Re: puzzling SELinux alert.

2021-04-16 Thread home user 

On 4/16/21 8:51 PM, Tim via users wrote:

On Fri, 2021-04-16 at 11:27 -0500, Roger Heflin wrote:

given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a
while in gthumb and similar tools.


The file browsers on Gnome/MATE haven't been able to create thumbnails
for video files on my computers in many years.  Nothing that I tried
made it work again, and I gave up long ago.

It was a handy feature being able to see some image inside of a
stupidly named video file, to work out which was which.


My experience is that sometimes I do get images from the video, and 
sometimes I just get a right-pointing arrow centered in an old-fashioned 
CRT TV screen.  I haven't been able to discern a pattern as to when I 
get which.  I do notice that the odds of getting pictures is better when 
the display is in grid mode rather than list mode.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread Tim via users 
On Fri, 2021-04-16 at 11:27 -0500, Roger Heflin wrote:
> given a video file and an png file to output it fails on my system
> also (and that is with selinux as permissive and as root, so it seems
> to have many issues and is simply broken in most if not all use
> cases), and I don't know that I have seen a video thumbnail in a
> while in gthumb and similar tools.

The file browsers on Gnome/MATE haven't been able to create thumbnails
for video files on my computers in many years.  Nothing that I tried
made it work again, and I gave up long ago.

It was a handy feature being able to see some image inside of a
stupidly named video file, to work out which was which.
 
-- 
 
uname -rsvp
Linux 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Ed Greshko 

On 17/04/2021 03:51, Doug H. wrote:

Nice. That shows that the "glue" record*is*  there after all. The results from 
that site got me to realize that this will give the IP:


dig @b.gtld-servers.net ws.linuxlighthouse.com

[snip]
;; ADDITIONAL SECTION:
ns3.attdns.com. 172800  IN  A   144.160.20.47
ws.linuxlighthouse.com. 172800  IN  A   108.220.213.121


Yet, no matter what he does, if his NameServer is 108.220.213.121 then having 
this

PORT   STATE  SERVICE VERSION
53/udp closed domain
53/tcp  closed domain

is still a problem.

--
Remind me to ignore comments which aren't germane to the thread.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread home user 

On 4/16/21 10:27 AM, Roger Heflin wrote:

That matches what Ed had called out that it was a GL* command.

I guess that also tells you why you did not notice the failing..

given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a while
in gthumb and similar tools.

And that tool seems to be very complicated for just creating a
thumbnail as it connects to X and pulseaudio and GLX, I am guessing
someone took a gui app and made it work to generate one.  I sure
whoever decided to use this tool only knew about the this way to
generate a thumbnail.   And the saying goes if the only tool you have
is a hammer then everything looks like a nail.

For creating a thumbnail ffmpeg and/or mplayer would seem better, but
maybe that is not default on the systems.  I might see if I can create
a script that would get used in gthumb as this tells me why I get no
thumbnails.


What I think you're saying, and my impression even apart from your post, 
is that we can't realistically solve this SELinux alert problem.  This 
problem really has had me baffled.  The SELinux alerts seem to be false 
alarms; caja does what I want to do, and I can do those things other 
ways also.  So I'm inclined to go with what Ed said Tuesday:

> But if you're not having any problems it would be something
> that I'd ignore.

For what it's worth:
* I saw no SELinux alerts when trying totem-video-thumbnailer in the 
command line.  I forgot to mention this in this morning's post.
* I found this morning that SELinux alerts can show up when doing file 
renaming after having run Files in the same login session.  So Files 
does not stop further caja SELinux alerts.

* I patched my workstation (dnf upgrade) yesterday.


On Fri, Apr 16, 2021 at 10:27 AM home user  wrote:


On 4/16/21 5:41 AM, Roger Heflin wrote:

It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.

It has an extension of .mkv so it thinks it is a video file or is it
something else?


It is a video file.


the command was:
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"

It truncated the filenames, but you could test run the command and see
what it does from the command line.  The first filename is the input
file, the 2nd one is the output of the thumbnail.


bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv
KhongWeeHo_20160327.png
X Error of failed request:  BadValue (integer parameter out of range for
operation)
Major opcode of failed request:  151 (GLX)
Minor opcode of failed request:  3 (X_GLXCreateContext)
Value in failed request:  0x0
Serial number of failed request:  63
Current serial number in output stream:  64
bash.3[~]:

I also tried an mp4 video file that I have.  Same result.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Ed Greshko 

On 17/04/2021 02:12, Jack Craig wrote:

*
[jackc@ws ~ $ ping -c 3 ws.linuxlighthouse.com 
PING ws (10.0.0.101) 56(84) bytes of data.
64 bytes from ws (10.0.0.101): icmp_seq=1 ttl=64 time=0.083 ms
64 bytes from ws (10.0.0.101): icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from ws (10.0.0.101): icmp_seq=3 ttl=64 time=0.067 ms*

*wrong!!  let  me clean these up and see how far that gets me
*
*thanks again for all your help
*
*I am getting there slow but sure*


Why is that "wrong"?  I thought ws.linuxlighthouse.com had an internal ip 
adderss
of 10.0.0.101 and an external one of 108.220.213.121.  You bash prompt appears
to be on that host.  So, you are "internal".

Much meimei below which is internal to my network.

[egreshko@meimei ~]$ host meimei
meimei.greshko.com has address 192.168.1.18
meimei.greshko.com has IPv6 address 2001:b030:112f::140e

[egreshko@meimei ~]$ ping -4 meimei
PING  (192.168.1.18) 56(84) bytes of data.
64 bytes from meimei.greshko.com (192.168.1.18): icmp_seq=1 ttl=64 time=0.063 ms
64 bytes from meimei.greshko.com (192.168.1.18): icmp_seq=2 ttl=64 time=0.086 ms
64 bytes from meimei.greshko.com (192.168.1.18): icmp_seq=3 ttl=64 time=0.056 ms

But, when viewed from outside of my network.

[egreshko@acer ~]$ host meimei
meimei.greshko.com has address 211.75.128.214
meimei.greshko.com has IPv6 address 2001:b030:112f::140e

[egreshko@acer ~]$ ping -4 meimei
PING  (211.75.128.214) 56(84) bytes of data.
64 bytes from 211-75-128-214.HINET-IP.hinet.net (211.75.128.214): icmp_seq=1 
ttl=64 time=0.575 ms
64 bytes from 211-75-128-214.HINET-IP.hinet.net (211.75.128.214): icmp_seq=2 
ttl=64 time=0.598 ms
64 bytes from 211-75-128-214.HINET-IP.hinet.net (211.75.128.214): icmp_seq=3 
ttl=64 time=0.477 ms


--
Remind me to ignore comments which aren't germane to the thread.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Doug H. 
On Fri, Apr 16, 2021, at 10:56 AM, Ed Greshko wrote:
> On 16/04/2021 17:19, Ed Greshko wrote:
> > On 16/04/2021 10:35, Jack Craig wrote:
> >> First I get my static IP from AT&T actually a block of eight addresses of 
> >> which only the first do they agree to pass through.
> >>
> >
> > BTW, if you are hosting the DNS server and if your DNS server has the IP 
> > address of 108.220.213.121 then
> > this could be a problem.
> >
> > Running nmap against that IP
> >
> > PORT   STATE  SERVICE VERSION
> > 53/udp closed domain
> > 53/tcp  closed domain
> >
> >
> 
> You should also check the output from here.
> 
> https://intodns.com/linuxlighthouse.com


Nice. That shows that the "glue" record *is* there after all. The results from 
that site got me to realize that this will give the IP:

>dig @b.gtld-servers.net ws.linuxlighthouse.com

[snip]
;; ADDITIONAL SECTION:
ns3.attdns.com. 172800  IN  A   144.160.20.47
ws.linuxlighthouse.com. 172800  IN  A   108.220.213.121
[snip]



-- 
Doug Herr
fedoraproject@wombatz.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Canon MF642Cdw works as expected on F32 but fails on F33

2021-04-16 Thread George N. White III 
On Fri, 16 Apr 2021 at 12:22,  wrote:

> I was able to print and scan from Fedora 32 but when I upgraded to Fedora
> 33,
> cups shows "waiting for printer to become available".
>
> I am using the driver from Canon: linux-UFRII-drv-v520-usen-05.tar.gz.
>

> The install.sh that is included looks for the following packages:
> libjpeg-turbo
> beecrypt
> beecrypt-devel
> libglade2
> jbigkit-libs
> libgcrypt
> libgcrypt-devel
> which are installed and current, and all the above packages have had a
> point
> increase.
>
> The install.sh also states that Fedora is supported.
>
> Looking at the jobs page first message is "Rendering is complete", then
> "Waiting for printer to become available".
>
> I called Canon and was told that the driver was not 100% Canon code and
> that
> it was unknown when a updated driver would be available. The current driver
> was released in 09/2020.
>
> Any ideas on how to fix or work around,
>

From:
https://gdlp01.c-wss.com/gds/4/0300029834/08/linux-UFRII-drv-v530-ug-uken.pdf
Fedora 33.

The driver has been confirmed to operate in the following operating systems.

Debian 8.11 (Intel/AMD 32-bit/64-bit)
Debian 10.6 (Intel/AMD 32-bit/64-bit, ARM 64-bit)
Fedora 30 (Intel/AMD 32-bit/64-bit)
Fedora 33 (Intel/AMD 64-bit, ARM 64-bi
[...]

The newest driver software is posted on the Canon web site. Please verify
the operating
environment etc.and download the appropriate software as required.
Canon Global Site: https://global.canon/

-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Jack Craig 
ok, now we are getting somewhere!

So of the two servers that are listed the primary one, mine, does not
respond


 the secondary from AT&T is not responsive

 finally as you'll see below pinging t

Internal DNS is being returned as the external DNS number, that's a third
thing I need to fix up.

So I need to find out what's the correct AT&T DNS reference that I should
be using and
second I need to fix my own DNS so that I return the external not the
internal IP

Retest with improved  DNS parsing  method, thx again..



ping -c 3 108.220.213.121
PING 108.220.213.121 (108.220.213.121) 56(84) bytes of data.
64 bytes from 108.220.213.121: icmp_seq=1 ttl=64 time=1.51 ms
64 bytes from 108.220.213.121: icmp_seq=2 ttl=64 time=0.850 ms
64 bytes from 108.220.213.121: icmp_seq=3 ttl=64 time=1.35 ms

--- 108.220.213.121 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.850/1.236/1.513/0.281 ms
[jackc@ws ~ $ ping -c 3 ns3.attdns.com
PING ns3.attdns.com (144.160.20.47) 56(84) bytes of data.

--- ns3.attdns.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2038ms





*[jackc@ws ~ $ ping -c 3 ws.linuxlighthouse.com
PING ws (10.0.0.101) 56(84) bytes of data.64
bytes from ws (10.0.0.101): icmp_seq=1 ttl=64 time=0.083 ms64 bytes from ws
(10.0.0.101): icmp_seq=2 ttl=64 time=0.062 ms64 bytes from ws (10.0.0.101):
icmp_seq=3 ttl=64 time=0.067 ms*


*wrong!!  let  me clean these up and see how far that gets me *

*thanks again for all your help *

*I am getting there slow but sure*

--- ws ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2038ms
rtt min/avg/max/mdev = 0.062/0.070/0.083/0.009 ms



On Fri, Apr 16, 2021 at 8:25 AM Doug H. 
wrote:

> On Thu, Apr 15, 2021, at 11:00 AM, Jack Craig wrote:
> > hi list,
> >
> > so my bind config has apparently not worked despite my dig'ing.
> >
> > an external config checker says it finds no valid IP' for
> > linuxlighthouse.com, i am failing http challenge.
>
> Others have given good answers, but let me show you how I parse it...
>
> >whois linuxlighthouse.com | grep ^Name
> Name Server: WS.LINUXLIGHTHOUSE.COM
> Name Server: NS3.ATTDNS.COM
>
> First one is not useful since it lives inside the domain. See:
> https://ns1.com/blog/glue-records-and-dedicated-dns
>
> So I check the other one:
>
> >dig @NS3.ATTDNS.COM linuxlighthouse.com any
>
> ; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @NS3.ATTDNS.COM
> linuxlighthouse.com any
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 19251
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;linuxlighthouse.com.   IN  ANY
>
> ;; Query time: 110 msec
> ;; SERVER: 2001:1890:1c00:5323::c:3#53(2001:1890:1c00:5323::c:3)
> ;; WHEN: Fri Apr 16 07:59:10 PDT 2021
> ;; MSG SIZE  rcvd: 48
>
> Note the part "WARNING: recursion requested but not available", so it is
> saying that it is not authoritative for that domain.
>
> So I check to see that it is the auth for its own domain:
>
> >dig @NS3.ATTDNS.COM ATTDNS.COM any
>
> ; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @NS3.ATTDNS.COM ATTDNS.COM
> any
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62918
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 9
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;ATTDNS.COM.IN  ANY
>
> ;; ANSWER SECTION:
> ATTDNS.COM. 28800   IN  SOA ns0.ATTDNS.COM.
> eiss-dns.att.COM. 2021033001 3600 1800 2592000 300
> ATTDNS.COM. 28800   IN  NS  ns1.ATTDNS.COM.
> ATTDNS.COM. 28800   IN  NS  ns3.ATTDNS.COM.
> ATTDNS.COM. 28800   IN  NS  ns4.ATTDNS.COM.
> ATTDNS.COM. 28800   IN  NS  ns2.ATTDNS.COM.
> ATTDNS.COM. 600 IN  MX  10
> mx0b-00191d01.pphosted.COM.
> ATTDNS.COM. 600 IN  MX  10
> mx0a-00191d01.pphosted.COM.
>
> ;; ADDITIONAL SECTION:
> ns1.ATTDNS.COM. 28800   IN  2001:1890:1286:320::c:2
> ns2.ATTDNS.COM. 28800   IN  2001:1890:1c00:3320::c:3
> ns3.ATTDNS.COM. 28800   IN  2001:1890:1c00:5323::c:3
> ns4.ATTDNS.COM. 28800   IN  2001:1890:1c00:6320::c:6
> ns1.ATTDNS.COM. 28800   IN  A   144.160.112.22
> ns2.ATTDNS.COM. 28800   IN  A   144.160.128.140
> ns3.ATTDNS.COM. 28800   IN  A   144.160.20.47
> ns4.ATTDNS.COM. 28800   IN  A   144.160.229.11
>
> ;; Query time: 97 msec
> ;; SERVER: 2001:1890:1c00:5323::c:3

Re: on to letsencrypt

2021-04-16 Thread Ed Greshko 

On 16/04/2021 17:19, Ed Greshko wrote:

On 16/04/2021 10:35, Jack Craig wrote:

First I get my static IP from AT&T actually a block of eight addresses of which 
only the first do they agree to pass through.



BTW, if you are hosting the DNS server and if your DNS server has the IP 
address of 108.220.213.121 then
this could be a problem.

Running nmap against that IP

PORT   STATE  SERVICE VERSION
53/udp closed domain
53/tcp  closed domain




You should also check the output from here.

https://intodns.com/linuxlighthouse.com

--
Remind me to ignore comments which aren't germane to the thread.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread Roger Heflin 
That matches what Ed had called out that it was a GL* command.

I guess that also tells you why you did not notice the failing..

given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a while
in gthumb and similar tools.

And that tool seems to be very complicated for just creating a
thumbnail as it connects to X and pulseaudio and GLX, I am guessing
someone took a gui app and made it work to generate one.  I sure
whoever decided to use this tool only knew about the this way to
generate a thumbnail.   And the saying goes if the only tool you have
is a hammer then everything looks like a nail.

For creating a thumbnail ffmpeg and/or mplayer would seem better, but
maybe that is not default on the systems.  I might see if I can create
a script that would get used in gthumb as this tells me why I get no
thumbnails.





On Fri, Apr 16, 2021 at 10:27 AM home user  wrote:
>
> On 4/16/21 5:41 AM, Roger Heflin wrote:
> > It seems to be running /usr/bin/totem-video-thumbnailer" so would be
> > something attempting to create a thumbnail for the file if it is a
> > video.
> >
> > It has an extension of .mkv so it thinks it is a video file or is it
> > something else?
>
> It is a video file.
>
> > the command was:
> > /usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
> > "/tmp/.mate_desktop_thumbnail.19V"
> >
> > It truncated the filenames, but you could test run the command and see
> > what it does from the command line.  The first filename is the input
> > file, the 2nd one is the output of the thumbnail.
>
> bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv
> KhongWeeHo_20160327.png
> X Error of failed request:  BadValue (integer parameter out of range for
> operation)
>Major opcode of failed request:  151 (GLX)
>Minor opcode of failed request:  3 (X_GLXCreateContext)
>Value in failed request:  0x0
>Serial number of failed request:  63
>Current serial number in output stream:  64
> bash.3[~]:
>
> I also tried an mp4 video file that I have.  Same result.
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread home user 

On 4/16/21 5:41 AM, Roger Heflin wrote:

It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.

It has an extension of .mkv so it thinks it is a video file or is it
something else?


It is a video file.


the command was:
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"

It truncated the filenames, but you could test run the command and see
what it does from the command line.  The first filename is the input
file, the 2nd one is the output of the thumbnail.


bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv 
KhongWeeHo_20160327.png
X Error of failed request:  BadValue (integer parameter out of range for 
operation)

  Major opcode of failed request:  151 (GLX)
  Minor opcode of failed request:  3 (X_GLXCreateContext)
  Value in failed request:  0x0
  Serial number of failed request:  63
  Current serial number in output stream:  64
bash.3[~]:

I also tried an mp4 video file that I have.  Same result.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Doug H. 
On Thu, Apr 15, 2021, at 11:00 AM, Jack Craig wrote:
> hi list,
> 
> so my bind config has apparently not worked despite my dig'ing.
> 
> an external config checker says it finds no valid IP' for 
> linuxlighthouse.com, i am failing http challenge.

Others have given good answers, but let me show you how I parse it...

>whois linuxlighthouse.com | grep ^Name
Name Server: WS.LINUXLIGHTHOUSE.COM
Name Server: NS3.ATTDNS.COM

First one is not useful since it lives inside the domain. See:
https://ns1.com/blog/glue-records-and-dedicated-dns

So I check the other one:

>dig @NS3.ATTDNS.COM linuxlighthouse.com any

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @NS3.ATTDNS.COM 
linuxlighthouse.com any
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 19251
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;linuxlighthouse.com.   IN  ANY

;; Query time: 110 msec
;; SERVER: 2001:1890:1c00:5323::c:3#53(2001:1890:1c00:5323::c:3)
;; WHEN: Fri Apr 16 07:59:10 PDT 2021
;; MSG SIZE  rcvd: 48

Note the part "WARNING: recursion requested but not available", so it is saying 
that it is not authoritative for that domain.

So I check to see that it is the auth for its own domain:

>dig @NS3.ATTDNS.COM ATTDNS.COM any

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @NS3.ATTDNS.COM ATTDNS.COM any
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62918
;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 9
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ATTDNS.COM.IN  ANY

;; ANSWER SECTION:
ATTDNS.COM. 28800   IN  SOA ns0.ATTDNS.COM. 
eiss-dns.att.COM. 2021033001 3600 1800 2592000 300
ATTDNS.COM. 28800   IN  NS  ns1.ATTDNS.COM.
ATTDNS.COM. 28800   IN  NS  ns3.ATTDNS.COM.
ATTDNS.COM. 28800   IN  NS  ns4.ATTDNS.COM.
ATTDNS.COM. 28800   IN  NS  ns2.ATTDNS.COM.
ATTDNS.COM. 600 IN  MX  10 mx0b-00191d01.pphosted.COM.
ATTDNS.COM. 600 IN  MX  10 mx0a-00191d01.pphosted.COM.

;; ADDITIONAL SECTION:
ns1.ATTDNS.COM. 28800   IN  2001:1890:1286:320::c:2
ns2.ATTDNS.COM. 28800   IN  2001:1890:1c00:3320::c:3
ns3.ATTDNS.COM. 28800   IN  2001:1890:1c00:5323::c:3
ns4.ATTDNS.COM. 28800   IN  2001:1890:1c00:6320::c:6
ns1.ATTDNS.COM. 28800   IN  A   144.160.112.22
ns2.ATTDNS.COM. 28800   IN  A   144.160.128.140
ns3.ATTDNS.COM. 28800   IN  A   144.160.20.47
ns4.ATTDNS.COM. 28800   IN  A   144.160.229.11

;; Query time: 97 msec
;; SERVER: 2001:1890:1c00:5323::c:3#53(2001:1890:1c00:5323::c:3)
;; WHEN: Fri Apr 16 08:00:15 PDT 2021
;; MSG SIZE  rcvd: 409


Yup, good there. So you have two name servers listed. We need that glue record 
to figure out where one is and the other claims to not know who you are.


-- 
Doug Herr
fedoraproject@wombatz.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Canon MF642Cdw works as expected on F32 but fails on F33

2021-04-16 Thread dwoody5654 
I was able to print and scan from Fedora 32 but when I upgraded to Fedora 33,
cups shows "waiting for printer to become available".

I am using the driver from Canon: linux-UFRII-drv-v520-usen-05.tar.gz.

The install.sh that is included looks for the following packages:
libjpeg-turbo
beecrypt
beecrypt-devel
libglade2
jbigkit-libs
libgcrypt
libgcrypt-devel
which are installed and current, and all the above packages have had a point
increase.

The install.sh also states that Fedora is supported.

Looking at the jobs page first message is "Rendering is complete", then 
"Waiting for printer to become available".

I called Canon and was told that the driver was not 100% Canon code and that
it was unknown when a updated driver would be available. The current driver
was released in 09/2020.

Any ideas on how to fix or work around,

Thanks,
David
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: aegisub no more working after update...

2021-04-16 Thread Jerry James 
On Fri, Apr 16, 2021 at 4:40 AM François Patte
 wrote:
> I just update my system (fc-32) and aegisub is no more working: I can
> open subtitlefiles but not the corresponding video...
>
> Here the message:
>
> (aegisub:347417): Gdk-ERROR **: 12:08:25.195: The program 'aegisub'
> received an X Window System error.
> This probably reflects a bug in the program.
> The error was 'BadValue (integer parameter out of range for operation)'.
>(Details: serial 37349 error_code 2 request_code 150 (GLX) minor_code 24)
>(Note to programmers: normally, X errors are reported asynchronously;
> that is, you will receive the error a while after causing it.
> To debug your program, run it with the GDK_SYNCHRONIZE environment
> variable to change this behavior. You can then get a meaningful
> backtrace from your debugger if you break on the gdk_x_error()
> function.)

The aegisub package is not distributed by Fedora, but rather by
rpmfusion.  You should file a bug and include the information above.
See here for how to do that:

https://rpmfusion.org/ReportingBugs

That will alert the package maintainer to the problem.  It's possible
that aegisub just needs to be rebuilt against the latest GTK library,
but the maintainer can help determine that.  Good luck!
-- 
Jerry James
http://www.jamezone.org/
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread Roger Heflin 
It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.

It has an extension of .mkv so it thinks it is a video file or is it
something else?

the command was:
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"

It truncated the filenames, but you could test run the command and see
what it does from the command line.  The first filename is the input
file, the 2nd one is the output of the thumbnail.


On Thu, Apr 15, 2021 at 9:31 PM home user  wrote:
>
> On 4/15/21 8:27 PM, home user wrote:
>
> > The grep for the process ID "2636" found lines.
>
> Correction:
>
> The grep for the process ID "2636" found 34361 lines.
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Automount occasionally failing to auto-unmount

2021-04-16 Thread Patrick O'Callaghan 
I use automount with systemd service units (not /etc/fstab) to mount an
external BTRFS filesystem (2 drives configured as RAID-1). There is a
timeout of 120 seconds of inactivity after which it should unmount.
This works *nearly* all the time, but sometimes it doesn't and I can't
figure out why. The drive is normally only used at 3am to run a backup
script, and logs show that this is working correctly, but when I check
in the morning I sometimes find the drive still mounted (shown by
'findmnt') even though nothing is accessing it, i.e. 'fuser' shows
nothing and 'umount' succeeds immediately.

If it matters, the actual timeout always seems to take 300 seconds. I
don't know if this is because BTRFS is keeping the drive alive,
flushing queues or whatever. It's not important in itself, just another
data point.

When I mount the drive manually, the timeout always succeeds (though
again after 300 seconds rather than 120).

Any ideas?

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

aegisub no more working after update...

2021-04-16 Thread François Patte 

Bonjour,

I just update my system (fc-32) and aegisub is no more working: I can 
open subtitlefiles but not the corresponding video...


Here the message:

(aegisub:347417): Gdk-ERROR **: 12:08:25.195: The program 'aegisub' 
received an X Window System error.

This probably reflects a bug in the program.
The error was 'BadValue (integer parameter out of range for operation)'.
  (Details: serial 37349 error_code 2 request_code 150 (GLX) minor_code 24)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the GDK_SYNCHRONIZE environment
   variable to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() 
function.)



I don't understand what it means and don't know what to do

Thank you for any help.

--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
FSF
https://www.fsf.org/blogs/community/presenting-shoetool-happy-holidays-from-the-fsf



OpenPGP_signature
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Third level choosers for keyboard keys.

2021-04-16 Thread AV 
On Thu, 2021-04-15 at 20:12 -0700, Samuel Sieb wrote:
> On 4/15/21 5:07 PM, AV wrote:
> > 
> > > You need to be using a layout that has keys defined in those
> > > levels.  What keys are you trying to access?
> > 
> > On the Logitech keyboard the 5 with % and €. Same for Lenovo
> > laptop. On the Dell XPS 13 laptop the 5 with % and € and the 4 with
> > $ and ₹ (Indian Rupee sign).
> 
> For those specific keyboards, you'll probably have to create your own
> layout  I tried switching to the English (UK) layout and it has lots
> of extra keys.  If you click on the eye beside the name, it will give
> you graphical view of the layout, so you can see what keys are
> available.

As I said earlier I do not need this functionality. I was just curious.
As long as the option to use a compose key keeps working for a standard
US keyboard I am happy as I just need the compose key for diacriticals
in the western European languages. A standard US keyboard works best
for me, NOT the US international or the UK one (I once tried the UK and
got some weird surprises). So I am certainly not 'going to create my
own layout'. My quest stops here. Thanks to everybody for replying.

This aside I am surprised these options are given in Gnome/KDE/etc 
without further explanation if it is so complicated and so dependent
on the choice of keyboard and/or it's layout.

And I don't understand the remarks about the keypad. I have never seen
a keypad with $/€/%/& signs (and I hate keypads (especially on laptops)
they make you sit "twisted" and on a loose keyboard they also take away
mouse room (and strain the upper arm muscles)). 
(And I have had enough occasion to use numbers: data analysis,
 simulation/research and such and the "top row" has always been
 sufficient for my needs).

This is in reply to Samuel Sieb but also to everybody who replied.

AV
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: 
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Ed Greshko 

On 16/04/2021 10:35, Jack Craig wrote:

First I get my static IP from AT&T actually a block of eight addresses of which 
only the first do they agree to pass through.



BTW, if you are hosting the DNS server and if your DNS server has the IP 
address of 108.220.213.121 then
this could be a problem.

Running nmap against that IP

PORT   STATE  SERVICE VERSION
53/udp closed domain
53/tcp  closed domain


--
Remind me to ignore comments which aren't germane to the thread.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Tim via users 
Tim:
>> The DNS records need to be fixed before all else.  They need to be
>> held on a public DNS server that propagates them to the other DNS
>> servers.


Jack Craig:
> First I get my static IP from AT&T actually a block of eight
> addresses of which only the first do they agree to pass through.  
> 
> 
> Second this used to work. I get my static IP from AT&T in a block of
> actually eight addresses only the first of which do they agree to
> pass through so I have been using DNS via name HTTP HTTPS for some
> time and only since I've upgraded to fedora 30 to have I had this dns
> battle .

Sounds ok.  One test would be to see if an outsider can ping your
public IP that's supposed to allow traffic through.  Though, that will
only work if your system responds to pings.  The other test is for
someone to try and browse your webserver at your public IP.

Your public IP has to route through to your own server.  You will
probably have to explain your network topology to us.  Which I've seen
you do, in general, further below.

But is your public IP in a range of "customer" addresses, or public
IPs?  If it's within the range allocated to an ISPs clients, other
networks around the world will consider your IP to be risky.  You'd
find doing mail a problem, at least.

> Networksolutions is my registrar, they provide to the world my domain
> name my primary and secondary DNS servers so I guess that's the
> external place where you were referring to?

Yes.

> So AT&T provides the internet road, networksolutions provides the
> signage along the road to my place .
> 
> isn't it the way it supposed to work?

Yes.

By the look of things you need to reconfigure your DNS records.  Point
the A record for your domain, and the www. subdomain at your
webserver's IP.  Point your MX record at whoever handles mail to your
domain name.  Point the NS record at the name servers for your domain.


>> If your plan is for you to run your webserver on your own computer
>> and for people to connect to it, you have to find out if that's
>> actually possible with your ISP.  Many will forbid it, or their
>> network structure makes it nearly impossible.  And you'll need to
>> be able to handle all the attacks you'll be under.  There probably
>> isn't a website on the planet that someone isn't trying to exploit.

> I was hoping that wireguard would provide that kind of coverage via
> vpn..
>  I have two routers in my access path the first one is the AT&T
> router and its firewall is set to forward packets only from ports 53
> for 43 and 80 those packets alone are forwarded to my internal server
> internal router which in turn contacts in my server on my 10.0.0 net

If you're also doing HTTPS, there will need to be port "443" passed
through, too.  I'm guessing "43" was a typo.  Both routers and your
computer will have to allow through the ports.  I see no point in
trying to be your own DNS server, though.

HTTPS *could* be a curly one to solve in your situation.  Certificates
can tied to an IP address.  While an outsider will be connecting to
your public IP forwarded through, your webserver will be using its
local IP, and the cert wouldn't match.  *If* the cert has to match your
public IP, you'd need to set your computer's IP to be your public one.

But that may not be the case with you.  Solve the DNS problem first.

> I thought that having two firewalls between me in the world would be
> a larger advantage but it sounds like what you're saying is that
> people can penetrate that no matter what.   that's depressing.  

While firewalls can prevent unwanted connections through a network,
they don't protect you from things that are done through the allowed
connections.  Your webserver will have to be able to handle people
trying to exploit it.

On my public website, the error logs are full of people trying to
connect to known exploits in wordpress and various other software
suites that people run on webservers.  I don't run those things, so
they just get errors.

You'll also need to be able to handle the legitimate traffic.  You'll
have multiple crawlers from search engines, including many you've never
heard of, as well as actual people browsing it.

That's why I don't run my public website on my own system.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure