Bug#702030: ideas for implementation

Hi! intrigeri: Patrick Schleizer wrote (09 Jun 2014 14:20:15 GMT) : I have two ideas on how to implement this and might eventually even be able to submit patches for this. I like reading this. Thanks for working on it! :) 1) A clean solution, that can be implemented in the grub-common

Bug#758228: please provide /usr/bin/visual

Package: kwrite Severity: wishlist Dear maintainer, there already is, - $EDITOR environment variable (honored by sensible-editor), - as well as /usr/bin/editor (managed by debian alternatives) (honored by sensible-editor). - as well as /usr/bin/gnome-text-editor, - as well as $VISUAL environment

Bug#754730: packages should not depend on apparmor

Package: lintian Severity: wishlist Dear lintian maintainers, no package should depend on apparmor. Please add a lintian check, that reports an error, should a package depend on apparmor. Why? Before we can automatically enable AppArmor when the userspace tools are installed, AppArmor

Bug#702030: ideas for implementation

Hi! intrigeri: Shouldn't we use a number in front of the config file such as /etc/default/grub.d/10_apparmor.cfg, to get a useful order and to make it simpler for users to overrule it? Yes, ordering requires more thought, and a survey of how other packages that ship snippets into

Bug#754730: [lintian] Moreinfo

Hi bastien! Thank you for taking this! Could we get a tag description ? package-depends-recommends-on-apparmor Something what would explain why and how to fix your package ? Package must neither depend nor recommend apparmor, because it would not only enable AppArmor for this package, but

Bug#754744: forbid most packages to depend on or recommend apparmor

Package: debian-policy Severity: wishlist Hi! Suggested policy addition: Do not depend on or recommend the apparmor package Packages must neither depend on nor recommend apparmor, because it would not only enable AppArmor for this package, but for any packages shipping an AppArmor profile,

Bug#754730: [lintian] Moreinfo

Bastien ROUCARIES: Could you also open a bug agaisnt policy ? It will help to have reference. Done: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754744 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact

Bug#750848: add openvpn to init script Should-Start

Package: tor Dear Maintainer, could you modify Tor's init script line # Should-Start: $syslog with # Should-Start: $syslog openvpn please? This would aid users who want to connect to a VPN before connecting to Tor, because then the Tor daemon would start a little later, if and

Bug#750848: add openvpn to init script Should-Start

intrigeri: Am I wrong in thinking that if we add this line, then we're making life harder for those who want to run OpenVPN *on top* of Tor? To my knowledge, one cannot route OpenVPN though Tor without using Virtual Machines or multiple physical computers. (OpenVPN has no socks proxy support

Bug#750848: add openvpn to init script Should-Start

intrigeri: Patrick Schleizer wrote (07 Jun 2014 15:11:10 GMT) : (OpenVPN has no socks proxy support and mechanisms such as torsocks won't work.) openvpn(8) mentions a socks-proxy option, and a simple web search shows that plenty of people seem to be happily using it. I stand corrected

Bug#702030: ideas for implementation

Dear AppArmor Maintainers, I have two ideas on how to implement this and might eventually even be able to submit patches for this. 1) A clean solution, that can be implemented in the grub-common package: In /etc/grub.d/10_linux it could be attempted to run aa-status and if it exits 0, the

Bug#702030: ideas for implementation

intrigeri: Hi, Patrick Schleizer wrote (13 Jul 2014 18:45:42 GMT) : Looks like we're the first ones to ship a /etc/default/grub.d snippet. I guess the arbitrarily chosen /etc/default/grub.d/10_apparmor.cfg is fine. It allows others to easily hook into it earlier or later. I suggest

Bug#763164: (no subject)

I have upgraded to bash 4.3-11 and this problem is no longer reproducible. [...] I believe this bug can be closed. I don't think this bug should be closed. Debian's wheezy repository, that currently provides 4.2+dfsg-0.1+deb7u3 is still affected. -- To UNSUBSCRIBE, email to

Bug#776152: provide meaningful exit codes for network failures

Package: apt Severity: important When apt-get update fails the program exits with a 0 status. It would be useful if it exited with a non-zero status in that case (or if there were a switch to tell it to do so). This is similar to bug 41053 [1] from 1999, that says it's fixed, but it doesn't say

Bug#778357: audit 'apt-get update' exit codes

Julian Andres Klode: The results are meaningful. 0 indicates success or transient error, whereas other values indicate a persistent error. Stuff like gpg errors are transient, they are expected to happen during mirror updates due to the repository format. If an adversary mounts a denial of

Bug#778357: audit 'apt-get update' exit codes

Package: apt Severity: important X-Debbugs-CC: hol...@layer-acht.org,p...@debian.org When apt-get update fails the program under some conditions exits with a 0 status. It would be useful if it exited with a non-zero status in that case (or if there were a switch to tell it to do so). Since there

Bug#774888: please provide an option to hide or deactivate all the noisy, scary warnings during boot

Package: apparmor-profiles Severity: important When having the apparmor-profiles package installed, but not enabled all the profiles enforced by default, there are more than 20 warnings, such as: Warning from /etc/apparmor.d/usr.sbin/traceroute (/etc/apparmor.d/usr.sbin.traceroute line 29):

Bug#774888: [pkg-apparmor] Bug#774888: please provide an option to hide or deactivate all the noisy, scary warnings during boot

Those warnings are fixed in testing indeed. Sorry for the noise. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#780970: [bash] exported bash functions broken in chroot

Package: bash Version: 4.3-11+b1 Severity: important --- Please enter the report below this line. --- Dear Maintainer! operating system: Debian jessie How to reproduce? mkdir testdir sudo debootstrap wheezy ./testdir/ http://ftp.us.debian.org/debian/ [snipped output of debootstrap]

Bug#756193: --import-ownertrust

I agree, this should be fixed. It's possible. But needlessly difficult. I don't have python code for this, but this is how gpg-bash-lib [1] (written by me) does it. Should give you an idea how the import command could look like.

Bug#780970: (no subject)

Asked about this on the help-bash mailing list: https://lists.gnu.org/archive/html/help-bash/2015-03/msg00081.html And got a reply: https://lists.gnu.org/archive/html/help-bash/2015-03/msg00082.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of

Bug#734794: (no subject)

Does upstream know about this issue? What would be the real fix to solve this timing problem? Are there commands, such as: - 'kpartx --wait-until-ready' that waits as long as required or, - 'kpartx --is-ready' that exits 0 or 1 accordingly. Or would implementing those up to 'kpartx' or

Bug#734794: (no subject)

From: Ritesh Raj Sarraf r...@debian.org On 12/02/2014 07:04 PM, Sebastian Pipping wrote: I can confirm that kpartx needs sleep 2 /after/ adding or removing partitions before running some other command that assumes the partitions are now gone (or in place). My guess is that something needs

Bug#788099: mat missed dependency gir1.2-gtk-3.0

Package: mat Severity: normal How to reproduce? sudo apt-get install mat sudo apt-get purge gir1.2-gtk-3.0 mat-gui Traceback (most recent call last): File /usr/bin/mat-gui, line 6, in module from gi.repository import GObject, Gtk, GLib ImportError: cannot import name Gtk Cheers,

Bug#758228: (no subject)

Friendly ping? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#786418: deb-systemd-helper fails to enable systemd units when using 'WantedBy = ' with spaces

Package: init-system-helpers Version: 1.23 Severity: minor As reported [1] on the debian-systemd mailing list, deb-systemd-helper will not enable systemd unit files when using spaces. The spaces in WantedBy = multi-user.target are unsupported by `deb-systemd-helper`. It needs to be strictly

Bug#786421: warn against usage of spaces, i.e. 'Type = notify' in systemd unit files

Package: lintian Severity: wishlist systemd man pages always uses the syntax without spaces, for example 'Type=notify' and so forth. A systemd contributor on #systemd irc.freenode.net also recommended against it. zdzichu adrelanos: please do not use spaces zdzichu adrelanos: there was recently

Bug#786418: (no subject)

related lintian feature request... warn against usage of spaces, i.e. 'Type = notify' in systemd unit files http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786421 Cheers, Patrick -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble?

Bug#796235: rinetd fills up the logs until disk is full up if it cannot bind

Package: rinetd Version: 0.62-5.1 Severity: critical X-Debbugs-CC: t...@punkave.com X-Debbugs-CC: whonix-de...@whonix.org When rinetd cannot bind, it quickly fills up the logs. Confirmations. [1] [2] CC'd upstream, Tom Boutell. Tom, do you still maintain rinetd? Severity critical chosen,

Bug#794099: optional non-zero exit codes in case of restart(s) required

Package: needrestart Severity: wishlist When running 'needrestart' from a terminal or script, it would be useful to have some command line parameter to make it exit non-zero, in case any restart(s) are required. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a

Bug#764007: (no subject)

What's the status of this? Cheers, Patrick -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#795519: debhelper: dh_installinit should run systemd-tmpfiles if a /usr/lib/tmpfiles.d/ snippet gets shipped for systemd-only packages also

Package: debhelper Severity: normal Usertags: pkg-systemd-maintainers tmpfiles.d As explained verbosely on the pkg-systemd-maintainers mailing list [1], when a package ships a /usr/lib/tmpfiles.d/ snippet while at the same time that package does not ship a sysvinit script, then the

Bug#793416: help making systemd drop-in overwrite files take effect

Felipe Sateler: On 23 July 2015 at 17:28, Patrick Schleizer adrela...@riseup.net wrote: Package: dh-systemd Severity: wishlist Could you please add a feature, so debhelper (dh-systemd) could help making systemd drop-in overwrite files (/lib/systemd/system/unit.service.d/override.conf) take

Bug#793376: su-to-root: higher priority for kdesudo and gksudo

Bill Allombert: On Thu, Jul 23, 2015 at 12:46:25PM +, Patrick Schleizer wrote: Package: menu Severity: wishlist Dear maintainer! Please consider the following patch. It improves SU_TO_ROOT_X auto detection code. It prefers kdesudo (because it's more modern, supports /etc/sudoers.d

Bug#793376: su-to-root: higher priority for kdesudo and gksudo

Bill Allombert: On Thu, Jul 23, 2015 at 10:42:59PM +, Patrick Schleizer wrote: Bill Allombert: On Thu, Jul 23, 2015 at 12:46:25PM +, Patrick Schleizer wrote: Package: menu Severity: wishlist Dear maintainer! Please consider the following patch. It improves SU_TO_ROOT_X auto

Bug#793376: su-to-root: higher priority for kdesudo and gksudo

Package: menu Severity: wishlist Dear maintainer! Please consider the following patch. It improves SU_TO_ROOT_X auto detection code. It prefers kdesudo (because it's more modern, supports /etc/sudoers.d etc.) and gksudo over gksu. commit:

Bug#793416: help making systemd drop-in overwrite files take effect

Package: dh-systemd Severity: wishlist Could you please add a feature, so debhelper (dh-systemd) could help making systemd drop-in overwrite files (/lib/systemd/system/unit.service.d/override.conf) take effect? (systemctl daemon-reload + service restart) (guarded by [ -d /run/systemd/system ])

Bug#793376: su-to-root: higher priority for kdesudo and gksudo

Bill Allombert: On Thu, Jul 23, 2015 at 11:57:04PM +, Patrick Schleizer wrote: Even if not disallowed. Even without any custom sudoers settings, this patch would work? No disadvantages by it? kdesudo works on any system. sudo apt-get install kdesudo, that's it. No special settings

Bug#822693:

The user amending PATH is not great as this would be ignored by (background) applications running other applications. For example update-flashplugin-nonfree run by postinst would use /usr/bin/gpg rather than /use/local/bin/gpg because it will not have the same PATH setting as the user. Etc. >

Bug#820111: document how to use per-user systemd --user services

Package: systemd Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, please document how to use per-user systemd --user services. - how to do that for a login console - how to do that for an X session (If there is any difference.) Steps I done: sudo apt-get install

Bug#819824: easy mode for needrestart

Package: needrestart Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, we are wondering if needrestart should be installed by default in Whonix. When needrestart is automatically run during apt-get dist-upgrade, I am concerned, that its output by default is too technical

Bug#824290: add dpkg trigger for /usr/share/netfilter-persistent/plugins.d folder to have newly installed plugins take effect

Package: netfilter-persistent Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, please add a dpkg trigger. Once a plugin is dropped into /usr/share/netfilter-persistent/plugins.d folder, the service netfilter-persistent should be restarted so the new plugins will take

Bug#675008: (no subject)

Christoph Anton Mitterer: > So if you think that a working solution, which is used by others, isn't the correct one... what is you suggestion how to do it? ;-) I am a afraid, I believe he already answered that above. > So the best thing would be to bring such a proposal to the LSB, or to

Bug#675008: LSB feature request

Patrick Schleizer: > Posted an LSB feature request: > > define bash non-login shell snippet drop-in folder /etc/bash.bashrc.d/ > in LSB > > https://lsbbugs.linuxfoundation.org/show_bug.cgi?id=4167 Mats Wichmann: > This won't happen: LSB says nothing about bash, rather it

Bug#832802: usage of network-pre.target results in systemd ordering cycle

Package: netfilter-persistent Severity: grave X-Debbugs-CC: whonix-de...@whonix.org Tags: security Dear maintainer, I am using the following minimal systemd unit file for testing purposes. ### /lib/systemd/system/my-test.service [Unit] Description=my-test-firewall-service

Bug#675008: bash should source package hooks into interractive shells

I don't think this LSB / FHS approach is appropriate here. I appreciate having got a very reasonable response from LSB / FHS. > https://bugs.linuxfoundation.org/show_bug.cgi?id=1367 > > --- Comment #1 from Jeff Licquia --- > In general, LSB and FHS don't mind if

Bug#832911: broken systemd dependencies may result in firewall not being load early enough

Package: firewalld Severity: grave X-Debbugs-CC: whonix-de...@whonix.org Tags: security Dear maintainer, the systemd dependencies in firewalld.service are broken. It leads to a systemd ordering cycle. And systemd's automatic breaking of the chain might result in the firewall not being load early

Bug#834196: add dpkg trigger for /etc/audit/rules.d folder to have newly installed rules files take effect

Package: auditd Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, please add a dpkg trigger. Once a new auditd rules file is dropped into /etc/audit/rules.d folder, run within the Debian maintainer script: /sbin/augenrules --load || true Cheers, Patrick

Bug#675008: LSB feature request

Posted an LSB feature request: define bash non-login shell snippet drop-in folder /etc/bash.bashrc.d/ in LSB https://lsbbugs.linuxfoundation.org/show_bug.cgi?id=4167 Cheers, Patrick

Bug#829740: (no subject)

Sorry, I did not get e-mail notifications so I missed your replies here and answer late. My Debian packaging questions (copyright lintian warning and combined man page) have been sorted out after asking on Debian mentors mailing list. I have forked and successfully packaged corridor for Debian.

Bug#776152: provide meaningful exit codes for network failures

Julian Andres Klode: > On Sat, Jan 24, 2015 at 04:50:04PM +0000, Patrick Schleizer wrote: >> Package: apt >> Severity: important >> >> When "apt-get update" fails the program exits with a 0 status. >> It would be useful if it exited with a non-zero status

Bug#829640: netfilter-persistent loads firewall rules too late

Package: netfilter-persistent Severity: grave X-Debbugs-CC: whonix-de...@whonix.org Tags: security Dear maintainer, there is a security issue with the netfilter-persistent systemd service. [1] netfilter-persistent orders itself before the wrong target. Should be 'Before=network-pre.target'.

Bug#829752: netfilter-persistent systemd service does not lock the network if netfilter-persistent wrapper is failing at system bootup

Package: netfilter-persistent Severity: grave X-Debbugs-CC: whonix-de...@whonix.org Tags: security Dear maintainer, there is a security issue with the netfilter-persistent systemd service. [1] If the netfilter-persistent wrapper [2] fails for some reason, it does not load any firewall rules and

Bug#829640: Acknowledgement (netfilter-persistent loads firewall rules too late)

Rusty Bird: > They also have to add Wants=network-pre.target then, > https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

Bug#829740: [Pkg-privacy-maintainers] Bug#829740: RFP: corridor - a Tor traffic whitelisting gateway

Hi! Is someone from the PkgPrivacyMaintainers team interested / willing to help get corridor [4] [5] [6] into Debian? I got a working prototype of a Debian package which is almost free of lintian warnings. [1] [2] [3] There are just some remaining --pedantic lintian warnings that are fixable.

Bug#829740: RFP: corridor - a Tor traffic whitelisting gateway

Package: wnpp Severity: wishlist X-Debbugs-CC: pkg-privacy-maintain...@lists.alioth.debian.org * Package name: corridor Version : 20160705124628 Upstream Author : rustybird * URL : https://github.com/rustybird/corridor * License :

Bug#829740: Acknowledgement (RFP: corridor - a Tor traffic whitelisting gateway)

Hi! Is someone from the PkgPrivacyMaintainers team interested / willing to help get corridor into Debian? I got a working prototype of a Debian package which is almost free of lintian warnings. [1] [2] [3] There are just some remaining --pedantic lintian warnings that are fixable. First

Bug#833474: please use configuration folder /etc/audit/rules.d/ by default

Package: auditd Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, /lib/systemd/system/auditd.service it is currently using [relevant snippet]: # [Service] ExecStart=/sbin/auditd -n ## To use augenrules, copy this file to /etc/systemd/system/auditd.service ## and

Bug#820111: Info received (document how to use per-user systemd --user services)

By Debian stretch default, there are some default systemd user unit files in `/usr/lib/systemd/user/`. With a different path on Debian stretch `/usr/lib/systemd/user/mytest.service`: ``` [Unit] Description=mytest [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true [Install]

Bug#829752: do not bring up the network if the firewall fails

A way to fix this would be to not bring up the network if the firewall fails. I suggest adding the following file: /lib/systemd/system/networking.service.d/30_netfilter-persistent.conf With the following content: [Unit] ## Fail Closed Mechanism. ## When the firewall systemd service failed, do

Bug#829640: netfilter-persistent.service suggestion

Thank you for working on this patch! Me and rustybird agreed on the following. Please consider using the following as netfilter-persistent.service. # [Unit] Description=netfilter persistent configuration DefaultDependencies=no Wants=network-pre.target Before=network-pre.target

Bug#856217: [/lib/systemd/system/user@.service:13] Invalid user/group name or numeric ID, ignoring: .service

Package: systemd Severity: normal X-Debbugs-CC: whonix-de...@whonix.org sudo service user@.service status ● user@.service.service - User Manager for UID .service Loaded: loaded (/lib/systemd/system/user@.service; static; vendor preset: enabled) Active: inactive (dead) Feb 26 17:15:17 user

Bug#856217: [/lib/systemd/system/user@.service:13] Invalid user/group name or numeric ID, ignoring: .service

Do you think this warning could / should be removed?

Bug#829640: (no subject)

> 1) It's still al just Wants, no Requires... i.e. if netfilter rules loading fails for whichever reason, the boot process will continue just normally, with networking and any daemons, that possibly require netfilter for their security, being brought up. There is a separate bug report for this:

Bug#845496: /var/log/syslog spam host brltty[204]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device

Package: brltty Severity: normal X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, brltty keeps spamming /var/log/syslog. host brltty[204]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device Like 20 messages every 2 minutes or so. Running on Debian

Bug#845922: virtualbox-guest-x11 broken after jessie to stretch upgrade

Package: virtualbox-guest-x11 Severity: important X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, after upgrading from jessie to stretch inside VirtualBox (Whonix), X is no longer starting. Even though the old kernel module was uninstalled and the new one installed by dkms during

Bug#848279: deprecate InRelease in favor of Release.gpg

Package: apt Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org In light of CVE-2016-1252... When there is Release.gpg implemented in apt, why not deprecate InRelease?

Bug#824939: (no subject)

I can confirm this. Without kwin installed, there are no window title bars, which makes it pretty unusable. Best regards, Patrick

Bug#851175: plasma-workspace - All shell packages missing. This is an installation issue, please contact your distribution - missing dependency on plasma-desktop-data

Package: plasma-workspace Severity: grave X-Debbugs-CC: whonix-de...@whonix.org Installing plasma-workspace alone on Debian stretch (after a jessie -> stretch upgrade) leads to leads to the KDE desktop being totally unusable only showing the following error popup. All shell packages missing.

Bug#850474: RFP: ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network

Package: wnpp Severity: wishlist X-Debbugs-CC: pkg-privacy-maintain...@lists.alioth.debian.org * Package name: zeronet Version : v0.5.0 Upstream Author : HelloZeroNet * URL : https://zeronet.io * License : GPL-2 Programming Lang: python Description :

Bug#820111: document how to use per-user systemd --user services

Michael Biebl: > Can you attache the full output of > systemctl status --user mytest > > and the completer mytest.service unit. You looking into this is appreciated! cat /etc/systemd/user/mytest.service [Unit] Description=mytest [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true

Bug#754242: (no subject)

Is this actually implemented despite saying wontfix? Acquire::BlockDotOnion "false"; allows connecting to http://asdfasdf.onion without tor:// Thank you for implementing 'Acquire::BlockDotOnion "false";' - very useful for Whonix! Best regards, Patrick

Bug#859121: RFP: genmkfile - Generic Makefile

Package: wnpp Severity: wishlist X-Debbugs-CC: pkg-privacy-maintain...@lists.alioth.debian.org * Package name: genmkfile Version : 4.0 Upstream Author : Patrick Schleizer <adrela...@riseup.net> * URL : https://github.com/Whonix/genmkfile * License :

Bug#859125: RFP: onion-grater - Whitelisting Tor Control Protocol Filter

be a great addition to Debian because it would improve usability and security for users that use applications using Tor's ControlPort. onion-grater is a Tor ControlPort filter written by anonym (Tails project) that has been packaged by Patrick Schleizer (Whonix project). The packaged version of onion

Bug#859121: [Pkg-privacy-maintainers] Bug#859121: RFP: genmkfile - Generic Makefile

related: [1] RFP: onion-grater - Whitelisting Tor Control Protocol Filter http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859125 Hi Antoine! Antoine Beaupré: > Funny you send this issue to the maintainers' mailing list.. It was my impression pkg-privacy-maintain...@lists.alioth.debian.org

Bug#860721: please enable Tor2webMode compile time option

Package: tor Severity: whishlist X-Debbugs-CC: whonix-de...@whonix.org Dear Maintainer, please enable Tor2webMode compile time option. # How? Please add to debian/control dh_auto_configure --enable-tor2web-mode And in src/or/config.c change from V(Tor2webMode, BOOL,

Bug#856587: fake-tty shared object or command line tool

Package: moreutils Severity: whishlist X-Debbugs-CC: whonix-de...@whonix.org feature request: fake-tty [application] - fools application into detecting being run inside a tty I am not a C coder, but at least a shared object looks easy to implement. echo "int isatty(int fd) { return 1; }" | gcc

Bug#866187: add torrc.d configuration directory

Peter Palfrader: > I'm tempted to stop shipping upstream's torrc as /etc/tor/torrc. It's > full of options that most users should never set, and shipping an almost > empty one is much nicer. > > I suspect that approximately the only thing it ought to have is the > include line. I was too afraid

Bug#866187: add torrc.d configuration directory

Peter Palfrader: > I don't think having torrc sourced in the defaults is a good approach. What's wrong with that? I guess because then users cannot easily disable parsing of /etc/torrc.d?

Bug#910017: Apparmor profile whitelist /etc/torrc.d/ and /usr/local/etc/torrc.d/

Any chance to get any entry by default pointing to something in /usr/local such as /usr/local/etc/tor/** r, or so? That would be very useful for Qubes, and Qubes-Whonix (since /usr/local is persistent by default in TemplateBased AppVMs while /etc is not). Even if Debian wouldn't parse any Tor

Bug#910017: Apparmor profile whitelist /etc/torrc.d/ and /usr/local/etc/torrc.d/

Peter Palfrader: > On Mon, 01 Oct 2018, Patrick Schleizer wrote: > >> Package: tor >> Severity: normal >> X-Debbugs-CC: whonix-de...@whonix.org >> >>> [warn] Could not open "/etc/torrc.d/40_tor_control_panel.conf": >> Permission d

Bug#910017: Apparmor profile whitelist /etc/torrc.d/ and /usr/local/etc/torrc.d/

Package: tor Severity: normal X-Debbugs-CC: whonix-de...@whonix.org > [warn] Could not open "/etc/torrc.d/40_tor_control_panel.conf": Permission denied Please allow in apparmor profile by default: /etc/torrc.d/ r, /usr/local/etc/torrc.d/ r,

Bug#909816: dependency issues - enigmail : Depends: thunderbird (>= 1:52.0) but it is not going to be installed or

Package: enigmail Severity: grave X-Debbugs-CC: whonix-de...@whonix.org Happening on Debian stretch. sudo apt-get install enigmail Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested

Bug#909746: Request for provision of Debian v3 onions for source repositories

Package: tor Severity: whishlist X-Debbugs-CC: whonix-de...@whonix.org Dear System Administrators, Recent Tor alpha releases by The Tor Project are beginning to make v3 onions the default for newly created onion services. https://blog.torproject.org/new-release-tor-0351-alpha > **Changes in

Bug#926116: cross build failing - update-binfmts: warning: qemu-i386 not in database of installed binary formats.

No more issues since I upgraded to buster. mmdebstrap is awesome! Thank you! Cheers, Patrick

Bug#926116: cross build failing - update-binfmts: warning: qemu-i386 not in database of installed binary formats.

Package: mmdebstrap Severity: normal X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, # How to reproduce: sudo /home/user/whonix_dot/Whonix/help-steps/mmdebstrap --verbose --architectures=i386 stretch /var/cache/pbuilder/base.cow_i386

Bug#921163: coreutils such as /bin/mkdir are duplicated in /usr/bin/mkdir

Package: mmdebstrap Severity: normal X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, # How to reproduce: sudo mmdebstrap --mode=root --aptopt=/home/user/whonix_binary/aptgetopt.conf stretch /var/cache/pbuilder/base.cow

Bug#927972: jitterentropy_rng.ko never loads

On https://www.whonix.org/pipermail/whonix-devel/2019-April/001371.html its developer wrote: > [...] > - the in-kernel crypto API has an RNG framework that provides a DRBG. This DRBG is used for in-kernel crypto API purposes. It may be accessed from user space via AF_ALG [2]. Yet, this is not

Bug#927974: jitterentropy_rng.ko never loads: jitternentropy-rngd doesn't complain

Luca Boccassi: > As far as I know, the kernel module and the userspace daemon are > separate and independent, and serve different purposes. > It's developer wrote about it here: https://www.whonix.org/pipermail/whonix-devel/2019-April/001371.html

Bug#928546: [feature request] /etc/fstab.d

Asked upstream about it. [feature request] /etc/fstab.d https://github.com/karelzak/util-linux/issues/790

Bug#928546: replies by upstream util-linux and systemd

util-linux Karel Zak @karelzak replied: https://github.com/karelzak/util-linux/issues/790 > The libmount allows to read fstab stuff from directory, for example > > ``` > mount --fstab /etc/fstab.d/ > ``` > > but this feature is not enabled by default and it does not check for fstab.d/ by

Bug#931994: improve key strengthening, add rounds=65536 to /etc/pam.d/common-password

Package: libpam-runtime Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, could you please append 'rounds=65536' to 'password [success=1 default=ignore] pam_unix.so obscure sha512' in file /usr/share/pam/common-password ? In other words:

Bug#927290: CoyIM in buster freeze up

Package: coyim Severity: normal X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, CoyIM freezes during account creation in Debian buster. More details were already submitted upstream but this might be a Debian only bug. https://github.com/coyim/coyim/issues/527 Kind regards, Patrick

Bug#934751: RFP: linux-hardened - hardened Linux kernel

Package: wnpp Severity: wishlist X-Debbugs-CC: debian-ker...@lists.debian.org * Package name: linux-hardened Version : 5.2 Upstream Author : linux-hardened * URL : https://github.com/anthraxx/linux-hardened * License : GPL-2 Programming Lang: C Description

Bug#934820: consider review and merge of linux-hardened patches (free, Libre alternative to grsecurity)

Package: linux Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, Could you please consider review and merge of linux-hardened patches (free, Libre alternative to grsecurity). https://github.com/anthraxx/linux-hardened Alternatively perhaps as a separate package. RFP:

Bug#934457: installation in chroot failing with Unknown device "/dev/fuse": No such device

Package: fuse Severity: grave X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, The following code from /var/lib/dpkg/info/fuse.postinst is failing. if [ -e /dev/fuse ] then udevadm test --action -p $(udevadm info -q path -n /dev/fuse) > /dev/null 2>&1 fi + [ -e /dev/fuse ] +

Bug#934457: installation in chroot failing with Unknown device "/dev/fuse": No such device

Thank you very much for looking into this! Does the following information help to make head or tail of this? Otherwise, I will provide better instruction for reproduction. László Böszörményi (GCS): > How did you create that Buster chroot? #!/bin/bash set -x set -e img=/home/user/test.img

Bug#939188: grub-PC check_signatures=enforce support (non-EFI)

Package: grub2 Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org Could you please make it possible to do signature verification with grub-pc too? Rationale: We, the maintainers of Linux distributions that primarily run inside VMs (Whonix; Kicksecure) would like to implement verified

Bug#940188: compatibility with grml-debootstrap, pbuilder and cowbuilder

Package: mmdebstrap Severity: normal X-Debbugs-CC: whonix-de...@whonix.org Dear maintainer, could you please make mmdebstrap compatible with grml-debootstrap, pbuilder and cowbuilder? These applications support setting a custom debootstrap but mmdebstrap cannot yet serve as a drop-in

Bug#940188: compatibility with grml-debootstrap, pbuilder and cowbuilder

Awesome! Great to know you're interested in this! Good question. I am not sure what I meant with that either. :) Will look into it again. First thing: debootstrap: --arch=ARCH mmdebstrap: --architectures=native[,foreign1,...] In other words, grml-debootstrap calls debootstrap

  1   2   >