Re: sound vanished with a reboot?

[Lisi Reisz]

On Sunday 22 March 2015 06:12:48 Ric Moore wrote:
> On 03/21/2015 10:12 PM, Gene Heskett wrote:
> > Greetings audio guru's;
> >
> > All sound Except the new mail beep from kmail, vanished with the first
> > reboot after 20 days uptime while dinking around with what was sold to
> > me as a new 2Tb Toshiba drive, but which did not turn out to be a
> > sealed box.  I do not think its related.
> >
> > Pursuant to someones suggestions, I installed pavuctl and pavumeter this
> > morning early, but according to synaptic, that is the extent of the pulse
> > install, no other pulse stuff is seen as installed by synaptic.  And of
> > coarse, they don't work, no server.
>
> KDE has it's own notion of sound. Good luck! :0 Ric

Gene is using TDE now.

You don't mention it, Gene, but what about pulseaudio itself?

And is your sound card OK?  Perhaps run a live CD to check?

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503220641.54944.lisi.re...@gmail.com

Re: sound vanished with a reboot?

[Ric Moore]

On 03/21/2015 10:12 PM, Gene Heskett wrote:

Greetings audio guru's;

All sound Except the new mail beep from kmail, vanished with the first
reboot after 20 days uptime while dinking around with what was sold to
me as a new 2Tb Toshiba drive, but which did not turn out to be a
sealed box.  I do not think its related.

Pursuant to someones suggestions, I installed pavuctl and pavumeter this
morning early, but according to synaptic, that is the extent of the pulse
install, no other pulse stuff is seen as installed by synaptic.  And of
coarse, they don't work, no server.


KDE has it's own notion of sound. Good luck! :0 Ric


--
My father, Victor Moore (Vic) used to say:
"There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome." R.I.P. Dad.
http://linuxcounter.net/user/44256.html


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550e5d60.6090...@gmail.com

Re: Problem forward/postroute http/https thru vlan-ed interface.

[Bob Proulx]

Mimiko wrote:
> What is wrong with http/htpps ? Why icmp works, ftp works, but http/https is
> not working?

Since Sven pointed out that I was out of date I no longer have a
clue.

To debug this I would run tcpdump on both sides of the router and
examine the packets for http and verify that they are being passed
through and NAT'd correctly.  You should be able to verify the return
packets through the router.  If there is a problem along the way then
you should be able to see where the packets are getting lost.  That
should point to the problem.

> The same configuration of iptables, ip route but moving to eth1 and eth2 -
> physical interfaces for each ISP - all works as it should be.

IMNHO if you can use two different physical interfaces then I think
that is the better way to do it.

Bob


signature.asc
Description: Digital signature

Re: Problem forward/postroute http/https thru vlan-ed interface.

[Bob Proulx]

Sven Hartge wrote:
> Bob Proulx  wrote:
> > I see no vlans in your configuration above.  The above simply shows
> > additional IP addresses being assigned.  If your switch is requiring
> > vlan tagging then that is likely your problem.
> 
> Ah, nope. 
> 
> It's "magic". Since Wheezy ifupdown knows the notation 
> "interface dot VLAN-ID" and automatically creates an appropriatly
> configured interface. (In Squeeze you needed the "vlan"-package or a
> small scriptled in /etc/network/if-pre-up.d to issue the correct
> "ip"-commands.)

What?  They have changed the syntax and I am out of date?!  Horrors!  :-/
I will go and learn the new syntax for these things.

  VLAN AND BRIDGE INTERFACES
   To ease the configuration  of  VLAN  interfaces,  interfaces  having  .
   (full  stop character) in the name are configured as 802.1q tagged vir-
   tual LAN interface. For example, interface eth0.1 is a  virtual  inter-
   face having eth0 as physical link, with VLAN ID 1.

   For  compatibility with bridge-utils package, if bridge_ports option is
   specified, VLAN interface configuration is not performed.

Thanks for pointing this out.

> > See the documentation for setting up vlans here:
> 
> >   https://wiki.debian.org/NetworkConfiguration
> 
> That is horribly outdated. It even says "Etch" on the part for VLANs.

Would you feel like updating it?  It is a wiki after all.

Bob


signature.asc
Description: Digital signature

sound vanished with a reboot?

[Gene Heskett]

Greetings audio guru's;

All sound Except the new mail beep from kmail, vanished with the first 
reboot after 20 days uptime while dinking around with what was sold to 
me as a new 2Tb Toshiba drive, but which did not turn out to be a 
sealed box.  I do not think its related.

Pursuant to someones suggestions, I installed pavuctl and pavumeter this 
morning early, but according to synaptic, that is the extent of the pulse 
install, no other pulse stuff is seen as installed by synaptic.  And of
coarse, they don't work, no server.

But it has just worked through 4 or 5 other reboots 20 days+ prior to this one.

Do we have any tracing tools that would allow me to start at the usual 
iceweasal audio output and see how its all linked & maybe discover 
where the stream of data is getting lost?

From an lspci -vv output, this I believe is the motherboard hardware. 
There is also an eVga card with an unbonded HDMI output.  It checks in
in an lspci output as Device 1302

But it uses the same snd-hda-intel module as the motherboard one uses, 
so I cannot blacklist it by the usual means

00:06.1 Audio device: NVIDIA Corporation MCP55 High Definition Audio (rev a2)
Subsystem: ASUSTeK Computer Inc. Device 81f6
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- http://geneslinuxbox.net:6309/gene>


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503212212.35592.ghesk...@wdtv.com

Re: Problem forward/postroute http/https thru vlan-ed interface.

[Sven Hartge]

Bob Proulx  wrote:
> Mimiko wrote:

>> I set up in interfaces:
>> auto eth0
>> iface eth0 inet static
>>   address local_lan_ip
>>   netmask mask
>> auto eth1.2
>> iface eth1.2 inet static
>>   address isp1
>>   netmask mask
>> auto eth1.4
>> iface eth2.4 inet static
>>   address isp2
>>   netmask mask
>> 
>> VLAN ID 2 is for tagging to ISP1
>> VLAN ID 4 is for tagging to ISP2

> I see no vlans in your configuration above.  The above simply shows
> additional IP addresses being assigned.  If your switch is requiring
> vlan tagging then that is likely your problem.

Ah, nope. 

It's "magic". Since Wheezy ifupdown knows the notation 
"interface dot VLAN-ID" and automatically creates an appropriatly
configured interface. (In Squeeze you needed the "vlan"-package or a
small scriptled in /etc/network/if-pre-up.d to issue the correct
"ip"-commands.)

Try for you self, put one config like the above in your
network/interfaces file and use "ifup -v" to see what commands are used.

Also see the man-page for interfaces(5):

,
| VLAN AND BRIDGE INTERFACES
|To  ease  the  configuration  of  VLAN  interfaces, interfaces having .
|(full stop character) in the name are configured as 802.1q tagged  vir‐
|tual  LAN  interface. For example, interface eth0.1 is a virtual inter‐
|face having eth0 as physical link, with VLAN ID 1.
`

> See the documentation for setting up vlans here:

>   https://wiki.debian.org/NetworkConfiguration

That is horribly outdated. It even says "Etch" on the part for VLANs.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/hbfnsl4ro...@mids.svenhartge.de

Re: Why no security update of apache2 concerning SSLv3?

[Gene Heskett]

On Saturday 21 March 2015 20:28:50 Bob Proulx wrote:
> Gene Heskett wrote:
[...]
> > > It is in the /etc/apache2/envvars file.
> >
> > Ahh, lemme check. BRB.  Humm, its not in that file, so
> >
> > >   $ grep APACHE_RUN_DIR /etc/apache2/envvars
> > >   export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
> >
> > Add this, restart.  Solves both problems.  Thank you, Bob.
>
> That file has a lot of stuff in it.  If you were missing that then you
> are probably missing a lot of that file.  I would be inclined to
> re-install apache2.2-common in order to get a clean copy of that
> file.  Normally there isn't any reason to need to modify it.  I will
> include a copy from Wheezy 7 at the end.
>
> Bob
>
> # envvars - default environment variables for apache2ctl
>
> # this won't be correct after changing uid
> unset HOME

Not present. I assume it has to do with the below missing stanza?

> # for supporting multiple apache2 instances
> if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ;
> then SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
> else
>   SUFFIX=
> fi

This above "if:fi" stanza is not present, but I'm only running one 
startup.

I assume this is for serving two+ unrelated sites from one machine?

> # Since there is no sane way to get the parsed apache2 config in
> scripts, some # settings are defined via environment variables and
> then used in apache2ctl, # /etc/init.d/apache2,
> /etc/logrotate.d/apache2, etc.
> export APACHE_RUN_USER=www-data
> export APACHE_RUN_GROUP=www-data
> export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid
> export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
> export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX

And this  one was missing too. Added, effect unk ATM.
restart was as expected.

> # Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
> export APACHE_LOG_DIR=/var/log/apache2$SUFFIX

Present.
>
> ## The locale used by some modules like mod_dav
> export LANG=C

present.
> ## Uncomment the following line to use the system default locale
> instead: #. /etc/default/locale
>
> export LANG
present.
>
> ## The command to get the status for 'apache2ctl status'.
> ## Some packages providing 'www-browser' need '--dump' instead of
> '-dump'. #export APACHE_LYNX='www-browser -dump'
>
> ## If you need a higher file descriptor limit, uncomment and adjust
> the ## following line (default is 8192):
> #APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
>
>
> ## If you would like to pass arguments to the web server, add them
> below ## to the APACHE_ARGUMENTS environment.
> #export APACHE_ARGUMENTS=''

Unless someone else see's a problem, it looks like I am, as was said in 
1960 while building Titan missiles in South Dakota, FAT, dumb & happy.

Now, sound, but that is another thread.  Thanks for your patience Bob.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503212137.51407.ghesk...@wdtv.com

Re: Why no security update of apache2 concerning SSLv3?

[Bob Proulx]

Gene Heskett wrote:
> > Are you running FastCGI with your Apache instead of the internal
> > Apache handler?  (Which is fine.)  Check the configuration for it.
> > Something might be snafu there setting the communication socket.
> 
> I think I am, but its been years since I last messed with that.  Is there 
> a quick way to tell someplace in the /etc/apache2 tree?

I would try grep'ing the entire tree looking for the socket file name.
That config has to be in there somewhere.

  grep -r cgisock /etc/apache2

> > > No clue how to fix this one, APACHE_RUN_DIR is not set in the
> > > environment. Broken init.d script perhaps??
> >
> > It is in the /etc/apache2/envvars file.
> 
> Ahh, lemme check. BRB.  Humm, its not in that file, so
> >
> >   $ grep APACHE_RUN_DIR /etc/apache2/envvars
> >   export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
> 
> Add this, restart.  Solves both problems.  Thank you, Bob.

That file has a lot of stuff in it.  If you were missing that then you
are probably missing a lot of that file.  I would be inclined to
re-install apache2.2-common in order to get a clean copy of that
file.  Normally there isn't any reason to need to modify it.  I will
include a copy from Wheezy 7 at the end.

Bob

# envvars - default environment variables for apache2ctl

# this won't be correct after changing uid
unset HOME

# for supporting multiple apache2 instances
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
SUFFIX=
fi

# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX

## The locale used by some modules like mod_dav
export LANG=C
## Uncomment the following line to use the system default locale instead:
#. /etc/default/locale

export LANG

## The command to get the status for 'apache2ctl status'.
## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
#export APACHE_LYNX='www-browser -dump'

## If you need a higher file descriptor limit, uncomment and adjust the
## following line (default is 8192):
#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'


## If you would like to pass arguments to the web server, add them below
## to the APACHE_ARGUMENTS environment.
#export APACHE_ARGUMENTS=''


signature.asc
Description: Digital signature

Re: Why no security update of apache2 concerning SSLv3?

[Gene Heskett]

On Saturday 21 March 2015 19:25:53 Bob Proulx wrote:
> Gene Heskett wrote:
> > Bob Proulx wrote:
> > > $ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf
> > > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
> >
> > This is not valid for a 2.22 install
>
> What is the error you are seeing?  That looks to be okay to me.

That site said it was 2.24 & newer only from the way I read it.

>   rwp@havoc:~$ cat /etc/debian_version
>   7.8
>
>   rwp@havoc:~$ dpkg -l apache2
>   Desired=Unknown/Install/Remove/Purge/Hold
>
>   | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait
>   |/Trig-pend / Err?=(none)/Reinst-required (Status,Err:
>   | uppercase=bad)
>   |
>   ||/ Name   Version  Architecture Description
>
>  
> +++-==---=
> ii  apache22.2.22-13+de i386 Apache HTTP
> Server metapackage
>
>   rwp@havoc:~$ grep SSLCipherSuite
> /etc/apache2/mods-available/ssl.conf SSLCipherSuite
> HIGH:MEDIUM:!aNULL:!MD5
>   #   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
>   #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
>
> Note however that I always override it in the site config file.  But
> the point is that I think you must have some other problem in your
> configuration.
>
> > However on the restart, I logged this in /var/log/apache2/error.log:
> >
> > [Sat Mar 21 18:08:02 2015] [info] removed PID file
> > /var/run/apache2.pid (pid=2954) [Sat Mar 21 18:08:02 2015] [notice]
> > caught SIGTERM, shutting down [Sat Mar 21 18:08:03 2015] [notice]
> > Apache/2.2.22 (Debian) configured -- resuming normal operations [Sat
> > Mar 21 18:08:03 2015] [info] Server built: Dec 27 2014 21:24:43 [Sat
> > Mar 21 18:08:03 2015] [debug] worker.c(1757): AcceptMutex: sysvsem
> > (default: sysvsem) [Sat Mar 21 18:08:03 2015] [error] (2)No such
> > file or directory: Couldn't bind unix domain socket
> > /var/log/httpd/${APACHE_RUN_DIR}/cgisock.4944
>
> Using /var/log/httpd on a Debian system?  The use of "httpd" is more
> typical of a Red Hat system.  Did you make an edit that followed a Red
> Hat guide on your Debian system and cross the streams?
>
> Are you running FastCGI with your Apache instead of the internal
> Apache handler?  (Which is fine.)  Check the configuration for it.
> Something might be snafu there setting the communication socket.

I think I am, but its been years since I last messed with that.  Is there 
a quick way to tell someplace in the /etc/apache2 tree?

> Also a cgi communication socket would normally go in /var/run not
> /var/log.  So something is snafu there.  For example using
> /var/run/fcgiwrap.socket is typical with fcgiwrap and spawn-fcgi.
>
> When I restart my Debian apache2 I see this:
>
>   # service apache2 restart
>
>   [Sat Mar 21 17:10:16 2015] [notice] caught SIGTERM, shutting down
>   [Sat Mar 21 17:10:17 2015] [notice] Apache/2.2.22 (Debian) DAV/2
> SVN/1.6.17 configured -- resuming normal operations

So obviously I've enabled something, maybe fastcgi?
> I hate to ask but it is also important to know if you are using
> systemd or not since it affects everything.

Not yet, although there are whispers of it presence in the form of unused 
directories a couple places I tripped over it.

> > No clue how to fix this one, APACHE_RUN_DIR is not set in the
> > environment. Broken init.d script perhaps??
>
> It is in the /etc/apache2/envvars file.

Ahh, lemme check. BRB.  Humm, its not in that file, so
>
>   $ grep APACHE_RUN_DIR /etc/apache2/envvars
>   export APACHE_RUN_DIR=/var/run/apache2$SUFFIX

Add this, restart.  Solves both problems.  Thank you, Bob.
>
> > [Sat Mar 21 18:08:04 2015] [crit] cgid daemon failed to initialize
> >
> > But this seems to be a never mind as it doesn't seem to effect
> > performance in any case.  How important is it?
>
> I have no idea.
>
> Bob

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503212021.45499.ghesk...@wdtv.com

Re: Problem forward/postroute http/https thru vlan-ed interface.

[Bob Proulx]

Mimiko wrote:
> I set up in interfaces:
> auto eth0
> iface eth0 inet static
>   address local_lan_ip
>   netmask mask
> auto eth1.2
> iface eth1.2 inet static
>   address isp1
>   netmask mask
> auto eth1.4
> iface eth2.4 inet static
>   address isp2
>   netmask mask
> 
> VLAN ID 2 is for tagging to ISP1
> VLAN ID 4 is for tagging to ISP2

I see no vlans in your configuration above.  The above simply shows
additional IP addresses being assigned.  If your switch is requiring
vlan tagging then that is likely your problem.

See the documentation for setting up vlans here:

  https://wiki.debian.org/NetworkConfiguration

Bob


signature.asc
Description: Digital signature

How to handle network problems

[Ross Boylan]

Networking inside some VM's was so  slow as  to be non-functional; I
finally found https://bugzilla.redhat.com/show_bug.cgi?id=855640,
which suggested (note 11)
ethtool -K eth0 gro off
With that change, everything worked well, except that speedtest.net
was not able to connect for the upload speed test.  So I'm not sure if
the problem is completely fixed.

If anyone has suggestions about diagnosing or solving the problem,
that would be great.

I am also wondering if I should let someone know about this problem
since the solution is really just a work-around.  I'm not sure if the
real problem is with the virtio drivers, the hardware network drivers,
the bridging code, kvm,

I had the problem with a Windows 7 VM (with RedHat's virtio drivers),
but there are reports of similar trouble with Linux guests.  There is
also a very similar report with newer kernels
(http://askubuntu.com/questions/503863/poor-upload-speed-in-kvm-guest-with-virtio-eth-driver-in-openstack-on-3-14
and references from there), but since that is reported as a regression
it may be different.

The vm is running under KVM under libvirt, via virt-manager.  Using
bridged networking from libvirt and  virtio from inside the VM.

Thanks.
Ross Boylan


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cak3ntrcy4toh0uq2116ismpwd_0bjxfigyfesmk7zbedsm3...@mail.gmail.com

Re: how to debug this fuse problem

[Harry Putnam]

Eduard Bloch  writes:

>> searching with `aptitudue search ckt7' (or ckt4)  finds nothing at all.
>
> It's just an arbitrary version string. It can be (almost) anything, even
> 1.2.3.myCuteVersion-10.9.8.
>
>> I suspect I could/should be running i686 with pae.  Not sure why the
>> installer choose a 486 kernel originally ... (it changed to 586 during a
>> full-upgrade a mnth or two ago)
>> 
>> The jessie OS here is running as vbox guest on a 2x Xeon on HP xw8600
>
> I don't know why the installer chose that kernel, your Xeon should be
> fully i686 compatible. If the installation is damaged somehow (see
> above) then switching to another kernel might make the problem
> disappear.

Many thanks to all posters... this is quite a useful thread to me.
Still haven't got to fixing the problem but with the information here
I am now well armed.

Thanks posters


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87sicx3or2@reader.local.lan

Re: Why no security update of apache2 concerning SSLv3?

[Bob Proulx]

Gene Heskett wrote:
> Bob Proulx wrote:
> > $ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf
> > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
>
> This is not valid for a 2.22 install

What is the error you are seeing?  That looks to be okay to me.

  rwp@havoc:~$ cat /etc/debian_version 
  7.8

  rwp@havoc:~$ dpkg -l apache2
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name   Version  Architecture Description
  +++-==---=
  ii  apache22.2.22-13+de i386 Apache HTTP Server metapackage

  rwp@havoc:~$ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf
  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
  #   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
  #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5

Note however that I always override it in the site config file.  But
the point is that I think you must have some other problem in your
configuration.

> However on the restart, I logged this in /var/log/apache2/error.log:
> 
> [Sat Mar 21 18:08:02 2015] [info] removed PID file /var/run/apache2.pid 
> (pid=2954)
> [Sat Mar 21 18:08:02 2015] [notice] caught SIGTERM, shutting down
> [Sat Mar 21 18:08:03 2015] [notice] Apache/2.2.22 (Debian) configured -- 
> resuming normal operations
> [Sat Mar 21 18:08:03 2015] [info] Server built: Dec 27 2014 21:24:43
> [Sat Mar 21 18:08:03 2015] [debug] worker.c(1757): AcceptMutex: sysvsem 
> (default: sysvsem)
> [Sat Mar 21 18:08:03 2015] [error] (2)No such file or directory: Couldn't 
> bind unix domain socket /var/log/httpd/${APACHE_RUN_DIR}/cgisock.4944

Using /var/log/httpd on a Debian system?  The use of "httpd" is more
typical of a Red Hat system.  Did you make an edit that followed a Red
Hat guide on your Debian system and cross the streams?

Are you running FastCGI with your Apache instead of the internal
Apache handler?  (Which is fine.)  Check the configuration for it.
Something might be snafu there setting the communication socket.

Also a cgi communication socket would normally go in /var/run not
/var/log.  So something is snafu there.  For example using
/var/run/fcgiwrap.socket is typical with fcgiwrap and spawn-fcgi.

When I restart my Debian apache2 I see this:

  # service apache2 restart

  [Sat Mar 21 17:10:16 2015] [notice] caught SIGTERM, shutting down
  [Sat Mar 21 17:10:17 2015] [notice] Apache/2.2.22 (Debian) DAV/2 SVN/1.6.17 
configured -- resuming normal operations

I hate to ask but it is also important to know if you are using
systemd or not since it affects everything.

> No clue how to fix this one, APACHE_RUN_DIR is not set in the environment.
> Broken init.d script perhaps??

It is in the /etc/apache2/envvars file.

  $ grep APACHE_RUN_DIR /etc/apache2/envvars
  export APACHE_RUN_DIR=/var/run/apache2$SUFFIX

> [Sat Mar 21 18:08:04 2015] [crit] cgid daemon failed to initialize
> 
> But this seems to be a never mind as it doesn't seem to effect performance
> in any case.  How important is it?

I have no idea.

Bob


signature.asc
Description: Digital signature

Re: Why no security update of apache2 concerning SSLv3?

[Bob Proulx]

Gene Heskett wrote:
> I have been considering switching to https.

On the one hand it would be good ever all traffic used https.  On the
other hand it won't prevent someone from knowing what sites you visit
or what visiters are visiting your site.  All of your pages are
publicly known anyway.  Good to contribute to the https traffic
though.

> No login will ever exist according to gene as I find the saving of 
> usernames and passwords on a per site basis, a quite major pain in the 
> ass.  People who are interested in what I have to offer (a lot of horn 
> blowing by an old fart to be sure) should not be subjected to that 
> insanity.

Then I am still of the mind that I would not worry about using
https for it.  For your use case keeping it simple is probably the
better way to go.

> And they can do that with much less effort if I don't use it.  One of the 
> reasons my web page is a bit incomplete in re my hobbies.  So I am much 
> more concerned with keeping visitors in a user permissions jail so they 
> cannot tour the rest of this machine. Help in that regard would be most 
> appreciated.

That sounds like something that would be a good question to this list
with potential for a good discussion that many people might share an
interest.  Putting services such as web servers into containers is
becoming the best practice these days.  There are many ways to do it.
If you do please start a new discussion thread for it rather than
diverting here.

Bob


signature.asc
Description: Digital signature

Re: Why no security update of apache2 concerning SSLv3?

[Gene Heskett]

On Saturday 21 March 2015 17:04:03 Bob Proulx wrote:
> Gene Heskett wrote:
> > Call me confused.  And I do run my own web page from this machine. 
> > URL in sig.
> > Genes Web page 
>
> That is a non-https page.  Do you operate any https pages requiring
> security?  I didn't find any.  If you aren't using https then the
> discussion here about the POODLE attach against https isn't relevant.
>
> > First, there is no ~./etc/apache2/mods-available/ssl.conf, but there
> > is a /etc/apache2/mods-available/ssl.conf
>
> Right.
>
> > With relatively sparse bits of uncommenting that would appear to be
> > related here:
> >
> > SSLCipherSuite AES128+EECDH:AES128+EDH
> > SSLHonorCipherOrder on
> > SSLProtocol all -SSLv2 -SSLv3
> > Header always set Strict-Transport-Security "max-age=63072000;
> > include SubDomains"
> > Header alway set X-Frame-Options DENY
>
> If you were operating an ssl site then the above would match the
> current recommendations from:

I have been considering switching to https.

>   https://cipherli.st/
>
> But as far as I can see you are not running https.  Therefore
> modifying those files is simply creating more work for yourself. :-(
>
> I will note that it is a fast changing environment.  I hate to quote
> static lists like that since tomorrow they may be different.

Might even be different by the time we had dinner. :)

> Instead 
> I like to point to centralized information resources like the
> ssllabs.com and cipherli.st sites to coordinate the current wisdom.

Best practice I believe.  Better chance of everybody being on the same 
page that way.

> > Documentation on this stuff and its interactions is sparse at best
> > despite the fact that I have installed what s/b the correct man
> > pages.
>
> For web servers most of the documentation is on the web.  It is just
> the nature of things.
>
> > Some of the above has been edited persuant to anti POODLE
> > instructions found by google.
> >
> > So, am I safe, or low hanging fruit with those settings?
>
> As far as I can see you are safe since you are not operating a web
> site that uses encryption to secure any pages.  Therefore none of this
> discussion applies to you as a web admin.
>
> The question here is whether a POODLE attack can allow a man in the
> middle attacker to see the plaintext of an SSL connection.  To
> consider the danger lets say a web site requires a login, uses cookies
> to maintain a session, and https to keep others from sniffing your
> login credentials.  A successful attack could give someone else your
> cookie data which they could use to log into that site as you.

No login will ever exist according to gene as I find the saving of 
usernames and passwords on a per site basis, a quite major pain in the 
ass.  People who are interested in what I have to offer (a lot of horn 
blowing by an old fart to be sure) should not be subjected to that 
insanity.

> But you are talking about your own site that you are maintaining.  If
> you are not using SSL then this simply does not apply to you.  If you
> are using SSL then it depends upon what, where, why, and so forth.
> Someone using it just to add noise to the encrypted data traffic would
> always be safe too since it wouldn't be worse than not encrypting it.
>
> The POODLE attack doesn't allow someone to directly break into your
> web server.  The attack is about listening to encrypted traffic.
> Information gained by sniffing may allow further attacks however.

And they can do that with much less effort if I don't use it.  One of the 
reasons my web page is a bit incomplete in re my hobbies.  So I am much 
more concerned with keeping visitors in a user permissions jail so they 
cannot tour the rest of this machine. Help in that regard would be most 
appreciated.

> If someone were using something like SquirrelMail or Roundcube or
> Mailpile for a webmail interface for example then they should be
> directly concerned over this type of attack.  Someone targeting them
> might be able to log into the web as them and send email as them.  And
> the same for most other web login interfaces.  (Many people are in
> terror over the idea of someone logging into Facebook as them.
> Research Firesheep.)

I heard about that, its just one of the reasons I do not inhabit any 
sites of that ilk, like most I value my privacy.  We all should rebel at 
such intrusions in exactly the same way I treated the pols, who of 
course excluded them selves from the National Do Not Call Act.

My phone # got unlisted after some penny ante pol called wanting my vote 
(in a different state mind you) at 3AM.  Had he been standing at the 
foot of my bed, he would have left zipped up in a bag.

What our ballots need is a none of the above box, and if none wins, they 
start all over with the current list of candidates disqualified from 
running again in this election cycle.

OTOH, I vent enough on the mailing lists that I expect my name is well 
recorded in Utah.  

Problem forward/postroute http/https thru vlan-ed interface.

[Mimiko]

Hello.

Recently I tried to combine multiple ISP using a layer 2 switch into one 
port connected to a debian wheezy router.


I set up in interfaces:
auto eth0
iface eth0 inet static
address local_lan_ip
netmask mask
auto eth1.2
iface eth1.2 inet static
address isp1
netmask mask
auto eth1.4
iface eth2.4 inet static
address isp2
netmask mask

VLAN ID 2 is for tagging to ISP1
VLAN ID 4 is for tagging to ISP2

Also for load balancing I do:
ip route replace default scope global nexthop via $eth1.2_gateway dev 
$eth1.2_eth weight 100 nexthop via $eth2.4_gateway dev $eth2.4_eth 
weight 100


In iptables I do:

iptables -t nat -A POSTROUTING -o eth1.2 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1.4 -j MASQUERADE

iptables -A FORWARD -j ACCEPT

Now when i ping from the linux router - it works.
When I ping from some workstation behind router - it works.
When I open some ftp from workstation - it works.

But, when I try to open a web page from workstation - it does not work.
I even tried on linux router:
wget google.com
and after resolving to ip it waited long long time to download page and 
didn't received any packet.


What is wrong with http/htpps ? Why icmp works, ftp works, but 
http/https is not working?


The same configuration of iptables, ip route but moving to eth1 and eth2 
- physical interfaces for each ISP - all works as it should be.


Thank you.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550deed8.2060...@gmail.com

Re: Why no security update of apache2 concerning SSLv3?

[Gene Heskett]

On Saturday 21 March 2015 16:37:59 Bob Proulx wrote:
> Vincent Lefevre wrote:
> > Bob Proulx wrote:
> > > Vincent Lefevre wrote:
> > > > Bob Proulx wrote:
> > > > > The Debian default Apache2 configuration for ssl is in
> > > > > local-ssl and it configures the self-signed so called
> > > > > "snakeoil" certificates.
> >
> >...
> >
> > > The /etc/apache2/mods-available/ssl.conf doesn't need to be
> > > modifed by the local admin because the cipher list there is
> > > commented out.
> >
> > No, it is not commented out. ./etc/apache2/mods-available/ssl.conf
> > in apache2.2-common_2.2.22-13+deb7u4_amd64.deb contains:
>
> You are correct.  I was confused because it was both.  Sorry.
> Note that the recent option of interest is SSLCipherSuite.
>
> $ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf
> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
This is not valid for a 2.22 install

> #   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
> #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
>
> > No, it is not commented out. The default in unstable is:
> >
> >   SSLProtocol all -SSLv3
> >
> > And the default in wheezy is:
> >
> >   SSLProtocol all -SSLv2
>
> This illustrates that if the local admin has not set up the full
> configuration in their site config that they are not safe.
>
> I prefer this way to write the configuration.
>
>   SSLProtocol -all +TLSv1

Now set.

> > Even if it were commented out by default, there could be two
> > solutions:
> >
> > 1. The configuration tool could uncomment the entry and change it.
>
> I think it unlikely that most people will have modified the
> /etc/apache2/mods-available/ssl.conf file.  I think any changes there
> would propagate through simply.
>
> > 2. The default (i.e. hardcoded value) could be changed, if possible.
>
> Changing the compiled in value of the default would be fine.
>
> I worry about removing the protocol from the executable becuase there
> will be some sites that have constraints requiring them maintain the
> older protocols.  Those older protocols may be unsafe when used in a
> normal web site but for their specific use, perhaps on a private
> network, they may be okay.  If the protocol is removed from the
> executable then this creates a hardship for them and would require
> them to split off.  That would be worse.
>
> > > (Although it should wake up the admin that they need to merge
> > > files if they modified it.  But I all too often see local admins
> > > simply keep their previous version of files without merging.  Look
> > > at all of the people with trouble after the sudo secure_path
> > > change for examples.)
> >
> > Note that I suggested the change in the case the file was *not*
> > modified. The admin I was mentioning wanted to keep Debian's
> > default (i.e. without any local change).
> >
> >   SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
>
> Agreed.
>
> I worry about the catagorization of ciphers as high and medium.  Those
> classifications change over time.  I prefer to see them listed out
> because that way it is obvious what they mean.
>
> Bob

However on the restart, I logged this in /var/log/apache2/error.log:

[Sat Mar 21 18:08:02 2015] [info] removed PID file /var/run/apache2.pid 
(pid=2954)
[Sat Mar 21 18:08:02 2015] [notice] caught SIGTERM, shutting down
[Sat Mar 21 18:08:03 2015] [notice] Apache/2.2.22 (Debian) configured -- 
resuming normal operations
[Sat Mar 21 18:08:03 2015] [info] Server built: Dec 27 2014 21:24:43
[Sat Mar 21 18:08:03 2015] [debug] worker.c(1757): AcceptMutex: sysvsem 
(default: sysvsem)
[Sat Mar 21 18:08:03 2015] [error] (2)No such file or directory: Couldn't bind 
unix domain socket /var/log/httpd/${APACHE_RUN_DIR}/cgisock.4944

No clue how to fix this one, APACHE_RUN_DIR is not set in the environment.
Broken init.d script perhaps??

[Sat Mar 21 18:08:04 2015] [crit] cgid daemon failed to initialize

But this seems to be a never mind as it doesn't seem to effect performance
in any case.  How important is it?

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503211817.30225.ghesk...@wdtv.com

Re: how to force a "hold" on a missing package during an apt-get upgrade

[Bob Proulx]

Michael Biebl wrote:
> Am 21.03.2015 um 17:36 schrieb tandread:
> > but a later "apt-get --ignore-missing" insists
> > on fetching what mysql-* was dpkg-purged
> > 
> > I have tried a semi-fix of getting a
> > "--get-selections", adding the purged packages
> > as "hold" and doing a "--set-selections",
> > but it has side effects (all mysql dependent
> > packages get uninstalled in the apt-get upgrade)
> 
> A simpler way then using --get and --set selections is
> 
> apt-mark hold|unhold 

Since the user wants to remove a package that other packages depend
upon holding doesn't help very much.  A dead end.

As Liam wrote the usual answer is to use the 'equivs' package to
create a dummy package to hold the dependency for anything that is
compiled and installed locally.

Alternatively create a full replacement package.  Starting from the
Debian package and modifying it isn't usually very difficult.  But if
you just want to cut it loose and do the upstream thing directly
through 'make install' then creating an equivs package is the way to go.

Bob


signature.asc
Description: Digital signature

Re: Why no security update of apache2 concerning SSLv3?

[Bob Proulx]

Gene Heskett wrote:
> Call me confused.  And I do run my own web page from this machine.  URL 
> in sig.
> Genes Web page 

That is a non-https page.  Do you operate any https pages requiring
security?  I didn't find any.  If you aren't using https then the
discussion here about the POODLE attach against https isn't relevant.

> First, there is no ~./etc/apache2/mods-available/ssl.conf, but there is a
> /etc/apache2/mods-available/ssl.conf

Right.

> With relatively sparse bits of uncommenting that would appear to be 
> related here:
> 
> SSLCipherSuite AES128+EECDH:AES128+EDH
> SSLHonorCipherOrder on
> SSLProtocol all -SSLv2 -SSLv3
> Header always set Strict-Transport-Security "max-age=63072000; include 
> SubDomains"
> Header alway set X-Frame-Options DENY

If you were operating an ssl site then the above would match the
current recommendations from:

  https://cipherli.st/

But as far as I can see you are not running https.  Therefore
modifying those files is simply creating more work for yourself. :-(

I will note that it is a fast changing environment.  I hate to quote
static lists like that since tomorrow they may be different.  Instead
I like to point to centralized information resources like the
ssllabs.com and cipherli.st sites to coordinate the current wisdom.

> Documentation on this stuff and its interactions is sparse at best 
> despite the fact that I have installed what s/b the correct man pages.

For web servers most of the documentation is on the web.  It is just
the nature of things.

> Some of the above has been edited persuant to anti POODLE instructions 
> found by google.
> 
> So, am I safe, or low hanging fruit with those settings?

As far as I can see you are safe since you are not operating a web
site that uses encryption to secure any pages.  Therefore none of this
discussion applies to you as a web admin.

The question here is whether a POODLE attack can allow a man in the
middle attacker to see the plaintext of an SSL connection.  To
consider the danger lets say a web site requires a login, uses cookies
to maintain a session, and https to keep others from sniffing your
login credentials.  A successful attack could give someone else your
cookie data which they could use to log into that site as you.

But you are talking about your own site that you are maintaining.  If
you are not using SSL then this simply does not apply to you.  If you
are using SSL then it depends upon what, where, why, and so forth.
Someone using it just to add noise to the encrypted data traffic would
always be safe too since it wouldn't be worse than not encrypting it.

The POODLE attack doesn't allow someone to directly break into your
web server.  The attack is about listening to encrypted traffic.
Information gained by sniffing may allow further attacks however.

If someone were using something like SquirrelMail or Roundcube or
Mailpile for a webmail interface for example then they should be
directly concerned over this type of attack.  Someone targeting them
might be able to log into the web as them and send email as them.  And
the same for most other web login interfaces.  (Many people are in
terror over the idea of someone logging into Facebook as them.
Research Firesheep.)

Bob


signature.asc
Description: Digital signature

Re: apt-cacher-ng and apt-get changelog result in http 500 error

[David Wright]

Quoting Bernd Naumann (be...@kr217.de):

> I can't use `apt-get changelog` while have `apt-cacher-ng` running,
> which is really annoying.
> 
> I.e.:
> ```
> apt-get changelog screen
> Err Changelog for screen
> (http://packages.debian.org/changelogs/pool/main/s/screen/screen_4.1.0~2
> 0120320gitdb59704-7/changelog)
>   500  Bad redirection (invalid URL)
> Err Changelog for screen
> (http://ftp.de.debian.org/debian/pool/main/s/screen/screen_4.1.0~2012032
> 0gitdb59704-7.changelog)
>   404  Not Found
> E: changelog download failed
> ```

I can't reproduce this. Here's the output for an installed and an
uninstalled package on my laptop (jessie) and my apt-cacher-ng box
(wheezy).

$ apt-get changelog sed
Get:1 Changelog for sed
(http://packages.debian.org/changelogs/pool/main/s/sed/sed_4.2.2-4/changelog)
[19.1 kB]
Fetched 19.1 kB in 1s (10.1 kB/s)
$ apt-get changelog bless
Get:1 Changelog for bless
(http://packages.debian.org/changelogs/pool/main/b/bless/bless_0.6.0-4/changelog)
[2,713 B]
Fetched 2,713 B in 1s (1,920 B/s)
$

$ apt-get changelog sed
Get:1 Changelog for sed
(http://packages.debian.org/changelogs/pool/main/s/sed/sed_4.2.1-10/changelog)
[18.3 kB]
Fetched 18.3 kB in 1s (9,854 B/s)
$ apt-get changelog a2ps
Get:1 Changelog for a2ps
(http://packages.debian.org/changelogs/pool/main/a/a2ps/a2ps_4.14-1.1+deb7u1/changelog)
[26.8 kB]
Fetched 26.8 kB in 1s (15.5 kB/s)
$

So it looks like something might be misconfigured somewhere.

My /etc/apt/apt.conf contains

Acquire::http::Proxy "http://192.168.1.19:3142/";;

Sources files are

deb http://ftp.us.debian.org/debian/ jessie main contrib non-free
deb-src http://ftp.us.debian.org/debian/ jessie main contrib non-free
deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free
deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free
deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free

and

deb http://ftp.us.debian.org/debian/ wheezy main non-free contrib
deb-src http://ftp.us.debian.org/debian/ wheezy main non-free contrib
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free
deb http://ftp.us.debian.org/debian/ wheezy-updates main contrib non-free
deb-src http://ftp.us.debian.org/debian/ wheezy-updates main contrib non-free

Or another possibilty: I'm running the apt-cacher-ng version from
wheezy-backports, otherwise I get problems expiring the post-wheezy
packages.

Cheers,
David.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150321203828.gb22...@alum.home

Re: Why no security update of apache2 concerning SSLv3?

[Bob Proulx]

Vincent Lefevre wrote:
> Bob Proulx wrote:
> > Vincent Lefevre wrote:
> > > Bob Proulx wrote:
> > > > The Debian default Apache2 configuration for ssl is in local-ssl and
> > > > it configures the self-signed so called "snakeoil" certificates.

>...
> > The /etc/apache2/mods-available/ssl.conf doesn't need to be modifed by
> > the local admin because the cipher list there is commented out.
> 
> No, it is not commented out. ./etc/apache2/mods-available/ssl.conf
> in apache2.2-common_2.2.22-13+deb7u4_amd64.deb contains:

You are correct.  I was confused because it was both.  Sorry.
Note that the recent option of interest is SSLCipherSuite.

$ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5

> No, it is not commented out. The default in unstable is:
> 
>   SSLProtocol all -SSLv3
>
> And the default in wheezy is:
> 
>   SSLProtocol all -SSLv2

This illustrates that if the local admin has not set up the full
configuration in their site config that they are not safe.

I prefer this way to write the configuration.  

  SSLProtocol -all +TLSv1

> Even if it were commented out by default, there could be two solutions:
> 
> 1. The configuration tool could uncomment the entry and change it.

I think it unlikely that most people will have modified the
/etc/apache2/mods-available/ssl.conf file.  I think any changes there
would propagate through simply.

> 2. The default (i.e. hardcoded value) could be changed, if possible.

Changing the compiled in value of the default would be fine.

I worry about removing the protocol from the executable becuase there
will be some sites that have constraints requiring them maintain the
older protocols.  Those older protocols may be unsafe when used in a
normal web site but for their specific use, perhaps on a private
network, they may be okay.  If the protocol is removed from the
executable then this creates a hardship for them and would require
them to split off.  That would be worse.

> > (Although it should wake up the admin that they need to merge files if
> > they modified it.  But I all too often see local admins simply keep
> > their previous version of files without merging.  Look at all of the
> > people with trouble after the sudo secure_path change for examples.)
> 
> Note that I suggested the change in the case the file was *not*
> modified. The admin I was mentioning wanted to keep Debian's
> default (i.e. without any local change).
> 
>   SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

Agreed.

I worry about the catagorization of ciphers as high and medium.  Those
classifications change over time.  I prefer to see them listed out
because that way it is obvious what they mean.

Bob


signature.asc
Description: Digital signature

Re: how to force a "hold" on a missing package during an apt-get upgrade

[Liam O'Toole]

On 2015-03-21, tandread  wrote:
> dear debian users,
>
> I really need to have a program compiled from source
> (that is, a src dir, not a debian source package)
> Let's say, the mysql server source distribution
>
> I can remove the mysql-* deb packages  with
> "dpkg --purge --force-depends"
> (I know this causes dangling lib*.so dependencies,
> but they will be fixed after the mysql src
> compilation)
>
> but a later "apt-get --ignore-missing" insists
> on fetching what mysql-* was dpkg-purged
>
> I have tried a semi-fix of getting a
> "--get-selections", adding the purged packages
> as "hold" and doing a "--set-selections",
> but it has side effects (all mysql dependent
> packages get uninstalled in the apt-get upgrade)
>
> So, is there a way to for "apt-get upgrade"
> to keep ignoring broken dependencies caused
> by "dpkg --force-depends --purge"?
>
>
> thanks for any answer
>
>

The 'equivs' package might be the way forward. From its description:
"Another use is to circumvent dependency checking: by letting dpkg think
a particular package name and version is installed when it isn't"

-- 

Liam



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/slrnmgrjkq.upc.liam.p.otoole@dipsy.tubbynet

Re: how to force a "hold" on a missing package during an apt-get upgrade

[Michael Biebl]

Am 21.03.2015 um 17:36 schrieb tandread:
> dear debian users,
> 
> I really need to have a program compiled from source
> (that is, a src dir, not a debian source package)
> Let's say, the mysql server source distribution
> 
> I can remove the mysql-* deb packages  with
> "dpkg --purge --force-depends"
> (I know this causes dangling lib*.so dependencies,
> but they will be fixed after the mysql src
> compilation)
> 
> but a later "apt-get --ignore-missing" insists
> on fetching what mysql-* was dpkg-purged
> 
> I have tried a semi-fix of getting a
> "--get-selections", adding the purged packages
> as "hold" and doing a "--set-selections",
> but it has side effects (all mysql dependent
> packages get uninstalled in the apt-get upgrade)

A simpler way then using --get and --set selections is

apt-mark hold|unhold 





signature.asc
Description: OpenPGP digital signature

Re: Cool things to do with server

[Joris Bolsens]

On 03/17/2015 11:37 AM, Tazman DeVille wrote:
> Run a RedMatrix hub on it. See https://redmatrix.me
> 
What is that? looked at the site but don't really understand what it does.

-Joris



signature.asc
Description: OpenPGP digital signature

how to force a "hold" on a missing package during an apt-get upgrade

[tandread]

dear debian users,

I really need to have a program compiled from source
(that is, a src dir, not a debian source package)
Let's say, the mysql server source distribution

I can remove the mysql-* deb packages  with
"dpkg --purge --force-depends"
(I know this causes dangling lib*.so dependencies,
but they will be fixed after the mysql src
compilation)

but a later "apt-get --ignore-missing" insists
on fetching what mysql-* was dpkg-purged

I have tried a semi-fix of getting a
"--get-selections", adding the purged packages
as "hold" and doing a "--set-selections",
but it has side effects (all mysql dependent
packages get uninstalled in the apt-get upgrade)

So, is there a way to for "apt-get upgrade"
to keep ignoring broken dependencies caused
by "dpkg --force-depends --purge"?


thanks for any answer


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550d9e14.6060...@otenet.gr

apt-cacher-ng and apt-get changelog result in http 500 error

[Bernd Naumann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi at all,

I can't use `apt-get changelog` while have `apt-cacher-ng` running,
which is really annoying.

I.e.:
```
apt-get changelog screen
Err Changelog for screen
(http://packages.debian.org/changelogs/pool/main/s/screen/screen_4.1.0~2
0120320gitdb59704-7/changelog)
  500  Bad redirection (invalid URL)
Err Changelog for screen
(http://ftp.de.debian.org/debian/pool/main/s/screen/screen_4.1.0~2012032
0gitdb59704-7.changelog)
  404  Not Found
E: changelog download failed
```

I have taken a look at other apt caching tools (for local networks),
but the most pleasing feature of apt-cacher-ng is, that I don't have
to do a full mirror, which will be atm not possible or configure
specify mirror-/archive-urls in a config file.
I often work mobil on my notebook and I need more then one
architecture in my cache.

So I'm look ether for a workaround or recommendation for an other
tool, which does the same as apt-cacher-ng, which I have my be overlooke
d.

Thanks for replys and hints!
Best regards,
Bernd

- -- 
Bernd Naumann 

PGP:   0xA150A04F via pool.sks-keyservers.net
XMPP:  b...@weimarnetz.de

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJVDajnAAoJEEYW3OihUKBPFe4QAI3EwNoObt7As8cEVididnfP
jDhHa5UEaTBODnVWSbJ6P6BCEBEs1qPVZszYbkPwZcYF5VnAc0kFazlDGu+LilTc
nE5lBe6dFOH/ZeJ4fD/Un6Bgqwe0VO/QtkZ3JE5BZFxPHJ1tujHI2xQtk8aHHrsL
RV/CL94WyEFvPC7FbcSeM9hB9ozfRUuo6bslV0Wlt76lDqBDJWrG2JCGCYrtuRQl
iGOhtwqI2QT0X2M4cBOY1HWBCW7Ul3smOcy8kl8zp+OhDXCLEP/XnlTKwcDCN5mX
ZwRnlOsvrx4EyDer6sASuZNi2IVsW7vZsWLeIZhpa09J+m5/J86Ye72DUT6w2Q0A
AOy2LN3skLNvF6Jj3Cx6UNSrKHUuRpyaB0b7vYihpRQ+Mz5p8ZjeaFOuiHU4KkiM
ZHILwQ9QWKJ+xckUa7TKlIDPwrx3fPOqivMR5AAy46p8q9wrC6AHN4OPhqP4kxx+
eKc62VbUppXu+6acQx88K5Nkgd2CPuJw24e3kHooYfVKrhayxHAuxGaUDrsAenoy
wXjCL04ybj7jlGD9p0zCfvoEArfNx204P/NwIiNVTB7dyze6mtFO5hE6JZDE2YuJ
XAHiEm7OIvCU/3lnJM68eYbWlWUtfKUhVPLTbLjf6fgZIGUuepaREr1UHS4bfjTj
0OG/pG76/kzYiIWX5/cJ
=m0Xf
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/550da8e8.90...@kr217.de

Re: user can exec the xset, in his crontab, its 100% failure

[Gene Heskett]

On Saturday 21 March 2015 06:07:41 Petter Adsen wrote:
> On Sat, 21 Mar 2015 05:58:44 -0400
>
> Gene Heskett  wrote:
> > On Saturday 21 March 2015 05:18:18 Reco wrote:
> > >  Hi.
> > >
> > > On Sat, 21 Mar 2015 05:02:53 -0400
> > >
> > > Gene Heskett  wrote:
> > > > Greetings;
> > > >
> > > > Running a wheezy based linux here.
> > > >
> > > > While I as a user can use xset to remind the system of the
> > > > monitors dpms controls, an identical entry in my crontab results
> > > > in an email that it could not open my 0:0 display.
> > >
> > > Since cron should strip out every environment variable from
> > > whatever its told to run - that's to be expected.
> > >
> > > > So I cannot "script" this reminder.
> > >
> > > You can. All you need to do is to define the needed DISPLAY and
> > > XAUTHORITY in the script itself.
> > >
> > > I.e.
> > >
> > > #!/bin/sh
> > > export DISPLAY=:0.0
> >
> > It will not install, claiming bad minute
> >
> > > export XAUTHORITY=
> > > xset +foo -bar
> > >
> > > Reco
> >
> > This what I have, but it will not install
> >
> > #!/bin/sh
> > export DISPLAY=:0:0
> > export XAUTHORITY=/home/gene/.Xauthority
> > # m h  dom mon dow   command
> > */5 * * * * /home/gene/bin/makesig
> > 30 0 * * * /home/gene/bin/sa-train-bayes
> > 01 * * * *  xset -display 0:0 +dpms
> > 02 * * * *  xset -display 0:0 dpms 300 0 600
> >
> > error msg on quitting nano:
> >
> > crontab: installing new crontab
> > "/tmp/crontab.O2BPk0/crontab":1: bad minute
> > errors in crontab file, can't install.
> >
> > Its probably obvious, but I can't see why it fails.
>
> Either set the variables like
> DISPLAY=:0.0
>
> or, better yet, write the line as:
> 01 * * * *  /home/gene/bin/name-of-script
>
> and set the variables in the script itself.
>
> Petter

And that latter seems to have worked.  Thank you Petter.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503210734.03293.ghesk...@wdtv.com

Re: customize ligthdm manager

[Petter Adsen]

On Sat, 21 Mar 2015 12:11:39 +0100
Abdelkader Belahcene  wrote:

> hi,
> 
> 
> * know Xephyr does the connection,   but in that case you suppose you
> are already logged in the "client machine".*
> 
> 
> *What I want is just to have in login window  the menu, where I can
> find remote machine aside the local login.*
> 
> *I used it in the past, in very old  login, with kdm or gdm , I want
> to it with recent DM;*
> 
> *thanks a lot*

I think you may need to use xdm, or maybe just start an X server with
"-query". You can find some info and further links for reading here:
https://wiki.archlinux.org/index.php/Xdmcp

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgpR82Czv8qr7.pgp
Description: OpenPGP digital signature

Re: Re: Re: customize ligthdm manager

[Abdelkader Belahcene]

hi,


* know Xephyr does the connection,   but in that case you suppose you are
already logged in the "client machine".*


*What I want is just to have in login window  the menu, where I can find
remote machine aside the local login.*

*I used it in the past, in very old  login, with kdm or gdm , I want to it
with recent DM;*

*thanks a lot*

Re: Re: customize ligthdm manager

[Abdelkader Belahcene]

thanks for reply,
that what I did,   it is ok for local machine,
But i can't see any of remote servers running xdmcp

thanks again

Re: user can exec the xset, in his crontab, its 100% failure

[Liam O'Toole]

On 2015-03-21, Gene Heskett  wrote:
> Greetings;
>
> Running a wheezy based linux here.
>
> While I as a user can use xset to remind the system of the monitors dpms 
> controls, an identical entry in my crontab results in an email that it 
> could not open my 0:0 display.
>
> So I cannot "script" this reminder.
>
> And X forgets all this stuff long before uptime has reached 2 weeks. So I 
> figured an hourly reminder in my crontab should to the trick.
>
> Is there any way around this PIMA?
>
> Thanks.
>
> Cheers, Gene Heskett

There are various options related to DPMS in the Xorg xonfiguration. See
the man page for xorg.conf. (Whether the driver you're using respects
those options is another matter, but it's worth a try.)

-- 

Liam



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/slrnmgqj5b.tmb.liam.p.otoole@dipsy.tubbynet

Re: user can exec the xset, in his crontab, its 100% failure

[Petter Adsen]

On Sat, 21 Mar 2015 05:58:44 -0400
Gene Heskett  wrote:

> 
> 
> On Saturday 21 March 2015 05:18:18 Reco wrote:
> >  Hi.
> >
> > On Sat, 21 Mar 2015 05:02:53 -0400
> >
> > Gene Heskett  wrote:
> > > Greetings;
> > >
> > > Running a wheezy based linux here.
> > >
> > > While I as a user can use xset to remind the system of the
> > > monitors dpms controls, an identical entry in my crontab results
> > > in an email that it could not open my 0:0 display.
> >
> > Since cron should strip out every environment variable from whatever
> > its told to run - that's to be expected.
> >
> > > So I cannot "script" this reminder.
> >
> > You can. All you need to do is to define the needed DISPLAY and
> > XAUTHORITY in the script itself.
> >
> > I.e.
> >
> > #!/bin/sh
> > export DISPLAY=:0.0
> It will not install, claiming bad minute
> > export XAUTHORITY=
> > xset +foo -bar
> >
> > Reco
> 
> This what I have, but it will not install
> 
> #!/bin/sh
> export DISPLAY=:0:0
> export XAUTHORITY=/home/gene/.Xauthority
> # m h  dom mon dow   command
> */5 * * * * /home/gene/bin/makesig
> 30 0 * * * /home/gene/bin/sa-train-bayes
> 01 * * * *  xset -display 0:0 +dpms
> 02 * * * *  xset -display 0:0 dpms 300 0 600
> 
> error msg on quitting nano:
> 
> crontab: installing new crontab
> "/tmp/crontab.O2BPk0/crontab":1: bad minute
> errors in crontab file, can't install.
> 
> Its probably obvious, but I can't see why it fails.

Either set the variables like
DISPLAY=:0.0

or, better yet, write the line as:
01 * * * *  /home/gene/bin/name-of-script

and set the variables in the script itself.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgpOLOt8fOqoV.pgp
Description: OpenPGP digital signature

Re: user can exec the xset, in his crontab, its 100% failure

[Gene Heskett]

On Saturday 21 March 2015 05:18:18 Reco wrote:
>  Hi.
>
> On Sat, 21 Mar 2015 05:02:53 -0400
>
> Gene Heskett  wrote:
> > Greetings;
> >
> > Running a wheezy based linux here.
> >
> > While I as a user can use xset to remind the system of the monitors
> > dpms controls, an identical entry in my crontab results in an email
> > that it could not open my 0:0 display.
>
> Since cron should strip out every environment variable from whatever
> its told to run - that's to be expected.
>
> > So I cannot "script" this reminder.
>
> You can. All you need to do is to define the needed DISPLAY and
> XAUTHORITY in the script itself.
>
> I.e.
>
> #!/bin/sh
> export DISPLAY=:0.0
It will not install, claiming bad minute
> export XAUTHORITY=
> xset +foo -bar
>
> Reco

This what I have, but it will not install

#!/bin/sh
export DISPLAY=:0:0
export XAUTHORITY=/home/gene/.Xauthority
# m h  dom mon dow   command
*/5 * * * * /home/gene/bin/makesig
30 0 * * * /home/gene/bin/sa-train-bayes
01 * * * *  xset -display 0:0 +dpms
02 * * * *  xset -display 0:0 dpms 300 0 600

error msg on quitting nano:

crontab: installing new crontab
"/tmp/crontab.O2BPk0/crontab":1: bad minute
errors in crontab file, can't install.

Its probably obvious, but I can't see why it fails.

Thank you Reco
 
Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503210558.44814.ghesk...@wdtv.com

Re: user can exec the xset, in his crontab, its 100% failure

[Reco]

 Hi.

On Sat, 21 Mar 2015 05:02:53 -0400
Gene Heskett  wrote:

> Greetings;
> 
> Running a wheezy based linux here.
> 
> While I as a user can use xset to remind the system of the monitors dpms 
> controls, an identical entry in my crontab results in an email that it 
> could not open my 0:0 display.

Since cron should strip out every environment variable from whatever
its told to run - that's to be expected.


> So I cannot "script" this reminder.

You can. All you need to do is to define the needed DISPLAY and
XAUTHORITY in the script itself.

I.e.

#!/bin/sh
export DISPLAY=:0.0
export XAUTORITY=
xset +foo -bar

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150321121818.b414a8ed678b4ae0bba5d...@gmail.com

user can exec the xset, in his crontab, its 100% failure

[Gene Heskett]

Greetings;

Running a wheezy based linux here.

While I as a user can use xset to remind the system of the monitors dpms 
controls, an identical entry in my crontab results in an email that it 
could not open my 0:0 display.

So I cannot "script" this reminder.

And X forgets all this stuff long before uptime has reached 2 weeks. So I 
figured an hourly reminder in my crontab should to the trick.

Is there any way around this PIMA?

Thanks.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503210502.53646.ghesk...@wdtv.com

Re: customize ligthdm manager

[Alexis]

On 2015-03-21T18:55:50+1100, Petter Adsen  said:

PA> Just to add to that, you can also do it in a window with 
Xnest. I PA> know there is also something similar called Xephyr, 
but I'm not PA> really sure what's different about it.


"Unlike Xnest it supports modern X extensions ( even if host 
server doesn't ) such as Composite, Damage, randr etc (no GLX 
support now)"


http://www.freedesktop.org/wiki/Software/Xephyr/


Alexis.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/871tki218l@gmail.com

Re: customize ligthdm manager

[Petter Adsen]

On Fri, 20 Mar 2015 19:59:57 + (UTC)
Liam O'Toole  wrote:

> On 2015-03-20, Abdelkader Belahcene  wrote:
> > --089e012277468313560511b679c4
> > Content-Type: text/plain; charset=UTF-8
> >
> > Hi everybody,
> >
> >
> >
> > I want to enter from a local machine using  lightdm manager,  to a
> > remote server
> > using XDMCP.
> >
> > I do it with a thin client, I mean on a thin client I have the list
> > of all servers running XDMCP.
> > I  want to do the same,  from an old PC that I want to  use as a
> > simple terminal.
> 
> What software is running on the thin client?
> 
> >
> > unfortunatly, in the login window I have only local accounts on my
> > local machine,
> >
> > is it  possible to customize the login window of lightdm to allow
> > access to a remote server running XDMCP?
> > thanks for help
> > best regards
> 
> I'm not aware of a way of doing that with lightdm. The old gdm2 used
> to have that feature, but that's long gone. You can still access an
> XDMCP server directly by running 'X -query ' in a VT.

Just to add to that, you can also do it in a window with Xnest. I know
there is also something similar called Xephyr, but I'm not really sure
what's different about it.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgp0pz1sGsRNc.pgp
Description: OpenPGP digital signature

Re: X11/Thinkpad T430: partially drops input from USB devices after resume

[Peter Palfrader]

On Sat, 21 Mar 2015, stefan.schwar...@gmx.net wrote:

> I am using my laptop (lenovo T430, debian testing) regularly in a docking 
> station. The dock has a USB keyboard, USB mouse and monitor 
> permanently attached. The laptops suspends from time to time, and _after_ 
> resuming X11 or some other system component 
> the input from USB mouse and keyboard to be dropped/ignored partially. 
> Symptoms are that the cursor does not move with 
> the mouse, however it will start moving again if I click any of the mouse 
> buttons; or that the keyboard input is ignored until 
> I hit some arbitrary keys very rapidly. The USB amnesia starts again if I 
> leave the input device untouched for some seconds.
> The issue will not occur for newly connected devices or if I reconnect 
> mouse/keyboard. The dock is not the issue as I can 
> reproduce the phenomenon with a USB mouse directly connected to the laptop. 

> I have no clue what could be going on...

Probably a USB autosuspend issue.  Do you have laptop-mode-tools
installed?  If yes, can you get rid of it and re-test?

-- 
   |  .''`.   ** Debian **
  Peter Palfrader  | : :' :  The  universal
 http://www.palfrader.org/ | `. `'  Operating System
   |   `-http://www.debian.org/


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150321074954.gh18...@anguilla.noreply.org