00:10.01 | *** join/#devuan fsmithred (~fsmithred@68-184-46-18.dhcp.oxfr.ma.charter.com) |
00:13.39 | *** join/#devuan knidos (~knidos@85.97.168.176) |
00:21.24 | *** join/#devuan infobot (ibot@rikers.org) |
00:21.24 | *** topic/#devuan is Recent (2017-04-21 - for real now): Jessie 1.0 RC ** https://devuan.org/ discussion channel (logged at https://botbot.me/freenode/devuan - with useful 'search') | Please take off-topic conversation to #debianfork | /msg chanserv info #devuan | !listkeys #devuan <foo> | Devuan Forum: https://dev1galaxy.org/ |
00:22.38 | *** join/#devuan sundev70 (~suncode@cpe-74-65-237-133.nyc.res.rr.com) |
00:22.38 | *** join/#devuan sundev70 (~suncode@unaffiliated/suncode) |
00:23.31 | *** join/#devuan sundev70 (~suncode@cpe-74-65-237-133.nyc.res.rr.com) |
00:23.31 | *** join/#devuan sundev70 (~suncode@unaffiliated/suncode) |
00:40.03 | *** join/#devuan Xenguy (~Xenguy@unaffiliated/xenguy) |
00:43.23 | *** join/#devuan SpOOky_ (~SpOOky@188.25.222.82) |
01:18.15 | *** part/#devuan catprints (~realperso@172.58.83.230) |
01:38.59 | *** join/#devuan Humpelstilzchen (erik@x4e367d2b.dyn.telefonica.de) |
02:18.17 | *** join/#devuan TemporalBeing (~Ben_Meyer@172-6-231-225.lightspeed.tukrga.sbcglobal.net) |
02:20.28 | *** join/#devuan Katnija (~KittenGNU@unaffiliated/kittengnu) |
02:28.14 | *** join/#devuan aqu4 (~aqu4bot@unaffiliated/subsen/bot/aqu4) |
03:19.12 | *** join/#devuan Arcanos (~logan@fsf/member/lordshadowwing) |
03:19.20 | Arcanos | Hello people |
03:20.15 | Arcanos | I am considering a switch to devuan, but I am unsure of how wifi and VPN connections woudl work as I have been spoined by betworkmanager |
03:20.25 | Arcanos | spoiled by NetworkManager* |
03:22.27 | Arcanos | Also I will need iwlwifi drivers for my wifi to work, does devuan have contrib and nonfree repos? |
03:22.36 | *** join/#devuan MinceR (~mincer@unaffiliated/mincer) |
03:52.19 | *** join/#devuan SpOOky_ (~SpOOky@188.25.222.82) |
04:12.49 | *** join/#devuan Chanku (~Chanku@2602:306:32a0:d690:21b:77ff:fea3:4a99) |
04:25.01 | *** join/#devuan DocScrutinizer05 (~saturn@openmoko/engineers/joerg) |
04:27.04 | *** join/#devuan gmcastil (~user@174-16-40-57.hlrn.qwest.net) |
04:27.53 | gmcastil | im about to install windows on another partition and want to dual boot it with devuan - is the installer going to break my bootloader or is there something i can do beforehand to make the process easier? |
04:50.01 | *** join/#devuan mchasard (~pierre@89.81.23.36) |
04:51.07 | Leander_ | typically, windows overwrites the bootloader |
04:51.19 | Leander_ | it might be different with EFI, but I never tried |
04:55.35 | Leander_ | note that you can always restore grub by booting from a live CD, chrooting into your devuan installation, and running grub again (there must be many resources available online for doing it) |
04:58.40 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
05:01.18 | mchasard | hi |
05:01.52 | mchasard | devuan arm installed but keyboard stay in qwerty ...just want it azerty |
05:04.34 | gmcastil | Leander_: thanks, i'll make sure to have a live CD handy |
05:20.07 | *** join/#devuan menip (~menip@c-73-83-133-80.hsd1.wa.comcast.net) |
05:29.53 | *** join/#devuan rypervenche (~rypervenc@unaffiliated/rypervenche) |
06:03.25 | *** join/#devuan jotik (~7f000001@unaffiliated/jotik) |
06:15.25 | *** join/#devuan peetaur (~peter@p57AAAF7F.dip0.t-ipconnect.de) |
06:26.50 | *** join/#devuan zdzichu (~zdzichu@2002:b906:1d37::137) |
06:51.08 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
07:06.02 | *** join/#devuan Levure (~quassel@91.181.29.158) |
07:09.33 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
07:18.03 | *** part/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
07:18.29 | *** join/#devuan mchasard_ (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
07:32.27 | *** join/#devuan cyteen (~cyteen@58.31.7.51.dyn.plus.net) |
07:35.13 | *** join/#devuan franc1s_ (~francis@99.73.218.87.dynamic.jazztel.es) |
07:37.56 | mchasard_ | hi i install mpv but can't see the new program in the menu |
07:38.34 | mchasard_ | i have mate |
07:45.03 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
07:45.44 | parazyd | mchasard: mpv doesn't have such an interface to provice a desktop icon |
07:46.11 | parazyd | mchasard: iirc smplayer can act as a GUI for mpv |
07:46.19 | mchasard | nowever i already saw this icon in other distro |
07:46.59 | mchasard | so which player could i choose ? |
07:47.06 | mchasard | smplayer vlc mplayer ? |
07:47.20 | parazyd | you can use smplayer for mpv |
07:47.44 | mchasard | but with gui ? |
07:48.07 | parazyd | smplayer is the gui |
07:48.17 | parazyd | not a player on its own |
07:48.18 | mchasard | ok i have to test it |
07:49.34 | mchasard | which one is lighter? |
07:49.54 | parazyd | ? |
07:50.05 | mchasard | smaller |
07:50.27 | parazyd | of which? |
07:50.49 | mchasard | smplayer or vlc |
07:51.34 | parazyd | dunno, but mpv plays better than vlc for me. vlc used to have some glitches with some hd stuff |
07:51.48 | parazyd | not sure if that is the case anymore though |
07:52.06 | mchasard | ok so i have already install mpv if i install smplayer |
07:52.13 | mchasard | it should use mpv ? |
07:52.26 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-54-49.clienti.tiscali.it) |
07:52.27 | parazyd | you set it in smplayer's preferences |
07:52.47 | mchasard | hum ok |
07:52.51 | mchasard | thanks |
07:52.56 | parazyd | http://smplayer.sourceforge.net/en/mpv |
07:53.42 | mchasard | its in the package |
07:54.16 | parazyd | (this tells you how to do it) |
07:54.30 | mchasard | hum ok |
07:55.51 | *** join/#devuan level7 (~quassel@31.44.17.250) |
07:56.12 | mchasard | i just replace in settings mplayer by mpv |
07:56.20 | parazyd | yeah i guess so |
07:56.49 | mchasard | can i ask for another thing ? |
07:57.24 | parazyd | sure |
07:57.38 | mchasard | ok i "m under devuan arm recently install |
07:57.49 | mchasard | under a raspberr pi3 |
07:58.23 | mchasard | each time i 'm under a qwerty keyb |
07:58.33 | mchasard | i would like an azerty keyb |
07:59.00 | AntoFox | mchasard: you are in jessie or in ascii??? |
07:59.11 | parazyd | mchasard: use setxkbmap |
07:59.23 | mchasard | jessie i suppose |
07:59.25 | parazyd | mchasard: `setxkbmap fr` |
07:59.49 | mchasard | but i have to enter this command each reboot |
07:59.50 | parazyd | you can add the command to your bashrc to have it always |
08:00.06 | mchasard | bashrc ? where is it ? |
08:00.06 | parazyd | .profile might work too |
08:00.37 | parazyd | /etc/bash.bashrc |
08:00.47 | parazyd | or /etc/profile might be better |
08:01.05 | mchasard | i have toi create a file ? |
08:01.26 | parazyd | no it's already there |
08:01.31 | parazyd | take a look at /etc/profile |
08:01.40 | parazyd | and add setxkbmap fr to the end of it |
08:01.40 | mchasard | ok |
08:03.43 | mchasard | ok i just add this line |
08:03.49 | parazyd | yep |
08:03.53 | parazyd | the logout and login |
08:03.56 | mchasard | so after a reboot i should be in azerty ? |
08:03.56 | parazyd | then* |
08:04.00 | parazyd | yep |
08:04.07 | mchasard | cool thanks |
08:04.09 | parazyd | it takes effect every time a shell is started |
08:04.10 | mchasard | i have to test |
08:04.22 | mchasard | a shell is starting |
08:04.28 | mchasard | hum ok |
08:04.42 | mchasard | ok let me test |
08:07.24 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
08:07.35 | *** join/#devuan aitor (~aitor@229.85-84-19.dynamic.clientes.euskaltel.es) |
08:07.38 | aitor | hi |
08:07.53 | AntoFox | \o |
08:08.00 | parazyd | hi there |
08:08.04 | aitor | o/ |
08:08.11 | mchasard | sorry i just reboot and allways in qwerty |
08:10.39 | parazyd | mchasard: are you sure you added it correctly? |
08:10.53 | parazyd | mchasard: oh, another question: are you trying this in Xorg or a tty? |
08:11.00 | mchasard | yes at the end of profile file |
08:11.14 | mchasard | no |
08:12.26 | mchasard | setxkbmap fr |
08:12.37 | *** join/#devuan Irrwahn (~nobody@p579920F4.dip0.t-ipconnect.de) |
08:13.30 | parazyd | hmm that should work for ttys |
08:14.14 | mchasard | ok i 'll see later thanks |
08:20.57 | aitor | i added setxkbmap to my profile months ago because vdev changes my keyboard configuration at every reboot |
08:28.53 | *** join/#devuan Katnija (~KittenGNU@unaffiliated/kittengnu) |
08:32.58 | *** join/#devuan mns` (~devone@177.13.50.194) |
08:35.44 | DocScrutinizer05 | setxkbdmap only works under X11 |
08:36.47 | DocScrutinizer05 | it even throws error when run in a console |
08:37.53 | *** join/#devuan unpleased (~unpleased@host179-125-dynamic.54-82-r.retail.telecomitalia.it) |
08:38.46 | *** join/#devuan Irrwahn_ (~nobody@p57993C95.dip0.t-ipconnect.de) |
08:39.05 | aitor | Docscrutinizer05: i only have this issue with vdev in X11 |
08:39.39 | aitor | only in X sessions |
08:40.12 | DocScrutinizer05 | https://wiki.debian.org/Keyboard |
08:40.44 | aitor | thanks:) |
08:45.04 | *** join/#devuan Pali (~pali@Maemo/community/contributor/Pali) |
08:47.15 | DocScrutinizer05 | udev(vdev probably loads a keymapping for the kbd when detecting it, aka "hotplug" |
08:48.11 | aitor | perhaps |
08:49.48 | *** join/#devuan dev (589322e5@gateway/web/cgi-irc/kiwiirc.com/ip.88.147.34.229) |
08:50.00 | DocScrutinizer05 | actually I _think_ udev (in debian) runs some script which in turn reads out /etc/default/keyboard and sets the system wide keyboard map accordingly. No idea what vdev does |
08:50.35 | DocScrutinizer05 | anyway cat /etc/default/keyboard |
08:50.43 | DocScrutinizer05 | vi /etc/default/keyboard |
08:52.32 | DocScrutinizer05 | maybe useful: https://packages.debian.org/jessie/all/keyboard-configuration/filelist |
08:52.34 | dev | hi guys. i just instaled devuan and i cant make it to detect my wifi card (Intel 7260). Can someone help me ? I tryie to install the .ucode file but get error |
08:53.53 | aitor | i have set XKBLAYOUT to "es" |
08:53.58 | aitor | hi, dev |
08:54.16 | dev | holla |
08:55.45 | aitor | anybody knows the complete name of the founder of trisquel gnulinux? |
08:55.49 | DocScrutinizer05 | aitor: then maybe check what vdev does. And for console look into /bin/setupcon |
08:55.49 | aitor | jorge something? |
08:56.07 | aitor | ok |
08:56.57 | DocScrutinizer05 | https://packages.debian.org/jessie/console-setup |
08:57.21 | DocScrutinizer05 | seems it adds some magic to setup consoles like X11 |
08:59.33 | aitor | it's installed in my system |
08:59.44 | aitor | i added it to gnuinos server |
09:00.06 | aitor | even being for X11 |
09:00.23 | *** join/#devuan SpOOky_ (~SpOOky@188.25.222.82) |
09:00.41 | DocScrutinizer05 | dev: what been the error? and what the command that returned that error? |
09:01.19 | DocScrutinizer05 | (I can't help but others who could would need that info anyway) |
09:02.36 | aitor | be back in a few minuts |
09:03.32 | unpleased | dev: did you install firmware-iwlwifi from non-free ? |
09:04.25 | unpleased | intel 7260 should require some proprietary ucode |
09:04.48 | dev | yes |
09:05.10 | dev | from the intel site - didnt worked |
09:06.23 | unpleased | 25.30.14.0 ? |
09:06.27 | dev | even tried the .deb file from debian repository... even after the install he didnt see wlan0 ...or whatever would be called |
09:08.59 | *** join/#devuan Katnija (~KittenGNU@unaffiliated/kittengnu) |
09:11.54 | *** join/#devuan dev (589322e5@gateway/web/cgi-irc/kiwiirc.com/ip.88.147.34.229) |
09:12.42 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-58-6.clienti.tiscali.it) |
09:19.37 | *** join/#devuan Besnik_b (~Besnik@85.74.181.4) |
09:21.28 | *** join/#devuan dev (589322e5@gateway/web/cgi-irc/kiwiirc.com/ip.88.147.34.229) |
09:22.04 | unpleased | uhm .... would you mind trying a backported kernel? |
09:24.19 | dev | Seems like I finally got the wlan0 up now comes the part to connect |
09:29.20 | unpleased | linux 3.16 has been released in 2014, iwl-7000 is more recent |
09:29.31 | unpleased | https://github.com/torvalds/linux/commits/master/drivers/net/wireless/intel/iwlwifi/iwl-7000.c |
09:32.24 | *** join/#devuan Centurion_Dan (~Icedove@office.centurion.net.nz) |
09:37.05 | *** join/#devuan thijso (~thijs@109-46-132-5.ftth.glasoperator.nl) |
09:42.41 | *** join/#devuan dev (589322e5@gateway/web/cgi-irc/kiwiirc.com/ip.88.147.34.229) |
10:00.35 | *** join/#devuan aitor (~aitor@229.85-84-19.dynamic.clientes.euskaltel.es) |
10:01.01 | aitor | hi again |
10:01.23 | aitor | i'm just pushing another commit to simple-netaid-gtk |
10:01.49 | aitor | i added a build file, giving suid permissions to the wlx executable |
10:02.55 | aitor | a gtk applications is not compatible wit suid: |
10:02.56 | aitor | https://www.gtk.org/setuid.html |
10:03.39 | aitor | clone the git repository, and just run ./build |
10:04.31 | aitor | you need the backend of simple-netaid, of course: |
10:04.32 | aitor | http://packages.gnuinos.org/pool/main/s/simple-netaid/ |
10:04.51 | aitor | one clarification: i'm in ascii |
10:05.04 | aitor | maybe, it'll not work in jessie |
10:06.06 | aitor | as you can see in the code, i'm using a singleton class for some global variables, including the arguments in the command line, still not used |
10:07.25 | aitor | i started using them in a non singleton class and the args in the command line lose their values |
10:08.30 | aitor | lost :) |
10:12.42 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-50-7.clienti.tiscali.it) |
10:15.47 | aitor | i'll also add a progress bar during the connection attempt, a class named "WasteTimeWindow" |
10:16.15 | aitor | like wicd-gtk does |
10:17.56 | aitor | and a dialog giving credits to the authors of the backend |
10:18.30 | unpleased | wow ... well done ! |
10:18.43 | unpleased | but is the suid really necessary ? |
10:18.58 | aitor | yes, it's necessary |
10:19.09 | aitor | wlx runs /sbin/ip |
10:20.31 | unpleased | The code looks elegant, but when a package installs a suid I get mad |
10:21.31 | aitor | the code of gtkmm is already very elegant |
10:21.51 | aitor | even being used by a chef |
10:21.53 | aitor | lol |
10:22.30 | unpleased | ahahah |
10:22.45 | aitor | muhahaha |
10:23.03 | aitor | donde esté un "já" con acento, que se quite un -2 |
10:23.11 | aitor | que se quite un "ha" |
10:23.48 | aitor | Miguel de Cervantes Saavedra was much better than William Shakespiere |
10:24.33 | aitor | jejeje |
10:25.15 | aitor | see you later :) |
10:25.35 | unpleased | see you aitor |
10:35.54 | *** join/#devuan peetaur (~peter@p57AAAF7F.dip0.t-ipconnect.de) |
10:42.25 | *** join/#devuan cyteen (~cyteen@51.7.31.58) |
10:45.59 | *** join/#devuan DingoSaar (~hagen@pD9E09A41.dip0.t-ipconnect.de) |
10:50.28 | DocScrutinizer05 | unixman: the idea in using a backend is to allow reduced complexity so it can get audited to be safe from possible exploits when running with root permissions |
10:50.48 | *** join/#devuan unpleased (~unpleased@host179-125-dynamic.54-82-r.retail.telecomitalia.it) |
10:51.37 | DocScrutinizer05 | unpleased: ^^^ |
10:52.14 | unpleased | hey doc |
10:54.24 | DocScrutinizer05 | for messing around with network config you need the according (usually root) permissions |
10:55.01 | DocScrutinizer05 | systemd approach is to act as a server for this and other stuff, via dbus messages, AIUI |
10:56.44 | DocScrutinizer05 | when we want to get rid of systemd and dbus, we need another client-server design, and the server will need to have sufficient permissions |
10:58.15 | parazyd | >what's a FIFO pipe |
10:58.37 | DocScrutinizer05 | honest question? |
10:59.14 | parazyd | no, a response to your client-server design |
10:59.38 | DocScrutinizer05 | err |
10:59.56 | unpleased | have you considered an alternative ipc implementation to dbus? |
11:00.07 | DocScrutinizer05 | yes, FIFO ;-) |
11:00.12 | unpleased | https://github.com/openbsd/src/blob/master/lib/libutil/imsg.c |
11:00.29 | DocScrutinizer05 | pipes are the most generic IPC |
11:01.06 | unpleased | ok... but have you considered the security implications ? |
11:01.17 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-50-7.clienti.tiscali.it) |
11:01.28 | parazyd | we have XATTRS now |
11:01.33 | DocScrutinizer05 | I'm aware of the security implications. They didn't change since 50 years |
11:02.40 | KatolaZ | unpleased: have you considered the security implications of other IPC mechanisms? :) |
11:03.01 | DocScrutinizer05 | you make a backend aka server that only provides the functionality you want it to provide, and it's audited to not allow any exploits. Then you connect to that via arbitrary frontends and that's exactly what this design is meant to offer |
11:03.46 | unpleased | i've used imsg before and it's pretty hard to exploit |
11:03.47 | DocScrutinizer05 | any security issues are dealt with within the backend server |
11:04.02 | unpleased | dbus is a mess, and I'm completely in with that |
11:04.03 | DocScrutinizer05 | the IPC you use is irrelevant |
11:07.14 | DocScrutinizer05 | IOW IPC is insecure by definition |
11:08.37 | DocScrutinizer05 | that's why you use HTTPS and passwords for online banking. The server can't verify via the communication channel that the client is not tampered |
11:09.22 | DocScrutinizer05 | it's the duty of the server side to implement whatever level of security you need |
11:11.00 | unpleased | it's not me saying that using setuid/setgid binaries is a bad idea |
11:11.00 | unpleased | https://www.udayton.edu/udit/_resources/documents/security/MacSecurityGuide.pdf |
11:11.00 | unpleased | https://filippo.io/escaping-a-chroot-jail-slash-1/ |
11:11.45 | DocScrutinizer05 | well, this is a good statement, for people who don't understand security |
11:12.09 | DocScrutinizer05 | you can't build a /bin/su that is _not_ SUID |
11:12.35 | unpleased | It is possible for some minor security vulnerability to be introduced by setting the setuid bit for some programs. |
11:12.49 | DocScrutinizer05 | unless you use some client-server concept where su delegates the task to sth like systemd |
11:12.56 | parazyd | that's why you drop root when you don't need it |
11:13.19 | unpleased | anyway, I have to go 4 lunch, brb asap |
11:14.56 | Enrico_Menotti | Some problems here with selinux. Still on the n900. Seems that it is not enabled in the kernel (/sys/fs/selinux does not exist). But something tries anyway to mount it. I did a workaround by creating /selinux, so that selinux is mounted there. This eliminates warnings, but anyway now I'd remove completely selinux, since I don't need it. |
11:15.15 | Enrico_Menotti | I tried apt-get purge libselinux1, but I meet dependences which I don't understand. |
11:15.22 | *** join/#devuan DingoSaar (~hagen@pD9E09A41.dip0.t-ipconnect.de) |
11:15.53 | DocScrutinizer05 | and as I already elaborated, it's all about auditing the SUID executable to be free of exploits. That's btw the reason why nobofy wants busybox su since it would need whole busybox binary to run SUID and it's common sense that this is a nogo due to that shell being too complex to audit it |
11:17.16 | Enrico_Menotti | The following packages have unmet dependencies: |
11:17.16 | Enrico_Menotti | <PROTECTED> |
11:17.16 | Enrico_Menotti | <PROTECTED> |
11:17.17 | Enrico_Menotti | <PROTECTED> |
11:17.18 | Enrico_Menotti | <PROTECTED> |
11:19.57 | *** join/#devuan djph (~dpurgert@104-57-151-177.lightspeed.bcvloh.sbcglobal.net) |
11:22.57 | Centurion_Dan | Enrico_Menotti: what version are you working on. |
11:23.22 | Enrico_Menotti | Version of what? selinux? |
11:23.55 | Centurion_Dan | libselinux is required regardless of whether selinux is installed. If something is mounting selinux then that means you |
11:24.08 | Centurion_Dan | have installed an selinux related daemon... |
11:25.21 | Enrico_Menotti | libselinux is version 2.3-2. |
11:26.22 | Enrico_Menotti | Yes, I installed something related to selinux, but I already had the mount problem just after having debootstrapped Devuan. I tried to install selinux to solve the issue. Now I know I don't need it and I'd like to remove it. |
11:26.48 | Enrico_Menotti | So libselinux is required also for other things, apart from selinux itself? |
11:30.07 | Centurion_Dan | lots of stuff is built with selinux support and thus requires libselinux around. do you have any custom packages? |
11:31.51 | Centurion_Dan | <PROTECTED> |
11:32.38 | Enrico_Menotti | No, it's a very base system, I didn't install about anything after having debootstrapped it. Just tried to install selinux to solve that problem. |
11:33.47 | Enrico_Menotti | Seems that, if /sys/fs/selinux is not found, the system reverts back to the old behaviour of mounting selinux on /selinux (I may be wrong, though). |
11:35.51 | Centurion_Dan | what do you get from `dpkg -l *selinux*` |
11:36.08 | Centurion_Dan | that should find most of the direct selinux related packages... |
11:36.51 | *** join/#devuan DingoSaar_ (~hagen@pD9E09A41.dip0.t-ipconnect.de) |
11:37.50 | Enrico_Menotti | dpkg-query: no packages found matching selinux |
11:41.07 | rrq | star selinx star |
11:42.15 | DocScrutinizer05 | unpleased: how's https://filippo.io/escaping-a-chroot-jail-slash-1/ related to SUID? |
11:43.20 | Enrico_Menotti | rrq Yes, *selinux* |
11:44.39 | KatolaZ | Enrico_Menotti: use quotes |
11:45.44 | DocScrutinizer05 | dpkg -l '*selinux*' |
11:45.51 | Enrico_Menotti | Ok. |
11:46.43 | unpleased | Without the usage of a mac framework for mitigating the applications capabilities, each and every vulnerability of a setuid/setgid binary, is comparable to having a compromised root binary, with all the consequences of the case, including sandbox escape, chroot compromise, etc. |
11:46.43 | unpleased | e.g.: payload -> setuid() -> reverse shell -> root remote exec vuln |
11:47.10 | unpleased | Very important files may be deleted, moved, or copied to places they should not be copied if a vulnerability in a program with such capabilities is exploited when the program file is setuid root. |
11:47.11 | DocScrutinizer05 | so? |
11:48.49 | DocScrutinizer05 | [2017-04-29 Sat 13:15:53] <DocScrutinizer05> and as I already elaborated, it's all about auditing the SUID executable to be free of exploits. |
11:49.01 | *** join/#devuan Lydia_K (~Lydia_K@li328-145.members.linode.com) |
11:50.06 | Enrico_Menotti | dpkg -l '*selinux*' worked. Anyway, meanwhile I did apt-get purge selinux-basics selinux-policy-default auditd. Now what I get from dpkg -l '*selinux*' is that only libselinux1 is installed. Anyway, let me try to boot again in Devuan and see whether the system complains about being unable to mount selinux. |
11:50.43 | unpleased | an ipc framework instead expose only the api of its framework, drastically decreasing the attack surface. this doesn't happen with dbus, because it's needlessly incredibly complex (not to mention kdbus), but alternative ipc implementations are offering a more secure alternative to both setuid binaries and dbus. |
11:51.10 | DocScrutinizer05 | sorry, this is snake oil |
11:51.37 | unpleased | ok |
11:52.21 | Enrico_Menotti | mount failed for selinux on /sys/fs/selinux: no such file or directory |
11:53.06 | DocScrutinizer05 | [2017-04-29 Sat 13:03:00] <DocScrutinizer05> you make a backend aka server that only provides the functionality you want it to provide, and it's audited to not allow any exploits. Then you connect to that via arbitrary frontends and that's exactly what this design is meant to offer |
11:53.41 | DocScrutinizer05 | [2017-04-29 Sat 13:07:14] <DocScrutinizer05> IOW IPC is insecure by definition |
11:54.57 | DocScrutinizer05 | a "more secure" IPC makes it harder to exploit the backend, but doesn't fundamentally change things, just increases the amount of knowhow the attacker needs |
11:55.43 | DocScrutinizer05 | thus putting focus on IPC "security" is a distraction |
12:05.22 | unpleased | It is quite well known why having setuid binaries is a bad habit. Not only are many security experts saying that it's a bad idea, but I also have attached an nsa document that explicitly highlights "bugs in these programs can allow priviledge escalation attacks." Free to use fifo + suid, but I'm not going to use that software. |
12:06.04 | unpleased | You can tell me this is snake oil for how many times you feel it's needed. |
12:15.15 | *** join/#devuan bluemarlin (~marek@ip-89-103-101-135.net.upcbroadband.cz) |
12:15.26 | *** join/#devuan franc1s_ (~francis@99.73.218.87.dynamic.jazztel.es) |
12:15.32 | bluemarlin | hi there |
12:15.55 | Enrico_Menotti | bluemarlin Hi! |
12:16.33 | bluemarlin | Enrico_Menotti: hey, finally got that devuan installed? :) |
12:17.00 | Enrico_Menotti | I have it installed on my old laptop. |
12:17.14 | Enrico_Menotti | I am now trying to set it up for the n900. |
12:17.19 | Enrico_Menotti | Not really installing it - just booting. |
12:17.31 | Enrico_Menotti | (Flashing is something I will think about later.) |
12:18.04 | bluemarlin | ahh n900 and n950 - what glorius devices |
12:18.12 | Enrico_Menotti | :) |
12:18.49 | bluemarlin | too bad that just months after their release, microsoft planted their cuckoo into nokia leadership |
12:18.58 | fbt | unpleased, it's the same with a daemon that runs as root and takes user input |
12:19.10 | fbt | There is no difference *in principle*, only in design |
12:19.43 | fbt | A suid bit executable can be very restrictive and neat with its handling of user input. So can be a daemon. |
12:19.55 | fbt | Both can have errors in handling said input |
12:20.34 | fbt | Security isn't as simple as âdon't use X, it's badâ |
12:22.19 | DocScrutinizer05 | unpleased: make sure your /bin/su executable is not +s! ;-P |
12:22.29 | fbt | Also sudo. |
12:22.37 | fbt | Or doas. |
12:23.17 | fbt | I get that suid bit should be used sparingly. But so should any technique allowing escalation. |
12:23.32 | DocScrutinizer05 | indeed |
12:23.43 | unpleased | This doesn't mean I need a netaid with +s |
12:24.08 | DocScrutinizer05 | as I said: "don't use suid" is a good advice for those not understanding security concepts |
12:25.04 | DocScrutinizer05 | judging about whether a /bin/su is safe with suid, and a /bin/netaid is not... is beyond the sciope of those users though, in my book |
12:25.23 | fbt | Both are inherently unsafe |
12:25.28 | DocScrutinizer05 | yep |
12:25.32 | fbt | You're *allowing privilege escalation* |
12:25.45 | fbt | Both approaches require you to be *extremely* careful |
12:26.16 | fbt | s/Both/All relevant/ |
12:26.52 | fbt | What I mean is the only way to be relatively sure your users can't escalate is never put such logic in to begin with |
12:27.18 | DocScrutinizer05 | it's an immanent requirement of doing root level stuff that you take care about security |
12:27.30 | fbt | On my machines btw both su and sudo also require you to be in a special group to even execute them |
12:27.47 | fbt | Just an extra layer of padding there |
12:28.27 | fbt | I mean if you don't have any privileges in sudoers and no one gave you the root pass, why would you even need access to privilege escalation tools? |
12:29.04 | DocScrutinizer05 | not on debian where you need *user* password for sudo |
12:29.14 | DocScrutinizer05 | failwale |
12:30.13 | fbt | I'm fine with sudo requiring the user's password |
12:30.21 | fbt | It makes sense. |
12:30.48 | fbt | BTW I've never thought of this. Is there a way to have a separate password for sudo? |
12:30.59 | fbt | As in unique per user AND not the main pass? |
12:31.23 | fbt | Oh, right, it all goes through PAM |
12:31.35 | fbt | Definitely possible then |
12:31.57 | fbt | https://unix.stackexchange.com/questions/94626/set-sudo-password-differently-from-login-one |
12:32.00 | DocScrutinizer05 | first thing to patch in etc/sudoers: sed -e "s/Defaults env_reset/Defaults env_reset\nDefaults targetpw/;\ s+user ALL = NOPASSWD: /usr/sbin/gainroot+user ALL = PASSWD: /usr/sbin/gainroot+" \ |
12:33.58 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-50-7.clienti.tiscali.it) |
12:35.28 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
12:41.12 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
12:41.53 | *** join/#devuan aitor (~aitor@229.85-84-19.dynamic.clientes.euskaltel.es) |
12:42.01 | aitor | interesting |
12:43.41 | unpleased | I'm in a hurry to do so :P |
12:44.07 | mchasard | hi |
12:46.08 | unpleased | hello mchasard |
12:46.29 | DocScrutinizer05 | fbt: thanks for the link :-) |
12:46.47 | fbt | Eh np. First google result too :D |
13:01.18 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
13:01.53 | bluemarlin | what machine is running git.devuan.org ? i find the responses terribly slow - all the time |
13:06.41 | *** join/#devuan Xenguy (~Xenguy@unaffiliated/xenguy) |
13:08.21 | KatolaZ | bluemarlin: we will be migrating it soon |
13:12.15 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
13:13.43 | mchasard | i have mate and all seems to be great in keyboard setting |
13:13.50 | DocScrutinizer05 | btw if you feel that religious about +s, simply move the incriminated binary to /usr/local/bin, chmod -s, and write a wrapper script in original place and name of the binary in which you use sudo to start the binary with root privileges. Doesn't change a single thing about threat vectors or how stuff works, just avoids using the simple to understand and administrate +s permission flag |
13:14.26 | *** join/#devuan knidos (~knidos@85.97.168.176) |
13:15.05 | bluemarlin | DocScrutinizer05: wouldn't that be overriden with each package update? |
13:15.24 | DocScrutinizer05 | sure |
13:15.53 | DocScrutinizer05 | religion doesn't come for free ;-) |
13:16.01 | bluemarlin | hah :D |
13:17.03 | unpleased | Thanks for the hint, probably I will simply avoid the package |
13:18.07 | MinceR | :) |
13:19.02 | DocScrutinizer05 | you're of course free to do that, and when you don't need interactive network management you probably should. If however you do need to set up WiFi or network, you will need some root permission in parts of the gear accomplishing the task for you |
13:20.24 | DocScrutinizer05 | and "having root permissions" is all that +s is all about |
13:21.56 | DocScrutinizer05 | no matter if the process achieved root permissions via +s, via sudo, or via parent process which already had those permissions, the effect is always the same, incl all risks |
13:22.18 | Enrico_Menotti | I'm trying to find a way to get on a log (or on console) the names of init scripts which are executed right before their messages, so to find which init script tries to mount selinux. Any idea? |
13:23.50 | KatolaZ | Enrico_Menotti: there is no need to do that |
13:24.01 | KatolaZ | init script are executed in alphabetical order |
13:24.20 | KatolaZ | they are all inside /etc/init.d |
13:24.21 | Enrico_Menotti | Yes, but I need to find which one tries to mount selinux. |
13:24.36 | KatolaZ | then grep inside the rc.S dir |
13:24.41 | KatolaZ | or inside rc2.d |
13:25.13 | *** join/#devuan DPA (~irc@75-128-16-94.static.cable.fcom.ch) |
13:25.22 | Enrico_Menotti | Ok. I'll try. |
13:25.34 | DocScrutinizer05 | grep -R selinux /etc |
13:26.47 | DocScrutinizer05 | sorry, grep -R selinux /etc 2>/dev/null |
13:31.39 | *** join/#devuan amdgoon_ (~amdgoon@002129a181f5.cpe.westmancom.com) |
13:31.46 | bluemarlin | any place i can find the devuan artwork files? |
13:32.33 | bluemarlin | nvm found it |
13:34.03 | Enrico_Menotti | The grep worked, but there's some confusion. It'd be easier if I could have a "live" indication of where (when) selinux is tried to be mounted. |
13:35.33 | *** join/#devuan level7_ (~quassel@31.44.17.250) |
13:36.11 | bluemarlin | Enrico_Menotti: you should be able to read all that from /etc/init.d/ and /etc/rc.d/ folders |
13:36.55 | Enrico_Menotti | bluemarlin I think at some point libselinux1 is called. I find it hard to find out where. |
13:37.06 | DocScrutinizer05 | add an echo (or logger) line to the init script just before and after the mount command |
13:38.44 | bluemarlin | i have no idea why you do what you do - but perhaps looking at all the services that are really started in appropriate /etc/rc.d/ folder and then looking at their package dependencies will identify it? |
13:41.27 | Enrico_Menotti | DocScrutinizer05 Yes, I was trying to find out how to do that. Just don't know where. Which init script? |
13:44.05 | DocScrutinizer05 | well, prolly the approach is odd. I never looked into selinux details, but it's a kernel module |
13:44.53 | DocScrutinizer05 | >>SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions<< |
13:46.25 | DocScrutinizer05 | maybe the task >>I need to find which one tries to mount selinux.<< needs clarification |
13:47.44 | *** join/#devuan franc1s_ (~francis@99.73.218.87.dynamic.jazztel.es) |
13:48.08 | Enrico_Menotti | selinux seems to be disabled in the kernel (if I pass to the kernel the parameter selinux=0, as it has been suggested to me on #selinux, nothing happens). But somewhere the system tries to mount selinux on /sys/fs/selinux. This path does not exist, so I get a warning. A workaround is to create /selinux, so the system mounts there. But this does not disable selinux, as I'd like to do. So I'm trying to find out what |
13:48.09 | Enrico_Menotti | <PROTECTED> |
13:48.27 | KatolaZ | Enrico_Menotti: it's just a warning? |
13:49.33 | Enrico_Menotti | KatolaZ Well, it doesn't stop booting. But I don't think this to be a good reason to let it stay there... |
13:49.41 | KatolaZ | uh??? |
13:49.43 | KatolaZ | o_O |
13:49.53 | KatolaZ | so you don't have selinux enabled |
13:50.05 | KatolaZ | there is a warning saying that something cannot mount selinux somewhere |
13:50.06 | Enrico_Menotti | No, I don't think so. |
13:50.10 | DocScrutinizer05 | Enrico_Menotti: selinux is built into the kernel (or not). Mounting to /sys/fs/selinux is independent of that |
13:50.22 | KatolaZ | what are you concerned about? |
13:51.13 | Enrico_Menotti | KatolaZ selinux should not be mounted at all, if it is disabled, right? |
13:51.21 | DocScrutinizer05 | either you got that commandline in initscripts trying that mount, or it's in your fstab. wherever it is, comment it out if you don't like the warning |
13:51.29 | Enrico_Menotti | Creating a /selinux empty dir just to avoid the warning is just a workaround. |
13:51.29 | KatolaZ | I miss to see the point |
13:52.39 | Enrico_Menotti | DocScrutinizer05 Right. But how to find where it is? It's a bit tricky to me. |
13:53.15 | DocScrutinizer05 | Enrico_Menotti: the init scripts simply don't check if selinux is available before they try to mount that fs to the mountpoint, accepting that on systems without selinux this would result in a warning. Nothing bad about it |
13:54.30 | Enrico_Menotti | ... |
13:58.42 | DocScrutinizer05 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734454 maybe helps to find starting points where and what to look for |
14:00.00 | DocScrutinizer05 | https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=734454;filename=selinux.patch;msg=10 |
14:01.19 | *** join/#devuan cyteen (~cyteen@58.31.7.51.dyn.plus.net) |
14:03.36 | *** join/#devuan g0d355__ (~lmao@104.131.75.159) |
14:24.25 | DocScrutinizer05 | Enrico_Menotti: as for >>So I'm trying to find out what program is trying to mount selinux.<< I'd bet on that progtam being `mount` |
14:25.39 | bluemarlin | lol yea... enrico you checked /etc/fstab for any selinux mounts, right |
14:26.08 | DocScrutinizer05 | can't you grep for (significant part of) the exact text of the warning you get? |
14:27.41 | DocScrutinizer05 | or, in case the warning is from mount binary itself, just do a `grep -R selinux /etc` and see which is the location that mounts it |
14:28.33 | DocScrutinizer05 | also see what I and bluemarlin ^^^ suggested |
14:28.52 | bluemarlin | for f in $(ls -l /etc/rc5.d/S0* | awk '{ print $11; }'); do p=$(dpkg -S /etc${f#..}); apt-cache showpkg ${p#:*} | grep -i libselinux >/dev/null && echo $f; done |
14:29.04 | bluemarlin | dirty script for which service file could possibly use selinux :D |
14:29.33 | bluemarlin | don't shoot me for that rubbish :D |
14:29.59 | KatolaZ | bluemarlin: except the default runlevel in Debian is 2, since 1999..... |
14:30.01 | KatolaZ | :P |
14:30.11 | bluemarlin | ah, he's on 2 .. nvm :D |
14:30.15 | KatolaZ | :D |
14:30.28 | KatolaZ | and selinux should be started in rcS.d |
14:31.21 | Enrico_Menotti | Nothing in fstab. |
14:34.46 | DocScrutinizer05 | paste the dang warning message! |
14:35.27 | DocScrutinizer05 | incl +-5 lines context |
14:39.48 | Enrico_Menotti | Cannot paste - it's not reported on the logs and I still don't have network access from Devuan. |
14:40.00 | bluemarlin | take a photo |
14:40.08 | bluemarlin | or video if it's too quick |
14:40.23 | bluemarlin | weird it's not in logs though |
14:40.50 | bluemarlin | you grepped /var/log for that mount point? :P |
14:41.35 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-50-7.clienti.tiscali.it) |
14:42.38 | Enrico_Menotti | Let me try. |
14:44.40 | bluemarlin | (wouldn't work with systemd ingenious binary logging) |
14:46.42 | Enrico_Menotti | Tried to grep /var/log for selinux. Nothing. |
14:52.53 | *** join/#devuan amdgoon (~amdgoon@002129a181f5.cpe.westmancom.com) |
14:57.02 | *** join/#devuan zono50 (~zono50@67-197-149-18.fttp.sta.comporium.net) |
14:58.32 | DocScrutinizer05 | grep -R -C3 'selinux' /etc|grep -C3 'mount' |
15:00.02 | DocScrutinizer05 | oh uh! maybe in initrd? |
15:00.21 | DocScrutinizer05 | or did you say you don't have any? |
15:00.21 | Enrico_Menotti | No initrd. |
15:00.48 | rrq | Enrico_Menotti: as far as I could gather from a bit of googling, it's actually the libselinux1 library at some version (I think it was 2.1 roughly) that had that problem when booting without initrd... |
15:01.20 | KatolaZ | rrq: guys we are talking about a _warning_, not a problem |
15:01.34 | KatolaZ | it's somebody in Enrico_Menotti's system which tries to mount selinux |
15:01.38 | KatolaZ | and since selinux is disable |
15:01.41 | KatolaZ | it cannot mount it |
15:01.44 | KatolaZ | this is not a problem |
15:01.47 | KatolaZ | this is *normal* |
15:02.03 | KatolaZ | if you stick a USB drive in your laptop |
15:02.11 | KatolaZ | you get plenty of kernel warnings |
15:02.21 | KatolaZ | from all the modules which are trying to mount that FS |
15:02.21 | DocScrutinizer05 | yes, we had that :-) |
15:02.30 | KatolaZ | these are not *problems* |
15:02.34 | KatolaZ | these are *messages* |
15:02.41 | DocScrutinizer05 | yep :-) |
15:02.57 | rrq | sure. |
15:03.00 | DocScrutinizer05 | even worse: it's in none of the logs |
15:03.07 | DocScrutinizer05 | :-P |
15:03.24 | *** join/#devuan unpleased (~unpleased@host179-125-dynamic.54-82-r.retail.telecomitalia.it) |
15:03.41 | DocScrutinizer05 | might as well be from kernel probing random modules ;-) |
15:05.01 | DocScrutinizer05 | honestly, when there's not even a forensic evidence on the system about a supposedly showing WARNING during init... who cares? |
15:05.46 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
15:06.33 | DocScrutinizer05 | I'm just genuinely curious how Enrico_Menotti made his system spit that warning |
15:07.13 | Enrico_Menotti | DocScrutinizer05 This warning came also in parazyd's image, when I booted that with the kernel provided by him and freemangordon. |
15:07.43 | Enrico_Menotti | There was also a hang of 30 seconds, but this morning, thanks to parazyd's help, I managed to eliminate it. |
15:08.29 | DocScrutinizer05 | warnings are meaningless. You look at them and decide if they are to be ignored or not. if yes, just do so: ignore them |
15:08.44 | *** join/#devuan amdgoon (~amdgoon@merlin-bu-ptp-74.merlin.mb.ca) |
15:11.10 | *** join/#devuan Sudos|U10 (~Ultra10@unaffiliated/sudos) |
15:14.03 | DocScrutinizer05 | just a thought: what means "I booted that [parazyd's image] with the kernel provided by him and freemangordon" ? Isn't the kernel supposed to be *included* in the image? |
15:15.15 | *** join/#devuan k0nsl (~k0nsl@feel.the.power.feel.the.k3k.su) |
15:15.15 | *** join/#devuan k0nsl (~k0nsl@unaffiliated/k0nsl) |
15:17.02 | DocScrutinizer05 | I also missed the solution to the 30s delay issue |
15:31.21 | *** join/#devuan furrywolf (~randyg@172.56.38.18) |
15:43.16 | *** join/#devuan snux (~snux@net-47-53-51-79.cust.vodafonedsl.it) |
15:48.16 | *** join/#devuan peetaur (~peter@p57AAAF7F.dip0.t-ipconnect.de) |
15:51.56 | *** join/#devuan hightower3 (~hightower@146-89.dsl.iskon.hr) |
16:06.10 | *** join/#devuan menip (~menip@c-73-83-133-80.hsd1.wa.comcast.net) |
16:16.26 | *** join/#devuan IoFran (~Icedove@189.231.74.45) |
16:20.43 | aitor | hi |
16:21.36 | golinux | Hi aitor |
16:21.55 | aitor | :) |
16:25.28 | aitor | i'm writing a post in the forum of bunsenlabs |
16:26.07 | aitor | i wrote there in the past |
16:29.47 | golinux | OK |
16:30.15 | *** join/#devuan DingoSaar (~hagen@pD9E09A41.dip0.t-ipconnect.de) |
16:39.00 | fsmithred | I expect they will be nicer than that other place you posted. |
16:39.33 | aitor | https://forums.bunsenlabs.org/viewtopic.php?pid=50120#p50120 |
16:40.14 | aitor | i can't understand it, fsmithred |
16:40.28 | fsmithred | neither could I |
16:40.36 | fsmithred | was a good discussion |
16:41.35 | aitor | i would like to talk with the administrators |
16:41.53 | fsmithred | there should be a contact email somewhere |
16:42.01 | fsmithred | or pm within the forum |
16:42.24 | fsmithred | or a 'Report this thread' button! |
16:42.47 | aitor | hola: Veteran Unix Admins |
16:43.04 | aitor | can you spell "j" |
16:43.37 | aitor | can you spell: |
16:43.47 | aitor | ese Jorge |
16:44.12 | aitor | le tiraré de las orejas... |
16:44.17 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-42-90.clienti.tiscali.it) |
16:45.06 | aitor | and what about the "ñ"? |
16:45.35 | aitor | mañana le tiraré de las orejas... |
16:48.37 | aitor | jeje |
16:50.01 | aitor | brb |
16:52.14 | lowee[m] | i copy paste to spell that :) |
16:52.19 | bluemarlin | just a suggestion: enable ssl on emails sent from dev1galaxy, gmail complains :) |
16:53.39 | lowee[m] | gmail complains about everything |
16:54.25 | lowee[m] | ( still a good suggestion imo :) ) |
16:58.09 | bluemarlin | since the website already is https, it should be super easy ... well with postfix it is. |
16:59.24 | bluemarlin | certs are already installed |
16:59.50 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
17:02.21 | *** join/#devuan DingoSaar (~hagen@pD9E09A41.dip0.t-ipconnect.de) |
17:05.56 | *** join/#devuan Katnija (~KittenGNU@unaffiliated/kittengnu) |
17:08.05 | *** join/#devuan franc1s_ (~francis@99.73.218.87.dynamic.jazztel.es) |
17:22.38 | Enrico_Menotti | DocScrutinizer05 Sorry for haven't answered to your last questions - I left my computer for a while and went out for a walk. |
17:24.00 | *** join/#devuan dptech (~dptech@can06-1-82-242-223-39.fbx.proxad.net) |
17:24.09 | *** join/#devuan DingoSaar (~hagen@pD9E09A41.dip0.t-ipconnect.de) |
17:26.52 | Enrico_Menotti | About kernel and system image: some weeks ago parazyd gave me an (iso, I think) image to write to sd card (by dd). That only contained the file system. Also, he gave me a zImage with the kernel. By booting the kernel and passing to it as init the path to the sd card partition containing the file system, I got the selinux warning and the 30 seconds delay after that. |
17:27.01 | *** join/#devuan DingoSaar (~hagen@pD9E09A41.dip0.t-ipconnect.de) |
17:29.50 | Enrico_Menotti | The solution to the 30 s issue: first I isolated the problem. By booting into init=/bin/bash, and from there starting /sbin/init, I realised the problem to be confined to /sbin/init (the delay appears after the shell appears). Then I investigated a bit (don't remember all passages) and, by disabling udev (update-rc.d udev disable), I found out the delay to disappear (but the system didn't boot fully to login prompt). |
17:29.50 | Enrico_Menotti | <PROTECTED> |
17:32.05 | *** part/#devuan franc1s_ (~francis@99.73.218.87.dynamic.jazztel.es) |
17:32.30 | Enrico_Menotti | Now I had to debug udev - this involves changing its config file (/etc/udev/udev.conf) and putting in there udev_log="debug". However, this didn't work with the udev coming with Devuan. I had to download separately the udev from Debian Wheezy and reinstall it, and in this way I got a log. |
17:32.57 | *** join/#devuan OxFEEDBACC (~what@89.204.130.250) |
17:32.57 | *** join/#devuan OxFEEDBACC (~what@unaffiliated/oxfeedbacc) |
17:35.04 | Enrico_Menotti | The log was saying that net.agent produces a timeout. I googled a bit, and found that net.agent waits for the loopback lo to rise. Probably this does not happen due to the missing initrd. |
17:38.12 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
17:38.46 | Enrico_Menotti | At this point I had a talk in pvt with parazyd. He suggested to disable udev, and put the following in /etc/fstab: devtmpfs /dev devtmpfs mode=0755,nosuid 0 0. I don't get all details, but I think this allows devices to be temporarily mounted independent of udev. (udev is not needed for hotplug on an n900.) This solved the 30 seconds issue and allowed a fine boot. |
17:41.23 | *** join/#devuan catprints (~realperso@172.58.83.197) |
17:48.39 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-42-90.clienti.tiscali.it) |
17:55.20 | *** join/#devuan aitor (~aitor@229.85-84-19.dynamic.clientes.euskaltel.es) |
17:55.25 | aitor | hi |
17:55.52 | aitor | here you are a post about devuan in the forum of bunsenlas: |
17:55.54 | aitor | https://forums.bunsenlabs.org/viewtopic.php?id=3632 |
17:56.28 | Enrico_Menotti | After digging a bit, I found /etc/init.d/rc. At the beginning I read: |
17:56.30 | Enrico_Menotti | # Un-comment the following for interactive debugging. Do not un-comment |
17:56.30 | Enrico_Menotti | # this for debugging a real boot process as no scripts will be executed. |
17:56.30 | Enrico_Menotti | # debug=echo |
17:56.47 | Enrico_Menotti | I tried to uncomment but nothing happens. |
18:03.32 | golinux | Enrico_Menotti: You made the changes as root? |
18:04.57 | *** join/#devuan gnarface (~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net) |
18:05.12 | Enrico_Menotti | Yes. |
18:13.36 | *** join/#devuan sqrt (~sqrt@ppp83-237-63-101.pppoe.mtu-net.ru) |
18:16.02 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
18:26.04 | *** join/#devuan aitor (~aitor@229.85-84-19.dynamic.clientes.euskaltel.es) |
18:26.08 | aitor | hi |
18:28.15 | aitor | i wrote shakespiere above, and it's Shakespeare :) |
18:28.55 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
18:30.59 | DocScrutinizer05 | shake spear? |
18:33.48 | DocScrutinizer05 | or a pear shake? |
18:39.48 | aitor | lol:) |
18:41.08 | aitor | Charles Shackends or William Dickens? |
18:41.09 | zono50 | shaken, not stirred spear |
18:42.30 | aitor | what a mess |
18:55.55 | MinceR | shakesPierre |
18:59.50 | lowee[m] | hey uhm, why does grub-update say unknown linux distribution when it is freebsd ? :g |
19:02.55 | Enrico_Menotti | I tried man init and it is for systemd. ??? |
19:03.48 | KatolaZ | Enrico_Menotti: what system are you running??? |
19:04.28 | Enrico_Menotti | It's the Devuan I debootstrapped for the n900. Let me try on the laptop. |
19:04.42 | bluemarlin | definetly got the right man page on my devuan |
19:05.18 | Enrico_Menotti | Yes, on my laptop it is correct. |
19:05.38 | Enrico_Menotti | Sorry, I think I'm wrong on the n900. My mistake, probably. Let me check again. |
19:06.28 | Enrico_Menotti | No, I did it wrong, sorry again, really. I forgot to do a chroot. |
19:06.34 | *** join/#devuan Akuli (~Akuli@mobile-access-5d6aa6-170.dhcp.inet.fi) |
19:06.37 | Enrico_Menotti | Now I got the right manpage. |
19:06.43 | *** join/#devuan BluRaf (rafal@kolucki.pl) |
19:47.34 | *** join/#devuan greenjeans (~greenjean@172.76.102.39) |
19:51.51 | *** join/#devuan atrapado_ (~atrapado@unaffiliated/atrapado) |
20:01.43 | greenjeans | hey folks, having a minor issue with one of my projects, shutdown usually is lightning fast, but started getting this hitch of a few seconds in the process and an error message, if anybody has a sec to take a quick peek at the picture i took and maybe point me in the right direction it would be greatly appreciated: http://oi65.tinypic.com/20z450h.jpg |
20:05.21 | greenjeans | stops for a few seconds right after "asking all remaining processes to terminate....done", then spits out that tree and the fail message and then goes ahead and shuts down |
20:07.09 | sqrt | hm. Looks like rsyslog doesn't want to stop |
20:08.18 | sqrt | do you have some kind of custom configuration of it? Maybe pushing logs into database? |
20:12.28 | greenjeans | no custom config of rsyslog that I know of, but the whole project has a ton of modding done to it. It does seem to be somewhat log-happy that's for sure. |
20:15.12 | greenjeans | This is a snapshotted-then-installed-version made from a running system that I use for a "build" partition, and this error doesn't occur in the original |
20:15.36 | greenjeans | Possibly something I excluded when I ran snapshot |
20:16.07 | greenjeans | I generally always exclude all of var/log when I run a snapshot |
20:16.47 | sqrt | maybe there's some kind of stuff that prevents it from stoping in /run |
20:17.24 | sqrt | I'd suggest stopping rsyslog, removing /run/rsyslog.pid, if it persists in /run |
20:17.33 | sqrt | and the starting it again |
20:18.43 | sqrt | rsyslogd.pid* |
20:24.17 | greenjeans | gotcha, will give that a try |
20:30.02 | fsmithred | greenjeans, does it usually work when you exclude all of /var/log? |
20:31.24 | greenjeans | yeah, always has before with the mate iso's, but the vuu-do re-spins of Miyo are pretty radically different from standard Devuan |
20:32.02 | greenjeans | don't know if excluding the log files would have anything to do with it, but thought i'd throw it out there |
20:32.31 | fsmithred | I think we added some code to the script that leaves a few empty log files in place. |
20:33.15 | greenjeans | It seems to have no problem re-generating all the logs |
20:33.46 | fsmithred | you're in jessie? |
20:34.14 | greenjeans | well the whole thing is based on jessie |
20:34.21 | greenjeans | so yeah I guess |
20:34.39 | fsmithred | just checking. rsyslog in ascii is not working |
20:34.50 | fsmithred | not sure if it's installable |
20:35.43 | greenjeans | another weird anomaly I noticed in that same installed re-spin, it had extra versions of etc/inittab |
20:36.26 | fsmithred | maybe from messing with console autologin? |
20:36.37 | fsmithred | in the installer |
20:37.18 | greenjeans | the old ones from the original Miyolinux install, and the one from the change to "guest" as user, they were renamed by adding a date and another number to the filenames |
20:37.34 | fsmithred | date and time, I think |
20:37.49 | greenjeans | ahh yes |
20:38.07 | greenjeans | and I think they correspond to install date/time |
20:38.13 | fsmithred | yeah |
20:38.51 | fsmithred | are you using console autologin in this install? |
20:39.14 | greenjeans | no, I left the default which is to disable |
20:39.48 | fsmithred | ok, so your inittab is the original, without autologin. You can get rid of all the extras. |
20:40.26 | greenjeans | Sweet, you know how I love to delete things ;) |
20:41.01 | greenjeans | about to finish with beta of Vuu-do, that shutdown thing is the last thing holding me up |
20:41.24 | *** join/#devuan IoFran (~Icedove@187.210.247.97) |
20:42.02 | golinux | greenjeans: Isn't not being able to shut down a problem with systemd? |
20:43.26 | greenjeans | oh it shuts down, does it really fast in fact other than this little glitch, which only really adds about 2-3 seconds to shutdown time, but i'm a Virgo so little nitpicky stuff gets under my skin like that, lol |
20:44.41 | golinux | OCD works for me. |
20:45.29 | greenjeans | i registered a git account, I was shamed into it by Katolaz ;) |
20:45.56 | greenjeans | Going to try re-packaging os-prober if nobody else does |
20:46.23 | golinux | It's on the 'list' |
20:46.37 | greenjeans | os-prober? |
20:46.45 | golinux | I think so . . . |
20:47.29 | golinux | Yup. A to-do for RC2 |
20:47.50 | greenjeans | the VUA-do list or the vuu-give it a whirl-list? |
20:52.13 | golinux | VUA-do |
20:57.28 | KatolaZ | greenjeans: it's a "whoever knows how to do it is welcome to help" ;) |
20:58.49 | greenjeans | golinux said it's VUA-do, I never argue with golinux. ;) |
20:59.04 | *** join/#devuan IoFran2 (~Icedove@200.68.141.46) |
20:59.05 | golinux | LOL! |
20:59.40 | golinux | greenjeans: I think you've been drafted! |
21:00.01 | KatolaZ | o\ |
21:00.16 | KatolaZ | (that's a facepalm, if it was not clear... :D) |
21:00.20 | golinux | If you know how to do it would be much appreciated. |
21:00.33 | greenjeans | i don't, but i'll learn |
21:00.41 | golinux | We're already in overdrive. |
21:00.41 | KatolaZ | great greenjeans :) |
21:01.02 | golinux | That's the right attitude! |
21:01.57 | *** join/#devuan IoFran (~Icedove@187.210.247.97) |
21:04.32 | greenjeans | KatolaZ: reading your how-to on dev1galaxy, you have a line about installing "usual stuff for building debian packages", is there a complete list as i'm unfamiliar with the usual stuff? |
21:04.45 | *** join/#devuan hightower2 (~hightower@141-136-253-87.dsl.iskon.hr) |
21:08.55 | greenjeans | As soon as I get my small shutdown bug fixed and run that iso, I was thinking about making a developer version for devuan, installing all the things needed for packaging and compiling, for running the live-SDK, reportbug stuff, and other things like an IRC client, FTP manager etc that might be useful to someone who was actively trying to develop, a small fast lightweight iso you could even run live in ram if you wanted to |
21:10.02 | gnarface | greenjeans: apt-get install build-essential |
21:10.13 | gnarface | greenjeans: apt-get build-dep [package name] |
21:10.22 | gnarface | greenjeans: (in general) |
21:10.47 | gnarface | greenjeans: that should get most of it |
21:11.45 | fsmithred | linux-header-`uname -r` |
21:11.52 | fsmithred | headers |
21:11.55 | fsmithred | zzzzzzz |
21:12.45 | fsmithred | fakeroot devscripts |
21:19.55 | Enrico_Menotti | As it has been said, the mount failed for selinux on /sys/fs/selinux: no such file or directory message I get from Devuan on my n900 is not a real problem. However, I investigated a bit further. I disabled all init scripts. Seems the message is generated by /sbin/init itself. So the init process does not check whether selinux is enabled or not. Probably nobody will be interested in this; however, I thought it be |
21:19.56 | Enrico_Menotti | <PROTECTED> |
21:21.24 | *** join/#devuan Oldmoss (~Oldmoss@anon-46-159.vpn.ipredator.se) |
21:25.11 | *** join/#devuan aitor (~aitor@229.85-84-19.dynamic.clientes.euskaltel.es) |
21:25.19 | aitor | hi |
21:25.42 | gnarface | Enrico_Menotti: you have libselinux1 over there, right? |
21:25.54 | gnarface | Enrico_Menotti: even if it's disabled, stuff is compiled against libselinux1 |
21:26.40 | Enrico_Menotti | gnarface Right, but selinux should not be mounted if it is disabled, right? |
21:29.14 | Enrico_Menotti | This is for Red Hat, but I'd expect a similar behaviour in my case: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/SELinux_Guide/rhlcommon-section-0016.html (point 4). |
21:35.47 | KatolaZ | greenjeans: you could start from the minimal live :) |
21:37.13 | greenjeans | my mini is more minimal, lol |
21:39.05 | KatolaZ | :) |
21:39.14 | KatolaZ | I hope you can get more minimal |
21:39.21 | KatolaZ | it has only 550 packages |
21:39.25 | KatolaZ | and no X |
21:41.55 | greenjeans | well if I gave up X then yeah, mine could get smaller too, lol |
21:42.36 | greenjeans | I got xorg and a cushy openbox in about 855 packages |
21:43.55 | KatolaZ | :) |
21:44.07 | KatolaZ | the original version of the minimal included 320 packages |
21:44.16 | KatolaZ | then I installed something to make it useful :D |
21:45.01 | gnarface | Enrico_Menotti: uh, i think you're right actually. it's not mounted here, anyway. |
21:45.09 | greenjeans | sorry, i'm happy with X, I like GUI's |
21:46.23 | Enrico_Menotti | gnarface Sorry, what is "here"? A Devuan from the iso? |
21:46.37 | KatolaZ | greenjeans: no objection about X on my side :) |
21:46.44 | gnarface | Enrico_Menotti: my desktop ceres install |
21:47.10 | gnarface | Enrico_Menotti: (actually an upgrade from debian sid) |
21:47.19 | gnarface | ymmv |
21:47.28 | Enrico_Menotti | gnarface Mine is a Jessie debootstrapped on a Devuan Jessie installed from the iso. |
21:53.03 | *** join/#devuan mns` (~devone@177.13.50.194) |
21:57.39 | *** join/#devuan Xenguy_ (~Xenguy@unaffiliated/xenguy) |
21:59.02 | SpOOky_ | Hello, is there a wiki for the project yet? |
21:59.31 | Xenguy_ | I think there is SpOOky_ , but someone else here will have to confirm |
22:03.20 | *** join/#devuan Oldmoss (~Oldmoss@anon-46-159.vpn.ipredator.se) |
22:08.37 | golinux | SpOOky_: Not an official wiki. Documentation is scattered here and there. Some on the Devuan website, some on the dev1galaxy.org forum, some on talk.devuan.org, some on Friends of Devuan community wiki some on our gitlab |
22:11.57 | *** join/#devuan Xenguy_ (~Xenguy@unaffiliated/xenguy) |
22:13.05 | __stephen | on another 64 bit system, installed steam, but it claims to be missing libGL.so.1 |
22:13.34 | greenjeans | do I still need to update-alternatives if I wiped out all the symlinks and all the things they pointed to and uninstalled anything related to them? |
22:14.15 | greenjeans | *all the symlinks to things I wanted gone, not all the stuff in etc/alternatives* |
22:14.40 | fsmithred | picks himself up off the floor |
22:15.34 | fsmithred | greenjeans, did you use update-alternatives to remove the links, or did you just slash and burn? |
22:15.43 | gnarface | __stephen: steam needs the 32-bit libgl1-nvidia-glx too |
22:15.53 | greenjeans | slashed and burned |
22:16.08 | gnarface | __stephen: (or *-mesa-*, i presume) |
22:16.11 | __stephen | ah, that's the missing package... |
22:16.24 | gnarface | __stephen: yea, actually it'll need the 32-bit version of everything it uses |
22:16.36 | gnarface | __stephen: including the relevant video card driver components |
22:16.40 | __stephen | I thought I grabbed most of them. |
22:16.46 | __stephen | apparently didn't have all |
22:16.46 | gnarface | __stephen: make sure you enabled multiarch first |
22:17.00 | gnarface | __stephen: otherwise it just *replaces* the 64-bit ones |
22:17.10 | __stephen | multiarch is enabled |
22:17.23 | greenjeans | did the question floor ya FSR? lol |
22:18.08 | __stephen | unmet dependencies... yay |
22:18.28 | __stephen | pretty sure the nvidia driver came from backports... this should be fun |
22:19.53 | greenjeans | it was just the stuff related to the purpy desktop-base stuff |
22:19.59 | golinux | Slash and burn . . . no surprise there ;) |
22:20.08 | golinux | :((( |
22:20.41 | __stephen | son of a ... I dont know why these can't be met... |
22:21.32 | *** join/#devuan debgeek (~debgeek@host2.190-228-106.telecom.net.ar) |
22:21.51 | greenjeans | golinux: never know until ya try, I actually learn a lot by pushing things until they break |
22:22.11 | *** join/#devuan armin (~armin@base.m2m.pm) |
22:22.20 | greenjeans | system hasn't freaked out about me doing it as far as I can tell |
22:22.46 | fsmithred | I understand that approach. |
22:22.59 | greenjeans | but wondering if I need to go back and run update-alternatives |
22:23.15 | greenjeans | just so it's all happy again |
22:23.16 | fsmithred | with --configure-all? |
22:23.17 | SpOOky_ | @Xenguy_ @golinux thank you |
22:23.24 | fsmithred | or whatever the right option is |
22:23.40 | greenjeans | probably best policy if I do so huh FSR? |
22:23.41 | fsmithred | I would think if you used u-a to remove the ones you didn't want, you should be covered. |
22:24.06 | fsmithred | got any dead symlinks in that dir? |
22:24.13 | greenjeans | not any more |
22:24.29 | greenjeans | there were only 2...wait, might have been 3 |
22:24.50 | fsmithred | you could run through them all - probably just hit enter a bunch of times |
22:25.41 | __stephen | someone remind me how you get into a situation where you have "depends : blah (= someversion) but it is not going to be installed" ? |
22:25.58 | __stephen | I've updated after modifying sources. |
22:26.01 | fsmithred | got something pinned? |
22:26.07 | __stephen | not on here |
22:26.25 | fsmithred | modified how? ascii or ceres? |
22:26.29 | djph | you've stumbled into dependency hell. good luck getting out of it |
22:27.16 | __stephen | jessie rc1 |
22:27.43 | __stephen | I had enabled backports for the nvidia drivers, which I re-enabled... |
22:27.47 | __stephen | edited via vim |
22:28.13 | greenjeans | __stephen: watcha playing in steam? |
22:28.35 | __stephen | currently nothing... since it complains about this libgl so... |
22:29.01 | __stephen | Eventually, Shroud of the Avatar and a few others... |
22:29.41 | fsmithred | apt-cache policy <package> will show you what's available |
22:30.19 | fsmithred | going to kitchen |
22:32.46 | __stephen | After carefully reviewing what's there... |
22:33.03 | __stephen | I'm taking the shotgun approach and pasting all the pacakges in. |
22:33.26 | __stephen | I don't know why this is working and why the individual package approach didn't. |
22:34.01 | __stephen | Definitely going to have to pin backports after this. |
22:34.53 | __stephen | I really hope it doesn't try to use the 32 graphics driver for x after this. |
22:35.49 | greenjeans | i'm a fan of the playonlinux package, works really well |
22:36.06 | __stephen | I will be using wine for UO. |
22:37.53 | greenjeans | playonlinux frontend makes it super easy to install and run games in wine, it will even download versions of wine that are customized specifically for the game you are loading |
22:38.12 | __stephen | Yeah, I generally just use winetricks for the bits I need. |
22:38.54 | *** part/#devuan Oldmoss (~Oldmoss@anon-46-159.vpn.ipredator.se) |
22:40.12 | greenjeans | that's cool, I just wish more people would try out the package, it's easy for noob users of linux and dispels the whole "I need windoze to game" myth that seems to still be widely subscribed to |
22:41.37 | greenjeans | dang, i ended a sentence with a preposition, any way to delete that before DocScrutinizer sees it? |
22:41.42 | greenjeans | :) |
22:42.26 | *** join/#devuan Besnik_b (~Besnik@athedsl-221041.home.otenet.gr) |
22:53.14 | __stephen | greenjeans: ending a sentence with a preposition is fine in English. Not fine in latin. It's not a rule for English. |
22:53.24 | __stephen | detaches |
22:58.26 | *** join/#devuan ksx4system (~ksx4syste@2a02:7b40:5eb0:ed18::1) |
23:00.12 | *** join/#devuan k0nsl (~k0nsl@feel.the.power.feel.the.k3k.su) |
23:00.12 | *** join/#devuan k0nsl (~k0nsl@unaffiliated/k0nsl) |
23:04.38 | golinux | __stephen: ". . . ending a sentence with a preposition is fine in English." Not the English I learned last century. ;) |
23:05.20 | MinceR | then it's a different english from the one i learned :> |
23:09.56 | *** join/#devuan thijso (~thijs@109-46-132-5.ftth.glasoperator.nl) |
23:16.13 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |