libera/#devuan/ Tuesday, 2019-02-26

Quijote_LibreHi, i search a good tuto for install openbox on a Devuan withoutx16:15
koffkoffHi all. I have some question regarding changing Debian as our upstream source as OS to Devuan.16:24
koffkoffOur current solution is that we have a debian based operating system where we apply patches to some packages but take most as is.16:25
koffkoffWe're currently looking to migrate from jessie (where we use Sysvinit) to buster, and I'm considering prosposing basing it on Beowolf instead. Is this the right place to ask questions about this?16:26
sixwheeledbeastjust ask away16:28
koffkoffOK, so one concern I have is how long it usually takes for security fixes that Debian has released to reach the Devuan repositories.16:28
debdogkoffkoff: the vast majority of packages come directly from debian. so the answer is: instantly16:33
debdogwell, as soon as their mirrors are synced16:34
koffkoffdebdog: Way to answer my question before I asked it!16:35
debdogexcept for these: https://pkgmaster.devuan.org/bannedpackages.txt16:35
golinuxkoffkoff: Depending on your usecase Beowulf may or may not be the best choice16:35
golinuxMight be better to stick with ascii for now.16:35
debdogoh, missed that part. jessie to buster is skipping one release16:36
golinuxThat was going to be my next comment16:37
golinuxThe changes in Buster/Beowulf have cause me quite a headache16:38
* debdog g2g. but golinux is more involved and should know better16:38
golinuxNo more gksu.  Merged /usr16:38
koffkoffI'll try to explain how we work in order to give a better understanding of why we're skipping the step in the middle, TL;DR we're not running pure Debian atm.16:38
golinuxThat could be "interesting"16:39
koffkoffSo what we're doing is we a subset of the Debian packages that we need for our solution (where we activly patch some and take some from another source, the kernel being one).16:39
koffkoffon top of that we have our own developed debian packages that we're supporting.16:40
golinuxkoffkoff: I would save the details for someone with more experience than me.  I am a lowly desktop user.16:40
koffkoffgolinux: OK.16:41
golinuxBut I do keep track of the big puvture issues16:42
golinuxpicture really16:42
golinuxI do have Beowulf running in a VM but don't spend much time there doing work.  Mostly to do the default theming.16:43
golinuxMy daily driver is still jessie.16:43
koffkoffDo you know of any big examples of where devuan is used that I can take as examples? I have found ipv6onlyhosting.16:43
golinuxhttps://devuanhosting.com/en-us/cms/16:45
koffkoffIs the major release planned in the same timeframe as Buster?16:45
golinuxI think that's the same host as your url.16:45
koffkoffgolinux: That probably desrves a let me google that for you :X16:45
koffkoffdebdog: thanks for the link of the banned packages btw.16:46
golinuxWe're trying to catch up with Debian release cycle16:46
golinuxI'm hoping that we have a beta by the time of the conference.16:46
koffkoffRight, that sounds promising if you're able to hit that mark.16:47
golinuxfsmithred is working on a multiboot usb for the occasion.16:49
koffkoffgolinux: Thanks for the answers, I'll see if I can convince the rest of the team.17:02
golinuxkoffkoff: Maybe you'll be able to catch KatolaZ who can provide more technical advice.17:08
golinuxHope it works out for you.17:08
KatolaZgolinux: ?17:30
koffkoffKatolaZ: He was answering me that you might have better technichal experience regarding using Devuan as base for a Dist rather then Debian.17:31
koffkoffSo I'll try and shoot you a question if you don't mind.17:32
KatolaZmaybe she :)17:33
koffkoffSorry for assuming :X17:33
KatolaZ:D17:33
KatolaZnw17:33
KatolaZso17:33
KatolaZwhat's the matter/17:33
KatolaZ?17:33
koffkoffI take it that packages that does have Systemd dependencies have Debians repository as upstream, or are they usually taken from the original upstream?17:36
koffkoffThe reason I'm asking is whether we can rely on debian security patches to trickle down aswell.17:37
KatolaZkoffkoff: any package that has not been forked by Devuan comes directly from debian17:38
KatolaZas the corresponding security updates17:38
KatolaZsecurity patches for packages forked by devuan are managed by devuan17:39
KatolaZwe have had a couple of those, and they have been solver withing a couple of days at the latest17:39
koffkoffKatolaZ: OK, and the fork is typically from debian I take it?17:40
KatolaZyes17:41
KatolaZexcept for packages that are not in debian17:41
koffkoffand solved within a couple of days from a CVE being issued or from a DSA being issued?17:41
KatolaZlike eudev, elogind, and a few more17:41
KatolaZkoffkoff: we don't have many forked packages17:41
KatolaZthey are a few hundreds17:41
koffkoffKatolaZ: a few hundred is a lot in my book =)17:42
KatolaZkoffkoff: it depends on how many CVEs those few hundreds have seen...17:43
KatolaZso a few hundred means nothing in my book, without further specification :)17:44
koffkoffDo you have any similiar tracking system as Debians DSA system for the packages you maintain?17:45
KatolaZnot yet koffkoff17:45
koffkoffRight, so currently the quickest way to get notified of updates would be to poll the repository for new version then I take it.17:46
KatolaZuh?17:46
koffkoffI'm referring to Devuans APT repository if that clarifies things.17:48
KatolaZkoffkoff: please ask your question17:48
KatolaZit looks like you are circling around it :)17:48
KatolaZwe have had only two security issues on packages forked by devuan in the last 4 years17:49
koffkoffWhen a security update has been made to for instance eudev, how will I see it?17:49
KatolaZand in both occasions we have provided a fix within one/two days17:49
KatolaZyou will get it17:49
KatolaZmuch before you notice it :)17:49
KatolaZthere is little scope to keep a separate DSA system for such small numbers17:49
koffkoffWell we are running our own APT mirrors which we will need to update.17:50
KatolaZI guess you see the point17:50
KatolaZkoffkoff: I guess you don't sync mirrors manually at the moment, right?17:50
KatolaZor do you?17:50
koffkoffWe do sadly, for some packages it's necessary since we patch them.17:51
KatolaZkoffkoff: then the best way to get updated news is to subscribe to the ML and/or to dev1galaxy (the forum)17:52
koffkoffOn that point, what tools are you using for automatic updates?17:52
koffkoffRight.17:53
KatolaZkoffkoff: what do you mean by "automatic updates"?17:53
KatolaZupdates of what?17:53
KatolaZour repos or installations?17:53
koffkoffWhat tools are you using to syncing packages from debian to your APT repositories that doesn't require changes.17:53
KatolaZamprolla17:54
KatolaZit merges upstream with devuan repos17:54
KatolaZkoffkoff: amprolla is a custom software which is in charge of managing the merge17:56
KatolaZit runs continuously on our master mirrors17:56
koffkoffApparently one of the reasons for our manual updates is that a security fix (from debian) for glibc previously caused our virtualbox (taken from oracle) to not run.17:59
KatolaZkoffkoff: nobody has full control on what heppens in Debian, believe me18:01
koffkoffI believe you =)18:01
KatolaZthe process is quite well-vetted, but still, Debian is large, and the number of debian-derived stuff is even larger18:01
KatolaZso it's impossible to take care of every possible corner case18:01
KatolaZthis does not depend on running Devuan or Ubuntu or whatever18:01
KatolaZyou will have the same problem with any community-developed distro18:02
KatolaZonly, in De??an things tends to be much more stable if you keep in the stable branch18:02
KatolaZsince a package has to go a long way before getting in a stable release18:02
koffkoffI know, that's why we vet everything for our usecase when we update our reposities (though we also make mistakes).18:02
KatolaZbut I am probably stating the obvious here, sorry18:02
KatolaZkoffkoff: how do you mamage your repos, if I can ask?18:03
koffkoffWe have one git repository where we have all the packages that we take directly from Debian in one repo thet we call "repack" for legacy reasons.18:04
KatolaZok I was asking because yours looked like a job for aptly18:05
koffkoffThen we have for the other packaes (on the source level) a git repository for each package that we either modify, provide ourselves, or provide debian packaging for.18:05
koffkoffWe build those to get packages that we upload to our APT repository. Most of these steps are automated though.18:06
koffkoffNot sure if that answers your question though.18:07
KatolaZkoffkoff: in principle you could use amprolla to merge your local repos with whatever comes from debian18:07
KatolaZor with whatever comes from devuan, if you use devuan as a base18:07
koffkoffKatolaZ: probably, the only problem is that our customers are a bit nit picky on when/how to update (even when there are big security issues out there) which means that we need to maintain older pcakges.18:08
KatolaZkoffkoff: don't know your specific issues18:09
KatolaZsorry18:09
koffkoffWe provide internet connectivity to trains through modem uplinks. The company is called Icomera.18:10
KatolaZno I didn't mean I need to know :P18:10
koffkoffSorry if you didn't want to know :P18:11
KatolaZthis channel is public and logged18:11
koffkoffI know, it's no secret.18:11
KatolaZso I would not have requested any sensible information18:11
KatolaZfine18:11
koffkoffAnyway, I think I've gotten my questions answered, thanks for your time!18:13
KatolaZkoffkoff: nw18:13
KatolaZplease shout if you need more help/info18:14
* Ji-eF[m] sent a long message: < https://matrix.org/_matrix/media/v1/download/matrix.org/cJqBhKIVEOYwygzWUuFOaknR >18:14
koffkoffWill do.18:14
koffkoffI'm a novice at Devuan, however in Debian everything that is in the /etc directory is marked as config files and will survive an upgrade while /usr/share will not.18:15
Ji-eF[m]OK koffkoff thanks 🙂18:17
koffkoffJi-eF[m]: np.18:17
Ji-eF[m]Hum thing is... modifying /etc/polkit-1/actions/org.freedesktop.UDisks2.policy does not seem to have any effect... while modifying from /usr/share/polkit-1/actions/, it works fine (I try to mount an USB stick without entering root passwd)18:20
Ji-eF[m]Do I need to restart some service ?18:21
KatolaZJi-eF[m]: it should actually work ootb...18:26
Ji-eF[m]KatolaZ: yes. I checked perms on both /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy and /etc/polkit-1/actions/org.freedesktop.UDisks2.policy, they are both root:root and 644.18:59
Ji-eF[m]I'll try reboot my computer to see if there is an autorepair feature :p19:00
KatolaZno need to reboot Ji-eF[m]19:00
KatolaZit should be sufficient to logout/login again from your login manager19:00
Ji-eF[m]ah, Will try that then.19:01
Ji-eF[m]Nope, still can't mount my stick without root passwd.19:12
KatolaZJi-eF[m]: there is a thread on dev1galaxy about this stuff19:13
KatolaZJi-eF[m]: are you on ascii or beowulf?19:13
Ji-eF[m]not sure : testing19:14
Ji-eF[m]not sure about the name ^^'19:14
KatolaZbeowulf19:15
KatolaZ:)19:15
KatolaZJi-eF[m]: which DM and login manager?19:16
Ji-eF[m]ok 🙂 . I'm on KDE Plasma 5 , using SDDM as login manager19:17
KatolaZwhich session manager?19:17
KatolaZconsolekit or elogind?19:18
KatolaZSDDM might be the issue19:18
Ji-eF[m]this I do not know. How do I check ?19:18
KatolaZyou should have only one of the two installed19:18
KatolaZ(even if this is not guaranteed)19:18
KatolaZdpkg -l | grep elogind19:19
Ji-eF[m]I have elogind in /etc/init.d19:19
KatolaZdpkg -l | grep consolekit19:19
Ji-eF[m]meh ... I have elogind in i386 and consolekit in amd64 :/19:20
Ji-eF[m]OK, I tried the solution found here and it worked 🙂 : > https://dev1galaxy.org/viewtopic.php?pid=7848#p784819:29
KatolaZJi-eF[m]: can you please open a bug report on bugs.devuan.org?19:31
KatolaZso that it does not get forgotten19:32
KatolaZplease open it against elogind19:32
Ji-eF[m]Still, it's strange that modding /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy works while modding /etc/polkit-1/actions/org.freedesktop.UDisks2.policy does not...19:32
KatolaZand possibly cite the dev1galaxy topic19:32
KatolaZthanks19:32
Ji-eF[m]OK, I'll try.19:32
Ji-eF[m]sorry to be this much novice, but do I need to follow the "Sending the bug report via e-mail" at https://bugs.devuan.org/Reporting.html ?19:38
KatolaZJi-eF[m]: use `reportbug`19:38
KatolaZyou will need to send the report via email, but reportbug will prepare it for you19:38
Ji-eF[m]oh, I'll install it then :), thanks19:38
KatolaZnw19:41
Ji-eF[m]KatolaZ: > "Briefly describe the problem (max. 100 characters allowed)" What do I write here ?19:48
KatolaZops19:48
Ji-eF[m]"Unable to mount USB stick" ?19:48
KatolaZI guess the correct package is policykit19:48
KatolaZanyway19:48
Ji-eF[m]Oh19:49
KatolaZyes, something like "default policykit rule in beowulf requests root password to mount external USB drives|19:49
KatolaZ(that was my fault Ji-eF[m], no worries)19:49
KatolaZ(just file it, and we will reassing it to policykit)19:49
Ji-eF[m]OK, I'll write that 🙂 no problem ^^ (I did not send anything yet :] )19:50
KatolaZJi-eF[m]: thanks a lot19:52
Ji-eF[m]Bug report sent 😛 I tried to be as descriptive as possible20:06
KatolaZJi-eF[m]: saw the but report20:25
KatolaZthanks a lot!20:25

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!