Re: Disappearing shim-signed after failed dist-upgrade

[Andrei POPESCU]

On Lu, 28 iun 21, 09:46:17, David Wright wrote:
> 
> But your evening run of   apt-get -y dist-upgrade   was unconstrained,
> and so shim-signed could be removed because it was no longer being
> held onto as a Depends or Recommends.

Except that `apt-get dist-upgrade` doesn't do that (`autoremove` does), 
it only removes packages when it determines that it's needed to complete 
the dist-upgrade, so a Conflicts or Breaks with an upgraded package.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Whole Disk Encryption + SSD

[Stefan Monnier]

> Along with SED, I suggest that you also implement Secure Boot.

Can someone give me pointers to actually known attacks (not
hypothetical ones, which I can invent myself without much difficulty)
that would have been prevented by Secure Boot?

I can see that subverting the early boot might be a good way for
rootkits to install themselves in a way that's hard to detect and/or
remove, but it's not like there aren't plenty of other ways to get
pretty much the same result.

IOW it sounds to me a bit like putting a reinforced steel frame around
a cardboard door.


Stefan

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Greg Wooledge]

On Mon, Jun 28, 2021 at 10:46:01PM -0400, Polyna-Maude Racicot-Summerside wrote:
> On 2021-06-28 10:12 p.m., Rick Thomas wrote:
> > I'd love to be able to do that!  E.g. a headless machine with plenty of RAM 
> > and CPU power to run Mate, but located in a locked building on the other 
> > side of campus.
> > 
> > What do I need to install to do that?  And what are the configuration 
> > options?

> There's plenty of book you can find by searching on Google with the
> subject "X11 architecture" or something similar.
> 
> Simply made,
> You have the server (the part the display on a screen, ex all the
> xserver-xorg-*)
> and
> You have the client (the software that ask stuff to be displayed, ex : GIMP)
> Plus you have a window manager that give a "look" to the windows example
> Gnome / KDE / TWM...

You also probably want a Display Manager package, configured to use XDMCP.

> What will make it possible to choose where the client display is by
> setting DISPLAY variable.

That would be a heavily piecemeal approach, and there's a bit more to it
than that.

If you're trying to do this without full XDMCP sessions, an easier
approach to running one-off X11 clients remotely would be X11 forwarding
over ssh.  Simply make sure X11 forwarding is enabled on the server's
sshd_config, and then "ssh -X" from the client to the server, and run
the single program(s) you want to run.

(Avoid ANY proposed solution that talks about xhost.  Seriously.)

I still think they're looking for XDMCP sessions, though.

Re: Re: Interfaz gráfica para formatear memorias usb

[Tito Pariente]

Enviado desde mi HUAWEI P9 lite 2017

Re: Re: Interfaz gráfica para formatear memorias usb

[Tito Pariente]

Enviado desde mi HUAWEI P9 lite 2017

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-28 10:12 p.m., Rick Thomas wrote:
> On Sun, Jun 27, 2021, at 8:33 AM, Peter Ehlert wrote:
>>> X clients like MATE don't directly depend on an X server, because in
>>> theory, the X server could be on a different machine.
> 
> I'd love to be able to do that!  E.g. a headless machine with plenty of RAM 
> and CPU power to run Mate, but located in a locked building on the other side 
> of campus.
> 
> What do I need to install to do that?  And what are the configuration options?
> 
There's plenty of book you can find by searching on Google with the
subject "X11 architecture" or something similar.

Simply made,
You have the server (the part the display on a screen, ex all the
xserver-xorg-*)
and
You have the client (the software that ask stuff to be displayed, ex : GIMP)
Plus you have a window manager that give a "look" to the windows example
Gnome / KDE / TWM...

What will make it possible to choose where the client display is by
setting DISPLAY variable.

You'll find some info about all of this by reading the Debian Handbook
and the Wiki.

> AtDhVaAnNkCsE (thanks in ADVANCE)
> Rick
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Rick Thomas]

On Sun, Jun 27, 2021, at 8:33 AM, Peter Ehlert wrote:
> > X clients like MATE don't directly depend on an X server, because in
> > theory, the X server could be on a different machine.

I'd love to be able to do that!  E.g. a headless machine with plenty of RAM and 
CPU power to run Mate, but located in a locked building on the other side of 
campus.

What do I need to install to do that?  And what are the configuration options?

AtDhVaAnNkCsE (thanks in ADVANCE)
Rick

Re: Bug#990086: apt-key is deprecated in bullseye, how to manage keys instead

[Nicholas Geovanis]

Perhaps it should be said that personal use of gpg and the use that a
system administrator makes of it and key-ing are different use-cases. So we
might expect fewer assumptions to hold and greater mystery :-)

On Sat, Jun 26, 2021, 1:53 PM  wrote:

> On Sat, Jun 26, 2021 at 08:42:26AM -0400, Cindy Sue Causey wrote:
> > On 6/26/21, Andrei POPESCU  wrote:
>
> [...]
>
> > > Well, it makes perfect sense if you remember that "everything is a
> > > file", even if there are exceptions (e.g. network devices).
> >
> >
> > Hopefully I'm reading this right. While on dialup, I spent A LOT of
> > time battling a well-known closed source modem tty* driver. Out of
> > desperation, I could sometimes get it to work by copying it between
> > hard drives that contained separate operating systems.
> >
> > BUT you can't just e.g. "cp" or "right click > copy" it over. It would
> > fail with a "Can't copy special file" error message. I know this
> > because I just did it again with ttyS0. You CAN rsync it between
> > partitions, and it would be viable, usable.
>
> Wait a sec. You are not trying to copy /dev/ttyS0 (or its kin)?
>
> Because that won't really make much sense. Or, well, it will perhaps
> do surprising things.
>
> See, /dev/ttyS0 is a representation of an external device (your first
> serial interface, if your computer still has such a thing). You can
> open it, read from it (which will yield incoming characters), write
> to it (which will send the characters out, if all goes well) -- so
> to your applications it presents an interface similar to the one
> a file presents. This is Andrei's quote "everything is a file".
>
> If you now copy /dev/ttyS0 to /tmp, e.g.
>
>   sudo cp /dev/ttyS0 /tmp
>
> and assuming there's something connected to it and sending us characters,
> there will be an ever-growing /tmp/ttyS0 and the copy will terminate
> the moment the serial connection's other side "hangs up".
>
> Now if you do
>
>   sudo cp -a /dev/ttyS0 /tmp
>
> you get something completely different: a device file (referring to the
> exact same device as your original).
>
> Don't forget to remove them after: your system administrator might get
> mighty confused finding a device file in /tmp :-)
>
> Cheers
>  - t
>

Re: Dovecot: ssl_ca_path not respected?

[Bagas Sanjaya]

On 28/06/21 20.14, Dan Ritter wrote:

The second problem is that ssl_ca should point to the CA bundle
for your desired SSL cert -- in this case, your own CA.

It is probably indicative of something that the only mention of
ssl_ca_path in Dovecot's documentation is in a comment in the config.



Is ssl_ca parameter in `connect` option on dovecot-sql.conf.ext same as 
ssl_ca in /etc/dovecot/conf.d/10-ssl.conf?


--
An old man doll... just what I always wanted! - Clara

Re: Whole Disk Encryption + SSD

[David Christensen]

On 6/28/21 1:36 PM, David Christensen wrote:


(Dell factory default for drives is 'RAID'; 'ACPI' may be required).


Correction: AHCI.


David

Re: Whole Disk Encryption + SSD

[David Christensen]

On 6/28/21 7:52 AM, piorunz wrote:

Hi all,

I've got about 5 years old HP laptop with SSD SATA drive 240 GB. Debian
Bullseye will be installed on it once it's released, as my secondary
computer to use.
I have question regarding whole disk encryption. What technology should
I use, to have encryption of everything, or at least /home, but preserve
free blocks and have TRIM? I don't want encryption to use entire drive
as "full" blob, I want to preserve SSDs life. What solutions should I
use? Thanks!


Booting a computer involves the motherboard firmware and one or more 
stages of on-disk boot loaders.  Boot loader stages, initial RAM 
filesystem (initramfs), kernel, device drivers, system configuration 
files, etc., must be available as plaintext when needed.



Software encryption (dm-crypt, Linux Unified Key System (LUKS), etc.) 
for a system drive is typically applied to the swap, root, and/or data 
partitions, but the master boot record (partition table and boot 
loader), extensible firmware interface (EFI) system partition contents, 
and boot partition contents are plaintext and easily modified by an 
attacker with physical access.  You will want a CPU with AES-NI or 
equivalent to accelerate encryption/ decryption (should get 90%+ 
performance).  Without AES-NI, performance will be fractional.



The simplest way to protect a drive at rest (e.g. powered off) is to get 
a self-encrypting drive (SED).  The motherboard firmware prompts for the 
passphrase after the power on self test (POST) and before reading the 
drive.  Once the SED passphrase is entered, the entire drive appears as 
plaintext.  Encryption/ decryption is handled by hardware inside the 
drive controller, at full performance.



I do not set the 'discard' (trim) option in fstab(5).  If and when I 
want to erase unused blocks (such as before taking an image), I use 
fstrim(8).



I would not worry about wearing out a good SSD in a daily driver laptop. 
 I have been using Intel SSD 520 Series 2.5" SATA in my SOHO laptops, 
desktops, and servers for many years; they all work and have available 
lifespans in the high 90%'s.



Along with SED, I suggest that you also implement Secure Boot.  This 
provides cryptographic signatures and chain of trust for critical files, 
such as boot loaders and the kernel, whenever those files are to be 
executed (e.g. boot, dynamic loading, etc.).



Reset the CMOS settings to factory defaults, enable/ verify Unified EFI 
(UEFI) mode, enable/ verify Secure Boot, and boot the Debian Installer 
(d-i).  Hopefully, everything should Just Work.  If not, you may have to 
modify the drive settings (Dell factory default for drives is 'RAID'; 
'ACPI' may be required).  Take good notes, STFW, RTFM, and/or post here 
if you have problems.  Post your solution when you figure it out.



David

Re: Whole Disk Encryption + SSD

[Jochen Spieker]

piorunz:
> 
> I have question regarding whole disk encryption. What technology should
> I use, to have encryption of everything, or at least /home, but preserve
> free blocks and have TRIM?

The canonical answer is "LUKS". You can configure it during installation
if you want to. I always use LVM as well. It is up to you whether you
want to use LVM on LUKS or the other way round.

I am not sure how well full-disk encrpytion is supported nowadays. For
common scenarios (like loss or simple theft of the storage medium, no
state-level attackers) you do not need it, in my opinion.

Oh, the buster release notes mention that encrypted /boot is not
supported, everything else may be encrypted, even the root filesystem.

https://www.debian.org/releases/buster/amd64/ch06s03.en.html#partman-crypto

If you think you need protection against somebody tampering with your
boot loader and/or kernel, you need to configure Secure Boot which I
have never really looked at. I guess this is overkill for now.

> I don't want encryption to use entire drive
> as "full" blob, I want to preserve SSDs life.

I am not sure what this means and whether there is any relation between
"full blob" and life-preserving measures. But let me assure you that
your SSD will be fine, not matter how you are setting up encryption. You
can set up both LUKS and LVM to pass through the "discard" command which
you need for TRIM to work and this is more of a performance measure than
a method to reliably lengthen the lifespan of your SSD.

How long do you think you will need your SSD? I recently removed an
Intel X25m from an old system. It was more than ten years old and was
first used heavily in a laptop and later on ran 24/7 for several years
as OS drive in a NAS system. And that SSD didn't even support TRIM!

Do not worry about the lifetime of your SSD.  Worry about backups.

You use LUKS by telling it which disk partition it should encrypt. You
then get a new logical block device which you can treat like any "real"
partition. Most importantly, you can create a regular filesystem on it
(or an LVM physical volume) which is encrypted before anything is
written to the physical disk. The amount of free space in your
filesystem is not dependent on having a LUKS container beneath it.

> What solutions should I
> use? Thanks!

Get familiar with LUKS and possibly LVM. There are options like ecryptfs
which work on regular filesystem and encrypt individual files as well as
their names. But those are 

-- 
When standing at the top of beachy head I find the rocks below very
attractive.
[Agree]   [Disagree]
 


signature.asc
Description: PGP signature

Bullseye (mostly) not booting on Proliant DL380 G7

[Claudio Kuenzler]

Hello!

Currently testing the new Bullseye release (using
firmware-bullseye-DI-rc2-amd64-netinst.iso) and see a strange phenomenon on
a HP Proliant DL380 G7 server.

During boot, the following messages show up in the console:

[63.063844] pcc_cpufreq_init: Too many CPUs, dynamic performance scaling
disabled
[63.063895] pcc_cpufreq_init: Try to enable another scaling driver through
BIOS settings
[63.063943] pcc_cpufreq_init: and complain to the system vendor

According to
https://patchwork.kernel.org/project/linux-pm/patch/5423012.zznfdyd...@aspire.rjw.lan/
this is a Kernel patch from July 2018.
According to Andreas Herrmann, the settings can be defined in the HP server
BIOS:

Power Management -> Advanced Power Options -> Collaborative Power Control =
enabled

This is active (is the default I believe). The Power Regulator is set to
"Dynamic Power Savings Mode".

After these messages show up on the console, no login prompt appears. No
network started. The server seems frozen - doesn't even react to
CTRL+ALT+DEL on the console anymore. Not sure if this is caused by cpufreq
or something else though.

This boot problem happened on 2 out of 3 server boots.

Is this a bug in Bullseye?

thx for any hints.

Re: how to change terminal (tty) font?

[Gene Heskett]

On Monday 28 June 2021 11:46:00 Curt wrote:

> On 2021-06-28, Gene Heskett  wrote:
> >> The workaround at the bottom of the thread is to create a service
> >> file that systematically deletes the cache at shutdown.
> >
> > That sucks unless its a gracefull shutdown, power failures don't
> > leave time to do that, so why not clean the cache early in the
> > bootup. Sheesh...
>
> Well, here's the (simple) user-created unit file at the bottom of the
> bug thread, and maybe it would be as easy as replacing "ExecStop" by
> "ExecStart" for your wish to be fulfilled (or maybe not, I'm
> unfamiliar with systemd unit files and how they get that way, to tell
> the truth).
>
> But if something as trivial as this can't be hacked effectively by our
> illustrious system administrators, we may as well just abandon ship.
>
>  [Unit]
>  Description=Cleanup console-setup cache
>
>  [Service]
>  Type=oneshot
>  RemainAfterExit=true
>  ExecStop=/bin/bash -c "rm /etc/console-setup/cached_*"
>
>  [Install]
>  WantedBy=multi-user.target
>
> > Cheers, Gene Heskett

Welp, I expect you know more about it than I but if it works, the below 
looks like a suitable fix until some sanity infects the author(s). That 
doesn't alway act infectious though.

But "Illustrious System Administrators" are usually found in the mirror, 
and while I may have such a rep, its not always in the nuances of linux. 
Broadcast Engineering is a much better looking horse for me.

All I was trying to do was point out the folly of doing it as part of a 
gracefull shutdown. This is one of two boxes with a ups, all 4 of the 
others, are expected to survive a power failure, which they all did last 
evening for 15 seconds. Out of a quiet evening with clear blue skies. 
Funny part was that 15 seconds should have started the 20kw standby in 
the back yard but it did not. Still scratching my thinning grey hair 
over that.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re : Re: Re : usrmerge

[Hugues Larrive]

Bonjour,

Le samedi 26 juin 2021 à 16:59, BERTRAND Joël  a 
écrit :
> Sur un système bien fichu, tu n'as même pas besoin de initrd ou autre
> bidouillerie. initrd n'est qu'un bidule contournant un problème de
> design du démarrage de Linux (il n'y a aucune raison valable pour que
> le noyau ne puisse pas se débrouiller tout seul à l'instar des *BSD).

C'est vrai qu'ils feraient mieux de chercher à éliminer l'initrd au profit de la
partition racine plutôt que l'inverse...

> Même sur un i386, ça ne se justifie pas. Au lieu de réinventer la
> roue, les développeurs devraient aller voir un peu comment sont fichus
> les autres Unix.

Les mecs considèrent Solaris (dont la dernière version date d'il y a plus de 10
ans) comme la principale implémentation commerciale d'Unix, ils n'ont
vraisemblablement jamais touché un Mac de leur vie... sous macos /bin et /sbin
ne sont pas des liens symboliques, /lib est remplacé par /Library et
/System/Library (comme un genre de /lib et /slib), et surtout les applications
graphiques sont scriptables (automator / applescript), dommage qu'on ne sache 
pas
en faire autant dans le libre.

> La vraie question que je me pose depuis que des trucs comme ça sont
> apparus (je classe systemd, dbus et usrmerge dans la même catégorie)
> est de savoir si les développeurs actuels des linuxeries sont bien
> conscients des détails techniques qui ont permis d'arriver à une
> arborescence à peu près standardisée et à un système de démarrage de
> type SystemV ou RC. Visiblement non et la palme semble être mise au
> développeur qui sort l'idée la plus tordue (pour rester poli),
> généralement contraire au KISS, proposant quelque chose qui fait tout
> à peu près, donc qui ne fait rien correctement. J'ai suivi les
> discussions sur usrmerge et certains arguments étaient pathétiques (du
> style, on ne sait plus si tel ou tel programme est dans /bin ou
> /usr/bin... Ben mon cochon, c'est qu'ils ne comprennent pas la
> différence et s'ils ne comprennent pas la différence, sont-ils
> légitimes d'imposer de telles décisions ?). Il est vrai que j'ai déjà
> vu des shells dans /usr/bin... Quelle sera la prochaine étape ? Tout
> coller dans un seul répertoire ? /bin, /sbin, /usr/bin, /usr/sbin
> ensemble ? Et tant qu'on y est avec /lib et /usr/lib pour simplifier
>
LOL ben oui, même tout en vrac dans / avec un "searchd" comme ça le système
ressemblerait à un genre de cloud...

> ld (qui est déjà un bloatware en lui-même) ?
> Le fait, historiquement, d'avoir /, /usr et /usr/local séparés a
> surtout eu un côté pratique. Le fait de pouvoir démarrer un système
> minimal sur une partition qui pouvait être en ro et le rester. C'était
> la certitude d'avoir un système fonctionnel quelle que soit la
> situation. Et c'est encore ce qu'on cherche dans l'embarqué. En
> mélangeant / et /usr, on fait l'hypothèse spécieuse que /usr sera
> toujours accessible au moins en lecture (ou qu'on embarquera tout ce
> qu'il faut dans un initrd). Sauf que dans le cas général, ce n'est pas
> forcément vrai. Même dans l'embarqué, rares sont les partitions /usr
> qui peuvent rester en ro.
>
Il y a quelques années j'avais fais un réseau de 5 raspberry pi avec /var
et /usr en iscsi par réseau wifi, ça aurait été beaucoup plus compliqué
avec usrmerge...

> Une fois de plus, debian pousse des choses qui sont peut-être
> acceptables sur un poste de travail, qui deviennent discutables sur un
> serveur et totalement inacceptable dans le monde de l'embarqué.
>
On dirait qu'ils ont un peut oublié le sens du slogan "Le système
d'exploitation universel".

> Ça pourrait passer à la limite si le choix était à la discrétion de
> l'utilisateur. Mais ça n'est pas le cas. La dernière fois que j'ai
> installé une debian, je me suis retrouvé avec usrmerge.
>
À ce sujet j'ai une question : en cherchant un peu j'ai trouvé que
debootstrap a une option --no-merged-usr mais je n'ai pas trouvé
comment faire avec debian-installer.

> \begin{mode vieux con}
> Ce qui me navre, c'est que je peux faire aujourd'hui les mêmes
> reproches que je faisais à Windows à la fin des années 1990. Certaines
> choses démarrent aléatoirement (merci systemd et son démarrage
> concurent non maîtrisé !), Xorg plante de plus ne plus sans raison
> (fermeture des sessions et retour à wdm dans raison valable) et le
> développement semble réellement être sur une mauvaise pente... Je ne
> parle même pas de la glibc qui trimballe les mêmes bugs depuis au
> moins 15 ans. Remarque bien, on finit par les connaître, à force !...
> \end{mode vieux con}
>
Bienvenue au club des vieux con ;)

Cordialement
Hugues

Re: how to change terminal (tty) font?

[Curt]

On 2021-06-28, Gene Heskett  wrote:
>>
>> The workaround at the bottom of the thread is to create a service file
>> that systematically deletes the cache at shutdown.
>
> That sucks unless its a gracefull shutdown, power failures don't leave 
> time to do that, so why not clean the cache early in the bootup. 
> Sheesh...

Well, here's the (simple) user-created unit file at the bottom of the
bug thread, and maybe it would be as easy as replacing "ExecStop" by
"ExecStart" for your wish to be fulfilled (or maybe not, I'm unfamiliar
with systemd unit files and how they get that way, to tell the truth).

But if something as trivial as this can't be hacked effectively by our
illustrious system administrators, we may as well just abandon ship.

 [Unit]
 Description=Cleanup console-setup cache

 [Service]
 Type=oneshot
 RemainAfterExit=true
 ExecStop=/bin/bash -c "rm /etc/console-setup/cached_*"

 [Install]
 WantedBy=multi-user.target

> Cheers, Gene Heskett

Whole Disk Encryption + SSD

[piorunz]

Hi all,

I've got about 5 years old HP laptop with SSD SATA drive 240 GB. Debian
Bullseye will be installed on it once it's released, as my secondary
computer to use.
I have question regarding whole disk encryption. What technology should
I use, to have encryption of everything, or at least /home, but preserve
free blocks and have TRIM? I don't want encryption to use entire drive
as "full" blob, I want to preserve SSDs life. What solutions should I
use? Thanks!

--

With kindest regards, piorunz.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: Disappearing shim-signed after failed dist-upgrade

[David Wright]

On Sun 27 Jun 2021 at 05:31:05 (+0100), Gareth Evans wrote:
> On Tue 22 Jun 2021, at 19:13, David Wright  wrote:
> > On Tue 22 Jun 2021 at 08:59:13 (+0100), Gareth Evans wrote:
> > > A recent dist-upgrade on Buster (in a scripted cron job run at 01:00 
> > > daily) failed due to apt-listbugs complaining about the boot-breaking bug 
> > > in shim-signed, and pinning v1.33 in the process.
> > > 
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990082
> > 
> > AFAICT it looks as though you were just a victim of bad timing.
> > I happened to upgrade the point release at Start-Date:
> > 2021-06-19  17:27:11, and my term.log shows:
> > 
> >   Setting up fluidsynth (1.1.11-1+deb10u1) ...
> >   Setting up shim-helpers-amd64-signed (1+15.4+5~deb10u1) ...
> >   Installing for x86_64-efi platform.
> >   Installation finished. No error reported.
> >   Setting up python-libxml2 (2.9.4+dfsg1-7+deb10u2) ...
> >   Setting up shim-signed:amd64 (1.36~1+deb10u1+15.4-5~deb10u1) ...
> >   Installing for x86_64-efi platform.
> >   Installation finished. No error reported.
> >   Secure Boot not enabled on this system.
> >   Processing triggers for mime-support (3.62) ...
> > 
> > By 01:00 next morning, the grave bug stopped your upgrade from
> > finishing. I guess that's a disadvantage of unattended upgrades:
> > you don't see the bug reports as they occur. (I download any
> > updates automatically, which serves as an announcement, but
> > always upgrade manually.)
> > 
> > > The next (manual) dist-upgrade removed shim-signed v1.33
> > > 
> > > $ cat /var/log/apt/history.log
> > > Start-Date: 2021-06-20  18:33:29
> > > Commandline: apt-get -y dist-upgrade
> > > Requested-By: x (1000)
> > > Upgrade: shim-signed-common:amd64 (1.33+15+1533136590.3beb971-7, 
> > > 1.36~1+deb10u1+15.4-5~deb10u1)
> > > Remove: shim-signed:amd64 (1.33+15+1533136590.3beb971-7)
> > > End-Date: 2021-06-20  18:33:30
> > > 
> > > unattended-upgrades (which I had forgotten was installed) upgraded some 
> > > related packages earlier the same day, but not shim-signed itself:
> > > 
> > > $ cat /var/log/apt/history.log
> > > Start-Date: 2021-06-20  06:26:31
> > > Commandline: /usr/bin/unattended-upgrade
> > > Upgrade: shim-helpers-amd64-signed:amd64 
> > > (1+15+1533136590.3beb971+7+deb10u1, 1+15.4+5~deb10u1), 
> > > shim-unsigned:amd64 (15+1533136590.3beb971-7+deb10u1, 15.4-5~deb10u1)
> > > End-Date: 2021-06-20  06:26:34
> > > 
> > > The only references to shim-signed in apt history logs were the initial 
> > > Buster installation, and the recent removal:
> > > 
> > > /var/log/apt$ grep -n "shim-signed:" history.log*
> > > history.log:209:Remove: shim-signed:amd64 (1.33+15+1533136590.3beb971-7)
> > > history.log.6:33:Install: [...] shim-signed:amd64 
> > > (1.33+15+1533136590.3beb971-7) [...]
> > > 
> > > 
> > > As I don't currently use secure boot, I ignored the bug warnings when I 
> > > reinstalled it and dependencies (the buster-updates version per the email 
> > > from debian-stable-announce yesterday
> > > https://lists.debian.org/debian-stable-announce/2021/06/msg1.html
> > 
> > AIUI that's the correct thing to do in our situation. (It's an upgrade
> > rather than a reinstall: my new shim-signed{,-common} debs arrived at
> > noon yesterday.)
> > 
> > > ...but still:
> > > 
> > > $ apt policy shim-signed
> > > shim-signed:
> > >   Installed: 1.36~1+deb10u2+15.4-5~deb10u1
> > >   Candidate: 1.36~1+deb10u2+15.4-5~deb10u1
> > > 
> > > $ apt-listbugs list shim-signed
> > > Retrieving bug reports... Done
> > > Parsing Found/Fixed information... Done
> > > grave bugs of shim-signed (→ ) 
> > >  b1 - #990082 - High chance of boot problems with buster's version of 
> > > arm64 shim
> > > grave bugs of shim-signed (→ ) 
> > >  b2 - #987991 - shim-signed: Recent dbx update blacklists shimx64.efi 
> > > (1.33+15+1533136590.3beb971-7) (Fixed: shim-signed/1.34)
> > > Summary:
> > >  shim-signed(2 bugs)
> > > 
> > > $ apt-listbugs list shim-signed-common
> > > critical bugs of shim-signed-common (→ ) 
> > >  b1 - #990158 - shim-signed-common: No UEFI boot with error "Could not 
> > > create MokListXRT"
> > > Summary:
> > >  shim-signed-common(1 bug)
> > > 
> > > Is this referring to the non buster-updates package?
> > 
> > No. But I don't use secure boot, so I haven't been following along
> > with the shim's problem. (That is the same state of play shown by my 
> > system.)
> > 
> > > Can anyone enlighten me as to:
> > > 
> > > Why might shim-signed v1.33 have been removed by dist-upgrade despite the 
> > > previous upgrade attempt having been aborted by apt-listbugs?
> > 
> > $ aptitude why shim-signed
> > i   grub-efi-amd64Dependsgrub-efi-amd64-bin (= 
> > 2.02+dfsg1-20+deb10u4)
> > i A grub-efi-amd64-binRecommends grub-efi-amd64-signed  
> >  
> > i A grub-efi-amd64-signed Recommends shim-signed
> >  
> > $ 
> > 
> > so I have no dependency, only a Recommends. I don't know your 

Re: Dovecot: ssl_ca_path not respected?

[Dan Ritter]

Bagas Sanjaya wrote: 
> Hi,
> 
> I have difficulties setting up Dovecot to connect to remote MariaDB instance
> over TLS.
> 
> So I have two Debian 11 LXD containers spun up, one as mail server with
> Postfix and Dovecot, and one as database instance with MariaDB. The LXD host
> is Ubuntu 20.04.

The first problem is that you have introduced a new point of
failure: if you set up dovecot to use a database, that database
must be functioning for dovecot to work. Putting it into a
different VM or container adds complexity and a source of
failure without gaining you anything at all. And once dovecot
and the database are in the same container/VM, they don't need
SSL to communicate securely.

The second problem is that ssl_ca should point to the CA bundle
for your desired SSL cert -- in this case, your own CA.

It is probably indicative of something that the only mention of 
ssl_ca_path in Dovecot's documentation is in a comment in the config.


-dsr-

Re: how to change terminal (tty) font?

[Gene Heskett]

On Monday 28 June 2021 08:19:37 Curt wrote:

> On 2021-06-28, Brian  wrote:
> > On Mon 28 Jun 2021 at 11:20:12 -, Curt wrote:
> >> On 2021-06-28, Long Wind  wrote:
> >> > Thank IL Ka and Cater!i've run console-setup,
> >> > but it's not persistent, after reboot, it uses ugly font again
> >> > PS: i reply a little late, because yahoo is partially blocked
> >>
> >> Looks like this four-year-old bug:
> >>
> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857132
> >
> > A distinct possibility. I wonder whether executing 'setupcon' after
> > rebooting restores the wanted terminal font?
>
> The workaround at the bottom of the thread is to create a service file
> that systematically deletes the cache at shutdown.

That sucks unless its a gracefull shutdown, power failures don't leave 
time to do that, so why not clean the cache early in the bootup. 
Sheesh...

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Dovecot: ssl_ca_path not respected?

[Bagas Sanjaya]

Hi,

I have difficulties setting up Dovecot to connect to remote MariaDB 
instance over TLS.


So I have two Debian 11 LXD containers spun up, one as mail server with 
Postfix and Dovecot, and one as database instance with MariaDB. The LXD 
host is Ubuntu 20.04.


I defined `passdb` in /etc/dovecot/conf.d/auth-sql.conf.ext as:

... > passdb {
  driver = sql

  # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
  args = /etc/dovecot/dovecot-sql.conf.ext
}
...

And in /etc/dovecot/dovecot-sql.conf.ext I configured:

... > driver = mysql
connect = host= ssl_ca_path=/etc/ssl/certs dbname= 
user=maildb password=
password_query = SELECT email AS user, password FROM virtual_users \
  WHERE email='%u'
...


In /etc/dovecot/conf.d/10-auth.conf I #include'd:

...
!include auth-sql.conf.ext
!include auth-passwdfile.conf.ext
...


On database instance, I required that user `maildb` (that I used for 
Dovecot to connect to `` database) to connect over TLS by:

alter user maildb@ require ssl;


Based on setup above, I expected that Dovecot can connect to database 
instance over TLS.


Then I simulated user login by:

doveadm auth login  

Surprisingly, I read Dovecot log via journalctl that says:

Jun 28 12:02:19  dovecot[2104]: auth-worker(2176): Error: mysql(): Connect failed to database (): Access denied for user 'maildb'@'' (using password: YES) - waiting for 125 seconds before retry


But I had configured Dovecot log to /var/log/dovecot.log. During 
simulated login attempt, it said:

Jun 28 12:01:48 imap-login: Info: Login: user=, method=PLAIN, 
rip=, mpid=2177, TLS, session=
Jun 28 12:01:48 auth-worker(2176): Debug: passwd-file 
/etc/dovecot/conf.d/99-vusers.list: Read 3 users in 0 secs
Jun 28 12:01:48 auth-worker(2176): Debug: conn unix:auth-worker 
(pid=2169,uid=106): Server accepted connection (fd=14)
Jun 28 12:01:48 auth-worker(2176): Debug: conn unix:auth-worker 
(pid=2169,uid=106): Sending version handshake
Jun 28 12:02:48 auth-worker(2176): Debug: conn unix:auth-worker 
(pid=2169,uid=106): Disconnected: Connection closed (fd=-1)


Assumed that credentials in `connect` option are correct, I guessed that 
the problem is caused by Dovecot tried to connect to database instance 
without TLS (that is ignoring `ssl_ca_path` parameter).


The comment documentation for `ssl_ca_path` parameter, however, only 
said that:


# ssl_ca, ssl_ca_path- Set either one or both to enable SSL 


I guessed that the value of `ssl_ca_path` is path to directory contained
system's root certificate (`/etc/ssl/certs`).

Note that my setup above use custom TLS certificate signed by internal 
CA. The CA's root certificate is installed to both database instance and 
mail server and also added to system certificate store with 
`update-ca-certificates`.


To the above, I had to disable TLS for now by removing `ssl_ca_path` 
parameter in `connect` option and by reverting TLS connection 
requirement by `alter user maildb@ require none;`


Am I missing something? Or is it Dovecot bug?

--
An old man doll... just what I always wanted! - Clara

Re: how to change terminal (tty) font?

[Curt]

On 2021-06-28, Brian  wrote:
> On Mon 28 Jun 2021 at 11:20:12 -, Curt wrote:
>
>> On 2021-06-28, Long Wind  wrote:
>> >
>> >  
>> > Thank IL Ka and Cater!i've run console-setup, 
>> > but it's not persistent, after reboot, it uses ugly font again
>> > PS: i reply a little late, because yahoo is partially blocked
>> >
>> 
>> Looks like this four-year-old bug:
>> 
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857132
>
> A distinct possibility. I wonder whether executing 'setupcon' after
> rebooting restores the wanted terminal font?
>

The workaround at the bottom of the thread is to create a service file
that systematically deletes the cache at shutdown.

Re: Problemes amb un mòdul de python

[R. Sicart]

Hola,

També pots provar d'instalar els moduls python amb pip3 en un virtualenv o 
contenidor docker (per no barrejar ni embrutar el teu sistema debian habitual), 
per veure si tens el mateix problema.

Amb la comanda aquesta (la faig de memoria aixi que potser li falti alguna 
opcio) pots executar el contenidor docker:

# docker run -ti python:3.9 /bin/bash

I després instales el modul python:

# pip install NOMDELMODUL

Salut
-- 

R. Sicart

28 juin 2021 10:38:45 Josep Lladonosa :

> Hola, Xavier,
> 
> Potser t'ajuden:
> 
> https://github.com/ProtonVPN/linux-cli-community/issues/280
> 
> https://github.com/python-poetry/poetry/issues/3662
> 
> El dl., 28 de juny 2021, 10:04, Xavier De Yzaguirre i Maura 
>  va escriure:
>> Bon dia gent,
>> Utilitzo ProtonVPN i de fa uns mesos, em trobo amb un problema a l'activar 
>> la VPN, sembla que es un problema relacionat amb un mòdul Python de la 
>> versió 3.9, la gent de Proton m'han respost que el problema no es de 
>> l'aplicatiu sinó del mòdul. Us adjunto uns exemples del que em succeeix, no 
>> se com cal reportar-ho.
>> M'orienteu?
>> 
>> Text del Terminal quan crido protonvpn-cli (avui):
>> 
>> /*2021-06-27 21:19:39 xavier@PC006:~$ pvpn off*/
>> off
>> Attempting to disconnect from ProtonVPN.
>> Successfully disconnected from ProtonVPN.
>> Kill switch has been disabled.
>> Error initializing plugin EntryPoint(name='macOS', 
>> value='keyring.backends.macOS', group='keyring.backends').
>> Traceback (most recent call last):
>> File "/usr/local/lib/python3.9/dist-packages/keyring/backend.py", line 202, 
>> in _load_plugins
>> init_func = ep.load()
>> File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
>> module = import_module(match.group('module'))
>> File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
>> return _bootstrap._gcd_import(name[level:], package, level)
>> File "", line 1030, in _gcd_import
>> File "", line 1007, in _find_and_load
>> File "", line 984, in _find_and_load_unlocked
>> ModuleNotFoundError: No module named 'keyring.backends.macOS'
>> 
>> Netshield has been disabled.
>> */2021-06-28 09:31:39 xavier@PC006:~$/*
>> 
>> El text que vaig passar a mes a Proton tenia aquests resultats:
>> 
>>> */"2021-06-24 14:19:44 xavier@PC006:~$ pip3 list | grep keyring"/*/"
>>> "/Error initializing plugin EntryPoint(name='macOS', 
>>> value='keyring.backends.macOS', group='keyring.backends').
>>> Traceback (most recent call last):
>>> File "/usr/local/lib/python3.9/dist-packages/keyring/backend.py", line 202, 
>>> in _load_plugins
>>> init_func = ep.load()
>>> File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
>>> module = import_module(match.group('module'))
>>> File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
>>> return _bootstrap._gcd_import(name[level:], package, level)
>>> File "", line 1030, in _gcd_import
>>> File "", line 1007, in _find_and_load
>>> File "", line 984, in _find_and_load_unlocked
>>> ModuleNotFoundError: No module named 'keyring.backends.macOS'
>>> keyring              21.5.0
>>> keyrings.alt         4.0.2/""/
>>> 
>>> /""/*/"2021-06-24 14:20:00 xavier@PC006:~$ apt list | grep 
>>> python3-keyring"/*/"
>>> "//"
>>> "/WARNING: apt does not have a stable CLI interface. Use with caution in 
>>> scripts.
>>> 
>>> python3-keyring/testing,testing,testing,now 22.0.1-1 all [instal·lat, 
>>> automàtic]
>>> python3-keyrings.alt/testing,testing,testing,now 4.0.2-1 all [instal·lat]
>>> 2021-06-24 14:20:39 xavier@PC006:~$
>>> 
>> I si em miro quins mòduls python tinc instal·lats, son aquests:
>> 
 /*2021-06-24 14:38:57 xavier@PC006:~$ *apt list python* --installed/
 S'està llistant… Fet
 python-apt-common/testing,testing,testing,now 2.2.0 all [instal·lat, 
 automàtic]
 python-genshi/now 0.7.3-1 amd64 [instal·lat, local]
 python-is-python2/testing,testing,testing,now 2.7.18-9 all [instal·lat, 
 automàtic]
 python-jinja2-doc/testing,testing,testing,now 2.11.3-1 all [instal·lat]
 python-lxml-doc/testing,testing,testing,now 4.6.3-1 all [instal·lat]
 python-musicbrainzngs-doc/testing,testing,testing,now 0.7.1-2 all 
 [instal·lat]
 python-mutagen-doc/testing,testing,testing,now 1.45.1-2 all [instal·lat]
 python-numpy-doc/testing,testing,testing,now 1:1.19.5-1 all [instal·lat]
 python-pip-whl/testing,testing,testing,now 20.3.4-2 all [instal·lat, 
 automàtic]
 python-pkg-resources/testing,testing,testing,now 44.1.1-1 all [instal·lat, 
 automàtic]
 python-secretstorage-doc/testing,testing,testing,now 3.3.1-1 all 
 [instal·lat]
 python-setuptools/testing,testing,testing,now 44.1.1-1 all [instal·lat]
 python-tinycss2-common/testing,testing,testing,now 1.0.2-1 all 
 [instal·lat, automàtic]
 python-tk/testing,testing,testing,now 2.7.18-1 amd64 [instal·lat, 
 automàtic]
 python2-minimal/testing,testing,testing,now 2.7.18-2 amd64 [instal·lat, 
 automàtic]
 

Re: how to change terminal (tty) font?

[Brian]

On Mon 28 Jun 2021 at 11:20:12 -, Curt wrote:

> On 2021-06-28, Long Wind  wrote:
> >
> >  
> > Thank IL Ka and Cater!i've run console-setup, 
> > but it's not persistent, after reboot, it uses ugly font again
> > PS: i reply a little late, because yahoo is partially blocked
> >
> 
> Looks like this four-year-old bug:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857132

A distinct possibility. I wonder whether executing 'setupcon' after
rebooting restores the wanted terminal font?

-- 
Brian.

Re: how to change terminal (tty) font?

[Curt]

On 2021-06-28, Long Wind  wrote:
>
>  
> Thank IL Ka and Cater!i've run console-setup, 
> but it's not persistent, after reboot, it uses ugly font again
> PS: i reply a little late, because yahoo is partially blocked
>

Looks like this four-year-old bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857132

Re: Problemes amb un mòdul de python

[Xavier De Yzaguirre i Maura]

Estic fent-hi un cop d'ull i sembla que hi ha un problema ja que quan 
instal·les amb pip el keyring no instal·la el dbus-python.

Seguint les indicacions de 
https://github.com/ProtonVPN/linux-cli-community/issues/280 tinc:

> 2021-06-28 12:26:13 xavier@PC006:~$ python --version
> Python 3.9.2
>
> 2021-06-28 12:26:20 xavier@PC006:~$ pip --version
> pip 20.3.4 from /usr/lib/python3/dist-packages/pip (python 3.9)
>
> 2021-06-28 12:26:27 xavier@PC006:~$ cat ~/.config/python_keyring/keyringrc.cfg
> cat: /home/xavier/.config/python_keyring/keyringrc.cfg: El fitxer o directori 
> no existeix
>
> 2021-06-28 12:28:16 xavier@PC006:~$ cat 
> ~/.local/share/python_keyring/keyringrc.cfg
> cat: /home/xavier/.local/share/python_keyring/keyringrc.cfg: El fitxer o 
> directori no existeix
>
> 2021-06-28 12:28:38 xavier@PC006:~$ python -c "import keyring.util.platform_; 
> print(keyring.util.platform_.config_root())"
> Error initializing plugin EntryPoint(name='macOS', 
> value='keyring.backends.macOS', group='keyring.backends').
> Traceback (most recent call last):
> File "/usr/local/lib/python3.9/dist-packages/keyring/backend.py", line 202, 
> in _load_plugins
> init_func = ep.load()
> File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
> module = import_module(match.group('module'))
> File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
> return _bootstrap._gcd_import(name[level:], package, level)
> File "", line 1030, in _gcd_import
> File "", line 1007, in _find_and_load
> File "", line 984, in _find_and_load_unlocked
> ModuleNotFoundError: No module named 'keyring.backends.macOS'
> /home/xavier/.config/python_keyring
>
> 2021-06-28 12:28:59 xavier@PC006:~$ python -c "import keyring.util.platform_; 
> print(keyring.util.platform_.data_root())"
> Error initializing plugin EntryPoint(name='macOS', 
> value='keyring.backends.macOS', group='keyring.backends').
> Traceback (most recent call last):
> File "/usr/local/lib/python3.9/dist-packages/keyring/backend.py", line 202, 
> in _load_plugins
> init_func = ep.load()
> File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
> module = import_module(match.group('module'))
> File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
> return _bootstrap._gcd_import(name[level:], package, level)
> File "", line 1030, in _gcd_import
> File "", line 1007, in _find_and_load
> File "", line 984, in _find_and_load_unlocked
> ModuleNotFoundError: No module named 'keyring.backends.macOS'
> /home/xavier/.local/share/python_keyring
>
> 2021-06-28 12:30:15 xavier@PC006:~$ cat ~/.config/python_keyring/keyringrc.cfg
> cat: /home/xavier/.config/python_keyring/keyringrc.cfg: El fitxer o directori 
> no existeix
>
> 2021-06-28 12:30:45 xavier@PC006:~$ cat 
> ~/.local/share/python_keyring/keyringrc.cfg
> cat: /home/xavier/.local/share/python_keyring/keyringrc.cfg: El fitxer o 
> directori no existeix
>
> 2021-06-28 12:30:53 xavier@PC006:~$ ls -l .config/python_keyring
> ls: no s’ha pogut accedir a '.config/python_keyring': El fitxer o directori 
> no existeix
>
> 2021-06-28 12:31:57 xavier@PC006:~$

Com que protonvpn funciona be, de moment ho deixo per si ho corregeix la gent 
de Python.

Veurem

Moltes gràcies Josep.

--
Xavier De Yzaguirre i Maura

xdeyzaguirre at protonmail(dot)ch
S

Re: Problemes amb un mòdul de python

[Josep Lladonosa]

Hola, Xavier,

Potser t'ajuden:

https://github.com/ProtonVPN/linux-cli-community/issues/280

https://github.com/python-poetry/poetry/issues/3662

El dl., 28 de juny 2021, 10:04, Xavier De Yzaguirre i Maura <
xdeyzagui...@gmail.com> va escriure:

> Bon dia gent,
> Utilitzo ProtonVPN i de fa uns mesos, em trobo amb un problema a l'activar
> la VPN, sembla que es un problema relacionat amb un mòdul Python de la
> versió 3.9, la gent de Proton m'han respost que el problema no es de
> l'aplicatiu sinó del mòdul. Us adjunto uns exemples del que em succeeix, no
> se com cal reportar-ho.
> M'orienteu?
>
> Text del Terminal quan crido protonvpn-cli (avui):
>
> *2021-06-27 21:19:39 xavier@PC006:~$ pvpn off*
> off
> Attempting to disconnect from ProtonVPN.
> Successfully disconnected from ProtonVPN.
> Kill switch has been disabled.
> Error initializing plugin EntryPoint(name='macOS',
> value='keyring.backends.macOS', group='keyring.backends').
> Traceback (most recent call last):
> File "/usr/local/lib/python3.9/dist-packages/keyring/backend.py", line
> 202, in _load_plugins
> init_func = ep.load()
> File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
> module = import_module(match.group('module'))
> File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
> return _bootstrap._gcd_import(name[level:], package, level)
> File "", line 1030, in _gcd_import
> File "", line 1007, in _find_and_load
> File "", line 984, in _find_and_load_unlocked
> ModuleNotFoundError: No module named 'keyring.backends.macOS'
>
> Netshield has been disabled.
> *2021-06-28 09:31:39 xavier@PC006:~$*
>
> El text que vaig passar a mes a Proton tenia aquests resultats:
>
> *2021-06-24 14:19:44 xavier@PC006:~$ pip3 list | grep keyring*
> Error initializing plugin EntryPoint(name='macOS',
> value='keyring.backends.macOS', group='keyring.backends').
> Traceback (most recent call last):
> File "/usr/local/lib/python3.9/dist-packages/keyring/backend.py", line
> 202, in _load_plugins
> init_func = ep.load()
> File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
> module = import_module(match.group('module'))
> File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
> return _bootstrap._gcd_import(name[level:], package, level)
> File "", line 1030, in _gcd_import
> File "", line 1007, in _find_and_load
> File "", line 984, in _find_and_load_unlocked
> ModuleNotFoundError: No module named 'keyring.backends.macOS'
> keyring  21.5.0
> keyrings.alt 4.0.2
>
> *2021-06-24 14:20:00 xavier@PC006:~$ apt list | grep python3-keyring*
>
> WARNING: apt does not have a stable CLI interface. Use with caution in
> scripts.
>
> python3-keyring/testing,testing,testing,now 22.0.1-1 all [instal·lat,
> automàtic]
> python3-keyrings.alt/testing,testing,testing,now 4.0.2-1 all [instal·lat]
> 2021-06-24 14:20:39 xavier@PC006:~$
>
> I si em miro quins mòduls python tinc instal·lats, son aquests:
>
> *2021-06-24 14:38:57 xavier@PC006:~$ apt list python* --installed*
> S'està llistant… Fet
> python-apt-common/testing,testing,testing,now 2.2.0 all [instal·lat,
> automàtic]
> python-genshi/now 0.7.3-1 amd64 [instal·lat, local]
> python-is-python2/testing,testing,testing,now 2.7.18-9 all [instal·lat,
> automàtic]
> python-jinja2-doc/testing,testing,testing,now 2.11.3-1 all [instal·lat]
> python-lxml-doc/testing,testing,testing,now 4.6.3-1 all [instal·lat]
> python-musicbrainzngs-doc/testing,testing,testing,now 0.7.1-2 all
> [instal·lat]
> python-mutagen-doc/testing,testing,testing,now 1.45.1-2 all [instal·lat]
> python-numpy-doc/testing,testing,testing,now 1:1.19.5-1 all [instal·lat]
> python-pip-whl/testing,testing,testing,now 20.3.4-2 all [instal·lat,
> automàtic]
> python-pkg-resources/testing,testing,testing,now 44.1.1-1 all [instal·lat,
> automàtic]
> python-secretstorage-doc/testing,testing,testing,now 3.3.1-1 all
> [instal·lat]
> python-setuptools/testing,testing,testing,now 44.1.1-1 all [instal·lat]
> python-tinycss2-common/testing,testing,testing,now 1.0.2-1 all
> [instal·lat, automàtic]
> python-tk/testing,testing,testing,now 2.7.18-1 amd64 [instal·lat,
> automàtic]
> python2-minimal/testing,testing,testing,now 2.7.18-2 amd64 [instal·lat,
> automàtic]
> python2.7-minimal/testing,testing,testing,now 2.7.18-7 amd64 [instal·lat,
> automàtic]
> python2.7/testing,testing,testing,now 2.7.18-7 amd64 [instal·lat]
> python2/testing,testing,testing,now 2.7.18-2 amd64 [instal·lat, automàtic]
> python3-apt/testing,testing,testing,now 2.2.0 amd64 [instal·lat, automàtic]
> python3-avahi/testing,testing,testing,now 0.8-5 amd64 [instal·lat,
> automàtic]
> python3-bcrypt/testing,testing,testing,now 3.1.7-4 amd64 [instal·lat,
> automàtic]
> python3-bs4/testing,testing,testing,now 4.9.3-1 all [instal·lat, automàtic]
> python3-bsddb3/testing,testing,testing,now 6.2.9-1 amd64 [instal·lat,
> automàtic]
> python3-cairo/testing,testing,testing,now 1.16.2-4+b2 amd64 [instal·lat,
> automàtic]
> 

Re: Software para gestión de baterías

[Camaleón]

El 2021-06-28 a las 09:34 +0200, Roberto Leon Lopez escribió:

> En la oficina solemos usar SAI del fabricante APC y estoy revisando el 
> software apcupsd, pero el proyecto en su web veo que lleva años parado.
> 
> ¿Existe algún otro software o un fabricante cuyo software de gestión bajo 
> Debian funcione?

Tienes NUT, mira a ver si tu unidad tiene soporte:

https://networkupstools.org/

Yo lo instalé hace años (tenemos en la oficina varias unidades SAI de 
APC y Riello UPS) pero no me terminó de convencer y al final me quedé 
con el programa ofrecido por el fabricante, que tampoco es para echar 
cohetes.

Saludos,

-- 
Camaleón 

Problemes amb un mòdul de python

[Xavier De Yzaguirre i Maura]

Bon dia gent,
Utilitzo ProtonVPN i de fa uns mesos, em trobo amb un problema a l'activar
la VPN, sembla que es un problema relacionat amb un mòdul Python de la
versió 3.9, la gent de Proton m'han respost que el problema no es de
l'aplicatiu sinó del mòdul. Us adjunto uns exemples del que em succeeix, no
se com cal reportar-ho.
M'orienteu?

Text del Terminal quan crido protonvpn-cli (avui):

*2021-06-27 21:19:39 xavier@PC006:~$ pvpn off*
off
Attempting to disconnect from ProtonVPN.
Successfully disconnected from ProtonVPN.
Kill switch has been disabled.
Error initializing plugin EntryPoint(name='macOS',
value='keyring.backends.macOS', group='keyring.backends').
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/keyring/backend.py", line 202,
in _load_plugins
init_func = ep.load()
File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1030, in _gcd_import
File "", line 1007, in _find_and_load
File "", line 984, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'keyring.backends.macOS'

Netshield has been disabled.
*2021-06-28 09:31:39 xavier@PC006:~$*

El text que vaig passar a mes a Proton tenia aquests resultats:

*2021-06-24 14:19:44 xavier@PC006:~$ pip3 list | grep keyring*
Error initializing plugin EntryPoint(name='macOS',
value='keyring.backends.macOS', group='keyring.backends').
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/keyring/backend.py", line 202,
in _load_plugins
init_func = ep.load()
File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1030, in _gcd_import
File "", line 1007, in _find_and_load
File "", line 984, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'keyring.backends.macOS'
keyring  21.5.0
keyrings.alt 4.0.2

*2021-06-24 14:20:00 xavier@PC006:~$ apt list | grep python3-keyring*

WARNING: apt does not have a stable CLI interface. Use with caution in
scripts.

python3-keyring/testing,testing,testing,now 22.0.1-1 all [instal·lat,
automàtic]
python3-keyrings.alt/testing,testing,testing,now 4.0.2-1 all [instal·lat]
2021-06-24 14:20:39 xavier@PC006:~$

I si em miro quins mòduls python tinc instal·lats, son aquests:

*2021-06-24 14:38:57 xavier@PC006:~$ apt list python* --installed*
S'està llistant… Fet
python-apt-common/testing,testing,testing,now 2.2.0 all [instal·lat,
automàtic]
python-genshi/now 0.7.3-1 amd64 [instal·lat, local]
python-is-python2/testing,testing,testing,now 2.7.18-9 all [instal·lat,
automàtic]
python-jinja2-doc/testing,testing,testing,now 2.11.3-1 all [instal·lat]
python-lxml-doc/testing,testing,testing,now 4.6.3-1 all [instal·lat]
python-musicbrainzngs-doc/testing,testing,testing,now 0.7.1-2 all
[instal·lat]
python-mutagen-doc/testing,testing,testing,now 1.45.1-2 all [instal·lat]
python-numpy-doc/testing,testing,testing,now 1:1.19.5-1 all [instal·lat]
python-pip-whl/testing,testing,testing,now 20.3.4-2 all [instal·lat,
automàtic]
python-pkg-resources/testing,testing,testing,now 44.1.1-1 all [instal·lat,
automàtic]
python-secretstorage-doc/testing,testing,testing,now 3.3.1-1 all
[instal·lat]
python-setuptools/testing,testing,testing,now 44.1.1-1 all [instal·lat]
python-tinycss2-common/testing,testing,testing,now 1.0.2-1 all [instal·lat,
automàtic]
python-tk/testing,testing,testing,now 2.7.18-1 amd64 [instal·lat, automàtic]
python2-minimal/testing,testing,testing,now 2.7.18-2 amd64 [instal·lat,
automàtic]
python2.7-minimal/testing,testing,testing,now 2.7.18-7 amd64 [instal·lat,
automàtic]
python2.7/testing,testing,testing,now 2.7.18-7 amd64 [instal·lat]
python2/testing,testing,testing,now 2.7.18-2 amd64 [instal·lat, automàtic]
python3-apt/testing,testing,testing,now 2.2.0 amd64 [instal·lat, automàtic]
python3-avahi/testing,testing,testing,now 0.8-5 amd64 [instal·lat,
automàtic]
python3-bcrypt/testing,testing,testing,now 3.1.7-4 amd64 [instal·lat,
automàtic]
python3-bs4/testing,testing,testing,now 4.9.3-1 all [instal·lat, automàtic]
python3-bsddb3/testing,testing,testing,now 6.2.9-1 amd64 [instal·lat,
automàtic]
python3-cairo/testing,testing,testing,now 1.16.2-4+b2 amd64 [instal·lat,
automàtic]
python3-certifi/testing,testing,testing,now 2020.6.20-1 all [instal·lat,
automàtic]
python3-cffi-backend/testing,testing,testing,now 1.14.5-1 amd64
[instal·lat, automàtic]
python3-chardet/testing,testing,testing,now 4.0.0-1 all [instal·lat,
automàtic]
python3-cryptography/testing,testing,testing,now 3.3.2-1 amd64 [instal·lat,
automàtic]
python3-css-parser/testing,testing,testing,now 1.0.6-1 all [instal·lat,
automàtic]

Software para gestión de baterías

[Roberto Leon Lopez]

En la oficina solemos usar SAI del fabricante APC y estoy revisando el software 
apcupsd, pero el proyecto en su web veo que lleva años parado.

¿Existe algún otro software o un fabricante cuyo software de gestión bajo 
Debian funcione?

Re: Messed up Email

[Andrei POPESCU]

On Du, 27 iun 21, 11:50:59, Celejar wrote:
> On Sat, 26 Jun 2021 16:51:21 +0300
> Andrei POPESCU  wrote:
> 
> ...
> 
> > Well, apparently lots of people[1] seem very upset about and hell bent 
> > to change Signal's (the service) policies on federation, third-party 
> > clients, etc.
> > 
> > Why? There's Matrix, that already has all that. Why insist that 
> > everybody else has to do that as well? Live and let live, anyone?
> > 
> > [1] not referring to anyone in particular
> 
> Should we not criticize software and services that we find problematic
> just because alternatives exist? Moreover, I suspect that Signal's
> dominance plays a role in hindering the growth of things like Matrix -
> when all the privacy and security Big Names rave over Signal and push
> it so strongly, then due to network effects (within the privacy and
> security conscious community), it becomes more and more necessary to
> use it.

Criticizing is of course fair game, lumping it in together with 
WhatsApp, Facebook and Telegram seems excessive to me.
 
> (Please don't get me wrong - I agree that Signal is a far, far,
> superior alternative to WhatsApp, and that the difference between them
> is much greater than the difference between Signal and Matrix - I just
> mean that people always criticize the shortcomings of dominant software
> systems in order to promote the ones they consider preferable and to
> increase their usage, which renders them much more useful due to
> network effects.)

Yes, with the potential risk of doing more harm then good.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: LaTeX - Newer REVTEX on Debian ?

[Jerome BENOIT]

Hi,

this looks as a bibtex issue: did you update the bst ?

Otherwise, did you try to compose out of TeX Studio, for instance with command 
lines or latexmk ?

Cheers,
Jerome

On 28/06/2021 03:05, Robbi Nespu wrote:

On 6/27/21 2:41 PM, Robbi Nespu wrote:

Issuing bug on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990360


I trying to install it myself, where someone said there is a way how to 
override it

$ wget 
https://mirrors.concertpass.com/tex-archive/install/macros/latex/contrib/revtex.tds.zip
$ sudo unzip ~/Downloads/TeX/revtex.tds.zip -d /usr/local/share/texmf
$ sudo mktexlsr /usr/local/share/texmf
$ sudo texhash

But when I run TeX Studio, it still throwing me same issue.


line 29: Extra \endgroup. \begin{document}
line 29: Missing \begin{document}. \begin{document}
: Failed to recognize \@vspace, \@vspacer, \@no@pgbk, \@newline, and \\; no 
patches applied. Please get a more up-to-date class, .
line 101: Citation `feyn54' on page 1 undefined
line 102: Citation `witten2001' on page 1 undefined
line 102: Citation `epr' on page 1 undefined
line 102: Citation `Bire82' on page 1 undefined
line 106: Citation `feyn54' on page 1 undefined
line 106: Citation `witten2001' on page 1 undefined
line 106: Citation `epr' on page 1 undefined
line 106: Citation `Berman1983' on page 1 undefined
line 107: Citation `epr' on page 1 undefined
line 107: Citation `feyn54' on page 1 undefined
line 107: Citation `Bire82' on page 1 undefined
line 107: Citation `Berman1983' on page 1 undefined
line 134: Citation `Note1' on page 2 undefined
line 457: Citation `feyn54' on page 5 undefined
: No file aip-cp-samp.bbl.


Any input regarding this are welcome.

Re: Messed up Email

[Andrei POPESCU]

On Du, 27 iun 21, 11:27:39, Celejar wrote:
> On Sat, 26 Jun 2021 13:31:33 +0300
> Andrei POPESCU  wrote:
> > 
> > Could you elaborate on why in your opinion an entity providing a service 
> > should automatically accept connections from third-party clients and/or 
> > federate with other service providers?
> 
> Well, would you have no problem with a website that requires the site's
> own browser to function, and won't work with standard browsers? I agree
> that the site has the legal and even moral right to implement such a
> thing, but I wouldn't be happy about it.

The internet is big enough for all, user will chose.

If users flock to a closed service the correct thing to do is ask 
ourselves why they are doing this (besides the social network effect) 
and what is missing from the open alternatives.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature