Bug#1037559: systemd-networkd-wait-online waits undefinitely if no networkd managed interfaces
Hi, this bugfix caused a regression for me. I already filed and upstream report but didn't got any attention yet, see https://github.com/systemd/systemd-stable/issues/335 In short: I upraded from Debian 12.1 to Debian 12.2 using apt-get dist-upgrade which upgraded systemd from 252.12-1~deb12u1 to 252.17-1~deb12u1. After reboot I noticed that systemd-networkd-wait-online.service failed. Calling /lib/systemd/systemd-networkd-wait-online manually showed the same problem. /lib/systemd/systemd-networkd-wait-online --any or /lib/systemd/systemd-networkd-wait-online -i eth0 works. But systemd-networkd-wait-online should exit with success (zero exit code) when neither '--any' nor '--interface' options specified and at least one of the interfaces must be in configured state. Do you want me to fill a separate Debian bug or can we handle the regression in this bug which is linked to the change which caused the regression? -- Regards, Thomas
Bug#922815: insserv: FATAL: service mountkernfs has to be enabled to use service keyboard-setup.sh
On 2023-06-13 20:10, Thorsten Glaser wrote: I personally tend to use: apt-get --purge dist-upgrade This takes care of purging the configuration files of packages that get removed (take care, of course, to not let it remove things you still need, like the old PostgreSQL version until the cluster(s) have migrated). Thank you, I didn't know about mixing "dist-upgrade" command with "purge"! Now the system is really in a clean state with only debian12 packages installed. Is it? Remember that apt doesn’t know about leftover conffiles. Try: dpkg -l | grep -v ^ii | cut -c 1-$COLUMNS Yes, it is :) I run similar commands during the cleanup when we noticed the gnutls problem. All non debian12 packages are now purged. Just to be sure that there really isn't any leftover or manually added file which could interfere in some unexpected ways I even feeded all files through dpkg. -- Regards, Thomas
Bug#922815: insserv: FATAL: service mountkernfs has to be enabled to use service keyboard-setup.sh
Hi, I saw that message today while upgrading bookworm RC3 to RC4: [...] Setting up console-setup-linux (1.221) ... insserv: FATAL: service mountkernfs has to be enabled to use service keyboard-setup.sh [...] Note: The system was recently upgraded from Debian 8 (without systemd) to Debian 9 (where I switched to systemd) to Debian 12. In my case it looks like insserv was a leftover of $ aptitude why insserv i chkconfig Recommends insserv I purged both packages. -- Regards, Thomas
Bug#1036857: anope: Sending mails using sendmail fails due to AppArmor
Package: anope
Version: 2.0.9-1
Severity: important
X-Debbugs-Cc: whi...@whissi.de
When you try to send a mail via anope, i.e. expecting verification mail
after
/msg nickserv register
command, you will notice that anope will fail to send that mail.
Anope will log:
Error delivering mail for Tester (tes...@exmple.org)
When you attach strace to anope, you will spot
> 1241673 execve("/bin/sh", ["sh", "-c", "/usr/sbin/sendmail"], 0x5593d1a32e40
> /* 23 vars */) = -1 EACCES (Permission denied)
In dmesg you will see
> [Sun May 28 00:35:51 2023] audit: type=1400 audit(1685226997.426:16):
> apparmor="DENIED" operation="exec" profile="/usr/sbin/anope" name="/bin/dash"
> pid=1241413 comm="anope" requested_mask="x" denied_mask="x" fsuid=39 ouid=0
-- System Information:
Debian Release: 11.7
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-23-amd64 (SMP w/6 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages anope depends on:
ii init-system-helpers 1.60
ii libc62.31-13+deb11u6
ii libgcc-s110.2.1-6
ii libgnutls30 3.7.1-5+deb11u3
ii libldap-2.4-22.4.57+dfsg-3+deb11u1
ii libmariadb3 1:10.5.19-0+deb11u2
ii libpcre3 2:8.39-13
ii libsqlite3-0 3.34.1-3
ii libstdc++6 10.2.1-6
ii lsb-base 11.1.0
Versions of packages anope recommends:
ii exim4-daemon-light [mail-transport-agent] 4.94.2-7
anope suggests no packages.
-- no debconf information
Bug#1019140: fixed in unbound 1.17.1-2
Hi, any reason why you didn't apply same fix to |do_root_trust_anchor_updatefunction or did you just miss that function?| | | |Regards, Thomas |
Bug#1021547: udevd: Assertion 'nvme' failed at src/udev/udev-builtin-path_id.c:559, function find_real_nvme_parent(). Aborting.
Package: udev Version: 251.5-1 Severity: important Dear Maintainer, after upgrading to 251.5-1, my system failed to boot: Oct 10 00:15:53 host.example.org kernel: nvme nvme2: Shutdown timeout set to 10 seconds Oct 10 00:15:53 host.example.org kernel: nvme nvme1: Shutdown timeout set to 10 seconds Oct 10 00:15:53 host.example.org kernel: nvme nvme0: Shutdown timeout set to 10 seconds Oct 10 00:15:53 host.example.org kernel: nvme nvme0: 64/0/0 default/read/poll queues Oct 10 00:15:53 host.example.org kernel: nvme nvme1: 64/0/0 default/read/poll queues Oct 10 00:15:53 host.example.org kernel: nvme nvme2: 64/0/0 default/read/poll queues Oct 10 00:15:53 host.example.org systemd-udevd[858]: Assertion 'nvme' failed at src/udev/udev-builtin-path_id.c:559, function find_real_nvme_parent(). Aborting. Oct 10 00:15:53 host.example.org systemd-udevd[859]: Assertion 'nvme' failed at src/udev/udev-builtin-path_id.c:559, function find_real_nvme_parent(). Aborting. Oct 10 00:15:53 host.example.org systemd-udevd[813]: Assertion 'nvme' failed at src/udev/udev-builtin-path_id.c:559, function find_real_nvme_parent(). Aborting. Oct 10 00:15:53 host.example.org kernel: nvme0n1: p1 Oct 10 00:15:53 host.example.org kernel: nvme2n1: p1 Oct 10 00:15:53 host.example.org kernel: nvme1n1: p1 Oct 10 00:15:53 host.example.org systemd-coredump[974]: Failed to connect to coredump service: No such file or directory Oct 10 00:15:53 host.example.org systemd-udevd[697]: nvme0n1: Worker [858] terminated by signal 6 (ABRT). Oct 10 00:15:53 host.example.org systemd-coredump[975]: Failed to connect to coredump service: No such file or directory Oct 10 00:15:53 host.example.org systemd-coredump[976]: Failed to connect to coredump service: No such file or directory Oct 10 00:15:53 host.example.org systemd-udevd[697]: nvme2n1: Worker [859] terminated by signal 6 (ABRT). Oct 10 00:15:53 host.example.org systemd-udevd[697]: nvme1n1: Worker [813] terminated by signal 6 (ABRT). [...] Oct 10 00:16:57 host.example.org systemd-udevd[1238]: nvme0n1: Worker [1247] processing SEQNUM=4863 is taking a long time Oct 10 00:16:57 host.example.org systemd-udevd[1238]: nvme2n1: Worker [1254] processing SEQNUM=4869 is taking a long time Oct 10 00:16:57 host.example.org systemd-udevd[1238]: nvme1n1: Worker [1251] processing SEQNUM=4866 is taking a long time Oct 10 00:17:26 host.example.org systemd[1]: dev-disk-by\x2duuid-89acccda\x2d811d\x2d4075\x2d8b08\x2d0a2ff3cd6053.device: Job dev-disk-by\x2duuid-89acccda\x2d811d\x2d4075\x2d8b08\x2d0a2ff3cd6053.device/start timed out. Oct 10 00:17:26 host.example.org systemd[1]: Timed out waiting for device /dev/disk/by-uuid/89acccda-811d-4075-8b08-0a2ff3cd6053. Oct 10 00:17:26 host.example.org systemd[1]: Dependency failed for /srv/machines. Oct 10 00:17:26 host.example.org systemd[1]: Dependency failed for Local File Systems. Oct 10 00:17:26 host.example.org systemd[1]: local-fs.target: Job local-fs.target/start failed with result 'dependency'. Oct 10 00:17:26 host.example.org systemd[1]: local-fs.target: Triggering OnFailure= dependencies. Oct 10 00:17:26 host.example.org systemd[1]: Dependency failed for /var/lib/machines. Oct 10 00:17:26 host.example.org systemd[1]: var-lib-machines.mount: Job var-lib-machines.mount/start failed with result 'dependency'. Oct 10 00:17:26 host.example.org systemd[1]: srv-machines.mount: Job srv-machines.mount/start failed with result 'dependency'. I reported this upstream: https://github.com/systemd/systemd/issues/24945 Upstream fix: https://github.com/systemd/systemd/commit/6209bbbd4b1c9ed2886028ab2ee3df0a7d0e2494 -- Package-specific info: -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.19.0-2-amd64 (SMP w/42 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages udev depends on: ii adduser 3.129 ii libacl1 2.3.1-1 ii libblkid12.38.1-1 ii libc62.35-2 ii libcap2 1:2.44-1 ii libkmod2 30+20220630-3 ii libselinux1 3.4-1+b2 ii libudev1 251.5-1 udev recommends no packages. udev suggests no packages. Versions of packages udev is related to: ii systemd 251.5-1 -- no debconf information
Bug#1015922: dracut-core: grep missing in 90lvm/lvm_scan
Hi, I also hit this today. Upstream fix: https://github.com/dracutdevs/dracut/commit/79f9d9e1c29a9c8fc046ab20765e5bde2aaa3428 Should be included if we bump to 057. -- Regards, Thomas
Bug#1019140: unbound-resolvconf.service will always be in failed state when you set RESOLVCONF=false
Hi,
may I suggest to apply the following changes?
$ diff -u /usr/libexec/unbound-helper.ori /usr/libexec/unbound-helper
--- /usr/libexec/unbound-helper.ori 2022-10-04 17:25:48.531922943 +0200
+++ /usr/libexec/unbound-helper 2022-10-04 17:26:58.143255583 +0200
@@ -24,7 +24,7 @@
fi
do_resolvconf_start() {
-[ false != "$RESOLVCONF" -a -x /sbin/resolvconf ] || return
+[ false != "$RESOLVCONF" -a -x /sbin/resolvconf ] || return 0
unbound-checkconf $CHROOT_DIR/$UNBOUND_CONF -o interface | {
default=yes
@@ -44,13 +44,13 @@
}
do_resolvconf_stop() {
-[ false != "$RESOLVCONF" -a -x /sbin/resolvconf ] || return
+[ false != "$RESOLVCONF" -a -x /sbin/resolvconf ] || return 0
/sbin/resolvconf -d lo.unbound
}
do_chroot_setup() {
-[ -n "$CHROOT_DIR" -a -d "$CHROOT_DIR" ] || return
+[ -n "$CHROOT_DIR" -a -d "$CHROOT_DIR" ] || return 0
if [ "$CHROOT_DIR" != "$UNBOUND_BASE_DIR" ]; then
# we probably should not do the force-recreate but just a refresh
rm -rf "$CHROOT_DIR/$UNBOUND_BASE_DIR"
@@ -79,7 +79,7 @@
do_root_trust_anchor_update() {
[ false != "$ROOT_TRUST_ANCHOR_UPDATE" -a \
-n "$ROOT_TRUST_ANCHOR_FILE" -a \
- -r "$DNS_ROOT_KEY_FILE" ] || return
+ -r "$DNS_ROOT_KEY_FILE" ] || return 0
if [ ! -e "$ROOT_TRUST_ANCHOR_FILE" ] ||
# we do not want to copy if unbound's file is more recent
Without a return value, return would return the result of the previous
if clause which is set to FALSE when the feature or condition isn't met.
Thanks!
--
Regards,
Thomas
Bug#1014456: unbound: Please enable cachedb and redis support
On Fri, 12 Aug 2022 12:53:39 +0300 Michael Tokarev wrote: What does cachedb/redis bring us, how these can be used? It will allow us to keep cache during reboot. For example: I set up a new Debian bookworm box where I am using unbound as resolver (default configuration; apt-get install unbound && systemctl start unbound): $ cat /etc/resolv.conf nameserver 127.0.0.1 With primed cache, $ time ping -q -c 1 google.com PING google.com(fra24s06-in-x0e.1e100.net (2a00:1450:4001:829::200e)) 56 data bytes --- google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.730/3.730/3.730/0.000 ms real0m0.007s user0m0.000s sys 0m0.003s If I do the same after reboot when unbound service has started: $ time ping -q -c 1 google.com PING google.com(fra24s07-in-x0e.1e100.net (2a00:1450:4001:82a::200e)) 56 data bytes --- google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.621/3.621/3.621/0.000 ms real0m3.254s user0m0.003s sys 0m0.000s Keep in mind that you will experience this delay for _every_ TLD due to DNSSEC records. Or imagine a remote box where you try to SSH into which will be delayed for ~3s because this box has to do PTR lookup for your IP address. Configuring cache db feature in unbound would allow me to store unbound cache in Redis for example so unbound can provide fast answers directly after boot. -- Regards, Thomas
Bug#1021229: dracut: dracut-shutdown.service fails because dracut looks for initramfs instead initrd
Package: dracut-core
Version: 056-3
Severity: important
Dear Maintainer,
I noticed that on shutdown, dracut-shutdown.service failed on my box:
Oct 04 03:33:16 foo.example.org systemd[1]: dracut-shutdown.service:
Control process exited, code=exited, status=1/FAILURE
Oct 04 03:33:16 foo.example.org systemd[1]: dracut-shutdown.service:
Failed with result 'exit-code'.
Oct 04 03:33:16 foo.example.org systemd[1]: Stopped Restore
/run/initramfs on shutdown.
That's because Debian is using "initrd.img-${KERNEL_VERSION}" naming but
/usr/lib/dracut/dracut-initramfs-restore does NOT take this into account.
I guess that the initrd-not-initramfs.patch needs a refresh:
You will either want to rename initramfs- to initrd.img- in
https://salsa.debian.org/debian/dracut/-/blob/29707b9061841432a4ac466aa03f813d279cd46d/dracut-initramfs-restore.sh#L41-42
or add another elif clause to match Debian's initrd.img.
At least this fixed the problem for me.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.19.0-2-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dracut-core depends on:
ii cpio 2.13+dfsg-7.1
ii e2fsprogs 1.46.6~rc1-1
ii kmod 30+20220630-3
ii kpartx 0.9.0-4
ii libc6 2.35-1
ii libkmod2 30+20220630-3
ii udev 251.4-3
Versions of packages dracut-core recommends:
ii binutils 2.39-6
ii console-setup 1.210
ii cryptsetup 2:2.5.0-3
pn dmraid
ii dmsetup2:1.02.185-1
ii lvm2 2.03.16-1
pn mdadm
ii pigz 2.6-1
ii pkg-config 0.29.2-1
ii systemd251.4-3
dracut-core suggests no packages.
-- no debconf information
Bug#1020426: usrmerge fails configure: Can't locate autodie.pm in @INC [...] at /usr/lib/usrmerge/convert-etc-shells line 13
Package: usrmerge Version: 30 Severity: important Dear Maintainer, I was trying to install Debian bookworm using firmware-testing-amd64-netinst.iso from 2022-09-21 14:22 (https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/daily-builds/sid_d-i/current/amd64/iso-cd/). However, debootstrap failed: Sep 21 14:20:16 debootstrap: /usr/sbin/debootstrap --components=main --debian-installer --resolve-deps --no-check-gpg bookworm /target file:///cdrom/ Sep 21 14:20:21 debootstrap: dpkg: warning: parsing file '/var/lib/dpkg/status' near line 5 package 'dpkg': Sep 21 14:20:21 debootstrap: missing 'Description' field Sep 21 14:20:21 debootstrap: dpkg: warning: parsing file '/var/lib/dpkg/status' near line 5 package 'dpkg': Sep 21 14:20:21 debootstrap: missing 'Architecture' field Sep 21 14:20:21 debootstrap: Selecting previously unselected package base-passwd. Sep 21 14:20:21 debootstrap: (Reading database ... 0 files and directories currently installed.) Sep 21 14:20:21 debootstrap: Preparing to unpack .../base-passwd_3.6.0_amd64.deb ... Sep 21 14:20:21 debootstrap: Unpacking base-passwd (3.6.0) ... Sep 21 14:20:21 debootstrap: Setting up base-passwd (3.6.0) ... Sep 21 14:20:21 debootstrap: dpkg: base-passwd: dependency problems, but configuring anyway as you requested: Sep 21 14:20:21 debootstrap: base-passwd depends on libc6 (>= 2.34); however: Sep 21 14:20:21 debootstrap: Package libc6 is not installed. Sep 21 14:20:21 debootstrap: base-passwd depends on libdebconfclient0 (>= 0.145); however: Sep 21 14:20:21 debootstrap: Package libdebconfclient0 is not installed. Sep 21 14:20:21 debootstrap: base-passwd depends on libselinux1 (>= 3.1~); however: Sep 21 14:20:21 debootstrap: Package libselinux1 is not installed. Sep 21 14:20:21 debootstrap: Sep 21 14:20:21 debootstrap: dpkg: warning: parsing file '/var/lib/dpkg/status' near line 24 package 'dpkg': Sep 21 14:20:21 debootstrap: missing 'Description' field Sep 21 14:20:21 debootstrap: dpkg: warning: parsing file '/var/lib/dpkg/status' near line 24 package 'dpkg': Sep 21 14:20:21 debootstrap: missing 'Architecture' field Sep 21 14:20:21 debootstrap: Selecting previously unselected package base-files. Sep 21 14:20:21 debootstrap: dpkg: regarding .../base-files_12.2_amd64.deb containing base-files, pre-dependency problem: Sep 21 14:20:21 debootstrap: base-files pre-depends on awk Sep 21 14:20:21 debootstrap: awk is not installed. Sep 21 14:20:21 debootstrap: Sep 21 14:20:21 debootstrap: dpkg: warning: ignoring pre-dependency problem! Sep 21 14:20:21 debootstrap: (Reading database ... 41 files and directories currently installed.) Sep 21 14:20:21 debootstrap: Preparing to unpack .../base-files_12.2_amd64.deb ... Sep 21 14:20:21 debootstrap: Unpacking base-files (12.2) ... Sep 21 14:20:22 debootstrap: Setting up base-files (12.2) ... Sep 21 14:20:22 debootstrap: dpkg: base-files: dependency problems, but configuring anyway as you requested: Sep 21 14:20:22 debootstrap: base-files depends on awk; however: Sep 21 14:20:22 debootstrap: Package awk is not installed. Sep 21 14:20:22 debootstrap: Sep 21 14:20:22 debootstrap: dpkg: warning: parsing file '/var/lib/dpkg/status' near line 51 package 'dpkg': Sep 21 14:20:22 debootstrap: missing 'Description' field Sep 21 14:20:22 debootstrap: dpkg: warning: parsing file '/var/lib/dpkg/status' near line 51 package 'dpkg': Sep 21 14:20:22 debootstrap: missing 'Architecture' field Sep 21 14:20:22 debootstrap: dpkg: regarding .../archives/dpkg_1.21.9_amd64.deb containing dpkg, pre-dependency problem: Sep 21 14:20:22 debootstrap: dpkg pre-depends on libbz2-1.0 Sep 21 14:20:22 debootstrap: libbz2-1.0 is not installed. Sep 21 14:20:22 debootstrap: Sep 21 14:20:22 debootstrap: dpkg: warning: ignoring pre-dependency problem! Sep 21 14:20:22 debootstrap: dpkg: regarding .../archives/dpkg_1.21.9_amd64.deb containing dpkg, pre-dependency problem: Sep 21 14:20:22 debootstrap: dpkg pre-depends on libc6 (>= 2.33) Sep 21 14:20:22 debootstrap: libc6 is not installed. Sep 21 14:20:22 debootstrap: Sep 21 14:20:22 debootstrap: dpkg: warning: ignoring pre-dependency problem! Sep 21 14:20:22 debootstrap: dpkg: regarding .../archives/dpkg_1.21.9_amd64.deb containing dpkg, pre-dependency problem: Sep 21 14:20:22 debootstrap: dpkg pre-depends on liblzma5 (>= 5.2.2) Sep 21 14:20:22 debootstrap: liblzma5 is not installed. Sep 21 14:20:22 debootstrap: Sep 21 14:20:22 debootstrap: dpkg: warning: ignoring pre-dependency problem! Sep 21 14:20:22 debootstrap: dpkg: regarding .../archives/dpkg_1.21.9_amd64.deb containing dpkg, pre-dependency problem: Sep 21 14:20:22 debootstrap: dpkg pre-depends on libselinux1 (>= 3.1~) Sep 21 14:20:22 debootstrap: libselinux1 is not installed. Sep 21 14:20:22 debootstrap: Sep 21 14:20:22 debootstrap: dpkg: warning: ignoring pre-dependency problem! Sep 21 14:20:22 debootstrap: dpkg: regarding .../archives/dpkg_1.21.9_amd64.deb
Bug#1019140: unbound-resolvconf.service will always be in failed state when you set RESOLVCONF=false
Package: unbound Version: 1.16.2-1 Severity: normal Dear Maintainer, I am using unbound as recursive dns resolver for my local network, not just for localhost. My /etc/resolv.conf is mintainted by systemd-resolved and DNS server gets set by systemd-networkd. In the past, unbound-resolvconf.service was skipped: Aug 25 03:51:47 router systemd[1]: Unbound asyncronous resolvconf update helper was skipped because of a failed condition check (ConditionFileIsExecutable=/sbin/resolvconf). Since systemd was upgraded (251.3-1 -> 251.4-3) and systemd-resolved became an own package which now provides /sbin/resolvconf, unit is no longer being skipped and fails now: Sep 04 14:46:59 router resolvconf[1078]: No DNS servers specified, refusing operation. Because DNS server is getting set via systemd-networkd/systemd-resolved on this box, I created $ echo RESOLVCONF=false > /etc/default/unbound However, while resolvconf part is now beeing skipped by /usr/libexec/unbound-helper, unit is still failing: Sep 04 14:50:38 router systemd[1]: Started Unbound asyncronous resolvconf update helper. Sep 04 14:50:38 router systemd[1]: unbound-resolvconf.service: Main process exited, code=exited, status=1/FAILURE Sep 04 14:50:38 router systemd[1]: unbound-resolvconf.service: Failed with result 'exit-code'. This seems to happen because of $ /usr/libexec/unbound-helper resolvconf_start + UNBOUND_CONF=/etc/unbound/unbound.conf + UNBOUND_BASE_DIR=/etc/unbound + unbound-checkconf -o chroot + CHROOT_DIR= + DNS_ROOT_KEY_FILE=/usr/share/dns/root.key + ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key + RESOLVCONF=true + ROOT_TRUST_ANCHOR_UPDATE=true + [ -f /etc/default/unbound ] + . /etc/default/unbound + RESOLVCONF=false + RESOLVCONF=false + do_resolvconf_start + [ false != false -a -x /sbin/resolvconf ] + return router ~ $ echo $? 1 -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.18.0-4-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages unbound depends on: ii adduser 3.128 ii init-system-helpers 1.64 ii libc62.34-7 ii libevent-2.1-7 2.1.12-stable-5+b1 ii libnghttp2-141.49.0-1 ii libprotobuf-c1 1.4.1-1 ii libpython3.103.10.6-1 ii libssl3 3.0.5-2 ii libsystemd0 251.4-3 ii lsb-base 11.2 Versions of packages unbound recommends: ii dns-root-data 2021011101 Versions of packages unbound suggests: ii apparmor 3.0.7-1 ii openssl 3.0.5-2 -- no debconf information
Bug#1016879: prometheus-mysqld-exporter: Replace 'auth_socket' with 'unix_socket' in /etc/default/prometheus-mysqld-exporter
Package: prometheus-mysqld-exporter Version: 0.14.0-1+b1 Severity: normal Dear Maintainer, in /etc/default/prometheus-mysqld-exporter it is written > [...] > ### Monitoring user creation. > # > # You need a user with enough privileges for the exporter to run. > # > # Example to create a user to connect (only) via UNIX socket: > # CREATE USER IF NOT EXISTS 'prometheus'@'localhost' IDENTIFIED WITH auth_socket; > # > [...] However, when you will follow this advice you will get the error message > /* SQL Error (1524): Plugin 'auth_socket' is not loaded */ That's because in MariaDB 10.4.3 and later, "auth_socket" was replaced by "unix_socket". I would suggest to update the default config file. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.18.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages prometheus-mysqld-exporter depends on: ii adduser 3.123 ii init-system-helpers 1.64 ii libc62.33-8 prometheus-mysqld-exporter recommends no packages. Versions of packages prometheus-mysqld-exporter suggests: ii default-mysql-server1.0.8 ii mariadb-server-10.6 [virtual-mysql-server] 1:10.6.8-1 -- Configuration Files: /etc/default/prometheus-mysqld-exporter changed [not included] -- no debconf information
Bug#940505: pure-ftpd: TLS 1.3 support broken
Source: pure-ftpd Severity: grave Justification: causes non-serious data loss Dear Maintainer, please consider disabling TLS 1.3 support. While you added TLS 1.3 compatibility through bug 918630, this uncovered a grave bug in pure-ftpd, see https://github.com/jedisct1/pure-ftpd/issues/102 or https://bugzilla.redhat.com/show_bug.cgi?id=1654838#c5 It's fixed in newer pure-ftpd versions. However, it's not easy to backport because upstream refactored TLS code while fixing this bug. That's why I am requesting to disable TLS 1.3 to avoid data loss. -- System Information: Debian Release: 9.9 APT prefers stable APT policy: (1001, 'stable'), (990, 'oldstable'), (500, 'oldstable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#861262: sphinxsearch needs systemd unit file
Hi, Debian still provides a generic fallback for sysvinit scripts for packages not providing a systemd unit like sphinxsearch. The problem is that this fallback isn't aware of anything else like "stop" and "start", i.e. systemd will only call sphinxsearch's runscript with either "start" or "stop" argument. Due to that, the only lines/function using $DODTIME are never executed. I would recommend the following fix: > - stop) > -echo -n "Stopping $DESC: " > -do_stop > -echo "$NAME." > -;; > - force-stop) > + stop|force-stop) >echo -n "Forcefully stopping $DESC: " >do_force_stop >if ! running ; then While this sounds dangerous (always "force-stop" instead of just "stop") this shouldn't be a problem because "do_force_stop()" calls "kill -15" at the beginning, i.e. the same thing "do_stop()" would do using start-stop-daemon. The only difference is that "do_force_stop()" now waits $DODTIME and _only_ if the service is still running it will be forcefully killed (which should be safe at this stage or you should increase $DODTIME if this doesn't fit your needs). -- Regards, Thomas
