Re: password set at installation of debian-10.10.0-amd64 not recognized
Hi. On Sun, Aug 15, 2021 at 08:49:49AM +0200, to...@tuxteam.de wrote: > On Sat, Aug 14, 2021 at 06:06:50PM -0400, Stefan Monnier wrote: > > > Nevertheless there are rare cases only root can make changes. > > > > You mean cases where `sudo zsh -l` is not an option? > > Up to now, there is exactly one case I am aware of when you'd wish > you had a root password: at boot, the root file system is deemed > too broken to mount, and you are told to fix it manually. > > Of course, there are ways around that, but all of them involve having > access to another living instance of an operating system, Booting an existing system with init=/bin/sh does not require one to know a root password, and allows full access nevertheless. Of course, a console access is required, but the same can be said about any kind of a rescue media. > Does anyone know other cases where you'd wish you had a root password? I can think of nothing, short of broken third-party software that insists on executing "su -". Reco
Re: Relatively boring bullseye upgrade reports
Hi. Let me join the party, I hope I'm not late. caiman: Marvell Armada 385-based router, Linksys WRT1200AC. Currently used as unmanaged switch. My only gripe with the upgrade was snmpd. Bullseye's version reordered just about everything in snmpd.conf. Reco
Re: Relatively boring bullseye upgrade reports
hc2: Samsung Exsynos 5422-based board, Odroid HC2 Currently stores backups. Nothing to report, the upgrade went smoothly. Reco
Re: Relatively boring bullseye upgrade reports
r2s: Rockchip 3328-based board, NanoPI R2S Home router, IPSec endpoint Nothing to report, the upgrade went smoothly. helios64: Kobol Helios64 board, same device name NAS Rebuilding custom packages was the longest part of the upgrade, but no problems otherwise. transmission-remote-cli did not make it into bullseye, will search for the replacement. pi: Broadcom 2835-based board, Raspberry Pi 1B RS232 redirector, backup SIM holder Gammu was removed from bullseye, probably will backport it from sid in the future. pi2: Broadcom 2710-based board, Raspberry Pi 3B GNSS receiver, runs proper Debian Nothing to report, the upgrade went smoothly. camel: QEMU VM, remote hosting, console access is available Secondary MX Exim4 configuration has changed somewhat between buster and bullseye, but it's nothing that vimdiff could not handle. Discovered new CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT option, will test it for a few days. Reco
Re: FOSS "BIOS" (UEFI) (was: Re: smart fans)
Hi. On Sun, Aug 22, 2021 at 07:25:34AM +0200, Emanuel Berg wrote: > > There is fancontrol (pwdconfig(1)) but I don't get it to > > work ... The BIOS (UEFI) can maybe be used but I don't > > have/use a mouse and I dislike the UI ... > > > > $ sudo dmidecode [...] > > This made me think, is there a FOSS "BIOS" (UEFI) that you can > install/flash to replace the manufacturer's? Coreboot is what you're thinking of. Supported motherboard's list is extremely limited though. Reco
Re: Relatively boring bullseye upgrade reports
Ok, serious things. male: QEMU VM, remote hosting, console access is available Primary MX, IPSec endpoint Upgrade was tricky, because IPSec tunnel was brought down during the upgrade. It went up, but I was required to bounce sshd from the console nevertheless. Replaced sysvinit with systemd-sysv while I was at it. Replaced sslh with nginx stream config for SSH/HTTPS multiplexing. i5378: Dell Inspiron 5378, 4Gb ram, 7th gen Intel Core, LXDE/openbox Secondary tool of the trade The upgrade took out my favorite Terminus font from the terminal emulator, (no)thanks to the upgraded fontconfig. Replaced Terminus with self-built OTB version. The upgrade of Icecast reverted all its passwords to the default, without any question asked. Got them back via git history (etckeeper). I'd expect a pitfall like this from RHEL. An internal NIC (ip link add type bridge) that I use for LXC showed NO-CARRIER unless at least one NIC was attached to it (worked differently in buster). Worked around that by adding dummy NIC (ip link add type dummy) to the bridge. LXC configs required numerous /cgroup/cgroup2/ replacements, but there's sed for that. Luckily, I do not have to run anything RHEL-based there. And no, I do not need that lxc-net screwing my netfilter rules. They've renamed obexd from bluez-obexd from good and proper Debian pathname to a horrible RH one. Had to fix my Bluetooth MAP script as the result. A small price for the distribution unification, I suppose. n10i5: Intel NUC N10I5, 8Gb ram, 10th gen Intel Core, LXDE/openbox Primary tool of the trade I forgot to clear apt pinnings before the upgrade, and was left with self-backported mesa, vaapi and libdrm. Nothing that 'apt install -t stable' could not handle though. See also i5378. There's that other VM (female, IPSec endpoint) left, and a half-dozen servers at the office, but it can wait until my vacation ends. My biggest surprises from all this: - most of my custom Apparmor profiles survived OS upgrades with no modifications at all. - most of custom rsyslogd filters continue to work as intended. - and the size of vmlinuz and initrd.img did not increase that much, which allowed me to leave u-boot configuration untouched. IMO - Debian 11 is a good release, transition to it is easy. Easier than 8->9 one (systemd was introduced) or 9->10 one (iptables -> nft, and "predictable" NIC names). But then again, it's not my first rodeo. Stuff I did beforehand just in case: # Thanks, I do not need *that* kind of predictability ln -sf /dev/null /etc/systemd/network/73-usb-net-by-mac.link # And I like my logs to be human-readable sed -r 's/#Storage=.*/Storage=volatile' /etc/systemd/journald.conf # ARM only, what's wrong with these ppl? systemctl mask systemd-pstore.service # SBCs, laptop and desktop # iostat and pidstat are cool, constant writes to /var/log/sysstat are # not systemctl mask sysstat-collect.timer sysstat-summary.timer Reco
Re: disk recovery question
Hi. On Tue, Aug 24, 2021 at 12:04:40PM +0300, Semih Ozlem wrote: > I accidentally turned my hard disk to swap (I was using a usb for swap, > when entering the command I wrote the wrong disk id). Can I recover the > disk to its previous form? Most of the files are likely were left intact, but the partition table is likely to be destroyed. I suggest doing the usual: 1) Immediately copy all disk contents by ddrescue (or equvalent) elsewhere. 2) Put the disk in question aside, do not attach it to anything. 3) Operate on disk copy from pt 1 only. 4) Install "testdisk" package, and feed your disk image to photorec (it's provided by "testdisk"). Reco
Re: Chromium/Buster constantly crashing
Hi. On Fri, Aug 27, 2021 at 08:25:51AM +0100, Ottavio Caruso wrote: > This is what I get after the crash, after launching chromium from the > terminal: > > [7966:7966:0827/075828.005688:ERROR:gpu_init.cc(426)] Passthrough is not > supported, GL is disabled > Fontconfig error: Cannot load default config file > Fontconfig error: Cannot load default config file > Received signal 11 SEGV_MAPERR > #0 0x55f90e2ed6b9 (/usr/lib/chromium/chromium+0x5b4b6b8) This shows one thing only - in the absence of the debugging symbols chromium cannot get a meaningful backtrace. > Anything I can get from that output? No, but you can get something useful this way: 1) Install "gdb-minimal" and "chromium-dbgsym". 2) Ensure that you have "core file size" (aka "ulimit -c") set to unlimited for the current shell. 3) Wait for the crash, locate the core dump. 4) Execute gdb to obtain a stack trace: gdb /usr/lib/chromium/chromium -batch -ex bt Reco
Re: How to avoid systemd/udev unpredictable NIC names
On Tue, Aug 31, 2021 at 01:32:32PM +0300, Andrei POPESCU wrote: > On Lu, 30 aug 21, 16:41:39, Greg Wooledge wrote: > > On Mon, Aug 30, 2021 at 10:20:46PM +0200, Steve Keller wrote: > > > I plan to upgrade a server from Debian stretch to buster. Having read > > > the release notes I wonder what's the best way to avoid the new scheme > > > of unpredictable network interface names. > > > > You say "server", so I'm guessing it has more than one NIC. That means > > the old way (net.ifnames=0) is not viable. > > > > Your best strategy is to create systemd.link(5) files, and give the NICs > > the names you want them to have, based on their MAC addresses. > > > > For example: > > > > unicorn:~$ cat /etc/systemd/network/10-lan0.link > > [Match] > > MACAddress=18:60:24:77:5c:ec > > > > [Link] > > Name=lan0 > > Another completely different approach is to use some other tool to > configure your network that can match on MAC address and just ignore the > names completely. Surely you meant ifupdown. auto mac/ab:cd:ef:12:34:56/=eth0 iface eth0 inet static address 192.168.1.123/24 gateway 192.168.1.1 dns-nameservers 192.168.1.1 And there's a small bonus of having to enable systemd-networkd and optionally systemd-resolved. This example was helpfully provided by /usr/share/doc/ifupdown/examples/pattern-matching. Reco
Re: /usr/sbin/reboot: disabled in systemd-nspawn container
Hi. On Sat, Sep 04, 2021 at 02:40:13PM +0200, sp...@caiway.net wrote: > Suddenly I can no longer reboot or poweroff my up-to-date > bullseye system: > > # reboot > /usr/sbin/reboot: disabled in systemd-nspawn container Unless I'm mistaken, these messages are not generated by systemd. In fact, there's nothing that resembles such messages in systemd sources. So, try this, for starters: /bin/systemd reboot And, what about these: ls -al /sbin/reboot file /sbin/reboot Reco
Re: /usr/sbin/reboot: disabled in systemd-nspawn container
On Sat, Sep 04, 2021 at 04:49:24PM +0200, sp...@caiway.net wrote: > On Sat, 4 Sep 2021 16:42:45 +0300 > Reco wrote: > > > Hi. > > > > On Sat, Sep 04, 2021 at 02:40:13PM +0200, sp...@caiway.net wrote: > > > Suddenly I can no longer reboot or poweroff my up-to-date > > > bullseye system: > > > > > > # reboot > > > /usr/sbin/reboot: disabled in systemd-nspawn container > > > > Unless I'm mistaken, these messages are not generated by systemd. > > In fact, there's nothing that resembles such messages in systemd > > sources. > > > > So, try this, for starters: > > > > /bin/systemd reboot > > > > # /bin/systemd reboot > Excess arguments. Er, I meant /bin/systemctl reboot. But anyway, > > file /sbin/reboot > > # file /sbin/reboot > /sbin/reboot: POSIX shell script, ASCII text executable That's not how it's supposed to be. Somehow these shell scripts replaced actual halt, reboot and poweroff. My suggestion: ln -sf /bin/systemctl /sbin/reboot ln -sf /bin/systemctl /sbin/halt ln -sf /bin/systemctl /sbin/poweroff Or, even better: apt install --reinstall systemd-sysv Reco
Re: 'sudo apt-get update' stall/error
Hi. On Mon, Sep 06, 2021 at 01:43:03AM +0200, Emanuel Berg wrote: > $ sudo apt-get update ... > address = get_proxy_host_port_from_avahi() > File "/usr/share/squid-deb-proxy-client/apt-avahi-discover", line 79, in > get_proxy_host_port_from_avahi ... > > Ideas? apt purge squid-deb-proxy-client, for starters. If you're using Squid as a proxy - just set the proxy in /etc/apt/apt.conf, like this: Acquire::http::Proxy "http://:3148"; If not - no further action is required. Reco
Re: debian-installer RAID question
Hi. On Sat, Sep 11, 2021 at 06:55:56PM +0200, Felix Natter wrote: > My question is: How does d-i know how the individual HDDs were combined > into a RAID1? mdraid stores its metadata on each drive that belongs to the RAID. Whenever it's the beginning of the drive, or the end of it - depends on mdraid metadata version - mdadm(8). At least three things are stored on each drive: - mdraid metadata version - UUID of RAID array itself - hostname that was used to create an array. So, answering your question - d-i does not have to know all this. It's kernel's job to detect your drives, and userspace's (mdadm) one to search for mdraid metadata and assemble an appropriate array from the detected drives. RAID array assembly merely signals the kernel to consider a set of drives an array. tl;dr version. Each time you run "mdadm --detail --scan" all parts of the result are taken from the metadata that's stored on each drive. > The same thing applies when I boot a GNU/Linux rescue system: I think I > can mount the RAID1 if I know the member partitions and type of RAID > using mdadm? The general answer is - you have to assemble (mdadm -A) your array first. Before the assembly you have to know which arrays you have, hence the need of "mdadm --detail --scan", or /etc/mdadm.conf. Any rescue system worthy of its title should perform mdraid assembly for you. Reco
Re: run script after updating package
Hi. On Wed, Sep 15, 2021 at 11:32:14AM +0200, Philipp Ewald wrote: > is there a way, where i can run a script after updating a spezial package? Yes, and it's called "dpkg triggers" - [1]. > I have found this: APT::Update::Post-Invoke {"/thinks/to/do.sh";} > This would be workaround but nice would be to only run after a spezial > package was updatet. That will run on any package install, upgrade, removal, and it takes no arguments. I.e. it's purpose is way too broad and it is intended for other tasks. Like needrestart or filesystem remounting. Reco [1] https://wiki.debian.org/DpkgTriggers
Re: Debian 11: evince and apparmor flood kernel log
Hi. On Fri, Sep 17, 2021 at 10:54:32PM +0200, Roger Price wrote: > I solved the problem by switching to mupdf, but mupdf is not as complete as > evince. It's customary to add "YMMV" to such statements. Just saying. > Is there some way of calming evince+appamor? Pick whatever suits you: Quick-and-dirty, but wrong way (apparmor is good, do not disable it unless you know what you're doing): /usr/sbin/aa-disable /usr/bin/evince Easy, but wrong way (aa-logprof is only good for user-defined profiles, and you *will* get complicated upgrades): aa-logprof # accept whatever the thing will show you A correct way, but it may require more than one iteration: echo '/mnt/home/rprice/.local/share/gvfs-metadata/home r,' >> /etc/apparmor.d/local/usr.bin/evince aa-complain /usr/bin/evince aa-enforce /usr/bin/evince Reco
Re: How do I clone a Debian Distro from a 32Gb Class 10 MicroSD card to a 16Gb Class 10 A1 MicroSD card?
Hi. On Sat, Sep 18, 2021 at 12:35:13PM +0100, Myron wrote: > This is relatively easy to do on Windows. This is true only if you're using that sad excuse for a filesystem called NTFS. > No clue how to do this with Linux. 1) Plug-in source card, use dump(8) to backup the contents of its filesystem. 2) Plug-in target card, create appropriate partition(s) on it. 3) Make the needed amount of filesystems on a target SD card. For ext4 you'll want to use -U option of mkfs to clone filesystem UUIDs (i.e. UUID on the target card must be the same compared to the source one). 4) Use restore(8) to recreate filesystem(s) contents on a target card. 5) Unmount filesystems made on a target card. Reco
Re: How do I clone a Debian Distro from a 32Gb Class 10 MicroSD card to a 16Gb Class 10 A1 MicroSD card?
On Sat, Sep 18, 2021 at 08:01:34AM -0400, The Wanderer wrote: > On 2021-09-18 at 07:53, Reco wrote: > >> No clue how to do this with Linux. > > > > 1) Plug-in source card, use dump(8) to backup the contents of its > > filesystem. > > 2) Plug-in target card, create appropriate partition(s) on it. > > 3) Make the needed amount of filesystems on a target SD card. > > For ext4 you'll want to use -U option of mkfs to clone filesystem UUIDs > > (i.e. UUID on the target card must be the same compared to the source > > one). > > 4) Use restore(8) to recreate filesystem(s) contents on a target card. > > 5) Unmount filesystems made on a target card. > > Will this really be enough? OP specified that it's a >> single board system-on-a-chip computer So it is usually enough. > I'd expect that you'd also need to bring across the bootability > configuration, which - depending on how it's set up on that particular > device - might well require additional steps. If it's a really broken SBC, like, for instance Ordroid N2 or Exynos 5422 (aka Odroid XU4) - then yes, you'll have to also write about 1Mb of non-free blobs at the start of the card, and without overwriting any partition contents. > For hard-drive installs you're likely to have a GRUB installation, which > wouldn't be brought across by a measure like this. I doubt that GRUB will come into play in this scenario. You probably meant u-boot. GRUB does not have ARM port at all, unless it's an ARM64 server we're talking about here. And even then it'll be GRUB-EFI, which merely requires copying grub.aarch64 to EFI FAT fs. > For a SD-card-based install I'm not sure, but I'd be a bit surprised > to learn that no such non-filesystem-based configuration is necessary. A canonical example - Raspberry Pi. You just have to clone partition UUIDs, and fill first partition with Broadcom blobs. That's it, nothing more complex is required. RPi have their share of deficiencies and simply are broken by design in some regards, but the their boot process is as straightforward as possible. Reco
Re: How do I clone a Debian Distro from a 32Gb Class 10 MicroSD card to a 16Gb Class 10 A1 MicroSD card?
On Sat, Sep 18, 2021 at 08:39:41AM -0400, The Wanderer wrote: > I'm used to seeing ISOLINUX for bootable CDs, and something (I've never > been sure what) for bootable USB drives, but have/had never learned what > was/is used for bootability on SD cards. It's simple. First, you look at the processor's architecture. GRUB is used on x86, modern POWER (think IBM p-Series) and ARM64 (but you have to use a server hardware for that). For x86 there's also syslinux, lilo, and direct UEFI kernel boot (aka EFIStub). Older POWER (and PowerPCs) used kboot, but I have no personal experience with them. u-boot is ARM and ARM64, maybe RISC-V (no personal experience with that). silo is for UltraSPARCs. I even do not want to know what they're using on MIPS, HPPA or Itanium for boot, but there's definitely something. Next you look at the platform-specific detail. For x86 the biggest (and only) choice you have is between BIOS and UEFI. For ARM it's somewhat rough, but manageable if you happen to have an appropriate datasheet. Theoretically, each SOC has its own, unique way of booting. Practically acquiring right u-boot configuration and patches is all it takes. UltraSPARCs and modern POWERs are easy (you have no choice, that is), but good luck on getting the hardware. It's costly, and barring that Talos thing comes in the form of a typical rack-mount server. And whatever you're using as a boot media does not matter at all, unless you're doing something very exotic, like [1]. Reco [1] https://github.com/raspberrypi/linux/issues/3178
Re: Development permissions
Hi. On Tue, Sep 21, 2021 at 11:09:41PM -0400, Paul M. Foster wrote: > Without setting directory and file permissions to 777, how do you > allow the above? What combinations of groups, directory > owners/permissions and file owners/permissions might make this > possible? Solution #1: 1) Make a group, add users to it. 2) Chgrp directory to the group from step 1. 3) Set directory permissions to 2770 (i.e. you will need setgid on directory), or 2775 if you need world-readable directory. 4) Ensure users' umask is set to 0007. Solution #2: Set ACL to u::rwx on a directory, and make sure it made to the "default" set of permissions (i.e. you'll need setfacl -d). Reco
Re: Access to files in wiki.debian.org.
Hi. On Wed, Sep 22, 2021 at 03:15:29PM +0700, Ken Heard wrote: > Does anybody know when access to wiki.debian.org will be opened? 1) apt install tor 2) configure your browser to use tor Reco
Re: Development permissions
Hi. On Fri, Sep 24, 2021 at 10:22:00AM +0200, Alex Mestiashvili wrote: > On 9/22/21 8:53 AM, Reco wrote: > > Hi. > > > > On Tue, Sep 21, 2021 at 11:09:41PM -0400, Paul M. Foster wrote: > > > Without setting directory and file permissions to 777, how do you > > > allow the above? What combinations of groups, directory > > > owners/permissions and file owners/permissions might make this > > > possible? > > > > Solution #1: > > > > 1) Make a group, add users to it. > > 2) Chgrp directory to the group from step 1. > > 3) Set directory permissions to 2770 (i.e. you will need setgid on > > directory), or 2775 if you need world-readable directory. > > 4) Ensure users' umask is set to 0007. > > > > > > Solution #2: > > > > Set ACL to u::rwx on a directory, and make sure it made to the > > "default" set of permissions (i.e. you'll need setfacl -d). > > In addition to umask and acl, there is also a FUSE based bindfs. FUSE = slow + CPU wastage Using a filesystem the way it was intended is much cleaner solution. Reco
Re: Development permissions
Hi. On Fri, Sep 24, 2021 at 01:59:58PM +0200, to...@tuxteam.de wrote: > On Fri, Sep 24, 2021 at 12:27:56PM +0300, Reco wrote: > > [...] > > > FUSE = slow + CPU wastage > > > > Using a filesystem the way it was intended is much cleaner solution. > > On the flip side, using an in-kernel file system is running code > in kernel space which was conceived and written in happier times. I cannot see what's exactly wrong with ext4 these days. Unless you have something against IBM/RH that is. And by using FUSE one does not get a magical safeguard against kernel panics and processes in D-state. > Back then you could more or less safely assume that a file system > image wasn't out to kill you. These days, though... Oh. Citation needed. Curious minds want to know. How exactly one can produce a filesystem image that tries to get you? Just in case, I'm asking out of mere curiosity, not with an intent on using said image on somebody ;) Reco
Re: Development permissions
Hi. On Fri, Sep 24, 2021 at 11:47:20AM +0200, Alex Mestiashvili wrote: > On 9/24/21 11:27 AM, Reco wrote: > > Hi. > > > > On Fri, Sep 24, 2021 at 10:22:00AM +0200, Alex Mestiashvili wrote: > > > On 9/22/21 8:53 AM, Reco wrote: > > > > Hi. > > > > > > > > On Tue, Sep 21, 2021 at 11:09:41PM -0400, Paul M. Foster wrote: > > > > > Without setting directory and file permissions to 777, how do you > > > > > allow the above? What combinations of groups, directory > > > > > owners/permissions and file owners/permissions might make this > > > > > possible? > > > > > > > > Solution #1: > > > > > > > > 1) Make a group, add users to it. > > > > 2) Chgrp directory to the group from step 1. > > > > 3) Set directory permissions to 2770 (i.e. you will need setgid on > > > > directory), or 2775 if you need world-readable directory. > > > > 4) Ensure users' umask is set to 0007. > > > > > > > > > > > > Solution #2: > > > > > > > > Set ACL to u::rwx on a directory, and make sure it made to the > > > > "default" set of permissions (i.e. you'll need setfacl -d). > > > > > > In addition to umask and acl, there is also a FUSE based bindfs. > > > > FUSE = slow + CPU wastage > > Well, fast enough and CPU time is cheap ;) An old argument. How exactly I can replace CPU on my Raspberry Pi 1B which is still in service and doing its job? > Setting umask might be insecure/problematic for non-unix people. > Not every filesystem support ACL. Every filesystem that's worthy of such title does support ACL. Inperfect filesystems do not indeed, but replacing a filesystem is much easier than replacing a CPU. > Bindfs is just another useful tool... That's something I agree with. Every tool has its purpose, and surely bindfs has one too. But using a tool outside of its purpose instantly transforms a tool to a kludge. > > Using a filesystem the way it was intended is much cleaner solution. > ACL is a workaround for the "intended unix permissions" isn't? That's one option about it. Another one is ACL is an evolution of POSIX filesystem permissions. Whichever you prefer, of course. Reco
Re: How do I clone a Debian Distro from a 32Gb Class 10 MicroSD card to a 16Gb Class 10 A1 MicroSD card?
Hi. Please do not top-post. On Mon, Sep 27, 2021 at 01:36:59PM +0100, Myron wrote: > This is on a Lemaker BananaPro SoC board running on Armbian. I.e. - not Debian, but Debian derivative. In this particular case it actually matters. > There is one partition on it and it's EXT4 that takes up the entire 32Gb > MicroSD card. 1) Locate u-boot install script on a source filesystem, usually it is /usr/lib/u-boot/platform_install.sh. Read it, understand it. It's a fancy wrapper to dd(1). 2) Proceed with copying filesystem contents as outlined in previous e-mail. 3) Run /usr/lib/u-boot/platform_install.sh on a target SD card. Reco
Re: USB network adapter with no connectivity
Hi. On Tue, Sep 28, 2021 at 09:36:08AM -0500, Angel Rengifo Cancino wrote: > I'm running Proxmox 7 which is based on Debian Bullseye (11). Yet it uses their kernel, not the one provided by Debian. Given the nature of the your problem, it is an important distinction. > According to what ethtool reports, there's Link detection on this network > adapter. Does "ip a" show BROADCAST,MULTICAST,UP or BROADCAST,MULTICAST,MASTER,UP,NO-CARRIER? > Any ideas? Is this USB 3.0 adapter supposed to work when connected to a USB > 2.0 port? If you're seeing something with the ethtool - this adapter certainly does work somehow. You'd see the lack of NIC otherwise. I'd start with disabling auto-negotiation (you do have ethtool, after all), and forcing the link to 100 Mbps half-duplex. If it does work - I'd try 100 Mbps full-duplex and only then I'd move to 1 Gbps. If it does not - I suggest replacing your device with something USB 2.0-compliant, anything that uses asix kernel module should do. Oh, and check the Ethernet cable. These USB NICs are (in)famous for inability to convert cross-over cables to straight ones and vise-versa. Reco
Re: USB network adapter with no connectivity
On Tue, Sep 28, 2021 at 10:47:15AM -0500, Angel Rengifo Cancino wrote: > > Does "ip a" show BROADCAST,MULTICAST,UP or > > BROADCAST,MULTICAST,MASTER,UP,NO-CARRIER? > > > > This is how it looks: > > 6: enx42f2e9ecec39: mtu 1500 qdisc > pfifo_fast state UNKNOWN group default qlen 1000 The good news are - carrier detection appear to work. There's no need to get that cross-over cable. The bad news are - since you're seeing the lack of ingress traffic in tcpdump - it may be a lie ;) Reco
Re: "Proper" filesystem for Debian installed on a flash drive
Hi. On Wed, Sep 29, 2021 at 07:59:50AM -0500, Nate Bargmann wrote: > A test run with KDE Plasma shows that performance is acceptable even > with EXT4 as the file system. I now have some SanDisk Ultra Fit flash > drives arriving in 128GB capacity (overkill, oh well). I am now > considering what file system would be proper to use in this case. A plain ext4 with the 'discard' mount option will do just fine. > I understand that the journal can be disabled when using EXT4 to save > writes which is probably fine (this system will be non-critical). It's possible to do, but it is not needed that much. If you're trying to conserve drive's resources - just write less on it. I.e. redirecting .xsession-errors to /dev/null, removing that annoying /var/log/journal directory, adding a good set of filters to rsyslog, etc. For instance, this low-cost SSD that I use in my laptop endured about 1.8 Tb writes over 3.5 year usage, and shows no signs of degradation. >I've also seen that F2FS has been available in the kernel since 3.8, >but I'm unsure whether the installer from a Debian live CD will offer >it as a choice. They do not do it, because to F2FS is designed to operate over raw NAND chips, not typical SATA/NVMe controller. In layman terms, F2FS is something that's suitable for your phone, or your router, but not your PC. So again, it's possible to do, but again, it's not really needed. Reco
Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)
Hi. On Wed, Sep 29, 2021 at 03:36:29PM -0400, Greg Wooledge wrote: > Debian doesn't use "iwd" (whatever that is) to configure network > interfaces. Whatever created this file, it's not being used. That statement is incorrect. Even then "Debian" actually means "an OS installation", iwd is a part of the main archive, iwd can be installed by user, and iwd can be used to configure IEEE 802.11-compliant network interface. Whenever the file mentioned should be used by iwd in any way is a different question, of course. > Debian uses /etc/network/intefaces, which is a file documented by the > man page interfaces(5). Any interface that's correctly defined in this > file will be configured by it. Not entirely correct. interfaces(5) is only used by either ifupdown or ifupdown2. While the former has "important" priority (the latter is "optional") in bullseye, it's still possible to run Debian, but have no ifupdown or ifupdown2 installed. And even the "correct configuration" of IEEE 802.11-compliant interface at interfaces(5) will do no good unless wpasupplicant (which has "optional" priority) is installed. > If network-manager (NM) is installed, it will try to configure any > interfaces that are *not* defined in /etc/network/interfaces. Pretty accurate description, barring the fact that NetworkManager by itself cannot actually configure 802.11-compliant device. It uses wpasupplicant (which iwd is an alternative for) to do that. > Debian also allows you to configure interfaces using some crazy systemd > thing. Such a harsh description of a poor systemd-networkd. And calling a simple set of plain-text configuration files "crazy" is way too close to exaggeration. "No popular Linux distribution is using systemd-networkd by default" is much closer to the truth. Reco
Re: "Proper" filesystem for Debian installed on a flash drive
Hi. On Wed, Sep 29, 2021 at 08:55:31PM -0500, Nate Bargmann wrote: > * On 2021 29 Sep 09:47 -0500, Reco wrote: > > On Wed, Sep 29, 2021 at 07:59:50AM -0500, Nate Bargmann wrote: > > > A test run with KDE Plasma shows that performance is acceptable even > > > with EXT4 as the file system. I now have some SanDisk Ultra Fit flash > > > drives arriving in 128GB capacity (overkill, oh well). I am now > > > considering what file system would be proper to use in this case. > > > > A plain ext4 with the 'discard' mount option will do just fine. > > From the ext4(5) man page: > >discard/nodiscard > Controls whether ext4 should issue discard/TRIM commands to the > underlying block device when blocks are freed. This is useful > for SSD devices and sparse/thinly‐provisioned LUNs, but it is > off by default until sufficient testing has been done. > > LUN? That's new to me. You have to live in a dull enterprise world to use that usually. Take a disk array, partition it one way or another, provide the resulting LUN (i.e. part of the array) to the consumer (server) via FibreChannel. iSCSI has the notion of LUNs too, but to be frank - iSCSI is an overkill for the consumer hardware, and mostly useless if you have FC. And the idea of transferring I/O over TCP is questionable to say the least. > That leads me to think that discard could be problematic on some > devices. It's possible. Luckily, they usually blacklist such problematic SSDs in the kernel itself. I.e. it will function, but TRIM will be ignored. The best way of avoiding such problem is simply not to buy cheap Chinese no-name SSDs. Oh, and ADATA. Never buy *anything* that's produced by them. > Does a USB flash drive fall into that category? Not each USB drive gives you TRIM. Different controller, worse chips, entirely different SCSI commands subset. A typical SD card usually does provide TRIM on the other hand. May depend on a card reader of course. > I've no problem using anacron to run an fstrim(8) job every so often > if discard is thought to be too aggressive. Consider enabling e2scrub if you're running bullseye. Requires LVM, but provides you fsck and fstrim on a mounted filesystem. Disabled by default though. > > > > I understand that the journal can be disabled when using EXT4 to save > > > writes which is probably fine (this system will be non-critical). > > > > It's possible to do, but it is not needed that much. > > If you're trying to conserve drive's resources - just write less on it. > > I.e. redirecting .xsession-errors to /dev/null, removing that annoying > > /var/log/journal directory, adding a good set of filters to rsyslog, > > etc. > > > > For instance, this low-cost SSD that I use in my laptop endured about > > 1.8 Tb writes over 3.5 year usage, and shows no signs of degradation. > > Presumably there is a difference between an SSD which expects a lot of > writes and a USB flash drive that expects relatively few by comparison > used in the role of an SSD/HDD, not? Yup, a crucial one. Modern SSDs, especially good ones (Samsung tend producing those), have impressive durability. You literally need to write tens of terabytes on it to damage it, and the only thing you need to worry about is overheating. USB sticks are just as that - throwaway garbage not guaranteed to survive a single write on it. Form-factor is smaller, and they're detachable, but these are the only redeeming qualities of them. Reco
Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
On Thu, Sep 30, 2021 at 03:15:09PM +0300, Anssi Saari wrote: > Stella Ashburne writes: > > > I also installed the package resolvconf because I need to use it with > > openvpn. > > If you mean you want to use the old script update-resolv-conf with > openvpn, I never got that to do the right thing with any > reliability. Works for me since Debian squeeze. The script in question does not do anything more fancy than calling "resolvconf -a" and "resolvconf -d" anyway. Of course, if you intend to use openvpn-provided DNS list only, things will be more complicated. Reco
Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
Hi. On Thu, Sep 30, 2021 at 03:41:27PM +0200, Stella Ashburne wrote: > > Of course, if you intend to use openvpn-provided DNS list only, things > > will be more complicated. > > > What did you mean by "openvpn-provided DNS list only"? I didn't know that > OpenVPN provides a list of DNS resolvers? I did not mean the company behind the OpenVPN. What I meant is a list of DNS servers that can be announced by openvpn server one's connecting to. I.e. that particular list that can be processed on a client by /etc/openvpn/update-resolv-conf . The limitation of update-resolv-conf in its current (as of bullseye) form is that it does nothing to the list of the resolvers that are configured already before the openvpn handshake. Which could lead to DNS leaks, which are considered a bad thing by some. Back in the day I solved that problem by using a custom dnsmasq config and a handful of netfilter rules, these days I just use network namespaces. Reco
Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
On Thu, Sep 30, 2021 at 04:06:09PM +0200, Stella Ashburne wrote: > Based on the above description, do you think that update-resolv-conf in > Bullseye will leak the IP addresses of my ISP's DNS resolvers? It's impossible to tell. DNS is a simple L7 protocol, so DNS queries can be easily routed to any DNS by whoever controls your network. I know because at my home LAN each and every device uses *my* DNS regardless of what it want. I don't need my DNS queries processed by Google and Cloudflare, and every reasonable person caring about their actual privacy will want the same. I had a somewhat different concern - how to prevent public/ISP DNS to see DNS queries that apply to my employer LAN, and direct those to my employer's DNSes. And, of course, how to direct DNS queries concerning Internet resources at the proper place - i.e. public/ISP DNS. I mean, if your concern is to hide your IP from yours ISP - consider using Tor/I2P instead of some random openvpn server operated by $DEITY knows who. If you do not trust your ISP whom you're paying to - there's no reason to trust a random VPN provider. And both Tor and I2P are much easier to setup than any kind of VPN client. Even better yet - do some research on FreedomBox project. These guys did it all for you already. > > Back in the day I solved that problem by using a custom dnsmasq config > > and a handful of netfilter rules, these days I just use network namespaces. > > > Would you like to show me how to use network namespaces to solve the > problems when using update-resolv-conf? The short answer is - it's not possible to do it this way. The long answer is: You need a "networkless environment" in any form. LXC container with lo interface only will do. You write your own wrapper for iproute, that creates a network interface (I use macvlan, but YMMV) inside the container once openvpn "connection" is established, and sets an appropriate IP/route to that interface. You modify update-resolv-conf (or better yet - write your own) which runs resolvconf inside the container. That way you keep your host free from the hassle of modifying /etc/resolv.conf and IP routing table, and keep whatever openvpn advertises you inside the container. It may sound a bit involved, but it's the easiest way for me to deal with the abforementioned problem. Before you ask - no, I won't share whatever scripts I wrote for this. Their contents are private. Reco
Re: How do I clone a Debian Distro from a 32Gb Class 10 MicroSD card to a 16Gb Class 10 A1 MicroSD card?
Hi. On Thu, Sep 30, 2021 at 04:26:18PM +0100, Myron wrote: > Armbian's website was not clear which one was "Debian" and which > one was "Ubuntu". Well, Armbian is a separate distribution which is not Debian and not Ubuntu. Whichever distribution they choose to "base" their userland hardly matters in this context. > > If you're using dump/restore for this - there are none. Just make sure > > you keep filesystem's UUID the same. > > If, for instance, you'd use tar(1) or cp(1) to copy files - some > > filesystem-specific extended attributes would be lost. > > It would not render the OS unbootable (or unusable), but it would lead > > to some funny breakage (like /bin/ping is working for root only). > > Here is where my mistake is costing me a little. Where and how do I get > dump and restore? apt install dump Simple as that. Again, it's totally possible to use any sufficiently modern x86 Linux distribution for this task you have. And a SD card reader, of course. > Yes, I have the USB-TTL cable ready and waiting. So far it's got me out of > a few I've-locked-myself-out-again situations leaving the only option to > use the USB-TTL. > > There is something I'm reading about using resize2fs and fdisk to shrink > the file system and partition, but I don't exactly understand the erasure > and re-creation of the partition using fdisk. That's the exact reason I tend to use LVM whenever possible. Enlarging a conventional partition has it's share of quirks, but reducing the partition is the definition of pain. > Does it mean that if I remove the partition and then re-create the > partition from the same starting block as the old partition, that the data > on the MicroSD card will not actually be erased, but will be encapsulated > by the new smaller partition? Haha. You won't be able to do that, Red Hat took care of it back in 3.2 kernel days. You cannot cannot change a partition layout on a block device which has any filesystem mounted (or swap is used), the kernel won't permit you to do that. Red Hat deserved and deserves whatever things IBM is doing to them now, let's leave it at this. Moreover, even if was possible, you'd need to shrink the filesystem first, or you will damage it. And shrinking a mounted ext4 is impossible. > Does that make any sense? Back in good old days of 2.6 kernel that was the way of doing it, more or less. But no more. > I know. It's not advisable to resize a live root partition. It's plain and downright impossible, unless you're using LVM. And even then it's filesystem-specific, which excludes ext4 for instance. Sorry to bring you the bad news. > Maybe create a live boot Linux CD or USB with Gparted on it and do it > that way? On SBC itself? Convincing u-boot to perform a boot from CDROM is something that they designate Adult Only Entertainment :) And we're trying to keep this list PG-13 clean here :) Being serious, I do not even know where to begin patching u-boot for this - you'll need ISO9660/UDF support, more-or-less complete SCSI command set implementation and a good chunk of code they deliberately keep at xorriso, and I'm sure I'm missing something here. Or have you mean a bystander PC? Given a card reader all one actually needs is dump/restore, parted and dd. A live distribution surely has all this, but it's an overkill. Much more realistic way of doing this is simply boot the needed "rescue" kernel, devicetree and initrd via TFTP. Most variants of u-boot I've encountered so far have the ability to boot over the network. I'm pretty sure that Armbian does not disable that (although I do not have that exact SBC that you have). Obviously it requires TFTP server, dnsmasq will do just fine. Reco
Re: Upgrading binary: nginx
Hi. On Sat, Oct 02, 2021 at 12:03:36PM +0200, pk wrote: > I got this message when installing nginx-light today. What does it > mean and where does it come from? I could not grep it in the > nginx-light .deb. It's the usual nginx behaviour on restart. Instead of shutting down nginx completely and then running a new set of nginx processes it merely re-executes the same binary in each its process. The end result is the same (i.e. you have fresh set of processes running from an updated binary), the implementation requires some creative coding (which is why nginx has it, and apache does not). tl;dr version - nginx did what it was supposed to. Reco
Re: How to configure the network ethernet?
On Mon, Oct 04, 2021 at 12:10:39AM -0600, William Torrez Corea wrote: > enp7s0: mtu 1500 qdisc pfifo_fast state It says here - NO-CARRIER, which could mean that: 1) Your Ethernet cable is damaged. 2) Your card fails to negotiate speed and duplex settings. The usual troubleshooting steps here are: 1) Replace the Ethernet cable. 2) Install ethtool, use it to disable autonegotiation, and try setting the speed and duplex by hand. Failing that, replacing network card produced by Dell with something more proper is always an option. Reco
Re: LibreOffice slower after upgrade to Debian 11
Hi. On Tue, Oct 05, 2021 at 02:13:10PM +, L Dimov wrote: > LibreOffice Writer and Impress became unbearably slow when cropping or moving > images around on the page. Also Impress was super slow o page through when > the presentation contained a background image on all slides (but used to be > instant in Debian 10, on the same laptop). I read a post from a few years ago > that running: > apt-get remove libreoffice-gtk3 > would speed things up, so I run it and it sure did take care of that issue. > But now the appearance of LibreOffice and the options that you get when you > save or open files and browse for them are changed, and not in a helpful way. apt-get install libreoffice-qt5 Reco
Re: You have been removed from the list (repeatedly)
Hi. On Tue, Oct 05, 2021 at 04:40:41PM -0400, Greg Wooledge wrote: > Is this happening to anyone else? Not yet. > Is there anything I can do to stop it, other than simply > re-subscribing every time I post? It says there plain and clear: > > When in doubt, ... or send mail to "postmaster". Lists' postmasters were very helpful in pointing at errors in my setup when I had the problems with the list in the past. Mail them, ask for help. The most probable cause of your troubles - you do not have DMARC policy published, which means the whole Internet could send bounces to the list on your behalf. SPF policy that you have published is not enough. > What is this "vps268904.ovh.net", "whois ovh.net" will tell you all you need to know about it, specifically - an abuse e-mail. Consider sending an e-mail there as well. Long story short - that host belongs to OVH, one of the Europe largest hosting provider, and it's withing their power to excommunicate one of their clients. > why is it sending messages with the subject "**stop**", Because it's host owner who misconfigured that sorry excuse for an MTA called "Kerio Connect", so it's sending bounces. > why do no such messages appear in the web archive of debian-user, Because the list archive does not store bounces. > and why are these messages causing me to become unsubscribed? This e-mail is the consequence, not the reason of it. After all, it says "we have already unsubscribed", so it was some other e-mail that got you into this trouble. > My best guess is that someone is spamming debian-user, the messages are > being sent to everyone, my local MTA's spam filters are blocking them, > and the mailing list is getting mad at me for blocking the spam that it's > sending to me. Silently discarding spam was always OK. Replying to the spammer via list was not and is not. Bouncing spammer e-mail (which could happen due to MTA misconfiguration on your part) will get you removed from the list. Reco
Re: network problem
Hi. On Tue, Oct 05, 2021 at 10:00:45PM +0200, Pierre Frenkiel wrote: > hi, > I have the following problem on my laptop. > my /etc/network/interfaces file contains: >auto enp0s1 >iface enp0s1 inet static >address 192.168.1.10 >netmask 255.255.255.0 >gateway 192.168.1.1 That's probably Ok. >but after boot, ifconfig gives > >address 192.168.0.163 >netmask 255.255.255.0 >gateway 192.168.1.1 And that is not. First, ifconfig is not able to show you IP routing, so please be more specific at how exactly you've got this result. Second, it's impossible to have a working default gateway that's outside the subnet you're having, and it's exactly what you have here. >Then, networking works i.e. I can reach Internet, but of course >not my desktop and other devices 192.168.1.xx Third, the whole purpose of default gateway is to let you communicate with host that are outside your subnet. >rather strange, isn't it? dpkg -l 'ifupdown*' dpkg -l 'network*' Reco
Re: You have been removed from the list (repeatedly)
On Wed, Oct 06, 2021 at 07:39:26AM -0400, Greg Wooledge wrote: > On Wed, Oct 06, 2021 at 08:27:36AM +0300, Reco wrote: > > On Tue, Oct 05, 2021 at 04:40:41PM -0400, Greg Wooledge wrote: > > > Is there anything I can do to stop it, other than simply > > > re-subscribing every time I post? > > > > It says there plain and clear: > > > > > > When in doubt, ... or send mail to "postmaster". > > > > Lists' postmasters were very helpful in pointing at errors in my setup > > when I had the problems with the list in the past. Mail them, ask for > > help. > > That paragraph is telling me to talk to "postmas...@wooledge.org" which > is, unfortunately, me. There's no harm in asking for help from lists' postmaster, given a circumstances like this. I'm sure you're familiar with [1]. > > The most probable cause of your troubles - you do not have DMARC policy > > published, which means the whole Internet could send bounces to the list > > on your behalf. SPF policy that you have published is not enough. > > Another thing I have to learn?! Crap. Well, maybe some day I'll find > the time and energy to think about it. Some consider SMTP an old protocol, but it's a moving target actually. Even a perfect setup can get outdated with time. And, DMARC is a simple TXT DNS record, unless you want to implement a proper checking of receiving mails. > I still don't understand how a bounce message that was received by > the Debian mail server ("Delivered-To: lists-debian-u...@bendel.debian.org") > with a "From postmas...@vps268904.ovh.net" on top of it can cause *me* > to become unsubscribed. The only place my email address is mentioned > is at the top of the body. It's my understanding that this particular bounce did not get you unsubscribed. It's a consequence. There was another, earlier bounce that did, which is a reason. I may be wrong here, of course. I haven't seen the logs of your qmail, for starters. > Is a message sent from Alice to lists-debian-u...@bendel.debian.org with > Bob's address at the top of the body considered a "bounce from Bob"? > That sounds like a huge bug in bendel.debian.org to me. It may seem that way, but it's not. Your e-mail address is a part of the e-mail body, and does not included in e-mail headers. And headers are pretty clear on who's the sender is. > Either that, or they're not showing me enough context to understand how > this particular message from ovh.net got *me* in trouble. IMO you're looking at the wrong e-mail. > I guess the only thing I can do *right now* is hope that whoever this > ovh user is, they'll fix their setup and/or *actually* unsubscribe > instead of just thinking they have unsubbed. Of course they won't. Why should they bother with fixing anything if it does not break anything *for them*? Receiving a "friendly" advice (in other words - be a good netizen or take your spam machine elsewhere) from their hosting provider can do the trick. And sending an abuse e-mail is the actual action you *can* do right now. Reco [1] https://www.debian.org/MailingLists/
Re: You have been removed from the list (repeatedly)
Hi. On Wed, Oct 06, 2021 at 11:43:02AM +, Andrew M.A. Cater wrote: > On Wed, Oct 06, 2021 at 07:39:26AM -0400, Greg Wooledge wrote: > > On Wed, Oct 06, 2021 at 08:27:36AM +0300, Reco wrote: > > > On Tue, Oct 05, 2021 at 04:40:41PM -0400, Greg Wooledge wrote: > > > > Is there anything I can do to stop it, other than simply > > > > re-subscribing every time I post? > > > > > > It says there plain and clear: > > > > > > > > When in doubt, ... or send mail to "postmaster". > > > > > > Lists' postmasters were very helpful in pointing at errors in my setup > > > when I had the problems with the list in the past. Mail them, ask for > > > help. > > > > I just got bounced and have resubscribed :( And the most interesting thing is that your domain does not have DMARC policy, but has SPF. Same as Greg. We just need someone else to finish establishing the pattern here. Reco
Re: Issue with kernel 5.10.0-9-*?
Hi. On Sat, Oct 09, 2021 at 10:00:06PM +0200, Hans wrote: > My system is debian/stable. > As now the new kernel version is released, which is 5.10.0-9-amd64, I updated > from 0-8-amd64 to 0-9-amd64. > > But, with this kernel I discovered, that the network traffic massively > increased. I am not sure, what is causing this. Examining with wiresharḱ and > also the syslog file, it looks like it has something to do with ntp. Also the > broadcast messages are more than normal. I cannot confirm your observations. I have a small (<10 hosts) LAN all running Debian stable. NTP is used for time synchronization. Just like you, I've upgraded yesterday, and hosts are running kernel version 5.10.0-9 (only one of them runs amd64 though). I see nothing unusual in both tcpdump and ulogd2 (I use it for the traffic accounting). Specifically, there's nothing unusual in NTP packets, be it their size or quantity. Reco
Re: Then it happened to me...
Hi. On Fri, Oct 08, 2021 at 01:10:58PM -0400, Dan Ritter wrote: > It just happened to me. And it still happens. Date: Sun, 10 Oct 2021 06:51:51 + (UTC) From: debian-user-requ...@lists.debian.org To: recovery...@enotuniq.net Subject: You have been removed from the list > I've just set postfix to drop anything from that host at SMTP > time, but I doubt it's going to work. Similar approach did not work for me. I got removed from the list nevertheless. Reco
Re: Then it happened to me...
Hi. On Sun, Oct 10, 2021 at 10:22:38AM +0100, piorunz wrote: > On 10/10/2021 10:08, Richard Owlett wrote: > > > > No. 'Newer' = 'better' is a false equivalency. > > > > > > > +1 > > > > To paraphrase a local advertising jingle: > > E-mail lists are not good because they are old, they are old because > > they work well. > > Dozens of users being kicked out (unsubscribed) on daily basis is "work > well" for you? A minor hiccup which will be dealt with. Besides, begin unsubscribed does not prevent one from writing here. Reco
Re: Then it happened to me...
On Sun, Oct 10, 2021 at 08:33:03AM +0100, piorunz wrote: > On 08/10/2021 18:10, Dan Ritter wrote: > > I've just set postfix to drop anything from that host at SMTP > > time, but I doubt it's going to work. I think they've found a > > cannon to annoy debian-user subscribers with. > > > Why we don't have this? > https://forum.manjaro.org/ Maybe because there's [1]. There should be also IRC at libera.chat, and that strange gizmo at [2]. [1] is also superior to Discourse that Manjaro is using as [1] can be viewed without enabled Javascript. You're free to convince list denizens to move elsewhere, there were such efforts in the past. Where're still here btw. > We still use e-mail list, prone to spam, and abuse Once one uses own MTA, such issues are dealt quickly, simply, and most importantly - permanently. Consider it a hint. GMX is good, but not that good. > technology from 30 years ago? In other news, people are still using a wheel which was invented about 6000 years ago (4500 BC if Wikipedia is to be believed). Some things just get better with age. And nothing beats federated communication system which works. There's no reasonable alternative to SMTP yet. > Isn't it time to switch to online forums? Different way of communicating attracts different communities. I'm sure there's lively one at [1]. > It's not that Debian haven't got the money, right? Where I'm living counting others' money is considered rude at best. But I know a way - join Debian project, become Debian Developer, and raise a General Resolution about Discourse. Reco [1] https://forums.debian.net/ [2] https://discourse.debian.org/
Re: ip6tables rule being rejected.
Hi. On Sun, Oct 10, 2021 at 12:06:25PM +0100, Tim Woodall wrote: > When I try to add the following rule: > > # ip6tables -t nat -A POSTROUTING -s 2001::/64 -d ! 2001:1::/64 -j ACCEPT > Bad argument `2001:1::/64' > Try `ip6tables -h' or 'ip6tables --help' for more information. > > It is rejected. As it should. This is correct one: ip6tables -t nat -A POSTROUTING -s 2001::/64 ! -d 2001:1::/64 -j ACCEPT It's a known quirk of iptables - you apply inversion *before* the test, not *inside* of it. > And there is no problem > > The manpage suggests that it should work: > d, --destination [!] address[/mask] My instance of the same manpage states differently: [!] -d, --destination address[/mask][,...] But I'm using current stable, I'm unsure how this quirk was documented before, but it behaved this was for two major Debian releases, maybe more. Reco
Re: mail service
Hi. On Sun, Oct 10, 2021 at 01:44:50PM +, fxkl47BF wrote: > but on another mailing list i used this same address > i was banned > the admin apologized and explained later my address looked suspicious Here they do not ban users based on e-mail domain alone. You have to do something worthy of the ban first :) Although you could've chosen more pronouceable alias. I mean, your current one looks like you've swapped your username and password. No offence meant, just in case. Reco
Re: How to configure the network ethernet?
Hi. Please do not top-post. On Sun, Oct 10, 2021 at 04:50:18PM -0600, William Torrez Corea wrote: > Ready, i try to follow the instructions but, > For example with the command for disable the autonegotiation: > > sudo ethtool -A enp7s0 autoneg off > > I get the following error: > *Cannot get device pause settings: Operation not supported* You cannot change L2 settings on a interface that's UP. You need to bring it down first. I.e. sudo ip l s dev enp7s0 down sudo ethtool -A enp7s0 autoneg off sudo ip l s dev enp7s0 up And then there's this: >> Link detected: yes Your previous e-mail mentioned that interface in question has NO-CARRIER flag. This result contradicts it. So, which is which? Reco
Re: How to configure the network ethernet?
Hi, please do not top-post. On Mon, Oct 11, 2021 at 03:34:06AM -0600, William Torrez Corea wrote: > I was following your recommendation. Yes, and ethtool does not allow you to change L2 settings of the interface if the interface is UP. Reco
Re: Intrinsic problem with netinst.iso?
Hi. On Wed, Oct 13, 2021 at 01:18:07PM -0500, Richard Owlett wrote: > Where would I descriptive information about "CDC Ethernet"? The usual place - kernel documentation. Specifically, it's Documentation/networking/cdc_mbim.rst.gz. Reco
Re: Intrinsic problem with netinst.iso?
On Wed, Oct 13, 2021 at 01:59:34PM -0500, Richard Owlett wrote: > On 10/13/2021 01:31 PM, Reco wrote: > > On Wed, Oct 13, 2021 at 01:18:07PM -0500, Richard Owlett wrote: > > > Where would I descriptive information about "CDC Ethernet"? > > > > The usual place - kernel documentation. > > Specifically, it's Documentation/networking/cdc_mbim.rst.gz. > > No such file on my system. apt install linux-doc Reco
Re: Sata Hard drive testing
Hi. On Mon, Oct 18, 2021 at 06:25:19PM +0200, Thomas Anderson wrote: > I have been having problems with a drive (non-SSD) for a while now, > but I would like to "identify" the problem specifically, so that I may > perhaps be able to get the drive replaced. Assuming it's SATA/IDE drive, all you need to do is: apt install smartmontools smartctl -t long # wait for the test to finish smartctl -a Please post the output of the last command. Reco
Re: Sata Hard drive testing
Hi. On Thu, Oct 21, 2021 at 01:45:52AM +0200, Thomas Anderson wrote: > I am trying to parse them myself, to see if I can learn anything. But, > immediate glance and queries did not reveal anything that could help > me determine if the drive is good or not. It's not. You have a Seagate, after all, and those are good only as long as trash can is considered :) But anyway, it's not new. > 9 Power_On_Hours 0x0032 084 084 000 Old_age Always > - 14558 (99 41 0) It has bad sectors, a small amount compared to the drive size. > 183 Runtime_Bad_Block 0x0032 095 095 000 Old_age Always > - 5 > 187 Reported_Uncorrect 0x0032 001 001 000 Old_age Always > - 1334 > 197 Current_Pending_Sector 0x0012 100 100 000 Old_age Always > - 8 > 198 Offline_Uncorrectable 0x0010 100 100 000 Old_age Offline > - 8 And you had some problems with the drive in the past, which could be a bad SATA cable, but could be the drive itself: > Error 1334 occurred at disk power-on lifetime: 10525 hours (438 days + 13 > hours) > When the command that caused the error occurred, the device was active or > idle. > > After command completion occurred, registers were: > ER ST SC SN CL CH DH > -- -- -- -- -- -- -- > 40 53 00 ff ff ff 0f Error: UNC at LBA = 0x0fff = 268435455 > > Commands leading to the command that caused the error were: > CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name > -- -- -- -- -- -- -- -- > 60 00 08 ff ff ff 4f 00 15d+00:06:46.256 READ FPDMA QUEUED > ef 10 02 00 00 00 a0 00 15d+00:06:46.247 SET FEATURES [Enable SATA > feature] > 27 00 00 00 00 00 e0 00 15d+00:06:46.220 READ NATIVE MAX ADDRESS EXT > [OBS-ACS-3] > ec 00 00 00 00 00 a0 00 15d+00:06:46.217 IDENTIFY DEVICE > ef 03 46 00 00 00 a0 00 15d+00:06:46.205 SET FEATURES [Set transfer mode] Assuming you make backups, I'd call this drive servicable. I'd replace it sooner or later, because it has bad sectors, but it won't be the first priority. Reco
Re: xhost-command in Debian11
Hi. On Fri, Oct 22, 2021 at 08:25:36AM -0600, Charles Curley wrote: > charles@jhegaala:~$ su --whitelist-environment=DISPLAY - It won't be enough. You need this: su --whitelist-environment=DISPLAY,XAUTHORITY - Reco
Re: what is the best package to design the layout of the house
Hi. On Wed, Oct 27, 2021 at 11:34:08AM +0200, lina wrote: > What is the best/user-friendly package that can be used to design a simple > house, if it comes with garden design it would be a bonus. I don't know about garden design, but I used sweethome3d for an apartment design back in the day. Written in Java, but works reasonably fast. Reco
Re: question?
Hi. On Tue, Oct 26, 2021 at 10:19:05PM -0500, John Hasler wrote: > Piotr writes: > > It already exists - Mobian. I use it on my Pinephone with Debian > > Testing. > > How do I get it? The Mobian site says that the PinePhone Mobian > Community Edition is available from Pine64 but I don't see it on their > site. The usual place - [1]. Reco [1] https://linuxtracker.org/browse.php/index.php?page=torrents&category=2251
Re: nginx mail proxy
Hi. On Sun, Nov 21, 2021 at 02:27:52PM +0300, Gokan Atmaca wrote: > What could be the problem? The very thing nginx tells you in the error message - "mail" directive is not recognized. Probably your installation is missing libnginx-mod-mail. Reco
Re: upgrade - packages have been kept back
Hi. On Fri, Dec 10, 2021 at 09:04:25AM +0100, teamas...@mad-hatters-teatime.teanet.org wrote: > On Thu, 9 Dec 2021 23:09:34 + > "Andrew M.A. Cater" wrote: > > > On Thu, Dec 09, 2021 at 11:58:33PM +0100, > > teamas...@mad-hatters-teatime.teanet.org wrote: > > > hey, > > > i have not been using debian for long and not sure how to proceed > > > here. is a: > > > apt-get upgrade linux-image-amd64 > > > the right way? > > > ty, jens. > > > > apt-get update ; apt-get upgrade > > > > [You need to pull in an up to date list of packages first] > > exactly that did not work And it's because it should not work in the first place in the situation like this. "apt-get upgrade" should and will refuse to install any new packages (or uninstall existing ones). What should solve your problem is: apt update; apt upgrade And it's because "apt" (not to be confused with "apt-get") is allowed to install new packages during the update. What also could solve your problem (but it's inherently dangerous, as it will allow to remove installed packages as well) is: apt-get update; apt-get dist-upgrade In short, when in doubt, use "apt", not "apt-get". Reco
Re: reject dhclient offer from wrong subnet
Hi. On Wed, Dec 15, 2021 at 04:37:19PM +0100, Tuxo wrote: > Can I configure dhclient on my router to discard lease offers from a certain > subnet? I could also try to match the lease time, the 192.168.100/24 lease > time > is only several seconds (!!) short, the real one will be 4 hours or more and > come with a valid WAN subnet mask. Try adding "reject 192.168.100/24;" into your router's dhclient.conf. Also, dhclient.conf(5). Reco
Re: jupyter-notebook and bullseye
Hi. On Thu, Dec 16, 2021 at 12:43:51PM -0700, D. R. Evans wrote: > FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python' ... > Can someone suggest how I might get back to the fully-working set of kernels > that I had in buster? Try this: apt install python-is-python3 Reco
Re: jupyter-notebook and bullseye
Hi. On Fri, Dec 31, 2021 at 01:35:47PM -0700, D. R. Evans wrote: > Reco wrote on 12/17/21 6:10 AM: > > Hi. > > > > On Thu, Dec 16, 2021 at 12:43:51PM -0700, D. R. Evans wrote: > > > FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python' > > ... > > > Can someone suggest how I might get back to the fully-working set of > > > kernels that I had in buster? > > > > Try this: > > > > apt install python-is-python3 > > Thank you very much. > > That was certainly a help (although I wonder why it was necessary for me to > do that manually), It's official Debian policy now, believe it or not. python 2.x is /usr/bin/python2. python 3.x is /usr/bin/python3. If the user really wants /usr/bin/python the user should install python-is-python2 or python-is-python3. And these two packages conflict with each other. > but ultimately I am still unable to do anything. I'm not familiar with jupyter and I'm not using it. What I do know is: a) /usr/bin/python was python 2.x in Debian 10. b) Python 2.x and python 3.x modules are not compatible nor they are interchangeable. Judging from [1], you're required to reinstall all these "jupyter kernels", because what you have was installed for python2, but what you need is to install them for python3. But then again, I could be wrong. Sorry, cannot help you further. Reco [1] https://github.com/takluyver/bash_kernel
Re: DNS resolver issue
Hi. On Mon, Jan 24, 2022 at 10:14:23AM +, Bhasker C V wrote: > $ dig +short server.example.local > 192.168.2.2 Just in case, using ".local" domain that way violates RFC 6762. There are numerous ways to name your private domain, but ".local" is not a proper name for that. > Now, isnt the lookup supposed to fall back to next server if first one > doesnt have an answer ? Only if the first DNS is unreachable or returning SERVFAIL. Your is returning NXDOMAIN, so this behaviour is expected. > How does multiple DNS servers entry work in resolv.conf ? Barring "options rotate", always try first nameserver specified for any query, switch to the second if timeout (5 seconds by default, according to resolv.conf(5), 30 seconds in practice) is reached. Easiest way to solve your problem would be specify an public resolver (1.1.1.1) in your bind configuration for anything but your domain, and then use only 192.168.2.1 in your resolv.conf. Reco
Re: hostname is being reset, killing net on reboot
On Wed, Jan 26, 2022 at 07:11:36PM +0100, Andrei POPESCU wrote: > > # fallback to static profile on eth0 > > interface eth0 > > fallback static_eth0 > > > > So if dhcpd fails, it uses the above, and it Just Works. > > And I've not found any reference to it in the man page. So I've no clue > > why it seems to be such a huge, no one knows about it secret. > > This must be the most complicated, round-about, inefficient method I've > ever seen to configure a static IP :) I disagree. One can install NetworkManager, and then it will get even more complicated. > Is it so difficult to find out what is the canonical method to configure > a static IP on a Raspberry Pi OS? This is such a basic task it should be > somewhere in their documentation, wiki, whatever. Curiously enough, this time Gene used "official" way to configure static IP on RPi - [1]. Official documentation does not even mention e/n/i. > Then it should be possible to configure a static IP with any of Debian's > network management tools you like. And *that* would be fighting the distribution-approved method, and not working with it. It's totally possible (I did it), but then again, it's totally possible to install a real Debian on RPi. All this once again proves us, folks - RaspberryPi OS is not Debian. It's Debian-based. Certain list members do not see the difference, let's refrain from pointing fingers :) Reco [1] https://www.raspberrypi.com/documentation/computers/configuration.html#static-ip-addresses
Re: Network connection of a qemu guest.
Hi. On Wed, Mar 10, 2021 at 02:56:30PM -0800, pe...@easthope.ca wrote: > qemu-system-i386 -nic user,ipv6=off,model=ne2k_pci ... In this case QEMU uses built-in DHCP server to provide 10.0.2/24 network to the guest OS. If you need another network it should be changed in QEMU's commandline. > How is a static IP address set? For the quest OS it is like this: auto eth0 iface eth0 static address 10.0.2.15 netmask 24 gateway 10.0.2.2 10.0.2.1 and 10.0.2.2 are "special" and are used by QEMU itself. Anything else is to be used by the quest OS. > Should a subnet be specified in /etc/network/interfaces? Of course, as it's not a point-to-point connection. Reco
Re: Network connection of a qemu guest.
Hi. On Thu, Mar 11, 2021 at 07:25:30AM -0800, pe...@easthope.ca wrote: > All the QEMU documentation I've found focusses on DHCP. Imagine the > guest system tries to set a static address and QEMU offers DHCP. Seems > unlikely to succeed. DHCP is an option for a network configuration, not a requirement. If you don't like guest OS to be configured by DHCP, you're welcome to use /e/n/i snippet that I referenced in my previous e-mail. > Should be a way to configure qemu to provide a > subnet to the guest on an interface with a static address. (?) Please clarify. Where exactly you need a static address to be configured? At the guest OS's NIC? At the QEMU's emulated gateway? Elsewhere? > > Of course, as it's not a point-to-point connection. > > Yes, but a stanza in /etc/network/interfaces refers to an interface > name. The Debian 10 here for example, includes interface > enx0050b60be9be which is used for a subnet. Ok, but surely it's a little problem to replace "eth0" with "enx", isn't it? > To make a valid stanza for the qemu guest an interface name is > essential. I agree. > Either qemu must invent a name It's definitely does not work this way. QEMU has no way to specify an exact name for the guest OS. > or the qemu configuration will have to specify it. Nope. QEMU's job is to run unmodified guest OS, no more and no less. Specific OS implementation details (such as NIC names) are left to the specific OS to handle. > Another detail I haven't found in the documentation. QEMU's documentation is an unsuitable place to describe OS-specific implementation details. Try [1], chapter 4, instead. Reco [1] https://wiki.debian.org/NetworkInterfaceNames
Re: Network connection of a qemu guest.
Hi. On Thu, Mar 11, 2021 at 02:19:28PM -0800, pe...@easthope.ca wrote: > There's no mention of shutting off the built-in DHCP server. That's because there's no need to. Unless guess OS requests a DHCP less, a DHCP server will remain dormant. > Maybe a specific ip address shuts it off. No, it does not work that way. > > If you don't like guest OS to be configured by DHCP, you're welcome to > > use /e/n/i snippet that I referenced in my previous e-mail. > > I added this stanza to /e/n/i . > > # An interface for subnet to qemu guest. > auto qemunic It should not work this way, and it did not. You're supposed to use the interface name your guest OS sees (as in - "ifconfig", "ip a"), not QEMU label ("qemunic" in this case). > The qemu -nic option above has "id=qemunic" and the stanza above > has qemunic. An "id" option has nothing to do with guest OS interface name. It's merely a label to distinguish between several instances of virtual hardware of the same type. For instance, one can specify several NICs for the quest this way: qemu-system-x86_64 -name ... \ -netdev tap,id=hostnet0,fd=3 -device \ virtio-net-pci,netdev=hostnet0,id=net0,mac=$MAC0 \ -netdev tap,id=hostnet1,fd=4 -device \ virtio-net-pci,netdev=hostnet1,id=net1,mac=$MAC1 \ -netdev tap,id=hostnet2,fd=5 -device \ virtio-net-pci,netdev=hostnet2,id=net2,mac=$MAC2 \ -netdev tap,id=hostnet3,fd=6 \ -device virtio-net-pci,netdev=hostnet3,id=net3,mac=$MAC3 \ And it does not make guest OS network interfaces to be called hostnet0 or net0, for instance. Reco
Re: Kernel message: BUG: Bad page state in process kworker
On Sat, Mar 13, 2021 at 03:01:45AM -0500, Michael Grant wrote: > > I'd say it is a Linode problem, unless you run custom kernel modules. > > It looks like a "memory" corruption to me and since it is virtualized > > system, > > you should check if host system is ok. > > Memory in quotes because this issue could be also related to a storage > > sub-system (local or network attached) of the host or VM. > > I'm definitely not running a custom kernel. You do run non-Debian kernel. It says so in your dmesg: kworker/0:3 Tainted: GB 5.10.13-x86_64-linode141 #1 Reco
Re: mdadm and whole disk array members
Hi. On Tue, Mar 23, 2021 at 01:44:23PM +0100, deloptes wrote: > IMO the problem is that if it is not a partition the mdadm can not > assemble as it is looking for a partition, My mdadm.conf says: # by default (built-in), scan all partitions (/proc/partitions) and all # containers for MD superblocks. alternatively, specify devices to scan, # using wildcards if desired. #DEVICE partitions containers And /proc/partitions always had whole disks, their partitions, lvm volumes and whatever else can be presented as a block device by the kernel. So mdadm is perfectly capable of assembling whole disk arrays, and it does so for me for more than 10 years. > but not sure how grub or whatever handle it when you boot off the > drive. GRUB2 can definitely boot from mdadm's RAID1 as it has an appropriate module for this specific task. Installing GRUB2 on mdadm array made of whole disks is tricky though. UEFI itself, on the other hand - definitely can not, unless you resort to some dirty hacks. After all, UEFI requires so-called "EFI System Partition" aka ESP. Reco
Re: Replace a failed block device with null PV in an LVM VG
Hi. On Wed, Mar 24, 2021 at 10:26:49AM +, David Pottage wrote: > Is there a way to assemble the VG and mount those ext4 filesystems in > such a way that read attempts from the missing PV will return zeros, > but the rest of the filesystem will work? Try this: vgchange --activationmode partial -ay lvs # immediately dump logical volume in question somewhere with cat/dd cat /dev// > lv.img vgchange -an # run fsck -f on a copy of logical volume fsck -f lv.img # try mounting it mount -o loop lv.img / Reco
Re: Creating my first LAN
Hi. On Wed, Mar 24, 2021 at 10:34:53AM -0500, Richard Owlett wrote: > I have two laptops with clean installs of Buster. During installation > server software was installed on *ONE* of them. Communication will be > via WiFi. Any specific suggestions for reading? hostapd, dhcpd, bind (named). Last two can be replaced with dnsmasq. Reco
Re: Creating my first LAN
On Wed, Mar 24, 2021 at 12:15:34PM -0500, Richard Owlett wrote: > On 03/24/2021 10:40 AM, Reco wrote: > > On Wed, Mar 24, 2021 at 10:34:53AM -0500, Richard Owlett wrote: > > > I have two laptops with clean installs of Buster. During installation > > > server software was installed on *ONE* of them. Communication will be > > > via WiFi. Any specific suggestions for reading? > > > > hostapd, dhcpd, bind (named). Last two can be replaced with dnsmasq. > > References to man pages is premature. > Thought my phrasing would exclude them ;{ It definitely did not, at least for me :) I mean, you asked for some keywords, I gave you them. > What I was looking for would be an overview significantly higher level > that those low level functions. Ok. Then I'd start with [1] and [2]. Reco [1] https://wiki.gentoo.org/wiki/Hostapd [2] https://wiki.archlinux.org/index.php/software_access_point
Re: Replace a failed block device with null PV in an LVM VG
On Wed, Mar 24, 2021 at 05:17:57PM +, David Pottage wrote: > On 2021-03-24 12:37, Reco wrote: > > Hi. > > > > On Wed, Mar 24, 2021 at 10:26:49AM +, David Pottage wrote: > > > Is there a way to assemble the VG and mount those ext4 filesystems in > > > such a way that read attempts from the missing PV will return zeros, > > > but the rest of the filesystem will work? > > > > Try this: > > > > vgchange --activationmode partial -ay > > lvs > > # immediately dump logical volume in question somewhere with cat/dd > > cat /dev// > lv.img > > vgchange -an > > # run fsck -f on a copy of logical volume > > fsck -f lv.img > > # try mounting it > > mount -o loop lv.img / > > > Thanks, that partly worked. It was an older version of LVM2, so I had to > modify the command line syntax to "vgchange --partial -ay " > > I was then able to mount the damaged volumes and get back nearly half of the > lost files. I had a separate record of SHA1 checksums of all the lost files > and > all the recovered files have been checked and are undamaged. > > Thanks for your help. You're welcome. Reco
Re: vlan interface renamed
Hi. On Tue, Apr 06, 2021 at 06:41:21PM +0200, Erwan David wrote: > At boot, interface bond0.4011 is created and immediately renamed rename12. > > How Am I a supposed to have this working ? By disabling problematic renaming of course: cat > /etc/systemd/network/00-vlan.link << EOF [Match] Type=vlan [Link] NamePolicy=kernel MACAddressPolicy=none EOF update-initramfs -k all -u > Is it a bug in ifrename ? No, it's just systemd-udevd trying to assign a Predictable™ Network Interface name to your interface and fails. Reco
Re: vlan interface renamed
Hi. On Wed, Apr 07, 2021 at 09:53:57AM +0200, Erwan David wrote: > > > How Am I a supposed to have this working ? > > > > By disabling problematic renaming of course: > > > > cat > /etc/systemd/network/00-vlan.link << EOF > > [Match] > > Type=vlan > > > > [Link] > > NamePolicy=kernel > > MACAddressPolicy=none > > EOF > > > > update-initramfs -k all -u > > > > Alas it does not work. interface is still renamed And here it gets interesting. What about: udevadm test /sys/class/net/rename12 Reco
Re: for the mutt users
Hi. On Tue, Apr 13, 2021 at 06:52:57AM -0400, Jude DaShiell wrote: > The mixmaster package comes up as a suggested install for mutt and is not in > debian repositories so far as I know. It was removed from the main back in 2017, see #880101. > What is its function and where is source code for it? Quoting mutt documentation, Mixmaster permits you to send your messages anonymously using a chain of remailers. As for the source of mixmaster - see [2], sorry for the SourceForge link. Direct download should be this - [3]. Reco [1] http://www.mutt.org/doc/manual/#sending-mixmaster [2] http://mixmaster.sourceforge.net/ [3] https://sourceforge.net/settings/mirror_choices?projectname=mixmaster&filename=Mixmaster/3.0/mixmaster-3.0.tar.gz&selected=phoenixnap
Re: localhost web apps and cookie blocking
Hi. On Fri, Apr 16, 2021 at 09:45:13AM -0400, Celejar wrote: > I have various web (HTTP, not HTTPS) apps (e.g., pi-hole, Home > Assistant) running on localhost (either actually on localhost, or on > another host but accessed via 'localhost' via ssh port forwarding > (LocalForward) that require cookies to function (even before logging > in). When Firefox is set to block all cookies, these don't work - even > though I have an exception set to allow cookies from localhost. Because firefox cookie exceptions actually apply to schema-hostname-port triplet, but not to the hostname itself. I.e. if you allowed Firefox to store cookies from http://localhost:80 (what you've called "localhost"), but trying to use http://localhost:8080 to access some HTTP service - cookies from http://localhost:8080 won't be allowed. > (Examining the cookie store ("Manage Cookies and Site Data") > doesn't show any cookies stored from any site other than localhost.) "Manage Cookies and Site Data" was likely written on the assumption that a single hostname provides a single site, at most serving both HTTP and HTTPS versions of the same content. I suspect that your usecase differs from these assumptions somewhat. Reco
Re: SOLVED:command to start sshfs at bootup?
Hi. On Sun, Apr 18, 2021 at 03:36:45PM +0200, to...@tuxteam.de wrote: > On Sun, Apr 18, 2021 at 09:21:55AM -0400, Gene Heskett wrote: > > On Saturday 17 April 2021 23:31:20 Gene Heskett wrote: > > > > It boiled down to something, someplace, not liking a hostname starting > > with a number, I recalled I had to rename another machine a couple > > months ago because it didn't work either. > > > > But I changed its hostname to dddprint, based on the previous 3dprint, > > and it now works as requested. So my problem is solved. > > > > Is that just a head scratcher, or is there a valid reason to not allow a > > hostname such as 6040 or 3dprint? Something starting with a numeral IOW. > > Well, it's in rfc1035 [1]: That RFC is obsolete. RFC1123 says on this: The syntax of a legal Internet host name was specified in RFC-952 [DNS:4]. One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax. Host software MUST handle host names of up to 63 characters and SHOULD handle host names of up to 255 characters. Hence "3dprint" is a perfectly valid hostname, compliant with RFC1123. As shown (to me) by a quick experiment, both dnsmasq and bind accept "3dprint" for both A and record, and it resolves successfully. The original problem is more likely a local configuration problem, or an operator error. Reco
Re: SOLVED:command to start sshfs at bootup?
Hi. On Sun, Apr 18, 2021 at 03:49:12PM +0200, to...@tuxteam.de wrote: > > Hence "3dprint" is a perfectly valid hostname, compliant with RFC1123. > > As shown (to me) by a quick experiment, both dnsmasq and bind accept > > "3dprint" for both A and record, and it resolves successfully. > > > > The original problem is more likely a local configuration problem, or an > > operator error. > > Would be interesting to find out why... Our resident telepath is on vacation, and my crystal ball is receiving monthly maintenance. OP e-mails, as you surely know, usually lack all those technical details which us could use to solve the problem. And this particular problem is not an exception. All I can say - all known aspects of OP setup indicate that it should work, and if I ever need it to work for me (I prefer NFS to "persistent" SSHFS mounts) - it will. Reco
Re: dovecot packages
Hi. On Mon, Apr 19, 2021 at 01:00:24PM -0400, Michael Grant wrote: > V2.1.14 has been around for about a month. What's surprising is that > on the tracker web page, usually there's an 'action needed' with a 'A > new upstream version is available...' but not here. Is something > broken there? Who do I tell? Debian source for the package can provide so-called "watch" file that's used exactly for the purpose of notifying the maintainer of new upstream version. Debian's dovecot provides such file, and it's deliberately locked at version 2.3: https://dovecot.org/releases/2.3/dovecot-([\.0-9]+)\.tar\.gz So no, it's unlikely that something in dovecot packaging is broken. > Is this 'action needed' something that is updated manually? Given the current state of the watch file - no. Currently Debian is in the state of package freeze (preparing for the release of the bullseye), so uploads to the sid are discouraged (or outright forbidden, I forgot which phase of the freeze Debian is currently in), unless they fix RC bugs. And I see no such bugs for dovecot - [2]. > I coulnd't easily find the debian maintainer to pass this on. [1] shows me at least 4 possible maintainer contacts. > Suggestions? or should I just ignore it and eventually someone will > get to it? If it really bothers you - file a bug report with "wishlist" priority. At the very least you'll get an explanation from one of the maintainers. Reco [1] https://packages.debian.org/sid/dovecot-core [2] https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=dovecot
Re: IRC
Hi. On Wed, May 19, 2021 at 12:04:51PM -0400, Celejar wrote: > > There's currently a network wide mass exodus from Freenode going on > > today after apparently Freenode was sold to some bitcoin spammers. > > Wow - I just saw this: > > https://lwn.net/Articles/856543/ > > But it didn't mention Bitcoin spammers ;) LWN is known to simplify things. Here's some words from the former freenode staff: https://blog.bofh.it/debian/id_461 Reco
Re: IRC
Hi. On Wed, May 19, 2021 at 12:48:47PM -0400, Celejar wrote: > > freenode staff: > > > > https://blog.bofh.it/debian/id_461 > > I suppose Marco is a serious guy, but it's hard to take seriously a > statement that refers (without sourcing) to one's antagonist as "a > Trumpian wannabe korean royalty bitcoins millionaire." > > I have no idea what that is, and spam isn't mentioned. Marco takes politics too close to the heart IMO. It's the links in that article that are worth following. Reco
Re: IRC
Hi. On Wed, May 19, 2021 at 02:23:40PM -0400, Greg Wooledge wrote: > On Wed, May 19, 2021 at 02:15:29PM -0400, Polyna-Maude Racicot-Summerside > wrote: > > Why would a package I get from a git repository be supportable but a > > package I save some packaging time and get from another source (Kali, > > Ubuntu for example) would become unsupportable ? > > Because things you pull from git and install in /opt or /usr/local or > even $HOME do not interfere with the Debian system. It's not true in the case of /usr/local. Any library that's installed in /usr/local/lib will be processed by ldconfig (see /etc/ld.so.conf.d/*.conf), possibly leading to all kinds of mess. > They don't create dependency issues within the dpkg database, nor do > they overwrite essential system libraries or files, But to ld.so any library in /usr/local takes priority over /usr, i.e. you don't need to overwrite the library to break the binary, providing ABI-incompatible library at /usr/local (and running ldconfig) is sufficient. And, last time I've looked at $PATH, /usr/local/bin is listed before /usr/bin, which can be the source of funny things too. > An Ubuntu or Kali package, especially a badly built one, can cause *all* > kinds of havoc. Even some third-party repositories set up by Debian > developers have been notorious for causing these kinds of problems in > the past -- take a look at the history of the "debian multimedia" package > repositories, in particular. And this very list contains numerous examples of "I forgot about that library that I've installed at /usr/local, but it broke X and Y years after". Package breakages are bad, there's nothing to argue here. But breaking ld.so is equally bad. Reco
Re: LVM raid0
Hi. On Fri, May 28, 2021 at 09:31:06PM +0300, Gokan Atmaca wrote: > Additionally I found something like the following in the dmesg logs. > ... > [Fri May 28 14:14:22 2021] device-mapper: table: 253:2: raid: Failed > to run raid array > [Fri May 28 14:14:22 2021] device-mapper: table: 253:2: raid: Failed > to run raid array Chances are your initrd lacks dm-raid kernel module. Try adding it to /etc/initramfs-tools/modules and rebuild your initrd. Everything else in this dmesg does not relate to the problem. > > What would be the reason ? pvdisplay and vgdisplay would be nice. And "lsmod | grep ^dm" while we're at it. Oh, and please disgregard that crypttab advice. crypttab is only good for something if you're using dm-crypt, and most likely you're not. Reco
Re: how to let smartmontool / smartd ignore specific hard disk?
Hi. On Mon, May 31, 2021 at 12:04:20PM +0800, Robbi Nespu wrote: > Could you spot what I missed and guide me? Thanks in advance Your smartd.conf has this: > DEVICESCAN -d removable -n standby -m root -M exec > /usr/share/smartmontools/smartd-runner ... > /dev/sdb -d ignore smartd.conf(5), on the other hand, specify that: ignore - the device specified by this configuration entry should be ignored. This allows to ignore specific devices which are detected by a following DEVICESCAN configuration line. I.e you should probably specify DEVICESCAN and -d in other order, i.e. > /dev/sdb -d ignore > DEVICESCAN -d removable -n standby -m root -M exec > /usr/share/smartmontools/smartd-runner Reco
Re: Coerce "MATE terminal" to display black on white text?
Hi. On Mon, May 31, 2021 at 08:41:37AM -0500, Richard Owlett wrote: > The MATE terminal "Help"(sic) claims VT102 emulation but does not say how to > obtain it. That's because it's unified with other terminal emulators. You need TERM environment variable set to vt102 as per term(7). If using bash it is: export TERM=vt102 Reco
Re: How do I permanently disable unattended downloads of software/security updates?
Hi. On Tue, Jun 01, 2021 at 02:26:50PM +0100, Joe wrote: > > Automatic downloads of software/security downloads took place today, > > June 1, 2021. > > > > Please click the link to the screenshot: https://ibb.co/5xP7r5t > > > > Please see below for the details: > > > > username@localhost:~$ sudo apt update > > [sudo] password for username: > > Hit:1 http://security.debian.org/debian-security buster/updates > > InRelease Hit:2 http://security.debian.org buster/updates InRelease > > Hit:3 https://deb.debian.org/debian buster InRelease > > Hit:4 https://deb.debian.org/debian buster-updates InRelease > > Hit:5 https://deb.debian.org/debian buster-backports InRelease > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > 4 packages can be upgraded. Run 'apt list --upgradable' to see them. > > > > username@localhost:~$ sudo apt list --upgradable > > Listing... Done > > gir1.2-javascriptcoregtk-4.0/stable,stable 2.32.1-1~deb10u1 amd64 > > [upgradable from: 2.30.6-1~deb10u1] gir1.2-webkit2-4.0/stable,stable > > 2.32.1-1~deb10u1 amd64 [upgradable from: 2.30.6-1~deb10u1] > > libjavascriptcoregtk-4.0-18/stable,stable 2.32.1-1~deb10u1 amd64 > > [upgradable from: 2.30.6-1~deb10u1] > > libwebkit2gtk-4.0-37/stable,stable 2.32.1-1~deb10u1 amd64 [upgradable > > from: 2.30.6-1~deb10u1] username@localhost:~$ > > > > username@localhost:~$ sudo apt upgrade > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > Calculating upgrade... Done > > The following NEW packages will be installed: > > xdg-desktop-portal xdg-desktop-portal-gtk > > The following packages will be upgraded: > > gir1.2-javascriptcoregtk-4.0 gir1.2-webkit2-4.0 > > libjavascriptcoregtk-4.0-18 libwebkit2gtk-4.0-37 > > 4 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. > > Need to get 0 B/20.2 MB of archives. > > After this operation, 5,118 kB of additional disk space will be used. > > Do you want to continue? [Y/n] > > > > If you guys notice, 20.2MB of updates have been automatically > > downloaded in the background (without my manual intervention). > > > > So who typed the 'sudo apt update' and 'sudo apt upgrade'? The devil is in the details, as they say. "sudo apt upgrade" shows that it does not need to download anything, because: > > username@localhost:~$ sudo apt upgrade ... > > Need to get 0 B/20.2 MB of archives. I'm curious what will be shown in this configuration by: apt-config dump | grep Periodic Reco
Re: Coerce "MATE terminal" to display black on white text?
Hi. On Mon, May 31, 2021 at 09:49:36PM -0400, Greg Wooledge wrote: > On Mon, May 31, 2021 at 07:30:42PM -0400, songbird wrote: > > Richard Owlett wrote: > > > The MATE terminal "Help"(sic) claims VT102 emulation but does not say > > > how to obtain it. > > > > i'd put in my .bashrc the line: > > > > TERM="vt102" && export TERM > > That's unwise. It'll screw you up *hard* any time you're not using > the terminal you normally use -- e.g. on ssh logins, or if you want to > test another terminal, or if you use tmux or screen, etc. In my experience, one will be screwed much more by using TERM=screen or TERM=tmux in conjunction with ssh. Simply because the ssh target does not necessary have an appropriate termcap for screen or tmux (say, Solaris 10 which I have to deal on a weekly basis, and yes, I know I can copy termcap entries there). And if you think that Linux is somehow better here - try TERM=screen-256color in conjunction with RHEL5 :) On the other hand, vt102 and xterm - even HP-UX knows about them. Reco
Re: Coerce "MATE terminal" to display black on white text?
Hi. On Tue, Jun 01, 2021 at 10:21:42AM -0400, Greg Wooledge wrote: > (I am not aware of any method of overriding TERM on a per-host basis > in .ssh/config but if such a method *does* exist, it would be far better > than this shell function hack.) There's a hack, but it's not pretty, and it has its share of limitations: Host server Hostname server RemoteCommand TERM=xterm $SHELL RequestTTY yes A proper solution - [1] is kind-of sort-of made its way to the upstream, but it's not included in Debian yet. [1] https://github.com/openssh/openssh-portable/pull/224 Reco
Re: How do I permanently disable unattended downloads of software/security updates?
Hi. On Tue, Jun 01, 2021 at 07:27:22PM +0200, Stella Ashburne wrote: > > I'm curious what will be shown in this configuration by: > > > > apt-config dump | grep Periodic > > > One kind person has already asked me for the output of My bad. I haven't followed this thread closely until now. > apt-config dump | grep -i APT::Periodic > > Below is the output of the above command: > > APT::Periodic ""; > APT::Periodic::Download-Upgradeable-Packages "0"; > APT::Periodic::Unattended-Upgrade "0"; Ok, that complicates things slightly. Is there anything that can be attributed to this behaviour at /var/log/apt/history.log* ? Could be anything, you'll need to evaluate Start-Date attribute. Of course, it's unlikely there will be anything, so it's time for an old magic trick - auditd. Install auditd package. Invoke: auditctl -w /usr/bin/apt -p rx auditctl -w /usr/bin/apt-get -p rx Wait for the next occurence of the problem, to speed things up - invoke "apt clean". To know exact time someone invoked apt without your knowledge - invoke "ausearch -f /usr/bin/apt -i". Once you know an exact time the problem happens - it should be trivial to search, say, journald entries for anything related. In short, dear listers, auditd. Have it, use it. Thing solves issues, and does it in non-intrusive way. Oh, and another question. Do you happen to have packagekit to be installed? This Fine Piece™ of RedHat middleware (have to keep the archives list PG-13 compliant, you see ;) is known to perform questionable tricks like this. Reco
Re: How do I permanently disable unattended downloads of software/security updates?
Hi. On Wed, Jun 02, 2021 at 06:27:45PM +0200, Stella Ashburne wrote: > Output of systemctl list-timers > > > NEXT LEFT LAST PASSED > Wed 2021-06-02 16:24:55 GMT 4min 34s left n/a n/a > Thu 2021-06-03 00:00:00 GMT 7h left Wed 2021-06-02 16:10:36 GMT 9min > ago > Thu 2021-06-03 00:00:00 GMT 7h left Wed 2021-06-02 16:10:36 GMT 9min > ago > Thu 2021-06-03 00:39:22 GMT 8h left Wed 2021-06-02 16:10:36 GMT 9min > ago > Thu 2021-06-03 06:40:44 GMT 14h left Wed 2021-06-02 07:43:04 GMT 8h ago > Thu 2021-06-03 07:30:43 GMT 15h left Thu 2021-06-03 00:10:06 GMT 7h > left > > 6 timers listed. > Pass --all to see loaded but inactive timers, too. The most important parts of "systemctl list-timers" (your problem considered) are UNIT and ACTIVATES columns, and your result lacks them for some reason. Reco
Re: How do I permanently disable unattended downloads of software/security updates?
Hi. On Fri, Jun 04, 2021 at 07:59:31AM -0400, Greg Wooledge wrote: > On Fri, Jun 04, 2021 at 02:15:24AM +0200, Stella Ashburne wrote: > > Output of systemctl list-timers | grep apt > > > > Thu 2021-06-03 20:29:30 GMT 9h leftThu 2021-06-03 09:18:00 GMT 1h > > 17min ago apt-daily.timer apt-daily.service > > Fri 2021-06-04 06:51:16 GMT 20h left Thu 2021-06-03 09:18:00 GMT 1h > > 17min ago apt-daily-upgrade.timer apt-daily-upgrade.service > > Yes, you posted this already. > > The point wasn't for you to copy and paste the output here and wait > for someone to hand-hold you through the next step. The point was > for you to read and understand the output yourself. I'd like to add here that: - apt-daily is written to respect APT::Periodic::* settings, and you have those unset. - in this very thread a possibility of a custom cron job that download updates was excluded. - therefore it's simply wrong to include in the result of "systemctl list-timers" only "apt" timers and exclude everything else, since your problem can lie in those excluded timers. > 3) Calling "systemctl disable" only works for *services*, That not how it works, actually. systemctl disable can be used to disable any timer, but you have to specify it explicitly. I.e. systemctl disable apt-daily.timer Running "systemctl disable" on a service that's called by timer should do nothing indeed. Reco
Re: Trunk-bond-vlan-bridge on KVM and LXC host Stretch x Buster
Hi. On Thu, Jun 03, 2021 at 03:28:47PM +0200, deb...@centrum.cz wrote: It's just a guess, but you have "auto" for "bond0": > auto bond0 > iface bond0 inet manual But what you do not have is "auto" for VLAN interfaces you build on top of bond0: > iface bond0.20 inet manual > iface bond0.21 inet manual Reco
Re: A Grub Boot Question about initrd
On Sat, Jun 05, 2021 at 12:46:13PM -0500, Martin McCormick wrote: > I have a plan but I need some more information. Is there any > personalization done by the boot setup process? Yes. One of the GRUB's tasks is to supply kernel which is about to boot with root=... cmdline parameter. Root filesystem UUID can be used for this. > Do our UUID's or any other specific information pertaining to the > installation make it in to the initrd files? In Debian - no, unless you include it there for some bizarre reason. It's not needed for the things initrd usually does. > If that is so, then two computers using the same > processor type should be able to use copies of the same initrd files > and the only thing that is personalized on an individual computer > is all the grub configuration in which the UUID's of at least / > and /swap partitions are sprinkled throughout grub.cfg and > /etc/default/grub. It's not the CPU difference you need to worry about. Different SATA controllers, video cards, NICs - i.e. what they call periphery devices - those things require different kernel modules that should be (or could be) used in early boot process, and therefore need to be included in initrd. Luckily, Debian uses initramfs-tools for building initrd, and initramfs-tools should build initrd with everything and a kitchen sink included (MODULES=most in /etc/initramfs-tools/initramfs.conf). > One should be able to write a program to get the > appropriate UUID's out of fstab on the working system > and translate them in to corresponding UUID's for the system on > the operating table. Er, they've invented filesystem labels for exactly this many decades ago. > As an aside, one ought to be able to do something like > this. It makes life a lot simpler. Both systems are using the > same kernel and versions of the same processor the only real > differences are the UUID's. Perfectly possible for the last 15 years or so. Assuming Debian and MODULES=most, of course. Reco
Re: Kernel panics on boot with fresh testing install on ASUS UX501J notebook
Hi. On Tue, Jun 08, 2021 at 04:44:35PM +0500, Alexander V. Makartsev wrote: > > How can I debug this problem? My suspicion is that this has to do with the > > kernel upgrade between stable and testing (4.19 to 5.10), but I'm not sure. > > The way I would approach this problem is by making boot logs > persistent [1] so they could be searched for clues (kernel module > name, device hint, etc) after each boot. I'd like to suggest a different approach, considering we're dealing with kernel panics here. journald is merely a userspace program, so it cannot process kernel panics reliably (barring kernel OOPSes, of course) - because if you have a kernel panic, you cannot write in any filesystem. They've invented kdump - [1], [2] with exact purpose of capturing kernel panics and storing kernel crash dumps in a persistent way, and crash - [3] - for analyzing them. Of course, in its current form kdump requires a real hardware, but it's hardly an issue here. Reco [1] https://mudongliang.github.io/2018/07/02/debian-enable-kernel-dump.html [2] https://packages.debian.org/buster/kdump-tools [3] https://packages.debian.org/buster/crash
Re: Wiping an unencrypted SSD in preparation for encryption
Hi. On Thu, Jun 10, 2021 at 11:43:12PM -0700, David Christensen wrote: > I don't bother with the 'discard' option in /etc/fstab, but perhaps I > should. The fstab(5) and mount(8) manual pages are unclear if > 'discard' applies to swap or ext4. swapon(8): -d, --discard[=policy] Enable swap discards ... The /etc/fstab mount options discard, discard=once, or discard=pages may also be used to enable discard flags. Therefore 'discard' can be applied to both ext4 and swap. Reco
Re: Wiping an unencrypted SSD in preparation for encryption
On Fri, Jun 11, 2021 at 05:55:02AM -0700, David Christensen wrote: > On 6/10/21 11:49 PM, Reco wrote: > > On Thu, Jun 10, 2021 at 11:43:12PM -0700, David Christensen wrote: > > > I don't bother with the 'discard' option in /etc/fstab, but perhaps I > > > should. The fstab(5) and mount(8) manual pages are unclear if > > > 'discard' applies to swap or ext4. > > > > swapon(8): > > > > -d, --discard[=policy] > > Enable swap discards ... The /etc/fstab mount options discard, > > discard=once, or discard=pages may also be used to enable discard flags. > > > > > > Therefore 'discard' can be applied to both ext4 and swap. > > Thank you for the clarification regarding trim and swap. > > Where do you see the information for ext4? You just have to know where to look - ext4(5): discard/nodiscard Controls whether ext4 should issue discard/TRIM commands to the underlying block device when blocks are freed. This is useful for SSD devices and sparse/thinly-provisioned LUNs, but it is off by default until sufficient testing has been done. How exactly this ended in manpages section 5 (which is "File formats and conventions eg /etc/passwd") is anyone's guess. Reco
Re: ifconfig stats ??? Wrong behavior OR BUG ?
Hi. On Fri, Jun 11, 2021 at 02:01:02PM +, Kanto Andria wrote: > dada@Jradebian:~$ sudo ifconfig enp0s31f6 stats There's no "stats" option to ifconfig, at least according to the source of version 1.60+git20180626.aebd88e. But what a quick test does show me, is that in my environment "stats" apparently interpreted as a hostname, which cannot be resolved: $ /sbin/ifconfig eth0 stats stats: Unknown host ifconfig: `--help' gives usage information. So what actually happened to you is that on your host "stats" was resolved to 54.36.162.17, and then the resolved IP was set to your interface with /8 netmask. Since the setting was successful (and why would not it be, since you ran ifconfig as root) - you've got no error. > I have experienced the same issue on a FreeBSD based product close to the > 10.x release I'm unfamiliar with FreeBSD's ifconfig, and too lazy to dig their sources. Probably the explanation is the same. Reco
Re: Wiping an unencrypted SSD in preparation for encryption
On Fri, Jun 11, 2021 at 11:01:40AM -0400, rhkra...@gmail.com wrote: > On Friday, June 11, 2021 02:49:03 AM Reco wrote: > > On Thu, Jun 10, 2021 at 11:43:12PM -0700, David Christensen wrote: > > > I don't bother with the 'discard' option in /etc/fstab, but perhaps I > > > should. The fstab(5) and mount(8) manual pages are unclear if > > > 'discard' applies to swap or ext4. > > > > swapon(8): > > > >-d, --discard[=policy] > > Enable swap discards ... The /etc/fstab mount options discard, > > discard=once, or discard=pages may also be used to enable discard flags. > > So, I'm not clear on what happens if you don't use the discard option. Your swap will work the same as far as the kernel is concerned. Your drive won't receive TRIM commands for the partition/logical volume/whatever your swap resides in (on swapping out pages). Theoretically it could lead to longer swap times, practically swapping is painful enough to avoid it regardless of the time it takes. Reco
Re: Wiping an unencrypted SSD in preparation for encryption
Hi. On Fri, Jun 11, 2021 at 10:59:21AM -0400, Polyna-Maude Racicot-Summerside wrote: > Because yes there's a cost and it's speed. I call this cost acceptable: # pv /dev/sda3 > /dev/zero ^C50GiB 0:00:04 [ 385MiB/s] # cryptsetup status /dev/mapper/sda3_crypt /dev/mapper/sda3_crypt is active and is in use. type:LUKS1 cipher: aes-xts-plain64 keysize: 512 bits key location: dm-crypt device: /dev/sda3 # pv /dev/mapper/sda3_crypt > /dev/zero ^C68GiB 0:00:05 [ 372MiB/s] Encryption costs me whopping 13 MB/s out of 385. And note that it's a 4 years old laptop (and it was pretty cheap when I bought it) with SSD surpassing its age. Reco
Re: cannot mount smartphone anymore
Hi. On Mon, Jun 14, 2021 at 09:46:02AM +0200, Emanuel Berg wrote: > Andrei POPESCU wrote: > > >>>>> Removing usbguard is maybe a drastic decision, isn't? > >>>>> Or maybe you don't want this package anymore for > >>>>> other reasons? > >>>> > >>>> No, why do I need it for? > >>> > >>> He probably assumed you installed it intentionally, and so > >>> for a reason, as it appears to be an optional package. > >> > >> If so I don't remember why :) > > > > But aptitude might know: > > > > aptitude why usbguard > > OK: > > i gnome-online-accounts Recommends gnome-control-center (>= 3.6.1) > i A gnome-control-center Dependsgnome-settings-daemon (>= 3.37) > i A gnome-settings-daemon Suggests usbguard > > Not really a GNOME user so again don't know what that means... It means this, based on the package changelog: gnome-settings-daemon (3.35.91-1) experimental; urgency=medium [ Sebastien Bacher ] * New upstream release: - Add capability to disable USB while the lockscreen is on (based on USBGuard) * debian/control.in: - Suggests usbguard for the new lockscreen protection, the feature didn't get much testing yet and usbguard could create problems so don't bring it in by default yet I.e. what it should do is to deny any usb devices from configuring while you have a lockscreen on. The changelog message also shows that currently one have to install Suggests type of dependency to get this feature. Reco
Re: cdrskin: burn cdda with cue sheet file
Hi. On Wed, Jun 23, 2021 at 11:09:29AM +0200, Michael Lange wrote: > According to that digitalx.org page this looks "legal" to me, however > it does not work, instead I get the following eror: > > cdrskin: FAILURE : In cue sheet file: Multiple occurrences of FILE cdrskin(1) says: cuefile=path Read a session description from a cue sheet file in CDRWIN format. Base the tracks on a *single file* which is given in the sheet by command FILE. > So my question is: > is there any reference how to set up a cue sheet for cdrskin that shows > how it should be done, or is this simply not possible using a cuefile? Your best option is to merge your files into one big file and to produce an appropriate .cue for that file. Reco