systemdlete3 | bluetooth applet finds my earbuds but can't connect. | 04:51 |
---|---|---|
testcat | could vim please alias :Wq to :wq | 07:04 |
testcat | so sick of that | 07:04 |
EHeM | A kind of significant security hole should be a higher priority than it seems to be... | 07:56 |
CheesyPastries | I just installed Devuan but I'm having an issue checking for updates "sudo apt-get update" gives back an error about an invalid signature and says that the repo isn't signed. | 08:58 |
CheesyPastries | Is this an issue on my end or is there a problem with the repo atm? | 08:58 |
sixwheeledbeast | i doubt it would be the repos | 08:59 |
CheesyPastries | I feel the same on that but I wanted to double check if others were having the issue or how I might resolve it on my end | 09:01 |
golinux | CheesyPastries: Did you download the latest key? | 09:04 |
CheesyPastries | Nope, how would I do that? | 09:05 |
CheesyPastries | Searching around it looks like I might be able to just force the install of "devuan-keyring" but that seems like a chicken and the egg problem since it'd be the only thing verifying itself | 09:13 |
sixwheeledbeast | Well yes a typical public key crypto situation. It unlikely to be an issue but I suppose they maybe hosted somewhere you can download via https? | 09:23 |
sixwheeledbeast | It should already be installed so just upgrade that one package first | 09:24 |
onefang | How did you install Devuan, and which version? | 09:33 |
debdog | if anything else fails, get it at http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/ and dpkg -i it | 09:33 |
CheesyPastries | onefang I installed Devuan in a FreeBSD jail via it's compatibility layer following this guide -> https://forums.freebsd.org/threads/setting-up-a-debian-linux-jail-on-freebsd.68434/ | 09:42 |
onefang | Hmmm, I wonder what your /etc/apt/sources.list looks like? | 09:43 |
CheesyPastries | Only one entry: "deb http://deb.devuan.org/merged stable main" | 09:44 |
CheesyPastries | Also Chrome refuses to allow me to go to the dev.devuan.org site | 09:44 |
onefang | Ah, that web page is specific to Devuan, so that's good. Try what sixwheeledbeast suffested. | 09:45 |
CheesyPastries | Attempting to force the install of the keyring package leads to perl complaining about locale, dpkg complaining (about things the guide mentions) and the install failing | 09:46 |
onefang | apt-get install devuan-keyring --allow-unauthenticated | 09:47 |
CheesyPastries | Fails with the same perl error | 09:49 |
onefang | "export LANG=C.UTF-8" might help with the locale thing. | 09:49 |
golinux | CheesyPastries: If you are using "stable+ (our ASCII) in your sources list it is pulling from Debian Buster (stable) | 09:49 |
golinux | - + | 09:49 |
golinux | So you have nixed two different stable releases. | 09:49 |
golinux | mixed | 09:50 |
onefang | I was gonna get to that golinux. B-) | 09:50 |
golinux | You need to always use the release name in Devuan sources because we are not always in sync with the Debian cycle | 09:50 |
CheesyPastries | Should I change that now or wait until we figure out how to get the devuan keyring installed? | 09:52 |
onefang | The guide CheesyPastries is following uses debootstrap, inside a FreeBSD jail, and was written December 2018, back when stable was the same. But yeah, change "stable" to "ascii" in your sources.list. | 09:52 |
CheesyPastries | I've made the change to my list | 09:53 |
CheesyPastries | The perl error is gone after exporting LANG variable. The only 2 errors remaining that could explain why it won't install is rmdir complaining about failing at removing /var/run | 09:55 |
CheesyPastries | and dpkg complaining about base-files which I'd probably expect to happen based on the guide | 09:55 |
onefang | If /var/lun didn't actually exist, rmdir will complain about not being able to remove it. | 09:57 |
CheesyPastries | The problem is that it's not empty | 09:58 |
onefang | Ah, might be left overs from a previously aborted run. | 09:58 |
CheesyPastries | crond.pid crond.reboot motd.dynamic rsyslogd.pid | 09:59 |
CheesyPastries | I could rm -f them and see if that fixes something (or breaks something). | 10:00 |
onefang | I was about to suggest that. | 10:00 |
onefang | Likely the previous run that errored out due to lack of the key didn't get around to rming /var/run, so you had left overs on the second run. | 10:01 |
CheesyPastries | The keyring finally installed | 10:02 |
golinux | Yea! | 10:02 |
onefang | Yay! | 10:02 |
CheesyPastries | However it's strangelly still complaining that the repo isn't signed | 10:03 |
* golinux is kind of in and out of this channel working on the point release documentation | 10:03 | |
CheesyPastries | Maybe the actual adoption of the keyring didn't go through and I can force apt-get to add it? | 10:04 |
onefang | Maybe it just got itself in a right royal mess, and you might have to clean it all out and start from scratch? Or try that. | 10:04 |
CheesyPastries | Starting from scratch might be the answer. It's only a jail afterall. I'll try forcing the key but otherwise I'm going to bed. It's too late to be fighting ghosts especially ones in this weird of a machine | 10:05 |
onefang | Fair enough. | 10:05 |
CheesyPastries | Didn't work | 10:07 |
CheesyPastries | I'll try again after a night's sleep and maybe then I won't have to retype every message multiple times to fix dumb typos | 10:07 |
onefang | And hopefully you'll remember the fixes you already discovered. B-) | 10:08 |
CheesyPastries | I shall ctrl+c, ctrl+v to be sure | 10:08 |
onefang | G'night, have cheesy dreams. | 10:09 |
CheesyPastries | I will do my darnedest to have Gouda dreams for you | 10:10 |
gnarface | CheesyPastries: you re-ran "apt-get update" after forcing the keyring package install? | 10:10 |
CheesyPastries | yes | 10:10 |
gnarface | hmm, yea i dunno then. you might have hosed it using the "stable" alias though | 10:10 |
onefang | CheesyPastries left, went to bed. | 10:11 |
onefang | And I'm off to start cooking dinner. | 10:12 |
filipdevuan_ | anybody knows if Leah from minifree is alive and dealing with minifree orders?? | 11:55 |
filipdevuan_ | oh sorry wrong chat | 11:55 |
jackman | good morning | 15:35 |
jackman | welcome, fluffywolf | 15:39 |
jackman | welcome, furrywolf | 15:40 |
furrywolf | heyas | 15:40 |
jackman | how's it going? | 15:40 |
furrywolf | meh. meh is always the answer. | 15:41 |
jackman | lol | 15:41 |
jackman | i've been up since 0500 MT. i couldn't sleep. | 15:41 |
jackman | i've been watching burger videos on youtube. i'm thawing some meat for a burger marathon. | 15:42 |
jackman | i can't eat raw onions, anymore, but i just saw an amazing thing. i need to try a pickled onion relish. | 15:45 |
furrywolf | I like onions. | 15:45 |
jackman | that's the killer, man. | 15:45 |
jackman | onions are wonderful | 15:45 |
furrywolf | brb | 15:53 |
golinux | jackman: Please chat on #debianfork | 17:35 |
golinux | This is a support channel | 17:35 |
CheesyPastries | I'm back after getting some sleep | 17:48 |
Kjetil | Can I use the boot.img file from debian to launch a devuan netinst from a USB drive? | 18:23 |
Kjetil | nvm | 18:32 |
EHeM | There appears to be a kind of urgent security issue right now that really kind of needs to be fixed... | 18:46 |
onefang | EHeM: You have said that a couple of times, giving some details might help. | 20:06 |
Kjetil | I am guessing he is refering to this one: | 20:08 |
Kjetil | https://linux.slashdot.org/story/19/10/19/0057209/unpatched-linux-bug-may-open-devices-to-serious-attacks-over-wi-fi | 20:08 |
EHeM | onefang: You can always look at the IRC logs, but apache2 got a security update announced either 15th or 16th, and Devuan-amd64 is missing the update (other architectures have it). | 20:09 |
EHeM | Seems it is a minor security item (the original patch for CVE-2019-10092 was incorrect and broke balancer-manager), but the trend of security updates getting delayed for Devuan is rather scary. | 20:22 |
golinux | EHeM: Feel free to dive in and find what is not functioning properly in amprolla3 | 21:10 |
CheesyPastries | onefang I'm back from my nap and things are still weird with my Devuan jail. I reinstalled it making some small changes to see if they'd fix the problem but despite the keyring being installed it's still complaining about the packages not being signed | 21:41 |
CheesyPastries | Also I should mention that there is a problem with the HTTPS version of the package site. I think the certificate was issued to packagesite.devuan.org or something similar and not deb.devuan.org. It's makes my browsers a bit angry | 21:42 |
golinux | CheesyPastries: Not all mirrors use https, https://pkgmaster.devuan.org/mirror_list.txt | 22:02 |
golinux | I've never had a problem | 22:03 |
CheesyPastries | My browser doesn't complain about the pkgmaster site but it definitely does for the deb site. | 22:10 |
CheesyPastries | Only if I try to connect with https though | 22:11 |
CheesyPastries | Chrome completely blocks it and Firefox will allow me through if I press | 22:11 |
EHeM | golinux: You want everyone to start saying "Devuan's doesn't care about security at all"? | 22:26 |
gnarface | EHeM: they're 3rd party repos, and some of them have broken https because of hard limitations of https and the fact they're mirrors for multiple domains (many were already mirrors for other distros like debian) | 22:30 |
gnarface | there's nothing that devuan can do about that | 22:30 |
specing | hard limitations? Like, what? | 22:31 |
gnarface | you've never administered a webserver? | 22:32 |
specing | I have, that is why I wonder what the hard limitation might be | 22:32 |
gnarface | the 1-ip limitation of https | 22:32 |
gnarface | 1 ip per domain | 22:32 |
gnarface | unless you ditch support for all the browsers before ie7 or something like that | 22:33 |
specing | Uh, what? | 22:33 |
gnarface | yea it's a real thing | 22:33 |
gnarface | it's not an issue for the mirrors that are only hosting devuan | 22:33 |
gnarface | well i don't evne know that for sure | 22:34 |
gnarface | some of them may just be lazy | 22:34 |
specing | https://en.wikipedia.org/wiki/Server_Name_Indication | 22:34 |
gnarface | but for the ones that host multiple repos, they have an excuse | 22:34 |
specing | Internet Explorer Web browser Yes Since version 7 on Vista (not supported on XP) 2006 | 22:34 |
specing | supported for 13 years it seems | 22:34 |
specing | Maybe it is time to ditch support for all browsers before ie7? | 22:34 |
gnarface | not devuan's call, and it's not quite that simple either. there are security implications | 22:35 |
gnarface | it's not something you'd want to do unless you have a controlled environment | 22:35 |
EHeM | gnarface: I suspect either you or your client is mixing people up. | 22:35 |
gnarface | i see EHeM and specing both making an argument that devuan doesn't care about security because 3rd party repos won't do what you want | 22:36 |
gnarface | but neither of you seem to know they're 3rd party repos, or that there are hard limitations of https | 22:37 |
Jjp137 | um it isn't a third-party repo; apache2 is behind on amd64 on pkgmaster | 22:37 |
specing | s/security/privacy/ | 22:37 |
gnarface | pkgmaster isn't one of the ones having the problem though | 22:37 |
specing | security is provided by signing/checksums | 22:37 |
gnarface | or did i miss something new about pkgmaster https going down? | 22:37 |
EHeM | gnarface: Non-HTTPS mirrors are Bad IMO, but that isn't an urgent issue for which someone might say "Devuan doesn't care about security". | 22:38 |
specing | Isn't it obvious that mirrors are 3rdparty? | 22:38 |
specing | Not sure why you accuse us of not knowing this | 22:39 |
Jjp137 | gnarface, see here (until roughly 21:42): http://maemo.cloud-7.de/irclogs/freenode/_devuan/_devuan.2019-10-16.log.html#t2019-10-16T21:04:55 | 22:39 |
gnarface | why | 22:40 |
gnarface | what do i need to read from that Jjp137? | 22:40 |
gnarface | you all still have not convinced me i've misunderstood your argument | 22:40 |
gnarface | it seems more like you're moving the goal posts | 22:40 |
Jjp137 | b/c you said that pkgmaster isn't one of the ones having the problem | 22:41 |
Jjp137 | actually wait what are we talking about again? | 22:41 |
gnarface | it's not having the problem | 22:41 |
gnarface | i can hit pkgmaster with https://pkgmaster.devuan.org/ | 22:41 |
Jjp137 | no I mean the package version | 22:41 |
Jjp137 | unless we weren't talking about hat | 22:41 |
Jjp137 | that* | 22:41 |
gnarface | that won't work for all the mirrors in the deb.devuan.org round-robin, that's what i was talking about | 22:41 |
gnarface | just that some of the deb.devuan.org round-robin mirrors don't have https set up at all, or don't have it set up for deb.devuan.org at least | 22:42 |
gnarface | worse, some of them may still have it set up for deb.devuan.org, but with a https key that isn't valid for that domain | 22:42 |
gnarface | Jjp137: if you were also complaining about something in the repo being the wrong version, i missed that entirely. | 22:44 |
Jjp137 | okay now I see; gnarface, did you intend to reply to CheesyPastries instead about 34 minutes ago? | 22:44 |
Jjp137 | and uh I think EHeM brought that up | 22:44 |
gnarface | well it was more EHeM i was responding to, but yea it seems they were both complaining about the https domain issue | 22:44 |
CheesyPastries | I wasn't complaining so much as making sure you guys were aware | 22:45 |
gnarface | it is a well known issue | 22:45 |
CheesyPastries | I have HTTPS everywhere and it caused me to get completely blocked from the site because it wouldn't disable and let me go to the non-HTTPS version | 22:45 |
gnarface | CheesyPastries: if you really need or want https you're currently advised to pick a mirror that has it set up right | 22:45 |
Jjp137 | okay yeah so if you want HTTPS, pick a mirror that supports HTTPS and use that in your sources.list | 22:45 |
gnarface | CheesyPastries: some of the mirrors in deb.devuan.org don't have https set up right but there's basically nothing that can be done about it without shelling out cash for new ssl keys, new ip addresses, and whatever their admin staff's costs/salary are. | 22:46 |
gnarface | CheesyPastries: volunteers, you know? | 22:47 |
CheesyPastries | HTTPS wasn't really my issue. My issue is that apt-get keeps saying that there are invalid signatures and that the repo isn't signed even after managing to get devuan-keyring installed | 22:47 |
gnarface | CheesyPastries: this is still that install that's half ascii and half beowulf? i'd check version mismatches on your gpg stack | 22:47 |
gnarface | my guess is it will probably work again if you can get the relevant packages to be all beowulf or all ascii | 22:47 |
CheesyPastries | I reinstalled it following that guide but changed it to the build to ascii from the start to see if I could avoid getting the wrong packages. | 22:48 |
gnarface | and you had the same exact issue still??? | 22:48 |
CheesyPastries | Seems so | 22:49 |
gnarface | well that's weird | 22:49 |
CheesyPastries | Is there a way to check if all the packages are from the right version? | 22:49 |
gnarface | apt-cache policy maybe | 22:49 |
CheesyPastries | I don't know how debootstrap works internally, it could still be messing up somewhere when it chooses packages | 22:49 |
gnarface | debootstrap would have used whatever you fed it on the command-line... | 22:50 |
gnarface | i don't know what it's default sources.list would have looked like though | 22:50 |
CheesyPastries | I altered the debootstrap command to use ascii instead of stable and made a copy of the script for stable that it uses but replaced the keyring with devuan-keyring (not that it matters because apparently it complains regardless). | 22:51 |
CheesyPastries | When I checked sources.list it was using deb.devuan.org/merged stable main | 22:51 |
CheesyPastries | Correction | 22:51 |
CheesyPastries | It was using "deb.devuan.org/merged ascii main" like expected | 22:52 |
CheesyPastries | I changed it to pkgmaster.devuan.org to test if it was somehow related to the https issue (it wasn't) | 22:52 |
CheesyPastries | So the reinstall should've used the correct packages | 22:52 |
gnarface | so lemme get this clear | 22:53 |
gnarface | you reinstalled the host system, or just the chroot? | 22:53 |
CheesyPastries | BTW, apt-cache policy -> "100 /var/lib/dpkg/status release a=now 500 https://pkgmaster.devuan.org/merged ascii/main amd64 Packages release v=2.0,o=Devuan,a=stable,n=ascii,l=Devuan,c=main,b=amd64 origin pkgmaster.devuan.org" | 22:54 |
CheesyPastries | I reinstalled the chroot/jail | 22:54 |
CheesyPastries | completely deleted the previous one, recreated, used modified debootstrap command | 22:54 |
gnarface | so the error you're complaining about came from inside the chroot or outside it, or both? | 22:54 |
CheesyPastries | Inside the chroot | 22:54 |
gnarface | but not while actually running the debootstrap? just after chrooting into it to use apt? | 22:55 |
CheesyPastries | https://forums.freebsd.org/threads/setting-up-a-debian-linux-jail-on-freebsd.68434/ | 22:56 |
gnarface | that's not an answer to my question | 22:56 |
CheesyPastries | I'm typing :P | 22:56 |
gnarface | please don't make me open a browser to get a simple yes/no answer to that question | 22:56 |
CheesyPastries | Following this guide, I ran debootstrap for the initial structure and packages, dpkg to configure the packages, then moved into the chroot/jail and am using apt from within | 22:58 |
gnarface | so the host system is actually freebsd? that's new info... | 22:59 |
CheesyPastries | Edit: I ran dpkg from within the chroot/jail as well | 22:59 |
Jjp137 | it might be worth nothing that debootstrap was forked by Devuan and I don't know what changes the FreeBSD port of debootstrap does (if any) | 22:59 |
Jjp137 | noting* | 22:59 |
CheesyPastries | gnarface Sorry I thought I mentioned it earlier | 22:59 |
CheesyPastries | I talked with others last night about it as well | 23:00 |
gnarface | CheesyPastries: was this about you trying to backport mysql-workbench from ceres, or was that someone else? | 23:14 |
CheesyPastries | Someone else. I'm trying to get Devuan running within a FreeBSD jail so that I can use it as the basis for some other linux applications | 23:15 |
CheesyPastries | FreeBSD doesn't have every package that I'd like to use | 23:15 |
gnarface | alright, i did get YOU confused with someone else then, but unfortuantely that doesn't add any insight here | 23:16 |
CheesyPastries | Unfortunate | 23:18 |
gnarface | CheesyPastries: you used the freebsd debootstrap, but it worked? | 23:24 |
gnarface | or seemed to work, anyway? | 23:24 |
gnarface | CheesyPastries: do i understand this right that you had to run "debootstrap --foreign --arch=amd64 stable /opt/jails/devuan http://deb.devuan.org/merged/" with "stable" in there not "ascii" ? | 23:27 |
gnarface | or were you able to run this debootstrap command as "debootstrap --foreign --arch=amd64 ascii opt/jails/devuan http://deb.devuan.org/merged/" ? | 23:27 |
CheesyPastries | I ran previously ran it with stable, but this time I ran it with ascii. It required me creating a duplicate script of stable but it did change the sources.list file at the very least | 23:33 |
gnarface | hmm | 23:33 |
gnarface | well it is the repo that interperets that "stable" or "ascii" flag, so i wonder if you still got fed a copy of beowulf and that's somehow the problem here | 23:34 |
gnarface | i think that howto you're following is from before debian stepped their "stable" up to a release ahead of devuan's, isn't it? | 23:34 |
CheesyPastries | Dec, 2018. So 11 months ago | 23:35 |
gnarface | so yea, for sure | 23:38 |
gnarface | buster was released by debian this year, about 4 months ago or so | 23:40 |
gnarface | since then, their repos return buster packages for stable instead of stretch packages | 23:41 |
gnarface | stretch corresponds to ascii | 23:42 |
gnarface | buster corresponds to beowulf | 23:42 |
golinux | gnarface: onfang and I explained this to CheesyPastries about 12 hours ago. | 23:47 |
golinux | onefang | 23:47 |
golinux | If he still has stable anywhere near debian repos it's on him | 23:48 |
CheesyPastries | there have been some slight changes since then. I reinstalled but this time attempted to get ascii only files by running the debootstrap with a different parameter | 23:48 |
CheesyPastries | The sources.list came out correct from the command but I'm still having issues | 23:48 |
gnarface | CheesyPastries: can you elaborate on "it required me creating a duplicate script of stable?" | 23:49 |
gnarface | CheesyPastries: afaik "stable" is a symlink in the repo | 23:49 |
CheesyPastries | debootstrap appears to use a variety of scripts as part of it's process. It complained when I initially ran it because there was no script for ascii available. I navigated to the directory to find a variety of scripts I read through them and didn't see anything that to me suggested which repo it would use but just how it would unpack things. I | 23:52 |
CheesyPastries | ended up making a copy of the stable script and editing the keyring parameter to devuan-keyring instead of typical. this didn't seem to matter because the guides shows that it will fail to verify the repo anyways | 23:52 |
gnarface | hmm | 23:56 |
gnarface | i wonder if you would have better luck swapping out the freebsd debootstrap with the devuan-patched one | 23:56 |
gnarface | CheesyPastries: ^ | 23:56 |
gnarface | has that been tried yet? | 23:57 |
gnarface | i recall that the debian one didn't even work without patches | 23:57 |
golinux | That's way above my paygrade | 23:57 |
gnarface | though i don't think they were difficult patches, it's not something i could do either, without some research | 23:57 |
rrq | CheesyPastries: which debootstrap are you experimenting with? Both the ascii/main version and beowulf/main version knows about "ascii" | 23:59 |
gnarface | rrq: (he's on freebsd) | 23:59 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!