libera/#devuan/ Thursday, 2020-08-27

« Wednesday, 2020-08-26 Index Friday, 2020-08-28 »
tuxd3vhello all01:54
tuxd3vI have a nfs problem :S01:55
tuxd3vI am trying to export 2 diferent folders01:55
tuxd3v/mnt/A01:55
tuxd3v/mnt/B01:55
tuxd3vbut in the client I see always only the folder //Mnt/a01:56
tuxd3vand not the folder //mnt/B01:56
gnarfaceheh, well //Mnt/a looks like a SAMBA path, not NFS.  could be related to your issue.01:59
tuxd3vhello gnarface , in the server I have 2 lvs, lvA and lvB, on same VG02:00
tuxd3vand I mounted them on /mnt02:00
tuxd3vboth lvs02:00
tuxd3vin the server..02:01
tuxd3vI exported them02:01
gnarfacehmm, i can't say i've tried lvs with nfs so i don't know if that could be related02:01
tuxd3vit his exporting the /mnt/A fine, but when I open the /mnt/B in the client it shows me exactly the same information that exists in /mnt/A02:02
tuxd3v:S02:02
gnarfaceinteresting02:02
tuxd3v:D02:02
tuxd3vyeah02:02
tuxd3vI am using a 'export -rva' on the server, I even rebooted him02:02
tuxd3vbut the problem continues02:03
gnarfacepastebin me your /etc/exports file and i'll sanity check it for you02:03
gnarfaceother than that i've got nothing02:03
gnarface(sorry paste.debian.net please, not actually pastebin)02:03
tuxd3vmaybe its a limitation of NFS that it can only share mounts on the same mount... by other words, mounts that are submounts of a root path02:03
tuxd3vI don't remember now :S02:04
tuxd3vsure, I will send you my config :)02:04
tuxd3vthanks02:04
tuxd3vzap...02:09
tuxd3vexportfs has the same fsid :S02:10
tuxd3vso it exported the same mount :S02:10
tuxd3von the second export I used a fsid=102:10
tuxd3vand it nows shows me the empty /mnt/B :)02:10
tuxd3vpuff02:11
tuxd3vwe are a bunch of freaks lol, a gazilion of options on exports, then a year os 2 later, you go to export something and nothing happen lool02:11
tuxd3vI am exporting using a 'fsid=' option02:13
tuxd3vthey are indeed to diferent lvs, or lets say 2 diferent fylesystems, so they cannot hold the same fsid.. that was the problem..02:14
tuxd3vtook maybe 10-15 minutes to figure that out.. I am getting my ass to old..lool :)02:14
gnarfacewait, so to be clear, you didn't paste me your config through any channels, right?02:15
gnarfaceyou figured it out on your own first?02:15
gnarfacei thought you said you were going to show me your config, then you didn't.  i just want to make sure you haven't pasted it to an imposter.02:15
tuxd3vWhen I was to paste, I just looked into the first parameter  (fsid=...), and I  tough... humm they are the same...?!02:16
tuxd3vheheh02:16
tuxd3vI post now, the correct one :)02:16
gnarfaceno it's fine i don't care if it is working for you now02:16
tuxd3vhttps://paste.debian.net/1161382/02:19
tuxd3vsee the 'fsid' option...now its correct02:20
tuxd3vthere are 2 diferent filesystems beign exported..02:20
tuxd3vone get a fsid=002:20
tuxd3vthe second a fsid=102:20
tuxd3vthey had the same fsid, and so NFS server exported always the same one :)02:20
gnarfacehmm.  well, glad to hear it wasn't a problem in the kernel02:21
tuxd3vits a 3 disk raid 5, plus lvm above02:21
tuxd3vinitially I tough, well I will create 2 Raid instances02:22
tuxd3vbut then since its not hardware raid, 2 instances would pull a bit of cpu02:23
tuxd3vthat's why I gone with only one raid instance02:23
tuxd3vand lvm above it with logic volumes above..02:23
humpty_dumptyHi, where can I find the fingerprints for the PGP keys, which are used to sign the Devuan release SHA256SUMS file?07:12
humpty_dumptyI'm currently stuck with the following command "gpg2 --recv-keys [...] --keyserver keys.gnupg.net".07:13
user____re: polkit and .policy files: the time has come to find a solution to make them devuan compatible or "gone"08:00
user____I did this: locate -r '\.policy$' on my beowulf new system and found about 39 of them in total.08:01
user____Not too many to bulk patch/edit using sed for example.08:01
user____The edit goal is to enable all permissions hoping that then the system scripts contaminated with polkit and systemd "rules" will revert to honoring the already set group and user permissions and mount options. I will try this and report.08:02
user____Is there an interest at devuan project level to implement this as a package/patch? Neutering polkit and causing the system to revert to "default" expected *nix operation?08:03
user____another: related: when installing java 11 openjdk, it brings in it's own policy files, these need to be excluded, i.e. the above locate -r also locates extra files which are not polkit related08:04
user____so we're actually only interested in files under /usr/share/polkit-1/08:05
user____locate -r '/usr/share/polkit-1/.*\.policy$' -- these08:06
user____the second part is to bulk edit the files in place using sed, after backing them up using tar08:08
user____sed command:08:08
user____sed -i -e 's/<allow_any>\([^<]\+\)<\/allow_any>/<allow_any>yes<\/allow_any>/g'08:10
user____and the same for allow_interactive and allow_active08:10
user____trying this now08:10
user____script verified: sed -ie 's/<\(allow_\(any\|active\|inactive\)\)>\([^<]\+\)<\/[^>]\+>/<\1>yes<\/\1>/g' $policy_files08:26
user____warning this edits files in place with no backup, use a tar backup 1st08:26
user____anyone else up / in Europe following this?08:26
user____confirmed all permissions granted with test script08:51
user____pasting it08:51
user____https://termbin.com/90c608:54
user____When you nice people wake up, do opinate on this "hack".08:55
user____Seems to work, all usual things are do-able without UAC after running it08:55
DPAuser____: To me, this is about as good an idea as adding "%users ALL=(ALL:ALL) NOPASSWD:ALL" to the sudoers file.09:47
DPAThere are probably already enough holes in policykit policies that allow programs to escalate to full root without allowing everything to do basically everything, don't make it worse!09:47
DPAI think which things should just work with no confirmation, or at all really, should be considered on a case-by-case basis, for each rule individually.09:47
DPAFor example, if you did this, I bet you could use org.dpkg.pkexec.update-alternatives.policy to add a symlink in /etc/profile.d/* or /etc/init.d/* or /bin/* pointing to a script in your control,10:02
DPAand then trick something that has root into executing it, for example by rebooting the system, or maybe even by just waiting for getty/login to restart, and thus to execute anything as root that way.10:02
ham5urgI just installed dnsmasq and got a config file destination like /etc/dbus-1/system.d/dnsmasq.conf and at last it is a XML file https://paste.debian.net/1161434/13:02
ham5urgWhat has dnsmasq been guilty of to desire such a sentence?13:03
* ShorTie snickers13:10
ShorTiei don't see devuan building dnsmasq, so it is a debian package13:13
ham5urgYes, I assumed that. Is there any other small dns cache I could use?13:14
ham5urgLooks like pdnsd is long gone.13:14
ShorTieSorry, got me on that13:14
gnarfaceit's really not that bad13:15
gnarfaceyou might be overreacting13:15
r3bootham5urg: you could have a look at unbound13:15
r3bootthat does a bit more then dnsmasq (which is perfectly fine as well)13:16
r3bootAlso, you can just feed dnsmasq it's own configuration; The xml file you posted are DBUS permissions, not dnsmasq configuration13:17
DPAI've replaced dnsmasq with bind9 everywhere.13:26
DPABut for the final local caching, you could try nscd.13:26
r3bootbind is way too much overkill for just a recursor (plus, lots of legacy code, and lots of vulnerabilities in the last couple of years)13:30
DPAThe bugs that get found tend to get fixed rather quickly, and it usually works really well and reliably. Most of the internets' important DNS stuff uses it, as far as I know.13:45
r3bootthere have been quite some migrations to nsd in the last couple of years13:51
r3boot(from nlnetlabs)13:51
ham5urgThanks guys, I switched to unbound as dnsmasq is to heavy for me.15:49
WafficusHello there, I'm trying to install Anbox through the Ubuntu PPA15:55
Wafficusis this possible, or do I have to install it through another route?15:55
Wafficushttps://docs.anbox.io/userguide/install_kernel_modules.html15:55
Death_SynI'd recommend dqcache for a dns cache15:56
Death_Synit's a fork of the djb dnscache15:56
JorilWafficus: it's not recommended to use Ubuntu PPAs with Debian/Devuan16:08
Jorilehr too late I guess16:08
fsmithredMaybe we'll learn the answer to his question when he returns.16:11
debdoghrrhrr16:12
DHEare there pre-built devuan packages for openstack or other cloud sources? the only ones I found were really old (like 2017)16:22
fsmithredDHE, check at pkginfo.devuan.org16:24
DHEI shouldn't have used package, I should have used "image". it wouldn't be a package. it would likely be its own private download like install media.16:29
fsmithredwhere did you find old images?16:31
fsmithredone of our virtual images?16:32
DHEnow I'm having trouble finding what I found. maybe I found the package for making images and confused it16:34
fsmithredI just found it16:35
fsmithredhttps://repology.org/project/openstack-devuan-images/versions16:35
fsmithredone jessie image created by Centurion_Dan16:35
fsmithredhttps://git.devuan.org/devuan/openstack-devuan-images <- This might go with that jessie image.16:38
fsmithredgo to master branch16:38
fsmithredhttps://git.devuan.org/devuan/openstack-devuan-images/src/branch/master16:38
DHEthis is for making images. I was hoping there were some pre-builts. but if not then I can take this route16:44
luser977did people react to my polkit neutering script from today?18:48
luser977https://termbin.com/90c618:49
luser977?18:52
nemohuh. I'm unfamiliar18:53
nemowhy?18:53
nemobut just noticed it now18:53
fsmithredwhat is the point of that script?18:56
nemofsmithred: https://pkginfo.devuan.org/stage/beowulf/beowulf/tomcat9_9.0.16-5+devuan2.html  tomcat9?? \o/  you guys have it now?19:17
nemohuh. it's still in https://pkgmaster.devuan.org/bannedpackages.txt19:20
nemoweird19:20
golinuxnemo: https://lists.dyne.org/lurker/search/20380101.000000.00000000@ml:devuan-dev,tomcat9.en.html19:35
nemo"thanks to amesser"19:37
nemoyay19:37
nemodon't see them here. but thanks19:37
luser977the point of that script is to revert behavior of the system to pre polkit annoyance (password requests).19:39
flingHow do I install icecat?19:39
fsmithredluser977, you can then start synaptic and gparted without a password?19:44
luser977after running the script the local and or remote user(s) can mount/umount volumes they are allowed to (unix group based) shutdown/reboot works w/o password reques, power button does initiate shutdown as configured. all standard as xfce4 was before polkit contamination.19:45
luser977yes if permissions are sufficient.19:45
luser977i.e. sudo configured for user/group19:46
luser977polkit is crap adding limits on top of existing limits. it can't enable something which is blocked at user/group permission level.19:47
luser977the unbelievable stupidity of the idea emanates out of the 1st paragraph. let's re-auth the authed user in case he is no longer himself. https://wiki.archlinux.org/index.php/Polkit19:55
furrywolfI know nothing about tomcat, but reading https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925473 makes me wonder if the dep on systemd is now a bug.19:55
luser977probably polkit related dep :-)19:56
furrywolfthat bug was closed with a patch to make tomcat install and work on non-systemd systems...  it was uploaded to experimental, which should have been moved to stable given when it was done...19:57
furrywolflooks like it might have never made it into the main repository20:02
furrywolfalso, every single post by anyone supporting systemd makes me want to strangle the author, just because of the way they present their arguments.20:03
fsmithredluser977, power buttons in xfce should work without messing with policykit20:48
fsmithrednot sure about mounting internal drives, but I can mount removables as user.20:48
xrogaanwait, the password thing is WAD?22:08
xrogaanAnd yeah, I can't powerdown without password request.22:09
xrogaanmounting requires password22:09
luser977fsmithred: after beo install mount and shut/power w/o password worked, after installing many more packages, started asking pwd. i23:25
luser977fsmithred: after beo install mount and shut/power w/o password worked, after installing many more packages, started asking pwd. i23:25
luser977one can compare the policy files i got as backup on disk with the live ones.23:26
luser977some package updates the policy files, unwantedly23:30
yanmaanigetting 404s when running dist-upgrade23:54
yanmaanianyone else?23:55
markizanoyanmaani: what's the first non-comment line of `/etc/apt/sources.list` say ?23:56
gnarfaceyanmaani: leading cause is using deprecated hostnames for your sources.list23:56
markizano^ +123:56
markizanofound that out the hard way myself.23:56
gnarfaceyanmaani: (some hostnames that were deprecated years ago finally stopped working)23:56
markizanoauto.mirrors.devuan.org is no more - use archive.devuan.org to get the latest on jessie if you are trying to upgrade from Jessie23:57
markizanouse deb.devuan.org for anything ascii and later.23:57
yanmaanideb http://deb.devuan.org/merged beowulf main contrib non-free23:57
gnarfaceyes23:57
markizanotrailing slash is necessary, right?23:57
yanmaaniIt's worked fine for other packages23:58
markizano(at least they had one in the docs)23:58
gnarfaceuh, i don't think trailing slash is required23:58
markizanook23:58
Jjp137it's not23:58
gnarfaceno, not required here but my old notes suggest that it at least used to be for debian23:58
yanmaaniWhen I go to the URL, they have packages there23:58
yanmaanibut not the version it's complaining about23:59
markizanohrmm... isn't `dist-upgrade` as an apt function also deprecated? isn't the new function `apt full-upgrade` in place of `apt-get dist-upgrade` ?23:59
yanmaanimarkizano: That doesn't work either23:59
« Wednesday, 2020-08-26 Index Friday, 2020-08-28 »

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!