Bug#922659: Workaround

[Peter.Chubb]

I rebuilt emacs without the in-built GNUTLS --- and everything now
works properly.

I added the line:
confflags += --without-gnutls
to debian/rules and rebuilt.

Peter C
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#922365: openssh-server: dpkg --configure fails

[Peter.Chubb]

Hi Colin,
> "Colin" == Colin Watson  writes:

On Fri, Feb 15, 2019 at 01:20:53PM +1100, Peter Chubb wrote:
>> During a normal upgrade of ssh, I see: Restarting OpenBSD Secure
>> Shell server: sshdstart-stop-daemon: matching only on non-root
>> pidfile /run/sshd.pid is insecure invoke-rc.d: initscript ssh,
>> action "restart" failed.
>> 
>> and the package remains `unconfigured' in the database.

Colin> I started a container and installed sysvinit-core and
Colin> openssh-server in it, and I can't reproduce this bug there.  In
Colin> particular, /run/sshd.pid is owned by root.


Can't think of any local customisations.  But this machine started
off on Potato and has been upgraded regularly since then, so there may
be some legacy cruft hanging around.

$ ls -l /run/sshd.pid
-rw-r--r-- 1 root staff 6 Feb 15 13:21 /run/sshd.pid

I suspect the `staff' group is the issue.  Got that way because I have
an su shortcut that puts me in uid 0 group 50 for /usr/local update,
and I must have restarted sshd with those credentials one time.
Should /etc/init.d/ssh set the credentials to create /run/ssh.pid with ?

I chgrped the file to root then dpkg --configure  worked successfully.

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#917836: logwatch: `Server' misspelt in /usr/share/logwatch/scripts/kernel

[Peter.Chubb]

Package: logwatch
Version: 7.5.0-1
Severity: minor

Dear Maintainer,

I see messages of the form:
 WARNING:  NFS Sever Not Responding Messages

 where Server is mis-spelt Sever



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/28 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages logwatch depends on:
ii  exim4-daemon-light [mail-transport-agent]  4.92~RC3-1
ii  perl   5.28.1-3

Versions of packages logwatch recommends:
ii  libdate-manip-perl   6.75-1
ii  libsys-cpu-perl  0.61-2+b4
ii  libsys-meminfo-perl  0.99-1+b3

logwatch suggests no packages.

-- Configuration Files:
/etc/cron.daily/00logwatch changed [not included]

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#916246: patroni doesnt bootstrap

[Peter.Chubb]

Package: patroni
Version: 1.5.1-2
Severity: normal

Dear Maintainer,

I edited /etc/patroni/config.yml (copy appended), installed a 
brand new postgresql, ran patroni /etc/patroni/config.yml and see:
2018-12-12 11:40:43,456 INFO: Lock owner: None; I am test-db
2018-12-12 11:40:43,468 INFO: trying to bootstrap a new cluster
2018-12-12 11:40:43,471 INFO: Lock owner: None; I am test-db
2018-12-12 11:40:43,471 INFO: not healthy enough for leader race
2018-12-12 11:40:43,472 INFO: bootstrap in progress
2018-12-12 11:40:43,472 INFO: Running custom bootstrap script: 
/usr/share/patroni/pg_createcluster_patroni
Creating new PostgreSQL cluster 11/testdb ...
/usr/lib/postgresql/11/bin/initdb -D /var/lib/postgresql/11/testdb --auth-local 
peer --auth-host md5
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_AU.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/11/testdb ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

Success. You can now start the database server using:

/usr/lib/postgresql/11/bin/pg_ctl -D /var/lib/postgresql/11/testdb -l 
logfile start

Ver Cluster Port Status OwnerData directoryLog file
11  testdb  5433 down   postgres /var/lib/postgresql/11/testdb 
/var/log/postgresql/postgresql-11-testdb.log
2018-12-12 11:40:44,816 INFO: postmaster pid=928
10.13.1.77:5432 - no response
2018-12-12 11:40:44,842 INFO: removing initialize key after failed attempt to 
bootstrap the cluster
2018-12-12 11:40:44,852 INFO: renaming data directory to 
/var/lib/postgresql/11/testdb_2018-12-12-11-40-44
2018-12-12 11:40:44,952 INFO: Lock owner: None; I am test-db
Traceback (most recent call last):
  File "/usr/bin/patroni", line 11, in 
load_entry_point('patroni==1.5.1', 'console_scripts', 'patroni')()
  File "/usr/lib/python3/dist-packages/patroni/__init__.py", line 182, in main
return patroni_main()
  File "/usr/lib/python3/dist-packages/patroni/__init__.py", line 149, in 
patroni_main
patroni.run()
  File "/usr/lib/python3/dist-packages/patroni/__init__.py", line 114, in run
logger.info(self.ha.run_cycle())
  File "/usr/lib/python3/dist-packages/patroni/ha.py", line 1275, in run_cycle
info = self._run_cycle()
  File "/usr/lib/python3/dist-packages/patroni/ha.py", line 1183, in _run_cycle
return self.post_bootstrap()
  File "/usr/lib/python3/dist-packages/patroni/ha.py", line 1079, in 
post_bootstrap
self.cancel_initialization()
  File "/usr/lib/python3/dist-packages/patroni/ha.py", line 1074, in 
cancel_initialization
raise PatroniException('Failed to bootstrap cluster')
patroni.exceptions.PatroniException: 'Failed to bootstrap cluster'

config.yml is:

scope: "11-testdb"
namespace: "/postgresql-common/"
name: test-db

#etcd:
#  host: 127.0.0.1:2379

consul:
  host: 127.0.0.1:8500
#  host: https://127.0.0.1:8500

#zookeeper:
#  hosts: 127.0.0.1:2181

restapi:
  listen: 10.13.1.77:8008
  connect_address: 10.13.1.77:8008
#  certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
#  keyfile: /etc/ssl/private/ssl-cert-snakeoil.key
#  authentication:
#username: username
#password: password

# ctl:
#   insecure: false # Allow connections to SSL sites without certs
#   certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
#   cacert: /etc/ssl/certs/ssl-cacert-snakeoil.pem

bootstrap:
  # Custom bootstrap method
  method: pg_createcluster
  pg_createcluster:
command: /usr/share/patroni/pg_createcluster_patroni

  # this section will be written into Etcd:///config after 
initializing new cluster
  # and all other cluster members will use it as a `global configuration`
  dcs:
ttl: 30
loop_wait: 10
retry_timeout: 10
maximum_lag_on_failover: 1048576
#master_start_timeout: 300
#synchronous_mode: false
#standby_cluster:
#  host: 127.0.0.1
#  port: 
#  primary_slot_name: patroni
postgresql:
  use_pg_rewind: true
  use_slots: true
  parameters:
wal_level: hot_standby
hot_standby: "on"
wal_keep_segments: 8
max_wal_senders: 10
max_replication_slots: 10
wal_log_hints: "on"
#archive_mode: "on"
#archive_timeout: 1800s
#archive_command: mkdir -p ../wal_archive && test ! -f 
../wal_archive/%f && cp %p ../wal_archive/%f
#  recovery_conf:
#restore_command: cp ../wal_archive/%f %p

  # some desired options for 'initdb'
  initdb:  # Note: It needs to be a list (some options 

Bug#916186: Acknowledgement (Patroni needs a HowTo)

[Peter.Chubb]

For example, Debian provides /etc/patroni/config.yml.in that contains
constructs like @HOSTNAME@ --- is it intended that I as sysadmin copy
this file to config.yml and fill in these placeholders, or is this
done automatically as part of the initial startup process?

Peter C


-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#916186: Patroni needs a HowTo

[Peter.Chubb]

Package: patroni
Version: 1.5.1-2
Severity: normal

Dear Maintainer,

Thankyou for packaging up Patroni to make it easy to install.

Howver, there seems to be a dearth of information on how to set up patroni,
consul, and Postgresql on Debian,  as a starting point.  The docs in
patroni-doc are mostly a shopping-list of options and what they do,
but without guidance as to how to put them together in a system.

Please add a Readme.Debian that explains how to do an initial configuration.


System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages patroni depends on:
ii  lsb-base 10.2018112800
ii  python3  3.6.7-1
ii  python3-cdiff1.0-1
ii  python3-click6.7+git20180829-1
ii  python3-dateutil 2.6.1-1
ii  python3-etcd 0.4.5-1
ii  python3-prettytable  0.7.2-3
ii  python3-psutil   5.4.8-1
ii  python3-psycopg2 2.7.5-2
ii  python3-requests 2.20.0-2
ii  python3-six  1.11.0-2
ii  python3-tzlocal  1.5.1-1
ii  python3-urllib3  1.24-1
ii  python3-yaml 3.13-1

patroni recommends no packages.

Versions of packages patroni suggests:
ii  consul   1.0.7~dfsg1-5
pn  haproxy  
ii  patroni-doc  1.5.1-2
ii  postgresql   11+197

-- Configuration Files:
/etc/patroni/dcs.yml changed [not included]

-- no debconf information
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#913023: [Pkg-libvirt-maintainers] Bug#913023: libvirt0: Parsing of memory.stat is incorrect

[Peter.Chubb]

> "Guido" == Guido Günther  writes:

Guido> Hi, On Tue, Nov 06, 2018 at 04:33:33AM +,
Guido> peter.ch...@data61.csiro.au wrote:
>> Package: libvirt0 Version: 4.7.0-1+b1 Severity: normal
>> 
>> Dear Maintainer, The parsing of memory.stat is incorrect in
>> src/util/vircgroup.c It spams the logs with error :
>> virCgroupGetMemoryStat:2490 : internal error: Cannot parse
>> 'memory.stat' cgroup file.  whenever anyone does `ps' inside a
>> container.

Guido> Can you bring that up upstream's libvirt list?

Version 4.9.0 has been released upstream that completely reworks this
section of the code.  Is 4.9.0 due to be packaged for Debian any time
soon?

Peter C
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#913023: libvirt0: Parsing of memory.stat is incorrect

[Peter.Chubb]

Package: libvirt0
Version: 4.7.0-1+b1
Severity: normal

Dear Maintainer,
 The parsing of memory.stat is incorrect in src/util/vircgroup.c
 It spams the logs with
error : virCgroupGetMemoryStat:2490 : internal error: Cannot parse 
'memory.stat' cgroup file.
whenever anyone does `ps' inside a container.

Here is a patch to fix it.  There may be a better way.
The problem is that the `line' variable is never updated, so each
time through the loop, the same start-of-line is compared for the token; 
and as all spaces are eventually replaced with nul the 
error exit is taken instead of ending the loop properly.


 src/util/vircgroup.c |7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- libvirt.orig/src/util/vircgroup.c
+++ libvirt/src/util/vircgroup.c
@@ -2477,7 +2477,7 @@ virCgroupGetMemoryStat(virCgroupPtr grou
 
 line = stat;
 
-while (line) {
+while (*line) {
 char *newLine = strchr(line, '\n');
 char *valueStr = strchr(line, ' ');
 unsigned long long value;
@@ -2507,6 +2507,11 @@ virCgroupGetMemoryStat(virCgroupPtr grou
 inactiveFileVal = value >> 10;
 else if (STREQ(line, "unevictable"))
 unevictableVal = value >> 10;
+
+   if (newLine)
+   line = newLine + 1;
+   else
+   break;
 }
 
 *cache = cacheVal;

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-1-amd64 (SMP w/28 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt0 depends on:
ii  libacl1 2.2.52-3+b1
ii  libapparmor12.13.1-3+b1
ii  libaudit1   1:2.8.4-2
ii  libavahi-client30.7-4+b1
ii  libavahi-common30.7-4+b1
ii  libc6   2.27-8
ii  libcap-ng0  0.7.9-1
ii  libcurl3-gnutls 7.62.0-1
ii  libdbus-1-3 1.12.10-1
ii  libdevmapper1.02.1  2:1.02.145-4.1
ii  libgcc1 1:8.2.0-9
ii  libgnutls30 3.5.19-1+b1
ii  libnl-3-200 3.4.0-1
ii  libnl-route-3-200   3.4.0-1
ii  libnuma12.0.12-1
ii  libsasl2-2  2.1.27~rc8-1
ii  libselinux1 2.8-1+b1
ii  libssh2-1   1.8.0-2
ii  libxml2 2.9.4+dfsg1-7+b1
ii  libyajl22.1.0-3

Versions of packages libvirt0 recommends:
ii  lvm2  2.02.176-4.1

libvirt0 suggests no packages.

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#909452: grub-efi-amd64: Can't boot from XFS root file system

[Peter.Chubb]

Package: grub-efi-amd64
Version: 2.02+dfsg1-6
Severity: important

Dear Maintainer,

When attempting to boot, grub drops into a commandline, and the system
is unbootable, because grub cannot read the XFS root partition.

I worked around the problem by adding:
 insmod $cmdpath/xfs

to /boot/efi/EFI/debian/grub.cfg
and copying xfs.mod into /boot/efi/EFI/debian/

I would have expected the grub-install process to do this (or
something equivalent) for me.

-- Package-specific info:

*** BEGIN /proc/mounts
/dev/nvme0n1p6 / xfs rw,relatime,attr2,inode64,noquota 0 0
/dev/nvme0n1p1 /boot/efi vfat 
rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro
 0 0
/dev/sda1 /usr/home f2fs 
rw,lazytime,relatime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod xfs
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root  4fe2144f-9685-46f4-a2d8-927aae009ac6
else
  search --no-floppy --fs-uuid --set=root 4fe2144f-9685-46f4-a2d8-927aae009ac6
fi
font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_AU
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod xfs
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root  4fe2144f-9685-46f4-a2d8-927aae009ac6
else
  search --no-floppy --fs-uuid --set=root 4fe2144f-9685-46f4-a2d8-927aae009ac6
fi
insmod png
if background_image /usr/share/desktop-base/softwaves-theme/grub/grub-16x9.png; 
then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu 
--class os $menuentry_id_option 
'gnulinux-simple-4fe2144f-9685-46f4-a2d8-927aae009ac6' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod xfs
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root  
4fe2144f-9685-46f4-a2d8-927aae009ac6
else
  search --no-floppy --fs-uuid --set=root 
4fe2144f-9685-46f4-a2d8-927aae009ac6
fi
echo'Loading Linux 4.19.0-rc4-00086-g4ca719a338d5 ...'
linux   /boot/vmlinuz-4.19.0-rc4-00086-g4ca719a338d5 
root=UUID=4fe2144f-9685-46f4-a2d8-927aae009ac6 ro  fbcon=font:SUN12x22 
net.ifnames=0 no_console_suspend intel_iommu=on
echo'Loading initial ramdisk ...'
initrd  /boot/initrd.img-4.19.0-rc4-00086-g4ca719a338d5
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 
'gnulinux-advanced-4fe2144f-9685-46f4-a2d8-927aae009ac6' {
menuentry 'Debian GNU/Linux, with Linux 4.19.0-rc4-00086-g4ca719a338d5' 
--class debian --class gnu-linux --class gnu --class os $menuentry_id_option 
'gnulinux-4.19.0-rc4-00086-g4ca719a338d5-advanced-4fe2144f-9685-46f4-a2d8-927aae009ac6'
 {
load_video

Bug#905350: Have you enabled the memory and swap cgroup managers?

[Peter.Chubb]

Hi,
To control memory with libvirt-lxc you need to have the memory 
controller and
swap account controllers active.  This means (on Debian)
adding:
 cgroup_enable=memory swapaccount=1
to GRUB_CMDLINE_LINUX_DEFAULT in  /etc/default/grub
doing
sudo update-grub
and then rebooting.

You are probably seeing lots of messages in your logs like:
   Failed to open file 
'/sys/fs/cgroup/memory/machine/lxc-41320-containername.libvirt-lxc/memory.memsw.usage_in_bytes
in your logs.

Peter C
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#907512: logwatch: some systemd-logind messages not filtered out

[Peter.Chubb]

Package: logwatch
Version: 7.4.3+git20161207-2
Severity: normal

Dear Maintainer,


In the logwatch output I see hundreds of messages like:
systemd-logind: Session 5 logged out. Waiting for processes to exit.: 1 
Time(s)

I think these are normal systemd syslog spam, and should be filtered
out. (this is on a busy server that has many users using ssh to it to perform
short tasks)

Peter C

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-2-amd64 (SMP w/56 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages logwatch depends on:
ii  exim4-daemon-light [mail-transport-agent]  4.91-7
ii  perl   5.26.2-7

Versions of packages logwatch recommends:
ii  libdate-manip-perl   6.72-1
ii  libsys-cpu-perl  0.61-2+b3
ii  libsys-meminfo-perl  0.99-1+b2

Versions of packages logwatch suggests:
pn  fortune-mod  

-- Configuration Files:
/etc/cron.daily/00logwatch changed [not included]

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#907444: libvirt-daemon: systemd runs (sort-of) in container even when disable

[Peter.Chubb]

Package: libvirt-daemon
Version: 4.6.0-2
Severity: normal

Dear Maintainer,

 I replaced systemd with sysvinit-core inside a libvirt-lxc container
 containing a stretch rootfs.
 I expected not to see any systemd messages in the in-container logs.
 But I see (even though anacron isn't installed in the container):

Aug 28 15:05:14 stage systemd[1]: Started Run anacron jobs.
Aug 28 15:05:14 stage systemd[30916]: anacron.service: Failed at step 
EXEC spawning /usr/sbin/anacron: No such file or directory
Aug 28 15:05:14 stage systemd[1]: anacron.service: Main process exited, 
code=exited, status=203/EXEC
Aug 28 15:05:14 stage systemd[1]: anacron.service: Unit entered failed 
state.
Aug 28 15:05:14 stage systemd[1]: anacron.timer: Adding 1min 49.830702s 
random time.
Aug 28 15:05:14 stage systemd[1]: anacron.service: Failed with result 
'exit-code'.


Inside the container:
# dpkg -l | grep systemd
ii  libsystemd0:amd64232-25+deb9u4amd64 
   systemd utility library
# dpkg -l | grep sysv
ii  sysv-rc  2.88dsf-59.9 all   
   System-V-like runlevel change mechanism
ii  sysvinit-core2.88dsf-59.9 amd64 
   System-V-like init utilities
ii  sysvinit-utils   2.88dsf-59.9 amd64 
   System-V-like utilities
# dpkg -l anacron
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version  Architecture Description
+++-==---=
un  anacron  (no description available)


The other thing that seems to be happening is cron jobs all run twice.
If I stop the in-container cron daemon, they run once but partially in
the wrong namespace (for example, they cannot see the ethernet adapter
but can see the filesystem)

My guess is that somehow either the host systemd-timer or libvirt-daemon
is reading the in-container /etc/crontab and executing the commands there,

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-2-amd64 (SMP w/56 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon depends on:
ii  libacl1 2.2.52-3+b1
ii  libapparmor12.13-8
ii  libaudit1   1:2.8.3-1+b1
ii  libavahi-client30.7-4
ii  libavahi-common30.7-4
ii  libblkid1   2.32.1-0.1
ii  libc6   2.27-5
ii  libcap-ng0  0.7.9-1
ii  libcurl3-gnutls 7.61.0-1
ii  libdbus-1-3 1.12.10-1
ii  libdevmapper1.02.1  2:1.02.145-4.1
ii  libfuse22.9.8-2
ii  libgcc1 1:8.2.0-4
ii  libgnutls30 3.5.19-1
ii  libnetcf1   1:0.2.8-1+b2
ii  libnl-3-200 3.4.0-1
ii  libnl-route-3-200   3.4.0-1
ii  libnuma12.0.11-2.2
ii  libparted2  3.2-21+b1
ii  libpcap0.8  1.8.1-6
ii  libpciaccess0   0.14-1
ii  libsasl2-2  2.1.27~101-g0780600+dfsg-3.1
ii  libselinux1 2.8-1+b1
ii  libssh2-1   1.8.0-2
ii  libudev1239-7
ii  libvirt04.6.0-2
ii  libxen-4.8  4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
ii  libxenstore3.0  4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
ii  libxml2 2.9.4+dfsg1-7+b1
ii  libyajl22.1.0-2+b3

Versions of packages libvirt-daemon recommends:
ii  libxml2-utils   2.9.4+dfsg1-7+b1
ii  netcat-openbsd  1.190-2
ii  qemu-kvm1:2.12+dfsg-3

Versions of packages libvirt-daemon suggests:
pn  libvirt-daemon-driver-storage-gluster   
pn  libvirt-daemon-driver-storage-rbd   
pn  libvirt-daemon-driver-storage-sheepdog  
pn  libvirt-daemon-driver-storage-zfs   
ii  libvirt-daemon-system   4.6.0-2
ii  numad   0.5+20150602-5

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#907440: libvirt-daemon: libvirtd spams host logs with `cant open .../memory.memsw.usage_in_bytes'

[Peter.Chubb]

Package: libvirt-daemon
Version: 4.6.0-2
Severity: minor

Dear Maintainer,
I'm running lots of containerised systems using libvirt-lxc.  The systems run 
on a machine with more than 300Gb RAM, and no swap.  So I haven't enabled swap
accounting on the host kernel.

Every few seconds, I see a pair of messages like this in the logs for each
container on the system:
   Aug 28 12:00:21 hostname libvirtd[39700]: 2018-08-28 02:00:21.467+: 
39707: error : virFileReadAll:1434 : Failed to open file 
'/sys/fs/cgroup/memory/machine/lxc-41320-containername.libvirt-lxc/memory.memsw.usage_in_bytes':
 No such file or directory
   Aug 28 12:00:21 hostname libvirtd[39700]: 2018-08-28 02:00:21.467+: 
39707: error : virCgroupGetValueStr:819 : Unable to read from 
'/sys/fs/cgroup/memory/machine/lxc-41320-containername.libvirt-lxc/memory.memsw.usage_in_bytes':
 No such file or directory

I expect a single warning message when each container is started, then nothing.
The swap accounting files aren't magically going to appear without a reboot.

Peter C

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-2-amd64 (SMP w/56 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon depends on:
ii  libacl1 2.2.52-3+b1
ii  libapparmor12.13-8
ii  libaudit1   1:2.8.3-1+b1
ii  libavahi-client30.7-4
ii  libavahi-common30.7-4
ii  libblkid1   2.32.1-0.1
ii  libc6   2.27-5
ii  libcap-ng0  0.7.9-1
ii  libcurl3-gnutls 7.61.0-1
ii  libdbus-1-3 1.12.10-1
ii  libdevmapper1.02.1  2:1.02.145-4.1
ii  libfuse22.9.8-2
ii  libgcc1 1:8.2.0-4
ii  libgnutls30 3.5.19-1
ii  libnetcf1   1:0.2.8-1+b2
ii  libnl-3-200 3.4.0-1
ii  libnl-route-3-200   3.4.0-1
ii  libnuma12.0.11-2.2
ii  libparted2  3.2-21+b1
ii  libpcap0.8  1.8.1-6
ii  libpciaccess0   0.14-1
ii  libsasl2-2  2.1.27~101-g0780600+dfsg-3.1
ii  libselinux1 2.8-1+b1
ii  libssh2-1   1.8.0-2
ii  libudev1239-7
ii  libvirt04.6.0-2
ii  libxen-4.8  4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
ii  libxenstore3.0  4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
ii  libxml2 2.9.4+dfsg1-7+b1
ii  libyajl22.1.0-2+b3

Versions of packages libvirt-daemon recommends:
ii  libxml2-utils   2.9.4+dfsg1-7+b1
ii  netcat-openbsd  1.190-2
ii  qemu-kvm1:2.12+dfsg-3

Versions of packages libvirt-daemon suggests:
pn  libvirt-daemon-driver-storage-gluster   
pn  libvirt-daemon-driver-storage-rbd   
pn  libvirt-daemon-driver-storage-sheepdog  
pn  libvirt-daemon-driver-storage-zfs   
ii  libvirt-daemon-system   4.6.0-2
ii  numad   0.5+20150602-5

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#906773: systemd-login spams logs.

[Peter.Chubb]

> "Michael" == Michael Biebl  writes:



Michael> That seems odd: the systemd --user instance is started via
Michael> PAM for login sessions.  The PAM config for cron should
Michael> contain:


Cron is running on a separate server that uses ssh to poll.  So these
are coming from ssh.

Peter C

Bug#906773: systemd-login spams logs.

[Peter.Chubb]

Package: systemd
Version: 239-7
Severity: minor

Dear Maintainer,
On a busy server, systemd-logind spams the logs with lots and lots of
messages about user sessions.

These are not interactive sessions --- they're started by cron 
from watchdog and backup servers.  But I see:

Aug 21 08:10:01 cellar systemd[1]: Started User Manager for UID 0.
Aug 21 08:10:01 cellar systemd[1]: user-runtime-dir@0.service: Unit not needed a
nymore. Stopping.
Aug 21 08:10:01 cellar systemd[1]: Stopping User Manager for UID 0...
Aug 21 08:10:01 cellar systemd[56661]: Stopped target Default.
Aug 21 08:10:01 cellar systemd[56661]: Stopped target Basic System.
Aug 21 08:10:01 cellar systemd[56661]: Stopped target Timers.
Aug 21 08:10:01 cellar systemd[56661]: Stopped target Sockets.
Aug 21 08:10:01 cellar systemd[56661]: Closed GnuPG cryptographic agent and pass
phrase cache.
Aug 21 08:10:01 cellar systemd[56661]: Closed GnuPG cryptographic agent and pass
phrase cache (access for web browsers).
Aug 21 08:10:01 cellar systemd[56661]: Closed GnuPG cryptographic agent and pass
phrase cache (restricted).
Aug 21 08:10:01 cellar systemd[56661]: Closed GnuPG cryptographic agent (ssh-age
nt emulation).
Aug 21 08:10:01 cellar systemd[56661]: Stopped target Paths.
Aug 21 08:10:01 cellar systemd[56661]: Closed GnuPG network certificate manageme
nt daemon.
Aug 21 08:10:01 cellar systemd[56661]: Closed D-Bus User Message Bus Socket.
Aug 21 08:10:01 cellar systemd[56661]: Reached target Shutdown.
Aug 21 08:10:01 cellar systemd[56661]: Starting Exit the Session...
Aug 21 08:10:01 cellar systemd[1]: user-runtime-dir@0.service: Unit not needed 
anymore. Stopping.
Aug 21 08:10:01 cellar systemd[1]: Stopped User Manager for UID 0.
Aug 21 08:10:01 cellar systemd[1]: user-runtime-dir@0.service: Unit not needed 
anymore. Stopping.
Aug 21 08:10:01 cellar systemd[1]: Stopping /run/user/0 mount wrapper...
Aug 21 08:10:01 cellar systemd[1]: Removed slice User Slice of UID 0.
Aug 21 08:10:01 cellar systemd[1]: Stopped /run/user/0 mount wrapper.

or similar every few seconds in the logs.  The default behaviour should be 
to be silent unless there's something wrong.  Plus, it seems to be doing a lot
of work that's unnecessary for a non-interactive ssh-initiated session.

Peter C


-- Package-specific info:

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-2-amd64 (SMP w/56 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  adduser  3.117
ii  libacl1  2.2.52-3+b1
ii  libapparmor1 2.13-8
ii  libaudit11:2.8.3-1+b1
ii  libblkid12.32.1-0.1
ii  libc62.27-5
ii  libcap2  1:2.25-1.2
ii  libcryptsetup12  2:2.0.4-2
ii  libgcrypt20  1.8.3-1
ii  libgnutls30  3.5.19-1
ii  libgpg-error01.32-1
ii  libidn11 1.33-2.2
ii  libip4tc01.6.2-1.1
ii  libkmod2 25-1
ii  liblz4-1 1.8.2-1
ii  liblzma5 5.2.2-1.3
ii  libmount12.32.1-0.1
ii  libpam0g 1.1.8-3.8
ii  libseccomp2  2.3.3-3
ii  libselinux1  2.8-1+b1
ii  libsystemd0  239-7
ii  mount2.32.1-0.1
ii  procps   2:3.3.15-2
ii  util-linux   2.32.1-0.1

Versions of packages systemd recommends:
ii  dbus1.12.10-1
ii  libpam-systemd  239-7

Versions of packages systemd suggests:
ii  policykit-10.105-21
pn  systemd-container  

Versions of packages systemd is related to:
pn  dracut   
ii  initramfs-tools  0.132
ii  udev 239-7

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#905241: Please allow options to mkfs in partman,

[Peter.Chubb]

Package: debian-installer
Version: Buster Alpha 3
Severity: wishlist
Tags: d-i

I would like to be able to specify -m reflink=1 when creating XFS
partitions at installation time.  There is not currently a way to pass
options through partman recipes to mkfs.

Please consider extending the partman recipe format to allow options
to be passed.  As it'd only be used in shooting-yourself-in-the-foot-is-OK
preseed situations it wouldn't need much validation.

Peter C
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#900538: virt-manager: Please allow ability to set vlan tag in GUI for SR-IOV pools.

[Peter.Chubb]

Package: virt-manager
Version: 1:1.4.3-1
Severity: wishlist

Dear Maintainer,

I want to use an SR-IOV-capable NIC to provide different interfaces to a 
VM using KVM.  I have set up a network:

  eno1-pool
  


  


and have allocated a NIC from the pool for virt-manager.

I can use virsh edit to add a vlan tag:

  
  

  

but:
   -- there's no way to view or change the vlan tag in virt-manager
   -- virt-manager adds a bogus `model' tag --- the actual model of NIC
  is passed through from the virtual function.

Please:
   1. Add ability to change the VLAN tag for this kind of interface.
   2. Grey out or otherwise disable the `device model' UI element,
  and don't add the  tag to the XML description (it's confusing)


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/56 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages virt-manager depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.28.0-2
ii  gir1.2-gtk-3.0   3.22.29-3
ii  gir1.2-gtk-vnc-2.0   0.7.2-1
ii  gir1.2-libosinfo-1.0 1.1.0-1
ii  gir1.2-libvirt-glib-1.0  1.0.0-1
ii  gir1.2-vte-2.91  0.52.0-1
ii  librsvg2-common  2.40.20-2
ii  python   2.7.15~rc1-1
ii  python-dbus  1.2.8-2
ii  python-gi3.28.2-1
ii  python-gi-cairo  3.28.2-1
ii  python-libvirt   4.0.0-1
ii  python-requests  2.18.4-2
ii  python2.72.7.15-1
ii  virtinst 1:1.4.3-1

Versions of packages virt-manager recommends:
ii  gir1.2-spiceclientglib-2.0  0.34-1.1
ii  gir1.2-spiceclientgtk-3.0   0.34-1.1
ii  libvirt-daemon-system   4.3.0-1

Versions of packages virt-manager suggests:
pn  gir1.2-secret-1  
pn  gnome-keyring
pn  python-guestfs   
pn  ssh-askpass  
ii  virt-viewer  6.0-2

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group Data61, CSIRO (formerly NICTA)

Bug#897394: libvirt: Reboooting an application container reboots the host

[Peter.Chubb]

Package: libvirt-daemon
Version: 1:1.4.3-1
Severity: important

Dear Maintainer,

I created a simple application container on lxc:// using all the defaults, using
virt-manager, with /bin/sh as the application.  When the application is
run I see a console with  a root shell.  All good so far.

I then want to shut down the container, so I select shutdown from the
virt-manager menu.  But the host shuts down, not the application container.

The same thing happens using virsh directly.

   virsh -c lxc:/// shutdown container1
shuts down the host as well as the container.

Likewise
   virsh -c lxc:/// reboot container1
reboots the host.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-3-amd64 (SMP w/56 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages virt-manager depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.28.0-2
ii  gir1.2-gtk-3.0   3.22.30-1
ii  gir1.2-gtk-vnc-2.0   0.7.2-1
ii  gir1.2-libosinfo-1.0 1.1.0-1
ii  gir1.2-libvirt-glib-1.0  1.0.0-1
ii  gir1.2-vte-2.91  0.52.1-1
ii  librsvg2-common  2.40.20-2
ii  python   2.7.15~rc1-1
ii  python-dbus  1.2.6-1
ii  python-gi3.28.2-1
ii  python-gi-cairo  3.28.2-1
ii  python-libvirt   4.0.0-1
ii  python-requests  2.18.4-2
ii  python2.72.7.15-1
ii  virtinst 1:1.4.3-1

Versions of packages virt-manager recommends:
ii  gir1.2-spiceclientglib-2.0  0.34-1.1
ii  gir1.2-spiceclientgtk-3.0   0.34-1.1
ii  libvirt-daemon-system   4.2.0-2

Versions of packages virt-manager suggests:
pn  gir1.2-secret-1  
pn  gnome-keyring
pn  python-guestfs   
pn  ssh-askpass  
ii  virt-viewer  6.0-2

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#894067: Patch to fix problem

[Peter.Chubb]

Turns out there are two issues:
 1. A snapshot isn't activated automatically --- one needs to supply
the -K flag to lvcreate to have the snapshot usable immediately.
 2. The kernel really doesn't like not having unique UUIDs when
mounting filesystems, so the snapshot needs to have its UUID
 reset.

This patch fixes both these issues, at least for ext[234] and XFS.
---
 src/lxc/storage/lvm.c |   24 ++--
 1 file changed, 22 insertions(+), 2 deletions(-)

Index: lxc-2.0.9/src/lxc/storage/lvm.c
===
--- lxc-2.0.9.orig/src/lxc/storage/lvm.c
+++ lxc-2.0.9/src/lxc/storage/lvm.c
@@ -267,9 +267,9 @@ int lvm_snapshot(const char *orig, const
 
(void)setenv("LVM_SUPPRESS_FD_WARNINGS", "1", 1);
if (!ret) {
-   ret = execlp("lvcreate", "lvcreate", "-s", "-L", sz, "-n", lv, 
orig, (char *)NULL);
+   ret = execlp("lvcreate", "lvcreate", "-K", "-s", "-L", sz, 
"-n", lv, orig, (char *)NULL);
} else {
-   ret = execlp("lvcreate", "lvcreate", "-s", "-n", lv, orig, 
(char *)NULL);
+   ret = execlp("lvcreate", "lvcreate", "-K", "-s", "-n", lv, 
orig, (char *)NULL);
}
 
free(pathdup);
@@ -347,6 +347,26 @@ int lvm_clonepaths(struct lxc_storage *o
ERROR("could not create %s snapshot of %s", new->src, 
orig->src);
return -1;
}
+   if (!strcmp(fstype, "xfs") || !strncmp(fstype, "ext", 3)) {
+   int kidpid = fork();
+   switch (kidpid) {
+   case 0:
+   if (fstype[0] == 'x')
+   execlp("xfs_admin", "xfs_admin", "-U", 
"generate", new->src, (char *)NULL);
+   else
+   execlp("tune2fs", "tune2fs", "-U", 
"random", new->src, (char *)NULL);
+   SYSERROR("execlp");
+   exit(EXIT_FAILURE);
+   ;;
+   case -1:
+   SYSERROR("fork");
+   return -1;
+   ;;
+   default:
+   wait_for_pid(kidpid);
+   ;;
+   }
+   }
} else {
if (do_lvm_create(new->src, size, 
lxc_global_config_value("lxc.bdev.lvm.thin_pool")) < 0) {
ERROR("Error creating new lvm blockdev");



-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#894067: lxc: snapshotclone fails to work (LVM backend)

[Peter.Chubb]

Package: lxc
Version: 1:2.0.9-6
Severity: normal

Dear Maintainer,

I created an instance of stretch Debian on ext4 on a
thinly-provisioned LVM backend.  I attempt to clone it using a
snapshot.  Thus:

   $ sudo vgcreate lxc --dataalignment 512k -s 1M /dev/md0
(sizes chosen to match chunksize and stripewidth of underlying device)

   $ sudo lvcreate -l 50%VG --type=thin-pool -n lxc-pool lxc
   $ sudo lxc-create -n 'stretch-thin' --fssize=8G --fstype ext4 -B lvm 
--thinpool lxc-pool -t debian --  --mirror=http://mirror.aarnet.edu.au/debian/ 
-r stretch

Then:
   $ sudo lxc-copy -l DEBUG -s -n stretch-thin -N stretch-copy
   Using default stripesize 64.00 KiB.
   Logical volume "stretch-copy" created.
   lxc-copy: lxccontainer.c: container_destroy: 2576 Error destroying rootfs 
for stretch-copy
   clone failed

At this point, the container is half-created.
$ sudo ls -l /var/lib/lxc/stretch-copy/
total 4
-rw-r--r-- 1 root root 732 Mar 26 14:35 config
drwxr-xr-x 2 root root   6 Mar 26 14:35 rootfs

$ sudo lvs
  LV   VG  Attr   LSize   Pool Origin   Data%  Meta%  Move 
Log Cpy%Sync Convert
  lxc-pool lxc twi-aotz-- 931.38g   0.04   0.44 
  stretch-copy lxc Vwi---tz-k   8.00g lxc-pool stretch-thin
  stretch-thin lxc Vwi-a-tz--   8.00g lxc-pool  4.13

BUT:

$ sudo ls -l /dev/lxc
total 0
lrwxrwxrwx 1 root root 7 Mar 26 14:35 stretch-thin -> ../dm-4

and:

$ sudo lxc-start -n stretch-copy
lxc-start: lxccontainer.c: wait_on_daemonized_start: 754 Received container 
state "ABORTING" instead of "RUNNING"
lxc-start: tools/lxc_start.c: main: 368 The container failed to start.

-- System Information:
Debian Release: 9.4
  APT prefers stable
  APT policy: (500, 'stable'), (500, 'oldstable'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxc depends on:
ii  libapparmor1  2.11.0-3+deb9u2
ii  libc6 2.27-2
ii  libcap2   1:2.25-1
ii  libgnutls30   3.5.8-5+deb9u3
ii  liblxc1   1:2.0.9-6
ii  libseccomp2   2.3.1-2.1
ii  libselinux1   2.6-3+b3
ii  lsb-base  9.20161125
ii  python3   3.6.4-1
ii  python3-lxc   1:2.0.9-6

Versions of packages lxc recommends:
ii  bridge-utils  1.5-13+deb9u1
ii  debootstrap   1.0.89
ii  dirmngr   2.1.18-8~deb9u1
ii  dnsmasq-base  2.76-5+deb9u1
ii  gnupg 2.1.18-8~deb9u1
ii  iptables  1.6.0+snapshot20161117-6
ii  libpam-cgfs   2.0.7-1
ii  lxcfs 2.0.7-1
ii  openssl   1.1.0f-3+deb9u1
ii  rsync 3.1.2-1+deb9u1
ii  uidmap1:4.4-4.1

Versions of packages lxc suggests:
pn  apparmor 
pn  btrfs-progs  
ii  lvm2 2.02.168-2

-- no debconf information

Bug#891674: Patch to fix the problem

[Peter.Chubb]

> "Michel" == Michel Dänzer  writes:

Michel> On 2018-02-28 02:41 AM, peter.ch...@data61.csiro.au wrote:

Michel> Doing it like this breaks ABI. This is fixed in libpciaccess
Michel> 0.14 by
Michel> 
https://cgit.freedesktop.org/xorg/lib/libpciaccess/commit/?id=a167bd6474522a709ff3cbb00476c0e4309cb66f
Michel> , though Xorg needs to be rebuilt against that for it to take
Michel> effect.

Any idea when this'll hit Debian's archives?  Because this bug will
prevent X11 working on any machine that has VMD storage.

Peter C
--
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#891674: Patch to fix the problem

[Peter.Chubb]

The linux kernel treats PCI domains as 32 bit ints.

diff -ru libpciaccess-0.13.4/include/pciaccess.h 
libpciaccess-0.13.4-fixed/include/pciaccess.h
--- libpciaccess-0.13.4/include/pciaccess.h 2015-05-01 14:44:47.0 
+1000
+++ libpciaccess-0.13.4-fixed/include/pciaccess.h   2018-02-28 
12:21:12.280963252 +1100
@@ -321,7 +321,7 @@
  * the domain will always be zero.
  */
 /*@{*/
-uint16_tdomain;
+uint32_tdomain;
 uint8_t bus;
 uint8_t dev;
 uint8_t func;
diff -ru libpciaccess-0.13.4/src/linux_sysfs.c 
libpciaccess-0.13.4-fixed/src/linux_sysfs.c
--- libpciaccess-0.13.4/src/linux_sysfs.c   2015-05-01 14:44:47.0 
+1000
+++ libpciaccess-0.13.4-fixed/src/linux_sysfs.c 2018-02-28 12:21:32.676941130 
+1100
@@ -157,7 +157,7 @@
(struct pci_device_private *) >devices[i];
 
 
-   sscanf(devices[i]->d_name, "%04x:%02x:%02x.%1u",
+   sscanf(devices[i]->d_name, "%x:%02x:%02x.%1u",
   & dom, & bus, & dev, & func);
 
device->base.domain = dom;

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#891674: More info

[Peter.Chubb]

I built Xorg from source so I could get debugging symbols.

The crash is in  xf86VGAarbiterInit(), when it calls
pci_device_vgaarb_init().  This function can read /dev/vga_arbiter
which ordinary users cannot.

# head -1 < /dev/vga_arbiter 
count:1,PCI::65:00.0,decodes=io+mem,owns=none,locks=none(0:0)

pci_sys->devices is null.

The problem appears to be a bad scan format in
line 160 of linux_sysfs.c
   sscanf(devices[i]->d_name, "%04x:%02x:%02x.%1u",

ls /sys/bus/pci/devices shows devices with a BUS > 0x taking 5
digits.


ls /sys/bus/pci/devices
:00:00.0  :00:1f.2  :16:0e.4  :64:09.0  :64:0d.1
:00:04.0  :00:1f.3  :16:0e.5  :64:0a.0  :64:0d.2
:00:04.1  :00:1f.4  :16:0e.6  :64:0a.1  :64:0d.3
:00:04.2  :00:1f.6  :16:0e.7  :64:0a.2  :65:00.0
:00:04.3  :02:00.0  :16:0f.0  :64:0a.3  :65:00.1
:00:04.4  :16:05.0  :16:0f.1  :64:0a.4  :b2:05.0
:00:04.5  :16:05.2  :16:1d.0  :64:0a.5  :b2:05.2
:00:04.6  :16:05.4  :16:1d.1  :64:0a.6  :b2:05.4
:00:04.7  :16:08.0  :16:1d.2  :64:0a.7  :b2:05.5
:00:05.0  :16:08.1  :16:1d.3  :64:0b.0  :b2:12.0
:00:05.2  :16:08.2  :16:1e.0  :64:0b.1  :b2:12.1
:00:05.4  :16:08.3  :16:1e.1  :64:0b.2  :b2:12.2
:00:08.0  :16:08.4  :16:1e.2  :64:0b.3  :b2:15.0
:00:08.1  :16:08.5  :16:1e.3  :64:0c.0  :b2:16.0
:00:08.2  :16:08.6  :16:1e.4  :64:0c.1  :b2:16.4
:00:14.0  :16:08.7  :16:1e.5  :64:0c.2  :b2:17.0
:00:14.2  :16:09.0  :16:1e.6  :64:0c.3  1:00:02.0
:00:16.0  :16:09.1  :64:00.0  :64:0c.4  1:00:03.0
:00:17.0  :16:0e.0  :64:05.0  :64:0c.5  1:01:00.0
:00:1c.0  :16:0e.1  :64:05.2  :64:0c.6
:00:1c.6  :16:0e.2  :64:05.4  :64:0c.7
:00:1f.0  :16:0e.3  :64:08.0  :64:0d.0



-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#891674: xserver-xorg-core: crashes if started as root

[Peter.Chubb]

Package: xserver-xorg-core
Version: 2:1.19.6-1
Severity: important

Dear Maintainer,

I can start Xorg using startx as an ordinary user (it uses 
the modesetting driver).
But when the display manager starts it (as root) it crashes.

The only `interesting' thing about this machine I'm aware of (apart
from it being a very recent Skylake architecture machine) is that all
the storage is under a VMD domain.  I've appended the output of lspci,
as the crash occurs when scanning the PCI bus as root.

GDB shows
(gdb) bt
#0  0x77019cc8 in pci_device_next ()
   from /usr/lib/x86_64-linux-gnu/libpciaccess.so.0
#1  0x77019d4b in pci_device_find_by_slot ()
   from /usr/lib/x86_64-linux-gnu/libpciaccess.so.0
#2  0x7701b9ca in pci_device_vgaarb_init ()
   from /usr/lib/x86_64-linux-gnu/libpciaccess.so.0
#3  0x55604d99 in ?? ()
#4  0x555de8e2 in xf86BusConfig ()
#5  0x555ecb68 in InitOutput ()
#6  0x555aab83 in ?? ()
#7  0x75362f2a in __libc_start_main (main=0x55594a00, argc=2, 
argv=0x7fffec38, init=, fini=, 
rtld_fini=, stack_end=0x7fffec28)
at ../csu/libc-start.c:310
#8  0x55594a3a in _start ()




-- Package-specific info:
/etc/X11/X does not exist.
/etc/X11/X is not a symlink.
/etc/X11/X is not executable.

VGA-compatible devices on PCI bus:
--
:65:00.0 VGA compatible controller [0300]: NVIDIA Corporation GF119 [NVS 
315] [10de:107c] (rev a1)

/etc/X11/xorg.conf does not exist.

Contents of /etc/X11/xorg.conf.d:
-
total 0

/etc/modprobe.d contains no KMS configuration files.

Kernel version (/proc/version):
---
Linux version 4.15.0-1-amd64 (debian-ker...@lists.debian.org) (gcc version 
7.3.0 (Debian 7.3.0-3)) #1 SMP Debian 4.15.4-1 (2018-02-18)

Xorg X server log files on system:
--
-rw-r--r-- 1 peterc peterc 56283 Feb 28 07:58 
/home/peterc/.local/share/xorg/Xorg.0.log
-rw-r--r-- 1 root   root5054 Feb 28 08:05 /var/log/Xorg.0.log

Contents of most recent Xorg X server log file (/var/log/Xorg.0.log):
-
[ 60011.801] 
X.Org X Server 1.19.6
Release Date: 2017-12-20
[ 60011.801] X Protocol Version 11, Revision 0
[ 60011.801] Build Operating System: Linux 4.9.0-5-amd64 x86_64 Debian
[ 60011.801] Current Operating System: Linux wolf-un 4.15.0-1-amd64 #1 SMP 
Debian 4.15.4-1 (2018-02-18) x86_64
[ 60011.801] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.15.0-1-amd64 
root=UUID=2cc1510e-8bb0-4e82-b22b-6bb508493d1f ro quiet
[ 60011.801] Build Date: 26 January 2018  04:30:21PM
[ 60011.801] xorg-server 2:1.19.6-1 (https://www.debian.org/support) 
[ 60011.801] Current version of pixman: 0.34.0
[ 60011.801]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[ 60011.801] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[ 60011.801] (==) Log file: "/var/log/Xorg.0.log", Time: Wed Feb 28 08:05:36 
2018
[ 60011.801] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
[ 60011.801] (==) No Layout section.  Using the first Screen section.
[ 60011.801] (==) No screen section available. Using defaults.
[ 60011.801] (**) |-->Screen "Default Screen Section" (0)
[ 60011.801] (**) |   |-->Monitor ""
[ 60011.802] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[ 60011.802] (==) Automatically adding devices
[ 60011.802] (==) Automatically enabling devices
[ 60011.802] (==) Automatically adding GPU devices
[ 60011.802] (==) Max clients allowed: 256, resource mask: 0x1f
[ 60011.802] (WW) The directory "/usr/share/fonts/X11/cyrillic" does not exist.
[ 60011.802]Entry deleted from font path.
[ 60011.802] (==) FontPath set to:
/usr/share/fonts/X11/misc,
/usr/share/fonts/X11/100dpi/:unscaled,
/usr/share/fonts/X11/75dpi/:unscaled,
/usr/share/fonts/X11/Type1,
/usr/share/fonts/X11/100dpi,
/usr/share/fonts/X11/75dpi,
built-ins
[ 60011.802] (==) ModulePath set to "/usr/lib/xorg/modules"
[ 60011.802] (II) The server relies on udev to provide the list of input 
devices.
If no devices become available, reconfigure udev or disable 
AutoAddDevices.
[ 60011.802] (II) Loader magic: 0x55996de0
[ 60011.802] (II) Module ABI versions:
[ 60011.802]X.Org ANSI C Emulation: 0.4
[ 60011.802]X.Org Video Driver: 23.0
[ 60011.802]X.Org XInput driver : 24.1
[ 60011.802]X.Org Server Extension : 10.0
[ 60011.802] (--) using VT number 2

[ 60011.802] (II) systemd-logind: logind integration requires -keeptty and 
-keeptty was not provided, disabling logind integration
[ 60011.803] (II) xfree86: Adding drm device 

Bug#891482: Looks like it wants the VMD module...

[Peter.Chubb]

If I manually add vmd.ko /dev/nvme* appear.

Peter C
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#891482: No nVME disk?

[Peter.Chubb]

Package: installation-reports

Boot method: Netinst USB stick
Image version: 
https://cdimage.debian.org/cdimage/buster_di_alpha2/amd64/iso-cd/debian-buster-DI-alpha2-amd64-netinst.iso
Date: Mon 26 Feb 09:29:16 AEDT 2018


Machine: Dell Precision 5820
Processor: Xeon W-2133
Memory: 64G
Partitions: None visible

Output of lspci -knn (or lspci -nn):
00:00.0 Host bridge [0600]: Intel Corporation Device [8086:2020] (rev 04)
Subsystem: Dell Device [1028:0738]
00:04.0 System peripheral [0880]: Intel Corporation Sky Lake-E CBDMA Registers 
[8086:2021] (rev 04)
Subsystem: Dell Device [1028:0738]
00:04.1 System peripheral [0880]: Intel Corporation Sky Lake-E CBDMA Registers 
[8086:2021] (rev 04)
Subsystem: Dell Device [1028:0738]
00:04.2 System peripheral [0880]: Intel Corporation Sky Lake-E CBDMA Registers 
[8086:2021] (rev 04)
Subsystem: Dell Device [1028:0738]
00:04.3 System peripheral [0880]: Intel Corporation Sky Lake-E CBDMA Registers 
[8086:2021] (rev 04)
Subsystem: Dell Device [1028:0738]
00:04.4 System peripheral [0880]: Intel Corporation Sky Lake-E CBDMA Registers 
[8086:2021] (rev 04)
Subsystem: Dell Device [1028:0738]
00:04.5 System peripheral [0880]: Intel Corporation Sky Lake-E CBDMA Registers 
[8086:2021] (rev 04)
Subsystem: Dell Device [1028:0738]
00:04.6 System peripheral [0880]: Intel Corporation Sky Lake-E CBDMA Registers 
[8086:2021] (rev 04)
Subsystem: Dell Device [1028:0738]
00:04.7 System peripheral [0880]: Intel Corporation Sky Lake-E CBDMA Registers 
[8086:2021] (rev 04)
Subsystem: Dell Device [1028:0738]
00:05.0 System peripheral [0880]: Intel Corporation Sky Lake-E MM/Vt-d 
Configuration Registers [8086:2024] (rev 04)
Subsystem: Dell Device [1028:0738]
00:05.2 System peripheral [0880]: Intel Corporation Device [8086:2025] (rev 04)
00:05.4 PIC [0800]: Intel Corporation Device [8086:2026] (rev 04)
Subsystem: Dell Device [1028:0738]
00:08.0 System peripheral [0880]: Intel Corporation Sky Lake-E Ubox Registers 
[8086:2014] (rev 04)
Subsystem: Dell Device [1028:0738]
00:08.1 Performance counters [1101]: Intel Corporation Sky Lake-E Ubox 
Registers [8086:2015] (rev 04)
Subsystem: Dell Device [1028:0738]
00:08.2 System peripheral [0880]: Intel Corporation Sky Lake-E Ubox Registers 
[8086:2016] (rev 04)
Subsystem: Dell Device [1028:0738]
00:14.0 USB controller [0c03]: Intel Corporation Device [8086:a2af]
Subsystem: Dell Device [1028:0738]
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci
00:14.2 Signal processing controller [1180]: Intel Corporation Device 
[8086:a2b1]
Subsystem: Dell Device [1028:0738]
00:16.0 Communication controller [0780]: Intel Corporation Device [8086:a2ba]
Subsystem: Dell Device [1028:0738]
00:1c.0 PCI bridge [0604]: Intel Corporation Device [8086:a290] (rev f0)
Kernel driver in use: pcieport
00:1c.6 PCI bridge [0604]: Intel Corporation Device [8086:a296] (rev f0)
Kernel driver in use: pcieport
00:1f.0 ISA bridge [0601]: Intel Corporation Device [8086:a2d3]
Subsystem: Dell Device [1028:0738]
00:1f.2 Memory controller [0580]: Intel Corporation Device [8086:a2a1]
Subsystem: Dell Device [1028:0738]
00:1f.3 Audio device [0403]: Intel Corporation Device [8086:a2f0]
Subsystem: Dell Device [1028:0738]
Kernel driver in use: snd_hda_intel
Kernel modules: snd_hda_intel
00:1f.4 SMBus [0c05]: Intel Corporation Device [8086:a2a3]
Subsystem: Dell Device [1028:0738]
00:1f.6 Ethernet controller [0200]: Intel Corporation Ethernet Connection (5) 
I219-LM [8086:15e3]
Subsystem: Dell Device [1028:0738]
Kernel driver in use: e1000e
Kernel modules: e1000e
02:00.0 PCI bridge [0604]: Texas Instruments XIO2001 PCI Express-to-PCI Bridge 
[104c:8240]
16:05.0 System peripheral [0880]: Intel Corporation Device [8086:2034] (rev 04)
Subsystem: Dell Device [1028:0738]
16:05.2 System peripheral [0880]: Intel Corporation Sky Lake-E RAS 
Configuration Registers [8086:2035] (rev 04)
16:05.4 PIC [0800]: Intel Corporation Device [8086:2036] (rev 04)
Subsystem: Dell Device [1028:0738]
16:08.0 System peripheral [0880]: Intel Corporation Sky Lake-E CHA Registers 
[8086:208d] (rev 04)
Subsystem: Dell Device [1028:0738]
16:08.1 System peripheral [0880]: Intel Corporation Sky Lake-E CHA Registers 
[8086:208d] (rev 04)
Subsystem: Dell Device [1028:0738]
16:08.2 System peripheral [0880]: Intel Corporation Sky Lake-E CHA Registers 
[8086:208d] (rev 04)
Subsystem: Dell Device [1028:0738]
16:08.3 System peripheral [0880]: Intel Corporation Sky Lake-E CHA Registers 
[8086:208d] (rev 04)
Subsystem: Dell Device [1028:0738]
16:08.4 System peripheral [0880]: Intel Corporation Sky Lake-E CHA Registers 
[8086:208d] (rev 04)
Subsystem: Dell Device [1028:0738]
16:08.5 System peripheral [0880]: Intel Corporation Sky Lake-E CHA 

Bug#886892: More info...

[Peter.Chubb]

Control: close 886892

I just updated to cups 2.2.6-5

As part of that the PPD files were updated.

The problem appears to be fixed.

I'll reopen if it comes back.
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#886892: evince: Prints n^2 copies if multiple copies selected

[Peter.Chubb]

> "Jason" == Jason Crain  writes:

Jason> On Sun, Feb 18, 2018 at 10:10:01PM +,
Jason> peter.ch...@data61.csiro.au wrote:
>> It happens with the two printers I can test it with: a Kyocera MFP,
>> and a Konica bizhub C451.  The latter is interesting: if I try to
>> print two copies of a multi-page document and select saddle stitch
>> as the finishing option, I get two booklets, each with two copies
>> of the document.

Jason> I don't have a finishing or saddle stitch option for my printer
Jason> which may be part of why I can't reproduce it.


Looks like this is a cups bug.  I'll reassign it.

The data sent to cups from evince appears to be correct.  But
cupsfilter duplicates the PDF pages, AND tells the printer to make n
copies.

Peter C
--
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#886892: evince: Prints n^2 copies if multiple copies selected

[Peter.Chubb]

> "Jason" == Jason Crain  writes:

Jason> Control: tags -1 + moreinfo On Thu, Jan 11, 2018 at 11:56:06AM
Jason> +1100, Peter Chubb wrote:
>> On some PDF or PS documents, attempting to print more than 10
>> copies results in n*n copies being printed instead.  The printer is
>> a Kyocera network-connected printer; cups says it's driverless.
>> 
>> I suspect that Evince is rewriting the printable file to say print
>> n times, and also asking CUPS to print n times.

Jason> I'm not able to reproduce this.  Is this only a problem with
Jason> specific documents?  Or certain printer options?


It happens with the two printers I can test it with: a Kyocera MFP,
and a Konica bizhub C451.  The latter is interesting: if I try to print two
copies of a multi-page document and select saddle stitch as the
finishing option, I get two booklets, each with two copies of the
document.

Is there any way to capture what is sent to CUPS?
Peter C

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#888711: fail2ban fails to start sshd-ddos filter.

[Peter.Chubb]

> "SZÉPE" == SZÉPE Viktor  writes:

SZÉPE> Idézem/Quoting Peter Chubb :
>> Package: fail2ban Version: 0.10.2-1 Severity: normal
>> 
>> Dear Maintainer,
>> 
>> After upgrading fail2ban, it no longer starts.  The error message
>> is:
>> 
>> fail2ban Failed during configuration: Bad value substitution:
>> option 'mode' in section 'Definition' contains an interpolation key
>> 'ddos' which is not a valid option name. Raw value: '%(ddos)s'
>> 
>> The problem is in /etc/fail2ban/filter.d/sshd-ddos.conf

SZÉPE> It seems to be that the sshd-ddos filter has been merged into
SZÉPE> sshd.  Please see sshd.conf for details and remove
SZÉPE> sshd-ddos.conf and set

SZÉPE> [sshd] mode = ddos.

SZÉPE> I hope this helps you.

Doing that gets me going -- thanks.

However, it seems to me that the Debian config files
are set up to allow multiple jail names, and it should be possible to
do

[sshd-ddos]
enabled = true


in jail.local and it should work (like it used to).

The same goes for sshd-aggressive.

Maybe sshd-ddos.conf should be rewritten as:

...
[Definition]
filter=sshd[mode=ddos]
...

Alternatively, remove sshd-ddos.conf and sshd-aggressive.conf from the
package

Peter C

--
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#886892: More info

[Peter.Chubb]

I tried with another (networked, PS and PDF) printer, a Konica Bizhub 454.

If I print a PDF document with
   lp -n 10 foo.pdf

I get 10 copies;  if I load foo.pdf into evince and print, I get 100
copies printed, neatly stapled into lots of 10.

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#878836: ifupdown: ifquery only reports the first stanza for each interface

[Peter.Chubb]

Package: ifupdown
Version: 0.8.25
Severity: normal

Dear Maintainer,

With the attached /etc/network/interfaces file, ifquery reports 
only ipv6 configuration for each interface.  I expect it to show both 
ipv4 and ipv6 info --- the same interface has two address classes.

-- Package-specific info:
--- /etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0

auto eth0
iface eth0 inet6 static
address 2402:1800:4000:1::1:84
netmask 64
accept_ra 0
post-up ip -6 route add 2402:1800:4000:3::/64 via 2402:1800:4000:1::1 
dev ${IFACE}

iface eth0 inet static
address 10.13.1.84
netmask 255.255.252.0
post-up ip route add 221.199.209.0/25 via 10.13.0.1 dev ${IFACE}

auto eth1
iface eth1 inet6 static
address 2405:b000:a00:200::98:12
netmask 64
accept_ra 0
gw 2405:b000:a00:200::98:1
post-up ip -6 route add 2405:b000:a00:200::/64 dev eth1 table external
post-up ip -6 rule add from 2405:b000:a00:200::98:12 table external
post-up ip -6 route add 2402:1800:4000:3::/64 via 
2405:b000:a00:200::98:1 dev $IFACE table external
post-up ip -6 route add default via 2405:b000:a00:200::98:1 dev $IFACE 
table external

iface eth1 inet static
address 150.229.98.12
netmask 255.255.255.0
gw 150.229.98.1


--- up and down scripts installed:
/etc/network/if-down.d:
total 4
-rwxr-xr-x 1 root root 332 Mar 14  2013 upstart

/etc/network/if-post-down.d:
total 0

/etc/network/if-pre-up.d:
total 0

/etc/network/if-up.d:
total 20
-rwxr-xr-x 1 root root 4958 Feb 13  2017 mountnfs
-rwxr-xr-x 1 root root  900 May  8 07:04 ntpdate
-rwxr-xr-x 1 root root  972 Jun 18 10:08 openssh-server
-rwxr-xr-x 1 root root 1483 Mar 14  2013 upstart


-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-3-686 (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages ifupdown depends on:
ii  adduser  3.115
ii  init-system-helpers  1.48
ii  iproute2 4.9.0-1
ii  libc62.24-11+deb9u1
ii  lsb-base 9.20161125

Versions of packages ifupdown recommends:
ii  isc-dhcp-client [dhcp-client]  4.3.5-3

Versions of packages ifupdown suggests:
pn  ppp 
pn  rdnssd  

-- no debconf information

-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#873051: exim4: Exim dumps binary into logfile for DKIM i= field.

[Peter.Chubb]

> "Andreas" == Andreas Metzler  writes:


Andreas> Ping?

The problem has not recurred in the last few weeks  it's possible
an auto-upgrade meant that I was seeing the logs from an older version,
as you suggested, but created the bugreport after the upgrade.

Peter C
--
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#873051: exim4: Exim dumps binary into logfile for DKIM i= field.

[Peter.Chubb]

> "Andreas" == Andreas Metzler  writes:

Andreas> On 2017-08-24 Peter Chubb  wrote:
>> Package: exim4 Version: 4.89-5 Severity: normal

Andreas> [...]
>> -- System Information: Debian Release: buster/sid
>> APT prefers oldstable
>> APT policy: (990, 'oldstable'), (300, 'unstable')
>> Architecture: amd64 (x86_64)
Andreas> [...]

Andreas> This is probably not causing the issue but your sources.list
Andreas> seems to be very strange - running oldstable and pulling
Andreas> selectively from sid.

I don't know where that comes from. /etc/apt/apt.conf has:

APT::Default-Release "stretch";

and /etc/apt/preferences has:

Package: *
Pin: release a=unstable
Pin-Priority: 300


The aim was for most packages to come from stretch and for a few to
come from sid.


Peter C
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#873064: dovecot-imapd: Can't connect from older MacOSX and iOS devices to imap 993

[Peter.Chubb]

Thankyou!  Downgrading libssl1.1 to 1.1.0f-3 fixewd the problem.

Peter C
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#842443: abiword under XFCE4 displays all documents as black on black

[Peter.Chubb]

> "Jeremy" == Jeremy Bicha  writes:

Jeremy> On Sat, Oct 29, 2016 at 5:48 AM, Peter Chubb
Jeremy>  wrote:
>> Every time I open a word document in ABIWord it displays as black
>> on black, and so is unreadable.  Clicking anywhere on the page
>> briefly shows the text, but only for a fraction of a second.

Jeremy> What GTK+ theme are you using?

`Industrial' is the name of the theme.  But changing it to the
default `adwaita' maks no difference.

I *do* see warnings on the console that could be relevant:
Gtk-CRITICAL **: gtk_render_background: assertion 'GTK_IS_STYLE_CONTEXT 
(context)' failed
Gtk-CRITICAL **: gtk_render_frame: assertion 'GTK_IS_STYLE_CONTEXT (context)' 
failed
--
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#840374: Info received (Backtrace and patch)

[Peter.Chubb]

tags 840374 + patch
-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)

Bug#840374: Backtrace and patch

[Peter.Chubb]

gdb) bt
#0  elf32_arm_count_additional_relocs (sec=0x6aa410)
at ../../bfd/elf32-arm.c:18175
#1  0x77b71b8a in bfd_elf_final_link (abfd=abfd@entry=0x68a9e0, 
info=info@entry=0x685260 ) at ../../bfd/elflink.c:11224
#2  0x77b48f2b in elf32_arm_final_link (abfd=0x68a9e0, 
info=0x685260 ) at ../../bfd/elf32-arm.c:12096
#3  0x0041adf7 in ldwrite () at ../../ld/ldwrite.c:577
#4  0x00405a97 in main (argc=, argv=)
at ../../ld/ldmain.c:431


And here's the patch to fix it:

---
 bfd/elf32-arm.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: binutils-2.27/bfd/elf32-arm.c
===
--- binutils-2.27.orig/bfd/elf32-arm.c  2016-10-14 11:12:25.223492731 +1100
+++ binutils-2.27/bfd/elf32-arm.c   2016-10-14 11:19:42.470752509 +1100
@@ -18172,7 +18172,7 @@ elf32_arm_count_additional_relocs (asect
 {
   struct _arm_elf_section_data *arm_data;
   arm_data = get_arm_elf_section_data (sec);
-  return arm_data->additional_reloc_count;
+  return arm_data ? arm_data->additional_reloc_count : 0;
 }
 
 /* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which



-- 
Dr Peter Chubb Tel: +61 2 9490 5852  http://ts.data61.csiro.au/
Trustworthy Systems Group   Data61 (formerly NICTA)