ge with the signed binaries, and test
like hell.
8. Upload shim-signed.
We're currently at step 5.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
There's no sensation to compare with this
Suspended animation, A state of bliss
On Fri, May 10, 2024 at 03:44:35PM +0100, Luca Boccassi wrote:
>On Fri, 10 May 2024 at 15:36, Steve McIntyre wrote:
>> On Fri, May 10, 2024 at 04:29:00PM +0200, Ansgar wrote:
>>
>> >Maybe we should use a non-trusted cert for the initial setup and only
>> >switch
?
In fact, if we're going to generate new keys and certs for the
intermediate signers, it might be worth refreshing them all anyway
maybe?
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"Every time you use Tcl, God kills a kitten." -- Malcolm Ray
56789abc PK.crt PK.esl
>> Invalid DOS header magic
>> make[1]: *** [Make.rules:130: HelloWorld-signed.efi] Error 1
I can reproduce this here. The HelloWorld.efi binary seems to be
totally malformed. Digging further...
--
Steve McIntyre, Cambridge, UK.s
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-...@lists.debian.org
This is a new upstream version of shim, built for bullseye. This is
needed for better handling of SBAT-based revocations, plus a range of
shim (15.8-1~deb12u1) bookworm; urgency=medium
[ Steve McIntyre ]
* Cope with changes in pesign packaging.
* New upstream release fixing more bugs
* Remove all our previous patches, no longer needed:
+ Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now
upstream
Hi Timo,
On Thu, May 02, 2024 at 09:07:08AM +0300, Timo Aaltonen wrote:
>Steve McIntyre kirjoitti 30.4.2024 klo 19.19:
>> Hi!
>>
>> On Fri, Mar 08, 2024 at 10:42:40PM +0100, Salvatore Bonaccorso wrote:
>> > Source: python-jwcrypto
>> > Version: 1.5
+1,10 @@
+python-jwcrypto (1.1.0-1+deb12u1) bookworm; urgency=medium
+
+ * Apply and tweak upstream security fix for CVE-2024-28102
+Address potential DoS with high compression ratio
+
+ -- Steve McIntyre <93...@debian.org> Fri, 26 Apr 2024 17:18:31 +0100
+
python-jwcrypto (1.1.0-1) un
t (#1070232).
Lovely. :-)
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Armed with "Valor": "Centurion" represents quality of Discipline,
Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
concord the digital world while feeling safe and proud.
Control: tag 1070133 +patch
Control: tag 1070135 +patch
Here's a debdiff against what's already in 3.11.2-6+deb12u1 in
-proposed-updates
--
Steve McIntyre, Cambridge, UK.st...@einval.com
< sladen> I actually stayed in a hotel and arrived to find
this problem, please
>send it to 1070...@bugs.debian.org.
>
>Please do not send mail to ow...@bugs.debian.org unless you wish
>to report a problem with the Bug-tracking system.
>
>--
>1070135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070135
>Debian Bug Tracking System
Source: python3.11
Version: 3.11.2-6
Severity: minor
Tags: security upstream
X-Debbugs-Cc: steve.mcint...@pexip.com, Debian Security Team
Quoting https://security-tracker.debian.org/tracker/CVE-2023-6597:
An issue was found in the CPython `tempfile.TemporaryDirectory` class
affecting versions
nd it to 1070...@bugs.debian.org.
>
>Please do not send mail to ow...@bugs.debian.org unless you wish
>to report a problem with the Bug-tracking system.
>
>--
>1070133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070133
>Debian Bug Tracking System
Source: python3.11
Version: 3.11.2-6
Severity: important
Tags: upstream security
X-Debbugs-Cc: Debian Security Team
Quoting https://security-tracker.debian.org/tracker/CVE-2024-0450:
An issue was found in the CPython `zipfile` module affecting versions
3.12.1, 3.11.7, 3.10.13, 3.9.18, and
ere could be effects on Bitvise SSH
>| through 9.31.
We wanted this fixed in Pexip, so I've taken a look at this bug.
The upstream bugfix just needs a small rework so it applies cleanly to
the version in bookworm. Here's a debdiff for that that in case it's
useful.
--
Steve McIntyre, Cambridge
it applies cleanly to
the version in bookworm. Here's a debdiff for that that in case it's
useful.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Can't keep my eyes from the circling sky,
Tongue-tied & twisted, Just an earth-bound misfit, I...
diff -Nru pyt
Package: cdimage.debian.org
As a reminder for me: the latest weekly build failed, looks like
source packages no longer fit???
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"C++ ate my sanity" -- Jon Rabone
Here's an NMU diff that fixes the FTBFS. In incoming right now.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"I used to be the first kid on the block wanting a cranial implant,
now I want to be the first with a cranial firewall. " -- Charlie Stross
elp, but the merge isn't the hard bit here.
Tthe new upstream is a little problematic and I'm debugging some boot
failures in my local CI already.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Into the distance, a ribbon of black
Stretched to the point of no turning back
On Wed, Dec 20, 2023 at 11:59:31PM +0100, Guillem Jover wrote:
>Hi!
>
>On Wed, 2023-12-20 at 15:30:24 +0000, Steve McIntyre wrote:
>> Package: debsig-verify
>> Version: 0.23+b2
>> Severity: important
>> Tags: patch
>
>> Updating our derived distro from bu
On Wed, Mar 20, 2024 at 05:18:08PM +, Steve McIntyre wrote:
>Hi Guillem,
>
>Sorry, I've been swamped with other stuff then ill for the last week
>or so. Looking now...
And I can confirm that your changes work here for our system too.
Thanks!
--
Steve McIntyre, C
Hi Guillem,
Sorry, I've been swamped with other stuff then ill for the last week
or so. Looking now...
On Thu, Mar 07, 2024 at 04:22:08AM +0100, Guillem Jover wrote:
>Hi!
>
>On Wed, 2023-12-20 at 23:59:31 +0100, Guillem Jover wrote:
>> On Wed, 2023-12-20 at 15:30:24 +, Steve
ort completes the restoration of the image with a
>constant
>transfer rate of +/- 41MB/sec.
>Regards.
What you're describing sounds just as likely to be a hardware problem
with the enclosure, to be honest. Does it work 100% reliably elsewhere?
--
Steve McIntyre, Cambridge, UK.
ll seeing this over 5 years later. Is there any reason not to do an
upload with the patch here?
--
Steve McIntyre, Cambridge, UK.st...@einval.com
You raise the blade, you make the change... You re-arrange me 'til I'm sane...
ins some really awful old C code, and it's taking a bit of
fixing. But I'm getting there...
--
Steve McIntyre, Cambridge, UK.st...@einval.com
You lock the door
And throw away the key
There's someone in my head but it's not me
t;endianconv.h"
>+ #include "checksum.h"
>++#include "md5.h"
>+ #endif
>+ #ifdef APPLE_HYB
>+ #include
>diff -Nru cdrkit-1.1.11/debian/patches/series
>cdrkit-1.1.11/debian/patches/series
>--- cdrkit-1.1.11/debian/patches/series2022-05-25
rrectly
>verified.
Hmmm. I've just grabed the latest weekly amd64 netinst and tried to
reproduce your issue. Things work here just fine in a VM, using this
image:
e618afbebbbdf9495c74140bc87f2a4b debian-testing-amd64-netinst.iso
Does that match your image?
If the integrity check fa
tp-master. Nothing earth-shattering, just some config to
recognise the new set of packages IIRC. I'm sure Bastian can
manage this. :-)
* Are people from the team ready to deal with long-term security
support for the systemd-boot chain?
That's all I can think of for now, b
debian-12.5.0-amd64-BD-1.jigdo debian-12.5.0-amd64-BD-1.template
Jigsaw Download "lite"
Copyright (C) 2001-2009 | jigdo@
Richard Atterer | atterer.org
Copyright (C) 2016-2021
Steve McIntyre <93...@debian.org>
Loading settings from `/home/
s
>not the only issue. Are you able to drive this forward from here?
Already fixed in git, along with another usr-merge issue I found. The
next regular build should be fine.
Hmm, why didn't this get tagged as "pending" already when I pushed??
--
Steve McIntyre, Cambridge, UK.
ng I can think of can be done with apt-get.
The most common thing for me is simply grabbing all the files that
were part of a specific source upload, e.g.:
$ dget http://deb.debian.org/debian-security/pool/main/g/glibc/glibc_2.19-13.dsc
How would you do similar with apt-get? I especially find this useful
Package: debsig-verify
Version: 0.23+b2
Severity: important
Tags: patch
Hey Guillem,
Updating our derived distro from bullseye to bookworm, we've moved on
from 0.23 to 0.28. We're using subkeys for signing our debs, and that
no longer works. I can see that the change you've made to no longer
On Sat, Dec 09, 2023 at 05:06:47PM +0100, Roland Clobus wrote:
>On 09/12/2023 15:48, Steve McIntyre wrote:
>> Package: cdimage.debian.org
>> Severity: important
>> Tags: a11y
>>
>> Testing the gnome live image for the 12.3 release...
>>
>> Running
Package: debian-live
Severity: normal
We don't have a KDE desktop icon to launch calamares on the Bookworm
live images. No idea what's responsible for this...
Package: cdimage.debian.org
Severity: important
Tags: a11y
Testing the gnome live image for the 12.3 release...
Running d-i from that image complained early on about missing Intel SOF
firmware. Later on, the same image finds and loads intel wifi firmware
just fine. Checking on the image, all the
evant
>part.
>If required, the full build log is available here:
ACK, this is already known about. The pesign package no longer
provides efisiglist in unstable. I already have the necessary changes
made in shim in git, and we're due a new upload soon-ish.
--
Steve McIntyre, Cambridge, UK.
That's cdrom-checker: https://salsa.debian.org/installer-team/cdrom-checker
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Who needs computer imagery when you've got Brian Blessed?
est to apply their patch rather than yours to make
>the code more consistent with upstream, do you agree?
>
>[1] https://github.com/libssh2/libssh2/issues/1240
>[2] https://github.com/libssh2/libssh2/pull/1241
Thanks, that looks sane enough here! :-)
--
Steve McIntyre, Cambridge, U
On Thu, Nov 23, 2023 at 10:46:34AM -0500, Nicolas Mora wrote:
>Le 2023-11-23 à 09 h 46, Steve McIntyre a écrit :
>>
>> Ah, apologies - that version is bogus, it's just the version on the
>> bullseye machine I ran reportbug from.
>>
>> The tests are failing on c
On Thu, Nov 23, 2023 at 09:20:37AM -0500, Nicolas Mora wrote:
>Hello,
>
>On Tue, 21 Nov 2023 13:30:31 +0000 Steve McIntyre wrote:
>> Source: libssh2
>> Version: 1.9.0-2
>> Severity: serious
>> Tags: ftbfs patch
>>
>> Hi!
>>
>> Building
Source: libssh2
Version: 1.9.0-2
Severity: serious
Tags: ftbfs patch
Hi!
Building libssh2 using debuild in a clean local chroot, I get test
failures and even a core dump!
...
PASS: mansyntax.sh
r preinst moved to postinst) was about adding it
>to the Depends field.
>
>In fact, the changelog was correct for what it had to be done,
>just not for what it was actually done.
>
>(note: shim FTBFS in a clean chroot because of this bug)
Oh, gah. :-/
Thanks for the prod, f
>IOW, is there a reason why pesign shouldn't be built
>on ia64/mips64el/x32 ?
Actually, I think you're right. I'll tweak again for the next upload.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"Yes, of course duct tape works in a near-vacuum. D
32 as far as
>I'm aware. I'd suggest enabling the feature only on armhf/armel for the
>time being.
Are either of those ports (armeb/arm64ilp32) actually useful / alive
at this point?
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"You can't barbecue lettuce!" -- Ellie Crane
debian 12.2 amd64 live.iso system, its installer ran OK.
>I am running on the system installed from the live installer right now. This
>is what made the lspci.
>
>I also successfully managed to perform a dist-upgrade from an install of
>debian 11.6.
--
Steve McIntyre, Cambridge, UK.
006
>
>The problem is due to an extra argument passed to LogError, and it is
>know upstream. A patch is available but it has not been merged yet:
>https://github.com/rhboot/shim/pull/577
Ah, thanks for digging into this. I was suspecting it might be
something like this, but hadn't found the time to
grub.cfg.
>
>You can either re-enable it and get exposed to any bug in grub
>filesystem implementations which will then run as root to mount
>any disk attached to the system, or add a /etc/grub.d file that
>echos additional fixed boot entries for your other OS.
Or edit /etc/defau
Source: debian-installer-utils
Version: 1.147
Severity: normal
I'm hacking together an installer for an rpi4 locally, copying all the
files onto a FAT-formatted USB drive. I also want to do some minor
config in a preseed late_command, so I've modified the initrd to add a
preseed file.
he times and annoy everyone.
I disagree strongly.
Just because those paths will now work, that doesn't mean they're
*correct* locations. We should be trying hard *not* to break
interfaces here.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
< sladen> I ac
Could it be updated like Ubuntu, which has apparently fixed it?
>https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1929471
I believe this to be fixed when we moved to using shim 15.7, so
marking it as such. Please re-open if you still have problems.
--
Steve
or.
After weeks with this breakage, I've just uploaded a minimal NMU to
fix it, reverting the syslog changes since -1. I've buit and tested
successfully locally.
Here's the NMU diff.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
You raise the blade, you make the
Source: python-greenlet
Version: 2.0.2-1
Severity: normal
Tags: patch
Hi!
I initially found this doing a rebuild in a derived distro, then
debugged and worked out what's happening. The build-time tests may
generate a core file, depending on the build environment. If that
happens, the core file
ta Format 1: OEM-specific
>dmidecode: Descriptor 2: End of log
>dmidecode: Data Format 2: OEM-specific
>dmidecode: Descriptor 3: End of log
>dmidecode: Data Format 3: OEM-specific
>dmidecode: Descriptor 4: End of log
>dmidecode: Data Format 4: OEM-specific
>dmidecode: Descriptor 5: End of log
>dmidecode: Data Format 5: OEM-specific
>dmidecode: Descriptor 6: End of log
>dmidecode: Data Format 6: OEM-specific
>dmidecode:
>dmidecode: Handle 0x0015, DMI type 16, 15 bytes
>dmidecode: Physical Memory Array
>dmidecode: Location: System Board Or Motherboard
>dmidecode: Use: System Memory
>dmidecode: Error Correction Type: None
>dmidecode: Maximum Capacity: 2 GB
>dmidecode: Error Information Handle: Not Provided
>dmidecode: Number Of Devices: 1
>dmidecode:
>dmidecode: Handle 0x0016, DMI type 19, 15 bytes
>dmidecode: Memory Array Mapped Address
>dmidecode: Starting Address: 0x000
>dmidecode: Ending Address: 0x0007FFF
>dmidecode: Range Size: 2 GB
>dmidecode: Physical Array Handle: 0x0015
>dmidecode: Partition Width: 4
>dmidecode:
>dmidecode: Handle 0x0017, DMI type 17, 28 bytes
>dmidecode: Memory Device
>dmidecode: Array Handle: 0x0015
>dmidecode: Error Information Handle: Not Provided
>dmidecode: Total Width: 64 bits
>dmidecode: Data Width: 64 bits
>dmidecode: Size: 2048 MB
>dmidecode: Form Factor: SODIMM
>dmidecode: Set: None
>dmidecode: Locator: DIMM0
>dmidecode: Bank Locator: BANK0
>dmidecode: Type: DDR3
>dmidecode: Type Detail: Synchronous
>dmidecode: Speed: 667 MT/s
>dmidecode: Manufacturer: Manufacturer00
>dmidecode: Serial Number: SerNum00
>dmidecode: Asset Tag: AssetTagNum0
>dmidecode: Part Number: ModulePartNumber00
>dmidecode: Rank: Unknown
>dmidecode:
>dmidecode: Handle 0x0018, DMI type 20, 19 bytes
>dmidecode: Memory Device Mapped Address
>dmidecode: Starting Address: 0x000
>dmidecode: Ending Address: 0x0007FFF
>dmidecode: Range Size: 2 GB
>dmidecode: Physical Device Handle: 0x0017
>dmidecode: Memory Array Mapped Address Handle: 0x0016
>dmidecode: Partition Row Position: 1
>dmidecode: Interleaved Data Depth: 1
>dmidecode:
>dmidecode: Handle 0x0019, DMI type 32, 20 bytes
>dmidecode: System Boot Information
>dmidecode: Status: No errors detected
>dmidecode:
>dmidecode: Handle 0x001A, DMI type 41, 11 bytes
>dmidecode: Onboard Device
>dmidecode: Reference Designation: To Be Filled By O.E.M.
>dmidecode: Type: Video
>dmidecode: Status: Enabled
>dmidecode: Type Instance: 0
>dmidecode:
>dmidecode: Handle 0x001B, DMI type 41, 11 bytes
>dmidecode: Onboard Device
>dmidecode: Reference Designation: To Be Filled By O.E.M.
>dmidecode: Type: SCSI Controller
>dmidecode: Status: Disabled
>dmidecode: Type Instance: 0
>dmidecode:
>dmidecode: Handle 0x001C, DMI type 127, 4 bytes
>dmidecode: End Of Table
>dmidecode:
>/proc/fb: 0 VESA VGA
>
>
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Armed with "Valor": "Centurion" represents quality of Discipline,
Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
concord the digital world while feeling safe and proud.
eting OS files for no good reason. If
>someone wants to mess manually with /etc/machine-id and
>/var/lib/dbus/machine-id it's fair that they are allowed to do that,
>but it's also fair to tell them that they get to keep the pieces.
Agreed, 100%.
--
Steve McIntyre, Cambridge, UK.
d the
>files "/etc/machine-id" and "/var/lib/dbus/machine-id" are not linked
>in any way (no soft or hardlink) and the ID inside the files differ
>from each other.
I've confirmed this bug just now, doing a clean installation from the
12.0.0 am
Hey,
The first patch committed here allows people to uninstall
raspi-firmware more easily. I suggest the attached to make things
easier for people even before that removal...
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Getting a SCSI chain working
35382 open on the live side, let's
bump the severity on that.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
“Why do people find DNS so difficult? It’s just cache invalidation and
naming things.”
-– Jeff Waugh (https://twitter.com/jdub)
t shouldn't necessarily be installed on an amd64
host. Or is this coming from live images?
--
Steve McIntyre, Cambridge, UK.st...@einval.com
“Changing random stuff until your program works is bad coding
practice, but if you do it fast enough it’s Machine Learning.”
-- https://twitter.com/manisha72617183
tigation will show they had been copied to
>/boot/grub/grub.cfg .
Sorry, but this bug report is way too vague to be useful. You've shown
no output here, so we can only guess at what you're seeing. You're
comparing normal output to what an extra local script is saying,
maybe?
--
Steve
be downloaded from a mirror like other ordinary packages when
>needed ?
I'm not currently filtering by build type, so I'm leaving these in.
>Note: it also includes firmware-linux-nonfree which is a meta-package not
>containing any firmware file.
That's been fixed separately by othe
On Wed, Jul 05, 2023 at 08:30:03AM +0200, Pascal Hambourg wrote:
>On 05/07/2023 at 00:50, Steve McIntyre wrote:
>>
>> I think that's quite a result! Comparing the ISOs, the differences are
>> just 5 missing firmware debs:
>>
>> firmware-nvidia-gsp_525.116.04-1_a
On Thu, Jun 29, 2023 at 06:17:49AM +0100, Steve McIntyre wrote:
>Package: debian-installer
>Severity: normal
>
>As mentioned in #1038440 and elsewhere, some of our media builds are
>too big and this is mostly due to inclusion of firmware packages. Some
>growth is not une
the most busy time. I filed the
>bug when I learned about plans of giving JFS the axe.
>
>> Feel free to ping this bug report a few weeks/months into the next release
>> cycle
>
>So... it might be a better time now.
Agreed, we'll pick this up shortly.
--
Steve McIntyr
Package: debian-installer
Severity: normal
As mentioned in #1038440 and elsewhere, some of our media builds are
too big and this is mostly due to inclusion of firmware packages. Some
growth is not unexpected, but we're including firmware packages that
are not useful, e.g.:
* nvidia firmware
/changelog grub2-2.06/debian/changelog
--- grub2-2.06/debian/changelog 2023-04-21 13:30:26.0 +0100
+++ grub2-2.06/debian/changelog 2023-04-23 20:55:54.0 +0100
@@ -1,3 +1,35 @@
+grub2 (2.06-13) unstable; urgency=medium
+
+ [ Steve McIntyre ]
+ * When *also* installing
exactly what size your images are coming out as, please?
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"I've only once written 'SQL is my bitch' in a comment. But that code
is in use on a military site..." -- Simon Booth
Hey Johannes,
On Mon, May 15, 2023 at 06:48:04AM +0200, Johannes Schauer Marin Rodrigues
wrote:
>Quoting Steve McIntyre (2023-05-15 02:54:02)
>>
>> Pointing at gentoo or nixos as examples of projects that have decided
>> to break compatibility doesn't cut it, I'm afrai
Your apparent lack of care for agreed standards
here is horrifying.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"We're the technical experts. We were hired so that management could
ignore our recommendations and tell us how to do our jobs." -- Mike Andrews
ing without significant
cross- and inter-project discussion.
Pointing at gentoo or nixos as examples of projects that have decided
to break compatibility doesn't cut it, I'm afraid. They're well known
for changing fundamental things around Linux and (basically) not
caring about interoperabil
On Fri, May 12, 2023 at 01:11:38PM +0100, Luca Boccassi wrote:
>On Fri, 12 May 2023 at 12:08, Steve McIntyre wrote:
>>
>> On Fri, May 12, 2023 at 11:40:05AM +0100, Steve McIntyre wrote:
>> >On Fri, May 12, 2023 at 10:49:32AM +0100, Luca Boccassi wrote:
>> >>
On Fri, May 12, 2023 at 11:40:05AM +0100, Steve McIntyre wrote:
>On Fri, May 12, 2023 at 10:49:32AM +0100, Luca Boccassi wrote:
>>On Fri, 12 May 2023 at 09:40, Steve McIntyre wrote:
>>>
>>> On Fri, May 12, 2023 at 07:40:00AM +0200, Ansgar wrote:
>>> >
>&g
On Fri, May 12, 2023 at 10:49:32AM +0100, Luca Boccassi wrote:
>On Fri, 12 May 2023 at 09:40, Steve McIntyre wrote:
>>
>> On Fri, May 12, 2023 at 07:40:00AM +0200, Ansgar wrote:
>> >
>> >The core issue as I see it is as follows:
>> >
>> >- Debian
ies.
WTF? *Nobody* has been talking about breaking ABI like this, that I've
seen. The interpreter must *not* be changed willy-nilly.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"I've only once written 'SQL is my bitch' in a comment. But that code
is in
FDT @ 0x43fd2c4000
loader/efi/fdt.c:63: allocating 26028 bytes for fdt
error: failed to install/update FDT.
...
Digging further...
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Armed with "Valor": "Centurion" represents quality of Discipline,
Hono
Control: severity -1 serious
Raising the severity here, seen another report of this.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"Managing a volunteer open source project is a lot like herding
kittens, except the kittens randomly appear and disa
change about this, that contains the
>explanation: https://unix.stackexchange.com/q/744624/203826
ACK.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Mature Sporty Personal
More Innovation More Adult
A Man in Dandism
Powered Midship Specialty
the
>EFI partition size is usually several MB so a few more kB won't hurt. I
>cannot tell for other platforms.
Nod, exactly. To be honest, EFI typically makes things *so* much more
sane here for exactly these reasons. Then again you get to see more
issues with broken firmware. :-/
--
Steve M
Control: severity -1 minor
Control: tags -1 wontfix
Control: retitle -1 grub-pc: needs reconfiguration with complex storage setup
On Sun, Apr 30, 2023 at 04:28:01PM -0700, Vagrant Cascadian wrote:
>On 2023-04-30, Steve McIntyre wrote:
>> On Sun, Apr 30, 2023 at 12:56:29PM -0700, Vagrant
ng if this might be the underlying cause
of your issue.
If possible, on your system, could you also reboot and call up a grub
command line (hit "c" from the grub menu)?
>From there, I'd love to see what you get if you run "ls" here...
--
Steve McIntyre, Cambridge, UK.
On Sat, Apr 29, 2023 at 08:51:48AM -0700, Peter Ehlert wrote:
>
>On 4/29/23 07:23, Steve McIntyre wrote:
>> Hi Peter,
>>
>> Could you please share a copy of the installer logs? You should be
>> able to find them in /var/log/installer on the installed system.
>the
ev 07)
>7f:13.6 0880: 8086:3c45 (rev 07)
>peter@RC2net:~$
>
>
>Base System Installation Checklist:
>[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it
>
>Initial boot worked: [E ]
>Configure network HW: [O ]
>Config network: [O ]
>Detec
an find attached the full output of
>LC_ALL=C grub-install -v .
Thanks. That's not showing anything unexpected, which surprises me.
Could you please edit /var/lib/dpkg/info/grub-efi-amd64.postinst and
add a line near the top saying
set -x
and then run
# script -c "dpkg --configure --pending&q
update-grub this will fix your problem. Or run
dpkg-reconfigure on your grub package (either grub-pc or
grub-efi-amd64) and the latest grub packages will ask you about
os-prober.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Welcome my son, welcome to the machine.
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package grub2
We've pulled in some really important fixes for GRUB, that I think are
important and should definitely be part of the bookworm release:
* Fix an issue where
find the MOK Manager ?
shim is designed to be paranoid (here and elsewhere). There isn't a
*good* choice for it here IMHO. :-/
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"This dress doesn't reverse." -- Alden Spiess
>
>dpkg: error processing package grub-efi (--configure):
> dependency problems - leaving unconfigured
>Errors were encountered while processing:
> grub-efi-amd64
> grub-efi
>E: Sub-process /usr/bin/dpkg returned an error code (1)
There's not a lot to see here so far. Wh
onger supports the GRUB_ENABLE_LINUX_LABEL
>parameters and has to be re-written for it to work.
Looking in the history, I can't see where we've ever supported
this. Can you tell me which version(s) ever had this working for you
please?
--
Steve McIntyre, Cambridge, UK.
I've just pushed an update to the code here...
On Mon, Apr 10, 2023 at 05:45:15PM +0200, Pascal Hambourg wrote:
>On 10/04/2023 at 15:13, Steve McIntyre wrote:
>>
>> Overall comment: I'm not trying to make the heuristics 100% reliable
>> here, as I don't think that's actua
to detect the specially crafted partition
>table on the installation media created with a debian image. Is it intended
>or fortunately unintentional ? If partman could see the EFI partition on the
>installation media, the detection of BIOS-bootable systems would fail.
That's not a worry for today... :-)
--
Steve McIntyre, Cambridge, UK.st...@einval.com
You lock the door
And throw away the key
There's someone in my head but it's not me
uot;just worked".
>
>Why is that? We've been supporting Secure Boot for a very long while.
And one of my standard test machines here is my old T470. Jeremy: what
problem are you seeing please?
--
Steve McIntyre, Cambridge, UK.st...@einval.com
We don't need no education.
We don't need no thought control.
ooting the installer from Windows
>(spotted just today), since win32-loader support has been removed from the
>installer as well.
Awesome stuff. Thanks Holger! \o/
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"...In the UNIX world, people te
" with ARCH="amd64/efi". I've not tested this,
but you *might* be able to progress here.
The installer is *very* much designed to only set up EFI-relevant
stuff if you're booted in EFI mode.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Google-bait: https://www.debian.org/CD/free-linux-cd
Debian does NOT ship free CDs. Please do NOT contact the mailing
lists asking us to send them to you.
On Mon, Mar 27, 2023 at 12:52:41AM +0200, Chris Hofstaedtler wrote:
>* Steve McIntyre :
>> We should definitely also kill section 4.4.2: Loadlin is *dead* -
>> *nobody* has DOS any more.
>
>Section 5.1.4. "Booting from DOS using loadlin" should also go, I
>
On Sun, Mar 26, 2023 at 11:06:56PM +0200, Holger Wansing wrote:
>
>
>Am 26. März 2023 19:48:09 MESZ schrieb Steve McIntyre :
>>If anybody *does* want to keep the rest of the text, please put it in
>>an appendix called "extra USB options that nobody needs" or sim
Source: installation-guide
Severity: important
Almost all of section 4.3 (Preparing Files for USB Memory Stick
Booting) needs to go away. We should *not* be telling most users about
manually formatting media, copying installer files, etc.
My strong preference would be to simply remove
vant?
Could you run the installation without preseeding and confirm if the
wireless works that way please?
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"I suspect most samba developers are already technically insane... Of
course, since many of them are Australians, you can't tell." -- Linus Torvalds
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-...@lists.debian.org
Hi!
Please unblock our stack of shim and shim-signed packages. We finally
have new signed shim binaries and there's a lot of major bugfixes
links. But of course that will only work for files
and won't work for directories. Probably best not to worry about the
FAQ tarball here, to be honest.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
"This dress doesn't reverse." -- Alden Spiess
seful features, at least:
* BIOS boot
* image checksums
and those are important for me and a lot our users. Seriously, just
using DD or similar gives people a verifiable, known-good copy of our
installer image that will boot on as many machines as possible and
work well in the debian-installer env
doesn't help, the next thing to try is turning on shim
debug using:
$ sudo mokutil --set-verbosity true
This will produce a *lot* of output; if you can capture it via video
or on a serial port, that may help diagnose what's happening.
Thanks!
--
Steve McIntyre, Cambridge, UK
1 - 100 of 2265 matches
Mail list logo
