Re: Usage: "debian ... amd64-netinst.iso"
On 8/31/24 05:48, John Conover wrote: What does a "debian ... amd64-netinst.iso" do with an .iso? You have enough data in the iso file to start a Debian installation, most of the PKGs will be fetched from the internet. Can it be coverted to a USB. How? cp . -- John Doe
Re: Direct Messaging
On 8/31/24 17:01, Ryan Nowakowski wrote: On Sat, Aug 31, 2024 at 03:18:10PM +0100, Darac Marjal wrote: On 31/08/2024 14:26, Tom Browder wrote: Anyone know of a way to send text messages to willing recipients from one’s own website and server without hiring DM provider? (disclosure: I'm the author of the django-sms Twilio backend) I guess, this is not what you asked! To the OP, Twilio with the lang of your choosing! ;^) -- John Doe
Re: Chain Loading Preseed Files
On 8/20/24 21:04, Charles Curley wrote: I have a preseed file set up to do a lot of the installation process for me. However, I still have to customize it for each machine, e.g. host name. I then do the disk partition layout manually during the installation. What I would like to do is have a file with the standard parts of the setup, and then separate files for each machine. I can do the include, but it doesn't seem to work correctly. The Debian GNU/Linux Installation Guide says "It is possible to include other preconfiguration files from a preconfiguration file. Any settings in those files will override pre-existing settings from files loaded earlier. This makes it possible to put, for example, general networking settings for your location in one file and more specific settings for certain configurations in other files." B.5.3 If a.cfg calls b.cfg, it appears that b.cfg's settings override a.cfg's regardless of the order. If both files set the host name, I get b.cfg's host name regardless of whether a.cfg sets the host name before or after calling b.cfg. The below assumes that this is not a regression or a bug for the debian-boot mailing list. When I was playing with this, the only way I could get it to work was by specifying options that are common in `preseed.cfg` and add more specific options in included CFG files. For the sake of clarity `preseed.cfg` could have the name of `common.cfg` and `node01.cfg`, `node02.cfg` would have specific configs for node01 and node02 respectively. This makes it impossible to specify options twice with different values. To me the documentation is somewhat misleading and does not match what you already found out. -- John Doe
Re: Internet facing Firewalls mDNS UPnP SMB
On 8/6/24 01:47, George at Clug wrote: On Monday, 05-08-2024 at 22:25 john doe wrote: On 8/5/24 12:50, George at Clug wrote: On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: On 2024-08-04, George at Clug wrote: YOu realy need to be intimate with nftables, you might want to consider a frontend to nftables. It is hard to give up on iptables, but you are correct, in both your points. Thank you. When I understand that I'm asking to much questions that are unrelated to the purpose of a mailing list, I take that as an opportunity to regroup and see what I can do about it. Mailing lists eticket suggests to keep the traffic to a minimum and to send privately things that are not of the interest of everyone. This also allows to have an archive that is as relevent as possible and on topick as possible! Firewalld, UFW and Foomuuri are all options you might want to play with. -- John Doe
Re: Internet facing Firewalls mDNS UPnP SMB
On 8/5/24 12:50, George at Clug wrote: On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: On 2024-08-04, George at Clug wrote: I think I finally have success (had to fix way too many typos). Please review, and please comment if it can be improved. Don't fix typo and instead rewrite your rules with nftables https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables It's so much easier and cleaner with nftables :) Thanks for the link, Michel, it had an interesting translation commands which I put to good use. There will be some new learning if I am going to be able to do as it suggests, "implement new nftables mechanisms such as sets, maps, verdict maps, concatenations and more". Down below is the output of the translation commands for my Iptables commands. Interesting but again, I will need to learn what this means, it does not look self explanatory. But hopefully, like everything computer related, it is usually not that complex, just you need to understand the new syntax and how to use it. YOu realy need to be intimate with nftables, you might want to consider a frontend to nftables. -- John Doe
Re: Internet facing Firewalls mDNS UPnP SMB
On 8/4/24 06:48, jeremy ardley wrote: On 4/08/2024 12:26 pm, George at Clug wrote: If I go to the local coffee shop and connect my laptop to their WiFi, which incoming and now outgoing ports should I have blocked to ensure that no nefarious people are able to communicate with my laptop The rules for public networks are very simple. - Allow all outgoing traffic On a laptop, inbound connections should be restricted unless you want services to be accessible on your laptop by way of FWing and and securing the services. Outbound connections is up to you. -- John Doe
Re: nsswitch what should come first
On 8/3/24 22:58, Lee wrote: On Sat, Aug 3, 2024 at 2:55 AM Jeffrey Walton wrote: On Fri, Aug 2, 2024 at 5:13 PM Lee wrote: On Thu, Aug 1, 2024 at 10:40 PM Jeffrey Walton wrote: I personally remove mDNS and Bonjour from my machines. mDNS is not the source of truth on my networks. Rather, DNS is the source of truth in my networks ... Do you have any network printers? That work without having mDNS enabled? Yes. I enable SLP, LPD and IPP only. I use CUPS Postscript drivers. And I believe I use PCL-5, and not PCL-6. I disable AirPrint, Bonjour, WS-Discovery, WS-Print, Telnet printing, TFTP printing and 9100-Printing. Oh my goodness!! I install Debian and printing Just Works. I know it's got something to do with mDNS because printing didn't work for me with mDNS disabled, but... that's a lot of enabling and disabling that you do. What does all that get you? More controle over what's going on on the network! ;^) This allows to have a restrict FW for example. That is also why UPNP is also disabled on my network. -- John Doe
Re: Testing CD preseed oops
On 7/28/24 21:55, Charles Curley wrote: I have the latest testing netinst (20240722-03:17), and would like to install it on a virtual machine. I have a preseed file on a USB stick. As this is a virtual machine, the virtual hard drive is at vda, and the USB stick shows up at sda. When I go to load the debconf file, the installer doesn't find it. I then go to a console and manually mount the USB stick on /media. I can then ls the stick, more the preseed file, etc. When I then go back to the installer, it still cannot find the preseed file, and the USB stick has been unmounted. This has worked in the past. I boot from the help screen with the command line: expert auto file=/media/preseed.cfg I notice that the error message indicates that the installer failed to process "file:///media/preseed.cfg" (note the three slashes). I guess, this would be more for the debian-boot mailing list, as apparently this is a regression. In my case, I use the Qemu's built-in tftp server. -- John Doe
Re: Cannot execute any container using podman run
On 7/2/24 16:38, Jörg Kastning wrote: Dear Debian users, I have installed Podman via `sudo apt install podman` on Debian 12 (Bookworm) and setup subuids and subgids for my user to use rootless podman. However my host seems to have some issue as I'm not able to run (instantiate) any container using the `podman run` command. Please see the following code block for information regarding my installation and the error I get when trying to run some container: ~~~ :~$ podman version Client: Podman Engine Version: 4.3.1 API Version: 4.3.1 Go Version: go1.19.8 Built: Thu Jan 1 01:00:00 1970 OS/Arch: linux/amd64 :~$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/hello-world latest d2c94e258dcb 14 months ago 28.5 kB :~$ podman run --rm hello-world conmon: option parsing failed: Unknown option --full-attach Error: write child: broken pipe ~~~ I don't know how to troubleshoot this issue and did not find any useful search result on the web. Your guidance and help in troubleshooting is much appreciated. In case you need more information to be able to help, please let me know what you need to know. Best regards, Joerg I would first try to purge the podman package with the autoremove option and reinstall the package. When installed, use sudo to gain root access. -- John Doe
Re: overthewire.org: safe to use?
On 6/16/24 19:27, Tom Browder wrote: Anyone here have any cautionary advice about using the ssh to war games on their site? I'm not able to find what information, they are collecting, if you need to retreave files from their servers... My grandson just spent last week at a Cyber Security Camp offered by the U of West Florida, and they used it for many of their activities. On Debian it’s the “bandit” package that provides ssh access without any user prep except the installed package—and I’m not used to that at all. Not sure that [1] is the PKG you are refering to! According to [2], nothing needs to be installed. [1] https://packages.debian.org/buster/bandit. [2] https://overthewire.org/wargames/bandit/bandit0.html -- John Doe
Re: Committing git working tree with other git repos
On 3/13/24 16:04, Paul M Foster wrote: Folks: I have a /home/paulf/stow directory with contains subdirectories for each of the packages whose dotfiles I want to manage, like: /home/paulf/stow/alacritty In each subdirectory, I have all the config files for that packages, under git management. This means that the directory will look like this: /home/paulf/stow/alacritty/.git /home/paulf/stow/alacritty/.config/alacritty/alacritty.yml This works well with stow (configs are now symlinks in $HOME). I'd like to copy all of this to a git repo on gitlab. You would think you could go to the ~/stow directory, "git init", then "git add" each directory, and all is good. However, git looks inside the directories and sees there are already .git directories there, and refuses to add the directories and their contents to its repo. Instead, it wants you to use "submodules", to wit: git submodule add ./alacritty This adds an *empty* alacritty subdirectory to the git repo, which isn't useful. I need a way to bring all these subdirectories and their contents under a git repo so I can send it to gitlab. Any suggestions? Sometime, learning something new is better than trying to get your own way! ;^) I can only suggest you to dig into Git submodules. -- John Doe
Re: SOLVED FOR GENE
On 1/7/24 13:00, jeremy ardley wrote: On 7/1/24 19:37, Felix Miata wrote: Please stop this unreadable pointless thread. -- John Doe
Re: netatalk not on bookworm
On 12/26/23 21:13, Charles Curley wrote: On Fri, 22 Dec 2023 16:25:11 -0700 Charles Curley wrote: I was able to build from source per the instructions at https://netatalk.sourceforge.io/3.1/htmldocs/intro.html et seq., starting with "git clone https://github.com/Netatalk/netatalk.git";. Well, that didn't work. I got two good backups, then the Mac stopped communicating with the server. Now what? Can't you increase the verbosity to debug (see [1] "./configure --help" and [2] "debug options")? If you rebuild from source, does it work again for a few backups (the README file has the project mailing list)? HTH. [1] https://gist.github.com/SuperShinyEyes/de17c8092df2ed525930e339235d624e [2] https://netatalk.sourceforge.io/2.0/htmldocs/afpd.conf.5.html -- John Doe
Re: Mason service on personal computer
On 12/20/23 00:57, Daniel Rodriguez wrote: Hello, I want to understand the purpose of a service that I found on my personal PC. it's mason.service, I am troubleshooting, some services and it shows the following output with systemctl status mason.service: ● mason.service - LSB: Starts the mason firewall script Loaded: loaded (/etc/init.d/mason; generated) Active: failed (Result: exit-code) since Tue 2023-12-19 17:51:40 -05; 18min ago Docs: man:systemd-sysv-generator(8) Process: 1250 ExecStart=/etc/init.d/mason start (code=exited, status=1/FAILURE) CPU: 4ms Dec 19 17:51:40 DantiteisMagno systemd[1]: Starting LSB: Starts the mason firewall script... Dec 19 17:51:40 DantiteisMagno mason[1250]: /etc/init.d/mason: 111: /var/lib/mason/samlib: cannot create /dev/stderr: No such device or address Dec 19 17:51:40 DantiteisMagno systemd[1]: mason.service: Control process exited, code=exited, status=1/FAILURE Dec 19 17:51:40 DantiteisMagno systemd[1]: mason.service: Failed with result 'exit-code'. Dec 19 17:51:40 DantiteisMagno systemd[1]: Failed to start LSB: Starts the mason firewall script. I would like to confirm if this is a service that is working for no reason on my personal PC; otherwise, does it have a different purpose? As shown in the above output the service has failed to start. We do not have enough informations to say if it is working or being used. Given that this is FW related, it might not hurt to ensure that incoming traffic is blocked by using a front-end to nftables (built-in FW capability). -- John Doe
Re: Problem with /var/cache/apt/archives/
On 12/16/23 14:45, Stephen P. Molnar wrote: I am running Bookworm on my Debian computer. When I installed the OS I selected the option for separate /var etc, and selected the default sizes of the partitions. When I ran sudo apt update this morning I received the error message: E: You don't have enough free space in /var/cache/apt/archives/ Can I increase the size of the /var partition on the ssd without having to reinstall the system? LVM is one way to avoid this! ;^) -- John Doe
Re: Alpine/Gmail/Imap expert needed. (fwd)
On 11/28/23 22:51, Karen Lewellen wrote: Lets keep the possibility of being able to send constructive e-mails through mailing lists so we can avoid having to move to a forum based set up. -- John Doe
Re: dedicated IP
On 11/27/23 22:59, Maureen L Thomas wrote: I would like some advice. I have been offered a dedicated IP through NORD. Is it worth it or is it not needed? Pros and cons would be very helpful. Thank you. Moe Worth it is up to you, needed it's impossible to realy say (see below). A static IP (no idea of what dedicated means in this context), would be useful if you knew what you were doing. See this thread for what static refers to and the use case for getting one. A VPN will encrypt the traffic between two parties, that does not give you some security but will help preventing PPLs eavesdropping. If you pay a VPN provider, you need to trust that provider for it to be worth paying. In other words, the VPN provider can still look at what you are doing as they are providing the service. -- John Doe
Re: Seeking an sftp location to test a problem?
On 10/26/23 15:47, Karen Lewellen wrote: Because shellworld is theonly such door I know of, I need a completely objective sftp location for testing, username and password. Googling around would lead you to something like [1]. [1] https://www.sftp.net/public-online-sftp-servers -- John Doe
Re: Git for backup storage
On 10/6/23 13:26, Nicolas George wrote: john doe (12023-10-06): I do not understand why you would want multiple repos, to me this looks like this would fit the bill for a Git branching workflow. Please elaborate. How do you work around the fact that Git is terrible at removing data with a single repository? Please elaborate on why Git is so bad at removing data from a single repository? We clearly do not understand eachother! -- John Doe
Re: Git for backup storage
On 10/6/23 11:14, Nicolas George wrote: Hi. There is a project I have that requires some scripting, but I am wondering if somebody already did something similar and there is a package that I can just apt-get install. The idea is to use Git to store backups of text files that change rather rarely or not a lot, because Git is very efficient at compressing very similar files in time sequences. That would be used for dumps of SQL databases for example, or for records of hashes of all the files on a system. Unfortunately, Git is very bad at removing old data, that makes a problem for rotating / decimating the oldest backups. To work around this, I am considering using several Git repositories with a spillover system: - The files are committed into a monthly repository, each repository being created on the fly for the first commit on the month. - Old monthly repositories can be deleted. - But before they are deleted, one commit each five days can be extracted and committed into a yearly repository. - And similarly, one commit per month can be committed into a decennial repository before old yearly repositories are removed. Of course the month / year / five days parameters can be tweaked. So, does anybody know of existing packages in Debian that could make my work easier? Thanks in advance. I do not understand why you would want multiple repos, to me this looks like this would fit the bill for a Git branching workflow. -- John Doe
Re: Help ! libvirt
On 9/21/23 09:32, Bhasker C V wrote: I am getting an error with libivrt when I create a VM ``` $ sudo virsh create ./win11.xml error: Failed to create domain from ./win11.xml error: internal error: mishandled storage format 'none' ``` This is after I have done a dist-upgrade (was working fine before) debian trixie. error message says qemuBlockStorageSourceGetBlockdevFormatProps:1227 : internal error: mishandled storage format 'none' You might want to post this as well to the Libvirt mailing list. -- John Doe
Re: How to remove GNOME from a headless virtual Sid
On 9/11/23 09:28, Thomas Schmitt wrote: Hi, how to get rid of voluminous desktop stuff without colateral damage ? Does somebody here have experience to share about de-GNOME-ing a virtual Sid system ? Reason why i ask: A dist-upgrade of my virtual Sid lasted nearly 2 hours and used up 4.5 GiB of its virtual disk. (About half of this was in /var/cache/apt/archives and could be deleted afterwards.) I begin to fear that the future growth of Debian will make dist-upgrades impossible on the 32 GiB virtual disk. Package names matching "gir*" and "*gnome*" support my feeble memories that the system began its life as Debian 8 installation with GNOME desktop. It is only used for preparing and testing Debian packages of upstream software. I log in via SSH, work the way down my cheat sheet, and commit the new preparations to g...@salsa.debian.org. No desktop jobs at all. Reinstall it from scratch without a DE! ;^) You could use 'tasksel' and/or 'apt-get --autoremove purge '. HTH. -- John Doe
Re: Virtualization under Bookworm
On 8/26/23 18:29, Carl Fink wrote: What's the current recommendation for someone who just wants to create a one-off VM to run Debian under Debian? As this is not my job or even main hobby, ideally it should have setup at least as easy as VirtualBox was back in the day. I use Virsh and virt-manager when desired. Your mileage may very! -- John Doe
Re: git setup
On 8/25/23 13:44, Tixy wrote: On Fri, 2023-08-25 at 10:47 +0200, to...@tuxteam.de wrote: Yes, I think a bare remote is the way to go in this context You can make a repo bare by editing it's config file (.git/config) to have 'bare = true' instead of 'bare = false' under the '[core]' > Generaly, the '.git' extension symbolises a bare repository! -- John Doe
Re: git setup
On 8/25/23 09:04, Russell L. Harris wrote: On Fri, Aug 25, 2023 at 07:24:59AM +0100, Tixy wrote: On Thu, 2023-08-24 at 22:24 +, Russell L. Harris wrote: I'm also a bit confused about doing it this way. The usual workflow with git is to 'push' to the remote repository, which is in fact what you originally asked how to do. This particular exercise is aimed at automation; the impetus was a change of hosts and a move to Debian 12. I have been opening two terminals, one on the local host and the other (via SSH) on the remote host. Whenever I think it is time to capture the state of the document I am composing, I commit to the local repository, then I pull the update into the remote repository. To me, pull seemed natural, because the remote repository was cloned from the local. But if there is a reason to push, then I shall change. Taking advantage of Git comes to mind!!! ;^) I would strongly suggest you to reconsider your approach and to spend more time getting a correct set up instead of going with what you know!!! :) If lack of time is a constrain for you, please say so and we will not spend time trying to make you go in an other direction. -- John Doe
Re: git setup
On 8/22/23 05:00, Russell L. Harris wrote: After much searching and reading, I have not discovered how to set up a pair of git repositories to work together. This makes no sense, that is what Git is for! :) In the past, I have found git to be a very good solution. But now I am moving to a new computer, and I an having difficulty replicating the previous setup. Rethinking your set up, might not be a bad idea! My needs are simple. I need two git repositories. Basically, Git uses non-bare/mirror repository (you work in this one) and an upstream repo which will be 'bare'. The first is my work space, into which periodically I commit the article on which I am working. I'm OK so far! The second repository is my backup; it resides on another machine. Several times a day, I SSH into the backup machine and pull the working repository. To me you only update upstream by pushes and never by pulling! So my suggestion in your case would be: - One repo to work in and to push to upstream - One upstream bare repo If you want a working repo on the same box as the bare repo is located, use the file protocol to pull using a cron job for automation! HTH. -- John Doe
Re: uhacking my device
On 8/18/23 03:23, Tony Zancho wrote: someone installed i=your open source on my devices with out my approval how do i get rid of them or off my devices!! The bigger issue is to understand how that someone installed something on your device. If you know that,you will be able to remove it. -- John Doe
Re: Bookworm - cron?
On 8/5/23 21:53, Steve Sobol wrote: Crazy question: My VPS provider just started offering bookworm images. So when I set up a new server yesterday, I installed bookworm. Part of my standard procedure for setting up new VMs involves editing root's crontab. But cron isn't installed. What am I expected to use instead? (I assume that I *could* install cron, but there must be a reason it's not installed by default anymore, right?) I just install a new Bookworm VM and 'cron' is present! :) -- John Doe
Re: OT: Re: Recommendations for a UPS?
On 7/31/23 20:47, Tom Browder wrote: On Mon, Jul 31, 2023 at 13:28 john doe wrote: On 7/31/23 19:23, Tom Browder wrote: ... Any recommenndations from fellow Debian folks? I have two APC and I'm pretty happy with those. Would you mind saying the model numbers? Do they have replaceable batteries? Back-UPS XS 950U, no! -- John Doe
OT: Re: Recommendations for a UPS?
On 7/31/23 19:23, Tom Browder wrote: I used to use UPS units from APC back when you could replace the battery. I haven't had an UPS (but always on a surge protecter) for awhile, but electricity (now FPL) is not as reliable in my new location and I need one. All the reviews I've seen on Amazon for smaller capacity UPSs for APC and Tripp Lite are not that great (I usually concentrate on the one- and two-star reviews). Any recommenndations from fellow Debian folks? I have two APC and I'm pretty happy with those. What type of recommendation are you looking for/ what are your requirements? I'll also assume that you are posting in here as you want something that is Debian compatible! ;^) -- John Doe
Re: I reinstalled debian bullsee and still have the same messages and this one too
On 7/16/23 03:59, Maureen L Thomas wrote: Sender: pipewire time: 6:02:34 PM message: Failed to receive portal pid: org.freedesktop.DBus.Error.Name.Has.NO.Owner! Could not get PID of name "org.freedesktop.portal.Desktop:" no such name Audit: 3 Priority: 3 So I went online and it seems everyone has a different opinion as to what it is with one actually saying that it is inconsequential. So which is it? I am using debian 11 with gnome. Any reasons why you would reinstall Debian 11 instead of Debian stable (12)? What you are seeing might no longer be an issue on Bookworm. -- John Doe
Re: firewalld on Debian 12
) ...
Progress: [ 84%]
[##.] Progress: [
86%] [###] Setting
up gir1.2-nm-1.0:amd64 (1.42.4-1) ...
Progress: [ 87%]
[###] Progress: [
88%] [...] Setting
up ipset (7.17-1) ...
Progress: [ 90%]
[#..] Progress: [
91%] [##.] Setting
up python3-jsonschema (4.10.3-1) ...
Progress: [ 92%]
[##.] Progress: [
94%] [###] Setting
up python3-nftables (1.0.6-2+deb12u1) ...
Progress: [ 95%]
[...] Progress: [
96%] [...] Setting
up firewalld (1.3.0-1) ...
Progress: [ 97%]
[#..]
update-alternatives: using
/usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice
to provide /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy
(org.fedoraproject.FirewallD1.policy) in auto mode
Created symlink
/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service ?
/lib/systemd/system/firewalld.service.
Created symlink
/etc/systemd/system/multi-user.target.wants/firewalld.service ?
/lib/systemd/system/firewalld.service.
Progress: [ 99%]
[##.] Processing
triggers for man-db (2.11.2-2) ...
Processing triggers for dbus (1.14.8-1~deb12u1) ...
Processing triggers for libc-bin (2.36-9) ...
root@hostname:~#
root@hostname:~#systemctl status firewalld
? firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; preset:>
Active: inactive (dead) since Sat 2023-07-08 02:06:48 EDT; 16s ago
Duration: 2.316s
Docs: man:firewalld(1)
Process: 77366 ExecStart=/usr/sbin/firewalld --nofork --nopid (code=exit>
Main PID: 77366 (code=exited, status=0/SUCCESS)
Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR: '/usr/sbin/e>
line 3: CHAIN_DEL f>
line 3: CHAIN_DEL f>
line 3: CHAIN_DEL f>
Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR: 'python-nfta>
JSON blob:
{"nftables": [{"met>
Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR: COMMAND_FAIL>
line 3: CHAIN_DEL f>
line 3: CHAIN_DEL f>
line 3: CHAIN_DEL f>
Can you manually force delete a chain?
I would also post to Firewalld mailing list as to me it looks like it is
a Firewalld issue and not a Debian one!
--
John Doe
Re: How do I remotely access the computer in the next room?
On 7/3/23 00:49, hobie of RMN wrote: Hi, All - I need the best way currently available to operate my brother's computer in the next room through my computer. I think we're both running Debian 11, the stable version for me, the testing version for him. I've tried ssh -X. It does work but only for a short time, then the connection crumbles - his computer has often locked up on him and we have no idea why, so the 'short time' aspect of the -X approach may relate to that. The point is, he's been away from home for awhile now and we're not sure when he'll return. Chiefly I'm looking for the most convenient way to keep an eye on his incoming e-mail for him. Mostly I use Mutt; he uses claws-mail exclusively, so I'll need to remotely launch claws-mail and have it retrieve latest e-mails. Thanks in advance for any help on this. While all ideas in this thread are great suggestions, I would go the easy way out and simply look up the e-mails on the working set up! Looks like you have a unstable remote connection, troubleshooting that kind of issues takes time! :) -- John Doe
Re: cannot install odcb mariadb in bookworm
On 6/30/23 00:11, John Covici wrote: Hi. I am trying to install odcb-mariadb in bookworm. It was fine in bullseye, but in bookworm I get the following error: Unpacking odbc-mariadb (3.1.15-3) over (3.1.15-3) ... Setting up odbc-mariadb (3.1.15-3) ... odbcinst: SQLInstallDriverEx failed with Unable to find component name. dpkg: error processing package odbc-mariadb (--configure): How to fix? The best way to having it being fixed is to file a bug report! -- John Doe
Re: Bookworm: Network Manager and firewalld
On 6/17/23 23:12, Charles Curley wrote: I have been looking for a replacement for shorewall, and determined to try firewalld. > I also have been looking for a replacement for Shorewall, I came across a new firewall named Foomuuri [1]. Is there any reason why you favored Firewalled? [1] https://sourceforge.net/p/shorewall/mailman/message/37839495/ -- John Doe
Re: A hypervisor for a headless server?
On 6/2/23 04:39, Victor Sudakov wrote: Dear Colleagues, We're voulenteers. There is a hypervisor called bhyve for FreeBSD. It's completely headless, no graphics, runs as a daemon and provides serial and VNC consoles. Can you please advise a similar headless and minimal hypervisor for Debian or Ubuntu? Libvirt with or without apt recommend. Please don't just say "kvm". I've tried installing different combinations of "qemu-kvm", "virt-manager" etc and they all depend on Something went rong, if you want headless and you were using virt-manager. dozens of GUI tools. Why saying so if you know the answer. A list of packages for the "apt install" command to install a really minimal hypervisor would be very much appreciated. You need to figure that out on your own, the Debian wiki comes to mind though. I'm not really afraid of writing a couple of text or YAML configuration files to describe VMs if it helps me avoid the GUI configuration. Look at Puppet or Ansible to provision your infrastructure. What you want is definitely possible in Debian (headless host and guest). -- John Doe
Re: Problem with apt maybe related to installation/configuration of apt-cacher-ng
On 5/31/23 11:36, Dennis Heddicke wrote: Yes, after purging apt-cacher-ng the problem was gone. And after i reinstalled apt-cacher-ng and configured it that way: For the sake of simplicity and troubleshooting, please modify sources.list directly. What does acng.conf look like? Note that this list uses bottom-posting! :) -- John Doe
Re: Problem with apt maybe related to installation/configuration of apt-cacher-ng
On 5/30/23 19:39, Dennis Heddicke wrote: Hello, i have a problem with "apt update", everytime i execute the command, i get the following error messages: Get:1 http://security.debian.org/debian-security bookworm-security InRelease [48,0 kB] Get:2 http://deb.debian.org/debian bookworm InRelease [193 kB] Err:1 http://security.debian.org/debian-security bookworm-security InRelease The following signatures were invalid: BADSIG 112695A0E562B32A Debian Security Archive Automatic Signing Key (10/buster) Err:2 http://deb.debian.org/debian bookworm InRelease The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) Fetched 241 kB in 0s (507 kB/s) Reading package lists... Done W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security bookworm-security InRelease: The following signatures were invalid: BADSIG 112695A0E562B32A Debian Security Archive Automatic Signing Key (10/buster) W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D 138 Debian Archive Automatic Signing Key (10/buster) W: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) W: Failed to fetch http://security.debian.org/debian-security/dists/bookworm-security/InRelease The following signatures were invalid: BADSIG 112695A0E562B32A Debian Security Archive Automatic Signing Key (10/buster) W: Some index files failed to download. They have been ignored, or old ones used instead. I use Debian 12. The only changes i did before the problem occurred, were the installation of apt-cacher-ng and i ran "mach bootstrap" in a chroot. If you remove apt-cacher-ng, does it work at all? -- John Doe
Re: CUPS on Bullseye and Bookworm
On 5/17/23 21:56, Charles Curley wrote: On Wed, 17 May 2023 19:21:23 +0200 john doe wrote: A few things, that I spotted while reading this thread and Im' not sure if you got everything working! Thank you. No, I don't have everything working. - MDNS is using .local - .localdomain should be moved to .home.arpa (see RFC)! :) .home.arpa ? I had never heard of it until you mentioned it. You are suggesting that I change every reference to localdomain to .home.arpa? Implementing that change is going to be a major pain in the arse. My idea was that .local and .localdomain could be an issue for the autodetection of the printer. That was simply a suggestion if you were not getting anywhere. Granted, I should have phrased that in a better way (sorry about that). I also want to point out that you have a domain name, I would use that instead of .home.arpa! Brian has done abetter job in trying to help you out than what I could have done! -- John Doe
Re: CUPS on Bullseye and Bookworm
On 5/15/23 16:46, Charles Curley wrote: On Mon, 15 May 2023 07:31:29 -0600 Charles Curley wrote: I solved that one. I had closed TCP port 9100. Opening that up on the server got me running. However, that did not solve the problem for the other two protocols. Correction. That didn't solve it. I realized that port 9100 on hawk is irrelevant because the socket queue goes directly to the printer, not via hawk. I closed the port on hawk and I can still print to the printer via that queue. A few things, that I spotted while reading this thread and Im' not sure if you got everything working! - MDNS is using .local - .localdomain should be moved to .home.arpa (see RFC)! :) - 9100 (TCP) is LPD AKA LPR -- John Doe
Re: CUPS on Bullseye and Bookworm
On 5/14/23 19:29, Charles Curley wrote: I have an HP HP_LaserJet_MFP_M234sdw_C0FB67_USB_, one of those modern "no driver" multifunction printers. It works fine on Bullseye. I have the printer hooked up via USB to a server, hawk, and it prints just fine. I have a client, ideapc, which sees the printer and prints to it just fine. I also have an ancient i386 IBM R51 running Bookworm, dragon. On dragon, using system-config-printer, I can see the printer automagically discovered. I can open up the queue window for the printer, and request a test page. Alas, I see the test page in the queue briefly. The queue window says "processing - not connected?", then "Printer error". Then the print job disappears, leaving no error message. (This is a change in behavior from Bullseye. I do not like it.) The printer does come awake and report an error when I ask for the test page. I don't see anything in the printer's logs. Logging on both machines shows no errors. I am running firewalld on dragon, and did enable logging for unicast. firewalld-cmd reports the following, among other things: services: ipp ipp-client mdns samba-client smtp ssh The below, is what I would try: - On the non-working client, Are you restricting outbound traffic at all or for testing purposes can you disable the FW? - How are the working clients connected to the printer (protocol wise)? - Is the non-working client using that same protocol? - If you do not use MDNS and point manually to the server, does it work any better? -- John Doe
Re: GIT problem
On 5/10/23 05:47, William Torrez Corea wrote: Command: git push master origin I want upload my change to branch MAIN but when i want upload my change i get the following error: remote: Support for password authentication was removed on August 13, 2021. remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication. fatal: Authentication failed for ' https://github.com/Villelmo/Beginning_Perl.git/' *My changes are uploaded to branch MASTER. * To me, the error that you are showing us does not match what you are trying to say. Maybe an other list is more appropriate and/or try the GH utility. -- John Doe
Re: repeat of previous question that has gone unanswered several times.
On 5/1/23 01:05, gene heskett wrote: Greetings all; I have a mixed home network, some buster, some bullseye, all up to date a/o yesterday. I have 2 printers shared on this bullseye main box, available as 5 or 6 printers, each configured in cups to do a specific job. Good printers, both running on brother's own linux drivers for that printer. All my buster machines can use both of these printers just as if they were plugged into that machine, but a machine shop full of sawdust and metal shavings is not a good printer environment, even if there was room for them, which there isn't. All of my bullseye machines are locked out, printer screen at localhost:631 is empty, and no printers can be found and added. But open a shell, and type "lpstat -t" and it gets the full list of available printers on that same bullseye machine whose cups output is empty. Why? Please refrain from polluting the list when you do not get an answer. -- John Doe
Re: OT: Using my (new) cable based ISP with their modem in bridge mode and my existing router
e., I'm seeking comments on the problems of connecting to Astound rather than those of reconnecting to my DSL ISP). You should be able to back up the config of your Ubikiti when it's working in ADSL mode. Basically, it should be: - ISP modem in bridge mode connected to the wan of your Ubikiti and it should work unless Astound is ... HTH. -- John Doe
Re: Starting stunnel with systemd.
On 4/23/23 18:41, pe...@easthope.ca wrote: Hi, After starting interactively, stunnel works. To automate, this service file was created. $ cat /etc/systemd/system/stunnel.service [Unit] Description=StunnelStarter Documentation=man:stunnel(8) After=network.target auditd.service [Service] ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf foreground=yes I'm not sure about the forground option if you want a daemon in the background! :) -- John Doe
Re: my immature thoughts on perl
On 4/4/23 04:35, cor...@free.fr wrote: Hello list, Would it be possible to refrain from using the list for OT stuff. Your Perl threads are generating traffic that are not useful. -- John Doe
Salvage live failing server
Debians, I'm seeing some alarming MSGs (E.G: ' blk_update_request: I/O error, dev sda, sector N') in my server's log. As it's read-only, I can not install smartmontools to investigate further. This server is to be used until a new server is ready, is there anything that I can do to keep it running? Any other ideas is welcome! -- John Doe
Re: Debian Installer: Specifying the preseed file device?
On 3/12/23 23:08, Charles Curley wrote: I can specify the path to the preseed file when booting Debian Installer (d-i). Is there any way to tell it that the preseed file is on device X, say /dev/sdb1? This is not an answer to your question and this is more appropreate for debian-boot. I'll always use the network if I can! :) -- John Doe
Re: List admin email address?
On 3/11/23 06:14, Jeffrey Walton wrote: Hi Everyone, I receive bounces when using the debian-users list (see below). I'd like to get the bad email address removed from the list. I want to contact the list admin, but I cannot find a contact at [1] or [2]. How do we contact the list admin? Look for 'Mailing list administrators and archives maintainers' at [1]. [1] https://www.debian.org/contact -- John Doe
OT: Re: Git Branching
On 3/5/23 04:59, William Torrez Corea wrote: I am working with remotes, when i want push to the remote with this command What CMD? appear the following error: *git push main master* This error looks to indicate that you are pushing to main and master branches. fatal: 'main' does not appear to be a git repository fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. I have the following branching: main * master Why are you mixing the old branching naming scheme and the new one? I don't want to create a new branching, I want to push my advance to the main but it is impossible. This creates a new branching. I'll assume here that by branching you mean branch. Basically, you need to have your 'remote' to point to upstream and then you can select the branch you want to push to: $ git push Flagging this as OT. -- John Doe
Re: ssh pub.key
On 2/21/23 02:05, latin...@vcn.bc.ca wrote: Hello Normaly i use the same ssh.pub.key for different servers; but when i use it with a Debian totally encripted 4th option of the installer; i am not able to login! Is tgere something different in that case? - How so? - Do you see anything in the log? - What error(s) do you get? -- John Doe
Re: CUPS printer on Debian 11.6
On 2/5/23 21:52, Russell L. Harris wrote: Fresh installation of Debian 11.6 on Dell Vostro 200 (Intel Core 2). The Vostro 200 is being added to a home LAN with Debian 11.6 running on a nondescript desktop (amd64) and a HP Laserjet P3015 Postscript (Ethernet). The amd64 machine works perfectly with the P3015. The printer configuration on both machines appears identical: DRIVER: HP LaserJet Series PCL 6 CUPS (grayscale) Connection: socket://192.168.1.211:9100 (1) The printer installs on Vostro 200 but does not print. (2) Should I install the P3015 as generic Postscript printer? (3) I cannot make sense of the new CUPS "driverless" scheme. Does it make my Postscript printers obsolete? You might have better luck on the Cups mailing list! ;^) -- John Doe
Re: Server Static IP and At&T's BGW210
On 1/19/23 22:15, Tom Browder wrote: I am trying to use my new public static IP for my Debian PC which is ready for it security-wise (thanks to advice from this ML; note I will initially allow access only via ssh from the IP address of one of my remote hosts). -Tom If I may, use bridge mode or a modem but do not use a router from your ISP. To me, the simple fact that you are asking this question is enough to not trust what you have from your ISP! -- John Doe
Re: Libvirt dnsmasq oddity
On 1/16/23 05:02, Charles Curley wrote: On Sun, 15 Jan 2023 18:18:00 -0600 Nicholas Geovanis wrote: I would first want to find out why the samba server is doing that "sometimes" but not others. My first guess would be that you have a hostname identified somewhere that resolves to 2 different addresses, depending. And one or both may be defaulted addresses. Indeed. And you are correct, but not, I think, in the way you mean. On the network's DNS server, hawk (the samba server and host for the vms in question) resolves to an address on the internal network for the benefit of other computers on the network. But, thanks to /etc/hosts, on hawk it resolves to an address on the loopback interface. The problem appears to be that libvert's dnsmasq instance picks up the contents of /etc/hosts in order to serve them to the VMs, all well and good, except that it serves up the address of hawk as well. root@hawk:~# cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 hawk.localdomainhawk # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters root@hawk:~# I don't think I added those entries. I just checked a few other machines, including a vm I recently built, and they all show similar entries. Perhaps I should comment out one or both entries for hawk. Or use [1]. [1] https://libvirt.org/formatnetwork.html#network-namespaces -- John Doe
Re: Libvirt dnsmasq oddity
On 1/10/23 19:10, Charles Curley wrote: I seem to have hit an oddity in how dnsmasq operates for libvirt. I have two host machines each with several guests. One of those is also the local samba server. Guests on the non-samba server can resolve the samba server's host name correctly, so far without fail. Guests on the samba server sometimes get the correct IP address for the samba server, and other times get an IP address for the samba server of 127.0.1.1. That is the IP address provided in the host's /etc/hosts. I have a workaround of hard coding the IP address in the fstab entry, but that's tacky. Is there a better way to handle this? To me, it looks like it is more a libvirt mailing list question than a Debian -user mailing list question! ;^) -- John Doe
Re: erreur dernière ligne avant extinction
On 1/5/23 06:46, Olivier backup my spare wrote: Bonjour Sur mon ordinateur personnel j'ai constaté un "ERROR" en rouge, mais c'est la dernière ligne avant l'extinction. D'après vos connaissances dans quel fichier son logués les informations lors de l'extinction? Je fais amende honorable, je ne lis plus les fichiers logs depuis que je ne compile plus le kernel et ça, ça date des années 2005... This is an English mailing list! :) Have a look in /var/log. -- John Doe
Re: Limiting ssh access: by MAC Address?
On 1/3/23 23:06, Tom Browder wrote: Is it possible to use UFW to limit ssh access to a server by an external host by its MAC address? I now have a permanent IPv4 address for my home IP router and would like to access my home server from my laptop when away from home, but allow no other external access. Is that possible? This is in addition to the other answers. If you have a server which is publicly available, you can only "restrict" by IP, rate limiting, port nocking and having your server properly secured and isolated. -- John Doe
Re: Monitor traffic on a port.
On 12/10/22 14:31, Greg Wooledge wrote: On Fri, Dec 09, 2022 at 11:25:36PM -0600, pe...@easthope.ca wrote: How is traffic on a specific port monitored now? The only tool I've ever used for that is tcpdump. If you need UDP then I don't know what to recommend. Traffic monitoring is not my forte. You can use that same utility to dump UDP packets! :) -- John Doe
Re: gpg says no user ID
On 11/16/22 09:13, Thomas Schmitt wrote: Hi, Thomas George wrote: I am going to erase every thing I have done and start over. There's no need for starting over. The SHA512SUM file is meanwhile authenticated by your run of: gpg2 --verify SHA512SUMS.sign SHA512SUMS [...] gpg: Good signature from "Debian CD signing key " [unknown] [...] ...gpg: WARNING: This key is not certified with a trusted signature! ..There is no indication that the signature belongs to the owner ...Primary key fingerprint: DF9B9C49EAA9298432589D76DA87E80D6294BE9B The warning is normal with the Debian keys and can be ignored. Important is the key fingerprint, which is published on https://www.debian.org/CD/verify as Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B I would leave it to copy+paste and the computer to compare the strings. Remove the blanks from the published number: echo "DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B" | sed -e 's/ //g' which will respond by DF9B9C49EAA9298432589D76DA87E80D6294BE9B Copy+paste the result and the string reported by gpg --verify to a comparison command: test DF9B9C49EAA9298432589D76DA87E80D6294BE9B = DF9B9C49EAA9298432589D76DA87E80D6294BE9B && echo MATCH which responds by MATCH -- So now you only have to verify the SHA512 checksum of the ISO by sha512sum -c SHA515SUMS If you want a more straightforward output: $ sha512 sum -c SHA512SUMS --strict --ignore-missing -- John Doe
Re: Exécuter un fichier exe en ligne de commande
On 10/26/22 14:54, awache...@gmail.com wrote: Il semble que mes mails ne sont plus reçus sur la ML. Les recevez vous ? En tout cas je ne les reçois plusieurs semaines ? Merci A. Valmer This is a maling list in English, can you move this to the corresponding list instead. -- John Doe
Re: is Ansible easy to use?
On 10/20/22 15:39, Philipp Ewald wrote: Hi folks, is ansible a easy way to configure customized hosts? Ansible is not easy to master but worth the time if you have lots of nodes! If you need to copy a file to multiple servers and have a custom config per node the 'template' module is your friend. First try, its super complicated for me. Trying to create multiple files with content. It takes more time to create the playbook then creating this file by hand (this damn syntax To validate that syntax I use 'ansible-lint ' 'ansible-playbook --syntax-check '. acomplicates everything more) Then formatting is destroyed or need more time on creating the playbook... See the indent capability of the template module. It is so hard or im so bad? When you start at something, everything is hard (the Ansible mailing list is friendly)! The main reason to use Ansible, Puppet, Terraform is when your current solution becomes unmanagable! Granted, the above three tools are not realy doing the same thing! -- John Doe
Re: signing up to fourms
On 10/19/22 06:30, Bruce H. wrote: Why do you have to make it so hard to sign up to the user forums? If you do not like it, feel free to make the signing process easier. The more contributers the better it will be! -- John Doe
Re: Monthly FAQ for the Debian-user mailing list
On 10/1/2022 4:19 PM, Andrew M.A. Cater wrote: On Sat, Oct 01, 2022 at 06:10:48AM -0400, The Wanderer wrote: On 2022-10-01 at 05:46, Andrew M.A. Cater wrote: Debian-user is a mailing list provided for support for Debian users, and to facilitate discussion on relevant topics. Some guidelines which may help explain how the list works: Allow me, if you will, to share my experience on receiving each month's copy of the mailing-list FAQ: "Oh, there's this month's repost of the FAQ." That's probably a reasonable assumption. It's manually posted by me: it's the same text, fairly well, each month (modulo any copying error), it's not currently in version control. Now, I might be prepared to change that if I were to make any significnt changes. I assume that you are a Debian maintainer, to me that is unclear in the e-mail who you are with regard to Debian and what legitimacy you have to post this in here! I have no other comment on the thread itself. -- John Doe
Re: PXE booting EFI client
On 9/7/2022 1:46 PM, Sven Hoexter wrote: On Tue, Sep 06, 2022 at 07:21:59PM +0200, john doe wrote: Debians, I'm trying to pxe boot a client with UEFI BIOS to no avail. Everything works with legacy BIOS but if I use those two lines in my dnsmasq.conf: "dhcp-boot=bootnetx64.efi pxe-service=X86-64_EFI, "Boot UEFI PXE-64", bootnetx64.efi" Maybe you've a host which sents as architecture "7" instead of "9" via DHCP and this pxe-service is not matched at all. You can figure that out if you look with wireshark at the DHCP traffic. According to my notes the protocol option field is 93 you've to look at. I ran into such an issue a few years back with HPE DL360G10 vs DL120G9. Config setting to try out would be: pxe-service=BC_EFI, "Boot UEFI PXE-64", bootnetx64.efi" Thanks to the help of "Sven Hoexter ' I got it working by doing: /etc/dnsmasq.conf: pxe-service=BC_EFI, "Boot UEFI PXE-64", /debian-installer/amd64/bootnetx64.efi I emulate the 'dhcp-boot' option in a option file: option:bootfile-name,/debian-installer/amd64/bootnetx64.efi I also had to put the below file in the tftp root directory: grubx64.efi Sven's blog [1] has more info on all of this. [1] https://sven.stormbind.net/blog/posts/deb_stretch_hpe_dl360/ -- John Doe
OT: Re: systemd automount unit: run only when server is reachable
On 9/12/2022 7:05 PM, Joe wrote: On Mon, 12 Sep 2022 09:31:07 +0200 Jürgen Bausa wrote: >> I am sure this is not the best place to ask it (I know, its off-topic), But posting to other lists I didnt get an answer. So if you know a better place to ask it please point me there. I would say the Systemd mailing list but this list is awsome and I'm also guilty of being OT from time to time! -- John Doe
Re: Installing Wi-Fi card driver
On 9/11/2022 1:16 PM, Timothy M Butterworth wrote: On Sun, Sep 11, 2022 at 5:11 AM Mansour zermello wrote: Hi Timothy, i appreciate too much your response, but i already installed the debian OS, but install the driver of the wifi card that still blur for me to be honest, i really need to be guided step by step I'm sure I'll finish by doing it, my wifi car is the : intel 8265NGW Do you have any working network cards? If you do, you can try this. sudo nano /etc/apt/sources.list deb http://deb.debian.org/debian bullseye main contrib non-free deb http://deb.debian.org/debian bullseye-updates main contrib non-free Or in your '/etc/apt/sources.list', you can add on eatch line and after 'main' 'non-free contrib'. Save Changes "Control+O" , exit Control+X sudo apt update sudo apt install firmware-linux-nonfree You might want to restart/reboot after having installed the firmwares. Note that you might need to add extra firmware, you will need to look at the log to see what FW you require. -- John Doe
Best way to use noise-canceling
Debians, I can see online that noise-canceling can be enabled in pulse audio, pipewire. Is there a recommended way in Debian to do so? -- John Doe
PXE booting EFI client
Debians, I'm trying to pxe boot a client with UEFI BIOS to no avail. Everything works with legacy BIOS but if I use those two lines in my dnsmasq.conf: "dhcp-boot=bootnetx64.efi pxe-service=X86-64_EFI, "Boot UEFI PXE-64", bootnetx64.efi" the client gets an IP but no file are sent. I'm at a lost on what to do to PXE boot a EFI client. Does PXE booting of EFI clients require other ports than 69 UDP and 4011 UDP? Any pointers is appreciated. -- John Doe
Re: Want to contibute to debian
On 9/3/2022 9:44 AM, 5HROUD wrote: Hi there, I am a student who develops software application for Linux. Because all my project are opensource I wish I could work as a debian developer. Since I love using debian and also wanted to contribute to it. Sent with [Proton Mail](https://proton.me/) secure email. > The best way is to read the doc. -- John Doe
Re: Network bridge and MAC address exposure
On 9/4/2022 8:39 AM, Rand Pritelrohm wrote: Consider this simple schematic: | VM | -> | HOST | -> | GW | -> ISP Lets say the physical interface name on the 'host' is eth0 and the LAN subnet is 192.168.0.0. I want to configure the network on the 'host' in order for the VM to access the Internet. Thus I consider 2 scenarios to setup the 'host' network. 1. Bridge using routed subnet: ip link add dev br0 type bridge ip addr add 192.168.222.1/24 dev br0 ip link set dev br0 up ip tuntap add tap0 mode tap ip link set dev tap0 up ip link set dev tap0 master br0 #Then I have to enable routing echo '1' > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE You are answering your own question, if you masquerade the MAC addr from the VM will not be seen upstream. 2. Bridge on the same subnet as the LAN: ip link add dev br0 type bridge ip link set dev br0 up ip link set dev eth0 master br0 ip link set dev eth0 up ip addr add 192.168.0.200/24 dev br0 ip route add default via 192.168.0.1 ip tuntap add tap0 mode tap ip link set dev tap0 up ip link set dev tap0 master br0 The MAC addr of the VM will be seen upstream. For both scenarios the VM is then setup with it's own MAC address and it's IP on the configured subnet of the bridge. Here is my question: For both scenarios, what is the effectively seen MAC address by the GW when the VM access the Internet (host or VM MAC address)? The best way to answer your question is to get dirty!!! :) -- John Doe
Re: Seeing progross during fsck on boot
On 9/3/2022 4:18 PM, Charles Curley wrote: On Sat, 3 Sep 2022 22:57:19 +1000 David wrote: Nice write-up, especially the last part. One nit-pick I imagine that could be overcome by copying the above service file to /etc/lib/systemd/system/systemd-fsck-root.service and editing the above ExecStart line to use /sbin/fsck instead. I believe on Debian that should be /etc/systemd/system/systemd-fsck-root.service There is a systemd command for editing systemd files which will if necessary do that copy transparently for you. I forget right now what that is. I guess the CMD [1] in question is: $ systemctl edit [ <--full> ] [1] https://www.freedesktop.org/software/systemd/man/systemctl.html# -- John Doe
Re: Windows on VMware on Deb 11: safely usable?
On 9/1/2022 4:28 PM, Tom Browder wrote: On Mon, Aug 22, 2022 at 1:26 PM john doe wrote: ... So I will try Debian 11's packages "qemu-kvm" and "aqemu" and install Windows 10" as a test on my current main host, but only if I can remove all if I need to and if it will not interfere with my smooth running setup. Is ... If you go with Libvirt, you can remove everything if you so choose by doing something like: $ apt-get --autoremove purge libvirt So I should install package libvrt and that's all I need? Will it bring in all the other packages mentioned above? No sorry there is no libvirt pkg in Debian, I used the wiki [1] to get me going. If you want to purge, you should substitute the libvirt pkg above by 'qemu-system libvirt-daemon-system'. If you also add virt-manager or virt-inst, you will need to also add those on the command line. [1] https://wiki.debian.org/KVM#Installation -- John Doe
Re: Windows on VMware on Deb 11: safely usable?
On 8/22/2022 2:41 PM, Tom Browder wrote: On Wed, Aug 17, 2022 at 21:39 step...@gmail.com wrote: On 8/17/22 19:35, Stefan Monnier wrote: Tom Browder [2022-08-17 05:53:05] wrote: I would love to run Windows on a VM on Debian iff I can have it be reliable enough to use with reasonable response (no games, just Office 360, IO Drive, H&R Block, and such). I haven't kept up with the VM world but a quick search shows VMware might be a good choice. Last I had to run a Windows VM I used kvm (aka Qemu) and that worked very nicely. It's easy to install (it's in the Debian repositories), very featureful, and used for "real systems" (tho in my case I always used it very punctually to run some specific tool only available in Windows). Yep; same. Ran multiple windows vms in kvm (libvirt/qemu). Stable and solid. So I will try Debian 11's packages "qemu-kvm" and "aqemu" and install Windows 10" as a test on my current main host, but only if I can remove all if I need to and if it will not interfere with my smooth running setup. Is that true? > Impossible to answer as we do not know what 'will not interfere with my smooth running setup' implies. If you go with Libvirt, you can remove everything if you so choose by doing something like: $ apt-get --autoremove purge libvirt When you get the hang of it I'm pretty sure that you won't go back! :) -- John Doe
Re: OT: Re: determining hotkeys for a program, without a manual?
On 8/21/2022 8:46 PM, Karen Lewellen wrote: program is small enough to be sent as an attachment. and will do this, if given permission. You can do it through the list if it works. I have no idea how to use a DOS PRG, so that is all I can help you with. my needs are two. The hotkey to launch the program itself, and the hotkey for changing the port number. I infer that by the name of the PRG 'openport' you need to verify if your scanner is properly connected by serial cable. I can only suggest you to look at 'screen' or alike; I'm confident that what you want is doable in an other way. -- John Doe
Re: Mail Transfer Agent
On 8/21/2022 8:30 PM, Karen Lewellen wrote: Can you stop hijacking this thread and stop promoting your own interest. -- John Doe
OT: Re: determining hotkeys for a program, without a manual?
On 8/21/2022 8:32 PM, Karen Lewellen wrote: That is correct. when I type openport /? it simply presents the openport already installed message. Can you put this PRG somewhere so it can be downloaded? I guess, your best bet would be to tell us what feature do you need! :) -- John Doe
Re: determining hotkeys for a program, without a manual?
On 8/21/2022 8:06 PM, John Covici wrote: How about -h or --help, do either of those give you anything? This is for a DOS utility if I'm correct, so would try '/?' instead of the help opts. -- John Doe
Re: Comments on upgrade steps from one version of Debian to another
On 8/20/2022 9:48 PM, John Boxall wrote: I created an upgrade script based on something I found a few years ago that indicated the steps to follow to upgrade from one version of Debian to another (e.g. Buster 10 to Bullseye 11). As I am going to need to run this script at some point (I am still running Buster/10 on my systems), I thought I'd ask the Debian user brain trust to comment/critique the scripted steps. So here they are: ### Start (I don't even have this part started yetdidn't know I needed it the last time I ran it) # The lines for the security mirror has changed on Bullseye. ### End Thoughts/critique/criticism/flames/etc The script does not bail out on command failure, you might want to takecare of that if you automate this process by way of a script. That is all I can say on the cmds. If I may, for a fiew servers I would do it manually instead of blindly using a bunch of commands. If you need to automate this process, you should familiorize yourself with something like Ansible or in anycase a more robust solution. For upgrading Buster to Bullseye, I used: $ apt-get update $ apt-get upgrade $ apt-get full-upgrade For better or worse, Debian let you upgrade or reinstall from scratch. -- John Doe
Re: No HDMI Audio
On 7/25/2022 7:25 AM, Marco wrote: Am Sun, 24 Jul 2022 17:40:23 -0400 schrieb Timothy M Butterworth : One thing I do not get is that the device is AMD but it is using Intel's sound driver. Some of the HD-Audio chips use an Intel driver. They are also on AMD socket motherboards. I also have such a motherboard and sound works. But the HD-Audio on the Motherboard is NOT the HDMI output. The HDMI output is on the graphics card. +1, The HDMI might be more useful from a graphic card point of view. On the sound card you might have a digital connection (£EG: SPDIF) or sound connections. -- John Doe
OT, Re: Answering to the question (was: Problem Running Python with Apache2 on Debian)
On 7/22/2022 6:50 PM, Nicolas George wrote: Edwin Zimmerman (12022-07-22): You are right. I stopped reading when I saw the tkinter import. I was considering sending to this list a general advice about answering the question as it is asked, with three checks. You just made me insert a fourth one at the beginning and convinced me to send it. As you can see, nothing personal, is is just a coincidence I decide now. So, people who are about to answer a question on this mailing list, before hitting the key that will send your mail, ask yourself four questions. 1. Have you read the question in full? Language barrier. 2. Does your mail actually answer the question? 3. If not, do you have a strong argument to think your mail will be useful even though it does not answer the question? You should also answer (2) and (3) before polluting this list. 4. If so, have you exposed this argument in your mail? If the answer to any of these question is NO, then either do not send your mail or update it. Because otherwise, you are wasting everybody's time, starting with your own. This e-mail is out of line, unappropriate, please refrain from judging others. -- John Doe
Re: OT, Recommendation for low cost laptop
On 7/11/2022 2:29 PM, Charles Curley wrote: On Mon, 11 Jul 2022 09:32:49 +0200 john doe wrote: I'm comtemplating buying a Pinebook pro but I'm not sure if this is better then buying a Windows laptop and putting linux on it. I'm looking for something cheap (max would be around 300 bucks), do you have any suggestions/ideas? Newegg (and likely other on-line vendors) offers reburbished used computers. I've had good results with the Lenovo T series from there. You didn't mention which flavor of bucks you had in mind. US, Canadian, Australian, etc. I doubt you meant Zimbabwean, though. For the sake of simplicity, answering here to everyone. Actually, I used bucks to avoid using a specific currency,. In retrospect, I should have used Euros instead of bucks! :) The battery life is not a concern. Thanks all for your valuable input, much appreciated. -- John Doe
OT, Recommendation for low cost laptop
Debians, I'm comtemplating buying a Pinebook pro but I'm not sure if this is better then buying a Windows laptop and putting linux on it. I'm looking for something cheap (max would be around 300 bucks), do you have any suggestions/ideas? -- John Doe
Re: new install: configuring ethernet strangeness
On 6/18/2022 10:21 AM, John Covici wrote: Hi. I just installed Debian Bullseye on a refurbished computer which I am going to use as a voip server. Now, due to my ignorance, at the very end of the install, I selected to use #12 which said standard system items. Well, to my horror, I got gnome with all its dependencies. I ran apt-get and purged all the gnome items. However, my outgoing connection instead of being in /etc/network/interfaces is now managed by network-manager. I don't want to use the gui, but there seems to be no good way to configure the connection, should I need to do so. /etc/systemd/network is empty. So, how can I either get back to /etc/network/interfaces or somehow manage the existing connection which is buried in /etc/NetworkManager/system-connections/ and is readable, but I could never change it. Thanks in advance for any suggestions. If I may, redo the install from scratch and use '11' to only install 'standard system items' ! :) To answer your question specifically, you can 'purge' networkmanager with something like: $ apt-get --autoremove purge -- John Doe
Re: OT git question
On 6/7/2022 6:26 AM, 황병희 wrote: Hellow Debian, For days, i have been working with git. And today i have very simple question. Because it is very confused... I need somebody's clearing. What is different both commands: - git pull - git pull -b karma According to (1), that would be the ''-b, -w, --ignore-space-at-eol, and --ignore-cr-at-eol' option and the 'repository'. Without context, it is almost impossible to help you. Where are those commands coming from? 1) https://git-scm.com/docs/git-pull -- John Doe
Re: ssh-agent: I want to start using on all my remote hosts
On 6/4/2022 8:28 PM, Tom Browder wrote: On Sat, Jun 4, 2022 at 10:02 Andy Smith wrote: ... You seem to be very reboot-happy. I recommend understanding the impact of the changes you will make instead of assuming you need to reboot to make them effective. Andy. I know I'm "reboot happy," but it's lazyness (no other users at the moment) and fading memory for little-used details. At the very least, you should document what you do! :) If I recall correctly, you are setting up a server for production use, rebooting might not be an option when this server is put in production. -- John Doe
Re: Apache2 Configuration Problem
On 6/3/2022 6:56 PM, ldmko...@yahoo.com wrote: I wanted to try and use Python in my HTML pages. And apparently I have screwed up my Apache2 configuration in the process. I now get : [Fri Jun 03 12:42:41.002183 2022] [wsgi:crit] [pid 31238] mod_wsgi (pid=31238): The mod_python module can not be used in conjunction with mod_wsgi 4.0+. Remove the mod_python module from the Apache configuration. AH00016: Configuration Failed when I try to restart/start Apache2. I cannot find the "mod_python module" in my .conf files. Any suggestions or pointers will be appreciated. Thanks... I would try: $ a2dismod mod_python -- John Doe
Re: Firewall blocking my new Debian 11 server ports 80 and 443
On 6/1/2022 1:45 PM, Tom Browder wrote: On Mon, May 30, 2022 at 19:46 Edwin Zimmerman wrote: On 5/30/22 09:41, Greg Wooledge wrote: On Mon, May 30, 2022 at 07:13:54AM -0500, Tom Browder wrote: No worries. All those responses about the subject IP now are the norm for a bare-iron server ready for use by a customer, yours truly. It is the same server I messed up the firewall with and locked myself out of. The OS has been reinstalled and is ready for me to use again. On that note, for my next try with the server, I will definitely use UFW with the legacy uptables that was suggested. But a question: it is clear that it must be enabled to go into effect, but when does it actually start operating? Does it do so then, or does it take a reboot? Apparently, if you 'enable' 'ufw', it will start and be enabled at boot. According to (1), ufw should work with nftables, I did not follow the reasoning on why to use iptables but only if you have issues use legacy iptables. 1) https://wiki.archlinux.org/title/Uncomplicated_Firewall -- John Doe
Re: Firewall blocking my new Debian 11 server ports 80 and 443
On 5/30/2022 12:26 AM, Tom Browder wrote: On Sun, May 29, 2022 at 15:55 Greg Wooledge wrote: ... Thanks, Greg. It looks like my server was blocked from ports 80 and 443 upstream from it (as you and others suspected), so I asked my provider to reinstall the OS and ensure it has public access to ports 80 and 443. If I may, looks like this is over your head and I would suggest you to do the following: - Understand what is done on this server (installed pkgs, config ...) - Start by securing remote access (see this thread on to do that for SSH) - Get all of your set up working offline/locally - Document yourself on how to do what you want (when exposing services publically you can not guess/try) In other words, familiorise yourself with what you have. -- John Doe
Re: Firewall blocking my new Debian 11 server ports 80 and 443
On 5/29/2022 7:20 PM, Tom Browder wrote: On Sun, May 29, 2022 at 11:39 IL Ka wrote: btw, are you able to ping server? Yes. It is always better to show the command and the output instead of saying yes/no! :) I must say, I can not realy understand how you can ping and not telnet/access your web server. -- John Doe
Re: (v) ugly (and simple) bash script...
On 5/21/2022 3:55 PM, Greg Wooledge wrote:
On Sat, May 21, 2022 at 10:08:42AM +0100, Morgan Read wrote:
I've come up with:
`cd ~/Maildir/new/; for f in *; do mv -- "$f" ~/Maildir/cur/"${f%}.eml"; cd
-; done`
You aren't checking whether the first cd succeeds. If it fails for any
reason, you're going to end up moving file(s) out of wherever you happen
to be at the time.
You also don't want that "cd -" to be *inside* the loop. If there's more
than one file in ~/Maildir/new/, you're going to move the first one, then
cd back to where you were, then try to move the second file by its
relative name from the directory you changed *back* to. There probably
won't be a file by that name in the original directory, so it'll probably
give an error... but if it doesn't, then you've screwed up big time.
If this is a script, you don't need the "cd -" at all. Just let the
script exit, and it won't matter what directory it ended in.
Finally, ${f%} is just a fancy way of writing $f. You're literally saying
"take the value of $f but remove the empty string from the end of it".
#!/bin/sh
cd ~/Maildir/new/ || exit 1
for f in *; do
mv -- "$f" ../cur/"$f.eml"
done
+1 for readability in a script.
I would also bail out if the mv command fails:
for f in *; do
mv "$f" ../cur/"${f}.eml" || exit $?
done
--
John Doe
Re: preseed d-i disable security update
On 5/11/2022 1:51 PM, Tim Ye wrote: Hi, I'm trying to disable security update in a preseed based install, in the preseed file I put: base-config apt-setup/security-updates boolean false on the 2nd line. But it doesn't seem to work, security update is still performed during installation. Is this option obsoleted? I would ask this question on the 'debian-boot' mailing list. -- John Doe
Re: Alternatives to ISC dhcp-client ?
On 5/8/2022 6:33 PM, Kamil Jońca wrote: Kamil Jońca writes: [...] But systemd-networkd also has a huge number of configuration options that may do what you want anyway https://www.freedesktop.org/software/systemd/man/systemd.network.html Hm. Can you create bridge without ports with systemd-networkd? i.e. Another question. Can I pass option during interface up/down? For example, in my if-up*/if-down* scripts I have code for replacing (or not!) default route when needed.[1] Then I can execute something like: --8<---cut here---start->8--- ifup wlan0 -o replacedefaultroute=on --8<---cut here---end--->8--- how I can achieve this with networkctl (or other systemd tool)? Moreover https://gitlab.com/craftyguy/networkd-dispatcher/-/issues/61 So my migration probes are not very promising :/ I take into account that I have some habits and some thing should be done completely different way[2]. But for now I even don't know if some things can be achieved. You might be better off asking this on the appropriate mailing list! :) -- John Doe
Re: Alternatives to ISC dhcp-client ?
On 5/8/2022 5:24 AM, Rick Thomas wrote: On Sat, May 7, 2022, at 8:14 PM, Jeremy Ardley wrote: On 8/5/22 10:47 am, Rick Thomas wrote: ISC has ended development on the ISC DHCP client as of early 2022. This client implementation is no longer maintained and should not be used in production any longer. Can anybody recommend a good replacement? I presently use systemd-networkd which provides its own DHCP v4 and v6 clients, and servers if you want. In my network my dual homed router acts as a dhcp client to the ISP and gets an IPv4 address and is delegated an IPv6 /56 range. You can just use systemd-networkd as an IPv4 dhcp client. Jeremy Is systemd-networkd automatically installed by Debian? I ask because my "testing" and "stable" systems all show isc-dhcp-client as installed and running. For a regular installation of Debian, yes. -- John Doe
Re: Networking book recommendation
On 5/6/2022 12:36 AM, Tom Browder wrote: On Thu, May 5, 2022 at 16:07 David Christensen wrote: On 5/5/22 12:31, john doe wrote: At the time I set up this, I googled this subject and came to the conclusion that SSH through VPN was a better fit (flexibility, two layers of security, VPN advantages when connecting on public wifi) for me. The only experience with VPN I've had was when I was working from home back in 2010 running Debian on a company laptop and a kludge Cisco VPN program that somehow "just worked." If I go the pfsense/Netgate route (it has a VPN capability) what client do I use on my Debian hosts both internal and external? According to (1), that could be OpenVPN. As I'm not using pfSense, I can only point you to the doc! :) 1) https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-ra.html -- John Doe
Re: Networking book recommendation
On 5/5/2022 4:34 PM, Tom Browder wrote:
On Wed, May 4, 2022 at 11:07 john doe wrote:
On Tue, May 3, 2022 at 15:18 john doe wrote:
On 5/3/2022 9:42 PM, Tom Browder wrote:
- Use VPN to access your servers remotely.
I find it easier to use a VPN (responsible for public remote connection)
to connect to my own network then use SSH (responsible for private
remote connection) to connect to my intranet devices
This also give you two layers of authentication and you have separate
services.
But, given a properly passwordless ssh connection, is there anything
extraordinarily dangerous versus a VPN, or is it the redundancy you favor?
(I am the only superuser, and usually the only user of my network.)
Yes, redundancy avoid having one point of failure in case of compromized
keys for example.
Having outbound connection through the VPN allows me to separate the
services, so if I need to work on the VPN I do not need to touch the SSH
server and vice versa
It also give me better firewalling capability between the VPN subnet and
the rest of my network.
For context, I'm also the only administrator ('root' user ...) on my
network.
See (1) and (2) for more in-depth thoughts.
At the time I set up this, I googled this subject and came to the
conclusion that SSH through VPN was a better fit (flexibility, two
layers of security, VPN advantages when connecting on public wifi) for me.
1)
https://networkengineering.stackexchange.com/questions/23959/why-use-ssh-and-vpn-in-combination
2) https://homenetworkguy.com/tech/ssh-vs-vpn/
--
John Doe
Re: Networking book recommendation
On 5/3/2022 10:35 PM, Tom Browder wrote: On Tue, May 3, 2022 at 15:18 john doe wrote: On 5/3/2022 9:42 PM, Tom Browder wrote: I'm about to sign up for a fixed IPv4 address to my home. I know a bit about setting up simple internal networks, but want to make sure I'm doing it all correctly and securely. Does anyone have a good book they recommend for such use? What do you mean by "correctly and securly", the networking is never secure. Thanks, I didn't know that. Depending on what you need, you might want firewall ... I'm considering HaProxy downsteam from the router. That also brings the question, why do you need a static IPv4 address? I'm moving my webservers inside. I've learned my networking knowlage by reading on line or asking questions when I'm stuck! :) So I can not recommend a book. Here are some comments in addition to this thread: - Do not use the router capability provided by your ISP. This is mainly to avoid letting your ISP remotely control the thing and disable the firewall for example. If you can, use your own router. If your ISP requires to work with their router put the ISP thing in 'bridge'/modem only mode, this will allow to get your public IPv4 address to your own gateway. - Use VPN to access your servers remotely. I find it easier to use a VPN (responsible for public remote connection) to connect to my own network then use SSH (responsible for private remote connection) to connect to my intranet devices This also give you two layers of authentication and you have separate services. -- John Doe
Re: Networking book recommendation
On 5/3/2022 9:42 PM, Tom Browder wrote: I'm about to sign up for a fixed IPv4 address to my home. I know a bit about setting up simple internal networks, but want to make sure I'm doing it all correctly and securely. Does anyone have a good book they recommend for such use? What do you mean by "correctly and securly", the networking is never secure. Depending on what you need, you might want firewall ... That also brings the question, why do you need a static IPv4 address? -- John Doe
Re: multiple systemd-nspawn container name resolution
On 4/27/2022 4:29 PM, basti wrote: Hello, i have setup multiple systemd-nspawn container with virtualEthernet=yes. Inside the container systemd-networkd and systemd-resolved are enabled. So far so good. Is there a way to disable the 169.254... networking for systemd? The problem is as followed: ip r 169.254.0.0/16 dev ve-test3 proto kernel scope link src 169.254.144.44 169.254.0.0/16 dev ve-test2 proto kernel scope link src 169.254.38.46 169.254.0.0/16 dev ve-test proto kernel scope link src 169.254.80.104 So I only can ping test3. The same problem is with name resolution. Not realy an answer, Systemd has also a mailing list! :) -- John Doe
Re: how to register a system service
On 4/21/2022 10:13 AM, Henrik S wrote: Hello Given I have a program, I want to make it start/stop as the normal system service such as postfix. How can I setup this? If I understand you correctly, you will need to create a Systmed's service file. -- John Doe
Re: debug systemd restart networking problem
On 3/26/2022 2:15 PM, Jeremy Ardley wrote:
I have been doing various changes to my network but have now got to the
stage where I have errors running
systemd restart networking
systemctl status networking
● networking.service - Raise network interfaces
Loaded: loaded (/lib/systemd/system/networking.service; enabled;
vendor preset: enabled)
Drop-In: /etc/systemd/system/networking.service.d
└─override.conf
Active: failed (Result: exit-code) since Sat 2022-03-26 20:50:03
AWST; 13min ago
Docs: man:interfaces(5)
Main PID: 1935 (code=exited, status=1/FAILURE)
CPU: 326m
cat /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 dhcp
request_prefix 1
accept_ra 2
auto lan0
iface lan0 inet static
address 10.31.40.1/24
iface lan0 inet static
address 10.31.40.5/24
iface lan0 inet6 static
address ::1/64
iface lan0 inet6 static
address ::5/64
I check the interfaces using ip a I see all the ipv4 interfaces as
configured in /etc/network/interfaces but none of the ipv6 ones. I do
have ipv6 though as lan0 has has an fe80 address
I have tried a lot of things to debug this but no luck. e.g.
systemctl edit networking.service command
[Service]
# remove existing ExecStart rule
ExecStart=
# start ifup with verbose option
ExecStart=/sbin/ifup -av
Does it change anything if you reboot ('systemctl reboot')?
What are you seeing in the logs?
--
John Doe
