282[04:56:51] <Heston> Is there any reason why a debian stretch
installation would ever check the cdrom drive without any
interaction from myself? Is it safe to assume ive been rooted?
283[04:58:14] <cws> Check in what way?
284[04:58:14] <sney> no, it's normal for various programs
and/or the kernel to sync disks, which might cause an optical drive
to spin up or blink etc
291[05:00:06] <sney> it's highly unlikely to get
"rooted" out of nowhere, particularly on a personal
computer on a private network.
292[05:00:26] <sney> you can use stuff like debsums to make sure
your packages are still kosher though,
293[05:00:28] <sney> !debsums
294[05:00:28] <dpkg> debsums is a utility that will check a
package's files against their checksums. The "-a"
argument will instruct it to also check configuration files:
"apt install debsums; debsums -a -s". Almost all packages
come with md5sums included in the package or apt will have generated
them for you; generate missing ones with "apt-get install
--reinstall `debsums -l`". Ask me about <md5sums>.
295[05:00:35] <Heston> maybe so but that type of activity is
nerve racking
318[05:11:27] <cws> For systems without a GUI, yes. For systems
with a graphical environment, its often NetworkManager.
319[05:11:55] <somiaj> it is one of the many ways debian offers,
though usually just use /etc/network/interfaces to configure the
scripts (I prefer that)
320[05:12:38] <somiaj> note you can use networkmanager from the
command line, no need for a gui
321[05:14:15] <Celmor[m]> if systemd-networkd is available
I'll use that. I don't like having to configure stuff with
scripts since you don't necessarily know what state the system
is in and it pretty much requires to re-configure all network
interfaces to reload the configuration changes
322[05:14:23] *** Quits: catman370 (~catman@replaced-ip) (Quit: See you later..)
323[05:14:29] <Celmor[m]> even netplan is better IMO
324[05:14:41] <cws> netplan is actually pretty great, imho.
325[05:15:02] <sney> systemd-networkd is available, and getting
a bit more popular anecdotally. ifupdown is the default configured
by the installer but that's all, you're free to use
whatever.
326[05:15:20] <somiaj> Celmor[m]: systemd-networkd is avaiable,
just disabled by default. Note you really don't do much with
scripts, you just configure the interfaces file and the scripts do
the rest, I find it fairly painless
327[05:15:53] <Celmor[m]> well, systems building/based on top of
debian expect that ifupdown is used which is why I was asking
328[05:15:56] <somiaj> the interfaces file is just a set of
options, and for most setups you don't need to much (though for
more complicated setups other tools might be easier)
329[05:16:29] <Celmor[m]> I have to mess around with iptables
rules and when I saw that I had to put in the rules in that script I
was done with ifupdown
330[05:16:36] <somiaj> Celmor[m]: really the only thing in
debian is to choose the tool you like and use it, don't mix.
Debian provides you lots of choices as to which tool you like the
best.
331[05:17:11] <somiaj> what you don't have to do that, I
think you are finding incorrect info, iptables have their own set of
scripst which you don't have to include in the interfaces file
(though note you should be using nftables these days anyways)
332[05:17:21] <Celmor[m]> sure, because linux provides you with
lots of options. I was just wondering if debian had a preference and
it appeared to be ifupdown
333[05:17:31] <cws> Not a preference. Only a default.
334[05:17:49] <Celmor[m]> only a matter of wording
335[05:17:50] <somiaj> Celmor[m]: The fact that you are messing
with scripts makes me think you aren't using them in a standard
way.
336[05:18:07] <Celmor[m]> that's the solution I found from
SO
337[05:18:42] <cws> Celmor[m]: A preference implies that you
sacrifice function or otherwise encounter functional issues if you
go with something else. A default is simply a consequence of needing
SOMETHING there to manage networking post-install.
339[05:19:48] <Celmor[m]> specifying a default also means
tooling building on top of your system expect the default
configuration. for example proxmox, either you use ifupdown (in
which case you can configure networks through the UI) or you have to
do it all manually on the CLI
348[05:22:15] <Celmor[m]> it still uses the same debian repos
and for all intents and purposes is based on debian. I'm not
blaming debian for things proxmox does wrong but I was just
wondering about the choice of using ifupdown as default where the
proxmox quirks resulted as a consequence from
349[05:22:18] <cws> And if they've chosen to base their
stuff on ifupdown, that's their choice. Ask them why,
that's not a Debian concern.
350[05:23:37] <cws> networkmanager is only a package away.
networkd is a built-in.
351[05:23:49] <Celmor[m]> settings something as a default has
more consequences and choosing something "ancient" like
ifupdown means packages don't try to implement any extra
support for more modern alternatives
352[05:23:50] <cws> Proxmox depended on ifupdown by choice, not
by requirement.
353[05:24:21] <cws> Nothing has stopped proxmox, or any other
user or project, from using networkd immediately.
354[05:24:46] <cws> So, again, this is a proxmox question, and
as such is offtopic in this channel.
355[05:24:53] <Celmor[m]> all I was wondering about was the
choice of using or rather staying on ifupdown
356[05:25:03] <Celmor[m]> by debian
357[05:25:32] <Celmor[m]> whatever proxmox decides to user while
considering debians default (which still is ifupdown) is another
topic
358[05:25:34] <Celmor[m]> use*
359[05:25:39] <cws> Nothing is stopping anyone from using
whatever network manager they want to use. Your question is
predicated upon an issue that doesn't exist.
360[05:26:45] <Celmor[m]> not saying there's an issue per
se. at the danger of repeating myself, just the implication of
setting a default has more consequences, not just for debian itself,
which the developer behind might not intend.
361[05:27:06] <Celmor[m]> that's all I have to say. thanks
362[05:27:17] <cws> You're imagining implications that
don't exist.
366[05:29:32] <Heston> sney, thanks for the response
367[05:30:25] <somiaj> what makes you think ifupdown is acient,
it uses ip and modern tools in the scripts, and the interfaces file
is fairly straight forward. Again sounds like you are using
something built on top of debian, not debian or debian's
interfaces file.
381[05:45:20] <somiaj> solrize: yea, I had the same issue,
searching for "R" just matches too many things.
382[05:45:57] <somiaj> oh I did this with apt search which
doens't have the number of character limitation, but searcing
for "R" or "C" even if you could would return
too many things.
384[05:47:42] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
385[05:48:30] <somiaj> though seems apt search " R "
and apt search " C " does help a bit, though can't
see a way to only search the short descriptions (not long
descriptions too)
386[05:49:57] <somiaj> but doens't appear you can do "
R " at packages.debian.org, which is 3 characters.
387[05:52:01] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
388[05:54:44] <solrize> oh i hadn't thought of using quotes
414[06:37:54] <solrize> what is the debianistically correct way
to install a newer version of something than the one in the distro?
like if i want to run python 3.9 or 3.10
422[06:47:45] <jmcnaught> solrize: you do not want to replace
the system python3 because other software relies on it and a newer
Python could introduce changes in behaviour. You could install a
newer python3 somewhere like /opt or maybe in your $HOME but using a
chroot or container is probably better.
423[06:48:47] <somiaj> solrize: python is kinda a special case,
but it is fairly easy to install a newer python, just use virtual
enviorments.
424[06:49:37] <somiaj> solrize: But I installed python 3.8 and
3.9 by (a) download the python source, (b) compile it in $HOME (but
don't install it just compile it), (c) call the binary that was
built and use it to create a virtual enviorment, from there you can
use that version of python inside its own directory separate of your
system.
434[06:54:28] <somiaj> solrize: basically it puts all of the
python binaries in /some/directory, and then has a script that you
run that sets up your enviorment that anything to deal with
python/pip is installed and run from only inside that directory
independent of your system.
435[06:57:00] <jmcnaught> somiaj: virtualenvwrapper makes it
even sweeter
436[07:00:01] *** Quits: riff-IRC (~riff2@replaced-ip) (Remote host closed the connection)
438[07:00:35] <jmcnaught> python 3 also has a venv module that
is similar in the standard library, but I don't think this
allows you to select an arbitrary python3 interpreter.
443[07:02:56] <somiaj> I just used the built one, but by default
it juses the binary that ran it, which is fine, if you wanted a
different binary, use that to build the enviorment.
444[07:03:06] <TechieGuy> Hi, I'm installing debian with
debootstrap. Now in the "Run Debootstrap
445[07:03:41] <jhutchins> I don't see anything amazingly
new being developed on those enviroments.
446[07:03:42] <TechieGuy> stage" of doc. What to do if I
want to install debian testing? Can I replace buster with sid?
447[07:04:05] <somiaj> TechieGuy: well sid isn't testing,
but yes you can specific which release to download when you run
debootstrap.
448[07:04:12] <somiaj> TechieGuy: I think you mean bullseye if
you really want testing.
449[07:04:21] <TechieGuy> Which one is testing? :D
450[07:04:28] <TechieGuy> Ok
451[07:04:35] <jhutchins> TechieGuy: Yes, and you can break your
system and make it unusable.
452[07:04:49] <TechieGuy> jhutchins: What?!
453[07:05:03] <jhutchins> TechieGuy: If your goal is to play
with the system, go for it.
455[07:05:20] <TechieGuy> Hi, I'm installing debian with
debootstrap. Now in the "Run Debootstrapstage" of doc.
What to do if I want to install debian testing? Can I replace buster
with sid?
456[07:05:25] <TechieGuy> This was the full msg
457[07:05:27] <TechieGuy> jhutchins:
458[07:05:50] <jhutchins> TechieGuy: If you actually rely on
your system to get work done, it's a bad idea.
459[07:06:16] <jmcnaught> TechieGuy: is this the doc you are
following?
replaced-url
460[07:06:34] <TechieGuy> But stable branch contains very old
packages. And, I can handle minor issues.
461[07:06:36] *** Quits: JordiGH (jordi@replaced-ip) (Remote host closed the connection)
467[07:09:09] <somiaj> due to the freeze bullseye is fairly
usable right now as the focus is just on the remaing rc-bugs, the
biggest draw back is the lack of security support
471[07:10:04] <TechieGuy> Only stable has better security?
somiaj
472[07:10:38] <TechieGuy> Well, then, can I install specific
testing packages on stable?
473[07:10:49] <somiaj> sid has fairly decent security support
(at higher risk of broken packages), since when a security vunl is
found, the package in stable gets fixed, and a new package gets
uploaded to sid
474[07:11:18] <TechieGuy> can I install specific testing
packages on stable?
475[07:11:20] <somiaj> But then packages have to wait at least 5
days (often longer) to migrate to testing, so that is why seuciry in
testing isn't that good
476[07:11:21] <jmcnaught> There is a backports repository with
newer versions of select packages compiled for Debian stable.
485[07:13:28] <TechieGuy> Well, so what should I do if I want
newer packages than stable and still have security fixes?
486[07:13:44] <TechieGuy> I loved debian except the dated pkgs
in stable
487[07:14:13] <somiaj> TechieGuy: wait until the next release,
any 'newer software' you install, you become responsible
for the support and secuirty of.
488[07:14:42] <somiaj> TechieGuy: outside of sns (newer version
numbers), what exactly is it you need that stable doesn't
provide? To many older versions are a feature not a drawback.
490[07:15:21] <somiaj> And note there are various ways you can
install newer versions of specific programs you work with in a safe
manner, and still have the stability and security support on your
base system.
491[07:15:56] <TechieGuy> Such as my DE, Plasma Desktop, has
added a lot of features in 5.20, somiaj
492[07:15:59] <somiaj> backports is one (though backports
don't have direct security support), though complinig a local
install of the software is also a reasonable way.
496[07:16:51] <somiaj> TechieGuy: DEs are big bloated nightmares
of package dependencies, you won't easily get them backported.
Here, either wait until the next release in 2-4 months, or run
testing and deal with limited security support. Many desktop users
are just fine using bullseye
497[07:17:08] <somiaj> there is no easy/nice way to backport a
DE, they are to big and interconnected.
498[07:17:50] <TechieGuy> Can you suggest me other way or other
distro which has everything of debian and newer pkgs in stable
branch?
499[07:17:52] <somiaj> but many desktop users run testing just
fine, and just deal with the limited security support (which
isn't too bad on a desktop system that isn't actively
serving software and has multiple users accessing)
502[07:18:21] <somiaj> there are even ways to install the
package from sid for grave (kernel usually) based security issues.
503[07:18:51] <somiaj> TechieGuy: there are lots of based off
debian distros people like. But most of us here would suggest debian
and say it is worth the 2-4 month wait to get the newer features in
the next release.
509[07:20:29] <somiaj> Debian just suggests and supports a
frozen stable release, testing/unstalbe is the development branch
for those who want to test out the next release before it is
officially released. Many use testing/unstable as their desktop, I
was just trying to point out some of its drawbacks.
510[07:20:42] <jmcnaught> TechieGuy: The Debian stable way is to
use the same versions of most software for a couple years at a time.
When Debian gets a new release every couple of years you get newer
versions of software and new features.
511[07:21:35] <jmcnaught> TechieGuy: "stable" here
means static or unchanging. You can count on security updates in
Debian and not have to worry that something might need to be
reconfigured because of a new version.
512[07:21:44] <somiaj> (With the added advantage you know it is
fairly well tested, and has good security support for the 2-3 years
you run it)
514[07:22:47] <jmcnaught> For many applications there are newer
packages on backports, and there are other options like Flatpak and
Snap packages too.
515[07:22:49] <somiaj> TechieGuy: note I ran debian testing/sid
as my desktop for years, it isn't that bad, but it is not an
'offical release'. But for someone from gentoo you may
find it just fine (once you undersatnd how the development model
works)
516[07:23:20] <somiaj> I just got tired of constant updates,
fixing my machine when updates break things/or change things, and so
on, and found stable suited my needs, I just ahd to wait a little
longer to get new fancy features.
517[07:23:24] <somiaj> !sns
518[07:23:24] <dpkg> Shiny New Shit Syndrome is a serious
disorder, which usually breaks out into an epidemic every time
something new is released. If you have SNS, ask me about
<backports> and <ssb>; these are better options than
upgrading to <testing> because it is a <moving target>.
519[07:23:25] <abff> sid is solid
520[07:23:45] <TechieGuy> somiaj: I'm only worried about
security updates. I'm sensitive about security.
521[07:24:27] <somiaj> TechieGuy: a lot of sercurity depends on
what you use your machine for, most security issues are not
vulnabilities for desktop systems which don't have remote
users.
522[07:24:28] *** Quits: citypw (~citypw@replaced-ip) (Remote host closed the connection)
528[07:25:25] <somiaj> TechieGuy: if you really want to run
testing, you have to pay attention to the DSA (debian security
announcments) and if you see something that may affect you, often
times installing the package form sid will work just fine while you
wait for the fix to propage to testing.
529[07:26:07] <somiaj> But to me if stability and security are
primarly concerns, it might be worth waiting a little longer to get
newer software/features (though as I said, bullseye will probably be
released in 4 months or so, so not long of a wait)
543[07:53:14] <craigevil> could be i removed it will try
reinstalling or trying a different one
544[07:53:28] <jhutchins> craigevil: flatpack: not developed, or
supppred by Debian.
545[07:54:06] <jhutchins> apt is supported. Flatpack and Snap
are not.
546[07:54:10] <somiaj> ahh seems that flatpak creates some
backup ld cache in /run/..., which is a tmpfs, and that is probably
where you are running out of space.
551[07:57:02] <jhutchins> Containers are actually a good way to
experiment with undeveloped software, but reallly can't support
them here.
552[07:57:23] <somiaj> we can't really support some random
flatpak you download though, but it appears that flatpak creates
some tmp ldconfig in /run/ld-so-cache-dir/<long string>/, and
since that is a tmpfs, it could be is what is filling up and giving
you the out of space error.
553[07:57:44] <somiaj> Unsure if you can pass flatpak options to
change where this backup/cache is built
556[08:01:54] <somiaj> maybe creating a link at
/run/ld-so-cache-dir/ to someplace on your hd could also work. Is
your /run partition basically full, or maybe this flatpak just
requires a lot more space than most do
614[08:34:07] <TheBigK02> and my server i reinstalled on
jessie... i had some weird booting issue i remember... and at some
point i gave up and reinstalled and restored from backup. hard when
u cant look at the screen while booting
615[08:35:06] <TheBigK02> why would someone have a heart attack.
raspi is just the hardware and debian the OS. its support related
isnt it?
616[08:35:47] <craigevil> only if you are running debian and not
raspi os
617[08:36:03] <TheBigK02> i want to switch TO debian... nothing
wrong in that, isnt it? :)
618[08:36:37] <craigevil> grab one of the images from here
replaced-url
619[08:36:57] <TheBigK02> awesome. will do :)
620[08:37:19] <TheBigK02> im not at home right now. but may be
today or on weekend... will see... thanks
627[08:38:30] <TheBigK02> is some sort of home server for me...
doing a side to side vpn.. and some services like boot environment
and some NAS features...
629[08:40:24] *** Joins: mezzo (~mezzo@replaced-ip)
630[08:40:27] <craigevil> my pi400 is kinda a frankendebian,
started off as the official raspi arm64, i updated that, then added
testing, upgraded to that, then added unstable and upgraded to that
631[08:40:49] <craigevil> still has the raspi kernel and
configs, everything else is sid
642[08:49:12] <oxek> is that surprisingly low, hence sarcasm
about loving your connection, or surprisingly fast, hence actually
loving your connection?
643[08:49:22] <oxek> I don't remember the last time I
waited 49s for anything
644[08:50:13] <oxek> s/low/slow
645[08:51:32] <craigevil> it would have been like 5 seconds if i
wasn't using a vpn
646[08:52:15] <craigevil> even with the vpn 380+MB in 49 seconds
seemed pretty good, i use uget
746[10:30:15] <TechieGuy> Btw, in Gentoo, installing a pkg from
testing branch is super easy. Just add the pkg and it's
deps' name to a text file. I wish smthng like that were in
Debian
764[10:42:10] <dpkg> A backport is a package from a newer Debian
branch, compiled from source for an older branch to avoid dependency
and <ABI> complications.
replaced-url
765[10:42:22] <jelly> !debian-backports
766[10:42:22] <dpkg> backports.debian.org (formerly
backports.org) is an official repository of <backports> for
the current stable (see <buster backports>) and oldstable
(<stretch backports>) distributions, prepared by Debian
developers. Ask me about <backport caveat> and read
replaced-url
767[10:42:25] <TechieGuy> jelly: Very sad. But may i ask why?
768[10:42:54] <jelly> TechieGuy, binary, compiled packages and
dependencies don't make it easy
769[10:43:27] <jelly> esp within a single namespace. It's
probably easy on NixOS
770[10:43:57] <TechieGuy> Suppose, I download a .deb and
it's deps from testing branch. can't I just install it
with dpkg?
771[10:44:26] <jelly> in general, no, you can't
772[10:45:02] <jelly> tehnically you can, but the resulting
installation in unsupportable by anyone
773[10:45:09] <jelly> !frankendebian
774[10:45:09] <dpkg> When you get random packages from random
repositories, mix multiple releases of Debian, or mix Debian and
derived distributions, you have a mess. There's no way anyone
can support this "distribution of Frankenstein" and
#debian certainly doesn't want to even try. Ask me about
<reinstall>
775[10:45:12] <TechieGuy> What is the reason? What issues may
occur?
776[10:46:58] <jelly> various components rely on one another and
are only tested well within a release. Mixing and matching does
several things: 1) new unforeseen interactions 2) impossible to
apply security patches because patching relices on strictly
monotonic version increases
778[10:48:09] <TechieGuy> Suppose, I won't take pkgs from
random repos or mix stable and testing, everything but the
downloaded pkg will be stable, my pkg won't even belong to core
system pkgs and just a normal user pkg. In that case?
779[10:48:31] <TechieGuy> The pkg will be from
packages.debian.org
780[10:49:29] <jelly> TechieGuy, 2) still stands, even if the
package has no extra dependency
781[10:50:16] <TechieGuy> Ok. That's not a big concern
though. What could be the harms arising from 2?
800[11:01:09] <jelly> TechieGuy, if you're installing a
slim or embedded system with very limited disk space, you can pick
and choose which xorg video driver to install first, then install
xorg server and it won't pull in video-all
801[11:02:33] <TechieGuy> jelly: I'll use modesetting for
intel
802[11:03:10] <jelly> TechieGuy, if you're installing on a
general purpose x86 workstation or laptop with enough disk space,
10GB for / filesystem or more, I suggest ignoring the percieved
bloat and installing Recommends as well
803[11:03:35] <jelly> !install kde
804[11:03:35] <dpkg> The 'kde-standard' package gets
you the common set-up, 'kde-plasma-desktop' and
'kde-plasma-netbook' provide minimal KDE 4 setups with
respective flavouring, and 'kde-full' installs everything
KDE 4. To install using Debian-Installer (if not using KDE CD-1):
from the 'Software selection' dialog, choose
"KDE" (use space bar to toggle selections), then
"Continue".
805[11:04:07] <jelly> that's a bit dated but those package
names still pull in all the plasma bit
810[11:12:12] <b0rsuk> What's the command to run a game in
terminal in such a way that it spawns a new terminal? My priority is
that error messages should be visible if it crashes or fails to run.
811[11:12:31] <b0rsuk> I also want to set terminal title, so
gnome-terminal is out. xfce4-terminal is an option.
812[11:13:25] *** Quits: Jerrynicki (~niklas@replaced-ip) (Remote host closed the connection)
814[11:13:45] <b0rsuk> I'm using i3 window manager, and
I'm putting simple shell scripts and/or symlinks in $HOME/bin
so I can press $MOD-d, opening dmenu and running an app by typing.
826[11:28:13] <jelly> TechieGuy, to avoid pulling in a
metapackage with all the drivers, like xserver-xorg-video-all,
you'd figure out which package pulls it in, see if there's
an alternative dependency and install that first
838[11:30:50] <jelly> TechieGuy, best ask the mirror owner
839[11:31:10] <TechieGuy> :/
840[11:31:36] <jelly> !debian mirror checker
841[11:31:36] <dpkg> Debian mirrors have timestamp files we use
to determine how recently they have been updated. Here are some
statistics the mirror maintainers provide:
replaced-url
891[11:59:43] <dpkg> build-deps are the packages you need to
compile a package. "aptitude build-dep
package-you-want-to-build" will install them, or use
mk-build-deps (equivs package) to have undo-able build-dep
installation. If using <uupdate> or <ssb> to update a
package, you will likely need additional -dev packages. You can
«/msg judd builddeps package».
892[11:59:56] <jelly> !package rebuild
893[11:59:56] <dpkg> 1) Add a <deb-src> line for your
current release to your sources.list 2) apt update; apt install
build-essential devscripts fakeroot; apt build-dep packagename 3) as
any user, apt-get source packagename 4) cd packagename-version/; ask
me about <debian/rules>; 5) dpkg-buildpackage -uc -us 6) as
root, apt install ../packagename-version.deb. Ask me about
<debian/rules>, <nocheck>, <nostrip>, <apt-get
source>.
894[12:00:02] <jelly> !simple sid backport
895[12:00:02] <dpkg> First, check for a backport on
<debian-backports>. If unavailable: 1) Add a deb-src line for
sid (not a deb line!); ask me about <deb-src sid> 2) enable
debian-backports (see <bdo>) 3) apt update; apt install
build-essential; apt build-dep packagename 4) apt -b source
packagename 5) dpkg -i packagename-ver.deb To change compilation
options, see <package recompile>; for versions newer than sid
see <uupdate>.
904[12:02:37] <avu> I think the misunderstanding here might be
that apt installs build-deps by default as TechieGuy thinks those
drivers are just build-deps.
911[12:03:18] <jelly> build deps are completely separate from
binary deps
912[12:03:22] <jelly> TechieGuy, you can't translate best
practices from a source-based distro to a binary-package based
distro easily. The tradeoffs are different, and with a binary
package distro you live with the choices your
925[12:05:12] <avu> TechieGuy: are you sure you are reading that
Arch site right? Pretty sure they also need at least one of those
driver packages at runtime
926[12:05:13] <jelly> the fact they don't make a
distinction between binary deps and build deps betrays the
underlying structure of a source-based distro
928[12:05:51] <jelly> in any case, I told you what to do to
reduce the set of packages -- install one video driver FIRST
929[12:06:00] <jelly> any one
930[12:06:45] <jelly> and I also said why it's not worth
bothering to do this kind of micromanagement
931[12:07:06] <jelly> do it only if you have very little space
to install.
932[12:07:17] <jelly> or maybe if your bandwidth is very
expensive
933[12:07:52] <jelly> otherwise, best practice is just to let
apt install what it wants to install
934[12:08:22] <avu> disk space is much cheaper than human time
usually
935[12:08:30] <jelly> (and that in general includes Recommends,
don't avoid them unless you know EXACTLY why your
software's going to work without them)
942[12:10:36] <avu> jelly: I'm not aware of these kinds of
providers being the norm anywhere except maybe mobile plans which
slow down after a certain amount of data transfered but those are,
again, usually not used for Debian installations
948[12:14:22] <TechieGuy> Sometimes apt asks for confirmation,
smtimes it doesn't.
949[12:15:22] <ratrace> if you request one package installed and
there's no additional deps, it won't ask for confirmation.
it _will_ ask for confirmation of _removal_ even if one package.
950[12:15:26] <jelly> it doesn't ask if the goal can be
achieved by doing exactly what you told it to and nothing else
975[12:33:11] <lessless> I have to turn on/off my external hdd
after os has fully loaded. Otherwise it doesn't see it - there
is a bunch of "usb usb2-port2: Cannot enable. Maybe the USB
cable is bad?" In dmesg
981[12:40:30] <jelly> lessless, maybe try a different port? usb
devices and hosts have all sorts of quirks
982[12:40:41] <ratrace> lessless: could be shitty controller on
that thing. could be power options and disk going to sleep on
inactivity. see if you can use hdparm to force no spindown or
something
983[12:40:58] <lessless> Interesting, thanks!
984[12:41:52] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1024[13:22:09] <jelly> also Tab key tells me he's gone
1025[13:22:15] <ratrace> he's gone
1026[13:22:27] <jelly> but nor forgotten
1027[13:22:49] <ratrace> like two seconds after posting the
sources list. I thought maybe accidental ctrl+w
this-aint-vim-but-browser-haha-closed problem
1028[13:22:49] <jelly> he shall always live in our hearts
1029[13:23:25] <EdePopede> good news that hexchat finally did
remove that keybinding in 2.14
1030[13:24:07] * ratrace raises a glass of schanpps. "To the Tech
Guy! Perished in the deadly battle with desktop shortcuts.
Skål"
1038[13:25:27] <dpkg> Release-Critical bugs are Debian bugs with
critical, grave or serious severities, preventing the next release
of Debian. See the graph at
replaced-url
1039[13:25:42] <EdePopede> my hope is that Gtk will change to a
somewhat sane state in v4
1040[13:25:42] <jelly> 176 is rather low
1041[13:26:05] <ratrace> where's that poll trigger ...
methinks I'm winning
1042[13:26:06] <jelly> quick, someone make a Gtk2 compatible
wrapper for Qt
1063[13:40:39] <tanja84dk> Just a small question how do I figure
out at what point in rc2.d it starts things there is enabled with
systemctl? Its because I need to make sure the firewall scripts are
run prior
1064[13:40:41] <TechieGuy> Anyone answered my prev. ques.?
1074[13:46:24] <jelly> tanja84dk, systemd doesn't run things
in predefined order, it runs as much as possible in parallel, taking
care of declared dependencies
1075[13:47:23] <abrotman> TechieGuy: you only have it in
backports
1076[13:47:28] <jelly> tanja84dk, if you need to set up firewall
rules using a custom way instead of using eg. iptables-persistent,
set them up when an interface is brought up, probably
(/etc/network/if-up.d/)
1077[13:47:46] <TechieGuy> abrotman: What to add?
1078[13:47:52] <jelly> !contrib
1079[13:47:52] <dpkg> [contrib] Debian packages that contain
<DFSG>-compliant software, but have dependencies not in main
(possibly packaged for Debian in non-free). To get contrib packages,
add lines like "deb
replaced-url
1084[13:49:13] <tanja84dk> jelly, thanks alot going to look into
that, and yeah its my barebone iptables rules that I need to get set
prior several services because they add their own rules
1085[13:49:16] <jelly> if you plan to use intel firmware, you can
install that as well, but from a third, non-free section
1089[13:49:58] <dpkg> Edit /etc/apt/sources.list, ensure that the
two main Debian mirror lines end with "main contrib
non-free" rather than just "main", then
«apt-get update». But bear in mind that you'll be
installing <non-free> software. These may have onerous terms;
check the licenses. See also <sources.list>.
1092[13:50:39] <jelly> IF that is your goal, you don't need
to iucode-tool manually at all
1093[13:51:11] <ratrace> tanja84dk: rc.d belongs to sysvinit
scripts. it's not directly managed by systemctl, I believe
it's the other way around, the sysv generator creates units out
of existing init scripts
1095[13:51:38] <TechieGuy> jelly: intel-microcode complains of
intel-iucode
1096[13:51:53] <ratrace> complains how?
1097[13:52:18] <jelly> TechieGuy, if you use apt to install it,
and you have correct repos enabled, it will just work
1098[13:52:58] <tanja84dk> its just prior using docker for
something I just had it in /etc/rc2.d but yeah thanks alot I'm
looking into it how to apply it when network gets up
1099[13:53:11] <jelly> TechieGuy, avoid downloading packages
manually and trying to install them one by one, if you can use apt
1106[13:54:28] <ratrace> it should. pesky peers resetting
connexions!
1107[13:54:56] <jelly> you don't see appels resetting
connections I'll tell you that
1108[13:55:19] <jelly> or anges.
1109[13:55:31] <ratrace> emons too?
1110[13:55:45] <tanja84dk> ohh sorry I asked my bad. Just found
out what my issue actually were. Just found out the if-pre-up.d
actually had to restore firewall but their path makes no sense for
me
1111[13:56:33] <DaRock> evidently the api for vmdb2 has changed
and the build system hasn't caught up - but being a debian newb
I have no idea how to go about fixing the issue
1112[13:56:43] <tanja84dk> so going to fix it that way by editing
the firewall restore file in there. And thanks alot jelly for
actually pointing me in a better way
1113[13:57:29] <ratrace> DaRock: maybe a specific chan @ OFTC
would be more helpful? what's that, RPi image?
1114[13:57:41] <jelly> you're welcome
1115[13:57:54] <DaRock> yeah rpi image, but ore specific chan?
1116[13:58:21] <jelly> ratrace, clearly we need an alot bot just
to respond to these
1117[13:58:25] <ratrace> yeah jelly, thank the alot. bring it
fruits and other sacrifices.
1118[13:58:33] <DaRock> this is a debian build after all
1119[13:58:41] *** jelly is now known as alot
1120[13:58:49] *** alot is now known as jelly
1121[13:58:50] <echoSMILE> Hi. How to config the system to limit
any process to not cross 50% of CPU's capacity ?
1122[13:58:55] <jelly> sadly, registered
1123[13:58:58] <ratrace> jelly: how many chans did you just spam
with that :)
1124[13:59:02] <jelly> 120
1125[13:59:04] <ratrace> coulda just asked ze nicksrv :)
1126[13:59:05] <tanja84dk> btw the issue were actually that it
wanted to use iptables-restore from /root folder and not /etc
1127[13:59:15] <jelly> it's the channel limit on freenode
1132[14:00:04] <DaRock> I'm not looking for raspbian...
1133[14:00:56] <ratrace> echoSMILE: you can use cgroups
1134[14:01:30] <ratrace> echoSMILE: infact, systemd service units
can use the Limit directives. for user initiated processes,
it's a bit trickier, but you can still utilize cgroups
1135[14:02:03] <ratrace> systemd.resource-control(5) for more
info
1193[14:35:11] <tanja84dk> Well it were more after I added the
firewall ( my running and working firewall ) to the iptables-restore
( took a iptables-save ) then it wont get ip at boot ( eth0 stays
down )
1194[14:35:34] <tanja84dk> so I guess something fucked it really
up at boot
1196[14:35:52] <cws> tanja84dk: Maybe this is laziness on my
part, but I would recommend using something that manages these
processes for you, like ufw or firewalld.
1197[14:36:03] <tanja84dk> searching in syslog right now to try
figuring out what happend
1198[14:36:27] <tanja84dk> no thanks ufw is really no go
1199[14:36:40] <McErroneous> msg tanja84dk hallo
1200[14:36:41] <cws> Why's that?
1201[14:36:55] <McErroneous> same here...
1202[14:37:17] <cws> And there's also firewalld. Besides,
iptables is going away. It's being replaced with nftables.
1203[14:37:24] <tanja84dk> I have always used iptables directly (
since debian 4 ) where I know what is happening
1207[14:37:46] <cws> Well, now your firewall has locked you out.
Maybe its time to try something new.
1208[14:37:54] <cws> McErroneous: See the previous about iptables
being deprecated.
1209[14:38:03] <cws> Times change, things change, and you have to
learn new things.
1210[14:38:09] <tanja84dk> I never trust the system ( never ) to
open ports by it self its a security risk
1211[14:38:12] <McErroneous> cws: nvm...
1212[14:38:21] <cws> tanja84dk: neither ufw nor firewalld do
that.
1213[14:38:35] <cws> tanja84dk: You, the admin, have to tell
either one what ports are allowed.
1214[14:38:48] <cws> They're just interfaces for nftables
anyway.
1215[14:38:53] <neoclust> Hi
1216[14:39:05] <tanja84dk> and that has never been best practice.
cws are you also using upnp
1217[14:39:17] <cws> tanja84dk: Yes, actually, it has. And no, I
am not.
1218[14:39:25] <neoclust> i need help on my debian 9 i see i have
icu65 ( 65.1-1+0~20200223.8+debian9~1.gbp519cf3 ) but i don't
find from where i downloaded it
1219[14:39:30] <neoclust> does someone can help me ?
1220[14:39:35] <McErroneous> cws, help to tackle the problem
using iptables..., dont recommend updates or upgrades.., introducing
new things...,
1221[14:39:43] <cws> tanja84dk: I REALLY suggest you don't
go down the security and best-practices rabbithole with me. You are
ILL prepared for that.
1222[14:39:55] <cws> McErroneous: Don't tell me how to help.
Either be productive or stop typing.
1223[14:40:01] <cws> McErroneous: Thank you.
1224[14:40:07] <tanja84dk> putted cws on ignore for spam
1225[14:40:15] <cws> Be my guest :)
1226[14:40:49] <wintersky> . for sure
1227[14:40:59] *** Quits: MagicalWizzy (~MagicalWi@replaced-ip) (Remote host closed the connection)
1237[14:50:49] <sigint> I'd like to point that most cloud
providers have firewalls/security groups that can be configured via
an API, it is usually good enough to replace iptables in each
instance.
1252[14:53:22] <ratrace> tanja84dk: me too. they'll pry them
out of my cold dead hands :)
1253[14:53:24] <iridos> mmh, for some weeks now, chromium doesnt
go back and forward in the history using XF86Back and XF86Forward
… that was so handy on the laptop to have that… but I
cannot find in the changelog that they changed that or if there s
maybe an option to re-enable it
1254[14:54:02] <qman__> yes, he is - I went down the road of
trying to learn half a dozen iptables frontends and in the end,
spent a few days learning how to use iptables directly, and it made
a lot more sense and worked a lot better
1255[14:54:43] <qman__> of course, these days, nftables is the
replacement, so if you're starting now, start there instead
1256[14:54:54] <ratrace> qman__: I'm not a "he".
also please note I don't see what cws is typing, he's on
my ignore list. and I recommend don't argue with him.
you'll be verbally shat on.
1257[14:56:42] <iridos> ALT_L and left/right still works …
but that's by far not so nice as a single key, specially as
alt_l is on the other side of the kbd and you always need both hands
1268[15:04:59] <tanja84dk> ratrace, But yeah I dont know if
something else in the server has fucked up under upgrades so as soon
the rsync backup is done then it will get formatted and then
starting with the firewall and then building up again
1270[15:05:25] <EdePopede> iridos: do you still have the old
version around to do a direct comparison of 2 clean profiles? if
they changed it w/o further notice that would be really bad
po(or)licy.
1312[15:23:58] <ratrace> iridos: I heard the term
"stalebian" circulating in the arch community :)
1313[15:24:50] <shtrb> jelly, just wait for IE to come back from
the dead :D
1314[15:25:26] <_0xbadc0de_> hello guys - my issue is that I have
a debian machine (debian 10) with two gpus. I have manually
configured the machine to have a static ip address by editing
/etc/network/interfaces
1315[15:26:06] <_0xbadc0de_> the issue is that when I remove one
of the gpus the network interface associated with the ethernet cable
that connects to my lan is renamed
1317[15:26:33] <ratrace> _0xbadc0de_: eh... buggy BIOS/EFI thingy
... known thing with "predictable naming". I recommend you
tie NIC name to its MAC address
1318[15:26:44] <_0xbadc0de_> it changes from enp1s0 to enp2s0
1319[15:27:15] <ratrace> it's a known issue with
systemd's udev's "predictable naming"
1320[15:27:47] <jelly> ratrace, you could shorten it further to
"stalian" or "stalin"?
1321[15:28:01] *** debhelper sets mode: +l 1076
1322[15:28:06] <ratrace> the way I confiugre my systems is to
revert back to ethX naming, and then I tie NIC name with its MAC
using networkd and a .link unit. iirc you can also tie them using
interfaces(5)
1323[15:28:40] <ratrace> jelly: and then further to alin ->
alon -> alot. The Alot again :) damned beast
1332[15:30:49] <ratrace> if you ahve only ONE network card, then
you don't really have to bind it with its MAC. eth0 won't
change if a GPU is removed. eth0 and, say, eth1 MIGHT exchange on
boot randomly in some cases, which is where tying it to MAC is
needed.
1333[15:31:58] <_0xbadc0de_> ratrace: I believe I do, when I do
ip a I get only one network interface after lo
1361[15:41:34] <ratrace> _0xbadc0de_: yes, this is correct
1362[15:41:40] <_0xbadc0de_> ratrace: the new name for the
network interface will then be eth0?
1363[15:42:02] <ratrace> _0xbadc0de_: the "first" one
as reported by BIOS will be eth0. "second" one eth1,
etc..... since you have only one, it'll be just eth0
1364[15:42:19] <_0xbadc0de_> OK. so no need to tie to MAC addr
then?
1365[15:42:46] <ratrace> no need in this case, but it'd be
future proofing if you did.
1366[15:43:27] <ratrace> mind you, even if you didn't,
it's only about buggy BIOSes where the ethX order changes on
boot, so it's not a rule or mandatory: just a wise,
future-proof precaution
1391[15:50:41] <_0xbadc0de_> so we are all ready, can I reboot?
1392[15:50:42] <cws> /boot/grub/grub.cfg
1393[15:50:54] <jelly> if this is an important setting that you
want applied regardless of the menu entry chosen for boot, then put
it in GRUB_CMDLINE_LINUX= instead of the _DEFAULT setting
1548[18:33:34] <ratrace> anyone running Xorg via startx?
Haven't done that in a long while and I forgot all the
configuration deets but .... for reason that's beyond me
running startx as non-root here, still results with Xorg running as
root. I looked for a dangling setuid bin or something ...
didn't find any. wth?
1557[18:36:11] * sney has typed /usr/lib/nagios/plugins so many times
it's practically muscle memory
1558[18:36:13] <ratrace> so now what. I heard some folks here
running xorgs as regular users . short of removing the setuid ...
what's the trick here?
1559[18:37:06] <ratrace> on gentoo you'd simply install xorg
wihtout the setuid bit and had to deal with permissions manually, so
that part I know what to expect. I'm just not familiar with the
"run xorg without setuid bit on debian" part
1565[18:40:53] <somiaj> yup, the legacy server will not do that,
and for those who use display managers, I still think the
displaymanager runs as root, though maybe it runs as some non-root
user and then calls an authentication command
1566[18:40:56] <ratrace> somiaj: yes yes, I just realized that I
had xserver-xorg-legacy installed which installs teh setuid xorg, as
of stretch. NO idea how that ended up on my system. this was a fresh
buster installation
1568[18:41:29] <somiaj> maybe some dm depends on it
1569[18:41:32] <ratrace> that would require I first aptitude
installed aptitude :)
1570[18:41:49] <ratrace> somiaj: I removed the package, it
removed nothing else. so whatever pulled it in, came as recommended
or suggested, by teh installer
1571[18:41:51] <sney> then apt rdepends xserver-xorg-legacy and
parse the list with your eyeballs
1572[18:41:56] <somiaj> yea, the why and search features of
aptitude ahve me end up installing it when I don't need it.
1573[18:42:21] <ratrace> seems like xserver-xorg recommends it
1575[18:42:43] <somiaj> ratrace: probably because of all the
issues some users had with non setuid xorg
1576[18:43:00] <somiaj> when it first rolled out in testing,
there was lots of people having trouble with xorg working like they
were use to
1577[18:43:23] <somiaj> I personally never ran into any issues,
though I only use a simple window manager, I think display managers
and desktops had more issues
1586[18:47:46] <karlpinc> Just dropped in, after getting the X
security updates. Is there a package I should be removing?
1587[18:48:11] <ratrace> karlpinc: no. I switched to rootless
xorg and _I_ had to remove the legacy xorg thingy that was setuid
1588[18:48:45] <karlpinc> ratrace: I see. (Maybe I should too,
but don't want to have to think.... :)
1589[18:48:53] <ratrace> otherwise, just regular upgrade for
DSA-4893-1
1590[18:49:25] <somiaj> how did you test if xorg was setuid or
not, just ps?
1591[18:49:52] <ratrace> find -perm -4000
1592[18:50:07] <ratrace> I didn't know _which_ bin/file
would be setuid so I was looking for all of them
1593[18:50:54] <ratrace> then I found the /usr/lib/xorg/Xorg.wrap
which belongs to xserver-xorg-legacy and then I remembered about
that package and setuid xorg
1596[18:52:09] <somiaj> I meant how were you testing if the
current running xorg was setuid or not, anyways, seems lightdm runs
xorg as root, so using a dm (which problably most do) probably makes
it so the legacy package is a reasonable recommended package
1597[18:52:31] <ratrace> somiaj: ah I just greped ps for xorg and
saw it running as root
1598[18:53:05] <ratrace> yes lightdm will run it as root.
I'm using startx, and that's why I was confused at first.
seems like _only_ gdm will run rootless xorg, among all the DMs
1600[18:53:46] *** Quits: XenGi (~quassel@replaced-ip) (Remote host closed the connection)
1601[18:53:57] <ratrace> essentially I just switched from lightdm
to startx today, took the opportunity of xorg update + some firmware
updates, so I figured if I'm rebooting, let's try out
startx
1603[18:54:55] <somiaj> I do like how systemd with startx
replaces the tty it runs on, which makes it so you can't
ctrl-alt-f? to get back tot he tty, though quiting/ending your
window manger will drop the user back into an open shell (so one
advantage of a dm)
1604[18:55:14] <somiaj> though lock screens and disabling things
like ctrl-alt-backspace (which is by default) will protect against
that
1605[18:55:52] <karlpinc> I'm running Xorg from a custom
systemd config, to run it on an additional vt to get me a gui on my
headless box. I don't suppose there's some special
username or some such if I did not want to run X as root?
1606[18:55:53] <ratrace> and having a wraper for startx that
basically exits the login shell when startx drops
1607[18:55:54] <somiaj> and I guess if they have access to quite
your wm, they probably have access to run a terminal, so same
difference.
1608[18:56:29] <ratrace> indeed. physical access to the console
usually means game over
1609[18:56:33] <somiaj> karlpinc: I would just create a user for
that, the whole point of non-setuid xorg is any user can run it,
they just may need to be some groups for hardware access.
1610[18:57:01] <karlpinc> somiaj: Righto then. I'll put it
on the list. ;) Thanks.
1611[18:57:25] <jmcnaught> The hardware access is managed by
logind as far as I know
1612[18:57:38] <ratrace> I already run firefox, steam and some
other programs as other users (+ apparmor profile on them), but xorg
is .... xorg. I want, with upgrade to Bullseye, to switch from i3 to
sway, and go full wayland, and leave xorg only for steam and whever
needs it, run as separate, apparmored users.
1664[19:27:42] <karlpinc> xaero: (Top of the document says that,
as a rule, uids/gids not in the base-passwd package should be
obtained dynamically. So all you can count on is the user/group
names.)
1681[19:40:41] <ratrace> now this is weird. I just had vim lock
up in a tmux panel. kill -9 vim's_pid did nothing. tmux seemed
locked too, couldn't switch panes, but I _could_ ctrl+b and
:kill-session
1682[19:41:09] <ratrace> that I couldn't kill -9 that vim is
a bit worrying
1735[20:16:59] <cheche> Given that new Debian versions use a
random device name for the network interface (enp2s0,enp1s10)
instead of eth0. is there a way to tell etherwake which default
interface to use?
1736[20:17:45] <cheche> be fore I could run "etherwake
11:22:33:44:55:66)
1737[20:17:54] <rudi_s> cheche: You can change the name.
1738[20:17:57] <sney> it's not random, it's based on
pci locations, so it is more predictable than the previous eth0
approach which was susceptible to race conditions.
1739[20:18:09] <sney> but you can use a systemd.link file to
define a name based on the mac address if you want
1740[20:18:21] <cheche> now I need to use: "etherwak -i
enp2s0 11:22:33:44:55:66"
1761[20:20:36] <ratrace> rudi_s: in fact ... you don't even
have to revert to ethX. you can use whatever name you want and bind
it to a MAC, via networkd .link unit
1762[20:20:44] <rudi_s> ratrace: I read it's problemtic with
systemd's link files at least.
1763[20:20:49] <ratrace> I think it's possible even via
interfaces(5)
1764[20:20:58] <sney> plus with a custom name it's clear at
a glance that it's something you defined, rather than a change
in automatic kernel behavior
1765[20:21:01] <ratrace> rudi_s: I've been doing this for
our fleet of servers for years now. it's fine.
1766[20:21:03] <rudi_s> ratrace: I know (see above). I use e0,
e1, e2.
1767[20:21:19] <karlpinc> cheche: For info on the naming schemes,
etc., see:
replaced-url
1768[20:21:22] <ratrace> rudi_s: yea, you can force/use whatever
name you want
1769[20:21:38] <ratrace> greycat: btw ... is your xorg running as
non-root?
1775[20:22:49] <oxek> that's an unusual ordering of things
1776[20:23:03] <ratrace> greycat: k. because I today switched
from lightdm to startx and was confused why xorg was still running
as root. the culprit was xorg-server-legacy package that somehow got
installed, probably as "recommended" by xorg-server
1795[20:32:08] <greycat> well, it only shows two settings(?) for
xserver-xorg-legacy ... no idea whether one of them is responsible
for the difference between ratrace's system and mine
1812[20:37:19] <greycat> ratrace: Xorg.wrap(1) seems to be the
only documentation there is, and it says it "will autodetect if
root rights are necessary".
1813[20:37:44] <ratrace> well, it autodetected wrong.
1814[20:37:53] *** Quits: chele (~chele@replaced-ip) (Remote host closed the connection)
1815[20:38:21] *** Quits: XsiSec (~xsisec@replaced-ip) (Remote host closed the connection)
1816[20:38:52] <ratrace> I think the only problem here is
xserver-xorg-legacy being "Recommends" of xserver-xorg. if
anything it should be a dep of DM that requires setuid xorg
1819[20:39:51] <ratrace> I usually run with
no-install-recommends, but this was pulled in by the installer
1820[20:40:01] <greycat> Back in ... stretch(?) ... it was
separated out and offered for chipsets that require it. I don't
know how the autodetection works. Or which chipsets need it.
Probably any that can't do KMS.
1825[20:43:11] *** Scotty_Trees|Zzz is now known as Scotty_Trees
1826[20:43:27] <ratrace> hrm...
1827[20:43:34] <Hrym> Hi! I'm trying out Bullseye on one of
my laptops, and are now trying to understand why suspend hangs when
a file is open on a autofs+nfs share, this was not happening on
Buster. Have I missed something obvious?
1832[20:43:54] <dpkg> #debian-next is the channel for
testing/unstable support on the OFTC network (irc.oftc.net), *not*
on freenode. If you get "Cannot join #debian-next (Channel is
invite only)." it means you did not read it's on
irc.oftc.net. See also
replaced-url
1882[21:37:39] <Caesar_NayKid> Anyone know how i can have my
Debian default to having a Realtek nic on and connecting during
Debian boot and leave off an intel nic to be available for a guest
OS?
1883[21:38:52] <ratrace> Caesar_NayKid: if you don't
configure intel nic on the host, it won't be used
1884[21:39:16] <ratrace> however, what exactly do you mean by
"available for a guest OS"? pci passthru?
1885[21:39:47] <Caesar_NayKid> I guess so. I just turn it off and
it is available in the guest.
1886[21:40:49] <Caesar_NayKid> Yea, it is configured in
Qemu/Virt-Manager as a Physical PCI device
1887[21:41:00] <Caesar_NayKid> And it works
1888[21:41:36] <Caesar_NayKid> But when i boot Debian (host) it
enables that Intel nic by default
1891[21:42:10] <Caesar_NayKid> Yeah, im using the gnome
terminology probably, but there's a gui toggle
1892[21:42:11] <ratrace> if you don't configure it, it
won't be used. _however_ pci passthrough requires you to assign
the hardware to vfio-pci _before_ its regular driver grabs it
1893[21:42:58] <Caesar_NayKid> That's handled in the XML
when i power up the VM
1894[21:43:08] <Caesar_NayKid> And it works properly
1895[21:43:19] <ratrace> if it "works properly" ...
where's the problem?
1897[21:43:34] <Caesar_NayKid> I guess i need to
"unconfigure it" then from the host?
1898[21:43:53] <ratrace> also I doubt we're talking about
the same things, unless virt-manager/libvirt is capable of
reassigning pci devices to different drivers
1899[21:44:06] <ratrace> Caesar_NayKid: again, if "it works
properly" ... where's the problem?
1900[21:44:21] <Caesar_NayKid> The problem was described twice
above, Debian defaults to use that nic.
1901[21:44:37] <Caesar_NayKid> I turn it off so I don't risk
a conflict i assume
1902[21:44:46] <ratrace> I don't think you understand.... if
it WORKS PROPERLY ..... then what does NOT work properly?
1903[21:45:01] <jmcnaught> libvirt can reassign PCI devices. I
assign my second GPU to vfio-pci at boot, but I also pass an NVMe
and USB controller and libvirt just handles those.
1904[21:45:01] <ratrace> if you pci passthrough a device, then
the host cannot and won't use it
1910[21:46:22] <Caesar_NayKid> So, when I boot Debian, the intel
adapater grabs an IP address for Debian.
1911[21:46:45] <ratrace> Caesar_NayKid: so you see, either it
works properly (pci passthru'd to guest, host CANNOT use it) or
it does NOT (it's NOT pci-passthru'd to the guest, and the
host is using it). so which is it?
1912[21:46:47] <Caesar_NayKid> I click "turn off" in
the gui on that
1913[21:47:28] <ratrace> sorry I don't know what that means
or does. you'll have to be more specific with your config. show
examples of outputs and configs that you ahve and that don't
work as expected.
1916[21:48:18] *** Quits: jerry (~jerry@replaced-ip) (Ping timeout: 260 seconds)
1917[21:49:09] <jmcnaught> Caesar_NayKid: if you do not want the
host/hypervisor OS to use that Intel NIC at all, then you can assign
it to vfio-pci at boot so it will only be used by guests.
1918[21:49:31] <Caesar_NayKid> Thanks jmcnaught where do i do
that?
1919[21:49:39] <jmcnaught> Caesar_NayKid: "lspci -nnd
8086::0200" should list your Intel NIC with its PCI-ID (it will
start with 8086:)
1920[21:49:42] *** Joins: jerry (~jerry@replaced-ip)
1921[21:50:25] <ratrace> I literally said that and Caesar_NayKid
literally said "That's handled in the XML when i power up
the VM \n And it works properly"
1922[21:50:38] <jmcnaught> Caesar_NayKid: take that and make a
file in /etc/modprobe.d/ with contents "options vfio-pci
ids=8086:abcd" (replace abcd with actual values)
1926[21:51:36] <ratrace> eg... softdep <your_intel_module>:
vfio-pci you can add that in the same modprobe.d file
1927[21:51:52] <ratrace> (regular kernel *module)
1928[21:51:58] <jmcnaught> Caesar_NayKid: then add a line for
vfio-pci to /etc/modules. You might need to run
"update-initramfs -u"… or what I do is add
"modules-load=vfio_pci" to GRUB_CMDLINE_LINUX_DEFAULT in
/etc/default/grub
1929[21:53:24] <Caesar_NayKid> Hmm. Ok I screenshot all that so i
can read on those commands
1931[21:54:08] <Caesar_NayKid> Thought it might just be editing a
single config file but appears to be something new that i need to
spend some time with
1971[22:16:02] <jhutchins> Celmor[m]: *nic usually doesn't
care about file extensions (.conf) - it looks at the first word of
the data to see what it is.
1972[22:16:07] <oxek> Caesar_NayKid: probably don't use any
weird characters
1973[22:16:13] <oxek> spaces, etc.
1974[22:16:21] <Caesar_NayKid> Caesar.conf
1975[22:16:26] <greycat> There are several places where file
extensions matter.
1976[22:17:26] <oxek> greycat: one of the strangest places is
/etc/sudoers.d/, where a file must not have an extension if it is to
work
1977[22:17:33] <greycat> The C compiler front-end uses extensions
to decide what kind of file it's dealing with. Web servers use
extensions to decide the Content-Type on static files. Some config
directories require files to end with .conf.
1978[22:17:39] <EdePopede> saves some work by avoiding sniffing.
1979[22:17:45] <jmcnaught> Caesar_NayKid: do a favour to your
future self and include a note about the purpose of the file in a
comment
1980[22:18:16] <greycat> And yes, some config directories require
filenames NOT to contain dots, because .bak and .20210419 and so
forth generally mean backup copies.
1981[22:18:30] *** Quits: de-facto (~de-facto@replaced-ip) (Disconnected by services)
2026[22:32:11] <greycat> The worst that can happen is your
network interface won't work. If that happens, it won't
stop your system from booting, so you can just boot it up, undo your
change, and go back to how it was.
2037[22:35:04] <jmcnaught> What you are doing is also easy to
undo. If you run "lspci -kd ::0200" it will show you the
kernel driver module in use for your ethernet controllers. What you
are trying to do is replace the kernel driver module with vfio-pci
which dedicates the device for pass through to a virtual machine.
2038[22:35:19] <Caesar_NayKid> EdePopede: that sounds dope.. but
beyond my current skillset likely
2073[22:39:33] <greycat> Even simpler than "if the internet
doesn't come up" -- just write a snippet in rc.local which
will sleep for 10 minutes, then undo your change and reboot. If you
are able to login during those 10 minutes, then you kill that script
and remove it from rc.local.
2105[22:47:24] <sney> httpd is a recommendation, iirc. but it can
be nginx or whatever instead of apache, as long as you aren't
installing libapache2-mod-php
2106[22:47:25] <Foxfir3> how can apache be a depency? I know that
its not.
2124[22:50:38] <sney> jhutchins: try looking at the package, it
says Depends: libapache2-mod-php7.4 | php7.4-fpm | php7.4-cgi,
php7.4-common
2125[22:50:45] <sney> it's not a "bug" it's
just a weird/legacy choice.
2126[22:50:58] <Foxfir3> okay. debian-next. thanks. also, it
seems strange that a 'webserver' during the installation
is the apache webserver
2127[22:51:07] <sney> this is the same in buster, it's just
s/7.4/7.3/
2128[22:51:47] <sney> apache2 has the highest popcon score so
it's the default http server in debian. it's also the http
server that is used by debian web services.
2129[22:51:49] <sney> !popcon
2130[22:51:50] <dpkg> extra, extra, read all about it, popcon is
the Debian Popularity contest, the basis for what packages appear on
the first few CDs/DVDs etc (by rank). Install the popularity-contest
package to participate. See the results at
replaced-url
2155[22:57:46] <sney> Foxfir3: most instructions for installing a
webserver stack specify whether to install mod-php or php-fpm, if
someone is doing 'apt install php' with nothing specified
it might be assumed that they don't know what they're
doing, and need the most basic setup. which is apache and mod-php.
2156[22:57:47] <greycat> ordinary users *can't* restart cron
so it had to be designed without that need
2157[22:57:51] <sney> !invite only
2158[22:57:51] <dpkg> Many debian channels are on the OFTC
network (irc.oftc.net), *not* on freenode. If you try to join one
and you see "Cannot join (Channel is invite only)." it
means you did not read it's on irc.oftc.net. See also
replaced-url
2161[22:58:06] <sney> OFTC is a separate network, right now you
are on freenode.
2162[22:58:10] <Caesar_NayKid> Debian next is over there yeah
2163[22:58:43] <Foxfir3> sney: thanks. on the british freenode
2164[22:58:54] *** Quits: sinaowolabi (~Sina@replaced-ip) (Remote host closed the connection)
2165[22:59:16] <sney> and apache is still way more popular than
nginx in debian, see
replaced-url
2166[22:59:57] <greycat> Debian users tend to be very traditional
and resistant to changing.
2167[23:00:58] <Foxfir3> sney: depends on OS. im used to php just
install php. Installing nodejs doesnt install apache. And in fact
both Nodejs and php has built in servers. so its a design error to
have php run as a metapackage
2169[23:01:27] <acu> is anyone here having experience using nvme
in a RAIDZ for one year or close ? I am very confident on spining
disks - works years - but I did not use nvme or ssd in Raid for long
time and I want to create a RADZ with 3 NVME 2 TB each - and I do
not know if I need to go for enterprise or what is the cheapest nvme
2 TB that I could go with (or if you share whatever any one uses it
will be great)
2172[23:02:04] <jmcnaught> Foxfir3: maybe php-cli is what you
want then?
2173[23:02:09] <Foxfir3> sney: no biggie. just interesting that
when installing Debian it tries to lure the user into install Apache
webserver. so its not only under the php install.
2175[23:02:50] <sney> Foxfir3: there is no "lure"
it's just the most popular package. nobody is making a decision
to try to make you do something one way or another.
2178[23:03:38] <sney> Foxfir3: I agree that mod-php should
probably not be the first choice of php implementation, since even
in apache2, FPM is a better choice with better performance. but
there is no malice here, the apache/php maintainers are not trying
to trick you
2179[23:03:48] <sney> sane defaults are provided and you can
choose whether or not to follow them. that's it.
2181[23:04:26] <oxek> sney: should still probably be changed
2182[23:04:42] <Foxfir3> sney: almost. during Debian install, its
Apache is just named 'webserver'. No hint as to what
server will be installed.
2183[23:05:07] <Foxfir3> sney: its a leftover from the old days.
2184[23:05:20] <Caesar_NayKid> Uh oh. I entered the wrong target
path to do an rsync in cron (target directory does not exist) anyone
know if it will create it somehow or just fail?
2185[23:05:27] <Foxfir3> sney: fpm with Apache?
2186[23:05:29] <sney> Foxfir3: the debian install guide provides
the details of every single option in the debian installer, with
even more defaults available in the release notes. the installer
team assumes you will at least look at one or the other document
2187[23:05:54] <sney> yes, fpm with apache2 with the event or
worker mpm
2188[23:06:22] <Foxfir3> sney: thanks. will have to check that
out.
2189[23:06:23] <jhutchins> ,v php7
2190[23:06:24] <judd> No package named 'php7' was found
in amd64.
2191[23:06:26] <sney> speaking of "leftovers from the old
days", libapache2-mod-php hasn't been a good idea for a
production service in... 8 years/
2214[23:12:47] *** Quits: xet7 (~xet7@replaced-ip) (Remote host closed the connection)
2215[23:13:31] <sney> acu: try asking in #zfs as they have more
raidz users. but I have heard that solid state devices in general
are becoming very popular with raidz
2216[23:14:32] <Foxfir3> sney: found the solution
replaced-url
2217[23:14:33] *** Quits: catman370 (~catman@replaced-ip) (Quit: See you later..)
2218[23:15:08] <sney> Foxfir3: yes, as you can see the
instructions specify php-fpm. [14:57:45] <sney> Foxfir3: most
instructions for installing a webserver stack specify whether to
install mod-php or php-fpm
2222[23:15:50] <sney> using Sury's 3rd party repo makes no
difference in dependencies here, since Ondrej maintains the packages
for debian as well. they are practically identical except for
available versions/patch sets.
2223[23:16:08] <Caesar_NayKid> How can i check in the terminal if
cifs is installed?
2227[23:16:39] <Foxfir3> sney: not correct. installing php in a
traditional manner requires a private PPA. Basically a hack, while
it should be standard
2228[23:16:47] *** Quits: sinaowolabi (~Sina@replaced-ip) (Remote host closed the connection)
2229[23:17:03] <oxek> Caesar_NayKid: `apt list cifs-utils` would
show [installed] if it is installed
2233[23:17:52] <sney> Foxfir3: under php installation it says
quite clearly, "$ sudo apt install php php-fpm". this
would make php install fpm, which means mod-php is not installed,
and apache is not a dependency. it's the same in debian without
the ppa. feel free to try it with that exact command.
2270[23:28:16] <oxek> I have a separate question for anyone,
what's the correct way of calling this 'deb
replaced-url
2271[23:28:46] <Caesar_NayKid> Pretty sure, when i typed apt list
by itself it blew up the terminal I can't scroll back past
python3-report.. something
2282[23:30:48] <Caesar_NayKid> Thanks for being mostly patient
with me everyone. I know after a few hours of sifting through forums
and reddits of randoms i can find this info so appreciate you tryna
h.b.o.
2283[23:30:50] <oxek> primary works I guess
2284[23:31:00] <Caesar_NayKid> I have done some searches on apt
in general
2285[23:31:13] <Caesar_NayKid> Just still new to me.
2287[23:32:03] <Caesar_NayKid> Im aware I may have bit off alot
and jumped into the deep end so to speak but it's all working
great so far, i really am liking Debian.
2305[23:45:15] <oztunan> Not now. I mostly joined to observe. I
may have a question in the future. I've been a gnu/linux and
debian user for a long time.
2306[23:45:51] <sney> #987227 cc Foxfir3, oxek
2307[23:45:51] <oztunan> Lately I've decided to use debian
more exclusively.
2308[23:46:38] <oxek> sney: thank you
2309[23:46:45] <oztunan> I'm getting tired of instability
and commercialization.
2335[23:58:00] <Caesar_NayKid> So, im trying to mount a windows
share in Debian. This guide told me to make a file ~/.smbcredentials
to save the username and password in.
2336[23:58:11] <Caesar_NayKid> Where does it save that file?
2337[23:58:18] <Caesar_NayKid> ~/
2338[23:58:45] <sney> ~ is shorthand for your home directory
2339[23:58:47] <avu> Caesar_NayKid: the ~ refers to the current
user's home directory
2340[23:58:56] <sney> you can do 'ls -l ~' to see this
2341[23:59:06] <Caesar_NayKid> The file reference is
/home/username in the file but when i go there I don't see that
file
2342[23:59:18] <sney> and files that begin with . are hidden
2343[23:59:25] <avu> Caesar_NayKid: use -a with ls to see
"hidden" files