freenode/#devuan/ Saturday, 2019-10-19

systemdlete3bluetooth applet finds my earbuds but can't connect.04:51
testcatcould vim please alias :Wq to :wq07:04
testcatso sick of that07:04
EHeMA kind of significant security hole should be a higher priority than it seems to be...07:56
CheesyPastriesI just installed Devuan but I'm having an issue checking for updates "sudo apt-get update" gives back an error about an invalid signature and says that the repo isn't signed.08:58
CheesyPastriesIs this an issue on my end or is there a problem with the repo atm?08:58
sixwheeledbeasti doubt it would be the repos08:59
CheesyPastriesI feel the same on that but I wanted to double check if others were having the issue or how I might resolve it on my end09:01
golinuxCheesyPastries: Did you download the latest key?09:04
CheesyPastriesNope, how would I do that?09:05
CheesyPastriesSearching around it looks like I might be able to just force the install of "devuan-keyring" but that seems like a chicken and the egg problem since it'd be the only thing verifying itself09:13
sixwheeledbeastWell yes a typical public key crypto situation. It unlikely to be an issue but I suppose they maybe hosted somewhere you can download via https?09:23
sixwheeledbeastIt should already be installed so just upgrade that one package first09:24
onefangHow did you install Devuan, and which version?09:33
debdogif anything else fails, get it at http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/ and dpkg -i it09:33
CheesyPastriesonefang I installed Devuan in a FreeBSD jail via it's compatibility layer following this guide -> https://forums.freebsd.org/threads/setting-up-a-debian-linux-jail-on-freebsd.68434/09:42
onefangHmmm, I wonder what your /etc/apt/sources.list looks like?09:43
CheesyPastriesOnly one entry: "deb http://deb.devuan.org/merged stable main"09:44
CheesyPastriesAlso Chrome refuses to allow me to go to the dev.devuan.org site09:44
onefangAh, that web page is specific to Devuan, so that's good.  Try what sixwheeledbeast suffested.09:45
CheesyPastriesAttempting to force the install of the keyring package leads to perl complaining about locale, dpkg complaining (about things the guide mentions) and the install failing09:46
onefang apt-get install devuan-keyring --allow-unauthenticated09:47
CheesyPastriesFails with the same perl error09:49
onefang"export LANG=C.UTF-8" might help with the locale thing.09:49
golinuxCheesyPastries: If you are using "stable+ (our ASCII) in your sources list it is pulling from Debian Buster (stable)09:49
golinux- +09:49
golinuxSo you have nixed two different stable releases.09:49
golinuxmixed09:50
onefangI was gonna get to that golinux.  B-)09:50
golinuxYou need to always use the release name in Devuan sources because we are not always in sync with the Debian cycle09:50
CheesyPastriesShould I change that now or wait until we figure out how to get the devuan keyring installed?09:52
onefangThe guide CheesyPastries is following uses debootstrap, inside a FreeBSD jail, and was written December 2018, back when stable was the same.  But yeah, change "stable" to "ascii" in your sources.list.09:52
CheesyPastriesI've made the change to my list09:53
CheesyPastriesThe perl error is gone after exporting LANG variable. The only 2 errors remaining that could explain why it won't install is rmdir complaining about failing at removing /var/run09:55
CheesyPastriesand dpkg complaining about base-files which I'd probably expect to happen based on the guide09:55
onefangIf /var/lun didn't actually exist, rmdir will complain about not being able to remove it.09:57
CheesyPastriesThe problem is that it's not empty09:58
onefangAh, might be left overs from a previously aborted run.09:58
CheesyPastriescrond.pid crond.reboot motd.dynamic rsyslogd.pid09:59
CheesyPastriesI could rm -f them and see if that fixes something (or breaks something).10:00
onefangI was about to suggest that.10:00
onefangLikely the previous run that errored out due to lack of the key didn't get around to rming /var/run, so you had left overs on the second run.10:01
CheesyPastriesThe keyring finally installed10:02
golinuxYea!10:02
onefangYay!10:02
CheesyPastriesHowever it's strangelly still complaining that the repo isn't signed10:03
* golinux is kind of in and out of this channel working on the point release documentation10:03
CheesyPastriesMaybe the actual adoption of the keyring didn't go through and I can force apt-get to add it?10:04
onefangMaybe it just got itself in a right royal mess, and you might have to clean it all out and start from scratch?  Or try that.10:04
CheesyPastriesStarting from scratch might be the answer. It's only a jail afterall. I'll try forcing the key but otherwise I'm going to bed. It's too late to be fighting ghosts especially ones in this weird of a machine10:05
onefangFair enough.10:05
CheesyPastriesDidn't work10:07
CheesyPastriesI'll try again after a night's sleep and maybe then I won't have to retype every message multiple times to fix dumb typos10:07
onefangAnd hopefully you'll remember the fixes you already discovered.  B-)10:08
CheesyPastriesI shall ctrl+c, ctrl+v to be sure10:08
onefangG'night, have cheesy dreams.10:09
CheesyPastriesI will do my darnedest to have Gouda dreams for you10:10
gnarfaceCheesyPastries: you re-ran "apt-get update" after forcing the keyring package install?10:10
CheesyPastriesyes10:10
gnarfacehmm, yea i dunno then. you might have hosed it using the "stable" alias though10:10
onefangCheesyPastries left, went to bed.10:11
onefangAnd I'm off to start cooking dinner.10:12
filipdevuan_anybody knows if Leah from minifree is alive and dealing with minifree orders??11:55
filipdevuan_oh sorry wrong chat11:55
jackmangood morning15:35
jackmanwelcome, fluffywolf15:39
jackmanwelcome, furrywolf15:40
furrywolfheyas15:40
jackmanhow's it going?15:40
furrywolfmeh.  meh is always the answer.15:41
jackmanlol15:41
jackmani've been up since 0500 MT. i couldn't sleep.15:41
jackmani've been watching burger videos on youtube. i'm thawing some meat for a burger marathon.15:42
jackmani can't eat raw onions, anymore, but i just saw an amazing thing. i need to try a pickled onion relish.15:45
furrywolfI like onions.15:45
jackmanthat's the killer, man.15:45
jackmanonions are wonderful15:45
furrywolfbrb15:53
golinuxjackman: Please chat on #debianfork17:35
golinuxThis is a support channel17:35
CheesyPastriesI'm back after getting some sleep17:48
KjetilCan I use the boot.img file from debian to launch a devuan netinst from a USB drive?18:23
Kjetilnvm18:32
EHeMThere appears to be a kind of urgent security issue right now that really kind of needs to be fixed...18:46
onefangEHeM: You have said that a couple of times, giving some details might help.20:06
KjetilI am guessing he is refering to this one:20:08
Kjetilhttps://linux.slashdot.org/story/19/10/19/0057209/unpatched-linux-bug-may-open-devices-to-serious-attacks-over-wi-fi20:08
EHeMonefang: You can always look at the IRC logs, but apache2 got a security update announced either 15th or 16th, and Devuan-amd64 is missing the update (other architectures have it).20:09
EHeMSeems it is a minor security item (the original patch for CVE-2019-10092 was incorrect and broke balancer-manager), but the trend of security updates getting delayed for Devuan is rather scary.20:22
golinuxEHeM: Feel free to dive in and find what is not functioning properly in amprolla321:10
CheesyPastriesonefang I'm back from my nap and things are still weird with my Devuan jail. I reinstalled it making some small changes to see if they'd fix the problem but despite the keyring being installed it's still complaining about the packages not being signed21:41
CheesyPastriesAlso I should mention that there is a problem with the HTTPS version of the package site. I think the certificate was issued to packagesite.devuan.org or something similar and not deb.devuan.org. It's makes my browsers a bit angry21:42
golinuxCheesyPastries: Not all mirrors use https,  https://pkgmaster.devuan.org/mirror_list.txt22:02
golinuxI've never had a problem22:03
CheesyPastriesMy browser doesn't complain about the pkgmaster site but it definitely does for the deb site.22:10
CheesyPastriesOnly if I try to connect with https though22:11
CheesyPastriesChrome completely blocks it and Firefox will allow me through if I press22:11
EHeMgolinux: You want everyone to start saying "Devuan's doesn't care about security at all"?22:26
gnarfaceEHeM: they're 3rd party repos, and some of them have broken https because of hard limitations of https and the fact they're mirrors for multiple domains (many were already mirrors for other distros like debian)22:30
gnarfacethere's nothing that devuan can do about that22:30
specinghard limitations? Like, what?22:31
gnarfaceyou've never administered a webserver?22:32
specingI have, that is why I wonder what the hard limitation might be22:32
gnarfacethe 1-ip limitation of https22:32
gnarface1 ip per domain22:32
gnarfaceunless you ditch support for all the browsers before ie7 or something like that22:33
specingUh, what?22:33
gnarfaceyea it's a real thing22:33
gnarfaceit's not an issue for the mirrors that are only hosting devuan22:33
gnarfacewell i don't evne know that for sure22:34
gnarfacesome of them may just be lazy22:34
specinghttps://en.wikipedia.org/wiki/Server_Name_Indication22:34
gnarfacebut for the ones that host multiple repos, they have an excuse22:34
specingInternet Explorer  Web browser  Yes  Since version 7 on Vista (not supported on XP)  200622:34
specingsupported for 13 years it seems22:34
specingMaybe it is time to ditch support for all browsers before ie7?22:34
gnarfacenot devuan's call, and it's not quite that simple either.  there are security implications22:35
gnarfaceit's not something you'd want to do unless you have a controlled environment22:35
EHeMgnarface: I suspect either you or your client is mixing people up.22:35
gnarfacei see EHeM and specing both making an argument that devuan doesn't care about security because 3rd party repos won't do what you want22:36
gnarfacebut neither of you seem to know they're 3rd party repos, or that there are hard limitations of https22:37
Jjp137um it isn't a third-party repo; apache2 is behind on amd64 on pkgmaster22:37
specings/security/privacy/22:37
gnarfacepkgmaster isn't one of the ones having the problem though22:37
specingsecurity is provided by signing/checksums22:37
gnarfaceor did i miss something new about pkgmaster https going down?22:37
EHeMgnarface: Non-HTTPS mirrors are Bad IMO, but that isn't an urgent issue for which someone might say "Devuan doesn't care about security".22:38
specingIsn't it obvious that mirrors are 3rdparty?22:38
specingNot sure why you accuse us of not knowing this22:39
Jjp137gnarface, see here (until roughly 21:42): http://maemo.cloud-7.de/irclogs/freenode/_devuan/_devuan.2019-10-16.log.html#t2019-10-16T21:04:5522:39
gnarfacewhy22:40
gnarfacewhat do i need to read from that Jjp137?22:40
gnarfaceyou all still have not convinced me i've misunderstood your argument22:40
gnarfaceit seems more like you're moving the goal posts22:40
Jjp137b/c you said that pkgmaster isn't one of the ones having the problem22:41
Jjp137actually wait what are we talking about again?22:41
gnarfaceit's not having the problem22:41
gnarfacei can hit pkgmaster with https://pkgmaster.devuan.org/22:41
Jjp137no I mean the package version22:41
Jjp137unless we weren't talking about hat22:41
Jjp137that*22:41
gnarfacethat won't work for all the mirrors in the deb.devuan.org round-robin, that's what i was talking about22:41
gnarfacejust that some of the deb.devuan.org round-robin mirrors don't have https set up at all, or don't have it set up for deb.devuan.org at least22:42
gnarfaceworse, some of them may still have it set up for deb.devuan.org, but with a https key that isn't valid for that domain22:42
gnarfaceJjp137: if you were also complaining about something in the repo being the wrong version, i missed that entirely.22:44
Jjp137okay now I see; gnarface, did you intend to reply to CheesyPastries instead about 34 minutes ago?22:44
Jjp137and uh I think EHeM brought that up22:44
gnarfacewell it was more EHeM i was responding to, but yea it seems they were both complaining about the https domain issue22:44
CheesyPastriesI wasn't complaining so much as making sure you guys were aware22:45
gnarfaceit is a well known issue22:45
CheesyPastriesI have HTTPS everywhere and it caused me to get completely blocked from the site because it wouldn't disable and let me go to the non-HTTPS version22:45
gnarfaceCheesyPastries: if you really need or want https you're currently advised to pick a mirror that has it set up right22:45
Jjp137okay yeah so if you want HTTPS, pick a mirror that supports HTTPS and use that in your sources.list22:45
gnarfaceCheesyPastries: some of the mirrors in deb.devuan.org don't have https set up right but there's basically nothing that can be done about it without shelling out cash for new ssl keys, new ip addresses, and whatever their admin staff's costs/salary are.22:46
gnarfaceCheesyPastries: volunteers, you know?22:47
CheesyPastriesHTTPS wasn't really my issue. My issue is that apt-get keeps saying that there are invalid signatures and that the repo isn't signed even after managing to get devuan-keyring installed22:47
gnarfaceCheesyPastries: this is still that install that's half ascii and half beowulf?  i'd check version mismatches on your gpg stack22:47
gnarfacemy guess is it will probably work again if you can get the relevant packages to be all beowulf or all ascii22:47
CheesyPastriesI reinstalled it following that guide but changed it to the build to ascii from the start to see if I could avoid getting the wrong packages.22:48
gnarfaceand you had the same exact issue still???22:48
CheesyPastriesSeems so22:49
gnarfacewell that's weird22:49
CheesyPastriesIs there a way to check if all the packages are from the right version?22:49
gnarfaceapt-cache policy maybe22:49
CheesyPastriesI don't know how debootstrap works internally, it could still be messing up somewhere when it chooses packages22:49
gnarfacedebootstrap would have used whatever you fed it on the command-line...22:50
gnarfacei don't know what it's default sources.list would have looked like though22:50
CheesyPastriesI altered the debootstrap command to use ascii instead of stable and made a copy of the script for stable that it uses but replaced the keyring with devuan-keyring (not that it matters because apparently it complains regardless).22:51
CheesyPastriesWhen I checked sources.list it was using deb.devuan.org/merged stable main22:51
CheesyPastriesCorrection22:51
CheesyPastriesIt was using "deb.devuan.org/merged ascii main" like expected22:52
CheesyPastriesI changed it to pkgmaster.devuan.org to test if it was somehow related to the https issue (it wasn't)22:52
CheesyPastriesSo the reinstall should've used the correct packages22:52
gnarfaceso lemme get this clear22:53
gnarfaceyou reinstalled the host system, or just the chroot?22:53
CheesyPastriesBTW, apt-cache policy -> "100 /var/lib/dpkg/status release a=now 500 https://pkgmaster.devuan.org/merged ascii/main amd64 Packages release v=2.0,o=Devuan,a=stable,n=ascii,l=Devuan,c=main,b=amd64 origin pkgmaster.devuan.org"22:54
CheesyPastriesI reinstalled the chroot/jail22:54
CheesyPastriescompletely deleted the previous one, recreated, used modified debootstrap command22:54
gnarfaceso the error you're complaining about came from inside the chroot or outside it, or both?22:54
CheesyPastriesInside the chroot22:54
gnarfacebut not while actually running the debootstrap?  just after chrooting into it to use apt?22:55
CheesyPastrieshttps://forums.freebsd.org/threads/setting-up-a-debian-linux-jail-on-freebsd.68434/22:56
gnarfacethat's not an answer to my question22:56
CheesyPastriesI'm typing :P22:56
gnarfaceplease don't make me open a browser to get a simple yes/no answer to that question22:56
CheesyPastriesFollowing this guide, I ran debootstrap for the initial structure and packages, dpkg to configure the packages, then moved into the chroot/jail and am using apt from within22:58
gnarfaceso the host system is actually freebsd?  that's new info...22:59
CheesyPastriesEdit: I ran dpkg from within the chroot/jail as well22:59
Jjp137it might be worth nothing that debootstrap was forked by Devuan and I don't know what changes the FreeBSD port of debootstrap does (if any)22:59
Jjp137noting*22:59
CheesyPastriesgnarface Sorry I thought I mentioned it earlier22:59
CheesyPastriesI talked with others last night about it as well23:00
gnarfaceCheesyPastries: was this about you trying to backport mysql-workbench from ceres, or was that someone else?23:14
CheesyPastriesSomeone else. I'm trying to get Devuan running within a FreeBSD jail so that I can use it as the basis for some other linux applications23:15
CheesyPastriesFreeBSD doesn't have every package that I'd like to use23:15
gnarfacealright, i did get YOU confused with someone else then, but unfortuantely that doesn't add any insight here23:16
CheesyPastriesUnfortunate23:18
gnarfaceCheesyPastries: you used the freebsd debootstrap, but it worked?23:24
gnarfaceor seemed to work, anyway?23:24
gnarfaceCheesyPastries: do i understand this right that you had to run "debootstrap --foreign --arch=amd64 stable /opt/jails/devuan http://deb.devuan.org/merged/" with "stable" in there not "ascii" ?23:27
gnarfaceor were you able to run this debootstrap command as "debootstrap --foreign --arch=amd64 ascii opt/jails/devuan http://deb.devuan.org/merged/" ?23:27
CheesyPastriesI ran previously ran it with stable, but this time I ran it with ascii. It required me creating a duplicate script of stable but it did change the sources.list file at the very least23:33
gnarfacehmm23:33
gnarfacewell it is the repo that interperets that "stable" or "ascii" flag, so i wonder if you still got fed a copy of beowulf and that's somehow the problem here23:34
gnarfacei think that howto you're following is from before debian stepped their "stable" up to a release ahead of devuan's, isn't it?23:34
CheesyPastriesDec, 2018. So 11 months ago23:35
gnarfaceso yea, for sure23:38
gnarfacebuster was released by debian this year, about 4 months ago or so23:40
gnarfacesince then, their repos return buster packages for stable instead of stretch packages23:41
gnarfacestretch corresponds to ascii23:42
gnarfacebuster corresponds to beowulf23:42
golinuxgnarface: onfang and I explained this to CheesyPastries about 12 hours ago.23:47
golinuxonefang23:47
golinuxIf he still has stable anywhere near debian repos it's on him23:48
CheesyPastriesthere have been some slight changes since then. I reinstalled but this time attempted to get ascii only files by running the debootstrap with a different parameter23:48
CheesyPastriesThe sources.list came out correct from the command but I'm still having issues23:48
gnarfaceCheesyPastries: can you elaborate on "it required me creating a duplicate script of stable?"23:49
gnarfaceCheesyPastries: afaik "stable" is a symlink in the repo23:49
CheesyPastriesdebootstrap appears to use a variety of scripts as part of it's process. It complained when I initially ran it because there was no script for ascii available. I navigated to the directory to find a variety of scripts I read through them and didn't see anything that to me suggested which repo it would use but just how it would unpack things. I23:52
CheesyPastriesended up making a copy of the stable script and editing the keyring parameter to devuan-keyring instead of typical. this didn't seem to matter because the guides shows that it will fail to verify the repo anyways23:52
gnarfacehmm23:56
gnarfacei wonder if you would have better luck swapping out the freebsd debootstrap with the devuan-patched one23:56
gnarfaceCheesyPastries: ^23:56
gnarfacehas that been tried yet?23:57
gnarfacei recall that the debian one didn't even work without patches23:57
golinuxThat's way above my paygrade23:57
gnarfacethough i don't think they were difficult patches, it's not something i could do either, without some research23:57
rrqCheesyPastries: which debootstrap are you experimenting with? Both the ascii/main version and beowulf/main version knows about "ascii"23:59
gnarfacerrq: (he's on freebsd)23:59

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!