12[00:08:36] <lusrx> trying to write a bootable usb with debian
10.6 using rufus on windows and getting this error on loading the
iso: this image is either non-bootable, or it uses a boot or
compression method taht is not supported by rufus
13[00:08:57] <roycroft> uefi?
14[00:09:00] <sney> !win32diskimager
15[00:09:01] <dpkg> win32diskimager is much more reliable than
<unetbootin> for copying ISO images to USB sticks and you can
download it from
replaced-url
19[00:09:46] <sney> lusrx: use win32diskimager, it's more
reliable. rufus is trying to convert a cd iso with its own logic,
but the debian iso is already a hybrid usb image and doesn't
need to be converted
20[00:10:04] <roycroft> there's probably an easier way to
do it, but i ended up installing the windows utility to create a
bootable usb disk with a windows installer, then scribbling over the
windows installer with the debian iso using rufus
21[00:10:06] <sney> rufus can be used if your version lets you
force it to use DD mode
42[00:14:53] <lusrx> "an error occurred when attempting to
write data to handle. error 5 access is denied" of course...
blocked by anit malware bla bla
43[00:15:11] <lusrx> ok now it writes
44[00:15:12] *** liquidsandwich is now known as HamburgerMilksha
45[00:15:43] <petn-randall> !rufus
46[00:15:43] <dpkg> rufus is a tool that can be used to make
bootable USB devices under Windows. Debian CD/DVD images MUST be
written in "DD Mode," otherwise it mangles the installer
in cruel and unusual ways, resulting in hard to debug problems. Ask
me about <hybrid images>, <usb install>,
<win32diskimager>.
47[00:15:56] <petn-randall> roycroft: rufus doesn't always
work fine. ^^^
48[00:16:08] <sney> we covered that
49[00:16:38] *** HamburgerMilksha is now known as liquidsandwich
50[00:16:49] <petn-randall> ah sorry
51[00:17:50] <lusrx> how old is this tool? hosted on
sourceforge? and looks like it was updated last time in 2017?
52[00:18:22] <lusrx> rufus is the best in my experience, for
windows and for linux.
53[00:18:28] <sney> probably about a decade. it's a very
simple tool, does what it's supposed to
54[00:19:24] <sney> again, rufus modifies the image for usb.
the debian iso is *already* a usb image. rufus's modifications
predictably break the debian iso.
56[00:21:31] *** Quits: gryffus (~gryffus@replaced-ip) (Quit: This computer has gone to sleep)
57[00:21:56] <lusrx> that's interesting. i'm
speculating but that may be what keeps breaking my ubuntu
installations, and my recent elementary os installation. right now
im looking at a glowing black lcd on a laptop next to me featuring
elementary os i installed 20 minutes ago.
58[00:22:40] <sney> yep, debian derivatives usually use the
same installer
63[00:23:02] <lusrx> i have been at this for the past 6 hours
or so, done 4 installs of ubuntu 20.04 and 1 elementary and they all
break on reboot right after doing my software update
68[00:24:28] <lusrx> the thing about rufus is that it allows me
to pick iso or dd write mode, and i always select iso. but with
debian iso i got (debian-10.6.0-amd64-DVD-3.iso) i never get to see
the prompt
92[00:28:51] <sney> monkwitdafunk: yep, debian has the full
archive available as isos and apt-cdrom lets you add them to your
sources. good for systems that spend a lot of time off the public
internet.
93[00:29:10] <petn-randall> monkwitdafunk: Ubuntu doesn't
support that?
94[00:29:20] <sney> ubuntu doesn't have the full cd sets I
suspect
105[00:33:21] <lusrx> is there a big difference between ubuntu
and debian in terms of installation process and hardware
requirements? the only reason i'm toying with debian is because
ubuntu (and elementary) fail to boot on my laptop right after
updating the software to latest version
108[00:34:41] <sney> monkwitdafunk: dpkg is a bot. I'm not
sure if non-free stuff is available on the official isos, actually,
but it should be possible to make one
116[00:36:46] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
117[00:36:55] <monkwitdafunk> what is the default packet writing
software for debian 10.6
118[00:36:55] <lusrx> current status: i used win32d* like you
said and successfully wrote that debian iso file to a usb stick. and
now i have "elementary" installed on ssd of the laptop,
"ubuntu (p0: hfsblabla)" in showing in my bios/uefi boot
menu (esc key) and i have a "debian" on usb stick plugged
in and not showing anywhere...
126[00:39:47] <dpkg> Some Intel UHD GPUs made after 2015 require
firmware from userspace for all features to be enabled. This
includes Skylake, Kabylake, Broxton, Cannonlake and possibly others.
Ask me about <non-free sources> and install
firmware-misc-nonfree to provide.
129[00:40:18] <sney> typically with driver firmware, if you
install it once and the driver works, you don't need to worry
about updates
130[00:40:24] <lusrx> sney: my efi boot menu... you mean the
bios boot menu right? the menu you get after pressing f8/f2/esc?
just checking. i will try different usb ports, these things also act
weird sometimes
131[00:40:33] <sney> lusrx: yes that one.
132[00:40:46] <roycroft> and actually, if you install it once
and it works updates might break it
133[00:41:27] <sney> not exactly. but updates to
firmware-nonfree are more often about adding new firmware blobs,
than about updating existing ones
134[00:42:13] <monkwitdafunk> okay, im hoping for another intel
NUC that doesnt have the iris card
135[00:42:42] <monkwitdafunk> most intel NUC's are CSA
approved as a safety rating
136[00:42:59] <sney> unfortunately, new hardware is trending
towards needing *more* firmware, not less
137[00:43:15] <sney> the intel stuff usually works fine once
it's installed at least
138[00:43:20] <lusrx> sney: ok good to know. but i have tested
in all 3 of my usb ports and i get 0. i even powered cycled the
laptop between each plug/unplug to make sure it registers.
139[00:43:23] <monkwitdafunk> firmware as in basic I/O?
143[00:43:54] *** holly7218 is now known as S3xyL1nux
144[00:44:11] <sney> on wifi it's usually RF regulatory
stuff as far as anyone can tell, but the binary nature means nobody
but intel knows exactly what's in there
146[00:45:21] <lusrx> ok so i used win32d* to write
debian-10.6.0-amd64-DVD-3.iso to my usb stick. and the laptop does
not see it. what file system is on this?
147[00:45:22] <monkwitdafunk> well if theymake the hardware,
theymake the drivers then correct?
167[00:50:18] <lusrx> sney: i don't understand. why would
my image not be bootable?
168[00:50:52] <lusrx> i downloaded from this page:
replaced-url
169[00:50:55] <sney> lusrx: because iirc, only the first DVD/CD
in the set actually has the installer. images 2, 3, 4 etc only have
packages.
170[00:51:11] <monkwitdafunk> thats right lusrx
171[00:51:21] <monkwitdafunk> ive burnt the first 3 DVDs in the
past
172[00:51:25] <lusrx> omg... *facepalm*
173[00:51:30] <monkwitdafunk> i never got that far however
174[00:51:47] <monkwitdafunk> didnt you burn the netinstall
lusrx?
175[00:51:52] <monkwitdafunk> go with netinstall
176[00:52:08] <sney> and as the page here says under "do I
need all of these files?" "Initially, you will only need
to download and use the first image of a set"
replaced-url
177[00:52:10] <monkwitdafunk> even microsft has theirown version
of netinstall
178[00:52:20] <lusrx> lol. i thought this was a point release
179[00:52:38] <monkwitdafunk> idk what a point release is
180[00:52:46] <sney> !point release
181[00:52:46] <dpkg> Point releases are updates to
<stable> and <oldstable>, fixing security and grave bug
fixes. If you track security updates regularly (as you should!)
there will often be no updates for you in the point release. You can
upgrade to the latest point release with "apt update &&
apt full-upgrade". Ask me about <9.13>, <10.5>..
replaced-url
182[00:52:58] <lusrx> forgive me for being dumb :)
185[00:53:29] <sney> no worries, happens to everyone
186[00:53:39] <lusrx> fwiw, enabling csm made the usb stick show
up on boot menu. but of course "reboot and select proper boot
device or insert boot media"
198[00:57:52] <lusrx> i just want to install some kind of linux
os on my laptop and call it a day. i want to give debian a try.
doesn't matter what media it is (as long as it's the right
one that boots).
206[01:00:37] <lusrx> i installed ubuntu earlier, 4 times, and
elementary is installed currently, and they all work just fine, up
until they both somehow screw up the bootup process after installing
all the latest updates. leave me hanging at "ASUS IN SEARCH OF
bla bla" logo or sometimes the boot menu or just a glowing
black screen.
207[01:01:37] <sney> that's unusual, but we don't know
what changes those other OS teams have made that could cause that
behavior. if it happens with debian we can help.
210[01:04:54] <lusrx> yeah it's very strange. i first
thought it was because of proprietary nvidia drivers, but i did 2
installs of ubuntu with all those checkboxes deselected and still
ran into the same issue.
211[01:05:08] <lusrx> the good news is, rufus now knows how to
write "debian-10.6.0-amd64-DVD-1.iso" :)
215[01:07:46] <jmcnaught> If you have network access during the
install don't bother downloading DVDs, just use the netinst
image. If you need to use wifi during the install you probably want
the firmware ISO that snéy linked above.
247[01:21:08] <lusrx> ok, will do that. but i will call it a day
now. i can't get past "detect network hardware". the
iwlwifi dialog. asks me if i have such media available now and to
insert it and continue.
248[01:21:20] <lusrx> i have the graphical installer running
330[02:20:02] <sney> jhutchins: even the main free alternative,
jitsi, isn't in the archive though the hosted one mainly runs
on debian cloud instances
467[05:25:27] <sney> godane: 5.9 changed some things with how
non-gpl modules are allowed to interact with the rest of the kernel,
and the out-of-tree module providers are responsible for catching
up. since zfs is non-gpl I suspect this is what's happening
though it's more infamously a problem with nvidia drivers and
virtualbox.
468[05:25:31] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
469[05:25:36] <sney> in any case the tl;dr is use 5.8 for now
496[06:10:23] <marz> What's the equivalent for
"-D" adduser in Debian?
497[06:10:39] *** Quits: treotmnor (~treotmnor@replaced-ip) (Remote host closed the connection)
498[06:11:11] <sney> as opposed to?
499[06:12:21] <marz> I'm trying to migrate my docker images
from alpine to slim-buster. "RUN ADDUSER -D user" gives me
an error: Option d is ambiguous (debug, disabled-login,
disabled-password)
501[06:16:34] <sney> seems like -D is short for
'defaults' which should come from /etc/default/useradd,
but possibly your slim buster image doesn't have the passwd
package
531[06:43:15] <sney> run 'apt-key list' and look at
the ensuing list with your eyeballs, paying attention to the
'uid' field, looking for something that identifies it as
xanmod's key. since it was added with apt-key add, it'll
be near the top of the list
532[06:43:46] <TuxCrazy> sney, ok
533[06:44:20] <sney> then you use apt-key del KEYID where the
keyid is the thing that looks like '6ED6 F5CB 5FA6 FB2F 460A
E88E EDA0 D238 8AE2 2BA9'
536[06:46:05] <TuxCrazy> sney, is this to be done with sudo?
537[06:46:34] <sney> yes, any system administration tasks should
be done with sudo.
538[06:46:49] <TuxCrazy> sney, ok
539[06:47:15] <sney> if you know you are going to be running
multiple commands, do 'sudo -i' to get a root shell, so
you don't have to type sudo for every single command.
540[06:47:39] <Zombie> Are any of you Packagers? I sent in a
Package Request.
547[06:50:45] <sney> RFP bugs are considered
'wishlist' for a reason. if you're hoping for a quick
turnaround, you may want to look at packaging it yourself instead.
548[06:51:09] <sney> and submitting to debian, if that
wasn't clear
549[06:52:05] <TuxCrazy> sney, can I pm you?
550[06:52:17] <sney> TuxCrazy: keep all questions in the
channel, please.
551[06:52:44] <TuxCrazy> sney, just one time.
552[06:52:48] <sney> if you want to paste something, use
replaced-url
553[06:52:52] <sney> no, I do not want a pm.
554[06:53:12] <TuxCrazy> the key is not getting removed.
585[07:25:15] <Maris-XP> How does one get more verbose init
information, such as that seen on Slackware, I'd like to see
all of the dmesg and perhaps system services startup information. I
am on debian 10 by the way
586[07:25:53] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
587[07:26:12] <Maris-XP> Also would it be possible to not have
the terminal cleared when the login prompt appears?
626[08:09:43] *** Quits: auk (auk@replaced-ip) (Quit: Leaving)
627[08:12:20] <marz> Error: Unable to compile the binary module.
Do you have the rrdtool header and libraries installed? What's
the equivalent package for python-rrdtool?
668[08:50:56] <towo^work> if it is vfat, mount it with -o
umask=000
669[08:51:01] <eblip> yes i was thinking it is probably some
kind of vfat
670[08:51:16] <eblip> thanks ill try that
671[08:51:35] <jelly> eblip: permissions work like that on well
behaved unix filesystem types. If you have a vfat or ntfs fs type on
the usb device, those have options for uid, gid and faked
permissions to be used at mount time. So, mount options.
672[08:51:41] *** Hackerpcs is now known as Hackerpcs_5
695[08:57:03] <shtrb> towo^work, When I meant native , I meant
native by Microsoft and not via an external source like the extfs
solutions. Explorer can also access these mounts later
696[08:57:20] <shtrb> eblip, that is in fact better approach to
use ext :)
697[08:57:35] <jelly> presumably over a guest/host vm interface.
698[08:58:06] <jelly> so you still have to a) present usb disk
to Linux VM b) mount c) share with host... seems convoluted
699[08:58:19] <eblip> shtrb its an emergency pen drive with a
few files i may need when i am travelling...and i will access them
on somoene elses machine ...
700[08:58:33] <eblip> so its probably going to be windows
701[08:58:38] <jelly> then keep it vfat or ntfs.
702[08:58:42] <eblip> yes
703[08:58:53] <shtrb> There's also extfs solutions, good
for read , never trusiting them with write. vfat is the safest
approach
704[08:58:54] <jelly> vfat has that 4GiB size limit
705[08:58:56] <eblip> thanks a lot guys
706[08:59:09] <jelly> if that's not a problem for you, keep
using it
707[09:01:21] <shtrb> just be aware of the 4GB limit and 32 gb
limits of LBA
716[09:06:46] <shtrb> What would be a good base package
installation for python developers in a debian vm (is it even wise
to give them buster or I should be basing on side) ? I'm giving
windows devs a Linux based environment where they would be working
in. I know they can use venv and later install what they wish , I
just wish to give them the most welcoming environment possible .
718[09:07:44] <shtrb> I thought about just installing python3-*
but that might be an overkill
719[09:08:50] <lowin> Hello. I was thinking about replacing
openwrt with debian on my router. I was just wondering if there are
any good web based control panels for network configuration similar
to luci that I could use?
721[09:09:51] <shtrb> lowin, are you sure your hardware support
debian ? openwrt can work even on 4/32 installation when most debian
installations would have a hard time
722[09:10:05] <eblip> shtrb .. i wasnt using a vm..but i
installed buster, and just venv and it was easy enough to start
developing in python...and i was totally clueless about things ..but
after a simple youtube vid on venv and buster...i was away.
728[09:11:26] <lowin> My plan is to use boot openwrt kernel with
necessary kernel modules and switch_root into debian
729[09:11:56] <shtrb> eblip, thanks , and had there been tools
you had preferred that would had been installed before hand ?
730[09:13:23] <eblip> for me it was only django ...the pip stuff
comes with the venv...but maybe a small document with some links
explaining that you can get all the most up to date packages using
pip...also install git...and a brief description....and tell them
that they can do web dev with django and a few links..
731[09:13:36] <eblip> that would have been useful for me ..and
stopped a lot of fumbling around
732[09:14:06] <eblip> oh and a brief explanation of a virtual
environment venv
733[09:15:19] <shtrb> thanks eblip , git and svn was already
selects, so was pip3 , about django - you mean the debian packages
correct ?
735[09:16:08] <eblip> yes django...oh and if they are going to
be doing webdev....my preference is also tell them they may require
a database and basically just go for postgresql..
736[09:16:45] <eblip> or you can do like me ..install django 1.9
...and mysql ...and no virtual env..and stored my files on my
machine ..until the python and django guys woke me up
756[09:23:20] <eblip> i didnt bother with pycharm, as my
machines are real old ..and i needed the lightest possible ide...so
i just used vim, nerdtree and tmux..i think that is as light as it
gets...plus there is a plugin to help with python..but i didnt even
bother
757[09:24:06] <eblip> after about a week on vim nerd and tmux
..you wont need an ide
808[09:54:28] <ratrace> no I mean the default apparmor profile
does NOT list the path, meaning it's not normally expected by
it. it could mean two things: a) the profile is incomplete, b) the
access is really not expected and soffice has no business opening
the file
809[09:54:52] <ratrace> I'm leaning toward betting in favor
of a) tho
810[09:55:10] <themill> At a guess, it's either getting
ready to tell you about hardware plug-n-play devices, or it's
going to map TLAs to companies for you
811[09:55:11] <shtrb> and I'm to b :)
812[09:55:29] <ratrace> shtrb: given the state of other
profiles, a) is more likely
813[09:55:51] <themill> lots of things want to look in the
hwdata databases to help you do things
814[09:56:07] <themill> (printer or scanner most likely for
libreoffice?)
815[09:56:33] <themill> but it could be as simple as the
filepicker that you've got libreoffice configured to use
816[09:56:37] <ratrace> right, and I was expecting to see some
other comm tryna access that file, some subproces forked by and not
directly part of libreoffice, but it seems that's not the case,
soffice.bin is directly trying the file
817[09:56:41] *** Quits: yonder (~yonder@replaced-ip) (Remote host closed the connection)
818[09:57:30] <ratrace> themill: ah yes.... maybe via libcups?
819[09:58:31] <shtrb> I do have several printers configured ,
technically there is a scanner on the same machine (but I only used
scanimage and not any ui tool for that)
820[10:00:49] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
824[10:02:48] <ratrace> at AA upstream, hwdata is only listed
under kde-open5 profile. so I'd say the soffice profile is
simply incomplete, and maybe the whole hwdata thing should be made
into an abstraction.
825[10:03:23] <ratrace> sorry, not profile but kde-open5
abstraction. so hwdata should be separated as its own, maybe.
something to file a bug report upstream, maybe.
826[10:03:46] *** Quits: st-gourichon-fid (~Stephane@replaced-ip) (Remote host closed the connection)
827[10:03:51] *** Quits: flakE (~flakE@replaced-ip) (Quit: I AM NOT A QUITTER!)
862[10:20:04] <ratrace> shtrb: why are you so concerned tho? by
default soffice is in complain mode, definitely suggesting it's
incomplete, and also would log a ton more denials
863[10:20:22] <shtrb> I do not trust doc files
864[10:20:44] <shtrb> and I got it only for doc files (not for
others)
865[10:21:23] <shtrb> no , sorry , now I see it reads all the
time , I blamed doc for nothing :-(
868[10:22:59] * shtrb don't trust doc files on general ,
don't even open docx if he can , and prefer everything to be
just md files
869[10:23:12] <shtrb> man , and info files are also ok
870[10:23:40] <shtrb> On unrelated question to fix (enable) -
type=1400 audit(1606463447.355:57): apparmor="DENIED"
operation="open" profile="/usr/bin/pidgin"
name="/sys/class/video4linux/" pid=7974
comm="gst-plugin-scan" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=0 I need just to declare
"/sys/class/video4linux/* mr," correct ?
873[10:26:59] <ratrace> shtrb: both video4linux/ (no asterisk)
and video4linux/** probably.
874[10:27:15] <shtrb> what does ** mean in that context ?
875[10:27:37] <ratrace> all paths under it, including those with
/ meaning all files and subdirs, recursively
876[10:27:57] <ratrace> single * allows only names directly in
the directory
877[10:28:00] <shtrb> oh thanks
878[10:28:37] <ratrace> not afraid of someone spying you over
the webcam? :)
879[10:29:11] <shtrb> it's plugin for video chat , it is
expected to work :D
880[10:29:25] <shtrb> and I have a mechnical lock on the webcam
881[10:29:50] <shtrb> analog shutter ?
882[10:29:52] <ratrace> right :)
883[10:30:07] <ratrace> is that a librem laptop?
884[10:30:13] <lusrx> sney: partitioning and formatting disk
right now. dd mode in rufus worked really nicely for me. thank you!
but trackpad is still not working for some reason. hopefully it will
be sorted out once i have the system up and running.
885[10:30:31] <shtrb> ratrace , no , a thinkpad, I couldn't
afford to get a liberm with covid19 and all
886[10:31:02] <ratrace> is that switch native to thinkpad or you
got a usb cam or something?
909[10:50:31] <ratrace> shtrb: well you can put pidgin in
complain mode and see if starts working. if it does, then check the
profile and look for denials
910[10:51:25] <lusrx> help! i have a black glowing screen again.
debian just finished installing all 1300+ packages and toward the
end it rebooted i think.
925[11:00:10] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
926[11:00:38] <meltingwax> i'm having some problems with
accessing a port on my server externally (inside LAN and outside). i
checked iptables and there shouldn't be a firewall active, so
i'm puzzled why port 80 works but this one doesnt
1002[12:25:27] <RhineDevil> I'm trying to do a passwordless
and keyless SSH guest access. For that I followed these articles:
replaced-url
1003[12:26:38] <ratrace> RhineDevil: passwordless and keyless?
then using what for authorization?
1004[12:27:03] <RhineDevil> ratrace, nothing, it's supposed
to work like ftp anonymous account
1005[12:27:41] <ratrace> well I never tried that with ssh... but
what's your question.
1006[12:28:18] *** Quits: pvdp6655644 (~pvdp@replaced-ip) (Remote host closed the connection)
1007[12:28:28] <RhineDevil> ratrace, I'm not achieving it.
It still asks me for a password even though I've enabled
PermitEmptyPasswords for Match Group
1008[12:28:46] <ratrace> tried to hit just enter and submit an
empty password?
1009[12:29:04] <RhineDevil> ratrace, mhhh gotta try that
1011[12:29:45] <RhineDevil> ratrace, doesn't let me do that.
it says "no password supplied"
1012[12:29:46] <ratrace> I'm not sure openssh would allow
completely noninteractive login. could be wrong, like I said, I
never tried it. my inner security daemons are now screaming and
trashing about...
1013[12:30:02] <ratrace> RhineDevil: does the account you're
trying have empty password field?
1014[12:30:10] <aiRness> Hello. Just upgraded my debian sid, are
there any known bugs for pulseaudio ? Even the aplay doesn't
give any soundcards installed
1015[12:30:11] <RhineDevil> ratrace, yes
1016[12:30:52] <RhineDevil> aiRness, pulseaudio didn't see
any soundcard even in stable for me
1017[12:30:56] <ratrace> !tell aiRness about debian-next
1018[12:31:30] <aiRness> RhineDevil: well everything was workign
fine until yesterday's upgrade, thing is aplay doesn't
even see the soundcards now (pulseaudio shows dummy devices)
1019[12:31:45] <RhineDevil> I've beheaded the bull by just
installing jack as a system-wide daemon and using pulseaudio as a
jack client
1020[12:32:13] <RhineDevil> but it's not an everyday task I
had to mess around with lots of things
1021[12:33:14] <RhineDevil> ratrace, yes the account I'm
using has an empty password field
1022[12:34:13] <ratrace> RhineDevil: wait I'm looking throug
the manpage. this is highly unusual
1030[12:37:16] <ratrace> pipewire is very much new software.
fedora wants to switch to it within next or netx two releases. imho,
it'll be PA debacle all over again, but fine.... definitely not
happening in debian for next and I doubt even for next-next
1031[12:37:17] *** Quits: ich (~ich@replaced-ip) (Quit: Ex-Chat)
1032[12:37:19] *** Quits: Deyaa (uid190709@replaced-ip) (Quit: Connection closed for inactivity)
1033[12:37:56] <aiRness> I don't get why I complete lost
track of the soundcard though, even with aplay -l
1047[12:46:25] <ratrace> RhineDevil: found this... note the
distiction between "empty password" (witha hash for
"empty") and "no password" which apparently
doesn't work.
replaced-url
1048[12:47:19] <ratrace> so, again, they DO set a password,
through a hard-coded hash of basically newline I think
1049[12:47:54] <ratrace> see the two links in the accepted answer
for more info
1051[12:49:00] <ratrace> RhineDevil: finally... I have to warn
you, this setup is very, very very fragile. One tiny mistake and
you've opened your server to free, unauthenticated login, to
the whole wide internet.
1082[13:19:53] <shtrb> RhineDevil, a wise man once said ,
replaced-url
1083[13:21:21] <shtrb> RhineDevil, from the man file: This call
changes an ingredient in the pathname resolution process and does
nothing else. In particular, it is not intended to be used for any
kind of security pur‐
1084[13:21:22] <shtrb> pose, neither to fully sandbox a process
nor to restrict filesystem system calls. In the past, chroot() has
been used by daemons to restrict themselves prior to
1085[13:21:22] <shtrb> passing paths supplied by untrusted users
to system calls such as open(2). However, if a folder is moved out
of the chroot directory, an attacker can exploit that to
1086[13:21:22] <shtrb> get out of the chroot directory as well.
The easiest way to do that is to chdir(2) to the to-be-moved
directory, wait for it to be moved out, then open a path like
../../../etc/passwd
1089[13:22:29] <gryffus> Hello, is there anyone with experiences
with EJBCA? I am trying to find "EJBCA Client Toolbox" for
CLI access to EJBCA, but cannot find it anywhere. I just need to
check for existence of a certain certificate from bash
1090[13:22:37] *** luce4783 is now known as S3xyL1nux
1104[13:32:16] <RhineDevil> shtrb, yeah but point is, if you just
can access sftp and not shell, you cant execute anything.
doesn't matter if it just changes the path, cause you
won't be able to execute a process that goes outside this path
anyway
1105[13:32:32] *** Quits: black_ant (~antilope@replaced-ip) (Quit: simplicity does not kill)
1106[13:32:47] <jelly> I thought LE ran on fully opensource
software.
replaced-url
1107[13:33:04] *** Quits: nksegos (~Thunderbi@replaced-ip) (Remote host closed the connection)
1117[13:35:45] <shtrb> RhineDevil, have you looked on the part
when it can read ANY file on the mounted file system ?
1118[13:35:59] <gryffus> bezaban, I can see only
ejbca_ce_6_15_2_6.zip
1119[13:36:03] <bezaban> ejbca is open source, but has some
enterprise functions. It's used by some public type CAs as well
as other product scoped or internal ones :)
1120[13:36:05] <RhineDevil> shtrb, how can it read ANY file if
you're locked inside the cage
1121[13:36:38] <shtrb> RhineDevil, man 2 chroot
1122[13:36:40] <bezaban> gryffus: yeah, that's the one.
1245[15:21:40] <marz> What package do I need to install to
satisfy this error: "Error: Unable to compile the binary
module. Do you have the rrdtool header and libraries
installed?"
1249[15:24:31] <torbjorn> sorry for asking something super
trivial as this, but I installed debian 10 as a kvm/qemu virtual
guest, with a bridged interface, and now want to configure a static
ip address. I take out iface ens3 inet dhcp and instead type iface
ens3 inet static address 192.168.3.0/24 gateway 192.168.3.1 # but
when I do ifdown ens3 and ifup ens3 , ens3 now has two ip addresses,
both the original dhcp ip and the new
1250[15:24:37] <torbjorn> static ip
1251[15:25:07] <torbjorn> if I tcpdump for udp 67:68 on the kvm
host, I see activity the moment I do ifup, every time
1263[15:29:23] <shtrb> marz , we need little bit more about it
but at leas you would need rrdtool and librrds-perl dh-lua gem2deb
gem2deb-test-runner libdbi-dev libdbi1 liblua5.1-0-dev liblua5.2-dev
liblua5.3-dev liblua5.4-dev libpython3-all-dbg libpython3-all-dev
libpython3-dbg
1325[16:11:23] <RhineDevil> what fails specifically is
ChrootDirectory
1326[16:12:04] *** Quits: Brigo (~Brigo@replaced-ip) (Remote host closed the connection)
1327[16:12:25] <RhineDevil> you can use internal sftp as
subsystem and ForceCommand, but if you do "ChrootDirectory
/home/%u" it fails and ssh always closes the connection
1335[16:14:59] <SnakesAndStuff> I'm having problems with
bind9 in debian buster. When I try to write a log file to
/var/log/bind/bind.log whith /var/log/bind and the bind.log
belonging to bind.bind with proper permissions it still fails
(testing it as running in foreground to see error)
1345[16:18:53] <ksk> SnakesAndStuff: but eh, I would the standard
config of bind9 to be able to write to its logfiles - so what did
you change and why?
1348[16:20:43] <SnakesAndStuff> ksk: Because I was going to make
the output more verbose and enable logging... Trying to figure out
why some DNS queries are getting blocked/failing with runnined a
cached dns server
1349[16:21:02] <SnakesAndStuff> and rather than spam syslog, I
was going to temporarily have it write to a specific file
1350[16:21:29] <SnakesAndStuff> ksk: And my "it fails"
is a laughable technical description. But what I posted is the
actual output.
1351[16:22:19] <ksk> kk, then from what you say: bind9 is not
running as user "bind".
1352[16:22:41] <ksk> Mhhm, maybe also make sure no
namespace/cgroup/protection options are set in bind9 systemd unit
file.
1353[16:23:01] <SnakesAndStuff> When I disable logging, and start
it via systemctl it surely does run as bind.
1377[16:31:23] <ksk> typicly it is in
"/lib/systemd/system/XxX.service" - you can copy it to
/etc/systemd/system and then edit it there - it will take priority
over the one coming from the package
1381[16:34:04] <SnakesAndStuff> ksk: I took a look in that
file... followed it from the symlink in
/etc/systemd/system/multi-user.target.wants/bind9.service
1382[16:34:26] <SnakesAndStuff> which is where I pulled the
startup command from and added a -f to run it in the foreground to
try to get error messages.
1387[16:37:35] <SnakesAndStuff> Interesting... gives the same
error if I try to write to a file in a directory outside of
/var/log... .even with 777 permissions
1472[17:56:03] <grondilu> I wanted to spare some CPU for a remote
laptop connect to only through SSH, so I ran it on runlevel 3
instead of 6. Problem is apparently now the screen never turns off,
and it's kind of bright. How could I turn it off ?
1473[17:56:24] <grondilu> s/laptop connect/laptop I connect/
1474[17:57:00] <grondilu> I suppose I could run it back on level
6, but meh.
1535[18:53:28] <asterismo_l> i'm trying to install debian in
an old PC with two IDE/ATA drives on a RAID1
1536[18:53:38] *** Quits: conta (Thunderbir@replaced-ip) (Ping timeout: 260 seconds)
1537[18:53:38] *** conta1 is now known as conta
1538[18:54:20] <asterismo_l> updating grub breaks grub and the
system goes to a grub rescue, this happens with Debian 10, and i
think 9 and 8 too. This not happens with Debian 7
1539[18:54:42] <sney> how is the raid configured?
1540[18:54:55] <asterismo_l> if i unplug one drive, the system
boots grub no problem, as soon as i plug the other drive,
grub-rescue
1599[19:07:22] <jelly> klemax: in general, debian does not
support downgrades
1600[19:07:30] <asterismo_l> jelly, i did grub-install and no
error is reported... so
1601[19:07:31] <sney> klemax: some individual packages can be
downgraded manually, but there is no mechanism in debian for a full
version downgrade.
1602[19:07:34] <asterismo_l> i'll try again
1603[19:07:51] <asterismo_l> is there anyway to run grub-install
with a debug option?
1604[19:08:06] <jelly> asterismo_l: on both disks? grub-install
/dev/sda and grub-install /dev/sdb if that's where they are?
1605[19:08:14] <sney> grub-install has -v for verbose
1606[19:08:23] <asterismo_l> and jelly should i run grub-install
on sda/sdb or md0?
1607[19:08:31] <jelly> definitely not md0
1608[19:08:35] <asterismo_l> ok
1609[19:08:49] <jelly> asterismo_l: can you pastebin your lsblk
output?
1610[19:09:16] <ficonni> Guys mind helping me out ? I just added
alsactl init to my rc.local file to try and fix my problem of the
jack not working upon boot but no avail. The command works by itself
when typed manually tho.
1611[19:09:42] <klemax> jelly sney: ok i got it, thanks
1612[19:10:07] <jelly> klemax: if you have a backup of debian 8,
restore the whole system from that
1613[19:10:56] <klemax> jelly: yes i can do that, i have a backup
1616[19:11:28] <dpkg> /etc/rc.local may be used to run simple
commands at boot time. It exists by default in jessie or older; in
stretch or newer you need to create it. Don't forget the
<shebang> and be sure to chmod 755 it. rc.local is considered
a hack, a stopgap, or a temporary band-aid; see <systemd>
1623[19:14:17] <ficonni> dpkg: forgive my lack of sysadmin
knowledge, does this shebang mean I need to put the #! the very
beginning of the script ?
1624[19:14:17] <dpkg> Well, my lack of sysadmin knowledge, does
this shebang mean I need to put the #! the very beginning of the
script boy, I guess I could do that. But I believe forgiving is
God's job, I'm just arranging the meeting. *blows my lack
of sysadmin knowledge, does this shebang mean I need to put the #!
the very beginning of the script head apart with .44 magnum*
1625[19:14:56] <jmcnaught> ficonni: dpkg is a bot
1626[19:15:07] <petn-randall> !shebang
1627[19:15:07] <dpkg> extra, extra, read all about it, shebang is
the "hash-bang" (#!) line at the start of a script that
instructs the kernel which interpreter to use. Examples:
"#!/bin/sh", "#!/usr/bin/perl -w".
replaced-url
1628[19:15:20] <petn-randall> ficonni: ^^^
1629[19:15:29] <ficonni> well, that's another thing I
learned today.
1643[19:17:21] <asterismo_l> i'll try and paste in a while
1644[19:17:25] <jmcnaught> ficonni: I also recommend leaving some
comments for your future self (lines starting with #) in the file
about what (and why) it is doing. #!/bin/sh is what you want.
1645[19:17:28] <jelly> asterismo_l: your system does not _sound_
like it uses uefi booting?
1646[19:17:35] *** Quits: nickodd (~nickodd@replaced-ip) (Remote host closed the connection)
1647[19:17:45] <asterismo_l> my system is from 2001
1648[19:18:02] <jelly> asterismo_l: and that partition layout is
missing the efiboot partition, so I assumed you used grub-pc not the
EFI one
1649[19:18:02] <asterismo_l> it is a Dell Precision 530MT dual
Xeon
1651[19:18:30] <asterismo_l> should i addan efi partition?
1652[19:18:34] <ficonni> jmcnaught: copy that. I know about
commenting but didn't know about the shebang. WIll do , reboot
and report. Already did chmod 755 to the file
1674[19:34:51] <L0aD1nG> hello, i have troubles with debian 10
installation on a new pc... Xorg wont run, here is the paste of
/var/log/Xorg.0.log
replaced-url
1680[19:37:12] <jmcnaught> L0aD1nG: how are you starting X? What
GPU do you have? Have you already tried anything?
1681[19:38:56] <L0aD1nG> jmcnaught: i have intell graphics via
the processor, i install xorg and dm and wm normally it would run
automatically i did the same many times on other computers
1682[19:39:42] <L0aD1nG> jmcnaught: i installed just standar
system utilities. And installing what i need from the console now
1694[19:42:37] <L0aD1nG> The installtion process went great no
errors at all
1695[19:43:07] <jmcnaught> L0aD1nG: is xserver-xorg-video-intel
installed?
1696[19:43:12] <d3m0nm4dn3ss> Hey ya'll, I'm going to
run Linux on my wii and right now I have a debian lenny install,
anyways I need to connect to my wifi network but I can't use a
keyboard while it's booted on the Wii. I'm in the root dir
of it right now as I have the sdcard in my computer can I have some
help in where I need to go/what I need to do to connect Linux on my
wii to the internet. I have the wpa_supplicant.conf generated but it
does not seem that it connected to
1700[19:43:49] <Mrbuck> Hi any one know any software on debian
that helps me draw for example I would be needing to draw things
like trees,datastructures and so on
1727[19:48:29] <greycat> That sounds like a high number. Is it
super new?
1728[19:48:35] <Mrbuck> I checkd gimp and inkspace they are for
images and complicated too :( Anyway Thank you I will check sney
also
1729[19:48:51] <jmcnaught> L0aD1nG: it came out this year right?
About a year after Debian 10 unfortunately.
1730[19:49:04] <L0aD1nG> greycat: its the latest if i am not
mistaken
1731[19:49:11] <greycat> Super new hardware may need unstable
kernel/drivers/firmware.
1732[19:49:41] <greycat> !buster freeze
1733[19:49:41] <dpkg> Buster started the freeze process on
2019-01-12 see
replaced-url
1734[19:49:48] <L0aD1nG> so i should install unstable?? I mean
not to search for a solution
1735[19:49:55] <greycat> If the hardware is newer than Jan 2019,
then it may not work well in buster.
1736[19:50:04] <sney> I'm sure greycat means the backport
kernel
1737[19:50:08] *** Quits: conta (Thunderbir@replaced-ip) (Quit: conta)
1738[19:50:15] <L0aD1nG> i tried this so long
replaced-url
1739[19:50:22] <sney> !buster-backports
1740[19:50:22] <dpkg> Some packages intended for Bullseye (Debian
11) but recompiled for use with Buster (Debian 10) can be found in
the buster-backports repository. See
replaced-url
1741[19:50:24] <greycat> Maybe, maybe not. The unstable support
channel may know more.
1742[19:50:36] <L0aD1nG> and i booted and the it was flashing the
loging all the time on the console
1743[19:50:37] <Mrbuck> sney: dia is what I needed
1744[19:50:40] <Mrbuck> thank you
1745[19:50:42] <greycat> You can *try* the backported kernel,
plus whatever else you need, but it may be a LOT.
1746[19:50:55] <jmcnaught> A newer-than-buster GPU might need
more than a newer kernel, such as newer mesa or xorg versions too.
1747[19:50:57] <sney> the 5.8 kernel in buster-backports is new
enough to support most post-buster hardware
1748[19:51:07] <sney> Mrbuck: np
1749[19:51:34] <d3m0nm4dn3ss> looks like it's a Broadcom
4710?
1750[19:51:39] <d3m0nm4dn3ss> based on the kernel output
1751[19:51:44] *** Quits: ttys000 (~ttys000@replaced-ip) (Read error: No route to host)
1765[19:54:38] <dpkg> #debian-next is the channel for
testing/unstable support on the OFTC network (irc.oftc.net), *not*
on freenode. If you get "Cannot join #debian-next (Channel is
invite only)." it means you did not read it's on
irc.oftc.net. See also
replaced-url
1766[19:54:50] <greycat> Those people may know more about your
hardware and how well unstable (etc.) supports it.
1767[19:54:59] <sney> greycat: keep your pants on, they
haven't even made a decision yet.
1768[19:55:34] <L0aD1nG> i will try the bpo kernel first.
1769[19:55:35] <sney> L0aD1nG: it sounds like the 4.19 kernel in
buster isn't new enough for your video hardware, yes. but you
can install the 5.8 kernel from buster-backports, which likely
*does* support it.
1799[20:09:17] <greycat> For the last 10 years or so, the
recommended configuration is "let the X server figure it out
automatically", and you only make xorg.conf.d snippets (which
are in /etc/X11 not /usr/share) if you REALLY need them, for exotic
hardware.
1800[20:09:18] <L0aD1nG> okay i installed
"linux-image-amd64" and "linux-headers-amd64" it
works great now
1806[20:10:56] <sney> yep, with new intel hardware usually the
only thing you need is the more up-to-date kernel module, intel
stuff plays nice with linux.
1813[20:15:00] <L0aD1nG> i am telling that cause the motherboard
is super new too
1814[20:15:17] <Franciman> another question, how can I see which
parameters are passed to each module in the kernel?
1815[20:16:13] <sney> Franciman: that's set up in
/etc/modprobe.d though most stuff will just be loaded with defaults.
you can see what the defaults are with modinfo.
1818[20:18:46] *** Quits: milkt (~debian@replaced-ip) (Remote host closed the connection)
1819[20:18:47] <sney> L0aD1nG: with that 5.8 kernel, all of your
drivers are up to date as of Sept 2020. so unless it's *really*
bleeding edge, I expect your devices to work
1820[20:19:34] <greycat> you may still need post-stable firmware
1821[20:20:49] <sney> yeah, and that's in buster-backports
too
1823[20:22:54] <L0aD1nG> this machine has windows too yesterday i
installed the and "build" them as i wanted, i bought them
its the official windows 10...
1849[20:36:09] <ratrace> that's like saying your needs are
to go to the store, and you're comparing some small car with a
big truck and say that the truck gulps so much more fuel, and needs
time to warm up, fill up airbrake tanks, etc...
1850[20:36:31] <greycat> I see no problem with that statement.
The car is a more suitable choice for this job.
1851[20:36:35] <ratrace> yea but that truck can pull ten of those
cars on a trailer, and have different trailers, etc...
1852[20:37:22] <greycat> The truck is a far better choice for
carrying tons of cargo to a distant factory.
1853[20:42:28] <ratrace> well sure, that's the idea
1905[21:41:11] <asterismo_l> jelly, not a chance, i installed
debian 10 and after reboot i get grub rescue
1906[21:41:29] <asterismo_l> it prompted me to choose install
grub in sda or sdb and i choose sda
1907[21:42:56] <jelly> asterismo_l: can you not choose both sda
and sdb?
1908[21:44:04] <jelly> that's what you're supposed to
do with a raid1 setup, boot loader on both sda and sdb, so when one
goes bad you still have a boot loader
1909[21:45:46] *** Quits: wh0kares (~wh0kares@replaced-ip) (Remote host closed the connection)
1914[21:59:39] <SnakesAndStuff> If anyone is interested, the
problem I had with bind/named and logfiles earlier I discovered was
because of apparmor... Found it while browsing information in
/var/lib/dpgk
1915[21:59:44] <def_jam> hey i can run a program succesfully
using the exact same command as i do in crontab -e
1916[21:59:47] <SnakesAndStuff> and by default it wants log files
in /var/log/named not /var/log/bind
1917[21:59:56] <def_jam> but with crontab ..it fails with bad
gateway
1918[21:59:59] <SnakesAndStuff> What resource do I use to look up
what restrictions apparmor places on various apps?
1921[22:00:28] <greycat> crontab gives you a VERY bare
environment. no terminal, no $TERM variable, none of the stuff you
get from your dot files when you login, etc.
1927[22:05:07] <roycroft> when running cron jobs, especially with
elevated privileges, it's best to explicitly stipulate the full
path name of any commands
1941[22:07:51] <roycroft> and in modern debian, /bin is a symlink
to /usr/bin
1942[22:08:03] <roycroft> and /sbin a symlink to /usr/sbin
1943[22:08:11] <greycat> Some people at work are using VNC
sessions and wanted me to make them start at boot time. It turns out
tightvnc server expects to see a $USER variable in the environment.
Which is of course not standard in Linux....
1944[22:08:24] <roycroft> so moving utilities from /bin to
/usr/bin and vice versa is moot at this point :)
1945[22:08:32] *** Quits: mezzo (~mezzo@replaced-ip) (Quit: leaving)
1946[22:09:01] <greycat> roycroft: only if you installed buster.
If you upgraded to buster, this is not the case, unless you also
installed the usrmerge(?) package.
2084[23:30:43] <mason> roycroft: In modern Debian, whether you
have usrmerge or not is contigent on how you install. Controllable
via a debootstrap flag, for instance.