ballsystemlord | Thanks! | 00:00 |
---|---|---|
dan9er[m] | Erm I didn't clear the EFI partition, I think I should've | 01:00 |
dan9er[m] | I installed Devuan without touching the EFI partition, but it appears Windows' bootloader is still there | 01:02 |
dan9er[m] | And complaining it can't find Windows | 01:03 |
dan9er[m] | error code 0xc0000225, Windows/system32/winload.efi missing | 01:08 |
dan9er[m] | cause I installed Devuan, you dolt | 01:08 |
dan9er[m] | Why is WBM appeearing, where's grub | 01:08 |
dan9er[m] | lemme try starting over | 01:09 |
dan9er[m] | this time i'll delete the efi part and make a new one | 01:11 |
fsmithred | you installed devuan in bios mode with windows still there and set for uefi boot? | 01:13 |
fsmithred | if you're keeping windows, you should probably just do uefi boot for linux | 01:13 |
fsmithred | dan9er[m], you should not need to wipe the efi partition, and that might even be a bad thing to do | 01:14 |
dan9er[m] | fsmithred: I wiped Windows, i'm not doing dual boot | 01:15 |
dan9er[m] | And the installer the first time round found the EFI partition, so I installed in UEFI mode | 01:17 |
dan9er[m] | So why is WBM here and not Grub | 01:18 |
dan9er[m] | fml | 01:18 |
fsmithred | not sure | 01:21 |
fsmithred | grub usually takes over the boot on uefi with no problem | 01:22 |
fsmithred | but uefi implementations are rarely to spec. And MS probably does some nasty things on purpose. | 01:22 |
dan9er[m] | Ech screw it, I'm wiping EFI. If that breaks stuff I have MS' recovery image to reinstall Windows | 01:23 |
dan9er[m] | unless EFI can't be restored like that? | 01:24 |
dan9er[m] | fsmithred: If I delete the EFI partition and make a new one, and that ends up breaking everything, would using a Windows 10 recovery image fix that or would the damage be deeper | 01:27 |
fsmithred | dan9er[m], I think it's possible to brick some motherboards if you wipe efi partition. | 01:29 |
fsmithred | maybe do some research at rodsbooks.com | 01:29 |
fsmithred | you should be able to boot legacy/bios without removing efi partition. | 01:30 |
dan9er[m] | I don't think this thing has legacy boot | 01:39 |
dan9er[m] | There's no option in UEFI settings to enable/disable it | 01:39 |
dan9er[m] | Well i'm gonna try installing without touching EFI part one more time | 01:40 |
fsmithred | do uefi install. | 01:40 |
fsmithred | the correct grub is already installed in the live isos | 01:41 |
fsmithred | time for dinner. back in a little while. | 01:41 |
joerg | related? https://www-heise-de.translate.goog/hintergrund/Bootloader-Signaturen-per-Update-zurueckgezogen-Microsoft-bootet-Linux-aus-7250544.html?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp | 02:09 |
joerg | read carefully, there's risk to lose your data on windows and even to brick your device by messing with EFI | 02:11 |
joerg | for the headline, there's a german idiom "ausbooten" which means knock out | 02:12 |
triode | hello, I had the topic problem earlier with two servers, but I just build a new VM with Chimaera, and have the same issue, but the fix does not seem to solve it. After the fix I get: https://pastebin.com/RV3GgVWm | 02:19 |
triode | Note that the fix seemed to work earlier. Not sure what I am doing wrong this time. | 02:19 |
triode | anytime I go to install _any_ package, it tells me that it is not missing, has been obsoleted, or | 02:20 |
triode | is only available from another source | 02:20 |
dan9er[m] | fsmithred: Did the install again, WBM still booting instead of grub | 02:22 |
fsmithred | dan9er[m], you booted uefi? | 02:23 |
fsmithred | dan9er[m], take a look at this. You might have a similar situation. (mobo only recognized bootloader named windows) | 02:25 |
fsmithred | https://dev1galaxy.org/viewtopic.php?id=15 | 02:25 |
dan9er[m] | fsmithred: Yeah that's mentioned here as well https://www.rodsbooks.com/linux-uefi/ | 02:35 |
dan9er[m] | I think MS, being cunts, did that on purpose | 02:35 |
golinux | Predictable . . . | 02:36 |
dan9er[m] | but how would updating grub work? | 02:37 |
joerg | https://www.reddit.com/r/buildapc/comments/o8a0o4/bricked_my_machine_with_secure_boot_i_think/ | 02:38 |
fsmithred | uh, it's been a couple years since I've read the stuff from edbarx. | 02:38 |
fsmithred | I'm not sure, but it looks like every time you get a newer version of grub, you'd have to copy grubx64.efi again. | 02:41 |
fsmithred | but that doesn't happen very often. | 02:41 |
Soltis | he following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org> | 03:19 |
Soltis | WTF? | 03:19 |
fsmithred | see channel topic for link to fix | 03:19 |
fsmithred | https://dev1galaxy.org/viewtopic.php?id=5213 | 03:21 |
Soltis | No, the "WTF" is how something fundamental like "being able to upgrade packages" was permitted to break at all. | 03:21 |
Soltis | The fix is comparatively obvious. | 03:22 |
Soltis | Particularly because the "fix" is essentially to bypass the security in question entirely, which kinda defeats the point. | 03:23 |
fsmithred | download the package and check the sha256sum before installing with dpkg. | 03:24 |
Soltis | Yes, there are ways to authenticate it. | 03:24 |
Soltis | The point is that the suggested fix - which I already knew about - bypasses that. The alternative is more secure, but a pain in the ass. | 03:25 |
Soltis | But the real problem is that having upgrades fail is the sort of thing that makes anyone who runs modern systems tend to run screaming into the night. | 03:28 |
Soltis | I don't think much of those sorts, but they're unfortunately common. | 03:29 |
dan9er[m] | Yeah Soltis kind of has a point, how did that happen | 03:36 |
se7en | Letting you all know | 03:43 |
se7en | The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org> | 03:43 |
se7en | From apt | 03:43 |
fsmithred | https://dev1galaxy.org/viewtopic.php?id=5213 | 03:43 |
fsmithred | someone put a one year expiration date on the signing key | 03:43 |
se7en | And they didn't extend? | 03:44 |
fsmithred | and no automatic renewal or reminder | 03:44 |
dan9er[m] | lol | 03:45 |
dan9er[m] | I mean Oculus made that fuck up once as well | 03:45 |
se7en | At least it's not as bad as publishing the private apt-signing key with the intention of making it "Open Source" | 03:46 |
se7en | Which I have witnessed first-hadn | 03:46 |
se7en | s/hadn/hand | 03:46 |
brocashelm | there are already two negative reviews on dw just because of the keyring thing | 03:46 |
dan9er[m] | se7en: wtf, are they morons | 03:48 |
se7en | They were Chinese | 03:48 |
se7en | And yes | 03:48 |
onefang | rwp: I just woke up, and I'm still in weekend mode. Is there still a problem? | 03:53 |
golinux | Damage control | 03:58 |
onefang | I was asking specifically about what rwp tagged me about while I slept. | 04:05 |
rwp | onefang, I am still at this moment seeing this from the mirrors: https://paste.debian.net/plain/1252778 | 04:56 |
rwp | If I switch to pkgmaster then of course everything works perfectly. So it is something not in sync with the mirrors. | 04:58 |
Afdal | What is the simplest way to check if a grep output is empty in a BASH script? | 04:58 |
rwp | Afdal, To see if a grep has matched then use grep -q PATTERN, as in "if grep -q PATTERN FILE; then ..." | 04:58 |
rwp | And "if ! grep -q PATTERN FILE; then ..." for a non-match. | 04:59 |
Afdal | Basically whatever it is grep spits out when it finds nothing. Which doesn't appear to be null or nothing... | 04:59 |
rwp | "if ! grep -q PATTERN FILE; then ..." | 05:00 |
onefang | I do have a TODO item to add more key checking to apt-panopticon. Could you do me a favour and check the various DNS-RR mirrors please? Or at least try to figure out which mirror is giving you that response? | 05:01 |
Afdal | I don't really wanna run an extra bash action just to check if grep is failing or not. I'd rather check if the output is OK or not and do nothing if it's fine | 05:01 |
rwp | onefang, I can do that. I have been afk all day or I would have done that already. It was 32 miles on the bicycle and just got back to my door. | 05:01 |
onefang | Thanks. I'm still catching up on lots of stuff from last week. | 05:02 |
dan9er[m] | fsmithred, I finally got GRUB working! Had to manually add it to UEFI boot options with `efibootmgr`: https://www.rodsbooks.com/efi-bootloaders/installation.html#register | 05:05 |
dan9er[m] | also, uh, recreating EFI partition on Surface Laptop 1 turned out fine | 05:06 |
abk | lxde or kde? which better? | 05:11 |
onefang | Define "better". Also, not a Devuan support question, please ask it elsewhere. | 05:12 |
Afdal | LXDE is da bomb | 05:12 |
abk | onefang: Good point. (It was not a request for support, just a request for opinion. But indeed is off-topic.) | 05:14 |
abk | Afdal: Thanks! :) | 05:14 |
Afdal | KDE does some cool stuff but I've personally never felt like the added bloat justifies it for me | 05:15 |
brocashelm | all comes down to personal preference. lxde is more suitable for low-powered machines, while kde plasma is more modern and uses more resources (but about the same as xfce nowadays) | 05:15 |
Afdal | On the other hand people often take for granted exactly all the things LXDE can do just because it ignores one of the most unique features of Openbox by default | 05:15 |
onefang | Define "modern", and again, do it elsewhere. #devuan-offtopic perhaps. | 05:16 |
rwp | onefang, Well... This is bizarre. For me ALL of the mirrors report BADSIG. https://paste.debian.net/plain/1252784 | 06:56 |
rwp | Which can't be. So the problem must be a hang state on my own system | 06:56 |
rwp | However I saw others earlier reporting the same problem. So I don't think it is only me. | 06:56 |
onefang | And yet people are also saying the suggested fix works for them. | 06:59 |
lts | I did the wget->dpkg -i method and it works for me, though I'm a bit worried no new updates have yet come since that. rwp, make sure that "apt show devuan-keyring" actually shows 2022.09.04? | 07:01 |
onefang | I'll poke at it tomorrow, when I get back to work. In the mean time, others feel free keep poking at it to see if you can nail it down. Thanks. | 07:03 |
adhoc | rwp: I just ran that and all the repos report ok, no BADSIG | 07:03 |
rwp | Switching to pkgmaster then works for me. Switching back to deb.devuan.org results in BADSIG again. | 07:03 |
rwp | And yet I have another system which should be identical and it works with deb.devuan.org okay. | 07:05 |
rwp | Data makes no sense to me yet. I'll keep poking at it for a while... | 07:05 |
lts | Is that system chimaera or beowulf? | 07:05 |
rwp | Both of the ones I am looking at are beowulf. | 07:05 |
lts | And "apt show devuan-keyring" shows version 2022.09.04 on both? | 07:06 |
onefang | That is very odd. | 07:06 |
rwp | Yes. 2022.09.04 on both. | 07:06 |
rwp | Agreed. Very odd. I'll start comparing /var/lib/apt and /var/cache/apt and things like that... | 07:06 |
onefang | Thanks for looking at it. | 07:06 |
rwp | OH! The bad latched case is using an apt-cacher-ng proxy and the other one is not. | 07:07 |
onefang | AHA! | 07:07 |
rwp | I saved a before copy of /var/lib/apt/lists and then walked it through pkgmaster and then back to deb without the apt-cacher-ng proxy configured. | 07:16 |
rwp | Things work on the latched bad machine now. So that's good. I diff and see this. | 07:16 |
onefang | So all good now? | 07:16 |
rwp | Files /var/tmp/badsaved/lists/deb.devuan.org_merged_dists_beowulf_InRelease and /var/lib/apt/lists/deb.devuan.org_merged_dists_beowulf_InRelease differ | 07:16 |
rwp | Looking at the diff of those I see that the signature and file hashes of various indexes are different. | 07:17 |
rwp | And in particular the proxied file has "Valid-Until: Sun, 11 Sep 2022 00:15:29 UTC" which I don't know what that indicates but it is different from the now live copy. | 07:18 |
rwp | Yes, all good, as far as you should be concerned. But maybe a clue that apt-cacher-ng is not handling the updates correctly. | 07:18 |
rwp | And maybe it was also the problem with the other person who was having this same problem earlier in the day. | 07:19 |
rwp | Because apt-cacher-ng has latched onto the previous file and if I add it back into the system then I get the BADSIG version of the files again. | 07:19 |
rwp | The trivial way for me to fix things here, and lose my test case, is to purge apt-cacher-ng and re-install it. Because that flushes the cache entirely too. | 07:20 |
bb|hcb | rwp: rm /var/lib/apt/lists/deb.devuan.org* will help you | 07:20 |
onefang | Soooo apt-cacher-not-good. B-) | 07:20 |
rwp | bb|hcb, Actually if I do that and then update again the bad files just return immediately. So... Not quite. :-) | 07:21 |
bb|hcb | The other thing that prevents apt from working is having both the old and new key in /etc/apt/trusted.gpg.d/ | 07:22 |
bb|hcb | apt uses the first key it sees and does not reach to the updated one | 07:22 |
rwp | The etckeeper git log shows that apt/trusted.gpg.d/devuan-keyring-2017-archive.gpg was deleted and apt/trusted.gpg.d/devuan-keyring-2022-archive.gpg was added. | 07:24 |
rwp | It actually thinks they were renamed because the contents are similar. | 07:24 |
rwp | onefang, Sorry for the false alarm. All of the proxies have problems. apt-cacher-ng sucks the least of all of the proxies I have tried. | 07:24 |
rwp | I don't know what it is about caching proxies that makes it such a hard problem but all of them have problems. | 07:25 |
onefang | No worries. At least you have found yet another thing we can ask people to check if they are still having issues. | 07:25 |
onefang | I've not looked at caching or proxies since last century, when I was paid to work with squid. | 07:26 |
rwp | onefang, I have a suspicion. I suspect that at least one of the mirrors doesn't update/sync correctly. | 07:40 |
rwp | And if a cache proxy looks at just the right moment then it can snapshot an inconsistent view of the archive. And having that snapshot it hangs onto it. | 07:40 |
rwp | Because as I examine the remains of the problem I see that the http HEAD says the file I have is still valid. When there is actually a newer version of the file upstream. | 07:41 |
onefang | That's what apt-panopticon is for. If you can figure out a use case it isn't testing that it should, lemme know please. | 07:41 |
onefang | Ah, might be some mirror isn't using --delete to it's rsync. Thought i told them all to do that. | 07:42 |
onefang | Obviously oapt-ponopticon can't test download ALL packages every ten minutes from all mirrors. lol | 07:42 |
rwp | Also involved is the web server the mirror is using to distribute the files. Because the different servers form the HEAD response differently. | 07:42 |
rwp | Example of what I am talking about: https://paste.debian.net/plain/1252785 | 07:43 |
rwp | That is a HEAD saved for deb.devuan.org/merged/dists/beowulf-backports/InRelease and could have been from any of the mirrors. | 07:43 |
onefang | And some mirrors somehow fail the URL sanity test, I'm not even sure how you configure that to fail. lol | 07:43 |
rwp | It says it is still valid. | 07:43 |
rwp | Yet the file hashes in the current file from pkgmaster are different. | 07:44 |
rwp | It's a crazy situation whatever the real root cause of the problem. My brain hurts. It's almost midnight here. I am up early tomorrow. Good night all! Thanks for the help! :-) | 07:45 |
onefang | Thank you for your help. I'll poke at it tomorrow. G'night. | 07:46 |
* onefang goes back to not working. | 07:46 | |
GoatAvenger | rwp, onefang, I had sig check fail on apt update as well | 09:18 |
GoatAvenger | manually downloading key-ring update seemed to fix, though I was still on 2017-10-03 | 09:18 |
eyalroz | I have a suggestion about the cinnamon panel configuration in daedalus. Not sure if it's a suggestion for Devuan, Debian or the upstream so I'll just make it here. | 10:32 |
eyalroz | Until chimaera, the default panel button title has been the window title | 10:33 |
eyalroz | but this has changed with daedalus, | 10:34 |
eyalroz | and now the default is the application name | 10:34 |
eyalroz | which I find to be a bad idea. | 10:34 |
eyalroz | Naturally, people can change this, but it's not trivial to figure where this is done | 10:35 |
eyalroz | It's in System Settings | Applets | Grouped Window List | 10:40 |
eyalroz | and you can't easily get to it by right-clicking the panel/launcher | 10:40 |
userr | Hi. I have troubles during install Chimaera 4.0 to obtain deb.devuan.org rep key. It seems to be expired. It is unable to update/upgrade after installation finished. This started last Saturday. | 10:58 |
gnarface | userr: known issue, solution in /topic | 10:58 |
userr | Thanks. | 10:59 |
lts | I wonder do the installation images still contain the old key | 11:00 |
userr | I downloaded ISO few hours ago and the issue still exist. | 11:01 |
userr | Is there plan to upload rebuilt ISOs? | 11:02 |
eyalroz | @gnarface: About that link... | 11:30 |
eyalroz | I suggest editing the first post so that the instructions are easily copy-pastable into a terminal, | 11:30 |
eyalroz | rather than having the 1.-2.-3. list | 11:30 |
eyalroz | ... wait, never mind, I'm an idiot, the copy-pasting doesn't carry the numbers. | 11:31 |
Guest82 | Hi. Just trying to make fresh install of Chimaera 4 but mirror servers have problems with keyrings. Could someone advise? Thank you. | 11:41 |
lts | Guest82: topic has the solution | 11:41 |
Guest82 | Topic ok. But what about fresh install? I would like to connect server during installation process. Is it possible or after install finish I have to follow the topic? | 11:43 |
eyalroz | gce108: Maybe you could switch to a terminal during the installation and make similar keyring changes | 11:49 |
eyalroz | Oh,, I meant that for Guest82, but he left. | 11:49 |
NeonLicht | You can switch to another TTY (ALT-F2 or F3) and install the .deb package there. | 11:50 |
NeonLicht | Me too, LOL | 11:50 |
Joril | Anyway judging by #devuan-dev new ISOs are on the way | 12:06 |
mikkel-rev | Looking for ideas: I've tried to netinstall Devuan on a disk with LVM on luks. I boot from libreboot(grub), but it says my passphrase is wrong. Booting from the grub command line yields same result. I have tried to set up the disk and install twice. The keymap is correct. What should I try? | 15:20 |
fsmithred | mikkel-rev, this is a guess based on a different problem: try using only lower-case letters in the passphrase. You can change it after the install. I'm basing this on an experience I had trying to install over wireless - the installer didn't like special characters in the wireless password. | 15:27 |
mikkel-rev | fsmithred, I was unsuccessful again. I tried to set the password to the lower case letter a | 16:12 |
mikkel-rev | Any ideas for when the bootloader says the passphrase is wrong ? | 16:13 |
fsmithred | I don't have any other ideas right now. I do a lot of encrypted installs and have not run into this. Maybe something with your character set? | 16:13 |
fsmithred | are you doing the automatic partitioning for lvm or are you doing it all manually in the installer? | 16:14 |
rrq | is it a case of a spurious control-M ? | 16:14 |
fsmithred | what's that? | 16:14 |
rrq | that's when the password includes a final ^M (the old windows' line ending) | 16:15 |
rrq | try ending the inputs with ^J rather than Enter; when defining the password as well as when unlocking | 16:17 |
mikkel-rev | I don't know of this. I sometimes hit enter after input in the installer. Are you saying that the hotkey ctrl + J does the same thing, and I should use it? | 16:23 |
mikkel-rev | fsmithred, I'm doing it manually | 16:25 |
rrq | https://en.wikipedia.org/wiki/Newline | 16:35 |
mikkel-rev | let's have a look | 16:35 |
rrq | ctrl+j = LF = \n (unix) and ctrl-M = CR = \r (unix) | 16:38 |
mikkel-rev | ctrl-M = ctrl+M ? | 16:40 |
rrq | yes | 16:40 |
rrq | during boot, the keyboard "Enter" might send CR+LF = \r\n = ^M^J while the reading s/w only recognizes LF = ^J = \n | 16:41 |
mikkel-rev | i can see ctrl and j changes line in terminal. i will try it | 16:41 |
mikkel-rev | I have found out that grub doesn't recognise ctrl+j or ctrl+m. I will try to do the install again withuout using the enter key | 16:58 |
mikkel-rev | no. it still doesn't work. I also tried to do the netinstall with regular debian, and the same thing happens. | 18:07 |
mikkel-rev | Could it be that something other than PBKDF2 key derivation function is used in the installer? | 18:08 |
golinux | Maybe file a bug with Debian | 18:08 |
mikkel-rev | I have found the solution. The version of grub hosted on the ROM chip that is packaged with libreboot only supports the PBKDF2 key derivation function. After I wrote the following, it worked: | 19:32 |
mikkel-rev | cryptsetup luksConvertKey --pbkdf pbkdf2 /dev/sdX | 19:32 |
mikkel-rev | In other words, it wasn't an issue with devuan at all | 19:32 |
golinux | Thanks for the followup info. :) | 19:37 |
fsmithred | mikkel-rev, is that the same as specifying --type luks1 when you create the encrypted volume? | 20:04 |
fsmithred | or I guess --type luks2 in your case. | 20:05 |
mikkel-rev | fsmithred, I think the default for --type luks2 is the argon2i key derivation, not pbkdf2 | 20:58 |
fsmithred | thanks | 21:03 |
relaxed_guy | eyalroz: at least in the console available at the netboot, apt-get is not available. So is impossible to update the keyring. | 23:37 |
eyalroz | relaxed_guy: :-( | 23:38 |
relaxed_guy | well that's the meaning of «critical bug». ha. | 23:38 |
relaxed_guy | I guess that, for the time being, one can install debian using the netboot (with, for example, LXDE), and afterwards migrate to devuan as specified in https://www.devuan.org/os/documentation/install-guides/chimaera/upgrade-to-chimaera | 23:50 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!