Bug#1072687: [Pkg-utopia-maintainers] Bug#1072687: Bug on Debian 12 Bookworm - RJ-45 wired network does not start when booting Debian

[Michael Biebl]

Am 06.06.24 um 18:04 schrieb Michael Biebl:

Control: tags -1 + moreinfo

Am 06.06.24 um 16:37 schrieb Marco Moock:

Am 06.06.2024 um 16:30:16 Uhr schrieb pham...@bluewin.ch:


RJ-45 wired network does not start when booting Debian.
The problem occurs once for about ten successful starts, about once a
week for me. Attached is a screenshot of my workstation booting with
the problem described. Thanks in advance for trying to fix this.


Without more information this isn't useful.

Run dmesg when networking isn't successful and show the output.



Right, withouth further information its basically impossible to further 
investigate the issue.
A good starting point for providing more information is man 
NetworkManager → DEBUGGING


Please provide (trace) logs showing the problem.


It would also be good to know why you think this is a Debian specific 
problem. The Debian network-manager basically ships no patches.

So it would be better to file such issues upstream at

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1072687: [Pkg-utopia-maintainers] Bug#1072687: Bug on Debian 12 Bookworm - RJ-45 wired network does not start when booting Debian

[Michael Biebl]

Control: tags -1 + moreinfo

Am 06.06.24 um 16:37 schrieb Marco Moock:

Am 06.06.2024 um 16:30:16 Uhr schrieb pham...@bluewin.ch:


RJ-45 wired network does not start when booting Debian.
The problem occurs once for about ten successful starts, about once a
week for me. Attached is a screenshot of my workstation booting with
the problem described. Thanks in advance for trying to fix this.


Without more information this isn't useful.

Run dmesg when networking isn't successful and show the output.



Right, withouth further information its basically impossible to further 
investigate the issue.
A good starting point for providing more information is man 
NetworkManager → DEBUGGING


Please provide (trace) logs showing the problem.

Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1072517: /etc/apparmor.d/cockpit-desktop in Zeile 1: Could not open 'abi/4.0'

[Michael Biebl]

Package: cockpit-ws
Version: 317-1
Severity: serious
File: /etc/apparmor.d/cockpit-desktop

During todays boot I encountered the following failure:

× apparmor.service - Load AppArmor profiles
 Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; preset: 
enabled)
 Active: failed (Result: exit-code) since Mon 2024-06-03 14:35:42 CEST; 
1min 55s ago
 Invocation: 05781cbd4c8c4e7e96203d87010c5716
   Docs: man:apparmor(7)
 https://gitlab.com/apparmor/apparmor/wikis/home/
Process: 1014 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, 
status=1/FAILURE)
   Main PID: 1014 (code=exited, status=1/FAILURE)

Jun 03 14:35:42 mars apparmor.systemd[1014]: Restarting AppArmor
Jun 03 14:35:42 mars apparmor.systemd[1014]: Reloading AppArmor profiles
Jun 03 14:35:42 mars apparmor.systemd[1026]: AppArmor-Analysefehler f?r 
/etc/apparmor.d in profile /etc/apparmor.d/cockpit-desktop in Zeile 1: Could 
not open 'abi/4.0': Datei oder Verzeichnis nicht gefunden
Jun 03 14:35:42 mars apparmor.systemd[1040]: Skipping profile in 
/etc/apparmor.d/disable: usr.bin.thunderbird
Jun 03 14:35:42 mars apparmor.systemd[1065]: AppArmor-Analysefehler f?r 
/etc/apparmor.d/cockpit-desktop in profile /etc/apparmor.d/cockpit-desktop in 
Zeile 1: Could not open 'abi/4.0': Datei oder Verzeichnis nicht gefunden
Jun 03 14:35:42 mars apparmor.systemd[1134]: Skipping profile in 
/etc/apparmor.d/disable: usr.bin.thunderbird
Jun 03 14:35:42 mars apparmor.systemd[1014]: Error: At least one profile failed 
to load
Jun 03 14:35:42 mars systemd[1]: apparmor.service: Main process exited, 
code=exited, status=1/FAILURE
Jun 03 14:35:42 mars systemd[1]: apparmor.service: Failed with result 
'exit-code'.
Jun 03 14:35:42 mars systemd[1]: Failed to start apparmor.service - Load 
AppArmor profiles.

I suppose, the cockpit-desktop AA profile uses features that are not
available on Debian:

# apt-cache policy apparmor
apparmor:
  Installed: 3.0.13-2
  Candidate: 3.0.13-2
  Version table:
 *** 3.0.13-2 500
500 http://deb.debian.org/debian sid/main amd64 Packages
100 /var/lib/dpkg/status


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.12-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cockpit-ws depends on:
ii  adduser 3.137
ii  glib-networking 2.80.0-1
ii  libc6   2.38-12
ii  libcrypt1   1:4.4.36-4
ii  libglib2.0-0t64 2.80.2-2
ii  libgnutls30t64  3.8.5-4
ii  libgssapi-krb5-21.20.1-6+b1
ii  libjson-glib-1.0-0  1.8.0-2+b1
ii  libpam0g1.5.3-7
ii  libsystemd0 256~rc3-7
ii  openssl 3.2.1-3
ii  systemd 256~rc3-7

cockpit-ws recommends no packages.

Versions of packages cockpit-ws suggests:
ii  python33.11.8-1
pn  sssd-dbus  

-- no debconf information

Bug#1072105: /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring.

[Michael Biebl]

Control: reopen -1

On Tue, 28 May 2024 17:15:02 +0100 Luca Boccassi  wrote:

Control: tags -1 wontfix
Control: close -1

On Tue, 28 May 2024 17:44:54 +0200 Michael Biebl 
wrote:
> Package: systemd
> Version: 256~rc3-4
> Severity: normal
> 
> 
> Please do not not ship conflicting configuration for /run/lock
> 
> /usr/lib/tmpfiles.d/debian.conf:d /run/lock    1777 root root -   -

> /usr/lib/tmpfiles.d/legacy.conf:d /run/lock 0755 root root -
> 
> triggering unnecessary warnings.


This is needed to apply debian-specific changes, just ignore it, it's
harmless


Besides the obvious warning message, shipping conflicting tmpfiles 
configuration snippets also has the problem, that depending on which 
file you override, one or the other becomes active.


Say you create a /etc/tmpfiles.d/debian.conf, then the configuration in 
legacy.conf becomes active and vise versa.

This is highly confusing.

tmpfiles entries are not easily overridable, as the mechanism is per 
file and not per entry.


So, either legacy.conf gets split up so individual entries can be 
overridden or your patch legacy.conf.


The current approach is not sufficient.


Btw, please don't close bug reports without CCing the bug submitter. 
That's rude.


Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1072105: (no subject)

[Michael Biebl]

please do find a proper solution.

wontfix is it not.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1072105: /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring.

[Michael Biebl]

Package: systemd
Version: 256~rc3-4
Severity: normal


Please do not not ship conflicting configuration for /run/lock

/usr/lib/tmpfiles.d/debian.conf:d /run/lock1777 root root -   -
/usr/lib/tmpfiles.d/legacy.conf:d /run/lock 0755 root root -

triggering unnecessary warnings.

Bug#966621: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]

[Michael Biebl]

Am 06.05.24 um 12:18 schrieb Luca Boccassi:

Defaults are defaults, they are trivially and fully overridable where
needed if needed. Especially container and VM managers these days can
super trivially override them via SMBIOS Type11 strings or
Credentials, ephemerally and without changing the guest image at all.



Aligning defaults across distros does have value.
That said, a distro like Debian has a larger scope than say a desktop 
oriented one like Fedora.
Debian is used on a broad spectrum of systems: from embedded to server 
to cloud to desktop.
So I think it is valuable to gather feedback from all affected parties 
to make an informed decision.


What upstream is doing should not be the only driving factor.


Michael



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#966621: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]

[Michael Biebl]

Am 05.05.24 um 22:04 schrieb Luca Boccassi:

This will be mentioned in NEWS (and I guess in the release notes when
the time comes), together with the instructions to override for anybody
wanting to keep the old behaviour, which is as trivial as:



..


touch /etc/tmpfiles.d/tmp.conf


This doesn't restore the old/current behaviour, which is to cleanup /tmp 
on boot. For that you would need something like


echo "D /tmp 1777 root root -" > /etc/tmpfiles.d/tmp.conf


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#966621: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]

[Michael Biebl]

We have two separate issues here:

a/ /tmp-on-tmpfs
b/ time based clean-up of /tmp and /var/tmp

I think it makes sense to discuss/handle those separately.

Regarding a/:
tmp.mount as shipped by systemd uses the following mount options:
"mode=1777,strictatime,nosuid,nodev,size=50%"

In the past there were concerns that those 50% of available RAM wasn't a 
one-size-fits-all solution, especially for (LXC) containers and VMs


One also needs to keep in mind that debian-installer still offers a 
partitioning setup with /tmp on a separate partition. This will be 
created via an entry in /etc/fstab. Such a /tmp entry in /etc/fstab will 
override tmp.mount.


If we go with a/, then I think d-i should be updated to no longer create 
/tmp as a separate partition.



Regarding b/:
The current setup as used in Debian is to only clean /tmp on boot (which 
is pointless with /tmp-on-tmpfs) and never clean up /var/tmp


The tmpfiles rule tmp.conf as shipped by systemd upstream contains:

q /tmp 1777 root root 10d
q /var/tmp 1777 root root 30d

Files that are older then 10 days or 30 days are automatically cleaned 
up. The age of the files are determined as such:


"The age of a file system entry is determined from its last modification 
timestamp (mtime), its last access timestamp (atime), and (except for 
directories) its last status change timestamp (ctime). By default, any 
of these three (or two) values will prevent cleanup if it is more recent 
than the current time minus the age field."


I'm not sure if we have software on long running servers which place 
files in /tmp and /var/tmp and expect files to not be deleted during 
runtime, even if not accessed for a long time. This is certainly an 
issue to be aware of and keep an eye on.



Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1069789: test_bluetooth_hidpp_mouse autopkgtest fails

[Michael Biebl]

Control: severity -1 important

Seems to pass pretty reliably on debci, thus downgrading to important.
https://ci.debian.net/packages/u/upower/

Regards,
Michael

On Wed, 24 Apr 2024 23:34:48 +0500 Andrey Rakhmatullin  
wrote:

Package: upower
Version: 1.90.3-1
Severity: serious

Control: forwarded -1 https://gitlab.freedesktop.org/upower/upower/-/issues/228
Control: tags -1 + upstream

https://ci.debian.net/packages/u/upower/unstable/amd64/45053064/

217s ==
217s ERROR: test_bluetooth_hidpp_mouse
(__main__.Tests.test_bluetooth_hidpp_mouse)
217s Logitech Bluetooth LE mouse with HID++ kernel support
217s --
217s Traceback (most recent call last):
217s   File "/usr/libexec/upower/integration-test.py", line 2337, in
test_bluetooth_hidpp_mouse
217s self.assertEqual(self.get_dbus_dev_property(bat0_up, 'Model'), alias)
217s  
217s   File "/usr/libexec/upower/integration-test.py", line 273, in
get_dbus_dev_property
217s return self.dbus.call_sync(UP, device,
217s^^^
217s gi.repository.GLib.GError: g-dbus-error-quark:
GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Object does not exist at
path “/org/freedesktop/UPower/devices/mouse_dev_11_22_33_44_AA_BB” (19)


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages upower depends on:
ii  dbus   1.14.10-4+b1
ii  libc6  2.37-18
ii  libglib2.0-0t642.78.4-7
ii  libgudev-1.0-0 238-5
ii  libimobiledevice6  1.3.0-7.1+b1
ii  libplist3  2.2.0-7+b1
ii  libupower-glib31.90.3-1
ii  udev   255.4-1+b1

Versions of packages upower recommends:
ii  polkitd  124-2

upower suggests no packages.

-- debconf-show failed


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1070236: python3-samba: SyntaxError during configuration phase of package on upgrade

[Michael Biebl]

Control: reopen -1
Control: found -1 2:4.19.6+dfsg-3

On Thu, 2 May 2024 11:58:59 -0700 "Leo L. Schwab"  wrote:

Did you fix this one, too?

---
Performing actions...
Setting up python3-samba (2:4.19.6+dfsg-2) ...
  File "/usr/lib/python3/dist-packages/samba/ms_schema_markdown.py", line 25
try
   ^
SyntaxError: expected ':'
  File "/usr/lib/python3/dist-packages/samba/ms_schema_markdown.py", line 25
try
   ^
SyntaxError: expected ':'
dpkg: error processing package python3-samba (--configure):
---

Schwab




I also get
  File "/usr/lib/python3/dist-packages/samba/ms_schema_markdown.py", 
line 27

except ImportError e:
   ^
SyntaxError: invalid syntax


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1015201: logcheck: Update patterns, here: rsyslogd

[Michael Biebl]

Am 02.05.24 um 09:39 schrieb Richard Lewis:
lOn Mon, 29 Apr 2024, 14:19 Helge Kreutzmann, > wrote:


Am Sat, Apr 27, 2024 at 07:11:40PM +0100 schrieb Richard Lewis:
 > On Sun, 17 Jul 2022 17:28:11 +0100 Richard Lewis
 > mailto:richard.lewis.deb...@googlemail.com>> wrote:

 > Hi Helge. Apologies no-one has replied to this bug report for 2 years
 > and that this response isnt going to be what you want!

Thanks for taking care of it anyhow, I noticed that it is not worth
reporting improvements to logcheck proper.


i hope to convince you otherwise! pleae report issues again!


 > debian usually doesnt add rules to filter startup messages as it
tends
 > to add a lot of rules

Indeed, startup rules are quite helpful, because then I see what was
*different* during startup, i.e. if something got wrong. 



totally agree

For servers,
this is not very useful, but for workstatins it is. Btw., the current
rules also deal with startup:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: imklog [0-9.]+, log
source = /proc/kmsg started.$


i think that practice and theory have diverged here! or possibly this 
is/was produced when logs are rotated.


The latest autopkgtest test for logcheck passed successfully [1], so I'm 
inclined to close this bug report.


If the log check rules do need an update, they should be accompanied 
with a corresponding autopkgtest.


As I don't use logcheck, I will have to rely on someone to contribute 
those changes. Ideally in the form of a MR on salsa at

https://salsa.debian.org/debian/rsyslog


Regards,
Michael

[1] https://ci.debian.net/packages/r/rsyslog/unstable/amd64/46052568/


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1070019: [Pkg-utopia-maintainers] Bug#1070019: Bug#1070019: udisks2: autopkgtest failure: fsconfig system call failed: /dev/sr1: Can't open blockdev

[Michael Biebl]

Am 29.04.24 um 14:03 schrieb Michael Biebl:

It appears that this is a regression introduced in util-linux 2.40-7.
The udisks2 test suite passes with 2.40-6.

So I assume it's one of the upstream changes from
"""
   * Import upstream stable/v2.40 up to 
a8aa0b5f154a44557f5bae5a4027bdbfe42b0323

     * lsns: fix netns use
     * libmount: fix comment typo for mnt_fs_get_comment()
     * libmount: Fix access check for utab in context
     * lsblk: simplify SOURCES code
     * findmnt: always zero-terminate SOURCES data
     * agetty: Don't override TERM passed by the user
     * libsmartcols: reset wrap after calculation
     * lslocks: remove a unused local variable
     * lslocks: don't abort gathering per-process information even if
   opening a /proc/[0-9]* fails
     * lsns: tolerate lsns_ioctl(fd, NS_GET_{PARENT,USERNS}) failing 
with ENOSYS
     * lsns: report with warnx if a namespace related ioctl fails with 
ENOSYS

     * Fix misplaced else in mnt_update_already_done
     * findmnt: revise the code for -I and -D option (Closes: #1069634)
     * libblkid: topology/ioctl: simplify ioctl handling
     * libblkid: topology/ioctl: correctly handle kernel types
     * pam_lastlog2: link against liblastlog
     * libblkid: Fix segfault when blkid.conf doesn't exist (Closes: 
#1069634)

"""
that broke udisks2.



Please disregard what I wrote above. I made a mistake when testing with 
a trixie qemu VM and the util-linux packages weren't actually upgraded 
but stayed on 2.39




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1070019: [Pkg-utopia-maintainers] Bug#1070019: udisks2: autopkgtest failure: fsconfig system call failed: /dev/sr1: Can't open blockdev

[Michael Biebl]

Am 28.04.24 um 18:20 schrieb Chris Hofstaedtler:

Source: udisks2
Version: 2.10.1-6
Severity: serious

Hi,

udisks2's autopkgtest fails when tried together with util-linux 2.40. An
example can be seen here:
https://ci.debian.net/packages/u/udisks2/testing/amd64/46012968/

537s ==
537s FAIL: test_ext4 (__main__.FS.test_ext4)
537s fs: ext4
537s --
537s Traceback (most recent call last):
537s   File "/tmp/autopkgtest.btnhgm/build.cz4/src/src/tests/integration-test", 
line 1107, in _do_udisks_check
537s cd_fs.call_mount_sync(ro_options, None)
537s gi.repository.GLib.GError: udisks-error-quark: 
GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Error mounting /dev/sr1 at 
/media/root/41b1acb1-744c-422a-9071-2dba5368a683: fsconfig system call failed: 
/dev/sr1: Can't open blockdev (0)
537s
537s During handling of the above exception, another exception occurred:
537s
537s Traceback (most recent call last):
537s   File "/tmp/autopkgtest.btnhgm/build.cz4/src/src/tests/integration-test", 
line 725, in test_ext4
537s self._do_fs_check('ext4')
537s   File "/tmp/autopkgtest.btnhgm/build.cz4/src/src/tests/integration-test", 
line 894, in _do_fs_check
537s self._do_udisks_check(fs_type)
537s   File "/tmp/autopkgtest.btnhgm/build.cz4/src/src/tests/integration-test", 
line 1112, in _do_udisks_check
537s self.fail('Mounting read-only device with \'rw\' option failed'
537s AssertionError: Mounting read-only device with 'rw' option failedwith an 
unexpected error.
537s Got: udisks-error-quark: GDBus.Error:org.freedesktop.UDisks2.Error.Failed: 
Error mounting /dev/sr1 at /media/root/41b1acb1-744c-422a-9071-2dba5368a683: 
fsconfig system call failed: /dev/sr1: Can't open blockdev (0)
537s Expected: 'is write-protected but explicit read-write mode requested' or 
'is write-protected but `rw' option given'

I do not understand what this error means, or what the underlying problem is.
Please investigate.


It appears that this is a regression introduced in util-linux 2.40-7.
The udisks2 test suite passes with 2.40-6.

So I assume it's one of the upstream changes from
"""
  * Import upstream stable/v2.40 up to 
a8aa0b5f154a44557f5bae5a4027bdbfe42b0323

* lsns: fix netns use
* libmount: fix comment typo for mnt_fs_get_comment()
* libmount: Fix access check for utab in context
* lsblk: simplify SOURCES code
* findmnt: always zero-terminate SOURCES data
* agetty: Don't override TERM passed by the user
* libsmartcols: reset wrap after calculation
* lslocks: remove a unused local variable
* lslocks: don't abort gathering per-process information even if
  opening a /proc/[0-9]* fails
* lsns: tolerate lsns_ioctl(fd, NS_GET_{PARENT,USERNS}) failing 
with ENOSYS
* lsns: report with warnx if a namespace related ioctl fails with 
ENOSYS

* Fix misplaced else in mnt_update_already_done
* findmnt: revise the code for -I and -D option (Closes: #1069634)
* libblkid: topology/ioctl: simplify ioctl handling
* libblkid: topology/ioctl: correctly handle kernel types
* pam_lastlog2: link against liblastlog
* libblkid: Fix segfault when blkid.conf doesn't exist (Closes: 
#1069634)

"""
that broke udisks2.



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1069710: [Pkg-utopia-maintainers] Bug#1069710: network-manager: WWAN adapter (Modem) is not found after update of stable Debian

[Michael Biebl]

Well, the network-manager version did not changed between 12.2 and 12.5

So it's most likely a regression in some other part, like the kernel.

If you want to see this fixed, you will likely need to narrow down the 
problem to the actual package update which caused the regression.



Michael
Am 23.04.24 um 15:04 schrieb beer-b...@yandex.ru:

Yesterday as planned update
Debian 12.2.0-14 -> Debian 12.5

Kernel was updated as well
 From Linux 6.1.0-18-amd64 (working) to Linux 6.1.0-20-amd64
23.04.2024, 16:17, "Michael Biebl" :

Control: tags -1 + moreinfo

Am 23.04.2024 um 12:09 schrieb Serge Polyakov:

  Package: network-manager
  Version: 1.42.4-1
  Severity: important
  X-Debbugs-Cc: beer-b...@yandex.ru <mailto:beer-b...@yandex.ru>

  Dear Maintainer,

  *** Reporter, please consider answering these questions, where
appropriate ***

  * What led up to the situation?

  After updating stable Debian to the latest version my laptop
losts modem
  device.


  From which version did you upgrade?
What was the last working version?
Did the upgrade involve other components like the kernel?





OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1069710: [Pkg-utopia-maintainers] Bug#1069710: network-manager: WWAN adapter (Modem) is not found after update of stable Debian

[Michael Biebl]

Control: tags -1 + moreinfo

Am 23.04.2024 um 12:09 schrieb Serge Polyakov:

Package: network-manager
Version: 1.42.4-1
Severity: important
X-Debbugs-Cc: beer-b...@yandex.ru

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

* What led up to the situation?

After updating stable Debian to the latest version my laptop losts modem
device.


From which version did you upgrade?
What was the last working version?
Did the upgrade involve other components like the kernel?




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1068763: [Pkg-utopia-maintainers] Bug#1068763: upower: Please update to 1.90.4

[Michael Biebl]

Control: tags -1 + moreinfo

Am 10.04.2024 um 15:38 schrieb Jeremy Bícha:

Source: upower
Version: 1.90.3-1
Severity: wishlist
X-Debbugs-CC: bi...@debian.org

Please update upower to 1.90.4. It was released yesterday with a fix
for a significant disk write/ CPU use issue.

https://gitlab.freedesktop.org/upower/upower/-/releases/v1.90.4


I might be mistaken, but 1.90.4 is just 1.90.3 with NEWS updated?
https://gitlab.freedesktop.org/upower/upower/-/compare/v1.90.3...v1.90.4?from_project_id=139=false





OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1068591: systemd-container: doesn't list a default package for default-dbus-system-bus dependency

[Michael Biebl]

Am 07.04.24 um 18:19 schrieb Raphaël Halimi:

Note 1: one could think that it's debootstrap's fault for not resolving 
dependencies on virtual packages; indeed, it has already been reported 
several times (#878961, merged with #827602 and #931760; as well as 
Launchpad #86536) unfortunately never fixed yet; but, IMHO, since 
systemd-container is usually needed in systemd-nspawn containers, and 
(except for the host) is usually installed via debootstrap, it makes it 
kind of a special case, in the sense that systemd (as a whole) should 
take care that systemd-nspawn containers can be built and started easily.


As you correctly noticed, this is a bug/fault in debootstrap.
I don't think individual packages should work around that, so I'm 
included to close this as wontfix (or reassign/merge to debootstrap).


Fwiw, you might use an alternative debootstrap tool like mmdebstrap 
which works properly in that regard.






OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1068443: systemd: "systemctl --user ..." results in Connection refused

[Michael Biebl]

Am 05.04.24 um 11:38 schrieb Fabian Greffrath:

Package: systemd
Version: 255.4-1
Severity: normal

Hi,

sorry if this is a trivial question, but I am somehow new to this
systemd/systemctl stuff - or at least until now everything worked as
expected. ;)

Whenever I try to load a user service, systemctl immediately quits my
attempt with the following error:

$ systemctl --user enable fluidsynth.service
Failed to connect to bus: Connection refused

Even merely calling "systemctl --user" without any further arguments
leads to the same result, so I am sure it's not a syntax error on the
command line.

What am I doing wrong?

Thanks for your help!


What's the output of `ps ux | grep systemd`? I.e. do you actually have a 
`systemd --user` instance running as well as a dbus user bus.

systemd-cgls output and loginctl for your user might be helpful as well.

Is the problem reproducible after a reboot?
Is the problem reproducible for a freshly created user?

Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#745103: [Pkg-utopia-maintainers] Bug#745103: Bug#795023: [network-manager] Bricks DNS when disconnecting from a VPN, separately ignores instruction not to use VPN DNS servers

[Michael Biebl]

Am 04.04.24 um 07:21 schrieb Julian Gilbey:


Hi Michael,

Ah, you've probably just solved my problem - thank you!  I had no idea
that there was another network management tool involved.  A quick look
suggests that it's ifupdown, so I'll try removing that and see what
happens.


Don't forget to remove the configuration from /etc/network/interfaces 
(or completely remove that file) after uninstalling ifupdown.


Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#745103: [Pkg-utopia-maintainers] Bug#745103: Bug#795023: [network-manager] Bricks DNS when disconnecting from a VPN, separately ignores instruction not to use VPN DNS servers

[Michael Biebl]

Am 03.04.24 um 13:42 schrieb Julian Gilbey:

On Thu, Aug 20, 2015 at 09:20:10PM +0100, OmegaPhil wrote:

Package: network-manager
Version: 1.0.4-1

I have played around with this some more - the idea with the work VPN
connection is not that it takes over everything, but simply that one
particular IP address gets routed to it - everything else works as normal.

This is why I'm ignoring routes etc, with 'Automatic (VPN) addresses
only' used with the intention of not fiddling with the current DNS
configuration, which is failing.

The workaround is to manually set 'DNS servers' and 'Search domains' to
the normal values outside of the VPN, rather than leaving them blank,
which Network Manager can't seem to cope with.


I can confirm that something like this is still happening with
network-manager 1.46.0-1 (Debian testing machine), when using
network-manager-strongswan: before switching on the VPN,
/etc/resolv.conf reads:

nameserver 192.168.0.1
nameserver 0.0.0.0


If that is really /etc/resolv.conf verbatim, it means it was not created 
by NetworkManager. Which somehow suggests you use another network 
management tool besides NetworkManager.
A mix and match is not a good idea and as far as I'm concerned, 
unsupportable.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1067491: time_t transition upgrade: failed systemctl call in preinst due to missing pre-dependencies

[Michael Biebl]

Please see the related MR
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/75

By dropping the hand-written maintscript code, we should mitigate this 
problem, as the problematic code would not be run on upgrades.
In addition, the generated maintscript code used "|| true", so would 
ignore the systemctl/deb-systemd-invoke failure.


Unless of course restart-after-upgrade is not actually what you want for 
mariadb-server.


In this case though, the hand-written code should be removed nonetheless 
but we would need to adjust the dh_installsystemd call in debian/rules 
to use the old stop-before-upgrade/start-after-upgrade behaviour.


Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1067052: [Pkg-utopia-maintainers] Bug#1067052: network-manager: Wrong priorities for OpenVPN connections

[Michael Biebl]

Control: tags -1 + moreinfo

Where exactly is the problem?
Please highlight it explicitly.
Please also share your NM configuration for the openvpn connection.

Am 17.03.2024 um 18:18 schrieb Evgeny Fishgalov:


eugrus@eugensdebianpc:~$ ip route # without VPN
default via 192.168.178.1 dev enp0s25
default via 192.168.178.1 dev enp0s25 proto dhcp src 192.168.178.25 
metric 100
10.0.3.0/24  dev lxcbr0 proto kernel scope link src 
10.0.3.1 linkdown

169.254.0.0/16  dev enp0s25 scope link metric 1000
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25 metric

100
192.168.178.1 dev enp0s25 scope link
eugrus@eugensdebianpc:~$ ip route # VPN established from Network Manager
default via 192.168.178.1 dev enp0s25
default via 10.8.0.1 dev tun0 proto static metric 50
default via 192.168.178.1 dev enp0s25 proto dhcp src 192.168.178.25 
metric 100
10.0.3.0/24  dev lxcbr0 proto kernel scope link src 
10.0.3.1 linkdown
10.8.0.0/24  dev tun0 proto kernel scope link src 
10.8.0.2 metric 50

94.198.134.88 via 192.168.178.1 dev enp0s25 proto static metric 50
169.254.0.0/16  dev enp0s25 scope link metric 1000
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25 metric

100
192.168.178.1 dev enp0s25 scope link
192.168.178.1 dev enp0s25 proto static scope link metric 50
eugrus@eugensdebianpc:~$ ip route # VPN established with sudo openvpn
0.0.0.0/1  via 10.8.0.1 dev tun0
default via 192.168.178.1 dev enp0s25
default via 192.168.178.1 dev enp0s25 proto dhcp src 192.168.178.25 
metric 100
10.0.3.0/24  dev lxcbr0 proto kernel scope link src 
10.0.3.1 linkdown
10.8.0.0/24  dev tun0 proto kernel scope link src 
10.8.0.2

94.198.134.88 via 192.168.178.1 dev enp0s25
128.0.0.0/1  via 10.8.0.1 dev tun0
169.254.0.0/16  dev enp0s25 scope link metric 1000
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25 metric

100
192.168.178.1 dev enp0s25 scope link

Kind regards,
Evgeny Fishgalov


-- System Information:
Debian Release: 12.5
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable')

Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-17-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), 
LANGUAGE=ru_RU:ru

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages network-manager depends on:
ii  adduser                         3.134
ii  dbus [default-dbus-system-bus]  1.14.10-1~deb12u1
ii  libaudit1                       1:3.0.9-1
ii  libbluetooth3                   5.66-1+deb12u1
ii  libc6                           2.36-9+deb12u4
ii  libcurl3-gnutls                 7.88.1-10+deb12u5
ii  libglib2.0-0                    2.74.6-2
ii  libgnutls30                     3.7.9-2+deb12u2
ii  libjansson4                     2.14-2
ii  libmm-glib0                     1.20.4-1
ii  libndp0                         1.8-1
ii  libnewt0.52                     0.52.23-1+b1
ii  libnm0                          1.42.4-1
ii  libpsl5                         0.21.2-1
ii  libreadline8                    8.2-1.3
ii  libselinux1                     3.4-1+b6
ii  libsystemd0                     252.22-1~deb12u1
ii  libteamdctl0                    1.31-1
ii  libudev1                        252.22-1~deb12u1
ii  policykit-1                     122-3
ii  polkitd                         122-3
ii  udev                            252.22-1~deb12u1

Versions of packages network-manager recommends:
ii  dnsmasq-base [dnsmasq-base]  2.89-1
ii  libpam-systemd               252.22-1~deb12u1
ii  modemmanager                 1.20.4-1
ii  ppp                          2.4.9-1+1.1+b1
ii  wireless-regdb               2022.06.06-1
ii  wpasupplicant                2:2.10-12

Versions of packages network-manager suggests:
ii  iptables       1.8.9-2
pn  libteam-utils  

Versions of packages network-manager is related to:
ii  isc-dhcp-client  4.4.3-P1-2

-- no debconf information

___
Pkg-utopia-maintainers mailing list
pkg-utopia-maintain...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1066531: policykit-1: FTBFS: ../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Werror=implicit-function-declaration]

[Michael Biebl]

Am 15.03.24 um 19:55 schrieb Michael Biebl:

Control: tags -1 - patch

On Wed, 13 Mar 2024 13:01:49 + Mark Hindley  
wrote:

Control: tags -1 patch

I also bumped into this whilst rebuilding src:policykit-1 yesterday.

There is an upstream patch[1], but it doesn't fix the build for me; I 
think it

is patching the wrong files.The problem appears to be multiple copies of
mocklibc. AFAICS ./test/mocklibc is not used in favour of a meson 
subproject.


The pkla-compat tarball also has mocklibc, but that is also patched 
already.


We should drop pkla-compat in trixie. But that is a separate issue.


Getting the multiple layers of quilt and meson patches to work was
unpleasant. So the attached patch may save you some time.

HTH

Mark

[1]  
https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5




Thanks for the patch
Unfortunately it fails to apply to the src:policykit-1 package as 
shipped in Debian sid. Thus marking the bug report accordingly.




Thanks for hint regarding diff_files for wrapped Meson projects.

I've submitted this upstream as 
https://github.com/polkit-org/polkit/pull/436


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1066531: policykit-1: FTBFS: ../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Werror=implicit-function-declaration]

[Michael Biebl]

Control: tags -1 - patch

On Wed, 13 Mar 2024 13:01:49 + Mark Hindley  wrote:

Control: tags -1 patch

I also bumped into this whilst rebuilding src:policykit-1 yesterday.

There is an upstream patch[1], but it doesn't fix the build for me; I think it
is patching the wrong files.The problem appears to be multiple copies of
mocklibc. AFAICS ./test/mocklibc is not used in favour of a meson subproject.

The pkla-compat tarball also has mocklibc, but that is also patched already.

Getting the multiple layers of quilt and meson patches to work was
unpleasant. So the attached patch may save you some time.

HTH

Mark

[1]  
https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5



Thanks for the patch
Unfortunately it fails to apply to the src:policykit-1 package as 
shipped in Debian sid. Thus marking the bug report accordingly.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1041552: HFS/HFS+ are insecure

[Michael Biebl]

Hi Marco

On Sun, 27 Aug 2023 02:34:04 +0200 Marco d'Itri  wrote:

Control: reassign -1 udisks2
Control: retitle -1 do not mount automatically unmaintained file systems

On Jul 20, md wrote:

> You are totally correct.
> Kernel team, please blacklist HFS/HFS+ for automounting.
As discussed on debian-devel@, this policy should not be handled by the 
kernel because modules autoloading of file systems drivers should not be

disabled.

So I propose this content for a file like
/usr/lib/udev/rules.d/75-insecure-fs.rules:


Just curious: Why did you pick priority 75?


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1042981: Multiarch pitfall: polkitd fails to start if not installed in native architecture

[Michael Biebl]

On Wed, 9 Aug 2023 04:05:43 +0200 Bertram Felgenhauer  wrote:

Luca Boccassi wrote:
[...]
> I don't think this is something we should facilitate by default or
> spend any energy on.
>
> You can correct me if I'm wrong, but I don't see any good reason why
> anybody would need to run a polkitd:i386 on an otherwise amd64 system.
> It's not what happens by default if you have i386 enabled and you type
> 'apt install polkitd' or so.

I agree that there isn't a good reason, and I'm not sure how I ended
up in that situation in the first place (the log files don't go back
far enough). One thing I do know is that polkitd:i386 was marked as
automatically installed, so I almost certainly did not make that
decision deliberately.

My speculation is that this happened while satisfying dependencies for
a third party i386 application. That meant installing required 32 bit
libraries, and one of them must have come with a polkitd dependency,
and the i386 version was selected because I was installing an i386
package.

Anyway, I reported this because I assumed that pinning packages to the
native architecture was easy, so it would be justified even for this
(hopefully!) rare scenario... apparently that's not the case.



As mentioned, unfortunately there is no way to express this dependency 
in a strait forward way.


I've contemplated dropping the Multi-Arch: foreign notation in systemd 
and maybe also for policykit-1.


Is there a valid use case where we need/want a foreign systemd/policykit-1?



Michael




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065676: glome: install library and PAM module into /usr

[Michael Biebl]

Source: glome
Version: 0.1-2
Severity: normal
Tags: patch trixie sid
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. glome installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru glome-0.1/debian/changelog glome-0.1/debian/changelog
--- glome-0.1/debian/changelog  2024-03-06 23:10:56.0 +0100
+++ glome-0.1/debian/changelog  2024-03-08 20:20:29.0 +0100
@@ -1,3 +1,10 @@
+glome (0.1-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install library and PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Fri, 08 Mar 2024 20:20:29 +0100
+
 glome (0.1-2) unstable; urgency=medium
 
   * Add package test for PAM module
diff -Nru glome-0.1/debian/libglome0.install glome-0.1/debian/libglome0.install
--- glome-0.1/debian/libglome0.install  2022-12-11 18:17:46.0 +0100
+++ glome-0.1/debian/libglome0.install  2024-03-08 20:20:29.0 +0100
@@ -1 +1 @@
-lib/*/libglome.so.*
+usr/lib/*/libglome.so.*
diff -Nru glome-0.1/debian/libglome-dev.install 
glome-0.1/debian/libglome-dev.install
--- glome-0.1/debian/libglome-dev.install   2022-12-11 18:06:32.0 
+0100
+++ glome-0.1/debian/libglome-dev.install   2024-03-08 20:20:29.0 
+0100
@@ -1,3 +1,3 @@
-lib/*/libglome.so
-lib/*/pkgconfig/glome.pc
+usr/lib/*/libglome.so
+usr/lib/*/pkgconfig/glome.pc
 usr/include/glome.h
diff -Nru glome-0.1/debian/libpam-glome.install 
glome-0.1/debian/libpam-glome.install
--- glome-0.1/debian/libpam-glome.install   2022-12-11 18:04:33.0 
+0100
+++ glome-0.1/debian/libpam-glome.install   2024-03-08 20:20:29.0 
+0100
@@ -1 +1 @@
-lib/*/security/pam_glome.so
+usr/lib/*/security/pam_glome.so
diff -Nru glome-0.1/debian/not-installed glome-0.1/debian/not-installed
--- glome-0.1/debian/not-installed  2022-12-11 18:07:42.0 +0100
+++ glome-0.1/debian/not-installed  2024-03-08 20:20:29.0 +0100
@@ -1 +1 @@
-lib/*/pkgconfig/glome-login.pc
+usr/lib/*/pkgconfig/glome-login.pc
diff -Nru glome-0.1/debian/rules glome-0.1/debian/rules
--- glome-0.1/debian/rules  2022-12-11 18:03:18.0 +0100
+++ glome-0.1/debian/rules  2024-03-08 20:20:29.0 +0100
@@ -5,6 +5,3 @@
 
 %:
dh $@ --buildsystem=meson
-
-override_dh_auto_configure:
-   dh_auto_configure -- --libdir=/lib/$(DEB_HOST_MULTIARCH)

Bug#1065638: systemd-journald: systemd-journald restart misses SyslogFacility

[Michael Biebl]

Control: tags -1 + upstream

Am 07.03.24 um 20:25 schrieb Kai Palomaki:

Package: systemd
Version: 247.3-7+deb11u4
Severity: normal
X-Debbugs-Cc: armando.va...@gmail.com

Dear Maintainer,

* What led up to the situation?
A systemd service unit "test" has SyslogFacility=local0 set. Service is 
running and logging lines.
Log lines have SYSLOG_FACILITY=16 when observed with journalctl -o verbose.
Restart journald. After restart of journald, log lines have no more 
SYSLOG_FACILITY=16.
To restore SYSLOG_FACILITY=16 in journal logs, one has to restart service unit 
"test".

* What exactly did you do (or not do) that was effective (or
  ineffective)?
systemctl restart systemd-journald.service

* What was the outcome of this action?
journald did not record the SyslogFacility set in the service unit file.

* What outcome did you expect instead?
journald should continue recording SyslogFacility set in the service unit 
file without needing to restart the service having the SyslogFacility set.



The Debian package doesn't ship any patches in that regard, thus this 
issue should be raised upstream.


For that, please try to reproduce the issue first with a recent version 
of systemd (say v254 or v255) and if it's reproducible, report it at

https://github.com/systemd/systemd/issues
and then report back with the issue number.

Thanks,
Michael



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065624: resolved not working after installation, race with dbus and user creation

[Michael Biebl]

Am 07.03.24 um 16:22 schrieb Michael Biebl:

The chain of events afaics is this:

1/ postinst creates systemd-resolve
2/ systemd-resolved.service is started in postinst
3/ dbus trigger is activated after postinst and the dbus config is reloaded

Because the dbus daemon reload happens after the systemd-resolved user 
has been created, systemd-resolved could not successfully claim the 
org.freedesktop.resolve1 D-Bus name.


What we would need to be able to do is to trigger a dbus daemon-reload 
after the system user has been created and before the service is started.


Both is autogenerated code (via dh_installsysusers and 
dh_installsystemd), and there is no way to inject maintscript code 
manually unfortunately.


One way to maybe address this is to make dh_installsysusers generate 
maintscript code to reload dbus.
This could either be done unconditionally, via a dh_installsysusers 
option, or automatically when it finds a D-Bus config file shipped by 
the package (and referencing that user).


dh_installsysusers is part of debhelper, so would need to be addressed 
there.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065624: resolved not working after installation, race with dbus and user creation

[Michael Biebl]

Am 07.03.24 um 15:12 schrieb Timo Weingärtner:

Package: systemd-resolved
Version: 252.22-1~deb12u1
Severity: important
X-Debbugs-Cc: timo.weingaert...@quantumsimulations.de

After installing systemd-resolved name resolution does not work anymore:
8<8<
# apt-get --no-install-recommends install systemd-resolved
[…]
# host debian.org
Host debian.org not found: 2(SERVFAIL)
# resolvectl
Failed to get global data: Connection timed out
# systemctl restart systemd-resolved.service
# host debian.org
debian.org has address […]
[…]
8<8<

The relevant error message from dbus-daemon appears before postinst creates
the user and starts the service.

Maybe creating the user in preinst already, before it is referenced in
dbus config, would be better.

This is the log, including my workaround:


The chain of events afaics is this:

1/ postinst creates systemd-resolve
2/ systemd-resolved.service is started in postinst
3/ dbus trigger is activated after postinst and the dbus config is reloaded

Because the dbus daemon reload happens after the systemd-resolved user 
has been created, systemd-resolved could not successfully claim the 
org.freedesktop.resolve1 D-Bus name.


What we would need to be able to do is to trigger a dbus daemon-reload 
after the system user has been created and before the service is started.


Both is autogenerated code (via dh_installsysusers and 
dh_installsystemd), and there is no way to inject maintscript code 
manually unfortunately.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065567: timedatectl does not recognize ntpsec

[Michael Biebl]

On Wed, 6 Mar 2024 15:07:24 -0600 Richard Laager  wrote:
If I'm understanding this correctly, I just need to install a file with 
the contents "ntpsec.service" to 
/usr/lib/systemd/ntp-units.d/50-ntpsec.list. That's easy enough to do.


Yeah, that's pretty much it.


Regards,
Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065567: timedatectl does not recognize ntpsec

[Michael Biebl]

Control: reassign -1 ntpsec

Actually, I think it's better to just reassign the bug report and let 
Richard decide whether he closes it as wontfix or ships such an 
integration snippet.


Richard, if you are interested in shipping such a ntp-units.d snippet 
and you have further questions, please ask.


Michael

Am 06.03.24 um 19:22 schrieb Michael Biebl:
On Wed, 6 Mar 2024 12:53:47 -0500 Jeffrey Walton  
wrote:

Package: systemd
Version:  255.4-1
Tags: sid

It looks like Systemd's timedatectl does not recognize ntpsec. Using
it results in 'NTP service: n/a':

$ timedatectl
   Local time: Wed 2024-03-06 12:35:32 EST
   Universal time: Wed 2024-03-06 17:35:32 UTC
 RTC time: Wed 2024-03-06 17:35:32
    Time zone: America/New_York (EST, -0500)
System clock synchronized: yes
  NTP service: n/a
  RTC in local TZ: no

According to <https://wiki.debian.org/DateTime#Installing_NTP>, ntpsec
is an option for Debian 11 and below; and default for Debian 12 and
above.

I searched for an upstream bug at <https://github.com/systemd/systemd>
(is that the right place?), but there were no relevant hits. See
<https://github.com/systemd/systemd/issues?q=is%3Aissue+ntpsec>.

Also see <https://lists.debian.org/debian-user/2024/03/msg00145.html>.
That's the debian-users mailing list discussion with GW's comment.


If an NTP service want's to be recognized by timedated, it needs to ship 
a config snippet in /usr/lib/systemd/ntp-units.d/

See man systemd-timedated



LIST OF NETWORK TIME SYNCHRONIZATION SERVICES
   systemd-timesyncd will look for files with a ".list" extension 
in ntp-units.d/ directories. Each file is parsed as a list of unit 
names, one per

  ^
   this is a typo, should be systemd-timedated [1]
   line. Empty lines and lines with comments ("#") are ignored. 
Files are read from /usr/lib/systemd/ntp-units.d/ and the 
corresponding directories
   under /etc/, /run/, /usr/local/lib/. Files in /etc/ override 
files with the same name in /run/, /usr/local/lib/, and /usr/lib/. 
Files in /run/
   override files with the same name under /usr/. Packages should 
install their configuration files in /usr/lib/ (distribution packages) or

   /usr/local/lib/ (local installs).

   Example 1. ntp-units.d/ entry for systemd-timesyncd

   # /usr/lib/systemd/ntp-units.d/80-systemd-timesync.list
   systemd-timesyncd.service

   If the environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is 
set, systemd-timesyncd will parse the contents of that variable as a
   colon-separated list of unit names. When set, this variable 
overrides the file-based list described above.



systemd-timesyncd and chrony do this properly.

# apt-file search /usr/lib/systemd/ntp-units.d/
chrony: /usr/lib/systemd/ntp-units.d/50-chrony.list
systemd-timesyncd: /usr/lib/systemd/ntp-units.d/80-systemd-timesync.list


I've CCed the ntpsec maintainers.
If they have interest in shipping such an integration, then we can 
reassign the bug report. Otherwise I'll just close it, as there is 
nothing we can do on the systemd side


Regards,
Michael

[1] https://github.com/systemd/systemd/pull/31658




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065567: timedatectl does not recognize ntpsec

[Michael Biebl]

On Wed, 6 Mar 2024 12:53:47 -0500 Jeffrey Walton  wrote:

Package: systemd
Version:  255.4-1
Tags: sid

It looks like Systemd's timedatectl does not recognize ntpsec. Using
it results in 'NTP service: n/a':

$ timedatectl
   Local time: Wed 2024-03-06 12:35:32 EST
   Universal time: Wed 2024-03-06 17:35:32 UTC
 RTC time: Wed 2024-03-06 17:35:32
Time zone: America/New_York (EST, -0500)
System clock synchronized: yes
  NTP service: n/a
  RTC in local TZ: no

According to , ntpsec
is an option for Debian 11 and below; and default for Debian 12 and
above.

I searched for an upstream bug at 
(is that the right place?), but there were no relevant hits. See
.

Also see .
That's the debian-users mailing list discussion with GW's comment.


If an NTP service want's to be recognized by timedated, it needs to ship 
a config snippet in /usr/lib/systemd/ntp-units.d/

See man systemd-timedated



LIST OF NETWORK TIME SYNCHRONIZATION SERVICES
   systemd-timesyncd will look for files with a ".list" extension in 
ntp-units.d/ directories. Each file is parsed as a list of unit names, one per

 ^
  this is a typo, should be systemd-timedated [1]

   line. Empty lines and lines with comments ("#") are ignored. Files are 
read from /usr/lib/systemd/ntp-units.d/ and the corresponding directories
   under /etc/, /run/, /usr/local/lib/. Files in /etc/ override files with 
the same name in /run/, /usr/local/lib/, and /usr/lib/. Files in /run/
   override files with the same name under /usr/. Packages should install 
their configuration files in /usr/lib/ (distribution packages) or
   /usr/local/lib/ (local installs).

   Example 1. ntp-units.d/ entry for systemd-timesyncd

   # /usr/lib/systemd/ntp-units.d/80-systemd-timesync.list
   systemd-timesyncd.service

   If the environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is set, 
systemd-timesyncd will parse the contents of that variable as a
   colon-separated list of unit names. When set, this variable overrides 
the file-based list described above.



systemd-timesyncd and chrony do this properly.

# apt-file search /usr/lib/systemd/ntp-units.d/
chrony: /usr/lib/systemd/ntp-units.d/50-chrony.list
systemd-timesyncd: /usr/lib/systemd/ntp-units.d/80-systemd-timesync.list


I've CCed the ntpsec maintainers.
If they have interest in shipping such an integration, then we can 
reassign the bug report. Otherwise I'll just close it, as there is 
nothing we can do on the systemd side


Regards,
Michael

[1] https://github.com/systemd/systemd/pull/31658


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065485: file conflict with qemu-system-common / failure during upgrade

[Michael Biebl]

Package: qemu-system-data
Version: 1:8.2.1+ds-2
Severity: serious

During the lastest upgrade, I get
Preparing to unpack .../qemu-system-data_1%3a8.2.2+ds-1_all.deb ...
Unpacking qemu-system-data (1:8.2.2+ds-1) over (1:8.2.1+ds-2) ...
dpkg: error processing archive 
/var/cache/apt/archives/qemu-system-data_1%3a8.2.2+ds-1_all.deb (--unpack):
 trying to overwrite 
'/usr/share/doc/qemu-system-common/system/arm/aspeed.html', which is also in 
package qemu-system-common 1:8.2.1+ds-2
Errors were encountered while processing:
 /var/cache/apt/archives/qemu-system-data_1%3a8.2.2+ds-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Bug#1064981: Breaks autopkgtest suite of systemd and multipath-tools

[Michael Biebl]

Control: severity -1 important


Hi

On Wed, 28 Feb 2024 18:49:00 +0100 Michael Biebl  wrote:

Source: lvm2
Version: 2.03.22-1
Severity: serious

Hi,

filing this issue with severity RC to prevent testing migration.

It appears the new LVM release breaks both systemd and multipath-tools's
autopkgtest suite

https://ci.debian.net/packages/m/multipath-tools/testing/amd64/43382441/
https://github.com/systemd/systemd/issues/31517


After further investigation, the failure in multipath-tools turned out 
to be a result of

https://salsa.debian.org/linux-blocks-team/multipath-tools/-/blob/master/debian/patches/0002-11-dm-mpath-fix-DM_UDEV_RULES_VSN-check.patch?ref_type=heads
So far this patch had been necessary, since lvm2 itself had modified the 
udev rules downstream, but no longer does that thankfully with the 
latest update.
See the remarks in 
https://github.com/systemd/systemd/issues/31517#issuecomment-1971788035


Chris updated multipath-tools accordingly:
https://salsa.debian.org/linux-blocks-team/multipath-tools/-/commit/902a13b2c628d2cfde74cb78fd1ba4425af3d7d4
and uploaded it as 0.9.7-6. With that, multipath-tools and systemd's 
autopkgtest are unbroken again.


I'm still keeping the bug report open, as you might consider adding a 
versioned breaks against multipath-tools to dmsetup.

Downgrading to non-RC now though.

Regards,
Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065365: Acknowledgement (Fix compatibility with NM 1.44 and above)

[Michael Biebl]

Updating to 5.112.0 or later would be an option as well, as it contains 
this patch, see

https://invent.kde.org/frameworks/networkmanager-qt/-/commits/kf5



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053707: plasma-nm: after upgrade of network-manager shows "no available connection", networking works

[Michael Biebl]

On Mon, 09 Oct 2023 13:21:39 +0200 Erwan David  wrote:

Package: plasma-nm
Version: 4:5.27.8-1
Severity: normal

After an upgrade of the network-manager package, the systray icon says "aucune
connexion disponible" (no available connection in french).
However network works, and ip l/ip a show it



After a bit of digging, this appears to be an issue in networkmanager-qt 
which needs an update to be compatible with NM 1.44 and above


Please see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065365


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065365: Fix compatibility with NM 1.44 and above

[Michael Biebl]

Source: networkmanager-qt
Version: 5.107.0-1
Severity: important
Tags: patch upstream

Dear Qt/KDE maintainers.

I had several users report problems with plasma-nm, which is broken once
NetworkManager.service is restarted (which e.g. happens on package
upgrades).

This was e.g. filed as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053707
or
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065099

After a bit of digging, I think the issue is the one described at
https://bugs.kde.org/show_bug.cgi?id=471870#c19
https://invent.kde.org/frameworks/networkmanager-qt/-/commit/d9a938ddbfb5800503935926301ff2865ab77a6d

Please consider cherry-picking that patch for Debian.

Bug#1065099: [Pkg-utopia-maintainers] Bug#1065099: network-manager: Upgrading to ver 1.46.0-1 from 1.44.2-7 removes system tray functionality

[Michael Biebl]

Am 29.02.24 um 20:39 schrieb Neal:

Package: network-manager
Version: 1.44.2-7
Severity: important
X-Debbugs-Cc: nealheine...@gmail.com

Dear Maintainer,

Reporting again, but with the requested info.

When I upgrade network manager, the wireless system tray icon is replaced by
the icon that indicates no internet connection. Clicking on the icon shows no
available connections. Wireless connectivity is still active though, the system
tray functionality is just borked.

System Info:
Operating System: Debian GNU/Linux Trixie
KDE Plasma Version: 5.27.10
KDE Frameworks Version: 5.107.0
Qt Version: 5.15.10
Kernel Version: 6.6.15-amd64 (64-bit)
Graphics Platform: Wayland
Processors: 8 × Intel® Core™ i5-8250U CPU @ 1.60GHz
Memory: 15.4 GiB of RAM
Graphics Processor: Mesa Intel® UHD Graphics 620
Manufacturer: Dell Inc.
Product Name: Inspiron 7573


Your bug is probably
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053707

As part of the upgrade process, the NetworkManager.service is restarted.
My guess is, that plasma-nm does not properly reconnect when 
NetworkManager.service is restarted and you need to logout/login.


You can try to reproduce the issue by running
sudo systemctl restart NetworkManager.service



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065018: libnma: Switch to gcr4

[Michael Biebl]

On Wed, 28 Feb 2024 22:11:01 -0500 =?UTF-8?Q?Jeremy_B=C3=ADcha?= 
 wrote:

Source: libnma
Version: 1.10.6-2
X-Debbugs-CC: bi...@debian.org

Michael, you asked for gcr4 to be packaged in https://bugs.debian.org/1023632

It is packaged and I am switching many components of Debian GNOME to
use gcr4 instead of the older gcr.


Thanks, updated.


Also, please note that libnma needs an upload to Unstable for the
ongoing time_t transition (there is a package staged in Experimental).
https://bugs.debian.org/1062484 For that upload, it's recommended to
also add a commit like
https://salsa.debian.org/gnome-team/glib/-/commit/136f9c78


No, this was/is a false positive. I've closed the corresponding bug report.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1065074: systemd-journal-remote: Version missmatch between bundled service and systemd version

[Michael Biebl]

Control: severity -1 important

Am 29.02.24 um 13:49 schrieb Simen Rostvik:

Package: systemd-journal-remote
Version: 252.22-1~deb12u1
Severity: normal
X-Debbugs-Cc: reoport...@roxedus.dev

Dear Maintainer,

The version of this package (252) should include a service compatible with 
Systemd of the same version.
This is not the case as the bundled service includes 'RestartSteps' and 
'RestartMaxDelaySec' which are options introduced in Systemd 254.
The introduction is mentioned in the man page for Systemd 
https://www.freedesktop.org/software/systemd/man/254/systemd.service.html#RestartSteps=

This leads to the service failing upon enabling it, with the status pointing 
out that the mentioned options are unkown.



Thanks for this bug report. This is caused by
https://github.com/systemd/systemd-stable/commit/c56b3f7d36f58e4d9f9948a3b50812178c461a26
i.e. was already part of v252.19

I guess the safest approach will be to revert this commit.
Backporting support "RestartSteps" looks like a change not suitable for 
-stable.


Other -stable branches (like v253-stable) are affected too, it seems.


@Luca: Will you take care of this upstream?


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1056137: systemd: downgrading systemd packages kills off the desktop environment

[Michael Biebl]

Am 28.02.24 um 22:22 schrieb Richard Lewis:

On Wed, 28 Feb 2024 18:37:41 +0100 Michael Biebl  wrote:


On Fri, 17 Nov 2023 14:40:05 +0100 Christoph Anton Mitterer
 wrote:

Package: systemd
Version: 255~rc2-1



Because of #1056135 I was downgradin systemd/udev packages to 254.5-1.
While apt was still running, this causes the whole desktop environment
(I use cinnamon) to be killed (and all processes in it ;-) ).




My guess is, that the failures you encountered are due to the following
change in v255:

"""
  Service Manager:

  * The way services are spawned has been overhauled.


I couldnt follow the bit i deleted, and this maybe jumping to
conclusions: are there any implications for upgrading to/after 255
within a desktop environment?
should something be said in the release-notes?



No, upgrades should work fine.
That said, the usual recommendations for dist-upgrades apply
https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html#upgrade-preparations

I.e. it is generally not recommended to dist-upgrade from within a 
desktop session although usually it works.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1055830: systemd in a container fails to set up mount namespacing

[Michael Biebl]

Control: tags -1 + moreinfo help


On Sun, 12 Nov 2023 11:15:45 +0100 Christian Horn  
wrote:

Package: systemd
Version: 252.17-1~deb12u1
Severity: important

Dear Maintainer,

* What led up to the situation?

Fedora39 running as host, Debian Bookworm container is started via podman.
Packages systemd and redis get installed in the container, then trying to
start redis via 'systemctl start redis fails'.
'journalctl -xeu redis-server.service' says:
(s-server)[66]: Failed to mount /run/systemd/inaccessible/reg to 
/run/systemd/unit-root/proc/kallsyms: Permission denied
(s-server)[66]: redis-server.service: Failed to set up mount namespacing: 
/run/systemd/unit-root/proc/kallsyms: Permission denied
(s-server)[66]: redis-server.service: Failed at step NAMESPACE spawning 
/usr/bin/redis-server: Permission denied

* What exactly did you do (or not do) that was effective (or
  ineffective)?

Using a Debian trixie container, the issue does not appear.
I see this on both amd64 and aarch64 architecture.
I think everybody trying to run redis in a Bookworm 
container will hit this issue.




From the provided information it is not obvious that this is actually a 
systemd issue. It could be the kernel or any of the dependencies systemd 
relies on or even redis itself.


In any case, if you think this is a systemd issue, we would need further 
information how to fix this.


So any help is welcome.

Michael




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064981: Breaks autopkgtest suite of systemd and multipath-tools

[Michael Biebl]

Source: lvm2
Version: 2.03.22-1
Severity: serious

Hi,

filing this issue with severity RC to prevent testing migration.

It appears the new LVM release breaks both systemd and multipath-tools's
autopkgtest suite

https://ci.debian.net/packages/m/multipath-tools/testing/amd64/43382441/
https://github.com/systemd/systemd/issues/31517

Bug#1056137: systemd: downgrading systemd packages kills off the desktop environment

[Michael Biebl]

Control: severity -1 wishlist
Control: tags -1 + help

Hi Christoph

On Fri, 17 Nov 2023 14:40:05 +0100 Christoph Anton Mitterer 
 wrote:

Package: systemd
Version: 255~rc2-1
Severity: important

Hey.

Because of #1056135 I was downgradin systemd/udev packages to 254.5-1.
While apt was still running, this causes the whole desktop environment
(I use cinnamon) to be killed (and all processes in it ;-) ).

Tried it twice, happened twice.


I acknowledge that not being able to downgrade is a nuisance.
systemd is not special in that regard though. Quite a few packages that 
I now need to convert their on-disk-files on upgrades to a new format 
which is not easily reversible.
None of those packages have explicit maintainer scripts code though, 
which would prevent a downgrade.

So we do not plan to add maintainer scripts code in systemd either.

My guess is, that the failures you encountered are due to the following 
change in v255:


"""
Service Manager:

* The way services are spawned has been overhauled. Previously, a
  process was forked that shared all of the manager's memory (via
  copy-on-write) while doing all the required setup (e.g.: mount
  namespaces, CGroup configuration, etc.) before exec'ing the 
target
  executable. This was problematic for various reasons: several 
glibc
  APIs were called that are not supposed to be used after a 
fork but

  before an exec, copy-on-write meant that if either process (the
  manager or the child) touched a memory page a copy was 
triggered, and

  also the memory footprint of the child process was that of the
  manager, but with the memory limits of the service. From this 
version

  onward, the new process is spawned using CLONE_VM and CLONE_VFORK
  semantics via posix_spawn(3), and it immediately execs a new 
internal
  binary, systemd-executor, that receives the configuration to 
apply

  via memfd, and sets up the process before exec'ing the target
  executable. The systemd-executor binary is pinned by file 
descriptor

  by each manager instance (system and users), and the reference is
  updated on daemon-reexec - it is thus important to reexec all 
running

  manager instances when the systemd-executor and/or libsystemd*
  libraries are updated on the filesystem.
"""

This is just a guess though.
There is only so much we can do as Debian systemd team. If that issue is 
important to you, please consider investigating this further and 
providing patches, ideally via a MR on salsa.


Michael



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064133: systemd-resolved: Using systemd-resolved as drop-in replacements breaks in conjunction with ifupdown

[Michael Biebl]

On Sat, 17 Feb 2024 16:00:08 +0100 Felix Jacobi  wrote:


In background, this executes `resolvconf -a IFACE.PROTOCOL` and supplies
the nameservers to resolvconf, e.g.

echo 'nameserver 192.0.0.1' | resolvconf -a ens3.inet

However, the systemd-resolved resolvconf implementation removes the
protocol indentifier:

echo "nameserver 192.0.0.1" | resolvconf -a ens3.inet
Dropped protocol specifier '.inet' from 'ens3.inet'. Using 'ens3' (ifindex=2).

This leads to the fact, that only ens3 is used internally. For the
configuration above, this means the previous configured IPv4 nameserver
is completely overriddden with the latter one in the IPv6 stanza.

This also causes several other problems for tools relying on resolvconf
not dropping the protocol identifier and I would consider this a
breaking change compared to the original resolvconf implementation.


The Debian package does not ship any patches in that regard.
It would thus be best if you raise this upstream at
https://github.com/systemd/systemd/issues

I did not immediately find, why resolvectl/resolved does strip away the 
protocol identifier.
At the very least, this incompatibility could be documented in the 
resolvctl man page.


Regards,
Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1024977: mmutf8fix does not fix omusrmsg

[Michael Biebl]

Control: tags -1 + upstream

On Mon, 28 Nov 2022 14:33:04 +1100 "Trent W. Buck"  
wrote:

Package: rsyslog
Version: 8.2102.0-2+deb11u1
Severity: minor

Using the attached rsyslog.conf, with this test log:

/usr/bin/printf 'TEST BYTES 
\xc3\xb1\xc3\x28\xa0\xa1\xe2\x82\xa1\xe2\x28\xa1\xe2\x82\x28\xf0\x90\x8c\xbc\xf0\x28\x8c\xbc\xf0\x90\x28\xbc\xf0\x28\x8c\x28\xf8\xa1\xa1\xa1\xa1\xfc\xa1\xa1\xa1\xa1\xa1'
 | logger -p auth.0 -t invalid-utf8-test

...I find that mmutf8fix has fixed auth.log, but not the emergency
event printed to logged-in terminals.

I *guess* this is because omusrmsg uses "properties" instead of "the message"?

Note that once it has been called, it actually modifies the message.
The original messsage is then no longer available.
However, this DOES NOT CHANGE ANY PROPERTIES set, used or extracted before 
the modification is done.


https://rsyslog.readthedocs.io/en/latest/configuration/modules/mmutf8fix.html


This issue doesn't really bother me, but
it would be nice if it was explicitly mentioned in the documentation, e.g.

For example, omusrmsg will not be affected, because
it uses properties (ignored by mmutf8fix) and ignores the message (fixed by 
mmutf8fix).




As the Debian package does not ship any patches in that regard, please 
consider filing this directly upstream at

https://github.com/rsyslog/rsyslog/issues/
or
https://github.com/rsyslog/rsyslog-doc/issues/ if you think this is a 
documentation issue.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064395: logcheck: rsyslog produces two timestamp formats in latest version

[Michael Biebl]

Am 27.02.24 um 09:50 schrieb Richard Lewis:
thanks - agree logcheck should cope with a default rsyslog output. ... i 
just dont know what that default output is: does the below mean the 
subseconds are now always present?


For locally generated messages, the time stamp includes subsecond precision.
If rsyslog is setup to receive remote messages, it depends on the sender.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064879: systemd: User sessions started from system scope have no journal.

[Michael Biebl]

Am 27.02.24 um 12:11 schrieb Michael Biebl:
On Tue, 27 Feb 2024 09:18:02 +0100 Timon de Groot 

   * What led up to the situation?
 Upstream systemd bugs: #23679, #26742. Can be reproduced when 


..


I'm not able to reproduce the problem given the above instructions.
With an up-to-date test VM, I enabled linger for the user "michael", 
rebooted, then logged in as "michael" and restarted a couple of user 
services like systemctl --user restart dbus.service


As you can see from the screenshot, they do show up in journalctl --user


The upstream bugs you quoted talk about "system users", i.e. their uid 
is < 1000.


Can you post the output of "id myuser"


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064879: systemd: User sessions started from system scope have no journal.

[Michael Biebl]

Control: tags -1 + moreinfo unreproducible

On Tue, 27 Feb 2024 09:18:02 +0100 Timon de Groot 
 wrote:

Package: systemd
Version: 252.22-1~deb12u1
Severity: normal
X-Debbugs-Cc: timon.degr...@hypernode.com

Dear Maintainer,

   * What led up to the situation?
 Upstream systemd bugs: #23679, #26742. Can be reproduced when enabling 
linger for user, rebooting and running journalctl --user.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   Create a bookworm VM with a normal user. Enable linger for that user
   (loginctl enable-linger myuser). Reboot the server. Login as that
   user. Run journalctl --user, no new log output from the current
   systemd user session.
   * What was the outcome of this action?
   New output after enabling lingering does seem to get logged into the
   user's journal. Either you only see the old log entries
   that exist from an older systemd user session or you get to see the
   error "No journal files were found, for journalctl"
   * What outcome did you expect instead?
   Running journalctl --user gives proper output.



I'm not able to reproduce the problem given the above instructions.
With an up-to-date test VM, I enabled linger for the user "michael", 
rebooted, then logged in as "michael" and restarted a couple of user 
services like systemctl --user restart dbus.service


As you can see from the screenshot, they do show up in journalctl --user



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064395: logcheck: rsyslog produces two timestamp formats in latest version

[Michael Biebl]

Hi

On Thu, 22 Feb 2024 19:01:05 + Richard Lewis 
 wrote:

On Thu, 22 Feb 2024, 10:15 Ralf Schlatterbeck,  wrote:

> On Wed, Feb 21, 2024 at 02:52:33PM +0100, Ralf Schlatterbeck wrote:
> >
> > I forgot to mention:
> > There is an upstream (rsyslog) bug-report at
> > https://github.com/rsyslog/rsyslog/issues/5332
>
> Upstream has decided that it is not a bug and that both timestamp
> formats are valid RFC 3339 (I've checked, the grammar explicitly defines
> the sub-seconds part of the timestamp as optional). See link above.
> They also think, logcheck should cope with both formats.
>
> So I guess that logcheck should be prepared to receive both kinds of
> timestamps, the 32-byte version and the 25-byte version (without the
> subseconds timestamp).
>

what is the default, and does logcheck cope with that? there's a limit to
how much to suport out of the box - especially as rsyslog is no longer the
default.


Just to clarify: It is correct that rsyslog is no longer installed by 
default. That said, I would still consider rsyslog the default syslog 
daemon in Debian. Packages that depend on system-log-daemon typically do 
this via a "Depends: rsyslog | system-log-daemon"



if you configure a logger to produce a certain format it's not unreasonable
to also have to edit logcheck rules accordingly

But a longer-term solution is perhaps to allow easier customisation of
rules via "macros"/variables --- a proof-of-concept for this is in
progress, but not.yet ready for testing


Making the individual fields more flexible/customizable sounds like a 
good idea.


Just wanted to add, that syslog-ng also supports RFC3339 timestamps [1].
So any improvements in that regard will also benefit other sysloggers.

As for this specific issue, Ralf has found a way to make ensure that 
remote syslog messages also carry a subseconds timestamp by explicitly 
specifying the format when forwarding the messages [2]


Michael

[1] 
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.36/administration-guide/ts-format

[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064385#29


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064826: Fan noise after systemctl poweroff

[Michael Biebl]

Control: tags -1 + moreinfo

Am 26.02.24 um 11:27 schrieb franchi@modula.network:

Package: systemd
Version: 252.22-1~deb12u1

Debian 12.5 fresh installation.

When  when the commands "shutdown -h" or "systemctl poweroff" reach 
their target, the fans of my server ML350 G11 increase speed and noise 
and remain like this for an indefinite time.

This doens'n happen if I shutdown the server by mean  of the iLO power-off.


Does this also happen if you run
"systemctl poweroff --force"
or
"systemctl poweroff --force --force"


"--force" will omit the shutdown of services, so this should typically 
not be used.

My guess is, that you have a service that does not terminate.

Can you also boot with systemd.log_level=debug (on the kernel command 
line) and then snap a picture of the system during shutdown when it hangs.


Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064126: libvirt: install NSS modules into /usr

[Michael Biebl]

Hi Andrea

Am 26.02.24 um 00:28 schrieb Andrea Bolognani:

On Sun, Feb 25, 2024 at 08:05:36PM +0100, Michael Biebl wrote:

Am 25.02.24 um 19:30 schrieb Andrea Bolognani:

So what I'm wondering right now is, how much does libvirt shipping
these files outside of /usr for a while longer negatively impact the
overall transition plans? I'd be happy to get out of your way as soon
as possible, but at the same time I'm wary of potentially introducing
issues due to the unforeseen interactions between these changes.


It depends on what you understand with "a while longer".
A couple more weeks/months/years/Debian releases?


Definitely not a couple of years or releases! My aim is to make
modular daemons available in trixie.


Obviously I think the sooner we get the usrmerge transition finished in
trixie, the better, to be able to iron out any unforeseen issues.


Right there with you. I just don't want to rush things, especially
since AFAIK some really problematic scenarios can be triggered when
paths are canonicalized at the same time as they are moved across
binary packages.


This is correct. Moving files between packages and from / to /usr at the 
same time corresponds to the file loss scenario described at

https://subdivi.de/~helmut/dep17.html as P1.
See also
https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=helmutg%40debian.org=dep17p1



Going forward, I will focus all the time I can spend on Debian on
reorganizing the libvirt package to enable modular daemons. I hope to
have at least a rough implementation ready within a few weeks.


I don't think postponing the usr-merge changes helps mitigating any 
issues since those need to happen for trixie in one way or another.


My recommendation is to upload the current patch in this bug report 
soon, and do the package re-organisation later  via an upload to 
experimental.

dumat will then pick up any potential issues.
See the recommendations in https://wiki.debian.org/UsrMerge

Regards,
Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064126: libvirt: install NSS modules into /usr

[Michael Biebl]

Am 25.02.24 um 19:30 schrieb Andrea Bolognani:

So what I'm wondering right now is, how much does libvirt shipping
these files outside of /usr for a while longer negatively impact the
overall transition plans? I'd be happy to get out of your way as soon
as possible, but at the same time I'm wary of potentially introducing
issues due to the unforeseen interactions between these changes.


It depends on what you understand with "a while longer".
A couple more weeks/months/years/Debian releases?

Obviously I think the sooner we get the usrmerge transition finished in 
trixie, the better, to be able to iron out any unforeseen issues.


As mentioned, if backportability is an important issue, then 
dh_movetousr could be an option. That said, if you want to backport to 
oldoldstable for example or older Ubuntu releases, you might not even 
have a debhelper with dh_movetousr.


Regards,
Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064539: systemd: DHCPPrefixDelegation does not allow zero value in Token=

[Michael Biebl]

Control: tags -1 + upstream

Am 23.02.24 um 23:00 schrieb Fabian Müller:

Package: systemd
Version: 252.19-1~deb12u1
Severity: normal
Tags: ipv6
X-Debbugs-Cc: fmu+deb...@never-afk.de

Dear Maintainer,


* What led up to the situation?

I wanted systemd-networkd to select the first address (zero) from the ipv6
prefix that was delegated to me. My provider (Vodafone Kabel / Germany) offers
me a /56 prefix via prefix delegation.

My .network file looks like this:

[Match]
Name=enp1s0

[Network]
IPv6AcceptRA=yes
DHCP=yes
DHCPPrefixDelegation=yes

[DHCPv6]
PrefixDelegationHint=::/56
UseDNS=no
UseAddress=no

[DHCPPrefixDelegation]
Token=static:::


* What exactly did you do (or not do) that was effective (or
  ineffective)?

I tried to set the "Token=" option in the [DHCPPrefixDelegation] section of my
.network file as follows:

[DHCPPrefixDelegation]
Token=static:::

* What was the outcome of this action?

The resulting ipv6 address is selects via eui64 instead of static.
So i get a address like this 2001:db8::a60:6eff:feda:858a/64

* What outcome did you expect instead?

I expected the address to be zero. More like this: 2001:db8::/64 (which is a
valid ipv6 address).

I also tried the following values:
Token=static:::0 # does not work
Token=:: # does not work
Token=static::: # does not work
Token=static:::1 # works as expected, but is not what i want, address would be
2001:db8::1/64



The Debian package does not ship any patches in that regard.
It would thus be best if you raise this issue directly upstream at
https://github.com/systemd/systemd/issues if you can reproduce it with 
v254 or v255 (you can pull v254 from bookworm-backports).


Regards,
Michael



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064478: wireless-regdb: install firmware files into /usr

[Michael Biebl]

Source: wireless-regdb
Version: 2022.06.06-1
Severity: normal
Tags: patch trixie sid
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. wireless-regdb installs files into /lib; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru wireless-regdb-2022.06.06/debian/changelog 
wireless-regdb-2022.06.06/debian/changelog
--- wireless-regdb-2022.06.06/debian/changelog  2022-07-30 22:10:23.0 
+0200
+++ wireless-regdb-2022.06.06/debian/changelog  2024-02-22 22:52:06.0 
+0100
@@ -1,3 +1,10 @@
+wireless-regdb (2022.06.06-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install firmware files into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Thu, 22 Feb 2024 22:52:06 +0100
+
 wireless-regdb (2022.06.06-1) unstable; urgency=medium
 
   * New upstream version:
diff -Nru wireless-regdb-2022.06.06/debian/rules 
wireless-regdb-2022.06.06/debian/rules
--- wireless-regdb-2022.06.06/debian/rules  2022-07-12 20:40:10.0 
+0200
+++ wireless-regdb-2022.06.06/debian/rules  2024-02-22 22:52:06.0 
+0100
@@ -1,6 +1,7 @@
 #!/usr/bin/make -f
 
-export CRDA_PATH = /lib/crda
+export CRDA_PATH = /usr/lib/crda
+export FIRMWARE_PATH = /usr/lib/firmware
 export REGDB_AUTHOR  = $(shell dpkg-parsechangelog -SMaintainer | sed 
's:.*<\(.*\)>:\1:')
 export V = 1
 # prevent the build system from calling lsb_release
@@ -41,11 +42,11 @@
 install-wireless-regdb:
$(MAKE) -C debian/build DESTDIR=$(CURDIR)/$(DIR) install
for file in regulatory.db regulatory.db.p7s; do \
-   install -m644 $$file $(DIR)/lib/firmware/$$file-upstream \
-   && mv $(DIR)/lib/firmware/$$file 
$(DIR)/lib/firmware/$$file-debian \
+   install -m644 $$file $(DIR)/usr/lib/firmware/$$file-upstream \
+   && mv $(DIR)/usr/lib/firmware/$$file 
$(DIR)/usr/lib/firmware/$$file-debian \
|| exit; \
done
-   rm -r $(DIR)/lib/crda
+   rm -r $(DIR)/usr/lib/crda
 # regulatory.db.5 just includes regulatory.bin.5, so we need to
 # install the latter as regulatory.db.5
mv $(DIR)/usr/share/man/man5/regulatory.bin.5.gz \
@@ -54,7 +55,7 @@
 install-wireless-regdb-udeb: DIR = debian/wireless-regdb-udeb
 install-wireless-regdb-udeb:
$(MAKE) -C debian/build DESTDIR=$(CURDIR)/$(DIR) install
-   rm -r $(DIR)/lib/crda $(DIR)/usr/share/man
+   rm -r $(DIR)/usr/lib/crda $(DIR)/usr/share/man
rmdir --ignore-fail-on-non-empty -p $(DIR)/usr/share
 
 override_dh_auto_clean:

Bug#1064477: lzo2: install shared library into /usr

[Michael Biebl]

Source: lzo2
Version: 2.10-2
Severity: normal
Tags: patch trixie sid
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. lzo2 installs files into /lib; these should be moved into the
respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru lzo2-2.10/debian/changelog lzo2-2.10/debian/changelog
--- lzo2-2.10/debian/changelog  2020-01-22 21:35:19.0 +0100
+++ lzo2-2.10/debian/changelog  2024-02-22 22:44:26.0 +0100
@@ -1,3 +1,10 @@
+lzo2 (2.10-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install shared library into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Thu, 22 Feb 2024 22:44:26 +0100
+
 lzo2 (2.10-2) unstable; urgency=medium
 
   * Add missing pkg-config build-dependency.
diff -Nru lzo2-2.10/debian/liblzo2-2.install lzo2-2.10/debian/liblzo2-2.install
--- lzo2-2.10/debian/liblzo2-2.install  2020-01-20 11:42:23.0 +0100
+++ lzo2-2.10/debian/liblzo2-2.install  2024-02-22 22:44:18.0 +0100
@@ -1 +1 @@
-lib/*/*.so.*
+usr/lib/*/*.so.*
diff -Nru lzo2-2.10/debian/liblzo2-2-udeb.install 
lzo2-2.10/debian/liblzo2-2-udeb.install
--- lzo2-2.10/debian/liblzo2-2-udeb.install 2020-01-20 11:42:23.0 
+0100
+++ lzo2-2.10/debian/liblzo2-2-udeb.install 2024-02-22 22:44:21.0 
+0100
@@ -1 +1 @@
-lib/*/*.so.*
+usr/lib/*/*.so.*
diff -Nru lzo2-2.10/debian/rules lzo2-2.10/debian/rules
--- lzo2-2.10/debian/rules  2020-01-22 19:13:05.0 +0100
+++ lzo2-2.10/debian/rules  2024-02-22 22:44:10.0 +0100
@@ -18,9 +18,6 @@
 
 override_dh_auto_install:
dh_auto_install
-   mkdir -p $(DEB_DESTDIR)/lib/$(DEB_HOST_MULTIARCH)
-   mv $(DEB_DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.* 
$(DEB_DESTDIR)/lib/$(DEB_HOST_MULTIARCH)
-   ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(basename $$(readlink 
$(DEB_DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so)) 
$(DEB_DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so
mkdir -p $(DEB_DESTDIR)/usr/share/lzo/minilzo
install -D -m 644 minilzo/README.LZO minilzo/minilzo.c 
minilzo/minilzo.h include/lzo/lzoconf.h include/lzo/lzodefs.h 
$(CURDIR)/debian/tmp/usr/share/lzo/minilzo
 

Bug#1064430: android-sdk-meta: install udev rules into /usr

[Michael Biebl]

Source: android-sdk-meta
Version: 28.0.2+9
Severity: normal
Tags: patch trixie sid
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. android-sdk-meta installs files into /lib; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru 
android-sdk-meta-28.0.2+9/debian/android-sdk-platform-tools-common.install 
android-sdk-meta-28.0.2+9+nmu1/debian/android-sdk-platform-tools-common.install
--- android-sdk-meta-28.0.2+9/debian/android-sdk-platform-tools-common.install  
2023-01-24 07:07:40.0 +0100
+++ 
android-sdk-meta-28.0.2+9+nmu1/debian/android-sdk-platform-tools-common.install 
2024-02-22 00:34:35.0 +0100
@@ -1,3 +1,3 @@
-51-android.rules lib/udev/rules.d
+51-android.rules usr/lib/udev/rules.d
 debian/android-sdk.metainfo.xml  usr/share/metainfo
 platform-tools/* usr/lib/android-sdk/platform-tools
diff -Nru android-sdk-meta-28.0.2+9/debian/changelog 
android-sdk-meta-28.0.2+9+nmu1/debian/changelog
--- android-sdk-meta-28.0.2+9/debian/changelog  2023-01-24 07:07:40.0 
+0100
+++ android-sdk-meta-28.0.2+9+nmu1/debian/changelog 2024-02-22 
00:34:36.0 +0100
@@ -1,3 +1,10 @@
+android-sdk-meta (28.0.2+9+nmu1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install udev rules into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Thu, 22 Feb 2024 00:34:36 +0100
+
 android-sdk-meta (28.0.2+9) unstable; urgency=medium
 
   * Team upload.

Bug#1064400: discover-data: install files into /usr

[Michael Biebl]

Source: discover-data
Version: 2.2013.01.13
Severity: normal
Tags: patch trixie sid
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. discover-data installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru discover-data-2.2013.01.13/debian/changelog 
discover-data-2.2013.01.13+nmu1/debian/changelog
--- discover-data-2.2013.01.13/debian/changelog 2022-01-09 10:27:19.0 
+0100
+++ discover-data-2.2013.01.13+nmu1/debian/changelog2024-02-21 
14:53:10.0 +0100
@@ -1,3 +1,10 @@
+discover-data (2.2013.01.13+nmu1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install files into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Wed, 21 Feb 2024 14:53:10 +0100
+
 discover-data (2.2013.01.13) unstable; urgency=medium
 
   * Rewrite debian/rules using dh, keeping only a few directives.
diff -Nru discover-data-2.2013.01.13/debian/rules 
discover-data-2.2013.01.13+nmu1/debian/rules
--- discover-data-2.2013.01.13/debian/rules 2022-01-09 10:26:49.0 
+0100
+++ discover-data-2.2013.01.13+nmu1/debian/rules2024-02-21 
14:52:44.0 +0100
@@ -4,10 +4,10 @@
dh $@
 
 override_dh_auto_build:
-   dh_auto_build -- hwlistsdir=/lib/discover
+   dh_auto_build -- hwlistsdir=/usr/lib/discover
 
 override_dh_auto_install:
-   dh_auto_install -- hwlistsdir=/lib/discover
+   dh_auto_install -- hwlistsdir=/usr/lib/discover
 
 override_dh_installchangelogs:
dh_installchangelogs ChangeLog

Bug#1064399: openvpn: install systemd files into /usr

[Michael Biebl]

Source: openvpn
Version: 2.6.7-1
Severity: normal
Tags: patch trixie sid
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. openvpn installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead or defer the placement of the
unit files to systemd.pc.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru openvpn-2.6.7/debian/changelog openvpn-2.6.7/debian/changelog
--- openvpn-2.6.7/debian/changelog  2023-11-11 22:01:15.0 +0100
+++ openvpn-2.6.7/debian/changelog  2024-02-21 14:43:14.0 +0100
@@ -1,3 +1,10 @@
+openvpn (2.6.7-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install systemd generator and units into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Wed, 21 Feb 2024 14:43:14 +0100
+
 openvpn (2.6.7-1) unstable; urgency=medium
 
   [ Aquila Macedo ]
diff -Nru openvpn-2.6.7/debian/openvpn.install 
openvpn-2.6.7/debian/openvpn.install
--- openvpn-2.6.7/debian/openvpn.install2023-11-11 22:01:15.0 
+0100
+++ openvpn-2.6.7/debian/openvpn.install2024-02-21 14:40:37.0 
+0100
@@ -1 +1 @@
-debian/openvpn-generator /lib/systemd/system-generators
+debian/openvpn-generator /usr/lib/systemd/system-generators
diff -Nru openvpn-2.6.7/debian/rules openvpn-2.6.7/debian/rules
--- openvpn-2.6.7/debian/rules  2023-11-11 22:01:15.0 +0100
+++ openvpn-2.6.7/debian/rules  2024-02-21 14:39:48.0 +0100
@@ -5,7 +5,7 @@
 ENV_VARS   := IFCONFIG=/sbin/ifconfig ROUTE=/lib/freebsd/route
 EXTRA_ARGS :=
 else
-ENV_VARS   := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password 
SYSTEMD_UNIT_DIR=/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d
+ENV_VARS   := SYSTEMD_ASK_PASSWORD=/usr/bin/systemd-ask-password 
SYSTEMD_UNIT_DIR=/usr/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d
 EXTRA_ARGS := --enable-systemd --enable-dco
 endif
 

Bug#1064396: libinput: install udev files into /usr

[Michael Biebl]

Source: libinput
Version: 1.25.0-1
Severity: normal
Tags: patch trixie sid
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libinput installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead or defer the placement of the
unit files to udev.pc.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libinput-1.25.0/debian/changelog libinput-1.25.0/debian/changelog
--- libinput-1.25.0/debian/changelog2024-02-05 13:20:23.0 +0100
+++ libinput-1.25.0/debian/changelog2024-02-21 14:23:22.0 +0100
@@ -1,3 +1,10 @@
+libinput (1.25.0-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install udev rules and helpers into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Wed, 21 Feb 2024 14:23:22 +0100
+
 libinput (1.25.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libinput-1.25.0/debian/libinput10-udeb.install 
libinput-1.25.0/debian/libinput10-udeb.install
--- libinput-1.25.0/debian/libinput10-udeb.install  2024-01-24 
16:25:22.0 +0100
+++ libinput-1.25.0/debian/libinput10-udeb.install  2024-02-21 
14:23:22.0 +0100
@@ -1,3 +1,3 @@
-lib/udev
+usr/lib/udev
 usr/lib/*/libinput.so.10*
 usr/share/libinput
diff -Nru libinput-1.25.0/debian/libinput-bin.install 
libinput-1.25.0/debian/libinput-bin.install
--- libinput-1.25.0/debian/libinput-bin.install 2024-01-24 16:25:22.0 
+0100
+++ libinput-1.25.0/debian/libinput-bin.install 2024-02-21 14:23:22.0 
+0100
@@ -1,2 +1,2 @@
-lib/udev
+usr/lib/udev
 usr/share/libinput
diff -Nru libinput-1.25.0/debian/rules libinput-1.25.0/debian/rules
--- libinput-1.25.0/debian/rules2024-01-24 16:25:22.0 +0100
+++ libinput-1.25.0/debian/rules2024-02-21 14:23:22.0 +0100
@@ -7,12 +7,12 @@
 override_dh_auto_configure:
dh_auto_configure -B build-deb -- \
-Ddocumentation=false \
-   -Dudev-dir=/lib/udev
+   -Dudev-dir=/usr/lib/udev
 
 ifeq ($(with_udeb),yes)
dh_auto_configure -B build-udeb -- \
-Ddocumentation=false \
-   -Dudev-dir=/lib/udev \
+   -Dudev-dir=/usr/lib/udev \
-Dlibwacom=false
 endif
 

Bug#1064385: rsyslog: New default log format is different for local and remote log

[Michael Biebl]

Am 21.02.24 um 12:09 schrieb Ralf Schlatterbeck:

Unfortunately this causes logcheck to completely ignore all the remote logs
because it matches on a 32-byte timestamp (and the timestamp of the remote
machine only has 25 byte).


This is a bug in the logcheck rules, I'd say. It should deal with 
timestamps having no subseconds resolution.


https://www.rsyslog.com/doc/configuration/properties.html
I suppose that for remote messages it uses "timereported", which 
typically uses a resolution in seconds


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064385: rsyslog: New default log format is different for local and remote log

[Michael Biebl]

Control: tags -1 + upstream

Am 21.02.24 um 12:09 schrieb Ralf Schlatterbeck:

Package: rsyslog
Version: 8.2302.0-1
Severity: important

Dear Maintainer,

I'm using rsyslog to log local events and remote events to the same log.
For this I've enabled UDP receiving.
The main machine is the host, while the other machines logging via UDP are
virtual machines running on that host. The network carrying the syslog traffic
is not visible outside the host machine.

The version of rsyslog in Debian stable now uses the new international
timestamp format by default. Unfortunately this format differs for local and
remote logs.

The local machine by default logs in the following format:
2024-02-16T22:05:52.315463+01:00 tux [...]

while a machine logging via UDP appears like this:
2024-02-16T22:06:02+01:00 tux1 [...]

Please observe that the sub-seconds part of the timestamp is not included in
the remote logs.

Unfortunately this causes logcheck to completely ignore all the remote logs
because it matches on a 32-byte timestamp (and the timestamp of the remote
machine only has 25 byte).

I had to revert to the old 'traditional' log format (which was the default in
previous versions of syslog shipped by Debian) with the following config line:

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

You will have to remove that line from the appended config file for reproducing
the issue.

Fortunately the old 'traditional' format is still supported by logcheck.

Expected behavior:
The timestamp format logcheck produces with the default configuration should be
made the same for local and remote logs.


The Debian package does not ship any patches in that regard.
It's thus best if you raise this issue directly upstream at
https://github.com/rsyslog/rsyslog/issues



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1059186: sane-backends: installs saned.service mask into /lib

[Michael Biebl]

Control: tags -1 + patch

On Thu, 21 Dec 2023 01:06:01 +0100 Chris Hofstaedtler  
wrote:

Source: sane-backends
Version: 1.2.1-7
User: helm...@debian.org
Usertags: dep17m2

Hi!

sane-backends currently installs this symlink:
  lib/systemd/system/saned.service -> /dev/null

For the ongoing Debian UsrMerge effort [1], /lib should become empty,
and instead /usr/lib should be used.
To find the correct location of saned.service, you can ask
  `pkg-config --variable systemdsystemunitdir systemd`


Please find attached a build-tested patch.
Hard-coding the directory is fine, as long as you don't upload the 
package to stable(-backports). If you plan to do that, please revert the 
patch for the stable upload.


Regards,
Michael

diff -Nru sane-backends-1.2.1/debian/changelog 
sane-backends-1.2.1/debian/changelog
--- sane-backends-1.2.1/debian/changelog2023-12-17 13:05:00.0 
+0100
+++ sane-backends-1.2.1/debian/changelog2024-02-20 19:22:16.0 
+0100
@@ -1,3 +1,10 @@
+sane-backends (1.2.1-7.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install saned.service mask symlink into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Tue, 20 Feb 2024 19:22:16 +0100
+
 sane-backends (1.2.1-7) unstable; urgency=medium
 
   * debian/rules:
diff -Nru sane-backends-1.2.1/debian/sane-utils.links 
sane-backends-1.2.1/debian/sane-utils.links
--- sane-backends-1.2.1/debian/sane-utils.links 2022-02-24 07:34:54.0 
+0100
+++ sane-backends-1.2.1/debian/sane-utils.links 2024-02-20 19:21:27.0 
+0100
@@ -1 +1 @@
-/dev/null  /lib/systemd/system/saned.service
+/dev/null  /usr/lib/systemd/system/saned.service


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064356: vpnc: install systemd unit into /usr

[Michael Biebl]

Source: vpnc
Version: 0.5.3+git20220927-1
Severity: normal
Tags: patch trixie sid
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. vpnc installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead or defer the placement of the
unit files to systemd.pc.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru vpnc-0.5.3+git20220927/debian/changelog 
vpnc-0.5.3+git20220927/debian/changelog
--- vpnc-0.5.3+git20220927/debian/changelog 2022-12-27 20:24:45.0 
+0100
+++ vpnc-0.5.3+git20220927/debian/changelog 2024-02-20 19:13:59.0 
+0100
@@ -1,3 +1,10 @@
+vpnc (0.5.3+git20220927-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install systemd unit into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Tue, 20 Feb 2024 19:13:59 +0100
+
 vpnc (0.5.3+git20220927-1) unstable; urgency=medium
 
   [ Debian Janitor ]
diff -Nru vpnc-0.5.3+git20220927/debian/rules 
vpnc-0.5.3+git20220927/debian/rules
--- vpnc-0.5.3+git20220927/debian/rules 2022-12-27 20:01:18.0 +0100
+++ vpnc-0.5.3+git20220927/debian/rules 2024-02-20 19:13:28.0 +0100
@@ -21,7 +21,7 @@
 
 override_dh_auto_install:
touch install-doc
-   dh_auto_install -- PREFIX=/usr SYSTEMDDIR=/lib/systemd/system install
+   dh_auto_install -- PREFIX=/usr SYSTEMDDIR=/usr/lib/systemd/system 
install
rm -rf ./debian/vpnc/usr/share/licenses
 
 override_dh_fixperms:

Bug#1064317: powertop: install systemd unit into /usr

[Michael Biebl]

Source: powertop
Version: 2.15-2
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. powertop installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead or defer the placement of the
unit files to systemd.pc.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru powertop-2.15/debian/changelog powertop-2.15/debian/changelog
--- powertop-2.15/debian/changelog  2023-11-19 13:38:07.0 +0100
+++ powertop-2.15/debian/changelog  2024-02-19 23:11:13.0 +0100
@@ -1,3 +1,10 @@
+powertop (2.15-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install systemd unit into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Mon, 19 Feb 2024 23:11:13 +0100
+
 powertop (2.15-2) unstable; urgency=medium
 
   [ Rohan Jain ]
diff -Nru powertop-2.15/debian/powertop.install 
powertop-2.15/debian/powertop.install
--- powertop-2.15/debian/powertop.install   2023-11-19 13:24:54.0 
+0100
+++ powertop-2.15/debian/powertop.install   2024-02-19 23:11:11.0 
+0100
@@ -1 +1 @@
-powertop.service lib/systemd/system/
+powertop.service usr/lib/systemd/system/

Bug#1064316: rtkit: install systemd units into /usr

[Michael Biebl]

Source: rtkit
Version: 0.13-5
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. rtkit installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead or defer the placement of the
unit files to systemd.pc.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru rtkit-0.13/debian/changelog rtkit-0.13/debian/changelog
--- rtkit-0.13/debian/changelog 2023-02-27 00:08:26.0 +0100
+++ rtkit-0.13/debian/changelog 2024-02-19 23:02:19.0 +0100
@@ -1,3 +1,10 @@
+rtkit (0.13-5.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install systemd units into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Mon, 19 Feb 2024 23:02:19 +0100
+
 rtkit (0.13-5) unstable; urgency=medium
 
   * Team upload
diff -Nru rtkit-0.13/debian/rules rtkit-0.13/debian/rules
--- rtkit-0.13/debian/rules 2023-02-27 00:07:20.0 +0100
+++ rtkit-0.13/debian/rules 2024-02-19 23:02:09.0 +0100
@@ -13,7 +13,7 @@
 
 override_dh_auto_configure:
dh_auto_configure -- \
-   -Dsystemd_systemunitdir=/lib/systemd/system \
+   -Dsystemd_systemunitdir=/usr/lib/systemd/system \
-Dlibsystemd=enabled \
-Dinstalled_tests=true \
 

Bug#1064315: alsa-topology-conf: install firmware files into /usr

[Michael Biebl]

Source: alsa-topology-conf
Version: 1.2.5.1-2
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. alsa-topology-conf installs files into /lib; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru alsa-topology-conf-1.2.5.1/debian/alsa-topology-conf.install 
alsa-topology-conf-1.2.5.1/debian/alsa-topology-conf.install
--- alsa-topology-conf-1.2.5.1/debian/alsa-topology-conf.install
2021-09-15 13:36:24.0 +0200
+++ alsa-topology-conf-1.2.5.1/debian/alsa-topology-conf.install
2024-02-18 08:52:54.0 +0100
@@ -1,2 +1,2 @@
-*.bin  lib/firmware
+*.bin usr/lib/firmware
 topology usr/share/alsa
diff -Nru alsa-topology-conf-1.2.5.1/debian/changelog 
alsa-topology-conf-1.2.5.1/debian/changelog
--- alsa-topology-conf-1.2.5.1/debian/changelog 2021-09-15 13:48:11.0 
+0200
+++ alsa-topology-conf-1.2.5.1/debian/changelog 2024-02-18 08:52:54.0 
+0100
@@ -1,3 +1,10 @@
+alsa-topology-conf (1.2.5.1-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install firmware files into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sun, 18 Feb 2024 08:52:54 +0100
+
 alsa-topology-conf (1.2.5.1-2) unstable; urgency=medium
 
   [ Jordi Mallach ]

Bug#1064151: apparmor: install PAM module, binaries and helper scripts into /usr

[Michael Biebl]

See also https://salsa.debian.org/apparmor-team/apparmor/-/merge_requests/25


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064151: apparmor: install PAM module, binaries and helper scripts into /usr

[Michael Biebl]

Source: apparmor
Version: 3.0.12-1
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. apparmor installs files into /lib and /sbin; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru apparmor-3.0.12/debian/apparmor.dirs 
apparmor-3.0.12/debian/apparmor.dirs
--- apparmor-3.0.12/debian/apparmor.dirs2023-07-16 16:39:37.0 
+0200
+++ apparmor-3.0.12/debian/apparmor.dirs2024-02-17 20:14:05.0 
+0100
@@ -4,5 +4,4 @@
 /etc/apparmor.d/tunables/home.d
 /etc/apparmor.d/tunables/multiarch.d
 /etc/apparmor.d/tunables/xdg-user-dirs.d
-/lib/apparmor/
 /var/cache/apparmor
diff -Nru apparmor-3.0.12/debian/apparmor.install 
apparmor-3.0.12/debian/apparmor.install
--- apparmor-3.0.12/debian/apparmor.install 2023-07-16 16:39:37.0 
+0200
+++ apparmor-3.0.12/debian/apparmor.install 2024-02-17 20:14:05.0 
+0100
@@ -23,16 +23,16 @@
 etc/apparmor.d/tunables/xdg-user-dirs
 etc/apparmor.d/tunables/xdg-user-dirs.d
 etc/apparmor/parser.conf
-lib/apparmor/profile-load
-sbin/apparmor_parser
 parser/aa-teardown /usr/sbin/
-parser/apparmor.systemd /lib/apparmor/
-lib/apparmor/rc.apparmor.functions
+parser/apparmor.systemd usr/lib/apparmor/
+usr/lib/apparmor/profile-load
+usr/lib/apparmor/rc.apparmor.functions
 usr/bin/aa-enabled
 usr/bin/aa-exec
 usr/bin/aa-features-abi
 usr/sbin/aa-remove-unknown
 usr/sbin/aa-status
+usr/sbin/apparmor_parser
 usr/sbin/apparmor_status
 usr/share/locale/*/LC_MESSAGES/aa-binutils.mo
 usr/share/locale/*/LC_MESSAGES/apparmor-parser.mo
diff -Nru apparmor-3.0.12/debian/changelog apparmor-3.0.12/debian/changelog
--- apparmor-3.0.12/debian/changelog2023-07-16 16:39:37.0 +0200
+++ apparmor-3.0.12/debian/changelog2024-02-17 20:14:10.0 +0100
@@ -1,3 +1,10 @@
+apparmor (3.0.12-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module, binaries and helper scripts into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 20:14:10 +0100
+
 apparmor (3.0.12-1) unstable; urgency=medium
 
   * New upstream releases: 3.0.9, 3.0.10, 3.0.11, and 3.0.12
diff -Nru apparmor-3.0.12/debian/libpam-apparmor.install 
apparmor-3.0.12/debian/libpam-apparmor.install
--- apparmor-3.0.12/debian/libpam-apparmor.install  2023-07-16 
16:39:37.0 +0200
+++ apparmor-3.0.12/debian/libpam-apparmor.install  2024-02-17 
20:14:05.0 +0100
@@ -1 +1 @@
-lib/security/pam_apparmor.so
+usr/lib/*/security/pam_apparmor.so
diff -Nru apparmor-3.0.12/debian/rules apparmor-3.0.12/debian/rules
--- apparmor-3.0.12/debian/rules2023-07-16 16:39:37.0 +0200
+++ apparmor-3.0.12/debian/rules2024-02-17 20:14:05.0 +0100
@@ -1,11 +1,10 @@
 #!/usr/bin/make -f
 
 include /usr/share/dpkg/pkg-info.mk
+include /usr/share/dpkg/architecture.mk
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow optimize=+lto
 
-export DEB_HOST_ARCH_OS   ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
-
 export PERL_VENDORARCH := $(shell perl -MConfig -e 'print 
substr($$Config{vendorarch},1)' )
 export PYTHON=/usr/bin/python3
 export PYTHON_VERSION=3
@@ -108,7 +107,7 @@
install-indep
 
install -D -m 755 $(CURDIR)/debian/non-linux/fake_apparmor_util \
-   $(CURDIR)/debian/tmp/sbin/apparmor_parser
+   $(CURDIR)/debian/tmp/usr/sbin/apparmor_parser
install -D -m 755 $(CURDIR)/debian/non-linux/fake_apparmor_util \
$(CURDIR)/debian/tmp/usr/bin/aa-enabled
install -D -m 755 $(CURDIR)/debian/non-linux/fake_apparmor_util \
@@ -123,6 +122,8 @@
 
cd parser && $(MAKE) \
DESTDIR=$(CURDIR)/debian/tmp \
+   SBINDIR=$(CURDIR)/debian/tmp/usr/sbin \
+   APPARMOR_BIN_PREFIX=$(CURDIR)/debian/tmp/usr/lib/apparmor \
install
 endif
 
@@ -148,9 +149,10 @@
# Changehat via libpam-apparmor
cd changehat/pam_apparmor && $(MAKE) \
DESTDIR=$(CURDIR)/debian/tmp \
+   SECDIR=$(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/security \
install
# Fix rpath in pam_apparmor.so
-   chrpath -d $(CURDIR)/debian/tmp/lib/security/pam_apparmor.so
+   chrpath -d 
$(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/security/pam_apparmor.so
 
# Profiles
# We'd like to keep site.local from being a conffile
@@ -192,4 +194,4 @@
done
dh_install
# Fix permissions so that aa-tear

Bug#1064126: Acknowledgement (libvirt: install NSS modules into /usr)

[Michael Biebl]

retitle 1064126 libvirt: install NSS modules and systemd units into /usr
thanks


I noticed that you manually move the systemd units to /lib/systemd via 
debian/rules. Those should be installed in /usr/lib/systemd as well.



I've updated the patch accordingly.


Regards,
Michael
diff -Nru libvirt-10.0.0/debian/changelog libvirt-10.0.0/debian/changelog
--- libvirt-10.0.0/debian/changelog 2024-02-04 10:54:58.0 +0100
+++ libvirt-10.0.0/debian/changelog 2024-02-17 13:54:36.0 +0100
@@ -1,3 +1,10 @@
+libvirt (10.0.0-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install NSS modules and systemd units into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 13:54:36 +0100
+
 libvirt (10.0.0-2) unstable; urgency=medium
 
   * [9a4ad47] patches: Add backport/scripts-Make-check-symfile[...]
diff -Nru libvirt-10.0.0/debian/libnss-libvirt.install 
libvirt-10.0.0/debian/libnss-libvirt.install
--- libvirt-10.0.0/debian/libnss-libvirt.install2024-02-04 
10:54:58.0 +0100
+++ libvirt-10.0.0/debian/libnss-libvirt.install2024-02-17 
13:54:36.0 +0100
@@ -1,2 +1,4 @@
 # the nss module (once enabled) will make apt call getdents (LP: #1732030)
 debian/apt/90libnss-libvirt etc/apt/apt.conf.d
+usr/lib/${DEB_HOST_MULTIARCH}/libnss_libvirt.so.2
+usr/lib/${DEB_HOST_MULTIARCH}/libnss_libvirt_guest.so.2
diff -Nru libvirt-10.0.0/debian/libvirt-daemon-system.install 
libvirt-10.0.0/debian/libvirt-daemon-system.install
--- libvirt-10.0.0/debian/libvirt-daemon-system.install 2024-02-04 
10:54:58.0 +0100
+++ libvirt-10.0.0/debian/libvirt-daemon-system.install 2024-02-17 
13:54:36.0 +0100
@@ -11,6 +11,20 @@
 usr/lib/firewalld/policies/libvirt-to-host.xml
 usr/lib/firewalld/zones/libvirt-routed.xml
 usr/lib/firewalld/zones/libvirt.xml
+usr/lib/systemd/system/libvirt-guests.service
+usr/lib/systemd/system/libvirtd-admin.socket
+usr/lib/systemd/system/libvirtd-ro.socket
+usr/lib/systemd/system/libvirtd-tcp.socket
+usr/lib/systemd/system/libvirtd-tls.socket
+usr/lib/systemd/system/libvirtd.service
+usr/lib/systemd/system/libvirtd.socket
+usr/lib/systemd/system/virt-guest-shutdown.target
+usr/lib/systemd/system/virtlockd-admin.socket
+usr/lib/systemd/system/virtlockd.service
+usr/lib/systemd/system/virtlockd.socket
+usr/lib/systemd/system/virtlogd-admin.socket
+usr/lib/systemd/system/virtlogd.service
+usr/lib/systemd/system/virtlogd.socket
 usr/share/polkit-1/actions/org.libvirt.api.policy
 usr/share/polkit-1/actions/org.libvirt.unix.policy
 usr/share/polkit-1/rules.d/60-libvirt.rules
diff -Nru libvirt-10.0.0/debian/rules libvirt-10.0.0/debian/rules
--- libvirt-10.0.0/debian/rules 2024-02-04 10:54:58.0 +0100
+++ libvirt-10.0.0/debian/rules 2024-02-17 13:54:36.0 +0100
@@ -249,11 +249,6 @@
 usr.sbin.libvirtd \
 $(NULL)
 
-NSS_PLUGINS = \
-libvirt \
-libvirt_guest \
-$(NULL)
-
 SYSTEMTAP_TAPSETS = \
 libvirt_functions \
 libvirt_probes \
@@ -268,7 +263,6 @@
 
 DEB_BUILDDIR := $(CURDIR)/debian/build
 DEB_DESTDIR := $(CURDIR)/debian/tmp
-SRV_MONOLITHIC = libvirt-guests virtlogd virtlockd libvirtd libvirtd-tcp 
libvirtd-tls virt-guest-shutdown
 # For split daemons later, as of 6.0 the remaining elments are
 #SRV_SPLIT = virtnwfilterd virtinterfaced virtlxcd virtnetworkd virtnodedevd 
virtproxyd virtqemud virtsecretd virtstoraged virtvboxd virtxend virtproxyd-tcp 
virtproxyd-tls
 
@@ -331,11 +325,6 @@
 execute_after_dh_install:
 ifeq ($(DEB_HOST_ARCH_OS), linux)
# Linux supports more nice things:
-   set -e; for f in $(SRV_MONOLITHIC); do \
-   dh_install -p libvirt-daemon-system \
-  usr/lib/systemd/system/$${f}* \
-  lib/systemd/system/; \
-   done
dh_install -p libvirt-daemon usr/lib/libvirt/virt-aa-helper
set -e; for f in $(APPARMOR_ABSTRACTIONS); do \
dh_install -p libvirt-daemon-system 
etc/apparmor.d/abstractions/$${f}; \
@@ -354,11 +343,6 @@
   usr/share/systemtap/tapset/$${f}.stp; \
done; \
fi
-   set -e; for f in $(NSS_PLUGINS); do \
-   dh_install -p libnss-libvirt \
-  usr/lib/$(DEB_HOST_MULTIARCH)/libnss_$${f}.so.2 \
-  lib/$(DEB_HOST_MULTIARCH)/; \
-   done
dh_install -p libvirt-clients usr/bin/virt-host-validate
dh_install -p libvirt-clients usr/share/man/man1/virt-host-validate.1
 endif


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064131: libnss-nisplus: install NSS module into /usr

[Michael Biebl]

Source: libnss-nisplus
Version: 1.3-4
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libnss-nisplus installs files into /lib; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libnss-nisplus-1.3/debian/changelog 
libnss-nisplus-1.3/debian/changelog
--- libnss-nisplus-1.3/debian/changelog 2020-10-18 10:56:30.0 +0200
+++ libnss-nisplus-1.3/debian/changelog 2024-02-17 15:56:05.0 +0100
@@ -1,3 +1,10 @@
+libnss-nisplus (1.3-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install NSS module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 15:56:05 +0100
+
 libnss-nisplus (1.3-4) unstable; urgency=medium
 
   * Add a build-depends on libnsl-dev. 
diff -Nru libnss-nisplus-1.3/debian/install libnss-nisplus-1.3/debian/install
--- libnss-nisplus-1.3/debian/install   2020-08-20 19:08:28.0 +0200
+++ libnss-nisplus-1.3/debian/install   2024-02-17 15:56:04.0 +0100
@@ -1 +1 @@
-usr/lib/${DEB_HOST_MULTIARCH}/libnss_nisplus.so.2* /lib/${DEB_HOST_MULTIARCH}
+usr/lib/${DEB_HOST_MULTIARCH}/libnss_nisplus.so.2*

Bug#1064130: libnss-nis: install NSS module into /usr

[Michael Biebl]

Source: libnss-nis
Version: 3.1-4
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libnss-nis installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libnss-nis-3.1/debian/changelog libnss-nis-3.1/debian/changelog
--- libnss-nis-3.1/debian/changelog 2020-10-18 10:48:47.0 +0200
+++ libnss-nis-3.1/debian/changelog 2024-02-17 15:51:43.0 +0100
@@ -1,3 +1,10 @@
+libnss-nis (3.1-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install NSS module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 15:51:43 +0100
+
 libnss-nis (3.1-4) unstable; urgency=medium
 
   * Add a build-depends on libnsl-dev.
diff -Nru libnss-nis-3.1/debian/install libnss-nis-3.1/debian/install
--- libnss-nis-3.1/debian/install   2020-08-20 19:09:05.0 +0200
+++ libnss-nis-3.1/debian/install   2024-02-17 15:51:41.0 +0100
@@ -1 +1 @@
-usr/lib/${DEB_HOST_MULTIARCH}/libnss_nis.so.2* /lib/${DEB_HOST_MULTIARCH}
+usr/lib/${DEB_HOST_MULTIARCH}/libnss_nis.so.2*

Bug#1064126: libvirt: install NSS modules into /usr

[Michael Biebl]

Source: libvirt
Version: 10.0.0-2
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libvirt installs files into /lib; these should be moved into the
respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libvirt-10.0.0/debian/changelog libvirt-10.0.0/debian/changelog
--- libvirt-10.0.0/debian/changelog 2024-02-04 10:54:58.0 +0100
+++ libvirt-10.0.0/debian/changelog 2024-02-17 13:54:36.0 +0100
@@ -1,3 +1,10 @@
+libvirt (10.0.0-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install NSS modules into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 13:54:36 +0100
+
 libvirt (10.0.0-2) unstable; urgency=medium
 
   * [9a4ad47] patches: Add backport/scripts-Make-check-symfile[...]
diff -Nru libvirt-10.0.0/debian/libnss-libvirt.install 
libvirt-10.0.0/debian/libnss-libvirt.install
--- libvirt-10.0.0/debian/libnss-libvirt.install2024-02-04 
10:54:58.0 +0100
+++ libvirt-10.0.0/debian/libnss-libvirt.install2024-02-17 
13:54:36.0 +0100
@@ -1,2 +1,4 @@
 # the nss module (once enabled) will make apt call getdents (LP: #1732030)
 debian/apt/90libnss-libvirt etc/apt/apt.conf.d
+usr/lib/${DEB_HOST_MULTIARCH}/libnss_libvirt.so.2
+usr/lib/${DEB_HOST_MULTIARCH}/libnss_libvirt_guest.so.2
diff -Nru libvirt-10.0.0/debian/rules libvirt-10.0.0/debian/rules
--- libvirt-10.0.0/debian/rules 2024-02-04 10:54:58.0 +0100
+++ libvirt-10.0.0/debian/rules 2024-02-17 13:53:46.0 +0100
@@ -249,11 +249,6 @@
 usr.sbin.libvirtd \
 $(NULL)
 
-NSS_PLUGINS = \
-libvirt \
-libvirt_guest \
-$(NULL)
-
 SYSTEMTAP_TAPSETS = \
 libvirt_functions \
 libvirt_probes \
@@ -354,11 +349,6 @@
   usr/share/systemtap/tapset/$${f}.stp; \
done; \
fi
-   set -e; for f in $(NSS_PLUGINS); do \
-   dh_install -p libnss-libvirt \
-  usr/lib/$(DEB_HOST_MULTIARCH)/libnss_$${f}.so.2 \
-  lib/$(DEB_HOST_MULTIARCH)/; \
-   done
dh_install -p libvirt-clients usr/bin/virt-host-validate
dh_install -p libvirt-clients usr/share/man/man1/virt-host-validate.1
 endif

Bug#1064125: libnss-pgsql: install NSS module into /usr

[Michael Biebl]

Source: libnss-pgsql
Version: 1.4.0debian-8
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libnss-pgsql installs files into /lib; these should be moved into
the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note 1: this change includes moving the .so into a multiarch path which
is recommended on Debian nowadays.

Note 2: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libnss-pgsql-1.4.0debian/debian/changelog 
libnss-pgsql-1.4.0debian/debian/changelog
--- libnss-pgsql-1.4.0debian/debian/changelog   2014-10-10 17:54:53.0 
+0200
+++ libnss-pgsql-1.4.0debian/debian/changelog   2024-02-17 13:43:18.0 
+0100
@@ -1,3 +1,10 @@
+libnss-pgsql (1.4.0debian-8.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install NSS module into multiarch path in /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 13:43:18 +0100
+
 libnss-pgsql (1.4.0debian-8) unstable; urgency=medium
 
   * debian/control: set myself as Maintainer because the team list does
diff -Nru libnss-pgsql-1.4.0debian/debian/libnss-pgsql2.dirs 
libnss-pgsql-1.4.0debian/debian/libnss-pgsql2.dirs
--- libnss-pgsql-1.4.0debian/debian/libnss-pgsql2.dirs  2014-10-10 
17:54:53.0 +0200
+++ libnss-pgsql-1.4.0debian/debian/libnss-pgsql2.dirs  1970-01-01 
01:00:00.0 +0100
@@ -1 +0,0 @@
-lib
diff -Nru libnss-pgsql-1.4.0debian/debian/rules 
libnss-pgsql-1.4.0debian/debian/rules
--- libnss-pgsql-1.4.0debian/debian/rules   2014-10-10 17:54:53.0 
+0200
+++ libnss-pgsql-1.4.0debian/debian/rules   2024-02-17 13:43:18.0 
+0100
@@ -1,10 +1,12 @@
 #!/usr/bin/make -f
 
+include /usr/share/dpkg/architecture.mk
+
 override_dh_auto_configure:
autoreconf -if
./configure \
--prefix=/usr \
-   --libdir=/lib \
+   --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
--with-docdir=\$${prefix}/share/doc/libnss-pgsql2 \
@@ -20,9 +22,9 @@
 
 override_dh_install:
$(MAKE) install DESTDIR=$(CURDIR)/debian/libnss-pgsql2
-   rm -f $(CURDIR)/debian/libnss-pgsql2/lib/libnss_pgsql.la \
- $(CURDIR)/debian/libnss-pgsql2/lib/libnss_pgsql.a \
- $(CURDIR)/debian/libnss-pgsql2/lib/libnss_pgsql.so
+   rm -f $(CURDIR)/debian/libnss-pgsql2/usr/lib/*/libnss_pgsql.la \
+ $(CURDIR)/debian/libnss-pgsql2/usr/lib/*/libnss_pgsql.a \
+ $(CURDIR)/debian/libnss-pgsql2/usr/lib/*/libnss_pgsql.so
 
 %:
dh $@ --with autotools_dev

Bug#1064124: libpam-x2go: install PAM module into /usr

[Michael Biebl]

Source: libpam-x2go
Version: 0.0.2.0-3
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libpam-x2go installs files into /lib; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to backport,
please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libpam-x2go-0.0.2.0/debian/changelog 
libpam-x2go-0.0.2.0/debian/changelog
--- libpam-x2go-0.0.2.0/debian/changelog2019-12-04 08:14:10.0 
+0100
+++ libpam-x2go-0.0.2.0/debian/changelog2024-02-17 13:32:37.0 
+0100
@@ -1,3 +1,10 @@
+libpam-x2go (0.0.2.0-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 13:32:37 +0100
+
 libpam-x2go (0.0.2.0-3) unstable; urgency=medium
 
   [ Mike Gabriel ]
diff -Nru libpam-x2go-0.0.2.0/debian/libpam-x2go.install 
libpam-x2go-0.0.2.0/debian/libpam-x2go.install
--- libpam-x2go-0.0.2.0/debian/libpam-x2go.install  2018-05-07 
15:16:11.0 +0200
+++ libpam-x2go-0.0.2.0/debian/libpam-x2go.install  2024-02-17 
13:32:35.0 +0100
@@ -1,2 +1 @@
-lib/
 usr/lib/
diff -Nru libpam-x2go-0.0.2.0/debian/patches/pammoddir.patch 
libpam-x2go-0.0.2.0/debian/patches/pammoddir.patch
--- libpam-x2go-0.0.2.0/debian/patches/pammoddir.patch  1970-01-01 
01:00:00.0 +0100
+++ libpam-x2go-0.0.2.0/debian/patches/pammoddir.patch  2024-02-17 
13:32:37.0 +0100
@@ -0,0 +1,13 @@
+Index: libpam-x2go-0.0.2.0/configure.ac
+===
+--- libpam-x2go-0.0.2.0.orig/configure.ac  2018-05-07 15:10:42.0 
+0200
 libpam-x2go-0.0.2.0/configure.ac   2024-02-17 13:32:14.447579799 +0100
+@@ -32,7 +32,7 @@
+ # PAM Module dir
+ ###
+ 
+-PAMMODULEDIR="/lib/security"
++PAMMODULEDIR="/usr/lib/security"
+ AC_SUBST(PAMMODULEDIR)
+ 
+ ###
diff -Nru libpam-x2go-0.0.2.0/debian/patches/series 
libpam-x2go-0.0.2.0/debian/patches/series
--- libpam-x2go-0.0.2.0/debian/patches/series   2019-12-04 08:09:11.0 
+0100
+++ libpam-x2go-0.0.2.0/debian/patches/series   2024-02-17 13:32:02.0 
+0100
@@ -1 +1,2 @@
 1001_dont_abuse_AC_CHECK_FILES.patch
+pammoddir.patch
diff -Nru libpam-x2go-0.0.2.0/debian/rules libpam-x2go-0.0.2.0/debian/rules
--- libpam-x2go-0.0.2.0/debian/rules2018-05-09 00:12:37.0 +0200
+++ libpam-x2go-0.0.2.0/debian/rules2024-02-17 13:32:30.0 +0100
@@ -17,9 +17,9 @@
 cleanbuilddir::
rm -f README
 
-# Remove .a and .la files from /lib/security
+# Remove .a and .la files from /usr/lib/security
 remove-cruft::
-   find $(DEB_DESTDIR)/lib/security -type f \
+   find $(DEB_DESTDIR)/usr/lib/security -type f \
\( -name '*.a' -o -name '*.la' \) \
-exec rm '{}' +
 

Bug#1064122: libpam-freerdp2: install PAM module into /usr

[Michael Biebl]

Source: libpam-freerdp2
Version: 2.0.0-3
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libpam-freerdp2 installs files into /lib; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to backport,
please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libpam-freerdp2-2.0.0/debian/changelog 
libpam-freerdp2-2.0.0/debian/changelog
--- libpam-freerdp2-2.0.0/debian/changelog  2019-12-04 08:45:58.0 
+0100
+++ libpam-freerdp2-2.0.0/debian/changelog  2024-02-17 13:27:25.0 
+0100
@@ -1,3 +1,10 @@
+libpam-freerdp2 (2.0.0-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 13:27:25 +0100
+
 libpam-freerdp2 (2.0.0-3) unstable; urgency=medium
 
   [ Mike Gabriel ]
diff -Nru libpam-freerdp2-2.0.0/debian/libpam-freerdp2.install 
libpam-freerdp2-2.0.0/debian/libpam-freerdp2.install
--- libpam-freerdp2-2.0.0/debian/libpam-freerdp2.install2018-05-08 
13:06:56.0 +0200
+++ libpam-freerdp2-2.0.0/debian/libpam-freerdp2.install2024-02-17 
13:27:25.0 +0100
@@ -1,2 +1 @@
-lib/
 usr/lib/
diff -Nru libpam-freerdp2-2.0.0/debian/patches/pammoddir.patch 
libpam-freerdp2-2.0.0/debian/patches/pammoddir.patch
--- libpam-freerdp2-2.0.0/debian/patches/pammoddir.patch1970-01-01 
01:00:00.0 +0100
+++ libpam-freerdp2-2.0.0/debian/patches/pammoddir.patch2024-02-17 
13:27:05.0 +0100
@@ -0,0 +1,13 @@
+Index: libpam-freerdp2-2.0.0/configure.ac
+===
+--- libpam-freerdp2-2.0.0.orig/configure.ac2018-05-07 15:46:46.0 
+0200
 libpam-freerdp2-2.0.0/configure.ac 2024-02-17 13:27:01.065645905 +0100
+@@ -33,7 +33,7 @@
+ # PAM Module dir
+ ###
+ 
+-PAMMODULEDIR="/lib/security"
++PAMMODULEDIR="/usr/lib/security"
+ AC_SUBST(PAMMODULEDIR)
+ 
+ ###
diff -Nru libpam-freerdp2-2.0.0/debian/patches/series 
libpam-freerdp2-2.0.0/debian/patches/series
--- libpam-freerdp2-2.0.0/debian/patches/series 2019-12-04 08:09:11.0 
+0100
+++ libpam-freerdp2-2.0.0/debian/patches/series 2024-02-17 13:26:44.0 
+0100
@@ -1 +1,2 @@
 1001_dont_abuse_AC_CHECK_FILES.patch
+pammoddir.patch
diff -Nru libpam-freerdp2-2.0.0/debian/rules libpam-freerdp2-2.0.0/debian/rules
--- libpam-freerdp2-2.0.0/debian/rules  2018-05-08 13:06:56.0 +0200
+++ libpam-freerdp2-2.0.0/debian/rules  2024-02-17 13:27:23.0 +0100
@@ -17,9 +17,9 @@
 cleanbuilddir::
rm -f README
 
-# Remove .a and .la files from /lib/security
+# Remove .a and .la files from /us/lib/security
 remove-cruft::
-   find $(DEB_DESTDIR)/lib/security -type f \
+   find $(DEB_DESTDIR)/usr/lib/security -type f \
\( -name '*.a' -o -name '*.la' \) \
-exec rm '{}' +
 

Bug#1064121: yubico-pam: install PAM module into /usr

[Michael Biebl]

Source: yubico-pam
Version: 2.26-1.1
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. yubico-pam installs files into /lib; these should be moved into the
respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note 1: this change includes moving the .so into a multiarch path which
is recommended on Debian nowadays.

Note 2: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru yubico-pam-2.26/debian/changelog yubico-pam-2.26/debian/changelog
--- yubico-pam-2.26/debian/changelog2020-05-29 16:37:57.0 +0200
+++ yubico-pam-2.26/debian/changelog2024-02-17 13:14:52.0 +0100
@@ -1,3 +1,10 @@
+yubico-pam (2.26-1.2) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into multiarch path in /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 13:14:52 +0100
+
 yubico-pam (2.26-1.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru yubico-pam-2.26/debian/rules yubico-pam-2.26/debian/rules
--- yubico-pam-2.26/debian/rules2018-08-04 08:50:40.0 +0200
+++ yubico-pam-2.26/debian/rules2024-02-17 13:14:52.0 +0100
@@ -1,5 +1,7 @@
 #!/usr/bin/make -f
 
+include /usr/share/dpkg/architecture.mk
+
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
 %:
@@ -7,14 +9,14 @@
 
 override_dh_auto_configure:
dh_auto_configure -- \
-   --with-pam-dir=$(DESTDIR)/lib/security \
+   --with-pam-dir=/usr/lib/$(DEB_HOST_MULTIARCH)/security \
--includedir=/usr/include/libpam-yubico
 
 override_dh_install:
install -D -m 0644 debian/pam-auth-update \

debian/libpam-yubico/usr/share/libpam-yubico/pam-auth-update.template
chrpath -d debian/libpam-yubico/usr/bin/ykpamcfg
-   chrpath -d debian/libpam-yubico/lib/security/pam_yubico.so
-   rm debian/libpam-yubico/lib/security/pam_yubico.la
+   chrpath -d debian/libpam-yubico/usr/lib/*/security/pam_yubico.so
+   rm debian/libpam-yubico/usr/lib/*/security/pam_yubico.la
rm -rf debian/libpam-yubico/usr/include
dh_install --fail-missing

Bug#1064109: slurm-wlm: install PAM modules into /usr

[Michael Biebl]

Source: slurm-wlm
Version: 23.11.3-2
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. slurm-wlm installs files into /lib; these should be moved into the
respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note 1: this change includes moving the .so into a multiarch path which
is recommended on Debian nowadays.

Note 2: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

Note 3: this change also drops the libpam dev packages as they appear to
be unnecessary. Instead the .la/.a files are listed as not-installed.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff --git a/debian/changelog b/debian/changelog
index f8262c05..9206ce5d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+slurm-wlm (23.11.3-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop libpam dev packages.
+PAM modules are shared libraries that are loaded by the PAM stack. They
+do not have an public API which would warrant a -dev package.
+  * Install PAM modules into multiarch path in /usr. (Closes: #-1)
+
+ -- Michael Biebl   Sat, 17 Feb 2024 12:49:38 +0100
+
 slurm-wlm (23.11.3-2) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/control b/debian/control
index 62482dce..f6de02f6 100644
--- a/debian/control
+++ b/debian/control
@@ -654,21 +654,6 @@ Description: PAM module to authenticate using the Slurm 
resource manager
  restricted to user root and users who have been allocated resources on
  that node.
 
-Package: libpam-slurm-dev
-Architecture: any
-Pre-Depends: ${misc:Pre-Depends}
-Depends:
- ${shlibs:Depends},
- ${misc:Depends}
-Description: Slurm PAM module development files
- The Slurm Workload Manager is an open-source cluster resource management and
- job scheduling system that strives to be simple, scalable, portable,
- fault-tolerant, and interconnect agnostic.
- Pluggable Authentication Module (PAM) for restricting access to compute
- nodes where Slurm performs resource management. Access to the node is
- restricted to user root and users who have been allocated resources on
- This package contains development files for the Slurm pam module
-
 Package: libpam-slurm-adopt
 Architecture: any
 Pre-Depends: ${misc:Pre-Depends}
@@ -685,23 +670,6 @@ Description: PAM module to authenticate users running a 
Slurm job and track thei
  step of the job so that processes spawned are tracked and Slurm can
  perform a complete cleanup when the job is completed.
 
-Package: libpam-slurm-adopt-dev
-Architecture: any
-Pre-Depends: ${misc:Pre-Depends}
-Depends:
- ${shlibs:Depends},
- ${misc:Depends}
-Description: Slurm adopt PAM module development files
- The Slurm Workload Manager is an open-source cluster resource management and
- job scheduling system that strives to be simple, scalable, portable,
- fault-tolerant, and interconnect agnostic.
- Pluggable Authentication Module (PAM) for restricting access to compute
- nodes where Slurm performs resource management to users who have a
- running job. The user's connection is "adopted" into the "external"
- step of the job so that processes spawned are tracked and Slurm can
- perform a complete cleanup when the job is completed.
- This package contains development files for the Slurm adopt pam module
-
 Package: slurm-wlm-emulator
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends},
diff --git a/debian/libpam-slurm-adopt-dev.install 
b/debian/libpam-slurm-adopt-dev.install
deleted file mode 100644
index 25bd6cc4..
--- a/debian/libpam-slurm-adopt-dev.install
+++ /dev/null
@@ -1,2 +0,0 @@
-lib/security/pam_slurm_adopt.a
-lib/security/pam_slurm_adopt.la
diff --git a/debian/libpam-slurm-adopt.install 
b/debian/libpam-slurm-adopt.install
index ee78e99c..c3f95b7b 100644
--- a/debian/libpam-slurm-adopt.install
+++ b/debian/libpam-slurm-adopt.install
@@ -1,2 +1,2 @@
-lib/security/pam_slurm_adopt.so
+usr/lib/*/security/pam_slurm_adopt.so
 debian/pam-configs/slurm-adopt usr/share/pam-configs/
diff --git a/debian/libpam-slurm-dev.install b/debian/libpam-slurm-dev.install
deleted file mode 100644
index 524f2623..
--- a/debian/libpam-slurm-dev.install
+++ /dev/null
@@ -1,2 +0,0 @@
-lib/security/pam_slurm.a
-lib/security/pam_slurm.la
diff --git a/debian/libpam-slurm.install b/debian/libpam-slurm.install
index 60be2be0..4b51d83c 100644
--- a/debian/libpam-slurm.install
+++ b/debian/libpam-slurm.install
@@ -1,2 +1,2 @@
-lib/security/pam_slurm.so
+usr/lib/*/security/pam_slurm.so
 debian/pam-configs/slurm usr/share/pam-configs/
diff --git a/debian/not-installed b/debian/not-installed
inde

Bug#1064106: RM: libpam-tacplus -- RoQA; unmaintained, low popcon

[Michael Biebl]

Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: libpam-tacp...@packages.debian.org
Control: affects -1 + src:libpam-tacplus
User: ftp.debian@packages.debian.org
Usertags: remove

Hi,

libpam-tacplus turned up as one of the packages needing updates for
usrmerge.
While looking at the package, it appears to be unmaintained in Debian
- Last maintainer upload 10 years ago
- Lags behind upstream several releases
- Open CVE issue
- Not in testing for 3 years

It seems that nobody is really interested in the package and due to
its low popcon numbers I would recommend to remove the package from the
archive.

Regards,
Michael

Bug#1064043: closed by Michael Biebl (Re: Bug#1064043: systemd: /etc/fstab x-systemd.automount mount points, x-systemd.idle-timeout changes not effective)

[Michael Biebl]

Am 16.02.24 um 12:51 schrieb David Sauvage - AdaLabs Ltd:


the changes are not applied even after restarting the mount unit 
mnt-resource.mount. (when already mounted or not)




Have you restarted the corresponding mnt-resource.automount unit as well?





OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1064046: pam-python: install PAM module into /usr

[Michael Biebl]

Source: pam-python
Version: 1.1.0~git20220701.1d4e111-0.5
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. pam-python installs files into /lib; these should be moved into the
respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note 1: this change includes moving the .so into a multiarch path which
is recommended on Debian nowadays.

Note 2: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru pam-python-1.1.0~git20220701.1d4e111/debian/changelog 
pam-python-1.1.0~git20220701.1d4e111/debian/changelog
--- pam-python-1.1.0~git20220701.1d4e111/debian/changelog   2024-02-07 
08:07:10.0 +0100
+++ pam-python-1.1.0~git20220701.1d4e111/debian/changelog   2024-02-16 
11:55:28.0 +0100
@@ -1,3 +1,10 @@
+pam-python (1.1.0~git20220701.1d4e111-0.6) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into multiarch path in /usr. (Closes: #-1)
+
+ -- Michael Biebl   Fri, 16 Feb 2024 11:55:28 +0100
+
 pam-python (1.1.0~git20220701.1d4e111-0.5) unstable; urgency=medium
 
   * debian/patches:
diff -Nru pam-python-1.1.0~git20220701.1d4e111/debian/libpam-python.install 
pam-python-1.1.0~git20220701.1d4e111/debian/libpam-python.install
--- pam-python-1.1.0~git20220701.1d4e111/debian/libpam-python.install   
2022-10-23 01:00:22.0 +0200
+++ pam-python-1.1.0~git20220701.1d4e111/debian/libpam-python.install   
2024-02-16 11:55:28.0 +0100
@@ -1 +1 @@
-lib/security/pam_python.so
+usr/lib/*/security/pam_python.so
diff -Nru pam-python-1.1.0~git20220701.1d4e111/debian/rules 
pam-python-1.1.0~git20220701.1d4e111/debian/rules
--- pam-python-1.1.0~git20220701.1d4e111/debian/rules   2022-10-23 
00:56:15.0 +0200
+++ pam-python-1.1.0~git20220701.1d4e111/debian/rules   2024-02-16 
11:55:28.0 +0100
@@ -4,6 +4,10 @@
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
+include /usr/share/dpkg/architecture.mk
+
+export LIBDIR = /usr/lib/$(DEB_HOST_MULTIARCH)/security
+
 %:
dh $@ --with python3 --system=pybuild
 

Bug#1064045: pam-pgsql: install PAM module into /usr

[Michael Biebl]

Source: pam-pgsql
Version: 0.7.3.2-1
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. pam-pgsql installs files into /lib; these should be moved into the
respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note 1: this change includes moving the .so into a multiarch path which
is recommended on Debian nowadays.

Note 2: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru pam-pgsql-0.7.3.2/debian/changelog pam-pgsql-0.7.3.2/debian/changelog
--- pam-pgsql-0.7.3.2/debian/changelog  2014-10-06 22:51:38.0 +0200
+++ pam-pgsql-0.7.3.2/debian/changelog  2024-02-16 11:46:48.0 +0100
@@ -1,3 +1,10 @@
+pam-pgsql (0.7.3.2-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into multiarch path in /usr. (Closes: #-1)
+
+ -- Michael Biebl   Fri, 16 Feb 2024 11:46:48 +0100
+
 pam-pgsql (0.7.3.2-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru pam-pgsql-0.7.3.2/debian/rules pam-pgsql-0.7.3.2/debian/rules
--- pam-pgsql-0.7.3.2/debian/rules  2014-10-06 22:51:38.0 +0200
+++ pam-pgsql-0.7.3.2/debian/rules  2024-02-16 11:46:45.0 +0100
@@ -1,6 +1,8 @@
 #!/usr/bin/make -f
 # -- Rules to build libpam-pgsql package
 
+include /usr/share/dpkg/architecture.mk
+
 ## globals
 PACKAGE=libpam-pgsql
 DESTDIR=$(CURDIR)/debian/${PACKAGE}
@@ -8,7 +10,7 @@
 override_dh_auto_configure:
autoreconf -vfi
# Build the module
-   ./configure $(shell dpkg-buildflags --export=configure) 
--docdir=/usr/share/doc/libpam-pgsql --libdir=/lib \
+   ./configure $(shell dpkg-buildflags --export=configure) 
--docdir=/usr/share/doc/libpam-pgsql --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
 --enable-shared
 
 override_dh_auto_install:
@@ -16,7 +18,7 @@
$(MAKE) DESTDIR=${DESTDIR} install
rm -f ${DESTDIR}/usr/share/doc/libpam-pgsql/CHANGELOG \
 ${DESTDIR}/usr/share/doc/libpam-pgsql/sample.sql \
-${DESTDIR}/lib/security/pam_pgsql.la
+${DESTDIR}/usr/lib/$(DEB_HOST_MULTIARCH)/security/pam_pgsql.la
 
 override_dh_makeshlibs:
dh_makeshlibs --noscripts

Bug#1063880: ITP: tmpwatch -- tmpwatch is a utility searches for files not accessed in a specific time and deletes them

[Michael Biebl]

Am 13.02.2024 um 23:21 schrieb Peter Hyman:

- how do you plan to maintain it?
tmpwatch has not had any activity for over 5 years. Originally written by
Erik Troan , Preston Brown , Mike A. 
Harris

, Miloslav Trmač ,
development has been discontinued, as systemd-tmpfiles already 
implements this kind of functionality.


We also already have tmpreaper in the archive which basically does the 
same thing as tmpwatch.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1063622: otpw: install PAM module into /usr

[Michael Biebl]

Source: otpw
Version: 1.5-2
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. otpw installs files into /lib these should be moved into the
respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note 1: this change includes moving the .so into a multiarch path which
is recommended on Debian nowadays.

Note 2: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru otpw-1.5/debian/changelog otpw-1.5/debian/changelog
--- otpw-1.5/debian/changelog   2019-01-05 18:22:19.0 +0100
+++ otpw-1.5/debian/changelog   2024-02-09 23:08:08.0 +0100
@@ -1,3 +1,11 @@
+otpw (1.5-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+  * Use Multi-Arch paths.
+
+ -- Michael Biebl   Fri, 09 Feb 2024 23:08:08 +0100
+
 otpw (1.5-2) sid; urgency=medium
 
   * debian/control: use dh 11
diff -Nru otpw-1.5/debian/libpam-otpw.install 
otpw-1.5/debian/libpam-otpw.install
--- otpw-1.5/debian/libpam-otpw.install 2017-06-04 13:54:48.0 +0200
+++ otpw-1.5/debian/libpam-otpw.install 2024-02-09 23:05:29.0 +0100
@@ -1 +1 @@
-/lib/security
+usr/lib/*/security
diff -Nru otpw-1.5/debian/rules otpw-1.5/debian/rules
--- otpw-1.5/debian/rules   2018-12-14 19:43:21.0 +0100
+++ otpw-1.5/debian/rules   2024-02-09 23:07:29.0 +0100
@@ -6,6 +6,8 @@
 # dh-make output file, you may use that output file without restriction.
 # This special exception was added by Craig Small in version 0.37 of dh-make.
 
+include /usr/share/dpkg/architecture.mk
+
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
@@ -52,8 +54,8 @@
mkdir -p debian/tmp
install -d debian/tmp/usr/bin
install otpw-gen debian/tmp/usr/bin
-   install -d debian/tmp/lib/security
-   install pam_otpw.so debian/tmp/lib/security
+   install -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/security
+   install pam_otpw.so debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/security
install -d debian/tmp/usr/include
install -m644 otpw.h debian/tmp/usr/include
install -d debian/tmp/usr/lib

Bug#1063620: ukui-biometric-auth: install PAM module into /usr

[Michael Biebl]

Source: ukui-biometric-auth
Version: 1.2.2.1-2
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. ukui-biometric-auth installs files into /lib these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.
Note 1: this change includes moving the .so into a multiarch path which
is recommended on Debian nowadays.

Note 2: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru ukui-biometric-auth-1.2.2.1/debian/changelog 
ukui-biometric-auth-1.2.2.1/debian/changelog
--- ukui-biometric-auth-1.2.2.1/debian/changelog2023-08-21 
07:47:48.0 +0200
+++ ukui-biometric-auth-1.2.2.1/debian/changelog2024-02-09 
21:58:37.0 +0100
@@ -1,3 +1,11 @@
+ukui-biometric-auth (1.2.2.1-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+  * Bump debhelper-compat to 13 to get variable expansion in .install files.
+
+ -- Michael Biebl   Fri, 09 Feb 2024 21:58:37 +0100
+
 ukui-biometric-auth (1.2.2.1-2) unstable; urgency=medium
 
   * d/control: drop policykit-1, add pkexec. (Closes: #1025633)
diff -Nru ukui-biometric-auth-1.2.2.1/debian/control 
ukui-biometric-auth-1.2.2.1/debian/control
--- ukui-biometric-auth-1.2.2.1/debian/control  2023-08-21 07:47:48.0 
+0200
+++ ukui-biometric-auth-1.2.2.1/debian/control  2024-02-09 21:58:37.0 
+0100
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Kylin Team 
 Uploaders: handsome_feng 
-Build-Depends: debhelper-compat (= 12),
+Build-Depends: debhelper-compat (= 13),
cmake (>= 2.6),
qtbase5-dev,
libpam-dev,
diff -Nru ukui-biometric-auth-1.2.2.1/debian/libpam-biometric.install 
ukui-biometric-auth-1.2.2.1/debian/libpam-biometric.install
--- ukui-biometric-auth-1.2.2.1/debian/libpam-biometric.install 2021-06-22 
11:24:29.0 +0200
+++ ukui-biometric-auth-1.2.2.1/debian/libpam-biometric.install 2024-02-09 
21:58:37.0 +0100
@@ -1,5 +1,5 @@
 /etc/biometric-auth/ukui-biometric.conf
-/lib/security/*
+/lib/security/* usr/lib/${DEB_HOST_MULTIARCH}/security/
 /usr/bin/*
 /usr/share/pam-configs/*
 /usr/share/polkit-1/actions/*.policy

Bug#1063151: igb: unpredictable interface names for four port nic

[Michael Biebl]

On Tue, 06 Feb 2024 17:27:24 +0100 Valentin  wrote:

>   eth0: Policy *slot* yields "ens6f0".
>   eth0: Could not set AlternativeName= or apply AlternativeNamesPolicy=,
> ignoring: File exists eth0:
> /usr/lib/udev/rules.d/80-net-setup-link.rules:11 NAME 'ens6f0' eth0:
> /usr/lib/udev/rules.d/99-systemd.rules:68 RUN '/lib/systemd/systemd-sysctl
> --prefix=/net/ipv4/conf/$name --prefix=/net/ipv4/neigh/$name
> --prefix=/net/ipv6/conf/$name --prefix=/net/ipv6/neigh/$name' eth0:
> sd-device: Created db file '/run/udev/data/n69' for
> '/devices/pci:00/:00:1c.0/:01:00.0/net/eth0' ens6f0: Failed to
> rename network interface 69 from 'eth0' to 'ens6f0': File exists

It looks like your BIOS is reporting the same PCIe Slot for both your igb and 
Broadcom network cards.

I assume one of your Broadcom network interfaces is already named ens6f0.

In fact., this might be a BIOS issue...
whats the output of `sudo dmidecode -t9`?

Best solution for you is probably to set all or some network interface names 
manually, see https://wiki.debian.org/

NetworkInterfaceNames#CUSTOM_SCHEMES_USING_.LINK_FILES


Yes, I think Valentin is correct in his analysis.
This looks like a BIOS issue which you might want to report to your vendor.

I would follow Valentin's advice and use cutom link files that e.g. 
determine the names based on the MAC address.


Afaics, there is nothing actionable on the udev side here, which is why 
I'm inclined to close the bug report.


Michael



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1063147: 'telinit u' infinitely re-exec's itself inside containers

[Michael Biebl]

Control: forwarded -1 https://github.com/systemd/systemd/issues/31220

Am 05.02.2024 um 12:45 schrieb Daniel P. Berrangé:

The simple solution appears to be to just remove the '-Dtelinit-path'
option from debian/rules, and leave it on systemd's built-in defaults.
The binary at this default path won't exist, and thus on a non-systemd
execution environment 'telinit u' will simply exit with an error:

   # telinit u
   Couldn't find an alternative telinit implementation to spawn.

which is a sensible behaviour and what has happened in containers with
Debian until recent Sid.  Other distros (eg Fedora) leave the telinit
binary on systemd's default (non-existant) path too.

Possibly the upstream systemctl.c code should be made to protect itself
against such a mis-configuration by setting an env variable it can look
at to detect re-exec of itself.



I've forwarded this upstream since I think systemd should behave better 
in this case. E.g. it could check if /sbin/telinit is a symlink on 
itself and in this case do not re-exec unless sd_booted is true.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1063053: [Pkg-utopia-maintainers] Bug#1063053: Bug#1063053: volume-key: NMU diff for 64-bit time_t transition

[Michael Biebl]

Am 05.02.24 um 11:29 schrieb Michael Biebl:

Am 04.02.24 um 19:31 schrieb Steve Langasek:

Source: volume-key
Version: 0.3.12-5
Severity: serious
Tags: patch pending sid trixie
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t

NOTICE: these changes must not be uploaded to unstable yet!

Dear maintainer,

As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
volume-key as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).

To ensure that inconsistent combinations of libraries with their
reverse-dependencies are never installed together, it is necessary to
have a library transition, which is most easily done by renaming the
runtime library package.

Since turning on 64-bit time_t is being handled centrally through a 
change

to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is
important that libraries affected by this ABI change all be uploaded 
close

together in time.  Therefore I have prepared a 0-day NMU for volume-key
which will initially be uploaded to experimental if possible, then to
unstable after packages have cleared binary NEW.

Please find the patch for this NMU attached.

If you have any concerns about this patch, please reach out ASAP.  
Although
this package will be uploaded to experimental immediately, there will 
be a
period of several days before we begin uploads to unstable; so if 
information
becomes available that your package should not be included in the 
transition,

there is time for us to amend the planned uploads.



This also looks like a false positive.
volume-key uses time_t internally at

https://salsa.debian.org/utopia-team/volume-key/-/blob/debian/sid/lib/kmip.c?ref_type=heads#L2132-2154

This is not exposed in the ABI though or am I misunderstanding the 
changes introduced by the time-t transition ?


Please put a hold on the upload until this has been investigated properly.

Thanks.



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1062484: [Pkg-utopia-maintainers] Bug#1062484: Bug#1062484: libnma: NMU diff for 64-bit time_t transition

[Michael Biebl]

Am 02.02.24 um 08:45 schrieb Steve Langasek:

Hi Michael,

On Thu, Feb 01, 2024 at 06:34:13PM +0100, Michael Biebl wrote:

Am 01.02.24 um 18:00 schrieb Steve Langasek:

Source: libnma
Version: 1.10.6-2
Severity: serious
Tags: patch pending
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t

Dear maintainer,

As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
libnma as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).



I would like to avoid an unnecessary package rename.
Can you point me to the place where time_t is exposed in the ABI?


Well I have a post to debian-devel-announce today which would've provided
more pointers to this sort of thing, but unfortunately lists.debian.org no
longer appears to reliably let mail through from Debian Developers (despite
having valid signatures with both dkim and PGP).

libnma falls into the bucket of packages that we weren't able to analyze, so
we assume out of an abundance of caution that it is ABI-breaking and should
be renamed:

   
https://adrien.dcln.fr/misc/armhf-time_t/2024-02-01T09%3A53%3A00/logs/libnma-headers/base/log.txt

If you feel strongly that the package should not be renamed, patches to
https://salsa.debian.org/vorlon/armhf-time_t/-/blob/main/check-armhf-time_t?ref_type=heads
are very welcome to make it possible to compile the headers for analysis and
confirm that the library's ABI is not affected by time_t.

 From the log it looks like this is a missing gtk include, which can easily
be fixed either in the upstream source or by adding an appropriate quirk to
the above script.

We will happily rerun abi-compliance-checker to confirm the ABI status if
this is fixed.


Please put a hold on the upload until this has been investigated properly.

Thanks.



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1063053: [Pkg-utopia-maintainers] Bug#1063053: volume-key: NMU diff for 64-bit time_t transition

[Michael Biebl]

Am 04.02.24 um 19:31 schrieb Steve Langasek:

Source: volume-key
Version: 0.3.12-5
Severity: serious
Tags: patch pending sid trixie
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t

NOTICE: these changes must not be uploaded to unstable yet!

Dear maintainer,

As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
volume-key as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).

To ensure that inconsistent combinations of libraries with their
reverse-dependencies are never installed together, it is necessary to
have a library transition, which is most easily done by renaming the
runtime library package.

Since turning on 64-bit time_t is being handled centrally through a change
to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is
important that libraries affected by this ABI change all be uploaded close
together in time.  Therefore I have prepared a 0-day NMU for volume-key
which will initially be uploaded to experimental if possible, then to
unstable after packages have cleared binary NEW.

Please find the patch for this NMU attached.

If you have any concerns about this patch, please reach out ASAP.  Although
this package will be uploaded to experimental immediately, there will be a
period of several days before we begin uploads to unstable; so if information
becomes available that your package should not be included in the transition,
there is time for us to amend the planned uploads.



This also looks like a false positive.
volume-key uses time_t internally at

https://salsa.debian.org/utopia-team/volume-key/-/blob/debian/sid/lib/kmip.c?ref_type=heads#L2132-2154

This is not exposed in the ABI though or am I misunderstanding the 
changes introduced by the time-t transition ?




OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1062484: [Pkg-utopia-maintainers] Bug#1062484: libnma: NMU diff for 64-bit time_t transition

[Michael Biebl]

Am 01.02.24 um 18:00 schrieb Steve Langasek:

Source: libnma
Version: 1.10.6-2
Severity: serious
Tags: patch pending
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t

Dear maintainer,

As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
libnma as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).


I would like to avoid an unnecessary package rename.
Can you point me to the place where time_t is exposed in the ABI?

Michael



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1061960: systemd-binfmt.service should get started when something gets added into a previously empty /usr/lib/binfmt.d

[Michael Biebl]

Am 30.01.24 um 14:49 schrieb Johannes Schauer Marin Rodrigues:


Starting or restarting makes it work as tested by Jochen Sprickerhof


The current file trigger uses try-restart:
https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.postinst?ref_type=heads#L16

I think replacing that with restart should be the most straight forward fix.

systemd-binfmt is not a long running service which might have been 
stopped by the administrator and where we need to respect that and not 
accidentally start it.


Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1061867: pam-session-timelimit: install PAM module into /usr

[Michael Biebl]

Source: pam-session-timelimit
Version: 0.7-1
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. pam-session-timelimit installs files into /lib; these should be
moved into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru pam-session-timelimit-0.7/debian/changelog 
pam-session-timelimit-0.7/debian/changelog
--- pam-session-timelimit-0.7/debian/changelog  2023-04-17 05:39:35.0 
+0200
+++ pam-session-timelimit-0.7/debian/changelog  2024-01-29 22:43:26.0 
+0100
@@ -1,3 +1,10 @@
+pam-session-timelimit (0.7-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Mon, 29 Jan 2024 22:43:26 +0100
+
 pam-session-timelimit (0.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru pam-session-timelimit-0.7/debian/rules 
pam-session-timelimit-0.7/debian/rules
--- pam-session-timelimit-0.7/debian/rules  2023-04-17 05:38:12.0 
+0200
+++ pam-session-timelimit-0.7/debian/rules  2024-01-29 22:43:19.0 
+0100
@@ -6,7 +6,7 @@
dh $@
 
 override_dh_auto_configure:
-   dh_auto_configure -- --prefix=/ --mandir=/usr/share/man
+   dh_auto_configure -- --prefix=/usr --mandir=/usr/share/man
 
 override_dh_install:
find debian -name '*.la' | xargs rm -v

Bug#1061865: oddjob: install PAM module into /usr

[Michael Biebl]

Source: oddjob
Version: 0.34.7-2
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. oddjob installs files into /lib; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru oddjob-0.34.7/debian/changelog oddjob-0.34.7/debian/changelog
--- oddjob-0.34.7/debian/changelog  2023-11-16 12:29:36.0 +0100
+++ oddjob-0.34.7/debian/changelog  2024-01-29 22:36:03.0 +0100
@@ -1,3 +1,10 @@
+oddjob (0.34.7-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Mon, 29 Jan 2024 22:36:03 +0100
+
 oddjob (0.34.7-2) unstable; urgency=medium
 
   [ Debian Janitor ]
diff -Nru oddjob-0.34.7/debian/oddjob-mkhomedir.install 
oddjob-0.34.7/debian/oddjob-mkhomedir.install
--- oddjob-0.34.7/debian/oddjob-mkhomedir.install   2021-01-07 
07:56:06.0 +0100
+++ oddjob-0.34.7/debian/oddjob-mkhomedir.install   2024-01-29 
22:36:03.0 +0100
@@ -1,6 +1,6 @@
 etc/dbus-1/system.d/oddjob-mkhomedir.conf
 etc/oddjobd.conf.d/oddjobd-mkhomedir.conf
-lib/*/security/pam_oddjob_mkhomedir.so
+usr/lib/*/security/pam_oddjob_mkhomedir.so
 usr/libexec/oddjob/mkhomedir
 usr/share/man/man5/oddjob-mkhomedir.conf.5
 usr/share/man/man5/oddjobd-mkhomedir.conf.5
diff -Nru oddjob-0.34.7/debian/rules oddjob-0.34.7/debian/rules
--- oddjob-0.34.7/debian/rules  2023-11-16 12:29:36.0 +0100
+++ oddjob-0.34.7/debian/rules  2024-01-29 22:35:55.0 +0100
@@ -25,9 +25,5 @@
 override_dh_install:
# purge .la files
find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \;
-   # move pam module to correct location
-   mkdir -p $(CURDIR)/debian/tmp/lib/${DEB_HOST_MULTIARCH}
-   mv $(CURDIR)/debian/tmp/usr/lib/${DEB_HOST_MULTIARCH}/security \
-   $(CURDIR)/debian/tmp/lib/${DEB_HOST_MULTIARCH}/
 
dh_install

Bug#1061861: libpam-ufpidentity: install PAM module into /usr

[Michael Biebl]

Source: libpam-ufpidentity
Version: 1.0-1
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libpam-ufpidentity installs files into /lib these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libpam-ufpidentity-1.0/debian/changelog 
libpam-ufpidentity-1.0/debian/changelog
--- libpam-ufpidentity-1.0/debian/changelog 2016-03-17 19:36:48.0 
+0100
+++ libpam-ufpidentity-1.0/debian/changelog 2024-01-29 22:32:26.0 
+0100
@@ -1,3 +1,10 @@
+libpam-ufpidentity (1.0-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Mon, 29 Jan 2024 22:32:26 +0100
+
 libpam-ufpidentity (1.0-1) unstable; urgency=low
 
   * Initial release (Closes: #813073)
diff -Nru libpam-ufpidentity-1.0/debian/rules 
libpam-ufpidentity-1.0/debian/rules
--- libpam-ufpidentity-1.0/debian/rules 2016-03-16 11:53:24.0 +0100
+++ libpam-ufpidentity-1.0/debian/rules 2024-01-29 22:32:22.0 +0100
@@ -4,6 +4,6 @@
 # Uncomment this to turn on verbose mode.
 export DH_VERBOSE=1
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
-export LIBDIR=/lib/${DEB_HOST_MULTIARCH}
+export LIBDIR=/usr/lib/${DEB_HOST_MULTIARCH}
 %:
dh $@ 

Bug#1061859: pam-u2f: install PAM module into /usr

[Michael Biebl]

Source: pam-u2f
Version: 1.1.0-1.1
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. pam-u2f installs files into /lib these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru pam-u2f-1.1.0/debian/changelog pam-u2f-1.1.0/debian/changelog
--- pam-u2f-1.1.0/debian/changelog  2021-06-05 15:04:24.0 +0200
+++ pam-u2f-1.1.0/debian/changelog  2024-01-29 22:27:22.0 +0100
@@ -1,3 +1,10 @@
+pam-u2f (1.1.0-1.2) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Mon, 29 Jan 2024 22:27:22 +0100
+
 pam-u2f (1.1.0-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru pam-u2f-1.1.0/debian/libpam-u2f.install 
pam-u2f-1.1.0/debian/libpam-u2f.install
--- pam-u2f-1.1.0/debian/libpam-u2f.install 2021-06-05 15:04:24.0 
+0200
+++ pam-u2f-1.1.0/debian/libpam-u2f.install 2024-01-29 22:27:05.0 
+0100
@@ -1 +1 @@
-lib/*/security/pam_u2f.so
+usr/lib/*/security/pam_u2f.so
diff -Nru pam-u2f-1.1.0/debian/rules pam-u2f-1.1.0/debian/rules
--- pam-u2f-1.1.0/debian/rules  2021-06-05 15:04:24.0 +0200
+++ pam-u2f-1.1.0/debian/rules  2024-01-29 22:27:15.0 +0100
@@ -8,7 +8,7 @@
 override_dh_auto_configure:
dh_auto_configure -- \
--disable-silent-rules \
-   --with-pam-dir=$(DESTDIR)/lib/$(DEB_HOST_MULTIARCH)/security
+   --with-pam-dir=/usr/lib/$(DEB_HOST_MULTIARCH)/security
 
 override_dh_installchangelogs:
dh_installchangelogs NEWS

Bug#1061855: libpam-ssh: install PAM module into /usr

[Michael Biebl]

Source: libpam-ssh
Version: 2.3+ds-6
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. libpam-ssh installs files into /lib these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru libpam-ssh-2.3+ds/debian/changelog libpam-ssh-2.3+ds/debian/changelog
--- libpam-ssh-2.3+ds/debian/changelog  2022-01-13 20:58:56.0 +0100
+++ libpam-ssh-2.3+ds/debian/changelog  2024-01-29 22:23:25.0 +0100
@@ -1,3 +1,10 @@
+libpam-ssh (2.3+ds-6.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Mon, 29 Jan 2024 22:23:25 +0100
+
 libpam-ssh (2.3+ds-6) unstable; urgency=medium
 
   * RC bug fix release (Closes: #1003617), correct d/pam-configs/ssh-*.
diff -Nru libpam-ssh-2.3+ds/debian/libpam-ssh.install 
libpam-ssh-2.3+ds/debian/libpam-ssh.install
--- libpam-ssh-2.3+ds/debian/libpam-ssh.install 2022-01-01 21:33:31.0 
+0100
+++ libpam-ssh-2.3+ds/debian/libpam-ssh.install 2024-01-29 22:23:18.0 
+0100
@@ -1,2 +1,2 @@
 debian/pam-configs/ssh-* usr/share/pam-configs
-lib/*/security/pam_ssh.so
+usr/lib/*/security/pam_ssh.so
diff -Nru libpam-ssh-2.3+ds/debian/rules libpam-ssh-2.3+ds/debian/rules
--- libpam-ssh-2.3+ds/debian/rules  2021-12-12 13:18:35.0 +0100
+++ libpam-ssh-2.3+ds/debian/rules  2024-01-29 22:23:06.0 +0100
@@ -11,7 +11,7 @@
dh $@
 
 override_dh_auto_configure:
-   dh_auto_configure -- --with-ssh-agent-group=ssh 
--with-pam-dir=/lib/$(DEB_HOST_MULTIARCH)/security
+   dh_auto_configure -- --with-ssh-agent-group=ssh 
--with-pam-dir=/usr/lib/$(DEB_HOST_MULTIARCH)/security
 
 override_dh_auto_install:
dh_auto_install --destdir debian/tmp/

Bug#1061854: shishi: install PAM module into /usr

[Michael Biebl]

Source: shishi
Version: 1.0.3-1
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. shishi installs files into /lib these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

Note: this should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
diff -Nru shishi-1.0.3/debian/changelog shishi-1.0.3/debian/changelog
--- shishi-1.0.3/debian/changelog   2022-08-07 18:29:29.0 +0200
+++ shishi-1.0.3/debian/changelog   2024-01-29 22:16:26.0 +0100
@@ -1,3 +1,10 @@
+shishi (1.0.3-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module into /usr. (Closes: #-1)
+
+ -- Michael Biebl   Mon, 29 Jan 2024 22:16:26 +0100
+
 shishi (1.0.3-1) unstable; urgency=medium
 
   * New upstream version 1.0.3
diff -Nru shishi-1.0.3/debian/libpam-shishi.install 
shishi-1.0.3/debian/libpam-shishi.install
--- shishi-1.0.3/debian/libpam-shishi.install   2022-08-07 04:17:31.0 
+0200
+++ shishi-1.0.3/debian/libpam-shishi.install   2024-01-29 22:13:13.0 
+0100
@@ -1 +1 @@
-lib/*/security/pam_shishi.so
+usr/lib/*/security/pam_shishi.so
diff -Nru shishi-1.0.3/debian/not-installed shishi-1.0.3/debian/not-installed
--- shishi-1.0.3/debian/not-installed   2022-08-07 12:33:13.0 +0200
+++ shishi-1.0.3/debian/not-installed   2024-01-29 22:16:26.0 +0100
@@ -1,2 +1,2 @@
 usr/lib/*/*.la
-lib/*/security/pam_shishi.la
+usr/lib/*/security/pam_shishi.la
diff -Nru shishi-1.0.3/debian/rules shishi-1.0.3/debian/rules
--- shishi-1.0.3/debian/rules   2022-08-07 10:06:48.0 +0200
+++ shishi-1.0.3/debian/rules   2024-01-29 22:13:07.0 +0100
@@ -21,7 +21,7 @@
 CONFIGURE_FLAGS = \
--disable-rpath \
--with-db-dir=/var/lib/shishi \
-   --with-pam-dir=/lib/$(DEB_HOST_MULTIARCH)/security \
+   --with-pam-dir=/usr/lib/$(DEB_HOST_MULTIARCH)/security \
--with-packager=Debian \
--with-packager-version=$(DEB_VERSION) \
--with-packager-bug-reports=https://bugs.debian.org/