Bug#996927: Drop NSCD_SOCKET_OLD and harden systemd unit?

Package: unscd Version: 0.54-1 Severity: wishlist I wrote a hardening dropin (attached) for unscd.service. $ systemd-analyze security UNIT EXPOSURE PREDICATE HAPPY unscd.service 9.6 UNSAFE # before unscd.service 1.1 OK # after Please

Bug#892730: nslcd: Please add systemd .service file

Michael Biebl wrote: > Am 12.03.2018 um 11:26 schrieb Laurent Bigonville: > > Package: nslcd > > Version: 0.9.9-1 > > Severity: normal > > User: pkg-systemd-maintain...@lists.alioth.debian.org > > Usertags: systemd-units > > > > Hi, > > > > nslcd currently doesn't provides a systemd .service

Bug#996735: Wrong filename in error message: plocate.db is corrupt or an old version; please rebuild it.

Package: plocate Version: 1.1.8-2 Severity: minor I noticed plocate always reports a broken locatedb as "plocate.db", even when the filename is something else: twb@hera[Desktop]$ LOCATE_PATH=$PWD/test.mlocatedb locate 'tinyssh*deb' plocate.db is corrupt or an old version; please

Bug#995945: Allow more key/value pairs than just username/password/hostname

Package: python3-pypass Version: 0.2.1-1.1 Severity: wishlist It seems you ask for a specific key/value field like this: https://sources.debian.org/src/pypass/0.2.1-2/pypass/command.py/#L193 But there are only three specific fields you can ask for:

Bug#995944: Does not use auto-detect if git is already in use

Package: qtpass Version: 1.3.2-3 Severity: serious I am flagging this as "serious" because it leads to data loss. Specifically, I already lost the history of my test passwords. Had I not noticed right away, I could have lost REAL passwords. I have an existing ~/.password-store. It has git

Bug#986507: use grep -a instead of strings(1) (fix check-support-status)

Trent W. Buck wrote: > I want check-support-status to be happy, but I need needrestart: > > bash5$ check-support-status > ⋮ > * Source:binutils > Details: Only suitable for trusted content; see > https://lists.debian.org/msgid-search/87lfqsomtg.

Bug#995904: Please add wipefs --recursive

Package: util-linux Version: 2.36.1-8 Severity: wishlist File: /sbin/wipefs wipefs is not recursive, which leads to this unexpected behaviour: root@dban:~# blkid /dev/vda: TYPE="squashfs" /dev/vdb1: LABEL_FATBOOT="ESP" LABEL="ESP" UUID="6BE7-C309" BLOCK_SIZE="512" TYPE="vfat"

Bug#594175: openssh-server: support generation of ssh host keys in init script

Michael Prokop wrote: > Nowadays™ with systemd we use our own ssh.service, which looks like that: > > > https://github.com/grml/grml-live/blob/8078724d5fa78f0b8fe0471b94368c58f204ee11/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE Can we (Debian, not GRML) please just add

Bug#995682: segfaults / fails to find filesystem, when passed full disk

Package: fatresize Version: 1.1.0-1 Severity: normal File: /sbin/fatresize This script reliably produces segfaults on Debian 11. It works fine on Debian 10. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990,

Bug#995367: Acknowledgement (Re-enable apparmor on Debian Live?)

The original bug report complained about LibreOffice and Evince. I tested those specifically. LibreOffice is in "complain" mode. It's rules fail, but there is no user-visible impact. Evince is in "enforce" mode. I couldn't generate an error by just opening PDFs, saving them, and printing them

Bug#995367: Re-enable apparmor on Debian Live?

Package: apparmor Version: 2.13.6-10 Severity: wishlist When booting with boot=live (live-boot-initramfs-tools), apparmor is disabled: https://salsa.debian.org/apparmor-team/apparmor/-/blob/debian/experimental/debian/apparmor.service#L17

Bug#995343: Add nftables Recommends: netbase?

Package: nftables Version: 0.9.8-3.1 Severity: wishlist I propose adding "Recommends: netbase" to nftables. This is mainly a hint to someone debugging why their ruleset works on "normal" systems but not "embedded" systems :-) Rationale follows. "netbase" provides /etc/services (et al).

Bug#995146: Acknowledgement (ssh -M (ControlMaster) triggers "tinysshd: W19qgD40: BUG: (protocol error){channel.c:57}")

I can reproduce this using the version in salsa also: bash5$ ssh -F/dev/null -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no root@localhost -p2022 dpkg-query -W base-files tinysshd linux-image-cloud-amd64 Warning: Permanently added '[localhost]:2022' (ED25519) to the list of

Bug#995146: ssh -M (ControlMaster) triggers "tinysshd: W19qgD40: BUG: (protocol error){channel.c:57}"

Package: tinysshd Version: 20190101-1 Severity: normal This has annoyed me for a while, but I only just today realized it was an actual bug and not simply a missing feature. I had to use "screen" to run two SSH clients at once. I tried using "ssh -f" and could not reproduce the problem. I am

Bug#677602: localepurge: dpkg --prune-excluded and --list-missing

For the record, This is to publish my coping strategies for this feature being missing from dpkg. This is what I've been doing in debootstrap, to purge packages unavoidably installed BEFORE localepurge, but still benefit from path-exclude (MUCH faster) for packages installs AFTER localpurge:

Bug#994096: /var/lib/dbus/machine-id breaks reproducible-builds

Package: dbus Version: 1.12.20-2 Severity: important I am building Debian Live images using mmdebstrap. I noticed they were not reproducible. I eventually narrowed it down to dbus: bash5$ for i in 1 2; do SOURCE_DATE_EPOCH=1 mmdebstrap bullseye $i.squashfs --logfile=$i.log || echo DERP;

Bug#893162: ITP: libhsts -- library for checking HSTS preload list

Trent W. Buck wrote: > Daniel Kahn Gillmor wrote: > > AIUI, future versions of wget will want to use something like libhsts > > to improve communications security for the user. > > Note that (AFAIK): > > 1. wget2 1.99 (in Debian 11) uses internal code to generate a

Bug#893162: ITP: libhsts -- library for checking HSTS preload list

Daniel Kahn Gillmor wrote: > AIUI, future versions of wget will want to use something like libhsts > to improve communications security for the user. Note that (AFAIK): 1. wget2 1.99 (in Debian 11) uses internal code to generate a persistent ~/.wget-hsts. This does not require libhsts or

Bug#993289: Missing "Depends: init" somewhere

Package: live-boot Version: 1:20210208 Severity: minor live-boot can be installed with no init. Doing so triggers an install-time error (see below). I think either 1. add a Depends: init (or similar); or 2. make the error clearer, e.g. if [ ! -x /sbin/init ]; then echo

Bug#987013: Release goal proposal: Remove Berkeley DB

Matthias Klose wrote: >> Then there's user code too. I also think we'll need at least a dumper >> utility so that users can migrate their data manually when they discover >> their program no longer works after upgrading. > > For Python, the dbm/ndbm.py module, based on the _dbm extension is also >

Bug#992380: dpigs: use numfmt?

Package: debian-goodies Version: 0.87 Severity: wishlist File: /usr/bin/dpigs Tags: patch Just a suggestion, but numfmt is super awesome and obviates the awk blob. fi | if [ $HUMAN -eq 1 ]; then - awk '{ if ($1 > 1024*1024*1024) - printf("% 6.1fT %s\n",

Bug#975555: sshguard on buster does not work.

Pat Suwalski wrote: > Package: sshguard > > Upon upgrading to buster, sshguard in all of my deployments has stopped > working. > > I suspect this line in the Debian changelog: > > * debian/sshguard.service, Use nft instead iptables. > > There doesn't seem to be any obvious way to change this

Bug#928525: Confirming

gi1242+debianb...@gmail.com wrote: > Confirming I have this problem too. My /etc/sshguard/sshguard.conf has > > LOGREADER="LANG=C /bin/journalctl -afb -p info -n1 -o cat > SYSLOG_FACILITY=4 SYSLOG_FACILITY=10" > > The example provided by upstream has > > LOGREADER="LANG=C journalctl

Bug#987977: Silly shebang "#!./perl -w"

Package: perl-modules-5.32 Version: 5.32.1-3 Severity: wishlist File: /usr/share/perl/5.32.1/ExtUtils/Miniperl.pm While auditing shebangs for something else, I found this silly one: $ sed -n 1p /usr/share/perl/*/ExtUtils/Miniperl.pm #!./perl -w Can you get upstream to either remove it

Bug#984824: dh-python: pybuild needs to support toml (PEP517/PEP518) builds with no setup.py

Drew, FYI dh-python=4.20201102+nmu1 can do this (pyproject.toml without setup.py), but you must opt-in to "flit" specifically. Documentation is here: https://manpages.debian.org/unstable/dh-python/pybuild.1.en.html#flit_plugin A minimal complete example is on #987296:

Bug#987296: PYBUILD_SYSTEM=flit breaks ${python3:Depends} (foo-1.dist-info/ vs foo-1.egg-info/)

Package: dh-python Version: 4.20201102+nmu1 Severity: important dh_python3 looks for .egg-info/ (in dhpython/fs.py:Scan). flit uses .dist-info/. As a result, install-time dependencies (Depends) do not auto-populate. I think this needs more than a one-line fix, so I have not produced a fix yet,

Bug#987236: Please add Suggests: flit for modern-style pyproject.toml magic

Package: dh-python Version: 4.20201102+nmu1 Severity: wishlist Please add "Suggests: flit" to make Best Current Practice python packaging a little more discoverable. Boring rationale follows (you can probably ignore this). Every time I try to understand how to do Python packaging, I get

Bug#792639: http://bugs.debian.org sets HSTS, therefore SSL is mandatory

Francesco Poli wrote: > Let's leave things as they are, until OpenSSL v3.0.0 gets released and > included in Debian unstable and testing. > > Please see [933252#10] for further details. > > [933252#10]: >>

Bug#986507: Allow llvm-strings instead of binutils strings (fix check-support-status)

Package: needrestart Version: 3.5-2 Severity: wishlist Tags: patch I want check-support-status to be happy, but I need needrestart: bash5$ check-support-status Limited security support for one or more packages Unfortunately, it has been necessary to limit security support for some

Bug#792639: http://bugs.debian.org sets HSTS, therefore SSL is mandatory

Early discussion on this bug is "do we even want SSL?". Please note this is now moot, as bugs.debian.org enforces SSL: $ wget http://bugs.debian.org/test $ grep bugs.debian.org ~/.wget-hsts bugs.debian.org 0 0 1617696160 15552000 $ wget

Bug#985277: "systemctl reload virtlogd" fails: Cannot disable close-on-exec flag on socket -1: Bad file descriptor

Package: libvirt-daemon Version: 7.0.0-3 Severity: normal I noticed virtlogd in "systemctl --state=failed". It restarted OK, but failed to reload (see attached). I haven't looked yet, but I'm guessing logrotate triggers reload each night? No idea about the EBADF either, maybe a double-close

Bug#984998: apt-cacher-ng.service suggestions to appease "systemd-analyze security"

Package: apt-cacher-ng Version: 3.6.3-1 Severity: wishlist The attached /etc/systemd/service/apt-cacher-ng.service.d/override.conf makes "systemd-analyze security" change from a frowny face to a smiley face. (I think it's also supposed to improve security hardening, but I can only vouch for the

Bug#983847: querybts -m does not escape "\nFrom " sequences; breaks mutt

Package: reportbug Version: 7.10.2 Severity: normal File: /usr/bin/querybts These commands are bugged: bts show -m 928175 querybts -m 928175 >tmp.mbox && mutt -f tmp.mbox This is because an email in that mailbox containes a byte sequence "\nFrom ". This sequence is used by mbox to

Bug#959706: auto-apt-proxy: Lacking _apt_proxy._tcp SRV dns record support for version 11

Hi Markus, Markus Lindberg wrote: > Version 11 of does not support the _apt_proxy._tcp SRV dns record feature > which version 12 does. > Version 12 is only available for testing and unstable would it be possible to > deploy version 12 for stable as well or patch the _apt_proxy._tcp SRV dns >

Bug#982576: "list ruleset" triggers core dump, leaves host unprotected

Package: nftables Version: 0.9.8-3 Severity: normal NOTE: to easily test a nft firewall in isolation, create a dummy netns: sudo ip netns add test sudo ip netns exec test nft --file test.nft This minimal ruleset causes a core dump: #!/usr/sbin/nft --file # This is like "flush

Bug#981004: Cannot configure IUCODE_TOOL_SCANCPUS=no before installation

Thanks for the prompt reply; discussion follows. Henrique de Moraes Holschuh wrote: > On Tue, 26 Jan 2021, Trent W. Buck wrote: >> A minimum recipe to reproduce this is: >> >> $ mmdebstrap sid sid.tar.zst \ >> --components='main contrib non-free' \ &

Bug#981004: Cannot configure IUCODE_TOOL_SCANCPUS=no before installation

Package: intel-microcode Version: 3.20201118.1 Severity: normal I build live images, similar to the official Debian Live images. The issue below has annoyed me for many years, but it was only today someone suggested this might actually be a *BUG*. A minimum recipe to reproduce this is: $

Bug#975873: Please hook zfs-share up to nfs-kernel-server stop+start

PPS: code links below Trent W. Buck wrote: > Michael Biebl wrote: > > I never used ZFS, so I basically have zero knowledge how it is supposed to > > work. > > Here is a rough summary, I hope this helps! > > * USUALLY that is all you need. >ZFS calls mount/umo

Bug#975873: Please hook zfs-share up to nfs-kernel-server stop+start

Michael Biebl wrote: > I never used ZFS, so I basically have zero knowledge how it is supposed to > work. Here is a rough summary, I hope this helps! ZFS glossary: * a "vdev" is an underlying physical disks/partitions (e.g. /dev/sda) * a "pool" is made of 1 or more vdevs (e.g. "morpheus") *

Bug#979595: Cannot squash filename with literal backslash

Package: squashfs-tools-ng Version: 1.0.3-1 Severity: important File: /usr/bin/gensquashfs gensquashfs cannot understand filenames that include literal backslashes. This occurs in the real world to anyone who clones systemd:

Bug#978015: Add "image/webp webp" to /etc/mime.types ?

Package: mime-support Version: 3.62 Severity: normal Tags: upstream I attached foo.webp to an email and mutt used application/octet-stream. I think to fix this mime.types needs to contain "image/webp webp". https://en.wikipedia.org/wiki/WebP Debian already supports this file format, and

Bug#975873: Acknowledgement (Please hook zfs-share up to nfs-kernel-server stop+start)

This quick-and-dirty fix seems to work for me: root@odin:~# systemctl cat nfs-kernel-server # /lib/systemd/system/nfs-server.service [...] # /etc/systemd/system/nfs-server.service.d/zfsutils-linux.conf # If you configure NFS exports in "zfs set sharenfs", # this will

Bug#975873: Please hook zfs-share up to nfs-kernel-server stop+start

Package: zfsutils-linux Version: 0.8.4-1~bpo10+1 Severity: minor I'm not sure who is 'at fault' here, or where the fix belongs. The problem I ran into was this: 1. I zfs set sharenfs (not /etc/exports), because it makes config management a little easier (exports(5) lacks a "drop-in"

Bug#975872: Deletes trailing whitespace in e.g. "c: ZCA="

Package: python3-ldif3 Version: 3.2.2-1 Severity: normal I wrote a trivial ldifsort tool (attached). I noticed it was not idempotent. This is because python3-ldif3 is not preserving trailing space. An easy way to see this is: diff -u <(printf 'dn: a=b\nc:: ZCAgIA==\n'|ldifsort) \

Bug#975507: ansible/buster-backports incompatible with systemd/buster-backups (https://github.com/ansible/ansible/pull/68211)

Package: ansible Version: 2.9.6+dfsg-1~bpo10+1 Severity: minor Is it possible to get https://github.com/ansible/ansible/pull/68211 fixed in ansible/buster-backports? I ran into this today: FAILED! => {"changed": false, "msg": "Malformed output discovered from systemd

Bug#975005: git-stash: creates commits by without owning that domain

rtion(+) create mode 100644 x bash5$ date >x bash5$ git stash Saved working directory and index state WIP on master: fe27c16 x bash5$ git log --format=$'%aN <%aE>\n%cN <%cE>' Trent W. Buck Trent W. Buck bash5$ git log --all --format=$'%aN <%aE&

Bug#962384: Support for systemd-sysusers

Holger Levsen wrote: > On Tue, Jun 30, 2020 at 07:07:50PM +0200, Michael Biebl wrote: > > It's my understanding, that there is no clear consensus what should > > happen on package purge. Some packages do manually remove system users > > and go to some length to find files/directories owned by a

Bug#972902: Move /var/lib/debspawn/aptcache/ into /var/cache?

Package: debspawn Version: 0.2.1-1 Severity: minor I noticed most of my /var/lib/debspawn is actually an apt cache. Doesn't that belong in /var/cache/, next apt-cacher-ng and apt? ;-) -- System Information: Debian Release: 10.6 APT prefers stable APT policy: (990, 'stable'), (500,

Bug#972571: mmtarfilter triggers https://bugs.debian.org/606756

Package: mmdebstrap Version: 0.7.1-2 Severity: minor Tags: upstream Hi josch, Per our IRC chat, I found tarfilter stuff[0] triggers a regression of old dash bug #606756. [0] https://gitlab.mister-muffin.de/josch/mmdebstrap/commit/465c0564345b456c41016abc6a4b1cb727125961 I narrowed it down

Bug#841848: The repo. is dead and moved to https://quiche.googlesource.com/quiche/

shirish शिरीष wrote: > There is no more development on the repository shared and hence since > moved to https://quiche.googlesource.com/quiche/ It looks like that repo is active, but there is also https://github.com/cloudflare/quiche ...which is used by nginx and (maybe) curl. It looks

Bug#966097: inadequate domain name validation

Package: libvirt-daemon Version: 5.0.0-4+deb10u1 Severity: minor When using virt-manager=1:2.0.0-3 to create a qemu/kvm domain named (including the quotes): "ℵ₀" I get this error on the virt-daemon server: Jul 23 10:11:06 not-omega libvirtd[1606866]: internal error: Child

Bug#964427: Where is vfs_zfsacl?

Package: samba Version: 2:4.9.5+dfsg-5+deb10u1 Severity: wishlist I looked into SMB/ZFS integration today. It seems this module exists upstream, but not in Debian: https://www.samba.org/samba/docs/current/man-html/vfs_zfsacl.8.html https://wiki.freebsd.org/Samba4ZFS Is this intentional?

Bug#539575: netsurf-linuxfb: black screen

Gürkan Myczko wrote: > It's been a while, could you try with 3.9-1 of netsurf-fb? I've changed laptops like 5 times since then. Nowadays I run X full-time because it got faster and fb didn't. If I find time I'll test it, but I don't know when that will be.

Bug#954974: Acknowledgement (apparmor.d/usr.sbin.cupsd -- please add an #include dropin for cups-pdf)

PS: apparently the "ship empty" problem is avoidable: 14:29 two annoyances with includes for me as an end user: 14:29 1. if the #included file doesn't exist, that's an error, not a nop 14:29 so upstream has to ship the dropins themselves 14:29 (at least, IIRC that is true) [...]

Bug#954974: apparmor.d/usr.sbin.cupsd -- please add an #include dropin for cups-pdf

Package: cups-daemon Version: 2.2.10-6+deb10u2 Severity: wishlist Right now you have two stanzas (cupsd and cups-pdf), but you only allow dropins in the former. Please add an #include for cups-pdf. #include /usr/sbin/cupsd flags=(attach_disconnected) { [...] #include }

Bug#953611: wesnoth-1.14-tools: needs Recommends: imagemagick

Package: wesnoth-1.14-tools Version: 1:1.14.5-1 Severity: wishlist When I do this: /usr/share/games/wesnoth/1.14/data/tools/wesnoth_addon_manager --html tmp I get an initial prelude of normal stuff: Opening socket to add-ons.wesnoth.org:15014 for 1.14.x Connected as 42.

Bug#953528: -q doesn't work anymore

Package: pngcrush Version: 1.8.13-0.1 Severity: minor File: /usr/bin/pngcrush The -q option doesn't seem to work anymore? According to my old notes (from 2016) this used to behave differently: bash5$ gm convert rose: tmp.png bash5$ pngcrush tmp.png _ Recompressing IDAT chunks in

Bug#951257: udevadm: please exit nonzero with "Running in chroot, ignoring request." when /proc is not mounted

Michael Biebl wrote: >>> [...] you'd have to convince upstream that this is a good idea [...] >> Blergh, I'll have to make a github account [...] > Any updates here? Sorry, no. This is relatively low priority for me.

Bug#951566: Please allow NEEDRESTART_MODE=automatic (and "needrestart -r automatic")

Package: needrestart Version: 3.4-5 Severity: wishlist File: /usr/sbin/needrestart Hi, right now I have to write NEEDRESTART_MODE=a needrestart -ra For clarity I would prefer to write whole words, e.g. NEEDRESTART_MODE=automatic needrestart --restart-mode=automatic I *think* a

Bug#951476: tar2sqfs: on error, remove confusing 'corrupt' output file

Package: squashfs-tools-ng Version: 0.8-1 Severity: minor I was doing "mmdebstrap artful delete-me.squashfs", which internally runs tar and tar2sqfs. Something broke after tar2sqfs started but before tar did anything useful. This left a stub delete-me.squashfs lying around, which confused me. A

Bug#951257: udevadm: please exit nonzero with "Running in chroot, ignoring request." when /proc is not mounted

Michael Biebl wrote: > Am 13.02.20 um 13:29 schrieb Trent W. Buck: >> Packages like udisks2 run "udevadm trigger" in their postinsts. >> When building a Debian Live image, if /proc is mounted in the chroot, all is >> well. >> When building a Debia

Bug#951257: udevadm: please exit nonzero with "Running in chroot, ignoring request." when /proc is not mounted

Package: udev Version: 241-7~deb10u3 Severity: wishlist File: /sbin/udevadm Packages like udisks2 run "udevadm trigger" in their postinsts. When building a Debian Live image, if /proc is mounted in the chroot, all is well. When building a Debian Live image, if /proc is NOT mounted in the chroot,

Bug#951112: Interesting "user story" for manpage EXAMPLES

Package: mmdebstrap Version: 0.6.0-1 Severity: wishlist Hi, you expressed some interest in including this "clever" tarring in your examples. # GOAL: pre-build libdvdcss2_NNN_amd64.deb, so # I can distribute it to airgapped, compiler-less systems. $ mmdebstrap buster

Bug#951107: Enable backports by default?

Package: mmdebstrap Version: 0.6.0-1 Severity: wishlist [This is more a brainstorm than a "finished" bug report. I hope it's still useful!] When not using mmdebstrap, I have something like this[0]. I could just specify an exact debian.sources to mmdebstrap on stdin, but I'd rather have

Bug#951029: Please document unexpected behaviour in pathlib.Path('.').glob('*/') - trailing slash matches regular files

Package: libpython3.7-stdlib Version: 3.7.3-2+deb10u1 Severity: minor File: /usr/lib/python3.7/pathlib.py I expected pathlib glob() to behave like sh glob. I shot myself in the foot because of an unexpected difference. Please document this difference to protect other sysadmins. bash5$ ls

Bug#950776: "Took 213503982334601d 7h 0min 15s" due to typo bug inftparchive/apt-ftparchive.cc

Package: apt-utils Version: 1.8.2 Severity: minor File: /usr/bin/apt-ftparchive Tags: patch I'm pretty sure this is a simple typo: diff --git a/ftparchive/apt-ftparchive.cc b/ftparchive/apt-ftparchive.cc index 077701c..51d492c 100644 --- a/ftparchive/apt-ftparchive.cc +++

Bug#950701: Please install sysctl.d/50-default.conf to /usr/share/doc/

Package: systemd Version: 241-7~deb10u2 Severity: wishlist While setting net.core.default_qdisc=fq_codel at my site, I noticed that systemd already did so... but Debian systemd didn't. It turns out that this is due to systemd (204-9) unstable; urgency=medium [ Marco d'Itri ] *

Bug#950613: "nft -S list ruleset" should say "udp dport 514" is "syslog" (not "shell")

Package: nftables Version: 0.9.2-1 Severity: wishlist Port 514 is a rare case where TCP and UDP have different service names. Right now "nft -S list ruleset" gives the TCP name, which is confusing. This is a very minor issue, but if it's easy to fix, please do so! :-) Below is code demonstrating

Bug#949359: Wish for space-separated --include="foo bar"

Package: mmdebstrap Version: 0.5.1-4 Severity: wishlist Currently --components allows separation by commas OR spaces. Currently --include allows separation by commas BUT NOT spaces: $ mmdebstrap sid delete-me --components='main contrib non-free'

Bug#949354: deb822 format (/etc/apt/sources.list.d/foo.sources) documented but not working

Package: mmdebstrap Version: 0.5.1-4 Severity: minor As at this version: root@not-omega:/tmp/bootstrap# dpkg-query -W mmdebstrap apt apt 1.8.2 mmdebstrap 0.5.1-4 The manpage says I can use deb822 format: root@not-omega:/tmp/bootstrap# man mmdebstrap | grep -2 -F deb822

Bug#741593: closed by Debian FTP Masters (Bug#946113: Removed package(s) from unstable)

Just for the record in case anyone reads old bug reports: * By default Debian 9+ uses systemd, which has borged bootchart's functionality into itself: systemd-analyze plot >tmp.svg * By default Debian 9+ ramdisks are *not* systemd, so exactly the same problem (no bootchart

Bug#943379: Default to PRNG method?

Martijn van Brummelen wrote: > Hi Trent, > On 2019-10-24 06:46, Trent W. Buck wrote: > > Package: nwipe > > Version: 0.26-1 > > Severity: wishlist > > > > As I understand it: > > > > 1. the default nwipe method is DoD Short. > >

Bug#943379: Default to PRNG method?

Package: nwipe Version: 0.26-1 Severity: wishlist As I understand it: 1. the default nwipe method is DoD Short. 2. the DoD Short method is specifically designed for the physical structure of MFM drives, and doesn't really work on other kinds of drives. 3. they stopped making MFM

Bug#942098: Wish for "mmdebstrap unstable unstable-chroot.squashfs"

Just FYI / FTR, tar2sqfs exists in squashfs-tools-ng. I haven't gotten it working with mmdebstrap yet, but this (below) is enough to show that the approach is sound. Further work can happen in squashfs-land, not mmdebstrap-land. Trent W. Buck wrote: > 3. tar2squashfs is useful for this &

Bug#942355: dumb defaults for LogDir and CacheDir

OK, first of all, I apologize for the tone of my email. I was tired and cranky when I wrote it, but that's no excuse. Eduard Bloch wrote: > Hallo, > * Trent W. Buck [Tue, Oct 15 2019, 01:41:53PM]: > > Package: apt-cacher-ng > > Version: 3.2-2 > > Severity: minor > &g

Bug#942355: dumb defaults for LogDir and CacheDir

Package: apt-cacher-ng Version: 3.2-2 Severity: minor Right now apt-cacher-ng ships with TWO sets of default values: the ones hard-coded into the binary, and the ones in the default config file. They don't match. This is confusing. Please make them match, and then (ideally) make the default

Bug#602965: stats for squashfs 3.4 w/o --rsyncable

I build Debian Live images each month, and upload them to a remote site. As you might expect, most of the files are the same. Using a Debian 9 stack, this is what I observed this month: server images: Total file size: 116.29M bytes Total bytes sent: 68.51M Total file size:

Bug#942288: Wish for tar2squashfs

Package: squashfs-tools Version: 1:4.4-1 Severity: wishlist Is it possible to write something that reads a tarball from stdin, and writes a squashfs to stdout? The context is https://bugs.debian.org/942098 where tar is used in a pipeline, so replacing it with mksquashfs is fiddly. One

Bug#942098: Acknowledgement (Wish for "mmdebstrap unstable unstable-chroot.squashfs")

I had a brief go at this myself, but I quickly got stuck. * mmdebstrap always has tar write to stdout, rather than adding "-f $filename" to @taropts. mksquashfs doesn't allow this. mksquashfs *has to* write to a regular file (AFAIK). * mmdebstrap adds compression to the pipeline

Bug#942098: Wish for "mmdebstrap unstable unstable-chroot.squashfs"

Package: mmdebstrap Version: 0.5.0-1 Severity: wishlist File: /usr/bin/mmdebstrap It would cool if I could do an unprivileged mmdebstrap and get a .squashfs instead of a tarball. Sales pitch: squashfs is a file format that can act both like an archive (replaces .tar.xz):

Bug#921634: RFP: dovecot-xapian -- A straightforward and simple way to configure FTS plugin for Dovecot, leveraging the efforts by the Xapian.org team.

Trent W. Buck wrote: > Leonard Lausen wrote: > > * Package name: dovecot-xapian > > Version : 1.0 > > Upstream Author : Joan Moreau > > * URL : https://github.com/grosjo/fts-xapian > > * License : GNU Lesser General Public Licen

Bug#941246: RFP: elpa-ansible -- ansible syntax highlighting, completion, and yasnippet templates for Emacs

Nicholas, Eliding the parts I agree with... Nicholas D Steeves wrote: > I suspect that the conversion to a derived major mode should be done > before this software is suitable for a Debian stable release. I agree making it a local minor mode, instead of a derived major mode (derived from

Bug#941246: RFP: elpa-ansible -- ansible syntax highlighting, completion, and yasnippet templates for Emacs

Package: wnpp Severity: wishlist * Package name: elpa-ansible Version : 0.2.0 Upstream Author : Ken’ichiro Oyama * URL : https://github.com/k1LoW/emacs-ansible * License : not licensed? Programming Lang: elisp Description : ansible syntax highlighting,

Bug#941058: multiline string support

Nicholas D Steeves wrote: > On Tue, 24 Sep 2019 at 01:54, Trent W. Buck wrote: >> In the attached file, yaml-mode indents the multi-line strings incorrectly. >> Please fix indentation for multi-line strings. >> >> (At least, ansible complains about the tab stops tha

Bug#941058: multiline string support

Package: elpa-yaml-mode Version: 0.0.14-1 Severity: wishlist File: /usr/share/emacs/site-lisp/elpa-src/yaml-mode-0.0.14/yaml-mode.el In the attached file, yaml-mode indents the multi-line strings incorrectly. Please fix indentation for multi-line strings. (At least, ansible complains about the

Bug#940464: grep --and -eX -eY -eZ (X∩Y∩Z intersection, not X∪Y∪Z union)

Package: grep Version: 3.3-1 Severity: wishlist (Surely someone has already asked for this, but I can't see where. I may have already reported this myself, and forgotten. If so, sorry!) Right now if you do grep -eX -eY -eZ You'll get lines that match *any of* X, Y, or Z. Quite often I want

Bug#939818: new magic: OpenSSH Key Revocation List (KRL)

Package: file Version: 1:5.37-5 Severity: wishlist Long, long ago, Debian accidentally made weak SSH keys. As part of the fix, Debian patched OpenSSH to blacklist those bad keys: https://sources.debian.org/src/openssh-blacklist/ Much later, equivalent functionality landed upstream in

Bug#935948: can't start containers with different names but same prefix (xxxxxxxxxxx-1 and xxxxxxxxxxx-2)

Michael Biebl wrote: > Am 28.08.19 um 13:11 schrieb Trent W. Buck: > > > If this is an unavoidable limitation due to Linux, please at least > > warn about it in the systemd-nspawn manpage. > > I've forwarded this upstream to > https://github.com/systemd/systemd/issues/1

Bug#935948: can't start containers with different names but same prefix (xxxxxxxxxxx-1 and xxxxxxxxxxx-2)

Package: systemd-container Version: 242-4 Severity: minor Due to IFNAMSIZ, nspawn's network interfaces names are truncated. The possibility of collisions should be clearly documented. My test containers have reasonably long names: root@not-omega:~# ls -l /var/lib/machines/ total 75

Bug#935495: [PATCH 1/2] Try "busybox ip route" when "ip route" is not available.

ASED; urgency=medium + + * Try "busybox ip route" when "ip route" is not available. + +Even though iproute2 is Priority: important, busybox is more common +according to https://popcon.debian.org/by_inst.gz, probably due to +initramfs-tools Recommends: busybox. + + --

Bug#935495: [PATCH 2/2] Use apt-helper to find apt proxy via _apt_proxy._tcp DNS record.

en though iproute2 is Priority: important, busybox is more common according to https://popcon.debian.org/by_inst.gz, probably due to initramfs-tools Recommends: busybox. + * Use apt-helper to find apt proxy via _apt_proxy._tcp DNS record. -- Trent W. Buck Mon, 26 Aug 2019 13:31:23 +1000 diff -

Bug#935495: Support handwritten (not avahi) SRV record

Antonio Terceiro wrote: >> if stdout=$(/usr/lib/apt/apt-helper srv-lookup _http._tcp."$(hostname >> --domain)") && > s/_http/_apt_proxy/ ? Oops, yes. >> # The response came from apt-cacher or apt-cacher-ng or approx. >> grep -q -i "$tmpfile" -e 'Apt-cacher' -e >>

Bug#935495: Support handwritten (not avahi) SRV record

Package: auto-apt-proxy Version: 11 Severity: wishlist Tags: patch Currently auto-apt-proxy doesn't work for me because I run apt-cacher-ng on a dedicated host, which is neither the client's localhost, nor the client's default gateway. Currently squid-deb-proxy-client doesn't work for me because

Bug#929923: missing dictionaries.xcu confuses non-US English locales (e.g. en_AU)

Rene Engelhard wrote: > On Wed, Aug 21, 2019 at 03:44:36PM +1000, Trent W. Buck wrote: > > I still advocate solving only MY problem, with a simple change: > > > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?att=2;bug=929923;filename=929923.patch;

Bug#929923: missing dictionaries.xcu confuses non-US English locales (e.g. en_AU)

ted on an ad-hoc basis. This script tries to fully automate that process, so that 1. there is less work for the Debian maintainer; and 2. more consistent behaviour between Debian and upstream. ---Trent W. Buck, Aug 2019, https://bugs.debian.org/929923 """ import sys import

Bug#934803: /usr/share/postfix/main.cf.tls: remove smtpd_tls_session_cache_database?

Package: postfix Version: 3.4.5-1 Severity: minor File: /usr/share/postfix/main.cf.tls In a fresh Debian 10 with postfix, I didn't recognize these options in main.cf: smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database =

Bug#934676: Please clarify that systemd-nspawn(1) --port= is IPv4-only (no IPv6)

Package: systemd-container Version: 241-5 Severity: wishlist systemd-nspawn --port=tcp:2022:22 redirects port 2022/tcp (on the host) to port 22/tcp (on the guest). (This is equivalent to "-net user,hostfwd=::2022-:22" in qemu VMs.) AFAICT systemd-nspawn only does this for IPv4 (not IPv6). This

Bug#934584: IPMasquerade=yes uses iptables (not nftables)

Package: systemd Version: 241-5 Severity: normal File: /lib/systemd/network/80-container-ve.network Debian 10 defaults to nftables: https://www.debian.org/releases/stable/amd64/release-notes/ch-whats-new.en.html#nftables ...but systemd doesn't for IPMasquerade=, see below. AFAICT the

Bug#934199: mmdebstrap confused when ! -t STDIN

Package: mmdebstrap Version: 0.4.1-3 Severity: normal File: /usr/bin/mmdebstrap I regularly debootstrap on the far end of an SSH connection. This is approximately ssh otherplace debootstrap buster /tmp/x http://apt/debian When I try this with mmdebstrap, it hangs forever waiting for a

Bug#933621: BUG: invalid expression type concat on invalid input "iifname . oifname p . q"

Package: nftables Version: 0.9.1-2 Severity: minor I found a parser bug when experimenting with concatenations: # nft 'flush ruleset; table a; chain a b; a b iifname . oifname p . q; list ruleset' BUG: invalid expression type concat nft: evaluate.c:1726: expr_evaluate_relational:

<    1   2   3   4   5   6   7   8   9   10   >