2[00:00:48] <ratrace> martigan: it's the same file. 99-sysctl.conf is a symlink
3[00:03:47] <martigan> ratrace, ty. For future reference how can you tell if a file is a symlink? So in this case it would be better to modify the original file as the symlink will point to it right?
7[00:05:08] <martigan> 2nd Q: Is using UFW to add firewall rules for a vpn kill switch as good as making them with iptables directly?
8[00:05:14] <ratrace> it doesn't matter which one you give to your editor, it's the same file. by default at least, on debian. you can see it's a symlink by running ls -l /etc/syctl.d or test it directly file /etc/sysctl.d/99-sysctl.conf
17[00:10:46] <martigan> I'm trying to add rules to drop all traffic outside of my vpn if my vpn drops. Some tutorials i've found use iptables directly and some use ufw. I get that ufw is a wrapper for iptables, so in that case rules set with ufw will be in ip tables as I understand it. I see what you mean using file to check if it's a symlink. thanks for that.
25[00:15:53] <jaakkos> martigan: sounds like you could add a rule that drops all traffic on the physical interface unless it's targeted to the VPN gateway, and always have that rule enabled
30[00:17:37] <jaakkos> martigan: I've never used ufw so can't answer your question, but I'd be interested in knowing what kind of rules you're planning to use
31[00:18:38] <karlpinc> oxek: Makes sense to me. You can file a bug report. The install manual says where in it's "about this manual" section.
37[00:26:26] <martigan> jaakkos: That's my plan, just drop anything that's not headed for tun0 (vpn if). Iptables looks kinda complicated for rookie like me but ufw seems to do it in just a couple of commands. paste.debian.net/1115167/
38[00:27:48] <jaakkos> martigan: well... the iptables rule is about: iptables -I OUTPUT -o ethX ! -d $VPN_GW_ADDRESS -j DROP
40[00:29:58] <jaakkos> martigan: this would be better: iptables -P OUTPUT DROP; iptables -I OUTPUT -o ethX -d $VPN_GW_ADDRESS -p udp --dport $VPN_PORT -j ACCEPT
41[00:31:14] <jaakkos> martigan: I don't really know ufw but the rule you pasted looks like it wouldn't let VPN client to communicate with the VPN gateway
42[00:32:08] <jaakkos> martigan: my example assumes your physical interface was ethX and VPN uses UDP protocol talking to $VPN_GW_ADDRESS:$VPN_PORT
44[00:34:44] <martigan> ya i'm tracking. ty. I'm about to try some of these out. I'm using openvpn, you mean it wouldn't allow it to communicate before tun0 was opened by openvpn?
56[00:39:40] <jaakkos> martigan: tun0 is just for communicating between OpenVPN client (a program on your computer) and other programs on your computer
57[00:39:56] *** Quits: karakedi (~eAC53C340@replaced-ip) (Remote host closed the connection)
58[00:40:07] <oxek> karlpinc: is sending an email the only way of reporting a bug in debian?
63[00:41:33] <martigan> jaakos: I think I get what you're saying. I'm reading through the iptables man page rn to figure what you gave me does then i'm going to give it a try. This is the tut on ufw where I got the idea for ufw. replaced-url
74[00:44:53] <jaakkos> (in the usual case :) I'm simplifying by saying things like physical interface - depends on how complicated your network setup otherwise is)
76[00:46:16] <jaakkos> martigan: so what you want is let programs talk freely to tun0 but only let very specific traffic to go out from the physical interface
87[00:51:09] <trek00> well, if you need i more fine grained policy you could select a list of users allowed to connect via eth0 and a list of users allowed to connect via tun0
89[00:51:50] <trek00> this setup is more common with tor, where you would allow only one user to connect via tun0
90[00:51:53] <Aebian> hi guys, for some reason my dns server (a debian buster) no longer follows the default gateway 10.0.0.1 and thefore doesn't get any internet. Any idea where I can look to find out why? No route to host is a commen error I see. However other debian devices on the network work just fine
91[00:52:40] <trek00> Aebian: what is the output of? /sbin/route -n
92[00:53:26] <Aebian> uh
93[00:53:27] <Aebian> 0.0.0.0 10.0.0.2 0.0.0.0 UG 202 0 0 eth0
94[00:53:32] <Aebian> that is an issue
95[00:53:47] <Aebian> 0.0.0.0 should point to 10.0.0.1
96[00:53:49] <Aebian> I guess
97[00:54:14] <trek00> yes, if 10.0.0.1 is your gw
98[00:54:23] <ratrace> yeah. how is that set up, dhcp? you have some dhcp server collision in that network?
108[00:56:08] <jaakkos> martigan: the instructions you pasted suggest first connecting OpenVPN, and only then applying the ufw rules
109[00:56:14] <trek00> Aebian: may be you can fix with: ifdown eth0 && ifup eth0
110[00:56:23] <jaakkos> martigan: I'm fairly certain ufw does something like "iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED" by default
111[00:56:28] <Aebian> I already restarted the whole debian box
112[00:56:44] <Aebian> no change hmmm
113[00:56:55] <jaakkos> martigan: ... -j ACCEPT, to that rule
114[00:57:03] <trek00> Aebian: may be there is some conflicting file inside /etc/network/interfaces.d ?
115[00:57:09] <jaakkos> martigan: this means among other things that existing connections will not be affected by the firewall rules that will be applied when you run the script
116[00:57:21] <ratrace> Aebian: also, side note, better bind those eths to their MACs, to avoid bios ordering hiccups
118[00:57:45] <jaakkos> martigan: ... because the rules wouldn't allow any other traffic than via tun0. But the existing VPN connection won't be blocked, because you started it *before* you applied the rules
119[00:57:56] <Aebian> /etc/network/interfaces.d is empty
120[00:58:03] <ratrace> oh btw... multiple gateways? I don't think that'd work
145[01:02:45] <ratrace> Aebian: though I'm not 100% sure of that. "default gateway" is the gateway for all traffic not specifically routed, so there really can be only one
146[01:03:05] *** Quits: preview (~quassel@replaced-ip) (Remote host closed the connection)
154[01:04:47] <ratrace> NetGirl: you're talking about "usrmerge" where /bin and /usr/bin are merged (into the latter, the former being a symlink to it), and equally for /sbin and /usr/sbin
160[01:06:00] <ratrace> NetGirl: and yeah the reason they were separate are ancient dogmas, so usrmerge is there to remedy that. it's decided that /usr/ shold be the target of the merge
161[01:06:42] <ratrace> trek00: one shoudl though. if you have multiple installations and some are upgrades, you get non-homogenous installations and that's gonna cause bugs
162[01:06:43] <martigan> jaakkos, that makes sense. Thank you a ton man for explaining this. I'm reading through the man page still looking at your commands. If those ufw commands allow any already established connections that would not be ideal. I don't know anything about firewalls or iptables. Literally nothing. I need to pick up a book or spend a day on youtube.
163[01:07:28] <trek00> ratrace: i never installed with usrmerge and never got a bug, but i have always luck :)
164[01:07:54] <ratrace> trek00: if you installed fresh buster, you got usr merged. if you upgraded from stretch, you might need to run usrmerge
166[01:08:22] <trek00> ratrace: fresh buster installation, with separate /usr partition
167[01:08:37] <ratrace> the bugs that hit ME were assumptions that /usr/bin is the real dir, and testing worked on freshly installed staging systems. production failed on systems that were upgraded. :(
168[01:08:58] <ratrace> trek00: so your usr is merged. /bin is a symlink to /usr/bin no?
176[01:11:26] <martigan> And firewall rules aren't permanent by default it would appear. So if I wreck this playing with it I should be fine after a reboot ya?
177[01:11:36] <ratrace> trek00: btw why do you separate /usr? any special reason?
178[01:11:43] <trek00> ratrace: i don't know, but really happy that my old setup is still running fine :)
179[01:12:02] <jaakkos> martigan: yeah. btw if ufw is installed, it may be that it generates a bunch of rules by default that will interfere with your own iptables efforts
180[01:12:11] <ratrace> trek00: old setup or fresh installed buster?
186[01:13:39] <ratrace> trek00: is there some special config setup required with systemd for separate /usr? systemd doesn't support it out of the box iirc
187[01:13:58] <trek00> ratrace: i don't know, i'm still using sysv sorry :)
188[01:15:05] <trek00> ratrace: but i remember that systemd was mounting /usr shortly after / and before any other partition
189[01:15:19] <Aebian> well to be fair the following command fixed my issue: sudo ip route add default via 10.0.0.2 & sudo ip route delete default via 10.0.0.2 as long as I don't restart the networking service. If I do that it gets reverted to 10.0.0.2. I wonder where he pulls that info from then
197[01:16:27] <jaakkos> martigan: but there is a shortcoming in the rule that I pasted - it is possible for programs to send unencrypted traffic to the VPN gateway address itself (but nowhere else)
205[01:17:45] <ratrace> Aebian: you should really need just one gateway. that's the IP where packets are framed for, typically for LAN/WAN boundary, ie. "the way out of LAN".
206[01:17:49] <Aebian> ratrace: I added a default to 10.0.0.1 (the gw and that what should be used) and deleted the present default to 10.0.0.2
213[01:19:22] <ratrace> you mean you will _comment_ them out :)
214[01:19:30] <Aebian> yeah sorry
215[01:19:34] <trek00> Aebian: you should configure only one gateway in you interfaces file
216[01:19:45] <ratrace> Aebian: try it, I'm curious now. I'd say that it should work just fine with that ONE gateway entry in interfaces file, for 10.0.0.1
221[01:22:22] <Aebian> commented them out, restarted a dozen times, works fine. Commented them back in, restarted a dozen times as well, also default gw 10.0.0.1 is active and used. all fine now as well
222[01:22:48] <Aebian> only thing I havent done is a full system restart
223[01:22:55] <ratrace> Aebian: you still have that add default & delete default ?
224[01:23:07] <Aebian> well I haven't executed it
225[01:23:22] <Aebian> so no didn't change it after I commented back in
226[01:23:33] <Aebian> works like it worked before
227[01:23:40] <Aebian> which is weird
228[01:23:53] <Aebian> I'll do a full sys restart to see if that breaks things
229[01:24:26] <Aebian> ip route before the restart replaced-url
230[01:24:30] <ratrace> Aebian: yea but make sure you have only one gateway entry. mutliple gateways make no sense.
234[01:27:23] <ratrace> Aebian: you'll see that the routing table is already set as it should be, eg. packets destined for 10.145.50.x/24 will be routed through eth2. packets destined for 10.145.20.x/24 through eth1, and packets destined for 10.0.0.x/24 through eth0. packets for any other subnet will go through the gateway 10.0.0.1 unless you specifically route their subnet through a NIC
237[01:28:08] <Aebian> buthow does eth2 know which is his default gw if I set it static?
238[01:28:18] <ratrace> Aebian: default gateway == send packets through this IP when no route is known
239[01:28:24] <Aebian> ah
240[01:28:39] <Aebian> so the gateway thing is just the universal catch all
241[01:28:39] <ratrace> Aebian: there is no such thing as "his default gw" for nics. default gw is only one, "route packets through here, when no routing is known"
247[01:29:39] <jaakkos> martigan: to fix that, you could use the 'mark' option in openvpn config to mark encrypted packets for iptables, then modify the iptables rule: "iptables -I OUTPUT -o ethX -d $VPN_GW_ADDRESS -p udp --dport $VPN_PORT -m mark --mark $MARK -j ACCEPT"
249[01:31:04] <jaakkos> martigan: people here recommended also filtering by openvpn user, could do that with -m owner --uid-owner. But openvpn client runs as root so it's not very nice.
250[01:32:47] <ratrace> martigan: "And firewall rules aren't permanent by default" they are if you set up through ufw. playing with iptables command direclty isn't permanent unless you install something like iptables-persistent and it dumps the rules through /etc/iptables/rules.v4 (and .v6 for ipv6)
251[01:32:58] <trek00> Aebian: the weird behavior come from your broken setup and parallel interface setup during boot: each time it setup an interfaces it rewrite the default gateway, but with parallel startup sometimes the last interface is the one with the right gateway and sometimes not; on older systems ifupdown was used, that start sequentially the interfaces and then the last gateway was always setup
268[01:38:45] <martigan> jaakos: Ya, that would be a problem, I mean it's not really a problem, at this point I don't do anything really sensitive, but the reason I'm learning how to do this is to disallow *anything* leaving me unencrypted. Looking at openvpn config and the mark option and mark in the iptables man page.
269[01:39:00] <trek00> ratrace: ip route is the second link
270[01:39:10] <ratrace> oh, right.
271[01:39:23] *** Quits: Guest_55 (2fde6e70@replaced-ip) (Remote host closed the connection)
272[01:39:24] <ratrace> it still shows last config.
273[01:39:30] <trek00> ratrace: may be there is a systectl command to regenerate interfaces?
274[01:39:53] <ratrace> systemctl restart networking.service but that just does ifdown & ifup
275[01:40:03] *** PretendMatter is now known as gesturr
276[01:40:11] <ratrace> Aebian: so question, you don't any systemd-networkd configs there too?
277[01:40:15] <jaakkos> martigan: you should keep in mind that your machine is going to give out information about itself on the L2 network ("local area network")
278[01:40:26] <jaakkos> martigan: such as MAC address and possibly hostname
279[01:40:36] <ratrace> Aebian: and when you say "restarted" do you mean reboot, or you restarted some service?
284[01:42:22] <ratrace> Aebian: if you restarted the whole server, how does it know about gateways that are no longer in the interfaces file, but WHERE before reboot? are you sure you don't have som eother setup messing stuff up? like another rootfs or some nfs somethign... those are VMs, right?
285[01:42:40] <ratrace> Aebian: also, no systemd-networkd settings?
286[01:43:04] *** gesturr is now known as PretendMatter
298[01:44:58] <jaakkos> martigan: right, if you omit that rule (note that your LAN subnet may be different from the example), you won't be able to talk on LAN either
302[01:45:57] <ratrace> Aebian: so that's now nearing the twilight zone.... you sure your VM is not restoring rootfs from a snapshot or something like that?
303[01:46:01] <martigan> Also VPN port is different and I was told to use TCP over UDP.
304[01:46:03] <jaakkos> martigan: hostname is leaked by dhcp client yeah, MAC address is leaked no matter what unless you change it before you connect on L2
305[01:46:12] <ratrace> Aebian: is that Debian proper or some derivative that's doing gods know what?
306[01:46:44] <jaakkos> martigan: dhcp client uses raw sockets so even though it's UDP, you can't catch it with iptables
353[01:51:46] <martigan> jaakkos: I use a random MAC always so no issue there. And for the time being I'm on my LAN so I'm not concerned with it. Just my traffic going out into the world.
354[01:51:53] <jaakkos> martigan: the linuxconfig article seems quite sloppy. First of all, net.ipv4.ip_forward=1 is not needed for anything here and will make your configuration less secure
358[01:52:19] <trek00> Aebian: it seems /etc/network/interfaces is not read at all
359[01:52:48] <Aebian> that's weird
360[01:52:50] <jaakkos> martigan: "-A OUTPUT -o lo -j ACCEPT" is a good idea though.
361[01:52:59] <martigan> jaakkos: I kinda thought that, I have used it before when playing around with middling traffic in my house and didn't see the reason for it here.
362[01:53:01] <jaakkos> martigan: the DNS part is only relevant if you don't get DNS over VPN
363[01:53:04] <ratrace> Aebian: no network-manager or something like that?
364[01:53:10] <jaakkos> and you do I'm sure
365[01:53:39] <martigan> I'm using ipvanish and I'm pretty sure it's over VPN.
366[01:53:39] <trek00> found a similar issue replaced-url
367[01:53:39] <jaakkos> martigan: though if VPN config specifies VPN GW as DNS name instead of IP address, you will need working DNS before you can connect
368[01:53:46] <ratrace> Aebian: oh also... please check /etc/initramfs-tools/{initramfs.conf,conf.d/*} if something is forcing network config through initramfs
369[01:54:51] <ratrace> trek00: though look at the ip route output, those gateways have different metric, so that per se is no ta problem, that first gateway being 10.0.0.2 is
430[02:10:44] <trek00> setuid: you should add the module to /etc/modules and rebuild initramfs, but you can also build a bigger initrd or with a selected list modifying /etc/initramfs-tools/initramfs.conf
436[02:12:49] <setuid> trek00: I've done all of that, by overwriting the in-tree foo.ko with the dkms version of foo.ko, and it boots, but kernel crashes because the module is tainted
445[02:14:48] <trek00> Aebian: or rgrep '10\.0\.0\.2' /
446[02:15:12] <setuid> So I'm thinking I need to add the module to initrd.gz as a dkms module, not by overwriting the in-tree module, causing the taint and crash
447[02:16:13] * jordila for a small (almost) personal VPS (Apache & PHP + some Nodejs)... i'm willing to try Debian testing, as can be seen performing quite solid in my laptop
457[02:21:51] <trek00> setuid: you said you ovverwritten
458[02:21:56] <trek00> ops
459[02:22:01] <setuid> trek00: I take the original netboot's initrd, unpack it, replace in-tree foo.ko with vendor's foo.ko module built against the same kernel with dkms.
460[02:22:13] <Aebian> trek00: gues what, updated to buster, issue gone.
461[02:22:17] *** Quits: Krennic (~Krennic@replaced-ip) (Quit: Lost terminal)
468[02:23:10] <Aebian> now it is on buster and seems resolved. Honestly I still loved to use your regrep search thogh
469[02:23:21] <Aebian> thanks for all your help
470[02:23:23] <trek00> setuid: may be it has secure boot enabled?
471[02:23:27] <teclo> hi there, I've done a clean install of 10.1 and it works very well, I have writtent my new firewall iptables script... I've put a symlink to it from /etc/network/if-pre-up.d/ ... but it's not executed at boot time. Some tutorial says I should put the script in /etc/rc.local, but here in 10.1 I see no /etc/rc.local and I'm not sure I should create a rc.local (pehaps there is no rc.local because of systemd)
474[02:24:52] <trek00> setuid: the dkms module has a different name from the one shipped with default kernel, right?
475[02:25:00] <setuid> It does not, no.
476[02:25:21] <Gerowen> Cut her "Power on to login screen visible" down to 1:08 by disabling the option in "Sign in Options" that says something like, "Use my credentials to automatically log in and restart my apps".
657[04:49:35] <rue_shop1> hi, new install of buster, trying to compile freecad: apt-get build-dep freecad; apt-get source freecad; cd freecad-0.16+dfsg2/src; cmake . == Unknown CMake command "generate_from_xml". THE SOURCE PACKAGE APPEARS TO BE BROKEN?
658[04:49:45] *** Quits: dtux (~dmtucker@replaced-ip) (Remote host closed the connection)
670[04:54:48] <themill> I'd love it if we could stop going on about the source package being broken, since it quite clearly isn't, and instead ask how to fix the problem. Building it with the correct command is more likely to work, after all
671[04:54:48] *** Quits: rda-mac (~rda-mac@replaced-ip) (Remote host closed the connection)
694[05:03:51] *** Quits: Prints (~333@replaced-ip) (Quit: deadlightbulb.com)
695[05:04:04] <jvava> I can not turn off screensaver, I had tried xset, xscreensaver, but both not work, it is debian buster, please help
696[05:04:09] <themill> rue_shop1: I have no idea where you're getting these ideas from
697[05:04:21] <rue_shop1> jvava,
698[05:04:26] <themill> rue_shop1: none of this is what the freecad documentation says, what the package does or what I'm saying
699[05:04:27] <jvava> rue_shop1
700[05:04:40] <rue_shop1> jvava, xset s off dpms force on s noblank s expose -dpms
701[05:04:52] <rue_shop1> I have it in a script called turnthedamnscreensaversoffalready.sh
702[05:05:49] <rue_shop1> try to find a CMakeLists.txt
703[05:05:58] <crestfallen> I can't get my buster to install. I tried 3 versions now on 'firmware-included-10.1.0' somesuch. I tried to edit the sources.list file precisely has the channel bot instructed me. then a member suggesteed I look into editing the DNS nameserver listings, but in the recovery shell I cannot install the 'resolvconf' program. I've worked 5 hours on trying to install debian. irony is I'm writing you from my home machine which I
704[05:05:58] <crestfallen> upgraded from stretch and never had a problem.
705[05:05:59] <rue_shop1> apparently its in the wrong place of this project
706[05:06:06] <rue_shop1> ugh, wrong channel
707[05:06:13] <themill> rue_shop1: it's in an unusual place, it is not in the wrong place
708[05:06:15] *** Joins: Prints (~333@replaced-ip)
709[05:06:40] <rue_shop1> I want to be working on my stm32 ADC code
712[05:06:57] <rue_shop1> I'm apply half my brain to try to help a guy compile freecad
713[05:07:12] <crestfallen> any suggestions?
714[05:07:20] <jvava> rue_shop1, I can't get your idea
715[05:07:21] <jvava> could you please show me your script?
716[05:07:22] <rue_shop1> "ou are both correct, hardly surprising, what was happening was that I was pointing Cmake to the wrong source directory, BUT ... the reason why is that there was no CMakeLists.txt in the correct directory.... an"
717[05:07:23] <jvava> rue_shop1, more turnthedamnscreensaversoffalready.sh
718[05:07:40] <rue_shop1> jvava, xset s off dpms force on s noblank s expose -dpms
719[05:07:53] <rue_shop1> ^^^ that command should turn off all the stupid screensavers / layers
720[05:07:59] <crestfallen> its been a deep rabbit hole
741[05:12:50] <crestfallen> I'm not expecting to troubleshoot. If there is something that I may be missing I hope to be directed to it , where I can read up and try again tomorrow. :)
742[05:12:52] <rue_shop1> so the website compile instructions are wrong
745[05:13:25] <crestfallen> I did all of the 'buster main contrib non-free' lines in sources.list
746[05:14:33] <crestfallen> the debian bot gave a precise entries for that file. though my buster system at home looks different; that buster came via an upgrade
747[05:14:46] <crestfallen> *gave precise entries
748[05:17:06] <dvs> crestfallen, what was the name of the iso you used for the install?
770[05:29:39] <crestfallen> I cannot add these two entries to etc/resolconf : nameserver 8.8.4.4 nameserver 8.8.8.8 ok copy that.that is sinking in dvs
771[05:29:55] <crestfallen> resolv.conf*
772[05:30:36] <crestfallen> ok yeah that makes sense so it's hanging even worse then. :)
773[05:31:20] <dvs> you have to get it so that you can start Debian without the install iso.
774[05:31:47] <crestfallen> right so anything I'm missing? I've installed debian before happily
775[05:32:49] <dvs> I'd personally would not install the Desktop GUI during the initial install if you are having trouble starting it up.
776[05:32:51] <crestfallen> Cannot resolve deb.debian.org comes up a lot. and missing Firmware error messages.
777[05:32:58] <dvs> OH!
778[05:33:24] <dvs> Missing deb.debian.org is serious. that is a nameserver (or network) issue.
779[05:34:14] <crestfallen> yes so I was trying to use that tutorial but it's arbitrary since I don't know if that's my precise issue
780[05:35:13] <crestfallen> I work at a university with secure networks
781[05:35:14] <dvs> Chances are that you just have to edit the /etc/resolv.conf file with the proper nameservers
782[05:35:59] <dvs> secure networks could also be preventing you from connecting to the Internet at large.
783[05:36:43] <crestfallen> one deb mirror is actually at uc berkeley I think I used it to download
801[05:45:11] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
802[05:46:03] <crestfallen> dvs another hint is that I tried to install antiX , a debian derivative, and I had the same types of error messages cannot resolve deb.debian.org
826[05:58:27] <trek00> crestfallen: there are many terminal emulators you can run from the graphical desktop if you need a terminal
827[05:58:47] <crestfallen> sorry 8.8.4.4
828[05:59:36] <crestfallen> no I'm getting nowhere near the graphical desktop . it hangs while booting with a blinking cursor at the bottom with 'installing Gnome Settings' I believe
829[05:59:51] <trek00> ok
830[06:00:13] <crestfallen> 'installing Gnome Settings' is the last thing listed above a blinking cursor
834[06:03:20] <crestfallen> trek00, did you see my post above re: my attempt to install antiX, and getting similar error messages read: 'cannot resolve deb.debian.org'
835[06:03:40] <trek00> crestfallen: to resolve you need to setup your resolv.conf file
838[06:04:18] <crestfallen> I see, just with those nameserver 8.8.8.8 nameserver 8.8.4.4 ?
839[06:04:41] <trek00> crestfallen: yes, on two different rows
840[06:05:13] <trek00> crestfallen: you can also try booting without graphic desktop, adding 'text' kernel command line replaced-url
841[06:06:37] <crestfallen> ok get into a shell, create /etc/resolv.conf file, and list those 2 nameservers on separate lines. the recovery term should work? trek00
842[06:07:00] <trek00> crestfallen: try to ping goole.com
843[06:07:36] <crestfallen> excellent if that fails I'll try second strategy at superuser.com . ok will do thanks kindly trek00 dvs
844[06:07:51] <trek00> :)
845[06:08:05] *** Quits: Eloc (~Eloc@replaced-ip) (Remote host closed the connection)
883[07:03:27] <Kats99> pls help me this time. the for loop in bash is behaving strange. for i in {1..$loop}; do echo $i done; why does this print {1..5} instead of 1 2 3 4 5
884[07:04:04] <Kats99> and if i substitute 5 in place of $loop, it works correctly
977[08:05:00] <setuid> Well, this isn't working. A bare initrd with the in-tree module, boots but fails because of the missing support in that module. I insert the out-of-tree module, overwriting the in-tree module, re-pack the initrd, boot it and it crashes just after unpacking.
997[08:16:34] <setuid> All I did was unpack the working initrd.gz, ovewrite in-tree foo.ko with a vendor's out-of-tree (dkms-built, for the same kernel) foo.ko, and repacked the initrd back into a .gz
998[08:16:50] <setuid> Well, and updated etc/modules inside the init, to load foo
999[08:17:08] <setuid> I know I'm missing some piece of detail here, I'm just not sure what
1012[08:22:05] <noln> But really must be a cleaner way. Maybe put the module somewhere in /etc for initramfs-tools to include it? then update-initramfs -u
1025[08:24:49] <setuid> noln: this is a one-time deal, we don't update kernels that often
1026[08:25:11] <setuid> This is just to get the box pxe booted, once it's on the network, we can use the vendor's dkms package and insert it into newer kernels
1027[08:28:07] <setuid> noln: I can't let initramfs-tools do anything, because the box has no OS on it yet
1028[08:28:07] <setuid> I need the out-of-tree module inside the netboot's initrd, so I can PXE boot it through Cobbler
1029[08:28:08] <trek00> setuid: update-initramfs should create the initrd image for you
1030[08:28:08] <setuid> trek00: How does update-initramfs run from pxe boot?
1031[08:28:08] <trek00> setuid: you should run on the machine where you are creating the initrd
1032[08:28:08] <setuid> trek00: I have a piece of hardware (actually, hundreds of them), with no OS on them at all.
1034[08:28:08] <trek00> setuid: where you build dkms module?
1035[08:28:08] <setuid> trek00: I've installed the same OS + kernel in a VM, where I"m building the initrd, and rsync'ing it over to the cobbler server
1036[08:28:08] <setuid> update-initramfs in that VM, does not create an initrd.gz that I can use with cobbler to pxe boot
1037[08:28:34] <setuid> I need to create a netboot that contains this module, so I can pxe boot the box with a working network
1045[08:34:26] <setuid> The initrd.img that update-initramfs builds, only contains 1 file, "GenuineIntel.bin", but the initrd in netboot, has hundreds of files (and is significantly larger)
1046[08:35:23] <trek00> setuid: you should set MODULES=netboot to /etc/initramfs-tools/initramfs.conf
1047[08:35:57] <trek00> setuid: check man initramfs.conf
1056[08:40:11] <noln> re: GenuineIntel, double-check with lsinitramfs or another inspection method per <replaced-url
1057[08:40:26] <trek00> setuid: anyway if the initrd image is correct, you should check if the dkms module is running fine on the building machine, just to check if it can be loaded
1058[08:41:14] <setuid> trek00: I can't do that, because I can't get the OS installed, without network, which the missing/crashing module provides
1060[08:41:48] <setuid> Enabling the NIC using the module I'm trying to inject, is what allows the install to complete via pxe
1061[08:41:56] <trek00> setuid: you should try to modprobe the module on the machine where you built that module
1062[08:42:05] <setuid> update-initramfs does _not_ build a netboot initrd
1063[08:42:18] *** Quits: ilikeyou (uid389024@replaced-ip) (Quit: Connection closed for inactivity)
1064[08:42:30] <setuid> Yes, I can insmod/modprobe the module on my VM, where I've built it, using dkms, and that works. modinfo also confirms its the right module.
1065[08:42:37] <trek00> setuid: and check the last message of noln it was for you i think
1067[08:42:57] <jelly> setuid: that file name sounds like microcode, it's put as a special part of initramfs. Should be able to get rid of it by remove intel-microcode package and rebuilding.
1068[08:43:31] <setuid> jelly: So if I remove the intel-microcode package from my VM, and re-run initramfs, it's going to build a full netboot?
1069[08:43:37] <noln> why get rid of it? the inspection method could be ignoring what comes after that
1070[08:44:01] <setuid> noln: It's a 7Mb initramfs, the netboot initrd compressed is 49Mb
1071[08:44:05] <noln> The microcode and the normal initrd's are concatenated to get the final initrd
1072[08:44:12] <setuid> I'd be surprised if they fit 49+ Mb into < 7Mb
1073[08:44:13] <noln> ah ok
1074[08:44:14] <jelly> setuid: it's going to build the same thing as before, just without microcode
1085[08:48:05] <setuid> Ok, removing the microcode package does change the nature of the initrd.img, but it still doesn't contain the module I need, and that module _is_ declared in /etc/modules. I'll poke around... this whole process is a nightmare of cobbled-together tools that don't work very well.
1086[08:48:49] <setuid> Ok, _now_ I've got it in the initrd... needed it in /etc/initramfs-tools/modules
1100[08:56:24] <setuid> damnit... well, it didn't crash at boot, but instead, dropped to initramfs prompt, couldn't find most of the root fs in the netboot, /etc/fstab missing, /root/dev missing, etc.
1116[09:07:06] <trek00> setuid: if you have done an initrd which don't crash but drops to a shell, probably you need to copy some init file, but they should already copied
1117[09:07:25] <trek00> bibble: you could use backports too
1146[09:18:28] <ratrace> setuid: can you tl;dr your issue? I just ran through the scrollback and it's something about custom initramfs?
1147[09:18:34] <setuid> oops, yubi... so update-initramfs omits the init= value, so it can't complete a boot
1148[09:19:12] <setuid> ratrace: I have a working, bootable initrd, which cobbler happily hands to my hardware over pxe boot. But that default initrd, lacks the module needed to bring up the NIC.
1150[09:19:32] <setuid> So I have a dkms version of the module which I built in an identical version of the OS + kernel in a VM.
1151[09:19:48] <ratrace> setuid: and now you want to put it in the intramfs?
1152[09:19:51] <setuid> I've injected that module into the unpacked initrd, and re-packed it
1153[09:20:20] <setuid> ratrace: just want a clean, working initramfs/initrd, with the out-of-tree dkms module in it, so I can complete the pxe boot and install
1157[09:22:00] <ratrace> setuid: well there's two things you can do, if this was a regular boot, I don't know how cobbler/pxe fit into it. You can write a simple initramfs-tools hook in which you copy your module in, and you add it to the list of modules to forcefully load up.
1158[09:22:02] <jelly> setuid: you could get the netboot image for 10.1 release, make sure you have the same kernel, build and plug your module in that?
1162[09:23:51] <ratrace> well, that's kinda what I do on my systems, as I don't use cryptsetup-initramfs, and instead have a custom hook that pulls in the crypto modules.
1164[09:24:48] <ratrace> setuid: you can look up any /usr/share/initramfs-tools/hooks/* for an example, and unfortunately I'm now aware of a detailed guide how to construct these, I just copypasted cryptoroot's default hooks and modified to my needs reading source
1165[09:24:52] <setuid> They're pulled into the initramfs by /etc/initramfs-tools/modules, which is fine... but there's something missing, it's not building a working init
1169[09:25:54] <ratrace> okay if it's just modules and no userland components to that?
1170[09:26:20] <setuid> ratrace: this is just a simple netboot install, but I need the NIC module to complete the install
1171[09:27:22] <setuid> Going to try something else
1172[09:27:36] <setuid> I can't believe this is so difficult; I've been trying to figure this out for over 10 days
1173[09:27:44] <setuid> I tried repacking the install iso, that didn't work
1174[09:27:57] <ratrace> what's the module needed for, to even begin pxe/netboot?
1175[09:28:07] <leden> setuid, did you read replaced-url
1176[09:28:11] <setuid> I mean, I can unpack squashfs, put the modules in it, all that works, but the initial boot doesn't include the module, because the iso's initramfs doesn't include it
1179[09:28:25] <setuid> But the resulting install _from_ that booted ISO, does have the right module laid out on disk
1180[09:28:34] <b_and_w> im a newbie to shell scripting. i just wrote my very first shell script.
1181[09:28:46] <setuid> leden: I don't need any custom firmware
1182[09:28:52] <b_and_w> i have barely a month's experience with linux, so im still learning. I have a question: is there a difference between a batch file and a script?
1183[09:29:08] *** Quits: dionysus69 (~Thunderbi@replaced-ip) (Remote host closed the connection)
1193[09:31:42] <setuid> Fundamentally, no, there is a minimal difference. Both execute commands line-by-line. The mechanism they are executed, differs (mostly by the executed interpreter called to run those commands)
1194[09:32:52] *** Quits: b_and_w (~michael@replaced-ip) (Quit: Lost terminal)
1200[09:35:28] <setuid> noln: I have no idea. If I use 'update-initramfs -c -k $(uname -r) -b .' and then take that initramfs that is made, along with /boot/vmlinuz-$(uname -r), and ship those over to cobbler, it does boot, and gets to the point where it tries to mount /sys, /proc, /dev, etc. and fails. "No init found"
1215[09:39:02] <setuid> noln: The default netboot/initrd.gz boots successfully, gets into the installer, and then fails because it can't find network. So I started with that.
1217[09:39:43] <setuid> So I took that, unpacked it, then created a new initramfs, unpacked that _over the top of_ the same tempdir that I unpacked the netboot/initrd.gz into, combining both.
1218[09:39:56] <setuid> Then I repacked that into a new initrd.gz, which now fails to boot, lacking init
1220[09:42:24] <trek00> setuid: have you tried to concatenate the build initrd with dkms module to the initrd from netboot? zcat yourinitrd.gz netboot/initrd.gz | gzip -9v newinitrd.gz
1221[09:43:23] <ratrace> that's exactly explained in the link leden posted, for Jessie and above: replaced-url
1222[09:43:28] *** Quits: [sID] (sid@replaced-ip) (Remote host closed the connection)
1403[11:29:46] <ratrace> disabled systemd services can still be started as a dependency for something else, or by NM or some other DE component. to truly disable it, one must "mask" the service unit
1404[11:29:57] <tarzeau> diogenes_: why would i?
1405[11:30:14] <tarzeau> diogenes_: i'm using gnustep/wmaker i don't like fd.o and desktop files, nor gnome, nor systemd
1406[11:30:39] <ratrace> tarzeau: I think that was for Wulf and you were mistabbed :)
1422[11:39:59] <ratrace> Wulf: in case that fails too (because all you can do is blacklist modprobe on boot, but it should still be modprob-able manually or by a service, unless I'm mistaken), you can systemctl mask bluez.service I think that's the service name?
1423[11:40:26] <ratrace> that means you'll have to unmask+start when you do want to use BT, and stop+mask again when you don't
1540[12:54:55] <Wulf> I use ext4 + lvm on hardware raid and it works for me. But I'm not an expert on these things.
1541[12:55:47] <Guest_76> Fair enough, thanks for chiming in, trying to stay away from hw raid as i don't have proper/interchangeable raid controllers :)
1552[13:02:29] <ratrace> Guest_76: Zfs works just fine on Debian
1553[13:02:37] <ratrace> Wulf: pls no FUD kthnxbai
1554[13:02:56] <Wulf> ratrace: I didn't say that it does not work.
1555[13:03:13] <ratrace> Wulf: but you're spreading FUD with that license nonsense
1556[13:03:24] <Wulf> ratrace: how is that nonsense?
1557[13:03:48] <ratrace> because it is. ZFS license does not prevent it from being used and installed on debian systems. it does not violate the kernel or any GPL or any other license
1558[13:04:07] <ratrace> it's also not proprietary code, it's open source.
1582[13:07:43] <Wulf> Guest_76: looks like it's easily installable on Debian.
1583[13:08:23] <ratrace> there's just one bug with buster's packaging, it requires spl-dkms be installed _first_ and when zfsutils-linux fails on modprobe, it must be modprobe'd manually and apt install resumed
1584[13:08:47] <Guest_76> ran into that bug on test install i think :)
1620[13:36:57] <Erhu> if I have two debian distros on my sda ; is it ok if I just create one SWAP since only one of them will be used one-at-a-time. Is this ok
1668[13:52:36] <Erhu> what is the GTK ... apt-get install GTK doesn't work, I tried apt-cache search GTK but too many .. have anyone here installed GTK
1671[13:53:53] <ratrace> Erhu: that said, you almost never install it directly, it's pulled in as a dependency, because as you see there are several bindings and variants
1672[13:54:55] <Erhu> Geany said to install gtk first... but didn't say how.
1692[13:58:29] <Erhu> how can I tell if I have stretch?
1693[13:58:29] <ratrace> you can easily upgrade to buster. and if you're on devuan, then yeah, their next release, based on buster, is nowhere in sight.
1694[13:58:44] <jelly> Erhu: lsb_release -sc
1695[13:59:04] <jelly> !debian suite
1696[13:59:05] <dpkg> cat /etc/debian_version (or lsb_release -sc). Or check /etc/apt/sources.list. If unsure about the distribution, $ cat /etc/{*version*,*release*,*issue*} should grab almost all distributions.
1741[14:11:40] <n_1-c_k> ratrace, I have no auto update enabled (that I know of!). I'm not sure it really is updating as there is no change in the version number in help/about.
1742[14:11:42] <TomyWork> iirc, there was a command to specifically mark one package version as bad and have the autoupdate ignore it, but install the next one. I have a use case for that with a 3rd-party package but I cannot remember the command.
1743[14:13:50] <n_1-c_k> ratrace, thanks for your responses. I do suspect the 'update' is bogus as my bandwidth is so puny I think I'd notice the download. But am unsure.
1744[14:13:56] <ratrace> n_1-c_k: are you sure you're not runnign unattended-upgrades or something and FF updated (As it recently upgraded from ESR-60 to ESR68) without you knowing?
1746[14:14:44] <ratrace> I ran into exactly that once, that's how I saw that FF page for the first time. was testing gnome and I didn't know it came in unattended-upgrades and FF updated without me noticing
1747[14:14:53] <n_1-c_k> ratrace, unless unattended-upgrades has installed itself, no, I've never run it.
1748[14:15:03] <ratrace> n_1-c_k: it is on GNOME installations afaik
1770[14:20:15] <rander2> ratrace, so must I buy it from a certification autority ?
1771[14:21:02] <rander2> is it possible use a free system or must I buy it ?
1772[14:21:05] <n_1-c_k> I'm getting more sure that it's a bogus message from Firefox. It often warns me of OCP(?) errors that go away when I restart ff.
1773[14:21:19] <n_1-c_k> I hope it's nothing nefarious.
1774[14:21:46] <ratrace> rander2: you can use free certificates from LetsEncrypt. Also some registries and CAs are offering free options, like Comodo
1776[14:22:08] <ratrace> n_1-c_k: first thing I'd suspect in that case is filesystem corruptions
1777[14:22:17] <rander2> ok
1778[14:22:43] <n_1-c_k> ratrace, oh that sounds bad. How does one verify or correct such a thing?
1779[14:24:01] <ratrace> n_1-c_k: depends on the filesystem. you can see if there are any hints of it in dmesg. you can run e2fsck with the -c option (I think it might require unmounted filesystem for that).
1780[14:24:10] *** Quits: Guest_76 (3d7dc027@replaced-ip) (Remote host closed the connection)
1781[14:24:12] <ratrace> that's for ext filesystems for example
1792[14:30:58] <fighter_fish> hello running debian 10 on a VM. So far everything ran fine, but once I was tinkering with open box and accidentally messed up. So I fix my error and restart the VM, however on boot I find I can't access the internet. What went wrong? How does tinkering with my WM mess with my ethernet?
1795[14:32:18] <oiaohm> With modern day drives by the time file system is showing badblocks you are really in big trouble because the smart system on the drive has to have failed.
1796[14:32:33] <oiaohm> Or the cable to the drive has failed.
1806[14:42:57] <rander2> I'm configuring exim4 for sending mail, the server is on a vps. I may send mail locally throught mutt , but not from remote . How may I end mail using exim4 from vps without enable mail spamming ?
1836[14:54:16] <rander2> ratrace, mutt and mail are 2 text client locally in vps
1837[14:54:46] <ratrace> rander2: I'm just trying to understand your question. "How may I end mail" .... what do you mean by "end mail"?
1838[14:55:09] <ratrace> "end mail ... from vps without enable ... spamming" what does that mean
1839[14:55:21] <greycat> If you're sending mail via a command-line client like mailx which is reading from stdin, you end the message the same way you *always* end tty stdin -- by pressing Ctrl-D on a line by itself
1848[14:56:15] <greycat> rander2: paste for us the error message you are seeing
1849[14:56:21] <ratrace> greycat: I don't think that was the question, I think it's a language barrier... they probably mean something else and i'm trying to figure out what
1850[14:56:36] <greycat> yeah, subsequent messages from this user confirm that it's still very ambiguous
1864[15:02:01] *** OS-24787 is now known as typh0on
1865[15:03:13] <Shahnaz> any way to bind glusterfsd volumes to internal ips only?
1866[15:03:27] <Shahnaz> per default its on *:49152
1867[15:03:52] <n_1-c_k> ratrace, oiaohm, thanks. I rebooted with 'fsck.mode=force' which found nothing, so I'll hope for best and assume ff is playing tricks.
1889[15:09:52] <ratrace> rander2: by "local mailbox" I mean... mailbox for delivery. "local" has other meaning with MTAs (delivery to local system users' maildir/mailbox)
1890[15:10:34] <rander2> ratrace, I'm trying to send mail from thunderbird, I haven't exim here, cause I'm in back a NAT
1901[15:12:40] <teclo-> afternoon, I am a regular Debian GNU/Linux user and I just clean-installed Debian 10.1 on a server... I got a problem in screen and/or irssi: ctrl-n and ctrl-p for next and previous channels work, but esc-1 or esc-2 or esc-3 do not bring me to the 1st, 2nd, or 3rd channel... what is the next step ?
1902[15:12:44] <ratrace> rander2: I think your bad english prevents you from having quality support here. either try google translate or try your language specific channel. which language is it?
2049[16:10:52] <rander2> I have a vps running exim4 , how can I make exim accept mail from a different host, but with an existing sender? He always tells me "relay not permitted"
2054[16:12:25] <revolutionary> Here is the apt connection view
2055[16:12:26] <revolutionary> 0% [Connecting to SOCKS5h proxy (socks5h://127.0.0.1:9050)]
2056[16:12:29] <greycat> rander2: if you're trying to RECEIVE mail (rather that pass it along, which is called "relay"), you need to tell exim what your domains are. So when exim receives a message that says "to jonnie@your.domain", and "your.domain" is considered local, exim will accept it and deliver it.
2060[16:13:53] <greycat> On the other hand, if you ARE trying to relay mail (a -> b -> c and you are currently looking at b), then that's a WHOLE different question and a whole lot harder to answer.
2064[16:16:31] <rander2> greycat, I'm trying to relay mail using exim as smtp , but with existing users on vps. In other worlds to send mail without using local account on vps
2068[16:17:34] <rander2> classic relay mean send mail from another doman
2069[16:17:52] <greycat> Conceptually, the issue is "how do you know which message to relay, and which messages to reject".
2070[16:18:25] <greycat> In the good old days, you simply accepted messages based on source IP addresses, because you were relaying for the users in your corporate network.
2071[16:18:51] <rander2> greycat, to avoid spamming ralay is disable, I must usa some type of smtp authentication , but I dont know exactly how do this
2072[16:18:57] <greycat> But around 20 years ago, it became the Cool Thing for people to work from home and shit, so now you can't use IP addresses to judge which messages are allowed.
2073[16:19:26] <greycat> rander2: OK, good, at least you understand what the issues are. If nobody here knows, then find an exim channel.
2074[16:20:18] <lunchslut> anyone using ibus on 10.1? ive been having issues switching input methods in Qt apps since updating to stable. i have the same issue on multiple distinct machines
2075[16:20:45] <lunchslut> i havent been able to find any relevant bug reports though and it works fine on oldstable
2076[16:20:50] *** Quits: utail_ (~travism@replaced-ip) (Quit: Lost terminal)
2077[16:21:39] <rander2> I must set up ssl/tls to authenticate the sender user , but I dont know exacly
2092[16:27:27] <ratrace> oh wow I forgot about the userfriendly cartoon!
2093[16:27:33] <aexl> greycat: i solved i by allowing stable updates (xD) and also installing xdg-dbus-proxy and also upgrading gir1.2-webkit2-4.0 and libwebkit2gtk-4.0-37
2094[16:27:38] <revolutionary> ohh ratrace how do you do?
2096[16:28:12] <rander2> all major mail provider as google , yahoo, for example , use this approach to avoid spamming and fake mail sender. So my question isnt so strange
2097[16:28:35] <revolutionary> rander2 maybe you should use SPF/DKIM
2098[16:29:01] <greycat> Nobody said your question was strange. I said I don't know how to do it with exim. Ask the #exim channel if nobody else here knows either.
2115[16:33:12] <petn-randall> hi, how do I find out by which process a file is created? I tried inotifywait, but that doesn't list the process doing the file access.
2129[16:38:47] <petn-randall> ratrace: I'm trying to give fnotifystat a spin, but it's always just outputting "Duration must be 0.5 or more." The man page does not mention any duration.
2183[16:56:20] <webstrand> Is there a way to mark a package for autoremoval? I've `apt-mark auto mlocate`, but `apt-get autoremove` doesn't remove the package
2184[16:56:52] <greycat> why not simply remove it?
2186[16:57:08] <jelly> webstrand: autoremove won't remove any package if some other Depends or Recommends on it
2187[16:57:09] <webstrand> Bascially, I want to queue up manually installed packages for removal, then let apt figure out which packages are still needed and which aren't
2188[16:57:27] <Habbie> webstrand, trying to explicitly remove it may show you why it is not being autoremoved
2245[17:05:16] <dpkg> The release following Debian 10 "Buster" is codenamed "Bullseye" (Woody's horse in Toy Story 2) and will be Debian 11. It is the current "testing" release. Remember that straight after a stable release, all sorts of mess suddenly lands in "testing" and it is best avoided if you don't like debugging things. replaced-url
2246[17:05:16] <greycat> how on earth can you work the word "clean" into that sentence with a straight face
2266[17:09:19] <ratrace> greycat: you're missing that it's a path mounted rw by systemd with all sorts of gotchas and warnings
2267[17:09:20] <xormor> ratrace, "/dev/sda1 on /boot/efi type vfat" this is some EFI. then there is the /boot in "/dev/sda2", and then there is the efivars.
2290[17:16:36] *** Quits: breakout (~break@replaced-ip) (Remote host closed the connection)
2291[17:16:39] <greycat> What "issue"? That "suggests" prevents autoremoval? That sounds eminently sensible to me.
2292[17:16:39] <webstrand> `apt-mark showauto | grep mlocate` shows that mlocate is marked auto
2293[17:17:54] <greycat> Maybe I'm slightly biased, because I *completely* disable autoremove on my systems, but I would think that the default behavior of autoremove (if it's to be tolerated at all) should be *extraordinarily* conservative. Nothing should be removed if there's even a *hint* that something might want it.
2295[17:18:44] <annadane> yep should be pretty conservative
2296[17:18:44] <jhutchins_wk> If you use aptitude in menu mode it's possible to go through and mark a selection of packages to remove then remove them.
2297[17:18:57] <webstrand> But suggested packages /have/ to be manually installed in the first place, right?
2298[17:19:03] <greycat> No.
2299[17:19:12] <revolutionary> jhutchins_wk which file i should locate or edit?
2300[17:19:19] <greycat> apt has modes of operation where it installs Suggests, or not.
2301[17:19:21] <revolutionary> i couldn't find file name on that page
2304[17:23:27] <greycat> apt-get has the command-line option --install-suggests and the doc points to config file item APT::Install-Suggests as its parallel.
2305[17:23:42] <jhutchins_wk> revolutionary: That project hasn't had a commit in over three years. If you installed it from the debian repos, dpkg -L will show you what files it installed, but I would think an un-maintained package that doesn't have clear documentation and addresses something that really isn't a real need might best be avoided.
2306[17:23:52] <annadane> only depends and recommends are installed by default and you can --no-install-recommends if you're really adventurous
2307[17:23:59] *** Quits: tagomago (~tagomago@replaced-ip) (Remote host closed the connection)
2308[17:24:26] <revolutionary> jhutchins_wk i will try now dpkg -L
2309[17:24:26] <ratrace> I only install with --no-install-recommends :) too opinionated for my taste.
2310[17:24:49] <annadane> not a bad approach. i'd probably go crazy if i did it myself though
2312[17:25:19] <webstrand> Is there some way I can `apt-get remove foo bar` where remove will skip package foo if it's a dependency of another package?
2313[17:25:23] <jelly> it's a good approach if you don't ask questions why stuff does not work, in here
2314[17:25:24] <ratrace> of course it sometimes has a point, but things like smartmontools pulling in an entire MTA suite? nope nope nope nope.
2316[17:26:06] <webstrand> I've been using autoremove, but I know which packages I no longer need, I just don't know if they're dependencies of other installed packages
2317[17:26:08] <greycat> webstrand: what are you actually trying to do?
2318[17:26:08] <jelly> ratrace: install a tiny one like dma, or you won't get mail when a disk fails
2319[17:26:36] <ratrace> jelly: I know and I don't want it to send any emails.
2321[17:27:00] <webstrand> greycat: I'm trying to remove a list of packages that I installed previously. But I don't want to remove dependencies of other packages that I'm not explicitly removing
2324[17:27:04] *** Quits: beaver (~beaver@replaced-ip) (Remote host closed the connection)
2325[17:27:08] *** Quits: wxb1 (~wxb3@replaced-ip) (Remote host closed the connection)
2326[17:27:20] <greycat> And this is a one-time thing? With a finite list?
2327[17:27:23] <webstrand> yep
2328[17:27:31] <ov3rmind> hey guys please gimme some attemption, oneof myfirst used distros is slackware butineed to beinvited to join in this freenode channel, anyone can invite me please?
2329[17:27:37] <greycat> Just do "apt-get remove foo" and if it says "I want to remove three things", say no, and move on to the next one.
2330[17:27:51] <annadane> ov3rmind, i believe it's ##slackware
2331[17:28:04] <annadane> note the double number sign
2332[17:28:12] <ratrace> isnt there usually an autoredirect?
2357[17:31:44] <JordiGH> greycat: What makes you think my Firefox crashes are related to dsa-4558?
2358[17:31:51] <greycat> what
2359[17:32:03] <swift110> lol greycat
2360[17:32:04] <ratrace> me too! then I was, like "what do you mean there's no package manager!? what do you mean I have to resolve deps myself!" and then it was removed, pronto espresso schnell.
2361[17:32:06] <JordiGH> lol
2362[17:32:06] <JordiGH> <JordiGH> ratrace: I guess it just took longer: replaced-url
2363[17:32:08] <JordiGH> <greycat> Seems it's related to replaced-url
2364[17:32:14] <greycat> what makes you think anything I said about a dsa was directed at you
2365[17:32:22] <ratrace> JordiGH: bet lost eh
2366[17:32:25] <greycat> that was a different discussion
2367[17:32:35] <JordiGH> greycat: The fact that you said it right after I said it and you didn't address anyone.
2368[17:32:41] <JordiGH> That's what makes me think you were talking to me.
2369[17:32:47] <JordiGH> It's a reasonable assumption to make.
2370[17:33:08] <JordiGH> Especially since you said "even though the package name isn't mentioned explicitly [in the stack trace]".
2371[17:33:27] <JordiGH> ratrace: Yep. I should have insisted on it.
2555[19:19:17] <dpkg> Ciao, vai su #debian-it per ricevere aiuto in italiano. Italian Speakers: Please use #debian-it, there you will get much more help.
2556[19:19:50] <tradar> !de
2557[19:19:50] <dpkg> Deutschsprachige Hilfe bekommt ihr in #debian.de (auf irc.oftc.net, irc.freenode.net oder irc.belwue.de) - German speaking users please go to #debian.de (on irc.oftc.net, irc.freenode.net or irc.belwue.de).
2558[19:19:56] <tradar> ĸeĸ
2559[19:20:12] <luca> Grazie, sono qui solo per fare due chiacchere su debian, sapete dove posso trovare un canale per parlare con gli sviluppatori? Ho qualche idea in merito per migliorarlo
2561[19:20:52] <lupulo> luca try to send an email to the package which you want to improve
2562[19:21:08] <luca> Faccio computer per amici e collaboro con un negozio dunque sono riuscito a ottimizzare l'interfaccia in modo che sia userfriendly per tutti
2563[19:21:18] <luca> Basata su Xfce
2564[19:21:21] <lupulo> luca you could try to speak with the mantainer of the package
2686[20:12:17] *** Quits: marsupapu (~marsupapu@replaced-ip) (Remote host closed the connection)
2687[20:14:00] *** Joins: mati (~mati@replaced-ip)
2688[20:14:10] <mati> Hi, I have a question regarding GRUB. I was looking for an answer, but couldn't find it on Arch Wiki. I've changed the resosution of GRUB ( in /etc/default/grub GRUB_GFXMODE=) from auto to 1920x1080. Before the change, GRUB loaded instantly but with 1080p resolution it loads from bottom to top, if you know what I mean. Is there any way to mitigate/eliminate this and make the loading faster?
2703[20:22:42] <mati> diogenes_: can't really do that, because I have a custom theme. That's another reason why I wanted to change the resolution to higher (I wanted the theme to look good)
2704[20:23:53] <diogenes_> mati, and that's why it's laggy, it has to do with framebuffer device.
2705[20:24:29] *** Quits: pringau (~pringau@replaced-ip) (Remote host closed the connection)
2706[20:24:33] <mati> diogenes_: So there isn't a way to make the loading faster without lowering the resolution, right?
2742[20:34:14] <mati> diogenes_: I'll try on another machine, though. My friend once tried to dual boot windows and linux and he didn't manage to do it. He uses Arch and even Arch Wiki says that this option is not recommended and it's better to go with BIOS in that case
2758[20:38:46] <greycat> f8e3: if you installed an MTA, yes
2759[20:39:13] <f8e3> does MTA need to be a mail provider/hoster or just custom setting-up?
2760[20:39:22] <greycat> !mta
2761[20:39:22] <dpkg> A Message/Mail Transfer Agent (MTA) is a program that transfers e-mail in or out of a system, most often using SMTP. An MTA is usually accessed by calling /usr/sbin/sendmail and thus usually includes that binary. Therefore, in Debian, all MTAs (<exim4>, <postfix>, <qmail>, <ssmtp>, <nullmailer>, etc) mutually conflict. Ask me about <which mta>, <mta comparison> and <why an mta>. replaced-url
2794[21:00:21] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
2795[21:00:49] *** Quits: aleksander (b22a0e75@replaced-ip) (Remote host closed the connection)
2796[21:01:09] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
2797[21:01:15] <somiaj> I dual boot just fine with uefi (though haven't tested secure boot), I just use the firmware to select which efi file to boot from, not grub. I kinda hope bootloaders become less common with uefi, since they aren't really needed anymore
2798[21:01:32] <somiaj> though I guess they do allow you to have multiple kernels easier, than having to put extra enteries into the efi partition
2818[21:10:23] <greycat> If you do not have a working mail server of your own, you'll probably have to relay your outgoing mail through a smart host, typically using SMTP Authentication (name and password) so the relay will permit you to use it.
2819[21:10:46] *** Quits: mati (~mati@replaced-ip) (Quit: Lost terminal)
2822[21:10:57] <dpkg> sSMTP is an extremely simple <MTA> to get mail off the system to a mailhub. It does not receive mail, expand aliases or manage a queue. replaced-url
2825[21:12:26] <f8e3> do mean sth like sendgird/mailgun etc, 'smart host' i am very new, so i need sth else out there, uff, not a simple setup then, yet unclear what
2835[21:27:06] *** Joins: dokma (~vlatko@replaced-ip)
2836[21:27:47] <dokma> So I cannot get systemd to leave my sshd subprocecesses alive after logout. Did the usual KillMode=process dance but no go.
2837[21:28:10] <dokma> TMux is the process that gets whacked but I suppose that is not really relevant.
2838[21:28:30] <dokma> Is there any way to check if KillMode=process is active in the current session?
2839[21:28:42] <petn-randall> f8e3: Setting up a mail server that its mail will get accepted by 3rd parties is a larger undertaking than setting up a web server. It needs experience and a lot of fixing of small but annoying things.
2841[21:29:33] <greycat> dokma: are you saying that you do something like ssh yourhost 'sleep 1111 >/dev/null 2>&1 &' and it dies after the ssh connection terminates?
2842[21:29:52] <dokma> greycat: let me try that exact thing
2843[21:30:48] <dokma> greycat: hmmm... sleep remains running. So it's something about tmux.
2844[21:31:19] <greycat> also for the record, Debian's ssh.service already has KillMode=process
2845[21:31:38] <dokma> greycat: I know... I added it to the per process service too
2846[21:31:56] <dokma> Now I'm wondering what is killing tmux on logout...
2847[21:32:26] <f8e3> petn-randall yes i will refrain, and wait for the next tech
2850[21:33:39] <petn-randall> f8e3: That's what sendgrid/mailgun and others do: You pay them to take care of the gritty details of successful mail delivery.
2851[21:35:37] <f8e3> my goal is to have a simple decentralized setup far from data/censor silos
2852[21:35:39] <somiaj> and even if you do everything correct, if you happen to get an ip that some spammer in the pass abused, you still get your emails rejected by the big guys.
2858[21:37:04] <petn-randall> I've been running my own mail server for several years now, and I just recently fixed an issue that negatively affected delivery. Timewise it's better to spend it elsewhere and pay someone. Unless you do it for fun and to learn things.
2867[21:38:13] <greycat> Email *is* a decentralized peer to peer messaging system that everyone uses ... in 1992.
2868[21:38:15] <f8e3> p2p message exchange: the decentralized network queues the messages for y until received, you need to whitelist senders, voila no spam since y can explictly balcklist again
2879[21:41:28] <f8e3> it was never designed for scale, + ecnrytped stuff pulumping is horrible (i guess); theresll be aanother solution wihtin the next decade for sure
2880[21:41:36] <f8e3> these messaging apps are just a precursor
2895[21:47:05] <_DeLa_> Hi there! I have installed Zotero (replaced-url
2896[21:47:05] <_DeLa_> Now, updating Zotero from within the software worked without root privileges, while updating Pycharm from within the software forced me to use root privileges. How is this possible!?
2897[21:47:44] <petn-randall> _DeLa_: I'm actually surprised that you could install zotero without root, as /opt should only be writable by root.
2908[21:52:07] <f8e3> to understand linux/debian whats the best way to start from medium progermmer pov to get to know the 'system' ?
2909[21:52:53] <greycat> !handbook
2910[21:52:53] <dpkg> The Debian Administrator's Handbook is at replaced-url
2911[21:52:57] <mutante> f8e3: use it as your everyday desktop
2912[21:53:24] <tpo2> why is pulseaudio `netstat -anp|grep pulseaudio` listening on all interfaces `tcp 0 0 0.0.0.0:45285 0.0.0.0:* LISTEN 1034/pulseaudio`?
2913[21:53:26] <petn-randall> f8e3: A fundamental problem of every p2p messaging system will be spam.
2914[21:54:17] <petn-randall> f8e3: You can already just whitelist people/servers with mail. You'll just have a serious bootstrapping problem if someone wants to send you something that you don't know yet.
2915[21:54:18] <f8e3> petn-randall i am willing to pay for each message, imagine, spammers will pay me for sending me, making them poor the receiver of spam rich, good deal
2925[21:58:52] <petn-randall> f8e3: Microsoft had a system where you'd have to pay them money to send mail to anyone, like 15 years ago. I forgot how they called it. It failed because no one was willing to pay MS for something that everyone could do for free.
2926[21:59:01] <amflir> I set my apt prefs like this. Why it wants to upgrade to testing when I do apt-get dist-upgrade? replaced-url
2927[21:59:23] <greycat> "prefs"...
2928[21:59:49] <greycat> "Pin". Gaaaahhh. Frankendebian in progress.
2929[22:00:15] <greycat> petn-randall: I am just going to /ignore this person now, so you don't have to be angry at me when I get angry at them.
2930[22:00:33] <somiaj> !don't break debian
2931[22:00:33] <dpkg> well, dont break debian is replaced-url
2932[22:00:34] <mutante> pay to send mail = LinkedIn business model
2933[22:00:51] <somiaj> amflir: ^^ what you are doing will end you up in a world of pain
2934[22:01:00] *** Quits: puxavida (~comptekki@replaced-ip) (Remote host closed the connection)
2941[22:02:44] <petn-randall> amflir: You should be mixing several releases on a system, anyway. So even if your pinning would work, you'd be breaking your system.
2942[22:03:00] <somiaj> s/should/should NOT/
2943[22:03:03] <amflir> somiaj, thanks for letting me know about FrankenDebian. But I still like to know what is wrong with my apt pins?
2975[22:11:29] *** Quits: Clarth (~Clarth@replaced-ip) (Remote host closed the connection)
2976[22:11:30] <amflir> petn-randall, nothing much. just comfort. this is a PC and I like to be able to install whatever I want without hassle until I break the system.
2977[22:11:40] *** Quits: His_Dudeness__ (~His_Duden@replaced-ip) (Remote host closed the connection)
2988[22:14:31] <dpkg> First, check for a backport on <debian-backports>. If unavailable: 1) Add a deb-src line for sid (not a deb line!); ask me about <deb-src sid> 2) enable debian-backports (see <bdo>) 3) apt update; apt install build-essential; apt build-dep packagename 4) apt -b source packagename 5) dpkg -i packagename-ver.deb To change compilation options, see <package recompile>; for versions newer than sid see <uupdate>.
2992[22:20:22] <f8e3> petn-randall curcial miss and the consumer is correct, why pay some centralized party if another with same feature does it for free; miss is do it p2p + pay for mail = voila, network is buffering, and the digital cash is some crypto-thingy
2994[22:20:36] <f8e3> i think were on to something here
2995[22:20:57] * f8e3 :D sure
2996[22:22:21] <petn-randall> amflir: Do as you wish. You should just know that we don't support such a setup, so if anything breaks, you get to keep all the pieces.
2997[22:23:08] <petn-randall> f8e3: Uuuh, you do your thing. Let us know when you've implemented it.
3005[22:25:47] <greycat> ah, you're talking about the Debian Administrator's Handbook. Well, there isn't a newer one. And sure, there are some changes from 8 -> 9 -> 10, but most things are basically similar.
3084[23:24:21] <GenTooMan> hmm I have a problem my kernel keeps loading the dvb_usb_rtl28xxu module WHICH blocks me using rtl-sdr. Since I don't have a DVB-T toy on my machine but an SDR based on RTL any suggestions? I looked at the rtl-sdr and the suggestion was modprobe -r dvb_usb_rtl28xxu but that just reports a "can't do" (ran as root).
3121[23:45:41] <GenTooMan> petn-randall "modprobe: FATAL: Module dvb_usb_rtl28xxu is in use" however I just tried GQRX and nrsc5-gui and ... weird it works now, I wonder if the last kernel update fixed the issue.