58[00:22:34] *** Quits: Lupricon (~Lupricon@replaced-ip) (Remote host closed the connection)
59[00:22:34] <somiaj> brieweb: yea, in that case you many need
to install java 8 locally, use java-package, or the package in
stretch can also be installed in sid (And I think it has been
updated with security patches)
60[00:22:34] <somiaj> brieweb: arg, the stretch package can be
installed in buster.
61[00:22:34] <mason> ws2k3: Interesting. That's not giving
you a ton of counters, but it's up to each manufacturer to
implement them.
68[00:23:44] <mason> ws2k3: For me, I run ZFS on everything, so
I'd keep using that as part of a mirror or similar until it
starts throwing errors. But that's me.
69[00:24:18] <mason> ws2k3: It's old enough that I
wouldn't want to run it as a single drive.
73[00:24:47] <ws2k3> mason: i run zfs on a few boxes aswel but
thats another topic. this machine is pretty old has an uptime of 860
days and has seen over 200 tb
76[00:25:10] <ws2k3> mason: so i was like lets check the smart
status of all disk. just to check there are liek 24 disks in the box
77[00:25:48] <mason> ws2k3: So, something to consider is
actually monitoring the values and firing alerts if you ever see,
for instance, smart health status *not* ok, or uncorrected errors,
or similar.
78[00:26:36] *** Quits: sphenxes (~sphenxes@replaced-ip) (Remote host closed the connection)
79[00:28:31] *** Quits: n4dir (~n4dir@replaced-ip) (Remote host closed the connection)
136[01:13:42] <somiaj> brieweb: in this case that is probably a
decent method, I always just download the .deb's I need
manually, as I don't like suggesting people mix sources.
147[01:31:27] <Scou_moune> Hi all ok so i want add a script that
run with cron, and i don't want use crontab -e, i prefer file.
So i have check for how do that with debian 10
155[01:33:57] <mutante> Scou_moune: i guess the problem is more
the format inside the file than the part that you are writing it
manually
156[01:34:50] *** Quits: voidSurfr (~todd_dsm@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
157[01:35:21] <Scou_moune> ok but i follow the log syslog where
cron talk, and i see nothing, or just "syntax error" when
i have cron.d because i have forget the "user"
159[01:35:57] <Scou_moune> my line is very simple that it:
"3 * * * * root ${PROGPATH}"
160[01:36:11] <Scou_moune> where programe path is the fullpath
of my script
161[01:36:21] <mutante> Scou_moune: this is about the (few)
differences between manually editing it or using crontab -e .. they
are not many
replaced-url
162[01:36:24] <Scou_moune> i have try to add SHELL & PATH
too
163[01:36:30] <Scou_moune> ok i go read thank
164[01:36:39] <mutante> Scou_moune: maybe paste the content of
one of those files
180[01:41:24] <Scou_moune> Like i say that in testing, so that
not properly write, i go read you're doc
181[01:41:30] <brieweb> somiaj, it sounds like there is the
java-package as well?
182[01:41:38] <somiaj> ,i java-package
183[01:41:39] <judd> Package java-package (contrib/misc,
optional) in buster/amd64: Utility for creating Java Debian
packages. Version: 0.62; Size: 22.2k; Installed: 72k
184[01:41:55] <somiaj> brieweb: you can use it to create a .deb
from the upstream package from oracle.
185[01:42:00] <somiaj> well upstream tar.gz
186[01:42:12] <brieweb> I was thinking of the java from adopt
openjdk
187[01:42:19] <mutante> Scou_moune: ok, but what about the
actual cron file that this writes?
188[01:42:54] <somiaj> brieweb: java-package just provides a way
to create a .deb for a local install vs just installing the .bin (or
.tar.gz) -- has the same issues in the end as you have to manually
update it, but at least your package is managed with dpkg.
189[01:43:02] *** Quits: Mehregaan (c6fc99e2@replaced-ip) (Remote host closed the connection)
190[01:43:27] <Scou_moune> mutante: yes that it, i want use the
solution with cron.d, so forget the line with # that for the other
solution
197[01:45:02] *** Quits: gelignite (~gelignite@replaced-ip) (Quit: Stay safe! Stay at home! Stop the chain reaction!)
198[01:45:05] <Scou_moune> "ok, but what about the actual
cron file that this writes?"
199[01:45:06] <mutante> Scou_moune: paste the actual file you
have in cron.d please
200[01:45:08] <somiaj> brieweb: and then submit a bug report to
whatever java software you are using so they update it to be
compadable with newer java.
205[01:47:24] <mutante> Scou_moune: hm, ok, and what is the
error you saw in the log file?
206[01:48:11] <Scou_moune> mutante: i say nothing ahah, but if i
delete the user root i see "error wrong syntax"
207[01:48:18] <Scou_moune> i see*
208[01:48:41] <mutante> Scou_moune: so maybe it .. just works?
seeing nothing often means all is ok in Linux
209[01:48:51] <mutante> what makes you think it doesn't run
your command
210[01:49:01] *** debhelper sets mode: +l 1158
211[01:49:43] <Scou_moune> mutante: no i think not because i
have control and no back have been created, and habitualy that say
in log like "backup22 running"
243[02:05:16] <Scou_moune> mutante: no all work for that
244[02:05:28] <mutante> Scou_moune: so it's unknown what
the fix was?:)
245[02:05:43] <Scou_moune> mutante: for other problem i prefer
find solution by me first hihi
246[02:06:07] <Scou_moune> mutante: yeaaa :D so happy thank lol
(i don't know why)
247[02:06:22] <mutante> Scou_moune: hah, ok, let's just
accept it works :p
248[02:06:47] <Scou_moune> mutante: yea that my mind is too
complicated i think
249[02:10:12] <mutante> Scou_moune: maybe just a little
unfocused and jumping between separate problems, but it's all
good, you got it working
250[02:10:54] *** Quits: yans (~yans@replaced-ip) (Remote host closed the connection)
251[02:11:38] <sc_> first time I had to upgrade to unstable to
fix something :)
252[02:12:17] <Scou_moune> mutante: yea i think that with the
time, i see that run all hours, so that why, me i waiting all 3 min.
But yea now i can finish the function, and i drink pastis and show
cron do the job :D
253[02:12:57] *** Quits: nevoyu (~Nevoyu@replaced-ip) (Remote host closed the connection)
292[03:10:43] <somiaj> vince: Debian has various tools that
matainers and developers use to test packages before uploading them
to sid. Some might do simple security checks, but what sort of
checks are you looking for?
309[03:33:38] <vince> somiaj: thanks for your response. I'm
looking to package a bunch of software from github in debs. I guess
the closest example would be SCA/SAST/DAST. Basically scan the
github clone / resulting package for potentially volatile behaviour.
310[03:36:07] <somiaj> vince: I'm not quite familar with
those types of scans, I do know debian does use testing (the
sid->testing development cycle gives users time to report bugs
that get by the scans). But a main tool debian uses to see if
packages meet policy is
replaced-url
315[03:41:02] <sney> debian isn't really in the business of
auditing potential security bugs in upstream software. there are
trackers for when a CVE appears for example, and maintainers are
expected to make good decisions about what upstream releases are
worthy, but otherwise it's upstream's job.
396[05:17:02] <brachamh> i have a home server (currently running
ubuntu server but will be running debian as soon as i can get it set
up enough to swap out) and i have emby running in a docker
container. streaming locally, just recently it's started to
buffer.
466[06:37:39] <nvz> seems we were talkin about something else,
you just hadn't told me yet :D
467[06:38:27] *** Quits: krzych (krzych@replaced-ip) (Remote host closed the connection)
468[06:38:28] <nvz> brachamh: so you got a fresh debian install?
and on the first boot its not booting all the way to the graphical
display manager login as you expect?
469[06:38:43] <brachamh> yes
470[06:38:55] <nvz> what exactly is it doing? just blank screen
at some point?
471[06:39:48] <brachamh> last step is loading gnome display
manager (IIRC) and then doing a filesystem check, where it appears
to freeze.
475[06:40:38] <brachamh> hang on lemme try it again
476[06:41:53] <nvz> the only reason a system does a fsck is
cause you told it to, or it has a pass option set and when mounting
it realizes the system is unclean.. and it does this way before
starting the DM
485[06:44:30] <brachamh> that's the last line it shows, and
Ctrl+C doesn't seem to do anything
486[06:44:50] *** Quits: Main_ (~secntech@replaced-ip) (Remote host closed the connection)
487[06:45:46] <nvz> there are a few things I know here.. one is
you shouldnt have a fsck happening on a fresh install that went
well.. unless you have a bad disk.. and you're not using debian
488[06:46:17] <brachamh> this is debian 10, used the same flash
drive, same flash, to install it on this laptop
491[06:46:58] <jmcnaught> Was there a hard reset? That could be
why it's running fsck now.
492[06:47:10] <brachamh> hard drive should be good, unless it
was abused recently. it was brand new just a few weeks ago.
doesn't seem to be any damage on the laptop case though
499[06:50:34] <jmcnaught> If you're getting a blank screen
right after installing it could be a missing firmware, or the GPU
could be too new for buster's kernel. If you have another
computer you can still SSH into it perhaps.
500[06:50:36] <brachamh> yes i did. oh hey i had to help the
wife out for a couple minutes and now i have a couple more lines
551[07:12:32] <nvz> thing is when you boot recovery, the system
is all booted properly.. in single user.. systemd has what would you
say.. settled.. all is working
552[07:12:45] <nvz> nothing is screwed up at this point
553[07:12:53] <nvz> make sure you remount it rw
554[07:13:21] <padhu> How to show username in top panel on
debian 10
555[07:13:23] <brachamh> i did the remount
556[07:13:33] <nvz> then tell ol systemd, to start the default
and it will load additional services.. see if it still choaks like
it does booting normally
557[07:14:03] <nvz> padhu: I assume you mean gnome?
604[07:28:17] *** Quits: mibo (~mibo@replaced-ip) (Remote host closed the connection)
605[07:28:35] <brachamh> it's not on the network at the
moment. i can probably hook it up tomorrow and see if the hardwired
one will work. it's what i set up during install.
606[07:29:06] <brachamh> but i'm going to crash...gotta
work in the morning.
607[07:29:28] <nvz> alright..
608[07:29:30] <brachamh> nvz, thanks for your help!
609[07:29:41] <nvz> probably just need to sort out a video card
issue
610[07:30:00] <brachamh> i'm thinking so cuz everything in
this log file is video card related
611[07:30:03] <nvz> the answer is likely somewhere between xorg
log and journalctl -k
612[07:30:18] <nvz> I'd read carefully looking for errors
in journalctl -k
613[07:31:54] <brachamh> i just punched that in so i'll
have it in the command history for tomorrow
614[07:32:08] <brachamh> thanks! i'll probably look for you
again tomorrow when i'm back at it
615[07:32:22] <nvz> o/
616[07:32:22] <brachamh> have a good one!
617[07:32:29] <nvz> I already have a good one
618[07:32:35] <nvz> now I'm lookin for a longer one..
619[07:32:44] <brachamh> now who's being a smart ass?
717[09:49:46] <lesless> Hi folks! I have problems with MPD on
ARMv7 - sound is breaking up. It just disappears for a brief moment
and then comes back when tune is playing. I checked CPU load during
playback, it's below 20%, there are no errors in dmesg and
running MPD with verbose logging didn't show anything as well.
Here are the details
replaced-url
718[09:52:13] *** Quits: padhu (uid448388@replaced-ip) (Quit: Connection closed for inactivity)
742[10:32:43] <ratrace> lesless: could it be a hardware issue?
743[10:33:00] <lesless> ratrace nope, it works fine on a laptop
744[10:33:53] <ratrace> well..... if mpd works fine on a laptop,
but not on an arm (board), with no apparent software errors or logs
.... I'll repeat the question: could it be hardware failure of
the ARM thingy? :)
745[10:34:49] <lesless> ratrace , ah I thought about sound card.
Soundcard is working fine on the laptop but it's not with MPD
on dev board. Although you're right. Changing dev board may
solve it
827[12:17:35] <Scou_moune_> Hi i have a question, i have make a
cron rules, that run my script for back_up, all that work great, but
in my code i use the cmd logname, and that strange because that
can't find the true value about this cmd
828[12:17:47] *** Scou_moune_ is now known as Scou_moune
829[12:18:09] <Scou_moune> I have try to set the PATH, set the
SHELL, use /bin/bash back_up_script but nothing
830[12:18:45] <AndreasLutro> "that can't find the true
value about this cmd" what do you mean by this
835[12:19:41] <Scou_moune> AndreasLutro: that replace
/bin/logname by $LOGNAME, so that show "root" and no
"user"
836[12:19:51] <AndreasLutro> I still have no idea what you mean
837[12:19:58] <Scou_moune> If i use logname in root that show
the user
838[12:20:15] <nvz> !buster su
839[12:20:15] <dpkg> In buster, su no longer overrides PATH by
default, requiring that you use "su -" or "su
-l" for login shells (which is not really a new thing at
all...). To approximate the previous behaviour, put
"ALWAYS_SET_PATH yes" in /etc/login.defs. See
replaced-url
840[12:20:26] <Scou_moune> yea i use su -l
841[12:21:20] <Scou_moune> Ok i have remove the set
ALWAYS_SET_PATH because in past i use su, so i want work like debian
recommand
842[12:21:53] <ratrace> how and where did you set your crontab?
843[12:22:08] <nvz> hmm id -n doesn't seem to work either
844[12:22:12] <Scou_moune> by /etc/cron.d/back_up
845[12:22:48] <ratrace> `whoami` should
846[12:22:56] <Scou_moune> because i don't want use crontab
-e, so i like this method
847[12:23:43] <ratrace> Scou_moune: and what's the exact
crontab line you're using?
859[12:27:51] <Scou_moune> ratrace: by problem is, in the code
back_up22, i use /bin/logname for save file, but that show root, and
no the user logname
860[12:28:08] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
861[12:28:14] <Scou_moune> That very strange because
/bin/hostname -s work
862[12:28:21] <ratrace> Scou_moune: what user? you're
running the crontab as root, there's no other user
875[12:33:24] <ratrace> your crontab is running as root, and it
should be capable of running everything you do as root explicitly on
the command line, assuming correct environment (eg. properly defined
PATH, or use absolute paths)
876[12:34:33] <ratrace> also, btw, is that tab intended to run
every minute really?
877[12:34:48] <Scou_moune> ratrace yea for the test only
878[12:34:59] <Scou_moune> After that run every hour
883[12:37:07] <ratrace> n1ce: check the lzop manpage and see
what's the decompression flag, and then probably something
along the lines of lzop -c -d <file> | dd of=/dev/hda1 (this
is just an example, don't run it literally without
understanding all the parts)
893[12:39:47] <Scou_moune> ratrace: but if i do that, that for
all script use by crontab right ?
894[12:40:00] <Scou_moune> ratrace: thank i do read mantad again
:D
895[12:40:14] <martinus__> why is apt or apt-get doesn't
report obsolete packages , when aptitude is ? I mean it could be
important for the common user to know there are obsoletes package
installed on the system
896[12:40:44] <ratrace> Scou_moune: if you set PATH in the
_crontab_, then yes it is in the environment for all the scripts run
in the tab (unless some of the scripts runs su or sudo and scrubs
the environment)
897[12:41:40] <ratrace> martinus__: you mean like running `apt
autoremove` ?
898[12:41:57] <Scou_moune> ratrace: ok you think that can make a
problem or no realy if i don't add strange rules ?
903[12:43:09] <martinus__> ratrace: not automatically installed
package. I'm rather speaking the fact that you may end with a
system with many obsoletes packages (see aptitude search ?obsolete),
but when using apt you never get such mention
905[12:43:59] <martinus__> so in the end, if one doesn't
now *how* to look for obsolete packages... they are never purged
906[12:44:13] <martinus__> or, they have no chance to be purged
one day
907[12:44:55] <martinus__> like "warning, there are x
obsolete package(s) on this system"
908[12:45:14] <ratrace> I'm not really sure what
"obsolete" packages are here, then. Sorry I don't use
aptitude. Otherwise packages are either installed explicitly or
automatically. how does a package become "obsolete" then?
989[13:21:03] <hipete> what song should i listen to?
990[13:23:06] <ratrace> This one is nice:
replaced-url
991[13:23:25] <nvz> !ot
992[13:23:26] <dpkg> #debian is primarily a support channel for
Debian users. Please keep the discussions in #debian on-topic and
take longer discussions and non-support questions to
#debian-offtopic. Imagine the chaos if each of the hundreds of
people in the channel felt the need to wander off topic for a few
minutes every day.
1020[13:32:06] <nvz> dpkg, protected symlinks is to follow a
symlink as another user you need to set fs.proteted_symlinks to 0 in
sysctl see
replaced-url
1029[13:34:06] <Scou_moune> ratrace: I do run one time my script
back_up for add the rules, so i have write in my script [
"$myuser"] || myuser=$(logname); printf
'myuser=%s\n' "$myuser" > /etc/cron.d/back_up
1035[13:35:55] <ratrace> users have their own crontabs under
/var/spool/cron/crontabs/
1036[13:36:31] <ratrace> Scou_moune: so if you have a per-user
crontab, just drop a file in there (remember, such tabs have no user
specification in them then!), don't do what your'e doing.
that's just.... very very wrong.
1040[13:36:53] <dpkg> Slow down for a bit! Are you sure that you
need to jump through that particular hoop to achieve your goal? We
suspect you don't, so why don't you back up a bit and tell
us about the overall objective... We know that people often falsely
diagnose problems because they are too close to them -- it's
easy to miss that there is a better way to proceed. See
replaced-url
1041[13:36:56] <Scou_moune> ratrace: i have make a script for
backup file, and i use on other machine, so i don't want
manualy write /home/user, that why i needer logname
1042[13:37:36] <Scou_moune> ratrace: yea i think like this that
so great and easy to write
1043[13:37:42] <ratrace> Scou_moune: that is very very bad
1044[13:37:52] <Scou_moune> why ? :(
1045[13:38:26] <nvz> because you're abusing priv seperation
and acting as root on a users behalf
1051[13:39:10] <ratrace> that. and also are making your system
needlessly complex. user tabs are a known feature and instead of
hacking root crontab, just create a file for them in the appropriate
spool directory
1052[13:39:44] <Scou_moune> nvz: yea i read ok ok i just want
that work
1053[13:40:12] <ksk> the cron.d syntax has a field for the user
executing the cron - but I am not quite sure what the goal is here
at all
1059[13:41:20] <ksk> this can only be setup by root of course,
but I found it a little more tidy to have all cronjobs in one place,
instead of various users corntab
1060[13:41:58] <Scou_moune> hum so you say i do add USER in spool
1061[13:42:27] <Scou_moune> you sure that correct for my
probleme, i do test so
1070[13:47:27] <Scou_moune> ksk: thank i have read all; man
crontab (show 10lines), man cron, wiki and other
1071[13:47:28] <ksk> please no.
1072[13:47:48] <Scou_moune> so now i remove the printf myvar okok
1073[13:47:48] <ksk> eh. Thats like the 10 ways of not doing it
combined I am afraid.
1074[13:48:41] <ksk> What are you trying to do here? This is part
of a deployment, where you connect as "user_foo" and want
to create a cronjob for that user?
1075[13:49:14] <Scou_moune> ksk: my script back_up22 so a backup
of lot of file in file_fold
1076[13:49:20] <Scou_moune> So that tar, gzip and other
1077[13:49:31] <Scou_moune> my probleme is juste /bin/logname
1078[13:49:48] <Scou_moune> just that, crontab don't see the
normal user
1079[13:50:14] <Scou_moune> if i use su - root -c
"logname"; that show the normal user
1080[13:50:19] <Scou_moune> i just want that
1081[13:50:30] * Scou_moune cry lot of on the cat
1082[13:51:21] <ksk> Please read again the last two statements of
mine - I wont help you "fixing" something which is broken
by design.
1085[13:54:24] <spaceone> I have python-all-{dev,dbg} installed
but GDB shows: 0x00007ffff7e11db4 in PyObject_Call
(func=<function at remote 0x7fffef4b4ed8>,
arg=('foo', None), kw=0x0) at ../Objects/abstract.c:2542
1086[13:54:26] <spaceone> 2542 ../Objects/abstract.c: No such
file or directory.
1087[13:54:30] <spaceone> which package is missing?
1092[13:58:46] <Scou_moune> ksk: I want to run my back_up22
script with cron so that it makes a backup every X times. This
script must be run as root because it saves files in etc and the
like. My problem is that crontab does not see normal user of / home
/ user, so the back_up22 script does not save files from / home /
user / bin and the like. Everything works great, it just happened
that cron finds the normal user
1093[13:59:31] * Scou_moune have use google translate
1098[14:01:20] <Scou_moune> so maybe i have to use a different
method to find the normal user than "logname", i
don't know, but i am blocking on this point. And I repeat
everything works
1142[14:43:58] <nidhoegger> Hi. I got a lenovo p53s and installed
debian testing on it (stable is too old to work). Problem I am
having is that everything GUI wise seem to randomly deadlock and
take minutes to respond to anything. notably thunderbird, mattermost
and nm-applet. is that a known issue and/or is there a way to
resolve this? dmesg does not show anything that should not be there
1143[14:45:11] <nvz> nidhoegger: you couldve just installed a
newer kernel on stable probably
1144[14:45:36] <Haohmaru> !testing
1145[14:45:36] <dpkg> Testing is a continuously updated release
between <stable> and <unstable>, currently codenamed
<bullseye>. See
replaced-url
1146[14:45:38] <nidhoegger> how do I do that? I am willing to try
out. I have my workflow with debian and do not want to switch to
another distro
1148[14:46:03] <greycat> If the box boots, you can just add
buster-backports sources and install a buster-backports kernel.
1149[14:46:03] <Haohmaru> you install stable and enable
"backports"
1150[14:46:09] <nvz> nidhoegger: will it even boot with stable at
all? does the installer even see the disk?
1151[14:46:20] <nidhoegger> okay, thank you very much
1152[14:46:39] <nidhoegger> does stable have highDPI support?
this thing has a 4k dispaly and I was amazed that on testing highDPI
works out of the box
1153[14:46:45] <nvz> if its a case where the installer doesnt see
the disk due to some odd new nvme type crap its a bit more
complicated
1154[14:46:54] <greycat> (From the description, it sounds like
the box booted OK, and only had problems in a desktop environment,
so you might try booting into console....)
1155[14:47:04] <nidhoegger> nvz that is the case...
1156[14:47:06] *** Quits: ghost43 (~daer@replaced-ip) (Remote host closed the connection)
1157[14:47:12] *** Quits: yanmaani (~yanmaani@replaced-ip) (Remote host closed the connection)
1159[14:47:36] <nidhoegger> greycat, yes, the console just works
like charm. at least on testing (i did not try out anything else as
normally the wifi will have trouble on stable)
1160[14:47:47] <nvz> nidhoegger: yeah that makes it a lot more
complex as for awhile the testing installer in expert mode would ask
you whichbranch to install but last I cheked it didnt
1161[14:47:51] <Haohmaru> speaking of this.. on my debian, when i
rotate the display to portrait mode temporarily via xrandr
(1200x1920), any new app i open loads up with *huge* GUI
1162[14:47:56] <Haohmaru> how do i turn that off?
1163[14:47:59] <nvz> in those cases you need the INSTALLER runing
a new kernel
1165[14:48:45] <nvz> as for hidpi.. thats quite app specific some
things do and some things dont.. in my experience
1166[14:49:20] <nidhoegger> nvz i know that the last time I used
stable on 4K it was a bloody mess, the only thing worked was the
font scaling and everything basically looked like crap
1174[14:51:31] <nidhoegger> i am not that unfamiliar with linux
to fix some issues that arise, but in this case I have no fricking
idea what is happening as neither dmesg, nor the X11 log nor
something else produces an error
1175[14:52:03] <nidhoegger> I tried disabling the discrete gpu,
tried to set the envvars for the new nvidia offscreen rendering,
tried nouveau and nvidia-driver (so I can mostly rule out that its a
driver issue with the graphics card)
1181[14:54:48] <nidhoegger> Phase, yeah, sucks if your job is to
develop a linux software :P
1182[14:55:11] <hexnewbie> Is there something on Debian 10 Buster
that would delete my /var/cache/apt/archives? I moved them to a
separate 40 GB LV so that they don't fill up my root, but now I
see it's empty, and all the packages are not there. Packages
stay there every time I call apt-get. What's going on?
1183[14:56:04] <ratrace> hexnewbie: sure you actually mounted the
LV?
1184[14:56:06] <nidhoegger> rm pretty much would delete them
1202[15:02:41] <hexnewbie> I now remember there was something in
the Buster upgrade email (or Stretch upgrade email) that
'apt' (but not 'apt-get') would delete these. I
should try finding the email...
1208[15:04:11] <greycat> And... what the hell, is this thing a
string or an integer? [ $AutocleanInterval = always ] || [
$AutocleanInterval -eq 0 ] &&
1209[15:04:22] <hexnewbie> If that's the cause I need:
Binary::apt::APT::Keep-Downloaded-Packages "true";
1210[15:04:30] <hexnewbie> I'll try that one and see if the
packages stay there
1211[15:06:36] <greycat> hexnewbie: "apt install foo"
will download foo.deb (and dependencies), then install them, then
delete the .deb files that it just downloaded. "apt-get install
food" will skip the deleting.
1239[15:35:34] <karlpinc> What tools exist for testing for
network filtering between endpoints? I can scan with nmap, but
that'd require something to be listening on the other end.
There must be an eaiser way that cooperates between endpoints.
1241[15:36:26] <ratrace> karlpinc: if there's nothing
listening so it can respond, how do you differentiate filtering from
..... packets flowing freely but nothing is listening...
1254[15:39:10] <karlpinc> ratrace: I'll take a look. Thanks.
1255[15:39:11] <ratrace> karlpinc: nmap is actually the tool you
want. no tool can differentiate "nothing listening" from
"the packet filter just did a REJECT"
1256[15:39:29] *** Quits: Rue (~rue@replaced-ip) (Quit: Leaving)
1258[15:40:02] <karlpinc> ratrace: Sure a tool can. If it's
talking to the remote end and knows the remote end is listening, and
then it probes and the probe fails, the network is filtering.
1259[15:40:15] <greycat> My *guess* is that for some asinine
reason, he wants to test the hypothetical scenario "if I had a
service listening on port 777, and tried to reach it from
workstation A, would some magical firewall stop me", but
without actually running a service on port 777, or having a
workstation A.
1260[15:40:37] <greycat> Which is just bizarre as fuck.
1261[15:41:07] <ratrace> karlpinc: I don't know of a tool
that will simultaneously listen on 64k ports or whatever like that.
Why do you need that though, this smells like an XY problem.
1263[15:41:36] <karlpinc> greycat: The reason is that my ISP is
blocking traffic. And I want to know what they're blocking. I
can tell them to unblock and they will, but for some asinie reason
they will only unblock one port at a time.
1265[15:42:10] <ratrace> greycat: no such tool exists. one needs
something listening on port 777 to complete the tcp handshake
because a broken packet filter, for example, could allow syn, but
not ack
1276[15:43:46] <neilthereildeil> hey guys. whats the use of
hugetlbfs?
1277[15:44:03] <ratrace> karlpinc: I don't understand then.
so technically you want to test 64k ports "just in case you
need one some day"?
1278[15:44:40] <ratrace> though really it's just 10k iirc,
10k+ is reserved for ephemeral ports
1279[15:45:03] <karlpinc> ratrace: Yes. Exactly. If a client has,
say, a netbios port open, I want to be able to probe it and see. But
if my ISP is blocking outbound netbios, then I won't be able
to.
1281[15:45:18] <ratrace> but anway... I don't see the point.
Test the typical ports for typical services. http(s), smtp(s),
submission(s), pop3(s), imap(s), ...(s)
1282[15:45:45] <karlpinc> ratrace: The point is, I want to be
able to communicate using IP.
1283[15:45:48] <ratrace> karlpinc: then netcat or whip something
up in python, should be relatively easy.
1284[15:45:52] <neilthereildeil> is hugetlbfs basically a
ramdisk?
1328[16:28:53] <AliSh> Hey guys, I hope you're doing well, I
am an Ubuntu user who wants migrate to another distro, I am wonder
if I can rely on Debian testing (I want recent version of some apps,
e.g. ff and chromium, as I'm a dev), do you have any experience
on that?
1333[16:32:45] <mason> AliSh: Testing is for testing. If
you're looking to report bugs and make the next release of
Debian better, go for it.
1334[16:33:58] <AliSh> I'll be happy to try that and return
back favour as I'm using it freely and also learn more about
Linux, but I have to keep my environment safe to be able work and
get income :D
1335[16:34:39] <mason> AliSh: If you want to learn Linux
gizzards, also look at Slackware.
1339[16:37:31] <cybercrypto> AliSh: Debian testing (often more
stable than many other 'stable' distros) is not going to
give you an stable environment.
1344[16:38:31] <Poster> outdated and stable are most often one in
the same
1345[16:38:45] <gpeskens> What is the best way when packaging for
debian to force systemd services to restart on upgrade?
1346[16:38:51] <AliSh> cybercrypto so what's the best option
for me? (I have opensuse, fedora, puppy "which is not good for
my job :D ")
1347[16:38:53] <mason> AliSh: I use shockingly old software most
of the time. It's a source of joy. It can be for you too.
1348[16:38:59] <greycat> I *still* do not understand these people
who claim to be "devs" but they feel they need
"latest tools". A serious dev wants their build
environment to use the *oldest* possible/reasonable toolset, so that
the finished product will work on the widest possible range of
targets.
1349[16:39:01] *** debhelper sets mode: +l 1201
1350[16:39:38] <AliSh> greycat I am a web dev and I need ff and
chromium as my customer is using damn Windows with latest of them
1351[16:39:44] <mason> greycat: That's not the devops way,
where you *need* features that haven't so much as hit a stable
release upstream yet. *Need*.
1355[16:40:10] <oiaohm> greycat: using the oldest possible
toolkit mix can lead you to having a lot of security faults to fix
quickly.
1356[16:40:11] <mason> AliSh: That's easy. Use stable
software for your own environment, and have a testing environment
with the bleeding edge stuff.
1357[16:40:38] <AliSh> mason that sounds great
1358[16:40:40] <cybercrypto> AliSh: the mason's suggest is
quite good. To learn and get to understand the core of linux,
slackware is my favorite (I use it since 94 =~)
1359[16:40:49] <oiaohm> greycat: some of the reason why flatpak
runtimes can be tempting.
1360[16:40:55] <mason> AliSh: Depending on a personal environment
for testing is going to be very incomplete.
1361[16:41:25] <AliSh> OK, I can stick with stable, have vbox
with testing and unstable env to learn more
1362[16:41:34] <AliSh> good advice guys, thanks a lot
1363[16:41:51] <cybercrypto> AliSh: opensuse offers a
rolling-release, it is the mid-term of stable and 'new'
software, I guess. Fedora also claim to offer 'edge'
software as well.
1364[16:41:53] <mason> AliSh: vbox is okay, but if you're
running Debian, libvirt and qemu/kvm is probably better for you.
1365[16:42:16] <AliSh> mason thanks, I'll give them a try
1369[16:42:38] <oiaohm> AliSh: if you are after a handful of
fairly new software but want everything else older and more tested.
flatpak/appimage/snap of those applications can be a good option.
1370[16:42:39] <AliSh> if it wasn't for snapd, I
wouldn't leave Ubuntu, I hate reinstalling everything
1371[16:43:01] <greycat> Oh. flatpak. Barf. "I built this on
a pre-alpha release of glibc, and therefore you can't run it on
any actual Linux in the wild, but that's OK, I'll just
bundle my entire rolled-my-own Linux distribution for you."
1372[16:43:02] <AliSh> oiaohm I don't like snap...
1374[16:43:32] <oiaohm> AliSh: snap is horrible with it loopbacks
and the on going performance effects.
1375[16:43:40] <mason> greycat: What, you won't want random
black boxes peppering your environment?
1376[16:44:00] <oiaohm> AliSh: I put flatpak and appimage before
snap for that reason.
1377[16:44:29] <AliSh> The drawback of snap is that I am a Linux
user because of security, everything from official repository, but
snap flatpak... I don't wanna anything out of the box
1380[16:45:25] <cybercrypto> AliSh: Slackware is great, but there
is no 'systemd' in there (cutting the obvious and long
discussion). If youre work depends on systemd (or) it is targetting
distros with systemd, you may consider another one.
1381[16:46:01] <AliSh> cybercrypto I don't have knowledge
about that, I have to check
1382[16:46:10] <oiaohm> greycat: flathub standard runtimes
don't use pre-alpha glibc. Newer than the oldest possible
reasonable toolkit but not newer than a lot of distributions
include.
1384[16:46:20] <AliSh> I used NodeJS and Docker, nothing else
1385[16:46:33] <AliSh> *use
1386[16:46:43] <annadane> people keep recommending slackware but
to be honest 14.2 was released forever ago and i'm not sure you
can't "learn linux" by just using, you know, debian
1387[16:46:55] <greycat> oh. there are actual *rules* and
restrictions on the bleeding-edge crap? that's good to hear.
1400[16:49:31] <AliSh> you have to break some app/package/service
to find yourself gaining knowledge by fixing
1401[16:49:53] <AliSh> I learned how to install debian about 13
years ago by erasing my hdd several times
1402[16:50:23] <annadane> to each their own but i just don't
think 'use slackware' is necessarily good advice
1403[16:50:42] <cybercrypto> annadane: I agree, it was release
long ago, does not receive all the community support as debian
(which I firmly believe, debian community is the main reason Linux
is strong)... still if you check slackware current, they are very
active and releasing updates.
1404[16:50:43] *** Quits: AliSh (cc128235@replaced-ip) (Remote host closed the connection)
1405[16:51:17] <greycat> I think a lot of the "learn on
Slackware" advice comes from anti-systemd people. Not all of
it.
1406[16:51:46] <greycat> Some of it may be coming from the
"you need shit that doesn't work very well, so you have to
fix it" minset.
1411[16:52:52] <cybercrypto> I guess, one can read and learn by
doing, with 'linuxfromscratch'... this will be even better
for understanding the 'distro' work.
1414[16:53:38] <mason> annadane: People can learn with Debian,
but it masks a ton of stuff. Especially now that it's been
infested with systemd, there's no reason for anyone to go
beyond localectl to understand that it's actually driving
loadkeys, etc.
1415[16:53:59] <annadane> yeah, well, systemd is mainstream now
so they'll have to learn it
1417[16:54:29] <mason> annadane: That doesn't speak to the
point I made. systemd drives lower-level things, and you have no
reason or opportunity to learn if it's all being done for you.
1418[16:54:30] <annadane> it also makes people's lives
easier in many cases
1419[16:54:49] <mason> annadane: Again, that misses the point.
We're talking about learning how it all works, very
specifically.
1420[16:54:51] <annadane> okay, but you're still learning
adequately if you learn the modern tools
1421[16:55:01] <annadane> if the user wants to know more low
level things they can
1422[16:55:01] <mason> annadane: You're learning systemd,
not Linux.
1423[16:55:09] <annadane> you can learn both
1424[16:55:18] <mason> annadane: And again, that's the
point. In the normal course of things using Slackware you see more
of the underlying parts.
1425[16:55:20] <annadane> there isn't just one path through
this
1426[16:55:31] <annadane> okay, but like, run slackware in a vm
or something
1427[16:55:33] <greycat> mason: because they don't work, and
you have to fix them
1428[16:55:44] <mason> greycat: loadkeys has never broken for me.
localectl has.
1429[16:55:54] <greycat> then why do you know anything about
loadkeys?
1505[16:56:25] <mason> annadane: You can learn how a transmission
works pretty well regardless of whether you drive an automatic or a
stick. Which do you think will do a better job getting you to
viscerally understand the transmission's behaviour as it runs?
1506[16:56:42] <mason> greycat: You've proven my point right
there.
1507[16:56:56] <annadane> because it depends on the user
1508[16:57:03] <mason> greycat: It's what's doing the
actual work of handling keymaps. It's useful sometimes to
understand this.
1509[16:57:04] <greycat> That Debian's shit works, and
therefore we don't have to learn the mechanics of implementing
whatever-the-fuck-you-are-harping-about?
1589[16:57:44] <mason> greycat: That's it. Yes. Of course.
Sort of the conservative view. "I don't know it, so
clearly no one else would benefit from knowing it. It's not
critical."
1596[16:58:27] <mason> annadane: Might be good to go back to
scrollback to see what the fellow actually wanted. If he wanted to
learn to get along and have marketable skills, he'd be just
fine sticking with Ubuntu.
1599[16:58:31] <annadane> the fact of the matter is one is
unlikely to run slackware as their main distribution unless
they're a bit die hard so you may as well start on something
like debian
1600[16:58:40] <annadane> where you don't have to build
everything from source
1601[16:58:47] <cybercrypto> greycat: I agree. I am pro
'systemd' architecture. Thats why I asked AliSh if his
work targets systemd dev or if it is independent. Perhaps targetting
his development towards debian-stable would be the best option
(Learning is a different question)
1614[17:03:46] *** Quits: mibo (~mibo@replaced-ip) (Remote host closed the connection)
1615[17:04:19] <EdePopede> slackware was my first distro. so it
can't be *that* hard to get behind how it works. granted, this
was more than 20 years ago, bootdisks, startx and manually edited wm
configs.
1617[17:05:01] <cybercrypto> My view and suggestion: LFS=you will
learn how to assemble your own distro from zero. Slackware=you get
the system up and running easy-to-install as a bonus, but you have
to read a lot to use it 'daily basis' I suggest LFS only
for hobbie projects, otherwise you will not be able to maintain it
yourself, in production 'updated'
1625[17:07:48] <metbsd> lfs or gentoo are not worth it
1626[17:07:58] <metbsd> hardware and electricity cost money too
1627[17:08:03] <metbsd> and time consuming
1628[17:09:03] <mason> metbsd: To be fair, Gentoo lets you build
once and distribute anywhere with trivial ease.
1629[17:09:28] <mason> So the carbon footprint could be lower
than Debian if, for instance, you use any DKMS on Debian.
1630[17:10:00] <matti> The Linux Kernel Report live stream -
replaced-url
1631[17:10:09] <rgwu> mason: What percentage of Gentoo users are
using gentoo because it let's them avoid building?
1632[17:10:46] <mason> rgwu: Well, if you look at spin-offs like
CoreOS, the majority. Upstream Gentoo, probably fewer.
1633[17:11:47] <moldy> if you build once and distribute binkpgs
to a few dozend of machines you still use more cpu time /
electricity than if you just install binary packages built once and
used by millions of machines
1634[17:13:56] <ratrace> makes sense
1635[17:14:28] <rgwu> The notion that Gentoo has fewer watts per
install than any other distro is laughable. There are plenty of
things to like about Gentoo, power consumption and time consumption
are not among them.
1641[17:25:07] <cybercrypto> metbsd: I believe that every root
distro is worth trying for learning. lfs,slack,gentoo, even
bsd's). But the guy who asked about debian-testing was leaving
ubuntu due to 'snapd' and to get 'latest
software'. We tried to show him that stable + latest hardly
comes in the same sentence.
1649[17:27:56] <greycat> "I'm a dev" -> I need
to write software that compiles and runs on the widest possible
range of target systems. If I release binaries, they must be built
on the oldest possible target so that they run on that target or
newer.
1650[17:28:05] <greycat> "I'm a web dev" -> I
only need to get it to work on ONE machine.
1651[17:28:15] <EdePopede> heh and this
1652[17:28:25] <metbsd> if you are not devellping a distribution
i don't see the point to "learn" os
1653[17:28:56] <cybercrypto> Agree. His simple question led to
this great discussion. I enjoy this learning a lot :-)
1654[17:29:10] <EdePopede> some people prefer to know how the
things they are using an a daily basis actually work. at least to a
reasonable point.
1655[17:30:28] <metbsd> if you learn a programming language you
can write programs. if you learn linux os what you gonna be?
xxx@gentoo.org or xxx@debian.org
1656[17:30:32] <EdePopede> at least a "user" (really
classic meaning here) should know how to move a bookmark back into
the main bookmark menu after accidentally dragging it into a submenu
due to not being able to click properly.
1657[17:30:55] <greycat> metbsd: system administrator
1658[17:31:13] <EdePopede> or how to restore a file from the
waste bin. and yes, they exist.
1659[17:32:20] *** Quits: earthundead (~earthunde@replaced-ip) (Remote host closed the connection)
1663[17:35:14] <EdePopede> i remember when PS/2 found its way
into the PC world, into the markets, with its coloured connectors.
they had people assemble them in front of the market just to see if
it's as easy as advertised. has there *ever* been something
similar with debian or some other linux?
1664[17:35:44] <EdePopede> a brand new pc, a set of disks. or a
stick, doesn't matter.
1665[17:36:43] <metbsd> too many better things to learn other
than those distribution, docker, distributed file system,cluster
server, cisco
1666[17:37:07] <metbsd> some of those distributions are not even
professional
1668[17:38:23] <metbsd> some distribution just tweak a little
kernel, different naming for hier, package management system, and
tada, new distribution with new bugs.
1669[17:38:30] <metbsd> they are not worth learning
1674[17:41:17] <cybercrypto> metbsd: Agree. Yes, thats why my
suggestion: root distros. (non-derivatives) like the ones I said
earlier.
1675[17:42:04] <EdePopede> some distros maybe would even better
just contribute to the one of the other ones
1676[17:42:57] <moldy> i just install web browsers directly from
upstream
1677[17:43:25] <annadane> does gnome-boxes have a more discrete
way of setting ram/disk space? the slider thing doesn't seem
easy to set it to 'exactly' 50 gb or whatever
1678[17:43:28] <cybercrypto> metbsd: I am curious, please tell
me: what is your suggestion to learn Linux OS, if I ask you that
question (dont tell me to learn other 'better' thinks to
learn)
1682[17:45:39] <EdePopede> annadane: remember the days when there
weren't sliders all over the place, instead an editable text
area with an integer and 2 arrows on top of each other to change it?
1683[17:46:39] <annadane> i wish regular qemu was a bit more noob
friendly then i wouldn't have to install frontends
1684[17:46:44] <annadane> or maybe i'm not trying hard
enough
1700[18:00:54] <annadane> gcc in debian 10 is actually gcc 8, i
don't know about the relation of gcc-avr to gcc but are you
familiar with how debian works? it doesn't have newer versions
of software, generally; if there's a problem with not having a
latest version of something there's ways to get it
1710[18:05:12] <annadane> it's actually two distinct
questions, 1) you're asking about gcc-avr being version 5 in
relation to a different gcc version and 2) you're making the
assumption you need gcc 10 in general
1711[18:06:56] <_DeLa_> On my HP Probook x360 11 G1 EE, I used
debian10 expert install to skip installation of grub so I could
finish debian installation withouth freezing during grub install.
Using the info from
replaced-url
1713[18:07:28] <sleepingforest> So ive installed a select number
of packages from buster-backports. if i understand correctly,
buster-backports is stable compatible ports from testing. so there
should be no problem. Now i want to install a single package from
sid, and I've added sid repo and configured pinning preferences
similar to
replaced-url
1714[18:07:30] <sleepingforest> this way, right?
1715[18:07:37] <_DeLa_> Any help will be greatly appreciated ...
1716[18:07:48] <annadane> sleepingforest, which package
1720[18:08:09] <annadane> well, it's already in backports
1721[18:08:13] <annadane> does that suffice?
1722[18:08:58] <sleepingforest> annadane: keepassxc devs end up
breaking compatability with older versions when the web extension is
used. so Id prefer to run the latest version
1736[18:12:01] <annadane> pinning is one of those solutions that
(like a lot of bad debian advice) gets recommended a lot but it
depends on the specific situation
1737[18:13:44] <sleepingforest> i dont feel confident enough
understanding the implications of using it just based on the wiki
alone. theres not terribly much info there
1738[18:14:09] <annadane> and 'pin this package' tends
to lead to 'just pin everything from sid' which tends to
lead to 'i have a bunch of broken dependencies'
1739[18:14:23] <sleepingforest> yeah exactly what i feel like
would happen
1745[18:16:59] <sleepingforest> do you think i should delete the
apt prefs i installed setting priorities for stable=700,
buster-backports=650 testing=400 unstable=300? I dont use testing or
sid. and I have other apt repos. iirc they were all 500 by default,
maybe bpo was lower
1812[19:35:55] <annadane> i don't know of any by default but
take a look at apt show task-xfce-desktop and see if you can find it
in the list of depends/recommends
1835[19:42:42] <annadane> because those are two separate
questions
1836[19:43:14] <Regor> noooo
1837[19:43:31] <Regor> i use weechat ...
1838[19:43:41] <annadane> apt show fonts- <tab tab> will
show a bunch of them
1839[19:43:52] <annadane> okay, so your real question is
"how can i see emojis in weechat"
1840[19:44:07] <annadane> you may want to ask #weechat
1841[19:44:22] <Regor> noooooooo
1842[19:44:53] <greycat> Then please write an actual question.
1843[19:44:53] <Regor> how to view and put emojis in debian...
1844[19:45:22] <mason> metbsd: Sheer curiosity and love of the
stuff is enough reason to learn. And yeah, that can turn into
involvement with one or more of the OSes.
1845[19:45:23] <greycat> One way is to configure X to use a
Compose key, and type a few mnemonic keys.
1846[19:45:35] <mason> Oh, I was buried in scrollback.
1848[19:45:53] <greycat> instructions for configuring the
keyboard based way are at
replaced-url
1849[19:45:53] <Regor> what default emoji picker comes with
debian that opens emojis table with ctrl+:
1850[19:46:30] <greycat> Apparently nobody knows. But YOU seem to
have one, so open it up, and then find out what it is by examining
the process list, or using programs that identify the origin of an X
window, etc.
1851[19:46:57] <annadane> also have you tested that this emoji
picker even works in weechat?
1852[19:47:06] <diogenes_> Regor, it probably comes with ibus.
1855[19:47:52] <Regor> yeah.. now i get it ...hahah
1856[19:47:55] <mason> Wow, never heard of %L in .XCompose
before. Nifty.
1857[19:47:58] <greycat> I've never seen xfce, let alone
used it, and I have no idea how a GUI "emoji picker" would
work. Does it just copy the chosen character into the X clipboard?
1858[19:48:30] <mason> I always just include a file directly.
1860[19:48:42] <annadane> i used xfce for a while and never heard
of an emoji picker (though i didn't look very thoroughly into
some of the apps the tasksel installs because i usually always use
other things like feh mpv etc)
1862[19:48:55] <_DeLa_> I just want to boot into my debian 10
desktop – do I need to install grub at all or is there a way
to automate the few lines from
replaced-url
1863[19:49:08] <mason> ah, man 5 xcompose has even more expansion
1866[19:51:02] <annadane> debian in general quite possibly does
have one so you can just apt search for that and install one
1867[19:51:44] <annadane> or look more into this ibus thing
1868[19:51:58] <Regor> diogenes_: thanks.. its done ! 😀️
1869[19:52:00] <greycat> I'm *so* confused. He keeps saying
he has one and it opens up when he presses a certain key combo. But
then he acts like he doesn't have it.
1892[20:06:48] <dpkg> First, check for a backport on
<debian-backports>. If unavailable: 1) Add a deb-src line for
sid (not a deb line!); ask me about <deb-src sid> 2) enable
debian-backports (see <bdo>) 3) apt update; apt install
build-essential; apt build-dep packagename 4) apt -b source
packagename 5) dpkg -i packagename-ver.deb To change compilation
options, see <package recompile>; for versions newer than sid
see <uupdate>.
1965[21:25:27] <Orcs53> Hi everybody, I have a question, if
anybody could assist. How do I add a self-signed CA certificate to
the CA certificates on Debian. I have tried moving the certificate
to "/etc/ssl/certs" and "/etc/ssl/newcerts" and
then running update-ca-certificates but I get the output "0
added, 0 removed; done.". Can anyone offer any suggestions?
1966[21:27:31] <dvs> Orcs53, I put the .pem file in
/etc/ssl/certs and the key file in /etc/ssl/private and that seems
to work
1970[21:29:11] <Orcs53> I would also like to add that this is a
client machine, a service on another machine is encrypted, to which
this machine is a client. Thus, preferably the private key would not
be on this machine.
2000[21:46:00] <kittonian> I have edited the dhcp.conf file and
modified the subnet, etc. but when it tries to start, it still
thinks it should use the old information and it fails
2001[21:46:07] <kittonian> not sure how to resolve
2004[21:52:51] *** Quits: asymptotically (~asymptoti@replaced-ip) (Remote host closed the connection)
2005[21:52:56] <Orcs53> karlpinc I have znc IRC bouncer running
in a container, I have it server over SSL. In another container I
have thelounge IRC web client, these are connected by a bridge
network. I have copied the self-signed certificated and attempted to
install them following the instructions here
2017[22:00:48] <dvs> Orcs53, it sounds like the program
you're trying to connect to will not accept a self-signed
certificate, *ANY* self signed certificate.
2018[22:01:16] <eigenfire> Self-signed certificates will never,
ever pass verification. Ever.
2019[22:01:47] <eigenfire> At least not without doing things that
are very ill-advised.
2020[22:02:17] <Orcs53> Oh, alright. I thought if they where
installed on the client machine it would consider that a verified
certificate.
2064[22:53:29] <Orcs53> I have tried asking in the #thelounge
channel, they maintain the of the Docker container, I have had some
help there. But, the container runs Debian 9. So, I am also asking
here because configuring the operating system to trust a self-signed
certificate authority, which has self-signed server certificates,
seems like a very common task one might
2065[22:53:30] <Orcs53> need to do. If I may rephrase the
question. I have a self-signed certificate authority (CA), which I
have used to self-sign a SSL server certificate, all of which is on
a different machine. On the client machine there is a client
application which I would like to be able to connect to the server
securely. How do I install and trust this self-signed
2066[22:53:30] <Orcs53> CA so that the self-signed server
certificate verifies and is also trusted.
2068[22:54:14] <greycat> Your question has nothing to do with
operating systems, and everything to do with the software
that's *using* (or refusing) your certificate.
2075[22:58:36] <Orcs53> The client application is a nodejs app,
which uses the CA certificates installed onto the operating system.
So, I disagree, the question is related to the OS. I am keen to know
more about how to add and trust a self-signed CA certificate, like
what detailed in the manual page seen here:
2077[22:59:16] *** Quits: mezzo (~mezzo@replaced-ip) (Quit: leaving)
2078[23:00:07] *** Quits: nicolaf (~nicolaf@replaced-ip) (Remote host closed the connection)
2079[23:00:34] <greycat> I googled and got
replaced-url
2080[23:00:37] <greycat> it took a few seconds
2081[23:01:08] <greycat> but sure, you go on telling yourself
that you know better than all the people helping you, and better
than the people who wrote the ZNC wiki
2088[23:07:32] <Orcs53> Thank you for searching for that
documentation. However, I have actually already done this. What I am
actually asking is, how do I get Debian which is running in another
container to trust the self-signed CA I generated, so that openssl
then trusts and will verify the self-signed server certificate. And
thus, the client app can connect securely to
2097[23:12:41] <annadane> Orcs53, i know absolutely nothing about
this but have you tried grepping the openssl man page for
"trust" or something, maybe there's an option to
override stuff
2098[23:12:48] <annadane> (unless that's a terrible idea for
security but yeah)
2099[23:13:30] <annadane> you can also ask the debian mailing
lists if people here don't get around to answering
2100[23:14:23] <nkuttler> um, just add the ca to the others and
run update-ca-certificates ?
2101[23:15:07] <greycat> my understanding is, they *did* that,
and their application said "Error: self-signed
certificate". and they're like "YOU ARE WITHHOLDING A
SECRET WHY WON'T YOU TELL ME"
2102[23:15:24] <nkuttler> oh my.. yeah.. some languages will do
that
2105[23:16:26] <Orcs53> annadane Thank you for your response,
this is essentially what I am trying to do. But, I suspect that if
it is possible to add and trust a self-signed CA, it is actually
done using the tools in the ca-certificates package, see the manual
page I posted earlier.
2108[23:18:15] <greycat> the only thing that doesn't line up
is the Debian wiki page that says ZNC ships with a self-signed
certificate, but they didn't want to read the Debian wiki page
2109[23:19:07] <Orcs53> @greycat I think that although the client
app is nodejs, the error output is actually a result of openssl
refusing to verify the service certificate against the certificate
authorities which a installed with the ca-certificates package.
2111[23:19:27] <annadane> i think the user is on stretch though
judging from the link to the man page, maybe it's different
between buster and stretch, i'm just spitballing, no clue
2120[23:25:40] <Orcs53> nkuttler, I have tried this. I placed the
self-signed CA in
"/usr/share/ca-certificates/self-signed/example-ca.crt",
then ran "dpkg-reconfigure ca-certificates". This tool was
slightly difficult to get working, but, the CA did show up in
"/etc/ca-certificates.conf". After all that openssl still
cannot verify the self-signed server certificate.
2143[23:43:01] <ws2k3> i have a process that is called bash its
consuming 100 % cpu. is it possible to see which script this is? or
which command? ps aux only shows bash
2144[23:44:41] <nvz> ws2k3: if it were a script it should
probably say because it'd have been part of the cmdline..
2145[23:44:55] <nvz> ws2k3: what is the pid?
2146[23:45:09] <ws2k3> nvz: 4692
2147[23:45:47] <nvz> then have a look in /proc/4692
2148[23:45:52] *** Quits: nevoyu (~Nevoyu@replaced-ip) (Remote host closed the connection)
2160[23:51:59] <ws2k3> nvz: what can i do with that information?
2161[23:52:28] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
2162[23:52:39] <nvz> idk how many ways can you possibly identify
a bash process.. if you can't tell what it is by its
controlling term or its cmdline.. or what files it has open.. idk
what else to tell ya
2168[23:54:10] <EdePopede> thread view in htop is also handy.
eliminate (as in sherlock, not as in 007) the other known entries
until you know which one is the one