libera/#devuan/ Tuesday, 2020-06-02

frabbitok i have 2 new problems here on two different computers, with different setups of devuan 2.102:57
frabbit1. i purged iptables yesterday from my computer and installed nftables. after boot i normally run a script that contains "ifup -v eth0" to bring up the connection i wrote in /etc/network/interfaces02:59
frabbitthis time it ends up with "ifup failed to bring up eth0" and some notce about firewall scripts from iptables that couldnt be found03:00
frabbitbut i could run apt update and now im here... o_=03:00
frabbitif i run ifdown i get eth0 is not configured...03:01
frabbitdoes nftables not use the interface file? does it bring up a available connection automatically while booting?03:01
frabbittheres no dhcp here or something like that. and theres no hotplug in interfaces (but even if, that doesnt matter at all, cause interfaces seems to be ignored by that inknown thing that brings my connection up...)03:03
frabbit*unknown03:03
frabbitthats my first problem03:03
frabbit2. on the other computer running minmal xfce and other beginner stuff, it often crashes after login to a xfce4 session via slim, but only since ive installed wlan stuff03:05
gnarfacewell, when i use iptables, i have to set up my own scripts to start it, so my guess is you installed something to do that for you and forgot to remove it, and that's what is choking, probably03:05
Oksana1. No idea. https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables No idea.03:05
frabbiti installed the open firmware driver for atheros, wireless-tools wpasupplicant and wicd-gtk03:05
frabbityesterday i tried to figured out what causes this crash and i rollback the system to the point before io installed the wlan packages03:07
frabbiti installed one packages after the other and made a reboot after every single package. i first thought it was wicd-gtk, but it worked after that too... but last evening and now (i was testing again) it crashes again...03:08
gnarfacefor #2 you're gonna have to get an error message or something at least03:08
gnarfaceor maybe try to get wifi up without the gui on that one, see if it still crashes03:08
frabbitit wont if i get wifi up with wicd-gtk ive tested that several times03:09
frabbityeah i check x logs03:09
frabbitfor #1: i didnt know that i have to do something while changing... i had never configured anything manually in iptables...03:09
gnarfacecertainly you must have installed some front-end for it03:10
frabbitfor iptabels?03:10
gnarfaceyes03:10
gnarfaceotherwise you would have had to write the iptables commands yourself by hand and add them to your init by hand somehow03:10
gnarface you'd remember doing that03:10
frabbitcant remember why i should do this, ive never get into that iptables stuff before...03:11
gnarfacewhat does this show you?  dpkg -l |grep iptable03:11
frabbitnothing03:11
* frabbit looks atm what frontends are there for iptables03:12
frabbiti didnt installed any of the ones listed here: https://de.wikipedia.org/wiki/Iptables#Frontends03:13
frabbitand here: https://en.wikipedia.org/wiki/Iptables#Front-ends03:13
frabbiti remeber to installed apparmor in the past, because i wanted to learn that stuff but delayed it since now. but thats something different03:14
gnarfacewell, what gives you that error at startup?  certainly it originated from something in /etc/init.d/03:14
frabbit*remember03:14
frabbitah forgot to notic, because i was in panic nftables broke my inet connection so irunned my script again adn it begins with reset &&03:15
frabbit*notice03:15
gnarfacethat's a really important detail03:15
frabbitbut i look if i can find output03:15
gnarfacenot just for this, but for every time it happens03:15
gnarfacestartup errors are going to almost 100% come from either the kernel itself or one of the services03:15
frabbitah its probably in dmesg03:15
gnarfaceyes, other notable spots though:  /var/log/syslog, /var/log/daemon.log, and /var/log/kern.log03:16
gnarfaceor really just anything in /var/log/ should be suspect until you know what it is for03:17
gnarfacethat directory is there for you, for exactly situations like this03:17
frabbitin dmesg its just abot bringing up etho via ipv6? o_003:17
frabbit*about03:17
gnarfacethere's every possibility ipv6 could have something to do with this03:17
gnarfacemaybe that's the gotcha - something about a difference in how iptables and nftables handle ipv603:18
frabbitin /var/log/syslog is the same as in dmesg03:18
* frabbit checking other two03:18
gnarfaceit should be, mostly.  that's expected03:18
frabbit*logs03:18
gnarfacethere should be a lot of overlap in syslog, dmesg, and kern.log03:19
gnarfacedaemon.log is more about what happens to the services after boot03:19
frabbitin /var/log/daemon.log only about gpm (terminal mouse) and lvmetad, is the last one important for that issue?03:20
gnarfaceuh... no idea.  never heard of lvmetad.  (i think now though you probably know why i'd do something like advise you to still use iptables despite what Debian's wiki suggests, though)03:20
frabbitin /var/log/kern.log the same as in dmesg again03:20
frabbitgnarface: huh? debian changed too nftables since buster03:21
gnarfacedon't "huh?" me.  the justification for my rationale is right under your nose.  if it were any closer it would bite you.03:22
frabbitis huh a bad word?03:26
frabbit9i thought its like "Hä?" i german but "Hä?" is "Eh?" in english...03:27
frabbithmm.. but it is too: https://www.dict.cc/?s=Huh03:28
frabbitso no bad word here03:29
frabbitok so it has something to do with ipv603:29
frabbithm.. so nftables brought up a connection via ipv6 here? ive checked my publich ip and it is ipv4 like in the past...03:36
frabbit*public03:36
gnarfaceno it's not that "huh?" is a bad word, it's just that i've repeatedly reiterated that iptables has more testing in the wild, and that switching to nftables might bring unforseen compatibility issues.  i'm not insulted by the word "huh?" i'm insulted that you are failing to hear me say "i told you so."03:37
gnarfacei don't know specifically what's wrong with nftables here, i just vaguely remember testing it and immediately going back to iptables because it didn't work for whatever i was doing.03:38
gnarfaceadmittedly that was many years ago, but i'm not seeing any evidence presented by you that the situation has changed03:38
frabbiti did read that03:38
gnarfaceand no, i'm not some sort of iptables fanboy.  i hate it too.  BSD has done this far better with packetfilter03:39
frabbitbut im not a man who went back to something in the past when something new causes issues... except they are unsolveable03:39
gnarfacebut when you introduce unknowns, you inherently introduce unquantifiable risk03:39
frabbiti didnt say that you are a fanboy... o_003:40
gnarfaceand i didn't accuse you of that.  i just want to make it clear for other readers, because if they've read the last 2 days of scrollback they might mistakenly think i'm trying to defend iptables or something03:40
frabbiti didnt even know that (as far as i can read in ur answer) that theres a fan against fans war or something between iptables and nftables...03:41
gnarfacepeople are clannish, to some degree it is natural03:41
frabbiti dont hat iptables ive never worked with it before, i just read yesterday, that debian changed to nftables, because its mor easy to use and stuff like that...03:41
frabbitgnarface: those people are stupid ;)03:42
gnarfacesure, but clearly actually changing your stuff to it isn't quite the drop-in replacement they sold you on03:42
gnarfaceand that was my experience too03:42
gnarfacesorry i can't remember more specifics03:42
frabbitgnarface: o i couldnt knoew that =(03:42
frabbitgnarface: np03:42
frabbit*knew03:42
gnarfacei've basically pointed you in the direction i'd look to figure out what was happening, that's the best i can do right now03:43
gnarfacemost likely someone with more nftables experience has already run into this and can tell you a simple fix03:43
frabbitive met some people too who bashed me for using a non systemd distro. thats stupid! i can use what i want and they too, so everyone can be happy whats wrong with those people?...03:44
gnarfaceit's a discusson for #debianfork03:44
frabbityes =)03:44
frabbitok btt03:44
frabbitso u used nftables in the past and got problems with it. did u find it harder to use too or something, harder to learn?03:45
gnarfaceno, it was a situation just like this.  i tried to upgrade because i read somewhere it was new and better, but it couldn't readily prove that to me within the time i had allocated for the task so i reverted.03:47
gnarfacewhen you do a lot of years of sysadmin work, you eventually learn to equate all change with risk, so when you find something that works, you just stick with it as long as possible.  and situations like this are what teaches you that.03:48
frabbitok03:48
frabbitgnarface: oh no i know that and im not a sysadmin! =D03:48
frabbitthats fact 4 all parts of life03:49
gnarfaceso, to be clear, i do encourage you to spend as much time figuring this out as possible, but when you're out of time and you just need it to work, remember i advised you just stick with what already worked03:49
gnarfacethe only material benefit of nftables is that it's supposed to be easier to use... but it failing to work out of the box on a working configuration sortof belies that03:50
gnarfaceso you gotta ask yourself what is the priority goal here?  to learn nftables, or to get a working firewall...03:50
masonnftables does some stuff that iptables couldn't, catching Linux up to where the BSDs were in the 90s. For instance, you can address packet options with nftables.03:50
frabbitgnarface: i have already purged it and installed iptables again ;)03:51
gnarfacefrabbit: well, make sure it works once again and some config didn't get corrupted03:51
frabbitgnarface: i dunno how to check this... =(03:51
gnarfacemason: can't you do that with some iptables extensions now though?03:51
gnarfacefrabbit: well then how did you know it was even working before????03:52
masongnarface: Maybe. Unsure. I remember having to give up things like "drop all fragments" when I moved from ipf to iptables aeons ago.03:52
frabbitgnarface: i do not and i didnt say that03:52
gnarfacemason: oh, hmm. i admit that's something i only have done on BSD03:52
frabbiti just got iptabels error and automatically network connection without running my script first to set eth0 up03:53
gnarfacefrabbit: you really gotta figure out what's going on in your boot up03:53
frabbitgnarface: what do u mean?03:54
gnarfacefrabbit: i mean, this should be simple to figure out where that error is coming from exactly03:54
gnarfacefrabbit: the whole point of the sysv init is that it's supposed to be transparent to the administrator03:54
frabbiti just remember that it could find (or bring up?) firewall090 or something03:54
gnarfacelike as a named device?03:55
gnarfacethat really sounds like something you installed had to do that03:55
frabbiti dunno... =(03:55
gnarfaceyou didn't just copy any configs from elsewhere, did you?03:55
frabbitno03:55
gnarfaceit's gotta be from a package you installed then03:55
frabbiti didnt do anything except purging iptables with my purging script and apt install nftables thats all03:56
gnarfacemaybe try "dpkg -l |grep firewall" ?03:56
frabbitok03:56
frabbitno output03:56
gnarfacehmm.03:56
gnarfacetry other keywords besides firewall?03:57
gnarfaceanything that comes to mind that might be suspicious?03:57
frabbiterrm..03:57
frabbityou mean a placeholder like *03:57
gnarfacewell if you want to see the whole list just run: dpkg -l03:57
gnarfacethat's every installed package03:57
frabbityeah that what i know03:58
frabbitand then looking for firewall?03:58
gnarfaceor anything that looks like it might be the source of that error03:58
frabbito_0 how could i know03:58
frabbitbut wait03:58
gnarfacestring matching03:58
frabbityou say theres might a package left from nftables?03:59
gnarfaceno, that's not what i'm saying03:59
frabbitotr it brought one with its installation?03:59
frabbitoh...03:59
gnarfacewhat i'm saying is i think somewhere you must have brought in iptables scripts you didn't expect to have04:00
gnarfacethat's my guess based on the error you are reporting anyway04:00
gnarfaceand i don't have them even where i'm running iptables, so i'm just as in the dark as you on this04:00
frabbit=(04:01
gnarfacei've gotta eat, but i'll probably be back later04:02
frabbiti wil reboot now to see if my connection setup will work again like before now that ive removed nftables04:02
frabbit*will04:02
gnarfacegood luck04:02
frabbitthx04:02
frabbitgnarface: works like before! =>04:09
frabbitill paste the output of my script that i run for connecting and update04:10
frabbittheres about that iptables stuff that doesnt worked with nftables (of course now theres no error)04:11
frabbithttps://paste.debian.net/ is unavailable04:13
frabbitso ill use paste204:13
frabbithttps://paste2.org/V3UCH6Zm04:13
frabbitthese run-parts things werent working with nftables and ifup as i explained before04:14
frabbithowever...04:20
frabbitmy problem number 204:20
frabbiti ve looked at .xsession-errors but that fikle is uge... >50K lines... on my computer ive a script that make my get rid of these files, empty them or what ever, but on that other computer the user doesnt run any scripts (manually)04:21
frabbitmaybe best to do is to clear these logs first and reboot that often (and clear the logs again...) as it takes that this issue shows up again (as i said sometimes it just works...)04:22
plasma41frabbit: I had issues with the .xsession-errors growing at an alarming rate recently after installing a bunch of updates. I haven't been able to pinpoint the cause, but running `> ~/.xsession-errors` from the shell will at least truncate the file size back to zero. Not a permanent solution, but allows you to recover disk space until you can reboot.04:28
frabbitplasma41: =D i can imagine that. ive wrote a script a few minutes a ago that just "echo "" > ~/foobar" "rm -r ~/foobar" logs cache and stuff04:56
frabbitso about problem number 2: only slim gave me a log04:57
frabbiterror by signal 104:57
frabbitbut i start the computer again atm, cause it freezes after i runned service slim stop and then changed to tty704:58
frabbitso i thinks its slim what causes this problem. i log in at slim, then screen stays black. all logs are empty except /var/log/slim.log: https://paste2.org/gAnfXa3j05:31
frabbit*think05:31
frabbitotr better slim in connection with some wireless packages, probably wicd-gtk05:33
frabbit*or05:33
frabbitbecause thats only since ive installed them (and i didnt installed anything else...)05:33
frabbitor change anything else in config or something05:33
frabbittheres another weird thing here: the hostname is displayed as "USERNAME@unknownfoobar" in tty and graphical terminalemulator, but running hostname give me the correct hostname as output, also the hostname files contain it...06:09
frabbitcant find anything about that hostname thing...06:29
frabbitah wait!06:29
frabbitis it because it is the same hostname on both machines and theyre running on same network?06:30
frabbitman probably thats it right?06:30
frabbitbut they have both different ips...06:30
frabbitok i changed that now its solved now unknown host something any mor06:39
frabbitbut could that caused that issues with slim / display whatever?06:39
frabbitprobably not because the hostnames are the same since months....06:40
frabbitand the slim issue is only since these wlan packages are installed06:40
gnarfacefrabbit: slim has been known to have problems with some graphics drivers07:30
gnarfacefrabbit: it's completely possible07:30
gnarfacefrabbit: (i think it enables compositing by default)07:30
frabbitgnarface: ok. but it is weird that this issue is only since i installed that wlan stuff...07:46
gnarfacefrabbit: it's weird but possible in cases like this, but probably if you tested lots of other programs using the same gui toolkit you'd notice some of them occasionally causing the same problem07:48
gnarfacefrabbit: but that also would probably be something you could find other bug reports about (slim + particular drivers/kernels)07:48
gnarfacefrabbit: trying something other than slim would be a good test, too.  but if i were you i'd check on the graphics driver possibility first07:50
gnarfacefrabbit: to be clear though, i didn't actually look at anything you put on paste2.org07:51
frabbitah yeah.. theres xdg i think07:51
gnarfacei think you mean xdm07:51
gnarfaceyea, i use that one07:51
gnarfacei mean, i've used it07:51
frabbitor xdm07:52
frabbitgnarface:  and now?07:52
frabbitno dm any more?07:52
gnarfacewell, what i mean is i usually avoid a graphical login, but xdm is the one i resorted to before when i had to setup a shared console with someone07:53
frabbityeah me too07:53
frabbitbut its not my computer07:53
gnarfacebecause, iirc, the default one couldn't handle dual monitors gracefully if they weren't both always on07:53
frabbiti mean i wouldnt install any dm if theres wasnt this "time out" thing on tty login: after some time it resets07:54
gnarfaceuh... that timeout issue is probably dns/hostname related07:54
frabbitand for older personsn or chidren this can be a problem, because they cannot type so fast eventually07:54
frabbitgnarface: oh!07:54
gnarfaceno, probably not what you speculated earlier that you were reusing a hostname, since like you said the IP addresses were different, but i still suspect you made a mistake in there somewhere07:55
frabbitwhat do u mean07:55
gnarfacei just remember there could be some weird timeouts introduced if you fuck up your /etc/hosts and you're not backing it up with a fully configured local DNS07:55
gnarfacelike, make sure you have 127.0.0.1 defined to localhost in there07:55
gnarfaceor shit gets weird07:55
frabbitthis is tehre07:56
frabbit*there07:56
gnarfaceok, just making sure07:56
frabbiti never change that file except for changing the hostname07:56
frabbitok ;)07:56
gnarfacere-reading what you just typed i think you're talking about a different type of time-out than i was thinking07:56
frabbithm?07:57
gnarfacelike a long delay loading the prompt07:57
frabbiti mean when u wait to long the tty resets and u need to beginn again with typing in ur login name07:57
frabbit*wait to long at login07:58
gnarfaceoh, yea i misunderstood. nevermind then07:58
frabbitoh ok07:58
frabbitbut u know that?07:58
gnarfacexdm is unambitious, graphically.  it should work with anything07:58
gnarfacei did not know that slim had a login timeout but i'm not surprised07:58
frabbitno i mean the tty07:58
frabbitwhen u have black screnn and just login mask07:59
gnarfacehmm, i'm not sure i've seen that but honestly i've never tried leaving a half-typed in username there and come back to it hours or days later07:59
frabbit"localhost login:"07:59
gnarfaceit might be something optional you've added07:59
frabbitno thats not hours, thats often in under a minute!07:59
gnarfaceinteresting08:00
gnarfacemaybe it's new08:00
frabbiti havent added anything08:00
frabbitcan remember when that wasnt...08:00
gnarfacei can't remember actually testing that08:00
frabbitit annoys me always when i begin loggin in on tty zears ago and had bad long passphrases08:00
frabbitbut there must be some config or something to remove this mechanic or gain the time till it resets08:02
frabbitor not?08:02
gnarfacewell, it's open source08:02
frabbit=D08:02
gnarfaceso you can change anything if you have a strong enough will08:02
frabbitsure08:02
frabbiti will recode it!1!08:02
frabbitxD08:02
frabbitok xdm then08:03
gnarfacei can't tell you off the top of my head how to change THAT08:03
frabbitgnarface: oh look: https://askubuntu.com/questions/895700/changing-the-login-timeout-for-tty08:05
frabbitcool that should do it!08:06
frabbitsimple entry chnage, default is 60 here too08:07
frabbit*change08:07
frabbitworks! ive testet with 10 seconds08:09
frabbitnice!08:09
frabbiti will never need to install a display manager for the beginner systems! muharharhar!08:10
frabbit_arg! why is that shutdoen button in xfce needing a dm?!08:25
frabbitif i click on it now that slim was purged im not authorized...08:25
frabbitthere was something similar here when i asked here the first time abou xfce i think...08:27
* frabbit checking irc logs08:27
* golinux wonders why she's seeing frabbit08:38
golinuxAh, different user name with a _ at the end08:38
Xelraawhen will beuwulf be stable?08:40
tomtasticRight now08:41
tomtasticXelraa --> https://devuan.org/os/08:42
frabbitgolinux: what? =D08:43
frabbittomtastic: hey!08:44
frabbitwhen did that happend? last night? =D08:45
tomtasticYesterday.08:45
frabbitcool!08:45
tomtasticYes!08:45
frabbitThank You very much to all Devuan developers!08:45
* frabbit upgrades to Beowulf on one system.08:46
* tomtastic has already upgraded to Chimaera :)08:47
frabbittomtastic: =D08:52
frabbiti love these names08:52
frabbitok as it seems these reboot and shutdown buttons in xfce menu are using pkexec so my USER can run these commands as another user (that probably has the permissions for that command)08:54
tomtasticEvery morning I'm checking https://buildd.debian.org/status/package.php?p=nodejs&suite=experimental to see when Debian finally manages to build nodejs on some silly MIPs arch so they can finally move it from experimental to unstable.09:00
tomtasticIt's amazing really that debian can run on so many architectures.09:01
frabbitdid the color of the website changed?09:09
frabbithm i didnt ran apt-get dist-upgrade i just run ap upgrade, but it is the same in this case is it?09:14
frabbitwhat kernel does Chimaera have and how many architectures are supported?09:34
Xelraayou gotta be kidding me that it come out yesterday can't wait to install it I wiped clean an archlinux installation for it already :P09:52
frabbitXelraa: =D09:53
frabbitXelraa: you are just in time ;)09:53
frabbitok nice i cant upgrade with apt upgrade after changing ascii to beowulf, system is broken now11:05
gnarfacefrabbit: no, dist-upgrade is not the same in that case11:53
gnarfacefrabbit: using upgrade instead of dist-upgrade when switching releases will leave you with only partially upgraded packages11:53
frabbitgnarface: yeah ive already found out.. =(11:58
frabbitdoesnt matter i wanted to reinstall the system i will first install beowulf on, so i dont care11:59
gnarfacefrabbit: well so you know for next time, Debian recommends upgrading like this:  "apt-get update && apt-get upgrade && apt-get dist-upgrade"12:03
ShorTiei thought that they really don't think that is a good idea12:04
ShorTiebest to do fresh install when changing distro's12:05
gnarfaceShorTie: i said switching releases, not switching distros, but of course Debian would recommend NOT to migrate installs to Devuan... they strictly recommend against distro mixing, which in fact we do too12:10
gnarfaceShorTie: neither Debian nor Devuan recommend freshly reinstalling between release versions12:11
gnarfaceShorTie: that's more of a "only if you messed it up" option12:11
frabbitgnarface: yeah ive done this in the past but its long long ago...12:12
frabbitlast time for jessie12:12
frabbitupgrade TO jessie12:12
gnarfacefrabbit: there are release notes, you should read them https://files.devuan.org/devuan_beowulf/Release_notes.txt12:12
frabbitShorTie: who is they? and a new version of a distro is not a new distro12:13
ShorTieyup, it's that "only if you messed it up" option that gets me all the time .. :/~12:13
frabbitgnarface: done12:13
frabbitgnu/linux has to many distros...12:14
ShorTieit's is something i read i long time ago, and can't find again12:14
frabbitShorTie: come here #debianfork12:15
nemoso I was reading: https://www.phoronix.com/scan.php?page=article&item=rx5600xt-linux-vbios&num=115:58
nemo(I bought an rx5600)15:58
nemoI was wondering if: "Fortunately, no AMDGPU DRM kernel driver patches are needed or other changes... Just an updated Navi 10 SMC binary to be dropped in /lib/firmware/amdgpu/ and updating initramfs and a reboot to then enjoy the RX 5600 XT with updated vBIOS behaving on Linux."15:59
nemois reflected in the debian amd firmware15:59
nemoI guess I should ask in #debian too15:59
some_alexhi! I see beowulf is now officially stable. Congratulations everyone, big thanks to developers who worked on this so that everyone has init freedom!20:33
some_alexwow, the webpage says runit is supported too. Didn't see it in the beowulf beta installer. Did it get added in the latest release?20:36
fsmithredsome_alex, it's not in the installer yet.21:04
fsmithredexpect it in the point-release which will not be far away21:05
some_alexfsmithred: great, thanks! btw, is there a way to see package info like on the debian website? devuan package info website is very limited. I can't see what files a package provides, I can't download it's sources from the web, etc. etc. Is there a reason why it _that_ limited compared to debian's website?21:44
fsmithredinstall apt-file, run apt-file update, then apt-file list <package> or apt-file find <file>21:45
fsmithredapt-get source <package>21:45
fsmithredprobably has to do with the fact that we don't host most of the packages21:46
fsmithredbut that's a guess21:46
fsmithredif it's an un-forked package, you can download it from debian's website21:46
some_alexfsmithred: I know apt-file, but what if I don't have the machine at hand? Would be helpful to be able to use a website for this. Isn't debian's website open-source?21:49
fsmithredI would expect so21:49
some_alexI used parabola before devuan so I'm used to forks copying the infrastructure of the base :)21:51
fsmithredthere's probably a good reason why we're not using a clone of their system, but I don't know what it is.21:51
fsmithredyou can download our forked packages directly from pkgmaster.devuan.org, but you have to know what version you want and you have to poke around to find it.21:52
nemoFWIW, my question earlier about the amd firmware update, the answer is that the debian packages are all older than the AMD fix21:52
nemoso it could be a while before the change works its way back21:52
nemoso I either put up with 5%+ performance reduction or figure out how to get the firmware file dropped in the right place21:52
nemofor now I'm going to do the former, but we'll see.21:53
some_alexwhat could possibly change my initrd image? I never updated my initrd, but for some reason at some point it was changed. The only program I can suspect is apt. I installed a lot of packages during the time it might have been changed. But I never installed other kernels or regenerated it myself. What could have happened there? The symlinks in / haven't been touched btw22:02
some_alexsorry if I already asked this, don't remember asking here22:02
ErRandirif you installed/updated a kernel module that will trigger a rebuild of initrd22:13
fsmithreda lot of packages trigger a rebuild of the intrd22:19
fsmithredhappens to me several times a day22:20
some_alexfsmithred: so it's normal to have initrd rebuilt when installing regular packages?22:31
fsmithredyeah, for some packages22:31
specingsome packages are more regular than others22:32
some_alexfsmithred: what if /boot is read-only? Will apt just fail and report it or silently ignore the need to rebuild initrd?22:33
fsmithredprobably get an error22:33
fsmithredpermission denied, I guess22:33
some_alexthanks!22:34
fsmithredI hope you're not thinking of making it read-only to prevent initrd updates22:34
some_alexfsmithred: no, I'm making it read-only to simplify verification of the contents of /boot. /boot is unencrypted until I flash libreboot onto my BIOS chip so I store checksums of every file in /boot to make sure it wasn't tampered with while the machine was unattended. It's fine if I have to remount it for a minute to use apt.22:46
fsmithredcool22:46
fsmithredyou know about the debsums package?22:46
some_alexno, what does it do?22:46
fsmithredverifies the checksums on installed files22:47
fsmithredI use it to list all config files that have been changed from their defaults22:47
some_alexwow, this sounds really nice, thank you!22:48
fsmithrednot that I'm worried about someone else changing my files - I just need to remember which ones I messed with.22:48
fsmithredthere's also tripwire which I think is similar22:49
some_alexwell I'm very paranoid, expecting that someone with at least my level of knowledge would magically appear in my flat while I'm not there and mess with my software xD22:51
HurgotronI'm using full disk encryption against that.22:51
some_alexguess why I haven't used that machine much after inird was updated LOL22:51
some_alexHurgotron: me too, but /boot is still unencrypted22:52
Hurgotrongotcha.22:52
some_alexwould never install an OS for myself without full-disk encryption22:52
some_alexLUKS+LVM == LOVE22:53
Hurgotronand RAID-1 below22:53
some_alexwell on desktop yes, I'm going to use zfs after I buy the drives22:53
some_alexI mean I'm gonna use it as a server but it's basically an old desktop22:54
some_alexa single drive would cost me 3 times the price I got this desktop for, hehe22:55
masonI do ZFS mirrors atop LUKS. Works well.22:59
masonI'm not so fond of the new native encryption, but if you don't have existing infrastructure, it probably wouldn't matter so much. It's painful shipping ZFS data from an encrypted dataset to an unencrypted one.23:00
some_alexfsmithred: I'm curious though. Why isn't the initramfs-tools dir not changes due to this? Why isn't there any config file with the list of modules that initrd should contain?23:08

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!