Bug#745082: fakechroot: chfn in a fakechroot environment

[Michael Gilbert]

control: reassign -1 src:fakechroot

This was thought to be a debootstrap bug for a while, but it
originates in fakechroot.

I applied upstream's recent fix, patch attached, and tested that
debootstrap now works with the modified fakechroot:

$ sudo dpkg -i sudo dpkg -i fakechroot_2.17.2-1.1_all.deb
libfakechroot_2.17.2-1.1_amd64.deb
$ fakechroot fakeroot debootstrap --variant=fakechroot unstable
[...]
I: Base system installed successfully.

Best wishes,
Mike
diff -Nru fakechroot-2.17.2/debian/changelog fakechroot-2.17.2/debian/changelog
--- fakechroot-2.17.2/debian/changelog	2013-12-24 20:04:16.0 +
+++ fakechroot-2.17.2/debian/changelog	2015-10-18 03:51:18.0 +
@@ -1,3 +1,10 @@
+fakechroot (2.17.2-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add empty audit_log_acct_message (closes: #745082).
+
+ -- Michael Gilbert <mgilb...@debian.org>  Sun, 18 Oct 2015 03:46:22 +
+
 fakechroot (2.17.2-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru fakechroot-2.17.2/debian/patches/audit.patch fakechroot-2.17.2/debian/patches/audit.patch
--- fakechroot-2.17.2/debian/patches/audit.patch	1970-01-01 00:00:00.0 +
+++ fakechroot-2.17.2/debian/patches/audit.patch	2015-10-18 03:50:40.0 +
@@ -0,0 +1,32 @@
+description: add empty audit_log_acct_message
+bug-debian: http://bugs.debian.org/745082
+
+--- /dev/null
 b/src/audit_log_acct_message.c
+@@ -0,0 +1,16 @@
++/*
++ * Copyright (C) 2015  JH Chatenet <jhcha54...@free.fr>
++ *
++ * Licensed under the LGPL v2.1.
++*/
++
++
++#include 
++
++#include "libfakechroot.h"
++
++
++wrapper(audit_log_acct_message, int, (int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host, const char *addr, const char *tty, int result))
++{
++return 0;
++}
+--- a/src/Makefile.am
 b/src/Makefile.am
+@@ -28,6 +28,7 @@ libfakechroot_la_SOURCES = \
+ _xftw64.c \
+ access.c \
+ acct.c \
++audit_log_acct_message.c \
+ bind.c \
+ bindtextdomain.c \
+ canonicalize_file_name.c \
diff -Nru fakechroot-2.17.2/debian/patches/series fakechroot-2.17.2/debian/patches/series
--- fakechroot-2.17.2/debian/patches/series	2013-12-24 17:56:39.0 +
+++ fakechroot-2.17.2/debian/patches/series	2015-10-18 03:36:33.0 +
@@ -1,2 +1,3 @@
 # series file
 Export-V-variable-so-it-can-be-changed-with-config.patch
+audit.patch

Bug#797340: choose-mirror: use httpredir.debian.org by default

[Michael Gilbert]

On Sun, Aug 30, 2015 at 4:49 AM, Philipp Kern wrote:
 I have seen issues with this. It might be good for the general case of
 apt where you see what the failure is and can retry if needed. But in
 the US it caused me some aborted installations because there was some
 mirror in the rotation that was broken. debian-installer - I guess in
 this case debootstrap - does not retry a broken file. (apt also doesn't
 do that but it's harder to figure out in d-i what's going on.)

I helped improve this problem a couple years ago [0].  I guess that's
not totally solved, or maybe httpredir causes different behavior.
That is not something I've yet looked at, but I should.

debootstrap's current design is to retry package downloads up to 10
times, and then give up entirely on bootstrapping.  That seems like it
should be robust, but maybe not.

Relatedly apt  1.1~exp9 will often run into problems with httpredir
as source, so it is you could have run into that once past
debootstrap.

Best wishes,
Mike

[0] https://bugs.debian.org/618920

Bug#797340: choose-mirror: use httpredir.debian.org by default

[Michael Gilbert]

package: choose-mirror
severity: wishlist
version: 2.65

This article [0] had some extensive complaints about Debian, one of
which is that the installer has too many screens (apparently 20 in
their case).

Setting a default mirror without user intervention would nicely save 3
of those steps, and httpredir.debian.org is in many ways the ideal
mirror selection anyway.

Obviously expert mode would want to retain the full 3 screen mirror
selection process.

Best wishes,
Mike

[0]http://www.everydaylinuxuser.com/2015/06/3-ways-to-improve-debian-and-i-havent.html

Bug#788173: rescue-mode: kfreebsd rescue fails with can't create /dev/md

[Michael Gilbert]

package: rescue-mode
version: 1.51
severity: important
x-debbugs-cc: debian-...@lists.debian.org

Adding the line set kFreeBSD.rescue/enable=true in a grub entry and
booting the kfreebsd installer fails when executing rescue-mode.  The
error is:

mkdir: can't create directory '/dev/md': Operation not supported

/dev is mounted rw and also doing mkdir manually fails the same.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mngrvovmzq0vet+4o9u--o8iteriqhllcvxar9cz5j...@mail.gmail.com

Re: Bug#778492: unblock: ndisc6/1.0.1-2

[Michael Gilbert]

control: tag -1 - moreinfo

On Mon, Mar 30, 2015 at 12:58 AM, Cyril Brulebois wrote:
 Thanks for trying, but no, that's not sufficient. I really would
 like having a real use case where the bug gets reproduced without
 “cheating” (for the lack of a better wording), so that we can actually
 check that the change isn't worse than the bug it's supposed to fix.

It turns out the difficulty getting rdnssd automatically installed is a bug:
http://bugs.debian.org/782299

Steve will be uploading a debian-cd fix soon, but in the meantime I
tested a mini.iso (since it configures networking sufficiently early
to be able to fetch the package) for a sid gnome install.  Here is the
installer syslog relevant to rdnssd;

netcfg[1369]: rdnssd started; PID: 1384
[...]
apt-install: Queueing package rdnssd for later installation
netcfg[1369]: DEBUG: Stopping rdnssd, PID 1384
[...]
in-target: The following NEW packages will be installed:
in-target:   rdnssd
[...]
in-target: Unpacking rdnssd (1.0.1-2)
[...]
in-target: Setting up rdnssd (1.0.1-2)
[...]
in-target: pkgsel: starting tasksel [selected gnome as the desktop environment]
[...]
in-target: The following packages will be REMOVED:
in-target:   rdnssd
[...]
in-target: Removing rdnssd (1.0.1-2)
[...]
in-target: Setting up network-manager-gnome (0.9.10.0-2)

In conclusion again everything works entirely as expected.  Is this
now sufficient?

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MOT3OVGaZcDJVejLwu10G466tsMMir=1vvlt63n-th...@mail.gmail.com

Re: Bug#778492: unblock: ndisc6/1.0.1-2

[Michael Gilbert]

control: tag -1 - moreinfo

On Wed, Feb 25, 2015 at 11:23 PM, Cyril Brulebois wrote:
 It would be nice to compare what happens when one installs gnome/jessie
 vs. gnome/sid. I really wouldn't want this conflict to trigger having
 rdnssd installed and network-manager/gnome not…

Everything seems to turn out fine.

I couldn't get netcfg to trigger rdnssd installation with my set up,
so here is what I did to mimic the process:

boot from jessie RC2
nothing special up through pkgsel
before pkgsel, manually install rdnssd 1.0.1-2 from sid
proceed with pkgsel (making sure to select gnome in tasksel)

To resolve the rdnssd/nm conflict, apt concludes that nm should be
installed and rdnssd removed, which then happens.  Afterwards:

$ dpkg -l | grep -e network-manager -e rdnssd | cut -d' ' -f1,2,3
ii  network-manager
ii  network-manager-gnome
rc  rdnssd

On reboot, networking with nm works correctly.

This effectively mimics the configurations where netcfg automatically
adds in rdnssd.  Is this sufficient?

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mmryvzhubwjcn+7ivy2k9jfwteou9_r4-xafehs+pf...@mail.gmail.com

Re: Hints for d-i jessie RC2, part 1

[Michael Gilbert]

On Thu, Mar 5, 2015 at 1:07 AM, Cyril Brulebois wrote:
 Hi people,

 here's a first round of unblock/unblock-udeb hints for the upcoming d-i
 jessie RC2. Don't hesitate to ask questions if anything looks fishy.

Cyril,

Would it be possible also to unblock ndisc6 in time for RC2?  I saw no
problems in my test installs (bug #778492), but I guess it could be
good to get wider testing before the final jessie d-i.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mn3uasvke2kiz5bn65-+atgwxev1zp3u_nfrghromn...@mail.gmail.com

Re: Bug#778492: unblock: ndisc6/1.0.1-2

[Michael Gilbert]

On Sun, Mar 1, 2015 at 12:32 AM, Michael Gilbert wrote:
 It would be nice to compare what happens when one installs gnome/jessie
 vs. gnome/sid. I really wouldn't want this conflict to trigger having
 rdnssd installed and network-manager/gnome not…

 After a successful jessie gnome install over ipv6

 $ dpkg -l | grep rdnssd
 $ dpkg -l | grep network-manager
 network-manager
 network-manager-gnome

 After a successful sid gnome install over ipv6

 $ dpkg -l | grep rdnssd
 $ dpkg -l | grep network-manager
 network-manager
 network-manager-gnome

I had retyped that in from another computer, and I just now noticed
the commands are incorrect for the shown output.  For completeness,
the actual commands were

$ dpkg -l | grep package | cut -d' ' -f3


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MMF0�wr6zkwlhfz8nc+roqzrxl39ofwhripcyf...@mail.gmail.com

Bug#779466: unblock: e2fsprogs/1.42.12-1.1

[Michael Gilbert]

package: release.debian.org
user: release.debian@packages.debian.org
usertags: unblock
severity: normal
x-debbugs-cc: debian-boot@lists.debian.org

Please consider unblocking e2fsprogs.  A security issue is fixed.

unblock e2fsprogs/1.42.12-1.1
unblock-udeb e2fsprogs/1.42.12-1.1
diff -Nru e2fsprogs-1.42.12/debian/changelog e2fsprogs-1.42.12/debian/changelog
--- e2fsprogs-1.42.12/debian/changelog	2014-08-29 12:51:13.0 +
+++ e2fsprogs-1.42.12/debian/changelog	2015-02-22 02:18:20.0 +
@@ -1,3 +1,10 @@
+e2fsprogs (1.42.12-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2015-1572: incomplete fix for CVE-2015-0247 (closes: #778948).
+
+ -- Michael Gilbert mgilb...@debian.org  Sun, 22 Feb 2015 01:50:57 +
+
 e2fsprogs (1.42.12-1) unstable; urgency=low
 
   * New upstream version
diff -Nru e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch
--- e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch	1970-01-01 00:00:00.0 +
+++ e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch	2015-02-22 02:18:20.0 +
@@ -0,0 +1,48 @@
+From 49d0fe2a14f2a23da2fe299643379b8c1d37df73
+From: Theodore Ts'o ty...@mit.edu
+Date: Fri, 6 Feb 2015 12:46:39 -0500
+Subject: libext2fs: fix potential buffer overflow in closefs()
+
+The bug fix in f66e6ce4446: libext2fs: avoid buffer overflow if
+s_first_meta_bg is too big had a typo in the fix for
+ext2fs_closefs().  In practice most of the security exposure was from
+the openfs path, since this meant if there was a carefully crafted
+file system, buffer overrun would be triggered when the file system was
+opened.
+
+However, if corrupted file system didn't trip over some corruption
+check, and then the file system was modified via tune2fs or debugfs,
+such that the superblock was marked dirty and then written out via the
+closefs() path, it's possible that the buffer overrun could be
+triggered when the file system is closed.
+
+Also clear up a signed vs unsigned warning while we're at it.
+
+Thanks to Nick Kralevich n...@google.com for asking me to look at
+compiler warning in the code in question, which led me to notice the
+bug in f66e6ce4446.
+
+Addresses: CVE-2015-1572
+
+Signed-off-by: Theodore Ts'o ty...@mit.edu
+
+--- a/lib/ext2fs/closefs.c
 b/lib/ext2fs/closefs.c
+@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ 	dgrp_t		j;
+ #endif
+ 	char	*group_ptr;
+-	int	old_desc_blocks;
++	blk64_t	old_desc_blocks;
+ 	struct ext2fs_numeric_progress_struct progress;
+ 
+ 	EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
+@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ 	group_ptr = (char *) group_shadow;
+ 	if (fs-super-s_feature_incompat  EXT2_FEATURE_INCOMPAT_META_BG) {
+ 		old_desc_blocks = fs-super-s_first_meta_bg;
+-		if (old_desc_blocks  fs-super-s_first_meta_bg)
++		if (old_desc_blocks  fs-desc_blocks)
+ 			old_desc_blocks = fs-desc_blocks;
+ 	} else
+ 		old_desc_blocks = fs-desc_blocks;
diff -Nru e2fsprogs-1.42.12/debian/patches/series e2fsprogs-1.42.12/debian/patches/series
--- e2fsprogs-1.42.12/debian/patches/series	1970-01-01 00:00:00.0 +
+++ e2fsprogs-1.42.12/debian/patches/series	2015-02-22 02:18:20.0 +
@@ -0,0 +1 @@
+CVE-2015-1572.patch

Re: Bug#778492: unblock: ndisc6/1.0.1-2

[Michael Gilbert]

 It would be nice to compare what happens when one installs gnome/jessie
 vs. gnome/sid. I really wouldn't want this conflict to trigger having
 rdnssd installed and network-manager/gnome not…

After a successful jessie gnome install over ipv6

$ dpkg -l | grep rdnssd
$ dpkg -l | grep network-manager
network-manager
network-manager-gnome

After a successful sid gnome install over ipv6

$ dpkg -l | grep rdnssd
$ dpkg -l | grep network-manager
network-manager
network-manager-gnome

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MNJN7RUa5o=udsy8ah1ofsoxnjkmqqy9f7iq3lb_pk...@mail.gmail.com

Bug#778734: unblock: bind9/9.9.5.dfsg-9

[Michael Gilbert]

package: release.debian.org
user: release.debian@packages.debian.org
usertags: unblock
severity: normal
x-debbugs-cc: debian-boot@lists.debian.org

Please consider unblocking bind9.  It fixes a new security issue.

unblock bind9/9.9.5.dfsg-9
unblock-udeb bind9/9.9.5.dfsg-9
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,10 @@
+bind9 (1:9.9.5.dfsg-9) unstable; urgency=high
+
+  * Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
+affecting setups using DNSSEC (closes: #778733).
+
+ -- Michael Gilbert mgilb...@debian.org  Thu, 19 Feb 2015 03:42:21 +
+
 bind9 (1:9.9.5.dfsg-8) unstable; urgency=medium
 
   * Launch rndc command in the background in networking scripts to avoid a
only in patch2:
unchanged:
--- bind9-9.9.5.dfsg.orig/lib/dns/zone.c
+++ bind9-9.9.5.dfsg/lib/dns/zone.c
@@ -8496,6 +8496,12 @@
 	 namebuf, tag);
 trustkey = ISC_TRUE;
 			}
+		} else {
+			/*
+			 * No previously known key, and the key is not
+			 * secure, so skip it.
+			 */
+			continue;
 		}
 
 		/* Delete old version */
@@ -8544,7 +8550,7 @@
 			trust_key(zone, keyname, dnskey, mctx);
 		}
 
-		if (!deletekey)
+		if (secure  !deletekey)
 			set_refreshkeytimer(zone, keydata, now);
 	}
 

Bug#778492: unblock: ndisc6/1.0.1-2

[Michael Gilbert]

package: release.debian.org
user: release.debian@packages.debian.org
usertags: unblock
severity: normal
x-debbugs-cc: debian-boot@lists.debian.org

Please consider unblocking ndisc6.  I did a QA upload to fix bug #740998.

The kfreebsd builds are missing because of #764692, which sounds
unlikely to be fixed for jessie.

unblock ndisc6/1.0.1-2
unblock-udeb ndisc6/1.0.1-2
diff -u ndisc6-1.0.1/debian/control ndisc6-1.0.1/debian/control
--- ndisc6-1.0.1/debian/control
+++ ndisc6-1.0.1/debian/control
@@ -1,7 +1,7 @@
 Source: ndisc6
 Section: net
 Priority: optional
-Maintainer: Rémi Denis-Courmont r...@remlab.net
+Maintainer: Debian QA Group packa...@qa.debian.org
 Build-Depends: cdbs, debhelper (= 7), autotools-dev, gettext
 Standards-Version: 3.9.1
 Homepage: http://www.remlab.net/ndisc6/
@@ -40,6 +40,7 @@
 Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}
 Recommends: resolvconf
 Suggests: ndisc6
+Conflicts: network-manager
 Description: IPv6 recursive DNS server discovery daemon
  rdnssd autoconfigures recursive DNS servers on IPv6 networks
  using ICMPv6 Neighbor Discovery (RFC 5006), and can update the
diff -u ndisc6-1.0.1/debian/changelog ndisc6-1.0.1/debian/changelog
--- ndisc6-1.0.1/debian/changelog
+++ ndisc6-1.0.1/debian/changelog
@@ -1,3 +1,11 @@
+ndisc6 (1.0.1-2) unstable; urgency=medium
+
+  * QA upload.
+  * Set maintainer to the Debian QA Group (see #713004).
+  * Add conflicts between rdnssd and network-manager (closes: #740998).
+
+ -- Michael Gilbert mgilb...@debian.org  Sat, 14 Feb 2015 01:16:37 +
+
 ndisc6 (1.0.1-1) unstable; urgency=low
 
   * New upstream release:

Bug#778351: unblock: isc-dhcp/4.3.1-6

[Michael Gilbert]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
x-debbugs-cc: debian-boot@lists.debian.org

Please consider unblocking isc-dhcp.  It fixes a regression in init
script error handling (bug #755834, unfortunate bug # typo in the
changelog).

There are no changes to the udebs.

unblock isc-dhcp/4.3.1-6
unblock-udeb isc-dhcp/4.3.1-6
diff --git a/debian/changelog b/debian/changelog
index 4fd1f35..5f5c568 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+isc-dhcp (4.3.1-6) unstable; urgency=medium
+
+  * Fix a regression in error handling for the server's init script
+(closes: #775834).
+- Thanks to François-Régis Vuillemin.
+
+ -- Michael Gilbert mgilb...@debian.org  Fri, 13 Feb 2015 05:13:19 +
+
 isc-dhcp (4.3.1-5) unstable; urgency=medium
 
   * Dynamically link against system bind libraries.
diff --git a/debian/rules b/debian/rules
index be0317e..780bc4a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -62,6 +62,10 @@ override_dh_install:
 	cp contrib/dhcp-lease-list.pl \
 	debian/isc-dhcp-server/usr/sbin/dhcp-lease-list
 
+override_dh_installinit:
+	dh_installinit -Nisc-dhcp-server
+	dh_installinit -pisc-dhcp-server --error-handler=init_script_error_handler
+
 override_dh_strip:
 	dh_strip --dbg-package=isc-dhcp-dbg
 

Bug#778364: unblock: glibc/2.19-15

[Michael Gilbert]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
x-debbugs-cc: debian-boot@lists.debian.org

Please consider unblocking glibc.  It fixes 5 security issues:
https://security-tracker.debian.org/tracker/source-package/glibc

unblock glibc/2.19-15
unblock-udeb glibc/2.19-15


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MPTyhd=riPdP=_yhfoueqe0lk8fs2vjoxdj_kqvzh5...@mail.gmail.com

Bug#778366: unblock: kfreebsd-10/10.1~svn274115-2

[Michael Gilbert]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
x-debbugs-cc: debian-boot@lists.debian.org

Please consider unblocking kfreebsd-10.  It fixes 2 security issues:
https://security-tracker.debian.org/kfreebsd-10

unblock kfreebsd-10/10.1~svn274115-2
unblock-udeb kfreebsd-10/10.1~svn274115-2


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MNj5zAqn8SsLZUAS_9VHfqVr05shefViaG=q=9VsRD=j...@mail.gmail.com

Bug#776186: busybox: CVE-2014-9645

[Michael Gilbert]

control: tag -1 patch, pending

Hi,

I uploaded an nmu fixing this issue to delayed/15.  Please let me know
if I can shorten or if you want to do a maintainer upload instead.
See proposed patch attached.

Best wishes,
Mike
diff -Nru busybox-1.22.0/debian/changelog busybox-1.22.0/debian/changelog
--- busybox-1.22.0/debian/changelog	2014-11-14 09:53:24.0 +
+++ busybox-1.22.0/debian/changelog	2015-01-26 03:21:32.0 +
@@ -1,3 +1,10 @@
+busybox (1:1.22.0-14.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2014-9645: modeprobe accepts paths as modules (closes: #776186).
+
+ -- Michael Gilbert mgilb...@debian.org  Mon, 26 Jan 2015 03:18:37 +
+
 busybox (1:1.22.0-14) medium; urgency=low
 
   * one more attempt to fix the glibc build-depend for #769190, now
diff -Nru busybox-1.22.0/debian/patches/CVE-2014-9645.patch busybox-1.22.0/debian/patches/CVE-2014-9645.patch
--- busybox-1.22.0/debian/patches/CVE-2014-9645.patch	1970-01-01 00:00:00.0 +
+++ busybox-1.22.0/debian/patches/CVE-2014-9645.patch	2015-01-26 03:24:58.0 +
@@ -0,0 +1,25 @@
+From 4e314faa0aecb66717418e9a47a4451aec59262b
+From: Denys Vlasenko vda.li...@googlemail.com
+Date: Thu, 20 Nov 2014 17:24:33 +
+Subject: modprobe,rmmod: reject module names with slashes
+
+--- a/modutils/modprobe.c
 b/modutils/modprobe.c
+@@ -239,6 +239,17 @@ static void add_probe(const char *name)
+ {
+ 	struct module_entry *m;
+ 
++	/*
++	 * get_or_add_modentry() strips path from name and works
++	 * on remaining basename.
++	 * This would make rmmod dir/name and modprobe dir/name
++	 * to work like rmmod name and modprobe name,
++	 * which is wrong, and can be abused via implicit modprobing:
++	 * ifconfig /usbserial up tries to modprobe netdev-/usbserial.
++	 */
++	if (strchr(name, '/'))
++		bb_error_msg_and_die(malformed module name '%s', name);
++
+ 	m = get_or_add_modentry(name);
+ 	if (!(option_mask32  (OPT_REMOVE | OPT_SHOW_DEPS))
+ 	  (m-flags  (MODULE_FLAG_LOADED | MODULE_FLAG_BUILTIN))
diff -Nru busybox-1.22.0/debian/patches/series busybox-1.22.0/debian/patches/series
--- busybox-1.22.0/debian/patches/series	2014-11-10 12:06:53.0 +
+++ busybox-1.22.0/debian/patches/series	2015-01-26 03:24:54.0 +
@@ -27,3 +27,5 @@
 stop-checking-ancient-kernel-version.patch
 iproute-support-onelink-route-option-and-print-route-flags.patch
 update-deb-format-support.patch
+
+CVE-2014-9645.patch

Bug#776186: busybox: CVE-2014-9645

[Michael Gilbert]

On Sun, Jan 25, 2015 at 10:49 PM, Cyril Brulebois wrote:
 I uploaded an nmu fixing this issue to delayed/15.  Please let me know
 if I can shorten or if you want to do a maintainer upload instead.
 See proposed patch attached.

 NACK, it won't make it into testing this way.

Ok, cancelled.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mpmysijb+-mky-x_swpjiagy6f-bz3u4ssxkoytndn...@mail.gmail.com

unblock: bind9/1:9.9.5.dfsg-8

[Michael Gilbert]

Please unblock bind9.  It fixes an issue where a hang in named could
bring down the entire network #760555.

The changes only affect the bind9 binary package, so nothing in the
udebs has chaned.

unblock bind9/1:9.9.5.dfsg-8
unblock-udeb bind9/1:9.9.5.dfsg-8


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MNxYu1Wsj=B=D0zWEsU8aZ1dvWEuab6vn3pELgbn-nZ=a...@mail.gmail.com

unblock: bind9/1:9.9.5.dfsg-8

[Michael Gilbert]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock bind9.  It fixes an issue where a hang in named could
bring down the entire network #760555.

This only touches files in the bind9 binary package, so nothing in the
udebs has changed.

unblock bind9/1:9.9.5.dfsg-8
unblock-udeb bind9/1:9.9.5.dfsg-8


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MMwuKXytrKOc8O0YF-S=oz9f3w6kryqonyl1if17xb...@mail.gmail.com

Re: Bug#762762: Updating isc-dhcp udeb to dynamically link bind

[Michael Gilbert]

On Fri, Oct 31, 2014 at 9:57 AM, Steven Chamberlain wrote:
 On 31/10/14 10:44, Michael Tokarev wrote:
 Is it on kfreebsd, or on linux kernel too?  I wonder maybe we should
 switch to isc-dhcp on all variants/arches, and ditch udhcpc...

 Linux d-i only uses udhcpc at the moment.  (Ubuntu uses isc-dhcp though
 IIRC).  We did discuss converging on a single DHCP client across all
 Debian architectures, but:

   * it's way too late to do this for jessie, I doubt KiBi would even
 hear of it!  d-i can be very sensitive to changes and this might break
 in non-obvious use cases that don't get tested much

Is it possibly a one or two line diff to change back to isc-dhcp?  If
so, it is possible that it may be considered.  Is that set in netcfg?

Since isc-dhcp was the wheezy default and there are quite a few issues
(including RC ones) stemming from udhcpc, it probably makes a lot of
sense to go back to what's known to work well.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MOdvF8=1wwvt0v2fyyh_bwkv_abcmj2crtwjpw_omr...@mail.gmail.com

Re: Bug#762762: Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)

[Michael Gilbert]

On Mon, Oct 6, 2014 at 9:11 PM, Steven Chamberlain wrote:
 On 00:52, Steven Chamberlain wrote:
 Michael Gilbert wrote:
  Would it be ok to stage the changes in unstable to make it somewhat
  easy for porters to test?

 I don't particularly need that as I can build the udebs and d-i image
 from them myself.  But doing so would allow others to be testing it
 meanwhile, so I'm okay with it.

 Did you already make a new version of the isc-dhcp package based on
 these new export udebs?  If so, where can I find it?

Hi Steven,

The new isc-dhcp is now uploaded.  Please let me know how your testing goes.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mpbb25ndu4q1udfxrh2cph3vfxhorfo6xk-jcxg3sa...@mail.gmail.com

Re: Bug#762762: Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)

[Michael Gilbert]

On Mon, Oct 6, 2014 at 9:11 PM, Steven Chamberlain wrote:
 On 00:52, Steven Chamberlain wrote:
 Michael Gilbert wrote:
  Would it be ok to stage the changes in unstable to make it somewhat
  easy for porters to test?

 I don't particularly need that as I can build the udebs and d-i image
 from them myself.  But doing so would allow others to be testing it
 meanwhile, so I'm okay with it.

 Did you already make a new version of the isc-dhcp package based on
 these new export udebs?  If so, where can I find it?

No, not yet.  Will probably get to that tomorrow.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MNmqCSH4fnnXCE80=f1Z3B1A+Y2F=1idn-tzifb9+x...@mail.gmail.com

Re: Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)

[Michael Gilbert]

On Thu, Oct 2, 2014 at 11:05 PM, Cyril Brulebois wrote:
 AFAICT isc-dhcp is only used on non-linux archs, through that part of
 Depends:
   isc-dhcp-client-udeb [kfreebsd-any hurd-any]

 You definitely want to get porters involved in checking the resulting
 udebs, and I've therefore added them in Cc.

Dear hurd and kfreebsd porters.  I plan to upload the attached patch,
which along with the previous upload introduces a bind udeb, which
will be dynamically linked by the dhcp udeb.  Please let me know if
this looks ok.

 Have you checked possible impact on the installed size? At least
 kfreebsd has been having regular size-related issues, so it might be
 worth checking this point (even if the ramfs tweaks introduced in the
 past few weeks should avoid further issues).

The install size for dhcp+bind linked isn't much different from the
existing size of dhcp+bind embed, which is about 1.8 MB uncompressed.

Best wishes,
Mike
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,13 @@
+bind9 (1:9.9.5.dfsg-4.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Disable parallel build.  Closes: #762766
+  * Set -fno-delete-null-pointer-checks.  Closes: #750760
+  * Fix dependencies for libbind-export-udeb.  Closes: #762762
+  * Don't install configuration files to /usr.  Closes: #762948
+
+ -- Michael Gilbert mgilb...@debian.org  Sun, 28 Sep 2014 02:56:44 +
+
 bind9 (1:9.9.5.dfsg-4.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -u bind9-9.9.5.dfsg/debian/control bind9-9.9.5.dfsg/debian/control
--- bind9-9.9.5.dfsg/debian/control
+++ bind9-9.9.5.dfsg/debian/control
@@ -187,9 +187,8 @@
 Architecture: any
 Priority: extra
 Depends: ${shlibs:Depends}
-XC-Package-Type: udeb
+Package-Type: udeb
 Description: Exported BIND libraries for debian-installer
- libbind-export-udeb is a minimal bind package used by the debian-installer.
 
 Package: libdns-export100
 Section: libs
diff -u bind9-9.9.5.dfsg/debian/rules bind9-9.9.5.dfsg/debian/rules
--- bind9-9.9.5.dfsg/debian/rules
+++ bind9-9.9.5.dfsg/debian/rules
@@ -23,12 +23,13 @@
 OPT = -O2
 endif
 
-ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
-NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
-export MAKEFLAGS += -j$(NUMJOBS)
-endif
+# parallel build options disabled for #762766
+#ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+#NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+#export MAKEFLAGS += -j$(NUMJOBS)
+#endif
 
-export CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE $(DEBUG) $(OPT)
+export CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE $(DEBUG) $(OPT)
 
 ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
 EXTRA_FEATURES=--disable-linux-caps --disable-threads
@@ -126,6 +127,7 @@
 	dh_installdirs
 	$(MAKE) -C export install DESTDIR=`pwd`/debian/bind9
 	$(MAKE) install DESTDIR=`pwd`/debian/bind9
+	rm -rf debian/bind9/usr/etc
 	rm -f debian/bind9/usr/lib/*.la
 	install -c -o bin -g bin -m 444 debian/db.0 ${ETCBIND}/db.0
 	install -c -o bin -g bin -m 444 debian/db.0 ${ETCBIND}/db.255
@@ -201,6 +203,7 @@
 	dh_fixperms -a
 	dh_makeshlibs -a
 	dh_installdeb -a
+	sed 's/[^ ]*/libbind-export-udeb/'3 debian/*-export*/DEBIAN/shlibs  debian/libbind-export-udeb/DEBIAN/shlibs
 	dh_shlibdeps -a
 	for i in $$(sed -n '/^Package:/s/^.* //p' debian/control); do cat debian/vars.in  debian/$$i.substvars; done
 	cat debian/vars.in  debian/substvars

Re: Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)

[Michael Gilbert]

On Sun, Oct 5, 2014 at 7:02 PM, Cyril Brulebois wrote:
 Michael Gilbert mgilb...@debian.org (2014-10-05):
 Dear hurd and kfreebsd porters.  I plan to upload the attached patch,
 which along with the previous upload introduces a bind udeb, which
 will be dynamically linked by the dhcp udeb.  Please let me know if
 this looks ok.

 NAK.

 +bind9 (1:9.9.5.dfsg-4.2) unstable; urgency=low
 +
 +  * Non-maintainer upload.
 +  * Disable parallel build.  Closes: #762766

 If parallel building worked before you changed things, you get to fix
 the issues rather than working around them. bind9 is a pain to build,
 so having to deal with a forced -j1 is a nasty regression.

It's a rarely used path through the build system (--enable-exportlib),
so it's sort of unsurprising that there was a lurking issue.

Anyway, in the meantime I fixed the problem.  Thanks for the prodding.

 +  * Set -fno-delete-null-pointer-checks.  Closes: #750760
 +  * Fix dependencies for libbind-export-udeb.  Closes: #762762

 This udeb doesn't make any sense to me.

 $ cat ./debian/libbind-export-udeb/DEBIAN/shlibs
 libdns-export 100 libbind-export-udeb
 libirs-export 91 libbind-export-udeb
 libisc-export 95 libbind-export-udeb
 libisccfg-export 90 libbind-export-udeb

 The udeb is unversioned. ABI is going to be broken as usual in later
 uploads, meaning the udeb shipping these shared objects will break
 reverse dependencies:
   /usr/lib/libisccfg-export.so.90.1.0
   /usr/lib/libdns-export.so.100.2.2
   /usr/lib/libirs-export.so.91.0.0
   /usr/lib/libisc-export.so.95.5.0
   /usr/lib/libdns-export.so.100 - libdns-export.so.100.2.2
   /usr/lib/libisccfg-export.so.90 - libisccfg-export.so.90.1.0
   /usr/lib/libirs-export.so.91 - libirs-export.so.91.0.0
   /usr/lib/libisc-export.so.95 - libisc-export.so.95.5.0

 I really fail to see how you could possibly imagine anything could work.

I was trying to avoid an explosion in the number of udebs, but I get
your point now that won't work.  I've split up the udebs now so things
can be properly versioned.

 Since we're late in the D-I release cycle, since we're late in the
 release cycle in general (window for transitions closed past month),
 since there was no coordination whatsoever, and since there is
 apparently no well thought through plan, I think I'll oppose isc-dhcp's
 using such a udeb.

Maybe I've addressed your concerns, maybe not, but please consider the
revised changes attached.

Best wishes,
Mike
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,13 @@
+bind9 (1:9.9.5.dfsg-4.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix intermittent parallel build failure.  Closes: #762766
+  * Set -fno-delete-null-pointer-checks.  Closes: #750760
+  * Use separate packages for the udebs.  Closes: #762762
+  * Don't install configuration files to /usr.  Closes: #762948
+
+ -- Michael Gilbert mgilb...@debian.org  Mon, 06 Oct 2014 01:23:57 +
+
 bind9 (1:9.9.5.dfsg-4.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -u bind9-9.9.5.dfsg/debian/control bind9-9.9.5.dfsg/debian/control
--- bind9-9.9.5.dfsg/debian/control
+++ bind9-9.9.5.dfsg/debian/control
@@ -182,15 +182,6 @@
  .
  This package delivers development files for the exported BIND libraries.
 
-Package: libbind-export-udeb
-Section: debian-installer
-Architecture: any
-Priority: extra
-Depends: ${shlibs:Depends}
-XC-Package-Type: udeb
-Description: Exported BIND libraries for debian-installer
- libbind-export-udeb is a minimal bind package used by the debian-installer.
-
 Package: libdns-export100
 Section: libs
 Architecture: any
@@ -200,6 +191,13 @@
  .
  This package delivers the exported libdns shared library.
 
+Package: libdns-export100-udeb
+Section: debian-installer
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+XC-Package-Type: udeb
+Description: Exported DNS library for debian-installer
+
 Package: libisc-export95
 Section: libs
 Architecture: any
@@ -209,6 +207,13 @@
  .
  This package delivers the exported libisc shared library.
 
+Package: libisc-export95-udeb
+Section: debian-installer
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+XC-Package-Type: udeb
+Description: Exported ISC library for debian-installer
+
 Package: libisccfg-export90
 Section: libs
 Architecture: any
@@ -218,6 +223,13 @@
  .
  This package delivers the exported libisccfg shared library.
 
+Package: libisccfg-export90-udeb
+Section: debian-installer
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+XC-Package-Type: udeb
+Description: Exported ISC CFG library for debian-installer
+
 Package: libirs-export91
 Section: libs
 Architecture: any
@@ -228,0 +241,7 @@
+
+Package: libirs-export91-udeb
+Section: debian-installer
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+XC-Package-Type: udeb
+Description: Exported IRS library for debian-installer
diff -u bind9

Re: Bug#762762: Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)

[Michael Gilbert]

On Sun, Oct 5, 2014 at 9:59 PM, Cyril Brulebois wrote:
 I'm not going to go through building this on a kfreebsd porterbox to try
 and figure out how isc-dhcp would look if rebuilt against such packages,
 but that looks a saner base for porters to build upon.

 That doesn't make the timing issues I've mentioned disappear though. I'm
 OK with thinking about it again if porters endorse/welcome/successfully
 test the resulting packages and installation images.

Thanks for the feedback.

Would it be ok to stage the changes in unstable to make it somewhat
easy for porters to test?

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mpb5cgpq1oe6d_vpsoggyk6o3y2bqrrxwba_ozlh6m...@mail.gmail.com

Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)

[Michael Gilbert]

On Mon, Sep 29, 2014 at 6:34 PM, Cyril Brulebois wrote:
 I've uploaded an nmu fixing the issues revealed by the previous nmu to
 delayed/5.  Please let me know if I should delay longer. See attached
 patch.

 The udeb handling is crazy.

Please clearly describe what is actually wrong and I'll fix it.  The
upload was cancelled in the meantime.

 Also, please explain why you're still keeping the submitter and
 debian-boot@ out of the loop while messing around with udebs (#762762).

I simply hadn't gotten around to that until just now, and d-i
shouldn't be affected by anything yet.

Dear installer team, I would like to upload an isc-dhcp package that
use bind as a shared library (libbind-export-udeb) instead of its
internal code copy.  Please let me know when it would be ok to do the
isc-dhcp upload that will least impact d-i beta preparation.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mpra+gtgxuypuje8fq9o-djk9nfobruuczgu0sst-e...@mail.gmail.com

Re: new tasksel

[Michael Gilbert]

On Sun, Sep 7, 2014 at 10:52 PM, Joey Hess wrote:
 I have made some significant changes to tasksel, that will need changes
 elsewhere. I plan to upload this to unstable pretty soon, feedback permitting.
[...]
│[*] Desktop environment │
│[*] ... Xfce│
│[ ] ... GNOME   │
│[ ] ... KDE │

This looks pretty awesome.

Those options aren't very understandable to users as yet unfamiliar
with open source desktops.  I would like to suggest (stuff in
parenthesis not meant to be shown)

  [*] Desktop environment
  [ ] ... Minimal Desktop (task-xfce-desktop --no-install-recommends)
  [*] ... Standard/default Desktop (task-xfce-desktop)
  [ ] ... Comprehensive Desktop (task-gnome-desktop)

This excludes kde, but it's not clear to me how to describe the
difference between kde and gnome succinctly without using the
(meaningless to some users) acronyms.

A note about Minimal Desktop, task-xfce-desktop is about 1500 MB
installed with a lot of stuff I don't really want or need.  So, at
least on my machines, I always unselect Desktop Environment during
installation, then later apt-get install task-xfce-desktop
--no-install-recommends, which results in about a 400 MB installation
and more like 150 MB download.  I think a lot of users prefer this
kind of minimalism, so it would be nice to make that easily available.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=modfol1ydlsziyy6zbcdzl4eoiah2uusm19baxuvrx...@mail.gmail.com

Bug#760778: [Pkg-xfce-devel] Bug#760778: xfce4-session: Please depend on gnome-orca

[Michael Gilbert]

   I sympathise with a11y, but forcing gnome-orca on everyone won't
   happen.
 
  Well, that is actually precisely our goal: to have gnome-orca installed
  on all systems, ready to be started in case one needs it.

 Then it's unrelated to Xfce, and you want to include that in the base
 system.

 Not in the base system, since the base system doesn't have X. But in all
 graphical tasks where it makes sense, yes (it doesn't make sense for KDE
 yet for instance, since qt is still completely inaccessible).

There is desktop-base, which currently only depends librsvg2-common,
but if the goal is to include orca with all desktops that would be one
way to do it (probably as a recommends, rather than a depends).

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mnevow58jkmjfbogkop5dasz+don7gnnophxjwdddu...@mail.gmail.com

Bug#757711: Bug#757988: kfreebsd: troubles with dhcp (configuration going away)

[Michael Gilbert]

On Tue, Aug 19, 2014 at 8:10 PM, Cyril Brulebois wrote:
 Steven Chamberlain ste...@pyro.eu.org (2014-08-20):
 On 14/08/14 18:32, Cyril Brulebois wrote:
  Now, I think there are several questions to answer:
   1. What were the reasons for having arch-dependent dhcp clients?

 I'd speculate because udhcpc from busybox is very small, and
 isc-dhcp-client-udeb was about 2 MiB.  It targets (currently only builds
 on) Linux;  there is a bug open somewhere about porting it to kfreebsd;
  it's infeasible before the jessie freeze, and IMHO I think I prefer to
 keep the ISC version (mostly from a security POV).

 2MiB looks like a candidate for huge savings, which might make some
 sense since we're repeatedly hitting ENOSPC with kfreebsd-*, don't you
 think?

 Not trying to impose any decision, just a bit shocked while discovering
 its size.

dhclient in the udeb is around 1.7 MiB because of embedded bind, which
was introduced in isc-dhcp 4.2. I plan to spend some time to switch
that to dynamically link, which will reduce size since only the parts
of bind actually used will be needed rather than the whole thing.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=monxvufootejlzc2n0p16uvu8xy+lt1mi1sgnu-nqm...@mail.gmail.com

Re: Reverting to GNOME for jessie's default desktop

[Michael Gilbert]

On Fri, Aug 8, 2014 at 1:52 AM, Michael Gilbert wrote:
 The better question is whether the xfce switch had or has any
 influence on slowing the general debian growth rate [0]?  Is the
 slight downtick over the last few months due to the default desktop,
 or some other change that users aren't liking (maybe systemd), or just
 a random fluctuation?

Here's a really interesting view showing the downward trend starting
somewhere in April [0].  Note that the xfce trend was consistently
growing prior to and past January (when the default was changed), but
slowed a lot in April.  At the same time, gnome and base-files started
losing users.

I've chosen to highlight April 26th, which is the date systemd 204-9
was uploaded to unstable [1].  It was around that time that the
systemd packages introduced dependency changes that casual users were
forced to think about.  Anyway, nothing conclusive since correlation
!= causation, but something definitely worth pondering about systemd's
potential cause and effect.

Best wishes,
Mike

[0] 
https://qa.debian.org/popcon-graph.php?packages=base-files+task-gnome-desktop+task-xfce-desktop+gnome+xfce4show_installed=onwant_legend=onwant_ticks=onfrom_date=to_date=hlght_date=2014-04-26date_fmt=%25Y-%25mbeenhere=1
[1] https://packages.qa.debian.org/s/systemd/news/20140426T230007Z.html


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=MPm7-Dms7Qnw+rQ0Tn_7uJ-x1D8gFuVQG3-D60=acm...@mail.gmail.com

Re: Reverting to GNOME for jessie's default desktop

[Michael Gilbert]

On Fri, Aug 8, 2014 at 12:41 AM, Joey Hess wrote:
 Hardware: GNOME 3.12 will be one of the few desktop environments to support
 HiDPI displays, now very common on some laptop models. Lack of support for
 HiDPI means non-technical users will get an unreadable desktop by default, 
 and
 no hints on how to fix that.

 I think the above are fairly big points.

 It would be helpful to see a pointer to a bug report about how xfce
 fails when the DPI is higher than usual. (Also, perhaps worth noting
 that 3.12 is quite a few versions ahead of the gnome currently in
 unstable..)

This is a pretty common misconception and also pretty easy to
workaround. xsettings-Xft can be set to a large value like 180 in
xfce4-settings-editor (xfce's gconf).  That's a usability issue and
could definitely be improved with a widget in one of the more
user-oriented xfce settings tools.

 Another one I've become aware of, but not investigated is that xfce's
 compositor may not do as good a job at eliminating tearing (with eg,
 Intel graphics) as gnome's does. (Also, I think xfce doesn't enable
 compositing by default.) Further investigation of this would be appreciated.

 Popularity: One of the metrics discussed by the tasksel change proponents
 mentioned popcon numbers. 8 months after the desktop change, Xfce does not 
 seem
 to have made a dent on install numbers.

 fwiw 
 https://qa.debian.org/popcon-graph.php?packages=task-gnome-desktop+task-xfce-desktop+gnome+xfce4show_installed=onwant_legend=onwant_ticks=onfrom_date=to_date=hlght_date=2014-01-25date_fmt=%25Y-%25mbeenhere=1

Popcon data is actually very useful when interpreted relatively.
Those curves pretty clearly show user desktop selections going toward
whatever the default is, and growth in desktop installs continuing to
increase overall at a pretty similar rate to the historical trend.  It
would be reasonable to conclude that the default actually doesn't
matter much, and the majority of users will just adapt to whatever it
is (and those that don't are capable of installing
task-gnome-desktop).

The better question is whether the xfce switch had or has any
influence on slowing the general debian growth rate [0]?  Is the
slight downtick over the last few months due to the default desktop,
or some other change that users aren't liking (maybe systemd), or just
a random fluctuation?

Best wishes,
Mike

[0] https://qa.debian.org/popcon.php?package=base-files


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=moyyck-isvrpg1v0gqse1q+kt5prt5yg7nscvbgwsv...@mail.gmail.com

Bug#734324: debootstrap: unavoidable keyring warning in second-stage

[Michael Gilbert]

package: debootstrap
version: 1.0.56
severity: normal

The second stage always presents the keyring warning.  This, I think,
is unnecessary since all of the package verification is done during
the first stage.

One may think that this could be worked around by using --keyring
/debian-archive-keyring.gpg (after moving it there), but that makes
it worse since gpgv is not yet installed in the chroot.

Anyway, maybe it makes sense to disable all of the keyring stuff when
--second-stage is used.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MPTT_aoYihPhyKGsTCS4beuCZcY66xbE7kLSV=6t3s...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Thu, Jan 2, 2014 at 8:31 PM, Michael Gilbert wrote:
 Now, I certainly don't want all that weight solely on my shoulders, so
 I would very much prefer this choice to be team-maintained, and I
 think the installer/boot team has the expertise and clout to make the
 right choice when the time is really right to change the default
 Debian init.

Based on the direction the discussion went yesterday and a night to
sleep on it, I've decided that I am going to maintain this myself.

Thanks a lot for all of the constructive feedback.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mosbqafwb0p1cjby5cn7eef5o9qktokwog4skfe-u3...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Fri, Jan 3, 2014 at 4:43 AM, Andreas Cadhalpun wrote:
 Hi,

 On 03.01.2014 10:16, Gaudenz Steinlin wrote:

 Michael Gilbert mgilb...@debian.org writes:

 So, today I wrote init-select.  It's a small tool that empowers users
 to freely and simply choose among all of the available init systems.
 It also empowers Debian contributors to devote their energy toward
 their favorite init knowing that users can easily swap inits to try
 the new features they are working on.


 IMO you are solving the wrong problem. Or how would you ensure that
 while the user can easily switch the init system, when doing so half of
 the daemons installed won't start because they don't support the
 alternative. And if he switches back, the other half does not start
 because the only support the other alternative. IMO the hard problem is
 mostly about which systems must be supported by all packages.
 init-select does not help to solve this.


 I think this would not be a problem (at least until jessie+1), because both
 systemd and upstart have a compatibility layer for sysvinit scripts, which
 all daemons have to provide according to policy.

 But I fail to see, why initsel would be better than:
 sudo apt-get install systemd-sysv/upstart/sysvinit-core

Because it makes it possible for all of them to coexist peacefully.
Right now all of those packages conflict with one-another.  Thus,
currently switching init systems that way can be a scary process for
the average user.

Finally, there is no way to select anything other than the default
init in during the installation process (note that init-select doesn't
currently implement that yet, but will be rather straightforward).

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mpqxdkgkadzi3tegwgad8rrouy8z-3rgahdtmjp4hn...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Fri, Jan 3, 2014 at 4:40 AM, Cyril Brulebois wrote:
 Michael Gilbert mgilb...@debian.org (2014-01-02):
 So, I suppose this isn't immediately obvious, but there is another
 solved problem here.

 Say the TC ultimately does not choose systemd as the default, and one
 day gnome entirely drops compatibility with the other inits.  The
 gnome maintainers can take advantage of init-select to automatically
 move their users from whatever that default is to systemd.

 That is simply

   # init-select /bin/systemd
   # update-grub

 somewhere appropriate in their maintainer scripts.

 TC is supposed to take decisions with rationales, and suggesting a path
 forward for everyone involved. I suppose they're going to have a plan
 for Gnome vs. systemd if systemd isn't chosen.

 I'm not sure why just waiting for a decision wouldn't be the right thing
 to do right now.

It is often far more ideal when the TC chooses to not act.  TC action
means that the project is somehow dysfunctional.

init-select is a very simple technical solution to a very large social problem.

Why would we not solve the problem here and totally diffuse the
political fallout and unhappiness that the TC mandate is going to
cause?

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MNUirDGbHp55xzzzGr-7epMUU=20rq-14kqyhtdjen...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Fri, Jan 3, 2014 at 4:16 AM, Gaudenz Steinlin wrote:
 Or how would you ensure that
 while the user can easily switch the init system, when doing so half of
 the daemons installed won't start because they don't support the
 alternative. And if he switches back, the other half does not start
 because the only support the other alternative. IMO the hard problem is
 mostly about which systems must be supported by all packages.
 init-select does not help to solve this.

I completely agree that is entirely outside the scope of the problem
init-select is meant to solve.  Getting the individual init systems
into a fully usable state is ultimately the responsibility of the
various teams working on their favorite init.

 I've set the maintainer to debian-boot now in the hope that this
 proposal sounds reasonable.  There is of course more work to do, which
 is documented in a TODO file in the source, which will make the
 package better, but the existing functionality, I think, is already
 useful.  I can switch inits on a whim in seconds now.

 I don't see why the installer team should be in any better position to
 choose the default init system for Debian than any other team. At least
 since I'm involved (~ 10 years) the mailinglist name for the installer
 was a bit of a  misnomer. The team has nothing to do with everyday
 booting of the system. It probably comes from the fact that the
 installer before d-i was called boot-floppies.

For the same reason that the installer team reluctantly chooses the
default desktop environment: that is the first path which the user
actually needs to make a choice (or non-choice of course).

Plus I think the project very much respects the unbiased
decision-making process of the d-i team.  This is why the TC decision
will be troublesome: there was no way to keep bias and politicization
out of the process, so a lot of the project will ultimately not
respect the decision.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MP2K=1jinroch6adc4wt0z4lghtxd_wmndw6ft8fan...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Fri, Jan 3, 2014 at 11:00 AM, Cyril Brulebois k...@debian.org wrote:
 Michael Gilbert mgilb...@debian.org (2014-01-03):
 It is often far more ideal when the TC chooses to not act.  TC action
 means that the project is somehow dysfunctional.

 init-select is a very simple technical solution to a very large social
 problem.

 Having to pick an init system is *not* a social problem.

All TC decisions are attempts at the resolution of social problems.
They only consider issues that involve the social disagreement between
at least two people.  The fact that the disagreement is happens to be
over a technical topic does not eliminate the social aspect.

 Trying to support several init systems is *not* in the best interest of
 a distribution. Having a fully functional one (and a transition from the
 former if it's different) is what we need to work on.

Following that logic, supporting multiple packaging helpers, desktop
environments, text editors, compilers, kernels, so on and so on are
also *not* in the best interest of a distribution.  Let's pick the
most functional ones, that is what we need to work on.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=moaqfsm+toh6eh5b7jqb5pg807wwftne62ofufrjxk...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Fri, Jan 3, 2014 at 11:19 AM, Cyril Brulebois k...@debian.org wrote:
 Michael Gilbert mgilb...@debian.org (2014-01-03):
 On Fri, Jan 3, 2014 at 11:00 AM, Cyril Brulebois k...@debian.org wrote:
  Michael Gilbert mgilb...@debian.org (2014-01-03):
  It is often far more ideal when the TC chooses to not act.  TC action
  means that the project is somehow dysfunctional.
 
  init-select is a very simple technical solution to a very large social
  problem.
 
  Having to pick an init system is *not* a social problem.

 All TC decisions are attempts at the resolution of social problems.
 They only consider issues that involve the social disagreement between
 at least two people.  The fact that the disagreement is happens to be
 over a technical topic does not eliminate the social aspect.

 Having a social aspect doesn't mean it's primarily a social problem.

  Trying to support several init systems is *not* in the best interest of
  a distribution. Having a fully functional one (and a transition from the
  former if it's different) is what we need to work on.

 Following that logic, supporting multiple packaging helpers, desktop
 environments, text editors, compilers, kernels, so on and so on are
 also *not* in the best interest of a distribution.  Let's pick the
 most functional ones, that is what we need to work on.

 False analogy.

Evidence and/or logic would be nice, otherwise there is no reason to
conclude this.

 Anyway, not going to play on words because there are so many efforts
 wasted with this topic already. Again, my position on the topic: No, this
 doesn't belong to the installer.

Thanks for taking the time to think about it.  I very much respect your opinion.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MOpZUmS-b=bzdX0=h_+wu-9pwptrcmzatnmyblhk0-...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Fri, Jan 3, 2014 at 11:44 AM, Michael Gilbert wrote:
On Fri, Jan 3, 2014 at 11:19 AM, Cyril Brulebois wrote:
 Anyway, not going to play on words because there are so many efforts
 wasted with this topic already. Again, my position on the topic: No, this
 doesn't belong to the installer.

 Thanks for taking the time to think about it.  I very much respect your 
 opinion.

I should clarify.  I very much respect your opinion, but I do
disagree, so it would be nice to hear thoughts from other d-i people
than outright abandoning the idea.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MNhythfieDqNyKgiQJMC9Lsp_iB=bszampashnntqw...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Fri, Jan 3, 2014 at 1:29 PM, Gaudenz Steinlin wrote:
 Michael Gilbert mgilb...@debian.org writes:

 On Fri, Jan 3, 2014 at 11:00 AM, Cyril Brulebois k...@debian.org wrote:
 Michael Gilbert mgilb...@debian.org (2014-01-03):
 It is often far more ideal when the TC chooses to not act.  TC action
 means that the project is somehow dysfunctional.

 init-select is a very simple technical solution to a very large social
 problem.

 Having to pick an init system is *not* a social problem.

 All TC decisions are attempts at the resolution of social problems.
 They only consider issues that involve the social disagreement between
 at least two people.  The fact that the disagreement is happens to be
 over a technical topic does not eliminate the social aspect.

 Trying to support several init systems is *not* in the best interest of
 a distribution. Having a fully functional one (and a transition from the
 former if it's different) is what we need to work on.

 Following that logic, supporting multiple packaging helpers, desktop
 environments, text editors, compilers, kernels, so on and so on are
 also *not* in the best interest of a distribution.  Let's pick the
 most functional ones, that is what we need to work on.

 As Cyril already said these are false analogies. Supporting multiple
 packageing helpers does not place a burden on maintainers that only use
 one of them. It's also invisible to users. Similar arguments can be made
 for your other examples. On the other hand supporting several init
 systems places a burden onto every daemon maintainer. Every init system
 is only usefull if it's supported by all packages.

So, somehow I think this keeps getting misunderstood, or maybe not
contemplated at a deeper level.

Support for multiple inits means each island in debian gets to choose
the init that suites them best.  gnome and kde lands can choose
systemd since it enables them to be closest to upstream.  kfreebsd,
hurd, xfce, and whatever else lands can choose upstart due to is
portability, so on and so forth.

Ultimately, debian is going to have multiple inits.  It is simple
matter of fact.  gnome will need systemd.  kfreebsd needs something
more portable.  Let's think about how we get to the state where we
support that dynamism in a user-friendly manner.

 The option of just useing the init script compatibility layer that most
 (all) init systems currently provide is IMO just not an option because
 it does not let us use most of the benefits of the newer systems. It's
 just sysv-init in new cloths.

My arguments have never been for that.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mppbdslo41pdsmp7hbddtek8jvppwhn9cne5hnp0rf...@mail.gmail.com

init-select

[Michael Gilbert]

Hi :)

The TC init discussion has diverged significantly from Debian's usual
ideals of freedom and meritocracy, so I decided to do something about
it.

So, today I wrote init-select.  It's a small tool that empowers users
to freely and simply choose among all of the available init systems.
It also empowers Debian contributors to devote their energy toward
their favorite init knowing that users can easily swap inits to try
the new features they are working on.

But most importantly, it provides a path for eliminating the
politicization of the init system problem.

That would be achieved if Debian's default init were to simply become
init-select's default.

Now, I certainly don't want all that weight solely on my shoulders, so
I would very much prefer this choice to be team-maintained, and I
think the installer/boot team has the expertise and clout to make the
right choice when the time is really right to change the default
Debian init.

The initial package is up for review at:
http://people.debian.org/~mgilbert/other

I've set the maintainer to debian-boot now in the hope that this
proposal sounds reasonable.  There is of course more work to do, which
is documented in a TODO file in the source, which will make the
package better, but the existing functionality, I think, is already
useful.  I can switch inits on a whim in seconds now.

Anyway, that is my modest proposal.  I hope this doesn't sound too
overly idealistic, intrusive, or I suppose out of the blue :)

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MPLNu6-ss4uOtv+kSF8bPyGOvBC4FjeNYaOVr=pf6g...@mail.gmail.com

Re: init-select

[Michael Gilbert]

On Thu, Jan 2, 2014 at 8:39 PM, Cyril Brulebois wrote:
 Even if what's happening on tech-ctte isn't exactly ideal, I don't think
 letting users choose their init system is a service to them. Editing a
 kernel command line is enough for those who want to play. Others don't
 need to bother.

So, I suppose this isn't immediately obvious, but there is another
solved problem here.

Say the TC ultimately does not choose systemd as the default, and one
day gnome entirely drops compatibility with the other inits.  The
gnome maintainers can take advantage of init-select to automatically
move their users from whatever that default is to systemd.

That is simply

  # init-select /bin/systemd
  # update-grub

somewhere appropriate in their maintainer scripts.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mo99nvxycbcp6gubqfzl484wk3rn8bav0hhgizsgrb...@mail.gmail.com

Bug#721869: install appropriate linux-headers

[Michael Gilbert]

On Fri, Sep 6, 2013 at 4:58 AM, Bjørn Mork bj...@mork.no wrote:
 Dmitrijs Ledkovs x...@debian.org writes:
 On 5 September 2013 20:58, Bjørn Mork bj...@mork.no wrote:
 Christian PERRIER bubu...@debian.org writes:

 Quoting Bjørn Mork (bj...@mork.no):
 So, it's probably less overkill than it may seem at first glance to
 imagine that installing headers by default may help in some cases.

 I hope and expect most Linux users never needing kernel headers.  And if
 they do need them, then the headers should be pulled in by one of the
 -dkms packages.  I do not think it is a good idea to encourage users or
 driver authors to keep drivers out of Debian.


 How does the dependency look like to get headers for the _currently_
 running kernel and not the latest one available/installed?
 Considering I can upgrade to the new kernel packages a few times
 before rebooting.

 This is way outside what you can expect to be supported.

I wouldn't worry about that.  Users likely want to be using the latest
kernel anyway, and if they for some reason aren't and submit a bug
report about modules not working, they can be instructed to either
reboot or install the linux-headers for their specific kernel version.

 Sitting on the outside here, I am puzzled to see this belief that Debian
 should support all sorts of user modifications to the kernel package.

This isn't at all about modifying the kernel package itself.  It is
about building kernel modules available in many separate packages.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mnajdj2n95iv27e58-6nomvoakxz67pt4waptzpgbh...@mail.gmail.com

Re: task-desktop: default desktop environment for Jessie

[Michael Gilbert]

On Thu, May 30, 2013 at 3:44 AM, Cyril Brulebois wrote:
 There's no final decision, it simply never was discussed at all.

It would probably be good to get that discussion started early during
this cycle to reduce the surprise factor.

Since it was rather difficult to fit gnome onto 1 cd in wheezy (and I
think some pieces were left off anyway), I think it makes sense now to
start moving toward something like xfce as the default that's small,
and mostly capable, and 4.10 (now making its way into unstable) brings
much needed accessibility features.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MPBNrMbx0h+d-m=avjrswrrzu7xyeapgg1fe9fq6n7...@mail.gmail.com

Re: task-desktop: default desktop environment for Jessie

[Michael Gilbert]

On Fri, May 31, 2013 at 3:06 PM, Cyril Brulebois wrote:
 Michael Gilbert mgilb...@debian.org (31/05/2013):
 It would probably be good to get that discussion started early during
 this cycle to reduce the surprise factor.

 Since it was rather difficult to fit gnome onto 1 cd in wheezy (and I
 think some pieces were left off anyway), I think it makes sense now to
 start moving toward something like xfce as the default that's small,
 and mostly capable, and 4.10 (now making its way into unstable) brings
 much needed accessibility features.

 A somewhat related question is whether we're going to keep trying to
 fit stuff onto CD#1, as opposed to moving to supporting various “USB
 key sizes”. If I'm not mistaken, Steve has expressed such a wish (or
 intent) during the last wheezy preparation steps.

As a point of reference, I still have (and use every now and then) an
old laptop that has a cd-rom but no dvd-rom, and its bios does not
support usb booting.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mnypyhyb_htg5jgjh5mneiekbrfaybszysx-uodt8d...@mail.gmail.com

Bug#693839: debian-installer: kernel install fails on armel buffalo linkstation pro, missing uboot-mkimage

[Michael Gilbert]

control: tag -1 patch

On Sun, Mar 17, 2013 at 2:33 PM, Michael Gilbert wrote:
 Martin Michlmayr wrote:
 I disagree.  flash-kernel maintains a database with information about
 each device, including a list of required packages.  It will install
 those required packages.  u-boot-tools is listed for the Linkstation,
 so the real question is why it's not being installed.

 Looking at db/all.db, all of the machines have Required-packages:
 u-boot-tools, so in a way its already a universal dependency, I
 wonder if it wouldn't make more sense to make it a real dependency
 (as was done with the 3.4 upload)?

Since the release is getting close, I've gone ahead with an nmu adding
u-boot-tools as a real dependency.  Uploaded to delayed/5 to give
you a chance to do a maintainer upload if desired.  Please see
attached patch.

Best wishes,
Mike


flash-kernel.patch
Description: Binary data

Bug#693839: debian-installer: kernel install fails on armel buffalo linkstation pro, missing uboot-mkimage

[Michael Gilbert]

control: tag -1 -patch

On Mon, Mar 25, 2013 at 6:02 AM, Julien Cristau wrote:
 Since the release is getting close, I've gone ahead with an nmu adding
 u-boot-tools as a real dependency.  Uploaded to delayed/5 to give
 you a chance to do a maintainer upload if desired.  Please see
 attached patch.

 Please cancel that nmu.  Or I'll do it.  You don't get to upload changes
 over the maintainer's specific objections.

Done.


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MM04869D0ASQGum5VkTPyWahvTNGt+3h0n9Z=ia4tv...@mail.gmail.com

Bug#693839: debian-installer: kernel install fails on armel buffalo linkstation pro, missing uboot-mkimage

[Michael Gilbert]

Martin Michlmayr wrote:
 I disagree.  flash-kernel maintains a database with information about
 each device, including a list of required packages.  It will install
 those required packages.  u-boot-tools is listed for the Linkstation,
 so the real question is why it's not being installed.

Looking at db/all.db, all of the machines have Required-packages:
u-boot-tools, so in a way its already a universal dependency, I
wonder if it wouldn't make more sense to make it a real dependency
(as was done with the 3.4 upload)?

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mpldue5ruqmu1skc_1angptt1_wwl7n6wahzosg43c...@mail.gmail.com

Please lift udeb-block from isc-dhcp

[Michael Gilbert]

Hi,

Please remove the udeb-block from isc-dhcp so wheezy can get the RC
bug fixes uploaded to tpu a couple weeks ago.

Thanks,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mm7+93h5vlkspawcm_g90k+qcp8jcfp-yebj5bvhk+...@mail.gmail.com

Re: Please lift udeb-block from isc-dhcp

[Michael Gilbert]

On Sun, Mar 3, 2013 at 5:57 AM, Michael Gilbert wrote:
 Hi,

 Please remove the udeb-block from isc-dhcp so wheezy can get the RC
 bug fixes uploaded to tpu a couple weeks ago.

Sorry, wrong terminology.  Please consider approving a udeb-unblock
for isc-dhcp.

Thanks,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mnge4fljs+srx3acdp4-1ytqs9sppg344qyf164ckr...@mail.gmail.com

Bug#642031: should debootstrap workaround libc6 kernel uname parsing bug

[Michael Gilbert]

Joey Hess wrote:
 I'm unsure about trying to work around this in debootstrap, despite
 https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/802985 having
 a LD_PRELOAD hack to do so.

There is also setarch or uname26:
http://mirror.linux.org.au/linux/kernel/people/ak/uname26/uname26.c

See bug #700884.  With an experimental (two-number version) kernel
debootstrap fails:
# debootstrap lenny lenny http://archive.debian.org/debian

But with uname26, it succeeds:
# uname26 debootstrap lenny lenny http://archive.debian.org/debian

Or setarch:
# setarch x86_64 --uname-2.6 debootstrap lenny lenny
http://archive.debian.org/debian

It would be nice if debootsrap automatically used one of those for
older known broken releases.

Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MPccCTvO1rauHEPxfYWZmmLWbcR1tE9=l7iv3ywcm6...@mail.gmail.com

Re: Trying to install Wheezy on an Asus Zenbook UX32VD

[Michael Gilbert]

On Sun, Nov 25, 2012 at 11:47 AM, Bart-Jan Vrielink wrote:
 Now I'm trying with the disk1 iso copied to another USB disk. This time it
 manages to complete the installation without any issues, but fails to boot.
 After grub, I do get the following at bootup:
 Loading Linux 3.2.0-4-amd64 ...
 Loading initial ramdisk ...
 error: no suitable mode found.
 Booting however

That is grub bug #661789.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mmdhbg52inxa9jipwnoekdswq364l4cidepd6srvxc...@mail.gmail.com

Re: Trying to install Wheezy on an Asus Zenbook UX32VD

[Michael Gilbert]

On Sun, Nov 25, 2012 at 1:02 PM, Bart-Jan Vrielink wrote:
 That is grub bug #661789.

 Looks like it is. Anyone knows a workaround?

Yes.  Take a look at the merged bug reports.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MP7xUqP1MRTnh8DLn1T13ncEUaRpM2oZkvt=tY_Jkga=w...@mail.gmail.com

Re: netinst + uefi (was Re: netinst install-time compilation of network drier)

[Michael Gilbert]

On Sun, Nov 25, 2012 at 12:13 AM, Keith Moyer wrote:
 On 11/24/2012 4:53 PM, Steve McIntyre wrote:
 No, you're doing the right thing. dd to the raw device is the
 right way to use the image, I was just checking that was what
 you'd done. Hmmm. Another machine that doesn't like the UEFI stuff
 we've got, it seems. :-(

 I think it was just the fault of a cheap USB key.  I reflashed the
 netinst image onto a better one, and it is UEFI bootable.

Is there anything of interest about that USB drive?   What brand/model
was it?  Which USB standard does it conform to?  What does dmesg say
when you plug it in?

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MNzKLa2QRz6BGVYew6Vv=gqtyjeg9jkvghbv+6uqjj...@mail.gmail.com

Re: Trying to install Wheezy on an Asus Zenbook UX32VD

[Michael Gilbert]

On Sat, Nov 24, 2012 at 9:17 AM, Bart-Jan Vrielink wrote:
 Hello,

 I'm trying to use the latest beta of the Wheezy installer to get an OS on my
 new Zenbook.

I also have a zenbook, so I ran into similar issues, but this was
before EFI support was added.

 I did this by DD'ing the netboot iso to an USB stick. This seems to work, I
 can boot from this USB stick and start the installer.

 The first challenge I get is that my Wifi needs to load some firmware files.
 There is a partition labeled Firmware that supposedly is for that, but no
 matter what I try (either the .deb files, or the firmware files itself),
 they do not get picked up. I've worked around this problem by using a wired
 Ethernet connection instead.

You actually have to copy the firmware files onto that partition yourself:
http://wiki.debian.org/Firmware

 The second challenge is getting a boot loader to work. I cannot find an
 option in the BIOS to set it to classic mode, so it looks like I have to
 go the EFI route. However, the installer only offers me to install grub-pc
 and not grub-efi. Has anyone getting the installer to work with EFI? Exactly
 what partitions should I have for this?

At the end of the install (after grub-pc installed), I used one of the
virtual consoles to install grub-efi-amd64, and essentially followed
these steps:
http://womble.decadent.org.uk/blog/installing-debian-gnulinux-and-windows-dual-boot-under-uefi.html

Again, this was pre-EFI, so if these things aren't working in an
automated fashion, you should really submit a bug report.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mmzzubudxf7h2uizvkrbk-+3+1gfhfoh4pdgmqgurt...@mail.gmail.com

Bug#680084: nmu

[Michael Gilbert]

Hi, I've uploaded an nmu fixing this issue to delayed/7.  The extra
time is to give you a chance to do a maintainer upload instead.
Please see attached patch.

Best wishes,
Mike


os-prober.patch
Description: Binary data

Bug#680084: nmu

[Michael Gilbert]

On Mon, Nov 12, 2012 at 6:30 PM, Julien Cristau wrote:
 On Mon, Nov 12, 2012 at 16:57:30 -0500, Michael Gilbert wrote:

 Hi, I've uploaded an nmu fixing this issue to delayed/7.  The extra
 time is to give you a chance to do a maintainer upload instead.
 Please see attached patch.

 Isn't this bug just a dupe of 684293, in which case it doesn't need an
 os-prober change?

Possibly.  I've never been able to reproduce the issue myself, so
deferring to Integeri:  #684293 is fixed in kernels  3.2.29, was your
testing done on an earlier version than this and if so can you test
with a newer kernel?

In the meantime, I've canceled the nmu since it may not be needed.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MO0dTmdFP79Bapui=qdaf+ih0h1c7dyaph0gauesvs...@mail.gmail.com

Bug#690594: tasksel: execution aborted due to compilation errors

[Michael Gilbert]

On Sun, Oct 28, 2012 at 6:28 PM, Cyril Brulebois wrote:
 Michael Gilbert mgilb...@debian.org (25/10/2012):
 I've uploaded an nmu fixing this issue to delayed/7.  The extra time
 is in case you want to do a maintainer upload instead.  See attached
 patch.

 The changelog entry really should be more descriptive IMVHO. Reading
 it gives no clue as to which problem is getting fixed.

I've expanded the changelog note and re-upload to delayed/4.  Please
see new patch.

Best wishes,
Mike


tasksel.patch
Description: Binary data

Bug#690594: tasksel: execution aborted due to compilation errors

[Michael Gilbert]

control: tag -1 patch

Hi,

I've uploaded an nmu fixing this issue to delayed/7.  The extra time
is in case you want to do a maintainer upload instead.  See attached
patch.

Best wishes,
Mike


tasksel.patch
Description: Binary data

Bug#680084: os-prober: postinst script gets stuck

[Michael Gilbert]

 Maybe some information about the disk layout helps, too:

 /dev/sda is the only disk installed.

   /dev/sda1   /boot ext4
   /dev/sda2   encrypted physical volume for lvm2:

   /dev/mapper/pv00physical volume
   /dev/mapper/vg00-root   / filesystem ext4
   /dev/mapper/vg00-swap   swap
   /dev/mapper/vg00-root2  empty ext4
   /dev/mapper/vg00-export empty ext4

Is this the contents of your /etc/fstab?  If so, using empty as the
mount point could be part of the problem.  If this is the case, could
you try changing empty to a real mount point?

Thanks,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MPZ9SmH9Y8Ay0BoczrO=-5EYSgx=5q4y5pqrgodg9b...@mail.gmail.com

Bug#680084: os-prober: postinst script gets stuck

[Michael Gilbert]

 I see processes such as:
 grub-mount /dev/mapper/vg1-SomeLogicalVolume /var/lib/os-prober/mount

Can you all see if you have anything in common with these vg
partitions?  Also, can you analyze the output from manually running
the seemingly hanging process?

# grub-mount /dev/mapper/vgwhatever mount-point

Also, what does /dev/mapper/vgwhatever actually point to?

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mpzsdzj73yuqg9glrcn82px-lrgs6mt+2fnffpqjaz...@mail.gmail.com

Bug#685499: closed by Michael Gilbert mgilb...@debian.org (Re: Bug#685499: debian-installer: Include firmware-linux)

[Michael Gilbert]

On Tue, Aug 21, 2012 at 12:41 PM, borish wrote:
 Well, I know how to solve my problem, but this doesn't help the
 unexperienced user who might ditch Debian if wifi doesn't work and install
 Ubuntu instead. Ubuntu supports non-free firmware during install.

Presumably inexperienced (but proactive) users will come across bug
reports like this one, and eventually gain the autonomy to solve their
own problems.

Choice is important.  Debian and Ubuntu have different directions and
adhere to different ideals.  For some users convenience is of the
utmost importance.  For them Ubuntu is simply the better choice, and
that's ok.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mp7+oaf+pxmqyxekxp1zce42fvwt_s+mkghtulw65q...@mail.gmail.com

Re: [pkg-dhcp-devel] Bug#685268: unblock: isc-dhcp/4.2.4-1

[Michael Gilbert]

On Sun, Aug 19, 2012 at 6:25 AM, Cyril Brulebois wrote:
 Michael Gilbert mgilb...@debian.org (18/08/2012):
 Andrew hasn't yet made it clear which version he's been planning to
 support in wheezy [0], but he did upload this one well before the
 freeze.

 Nice try:
 [2012-07-01] Accepted 4.2.4-1 in unstable (low) (Andrew Pollock)

Anyway, it was close.  I don't know whether 0330 UTC July 1 is before
the exact time of the freeze or not, but I do recall the packaging
having an automatic unblock (and a block-udeb) during the month of
July.

Regardless, I don't really care which way the call on this goes, I
just need the call made so I can fix the right version.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mnpovgskln6edzdri4o0xzeyyejhra4vps5jlzqwqc...@mail.gmail.com

Re: [pkg-dhcp-devel] Bug#685268: unblock: isc-dhcp/4.2.4-1

[Michael Gilbert]

On Sun, Aug 19, 2012 at 12:23 PM, Cyril Brulebois wrote:
 Anyway, it was close.

 “close” isn't exactly “well before” as you previously claimed.

Wording mistake.  Sorry.

 I don't see any reasons why the version currently sitting in testing
 would not be the version in wheezy. Which should answer your question
 I think.

Thank you.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mo0ndhwyy70padg7vvtj09ez0tkscfkmoq6i8waxiz...@mail.gmail.com

unblock: isc-dhcp/4.2.4-1

[Michael Gilbert]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package isc-dhcp

Andrew hasn't yet made it clear which version he's been planning to
support in wheezy [0], but he did upload this one well before the
freeze.  Unfortunately it was udeb blocked, so it didn't go in during
the grace period.  I'm going forward with this unblock request
because there are a set of security issues that need to be
backported to whichever version is shipping with wheezy.  If
this one can go in, it will involve fewer patches, and I won't need
to use TPU or testing-security.

The differences between this version and testing's are primarily
that its two upstream point releases newer.  The debian changes
include an RFC compatibility fix and a corection for a kfreebsd
subnet issue.

CCing -boot since this involves a udeb unblock.  I understand
d-i beta2 is coming (soon?), so its likely a please wait from
that perspective.

unblock isc-dhcp/4.2.4-1

[0] 
http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/2012-August/001435.html


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mnhkfv9fgtne8ezak4rzswzxnslh2yk0yylo-vxekp...@mail.gmail.com

Bug#684968: debian-installer: requests non-free firmware for a device that works just as well without it

[Michael Gilbert]

On Thu, Aug 16, 2012 at 12:03 AM, Christian PERRIER wrote:
 This recently came up on the fsf-collab list.  Here are my thoughts on
 appropriate wording:
 http://lists.alioth.debian.org/pipermail/fsf-collab-discuss/2012-August/000200.html

 Obviously that's rather long given character constraints in the
 installer's debconf messages.  But it could be a starting point for
 discussion.

 Post-wheezy, of course..:-)

Certainly :)  All of the potential FSF-freeness stuff will need to
wait until after wheezy's release.

 And by shortening the text quite strongly (I think the first two
 paragraphs are enough: the rest belongs to freeness zealotism -no
 offense intended, I happen to be a zealot, too).

Well, the goal with that wording was to concurrently try to meet the
FSF's requirements to be on their free distributions list (the
requirement that non-free dialog's need to contain information on why
it should be avoided if possible) while being intellectually honest
with the user about their real options (i.e giving them enough
information to be able to reach their own freeness conclusions).

I think providing a well-rounded perspective is good in that includes
the zealot perspective as well as the pragmatists, and leaves it up to
the user to reach their own well-informed decision.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mpn82xmt4el6m9sygml8xgujn2fwovqhbiesktnbvw...@mail.gmail.com

Bug#684968: debian-installer: requests non-free firmware for a device that works just as well without it

[Michael Gilbert]

On Wed, Aug 15, 2012 at 6:05 PM, Stefan Nagy wrote:
 Debian (installer) should enable users to make a decision here. Instead
 right now it seems like the safe way in each and every case is to
 install proprietary firmware – and everyone who decides not to install
 it is on his/her own.

 This is just my opinion (and that's why I reported this bug with
 severity: wishlist).

This recently came up on the fsf-collab list.  Here are my thoughts on
appropriate wording:
http://lists.alioth.debian.org/pipermail/fsf-collab-discuss/2012-August/000200.html

Obviously that's rather long given character constraints in the
installer's debconf messages.  But it could be a starting point for
discussion.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mofklh-rjoqhczotdy14wkucc3gcixrzfnoq-xeq8k...@mail.gmail.com

Bug#684946: debian-installer: CD install iso does not install ndiswrapper correctly.

[Michael Gilbert]

On Tue, Aug 14, 2012 at 6:06 PM, zac newton wrote:
 Package: debian-installer
 Version: debian-6.0.5-i386-cd1.iso
 Severity: important

 The cd iso installer does not install ndiswrapper correctly. One problem 
 (there
 may be more) is that the ndiswrapper.ko file is not installed. The problem is
 only with the full cd installer. Using a netinstall version e.g.
 debian-6.0.5-i386-netinst.iso where ndiswrapper is downloaded over a wired
 internet connection installs ndiswrapper successfully. The problem seems to
 extend to other distributions which rely heavily on debian e.g. Linux Mint
 Debian Edition (linuxmint-201204-mate-cinnamon-dvd-32bit.iso) which also fails
 to install ndiswrapper.ko. The problem seems to have existed for a long time. 
 I
 first encountered it several months ago and, then,  I found several references
 to the problem on the internet. I gave up on debian in frustration because I
 could not get ndiswrapper to work and I needed a network connection to 
 download
 ndiswrapper - which is what I needed ndiswrapper for!!

It looks to be not included in squeeze's cd1:
http://cdimage.debian.org/cdimage/release/6.0.5/i386/list-cd/debian-6.0.5-i386-CD-1.list.gz

Unfortunately its also not on wheezy's beta1 cd1 either:
http://cdimage.debian.org/cdimage/wheezy_di_beta1/i386/list-cd/debian-wheezy-DI-b1-i386-CD-1.list.gz

But it does look like that will change once the new tasks are implemented:
http://cdimage.debian.org/cdimage/tmp/new-tasks/2012-07-08

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mork0fpvvjb1dympvemhstt6ka+5eniopaounqdhrm...@mail.gmail.com

Re: Wheezy release: CDs are not big enough any more...

[Michael Gilbert]

On Sat, May 12, 2012 at 12:04 PM, Steve McIntyre wrote:
 Hey folks,

 Remembering the fun that we had during the Squeeze release with trying
 to make single-CD installations work well, it's time to consider what
 we're going to *claim* to support in Wheezy. We've had a history of
 supporting the following single-CD installations:

  * Gnome desktop from CD#1
  * KDE desktop from KDE CD#1
  * XFCE desktop from light CD#1
  * LXDE desktop from light CD#1
  * base system only from netinst CD

 At this point, I'm skeptical that either of the first two are going to
 work acceptably with Wheezy. If that's the case, then we should warn
 people that they will need to use at least one of:

  * more CDs
  * a DVD
  * a network mirror

 to get a useful/useable installation.

What about supporting only the smaller/lighter desktop environments
(maybe even making one of the the default environment)?  Then there
wouldn't be the need for multiple CD #1's.  Anyone that wants
gnome/kde after installation will need to grab those from the mirrors
(or use DVD or greater media).

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mp7zmd16g325awdxrxvdzfetz_zxjfwhqg+zviqj2j...@mail.gmail.com

Bug#649146:

[Michael Gilbert]

forcemerge 650234 649146
reassign 650234 eglibc
retitle 650234 eglibc: libc-2.11.x.so segfaults when used with ld-2.13.so
thanks

Hi, this seems more of an eglibc issue, so I am reassigning.  Daniel
Kahn Gillmor did a lot of useful tinkering in
http://bugs.debian.org/650234.

Thanks,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MMPfaWPVZJ=cq_yuznvsjg5y6e9zwmjrd5daxmsufd...@mail.gmail.com

Bug#269656: Bug#618920: debootstrap: needs more robust download error handling

[Michael Gilbert]

On Tue, Mar 13, 2012 at 1:06 PM, Colin Watson wrote:
 I've committed my improved version, which you're welcome to review:

Cool!  Thanks for looking into this.  This problem has reared its head
on me too many times to count over the past few years ;)

Thanks again!
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MMbHx+zma5Vxz5wZq_Vwif=ml9u4_zm-8v9vogfqnr...@mail.gmail.com

Bug#655841: Please remove Gnash from default Debian install, as it crashes

[Michael Gilbert]

On Sat, Jan 14, 2012 at 8:42 AM, Alexey Eromenko wrote:
 gnash is not only installed with KDE, from what I see as its
 installation is triggerred by the desktop task, that's common to KDE
 and GNOME, at least.

 It is triggerred by browser-plugin-gnash.

 What do you suggest as alternative? I don't think it is a good idea to
 not provide any flash-enabled web browser.

 Unfortunately the Free Software community has not yet developed stable
 flash player, therefore I suggest to avoid installing _unstable_
 software by default.

lightspark is an alternative.  Of course, it's also experimental, but
who knows, it may be a bit more stable/complet at this point?  I
haven't really looked into it.  Just something worth considering...

Best wishes,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MMv5wMCPOK_zhhYNMxEyn0qNDvSJ4206ZOZ25e=e9_...@mail.gmail.com

Re: daily build 12/12/11 amd64

[Michael Gilbert]

On Fri, Dec 16, 2011 at 3:45 AM, richard  wrote:
 On Thu, 15 Dec 2011 19:01:38 -0500
 Michael Gilbert michael.s.gilb...@gmail.com wrote:

 On Tue, Dec 13, 2011 at 9:08 AM, Richard wrote:
  Hi
  I used the daily build 12/12/11 for a clean install on a amd64 machine,
  the network dchp problem is fixed, but the graphical install still freezes
  on the first page, or could be no response to mouse or keyboard.

 Hi, I'm still having trouble understanding exactly where you're trying
 to say this problem happens.  But anyway, it would be better to submit
 this as a bug against the debian-installer package.  Make sure to
 describe exactly the menu items you're selecting (text install,
 graphic, expert?), and even describe the screens that do work so we
 can get a feel for where this happens.

 Best wishes,
 Mike



 Uhmmm, I seem to have a problem, with my native language.

Sorry, I hope my response didn't seem rude.  I didn't intend it that
way.  Bug reports are good, and don't worry about your english, we'll
work through it.

 try selecting graphical install goes to the first page and does nothing,.

Is that the same thing that happens with the text install?

  no response to anything apart from the power switch.
 Its a waste of time putting in a bug report if that cant be understood,

 I give up :(

On the Installer boot menu screen, you can get to advanced features
by pressing ESC first (you can type help to get info there, then
press the F1-F10 keys to get help).  Since it's a display issue, the
vga and fb (framebuffer) options may be useful.   For example, you
could try:

   install vga=771 fb=false

Anyway, lots of stuff to fiddle with.  If you find something that
works, let us know what it is and what the exact hardware is that
you're using.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mprf8gt_-a5keznwpmrtxrp6pyp_75ess+rnuor-c6...@mail.gmail.com

Re: daily build 12/12/11 amd64

[Michael Gilbert]

On Tue, Dec 13, 2011 at 9:08 AM, Richard wrote:
 Hi
 I used the daily build 12/12/11 for a clean install on a amd64 machine,
 the network dchp problem is fixed, but the graphical install still freezes on 
 the first page,
  or could be no response to mouse or keyboard.

Hi, I'm still having trouble understanding exactly where you're trying
to say this problem happens.  But anyway, it would be better to submit
this as a bug against the debian-installer package.  Make sure to
describe exactly the menu items you're selecting (text install,
graphic, expert?), and even describe the screens that do work so we
can get a feel for where this happens.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MPfo2FJ=_jhpawxoa_nbv4-rrqv-zcdli7qdyrwba6...@mail.gmail.com

Bug#649146: debootstrap: bootstrapping squeeze with the fakechroot variant leads to nested fakeroot usage

[Michael Gilbert]

package: debootstrap
version: 1.0.37
severity: important

Hi,

debootstrapping squeeze with the fakechroot variant leads to a nested
usage of fakeroot.  For example

$ fakeroot fakechroot /usr/sbin/debootstrap --variant=fakechroot
squeeze --verbose ./squeeze-fakechroot
[...]
I: Extracting xz-utils...
I: Extracting zlib1g...
I: Installing core packages...
W: Failure trying to run: chroot
/media/newhd/chroots/squeeze-fakechroot dpkg --force-depends --install
/var/cache/apt/archives/base-files_6.0squeeze3_amd64.deb
/var/cache/apt/archives/base-passwd_3.5.22_amd64.deb

The tail of squeeze-fakechroot/debootstrap/debootstrap.log contains
the following:

fakeroot: FAKEROOTKEY set to 1661226400
fakeroot: nested operation not yet supported

Note that bootstrapping sid seems to be ok with the same command

$ fakeroot fakechroot /usr/sbin/debootstrap --variant=fakechroot sid
--verbose ./sid-fakechroot
[ok]

Thanks for looking into this.

Best wishes,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=mpywrdpgyxszraxygtzrs1qrnp0omroeisbmid9-uo...@mail.gmail.com

Bug#649146: debootstrap: bootstrapping squeeze with the fakechroot variant leads to nested fakeroot usage

[Michael Gilbert]

On Fri, Nov 18, 2011 at 3:06 AM, Michael Gilbert wrote:
 package: debootstrap
 version: 1.0.37
 severity: important

 Hi,

 debootstrapping squeeze with the fakechroot variant leads to a nested
 usage of fakeroot.

It may be that the fix for #588773 wasn't quite right as the following
gets a segfault instead of the nested fakeroot error:

$ export PATH=/sbin:/usr/sbin:/bin:/usr/bin
$ fakeroot fakechroot /usr/sbin/debootstrap --variant=fakechroot
--verbose squeeze ./squeeze
[...]
I: Installing core packages...
W: Failure trying to run: chroot /home/zero79/tmp/squeeze dpkg
--force-depends --install
/var/cache/apt/archives/base-files_6.0squeeze3_amd64.deb
/var/cache/apt/archives/base-passwd_3.5.22_amd64.deb

Tail of debootstrap.log:

Segmentation fault



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CANTw=MP33JTXfMjogJ2teXEpnkFrWZPky=y4yb29wqup510...@mail.gmail.com

Re: Debian testing netinst checksums do not match!

[Michael Gilbert]

On Fri, 23 Sep 2011 00:11:18 +0200 Matthijs Wensveen wrote:

 Hi,
 I've just downloaded the debian-testing-amd64-netinst.iso file from
 http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/amd64/iso-cd/
 
 The checksums in MD5SUMS.small and SHA512SUMS.small do not match with
 the downloaded file! This either means I'm the target of a
 man-in-the-middle attack (which seems unlikely) or that the sums in
 the checksum files are incorrect.

Did you try downloading it a second time?  There are innumerous conditions
that could lead to an incomplete download, which will of course fail any
checksum.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110922181931.ebd2c0b6.michael.s.gilb...@gmail.com

Bug#642183: debian-installer: hybrid iso sizing issue for unstable build

[Michael Gilbert]

package: debian-installer
version: 20110106
severity: important
tags: patch

d-i fails to build unstable x86 netboot images (see below), which
will become a problem as d-i development moves forward with newer
kernels/packages coming in from unstable.  I've attached a patch
that fixes this by using the default last sector for the msdos
partition instead of a size offset.  This certainly works, but I'm
not sure if its an ideal solution.

Best wishes,
Mike

$ cd build  USE_UDEBS_FROM=unstable make build_netboot
geniso_hybrid_plus_firmware_partition ./tmp/netboot/mini.iso
mkfs.msdos 3.0.9 (31 Jan 2010)

Command (m for help): Command action
   e   extended
   p   primary partition (1-4)
Partition number (1-4, default 2): First sector (24576-36863, default 24576): 
Using default value 24576
Last sector, +sectors or +size{K,M,G} (24576-36863, default 36863): Value out 
of range.
Last sector, +sectors or +size{K,M,G} (24576-36863, default 36863): Last 
sector, +sectors or +size{K,M,G} (24576-36863, default 36863): Value out of 
range.
Last sector, +sectors or +size{K,M,G} (24576-36863, default 36863): Value out 
of range.
Last sector, +sectors or +size{K,M,G} (24576-36863, default 36863): Last 
sector, +sectors or +size{K,M,G} (24576-36863, default 36863): 
make[2]: *** [arch_miniiso] Error 1
make[1]: *** [_build] Error 2
make: *** [build_netboot] Error 2
--- util/geniso_hybrid_plus_firmware_partition.orig	2011-09-19 23:27:56.0 -0400
+++ util/geniso_hybrid_plus_firmware_partition	2011-09-19 23:28:06.0 -0400
@@ -49,7 +49,7 @@
 echo p
 echo 2
 echo 
-echo +$firmware_volume_size_MM
+echo
 
 # Pedantically, set partition type to 1: FAT 16
 echo t

Bug#617943: debian-installer: isolated make build_netboot fails due to missing 2.6.32 modules

[Michael Gilbert]

Otavio Salvador wrote:
 The installer itself, sometimes, need modifications or fixes to be able to
 handle newer kernel versions so the version that is hard-coded on those is
 the version that is supported by the installer. It is not only a matter of
 recompile installer against the new kernel (sometimes this works by this is
 not guaranteed). Another important point is that there are architectures
 that use different kernels depending on the subarch (e.g armel uses iop32x,
 kirkwood and others) and dynamically it is more difficult to handle this.
 
 Specifically about the patch it is incomplete since it doesn't handle all
 the architectures thus we can't take it.

Hi,

Sorry I haven't had time to get back to this until just now.  

So, I don't have any of the subarch's to test this, but I believe they
are already handled appropriately in the UDEBS = line in my patch.
I'm concluding this based on the .cfg files, for example iop32x.cfg
would produce 2.6.32-5 for the KERNELIMAGEVERSION var, and that is what
I would automatically return from the automatic processing of the
Packages file.

Will it ever be the case that the kernel version as stated in the
debian-installer_binary-ARCH_Packages file will differ from the
hard-coded value in the cfg files?  It seems like they would have to be
the same, otherwise d-i would fail trying to download non-existent
files, but I may be missing something.

Best wishes,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/2011092313.27e767e7ade48b285bee5...@gmail.com

Bug#617943: debian-installer: isolated make build_netboot fails due to missing 2.6.32 modules

[Michael Gilbert]

retitle 617943 debian-installer: should dynamically populate KERNELIMAGEVERSION
thanks

On Mon, Mar 14, 2011 at 11:39 AM, Otavio Salvador wrote:
 By default the building system gets the udebs from unstable. This is
 configurated on debian/rules using the building system variable (that
 you ought to take a look at). Another alternative is to use a local
 sources.list.udeb.local file to set it to use the stable suite.

Hi, various regressions have happened lately.  make build_all doesn't
get around this issue any more.  Also, changing udeb sources doesn't
work anymore, USE_UDEBS_FROM=unstable make build_netboot.

I've ended up having to implement a couple different ugly workarounds
to keep my testing snapshot builds going while various things change.
I've had enough frustration dealing with those that I've decided to
come up with a real solution.

The core issue is that KERNELIMAGEVERSION is a hardcoded value in the
arch config files, so its currently stuck at squeeze's version.  Thus,
the solution is simply to parse that value from known package info
instead.

Attached is a patch that does that for review/feedback.

Best wishes,
Mike
--- Makefile.orig	2011-07-24 19:34:16.0 -0400
+++ Makefile	2011-07-24 19:33:02.0 -0400
@@ -588,7 +588,8 @@
 
 # Get the list of udebs to install.
 # HACK Alert: pkg-lists/ is still sorted by TYPE instead of a dir hierarchy.
-UDEBS = $(shell set -e; get-packages udeb update 2; pkg-list $(TYPE) $(DRIVER_FOR) $(KERNEL_FLAVOUR) $(KERNELMAJOR) $(SUBARCH) $(KERNELIMAGEVERSION)) $(EXTRAS)
+KERNELIMAGEVERSION = $(shell set -e; get-packages udeb update 2; grep Kernel-Version apt.udeb/state/lists/*_debian_dists_$(USE_UDEBS_FROM)_main_debian-installer_binary-$(ARCH)_Packages | head -1 | cut -d' ' -f2)
+UDEBS = $(shell set -e; pkg-list $(TYPE) $(DRIVER_FOR) $(KERNEL_FLAVOUR) $(KERNELMAJOR) $(SUBARCH) $(KERNELIMAGEVERSION)) $(EXTRAS)
 
 # Get all required udebs and put them in UDEBDIR.
 $(STAMPS)get_udebs-$(targetstring)-stamp: sources.list.udeb

Re: d-i fails at base install

[Michael Gilbert]

Ernest Sales wrote:

 I tried a netinst for testing build 24-04-2011, MD5 OK, but it fails at the 
 'install base system' step. I couldn't investigate further as I am in a 
 hurry, but an older build netinst is working fine.

It's not going to work without a newer = 1.116 base-installer.  Try
the snapshot installer, which has this automatically worked around:
http://lists.debian.org/debian-devel/2011/04/msg00397.html

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110424131623.ebaf3929.michael.s.gilb...@gmail.com

Bug#620569: usbkey install wheezy i386 doesn't work

[Michael Gilbert]

Lorenzo Bernardi wrote:

 On 04/07/2011 01:36 PM, Michael Gilbert wrote:
 
  There is no guarantee that the testing installer will work at any given
  time.  You can try the testing snapshot release, which has certain known
  problems already, has been tested, and is known to work:
   
 
  That should say certain known problems already *fixed*.
 
 
 
 
 I have tried to is the iso image on the page you gave me  and when I 
 tried to install using the USB key I have the following message in the log:
 Apr 08 09:08:01 iso-scan:./debian-testing-snapshot-2011.04-i386-mini.iso 
 not a Debian iso

So, it looks like you're using the old method of copying the iso onto
an already bootable usb stick?  That isn't necessary anymore since you
can just copy the iso directly to usb now (i.e. dd if=file.iso
of=/dev/sdc if sdc is your usb device enumeration).

I think that it may not be considered a debian iso since it's using
local udebs, but I'm not really sure what iso-scan is looking for in
particular. The snapshots are unofficial right now anyway.

 I have looked at the image by mounting them:
 mount -o loop ./debian-testing-snapshot-2011.04-i386-mini.iso /tmp/dd
 ls /tmp/dd/
 adtxt.cfg  dtmenu.cfg f10.txt  f2.txt  f4.txt  f6.txt  f8.txt  
 g2ldr  initrd.gz   isolinux.cfg  linuxmenu.cfgrqtxt.cfg  
 splash.png   txt.cfg  win32-loader.ini
 boot.cat   exithelp.cfg  f1.txt   f3.txt  f5.txt  f7.txt  f9.txt  
 g2ldr.mbr  isolinux.bin  kde lxdeprompt.cfg  setup.exe  
 stdmenu.cfg  vesamenu.c32  xfce
 
 and the daily build iso image gives something different.
 
 mount -o loop ~/OLD/debian-testing-i386-netinst.iso /tmp/dd
 ls /tmp/dd/
 autorun.inf  debian  doc   g2ldr  install  isolinuxpics  
 README.html  README.mirrors.txt  README.txt  tools
 css dists   firmware  g2ldr.mbr  install.386  md5sum.txt  pool  
 README.mirrors.html  README.source  setup.exe   win32-loader.ini

They should be different.  The snapshots are the mini iso version,
which is different than the netinst.

 I should say that using the daily build image burn on a CD works 
 perfectly it is only the usb key installation setup that causes me 
 problems.
 
 When I try to do the installation with the daily build I have these two 
 lines in the log
 
 Apr  3 09:08:35 anna[1914]: grep: /cdrom/dists/stable/Release: No such 
 file or directory
 Apr  3 09:08:35 cdrom-retriever: error: No components listed in 
 /cdrom/dists/stable/Release.

Yes, that will not work because you need the newer base-installer from
sid that hasn't transitioned yet.  That is fixed automatically with the
snapshot release.

Best wishes,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110409143342.e9de1b52.michael.s.gilb...@gmail.com

Bug#620569: usbkey install wheezy i386 doesn't work

[Michael Gilbert]

Lorenzo Bernardi wrote:

 Dear Stefano,
  Lorenzo,
  could you kindly provide us the detailed URLs where did you download 
  vmlinuz, initrd.gz
  and iso file?
 
  Bye
  Stefano
 
 
 
 The url for the downloads are:
 
 http://people.debian.org/~joeyh/d-i/images/daily/hd-media/vmlinuz
 http://people.debian.org/~joeyh/d-i/images/daily/hd-media/initrd.gz
 
 http://caesar.acc.umu.se/cdimage/daily-builds/daily/arch-latest/i386/iso-cd/debian-testing-i386-netinst.iso
 
 this is for the i386 arch and the downloads where done saturday 2 of 
 april 2011.

There is no guarantee that the testing installer will work at any given
time.  You can try the testing snapshot release, which has certain known
problems already, has been tested, and is known to work:
http://lists.debian.org/debian-devel/2011/04/msg00397.html

Best wishes,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110407073435.03bf5be3.michael.s.gilb...@gmail.com

Bug#620569: usbkey install wheezy i386 doesn't work

[Michael Gilbert]

 There is no guarantee that the testing installer will work at any given
 time.  You can try the testing snapshot release, which has certain known
 problems already, has been tested, and is known to work:
 
That should say certain known problems already *fixed*.




-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110407073606.93c37804.michael.s.gilb...@gmail.com

Bug#618920: debootstrap: needs more robust download error handling

[Michael Gilbert]

package: debootstrap
version: 1.0.28
severity: important
tags: patch

debootstrap's current download error handling isn't very robust.  It
declares success just for the presence of a downloaded file, which may
be a partial download, or one for which the checksum doesn't match.
Eventually those conditions will lead to unhandled failures elsewhere
within debootstrap.

This can make d-i very rocky on certain mirrors since one bad package
download ultimately lead to a complete failure of the debootstrap
process, and thus a failed install.  An expert can recover from this,
but an average user will get rather frustrated (especially since the
dialogs for debootstrap errors are rather confusing).  

It may also be useful to expand a bit on these d-i debootstrap error
messages: when an error happens, the right answer that the user wants is
to hit 'go back' twice in a row to start the debootstrap all over again,
but the dialogs are confusing, and 'continue' seems to be the obvious
choice, but that will lead to the broken debootstrap continuing to
completion with various brokenness. Anyway, that maybe should be
submitted as another bug.

So, back to the original issue, I've created a patch that will retry
downloads whenever anything in the get routine fails, which I
believe is much more robust than the current situation.  Please see
attached patch.

Best wishes,
Mike
--- newhd/source/debootstrap-1.0.28/functions	2011-02-21 19:25:08.0 -0500
+++ /usr/share/debootstrap/functions	2011-03-19 10:58:57.0 -0400
@@ -1,3 +1,5 @@
+MAXATTEMPTS=10
+
 ### smallutils
 
 smallyes() {
@@ -241,6 +243,13 @@
 }
 
 get () {
+	for iters in $(seq 1 $MAXATTEMPTS); do
+		if single_get $@; then break; fi
+		warning RETRYING Retrying failed download.
+	done
+}
+
+single_get () {
 	# args: from dest 'nocache'
 	# args: from dest [checksum size] [alt {checksum size type}]
 	local displayname
@@ -331,13 +340,6 @@
 		# http/ftp mirror
 		if wgetprogress -O $dest $from; then
 			return 0
-		elif [ -s $dest ]; then
-			local iters=0
-			while [ $iters -lt 3 ]; do
-warning RETRYING Retrying failed download of %s $from
-if wgetprogress -c -O $dest $from; then break; fi
-iters=$(($iters + 1))
-			done
 		else
 			rm -f $dest
 			return 1
@@ -346,13 +348,6 @@
 		# http/ftp mirror
 		if wgetprogress $CHECKCERTIF $CERTIFICATE $PRIVATEKEY -O $dest $from; then
 			return 0
-		elif [ -s $dest ]; then
-			local iters=0
-			while [ $iters -lt 3 ]; do
-warning RETRYING Retrying failed download of %s $from
-if wgetprogress $CHECKCERTIF $CERTIFICATE $PRIVATEKEY -c -O $dest $from; then break; fi
-iters=$(($iters + 1))
-			done
 		else
 			rm -f $dest
 			return 1

Bug#618920: debootstrap: needs more robust download error handling

[Michael Gilbert]

I probably should have mentioned that these errors are much more
likely within d-i for some reason.  The best way to reproduce this is
to do an installation up through partitioning, then do:

$ debootstrap wheezy /target/wheezy-chroot
http://snapshot.debian.org/archive/debian/20110318T093210Z

At least a few package downloads should fail from that mirror, and
they'll be different every time.

Executing the same command in a full system seems to work fine for
that exact same mirror, so maybe its some other variability within d-i
that is the cause of this issue.

Best wishes,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/AANLkTinic9TK-G7pu+=a5aafaboifjhzhwhirebns...@mail.gmail.com

Bug#618927: busybox-udeb: provide seq

[Michael Gilbert]

package: busybox-udeb
version: 1.18.4-1
severity: normal

It would be nice if busybox-udeb provided seq for use in d-i scripts.
See bug #618920 for one particular case where I would like to use it.

That code of course could be rewritten to avoid the use of seq, but its
so much cleaner with it.

Thanks,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110319123935.7c5d7e60.michael.s.gilb...@gmail.com

Bug#618839: debootstrap-udeb: restore stable/testing/unstable scripts

[Michael Gilbert]

package: debootstrap-udeb
version: 1.0.28
severity: normal
tags: patch

It can actually be useful to have the various statically named scripts
available in the installer.  In particular, for working on snapshots,
its more useful for me to be able to use the term testing everywhere,
rather than hardcoding wheezy specifically just for debootstrap.

Attached is a patch for this.

Thanks,
Mike
diff -Nru debootstrap-1.0.28/debian/changelog debootstrap-1.0.28gilbert1/debian/changelog
--- debootstrap-1.0.28/debian/changelog	2011-02-21 19:51:19.0 -0500
+++ debootstrap-1.0.28gilbert1/debian/changelog	2011-03-18 16:25:11.0 -0400
@@ -1,3 +1,9 @@
+debootstrap (1.0.28gilbert1) unstable; urgency=low
+
+  * Don't remove convienience links in debootstrab-udeb.
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com  Fri, 18 Mar 2011 16:24:43 -0400
+
 debootstrap (1.0.28) unstable; urgency=low
 
   [ Miguel Figueiredo ]
diff -Nru debootstrap-1.0.28/debian/rules debootstrap-1.0.28gilbert1/debian/rules
--- debootstrap-1.0.28/debian/rules	2011-01-18 12:16:05.0 -0500
+++ debootstrap-1.0.28gilbert1/debian/rules	2011-03-18 16:24:36.0 -0400
@@ -23,7 +23,4 @@
 		debian/debootstrap-udeb/usr/share/debootstrap/scripts/edgy \
 		debian/debootstrap-udeb/usr/share/debootstrap/scripts/feisty \
 		debian/debootstrap-udeb/usr/share/debootstrap/scripts/*.buildd \
-		debian/debootstrap-udeb/usr/share/debootstrap/scripts/*.fakechroot \
-		debian/debootstrap-udeb/usr/share/debootstrap/scripts/stable \
-		debian/debootstrap-udeb/usr/share/debootstrap/scripts/testing \
-		debian/debootstrap-udeb/usr/share/debootstrap/scripts/unstable
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/*.fakechroot

Bug#617943: debian-installer: isolated make build_netboot fails due to missing 2.6.32 modules

[Michael Gilbert]

package: debian-installer
version: 20110106
severity: important

d-i's make build_netboot currently fails due to absent 2.6.32 module udebs.
Strangely enough, the netboot build seems to go fine when using debuild
instead of the isolated make build_netboot.

Thanks for looking into this.  Best wishes,
Mike

Failed build log:

$ apt-get source debian-installer
Reading package lists... Done
Building dependency tree   
Reading state information... Done
NOTICE: 'debian-installer' packaging is maintained in the 'Svn' version control 
system at:
svn://svn.debian.org/d-i/trunk/installer
Need to get 13.6 MB of source archives.
Get:1 http://ftp.us.debian.org/debian/ sid/main debian-installer 20110106 (dsc) 
[3,248 B]
Get:2 http://ftp.us.debian.org/debian/ sid/main debian-installer 20110106 (tar) 
[13.6 MB]
Fetched 13.6 MB in 19s (696 kB/s)   
   
dpkg-source: info: extracting debian-installer in debian-installer-20110106
dpkg-source: info: unpacking debian-installer_20110106.tar.gz
$ cd debian-installer-20110106/build
$ make build_netboot
Using generated sources.list.udeb:
   deb copy:/media/newhd/source/debian-installer-20110106/build/ localudebs/
   deb http://ftp.us.debian.org/debian unstable main/debian-installer
make[2]: `sources.list.udeb' is up to date.
Ign copy: localudebs/ InRelease
Ign copy: localudebs/ Release.gpg
Ign copy: localudebs/ Release
Get:1 copy: localudebs/ Packages [20 B]
Ign copy: localudebs/ Translation-en_US   
Ign copy: localudebs/ Translation-en 
Get:2 http://ftp.us.debian.org unstable InRelease [147 kB] 
Get:3 http://ftp.us.debian.org unstable/main/debian-installer amd64 Packages 
[52.8 kB]
Ign http://ftp.us.debian.org unstable/main/debian-installer TranslationIndex
Ign http://ftp.us.debian.org unstable/main/debian-installer Translation-en_US
Ign http://ftp.us.debian.org unstable/main/debian-installer Translation-en
Fetched 200 kB in 1s (108 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
dh_testroot
get-packages udeb acpi-modules-2.6.32-5-amd64-di anna archdetect 
bogl-bterm-udeb brltty-udeb busybox-udeb cdebconf-newt-terminal 
cdebconf-newt-udeb cdebconf-priority cdebconf-text-udeb cdebconf-udeb 
choose-mirror choose-mirror-bin console-keymaps-at debian-archive-keyring-udeb 
di-utils di-utils-reboot di-utils-shell di-utils-terminfo download-installer 
env-preseed ethdetect fat-modules-2.6.32-5-amd64-di 
fb-modules-2.6.32-5-amd64-di floppy-modules-2.6.32-5-amd64-di gpgv-udeb 
hw-detect initrd-preseed input-modules-2.6.32-5-amd64-di installation-locale 
kbd-chooser kernel-image-2.6.32-5-amd64-di libblkid1-udeb 
libdebconfclient0-udeb libdebian-installer4-udeb libfribidi0-udeb libiw30-udeb 
libnss-dns-udeb libsysfs2-udeb libtextwrap1-udeb libuuid1-udeb localechooser 
lowmemcheck main-menu media-retriever module-init-tools-udeb mountmedia 
nano-udeb net-retriever netcfg network-preseed 
nic-extra-modules-2.6.32-5-amd64-di nic-modules-2.6.32-5-amd64-di 
nic-pcmcia-modules-2.6.32-5-amd64-d
 i nic-usb-modules-2.6.32-5-amd64-di nic-wireless-modules-2.6.32-5-amd64-di 
pciutils-udeb pcmcia-modules-2.6.32-5-amd64-di pcmciautils-udeb preseed-common 
rescue-check rootskel save-logs udev-udeb udpkg usb-modules-2.6.32-5-amd64-di 
usb-storage-modules-2.6.32-5-amd64-di util-linux-udeb 
virtio-modules-2.6.32-5-amd64-di zlib1g-udeb 
make[3]: `sources.list.udeb' is up to date.
Ign copy: localudebs/ InRelease
Ign copy: localudebs/ Release.gpg
Ign copy: localudebs/ Release
Ign copy: localudebs/ Packages/DiffIndex
Get:1 copy: localudebs/ Packages [20 B]
Ign copy: localudebs/ Translation-en_US   
Ign copy: localudebs/ Translation-en 
Hit http://ftp.us.debian.org unstable InRelease
Hit http://ftp.us.debian.org unstable/main/debian-installer amd64 Packages
Ign http://ftp.us.debian.org unstable/main/debian-installer TranslationIndex
Ign http://ftp.us.debian.org unstable/main/debian-installer Translation-en_US
Ign http://ftp.us.debian.org unstable/main/debian-installer Translation-en
Fetched 20 B in 0s (24 B/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Need to download: acpi-modules-2.6.32-5-amd64-di anna archdetect 
bogl-bterm-udeb brltty-udeb busybox-udeb cdebconf-newt-terminal 
cdebconf-newt-udeb cdebconf-priority cdebconf-text-udeb cdebconf-udeb 
choose-mirror choose-mirror-bin console-keymaps-at debian-archive-keyring-udeb 
di-utils di-utils-reboot di-utils-shell di-utils-terminfo download-installer 
env-preseed ethdetect fat-modules-2.6.32-5-amd64-di 
fb-modules-2.6.32-5-amd64-di floppy-modules-2.6.32-5-amd64-di gpgv-udeb 
hw-detect initrd-preseed input-modules-2.6.32-5-amd64-di installation-locale 
kbd-chooser kernel-image-2.6.32-5-amd64-di libblkid1-udeb 
libdebconfclient0-udeb libdebian-installer4-udeb libfribidi0-udeb libiw30-udeb 
libnss-dns-udeb libsysfs2-udeb libtextwrap1-udeb 

Bug#617204: installation-report: /usr/sbin/debootstrap reports sha1sum: not found

[Michael Gilbert]

On Mon, 7 Mar 2011 18:25:14 -0500 Rick Thomas wrote:

 
 On Mar 7, 2011, at 3:08 PM, Adam D. Barratt wrote:
 
  On Mon, 2011-03-07 at 19:17 +0100, Christian PERRIER wrote:
  Quoting Rick Thomas (rbtho...@pobox.com):
  Package: installation-reports
  Version: 2.44
  Severity: grave
  Tags: d-i
  Justification: renders package unusable
 
  That should be fixed once busybox providing sha256sum reaches  
  testing.
 
  fwiw, that won't happen automagically, as busybox is on britney's  
  needs
  approval from d-i RM list.
 
  Regards,
 
  Adam
 
 Well, in the mean-time, there's no way to test new d-i businesscard or  
 netinst CDs beyond the disk partition step.  Or, to put it more  
 bluntly: Testing grinds to a halt until this is fixed.

You can try the unofficial testing snapshot release in the meantime [0].
There are no guarantees of a constantly working testing installer
right now.

Best wishes,
Mike

[0] http://lists.debian.org/debian-devel/2011/03/msg00347.html



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110308074112.2cc948b1.michael.s.gilb...@gmail.com

Bug#615926: busybox-udeb: missing shaXYZsum binaries

[Michael Gilbert]

found 615926 1:1.17.1-8
notfound 615926 1:1.17.1-10
thanks

On Tue, 1 Mar 2011 12:17:18 -0400 Joey Hess wrote:

 Thijs Kinkhorst wrote:
  On Tue, March 1, 2011 05:21, Michael Gilbert wrote:
   package: busybox-udeb
   version: 1:1.17.1-10
   severity: grave
  
   Hi, testing is currently uninstallable since debootstrap (as of 1.0.28)
   no longer uses md5 for integrity checks.  It can make use of various
   shaXYZsum instead.  I think providing sha1sum should be sufficient, but
   it may make sense to provide more than that.
  
  The version you quote (which is not yet in testing) provides sha256sum. Is
  that not sufficient then?
 
 Downgrading this bug as it'll be preventing the fix from reaching
 testing.
 
 If this version of busybox-udeb actually does not work, I second Thijs's
 request for details.

I was busy working on other things and blindly accepted the version
number from my unstable box where I generated the bug report, not the
actual vm where I ran into the issue.

Having sha256sum available may be enough, but I haven't looked at that.

 Note that base-installer 1.116 is also needed, and also not yet in
 testing. Really, it's fairly pointless to be using wheezy_d-i CD images
 at this point in the development cycle. Perhaps the fix for this is
 just to point the CD symlinks at the sid_d-i images.

I'm generating nightly testing snapshots, and those are incapable of
completing an installation right now due to this issue, which is why I
submitted this.

This may be a bit premature, but my monthly snapshots may be a better
resource to direct users to that want a reliable testing installer.
Well, at least that's the goal anyway ;)

Best wishes,
Mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110301193316.85384796.michael.s.gilb...@gmail.com

Bug#615926: busybox-udeb: missing shaXYZsum binaries

[Michael Gilbert]

package: busybox-udeb
version: 1:1.17.1-10
severity: grave

Hi, testing is currently uninstallable since debootstrap (as of 1.0.28)
no longer uses md5 for integrity checks.  It can make use of various
shaXYZsum instead.  I think providing sha1sum should be sufficient, but
it may make sense to provide more than that.

Thanks,
Mike




-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20110228232146.78ffe010.michael.s.gilb...@gmail.com

Bug#614511: debootstrap: can't cope with md5-less release files

[Michael Gilbert]

package: debootstrap
version: 1.0.26
severity: serious

this is already in discussion on -devel, but i figure its worth a bug
report for tracking purposes.  sid and wheezy can't be bootstrapped
anymore since their release files lack md5sums.

best wishes,
mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktim8ow8oqxgpza386y1yqthzcvj863qjqcdwj...@mail.gmail.com

Bug#493065: debootstrap fakechroot variant fails

[Michael Gilbert]

forcemerge 493065 588773
retitle 493065 debootstrap fakechroot variant fails due to missing PATH
tag 493065 patch
thanks

this fails because chroot is in /usr/sbin, which isn't in PATH for
normal users by default anymore. i've attached a preliminary patch that
fixes this in debootstrap, but i wonder if it wouldn't be more
appropriate to change fakeroot instead?  it seems like any fakeroot
environment should include /usr/sbin and /sbin in the path, but that
isn't currently the case.

mike
diff -Nru debootstrap-1.0.25/debootstrap debootstrap-1.0.25+nmu1/debootstrap
--- debootstrap-1.0.25/debootstrap	2010-09-20 13:22:26.0 -0400
+++ debootstrap-1.0.25+nmu1/debootstrap	2010-10-25 23:19:58.0 -0400
@@ -289,6 +289,9 @@
 		else
 			error 1 NEEDARG option requires an argument %s $1
 		fi
+   if [ $VARIANT = fakechroot ]; then
+   export PATH=/usr/sbin:/sbin:$PATH
+   fi
 		;;
 	--keyring|--keyring=?*)
 		if ! gpgv --version /dev/null 21; then

Bug#558016: debian-installer: UTC question is unnecessary when using NTP

[Michael Gilbert]

package: debian-installer
severity: normal

suppose that at the beginning of the installation the user says yes to
whether they want their clock to be autamically configured with NTP,
then (ideally) they should never have to worry about the clock ever
again.

however, as the installer finishes up, it asks whether or not the clock
is set to UTC, which can be information overload to many users. since
he/she has already told the clock to sync itself automatically, this
question is not really necessary. i would recommend disabling that
prompt if the user chooses NTP.

note that this is in regard to the latest testing netinst image:
http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/i386/iso-cd/

thanks!
mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#558016: debian-installer: UTC question is unnecessary when using NTP

[Michael Gilbert]

On Thu, 26 Nov 2009 00:39:41 +0100 Frans Pop wrote:

 reassign 558016 clock-setup
 thanks
 
 On Wednesday 25 November 2009, Michael Gilbert wrote:
  suppose that at the beginning of the installation the user says yes to
  whether they want their clock to be autamically configured with NTP,
  then (ideally) they should never have to worry about the clock ever
  again.
 
  however, as the installer finishes up, it asks whether or not the clock
  is set to UTC, which can be information overload to many users. since
  he/she has already told the clock to sync itself automatically, this
  question is not really necessary. i would recommend disabling that
  prompt if the user chooses NTP.
 
 The functionality behind the question is more complex. It is how the clock 
 *should* be set. Up to that point the hardware clock has not yet been set. 
 The update from NTP only sets the system clock, not the hardware clock.
 
 You are correct in so far that the wording of the template should be 
 changed to better reflect this.

would it be possible for the installer to automatically determine the
correct UTC setting based on info retrieved from the NTP clock?

i.e. if the internal clock differs from the NTP clock by 6 hours and
the user said that they are in the Eastern US timezone, then you can
assume they are using local time and not UTC.  similarly, if the clocks
are the same, then you can assume that they are using UTC.

if the clocks differ by some strange value, then maybe bring up an are
you sure about your time zone dialog.

i would hope that this dialog can be done away with (unless the user
chooses to not configure NTP).

mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517018: debian-installer: no-root option in expert installer exposes locally exploitable security flaw

[Michael Gilbert]

package: debian-installer
severity: important
tags: security

there is now an option in the expert mode of the debian-installer that
allows the user to install their system without a root account
(replacing it with sudo priviledges for the default user). this exposes
a loophole that enables local attackers to easily obtain root access.

details: 

since there is no root password set up during installation, a local
attacker can simply boot into the root account (without being prompted
for a password) via single user mode (single kernel option). then,
he/she can do all kinds of malicious things, but the easiest would be
to simply change the root password...thus owning the machine.  and
since the user never logs in with the root password him/herself,
he/she would never realize that an attacker had gotten in (unless
he/she diligently reviews logs). [1] discusses the details of the
method for password recovery, but the same can be used for malicious
purposes, of course.

potential solutions:

1. always create a root password (e.g. set up a random root password,
rather than no password, during the no root debian-installer setup
page).  note that this may currently be done since su itself asks for
a password.

2. drop the user to a full login prompt when booting into single user
mode; thus requiring a valid user account and sudo to perform
administrative actions.  note that it may be possible to circumvent
this via the init kernel option, for example init=/bin/bash.

3. disable the no-root setup page in debian-installer.

the third option may be the easiest to implement immediately --
especially since it's an experimental option in the expert mode of
the installer.  the second option is probably the most robust, but
might be easily circumvented, and would require changes in single user
mode such as automatically mounting /home, which may make single user
mode harder to use (one use case for this mode is to recover or
scan /home, and if it's mounted, that's more difficult).

justification for why a fix for this problem is necessary:

there are levels of vulnerability/security.  at the lowest level are
pure software vulnerabilities (such as this issue), which require
absolutely no effort for a local attacker.  however, for a
hardware-assisted exploit, it requires surrepticious entry, more time,
and more preparedness (and it looks suspicious, and can be somewhat
prevented by limiting access to areas via locks, valid users only,
etc). the user can also increase their security by disabling boot from
media in the bios, which would force the attacker to spend more time to
crack open the machine, which is even more suspicious.

at each level, it takes more and more time for the attacker to exploit
the vulnerability, thus increasing the chance of detecting them.  less
than a minute for the software exploit, 10s of minutes for hardware
assisted and longer for resetting the bios.

severity:

note that the severity of this problem is fairly low right now since
no-root is a non-default option in the expert installer.  hence, few
debian systems are likely exposed; but regardless, this problem should
be fixed asap. note that no-root has been the default installer
behavior for ubuntu (since at least dapper i think), so it is a much
more severe issue for them. 

[1] http://linuxwave.blogspot.com/2008/09/ubuntu-forgotten-password.html



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517018: debian-installer: no-root option in expert installer exposes locally exploitable security flaw

[Michael Gilbert]

On Tue, 24 Feb 2009 22:12:52 -0800 Steve Langasek wrote:
  since there is no root password set up during installation, a local
  attacker can simply boot into the root account (without being prompted
  for a password) via single user mode (single kernel option).
 
 Have you tested that this is actually the case?

yes.

 no password != empty password.  

right, i certainly appreciate that there is a huge difference.  i'm not
entirely sure what the installer is doing (i assume that it generates a
random password since su itself still requires a password), but the
easiest way i could think to describe the problem was by the term
no-root.  if there is better terminology that i can use, please let me
know.

 Booting in single user mode should not
 allow you to bypass the password prompt, and if it does, that's a bug in the
 sulogin program.

this is exactly what happens.  there is no password prompt for single
user mode.

it may indeed be more of an issue related to sulogin than the installer,
but the (non-default) no-root feature in the expert installer exposes
the problem. the current behavior may have been a conscious choice
(probably made by someone on the ubuntu team) to allow users admin
their systems even though they never set up a root password. 

  [1] discusses the details of the method for password recovery, but the
  same can be used for malicious purposes, of course.
 
  [1] http://linuxwave.blogspot.com/2008/09/ubuntu-forgotten-password.html
 
 This link explicitly shows overriding the init value in the bootloader. 
 That doesn't appear to have anything to do with vulnerabilities with how the
 root account is set up.

regardless of what the article says, the init=/bin/bash option isn't
actually necessary.  all you need is single, and a boot entry for
that is automatically set up by the installer by default.

mike



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#382889: for users that install a lot of systems

[Michael Gilbert]

On 4/15/07, Geert Stappers wrote:

For those users there is preseeding.

See the preseeding section in the manual for details.


ok, so if that's the case, why can't the prompts be upfront and store
the user choices to the preseed file?

mike


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#382889: closed by Christian Perrier [EMAIL PROTECTED] (Closing bug as we don't intend to change the order of questions)

[Michael Gilbert]

reopen 382889
thanks


Subject: Closing bug as we don't intend to change the order of questions
After the discussion that happened in this bug's log, it is clear that
the D-I team has no intent to change the order of questions in the
installation process.

The user setup comes after the partitioning step, and moving its
questions elsewhere would mean moving the clock setup questions as
well, which is technically not possible before the disk is
partitioned.


why can't this information be stored in ram until disk partitioning
finishes, then transfered to the right location on disk?

mike


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]