calxb | djph: The ISO files' dates never changed to anything after the incident last year. There a new refractainstaller that has a newer date, but it looks like it gets built by different folks. I took it on faith that the Devuan devs understand how the old installer is still secure, but it'd be nice to have some kind of explanation. | 00:03 |
---|---|---|
gnarface | well, it's not like the key was broken or leaked or anything like that | 00:09 |
gnarface | an expiration date is an arbitrary number you set when you create the key | 00:09 |
gnarface | it's no more or less secure than it was before it expired | 00:09 |
djph | nope | 00:11 |
mason | gpg --edit-key foo, expire, key 1, expire, trust, save | 00:15 |
golinux | calxb: Is this the key you are asking about? https://dev1galaxy.org/viewtopic.php?id=5213 | 00:17 |
golinux | That was a while ago. If yes . . . that is the correct explanation . . . | 00:17 |
calxb | I just don't understand how the installer doesn't need manually updating. Like, I've got a general idea that it's checking against that remotely got updated... but how that works without updating whatever's on the installer doesn't make sense to me. Like does the key depend on a remote file? Does the installer maybe have a Debian key that didn't expire? Sorry if I'm just low IQ or something, :-/. | 00:22 |
mason | calxb: You can still authenticate an expired key. | 00:24 |
gnarface | yea, to be clear the check for whether it is valid is separate from the check for whether it's expired | 00:27 |
calxb | Ok, well that gives me more to think about and read up on. It still all feels a bit weird, but a bit less so. | 00:29 |
gnarface | also keep in mind that policies about strict key rotations are in part intended for an environment where there's lots of keys and they can't be readily recognized by eye, which isn't really the case here | 00:32 |
calxb | So like... does the key on the installer contain the expiration date within key file itself on the installer? If that is the case, does it not check the expiration date before connecting to the internet to download updates? Like... I understand that a sufficiently resourceful adversary could theoretically compromise a key either without the owner's knowledge or under threat, and that wouldn't even show up glaringly like an accidental expiration, but just | 00:50 |
calxb | like, how the installer goes on working... *feels* like some kinda slight of hand, lol. | 00:50 |
gnarface | if i recall right, the key is not involved in package downloads, only in verifying them after download | 01:08 |
gnarface | and even after the key is expired, those packages that were signed by it, are all still signed by it | 01:10 |
gnarface | your theoretical attacker would also have to be in control of your DNS servers | 01:11 |
Xenguy | calxb, s/slight/sleight | 02:53 |
Xenguy | gnarface, I have so little knowledge of keys, I just need to trust whoever is supposed to know about this high-level stuff | 02:55 |
Xenguy | Obviously it's crucial to secure our packages etc. | 02:56 |
rwp | dgriffi, The linode lish tool works by connecting the "screen" utility to the KVM serial port console. To support this in the VM the system needs to be running a getty on the /dev/ttyS0 serial line. | 05:17 |
rwp | On your linode run "ps -ef | grep ttyS0" and hopefully see something like this "/sbin/agetty --noclear ttyS0" running. If not then that is the problem. | 05:18 |
rwp | On a sysvinit system that will be configured in /etc/inittab with something similar to "1:2345:respawn:/sbin/agetty --noclear ttyS0". | 05:19 |
rwp | The "--noclear" is probably my local addition to fix a change that happened some time ago which annoying clears the screen removing all error messages from the console, in the name of security, to save the children! | 05:19 |
dgriffi | rwp: so it sounds like the problem reported just has to do with a getty being run on /dev/ttyS0 or not... | 06:15 |
rwp | dgriffi, I think so. I think that if lish is not working then there is no getty on the first serial port ttyS0. Normally sysvinit's /etc/inittab is configured to start it. But if runit or other init is used then the other init will need appropriate configuration to start a getty there. | 07:23 |
tomtmym | hello i have problem resolving deb.devuan.org | 13:56 |
tomtmym | getting error 'Temporary failure resolving 'deb.devuan.org'' after trying to 'apt update' | 13:56 |
tomtmym | i saw on forum there is fix with dnscrypt but i do not know how to do that | 13:57 |
brocashelm | tomtmym: sounds like a mirror that's down or refusing connections from your ip. have you tried a specific mirror to see if it's you or them? | 14:03 |
brocashelm | i just ran an apt update and got no errors | 14:03 |
brocashelm | onefang might know | 14:04 |
tomtmym | brocashelm: im using the deb.devuan.org in sources.list | 14:09 |
rrq | root@duddles:~# | 14:11 |
brocashelm | tomtmym: that's the round-robin. it fetches a random mirror each time. could you copy and paste the output on a paste site and link it here? | 14:13 |
lennfart | Uncuck yourself from the SystemGlobe worldview! Come to #devuan-flatearth for the TRUTH about Earth and vaccines! | 14:13 |
tomtmym | brocashelm: deb http://deb.devuan.org/merged chimaera main non-free contrib | 14:17 |
onefang | 'Temporary failure resolving 'deb.devuan.org'' that's a DNS error, not a mirror error. Likely your local DNS resolver. | 14:18 |
tomtmym | and after i run 'apt update' it says it can't fetch it and i checked i cant access 'deb.devuan.org' in browser | 14:18 |
brocashelm | ran without problems for me | 14:18 |
brocashelm | check your DNS resolver | 14:18 |
onefang | Or you can pick a specific mirror from https://pkgmaster.devuan.org/mirror_list.txt one that is close to you. | 14:19 |
* onefang adds one to that list. | 14:20 | |
tomtmym | onefang: thanks, just switched to a specific mirror and now it works | 14:20 |
tomtmym | i got another question, why can't i find php8.1 when searching for it? | 14:21 |
brocashelm | because chimaera was released in 2021 and debian's php then was 7.4 | 14:23 |
brocashelm | you can either upgrade to daedalus (it's technically stable as bookworm has been released) or use a third-party repo supporting chimaera: https://dev1galaxy.org/viewtopic.php?pid=41211#p41211 | 14:26 |
brocashelm | you would need to add this to your sources.list file: deb https://pkgs.tdrnetworks.com/apt/devuan chimaera main | 14:27 |
lennfart | BASED | 14:46 |
Guest14 | I have a strange wifi problen with devuan daedalus on a T480: wifi card is intel 8265, firmware is loaded without error, but I cannot connect to any accesspoint. (The image I used workes perfectly fine on a T460s and T470). Wifi works using devuan daedalus deskop live iso - so the hardware is fine. What's interesting: Any usb wifi dongle I tried | 19:51 |
Guest14 | does not work,either. Can anybody come up with a clue where to look next? | 19:51 |
gnarface | Guest14: weird... though if the live one works and the regular install doesn't, it's probably just a missing package. i would diff the package lists for both | 19:57 |
gnarface | for example there are several free firmware packages in addition to the one non-free package you got for the wifi. perhaps you're missing one of them? or maybe something even more obvious like wpasupplicant perhaps? | 19:58 |
gnarface | if you diff the "dmesg" output of both, taken from right after boot it also might provide some clues | 19:59 |
Guest14 | There is nothing in dmesg, it's exactly the same as on the live iso (and on the t470). | 20:00 |
Guest14 | I can scan for networks "iwlist scan" and I get the APs near by. But I don't see them in the network manager | 20:02 |
Guest14 | nmcli says "not available" for wlan0 | 20:03 |
Guest14 | but it's not blocked (rfkill) | 20:03 |
gnarface | hmm... what about your user's groups? | 20:03 |
Guest14 | I'm quite alone in the desert :) | 20:04 |
gnarface | is there a difference with what the output of "groups" reports on the live and regular installs? | 20:04 |
Guest14 | no, its a 1:1 image | 20:04 |
gnarface | yea, diff the package lists | 20:04 |
gnarface | i can't think of anything else it could be | 20:04 |
gnarface | if you show me the diff maybe i can make a guess | 20:05 |
Guest14 | diff from packages in disktop iso and my image? | 20:05 |
gnarface | yea, run "dpkg --get-selections > packages.log" on each, then run diff on both those files at once | 20:07 |
gnarface | you'll have to find some way to copy the log file from one to the other install first, i don't want to insult you by suggesting you don't know how if you do, but feel free to ask if you need help. | 20:09 |
gnarface | i'm sure the diff will have a lot of differences but i might be able to see something conspicuously missing | 20:10 |
gnarface | so you can take the diff output and paste it at paste.debian.net and show me the link here, or you can just /msg it to me and be patient | 20:11 |
Guest14 | I'm on it ... | 20:11 |
gnarface | don't just paste it all in channel because you might get auto-kicked for flooding | 20:11 |
Guest14 | :) | 20:12 |
gnarface | Guest14: just out of curiosity, can you think of anything differnet you might have done with the network configuration between the two? i know that if you populate /etc/network/interfaces it can cause conflicts with network-manager, but i don't use network-manager so i'm vague on specifics | 20:17 |
Guest14 | nothing. I just did a 1:1 copy of the drive, no changes at all. | 20:19 |
gnarface | wait, by copy of the drive, you mean you made a regular install by copying the mounted unionfs live image while booted??? you didn't use the regular netboot installer or something to do the non-live install? | 20:20 |
Guest14 | no no no :) | 20:21 |
Guest14 | I have a disk image of the system that goes to the laptops. | 20:22 |
gnarface | oh, i see | 20:22 |
gnarface | and it worked on another laptop | 20:22 |
Guest14 | yes | 20:22 |
Guest14 | it just does not work on the t480 | 20:22 |
gnarface | yea, that's freaking weird but i still have to assume it's a package missing. in theory it could be a kernel build difference but i'd expect some dmesg difference too in that case | 20:23 |
Guest14 | comming, I just did the diff ... | 20:23 |
Guest14 | https://paste.debian.net/1285633/ | 20:25 |
gnarface | looking... | 20:25 |
gnarface | which one is the live image, left or right? | 20:25 |
Guest14 | diff packages-from-image.log packages-from-live-iso.log | 20:26 |
gnarface | ok | 20:26 |
gnarface | wpasupplicant is present on both these installs? | 20:26 |
Guest14 | yes | 20:27 |
gnarface | Guest14: ok, first conspicuous things i see: | 20:28 |
gnarface | - the live image has some avahi stuff you don't have on the regular install | 20:29 |
gnarface | - the live image has several firmware packages you don't have on the regular install | 20:29 |
gnarface | - the live image seems to have network-manager-gnome instead of network-manager-tde | 20:29 |
Guest14 | I use nmcli for testing, no gui involved | 20:29 |
gnarface | i don't know network manager well enough to know if that matters or not, but i do recall that switching to network-manager-gnome fixed a similar problem for someone else around here recently | 20:30 |
Guest14 | from nmcli? | 20:31 |
Guest14 | ... not that I like networkmanager a lot | 20:31 |
gnarface | i don't think they were using nmcli but they were still using network-manager, i don't know if it matters. i don't see anything else particularly conspicuous but stick around and see who else you can get to look at this. | 20:31 |
Guest14 | that's exactly my problem. | 20:32 |
gnarface | you said you were sure these are both daedalus right? | 20:32 |
Guest14 | yes | 20:32 |
gnarface | and the regular install is using the stock kernel? | 20:32 |
gnarface | not a custom kernel build, right? | 20:32 |
Guest14 | what strikes me most: on the t480 even usb wifi does not work | 20:33 |
Guest14 | no, stock kernel | 20:33 |
gnarface | yea, the fact it's not related to specific hardware suggests it's likely a problem with something in userspace missing an important package | 20:34 |
Guest14 | but shouldn't t470 and others be also affected? | 20:34 |
gnarface | hmm, yea what would the difference be that could cause that.... | 20:35 |
gnarface | really the only possible culprits i can think of given your testimony is something related to avahi or network-manager... and i definitely see relevant differences in those packages that are only on the live image part | 20:36 |
gnarface | if it does turn out to be avahi it could be something a subtle as a difference in hotplug features on the different hardware | 20:36 |
gnarface | (avahi will react to jack detection events if the hardware&drivers support it, but not all do) | 20:37 |
gnarface | now, avahi shouldn't be required, but maybe in this case it's glossing over some other undiagnosed issue such as this | 20:37 |
gnarface | < beneath-a-steel-skyinstall (nice!) | 20:38 |
Guest14 | :) | 20:38 |
Guest14 | the avahi differences I see are | 20:40 |
Guest14 | > avahi-autoipd install | 20:40 |
Guest14 | > avahi-utils install | 20:40 |
Guest14 | > libavahi-glib1:amd64 install | 20:40 |
Guest14 | the first is a PITA | 20:40 |
gnarface | yea, other than that i'm outta ideas. maybe show this to fsmithred, he makes the live images, so maybe he might know why it works. | 20:40 |
Guest14 | ok | 20:42 |
gnarface | seems like you're using the same dhcp client on both? have you checked the /var/log/daemon.log for any info? maybe if you turn on debugging in wpasupplicant it might leave some clues | 20:43 |
Guest14 | ah, that's a hint. | 20:44 |
Guest14 | I'll tke a look, will take some time ... | 20:44 |
gnarface | no rush | 20:45 |
gnarface | if i'm afk when you say something, just make sure you use my nickname and i should get the message when i come back | 20:46 |
Guest14 | I hate it. Looks like the transfered system image has some bits flipped, wpa_supplicat is damaged ... thank you for your time, that helped a lot! | 20:54 |
gnarface | no problem | 20:56 |
Guest14 | ... and now after reinstalling wpasupplicant that t480works ... | 20:59 |
gnarface | cool, glad to hear it | 20:59 |
gnarface | how did you do the transfer? | 21:00 |
Guest14 | rsync | 21:00 |
gnarface | oh, hmm. that should have been fine. i was gonna make some suggestions for dd if you had used that, because there's a lot of bad advice swirling around it. | 21:01 |
Guest14 | the image is a gpt partitioned disk or 235gb, the target had 1tb, so no lick with dd in these modern times :/ | 21:02 |
Smilex | Hey! Can I use the devuan repositories to get the newest nvidia driver? I only get 470, while the nvidia website is on 510 | 23:37 |
gnarface | don't stick around to wait for an answer or anything | 23:46 |
Smilex | Ok, I tried installing nvidias newest driver from their website, but it says a nvidia modeset driver is already loaded and then fails | 23:48 |
gnarface | well that was a mistake | 23:48 |
Smilex | I don't think it did anything | 23:48 |
gnarface | alright then | 23:49 |
Smilex | but how do I get to driver 515? | 23:49 |
Smilex | 510 actually | 23:49 |
gnarface | you don't, apparently, but 525 is in daedalus (bookworm) | 23:49 |
Smilex | noooo! But I can't play my new game | 23:49 |
gnarface | the current stable, chimaera, is actually debian's oldstable | 23:49 |
gnarface | but daedalus is pretty solid, you can probably use it safely | 23:50 |
Smilex | it says DirectX 11 isn't supported | 23:50 |
gnarface | look, if you want to do it the safe way, i'd recommend making a backup then upgrading to daedalus | 23:50 |
Smilex | can I do it without a backup? | 23:51 |
gnarface | (you probably wont need the backup, but just out of an abundance of caution) | 23:51 |
Smilex | Meh, I feel I need an excuse to ruin this computer | 23:51 |
gnarface | if you want to do it the reckless way, just exit your window manager, shut down any graphical login manager you've got installed, unload all the nvidia drivers, remove all the nvidia driver packages, then just run nvidia.com's ridiculous shell script | 23:52 |
Smilex | the Windows 7 partition doesn't work and I have devuan installed inside Ubuntu. I'm not happy about it | 23:52 |
Smilex | gnarface: but getting the daedalus version is also an option? | 23:52 |
gnarface | sure, but i wouldn't recommend installing it in chimaera | 23:53 |
gnarface | i'd recommend upgrading everything all the away to daedalus | 23:53 |
Smilex | yeah, that's what I think I'll do | 23:53 |
Smilex | how? | 23:53 |
gnarface | come now, Smilex, certainly i've taught you this before | 23:54 |
Smilex | I might remember. I change the sources.list? | 23:54 |
gnarface | yes, change "chimaera" to "daedalus" in your /etc/apt/sources.list, then run "apt-get update && apt-get dist-upgrade" | 23:54 |
gnarface | if you didn't frankenstein your install too badly with all that ubuntu stuff it'll probably work | 23:54 |
Smilex | and I guess I shouldn't have backports on deadalus? | 23:54 |
gnarface | i don't think there even are any daedalus backports yet | 23:55 |
gnarface | but no | 23:55 |
gnarface | regular daedalus has 525.105.17 | 23:55 |
gnarface | fyi you can check package versions at pkginfo.devuan.org | 23:55 |
gnarface | you should know by the way i eventually switched to AMD over this shit | 23:56 |
gnarface | the experience is significantly improved over all, and only a few games really seem to have problems with it | 23:57 |
gnarface | (planetary annihilation: titans) | 23:58 |
Smilex | I think I have 8 gigs left on this HDD, and the update is 6.2 gigs. Can that cause an issue with it begin that close? I will uninstall some steam games, but I don't want to do it before | 23:58 |
Smilex | or am hoping I can skip | 23:58 |
Smilex | gnarface: a new gpu is not in my budget at the moment :D | 23:59 |
gnarface | is that 6.2 gigs not including packages replaced? | 23:59 |
gnarface | i wouldn't normally expect it to actually take extra space | 23:59 |
Smilex | it says 6.2 additional space | 23:59 |
gnarface | not by much anyway | 23:59 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!