Re: Copying one drive to a smaller one.

[DdB]

Hi,

Am 09.05.2022 um 20:54 schrieb David Christensen:
> Resizing and moving a Debian instance from a 500 GB drive to a 250 GB
> drive requires a lot of expertise.

I fully agree. And i am missing some information from the OP:

Was the 500 GB drive UEFI already?
Will both drives live on the same computer ever?

If the answers would be yes to 1 and no to second, that would allow
reusing the UUID's, which can be manipulated (on the new disk) with
sgdisk. But of course, since that involves some kind of "hacking", i
recommend to create some understanding along the disk format necessities
for UEFI booting first, like from https://www.rodsbooks.com/ pages.

My goal would be to manipulate the target to come very close to the
source, except for the partitioning/fs layout, in order to prepare for a
successful rsync for ALL (except swap, but including ESP) partitions.
mkswap has a -U switch too. :-)

Re: Copying one drive to a smaller one.

[step...@gmail.com]

On 5/9/22 11:54, David Christensen wrote:

Resizing and moving a Debian instance from a 500 GB drive to a 250 GB
drive requires a lot of expertise.


Maybe I'm misremembering. But doesn't clonezilla or using partclone 
 directly accomplish this? i'm sure i've used it 
to do exactly this. But it was years ago.

Re: booting from install usb

[Paul Scott]

On 5/9/22 14:19, Felix Miata wrote:

Paul Scott composed on 2022-05-09 12:25 (UTC-0700):


I let my laptop update its UEFI BIOS which of course zapped GRUB.

Not in the way you think...


/dev.sda2 which is "ef EFI (FAT-12/16/32)"

This should be the key, suggesting strongly that your Linux installation is
installed in UEFI mode.

That is correct.  I did install in UEFI mode.

If this is the case, you should be able to fix the problem
via BIOS setup, to select the (presumably Debian) entry that is probably there 
to
select as top priority.
After the BIOS update I mentioned the only boot choice was Windows which 
is why I figured some part of the GRUB stuff had been broken or deleted.

Alternatively, having executed mount -a after chrooting,
running efibootmgr should allow reorganizing the priority list to put your 
choice
at the top, or to add a new one if the one you need to be first is missing.

man efibootmgr


That didn't seem to work but as I was trying to figure out why I 
discovered I must have missed where rescue mode was telling me to mount 
the partition that must have had the EFI stuff I needed.  I can't give 
precise information but I was able to reinstall GRUB from Rescue mode 
and now all is well!


Thank you very much for your help,

Paul

Re: which program can show X/Y position of mouse pointer

[David Wright]

On Mon 09 May 2022 at 19:20:25 (-0400), lou wrote:
> 
> On 5/9/22 9:21 AM, Dan Ritter wrote:
> > No, I've never used twm. fvwm, sawmill/sawfish, and xfwm can all
> > do that. Probably most others.
> > 
> 
> Thanks! i have success with icewm, not with fvwm
> 
> xeyes knows mouse movement, it's too bad it doesn't show X/Y coordinates

It works just fine in fvwm. I ran this script in an xterm:

while /bin/true
do
printf '%s ' "$(date +%H:%M:%S)" >> /tmp/mousey-pos
xdotool getmouselocation >> /tmp/mousey-pos
sleep 1
done

I ran this command in another xterm:

$ tail -f /tmp/mousey-pos

I then moved the mouse around the corners of the screen, and then
the corners of the xterm window on the screen. I shifted to another
viewport¹ and repeated (screen, then xterm). Then I switched back
to the original viewport to interrupt the script. The mousey-pos
output is attached.

The coordinates are always for the screen that you are staring at,
not the entire virtual desktop. When you move viewports, the window
numbers naturally all change (except for the clocks/pager/xconsole),
but the X/Y values don't.

There's no need to keep any xterm in view while it's running, if
you're recording the output in a file.

If it really doesn't work for you, there may be some dependency on
the way you start fvwm in .xsession which affects the parent-child
relationships, but that's just a guess.

I also tested using it from a bound keystroke, borrowing the
contortionist's keystroke for re-execing my xinput configuration,
Shift-Ctrl-Alt-/, thus:

#Keyslash   A   CMS Exec exec xinput-xsession quiet
Key slash   A   CMS Exec exec xdotool getmouselocation

$ tail -f .xsession-fvwm-0-log

confirmed that this works too:

[fvwm][Echo]: Reading /home/david/.fvwm/main-menu-pre.hook Last edited 2003 
July 21
[fvwm][Echo]: Reading /home/david/.fvwm/post.hook Last edited 2022-04-02
[fvwm][Echo]: Reading /home/david/.fvwm/last-post.hook-axis-0 Last edited 
2020-04-04
[fvwm][Echo]: Reading /home/david/.fvwm/kbd-base.hook Last edited 2021-11-27
[fvwm][Echo]: Reading /home/david/.fvwm/kbd-axis.hook Last edited 2021-06-18
x:740 y:461 screen:0 window:16777248
x:118 y:83 screen:0 window:16777248
x:1385 y:739 screen:0 window:65011750

I must bind it to a better key. It's a much more controllable
output than xev, John, but I can see virtues in both.

¹ viewport: I have a desktop that's five times wider and four times
higher than the screen, and I switch between these twenty viewports
with clicks in the pager window, or with WindowsKey-arrows or with
Ctrl-Alt-arrows.

A few of the window numbers: root is 1707, …561 and …409 are
swissclocks for two timezones, …761 is the pager, …750 the xconsole,
and all of these are the same in every viewport. …248 is where I ran
the program, started and finished (obviously), and drew the (2nd)
outline round. …400 is an identical xterm on the viewport "next door"
for the 4th outline to go round.

Cheers,
David.
20:26:48 x:787 y:466 screen:0 window:16777248
20:26:49 x:772 y:456 screen:0 window:16777248
20:26:50 x:87 y:110 screen:0 window:16777248
20:26:51 x:13 y:42 screen:0 window:16777248
20:26:52 x:29 y:46 screen:0 window:16777248
20:26:53 x:689 y:78 screen:0 window:16777248
20:26:54 x:1239 y:44 screen:0 window:1707
20:26:55 x:1563 y:28 screen:0 window:62914561
20:26:56 x:1573 y:33 screen:0 window:62914561
20:26:57 x:1569 y:114 screen:0 window:60817409
20:26:58 x:1581 y:478 screen:0 window:1707
20:26:59 x:1573 y:759 screen:0 window:10485761
20:27:00 x:1551 y:820 screen:0 window:10485761
20:27:01 x:1548 y:819 screen:0 window:10485761
20:27:02 x:1249 y:825 screen:0 window:65011750
20:27:03 x:463 y:853 screen:0 window:1707
20:27:04 x:93 y:881 screen:0 window:1707
20:27:05 x:42 y:872 screen:0 window:1707
20:27:06 x:49 y:786 screen:0 window:16777248
20:27:07 x:31 y:208 screen:0 window:16777248
20:27:08 x:26 y:38 screen:0 window:16777248
20:27:09 x:383 y:52 screen:0 window:16777248
20:27:10 x:1023 y:20 screen:0 window:16777248
20:27:11 x:1075 y:34 screen:0 window:16777248
20:27:12 x:1165 y:748 screen:0 window:65011750
20:27:13 x:1093 y:775 screen:0 window:16777248
20:27:14 x:720 y:779 screen:0 window:16777248
20:27:15 x:58 y:740 screen:0 window:16777248
20:27:16 x:37 y:750 screen:0 window:16777248
20:27:17 x:62 y:751 screen:0 window:16777248
20:27:18 x:62 y:751 screen:0 window:18874400
20:27:19 x:62 y:751 screen:0 window:18874400
20:27:20 x:54 y:741 screen:0 window:18874400
20:27:21 x:28 y:430 screen:0 window:18874400
20:27:22 x:38 y:84 screen:0 window:18874400
20:27:23 x:38 y:85 screen:0 window:18874400
20:27:24 x:488 y:53 screen:0 window:18874400
20:27:25 x:1336 y:38 screen:0 window:1707
20:27:26 x:1563 y:33 screen:0 window:62914561
20:27:27 x:1568 y:208 screen:0 window:1707
20:27:28 x:1566 y:727 screen:0 window:65011750
20:27:29 x:1556 y:825 screen:0 window:10485761
20:27:30 x:1288 y:834 screen:0 window:65011750
20:27:31 x:667 y:829 screen:0 window:1707
20:27:32 x:120 y:843 

Re: which program can show X/Y position of mouse pointer

[John Hasler]

xev -root
-- 
John Hasler 
j...@sugarbit.com
Elmwood, WI USA

Re: USB Debian 11 installer and target drive device node [was fstab problem]

[David Christensen]

On 5/9/22 12:58, David Wright wrote:

On Mon 09 May 2022 at 11:30:39 (-0700), David Christensen wrote:

On 5/9/22 10:21, David Wright wrote:

On Sun 08 May 2022 at 23:39:31 (-0700), David Christensen wrote:



As noted by another reader in another thread, the Debian 11 installer
appears to always assign /dev/sda to d-i USB installation media; in
spite of decades of standard practice of using the first drive node
for the target drive.  Thus, the target drive may have been /dev/sdb
at installation time, resulting in "sdb" in crypttab(5) and/or
fstab(5) entries rather than the conventional "sda".



This is news to me, and I'm not sure why you blame the d-i's going
against decades of precedent. Yes, it can happen, and I guess it might
be the result of the way the buses are configured inside the machine.
Gone are the simple days of PATAs on hda.

Anyway, here are six machines: three are laptops, three EFIs, one AiO,
one i386, all GPT, all netinst, variously 11.1–3 with firmware. All
except the last have the installer on sdb, and the reason there is
obvious.



I am unsure what is obvious about the last three.  Please clarify.


No, just the last /one/. The USB stick gets names sda because
there's no competition from the SSD, which is nvme0n1.



Okay.  That makes sense.



Did you install from a USB flash drive or from optical media?  If
optical, was the drive internal or external, and what was the
interface?


They're all booted off the same USB stick ...



I just did a few trials with debian-11.3.0-amd64-netinst.iso on a 
different laptop with a different USB target drive.  The target drive 
came up as /dev/sda in each case (!).  The results do not match my 
earlier trials on other computers and targets.



I can only conclude that this is a multi-dimensional problem where the 
target computer (and firmware) is one dimension and the target drive is 
an additional dimension.



David

Re: which program can show X/Y position of mouse pointer

[lou]

On 5/9/22 9:21 AM, Dan Ritter wrote:

No, I've never used twm. fvwm, sawmill/sawfish, and xfwm can all
do that. Probably most others.

-dsr-



Thanks! i have success with icewm, not with fvwm

xeyes knows mouse movement, it's too bad it doesn't show X/Y coordinates

Re: macchanger - is it still working?

[David Wright]

On Mon 09 May 2022 at 19:49:11 (+0200), Hans wrote:
> > I don't know what you searched for.
> > 
> I searched for all files below /etc of a string "IFACE", then looked at 
> something like "IFACE=all" 
> or "IFACE=--all" or similar. 

It's always worth searching for the parts separately, even though a
lot of false hits can result.

But I googled   iface=--all network

(adding network to avoid phone cases), and that hit   man interfaces,
wherein I find (selected lines):

----

ENVIRONMENT VARIABLES
   All  hook  scripts,  and  the commands executed by pre-up, up, post-up,
   pre-down, down and post-down have access to the  following  environment
   variables:

   IFACE  The  physical  name of the interface being processed, or "--all"
  (see below).

 [ … ]

   Additionally, all options given in an interface definition  stanza  are
   exported to the environment in upper case with "IF_" prepended and with
   hyphens converted to underscores and non-alphanumeric  characters  dis‐
   carded.

   When  ifupdown is being called with the --all option, before doing any‐
   thing to interfaces, it calls all the hook  scripts  (pre-up  or  down)
   with  IFACE set to "--all", LOGICAL set to the current value of --allow
   parameter  (or  "auto"   if   it's   not   set),   ADDRFAM="meta"   and
   METHOD="none".   After all the interfaces have been brought up or taken
   down, the appropriate scripts (up or post-down) are executed.

----

So now the search might be for   ifup or down, other options perhaps,
and somewhere or other, --all. A lot of alternatives. So best search
for just '\--all' (noting the escaped hyphen). Nowadays I tend to
check /etc/, /var/lib/dpkg/info/, and /lib/systemd/ for your
configuration, Debian's, and systemd's. So

# grep -r '\--all' /etc/ /var/lib/dpkg/info/ /lib/systemd/

and you'll know it's working as you'll hit some --allow strings.

> > What does your /etc/network/interfaces (and subdirectories) contain?
> > 
> 
> Only this:
> 
> 
> 
> auto lo wlp5s0 enp0s10 
> 
> iface lo inet loopback 
> address 127.0.0.1 
> netmask 255.0.0.0
> 
> 
> Everything else is commented out, as network-manager recommends this.

Does NM really want "auto lo wlp5s0 enp0s10" in /e/n/i? That surprises
me. Another (pre-bullseye) package that avoided interfaces in /e/n/i,
wicd, would expect no mention of its interfaces in /e/n/i, leaving just:

  auto lo
  iface lo inet loopback

I would try that.

> > A workaround for your problem might be to set IFACE appropriately
> > in /etc/default/macchanger.
> 
> Yes, that is a good idea, I will do so.

You could then unwind this, and just set ENABLE_INTERFACES in
/etc/default/macchanger as appropriate (and if required).

Cheers,
David.

Re: Copying one drive to a smaller one.

[Michael Stone]

On Mon, May 09, 2022 at 04:47:44PM -0400, pa...@quillandmouse.com wrote:

Unfortunately, this is precisely what I was trying to avoid. For
example, to accommodate the graphics on my CPU, I had to use a later
kernel from backports. That's one of many wrinkles. Under other
circumstances, I probably would do as you advise, but I'm limited on
time and was trying to find a shortcut.


With a modern EFI system with UUIDs in the fstab it's actually not that 
hard. Boot off an rescue disk or somesuch. Create partitions on the new 
disk that mirror those of the old disk (except of course that the 
largest one should be smaller; do not make any of the others smaller). 
If you're lucky you've just got an EFI partition and a root partition. 
Assuming you're using ext4, use resize2fs to shrink the large volume to 
something smaller than the destination partition. (For example, if the 
new partition is 128G, shrink it to 120G.) Assuming your original drive 
is sda and the new one is sdb, copy each partition with something like 
cp /dev/sda1 /dev/sdb1. That's basically it for copying the data. Now 
this part's important: you don't want to boot from either of these disks 
while the other is in the system, because the UUIDs on the filesystems 
are the same. Pull the old one out before booting up. You may need to 
reconfigure the BIOS to boot of the new disk, depending on how it was 
configured--if you do, there should be some kind of "add new boot 
device" option that will let you browse the EFI partition and select 
"EFI/debian/grubx64.efi". I may be missing something as I type this off 
the top of my head, but whatever comes up should be fixable as long as 
you don't copy the new disk onto the old one. :)  I think all the 
current versions of fdisk will show you the disk model when using "fdisk 
-l" in addition to the partition information, which should help to 
double check which drive is which. 

With an old-style PC BIOS boot you'd need additional steps to install 
grub to the boot sector of the new disk, reconfigure grub's 
understanding of which linux device corresponds to which bios device, 
and tell the grub package where to install new bootloaders in the 
future.


There are also other ways to do this, for example by creating new 
filesystems, then using cp or rsync to copy the files (but this does 
require specific flags, and can have issues in [somewhat rare] 
circumstances) or using filesystem-specific tools like xfs_copy. In this 
case you'd need to use blkid to determine the UUIDs of the new 
partitions and update fstab on the new disk to match the new UUIDs.

Re: Re : Re: Re : Re: Re : Re: Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[didier gaumet]

Le lundi 9 mai 2022 à 22:20:03 UTC+2, benoit a écrit :
> --- Original Message ---
> Le lundi 9 mai 2022 à 19:33, didier gaumet  a écrit : 
[...]
> > 3) Un peu au pif (je ne suis pas catégorique sur la viabilité de ce que je 
> > suggère), d'après la page man de gnome-keyring-daemon tu dois pouvoir 
> > rajouter une option "login" (voire une option "daemonize") avant le vrai 
> > "start". Quelque chose de ce genre dans ton profile ou ton xinitrc: 
> > eval $(gnome-keyring-daemon --daemonize --login) 
> > eval $(gnome-keyring-daemon --start) 
> > export SSH_AUTH_SOCK 
> >
> Juste un détail : l'option --login ne rend pas la main, du coup la session X 
> ne démarre pas. 
[...]

tu peux éventuellement essayer de revenir à l'origine en supprimant cette ligne 
"--daemonize --login" et en modifiant en plus le fichier /etc/pam.d/passwd tel 
que conseillé par la doc Gnome :
https://wiki.gnome.org/Projects/GnomeKeyring/Pam/Manual
(voir l'exemple de /etc/pam.d/passwd en bas de page) 
mais attention à ne pas faire de doublon: le fichier incorpore le contenu de 
/etc/pam.d/common-password (en tout cas chez moi) et dans mon cas (ma session 
c'est  Gnome), ce fichier contient déjà ces 2 lignes . 

Désolé, j'ai pas d'autres idées...

Re: booting from install usb

[Felix Miata]

Paul Scott composed on 2022-05-09 12:25 (UTC-0700):

> I let my laptop update its UEFI BIOS which of course zapped GRUB.

Not in the way you think...

> /dev.sda2 which is "ef EFI (FAT-12/16/32)"

This should be the key, suggesting strongly that your Linux installation is
installed in UEFI mode. If this is the case, you should be able to fix the 
problem
via BIOS setup, to select the (presumably Debian) entry that is probably there 
to
select as top priority. Alternatively, having executed mount -a after chrooting,
running efibootmgr should allow reorganizing the priority list to put your 
choice
at the top, or to add a new one if the one you need to be first is missing.

man efibootmgr
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: Copying one drive to a smaller one.

[paulf]

On Mon, 9 May 2022 11:54:16 -0700
David Christensen  wrote:

> On 5/8/22 18:54, pa...@quillandmouse.com wrote:
> > Folks:
> > 
> > Situation: I have a 500G boot drive (root, swap, home) I'd like to
> > copy to a new 250G drive which must then also be bootable (yes,
> > there's enough room). This are EFI drives. I can use "dd", but I
> > don't know the proper parameters, and as I understand it, copying a
> > 500G to a 250G drive is Bad(tm). I could use "rsync", but I don't
> > think the second 250G drive will boot just because I copied the
> > files over to it. I suspect I would have an additional step needed
> > to make the drive bootable.
> > 
> > Can someone outline the proper procedure here?
> 
> 
> Resizing and moving a Debian instance from a 500 GB drive to a 250 GB 
> drive requires a lot of expertise.
> 
> 
> I would take the KISS approach -- backup the system configuration
> files and data, remove the 500 GB drive, install the 250 GB drive, do
> a fresh install onto the 250 GB drive, and reconfigure/ restore.
> 

Unfortunately, this is precisely what I was trying to avoid. For
example, to accommodate the graphics on my CPU, I had to use a later
kernel from backports. That's one of many wrinkles. Under other
circumstances, I probably would do as you advise, but I'm limited on
time and was trying to find a shortcut.

Paul

-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

booting from install usb

[Paul Scott]

Greetings,

I haven't done serious system work for many years.

I let my laptop update its UEFI BIOS which of course zapped GRUB.

I am in rescue mode from the USB stick used for install and have mounted 
the root file system and done:


chroot /mydisk (where my root file system is mounted)

I am not sure where to install GRUB with grub-install

I initially installed on a Windows 10 system.

.I have:

/dev/sda1 which is empty

/dev.sda2 which is "ef EFI (FAT-12/16/32)"

/dev/1p[1-7]  the first of which is EFI System followed by there MS 
partitions and the last three are my Linux partitions.


TIA for any help (I have been searching the web for quite a while 
without success beyond the above),


Paul

Re: Copying one drive to a smaller one.

[The Wanderer]

On 2022-05-09 at 15:18, Andrew M.A. Cater wrote:

> On Mon, May 09, 2022 at 11:54:16AM -0700, David Christensen wrote:

>> I would take the KISS approach -- backup the system configuration
>> files and data, remove the 500 GB drive, install the 250 GB drive,
>> do a fresh install onto the 250 GB drive, and reconfigure/
>> restore.
> 
> I also agree: then all you have to do is copy across data you wish to
> retain.
> 
> Alternatively, you can plug in the new drive and do a minimal install
> on it. Use
> 
> dpkg --get-selections > somefilename
> 
> to get a list of packages installed on one system and write it into
> somefile.
> 
> dpkg --set-selections < somefilename
> 
> will write that list for Debian's most basic package manager.

I've found that this doesn't always produce the desired result in some
cases. The most obvious one is when the names of the available packages
have changed between the two steps (e.g. a new kernel package), but
there are other times that issues can arise.

What I've found to be the method that produces the best results is use
the output of apt-mark instead:

oldmachine:~$ apt-mark showmanual > somefilename

newmachine:~# apt-get update

newmachine:~# apt-get install $(cat somefilename)

(I've tried various methods to get the install to work without the
subshell and the cat, but none of them seemed to put the package names
on the actual command line where apt-get could see them.)

That both installs the packages, and marks *only* the specified list of
packages as manually installed.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re : Re: Re : Re: Re : Re: Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[benoit]

--- Original Message ---
Le lundi 9 mai 2022 à 19:33, didier gaumet  a écrit :


> 1) As-tu ces 2 lignes dans ton /etc/pam.d/login ? :
> auth optional pam_gnome_keyring.so
> session optional pam_gnome_keyring.so auto_start
>

Oui

> 2) ton mot de passe de session est-il identique à ton mode de passe de 
> trousseau de clés? ça semble nécessaire, ou, si ça ne l'est pas , je ne sais 
> pas comment faire
>

Bien sûr ! ;-)

> 3) Un peu au pif (je ne suis pas catégorique sur la viabilité de ce que je 
> suggère), d'après la page man de gnome-keyring-daemon tu dois pouvoir 
> rajouter une option "login" (voire une option "daemonize") avant le vrai 
> "start". Quelque chose de ce genre dans ton profile ou ton xinitrc:
> eval $(gnome-keyring-daemon --daemonize --login)
> eval $(gnome-keyring-daemon --start)
> export SSH_AUTH_SOCK
>


Juste un détail : l'option --login ne rend pas la main, du coup la session X ne 
démarre pas.


> Bonne chance :-)

Merci !
Je finirai bien par l'avoir cette config ! ;-)

Re: Traduction ?

[Jean-Philippe MENGUAL]

Le 07/05/2022 à 13:01, Jean-Marc a écrit :

salut,

Le 7/05/22 à 10:55, ptilou a écrit :

Bonjour,

Je me demande ou est le lien et quoi traduire en francais au niveau de 
la doc, y a besoin d’un coup de mains ?


Il existe une page sur le site de Debian dédié à la taduction :

https://www.debian.org/international/french/

Et une liste de distrib' rien que pour ça :

https://lists.debian.org/debian-l10n-french/


Si tu arrives à t'intégrer, dis-moi comment tu t'y es pris.


Qu'est-ce qui n'a pas marché chez toi? Tu peux en dire plus?

J'ai aussi mis des années à y rentrer, mais maintenant ça va. Si ça peut 
aider, j'ai créé une page qui tente de reformater le parcours du 
contributeur pour l'aider à avancer sans se décourager:

https://debian-facile.org/doc:mentors:mentors

Amicalement,



J'ai essayé.
Je ne suis arrivé à rien.
Je me suis découragé.
J'ai arrêté.


Merci


De rien.  Et bon courage.


—
Ptilou
L’enfant terrible du libre

Re: Copying one drive to a smaller one.

[Tixy]

On Mon, 2022-05-09 at 19:18 +, Andrew M.A. Cater wrote:
[...]
> Alternatively, you can plug in the new drive and do a minimal install on it.
> Use 
> 
> dpkg --get-selections > somefilename 
> 
> to get a list of packages installed on one system and write it into somefile.
> 
> dpkg --set-selections < somefilename
> 
> will write that list for Debian's most basic package manager.
> 
> apt update ; apt dist-upgrade
> 
>  will then use that information to isntall the same package list onto the
> second machine as exists on the first machine - but that's complex.

Won't that process set all those packages as manually installed, so
should you later uninstall a top level package it's dependedncied won't
be automatically removed?

-- 
Tixy

Re: USB Debian 11 installer and target drive device node [was fstab problem]

[David Wright]

On Mon 09 May 2022 at 11:30:39 (-0700), David Christensen wrote:
> On 5/9/22 10:21, David Wright wrote:
> > On Sun 08 May 2022 at 23:39:31 (-0700), David Christensen wrote:
> 
> >> As noted by another reader in another thread, the Debian 11 installer
> >> appears to always assign /dev/sda to d-i USB installation media; in
> >> spite of decades of standard practice of using the first drive node
> >> for the target drive.  Thus, the target drive may have been /dev/sdb
> >> at installation time, resulting in "sdb" in crypttab(5) and/or
> >> fstab(5) entries rather than the conventional "sda".
> 
> > This is news to me, and I'm not sure why you blame the d-i's going
> > against decades of precedent. Yes, it can happen, and I guess it might
> > be the result of the way the buses are configured inside the machine.
> > Gone are the simple days of PATAs on hda.
> >
> > Anyway, here are six machines: three are laptops, three EFIs, one AiO,
> > one i386, all GPT, all netinst, variously 11.1–3 with firmware. All
> > except the last have the installer on sdb, and the reason there is
> > obvious.

I'll factorize the six cases. But for the last, they were listed in
date order, and I won't requote them in full.

Jan  1 bullseye 11.1 amd64 GPT EFI  rust laptop
Jan 25 bullseye 11.2 amd64 GPT BIOS rust tower
Feb  1 bullseye 11.2 amd64 GPT BIOS rust minitower
Apr 17 bullseye 11.3 amd64 GPT EFI  rust AiO
Apr 21 bullseye 11.2 i386  GPT BIOS rust laptop
Dec 13 bullseye 11.1 amd64 GPT EFI  SSD  laptop

> > The sole occasion where the devices have been named the "wrong" way
> > round is when I installed Debian on an EFI laptop onto a virgin
> > external hard drive. If memory serves, the d-i was connected through
> > a hub to the USB-C port, the drive was on the single USB3 port.
> > I think.

[ … snipped the listings … ]

> I am unsure what is obvious about the last three.  Please clarify.

No, just the last /one/. The USB stick gets names sda because
there's no competition from the SSD, which is nvme0n1.

> Did you install from a USB flash drive or from optical media?  If
> optical, was the drive internal or external, and what was the
> interface?

They're all booted off the same USB stick:

  2006528 512-byte logical blocks: (1.03 GB/980 MiB)

which is an eight-year-old freebee courtesy of ALS Empirica
at a Houston conference. If you're wondering why it sprouted
an extra partition for Apr 21, look no further than:

https://lists.debian.org/debian-user/2022/04/msg00655.html

I wanted to confirm that a 2003-vintage laptop would BIOS boot
from a GPT disk. I now have no MBR hard-drives in the house.
But to kill two birds with one stone, I was confirming that
creating an extra partition on a d-i stick is as simple as
running fdisk and creating one in the usual way:

$ sudo fdisk -l /dev/sdb
Disk /dev/sdb: 979.75 MiB, 1027342336 bytes, 2006528 sectors
Disk model: Card  Reader
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x5ec18678

Device Boot   Start End Sectors  Size Id Type
/dev/sdb1  *  0 1155071 1155072  564M  0 Empty
/dev/sdb2  431682833968  1.9M ef EFI (FAT-12/16/32)
/dev/sdb3   1163264 2002943  839680  410M  c W95 FAT32 (LBA)
$ ls -l /dev/disk/by-label/
total 0
lrwxrwxrwx 1 root root 10 May  9 14:44 'Debian\x2011.2.0\x20i386\x20n' -> 
../../sdb1
lrwxrwxrwx 1 root root 10 May  9 14:44  I386-11.2 -> ../../sdb3
lrwxrwxrwx 1 root root 10 May  9 08:40  cryptswap -> ../../sda3
lrwxrwxrwx 1 root root 10 May  9 08:40  swap -> ../../dm-0
lrwxrwxrwx 1 root root 10 May  9 08:40  toto04 -> ../../sda4
lrwxrwxrwx 1 root root 10 May  9 08:40  toto05 -> ../../sda5
lrwxrwxrwx 1 root root 10 May  9 08:40  toto06 -> ../../dm-1
$ 

The d-i runs as per usual. Whether the extra partition is usable
for, say, firmware, I haven't tested.

(ISTR creating an extra partition being discussed a while back.)

Cheers,
David.

Re: Copying one drive to a smaller one.

[Andrew M.A. Cater]

On Mon, May 09, 2022 at 11:54:16AM -0700, David Christensen wrote:
> On 5/8/22 18:54, pa...@quillandmouse.com wrote:
> > Folks:
> > 
> > Situation: I have a 500G boot drive (root, swap, home) I'd like to copy
> > to a new 250G drive which must then also be bootable (yes, there's
> > enough room). This are EFI drives. I can use "dd", but I don't know
> > the proper parameters, and as I understand it, copying a 500G to a 250G
> > drive is Bad(tm). I could use "rsync", but I don't think the second
> > 250G drive will boot just because I copied the files over to it. I
> > suspect I would have an additional step needed to make the drive
> > bootable.
> > 
> > Can someone outline the proper procedure here?
> 
> 
> Resizing and moving a Debian instance from a 500 GB drive to a 250 GB drive
> requires a lot of expertise.
> 
> 
> I would take the KISS approach -- backup the system configuration files and
> data, remove the 500 GB drive, install the 250 GB drive, do a fresh install
> onto the 250 GB drive, and reconfigure/ restore.
> 
> 
> David
>

I also agree: then all you have to do is copy across data you wish to retain.

Alternatively, you can plug in the new drive and do a minimal install on it.
Use 

dpkg --get-selections > somefilename 

to get a list of packages installed on one system and write it into somefile.

dpkg --set-selections < somefilename

will write that list for Debian's most basic package manager.

apt update ; apt dist-upgrade

 will then use that information to isntall the same package list onto the
second machine as exists on the first machine - but that's complex.

With every good wish, as ever,

Andy Cater 

Re: USB Debian 11 installer and target drive device node [was fstab problem]

[Thomas Schmitt]

Hi,

David Wright wrote:
> > Dec 13 03:02:16 kernel: [3.155962] sd 0:0:0:0: [sda] Attached SCSI 
> > removable disk
> > Dec 13 03:02:48 cdrom-detect: CD-ROM mount succeeded: device=/dev/sda1 
> > fstype=iso9660
> > Dec 13 03:02:48 cdrom-detect: CD-ROM mount succeeded: device=/dev/sda1 
> > fstype=iso9660

David Christensen wrote:
> Did you install from a USB flash drive or from optical media?

sda is not a real optical medium and Linux would not accept a partition
table from a real optical medium.


I assume the message comes from
  
https://sources.debian.org/src/cdrom-detect/1.98/debian/cdrom-detect.postinst/?hl=23#L23
or
  
https://sources.debian.org/src/cdrom-detect/1.98/debian/cdrom-detect.postinst/?hl=216#L216
when it tries to find the ISO 9660 filesystem from which the running
system was booted.

(The confusing messages are excusable. Debian ISOs are originally supposed
to boot from CD media. USB sticks are a novelty from 2011. :))


Have a nice day :)

Thomas

Re: Copying one drive to a smaller one.

[David Christensen]

On 5/8/22 18:54, pa...@quillandmouse.com wrote:

Folks:

Situation: I have a 500G boot drive (root, swap, home) I'd like to copy
to a new 250G drive which must then also be bootable (yes, there's
enough room). This are EFI drives. I can use "dd", but I don't know
the proper parameters, and as I understand it, copying a 500G to a 250G
drive is Bad(tm). I could use "rsync", but I don't think the second
250G drive will boot just because I copied the files over to it. I
suspect I would have an additional step needed to make the drive
bootable.

Can someone outline the proper procedure here?



Resizing and moving a Debian instance from a 500 GB drive to a 250 GB 
drive requires a lot of expertise.



I would take the KISS approach -- backup the system configuration files 
and data, remove the 500 GB drive, install the 250 GB drive, do a fresh 
install onto the 250 GB drive, and reconfigure/ restore.



David

USB Debian 11 installer and target drive device node [was fstab problem]

[David Christensen]

On 5/9/22 10:21, David Wright wrote:
> On Sun 08 May 2022 at 23:39:31 (-0700), David Christensen wrote:

>> As noted by another reader in another thread, the Debian 11 installer
>> appears to always assign /dev/sda to d-i USB installation media; in
>> spite of decades of standard practice of using the first drive node
>> for the target drive.  Thus, the target drive may have been /dev/sdb
>> at installation time, resulting in "sdb" in crypttab(5) and/or
>> fstab(5) entries rather than the conventional "sda".

> This is news to me, and I'm not sure why you blame the d-i's going
> against decades of precedent. Yes, it can happen, and I guess it might
> be the result of the way the buses are configured inside the machine.
> Gone are the simple days of PATAs on hda.
>
> Anyway, here are six machines: three are laptops, three EFIs, one AiO,
> one i386, all GPT, all netinst, variously 11.1–3 with firmware. All
> except the last have the installer on sdb, and the reason there is
> obvious.
>
> The sole occasion where the devices have been named the "wrong" way
> round is when I installed Debian on an EFI laptop onto a virgin
> external hard drive. If memory serves, the d-i was connected through
> a hub to the USB-C port, the drive was on the single USB3 port.
> I think.
>
> $ grep -e sda -e sdb -e nvme /var/log/installer/syslog | sed -e 
'/CD-ROM/{p; q}'
> Jan  1 16:29:18 kernel: [1.815571] sd 1:0:0:0: [sda] 976773168 
512-byte logical blocks: (500 GB/466 GiB)
> Jan  1 16:29:18 kernel: [1.816244] sd 1:0:0:0: [sda] 4096-byte 
physical blocks
> Jan  1 16:29:18 kernel: [1.817495] sd 1:0:0:0: [sda] Write 
Protect is off
> Jan  1 16:29:18 kernel: [1.819103] sd 1:0:0:0: [sda] Mode Sense: 
00 3a 00 00
> Jan  1 16:29:18 kernel: [1.819791] sd 1:0:0:0: [sda] Write cache: 
enabled, read cache: enabled, doesn't support DPO or FUA
> Jan  1 16:29:18 kernel: [1.853168]  sda: sda1 sda2 sda3 sda4 sda5 
sda6 sda7 sda8 sda9 sda10 sda11
> Jan  1 16:29:18 kernel: [1.875612] sd 1:0:0:0: [sda] Attached 
SCSI disk
> Jan  1 16:29:18 kernel: [3.422080] sd 3:0:0:0: [sdb] 2006528 
512-byte logical blocks: (1.03 GB/980 MiB)
> Jan  1 16:29:18 kernel: [3.422370] sd 3:0:0:0: [sdb] Write 
Protect is off
> Jan  1 16:29:18 kernel: [3.422372] sd 3:0:0:0: [sdb] Mode Sense: 
03 00 00 00
> Jan  1 16:29:18 kernel: [3.422673] sd 3:0:0:0: [sdb] No Caching 
mode page found
> Jan  1 16:29:18 kernel: [3.422674] sd 3:0:0:0: [sdb] Assuming 
drive cache: write through

> Jan  1 16:29:18 kernel: [3.453581]  sdb: sdb1 sdb2
> Jan  1 16:29:18 kernel: [3.490735] sd 3:0:0:0: [sdb] Attached 
SCSI removable disk
> Jan  1 16:29:55 cdrom-detect: CD-ROM mount succeeded: 
device=/dev/sdb1 fstype=iso9660
> Jan  1 16:29:55 cdrom-detect: CD-ROM mount succeeded: 
device=/dev/sdb1 fstype=iso9660

> $
>
> $ grep -e sda -e sdb -e nvme /var/log/installer/syslog | sed -e 
'/CD-ROM/{p; q}'
> Jan 25 21:12:08 kernel: [4.310937] sd 0:0:0:0: [sda] 976773168 
512-byte logical blocks: (500 GB/466 GiB)
> Jan 25 21:12:08 kernel: [4.310951] sd 0:0:0:0: [sda] Write 
Protect is off
> Jan 25 21:12:08 kernel: [4.310952] sd 0:0:0:0: [sda] Mode Sense: 
00 3a 00 00
> Jan 25 21:12:08 kernel: [4.310972] sd 0:0:0:0: [sda] Write cache: 
enabled, read cache: enabled, doesn't support DPO or FUA
> Jan 25 21:12:08 kernel: [4.681368]  sda: sda1 sda2 sda3 sda4 sda5 
sda6
> Jan 25 21:12:08 kernel: [4.839485] sd 0:0:0:0: [sda] Attached 
SCSI disk
> Jan 25 21:12:08 kernel: [5.617893] sd 6:0:0:0: [sdb] 2006528 
512-byte logical blocks: (1.03 GB/980 MiB)
> Jan 25 21:12:08 kernel: [5.637613] sd 6:0:0:0: [sdb] Write 
Protect is off
> Jan 25 21:12:08 kernel: [5.655705] sd 6:0:0:0: [sdb] Mode Sense: 
03 00 00 00
> Jan 25 21:12:08 kernel: [5.656965] sd 6:0:0:0: [sdb] No Caching 
mode page found
> Jan 25 21:12:08 kernel: [5.674988] sd 6:0:0:0: [sdb] Assuming 
drive cache: write through

> Jan 25 21:12:08 kernel: [5.718770]  sdb: sdb1 sdb2
> Jan 25 21:12:08 kernel: [5.762284] sd 6:0:0:0: [sdb] Attached 
SCSI removable disk
> Jan 25 21:13:04 cdrom-detect: CD-ROM mount succeeded: 
device=/dev/sdb1 fstype=iso9660
> Jan 25 21:13:04 cdrom-detect: CD-ROM mount succeeded: 
device=/dev/sdb1 fstype=iso9660

> $
>
> $ grep -e sda -e sdb -e nvme /var/log/installer/syslog | sed -e 
'/CD-ROM/{p; q}'
> Feb  1 17:32:10 kernel: [5.562125] sd 0:0:0:0: [sda] 976773168 
512-byte logical blocks: (500 GB/466 GiB)
> Feb  1 17:32:10 kernel: [5.569327] sd 0:0:0:0: [sda] Write 
Protect is off
> Feb  1 17:32:10 kernel: [5.576324] sd 0:0:0:0: [sda] Mode Sense: 
00 3a 00 00
> Feb  1 17:32:10 kernel: [5.576399] sd 0:0:0:0: [sda] Write cache: 
enabled, read cache: enabled, doesn't support DPO or FUA
> Feb  1 17:32:10 kernel: [5.646877]  sda: sda1 sda2 sda3 sda4 sda5 
sda6
> Feb  1 17:32:10 kernel: [5.667737] sd 0:0:0:0: [sda] Attached 
SCSI disk
> Feb  1 17:32:10 kernel: [5.834514] sd 4:0:0:0: [sdb] 2006528 

Re: Re : Re: Re : Re: Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[didier gaumet]

Le lundi 9 mai 2022 à 18:30:03 UTC+2, benoit a écrit :

> J'y arrives pas, pourtant la doc que tu m'indiques dit que c'est possible et 
> ça à l'air vraiment simple, il n'y a pas 36 façons de ne pas y arriver... 
> Que puis-je poster comme info pour trouver mon erreur de config ?

1) As-tu ces 2 lignes dans ton /etc/pam.d/login ? :
auth   optional pam_gnome_keyring.so
sessionoptional pam_gnome_keyring.so auto_start

2) ton mot de passe de session est-il identique à ton mode de passe de 
trousseau de clés? ça semble nécessaire, ou, si ça ne l'est pas , je ne sais 
pas comment faire

3) Un peu au pif (je ne suis pas catégorique sur la viabilité de ce que je 
suggère), d'après la page man de gnome-keyring-daemon tu dois pouvoir rajouter 
une option "login" (voire une option "daemonize") avant le vrai "start". 
Quelque chose de ce genre dans ton profile ou ton xinitrc:
eval $(gnome-keyring-daemon --daemonize --login)
eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK

Bonne chance :-)

Re: macchanger - is it still working?

[Hans]

Hi David,

> I don't know what you searched for.
> 
I searched for all files below /etc of a string "IFACE", then looked at 
something like "IFACE=all" 
or "IFACE=--all" or similar. 
> 
v
> What does your /etc/network/interfaces (and subdirectories) contain?
> 

Only this:




auto lo wlp5s0 enp0s10 

iface lo inet loopback 
address 127.0.0.1 
netmask 255.0.0.0


Everything else is commented out, as network-manager recommends this.

However, there are other configs below from other packages (these are clamav, 
ethtool, 
mountnfs, openvpn, postfix and wpasupplicant). These are in the original state 
and were never 
touched by me. But I can not exclude, these might interfere with macchanger.
 

> A workaround for your problem might be to set IFACE appropriately
> in /etc/default/macchanger.

Yes, that is a good idea, I will do so.


> 
> Cheers,
> David.

Thanks and best regards

Hans

Re: Renouvellement des certificats dans Freeradius

[didier gaumet]

Le lundi 09 mai 2022 à 16:08 +0200, Olivier a écrit :
> Bonjour,
> 
> Je cherche à mettre en place EAP PEAP-MSCHAPv2 avec certificat
> auto-signé sur un réseau WiFi en évolution du système précédent qui
> utilisait aussi PEAP-MSCHAPv2, mais sans certificat.
> 
> L'ajout des certificats est fait pour complaire à Android 11 qui
> interdit le PEAP-MSCHAPv2 sans certificat.
> 
> Je précise que je n'ai aucun contrôle sur les appareils WiFi se
> connectant au réseau.
> Il s'agit en majorité de smartphones Android, mais il y a aussi
> beaucoup de PC portables sous Win10 et d'appareils divers (iOS, ...).
> 
> J'imagine pouvoir diffuser largement (site web public, signature de
> courriel, ...) un certificat racine ca.der à longue durée de vie, et
> que les utilisateurs devront "importer"  sur leur machine avant de se
> connecter.
> 
> 1. Connaissez-vous un système d'exploitation refusant d'accepter des
> certificats racine auto-signés de trop longue durée ?
> 
> 2. Comment avec Freeradius (sur Bullseye) renouveler en douceur des
> certificats ? Par "en douceur", je sous-entend qu'il est acceptable
> qu'un utilisateur soit de temps en temps alerté par un message
> d'avertissement mais je souhaite éviter qu'il perde l'accès au WiFi.
> 
> Slts
> 
> 

Bon, alors là j'y connais encore moins que rien ;-)

Y a un laïus sur la compatibilité des certificats avec les OS ici:
https://wiki.freeradius.org/guide/Certificate-Compatibility
En gros, faut respecter certaines précautions avec Windows et pour le reste pas 
de pb. Par contre j'ai lu sur internet que dans certains cas il y a des 
blocages de sécurité pour les certificats de plus d'un an de durée de vie.

Y a un petit topo ici:
https://www.agix.com.au/freeradius-certificate-has-expired-solution/
sur le renouvellement des certificats sous CentOS, mais je ne sais pas comment 
ça se passe côté clients

D'après le lien ci-dessous et d'autres, c'est le fichier 
/etc/raddb/cert/Server.cnf qui détermine la durée de vie des certificats et des 
listes de révocation (CRL) par les variables default_days et default_crl_days:
https://serverfault.com/questions/629003/freeradius-certificate-is-going-to-expired

Pas la peine de me demander des éclaircissements, je serais bien incapable de 
te les donner :-)

Re: fstab problem [FIXED]

[David Wright]

On Sun 08 May 2022 at 23:39:31 (-0700), David Christensen wrote:
> On 5/8/22 15:00, ghe2001 wrote:
> > On Sunday, May 8th, 2022 at 3:51 PM, David Christensen wrote:
> > 
> > > My bad -- default options is spelled 'defaults'.
> > 
> > > UUID=301d6d6d-6782-4be3-b979-0cb595ef1a48 /backupDisk ext4 defaults 0 0
> > 
> > Well, damned if it didn't work.  And I had all of my non-root fstab entries 
> > with singular defaults too.  Thanks vastly, David.
> 
> YW.
> 
> One character present, absent, or different is all it takes.
> And, the error messages may or may not be helpful.
> 
> Related -- beware of "sda" vs. "sdb" in Debian 11 configuration files.
> As noted by another reader in another thread, the Debian 11 installer
> appears to always assign /dev/sda to d-i USB installation media; in
> spite of decades of standard practice of using the first drive node
> for the target drive.  Thus, the target drive may have been /dev/sdb
> at installation time, resulting in "sdb" in crypttab(5) and/or
> fstab(5) entries rather than the conventional "sda".  This break with
> convention cost me at least an hour of frustration recently, and I
> almost posted to this list.

This is news to me, and I'm not sure why you blame the d-i's going
against decades of precedent. Yes, it can happen, and I guess it might
be the result of the way the buses are configured inside the machine.
Gone are the simple days of PATAs on hda.

Anyway, here are six machines: three are laptops, three EFIs, one AiO,
one i386, all GPT, all netinst, variously 11.1–3 with firmware. All
except the last have the installer on sdb, and the reason there is
obvious.

The sole occasion where the devices have been named the "wrong" way
round is when I installed Debian on an EFI laptop onto a virgin
external hard drive. If memory serves, the d-i was connected through
a hub to the USB-C port, the drive was on the single USB3 port.
I think.

$ grep -e sda -e sdb -e nvme /var/log/installer/syslog | sed -e '/CD-ROM/{p; q}'
Jan  1 16:29:18 kernel: [1.815571] sd 1:0:0:0: [sda] 976773168 512-byte 
logical blocks: (500 GB/466 GiB)
Jan  1 16:29:18 kernel: [1.816244] sd 1:0:0:0: [sda] 4096-byte physical 
blocks
Jan  1 16:29:18 kernel: [1.817495] sd 1:0:0:0: [sda] Write Protect is off
Jan  1 16:29:18 kernel: [1.819103] sd 1:0:0:0: [sda] Mode Sense: 00 3a 00 00
Jan  1 16:29:18 kernel: [1.819791] sd 1:0:0:0: [sda] Write cache: enabled, 
read cache: enabled, doesn't support DPO or FUA
Jan  1 16:29:18 kernel: [1.853168]  sda: sda1 sda2 sda3 sda4 sda5 sda6 sda7 
sda8 sda9 sda10 sda11
Jan  1 16:29:18 kernel: [1.875612] sd 1:0:0:0: [sda] Attached SCSI disk
Jan  1 16:29:18 kernel: [3.422080] sd 3:0:0:0: [sdb] 2006528 512-byte 
logical blocks: (1.03 GB/980 MiB)
Jan  1 16:29:18 kernel: [3.422370] sd 3:0:0:0: [sdb] Write Protect is off
Jan  1 16:29:18 kernel: [3.422372] sd 3:0:0:0: [sdb] Mode Sense: 03 00 00 00
Jan  1 16:29:18 kernel: [3.422673] sd 3:0:0:0: [sdb] No Caching mode page 
found
Jan  1 16:29:18 kernel: [3.422674] sd 3:0:0:0: [sdb] Assuming drive cache: 
write through
Jan  1 16:29:18 kernel: [3.453581]  sdb: sdb1 sdb2
Jan  1 16:29:18 kernel: [3.490735] sd 3:0:0:0: [sdb] Attached SCSI 
removable disk
Jan  1 16:29:55 cdrom-detect: CD-ROM mount succeeded: device=/dev/sdb1 
fstype=iso9660
Jan  1 16:29:55 cdrom-detect: CD-ROM mount succeeded: device=/dev/sdb1 
fstype=iso9660
$ 

$ grep -e sda -e sdb -e nvme /var/log/installer/syslog | sed -e '/CD-ROM/{p; q}'
Jan 25 21:12:08 kernel: [4.310937] sd 0:0:0:0: [sda] 976773168 512-byte 
logical blocks: (500 GB/466 GiB)
Jan 25 21:12:08 kernel: [4.310951] sd 0:0:0:0: [sda] Write Protect is off
Jan 25 21:12:08 kernel: [4.310952] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
Jan 25 21:12:08 kernel: [4.310972] sd 0:0:0:0: [sda] Write cache: enabled, 
read cache: enabled, doesn't support DPO or FUA
Jan 25 21:12:08 kernel: [4.681368]  sda: sda1 sda2 sda3 sda4 sda5 sda6
Jan 25 21:12:08 kernel: [4.839485] sd 0:0:0:0: [sda] Attached SCSI disk
Jan 25 21:12:08 kernel: [5.617893] sd 6:0:0:0: [sdb] 2006528 512-byte 
logical blocks: (1.03 GB/980 MiB)
Jan 25 21:12:08 kernel: [5.637613] sd 6:0:0:0: [sdb] Write Protect is off
Jan 25 21:12:08 kernel: [5.655705] sd 6:0:0:0: [sdb] Mode Sense: 03 00 00 00
Jan 25 21:12:08 kernel: [5.656965] sd 6:0:0:0: [sdb] No Caching mode page 
found
Jan 25 21:12:08 kernel: [5.674988] sd 6:0:0:0: [sdb] Assuming drive cache: 
write through
Jan 25 21:12:08 kernel: [5.718770]  sdb: sdb1 sdb2
Jan 25 21:12:08 kernel: [5.762284] sd 6:0:0:0: [sdb] Attached SCSI 
removable disk
Jan 25 21:13:04 cdrom-detect: CD-ROM mount succeeded: device=/dev/sdb1 
fstype=iso9660
Jan 25 21:13:04 cdrom-detect: CD-ROM mount succeeded: device=/dev/sdb1 
fstype=iso9660
$ 

$ grep -e sda -e sdb -e nvme /var/log/installer/syslog | sed -e '/CD-ROM/{p; q}'
Feb  1 17:32:10 kernel: [5.562125] sd 0:0:0:0: [sda] 976773168 512-byte 
logical blocks: (500 

Re: macchanger - is it still working?

[David Wright]

On Mon 09 May 2022 at 08:52:39 (+0200), Hans wrote:
> So, tried again.
> 
> The param in /etc/default/macchanger is set to "=true" 
> 
> 
> 
> 
> # before bringing up any network interface, run macchanger. Careful, this is 
> # not guaranteed to prevent leaking your real MAC address before the new one 
> # gets assigned! 
> # 
> ENABLE_ON_POST_UP_DOWN=true 
> 
> 
> # by default, macchanger runs on all network interfaces but loopback (lo).  
> If 
> # you only want it to run on specific network interfaces, set them here: 
> # 
> #ENABLE_INTERFACES="wlan0"
> 
> Hoqwever, it looks, somewhere the IFACE variable is wrong set. But it looks 
> like, this is not set 
> by macchanger.
> 
> I searched through all configs below /etc, but could not find any. 

I don't know what you searched for.

> This is the log output of macchanger:
> 
> 
> 
> 
> 
> IFACE = --all 
> /usr/bin/macchanger: unrecognized option '--all' 
> GNU MAC Changer 
> Usage: macchanger [options] device 
> 
>  -h,  --help   Print this help 
>  -V,  --versionPrint version and exit 
>  -s,  --show   Print the MAC address and exit 
>  -e,  --ending Don't change the vendor bytes 
>  -a,  --anotherSet random vendor MAC of the same kind 
>  -ASet random vendor MAC of any kind 
>  -p,  --permanent  Reset to original, permanent hardware MAC 
>  -r,  --random Set fully random MAC 
>  -l,  --list[=keyword] Print known vendors 
>  -b,  --biaPretend to be a burned-in-address 
>  -m,  --mac=XX:XX:XX:XX:XX:XX 
>   --mac XX:XX:XX:XX:XX:XX  Set the MAC XX:XX:XX:XX:XX:XX 
> 
> Report bugs to https://github.com/alobbs/macchanger/issues 
> IFACE = lo 
> ignoring loopback
> 
> Hope this helps.

ifup has --all as one of its possible options. The man page uses
IFACE as a placeholder for the interface name, ie

  ifup -a|IFACE...

would be specified as

  ifup -a

or

  ifup --all

or

  ifup wlan0

or

  ifup wlan0 eth1

etc. I don't use ifup much, but typically the d-i would install
something like

  allow-hotplug enpXsY
  iface enpXsY inet dhcp

into /e/n/i.

However, the man page implies that you could write just

  auto

and I wonder what ifup command would be generated from that.

What does your /etc/network/interfaces (and subdirectories) contain?

A workaround for your problem might be to set IFACE appropriately
in /etc/default/macchanger.

Cheers,
David.

Re : Re: Re : Re: Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[benoit]

--- Original Message ---
Le lundi 9 mai 2022 à 14:46, didier gaumet  a écrit :
> - Tu peux démarrer simplement le daemon gnome-keyring comme indiqué en 
> modifiant .xinitrc , ce qui me paraîtrait cohérent avec ton contexte (startx)
> - Comme le dit Gaby, c'est PAM qui permet de ne pas saisir ton password 
> plusieurs fois dans le cas où le password de login et le password du 
> trousseau sont identiques, en modifiant /etc/pam.d.login tel qu'indiqué , 
> puis en suivant le lien inclus dans le paragraphe du wiki archlinux :
> https://wiki.archlinux.org/title/GNOME/Keyring#Automatically_change_keyring_password_with_user_password
> pour que les passwords trousseau et login soient synchrones


J'y arrives pas, pourtant la doc que tu m'indiques dit que c'est possible et ça 
à l'air vraiment simple, il n'y a pas 36 façons de ne pas y arriver...
Que puis-je poster comme info pour trouver mon erreur de config ?

Renouvellement des certificats dans Freeradius

[Olivier]

Bonjour,

Je cherche à mettre en place EAP PEAP-MSCHAPv2 avec certificat
auto-signé sur un réseau WiFi en évolution du système précédent qui
utilisait aussi PEAP-MSCHAPv2, mais sans certificat.

L'ajout des certificats est fait pour complaire à Android 11 qui
interdit le PEAP-MSCHAPv2 sans certificat.

Je précise que je n'ai aucun contrôle sur les appareils WiFi se
connectant au réseau.
Il s'agit en majorité de smartphones Android, mais il y a aussi
beaucoup de PC portables sous Win10 et d'appareils divers (iOS, ...).

J'imagine pouvoir diffuser largement (site web public, signature de
courriel, ...) un certificat racine ca.der à longue durée de vie, et
que les utilisateurs devront "importer"  sur leur machine avant de se
connecter.

1. Connaissez-vous un système d'exploitation refusant d'accepter des
certificats racine auto-signés de trop longue durée ?

2. Comment avec Freeradius (sur Bullseye) renouveler en douceur des
certificats ? Par "en douceur", je sous-entend qu'il est acceptable
qu'un utilisateur soit de temps en temps alerté par un message
d'avertissement mais je souhaite éviter qu'il perde l'accès au WiFi.

Slts

Needing help in knowing what package to report a bug

[Joshua Brickel]

Hi,

Description of problem:
After suspend only one screen activates (dual screen system) and the mouse
seems to be unresponsive.

Basic System
Using AMD cards (Radeon 5600XT and 5500XTY)
My system is setup as a mult-seat system with one seat having two monitors
and the other with one monitor.
Using Gnome with X
CPU family is AMD Epyc

Can anyone help me locate which group I should file this issue?

Thanks,

Joshua

Re: which program can show X/Y position of mouse pointer

[Dan Ritter]

lou wrote: 
> 
> On 5/9/22 7:09 AM, Dan Ritter wrote:
> > xdotool getmouselocation
> 
> 
> Thanks!
> 
> are you sure that xterm can be made always-on-top in twm?

No, I've never used twm. fvwm, sawmill/sawfish, and xfwm can all
do that. Probably most others.

-dsr-

Re: Re : Re: Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[didier gaumet]

Le lundi 9 mai 2022 à 13:10:03 UTC+2, benoit a écrit :
> Bonjour 
> 
> Merci pour l'info. 
> Je veux bien essayer, mais je n'ai pas l'impression que ce qu'indique la doc 
> de GNOME Keyring va m'aider. 
> Cf. 
> https://wiki.archlinux.org/title/GNOME/Keyring#Shell 
> 
> Dans le shell 
> « Add the following to your ~/.bash_profile, ~/.zshenv, or similar: 
> 
> ~/.bash_profile 
> 
> if [ -n "$DESKTOP_SESSION" ];then 
> eval $(gnome-keyring-daemon --start) 
> export SSH_AUTH_SOCK 
> fi » 
> 
> D'après env | grep DESKTOP_SESSION 
> Je n'ai pas la variable DESKTOP_SESSION. 
> 
> Dans 
> https://wiki.archlinux.org/title/GNOME/Keyring#xinitrc 
> 
> Ca vient après, quand je tape startx. 
> 
> Ce que je voudrais, c'est que mon mot de passe du login soit utilisé pour 
> déverrouiller mon trousseau 

Si je comprends bien(?):

- Tu peux démarrer simplement le daemon gnome-keyring comme indiqué en 
modifiant .xinitrc  , ce qui me paraîtrait cohérent avec ton contexte (startx)
- Comme le dit Gaby, c'est PAM qui permet de ne pas saisir ton password 
plusieurs fois dans le cas où le password de login et le password du trousseau 
sont identiques,  en modifiant /etc/pam.d.login tel qu'indiqué , puis en 
suivant le lien inclus dans le paragraphe du wiki archlinux :
https://wiki.archlinux.org/title/GNOME/Keyring#Automatically_change_keyring_password_with_user_password
 pour que les passwords trousseau et login soient synchrones

Re: Networking pb

[mick crane]

On 2022-05-08 22:58, Hussein Yahia wrote:

Hi,
I'm new to Linux, sorry if my question is naive.
I just installed debian 11 on my computer. It's wire-connected to
internet. I have another computer, a mac, which is connected through
wifi.

I can connect from my mac to the Linux desktop. But I can't connect
from the Linux to the mac: when I go in the "Network" directory, the
mac does not appear. I installed smb on the Linux desktop.

Can you help me on that ?


It's likely tidier rather than having server and client on both machines 
to have another something or other running Debian as server whose job is 
file sharing.

via eg. ssh, a web browser.
mick

Re: Re : Re: Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[Gabriel Moreau]

Ce que je voudrais, c'est que mon mot de passe du login soit utilisé pour 
déverrouiller mon trousseau


Il n'y a qu'avec un module PAM qu'on peut faire cela car ensuite, tu 
n'as plus accès au mot de passe.


gaby

En tant que chargé de la sécurité informatique, je suis parfois amené à
envoyer des courriels en dehors des heures de bureau. Ceux-ci
n’appellent pas de réponses immédiates (la déconnexion est un droit).
--
Gabriel Moreau - IR CNRShttp://www.legi.grenoble-inp.fr
LEGI (UMR 5519) Laboratoire des Ecoulements Geophysiques et Industriels
Domaine Universitaire, CS 40700, 38041 Grenoble Cedex 9, France
mailto:gabriel.mor...@legi.grenoble-inp.fr  tel:+33.476.825.015


smime.p7s
Description: Signature cryptographique S/MIME

Re: Networking pb

[Kent West]

On Sun, May 8, 2022 at 5:06 PM Hussein Yahia  wrote:

>
>
> I can connect from my mac to the Linux desktop. But I can't connect
> from the Linux to the mac: when I go in the "Network" directory, the
> mac does not appear. I installed smb on the Linux desktop.
>
>
I'm suspecting that you need to go into the Mac's System Preferences /
Sharing, and turn on File Sharing.


-- 
Kent West<")))><
Westing Peacefully - http://kentwest.blogspot.com

Re: which program can show X/Y position of mouse pointer

[lou]

On 5/9/22 7:09 AM, Dan Ritter wrote:

xdotool getmouselocation



Thanks!

are you sure that xterm can be made always-on-top in twm?

Re: which program can show X/Y position of mouse pointer

[Dan Ritter]

lou wrote: 
> i use twm for bullseye
> 
> i want to record screen with ffmpeg, it allows me to select some region of
> screen
> 
> i need a program that can display X/Y coordinates of mouse pointer as i move
> mouse

xdotool getmouselocation does it once.

You may wish to run it via watch in a tiny xterm and make that
xterm always-on-top.

-dsr-

Re : Re: Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[benoit]

Bonjour

Merci pour l'info.
Je veux bien essayer, mais je n'ai pas l'impression que ce qu'indique la doc de 
GNOME Keyring va m'aider.
Cf.
https://wiki.archlinux.org/title/GNOME/Keyring#Shell

Dans le shell
« Add the following to your ~/.bash_profile, ~/.zshenv, or similar:

~/.bash_profile

if [ -n "$DESKTOP_SESSION" ];then
eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK
fi »

D'après env | grep DESKTOP_SESSION
Je n'ai pas la variable DESKTOP_SESSION.

Dans
https://wiki.archlinux.org/title/GNOME/Keyring#xinitrc

Ca vient après, quand je tape startx.

Ce que je voudrais, c'est que mon mot de passe du login soit utilisé pour 
déverrouiller mon trousseau







Envoyé avec la messagerie sécurisée ProtonMail.
--- Original Message ---
Le lundi 9 mai 2022 à 11:34, didier gaumet  a écrit :


>
> Le lundi 09 mai 2022 à 08:22 +, benoit a écrit :
>
> > Bonjour à toutes et tous,
> >
> > J’ai configuré mon système pour démarrer en mode texte :
> > Après le démarrage du système, le terminal en mode texte, me demande
> > mon login et mon te passe.
> > Puis je tape startx pour lancer X.
> >
> > Une fois sous X si je lance un programme comme Evolution ou Element
> > qui a besoin d’avoir accès au trousseau de clés, un prompt graphique
> > me demande de taper le mot de passe pour le déverrouiller.
> >
> > Serait-il possible de déverrouiller mon trousseau de clés en mode
> > texte au moment où je tape le mot de passe de login en ne l’entrant
> > qu’une seule fois pour le login et le trousseau de clés ?
> >
> > Merci d'avance
> >
> > --
> > Benoit
>
>
> Bonjour,
>
> Je ne suis pas très familier avec tout ça, donc à prendre avec précaution, 
> mais:
>
> - lorsque tu parles par exemple d'Evolution, en tant que programme Gnome, le 
> trousseau de clés est géré par gnome-keyring. Il faudrait donc a priori 
> démarrer le daemon gnome-keyring dans un fichier de configuration du genre 
> .profile ou .xsession, après avoir modifié le paramétrage PAM. Plus d'infos 
> sur la manière de faire sur le wiki archlinux (paragraphe 3):
> https://wiki.archlinux.org/title/GNOME/Keyring
>
> - si tu utilises des programmes KDE/Plasma, il faut peut-être (je connais 
> encore moins) que tu utilises Kwallet. Plus d'infos sur la manière de faire 
> aussi sur le wiki archlinux (paragraphe 1):
> https://wiki.archlinux.org/title/KDE_Wallet

which program can show X/Y position of mouse pointer

[lou]

i use twm for bullseye

i want to record screen with ffmpeg, it allows me to select some region 
of screen


i need a program that can display X/Y coordinates of mouse pointer as i 
move mouse

Re: Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[didier gaumet]

Le lundi 09 mai 2022 à 08:22 +, benoit a écrit :
> Bonjour à toutes et tous,
> 
> J’ai configuré mon système pour démarrer en mode texte :
> Après le démarrage du système, le terminal en mode texte, me demande
> mon login et mon te passe.
> Puis je tape startx pour lancer X.
> 
> Une fois sous X si je lance un programme comme Evolution ou Element
> qui a besoin d’avoir accès au trousseau de clés, un prompt graphique
> me demande de taper le mot de passe pour le déverrouiller.
> 
> Serait-il possible de déverrouiller mon trousseau de clés en mode
> texte au moment où je tape le mot de passe de login en ne l’entrant
> qu’une seule fois pour le login et le trousseau de clés ?
> 
> Merci d'avance
> 
> --
> Benoit
> 
> 

Bonjour,

Je ne suis pas très familier avec tout ça, donc à prendre avec précaution, mais:

- lorsque tu parles par exemple d'Evolution, en tant que programme Gnome, le 
trousseau de clés est géré par gnome-keyring. Il faudrait donc a priori 
démarrer le daemon gnome-keyring dans un fichier de configuration du genre 
.profile ou .xsession, après avoir modifié le paramétrage PAM. Plus d'infos sur 
la manière de faire sur le wiki archlinux (paragraphe 3):
https://wiki.archlinux.org/title/GNOME/Keyring

- si tu utilises des programmes KDE/Plasma, il faut peut-être (je connais 
encore moins) que tu utilises Kwallet. Plus d'infos sur la manière de faire 
aussi sur le wiki archlinux (paragraphe 1):
https://wiki.archlinux.org/title/KDE_Wallet

Re: Alternatives to ISC dhcp-client ?

[Anssi Saari]

Dan Ritter  writes:

> The package name is udhcpc.

Yes, and it's very cool. Well, poorly documented so it was a little hard
to understand. Mostly my problem was the script it wants to run for
various events and how to fix that to do the stuff I need and not do
stuff that messes up my network setup.

But in my case udhcpc seems to be the only DHCP client that will talk to
the LTE module in my router, others just balk and whine.

Comment déverrouiller mon trousseau de clés avec mon mot de passe au login ?

[benoit]

Bonjour à toutes et tous,

J’ai configuré mon système pour démarrer en mode texte :
Après le démarrage du système, le terminal en mode texte, me demande mon login 
et mon te passe.
Puis je tape startx pour lancer X.

Une fois sous X si je lance un programme comme Evolution ou Element qui a 
besoin d’avoir accès au trousseau de clés, un prompt graphique me demande de 
taper le mot de passe pour le déverrouiller.

Serait-il possible de déverrouiller mon trousseau de clés en mode texte au 
moment où je tape le mot de passe de login en ne l’entrant qu’une seule fois 
pour le login et le trousseau de clés ?

Merci d'avance

--
Benoit

[RESOLU] Re: Rendre persistante la cmde echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct

[Olivier]

Merci infiniment à tous pour votre aide !

En effet, en ajoutant le fichier /etc/modprobe.d/foo.conf avec le
contenu ci-après, j'ai enfin la persistence recherchée (attention, il
y a une faute de frappe dans un ou deux messages).


# cat /etc/modprobe.d/foo.conf
options nf_conntrack acct=1

Excellente journée à tous !

Re: macchanger - is it still working?

[Hans]

So, tried again.

The param in /etc/default/macchanger is set to "=true" 




# before bringing up any network interface, run macchanger. Careful, this is 
# not guaranteed to prevent leaking your real MAC address before the new one 
# gets assigned! 
# 
ENABLE_ON_POST_UP_DOWN=true 


# by default, macchanger runs on all network interfaces but loopback (lo).  If 
# you only want it to run on specific network interfaces, set them here: 
# 
#ENABLE_INTERFACES="wlan0"

Hoqwever, it looks, somewhere the IFACE variable is wrong set. But it looks 
like, this is not set 
by macchanger.

I searched through all configs below /etc, but could not find any. 

This is the log output of macchanger:





IFACE = --all 
/usr/bin/macchanger: unrecognized option '--all' 
GNU MAC Changer 
Usage: macchanger [options] device 

 -h,  --help   Print this help 
 -V,  --versionPrint version and exit 
 -s,  --show   Print the MAC address and exit 
 -e,  --ending Don't change the vendor bytes 
 -a,  --anotherSet random vendor MAC of the same kind 
 -ASet random vendor MAC of any kind 
 -p,  --permanent  Reset to original, permanent hardware MAC 
 -r,  --random Set fully random MAC 
 -l,  --list[=keyword] Print known vendors 
 -b,  --biaPretend to be a burned-in-address 
 -m,  --mac=XX:XX:XX:XX:XX:XX 
  --mac XX:XX:XX:XX:XX:XX  Set the MAC XX:XX:XX:XX:XX:XX 

Report bugs to https://github.com/alobbs/macchanger/issues 
IFACE = lo 
ignoring loopback

Hope this helps.

Best 

Hans

Re: fstab problem [FIXED]

[David Christensen]

On 5/8/22 15:00, ghe2001 wrote:


On Sunday, May 8th, 2022 at 3:51 PM, David Christensen wrote:


My bad -- default options is spelled 'defaults'.



UUID=301d6d6d-6782-4be3-b979-0cb595ef1a48 /backupDisk ext4 defaults 0 0


Well, damned if it didn't work.  And I had all of my non-root fstab entries 
with singular defaults too.  Thanks vastly, David.



YW.


One character present, absent, or different is all it takes.


And, the error messages may or may not be helpful.


Related -- beware of "sda" vs. "sdb" in Debian 11 configuration files. 
As noted by another reader in another thread, the Debian 11 installer 
appears to always assign /dev/sda to d-i USB installation media; in 
spite of decades of standard practice of using the first drive node for 
the target drive.  Thus, the target drive may have been /dev/sdb at 
installation time, resulting in "sdb" in crypttab(5) and/or fstab(5) 
entries rather than the conventional "sda".  This break with convention 
cost me at least an hour of frustration recently, and I almost posted to 
this list.



David