freenode/#devuan/ Tuesday, 2019-07-30

sincere_foxHello guise05:06
sincere_foxis there an ISO to try/install beowulf?05:08
sincere_foxis installing ascii and then upgrading the way to go?05:13
sincere_foxOk I found the mini.iso05:17
pekmanhey all09:58
pekmanWhat is the path to shutdown the system using loginctl poweroff without providing a root password?09:58
Kizanopekman: `sudo shutdown -Fh now` ?10:06
pekmanIsn't there a way to shut down the system without providing any password?10:07
KizanoI want to question as to the use case for this - don't you want to be certain it's OK to shut down the system?10:07
retak_pekman, I read about a way to shut down the system without password. with a special user. hmm10:09
VadPerevadvisudo?10:09
Kizanooh ^ yeah, without a password yes...10:09
Kizanobut not without root10:10
Kizano:NOPASSWD10:10
Kizanoor something similar...10:10
pekmansee https://framapic.org/7BWLWSu93DQY/JQsBO5kSYojq.png10:10
pekmani d'ont use sudo10:11
pekmanI use Pekwm I think we may be missing some session package...10:12
retak_pekman, its with /etc/shutdown.allow but I don't find more info about it jet10:13
pekmanretak: shutdown.allow didn't solve the problem. I already tried that. Yes I put my user in the file10:18
r3bootpekman ALL=(ALL) NOPASSWD: /sbin/shutdown10:18
r3bootadd that to sudo, and you can sudo shutdown whatever you want10:18
retak_ok10:18
onefangJust pull the power cord.  B-)10:21
pekmanr3boot: I don't use sudo. And I don't intend to.10:21
surrounderwhat's wrong with sudo?10:22
r3bootpekman: chmod +s /sbin/shutdown ; chown root: /sbin/shutdown <-- have fun then :)10:22
retak_pekman, is it a server with BMC/IPMI? you can shutdown with IPMI :)10:22
r3boot(NOTE, DONT DO THAT!!!)10:22
pekmanretak: is a normal desktop10:23
r3bootpekman: in principle, you need to authenticate before you can run sysadmin commands. That's how, fundamentally, UNIX works. You can break that rule, sure, but that's not a normal setup10:23
r3bootNow if you want to have passwordless authentication, that's possible as well10:24
r3boothowever, there are just 3 ways to do it. One is remove the root password and use su; Two, use sudo, and three, use setuid binaries10:24
r3boot#1 and #3 are not recommended practice10:24
r3bootMaybe you can get it done via dbus btw, not 100% sure tho, and it wont be via /sbin/shutdown10:25
onefangCtrl Alt Del, then power off once it's starting to reboot back up again?10:25
r3bootis also a possibility yeah10:26
retak_#4 use su, but write the root pw into a scipt. and hode the script very well ;)10:26
r3bootACPI shutdown as well10:26
retak_*hide10:26
r3bootthat is *nasty* retak_ :)10:26
r3bootit will work tho :P10:26
onefangIf it's a desktop, surely you can logout and hit the shutdown button on the login GUI?10:27
retak_is there any filesystem which can hide files? chmod -hide script. that would be cool10:27
retak_oh wait. NSAFS. nevermind10:28
r3bootno, that's not possible unless you use (eg) a hidden crypto volume.10:28
r3boot(otoh, it kind of depends on what you mean with 'hide a file')10:28
retak_its not visible by 'ls' but executable ^^10:29
pekmanthank you for your attention.10:30
pekmansorry my bad english10:30
retak_pekman, oh sorry :) I don't have more ideas10:30
r3bootpekman: your options are above :)10:31
pekmanI'll look for a solution in the Void Linux or Artix Wiki/Forums. They also use Elogind. I think they should have a solution.10:33
r3bootretak_: hmm, thinking about it for a bit. In principe, UNIX works with a DAC framework, which means that, if the file is on the filesystem and you have read rights on the top level directory, you can read the file. If you want to prevent that, you need a MAC framework (like selinux) to prevent the systemcalls that open the file10:33
retak_ooooooor10:41
retak_I write a patch for ls to filter filenames ^^10:41
retak_like hacking my own system10:42
r3bootretak_: which will be broken the instant an attacker uploads her/his own binaries ;)10:49
r3bootbut have fun nevertheless :)10:49
retak_hehe11:19
fsmithredloginctl poweroff12:30
tlf1138Good day Ladies and Gentlemen, Dammen und Herren.13:26
tlf1138I posted to giuthub that apt-cacher-ng breaks with your new mirror system. This is kind of important to me, because it is where I keep my netboot install files and deb cache.13:27
tlf1138I'd love to help getting that working again. Some details of the new mirror system would be nice... I need to install 40 servers at once, and it would be a bad idea to overload your and my bandwidth. I will also put up a full mirror once I can pull updates from apt-cacher-ng.13:30
r3bootAlternatively, you could also run Squid with aggressive caching options13:30
r3boot(no clue as to what you are running into with apt-cacher-ng + the devuan repo's tho)13:30
tlf1138I saw that post by that guy... I'd rather use apt-cacher-ng because it allows me to thin provision and finely tune all the distros and repos I need to cache. I can run updates from google without hammering on their servers, which is a plus.13:32
tlf1138Disk space is at a premium at the moment. I will hopefully be getting more disks today.13:33
r3bootjust wondering, what do you mean with thin provisioning of apt packages? That you only download what you need?13:33
rrqrecently I had to change /etc/apt-cacher-ng/acng.conf, to have "VfileUseRangeOps: 0"13:34
tlf1138It does pdiffs and some smarts to keep only the most used packages around.13:35
r3bootAha, check13:35
r3bootmakes sense if you're short on diskspace13:35
rrqI think one or the other of the mirrors fails to support range headers13:35
tlf1138It is a pretty old machine... Has two redundant CPUS, Three redundant memory banks, three redundant disks, two redundant gigE... It's 32bit, but you can quite literally put cards in it when it is on and take them out.13:36
tlf1138Oh, and 2 bit CRC memory on top of the memory redundancy. The thing will live longer than me.13:37
r3bootwhat kind of system is it?13:37
tlf1138HP DL360 G2? One of the DL360s.13:38
r3bootOh, cute13:38
r3bootAlphaServer legacy ;)13:38
tlf1138Uhhhhh.... It doesn't have an Alpha ISA. I have an Alpha the OpenBSD guys gave me, but this is P4 Xeons.13:39
r3bootHP DL is based on Compaq Proliant, which is based on Compaq AlphaServer13:41
r3bootWhich alpha do you have then? :D13:41
r3boot<-- alpha fanboi13:41
tlf1138AXPpci33 500MHz NoName. It has the VMS microcode loaded right now, and a dead power supply. When November 11 comes around, I'll get it set up13:43
tlf1138Alpha is fucking amazing. Intel could have owned 64 bit computing with it, but instead Not Invented Here, and Itanic.13:43
tlf1138I will eventually have my "old soldiers" online, and you guys can metal test other architectur on them. I am in the process of turning my 40 node storage cluster into a compile farm. Anyways, must go. ttyl13:45
r3bootAh, nice one. Still running a DS10/466MHz 21264/2GB/2x36GB and a DS25/dual 1GHz 21264/6GB/6x146GB/hw raid here.13:45
r3bootAll running OpenVMS ofc13:46
tlf1138Heh... I have a hobbiest license of VMS 8.4 on my VAX. I have a Digital UNIX 10 connection license .iso if that ever interests you >.>  <.<13:47
tlf1138w4r3z pup :P13:47
tlf1138Anywho back around 3pm PST13:48
r3boothttps://r3blog.nl/pakgen.c ;)13:48
tlf1138Okay, you just got inducted into the Otherhood of W4reZ And Pr0n (Begbie Baillie chapter)13:49
r3bootwait ... this is #devuan, we cant do non-x86/devuan talk here ;+ Anyhoe, hf!13:50
Centurion_Danr3boot: says who...  I'm running non-x86 devuan14:47
Centurion_Danas are many others...14:48
r3bootLemme guess, arm?14:50
Kizanor3boot, fsmithred: Do we know who controls the SSL cert for auto.mirrors.devuan.org ?15:20
r3boot    Verify return code: 10 (certificate has expired)15:23
r3bootghe, handy15:23
r3bootI am not affiliated with devuan btw, but you might try freedom@devuan.org (see https://devuan.org/os/contact)15:24
r3bootThe cert is bound to auto.mirrors.devuan.org CNAME for auto.mirror.devuan.org CNAME for packages.devuan.org hosted by OVH, but cant find any devuan specific contacts in the whois databases15:25
Kizanothanks r3boot16:42
rrqmorning .. I have an hour here ...23:34
rrqoops. wrong audience.23:34
rrqapparently you have LD_PRELOAD set; maybe in a .bashrc or something(?)23:35
* rrq wrong again - not woken up yet :(23:36

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!