libera/#devuan/ Thursday, 2020-10-22

joybukeHowdy there, im trying to respin Devuan as a personal project and want to be able to make it install. Got pretty far with a tool called "respin" and it boots, just want to know how to make it install onto a system as you would on a Debian, Devuan, or Ubuntu Distro.06:14
aliceussrHello! I detect security issies with packages: exim4, exim4-light - its packages have suid in debian and devuan repositories - it`s is viruses or troyans!07:24
clortthanks for heads up aliceussr07:24
aliceussrclort: OK! Please tell about debian security group!07:25
clortwell idk if a mta agent needs suid07:25
clortthis looks like a 2016 discussion07:25
clortand a 2010 discussion07:26
clorthttps://lists.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html07:27
aliceussrThe mta agent does not need suid. It works great without it. And with it, he independently changes the logging security settings.07:27
clort"as Exim might need to store received messages in user mailboxes, it has to have the ability to regain privileges"07:27
clortok that is understandable07:28
aliceussrOk! Deal with this security issue as you wish. I warned you about the potential danger and compromise of Debian-based systems with exim4 * packages installed07:29
clorti'm not seeing that you are informing us of anything new07:31
clortbut i often don't understand things, so that's perhaps my error07:31
aliceussrНовое я вам сообщил: после установки данных пакетов меняются насотройки безопасности в системе.07:32
aliceussrbut i often don't understand things, so that's perhaps my error07:32
aliceussrSorry! I translate.07:32
aliceussrI told you something new: after installing these packages, the security settings in the system change.07:33
clortwhat settings changed?07:35
aliceussr/var/logs/07:36
gnarfacepure FUD07:40
gnarfacecompletely normal use of suid07:40
gnarfaceand by far not the only example07:41
gnarfaceand yea, you're gonna have trouble supporting Maildir without it07:41
gnarfacebut feel free to disable it if you only ever deliver mail to root and you don't give a fuck about logs07:42
clortseems like a thing that usergroups could be used for.  you have a group for mail transfer agent, and make user mailboxes writeable by that?07:43
clortand yes, there are quite a few suid userspace packages, that need suid07:44
aliceussrYes, such packages exist, but they do not run in daemon mode and do not have ALL privileges on the system, like exim4 running as root in daemon mode !!!!!!!!!07:46
aliceussrDebian and Ubuntu developers have pushed Linux again !!!07:47
gnarfaceit's not though08:02
gnarfaceclort: it doesn't run as root in daemon mode, it drops permissions immediately.  he's lying08:02
aliceussrsuid in daemon mode - root privileges on the system!08:04
gnarfacealiceussr: if you were serious you'd be reporting it to upstream, we can't do anything about it here anyway08:04
aliceussrgnarface:  You are right, I'm not very interested in this, since I always check my system for potential threats and fix them, unlike you. You continue to use what you give thoughtlessly.08:06
gnarfacealiceussr: this is a support channel.  unless you need actual help with something, stuff it.08:09
aliceussrgnarface: Ok!08:09
golinuxgnarface: +1!08:14
Atari-FroschOn one server: dpkg: error processing archive /var/cache/apt/archives/mariadb-server-core-10.3_1%3a10.3.25-0+deb10u1_amd64.deb (--unpack): trying to overwrite '/usr/bin/my_print_defaults', which is also in package mariadb-server-10.3 1:10.3.23+maria~stretch13:42
Atari-FroschOn another it worked.13:42
Atari-Froschmysqld stopped working, but fortunately I was able to start it again without problems.13:44
Atari-FroschOh, both servers are running Beowulf.13:44
gnarfaceprobably an upstream bug, Atari-Frosch but it doesn't sound serious13:58
gnarfacethey're probably the same file14:01
Atari-FroschI see. I hope that it will be OK now with the restart …14:15
gnarfacewell, it might be worth checking for a bug at bugs.debian.org14:21
gnarfaceif anything breaks usually someone posts a temporary workaround14:21
gnarfacebut i can't imagine it would be anything other than "use the other file"14:21
gnarfacei don't really think a reboot would change things but i don't know14:22
Atari-FroschI'll check bugs.debian.org, thank you.14:32
Atari-FroschIt says mariadb is not in Debian …14:34
xinomiloyou probably have mariadb repo version installed.14:36
gnarfacehmmm14:36
xinomilocant have both14:37
xinomilothis is not from debian : mariadb-server-10.3 1:10.3.23+maria~stretch14:38
gnarfacehmm, also it's for an older release than current14:39
gnarfaceyou're right that bugs.debian.org is curiously free of any mention of mariadb but maybe they push them upstream or something, packages.debian.org shows it definitely present (as does pkginfo.devuan.org)14:39
xinomilomixing repos/versions is not a debian bug14:40
xinomilohttps://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=mariadb-server-10.3;dist=stable14:43
GyrosGeier14:01 < gnarface> they're probably the same file14:52
GyrosGeierif the file moved, the packages need a Replaces:14:52
Atari-Froschgnarface: So it seems. The server was running under Stretch before, and I remember that in Stretch I had to fetch MariaDB from a different source. The other one, where it worked, had a start installation with Debian Jessie, and before making any installations I brought it to Devuan ASCII, later updated to Beowulf.14:57
Atari-FroschSo this only hits hosts which were running Debian (Stretch) before.14:57
gnarfaceAtari-Frosch: just purge them and get the devuan versions, they're probably blocking upgrades too15:00
Atari-FroschThis IS the Devuan version of MariaDB, updated over the Stretch version in May of this year.15:01
gnarfacehmmm15:02
gnarfacewell do this and just make sure all the packages match versions:  dpkg -l |grep mariadb15:03
Atari-FroschUh, funny. When I do this, I get versions from Jessie, Stretch, and Devuan ;-)15:05
Atari-FroschBut the older ones are not installed, I cannot remove them.15:06
Atari-FroschStop, typo. They can.15:07
GyrosGeieraptitude should be able to tell you if you have obsolete/local packages15:08
gnarfacethe old listings might be harmless if the left column doesn't say "ii" but they can't be helping anything15:10
Atari-Froschii  mariadb-server-10.3                    1:10.3.23+maria~stretch15:10
Atari-FroschBut there is no server version from another source as far as I can see.15:11
gnarfacemaybe your config is missing beowulf-security?15:12
gnarfacehttps://pkginfo.devuan.org/cgi-bin/d1pkgweb-query?search=mariadb&release=beowulf15:12
gnarfaceit shows up here15:12
Atari-Froschgnarface: Security is in the sources.15:12
gnarfacehmmm15:12
Atari-Froschdeb http://deb.devuan.org/merged beowulf-security main15:13
gnarfacehmmm, something has to be missing though15:13
gnarfacei'm seeing it here15:13
Atari-FroschThis is what I get with dpkg -l | grep mariadb:15:15
Atari-Froschhttps://pastebin.com/qbBHMUPm15:15
Atari-FroschBTW, I just tried apt autoremove and it doesn't remove anything.15:16
gnarfacei would purge everything with ~stretch or ~jessie in the name15:16
Atari-FroschAnd if the server version gets lost install it anew?15:16
Atari-FroschI mean, I need that server running ;-)15:17
gnarfaceok, well there's a download-only option for the deb files15:17
gnarfacefor apt-get15:17
gnarfacejust use download-only first15:17
gnarfacemake sure it's coming from the right place15:17
Atari-Froschhm, ok15:17
gnarfacemake sure the other repos *aren't* in the sources anymore, and make sure you don't forget to "apt-get update" first15:17
gnarfacethis is a super common outcome from repo/distro mixing, and the damage could have been much worse15:18
Atari-FroschThe other repos aren't in the sources since May, since I updated to Beowulf.15:18
Atari-FroschIf there was no update for MariaDB since then, I guess the Stretch version was just kept.15:21
gnarfaceAtari-Frosch: the way it is named might override even later versions though, is the thing.  the rules are a little weird15:27
gnarfacethe "+maria~stretch" thing might sabotage 10.515:28
Atari-FroschSolution: apt remove mariadb-server-10.3; apt install mariadb-server-10.3 – it was already downloaded, just could not be installed over the Stretch version.15:28
Atari-FroschNow the correct version is running.15:28
gnarfacecool15:28
joybukeHowdy there, asked this last night, but came back today. I am currently working on respin of Devuan just for fun and got it up and running and am now wondering how I can get the OS to do a proper install rather than just being a live cd. I am using a tool called LinuxRespin (https://gitlab.com/remastersys/LinuxRespin), but don't mind learning live-boot if anyone has some good documentation on it. I want it to have an18:25
joybukeinstaller like that of Debian or Ubuntu, but do not mind it just being a script akin to Arch if need be. Thanks for reading and hopefully helping!18:25
flingsh: 1: /usr/bin/procmail: Operation not permitted18:30
flingbut no error when run with strace ^18:30
flinghow to debug? :D18:30
clortwith a debugger?18:34
flingclort: with what debugger?18:34
clortgdb?18:34
joybukefling try doing chmod +x on the file and see if it works19:04
joybukemight need sudo for it19:04
flingjoybuke: I don't want to +x it19:05
flingjoybuke: also not going to run procmail as root19:05
joybukeyou don't need to, its in your /usr/bin19:05
joybukeits just making it executable19:05
joybukeso you can run it as a user19:05
flingI can run it as user19:05
joybukethen what is your goal?19:06
fsmithredjoybuke, I'm not sure if anyone is still using live-build with devuan. You could check at the forum.19:06
flingjoybuke: to run in the regular way without strace or anything19:06
fsmithredMaybe Crows is made that way. Star used to be made that way but now uses live-sdk.19:06
fsmithredHere's a way to do what you want (make a live iso that has the debian(devuan) installer19:07
fsmithredhttps://dev1galaxy.org/viewtopic.php?pid=25396#p2539619:07
joybukeey thanks for pointing me in the right direction19:07
joybukemind also spoonfeeding me the documentation on live-sdk?19:08
fsmithredthere's probably still documentation in aitor's fork, but it's probably outdated. He made a lot of changes.19:08
joybukegot a link?19:08
joybukeor some  search term I should be looking up?19:09
fsmithredhttps://git.devuan.org/devuan-sdk/live-sdk19:09
fsmithredthat's the official live-sdk19:09
joybukeah, didn't know it was official19:09
fsmithredsee the forum link for aitor's fork that includes debian-installer19:09
joybukehow did I miss this?19:09
fsmithredthat's how we make the live isos19:09
joybukegotcha19:10
fsmithredand here's the horribly outdated devuan live-build: https://git.devuan.org/devuan/live-build19:10
fsmithredno clue if it works, but if you want to try to fork a current live-build, it might be helpful19:11
joybukeI built my own live build, just need an installer to get it into a system for good19:11
fsmithredif you want the standard debian-installer (what our installer isos use) then look at those links. There's a way to do it with live-build.19:12
fsmithredIf you just need some installer, there's refractainstaller in the repo and also calamares.19:12
joybukeneato. Will write those down and look for documentation19:13
fsmithreddocumentation for refracta tools is at refracta.org or ask me. I'm the author.19:13
joybukedidn't know I was talking with a dev, good to know you're here if I need help.19:14
fsmithredmy installer doesn't do lvm or raid. I don't know if calamares does those things.19:14
fsmithredalthough there's a way to use my installer if you do some manual stuff to get lvm or raid ready.19:15
golinuxs/he didn;t want a live cd19:15
joybukelvm would be nice, but not needed. The OS is mainly going to be one I give out to friends who I want to introduce to Linux19:15
joybukebasically a grower distro akin to mint but with less GUI stuff and no systemd19:15
joybukejust a small hobby project19:15
fsmithredyeah, they will probably do single partition19:15
fsmithredread about refractasnapshot. It's a different work flow. You install a system (hardware or VM) and configure it how you want, and then it makes the live iso from the running system, with your config changes.19:17
joybukethats likely more my speed19:17
joybukenewbie to the whole remixing thing19:17
fsmithredWYSIWYG19:17
joybukejust dipping my toes in to eventually get into things like gentoo and LFS19:18
unixbsdOn xfce4, there is magical pulseaudio, coming from gnome and modern desktop ecosystem.  HOw to launch festival? echo "test "| festival --tts does not work!19:18
fsmithredapt purge pulsaudio?19:22
fsmithredjust a guess19:22
fsmithredunixbsd, I can confirm that your test command does not work in the absence of pulseaudio. I don't have a way to test it with PA.19:37
flingwhich package for poppler?19:38
fsmithredpoppler-utils?19:38
fsmithredapt-cache search poppler19:38
flingthanks19:38
unixbsdwe havent a virtual machine of devuan on the web? maybe a little devuan live might have PA to test.19:39
unixbsdActually, PA is pretty handy to use. It helped me to uswe microsoft ms teams.19:39
fsmithredlol19:39
fsmithredok, I don't need that.19:39
fsmithredyeah, I could try in a VM, but something is wrong here19:40
fsmithredIt's not installing all that it needs.19:40
fsmithredand it can't find files19:40
fsmithredlike /usr/share/festival/dicts/cmu/cmulex.scm19:41
fsmithredadded festlex-cmu and I get less error19:42
fsmithredlexicon english_poslex not defined19:43
fsmithredinstalled festlex-poslex and it works.19:44
fsmithredok, that's extremely creepy - it sounds like my voice19:44
fsmithredunixbsd, any luck?19:50

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!