nemo | does devuan use the debian kernel unmodified? | 04:02 |
---|---|---|
nemo | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876141 ← (asking due to this which impacts my SO's devuan laptop) | 04:02 |
gnarface | yes, devuan uses the debian kernel unmodified | 04:02 |
nemo | dirm | 04:03 |
nemo | *durn | 04:03 |
nemo | guess I really will have to build my own | 04:03 |
nemo | I guess enabling one little flag shouldn't break much hopefully | 04:03 |
nemo | might have to pin the kernel | 04:03 |
gnarface | if you name it correctly it won't replace your custom kernel | 04:21 |
nemo | well... given my total lack of familiarity with this, not placing super high odds on that, but here's hoping! ☺ | 04:22 |
nemo | (debian kernel packaging that is) | 04:23 |
nemo | doing my best w/ guides I've found so far, even though the "up to date" one is addressing situations that don't really apply here | 04:23 |
xrogaan | W: Failed to fetch http://deb.devuan.org/devuan/dists/ascii-proposed/InRelease: Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) | 04:23 |
xrogaan | What kind of issue is that? | 04:24 |
nemo | https://askubuntu.com/questions/899009/sudo-apt-update-always-giving-clearsigned-file-isnt-valid-got-nosplit-does (google - no, not familiar ☺ ) | 04:26 |
xrogaan | is it normal that the InRelease file is empty? | 04:28 |
xrogaan | nemo: well devuan is a bit special as it somehow mirrors with debian's repo. I believe we download most packages from debian's repository. | 04:30 |
nemo | yeah. it's just a thin overlay | 04:30 |
xrogaan | only that one is failing, everybody else is just fine. | 04:31 |
nemo | (thankfully, since it increases the odds I'll be able to convert most of the debian/ubuntu machines over here) | 04:31 |
xrogaan | oh, I use /devuan/ for proposed, but everybody else uses /merged/ | 04:32 |
golinux | https://devuan.org/os/etc/apt/sources.list | 04:36 |
nemo | yeeep totally screwed that kernel up. | 04:41 |
nemo | odd 'cause it was using the amd64 config | 04:41 |
nemo | no more wifi, no more sound, still no touchpad | 04:42 |
nemo | time to go back to the other one | 04:42 |
nemo | nice. no more usb either | 04:42 |
xrogaan | golinux: yeah, but the /devuan/ thing generate the NOSPLIT error. | 05:36 |
golinux | How do you know that? | 05:39 |
golinux | You have it right. There is no /merged on proposed. | 05:40 |
xrogaan | I know | 05:41 |
xrogaan | look at the error, my source is correct. | 05:42 |
xrogaan | am I the only one with this issue? | 05:56 |
xrogaan | Can I try a direct mirror instead of deb.devuan.org? | 05:56 |
xrogaan | Common wisdom from the internet say that a proxy might be misconfigured. I have none. | 06:02 |
jelly | golinux: no idea, did not ask | 06:27 |
xrogaan | yeah, so bad mirror | 06:51 |
xrogaan | I had some bad experience with the round robin. | 06:52 |
xrogaan | I need a way to blame somebody. | 06:52 |
Humpelst1lzchen | uhm, the latest firefox-esr security update broke sound somehow. Any ideas on that? | 06:56 |
Jjp137 | it only supports PulseAudio I believe so if you don't have that installed, that might be why | 07:03 |
Humpelst1lzchen | Jjp137: wtf? | 07:04 |
Jjp137 | you could probably use apulse to work around it | 07:04 |
Jjp137 | yup blame Mozilla | 07:04 |
Jjp137 | I haven't updated it myself b/c of that | 07:04 |
Humpelst1lzchen | not sure if using a ff with known security issues is a solution.. | 07:05 |
Humpelst1lzchen | lol apulse... "PulseAudio emulation for ALSA | 07:06 |
Humpelst1lzchen | lets just add another layer on top of another layer on top of another layer | 07:07 |
Jjp137 | lol yea it's silly | 07:07 |
Humpelst1lzchen | surpris�ngly it works with apulse.. | 07:10 |
Jjp137 | nice | 07:11 |
ErRandir | lol I did not know about apulse. Brilliant. | 07:49 |
KatolaZ_ | xrogaan: which is the issue with deb.devuan.org? | 08:38 |
xrogaan | it resolved itself | 08:39 |
xrogaan | InRelease files were empty | 08:39 |
xrogaan | or something | 08:40 |
xrogaan | I have no idea what was the issue, just that I got an error and no way to know which mirror generated it. | 08:40 |
KatolaZ_ | xrogaan: which suite? | 08:41 |
xrogaan | >> <xrogaan> W: Failed to fetch http://deb.devuan.org/devuan/dists/ascii-proposed/InRelease: Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) | 08:41 |
xrogaan | what's a suite? | 08:42 |
KatolaZ_ | ascii-proposed | 08:42 |
xrogaan | eventually the InRelease file got populated with content (was 0 byte at the time) | 08:43 |
KatolaZ_ | xrogaan: maybe you just hit the split second when one of the mirror was syncing? | 08:43 |
xrogaan | no, I did asked several times in a row | 08:43 |
xrogaan | well, "in a row" >> as I was trying to figure out what was wrong | 08:43 |
KatolaZ_ | that's pretty strange then | 08:44 |
xrogaan | There may have been one or several bad mirrors. | 08:44 |
KatolaZ_ | xrogaan: that's why it's strange | 08:44 |
KatolaZ_ | since we haven't had reports of missing or corrupt files | 08:45 |
KatolaZ_ | :| | 08:45 |
KatolaZ_ | I will keep an eye on that anyway | 08:45 |
KatolaZ_ | thanks for letting us know | 08:45 |
KatolaZ_ | :) | 08:45 |
xrogaan | would have given you more detail if I knew how to know which ip apt is hitting | 08:46 |
xrogaan | by the time I excluded my local network and started to investigate all the different mirrors, the issue was resolved. | 08:47 |
xrogaan | I would have go through everything in the round robin to see if all InRelease file were empty. | 08:47 |
KatolaZ_ | xrogaan: there is no need to do that | 08:47 |
KatolaZ_ | just shout | 08:47 |
KatolaZ_ | :) | 08:47 |
xrogaan | got stuff like this: http://dpaste.com/1GHMQ87 | 08:51 |
KatolaZ_ | that's an empty file | 08:54 |
xrogaan | yes, yes it is. | 08:55 |
xrogaan | but from where? | 08:56 |
KatolaZ_ | xrogaan: but why do you need to have ascii-proposed in the repos? | 08:56 |
KatolaZ_ | (that' not related, just asking) | 08:56 |
xrogaan | why no? | 08:57 |
xrogaan | why not*? | 08:57 |
KatolaZ_ | well, all the packages in there were migrated to ascii IIRC | 08:57 |
KatolaZ_ | that's just a temporary suite | 08:57 |
KatolaZ_ | anyway, I will keep an eye on this | 08:59 |
xrogaan | I don't know why it's activated, it's just is. | 09:03 |
xkr47 | another day, another debian 8 -> devuan ascii upgrade | 20:03 |
xkr47 | I like getting back in control. Also the procedure is pleasant. :) | 20:04 |
gnu_srs1 | xkr47: ;) | 21:20 |
xkr47 | I hate to say it but "Make Debian Great Again" sure nails it :D | 21:26 |
xkr47 | or would nail it if the maga thing would not ruin it | 21:27 |
xkr47 | btw on the page https://devuan.org/os/documentation/dev1fanboy/ I would recommend renaming all occurences of "Migrate" to "Migrate from Debian" as to make more people spot the gold that's available for free | 21:39 |
xkr47 | it might even improve SEO | 21:40 |
bigtitty | the minimal xorg install page is pure sex | 21:40 |
bigtitty | it's how i did my i3 install | 21:40 |
bigtitty | arguably the least painful minimali3 install i've ever done in a distro | 21:40 |
xkr47 | if I want to set up a local devuan mirror, what do I need to do? | 22:16 |
xkr47 | wget -r the base directory and just update the urls to my local copy? | 22:17 |
xkr47 | I would just need a snapshot to get a bunch of virtual machines updated from debian to ascii quickly | 22:17 |
KatolaZ | xkr47: mirror of what? | 22:17 |
xkr47 | I'd then change the urls back for future updates/upgrades | 22:18 |
gnarface | xkr47: a mirror is overkill for that. just use apt-cacher-ng | 22:18 |
xkr47 | devuan ascii | 22:18 |
KatolaZ | again | 22:18 |
KatolaZ | mirror of what? | 22:18 |
KatolaZ | install media? | 22:18 |
KatolaZ | or packages? | 22:18 |
xkr47 | thanks, gnarface already closed my issue :D | 22:18 |
KatolaZ | np | 22:18 |
xkr47 | btw, I'm a little concerned that the swapping of repos from debian to devuan uses http urls, and then you run "apt-get install devuan-keyring --allow-unauthenticated" | 22:22 |
xkr47 | this basically creates a clear mitm attack vector | 22:22 |
xkr47 | if I understood it correctly | 22:22 |
gnarface | yea if you're paranoid about that there's a couple better ways to do it | 22:23 |
xkr47 | BUT it seems pkgmaster.devuan.org (the server used for apt sources) supports https as well | 22:23 |
xkr47 | so I think that would perhaps be good enough | 22:23 |
gnarface | the key in that keyring is on public keyservers, you could just get it with gpg directly and use apt-add-key | 22:24 |
gnarface | then verify it matches the one in the package | 22:24 |
xkr47 | after you get the keyring in you can go back to http (to save devuan cpu load) and be able to verify packages normally | 22:24 |
gnarface | or you could probably just verify the checksum on the package too | 22:24 |
banshi | https://software.intel.com/en-us/blogs/2018/09/10/designing-firmware-for-an-open-world | 22:24 |
xkr47 | gnarface, would you recommend against using https (even temporarily) as a solution? | 22:25 |
gnarface | hmm. it's not called apt-add-key wtf is it called... i forget | 22:25 |
xkr47 | (I mean, it would solve the problem, do you agree?) | 22:25 |
djph | apt-key add [...] | 22:26 |
gnarface | xkr47: no, if you're worried about a man-in-the-middle attack, https can't protect you if they've hijacked your DNS service | 22:26 |
gnarface | djph: thanks | 22:26 |
djph | 'welcome :) | 22:26 |
xkr47 | true, but then the same goes for public keyservers? | 22:26 |
gnarface | yes, but, the key is visually verifiable | 22:26 |
gnarface | you can make sure it's the right key before you use it | 22:27 |
xkr47 | how? | 22:27 |
gnarface | djph: do you remember the command for that off the top of your head too? | 22:27 |
gnarface | i'd have to dig through the gpg manpage | 22:27 |
djph | which? | 22:27 |
gnarface | just printing a key to the console | 22:27 |
gnarface | so you know it's the same key | 22:27 |
gnarface | or the keysig or whatever it's called | 22:27 |
djph | gpg --export ? | 22:28 |
xkr47 | so how do you know it's the correct one then? | 22:28 |
gnarface | is that it? or is it just gpg --list-keys? | 22:28 |
xkr47 | when you have the key dumped on screen.. | 22:28 |
djph | i mran thatll print the ----begin pgp key ---- stuff | 22:28 |
gnarface | xkr47: then you compare it to the value listed on the web page and in the package in the repos | 22:28 |
djph | otherwise gpg --list-keys --fingerprint i think | 22:28 |
xkr47 | gnarface, at least the attack would have to be a lot more sophisticated to swap out all those services :) | 22:29 |
gnarface | well, at some point you have to trust something. if you can't trust your DNS you can't trust anything though. | 22:31 |
xkr47 | :D | 22:31 |
xkr47 | well at least you have dnssec enabled on your domain, that helps ^^ | 22:32 |
gnarface | well not MY domain technically. i'm not actually a member of the staff. however, they do hang out here occasionally and any of them could also just paste the key fingerpint in channel for you too | 22:32 |
xkr47 | ^^ | 22:33 |
KatolaZ | xkr47: the signing key fingerprint is reported in the ASCII Release Notes | 22:34 |
KatolaZ | https://files.devuan.org/devuan_ascii/Release_notes.txt | 22:34 |
xkr47 | thanks for taking interest to answer my questions despite the improbability of the issue | 22:34 |
KatolaZ | improbability is not an excuse | 22:35 |
KatolaZ | when it comes to security | 22:35 |
xkr47 | I guess you can't employ gpg in your installation instructions because one might not be able to install it in the before-devuan stage if you have a too old distro | 22:37 |
KatolaZ | uh? | 22:37 |
xkr47 | orr... does apt always depend on gpg? | 22:37 |
gnarface | it has as far back as i can remember | 22:37 |
gnarface | i don't think the key formats change very often | 22:37 |
gnarface | it's something you should be able to do from a debian install | 22:37 |
xkr47 | I mean to use gpg to download the keys instead of the --allow-unauthenticated step | 22:37 |
KatolaZ | xkr47: apt Depends: gpg | 22:37 |
xkr47 | right | 22:38 |
KatolaZ | you can't use gpg to download the keys | 22:38 |
gnarface | xkr47: yea, that's the apt add-key command djph mentioned above. you can totally manually add that key to apt without this package. | 22:38 |
xkr47 | so is the gpg-way more secure than using https servers? | 22:38 |
KatolaZ | unless you trust the source... | 22:38 |
xkr47 | mmmh | 22:38 |
KatolaZ | xkr47: what do you mean? | 22:39 |
KatolaZ | "more secure" than what? | 22:39 |
gnarface | xkr47: the idea is you *don't* trust the public keyserver implicitly without verifying the fingerprint on the key visually | 22:39 |
KatolaZ | you should get the key | 22:39 |
KatolaZ | and you can verify that you got the correct one | 22:39 |
djph | gnarface: and trusting a minimum number of signers. | 22:39 |
KatolaZ | by checking that its fingerprints correspods to the one published in the release notes | 22:39 |
xkr47 | would it be too cumbersome to have these steps in the migration docs? | 22:39 |
KatolaZ | xkr47: have you read the release notes file? | 22:40 |
KatolaZ | those steps are already there | 22:40 |
xkr47 | no :( | 22:40 |
xkr47 | I read https://devuan.org/os/documentation/dev1fanboy/migrate-to-ascii | 22:40 |
gnarface | xkr47: (i'm pretty sure the process is outlined somewhere on the debian wiki too) | 22:40 |
xkr47 | here were some instructions to get the signing keys from https://files.devuan.org/ : https://devuan.org/os/documentation/dev1fanboy/general-information | 22:42 |
gnarface | when was that written? i'm not sure that hostname still points to the same place | 22:43 |
gnarface | they might have changed it to packages.devuan.org | 22:44 |
gnarface | or maybe pkgmaster.devuan.org | 22:45 |
xkr47 | soo which is the correct hostname for packages | 22:48 |
xkr47 | https://devuan.org/os/documentation/dev1fanboy/migrate-to-jessie says pkgmaster.devuan.org | 22:48 |
xkr47 | https://files.devuan.org/devuan_ascii/Release_notes.txt says deb.devuan.org | 22:49 |
gnarface | xkr47: pkgmaster is the primary repo. deb.devuan.org is the mirror fanout | 22:50 |
gnarface | they should both work but mirrors experience transient failures during updates | 22:50 |
gnarface | (deb.devuan.org was added more recently) | 22:51 |
xkr47 | where I live (Finland), pkgmaster.devuan.org and *.deb.devuan.org all resolve to 5.196.38.18 | 22:51 |
xkr47 | while deb.devuan.org resolves to 14 ips | 22:52 |
xkr47 | of which one is that 5.196.38.18 | 22:52 |
gnarface | 5.196.38.18 is correct, i'm getting that here for pkgmaster too | 22:52 |
xkr47 | ah, fi.deb.devuan.org CNAME pkgmaster | 22:53 |
KatolaZ | xkr47: deb.devuan.org is a round-robin pool | 22:53 |
KatolaZ | xkr47: Release notes are authoritative | 22:53 |
xkr47 | yeah.. but why do fi, se, dk, uk, us and ch all go to the same as pkgmaster? country-specifc ones not yet set up properly? | 22:53 |
KatolaZ | (i.e., use deb.devuan.org) | 22:53 |
xkr47 | ok | 22:54 |
KatolaZ | xkr47: because we don't have 281 mirrors? | 22:54 |
KatolaZ | :) | 22:54 |
KatolaZ | we are working on that | 22:54 |
KatolaZ | see my email on DNG today | 22:54 |
xkr47 | thanks | 22:54 |
KatolaZ | yw | 22:54 |
xkr47 | DNG? | 22:54 |
KatolaZ | until 10 months ago we had just 1 master server and 1 mirror | 22:54 |
KatolaZ | now we have 17 | 22:54 |
KatolaZ | DNG is the mailing list | 22:55 |
xkr47 | ok | 22:55 |
xkr47 | https://lists.dyne.org/lurker/message/20180914.151733.910d656f.en.html | 22:56 |
xkr47 | is it very expensive to get localized dns? | 22:58 |
xkr47 | (at least I thought that's a thing :) | 22:58 |
xkr47 | soo https://devuan.org/os/documentation/dev1fanboy/migrate-to-ascii could be updated to use deb.devuan.org... | 23:00 |
KatolaZ | xkr47: what do you mean by "localized DNS"? | 23:01 |
xkr47 | oh, it seems the guide is already updated in git but not on the site.. https://git.devuan.org/dev1fanboy/Upgrade-Install-Devuan/blob/master/migrate-to-ascii.md | 23:02 |
KatolaZ | xkr47: I guessed golinux is making some edits there | 23:03 |
xkr47 | KatolaZ, in amsterdam I get | 23:03 |
xkr47 | www.google.com.295INA172.217.10.4 | 23:03 |
xkr47 | sorry for the tabs | 23:03 |
xkr47 | while in Finland I get 6 different IPs starting with 64.233.162. | 23:03 |
KatolaZ | xkr47: have you noticed we are not google Inc.? :) | 23:04 |
xkr47 | YES | 23:04 |
xkr47 | :) | 23:04 |
KatolaZ | good :) | 23:04 |
xkr47 | "why don't I have a nice cup of shut the irc up now? | 23:05 |
bigtitty | guys | 23:05 |
bigtitty | how do i develop autism | 23:06 |
bigtitty | not in the literal sense | 23:06 |
bigtitty | but in the i-dont-know-what-is-boredom-and-lonliness-sense | 23:06 |
bigtitty | Oh fuck, sorry, wrong channel | 23:06 |
xkr47 | you install systemd? :D | 23:06 |
xkr47 | sorry I didn't understand the question fully and went with a cheap answer. sorry for any offense I caused.. | 23:07 |
bigtitty | nah no problem | 23:07 |
bigtitty | guess i'm gonna have to do meth again for it | 23:08 |
xkr47 | sorry I won't be able to help you with anything past that point | 23:08 |
DonkeyHotei | sorry but doing meth is worse than systemd | 23:10 |
xkr47 | meh, the apt-cacher-ng in devuan jessie does not contain devuan mirrors | 23:24 |
golinux | KatolaZ: I emailed a correction to chillfan maybe a month ago ago and never heard that he even received it. Have not seen him anywhere since last spring. | 23:29 |
golinux | I have never made any edits to his pages. Do not feel comfortable mucking around in his stuff. | 23:29 |
gnarface | xkr47: someone else was complaining about that too... can you just change the contents of /usr/lib/apt-cacher-ng/deb_mirrors.gz ? | 23:34 |
xkr47 | sure | 23:34 |
xkr47 | it's a devuan system.. you can do things :) | 23:35 |
gnarface | xkr47: lemme know if it works | 23:35 |
xkr47 | heh btrfs snapshots ftw | 23:37 |
xkr47 | I wanted to compress 5G worth of files in a directory with bzip2 | 23:37 |
xkr47 | now I have 7G worth of files | 23:38 |
KatolaZ | golinux: OK | 23:39 |
KatolaZ | I remember we actually saw him back in june, at a dev meeting | 23:39 |
xkr47 | gnarface, should I create a merge request on https://git.devuan.org/devuan-packages/apt-cacher-ng if I get it to work? | 23:43 |
gnarface | xkr47: i'm the wrong person to ask about that, but i think yes, maybe. make sure the one in ascii isn't already fixed before you do though. | 23:44 |
xkr47 | welp that oughta be in that repo if that's the case, no? | 23:44 |
gnarface | i'm the wrong person to ask about that too, but now that you mention it, probably you're right :) | 23:44 |
* xkr47 bows gracefully | 23:45 | |
gnarface | i really thought that thing just used the system's existing sources.list | 23:46 |
gnarface | i guess i was wrong about that | 23:46 |
gnarface | there are other apt caching proxies in there | 23:46 |
gnarface | but it shouldn't be difficult to fix this one either | 23:46 |
xkr47 | I don't know | 23:49 |
xkr47 | let me see :) | 23:50 |
xkr47 | I just looked at the configuration | 23:50 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!