Bug#997852: Should dh_systemd_enable --no-enable create a systemd.preset? (fix ssh.socket)

2021-10-25 Thread Trent W. Buck
I noticed some other things being unexpected enabled by preset-all, e.g. msmtpd.service, systemd-networkd.socket, reboot.target. I think this shows relevant packages: https://codesearch.debian.net/search?q=dh_.*systemd.*--no-enable&literal=0&page=29&perpkg=1 $ curl -s https://codesearc

Bug#997852: Should dh_systemd_enable --no-enable create a systemd.preset? (fix ssh.socket)

2021-10-25 Thread Trent W. Buck
Package: debhelper Version: 13.3.4 Severity: wishlist File: /usr/bin/dh_systemd_enable This is an obscure edge-case for systemd. I am not an expert. What I'm proposing might be very silly. Probably the approriate debian-systemd ML should be CC'd. Background: what is systemd.preset?

Bug#996927: Drop NSCD_SOCKET_OLD and harden systemd unit?

2021-10-20 Thread Trent W. Buck
Trent W. Buck wrote: > RuntimeDirectory=unscd That's a typo, it should be "RuntimeDirectory=nscd". Testing didn't catch it until I did a reboot, because the non-systemd doesn't remove /run/nscd when unscd stops.

Bug#892730: nslcd: Please add systemd .service file

2021-10-20 Thread Trent W. Buck
PS: the hardening bit also works as a dropin, i.e. you can put it into /etc/systemd/system/nslcd.service.d/hardening.conf and the rest of the unit remains auto-generated from /etc/init.d/nslcd. Trent W. Buck wrote: > # nslcd listens to /run/nslcd/socket and creates /run/nslcd/nslcd.pid. >

Bug#996927: Drop NSCD_SOCKET_OLD and harden systemd unit?

2021-10-20 Thread Trent W. Buck
Package: unscd Version: 0.54-1 Severity: wishlist I wrote a hardening dropin (attached) for unscd.service. $ systemd-analyze security UNIT EXPOSURE PREDICATE HAPPY unscd.service 9.6 UNSAFE😨 # before unscd.service 1.1 OK🙂 # after Please

Bug#892730: nslcd: Please add systemd .service file

2021-10-20 Thread Trent W. Buck
Michael Biebl wrote: > Am 12.03.2018 um 11:26 schrieb Laurent Bigonville: > > Package: nslcd > > Version: 0.9.9-1 > > Severity: normal > > User: pkg-systemd-maintain...@lists.alioth.debian.org > > Usertags: systemd-units > > > > Hi, > > > > nslcd currently doesn't provides a systemd .service file

Bug#996735: Wrong filename in error message: plocate.db is corrupt or an old version; please rebuild it.

2021-10-17 Thread Trent W. Buck
Package: plocate Version: 1.1.8-2 Severity: minor I noticed plocate always reports a broken locatedb as "plocate.db", even when the filename is something else: twb@hera[Desktop]$ LOCATE_PATH=$PWD/test.mlocatedb locate 'tinyssh*deb' plocate.db is corrupt or an old version; please rebuild

Bug#995945: Allow more key/value pairs than just username/password/hostname

2021-10-08 Thread Trent W. Buck
Package: python3-pypass Version: 0.2.1-1.1 Severity: wishlist It seems you ask for a specific key/value field like this: https://sources.debian.org/src/pypass/0.2.1-2/pypass/command.py/#L193 But there are only three specific fields you can ask for: https://sources.debian.org/src/pypass/

Bug#995944: Does not use auto-detect if git is already in use

2021-10-08 Thread Trent W. Buck
Package: qtpass Version: 1.3.2-3 Severity: serious I am flagging this as "serious" because it leads to data loss. Specifically, I already lost the history of my test passwords. Had I not noticed right away, I could have lost REAL passwords. I have an existing ~/.password-store. It has git enabled

Bug#986507: use grep -a instead of strings(1) (fix check-support-status)

2021-10-07 Thread Trent W. Buck
Trent W. Buck wrote: > I want check-support-status to be happy, but I need needrestart: > > bash5$ check-support-status > â‹® > * Source:binutils > Details: Only suitable for trusted content; see > https://lists.debian.org/msgid-search/87lfqsomtg.

Bug#995904: Please add wipefs --recursive

2021-10-07 Thread Trent W. Buck
Package: util-linux Version: 2.36.1-8 Severity: wishlist File: /sbin/wipefs wipefs is not recursive, which leads to this unexpected behaviour: root@dban:~# blkid /dev/vda: TYPE="squashfs" /dev/vdb1: LABEL_FATBOOT="ESP" LABEL="ESP" UUID="6BE7-C309" BLOCK_SIZE="512" TYPE="vfat" PARTLAB

Bug#594175: openssh-server: support generation of ssh host keys in init script

2021-10-05 Thread Trent W. Buck
Michael Prokop wrote: > Nowadaysâ„¢ with systemd we use our own ssh.service, which looks like that: > > > https://github.com/grml/grml-live/blob/8078724d5fa78f0b8fe0471b94368c58f204ee11/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE Can we (Debian, not GRML) please just add

Bug#995682: segfaults / fails to find filesystem, when passed full disk

2021-10-03 Thread Trent W. Buck
Package: fatresize Version: 1.1.0-1 Severity: normal File: /sbin/fatresize This script reliably produces segfaults on Debian 11. It works fine on Debian 10. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990, 'stable-security'),

Bug#995367: Acknowledgement (Re-enable apparmor on Debian Live?)

2021-09-30 Thread Trent W. Buck
The original bug report complained about LibreOffice and Evince. I tested those specifically. LibreOffice is in "complain" mode. It's rules fail, but there is no user-visible impact. Evince is in "enforce" mode. I couldn't generate an error by just opening PDFs, saving them, and printing them (t

Bug#995367: Re-enable apparmor on Debian Live?

2021-09-30 Thread Trent W. Buck
Package: apparmor Version: 2.13.6-10 Severity: wishlist When booting with boot=live (live-boot-initramfs-tools), apparmor is disabled: https://salsa.debian.org/apparmor-team/apparmor/-/blob/debian/experimental/debian/apparmor.service#L17 https://salsa.debian.org/apparmor-team/apparmor/-

Bug#995343: Add nftables Recommends: netbase?

2021-09-30 Thread Trent W. Buck
Package: nftables Version: 0.9.8-3.1 Severity: wishlist I propose adding "Recommends: netbase" to nftables. This is mainly a hint to someone debugging why their ruleset works on "normal" systems but not "embedded" systems :-) Rationale follows. "netbase" provides /etc/services (et al). iptables

Bug#995146: Acknowledgement (ssh -M (ControlMaster) triggers "tinysshd: W19qgD40: BUG: (protocol error){channel.c:57}")

2021-09-26 Thread Trent W. Buck
I can reproduce this using the version in salsa also: bash5$ ssh -F/dev/null -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no root@localhost -p2022 dpkg-query -W base-files tinysshd linux-image-cloud-amd64 Warning: Permanently added '[localhost]:2022' (ED25519) to the list of k

Bug#995146: ssh -M (ControlMaster) triggers "tinysshd: W19qgD40: BUG: (protocol error){channel.c:57}"

2021-09-26 Thread Trent W. Buck
Package: tinysshd Version: 20190101-1 Severity: normal This has annoyed me for a while, but I only just today realized it was an actual bug and not simply a missing feature. I had to use "screen" to run two SSH clients at once. I tried using "ssh -f" and could not reproduce the problem. I am us

Bug#677602: localepurge: dpkg --prune-excluded and --list-missing

2021-09-12 Thread Trent W. Buck
For the record, This is to publish my coping strategies for this feature being missing from dpkg. This is what I've been doing in debootstrap, to purge packages unavoidably installed BEFORE localepurge, but still benefit from path-exclude (MUCH faster) for packages installs AFTER localpurge:

Bug#994096: /var/lib/dbus/machine-id breaks reproducible-builds

2021-09-11 Thread Trent W. Buck
Package: dbus Version: 1.12.20-2 Severity: important I am building Debian Live images using mmdebstrap. I noticed they were not reproducible. I eventually narrowed it down to dbus: bash5$ for i in 1 2; do SOURCE_DATE_EPOCH=1 mmdebstrap bullseye $i.squashfs --logfile=$i.log || echo DERP; done

Bug#893162: ITP: libhsts -- library for checking HSTS preload list

2021-08-31 Thread Trent W. Buck
Trent W. Buck wrote: > Daniel Kahn Gillmor wrote: > > AIUI, future versions of wget will want to use something like libhsts > > to improve communications security for the user. > > Note that (AFAIK): > > 1. wget2 1.99 (in Debian 11) uses internal code to generate a

Bug#893162: ITP: libhsts -- library for checking HSTS preload list

2021-08-31 Thread Trent W. Buck
Daniel Kahn Gillmor wrote: > AIUI, future versions of wget will want to use something like libhsts > to improve communications security for the user. Note that (AFAIK): 1. wget2 1.99 (in Debian 11) uses internal code to generate a persistent ~/.wget-hsts. This does not require libhsts or

Bug#993289: Missing "Depends: init" somewhere

2021-08-30 Thread Trent W. Buck
Package: live-boot Version: 1:20210208 Severity: minor live-boot can be installed with no init. Doing so triggers an install-time error (see below). I think either 1. add a Depends: init (or similar); or 2. make the error clearer, e.g. if [ ! -x /sbin/init ]; then echo "

Bug#987013: Release goal proposal: Remove Berkeley DB

2021-08-23 Thread Trent W. Buck
Matthias Klose wrote: >> Then there's user code too. I also think we'll need at least a dumper >> utility so that users can migrate their data manually when they discover >> their program no longer works after upgrading. > > For Python, the dbm/ndbm.py module, based on the _dbm extension is also >

Bug#992380: dpigs: use numfmt?

2021-08-17 Thread Trent W. Buck
Package: debian-goodies Version: 0.87 Severity: wishlist File: /usr/bin/dpigs Tags: patch Just a suggestion, but numfmt is super awesome and obviates the awk blob. fi | if [ $HUMAN -eq 1 ]; then - awk '{ if ($1 > 1024*1024*1024) - printf("% 6.1fT %s\n", $1/(1024*10

Bug#975555: sshguard on buster does not work.

2021-05-05 Thread Trent W. Buck
Pat Suwalski wrote: > Package: sshguard > > Upon upgrading to buster, sshguard in all of my deployments has stopped > working. > > I suspect this line in the Debian changelog: > > * debian/sshguard.service, Use nft instead iptables. > > There doesn't seem to be any obvious way to change this back

Bug#928525: Confirming

2021-05-05 Thread Trent W. Buck
gi1242+debianb...@gmail.com wrote: > Confirming I have this problem too. My /etc/sshguard/sshguard.conf has > > LOGREADER="LANG=C /bin/journalctl -afb -p info -n1 -o cat > SYSLOG_FACILITY=4 SYSLOG_FACILITY=10" > > The example provided by upstream has > > LOGREADER="LANG=C journalctl -af

Bug#987977: Silly shebang "#!./perl -w"

2021-05-02 Thread Trent W. Buck
Package: perl-modules-5.32 Version: 5.32.1-3 Severity: wishlist File: /usr/share/perl/5.32.1/ExtUtils/Miniperl.pm While auditing shebangs for something else, I found this silly one: $ sed -n 1p /usr/share/perl/*/ExtUtils/Miniperl.pm #!./perl -w Can you get upstream to either remove it or

Bug#984824: dh-python: pybuild needs to support toml (PEP517/PEP518) builds with no setup.py

2021-04-21 Thread Trent W. Buck
Drew, FYI dh-python=4.20201102+nmu1 can do this (pyproject.toml without setup.py), but you must opt-in to "flit" specifically. Documentation is here: https://manpages.debian.org/unstable/dh-python/pybuild.1.en.html#flit_plugin A minimal complete example is on #987296: https://bugs.deb

Bug#987296: PYBUILD_SYSTEM=flit breaks ${python3:Depends} (foo-1.dist-info/ vs foo-1.egg-info/)

2021-04-20 Thread Trent W. Buck
Package: dh-python Version: 4.20201102+nmu1 Severity: important dh_python3 looks for .egg-info/ (in dhpython/fs.py:Scan). flit uses .dist-info/. As a result, install-time dependencies (Depends) do not auto-populate. I think this needs more than a one-line fix, so I have not produced a fix yet, s

Bug#987236: Please add Suggests: flit for modern-style pyproject.toml magic

2021-04-20 Thread Trent W. Buck
Package: dh-python Version: 4.20201102+nmu1 Severity: wishlist Please add "Suggests: flit" to make Best Current Practice python packaging a little more discoverable. Boring rationale follows (you can probably ignore this). Every time I try to understand how to do Python packaging, I get confus

Bug#792639: http://bugs.debian.org sets HSTS, therefore SSL is mandatory

2021-04-07 Thread Trent W. Buck
Francesco Poli wrote: > Let's leave things as they are, until OpenSSL v3.0.0 gets released and > included in Debian unstable and testing. > > Please see [933252#10] for further details. > > [933252#10]: >> https://salsa.debian.org/frx-guest/apt-listbugs/-/blob/m

Bug#986507: Allow llvm-strings instead of binutils strings (fix check-support-status)

2021-04-06 Thread Trent W. Buck
Package: needrestart Version: 3.5-2 Severity: wishlist Tags: patch I want check-support-status to be happy, but I need needrestart: bash5$ check-support-status Limited security support for one or more packages Unfortunately, it has been necessary to limit security support for some

Bug#792639: http://bugs.debian.org sets HSTS, therefore SSL is mandatory

2021-04-06 Thread Trent W. Buck
Early discussion on this bug is "do we even want SSL?". Please note this is now moot, as bugs.debian.org enforces SSL: $ wget http://bugs.debian.org/test $ grep bugs.debian.org ~/.wget-hsts bugs.debian.org 0 0 1617696160 15552000 $ wget http://bugs.debian.org/tes

Bug#985277: "systemctl reload virtlogd" fails: Cannot disable close-on-exec flag on socket -1: Bad file descriptor

2021-03-15 Thread Trent W. Buck
Package: libvirt-daemon Version: 7.0.0-3 Severity: normal I noticed virtlogd in "systemctl --state=failed". It restarted OK, but failed to reload (see attached). I haven't looked yet, but I'm guessing logrotate triggers reload each night? No idea about the EBADF either, maybe a double-close proble

Bug#984998: apt-cacher-ng.service suggestions to appease "systemd-analyze security"

2021-03-11 Thread Trent W. Buck
Package: apt-cacher-ng Version: 3.6.3-1 Severity: wishlist The attached /etc/systemd/service/apt-cacher-ng.service.d/override.conf makes "systemd-analyze security" change from a frowny face to a smiley face. (I think it's also supposed to improve security hardening, but I can only vouch for the s

Bug#983847: querybts -m does not escape "\nFrom " sequences; breaks mutt

2021-03-02 Thread Trent W. Buck
Package: reportbug Version: 7.10.2 Severity: normal File: /usr/bin/querybts These commands are bugged: bts show -m 928175 querybts -m 928175 >tmp.mbox && mutt -f tmp.mbox This is because an email in that mailbox containes a byte sequence "\nFrom ". This sequence is used by mbox to delimi

Bug#959706: auto-apt-proxy: Lacking _apt_proxy._tcp SRV dns record support for version 11

2021-02-24 Thread Trent W. Buck
Hi Markus, Markus Lindberg wrote: > Version 11 of does not support the _apt_proxy._tcp SRV dns record feature > which version 12 does. > Version 12 is only available for testing and unstable would it be possible to > deploy version 12 for stable as well or patch the _apt_proxy._tcp SRV dns > re

Bug#982576: "list ruleset" triggers core dump, leaves host unprotected

2021-02-11 Thread Trent W. Buck
Package: nftables Version: 0.9.8-3 Severity: normal NOTE: to easily test a nft firewall in isolation, create a dummy netns: sudo ip netns add test sudo ip netns exec test nft --file test.nft This minimal ruleset causes a core dump: #!/usr/sbin/nft --file # This is like "flush r

Bug#981004: Cannot configure IUCODE_TOOL_SCANCPUS=no before installation

2021-01-25 Thread Trent W. Buck
Thanks for the prompt reply; discussion follows. Henrique de Moraes Holschuh wrote: > On Tue, 26 Jan 2021, Trent W. Buck wrote: >> A minimum recipe to reproduce this is: >> >> $ mmdebstrap sid sid.tar.zst \ >> --components='main contrib non-free

Bug#981004: Cannot configure IUCODE_TOOL_SCANCPUS=no before installation

2021-01-25 Thread Trent W. Buck
Package: intel-microcode Version: 3.20201118.1 Severity: normal I build live images, similar to the official Debian Live images. The issue below has annoyed me for many years, but it was only today someone suggested this might actually be a *BUG*. A minimum recipe to reproduce this is: $ mmd

Bug#975873: Please hook zfs-share up to nfs-kernel-server stop+start

2021-01-09 Thread Trent W. Buck
PPS: code links below Trent W. Buck wrote: > Michael Biebl wrote: > > I never used ZFS, so I basically have zero knowledge how it is supposed to > > work. > > Here is a rough summary, I hope this helps! > > * USUALLY that is all you need. >ZFS calls mount/umo

Bug#975873: Please hook zfs-share up to nfs-kernel-server stop+start

2021-01-09 Thread Trent W. Buck
Michael Biebl wrote: > I never used ZFS, so I basically have zero knowledge how it is supposed to > work. Here is a rough summary, I hope this helps! ZFS glossary: * a "vdev" is an underlying physical disks/partitions (e.g. /dev/sda) * a "pool" is made of 1 or more vdevs (e.g. "morpheus") *

Bug#979595: Cannot squash filename with literal backslash

2021-01-08 Thread Trent W. Buck
Package: squashfs-tools-ng Version: 1.0.3-1 Severity: important File: /usr/bin/gensquashfs gensquashfs cannot understand filenames that include literal backslashes. This occurs in the real world to anyone who clones systemd: https://github.com/systemd/systemd/blob/master/test/fuzz/fuzz-unit-f

Bug#978015: Add "image/webp webp" to /etc/mime.types ?

2020-12-24 Thread Trent W. Buck
Package: mime-support Version: 3.62 Severity: normal Tags: upstream I attached foo.webp to an email and mutt used application/octet-stream. I think to fix this mime.types needs to contain "image/webp webp". https://en.wikipedia.org/wiki/WebP Debian already supports this file format, and file

Bug#975873: Acknowledgement (Please hook zfs-share up to nfs-kernel-server stop+start)

2020-11-25 Thread Trent W. Buck
This quick-and-dirty fix seems to work for me: root@odin:~# systemctl cat nfs-kernel-server # /lib/systemd/system/nfs-server.service [...] # /etc/systemd/system/nfs-server.service.d/zfsutils-linux.conf # If you configure NFS exports in "zfs set sharenfs", # this will remov

Bug#975873: Please hook zfs-share up to nfs-kernel-server stop+start

2020-11-25 Thread Trent W. Buck
Package: zfsutils-linux Version: 0.8.4-1~bpo10+1 Severity: minor I'm not sure who is 'at fault' here, or where the fix belongs. The problem I ran into was this: 1. I zfs set sharenfs (not /etc/exports), because it makes config management a little easier (exports(5) lacks a "drop-in" dir)

Bug#975872: Deletes trailing whitespace in e.g. "c: ZCA="

2020-11-25 Thread Trent W. Buck
Package: python3-ldif3 Version: 3.2.2-1 Severity: normal I wrote a trivial ldifsort tool (attached). I noticed it was not idempotent. This is because python3-ldif3 is not preserving trailing space. An easy way to see this is: diff -u <(printf 'dn: a=b\nc:: ZCAgIA==\n'|ldifsort) \

Bug#975507: ansible/buster-backports incompatible with systemd/buster-backups (https://github.com/ansible/ansible/pull/68211)

2020-11-22 Thread Trent W. Buck
Package: ansible Version: 2.9.6+dfsg-1~bpo10+1 Severity: minor Is it possible to get https://github.com/ansible/ansible/pull/68211 fixed in ansible/buster-backports? I ran into this today: FAILED! => {"changed": false, "msg": "Malformed output discovered from systemd list-u

Bug#975005: git-stash: creates commits by without owning that domain

2020-11-17 Thread Trent W. Buck
ed, 1 insertion(+) create mode 100644 x bash5$ date >x bash5$ git stash Saved working directory and index state WIP on master: fe27c16 x bash5$ git log --format=$'%aN <%aE>\n%cN <%cE>' Trent W. Buck Trent W. Buck bash5$ git log --all --f

Bug#962384: Support for systemd-sysusers

2020-10-26 Thread Trent W. Buck
Holger Levsen wrote: > On Tue, Jun 30, 2020 at 07:07:50PM +0200, Michael Biebl wrote: > > It's my understanding, that there is no clear consensus what should > > happen on package purge. Some packages do manually remove system users > > and go to some length to find files/directories owned by a sys

Bug#972902: Move /var/lib/debspawn/aptcache/ into /var/cache?

2020-10-25 Thread Trent W. Buck
Package: debspawn Version: 0.2.1-1 Severity: minor I noticed most of my /var/lib/debspawn is actually an apt cache. Doesn't that belong in /var/cache/, next apt-cacher-ng and apt? ;-) -- System Information: Debian Release: 10.6 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-up

Bug#972571: mmtarfilter triggers https://bugs.debian.org/606756

2020-10-20 Thread Trent W. Buck
Package: mmdebstrap Version: 0.7.1-2 Severity: minor Tags: upstream Hi josch, Per our IRC chat, I found tarfilter stuff[0] triggers a regression of old dash bug #606756. [0] https://gitlab.mister-muffin.de/josch/mmdebstrap/commit/465c0564345b456c41016abc6a4b1cb727125961 I narrowed it down wit

Bug#841848: The repo. is dead and moved to https://quiche.googlesource.com/quiche/

2020-10-18 Thread Trent W. Buck
shirish शिरीष wrote: > There is no more development on the repository shared and hence since > moved to https://quiche.googlesource.com/quiche/ It looks like that repo is active, but there is also https://github.com/cloudflare/quiche ...which is used by nginx and (maybe) curl. It looks like

Bug#966097: inadequate domain name validation

2020-07-22 Thread Trent W. Buck
Package: libvirt-daemon Version: 5.0.0-4+deb10u1 Severity: minor When using virt-manager=1:2.0.0-3 to create a qemu/kvm domain named (including the quotes): "ℵ₀" I get this error on the virt-daemon server: Jul 23 10:11:06 not-omega libvirtd[1606866]: internal error: Child proce

Bug#964427: Where is vfs_zfsacl?

2020-07-06 Thread Trent W. Buck
Package: samba Version: 2:4.9.5+dfsg-5+deb10u1 Severity: wishlist I looked into SMB/ZFS integration today. It seems this module exists upstream, but not in Debian: https://www.samba.org/samba/docs/current/man-html/vfs_zfsacl.8.html https://wiki.freebsd.org/Samba4ZFS Is this intentional?

Bug#539575: netsurf-linuxfb: black screen

2020-05-17 Thread Trent W. Buck
Gürkan Myczko wrote: > It's been a while, could you try with 3.9-1 of netsurf-fb? I've changed laptops like 5 times since then. Nowadays I run X full-time because it got faster and fb didn't. If I find time I'll test it, but I don't know when that will be.

Bug#954974: Acknowledgement (apparmor.d/usr.sbin.cupsd -- please add an #include dropin for cups-pdf)

2020-03-25 Thread Trent W. Buck
PS: apparently the "ship empty" problem is avoidable: 14:29 two annoyances with includes for me as an end user: 14:29 1. if the #included file doesn't exist, that's an error, not a nop 14:29 so upstream has to ship the dropins themselves 14:29 (at least, IIRC that is true) [...] 1

Bug#954974: apparmor.d/usr.sbin.cupsd -- please add an #include dropin for cups-pdf

2020-03-25 Thread Trent W. Buck
Package: cups-daemon Version: 2.2.10-6+deb10u2 Severity: wishlist Right now you have two stanzas (cupsd and cups-pdf), but you only allow dropins in the former. Please add an #include for cups-pdf. #include /usr/sbin/cupsd flags=(attach_disconnected) { [...] #include }

Bug#953611: wesnoth-1.14-tools: needs Recommends: imagemagick

2020-03-10 Thread Trent W. Buck
Package: wesnoth-1.14-tools Version: 1:1.14.5-1 Severity: wishlist When I do this: /usr/share/games/wesnoth/1.14/data/tools/wesnoth_addon_manager --html tmp I get an initial prelude of normal stuff: Opening socket to add-ons.wesnoth.org:15014 for 1.14.x Connected as 42. Receivin

Bug#953528: -q doesn't work anymore

2020-03-10 Thread Trent W. Buck
Package: pngcrush Version: 1.8.13-0.1 Severity: minor File: /usr/bin/pngcrush The -q option doesn't seem to work anymore? According to my old notes (from 2016) this used to behave differently: bash5$ gm convert rose: tmp.png bash5$ pngcrush tmp.png _ Recompressing IDAT chunks in tm

Bug#951257: udevadm: please exit nonzero with "Running in chroot, ignoring request." when /proc is not mounted

2020-02-26 Thread Trent W. Buck
Michael Biebl wrote: >>> [...] you'd have to convince upstream that this is a good idea [...] >> Blergh, I'll have to make a github account [...] > Any updates here? Sorry, no. This is relatively low priority for me.

Bug#951566: Please allow NEEDRESTART_MODE=automatic (and "needrestart -r automatic")

2020-02-17 Thread Trent W. Buck
Package: needrestart Version: 3.4-5 Severity: wishlist File: /usr/sbin/needrestart Hi, right now I have to write NEEDRESTART_MODE=a needrestart -ra For clarity I would prefer to write whole words, e.g. NEEDRESTART_MODE=automatic needrestart --restart-mode=automatic I *think* a

Bug#951476: tar2sqfs: on error, remove confusing 'corrupt' output file

2020-02-17 Thread Trent W. Buck
Package: squashfs-tools-ng Version: 0.8-1 Severity: minor I was doing "mmdebstrap artful delete-me.squashfs", which internally runs tar and tar2sqfs. Something broke after tar2sqfs started but before tar did anything useful. This left a stub delete-me.squashfs lying around, which confused me. A

Bug#951257: udevadm: please exit nonzero with "Running in chroot, ignoring request." when /proc is not mounted

2020-02-13 Thread Trent W. Buck
Michael Biebl wrote: > Am 13.02.20 um 13:29 schrieb Trent W. Buck: >> Packages like udisks2 run "udevadm trigger" in their postinsts. >> When building a Debian Live image, if /proc is mounted in the chroot, all is >> well. >> When building a Debian Live

Bug#951257: udevadm: please exit nonzero with "Running in chroot, ignoring request." when /proc is not mounted

2020-02-13 Thread Trent W. Buck
Package: udev Version: 241-7~deb10u3 Severity: wishlist File: /sbin/udevadm Packages like udisks2 run "udevadm trigger" in their postinsts. When building a Debian Live image, if /proc is mounted in the chroot, all is well. When building a Debian Live image, if /proc is NOT mounted in the chroot,

Bug#951112: Interesting "user story" for manpage EXAMPLES

2020-02-11 Thread Trent W. Buck
Package: mmdebstrap Version: 0.6.0-1 Severity: wishlist Hi, you expressed some interest in including this "clever" tarring in your examples. # GOAL: pre-build libdvdcss2_NNN_amd64.deb, so # I can distribute it to airgapped, compiler-less systems. $ mmdebstrap buster --components

Bug#951107: Enable backports by default?

2020-02-11 Thread Trent W. Buck
Package: mmdebstrap Version: 0.6.0-1 Severity: wishlist [This is more a brainstorm than a "finished" bug report. I hope it's still useful!] When not using mmdebstrap, I have something like this[0]. I could just specify an exact debian.sources to mmdebstrap on stdin, but I'd rather have mmdebstrap

Bug#951029: Please document unexpected behaviour in pathlib.Path('.').glob('*/') - trailing slash matches regular files

2020-02-09 Thread Trent W. Buck
Package: libpython3.7-stdlib Version: 3.7.3-2+deb10u1 Severity: minor File: /usr/lib/python3.7/pathlib.py I expected pathlib glob() to behave like sh glob. I shot myself in the foot because of an unexpected difference. Please document this difference to protect other sysadmins. bash5$ ls

Bug#950776: "Took 213503982334601d 7h 0min 15s" due to typo bug inftparchive/apt-ftparchive.cc

2020-02-05 Thread Trent W. Buck
Package: apt-utils Version: 1.8.2 Severity: minor File: /usr/bin/apt-ftparchive Tags: patch I'm pretty sure this is a simple typo: diff --git a/ftparchive/apt-ftparchive.cc b/ftparchive/apt-ftparchive.cc index 077701c..51d492c 100644 --- a/ftparchive/apt-ftparchive.cc +++ b/ftparc

Bug#950701: Please install sysctl.d/50-default.conf to /usr/share/doc/

2020-02-04 Thread Trent W. Buck
Package: systemd Version: 241-7~deb10u2 Severity: wishlist While setting net.core.default_qdisc=fq_codel at my site, I noticed that systemd already did so... but Debian systemd didn't. It turns out that this is due to systemd (204-9) unstable; urgency=medium [ Marco d'Itri ] * D

Bug#950613: "nft -S list ruleset" should say "udp dport 514" is "syslog" (not "shell")

2020-02-04 Thread Trent W. Buck
Package: nftables Version: 0.9.2-1 Severity: wishlist Port 514 is a rare case where TCP and UDP have different service names. Right now "nft -S list ruleset" gives the TCP name, which is confusing. This is a very minor issue, but if it's easy to fix, please do so! :-) Below is code demonstrating

Bug#949359: Wish for space-separated --include="foo bar"

2020-01-19 Thread Trent W. Buck
Package: mmdebstrap Version: 0.5.1-4 Severity: wishlist Currently --components allows separation by commas OR spaces. Currently --include allows separation by commas BUT NOT spaces: $ mmdebstrap sid delete-me --components='main contrib non-free' --include='amd64-microcode,intel-microcode,iuc

Bug#949354: deb822 format (/etc/apt/sources.list.d/foo.sources) documented but not working

2020-01-19 Thread Trent W. Buck
Package: mmdebstrap Version: 0.5.1-4 Severity: minor As at this version: root@not-omega:/tmp/bootstrap# dpkg-query -W mmdebstrap apt apt 1.8.2 mmdebstrap 0.5.1-4 The manpage says I can use deb822 format: root@not-omega:/tmp/bootstrap# man mmdebstrap | grep -2 -F deb822

Bug#741593: closed by Debian FTP Masters (Bug#946113: Removed package(s) from unstable)

2019-12-07 Thread Trent W. Buck
Just for the record in case anyone reads old bug reports: * By default Debian 9+ uses systemd, which has borged bootchart's functionality into itself: systemd-analyze plot >tmp.svg * By default Debian 9+ ramdisks are *not* systemd, so exactly the same problem (no bootchart pr

Bug#943379: Default to PRNG method?

2019-10-24 Thread Trent W. Buck
Martijn van Brummelen wrote: > Hi Trent, > On 2019-10-24 06:46, Trent W. Buck wrote: > > Package: nwipe > > Version: 0.26-1 > > Severity: wishlist > > > > As I understand it: > > > > 1. the default nwipe method is DoD Short. > > > >

Bug#943379: Default to PRNG method?

2019-10-23 Thread Trent W. Buck
Package: nwipe Version: 0.26-1 Severity: wishlist As I understand it: 1. the default nwipe method is DoD Short. 2. the DoD Short method is specifically designed for the physical structure of MFM drives, and doesn't really work on other kinds of drives. 3. they stopped making MFM dri

Bug#942098: Wish for "mmdebstrap unstable unstable-chroot.squashfs"

2019-10-16 Thread Trent W. Buck
Just FYI / FTR, tar2sqfs exists in squashfs-tools-ng. I haven't gotten it working with mmdebstrap yet, but this (below) is enough to show that the approach is sound. Further work can happen in squashfs-land, not mmdebstrap-land. Trent W. Buck wrote: > 3. tar2squashfs is useful for this

Bug#942355: dumb defaults for LogDir and CacheDir

2019-10-15 Thread Trent W. Buck
OK, first of all, I apologize for the tone of my email. I was tired and cranky when I wrote it, but that's no excuse. Eduard Bloch wrote: > Hallo, > * Trent W. Buck [Tue, Oct 15 2019, 01:41:53PM]: > > Package: apt-cacher-ng > > Version: 3.2-2 > > Severity: minor &g

Bug#942355: dumb defaults for LogDir and CacheDir

2019-10-14 Thread Trent W. Buck
Package: apt-cacher-ng Version: 3.2-2 Severity: minor Right now apt-cacher-ng ships with TWO sets of default values: the ones hard-coded into the binary, and the ones in the default config file. They don't match. This is confusing. Please make them match, and then (ideally) make the default acng

Bug#602965: stats for squashfs 3.4 w/o --rsyncable

2019-10-13 Thread Trent W. Buck
I build Debian Live images each month, and upload them to a remote site. As you might expect, most of the files are the same. Using a Debian 9 stack, this is what I observed this month: server images: Total file size: 116.29M bytes Total bytes sent: 68.51M Total file size: 224.01M

Bug#942288: Wish for tar2squashfs

2019-10-13 Thread Trent W. Buck
Package: squashfs-tools Version: 1:4.4-1 Severity: wishlist Is it possible to write something that reads a tarball from stdin, and writes a squashfs to stdout? The context is https://bugs.debian.org/942098 where tar is used in a pipeline, so replacing it with mksquashfs is fiddly. One suggestion

Bug#942098: Acknowledgement (Wish for "mmdebstrap unstable unstable-chroot.squashfs")

2019-10-10 Thread Trent W. Buck
I had a brief go at this myself, but I quickly got stuck. * mmdebstrap always has tar write to stdout, rather than adding "-f $filename" to @taropts. mksquashfs doesn't allow this. mksquashfs *has to* write to a regular file (AFAIK). * mmdebstrap adds compression to the pipeline it

Bug#942098: Wish for "mmdebstrap unstable unstable-chroot.squashfs"

2019-10-10 Thread Trent W. Buck
Package: mmdebstrap Version: 0.5.0-1 Severity: wishlist File: /usr/bin/mmdebstrap It would cool if I could do an unprivileged mmdebstrap and get a .squashfs instead of a tarball. Sales pitch: squashfs is a file format that can act both like an archive (replaces .tar.xz): unsquashfs

Bug#921634: RFP: dovecot-xapian -- A straightforward and simple way to configure FTS plugin for Dovecot, leveraging the efforts by the Xapian.org team.

2019-10-01 Thread Trent W. Buck
Trent W. Buck wrote: > Leonard Lausen wrote: > > * Package name: dovecot-xapian > > Version : 1.0 > > Upstream Author : Joan Moreau > > * URL : https://github.com/grosjo/fts-xapian > > * License : GNU Lesser General Public Licen

Bug#941246: RFP: elpa-ansible -- ansible syntax highlighting, completion, and yasnippet templates for Emacs

2019-09-30 Thread Trent W. Buck
Nicholas, Eliding the parts I agree with... Nicholas D Steeves wrote: > I suspect that the conversion to a derived major mode should be done > before this software is suitable for a Debian stable release. I agree making it a local minor mode, instead of a derived major mode (derived from yaml-mo

Bug#941246: RFP: elpa-ansible -- ansible syntax highlighting, completion, and yasnippet templates for Emacs

2019-09-26 Thread Trent W. Buck
Package: wnpp Severity: wishlist * Package name: elpa-ansible Version : 0.2.0 Upstream Author : Ken’ichiro Oyama * URL : https://github.com/k1LoW/emacs-ansible * License : not licensed? Programming Lang: elisp Description : ansible syntax highlighting,

Bug#941058: multiline string support

2019-09-26 Thread Trent W. Buck
Nicholas D Steeves wrote: > On Tue, 24 Sep 2019 at 01:54, Trent W. Buck wrote: >> In the attached file, yaml-mode indents the multi-line strings incorrectly. >> Please fix indentation for multi-line strings. >> >> (At least, ansible complains about the tab stops tha

Bug#941058: multiline string support

2019-09-23 Thread Trent W. Buck
Package: elpa-yaml-mode Version: 0.0.14-1 Severity: wishlist File: /usr/share/emacs/site-lisp/elpa-src/yaml-mode-0.0.14/yaml-mode.el In the attached file, yaml-mode indents the multi-line strings incorrectly. Please fix indentation for multi-line strings. (At least, ansible complains about the ta

Bug#940464: grep --and -eX -eY -eZ (X∩Y∩Z intersection, not X∪Y∪Z union)

2019-09-15 Thread Trent W. Buck
Package: grep Version: 3.3-1 Severity: wishlist (Surely someone has already asked for this, but I can't see where. I may have already reported this myself, and forgotten. If so, sorry!) Right now if you do grep -eX -eY -eZ You'll get lines that match *any of* X, Y, or Z. Quite often I want

Bug#939818: new magic: OpenSSH Key Revocation List (KRL)

2019-09-09 Thread Trent W. Buck
Package: file Version: 1:5.37-5 Severity: wishlist Long, long ago, Debian accidentally made weak SSH keys. As part of the fix, Debian patched OpenSSH to blacklist those bad keys: https://sources.debian.org/src/openssh-blacklist/ Much later, equivalent functionality landed upstream in OpenSSH

Bug#935948: can't start containers with different names but same prefix (xxxxxxxxxxx-1 and xxxxxxxxxxx-2)

2019-08-28 Thread Trent W. Buck
Michael Biebl wrote: > Am 28.08.19 um 13:11 schrieb Trent W. Buck: > > > If this is an unavoidable limitation due to Linux, please at least > > warn about it in the systemd-nspawn manpage. > > I've forwarded this upstream to > https://github.com/systemd/systemd/iss

Bug#935948: can't start containers with different names but same prefix (xxxxxxxxxxx-1 and xxxxxxxxxxx-2)

2019-08-28 Thread Trent W. Buck
Package: systemd-container Version: 242-4 Severity: minor Due to IFNAMSIZ, nspawn's network interfaces names are truncated. The possibility of collisions should be clearly documented. My test containers have reasonably long names: root@not-omega:~# ls -l /var/lib/machines/ total 75 d

Bug#935495: [PATCH 1/2] Try "busybox ip route" when "ip route" is not available.

2019-08-25 Thread Trent W. Buck
uto-apt-proxy (11+nmu1) UNRELEASED; urgency=medium + + * Try "busybox ip route" when "ip route" is not available. + +Even though iproute2 is Priority: important, busybox is more common +according to https://popcon.debian.org/by_inst.gz, probably due to +initramfs-too

Bug#935495: [PATCH 2/2] Use apt-helper to find apt proxy via _apt_proxy._tcp DNS record.

2019-08-25 Thread Trent W. Buck
(11+nmu1) UNRELEASED; urgency=medium Even though iproute2 is Priority: important, busybox is more common according to https://popcon.debian.org/by_inst.gz, probably due to initramfs-tools Recommends: busybox. + * Use apt-helper to find apt proxy via _apt_proxy._tcp DNS record. -- Trent W. Bu

Bug#935495: Support handwritten (not avahi) SRV record

2019-08-23 Thread Trent W. Buck
Antonio Terceiro wrote: >> if stdout=$(/usr/lib/apt/apt-helper srv-lookup _http._tcp."$(hostname >> --domain)") && > s/_http/_apt_proxy/ ? Oops, yes. >> # The response came from apt-cacher or apt-cacher-ng or approx. >> grep -q -i "$tmpfile" -e 'Apt-cacher' -e >> '406.*u

Bug#935495: Support handwritten (not avahi) SRV record

2019-08-23 Thread Trent W. Buck
Package: auto-apt-proxy Version: 11 Severity: wishlist Tags: patch Currently auto-apt-proxy doesn't work for me because I run apt-cacher-ng on a dedicated host, which is neither the client's localhost, nor the client's default gateway. Currently squid-deb-proxy-client doesn't work for me because

Bug#929923: missing dictionaries.xcu confuses non-US English locales (e.g. en_AU)

2019-08-21 Thread Trent W. Buck
Rene Engelhard wrote: > On Wed, Aug 21, 2019 at 03:44:36PM +1000, Trent W. Buck wrote: > > I still advocate solving only MY problem, with a simple change: > > > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?att=2;bug=929923;filename=929923.patch;msg=22 >

Bug#929923: missing dictionaries.xcu confuses non-US English locales (e.g. en_AU)

2019-08-20 Thread Trent W. Buck
were created on an ad-hoc basis. This script tries to fully automate that process, so that 1. there is less work for the Debian maintainer; and 2. more consistent behaviour between Debian and upstream. ---Trent W. Buck, Aug 2019, https://bugs.debian.org/929923 """ import

Bug#934803: /usr/share/postfix/main.cf.tls: remove smtpd_tls_session_cache_database?

2019-08-14 Thread Trent W. Buck
Package: postfix Version: 3.4.5-1 Severity: minor File: /usr/share/postfix/main.cf.tls In a fresh Debian 10 with postfix, I didn't recognize these options in main.cf: smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_dir

<    1   2   3   4   5   6   7   8   9   10   >