à jour au moment de sa publication (seulement une partie des mises à
jour de sécurité contiennent aussi des mises à jour de fonctionnalités).
Vous pouvez lire avec profit aussi ces pages :
https://wiki.debian.org/fr/DebianReleases (en français)
https://wiki.debian.org/DebianSoftware (pas encore traduite)
amicalement,
Jean-Pierre Giraud (jipege)