tuxd3v | hello all | 01:54 |
---|---|---|
tuxd3v | I have a nfs problem :S | 01:55 |
tuxd3v | I am trying to export 2 diferent folders | 01:55 |
tuxd3v | /mnt/A | 01:55 |
tuxd3v | /mnt/B | 01:55 |
tuxd3v | but in the client I see always only the folder //Mnt/a | 01:56 |
tuxd3v | and not the folder //mnt/B | 01:56 |
gnarface | heh, well //Mnt/a looks like a SAMBA path, not NFS. could be related to your issue. | 01:59 |
tuxd3v | hello gnarface , in the server I have 2 lvs, lvA and lvB, on same VG | 02:00 |
tuxd3v | and I mounted them on /mnt | 02:00 |
tuxd3v | both lvs | 02:00 |
tuxd3v | in the server.. | 02:01 |
tuxd3v | I exported them | 02:01 |
gnarface | hmm, i can't say i've tried lvs with nfs so i don't know if that could be related | 02:01 |
tuxd3v | it his exporting the /mnt/A fine, but when I open the /mnt/B in the client it shows me exactly the same information that exists in /mnt/A | 02:02 |
tuxd3v | :S | 02:02 |
gnarface | interesting | 02:02 |
tuxd3v | :D | 02:02 |
tuxd3v | yeah | 02:02 |
tuxd3v | I am using a 'export -rva' on the server, I even rebooted him | 02:02 |
tuxd3v | but the problem continues | 02:03 |
gnarface | pastebin me your /etc/exports file and i'll sanity check it for you | 02:03 |
gnarface | other than that i've got nothing | 02:03 |
gnarface | (sorry paste.debian.net please, not actually pastebin) | 02:03 |
tuxd3v | maybe its a limitation of NFS that it can only share mounts on the same mount... by other words, mounts that are submounts of a root path | 02:03 |
tuxd3v | I don't remember now :S | 02:04 |
tuxd3v | sure, I will send you my config :) | 02:04 |
tuxd3v | thanks | 02:04 |
tuxd3v | zap... | 02:09 |
tuxd3v | exportfs has the same fsid :S | 02:10 |
tuxd3v | so it exported the same mount :S | 02:10 |
tuxd3v | on the second export I used a fsid=1 | 02:10 |
tuxd3v | and it nows shows me the empty /mnt/B :) | 02:10 |
tuxd3v | puff | 02:11 |
tuxd3v | we are a bunch of freaks lol, a gazilion of options on exports, then a year os 2 later, you go to export something and nothing happen lool | 02:11 |
tuxd3v | I am exporting using a 'fsid=' option | 02:13 |
tuxd3v | they are indeed to diferent lvs, or lets say 2 diferent fylesystems, so they cannot hold the same fsid.. that was the problem.. | 02:14 |
tuxd3v | took maybe 10-15 minutes to figure that out.. I am getting my ass to old..lool :) | 02:14 |
gnarface | wait, so to be clear, you didn't paste me your config through any channels, right? | 02:15 |
gnarface | you figured it out on your own first? | 02:15 |
gnarface | i thought you said you were going to show me your config, then you didn't. i just want to make sure you haven't pasted it to an imposter. | 02:15 |
tuxd3v | When I was to paste, I just looked into the first parameter (fsid=...), and I tough... humm they are the same...?! | 02:16 |
tuxd3v | heheh | 02:16 |
tuxd3v | I post now, the correct one :) | 02:16 |
gnarface | no it's fine i don't care if it is working for you now | 02:16 |
tuxd3v | https://paste.debian.net/1161382/ | 02:19 |
tuxd3v | see the 'fsid' option...now its correct | 02:20 |
tuxd3v | there are 2 diferent filesystems beign exported.. | 02:20 |
tuxd3v | one get a fsid=0 | 02:20 |
tuxd3v | the second a fsid=1 | 02:20 |
tuxd3v | they had the same fsid, and so NFS server exported always the same one :) | 02:20 |
gnarface | hmm. well, glad to hear it wasn't a problem in the kernel | 02:21 |
tuxd3v | its a 3 disk raid 5, plus lvm above | 02:21 |
tuxd3v | initially I tough, well I will create 2 Raid instances | 02:22 |
tuxd3v | but then since its not hardware raid, 2 instances would pull a bit of cpu | 02:23 |
tuxd3v | that's why I gone with only one raid instance | 02:23 |
tuxd3v | and lvm above it with logic volumes above.. | 02:23 |
humpty_dumpty | Hi, where can I find the fingerprints for the PGP keys, which are used to sign the Devuan release SHA256SUMS file? | 07:12 |
humpty_dumpty | I'm currently stuck with the following command "gpg2 --recv-keys [...] --keyserver keys.gnupg.net". | 07:13 |
user____ | re: polkit and .policy files: the time has come to find a solution to make them devuan compatible or "gone" | 08:00 |
user____ | I did this: locate -r '\.policy$' on my beowulf new system and found about 39 of them in total. | 08:01 |
user____ | Not too many to bulk patch/edit using sed for example. | 08:01 |
user____ | The edit goal is to enable all permissions hoping that then the system scripts contaminated with polkit and systemd "rules" will revert to honoring the already set group and user permissions and mount options. I will try this and report. | 08:02 |
user____ | Is there an interest at devuan project level to implement this as a package/patch? Neutering polkit and causing the system to revert to "default" expected *nix operation? | 08:03 |
user____ | another: related: when installing java 11 openjdk, it brings in it's own policy files, these need to be excluded, i.e. the above locate -r also locates extra files which are not polkit related | 08:04 |
user____ | so we're actually only interested in files under /usr/share/polkit-1/ | 08:05 |
user____ | locate -r '/usr/share/polkit-1/.*\.policy$' -- these | 08:06 |
user____ | the second part is to bulk edit the files in place using sed, after backing them up using tar | 08:08 |
user____ | sed command: | 08:08 |
user____ | sed -i -e 's/<allow_any>\([^<]\+\)<\/allow_any>/<allow_any>yes<\/allow_any>/g' | 08:10 |
user____ | and the same for allow_interactive and allow_active | 08:10 |
user____ | trying this now | 08:10 |
user____ | script verified: sed -ie 's/<\(allow_\(any\|active\|inactive\)\)>\([^<]\+\)<\/[^>]\+>/<\1>yes<\/\1>/g' $policy_files | 08:26 |
user____ | warning this edits files in place with no backup, use a tar backup 1st | 08:26 |
user____ | anyone else up / in Europe following this? | 08:26 |
user____ | confirmed all permissions granted with test script | 08:51 |
user____ | pasting it | 08:51 |
user____ | https://termbin.com/90c6 | 08:54 |
user____ | When you nice people wake up, do opinate on this "hack". | 08:55 |
user____ | Seems to work, all usual things are do-able without UAC after running it | 08:55 |
DPA | user____: To me, this is about as good an idea as adding "%users ALL=(ALL:ALL) NOPASSWD:ALL" to the sudoers file. | 09:47 |
DPA | There are probably already enough holes in policykit policies that allow programs to escalate to full root without allowing everything to do basically everything, don't make it worse! | 09:47 |
DPA | I think which things should just work with no confirmation, or at all really, should be considered on a case-by-case basis, for each rule individually. | 09:47 |
DPA | For example, if you did this, I bet you could use org.dpkg.pkexec.update-alternatives.policy to add a symlink in /etc/profile.d/* or /etc/init.d/* or /bin/* pointing to a script in your control, | 10:02 |
DPA | and then trick something that has root into executing it, for example by rebooting the system, or maybe even by just waiting for getty/login to restart, and thus to execute anything as root that way. | 10:02 |
ham5urg | I just installed dnsmasq and got a config file destination like /etc/dbus-1/system.d/dnsmasq.conf and at last it is a XML file https://paste.debian.net/1161434/ | 13:02 |
ham5urg | What has dnsmasq been guilty of to desire such a sentence? | 13:03 |
* ShorTie snickers | 13:10 | |
ShorTie | i don't see devuan building dnsmasq, so it is a debian package | 13:13 |
ham5urg | Yes, I assumed that. Is there any other small dns cache I could use? | 13:14 |
ham5urg | Looks like pdnsd is long gone. | 13:14 |
ShorTie | Sorry, got me on that | 13:14 |
gnarface | it's really not that bad | 13:15 |
gnarface | you might be overreacting | 13:15 |
r3boot | ham5urg: you could have a look at unbound | 13:15 |
r3boot | that does a bit more then dnsmasq (which is perfectly fine as well) | 13:16 |
r3boot | Also, you can just feed dnsmasq it's own configuration; The xml file you posted are DBUS permissions, not dnsmasq configuration | 13:17 |
DPA | I've replaced dnsmasq with bind9 everywhere. | 13:26 |
DPA | But for the final local caching, you could try nscd. | 13:26 |
r3boot | bind is way too much overkill for just a recursor (plus, lots of legacy code, and lots of vulnerabilities in the last couple of years) | 13:30 |
DPA | The bugs that get found tend to get fixed rather quickly, and it usually works really well and reliably. Most of the internets' important DNS stuff uses it, as far as I know. | 13:45 |
r3boot | there have been quite some migrations to nsd in the last couple of years | 13:51 |
r3boot | (from nlnetlabs) | 13:51 |
ham5urg | Thanks guys, I switched to unbound as dnsmasq is to heavy for me. | 15:49 |
Wafficus | Hello there, I'm trying to install Anbox through the Ubuntu PPA | 15:55 |
Wafficus | is this possible, or do I have to install it through another route? | 15:55 |
Wafficus | https://docs.anbox.io/userguide/install_kernel_modules.html | 15:55 |
Death_Syn | I'd recommend dqcache for a dns cache | 15:56 |
Death_Syn | it's a fork of the djb dnscache | 15:56 |
Joril | Wafficus: it's not recommended to use Ubuntu PPAs with Debian/Devuan | 16:08 |
Joril | ehr too late I guess | 16:08 |
fsmithred | Maybe we'll learn the answer to his question when he returns. | 16:11 |
debdog | hrrhrr | 16:12 |
DHE | are there pre-built devuan packages for openstack or other cloud sources? the only ones I found were really old (like 2017) | 16:22 |
fsmithred | DHE, check at pkginfo.devuan.org | 16:24 |
DHE | I shouldn't have used package, I should have used "image". it wouldn't be a package. it would likely be its own private download like install media. | 16:29 |
fsmithred | where did you find old images? | 16:31 |
fsmithred | one of our virtual images? | 16:32 |
DHE | now I'm having trouble finding what I found. maybe I found the package for making images and confused it | 16:34 |
fsmithred | I just found it | 16:35 |
fsmithred | https://repology.org/project/openstack-devuan-images/versions | 16:35 |
fsmithred | one jessie image created by Centurion_Dan | 16:35 |
fsmithred | https://git.devuan.org/devuan/openstack-devuan-images <- This might go with that jessie image. | 16:38 |
fsmithred | go to master branch | 16:38 |
fsmithred | https://git.devuan.org/devuan/openstack-devuan-images/src/branch/master | 16:38 |
DHE | this is for making images. I was hoping there were some pre-builts. but if not then I can take this route | 16:44 |
luser977 | did people react to my polkit neutering script from today? | 18:48 |
luser977 | https://termbin.com/90c6 | 18:49 |
luser977 | ? | 18:52 |
nemo | huh. I'm unfamiliar | 18:53 |
nemo | why? | 18:53 |
nemo | but just noticed it now | 18:53 |
fsmithred | what is the point of that script? | 18:56 |
nemo | fsmithred: https://pkginfo.devuan.org/stage/beowulf/beowulf/tomcat9_9.0.16-5+devuan2.html tomcat9?? \o/ you guys have it now? | 19:17 |
nemo | huh. it's still in https://pkgmaster.devuan.org/bannedpackages.txt | 19:20 |
nemo | weird | 19:20 |
golinux | nemo: https://lists.dyne.org/lurker/search/20380101.000000.00000000@ml:devuan-dev,tomcat9.en.html | 19:35 |
nemo | "thanks to amesser" | 19:37 |
nemo | yay | 19:37 |
nemo | don't see them here. but thanks | 19:37 |
luser977 | the point of that script is to revert behavior of the system to pre polkit annoyance (password requests). | 19:39 |
fling | How do I install icecat? | 19:39 |
fsmithred | luser977, you can then start synaptic and gparted without a password? | 19:44 |
luser977 | after running the script the local and or remote user(s) can mount/umount volumes they are allowed to (unix group based) shutdown/reboot works w/o password reques, power button does initiate shutdown as configured. all standard as xfce4 was before polkit contamination. | 19:45 |
luser977 | yes if permissions are sufficient. | 19:45 |
luser977 | i.e. sudo configured for user/group | 19:46 |
luser977 | polkit is crap adding limits on top of existing limits. it can't enable something which is blocked at user/group permission level. | 19:47 |
luser977 | the unbelievable stupidity of the idea emanates out of the 1st paragraph. let's re-auth the authed user in case he is no longer himself. https://wiki.archlinux.org/index.php/Polkit | 19:55 |
furrywolf | I know nothing about tomcat, but reading https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925473 makes me wonder if the dep on systemd is now a bug. | 19:55 |
luser977 | probably polkit related dep :-) | 19:56 |
furrywolf | that bug was closed with a patch to make tomcat install and work on non-systemd systems... it was uploaded to experimental, which should have been moved to stable given when it was done... | 19:57 |
furrywolf | looks like it might have never made it into the main repository | 20:02 |
furrywolf | also, every single post by anyone supporting systemd makes me want to strangle the author, just because of the way they present their arguments. | 20:03 |
fsmithred | luser977, power buttons in xfce should work without messing with policykit | 20:48 |
fsmithred | not sure about mounting internal drives, but I can mount removables as user. | 20:48 |
xrogaan | wait, the password thing is WAD? | 22:08 |
xrogaan | And yeah, I can't powerdown without password request. | 22:09 |
xrogaan | mounting requires password | 22:09 |
luser977 | fsmithred: after beo install mount and shut/power w/o password worked, after installing many more packages, started asking pwd. i | 23:25 |
luser977 | fsmithred: after beo install mount and shut/power w/o password worked, after installing many more packages, started asking pwd. i | 23:25 |
luser977 | one can compare the policy files i got as backup on disk with the live ones. | 23:26 |
luser977 | some package updates the policy files, unwantedly | 23:30 |
yanmaani | getting 404s when running dist-upgrade | 23:54 |
yanmaani | anyone else? | 23:55 |
markizano | yanmaani: what's the first non-comment line of `/etc/apt/sources.list` say ? | 23:56 |
gnarface | yanmaani: leading cause is using deprecated hostnames for your sources.list | 23:56 |
markizano | ^ +1 | 23:56 |
markizano | found that out the hard way myself. | 23:56 |
gnarface | yanmaani: (some hostnames that were deprecated years ago finally stopped working) | 23:56 |
markizano | auto.mirrors.devuan.org is no more - use archive.devuan.org to get the latest on jessie if you are trying to upgrade from Jessie | 23:57 |
markizano | use deb.devuan.org for anything ascii and later. | 23:57 |
yanmaani | deb http://deb.devuan.org/merged beowulf main contrib non-free | 23:57 |
gnarface | yes | 23:57 |
markizano | trailing slash is necessary, right? | 23:57 |
yanmaani | It's worked fine for other packages | 23:58 |
markizano | (at least they had one in the docs) | 23:58 |
gnarface | uh, i don't think trailing slash is required | 23:58 |
markizano | ok | 23:58 |
Jjp137 | it's not | 23:58 |
gnarface | no, not required here but my old notes suggest that it at least used to be for debian | 23:58 |
yanmaani | When I go to the URL, they have packages there | 23:58 |
yanmaani | but not the version it's complaining about | 23:59 |
markizano | hrmm... isn't `dist-upgrade` as an apt function also deprecated? isn't the new function `apt full-upgrade` in place of `apt-get dist-upgrade` ? | 23:59 |
yanmaani | markizano: That doesn't work either | 23:59 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!