Re: [arch-general] suspend to RAM with home on NFS
Do you have _netdev option set for /home in fstab? I can't think of any reasons this would be a problem. It certainly wouldn't prevent you from suspending, if anything you'd just encounter trouble when resuming. Check your systemd config perhaps? >From the wiki here: https://wiki.archlinux.org/index.php/Power_management/Suspend_and_hibernate If the swap file is in /home/, systemd-logind will not be able to determine its size and thus will prevent hibernation. See systemd issue 15354 for a workaround. On Sun, Nov 1, 2020, 1:22 PM hw wrote: > > Hi, > > how do you get suspend to RAM to work with home directories on NFS? > Since I have /home mounted over NFS, suspending just freezes and I > can only hold down the power button to turn the computer off. >
Re: [arch-general] [arch-dev-public] archiso v49 with new features
Saw mention of assisting blind users, and thought I'd mention TalkingArch: https://wiki.archlinux.org/index.php/TalkingArch On Fri, Oct 30, 2020 at 11:36 AM Alexander Epaneshnikov via arch-general < arch-general@archlinux.org> wrote: > ok. i write on arch general because i can't write to arch dev publick. > 30.10.2020 20:36, Giancarlo Razzolini via arch-dev-public пишет: > > Em outubro 30, 2020 14:14 David Runge escreveu: > >> > >> If this mail reads like a changelog, then well, it is because I don't > >> have a > >> changelog in the project yet! ;-) > >> Apart from that I thought it might be worthwhile to write a news item > >> about it after the next ISO has been released and share the above two > >> changes on the website. What do you think? > >> > > > > I think accessibility is a huge milestone that, on its down, deserve a > > news entry. > yes. i think that too. i am preparing wiki documentation for accessible > installation procedure. > will try to finish the draft by the end of the week. > > I have assisted a blind person to install Arch some time ago and it > > was very difficult. > > In the end, I wrote a small script to help with the installation. And > > this is not because > > the person wasn't technically able, but our iso didn't made it easy. > hmm. talking-arch is available for long time. but i am sure that now > such task > will become much easier. > > > > Nice work! > > > > Regards, > > Giancarlo Razzolini > > -- > Sincerely, Alexander. >
Re: [arch-general] usbguard package neglected
You can build the latest yourself https://aur.archlinux.org/packages/usbguard-git/ but it is good that Levente is being diligent in verifying the new maintainers. On Tue, Oct 27, 2020 at 4:31 AM arch user via arch-general < arch-general@archlinux.org> wrote: > On 27.10.20 03:45, Eli Schwartz via arch-general wrote: > > The point of a signing key is to say "this key certifies the correct > > software and I commit to using it. Anything else is automatically > > suspect as malware". > > > > You don't immediately respond by saying "well it came from the same > > website and some unverified source told me the key totally got lost but > > it's fine. So let's blindly click accept". > > > The only thing a signing key accomplishes is that you can verify what > other commits were made by that signing key, i. e. person. If you > verified the key via a second channel you also know the person the key > belongs to. Anything beyond that is just a point of view. > > A signing key has nothing to do with malware at all. What made you think > the software hasn't been malware in the first place? What makes you > think the person owning that signing key isn't writing good software > until some distros are trusting his key, adding the software as official > package and then the person starts implementing evil backdoors? > > I'm just wondering, because you can easily write malicious software and > sign it with the same key all the time. >
Re: [arch-general] (no subject)
Have you looked at lsusb -t ? Maybe the port is disabled in your bios/firmware? Verify that you are booting a kernel you have (modules for) ls -ld /usr/lib/modules/`uname -r` check which usb controllers you have, lspci, they will be *hci On Tue, Mar 24, 2020, 11:00 AM Robin Martijn wrote: > Currently, I am using linux 5.5.11.arch1-1. Since this version, I am > unable to use my USB storage drives. Nothing shows up in dmesg when > inserting the storage drive and also lsblk does not detect the drive. > lsusb also does not detect the drive. I have rebooted my system after > the kernel update, more than once actually, so I am sure that that is > not the problem. Would anybody know what could potentially be the problem? > > Thanks in advance! >
Re: [arch-general] Pacman Database Signatures
Could a tempfile be used or the file name from the URL instead of the content disposition? At least prior to signature verification? Seems this could still be "exploited" by specifying a file name of another source in the package perhaps? Makes me wonder about the ::dest suffix of sources albeit that is somewhat different case. On Sun, Feb 2, 2020, 2:26 PM Levente Polyak via arch-general < arch-general@archlinux.org> wrote: > On 2/2/20 10:59 PM, Christopher W. via arch-general wrote: > > Hi. The wiki states that database signatures for pacman are currently > > a work in progress. It's been that way for a long time, so I assume > > there is no "progress" happening. What is currently in the way of this > > much-needed security feature to be fully implemented? > > > > Right now, pacman is taking untrusted input from the internet as root. > > That's very bad. Most of the comments I've seen say that an attacker > > could hold back vulnerable packages, but this is assuming the attacker > > does not have bigger plans. The pacman tool is not immune to bugs in > > the way it parses the database files. It has no privilege separation > > in the download/parsing code as far as I can see (apt and others have > > had this for a long time) so it's really an even more dire situation. > > Pacman should not perform any operations as root until it has verified > > the signature of all files being used to install/upgrade the packages, > > but it currently does everything (downloading, verifying, etc) as root. > > > > I'd like to get a discussion going about how and when these two issues > > could be resolved so that all Arch users can be safer. Thanks. > > > > Hi, > > it was indeed stalled for quite a long time without real progress. The > reason has been that some packagers refused to sign the database file > with their own key for various reasons. > The good news is, it is being worked on lately. Right now we are > figuring out some flows and models how we want to do that, like > smartcards or TPM and how to set that up and maintain it. In fact we > have been working on that today and during the whole weekend at FOSDEM, > so things are moving and we will get there :) > > However, this doesn't mean it will instantly become bullet proof. > Software and security is far more complex than that and also APT and > friends are not an unbreakable software even when having signed > databases/indicies: > > APT CVE-2019-3462 > Incorrect sanitation of the 302 redirect field in HTTP transport method > of apt versions 1.4.8 and earlier can lead to content injection by a > MITM attacker, potentially leading to remote code execution on the > target machine. > > In case of pacman, signed databases would have protected against > CVE-2019-18183 and CVE-2019-18182 but not against: > https://security.archlinux.org/CVE-2019-9686 leading to arbitrary code > execution when using -U on a remote target. > > Before drifting to much away and philosophizing about privilege > separation and dropping privileges for certain tasks, lets get back to > the main question/topic here: Right now there isn't much discussion > needed, a team is actively working on exactly that topic and will > present their considerations, implementations and results to A-D-P for > some feedback rounds before potentially going live. > > cheers, > Levente > >
Re: [arch-general] Status of WPA3
hrm, do you have access to the AP? Quick google suggest the nl_recvmsgs might not be important--- related to scanning. You might gather up your hw/fw/kernel wpa_supplicant hostapd info and try the linux-wireless mailing list, as these are recent changes maybe there are still some bugs. I would include the network profile, and the hostapd config as well, and if you are able to get some more verbose messages that could help maybe mount -t debugfs none /sys/kernel and poke around in there or look at modinfo rtw88; /sys/module/rtw88/parameters. Does the authentication just time out, any deauth or dissasoc disconnected messages? On Sun, Jan 26, 2020 at 4:27 AM Bjoern Franke via arch-general wrote: > > Am 25.01.20 um 23:12 schrieb Justin Capella: > > More recent kernels should have 80211w for that driver which is also > > required. > > 5.4.14/5.4.15 results in > nl80211: send_and_recv->nl_recvmsgs failed: -33 > SME: Trying to authenticate with 44:4e:6d:a2:1f:df (SSID='xyz' freq=5500 MHz > and not luck :/ > > best regards > Bjoern
Re: [arch-general] Status of WPA3
More recent kernels should have 80211w for that driver which is also required. https://elixir.bootlin.com/linux/latest/source/drivers/net/wireless/realtek/rtw88/main.c#L1239
Re: [arch-general] Status of WPA3
heftig has updated wpa_supplicant pkg https://git.archlinux.org/svntogit/packages.git/diff/trunk/config?h=packages/wpa_supplicant=3337d901e02dc38e95b23b714747b0384b2e5171 On Sat, Jan 25, 2020 at 3:50 AM Bjoern Franke via arch-general wrote: > > Hi, > > > > > Using it with network manager is very easy to turn on - just create: > > cat /etc/NetworkManager/conf.d/wifi_backend.conf > > [device] > > wifi.backend=iwd > > Thanks for your reply. Unfortunately iwd has some issues in my case, > like packet loss and much more higher pings. I'm testing iwd from time > to time (as NM-backend) to check if it got better. > > > > And restart nm. Let us know if you get it working. > > > > Unfortunately it did not work - neither with iwd or with heftig's > updated wpa_supplicant. wpa_supplicant says: > Failed to select authenticated key management type > > I think rtw88 is to blame in this case, as my Thinkpad X270 used for > work with intel chipset on Ubuntu 20.04 is connecting fine. > > Best Regards > Bjoern
Re: [arch-general] Why are Archlinux packages stripped of (debugging) symbols?
The reason I'd really like native packages to be built with split symbols even if they aren't included in the package but available through some other means... Is so that bug wranglers can more easily make sense of traces/coredumpctl info output, where rebuilding the package would just be a hassle and potentially result in different symbols, which defeats the point. Maybe one day users could submit coredumps / backtraces to a webservice that would reference the symbols, and "bucket" the traces to help triage/identify unique crashes
Re: [arch-general] Hibernation Failure
Ah interesting. Do those memory regions match what is reported in proc/iomem prior to hibernating-- odd question but I recall someone on the irc encountering a difference. I suggest hopping on the IRC if you're able, easier and quicker, probably not arch specific but feel free to start there or maybe the ##kernel channel On Sun, Jan 12, 2020, 3:19 AM Markus Schaaf via arch-general < arch-general@archlinux.org> wrote: > > > Am 12.01.20 um 01:39 schrieb Paul Dann via arch-general: > > I'm having trouble getting hibernation to work on my new Dell Inspiron > > 7590. It seems that the image is stored correctly (onto LUKS+LVM > thin-lv), > > I've noticed something similar on a similar setup. It looks like the > kernel is taking some shortcuts when accessing the (swap-) space during > hibernation, which are not compatible with dm-crypt. I'm using an AEAD > cipher and the integrity data is wrong after resume. > > BR >
Re: [arch-general] Hibernation Failure
https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#With_suspend-to-disk_support On Sat, Jan 11, 2020 at 4:40 PM Paul Dann via arch-general wrote: > > I'm having trouble getting hibernation to work on my new Dell Inspiron > 7590. It seems that the image is stored correctly (onto LUKS+LVM thin-lv), > but resume fails, with the following left in the kernel logs: > > --- > PM: Image signature found, resuming > PM: resume from hibernation > Freezing user space processes ... (elapsed 0.001 seconds) done. > OOM killer disabled. > PM: Marking nosave pages: [mem 0x-0x0fff] > PM: Marking nosave pages: [mem 0x0009e000-0x0009efff] > PM: Marking nosave pages: [mem 0x000a-0x000f] > PM: Marking nosave pages: [mem 0x4000-0x403f] > PM: Marking nosave pages: [mem 0x66797000-0x66798fff] > PM: Marking nosave pages: [mem 0x761f7000-0x791fefff] > PM: Marking nosave pages: [mem 0x7920-0x] > PM: Basic memory bitmaps created > PM: Using 3 thread(s) for decompression > PM: Loading and decompressing image data (1343374 pages)... > PM: Image loading progress: 0% > PM: Image loading progress: 10% > PM: Image loading progress: 20% > PM: Image loading progress: 30% > PM: Image loading progress: 40% > PM: Image loading progress: 50% > PM: Image loading progress: 60% > PM: Image loading progress: 70% > PM: Image loading progress: 80% > PM: Image loading progress: 90% > PM: Invalid LZO compressed length > PM: Read 5373496 kbytes in 6.35 seconds (846.21 MB/s) > PM: Error -1 resuming > PM: Failed to load hibernation image, recovering. > PM: Basic memory bitmaps freed > OOM killer enabled. > Restarting tasks ... done. > PM: resume from hibernation failed (-1) > --- > > And then the system boots fresh. An internet search revealed absolutely > nothing about the "Invalid LZO compressed length", and I've no idea why the > image would be corrupt. I'd appreciate any ideas. > > Paul
Re: [arch-general] too many brick walls for graphical archlinux install
There is a distro that aims to do this, https://talkingarch.tk/ On Mon, Jan 6, 2020, 9:56 AM Jude DaShiell wrote: > I commented some lines out in /etc/pulse/client.conf and > /etc/pulse/daemon.conf. Next thing to try is install speech-dispatcher > and festival and voices for festival and see if I can get spd-say talking. > If so, that will mean the edits on those pulse files were adequate and > then gnome and orca theoretically will install and work correctly using > alsa. > I read about a nopulse package on the arch bbs site in messages but > couldn't find that on aur so decided to do some edits on the pulse > configuration files. > If I ever get this working, I'll probably get myself an arch account and > write something for the wiki so others won't have to guess the way I have > if they want to install gnome on archlinux and have orca talking. > > > > -- >
Re: [arch-general] Got a problem with networking.
At some point Microsoft restricted anonymous logins, are you using credentials to access the shares? Not sure this would be an arch problem but either way you'll have to provide more info, maybe show ss or use tcpdump/Wireshark to inspect traffic On Sun, Dec 22, 2019, 3:35 PM mick howe via arch-general < arch-general@archlinux.org> wrote: > Systems: > > Arch / xfce on my main system ( I5, 32gb, 2 + 1tb) > > I3 laptop 12gb, 1TB lenovo B50-70 dual booting, originally win8.1 & arch, > when I upgraded to win10 I broke my arch installation and replaced it with > kubuntu because I couldn't face over a week of recreating the arch system. > (Ever since I started using Linux Red Hat 5.2 I have only ever been able > restore the directories and file names, but not the contents. > > win7 desktop 4gb, 320GB > > Before upgrading to to win10 networking broke with each update to > networking on either arch or windoze usually one system or the other or > both were unable to see each other. I was able to fix it, usually it seemed > all had to do was touch the samba config file. After I added the win7 box I > was able to see all system from each box and sometimes copy files. From the > win7 box I could copy files from any box to any box. > > Since I "updated" win7 to win10 I can see but NOT connect between any of > the boxes and have had to resort to sneekernet for file transfers. > > I have tried numerous times to find the cause and fix it but I'm just going > round and round in circles, getting nowhere. > > Is there anyone out in the ether land who could guide me through this > issue? >
Re: [arch-general] Archlinux fail2ban not working
Your regex doesn't look like it would match. If is substituted for
your hostname that part of the regex would need to be before the unknown
user part
On Fri, Nov 1, 2019, 2:51 AM Maykel Franco via arch-general <
arch-general@archlinux.org> wrote:
> Hi, I have this rule:
>
> jail.conf:
>
> [app-user]
> enabled = true
> port = 443
> filter = user-app
> logpath = /var/log/user-app.log
> findtime = 1200
> bantime = 480
> maxretry = 3
>
> ---
>
> filter.d:
>
> user-app.conf
>
>
> [Definition]
>
> failregex = Unknown User .* \(:.*\)
>
> ignoreregex =
>
> ---
>
> The content is logfile test /var/log/user-app.log:
>
> [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
>
> ---
>
> And when test it, not working:
>
> fail2ban-regex /var/log/user-app.log /etc/fail2ban/filter.d/user-app.conf
>
> Running tests
> =
>
> Use failregex filter file : user-app, basedir: /etc/fail2ban
> Use log file : user-app.conf
> Use encoding : UTF-8
>
>
> Results
> ===
>
> Failregex: 0 total
>
> Ignoreregex: 0 total
>
> Date template hits:
> |- [# of hits] date format
> | [6] {^LN-BEG}24hour:Minute:Second
> `-
>
> Lines: 6 lines, 0 ignored, 0 matched, 6 missed
> [processed in 0.02 sec]
>
> |- Missed line(s):
> | [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> | [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> | [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> | [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> | [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
> | [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
>
> Whats wrong? Maybe the left timestamp?
>
> Thanks in advanced.
>
Re: [arch-general] 'base' package install with non-updated linux-kernel
You don't need to install the Linux package. I think generally that's why it was removed from base. You might look into using pacman.conf IgnorePkg to prevent upgrades... But I will try to post on that thread, it may not be an issue with the kernel. So check there shortly On Sat, Oct 19, 2019, 6:53 PM riveravaldez via arch-general < arch-general@archlinux.org> wrote: > Hi, > > because of this problem [1] (apparently a kernel/driver/hardware > issue?) I'm forced to stay on linux-5.2.14-arch2-1 right now. > My question is: should/can I anyway install the 'base' package anyway > as explained in [2]? > > Thanks a lot > > [1] https://bbs.archlinux.org/viewtopic.php?id=249330 > [2] > https://www.archlinux.org/news/base-group-replaced-by-mandatory-base-package-manual-intervention-required/ >
Re: [arch-general] Bios Raid (Fake Raid) and Virtual Raid (Software Raid)
If you're talking about intel rapid storage it is compatible/useable like soft raid On Mon, Sep 2, 2019, 6:19 AM Chris Billington via arch-general < arch-general@archlinux.org> wrote: > You can do software raid in Arch using mdadm. Details here: > > https://wiki.archlinux.org/index.php/RAID > > On Mon., 2 Sep. 2019, 09:07 Kelly Rogers via arch-general, < > arch-general@archlinux.org> wrote: > > > Hi, > > Can you tell me what is capable to do Arch Linux: Bios Raid (Fake Raid) > and > > Virtual Raid (Software Raid)? > > Thank you! > > >
Re: [arch-general] script talkingarch
My understanding is you press enter to install talkingarch On Sat, Aug 3, 2019, 7:19 AM Jude DaShiell wrote: > probably not. If you want that kind of hand-holding the urls were > already sent to this list for Jenux which has several scripts though > even with them they're not like the Javelin Missile which is a fire and > forget system (you do have to answer some questions). > > On Sat, 3 Aug 2019, ad?rito wrote: > > > Date: Sat, 3 Aug 2019 08:19:28 > > From: ad?rito > > Reply-To: General Discussion about Arch Linux < > arch-general@archlinux.org> > > To: "arch-general@archlinux.org" > > Subject: [arch-general] script talkingarch > > > > Hello, is there a script to install talkingarch with espeakup or not? > > > > Enviado do Correio para Windows 10 > > > > > > -- >
Re: [arch-general] Can't change tty's since last update
Hesitant to reply because I haven't really looked into this much, but was maybe hwdb part of ststemd / formerly udev updated? I know it has key bindings On Mon, Jul 29, 2019, 1:46 PM Jeanette C. via arch-general < arch-general@archlinux.org> wrote: > Hey hey, > since my last update, today, I sometimes can't change ttys. Using showkey > I > have checked that both the alt key and the f-keys are coming through. > > Might this be a kernel issues. I believe I came from 5.0.x and am now on > 5.2.3. > > May it further be an indication that my jackd settings have lead to major > xruns on input, using jackd1? > > Does anyone have an idea, maybe even where else to look for suspects? > > Best wishes and thanks, > > Jeanette > > -- > * Website: http://juliencoder.de - for summer is a state of sound > * SoundCloud: https://soundcloud.com/jeanette_c > * Youtube: https://www.youtube.com/channel/UCMS4rfGrTwz8W7jhC1Jnv7g > * GitHub: https://github.com/jeanette-c > * Twitter: https://twitter.com/jeanette_c_s > > I'm not that innocent... <3 > (Britney Spears) >
Re: [arch-general] talkingarch
https://talkingarch.tk/tutorials/TalkingArch%20Tutorial%20-%20Basic%20Installation.opus Is a link to audio instructions. On Sun, Jul 28, 2019, 5:04 AM adérito wrote: > Hello how do I install talkingarch send me the commands to install > talkingarch. please. > > Enviado do Correio para Windows 10 > >
Re: [arch-general] How long do you make the passphrase for the private key?
I did a quick search and noticed by default pbkdf2 is not used... Check this out, https://security.stackexchange.com/questions/84482/do-gpg-and-openssh-use-key-stretching-on-their-keypairs Seems worth it, but hardware solutions still seen preferable and have anti hammering. On Tue, Jun 25, 2019, 7:43 PM Ralf Mardorf via arch-general < arch-general@archlinux.org> wrote: > On Wed, 26 Jun 2019 10:41:03 +1000, asymptosis via arch-general wrote: > >In practice, I believe any decent password cracker would start with a > >dictionary of the most common word > > There are some common human patterns. In music for example it's unusual > to play a b c d, its more common to play patterns such as a c b d. > So instead of using a word, even a stupid human more likely would e.g. > turn syllables by a pattern. Such a pattern isn't hard to crack, but a > starting point for contemplation. >
Re: [arch-general] How long do you make the passphrase for the private key?
Doesn't the actual key get derived using pbkdf2 with many iterations making brute force of even fairly weak passphrases time consuming? I am not sure it is as critical as one would think. There are more secure options too such as smart cards / hsm or ssh-ca. Maybe look into those options as well? And maybe look for some guidance in securing your ssh agent as well On Tue, Jun 25, 2019, 2:16 PM mpan wrote: > > Randomly open a dictionary and then randomly pointing on a word, > > repeating this a few times, is one way for an artist to get an > > inspiration. > > > > I wonder how safe it is to use such a method to generate a passphrase. > An old Chinese proverb says: do not invent your own crypto. > > Diceware is much better crafted than you may imagine. It’s not just > some random idea someone had while contemplating life in a loo. It > solves some real problems and avoids pitfalls. > > What are the problems with the proposed method? First of all: what is > your RNG or CSPRNG? Is it your brain? Your hand? Then you have already > lost. If you’re just grabbing a book and opening it at a “random page”, > your generator is already biased. You have much greater chances of > picking a page closer to the middle than on the ends of the book. It may > be even worse when it comes to the selection of the word on a page. Are > you, instead, using an actual RNG or CSPRNG? Is it not biased? How are > you dealing with that issue? Are the values from it mutually independent? > > Even if you have a good [pseudo]randomness source, how do you map its > output to the page number and word number? It isn’t a trivial task and > if you do it wrong, you skew your distribution. > > A dictionary may contain long words. While you may imagine that is > good, because “longer is better”, it is giving you only a tiny > advantage, because the space a word takes is not really used. In English > it’s less than 3 bits per letter and it tends to be worse for longer > words. Still, no loss, yes? Wrong. Unfortunately many services limit the > length of the password you may use. It is also harder to get muscle > memory for typing long words. > > I believe a cryptographer could point out a few other mistakes as > well. The reason I explained this is not to inspire anyone to “fix” the > proposed algorithm. My goal is opposite: to discourage people from > undertaing such tasks. There is many gotachas, it is easy to introduce a > vulnerability and you don’t even get any testing/review for your method. > Better trust people, who spent half of their lives studying cryptography. > > How does Diceware deal with the above problems? It eliminates the > human factor. It uses a randomness source that for all practical > purposes is an actual RNG. A RNG that is even better than what is > typically used for private key genereation! The tiny bias it has is > acceptable, considering the great advantage of using dice. The set of > possible values is chosen in a way, which ensures no bias being > introduced while mapping from the output of the RNG to those values > (yes, it avoids the issue altogether). It is clear, transparent and > obvious at each stage — nothing up my sleeve. It can be used by anyone. > Finally, words are short, so the output is compact. After some time > entering such a passphrase is just a series of 4–5 taps on the keyboard. > APPRECIATE WHAT ARNOLD REINHOLD DID, because he did a truly good job. :) > >
Re: [arch-general] HDMI Output died over night
Does the display work at startup? Like does it POST and do you have a boot loader? Do you have another device that you could use to check that the cable and monitor are not the issue? What graphics card are you using and which driver? And change to kernel or initrd? Awhile ago I believe xf86 video intel was deprecated in favor of mode setting. Are you using UEFI? There is an IRC channel on freenode btw On Tue, Jun 25, 2019, 4:08 PM Florian Wehner wrote: > Hi! > > I wasn’t able to get my HDMI output running on my Lenovo X1 Carbon 6th gen > today. I run gnome on Wayland. It has been working fine for the last few > days but completely dead today. > > Symptom: The external display detects that an HDMI cable is connected (via > ground?) but there is no signal. > > Here’s what I tried: > Switch from wayland to Xorg > Swapping cables / monitors > Rebooting (with and without hdmi cable or power) > Setting the boot display to HDMI (no influence) > Looking at xrandr => Not connected > > Any ideas? Thanks, > Flo
Re: [arch-general] Harassment by David Runge
I am unable to locate PKGBUILDs for the packages mentioned, php-redis and liblzf. I've looked on the site you mentioned, Archlinux's packages, and in AUR. Am I missing something? Do you maintain Archlinux packages for these? Or is it that David is perhaps trying to make PKGBUILD and asking that the source be pgp signed? Archlinux pkgs typically use gpg, I personally have never heard of the tool you signed your source with. I don't know what all happened between you two but if you're the author of these packages I think a more traditional means of integrity/authenticity would be helpful... Gpg,/pgp sha256 etc. I recognize base64 but RWSUBDizLm/GKcGyJf84aGAXKuZLjXNJrUezGuLaqd89R+rQmlFz/L42V8xe78eOx7kyXAJ3rPF30MUQpBayUSkof3KQxE35CA0= in the sig file associated with liblzf... But it's useless to me without the extraneous tool I'm not installing. Seeing as git signs with gpg I think it's fair to say that's the norm. On Sat, May 11, 2019, 9:20 AM Marc Lehmann via arch-general < arch-general@archlinux.org> wrote: > (Please (also) reply personally to me if you want me to read a reply, as I > don't monitor the list). > > Hi! > > I was recently harassed by David Runge , by e-mail. > > I don't know if this is the right place to report this, but I looked > at the wiki and the code of conduct, and this seemed the most fitting > place (as there doesn't seem to be a specific contact for this kind of > issue). If I am wrong, and there is a better place to send this to, I'd be > happy to be redirected. > > Background: I am the author and/or maintainer of various software packages > such as rxvt-unicode or gnu vpe, many of which are distributed as part of > popular software distributions such as Debian GNU/Linux and others. > > A few of my packages are distributed on http://dist.schmorp.de/, backed up > by signify signaturs, in turn backed up by gpg(1), and other means. > > On 2019-05-10 I was contacted, in german, by David Runge (pgp fingerprint > 91BD8815...). > > He stated that he is in the process of packaging php-redis and liblzf (my > software package) for arch linux, and claimed that the signatures on my > server are not valid, which would be a serious issue for data integrity, > so I was quite alarmed. He also asked whether I could provide individual > gpg signatures instead, as, apparently, the arch build system treats all > .sig files as gpg files and that not doing this would make it impossible > to verify the downloads. > > I immediately asked him what is wrong with the signatures and why they > wouldn't be valid, what file exactly does not verify and how exactly does > he > verify them. I also pointed him at the documentation on the signatures in > (1) and offered to help in case of problems. > > He replied that the arch build system automatically treats all .sig files > as gpg signatures, and that this can't be switched off; that the signature > for http://dist.schmorp.de/liblzf/liblzf-3.6.tar.gz does not verify, and > claimed this affects all of the file signatures. > > I in turn replied that I consider this a candidate for a bug report > against the arch build system, as it shouldn't enforce treatment of > random .sig file as gpg signature. I also pointed out that it is a > security bug if arch linux treats .sig files without a hardcoded or > otherwise authenticated gpg key id, and shouldn't rely on a random > openpgp signature, even if that signature verifies. I did mention that > I can hardly imagine that the arch build system would be that broken > however. > > Again I asked for details of what is not valid with the existing > signatures. I also pointed out that if he cannot implement the signify > signatures automatically, he could get still get cryptographic protection > by including a hardcoded checksum of the release tarball into the package > build system, which would solve the problem of verification. Lastly I > pointed out that a separate gnupg signature for every file would result > in a rather large overhead for me, especially since no other distribution > requires this. > > Up until this point, I respectfully tried to a) find out why he claims the > signatures were not valid and b) constructively tried to find a solution > that would work for everybody and c) get him to report bugs against the > arch build system if it is really as broken as he described it, to improve > arch linux. > > I then received a mail full of ad hominems, calling my attempts at solving > his problem "sad", making a strange claim that it seems important for > me that my software is used (which potentially implies a threat of not > packaging my software if I don't comply, of course), attacked me for > "denouncing the work of others", called my replies "disdainful rants", > questioned my motives when I tried to improve arch linux by pointing out > potential security issues and so on. > > All of which was completely uncalled for, and, frankly, most of which left > me puzzled at where he would even get those ideas. > >
Re: [arch-general] Haupage TV Card PCI
https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/linux=325086f906b021d0c3350b50915e9342bc0f2183 seemed to make something related to DVB a module The code to copy the dvb modules is still in the PKGBUILD, https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/linux#n156 Perhaps you may just need to load the module? On Mon, Apr 29, 2019 at 3:02 PM pete via arch-general wrote: > > evening all .. > just done an update to my system and the PCI TV card has stopped > working all mention of it has gone from Kaffeine i notice now all the > dvb related modules seem to be USB based things ? strange decission > is it now that you have stopped supporting PCI tv cards such as the > Haupahge cards if so what kernel do i have to regress to to get it to > function again i have way way way too much USB junk plugged in already > USB is becoming like BMW's a pain in the posteriour > > . > > Pete .
[arch-general] Update some pkg sources to use https:// when available
https://www.archlinux.org/todo/use-https-in-the-url-field/
https://gist.github.com/b1tninja/9a1184a9713a16e77c7ae65d1829d589
git clone --depth=1 --no-checkout
"https://git.archlinux.org/svntogit/packages.git; pkgs;
pushd pkgs;
git reset --hard HEAD;
git checkout HEAD -- */trunk/PKGBUILD;
doms=($(grep -PRho '(?s)(?<=source=\().*?(?=\)\s*$)' | grep -Po
'(?:((?:(?:git|svn|cvs)+)?http://)(.*?)(?=/|$))' | cut -d "/" -f 3- |
sort -u))
for dom in ${doms[@]}; do (echo "" | openssl s_client
-verify_return_error -verify 2 -verify_hostname $dom -servername $dom
-showcerts -connect $dom:443 > $dom.crt) && echo $dom; done | tee
https.txt
sed -ri 's/http:\/\/('$(sed -r 's/\|$//' <(tr "\n" "|" <
https.txt))')/https:\/\/\1/g' $(find -name PKGBUILD)
No I don't think its super elegant-- it works often, and afaik doesn't
introduce errors--- parsing bash scripts is a pita.
