Re: firmware: secure boot dbx with software-center but not apt?
Hi Steven! Steven Timorol wrote: > >i get a message from 'gnome-software' >to update my firmware: >" >update configuration secure boot dbx: >Version 217: >This updates the dbx to the latest release from Microsoft which adds >insecure versions of grub and shim to the list of forbidden signatures >due to multiple discovered security updates. >" >but on the contrary >apt update/upgrade does not show anything to be updated > >so what is this? >and why doesn't apt show anything? gnome-software is talking to fwupd, which looks for updates to device firmware. DBX is the method used by UEFI firmware to block execution of known-bad and known-vulnerable UEFI binaries when running with Secure Boot enabled. Apt does not know show anything here as the DBX is not a package, it's a lower-level update to firmware. Does that help? -- Steve McIntyre, Cambridge, UK.st...@einval.com "We're the technical experts. We were hired so that management could ignore our recommendations and tell us how to do our jobs." -- Mike Andrews
Re: question re tar
On Monday, 19 September 2022 at 10:10:05 UTC+1, Thomas Schmitt wrote: > ... > But you could create a small ext filesystem in a file, mount it and make > experiments with it. oh, that's an excellent suggestion. thanks. will do that in the coming days. > > the "machine" is a VM, pre-installed by Google, and it has more mounts > > than dog has fleas :-) (but '/' says is on btrfs) > I know that flea effect from ZFS on Solaris. It makes the mount command > nearly unusable for information gathering. On Monday, 19 September 2022 at 12:10:05 UTC+1, Greg Wooledge wrote: > Since none of us can reproduce your archive, only you are in a position > to test that. Doing it in a subdirectory of /tmp or /var/tmp ought to > be harmless enough. You can just nuke that subdirectory when you're > done with it. should be safe enough, agree. (and could then copy from tmpfs type fs to the partition with /home. decided to go with Tomas' idea. thanks)
Re: unmask silently fails
On Mon, Sep 19, 2022 at 12:12:51PM -0400, Felix Miata wrote: > Reco composed on 2022-09-19 14:46 (UTC+0300): > > # ls -la /lib/systemd/system/nfs-common.service > > lrwxrwxrwx 1 root root 9 Jun 28 2021 > > /lib/systemd/system/nfs-common.service -> /dev/null > > That's what masking looks like. Why is it masked? I don't know the full story either, but I did note that there's also an /etc/init.d/nfs-common script (a rather substantial one, at that).
Re: unmask silently fails
On Mon 19 Sep 2022 at 12:12:51 (-0400), Felix Miata wrote: > Reco composed on 2022-09-19 14:46 (UTC+0300): > > On Mon, Sep 19, 2022 at 12:05:43AM -0400, Felix Miata wrote: > > >> Anyone know what it takes to unmask nfs-common.service successfully? > > > Why would you need it with systemd? As of bullseye, nfs-common package > > just provide this symlink instead of the proper systemd unit: > > It was prompted by an error message trying to configure or enable something > else, > which I had already forgotten before posting, that said enabling it was a > dependency. > > > # ls -la /lib/systemd/system/nfs-common.service > > lrwxrwxrwx 1 root root 9 Jun 28 2021 > > /lib/systemd/system/nfs-common.service -> /dev/null > > That's what masking looks like. Why is it masked? My /guess/ is that it's because systemd doesn't need it: there's a systemd service for each component (imapd, gssd, … … ). However, if you don't run systemd, then all those services are started by an init.d script called nfs-common, turned on and off with /etc/default/. Cheers, David.
Re: unmask silently fails
Reco composed on 2022-09-19 14:46 (UTC+0300): > On Mon, Sep 19, 2022 at 12:05:43AM -0400, Felix Miata wrote: >> Anyone know what it takes to unmask nfs-common.service successfully? > Why would you need it with systemd? As of bullseye, nfs-common package > just provide this symlink instead of the proper systemd unit: It was prompted by an error message trying to configure or enable something else, which I had already forgotten before posting, that said enabling it was a dependency. > # ls -la /lib/systemd/system/nfs-common.service > lrwxrwxrwx 1 root root 9 Jun 28 2021 /lib/systemd/system/nfs-common.service > -> /dev/null That's what masking looks like. Why is it masked? -- Evolution as taught in public schools is, like religion, based on faith, not based on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata
Re: Setting system/ rtc clock
On 2022-09-18, Richard Schires wrote: > The problem that I am trying to resolve is getting the > system clock and CMOS clock to match. Why is that a problem?
Debian I3/Asus
Buenos dias, antes que nada me presento ya que es mi primer post a la lista. Mi nombre es Gerardo y uso Linux desde hace muchos años, empece con Conectiva Linux, una distro de Brasil que mas tarde se fuciono con Mandrake (Francia) y asi nacio Mandriva. Pero a los pocos meses me pase a Slacware 7 y la use por muchos años hasta que me pase a Debian hace 3 años, aunque siempre tuve un disco secundario con Debian desde ahi la uso como distro principal. Al punto: necesito actualizar un par de PC de escritorio ya viejitas y decidi probar PCs que me encargan mis clientes para chequear compatilbildad , etc. Arme un I3 10° generacion, mother Asus H510M-e y 8 Gb de RAM. Instalo Debian 11.5 , se instala normalmente, previamente deshabilirar el Secure Boot y el arranque rapido de la BIOS y reinicio. Aparece GRUB y cuando termina el conteo sale por una fraccion de seguno el chequeo de discos (ata: y todo lo que sigue) pero inmediatamente el sistema entra en suspension. O por lo menos no da imagen, porque si hago Ctrl+Alt+Del el sistema reinicia. Probe OpenSuse y Fedora y se instalan perfectamente. ¿Se sabe de alguna incompatibilidad o alguna configuracion especial para tener en cuenta? Muchas gracias. -- */Gerardo Braica */gbra...@gmail.com.ar /*/*
udev not on-demand-loading modules with custom kernel
Hi all. I need help getting module on-demand-loading working with a custom kernel. Currently I'm running Debian 11 for x86_64 on a Chromebook in developer mode directly via Coreboot/Depthcharge. Not having UEFI or classical BIOS boot code means that the default Debian kernel doesn't work, right? So I'm using a kernel from the chromiumOS project (ChromeOS 5.10) with a custom config. I do need a patched kernel anyways as there's no UEFI/ACPI but a special Chromebook embedded controller for all those fancy sensors and a like. The system is working fine, including wifi, rotation sensors, graphics and so on except the on demand kernel module loading doesn't work. Running "edevadm monitor" I do get many UEVENTs when plugging in an usb stick, for example. The event device system itself does work. But trying to mount the filesystem doesn't work as no vfat module gets loaded (as an example). Likewise adding rules via iptables doesn't work, as the netfilter modules are missing. I have to manually load the nf* modules and _then_ I'm able to use iptables. I can load all those modules by hand via modprobe, but autoloading via kernel/udev doesn't work. Running "depmod -a" was fine. The files /lib/modules/[kernelversions]/modules.* seem(!) also to be ok. "find /sys/ -name "uevent" | wc -l" seems also fine with more than a thousand results. When I try for example mounting the fat system without having the vfat module ready, on my standard desktop system "udevadm monitor" shows events and mount succeeds. But on the Chromebook with custom kernel there's no such event shown and mount fails with: "mount: /mnt: unknown filesystem type 'vfat'." After "modprobe vfat" everything is fine and mount succeeds. Indeed the udev events do show when manually running modprobe. systemd-udevd.service is running. The files in /run/udev/* seem to be the same on the desktop (where everything is fine) and Chromebook (not working). Does anyone has an idea how to solve this? Feel free to ask me further details of the system. I don't know how the module autoloading works so I have no idea which additional information is useful. regards hede
Debian I3/Asus
Buenos dias, antes que nada me presento ya que es mi primer post a la lista. Mi nombre es Gerardo y uso Linux desde hace muchos años, empece con Conectiva Linux, una distro de Brasil que mas tarde se fuciono con Mandrake (Francia) y asi nacio Mandriva. Pero a los pocos meses me pase a Slacware 7 y la use por muchos años hasta que me pase a Debian hace 3 años, aunque siempre tuve un disco secundario con Debian desde ahi la uso como distro principal. Al punto: necesito actualizar un par de PC de escritorio ya viejitas y decidi probar PCs que me encargan mis clientes para chequear compatilbildad , etc. Arme un I3 10° generacion, mother Asus H510M-e y 8 Gb de RAM. Instalo Debian 11.5 , se instala normalmente, previamente deshabilirar el Secure Boot y el arranque rapido de la BIOS y reinicio. Aparece GRUB y cuando termina el conteo sale por una fraccion de seguno el chequeo de discos (ata: y todo lo que sigue) pero inmediatamente el sistema entra en suspension. O por lo menos no da imagen, porque si hago Ctrl+Alt+Del el sistema reinicia. Probe OpenSuse y Fedora y se instalan perfectamente. ¿Se sabe de alguna incompatibilidad o alguna configuracion especial para tener en cuenta? Muchas gracias. -- */Gerardo Braica */gbra...@gmail.com.ar /*/*
Re: unmask silently fails
Hi. On Mon, Sep 19, 2022 at 12:05:43AM -0400, Felix Miata wrote: > Anyone know what it takes to unmask nfs-common.service successfully? Why would you need it with systemd? As of bullseye, nfs-common package just provide this symlink instead of the proper systemd unit: # ls -la /lib/systemd/system/nfs-common.service lrwxrwxrwx 1 root root 9 Jun 28 2021 /lib/systemd/system/nfs-common.service -> /dev/null Reco
Re: question re tar
On Mon, Sep 19, 2022 at 08:24:08AM +0100, jr wrote: > _thank you_. another question, if you don't mind: what will happen > if I extract such an archive on a "normal" computer with ext3/4 > filesystems? (don't want to .. experiment with this) Since none of us can reproduce your archive, only you are in a position to test that. Doing it in a subdirectory of /tmp or /var/tmp ought to be harmless enough. You can just nuke that subdirectory when you're done with it.
Re: question re tar
Hi, i wrote: > > test/hardlinks/hardlink_x link to u/test/hardlinks/x This comes when i edit my experiment output to remove unnecessary local information. I forgot to remove that last "u/". jr wrote: > what will happen > if I extract such an archive on a "normal" computer with ext3/4 > filesystems? Interesting question. The identical names might cause problems. > (don't want to .. experiment with this) Since i have no experience with btrfs, i cannot create such a tarball. But you could create a small ext filesystem in a file, mount it and make experiments with it. From the view of the Linux kernel the expectable unpacking activities of tar should not be too exotic. I am quite sure that attempts to link a file to itself have happened in the last 25+ years: $ ln x x ln: failed to create hard link ‘x’: File exists > the "machine" is a VM, pre-installed by Google, and it has more mounts > than dog has fleas :-) (but '/' says is on btrfs) I know that flea effect from ZFS on Solaris. It makes the mount command nearly unusable for information gathering. Have a nice day :) Thomas
firmware: secure boot dbx with software-center but not apt?
Hello, i get a message from 'gnome-software' to update my firmware: " update configuration secure boot dbx: Version 217: This updates the dbx to the latest release from Microsoft which adds insecure versions of grub and shim to the list of forbidden signatures due to multiple discovered security updates. " but on the contrary apt update/upgrade does not show anything to be updated so what is this? and why doesn't apt show anything? S.
Information et amélioration a propos de LMDE 5
Bonjour, Toujours, je tiens à remercier toute l'équipe qui contribue au développement de linux mint version debian (paquets). J'apprécie énormément cette distribution. Elle est à la fois, stable, légère, simple d'utilisation pour un débutant linux, rapide en fonctionnement. Surtout, continuez svp a développer cette version debian linux mint. Elle est génial. J'aime bien aussi le fait de pouvoir créer très simplement des lanceurs de programme depuis le clic droit sur le bureau. Une fenêtre s'ouvre et on a plus qu'à choisir le programme et de cocher ou non le choix de lancer le terminal ou pas. Cette fonction est génial également. Elle n'existe pas sur vos '' concurrents'' comme Ubuntu et compagnie. Je reste donc sur mint debian. Maintenant, je trouve dommage qu'il n'existe pas de documents PDF ou de manuel en ligne qui explique en détail comment on procède à installer Linux mint debian sur un disque en choisissant l'option ''autre chose '', pour faire concrètement un pationnement de disque dur adéquat et opérationnel pour faire l'installation. Comment partionner, la taille, etc ... pour faire une partition efi, swap , home . Bref du concret. J'ai réussi à installer LMDE sur un disque dur externe, car j'ai une machine windaube avec un disque aux partions non modifiable, non accessible, en mbr. Donc pas compatible avec le nouveau bios et le format gpt. Bref, une notice aurait aider et simplifier. A part ceci, nickel le LMDE. La version debian 11 pure en revanche est compliqué pour un débutant, concernant l'installation encore une fois (choix mode installation ''autre chose'' ) et les pilotes a installer ou a télécharger manuellement etc. C'est pour cela que je préfère LMDE. Continuez donc svp a développer et à améliorer cette version. Mille merci encore. Amicalement
Re: question for seasoned links users?
On Mon, Sep 19, 2022 at 07:11:31AM -, Curt wrote: [...] > I noted the personal nature of your vendetta but fail to admire your > restraint in the matter, which you might have exercised earlier. But > then you wouldn't have had the vain pleasure of its publicity here. > > As far as obnoxiousness goes, few are, in my experience, in the same league > as the OP. TBH, your messages come across as pretty incisive at times (mine possibly too, I do welcome constructive corrections myself). No idea how much intention is behind that. Cheers -- t signature.asc Description: PGP signature
Re: question re tar
hi,
On Sun, 18 Sept 2022 at 21:39, Thomas Schmitt wrote:
> Will Mengarini wrote:
> > Note that the file-type character "h" (the leftmost character in your
> > second line of output) isn't documented ...
> The 'h' probably comes from {...}
> which converts tar file type LNKTYPE to 'h'.
thanks. (yes, no documentation..)
> It's tar which does it by the (dev,ino) comparison in dump_hard_link().
> I have a test case from xorriso development: ...
> $ tar cf - test/hardlinks | tar tvf -
> drwxr-xr-x thomas/thomas 0 2009-05-18 19:57 test/hardlinks/
> -rw-r--r-- thomas/thomas 42786 2008-11-14 09:44 test/hardlinks/x
> hrw-r--r-- thomas/thomas 0 2008-11-14 09:44 test/hardlinks/hardlink_x
> link to u/test/hardlinks/x
_thank you_. another question, if you don't mind: what will happen
if I extract such an archive on a "normal" computer with ext3/4
filesystems? (don't want to .. experiment with this)
> The question remains why jr's tar records two files with the same path
> as a pair of hardlinks. (I place my bet on btrfs snapshots.)
the "machine" is a VM, pre-installed by Google, and it has more mounts
than dog has fleas :-) (but '/' says is on btrfs)
Re: question for seasoned links users?
On 2022-09-18, debian-u...@howorth.org.uk wrote: >> >>> >> >> >> >> It reads the screen, doesn't it, for the visually impaired? Screen >> >> reader. >> > >> > ahem, no. >> >> https://www.afb.org/blindness-and-low-vision/using-technology/assistive-technology-products/screen-readers#:~:text=Screen%20readers%20are%20software%20programs,its%20applications%2C%20and%20the%20user. >> >> I think yes, not no. Ahem, yes, but more than that, you might've said. > > I think you're an obnoxious (choose your own insult here) that doesn't > appear to contribute to the value of any conversations. But that's just > my personal opinion and I expect it may offend policies here, so I'll > stop now. > > [snip] > > I noted the personal nature of your vendetta but fail to admire your restraint in the matter, which you might have exercised earlier. But then you wouldn't have had the vain pleasure of its publicity here. As far as obnoxiousness goes, few are, in my experience, in the same league as the OP.
Re: Asunto: Re: Usar llvmpipe en vez de amdgpu
El 2022-09-18 a las 23:00 -, Jefferson Smith Pizarro Gutierrez escribió: > Asus AMD® Ryzen 3 3200u with radeon vega mobile gfx × 4 > Portatil: Asus M509D > Debian: Debian 11 - Bullseye > Gpu Drivers: uso Amdgpu pero quisiera usar solo llvmpipe (...) Si puedes subir el archivo «/var/log/Xorg.0.log» a algún¹ sitio² para que podamos ver su contenido, mejor. En cualquier caso, para intentar que no cargue el driver amdgpu puedes probar a pnerlo en la lista negra: How to blacklist amdgpu driver? https://askubuntu.com/questions/1080217/how-to-blacklist-amdgpu-driver Ahora bien, no me queda del todo claro que lo que quieras hacer sea posible, es decir, me parece que LLVMPIPE no es un reemplazo del driver gráfico (amdgpu, radeon, etc...) sino que forma parte de la capa de aceleración OpenGL (por software, además). Es decir, si pones en la lista negra el driver amdgpu desconozco qué driver te cargarará el kernel :-? ¹https://paste.debian.net/ ²https://pastebin.com/ Saludos, -- Camaleón
