Bug#1058671: [debian-mysql] Bug#1058671: mariadb-server: [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.

[Daniel Lewart]

Otto, et al,

On Sun, Apr 7, 2024 at 12:09 AM Otto Kekäläinen  wrote:
>
> Hi Daniel!
>
> Do you think this change is still needed?
>
> Do you want to participate in some open source development/testing to
> make it work?
>
> On Sun, 14 Jan 2024 at 16:03, Otto Kekäläinen  wrote:
> >
> > FYI: Discussion about this continued in
> > https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/61

Yes.  I believe that the default configuration should not generate
errors or warnings
when MariaDB is started.  Version 1:10.11.6-2 has one of each (see below).

And I agree with you that upstream option values should only be
changed if there are compelling reasons.

Thank you!
Dan
Urbana, Illinois
---
"PRIORITY" : "3",
"MESSAGE" : "2024-04-16  1:33:25 0 [Warning] You need to use --log-bin
to make --expire-logs-days or --binlog-expire-logs-seconds work.",

"PRIORITY" : "4",
"MESSAGE" : "mariadb.service: Referenced but unset environment
variable evaluates to an empty string: MYSQLD_OPTS,
_WSREP_NEW_CLUSTER",
###

Bug#1058724: automysqlbackup: "Referencing the /etc/mysql/debian.cnf file is not advised anymore"

[Daniel Lewart]

Package: automysqlbackup
Version: 2.6+debian.4-4
Severity: normal
Tags: patch

Thomas,

mariadb-server NEWS.Debian.gz says:
   - Referencing the /etc/mysql/debian.cnf file is not advised anymore. It will
 be deprecated in a future Debian release and has been obsolete anyway for
 several years now since MariaDB in Debian introduced Unix socket
 authentication for the root account in 2015.
   ...
 -- Otto Kekäläinen   Thu, 17 Sep 2020 14:37:47 +0300

Below is a patch which removes references to /etc/mysql/debian.cnf .
In addition, the changed lines:
  * all satisfy ShellCheck
  * sometimes improve logic

By the way, I believe that /usr/sbin/automysqlbackup has no bashisms
and should change from "#!/bin/bash" to "#!/bin/sh" (dash).

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/etc/default/automysqlbackup b/etc/default/automysqlbackup
--- a/etc/default/automysqlbackup   2021-08-30 09:50:19.0 -0500
+++ b/etc/default/automysqlbackup   2023-12-15 00:00:00.0 -0600
@@ -1,13 +1,13 @@
 # By default, the Debian version of automysqlbackup will use:
-# mysqldump --defaults-file=/etc/mysql/debian.cnf
+# mysqldump
 # but you might want to overwrite with a specific user & pass.
 # To do this, simply edit bellow.
 
 # Username to access the MySQL server e.g. dbuser
-#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk 
'{print $1}'`
+#USERNAME=dbuser
 
 # Username to access the MySQL server e.g. password
-#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | 
awk '{print $1}'`
+#PASSWORD=password
 
 # Host name (or IP address) of MySQL server e.g localhost
 DBHOST=localhost
@@ -20,9 +20,10 @@
 # and write your own.
 # The following is a quick hack that will find the names of the databases by
 # reading the mysql folder content. Feel free to replace by something else.
-# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 
| grep -v ^mysql\$ | tr \\\r\\\n ,\ `
+# DBNAMES=$(find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d/ -f5 
| grep -Ev '^(mysql|performance_schema)$' | tr '\n' ' ' | sed 's/ $//')
+
 # This one does a list of dbs using a MySQL statement.
-DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW 
DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v 
^performance_schema$ | grep -v ^information_schema$ | tr \\\r\\\n ,\ `
+DBNAMES=$(mysql -BNe 'SHOW DATABASES' | grep -Ev 
'^(information_schema|mysql|performance_schema)$' | tr '\n' ' ' | sed 's/ $//')
 
 # Backup directory location e.g /backups
 # Folders inside this one will be created (daily, weekly, etc.), and the
diff -ru a/usr/sbin/automysqlbackup b/usr/sbin/automysqlbackup
--- a/usr/sbin/automysqlbackup  2021-08-30 09:50:19.0 -0500
+++ b/usr/sbin/automysqlbackup  2023-12-15 00:00:00.0 -0600
@@ -446,7 +446,7 @@
touch "$2.gz"
chmod 600 "$2.gz"
if [ -z "${USERNAME}" -o -z "${PASSWORD}" ] ; then
-   mysqldump --defaults-file=/etc/mysql/debian.cnf 
$NEWOPT $1 | gzip -f > "$2.gz"
+   mysqldump "${NEWOPT}" "$1" | gzip -f > "$2.gz"
else
mysqldump --user=$USERNAME --password=$PASSWORD 
--host=$DBHOST $NEWOPT $1  | gzip -f > "$2.gz"
fi
@@ -455,7 +455,7 @@
touch "$2.bz2"
 chmod 600 "$2.bz2"
if [ -z "${USERNAME}" -o -z "${PASSWORD}" ] ; then
-mysqldump 
--defaults-file=/etc/mysql/debian.cnf $NEWOPT $1 | gzip -f > "$2.bz2"
+mysqldump "${NEWOPT}" "$1" | gzip -f > "$2.bz2"
 else
 mysqldump --user=$USERNAME 
--password=$PASSWORD --host=$DBHOST $NEWOPT $1  | gzip -f > "$2.bz2"
 fi
@@ -464,7 +464,7 @@
touch $2
chmod 600 $2
if [ -z "${USERNAME}" -o -z "${PASSWORD}" ] ; then
-   mysqldump --defaults-file=/etc/mysql/debian.cnf $NEWOPT 
$1 > $2
+   mysqldump "${NEWOPT}" "$1" > "$2"
compression $2
else
mysqldump --user=$USERNAME --password=$PASSWORD 
--host=$DBHOST $NEWOPT $1 > $2
@@ -532,7 +532,7 @@
 # If backing up all DBs on the server
 if [ "$DBNAMES" = "all" ]; then
if [ -z "${USERNAME}" -o -z "${PASSWORD}" ] ; then
-DBNAMES="`mysql --defaults-file=/etc/mysql/debian.cnf --batch 
--skip-column-names -e "show databases"| sed 's/ /%/g'`"
+DBNAMES="$(mysql --batch --skip-column-names -e "SHOW DATABASES" | tr 
' ' '%')"
else
 DBNAMES="`mysql --user=$USERNAME --password=$PASSWORD --host=$DBHOST 
--batch --skip-column-names -e "show databases"| sed 's/ /%/g'`"
fi

Bug#1058671: mariadb-server: [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.

[Daniel Lewart]

Package: mariadb-server
Version: 1:10.11.4-1~deb12u1
Severity: minor
Tags: patch

Otto, et al,

Starting mariadb-server generates the following message:
[Warning] You need to use --log-bin to make --expire-logs-days or 
--binlog-expire-logs-seconds work.

50-server.cnf includes the following lines:
#log_bin= /var/log/mysql/mysql-bin.log
expire_logs_days= 10
log_bin defaults to OFF, thus the warning.

Commenting out "expire_log_days" is a simple fix.
Patch below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/debian/additions/mariadb.conf.d/50-server.cnf 
b/debian/additions/mariadb.conf.d/50-server.cnf
--- a/debian/additions/mariadb.conf.d/50-server.cnf 2023-11-26 
20:58:10.0 -0600
+++ b/debian/additions/mariadb.conf.d/50-server.cnf 2023-12-14 
00:00:00.0 -0600
@@ -72,7 +72,7 @@
 #   settings you may need to change.
 #server-id  = 1
 #log_bin= /var/log/mysql/mysql-bin.log
-expire_logs_days= 10
+#expire_logs_days   = 10
 #max_binlog_size= 100M
 
 #

Bug#1055016: override: tasksel-data:admin/optional

[Daniel Lewart]

FTP Team,

On Sun Oct 29, 2023, I reported:

> However, tasksel is still installed by default because of the following:
> $ apt-cache show tasksel-data | grep -E '^(Package|Depends|Priority)'
> Package: tasksel-data
> Depends: tasksel (= 3.73)
> Priority: important

> Please change tasksel-data from:
> admin/important
> to:
> admin/optional

Some more dependencies:
Package: tasksel-data
Depends: tasksel (= 3.73)
Recommends: laptop-detect
Priority: important

Package: laptop-detect
Recommends: dmidecode
Priority: optional

Package: dmidecode
Depends: libc6 (>= 2.34)
Priority: important

So a side effect of not installing tasksel and tasksel-data by default
is that laptop-detect would not be installed either.

It's not clear to me why dmidecode is Priority: important,
but that's a discussion for another day.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1055016: override: tasksel-data:admin/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: task...@packages.debian.org, debian-b...@lists.debian.org, 
855...@bugs.debian.org, 954...@bugs.debian.org
Control: affects -1 + src:tasksel

FTP Team,

#855151 - tasksel: should not be Priority: important
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855151

#954090 - override: tasksel:admin/optional
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954090

However, tasksel is still installed by default because of the following:
$ apt-cache show tasksel-data | grep -E '^(Package|Depends|Priority)'
Package: tasksel-data
Depends: tasksel (= 3.73)
Priority: important

Please change tasksel-data from:
admin/important
to:
admin/optional

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1042894: cron: PATH values should be modernized

[Daniel Lewart]

Package: cron
Version: 3.0pl1-163
Severity: normal

Georges, et al,

pathnames.h has the following line:
# define _PATH_DEFPATH "/usr/bin:/bin"
Could it be changed to this?
# define _PATH_DEFPATH "/usr/sbin:/usr/bin"
crontab.5 would need to be changed too.

debian/crontab.main has the following line:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
Could it be changed to this?
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1025536: crontab_5_manpage.patch undoes No-multiple-timezones.patch and more

[Daniel Lewart]

Version: 3.0pl1-163

Georges, et al,

crontab_5_manpage.patch:

https://salsa.debian.org/debian/cron/-/blob/master/debian/patches/fixes/crontab_5_manpage.patch
undoes No-multiple-timezones.patch:

https://salsa.debian.org/debian/cron/-/blob/master/debian/patches/features/No-multiple-timezones.patch
and more.

If this was accidental and No-multiple-timezones.patch is restored,
please remove "SHELL=/bin/sh", which is a no op.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1040315: pam: Binary packages include old CHANGELOG instead of ChangeLog and NEWS

[Daniel Lewart]

Package: src:pam
Version: 1.5.2-6
Severity: normal

pam Maintainers,

pam binaries include the following file:
/usr/share/doc//changelog.gz
which is upstream's CHANGELOG (Oct 2011).

It states:
  This file is no longer used for tracking changes for Linux-PAM. For
  user visible changes, please look at the NEWS file. A more verbose
  list of changes can be found in ChangeLog.

Please replace it with the following upstream files, which are maintained:
  * ChangeLog -> changelog.gz
  * NEWS  -> NEWS.gz

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1040314: devscripts: uscan(1) github.com example could be improved

[Daniel Lewart]

Package: devscripts
Version: 2.23.4
Severity: minor

Devscripts Maintainers,

The uscan(1) github.com example is:
  version=4
  
opts="filenamemangle=s%(?:.*?)?v?@ANY_VERSION@(@ARCHIVE_EXT@)%@PACKAGE@-$1$2%" \
  https://github.com///tags \
  (?:.*?/)?v?@ANY_VERSION@@ARCHIVE_EXT@

The beginning of the pattern, which will be discarded, is:
(?:.*?)?v?
It should be simplified to:
.*?
or made to correspond to the matching pattern:
(?:.*?/)?v?

Also, the debian/watch wiki:
https://wiki.debian.org/debian/watch
seems to be not as good as uscan(1), which is confusing.

Of course, the best solution would be the following:
#1010604 Support commonly used providers like github.com and gitlab.com
within watch file:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010604

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1040310: pam: debian/watch broken by GitHub change

[Daniel Lewart]

Package: src:pam
Version: 1.5.2-6
Severity: normal
Tags: patch

pam Maintainers,

Since GitHub made an annoying change, pam's debian/watch no longer works.
https://tracker.debian.org/pkg/pam says:
   Problems while searching for a new upstream version
  uscan had problems while searching for a new upstream version:
  In debian/watch no matching files for watch line
https://github.com/linux-pam/linux-pam/releases .*/\S+-([\d.]+)\.tar\.xz

Based on the uscan(1) github.com example:
https://manpages.debian.org/bookworm/devscripts/uscan.1.en.html
I have created the *untested* patch below.

Thank you!
Daniel Lewart
Urbana, Illinois

diff -ru a/watch b/watch
--- a/watch 2023-01-04 14:40:45.0 -0600
+++ b/watch 2023-07-04 00:00:00.0 -0500
@@ -1,2 +1,4 @@
 version=4
-  https://github.com/linux-pam/linux-pam/releases .*/\S+-([\d.]+)\.tar\.xz
+opts="filenamemangle=s%(?:.*?)?v?@ANY_VERSION@(@ARCHIVE_EXT@)%@PACKAGE@-$1$2%" 
\
+https://github.com/linux-pam/linux-pam/tags \
+(?:.*?/)?v?@ANY_VERSION@@ARCHIVE_EXT@

###

Bug#1036091: release-notes: What's new: OpenJDK and OpenLDAP rows out of alphabetical order

[Daniel Lewart]

Package: release-notes
Severity: minor
Tags: patch

Release Notes Maintainers,

In Chapter 2. What's new in Debian 12, the OpenJDK and OpenLDAP rows
are out of alphabetical order.

Patch (for the English version only) is below,
with the following fixes:
  1) s/gnupg/gnupg2/
  2) s/llvm-toolchain/new-llvm-toolchain/
  3) Alphabetize OpenJDK and OpenLDAP rows

Wishlist: Add a link to the Debian page on Distrowatch.com:
https://distrowatch.com/table.php?distribution=debian
This has a complete history and is well-maintained.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/en/whats-new.dbk b/en/whats-new.dbk
--- a/en/whats-new.dbk  2023-05-14 12:57:24.0 -0500
+++ b/en/whats-new.dbk  2023-05-15 00:00:00.0 -0500
@@ -305,7 +305,7 @@
  2.10.22
  2.10.34

-   
+   
  
GnuPGGnuPG
  2.2.27
  2.2.40
@@ -330,7 +330,7 @@
   5.10 series
   6.1 series

-   
+   
   LLVM/Clang toolchain
   9.0.1 and 11.0.1 (default) and 13.0.1
   13.0.1 and 14.0 (default) and 15.0.6
@@ -345,16 +345,16 @@
  1.18
  1.22

-   
- OpenLDAP
- 2.4.57
- 2.5.13
-   

  
OpenJDKOpenJDK
  11
  17

+   
+ OpenLDAP
+ 2.4.57
+ 2.5.13
+   

  
OpenSSHOpenSSH
  8.4p1

Bug#1036088: release-notes: What's new table missing bash, openssl, systemd rows

[Daniel Lewart]

Package: release-notes
Severity: minor
Tags: patch

Release Notes Maintainers,

Chapter 2. What's new in Debian 12 should include the following rows:
  * bash| 5.1| 5.2.15
  * openssl | 1.1.1n | 3.0.8
  * systemd | 247.3  | 252.6

Patch (for the English version only) below.

Also, the following rows have popcon < 5% and could perhaps be deleted:
  * dovecot  (3.23%)
  * lighttpd (1.60%)
  * rustc(1.48%)

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/en/whats-new.dbk b/en/whats-new.dbk
--- a/en/whats-new.dbk  2023-05-14 12:57:24.0 -0500
+++ b/en/whats-new.dbk  2023-05-15 00:00:00.0 -0500
@@ -244,6 +244,11 @@
  2.4.54
  2.4.56

+   
+ BashBash
+ 5.1
+ 5.2.15
+   

  BINDBIND 
DNS Server
  9.16
@@ -360,6 +365,11 @@
  8.4p1
  9.2p1

+   
+ 
OpenSSLOpenSSL
+ 1.1.1n
+ 3.0.8
+   

  PerlPerl
  5.32
@@ -402,6 +412,11 @@
  4.13
  4.17

+   
+ 
SystemdSystemd
+ 247.3
+ 252.6
+   

  Vim
  8.2

Bug#1035914: cron(8) says system administrator should not use /etc/cron.d/

[Daniel Lewart]

Package: cron
Version: 3.0pl1-137
Severity: minor

Georges,

cron(8) says:
In general, the system administrator should not use /etc/cron.d/,
but use the standard system crontab /etc/crontab.

I don't understand the reasoning behind this, except perhaps to
avoid a collision with a future package named "local".

If cron(8) was changed to:
The system administrator may create cron jobs in /etc/cron.d/
with file names like "local" or "local-foo".
then package changes to /etc/crontab would not require user interaction
during upgrades.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1034784: release-notes: bookworm section 5.1.5 has "rsylog" typo

[Daniel Lewart]

Package: release-notes
Severity: minor
Tags: patch

Debian Documentation Team,

Release Notes for Debian 12 (bookworm) section 5.1.5
"Changes to system logging":

https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#changes-to-system-logging
has an "rsylog" typo.

Patch below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/en/issues.dbk b/en/issues.dbk
--- a/en/issues.dbk 2023-04-21 06:37:14.0 -0500
+++ b/en/issues.dbk 2023-04-24 00:00:00.0 -0500
@@ -197,7 +197,7 @@
   
   
 If you decide to switch away from rsylog you can use the
+role="package">rsyslog you can use the
 journalctl command to read log messages,
 which are stored in a binary format under
 /var/log/journal.  For example,

###

Bug#1033936: fwupd: FuEngine failed to get releases for UEFI dbx ... requires >= 1.8.14

[Daniel Lewart]

Package: fwupd
Version: 1.5.7-4
Severity: normal

Debian EFI Team,

Since Apr  1, 2023, new priority 6 (info) fwupd messages are being logged,
as shown below.

I think these may be caused by Linux Foundation (UEFI Revocation) Secure
Boot dbx Version 220 (Released: 2023-03-31 13:40:38):
https://fwupd.org/lvfs/devices/org.linuxfoundation.dbx.x64.firmware

Perhaps this situation is similar to the following:
  #961490 fwupd: version in stable too old, no updates possible:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961490

Please let me know if any additional information would be helpful.

Thank you!
Daniel Lewart
Urbana, Illinois
---
$ journalctl --no-hostname --no-pager _SYSTEMD_UNIT=fwupd.service
-- Journal begins at Thu 2021-11-25 17:09:56 CST, ends at Tue 2023-04-04 
02:29:53 CDT. --
Apr 01 11:21:51 fwupd[893544]: 16:21:51:0555 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 01 11:21:51 fwupd[893544]: 16:21:51:0602 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 02 04:42:24 fwupd[910736]: 09:42:24:0313 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 02 04:42:25 fwupd[910736]: 09:42:25:0227 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 02 10:44:49 fwupd[917415]: 15:44:49:0817 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 02 10:44:50 fwupd[917415]: 15:44:50:0752 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 02:30:24 fwupd[933315]: 07:30:24:0318 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 02:30:25 fwupd[933315]: 07:30:25:0247 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 09:09:49 fwupd[941008]: 14:09:49:0621 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 09:09:50 fwupd[941008]: 14:09:50:0544 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 16:19:24 fwupd[948519]: 21:19:24:0314 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 16:19:25 fwupd[948519]: 21:19:25:0244 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 16:19:25 fwupd[948519]: 21:19:25:0986 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 16:19:26 fwupd[948519]: 21:19:26:0032 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14

###

Bug#1030927: automysqlbackup: Week 48 and sometimes Week 47 backups are never removed

[Daniel Lewart]

Package: automysqlbackup
Version: 2.6+debian.4-4
Severity: normal
Tags: patch

Thomas,

Week 48 backups are never removed.
In some years, Week 47 backups are also never removed.

There are two problems:

1) The calculations to determine REMW are broken.
   They incorrectly assume the last Saturday of the year is in ISO week 53.
   Actually, it is 52 (89%) or 51 (11%).
   The following would be correct:
REMW=$(date -d '-35 days' +%V)

2) Ancient backups are never removed.

Below is an untested patch which should fix these.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/usr/sbin/automysqlbackup b/usr/sbin/automysqlbackup
--- a/usr/sbin/automysqlbackup  2021-08-30 09:50:19.0 -0500
+++ b/usr/sbin/automysqlbackup  2023-02-09 00:00:00.0 -0600
@@ -596,14 +596,7 @@
if [ "$DNOW" = "$DOWEEKLY" ]; then
echo Weekly Backup of Database \( $DB \)
echo Rotating 5 weeks Backups...
-   if [ "$W" -le 05 ];then
-   REMW=`expr 48 + $W`
-   elif [ "$W" -lt 15 ];then
-   REMW=0`expr $W - 5`
-   else
-   REMW=`expr $W - 5`
-   fi
-   rm -fv "$BACKUPDIR/weekly/$DB/${DB}_week.$REMW".*
+   find "$BACKUPDIR/weekly/$DB" -mtime +30 -print -delete
echo
dbdump "$DB" 
"$BACKUPDIR/weekly/$DB/${DB}_week.$W.$DATE.sql"
BACKUPFILES="$BACKUPFILES 
$BACKUPDIR/weekly/$DB/${DB}_week.$W.$DATE.sql$SUFFIX"
@@ -640,14 +633,7 @@
echo Weekly Backup of Databases \( $DBNAMES \)
echo
echo Rotating 5 weeks Backups...
-   if [ "$W" -le 05 ];then
-   REMW=`expr 48 + $W`
-   elif [ "$W" -lt 15 ];then
-   REMW=0`expr $W - 5`
-   else
-   REMW=`expr $W - 5`
-   fi
-   rm -fv "$BACKUPDIR/weekly/week.$REMW".*
+   find "$BACKUPDIR/weekly" -mtime +30 -print -delete
echo
dbdump "$DBNAMES" "$BACKUPDIR/weekly/week.$W.$DATE.sql"
BACKUPFILES="$BACKUPFILES 
$BACKUPDIR/weekly/week.$W.$DATE.sql$SUFFIX"

Bug#1022271: mysqltuner: new version // debian/watch not working

[Daniel Lewart]

Cord, et al,

> $ uscan
> uscan warn: In debian/watch no matching files for watch line
>   https://github.com/major/MySQLTuner-perl/releases 
> .*[^n]/v?(\d\S*)(?i)(?:\.(?:tar\.xz|tar\.bz2|tar\.gz|tar\.zstd?|zip|tgz|tbz|txz))
>  debian uupdate

> but on https://github.com/major/MySQLTuner-perl/releases/
> is a version 1.9.9

Could you try the debian/watch file below?

It is based on the github.com Watch File Example from:
https://manpages.debian.org/testing/devscripts/uscan.1.en.html

Thank you!
Daniel Lewart
Urbana, Illinois
---
version=4
opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*@ARCHIVE_EXT@)%@PACKAGE@-$1%" \
https://github.com/major/MySQLTuner-perl/tags \
(?:.*?/)?v?@ANY_VERSION@@ARCHIVE_EXT@
###

Bug#1009290: [debian-mysql] Bug#1009290: mariadb-server-10.6: Fails to start on live system

[Daniel Lewart]

Otto, et al,

How about temporarily inserting something like the implementation below of
Arnaud R's workaround somewhere (where?) in mariadb-server(-10.6).postinst?

Thank you!
Daniel Lewart
Urbana, Illinois
---
# Temporary workaround which should be removed after upstream fixes
# https://jira.mariadb.org/browse/MDEV-28751
fstype=$(findmnt -n -o FSTYPE -T /var/lib/mysql)
if [ "$fstype" = overlay ]; then
cat <<- EOF > "${mysql_cfgdir:-/etc/mysql}/mariadb.conf.d/90-live.cnf"
[mysqld]
innodb_flush_method = fsync
EOF
fi

Bug#1009290: [debian-mysql] Bug#1009290: mariadb-server-10.6: Fails to start on live system

[Daniel Lewart]

Otto, et al,

> I don't see anything new in upstream
> https://jira.mariadb.org/browse/MDEV-28751 about this.

> However we do have MariaDB 10.11.1 in Debian now. Maybe you Daniel can
> for the sake of it check if the behaviour is still same on 10.11?

Unfortunately, still the same.

I created a live standard image with CODENAME=unstable:
$ uname -a
Linux debian 6.1.0-2-amd64 #1 SMP PREEMPT_DYNAMIC
Debian 6.1.7-1 (2023-01-18) x86_64 GNU/Linux

Then I did the following:
$ sudo apt -y install mariadb-server
Output included:
Setting up mariadb-server (1:10.11.1-1) ...
Created symlink
/etc/systemd/system/multi-user.target.wants/mariadb.service →
/lib/systemd/system/mariadb.service.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.

Below is the output from the systemd journal.

In the upstream bug:
Daniel Black added a comment - 2022-06-07 04:50
I'll be just pushing this to the kernel (overlayfs) developers.

I don't know what happened with that.

The good news is that Arnaud R's upstream "innodb_flush_method = fsync"
workaround still works.

Sorry!
Daniel Lewart
Urbana, Illinois
---
$ sudo journalctl -t mariadb-server.postinst | cut -c55-
2023-01-30  0:54:27 0 [Warning] InnoDB: Retry attempts for writing
partial data failed.
2023-01-30  0:54:27 0 [ERROR] InnoDB: Write to file ./ibdata1 failed
at offset 0, 1048576 bytes should have been written, only 0 were
written. Operating system error number 22. Check that your OS and file
system support files of this size. Check also that the disk is not
full or a disk quota exceeded.
2023-01-30  0:54:27 0 [ERROR] InnoDB: Error number 22 means 'Invalid argument'
2023-01-30  0:54:27 0 [ERROR] InnoDB: Could not set the file size of
'./ibdata1'. Probably out of disk space
2023-01-30  0:54:27 0 [ERROR] InnoDB: Database creation was aborted
with error Generic error. You may need to delete the ibdata1 file
before trying to start up again.
2023-01-30  0:54:28 0 [ERROR] InnoDB: Operating system error number 22
in a file operation.
2023-01-30  0:54:28 0 [ERROR] InnoDB: Error number 22 means 'Invalid argument'
2023-01-30  0:54:28 0 [ERROR] InnoDB: File (unknown): 'close' returned
OS error 222. Cannot continue operation
230130  0:54:28 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.11.1-MariaDB-1
key_buffer_size=134217728
read_buffer_size=131072
max_used_connections=0
max_threads=153
thread_count=0
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads =
468018 K  bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x0 thread_stack 0x49000
2023-01-30  0:54:28 0 [ERROR] InnoDB: Operating system error number 9
in a file operation.
2023-01-30  0:54:28 0 [ERROR] InnoDB: Error number 9 means 'Bad file descriptor'
2023-01-30  0:54:28 0 [ERROR] InnoDB: File (unknown): 'close' returned
OS error 209. Cannot continue operation
Printing to addr2line failed
/usr/sbin/mariadbd(my_print_stacktrace+0x2e)[0x55ba61bd403e]
/usr/sbin/mariadbd(handle_fatal_signal+0x409)[0x55ba61741c69]
2023-01-30  0:54:28 0 [ERROR] InnoDB: Operating system error number 9
in a file operation.
2023-01-30  0:54:28 0 [ERROR] InnoDB: Error number 9 means 'Bad file descriptor'
2023-01-30  0:54:28 0 [ERROR] InnoDB: File (unknown): 'close' returned
OS error 209. Cannot continue operation
/lib/x86_64-linux-gnu/libc.so.6(+0x3bf90)[0x7f028b392f90]
/lib/x86_64-linux-gnu/libc.so.6(+0x8accc)[0x7f028b3e1ccc]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x12)[0x7f028b392ef2]
/lib/x86_64-linux-gnu/libc.so.6(abort+0xd3)[0x7f028b37d472]
2023-01-30  0:54:28 0 [ERROR] InnoDB: Operating system error number 9
in a file operation.
2023-01-30  0:54:28 0 [ERROR] InnoDB: Error number 9 means 'Bad file descriptor'
2023-01-30  0:54:28 0 [ERROR] InnoDB: File (unknown): 'close' returned
OS error 209. Cannot continue operation
/usr/sbin/mariadbd(+0x6692e1)[0x55ba613972e1]
/usr/sbin/mariadbd(+0xd0a775)[0x55ba61a38775]
/usr/sbin/mariadbd(+0xe140c8)[0x55ba61b420c8]
/usr/sbin/mariadbd(+0xe14131)[0x55ba61b42131]
/usr/sbin/mariadbd(+0xe16060)[0x55ba61b44060]
/usr/sbin/mariadbd(+0xe17041)[0x55ba61b45041]
/usr/sbin/mariadbd(+0xd7bbae)[0x55ba61aa9bae]
/usr/sbin/mariadbd(+0xcb7545)[0x55ba619e55

Bug#1025536: cron: No-multiple-timezones.patch can be improved

[Daniel Lewart]

Package: cron
Version: 3.0pl1-153
Severity: minor
Tags: patch

Dear Maintainer(s),

The patch below makes the following improvements to No-multiple-timezones.patch:
  1) Fix bashism
  2) Use TZ=UTC, as in original Bug #166533
  3) Use nroff \e for backslash
  4) Simplify time comparison

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/debian/patches/features/No-multiple-timezones.patch 
b/debian/patches/features/No-multiple-timezones.patch
--- a/debian/patches/features/No-multiple-timezones.patch   2022-11-28 
09:33:00.0 -0600
+++ b/debian/patches/features/No-multiple-timezones.patch   2022-12-06 
00:00:00.0 -0600
@@ -18,11 +18,9 @@
 +for example:
 +
 +.nf
-+# m h  dom mon dow   command
-+
-+SHELL=/bin/bash
-+TZ=Australia/Sydney
-+0 * * * * [ "$(date +\\%H\\%M)" == "" ] && run_some_script
++SHELL=/bin/sh
++TZ=UTC
++0 * * * * [ "$(date +\e%R)" = 00:00 ] && run_some_script
 +.fi
  
  POSIX specifies that the day of month and the day of week fields both need to

Bug#992474: override: bind9-libs:libs/optional

[Daniel Lewart]

Sean, et al,

On Sat 03 Sep 2022 22:39:18 -0700, Sean Whitton wrote:

> On Sun 28 Aug 2022 at 07:42PM -05, Daniel Lewart wrote:
>
> > Debian FTP Master(s) and Debian DNS Team,
> >
> > "Accepted bind9 1:9.18.6-1 (source amd64 all) into unstable, unstable":
> > https://tracker.debian.org/news/1357381
> > apparently reverted the Priority for bind9-libs from "optional" back
> > to "standard".
> >
> > Please change the Priority for bind9-libs from "standard" back to 
> > "optional".
>
> But bind9-libs is a separate source package, right?  Not sure how an
> upload of bind9, then, could change its priority?

Right.
However, the bind9-libs binary package is built from the bind9 source package,
not from the bind9-libs source.  A bit surprising.

> Anyway, we have to change each binary package and source package
> separately, so please provide a list of all the changes required.

Source: bind9
Package: bind9-libs
Change Priority from standard to optional

Thank you again,
Dan
Urbana, Illinois

Bug#1018748: reportbug: override requests offer deprecated 'extra' priority option

[Daniel Lewart]

On Sat, 3 Sep 2022 22:44:53 -0400, Sandro "morph" Tosi wrote:

> > Untested patch below.

> thanks for your patch! it would be much more useful if you could test
> your patch and report back if it works, instead of delegating this
> work to the maintainers.

> Thanks for your understanding

Thank you for the feedback!

I did several tests of my patch (with reportbug -d ftp.debian.org) and
they worked.

Grazie!
Daniel Lewart
Urbana, Illinois

Bug#1018748: reportbug: override requests offer deprecated 'extra' priority option

[Daniel Lewart]

Package: reportbug
Version: 11.5.1
Severity: minor
Tags: patch

Reportbug Maintainers,

reportbug ftp.debian.org with request type 'override' asks the user
to choose the (new) priority from the following options:
  * required
  * important
  * standard
  * optional
  * extra

However, Debian Policy 4.0.1 (Aug 2017) deprecated the 'extra' priority.

Therefore the 'extra' priority option should be removed.

Untested patch below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/reportbug/debbugs.py b/reportbug/debbugs.py
--- a/reportbug/debbugs.py  2022-08-17 14:00:40.0 -0500
+++ b/reportbug/debbugs.py  2022-08-30 00:00:00.0 -0500
@@ -374,15 +374,19 @@
 if not new_section:
 new_section = section
 
+if priority == 'extra':
+default_priority = 'optional'
+else:
+default_priority = priority
+
 new_priority = ui.menu('Select the new priority', {
 'required': "",
 'important': "",
 'standard': "",
 'optional': "",
-'extra': "",
-}, 'Choose the priority: ', default=priority, empty_ok=True)
+}, 'Choose the priority: ', default=default_priority, empty_ok=True)
 if not new_priority:
-new_priority = priority
+new_priority = default_priority
 
 if new_section == section and new_priority == priority:
 cont = ui.select_options(

Bug#1018690: override: python3-reportbug:python/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, 
python3-report...@packages.debian.org

Debian FTP Master(s) and Reportbug Maintainers,

Currently, python3-reportbug is Priority: standard.

It has only one reverse dependency: reportbug (Priority: standard).

Debian Policy 2.5 Priorities:
https://www.debian.org/doc/debian-policy/ch-archive.html#priorities
states:
"The priority of a package is determined solely by the functionality
it provides directly to the user. The priority of a package should
not be increased merely because another higher-priority package
depends on it; ..."

I think that applies in this case.

Please change the python3-reportbug Priority from standard to optional.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1018689: override: python3:python/standard

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, pyth...@packages.debian.org

Debian FTP Master(s) and Matthias,

Currently, python3 is Priority: optional.

The following Buster packages have Priority: standard:
  * python
  * python-minimal
  * python2.7
  * python3-reportbug

Now the following Priority:standard packages depend on python3
(directly or indirectly):
  * apt-listchanges
  * python3-reportbug
  * reportbug

Therefore, I think that python3 should change from:
Priority: optional
to:
Priority: standard

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1018687: override: perl-modules-5.34:libs/optional perl-modules-5.36:libs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, p...@packages.debian.org

Debian FTP Master(s) and Niko,

Currently, perl-modules-5.34 and perl-modules-5.36 are libs/standard.

However, Debian Policy 2.5 Priorities:
https://www.debian.org/doc/debian-policy/ch-archive.html#priorities
states:
"In particular, this means that C-like libraries will almost
never have a priority above optional, since they do not provide
functionality directly to users."

Since perl-modules-5.xx are not standalone packages and are in
Section:libs, I consider this Policy to apply to them.

Please change perl-modules-5.34 and perl-modules-5.36 from:
  * Priority: standard
to:
  * Priority: optional

perl 5.34.0 is Priority:standard" and Depends on perl-modules-5.34.
perl 5.36.0 is Priority:standard" and Depends on perl-modules-5.36.
Therefore, perl-modules-5.xx will still be pulled into Standard systems.

Thank you,
Daniel Lewart
Urbana, Illinois

Bug#992474: override: bind9-libs:libs/optional

[Daniel Lewart]

Debian FTP Master(s) and Debian DNS Team,

"Accepted bind9 1:9.18.6-1 (source amd64 all) into unstable, unstable":
https://tracker.debian.org/news/1357381
apparently reverted the Priority for bind9-libs from "optional" back
to "standard".

Please change the Priority for bind9-libs from "standard" back to "optional".

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1018685: override: libnfsidmap1:libs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, debian-ker...@lists.debian.org

Debian FTP Master(s),

nfs-utils Commit aba2cc13 [1] (Jan 19, 2022) by Ben Hutchings says:
  d/control: Reduce priority of libnfsidmap1 to optional as well
Since Debian policy version 4.0.1, shared libraries should have
priority optional even if they have reverse-dependencies of higher
priority.

However, since Mar  2, 2022, override.bookworm.main.gz says:
libnfsidmap1 | standard | libs |
apparently triggered by "nfs-utils 1:2.6.1-1 MIGRATED to testing" [2].

Please change libnfsidmap1 from Priority "standard" to "optional".

[1] https://salsa.debian.org/kernel-team/nfs-utils/-/commit/aba2cc13
[2] https://tracker.debian.org/news/1307526

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1016992: libdbd-oracle-perl: Built against unsupported Oracle Instant Client 12.1

[Daniel Lewart]

Package: libdbd-oracle-perl
Version: 1.80-3
Severity: normal

Debian Perl Group,

OIC = Oracle Instant Client

libdbd-oracle-perl has been built against OIC 12.1
since version 1.66-1 (Aug 30, 2013).

Oracle's "Release Schedule of Current Database Releases":
  
https://support.oracle.com/knowledge/Oracle%20Database%20Products/742060_1.html
says "Patching End Dates" are:
  * 12.1 - Jul 31, 2022
  * 19c  - Apr 30, 2024
  * 21c  - Apr 30, 2024

Upstream DBD::Oracle 1.81 introduced support for OIC 21.

Could the following two changes be made?
  1) Import upstream version 1.83
  2) Build against OIC 19c (Version 19.16) or 21c (Version 21.7)

However, two problems remain:
  1) Bookworm will be supported well beyond Apr 30, 2024
  2) Oracle may release higher 19.xx and 21.x versions

Perhaps the only solution is for the user to build from source?

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1016967: apt_preferences(5) downgrade rule is off-by-one

[Daniel Lewart]

Package: apt
Version: 2.5.2
Severity: normal
Tags: patch

APT Development Team,

apt_preferences(5) says:

> Never downgrade unless the priority of an available version exceeds
> 1000. ("Downgrading" is installing a less recent version of a package
> in place of a more recent version. Note that none of APT's default
> priorities exceeds 1000; such high priorities can only be set in the
> preferences file. Note also that downgrading a package can be risky.)

However, a priority of 1000 enables downgrading.

Both instances of "exceeds" should be changed to "equals or exceeds".

Patch below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/doc/apt_preferences.5.xml b/doc/apt_preferences.5.xml
--- a/doc/apt_preferences.5.xml 2022-07-24 10:57:24.0 -0500
+++ b/doc/apt_preferences.5.xml 2022-08-10 00:00:00.0 -0500
@@ -142,9 +142,9 @@
 to determine which version of a package to install.
 
 Never downgrade unless the priority of an available
-version exceeds 1000.  ("Downgrading" is installing a less recent version
+version equals or exceeds 1000.  ("Downgrading" is installing a less recent 
version
 of a package in place of a more recent version.  Note that none of APT's
-default priorities exceeds 1000; such high priorities can only be set in
+default priorities equals or exceeds 1000; such high priorities can only be 
set in
 the preferences file.  Note also that downgrading a package
 can be risky.)
 Install the highest priority version.

###

Bug#1016832: release-notes: Chapter 4 Upgrading commands are spread out over 20 pages

[Daniel Lewart]

Package: release-notes
Severity: wishlist

Debian Documention Team,

Chapter 4. "Upgrades from Debian 10 (buster)" has commands spread out
over 20 pages.  I think many (most?) admins would enjoy a quick checklist
or summary.

How about a section like the one below at the end of the Chapter?

Thank you!
Daniel Lewart
Urbana, Illinois
---
Basic System Quick Upgrade

For a basic system:
  * Latest stable point release
  * Debian packages only
  * No APT pinning
  * Sufficient disk space (1 GB free for /var)
the following upgrade procedures should work.

Edit /etc/apt/sources.list:
  deb http://deb.debian.org/debian  main [contrib] [non-free]
  deb http://security.debian.org -security main [contrib] 
[non-free]
  deb http://deb.debian.org/debian -updates main [contrib] 
[non-free]

# apt update
# apt autoclean
# apt upgrade --without-new-pkgs 2>&1 | tee 1.log
# apt full-upgrade 2>&1 | tee 2.log
# apt autopurge
# reboot

Review and clean up:
# find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error'

###

Bug#1014311: ftp.debian.org: Signing service occasionally generates bad 254-byte signatures

[Daniel Lewart]

Does the signing service use a non-free YubiKey?

Thank you!
Dan
Urbana, Illinois

Bug#1012741: Subject: Re: Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service

[Daniel Lewart]

It's like déjà vu all over again:
#942881 - snd-hda-codec-hdmi signature corruption
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942881

Thank you!
Dan
Urbana, Illinois

Bug#1014272: src:linux: sign-file: correct error handling

[Daniel Lewart]

On Sun, 03 Jul 2022 11:47:51 +0200, Ansgar wrote:

> The functions CMS_final, i2d_CMS_bio_stream, i2d_PKCS7_bio and
> BIO_free all return 1 for success or 0 for failure. The old check
> for a value less than 0 would never catch an error.

> I tried signing a kernel module with the patched sign-file and that
> still worked.

Wow!  This may help solve the following signing bugs:
  * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012741
  * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014311

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service

[Daniel Lewart]

Ben, et al,

On Sun, 19 Jun 2022 12:59:55 +0200, Ben Hutchings wrote:
> In the mean time, we have another security update coming which might
> not hit this bug again.  But there are 28,679 signed binaries across
> the three architectures, so the probability is only about 65%.

I looked at the following new (Jul  2, 2022) binaries:
  * linux-image-4.19.0-21-686-pae_4.19.249-2_i386.deb
  * linux-image-4.19.0-21-686_4.19.249-2_i386.deb
  * linux-image-4.19.0-21-amd64_4.19.249-2_amd64.deb
  * linux-image-4.19.0-21-arm64_4.19.249-2_arm64.deb
  * linux-image-4.19.0-21-cloud-amd64_4.19.249-2_amd64.deb
  * linux-image-4.19.0-21-rt-686-pae_4.19.249-2_i386.deb
  * linux-image-4.19.0-21-rt-amd64_4.19.249-2_amd64.deb
  * linux-image-4.19.0-21-rt-arm64_4.19.249-2_arm64.deb

There were 25,011 signed kernel modules, with one bad signature:
  * binary package: linux-image-4.19.0-21-amd64
  * version: 4.19.249-2
  * file: lib/modules/4.19.0-21-amd64/kernel/net/openvswitch/vport-vxlan.ko

Perhaps this bug should be retitled?

Thank you!
Dan
Urbana, Illinois

Bug#1014311: ftp.debian.org: Signing service occasionally generates bad 254-byte signatures

[Daniel Lewart]

Package: ftp.debian.org
Severity: important

FTP team,

The Signing service occasionally generates bad 254-byte signatures
for kernel modules, rendering them unloadable.

Ben Hutchings has done some excellent detective work.

Please see #1012741:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012741

Here is one example:
  * linux-image-5.10.0-15-amd64
5.10.120-1 lib/modules/5.10.0-15-amd64/kernel/net/netfilter/xt_l2tp.ko

1) Which version of OpenSSL/libssl does the signing service use?

2) Are signing logs available?  Perhaps they could provide a clue.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service

[Daniel Lewart]

Ben, et al,

On Mon, 13 Jun 2022 18:23:18 +0200 Ben Hutchings  wrote:

> Since the truncated signatures are in the source packages, this is a
> problem introduced by the code signing service and will need to be
> fixed there.

Assuming that the code-signing service uses the kernel's scripts/sign-file
and calls PKCS7_sign() ...

Which version of OpenSSL/libssl is used?

Are kernel build logs available for download or viewing?

Thank you!
Dan
Urbana, Illinois

Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service

[Daniel Lewart]

Ben, et al,

BH> I wrote a script to check for short signatures (and other unexpected
BH> things) in detached signature files:
BH> 
https://salsa.debian.org/kernel-team/kernel-team/-/blob/master/scripts/benh/check-sig-params

DL> I tried running your script, but it generates an error (see below).
DL> What am I doing wrong?

I was running it for the kernel module instead of the detached signature.  D'oh!

This works:
$ extract-module-sig.pl -s
/lib/modules/5.10.0-15-amd64/kernel/net/netfilter/xt_l2tp.ko
2>/dev/null | check-sig-params /dev/stdin

Sorry for the noise,
Dan
Urbana, Illinois

Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service

[Daniel Lewart]

Ben,

> I wrote a script to check for short signatures (and other unexpected
> things) in detached signature files:
> https://salsa.debian.org/kernel-team/kernel-team/-/blob/master/scripts/benh/check-sig-params

Thank you for your excellent detective work!

I tried running your script, but it generates an error (see below).
What am I doing wrong?

Thank you again!
Dan
Urbana, Illinois
---
$ dpkg-query -f='${Package} ${Version}\n' -W python3 python3-asn1crypto
python3 3.9.2-3
python3-asn1crypto 1.4.0-1

$ check-sig-params /lib/modules/5.10.0-15-amd64/kernel/net/netfilter/xt_l2tp.ko
/lib/modules/5.10.0-15-amd64/kernel/net/netfilter/xt_l2tp.ko: Error
parsing asn1crypto.cms.ContentInfo - class should have been universal,
but application was found)

###

Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service

[Daniel Lewart]

Package: linux-image-5.10.0-15-686-pae
Version: 5.10.120-1
Severity: normal

Debian Kernel Team,

Encountered on a physical machine and reproduced with QEMU:

$ sudo modprobe rt61pci
modprobe: ERROR: could not insert 'rt61pci': Key was rejected by service

But it works fine on the following:
  * linux-image-5.10.0-14-686-pae  Verson 5.10.113-1
  * linux-image-5.10.0-15-amd64Verson 5.10.120-1

Here is some more verbosity:

$ sudo modprobe -v rt61pci
insmod /lib/modules/5.10.0-15-686-pae/kernel/lib/crc-itu-t.ko
modprobe: ERROR: could not insert 'rt61pci': Key was rejected by service

$ sudo modprobe -vv crc-itu-t
modprobe: INFO: ../libkmod/libkmod.c:365 kmod_set_log_fn() custom logging 
function 0x47b800 registered
insmod /lib/modules/5.10.0-15-686-pae/kernel/lib/crc-itu-t.ko
modprobe: INFO: ../libkmod/libkmod-module.c:892 kmod_module_insert_module() 
Failed to insert module 
'/lib/modules/5.10.0-15-686-pae/kernel/lib/crc-itu-t.ko': Key was rejected by 
service
modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service
modprobe: INFO: ../libkmod/libkmod.c:332 kmod_unref() context 0x204a2d0 released

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1009290: [debian-mysql] Bug#1009290: mariadb-server-10.6: Fails to start on live system

[Daniel Lewart]

tags + upstream

Faustin,

I found a much simpler way to demonstrate my problem with
a Debian Bullseye Live image and MariaDB generic Linux server:
  * debian-live-11.3.0-amd64-standard.iso
  * mariadb-10.6.8-linux-systemd-x86_64.tar.gz

I decided to file a new bug upstream:
[DEV-28751] mariadb-install-db fails writing ibdata1 on overlayfs
https://jira.mariadb.org/browse/MDEV-28751

Also, strace shows a difference between 10.5.16 (good) and 10.6.8 (fails).

Merci beaucoup,
Dan
Urbana, Illinois

Bug#1009290: [debian-mysql] Bug#1009290: mariadb-server-10.6: Fails to start on live system

[Daniel Lewart]

Faustin,

DL> I will give this a try.  I'm curious what filesystem the container uses.

$ podman exec -it sys-test findmnt -J /
{
   "filesystems": [
  {
 "target": "/",
 "source": "fuse-overlayfs",
 "fstype": "fuse.fuse-overlayfs",
 "options":
"rw,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other"
  }
   ]
}

Dan
Urbana, Illinois

Bug#1009290: [debian-mysql] Bug#1009290: mariadb-server-10.6: Fails to start on live system

[Daniel Lewart]

Faustin,

> I am not able to reproduce this with the latest
> mariadb-server-10.6-dbgsym version (10.6.8).

> Can you try with the latest version and tell me?

Yes, I tried 10.6.8-1 with the same result.

> Also, can you describe a bit better your setup?  If this is a filesystem
> related issue, I would like to try to reproduce it myself.

Yes.  This is a simplified version of my setup ...

1) sudo apt -y install apt-cacher-ng live-build

2) I used Live Build to create a live sid image:
#!/bin/sh
cd /dev/shm
sudo mount /dev/shm -odev,exec,remount,size=3G
lb config --apt-http-proxy http://localhost:3142 -d sid
echo '! Packages Priority standard' \
> config/package-lists/standard.list.chroot
echo 'deb http://deb.debian.org/debian-debug sid-debug main' \
> config/archives/live.list.binary
sudo lb build

3) qemu-system-x86_64 -enable-kvm -cdrom /dev/shm/live-image-amd64.hybrid.iso \
-cpu host -m 4G -smp 2

4) In the guest, it didn't matter what I tried:
sudo apt -y install mariadb-server
sudo apt -y install mariadb-server-10.6-dbgsym
mariadb-server-core-10.6-dbgsym

I'm sure it is an overlay filesystem issue:

$ sudo ls -l /var/lib/mysql/ibdata1
-rw-rw 1 mysql mysql 0 May 25 12:34 /var/lib/mysql/ibdata1

$ df -hT /var/lib/mysql
Filesystem Type Size  Used Avail Use% Mounted on
overlayoverlay  2.0G  355M  1.6G  19% /

$ findmnt -J /
{
   "filesystems": [
  {
 "target": "/",
 "source": "overlay",
 "fstype": "overlay",
 "options":
"rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work"
  }
   ]
}

> I have tested with a systemd container that I have created for these
> kind of testing, here are the commands (using podman):
>
> | podman run --name sys-test --rm -d fauust/docker-systemd:debian-sid
> | podman exec -it sys-test bash -c "echo \"deb 
> http://deb.debian.org/debian-debug/ sid-debug main\" >> /etc/apt/sources.list 
> && apt update && apt install -y mariadb-server-10.6-dbgsym"

I will give this a try.  I'm curious what filesystem the container uses.

Thank you!
Dan
Urbana, IL

Bug#1009803: xorriso : NOTE : -as mkisofs: Ignored option '-cache-inodes'

[Daniel Lewart]

Package: live-build
Version: 1:20210902
Severity: minor
Tags: patch

Debian Live,

lb build works perfectly, but says:
...
xorriso : NOTE : -as mkisofs: Ignored option '-cache-inodes'
...

Attached is an *untested* patch which removes the '-cache-indoes'
option from:
  * scripts/build/binary_iso
  * scripts/build/source_iso

Thank you!
Daniel Lewart
Urbana, Illinois
diff -ru a/scripts/build/binary_iso b/scripts/build/binary_iso
--- a/scripts/build/binary_iso  2021-04-02 10:43:54.0 -0500
+++ b/scripts/build/binary_iso  2022-04-18 00:00:00.0 -0500
@@ -63,7 +63,7 @@
 fi
 
 # Handle xorriso generic options
-XORRISO_OPTIONS="-R -r -J -joliet-long -l -cache-inodes -iso-level 3"
+XORRISO_OPTIONS="-R -r -J -joliet-long -l -iso-level 3"
 
 # Handle xorriso live-build specific options
 if [ "${LB_IMAGE_TYPE}" = "iso-hybrid" ] && [ "${LB_BOOTLOADER_BIOS}" = 
"syslinux" ]
diff -ru a/scripts/build/source_iso b/scripts/build/source_iso
--- a/scripts/build/source_iso  2021-02-14 06:12:04.0 -0600
+++ b/scripts/build/source_iso  2022-04-18 00:00:00.0 -0500
@@ -59,7 +59,7 @@
 fi
 
 # Handle xorriso generic options
-XORRISO_OPTIONS="-as mkisofs -r -J -joliet-long -l -cache-inodes"
+XORRISO_OPTIONS="-as mkisofs -r -J -joliet-long -l"
 
 # Handle xorriso live-build specific options
 if [ "${_QUIET}" = "true" ]

Bug#1009629: live-tools: postinst generates two update-rc.d warnings

[Daniel Lewart]

Source: live-tools
Version: 1:20190831
Severity: normal
Tags: patch

Live System Maintainers,

$ sudo apt install live-tools
...
Setting up live-tools (1:20190831) ...
update-rc.d: warning: start and stop actions are no longer supported; falling 
back to defaults
update-rc.d: warning: start runlevel arguments (none) do not match live-tools 
Default-Start values (S)
...

I believe that the simple (untested) patch below
will remove these warnings.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/debian/rules b/debian/rules
--- a/debian/rules  2020-10-23 09:08:54.0 -0500
+++ b/debian/rules  2022-04-13 00:00:00.0 -0500
@@ -10,4 +10,4 @@
rm -f debian/live-tools/usr/share/doc/live-tools/COPYING
 
 override_dh_installinit:
-   dh_installinit --no-stop-on-upgrade --no-start 
--update-rcd-params='start 89 0 6 .'
+   dh_installinit --no-stop-on-upgrade --no-start

###

Bug#1009354: sane-utils postinst generates warning if no /etc/inetd.conf

[Daniel Lewart]

Source: sane-backends
Version: 1.1.1-5
Severity: normal
Tags: patch

Jörg,

$ sudo apt install sane-utils
...
Setting up sane-utils (1.1.1-5) ...
update-inetd: warning: cannot add service, /etc/inetd.conf does not exist
...

Also reported for Ubuntu:
  https://bugs.launchpad.net/ubuntu/+source/sane-backends/+bug/1894715

The attached patch does the following:
  * sane-utils.postinst: Checks to see if /etc/inetd.conf exists before
running update-inetd
  * sane-utils.postinst: Checks exit code directly (ShellCheck SC2181)
  * sane-utils.postrm:   Removes obsolete comment

In #842605 - sane-utils depends on update-inetd but it should not (anymore):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842605
you quoted from DEP-9:
"inetd is irrelevant"
Does that imply that inetd support should be removed?

Thank you!
Daniel Lewart
Urbana, Illinois
diff -ru a/sane-utils.postinst b/sane-utils.postinst
--- a/sane-utils.postinst   2022-02-24 00:34:54.0 -0600
+++ b/sane-utils.postinst   2022-04-12 00:00:00.0 -0500
@@ -31,10 +31,11 @@
 db_get sane-utils/saned_scanner_group
 SANED_IN_SCANNER="$RET"
 
-# Add saned service, disabled by default
-pathfind update-inetd
-if [ $? = 0 ]; then
-   update-inetd --add "## 
sane-port\tstream\ttcp\tnowait\tsaned:saned\t/usr/sbin/saned saned"
+if [ -f /etc/inetd.conf ]; then
+   # Add saned service, disabled by default
+   if pathfind update-inetd ; then
+   update-inetd --add "## 
sane-port\tstream\ttcp\tnowait\tsaned:saned\t/usr/sbin/saned saned"
+   fi
 fi
 
 # Stop debconf; output to stdout after this point. update-inetd needs 
debconf.
diff -ru a/sane-utils.postrm b/sane-utils.postrm
--- a/sane-utils.postrm 2022-02-24 00:34:54.0 -0600
+++ b/sane-utils.postrm 2022-04-12 00:00:00.0 -0500
@@ -1,10 +1,6 @@
 #!/bin/sh
 
 set -e
-#
-# set -e are disabled because pathfind update-inetd
-# gives an piuparts error.
-#
 
 #
 # POSIX-compliant shell function

Bug#1009290: mariadb-server-10.6: Fails to start on live system

[Daniel Lewart]

Package: mariadb-server-10.6
Version: 1:10.6.7-3
Severity: important

Debian MariaDB Maintainers,

Live Build (--distribution testing) image from April 2022.
8 GB RAM, so should be plenty of disk space available.

$ sudo apt install mariadb-server-10.6-dbgsym
...
Setting up mariadb-server-10.6 (1:10.6.7-3) ...
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → 
/lib/systemd/system/mariadb.service.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 142.
...

$ sudo journalctl | grep -i mariadb | cut -c58-
[See below]

Perhaps this is similar to:
  #983002 - plocate: does not work with /var on overlayfs
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983002

Please let me know any additional information that you could use.

Thank you!
Daniel Lewart
Urbana, Illinois
---
2022-04-10 22:53:02 0 [Warning] InnoDB: Retry attempts for writing partial data 
failed.
2022-04-10 22:53:02 0 [ERROR] InnoDB: Write to file ./ibdata1 failed at offset 
0, 1048576 bytes should have been written, only 0 were written. Operating 
system error number 22. Check that your OS and file system support files of 
this size. Check also that the disk is not full or a disk quota exceeded.
2022-04-10 22:53:02 0 [ERROR] InnoDB: Error number 22 means 'Invalid argument'
2022-04-10 22:53:02 0 [ERROR] InnoDB: Could not set the file size of 
'./ibdata1'. Probably out of disk space
2022-04-10 22:53:02 0 [ERROR] InnoDB: Database creation was aborted with error 
Generic error. You may need to delete the ibdata1 file before trying to start 
up again.
2022-04-10 22:53:02 0 [ERROR] InnoDB: Operating system error number 22 in a 
file operation.
2022-04-10 22:53:02 0 [ERROR] InnoDB: Error number 22 means 'Invalid argument'
2022-04-10 22:53:02 0 [ERROR] InnoDB: File (unknown): 'close' returned OS error 
222. Cannot continue operation
220410 22:53:02 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.6.7-MariaDB-3
key_buffer_size=134217728
read_buffer_size=131072
max_used_connections=0
max_threads=153
thread_count=0
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467957 K  
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x0 thread_stack 0x49000
2022-04-10 22:53:02 0 [ERROR] InnoDB: Operating system error number 9 in a file 
operation.
2022-04-10 22:53:02 0 [ERROR] InnoDB: Error number 9 means 'Bad file descriptor'
2022-04-10 22:53:02 0 [ERROR] InnoDB: File (unknown): 'close' returned OS error 
209. Cannot continue operation
Printing to addr2line failed
/usr/sbin/mariadbd(my_print_stacktrace+0x2e)[0x555d0aa77f0e]
/usr/sbin/mariadbd(handle_fatal_signal+0x478)[0x555d0a5c5268]
2022-04-10 22:53:02 0 [ERROR] InnoDB: Operating system error number 9 in a file 
operation.
2022-04-10 22:53:02 0 [ERROR] InnoDB: Error number 9 means 'Bad file descriptor'
2022-04-10 22:53:02 0 [ERROR] InnoDB: File (unknown): 'close' returned OS error 
209. Cannot continue operation
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12200)[0x7f606ba96200]
2022-04-10 22:53:02 0 [ERROR] InnoDB: Operating system error number 9 in a file 
operation.
2022-04-10 22:53:02 0 [ERROR] InnoDB: Error number 9 means 'Bad file descriptor'
2022-04-10 22:53:02 0 [ERROR] InnoDB: File (unknown): 'close' returned OS error 
209. Cannot continue operation
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x141)[0x7f606b57a8a1]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x112)[0x7f606b564546]
2022-04-10 22:53:02 0 [ERROR] InnoDB: Operating system error number 9 in a file 
operation.
2022-04-10 22:53:02 0 [ERROR] InnoDB: Error number 9 means 'Bad file descriptor'
2022-04-10 22:53:02 0 [ERROR] InnoDB: File (unknown): 'close' returned OS error 
209. Cannot continue operation
/usr/sbin/mariadbd(+0x63b8e9)[0x555d0a2638e9]
/usr/sbin/mariadbd(+0xcb66e5)[0x555d0a8de6e5]
/usr/sbin/mariadbd(+0xdbc308)[0x555d0a9e4308]
/usr/sbin/mariadbd(+0xdbc371)[0x555d0a9e4371]
/usr/sbin/mariadbd(+0xdbea20)[0x555d0a9e6a20]
/usr/sbin/mariadbd(+0xdbfb41)[0x555d0a9e7b41]
/usr/sbin/mariadbd(+0xd2585f)[0x555d0a94d85f]
/usr/sbin/mariadbd(+0xc64245)[0x555d0a88c245]
/usr/sbin/mariadbd(_Z24ha_initialize_handlertonP13st_plugin_int+0x7e)[0x555d0a5c839e]
/usr/sbin/mariadbd(+0x797a76)[0x555d0a3bfa76]
/usr/sbin/mariadbd(_Z11plugin_initPiPPci+0x828)[0x555d0a3c0a38]
/usr/sbin

Bug#1007265: override: gcc-12-base:libs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, gcc...@packages.debian.org

Debian FTP Team,

Please change gcc-12-base from:
libs/required
to:
libs/optional

Reason:
  #997826 - gcc-11: Current/future gcc-N-base packages
should not declare Priority: required:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997826

And gcc-10-base should be taken care of at the same time:
  #992477 - override: gcc-10-base:libs/optional:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992477

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#1006921: apache2: security.conf can be improved

[Daniel Lewart]

Package: apache2
Version: 2.4.52
Severity: normal
Tags: patch

Debian Apache Maintainers,

The attached patch improves security.conf (last updated Jun 24, 2015)
in the following ways:
  * Change Subversion example to git and improve it
  * Change obsolete X-Frame-Options to Content-Security-Policy
  * Add reference URLs to comments
  * Change indentation from spaces to tabs

Thank you!
Daniel Lewart
Urbana, Illinois
diff -ru a/debian/config-dir/conf-available/security.conf 
b/debian/config-dir/conf-available/security.conf
--- a/debian/config-dir/conf-available/security.conf2021-12-29 
00:35:53.0 -0600
+++ b/debian/config-dir/conf-available/security.conf2022-03-08 
00:00:00.0 -0600
@@ -6,8 +6,8 @@
 # Debian packages.
 #
 #
-#   AllowOverride None
-#   Require all denied
+#  AllowOverride None
+#  Require all denied
 #
 
 
@@ -21,6 +21,7 @@
 # and compiled in modules.
 # Set to one of:  Full | OS | Minimal | Minor | Major | Prod
 # where Full conveys the most information, and Prod the least.
+# https://httpd.apache.org/docs/2.4/mod/core.html#servertokens
 #ServerTokens Minimal
 ServerTokens OS
 #ServerTokens Full
@@ -32,6 +33,7 @@
 # documents or custom error documents).
 # Set to "EMail" to also include a mailto: link to the ServerAdmin.
 # Set to one of:  On | Off | EMail
+# https://httpd.apache.org/docs/2.4/mod/core.html#serversignature
 #ServerSignature Off
 ServerSignature On
 
@@ -42,6 +44,7 @@
 # diagnostic purposes).
 #
 # Set to one of:  On | Off | extended
+# https://httpd.apache.org/docs/2.4/mod/core.html#traceenable
 TraceEnable Off
 #TraceEnable On
 
@@ -49,16 +52,15 @@
 # Forbid access to version control directories
 #
 # If you use version control systems in your document root, you should
-# probably deny access to their directories. For example, for subversion:
+# probably deny access to their directories. For example, for git:
 #
-#
-#   Require all denied
-#
+#RedirectMatch 404 /\.git
 
 #
 # Setting this header will prevent MSIE from interpreting files as something
 # else than declared by the content type in the HTTP headers.
 # Requires mod_headers to be enabled.
+# 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 #
 #Header set X-Content-Type-Options: "nosniff"
 
@@ -66,8 +68,9 @@
 # Setting this header will prevent other sites from embedding pages from this
 # site as frames. This defends against clickjacking attacks.
 # Requires mod_headers to be enabled.
+# 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
 #
-#Header set X-Frame-Options: "sameorigin"
+#Header set Content-Security-Policy "frame-ancestors 'self';"
 
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Bug#1004710: Invoke "useradd -r" when creating a system user

[Daniel Lewart]

Debian Adduser Developers,

Also "sudo apt install openssh-server" warns:
useradd warning: sshd's uid 116 outside of the UID_MIN 1000 and
UID_MAX 6 range.

Tested patch which keeps options in alphabetic order is below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/usr/sbin/adduser b/usr/sbin/adduser
--- a/usr/sbin/adduser2018-09-15 14:12:39.0 -0500
+++ b/usr/sbin/adduser2022-02-25 00:00:00.0 -0600
@@ -434,7 +434,7 @@
 $shell = $special_shell || '/usr/sbin/nologin';
 $undouser = $new_name;
 my $useradd = ('useradd');
-($useradd, '-d', $home_dir, '-g', $ingroup_name, '-s',
+($useradd, '-d', $home_dir, '-g', $ingroup_name, '-r', '-s',
 $shell, '-u', $new_uid, $new_name);
 if(!$disabled_login) {
 my $usermod = ('usermod');

Bug#1002798: live-tools: live-persistence needs live-boot and cryptsetup-bin

[Daniel Lewart]

Package: live-tools
Version: 1:20190831
Severity: normal
Tags: patch

Debian Live Team,

# apt install live-tools
# live-persistence
E: live-boot not installed
# apt install live-boot
# live-persistence activate VOLUME
/usr/bin/live-persistence: 240: /sbin/cryptsetup: not found
...
# apt install cryptsetup-bin
# live-persistence activate VOLUME
...

I think live-tools should Recommend live-boot and cryptsetup-bin
*Untested* diff below.

However, my concern is that this may create a circular dependency:
  * live-boot  Recommends: live-tools
  * live-tools Recommends: live-boot
If so, what is the best solution?

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/debian/control b/debian/control
--- a/debian/control2019-08-31 09:38:48.0 -0500
+++ b/debian/control2021-12-28 00:00:00.0 -0600
@@ -16,6 +16,9 @@
  lsb-base,
  initramfs-tools,
  ${misc:Depends},
+Recommends:
+ cryptsetup-bin,
+ live-boot,
 Suggests:
  debian-installer-launcher,
  eject,

Bug#1002796: live-boot: 9990-cmdline-old and 9990-misc-helpers.sh cryptsetup dependencies

[Daniel Lewart]

Package: live-boot
Version: 1:20210208
Severity: normal
Tags: patch

Debian Live Team,

The following live-boot components define functions which use cryptsetup:
  * /lib/live/boot/9990-cmdline-old
  * /lib/live/boot/9990-misc-helpers.sh

Therefore, I think live-boot should change from:
Suggests: cryptsetup
to:
Recommends: cryptsetup

*Untested* patch below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/debian/control b/debian/control
--- a/debian/control2021-02-08 05:18:07.0 -0600
+++ b/debian/control2021-12-28 00:00:00.0 -0600
@@ -19,12 +19,12 @@
  live-boot-initramfs-tools | live-boot-backend,
  ${misc:Depends},
 Recommends:
+ cryptsetup,
  live-boot-doc,
  live-tools,
  rsync,
  uuid-runtime,
 Suggests:
- cryptsetup,
  curlftpfs,
  httpfs2,
  wget,

Bug#996816: hw-detect: check-missing-firmware generates modprobe errors

[Daniel Lewart]

Package: hw-detect
Version: 1.147
Severity: minor
Tags: d-i patch
X-Debbugs-Cc: k...@debian.org

Debian Install System Team,

Revisiting "#973733 - RTW88_8821ce module fails to find firmware during
install and must be reloaded":
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973733#61

On Mon Jul 26, 2021, Cyril Brulebois wrote:

> ...
> I've kept reloading the module determined initially, even if it could
> probably be skipped if the actual module name is different: it's likely
> to generate two modprobe errors (once for unloading, once for loading)
> but oh well… I could also have good for the `modprobe -q` option but
> better keep all logs, just in case something strange happens…
> ...
> (A variation would be to move the first modprobe dance below the loop,
> and its execution depend on whether actual_module was ever set.)
> ...

First, thank you for your successful efforts to greatly improve
the Bullseye installation experience!

I have created a variation on that variation, with some improvements:
  1) Sit out the first modprobe dance to avoid generating faux-pas errors.
 This assumes that every driver has a corresponding module.
  2) Rename variables in the remove/reload section for improved clarity:
 module -> driver; driver -> drv_path; actual_module -> module
  3) Remove unused get_module function
  4) Fix UUOC
  5) Change "! -n" to "-z"
  6) Fix comment typo

Tested patch is attached.

Thank you!
Daniel Lewart
Urbana, Illinois
--- check-missing-firmware.orig 2021-07-28 02:05:05.0 -0500
+++ check-missing-firmware.sh   2021-10-14 00:00:00.0 -0500
@@ -20,23 +20,6 @@
log-output -t check-missing-firmware "$@"
 }
 
-# Not all drivers register themselves if firmware is missing; in that
-# case determine the module via the device's modalias.
-get_module () {
-   local devpath=$1
-
-   if [ -d $devpath/driver ]; then
-   # The real path of the destination of the driver/module
-   # symlink should be something like "/sys/module/e100"
-   basename $(readlink -f $devpath/driver/module) || true
-   elif [ -e $devpath/modalias ]; then
-   modalias="$(cat $devpath/modalias)"
-   # Take the last module returned by modprobe
-   modprobe --show-depends "$modalias" 2>/dev/null | \
-   sed -n -e '$s#^.*/\([^.]*\)\.ko.*$#\1#p'
-   fi
-}
-
 # Some modules only try to load firmware once brought up. So bring up and
 # then down any interfaces specified by ethdetect.
 upnics() {
@@ -77,12 +60,12 @@
# Transform [foo] into \[foo\] to make it possible to search for
# "^$tspattern" (-F for fixed string doesn't play well with ^ to
# anchor the pattern on the left):
-   tspattern=$(cat $dmesg_ts | sed 's,\[,\\[,;s,\],\\],')
+   tspattern=$(sed 's,\[,\\[,;s,\],\\],' $dmesg_ts)
log "looking at dmesg again, restarting from timestamp: $(cat 
$dmesg_ts)"
 
# Find the line number for the first match, empty if not found:
ln=$(grep -n "^$tspattern" $dmesg_file |sed 's/:.*//'|head -n 1)
-   if [ ! -z "$ln" ]; then
+   if [ -n "$ln" ]; then
log "timestamp found, truncating dmesg accordingly"
sed -i "1,$ln d" $dmesg_file
else
@@ -110,7 +93,7 @@
modules=""
files=""
 
-   # Parse dmesg using a started parttern to detect firmware
+   # Parse dmesg using a started pattern to detect firmware
# files the kernel drivers look for (#725714):
fwlist=/tmp/check-missing-firmware-dmesg.list
get_fresh_dmesg | sed -rn 's/^(\[[^]]*\] )?([^ ]+) [^ ]+: firmware: 
failed to load ([^ ]+) .*/\2 \3/p' > $fwlist
@@ -288,24 +271,22 @@
fi
 
# remove and reload modules so they see the new firmware
-   for module in $modules; do
-   if ! nic_is_configured $module; then
-   log "removing and loading kernel module $module"
-   log_output modprobe -r $module || true
-   log_output modprobe $module || true
-
+   for driver in $modules; do
+   if ! nic_is_configured $driver; then
# iterate to avoid dealing with multiplicity explicitly:
-   for driver in $(find /sys/bus/*/drivers -name 
"$module"); do
-   # module name mentioned in dmesg might differ 
from the actual module
+   for drv_path in $(find /sys/bus/*/drivers -name 
"$driver"); do
+   # driver name mentioned in dmesg might differ 
from the 

Bug#521102: automysqlbackup: Why is "mysql" excluded?

[Daniel Lewart]

Tags: patch

Christian and Thomas (zigo),

Apologies if I have omitted any important context
in the quotes below ...

CH> I wonder why the mysql database is explicitly excluded from the backup?
CH> To me user permissions and ACLs are the most important things?

I also wondered.  I agree.

TG> # List of DBBNAMES for Monthly Backups.
TG> MDBNAMES="mysql $DBNAMES"
TG> This is why I removed it with a grep.

AutoMySQLBackup 2.5.1 fixed this:
MDBNAMES="${DBNAMES}"

TG> You don't need to do
TG> anything, and the mysql grant tables WILL be included in the backup.

Yes, but only in the *Monthly* backups.
The problem is that, by default, they will not be in the
Daily or Weekly backups.

README.Debian says:

> automysqlbackup creates backup every day, week and month for all of
> your MySQL database, to a configured folder. There's nothing to do but
> to install this package, and you'll rest assured that you have a way to
> go back in the history of your database.

This is not true for the current defaults.

TG> As per the rest of the text in this issue, there is no fix needed.

Please reconsider.  Tested patch below, which is essentially:
DBNAMES=all
MDBNAMES="$DBNAMES"
DBEXCLUDE="information_schema performance_schema"

Thank you!
Daniel Lewart
Urbana, Illinois

--- debian/defaults.orig2021-08-30 09:51:22.0 -0500
+++ debian/defaults2021-10-06 00:00:00.0 -0500
@@ -22,7 +22,8 @@
 # reading the mysql folder content. Feel free to replace by something else.
 # DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut
-d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
 # This one does a list of dbs using a MySQL statement.
-DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW
DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ |
grep -v ^performance_schema$ | grep -v ^information_schema$ | tr
\\\r\\\n ,\ `
+# DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf
--execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ |
grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v
^information_schema$ | tr \\\r\\\n ,\ `
+DBNAMES=all

 # Backup directory location e.g /backups
 # Folders inside this one will be created (daily, weekly, etc.), and the
@@ -49,11 +50,12 @@
 # === ADVANCED OPTIONS ( Read the doc's below for details )===
 #=

-# List of DBBNAMES for Monthly Backups.
-MDBNAMES="mysql $DBNAMES"
+# List of DBNAMES for Monthly Backups.
+# MDBNAMES="mysql $DBNAMES"
+MDBNAMES="$DBNAMES"

-# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
-DBEXCLUDE=""
+# List of DBNAMES to EXCLUDE if DBNAMES are set to all (must be in " quotes)
+DBEXCLUDE="information_schema performance_schema"

 # Include CREATE DATABASE in backup?
 CREATE_DATABASE=yes

Bug#994121: debian-cd: Default CODENAME should be changed to bookworm (testing)

[Daniel Lewart]

Makefile patch is attached.  Dan
--- a/Makefile	2021-09-06 05:22:44.0 -0500
+++ b/Makefile	2021-09-12 00:00:00.0 -0500
@@ -191,14 +191,14 @@
 	fi
 endif
 
-# Make sure unstable/sid points to testing/buster, as there is no build
+# Make sure unstable/sid points to testing/bookworm, as there is no build
 # rule for unstable/sid.
 unstable-map:
 	$(Q)if [ ! -d $(BASEDIR)/data/sid ] ; then \
-		ln -s buster $(BASEDIR)/data/sid ; \
+		ln -s bookworm $(BASEDIR)/data/sid ; \
 	fi
 	$(Q)if [ ! -d $(BASEDIR)/tools/boot/sid ] ; then \
-		ln -s buster $(BASEDIR)/tools/boot/sid ; \
+		ln -s bookworm $(BASEDIR)/tools/boot/sid ; \
 	fi
 
 #

Bug#994121: debian-cd: Default CODENAME should be changed to bookworm (testing)

[Daniel Lewart]

Source: debian-cd
Version: 3.1.35
Severity: normal
Tags: patch
X-Debbugs-Cc: szilard.an...@gmail.com

Debian CD Group,

The default CODENAME should be changed to bookworm (testing).

Below is a patch, which I successfully tested with:
$ ./easy-build.sh NETINST

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/CONF.sh b/CONF.sh
--- a/CONF.sh   2021-09-06 05:22:44.0 -0500
+++ b/CONF.sh   2021-09-12 00:00:00.0 -0500
@@ -70,7 +70,7 @@
export DI_CODENAME=$CODENAME
 fi
 # If you want backported d-i (e.g. by setting
-# DI_CODENAME=jessie-backports, then you'll almost definitely also
+# DI_CODENAME=bookworm-backports, then you'll almost definitely also
 # want to enable BACKPORTS below as well
 
 # Should we include some packages from backports? If so, point at a
@@ -86,8 +86,8 @@
 # the Debian mirror.
 #export DI_WWW_HOME=default
 
-# Version number, "2.2 r0", "2.2 r1" etc.
-export DEBVERSION="11.0.0"
+# Version number, "10.11.0", "11.1.0", "testing", etc
+export DEBVERSION="testing"
 
 # Official or non-official set.
 # NOTE: THE "OFFICIAL" DESIGNATION IS ONLY ALLOWED FOR IMAGES AVAILABLE
@@ -136,7 +136,7 @@
 # export NONFREE=1
 
 # Do I want to have CONTRIB merged in the CD set
-export CONTRIB=1
+# export CONTRIB=1
 
 # Do I want to have NONFREE on a separate CD (the last CD of the CD set)
 # WARNING: Don't use NONFREE and EXTRANONFREE at the same time !
@@ -208,8 +208,8 @@
 
 # Extra keys that you might want apt to trust. List their fingerprints
 # here and debian-cd will grab them from the user's keyring as needed
-# (The example here is the buster release key)
-#export ARCHIVE_EXTRA_KEYS="80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE"
+# (The example here is the bullseye release key)
+#export ARCHIVE_EXTRA_KEYS="1F89983E0081FDE018F3CC9673A4F27B8DD47936"
 
 # By default we use debootstrap --no-check-gpg to find out the minimal set
 # of packages because there's no reason to not trust the local mirror. But
diff -ru a/easy-build.sh b/easy-build.sh
--- a/easy-build.sh 2021-09-06 05:22:44.0 -0500
+++ b/easy-build.sh 2021-09-12 00:00:00.0 -0500
@@ -72,10 +72,10 @@
 ## For what release to build images
 
 # The suite the installed system will be based on
-export CODENAME=buster
+export CODENAME=bookworm
 # The suite from which the udebs for the installer will be taken (normally
 # the same as CODENAME)
-export DI_CODENAME=buster
+export DI_CODENAME=bookworm
 
 
 ## The debian-installer images to use. This must match the suite (DI_CODENAME)
###

Bug#994117: debian-cd: Links to alioth/~fjp/debmirror/ and d-i.alioth/manual/

[Daniel Lewart]

Source: debian-cd
Version: 3.1.35
Severity: minor
Tags: patch

Debian Images Group,

README.easy-build has an alioth link to Frans Pop's example script:
http://alioth.debian.org/~fjp/debmirror/

data/$(CODENAME)/README.html.in have alioth links to the
Development version of the Debian Installation Guide:
https://d-i.alioth.debian.org/manual/

Attached is a patch which has the following changes:
  1) alioth/~fjp/debmirror/ downloaded from Internet Archive
 Wayback Machine to /examples/
  2) README.easy-build updated accordingly
  3) data/$(CODENAME)/README.html.in now link to:
https://d-i.debian.org/manual/

Thank you!
Daniel Lewart
Urbana, Illinois
diff -Nru a/README.easy-build b/README.easy-build
--- a/README.easy-build 2021-09-06 05:22:44.0 -0500
+++ b/README.easy-build 2021-09-12 00:00:00.0 -0500
@@ -92,9 +92,9 @@
 - ./dists//main/installer-/
   contains Debian Installer images (official releases)
 
-One method is to use debmirror. An example script for creating a full or
-partial local mirror using debmirror suitable for use with debian-cd can be
-found at: http://alioth.debian.org/~fjp/debmirror/.
+One method is to use debmirror. An example script by Frans Pop (fjp)
+for creating a full or partial local mirror using debmirror suitable for
+use with debian-cd can be found at: /usr/share/doc/debian-cd/examples/ .
 
 BASIC CONFIGURATION
 ===
diff -Nru a/data/bookworm/README.html.in b/data/bookworm/README.html.in
--- a/data/bookworm/README.html.in  2021-09-06 05:22:44.0 -0500
+++ b/data/bookworm/README.html.in  2021-09-12 00:00:00.0 -0500
@@ -257,7 +257,7 @@
 installation guide many not be released yet. It will appear on https://www.debian.org/releases/bookworm/installmanual;>the
 Debian web site when ready, but before then you could try https://d-i.alioth.debian.org/manual/;>the development
+href="https://d-i.debian.org/manual/;>the development
 version of the manual.
 
 # endif
diff -Nru a/data/bullseye/README.html.in b/data/bullseye/README.html.in
--- a/data/bullseye/README.html.in  2021-09-06 05:22:44.0 -0500
+++ b/data/bullseye/README.html.in  2021-09-12 00:00:00.0 -0500
@@ -257,7 +257,7 @@
 installation guide many not be released yet. It will appear on https://www.debian.org/releases/bullseye/installmanual;>the
 Debian web site when ready, but before then you could try https://d-i.alioth.debian.org/manual/;>the development
+href="https://d-i.debian.org/manual/;>the development
 version of the manual.
 
 # endif
diff -Nru a/data/buster/README.html.in b/data/buster/README.html.in
--- a/data/buster/README.html.in2021-09-06 05:22:44.0 -0500
+++ b/data/buster/README.html.in2021-09-12 00:00:00.0 -0500
@@ -257,7 +257,7 @@
 installation guide many not be released yet. It will appear on https://www.debian.org/releases/buster/installmanual;>the
 Debian web site when ready, but before then you could try https://d-i.alioth.debian.org/manual/;>the development
+href="https://d-i.debian.org/manual/;>the development
 version of the manual.
 
 # endif
diff -Nru a/data/jessie/README.html.in b/data/jessie/README.html.in
--- a/data/jessie/README.html.in2021-09-06 05:22:44.0 -0500
+++ b/data/jessie/README.html.in2021-09-12 00:00:00.0 -0500
@@ -259,7 +259,7 @@
 installation guide many not be released yet. It will appear on https://www.debian.org/releases/jessie/installmanual;>the
 Debian web site when ready, but before then you could try https://d-i.alioth.debian.org/manual/;>the development
+href="https://d-i.debian.org/manual/;>the development
 version of the manual.
 
 # endif
diff -Nru a/data/kali-dev/README.html.in b/data/kali-dev/README.html.in
--- a/data/kali-dev/README.html.in  2021-09-06 05:22:44.0 -0500
+++ b/data/kali-dev/README.html.in  2021-09-12 00:00:00.0 -0500
@@ -257,7 +257,7 @@
 installation guide many not be released yet. It will appear on https://www.debian.org/releases/bullseye/installmanual;>the
 Debian web site when ready, but before then you could try https://d-i.alioth.debian.org/manual/;>the development
+href="https://d-i.debian.org/manual/;>the development
 version of the manual.
 
 # endif
diff -Nru a/data/kali-last-snapshot/README.html.in 
b/data/kali-last-snapshot/README.html.in
--- a/data/kali-last-snapshot/README.html.in2021-09-06 05:22:44.0 
-0500
+++ b/data/kali-last-snapshot/README.html.in2021-09-12 00:00:00.0 
-0500
@@ -257,7 +257,7 @@
 installation guide many not be released yet. It will appear on https://www.debian.org/releases/bullseye/installmanual;>the
 Debian web site when ready, but before then you could try https://d-i.alioth.debian.org/manual/;>the development
+href="https://d-i.de

Bug#993563: override: gcc-11-base:libs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, gcc...@packages.debian.org

FTP Team,

Please change gcc-11-base from:
libs/required
to:
libs/optional

Reason: Debian Policy 2.5 Priorities

Also, discussed here:
https://lists.debian.org/debian-devel/2021/07/msg00046.html
https://lists.debian.org/debian-devel/2021/07/msg00048.html

By the way, buster had:
  * gcc-7-base: libs/optional
  * gcc-8-base: libs/optional

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#992851: apt-setup generated sources.list differs from sources.list(5)

[Daniel Lewart]

Patch attached
diff -ru apt-setup-0.166/generators/50mirror apt-setup-0.166-new/generators/50mirror
--- apt-setup-0.166/generators/50mirror	2020-07-05 14:34:06.0 -0500
+++ apt-setup-0.166-new/generators/50mirror	2021-08-24 00:00:00.0 -0500
@@ -47,7 +47,7 @@
 	if [ -e /cdrom/.disk/cd_type ]; then
 		cd_type=$(cat /cdrom/.disk/cd_type)
 	fi
-	cd_count=$(grep "^deb cdrom:" $ROOT/etc/apt/sources.list.new | wc -l)
+	cd_count=$(grep -c "^deb cdrom:" $ROOT/etc/apt/sources.list.new)
 
 	no_network=
 	if db_get netcfg/dhcp_options && \
@@ -166,10 +166,12 @@
 db_get mirror/$protocol/hostname
 hostname="$RET"
 db_get mirror/$protocol/directory
-directory="/${RET#/}"
+directory="$RET"
 if [ -z "$hostname" ] || [ -z "$directory" ]; then
 	exit 1
 fi
+directory="${directory#/}"
+directory="${directory%/}"
 
 STATE=1
 while true; do
@@ -204,9 +206,9 @@
 	esac
 
 	if db_go; then
-		STATE=$(($STATE + 1))
+		STATE=$((STATE + 1))
 	else
-		STATE=$(($STATE - 1))
+		STATE=$((STATE - 1))
 	fi
 done
 if [ $STATE -eq 0 ]; then
@@ -232,7 +234,8 @@
 	db_get mirror/$protocol/hostname
 	hostname="$RET"
 	db_get mirror/$protocol/directory
-	directory="/${RET#/}"
+	directory="${RET#/}"
+	directory="${directory%/}"
 
 	case $protocol in
 	http|https)
@@ -246,11 +249,11 @@
 		;;
 	esac
 
-	echo "deb $protocol://$hostname$directory $codename $dists" > $file
+	echo "deb $protocol://$hostname/$directory $codename $dists" > $file
 	if [ -n "${use_unreleased}" ]; then
-		echo "deb $protocol://$hostname$directory unreleased main" >> $file
+		echo "deb $protocol://$hostname/$directory unreleased main" >> $file
 	fi
-	
+
 	if apt-setup-verify --from $PROGRESS_FROM --to $PROGRESS_TO $file; then
 		done=1
 	else
@@ -273,8 +276,8 @@
 	deb_src="# deb-src"
 fi
 
-echo "$deb_src $protocol://$hostname$directory $codename $dists" >> $file
+echo "$deb_src $protocol://$hostname/$directory $codename $dists" >> $file
 if [ -n "${use_unreleased}" ]; then
 	echo "# 'unreleased' does not support sources yet" >> $file
-	echo "# $deb_src $protocol://$hostname$directory unreleased main" >> $file
+	echo "# $deb_src $protocol://$hostname/$directory unreleased main" >> $file
 fi
diff -ru apt-setup-0.166/generators/50mirror.ubuntu apt-setup-0.166-new/generators/50mirror.ubuntu
--- apt-setup-0.166/generators/50mirror.ubuntu	2018-08-10 14:20:36.0 -0500
+++ apt-setup-0.166-new/generators/50mirror.ubuntu	2021-08-24 00:00:00.0 -0500
@@ -21,7 +21,7 @@
 
 	# Set default if no value (see Debian mirror generator)
 	db_get apt-setup/use_mirror
-	[ "$RET" ] || db_set apt-setup/use_mirror true 
+	[ "$RET" ] || db_set apt-setup/use_mirror true
 
 	# Text is variable for Debian
 	db_metaget apt-setup/use/netinst_old description
@@ -75,9 +75,9 @@
 	esac
 
 	if db_go; then
-		STATE=$(($STATE + 1))
+		STATE=$((STATE + 1))
 	else
-		STATE=$(($STATE - 1))
+		STATE=$((STATE - 1))
 	fi
 done
 if [ $STATE -eq 0 ]; then
@@ -97,7 +97,8 @@
 db_get mirror/$protocol/hostname
 hostname="$RET"
 db_get mirror/$protocol/directory
-directory="/${RET#/}"
+directory="${RET#/}"
+directory="${directory%/}"
 
 deb_src="deb-src"
 db_get apt-setup/enable-source-repositories
@@ -109,7 +110,7 @@
 # archive.ubuntu.com, not ports.ubuntu.com.
 if [ "$hostname" = ports.ubuntu.com ]; then
 	srchostname=archive.ubuntu.com
-	srcdirectory=/ubuntu
+	srcdirectory=ubuntu
 else
 	srchostname="$hostname"
 	srcdirectory="$directory"
@@ -131,20 +132,20 @@
 PROPOSED="$RET"
 
 cat >> $file <> $file <> $file > $file
+if [ "$host" = "security.debian.org" ]; then
+	echo "deb http://$host $security_codename $dists" >> $file
+else
+	echo "deb http://$host/debian-security $security_codename $dists" >> $file
+fi
 if db_get netcfg/dhcp_options && \
[ "$RET" = "Do not configure the network at this time" ]; then
 	CODE=9
@@ -59,6 +63,10 @@
 	deb_src="# deb-src"
 fi
 
-echo "$deb_src http://$host/debian-security $security_codename $dists" >> $file
+if [ "$host" = "security.debian.org" ]; then
+	echo "$deb_src http://$host $security_codename $dists" >> $file
+else
+	echo "$deb_src http://$host/debian-security $security_codename $dists" >> $file
+fi
 
 exit $CODE
diff -ru apt-setup-0.166/generators/92updates apt-setup-0.166-new/generators/92updates
--- apt-setup-0.166/generators/92updates	2020-11-01 04:15:39.0 -0600
+++ apt-setup-0.166-new/generators/92updates	2021-08-24 00:00:00.0 -0500
@@ -12,20 +12,17 @@
 
 if db_get mirror/codename && [ "$RET" ]; then
 	codename="$RET"
-	db_get mirror/suite
-	suite="$RET"
 
 	db_get mirror/protocol
 	protocol="$RET"
 	db_get mirror/$protocol/hostname
 	host="$RET"
 	db_get mirror/$protocol/directory
-	directory="/${RET#/}"
+	directory="${RET#/}"
+	directory="${directory%/}"
 else
 	db_get cdrom/codename
 	codename="$RET"
-	db_get cdrom/suite
-	suite="$RET"
 fi
 
 # To determine if non-free and contrib should be included, grep
@@ -42,13 +39,13 @@
 echo "# see 

Bug#992851: apt-setup generated sources.list differs from sources.list(5)

[Daniel Lewart]

Package: apt-setup
Version: 1:0.166
Severity: minor
Tags: d-i patch

Debian Install System Team,

sources.list(5) has the following example:
  deb http://deb.debian.org/debian bullseye main contrib non-free
  deb http://security.debian.org bullseye-security main contrib non-free

apt-setup generates a slightly different /etc/apt/sources.list:
  deb http://deb.debian.org/debian/ bullseye main contrib non-free
  deb http://security.debian.org/debian-security bullseye-security main contrib 
non-free

I consider sources.list(5) to be authoritative.
Therefore, I think the two stanzas above should be identical.

Attached is a patch which:
  1) Removes trailing slashes from URIs
  2) Omits /debian-security if host is security.debian.org
  3) Removes unused suite from 92updates and 93backports
  4) Reverts "$hostname$directory" to original "$hostname/$directory"
  5) Cleans up various syntax issues

If the Maintainers do not like any of the above changes,
I would be happy to resubmit an updated patch.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#992258: www.debian.org: packages.debian.org still has stable=buster and doesn't know about bullseye-security

[Daniel Lewart]

Uwe,

> looking at:
> https://packages.debian.org/search?keywords=thunderbird=names=stable=all
> this lists the thunderbird packages from buster, while bullseye is the
> current stable release.
> Probably related to that packages.d.o doesn't know about
> bullseye-security and bullseye-backports.

Rhonda D'Vine submitted a Merge Request for this on Aug 16:
https://salsa.debian.org/webmaster-team/packages/-/merge_requests/21

I don't know what is taking so long for it to be merged.

Daniel Lewart
Urbana, Illinois

Bug#992485: override: mime-support:oldlibs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: mime-supp...@packages.debian.org

FTP Team,

Please change mime-support from:
net/standard
to:
oldlibs/optional

Reasons:
  1) mime-support debian/control has:
* Section: oldlibs
* Priority: optional
  2) This is a transitional package

Also, discussed here:
https://lists.debian.org/debian-devel/2021/07/msg00046.html
https://lists.debian.org/debian-devel/2021/07/msg00048.html

In the second message, smcv pointed out:
  mime-support depends on mailcap (Priority: optional) and media-types
  (Priority: standard), so downgrading mime-support to optional would mean
  that mailcap (compose(1), edit(1), see(1), print(1)) would not be installed
  by default. That seems like it has a risk of exposing bugs where packages
  rely on those tools without declaring a dependency.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#992479: override: libreadline8:libs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: readl...@packages.debian.org

FTP Team,

Please change libreadline8 from:
libs/required
to:
libs/optional

Reasons:
  1) readline debian/control has Priority: optional
  2) Debian Policy 2.5 Priorities

Also, discussed here:
https://lists.debian.org/debian-devel/2021/07/msg00046.html
https://lists.debian.org/debian-devel/2021/07/msg00048.html

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#992477: override: gcc-10-base:libs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, gcc...@packages.debian.org

FTP Team,

Please change gcc-10-base from:
libs/required
to:
libs/optional

Reason: Debian Policy 2.5 Priorities

Also, discussed here:
https://lists.debian.org/debian-devel/2021/07/msg00046.html
https://lists.debian.org/debian-devel/2021/07/msg00048.html

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#992476: override: gcc-9-base:libs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, gc...@packages.debian.org

FTP Team,

Please change gcc-9-base from:
libs/required
to:
libs/optional

Reason: Debian Policy 2.5 Priorities

Also, discussed here:
https://lists.debian.org/debian-devel/2021/07/msg00046.html
https://lists.debian.org/debian-devel/2021/07/msg00048.html

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#992475: exim4-base recommends mailx, which often has heavy dependencies

[Daniel Lewart]

Source: exim4
Version: 4.94.2-7
Severity: normal
Tags: patch

Exim4 Maintainers,

Installing exim4-base often results in a boatload of unnecessary packages
being installed.

This is because exim4-base recommends virtual package mailx,
which mailutils (and its heavy dependencies) provides.

The solution is to recommend "bsd-mailx | mailx" instead.

Here are two similar bug reports:
  #677944 - bsd-mailx: should be a high-priority candidate to provide
the 'mailx' virtual package
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677944#28
  #849743 - logrotate: Please specify a default mailx provider
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849743

Below are the following:
  1) *untested* patch for debian/control
  2) "apt install exim4-base" debug output
  3) "apt install bsd-mailx exim4-base" debug output

Thank you!
Daniel Lewart
Urbana, Illinois

--- debian/control.orig 2021-07-13 11:12:50.0 -0500
+++ debian/control  2021-08-18 00:00:00.0 -0500
@@ -65,7 +65,7 @@
  ${misc:Depends},
  ${shlibs:Depends}
 # psmisc just for exiwhat.
-Recommends: mailx, psmisc
+Recommends: bsd-mailx | mailx, psmisc
 Suggests:
  exim4-doc-html | exim4-doc-info,
  eximon4,

$ apt -s -o Debug::pkgDepCache::AutoInstall=1 install exim4-base > /dev/null
  Installing exim4-config:amd64 as Depends of exim4-base:amd64
  Installing mailutils:amd64 as Recommends of exim4-base:amd64
Installing mailutils-common:amd64 as Depends of mailutils:amd64
Installing libfribidi0:amd64 as Depends of mailutils:amd64
Installing libgsasl7:amd64 as Depends of mailutils:amd64
  Installing gsasl-common:amd64 as Depends of libgsasl7:amd64
  Installing libidn11:amd64 as Depends of libgsasl7:amd64
  Installing libntlm0:amd64 as Depends of libgsasl7:amd64
Installing libmailutils7:amd64 as Depends of mailutils:amd64
  Installing guile-2.2-libs:amd64 as Depends of libmailutils7:amd64
Installing libgc1:amd64 as Depends of guile-2.2-libs:amd64
Installing libltdl7:amd64 as Depends of guile-2.2-libs:amd64
  Installing libmariadb3:amd64 as Depends of libmailutils7:amd64
Installing mariadb-common:amd64 as Depends of libmariadb3:amd64
  Installing mysql-common:amd64 as Depends of mariadb-common:amd64
  Installing libpython3.9:amd64 as Depends of libmailutils7:amd64
Installing exim4-daemon-light:amd64 as Recommends of mailutils:amd64
  Installing libgnutls-dane0:amd64 as Depends of exim4-daemon-light:amd64
Installing libunbound8:amd64 as Depends of libgnutls-dane0:amd64
  Installing libevent-2.1-7:amd64 as Depends of libunbound8:amd64
  Installing psmisc:amd64 as Recommends of exim4-base:amd64

$ apt -s -o Debug::pkgDepCache::AutoInstall=1 install bsd-mailx exim4-base > 
/dev/null
  Installing exim4-daemon-light:amd64 as Depends of bsd-mailx:amd64
Installing libgnutls-dane0:amd64 as Depends of exim4-daemon-light:amd64
  Installing libunbound8:amd64 as Depends of libgnutls-dane0:amd64
Installing libevent-2.1-7:amd64 as Depends of libunbound8:amd64
Installing libidn11:amd64 as Depends of exim4-daemon-light:amd64
  Installing liblockfile1:amd64 as Depends of bsd-mailx:amd64
  Installing exim4-config:amd64 as Depends of exim4-base:amd64
  Installing psmisc:amd64 as Recommends of exim4-base:amd64

Bug#992474: override: bind9-libs:libs/optional

[Daniel Lewart]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org, bi...@packages.debian.org

FTP Team,

bind9-libs is libs/standard.

Debian Policy 2.5 Priorities says:
In particular, this means that C-like libraries will almost never
have a priority above optional, since they do not provide
functionality directly to users.

Also, discussed here:
https://lists.debian.org/debian-devel/2021/07/msg00046.html
https://lists.debian.org/debian-devel/2021/07/msg00048.html

Please change bind9-libs to:
libs/optional

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#990580: apache2: [regression] daily cron mails from logrotate: Reloading Apache httpd web server: apache2.

[Daniel Lewart]

Debian Apache Maintainers,

DSL> Which init system are you using?

The answer was in TG's original bug report:
Init: sysvinit (via /sbin/init)

I believe that this regression only occurs for non-systemd init systems
(i.e. sysvinit).

Popcon says sysvinit-core is installed on 0.88% of reporting systems:
https://qa.debian.org/popcon.php?package=sysvinit
Some of those may be pre-Jessie, so the percentage could be even lower.

On Tue, 6 Jul 2021 13:56:21 +0200, Adam Borowski wrote:

> + if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
> +invoke-rc.d apache2 reload
> + fi
> ...
> Changing querying status to pgrep is also bogus: it will detect any apache2
> process rather than just ours. ...

How could there be a /usr/sbin/apache2 process that is not ours?

Any suggestions for improving this (after bullseye release, of course)?

Thank you,
Dan
Urbana, Illinois

Bug#990580: apache2: [regression] daily cron mails from logrotate: Reloading Apache httpd web server: apache2.

[Daniel Lewart]

Thorsten, et al,

On Fri, 02 Jul 2021 14:08:00 +, Thorsten Glaser  wrote:

> Having just upgraded machines from 2.4.46-4 to 2.4.48-3
> I now get daily cron mails:
> | /etc/cron.daily/logrotate:
> | Reloading Apache httpd web server: apache2.

Under the default systemd, the following commands generate no output:
  * sudo invoke-rc.d apache2 reload
  * sudo systemctl restart apache2.service

Which init system are you using?

Daniel Lewart
Urbana, Illinois

Bug#990568: netcfg: Link detection timeout question should show interface name

[Daniel Lewart]

Package: netcfg
Version: 1.174
Severity: minor
Tags: patch

Debian Installer Team,

Laptop has both an Ethernet and a Wi-Fi interface.

D-I "Configure the network" asks for the link detection timeout twice
without indicating the interface, which can be confusing.

Below is an *untested* patch which adds the interface name to the
netcfg/link_wait_timeout Description.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru netcfg-1.174/debian/netcfg-common.templates 
netcfg/debian/netcfg-common.templates
--- netcfg-1.174/debian/netcfg-common.templates 2019-11-17 15:18:26.0 
-0600
+++ netcfg/debian/netcfg-common.templates   2021-07-02 00:00:00.0 
-0500
@@ -355,7 +355,7 @@
 Type: string
 Default: 3
 # :sl3:
-_Description: Waiting time (in seconds) for link detection:
+_Description: Waiting time (in seconds) for link detection on ${iface}:
  Please enter the maximum time you would like to wait for network link
  detection.
 
diff -ru netcfg-1.174/debian/po/templates.pot netcfg/debian/po/templates.pot
--- netcfg-1.174/debian/po/templates.pot2020-01-28 14:40:57.0 
-0600
+++ netcfg/debian/po/templates.pot  2021-07-02 00:00:00.0 -0500
@@ -606,7 +606,7 @@
 #. Description
 #. :sl3:
 #: ../netcfg-common.templates:50001
-msgid "Waiting time (in seconds) for link detection:"
+msgid "Waiting time (in seconds) for link detection on ${iface}:"
 msgstr ""
 
 #. Type: string
diff -ru netcfg-1.174/netcfg-common.c netcfg/netcfg-common.c
--- netcfg-1.174/netcfg-common.c2021-02-22 03:39:40.0 -0600
+++ netcfg/netcfg-common.c  2021-07-02 00:00:00.0 -0500
@@ -1484,6 +1484,7 @@
 /* Ask for link detection timeout. */
 int ok = 0;
 debconf_capb(client, "");
+debconf_subst(client, "netcfg/link_wait_timeout", "iface", if_name);
 
 while (!ok) {
 debconf_input(client, "low", "netcfg/link_wait_timeout");

Bug#973733: RTW88_8821ce module fails to find firmware during install and must be reloaded

[Daniel Lewart]

Attached is a better patch which:
  1) Logs modprobe error messages
  2) Only reloads modules that do not have a network

Thank you!
Daniel Lewart
Urbana, Illinois
--- check-missing-firmware.sh.orig	2021-05-30 15:47:29.0 -0500
+++ check-missing-firmware.sh	2021-06-26 00:00:00.0 -0500
@@ -103,7 +103,7 @@
 
 	# Give modules some time to request firmware.
 	sleep 1
-	
+
 	modules=""
 	files=""
 
@@ -138,7 +138,7 @@
 			# decode firmware filename as encoded by
 			# udev firmware.agent
 			fwfile="$(basename $file | sed -e 's#\\x2f#/#g')"
-			
+
 			# strip probably nonexistant firmware subdirectory
 			devpath="$(readlink $file | sed 's/\/firmware\/.*//')"
 			# the symlink is supposed to point to the device in /sys
@@ -157,7 +157,7 @@
 			if grep -q "^$fwfile$" $DENIED 2>/dev/null; then
 continue
 			fi
-			
+
 			files="$fwfile${files:+ $files}"
 
 			if [ "$module" = usbcore ]; then
@@ -334,8 +334,24 @@
 	for module in $(echo $modules | tr " " "\n" | sort -u); do
 		if ! nic_is_configured $module; then
 			log "removing and loading kernel module $module"
-			modprobe -r $module || true
-			modprobe $module || true
+			message=$(modprobe -r $module 2>&1 || true)
+			[ -n "$message" ] && log "$message"
+			message=$(modprobe $module 2>&1 || true)
+			[ -n "$message" ] && log "$message"
+
+			# Module name can be different than driver name
+			# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973733
+			driver=$module
+			if modpath=$(readlink /sys/bus/*/drivers/"$driver"/module); then
+module2=$(basename $modpath)
+if [ $module2 != "$driver" ]; then
+	log "removing and loading kernel module $module2 for driver '$driver'"
+	message=$(modprobe -r $module2 2>&1 || true)
+	[ -n "$message" ] && log "$message"
+	message=$(modprobe $module2 2>&1 || true)
+	[ -n "$message" ] && log "$message"
+fi
+			fi
 		fi
 	done
 done

Bug#973733: RTW88_8821ce module fails to find firmware during install and must be reloaded

[Daniel Lewart]

Cyril, et al,

> Feel free to try and verify that manually, and maybe try reloading in
> the other order, and/or unload both first, and reload afterwards.

Thank you for your advice!  Although I did not follow it ...

"modprobe (-r) rtw88_8821ce" (removes) adds the following eight modules:
  * cfg80211
  * libarc4
  * mac80211
  * rfkill
  * rtw88_8821c
  * rtw88_8821ce
  * rtw88_core
  * rtw88_pci
The only secondary modules I can think of to experiment with would be
Bluetooth-related, but none were loaded in the first place.

Instead, I tried the Bullseye RC 2 release of the installer
(with firmware) three more times, all successfully:
firmware-bullseye-DI-rc2-amd64-netinst.iso

What was different about the failed first effort?
  * It took me more than three minutes to enter the WPA2 passphrase
  * "INFO: buf = wpa_state=INTERFACE_DISABLED" in syslog every 5s

These are possible causes of general RTL8192CE problems,
which I rank from most likely to least likely:
  1) RTL8821CE driver quality
  2) Active State Power Management (disable_aspm?)
  2) Message Signalled Interrupts  (disable_msi?)
  3) 2.4 vs 5 GHz conflict
  4) Bluetooth vs Wireless conflict
  5) Phase of the moon

Here are my conclusions:
  1) My patch will help in cases where the module name is
 different than the driver name (mostly Realtek)
  2) The RTL8821CE driver is flaky
  3) Network configuration problems are unrelated to hw-detect
 and could be addressed in netcfg, perhaps by restarting WPA

I hope some people experiencing the original problem can test my patch.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#973733: RTW88_8821ce module fails to find firmware during install and must be reloaded

[Daniel Lewart]

Tags: patch

Debian Installer Team,

On Nov 5, 2020, Ben Hutchings wrote:

> Alternately:
> module="$(basename "$(readlink /sys/bus/*/drivers/$driver/module)")"
> Some error-checking would be needed.

Attached is a patch based on this approach.

Good news:
  * removed and loaded rtw88_8821ce
  * created wlp4s0 interface
  * lists wireless networks

Bad news:
  * "Failure of key exchange and association"
  * "purge skb(s) not reported by firmware"

Please advise how I can further troubleshoot this.

Thank you!
Daniel Lewart
Urbana, Illinois
diff -ru a/check-missing-firmware.sh b/check-missing-firmware.sh
--- a/check-missing-firmware.sh	2021-05-30 15:47:29.0 -0500
+++ b/check-missing-firmware.sh	2021-06-24 00:00:00.0 -0500
@@ -103,7 +103,7 @@
 
 	# Give modules some time to request firmware.
 	sleep 1
-	
+
 	modules=""
 	files=""
 
@@ -138,7 +138,7 @@
 			# decode firmware filename as encoded by
 			# udev firmware.agent
 			fwfile="$(basename $file | sed -e 's#\\x2f#/#g')"
-			
+
 			# strip probably nonexistant firmware subdirectory
 			devpath="$(readlink $file | sed 's/\/firmware\/.*//')"
 			# the symlink is supposed to point to the device in /sys
@@ -157,7 +157,7 @@
 			if grep -q "^$fwfile$" $DENIED 2>/dev/null; then
 continue
 			fi
-			
+
 			files="$fwfile${files:+ $files}"
 
 			if [ "$module" = usbcore ]; then
@@ -337,5 +337,17 @@
 			modprobe -r $module || true
 			modprobe $module || true
 		fi
+
+		# Module name can be different than driver name
+		# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973733
+		driver=$module
+		if modpath=$(readlink /sys/bus/*/drivers/"$driver"/module); then
+			module2=$(basename $modpath)
+			if [ $module2 != "$driver" ]; then
+log "removing and loading kernel module $module2 for driver '$driver'"
+modprobe -r $module2 || true
+modprobe$module2 || true
+			fi
+		fi
 	done
 done

Bug#989982: live-setup: eatmydata sates my bootstrap.log

[Daniel Lewart]

Package: cdimage.debian.org
Severity: normal

Debian Images Team,

The recent use of eatmydata to create live images generates many errors,
and may not be effective.

Weekly Live Builds (Jun 14, 2021):
debian-live-testing-amd64-standard.iso

$ grep ERROR /var/log/bootstrap.log | uniq -c
6926 ERROR: ld.so: object 'libeatmydata.so' from LD_PRELOAD cannot be preloaded 
(cannot open shared object file): ignored.

I believe the relevant invocation is live-setup:
https://salsa.debian.org/images-team/live-setup
available/live-wrapper-binary line 160:
eatmydata -- lwr $OPTS --architecture $ARCH \

The Dec 24, 2020 commit is entitled:
"Use eatmydata - will things go faster?"

So, do things go faster? :)

These may or may not be helpful with fixing things:

#854660 [live-build] pass LD_PRELOAD to the chroot stage (to enable e.g. 
libeatmydata)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854660

#906927 eatmydata: Use invalid location of libeatmydata.so
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906927

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#989978: bugs.debian.org: Pseudo-packages cdimage.debian.org, cdrom, debian-live ambiguity

[Daniel Lewart]

Package: bugs.debian.org
Severity: normal

Debian Bug Tracking Team,

Debian bug tracking system pseudo-packages:
https://www.debian.org/Bugs/pseudo-packages
lists:
  * cdimage.debian.org — CD Image issues
  * cdrom — Installation system
  * debian-live — General problems with Debian Live systems

Problems:

1) "cdimage" and "cdrom" are anachronisms

2) Against which pseudo-package should a bug in generating live images
   be reported?  Specifically, live-setup?
https://salsa.debian.org/images-team/live-setup

Solutions:

1) Rename these pseudo-packages to more accurate names

2) Improve the descriptions on the web page above

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#988785: firefox-esr-l10n-sv-se should recommend hunspell-sv, not hunspell-sv-se

[Daniel Lewart]

Package: src:firefox-esr
Version: 78.10.0esr-1
Severity: normal
Tags: patch

Maintainers of Mozilla-related packages,

firefox-esr-l10n-sv-se recommends hunspell-sv-se.
However, hunspell-sv-se is a dummy transitional package
which depends on hunspell-sv.

Therefore, firefox-esr-l10n-sv-se should recommend hunspell-sv instead.

Untested patch below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/debian/control b/debian/control
--- a/debian/control2021-05-05 17:02:47.0 -0500
+++ b/debian/control2021-05-19 00:00:00.0 -0500
@@ -1040,7 +1040,7 @@
 Section: localization
 Depends: ${misc:Depends},
  firefox (>= ${source:Version}), firefox (<< ${source:Version}.1~)
-Recommends: hunspell-sv-se
+Recommends: hunspell-sv
 Description: Swedish (Sweden) language package for Firefox
  Firefox is a powerful, extensible web browser with support for modern
  web application technologies.
diff -ru a/debian/l10n/browser-l10n.control b/debian/l10n/browser-l10n.control
--- a/debian/l10n/browser-l10n.control  2021-05-05 17:02:47.0 -0500
+++ b/debian/l10n/browser-l10n.control  2021-05-19 00:00:00.0 -0500
@@ -487,7 +487,7 @@
 
 %define L10N_LANG sv-se
 %define L10N_LANGUAGE Swedish (Sweden)
-%define L10N_RECOMMENDS hunspell-sv-se
+%define L10N_RECOMMENDS hunspell-sv
 %define L10N_TRANSITION 1
 %include @prod...@-l10n.control.in
 
diff -ru a/debian/l10n/recommends b/debian/l10n/recommends
--- a/debian/l10n/recommends2021-05-05 17:02:47.0 -0500
+++ b/debian/l10n/recommends2021-05-19 00:00:00.0 -0500
@@ -58,7 +58,7 @@
 sl: hunspell-sl
 sq: myspell-sq
 sr: hunspell-sr
-sv-se: hunspell-sv-se
+sv-se: hunspell-sv
 te: hunspell-te
 th: hunspell-th
 uk: hunspell-uk | myspell-uk

###

Bug#988784: firefox-esr-l10n-gl should not recommend transitional hunspell-gl-es

[Daniel Lewart]

Package: src:firefox-esr
Version: 78.10.0esr-1
Severity: normal
Tags: patch

Maintainers of Mozilla-related packages,

firefox-esr-l10n-gl recommends: hunspell-gl-es | hunspell-gl .
However, hunspell-gl-es is a dummy transitional package
which depends on hunspell-gl.

Therefore, firefox-esr-l10n-gl should only recommend hunspell-gl.

Untested patch below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/debian/control b/debian/control
--- a/debian/control2021-05-05 17:02:47.0 -0500
+++ b/debian/control2021-05-19 00:00:00.0 -0500
@@ -516,7 +516,7 @@
 Section: localization
 Depends: ${misc:Depends},
  firefox (>= ${source:Version}), firefox (<< ${source:Version}.1~)
-Recommends: hunspell-gl-es | hunspell-gl
+Recommends: hunspell-gl
 Description: Galician language package for Firefox
  Firefox is a powerful, extensible web browser with support for modern
  web application technologies.
diff -ru a/debian/l10n/browser-l10n.control b/debian/l10n/browser-l10n.control
--- a/debian/l10n/browser-l10n.control  2021-05-05 17:02:47.0 -0500
+++ b/debian/l10n/browser-l10n.control  2021-05-19 00:00:00.0 -0500
@@ -217,7 +217,7 @@
 
 %define L10N_LANG gl
 %define L10N_LANGUAGE Galician
-%define L10N_RECOMMENDS hunspell-gl-es | hunspell-gl
+%define L10N_RECOMMENDS hunspell-gl
 %define L10N_TRANSITION 1
 %include @prod...@-l10n.control.in
 
diff -ru a/debian/l10n/recommends b/debian/l10n/recommends
--- a/debian/l10n/recommends2021-05-05 17:02:47.0 -0500
+++ b/debian/l10n/recommends2021-05-19 00:00:00.0 -0500
@@ -27,7 +27,7 @@
 fr: hunspell-fr | myspell-fr | myspell-fr-gut
 ga-ie: myspell-ga
 gd: hunspell-gd | myspell-gd
-gl: hunspell-gl-es | hunspell-gl
+gl: hunspell-gl
 gu-in: hunspell-gu
 he: hunspell-he | myspell-he
 hi-in: hunspell-hi

###

Bug#986867: fixed in cifs-utils 2:6.11-2

[Daniel Lewart]

Mathieu,

> * Recommends keyutils (Closes: #986867)

This also Closes: #967972:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967972

Thank you for applying my patch!
Daniel Lewart
Urbana, Illinois

Bug#986868: keyutils: Please remove cifs.patch

[Daniel Lewart]

Package: keyutils
Version: 1.6.1-2
Severity: minor

Christian, et al,

keyutils includes cifs.patch, which inserts the following lines
into /etc/request-key.conf:
  +create  cifs.spnego   *  *  /usr/sbin/cifs.upcall -c %k
  +create  dns_resolver  *  *  /usr/sbin/cifs.upcall %k

However, the first line is already provided by cifs-utils in:
/etc/request-key.d/cifs.spnego.conf
and cifs.upcall(8) recommends against the second line:
The keyutils package has also started including a dns_resolver
handling program as well that is preferred over the one
in cifs.upcall. If you are using a keyutils version equal
to or greater than 1.5, you should use key.dns_resolver to
handle the dns_resolver keytype instead of cifs.upcall.

Thus, cifs.patch should be removed.

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#986867: cifs-utils: Please Recommend keyutils for DFS support

[Daniel Lewart]

Package: cifs-utils
Version: 2:6.11-1
Severity: normal
Tags: patch

Debian Samba Team,

#822841 - cifs-utils should suggests winbind instead of recommending it:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822841
This was closed by "Move keyutils and winbind from Recommends to Suggests".

I believe that un-Recommending keyutils caused these bugs:
  #801624 - cifs-utils: mounting Windows DFS shares fail
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801624
  #967972 - cifs-utils: fails to mount filesystem when keyutils is not installed
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967972

linux/Documentation/admin-guide/cifs/usage.rst says:
"To use cifs Kerberos and DFS support, the Linux keyutils
 package should be installed"

Therefore, please move keyutils from Suggests back to Recommends.
Untested patch below.

Thank you!
Daniel Lewart
Urbana, Illinois

--- a/debian/control2021-01-08 02:44:35.0 -0600
+++ b/debian/control2021-04-13 00:00:00.0 -0500
@@ -21,8 +21,9 @@
 Package: cifs-utils
 Architecture: linux-any
 Depends: ${shlibs:Depends}, ${misc:Depends}, python3
+Recommends: keyutils
 Replaces: smbfs (<< 2:4.0~rc1-1)
-Suggests: keyutils, smbclient, winbind, bash-completion
+Suggests: smbclient, winbind, bash-completion
 Description: Common Internet File System utilities
  The SMB/CIFS protocol provides support for cross-platform file sharing with
  Microsoft Windows, OS X, and other Unix systems.

###

Bug#801624: cifs-utils: mounting Windows DFS shares fail

[Daniel Lewart]

Jimmy,

> Mounting a Windows DFS (Distributed File System) fails with "mount error(115):
> Operation now in progress"

Please try the following first:
# apt install keyutils

Good luck!
Daniel Lewart
Urbana, Illinois

Bug#983002: plocate: updatedb fails with "/var/lib/plocate/: Operation not supported"

[Daniel Lewart]

Steinar,

> Are you in a position to try latest git?

Yes ...

plocate - Debian Package Tracker:
https://tracker.debian.org/pkg/plocate says:
says "VCS: unknown".
Could you add Vcs fields to the control file?

I downloaded and built the following snapshots from git.sesse.net:
  * plocate-e60bf48 - Operation not supported
  * plocate-2ce489a - Good!
  * plocate-967b90d - Good!

Thank you!
Dan
Urbana, Illinois

Bug#983002: plocate: updatedb fails with "/var/lib/plocate/: Operation not supported"

[Daniel Lewart]

Steinar,

> Aha. So overlayfs simply does not support O_TMPFILE?
> I have a workaround for FreeBSD that can probably
> be reused, but it has the usual concerns of not
> going away if the process is forcibly interrupted.

openat(2):
https://manpages.debian.org/testing/manpages-dev/openat.2.en.html
says:
  "O_TMPFILE requires support by the underlying filesystem; only a
subset of Linux filesystems provide that support. In the initial
implementation, support was provided in the ext2, ext3, ext4, UDF,
Minix, and shmem filesystems. Support for other filesystems has
subsequently been added as follows: XFS (Linux 3.15); Btrfs (Linux
3.16); F2FS (Linux 3.16); and ubifs (Linux 4.9)"

Below is some more detail.
The lowerdir is squashfs and the upperdir and workdir are tmpfs.

Since writing to /tmp (tmpfs) works, I would expect that writing to
/var/lib/plocate would too, since upper/work dir are tmpfs.
Perhaps this is a bug in overlayfs?

Thank you!
Dan
Urbana, Illinois
---
$ df -hT /var/lib/plocate /tmp
Filesystem Type Size  Used Avail Use% Mounted on
overlayoverlay  2.0G  316M  1.7G  17% /
tmpfs  tmpfs2.0G   72K  2.0G   1% /tmp

$ findmnt -P /
TARGET="/" SOURCE="overlay" FSTYPE="overlay"
OPTIONS="rw,noatime,
lowerdir=/run/live/rootfs/filesystem.squashfs/,
upperdir=/run/live/overlay/rw,
workdir=/run/live/overlay/work"
###

Bug#983002: plocate: updatedb fails with "/var/lib/plocate/: Operation not supported"

[Daniel Lewart]

Steinar,

> Thanks for the bug report. Is there anything special about your
> /var/lib/plocate? Unusual filesystems? SELinux permissions?

Yes, it is a Debian Live image, so it is an Overlay filesystem
(debian-live-testing-amd64-standard.iso).

> I assume this is the O_TMPFILE call somehow, but it would be nice
> if you could verify by doing
>   sudo strace updatedb
> and seeing which call is the failing one.

Correct.  Below is the tail of the output.

Thank you!
Daniel Lewart
Urbana, Illinois
---
umask(027)  = 022
openat(AT_FDCWD, "/var/lib/plocate/", O_WRONLY|O_TMPFILE, 0640) = -1
EOPNOTSUPP (Operation not supported)
dup(2)  = 4
fcntl(4, F_GETFL)   = 0x2 (flags O_RDWR)
fstat(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x1), ...}) = 0
write(4, "/var/lib/plocate/: Operation not"..., 43/var/lib/plocate/:
Operation not supported
) = 43
close(4)= 0
exit_group(1)   = ?
+++ exited with 1 +++

Bug#983002: plocate: updatedb fails with "/var/lib/plocate/: Operation not supported"

[Daniel Lewart]

Package: plocate
Version: 1.1.3-1 and 1.1.4-1
Severity: important

Steinar,

updatedb fails with:
/var/lib/plocate/: Operation not supported

However, writing to a database in a different directory works fine.

Please see the transcript below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
$ uname -a
Linux debian 5.10.0-3-amd64 #1 SMP Debian 5.10.13-1 (2021-02-06) x86_64 
GNU/Linux

$ sudo updatedb
/var/lib/plocate/: Operation not supported

$ sudo updatedb -o /tmp/plocate.db

$ ls -l /tmp/plocate.db
-rw-r- 1 root plocate 4590032 Feb 17 21:00 /tmp/plocate.db

$ sudo mv /tmp/plocate.db /var/lib/plocate/

$ locate plocate
/etc/cron.daily/plocate
/etc/systemd/system/timers.target.wants/plocate-updatedb.timer
/usr/bin/plocate
...

Bug#979813: apache2.logrotate is crufty

[Daniel Lewart]

Package: src:apache2
Version: 2.4.46
Severity: minor
Tags: patch

Debian Apache Maintainers,

apache2.logrotate is crufty, which makes it confusing to modify.

The attached patch does the following:
  1) Moves the prerotate script before the postrotate script
  2) Simplifies check of whether apache2 is running
  3) Removes crufty "> /dev/null", ";", and "\"
  4) Uses consistent four-space indentation

Thank you!
Daniel Lewart
Urbana, Illinois
--- apache2.logrotate.orig  2020-09-01 07:50:51.0 -0500
+++ apache2.logrotate   2021-01-11 00:00:00.0 -0600
@@ -1,20 +1,20 @@
 /var/log/apache2/*.log {
-   daily
-   missingok
-   rotate 14
-   compress
-   delaycompress
-   notifempty
-   create 640 root adm
-   sharedscripts
-   postrotate
-if invoke-rc.d apache2 status > /dev/null 2>&1; then \
-invoke-rc.d apache2 reload > /dev/null 2>&1; \
-fi;
-   endscript
-   prerotate
-   if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
-   run-parts /etc/logrotate.d/httpd-prerotate; \
-   fi; \
-   endscript
+daily
+missingok
+rotate 14
+compress
+delaycompress
+notifempty
+create 640 root adm
+sharedscripts
+prerotate
+   if [ -d /etc/logrotate.d/httpd-prerotate ]; then
+   run-parts /etc/logrotate.d/httpd-prerotate
+   fi
+endscript
+postrotate
+   if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
+   invoke-rc.d apache2 reload
+   fi
+endscript
 }

Bug#966345: debian-installer: Please bump Linux kernel ABI to 5.7.0-2

[Daniel Lewart]

Cyril, et al,

On Mon, Jul 27, 2020 at 4:50 AM Cyril Brulebois  wrote:
>
> Daniel Lewart  (2020-07-27):
> > Debian Installer Team,
> >
> > Linux 5.7.10-1 was accepted into unstable Jul 26, 2020.
> > ...
>
> It was already yesterday!!!
> We know, no need to chase.

I interpret this as "Don't be impatient", but I'm not sure.

Regardless, I believe that the Linux kernel ABI needs to be bumped
in order for daily images to succeed.
And weekly images are dependent on daily images.

Thank you,
Daniel Lewart
Urbana, IL

Bug#966345: debian-installer: Please bump Linux kernel ABI to 5.7.0-2

[Daniel Lewart]

Package: debian-installer
Severity: normal
Tags: d-i patch

Debian Installer Team,

Linux 5.7.10-1 was accepted into unstable Jul 26, 2020.

Please bump the Linux kernel ABI from 5.7.0-1 to 5.7.0-2.
Patch below.

Ideally, this could be determined automatically.
Perhaps something like:
apt-cache show linux-image-amd64 | grep ^Depends | cut -d- -f3-4

Thank you!
Daniel Lewart
Urbana, Illinois

--- build/config/common.orig2020-07-26 18:40:47.0 -0500
+++ build/config/common 2020-07-27 00:00:00.0 -0500
@@ -11,7 +11,7 @@

 # Default kernel ABI version to use. Append a kernel flavour to
 # produce KERNELVERSION.
-LINUX_KERNEL_ABI ?= 5.7.0-1
+LINUX_KERNEL_ABI ?= 5.7.0-2

 # Always "di" these days
 KERNEL_FLAVOUR ?= di

Bug#956666: logwatch: Homepage URL

[Daniel Lewart]

Package: logwatch
Version: 7.5.2-1
Severity: minor
Tags: patch

Dear Maintainer,

Please update the logwatch Homepage URL to:
https://sourceforge.net/projects/logwatch/

Patch below.

Thank you!
Daniel Lewart
Urbana, Illinois

--- debian/control.orig 2020-01-12 05:24:15.0 -0600
+++ debian/control  2020-04-14 00:00:00.0 -0500
@@ -4,7 +4,7 @@
 Maintainer: Willi Mann 
 Build-Depends: debhelper (>> 8.0.0~)
 Standards-Version: 4.4.1
-Homepage: http://www.logwatch.org/
+Homepage: https://sourceforge.net/projects/logwatch/
 Vcs-Browser: https://salsa.debian.org/debian/logwatch
 Vcs-Git: https://salsa.debian.org/debian/logwatch.git

Bug#956525: live-tasks: 11.0.2 changelog errors

[Daniel Lewart]

Package: live-tasks
Version: 11.0.2
Severity: minor
Tags: patch

Jonathan, et al,

The live-tasks 11.0.2 changelog has one false entry and two typos.

Patch below.

Thank you,
Daniel Lewart
Urbana, Illinois

--- changelog.orig  2020-04-08 02:42:34.0 -0500
+++ changelog   2020-04-12 00:00:00.0 -0500
@@ -2,13 +2,11 @@
 
   * Merge MR#2 on salsa.debian.org
 - Add usbutils to live-task-standard (Closes: #955526)
-  * Add hw-probe to live-task-recomended (Closes: #944578)
+  * Add hw-probe to live-task-recommended (Closes: #944578)
   * Move firmware-ath9k-htc from live-task-standard to
 live-task-recommended (Closes: #942837)
-  * Remove iputils-ping and less from live-tas-recommended
-(Closes: #942834)
   * Update standards version to 4.5.0
-  * Ana Custure removed from uploaders in git (Closes: #955827)
+  * Ana Custura removed from uploaders in git (Closes: #955827)
 - Thank you to Ana for her work on this package
 
  -- Jonathan Carter   Wed, 08 Apr 2020 09:42:34 +0200
###

Bug#942834: live-task-recommended should not depend on iputils-ping or less

[Daniel Lewart]

Jonathan, et al,

> We believe that the bug you reported is fixed in the latest version of 
> live-tasks,

It was not fixed.  My patch was not applied.

Daniel Lewart
Urbana, Illinois

Bug#851195: [debian-mysql] Bug#851195: Bug#851195: Bug#851195: Bug#851195: mariadb-server-10.1: Time Zone system tables are empty

[Daniel Lewart]

Otto, et al,

> There has not been any progress on this one for a long time.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851195

> Would you like to champion it upstream?

Not really.

> Currently this Debian bug report does not even have a link to MariaDB
> Jira in case this is already reported there.

I looked there, but didn't see anything similar:
https://jira.mariadb.org/issues/?jql=

> Based on discussions on #mariadb it seems that this table is maybe on
> purpose empty, and it is up to the database admin to populate and keep
> it updated.

Based on this, please close this bug.

Thank you!
Daniel Lewart
Urbana, IL

Bug#947553: mariadb-10.3: debian.cnf [mysql_upgrade] basedir option ignored

[Daniel Lewart]

Package: src:mariadb-10.3
Version: 1:10.3.20-1
Severity: minor
Tags: patch

MariaDB and MySQL Packaging Team,

# systemctl start mariadb.service
starts MariaDB just fine, but generates a log message:
/etc/mysql/debian-start[n]: /usr/bin/mysql_upgrade: \
the '--basedir' option is always ignored

The automatically generated /etc/mysql/debian.cnf includes:
[mysql_upgrade]
...
basedir  = /usr

However, mysql_upgrade(1) says:
--basedir=path
Old option accepted for backward compatibility but ignored.

Below is an **untested** patch.

Thank you!
Daniel Lewart
Urbana, IL
---
diff -ru a/mariadb-server-10.3.postinst b/mariadb-server-10.3.postinst
--- a/mariadb-server-10.3.postinst  2019-11-11 15:55:37.0 -0600
+++ b/mariadb-server-10.3.postinst  2019-12-28 00:00:00.0 -0600
@@ -137,7 +137,6 @@
   echo "user = root" >>$dc
   echo "password = " >>$dc
   echo "socket   = $mysql_rundir/mysqld.sock">>$dc
-  echo "basedir  = /usr" >>$dc
 fi
 # Keep it only root-readable, as it always was
 chown 0:0 $dc
###

Bug#942837: live-task-recommended, not live-task-standard, should depend on firmware-ath9k-htc

[Daniel Lewart]

Package: src:live-tasks
Version: 11.0.1
Severity: normal
Tags: patch

Live Systems Maintainers,

#934522 - live-task-recommended: add WiFi firmware from main:
firmware-ath9k-htc:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934522

firmware-ath9k-htc was added as a dependency for live-task-standard.
It should have been added to live-task-recommended instead.

Untested patch below.

Thank you!
Daniel Lewart
Urbana, IL
---
diff -ru a/debian/control b/debian/control
--- a/debian/control2019-09-19 07:15:14.0 -0500
+++ b/debian/control2019-10-22 00:00:00.0 -0500
@@ -32,6 +32,7 @@
 haveged,
 time,
 firmware-linux-free,
+firmware-ath9k-htc,
 iputils-ping,
 netutils,
 file,
@@ -410,8 +411,7 @@
ucf,
wamerican,
wget,
-   xz-utils,
-   firmware-ath9k-htc
+   xz-utils
 Recommends: live-task-localisation
 Description: Live environment for standard system utilities
  This metapackage sets up a basic user environment, providing a reasonably

Bug#942834: live-task-recommended should not depend on iputils-ping or less

[Daniel Lewart]

Package: src:live-tasks
Version: 11.0.1
Severity: normal
Tags: patch

Live Systems Maintainers,

live-task-recommended depends on several packages, including:
  * iputils-ping
  * less

Since both of these are Priority: important, they should be
removed from the dependency.

Untested patch below.

Thank you!
Daniel Lewart
Urbana, IL
---
diff -ru a/debian/control b/debian/control
--- a/debian/control2019-09-19 07:15:14.0 -0500
+++ b/debian/control2019-10-22 00:00:00.0 -0500
@@ -27,12 +27,10 @@
 Depends: ${misc:Depends},
 task-laptop,
  task-english,
-Recommends: less,
-dkms,
+Recommends: dkms,
 haveged,
 time,
 firmware-linux-free,
-iputils-ping,
 netutils,
 file,
 dbus,

Bug#932780: live-task-standard should not depend on hdparm

[Daniel Lewart]

Package: src:live-tasks
Version: 0.7
Severity: normal
Tags: patch

Dear Live Systems Maintainers,

#891635 - override: hdparm:admin/optional:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891635
changed hdparm priority from standard to optional.

Therefore, live-task-standard should not depend on hdparm.

Untested patch below.

Thank you!
Daniel Lewart
Urbana, Illinois
---
diff -ru a/debian/control b/debian/control
--- a/debian/control2019-05-24 04:59:42.0 -0500
+++ b/debian/control2019-07-23 00:00:00.0 -0500
@@ -386,7 +386,6 @@
file,
gettext-base,
groff-base,
-   hdparm,
krb5-locales,
libc-l10n,
liblockfile-bin,

Bug#931601: tracker.debian.org: Please update debian-repositories.xml for Buster release

[Daniel Lewart]

Package: tracker.debian.org
Severity: important

Debian QA Team,

Debian Package Tracker - base-files:
https://tracker.debian.org/pkg/base-files
says:
oldstable: 8+deb8u11
stable:9.9+deb9u9

The old Package Tracking System is correct:
https://packages.qa.debian.org/b/base-files.html

Please update things to reflect that Buster has been released.
I believe that the following file needs to be edited:
distro_tracker/core/fixtures/debian-repositories.xml

Also, an additional item should be added to the Release Check List:
https://wiki.debian.org/Teams/ReleaseTeam/ReleaseCheckList

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#931600: ftp.debian.org: README files have wrong date for Buster release

[Daniel Lewart]

Package: ftp.debian.org
Severity: minor

Debian QA Team,

Index of /debian:
http://cdn-fastly.deb.debian.org/debian/
says:
Debian 10.0 was released Saturday, 9th July 2019.

Please s/9th/6th/ in README and README.html

Thank you!
Daniel Lewart
Urbana, Illinois

Bug#929881: cdimage.debian.org: Unofficial non-free live images have 400+ MB bloat from extra firmware

[Daniel Lewart]

Package: cdimage.debian.org
Severity: important
Tags: patch

Debian Images Team,

Sizes of netinst images with and without firmware:
   375 MiB  firmware-testing-amd64-netinst.iso
   334 MiB  debian-testing-amd64-netinst.iso
   ---
41 MiB  difference

Sizes of Live Standard images with and without firmware:
  1285 MiB  debian-live-testing-amd64-standard+nonfree.iso
   824 MiB  debian-live-testing-amd64-standard.iso
  
   461 MiB  difference

debian-cd generates netinst images:
  * Only includes firmware|microcode packages that contain files
in /lib/firmware
  * 
https://salsa.debian.org/images-team/debian-cd/blob/master/tools/generate_firmware_task
  * 
https://salsa.debian.org/images-team/debian-cd/blob/master/tools/make-firmware-image

live-setup generates Live images:
  * Includes *all* firmware|microcode main|non-free packages
  * Also includes their massive dependencies
  * 
https://salsa.debian.org/images-team/live-setup/blob/master/available/run-30live-wrapper

I can think of three fixes for live-setup:
  1) Have live-setup use the firmware task generated by debian-cd
  2) Copy make-firmware-image to live-setup for use there
  3) Patch live-setup run-30live-wrapper with the **untested** patch below

By the way, this bug report supercedes my earlier #929790:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929790

Thank you!
Daniel Lewart
Urbana, IL
---
diff -ru a/available/run-30live-wrapper b/available/run-30live-wrapper
--- a/available/run-30live-wrapper  2019-05-01 08:24:07.0 -0500
+++ b/available/run-30live-wrapper  2019-06-02 00:00:00.0 -0500
@@ -98,12 +98,26 @@
 # Work out which packages to add for non-free firmware
 select_firmware_packages () {
 ARCH=$1
-SECTIONS="main non-free"
-PKGS=""
-for SECTION in ${SECTIONS}; do
-   PKGS="$PKGS "$(wget -q 
$MIRROR/dists/${CODENAME}/${SECTION}/binary-${ARCH}/Packages.gz -O- | gzip -cd 
- | \
- grep-dctrl -Pe '.*(firmware|microcode).*' -s Package -n | sort -u)
-done
+case "$ARCH" in
+   amd64|i386)
+   ;;
+   *)
+   echo "Unknown ARCH $ARCH; abort!"
+   exit 1
+   ;;
+esac
+
+# Q.v. debian-cd/tools generate_firmware_task & make-firmware-image
+PKGS="amd64-microcode atmel-firmware bluez-firmware
+dahdi-firmware-nonfree firmware-amd-graphics firmware-ath9k-htc
+firmware-atheros firmware-b43-installer firmware-b43legacy-installer
+firmware-bnx2 firmware-bnx2x firmware-brcm80211 firmware-cavium
+firmware-intel-sound firmware-intelwimax firmware-ipw2x00 firmware-ivtv
+firmware-iwlwifi firmware-libertas firmware-linux-nonfree
+firmware-misc-nonfree firmware-myricom firmware-netronome
+firmware-netxen firmware-qcom-media firmware-qlogic firmware-realtek
+firmware-samsung firmware-siano firmware-ti-connectivity firmware-zd1211
+hdmi2usb-fx2-firmware intel-microcode"
 echo $PKGS
 }

Bug#929790: cdimage.debian.org: Non-free live images include two obsolete firmware packages

[Daniel Lewart]

Package: cdimage.debian.org
Severity: normal
Tags: patch

Debian Images Team,

Unofficial non-free live images including firmware:

https://cdimage.debian.org/cdimage/unofficial/non-free/images-including-firmware/weekly-live-builds/amd64/iso-hybrid/

These include the following firmware packages:
  * firmware-adi
Binary firmware for Analog Devices Inc. DSL modem chips
(dummmy package)
  * firmware-ralink
Binary firmware for Ralink wireless cards (dummmy package)

They should be omitted.

The **untested** patch below for live-setup should fix this.

Thank you!
Dan
Urbana, IL
diff -ru a/available/run-30live-wrapper b/available/run-30live-wrapper
--- a/available/run-30live-wrapper  2019-05-01 08:24:07.0 -0500
+++ b/available/run-30live-wrapper  2019-05-31 00:00:00.0 -0500
@@ -102,7 +102,7 @@
 PKGS=""
 for SECTION in ${SECTIONS}; do
PKGS="$PKGS "$(wget -q 
$MIRROR/dists/${CODENAME}/${SECTION}/binary-${ARCH}/Packages.gz -O- | gzip -cd 
- | \
- grep-dctrl -Pe '.*(firmware|microcode).*' -s Package -n | sort -u)
+   grep-dctrl -Pe 'firmware|microcode' -a ! -FSection oldlibs -s 
Package -n | sort -u)
 done
 echo $PKGS
 }