Bug#876947: di-netboot-assistant: conffiles not removed
Package: di-netboot-assistant Version: 0.49 Severity: normal User: debian...@lists.debian.org Usertags: obsolete-conffile adequate The recent upgrade did not deal with obsolete conffiles properly. Please use the dpkg-maintscript-helper support provided by dh_installdeb to remove these obsolete conffiles on upgrade. https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files https://manpages.debian.org/man/1/dh_installdeb This bug report brought to you by adequate: http://bonedaddy.net/pabs3/log/2013/02/23/inadequate-software/ $ pkg=di-netboot-assistant ; adequate $pkg ; dpkg-query -W -f='${Conffiles}\n' $pkg | grep obsolete di-netboot-assistant: obsolete-conffile /etc/di-netboot-assistant/elilo.HEAD /etc/di-netboot-assistant/elilo.HEAD 1d203651eba838c1c3ba869038edc7a5 obsolete -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.13.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages di-netboot-assistant depends on: ii curl 7.55.1-1 ii wget 1.19.1-4 Versions of packages di-netboot-assistant recommends: ii grub-efi-amd64-bin2.02-2 pn tftpd-hpa | atftpd | dnsmasq Versions of packages di-netboot-assistant suggests: pn dnsmasq | isc-dhcp-server | udhcpd ii syslinux3:6.03+dfsg-14.1 pn vim-addon-manager -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#849400: debian-installer: LUKS on rootfs and boot
I am affected by this as well. Googling shows shows people experimenting with workarounds - creating an additional unencrypted /boot partition independent of the unencrypted EFI partition. This is overly complicated when the subsequent install workflow already does the correct thing - in creating a /boot partition and kernel/initrd/grub on the EFI parition. One just needs to be able to hint that the EFI/fat32 parition will be used for /boot, or else simply let the user 'continue' the installation, rather than have both 'go-back' and 'continue' return to the same menu. On Mon, 26 Dec 2016 18:02:28 +0100 Pali =?utf-8?q?Roh=C3=A1r?= < pali.ro...@gmail.com> wrote: > Package: debian-installer > Severity: normal > > Dear Maintainer, > > Debian installer refuse me to install entire system (including /boot) on > one encrypted partition. It shows me this red fatal error message: > > [!!] Partition disks > > Encryption configuration failure > > You have selected the root file system to be stored on an encrypted partition. This > feature requires a separate /boot partition on which the kernel and initrd can be stored. > > You should go back and setup a /boot partition. > > There are two buttons and but both buttons go > back and refuse to continue... > > Then I tried to have separate /boot and separate / partitions, both > LUKS encrypted. But Debian installer again refused to install such > configuration. It show me another red fatal error message: > > [!!] Partition disks > > Encrypted configuration failure > > You have selected the /boot file system to be stored on an encrypted partition. This is > not possible because the boot loader would be unable to load the kernel and initrd. > Continuing now would result in an installation that cannot be used. > > You should go back and choose a non-encrypted partition for he /boot file system. > > Again there are two buttons: and and again both go > back and does not allow me to process changes and continue. > > And that error message is incorrect. Grub2 has already supports for > accessing LUKS partitions. Just add GRUB_ENABLE_CRYPTODISK=y (or in > older versions GRUB_CRYPTODISK_ENABLE=y) to /etc/default/grub. > > Debian installer should allow users to install system on fully > encrypted disk (also with /boot) and should not force users to have > always /boot unencrypted. > > At least expert users should be able to skip that error message and > continue installation as error message is not truth anymore. > > -- > Pali Rohár > pali.ro...@gmail.com
Re: l10n co-coordinator
Hi, Holger Wansingwrote: > Hi Lior and list, > > Cyril Brulebois wrote: > > > For the installer itself, I would not start before the release of Stretch, > > > it's too late for that now. > > > My first target would be the installer for buster. > > > > I'm adding Lior in copy of this small subthread since he just approached me > > during DebConf, as he would like to help with translation coordination. :) > > So welcome in our new sub-team :-) > > My idea for the installer was basically, to send a call for translation > updates to all languages, which are outdated, means searching for new > translators for those languages on the relevant l10n lists. > > However, at debconf a new intend was called out to change the whole > translation infrastructure for the installer (in the long term of course, > no quick actions to be expected IMO). > > This is why I'm somewhat unsure how to proceed... > Should I try for recruiting new translators, even if the workflow changes > heavily some time later? > Recruiting new translators means explanation of workflow to some degree, what > would be to no avail, if infrastructure changes. > > > Thoughts? I got no answer here, so I'm starting on my own, as stated above: trying to recruit new translators for languages which are badly outdated. Holger
Processed: Re: Bug#868357: installation-guide: get rid of "not up to date for " warnings
Processing control commands: > tags -1 + pending Bug #868357 [installation-guide] installation-guide: get rid of "not up to date for " warnings Added tag(s) pending. -- 868357: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868357 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#868357: installation-guide: get rid of "not up to date for " warnings
Control: tags -1 + pending Samuel Thibaultwrote: > Holger Wansing, on mar. 26 sept. 2017 20:51:34 +0200, wrote: > > Holger Wansing wrote: > > > Those warnings are there since Woody or Sarge, and I think they are no > > > longer true. > > > We should remove them. > > > > A patch is attached. > > It removes the warnings for all archs except hurd and kfreebsd variants. > > It should be fine indeed :) Committed. Tagging bug as pending. Holger
Bug#868357: installation-guide: get rid of "not up to date for " warnings
Holger Wansing, on mar. 26 sept. 2017 20:51:34 +0200, wrote: > Holger Wansingwrote: > > Those warnings are there since Woody or Sarge, and I think they are no > > longer true. > > We should remove them. > > A patch is attached. > It removes the warnings for all archs except hurd and kfreebsd variants. It should be fine indeed :) Samuel
Bug#868357: installation-guide: get rid of "not up to date for " warnings
Hi, Holger Wansingwrote: > Package: installation-guide > Severity: wishlist > > On (for example) > http://d-i.alioth.debian.org/manual/en.arm64/index.html > the installation guide has warning messages like > > "Although this installation guide for amd64 is mostly up-to-date, > we plan to make some changes and reorganize parts of the manual > after the official release of buster." > > or > > "This installation guide is based on an earlier manual written for the > old Debian installation system (the “boot-floppies”), and has been updated > to document the new Debian installer. However, for arm64, the manual has > not been fully updated and fact checked for the new installer. There may > remain parts of the manual that are incomplete or outdated or that still > document the boot-floppies installer." > > depending on the architecture. > > Those warnings are there since Woody or Sarge, and I think they are no > longer true. > We should remove them. > > Comments welcome. A patch is attached. It removes the warnings for all archs except hurd and kfreebsd variants. Holger Index: build/arch-options/amd64 === --- build/arch-options/amd64 (Revision 70848) +++ build/arch-options/amd64 (Arbeitskopie) @@ -22,4 +22,7 @@ other="supports-wireless;supports-pcmcia;supports-serial-console" smp="smp-alternatives" goodies="supports-lang-chooser" -status="checked" + +# To re-add the "checked for this arch" or "not-checked for this arch" warnings +# back (see en/bookinfo.xml file), add "checked" or "not-checked" to status here. +status="" \ No newline at end of file Index: build/arch-options/arm64 === --- build/arch-options/arm64 (Revision 70848) +++ build/arch-options/arm64 (Arbeitskopie) @@ -24,4 +24,7 @@ other="supports-serial-console" smp="defaults-smp" goodies="supports-lang-chooser" -status="new-arch;not-checked" + +# To re-add the "checked for this arch" or "not-checked for this arch" warnings +# back (see en/bookinfo.xml file), add "checked" or "not-checked" to status here. +status="new-arch" Index: build/arch-options/armel === --- build/arch-options/armel (Revision 70848) +++ build/arch-options/armel (Arbeitskopie) @@ -24,4 +24,7 @@ other="supports-serial-console" smp="" goodies="supports-lang-chooser" -status="checked" + +# To re-add the "checked for this arch" or "not-checked for this arch" warnings +# back (see en/bookinfo.xml file), add "checked" or "not-checked" to status here. +status="" Index: build/arch-options/armhf === --- build/arch-options/armhf (Revision 70848) +++ build/arch-options/armhf (Arbeitskopie) @@ -24,4 +24,7 @@ other="supports-serial-console" smp="smp-alternatives" goodies="supports-lang-chooser" -status="checked" + +# To re-add the "checked for this arch" or "not-checked for this arch" warnings +# back (see en/bookinfo.xml file), add "checked" or "not-checked" to status here. +status="" Index: build/arch-options/hppa === --- build/arch-options/hppa (Revision 70848) +++ build/arch-options/hppa (Arbeitskopie) @@ -20,4 +20,7 @@ other="supports-serial-console" smp="supports-smp" goodies="supports-lang-chooser" -status="not-checked" + +# To re-add the "checked for this arch" or "not-checked for this arch" warnings +# back (see en/bookinfo.xml file), add "checked" or "not-checked" to status here. +status="" Index: build/arch-options/i386 === --- build/arch-options/i386 (Revision 70848) +++ build/arch-options/i386 (Arbeitskopie) @@ -24,4 +24,7 @@ other="supports-wireless;supports-pcmcia;supports-serial-console" smp="smp-alternatives" goodies="supports-lang-chooser" -status="checked" + +# To re-add the "checked for this arch" or "not-checked for this arch" warnings +# back (see en/bookinfo.xml file), add "checked" or "not-checked" to status here. +status="" Index: build/arch-options/ia64 === --- build/arch-options/ia64 (Revision 70848) +++ build/arch-options/ia64 (Arbeitskopie) @@ -21,4 +21,7 @@ other="supports-serial-console" smp="supports-smp" goodies="supports-lang-chooser" -status="checked" + +# To re-add the "checked for this arch" or "not-checked for this arch" warnings +# back (see en/bookinfo.xml file), add "checked" or "not-checked" to status here. +status="" Index: build/arch-options/mips === --- build/arch-options/mips (Revision 70848) +++ build/arch-options/mips (Arbeitskopie) @@ -20,4 +20,7 @@ other="supports-serial-console" smp="supports-smp-sometimes" goodies="" -status="not-checked" + +# To re-add the "checked for
Bug#833442: marked as done (busybox: CVE-2016-6301: NTP server denial of service flaw)
Your message dated Tue, 26 Sep 2017 20:04:54 +0200 with message-id <1506448...@msgid.manchmal.in-ulm.de> and subject line Re: busybox: CVE-2016-6301: NTP server denial of service flaw has caused the Debian Bug report #833442, regarding busybox: CVE-2016-6301: NTP server denial of service flaw to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 833442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: busybox Version: 1:1.22.0-9 Severity: normal Tags: security upstream patch Hi, the following vulnerability was published for busybox. The config CONFIG_NTPD is not enabled by default, so this only would affect rebuild packages. It is thus marked unimportant in the security-tracker. Opened the bug to track the issue in BTS. CVE-2016-6301[0]: NTP server denial of service flaw If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6301 Regards, Salvatore --- End Message --- --- Begin Message --- fixed 833442 1:1.27.2-1 thanks > the following vulnerability was published for busybox. The config > CONFIG_NTPD is not enabled by default, so this only would affect > rebuild packages. It is thus marked unimportant in the > security-tracker. Opened the bug to track the issue in BTS. > > CVE-2016-6301[0]: > NTP server denial of service flaw > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. This was fixed in the recent upload to unstable/sid which already migrated to testing/buster. Since the ntpd module is not enabled in Debian's busybox build, it's basically a change in unsued sources that wasn't worth being mentioned in the changelog. For the same reason this will not be handled in (old){0,2}stable. Now closing. Christoph signature.asc Description: Digital signature --- End Message ---
Processed: Re: busybox: CVE-2016-6301: NTP server denial of service flaw
Processing commands for cont...@bugs.debian.org: > fixed 833442 1:1.27.2-1 Bug #833442 [src:busybox] busybox: CVE-2016-6301: NTP server denial of service flaw Marked as fixed in versions busybox/1:1.27.2-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 833442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#876866: installation-report: no boot from USB upon removing installation memory-key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: installation-reports Version: 2.63 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** - -- Package-specific info: Boot method: USB Image version: https://caesar.ftp.acc.umu.se/cdimage/weekly-builds/amd64/iso-cd/debian-testing-amd64-netinst.iso, 2017-09-25 Date: 2017-09-26, AM Machine: FSC Futro S700 thin-client Partitions: user@debian:~$ df -Tl Filesystem Type 1K-blocks Used Available Use% Mounted on udev devtmpfs352644 0352644 0% /dev tmpfs tmpfs72788 2448 70340 4% /run /dev/sdb6 btrfs 12694528 892484 9764220 9% / tmpfs tmpfs 363928 0363928 0% /dev/shm tmpfs tmpfs 5120 0 5120 0% /run/lock tmpfs tmpfs 363928 0363928 0% /sys/fs/cgroup /dev/sdb1 ext4463826 40061395298 10% /boot tmpfs tmpfs72784 0 72784 0% /run/user/1000 Base System Installation Checklist: [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it Initial boot: [E] Detect network card:[o] Configure network: [o] Detect CD: [o] Load installer modules: [o] Clock/timezone setup: [o] User/password setup:[o] Detect hard drives: [o] Partition hard drives: [o] Install base system:[o] Install tasks: [o] Install boot loader:[E] Overall install:[o] Comments/Problems: Installing base system only and ssh-server went basically fine, but the system was not bootable upon the process. Instead I had to edit the grub-entry manually and change the linux-root from /dev/sdc5 --> /dev/sdb5 becuase, the USB-key from which the installer ran was removed, as recommended, and thus the device-name of the filesystem-root changed. This made the system bootable permanenty, without editing grub-command-line every time: root@debian:/etc/grub.d# grub-mkdevicemap root@debian:/etc/grub.d# man grub-mkdevicemap root@debian:/etc/grub.d# ls /boot/grub device.map fonts grub.cfg grubenv i386-pc locale unicode.pf2 root@debian:/etc/grub.d# cat /boot/grub/device.map (hd0) /dev/disk/by-id/ata-InnoDisk_Corp._DRPS-02GJ30AC1DS-A88_20121025AABB3024 (hd1) /dev/disk/by-id/usb-Kingston_DataTraveler_3.0_00190F0C0293EF51597374C3-0:0 root@debian:/etc/grub.d# man grub-mkconfig root@debian:/etc/grub.d# info grub-mkconfig root@debian:/etc/grub.d# update-grub Generating grub configuration file ... Found linux image: /boot/vmlinuz-4.12.0-2-amd64 Found initrd image: /boot/initrd.img-4.12.0-2-amd64 done root@debian:/etc/grub.d# init 6 Result: === root@debian:/home/user# cat /boot/grub/grub.cfg # # DO NOT EDIT THIS FILE # # It is automatically generated by grub-mkconfig using templates # from /etc/grub.d and settings from /etc/default/grub # ### BEGIN /etc/grub.d/00_header ### if [ -s $prefix/grubenv ]; then set have_grubenv=true load_env fi if [ "${next_entry}" ] ; then set default="${next_entry}" set next_entry= save_env next_entry set boot_once=true else set default="0" fi if [ x"${feature_menuentry_id}" = xy ]; then menuentry_id_option="--id" else menuentry_id_option="" fi export menuentry_id_option if [ "${prev_saved_entry}" ]; then set saved_entry="${prev_saved_entry}" save_env saved_entry set prev_saved_entry= save_env prev_saved_entry set boot_once=true fi function savedefault { if [ -z "${boot_once}" ]; then saved_entry="${chosen}" save_env saved_entry fi } function load_video { if [ x$feature_all_video_module = xy ]; then insmod all_video else insmod efi_gop insmod efi_uga insmod ieee1275_fb insmod vbe insmod vga insmod video_bochs insmod video_cirrus fi } if [ x$feature_default_font_path = xy ] ; then font=unicode else insmod part_msdos insmod btrfs set root='hd1,msdos6' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos6 --hint-efi=hd1,msdos6 - --hint-baremetal=ahci1,msdos6 --hint='hd1,msdos6' 45d6feea-f580-4282-9b09-24ad2909b1ee else search --no-floppy --fs-uuid --set=root 45d6feea-f580-4282-9b09-24ad2909b1ee fi font="/usr/share/grub/unicode.pf2" fi if loadfont $font ; then set gfxmode=auto load_video insmod gfxterm set locale_dir=$prefix/locale set lang=en_GB insmod gettext fi terminal_output gfxterm if [ "${recordfail}" = 1 ] ; then set timeout=30 else if [ x$feature_timeout_style = xy ] ; then set timeout_style=menu set timeout=5 # Fallback normal timeout code in case the timeout_style feature is # unavailable.
Bug#876773: flash-kernel: Please add support for the original SolidRun CuBox (Dove)
Hi Vagrant, thanks for your reply! I have now come up with a revised script taking your comments into consideration. Am 25.09.2017 um 21:22 schrieb Vagrant Cascadian: > On 2017-09-25, Josua Mayer wrote: >> The SolidRun CuBox has very good support in Mainline Linux. >> Thus it is a great candidate for supporting it in Debian. > ... >> I have come up with the database entry below, and this preliminary >> boot-script: >> setenv loadaddr 0x0200 >> setenv loadaddrrd 0x2000 >> setenv bootargs console=ttyS0,115200n8 >> ${fstype}load ${device_name} 0:${partition} ${loadaddr} /boot/uImage >> ${fstype}load ${device_name} 0:${partition} ${loadaddrrd} /boot/uInitrd >> bootm $loadaddr $loadaddrrd > loaddr is already set in your environment, no need to set it again. Yes. I just wanted to be verbose. > > If you use: > > setenv bootargs @@LINUX_KERNEL_CMDLINE_DEFAULTS@@ ${bootargs} ${console} > @@LINUX_KERNEL_CMDLINE@@ > > Then flash-kernel can be configured with options from > /etc/default/flash-kernel. Ack > > And have this before the load/bootm parts: > > @@UBOOT_ENV_EXTRA@@ > > Then local environment overrides can be set from > /etc/flash-kerenel/ubootenv.d or /usr/share/flash-kernel/ubootenv.d. Ack > > >> I am running U-Boot 2009.08-dirty (Mar 09 2013 - 18:15:45) Marvell version: >> 5.4.4 NQ SR1. >> It comes with a prepopulated bootcmd environment variable that tries out: >> - usb sata(ide) mmc >> - partitions 1,2 >> - directores / and /boot >> to find a boot.scr. >> At the time of loading it, these variables are set accordingly: >> device_name, partition, directory, fstype >> which can be used in our boot.scr. > You also *might* want to emulate upstream u-boot conventions and use the > variables consistant with other boot scripts, and set up a thin > compatibility layer: > > setenv kernel_addr_r $loadaddr > setenv ramdisk_addr_r 0x2000 > setenv devtype $device_name > setenv devnum 0 > setenv bootpart $partition > setenv distro_bootpart $partition > setenv prefix $directory > > With that at the top of your file, you could probably copy the > uboot-generic script and make minor modifications to get it working > (change "load" to "${fstype}load" and "bootz" to "bootm", change "/boot" > to "${prefix}"), and it would be more similar to the standard boot > scripts, and it'd be easier to adapt if upstream u-boot support was > later added with distro_bootcmd support. True. I decided to structure it very similar, but avoid the copy. > > >> One important thing that is missing, is bootargs! >> We need to set: console, root, rootfstype, rootwait > Your bootscript already sets the console in bootargs, so I'm not sure > what you mean... That is what I meant. It would be neat using just console=${console}, but the console variable in u-boot is set to console=console=ttyS0,115200useNandHal=single which is not nice style. So I hardcoded it now. > >> - rootfstype could be gathered from fstype > I would not assume that the / fs and /boot fs are the same. But, you > shouldn't need to set that if you're using an initrd that can detect the > filesystem on it's own (e.g. initramfs-tools). Ack > >> - any ideas how to generate the root= option? >> Ideally we could use UUID= there! >> Or does Bootloader-Sets-Incorrect-Root: yes help here? > Again, with initramfs-tools, flash-kernel adds a root= entry based on > fstab in the initrd, so that in that case, you don't need root= defined > in the u-boot environment. Ack. After regenerating my initrd, I managed to boot with cmdline: console=ttyS0,115200n8 quiet > > > live well, > vagrant br Josua Mayer # Boot-Script for SolidRun CuBox (Dove) # environment variables provided by the 2009.08* vendor U-Boot: # device_name [usb,mmc,ide] # partition [1,2] # directory [/,/boot/] # fstype [ext4,fat] # set load-address for ramdisk image setenv loadaddrrd 0x2000 # set up serial console as default setenv console ttyS0,115200n8 # set bootargs setenv bootargs @@LINUX_KERNEL_CMDLINE_DEFAULTS@@ console=${console} @@LINUX_KERNEL_CMDLINE@@ # set up distr-boot-like variable names where possible setenv devnum 0 setenv devtype ${device_name} setenv distro_bootpart ${partition} setenv kernel_addr_r ${loadaddr} setenv prefix ${directory} setenv ramdisk_addr_r ${loadaddrrd} # allow overriding u-boot environment @@UBOOT_ENV_EXTRA@@ # look for boot images where this script was loaded from setenv partition ${distro_bootpart} # Boot it ${fstype}load ${devtype} ${devnum}:${partition} ${kernel_addr_r} ${prefix}uImage ${fstype}load ${devtype} ${devnum}:${partition} ${ramdisk_addr_r} ${prefix}uInitrd echo "Booting Debian from ${devtype} ${devnum}:${partition}..." bootm ${kernel_addr_r} ${ramdisk_addr_r} ** LOADER ** U-Boot 2009.08-dirty (Mar 09 2013 - 18:15:45) Marvell version: 5.4.4 NQ SR1 BootROM: Version on chip: 2.33 Status: OK Retries #: 0 Board: CuBox SoC: 88AP510 (A1) CPU: Marvell Sheeva (Rev 5) CPU @ 800Mhz, L2 @ 400Mhz