12[00:08:36] <lusrx> trying to write a bootable usb with debian 10.6 using rufus on windows and getting this error on loading the iso: this image is either non-bootable, or it uses a boot or compression method taht is not supported by rufus
13[00:08:57] <roycroft> uefi?
14[00:09:00] <sney> !win32diskimager
15[00:09:01] <dpkg> win32diskimager is much more reliable than <unetbootin> for copying ISO images to USB sticks and you can download it from replaced-url
19[00:09:46] <sney> lusrx: use win32diskimager, it's more reliable. rufus is trying to convert a cd iso with its own logic, but the debian iso is already a hybrid usb image and doesn't need to be converted
20[00:10:04] <roycroft> there's probably an easier way to do it, but i ended up installing the windows utility to create a bootable usb disk with a windows installer, then scribbling over the windows installer with the debian iso using rufus
21[00:10:06] <sney> rufus can be used if your version lets you force it to use DD mode
42[00:14:53] <lusrx> "an error occurred when attempting to write data to handle. error 5 access is denied" of course... blocked by anit malware bla bla
43[00:15:11] <lusrx> ok now it writes
44[00:15:12] *** liquidsandwich is now known as HamburgerMilksha
45[00:15:43] <petn-randall> !rufus
46[00:15:43] <dpkg> rufus is a tool that can be used to make bootable USB devices under Windows. Debian CD/DVD images MUST be written in "DD Mode," otherwise it mangles the installer in cruel and unusual ways, resulting in hard to debug problems. Ask me about <hybrid images>, <usb install>, <win32diskimager>.
47[00:15:56] <petn-randall> roycroft: rufus doesn't always work fine. ^^^
48[00:16:08] <sney> we covered that
49[00:16:38] *** HamburgerMilksha is now known as liquidsandwich
50[00:16:49] <petn-randall> ah sorry
51[00:17:50] <lusrx> how old is this tool? hosted on sourceforge? and looks like it was updated last time in 2017?
52[00:18:22] <lusrx> rufus is the best in my experience, for windows and for linux.
53[00:18:28] <sney> probably about a decade. it's a very simple tool, does what it's supposed to
54[00:19:24] <sney> again, rufus modifies the image for usb. the debian iso is *already* a usb image. rufus's modifications predictably break the debian iso.
56[00:21:31] *** Quits: gryffus (~gryffus@replaced-ip) (Quit: This computer has gone to sleep)
57[00:21:56] <lusrx> that's interesting. i'm speculating but that may be what keeps breaking my ubuntu installations, and my recent elementary os installation. right now im looking at a glowing black lcd on a laptop next to me featuring elementary os i installed 20 minutes ago.
58[00:22:40] <sney> yep, debian derivatives usually use the same installer
63[00:23:02] <lusrx> i have been at this for the past 6 hours or so, done 4 installs of ubuntu 20.04 and 1 elementary and they all break on reboot right after doing my software update
68[00:24:28] <lusrx> the thing about rufus is that it allows me to pick iso or dd write mode, and i always select iso. but with debian iso i got (debian-10.6.0-amd64-DVD-3.iso) i never get to see the prompt
92[00:28:51] <sney> monkwitdafunk: yep, debian has the full archive available as isos and apt-cdrom lets you add them to your sources. good for systems that spend a lot of time off the public internet.
93[00:29:10] <petn-randall> monkwitdafunk: Ubuntu doesn't support that?
94[00:29:20] <sney> ubuntu doesn't have the full cd sets I suspect
105[00:33:21] <lusrx> is there a big difference between ubuntu and debian in terms of installation process and hardware requirements? the only reason i'm toying with debian is because ubuntu (and elementary) fail to boot on my laptop right after updating the software to latest version
108[00:34:41] <sney> monkwitdafunk: dpkg is a bot. I'm not sure if non-free stuff is available on the official isos, actually, but it should be possible to make one
116[00:36:46] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
117[00:36:55] <monkwitdafunk> what is the default packet writing software for debian 10.6
118[00:36:55] <lusrx> current status: i used win32d* like you said and successfully wrote that debian iso file to a usb stick. and now i have "elementary" installed on ssd of the laptop, "ubuntu (p0: hfsblabla)" in showing in my bios/uefi boot menu (esc key) and i have a "debian" on usb stick plugged in and not showing anywhere...
126[00:39:47] <dpkg> Some Intel UHD GPUs made after 2015 require firmware from userspace for all features to be enabled. This includes Skylake, Kabylake, Broxton, Cannonlake and possibly others. Ask me about <non-free sources> and install firmware-misc-nonfree to provide.
129[00:40:18] <sney> typically with driver firmware, if you install it once and the driver works, you don't need to worry about updates
130[00:40:24] <lusrx> sney: my efi boot menu... you mean the bios boot menu right? the menu you get after pressing f8/f2/esc? just checking. i will try different usb ports, these things also act weird sometimes
131[00:40:33] <sney> lusrx: yes that one.
132[00:40:46] <roycroft> and actually, if you install it once and it works updates might break it
133[00:41:27] <sney> not exactly. but updates to firmware-nonfree are more often about adding new firmware blobs, than about updating existing ones
134[00:42:13] <monkwitdafunk> okay, im hoping for another intel NUC that doesnt have the iris card
135[00:42:42] <monkwitdafunk> most intel NUC's are CSA approved as a safety rating
136[00:42:59] <sney> unfortunately, new hardware is trending towards needing *more* firmware, not less
137[00:43:15] <sney> the intel stuff usually works fine once it's installed at least
138[00:43:20] <lusrx> sney: ok good to know. but i have tested in all 3 of my usb ports and i get 0. i even powered cycled the laptop between each plug/unplug to make sure it registers.
139[00:43:23] <monkwitdafunk> firmware as in basic I/O?
143[00:43:54] *** holly7218 is now known as S3xyL1nux
144[00:44:11] <sney> on wifi it's usually RF regulatory stuff as far as anyone can tell, but the binary nature means nobody but intel knows exactly what's in there
146[00:45:21] <lusrx> ok so i used win32d* to write debian-10.6.0-amd64-DVD-3.iso to my usb stick. and the laptop does not see it. what file system is on this?
147[00:45:22] <monkwitdafunk> well if theymake the hardware, theymake the drivers then correct?
167[00:50:18] <lusrx> sney: i don't understand. why would my image not be bootable?
168[00:50:52] <lusrx> i downloaded from this page: replaced-url
169[00:50:55] <sney> lusrx: because iirc, only the first DVD/CD in the set actually has the installer. images 2, 3, 4 etc only have packages.
170[00:51:11] <monkwitdafunk> thats right lusrx
171[00:51:21] <monkwitdafunk> ive burnt the first 3 DVDs in the past
172[00:51:25] <lusrx> omg... *facepalm*
173[00:51:30] <monkwitdafunk> i never got that far however
174[00:51:47] <monkwitdafunk> didnt you burn the netinstall lusrx?
175[00:51:52] <monkwitdafunk> go with netinstall
176[00:52:08] <sney> and as the page here says under "do I need all of these files?" "Initially, you will only need to download and use the first image of a set" replaced-url
177[00:52:10] <monkwitdafunk> even microsft has theirown version of netinstall
178[00:52:20] <lusrx> lol. i thought this was a point release
179[00:52:38] <monkwitdafunk> idk what a point release is
180[00:52:46] <sney> !point release
181[00:52:46] <dpkg> Point releases are updates to <stable> and <oldstable>, fixing security and grave bug fixes. If you track security updates regularly (as you should!) there will often be no updates for you in the point release. You can upgrade to the latest point release with "apt update && apt full-upgrade". Ask me about <9.13>, <10.5>.. replaced-url
182[00:52:58] <lusrx> forgive me for being dumb :)
185[00:53:29] <sney> no worries, happens to everyone
186[00:53:39] <lusrx> fwiw, enabling csm made the usb stick show up on boot menu. but of course "reboot and select proper boot device or insert boot media"
198[00:57:52] <lusrx> i just want to install some kind of linux os on my laptop and call it a day. i want to give debian a try. doesn't matter what media it is (as long as it's the right one that boots).
206[01:00:37] <lusrx> i installed ubuntu earlier, 4 times, and elementary is installed currently, and they all work just fine, up until they both somehow screw up the bootup process after installing all the latest updates. leave me hanging at "ASUS IN SEARCH OF bla bla" logo or sometimes the boot menu or just a glowing black screen.
207[01:01:37] <sney> that's unusual, but we don't know what changes those other OS teams have made that could cause that behavior. if it happens with debian we can help.
210[01:04:54] <lusrx> yeah it's very strange. i first thought it was because of proprietary nvidia drivers, but i did 2 installs of ubuntu with all those checkboxes deselected and still ran into the same issue.
211[01:05:08] <lusrx> the good news is, rufus now knows how to write "debian-10.6.0-amd64-DVD-1.iso" :)
215[01:07:46] <jmcnaught> If you have network access during the install don't bother downloading DVDs, just use the netinst image. If you need to use wifi during the install you probably want the firmware ISO that snéy linked above.
247[01:21:08] <lusrx> ok, will do that. but i will call it a day now. i can't get past "detect network hardware". the iwlwifi dialog. asks me if i have such media available now and to insert it and continue.
248[01:21:20] <lusrx> i have the graphical installer running
330[02:20:02] <sney> jhutchins: even the main free alternative, jitsi, isn't in the archive though the hosted one mainly runs on debian cloud instances
467[05:25:27] <sney> godane: 5.9 changed some things with how non-gpl modules are allowed to interact with the rest of the kernel, and the out-of-tree module providers are responsible for catching up. since zfs is non-gpl I suspect this is what's happening though it's more infamously a problem with nvidia drivers and virtualbox.
468[05:25:31] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
469[05:25:36] <sney> in any case the tl;dr is use 5.8 for now
496[06:10:23] <marz> What's the equivalent for "-D" adduser in Debian?
497[06:10:39] *** Quits: treotmnor (~treotmnor@replaced-ip) (Remote host closed the connection)
498[06:11:11] <sney> as opposed to?
499[06:12:21] <marz> I'm trying to migrate my docker images from alpine to slim-buster. "RUN ADDUSER -D user" gives me an error: Option d is ambiguous (debug, disabled-login, disabled-password)
501[06:16:34] <sney> seems like -D is short for 'defaults' which should come from /etc/default/useradd, but possibly your slim buster image doesn't have the passwd package
531[06:43:15] <sney> run 'apt-key list' and look at the ensuing list with your eyeballs, paying attention to the 'uid' field, looking for something that identifies it as xanmod's key. since it was added with apt-key add, it'll be near the top of the list
532[06:43:46] <TuxCrazy> sney, ok
533[06:44:20] <sney> then you use apt-key del KEYID where the keyid is the thing that looks like '6ED6 F5CB 5FA6 FB2F 460A E88E EDA0 D238 8AE2 2BA9'
536[06:46:05] <TuxCrazy> sney, is this to be done with sudo?
537[06:46:34] <sney> yes, any system administration tasks should be done with sudo.
538[06:46:49] <TuxCrazy> sney, ok
539[06:47:15] <sney> if you know you are going to be running multiple commands, do 'sudo -i' to get a root shell, so you don't have to type sudo for every single command.
540[06:47:39] <Zombie> Are any of you Packagers? I sent in a Package Request.
547[06:50:45] <sney> RFP bugs are considered 'wishlist' for a reason. if you're hoping for a quick turnaround, you may want to look at packaging it yourself instead.
548[06:51:09] <sney> and submitting to debian, if that wasn't clear
549[06:52:05] <TuxCrazy> sney, can I pm you?
550[06:52:17] <sney> TuxCrazy: keep all questions in the channel, please.
551[06:52:44] <TuxCrazy> sney, just one time.
552[06:52:48] <sney> if you want to paste something, use replaced-url
553[06:52:52] <sney> no, I do not want a pm.
554[06:53:12] <TuxCrazy> the key is not getting removed.
585[07:25:15] <Maris-XP> How does one get more verbose init information, such as that seen on Slackware, I'd like to see all of the dmesg and perhaps system services startup information. I am on debian 10 by the way
586[07:25:53] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
587[07:26:12] <Maris-XP> Also would it be possible to not have the terminal cleared when the login prompt appears?
626[08:09:43] *** Quits: auk (auk@replaced-ip) (Quit: Leaving)
627[08:12:20] <marz> Error: Unable to compile the binary module. Do you have the rrdtool header and libraries installed? What's the equivalent package for python-rrdtool?
668[08:50:56] <towo^work> if it is vfat, mount it with -o umask=000
669[08:51:01] <eblip> yes i was thinking it is probably some kind of vfat
670[08:51:16] <eblip> thanks ill try that
671[08:51:35] <jelly> eblip: permissions work like that on well behaved unix filesystem types. If you have a vfat or ntfs fs type on the usb device, those have options for uid, gid and faked permissions to be used at mount time. So, mount options.
672[08:51:41] *** Hackerpcs is now known as Hackerpcs_5
695[08:57:03] <shtrb> towo^work, When I meant native , I meant native by Microsoft and not via an external source like the extfs solutions. Explorer can also access these mounts later
696[08:57:20] <shtrb> eblip, that is in fact better approach to use ext :)
697[08:57:35] <jelly> presumably over a guest/host vm interface.
698[08:58:06] <jelly> so you still have to a) present usb disk to Linux VM b) mount c) share with host... seems convoluted
699[08:58:19] <eblip> shtrb its an emergency pen drive with a few files i may need when i am travelling...and i will access them on somoene elses machine ...
700[08:58:33] <eblip> so its probably going to be windows
701[08:58:38] <jelly> then keep it vfat or ntfs.
702[08:58:42] <eblip> yes
703[08:58:53] <shtrb> There's also extfs solutions, good for read , never trusiting them with write. vfat is the safest approach
704[08:58:54] <jelly> vfat has that 4GiB size limit
705[08:58:56] <eblip> thanks a lot guys
706[08:59:09] <jelly> if that's not a problem for you, keep using it
707[09:01:21] <shtrb> just be aware of the 4GB limit and 32 gb limits of LBA
716[09:06:46] <shtrb> What would be a good base package installation for python developers in a debian vm (is it even wise to give them buster or I should be basing on side) ? I'm giving windows devs a Linux based environment where they would be working in. I know they can use venv and later install what they wish , I just wish to give them the most welcoming environment possible .
718[09:07:44] <shtrb> I thought about just installing python3-* but that might be an overkill
719[09:08:50] <lowin> Hello. I was thinking about replacing openwrt with debian on my router. I was just wondering if there are any good web based control panels for network configuration similar to luci that I could use?
721[09:09:51] <shtrb> lowin, are you sure your hardware support debian ? openwrt can work even on 4/32 installation when most debian installations would have a hard time
722[09:10:05] <eblip> shtrb .. i wasnt using a vm..but i installed buster, and just venv and it was easy enough to start developing in python...and i was totally clueless about things ..but after a simple youtube vid on venv and buster...i was away.
728[09:11:26] <lowin> My plan is to use boot openwrt kernel with necessary kernel modules and switch_root into debian
729[09:11:56] <shtrb> eblip, thanks , and had there been tools you had preferred that would had been installed before hand ?
730[09:13:23] <eblip> for me it was only django ...the pip stuff comes with the venv...but maybe a small document with some links explaining that you can get all the most up to date packages using pip...also install git...and a brief description....and tell them that they can do web dev with django and a few links..
731[09:13:36] <eblip> that would have been useful for me ..and stopped a lot of fumbling around
732[09:14:06] <eblip> oh and a brief explanation of a virtual environment venv
733[09:15:19] <shtrb> thanks eblip , git and svn was already selects, so was pip3 , about django - you mean the debian packages correct ?
735[09:16:08] <eblip> yes django...oh and if they are going to be doing webdev....my preference is also tell them they may require a database and basically just go for postgresql..
736[09:16:45] <eblip> or you can do like me ..install django 1.9 ...and mysql ...and no virtual env..and stored my files on my machine ..until the python and django guys woke me up
756[09:23:20] <eblip> i didnt bother with pycharm, as my machines are real old ..and i needed the lightest possible ide...so i just used vim, nerdtree and tmux..i think that is as light as it gets...plus there is a plugin to help with python..but i didnt even bother
757[09:24:06] <eblip> after about a week on vim nerd and tmux ..you wont need an ide
808[09:54:28] <ratrace> no I mean the default apparmor profile does NOT list the path, meaning it's not normally expected by it. it could mean two things: a) the profile is incomplete, b) the access is really not expected and soffice has no business opening the file
809[09:54:52] <ratrace> I'm leaning toward betting in favor of a) tho
810[09:55:10] <themill> At a guess, it's either getting ready to tell you about hardware plug-n-play devices, or it's going to map TLAs to companies for you
811[09:55:11] <shtrb> and I'm to b :)
812[09:55:29] <ratrace> shtrb: given the state of other profiles, a) is more likely
813[09:55:51] <themill> lots of things want to look in the hwdata databases to help you do things
814[09:56:07] <themill> (printer or scanner most likely for libreoffice?)
815[09:56:33] <themill> but it could be as simple as the filepicker that you've got libreoffice configured to use
816[09:56:37] <ratrace> right, and I was expecting to see some other comm tryna access that file, some subproces forked by and not directly part of libreoffice, but it seems that's not the case, soffice.bin is directly trying the file
817[09:56:41] *** Quits: yonder (~yonder@replaced-ip) (Remote host closed the connection)
818[09:57:30] <ratrace> themill: ah yes.... maybe via libcups?
819[09:58:31] <shtrb> I do have several printers configured , technically there is a scanner on the same machine (but I only used scanimage and not any ui tool for that)
820[10:00:49] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
824[10:02:48] <ratrace> at AA upstream, hwdata is only listed under kde-open5 profile. so I'd say the soffice profile is simply incomplete, and maybe the whole hwdata thing should be made into an abstraction.
825[10:03:23] <ratrace> sorry, not profile but kde-open5 abstraction. so hwdata should be separated as its own, maybe. something to file a bug report upstream, maybe.
826[10:03:46] *** Quits: st-gourichon-fid (~Stephane@replaced-ip) (Remote host closed the connection)
827[10:03:51] *** Quits: flakE (~flakE@replaced-ip) (Quit: I AM NOT A QUITTER!)
862[10:20:04] <ratrace> shtrb: why are you so concerned tho? by default soffice is in complain mode, definitely suggesting it's incomplete, and also would log a ton more denials
863[10:20:22] <shtrb> I do not trust doc files
864[10:20:44] <shtrb> and I got it only for doc files (not for others)
865[10:21:23] <shtrb> no , sorry , now I see it reads all the time , I blamed doc for nothing :-(
868[10:22:59] * shtrb don't trust doc files on general , don't even open docx if he can , and prefer everything to be just md files
869[10:23:12] <shtrb> man , and info files are also ok
870[10:23:40] <shtrb> On unrelated question to fix (enable) - type=1400 audit(1606463447.355:57): apparmor="DENIED" operation="open" profile="/usr/bin/pidgin" name="/sys/class/video4linux/" pid=7974 comm="gst-plugin-scan" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I need just to declare "/sys/class/video4linux/* mr," correct ?
873[10:26:59] <ratrace> shtrb: both video4linux/ (no asterisk) and video4linux/** probably.
874[10:27:15] <shtrb> what does ** mean in that context ?
875[10:27:37] <ratrace> all paths under it, including those with / meaning all files and subdirs, recursively
876[10:27:57] <ratrace> single * allows only names directly in the directory
877[10:28:00] <shtrb> oh thanks
878[10:28:37] <ratrace> not afraid of someone spying you over the webcam? :)
879[10:29:11] <shtrb> it's plugin for video chat , it is expected to work :D
880[10:29:25] <shtrb> and I have a mechnical lock on the webcam
881[10:29:50] <shtrb> analog shutter ?
882[10:29:52] <ratrace> right :)
883[10:30:07] <ratrace> is that a librem laptop?
884[10:30:13] <lusrx> sney: partitioning and formatting disk right now. dd mode in rufus worked really nicely for me. thank you! but trackpad is still not working for some reason. hopefully it will be sorted out once i have the system up and running.
885[10:30:31] <shtrb> ratrace , no , a thinkpad, I couldn't afford to get a liberm with covid19 and all
886[10:31:02] <ratrace> is that switch native to thinkpad or you got a usb cam or something?
909[10:50:31] <ratrace> shtrb: well you can put pidgin in complain mode and see if starts working. if it does, then check the profile and look for denials
910[10:51:25] <lusrx> help! i have a black glowing screen again. debian just finished installing all 1300+ packages and toward the end it rebooted i think.
925[11:00:10] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
926[11:00:38] <meltingwax> i'm having some problems with accessing a port on my server externally (inside LAN and outside). i checked iptables and there shouldn't be a firewall active, so i'm puzzled why port 80 works but this one doesnt
1002[12:25:27] <RhineDevil> I'm trying to do a passwordless and keyless SSH guest access. For that I followed these articles: replaced-url
1003[12:26:38] <ratrace> RhineDevil: passwordless and keyless? then using what for authorization?
1004[12:27:03] <RhineDevil> ratrace, nothing, it's supposed to work like ftp anonymous account
1005[12:27:41] <ratrace> well I never tried that with ssh... but what's your question.
1006[12:28:18] *** Quits: pvdp6655644 (~pvdp@replaced-ip) (Remote host closed the connection)
1007[12:28:28] <RhineDevil> ratrace, I'm not achieving it. It still asks me for a password even though I've enabled PermitEmptyPasswords for Match Group
1008[12:28:46] <ratrace> tried to hit just enter and submit an empty password?
1009[12:29:04] <RhineDevil> ratrace, mhhh gotta try that
1011[12:29:45] <RhineDevil> ratrace, doesn't let me do that. it says "no password supplied"
1012[12:29:46] <ratrace> I'm not sure openssh would allow completely noninteractive login. could be wrong, like I said, I never tried it. my inner security daemons are now screaming and trashing about...
1013[12:30:02] <ratrace> RhineDevil: does the account you're trying have empty password field?
1014[12:30:10] <aiRness> Hello. Just upgraded my debian sid, are there any known bugs for pulseaudio ? Even the aplay doesn't give any soundcards installed
1015[12:30:11] <RhineDevil> ratrace, yes
1016[12:30:52] <RhineDevil> aiRness, pulseaudio didn't see any soundcard even in stable for me
1017[12:30:56] <ratrace> !tell aiRness about debian-next
1018[12:31:30] <aiRness> RhineDevil: well everything was workign fine until yesterday's upgrade, thing is aplay doesn't even see the soundcards now (pulseaudio shows dummy devices)
1019[12:31:45] <RhineDevil> I've beheaded the bull by just installing jack as a system-wide daemon and using pulseaudio as a jack client
1020[12:32:13] <RhineDevil> but it's not an everyday task I had to mess around with lots of things
1021[12:33:14] <RhineDevil> ratrace, yes the account I'm using has an empty password field
1022[12:34:13] <ratrace> RhineDevil: wait I'm looking throug the manpage. this is highly unusual
1030[12:37:16] <ratrace> pipewire is very much new software. fedora wants to switch to it within next or netx two releases. imho, it'll be PA debacle all over again, but fine.... definitely not happening in debian for next and I doubt even for next-next
1031[12:37:17] *** Quits: ich (~ich@replaced-ip) (Quit: Ex-Chat)
1032[12:37:19] *** Quits: Deyaa (uid190709@replaced-ip) (Quit: Connection closed for inactivity)
1033[12:37:56] <aiRness> I don't get why I complete lost track of the soundcard though, even with aplay -l
1047[12:46:25] <ratrace> RhineDevil: found this... note the distiction between "empty password" (witha hash for "empty") and "no password" which apparently doesn't work. replaced-url
1048[12:47:19] <ratrace> so, again, they DO set a password, through a hard-coded hash of basically newline I think
1049[12:47:54] <ratrace> see the two links in the accepted answer for more info
1051[12:49:00] <ratrace> RhineDevil: finally... I have to warn you, this setup is very, very very fragile. One tiny mistake and you've opened your server to free, unauthenticated login, to the whole wide internet.
1082[13:19:53] <shtrb> RhineDevil, a wise man once said , replaced-url
1083[13:21:21] <shtrb> RhineDevil, from the man file: This call changes an ingredient in the pathname resolution process and does nothing else. In particular, it is not intended to be used for any kind of security pur‐
1084[13:21:22] <shtrb> pose, neither to fully sandbox a process nor to restrict filesystem system calls. In the past, chroot() has been used by daemons to restrict themselves prior to
1085[13:21:22] <shtrb> passing paths supplied by untrusted users to system calls such as open(2). However, if a folder is moved out of the chroot directory, an attacker can exploit that to
1086[13:21:22] <shtrb> get out of the chroot directory as well. The easiest way to do that is to chdir(2) to the to-be-moved directory, wait for it to be moved out, then open a path like ../../../etc/passwd
1089[13:22:29] <gryffus> Hello, is there anyone with experiences with EJBCA? I am trying to find "EJBCA Client Toolbox" for CLI access to EJBCA, but cannot find it anywhere. I just need to check for existence of a certain certificate from bash
1090[13:22:37] *** luce4783 is now known as S3xyL1nux
1104[13:32:16] <RhineDevil> shtrb, yeah but point is, if you just can access sftp and not shell, you cant execute anything. doesn't matter if it just changes the path, cause you won't be able to execute a process that goes outside this path anyway
1105[13:32:32] *** Quits: black_ant (~antilope@replaced-ip) (Quit: simplicity does not kill)
1106[13:32:47] <jelly> I thought LE ran on fully opensource software. replaced-url
1107[13:33:04] *** Quits: nksegos (~Thunderbi@replaced-ip) (Remote host closed the connection)
1117[13:35:45] <shtrb> RhineDevil, have you looked on the part when it can read ANY file on the mounted file system ?
1118[13:35:59] <gryffus> bezaban, I can see only ejbca_ce_6_15_2_6.zip
1119[13:36:03] <bezaban> ejbca is open source, but has some enterprise functions. It's used by some public type CAs as well as other product scoped or internal ones :)
1120[13:36:05] <RhineDevil> shtrb, how can it read ANY file if you're locked inside the cage
1121[13:36:38] <shtrb> RhineDevil, man 2 chroot
1122[13:36:40] <bezaban> gryffus: yeah, that's the one.
1245[15:21:40] <marz> What package do I need to install to satisfy this error: "Error: Unable to compile the binary module. Do you have the rrdtool header and libraries installed?"
1249[15:24:31] <torbjorn> sorry for asking something super trivial as this, but I installed debian 10 as a kvm/qemu virtual guest, with a bridged interface, and now want to configure a static ip address. I take out iface ens3 inet dhcp and instead type iface ens3 inet static address 192.168.3.0/24 gateway 192.168.3.1 # but when I do ifdown ens3 and ifup ens3 , ens3 now has two ip addresses, both the original dhcp ip and the new
1250[15:24:37] <torbjorn> static ip
1251[15:25:07] <torbjorn> if I tcpdump for udp 67:68 on the kvm host, I see activity the moment I do ifup, every time
1263[15:29:23] <shtrb> marz , we need little bit more about it but at leas you would need rrdtool and librrds-perl dh-lua gem2deb gem2deb-test-runner libdbi-dev libdbi1 liblua5.1-0-dev liblua5.2-dev liblua5.3-dev liblua5.4-dev libpython3-all-dbg libpython3-all-dev libpython3-dbg
1325[16:11:23] <RhineDevil> what fails specifically is ChrootDirectory
1326[16:12:04] *** Quits: Brigo (~Brigo@replaced-ip) (Remote host closed the connection)
1327[16:12:25] <RhineDevil> you can use internal sftp as subsystem and ForceCommand, but if you do "ChrootDirectory /home/%u" it fails and ssh always closes the connection
1335[16:14:59] <SnakesAndStuff> I'm having problems with bind9 in debian buster. When I try to write a log file to /var/log/bind/bind.log whith /var/log/bind and the bind.log belonging to bind.bind with proper permissions it still fails (testing it as running in foreground to see error)
1345[16:18:53] <ksk> SnakesAndStuff: but eh, I would the standard config of bind9 to be able to write to its logfiles - so what did you change and why?
1348[16:20:43] <SnakesAndStuff> ksk: Because I was going to make the output more verbose and enable logging... Trying to figure out why some DNS queries are getting blocked/failing with runnined a cached dns server
1349[16:21:02] <SnakesAndStuff> and rather than spam syslog, I was going to temporarily have it write to a specific file
1350[16:21:29] <SnakesAndStuff> ksk: And my "it fails" is a laughable technical description. But what I posted is the actual output.
1351[16:22:19] <ksk> kk, then from what you say: bind9 is not running as user "bind".
1352[16:22:41] <ksk> Mhhm, maybe also make sure no namespace/cgroup/protection options are set in bind9 systemd unit file.
1353[16:23:01] <SnakesAndStuff> When I disable logging, and start it via systemctl it surely does run as bind.
1377[16:31:23] <ksk> typicly it is in "/lib/systemd/system/XxX.service" - you can copy it to /etc/systemd/system and then edit it there - it will take priority over the one coming from the package
1381[16:34:04] <SnakesAndStuff> ksk: I took a look in that file... followed it from the symlink in /etc/systemd/system/multi-user.target.wants/bind9.service
1382[16:34:26] <SnakesAndStuff> which is where I pulled the startup command from and added a -f to run it in the foreground to try to get error messages.
1387[16:37:35] <SnakesAndStuff> Interesting... gives the same error if I try to write to a file in a directory outside of /var/log... .even with 777 permissions
1472[17:56:03] <grondilu> I wanted to spare some CPU for a remote laptop connect to only through SSH, so I ran it on runlevel 3 instead of 6. Problem is apparently now the screen never turns off, and it's kind of bright. How could I turn it off ?
1473[17:56:24] <grondilu> s/laptop connect/laptop I connect/
1474[17:57:00] <grondilu> I suppose I could run it back on level 6, but meh.
1535[18:53:28] <asterismo_l> i'm trying to install debian in an old PC with two IDE/ATA drives on a RAID1
1536[18:53:38] *** Quits: conta (Thunderbir@replaced-ip) (Ping timeout: 260 seconds)
1537[18:53:38] *** conta1 is now known as conta
1538[18:54:20] <asterismo_l> updating grub breaks grub and the system goes to a grub rescue, this happens with Debian 10, and i think 9 and 8 too. This not happens with Debian 7
1539[18:54:42] <sney> how is the raid configured?
1540[18:54:55] <asterismo_l> if i unplug one drive, the system boots grub no problem, as soon as i plug the other drive, grub-rescue
1599[19:07:22] <jelly> klemax: in general, debian does not support downgrades
1600[19:07:30] <asterismo_l> jelly, i did grub-install and no error is reported... so
1601[19:07:31] <sney> klemax: some individual packages can be downgraded manually, but there is no mechanism in debian for a full version downgrade.
1602[19:07:34] <asterismo_l> i'll try again
1603[19:07:51] <asterismo_l> is there anyway to run grub-install with a debug option?
1604[19:08:06] <jelly> asterismo_l: on both disks? grub-install /dev/sda and grub-install /dev/sdb if that's where they are?
1605[19:08:14] <sney> grub-install has -v for verbose
1606[19:08:23] <asterismo_l> and jelly should i run grub-install on sda/sdb or md0?
1607[19:08:31] <jelly> definitely not md0
1608[19:08:35] <asterismo_l> ok
1609[19:08:49] <jelly> asterismo_l: can you pastebin your lsblk output?
1610[19:09:16] <ficonni> Guys mind helping me out ? I just added alsactl init to my rc.local file to try and fix my problem of the jack not working upon boot but no avail. The command works by itself when typed manually tho.
1611[19:09:42] <klemax> jelly sney: ok i got it, thanks
1612[19:10:07] <jelly> klemax: if you have a backup of debian 8, restore the whole system from that
1613[19:10:56] <klemax> jelly: yes i can do that, i have a backup
1616[19:11:28] <dpkg> /etc/rc.local may be used to run simple commands at boot time. It exists by default in jessie or older; in stretch or newer you need to create it. Don't forget the <shebang> and be sure to chmod 755 it. rc.local is considered a hack, a stopgap, or a temporary band-aid; see <systemd>
1623[19:14:17] <ficonni> dpkg: forgive my lack of sysadmin knowledge, does this shebang mean I need to put the #! the very beginning of the script ?
1624[19:14:17] <dpkg> Well, my lack of sysadmin knowledge, does this shebang mean I need to put the #! the very beginning of the script boy, I guess I could do that. But I believe forgiving is God's job, I'm just arranging the meeting. *blows my lack of sysadmin knowledge, does this shebang mean I need to put the #! the very beginning of the script head apart with .44 magnum*
1625[19:14:56] <jmcnaught> ficonni: dpkg is a bot
1626[19:15:07] <petn-randall> !shebang
1627[19:15:07] <dpkg> extra, extra, read all about it, shebang is the "hash-bang" (#!) line at the start of a script that instructs the kernel which interpreter to use. Examples: "#!/bin/sh", "#!/usr/bin/perl -w". replaced-url
1628[19:15:20] <petn-randall> ficonni: ^^^
1629[19:15:29] <ficonni> well, that's another thing I learned today.
1643[19:17:21] <asterismo_l> i'll try and paste in a while
1644[19:17:25] <jmcnaught> ficonni: I also recommend leaving some comments for your future self (lines starting with #) in the file about what (and why) it is doing. #!/bin/sh is what you want.
1645[19:17:28] <jelly> asterismo_l: your system does not _sound_ like it uses uefi booting?
1646[19:17:35] *** Quits: nickodd (~nickodd@replaced-ip) (Remote host closed the connection)
1647[19:17:45] <asterismo_l> my system is from 2001
1648[19:18:02] <jelly> asterismo_l: and that partition layout is missing the efiboot partition, so I assumed you used grub-pc not the EFI one
1649[19:18:02] <asterismo_l> it is a Dell Precision 530MT dual Xeon
1651[19:18:30] <asterismo_l> should i addan efi partition?
1652[19:18:34] <ficonni> jmcnaught: copy that. I know about commenting but didn't know about the shebang. WIll do , reboot and report. Already did chmod 755 to the file
1674[19:34:51] <L0aD1nG> hello, i have troubles with debian 10 installation on a new pc... Xorg wont run, here is the paste of /var/log/Xorg.0.log replaced-url
1680[19:37:12] <jmcnaught> L0aD1nG: how are you starting X? What GPU do you have? Have you already tried anything?
1681[19:38:56] <L0aD1nG> jmcnaught: i have intell graphics via the processor, i install xorg and dm and wm normally it would run automatically i did the same many times on other computers
1682[19:39:42] <L0aD1nG> jmcnaught: i installed just standar system utilities. And installing what i need from the console now
1694[19:42:37] <L0aD1nG> The installtion process went great no errors at all
1695[19:43:07] <jmcnaught> L0aD1nG: is xserver-xorg-video-intel installed?
1696[19:43:12] <d3m0nm4dn3ss> Hey ya'll, I'm going to run Linux on my wii and right now I have a debian lenny install, anyways I need to connect to my wifi network but I can't use a keyboard while it's booted on the Wii. I'm in the root dir of it right now as I have the sdcard in my computer can I have some help in where I need to go/what I need to do to connect Linux on my wii to the internet. I have the wpa_supplicant.conf generated but it does not seem that it connected to
1700[19:43:49] <Mrbuck> Hi any one know any software on debian that helps me draw for example I would be needing to draw things like trees,datastructures and so on
1727[19:48:29] <greycat> That sounds like a high number. Is it super new?
1728[19:48:35] <Mrbuck> I checkd gimp and inkspace they are for images and complicated too :( Anyway Thank you I will check sney also
1729[19:48:51] <jmcnaught> L0aD1nG: it came out this year right? About a year after Debian 10 unfortunately.
1730[19:49:04] <L0aD1nG> greycat: its the latest if i am not mistaken
1731[19:49:11] <greycat> Super new hardware may need unstable kernel/drivers/firmware.
1732[19:49:41] <greycat> !buster freeze
1733[19:49:41] <dpkg> Buster started the freeze process on 2019-01-12 see replaced-url
1734[19:49:48] <L0aD1nG> so i should install unstable?? I mean not to search for a solution
1735[19:49:55] <greycat> If the hardware is newer than Jan 2019, then it may not work well in buster.
1736[19:50:04] <sney> I'm sure greycat means the backport kernel
1737[19:50:08] *** Quits: conta (Thunderbir@replaced-ip) (Quit: conta)
1738[19:50:15] <L0aD1nG> i tried this so long replaced-url
1739[19:50:22] <sney> !buster-backports
1740[19:50:22] <dpkg> Some packages intended for Bullseye (Debian 11) but recompiled for use with Buster (Debian 10) can be found in the buster-backports repository. See replaced-url
1741[19:50:24] <greycat> Maybe, maybe not. The unstable support channel may know more.
1742[19:50:36] <L0aD1nG> and i booted and the it was flashing the loging all the time on the console
1743[19:50:37] <Mrbuck> sney: dia is what I needed
1744[19:50:40] <Mrbuck> thank you
1745[19:50:42] <greycat> You can *try* the backported kernel, plus whatever else you need, but it may be a LOT.
1746[19:50:55] <jmcnaught> A newer-than-buster GPU might need more than a newer kernel, such as newer mesa or xorg versions too.
1747[19:50:57] <sney> the 5.8 kernel in buster-backports is new enough to support most post-buster hardware
1748[19:51:07] <sney> Mrbuck: np
1749[19:51:34] <d3m0nm4dn3ss> looks like it's a Broadcom 4710?
1750[19:51:39] <d3m0nm4dn3ss> based on the kernel output
1751[19:51:44] *** Quits: ttys000 (~ttys000@replaced-ip) (Read error: No route to host)
1765[19:54:38] <dpkg> #debian-next is the channel for testing/unstable support on the OFTC network (irc.oftc.net), *not* on freenode. If you get "Cannot join #debian-next (Channel is invite only)." it means you did not read it's on irc.oftc.net. See also replaced-url
1766[19:54:50] <greycat> Those people may know more about your hardware and how well unstable (etc.) supports it.
1767[19:54:59] <sney> greycat: keep your pants on, they haven't even made a decision yet.
1768[19:55:34] <L0aD1nG> i will try the bpo kernel first.
1769[19:55:35] <sney> L0aD1nG: it sounds like the 4.19 kernel in buster isn't new enough for your video hardware, yes. but you can install the 5.8 kernel from buster-backports, which likely *does* support it.
1799[20:09:17] <greycat> For the last 10 years or so, the recommended configuration is "let the X server figure it out automatically", and you only make xorg.conf.d snippets (which are in /etc/X11 not /usr/share) if you REALLY need them, for exotic hardware.
1800[20:09:18] <L0aD1nG> okay i installed "linux-image-amd64" and "linux-headers-amd64" it works great now
1806[20:10:56] <sney> yep, with new intel hardware usually the only thing you need is the more up-to-date kernel module, intel stuff plays nice with linux.
1813[20:15:00] <L0aD1nG> i am telling that cause the motherboard is super new too
1814[20:15:17] <Franciman> another question, how can I see which parameters are passed to each module in the kernel?
1815[20:16:13] <sney> Franciman: that's set up in /etc/modprobe.d though most stuff will just be loaded with defaults. you can see what the defaults are with modinfo.
1818[20:18:46] *** Quits: milkt (~debian@replaced-ip) (Remote host closed the connection)
1819[20:18:47] <sney> L0aD1nG: with that 5.8 kernel, all of your drivers are up to date as of Sept 2020. so unless it's *really* bleeding edge, I expect your devices to work
1820[20:19:34] <greycat> you may still need post-stable firmware
1821[20:20:49] <sney> yeah, and that's in buster-backports too
1823[20:22:54] <L0aD1nG> this machine has windows too yesterday i installed the and "build" them as i wanted, i bought them its the official windows 10...
1849[20:36:09] <ratrace> that's like saying your needs are to go to the store, and you're comparing some small car with a big truck and say that the truck gulps so much more fuel, and needs time to warm up, fill up airbrake tanks, etc...
1850[20:36:31] <greycat> I see no problem with that statement. The car is a more suitable choice for this job.
1851[20:36:35] <ratrace> yea but that truck can pull ten of those cars on a trailer, and have different trailers, etc...
1852[20:37:22] <greycat> The truck is a far better choice for carrying tons of cargo to a distant factory.
1853[20:42:28] <ratrace> well sure, that's the idea
1905[21:41:11] <asterismo_l> jelly, not a chance, i installed debian 10 and after reboot i get grub rescue
1906[21:41:29] <asterismo_l> it prompted me to choose install grub in sda or sdb and i choose sda
1907[21:42:56] <jelly> asterismo_l: can you not choose both sda and sdb?
1908[21:44:04] <jelly> that's what you're supposed to do with a raid1 setup, boot loader on both sda and sdb, so when one goes bad you still have a boot loader
1909[21:45:46] *** Quits: wh0kares (~wh0kares@replaced-ip) (Remote host closed the connection)
1914[21:59:39] <SnakesAndStuff> If anyone is interested, the problem I had with bind/named and logfiles earlier I discovered was because of apparmor... Found it while browsing information in /var/lib/dpgk
1915[21:59:44] <def_jam> hey i can run a program succesfully using the exact same command as i do in crontab -e
1916[21:59:47] <SnakesAndStuff> and by default it wants log files in /var/log/named not /var/log/bind
1917[21:59:56] <def_jam> but with crontab ..it fails with bad gateway
1918[21:59:59] <SnakesAndStuff> What resource do I use to look up what restrictions apparmor places on various apps?
1921[22:00:28] <greycat> crontab gives you a VERY bare environment. no terminal, no $TERM variable, none of the stuff you get from your dot files when you login, etc.
1927[22:05:07] <roycroft> when running cron jobs, especially with elevated privileges, it's best to explicitly stipulate the full path name of any commands
1941[22:07:51] <roycroft> and in modern debian, /bin is a symlink to /usr/bin
1942[22:08:03] <roycroft> and /sbin a symlink to /usr/sbin
1943[22:08:11] <greycat> Some people at work are using VNC sessions and wanted me to make them start at boot time. It turns out tightvnc server expects to see a $USER variable in the environment. Which is of course not standard in Linux....
1944[22:08:24] <roycroft> so moving utilities from /bin to /usr/bin and vice versa is moot at this point :)
1945[22:08:32] *** Quits: mezzo (~mezzo@replaced-ip) (Quit: leaving)
1946[22:09:01] <greycat> roycroft: only if you installed buster. If you upgraded to buster, this is not the case, unless you also installed the usrmerge(?) package.
2084[23:30:43] <mason> roycroft: In modern Debian, whether you have usrmerge or not is contigent on how you install. Controllable via a debootstrap flag, for instance.