Deknos | does devuan have polkit? | 08:25 |
---|---|---|
gnarface | it does, but you can easily avoid it because only a few things actually need it | 08:28 |
gnarface | basically ditch your graphical login and use startx instead | 08:28 |
gnarface | it's for doing stuff like making the shutdown button still work while you're logged out | 08:29 |
gnarface | it was never a good idea or a sound security practice to use it in the first place | 08:30 |
gnarface | you might lose a couple features like that for non-root programs | 08:31 |
gnarface | you'll have to use sudo or su or something like that instead | 08:31 |
gnarface | actually off the top of my head i'm not sure sudo doesn't require polkit | 08:32 |
Deknos | i wonder if there's a distribution without polkit and systemd | 08:38 |
AEonFyr | I have policykit-1 on ascii, but not on beowulf | 08:39 |
AEonFyr | 70 rdepends on policykit-1, some of the interesting ones: isc-dhcp-server, synaptic, elogind, firewalld | 08:43 |
AEonFyr | Is ascii still receiving patches? | 08:43 |
lts- | Deknos: I have gentoo boxes without them, yes | 08:45 |
gnarface | there might be less of them if you don't use recommends? | 10:10 |
debdog | is that the reason for the question: https://linux.slashdot.org/story/22/01/25/2259214/major-linux-policykit-security-vulnerability-uncovered-pwnkit ? | 10:12 |
AEonFyr | gnarface: Agreed, I really should. | 10:21 |
AEonFyr | debdog: presumably | 10:21 |
u-amarsh04 | Setting up policykit-1 (0.105-31.1+devuan1) ... | 11:01 |
onefang | ASCII is still getting updated. The polkit vulnerability is being covered on tech news sites. | 12:02 |
onefang | AEonFyr: ^ ^ | 12:03 |
AEonFyr | Thanks :) | 12:04 |
onefang | https://security-tracker.debian.org/tracker/CVE-2021-4034 covers Debians fixs for policykit. Devuan gets those to. | 12:10 |
onefang | So that looks like all Devuan versions except Jessie are fixed. Unless I missed something, I just woke up. | 12:11 |
onefang | Ah bookworm, which daedulus is based on, is still vulnerable, but I think a fix got ported to daedulus, which is where I got that link from. | 12:15 |
fsmithred | looks like beowulf-security has the patched version, but the patched version is not devuanized. | 12:22 |
fsmithred | oh, it's being devuanized now. | 12:22 |
fsmithred | an hour ago | 12:23 |
onefang | I got that link from the email about that. | 12:26 |
onefang | Oh right, we devuanize polkit. Like I said, I just woke up. Doesn't help that my main monitor died while I slept. | 12:29 |
fsmithred | ouch | 12:29 |
rustytaco | any replacement for the mess that is policykit? | 13:58 |
junicchi_ | how can i install dmks? | 14:39 |
gnarface | it's called dkms | 14:40 |
junicchi | gnarface: can't find it on devuan repositories | 14:42 |
junicchi | >E: Unable to locate package dmks | 14:42 |
gnarface | https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=dkms&x=submit | 14:44 |
gnarface | i think you mean this one | 14:44 |
junicchi | ohh | 14:44 |
junicchi | my bad, i searched for dmks instead of dkms | 14:44 |
junicchi | my bad | 14:44 |
fsmithred | src:policykit-1 updates to fix CVE-2021-3560 are now in ceres, daedalus, chimaera-security, beowulf-security (not armel) and ascii-security. | 15:02 |
AEonFyr | Confirmed ascii & beowulf updated, thank you. | 15:04 |
sgage | Got the new patched polkit stuff on Chimaera. | 15:38 |
sgage | There were some errors, but I tried again a minute later and all is well. | 15:39 |
onefang | It's possible the mirror you where using was in the middle of an update. | 15:46 |
sgage | That's kinda what it seemed like. | 15:46 |
sgage | "E: The repository 'http://deb.devuan.org/merged chimaera-security Release' no longer has a Release file. | 15:47 |
sgage | " | 15:47 |
sgage | It was fine a minute later. | 15:48 |
onefang | deb.devuan.org is our DNS-RR, so it goes to which ever one of the package mirrors your apt decided to use. | 15:49 |
onefang | We have been spending some time this week improving that system. Still more work to do. | 15:52 |
minnesotags | Nice. I had to make sure all of my Debian servers were updated because stupid systemd pwnkit. Guess what was last on my list to check? My Devuan servers. | 17:09 |
onefang | Servers might not even need polkit, none of mine had it, only my desktop. | 17:23 |
onefang | All of them are up to date now, | 17:24 |
Tenkawa | onefang: agreed.. I've never understood the lack of keeping policykit truly separate since it has no need in most non-desktop envs. | 17:26 |
debdog | on chimaea even gparted depends on polkit :/ | 17:29 |
Tenkawa | debdog: gparted is a gui app.. I'd expect it to… now gpart or parted thats different | 17:31 |
Tenkawa | it needs policykit for user credentials | 17:32 |
Tenkawa | that makes sense in x11 | 17:32 |
debdog | well, but it worked well for many years with only su-to-root on X | 17:34 |
Tenkawa | yeah… a lot of things did.. heheh | 17:35 |
onefang | Well the point is that it's now patched in Devuan, so if you use polkit, update and move on. | 17:36 |
Tenkawa | onefang: does it get patched on all arches at once? | 17:36 |
onefang | I dunno, I'm not the one that patched it. Check it and see. | 17:37 |
Tenkawa | (didn't know if you guys split up the architecture teams) | 17:37 |
minnesotags | None of my servers had graphical interfaces, so no polkit. | 17:56 |
blizzow | I just debootstrapped a daedalus installation. I only have the single main non-free contrib repo set up in /etc/apt/osurces.list. I've done and apt-get update but am unable to pull down or install some packages like firmware-iwlwifi. I'm being told the package doesn't exist. Strangely, on a similar installation from a few days ago, I did get that | 18:01 |
blizzow | package. | 18:01 |
used____ | polkit patch for Beowulf out already? | 18:07 |
used____ | [yes] | 18:12 |
* used____ upgrades now | 18:14 | |
sgage | I do believe that iwlwifi is nonfree. | 18:15 |
psionic | ) you're banned from #debian, ( F4 - #debian modes ) LMFAO | 18:21 |
psionic | Rolling On The Floor Laughing | 18:21 |
psionic | why dont they rename that distro to shittemdian | 18:22 |
psionic | they should elect harry pottering as new deb techlead | 18:22 |
Tenkawa | psionic: is that here on libera? | 18:23 |
psionic | you know even this libra is funny, I skipped like a year irc then I realized freenode is rugpulled | 18:23 |
psionic | I skipped now hmmm when was wheezy ... x years one day I might realize there is no debian | 18:23 |
Tenkawa | did you not read the freenode saga? | 18:23 |
psionic | yeah I read something about it | 18:24 |
Tenkawa | it was not a small story.. | 18:24 |
Tenkawa | I was online the day they banned and cut us all off.. | 18:24 |
Tenkawa | was quite… ugly | 18:25 |
onefang | And not a topic of conversation for this support Devuan channel. | 18:25 |
Tenkawa | onefang: sorry | 18:25 |
Tenkawa | An on topic comment.. you'd get more helpers having a bit more tolerance… cheers | 18:26 |
used____ | Tolerance? Hah. systemd fanatics have their own channel on another irc server. I stumbled into it. | 18:36 |
used____ | Brethern in suffering, since 2015: https://news.ycombinator.com/item?id=10483780 | 18:36 |
* used____ upgraded polkit on Beowulf successfully | 18:36 | |
Wonka | O.o | 18:38 |
used____ | Wonka: https://netsplit.de/channels/?net=hackint&chat=systemd | 18:43 |
used____ | /off topic done here | 18:44 |
Wonka | I'm not interested in shitstemd fanatics conversations ;) | 18:45 |
used____ | Just saying, they have strong support ;) | 18:45 |
Wonka | well, "we" are #devuan. | 18:45 |
jay | the winking intensifies | 18:45 |
* used____ notes firefox AGAIN changed esr look and feel, as I upgraded it on Beowulf. SIGH. | 18:45 | |
* used____ checks important websites still work - always a surprize | 18:46 | |
used____ | Of course things are broken. Autoplay on yt was off, is on now. | 18:47 |
used____ | And the yt adblocker no longer works | 18:47 |
used____ | Indeed the yt ad blocker claims to work but no longer blocks ads which run always full length. | 18:52 |
used____ | 1.5 minutes of ads (3 ads) for a 3 minute video. Downgrading firefox esr. | 18:53 |
used____ | Aand on downgrading lost all bookmarks etc since new profile was created | 18:59 |
used____ | https://www.dedoimedo.com/computers/firefox-old-profile-reuse.html fixing it | 19:00 |
used____ | Fixed, old *78 version works as before. I hope. | 19:09 |
used____ | When the adblock extension will upgrade, I will upgrade ff. | 19:09 |
used____ | Tip: back up your firefox profile before any up/downgrade. tar -cjf ff-profile-somename.tbz2 ~/.mozilla/firefox/$profile_name -- find the current profile in ~/.mozilla/firefox/profiles.ini ; if unsure: `mozilla -P` starts with chooser, use highlighted name to locate real profile $dir in profiles.ini | 19:12 |
Guest49 | hi guys, I'm wondering if anybody can test radeontop for me | 19:25 |
Guest49 | i seem to be getting an age old error type when I try to run it | 19:26 |
Guest49 | errors out with no access to gpu registers, even though i run it as root | 19:26 |
blizzow | Is there another repo I should add to get non-free packages? I thought I could tack non-free to sources.list like this: | 19:30 |
blizzow | deb http://deb.devuan.org/merged daedalus main non-free contrib | 19:30 |
debdog | Guest49: works fine here. beowulf | 19:31 |
Guest49 | hmm, thanks debdog.. are you running vega gpu? | 19:31 |
Guest49 | i had trouble on my 2500u | 19:31 |
debdog | Bonaire XTX [Radeon R7 260X/360] | 19:32 |
Guest49 | ok thanks. i have that gen on my desktop. might install devuan on it and try there | 19:32 |
debdog | Guest49: is radeontop supposed to work with amdgpu? | 19:35 |
Guest49 | hmm, i have no idea... | 19:35 |
debdog | my adapter is too old for that and I am using the radeon driver | 19:35 |
Guest49 | ok. i thought amdgpu also works for various GCN generations | 19:36 |
Hurgotron | Oh neat, didn't know that command so far | 19:36 |
Guest49 | thought for older kernels it isn't default | 19:36 |
Guest49 | err --though-- | 19:36 |
debdog | hmm, maybe. have not tried the past few years. back then I had to compile the kernel with a special option which supported experimental support for the 260X. but it didn't work | 19:38 |
Guest49 | does amdgopu show up under lsmod? | 19:48 |
debdog | yes, but I think the tailing "0" means it isn't in use https://dpaste.org/fb7w/raw | 19:52 |
debdog | lspci -k: Kernel driver in use: radeon | 19:54 |
debdog | *trailing | 19:58 |
Guest49 | oh, nice thanks again debdog | 20:01 |
Guest49 | I'm guessing for me something might ve not gone right on a dist-upgrade. | 20:03 |
Guest49 | i ll also try a clean fresh install of chimera or beowulf on my 2500u laptop | 20:03 |
Guest49 | on another topic, is anyone else sweating this pkexec vulnerability (which existed since 2009!)? is the temporary solution just to chmod a-x the pkexec binary? | 20:06 |
debdog | Guest49: on beowulf and chimaera the patches are already in | 20:07 |
Guest49 | wow, that's fast! | 20:08 |
debdog | *at least on beowulf and chimaera | 20:08 |
debdog | these I've updated the past few hours | 20:08 |
Guest49 | ok this gets me very pumped to (re)install devuan on various machines | 20:15 |
used____ | Is there a partial consensus at least, on which gpu is easyest to get going on devuan? Ryzen on-cpu 3+ Vega works out of the box? | 20:25 |
* used____ needs to upgrade his dinozaurs, at least one. | 20:26 | |
used____ | It appears people claim Buster/10 ~= Beowulf runs fine on Ryzen 3xxx | 20:27 |
used____ | Anyone here running that combo? What gpu drivers does Vega use? | 20:35 |
onefang | My Ryzen Threadripper 3990X is running on Beowulf. Is that what you mean? | 20:40 |
used____ | Yes! | 20:40 |
onefang | AMD Radeon RX 5600 XT is the graphics card. | 20:40 |
used____ | What gpu accel drives the Vega in the Ryzen? Or do you have an external gpu | 20:40 |
used____ | Ah. I'm after the internal Vegas in Ryzen 3400G etc | 20:41 |
onefang | The 3990X doesn't have internal GPU. | 20:41 |
used____ | I realized that the moment I read the X... | 20:42 |
Guest49 | thx all and have a great day | 20:42 |
used____ | There are reasons for asking... https://community.amd.com/t5/drivers-software/ryzen-3-3200g-linux/td-p/221455 | 20:44 |
used____ | This is ot, let's move it to ot | 20:44 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!