Quijote_Libre | Hi, i search a good tuto for install openbox on a Devuan withoutx | 16:15 |
---|---|---|
koffkoff | Hi all. I have some question regarding changing Debian as our upstream source as OS to Devuan. | 16:24 |
koffkoff | Our current solution is that we have a debian based operating system where we apply patches to some packages but take most as is. | 16:25 |
koffkoff | We're currently looking to migrate from jessie (where we use Sysvinit) to buster, and I'm considering prosposing basing it on Beowolf instead. Is this the right place to ask questions about this? | 16:26 |
sixwheeledbeast | just ask away | 16:28 |
koffkoff | OK, so one concern I have is how long it usually takes for security fixes that Debian has released to reach the Devuan repositories. | 16:28 |
debdog | koffkoff: the vast majority of packages come directly from debian. so the answer is: instantly | 16:33 |
debdog | well, as soon as their mirrors are synced | 16:34 |
koffkoff | debdog: Way to answer my question before I asked it! | 16:35 |
debdog | except for these: https://pkgmaster.devuan.org/bannedpackages.txt | 16:35 |
golinux | koffkoff: Depending on your usecase Beowulf may or may not be the best choice | 16:35 |
golinux | Might be better to stick with ascii for now. | 16:35 |
debdog | oh, missed that part. jessie to buster is skipping one release | 16:36 |
golinux | That was going to be my next comment | 16:37 |
golinux | The changes in Buster/Beowulf have cause me quite a headache | 16:38 |
* debdog g2g. but golinux is more involved and should know better | 16:38 | |
golinux | No more gksu. Merged /usr | 16:38 |
koffkoff | I'll try to explain how we work in order to give a better understanding of why we're skipping the step in the middle, TL;DR we're not running pure Debian atm. | 16:38 |
golinux | That could be "interesting" | 16:39 |
koffkoff | So what we're doing is we a subset of the Debian packages that we need for our solution (where we activly patch some and take some from another source, the kernel being one). | 16:39 |
koffkoff | on top of that we have our own developed debian packages that we're supporting. | 16:40 |
golinux | koffkoff: I would save the details for someone with more experience than me. I am a lowly desktop user. | 16:40 |
koffkoff | golinux: OK. | 16:41 |
golinux | But I do keep track of the big puvture issues | 16:42 |
golinux | picture really | 16:42 |
golinux | I do have Beowulf running in a VM but don't spend much time there doing work. Mostly to do the default theming. | 16:43 |
golinux | My daily driver is still jessie. | 16:43 |
koffkoff | Do you know of any big examples of where devuan is used that I can take as examples? I have found ipv6onlyhosting. | 16:43 |
golinux | https://devuanhosting.com/en-us/cms/ | 16:45 |
koffkoff | Is the major release planned in the same timeframe as Buster? | 16:45 |
golinux | I think that's the same host as your url. | 16:45 |
koffkoff | golinux: That probably desrves a let me google that for you :X | 16:45 |
koffkoff | debdog: thanks for the link of the banned packages btw. | 16:46 |
golinux | We're trying to catch up with Debian release cycle | 16:46 |
golinux | I'm hoping that we have a beta by the time of the conference. | 16:46 |
koffkoff | Right, that sounds promising if you're able to hit that mark. | 16:47 |
golinux | fsmithred is working on a multiboot usb for the occasion. | 16:49 |
koffkoff | golinux: Thanks for the answers, I'll see if I can convince the rest of the team. | 17:02 |
golinux | koffkoff: Maybe you'll be able to catch KatolaZ who can provide more technical advice. | 17:08 |
golinux | Hope it works out for you. | 17:08 |
KatolaZ | golinux: ? | 17:30 |
koffkoff | KatolaZ: He was answering me that you might have better technichal experience regarding using Devuan as base for a Dist rather then Debian. | 17:31 |
koffkoff | So I'll try and shoot you a question if you don't mind. | 17:32 |
KatolaZ | maybe she :) | 17:33 |
koffkoff | Sorry for assuming :X | 17:33 |
KatolaZ | :D | 17:33 |
KatolaZ | nw | 17:33 |
KatolaZ | so | 17:33 |
KatolaZ | what's the matter/ | 17:33 |
KatolaZ | ? | 17:33 |
koffkoff | I take it that packages that does have Systemd dependencies have Debians repository as upstream, or are they usually taken from the original upstream? | 17:36 |
koffkoff | The reason I'm asking is whether we can rely on debian security patches to trickle down aswell. | 17:37 |
KatolaZ | koffkoff: any package that has not been forked by Devuan comes directly from debian | 17:38 |
KatolaZ | as the corresponding security updates | 17:38 |
KatolaZ | security patches for packages forked by devuan are managed by devuan | 17:39 |
KatolaZ | we have had a couple of those, and they have been solver withing a couple of days at the latest | 17:39 |
koffkoff | KatolaZ: OK, and the fork is typically from debian I take it? | 17:40 |
KatolaZ | yes | 17:41 |
KatolaZ | except for packages that are not in debian | 17:41 |
koffkoff | and solved within a couple of days from a CVE being issued or from a DSA being issued? | 17:41 |
KatolaZ | like eudev, elogind, and a few more | 17:41 |
KatolaZ | koffkoff: we don't have many forked packages | 17:41 |
KatolaZ | they are a few hundreds | 17:41 |
koffkoff | KatolaZ: a few hundred is a lot in my book =) | 17:42 |
KatolaZ | koffkoff: it depends on how many CVEs those few hundreds have seen... | 17:43 |
KatolaZ | so a few hundred means nothing in my book, without further specification :) | 17:44 |
koffkoff | Do you have any similiar tracking system as Debians DSA system for the packages you maintain? | 17:45 |
KatolaZ | not yet koffkoff | 17:45 |
koffkoff | Right, so currently the quickest way to get notified of updates would be to poll the repository for new version then I take it. | 17:46 |
KatolaZ | uh? | 17:46 |
koffkoff | I'm referring to Devuans APT repository if that clarifies things. | 17:48 |
KatolaZ | koffkoff: please ask your question | 17:48 |
KatolaZ | it looks like you are circling around it :) | 17:48 |
KatolaZ | we have had only two security issues on packages forked by devuan in the last 4 years | 17:49 |
koffkoff | When a security update has been made to for instance eudev, how will I see it? | 17:49 |
KatolaZ | and in both occasions we have provided a fix within one/two days | 17:49 |
KatolaZ | you will get it | 17:49 |
KatolaZ | much before you notice it :) | 17:49 |
KatolaZ | there is little scope to keep a separate DSA system for such small numbers | 17:49 |
koffkoff | Well we are running our own APT mirrors which we will need to update. | 17:50 |
KatolaZ | I guess you see the point | 17:50 |
KatolaZ | koffkoff: I guess you don't sync mirrors manually at the moment, right? | 17:50 |
KatolaZ | or do you? | 17:50 |
koffkoff | We do sadly, for some packages it's necessary since we patch them. | 17:51 |
KatolaZ | koffkoff: then the best way to get updated news is to subscribe to the ML and/or to dev1galaxy (the forum) | 17:52 |
koffkoff | On that point, what tools are you using for automatic updates? | 17:52 |
koffkoff | Right. | 17:53 |
KatolaZ | koffkoff: what do you mean by "automatic updates"? | 17:53 |
KatolaZ | updates of what? | 17:53 |
KatolaZ | our repos or installations? | 17:53 |
koffkoff | What tools are you using to syncing packages from debian to your APT repositories that doesn't require changes. | 17:53 |
KatolaZ | amprolla | 17:54 |
KatolaZ | it merges upstream with devuan repos | 17:54 |
KatolaZ | koffkoff: amprolla is a custom software which is in charge of managing the merge | 17:56 |
KatolaZ | it runs continuously on our master mirrors | 17:56 |
koffkoff | Apparently one of the reasons for our manual updates is that a security fix (from debian) for glibc previously caused our virtualbox (taken from oracle) to not run. | 17:59 |
KatolaZ | koffkoff: nobody has full control on what heppens in Debian, believe me | 18:01 |
koffkoff | I believe you =) | 18:01 |
KatolaZ | the process is quite well-vetted, but still, Debian is large, and the number of debian-derived stuff is even larger | 18:01 |
KatolaZ | so it's impossible to take care of every possible corner case | 18:01 |
KatolaZ | this does not depend on running Devuan or Ubuntu or whatever | 18:01 |
KatolaZ | you will have the same problem with any community-developed distro | 18:02 |
KatolaZ | only, in De??an things tends to be much more stable if you keep in the stable branch | 18:02 |
KatolaZ | since a package has to go a long way before getting in a stable release | 18:02 |
koffkoff | I know, that's why we vet everything for our usecase when we update our reposities (though we also make mistakes). | 18:02 |
KatolaZ | but I am probably stating the obvious here, sorry | 18:02 |
KatolaZ | koffkoff: how do you mamage your repos, if I can ask? | 18:03 |
koffkoff | We have one git repository where we have all the packages that we take directly from Debian in one repo thet we call "repack" for legacy reasons. | 18:04 |
KatolaZ | ok I was asking because yours looked like a job for aptly | 18:05 |
koffkoff | Then we have for the other packaes (on the source level) a git repository for each package that we either modify, provide ourselves, or provide debian packaging for. | 18:05 |
koffkoff | We build those to get packages that we upload to our APT repository. Most of these steps are automated though. | 18:06 |
koffkoff | Not sure if that answers your question though. | 18:07 |
KatolaZ | koffkoff: in principle you could use amprolla to merge your local repos with whatever comes from debian | 18:07 |
KatolaZ | or with whatever comes from devuan, if you use devuan as a base | 18:07 |
koffkoff | KatolaZ: probably, the only problem is that our customers are a bit nit picky on when/how to update (even when there are big security issues out there) which means that we need to maintain older pcakges. | 18:08 |
KatolaZ | koffkoff: don't know your specific issues | 18:09 |
KatolaZ | sorry | 18:09 |
koffkoff | We provide internet connectivity to trains through modem uplinks. The company is called Icomera. | 18:10 |
KatolaZ | no I didn't mean I need to know :P | 18:10 |
koffkoff | Sorry if you didn't want to know :P | 18:11 |
KatolaZ | this channel is public and logged | 18:11 |
koffkoff | I know, it's no secret. | 18:11 |
KatolaZ | so I would not have requested any sensible information | 18:11 |
KatolaZ | fine | 18:11 |
koffkoff | Anyway, I think I've gotten my questions answered, thanks for your time! | 18:13 |
KatolaZ | koffkoff: nw | 18:13 |
KatolaZ | please shout if you need more help/info | 18:14 |
* Ji-eF[m] sent a long message: < https://matrix.org/_matrix/media/v1/download/matrix.org/cJqBhKIVEOYwygzWUuFOaknR > | 18:14 | |
koffkoff | Will do. | 18:14 |
koffkoff | I'm a novice at Devuan, however in Debian everything that is in the /etc directory is marked as config files and will survive an upgrade while /usr/share will not. | 18:15 |
Ji-eF[m] | OK koffkoff thanks 🙂 | 18:17 |
koffkoff | Ji-eF[m]: np. | 18:17 |
Ji-eF[m] | Hum thing is... modifying /etc/polkit-1/actions/org.freedesktop.UDisks2.policy does not seem to have any effect... while modifying from /usr/share/polkit-1/actions/, it works fine (I try to mount an USB stick without entering root passwd) | 18:20 |
Ji-eF[m] | Do I need to restart some service ? | 18:21 |
KatolaZ | Ji-eF[m]: it should actually work ootb... | 18:26 |
Ji-eF[m] | KatolaZ: yes. I checked perms on both /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy and /etc/polkit-1/actions/org.freedesktop.UDisks2.policy, they are both root:root and 644. | 18:59 |
Ji-eF[m] | I'll try reboot my computer to see if there is an autorepair feature :p | 19:00 |
KatolaZ | no need to reboot Ji-eF[m] | 19:00 |
KatolaZ | it should be sufficient to logout/login again from your login manager | 19:00 |
Ji-eF[m] | ah, Will try that then. | 19:01 |
Ji-eF[m] | Nope, still can't mount my stick without root passwd. | 19:12 |
KatolaZ | Ji-eF[m]: there is a thread on dev1galaxy about this stuff | 19:13 |
KatolaZ | Ji-eF[m]: are you on ascii or beowulf? | 19:13 |
Ji-eF[m] | not sure : testing | 19:14 |
Ji-eF[m] | not sure about the name ^^' | 19:14 |
KatolaZ | beowulf | 19:15 |
KatolaZ | :) | 19:15 |
KatolaZ | Ji-eF[m]: which DM and login manager? | 19:16 |
Ji-eF[m] | ok 🙂 . I'm on KDE Plasma 5 , using SDDM as login manager | 19:17 |
KatolaZ | which session manager? | 19:17 |
KatolaZ | consolekit or elogind? | 19:18 |
KatolaZ | SDDM might be the issue | 19:18 |
Ji-eF[m] | this I do not know. How do I check ? | 19:18 |
KatolaZ | you should have only one of the two installed | 19:18 |
KatolaZ | (even if this is not guaranteed) | 19:18 |
KatolaZ | dpkg -l | grep elogind | 19:19 |
Ji-eF[m] | I have elogind in /etc/init.d | 19:19 |
KatolaZ | dpkg -l | grep consolekit | 19:19 |
Ji-eF[m] | meh ... I have elogind in i386 and consolekit in amd64 :/ | 19:20 |
Ji-eF[m] | OK, I tried the solution found here and it worked 🙂 : > https://dev1galaxy.org/viewtopic.php?pid=7848#p7848 | 19:29 |
KatolaZ | Ji-eF[m]: can you please open a bug report on bugs.devuan.org? | 19:31 |
KatolaZ | so that it does not get forgotten | 19:32 |
KatolaZ | please open it against elogind | 19:32 |
Ji-eF[m] | Still, it's strange that modding /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy works while modding /etc/polkit-1/actions/org.freedesktop.UDisks2.policy does not... | 19:32 |
KatolaZ | and possibly cite the dev1galaxy topic | 19:32 |
KatolaZ | thanks | 19:32 |
Ji-eF[m] | OK, I'll try. | 19:32 |
Ji-eF[m] | sorry to be this much novice, but do I need to follow the "Sending the bug report via e-mail" at https://bugs.devuan.org/Reporting.html ? | 19:38 |
KatolaZ | Ji-eF[m]: use `reportbug` | 19:38 |
KatolaZ | you will need to send the report via email, but reportbug will prepare it for you | 19:38 |
Ji-eF[m] | oh, I'll install it then :), thanks | 19:38 |
KatolaZ | nw | 19:41 |
Ji-eF[m] | KatolaZ: > "Briefly describe the problem (max. 100 characters allowed)" What do I write here ? | 19:48 |
KatolaZ | ops | 19:48 |
Ji-eF[m] | "Unable to mount USB stick" ? | 19:48 |
KatolaZ | I guess the correct package is policykit | 19:48 |
KatolaZ | anyway | 19:48 |
Ji-eF[m] | Oh | 19:49 |
KatolaZ | yes, something like "default policykit rule in beowulf requests root password to mount external USB drives| | 19:49 |
KatolaZ | (that was my fault Ji-eF[m], no worries) | 19:49 |
KatolaZ | (just file it, and we will reassing it to policykit) | 19:49 |
Ji-eF[m] | OK, I'll write that 🙂 no problem ^^ (I did not send anything yet :] ) | 19:50 |
KatolaZ | Ji-eF[m]: thanks a lot | 19:52 |
Ji-eF[m] | Bug report sent 😛 I tried to be as descriptive as possible | 20:06 |
KatolaZ | Ji-eF[m]: saw the but report | 20:25 |
KatolaZ | thanks a lot! | 20:25 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!