Re: repeatable dpkg-buildpackage
On Tue, May 27 2014, Ralf Mardorf wrote: Note that when building a headers package you must run the entire make-kpkg command under fakeroot: you can't use the --rootcmd fakeroot option in this case. - https://lists.debian.org/debian-user/2012/10/msg2.html Is that accurate? --8---cut here---start-8--- % cd /usr/local/src/kernel/linus-tree % git pull % make-kpkg clean % make-kpkg -j6 --initrd --rootcmd fakeroot\ --revision=$(date +%Y.%m.%d) \ --append-to-version '-anzu' kernel_headers This is kernel package version 13.013. ... dpkg-deb: building package `linux-headers-3.15.0-rc7-anzu' in `../linux-headers-3.15.0-rc7-anzu_2014.05.27_amd64.deb'. --8---cut here---end---8--- manoj -- If it heals good, say it. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C signature.asc Description: PGP signature
Re: Upgrading Squeeze to SID
On Mon, Aug 29 2011, SZERVÁC Attila wrote: R U a Debian Developer? If not, DON'T upgrade to *UNSTABLE* ('sid') distribution. 'sid' is the *UNSTABLE*, *very buggy*, *INCONSISTENT* distribution for *Debian developers only* - if U want new packages, use Debian Backports or *testing* (wheezy). I think this might be overdoing the fear, uncertainty, and doubt a trifle. Yes, unstable can be unstable at times. Packages are pushed to Sid after testing on the developer box, but little integration testing is done, so it is certainly possible that Sid might be broken. In 16 years of running unstable, the number of times when I have encountered major breakage can be counted on my fingers (and no need to take off my socks). I would not call it very buggy or inconsistent, and I don't think this should be considered developer only (We do want technically competent people testing Sid, so bugs do not get into testing). Sid should be approached with caution, and if you do not feel comfortable diagnosing the problem, and looking here or on the dev mailing list, or on the bug tracking system for a work around and fixes, you should certainly consider testing. However, if you are comfortable with Linux, running Sid is an option. I have been doing it forever (I do have a laptop, and I only upgrade the laptop _after_ a successful upgrade of my devel box, so I have at least one working machine) manoj -- You will not censor me through bug terrorism. James Troup Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/877h5wuo6d@glaurung.internal.golden-gryphon.com
Re: Why is troubleshooting Linux so hard?
On Wed, Nov 17 2010, Klistvud wrote: Dne, 17. 11. 2010 08:46:23 je Andrei Popescu napisal(a): Well, setting a set of guidelines is not about beating maintainers with anything. At all. It's the other way around; it's about letting maintainers intercommunicate and voice their suggestions and comments in order to avoid duplicating the efforts over and over again. I even think that such mechanism exists already, in the form of various Debian mailing lists (such as debian-legal) that make it easier for developers, maintainers and packagers to request their peers for comments. Seems like what the DPE process is all about, not policy. Also, I consider the lack of a body to make rules about how FLOSS software should be written to be an advantage, because it would hinder innovation. Well, sticking to the DFSG (for licensing), or to the i18n (for internationalization), or to the FHS (for file placement), or to the (for what it's worth) POSIX standard hasn't hindered innovation in any essential way so far, so why should we infere that any set of additional, well designed guidelines should hinder it? Again, such rules could help software developers and package maintainers avoid duplicating efforts. The FLOSS world has enough self-healing mechanisms in place that any guidelines, when they are nothing but a burden, get deprecated fairly soon anyway. In most of the cases, the design, and initial implementation, and buy-in from developers was in place before these things became policy. For the most part (though not always), policy tends to ratify and encode _tested_ practices, and only in a fashion that doesnot make most packages instantly buggy. manoj -- Computers are the most fun you can have with anything that isn't breathing. Bruce Walker, CACM Forum Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zkt750jp@anzu.internal.golden-gryphon.com
Re: building 2.6.35
On Sun, Aug 15 2010, Stephen Powell wrote: On Sun, 15 Aug 2010 13:53:41 -0400 (EDT), Manoj Srivastava wrote: With the new versions of kernel-package in Squeeze, running make-kpkg clean should almost never be required (if the upstream Makefiles are not borked, as they rarely are). The new make-kpkg starts by removing and re-creating ./debian almost always, so the explicit clean is redundant. That would imply that things like --append-to-version and --revision must be specified on every invocation, correct? One cannot, for example, specify --append-to-version and --revision with the kernel_image target and then leave them off with a subsequent invocation for the modules_image target. Yes, that is one unfortunate consequence of the change. However, I just hit up arrow, since I usually build my kernel and modules pretty much at the same time, so it is usually not that onerous (I also use a shell script that uses the same VERSION AND REVISION VALUES, WHICH MAKES IT EVEN LESS OF AN HEADACHE) MANOJ -- Either I'm dead or my watch has stopped. Groucho Marx's last words Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ocd3j9jf@anzu.internal.golden-gryphon.com
Re: building 2.6.35
On Sat, Aug 14 2010, Stephen Powell wrote: Oops! I forgot to show the make-kpkg clean step after make menuconfig. I'm not sure if this is still needed anymore, but it's good practice. In real life, I did issue it; but when I composed the e-mail, I forgot to document it. With the new versions of kernel-package in Squeeze, running make-kpkg clean should almost never be required (if the upstream Makefiles are not borked, as they rarely are). The new make-kpkg starts by removing and re-creating ./debian almost always, so the explicit clean is redundant. manoj -- A kid'll eat the middle of an Oreo, eventually. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87eidzlq3e@anzu.internal.golden-gryphon.com
Re: Making make-kpkg quieter
On Wed, Apr 07 2010, Cameron Hutchison wrote: Is there any way to make make-kpkg (kernel-package 12.033) quieter? When I run a make-kpkg clean it spits out lots of lines about unlinking files in debian/... On a slow link, this is very annoying (if I forget to run screen) I have RTFM but I cannot see anything about making make-kpkg less verbose (as opposed to the kernel makefiles). Please file a wishlist bug. I have usually looked for more insight into what is happening, and might not have considered the desire to only see error with the level of effort it needs (though I think the unlink verbiage comes from the underlying utility, not make-kpkg itself) manoj -- Newman's Discovery: Your best dreams may not come true; fortunately, neither will your worst dreams. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87d3yav4pe@anzu.internal.golden-gryphon.com
Re: Making make-kpkg quieter
On Thu, Apr 08 2010, Mart Frauenlob wrote: Does v.12.033 always run a 'clean' first? Yes. Mine with lenny v.11.015 does not. That is one major version ago. Things changed a lot witht he new major version. manoj -- mophobia, n.: Fear of being verbally abused by a Mississippian. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y6gyt6cy@anzu.internal.golden-gryphon.com
Re: Correct way to (re)compile a kernel on Debian Sid
On Thu, Apr 08 2010, Stephen Powell wrote: Thu, 8 Apr 2010 11:01:01 -0400 (EDT), Celejar wrote: On Thu, 8 Apr 2010 10:40:46 -0400 (EDT), Stephen Powell wrote: It sounds to me like you want to get pristine kernel sources directly from kernel.org and compile them and run them on a Debian system. I've never done that, but others tell me that they do it. Of course, this is not supported by Debian. I'm not sure that it's correct to say that using kernel-package to build and install vanilla kernel sources is not supported by Debian. My understanding is that the package is supposed to work on any kernel tree, not just Debian's packaged ones. Perhaps Manoj will comment? I didn't say it wouldn't work. I said it is unsupported. There's Well, not supported by Debian is a bit of a misnomer, since Debian support often comes down to what a maintainer does. *I* support building from kernel.org sources -- but I just support the building part, not the kernel sources and the configuration bits. LKML support the kernel code, if you find a bug in what you get from kernel.org -- and yes, that is not Debian by any means. a difference. Debian does make modifications to the kernel source. The official Debian kernel source packages have been modified by the Debian kernel team after downloading them from kernel.org. There is a reason for all of these modifications. Often it's to prune non-free drivers from the kernel source tree. But there may be other modifications made for other reasons. The Debian kernel team only supports their own kernel sources. They often only support the tip kernels: And this means if you are running kernel from one version ago, you are out of luck, since mostly you will be told to get the latest kernel from Sid and try again. If you run nvidia, you are again out of luck: the kernel team does not deal with anything that taints the kernel. *I* support building nvidia modules using kernel-package -- but not the actual nvidia module source bugs. The nvidia-kerne-source maintainer doe soffer support for that, sot here is Debian support, in a sense. Just not from the kernel team. If you obtain kernel source code directly from upstream, and you have problems running it, you will have to seek support and file bug reports directly with upstream kernel development. You can't file a bug report against the Debian kernel source package because it's not the Debian kernel source. And you can't ask for help from the Debian kernel team on their list because it's not their source. They will have nothing to do with it. That's what I mean by unsupported. But if you had trouble packaging it with make-kpkg, you get hekp with packaging issues :-) manoj -- How many teamsters does it take to screw in a light bulb? FIFTEEN!! YOU GOT A PROBLEM WITH THAT? Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87d3y9tjpr@anzu.internal.golden-gryphon.com
Re: Correct way to (re)compile a kernel on Debian Sid
On Thu, Apr 08 2010, Stephen Powell wrote: On Thu, 8 Apr 2010 16:01:03 -0400 (EDT), Ivan Marin wrote: On Thu, 8 Apr 2010 10:40:46 -0400 (EDT), Stephen Powell wrote: It sounds to me like you want to get pristine kernel sources directly from kernel.org and compile them and run them on a Debian system. I've never done that, but others tell me that they do it. Of course, this is not supported by Debian. I understand not supported as I can't file bugs from the pristine kernel on the Debian kernel package, and if there's a problem with that, I have to go to the kernel.org bug list, exactly as Stephen pointed. I'm also aware about the changes that the Debian Kernel Team does to the pristine kernel. But all this is about the kernel itself, and not the process of _building_ a new kernel. So a good question is: kernel-package supports the compilation of other kernels than the Debian one? Yes, I believe so. I myself have never done it, but others on this list have. Indeed. I never use the kernel team kernels (I generally use a git tree, but I support kernel tarballs) This is all explained in http://www.wowway.com/~zlinuxman/Kernel.htm In particular, review Step 10. I will check that, and see if there I can get my way around it. But I still miss the old make-kpkg way... ;-) Everything the old kernel-package did lives in example scripts in the examples dir. I confess there is the additional step in populating /etc/kernel.d, but you get the advantage of being able to expand what can be done with kernel images. The new way makes things simpler for the maintainer script. But it requires that the user be more knowledgeable in customizing the kernel installation process. True. But it also allows the user more power and flexibility, and allows users to share their scripts and stuff. I am just waiting for people to start building on the scaffolding provided :-) manoj -- Prof: So the American government went to IBM to come up with a data encryption standard and they came up with ...Student: EBCDIC! Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878w8xtjjj@anzu.internal.golden-gryphon.com
Re: recompiling the kernel with a different version name
On Wed, Apr 07 2010, Stephen Powell wrote: On Wed, 7 Apr 2010 14:54:53 -0400 (EDT), Celejar wrote: On Wed, 7 Apr 2010 13:48:18 -0400 (EDT), Stephen Powell wrote: ... Note: you must always issue make-kpkg clean after running make menuconfig or after running make-kpkg with any target other than clean. Otherwise, version and revision numbers will not work as expected. Assuming that you Are you sure that this is currently required? From the changelog: kernel-package (12.016) unstable; urgency=low * [4df65e7]: Remove obsolete warnings about running make-clean With the new facility to regenerate ./debian, all the old strictures about running make clean after anything that might change the version number have beenmade obsolete, so remove from man page. Bug fix: Is the --append-to-version section still accurate?, thanks to Frédéric Brière. Short answer: No. (Closes: #534743). -- Manoj Srivastava sriva...@debian.org Sun, 28 Jun 2009 15:31:12 -0500 I must confess I did not look at the change log. But the README file (/usr/share/doc/kernel-package/README.gz) still documents it as necessary. As to whether this is out of date or not, I do not know. But there is one thing I *do* know: the --revision flag he was using was not taking effect, as evidenced by the name of the package file produced. And I also know that when I use make-kpkg clean before building the kernel package, I never have any trouble. Note also that the comment above talks about changing the version number, not the revision number. They aren't the same. The README is out of date. I'll try and remember to fix this (feel free to file a bug report to remind me). I am not sure why the revision flag was not taking effect (I have not had time to look into the mails yet), but the +drm3 is coming from the kernel code (something is setting .localversions or the ilk). manoj -- Guard against physical unruliness. Be restrained in body. Abandoning physical wrong doing, lead a life of physical well doing. 231 Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/877hojkm99@anzu.internal.golden-gryphon.com
Re: Customizing the kernel installation process
On Sun, Apr 04 2010, bri...@aracnet.com wrote: On Sun, 04 Apr 2010 11:00:58 -0500 Hugo Vanwoerkom hvw59...@care2.com wrote: for the longest time I have downloaded the kernel tarball and built outside of debian. however I'd like to use the debian nvidia packages, so I'm trying to build the kernel in the debian framework. however, rebuilding nvidia for the latest kernel has now become a problem (in the debian framework), so I'm thinking about dropping back to the tarball method. Maybe I need to be a little more persistent and then write something about rebuilding nvidia to complement Stephen's work. It is very handy having things installed as packages. For what it is worth, I also have an nvidia card. I nowadays just use the kernel git tree. My usual sequence of action is to , | % cd /usr/local/src/kernel/linus-tree.git | % git fetch stable | % git co -b my-machine-v2.6.33.2 v2.6.33.2 | % make oldconfig | % ./.compile_command | % sudo dpkg -i ../*.deb ` Where .compile command looks like: , | #!/bin/sh | | export MODULE_LOC=/usr/local/src/kernel/modules | | # Optionally, refresh the nvidia module | # rm -rf ${MODULE_LOC}/nvidia-kernel | # (cd /usr/local/src/kernel; tar jfx /usr/src/nvidia-kernel.tar.bz2 | | # make sure we get a machine specific name for the image, even if | # I forgot toe specify one on the command line | ev=$(uname -n) | | # Use the version extension given on the command line, if any | if [ -n $1 ]; then | ev=$1 | fi | | make-kpkg --rootcmd=fakeroot --append-to-version=-$ev kernel_image | fakeroot make-kpkg --append-to-version=-$ev modules_image ` Once you have your variant of .compile_command, building kernels and nvidia packages is painless :-) manoj -- War is an equal opportunity destroyer. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vdc7xeqr@anzu.internal.golden-gryphon.com
Re: Customizing the kernel installation process
On Sun, Apr 04 2010, Stephen Powell wrote: On Sun, 4 Apr 2010 14:19:08 -0400 (EDT), Manoj Srivastava wrote: On Sun, Apr 04 2010, bri...@aracnet.com wrote: for the longest time I have downloaded the kernel tarball and built outside of debian. however I'd like to use the debian nvidia packages, so I'm trying to build the kernel in the debian framework. however, rebuilding nvidia for the latest kernel has now become a problem (in the debian framework), so I'm thinking about dropping back to the tarball method. Maybe I need to be a little more persistent and then write something about rebuilding nvidia to complement Stephen's work. It is very handy having things installed as packages. For what it is worth, I also have an nvidia card. I nowadays just use the kernel git tree. My usual sequence of action is to , | % cd /usr/local/src/kernel/linus-tree.git | % git fetch stable | % git co -b my-machine-v2.6.33.2 v2.6.33.2 | % make oldconfig | % ./.compile_command | % sudo dpkg -i ../*.deb ` Where .compile command looks like: , | #!/bin/sh | | export MODULE_LOC=/usr/local/src/kernel/modules | | # Optionally, refresh the nvidia module | # rm -rf ${MODULE_LOC}/nvidia-kernel | # (cd /usr/local/src/kernel; tar jfx /usr/src/nvidia-kernel.tar.bz2 | | # make sure we get a machine specific name for the image, even if | # I forgot to specify one on the command line | ev=$(uname -n) | | # Use the version extension given on the command line, if any | if [ -n $1 ]; then | ev=$1 | fi | | make-kpkg --rootcmd=fakeroot --append-to-version=-$ev kernel_image | fakeroot make-kpkg --append-to-version=-$ev modules_image ` Once you have your variant of .compile_command, building kernels and nvidia packages is painless :-) Thanks for participating, Manoj. If you needed to compile a custom kernel for some reason, and you were going to use an official Debian kernel source package (linux-source-2.6.32, for example), and you were going to use make-kpkg to create your custom kernel image, and you also wanted to use the proprietary Nvidia drivers, how would you do it? That's a specific example that I would like to integrate into my HOWTO. If I were smarter, or more experienced, I would probably be able to derive the steps from the above. But unfortunately, I'm not. Oh, if it were me, I would extract the kernel sources, throw away the ./debian directory, and use exactly the same steps as above. That way, I'd get whatever patches are applied to Debian, and yet not have to deal with -tree. -build, or what have you. (Indeed, just call the script, the first thing it does is remove ./debian, so you probably have to do nothing). See, the above approach does not care how you arrived at the kernel source tree -- I can jump from the bleeding edge rcX tree, to stable trees, to any other tree I want to add a remote repo for, and the script works. It would make no difference if you tree was somehow derived from the official kernel tree sources. make-kpkg and the little wrapper just don't _care_. I ... have reservations about the ./debian directory structure that the official kernel uses, so I can't actually advocate using that. Use official Debian packages wherever possible. But if the user has a custom kernel, I seem to remember that a kernel module that is customized for that kernel has to be built somehow. And I'd like make-kpkg do do as much of the work as possible. A single invocation of make-kpkg that has both the kernel_image and modules_image targets would be ideal. I haven't built a separate modules_image package since the days when ALSA was not part of the kernel. That's been a while! Well, if you don't mind running the whole thing under fakeroot, you could do: fakeroot make-kpkg --append-to-version=-$ev kernel_image modules_image and you are done. You run some stuff nuder fakeroot, but usually thsat does not matter. Me, since it is a script, I just run make-kpkg twice. Usually I am not even looking at the screen. So if ever there is a conerner case that bites fakeroot (comething like that happened a few years ago), I am covered somewhat better. But then, fakeroot bugs are now far and few in between, so this is mostly historical reasons. manoj -- The sendmail configuration file is one of those files that looks like someone beat their head on the keyboard. After working with it... I can see why! -- Harry Skelton Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87r5muyi5f@anzu.internal.golden-gryphon.com
Re: Grub vs. linux-image-2.6.32 conundrum
On Wed, Mar 31 2010, Stephen Powell wrote: On Wed, 31 Mar 2010 11:08:29 -0400 (EDT), John Hasler wrote: Stephen Powell wrote: If there is a bug... There clearly is. But as for it's operation, it is working as designed. Design errors are still bugs. The main difference between a bug and a feature is that a feature is documented and a bug is not. So perhaps you are right. I can find no official documentation for /etc/kernel-img.conf as used by the maintainer scripts which ship with official Debian stock kernel image packages. There is some documentation for the version of /etc/kernel-img.conf which is used by the maintainer scripts which are packaged with kernel image packages created by make-kpkg in the kernel-package package, but that clearly doesn't apply here. As best as I can tell, kernel-package was at one time used by the Debian kernel team to create official Debian stock kernel image packages. But at some point in the past there was a parting of the ways, and the Debian kernel team started using other tools to create official Debian stock kernel image packages. Arguably, at this point, they should have also stopped using /etc/kernel-img.conf (perhaps still parsing it as a fallbacK), and started using and documenting a _new_ file. If that had been done, with the postinst only reading /etc/kernel=img.conf when the new config file was not present, would have allowed for a graceful transition to the new, differently documented, configuration file. What I learned about /etc/kernel-img.conf I learned from reading the man page that comes with the *Lenny* version of kernel-package. However, starting with the Squeeze version of kernel-package, there is a major philosophical departure from the past. The new philosophy of the maintainer scripts that are packaged with a kernel image package created by make-kpkg is that *no* post-installation tasks such as creating an initial RAM filesystem, updating the symlinks, or re-running the boot loader will be performed. If you want those things, you need to do them in a hook script. The maintainer scripts that ship with stock kernel image packages still support most of these options. Documentation for most of these options has been removed from the man page that ships with the Squeeze version of kernel-package. The closest thing to documentation for the Squeeze version of /etc/kernel-img.conf, as used by the maintainer scripts for official Debian stock kernel image packages, is the man page for kernel-img.conf that ships with the *Lenny* version of kernel-package. This is not a good situation, and it should be addressed. The problem is, against what package would you open a bug report, since the file does not belong to a package? The file is referenced by the maintainer scripts of *every* stock kernel image package for *every* architecture, as well as by some other packages, such as the update-initramfs script of initramfs-tools. (By the way, the fact that do_bootloader = yes is *not* honored for initial RAM filesystem *creation*, but *is* honored by an initial RAM filesystem *update*, may be a bug in the update-initramfs script of the initramfs-tools package.) manoj -- The algorithm to do that is extremely nasty. You might want to mug someone with it. -- M. Devine, Computer Science 340 Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/874ojwxms3@anzu.internal.golden-gryphon.com
Re: Kernel compile and install does not create initrd
On Sat, Jan 16 2010, Hugo Vanwoerkom wrote: Patrick Wiseman wrote: On Sat, Jan 16, 2010 at 2:44 PM, Hugo Vanwoerkom hvw59...@care2.com wrote: Patrick Wiseman wrote: If this is the latest version of make-kpkg, did you cp /usr/share/kernel-package/examples/etc/kernel/postinst.d/initramfs /etc/kernel/postinst.d/ cp /usr/share/kernel-package/examples/etc/kernel/postrm.d/initramfs /etc/kernel/postrm.d/ ? Uh, no, I didn't. I have now. And dkpg-reconfigure has now created the initrd image, and grub has found it. Thanks! (I appreciate the help, but where should I have looked? My googling did not turn up that solution! And neither did 'man make-kpkg', although I see now there's some obtuse language in there which is perhaps meant to convey the same information.) This was dicussed on the list. My reference is: http://groups.google.com/group/linux.debian.user/browse_thread/thread/38247e9a7f3561ea/6fe4f2d08bc209a1?hl=iaq=group:linux.debian.user+insubject:kernel-package#6fe4f2d08bc209a1 and you're right, that post does not show up by googling initrd or kernel. So much for google... ,[ Manual page make-kpkg(1) line 132/382 ] | --initrd | If make-kpkg is generating a kernel-image package, arrange to | convey to the hook scripts run from the post installation | maintainer scripts that this image requires an initrd, and that | the initrd generation hook scripts should not short circuit | early. Without this option, the example initramfs hook scripts | bundled in with kernel-package will take no action on | installation. The same effect can be achieved by setting the | environment variable INITRD to any non empty value. Please note -* | that unless there are hook scripts in /etc/kernel or added into-* | the hook script parameter of /etc/kernel-img.conf. no initrd -* | will be created (the bundled in example scripts are just examples -* | -- user action is required before anything happens). -* ` I guess this could be made more, umm, insistent, somehow. manoj -- There ain't nothin' in this world that's worth being a snot over. --Larry Wall in 1992aug19.041614.6...@netlabs.com Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87635gpunz@anzu.internal.golden-gryphon.com
Re: Building kernel image packages with make-kpkg, custom dependency
On Tue, Feb 16 2010, Cliff Flood wrote: On Mon, Feb 15, 2010 at 2:11 AM, Tzafrir Cohen tzaf...@cohens.org.il wrote: On Fri, Feb 12, 2010 at 02:36:37PM -0500, Cliff Flood wrote: What file(s) have you tried to edit? When? I have attempted to add my dependency by editing the files debian/contol and debian/Control Both of these files are rewritten when I do a `fakeroot debian/rules binary` to build the kernel. ,[ Manual page make-kpkg(1) line 145 ] | --overlay-dir /path/to/directory |The specified directory should contain files that will be placed |in the ./debian directory of the kernel sources, in preparation |to building the debian packages. The files will replace any‐ |thing in /usr/share/kernel-package that would normally be placed |there, and it is up to the user to make sure that the files in |the overlay directory are compatible with make-kpkg. If you |break make-kpkg with an overlay file, you get to keep the |pieces. The same effect can be achieved by setting the |environment variable KPKG_OVERLAY_DIR. | |Please note that overlay-dir/Control and overlay-dir/changelog |are special, and variable sub‐ stitution is performed on these |files. Use /usr/share/kernel-package/Control and |/usr/share/kernel-package/changelog files as templates. | |If a overlay-dir/post-install executable (or executable script) |exists, it shall be run immedi‐ ately after ./debian is |populated. The script shall be executed in the ./debian |directory. This can be used, For instance, to delete files the |user does not want, or to take actions other than simple |replacement. ` manoj -- So far we've managed to avoid turning Perl into APL. :-) Larry Wall in 199702251904.laa28...@wall.org Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zl2sofn1@anzu.internal.golden-gryphon.com
Re: compiling a kernel from kernel.org [SOLVED]
On Wed, Oct 21 2009, Gregor Galwas wrote: The only problem to be solved was the initrd. it has NOT been generated by dpkg during the installation. so I generated it using mkinitramfs -c -k 2.6.32-rc5. worked fine. update-grub - worked fine as well. ,[ Manual page make-kpkg(1) ] | --initrd | If make-kpkg is generating a kernel-image package, arrange to | convey to the hook scripts run from the post installation | maintainer scripts that this image requires an initrd, and that | the initrd generation hook scripts should not short circuit | early. Without this option, the example initramfs hook scripts | bundled in with kernel-package will take no action on | installation. The same effect can be achieved by setting the | environment variable INITRD to any non empty value. Please note | that unless there are hook scripts in /etc/kernel or added into | the hook script parameter of /etc/kernel-img.conf. no initrd | will be created (the bundled in example scripts are just | examples -- user action is required before anything happens). ` ,[ /usr/share/doc/kernel-package/README.gz ] | gotchas. Note that you will have to arrange for the actual | initrd creation to take place by installing a script like | /usr/share/kernel-package/examples/etc/kernel/post{inst,rm}.d/yaird | or, alternately, | /usr/share/kernel-package/examples/etc/kernel/post{inst,rm}.d/initramfs | into the corresponding directories /etc/kernel/post{inst,rm}.d, | since the kernel-postinst does not arrange for the initramfs | creator to be called. You can thus select your own; | initramfs-tools or yaird. | | Let me repeat: | Since nothing is created automatically. you need to provide a hook | script for things to happen when you install the kernel image | package. The user provides such scripts. For example, to invoke | mkinitramfs, I did: | --8---cut here---start-8--- | cp /usr/share/kernel-package/examples/etc/kernel/postinst.d/yaird \ | /etc/kernel/postinst.d/ | cp /usr/share/kernel-package/examples/etc/kernel/postrm.d/yaird \ | /etc/kernel/postrm.d/ | --8---cut here---end---8--- | | Or, alternately, you could do: | --8---cut here---start-8--- | cp /usr/share/kernel-package/examples/etc/kernel/postinst.d/initramfs \ | /etc/kernel/postinst.d/ | cp /usr/share/kernel-package/examples/etc/kernel/postrm.d/initramfs \ | /etc/kernel/postrm.d/ | --8---cut here---end---8--- | | These scripts above to nothing unless the corresponding | packages are installed (initramfs-tools or yaird), so you could | potentially cp both over -- as long as you never install both yaird | and initramfs-tools at the same time. | | To run grub, I have in /etc/kernel-img.conf: | --8---cut here---start-8--- | postinst_hook = update-grub | postrm_hook = update-grub | --8---cut here---end---8--- | | You can look at other example in the examples directory: | /usr/share/kernel-package/examples/ to see if there are other example | script you want to cp into /etc/kernel -- and you can create your own | scripts. | | For example, if you use linux-headers-* packages to compile third | party modules so that you do not have to keep the sources directory | around, you might be interested in: | --8---cut here---start-8--- | /etc/kernel/header_postinst.d/link | /etc/kernel/header_postrm.d/link | /etc/kernel/header_prerm.d/link | /etc/kernel/postinst.d/force-build-link | /etc/kernel/postrm.d/force-build-link | --8---cut here---end---8--- | | These scripts will try to make sure that the symlink | /lib/modules/$VERSION/build | is sane -- that is points to the header packages whether you install | the image packages first, or the header packages first -- and takes | care of cleanup when either of the packages are installed. ` Perhaps people who maintain FAQ's on this list add the above? manoj -- Some people have a great ambition: to build something that will last, at least until they've finished building it. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: compiling a kernel from kernel.org
Hi, Well, firstly, if you are going to be using the buildpackage target, instead of the far faster kernel_image target, you should either configure /etc/kernel-pkg.conf, adding your name and email, and have that in a keyring your gpg knows about, or pass the --us and --uc arguments on the command line. I think, unless you know what you are doing, try first with kernel_image target. Next, you seem to have Xen options turned on in your config, and thus make-kpkg is trying to create a xenu-linux image. This is undergoing some development, so if you want Xen images, please get the 12.024 version of kernel-package from Sid. If you are just trying to build a normal kernel, redo your .config not to have Xen stuff in it. manoj -- This is an unauthorized cybernetic announcement. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: c++ features
On Thu, Oct 08 2009, Gabor Urban wrote: Hi, the main point of C++ and Linux, that you may have a large number of tools to use. SOme prefer IDE tools, like KDevelop for example, but some prefer standard language sensitive editor which support code writing, compiling, debugging. I would suggest to use Emacs or Vim (simple editors, but powerfull extensions).. :-)) Emacs 23 + CEDET seems to have all the features of of the so called IDE's, including language specific parsers and semantic analysis, so one may have the best of both worlds. Also, if you want portable C++, you could try compiling with this set of flags in your makefile: --8---cut here---start-8--- ## Debugging option for the compiler CXXDEBUG=-g ## @brief Optimizing options CXXOPTS=-pipe -O3 -g ## Warnings. You can never have too many warnings CXXWARNS=-std=c++98-pedantic -Wall \ -Wconversion -Wabi -Woverloaded-virtual \ -Wshadow -Wextra-Wpointer-arith \ -Wcast-qual -Wcast-align -Wwrite-strings \ -Wswitch-default -Wpacked -Wnormalized=nfc \ -Weffc++ -Wstrict-null-sentinel -Wctor-dtor-privacy \ -Wold-style-cast -Wsign-promo -Wmissing-include-dirs\ -Wfloat-equal -Wnon-virtual-dtor -Wformat=2\ -Wformat-security -Wformat-nonliteral-Winit-self \ -Wuninitialized -Wswitch-enum -Wstrict-overflow=5 \ -Wundef -Dlint -ffor-scope \ -fno-gnu-keywords -fshort-enums -fno-common \ -Wmissing-field-initializers --8---cut here---end---8--- And yes, this is from a live project, so I actually use these :-) manoj -- If God had intended Man to program, we'd be born with serial I/O ports. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Can't boot custom compiled 2.6.30 amd64 kernel
On Sat, Sep 26 2009, Elimar Riesebieter wrote: * Andrew Perrin [090926 09:08 -0400] [...] Of interest is that the stock 2.6.30-amd64 kernel boots fine. I am posting my /boot/grub/grub.cfg file and the .config file to http://perrin.socsci.unc.edu/stuff/grub.cfg and I guess you need an initrd image which isn't mentioned in grub.cfg. Which implies that the scripts: /etc/kernel/postinst.d/initramfs /etc/kernel/postrm.d/initramfs are missing. (examples in are available in /usr/share/kernel-package/examples/etc/kernel/*.d) manoj -- Cleanliness becomes more important when godliness is unlikely. P.J. O'Rourke Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Size of a kernel module is different at build place and after installation
On Mon, Sep 21 2009, sobtwmxt wrote: I have built a custom kernel, using make-kpgk, from debian source. Using ls -l, there is difference in the size of kernel modules, .ko files, at build place and after installation of the package. I only looked at 2 unrelated modules, but I think there will be a difference in the size of other modules too. If that matters, I built the package on one machine, and installed it on another. The later machine is an x86 running Ubuntu. The former is x86 running Debian. 1) Why there is size difference? As mentioned in another post in this thread, the installed modules are stripped of debugging information. make-kpkg can now create a linux-debug-** package that has detached debug information, to be used for debugging, as needed. manoj -- If it has syntax, it isn't user friendly. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Size of a kernel module is different at build place and after installation
On Tue, Sep 22 2009, sobtwmxt wrote: Manoj Srivastava srivasta at ieee.org writes: As mentioned in another post in this thread, the installed modules are stripped of debugging information. make-kpkg can now create a linux-debug-** package that has detached debug information, to be used for debugging, as needed. manoj File says the modules are not stripped. The custom kernel package was created by kernel-package 12.020. I still wonder what makes the installed modules from a custom kernel deb differ (less) in size, when compared to the modules that used to build the deb. $(MAKE) $(EXTRAV_ARG) INSTALL_MOD_PATH=$(INSTALL_MOD_PATH) \ INSTALL_FW_PATH=$(INSTALL_MOD_PATH)/lib/firmware/$(KERNELRELEASE) \ $(CROSS_ARG) ARCH=$(KERNEL_ARCH) INSTALL_MOD_STRIP=1 modules_install I suppose INSTALL_MOD_STRIP=1 has some effect? # # INSTALL_MOD_STRIP, if defined, will cause modules to be # stripped after they are installed. If INSTALL_MOD_STRIP is '1', then # the default option --strip-debug will be used. Otherwise, # INSTALL_MOD_STRIP will used as the options to the strip command. manoj -- One planet is all you get. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: looking for packages versions of running daemons
On Thu, Sep 10 2009, Cameron Hutchison wrote: Version 3 (below) is properly written, in a functional style. It's much longer, but much easier to read. The main() function is very simple, as is each individual function. It's written in such a way that you can add extra filters if you want to extend it to get extra information (like the -v bit you asked about). What kind of license are you distributing this under? I would like to put this into my toolkit (nice work, BTW), but only if you choose to license it out. Thanks, manoj -- If at first you don't succeed, quit; don't be a nut about success. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Sysv-rc (Urgent)
Hi, On Sun, Sep 06 2009, Sven Joachim wrote: Hint: your mails are easier to read if you put a blank line between citations and your reply. On 2009-09-06 21:47 +0200, David Baron wrote: On Sunday 06 September 2009 21:23:10 debian-user-digest- requ...@lists.debian.org wrote: The upgrade from sid finds it unsafe to change to dependency based boot and leaves it unconfigured with a couple of missing .rc files. What are .rc files? Reinstalling over testing did not flag them again! That does not answer my question, I still do not know what .rc files are in the first place. :rc file: /R-C fi:l/ /n./ [Unix: from `runcom files' on the {CTSS} system ca.1955, via the startup script `/etc/rc'] Script file containing startup instructions for an application program (or an entire operating system), usually a text file containing commands of the sort that might have been invoked manually once the system was running but are to be executed automatically each time the system starts up. See also {dot file}, {profile} (sense 1). :dot file: [Unix] /n./ A file that is not visible by default to normal directory-browsing tools (on Unix, files named with a leading dot are, by convention, not normally presented in directory listings). Many programs define one or more dot files in which startup or configuration information may be optionally recorded; a user can customize the program's behavior by creating the appropriate file in the current or home directory. (Therefore, dot files tend to {creep} -- with every nontrivial application program defining at least one, a user's home directory can be filled with scores of dot files, of course without the user's really being aware of it.) See also {profile} (sense 1), {rc file}. manoj -- This body is worn out with age, a nest of diseases and falling apart. The mass of corruption disintegrates, and death is the end of life. 148 Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: problem compiling new kernel
On Fri, Aug 28 2009, Celejar wrote: Assuming that you're building kernel packages with kernel-package, you may be being hit by this: The image postinst no longer runs the initramfs creation commands. Instead, there are example scripts provided that will perform the task. These scripts will work for official kernel images as well. /usr/share/doc/NEWS.Debian.gz Basically, the short version of what you need to do is: cp /usr/share/doc/kernel-package/examples/etc/kernel/postinst.d/initramfs /etc/kernel/postinst.d/ You might also want to clean things up: cp /usr/share/doc/kernel-package/examples/etc/kernel/postrm.d/initramfs \ /etc/kernel/postrm.d/ This clean up files created in the postinst. manoj -- Now here's something you're really going to like! Rocket J. Squirrel Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: ProcMail, WAS: Re: Fetchmail and Gmail
On Tue, Aug 25 2009, Andrei Popescu wrote: On Mon,24.Aug.09, 20:56:27, Paul Cartwright wrote: but looking at the procmailrc( now non-existant), then thinking about my 200 kmail filters, I'm not sure I could tackle that task.. maildir (and procmail too as I hear, but I don't like its syntax) is *very* powerful. I recently did a major rewrite on my maildrop rules. I had one rule for each Debian list, now I have exactly one: # These are the lists.debian.org lists if (/^List-Id:.*debian-(.*)\.lists.debian.org/) { to Maildir/.debian.$MATCH1 } Similar for googlegroups, alioth, ... All that was needed was a bit of folder renaming ;) Hmm. Here is my Debian section; this pulls out emails for my packages from the pts, discards all other devel-changes mail; pulls out boring debbugs email, send bugs for my package into a package specific folder, pulls out mail sent to bugs I reported separately, and then files every debian group to a separate folder. Oh, I used to separate out ballots and votes, etc, but that is mostly done away with. After mailagent, procmail seems ... underpowered. manoj ## ## ## #Debian # ## ## ## ## INITIAL X-PTS-Package: /([-\w]+)/ { ANNOTATE -d X-Agent-list 'pkg-%1'; ASSIGN list 'pkg-%1'; REJECT MailingList }; # X-Mailing-List To Resent-From Resent-To Resent-Reply-To Cc INITIAL X-Loop: /debian-devel-changes/i { REJECT JUNK; }; # Do not wish to see acks for bug reports INITIAL From: /own...@bugs.debian.org/, Subject: /Bug#\d+: Acknowledgement / { REJECT JUNK; }; # These have little information really INITIAL From: /own...@bugs.debian.org/, Subject: /Bug#\d+: Info received/i { REJECT ClosedBugs }; INITIAL X-Loop: /debian-bugs-dist/i{ REJECT DEBIANBUGS }; INITIAL X-Loop: /own...@bugs.debian.org/i { REJECT DEBIANBUGS }; INITIAL X-Loop X-Mailing-List To Resent-From Resent-To Resent-Reply-To Cc: /lists.debian.org/i { REJECT DEBIAN }; INITIAL X-Loop X-Mailing-List To Resent-From Resent-To Resent-Reply-To Cc: /debian-ctte/i { REJECT DEBIAN }; INITIAL X-Loop: /deity/i { ASSIGN list deity; REJECT MailingList }; INITIAL Sender From: /install...@ftp-master.debian.org/ { ASSIGN list 'installed'; REJECT MailingList }; # Handle My own bugs DEBIANBUGS To Resent-CC: /Manoj Srivastava/ { REJECT MYBUGS }; MYBUGS X-Debian-PR-Package: /([-\w]+)/ { ANNOTATE -d X-Agent-list 'pkg-%1'; ASSIGN list 'pkg-%1'; REJECT MailingList }; # Resent-To: Manoj Srivastava is for bugs I reported MYBUGS /./ { ASSIGN list 'debian'; ANNOTATE -d X-Agent-list unknown-bug-list; REJECT MailingList; }; #handle policy bugs DEBIANBUGS X-Debian-PR-Package: /debian-policy/ { ASSIGN list 'debian-policy'; ANNOTATE -d X-Agent-list debian-list; REJECT MailingList; }; DEBIANBUGS X-Debian-PR-Package: /general/ { ASSIGN list 'debian-devel'; ANNOTATE -d X-Agent-list general-bugs; REJECT MailingList; }; DEBIANBUGS X-Debian-PR-Package: /wnpp/ { ASSIGN list 'wnpp'; ANNOTATE -d X-Agent-list debian-list; REJECT MailingList; }; DEBIANBUGS Subject: /\[proposal\]/i, X-Debian-PR-Package: /debian-policy/ { ASSIGN list 'debian-policy'; ANNOTATE -d X-Agent-list debian-list; REJECT MailingList; }; DEBIANBUGS All: /./ { ASSIGN list 'debian-bugs'; ANNOTATE -d X-Agent-list debian-list; REJECT MailingList; }; DEBIAN X-Loop: /(debian-bugs-(closed|forwarded))(-(request|dist))?...@lists.debian.org/i { REJECT ClosedBugs }; DEBIAN X-Loop X-Mailing-List To Resent-From Resent-To Resent-Reply-To Cc : /(debian-ctte+)(-(request|dist|private))?...@debian.org/gi { ASSIGN list '%1'; ANNOTATE -d X-Agent-list debian-list; REJECT MailingList; }; DEBIAN Subject: /CFV: Proposal/, X-Loop: /debian-vote/ { REJECT VOTE }; DEBIAN X-Loop: /(debian-[\w-]+)(-(request|dist))?...@lists.debian.org/gi { ASSIGN list '%1'; SUBST #list /-(digest|request|dist)//gi; SUBST #list /devel-changes/changes/i; ANNOTATE -d X-Agent-list debian-list; REJECT MailingList; }; VOTE Body: /^\s*I vote\s+\w+\s+on/i { UNIQUE -a (vote); VACATION off; MESSAGE ~/etc/mail/voteack; REJECT VOTEACK; }; VOTE
Re: Etch to 5.0.2 upgrade failed - Encrypted filesystem will not boot
On Thu, Aug 06 2009, Siggy Brentrup wrote: On Tue, Aug 04, 2009 at 18:50 -0500, line...@halo.nu wrote: Hi - I have a Debian Etch system which I recently upgraded to v5.0.2. The file system was encrypted with LUKS at install time. Please bear with me, I'm asking this out of curiousity. Why did you encrypt the full root FS? I can understand that you want your $HOME encrypted, to a lesser degree I can follow you even with /etc, /tmp and /var, but why do you take the performance penalty on publically available stuff? Because I have /etc, /var/lib/dpkg, and /usr/local; all kinds of things in /var and /tmp can be sensitive. I encrypt everything except /boot -- even swap. All this increases the work-factor fro Mallory -- now, it is somewhat hard to even figure out where each encrypted partition begins, and you can't see what exactly it is that I am running, and it makes it a little harder to inject things on my machine that will be resident in memory and steal the information. Encryption is not just about confidentiality, it has an integrity component as well. manoj -- MIT: The Georgia Tech of the North Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: compile error - missing X11 headers
On Sat, Aug 01 2009, Ron Johnson wrote: On 2009-08-01 02:49, Glen Lee Edwards wrote: After a rather lengthy break from compiling my own programs, I'm trying to build fvwm, Is the Debian repository too out-of-date? Nope. We have the latest release, + changes cherry picked from the unreleased upstream repository. but am getting an error message: X11 libraries or header files could not be found... Now that Debian is using Xorg, I'm at a loss as to how to fix this. Comments? For starters, do you have these installed? Seems like the thing to do would be to look at the build depends from the Debian package. manoj -- It's not just a computer -- it's your ass. Cal Keegan Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Musings on debian-user list
On Wed, Jul 29 2009, Ron Johnson wrote: Is there a way in fvwm to have a panel/dock with applets (weather, volume, date/time and window list are really useful to me) and have look like Windows 2000 (aka Crux theme and borders, and GNOME-like icons)? You can certainly have panels, but I have no idea what windows 2000 looks like. You can have narrow ribbons on top or bottom, for sure. Look at redmondXP at: http://fvwm-themes.sourceforge.net/screenshots/ Is that close to what you want? They also have a redmond98. manoj -- Take care to be an economist in prosperity; there is no fear of your not being one in adversity. -- Zimmerman Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Musings on debian-user list
On Wed, Jul 29 2009, AG wrote: Manoj Srivastava wrote: On Tue, Jul 28 2009, AG wrote: Care to elaborate on that, John? This is a serious question - I used to use Xfce back in the days of Slackware 8.1, but that was still a WM (or was that a DE?). Are you referring to those FWM-like systems, or something entirely different? I use fvwm. This allows far more control: for example, see here for window decorations: http://www.twobarleycorns.net/fvwm-decors.html Here is a mac osxy look and feel using fvwm: http://www.guistyles.com/wp-gallery/fvwmmilk2ny.jpg A bit snow blindingly white, but it has decent aesthetics. Here are some screen shots: http://fvwm.org/screenshots/desktops/ Here is where you see a tutorial to create bouncing docks, all by yourself: http://www.zensites.net/fvwm/guide/advanced_buttons.html Here is a tutorial: http://www.zensites.net/fvwm/guide/index.html You get to create gestures, and bind them to keys, and with fvwm-themes it is themable, it can be extended, and you can use perl functions to add to fvwm. All in all, I would say while heavy customization takes time, you can rarely get this level of control elsewhere. manoj Manoj That's a really impressive set of eye candy actually. I like the look of it. In the past, looking at FVWM it has appeared grey and clunky in its unaltered state and I guess that I just backed away from fiddling with all of the configurations. Same reason I have tended not to go beyond dipping my toe in fluxbox/ blackbox waters. But, from the pics you have shown it looks like it might be worth playing with in the background on a slow work/ study day because the configurations don't appear too taxing if approached methodically. Thank you for that. Certainly worth taking a more sympathetic and closer look than I have hitherto done. Two things. Firstly, the default out-of-box fvwm in Debian comes with a theme, so it no longer looks as clunky -- it has working menus, and is set up to help people easily modify it. Things can be improved by using fvwm-themes -- there are unofficial debs out there on the main site. Also, if you want more eye candy, look at hat you can get out of the box if you use fvwm-themes: and you can switch between these with a single menu option (no editing configuration files): http://fvwm-themes.sourceforge.net/screenshots/ manoj -- One good turn deserves another. Gaius Petronius Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Musings on debian-user list
On Wed, Jul 29 2009, Ron Johnson wrote: Really? Tbird has pretty good keyboard controls, and allows me to display just a potload of folders and subjects on screen at any one time. (Note, though, that I work in 2-pane mode, with individual mails in a separate window.) If I can't read email after a two node ssh hop using pssh on my palm treo, it does not count. This is why emacs +vm/gnus rule. manoj -- One cat just leads to another.-Ernest Hemingway Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Musings on debian-user list
On Tue, Jul 28 2009, Ron Johnson wrote: On 2009-07-28 13:09, Mark wrote: [snip] When I feel adventurous one weekend I'll try a Debian install without the desktop environment. But what will you *do* with it? Mutt will frustrate you to no end, and the intarweb has become too graphics-oriented to make lynx/elinks widely useful. Why are you equating a desktop environment with a GUI? I don't use a DE -- no gnome, KDE, gdm, kdm, wdm, xfce, or what have you. I use something far more flexible and and configurable than those underpowered environments;and I certainly am not doing without a graphical env. manoj -- You have mail. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Musings on debian-user list
On Tue, Jul 28 2009, AG wrote: Care to elaborate on that, John? This is a serious question - I used to use Xfce back in the days of Slackware 8.1, but that was still a WM (or was that a DE?). Are you referring to those FWM-like systems, or something entirely different? I use fvwm. This allows far more control: for example, see here for window decorations: http://www.twobarleycorns.net/fvwm-decors.html Here is a mac osxy look and feel using fvwm: http://www.guistyles.com/wp-gallery/fvwmmilk2ny.jpg A bit snow blindingly white, but it has decent aesthetics. Here are some screen shots: http://fvwm.org/screenshots/desktops/ Here is where you see a tutorial to create bouncing docks, all by yourself: http://www.zensites.net/fvwm/guide/advanced_buttons.html Here is a tutorial: http://www.zensites.net/fvwm/guide/index.html You get to create gestures, and bind them to keys, and with fvwm-themes it is themable, it can be extended, and you can use perl functions to add to fvwm. All in all, I would say while heavy customization takes time, you can rarely get this level of control elsewhere. manoj -- The solution of this problem is trivial and is left as an exercise for the reader. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: resize2fs: Either the superblock or the partition table is likely to be corrupt!
On Mon, Jul 20 2009, Ron Johnson wrote: On 2009-07-20 21:29, Manoj Srivastava wrote: On Sun, Jul 19 2009, Ron Johnson wrote: On 2009-07-08 20:23, Miles Bader wrote: [snip] Hmm, my / is 290MB, though /tmp, /var, /boot, and /usr are all separate partitions. *Why*? IOW, what benefit do you derive in 2009 (as opposed to 1989, when disks weren't always large enough to hold it all) from splitting these out? Security? /dev/sdb2/ ext3 noatime,errors=remount-ro 0 1 Why device names instead of labels or UUIDs? *Shrug*. Been a while, and it has been working form me for years. Why change? /dev/sda1/boot ext3 noatime,rw,defaults,noauto 0 2 noauto? Who the hell wants the braindead initramfs mucking around with a working boot system? It also ensures that I have to be actively thinking about modifying my boot process before changes happen. /dev/mapper/anzu_main-usr_lv /usrext3 noatime,ro,defaults 0 2 I understand why this is ro; why then is /boot rw? Cause it is never mounted. /dev/mapper/anzu_main-home_lv/home ext3 noatime,rw,nosuid,nodev 0 2 What does nodev mean? (My google fu must be lacking.) Is Do not interpret character or block special devices on the file system. just extra security so that a rogue app doesn't try to create a device file anywhere but /dev? So no one can create a device or a block char file elsewhere in the file system, yes. /dev/mapper/anzu_main-ulocal_lv /usr/local ext3 noatime,rw,nosuid,nodev 0 2 /dev/mapper/anzu_main-var_lv /varext3 noatime,rw,nosuid 0 2 /dev/mapper/anzu_main-spool_lv /var/spool ext3 noatime,rw,nosuid,nodev 0 2 Seems to me that this whole exercise is to ensure that /dev is in it's own partition. Layered security is always better than waiting for the silver bullet all secure mechanism. It is all about increasing the work factor for Mallory. manoj -- All is well that ends well. John Heywood Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: resize2fs: Either the superblock or the partition table is likely to be corrupt!
On Sun, Jul 19 2009, Ron Johnson wrote: On 2009-07-08 20:23, Miles Bader wrote: [snip] Hmm, my / is 290MB, though /tmp, /var, /boot, and /usr are all separate partitions. *Why*? IOW, what benefit do you derive in 2009 (as opposed to 1989, when disks weren't always large enough to hold it all) from splitting these out? Security? /dev/sdb2 / ext3 noatime,errors=remount-ro 0 1 /dev/sda1 /boot ext3 noatime,rw,defaults,noauto 0 2 /dev/mapper/anzu_main-usr_lv/usrext3 noatime,ro,defaults 0 2 /dev/mapper/anzu_main-home_lv /home ext3 noatime,rw,nosuid,nodev 0 2 /dev/mapper/anzu_main-ulocal_lv /usr/local ext3 noatime,rw,nosuid,nodev 0 2 /dev/mapper/anzu_main-var_lv/varext3 noatime,rw,nosuid 0 2 /dev/mapper/anzu_main-spool_lv /var/spool ext3 noatime,rw,nosuid,nodev 0 2 Hmm. I had a chroot at some point in /var -- which is why it has no nodev. Time to change. manoj -- It's the theory of Jess Birnbaum, of Time magazine, that women with bad legs should stick to long skirts because they cover a multitude of shins. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: kernel rebuilds with kernel-package?
On Wed, Jun 24 2009, Mikko Rapeli wrote: Hello debian-users I have been pondering this for years and haven't found an answer: How does one re-compile a custom kernel after fixing a bug or adding patch with kernel-package _without_ rebuilding the whole kernel? I want to test new kernels every now and then and usually the first couple of compilation have issues. Fixing these issues wouldn't result in complete rebuilds if I compile natively, but with kernel_package they do. I find it easier to work with deb packages than to manually remove old kernels, modules etc. Is there some special build target I could use to just try rebuilding the objects which don't yet exists, e.g. fakeroot debian/rules kernel_binary_something? With a recent kernel-package version (12.XX), you just call make-kpkg as you would normally (don't call make-kpkg clean). The very minimal rebuild is done. So, make-kpkg kernel_image should work just fine. With the official Debian kernel packages I found a rule for rebuilding the binary package -- though can't remeber which is was atm -- but with kernel-package I newer found a similar one. This would save a lot of time for me, thanks. Try it and report if it does work for you. manoj -- Sanity and insanity overlap a fine grey line. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: kernel-package??
On Fri, May 01 2009, Randy Patterson wrote: My intention at this point is to make a detailed list of the components on a particular system so I can remove everything that is not needed. These would be older systems that will never be upgraded or need new hardware so the kernel don't need a lot of options concerning hardware. For example, I have used ext3 on the drives and they don't need to access anything else and will remove all support for ext2, ext4, NTFS and everything else. I intend to compile everything into the kernel without using modules. It's my understanding from what I have read that this will result in a leaner and some what faster kernel for that system. Is that a reasonable assumption and approach? This is what I do. I do not use modules or initramfs, and it has cut down my boot time by about 50%, according to bootchard. manoj -- Apples have meant trouble since eden. MaDsen Wikholm, mwikh...@at8.abo.fi Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: kernel-package??
On Thu, Apr 30 2009, thveillon.debian wrote: ers are non-essential. Installing the created .deb will take care of all the linking (/initrd, /vmlinuz, build dir...), boot-loader update (with grub at least), initrd creation/update and such. Actually, with the 12.XX branch, you get to choose what happens when the kernel image is installed, by dropping scripts into /etc/kernel -- by default, no action is taken For example, to create an initramfs, I did: --8---cut here---start-8--- cp /usr/share/kernel-package/examples/etc/kernel/postinst.d/yaird \ /etc/kernel/postinst.d/ cp /usr/share/kernel-package/examples/etc/kernel/postrm.d/yaird \ /etc/kernel/postrm.d/ --8---cut here---end---8--- Or, alternately, you could do: --8---cut here---start-8--- cp /usr/share/kernel-package/examples/etc/kernel/postinst.d/initramfs \ /etc/kernel/postinst.d/ cp /usr/share/kernel-package/examples/etc/kernel/postrm.d/initramfs \ /etc/kernel/postrm.d/ --8---cut here---end---8--- To run grub, I have in /etc/kernel-img.conf: --8---cut here---start-8--- postinst_hook = update-grub postrm_hook = update-grub --8---cut here---end---8--- But really, you can substitute your own scripts, or decide not to use initrds (which is a sane option if you are building your own kernels and thus might not have any modules at all). manoj -- Absinthe makes the tart grow fonder. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: missing the initrd file in the kernel package
On Wed, Apr 29 2009, Antonio Diaz wrote: When I compile the kernel the file initrd is not created in spite of I'm specifying the --initrd option in the command line. Exactly, the command that I'm using to compile the kernel is: make-kpkg --initrd --revision=1:xps.10 kernel_image May be there is a problem with the application that creates the initrd file. Any suggestions? ,[ Manual page make-kpkg(1) ] | --initrd | If make-kpkg is generating a kernel-image package, arrange to | convey to the hook scripts that this image requires an initrd, | and that the initrd generation hook scripts should not short | circuit early. Without this option, the example initramfs hook | scripts bundled in with ker‐ nel-package will take no action on | installation. The same effect can be achieved by setting the | environment variable INITRD to any non empty value. Please note | that unless there are hook scripts in /etc/kenel or added into | the hook script parameter of /etc/kernel-img.conf. no initrd | will be created. ` So, drop in scripts in /etc/kernel/post{inst,rm}.d/ to create/delete the initramfs files. You can use yaird, or initramfs-tools. For the latter, there are example scripts that you could use as a starting point: /usr/share/kernel-package/examples/etc/kernel/post{inst,rm}.d/initramfs manoj -- And then there was the lawyer that stepped in cow manure and thought he was melting... Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: missing the initrd file in the kernel package
On Wed, Apr 29 2009, emikaadeo wrote: Manoj Srivastava wrote: On Wed, Apr 29 2009, Antonio Diaz wrote: When I compile the kernel the file initrd is not created in spite of I'm specifying the --initrd option in the command line. Exactly, the command that I'm using to compile the kernel is: make-kpkg --initrd --revision=1:xps.10 kernel_image May be there is a problem with the application that creates the initrd file. Any suggestions? ,[ Manual page make-kpkg(1) ] | --initrd | If make-kpkg is generating a kernel-image package, arrange to | convey to the hook scripts that this image requires an initrd, | and that the initrd generation hook scripts should not short | circuit early. Without this option, the example initramfs hook | scripts bundled in with ker‐ nel-package will take no action on | installation. The same effect can be achieved by setting the | environment variable INITRD to any non empty value. Please note | that unless there are hook scripts in /etc/kenel or added into | the hook script parameter of /etc/kernel-img.conf. no initrd | will be created. ` So, drop in scripts in /etc/kernel/post{inst,rm}.d/ to create/delete the initramfs files. You can use yaird, or initramfs-tools. For the latter, there are example scripts that you could use as a starting point: /usr/share/kernel-package/examples/etc/kernel/post{inst,rm}.d/initramfs manoj I upgraded to kernel-package 12.010 If i use a : make-kpkg --initrd kernel_image then created .deb will have a initrd image ? No. The initrd image has neer been a part of the kernel image deb, and it still is not. The initramfs/initrd bits arte always generated on the machine the kernel image is installed upon. And it will install it ? Well, since the initramfs image is not pat of the linux-image-* packages, install is not the right word. Create is what actually needs to happen. Now, nothing is created automatically. you need to provide a hook script for this to happen. The user provides such scripts. For example, to invoke mkinitramfs, I did: --8---cut here---start-8--- cp /usr/share/kernel-package/examples/etc/kernel/postinst.d/initramfs \ /etc/kernel/postinst.d/ cp /usr/share/kernel-package/examples/etc/kernel/postrm.d/initramfs \ /etc/kernel/postrm.d/ --8---cut here---end---8--- To run grub, I have in /etc/kernel-img.conf: --8---cut here---start-8--- postinst_hook = update-grub postrm_hook = update-grub --8---cut here---end---8--- You can look at other example in the examples directory: /usr/share/kernel-package/examples/ to see if there are other example script you want to cp into /etc/kernel -- and you can create your own scripts. Sorry but my english is not so good, so i'm trying to get this clear. That's all right. English was my fourth language as well. manoj -- That's no moon... Obi-wan Kenobi Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
New version of kernel-package now in unstable
Hi, This brings to an end an enhancement for kernel-package that have been in development for over an year. These changes make kernel-package more nimble (you can just update the sources, hack on a file, and run make-kpkg and it should just work to incorporate your changes, no need for clean). It also pulls out the postint functionality into hook scripts, using the same /etc/kernel.d infrastructure as upstreams native deb-pkg target, but provides for more packages. Also supported now is a linux-image-$version-dbg package, that contains just the debugging information, and which is compatible with SystemTap. Looking at the reverse dependencies, there should be no impact whatsoever on the module packages; everything should still work the same. However, since ./debian is now ephemeral, anyone who puts things in ./debian will be affected. Those users should depend on kernel-package ( 12.001). The only user I know of that did that was linux-2.6, but since kernel-package has been deprecated and pronounced broken by the kernel team, this is not an issue: if it is deprecated, and obsolescent, development if kernel-package need not be tied to linux-2.6. In any case, official kernels are no longer supported as of k-p 12.001. manoj -- Bug #523423: Plesase Remove bitchx from the archive. Full of crap. - Debian BTS Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: install daemon without starting it
On Mon, Apr 06 2009, Barclay, Daniel wrote: Nuno Magalhães wrote: is it possible to install a daemon from a Debian package without having it automatically started afterwards? At the risk of starting a holy war, and kind of highjaking, shouldn't Debian *not* start just-installed daemons by default? Or at least ask while installing if such daemon is to be started automatically (like sshd does, i think)? Debian should at least make clear whether a daemon was configured to start automatically. This is the default behaviour, and thus should not be communicated on a per package basis. I would hate to be bombarded with such messages. Once would be adequate. Debian packages should probably have some kind of post-installation read-me file to tell you essential things about an installed package (e.g, the commands now available; the manual/info/etc. pages now avaible; daemons automatically started, or what remaining steps you need to perform manually before starting the daemon automatically.) Debian packages should have some standard place to go to to see those latter kinds of information. If it did, that place could also hold an indication of any daemons started (or installed but pending further configuration) by installing a package. This is what the package description is about, no? You uread the package description to see if you do or do not want tostart the daemon. manoj -- A Difficulty for Every Solution. Motto of the Federal Civil Service Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Forthcoming changes in kernel-package
. * Image postinst no longer runs a boot loader Note that this was already the case for grub, one of the more popular boot loaders. Now that we have a mechanism for running arbitrary scripts when the image packages are manipulated, we can stop embedding the boot loader actions in the package itself. This means that lilo, elilo, etc will no longer be run directly by the post isnt, and all the code related to detecting the boot loader, managing the configuration, and adding bits about bootloader documentation is all removed from the postinst. This allows the image package to be more flexible, since the end user is no longer restricted to the actions encoded in the image package. This is a fairly large change. * The postinst no longer manipulates symlinks This is a shift from previous behaviour. Any symbolic link manipulation must now be done with hook scripts in /etc/kernel/*.d directories. Firstly, modern boot loaders scan the boot directory for kernel images, and the user no longer has to code in the path to the symbolic links that the kernel image package used to manipulate. Secondly, hardcoding the behaviour into the postinst made for a very rigid policy; and user wanted more flexibility than that. There is an example shipped with the package that shows a more flexible scheme that kept two symbolic links for version 2.4 kernels, and two symbolic links for 2.6 kernels; it can be easily modified to keep two links for 2.9 kernels and two links for 2.8 kernels, or one of each, or whatever the user wants. * The image postinst no longer runs the initramfs creation commands. Instead, there are example scripts provided that will perform the task. These scripts will work for official kernel images as well. -- How gaily a man wakes in the morning to watch himself keep on dying. Henry S. Haskins Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How do the pros keep up with the latest kernel?
On Tue, Apr 07 2009, Ken Teague wrote: jida...@jidanni.org wrote: How do the pros keep up with the latest kernel? Download source and use make-kpkg. Clone the git repo of the trees you want to track, and use make-kpkg to build from the git tree. manoj -- Nuclear war would really set back cable. Ted Turner Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: install daemon without starting it
On Thu, Apr 02 2009, Dave Ewart wrote: On Thursday, 02.04.2009 at 10:12 -0500, Manoj Srivastava wrote: At the risk of starting a holy war, and kind of highjaking, shouldn't Debian *not* start just-installed daemons by default? Or at least ask while installing if such daemon is to be started automatically (like sshd does, i think)? The argument is that if the user did not want the daemon started, they would not have installed the package. And while there can be a debconf question about it starting, the questions should be of low priority (I insatlled the package, didn't I? why ask me over and over whether I really really want it running?), and the default should be yes. It's not always clear. Sometimes, you don't know until post-installation that a package includes a daemon at all. Hmm. Then the description might be seen to be lacking. Please file a wishlist bug, with your suggestions. In any case, if the maintainer thinks most people want to run the daemon, and you are in a minority, you will have to arange for the daemon not to be started. This is why Debian has debconf -- so that any critical configuration should be done at install, and there should be reasonable, non-obnoxious defaults set by the package anyway. Well, that's also unclear. Running a daemon with defaults is not always desired, and may in fact cause problems. Sure. But your opinion might not be the majority opinion. Can't please everyone. I must admit that I like the OpenBSD approach here. Installing a package just installs the binaries. At the end of the installation, it says something like: To make the daemon start at each boot, add the following to /etc/rc.local: if [ -x /usr/local/sbin/somedaemon ]; then /usr/local/sbin/somedaemon fi This may be a less convenient approach, but it does meet the criterion of Least Surprise: a daemon won't be started automatically before you have a chance to configure it, for example. I would be very surprised if I installed a package and it was not immediately functional, and left me with obscure, unguided configuration to do. I expect Debian packages to ship daemons with sane defaults, and for the daemons to work. If I wanted *BSD, I know where to find them. manoj -- Anyone who goes to a psychiatrist ought to have his head examined. Samuel Goldwyn Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: install daemon without starting it
On Thu, Apr 02 2009, Celejar wrote: On Thu, 02 Apr 2009 10:12:54 -0500 Manoj Srivastava sriva...@ieee.org wrote: ... There are mechanisms by which the site admin can tailor the selection of daemons that start -- but the default should be I installed it, and I installed it for a reason, so I want the thing running. But perhaps I don't want it to run until after I modify the default configuration. I may install a web server, but I may want it to serve only over a LAN interface, and not over my public interface. I know I can block this at the firewall, but I want defense in depth, and I'm suggesting that there can be perfectly common use cases where I want the thing installed, and eventually even running, but not just yet, or right now. Then, knowing the system default, you take action not to let the server start. Or you modify the config file asap (often before the system finishes the upgrade. See, there are two equally viable options here. Use debconf to configure the daemon, so most people can install, answer questions, and be on their merry way --- or not start and let the user configure it as they will. Some like it one way, some the other. What the maintainr has to judge is which set of users to please, since you can't please everyone. -- The universe is all a spin-off of the Big Bang. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: install daemon without starting it
On Thu, Apr 02 2009, Nuno Magalhães wrote: is it possible to install a daemon from a Debian package without having it automatically started afterwards? At the risk of starting a holy war, and kind of highjaking, shouldn't Debian *not* start just-installed daemons by default? Or at least ask while installing if such daemon is to be started automatically (like sshd does, i think)? The argument is that if the user did not want the daemon started, they would not have installed the package. And while there can be a debconf question about it starting, the questions should be of low priority (I insatlled the package, didn't I? why ask me over and over whether I really really want it running?), and the default should be yes. This is why Debian has debconf -- so that any critical configuration should be done at install, and there should be reasonable, non-obnoxious defaults set by the package anyway. There are mechanisms by which the site admin can tailor the selection of daemons that start -- but the default should be I installed it, and I installed it for a reason, so I want the thing running. Or so the reasoning goes. manoj -- Journalism is literature in a hurry. Matthew Arnold Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: To synchronize system time witn NTP-server with no winter time shift whole year - how to?
On Mon, Mar 30 2009, Paul E Condon wrote: You did not lose an hour. You got up an hour early because you are a slave to the reading on a clock that you know you set forward by an hour the night before. This is not the behavior of a rational being, IMHO. The only reason, IMHO, that you subscribe to such nonsense is that it has been repeated so many times that you have forgotten that it is a lie. On the other hand, I get up an hour early because I am addicted to eating. I have to mesh my activities with other folks, and they start work at a time that is an hour earlier in the summer. Grocery stores, Pharmacies, movie theaters -- things that affect my schedule -- all shift. It is moronic to not juet get up in sync with the activities and schedules that make up my life. If you think it is nonsensical, I truly feel sorry for you. It must be lonely out where you are. And so, yes, I sleep a little less in spring, and get an hour extra in the fall. Not because I am a slavef to the clock, but I am not geeky enough to think I live on an island, entire of itself. manoj -- It's men like him that give the Y chromosome a bad name. Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Xen kernel and make-kpkg
On Tue, Dec 09 2008, Stefan Goebel wrote: Manoj, should I file a bug report for this or is there something else I can try first? Thankd for the bug-report and patch; it is always appropriate to file a bug on kernel-package when you are experiencing difficulties. At worst, you'll be told there is a work-around; :-) manoj -- win-nt from the people who invented edlin. MaDsen Wikholm, mwikh...@at8.abo.fi Manoj Srivastava sriva...@acm.org http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Xen kernel and make-kpkg
On Tue, Dec 09 2008, Stefan Goebel wrote: Hi, I'm trying to build a custom Xen (DomU for now) kernel using the Debian sources (i.e. linux-source-2.6.26 (2.6.26-11) with Debian's Xen patches from linux-patch-debian-2.6.26 (2.6.26-11)) and kernel-package (11.015), on an i386 system running Lenny. Applying the Xen patches with ../kernel-patches/all/2.6.26/apply/debian -a i386 -f xen works, running make-kpkg --revision='1.0' --append-to-version='-foo' kernel_image does not work, apparently make-kpkg tries to run make bzImage on the kernel sources and there is Nothing to be done for 'bzImage'. A make deb-pkg on the sources works, however, I would prefer make-kpkg. Any hints? Try rm -rf ./debian; and then run make-kpkg again. manoj -- No one can feel as helpless as the owner of a sick goldfish. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: whole disk encryption -- not prompting for passphrase
On Sun, Nov 02 2008, Emanoil Kotsev wrote: I'm pretty sure that the crypt thing is not compatible with lvm. may be this is the problem. I'm not 100% sure though. The problem could be related to previous formatting and using lvm, or some cached information somewhere. Umm, no. I am not at my laptop at the moment, but I have a fully encrypted partition, on top of which re ll my lvm volume groups. I eevn hve swap in the encrypted partition. I'll try and remember to look at my setup once I get back. manoj -- Politics makes strange bedfellows, and journalism makes strange politics. Amy Gorin Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Partitioning Scheme
Hi, Here is my laptop partition, with sizes and the amount that is free. , | FilesystemSize Used Avail Use% Mounted on | /dev/mapper/spark_vg-root_lv | 4.0G 554M 3.2G 15% / | /dev/mapper/spark_vg-home_lv |24G 7.4G 16G 33% /home | /dev/mapper/spark_vg-usr_lv |12G 5.7G 5.6G 51% /usr | /dev/mapper/spark_vg-ulocal_lv |16G 3.9G 12G 26% /usr/local | /dev/mapper/spark_vg-var_lv | 7.9G 3.1G 4.5G 41% /var | /dev/sda3 122M 52M 65M 45% /boot ` All of /dev/mapper/spark_vg is encrypted, so I do need the /boot. I also do not mount /boot by default. Since there is only /boot and one giant encrypted lvm partition, I can grow and shrink my partitions if needed. Here are bits from /etc/fstab (columns removed to fit in 80 columns). /usr is mounted read-only. No deices are allowed in user home directories. No suid programs are allowed in /home, /usr/local, and /var. , | / noatime,user_xattr,errors=remount-ro | /boot noatime,defaults,rw,noauto,user_xattr | /home noatime,nodev,nosuid,user_xattr,rw | /usrnoatime,defaults,ro,user_xattr | /usr/local noatime,nodev,nosuid,user_xattr | /varnoatime,nodev,nosuid,user_xattr ` manoj -- If at first you don't succeed, try again. Then quit. There's no use being a damn fool about it. -W.C.Fields Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: resolution change on startx -- :1
On Wed, Oct 22 2008, Chris Bannister wrote: Mmmm there is a thread about DFSG violations in the kernel on [EMAIL PROTECTED] which may delay the actual release. Looks like there will have to be a GR to sort it out. I hope they don't rip out *too* much hardware support. :) The details of the current work-in-progress are at: http://womble.decadent.org.uk/blog/for-those-who-care-about-firmware Please help in testing that. From that page, it looks like most of the firmware is being moved into separate firmware-foo packages (a model that works for me with my firmware-iwlwifi driver). There has been an update since that page was published; we might be able to get permission to retain ConnectTech WhiteHEAT USB serial adapters (perhaps in a firmware-whiteheat package). I would appeal to people to help test the libre kernel pakages; it would help the release happen faster. manoj -- It doesn't much signify whom one marries for one is sure to find out next morning it was someone else. -- Rogers Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: resolution change on startx -- :1
On Wed, Oct 22 2008, Douglas A. Tutty wrote: Why don't they make a debian version with OpenBSD's kernel? It seems to support most hardware, with a BSD licence. But then we can't run the nVidia drivers, and perhaps not watch flash movies. Oh well. That would require someone who want to work with the openbsd kernel to put in the work, create the .debs for all the 11 architectures, arrange for the debian installer to work, ensure that the kernels work for the 11 architectures, are ported to them etc. Also, they need to be prepared to work with the security team, the stable release manager, provide responses to end users having problems, track security fixes for the kernels, talk with upstream (subscribe to their mailing lists, bug trackers, etc). So far, no one with the ability and the inclination has really undertaken to do the activities above. This is a volunteer organization, you know. So, if you think that supporting an openBSD kernel in Debian is a great idea, and should be done, just do the tasks mentioned above. Or find someone willing and able to do so. Me, the BSD license is an immediate turn off, so I'm not likely to want to help. And since any contributions of mine are liable to be under GPLv3, most likely my contributions will not be appreciated in the first place. You? manoj -- Be independent. Insult a rich relative today. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Compile vanilla 2.6.27 using make-kpkg
On Mon, Oct 13 2008, Lachlan wrote: i am also running amd64 i got 2.6.27 running this morning but that's about it. booted into gnome and didn't really know what to do after that. i used: kernel source# make menuconfig (made sure iwl stuff was added etc. saved as .config) kernel source# fakeroot make-kpkg --revision=custom.1.0 kernel_image kernel source# dpkg -i /home/user/src/linux-image-2.6.27_custom.1.0_amd64.deb kernel source# mkinitramfs -o /boot/initrd.img-2.6.27 2.6.27 That last should not be required if you had added --initrd to the make-kpkg line. Here is my compile command: --8---cut here---start-8--- #!/bin/sh export MODULE_LOC=/usr/local/src/kernel/modules #make-kpkg --rootcmd=fakeroot --initrd --append-to-version=-oscar clean make-kpkg --rootcmd=fakeroot --initrd --append-to-version=-oscar kernel_image fakeroot make-kpkg --initrd --append-to-version=-oscar modules_image --8---cut here---end---8--- (Yes, this is my 15th test compile for 2.6.27) manoj -- Think of your family tonight. Try to crawl home after the computer crashes. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Compile vanilla 2.6.27 using make-kpkg
On Sun, Oct 12 2008, Adrian Levi wrote: I'm having troubles compiling a vanilla 2.6.27 kernel using kernel-package. Looks like there is a new iwl4965 driver and I'd like to try it out. The kernel compiles correctly using the usual toolchain provided with the sources but fails on the packaging part using make-kpkg. The compile process gets all the way to the end and fails with debian/stamp/Install: Is a directory The exact command line I'm using at the top level linux-2.6.27 direcory is: fakeroot make-kpkg --initrd --arch amd64 kernel_image Have you tried without the --arch option? with --arch, I think you might be getting into all kinds of cross compilation nastiness. or else try --arch amd64 --cross-compile - manoj -- The decision doesn't have to be logical, it is unanimous. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Compile vanilla 2.6.27 using make-kpkg
On Sun, Oct 12 2008, Adrian Levi wrote: I have since tried compiling the kernel in a clean lenny debootstrap chroot sucessfully. Strangely is was called, linux-xenu-2.6.27_2.6.27-10.00.Custom_amd64.deb But it boots and works, must be a version incompatibility somewhere, I still have etch repositories in my sources list so something must be held but not reported. If you try a newer Sid version, I think the idiosyncracy with XEN would go away. manoj -- patent: A method of publicizing inventions so others can copy them. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Rejuvenated kernel-package uploaded to unstable, please test
Hi folks, A new version of kernel-package has made its way to unstable. This is a extensive change, and addresses most of the problems that have been plaguing kernel-package, partially thanks to patches provided by other folk. The new version works with the merged x86 code in recent kernels, while retaining compatibility with older kernel sources. It correctly generates the right set of headers. It is again cross-compilation friendly. The postinst no longer runs lilo when it thinks there is no other bootloader (it used to detect grub, but not grub2). It correctly installs firmware in a versioned location under /lib/firmware. More significantly, the build system has moved to a more streamlined, make -j friendly build system While I am not sure of this fixes some of the nagging problems we have been facing in recent versions of kernel-package, where we used double colon rules, which were convenient, sure, but played havoc with ordering of the rules, and had to have various band-aids to help out with the ordering. The system was rapidly growing complex, with clear indication that it was actually faster. The new target mechanism does away with doublecolon rules, and should play better with parrallel compilation. We try to use upstream kbuild as far as possible, to reduce churn as the files upstream installs change. Some added checks of the Makefile are now in place so we retain backwards compatibility. This should improve things lot wrt header files. We also now add dependencies to more packages actually required to build kernel images. We also try to look for the kbuild created KERNELRELEASE variable, which is designed to be used by distros to figure out where modules are to be loaded from, etc. This should help reduce version mismatches. We also prepare the kernel.release file early, to help that. We also refitted to support the new XEN code in mainstream, in that the same image can be booted normally or be used as a XEN image. This support probably needs to be improved. The make target dependencies have been extensively reworked, to minimize surprises and wasted effort. We also strip modules, based on DEB_BUILD_OPTIONS (nostrip). Extra care is now taken so we do not accidentally remove ./debian while cleaning, thanks to upstream helpfully removing ./debian when cleaning. This should prevent dpkg-buildpackage from accidentally shooting itself in the foot by removing ./debian as its first action. Finally, the changes have made it possible to create a kernel-image straight out of a git working directory, partially because the upstream script does not think that the changes kernel-package makes to the source make it dirty, and partially because we run the kernel.release creation script early, just after patching the sources, but before generating the ./debian/changelog, and this, abetted by using KERNELRELEASE, ensures that we correctly capture the version. I have also added dependencies to kernel package, the kerel source package, the kernel header package, with the basic tools required to build a kernel, so by installing the source package, or the header package, the user should have most of the things required to compile their own kernel. Anyway, this was a marathon two day hack session, and while I have compiled 2.6.25.8 and 2.6.26 several dozen times, I would appreciate testing this version, so we may get it into lenny. manoj -- Dungeons and Dragons is just a lot of Saxon Violence. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Rejuvenated kernel-package uploaded to unstable, please test
Hi, Be sure to get kernel-package_11.005_all.deb. The 11.005 fixes a critical regression, born of a copypaste error from late night hacking. Sorry for the inconvenience. manoj -- Old age and treachery will beat youth and skill every time. a coffee cup Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: problem with gnu emacs
On Tue, 12 Aug 2008 10:51:16 +0200, Vincent Lefevre [EMAIL PROTECTED] said: On 2008-08-12 08:43:00 +0200, Sven Joachim wrote: On 2008-08-12 05:51 +0200, Zach Uram wrote: When I run emacs I see this error: emacs: /usr/local/lib/libpng12.so.0: no version information available (required by emacs) Try moving that file out of the way. In general, it is not a good idea to install libraries into /usr/local/lib. In general, when installing libraries, the goal is to be able to use them (in particular by programs compiled by the user). So, the right place is /usr/local/lib if they are for all users of the machine, and $HOME/lib for the user who installed them. Now, if Debian packages are not meant to use external libraries (i.e. that do not come from Debian), one may wonder if these Debian packages should use a run path. If you put a shared library in /usr/local/lib which has the same so name as a library shipped by Debian, but is not binary compatible with it, you will have problems, sinc the loader loads the incompatible library, and breaks all packages compiled with the Debian supplied library. manoj -- All the existing 2.0.x kernels are to buggy for 2.1.x to be the main goal. -- Alan Cox Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-proxy: can't use more than 1 backend
On Fri, 25 Jul 2008 15:03:39 -0400, Celejar [EMAIL PROTECTED] said: On Fri, 25 Jul 2008 20:14:54 +0200 Gilles Mocellin [EMAIL PROTECTED] wrote: Le Friday 25 July 2008 18:34:17 Peter Daum, vous avez écrit : I am trying to get apt-proxy to work on a test machine running lenny. [...] Generally, apt-proxy doesn't really look overly trustworthy (on every start there is a python warning about telnet being deprecated), but there doesn't seem to be any better alternative (I don't want to run a full-blown apache server). Peter I switched last year to approx, far more stable for me. I, too. I used to have trouble with apt-proxy; I now use approx and I'm happy with it. apt-proxy used to have an option of using more than one backend for a repository; so my debian alias had more than one backend, since ftp.us.debian.org is sometimes flakey for me. I don't see that option for approx; which is not a big deal, though. Also, I guess I'll have to bind mount the old apt-proxt repository over /var/cache/approx. manoj -- DISCLAIMER: Use of this advanced computing technology does not imply an endorsementof Western industrial civilization. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Portage, RPM or DPKG: number of packaged software comparison
On Tue, 17 Jun 2008 12:09:24 -0500, John Hasler [EMAIL PROTECTED] said: Simon writes: I am just curious which distribution have the most packaged Open Source software. That's hard to say. Debian probably has the most packages, but Debian packages are also more fine grained than many: Debian packages seperately pieces of software that others clump together. Probably the best statistic for this comparison, depending on your purpose, would be total number of lines of source code. Count source packages. That gets away from distro specific slicing and dicing of packages, and better represents the effort taken to package software. I still think that Debian is ahead by source package count, but I do not have concrete data, off hand. manoj -- Avoid the Gates of Hell. Use Linux (Unknown source) Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: face headers on mail to the list
On Tue, 8 Apr 2008 21:41:37 -0400, Douglas A Tutty [EMAIL PROTECTED] said: However, if we go with the question if everybody did it, then what proportion of bandwidth for debian list would be taken up with Face headers. Would this be significant for someone downloading over a slow (or very slow) link. Right now I'm on dialup at about 2 KB/s and its $9.99 per month for unlimited time. What if I was on a sailboat and/or in northern Canada (outside of a community with a sat ground station) on either an M-sat box (?2400 baud) or on HF (shorwave) at 300 baud (or less) and perhaps paying per KB? Then threads like this would mean that you would probably not want to subscribe to the mailing list. Also rampant quoting, ling isgs, spam on the list (or so I am told) -- all kinda overwhelm the Face header. How does this mesh with, for example, debian's thought-paradigms for deciding if something is free. e.g. the desert-island paradigm where you can't be required to send in a license fee. Well, the desert island will only have M-sat or HF (well, I suppose you may have a meridian phone, but I think its limited to 9600 too). Debian does not send out mail with face headers or large signatures. People do. manoj -- You mean now I can SHOOT YOU in the back and further BLUR th' distinction between FANTASY and REALITY? Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian how-to
On Mon, 31 Dec 2007 08:13:31 -0500, [EMAIL PROTECTED] said: Not all the docs are under /usr/share/doc/[package name], some are under usr/share/[package name] with no apparent rhyme nor reason. Then, everything is gzipped, should the user extract these to their home folder or is there a particular method to read these as they stand? The files under /usr/share/[package name] are meant to be used by the package at run time, and perhaps are part of an online help facility. I understand packages which have a built in help often do not give out other documentation. But if that is not the case, and the primary documentation lives compressed in /usr/shar/package-name; then you have found a bug, please report it. Also getting the package managers to work with other mirrors or the non free or contrib, how is it done without searching for hours through documentation in an often cyclic manner. I think this is covered in the release notes. Then there's the installation manual that gives a brief overview of the installation but few links to go to for additional resources, help etc other than the list. What about using the Rescue modes of the install CD, other than a few short paragraphs there's not much help there. I've discovered a few it's inherent limitations while fixing the messed up grub hd assignments, ended up using a knoppix DVD to do all the fixing and reinstalling of GRUB, after searching for a few hours for solutions. The grub shell won't run from the rescue mode so many of the helpful items are unavailable. As was stated many other disto's have these n00b pages for a quick reference to get us up to speed so that we can start figuring out how to do things on our own. Many n00bs are reticient to post to lists or forums as they often receive negative feed back from some of the more seasoned users who feel like they are answering the same questions time and again. I've yet to find anything on somehow efficiently searching archives for fixes to problems that may have already been solved. Sometimes it's just a matter of using the proper key words. Anyways, my diatribe has gone on long enough, sorry. I'm just trying to elaborate on the need here, not asking for assistance ... yet. :) Perhaps you can provide the kind of documentation that you think is needed? I mean, this is the Debian way, a whole bunch of people volunteering our time to scratch our particular itches. Your diatribe seems to indicate this is an itch you might be best to scratch. manoj -- Who goeth a-borrowing goeth a-sorrowing. Thomas Tusser Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian how-to
On Mon, 31 Dec 2007 07:04:53 -0800, Raquel [EMAIL PROTECTED] said: forwarded message: Date: Mon, 31 Dec 2007 07:58:01 -0500 From: Paul Cartwright [EMAIL PROTECTED] I downloaded powertop using svn. All that does is put the new source in a folder right where you are. That does me no good, so I try your locate: locate powertop bash: locate: command not found paulandcilla:/media# , | __ which dlocate | /usr/bin/dlocate | __ dlocate /usr/bin/dlocate | dlocate: /usr/bin/dlocate | __ apt-cache show dlocate | Package: dlocate | Priority: optional | Section: utils | Installed-Size: 88 | Maintainer: Craig Sanders [EMAIL PROTECTED] | Architecture: all | Version: 0.94 | Depends: dctrl-tools | grep-dctrl (= 0.11), dpkg (= 1.8.0), locate | findutils ( 4.2.31-2), perl | Filename: pool/main/d/dlocate/dlocate_0.94_all.deb | Size: 16606 | MD5sum: 8b3eb28d752136b527e2062b31b2d1f6 | SHA1: 1454c9ba576aa97102898137d84ef85f194ee88b | SHA256: d74531e715bd0f262c9970152e83b2c99c070dcf5346240bd3fd44391f3b450b | Description: fast alternative to dpkg -L and dpkg -S | Uses GNU locate to greatly speed up finding out which package a file | belongs to (i.e. a very fast dpkg -S). Many other uses, including | options to view all files in a package, calculate disk space used, view | and check md5sums, list man pages, etc. | Tag: admin::package-management, implemented-in::perl, interface::commandline, role::program, scope::utility, suite::debian, use::searching, works-with::file, works-with::software:package ` , | __ which locate | /usr/bin/locate | __ dlocate /usr/bin/locate | locate: /usr/bin/locate.findutils | __ apt-cache show locate | Package: locate | Priority: optional | Section: utils | Installed-Size: 348 | Maintainer: Andreas Metzler [EMAIL PROTECTED] | Architecture: amd64 | Source: findutils | Version: 4.2.31-4 | Replaces: findutils ( 4.2.31-2) | Depends: findutils ( 4.2.31-1), libc6 (= 2.7-1) | Conflicts: slocate (= 3.1-1.1) | Filename: pool/main/f/findutils/locate_4.2.31-4_amd64.deb | Size: 141504 | MD5sum: f5a85b5fd7ed8c6d13abfc2fefce9b7a | SHA1: f8d4f03fe85293e1eebd86dfcaa82cb6e4dbb46e | SHA256: 1335cf78d605b897c90ffe7e13465807aea7befaed329ae6ef1d23dd7a15afac | Description: maintain and query an index of a directory tree | updatedb generates an index of files and directories. GNU locate can be used | to quickly query this index. ` , | __ which powertop | /usr/sbin/powertop | __ dlocate /usr/sbin/powertop | powertop: /usr/sbin/powertop | __ apt-cache show powertop | Package: powertop | Priority: extra | Section: utils | Installed-Size: 404 | Maintainer: Patrick Winnertz [EMAIL PROTECTED] | Architecture: amd64 | Version: 1.9-2 | Depends: libc6 (= 2.7-1), libncursesw5 (= 5.6+20071006-3) | Suggests: cpufrequtils, laptop-mode-tools | Filename: pool/main/p/powertop/powertop_1.9-2_amd64.deb | Size: 69104 | MD5sum: ea14bf106cca03510dad2386aa4dc992 | SHA1: e5750a003b577cc288bafd18a4ced3b4e91458b9 | SHA256: 7d7fc9a26525c657b186a20a51dff9ac67f3507f47c13dcb0c2d617be5fbb773 | Description: linux tool to find out what is using power on a laptop | PowerTOP is a Linux tool that finds the software component(s) that | make your laptop use more power than necessary while it is idle. As of | Linux kernel version 2.6.21, the kernel no longer has a fixed 1000Hz | timer tick. This will (in theory) give a huge power savings because | the CPU stays in low power mode for longer periods of time during | system idle. | . | However... there are many things that can ruin the party, both inside | the kernel and in userspace. PowerTOP combines various sources of | information from the kernel into one convenient screen so that you can | see how well your system is doing, and which components are the | biggest problem. | Homepage: http://www.linuxpowertop.org | Tag: hardware::laptop, implemented-in::c, interface::commandline, role::program, scope::utility | Task: laptop ` __ aptitude install powertop HTH. HAND. manoj -- Worth seeing? Yes, but not worth going to see. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How do you make your life secure (software based)?
On Tue, 27 Nov 2007 08:01:30 -0600, John Hasler [EMAIL PROTECTED] said: For true security you'll never use computers, never use the telephone, never write anything down, never use banks or other financial institutions, and always pay cash. For really really true security, you'll never interact with another human being, you'll hole up in an undisclosed valley with lots and lots of guns and mmo, stockpile food for years, and shoot anything that moves. manoj -- Thank goodness modern convenience is a thing of the remote future. Pogo, by Walt Kelly Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: The excessive amounts of spam I am getting
On Sat, 24 Nov 2007 23:59:53 -0600, Sidarth Dasari [EMAIL PROTECTED] said: Is anybody else getting tons of spam emails from this mailing list? Spam? The last Spam message I saw was in late October -- or was it early November? This is what filtering is for: http://www.golden-gryphon.com/mail/ http://www.golden-gryphon.com/blog/manoj/categories/spam.html manoj -- A modem is a baudy house. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: printing a scanned document
On Thu, 15 Nov 2007 08:40:57 -0600, Hugo Vanwoerkom [EMAIL PROTECTED] said: Hi, I was sent a scanned document, it was a .jpeg file. So I downloaded the .jpeg and used display to view it. Then I printed it, but it was about 1/2 the size of a sheet of paper and hard to read. So I used display to resize it 150% and sharpen the image. That worked OK *viewing* it but it *prints* still the same small image. How do I make it print a larger image that is sharpened? Well, how about using convert? convert -resize geometry old.png tmp.png convert -sharpen geometry tmp.png new.png Look at the documentation online; convert has a lot of options which could be useful. manoj -- It's useless to try to hold some people to anything they say while they're madly in love, drunk, or running for office. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: docx files
On Sat, 10 Nov 2007 07:55:23 -0600, Ron Johnson [EMAIL PROTECTED] said: On 11/10/07 00:13, Manoj Srivastava wrote: On Fri, 09 Nov 2007 13:32:01 -0600, Ron Johnson [EMAIL PROTECTED] said: But it's fun! And to the 95% of people who have no clue what a word processor is it makes you look like a jackass. Being thought a jackass by morons is a compliment. I understand your point. But they are in the majority. Being in the majority does not confer on them a patina of desirability or any need to pander to them. The unwashed masses are always there. I would much prefer to xtand out. And yes, I am an elitist. So when you see that moron young woman at the club and ask her to dance, she thinks This guy is a jackass. and turns you down, possibly rudely. I am much better off not hooking up with her, since it would save me from a future charge of homicide. It also allows me to remain free for the intelligent _and_ good looking person of the appropriate gender. Where is the downside? Or any of a thousand other scenarios where it's a bad idea for 95% of the world to think you're a jackass. Since most people are morons, I am not sure I agree with that assessment. manoj -- The final delusion is the belief that one has lost all delusions. Maurice Chapelain, Main courante Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: docx files
On Sat, 10 Nov 2007 10:07:15 -0600, Ron Johnson [EMAIL PROTECTED] said: On 11/10/07 09:31, Manoj Srivastava wrote: On Sat, 10 Nov 2007 07:55:23 -0600, Ron Johnson [EMAIL PROTECTED] said: On 11/10/07 00:13, Manoj Srivastava wrote: On Fri, 09 Nov 2007 13:32:01 -0600, Ron Johnson [EMAIL PROTECTED] said: But it's fun! And to the 95% of people who have no clue what a word processor is it makes you look like a jackass. Being thought a jackass by morons is a compliment. I understand your point. But they are in the majority. Being in the majority does not confer on them a patina of desirability or any need to pander to them. The unwashed masses are Pander? No. Deal with? Yes. I deal with them by telling them not to send me doc files. Until I'm rich enough to own an expensive and well-fortified self- sufficient compound/estate out in the country. You need to have a compound to protect yourself from idiots sending you doc files? Wow. always there. I would much prefer to xtand out. And yes, I am an elitist. I'm elitist too, but only act like it in private among other intelligent people. Look, if they are morons, their opinions do not count. Sometimes one is unfortunate enough to be in a position where you do have to cater to them (if your boss is a morong, for example, and you need the pay check). The idea then is to arrange not to be under the thumb of one of these people. Usually, as with waiters, one limits oneself to a small, rigid, well understood interface with such people. I order food, you bring food, I pay and leave a good tip. For gods sake don't send me doc files; all I need from you is food and beverages. Besides, rude is rude. Having the waiter spit in your food because you're a jackass is the height of stupidity, even in smart people. Stop going to such restaurants. Usually, very few waiters want to send me doc files. So when you see that moron young woman at the club and ask her to dance, she thinks This guy is a jackass. and turns you down, possibly rudely. I am much better off not hooking up with her, since it would save me from a future charge of homicide. It also allows me to remain free for the intelligent _and_ good looking person of the appropriate gender. Where is the downside? Or any of a thousand other scenarios where it's a bad idea for 95% of the world to think you're a jackass. Since most people are morons, I am not sure I agree with that assessment. I get the distinct impression that you are young and unmarried. Then you should stop jumping to conclusions. manoj -- Somehow, the world always affects you more than you affect it. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: docx files
On Fri, 09 Nov 2007 13:32:01 -0600, Ron Johnson [EMAIL PROTECTED] said: But it's fun! And to the 95% of people who have no clue what a word processor is it makes you look like a jackass. Being thought a jackass by morons is a compliment. manoj -- In case of fire, stand in the hall and shout Fire! The Kidner Report Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apt-Get or Aptitude
On Sun, 28 Oct 2007 10:06:59 -0700, Daniel Burrows [EMAIL PROTECTED] said: I'd say the main difference is that apt-get is a command-line tool, whereas aptitude is an interactive tool that can be driven from the command-line. Are there still command line usages of apt-get that are not exactly the same in aptitude? And has apt-get started keeping track of automatically installed packages, so cruft removal is not an issue with apt-get, as it has been in the past? manoj -- On the Internet, no one knows you're using Windows NT Submitted by Ramiro Estrugo, [EMAIL PROTECTED] Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Query about Iceape, Iceweasel
On Wed, 17 Oct 2007 13:19:01 +0800 (WST), Bret Busby [EMAIL PROTECTED] said: I didn't expect bigotry on this list. I am not sure bigotry means what you think it does. You asked for volunteers to help you with a problem; they said that the problem you presented was presented in a fashion that was likely to be triaged out in favour of problems which presented better. This is not presenting any dogma as being incontrovertibly correct. But then, if that's what the list is about, so be it. This list is about people who use Debian helping each other. I hope that you are not a professional software developer. I am. If you are, and you tell customers to get stuffed, if they find fault with your software, then I pity any customers that you have left. But then, if they are stupid enough to stay with you, they so do at their own peril. You are not a customer. Customers help pay my salary. You do not. At best, we are both people who use Debian. If I can help you, I will, but this is entirely on my dime, and an act of goodwill. Do not presume to abuse that. So, you are telling us that Mozilla is incapable of producing a web browser that can operate with more than one browser window and more than one tab open, and that Mozilla is inapable of producing web browsers that operate within limits of load defined by the developers, whereby, a limit is reached, and a dialogue box appears, stating You have already too many browser windows/tabs open. You need to close some browser tabs,windows, before opening any more. ? Mozilla folks have a Bugzilla implementation. As the person encountering this problem, perhaps you are the best person to report it? Well, it doesn't. That is why I reboot after each mentioned crash. Because, the system monitor can show that up to 50% of the memory is still being used with no tasks visible in the taskbar after such a crash. You find system memory being used after a crash. Are you sure it is not used in cached buffers? But then, I suppose you are more interested in making a noise, as disturbing and annoying as possible, rather than examining the facts, and determining a cause of a problem and seeking a solution. Is your name really John MacEnroe? You know, you have a singularly ineffective means of asking for help. And I wish you good luck with your much needed full frontal lobotomy, and I hope that it eliminates your distemper, and makes you able to coexist with other people. Wow. For someone asking for help from volunteers, you certainly are making friends here. manoj -- A mathematician is a machine for converting coffee into theorems. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian may lose a user
On Sat, 29 Sep 2007 10:30:29 -0400, Chris Bannister [EMAIL PROTECTED] said: On Tue, Sep 25, 2007 at 11:12:02PM -0400, Kevin Mark wrote: more likely to give better reports if asked by a nice dd. But since its not 'policy', its not something that is required. There is the obvious situation where DD have real lives and can not respond to every user, Apparently policy does not list requirements but best practices. IOW policy is not (supposed to be(?)) used to enforce behaviour. No, Policy must directives are things package must comply with, or they are thrown out of the release (unless release managers offer dispensation). However, policy _changes_ tend to be conservative, and policy is not where you do design and tinkering. So new stuff needs to be tested, and deployed, and _then_ policy changes. Policy also does not tend to change rapidly and make gazillions of packages instantly buggy. Please correct my statement(s) if I am off target. You are. manoj -- A jury consists of twelve persons chosen to decide who has the better lawyer. Robert Frost Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian may lose a user
On Sat, 29 Sep 2007 07:44:58 -0400, Kevin Mark [EMAIL PROTECTED] said: On Sat, Sep 29, 2007 at 10:30:29AM -0400, Chris Bannister wrote: On Tue, Sep 25, 2007 at 11:12:02PM -0400, Kevin Mark wrote: more likely to give better reports if asked by a nice dd. But since its not 'policy', its not something that is required. There is the obvious situation where DD have real lives and can not respond to every user, Apparently policy does not list requirements but best practices. IOW policy is not (supposed to be(?)) used to enforce behaviour. Please correct my statement(s) if I am off target. That is why I used the quotes ('policy' vs policy). Hmm. I wondered why kevin was saying this, since he is generally clued in, and knows policy is to be followed. The distinction is that Debian technical policy, the entity Chris is referring to (I presume), does not govern people. It governs technical aspects of packaging Debian software, so it has no jurisdiction in how reports are responded to. Sorry if my previous mail was confusing. manoj -- Sushido, n.: The way of the tuna. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Tool for document management
On Wed, 26 Sep 2007 21:31:32 -0400, Douglas A Tutty [EMAIL PROTECTED] said: Here's my personal letter template. I copy it to the correct file name, edit it, then latex it. The letter text itself is just plain text. \documentclass[letterpaper,12pt]{article} %preamble here \begin{document} % no page number on this first page \thispagestyle{empty} \begin{flushleft} Douglas A. Tutty\\ xxx x, RR. x\\ xx, ON xxx xxx\\ Ph: (xxx) xxx--\\ Email: [EMAIL PROTECTED] \end{flushleft} \noindent \today \bigskip \noindent Dear: \bigskip \begin{flushleft} Yours truly, \vspace{2cm} Douglas A. Tutty. \end{flushleft} \end{document} --8---cut hereletter_template-8--- \documentclass[12pt]{letter} \usepackage[dvips]{graphicx} \usepackage{times} \pagestyle{empty} \usepackage[margin=1in, head=0.25in, headsep=0.25in, nofoot]{geometry} \setlength{\topmargin}{0pt} \setlength{\oddsidemargin}{0pt} \setlength{\headheight}{0pt} \setlength{\headsep}{0pt} \setlength{\footskip}{5pt} \setlength{\textheight}{9.0in} \setlength{\textwidth}{6.5in} \address{Manoj Srivastava\\ 229 Brandon Lane\\ Woodbury, TN 37190} \signature{Manoj Srivastava} \makelabels{} \begin{document} \letter{Some one\\ P.O. Box 2210\\ Sometown USA, 0-} \opening{Dear Sir} Blah Blah blah. \closing{Yours Sincerely,} \ps{post scriptum} \encl{some thing or the other} \end{document} --8---cut here---end---8--- --8---cut here-envelopestart-8--- % TeX Template for an envelope % % To use: % % Copy into a new file, replace all % [BRACKETED UPPER-CASE TEXT] % with your own, then run the tex command on it. % Use dvips to print the .dvi output in landscape mode: % dvips -t landscape envelope.dvi \font\cmssa = cmss12 \font\cmssc = cmss14 %\special{papersize=9.5in,3.25in} %\special{landscape} \parindent 0 pt\nopagenumbers\parskip 10 pt \hsize 9.5 in\vsize 3.25 in \voffset 1.25 in \cmssa Manoj Srivastava 229 Brandon Lane Woodbury, TM 37190 \vskip .5 in\vskip 15 pt\parindent 3.5 in \font\addressrm=cmss16 scaled\magstep2 \addressrm document P.O. Box 2210 Sometown USA, 0- \end --8---cut here---end---8--- manoj -- APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Repost of some earlier described challenges
On Tue, 25 Sep 2007 23:50:44 -0500, Mike McCarty [EMAIL PROTECTED] said: Oops! I somehow neglected to specify... PS/2 style keyboard PS/2 style mouse Keyboard works PS/2 style keyboard USB style mouse Keyboard stops working I am afraid I cannot reproduce this. I have two machines, including my laptop, and I tried adding a USB mouse and keyboard to both, and they both worked. I think we need more details in order for us to be able to help solve this problem; and this might explain the lack of response earlier -- people might not be seeing the same issues, and thus can't debug it without more information. Same setup works with you-know-what. Then perhaps you-know-what _is_ the better solution, as far as you are concerned. I don't think we should be brow beating people into usding free software -- it should be their cohice. If they do not like what free software has to offer, and like some other solution better, we should respect that decision. [snip no fix yets] Ok, so how does one get a newer kernel, install it, and get all the memory available? $ apt-cache search linux-image $ aptitude install linux-image-foo of your choice $ update-grub (or the like, if you have not edited /etc/kernel-img.conf) $ reboot. She's sorta impulsive, sometimes. Partly, she also wants access to a disc which was formatted by Windows NT, and which she considers she has no access to at present. libntfs-3g12. Will need a FUSE-enabled kernel. Again, how to obtain and install? I believe it is already mountable and readable. I think with the kernel above, you should be able to mount an NTFS volume (mount -t ntfs) without using fuse. manoj -- Boys will be boys, and so will a lot of middle-aged men. Kin Hubbard Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT: Choice of OOo and LaTeX
On Wed, 26 Sep 2007 06:54:24 -0700, Steve Lamb [EMAIL PROTECTED] said: Neil Watson wrote: On Tue, Sep 25, 2007 at 10:11:31PM -0700, Steve Lamb wrote: Furthermore I fail to see this supposed don't think about the formatting simplicity when I can't even write a simple financial value without resorting to escapes! Hardly any different from resorting to mouse clicks. However, you seem to have made up your mind without actually spending some time writing a document or two. Very nice how you conveniently left out where I stated CNTL-I is fewer keystrokes compared to {\it}. In other words you're shifting it to a personal attack of look, he's one of those GUI people. Well, I have emacs keybinding set so that CNTL-I spits out {\it}. In open office, when you hit CNTL-I, it does some weird stuff hiddden from you, in LaTeX is puts the directive right there for you to see, and edit, later, conveniently. Whatever. I don't need to write a document or two to know that it would be inconvenient, to me, to shift to 5 keys instead of 2 (or even 1) for a simple operation like italics and that having to remember to escape certain normal characters would be a problem. There are helpful modes in modal text editors that do help alleviate this user interface issue -- but note you are not tied down to any particular front end. There have been times when I appreciated not being tied down to a frontend -- since there are different editors which are convenient at different time (emacs + X + font locking when editing locally, vim when editing over ssh from an airport lobby). With the modal editor and LaTeX modes, I find entering the codes, and syntax highlighted semi-wysiwyg better than Ooo, in my personal and very very humble opinion. The ultimate irony is that the end result of all this evangelical blather for LaTeX has resulted in people suggesting extremely convoluted methods of achieving a simple requirement in OOo. Convert LaTeX to HTML and then from HTML to Word! That is reasonable?! The most amusing part is that people have suggested using a WYSIWYG editor for LaTeX... and use LaTeX because the WYSIWYG editor called OOo is bad because it is WYSIWYG. A-wha!? I do not consider converting to word a desirable feature, so I have had no itch to scratch to make it convenient. I understand this might make LaTeX less desirable for you, but again, that triggers no itch I feel the need for scratching. You asked for suggestions. TeX is the solution I use in a similar situation, and I offered it up to you, mentioning some of the advantages I see in that solution. You are, of course, under no obligation to take my solution. But please try to refrain from calling my helpful suggestion evangelical blather, if you can, in order for this discussion to remain collegial. manoj -- When the government bureau's remedies don't match your problem, you modify the problem, not the remedy. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Tue, 25 Sep 2007 03:11:39 -0500, Mike McCarty [EMAIL PROTECTED] said: Manoj Srivastava wrote: On Mon, 24 Sep 2007 18:54:34 -0500, Mike McCarty [EMAIL PROTECTED] said: Manoj Srivastava wrote: On Mon, 24 Sep 2007 18:21:16 -0500, Mike McCarty [EMAIL PROTECTED] said: Manoj Srivastava wrote: Firstly: Very few packages have been actively patched to link Something like 50 or so. ls, mv, cp, etc. Source packages. All those are from coreutils, no? I believe so. My response was in regards to very few. I suppose that is a subjective response. 50 or so is not subjective. My response suggests that 50 or so is inaccurate, if you count source packages. It is fewer than that. Compared to 10k source packages, however, even the bloated figure of 50 is few. BTW, I count 29 packages. I was using the published figure for Red Hat. They included such apps as ls, ps, mv, cp, etc. which are modified either to display or propagate attributes of processes or files. ls is not a package. ls comes from coreutils. Normal applications need zero modification under SELinux. Some applications which manage security may need to be made SELinux-aware, although this can often be done with PAM plugins, which is a standard way to do this kind of thing in modern Unix Linux OSs. --8 ---cut here---start-8--- libselinux1 Reverse Depends: coreutils cron dbus dmraid dmsetup fcron gdm gnome-user-share libblkid1 libdevmapper1.02.1 libgnomevfs2-0 libnss-db libpam-modules librpm4.4 logrotate loop-aes-utils lvm2 mount nautilus openssh-server passwd policycoreutils prelink rpm sysvinit sysvinit-utils udev util-linux xdm --8 ---cut here---end---8--- So, ls can't display the extended attributes of the files? And ps can't display the attributes of the processes? And find can't be used selectively to find files based on the extended attributes? Again, you seem to be confusing executables with packages. ls is not a package. (try dpkg -l ls). But yes, unless coreutils is patched, ls -Z would probably return an error. --8---cut here---start-8--- __ ls -Z .login -rw-r--r-- srivasta srivasta user_u:object_r:user_home_t:s0 .login --8---cut here---end---8--- It would take more than just kernel, of course. I am investigating LFS. Gentoo seems to have accepted SELinux as well, though since it is a source distro most of the work would be easier in that case, perhaps. Not really. You'll have to unpatch a whole bunch of gentoo source packages. And gentoo is further along than us with respect to security policy integration -- the keeper of the SELinux security policy is a gentoo core developer. manoj -- The real problem with SDI is that it doesn't kill anybody. Tom Neff Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Tue, 25 Sep 2007 05:04:15 -0400, Kevin Mark [EMAIL PROTECTED] said: There are 2 approaches to application security that I am aware of: app-armour and SELinux. Debian has SELinux, although Ubuntu now has both and seems to be favouring app-armour for some odd reason that I have not investigated. If Ubuntu continue, it could be another rift with unknown consequences. I have read about more distros supporting SELinux than app-armour. I have also read some on SELinux and of the discussions of it on -devel and seem to think its the way to go. Hopefully sometime in the near future we will have either a targeted or strict policy that is usable for average web server use in one or two releases that is not as complicated as it is now. IIRC the folks on that mission include Manoj and Eric Shubert. who I wish well on that AVC filled road. Cheers, K App Armour is smoke and mirrors, and does not really provide security, in my opinion -- since it is oh so very easily bypassable. People in the security field believe that pathnames are an inappropriate security mechanism. Label-based security (exemplified by SELinux, and its predecessors in MLS systems) attaches security policy to the data. As the data flows through the system, the label sticks to the data, and so security policy with respect to this data stays intact. This is a good approach for ensuring secrecy, the kind of problem that intelligence agencies have. Labels are also a good approach for ensuring integrity, which is one of the most fundamental aspects of the security model implemented by SELinux. SELinux security is enforced within the kernel, and an application which does not have permission to access an object will simply receive an error using the standard Unix mechanisms already used for DAC. For example, a write(2) might fail with an EACCES error code. Traditional Unix security in fact does not primarily depend on pathnames, but on DAC ownership and permission attributes stored in the file's inode. DAC is of course a form of labeled security. Pathname-based security (exemplified in AppArmor, and its predecessor Janus http://www.cs.berkeley.edu/~daw/janus/ and other systems like Systrace http://www.citi.umich.edu/u/provos/systrace/ ) try to get by with a half hearted attempt by attaching security policy to the name of the data. Create a symlink, bind mount, or anything like that, and poof, there goes your security. In other words, namespace manipulation, object aliasing (e.g. symlinks), application error, configuration error, corrupted files, corrupted filesystems, misbehavior due to malware infection or various forms user error makes security go away. A pathname tells you nothing reliable about the security properties of the object its pointing to. It is simply a mechanism for locating and referring to an object. In fact, I am not sure how you can provide integrity support without labels. AppArmor confines a process, but does not effectively confine its output files, precisely because the output files are not labeled. Other processes are free to access the unlabeled, potentially malicious output files without restriction. Without security labeling of the objects being accessed, you can't protect against software flaws, which has been a pretty fundamental and widely understood requirement in general computing for at least a decade. You need a way of providing global and persistent security guarantees for the data, and per-program profiles based on pathname don't get you there. There is no system view in AA, just a bunch of disconnected profiles. Bad security is dangerous, really dangerous. As an aside on the penalty of SELinux, the upfront labeling cost of labeled MAC is not characteristically different to that of traditional DAC labeling. Ideally, an SELinux system is installed from scratch with its security labels as well as DAC attributes, with the labeling behavior for newly created objects being controlled from a well defined policy. You probably want to avoid getting into the situation of needing a TE relabel on a production system in any case. manoj getting off the soap box http://www.nsa.gov/selinux/papers/inevitability/ -- I'm a Hollywood writer; so I put on a sports jacket and take off my brain. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT: Choice of OOo and LaTeX
On Tue, 25 Sep 2007 07:30:35 -0700, Steve Lamb [EMAIL PROTECTED] said: Neil Watson wrote: With TeX and LaTeX and its ilk the templates actually work. I can use the same template for all of my reports and they always look the same. There are no annoying format inconsistencies that are so common with Word and OpenOffice. To be fair I am operating out a large measure of ignorance. One of my main concerns is that the typesetting languages are languages. Yup, TeX is Turing complete. I'm sure they're robust Heh. This is an understatement. Professor Knuth has been offering monetary rewards to people who find bugs in TeX for decades, and with each release, the award goes up. I forget when was the last time he had to pay up. In other words, I would sooner expect google.com to be down for a month that to find a bug in TeX. Could happen, I suppose. but I have always seen their use tied to another editor. Since an outside editor is required it is my impression that there is no WYSIWYG, no way to get a basic view of how it might look printed outside of actually doing whatever magic it is to send it off to a printer. Which I don't have. There are viewers agore for dvi, ps, and pdf. I have a little shell script that just runs make every minute or so, and my viewer then refreshes itself. As I type along, I can see a per minute version -- but I find that very distracting. TeX allows me to concentrate on the content, and structure, confident in that the end result will be prettier than what Oos or word can produce -- without distracting me by cosmetic decisions until I am ready for that phase of the document prep. Also the end result of my labor will be to send this out to be published. I have seen many publishers take submissions in Word, plain text or printed out. I've yet to see one accept LaTeX. So without a printer I am stuck with transforming what I want into an acceptable format and plain text won't so. I am using some formatting. Nothing fancy, noting that will cause formatting inconsistencies. But just enough that plain text is unacceptable. These people do not accept PDF? wow. manoj -- QOTD: I used to jog, but the ice kept bouncing out of my glass. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Tue, 25 Sep 2007 11:28:13 -0500, Mike McCarty [EMAIL PROTECTED] said: Manoj Srivastava wrote: As I said, it might be a good starting place. If the patching of the source is done right, it's dependent upon a define anyway. I don't have high hopes for that. All the patches I have submitted for inclusion in Debian have been conditional -- as is the case in patches accepted upstream that I am aware of Unpatching is not difficult, as there are diff tools which can do that automatically if one has the original source. Providing that back to Gentoo, along with a polite request, might get access to original source. If, as you say, the changes are small, then pulling the unmodified sources for those things which are changed for SELinux should not be difficult. Since one is going to build from source anyway, then the rest is a shoe in. I'm not so sure the changes are small. If Gentoo is not amenable, then there's SLAX, which I believe does not have SELinux. Well, best of luck in searching for a distribution that meets your goals. manoj -- He'll sit here and he'll say, Do this! Do that! And nothing will happen. Harry S. Truman, on presidential power Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Tool for document management
On Tue, 25 Sep 2007 16:05:53 -0700, David Brodbeck [EMAIL PROTECTED] said: On Sep 24, 2007, at 9:39 PM, Russell L. Harris wrote: I use XEMacs daily to produce LaTeX documents. I have frequent need to search my archives of material I have written in the past, and I use grep for this purpose. It is difficult for me to imagine an advantage offered by OpenOffice which would compensate for the inability to make use of grep in searching my archives. I think it depends on what you're doing. TeX is awesome for writing books and scientific papers. If you're writing a letter to Grandma, though, OpenOffice is better suited. Using TeX for that is a bit like driving a semi truck to the supermarket to pick up a bottle of milk. I dunno. I have a template for letters all created, with my address, salutations, etc. It prints out an envelope for me as well, All I have to do is type in the content, and the destination. Far, far faster than using openoffice, if you ask me. manoj -- When anyone says `theoretically,' they really mean `not really.' David Parnas Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SELinux Suggestion
On Mon, 24 Sep 2007 09:14:26 +0100, Brad Rogers [EMAIL PROTECTED] said: On Sun, 23 Sep 2007 17:09:39 -0400 Joey Hess [EMAIL PROTECTED] wrote: Hello Joey, He's referring to #328474. It's mostly just ugly, there's no appreciable overhead. True, although /selinux does exist on my system, it's empty, hence the warning during the boot process. Now, if only I knew enough to find the culprit. /selinux is like /proc; the contents are created by the kernel. The selinuxfs support in the kernel is not enabled by the default grub menu.lst; hence the mount fails. manoj -- This isn't brain surgery; it's just television. David Letterman Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Mon, 24 Sep 2007 21:24:10 +0100, John Stumbles [EMAIL PROTECTED] said: Manoj Srivastava wrote: On Sun, 23 Sep 2007 17:13:59 -0700, consultores agropecuarios [EMAIL PROTECTED] said: The real problem with SELinux is that it come from a really well known untrusted organization around the globe; This is one place I differ. I know and like Stephen Smalley, and I do not look at all the products of the NSA as being, umm, untrustworthy. And it is not as if it is closed source; gazillions of security conscious eyes have looked at the offering. To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software. Don't. Do a full audit yourself. I have been doing that (well, not quite so much the LSM hooks anymore, but there are other eyes on that) before I accepted SELinux myself. It is not as if the source code is hidden. If you do not trust yourself to be able to find any trojans hidden there, find someone you can trust to do it for you. manoj -- Breadth-first search is the bulldozer of science. Randy Goebel Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Mon, 24 Sep 2007 18:21:16 -0500, Mike McCarty [EMAIL PROTECTED] said: Manoj Srivastava wrote: On Sun, 23 Sep 2007 11:14:57 -0400, Douglas A Tutty [EMAIL PROTECTED] said: On small systems, what about the penalty of just larger binaries? I have some older boxes with 16-64 MB ram. Firstly: Very few packages have been actively patched to link Something like 50 or so. ls, mv, cp, etc. Source packages. All those are from coreutils, no? with selinux. Second, the selinux libraries are shared libs -- so the actual binary is not significantly increased in size (well, dpkg is the exception, since it is linked statically with selinux). It does have to be in memory, however. My Pentium II box with 64MB of ram seems to run in SELinux strict mode just fine -- it is my firewall. Good for you. Right. But a few hundred KB in memory is a smallish penalty, and even 708 old hardware seems to be running it fine for me. manoj -- The chain which can be yanked is not the eternal chain. Fitch Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Mon, 24 Sep 2007 18:54:34 -0500, Mike McCarty [EMAIL PROTECTED] said: Manoj Srivastava wrote: On Mon, 24 Sep 2007 18:21:16 -0500, Mike McCarty [EMAIL PROTECTED] said: Manoj Srivastava wrote: Firstly: Very few packages have been actively patched to link Something like 50 or so. ls, mv, cp, etc. Source packages. All those are from coreutils, no? I believe so. My response was in regards to very few. I suppose that is a subjective response. 50 or so is not subjective. My response suggests that 50 or so is inaccurate, if you count source packages. It is fewer than that. Compared to 10k source packages, however, even the bloated figure of 50 is few. BTW, I count 29 packages. --8---cut here---start-8--- libselinux1 Reverse Depends: coreutils cron dbus dmraid dmsetup fcron gdm gnome-user-share libblkid1 libdevmapper1.02.1 libgnomevfs2-0 libnss-db libpam-modules librpm4.4 logrotate loop-aes-utils lvm2 mount nautilus openssh-server passwd policycoreutils prelink rpm sysvinit sysvinit-utils udev util-linux xdm --8---cut here---end---8--- Right. But a few hundred KB in memory is a smallish penalty, and More subjectivity :-) All opinions are subjective. even 708 old hardware seems to be running it fine for me. My objection is to having on my machine at all. Feel free to create your own apt sources are where you specifically override the defaults you do not like. This is the only recourse for those of us who do not like some aspect of the distribution, and care enough to take the effort to fork out own packages (I do my own kernel, uml, emacs. gnus, et. al packages) manoj -- Bacchus: A convenient deity invented by the ancients as an excuse for getting drunk. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Mon, 24 Sep 2007 22:16:02 -0500, Mumia W [EMAIL PROTECTED] said: On 09/24/2007 07:52 PM, Miles Bader wrote: Mike McCarty [EMAIL PROTECTED] writes: even 708 old hardware seems to be running it fine for me. My objection is to having on my machine at all. I object to having python and tcl on my machine. -Miles Your Debian machine is probably not dependent upon tcl, but Debian has been dependent upon python for a long time. However, the dependency upon SElinux is more recent. There may be time to remove it before it becomes too entrenched and before its tentacles probe too deeply into Debian. I think it has gone as deep as it is likely to go, and it is now a matter of polishing up the security policy, and trying to set up an install time option to allow people to boot into a secure node. All of this was in place before we shipped Etch, so it is not all that recent. I hope it's not too late. I wish I'd educated myself about SELinux earlier, and I wish I could've participated in the discussions about SElinux in Debian. I believe that if more Debian users were aware of the radical nature of SElinux, its complexity and the number of core libraries and utilities that would have to be changed to accommodate it, SElinux's entry into Debian could have been averted. I am afraid that this is rather late in the day; Etch shipped fully SELinux capable, with all the patches that were needed already in. We are in the phase where SELinux patches are migrating upstream; PAM now comes built in with all the SELinux hooks required, for instance, and coreutils has most of them. Now we are in the unfortunate position of having to convince the maintainer of SElinux to advocate for the removal of his baby from his O/S. :-( I am willing to listen to reason. manoj -- Cole's Law: Thinly sliced cabbage. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: One kernel installed, four grub menu entries?
On Mon, 24 Sep 2007 20:19:32 -0500, Nate Bargmann [EMAIL PROTECTED] said: * Andrew Sackville-West [EMAIL PROTECTED] [2007 Sep 24 20:13 -0500]: looks like update-grub is picking up initrd.img and vmlinux symlinks that must exist in /boot. You could maybe delete these symlinks, as I think theyre supposed to be in / anyway. That would get you down to 2 stanzas for each kernel. If that don't beat all! That was the trick it needed. I got those symlinks out of /boot and put them in / and my menu.lst is clean once more. If you are using grub (an update grub), you do not need those symlinks at all. --8---cut here-/etc/kernel-img.conf--start--8--- # Kernel image management overrides # See kernel-img.conf(5) for details do_symlinks = no do_bootloader = no do_bootfloppy = no do_initrd = yes link_in_boot = no postinst_hook = update-grub postrm_hook = update-grub --8---cut here---end---8--- manoj -- Things worth having are worth cheating for. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Sun, 23 Sep 2007 11:14:57 -0400, Douglas A Tutty [EMAIL PROTECTED] said: On small systems, what about the penalty of just larger binaries? I have some older boxes with 16-64 MB ram. Firstly: Very few packages have been actively patched to link with selinux. Second, the selinux libraries are shared libs -- so the actual binary is not significantly increased in size (well, dpkg is the exception, since it is linked statically with selinux). My Pentium II box with 64MB of ram seems to run in SELinux strict mode just fine -- it is my firewall. manoj -- Lord, what fools these mortals be! William Shakespeare, A Midsummer-Night's Dream Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SELinux Suggestion
On Sun, 23 Sep 2007 11:34:21 +0100, Brad Rogers [EMAIL PROTECTED] said: On Sun, 23 Sep 2007 01:35:25 -0400 Joey Hess [EMAIL PROTECTED] wrote: Hello Joey, -rw-r--r-- 1 root root 82K Jul 10 14:11 /lib/libselinux.so.1 If you're worried by this amount of space use, you probably have much larger problems than SE Linux. There's more to it than that; Here, part of the boot process fails (harmlessly) because of a lack of SELinux. Can you elaborate? If possible, this should be either fixed, or the warning eliminated as nominal operation. Admittedly, it's only a small performance hit. It's also the only thing I've noticed, but what else is going on that I'm not yet aware of? (rhetorical question) If you are not turning on SELinux in the grub menu nothing at all should be going on. manoj -- The climate of Bombay is such that its inhabitants have to live elsewhere. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SELinux Suggestion
On Sun, 23 Sep 2007 16:06:11 +0900, Takehiko Abe [EMAIL PROTECTED] said: Manoj Srivastava wrote: That is not the case. All core libraries and packages have already been patched and are functional in Etch. You did not even notice it, because they are optional. libselinux and libsepol are required and are not optional. And, while present, there is no change in behaviour unless special action is taken to activate SELinux functionality. The libraries are small; considering the sizes of libraries that large segments of users do not use that are part of the base, I do not think this is unreasonable space and memory utilization. --8---cut here---start-8--- __ ll -h /lib/libse* 100K -rw-r--r-- 1 root root 91K 2007-07-06 21:00 /lib/libselinux.so.1 172K -rw-r--r-- 1 root root 161K 2007-07-06 21:07 /lib/libsemanage.so.1 248K -rw-r--r-- 1 root root 240K 2007-07-06 21:01 /lib/libsepol.so.1 --8---cut here---end---8--- I bet that selinux is of no use for majority of us. I wish the patches to be left as seperate patches. Those who need selinux wouldn't object. A special destribution would be even better -- Debian Enterprise. I think better security is useful for every one of us; but that is not the question here. Debian is about giving the widest range of options to our users; and while that means sometimes the distribution carries changes that are only useful to a subset of the users, the choices are still there for those that want them. We try or best to minimize the impact on people who do not want to use optional functionality, and in this case, we have tried to make the SELinux as non-intrusive as possible for people who are not using it. I am planning on a special distribution when SELinux support gets far enough along -- A Debian SELinux custom distribution; where SELinux support shall be installable fully configured and in enforcing mode. manoj -- If you don't drink it, someone else will. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Tool for document management
On Sun, 23 Sep 2007 12:51:54 -0500, Ron Johnson [EMAIL PROTECTED] said: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/23/07 12:30, Steve Lamb wrote: Ron Johnson wrote: Asking questions and making comments are *not* arguing. Ron, we've been over this. Every time I ask a simple question on the list someone, not always you granted, but someone takes me to task about exactly what it is I want or why I am doing something this way and not that way or why not just do it this completely different way which in no way resembles what I've asked. I don't ask for help on this list often. But every time, every single time, I have to play this game with someone and I am tired of it. Asking questions and making comments about something which addresses my requirements is not arguing. Asking questions and making comments about something which does not at all address my requirements is, well, if not arguing then maybe just annoying. Computer people are used to looking for alternative, simpler solutions. Make things as simple as they can be, but no simpler. In this case, I can see several use cases for a writing project to be similar to that of a coding project; and I suspect the versioning and synch solutions are likely to be similar. Does git work on windows? manoj -- All possibility of understanding is rooted in the ability to say no. Susan Sontag Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Tool for document management
On Sun, 23 Sep 2007 10:46:59 -0500, Ron Johnson [EMAIL PROTECTED] said: At first glance I am leaning for throwing Subversion on my main box so I can sync the other two machines off of it. Not sure if there is something better suited to the task or that svn would be particularly ill suited. How big (in bytes) is this writing project? Unless it's got lots of images, it shouldn't be that big. (Uncompressed, the text of the KJV Bible is only (decimal) 4.4MB, and compressed it's (decimal) 1.3MB.) So why couldn't you tar up your directory into proj_timestamp.tar and rcp it to a couple of other computers? (Since you use odt, no need to compress the tarball.) Err. This would be suboptimal for a coding project, and perhaps also for a writing project. Diffs between versions, keeping track of change history, keeping different ending/plots variations going would also make use of branches. Tagging a particular milestone, etc, all fit better with what Steve suggested than just throwing tar/zip files around. Now, I do not have concrete suggestions beyond subversion, since one of the requirements was windows support, and I have no idea which source code management systems works well with windows. manoj -- All husbands are alike, but they have different faces so you can tell them apart. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SELinux Suggestion
On Mon, 24 Sep 2007 06:45:18 +1000, Alex Samad [EMAIL PROTECTED] said: Why not make a different section on the normal stable / testing / unstable streams. so non-free contrib and selinux place all the selinux patch stuff under there ? Firstly, contrib and non-free are not part of Debian; and they are there because of non-free licensing issues. SELinuxis free. Secondly, adding a section is a lot of work, and has a lot of administrative overhead. People doing the work would have to be convinced that this is worth doing. I, for one, remain unconvinced and unwilling to spend my spare time doing that. Debian does not create a separate section for Gnome. or KDE. Or X versus unbloated text mode. Server vs user. Of Emacs vs vim. Or Perl vs python. I could go on about gazillions of variations, where each one of these pairings is only useful to a subset of the user base. Frankly, unless there is some concrete indication that the current SELinux integration is creating problems or perceptible (benchmarked) performance hits, I am not sure there is any basis for asking all this extra work to be done. manoj -- Do what thou wilt shall be the whole of the Law. Aleister Crowley Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Sun, 23 Sep 2007 17:13:59 -0700, consultores agropecuarios [EMAIL PROTECTED] said: The real problem with SELinux is that it come from a really well known untrusted organization around the globe; This is one place I differ. I know and like Stephen Smalley, and I do not look at all the products of the NSA as being, umm, untrustworthy. And it is not as if it is closed source; gazillions of security conscious eyes have looked at the offering. and if the Debian Team accep it blindly, Debian is going to become as Windows; remember that, who Heh. Well, I've been doing SELinux work for a while, and I am not doing things blindly. For the most part, Debian developers are familiar with and often a part of the developer community of the packages they maintain, so not much of this trust blindly goes on as a rule. creates, know it the best; and a group of pepople could see into our own machine when they want it. Particularly, i do not want that! It is exactly, giving the realized work, for decades, to the enemy! Do you have any concrete flaws you can point to, or is this just plain old FUD? I'll be happy to investigate concrete bugs, trojans, flaws, back door, or what have you, but this vague, uncertain fear and doubt gives nothing concrete to work on and fix. manoj -- Finagle's First Law: If an experiment works, something has gone wrong. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SELinux Suggestion
On Sat, 22 Sep 2007 00:00:09 -0500, Mumia W [EMAIL PROTECTED] said: On 09/21/2007 10:15 PM, Andrew J. Barr wrote: On 9/21/07, Kelly Clowers [EMAIL PROTECTED] wrote: On 9/21/07, Mumia W.. [EMAIL PROTECTED] wrote: Why is selinux in Debian at all? Have any users asked for it? I don't know, but if it wasn't in Debian, I would ask for it. I don't get why people seem to think SELinux is a bad thing. I think it got a bad reputation with Fedora Core 2. Which is unfortunate, because it really is a good technology. It probably is good technology. But I think it should be good technology--elsewhere. Including SElinux in Debian is not like including tuxracer. Too much of the core security parts of Debian have to be changed to accommodate SElinux. If I want SElinux, I should get Redhat or Fedora. But I use Debian, and I'd like to be SElinux-free here. Manoj said that SElinux is not yet fully integrated into Debian, and I think that's good because it gives us time to re-evaluate if we need SElinux, and I hope we can re-evaluate it out of Debian. I did not quite mean that. What I meant is that SELinux is fairly well integrated in Debian; but the reference policy is tno quite polished enough to be foisted on the general user base by default -- an conscious effort is still required to turn on SELinux. As the policy improves, the effort required to use ELinux would be reduced. There is also the issue of modularity of SELinux policy, and ownership of policy modules that correspond to Debian packages -- currently, and for the foreseeable future, policy modules are shipped in one giant package, instead of separately -- and they are either inactive, or all installed into the kernel. I think this is partially SELinux is so hard to deal with in Fedora -- they have a modual security policy, with poor coverage, masquerading as a monolithic policy, and that is a poor fit for a modular OS. Mind you, what Fedora achieved is admirable -- but I think we can do better. So, in the middle term, the giant policy package will be broken up into a few packages (I am not yet ready to go the one module, one package route). We also need to get away from load _all_ modules into the kernel, all the time mechanism fedora uses. But before we get there, we have to enhance the packaging system to ensure that the security policy (initial file contexts, at least) are loaded in the kernel before the corresponding package is installed. Too bad there is no pre-install trigger in the new dpkg code; I suppose someone will have to add it in. Perhaps me. In any case, Debian is always about choices. And that also means SELinux. manoj -- You'll be called to a post requiring ability in handling groups of people. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SELinux Suggestion
On Fri, 21 Sep 2007 21:32:22 -0500, Mumia W [EMAIL PROTECTED] said: On 09/21/2007 09:20 PM, Patrick Wiseman wrote: I, for one, would specifically ask that it NOT be a standard feature, so please, if it's to be offered at all, make it optional. I would hate one day to find, after doing my routine updating of my testing system, to find that functionality had been sacrificed to security (which has been my experience with SELinux on RedHat systems at work). Debian is not Red Hat. Having said that, of course Debian is about choice. If you do not want SELinux on your system, you do not have to have it. Read the other messages in the thread. If Debian supports SElinux, important, core system libraries must be built with SElinux support. This is already done. There is no option to make SELinux optional. Discussion centers around how visible it will be. That is not the case. All core libraries and packages have already been patched and are functional in Etch. You did not even notice it, because they are optional. manoj -- Did you know that if you took all the economists in the world and lined them up end to end, they'd still point in the wrong direction? Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Penalty of SELinux?
On Sat, 22 Sep 2007 11:29:09 -0400, Douglas A Tutty [EMAIL PROTECTED] said: I run a bunch of old machines. Now that SELinux is integrated (compiled in) to various pieces of Debian, is there a penalty even if its not activated? Not that one can discern. An active SELinux running in enforcing mode can have upto 7-8% performance hit, but some patches are going into 2.6.24 that might improve the performance. Of course, take all bench marks with a grain of salt, including this one; it all depends on your particular load pattern; and system resources, etc, etc. manoj -- You were s'posed to laugh! Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Up-to-date Gnome versions?
On Fri, 21 Sep 2007 13:43:28 -0500, Ron Johnson [EMAIL PROTECTED] said: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/21/07 10:46, Andrew Sackville-West wrote: On Fri, Sep 21, 2007 at 07:39:20AM -0500, Ron Johnson wrote: On 09/21/07 00:43, Miles Bader wrote: Ron Johnson [EMAIL PROTECTED] writes: The archives are replete with very valid reasons why people don't trust aptitude. Not really. A lot of vague rumors flying about though. Vague rumors to you, first-hand experience to me. I know you, and many others, have had trouble with aptitude, but I feel its important to point out that aptitude does what one tells it too. Now, one may be unintentionally telling it to do something one doesn't want, but that is another issue. # aptitude upgrade doesn't mean remove GNOME, perl and everything they depend on. And that has not happened to me. Seems like if that is hte best solution aptitude came up with for you, the package state on that machine was strange; and that would mean surely things will rise up and bite you at some later point. If ever aptitude (and not, thankfully, apt, in Sid) try and delete hug swaths of stuff, it would well behoove you to find out why -- usually, it is a Sid issue, and goes away after new processing, or the next upload, or something. Thankfully, we have choice in the matter and can use the package-manager of choice. :) This is true. Now that libapt has gotten the same algorithms aptitude uses, perhaps apt-get, aptitude, and synaptic behaviour will be closer to each others than it has been in the past. manoj -- Long computations which yield zero are probably all for naught. Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SELinux Suggestion
On Fri, 21 Sep 2007 04:51:16 -0400, Kevin Mark [EMAIL PROTECTED] said: On Fri, Sep 21, 2007 at 12:19:40AM -0500, Mike McCarty wrote: Joey Hess wrote: SE Linux is already included in Debian, and is even installed, though not enabled, by default. You can remove the selinux-policy-* packages to remove it. That is naive, is it not? The apps themselves have to be SELinux- aware. So, one can remove the policy packages, but not SELinux. It looks like I am too late, and Debian is already infected. Oh, well. The extent to which SELinux 'infests' Debian is a minor one. For proper SELinux support you only have to alter a handful of basic packages and the kernel, so that's like .001% of its packages. cheers, K I think most of that work is done. I am trying to make it so that people can ask the debian-installer to install a functional SELinux box running in enforcing mode from the get-go -- and hopefully, also be able to specify that it uses strict policy rather than targeted. manoj -- There are no eternal facts as there are no absolute truths. Friedrich Nietzsche Manoj Srivastava [EMAIL PROTECTED] http://www.golden-gryphon.com/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]