Re: Substitute for archivemail
chewmail is probably the best substitute. It has a very similar usage, I only had to change the -o option and replace -u with -R. -- see shy jo signature.asc Description: PGP signature
Re: Preventing the computer from shutting down.
Don Armstrong wrote: On Thu, 30 Oct 2014, Mario Castelán Castro wrote: I can set up a script for backup with cron or anacron, but how can I prevent the computer from shutting down while the backup is being performed so as to not to leave it incomplete?. If you're using systemd, this can be done using systemd-inhibit. See http://www.freedesktop.org/software/systemd/man/systemd-inhibit.html for details. Quickly: systemd-inhibit --who='backup script' --why='backup is running currently' \ --mode=block yourbackupscript; This doesn't currently prevent either /sbin/shutdown or eg, the lightdm menu item from shutting the system down. It does inhibit systemctl reboot/halt. -- see shy jo signature.asc Description: Digital signature
Re: Preseeding options
Mario Castelán Castro wrote: If I specify preseeding options for a netboot image loaded directly from GRUB as kernel parameter and there are some parameters specifified in the initrd /preseed.cfg. Will the conflicting parameters specififed in the kernel parameters replace those of /preseed.cfg?. Based on inspection of the code of the pressed package, I don't think that works. debian-installer-startup.d/S30env-preseed handles the environment variables set by the kernel command line, and it is run before others like debian-installer-startup.d/S35initrd-preseed -- see shy jo signature.asc Description: Digital signature
Re: initramfs-tools 0.118 makes systems unbootable with 5 second message
積丹尼 Dan Jacobson wrote: On all my systems, initramfs-tools 0.116 works fine, installing 0.118 just gives some message about rebooting in 5 seconds that is not enough time to read. I.e., the system becomes unbootable. Sounds like the below code, which is triggered if fsck fails and for some reason it cannot start a root shell to fix it. Suggest you boot from some rescue media and fsck the filesystem from there. Might also want to look into why sulogin in failing. log_failure_msg An automatic file system check (fsck) of the $NAME filesystem failed. A manual fsck must be performed, then the system restarted. The fsck should be performed in maintenance mode with the $NAME filesystem mounted in read-only mode. log_warning_msg The $NAME filesystem is currently mounted in read-only mode. A maintenance shell will now be started. After performing system maintenance, press CONTROL-D to terminate the maintenance shell and restart the system. # Start a single user shell on the console if ! sulogin $CONSOLE then log_failure_msg Attempt to start maintenance shell failed. Will restart in 5 seconds. sleep 5 fi -- see shy jo signature.asc Description: Digital signature
Re: Problem with systemd-sleep in Jessie
Try running this: journalctl -u systemd-logind -f That will show messages logged by logind, for example: Oct 23 23:30:10 darkstar systemd-logind[733]: Lid closed. Oct 23 23:30:12 darkstar systemd-logind[733]: Lid opened. It should also log if it thinks a suspend key is being pressed. It's possible this old laptop has a screw loose somewhere and is generating spurious events. -- see shy jo signature.asc Description: Digital signature
Re: preseeding question (yes, re. systemd / sysvinit-core)
Brian wrote: I'd suggest that the principal udeb package to consider as responsible for installing the base system is bootstrap-base. It runs debootstrap. Debian Policy specifies the base packages as being of Priority: required and Priority: important. You can get lists of these packages with aptitude search ~prequired -F%p aptitude search ~pimportant -F%p Any idea which of those installs systemd, and if that can be modified through a preseed command? The init package is Priority: required. It pre-depends on systemd-sysv | sysvinit-core | upstart The first alternative is systemd-sysv, which pre-depends on systemd. There is no preseed command which can alter this. It may be that adding --include=sysvinit-core to debootstrap will cause the other branch of that dependency to be taken. I have not tested it. If that is the case, then the thing to preseed is base-installer/includes, the value of which is passed to --include. -- see shy jo signature.asc Description: Digital signature
Re: piece of mind (Re: Moderated posts?)
Bas Wijnen wrote: I'll speak for myself here: I don't really care about the init system. I am unhappy with the emotions that this debate is causing, but I'm not very interested in the technical parts. From what I see on the mailing lists, it seems that a few users are very unhappy and they keep bringing this up. Since there continues to be interest on -user about why no DDs are proposing a GR to overrule this decision, I want to expand on that. First, you have to understand that every single argument that has been posted to debian-user about systemd was already hashed out on debian-devel over a year ago. The discussions about systemd on -devel went on for at least a full year. It was a major topic at DebConf13, which included presentations by both upstart and systemd upstream developers. Then we had the -ctte process which dragged on for quite a while longer and rehashed most everything all over again. So at this point, most of us are pretty tired of the subject. Secondly, Russ Allbrey did an amazing job during the -ctte decision of weighing systemd vs the alternatives. He was unbiased; he dug deep. It really cut through the fog. When you see such good work being done, there is less tendancy to second-guess it, even if you might disagree with his conclusions. We really appreciate Russ[1]. Thirdly, DDs feel empowered to fix problems. Not because they can upload packages to Debian, but because they can file bug reports and work with others to get them fixed. It's what we do. An example: Yesterday, DD John Goerzen had a really, really bad experience with systemd on his laptop, which uses an unusual zfs+encryption setup. He ranted, like anyone would in such a situation: http://changelog.complete.org/archives/9237-first-impressions-of-systemd ... But then he got on #debian-systemd on IRC and filed several bugs, and got help to get his system working, and followed up on the bugs with the details that will let them be reproduced and get fixed. Just now, he wrote there: kini CosmicRay: glad to see you got some problems resolved :) CosmicRay[John] kini: yes, me too ;-) CosmicRay[John] I plan to post an update. I must say, this is one of the most helpful communities I've seen in Debian. CosmicRay[John] that is something *huge*. I'd hope that anyone who has the time and expertise to participate in 1000+ message theads about systemd that dig into the source code and discuss rather rarified theories of software engineering also feels empowered to file bug reports and work to get actual problems fixed. If you do, you will probably feel less need to engage in such threads. And, if you appreciate this process of how software is improved, you'll start to, perhaps, become a little bit suspicious that some voting-based GR process can have as good results overall. Fourthly, I think that many DDs feel that releasing jessie with systemd as the default won't make it appreciably harder to revert to non-systemd-as-default later than it would have been if we stuck with sysvinit for this release. Not that it would be easy to ditch systemd. But there's a lot of FUD going around here about sysvinit support rotting because systemd is the default, while the fact is that Debian fFreeBSD doesn't have systemd at all, and all the init scripts will be kept working for that reason if nothing else. Also, the tech committe decision was that Debian continues to support multiple inits to the best of our ability[2]. And, the init scripts are a relatively miniscule portion of the code in Debian, and don't tend to bit rot much anyway[4]. So most of our concern about being locked into systemd is that desktop environments are coming to require it, and that systemd-shim may be hard to keep working in the long term. But desktop environments like Gnome were already requiring systemd before Debian switched to it; Debian cannot hold back the tide. I'd say that the chances of a GR at this point in the release process are about 1 in 1000. It'd take 5 DDs simulantaneously having a bad day like John did, or massive evidence of unhappy users. And I mean, hard statistical evidence of that on eg [3], not a few users posting arguments against systemd that are often highly slanted and innaccurate and have in any case been seen over and over again before. -- see shy jo [1] Russ was awarded a handcrafted plaque for this at DebConf14. We have never awarded anyone such a thing before. We really appreciate Russ! http://vincentsanders.blogspot.com/2014/08/without-craftsmanship-inspiration-is.html [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746715#278 [3] https://qa.debian.org/popcon-graph.php?packages=sysvinit-core+systemd-sysvshow_vote=onwant_legend=onwant_ticks=onfrom_date=to_date=hlght_date=date_fmt=%25Y-%25mbeenhere=1 [4] If I still maintained a daemon and was concerned about its init script bit rotting, I'd write a simple autopkgtest check that the init script worked properly; we've gotten
Re: piece of mind (Re: Moderated posts?)
Miles Fidelman wrote: But that is the major objection of those of us who USE Debian -- the need to do so, particularly when this concerns production servers. Sysvinit will continue to be supported on servers in Debian 8 (jessie) release of Debian. So you can continue to boot your production servers with sysvinit. A reasonably proactive admin would probably want to try out systemd (on eg, a test server) and if it causes problems for their deployment, they then have at least the year or two from when Debian jessie is released until the *next* release to file bug reports and follow up on them. Too early to say what will happen in Debian 9, but https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746715#278 is not going to be overturned without a GR either. -- se eshy jo signature.asc Description: Digital signature
Re: piece of mind (Re: Moderated posts?)
Miles Fidelman wrote: 1. Whether or not there's a clear statement regarding the installer - will users be presented with a clear choice of init systems during installation, or is it going to be left to folks to figure out how to work around the default installation of systemd? It's not been requested, but typically we (the d-i team) don't put things in d-i that can easily be accomplished afterwards by people who want to customize their system by running some simple apt-get install command. I suppose it could be asked in expert mode, but the question then becomes, is it worth complicating d-i with this, bothering to get the UI about it translated into dozens of languages, so increasing the overall size and memory usage of d-i? d-i already has powerful preseeding capabilities that can be used to customize the installer to eg, run that apt-get command before the reboot. It would not be hard for some interested user to put the necessary preseed file on a website, and then booting the installer with install url=http://out.out.vile.init/; would apply the preseed file. Although I don't know why someone would want to do that, unless it's not kosher to have systemd ever being installed on a new system, even for the minute it takes to boot and remove it. -- see shy jo signature.asc Description: Digital signature
Re: question about systemd
Reco wrote: You haven't took into account journald, which uses /run (mounted in-memory) to write its' own blobs. With the limit of 1/2 of available physical memory by default. That's wrong by nearly 2 orders of magnitude.. journald avoids using more than 10% of the size of /run by default, and the size of /run is 20% of physical memory. So, on a system with 4 gb of memory, it uses not 2 GiB, but 77 MiB. Sep 29 13:35:43 darkstar systemd-journal[169]: Runtime journal is using 8.0M (max allowed 76.9M, trying to leave 115.4M free of 761.3M available → current limit 76.9M). A system with 128 MiB of memory would have 1.3 MiB used for the journal. That's less memory than the (non-shared) memory used by bash to log into such a low memory system. But if it did become a problem, there's a simple config file to tune it, which has an excellent man page. SystemMaxUse=, SystemKeepFree=, SystemMaxFileSize=, RuntimeMaxUse=, RuntimeKeepFree=, RuntimeMaxFileSize= Enforce size limits on the journal files stored. The options prefixed with System apply to the journal files when stored on a persistent file system, more specifically /var/log/journal. The options prefixed with Runtime apply to the journal files when stored on a volatile in-memory file system, more specifically /run/log/journal. The former is used only when /var is mounted, writable, and the directory /var/log/journal exists. Otherwise, only the latter applies. Note that this means that during early boot and if the administrator disabled persistent logging, only the latter options apply, while the former apply if persistent logging is enabled and the system is fully booted up. journalctl and systemd-journald ignore all files with names not ending with .journal or .journal~, so only such files, located in the appropriate directories, are taken into account when calculating current disk usage. SystemMaxUse= and RuntimeMaxUse= control how much disk space the journal may use up at maximum. SystemKeepFree= and RuntimeKeepFree= control how much disk space systemd-journald shall leave free for other uses. systemd-journald will respect both limits and use the smaller of the two values. The first pair defaults to 10% and the second to 15% of the size of the respective file system. -- see shy jo signature.asc Description: Digital signature
Re: Moderated posts?
Steve Litt wrote: 25: Paul Tagliamonte moves the bug somewhere else, tells Thorsten Glaser not to re-add it to the current bug discussion. If any of you wonder why other inits aren't supported, you now see that Paul Tagliamonte had the admin priveleges to move bugs, and was feeling the juice of his authority. The authority you're referring to is the ability to send a reply to debian-de...@lists.debian.org without CCing 727...@bugs.debian.org. Which anyone can do of course. Actually, anyone at all can also reassign debian bug reports to different packages, close them etc. Maybe less power madness all around than you seem to think.. -- see shy jo signature.asc Description: Digital signature
Re: obnam speed
Philippe Clérié wrote: I'm curious to know how fast obnam is for other users. My home network is mostly Gigabit Ethernet. Measuring with iperf, the best speed I get is around 600Mbps, maybe 700Mbps depending on the computers involved. With obnam, speeds are anywhere below 50Mbps. Even with no other traffic on the network. obnam is heavily influenced by latency between the 2 computers. So using obnam across a transatlantic link will be slow, even if the link is fast. obnam is also not super-fast even when run locally, backing up to a local drive. I have not tried to get to the bottom of that; some of it could be due to gpg overhead, and some to innefficient use of the filesystem. Some quick benchmarks suggest obnam might only be saturating around 20% of the total available disk (or network) bandwidth, under optimal conditions (ie, backup to a SSD). -- see shy jo signature.asc Description: Digital signature
Re: Let's have a vote! I was just banned from debian forum for posting a systemd critical message.
Stephen Allen wrote: Deservedly so, in my opinion. I'm sure the silent majority are as sick as I am of several people beating this dead horse to death. Most Linux distributions are DoCractic, those that do the work, make the rules. Not to mention drive-by attacks on development communications channels such as this physical threat posted to #debian-boot last night. tuxassesor Current Debian Devs won't listen to users, They won't listen to system admins. tuxassesor They won't listen to programmers. They force systemd on us and laugh haha soon there will be no distro you can go to! tuxassesor They should at the very least be beaten. They have kicked from their ranks those who are not socially acceptable to women etc. Revenge is needed. From my POV, that shades on one side into various sexist trolling and threats that has been rightly rooted out as having no place in Debian communications channels. And on the less extreme side, it shades into posts like https://lists.debian.org/debian-user/2014/09/msg01834.html which don't seem to me very connected with reality, and which in turn shade into a whole lot of FUD and noise. Which is all entirely separate from getting things done. While that trolling was going on, I was involved in triaging this bug report http://bugs.debian.org/762750 which lead to this one, http://bugs.debian.org/652459 which ended up in at least a dozen people collaborating on fixing booting with a separate /usr partition and systemd. I expect that it will be possible to use the next release of Debian without systemd, to the same extent that it would have been if systemd had not been selected as the default. Beyond filing clear little bug reports like #762750, voting with apt-get install popularity-contest sysvinit-core seems like a very constructive approach. -- see shy jo, (For which I suppose I should at least be beaten.) signature.asc Description: Digital signature
Re: systemd: some more questions
Tom H wrote: Adding this to the kernel's cmcline is one of the simplest changes when upgrading from wheezy to jessie whether you have one or many servers. Any existing Debian system with udev installed has a file /etc/udev/rules.d/70-persistent-net.rules that forces udev to use the same network interface names it always has. Also, Debian patches udev to only enable the new naming scheme when booting with net.ifnames=1. * Keep the old persistent network interface naming scheme for now and make the new one opt-in via net.ifnames=1 on the kernel command line. -- Michael Biebl bi...@debian.org Fri, 19 Jul 2013 00:32:36 +0200 (AFAIK this has nothing at all to do with systemd, other than udev sharing its git repository and a certian amount of FUD possibly going on.) -- see shy jo signature.asc Description: Digital signature
Re: In light of the us probably zpying on everyone's everything all-the-time, does debian have any https secure repositories?
quietis wrote: I don't really want the us speyez knowing what software I use or really anything. If they want to know they can ask. So I would prefer that all my info transferred to and from repositories be secure and private. I know some individual package's and personal repositories are https, but would like to only use official debian repositories from debian.org. I suppose I could try and run apt through tor, but that might not be a very good solution for the average debian user who just wants his transactions with repositories to remain private. https://archive.kernel.org/ -- see shy jo signature.asc Description: Digital signature
Re: How do you manage encrypted mail?
Richard Lawrence wrote: I've recently (re-)decided to make an effort to use PGP, and to convince others to use it too. (My effort to do so: http://www.ocf.berkeley.edu/~rwl/encryption.html, linked from my .signature. Comments welcome.) But I've run into a couple of problems fairly quickly. If you use PGP regularly, how do you solve them? 1) Reading encrypted mail that I sent. If I need to remind myself what I said to someone, or recover an attachment, etc., I can't, because the only copy of my message is encrypted with the recipient's public key. I could work around this by Bcc'ing myself on every message, but that would have the mildly annoying effect of duplicating all my outgoing messages; every time I were to look for a message I sent to Mr. X, I'd get two results, and I'd have to figure out which one was encrypted with my key to read it. Typically, gpg is configured to encrypt mail to multiple recipients, which includes everyone the mail is sent to, as well as the sender. For example, I have in my gpg.conf: # Encrypt stuff to my key too. encrypt-to 2512E3C7 2) Search. The more serious issue is that I can't search encrypted email, whether I sent it or received it. It is conceivably possible to search mail encrypted with my public key by decrypting it before running the search (though not encrypted mail that I sent, pending a good solution to problem 1). However, that seems like it would be extremely slow in practice, and I am not aware of any software that would make this simple or practical. Mutt will use gpg to decrypt encrypted mail when searching in the body (ie, when limiting to ~bsomething). It can get slow, indeed. I rarely find the need to search in bodies of mail after it's a month old, and use mairix to index and search subject and other headers, which are not encrypted. Then if necessary I can load the resulting mbox full of search results into mutt and do a body search to further refine it down to what I was looking for. -- see shy jo signature.asc Description: Digital signature
Re: How do you manage encrypted mail?
Richard Lawrence wrote: Good to know, thanks. When I try this, Mutt asks me to enter my GPG passphrase for every encrypted message in the folder I'm limiting, though! (So it's not a good option for my sent folder, for example.) Any way to avoid that? Yes, use a gpg agent. Installing gnupg-agent and logging out and back in will probably do. -- see shy jo signature.asc Description: Digital signature
Re: Display hurtful on LCD screen with Wheezy
Lionel Trésaugues wrote: Debian and Ubuntu deal with fonts existed. But the unpleasant feeling is present (even if not so intense), just by looking at the background of an empty desktop. It seems that the light is too intense, too violent (even when I reduce the brightness) and that my eyes keep on adjusting the focus with no interruption in an almost imperceptible manner. Two things I would consider are: * The color temperature of the screen. Many LCDs have a very blue and bright tinge to them, which can be painful in large doses and is fixable by adjusting the color temperature and/or gamma correction. Some LCD monitors have gamma correction settings, but I use the redshift program to do it, as follows: gtk-redshift -l 35:-80 -r -t 5800:5800 -g 0.9 (alternatively, try a pair of rose tinted sunglasses, same basic effect ;) While I can't imagine the color temp or gamma varying between distributions, different desktop backgrounds could involve more painful colors. IIRC Ubuntu's tend to be more red/brown than Debian's, which would tend to obscure this problem. * Inaudible or barely audible noise from either the computer or the monitor, possibly created by specific clocks cycles of a particular software load. (TV sets do this to me all the time.) Try turning the monitor off and staying in front of the computer, or leaving it on but with the display obscured to check, or find a younger pair of ears who may be able to hear higher pitches. -- see shy jo signature.asc Description: Digital signature
Re: Re: Is the a 'contrarian' Debian install available?
Paul Condon wrote: If I have recalled incorrectly, and the netinstall CD does ask for tasksel selection before popping out the CD, then there is very little observable difference between the two. There is no difference between the two other than the amount of data they need to download from the network. Debian has *one* installer, not one per installation medium. And, perhaps both install systems that are incapable of booting from HD. That would be a pretty absurd thing to install to a HD. -- see shy jo signature.asc Description: Digital signature
Re: How does partman works ?
bibop554 wrote: Hi, I made a custom debian CD that installs fully automatically thanks to a preseed file. But i try to understand what happens between the reading of the recipe in the preseed file and the creation of partitions on the disk, because i don't have expected partitions size... partman-auto is the component of partman that handles this. More particularly, i'm looking for the following informations: - what is the purpose of parted_server in package partman-base - how partman finally creates partitions ? I can't see any call to fdisk in partman source code. parted_server uses the parted library to create the partitions. Also, any documentation about the internals of partman could be useful, i did not find any on the web. http://anonscm.debian.org/gitweb/?p=d-i/debian-installer.git;a=blob;f=doc/devel/partman/partman-doc.sgml;h=90ff44e860fd48a6138eb1314e2329b49ff891e0;hb=HEAD (debian-boot would be a better list for this kind of question) -- see shy jo signature.asc Description: Digital signature
Re: Wheezy iso cd image not booting?
Josef Wetzel wrote: Hi all I am trying to install Debian wheezy in VMWare Fusion 4.1.2 on Mac OS X 10.7.4. I downloaded debian-testing-amd64-netinst.iso (on 13. may 12) and configured Fusion to use this iso image as a cd drive. When I power up the virtual machine, a blinking cursor in the upper left corner of the screen is showing up and nothing else happens. When I do the same thing with debian-6.0.4-amd64-netinst.iso (squeeze), the installer comes up and everything works as expected. (btw I burned a cd from the wheezy iso image and tried it in a Dell desktop, with the same result: nothing happens.) What am I doing the wrong way? The daily builds are currently broken due to a problem with syslinux. (#672520) Use the alpha that was released 2 days ago: http://www.debian.org/devel/debian-installer/ -- see shy jo signature.asc Description: Digital signature
Re: gpg/pgp noise
Indulekha wrote: Anyone know a way to simply filter out all that annoying gpg/pgp noise? I don't actually care if it really works, just don't want to see the garbage huge blocks of text and error messages. If you don't care about signatures, tell mutt to not check them: set pgp_verify_sig=no (Won't do anything to hide inline signatures, but there are procmail recipes to convert those to attachments.) -- see shy jo signature.asc Description: Digital signature
Re: netinst CD image - too big, vaguely specified?
Curt Howland wrote: It used to be that the Business-card and Net-install images would do a base install without a network connection No, the businesscard image has never contained the Debian base system; it has always required a network connection to download and install Debian. Expert mode using any of the Debian install images will allow you to select whether or not to install a graphical desktop. You do not need to boot in expert mode to do that, task selection is available in the default mode. -- see shy jo signature.asc Description: Digital signature
Re: [OT] Posting styles
Scott Ferguson wrote (remainder of your trolling ignored): as this will habituate people to expect your mail to be signed, Nope. Wishful thinking at best. True story: Last weekend, I sent a friend an email to get him come help me move a couch. For complex reasons I neglected to sign it. My friend noticed, and worried someone might be playing a prank on him. -- see shy jo signature.asc Description: Digital signature
Re: [OT] Posting styles
Mika Suomalainen wrote: As far as I know, I have valid signature. That block which was pasted here is shown as invalid, because the one who first started complaining about it didn't use Enigmail and/or pasted only the signature block without message which it belongs to. You may have a valid signature, but the way you have Icedove configured to post your signature inline both means that it clutters up viewing and replying, and prevents automatic signature validation (at least in mutt) from working. While there's a well known procmail recipe to convert clearsigned signatures to detached signatures, I personally stopped using it, as clearsigned signatures are rare and deprecated. I'd recommend switching to a detached signature. -- see shy jo signature.asc Description: Digital signature
Re: [OT] Posting styles
Wayne Topa wrote: Who would want to spoof YOUR Mail. I have been on this list for 19 years now and do not recall anyone being spoofed. From the tenor of your mails, I doubt anyone would gain anything from it. This is fallacious, dangerous, and probably insulting thinking. I'm sure that many people on this list are eg, sysadmins for large or important installations. Or perhaps they are researchers, decision-makers, free software developers, or any of a myriad of other important things. If you're at least some of the time sending mail that is important to be reliably attributed to you, it *absolutely* makes sense to sign that mail. If you're signing some mail, you might as well sign all of it, as this will habituate people to expect your mail to be signed, and avoid you needing to decide what's important enough to sign. It also acts as a nice signal that you can handle encrypted mail, which needs to be used more widely. -- see shy jo signature.asc Description: Digital signature
Re: [OT] Posting styles
Indulekha wrote: So, since I sometimes need big, thigh high rubber boots to keep my feet and legs dry and clean, I should just wear my big rubber boots everywhere all time then, right? That way whether I'm at the grocery store, the office, or the barn there'll be no worries. :D A better analogy is that I put on my seat belt before starting a car, rather than engaging in a complex calculation of the likelyhood of needing that seatbelt. Besides, if everyone signed all mail it'd be a very short matter of time til the means to spoof any gpg/pgp key would appear. I'd recommend learning more about cryprography if you think that. I'll also observe that high-value things are already cryptographically authenticated, so also using crypto for lower-value things does not appreciably increase the motivation to break it. -- see shy jo signature.asc Description: Digital signature
Re: how to increase space for tmpfs /tmp
shirish शिरीष wrote: I got this error, does anybody know how I can give more space to tmpfs ? Downloaded, time 4575.50sec, speed 29kB/sec, texlive-latex-extra-doc_2009-10_2011.20120322-1_all.debdelta Error: applying of delta for texlive-latex-extra-doc failed: : Sorry, not enough disk space (581788kB) in directory /tmp for applying delta (needs 668963kB) (retriable) Edit /etc/default/rcS, set RAMTMP=no, reboot. Or, set TMPDIR to point to something like $HOME/tmp You may also consider filing a bug, since the more people report problems with Debian's new, absurdly small /tmp, the more likely it is to get fixed. -- see shy jo signature.asc Description: Digital signature
Re: Debian: A noob query
Rob Owens wrote: But I also don't see an obvious alternative that most GNOME 2 users are switching to. XFCE and LXDE get mentioned a lot, but I don't think it's clear yet which desktop environment will get most of the GNOME 2 refugees. This graph clearly shows a spike in xfce in the past month; while lxde is generally growing in use it has not had a similar sharp spike. http://qa.debian.org/popcon-graph.php?packages=xfce4+lxde-coreshow_installed=onwant_legend=onwant_ticks=onfrom_date=to_date=hlght_date=date_fmt=%25Y-%25mbeenhere=1 This graph puts the other in perspective; gnome is used by seven times as many users. There is an interesting drop at the end of this month however. http://qa.debian.org/popcon-graph.php?packages=xfce4+lxde-core+kde-standard+gnome-desktop-environmentshow_installed=onwant_legend=onwant_ticks=onfrom_date=to_date=hlght_date=date_fmt=%25Y-%25mbeenhere=1 The other asonishing thing about this graph is that xfce has nearly reached the level of use of KDE4! With that said, KDE4 is also experiencing some growth lately. -- see shy jo signature.asc Description: Digital signature
Re: xfce weather plugin broken?
Pete Orrall wrote: Recently my weather plugin for xfce has stopped showing any weather information at all. Now it displays No Data. When hovering my pointer over it, it reads Cannot display weather data. Regardless of location or zip code used there is no weather information displayed. After complete removal and re-installation the weather plugin it is still not working. A quick Google search revealed nothing nor was there anything of use in the xfce documentation. What's going on and how do I fix this? I am running Squeeze with xfce 4.6.2, if that helps. Been seeing the same but thought it was my bad (dialup) connection. Seems this is the bug: http://bugs.debian.org/647749 -- see shy jo signature.asc Description: Digital signature
Re: How to get version information in common notation
Harry Putnam wrote:
I'm not sure what you mean there, but for example.. if you search a
pkg at:
http://packages.debian.org/squeeze/xorg-dev
It will show up with a version notation. So I'm thinking the OS must
have that information somewhere.
dpkg-query can display the information in whatever form you want. For
example:
dpkg-query --show --showformat '${Package} ${Version}\n'
(package-version is rarely used in Debian because it's ambiguous;
is foo-9-1 version 9-1 or foo, or version 1.2 of foo-9?)
--
see shy jo
signature.asc
Description: Digital signature
Re: [OT] Re: Please kill the noise
Weaver wrote: The point has often been made that this list is for Debian 'Users' and not therefore strictly Debian subject matter. I think a bit of social interaction does have the tendency to create 'community' which is Debian's strength, so it could be viewed as productive. While this is true, it's best to keep such social interaction, on this list, grounded around things that are on-topic. (For example, let me just say that I'm a big fan of riseup.net and happy to see you here from such an address.) The listmasters have on one occasion had to intervene when debian-user was flooded with offtopic posts that became increasingly offensive. What I have seen, with the clearly marked OT threads is the ability to ignore/delete them as I do when I look through and delete any other threads that I am not currently interested in or can't help with. Not all of our situations are the same. Some read debian-user via web interfaces, without threading, or are new or prospective users who have not found great mail clients, or who may be subscribing to a high-volume mailing list for the first time. I personally develop Debian mostly from behind a dialup modem link, so every offtopic debian-user post has the potential to delay a package upload. -- see shy jo signature.asc Description: Digital signature
Re: When was Debian installed
Mark Panen wrote: Which command do i run to find out on which date i installed my Debian OS? Take a look at /var/log/installer/ , the timestamps should give you a good idea. -- see shy jo signature.asc Description: Digital signature
Re: ReInstall of System borked Admin Pwd for Apps
Bob Proulx wrote: So that explains how users are set up to use sudo in that installation case. However I haven't looked to see what configures Synaptic to use one method or the other for authorizing the user. I will research that and report what I learn. It would be good to know about it. But no time at the moment. Maybe not until next Monday since I will be away from the keyboard all weekend. The installer runs: update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo update-gconf-defaults -- see shy jo signature.asc Description: Digital signature
Re: Start rtorrent on bootup in Squeeze
Nicolas Bercher wrote: http://users.klvb-larve.org/nico/bin/bash/rtorrent-user.username You must copy it in /etc/init.d and more importantly name it /etc/init.d/rtorrent-user.username where username is your actual username. Hence, you can set it up for any number of users on the same system. Then, the script will auto-detect the username on whoes it will run, based on its file name. That is unnecessarily complicated. You can instead use an @reboot cron job, which can be set up using crontab -e by any user without root. For example: @reboot screen -d -m -S rtorrent rtorrent -- see shy jo signature.asc Description: Digital signature
Re: Start rtorrent on bootup in Squeeze
Nicolas Bercher wrote: I can actually see two little cons: 1. no easy way to stop rtorrent, but that's not a big deal (any kill/pkill command could do the job for example, just like my script does it), Or screen -R and press Q or whatever it is. 2. since I like to track my scripts configs, I massively use git and/or svn and I really love the one file per functionnality way of manipulating things. Via crontab, everything is just mixed up into /var/spool/cron/crontabs/username and this hard to track and even (afaik) to maintain in a quite automatic way. I keep my user crontabs in ~/.cron/$user/$hostname and only change those files then feed to cron. This allows keeping them in git and eg, pushing crontab changes out to machines. -- see shy jo #!/bin/sh # Construct a crontab based on files in ~/.cron and load it into cron. # The file ~/.cron/username/fqdn is appended to the common file in the same # directory. Note that the common file may have $HOME in it, as in # PATH=$HOME/bin. cron is too dumb to deal with that, so the expansion is # handled by this script. set -e WARNING=# Automatically generated by loadcron; edit ~/.cron/ files instead. if [ ! -z `crontab -l` ] ! crontab -l | grep -q $WARNING; then if [ $1 != -f ]; then echo loadcron: Current crontab was not generated by loadcron; not changing. 2 echo loadcron: Use loadcron -f to override exit 1 else crontab -l $HOME/tmp/oldcrontab echo loadcron: Old crontab is backed up to $HOME/tmp/oldcrontab fi fi dir=$HOME/.cron/`whoami` if [ -d $dir ]; then hostfile=$dir/`hostname -f` ( echo $WARNING echo if [ -e $dir/common ]; then echo # From $dir/common: sed s!\$HOME!$HOME! $dir/common echo fi hostfile=$dir/`hostname -f` if [ -e $hostfile ]; then echo # From $hostfile: cat $hostfile echo fi ) | crontab - fi signature.asc Description: Digital signature
Re: Stranded between lenny and squeeze
Hendrik Boom wrote: But I'm stuck. The next step is to issue apt-get dist-upgrade but I can't figure out where to type this in. I can log in using gdm, but terminals found there may expire during the upgrade, leaving everything in an inconsistent state. Debian takes care to keep your login working during an upgrade. For gdm, this means that upgrading gdm or X won't force X to restart or you to log out. For ssh this means that logged in ssh sessions are guaranteed to keep working while the ssh server, libc, etc, are upgraded. If this failed to work right it would be a serious bug. (However, sshing in to upgrade a system running network manager does indeed not work; while I feel it's a serious bug the bug report about that has still not been dealt with sadly.) It's also worth mentioning that dpkg and apt are very robust against being interrupted in the middle of an upgrade, and even if that did happen somehow (perhaps you have a power outage) the worst you should need is to run 'dpkg --configure --pending' before resuming the process (aptitude would run that for you). The only time I would worry about an upgrade being interrupted is on embedded hardware when the kernel is being written to flash; an operation that if interrupted can brick some devices or require a convoluted workaround. And I can't use cntl-alt-F1 to get a text console, because all I get is a blank black screen. Is gdm taking over the text consoles and disallowing them? How do I get my text consoles back so I can proceed with the rest of the upgrade? This should not be happening, but I'd get X upgraded first and see if it still happens. It's quite possible that you need a new X to go with the new kernel you already have to avoid this problem. -- see shy jo signature.asc Description: Digital signature
Re: Building Debian packages
Andrew Wood wrote: My question is, if i replace the source tree with an updated version, say 4.0.2 when its released, I will loose the debian directory, and withit, the changelog file. Install devscripts and look at the uupdate program. Or, copy and modify the debian directory. You will need to update at least the changelog there anyway for a new version. -- see shy jo signature.asc Description: Digital signature
Re: Problems installing squeeze netinstall
Ethan Rosenberg wrote: From active terminal: Waarning: Untrusted versions of the following software will be installed! Untrusted packages could compromise your system's security You should only proceed with the installation if you are certain that this is what you want to do in-target: dhcp3-client dhcp3-common linux-image-2.6.26.-1-686 in-target: Clinux-image-2.6.26.-2-686 tzdata in-target: do you want to ignorre this warning and proceed anyway? Check if your computer's clock is set accurately. The installer attempts to get the time via the network, but that could fail and can result in this kind of problem. Check that you're using a valid, up-to-date Debian mirror. -- see shy jo signature.asc Description: Digital signature
Re: USR 5633 Robotics Modem in Debian
Camaleón wrote: But be prepared for the worst, USB modems can be very difficult to support in linux if the manufacturer did not provide the drivers nor specifications. In this regard, old serial modems are much better than USB ones (no drivers needed) ;-( This is less the case now than it was 5 to 10 years ago. Now there are at least two USB modems from different manufacturors that advertise linux support in their literature and work using the kernel's ACM driver. TRENDnet TFM-561U USRobotics USR5637 (And one that advertises linux support but requires the manufacturer's driver, which I did not try as it's unlikely to work on arm.) Since there are fewer modem users these days, and the remaining ones are probably unlikely to be linux users, the old information about USB modems not working in linux lingers where searches can find it. But, a targeted search for a particular model before buying can generally tell if it will work. -- see shy jo signature.asc Description: Digital signature
Re: Debian 6 uninstallable?
Jason Hsu wrote: I've also had problems installing Debian 6.0.0 on my 10-year-old IBM NetVista computer using the full CD-1 ISO. When I selected “Install” or “Graphical Install” on the installer boot menu, the screen froze up and then flickered. Boot the kernel with the parameters: vga=normal fb=false -- see shy jo signature.asc Description: Digital signature
Re: Debian 6 uninstallable?
Jason Hsu wrote: When I boot up the Debian CD, I am never offered the option of adding boot codes. How do I add vga=normal fb=false? Press Tab. -- see shy jo signature.asc Description: Digital signature
Re: Debian Wiki participation..?
Peter Tynan wrote: One of the things I've never understood about Debian is why the wiki is so inactive when compared to other distributions, the simple fact of life is that nine times out of ten I find the information I'm looking for on the Arch or Gentoo wikis - not the Debian wiki. I am now beginning to understand why, let me tell you a story... This would be a better story if the privacy policies of *both* the Arch and Gentoo wikis were not empty pages: https://wiki.archlinux.org/index.php/ArchWiki:Privacy_policy http://en.gentoo-wiki.com/wiki/Gentoo_Linux_Wiki:Privacy_policy (These wikis also ask for an email address on registration.) I think that the actual reason you see those wikis in searches is that one or both of those wikis have a community of users who contributes articles on general topics, that are not specific to those distributions. The Debian wiki, instead, tends to only contain Debian-specific information. So these other wikis tend to be linked to more, and thus a cycle is created. -- see shy jo signature.asc Description: Digital signature
Re: Debootstrap
Peter Smith wrote: Last four lines of debootstrap.log: - Preparing to replace coreutils 8.5-1 (using .../coreutils_8.5-1_i386.deb) ... Unpacking replacement coreutils ... dpkg: ../../src/archives.c:823: tarobject: Assertion `r == stab.st_size' failed. Aborted dpkg does a sanity check, expecting the length of a symlink as reported by lstat(2) to be the same as the length returned by readlink(2). The only way that could normally happen would be if the symlink were changed in between the two system calls. But that should not be happening here. This seems to point to a bug in fakeroot or fakechroot. Probably fakechroot. Possibly the interaction of the two. I'd file a bug on fakechroot. -- see shy jo signature.asc Description: Digital signature
Re: help
Camaleón wrote: Should you want to use sudo, you can select it with the expert install or you can configure after the installation (if standard root login was selected). There is no need to use any expert install option with squeeze. Simply follow the instructions it presents: You need to set a password for 'root', the system administrative account. [...] The root user should not have an empty password. If you leave this empty, the root account will be disabled and the system's initial user account will be given the power to become root using the sudo command. Root password: _ -- see shy jo signature.asc Description: Digital signature
Re: apt-get/aptitude. Ist it true...
Boyd Stephen Smith Jr. wrote: On Monday 24 January 2011 19:59:51 peter_someone wrote: ...that since lenny it's safe to mix the two because a. apt-get now handles (or can handle)orphans similarly thanks to autoremove and also uses the same database or better yet, has the same markings for automatically installed vs manually installed? IME, not in Lenny, but in Squeeze once it is released. You are wrong, and peter_someone was right. Aptitude began using apt's autoinstall database in version 0.4.5.1-1. A later version of aptitude than that is included in stable already. That was a feature of the Debian 5.0 release (lenny) in 2009. aptitude (0.4.5.1-1) experimental; urgency=low * This version merges in the code I wrote in 2005 to support the patch against apt to add removal of automatic patches. aptitude should merge its list of automatic packages into the global apt list when it's run. -- Daniel Burrows dburr...@debian.org Fri, 15 Jun 2007 08:53:06 -0700 In reply to your message, peter_someone wrote: ah so already maintaining a mixed system (mostly testing) with apt-get, i have to wait until after squeeze becomes stable to use aptitutde (or until i see an update for the aptitude package :)) No, you've misunderstood what Boyd Stephen Smith Jr. wrote. He said it would be in the squeeze release. That necessarily implies it is already in squeeze now, since squeeze has been frozen for months. And then in a different thread (Ubuntu - LMDE: migrate packages using `aptitude` alone?), Boyd Stephen Smith Jr. wrote: I think this loses the information on what package as automatically installed which can ease upgrades. I think the easiest way to access that right now is through aptitude, but I know that information was supposed to be stored by APT, at least post-Squeeze. Did you just repeat back peter_someone's incorrect interpretation of your incorrect statement about aptitude as the truth? I thought a game of telephone typically needed more than 2 participants to be interesting. :P -- see shy jo signature.asc Description: Digital signature
Re: Why is Evolution and Epiphany now a part of gnome-core?
T o n g wrote: That seems to me an absurd reason. Here is the actual reason, from http://bugs.debian.org/608098#31 | in squeeze, the gnome-session package now | depends on the basic components that are actually needed for running a | GNOME session. Since this change was made, I hadn’t known what to do of | gnome-core, as it had became obsolete. The size issue of fitting GNOME | on the first CD gave an obvious answer to what this metapackage should | become. Have you tried using gnome-session for whatever purposes you were previously installing gnome-core? If it doesn't work, open a bug report saying specifically why it doesn't work. -- see shy jo, who finds some of the attitudes and assumptions in this thread distressing signature.asc Description: Digital signature
Re: jewelcase insert for 5.0.7 Lenny Official i386 xfce+lxde-CD
John Jason Jordan wrote: I'm not suggesting that Debian needs to be on a fancy, professional CD, because Debian is not really aiming at the newbie Linux user like Ubuntu. I'm just saying that a professionally created CD enhances your credibility. http://www.debian.org/CD/artwork/ -- see shy jo signature.asc Description: Digital signature
Re: help with rtorrent
Rob Owens wrote: When I go to Info on this torrent, rtorrent says Connection type: leech. What do I need to do to be a good bittorrent citizen? A confusing thing about bittorrent is that leech is used as both a technical term, meaning a peer that is not currently seeding (even if it has uploaded more than it has downloaded), and as a pejorative social term (mostly by those who seem to feel that the bittorrent protocol's built-in tit-for-tat is insufficient to make the protocol work). I'm fairly sure that rtorrent is using it in the former sense. -- see shy jo signature.asc Description: Digital signature
Re: DPKG search by architecture
Jordon Bedwell wrote:
On 8/1/2010 10:19 AM, Camaleón wrote:
dpkg-query -W -f='${Package}\t${Architecture}\n'
You are awesome man, this is exactly what I was looking for. Thanks :D
Except the architecture will be amd64 or all for every package,
since as the other childish poster told you, Debian is not a
dual-architecture system.
--
see shy jo
signature.asc
Description: Digital signature
Re: DPKG search by architecture
Jordon Bedwell wrote:
On 8/1/2010 1:23 PM, Joey Hess wrote:
Jordon Bedwell wrote:
On 8/1/2010 10:19 AM, Camaleón wrote:
dpkg-query -W -f='${Package}\t${Architecture}\n'
You are awesome man, this is exactly what I was looking for. Thanks :D
Except the architecture will be amd64 or all for every package,
since as the other childish poster told you, Debian is not a
dual-architecture system.
Worthless and moot statement. Also, another fine example of how
ambiguous people can be when reading simple English.
.. And the above, kids, is a fine example of how to ensure that your
future questions are ignored!
--
see shy jo
signature.asc
Description: Digital signature
Re: iceweasel doesn't open research.microsoft.com
sasha mal wrote: The bug exists, the iceweasel package maintainer is lazy and refuses to handle it. No, iceweael's maintainer has applied basic debugging logic and deduced that the problem is somewhere in your network connection. You have, in turn, repeatedly called him lazy[1] and refused to provide the wireshark traces he asked for, which would allow further debugging *your* network problem. Surely it shouln't take more than an hour or so for an intelligent, non-lazy being such as yourself to figure out how to install and use wireshark? -- see shy jo [1] Presumably because he has not hopped on a plane to Spain and visited your house to see the problem with your network for himself. signature.asc Description: Digital signature
Re: Misleading Debian's installer choice
Merciadri Luca wrote: First, I always found the `mount point' expression weird in this context, because, for me, the mount point _is_ always the partition, during the installation, but this is not the problem. You have this common terminology exactly backwards. One mounts /dev/hda1 on mount point / or /dev/sdb5 on mount point /home; one does not mount /home on /dev/sdb5. HTH :-) I fixed the next paragraph for you: | The biggest problem is that you are able to choose between, say, `/', | `/var/', '/usr/', `/home/', etc. But, without thinking a lot, `/' | *habitually* contains the rest. So, mounting say hda1 `/`, and | hdb1 on `/home/` could appear as weird for the user, at first glance (only). I'm here speaking about users who're not beginners, but who want to understand the distinction the Debian installer makes between the `/' as it is normally in Linux filesystems, and the `/' in the installation process, which is actually everything except what was asked to be put on other partitions. The mental model that most non-beginners should have is that the system's root is / , which is where some system disk is mounted, and that additional disks are mounted to other mount points in the tree. The disk mounted at / is not a special case in not containing everything under / -- the disk mounted on /home does not necessarily contain everything under /home either. (I may have another (larger) disk mounted on /home/joey.) Everything said in the installation process should be consistent with that. Of course, the installer doesn't require users understand this stuff either. But I think you're making it seem more complicated than it is. -- see shy jo signature.asc Description: Digital signature
Re: does apt-get source verify signature?
Rob Owens wrote: When I apt-get source somepackage as a regular user, does the system do a signature check on the source that is downloaded? Where does the signature reside? Yes; in the .dsc file. A failure to verify the signature will only result in a warning message. -- see shy jo signature.asc Description: Digital signature
Re: ftp.us.debian.org really slow/nonresponsive
Mark wrote: I wonder the same, since the Debian installer even states the best mirror choice may not be the one physically closest to you. It's not really accurate to say that cdn.debian.net chooses the mirror with the closest geographical location to you. It does something much more useful: It chooses a mirror that is known to be alive, and up-to-date, and is in the set of mirrors that are push primary mirrors -- the mirrors that are generally the best available in speed, connectivity, and maintenance. The last critera, after all those, is that the mirror be relatively near to you. It's possible, in some parts of some countries, for a connection to a mirror in the same country to need to travel under an ocean or over some other slow link, while a connection to a mirror in a different country travels over a fast link. AFAIK, cdn.debian.net does not have such network topology information available. Still, I think that the push-primary mirrors it selects generally work very well within their respective countries. New versions of the installer offer cdn.debian.net as an option. I'm looking forward to seeing how that works out, and maybe making the CDN the default later. Also looking forward to not needing to manually tweak my mirrors when I'm traveling. And already enjoying faster mirrors than I typically chose by hand, and especially, never being bothered when a mirror is down. -- see shy jo signature.asc Description: Digital signature
Re: Dependency based boot sequence conversion
Sven Joachim wrote:
What will the boot sequence be when I convert?
Anybody know how to wring that out of insserv?
Try the following (you don't have to be root for that):
$ cp -a /etc/{init,rc?}.d /tmp/
$ /sbin/insserv -p /tmp/init.d/
And inspect the /tmp/rc?.d directories.
I recently converted a fairly stock desktop system to dep based boot.
Here's how git describes the changes (thanks to using etckeeper):
[master c392728] dep based boot
Author: root r...@localhost
298 files changed, 107 insertions(+), 58 deletions(-)
create mode 100644 init.d/.depend.boot
create mode 100644 init.d/.depend.start
create mode 100644 init.d/.depend.stop
delete mode 100644 init.d/.legacy-bootordering
rename rc0.d/{K11anacron = K01anacron} (100%)
rename rc0.d/{K11atd = K01atd} (100%)
rename rc0.d/{K74bluetooth = K01bluetooth} (100%)
rename rc0.d/{K95collectd = K01collectd} (100%)
rename rc0.d/{K11cron = K01cron} (100%)
rename rc0.d/{K41fuse = K01fuse} (100%)
rename rc0.d/{K20hostapd = K01hostapd} (100%)
rename rc0.d/{K20kerneloops = K01kerneloops} (100%)
rename rc0.d/{K89klogd = K01klogd} (100%)
rename rc0.d/{K15mpd = K01mpd} (100%)
rename rc0.d/{K14mpdscribble = K01mpdscribble} (100%)
rename rc0.d/{K23ntp = K01ntp} (100%)
rename rc0.d/{K20openbsd-inetd = K01openbsd-inetd} (100%)
rename rc0.d/{K80openvpn = K01openvpn} (100%)
rename rc0.d/{K20policycoreutils = K01policycoreutils} (100%)
rename rc0.d/{K20postfix = K01postfix} (100%)
rename rc0.d/{K20saned = K01saned} (100%)
rename rc0.d/{K20termnetd = K01termnetd} (100%)
rename rc0.d/{S30urandom = K01urandom} (100%)
rename rc0.d/{K50alsa-utils = K02alsa-utils} (100%)
rename rc0.d/{K86avahi-daemon = K02avahi-daemon} (100%)
rename rc0.d/{K88network-manager = K02network-manager} (100%)
rename rc0.d/{K21spamassassin = K02spamassassin} (100%)
rename rc0.d/{K90sysklogd = K03sysklogd} (100%)
rename rc0.d/{S20sendsigs = K04sendsigs} (100%)
rename rc0.d/{S31umountnfs.sh = K05umountnfs.sh} (100%)
rename rc0.d/{K20nfs-common = K06nfs-common} (100%)
rename rc0.d/{S32portmap = K06portmap} (100%)
rename rc0.d/{K25hwclock.sh = K07hwclock.sh} (100%)
rename rc0.d/{S35networking = K07networking} (100%)
rename rc0.d/{S36ifupdown = K08ifupdown} (100%)
rename rc0.d/{S40umountfs = K09umountfs} (100%)
rename rc0.d/{S50lvm2 = K10lvm2} (100%)
rename rc0.d/{S60umountroot = K11umountroot} (100%)
rename rc0.d/{S90halt = K12halt} (100%)
rename rc1.d/{K11anacron = K01anacron} (100%)
rename rc1.d/{K11atd = K01atd} (100%)
rename rc1.d/{K74bluetooth = K01bluetooth} (100%)
rename rc1.d/{K95collectd = K01collectd} (100%)
rename rc1.d/{K11cron = K01cron} (100%)
rename rc1.d/{K80cups = K01cups} (100%)
rename rc1.d/{K16hal = K01hal} (100%)
rename rc1.d/{K20hostapd = K01hostapd} (100%)
rename rc1.d/{K20hotkey-setup = K01hotkey-setup} (100%)
rename rc1.d/{K20kerneloops = K01kerneloops} (100%)
rename rc1.d/{K89klogd = K01klogd} (100%)
rename rc1.d/{K15mpd = K01mpd} (100%)
rename rc1.d/{K14mpdscribble = K01mpdscribble} (100%)
rename rc1.d/{K23ntp = K01ntp} (100%)
rename rc1.d/{K20openbsd-inetd = K01openbsd-inetd} (100%)
rename rc1.d/{K80openvpn = K01openvpn} (100%)
rename rc1.d/{K20policycoreutils = K01policycoreutils} (100%)
rename rc1.d/{K20postfix = K01postfix} (100%)
rename rc1.d/{K20saned = K01saned} (100%)
rename rc1.d/{K20termnetd = K01termnetd} (100%)
rename rc1.d/{K86avahi-daemon = K02avahi-daemon} (100%)
rename rc1.d/{K88network-manager = K02network-manager} (100%)
rename rc1.d/{K21spamassassin = K02spamassassin} (100%)
rename rc1.d/{K90sysklogd = K03sysklogd} (100%)
rename rc1.d/{K20nfs-common = K06nfs-common} (100%)
rename rc1.d/{K81portmap = K06portmap} (100%)
rename rc1.d/{S30killprocs = S01killprocs} (100%)
rename rc1.d/{S70bootlogs = S06bootlogs} (100%)
rename rc1.d/{S90single = S07single} (100%)
rename rc2.d/{S20hostapd = S01hostapd} (100%)
rename rc2.d/{S30mpd = S01mpd} (100%)
rename rc2.d/{S75sudo = S01sudo} (100%)
rename rc2.d/{S10sysklogd = S01sysklogd} (100%)
rename rc2.d/{S12acpid = S02acpid} (100%)
rename rc2.d/{S89anacron = S02anacron} (100%)
rename rc2.d/{S89atd = S02atd} (100%)
rename rc2.d/{S95collectd = S02collectd} (100%)
rename rc2.d/{S89cron = S02cron} (100%)
rename rc2.d/{S12dbus = S02dbus} (100%)
rename rc2.d/{S20hotkey-setup = S02hotkey-setup} (100%)
rename rc2.d/{S11klogd = S02klogd} (100%)
rename rc2.d/{S05loadcpufreq = S02loadcpufreq} (100%)
rename rc2.d/{S31mpdscribble = S02mpdscribble} (100%)
rename rc2.d/{S23ntp = S02ntp} (100%)
rename rc2.d/{S20openbsd-inetd = S02openbsd-inetd} (100%)
rename rc2.d/{S50rsync = S02rsync} (100%)
rename rc2.d/{S19spamassassin = S02spamassassin} (100%)
rename rc2.d/{S16ssh = S02ssh} (100%)
rename rc2.d/{S20termnetd = S02termnetd} (100%)
rename rc2.d/{S14avahi-daemon = S03avahi-daemon} (100%)
rename rc2.d/{S25bluetooth = S03bluetooth} (100%)
rename rc2.d/{S20cpufrequtils = S03cpufrequtils} (100%)
rename rc2.d/{S24hal = S03hal} (100%)
rename
Re: Debian on a Super Lean Laptop Part I - Making it Work
Scarletdown wrote: initrd /boot/initrd.img-2.6.32-3-486 [Linux-initrd @ 0x10b3000, 0x76cdf9 bytes] After that, she's locked up tight, and all I can do is power off. This is obviously a problem with initrd. Set too large for such a low memory system perhaps? I doubt it, since your initrd is only 7 mb. This seems more likely to be a problem with your bootloader. Quite possibly grub is not configured to read the initrd from the correct disk device. It can be hard to get that right when preparing an disk image on another machine. Or possibly, given the age of the hardware, the initrd is not located near enough to the front of the drive for grub to be able to access it. (Which is why having a separate /boot partition first used to be a good idea.) -- see shy jo signature.asc Description: Digital signature
Re: What's a good replacement package for ipmasq?
Michael R. Head wrote: I recently noticed that ipmasq has been removed from the archive, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538384 I've been using the package for years now, and I'm happy to migrate to a modern replacement, but I don't know which package I should choose (the removal request didn't find a suggestion in the bug report. What should I use to run a Debian server as a NAT box these days that works as simply as ipmasq? The closest I have been able to find is arno-iptables-firewall. I have not replaced ipmasq with it yet, but its configuration is at least as simple. -- see shy jo signature.asc Description: Digital signature
Re: NOW: Stay away from lshw! WAS: Retrieve hardware and modules info..
Sven Joachim wrote: You are shooting the messenger. lshw is a userspace program, not a device driver. If running it locks up your system, this is almost surely a bug in the kernel. Userspace programs run as root, such as lshw, have access to the entire machine memory, registers, and data busses, all of which can be used to do arbitrary nonsense to the system, including crashing it. -- see shy jo signature.asc Description: Digital signature
Re: problem installing grub-legacy
Stephen Powell wrote: Aren't you glad you use Dial? Don't you wish everybody did? s/Dial/lilo/ Given that I have in the past spent up to 2 days remotely walking family members through fixing machines that booted to LI or LIL .. no. I only wish lilo on enemies -- but still prefer enemies use soap. But seriously, it's obvious that somebody messed up with the package dependencies. There's not much point in having a grub-legacy package if it can't be installed, now is there? Except that's is clearly not the case that grub-legacy cannot be installed, if you actually look at the dependencies of grub-common. I have grub-legacy installed here, works fine. -- see shy jo signature.asc Description: Digital signature
Re: Mailing list policy change?
Paul E Condon wrote: As a matter of fact, the current rule is helpful to me in assessing the advice that I get. If I get a CC, I think this guy isn't a real DD --- I wonder if he knows what he's talking about. Well, the only problem with that thought is that if you take a quick look at, say, actual DD posts to debian-devel, you will find rampant CCing. You will also probably find that DDs on debian-user sometimes CC users who ask a question, but may not be subscribed to this list. There are well-known and well-documented procmail and maildrop rules to drop duplicate mails due to CCs. Anyone who is very bothered by CCs probably uses those tools. BTW, a common result of using those rules is for CC'd messages to only show up in the main inbox, rather than in a mailing list's folder[1]. Which can be convenient, or annoying, depending. So the existence of the 'no CC' rule in the mailing list code of contact is probably best understood as being similar to the speed limit: A well-intentioned rule, often ignored by many to most, that allows dealing with grevious offenders, but at the cost of allowing the net police to single out anyone who is just following along, and make their day miserable. (Which also explains the following rule in the code of conduct, about not complaining publically when the CC rule is broken.) -- see shy jo [1] Because the CC'd copy typically arrives first, and is lacking the mailing list headers. signature.asc Description: Digital signature
Re: My warning about Lenny
Martin Wuertele wrote: I am beginner in Linux. I install Debian 5.0.3 Lenny. I have several warnings: - in install I can't choose Gnome or Kde Graphical desktop environment will install both This is not the case in Debian 5.0. Nor was it the case with Debian 4.0. Debian 3.1 (2005) was the last one to do that. To install KDE, at the installer's boot menu, choose: Advanced Options Alternative desktop environments KDE Or, download the KDE CD, which contains KDE and installs it automatically. http://cdimage.debian.org/debian-cd/5.0.3/i386/iso-cd/debian-503-i386-kde-CD-1.iso Or, press Tab and add tasksel/desktop=kde to the kernel command line. -- see shy jo signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
Roger Leigh wrote: % setfacl -m g:www-data:rx ~ ~/public_html Many web servers are configured to run user-supplied CGI scripts as www-data, so this approach is not particularly secure. -- see shy jo signature.asc Description: Digital signature
Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?
whereislibertyandjust...@safe-mail.net wrote: __gmon_start__ A minute with a search engine will tell you this symbol is included in the standard glibc, and is a hook into early program runtime provided by sysdeps/generic/initfini.c _Jv_RegisterClasses This is part of GCC's libgcc library, and is defined in the crtstuff.c file. http://www.google.com/codesearch/ is an easy way to find the code where symbols you are interested in originate. These strings are not alone by themselves in the binaries they follow with commands with a @ mark before each command. If you're referring to things like these: setrli...@glibc_2.0 msg...@glibc_2.0 That is library symbol versioning, a feature of linux's linker, most often used by glibc. http://people.redhat.com/drepper/symbol-versioning -- see shy jo signature.asc Description: Digital signature
Re: Is apt-get still the cool package installer?
John Jason Jordan wrote: But all the people in the know about Debian tell me I should be using aptitude. I suppose I should switch, but that would require learning new stuff. After a graduate degree my brain is full, so if I learn new stuff I'll have to delete some of the old stuff. Bah. A garbage collection shortcut for your memory: All of the old reasons to use aptitude instead of apt-get for command-line package installation no longer apply; those improvements have been rolled back into apt-get. -- see shy jo signature.asc Description: Digital signature
Re: User privileges separation in Debian.
Andrew Sackville-West wrote: This is only a guess, so hopefully someone who knows will chime in. It sounds like typical forking behavior to me. ssh's privilege separation is somewhat atypical. From sshd_config(5): UsePrivilegeSeparation Specifies whether sshd(8) separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is “yes”. The process tree looks like this: root 1554 0.0 0.0 5456 692 ?Ss Nov19 0:00 /usr/sbin/sshd root 29117 0.5 0.2 8516 2944 ?Ss 18:42 0:00 \_ sshd: joey [priv] joey 29122 0.0 0.1 8648 1920 ?S18:42 0:00 \_ sshd: j...@pts/3 joey 29123 0.8 0.2 6984 2556 pts/3Ss 18:42 0:00 \_ -zsh In order, the processes are: * The parent process, listening for new connections and forking children. * The privileged monitor process, that is never exposed directly to the network, and handles requests on behalf of the next process. * The unprivileged process that talks to the network and runs the shell. The original question was why the second process runs as root. As far as I can tell, the monitor needs root to: a. Use PAM to authenticate the user in the first place. b. Update the utmp file and do other cleanup at the end, including removing write permission to the tty device that was used during the session. -- see shy jo signature.asc Description: Digital signature
Re: What is the best way to manage 3rd party debs?
martin f krafft wrote: If you install a third party deb, you should inspect its contents exactly to make sure it doesn't touch files in /etc. Also check the hooks. If there are no problems, then it's probably safe. Did you know that dpkg will not install /var/lib/dpkg/info/* if it's in the package's data.tar.gz? I'm sad that I cannot give that as an example of an attack such checks will miss, but including files in /dev/* is nearly as much fun. /proc/acpi/sleep is an amusing file to ship in a deb too. If you want to run arbitrary code, you need to be more sneaky.. Shipping a /root/.bashrc or /usr/local/bin/cat is too obvious, instead you can ship a /lib/i486-linux-gnu/somelib.so. (The linker won't use it until something else eventually runs ldconfig but this just hides that your package is what causes the eventual breakage.) Be sure to include some /var/run/*.pid files, with a pid of 1 of course, so that stopping daemons causes the system to reboot. Including a /tmp/.X11-unix/X0 will mess up the running X nicely. BTW, including /bin/sh in a package won't work due to overwrite checking, but you can include /usr/bin/awk and replace the symlink to alternatives, since that symlink is not in a package. Finally, installing a 'sl' or other typo-squatting command is always an option. If these examples didn't make sense to someone, don't install third party packages from untrusted sources, no matter how much checking you do.. -- see shy jo signature.asc Description: Digital signature
Re: chkrootkit infected ports 2881
Thomas Preud'homme wrote:
I don't think it's that important. chkrootkit seems a little hazardous
since there was a bug about chkrootkit killing a random process (in
fact one of its test was sending a signal to process 12345, this bug
has been corrected).
That anyone could code such a thing was astounding.. until I looked at the part
of chrootkit's code that's responsible for the INFECTED PORTS message:
bindshell () {
PORT=114|145|465|511|600|1008|1524|1999|1978|2881|3049|3133|3879|4000|4369|5190|5665|6667|10008|12321|23132|27374|29364|30999|31336|31337|37998|45454|47017|47889|60001|7222
So, rootkits only bind to this small list of high ports? If I were
writing a rootkit, mine wouldn't. I've got a list right here; why would I
choose any of the ports on it? Why is something on port 2881 any
more indicative of a rootkit than something on port 2880? I'd suggest
instead that it's _less_ indicative of a good rootkit!
OPT=-an
for P in `echo $PORT | ${sed} 's/|/ /g'`; do
if ${netstat} ${OPT} | ${egrep} ^tcp.*LIST|^udp | ${egrep} \
[.:]${P}[^0-9.:] /dev/null 21
then
PI=${PI} ${P}
fi
done
if [ ${PI} != ]
then
echo INFECTED (PORTS: $PI)
So, the netstat program can be trusted? No rootkit authors will ever
consider replacing it with a version that doesn't show their ports?
And this looks for any processes listening on one of the ports for TCP, or
for any UDP that happens to be using the port whatsoever. That includes
local processes using UDP with that port, but it will also match if the remote
side is using UDP on that port.
Yes, something listening on a strange TCP port is unusual. But only as unusual
as running a ftp client or bittorrent download, or any of a number of other
things.
The UDP part of the check is much less defensible; systems use UDP with random
ports in regular operation. You may have heard of the recent DNS vulnerability
-- the fix for that is to use randomised UDP ports when making queries.
In summary, chrootkit has plenty of false positivies (just check the list
archives), and will only ever have correct positives if rootkit authors are
slower to update than it is, or stupid. When was chkrootkit last updated?
December. The rootkits it's trying to detect? 3 am last night.
--
see shy jo
signature.asc
Description: Digital signature
Re: chkrootkit infected ports 2881
Adam Hardy wrote: Not shown: 65529 closed ports PORT STATE SERVICE 22/tcpopen ssh 25/tcpopen smtp 80/tcpopen http 443/tcp open https 3306/tcp open mysql 12121/tcp open unknown But when I run nmap from my home machine to scan it remotely, I see these extra ports are open: Not shown: 65524 closed ports PORT STATESERVICE 22/tcpopen ssh 25/tcpopen smtp 80/tcpopen http 443/tcp open https 1720/tcp filtered H.323/Q.931 3306/tcp open mysql /tcp filtered irc 6667/tcp filtered irc 6668/tcp filtered irc 6669/tcp filtered irc 12121/tcp open unknown So I have 1720, , 6667, 6668 and 6669 open and nmap is ignoring them. Isn't that conclusive evidence that nmap on the suspected machine is some hacker's version? filtered != open Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. -- man nmap The only unusual thing here is that port 12121. netstat -p can probably tell you what program is listening on that port. (Well, I don't know why you have a SQL server listening for connections from the outside world either.) -- see shy jo signature.asc Description: Digital signature
Re: [rant] Dear Thunderbird/Enigmail users
Sebastian Günther wrote: Dear Thunderbird/Enigmail users, please stop using inline pgp: this is deprecated. I know this is the default, because some ancient braindead mailclients from Redmond refuse to be stadard compliant. But who *cares* in here? So go to to your enigmail preferences and turn this annoying traditional pgp *OFF*. There are many procmail recipes floating around that convert inline pgp into mime. I see that you're a mutt user, so the closest example to hand is presumably /usr/share/doc/mutt/PGP-Notes.txt.gz. Or google will find numerous others, including others that have been posted to this very list. -- see shy jo signature.asc Description: Digital signature
Re: apt-get update misspell
[debian-boot is not the right list for this.. debian-user is] Dave Rave wrote: when running apt-get update, and its reading the files, it says file rred instead of file read Its been that way for a while now. maybe whoever updated the updater didn't speaka d'englishe. rred is a form of patch syntax, which allows updating the Packages files without re-downloading the entire file each time. It is based on the format used by ed(1), or more specifically red(1). There's a /usr/lib/apt/methods/rred program that apt runs to do this. -- see shy jo signature.asc Description: Digital signature
Re: How to create qemu-bootable image using debootstrap?
David Barrett wrote: Following up on my previous post: I've figured out some of the steps, but I'm stuck on installing Grub. Do you know how to install grub on a raw device file? You may be able to get grub-install to work using the --grub-mkdevicemap option and a dummied up device map that points to the disk image. echo Creating 1GB file of zeros in $1.raw dd if=/dev/zero of=$1.raw bs=1024 count=1048576 But wouldn't it be easier to stop here and run: qemu -cdrom mini.iso -hda $1.raw -boot c (Downloading an appropriate d-i mini.iso or other iso first.) -- see shy jo signature.asc Description: Digital signature
Re: naming of linux-image package
Magnus Pedersen wrote: The 2.6.25 I get, but what is the difference between the -2 and the -5. My guess is that the -x is the debian build version, but why the different numbers? The -2 and -5 are ABI version numbers. Not all builds of the same version of the kernel are compatible with each other. If you are running 2.6.25 and install a new build of 2.6.25, and there is an ABI incompatability, trying to load modules from the new kernel can fail, which can make the system not very usable. So the Debian kernel team keeps track of ABI compatability, and if it is broken, increases the ABI version number. This allows you to have 2.6.25-2 and 2.6.25-6 installed at the same time, and not accidentially load one version's modules into the other. -- see shy jo signature.asc Description: Digital signature
Re: [OT]: possible spyware?
H.S. wrote: Hello, I was cleaning up some directories in an acquaintance's machine running Ubuntu Linux (whenever needed, I SSH to his machine from my Debian Lenny) and noticed that one of the directories had a file called ik which had this in it: - $ cat ik user un22 uyxuyx binary get postal.exe bye - Any idea what this is? From google, it appears it may be a spyware attempt. It appears to be a script of commands that could be sent to a ftp client to log into a ftp server and download a file. postal.exe certianly seems unsavory on google. No idea how it could do anything on linux though. -- see shy jo signature.asc Description: Digital signature
Re: cpu constantly busy on debian sid without doing anything...
Stackpole, Chris wrote: I once saw a similar problem. I don't know if this is your case, but I will explain what I did. I checked everything from the hard drive with iostat to the memory, my cpu was being hammered much like yours but nothing seemed to fess up to doing it. I installed htop (http://htop.sourceforge.net/ also in the repos for apt-get goodness) and then I had it display Kernel threads (run htop at the command line and sort by cpu with F6 then Shift+K to show Kernel threads). In my case it was kacpid that was chewing up my cpu. So I edited grub to be acpi=off and it went away. That was sometime ago, but a quick Google search shows that it still happens to people on Debian and Ubuntu systems. I have no idea what causes it. FWIW, I ran into this problem on my laptop recently. Eventually, I realized that it was so humid out that the lid close sensor was malfunctioning, generating a constant stream of acpi lid open events. (Apparently no lid close events, luckily.) Each of these caused kacpid to do some work, as well as pass an event on to acpid, which ran a lid open program (which didn't really do anything). I eventually killed acpid, which controlled the load somewhat. And waited for things to dry out to the point the acpi events stopped happening. Moral of the story: It could be any crazy kind of hardware problem you can imagine.. Note that top is not very good at showing the load caused by lots of very shorted lived processes being started, so it's easy to miss this kind of problem in it. I straced acpid to figure out what was going on. -- see shy jo signature.asc Description: Digital signature
Re: netinst CD with OpenSSL fix?
Lee Glidewell wrote: On Sunday 15 June 2008 01:23:17 pm Tzafrir Cohen wrote: On Sun, Jun 15, 2008 at 07:35:41PM +0800, Bob wrote: Does such a thing exist? If you do a networked installation, you'll get the latest version at install time anyway. The issue here would be using the fixed random number generator to setup whole disk encryption. Upgrading after installation won't help with that. Per http://www.debian.org/security/key-rollover/ , the LUKS and dm-crypt encryption that is used for disk encryption is not affected by the openssl problem. -- see shy jo signature.asc Description: Digital signature
Re: Iceweasel 3 and gopher?
Peter Tynan wrote: I was under the impression that although Iceweasel started off as a simple rebranding project that the maintainers had greater ambitions and that they already made changes to the source that have nothing to do with the branding - am I wrong? So, let’s dig into our firefox_2.0~rc1+dfsg-1.diff.gz: * Changes to disable application upgrade (we want that to happen through apt-get) and change some other default preferences, * Changes to fix “make distclean” so that it really cleans the build directory, * Change not to build the “mangle” utility, * Change not to call netstat to generate entropy, which is useless on linux, * Changes to make Firefox® build and work on architectures such as hppa, mips, mips64, m68k, ia64, sparc64, alpha, and arm, which the Mozilla® guys don’t seem to care much for, * Change to add a preference directory so that users can put their set of customized preferences in /etc/firefox/pref, * Change to allow to build flat chrome without the zip utility, * Change to allow to use system library for myspell, instead of statically linking the bundled one, * Changes to allow to build s390 binaries on s390x host with s390 toolchain (same applies with x86 binaries on amd64 host with x86 toolchain), * Changes to work around bugs with the hidden visibility pragma on gcc, * Changes to make the pango backend actually build correctly, * Changes to avoid some error messages while trying to create Makefiles from inexistant Makefile.in’s, * Change to install in /usr/lib/firefox instead of /usr/lib/firefox-x.y, * Change not to build useless chromelist.txt files, * Changes to make helper applications with parameters work, * Changes to allow builds against GTK 2.8, * Changes to work around an Xrender bug, * Changes to make the Gecko/yymm string taken from preferences instead of being half-hard-coded (you could change it with preferences, but it would still be set to the hard-coded value at start time ; and you could change it again with preferences…), * Change to allow mice extra buttons to act as something else than a left button, * Change to allow to build with -Wl,–as-needed to avoid linking against a whole lot of useless libraries, without losing the link on libxpcom.so which is required by some extensions’ components, * Changes not to shlibsign the NSS modules at build time, since we’re stripping the binaries afterwards, thus breaking the signature. We do build the signatures later, within the maintainer scripts. That’s not that many changes, and most of them were taken from either some Mozilla® CVS trunk or the Mozilla® Bugzilla™. And most of those that were not taken from there have been sent, except those that really don’t make much sense outside Debian. -- Mike Hommey http://glandium.org/blog/?p=97 Overall, Ubuntu applies the same set of patches as Debian, plus some more. [...] So, while I’m at it, here is an exhaustive list of the bugs where we took or sent the patches that are applied to Iceweasel: #51429, #161826, #252033, #258429, #273524, #287150, #289394, #294879, #307168, #307418, #314927, #319012, #322806, #323114, #325148, #326245, #330628, #331781, #331785, #331818, #333289, #08, #343953, #345077, #345079, #345080, #345413. -- Mike Hommey http://glandium.org/blog/?p=99 That was two years ago, but I don't believe things have significantly changed. Simply comparing the size of the diffs suggests that the overall level of patching has decreased between 2.0 and 3.0: -rw-rw-r-- 2 dak debadmin 182K Apr 30 01:47 iceweasel_2.0.0.14-0etch1.diff.gz -rw-rw-r-- 2 dak debadmin 154K Jun 9 05:02 iceweasel_3.0~rc2-1.diff.gz You'll find much more and larger patches in things like the kernel, glibc, and OOo than you will in our forced fork of iceweasel. -rw-rw-r-- 2 dak debadmin 4.1M Jun 12 10:47 linux-2.6_2.6.25-5.diff.gz -rw-rw-r-- 2 dak debadmin 707K Jun 2 19:32 glibc_2.7-12.diff.gz -rw-rw-r-- 2 dak debadmin 82M Jun 1 17:02 openoffice.org_2.4.1~rc2-1.diff.gz -- see shy jo signature.asc Description: Digital signature
Re: popcon mail confusion
Adam Hardy wrote: popcon has installed itself as a crontab.weekly job which is executed by user root, I presume, but I get a 'mail delivery failed' turn up in my user account, not in root. I checked the config for popcon and I can see how it is picking up my user account. How can it be doing that? You probably have a /etc/aliases containing root: youraccount popularity-contest does fall back to trying to send email if submission by http fails. Secondly I tried setting up an MTA to accept the email from popcon, when it tries via email, and I picked msmtp-mta and configured it with my email provider settings, but I can't see how anything can pick up msmtp without some more config, but I can't see anything relevant in the man pages. Am I on the right track, and what is the next step? popcon sends mails in the standard way, by running the sendmail command, which should be provided by your MTA. -- see shy jo signature.asc Description: Digital signature
Re: [OT] signing a pdf document
Florian Kulzer wrote: It is easy to scan your own signature and convert it into a compact vector-based PDF that can be scaled without loss of quality. I doubt that this constitutes a true signature in the legal sense Amazingly, even typing your name into a form is considered a legal signature in some countries. -- see shy jo, who prefers gpg signature.asc Description: Digital signature
Re: Inconsistent state in util-linux
Douglas A. Tutty wrote: /usr/local/share/perl/5.8.8/Errno.pm is not part of Debian. Get rid of Well, the sysadmin should be able to put whatever they want in /usr/local without messing up debian automated systems. Why is apt or grub or whatever trying to run perl from /usr/local? If it needs a specific version of perl, why is it not using the proper full path? By installing a file in /usr/local/share/perl/version/ , you are telling perl hey, if you're version version of perl, here is a nice file that I went out of my way to locally install for you. So use it instead of the file that is included in your regular package. Because I asked you to, nicely. TIA. Oh, and if the file is bad, please still use it, and blow up in arbitrary ways. Because I asked you to use it, and I know better than you. -- see shy jo signature.asc Description: Digital signature
Re: Inconsistent state in util-linux
Douglas A. Tutty wrote: On Wed, May 14, 2008 at 06:34:12PM +0200, Florian Kulzer wrote: On Wed, May 14, 2008 at 11:06:03 -0500, Rob Wright wrote: /usr/local/share/perl/5.8.8/Errno.pm is not part of Debian. Get rid of it and the proper module at /usr/lib/perl/5.8.8/Errno.pm will be used. Running aptitude install -f should then be enough to fix your system. This has been in a thread recently. Are people compiling their own perl into /usr/local or has something incorrectly put something there? People occasionally decide to install perl modules directly from CPAN, which can lead to this problem. CPAN is a great resource, but having it install directly onto Debian (or most any distribution) is not a good idea. -- see shy jo signature.asc Description: Digital signature
Re: where did www.debian.org/security/key-rollover/ go?
Rody wrote: In response to the latest security issue with ssl / ssh, i updated my packages with the new fixed versions of ssl. However the steps to regenerate the keys are not available on: www.debian.org/security/key-rollover/ as the security advisory tells us. According to google, the page did exist 4 hours ago, but right now it's a dead link. AFAICS, the page is not ready yet. More to follow soon This page on the wiki has fairly complete instructions in the meantime: http://wiki.debian.org/SSLkeys 1) remove all packages with ssl and ssh in the name, and reinstall them after that. The nessesary keys should be created that way. No, that will not work. -- see shy jo signature.asc Description: Digital signature
Re: where did www.debian.org/security/key-rollover/ go?
Ross Boylan wrote: 2) cd /etc/ssh; invoke-rc.d ssh stop; rm *host*; dpkg-reconfigure --default-priority openssh-server There's no need to stop ssh. Just rm /etc/ssh/*host*; dpkg-reconfigure openssh-server And then go fix all your ~/.authorized_keys files. And also openvpn and SSL certificates. BTW, if you're running unstable, a new openssh-sever package will be available in the next update (in about 8 hours) that automates replacing weak ssh host keys, and also blocks login attempts using weak keys. -- see shy jo signature.asc Description: Digital signature
Re: where did www.debian.org/security/key-rollover/ go?
Eduardo M KALINOWSKI wrote: Here I ran /etc/init.d/ssh restart after purging the host keys, is that enough or does dpkg-reconfigure do something extra that is necessary? dpkg-reconfigure openssh-server generates any missing host keys, and restarts ssh for you. -- see shy jo signature.asc Description: Digital signature
Re: where did www.debian.org/security/key-rollover/ go?
Douglas A. Tutty wrote: After keys are regenerated and all old keys are removed, would a reboot be in order to ensure that no apps are using old files that have been unlinked but still open? If replacing a key for a daemon like ssh, or apache, or postfix, restart the daemon. Some of these daemons read the key file into memory on startup and never re-read it. I don't suppose that new version of (was it ssh) in Sid that warns of connections with weak keys will be backported to Etch as a security fix? Yes, ssh in etch will be updated. -- see shy jo signature.asc Description: Digital signature
Re: [OT] Recovering a deleted file that is still open
Raj Kiran Grandhi wrote: If I have accidentally deleted a file that is still being used by some application (read or write mode), is it possible to recover such a file? Especially since the file is not really deleted until the descriptor is closed by the application? Just wondering... Yes, get the pid of the process that has the file open, then go to /proc/PID/fd/ [EMAIL PROTECTED]:/proc/19553/fddir total 0 dr-x-- 2 joey joey 0 May 8 00:36 ./ dr-xr-xr-x 6 joey joey 0 May 8 00:36 ../ lrwx-- 1 joey joey 64 May 8 00:36 0 - /dev/pts/10 lrwx-- 1 joey joey 64 May 8 00:36 1 - /dev/pts/10 lrwx-- 1 joey joey 64 May 8 00:36 2 - /dev/pts/10 lr-x-- 1 joey joey 64 May 8 00:36 6 - /home/joey/foo~\ (deleted) [EMAIL PROTECTED]:/proc/19553/fdcat 6 ~/foo -- see shy jo signature.asc Description: Digital signature
Re: watching Netflix on Debian
Russ Cook wrote: Or you could tilt at windmills and complain to Netflix, your congressmen, the media, and anyone else who will smile pleasantly, nod, and then ignore you. I hate DRM. Or you could crack the DRM. Which is, after all, the only way that all us linux netflix subscribers are able to consume the DRMed media they ship to us on plastic. -- see shy jo signature.asc Description: Digital signature
Re: Triggers Pending
Sven Joachim wrote: This is because initramfs-tools already uses triggers, see #447611¹. I'm not convinced that it is a very good idea to do this in Lenny packages, since the Etch versions of apt and aptitude lack support for the new trigger states. While dpkg 1.14.18 conflicts with these versions, a dist-upgrade from Etch to Lenny will still be done by the old versions. When an old version of dpkg is installed, the code in initramfs-tools will behave exactly as it did before trigger support was added. -- see shy jo signature.asc Description: Digital signature
Re: preseed.cfg surprise
Jude DaShiell wrote: For one thing the preseed.cfg file is so large (128k) in my case and has lots of error messages in it I never encountered during installation. Can the preseed.cfg file safely be cleaned up to reflect actual installation choices made? The instructions I followed are in the debian installation manual for i386 computers. The installation manual contains (and links to) an example preseed.cfg file that you can copy, modify, and use. This is often a better approach than generating one with debconf-get-selections, since the example file is more minimal, omitting things like error messages, and also includes some helpful comments. You can clean up the preseed.cfg you generated if you prefer. If you delete the answer to a question that is asked during the install, the install won't be fully noninteractive. Deleting parts of the file shouldn't lead to any other problems. -- see shy jo signature.asc Description: Digital signature
Re: sidux
Andrew Sackville-West wrote: The crucial bit that many miss is that new packages don't move into testing unless they've sat in unstable with no new bug reports for 10 days (I think). Or 5 days (urgency=medium in changelog). Or 2 days (urgency=high). Or 1 day if it's a bad enough problem (urgency=emergency). -- see shy jo signature.asc Description: Digital signature
Re: sidux
Andrew Sackville-West wrote: On Mon, Apr 14, 2008 at 06:25:11PM -0400, Joey Hess wrote: Andrew Sackville-West wrote: The crucial bit that many miss is that new packages don't move into testing unless they've sat in unstable with no new bug reports for 10 days (I think). Or 5 days (urgency=medium in changelog). Or 2 days (urgency=high). Or 1 day if it's a bad enough problem (urgency=emergency). thanks Joey. In your opinion, am I right in my assessment that testing is more likely to be in an unusable state for longer than sid? (at least at the package, not system, level)? No, I don't think so. If a package has a bug that makes it unusable, then a) Someone will generally notice a bug in the two weeks before that buggy package gets into testing, and file a RC bug to keep it out. b) If a bug that makes a package unusable does get into testing, it can be fixed in 2 days in most cases. c) The graph of release critical bugs[1] currently shows 1750 in unstable, and only 571 of those affect testing. (658 of them affect *stable*). http://bugs.debian.org/release-critical/ -- see shy jo [1] Not all of which actually make the package unusable for users, but many of them do. signature.asc Description: Digital signature
Re: curious -anyone else seeing this?
David Fox wrote: On Wed, Mar 26, 2008 at 2:14 AM, Johannes Wiedersich [EMAIL PROTECTED] wrote: Have you informed sculpture.cz or wherever the mail originated? I'd rather have them know that they have to reconfigure their mail system. I CCed the first message to their Postmaster, maybe that will help. If that doesn't help, I can send a mail to the whois contact. Send a mail to the debian listmasters. They unsubscribe bouncing subscribers all the time. Be sure to include the bounce's full headers so they can hopefully figure out which email address is subscribed. Trouble? Contact [EMAIL PROTECTED] -- see shy jo signature.asc Description: Digital signature
Re: Debian is losing its users
Juha Tuuna wrote: Do 'losing users' correlate 1:1 (or with some other ratio) to using the word 'Debian' as a search word in your search engine here? Maybe someone maintaining a _major_ mirror could tell something about installer downloads. http://popcon.debian.org/stat/sub-i386.png As with all statistics, it's possible to draw entirely wrong conclusions from this graph, but there you are, some real data about a subset of the people using Debian. -- see shy jo signature.asc Description: Digital signature
Re: Slow ping?
Andrei Popescu wrote: Can anybody explain why the first ping takes 5 times longer, while getting more than 5 times faster ping replies? Because ping does a DNS lookup, which has to time out as the first IP has no reverse DNS assignment. ping -n. -- see shy jo signature.asc Description: Digital signature
Re: time messed up since last kernel update
KS wrote: Is it the same as [EMAIL PROTECTED] ? Joey replied to a similar query about kernel clock yesterday. I'd need to see hwclock output to know for sure. Probably though. -- see shy jo signature.asc Description: Digital signature
Re: New kernel clock problems
Frank wrote: Mon Feb 11 20:51:12 2008: Setting the system clock. Mon Feb 11 20:51:12 2008: select() to /dev/rtc to wait for clock tick timed out Mon Feb 11 20:51:12 2008: ^[[33m*^[[39;49m Unable to set System Clock to: Tue Feb 12 01:51:12 UTC 2008 Should I file a bug or wait to see what happens ? It doesn't seem to affect the time as I run NTP to sync the clock. I opened a bug about this problem since I'm seeing it. It would help if you mailed [EMAIL PROTECTED] with information about your system. -- see shy jo signature.asc Description: Digital signature
Re: Nice GUI/CLI Password Manager for Linux
Amit Uttamchandani wrote: Recently moved from Mac to Debian Linux. I am looking for a nice and powerful FLOSS password manager similar to Keychain on Mac OS X. I preferably would want a CLI tool...so I could remote login using SSH and look at some passwords that I have forgotten. vim + gpg vim can be configured to automatically use gpg to decrypt *.gpg files when they're read and re-encrypt thenm when saving. The decrypted data never touches the disk (though encrypting your swap partition too wouldn't hurt). Dump the following in your .vimrc: Transparent editing of gpg encrypted files. By Wouter Hanegraaff [EMAIL PROTECTED] augroup encrypted au! First make sure nothing is written to ~/.viminfo while editing an encrypted file. autocmd BufReadPre,FileReadPre *.gpg set viminfo= We don't want a swap file, as it writes unencrypted data to disk autocmd BufReadPre,FileReadPre *.gpg set noswapfile Switch to binary mode to read the encrypted file autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg let ch_save = ch|set ch=2 autocmd BufReadPost,FileReadPost*.gpg '[,']!gpg --decrypt 2 /dev/null Switch to normal mode for editing autocmd BufReadPost,FileReadPost*.gpg set nobin autocmd BufReadPost,FileReadPost*.gpg let ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost*.gpg execute :doautocmd BufReadPost . expand(%:r) Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg '[,']!gpg --default-key=80BF97AA --default-recipient-self -ae 2/dev/null Undo the encryption so we are back in the normal text, directly after the file has been written. autocmd BufWritePost,FileWritePost*.gpg u augroup END -- see shy jo signature.asc Description: Digital signature
Re: Help with debconf
Alex Gonzalez wrote: For nr 2 I realized that apt-get was being run through a python script which was using commands.getstatusoutput. Changing this with an os.system call fixed the problem. Yes, if you redirect whiptail's output, you obviously won't see it on screen. -- see shy jo signature.asc Description: Digital signature
Re: Help with debconf
Alex Gonzalez wrote: pvalex:~# debconf-show pvrfs * pvrfs/partition: /dev/hda2 pvalex:~# apt-get --purge remove pvrfs pvalex:~# debconf-show pvrfs pvalex:~# pvalex:~# apt-get install pvrfs debconf (developer): -- INPUT high pvrfs/partition debconf (developer): -- 30 question skipped One reason that this can happen is that debconf allows multiple owners for a question, and will not forget the question has been seen until all owners go away. Purging the package removes one owner, but the other owner keeps the question in the db. If you've run the package's config script by hand, it probably has unknown set as the owner too. You could verify this by using debconf-get-selections or looking at the database by hand. This extra owner can be removed: echo PURGE | debconf-communicate unknown My guess is that there is a problem with file descriptor 12, how can I find out what is this descriptor supposed to be? This file descriptor is opened by debconf to read the result value from whiptail and is unlikely to be related to whatever problem you were seeing. -- see shy jo signature.asc Description: Digital signature
Re: Is everyone's system apt-get -qq updateing every day?
Adam Porter wrote: return 1 if check_stamp $UPDATE_STAMP $UpdateInterval; then if apt-get -qq update 2/dev/null; then As you can see, I haven't enabled the perodic updates in apt.conf, but the check_stamp function returns true if the interval is set to 0, In shell script, 1 is false. -- see shy jo signature.asc Description: Digital signature
