Re: [arch-general] USB flash installation medium in BIOS machines
> There are only my 2 installed hard drives plus a "USB HDD: ..." option. > I am very positive that this laptop is legacy BIOS only and that it is > somehow wrongly identified as UEFI? It can't be "wrongly identified as UEFI". If the laptop didn't support UEFI, then you wouldn't even see the systemd-boot menu, because there wouldn't be anything to *load* systemd-boot, or support it running. systemd-boot is designed to exclusively run in the UEFI environment, and it just can not work at all in a BIOS environment. >>> I see the boot menu (which looks like systemd-boot menu) with only options >>> for UEFI boot and EFI shell option. -- damjan
Re: [arch-general] No login after update
> I don't see what all the fuss is about > > If you're using Arch, then you should: > > 1. Check Arch news before running update > 2. Update regularly > 3. Watch output from pacman for warnings/advice > 4. Run pacdiff after update and before reboot > > After step 4 there are no longer any pacnew files That would have shown that the new file doesn't have pam_tally2, it wont say you wouldn't be able to login after reboot. actually, even assuming you would know to fix the issue, but you didn't fix the problem immediately and you went to make a coffee - your screen saver was activated, you are locked out. Now I don't understand all the defensiveness - let's all work together to improve things. This is not a non-issue. -- damjan
[arch-general] pam-1.3.1-2 -> 1.4.0-3 breaking change
it seems the 1.4.0-3 removed the tally/tally2 modules and (for some reason) I had `auth required pam_tally2.so` in /etc/pam.d/system-login. Of course that broke the login and I had to rescue the installation from a bootable USB. I wonder if there can be some pam-lint tool that checks your /etc/pam.d/ after upgrades. -- damjan
Re: [arch-general] mkinitcpio hook for custom root decryption with systemd boot
On Thu, 23 Jul 2020 at 12:09, Riccardo Paolo Bestetti via arch-general wrote: > > I have root encryption set up on my system and I currently boot with the > sd-encrypt and sd-lvm hooks. > > I would like to change my current crypto setup in a way that would require > more step to unlock the root than just typing in a passphares. For this > reason, sd-encrypt clearly cannot serve my use case. > > For this reason, I would like to write a custom hook to mount the root > volume. Now, systemd boot doesn't have a concept of runtime hooks. Thus, I > need to make a systemd unit that gets pulled in by cryptsetup.target in the > place of systemd-cryptsetup@.service. (Basically, I need to replace the whole > systemd-cryptsetup-generator and systemd-cryptsetup logic.) > > However, I really have no idea on how to achieve this. Should I write a > custom mkinitcpio hook which completely bypasses sd-crypt/cryptsetup.target > and instead starts a different unit with my own decryption logic? Or is there > a way to hook into cryptsetup.target and instruct it to pull in my logic > instead of systemd-cryptsetup*? > > Of course, the other possibility is to just stop using a systemd boot and > instead setting up a busybox early userspace. Then it's just a matter of > writing a shell script. However, since I'm already using systemd for > everything - from the bootloader to userspace - I don't think it makes much > sense to do that. > > Any help/guidance/suggestion/criticism is highly appreciated. > > Riccardo Paolo Bestetti haven't looked more deeply into it, but luks/dm-crypt/cryptsetup can use keys in the kernel keyring. So maybe it would be enough for you to have a service that configures the keyring before the cryptsetup service. https://fossies.org/linux/cryptsetup/docs/Keyring.txt -- damjan
Re: [arch-general] pacman --assume-installed in a config file?
> > noto-fonts is pulled as a dependency of plasma-integration, but I > > don't want it installed since it takes over the default fonts (ships > > an aggressive fontconfig configuration) for many websites, and looks > > quite bad *for me* (on a 14" FHD display). > > It's also a 90MB package I don't need. > > Hmm, I wonder why it is a hard dependency instead of being used via > ttf-font? I guess it's because plasma-integration ships a /usr/share/kconf_update/fonts_global.pl script that does some font replacements. https://github.com/KDE/plasma-integration/blob/master/src/platformtheme/fonts_global.pl -- damjan
[arch-general] pacman --assume-installed in a config file?
I often find myself using the `assume-installed`[1] option of pacman when doing upgrades, since I want to avoid some (for me) nonsensical dependencies to be installed. Is it possible to configure this in some config file, so I don't have to remember to type it all the time? [1] sudo pacman -Syu --assume-installed noto-fonts noto-fonts is pulled as a dependency of plasma-integration, but I don't want it installed since it takes over the default fonts (ships an aggressive fontconfig configuration) for many websites, and looks quite bad *for me* (on a 14" FHD display). It's also a 90MB package I don't need. -- damjan
Re: [arch-general] USB not assining port number
> but no USB port given > > lsusb gives > Bus 002 Device 011: ID 1781:0c9f Multiple Vendors USBtiny what is this "usb port" that you expect? USBtiny is a HID device as far as I can remember. -- damjan
Re: [arch-general] sway package systemd service
> > the sway package repo includes a systemd service: > https://git.archlinux.org/svntogit/community.git/tree/trunk/sway.service?h=packages/sway > > This file is not included in the package though. Is this systemd > service ready to use or just an obsolete artifact? while on this topic, see the files here, how to integrate sway with systemd --user even better https://github.com/xdbob/sway-services -- damjan
Re: [arch-general] Why "systemd --user" process hanging around after logout?
On Fri, 24 Jan 2020 at 20:50, David Rosenstrauch wrote: > > I've noticed recently that even after I log out of my desktop env (XFCE) > there is a process tree left hanging around running "systemd --user" > under my user ID (with a bunch of gvfs child processes running under > it). https://github.com/systemd/systemd/blob/v240/NEWS#L299 -- damjan
Re: [arch-general] [mkinitpcio] running as non-root creates non-root files in the cpio
> > Alternatively, is there a better place for reporting mkinitpcio> > issues, > > and sending patches? > > I've assigned the bug to the main maintainer, but note that there is > also a Github repo in the archlinux org. > > https://github.com/archlinux/mkinitcpio Thanks, didn't know the github repo -- damjan
[arch-general] [mkinitpcio] running as non-root creates non-root files in the cpio
I've already opened a bug issue, and supplied a patch at https://bugs.archlinux.org/task/65006 but except from the first comment by dreisner, there's not much activity. Is it ok if I escalate here? :) Alternatively, is there a better place for reporting mkinitpcio issues, and sending patches? -- damjan
Re: [arch-general] do i need to configure mkinitcpio.conf for my md array ?
On Thu, 16 Jan 2020 at 14:46, Shadrock Uhuru via arch-general wrote: > > > Hi > i have just configured my 4 disk raid 10 array with mdadm > the filesystem is ext4 unencrypted > and arch is installed on a separate disk > do i need to reconfigure mkinitcpio.conf for my md array > so that the array is assembled and started at boot, > all the examples i've seen have arch installed on the raid array > including the example in the wiki https://wiki.archlinux.org/index.php/RAID > i have not reboot the new array yet > so i would like to make sure everything necessary is configure before i do > that. you need the "mdadm" hook in HOOKS in /etc/mkinitcpio.conf, and rebuild the initramfs. the hook would auto-detect the raid setup, but it will also include /etc/mdadm.conf if it exists. -- damjan
Re: [arch-general] journalctl
On Mon, 2 Dec 2019 at 10:26, Pascal via arch-general wrote: > > hello, > when I use journalctl to track system events, I introduce line breaks for > better readability. > like multitail, I would like to introduce more verbose line breaks... > I wrote these few lines but it doesn't work as expected : > > exec 6<&0 > exec 0< <( while :; do read -sn1 k; echo $'\n'"# $( date +%H:%M:%S ) > ---"$'\n'; done ) > journalctl -f > exec 0<&6 6<&- > > the second instruction "exec 0< <( while..." played alone works perfectly > in my terminal, but not as a redirection for journalctl. > any leads ? > regards, lacsaP. Why don't you just replace the PAGER/SYSTEMD_PAGER from less to your own tool (multitail even? never used it). -- damjan
Re: [arch-general] New kernel packages and mkinitcpio hooks
On Mon, 11 Nov 2019 at 09:18, Ondřej Hruška wrote: > > Hi, > I have a question regarding the kernel changes. > > It sounds like it might break my dm-crypt/luks setup with un-encrypted > /boot partition, if the kernel is not in /boot anymore? the kernel is no longer installed in /boot by the kernel package, but by post-install mkinitcpio scripts. So it ends back there in /boot anyway. -- damjan
Re: [arch-general] [arch-dev-public] New kernel packages and mkinitcpio hooks
> This has been discussed a bit on the dracut thread, as well on some other > threads over time. > I *personally* don't like the complexity of kernel-install that much. I've now read this twice on Arch mail lists, so I have to ask, without any presumptions on my side, what are the arguments against kernel-install? I must say, I don't see much complexity in it. It's only a 184 line bash script[1]. And as added feature, it decouples the kernel install from the kernel package install (and pacman), also defines couple of easy-to-use config locations like /etc/kernel/cmdline But I guess I might be missing something. [1] especially compared to dracut (not that they do the same thing), which seems much more complex, and that complexity did introduce bugs - for which I've sent a PR -- damjan
Re: [arch-general] new packaging of the kernel/mkinitcpio/kmod
On Thu, 31 Oct 2019 at 14:55, Giancarlo Razzolini wrote: > > Em outubro 31, 2019 9:46 Damjan Georgievski via arch-general escreveu: > > Can someone explain in better detail the changes in > > * kmod 26-3 > > * mkinitcpio 27-1 > > * linux 5.3.8.1-1 > > around packaging and pacman hooks? > > > > I can see there's some reorganization of the hooks and scripts, and > > the kernel package no longer > > installing directly to /boot (which is a welcome change, the kernel is > > now only in /usr/lib/modules/5.3.8-arch1-1/vmlinuz) > > but it's not easy for me to reverse-understand what the bash scripts do > > exactly. > > > > I'm asking because I also use pacman hooks on the kernel and some > > other files in order to create my combined kernel+initramfs+cmdline > > UEFI executable signed for secure-boot, and it seems I'll have to > > adopt to a newer setup. > > > > > Hi Damjan, > > The kernel does not install itself anymore to /boot, as you've noticed. But, > the mkinitcpio > hook does that. For now, we are replicating the same behavior as before, but > with a little > more flexibility. > > > I'm working on dracut hooks for doing a similar job, but the idea is that we > eventually will > be more flexible with our booting, giving the user more options. Keep an eye > on the Arch announce > mailing list, as well as the news on the Arch site. > > As for your hooks, we made so that the mkinitcpio hook runs at the same step > the previous linux > hook would. So, there shouldn't be any incompatibilities. But, it depends on > what your hooks are. > Also, you can completely override the mkinitcpio hooks by linking their > filenames to /dev/null on > /etc/pacmand.d/hooks directory. But you'll be left doing the kernel > installation on your own. Thanks for the info Giancarlo, it's true that my hook works as before (I've tested that), but even my original hook was suboptimal anyway, since I needed to define one hook per kernel package. I'm wondering if I can make a more general hook, for example triggering on usr/lib/modules/*/pkgbase (or vmlinuz?) - is that the recommended way now? -- damjan
[arch-general] new packaging of the kernel/mkinitcpio/kmod
Can someone explain in better detail the changes in * kmod 26-3 * mkinitcpio 27-1 * linux 5.3.8.1-1 around packaging and pacman hooks? I can see there's some reorganization of the hooks and scripts, and the kernel package no longer installing directly to /boot (which is a welcome change, the kernel is now only in /usr/lib/modules/5.3.8-arch1-1/vmlinuz) but it's not easy for me to reverse-understand what the bash scripts do exactly. I'm asking because I also use pacman hooks on the kernel and some other files in order to create my combined kernel+initramfs+cmdline UEFI executable signed for secure-boot, and it seems I'll have to adopt to a newer setup. -- damjan
Re: [arch-general] Input, Uinput, and udev problems with user access
> > Up until yesterday evening, the following setup would allow the Fenrir > screen reader to access the tools it needs to read without root access in > terminal emulators like Xterm: > > groupadd --system input > groupadd --system uinput > echo 'KERNEL==\"event*\", NAME=\"input/%k\", MODE=\"660\", > GROUP=\"input\"' >> /etc/udev/rules.d/99-input.rules > echo 'KERNEL==\"uinput\", SUBSYSTEM==\"misc\", > OPTIONS+=\"static_node=uinput\", TAG+=\"uaccess\", GROUP=\"uinput\"' >> > /etc/udev/rules.d/99-fenrirscreenreader.rules > > Now, however, while it can still read the screen, the keyboard does > nothing. Has something changed, and if so, what do I need to do differently > to get it working again? > What kind of keyboard is it?? You mention xterm, so you're running XOrg I presume? -- damjan
Re: [arch-general] [arch-dev-public] Mkinitcpio replacement with Dracut
On Thu, 22 Aug 2019 at 21:36, Giancarlo Razzolini wrote: > Em agosto 22, 2019 16:29 Damjan Georgievski via arch-general escreveu: > > Are there any news/updates on this front? > > > > I have dracut installed in one test VM, but I have to run it manually > after > > each kernel update. The wiki page [1] is still empty, so > > how do I configure proper hooks to build the initramfs (and possibly also > > disable the mkinitcpio ones)? > > > > Yes. I have been working on pacman hooks for this. There are a few things > I need > to iron out before releasing it though. There's a need to change all > kernels as > well, because the hooks are deployed with them currently, this has to > change. > Just in case, I'll mention kernel-install [1] once again, it's a nice central hub where initramfs creators, bootloaders (and optionally signing of uefi images) can hook into, and then any kernel install can call all the users hooks with a single command. [1] https://www.freedesktop.org/software/systemd/man/kernel-install.html -- damjan
Re: [arch-general] [arch-dev-public] Mkinitcpio replacement with Dracut
I have been looking into dracut for some time now, I copied some stuff from > them on a few of my own > scripts and they also have an actual test suite, that we currently can't > use on Arch, but I plan to > change that. > > Are there any news/updates on this front? I have dracut installed in one test VM, but I have to run it manually after each kernel update. The wiki page [1] is still empty, so how do I configure proper hooks to build the initramfs (and possibly also disable the mkinitcpio ones)? [1] https://wiki.archlinux.org/index.php/Dracut -- damjan
Re: [arch-general] Opening a document with unicode in path
On Fri, 2 Aug 2019 at 14:59, John Z. wrote: > Hi everyone, > there's a document on Dropbox, that has unicode character in its > path (french character). Trying to open this document with libre > office (Plasma is running) fails with 'file not found', and the path > shown with error clearly presents the path with that unicode > character replaced by '??' > > What I tried: > * copy the document in a path where there's no unicode - it opens > * copy the document using shell - it works > * copy the document using Dolphin (from Plasma) - it works > * check $LANG - its set to `en_CA.UTF8` > Does `locale -a` show that locale? -- damjan
Re: [arch-general] [arch-dev-public] Mkinitcpio replacement with Dracut
> > I have been looking into dracut for some time now, I copied some stuff > from them on a few of my own > scripts and they also have an actual test suite, that we currently can't > use on Arch, but I plan to > change that. > Is there any support for post hooks in Dracut? ie. I want to sign the uefi image with sbsign, after it's built with `dracut --uefi …` -- damjan
Re: [arch-general] [arch-dev-public] Mkinitcpio replacement with Dracut
> > dracut 049-3 on an Arch [testing] VM > > > > There are a few more instances where arch must be replaced with uname -m. > > I'll deploy a version of dracut with that patch later: > > https://github.com/dracutdevs/dracut/pull/573 > Thanks, I've also noticed another issue about the uefi stub and sent a PR: https://github.com/dracutdevs/dracut/pull/575 -- damjan
Re: [arch-general] [arch-dev-public] Mkinitcpio replacement with Dracut
> > > dracut --uefi > This seems to fail for me: $ sudo dracut --no-early-microcode --uefi /boot/EFI/Linux/arch-linux.efi dracut: Executing: /usr/bin/dracut --no-early-microcode --uefi /boot/EFI/Linux/arch-linux.efi /usr/bin/dracut: line 1063: arch: command not found /usr/bin/dracut: line 1069: arch: command not found dracut: Architecture '' not supported to create a UEFI executable any ideas why?? dracut 049-3 on an Arch [testing] VM -- damjan
Re: [arch-general] Keyboard shortcuts which change based on current app
On Thu, 14 Feb 2019 at 05:12, Oon-Ee Ng via arch-general < arch-general@archlinux.org> wrote: > Before I try to hack together a solution, are there any existing > apps/frameworks which allow for the same key/button to do something > different based on the currently focused app (in X)? > > My intended use-case is to use the additional buttons on my drawing tablet > to do various functions, but depending on the current app. So in Gimp they > would do one thing, in Libreoffice another, in Inkscape another. > Don't your applications have an option to customize the shortcuts? -- damjan
Re: [arch-general] [arch-dev-public] Proposal: minimal base system
(posting to general, since I can't on dev-public) On Mon, 21 Jan 2019 at 23:03, Levente Polyak via arch-dev-public wrote: > > # Proposal > > There is no strict definition of what a minimal Arch Linux system > installation must contain. However in reality we mostly don’t add any > packages that are in the base group as a dependency to other packages, > which basically makes it a hard requirement. > > The current way of defining a minimal system via a group is non-optimal > for the following reasons: One of the issues that might need to be fixed is this: https://bugs.archlinux.org/task/54887 (FS#54887 - [openssl] remove perl from dependency of the openssl package) -- damjan
Re: [arch-general] Kernel 4.19 preventing Firefox from playing videos
> I have a very strange issue with kernel 4.19.1 With this kernel Firefox > no longer plays any videos. It opens the page but the video wont play. what video? youtube? works well here, on intel i7-7500U, KDE on X11 (modesetting driver) with both 4.19.1-arch1 and 4.19.2-arch1 > I'm running Gnome on a Thinkpad X201. are you running wayland, modsettings or the intel X11 driver (the X modesetting is perhaps recommended) maybe try another compositor, instead of the gnome one -- damjan
Re: [arch-general] i3stats depends on wireless_tools, causing "firmware load for regulatory.db failed" w/o wireless-regdb
On 12 August 2018 at 01:48, David C. Rankin wrote: > Archdevs, > > There seems to be a funny depends (or missing depends) issue for *some* > systems without wireless that have i3status installed. > > This appears to be because i3stats depends on wireless_tools, which during > boot triggers an attempt I don't see anything in the wireless_tools package that would trigger on boot. there are no udev rules or systemd services. -- damjan
Re: [arch-general] systemd --user enable: Failed to connect to bus: No such file or directory
On 27 June 2018 at 08:26, Bjoern Franke wrote: > Hi, > > I'm trying to create a systemd timer for a user to run duply daily. For > one user the enabled worked fine, but another one: > > systemctl --user enable backup.timer > Failed to connect to bus: No such file or directory > > I have no clue why this happens, systemctl daemon-reload (also with > --user) did not fix it. I found a similar issue in the forums, but the > solution was to "ln -s" the timer and than rebooting. But I don't think > this would be the "correct" solution because "systemctl --user enable" > should also work. What distro are you running? And what are the versions of systemd and dbus? You also should have (so confirm that) /usr/lib/systemd/user/dbus.socket and /usr/lib/systemd/user/dbus.service files and a /usr/lib/systemd/user/sockets.target.wants/dbus.socket symlink too -- damjan
Re: [arch-general] Why no git --depth=1 option for makepkg?
>> This means that PKGBUILDs which checkout a specific revision are >> actually worse than the rest, as you cannot even get the source without >> knowing how many commits you need (rather than failing afterwards in >> pkgver() or something). > > Right. I had assumed that git clone -b/--branch did also exist for > tags. https://www.kernel.org/pub/software/scm/git/docs/git-clone.html --branch can also take tags and detaches the HEAD at that commit in the resulting repository.
Re: [arch-general] Disable vboxadd.service & vboxadd-service.service after guest additions included in 4.15?
On 11 February 2018 at 13:47, Giacomo Longo via arch-generalwrote: > So you want to have > > vboxadd-service and vboxadd systemd services not starting on Linux kernel > versions 4.15 and above? > > You can manage this by creating a template systemd unit > > /etc/systemd/system/kernel-version-less-then@.service > --- > [Unit] > Description=Check if currently installed kernel version is less than target > > [Service] > Type=oneshot > ExecStart=/usr/bin/sh -c '[[ "$(/usr/bin/vercmp %i %v)" = "1" ]]' > Restart=no > CollectMode=inactive-or-failed > > [Install] > WantedBy=multi-user.target > > Then create the directories > > /etc/systemd/system/vboxadd.service.d/ > /etc/systemd/system/vboxadd-service.service.d/ > > Then for each service > > > /etc/systemd/system/vboxadd.service.d/kerver.conf > - > [Unit] > After=kernel-version-less-then@4.15.service > Requires=kernel-version-less-then@4.15.service > > /etc/systemd/system/vboxadd-service.service.d/kerver.conf > - > [Unit] > After=kernel-version-less-then@4.15.service > Requires=kernel-version-less-then@4.15.service > > In this way, if my bash-fu is correct, the version compare will fail the > kernel-version-less-then@4.15.service and vboxadd and vboxadd-service will > not start there is ConditionKernelVersion= man systemd.unit -- damjan
Re: [arch-general] pacman man page needs at least one update
On 22 August 2017 at 19:01, Jude DaShiellwrote: > pacman -g and pacman --groups both appear no longer working. Neither in > that form generates a current list of groups. pacman -Sg and pacman -Qg seem to work -- damjan
Re: [arch-general] Handling python venv packages breaking on glibc update
> I use psycopg2 for postgres access in my pyramid web-app, and like most > (all?) python developers all the dependencies are in a virtualenv, > including psycopg2 itself. > > This means, of course, that the psycopg2 wheel is precompiled. > > With the recent glibc-2.26 update, I can no longer import psycopg2. This is > the error message I get on the file libresolv-2-c4c53def.5.so: > > symbol __res_maybe_init, version GLIBC_PRIVATE not defined in file > libc.so.6 with link time reference > > I'm not sure why the psycopg2 pip package bundles in libresolv (which is > part of glibc in Arch, explaining why the Arch psycopg2 package works fine, > even without a recompile). Where's the right place for me to fix this? With > the psycopg2 pip maintainers or somewhere else? why not just use the Arch package? I prefer that for pacakges that link to system libraries. -- damjan
Re: [arch-general] How can I set CAPS LOCK as Escape throughout reboot
On 17 August 2017 at 15:51, Junayeed Ahnaf via arch-generalwrote: > Hello, > > Currently I use "setxkbmap -option caps:escape" and it works well, but > I'd like to know how to make it persistent through reboot. I set this > line in .xinitrc but it didn't work. depends on your login manager and the desktop environment. Gnome will overwrite XKB settings anyway. KDE would if configured. some login managers (or their Xsession scripts) will read ~/.Xkbmap as options to setxkbmap -- damjan
Re: [arch-general] Why there is no NetworkManager in ArchISO
On 24 July 2017 at 07:30, Junayeed Ahnaf via arch-generalwrote: > Hello, > > Why is there no NetworkManager in ArchISO? Isn't it widely accepted as > the go to method of connecting to internet in Linux? Is there any reason > for it not to be default? I would say that the reason NM is not on ArchISO is becaues in the past it didn't have a simple enough support for a console UI, which made it very useless in the ArchISO text-only envrionement. Nowdays, with `nmtui` I'd say it would be ok to have it. NM has been buggy in the past, but these days, it's a great tool. -- damjan
[arch-general] nginx package compiled on testing?
At this moment packages in core/extra are: nginx 1.12.1-1 pacman 5.0.2-1 nginx -V has --with-cc-opt='-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -D_FORTIFY_SOURCE=2' but the pacman 5.0.2-1 version of /etc/makepkg.conf doesn't have the -fno-plt argument. I'd assume nginx 1.12.1-1 was compiled on a system with pacman 5.0.2-2 from testing? https://git.archlinux.org/svntogit/packages.git/diff/trunk/makepkg.conf?h=packages/pacman=0cd22d4454e0e1b3ae589b95274f808001465c15 Is this allowed? I suspect this is one of the reasons I can't compile a dynamic module for nginx -- damjan
Re: [arch-general] Sébastien Luttringer and Tobias Powalowski
On 3 July 2017 at 01:22, Eli Schwartz via arch-generalwrote: > On 07/02/2017 07:01 PM, Ismael Bouya wrote: >> (Mon, Jul 03, 2017 at 12:29:44AM +0200) Morten Linderud : >>> But HTTPS doesnt matter here. We have a trusted signer inn the PKGBUILD, >>> anyone can MITM for the good of their life. >>> Unless they can fake the signature (Hint; they cant), or trick Lennart into >>> signing something he shouldnt (Hint; he >>> wont), we don't have a case here. It doesn't really matter if its HTTP or >>> HTTPS. >>> >>> You also didn't really reply about the threat model. >> >> If I understand correctly what Nicohood meant, >> what could happen is that version X of systemd (or anything else) has a >> well known vulnerability, fixed in X+1. X+1 is packaged, so anyone >> up to date thinks "good I'm safe now". But since a man in the middle can >> force to download version X (signed by the systemd maintainer so >> considered "secure"), he can force you to download that version when you >> create the package and you'll think you have the safe version while >> having the unsafe one. > > Okay, this I am genuinely curious about. > > In what circumstances can I have: > - the systemd repository cloned over the git:// protocol > - an annotated tag for systemd v233 signed by Lennart Poettering. > - an annotated tag for systemd v232 signed by Lennart Poettering. > - a man in the middle attack > - `git verify-tag --raw v233` reports a GOODSIG with a VALIDSIG > ${fingerprint} that matches with Lennart's known GPG fingerprint as > recorded in validpgpkeys > > And as a result, when I run the git command `git checkout > refs/tags/v233`, I am tricked into getting v232 instead which contains a > vulnerability. Also, I wouldn't be alerted by the verbose printing of > the systemd version which happens during the boot process, nor by > $systemd_binary --version > > ... > > Because I don't think git works that way, but I am willing to be proven > wrong. Also I bet the git developers would be fascinated to hear the > details, you might even get some sort of bounty for successfully hacking > git like that. On the other hand, the systemd-stable repo doesn't have signed tags (or commits) and Arch is probably going to move to that since it has post-release fixes for regressions and bugs. -- damjan
Re: [arch-general] kernel-install in archlinux
On 22 June 2017 at 14:42, Mauro Santos via arch-general <arch-general@archlinux.org> wrote: > On 22-06-2017 12:58, Damjan Georgievski via arch-general wrote: >> Is there any plan for moving ArchLinux to the kernel-install >> infrastructure[1] >> >> I've seen some talk about it from a year ago, but the discussion seems >> to have died off. >> >> My personal use case is to have a hook that self-signs >> kernel+initramfs+cmdline images for secure boot (using my own keys), >> and currently I have to do that manually whenever the initramfs is >> updated. >> >> >> >> >> [1] >> https://www.freedesktop.org/software/systemd/man/kernel-install.html >> [2] >> https://lists.archlinux.org/pipermail/arch-dev-public/2016-May/028014.html >> > > You may want to check 'man alpm-hooks'. You should be able to automate > what you want to do. Unfortunately that's not enough, other hooks (which are unknown) can update the initramfs, and I can't hook on /boot/initramfs-* since it's not part of any package. ps. and yes, I already do have a hook that triggers on the linux package -- damjan
[arch-general] kernel-install in archlinux
Is there any plan for moving ArchLinux to the kernel-install infrastructure[1] I've seen some talk about it from a year ago, but the discussion seems to have died off. My personal use case is to have a hook that self-signs kernel+initramfs+cmdline images for secure boot (using my own keys), and currently I have to do that manually whenever the initramfs is updated. [1] https://www.freedesktop.org/software/systemd/man/kernel-install.html [2] https://lists.archlinux.org/pipermail/arch-dev-public/2016-May/028014.html -- damjan
Re: [arch-general] gnupg: systemd enable in post_install
>> what's the rationale to enable the gnupg sockets in post_install of the >> package? >> >> https://git.archlinux.org/svntogit/packages.git/tree/trunk/install?h=packages/gnupg#n21 >> >> I don't disagree that the sockets maybe should be enabled (I have them >> enabled for me), it's just a strange way to enable them in >> post_install, and linking them in /etc/ >> >> Why doesn't the PKGBUILD make the symlinks in >> /usr/lib/systemd/user/sockets.target.wants/ ? > > > I did that in the pulseaudio package at first and people complained that > they couldn't "disable" the pulseaudio socket and "mask" also prevented a > manual start. got it. makes sense though users will need root privileges to disable it then, but I guess for Arch that doesn't matter. -- damjan
[arch-general] gnupg: systemd enable in post_install
what's the rationale to enable the gnupg sockets in post_install of the package? https://git.archlinux.org/svntogit/packages.git/tree/trunk/install?h=packages/gnupg#n21 I don't disagree that the sockets maybe should be enabled (I have them enabled for me), it's just a strange way to enable them in post_install, and linking them in /etc/ Why doesn't the PKGBUILD make the symlinks in /usr/lib/systemd/user/sockets.target.wants/ ? dbus does that for ex. -- damjan
Re: [arch-general] Unable to start gnome-terminal from KDE session
> ...which sounds a bit like what I'm seeing, at least the slowness part. > However, I use SDDM, so I can't put the recommended > dbus-update-activation-environment in any .xinitrc file (which is only run > when > you do startx as far as I know). > > So, two questions: > > (1) Where would I put this command so that it's run by SDDM on login? isn't that already done via: /etc/X11/xinit/xinitrc.d/50-systemd-user.sh which is sourced by /usr/share/sddm/scripts/Xsession -- damjan
Re: [arch-general] makepkg bind-9 FAILED (unknown public key F1B11BF05CF02E57)
> libtool: compile: gcc -I/home/david/arch/pkg/abs/bind/src/bind-9.11.0-P3 > -I../../.. -I./include -I./../pthreads/include -I../include -I./../include > -I./.. -I/usr/include -D_REENTRANT -D_GNU_SOURCE -march=x86-64 -mtune=generic > -O2 -pipe -fstack-protector-strong -DDIG_SIGCHASE -I/usr/include > -I/usr/include/libxml2 -fPIC -W -Wall -Wmissing-prototypes -Wcast-qual > -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing > -fno-delete-null-pointer-checks -c app.c -fPIC -DPIC -o .libs/app.o > In file included from /usr/include/json/autolink.h:9:0, > from /usr/include/json/json.h:9, > from ../include/isc/json.h:33, > from ../include/isc/mem.h:16, > from app.c:29: > /usr/include/json/config.h:9:35: fatal error: string: No such file or > directory > #include //typedef String huh, that's a C++ style #include* and you are compiling with a C compiler (and obviously app.c is a C program) have no idea, see upstream. * and indeed /usr/include/json/config.h is part of jsoncpp "C++ library for interacting with JSON" how did that get included in a C program??? -- damjan
Re: [arch-general] makepkg bind-9 FAILED (unknown public key F1B11BF05CF02E57)
> I pulled ABS updates and got the patch mentioned in > https://bugs.archlinux.org/task/53240. However, attempting to build bind/bind > tools 9.11.0-P3 fails due to an unknown upstream public key: > > makepkg -s > > ... > ==> Verifying source file signatures with gpg... > bind-9.11.0-P3.tar.gz ... FAILED (unknown public key F1B11BF05CF02E57) https://wiki.archlinux.org/index.php/makepkg#Signature_checking -- damjan
Re: [arch-general] Firefox 52 Audio broken
> Since the update to firefox 52 the audio support has been broken. nope, it works fine. alas, ALSA support in Firefox has become unmaintained … this means if Arch reverts to ALSA it'll be shipping worse code just for the few people that choose to not use Pulseaudio (for their own reasons). > This seems to be because pulse audio is now a dependency by default in > firefox. > However firefox can still be build with ALSA support. > > Without getting into any dicussion about issues about pulseaudio itself, I > believe it should be possible to use firefox on arch without being forces to > use pulse > audio. I am certainly not the only one to have banned this package from my > boxes. And having more choices is certainly a good thing. > > Not sure this is the right place but I would like to ask to change back to > the old defaults (ALSA). > With the old defaults, the user can choose to use pulse audio (or JACK) or > stay with plain ALSA support. -- damjan
Re: [arch-general] Ping: 100% package loss
> And the most surprising thing is, that it worked for one single moment, > see the PS, and stopped working after the next reboot - with all what I > tried to make it work still untouched and in place. > > Any further tipps here? do you even have an IPv6 service from your ISP? try pinging [2a00:1450:401b:801::2004] (an address I get for www.google.com) also, ping now has the -4 and -6 options to specify which protocol to use. otherwise, AFAIK the resolver in glibc autodetects if it'll use ipv4 or ipv6 by defult -- damjan
Re: [arch-general] uwsgi-2.0.14-15 segfaults with php plugin
https://bugs.archlinux.org/task/52406 the packager is a bit irresponsible On 17 January 2017 at 17:14, David Rungewrote: > Hey all, > > ran into the issue, that after updating from uwsgi 2.0.14-1 to uwsgi > 2.0.14-5 (php plugin of the same version), all php based webapps make > uwsgi segfault (tested with wordpress and stikked)! > > Something like the below will happen (including after reboot): > > Jan 17 16:24:20 frqrec systemd[1]: Starting uWSGI service unit... > Jan 17 16:24:20 frqrec uwsgi[2370]: [uWSGI] getting INI configuration > from /etc/uwsgi/wordpress.ini > Jan 17 16:24:20 frqrec uwsgi[2370]: *** Starting uWSGI 2.0.14 (64bit) on > [Tue Jan 17 16:24:20 2017] *** > Jan 17 16:24:20 frqrec uwsgi[2370]: compiled with version: 6.3.1 > 20170109 on 10 January 2017 00:34:54 > Jan 17 16:24:20 frqrec uwsgi[2370]: os: Linux-4.8.13-1-ARCH #1 SMP > PREEMPT Fri Dec 9 07:24:34 CET 2016 > Jan 17 16:24:20 frqrec uwsgi[2370]: nodename: frqrec > Jan 17 16:24:20 frqrec uwsgi[2370]: machine: x86_64 > Jan 17 16:24:20 frqrec uwsgi[2370]: clock source: unix > Jan 17 16:24:20 frqrec uwsgi[2370]: pcre jit disabled > Jan 17 16:24:20 frqrec uwsgi[2370]: detected number of CPU cores: 2 > Jan 17 16:24:20 frqrec uwsgi[2370]: current working directory: / > Jan 17 16:24:20 frqrec uwsgi[2370]: detected binary path: /usr/bin/uwsgi > Jan 17 16:24:20 frqrec uwsgi[2370]: setgid() to 33 > Jan 17 16:24:20 frqrec uwsgi[2370]: setuid() to 33 > Jan 17 16:24:20 frqrec uwsgi[2370]: your processes number limit is 15780 > Jan 17 16:24:20 frqrec uwsgi[2370]: your memory page size is 4096 bytes > Jan 17 16:24:20 frqrec uwsgi[2370]: detected max file descriptor number: > 1024 > Jan 17 16:24:20 frqrec uwsgi[2370]: lock engine: pthread robust mutexes > Jan 17 16:24:20 frqrec uwsgi[2370]: thunder lock: disabled (you can > enable it with --thunder-lock) > Jan 17 16:24:20 frqrec uwsgi[2370]: *** Cache "wordpress" initialized: > 64MB (key: 2136 bytes, keys: 2136000 bytes, data: 65536000 bytes, > bitmap: 0 bytes) preallocated *** > Jan 17 16:24:20 frqrec uwsgi[2370]: - SystemD socket activation detected > - > Jan 17 16:24:20 frqrec uwsgi[2370]: uwsgi socket 1 attached to UNIX > address /run/uwsgi/wordpress.sock fd 3 > Jan 17 16:24:20 frqrec uwsgi[2370]: !!! uWSGI process 2370 got > Segmentation Fault !!! > Jan 17 16:24:20 frqrec uwsgi[2370]: *** backtrace of 2370 *** > Jan 17 16:24:20 frqrec uwsgi[2370]: /usr/bin/uwsgi(uwsgi_backtrace+0x2c) > [0x466eec] > Jan 17 16:24:20 frqrec uwsgi[2370]: /usr/bin/uwsgi(uwsgi_segfault+0x21) > [0x4672b1] > Jan 17 16:24:20 frqrec uwsgi[2370]: /usr/lib/libc.so.6(+0x330b0) > [0x7f9a019ea0b0] > Jan 17 16:24:20 frqrec uwsgi[2370]: > /usr/lib/uwsgi/php_plugin.so(+0x53ca) [0x7f9a001fa3ca] > Jan 17 16:24:20 frqrec uwsgi[2370]: *** end of backtrace *** > Jan 17 16:24:20 frqrec systemd[1]: uwsgi-private@wordpress.service: Main > process exited, code=exited, status=1/FAILURE > Jan 17 16:24:20 frqrec systemd[1]: Failed to start uWSGI service unit. > Jan 17 16:24:20 frqrec systemd[1]: uwsgi-private@wordpress.service: Unit > entered failed state. > Jan 17 16:24:20 frqrec systemd[1]: uwsgi-private@wordpress.service: > Failed with result 'exit-code'. > > Reverting back to uwsgi 2.0.14-1 fixes the problem (after restarting the > socket, that activates the webapp). > > As a sidenote: I'm using the hardening and socket activation options as > explained here, which shouldn't have much of an effect on the uwsgi > itself though): > https://wiki.archlinux.org/index.php/UWSGI#Socket_activation > https://wiki.archlinux.org/index.php/UWSGI#Hardening_uWSGI > > Has anyone had the same issue? > I can't seem to find out, what has changed between revision 1 and 5 or > if it needs another rebuild. > > Best, > David > > > -- > https://sleepmap.de -- damjan
Re: [arch-general] [arch-dev-public] Preparing OpenVPN 2.4.x - possible incompatible changes
>> I do not oppose using whatever upstream is deploying, if it's >> rationale. I just think that we could create a system user for >> openvpn, even if most users will deploy it using root. > > We need root privileges at initialization phase, no? Privileges are dropped > to nobody/nobody when initialization sequence completed. > > If we can make things work with non-root system user... Let me know how to do > that. :D You can have systemd-networkd create the tun (or tap) interface and change its ownership to a specific user, that way openvpn doesn't need privileges for that. That's my setup with a bridged tap interface https://gist.github.com/gdamjan/6b988389afe36e4bb769 for tap interfaces, networkd can also do the ip setup, for tun interfaces, openvpn would need to use ... sudo? -- damjan
Re: [arch-general] howto remove old package version
> pacman -Syu > :: Starting full system upgrade... > > warning: mesa: local (13.0.0rc2-2) is newer than extra (12.0.3-3.1) > warning: mesa-libgl: local (13.0.0rc2-2) is newer than extra (12.0.3-3.1) > > how do i remove old version and install new with pacman, > have tried pacman -R but had dependency problems. you should've mentioned that this is ArchLinux Arm and yes, they reverted those packages (at leat on armv6 for raspberrypi) I dunno why, don't even care -- damjan
Re: [arch-general] Cannot no longer resolve local hostname with the new nsswitch.conf
On 8 November 2016 at 18:43, Patrick Burroughs (Celti) via arch-general <arch-general@archlinux.org> wrote: > On Tue, 8 Nov 2016 18:01:32 +0100 > Damjan Georgievski via arch-general <arch-general@archlinux.org> wrote: > >> > $ getent -s resolve hosts $(hostname) >> >> this should fail since you don't have the resolved service running. > > nss-resolve will chainload nss-dns when systemd-resolved is not running > (see `man 8 nss-resolve`). ah right, that fallback should be removed *in the future* and I was under the impression it already happened https://github.com/systemd/systemd/commit/344874fcd0a3fc1f9bc6cdf34ecaf537c10a3ad3 -- damjan
Re: [arch-general] Cannot no longer resolve local hostname with the new nsswitch.conf
> $ getent -s resolve hosts $(hostname) this should fail since you don't have the resolved service running. but, when using `hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname` standard resolving should then go to the dns source, and then to the myhostname source. what does getent -s dns hosts $(hostname) getent -s myhostname hosts $(hostname) return ? also are you up-to-date with systemd 232? -- damjan
Re: [arch-general] Cannot no longer resolve local hostname with the new nsswitch.conf
On 8 November 2016 at 13:37, Chi-Hsuan Yen via arch-generalwrote: > Hi Arch enthuasiasts, > > With testing/filesystem 2016.11-2, I can no longer use my local hostname to > acess services on the local machine. For example: > > $ hostname > PC12574 > > $ ping PC12574 > ping: PC12574: Name or service not known > > Seems changes in nsswitch.conf [1] does the effect. If I change the hosts: > line in nsswitch.conf back to the old configuration "files resolve > mymachines myhostname", or remove the [!UNAVAIL=return] part from this > line, ping works fine: do you have systemd-resolved running? what does `getent -s resolve hosts ` return? -- damjan
[arch-general] new /etc/nsswitch.conf
there's a new /etc/nsswitch.conf file in filesystem-2016.11 Maybe someone would care to explain the changes? maybe even a news post? https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/filesystem=f1cd9f7fb4cdf7617a1b875e14be212733f9c67a -- damjan
Re: [arch-general] how to restore root and boot directory
> Hi everyone > while reinstalling arch on raspberry pi memory stick i had the two > partitions mounted on mount points called root and boot in my home dir > on my laptop, > i intended to delete everything in root and boot in my home directory > but lost my mind and rm -rf /boot/* and /root/* instead, > is there a easy way to restore files to boot and do i just fix the root > user directory with useradd ? > shadrock /root really shouldn't have anything of importance, unless you left it there - in which case, you can't recover it /boot has the kernel, the initramfs - which can be recreated if you reinstall the "linux" package and probably some bootloader files that you can also reinstall depending on the boot loader: - grub-install - extlinux - bootctl -- damjan
Re: [arch-general] efivars mounted read-write, but "operation not permitted, "
On 3 August 2016 at 22:03, Zachary Klinewrote: > Hi All, > > This is admittedly more about Linux in general than Arch specifically, but > I’m wondering if anybody has insight into why I can’t delete EFI variables, > when efivarfs is mounted read-write. For anybody interested, I am wanting to > remove the default boot entry created by systemd-boot, but receive an > “Operation not permitted,” message when trying to do so, even as root. try efibootmgr -- damjan
[arch-general] texinfo, a dependency for libidn and libtasn1
Do libidn and libtasn1 really require texinfo? makes texinfo uninstallable, but I don't need docs on this system. Does any of the "requiires" of texinfo[1] actualy require it? shouldn't it be an opt-depend? [1] https://www.archlinux.org/packages/core/x86_64/texinfo/ -- damjan
Re: [arch-general] Announcing pacpak
On 10 July 2016 at 11:05, pelzflorian (Florian Pelz)wrote: > Hello, > > A specter is haunting the GNU/Linux ecosystem: the specter of per-user > containerization. Software like Flatpak and Snappy promise fully > sandboxed GNU/Linux application bundles (instead of merely launching an > application with fewer privileges but without hiding the operating > system, like Bubblewrap or Firejail do). Bundles ship with the version > of their dependencies which they need. Ubuntu is doing something similar it seems https://bregmatter.wordpress.com/2016/07/04/x11-applications-and-unity-8/ This is for their non-deb (deb-less?) distro version, they install debs in containers, each getting their own XMir server. Good for non-trustworthy or exposed apps. -- damjan
Re: [arch-general] time setting problem after installing.
On 3 July 2016 at 22:27, matthew dyer via arch-generalwrote: > Hi all, > > I just installed arch into a vertual machine dfor now as I do not have a > bare boons system to install to at the moment. Any way I have a problem > whare my system thinks I am in lundon uk and not in the us. I have tried > running NTPD-QG but I am told that the command not found. I want the clock > to show the correct local time and not have it showing 4 hours ahead of it > self. Any ideas on how to fix this. I want to show it in .profile, but it > just creates a new file instead of using the exhisting file. How can I > change my time to the corect local time? Thanks. I didn't understand half of what you said, but: a) to set the system wide timezone use the command: timedatectl set-timezone Europe/London b) to enable a ntp client you can use systemd-timedate, enable it with: timedatectl set-ntp yes -- damjan
Re: [arch-general] Kernel version in hooks
On 17 May 2016 at 14:50, Damjan Georgievski <gdam...@gmail.com> wrote: > Can I somehow get the kernel version from a hook invoked on the kernel > package update? so I ended up with this (for now): https://gist.github.com/gdamjan/dd94057318f9c68327066068cacf99bc The reason was, I needed to run mkinitcpio by hand for linux-armv7 since the package itself doesn't do it (they expect that the kernel has everything to boot, which is not true since I boot my BeagleBoard over NFS). the second problem is that the `mkinitcpio -p preset` didn't work either since the kver function in mkinitcpio can't find the version out of the zImage file. this current setup doesn't support more kernels though - I'd have to find the KERNEL_NAME for that. ps. not specifing "NeedsTargets" in the hook makes the "read TARGET" block. I guess stdin should be /dev/null in that case. -- damjan
Re: [arch-general] Kernel version in hooks
>>> Can I somehow get the kernel version from a hook invoked on the kernel >>> package update? >> >> by version I mean the "4.5.4-1-ARCH" kernel version, not the "4.5.4-1" >> package version > > > How do you detect the kernel package upgrade? If you use the path to its > modules, you can add "NeedsTargets" to the hook and extract the version from > the module path just like the dkms hook does it. the package name, ie. Type = Package Target = linux are you saying to use Type = File and Target = usr/lib/modules/* ? that'll have some unwanted targets though (the extramodules on for ex.) -- damjan
Re: [arch-general] Kernel version in hooks
On 17 May 2016 at 14:50, Damjan Georgievski <gdam...@gmail.com> wrote: > Can I somehow get the kernel version from a hook invoked on the kernel > package update? by version I mean the "4.5.4-1-ARCH" kernel version, not the "4.5.4-1" package version -- damjan
[arch-general] Kernel version in hooks
Can I somehow get the kernel version from a hook invoked on the kernel package update? -- damjan
Re: [arch-general] Adding new disks > 2T to system that boots with grub, can GPT be used for new disks?
> I'm confused by the partitioning wiki > (https://wiki.archlinux.org/index.php/Partitioning). It says: > > If using GRUB legacy as the bootloader, one must use MBR > > What about adding disks to this system? Must they be partitioned MBR or can > I > use GPT on the additional disks. (I haven't used GPT before, so this has me > stumped). > > Current setup is Arch booting from grub (grub2) on 1T raid1 mdadm array. I > have a pair of 3T drives I want to add to the system. (as a 3T raid1 mdadm > array). > > I want to use the entire disk in a single partition which is why I want to > partition the disks GPT (leaving 100M unpartitioned at the end). > > Can I use GPT on the new disks, or am I stuck with MBR? since you're not booting of the new disks, it doesn't matter. and that "Grub Legacy" is grub 0.9x not grub2. grub2 can boot of GPT easily (it just needs a 2mb legacy boot partition). -- damjan
Re: [arch-general] most efficient way to get linux kernel statistics
>>> The free command gets its information from /proc/meminfo. >>> Performance-wise, it doesn't really matter if a few additional lines >>> need to be parsed. >> >> Hello, >> Thank you Florian. Actually, I already knew it's the same, I just >> thought that he could use the free command instead of parsing it >> himself. You're right. Performance-wise, it's pretty much the same. >> > > Sorry, I didn't express myself properly. I didn't mean to criticize > free. What I meant to say was that the time it takes to parse > /proc/meminfo or free is negligible. It doesn't need to be any more > efficient. free parses /proc/meminfo. libgtop parses /proc/meminfo. > Querying the information probably takes much more time than parsing it. > > Your suggestion to use free may indeed be useful if the original poster > wants parsing to be slightly simpler and does not mind the additional > dependency. My impression was that they considered parsing to be too > inefficient. there's also `sysinfo(2)` -- damjan
Re: [arch-general] libvirt and VirtualBox
since the update of libvirt to 1.3.2, it seems the sd_notify support is broken, and the daemon is killed. is the daemon even running for you? On 3 March 2016 at 14:37, Jukka Salmiwrote: > Hello > > On an up-to-date Arch x86-64 system, I fail to manage VirtualBox VMs > with libvirt virsh: > > $ virsh -c vbox:///session > error: failed to connect to the hypervisor > error: internal error: unable to initialize VirtualBox driver API > > Is this supposed to work out of the box? > > Both VirtualBox (5.0.14-1) and libvirt (1.3.2-1) are installed from the > community repository, and VirtualBox support seems to be compiled in: > > $ virsh -V > Virsh command line tool of libvirt 1.3.2 > [...] > Compiled with support for: > Hypervisors: QEMU/KVM LXC UML OpenVZ VMware PHYP VirtualBox ESX Test > [...] > > Furthermore, both VirtualBox alone (i.e. when managed by VBoxManage or > similar) and libvirt when used to manage QEMU/KVM sessions work fine. > > Any hints about what I'm missing? > > > TIA & cheers, > > Jukka > > -- > This email fills a much-needed gap in the archives. -- damjan
Re: [arch-general] Alternative init system proposal
On 9 February 2016 at 17:34, Guus Snijderswrote: > Op 9 feb. 2016 17:27 schreef "Michał Zegan" : >> > >> A note about using shell scripts in systemd: >> Who said you can't? and I don't talk about systemd's init.d >> compatibility that is disabled in arch. Although you have to write >> unit files, you can start scripts, so you do not really lose >> flexibility. Also systemd's isolation capabilities are superior, there >> are some things you currently cannot do from scripts, like >> PrivateTmp=yes and stuff. > > Isolation is AFAIK based on cgroups, not the easiest subject, but certainly > not impossible to implement. not impossible, if you reimplement systemd :) > PrivateTmp: Does that more then setting $TEMP to a custom value? > > I'm just being curious here. yes, it creates a filesystem/mount namespace for the process(es) and mount's a /tmp/systemd-private-/ directory as /tmp. from the point of view of the process it will never see anything else from the outer /tmp -- damjan
Re: [arch-general] Why does a regular user have access to /dev/uinput (and why only temporary)
>> $ getfacl /dev/uinput >> getfacl: Removing leading '/' from absolute path names >> # file: dev/uinput >> # owner: root >> # group: root >> user::rw- >> user:manuel:rw-#effective:--- >> group::--- >> mask::--- >> other::--- >> >> So somehow the permission is still there, but no longer effective??? >> >> If I switch VT once (and probably switching the active session this way) >> I have permission again and now my user keeps it. >> >> What is causing this ugly behaviour? Why does a user have to have uinput >> permissions at all? The (possible security) problem with this is, that >> the driver (may be a simulated keyboard driver) keeps active even if the >> session changes. So a software, launched in one session, affects another >> session. device nodes tagged with 'uaccess' by udev are given to the current seat user by logind. see what has TAG+="uaccess" in /usr/lib/udev/rules.d/ -- damjan
Re: [arch-general] systemd user accounts are created in a inconsistent way
On 2 February 2016 at 21:28, Daniel Milewskiwrote: > Most systemd user accounts are present in the /etc/passwd file provided > by the filesystem package. This is not the case for only two of them, > namely systemd-journal-upload and systemd-journal-remote, which are set > up by systemd-sysusers, executed when the systemd package is installed. > > Is there a reason for that? Wouldn't it be better to include all > systemd users in /etc/passwd, or let systemd-sysusers handle account > creation? it's better to let `systemd-sysusers` create all users, /etc/passwd should probably not be included in any package since it changes in the lifetime of the distro and updates are hard to merge. -- damjan
Re: [arch-general] btrfs/snapper hook for pacman 5.0?
> https://github.com/andrewgregory/pachooks do hook files need to end in .hook ? I couldn't find it mentioned in man alpm-hooks or pacman -- damjan
Re: [arch-general] btrfs/snapper hook for pacman 5.0?
On 2 February 2016 at 10:40, Damjan Georgievski <gdam...@gmail.com> wrote: >> https://github.com/andrewgregory/pachooks > > do hook files need to end in .hook ? > I couldn't find it mentioned in man alpm-hooks or pacman Also, `Exec =` requires a full path to the executable -- damjan
Re: [arch-general] Chromium Favorites Bar Partially Inoperative
> I just installed Chromium, v. 48.0.2564.97, two days ago. I imported > my bookmarks from Firefox and enabled the bookmarks bar. I added a few > new bookmarks to the bar, but not in my existing folders. > > Today, I tried to drag-and-drop the bookmarks into the folders on my > bookmarks bar, but nothing happened - the bookmarks just remained on > the bar. In addition, it seems impossible to move anything on the bar, > i.e., adjusting the order of folders or bookmarks. Everything just stays > where it was originally placed. > > For those who don't use Chromium, this is not normal behavior - one should > be able to drag-and-drop into folders, subfolders, and slide things > around at will. > > In fact, even in the bookmark manager it is not possible to drag-and-drop; > the only way I've found to move a bookmark into a folder is to copy and > paste it there, then delete the original. > > I've tried disabling my two extensions without luck, and I see no > recent activity on the boards or on Chromium's bug tracker. > > Anyone else seeing this? Any suggestions? huh. possibly unreleated but I just experienced that drag from dolphin to a html5 drop-zone doesn't work either. it even doesn't work from a directory view in chromium itself to a html5 page in chromium. OTOH, firefox directory view -> chromium page and chromium directory view -> firefox page both work fine. some people on the forums noticed something similar too https://bbs.archlinux.org/viewtopic.php?id=207338 -- damjan
Re: [arch-general] systemd user unit files from custom directory
On 30 January 2016 at 12:48, Andre "Osku" Schmidtwrote: > hello, > > thought i'd ask here first, in case it's a distro problem. > > was wondering if we can use systemd to start and stop a daemon for > testing purposes during development. meaning, i would like to not have > to "install" my daemon nor its systemd service file, and instead run > all from the working directory. > > from systemd.unit man page i got the impression that this example would work: > > ❱ tree $PWD > /data/projects/hmm > └── systemd > └── user > └── foobar.service > > ❱ cat systemd/user/foobar.service > [Unit] > Description=Foo Bar > [Service] > ExecStart=/usr/bin/sleep 42 > > ❱ XDG_CONFIG_HOME=$PWD systemctl --user start foobar > Failed to start foobar.service: Unit foobar.service failed to load: No > such file or directory. > > am i doing it wrong, or? the daemon reads and starts the service not systemctl. in recent versions of systemd you can symlink the service file from ouside ~/.config/systemd/ too ps. what exactly are you testing? there's also systemd-run -- damjan
Re: [arch-general] FireFox 44 turning the bookmark toolbar+ extensions area + current tab into light gray (like selected) [gist image]
> Just updated Arch, and got FF 44, but there's a new color behavior on > the bookmark toolbar, the extensions area, and current tab. > > It looks like if everything was somehow selected, light grayed. This > is new, but I don't know if it's the new 44+ expected behavior, or > something that got broken, and perhaps there's a way to work it > around. > > The gist linked image provides a snapshot of the new weird behavior: > > https://gist.github.com/je-vv/7a00601e9217cd9d3447 you don't seem to be using the default look-and-feel of Firefox so it's hard to say what you expect to be right and how your expectation doesn't meet reality. -- damjan
Re: [arch-general] systemctl --user problems
> 3. and also I've found that XDG_RUNTIME_DIR and XDG_SESSION_ID are not > set (neither before or after restarting user@) as should be the case > from [1] and [2]. are you using a proper login manager, do you have pam_systemd in your pam configs? -- damjan
Re: [arch-general] Unknown Trust and Corrupted Package
>> I'm receiving message about unknown trust while trying to install the confuse >> package. >> > > Looks like people tend to forget about updating pacman keyring. > > pacman-key --refresh-keys is'n this done automatically? should it? -- damjan
Re: [arch-general] Unknown Trust and Corrupted Package
> Looks like people tend to forget about updating pacman keyring. > > pacman-key --refresh-keys huh, now what? # pacman-key --refresh-keys gpg: refreshing 85 keys from hkp://keys.gnupg.net gpg: keyserver refresh failed: Permission denied ==> ERROR: A specified local key could not be updated from a keyserver. -- damjan
Re: [arch-general] Firefox without signature checking
>> This sounds like something for the AUR. I do not agree with this move from >> Mozilla and it would be interesting to see the interest in such a package. >> > > Agree - AUR. > > Arch should follow upstream - if there is a spin off alternative with this > disenagaged (HigherFox or whatever) ... we can certainly choose a different > package - but Arch should stick with the upstream version. > > Aside: > I don't use firefox - but curious - how would one test developer versions > of extensions then? Or is this no longer possible in firefox? There will be support for that of course https://developer.mozilla.org/en-US/Add-ons/Distribution -- damjan
[arch-general] virt-manager empty package?
Does anyone know why virt-manager is an empty package? The package depends on virt-install which contains the virt-manager program, and just adds its dependencies. Is this intentional? The PKGBUILD suggests it tries to do something. -- damjan
Re: [arch-general] Rerun bootloader from initramfs
On 20 November 2015 at 17:04, Mauro Santoswrote: > On 20-11-2015 17:19, Joan Aymà wrote: >> Why should not be easier to boot following Disk_Encryption on the wiki[1]? >> >> Regards. >> >> [1]https://wiki.archlinux.org/index.php/Disk_encryption > > Because I'm talking about this [1] and not software based encryption. > > [1] https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption I'd sincerely advice against using these 'hardware' disk encryptions. what happens when your motherboard is at fault, and you need the data on the disk *now* and it wont work in a USB enclosure? anyway, maybe you could use kexec in your PBA and run the installed linux kernel with that. -- damjan
Re: [arch-general] Problems with movie playback (HTML5)
> Yes, I saw this with mpv on the command line under X. A restart of the WM > and X > did not solve the problem for me. As with the others I had to reboot my > machine. > > Would be really nice to know what's the root cause. systemctl --user restart pulseaudio -- damjan
[arch-general] Policy about packages and file capabilities
What's the policy about capabilities for executables in Arch packages? I'm asking since in my setup I'm running wpa_supplicant as the 'nobody' user, but I let it keep the NET_ADMIN and NET_RAW capabilities (excerpt from the .service file): User=nobody SupplementaryGroups=rfkill CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW The executable needs to have those capabilities on the executable in order to keep them when switching to user `nobody`, so I set them with: setcap 'cap_net_raw=ep cap_net_admin=ep' /usr/bin/wpa_supplicant I'd suggest (and send a patch) to add these capabilities in the next update to the package if that's acceptable. PS. wpa_supplicant is still not updated from version 2.3 which doesn't work with the wifi interface in the 4addr mode, bridged and with the -b option of wpa_supplicant. 2.4 and 2.5 work in that scenario. so I hope an update is due. -- damjan
Re: [arch-general] Policy about packages and file capabilities
>> What's the policy about capabilities for executables in Arch packages? > > I _guess_ that capabilities are used to avoid SUID binaries when this is > secure. well, also, unless you set capabilities on the executable a process can't have capabilities when a non-root process execs the executable -- that is until the ambient capabilities are supported in the kernel and systemd https://lwn.net/Articles/651052/ (afaik in 4.3) >> I'm asking since in my setup I'm running wpa_supplicant as the >> 'nobody' user, but I let it keep the NET_ADMIN and NET_RAW >> capabilities (excerpt from the .service file): > > Read the caveat here: https://w1.fi/cgit/hostap/plain/wpa_supplicant/README . > Basically, you'll need a special user/group for executing > /usr/bin/wpa_supplicant. right, I think that too would need to be done in a proper package. I'd rather make it 750, and root/wpa_supplicant > In general, why is this necessary? What kind of attack (besides DoS) is > possible against wpa_supplicant? there have been buffer overflows etc. in wpa supplicant, not good for a root process. https://www.google.com/search?q=wpa_supplicant+CVE=utf-8=utf-8 -- damjan
Re: [arch-general] systemd-networkd and netctl with multiple interfaces
ip route get 8.8.8.8 ip route get 7.7.7.7 will show the routes for those ip addresses. you can check several to see where they go (in case the 2 default routes have the same metric) On 11 November 2015 at 14:38, Andrew Von Stein <16vo...@gmail.com> wrote: > Expanding on the ip route command, you can you see what interface is used > to reach the Internet by looking at the default route. The entry that has > the destination as 0.0.0.0 and the subnet mask as 0.0.0.0 is the default > route. If your LAN is shown above your wifi interface I'm going to assume > that the default route is set to the LAN, but this leaves you with > definitive proof that it's working how you want it. Also, you'll want to > type "ip route -n" so you don't resolve hostnames. > > Also, if your wireless and LAN networks use a different gateway, you can > run a traceroute to an outside address to see what path the packets are > taking. Since it only shows the next hop IP address it doesn't work if your > networks use the same IP addressing scheme. > > Regards, > Andrew > > On Wed, Nov 11, 2015, 5:22 AM Bennett Piaterwrote: > >> > I don't use netctl, but you can usually see what default route it uses >> with >> > >> > ip route >> >> Thanks for that, I didn't know that command. >> The LAN is shown above WIFI, which (I assume) means that it takes >> precedence. >> >> > >> > I have made the experience that newly configured interfaces "steal" the >> > default route (although this can usually be configured - again, I don't >> > use netctl). >> > >> > I can imagine the default route passing through the WiFi interface in >> > your scenario. >> >> If I plug in LAN while having an active WIFI connection, it seems to >> steal the route. I checked it by monitoring steam download speeds. >> >> Thanks! >> >> Cheers, >> Bennett >> >> -- >> GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808 >> >> -- damjan
Re: [arch-general] how to remove template service from systemd
if it's a failed service, you might need systemctl reset-failed On 7 October 2015 at 13:43, Łukasz Michalskiwrote: > >>> ● vboxvmservice@A.service - VBox Virtual Machine A Service >>> Loaded: loaded (/etc/systemd/system/vboxvmservice@.service; enabled; >>> vendor preset: disabled) >>> Active: failed (Result: exit-code) since Thu 2015-10-01 12:02:49 >>> CEST; 4 >>> days ago >>> Main PID: 15101 (code=exited, status=0/SUCCESS) >>> >>> How to mak systemd forget about this service? I checked >>> /etc/systemd/system/multi-user.target.wants/ and there is no link for my >>> service. >>> >> >> If you change, add or remove service files: >> $ systemctl daemon-reload >> >> And you may need to stop the service as Florian wrote. >> >> > systemctl disable is not making this service disabled. The first call to > "systemctl disable vboxvmservice@A" removed a link from > /etc/systemd/system/multi-user.target.wants/ correctly. > > daemon-reload does not help. > > I suspect that reboot will get rid of it but on server I would not like to > reboot just because systemctl shows failure of non existent service. > > Regards, > Łukasz > -- damjan
[arch-general] race condition when upgrading the new ncurses package
( 2/70) upgrading ncurses [##] 100% ( 3/70) upgrading readline [##] 100% /usr/bin/bash: error while loading shared libraries: libncursesw.so.5: cannot open shared object file: No such file or directory error: command failed to execute correctly ( 4/70) upgrading bash -- damjan
[arch-general] systemd-networkd 226 in virtual machines
in 226, systemd-networkd now supports predictable interface names for virtio devices.[1] For people running Arch in KVM with virtio-net (as I do), that means the network interface name will change from eth0 to - in my case - ens5. That, for me also meant no ip address after reboot. Make sure to set [Match]Name=en* or some such before rebooting. [1] https://github.com/systemd/systemd/blob/23d08d1b2bfd7f4b3c0a9408c9ccd65c3fb80fc2/NEWS#L45 -- damjan
Re: [arch-general] Process 13696 (systemctl) of user 0 dumped core ??
Mon 2015-08-24 15:32:05 CDT 13580 0 0 7 * /usr/bin/systemctl Mon 2015-08-24 15:53:37 CDT 13696 0 0 7 * /usr/bin/systemctl I haven't seen or noticed this happening before, but obviously the first core dump was back in April related to cups. The question is What should I check? and Does any of this look related to BIOS settings and the new disk controller? (that looks more doubtful after looking over all the information) Anybody have experience with this type thing? are you running everything Arch up-to-date vanilla or do you have some custom stuff? if you're vanilla, run memtest on the machine. -- damjan
Re: [arch-general] Process 13696 (systemctl) of user 0 dumped core ??
On 25 August 2015 at 01:17, Damjan Georgievski gdam...@gmail.com wrote: Mon 2015-08-24 15:32:05 CDT 13580 0 0 7 * /usr/bin/systemctl Mon 2015-08-24 15:53:37 CDT 13696 0 0 7 * /usr/bin/systemctl I haven't seen or noticed this happening before, but obviously the first core dump was back in April related to cups. The question is What should I check? and Does any of this look related to BIOS settings and the new disk controller? (that looks more doubtful after looking over all the information) Anybody have experience with this type thing? are you running everything Arch up-to-date vanilla or do you have some custom stuff? if you're vanilla, run memtest on the machine. also, make sure to: update the bios and do you have the inte-ucode installed and configured (this is very important for certain cpus)? https://wiki.archlinux.org/index.php/Microcode -- damjan
Re: [arch-general] NetworkManager warn logs, Is it something to be concerned?
On 23 July 2015 at 05:33, piruthiviraj natarajan piruthivi...@gmail.com wrote: On Wed, Jul 22, 2015 at 4:00 PM, Christian Demsar vixsom...@vczf.io wrote: There might be a negligible decrease in speed since 220 bytes less are being transmitted per frame, but I don't think it's a breaking issue. Problems arise when the MTU is set higher than all parts of the network can handle, which is why the standard seems to be 1500 (although I've seen some openvpn configuration files restricting the MTU to 1400 for reducing packet loss -- I've never tested to see if it works or not). I'm not sure why your NIC is broadcasting an MTU of 0. Someone more experienced with the (Arch) Linux network stack should be able to help here Thanks christian. I disabled ipv6. It stopped spitting out anymore errors for now. Still can't understand what could have induced this. But I do get errors in thermald in addition. Created an Issue at thermald upstream github. my journalctl -r https://dl.dropboxusercontent.com/u/106654446/journalctl.txt probably fixed in this commit http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/src/devices/nm-device.c?id=c44069c10a4a9c696910baf0dbbefc41528f6dbe -- damjan
Re: [arch-general] Additional mouse (Lenovo N700) gesture binding
On 6 August 2015 at 03:42, Oon-Ee Ng ngoonee.t...@gmail.com wrote: Anyone have any idea on this? Been months and I've looked into it on and off, but always been frustrated =( On Thu, May 14, 2015 at 5:53 PM, Oon-Ee Ng ngoonee.t...@gmail.com wrote: On Wed, Apr 22, 2015 at 10:34 AM, Oon-Ee Ng ngoonee.t...@gmail.com wrote:q snip Firstly, regarding the gestures, here's what I obtain from xinput test. I've also listed which keys these correspond to. https://wiki.archlinux.org/index.php/Map_scancodes_to_keycodes use the hwdb (udev) way. you can set a scancode to reserved to ignore it Left swipe:- key press 22 Backspace key press 133Super_L (left Windows key) key press 37 Control_L key release 22 Backspace key release 133Super_L (left Windows key) key release 37 Control_L Right swipe:- key press 54 c key press 133Super_L (left Windows key) key release 54 c key release 133Super_L (left Windows key) -- damjan
[arch-general] Signing kernel modules
Since some time ago, the Linux kernel has had support for cryptographically signed modules, i.e. the kernel can be configured to only load properly signed modules. https://www.kernel.org/doc/Documentation/module-signing.txt I wouldn't go to lengths explaining the benefits of it, I was just wondering if Arch has the infrastructure to sign the modules - since developers already sign the kernel package itself [*], and in that sense we (the users) already trust them to that level. I'm not suggesting that CONFIG_MODULE_SIG_FORCE is enabled by default - that would break 3rd party modules, but people could optionally use the enforcemodulesig=1 kernel command line option if they want to. Thoughts? [*] though packages are gpg signed, and modules use x.509 -- damjan
Re: [arch-general] systemd new dependencies impede using OpenRC
Arch has always been a simple distribution in terms of the developer perspective, not the user one. Using systemd made it simpler than ever in that regard because much more work is taken care of by both the systemd developers and all of the projects shipping unit files. I find systemd easier from an user perspective too. Or ok, let say, a sys-admin one. And I'm talking from my 14 years profesional Linux experience. Wow, has it been so long. 18 years since I first installed Linux (Slackware 3, Debian 2.2, RedHat, Mandrake, Slackware, Arch - now using Arch for my laptop/desktop, Debian and Ubuntu on servers, sometimes Centos/RHEL). And I can hardly wait for distros to standardize on networkd too. Finally some long needed standardization in the basic setup of a Linux system. -- damjan
Re: [arch-general] error: unknown encoding UTF8: using iso88591 as fallback
I suspect an inconsistency with the file system. that doesn't make no sense. Unix filesystems don't care about encodings at all. ever -- damjan
Re: [arch-general] error: unknown encoding UTF8: using iso88591 as fallback
On 30 May 2015 at 13:03, Ralf Mardorf ralf.mard...@rocketmail.com wrote: On Sat, 30 May 2015 10:16:59 +, AC wrote: On 29/05/15 at 02:35pm, Ralf Mardorf wrote: LANG=en_US.utf8 LANG=en_US.UTF-8 $ grep en /etc/locale.gen | grep -v # ; grep de /etc/locale.gen | grep -v # en_GB.UTF-8 UTF-8 en_GB ISO-8859-1 en_US.UTF-8 UTF-8 en_US ISO-8859-1 de_DE.UTF-8 UTF-8 de_DE ISO-8859-1 de_DE@euro ISO-8859-15 I don't understand why utf8 is generated on my machine. I already explained that, glibc *internally* normalizes the charset part of the locale name. (because in the past people would inconsitently use iso88591 iso-8859-1 iso_8859_1 and other combinations thereof) ALWAYS use .UTF-8 when setting up the locale. Can you please also run the command LANG=en_US.UTF-8 locale also if LC_ALL=en_US.UTF-8 claws-mail still complains the problem is in the application and you should ask upstream. btw, is there any real issue or just the annoying logs? -- damjan
Re: [arch-general] error: unknown encoding UTF8: using iso88591 as fallback
On 29 May 2015 at 14:19, Ralf Mardorf ralf.mard...@rocketmail.com wrote: Hi, for some time past I get error: unknown encoding UTF8: using iso88591 as fallback when running GTK2 and GTK3 apps, Pluma, Claws Mail, Evolution. Other apps, perhaps Qt apps, might be affected too. There are no issues when using those apps, the terminal just shows these messages. What's the output of just locale, as the user you have the problem as -- damjan
Re: [arch-general] error: unknown encoding UTF8: using iso88591 as fallback
error: unknown encoding UTF8: using iso88591 as fallback What's the output of just locale, as the user you have the problem as [rocketmouse@archlinux ~]$ locale LANG=en_US.utf8 LC_CTYPE=en_US.utf8 LC_NUMERIC=en_US.utf8 LC_TIME=en_US.utf8 LC_COLLATE=en_US.utf8 LC_MONETARY=en_US.utf8 LC_MESSAGES=en_US.utf8 LC_PAPER=en_US.utf8 LC_NAME=en_US.utf8 LC_ADDRESS=en_US.utf8 LC_TELEPHONE=en_US.utf8 LC_MEASUREMENT=en_US.utf8 LC_IDENTIFICATION=en_US.utf8 LC_ALL= [rocketmouse@archlinux ~]$ so, your locale is set somewhere else, probablly .profile .bashrc or .xprofile. it seems for these apps it MUST be en_US.UTF-8 - that's the canonical name of the encoding UTF-8 (with the dash). -- damjan
Re: [arch-general] error: unknown encoding UTF8: using iso88591 as fallback
On 29 May 2015 at 15:02, Rodrigo Rivas rodrigorivasco...@gmail.com wrote: On Fri, May 29, 2015 at 2:38 PM, Damjan Georgievski gdam...@gmail.com wrote: error: unknown encoding UTF8: using iso88591 as fallback ... it seems for these apps it MUST be en_US.UTF-8 - that's the canonical name of the encoding UTF-8 (with the dash). I don't think it is locale related, I've used both en_US.utf8 and en_US.UTF-8 in the past without issues. that's half true. glibc normalizes the name of the locale (to lowercase no dashes or underscores - it's a historical thing) so glibc doesn't care. the problem is that some toolkits/apps would extract the charset part of the locale name directly, and not going through the locale functions for that purpose. that has happened in the past, and I wouldn't be supprised if there are toolkits/apps that still do that. And encoding names are used in many other places. My guess is that you have somewhere a XML file with a wrong declaration I haven't seen this, but it's possible. good thing to check. ?xml version=1.0 encoding=UTF8? where the proper declaration would be: ?xml version=1.0 encoding=UTF-8? There are some configuration files both in /etc and $HOME that are read upon initialization of Gtk and Qt (see /etc/fonts/*), so I'd check those first: $ grep -ir 'encoding=utf8' /etc $ grep -ir 'encoding=utf8' ~/.config -- damjan
Re: [arch-general] error: unknown encoding UTF8: using iso88591 as fallback
[rocketmouse@archlinux ~]$ claws-mail try [rocketmouse@archlinux ~]$ LANG=en_US.UTF-8 claws-mail -- damjan
Re: [arch-general] arch linux install iso problem
:: Triggering uevents . . . ... blk_update request: I/O error, dev sr0, sector 1226572 ... blk_update request: I/O error, dev sr0, sector 1226572 ... Buffer I/O error on dev sr0, logical block 153344, async page read :: Mounting '/dev/disk/by-label/ARCH_201504' ^@ERROR: device did not show up after 30 seconds . . . check the label of the iso, you can do it with file ...iso although the I/O errors suggest the CD is unreadable. -- damjan
Re: [arch-general] Cannot use monitor in 1920x1080 anymore
Hmmm... Martin, if you still have a Xorg.log it means you have a really old installation, That was true for versions under 1.16.0-3 as evidenced by the version comparison, but it is not true anymore, Xserver 1.17 dumps its logs to syslog. And syslog is trapped by journalctl. Err No it does not this system is fully up to date . I use startx to start the graphical display nothing in journalctlit is in /var/log/Xorg.0.log Sorry to disapoint and all that .. From what I've read, it's *only* GDM that hacks the X server to run so that it redirects the logs to the journal. Otherwise, it'll go to the /var/log/Xorg.0.log file as ever. ps. on my two - always up-to-date - Arch installations, using lightdm and sddm X logs to /var/log/Xorg.0.log -- damjan