Re: Certificats https aléatoires suivant les navigateurs
Le 15/04/2017 à 11:22, andre_deb...@numericable.fr a écrit : Bonjour, J'ai installé sur un serveur Web, - les certificats StartSSL (gratuits) toujours valides, - et j'ai acheté les certificats tout récemment chez OVH. Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany, le site Web affiche une erreur de certificats, que ce soient avec les certificats d'OVH ou de StartSSL. Ça marche avec un ou deux navigateurs et pas avec d'autres, et vice versa. Quels certificats fonctionnent quelquesoient les navigateurs ? Test ton site web avec le test SSL de Qualys : https://www.ssllabs.com/ssltest/ Tu auras pas mal d'infos sur ta config. -- == | FRÉDÉRIC MASSOT | | http://www.juliana-multimedia.com | | mailto:frede...@juliana-multimedia.com | | +33.(0)2.97.54.77.94 +33.(0)6.67.19.95.69 | ===Debian=GNU/Linux===
Re: system drive encryption question
On Wed, 5 Apr 2017, FHDATA wrote: hello, I am not currently using debian as linux OS but considering it ... If I clean install debian (latest of course) and during the install process have its / (system drive) encrypted with pass-phrase then later on, can I add a key, residing on a usb flash drive, to that encryption? if yes, is there a step-by-step method one can follow to do that? thank you, F- i apologize for not sending a timely response back; just being busy; thanks to all who provided feedback from which i learned: 1. possibility of using a 3rd party 2fa solution (e.g. yubico) [relaying on internet during boot may be undesirable...] 2. in LUKS one of the other remaining 7 slots can be utilize for path to encryption key ... 3. system boot process looks for & mounts a external usb device and use the key on it . 4. utilizing Password Agents ,Plymouth, (of systemd) to prompt user for 'some passphrase for ' 5. /etc/default/cryptdisks {seems to be a debian/ubuntu centric thing, which is fine...} #2 seems unlikely but i will investigate further. combination of #3 + #4 looks promising ... #5 seems to be tailored solution for this sort of things ... but needs testing... i like to keep things simple: no /boot encryption, no LVM , RAID ,etc someday every linux distro during the install process will ask the user for the 2nd auth factor residing on an external device. till then i will do more reading & testing ... F-
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 16:30:29 -0500, David Wright wrote: > On Sat 15 Apr 2017 at 19:57:32 (+0100), Brian wrote: > > On Sat 15 Apr 2017 at 13:08:30 -0500, Richard Owlett wrote: > > > > > On 04/15/2017 12:24 PM, Brian wrote: > > > > > > > >Did you overlook this question? You have said your machine does not > > > >offer booting from an SD card. Your answer will be interesting. > > > > > > Thought I'd answered it elsewhere. > > > > Nope. There has been no mention of booting *directly* *from* the SD card > > until this subthread. > > > > > It's on the menu that exists due to the grub on MBR of /dev/sda . > > > > So - the card is in its slot on your machine. You do 'update-grub'. > > There is now an entry in GRUB's menu. That is fine. This is what you are > > booting from? Your grub.cfg looks similar to what you posted before? > > > > If GRUB has been installed to the MBR of the SD card it has absolutely > > no bearing on the existence of the entry in GRUB's menu. It may as well > > not be there when GRUB on the MBR of /dev/sda constructs its grub.cfg. > > > > > There is an fschk error of some sort that flies by too fast. > > > Otherwise, runs from SD card. > > > > I like "simple"; I'm lost. > > One can avoid all this messing about with Grub by just copying a > netinst ISO onto the SD card instead of a USB stick. > > But then you need, as I've pointed out just now, to insert the > SD card into the slot _before_ booting, _and_ entering the CMOS > Setup Menu to make sure the device has highest booting priority. > (This is irrespective of how you wrote the SD card.) Nobody in this thread, apart from the OP, has a Lenovo and an SD card. He is in the best position to test and report on this suggestion. Less than twenty minutes work. -- Brian.
Re: Possibly erroneous "device not present" message during boot
Le 15/04/2017 à 22:50, David Wright a écrit : On Sat 15 Apr 2017 at 19:14:24 (+0200), Pascal Hambourg wrote: Le 15/04/2017 à 16:28, David Wright a écrit : On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote: A SD card reader such as the one the OP has just exposes the SD card as what it is, a SD/MMC card (/dev/mmcblk*). I assumed that the OP, writing about a laptop, had no card reader, and was inserting the SD card directly into the computer. How do you name that slot on the laptop or desktop where you insert the SD card, if not an embedded card reader ? A slot, or an SD slot (as on this Dell), or a micro SD slot. Behind the slot is a SD card reader. Lenovo names it a card reader. You seem to have had some difficulty with this part of my post: | It's not clear to me why an SD is being used in this way as the OP | has at last revealed that the computer is unable to boot from an SD | plugged in directly. IIUC, at first the OP did not know that the computer was unable to boot from the internal SD card reader and discovered it during this thread. (Of course, an SD card can be made to look like a | USB stick just by sticking it in a card reader. Then it will boot.) Obviously not with the OP's laptop internal card reader, which does not make the SD card look like a USB mass storage class device.
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 19:57:32 (+0100), Brian wrote: > On Sat 15 Apr 2017 at 13:08:30 -0500, Richard Owlett wrote: > > > On 04/15/2017 12:24 PM, Brian wrote: > > > > > >Did you overlook this question? You have said your machine does not > > >offer booting from an SD card. Your answer will be interesting. > > > > Thought I'd answered it elsewhere. > > Nope. There has been no mention of booting *directly* *from* the SD card > until this subthread. > > > It's on the menu that exists due to the grub on MBR of /dev/sda . > > So - the card is in its slot on your machine. You do 'update-grub'. > There is now an entry in GRUB's menu. That is fine. This is what you are > booting from? Your grub.cfg looks similar to what you posted before? > > If GRUB has been installed to the MBR of the SD card it has absolutely > no bearing on the existence of the entry in GRUB's menu. It may as well > not be there when GRUB on the MBR of /dev/sda constructs its grub.cfg. > > > There is an fschk error of some sort that flies by too fast. > > Otherwise, runs from SD card. > > I like "simple"; I'm lost. One can avoid all this messing about with Grub by just copying a netinst ISO onto the SD card instead of a USB stick. But then you need, as I've pointed out just now, to insert the SD card into the slot _before_ booting, _and_ entering the CMOS Setup Menu to make sure the device has highest booting priority. (This is irrespective of how you wrote the SD card.) Cheers, David.
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 13:16:54 (-0500), Richard Owlett wrote: > On 04/15/2017 12:14 PM, Pascal Hambourg wrote: > >Le 15/04/2017 à 16:28, David Wright a écrit : > >>On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote: > >> > >>>A SD card reader such as the one the OP has just exposes the SD card > >>>as what it is, a SD/MMC card (/dev/mmcblk*). > >> > >>I assumed that the OP, writing about a laptop, had no card reader, > >>and was inserting the SD card directly into the computer. > > > >How do you name that slot on the laptop or desktop where you insert the > >SD card, if not an embedded card reader ? > > > >>As it happens, if you do this with the ancient laptop I'm typing on, > >>it has the functionality of a card reader built into it and you get > >>a /dev/sd*, and that can be boot an SD card directly. > > > >So there seems to be at least two kinds of SD card reader : those which > >expose themselves as a USB mass storage device and those which expose > >themselves as a SD/MMC device. > > > >I have a couple of desktops with an embedded multi-card reader, > >connected to an internal USB port on the motherboard. But I do not have > >any SD card (no use), so I never checked to see what kind they are. > > > > > > From https://www.cnet.com/products/lenovo-thinkpad-t510/specs/ > I apparently have > > Card Reader > Type 5 in 1 card reader > Supported Flash Memory Stick, Memory Stick PRO, MultiMediaCard, > Memory SD Memory Card, SDHC Memory Card If I were you, I would try inserting your SD card and _then_ booting it up. It's quite usual for bootable devices to appear in the BIOS's Setup Menu only if a device is actually present. (Don't even rely on a Boot Menu like F12 sometimes gives: check the Setup Menu itself.) If it's there, promote it to first device to boot, and then boot. (Don't rely on the promotion to be "sticky". If you ever boot without a card plugged in, it may be demoted whenever you next plug one in.) Cheers, David.
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 19:14:24 (+0200), Pascal Hambourg wrote: > Le 15/04/2017 à 16:28, David Wright a écrit : > >On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote: > > > >>A SD card reader such as the one the OP has just exposes the SD card > >>as what it is, a SD/MMC card (/dev/mmcblk*). > > > >I assumed that the OP, writing about a laptop, had no card reader, > >and was inserting the SD card directly into the computer. > > How do you name that slot on the laptop or desktop where you insert > the SD card, if not an embedded card reader ? A slot, or an SD slot (as on this Dell), or a micro SD slot. You seem to have had some difficulty with this part of my post: | It's not clear to me why an SD is being used in this way as the OP | has at last revealed that the computer is unable to boot from an SD | plugged in directly. (Of course, an SD card can be made to look like a | USB stick just by sticking it in a card reader. Then it will boot.) I would be happy to go through it and detail all the referents if you can't judge them from the context. > >As it happens, if you do this with the ancient laptop I'm typing on, > >it has the functionality of a card reader built into it and you get > >a /dev/sd*, and that can be boot an SD card directly. > > So there seems to be at least two kinds of SD card reader : those > which expose themselves as a USB mass storage device and those which > expose themselves as a SD/MMC device. > > I have a couple of desktops with an embedded multi-card reader, > connected to an internal USB port on the motherboard. But I do not > have any SD card (no use), so I never checked to see what kind they > are. I would imagine that most people wouldn't want to disassemble to check this. The internal connections are likely subminiature anyway, so it would be difficult to see how any card will appear to the user without just inserting one. Cheers, David.
Re: customized Grub
On 04/15/2017 02:16 PM, Brian wrote: On Sat 15 Apr 2017 at 14:55:04 -0400, Felix Miata wrote: [snip] Do you have a clue what this thread is about? Or did you just fancy that a Legacy GRUB driveby posting would perk things up for everyone? Careful ;) By my measurements you post 3 times for every time Felix has since 8/2015. Basically I agree with his post. As to selecting between Grub2 and Grub-legacy I choose a different primary criterion than what he chooses. His criterion is apparently a function of maintainability and reliability. If asked to state *MY* criterion, it would likely reduce to "who won popcon?" ;/ To put things in perspective, "Why chose Debian over MS/Apple/Canonical/etc ?" Debian allows/encourages choice!
Re: Possibly erroneous "device not present" message during boot
Le 15/04/2017 à 21:24, Doug a écrit : It turns out that there are two kinds of cards that look the same, but on a Dell laptop I have, one kind won't be recognized and the other works. I don't remember which is which, or what they are called. One is SD, the other something else. MMC, SDHC, SDXC ?
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 21:04:34 +0200, Pascal Hambourg wrote: > Le 15/04/2017 à 19:42, Brian a écrit : > >On Sat 15 Apr 2017 at 19:20:58 +0200, Pascal Hambourg wrote: > >> > >>Expert install gives more control, but is far from granting total control. > >>The Debian installer still has many automated actions that you cannot > >>control even in expert mode. > > > >I had a feeling while writing that this response might come. It's > >correct. "much more" instead of "total"? > > I would not say "much more", just "more" or even "a bit more". Contrasting "simple install" with "expert install" and "preseeded install" I'd agree and use "more" for "expert install". But that wasn't the original comparison. -- Brian.
Re: Possibly erroneous "device not present" message during boot
On 04/15/2017 10:28 AM, David Wright wrote: On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote: Le 15/04/2017 à 02:37, David Wright a écrit : Of course, an SD card can be made to look like a USB stick just by sticking it in a card reader. I guess you mean "in a USB-to-SD card adapter", which translates a SD card into a USB mass storage device (/dev/sd*). Yes, you guess correctly. Writing 40 years ago, I would use those same words to describe a washing-machine sized object for reading punched cards. Nowadays, if you type "card reader" into google, you will be proffered several more sophisticated ones than mine, together with some different varieties of credit card reader. A SD card reader such as the one the OP has just exposes the SD card as what it is, a SD/MMC card (/dev/mmcblk*). I assumed that the OP, writing about a laptop, had no card reader, and was inserting the SD card directly into the computer. As it happens, if you do this with the ancient laptop I'm typing on, it has the functionality of a card reader built into it and you get a /dev/sd*, and that can be boot an SD card directly. Cheers, David. It turns out that there are two kinds of cards that look the same, but on a Dell laptop I have, one kind won't be recognized and the other works. I don't remember which is which, or what they are called. One is SD, the other something else. Of course, I found out the hard way, but it really doesn't matter, since I don't need to use the laptop for that. --doug
Re: customized Grub (was: Possibly erroneous "device not present...)
On Sat 15 Apr 2017 at 14:55:04 -0400, Felix Miata wrote: > Richard Owlett composed on 2017-04-15 11:35 (UTC-0500): > ... > >I also discovered there that placing a customized grub in its own > >partition is not only possible, but recommended in some situations. > I had > >read somewhere that that option had expired with grub-legacy. That, > >although taking much time to understand, will solve a *MESS* of grub > >problems for me ;/ > > If control is what you want on BIOS disks, limit the action of Grub scripts > to / filesystems. Let them do whatever they want, but don't bother using > them. Install generic MBR code, put Grub Legacy on an active primary > partition, never mount it to /boot, and boot using Grub stanzas you build > yourself. At least, that's how I've been doing it for over a decade on more > than 25 multiboot machines with as many as 30+ distros each, including on a > few systems that include Windows 98, XP, 7, 8 or 10. For this purpose, > openSUSE's Grub Legacy, in conjunction with Gfxboot, works best. It > facilitates editing on the fly at runtime, which makes it very easy to > correct any typos made during manual editing of menu.lst. Trying to use > Debian's Grub Legacy is a handicap in that its find command hangs on EXT4 > filesystems, limiting utility of its shell. > > Creating symlinks to current kernels and initrds leaves little editing to be > required of the master bootloader's menu.lst. > > https://www.gnu.org/software/grub/manual/legacy/ > > When the point is reached that Grub Legacy cannot any more boot an > installation I expect I'll try Syslinux or anything else that happens to > provide promise as a bootloader before considering Grub2 for anything more > than learning exercises. Do you have a clue what this thread is about? Or did you just fancy that a Legacy GRUB driveby posting would perk things up for everyone? -- Brian.
Re: Possibly erroneous "device not present" message during boot
Le 15/04/2017 à 19:42, Brian a écrit : On Sat 15 Apr 2017 at 19:20:58 +0200, Pascal Hambourg wrote: Expert install gives more control, but is far from granting total control. The Debian installer still has many automated actions that you cannot control even in expert mode. I had a feeling while writing that this response might come. It's correct. "much more" instead of "total"? I would not say "much more", just "more" or even "a bit more".
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 13:08:30 -0500, Richard Owlett wrote: > On 04/15/2017 12:24 PM, Brian wrote: > > > >Did you overlook this question? You have said your machine does not > >offer booting from an SD card. Your answer will be interesting. > > Thought I'd answered it elsewhere. Nope. There has been no mention of booting *directly* *from* the SD card until this subthread. > It's on the menu that exists due to the grub on MBR of /dev/sda . So - the card is in its slot on your machine. You do 'update-grub'. There is now an entry in GRUB's menu. That is fine. This is what you are booting from? Your grub.cfg looks similar to what you posted before? If GRUB has been installed to the MBR of the SD card it has absolutely no bearing on the existence of the entry in GRUB's menu. It may as well not be there when GRUB on the MBR of /dev/sda constructs its grub.cfg. > There is an fschk error of some sort that flies by too fast. > Otherwise, runs from SD card. I like "simple"; I'm lost. -- Brian.
Re: customized Grub (was: Possibly erroneous "device not present...)
Richard Owlett composed on 2017-04-15 11:35 (UTC-0500): ... I also discovered there that placing a customized grub in its own partition is not only possible, but recommended in some situations. > I had read somewhere that that option had expired with grub-legacy. That, although taking much time to understand, will solve a *MESS* of grub problems for me ;/ If control is what you want on BIOS disks, limit the action of Grub scripts to / filesystems. Let them do whatever they want, but don't bother using them. Install generic MBR code, put Grub Legacy on an active primary partition, never mount it to /boot, and boot using Grub stanzas you build yourself. At least, that's how I've been doing it for over a decade on more than 25 multiboot machines with as many as 30+ distros each, including on a few systems that include Windows 98, XP, 7, 8 or 10. For this purpose, openSUSE's Grub Legacy, in conjunction with Gfxboot, works best. It facilitates editing on the fly at runtime, which makes it very easy to correct any typos made during manual editing of menu.lst. Trying to use Debian's Grub Legacy is a handicap in that its find command hangs on EXT4 filesystems, limiting utility of its shell. Creating symlinks to current kernels and initrds leaves little editing to be required of the master bootloader's menu.lst. https://www.gnu.org/software/grub/manual/legacy/ When the point is reached that Grub Legacy cannot any more boot an installation I expect I'll try Syslinux or anything else that happens to provide promise as a bootloader before considering Grub2 for anything more than learning exercises. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/
Re: Postfix Dovecot et SSL : SSL23: unknown protocol
Bonsoir J'en suis à la configuration du TLS sur SMTP Voilà la configuration que j'ai pour le moment, et qui n'autorise que TLS 1.2 La configuration é été vérifiée successivement avec le site suivant htt ps://ssl-tools.net/mailservers Il considère une configuration fiable si TLS 1.0 ou 1.1 sont permis, mais je compte bien les bannir, sauf si quelque chose m'oblige à revenir en arrière. C'est un extrait de mon /etc/postfix/main.cf ; smtpd_tls_security_level = encryptsmtpd_tls_received_header = nosmtpd_tls_auth_only = yessmtpd_tls_loglevel = 1smtpd_tls_cert_file = /path/to/cert.pemsmtpd_tls_key_file = /path/to/priv.keysmtpd_use_tls = yessmtp_tls_note_starttls_offer = yessmtpd_tls_session_cache_timeout = 3600ssmtpd_tls_exclude_ciphers = aNULL, MD5, DES, 3DES, DES-CBC3-SHA, RC4-SHA, AES256-SHA, AES128-SHAtls_high_cipherlist = ECDH+aRSA+AES256:ECDH+aRSA+AES128:AES256-SHA:DES-CBC3- SHAsmtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1smtpd_tls_mandatory_protocols = TLSv1.2 Le vendredi 14 avril 2017 à 22:32 +0200, andre_deb...@numericable.fr a écrit : > On Tuesday 04 April 2017 10:43:15 Thierry Bugier Pineau wrote: > > le sujet a achevé de me motiver pour m'y remettre aussi. D'où mon > > silence. J'ai préparé postfix, je continue avec Dovecot dans les > jours > > à venir et ensuite je m'attaque au TLS pour atteindre le même > niveau de > > progression et donner un coup de main. > > J'essaie aussi de créer un script shell (très sommaire) pour rendre > la > > configuration maintenable et reproductible (que je partagerai > > volontiers sur github). > > On Tuesday 04 April 2017 14:12:45 andre_deb...@numericable.fr wrote: > > Je l'attends avec plaisir, merci d'avance. > > Ça fait longtemps que dovecot + certificats me posent soucis... :-) > > Bonne journée, André > > Je n'ai pas reçu de réponse à cette promesse ci-dessus... :-) > > André > >
Re: Possibly erroneous "device not present" message during boot
Richard Owlett wrote: ... > I don't know how many times I've *MIS*read that last sentence ;< > Mentally I was correcting non-existent typos, thus totally garbling it. > I just spent several hours wandering thru grub files and loosely related > documentation. > I've ended up at > www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config > which says "Currently autogenerating config files for multi-boot > environments depends on os-prober and has several shortcomings. ..." > I also discovered there that placing a customized grub in its own > partition is not only possible, but recommended in some situations. I > had read somewhere that that option had expired with grub-legacy. That, > although taking much time to understand, will solve a *MESS* of grub > problems for me ;/ i hope so. :) for me the conceptual trouble started ages ago when i thought that "update-grub" and os-prober would go out and find all the other little grubs and get them all in sync. my most recent round of grubismo dealing with the USB stick educated me a little about that misconception and helped me figure out the custom menu entry and chain loading. as usual, i still have much to learn... songbird
Re: Possibly erroneous "device not present" message during boot
On 04/15/2017 12:14 PM, Pascal Hambourg wrote: Le 15/04/2017 à 16:28, David Wright a écrit : On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote: A SD card reader such as the one the OP has just exposes the SD card as what it is, a SD/MMC card (/dev/mmcblk*). I assumed that the OP, writing about a laptop, had no card reader, and was inserting the SD card directly into the computer. How do you name that slot on the laptop or desktop where you insert the SD card, if not an embedded card reader ? As it happens, if you do this with the ancient laptop I'm typing on, it has the functionality of a card reader built into it and you get a /dev/sd*, and that can be boot an SD card directly. So there seems to be at least two kinds of SD card reader : those which expose themselves as a USB mass storage device and those which expose themselves as a SD/MMC device. I have a couple of desktops with an embedded multi-card reader, connected to an internal USB port on the motherboard. But I do not have any SD card (no use), so I never checked to see what kind they are. From https://www.cnet.com/products/lenovo-thinkpad-t510/specs/ I apparently have Card Reader Type 5 in 1 card reader Supported Flash Memory Stick, Memory Stick PRO, MultiMediaCard, Memory SD Memory Card, SDHC Memory Card
Re: Possibly erroneous "device not present" message during boot
On 04/15/2017 12:24 PM, Brian wrote: On Sat 15 Apr 2017 at 11:52:09 -0500, Richard Owlett wrote: On 04/15/2017 05:24 AM, Brian wrote: Now for a big "but". :) Your previous 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' stanza had linux /boot/vmlinuz-3.16.0-4-686-pae root=/dev/mmcblk0p1 This one has linux /boot/vmlinuz-3.16.0-4-686-pae root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet The UUID has changed (I think you said you had done this) but the kernel now looks for init using the UUID rather than on /dev/mmcblk0p1. How did you manage to get something significantly different? During the first install of Debian to the SD card I allowed the installer to create a single partition filling the whole card. The primary purpose of that install was a brute force determination of whether or not my individual machine could read/write an SD card. The machine was a replacement for a different used machine purchased from the vendor. My accepting the SD card was dependent on that test. I had reinstalled Debian to a more reasonably sized partition. That would explain a changed UUID. During the reinstall I experimented with installing grub to the MBR of the SD card. No grub was installed the first time. The UUID change is understandable. But hey - you've altered the ground rules! Now, it seems, you are exploring booting from the card itself rather than from GRUB on a hard disk. I considered a safe test as the BIOS does not list it as a possible boot device. Among other goodies I've ordered an USB SD card reader. We'll know more in ~1 week. And, more to the point, is there booting from the card without any error messages? Did you overlook this question? You have said your machine does not offer booting from an SD card. Your answer will be interesting. Thought I'd answered it elsewhere. It's on the menu that exists due to the grub on MBR of /dev/sda . There is an fschk error of some sort that flies by too fast. Otherwise, runs from SD card.
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 11:35:14 -0500, Richard Owlett wrote: > On 04/14/2017 01:19 PM, Brian wrote: > >[snip] > > > >> 2. I only install Grub the *first* time I do a Debian install. > >>By poor design Grub puts the current install first on menu. > >>When experimenting with configuration as I do, the least > >>likely install to be functional is the latest. > >>This requires me to run update-grub on the "good" install. > > > >That's ok. I tend to be more promiscuous; usually on a whim, like > >wanting to put a particular entry at the top of GRUB's menu list. > > > >When you do 'update-grub' do you still get no "set root=" line for the > >SD card in the grub.cfg? > >[snip] > > I don't know how many times I've *MIS*read that last sentence ;< > Mentally I was correcting non-existent typos, thus totally garbling it. > I just spent several hours wandering thru grub files and loosely related > documentation. > I've ended up at > www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config > which says "Currently autogenerating config files for multi-boot > environments depends on os-prober and has several shortcomings. ..." > I also discovered there that placing a customized grub in its own partition > is not only possible, but recommended in some situations. I had read > somewhere that that option had expired with grub-legacy. That, although > taking much time to understand, will solve a *MESS* of grub problems for me > ;/ Treading GRUB's byways isn't for me today. Your only problem as far as I am concerned is the one expressed in your first post. Even that is of no great consequence and the visibilty of the message is easily dealt with in a custom GRUB stanza. Adopt the pragmatic approach. -- Brian.
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 19:20:58 +0200, Pascal Hambourg wrote: > Le 15/04/2017 à 12:44, Brian a écrit : > > > >simple install=some control of d-i. > >expert install=total control of d-i. > > Expert install gives more control, but is far from granting total control. > The Debian installer still has many automated actions that you cannot > control even in expert mode. I had a feeling while writing that this response might come. It's correct. "much more" instead of "total"? -- Brian.
Re: Possibly erroneous "device not present" message during boot
Le 15/04/2017 à 15:55, songbird a écrit : maybe grub needs something provided by the modules: usbms, ehci, uhci or ohci? Be careful if you're going to use driver modules (USB, PATA, AHCI...) to get direct access to a device. It disables access to *all* devices through the BIOS, including the device GRUB was booted from and reads its own files.
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 11:52:09 -0500, Richard Owlett wrote: > On 04/15/2017 05:24 AM, Brian wrote: > > > >Now for a big "but". :) > > > >Your previous 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' stanza had > > > > linux /boot/vmlinuz-3.16.0-4-686-pae root=/dev/mmcblk0p1 > > > >This one has > > > > linux /boot/vmlinuz-3.16.0-4-686-pae > > root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet > > > >The UUID has changed (I think you said you had done this) but the kernel > >now looks for init using the UUID rather than on /dev/mmcblk0p1. How did > >you manage to get something significantly different? > > During the first install of Debian to the SD card I allowed the installer to > create a single partition filling the whole card. The primary purpose of > that install was a brute force determination of whether or not my individual > machine could read/write an SD card. The machine was a replacement for a > different used machine purchased from the vendor. My accepting the SD card > was dependent on that test. > > I had reinstalled Debian to a more reasonably sized partition. That would > explain a changed UUID. During the reinstall I experimented with installing > grub to the MBR of the SD card. No grub was installed the first time. The UUID change is understandable. But hey - you've altered the ground rules! Now, it seems, you are exploring booting from the card itself rather than from GRUB on a hard disk. > >And, more to the point, is there booting from the card without any error > >messages? Did you overlook this question? You have said your machine does not offer booting from an SD card. Your answer will be interesting. -- Brian.
Re: In Stretch, gcc producing position independent binaries by default?
Hi. On Sat, 15 Apr 2017 14:39:49 + (UTC) Neoklis Kyriaziswrote: > > >They patched gcc to produce PIE by default - and that's one of Debian > >stretch release goals. See: > > > >https://wiki.debian.org/Hardening/PIEByDefaultTransition > > > Ah thanks! New to Debian so I was not aware of this. My problem though > is that filers like ROX and pcmanfm do not start PIE executables by > clicking on them because they are seen as shared objects. Yes, that's known problem. I recall seeing some heated discussions about it, but cannot find the links (was it PIE for Mozilla's built Firefox? - my memory fails me). The current consensus for graphical file managers on this seems to be 'yes, PIE executables are broken in this regard, but developer should provide a .desktop file anyway'. Not that I agree with such approach (on graphical file managers, PIE is ok idea), but they took it. > Anyhow, I expect there are now recommended CFLAGS for gcc when compiling > binaries for Debian, right? For 3 last major releases at least. Run 'dpkg-buildflags --get CFLAGS' to see them. And don't forget 'dpkg-buildflags --get LDFLAGS' for the linker. Please note then one's using so called 'sane' build system (autotools, cmake, etc) - the debhelper usually takes care of recommended CFLAGS and LDFLAGS by itself. Reco
Re: Possibly erroneous "device not present" message during boot
Le 15/04/2017 à 12:44, Brian a écrit : simple install=some control of d-i. expert install=total control of d-i. Expert install gives more control, but is far from granting total control. The Debian installer still has many automated actions that you cannot control even in expert mode.
Re: Possibly erroneous "device not present" message during boot
Le 15/04/2017 à 16:28, David Wright a écrit : On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote: A SD card reader such as the one the OP has just exposes the SD card as what it is, a SD/MMC card (/dev/mmcblk*). I assumed that the OP, writing about a laptop, had no card reader, and was inserting the SD card directly into the computer. How do you name that slot on the laptop or desktop where you insert the SD card, if not an embedded card reader ? As it happens, if you do this with the ancient laptop I'm typing on, it has the functionality of a card reader built into it and you get a /dev/sd*, and that can be boot an SD card directly. So there seems to be at least two kinds of SD card reader : those which expose themselves as a USB mass storage device and those which expose themselves as a SD/MMC device. I have a couple of desktops with an embedded multi-card reader, connected to an internal USB port on the motherboard. But I do not have any SD card (no use), so I never checked to see what kind they are.
Re: ssl isues are Eating me alive.
Hi. On Sat, 15 Apr 2017 15:14:29 + (UTC) david...@freevolt.org wrote: > On Fri, 14 Apr 2017, Reco wrote: > > > Hi. > > > > On Thu, Apr 13, 2017 at 01:01:24PM -0400, Greg Wooledge wrote: > >> On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote: > >>> This started out a year or so ago with the occasional site in > >>> which lynx would report that it was unable to establish a TLS > >>> connection with this or that site. [...] > >> > >> It's not just lynx. It's EVERY single terminal-based browser, and > >> as you noticed, it gets worse every day. > >> > >> Apparently all of the terminal-based browsers in wheezy and jessie are > >> linked with libgnutls instead of libopenssl, and libgnutls (at least as > >> provided by jessie) is completely incapable of forming an SSL connection > >> with half of the Web. > > > > There's one notable exception to this in jessie and it's called w3m. > > > > $ ldd /usr/bin/w3m | grep ssl > >libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 > > In wheezy (at least) I've noticed that curl can also cope, when lynx > (and wget) cannot. AFAIK jessie is the last Debian release that provides curl linked with openssl. Reco
Re: Possibly erroneous "device not present" message during boot
On 04/15/2017 05:24 AM, Brian wrote: On Fri 14 Apr 2017 at 13:33:40 -0500, Richard Owlett wrote: On 04/14/2017 12:24 PM, Brian wrote: Everything GRUB knows about devices comes from what the BIOS tells it. They are more than just good friends. :) It appears from 'ls' at a GRUB prompt that your GRUB does not know about your SD card. Booting takes place but GRUB takes its time to think about what it should do about not finding something it has been told to search for. In the end, it decides to go ahead, but in some cases it wouldn't. That would dispel your present mood of happiness. While we are it it: your update-grub stanza does not contain a line with set root=" in it. Could this possibly be a copy and paste error? I ask because the line is present on Jessie and testing when the device is a USB stick. Just to eliminate any source of copy errors, here is the full contents of grub.cfg created just prior to my most recent post (https://lists.debian.org/debian-user/2017/04/msg00468.html). It refers to the 2 new installs I mentioned in that post. Thank you. ### BEGIN /etc/grub.d/30_os-prober ### menuentry 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-simple-e57b2c64-74ec-4184-af71-d807e07f07dd' { insmod part_msdos insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root e57b2c64-74ec-4184-af71-d807e07f07dd else search --no-floppy --fs-uuid --set=root e57b2c64-74ec-4184-af71-d807e07f07dd fi linux /boot/vmlinuz-3.16.0-4-686-pae root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet initrd /boot/initrd.img-3.16.0-4-686-pae } Definitely no "set root=" line. We will have to give GRUB credit for knowing what it is doing. The absence of this line probably accounts for your previous successful booting. With such a line you would possibly have got "cannot get C/H/S values" as an error message. This throws booting back to the GRUB menu. Now for a big "but". :) Your previous 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' stanza had linux /boot/vmlinuz-3.16.0-4-686-pae root=/dev/mmcblk0p1 This one has linux /boot/vmlinuz-3.16.0-4-686-pae root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet The UUID has changed (I think you said you had done this) but the kernel now looks for init using the UUID rather than on /dev/mmcblk0p1. How did you manage to get something significantly different? During the first install of Debian to the SD card I allowed the installer to create a single partition filling the whole card. The primary purpose of that install was a brute force determination of whether or not my individual machine could read/write an SD card. The machine was a replacement for a different used machine purchased from the vendor. My accepting the SD card was dependent on that test. I had reinstalled Debian to a more reasonably sized partition. That would explain a changed UUID. During the reinstall I experimented with installing grub to the MBR of the SD card. No grub was installed the first time. And, more to the point, is there booting from the card without any error messages?
Re: Possibly erroneous "device not present" message during boot
On 04/14/2017 01:19 PM, Brian wrote: [snip] 2. I only install Grub the *first* time I do a Debian install. By poor design Grub puts the current install first on menu. When experimenting with configuration as I do, the least likely install to be functional is the latest. This requires me to run update-grub on the "good" install. That's ok. I tend to be more promiscuous; usually on a whim, like wanting to put a particular entry at the top of GRUB's menu list. When you do 'update-grub' do you still get no "set root=" line for the SD card in the grub.cfg? [snip] I don't know how many times I've *MIS*read that last sentence ;< Mentally I was correcting non-existent typos, thus totally garbling it. I just spent several hours wandering thru grub files and loosely related documentation. I've ended up at www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config which says "Currently autogenerating config files for multi-boot environments depends on os-prober and has several shortcomings. ..." I also discovered there that placing a customized grub in its own partition is not only possible, but recommended in some situations. I had read somewhere that that option had expired with grub-legacy. That, although taking much time to understand, will solve a *MESS* of grub problems for me ;/
Re: ssl isues are Eating me alive.
On Fri, 14 Apr 2017, Reco wrote: Hi. On Thu, Apr 13, 2017 at 01:01:24PM -0400, Greg Wooledge wrote: On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote: This started out a year or so ago with the occasional site in which lynx would report that it was unable to establish a TLS connection with this or that site. [...] It's not just lynx. It's EVERY single terminal-based browser, and as you noticed, it gets worse every day. Apparently all of the terminal-based browsers in wheezy and jessie are linked with libgnutls instead of libopenssl, and libgnutls (at least as provided by jessie) is completely incapable of forming an SSL connection with half of the Web. There's one notable exception to this in jessie and it's called w3m. $ ldd /usr/bin/w3m | grep ssl libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 In wheezy (at least) I've noticed that curl can also cope, when lynx (and wget) cannot.
Re: Possibly erroneous "device not present" message during boot
On Sat 15 Apr 2017 at 11:05:12 (+0200), Pascal Hambourg wrote: > Le 15/04/2017 à 02:37, David Wright a écrit : > > > >Of course, an SD card can be > >made to look like a USB stick just by sticking it in a card reader. > > I guess you mean "in a USB-to-SD card adapter", which translates a > SD card into a USB mass storage device (/dev/sd*). Yes, you guess correctly. Writing 40 years ago, I would use those same words to describe a washing-machine sized object for reading punched cards. Nowadays, if you type "card reader" into google, you will be proffered several more sophisticated ones than mine, together with some different varieties of credit card reader. > A SD card reader such as the one the OP has just exposes the SD card > as what it is, a SD/MMC card (/dev/mmcblk*). I assumed that the OP, writing about a laptop, had no card reader, and was inserting the SD card directly into the computer. As it happens, if you do this with the ancient laptop I'm typing on, it has the functionality of a card reader built into it and you get a /dev/sd*, and that can be boot an SD card directly. Cheers, David.
Re: In Stretch, gcc producing position independent binaries by default?
Hi. On Sat, 15 Apr 2017 13:50:59 + (UTC) Neoklis Kyriaziswrote: > Hi, > > I have recently completed my first installation of Debian (stretch) > and I am compiling some apps from source. I have noticed that filers > show binaries produce by gcc as being shared library objects instead > of just ELF executables. > > I eventually, by searching, I worked around this by specifying the > > -no-pie flag in CFLAGS but I would like to know if gcc is by default > set up to produce > position independent binaries or if I have not set up things correctly. They patched gcc to produce PIE by default - and that's one of Debian stretch release goals. See: https://wiki.debian.org/Hardening/PIEByDefaultTransition Reco
Re: Possibly erroneous "device not present" message during boot
Brian wrote: > songbird wrote: > >> what i would do for grins is unplug the >> devices other than the SSD and the installation >> media and then do a base system (simple install >> - not expert) and see what the installer does >> detect and writes in the fstab and grub menu >> (it may even boot). you may then use those > > This is cargo cult. thus my expression "for grins". ;) i noticed my own lack of previous comprehension as i thought all along the OP was putting things on an SSD device and not a SD chip. my SD reader is on a USB header device with many other things. maybe grub needs something provided by the modules: usbms, ehci, uhci or ohci? these can be tested at the command line and then doing ls -l to see if the device shows up or not... > simple install=some control of d-i. > expert install=total control of d-i. > > In both cases the OP does not want to install a boot loader to the > device. dd can get rid of it easily enough. i think the possible confusion for a more ancient machine may be cleared up enough to get workable bits. how we get to workable bits may be a different route, but in the end if they work we have gotten to the cheese in this particular maze of twisty-turny passages even if they all look alike (1's and 0's). songbird
Re: Possibly erroneous "device not present" message during boot
Brian wrote: ... > And, more to the point, is there booting from the card without any error > messages? ... and as additional info you can adjust some things in grub via editing /etc/default/grub (and running update-grub) if you don't like how the menu is being generated. songbird
Re: ZSH affiche l'erreur : zsh: bad pattern: e[0
Je pense que cela dépend plus de la commande utilisée que du shell. Regarde déjà sur tu as accès à l’option « -e » avec echo en lisant le man. Sinon, tu peux toujours essayer avec un « printf »… > Le 15 avr. 2017 à 12:54, Étienne Molliera écrit > : > > Bonjour, > > On 04/15/2017 12:00 PM, G2PC wrote: >> *Afficher un ascii art au lancement de votre terminal* >> >> Le code suivant avec ZSH affiche l'erreur : zsh: bad pattern: e[0 >> >> \e[0;36m. >> zsh: bad pattern: e[0 >> >> >> Avez vous une piste pour permettre l'affichage ? > > On dirait que zsh tente d'interprêter ton code d'échappement au > lieu de le passer au terminal. As-tu protégé ta chaîne de caractères > avec des doubles quotes? > > Normalement la commande suivante devrait t'afficher un point vert: > > echo -e "\e[0;36m." > > J'ai fait le test en bash, mais le comportement devrait être assez > voisin de celui de zsh dans ce cas. > > À plus, > -- > Étienne Mollier > -- Pierre Malard « Tous les Français ambitionnent pour la France un grand rôle dans le monde. Ce n'est point par des aventures guerrières qu'elle le trouvera, c'est en donnant aux peuples l'exemple et le signal de justice. » Jean Jaures - "L'idéal de justice" - 1889 |\ _,,,---,,_ /,`.-'`'-. ;-;;,_ |,4- ) )-,_. ,\ ( `'-' '---''(_/--' `-'\_) πr perl -e '$_=q#: 3|\ 5_,3-3,2_: 3/,`.'"'"'`'"'"' 5-. ;-;;,_: |,A- ) )-,_. ,\ ( `'"'"'-'"'"': '"'"'-3'"'"'2(_/--'"'"' `-'"'"'\_): 24πr::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' - --> Ce message n’engage que son auteur <-- signature.asc Description: Message signed with OpenPGP
Re: ZSH affiche l'erreur : zsh: bad pattern: e[0
Bonjour, On 04/15/2017 12:00 PM, G2PC wrote: > *Afficher un ascii art au lancement de votre terminal* > > Le code suivant avec ZSH affiche l'erreur : zsh: bad pattern: e[0 > > \e[0;36m. > zsh: bad pattern: e[0 > > > Avez vous une piste pour permettre l'affichage ? On dirait que zsh tente d'interprêter ton code d'échappement au lieu de le passer au terminal. As-tu protégé ta chaîne de caractères avec des doubles quotes? Normalement la commande suivante devrait t'afficher un point vert: echo -e "\e[0;36m." J'ai fait le test en bash, mais le comportement devrait être assez voisin de celui de zsh dans ce cas. À plus, -- Étienne Mollier
Re: Possibly erroneous "device not present" message during boot
On Fri 14 Apr 2017 at 20:02:11 -0400, songbird wrote: > what i would do for grins is unplug the > devices other than the SSD and the installation > media and then do a base system (simple install > - not expert) and see what the installer does > detect and writes in the fstab and grub menu > (it may even boot). you may then use those This is cargo cult. simple install=some control of d-i. expert install=total control of d-i. In both cases the OP does not want to install a boot loader to the device. -- Brian.
Re: Certificats https aléatoires suivant les navigateurs
Slt, Peut être hors sujet mais j'ai déjà eu ce orb lorsque l'heure était mal configuré sur le serveur et/ou le client. Cdt Sebastien Le 15 avr. 2017 12:33 PM, "Thierry Bugier Pineau"a écrit : > Essayez let's encrypt. Cela dit je suis étonné que ceux d'OVH ne > fonctionnement pas. Avez vous configuré le serveur pour fournir la chaine > de certificats ? > > Le serveur donne au client son certificat (que vous avez apparemment > configuré), mais doit aussi donner les certificats des autorités de > certification intermédiaires jusqu'à une autorité reconnue par les clients. > C'est ce qu'on appelle parfois la "CA chain". > > Et oubliez startssl : leurs certificats ne seront plus acceptés par > firefox et chrome d'ici quelques semaines, si ce n'est pas déjà fait. Ils > ont été rachetés par une autorité ayant de mauvaises pratiques. Google l'a > annoncé, Mozilla aussi. > > Avoir un OS à jour a une influence sur les autorités reconnues (fiables). > Récemment sur Debian, j'ai vu pas mal de changement sur les autorités de > certification incluses dans l'OS (Sid). On en ajoute, et parfois on en > retire. > > Le 15 avril 2017 11:22:14 GMT+02:00, andre_deb...@numericable.fr a écrit : >> >> Bonjour, >> >> J'ai installé sur un serveur Web, >> - les certificats StartSSL (gratuits) toujours valides, >> - et j'ai acheté les certificats tout récemment chez OVH. >> >> Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany, >> le site Web affiche une erreur de certificats, >> que ce soient avec les certificats d'OVH ou de StartSSL. >> >> Ça marche avec un ou deux navigateurs et pas avec d'autres, >> et vice versa. >> >> Quels certificats fonctionnent quelquesoient les navigateurs ? >> >> Merci, >> >> André >> >> > -- > Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma > brièveté. >
Re: Possibly erroneous "device not present" message during boot
On Fri 14 Apr 2017 at 13:33:40 -0500, Richard Owlett wrote: > On 04/14/2017 12:24 PM, Brian wrote: > > > >Everything GRUB knows about devices comes from what the BIOS tells it. > >They are more than just good friends. :) > > > >It appears from 'ls' at a GRUB prompt that your GRUB does not know about > >your SD card. Booting takes place but GRUB takes its time to think about > >what it should do about not finding something it has been told to search > >for. In the end, it decides to go ahead, but in some cases it wouldn't. > >That would dispel your present mood of happiness. > > > >While we are it it: your update-grub stanza does not contain a line with > >set root=" in it. Could this possibly be a copy and paste error? I ask > >because the line is present on Jessie and testing when the device is a > >USB stick. > > Just to eliminate any source of copy errors, here is the full contents of > grub.cfg created just prior to my most recent post > (https://lists.debian.org/debian-user/2017/04/msg00468.html). It refers to > the 2 new installs I mentioned in that post. Thank you. > ### BEGIN /etc/grub.d/30_os-prober ### > menuentry 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' --class gnu-linux > --class gnu --class os $menuentry_id_option > 'osprober-gnulinux-simple-e57b2c64-74ec-4184-af71-d807e07f07dd' { > insmod part_msdos > insmod ext2 > if [ x$feature_platform_search_hint = xy ]; then > search --no-floppy --fs-uuid --set=root > e57b2c64-74ec-4184-af71-d807e07f07dd > else > search --no-floppy --fs-uuid --set=root > e57b2c64-74ec-4184-af71-d807e07f07dd > fi > linux /boot/vmlinuz-3.16.0-4-686-pae > root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet > initrd /boot/initrd.img-3.16.0-4-686-pae > } Definitely no "set root=" line. We will have to give GRUB credit for knowing what it is doing. The absence of this line probably accounts for your previous successful booting. With such a line you would possibly have got "cannot get C/H/S values" as an error message. This throws booting back to the GRUB menu. Now for a big "but". :) Your previous 'Debian GNU/Linux (8.6) (on /dev/mmcblk0p1)' stanza had linux /boot/vmlinuz-3.16.0-4-686-pae root=/dev/mmcblk0p1 This one has linux /boot/vmlinuz-3.16.0-4-686-pae root=UUID=e57b2c64-74ec-4184-af71-d807e07f07dd ro quiet The UUID has changed (I think you said you had done this) but the kernel now looks for init using the UUID rather than on /dev/mmcblk0p1. How did you manage to get something significantly different? And, more to the point, is there booting from the card without any error messages? -- Brian.
Re: Certificats https aléatoires suivant les navigateurs
Essayez let's encrypt. Cela dit je suis étonné que ceux d'OVH ne fonctionnement pas. Avez vous configuré le serveur pour fournir la chaine de certificats ? Le serveur donne au client son certificat (que vous avez apparemment configuré), mais doit aussi donner les certificats des autorités de certification intermédiaires jusqu'à une autorité reconnue par les clients. C'est ce qu'on appelle parfois la "CA chain". Et oubliez startssl : leurs certificats ne seront plus acceptés par firefox et chrome d'ici quelques semaines, si ce n'est pas déjà fait. Ils ont été rachetés par une autorité ayant de mauvaises pratiques. Google l'a annoncé, Mozilla aussi. Avoir un OS à jour a une influence sur les autorités reconnues (fiables). Récemment sur Debian, j'ai vu pas mal de changement sur les autorités de certification incluses dans l'OS (Sid). On en ajoute, et parfois on en retire. Le 15 avril 2017 11:22:14 GMT+02:00, andre_deb...@numericable.fr a écrit : >Bonjour, > >J'ai installé sur un serveur Web, >- les certificats StartSSL (gratuits) toujours valides, >- et j'ai acheté les certificats tout récemment chez OVH. > >Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany, >le site Web affiche une erreur de certificats, >que ce soient avec les certificats d'OVH ou de StartSSL. > >Ça marche avec un ou deux navigateurs et pas avec d'autres, >et vice versa. > >Quels certificats fonctionnent quelquesoient les navigateurs ? > >Merci, > >André -- Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
ZSH affiche l'erreur : zsh: bad pattern: e[0
*Afficher un ascii art au lancement de votre terminal* Le code suivant avec ZSH affiche l'erreur : zsh: bad pattern: e[0 \e[0;36m. zsh: bad pattern: e[0 Avez vous une piste pour permettre l'affichage ? Exemple : https://www.visionduweb.eu/forum/os-gnu-linux/1148-afficher-un-ascii-art-au-lancement-de-votre-terminal
Re: Certificats https aléatoires suivant les navigateurs
Hello, Dans ta conf Apache tu as bien positionné la chaîne d'AC qui a émis les certificats (la directive est SSLCertificateChainFile) ? Si l'AC root est déjà trust par ta machine ou par le navigateur, tu as besoin de mettre au moins toutes les AC sauf la root, maps c'est souvent plus "propre" de mettre toute la chaîne. Si l'AC root n'est pas trust, tu auras toujours des exceptions parce que les autorités ne sont pas "de confiance" pour ta machine/navigateur. Jonathan Le 15 avr. 2017 11:22 AM,a écrit : > Bonjour, > > J'ai installé sur un serveur Web, > - les certificats StartSSL (gratuits) toujours valides, > - et j'ai acheté les certificats tout récemment chez OVH. > > Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany, > le site Web affiche une erreur de certificats, > que ce soient avec les certificats d'OVH ou de StartSSL. > > Ça marche avec un ou deux navigateurs et pas avec d'autres, > et vice versa. > > Quels certificats fonctionnent quelquesoient les navigateurs ? > > Merci, > > André > >
Certificats https aléatoires suivant les navigateurs
Bonjour, J'ai installé sur un serveur Web, - les certificats StartSSL (gratuits) toujours valides, - et j'ai acheté les certificats tout récemment chez OVH. Suivant les navigateurs, Firefox, TOR, Chrome, Opera, Epiphany, le site Web affiche une erreur de certificats, que ce soient avec les certificats d'OVH ou de StartSSL. Ça marche avec un ou deux navigateurs et pas avec d'autres, et vice versa. Quels certificats fonctionnent quelquesoient les navigateurs ? Merci, André
Re: Possibly erroneous "device not present" message during boot
Le 15/04/2017 à 02:37, David Wright a écrit : Of course, an SD card can be made to look like a USB stick just by sticking it in a card reader. I guess you mean "in a USB-to-SD card adapter", which translates a SD card into a USB mass storage device (/dev/sd*). A SD card reader such as the one the OP has just exposes the SD card as what it is, a SD/MMC card (/dev/mmcblk*).
Re: [Serveur mail] Bonnes pratiques et conseils
Toutes les discussions sur les serveurs mails attisent pour m'y remettre. Je vais retenter l'expérience, nettoyer mes notes et partager. Si ça peut rendre service à quelques uns, et bien, et j'en profiterai pour demander quelques renseignements sur des points d'architecture que je veux réaliser : 1 samba 4 par domaine et des serveurs frontaux. Pour apprendre, utiliser, et ne pas dépendre de solutions clé en main qui au final restreignent les libertés en terne de gestion, compréhension et maintenance Le 1 avril 2017 18:12:35 GMT+02:00, Louis-Philippea écrit : >Bonjour, > >Je ne connais pas tous les logiciels que tu as installés, mais il y >aussi >PostGrey (en package Debian) que je commence à utiliser. >De ce que j'ai compris, si le triplet "expéditeur, serveur et >destinataire" >existe dans ma base de données (mon serveur de mail) et a été utilisé >récemment(ex dans le dernier mois), il passe librement, sinon, il >redemande >au serveur de l'expéditeur une nouvelle expédition du mail. Les >serveurs de >spams ne réexpédient pas un courriel en général. > >Et tout ça, avant qu'ils soient analysés pour vérifier si c'est un SPAM >ou >virus. La charge de ton serveur est donc réduite de beaucoup... > >Le seul désavantage que j'ai constaté, si le triplet n'existe pas et >que le >courriel est légitime, le courriel peut prendre 5-10 minutes avant >d'arriver... et nous n'avons pas de contrôle sur ce délai car c'est le >serveur de l'expéditeur qui décide quand le renvoyer. > >Cordialement, > > >Le 1 avril 2017 à 06:12, Kévin Gaspard a >écrit : > >> Bonjour à toutes et à tous, >> >> (je n'ai jamais participé à de ML, merci de me faire part de mes >erreurs >> mais avec un soupçon d'indulgence s'il vous plaît) >> >> J'ai il y a peu terminé la configuration d'un serveur mail, qui >> fonctionne, avec les composants suivants: >> >> - Debian 8 >> - IPTables + Fail2Ban >> - Postfix + Postscreen (avec 3 listes RBL) >> - Dovecot >> - MariaDB >> - RSpamD avec sa web UI >> - ClamAV >> - OpenDKIM + SPF (paquet: postfix-policyd-spf-python) >> - Certificat Let's Encrypt (4096 bits) pour imap.domain.tld et un >autre >> pour smtp.domain.tld >> >> Tout ça provenant des dépôts officiels de Debian, je n'ai rien >compilé ou >> récupéré sur github. >> >> Pour tester tout ça, j'ai effectué les actions suivantes: >> >> - Envoie de mail à partir d'une adresse de domain.tld (sur une >adresse >> gandi et une gmail) >> - Réception de mail à partir d'adresses gandi et gmail vers >domain.tld >> - Envoie d'une signature EICAR en pièce jointe pour tester ClamAV >> - Je suis en plein envoie massif de spam (depuis bientôt deux jours) >via >> un site qui inscrit une adresse e-mail donné sur un maximum de >formulaire >> sur le web, connu pour envoyer des mails en retour. Je suis à environ >27000 >> formulaires remplis, et seulement ~80 mails sont parvenu jusqu'à ma >boîte >> poubelle, et ces mails sont des inscriptions à des ML (du genre >redhat.com), >> donc aucun véritable spam pour le moment. Tout semble avoir été >filtré par >> le DKIM et le SPF (faut savoir qu'en testant ce site avec un gmail, >j'avais >> plusieurs mails à la minute me demandant si je voulais une petite >copine >> russe ou ce genre de truc dans les spams). >> >> Je sais que je n'ai pas terminé, je dois encore donner des cours à >RSpamD >> pour qu'ils servent à quelque chose (il n'a encore rien filtré) et je >dois >> encore voir pour réceptionner les logs de mon serveur vers mon >desktop >> (e-mail de notification, logwatch etc). Sans compter un véritable >système >> de backup digne de ce nom. Aussi, je ne crois pas avoir configuré >Fail2Ban >> pour travailler de paire avec l'authentification de mon serveur mail >(qui >> se passe avec Dovecot). >> RoundCube est aussi envisagé pour la mobilité. >> >> J'aimerai avoir vos avis sur ce qui me resterai à faire comme test, >voir >> comme configuration ou ajout de logiciels, ce que je devrai penser à >la >> suite, quels sont les pièges de débutant à éviter... Bref je me sens >un peu >> perdu sur la suite des évènements et je ne sais pas sur quoi je dois >> m'orienter en priorité. >> Le fait que ce serveur mail fonctionne ne veut pas dire que je l'ai >bien >> fais. Je ne m'amuse pas encore à paster de la conf ici, mais si vous >pensez >> que c'est nécessaire je le ferai (en obfusquant ce qui doit l'être >bien >> sûr). >> >> Après deux jours de recherches je suis tombé à cours d'idées, en >somme. >> >> Je vous souhaite à toutes et à tous un excellent week-end. >> >> Cordialement, >> GASPARD Kévin >> >> >> >> > > >-- >Louis-Philippe Gauthier -- Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
Re: Postfix Dovecot et SSL : SSL23: unknown protocol
J'y pense ; il faut juste que je me dégage un peu de temps. Je ne n ai pas vraiment eu pour l'instant. En passant j'ai trouvé sur le wiki de Dovecot un script shell qui permet d'éditer sa configuration via la ligne de commande ou un autre script. C'est partiellement expérimental. On n'a pas d'équivalent à postconf ? Cet outil facilite énormément le travail d'automatisation. Le 14 avril 2017 22:32:21 GMT+02:00, andre_deb...@numericable.fr a écrit : >On Tuesday 04 April 2017 10:43:15 Thierry Bugier Pineau wrote: >> le sujet a achevé de me motiver pour m'y remettre aussi. D'où mon >> silence. J'ai préparé postfix, je continue avec Dovecot dans les >jours >> à venir et ensuite je m'attaque au TLS pour atteindre le même niveau >de >> progression et donner un coup de main. >> J'essaie aussi de créer un script shell (très sommaire) pour rendre >la >> configuration maintenable et reproductible (que je partagerai >> volontiers sur github). > >On Tuesday 04 April 2017 14:12:45 andre_deb...@numericable.fr wrote: >> Je l'attends avec plaisir, merci d'avance. >> Ça fait longtemps que dovecot + certificats me posent soucis... :-) >> Bonne journée, André > >Je n'ai pas reçu de réponse à cette promesse ci-dessus... :-) > >André -- Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.