freenode/#devuan/ Wednesday, 2019-02-06

va7lnxnemo: try manually setting it up using 'ip addr' and 'ip link'.00:35
specingHello, what is the state of SELinux/apparmor in Devuan?02:37
nemova7lnx: wasn't me03:00
va7lnxnemo: ah sorry. that what bjorn (who is no longer here)03:17
fsmithredspecing, same as in debian03:53
va7lnxwell, I have a replacement mobo for this computer, but I have to completely C++ assignment before I can do the replacement.04:00
va7lnxI probably won't get to the replacement until thursday or friday now.04:01
ajhlinuxuser1I did a migration upgrade to Devuan Jessie from Debian Wheezy.  I have XFCE but gdm seems unhealthy.  gdmgreeter goes <defunct> immediately after logging in and all I get is the desktop backgound.06:38
Bjornndevuan ascii all set up on my 32g USB. yay06:40
Bjornna bit slow06:40
Bjornnfreedom is nice.06:40
va7lnxBjornn: get your ip problems figured out?06:40
BjornnI tried some but decided to just install fresh06:41
BjornnI was quite at a loss without internet06:42
ajhlinuxuser1Should I try installing LightDM (what I am used to in Xubuntu) or is there something I need to fix regardless of DM?06:42
ajhlinuxuser1The instructions say to "Choose slim" if prompted during the upgrade06:42
Bjornnit does boot off of the bios now, which v1 did not, for me at least, on this machine.06:42
ajhlinuxuser1But I was not prompted.06:42
va7lnxwell, I'm going to try to get to sleep early tonight.06:43
Bjornnsleep is not over rated. :)06:43
BjornnI'm off to sleep as well.06:47
golinuxajhlinuxuser1: There has not been much if any discussion of gdm in this camp.  There was this post several years ago on the ML:
golinuxgnome is a sickness much like systemd.  They go hand in hand.07:07
golinuxMost here avoid gnome things.07:07
golinuxSlim is the default DM in Xfce.07:08
golinuxlightdm may work in jessie.  In ascii dms are recommended for certain desktops because the backends have different requirements.07:09
ajhlinuxuser1golinux: Thank you, slim did the trick as soon as I installed it :D07:27
ajhlinuxuser1golinux: if you happen to have a link to the DM recommendations for different DEs, I would like to bookmark it.07:28
ajhlinuxuser1Otherwise I'll hunt it down before starting to use Ascii more.07:28
ajhlinuxuser1(I only use it as text mode so far)07:28
golinuxRead the ascii Release Notes07:32
golinuxThe section on session management is in the bottom half.07:34
golinuxHappy to hear that slim fixed it.07:35
ajhlinuxuser1golinux: I have saved the link, thanks a bunch.07:53
specingfsmithred: is  there work going on to modify debian's policy files to exclude systemd and include whatever devuan is using?10:28
KatolaZspecing: ?10:32
specingKatolaZ: it seems that if you want a secure distro, you are stuck with systemd10:33
KatolaZspecing: I don't understand what you are talking about10:37
specingKatolaZ: fedora/centos seem to be the only two distros with enforcing SELinux, ubuntu is the only with apparmor10:41
specingall of those are using systemd10:41
specingdebian has SELinux/apparmor setup pages, but it is not default and it too is using systemd10:41
specingdevuan has no SELinux/apparmor setup pages10:41
KatolaZspecing: how is apparmor related to systemd or sysvinit?10:42
KatolaZthis is what I don't understand10:42
KatolaZapparmor profiles are not managed by systemd10:43
KatolaZor by any init system10:43
KatolaZand, apparmor is enabled by default in Debian Buster and in Devuan Beowulf10:44
KatolaZand BTW, apparmor is just one layer of security10:45
KatolaZit's not like all the unix systems in the last 50 years have been insecure because we did not have apparmor before...10:45
specingKatolaZ: the profiles must be different, to account for different init systemd10:53
specingKatolaZ: yes they have been and still are. There is no more grsecurity :(10:53
specingand even with grsec they are still insecure, just less so10:54
KatolaZthen choose a secure system specing :)10:55
r3bootWell .. to be fair .. the 90s were a shitshow for UNIX exactly b/c it didnt have an rbac framework like selinux/apparmor :P10:56
r3bootbut it's difficult(tm) to properly setup tho10:56
KatolaZr3boot: there is no automatic shit that can save your ass, when it comes to security10:56
r3bootTrue.dat, it's never a foolproof method10:57
KatolaZbelieving in pre-built recipes is just a false sense of "security"10:57
KatolaZthere have been "secure" federal systems pwned by script kiddies10:57
specingKatolaZ: I am now installing Fedora on all new systems, but still wondering what the state of attitude to security is in the systemd-less world10:57
r3bootDepends on who created the profiles imho. If you take RH's SELinux profiles for instance, those are audited by enterprises and conform to multiple international security standards. I have a fairly high confidence those profiles are okay10:57
KatolaZspecing: I totally miss the point, sorry10:58
specingr3boot: don't forget that grsec was also a rbac framework10:58
KatolaZbecause the init system you have has *nothing* to do with the profiles you use10:58
r3bootspecing: I know. TrustedBSD was as well, just like there were layers for Solaris which brought you the same thing. HP/UX also has such a framework10:58
specingr3boot: that is why I am looking for a distro where this is enabled by default, i.e. not a "side concern" for a few people10:58
KatolaZso I keep missing the point about the "systemd-less world"10:59
r3bootspecing: in all honesty, stick with centos then, because of their 'proven' selinux profiles10:59
r3boot(or rh, if you can afford that)10:59
specingKatolaZ: see "specing | KatolaZ: it seems that if you want a secure distro, you are stuck with systemd"10:59
KatolaZspecing: why?10:59
KatolaZplease explain10:59
specingr3boot: you are the second person to suggest centos instead of fedora, hmm10:59
KatolaZI told you that Devuan Beowulf has apparmor enabled by default10:59
r3bootspecing: the init system has *nothing* to do with security profile, just saying10:59
specingKatolaZ: because systemd-less distros don't have rbac enabled and configured by default?11:00
KatolaZand you keep pulling in systemd vs non-systemd11:00
KatolaZI am off11:00
r3bootKatolaZ: sigh :)11:00
r3bootspecing: look, I'm willing to talk RBAC, if you're willing to drop the systemd debate, you are being unproductive b/c that11:01
specingr3boot: I won't drop the systemd debate because (1) there isn't any (2) devuan's existance is owed to the existance of systemd11:01
KatolaZspecing: rbac management is done by libpam-systemd in the systemd world11:02
KatolaZand is offered by libpam-elogind in devuan11:02
KatolaZspecing: if the fact that devuan exists is a problem to you, just try to ignore it11:04
KatolaZit won't hurt :)11:04
ham5urgIs somewhere an explanation about the runlevels in devuan? Runlevels 2,3,4,5 are looking the same at my server install (when invoking ls /etc/rc*)12:29
gnarfacethey are the same as debian12:33
gnarfacethey're not like redhat where there's a significance to them other than #2 being the default12:33
gnarfacethey're there for whatever you want to set them up to do12:33
ham5urgok, thanks12:34
rrqham5urg: try "man inittab" for some additional words on it12:44
ham5urgIs systemd a conspiracy to break Linux? Have been the Reds just got rewarded by eye bee m..?12:53
msiismcopying files from another machine to my devuan system on usb key, i noticed that on the other system, i wouldn't be able to run `lsblk --fs' as a non-privileged user. i had someone who knows more about this stuff help investigate a litte, which left that person guessing. so, the question is: how does devuan achieve to present info about the type of the filesystem even for unmounted devices to non-privileged users whn running lsblk? is t13:52
msiismhat made possible by eudev?13:52
KatolaZmsiism: you don't need any special permission, IIRC13:55
KatolaZthat information is available in /etc/mtab13:56
KatolaZand via /sys/dev/block13:56
KatolaZ/sys/dev/block is world-readable13:57
KatolaZ(in devuan and in debian)13:57
ham5urgHas anyone used Devuan inside virt-manager and enabled the serial console? I can the the serial logn prompt but can't enter any letter.13:59
ham5urgI can see'13:59
ham5urgI can see*13:59
msiismKatolaZ: ok, thank you.14:03
specingWhat is that service where you could wget a textual weather report?16:21
debdogmetar? (only for airports though)16:22
debdogthey'r using curl16:30
James1138A suggestion... if you use XFCE desktop... XFCE has a really good weather indicator. I use it all the time...
nemoI rather like ansiweather16:34
nemo[44m[36;1m Current weather in New York →[33;1m 5 °C [33;1m☀ ❙[36;1m UVI →[33;1m 2.85 ❙[36;1m Wind →[33;1m 4.1 m/s NE ❙[36;1m Humidity →[33;1m 59 % ❙[36;1m Pressure →[33;1m 1024 hPa [0m16:35
nemo /exec -out ~/git/ansiweather/ansiweather16:36
James1138GRIN... okay...   Coordinates16:40
James1138Altitude: 698.82 ft16:40
James1138Latitude: 40.5458°16:40
James1138Longitude: -86.5234°16:40
James1138Weather data:16:40
James1138Last:2019-02-06 09:52:1016:40
James1138Next:2019-02-06 10:52:1016:40
James1138Current failed attempts: 016:40
James1138Astronomical data:16:40
James1138Last:2019-02-05 18:58:5516:40
James1138Next:2019-02-06 18:58:5516:40
James1138Current failed attempts: 016:40
James1138Times Used for Calculations16:40
James1138Temperatures, wind, atmosphere and cloud data calculated16:40
James1138for:2019-02-06 10:35:0016:40
unixmanUh, WTF?16:40
James1138Precipitation and the weather symbol have been calculated16:40
James1138using the following time interval:16:40
James1138Start:2019-02-06 10:00:0016:41
James1138End:2019-02-06 11:00:0016:41
James1138Astronomical Data16:41
James1138Sunrise:2019-02-06 07:50:3616:41
James1138Sunset:2019-02-06 18:10:0116:41
James1138Moon phase:Waxing crescent16:41
James1138Moonrise:2019-02-06 08:59:5816:41
James1138Moonset:2019-02-06 19:57:3016:41
James1138Temperature: 39.6 °F16:41
James1138Dew point: 37.9 °F16:41
James1138Apparent temperature: 35.6 °F16:41
James1138Speed: 5.4 mph (2 on the Beaufort scale)16:41
James1138Direction: NW (293.7°)16:41
James1138Precipitation amount: 0.00 in16:41
James1138Barometric pressure: 14.7 psi16:41
James1138Relative humidity: 93.6 %16:41
James1138Fog: 0.0 %16:41
James1138Low clouds: 64.3 %16:41
* MinceR scratches head16:42
unixmanLooks like James1138 ran an /exec for some weather thingy with output to the channel. Maybe didn't know that would happen? :)16:43
MinceRmaybe use pastebin for this sort of stuff?16:43
nemothat's weird16:52
nemooh. he can't possibly have used ansiweather. it's one line by default16:52
nemowas worried I'd trapped poor james into spam somehow16:53
nemothat'll teach him to run stuff locally first16:53
James1138Sorry all.16:56
nemoJames1138:  if this sort of thing entertains you.  maybe test in a /msg James1138  first.  or you can /msg nemo if you feel like it ☺16:57
nemofor i in {0..63};{((i%16!=11&&i%16<14))&&C+=($((i+127137)));};n=52;for i in {1..5};{((x=RANDOM%n--,y=C[x],C[x]=C[n]));printf "\U`printf %x $y` ";}16:57
nemo↑  that one was result of some code golf16:57
nemoshortest bash script possible to generate a random 5 card poker hand16:57
unixmanJames1138, everyone here has done something just as "bad" at some point. Even those who will deny doing so vehemently. Don't sweat it. ;)17:02
furrywolfmore I've accidentally selected the entire terminal in the process of trying to paste something, and thus pasted the entire channel log back into a channel...17:03
unixmanYeah, same here. :D17:03
furrywolfmore than once17:03
unixmanFTR, stuff like that on IRC isn't really "bad". Now, the time I accidentally deleted /etc on my own SCO Unixware server, that *really* sucked.17:05
DonkeyHoteibad for others vs. bad for yourself17:06
nemounixman: that's 'sactly why our more responsible admin, 20y ago, before everything was virtual and snapshotted, hardlinked critical everything in critical like /etc and /www to  /shadow/etc  /shadow/www with a cronjob17:10
nemothat sentence suffers from poor editing when I rephrased, but whatev ☺17:10
nemopoint was, rm -rf was no longer permanent, we had a window of a couple of weeks17:11
unixmannemo, well, I had backups (full and incremental). Thing is, after that FUBAR I decided to try using FreeBSD on that hardware instead of trying to restore the backups of /etc. The data was safe on backups and the system was basically just a NFS file server with some custom SCO stuff on it. Anyway, this isn't really Devuan related, so if you want to keep talking about it, let's do that in #debianfork. ;)17:16
_abc_How does one list the full package version for installed packages, like libreoffice?19:58
_abc_ relevant19:59
_abc_expected outcome: print like libreoffice     1:5.2.7-1+deb9u4 -- I get only libreoffice     1:5.2.7-1+deb9u <-missing sub-release version?19:59
_abc_The About window in libreoffice prints the whole version with the u4 at the end19:59
_abc_ this is the cve20:00
fsmithred_abc_, 'dpkg -l libreoffice' or 'dpkg -l | grep libreoffice'20:09
fsmithredsecond way won't cut off the version20:10
fsmithredI see 1:5.2.7-1+deb9u5 in ascii-security20:11
fsmithredapt-cache policy libreoffice ^^^20:12
_abc_I used dlocate -l it cuts off the release. So does aptitude.20:24
_abc_fsmithred: I'll try to upgrade20:24
_abc_Does that fix the CVE fsmithred ?20:26
_abc_And thanks for the answer.20:26
fsmithredI don't know about the CVE20:26
Jjp137it should:
DonkeyHoteii use: dpkg -l libreoffice|cat20:28
fsmithredunless they uploaded a new version today, deb9u5 is the latest in ascii-security and debian-security (stretch)20:28
_abc_fsmithred: I upgraded to u4 but if I start libreoffice and look in About it's still at u420:29
_abc_Need to see what daemon is alive here20:29
fsmithredyou have ascii-security in sources.list?20:29
_abc_Can anyone confirm that About in libreoffice upgraded to u5 reports u5? Mine reports u4.20:29
_abc_libreoffice-report-builder stayed at u420:30
_abc_libreoffice-script-provider-bsh stayed at u420:30
fsmithredI don't have it installed, but 'apt-get -s install libreoffice' tells me I will get deb9u520:32
_abc_fsmithred: dpkg -l libreoffice listed many updated packages from libreoffice, but some stayed at u420:32
_abc_I am now updating them manually20:32
fsmithredhow did you upgrade libreoffice to start with?20:32
_abc_apt-get install libreoffice20:33
_abc_That upgraded several components but not all20:33
_abc_Just a sec when it finishes I'll post what else it upgraded20:33
fsmithreddoes 'apt-cache policy libreoffice' show you the u5 version?20:33
_abc_shows u520:33
_abc_Fingers crossed I need libreoffice in a few days. Badly.20:34
_abc_I had to do this manually, after apt-get install libreoffice :: sudo apt-get install libreoffice-report-builder libreoffice-script-provider-bsh libreoffice-script-provider-js libreoffice-script-provider-python libreoffice-style-galaxy libreoffice-style-tango libreoffice-wiki-publisher20:34
fsmithredmaybe 'apt-get -t ascii-security install libreoffice' will upgrade the older ones20:35
fsmithredare you running refracta or pure devuan?20:35
_abc_Ok so the 1st install did download but not finish upgrading since the packages in the 2nd command were needed. Looking at the log it's clear it operated only the second time.20:35
_abc_fsmithred: refracta installed pure debian I think.20:36
_abc_Was 1st a live system with persistence then installed to hdd then upgraded from there.20:36
_abc_staying on ascii all the time20:36
_abc_*refracta installed pure devuan20:36
fsmithredyeah, refracta just uses devuan repos, but Recommends are excluded20:37
_abc_I copied the live system to hdd, after I made the live system run properly.20:37
fsmithredcheck /etc/apt/apt.conf.d/norecommends20:37
_abc_no such file or dir20:38
fsmithredmight be 00norecommends20:38
fsmithredyou can always block the Recommends when you install something20:39
fsmithredapt-get --no-install-recommends install blah OR aptitude -R install blah20:39
fsmithrednot sure how it is with just apt20:39
_abc_ran updatedb and norecommends does not exist20:41
fsmithredthen I don't know what happened20:41
_abc_Seems to pass the initial tests and opens relevant documents after upgrade. Hope all will be well.20:42
_abc_I think they snafud the package so it downloaded but could not install fully because of the extra packages which were not entered as deps20:42
_abc_So once the extras were upgraded the main also succeeded.20:42
fsmithredyeah, but normally, Recommends get installed automatically, and some of those packages are listed as Recommends20:43
_abc_fsmithred: I have a hard time making a system crashproof. I modified an installed system to run with read-only mounted root but that fails, the root stays rw. The live scripts and the initrd + init scripts which deal with system boot time volume mounting are a jungle.20:44
_abc_Is any work under way to make that a little more solid?20:44
_abc_Read-only mounted root has /etc /home /var mounted as separate mounts rw20:44
fsmithredbooting a live system from a hard drive should work20:44
_abc_And then root is mount -o remount,ro but that fails, it stays rw20:45
fsmithredboot a live system and have persistence set up for /etc /home and /var20:45
_abc_fsmithred: sure but I need the "persistence" partition for it, and I need to auto-fix that at boot time when uncleanly taken down20:45
fsmithrednot sure what your persistence.conf would look like, but I'm pretty sure you can do it20:45
_abc_The problem is I need a fsck hook which does more than fsck if fsck fails before those mounts. And the part which does that is buried deep in live scripts.20:46
_abc_Is there a guide to the live scripts somewhere?20:46
fsmithredyeah, there's a debian-live manual20:46
_abc_Also why does remounting root as ro fail?20:46
fsmithredI don't know20:46
_abc_Sigh. Shall I try to take it down to single user before trying remount root ro?20:47
_abc_I did not try that.20:47
fsmithredI get "mount: / is busy"20:48
_abc_I don't even get an error iirc.20:49
_abc_I also did it with -f20:49
_abc_Of course you can't remount ro with the system running on it but after mounting etc var home as rw it should be possible20:49
_abc_fuser should tell you what holds / open20:50
_abc_fuser -v|less20:50
* _abc_ seriously misses bsd style securelevel in linux20:51
_abc_sudo fuser -v / 2>&1|less20:51
_abc_works better20:51
_abc_On old old systems one could handle mounting root ro, fsck from initrd, them remount rw, mount the etc home var tmp etc, then make it ro again, then continue booting20:52
Mr_Poopy_Pantsnobody there?22:59
_abc_change your diapers and come back23:01
Mr_Poopy_Pantsok, cool someone there23:02
_abc_Yeah, cu23:02
Mr_Poopy_PantsI have a question - I am trying to install Devuan to an HP Laptop23:02
Mr_Poopy_PantsI started Jessie 1.0 with UEFI, but the GRUB Bootloader didn't take23:02
Mr_Poopy_Pantsnow I am reinstalling it in Legacy.23:03
Mr_Poopy_PantsIs there a problem with UEFI?23:03
Mr_Poopy_Pantsno lol-ing23:06
Mr_Poopy_PantsInstalling Devuan on an HP laptop - Grub Boot Loader Unable to Configure - Executing 'update-grub' failed - this is a fatal error.  Tried already with BIOS in UEFI, and it's doing the same thing in Legacy mode.  It boots when I put the separate Grub2 bootloader disk in, but it will not install grub at all.  what do I do now?  I really want to try out Devuan...  :(23:17
golinuxIntel Skylake?23:18
golinuxThat series of process wouldn't install  iirc23:19
golinuxWould also be helpful to know which iso you used.23:20
Mr_Poopy_PantsI was able to boot into the distro using the separate grub2 disk.  I went in to the repositories to try and load grub again that way, and it still won't install.23:21
Mr_Poopy_PantsI used the amd jessie 1.023:21
Mr_Poopy_Pants(I don't know enough about Devuan just yet)23:22
Mr_Poopy_PantsHere's the other thing - I DID try the ascii install, but I got errored out in the boot-up because I had to laod some drivers for the wireless - ifwifi-3168-23, 24, and 25.  tried to boot into safe mode, and I get the same errors.23:24
Mr_Poopy_Pantsgrub loaded though............23:24
Mr_Poopy_Pantsmaybe I can find another systemd-free distro........  :'(23:25
krauseriiassuming buster gets released as the stable version by the end of this year, how long, more or less, would take devuan to release Beowulf as stable?23:46
golinuxkrauserii: Our plan is to eventually catch up with Debian's release cycle.  We might be able to do it with beowulf.23:50
krauseriigolinux: got it, thanks for the info23:55

Generated by 2.17.0 by Marius Gedminas - find it at!