rwp | A while back Debian added security for Testing. Because sometimes packages get stuck in Unstable if someone has uploaded a radically newer version. | 00:54 |
---|---|---|
rwp | micdud, C programs use libc and libc's stdio routines look at the output pipe to see if it is a tty or not. If tty then things are line buffered. If not then block buffered into larger file sized blocks. | 00:55 |
rwp | tail knows tail -f is used for this so it explicitly puts output into a line buffer mode. | 00:55 |
rwp | But cut does not. So the cut N-1 in the pipeline is buffering data into larger blocks. | 00:55 |
micdud | yup, figured it out , stdbuf seems to work for programs that cannot read by line , and awk has (-W interactive) for that | 00:57 |
micdud | now trying find a program that is sending single packet udp dns requests . ss,lsof,netstat have trouble since it is a single packet and nothing stays open . trying to catch a program flooding the dns server narrowed it down to (nfs-client or gssd) | 00:58 |
syco | maybe https://wiki.packet-o-matic.org/ | 01:03 |
gnarface | micdud: i vaguely recall something about recursive queries starting with a single lone udp packet in some case that caused troubles for my firewall configs a while ago - in my case it wasn't an attack though, i think it was normal operations for things trying to find my mail server | 03:20 |
gnarface | micdud: that's where i'd start looking first - stuff related to mail. at the time it looked like something paradoxically simple but it was actually something trying to start a more complex query and failing to continue because i was erroneously only allowing TCP traffic to my DNS server | 03:23 |
gnarface | ... but i could easily imagine it being a core component of a DOS attack too | 03:24 |
gnarface | since if that one packet reaches your DNS server it could theoretically cause very high load if misconfigured | 03:25 |
micdud | its kerberos related . starts when a client ticket expieres and still has active nfs mounts , it starts hammering the dns server with forward,reverse,srv queries for the nfs/kerberos server | 03:25 |
micdud | renewing the ticket stops it , so not sure if it is gssd or nfs-client | 03:26 |
gnarface | hmmm | 03:26 |
gnarface | no kerberos experience, sorry | 03:26 |
gnarface | i guess one might still presume the dns setup is misconfigured if it's hammering the server and not finding what it needs | 03:41 |
gnarface | i can't guess what it would need though other than valid forward and reverse lookups for everything | 03:42 |
gnarface | could it be lacking permission to actually carry out the other query types? they can be refused independently of network protocol | 03:43 |
micdud | it is getting the responses it needs, just does this when ticket is expired . so it could be the nfs itself sending a bunch of requests and failing for say open files , and each request with a kerberos setup wants forwards and reverse for security reasons | 03:52 |
micdud | only noticed because i was logging dnsmasq requests to a /tmp on ramdisk , filled 500 megs in a day , and then funny things happened , like apt update could not finish with gpg errors etc.... | 03:56 |
DRWhite | hi folks | 04:50 |
DRWhite | ther eis a package called shim_systemd , Is that a drop in to replace script systemctl commands? | 04:51 |
DRWhite | And it does not actually use systemd, correct? | 04:53 |
onefang | Where do you see that? I'm not seeing it in Beowulf. | 04:53 |
DRWhite | systemd-shim/oldoldstable 10-3 amd64 | 04:54 |
DRWhite | shim for systemd | 04:54 |
DRWhite | If there is one for beowulf let me know | 04:55 |
DRWhite | I'm looking for a systemctl replacement | 04:55 |
DRWhite | So it would be from ASCII | 04:56 |
DRWhite | because things I need have been removed rfom BeoWulf | 04:56 |
onefang | That's also not in Beowulf, neither of those names are. | 04:56 |
DRWhite | ASCII | 04:56 |
onefang | Beowulf has a systemctl package. | 04:56 |
DRWhite | As you see "old stable" | 04:56 |
onefang | 'daemonless "systemctl" command to manage services without systemd' | 04:57 |
DRWhite | I don't want systemd, will that replace and fix it so systemctl functions from people will work but not install systemD? | 04:57 |
DRWhite | kool | 04:57 |
DRWhite | thanks, I'll ahve a look | 04:57 |
DRWhite | Wher eis that? | 04:57 |
DRWhite | What repository? | 04:57 |
onefang | I searched on my Beowulf desktop using synaptic. | 04:57 |
DRWhite | I have CLI | 04:57 |
DRWhite | I have no GUI | 04:58 |
DRWhite | It's a server. | 04:58 |
onefang | It's in main. | 04:58 |
onefang | oldstable-backports | 04:58 |
DRWhite | deb line please? | 04:59 |
DRWhite | I can't find anything systemctl | 05:00 |
DRWhite | deb http://deb.devuan.org/merged beowulf oldstable-backports ? | 05:01 |
onefang | deb http://deb.devuan.org/merged beowulf-backports main | 05:01 |
DRWhite | Okay thanks, I'll have a look. | 05:02 |
DRWhite | from bad to worse.. Getting this far at least now.. | 05:05 |
DRWhite | ERROR:systemctl:unsupported run type 'dbus' | 05:05 |
gnarface | missing dbus maybe? | 05:06 |
DRWhite | Yes, but it works now to get past that issue. | 05:07 |
DRWhite | dbus is installed | 05:12 |
DRWhite | Well, I killed Devuan Beowulf! | 05:38 |
Xenguy | I'm sorry Dave, I can't kill the Devuan Beowulf | 05:44 |
DRWhite | lol | 05:52 |
DRWhite | I ended up restarting it for kernel panic. | 05:52 |
DRWhite | segmentation faults all over the place | 05:52 |
micdud | why would you need to use systemctl on devuan? there are no systemd services to manage , or am i missing something ? | 05:56 |
DRWhite | Adding other things that use that in their install script and control functons. | 06:40 |
micdud | just convert back to sysv startup script for a package or two vs, shim on top of shim on top of hack to bring systemd functionality in to a system without systemd ? | 06:59 |
DRWhite | yup, adding the call to get it all functional then just removing it again. | 07:07 |
micdud | cool , forking devuan to put systemd back in :) | 07:08 |
humpelstilzchen[ | ln -sf /bin/true /usr/local/bin/systemctl - I better go hiding hiding | 09:22 |
ejjfunky | hi all. i've installed php 2:7.4+76. i want to install php 2:8.1+92. i am using Chimera i386. how do i do it? | 11:43 |
ejjfunky | hi phogg. | 11:47 |
DPA | It's not that difficult to make a more complete systemctl shim using bash: https://gist.github.com/Daniel-Abrecht/fe72299f62597f5b5087698ff2273c88 | 12:03 |
gnarface | ejjfunky: the most proper way to do it would be to rebuild the ceres packages for chimaera but you could also run chimaera in a chroot (minus the kernel, which might not matter for this) or if you're feeling risky just install the ceres packages directly (but it's not advised and will probably cause problems later with package dependencies) | 12:28 |
ejjfunky | gnarface, ic. thanks. | 12:31 |
gnarface | i guess daedalus has the same version is chimaera right now so that might work easier | 12:32 |
gnarface | it might not matter too | 12:32 |
gnarface | someone might eventually do the work and put it in chimaera-backports | 12:32 |
ejjfunky | im trying to install daedalus now. i was having problem retrieving packages. it says cannot acces repository | 12:32 |
ejjfunky | i guess i should do through chimaera too like the suggestion above | 12:33 |
gnarface | yea you should update to daedalus from chimaera, or try debootstrapping daedalus into a chroot | 12:33 |
ejjfunky | how do i update to daedalus from chimaera? | 12:35 |
gnarface | basically from a clean chimaera install you change the sources to daedalus then run: apt-get update && apt-get upgrade | 12:35 |
gnarface | dist-upgrade rather | 12:35 |
gnarface | the basic process shouldn't be different from debian, just the sources urls are different | 12:36 |
gnarface | you probably want this actually if it's a server: apt-get update && apt-get --no-install-recommends dist-upgrade | 12:37 |
ejjfunky | ic. ok | 12:37 |
ejjfunky | alright, i will try this. thanks gnarface. | 12:38 |
gnarface | no problem, good luck | 12:38 |
ejjfunky | hi, im installing daedalus on top of chimera. should i enable AppArmor support? | 13:46 |
gnarface | i think you need it, not sure | 14:31 |
gnarface | where were you asked? | 14:31 |
fsmithred | if you install daedalus from the daedalus installer isos, you get an error message about the security repo that does not exist. It's safe to ignore that message (until daedalus goes stable, then you need to uncomment the security line) | 14:53 |
nickme | Hi there. Where can I find the signing key for the releases? | 16:20 |
fsmithred | nickme, I'll get a link. It's in the package repo. | 16:22 |
nickme | Found it: https://files.devuan.org/devuan-devs.gpg | 16:22 |
nickme | People, read the README.txt ;) | 16:22 |
fsmithred | https://pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/ | 16:22 |
nickme | Oh cool a second one. | 16:23 |
fsmithred | installable package | 16:23 |
nickme | fsmithred, Thank you. | 16:24 |
fsmithred | yw | 16:24 |
nickme | Does the netinstaller or the server iso contains wget? | 17:16 |
nickme | Debian netinstaller doesn't contain wget, that's why I'm asking. | 17:17 |
nickme | Ok I found it out myself by installing devuan two times in a row. First install with server iso, no network connection, only default tools gave me 318 packages and wget is onne of them. Same setup with netinstaller gave me 271 packages and also wget. That's nice! | 17:50 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!