Re: Certificats https aléatoires suivant les navigateurs

[Frederic MASSOT]

Le 15/04/2017 à 11:22, andre_deb...@numericable.fr a écrit :

Bonjour,

J'ai installé sur un serveur Web,
- les certificats StartSSL (gratuits) toujours valides,
- et j'ai acheté les certificats tout récemment chez OVH.

Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany,
le site Web affiche une erreur de certificats,
que ce soient avec les certificats d'OVH ou de StartSSL.

Ça marche avec un ou deux navigateurs et pas avec d'autres,
et vice versa.

Quels certificats fonctionnent quelquesoient les navigateurs ?


Test ton site web avec le test SSL de Qualys :

https://www.ssllabs.com/ssltest/

Tu auras pas mal d'infos sur ta config.


--
==
|  FRÉDÉRIC MASSOT   |
| http://www.juliana-multimedia.com  |
|   mailto:frede...@juliana-multimedia.com   |
| +33.(0)2.97.54.77.94  +33.(0)6.67.19.95.69 |
===Debian=GNU/Linux===

Re: system drive encryption question

[FHDATA]

On Wed, 5 Apr 2017, FHDATA wrote:



hello,

I am not currently using debian as linux OS but
considering it ...


If I clean install debian (latest of course) and during
the install process have  its / (system drive)
encrypted with pass-phrase 

then later on, can I add a key, residing on
a usb flash drive,  to that encryption?

if yes, is there a step-by-step method one can follow  to do that?



thank you,
F-






i apologize for not sending a timely response back;
just being busy;

thanks to all who provided feedback from
which  i learned:



  1. possibility of using a 3rd party 2fa solution (e.g. yubico)
 [relaying on internet during boot may be undesirable...]


  2. in LUKS  one of the other remaining 7  slots can be utilize for path 
to encryption key ...



  3. system boot process looks for & mounts a external
usb device and use the key on it .


  4. utilizing Password Agents ,Plymouth, (of systemd) to
prompt user for 'some passphrase for  '


  5. /etc/default/cryptdisks {seems to be a debian/ubuntu centric
thing, which is fine...}




#2 seems unlikely but i will investigate further.

combination of #3 + #4  looks promising ...

#5 seems to be tailored solution for this sort of things ...
but needs testing...


i like to keep things simple:
no /boot encryption, no LVM , RAID ,etc


someday every linux distro during the
install process will ask the user for
the 2nd auth factor residing on an external device.

till then i will do more reading & testing ...


F-

Re: Possibly erroneous "device not present" message during boot

[Brian]

On Sat 15 Apr 2017 at 16:30:29 -0500, David Wright wrote:

> On Sat 15 Apr 2017 at 19:57:32 (+0100), Brian wrote:
> > On Sat 15 Apr 2017 at 13:08:30 -0500, Richard Owlett wrote:
> > 
> > > On 04/15/2017 12:24 PM, Brian wrote:
> > > >
> > > >Did you overlook this question? You have said your machine does not
> > > >offer booting from an SD card. Your answer will be interesting.
> > > 
> > > Thought I'd answered it elsewhere.
> > 
> > Nope. There has been no mention of booting *directly* *from* the SD card
> > until this subthread.
> > 
> > > It's on the menu that exists due to the grub on MBR of /dev/sda .
> > 
> > So - the card is in its slot on your machine. You do 'update-grub'.
> > There is now an entry in GRUB's menu. That is fine. This is what you are
> > booting from? Your grub.cfg looks similar to what you posted before?
> > 
> > If GRUB has been installed to the MBR of the SD card it has absolutely
> > no bearing on the existence of the entry in GRUB's menu. It may as well
> > not be there when GRUB on the MBR of /dev/sda constructs its grub.cfg.
> > 
> > > There is an fschk error of some sort that flies by too fast.
> > > Otherwise, runs from SD card.
> > 
> > I like "simple"; I'm lost.
> 
> One can avoid all this messing about with Grub by just copying a
> netinst ISO onto the SD card instead of a USB stick.
> 
> But then you need, as I've pointed out just now, to insert the
> SD card into the slot _before_ booting, _and_ entering the CMOS
> Setup Menu to make sure the device has highest booting priority.
> (This is irrespective of how you wrote the SD card.)

Nobody in this thread, apart from the OP, has a Lenovo and an SD card.
He is in the best position to test and report on this suggestion. Less
than twenty minutes work.

-- 
Brian.

Re: Possibly erroneous "device not present" message during boot

[Pascal Hambourg]

Le 15/04/2017 à 22:50, David Wright a écrit :

On Sat 15 Apr 2017 at 19:14:24 (+0200), Pascal Hambourg wrote:

Le 15/04/2017 à 16:28, David Wright a écrit :

On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote:


A SD card reader such as the one the OP has just exposes the SD card
as what it is, a SD/MMC card (/dev/mmcblk*).


I assumed that the OP, writing about a laptop, had no card reader,
and was inserting the SD card directly into the computer.


How do you name that slot on the laptop or desktop where you insert
the SD card, if not an embedded card reader ?


A slot, or an SD slot (as on this Dell), or a micro SD slot.


Behind the slot is a SD card reader. Lenovo names it a card reader.


You seem to have had some difficulty with this part of my post:

| It's not clear to me why an SD is being used in this way as the OP
| has at last revealed that the computer is unable to boot from an SD
| plugged in directly.


IIUC, at first the OP did not know that the computer was unable to boot 
from the internal SD card reader and discovered it during this thread.



(Of course, an SD card can be made to look like a
| USB stick just by sticking it in a card reader. Then it will boot.)


Obviously not with the OP's laptop internal card reader, which does not 
make the SD card look like a USB mass storage class device.

Re: Possibly erroneous "device not present" message during boot

[David Wright]

On Sat 15 Apr 2017 at 19:57:32 (+0100), Brian wrote:
> On Sat 15 Apr 2017 at 13:08:30 -0500, Richard Owlett wrote:
> 
> > On 04/15/2017 12:24 PM, Brian wrote:
> > >
> > >Did you overlook this question? You have said your machine does not
> > >offer booting from an SD card. Your answer will be interesting.
> > 
> > Thought I'd answered it elsewhere.
> 
> Nope. There has been no mention of booting *directly* *from* the SD card
> until this subthread.
> 
> > It's on the menu that exists due to the grub on MBR of /dev/sda .
> 
> So - the card is in its slot on your machine. You do 'update-grub'.
> There is now an entry in GRUB's menu. That is fine. This is what you are
> booting from? Your grub.cfg looks similar to what you posted before?
> 
> If GRUB has been installed to the MBR of the SD card it has absolutely
> no bearing on the existence of the entry in GRUB's menu. It may as well
> not be there when GRUB on the MBR of /dev/sda constructs its grub.cfg.
> 
> > There is an fschk error of some sort that flies by too fast.
> > Otherwise, runs from SD card.
> 
> I like "simple"; I'm lost.

One can avoid all this messing about with Grub by just copying a
netinst ISO onto the SD card instead of a USB stick.

But then you need, as I've pointed out just now, to insert the
SD card into the slot _before_ booting, _and_ entering the CMOS
Setup Menu to make sure the device has highest booting priority.
(This is irrespective of how you wrote the SD card.)

Cheers,
David.

Re: Possibly erroneous "device not present" message during boot

[David Wright]

On Sat 15 Apr 2017 at 13:16:54 (-0500), Richard Owlett wrote:
> On 04/15/2017 12:14 PM, Pascal Hambourg wrote:
> >Le 15/04/2017 à 16:28, David Wright a écrit :
> >>On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote:
> >>
> >>>A SD card reader such as the one the OP has just exposes the SD card
> >>>as what it is, a SD/MMC card (/dev/mmcblk*).
> >>
> >>I assumed that the OP, writing about a laptop, had no card reader,
> >>and was inserting the SD card directly into the computer.
> >
> >How do you name that slot on the laptop or desktop where you insert the
> >SD card, if not an embedded card reader ?
> >
> >>As it happens, if you do this with the ancient laptop I'm typing on,
> >>it has the functionality of a card reader built into it and you get
> >>a /dev/sd*, and that can be boot an SD card directly.
> >
> >So there seems to be at least two kinds of SD card reader : those which
> >expose themselves as a USB mass storage device and those which expose
> >themselves as a SD/MMC device.
> >
> >I have a couple of desktops with an embedded multi-card reader,
> >connected to an internal USB port on the motherboard. But I do not have
> >any SD card (no use), so I never checked to see what kind they are.
> >
> >
> 
> From https://www.cnet.com/products/lenovo-thinkpad-t510/specs/
> I apparently have
> 
> Card Reader
>   Type 5 in 1 card reader
>   Supported Flash  Memory Stick, Memory Stick PRO, MultiMediaCard,
> Memory SD Memory Card, SDHC Memory Card

If I were you, I would try inserting your SD card and _then_ booting
it up. It's quite usual for bootable devices to appear in the BIOS's
Setup Menu only if a device is actually present. (Don't even rely on
a Boot Menu like F12 sometimes gives: check the Setup Menu itself.)
If it's there, promote it to first device to boot, and then boot.
(Don't rely on the promotion to be "sticky". If you ever boot
without a card plugged in, it may be demoted whenever you next plug
one in.)

Cheers,
David.

Re: Possibly erroneous "device not present" message during boot

[David Wright]

On Sat 15 Apr 2017 at 19:14:24 (+0200), Pascal Hambourg wrote:
> Le 15/04/2017 à 16:28, David Wright a écrit :
> >On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote:
> >
> >>A SD card reader such as the one the OP has just exposes the SD card
> >>as what it is, a SD/MMC card (/dev/mmcblk*).
> >
> >I assumed that the OP, writing about a laptop, had no card reader,
> >and was inserting the SD card directly into the computer.
> 
> How do you name that slot on the laptop or desktop where you insert
> the SD card, if not an embedded card reader ?

A slot, or an SD slot (as on this Dell), or a micro SD slot.

You seem to have had some difficulty with this part of my post:

| It's not clear to me why an SD is being used in this way as the OP
| has at last revealed that the computer is unable to boot from an SD
| plugged in directly. (Of course, an SD card can be made to look like a
| USB stick just by sticking it in a card reader. Then it will boot.)

I would be happy to go through it and detail all the referents
if you can't judge them from the context.

> >As it happens, if you do this with the ancient laptop I'm typing on,
> >it has the functionality of a card reader built into it and you get
> >a /dev/sd*, and that can be boot an SD card directly.
> 
> So there seems to be at least two kinds of SD card reader : those
> which expose themselves as a USB mass storage device and those which
> expose themselves as a SD/MMC device.
> 
> I have a couple of desktops with an embedded multi-card reader,
> connected to an internal USB port on the motherboard. But I do not
> have any SD card (no use), so I never checked to see what kind they
> are.

I would imagine that most people wouldn't want to disassemble to check
this. The internal connections are likely subminiature anyway, so it
would be difficult to see how any card will appear to the user without
just inserting one.

Cheers,
David.

Re: customized Grub

[Richard Owlett]

On 04/15/2017 02:16 PM, Brian wrote:

On Sat 15 Apr 2017 at 14:55:04 -0400, Felix Miata wrote:
[snip]

Do you have a clue what this thread is about? Or did you just
fancy that a Legacy GRUB driveby posting would perk things up
for everyone?



Careful ;)
By my measurements you post 3 times for every time Felix has
since 8/2015.
Basically I agree with his post.
As to selecting between Grub2 and Grub-legacy I choose a different 
primary criterion than what he chooses.


His criterion is apparently a function of maintainability and reliability.
If asked to state *MY* criterion, it would likely reduce to "who won 
popcon?" ;/


To put things in perspective,
"Why chose Debian over MS/Apple/Canonical/etc ?"
Debian allows/encourages choice!

Re: Possibly erroneous "device not present" message during boot

[Pascal Hambourg]

Le 15/04/2017 à 21:24, Doug a écrit :


It turns out that there are two kinds of cards that look the same, but
on a Dell laptop I have, one kind won't be recognized and the other
works. I don't remember
which is which, or what they are called. One is SD, the other something
else.


MMC, SDHC, SDXC ?

Re: Possibly erroneous "device not present" message during boot

[Brian]

On Sat 15 Apr 2017 at 21:04:34 +0200, Pascal Hambourg wrote:

> Le 15/04/2017 à 19:42, Brian a écrit :
> >On Sat 15 Apr 2017 at 19:20:58 +0200, Pascal Hambourg wrote:
> >>
> >>Expert install gives more control, but is far from granting total control.
> >>The Debian installer still has many automated actions that you cannot
> >>control even in expert mode.
> >
> >I had a feeling while writing that this response might come. It's
> >correct. "much more" instead of "total"?
> 
> I would not say "much more", just "more" or even "a bit more".

Contrasting "simple install" with "expert install" and "preseeded
install" I'd agree and use "more" for "expert install". But that wasn't
the original comparison.

-- 
Brian.

Re: Possibly erroneous "device not present" message during boot

[Doug]

On 04/15/2017 10:28 AM, David Wright wrote:

On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote:

Le 15/04/2017 à 02:37, David Wright a écrit :

Of course, an SD card can be
made to look like a USB stick just by sticking it in a card reader.

I guess you mean "in a USB-to-SD card adapter", which translates a
SD card into a USB mass storage device (/dev/sd*).

Yes, you guess correctly. Writing 40 years ago, I would use those same
words to describe a washing-machine sized object for reading punched
cards. Nowadays, if you type "card reader" into google, you will be
proffered several more sophisticated ones than mine, together with
some different varieties of credit card reader.


A SD card reader such as the one the OP has just exposes the SD card
as what it is, a SD/MMC card (/dev/mmcblk*).

I assumed that the OP, writing about a laptop, had no card reader,
and was inserting the SD card directly into the computer.

As it happens, if you do this with the ancient laptop I'm typing on,
it has the functionality of a card reader built into it and you get
a /dev/sd*, and that can be boot an SD card directly.

Cheers,
David.


It turns out that there are two kinds of cards that look the same, but 
on a Dell laptop I have, one kind won't be recognized and the other 
works. I don't remember
which is which, or what they are called. One is SD, the other something 
else. Of course, I found out the hard way, but it really doesn't matter, 
since I don't need to

use the laptop for that.

--doug

Re: customized Grub (was: Possibly erroneous "device not present...)

[Brian]

On Sat 15 Apr 2017 at 14:55:04 -0400, Felix Miata wrote:

> Richard Owlett composed on 2017-04-15 11:35 (UTC-0500):
> ...
> >I also discovered there that placing a customized grub in its own
> >partition is not only possible, but recommended in some situations. > I had 
> >read somewhere that that option had expired with grub-legacy. That,
> >although taking much time to understand, will solve a *MESS* of grub
> >problems for me ;/
> 
> If control is what you want on BIOS disks, limit the action of Grub scripts
> to / filesystems. Let them do whatever they want, but don't bother using
> them. Install generic MBR code, put Grub Legacy on an active primary
> partition, never mount it to /boot, and boot using Grub stanzas you build
> yourself. At least, that's how I've been doing it for over a decade on more
> than 25 multiboot machines with as many as 30+ distros each, including on a
> few systems that include Windows 98, XP, 7, 8 or 10. For this purpose,
> openSUSE's Grub Legacy, in conjunction with Gfxboot, works best. It
> facilitates editing on the fly at runtime, which makes it very easy to
> correct any typos made during manual editing of menu.lst. Trying to use
> Debian's Grub Legacy is a handicap in that its find command hangs on EXT4
> filesystems, limiting utility of its shell.
> 
> Creating symlinks to current kernels and initrds leaves little editing to be
> required of the master bootloader's menu.lst.
> 
> https://www.gnu.org/software/grub/manual/legacy/
> 
> When the point is reached that Grub Legacy cannot any more boot an
> installation I expect I'll try Syslinux or anything else that happens to
> provide promise as a bootloader before considering Grub2 for anything more
> than learning exercises.

Do you have a clue what this thread is about? Or did you just fancy that
a Legacy GRUB driveby posting would perk things up for everyone?

-- 
Brian.

Re: Possibly erroneous "device not present" message during boot

[Pascal Hambourg]

Le 15/04/2017 à 19:42, Brian a écrit :

On Sat 15 Apr 2017 at 19:20:58 +0200, Pascal Hambourg wrote:


Expert install gives more control, but is far from granting total control.
The Debian installer still has many automated actions that you cannot
control even in expert mode.


I had a feeling while writing that this response might come. It's
correct. "much more" instead of "total"?


I would not say "much more", just "more" or even "a bit more".

Re: Possibly erroneous "device not present" message during boot

[Brian]

On Sat 15 Apr 2017 at 13:08:30 -0500, Richard Owlett wrote:

> On 04/15/2017 12:24 PM, Brian wrote:
> >
> >Did you overlook this question? You have said your machine does not
> >offer booting from an SD card. Your answer will be interesting.
> 
> Thought I'd answered it elsewhere.

Nope. There has been no mention of booting *directly* *from* the SD card
until this subthread.

> It's on the menu that exists due to the grub on MBR of /dev/sda .

So - the card is in its slot on your machine. You do 'update-grub'.
There is now an entry in GRUB's menu. That is fine. This is what you are
booting from? Your grub.cfg looks similar to what you posted before?

If GRUB has been installed to the MBR of the SD card it has absolutely
no bearing on the existence of the entry in GRUB's menu. It may as well
not be there when GRUB on the MBR of /dev/sda constructs its grub.cfg.

> There is an fschk error of some sort that flies by too fast.
> Otherwise, runs from SD card.

I like "simple"; I'm lost.

-- 
Brian.

Re: customized Grub (was: Possibly erroneous "device not present...)

[Felix Miata]

Richard Owlett composed on 2017-04-15 11:35 (UTC-0500):
...

I also discovered there that placing a customized grub in its own
partition is not only possible, but recommended in some situations. > I had 
read somewhere that that option had expired with grub-legacy. That,
although taking much time to understand, will solve a *MESS* of grub
problems for me ;/


If control is what you want on BIOS disks, limit the action of Grub scripts to / 
filesystems. Let them do whatever they want, but don't bother using them. 
Install generic MBR code, put Grub Legacy on an active primary partition, never 
mount it to /boot, and boot using Grub stanzas you build yourself. At least, 
that's how I've been doing it for over a decade on more than 25 multiboot 
machines with as many as 30+ distros each, including on a few systems that 
include Windows 98, XP, 7, 8 or 10. For this purpose, openSUSE's Grub Legacy, in 
conjunction with Gfxboot, works best. It facilitates editing on the fly at 
runtime, which makes it very easy to correct any typos made during manual 
editing of menu.lst. Trying to use Debian's Grub Legacy is a handicap in that 
its find command hangs on EXT4 filesystems, limiting utility of its shell.


Creating symlinks to current kernels and initrds leaves little editing to be 
required of the master bootloader's menu.lst.


https://www.gnu.org/software/grub/manual/legacy/

When the point is reached that Grub Legacy cannot any more boot an installation 
I expect I'll try Syslinux or anything else that happens to provide promise as a 
bootloader before considering Grub2 for anything more than learning exercises.

--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: Postfix Dovecot et SSL : SSL23: unknown protocol

[Thierry Bugier Pineau]

Bonsoir
J'en suis à la configuration du TLS sur SMTP
Voilà la configuration que j'ai pour le moment, et qui n'autorise que
TLS 1.2
La configuration é été vérifiée successivement avec le site suivant htt
ps://ssl-tools.net/mailservers
Il considère une configuration fiable si TLS 1.0 ou  1.1 sont permis,
mais je compte bien les bannir, sauf si quelque chose m'oblige à
revenir en arrière.
C'est un extrait de mon  /etc/postfix/main.cf ;
smtpd_tls_security_level = encryptsmtpd_tls_received_header =
nosmtpd_tls_auth_only = yessmtpd_tls_loglevel = 1smtpd_tls_cert_file =
/path/to/cert.pemsmtpd_tls_key_file = /path/to/priv.keysmtpd_use_tls =
yessmtp_tls_note_starttls_offer = yessmtpd_tls_session_cache_timeout =
3600ssmtpd_tls_exclude_ciphers = aNULL, MD5, DES, 3DES, DES-CBC3-SHA,
RC4-SHA, AES256-SHA, AES128-SHAtls_high_cipherlist =
ECDH+aRSA+AES256:ECDH+aRSA+AES128:AES256-SHA:DES-CBC3-
SHAsmtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1,
!TLSv1.1smtpd_tls_mandatory_protocols = TLSv1.2
Le vendredi 14 avril 2017 à 22:32 +0200, andre_deb...@numericable.fr a
écrit :
> On Tuesday 04 April 2017 10:43:15 Thierry Bugier Pineau wrote:
> > le sujet a achevé de me motiver pour m'y remettre aussi. D'où mon
> > silence.  J'ai préparé postfix, je continue avec Dovecot dans les
> jours
> > à venir et ensuite je m'attaque au TLS pour atteindre le même
> niveau de
> > progression et donner un coup de main.
> > J'essaie aussi de créer un script shell (très sommaire) pour rendre
> la
> > configuration maintenable et reproductible (que je partagerai
> > volontiers sur github).
> 
> On Tuesday 04 April 2017 14:12:45 andre_deb...@numericable.fr wrote:
> > Je l'attends avec plaisir, merci d'avance.
> > Ça fait longtemps que dovecot + certificats me posent soucis... :-)
> > Bonne journée,  André
> 
> Je n'ai pas reçu de réponse à cette promesse ci-dessus... :-)
> 
> André
> 
> 

Re: Possibly erroneous "device not present" message during boot

[songbird]

Richard Owlett wrote:
...
> I don't know how many times I've *MIS*read that last sentence ;<
> Mentally I was correcting non-existent typos, thus totally garbling it.
> I just spent several hours wandering thru grub files and loosely related 
> documentation.
> I've ended up at
> www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config
> which says "Currently autogenerating config files for multi-boot 
> environments depends on os-prober and has several shortcomings. ..."
> I also discovered there that placing a customized grub in its own 
> partition is not only possible, but recommended in some situations. I 
> had read somewhere that that option had expired with grub-legacy. That, 
> although taking much time to understand, will solve a *MESS* of grub 
> problems for me ;/

  i hope so.  :)

  for me the conceptual trouble started ages ago
when i thought that "update-grub" and os-prober would
go out and find all the other little grubs and get
them all in sync.

  my most recent round of grubismo dealing with the
USB stick educated me a little about that misconception
and helped me figure out the custom menu entry and
chain loading.

  as usual, i still have much to learn...


  songbird

Re: Possibly erroneous "device not present" message during boot

[Richard Owlett]

On 04/15/2017 12:14 PM, Pascal Hambourg wrote:

Le 15/04/2017 à 16:28, David Wright a écrit :

On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote:


A SD card reader such as the one the OP has just exposes the SD card
as what it is, a SD/MMC card (/dev/mmcblk*).


I assumed that the OP, writing about a laptop, had no card reader,
and was inserting the SD card directly into the computer.


How do you name that slot on the laptop or desktop where you insert the
SD card, if not an embedded card reader ?


As it happens, if you do this with the ancient laptop I'm typing on,
it has the functionality of a card reader built into it and you get
a /dev/sd*, and that can be boot an SD card directly.


So there seems to be at least two kinds of SD card reader : those which
expose themselves as a USB mass storage device and those which expose
themselves as a SD/MMC device.

I have a couple of desktops with an embedded multi-card reader,
connected to an internal USB port on the motherboard. But I do not have
any SD card (no use), so I never checked to see what kind they are.




From https://www.cnet.com/products/lenovo-thinkpad-t510/specs/
I apparently have

Card Reader
  Type 5 in 1 card reader
  Supported Flash  Memory Stick, Memory Stick PRO, MultiMediaCard,
Memory SD Memory Card, SDHC Memory Card

Re: Possibly erroneous "device not present" message during boot

[Richard Owlett]

On 04/15/2017 12:24 PM, Brian wrote:

On Sat 15 Apr 2017 at 11:52:09 -0500, Richard Owlett wrote:


On 04/15/2017 05:24 AM, Brian wrote:


Now for a big "but". :)

Your previous 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' stanza had

linux /boot/vmlinuz-3.16.0-4-686-pae root=/dev/mmcblk0p1

This one has

linux /boot/vmlinuz-3.16.0-4-686-pae 
root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet

The UUID has changed (I think you said you had done this) but the kernel
now looks for init using the UUID rather than on /dev/mmcblk0p1. How did
you manage to get something significantly different?


During the first install of Debian to the SD card I allowed the installer to
create a single partition filling the whole card. The primary purpose of
that install was a brute force determination of whether or not my individual
machine could read/write an SD card. The machine was a replacement for a
different used machine purchased from the vendor. My accepting the SD card
was dependent on that test.

I had reinstalled Debian to a more reasonably sized partition. That would
explain a changed UUID. During the reinstall I experimented with installing
grub to the MBR of the SD card. No grub was installed the first time.


The UUID change is understandable. But hey - you've altered the ground
rules! Now, it seems, you are exploring booting from the card itself
rather than from GRUB on a hard disk.


I considered a safe test as the BIOS does not list it as a possible boot 
device. Among other goodies I've ordered an USB SD card reader. We'll 
know more in ~1 week.





And, more to the point, is there booting from the card without any error
messages?


Did you overlook this question? You have said your machine does not
offer booting from an SD card. Your answer will be interesting.



Thought I'd answered it elsewhere.
It's on the menu that exists due to the grub on MBR of /dev/sda .
There is an fschk error of some sort that flies by too fast.
Otherwise, runs from SD card.

Re: Possibly erroneous "device not present" message during boot

[Brian]

On Sat 15 Apr 2017 at 11:35:14 -0500, Richard Owlett wrote:

> On 04/14/2017 01:19 PM, Brian wrote:
> >[snip]
> >
> >> 2. I only install Grub the *first* time I do a Debian install.
> >>By poor design Grub puts the current install first on menu.
> >>When experimenting with configuration as I do, the least
> >>likely install to be functional is the latest.
> >>This requires me to run update-grub on the "good" install.
> >
> >That's ok. I tend to be more promiscuous; usually on a whim, like
> >wanting to put a particular entry at the top of GRUB's menu list.
> >
> >When you do 'update-grub' do you still get no "set root=" line for the
> >SD card in the grub.cfg?
> >[snip]
> 
> I don't know how many times I've *MIS*read that last sentence ;<
> Mentally I was correcting non-existent typos, thus totally garbling it.
> I just spent several hours wandering thru grub files and loosely related
> documentation.
> I've ended up at
> www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config
> which says "Currently autogenerating config files for multi-boot
> environments depends on os-prober and has several shortcomings. ..."
> I also discovered there that placing a customized grub in its own partition
> is not only possible, but recommended in some situations. I had read
> somewhere that that option had expired with grub-legacy. That, although
> taking much time to understand, will solve a *MESS* of grub problems for me
> ;/

Treading GRUB's byways isn't for me today. Your only problem as far as I
am concerned is the one expressed in your first post. Even that is of no
great consequence and the visibilty of the message is easily dealt with
in a custom GRUB stanza. Adopt the pragmatic approach.

-- 
Brian.

Re: Possibly erroneous "device not present" message during boot

[Brian]

On Sat 15 Apr 2017 at 19:20:58 +0200, Pascal Hambourg wrote:

> Le 15/04/2017 à 12:44, Brian a écrit :
> >
> >simple install=some control of d-i.
> >expert install=total control of d-i.
> 
> Expert install gives more control, but is far from granting total control.
> The Debian installer still has many automated actions that you cannot
> control even in expert mode.

I had a feeling while writing that this response might come. It's
correct. "much more" instead of "total"?

-- 
Brian.

Re: Possibly erroneous "device not present" message during boot

[Pascal Hambourg]

Le 15/04/2017 à 15:55, songbird a écrit :


  maybe grub needs something provided by the
modules:

usbms, ehci, uhci or ohci?


Be careful if you're going to use driver modules (USB, PATA, AHCI...) to 
get direct access to a device. It disables access to *all* devices 
through the BIOS, including the device GRUB was booted from and reads 
its own files.

Re: Possibly erroneous "device not present" message during boot

[Brian]

On Sat 15 Apr 2017 at 11:52:09 -0500, Richard Owlett wrote:

> On 04/15/2017 05:24 AM, Brian wrote:
> >
> >Now for a big "but". :)
> >
> >Your previous 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' stanza had
> >
> > linux /boot/vmlinuz-3.16.0-4-686-pae root=/dev/mmcblk0p1
> >
> >This one has
> >
> > linux /boot/vmlinuz-3.16.0-4-686-pae 
> > root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet
> >
> >The UUID has changed (I think you said you had done this) but the kernel
> >now looks for init using the UUID rather than on /dev/mmcblk0p1. How did
> >you manage to get something significantly different?
> 
> During the first install of Debian to the SD card I allowed the installer to
> create a single partition filling the whole card. The primary purpose of
> that install was a brute force determination of whether or not my individual
> machine could read/write an SD card. The machine was a replacement for a
> different used machine purchased from the vendor. My accepting the SD card
> was dependent on that test.
> 
> I had reinstalled Debian to a more reasonably sized partition. That would
> explain a changed UUID. During the reinstall I experimented with installing
> grub to the MBR of the SD card. No grub was installed the first time.

The UUID change is understandable. But hey - you've altered the ground
rules! Now, it seems, you are exploring booting from the card itself
rather than from GRUB on a hard disk. 

> >And, more to the point, is there booting from the card without any error
> >messages?

Did you overlook this question? You have said your machine does not
offer booting from an SD card. Your answer will be interesting.

-- 
Brian.

Re: In Stretch, gcc producing position independent binaries by default?

[Reco]

Hi.

On Sat, 15 Apr 2017 14:39:49 + (UTC)
Neoklis Kyriazis  wrote:

> 
> >They patched gcc to produce PIE by default - and that's one of Debian
> >stretch release goals. See:
> >
> >https://wiki.debian.org/Hardening/PIEByDefaultTransition
> 
> 
> Ah thanks! New to Debian so I was not aware of this. My problem though
> is that filers like ROX and pcmanfm do not start PIE executables by
> clicking on them because they are seen as shared objects. 

Yes, that's known problem. I recall seeing some heated discussions
about it, but cannot find the links (was it PIE for Mozilla's built
Firefox? - my memory fails me).
The current consensus for graphical file managers on this seems to be
'yes, PIE executables are broken in this regard, but developer should
provide a .desktop file anyway'.

Not that I agree with such approach (on graphical file managers, PIE
is ok idea), but they took it.


> Anyhow, I expect there are now recommended CFLAGS for gcc when compiling
> binaries for Debian, right?

For 3 last major releases at least. Run 'dpkg-buildflags --get CFLAGS'
to see them. And don't forget 'dpkg-buildflags --get LDFLAGS' for the
linker.

Please note then one's using so called 'sane' build system (autotools,
cmake, etc) - the debhelper usually takes care of recommended CFLAGS
and LDFLAGS by itself.

Reco

Re: Possibly erroneous "device not present" message during boot

[Pascal Hambourg]

Le 15/04/2017 à 12:44, Brian a écrit :


simple install=some control of d-i.
expert install=total control of d-i.


Expert install gives more control, but is far from granting total 
control. The Debian installer still has many automated actions that you 
cannot control even in expert mode.

Re: Possibly erroneous "device not present" message during boot

[Pascal Hambourg]

Le 15/04/2017 à 16:28, David Wright a écrit :

On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote:


A SD card reader such as the one the OP has just exposes the SD card
as what it is, a SD/MMC card (/dev/mmcblk*).


I assumed that the OP, writing about a laptop, had no card reader,
and was inserting the SD card directly into the computer.


How do you name that slot on the laptop or desktop where you insert the 
SD card, if not an embedded card reader ?



As it happens, if you do this with the ancient laptop I'm typing on,
it has the functionality of a card reader built into it and you get
a /dev/sd*, and that can be boot an SD card directly.


So there seems to be at least two kinds of SD card reader : those which 
expose themselves as a USB mass storage device and those which expose 
themselves as a SD/MMC device.


I have a couple of desktops with an embedded multi-card reader, 
connected to an internal USB port on the motherboard. But I do not have 
any SD card (no use), so I never checked to see what kind they are.

Re: ssl isues are Eating me alive.

[Reco]

Hi.

On Sat, 15 Apr 2017 15:14:29 + (UTC)
david...@freevolt.org wrote:

> On Fri, 14 Apr 2017, Reco wrote:
> 
> > Hi.
> >
> > On Thu, Apr 13, 2017 at 01:01:24PM -0400, Greg Wooledge wrote:
> >> On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote:
> >>> This started out a year or so ago with the occasional site in
> >>> which lynx would report that it was unable to establish a TLS
> >>> connection with this or that site. [...]
> >>
> >> It's not just lynx.  It's EVERY single terminal-based browser, and
> >> as you noticed, it gets worse every day.
> >>
> >> Apparently all of the terminal-based browsers in wheezy and jessie are
> >> linked with libgnutls instead of libopenssl, and libgnutls (at least as
> >> provided by jessie) is completely incapable of forming an SSL connection
> >> with half of the Web.
> >
> > There's one notable exception to this in jessie and it's called w3m.
> >
> > $ ldd /usr/bin/w3m | grep ssl
> >libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
> 
> In wheezy (at least) I've noticed that curl can also cope, when lynx
> (and wget) cannot.

AFAIK jessie is the last Debian release that provides curl linked with
openssl.

Reco

Re: Possibly erroneous "device not present" message during boot

[Richard Owlett]

On 04/15/2017 05:24 AM, Brian wrote:

On Fri 14 Apr 2017 at 13:33:40 -0500, Richard Owlett wrote:


On 04/14/2017 12:24 PM, Brian wrote:


Everything GRUB knows about devices comes from what the BIOS tells it.
They are more than just good friends. :)

It appears from 'ls' at a GRUB prompt that your GRUB does not know about
your SD card. Booting takes place but GRUB takes its time to think about
what it should do about not finding something it has been told to search
for. In the end, it decides to go ahead, but in some cases it wouldn't.
That would dispel your present mood of happiness.

While we are it it: your update-grub stanza does not contain a line with
set root=" in it. Could this possibly be a copy and paste error? I ask
because the line is present on Jessie and testing when the device is a
USB stick.


Just to eliminate any source of copy errors, here is the full contents of
grub.cfg created just prior to my most recent post
(https://lists.debian.org/debian-user/2017/04/msg00468.html). It refers to
the 2 new installs I mentioned in that post.


Thank you.


### BEGIN /etc/grub.d/30_os-prober ###
menuentry 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' --class gnu-linux
--class gnu --class os $menuentry_id_option
'osprober-gnulinux-simple-e57b2c64-74ec-4184-af71-d807e07f07dd' {
insmod part_msdos
insmod ext2
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root
e57b2c64-74ec-4184-af71-d807e07f07dd
else
  search --no-floppy --fs-uuid --set=root
e57b2c64-74ec-4184-af71-d807e07f07dd
fi
linux /boot/vmlinuz-3.16.0-4-686-pae
root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet
initrd /boot/initrd.img-3.16.0-4-686-pae
}


Definitely no "set root=" line. We will have to give GRUB credit for
knowing what it is doing. The absence of this line probably accounts for
your previous successful booting. With such a line you would possibly
have got "cannot get C/H/S values" as an error message. This throws
booting back to the GRUB menu.

Now for a big "but". :)

Your previous 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' stanza had

 linux /boot/vmlinuz-3.16.0-4-686-pae root=/dev/mmcblk0p1

This one has

 linux /boot/vmlinuz-3.16.0-4-686-pae 
root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet

The UUID has changed (I think you said you had done this) but the kernel
now looks for init using the UUID rather than on /dev/mmcblk0p1. How did
you manage to get something significantly different?


During the first install of Debian to the SD card I allowed the 
installer to create a single partition filling the whole card. The 
primary purpose of that install was a brute force determination of 
whether or not my individual machine could read/write an SD card. The 
machine was a replacement for a different used machine purchased from 
the vendor. My accepting the SD card was dependent on that test.


I had reinstalled Debian to a more reasonably sized partition. That 
would explain a changed UUID. During the reinstall I experimented with 
installing grub to the MBR of the SD card. No grub was installed the 
first time.






And, more to the point, is there booting from the card without any error
messages?

Re: Possibly erroneous "device not present" message during boot

[Richard Owlett]

On 04/14/2017 01:19 PM, Brian wrote:

[snip]


 2. I only install Grub the *first* time I do a Debian install.
By poor design Grub puts the current install first on menu.
When experimenting with configuration as I do, the least
likely install to be functional is the latest.
This requires me to run update-grub on the "good" install.


That's ok. I tend to be more promiscuous; usually on a whim, like
wanting to put a particular entry at the top of GRUB's menu list.

When you do 'update-grub' do you still get no "set root=" line for the
SD card in the grub.cfg?
[snip]


I don't know how many times I've *MIS*read that last sentence ;<
Mentally I was correcting non-existent typos, thus totally garbling it.
I just spent several hours wandering thru grub files and loosely related 
documentation.

I've ended up at
www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config
which says "Currently autogenerating config files for multi-boot 
environments depends on os-prober and has several shortcomings. ..."
I also discovered there that placing a customized grub in its own 
partition is not only possible, but recommended in some situations. I 
had read somewhere that that option had expired with grub-legacy. That, 
although taking much time to understand, will solve a *MESS* of grub 
problems for me ;/

Re: ssl isues are Eating me alive.

[davidson]

On Fri, 14 Apr 2017, Reco wrote:


Hi.

On Thu, Apr 13, 2017 at 01:01:24PM -0400, Greg Wooledge wrote:

On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote:

This started out a year or so ago with the occasional site in
which lynx would report that it was unable to establish a TLS
connection with this or that site. [...]


It's not just lynx.  It's EVERY single terminal-based browser, and
as you noticed, it gets worse every day.

Apparently all of the terminal-based browsers in wheezy and jessie are
linked with libgnutls instead of libopenssl, and libgnutls (at least as
provided by jessie) is completely incapable of forming an SSL connection
with half of the Web.


There's one notable exception to this in jessie and it's called w3m.

$ ldd /usr/bin/w3m | grep ssl
   libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0


In wheezy (at least) I've noticed that curl can also cope, when lynx
(and wget) cannot.

Re: Possibly erroneous "device not present" message during boot

[David Wright]

On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote:
> Le 15/04/2017 à 02:37, David Wright a écrit :
> >
> >Of course, an SD card can be
> >made to look like a USB stick just by sticking it in a card reader.
> 
> I guess you mean "in a USB-to-SD card adapter", which translates a
> SD card into a USB mass storage device (/dev/sd*).

Yes, you guess correctly. Writing 40 years ago, I would use those same
words to describe a washing-machine sized object for reading punched
cards. Nowadays, if you type "card reader" into google, you will be
proffered several more sophisticated ones than mine, together with
some different varieties of credit card reader.

> A SD card reader such as the one the OP has just exposes the SD card
> as what it is, a SD/MMC card (/dev/mmcblk*).

I assumed that the OP, writing about a laptop, had no card reader,
and was inserting the SD card directly into the computer.

As it happens, if you do this with the ancient laptop I'm typing on,
it has the functionality of a card reader built into it and you get
a /dev/sd*, and that can be boot an SD card directly.

Cheers,
David.

Re: In Stretch, gcc producing position independent binaries by default?

[Reco]

Hi.

On Sat, 15 Apr 2017 13:50:59 + (UTC)
Neoklis Kyriazis  wrote:

> Hi,
> 
> I have recently completed my first installation of Debian (stretch)
> and I am compiling some apps from source. I have noticed that filers
> show binaries produce by gcc as being shared library objects instead
> of just ELF executables.
> 
> I eventually, by searching, I worked around this by specifying the 
> 
> -no-pie flag in CFLAGS but I would like to know if gcc is by default
> set up to produce 
> position independent binaries or if I have not set up things correctly.

They patched gcc to produce PIE by default - and that's one of Debian
stretch release goals. See:

https://wiki.debian.org/Hardening/PIEByDefaultTransition

Reco

Re: Possibly erroneous "device not present" message during boot

[songbird]

Brian wrote:
> songbird wrote:
>
>>   what i would do for grins is unplug the
>> devices other than the SSD and the installation 
>> media and then do a base system (simple install 
>> - not expert) and see what the installer does 
>> detect and writes in the fstab and grub menu 
>> (it may even boot).  you may then use those 
>
> This is cargo cult.

  thus my expression "for grins".  ;)

  i noticed my own lack of previous comprehension
as i thought all along the OP was putting things
on an SSD device and not a SD chip.  my SD reader
is on a USB header device with many other things.

  maybe grub needs something provided by the
modules:

usbms, ehci, uhci or ohci?

  these can be tested at the command line and
then doing ls -l to see if the device shows up
or not...


> simple install=some control of d-i.
> expert install=total control of d-i.
>
> In both cases the OP does not want to install a boot loader to the
> device.

  dd can get rid of it easily enough.

  i think the possible confusion for a more
ancient machine may be cleared up enough to 
get workable bits.  how we get to workable
bits may be a different route, but in the end
if they work we have gotten to the cheese in
this particular maze of twisty-turny passages
even if they all look alike (1's and 0's).


  songbird

Re: Possibly erroneous "device not present" message during boot

[songbird]

Brian wrote:
...
> And, more to the point, is there booting from the card without any error
> messages?

  ...

  and as additional info you can adjust some things
in grub via editing /etc/default/grub (and running
update-grub) if you don't like how the menu is being
generated.


  songbird

Re: ZSH affiche l'erreur : zsh: bad pattern: e[0

[Pierre Malard]

Je pense que cela dépend plus de la commande utilisée que du shell. Regarde 
déjà sur tu as accès à l’option « -e » avec echo en lisant le man.
Sinon, tu peux toujours essayer avec un « printf »…


> Le 15 avr. 2017 à 12:54, Étienne Mollier  a écrit 
> :
> 
> Bonjour,
> 
> On 04/15/2017 12:00 PM, G2PC wrote:
>> *Afficher un ascii art au lancement de votre terminal*
>> 
>> Le code suivant avec ZSH affiche l'erreur : zsh: bad pattern: e[0
>> 
>> \e[0;36m.
>> zsh: bad pattern: e[0
>> 
>> 
>> Avez vous une piste pour permettre l'affichage ?
> 
> On dirait que zsh tente d'interprêter ton code d'échappement au
> lieu de le passer au terminal.  As-tu protégé ta chaîne de caractères
> avec des doubles quotes?
> 
> Normalement la commande suivante devrait t'afficher un point vert:
> 
>   echo -e "\e[0;36m."
> 
> J'ai fait le test en bash, mais le comportement devrait être assez
> voisin de celui de zsh dans ce cas.
> 
> À plus,
> --
> Étienne Mollier 
> 

--
Pierre Malard

   « Tous les Français ambitionnent pour la France un grand rôle
   dans le monde. Ce n'est point par des aventures guerrières qu'elle
   le trouvera, c'est en donnant aux peuples l'exemple et le signal
   de justice. »
Jean Jaures - "L'idéal de justice" 
- 1889
   |\  _,,,---,,_
   /,`.-'`'-.  ;-;;,_
  |,4-  ) )-,_. ,\ (  `'-'
 '---''(_/--'  `-'\_)   πr

perl -e '$_=q#: 3|\ 5_,3-3,2_: 3/,`.'"'"'`'"'"' 5-.  ;-;;,_:  |,A-  ) )-,_. ,\ 
(  `'"'"'-'"'"': '"'"'-3'"'"'2(_/--'"'"'  `-'"'"'\_): 
24πr::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
- --> Ce message n’engage que son auteur <--



signature.asc
Description: Message signed with OpenPGP

Re: ZSH affiche l'erreur : zsh: bad pattern: e[0

[Étienne Mollier]

Bonjour,

On 04/15/2017 12:00 PM, G2PC wrote:
> *Afficher un ascii art au lancement de votre terminal*
> 
> Le code suivant avec ZSH affiche l'erreur : zsh: bad pattern: e[0
> 
> \e[0;36m. 
> zsh: bad pattern: e[0
> 
> 
> Avez vous une piste pour permettre l'affichage ?

On dirait que zsh tente d'interprêter ton code d'échappement au
lieu de le passer au terminal.  As-tu protégé ta chaîne de caractères
avec des doubles quotes?

Normalement la commande suivante devrait t'afficher un point vert:

echo -e "\e[0;36m."

J'ai fait le test en bash, mais le comportement devrait être assez
voisin de celui de zsh dans ce cas.

À plus,
-- 
Étienne Mollier 

Re: Possibly erroneous "device not present" message during boot

[Brian]

On Fri 14 Apr 2017 at 20:02:11 -0400, songbird wrote:

>   what i would do for grins is unplug the
> devices other than the SSD and the installation 
> media and then do a base system (simple install 
> - not expert) and see what the installer does 
> detect and writes in the fstab and grub menu 
> (it may even boot).  you may then use those 

This is cargo cult.

simple install=some control of d-i.
expert install=total control of d-i.

In both cases the OP does not want to install a boot loader to the
device.

-- 
Brian.

Re: Certificats https aléatoires suivant les navigateurs

[babouchko]

Slt,
Peut être hors sujet mais j'ai déjà eu ce orb lorsque l'heure était mal
configuré sur le serveur et/ou le client.

Cdt
Sebastien
Le 15 avr. 2017 12:33 PM, "Thierry Bugier Pineau"  a
écrit :

> Essayez let's encrypt. Cela dit je suis étonné que ceux d'OVH ne
> fonctionnement pas. Avez vous configuré le serveur pour fournir la chaine
> de certificats ?
>
> Le serveur donne au client son certificat (que vous avez apparemment
> configuré), mais doit aussi donner les certificats des autorités de
> certification intermédiaires jusqu'à une autorité reconnue par les clients.
> C'est ce qu'on appelle parfois la "CA chain".
>
> Et oubliez startssl : leurs certificats ne seront plus acceptés par
> firefox et chrome d'ici quelques semaines, si ce n'est pas déjà fait. Ils
> ont été rachetés par une autorité ayant de mauvaises pratiques. Google l'a
> annoncé, Mozilla aussi.
>
> Avoir un OS à jour a une influence sur les autorités reconnues (fiables).
> Récemment sur Debian, j'ai vu pas mal de changement sur les autorités de
> certification incluses dans l'OS (Sid). On en ajoute, et parfois on en
> retire.
>
> Le 15 avril 2017 11:22:14 GMT+02:00, andre_deb...@numericable.fr a écrit :
>>
>> Bonjour,
>>
>> J'ai installé sur un serveur Web,
>> - les certificats StartSSL (gratuits) toujours valides,
>> - et j'ai acheté les certificats tout récemment chez OVH.
>>
>> Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany,
>> le site Web affiche une erreur de certificats,
>> que ce soient avec les certificats d'OVH ou de StartSSL.
>>
>> Ça marche avec un ou deux navigateurs et pas avec d'autres,
>> et vice versa.
>>
>> Quels certificats fonctionnent quelquesoient les navigateurs ?
>>
>> Merci,
>>
>> André
>>
>>
> --
> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma
> brièveté.
>

Re: Possibly erroneous "device not present" message during boot

[Brian]

On Fri 14 Apr 2017 at 13:33:40 -0500, Richard Owlett wrote:

> On 04/14/2017 12:24 PM, Brian wrote:
> >
> >Everything GRUB knows about devices comes from what the BIOS tells it.
> >They are more than just good friends. :)
> >
> >It appears from 'ls' at a GRUB prompt that your GRUB does not know about
> >your SD card. Booting takes place but GRUB takes its time to think about
> >what it should do about not finding something it has been told to search
> >for. In the end, it decides to go ahead, but in some cases it wouldn't.
> >That would dispel your present mood of happiness.
> >
> >While we are it it: your update-grub stanza does not contain a line with
> >set root=" in it. Could this possibly be a copy and paste error? I ask
> >because the line is present on Jessie and testing when the device is a
> >USB stick.
> 
> Just to eliminate any source of copy errors, here is the full contents of
> grub.cfg created just prior to my most recent post
> (https://lists.debian.org/debian-user/2017/04/msg00468.html). It refers to
> the 2 new installs I mentioned in that post.

Thank you.

> ### BEGIN /etc/grub.d/30_os-prober ###
> menuentry 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' --class gnu-linux
> --class gnu --class os $menuentry_id_option
> 'osprober-gnulinux-simple-e57b2c64-74ec-4184-af71-d807e07f07dd' {
>   insmod part_msdos
>   insmod ext2
>   if [ x$feature_platform_search_hint = xy ]; then
> search --no-floppy --fs-uuid --set=root
> e57b2c64-74ec-4184-af71-d807e07f07dd
>   else
> search --no-floppy --fs-uuid --set=root
> e57b2c64-74ec-4184-af71-d807e07f07dd
>   fi
>   linux /boot/vmlinuz-3.16.0-4-686-pae
> root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet
>   initrd /boot/initrd.img-3.16.0-4-686-pae
> }

Definitely no "set root=" line. We will have to give GRUB credit for
knowing what it is doing. The absence of this line probably accounts for
your previous successful booting. With such a line you would possibly
have got "cannot get C/H/S values" as an error message. This throws
booting back to the GRUB menu.

Now for a big "but". :)

Your previous 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' stanza had

 linux /boot/vmlinuz-3.16.0-4-686-pae root=/dev/mmcblk0p1

This one has

 linux /boot/vmlinuz-3.16.0-4-686-pae 
root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet

The UUID has changed (I think you said you had done this) but the kernel
now looks for init using the UUID rather than on /dev/mmcblk0p1. How did
you manage to get something significantly different?

And, more to the point, is there booting from the card without any error
messages?

-- 
Brian.

Re: Certificats https aléatoires suivant les navigateurs

[Thierry Bugier Pineau]

Essayez let's encrypt. Cela dit je suis étonné que ceux d'OVH ne fonctionnement 
pas. Avez vous configuré le serveur pour fournir la chaine de certificats ?

Le serveur donne au client son certificat (que vous avez apparemment 
configuré), mais doit aussi donner les certificats des autorités de 
certification intermédiaires jusqu'à une autorité reconnue par les clients. 
C'est ce qu'on appelle parfois la "CA chain".

Et oubliez startssl : leurs certificats ne seront plus acceptés par firefox et 
chrome d'ici quelques semaines, si ce n'est pas déjà fait. Ils ont été rachetés 
par une autorité ayant de mauvaises pratiques. Google l'a annoncé, Mozilla 
aussi.

Avoir un OS à jour a une influence sur les autorités reconnues (fiables). 
Récemment sur Debian, j'ai vu pas mal de changement sur les autorités de 
certification incluses dans l'OS (Sid). On en ajoute, et parfois on en retire.

Le 15 avril 2017 11:22:14 GMT+02:00, andre_deb...@numericable.fr a écrit :
>Bonjour,
>
>J'ai installé sur un serveur Web,
>- les certificats StartSSL (gratuits) toujours valides,
>- et j'ai acheté les certificats tout récemment chez OVH.
>
>Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany, 
>le site Web affiche une erreur de certificats,
>que ce soient avec les certificats d'OVH ou de StartSSL.
>
>Ça marche avec un ou deux navigateurs et pas avec d'autres,
>et vice versa.
>
>Quels certificats fonctionnent quelquesoient les navigateurs ?
>
>Merci,
>
>André

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

ZSH affiche l'erreur : zsh: bad pattern: e[0

[G2PC]

*Afficher un ascii art au lancement de votre terminal*

Le code suivant avec ZSH affiche l'erreur : zsh: bad pattern: e[0

\e[0;36m. 
zsh: bad pattern: e[0


Avez vous une piste pour permettre l'affichage ?

Exemple :
https://www.visionduweb.eu/forum/os-gnu-linux/1148-afficher-un-ascii-art-au-lancement-de-votre-terminal

Re: Certificats https aléatoires suivant les navigateurs

[Jonathan bartoua Schneider]

Hello,

Dans ta conf Apache tu as bien positionné la chaîne d'AC qui a émis les
certificats (la directive est SSLCertificateChainFile) ?

Si l'AC root est déjà trust par ta machine ou par le navigateur, tu as
besoin de mettre au moins toutes les AC sauf la root, maps c'est souvent
plus "propre" de mettre toute la chaîne. Si l'AC root n'est pas trust, tu
auras toujours des exceptions parce que les autorités ne sont pas "de
confiance" pour ta machine/navigateur.

Jonathan

Le 15 avr. 2017 11:22 AM,  a écrit :

> Bonjour,
>
> J'ai installé sur un serveur Web,
> - les certificats StartSSL (gratuits) toujours valides,
> - et j'ai acheté les certificats tout récemment chez OVH.
>
> Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany,
> le site Web affiche une erreur de certificats,
> que ce soient avec les certificats d'OVH ou de StartSSL.
>
> Ça marche avec un ou deux navigateurs et pas avec d'autres,
> et vice versa.
>
> Quels certificats fonctionnent quelquesoient les navigateurs ?
>
> Merci,
>
> André
>
>

Certificats https aléatoires suivant les navigateurs

[andre_debian]

Bonjour,

J'ai installé sur un serveur Web,
- les certificats StartSSL (gratuits) toujours valides,
- et j'ai acheté les certificats tout récemment chez OVH.

Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany, 
le site Web affiche une erreur de certificats,
que ce soient avec les certificats d'OVH ou de StartSSL.

Ça marche avec un ou deux navigateurs et pas avec d'autres,
et vice versa.

Quels certificats fonctionnent quelquesoient les navigateurs ?

Merci,

André

Re: Possibly erroneous "device not present" message during boot

[Pascal Hambourg]

Le 15/04/2017 à 02:37, David Wright a écrit :


Of course, an SD card can be
made to look like a USB stick just by sticking it in a card reader.


I guess you mean "in a USB-to-SD card adapter", which translates a SD 
card into a USB mass storage device (/dev/sd*).
A SD card reader such as the one the OP has just exposes the SD card as 
what it is, a SD/MMC card (/dev/mmcblk*).

Re: [Serveur mail] Bonnes pratiques et conseils

[Thierry Bugier Pineau]

Toutes les discussions sur les serveurs mails attisent pour m'y remettre. Je 
vais retenter l'expérience, nettoyer mes notes et partager.

Si ça peut rendre service à quelques uns, et bien, et j'en profiterai pour 
demander quelques renseignements sur des points d'architecture que je veux 
réaliser : 1 samba 4 par domaine et des serveurs frontaux. Pour apprendre, 
utiliser, et ne pas dépendre de solutions clé en main qui au final restreignent 
les libertés en terne de gestion, compréhension et maintenance

Le 1 avril 2017 18:12:35 GMT+02:00, Louis-Philippe  a 
écrit :
>Bonjour,
>
>Je ne connais pas tous les logiciels que tu as installés, mais il y
>aussi
>PostGrey (en package Debian) que je commence à utiliser.
>De ce que j'ai compris, si le triplet "expéditeur, serveur et
>destinataire"
>existe dans ma base de données (mon serveur de mail) et a été utilisé
>récemment(ex dans le dernier mois), il passe librement, sinon, il
>redemande
>au serveur de l'expéditeur une nouvelle expédition du mail. Les
>serveurs de
>spams ne réexpédient pas un courriel en général.
>
>Et tout ça, avant qu'ils soient analysés pour vérifier si c'est un SPAM
>ou
>virus. La charge de ton serveur est donc réduite de beaucoup...
>
>Le seul désavantage que j'ai constaté, si le triplet n'existe pas et
>que le
>courriel est légitime, le courriel peut prendre 5-10 minutes avant
>d'arriver... et nous n'avons pas de contrôle sur ce délai car c'est le
>serveur de l'expéditeur qui décide quand le renvoyer.
>
>Cordialement,
>
>
>Le 1 avril 2017 à 06:12, Kévin Gaspard  a
>écrit :
>
>> Bonjour à toutes et à tous,
>>
>> (je n'ai jamais participé à de ML, merci de me faire part de mes
>erreurs
>> mais avec un soupçon d'indulgence s'il vous plaît)
>>
>> J'ai il y a peu terminé la configuration d'un serveur mail, qui
>> fonctionne, avec les composants suivants:
>>
>> - Debian 8
>> - IPTables + Fail2Ban
>> - Postfix + Postscreen (avec 3 listes RBL)
>> - Dovecot
>> - MariaDB
>> - RSpamD avec sa web UI
>> - ClamAV
>> - OpenDKIM + SPF (paquet: postfix-policyd-spf-python)
>> - Certificat Let's Encrypt (4096 bits) pour imap.domain.tld et un
>autre
>> pour smtp.domain.tld
>>
>> Tout ça provenant des dépôts officiels de Debian, je n'ai rien
>compilé ou
>> récupéré sur github.
>>
>> Pour tester tout ça, j'ai effectué les actions suivantes:
>>
>> - Envoie de mail à partir d'une adresse de domain.tld (sur une
>adresse
>> gandi et une gmail)
>> - Réception de mail à partir d'adresses gandi et gmail vers
>domain.tld
>> - Envoie d'une signature EICAR en pièce jointe pour tester ClamAV
>> - Je suis en plein envoie massif de spam (depuis bientôt deux jours)
>via
>> un site qui inscrit une adresse e-mail donné sur un maximum de
>formulaire
>> sur le web, connu pour envoyer des mails en retour. Je suis à environ
>27000
>> formulaires remplis, et seulement ~80 mails sont parvenu jusqu'à ma
>boîte
>> poubelle, et ces mails sont des inscriptions à des ML (du genre
>redhat.com),
>> donc aucun véritable spam pour le moment. Tout semble avoir été
>filtré par
>> le DKIM et le SPF (faut savoir qu'en testant ce site avec un gmail,
>j'avais
>> plusieurs mails à la minute me demandant si je voulais une petite
>copine
>> russe ou ce genre de truc dans les spams).
>>
>> Je sais que je n'ai pas terminé, je dois encore donner des cours à
>RSpamD
>> pour qu'ils servent à quelque chose (il n'a encore rien filtré) et je
>dois
>> encore voir pour réceptionner les logs de mon serveur vers mon
>desktop
>> (e-mail de notification, logwatch etc). Sans compter un véritable
>système
>> de backup digne de ce nom. Aussi, je ne crois pas avoir configuré
>Fail2Ban
>> pour travailler de paire avec l'authentification de mon serveur mail
>(qui
>> se passe avec Dovecot).
>> RoundCube est aussi envisagé pour la mobilité.
>>
>> J'aimerai avoir vos avis sur ce qui me resterai à faire comme test,
>voir
>> comme configuration ou ajout de logiciels, ce que je devrai penser à
>la
>> suite, quels sont les pièges de débutant à éviter... Bref je me sens
>un peu
>> perdu sur la suite des évènements et je ne sais pas sur quoi je dois
>> m'orienter en priorité.
>> Le fait que ce serveur mail fonctionne ne veut pas dire que je l'ai
>bien
>> fais. Je ne m'amuse pas encore à paster de la conf ici, mais si vous
>pensez
>> que c'est nécessaire je le ferai (en obfusquant ce qui doit l'être
>bien
>> sûr).
>>
>> Après deux jours de recherches je suis tombé à cours d'idées, en
>somme.
>>
>> Je vous souhaite à toutes et à tous un excellent week-end.
>>
>> Cordialement,
>> GASPARD Kévin
>>
>>
>>
>>
>
>
>-- 
>Louis-Philippe Gauthier

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

Re: Postfix Dovecot et SSL : SSL23: unknown protocol

[Thierry Bugier Pineau]

J'y pense ; il faut juste que je me dégage un peu de temps. Je ne n ai pas 
vraiment eu pour l'instant.

En passant j'ai trouvé sur le wiki de Dovecot un script shell qui permet 
d'éditer sa configuration via la ligne de commande ou un autre script. C'est 
partiellement expérimental. On n'a pas d'équivalent à postconf ? Cet outil 
facilite énormément le travail d'automatisation.

Le 14 avril 2017 22:32:21 GMT+02:00, andre_deb...@numericable.fr a écrit :
>On Tuesday 04 April 2017 10:43:15 Thierry Bugier Pineau wrote:
>> le sujet a achevé de me motiver pour m'y remettre aussi. D'où mon
>> silence.  J'ai préparé postfix, je continue avec Dovecot dans les
>jours
>> à venir et ensuite je m'attaque au TLS pour atteindre le même niveau
>de
>> progression et donner un coup de main.
>> J'essaie aussi de créer un script shell (très sommaire) pour rendre
>la
>> configuration maintenable et reproductible (que je partagerai
>> volontiers sur github).
>
>On Tuesday 04 April 2017 14:12:45 andre_deb...@numericable.fr wrote:
>> Je l'attends avec plaisir, merci d'avance.
>> Ça fait longtemps que dovecot + certificats me posent soucis... :-)
>> Bonne journée,  André
>
>Je n'ai pas reçu de réponse à cette promesse ci-dessus... :-)
>
>André

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.