For Newbies: One line descriptions of important Linux packages

[Cindy Sue Causey]

Hi, and Happy New Year (almost)!

This is something that might be helpful for newbies especially. Was
going through some things on my computer and found a NICE list of
familiar Linux package names with SUPER BRIEF, SUPER SIMPLE one-liners
describing what they do.

The list is from Linux From Scratch:

http://www.linuxfromscratch.org/lfs/view/8.4/prologue/package-choices.html

Personally, I've been seeing some of those package names for MANY
years. This is the first time I finally understood what they do...
instead of them just being e.g. a blip in a long list of other
packages that needed upgraded via apt/apt-get. :)

Hope this helps someone else.

Best wishes!

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with... HOPE  for all things good in the New Year! *

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Sven Hartge]

ghe  wrote:

> Sven and Andrei, I told you lies. The script's not a daemon. I added
> Sven's suggested lines to the .service file, re-enabled it, rebooted,
> and it came up exactly as I wanted it to.

Aha! Thought as much.

While I myself have written daemons in bash, doing so is at least
unusual.

> Do you still want the files?

In that case: no need anymore.

S!

-- 
Sigmentation fault. Core dumped.

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Sven Hartge]

ghe  wrote:
> On 12/31/19 6:09 AM, Sven Hartge wrote:

>> Care to share your Shell-Script? 

> I'd have no problem with that -- it's been very useful to me over the
> years, and I'd be glad for someone to use it.

> However. It was written 20 years ago when I was just figuring out
> Linux and the shell, and it's been 'updated' many times. It's an
> embarrassing mess now. If you're willing to consider it the work of a
> 6 year-old and provide significant slack, I'll gladly publicize it.

In this context I don't care how the script does something, I want to
know *what* it does and how it starts, runs and ends.

This is the relevant part in understanding what is happening to your
system, your unit and why.

S!

-- 
Sigmentation fault. Core dumped.

Nettoyage du spam : décembre 2019

[Jean-Pierre Giraud]

Bonjour,
Comme nous sommes en janvier, il est désormais possible de
traiter les archives du mois de décembre 2019 des listes francophones.

N'oubliez bien sûr pas d'ajouter votre nom à la liste des relecteurs
pour que nous sachions où nous en sommes.

Détails du processus de nettoyage du spam sur :

https://wiki.debian.org/I18n/FrenchSpamClean

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[ghe]

Sven and Andrei, I told you lies. The script's not a daemon. I added
Sven's suggested lines to the .service file, re-enabled it, rebooted,
and it came up exactly as I wanted it to.

Apparently what it does is build an iptables firewall, and quit. Then
when I ask for things, it  comes up, crudely parses my command, and runs
iptables commands to do what I ask.

Like I said, it's been a very long time since I wrote it, and I didn't
know what a daemon was at the time. I thought I did, and there are some
init files imported into the script.

I consider the problem fixed. I thank you for your patience and help.
And I apologize for the bad info I gave you.

Do you still want the files?

-- 
Glenn English

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[ghe]

On 12/31/19 6:09 AM, Sven Hartge wrote:

> Care to share your Shell-Script? 

I'd have no problem with that -- it's been very useful to me over the
years, and I'd be glad for someone to use it.

However. It was written 20 years ago when I was just figuring out Linux
and the shell, and it's been 'updated' many times. It's an embarrassing
mess now. If you're willing to consider it the work of a 6 year-old and
provide significant slack, I'll gladly publicize it.

But let me look into things a bit more first.

-- 
Glenn English

Re: OT: Question about 10/100 switch on a LAN with a faster router

[David Christensen]

On 2019-12-31 05:03, rhkra...@gmail.com wrote:

Mostly an aside: My brother lives in rural podunk USA and he has a fiber optic
connection which his ISP says gives him 500 mbps (I live in a fairly urban
location but can't get fiber)

Background: His ISP says he has a 500 mbps connection which, without having
seen his setup in a number of years, I'm sure there is a modem connected to a
router (or maybe a combination modem router), that, connects to a television
(that is the main user of the 500 mbps, iiuc), a Mac, an ObiHai, and, via
WiFi, to two security cameras.

There is one free Ethernet port on the router (or router modem), and I'm sure
those ports must be 10/100/1000 "autoselect" type ports.

The WiFi "connection" to the security cameras is unreliable, and he would like
to hardwire the security cams to the network (I don't know whether he views
them with the TV or with the Mac, or both, and I'm sure it doesn't matter).

I'm about to recommend that he get a 10/100 5 port Ethernet switch to connect
to the two cameras and then a short cat5 (or better) Ethernet cable to connect
from the switch to the router.

I'm abouit 99.9% sure that using such a switch will not slow down any other
parts of his network, but I don't want to mislead him.

(I do recognize that a 10/100/1000 switch might give him flexibility to use
more faster than 100 mbps devices in the future, but he could also connect
such a new device to the router and move a slower device (e.g., the ObiHai or
the Mac) to the switch.)

Am I missing anything?


Do not waste your money on Fast Ethernet equipment; buy Gigabit or better.


+1 for a power over Ethernet (POE) switch.  Newer WiFi access points, IP 
cameras, etc., have only a POE port; no power port and no AC adapter. 
Connecting a POE-only device to a non-POE switch requires a POE injector 
and AC adapter.



David

Re: Résolu: Résumé et tentative d'explication: Problème avec udevd

[Jean-Marc]

Tue, 31 Dec 2019 15:39:03 +0100
Bureau LxVx  écrivait :

> Bonjour à tous !
> 
> @JMarc

Bonsoir Sylvie,

> [...]
> > Content d'avoir pu t'aider, Sylvie.
> :-D

Très sincèrement.

> >
> >> En fait, j'avais trouvé cette soluce MAIS ...en ajoutant
> >>
> >> 
> >> j'avais "oublié" l'espace qui suivait (pas tech, j'avais dit ...)
> > Pour quelqu'un de "pas tech", c'est impressionant !
> J’espère que ce n'est pas ironique ;-)

Absolument pas.  Je n'oserai pas.
Et éditer des fichiers en plus d'y repérer une erreur de syntaxe, c'est déjà 
très "tech" !
:-)

> > Donc ... merci : mon apprentissage continue par votre aide et par mes 
> > erreurs.
> > Avec grand plaisir !
> >
> > Dernier détail : tu ne mentionnes pas si tu as copié le fichier 
> > 97-hid2hci.rules dans le répertoire /etc/udev/rules.d/ avant de le modifier.
> J'ai suivi tes conseils "à la lettre"...
> >   Se faisant, tu évites qu'il ne soit remis dans sa version originale en 
> > cas de mise à jour du paquet bluez, paquet qui contient ce fichier.
> Compris ! et ça marche  pour l'instant.

Super !

> 
> Deux questions :
> 
>   * quel est le sens de cet ajout ""

udev gère les périphériques de manière dynamique et fonctionne sur base 
d'évènements.
ACTION=="add" dans une règle indique qu'il ne faut suivre la règle uniquement 
que quand l'évènement "add" survient.  Ce qui, dans le cas qui nous occupe, 
permet d'éviter que le système ne boucle.

Il faudrait aussi vérifier sur ton système que udev fait bien son boulot.
Je m'explique.  Si la règle ne s'applique qu'en cas d'évènement de type "add", 
je me demande si /dev est correctement maintenu et que le périphérique qui 
causait la boucle est bien accessible.

Dans le rapport de bogue, une autre suggestion proposait d'utiliser un autre 
pilote plutôt que d'ajouter une limitation basée sur le type d'ACTION.

À voir donc.

>   * pour quelles raisons ne faut-il pas éditer ce fichier ? cf PJ

La phrase qui dit qu'il ne faut pas éditer le fichier vient du fichier original.
N'en tiens pas compte.

> > Et, pour info, ce bogue fait l'objet d'un suivi dans le rapport de bogue 
> > suivant :
> > . https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901965
> J'y ai ajouté quelques infos en espérant relancer les maintainers en vue
> d'une solution définitive.
> [...]
> Merci : je n'aurais pas su faire.

De rien.  J'espère que cela produira l'effet escompté.

> >
> Bon réveillon à tous !
> 
> Bien librement,
> 
> Sylvie

D'excellentes fêtes à toutes et à tous !

Jean-Marc 
https://6jf.be/keys/ED863AD1.txt


pgp3BRAmJQ53A.pgp
Description: PGP signature

Re: No Grub to launch my new Debian 10 with LUKS (UEFI)

[l0f4r0]

Hi Didier,

Thank you for your feedback.

Actually, thinking it would help, I've just deleted my whole Windows 
installation (I just kept its recovery and small reserved partitions) and 
reinstalled Debian 10 with LUKS
It has resolved some of my problems but I have another one: Debian 10 cannot 
launch with Secure Boot activated. As soon as I deactivate Secure Boot, I get 
Grub and then Debian is launching...
It's pretty weird as I thought Debian 10 works out-of-the-box with Secure 
Boot...

Best regards,
l0f4r0


27 déc. 2019 à 11:21 de didier.gau...@gmail.com:

> Le vendredi 27 décembre 2019 08:30:04 UTC+1, l0f...@tuta.io a écrit :
>
>> Hi everyone,
>>
>> I installed some days ago Debian 10 with LVM inside LUKS and specific 
>> formatting (4 logical volumes for /, /home, /var and swap) on my Lenovo 
>> ThinkPad X390 in dual-boot configuration with Windows 10 (which came 
>> preinstalled on this brand new laptop).
>>
>> Everything went well except I can't boot easily on my Debian, I don't even 
>> see Grub. Windows is launched automatically instead.
>> My only solution is to launch a rEFInd USB key, boot on it and select either 
>> "Boot EFI\Boot\grubx64.efi from SYSTEM" or "Boot EFI\debian\grubx64.efi from 
>> SYSTEM" (among 6 options) in order to launch my Debian. It's not very handy 
>> but it seems to indicate I'm not very far from the solution because 
>> everything works fine after that (it proves that my Linux is well 
>> installed)...
>>
>> I've created a thread on LinuxQuestions at 
>> https://www.linuxquestions.org/questions/debian-26/no-grub-to-launch-my-new-debian-10-with-luks-and-lvm-uefi-4175666362/
>> You should get any useful information/details about my situation at this URL 
>> and you will see I've already tried a few operations, with no avail so 
>> far... 
>> As I don't receive any new suggestion from the LQ community during the last 
>> few days, I've decided to write to this ML.
>>
>> I would be very grateful if some people could help me regarding this matter 
>> :)
>> Thank you in advance & Best regards,
>> l0f4r0
>>
>
> Hello,
>
> in your Linuxquestions thread, I see you have already tested some solutions 
> (efbootmgr, grub-install...) to no avail.
>
> Let me share my experience: I have no Lenovo, but have had and still have 
> several HP. HP policy seems to me something like "Let's protect Windows users 
> from undesired problems, Linux and BSD users can care of themselves".
>
> For an slighty old HP laptop, to automatically boot Debian (no matter how I 
> mess with efibootmgr) , I have found no other solution than to rename Windows 
> UEFI entry (and modify Grub in torder to be able to boot windows conveniently)
>
> For a modern HP laptop, it is simpler, after installing Debian, I have to 
> enter the UEFI setup and among various boot options, I can then chose Debian 
> boot manager over Windows boot manager.
>
> If your situation is comparable, any action at OS level (Debian) is 
> superseded by the UEFI settings
>

Re: realtime kernel on ARM hardware

[Andy Smith]

Hello,

On Mon, Dec 30, 2019 at 05:05:07PM -0500, Gene Heskett wrote:
> > Quoting Gene Heskett (2019-12-30 21:00:55)
> >
> > > If debian was serious about supporting the "arm's" that would have
> > > been fixed several years ago by moving that list and its contents to
> > > "debian-arm-devel", and instituting a new "debian-arm-users" list.

[…]

> I detect a smidgeon of tongue in cheek, ;-) but I think it would also 
> help by drawing in those that do have experience in that hdwe.

Have you tried requesting such a list?

https://www.debian.org/MailingLists/HOWTO_start_list

You seem convinced it will help, so why not give it a go? Debian is
entirely run by volunteers.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Pub Key Exchange Between Buster and Windows10

[Dan Ritter]

Martin McCormick wrote: 
> good.  The final step of getting them to connect via shared
> public keys is good from the Windows box to the debian box but
> not completely the other way around as in debian trying to log in to
> Windows10.
> 
>   Going from Windows to Linux, no password is needed to
> remotely execute commands on the Linux system.  For some reason,
> right now, if I try to execute Windows commands remotely from the
> Linux box, I must always enter the password to the Windows box
> and the command runs so the glass is 75% full.

If this were a Linux box running sshd, I would be reading 
/var/log/auth.log for a summary of what was negotiated and/or
rejected.

A casual googling suggests that Win10 actually uses OpenSSHd, 
so the remaining question is where the log files are.

-dsr-

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[tomas]

On Tue, Dec 31, 2019 at 04:23:24PM +0100, Sven Hartge wrote:
> to...@tuxteam.de wrote:
> > On Tue, Dec 31, 2019 at 03:34:34PM +0100, Sven Hartge wrote:

[...]

> >> The usr-merge is already here, if you install Debian Buster [...]

> > or upgrading from a non-user-merge installation :-)
> 
> Sure. it is just a bit tedious to first install Stretch to upgrade to a
> non-usr-merged Buster.

This wasn't meant as a recommendation :-)

Whoever cares about this will hopefully know easier ways to achieve that.

Rather for those who now look at their setup and wonder...

Cheers
-- tomás


signature.asc
Description: Digital signature

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Sven Hartge]

tony  wrote:
> On 31/12/2019 15:34, Sven Hartge wrote:
>> Kenneth Parker  wrote:
>> 
>>> +1 for information, on where System Files are stored on Debian, as well as
>>> for the reminder of the "/usr Merge" that might hit a fan someday.
>> 
>> The usr-merge is already here, if you install Debian Buster. The
>> installer creates a usr-merged filesystem and you, short of remastering
>> the Installer image to remove the option, have no way of configuring
>> this.

> Well, a while ago, I upgrade my stretch to buster, but I see no
> evidence of symlinks to /usr in my root fs. How come?

Only newly installed systems using the Installer from the Debian Buster
ISOs create a usr-merged system. Upgraded sytems are (not yet) affected.

I personally find the way the usr-merge was and is handled quite
annoying and key DDs, starting with the dpkg Maintainer Guillem Jover,
are also not impressed by the way this was pressed into service, kind of
at the last minute while concerns with it were not addressed.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Greg Wooledge]

On Tue, Dec 31, 2019 at 04:02:46PM +0100, tony wrote:
> Well, a while ago, I upgrade my stretch to buster, but I see no evidence
> of symlinks to /usr in my root fs. How come?

https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html#merged-usr
https://wiki.debian.org/UsrMerge

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[tony]

On 31/12/2019 15:34, Sven Hartge wrote:
> Kenneth Parker  wrote:
> 
>> +1 for information, on where System Files are stored on Debian, as well as
>> for the reminder of the "/usr Merge" that might hit a fan someday.
> 
> The usr-merge is already here, if you install Debian Buster. The
> installer creates a usr-merged filesystem and you, short of remastering
> the Installer image to remove the option, have no way of configuring
> this.
> 
> Grüße,
> Sven.
> 
Well, a while ago, I upgrade my stretch to buster, but I see no evidence
of symlinks to /usr in my root fs. How come?

Cheers, Tony

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Sven Hartge]

to...@tuxteam.de wrote:
> On Tue, Dec 31, 2019 at 03:34:34PM +0100, Sven Hartge wrote:
>> Kenneth Parker  wrote:
 
>>> +1 for information, on where System Files are stored on Debian, as
>>> well as for the reminder of the "/usr Merge" that might hit a fan
>>> someday.
>> 
>> The usr-merge is already here, if you install Debian Buster. The
>> installer creates a usr-merged filesystem and you, short of
>> remastering the Installer image...

> or upgrading from a non-user-merge installation :-)

Sure. it is just a bit tedious to first install Stretch to upgrade to a
non-usr-merged Buster.

S!

-- 
Sigmentation fault. Core dumped.

Re: Giveaway-Laptop: sending system mails

[Andrei POPESCU]

On Ma, 31 dec 19, 14:11:06, Markus Grunwald wrote:
> Dear List Participants,
> 
> An elder friend of mine uses his 10 year old Sony Vayo with Windows 7
> mainly for browsing the net, homebanking, E-Mails. Due to several
> reasons, I want to give him a Laptop with Debian Linux that I will support.
> 
> Several things should work to keep my active involvement low. One of the
> basics is: I want to get mails whenever "something" happens. I think
> that msmtp is the right tool for me, but correct me if I'm wrong, please.
> 
> But, there is a problem: I have to put the plain mail password in
> /etc/msmtprc, because the normal user won't be there to unlock a gpg
> file or give msmtp the password in any other way. That means, I want
> /etc/msmtprc to be only readable by root (440). But then, users other
> than root (nobody maybe?) won't be able to send mails...

It seems like you already have a solution for msmtp.

Other options to consider are dma and opensmtpd, which can also queue 
messages if e.g. the system is not connected to the internet at that 
time.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Résolu: Résumé et tentative d'explication: Problème avec udevd

[Bureau LxVx]

Bonjour à tous !

@JMarc

Le 28/12/2019 à 16:01, Jean-Marc a écrit :
> Sat, 28 Dec 2019 11:24:15 +0100
> Bureau LxVx  écrivait :
>
>> Bonjour à tous !
> salut Sylvie,
>> Je reprends l'Inspiron ce matin et
>>
>> @JMarc : ça marche ! super !
> Content d'avoir pu t'aider, Sylvie.
:-D
>
>> En fait, j'avais trouvé cette soluce MAIS ...en ajoutant
>>
>> 
>> j'avais "oublié" l'espace qui suivait (pas tech, j'avais dit ...)
> Pour quelqu'un de "pas tech", c'est impressionant !
J’espère que ce n'est pas ironique ;-)
> Donc ... merci : mon apprentissage continue par votre aide et par mes erreurs.
> Avec grand plaisir !
>
> Dernier détail : tu ne mentionnes pas si tu as copié le fichier 
> 97-hid2hci.rules dans le répertoire /etc/udev/rules.d/ avant de le modifier.
J'ai suivi tes conseils "à la lettre"...
>   Se faisant, tu évites qu'il ne soit remis dans sa version originale en cas 
> de mise à jour du paquet bluez, paquet qui contient ce fichier.
Compris ! et ça marche  pour l'instant.


Deux questions :

  * quel est le sens de cet ajout ""
  * pour quelles raisons ne faut-il pas éditer ce fichier ? cf PJ

> Et, pour info, ce bogue fait l'objet d'un suivi dans le rapport de bogue 
> suivant :
> . https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901965
J'y ai ajouté quelques infos en espérant relancer les maintainers en vue
d'une solution définitive.

> Can you, please, advice what is the best solution to, at least, mitigate the 
> risk of being hit by this bug ?  Specifying the ACTION like described in the 
> RH bugreport or using the driver usbhid like in the Тут Root's proposed patch.
>
> And about further investigations, unfortunately, I cannot reproduce the bug 
> and, then, I am not able to investigate further to know if it is really a 
> driver or kernel bug.
Merci : je n'aurais pas su faire.

>> Librement,
>>
>> Sylvie
> Bonne fin de journée.
>
> Jean-Marc 
> https://6jf.be/keys/ED863AD1.txt
Bon réveillon à tous !

Bien librement,

Sylvie
sylinfo84@debian-inspiron:~$ cd /etc/udev/
sylinfo84@debian-inspiron:/etc/udev$ ls
hwdb.d  rules.d  udev.conf
sylinfo84@debian-inspiron:/etc/udev$ cd rules.d/
sylinfo84@debian-inspiron:/etc/udev/rules.d$ ls
59-smfp_samsung.rules  97-hid2hci.rules
sylinfo84@debian-inspiron:/etc/udev/rules.d$ nano 97-hid2hci.rules 
sylinfo84@debian-inspiron:/etc/udev/rules.d$ 

Le résultat (j'ai bien du l'éditer !): 


# do not edit this file, it will be overwritten on update

ACTION=="remove", GOTO="hid2hci_end"
SUBSYSTEM!="usb*", GOTO="hid2hci_end"

# Variety of Dell Bluetooth devices - match on a mouse device that is
# self powered and where a HID report needs to be sent to switch modes
# Known supported devices: 413c:8154, 413c:8158, 413c:8162

ACTION=="add", ATTR{bInterfaceClass}=="03", ATTR{bInterfaceSubClass}=="01", ATT$
  ATTRS{bDeviceClass}=="00", ATTRS{idVendor}=="413c", ATTRS{bmAttributes}=="e0"$
  RUN+="hid2hci --method=dell --devpath=%p", ENV{HID2HCI_SWITCH}="1"

# Logitech devices
KERNEL=="hiddev*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[345abce]|c71$
  RUN+="hid2hci --method=logitech-hid --devpath=%p"
# Logitech, Inc. diNovo Edge Keyboard
KERNEL=="hidraw*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c714", \
  RUN+="hid2hci --method=logitech-hid --devpath=%p"

ENV{DEVTYPE}!="usb_device", GOTO="hid2hci_end"

# When a Dell device recovers from S3, the mouse child needs to be repoked
# Unfortunately the only event seen is the BT device disappearing, so the mouse
# device needs to be chased down on the USB bus.
ATTR{bDeviceClass}=="e0", ATTR{bDeviceSubClass}=="01", ATTR{bDeviceProtocol}=="$
  ENV{REMOVE_CMD}="/sbin/udevadm trigger --action=change --subsystem-match=usb $

# CSR devices
ATTR{idVendor}=="0a12|0458|05ac", ATTR{idProduct}=="1000", RUN+="hid2hci --meth$

LABEL="hid2hci_end"

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[tomas]

On Tue, Dec 31, 2019 at 03:34:34PM +0100, Sven Hartge wrote:
> Kenneth Parker  wrote:
> 
> > +1 for information, on where System Files are stored on Debian, as well as
> > for the reminder of the "/usr Merge" that might hit a fan someday.
> 
> The usr-merge is already here, if you install Debian Buster. The
> installer creates a usr-merged filesystem and you, short of remastering
> the Installer image...

or upgrading from a non-user-merge installation :-)

Cheers
-- t


signature.asc
Description: Digital signature

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Sven Hartge]

Kenneth Parker  wrote:

> +1 for information, on where System Files are stored on Debian, as well as
> for the reminder of the "/usr Merge" that might hit a fan someday.

The usr-merge is already here, if you install Debian Buster. The
installer creates a usr-merged filesystem and you, short of remastering
the Installer image to remove the option, have no way of configuring
this.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Pub Key Exchange Between Buster and Windows10

[Martin McCormick]

It was great news to find out that Windows10 includes an
openssh client and server and I got the Windows10 system and one
Debian Buster system to communicate via ssh/scp which is all
good.  The final step of getting them to connect via shared
public keys is good from the Windows box to the debian box but
not completely the other way around as in debian trying to log in to
Windows10.

On the Windows box via powershell, I ran ssh-keygen -trsa
which gave the usual prompts for a passfrase and produced the
usual public and private keys in .ssh so I then  copied
id_rsa.pub from my .ssh directory on the Linux box to
authorized_keys on the Windows box after running it through
unix2dos to fix \n.

I then ran dos2unix on the new Windows box's
.ssh/id_rsa.pub to make it suitable for unix and added it to
.ssh/authorized_keys.

Both machines have each other's key in .ssh/known_hosts.
Here's what happens.

Going from Windows to Linux, no password is needed to
remotely execute commands on the Linux system.  For some reason,
right now, if I try to execute Windows commands remotely from the
Linux box, I must always enter the password to the Windows box
and the command runs so the glass is 75% full.

The Win10 box generated an id_rsa.pub key which is 404
bytes long.  The id_rsa.pub key I generated back in 2016 on the
Linux box is 395 bytes long.  Each files is one byte longer in
Windows because of the \n convention being 0x0d0a in Windows and
0x0a in unix.

Any idea as to why the Windows box doesn't seem to accept
the Linux credentials?  When I do enter the password, everything
runs fine but I would rather not use the password in scripts on
one system that are running commands on the other.

What I have got right now is usable but not right.  Any
constructive ideas are appreciated.

Thank you

Martin McCormick

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Kenneth Parker]

On Tue, Dec 31, 2019, 8:42 AM Greg Wooledge  wrote:

> On Tue, Dec 31, 2019 at 12:30:05AM -0700, ghe wrote:
> > As I said before, (grumble, grumble, systemd, grumble, grumble). It
> seems to be pretty nicely done system code, but with an absolutely
> abominable user interface. So far, I know of systemd dirs in /lib, /etc,
> and /usr. That's no way to run a *nix railroad.
>
> Debian doesn't have one in /usr, except if usr-merge was performed,
> in which case the one in /lib is also the one in /usr/lib.
>
> So, there's really just /lib and /etc.  (In Debian.  And why do I have
> to write that, on a debian-user mailing list)
>
> The one in /lib is for PACKAGES, from your operating system, which for
> most of us is Debian, but for you may be some Raspthing.  (And hell,
> maybe Raspbian still uses the Red Hat directories, who the fuck knows,
> that's why we can't support Raspbian questions here -- IT'S DIFFERENT!)
>
> The one in /etc is for YOU, the local system administrator, to store
> your locally written unit files.  And also for total-override unit
> files created by "systemctl edit", and also for drop-in directories,
> and also for automatically created symlinks that represent aliases
> and masks and so on.
>
> Unit files in /etc OVERRIDE unit files in /lib because YOU are the
> master of your local system, and YOUR changes are intended to override
> the operating system vendor's shipped files.  It's the same reason
> why /usr/local/bin is in $PATH before /usr/bin and /bin.  It's the
> same reason why files in a user's $HOME directory override system
> defaults.
>

+1 for information, on where System Files are stored on Debian, as well as
for the reminder of the "/usr Merge" that might hit a fan someday.

Kenneth Parker

>

Re: Giveaway-Laptop: sending system mails

[Reco]

Hi.

On Tue, Dec 31, 2019 at 02:11:06PM +0100, Markus Grunwald wrote:
> But, there is a problem: I have to put the plain mail password in
> /etc/msmtprc, because the normal user won't be there to unlock a gpg
> file or give msmtp the password in any other way. That means, I want
> /etc/msmtprc to be only readable by root (440). But then, users other
> than root (nobody maybe?) won't be able to send mails...

NEWS.Debian.gz have this to say on the issue:

The system-wide configuration file (/etc/msmtprc) can contain SMTP
credentials that are best kept secret. To let regular users use msmtp
while preventing them from reading the file, the permissions can be
adjusted that way:

# chmod 0640 /etc/msmtprc
# chgrp msmtp /etc/msmtprc

So that msmtp's binary executing as the "msmtp" group (setgid) can
access it.


In short, if a user will use "msmtp" to send e-mails - you're set.

If msmtp somehow fails you - consider using exim4, which passwd.client
file should not be readable by ordinary user at all.

Reco

Re: OT: Question about 10/100 switch on a LAN with a faster router

[rhkramer]

Thanks (earlier I thanked Christian directly), but I wanted to add that the 
sketch he drew (below) does correctly reflect the intended LAN configuration.

On Tuesday, December 31, 2019 08:28:03 AM Christian Seiler wrote:
> Hi there,
> 
> Am 2019-12-31 14:03, schrieb rhkra...@gmail.com:
> > I'm about to recommend that he get a 10/100 5 port Ethernet switch to
> > connect
> > to the two cameras and then a short cat5 (or better) Ethernet cable to
> > connect
> > from the switch to the router.
> > 
> > I'm abouit 99.9% sure that using such a switch will not slow down any
> > other
> > parts of his network, but I don't want to mislead him.
> 
> I assume you want to do the following?
> 
> +-- Other device (Gbit)
> 
> |  (100 MBit)
> 
>   Router - Switch
> 
> |   / |  \
> |  
> |  /  |   \
> |  
> |  Camera A   |   (potentially more in the future)
> |  
> | Camera B
> 
> + Other device (GBit)
> 
> 
> How much peak bandwidth are the cameras going to use simultaneously?
> 
> If both cameras won't ever use more than 100MBit/s _combined_
> (either because they only use the bandwidth at different times OR
> they only actually use 50MBit/s or less anyway), then this
> configuration will be fine. Otherwise I wouldn't recommend this
> setup. (Also consider the future-proofing of this setup, even if
> you only add more 100MBit/s devices, because once you connect all
> 4 switch ports, all of these devices combined will share only a
> single 100MBit/s link to the router.)
> 
> > Am I missing anything?
> 
> Do you (or he) still have a 100MBit/s switch lying around so it
> doesn't cost you anything? If so this will be fine. Otherwise I don't
> see the point in buying a 100MBit/s switch -- I don't know about the
> US, but here in Germany I can get a 5 port Gigabit switch for the
> equivalent of ~ 20$, and that includes a VAT that is more than twice
> that of the typical sales tax in the US. Heck, I can get an 8port
> Gigabit switch for the equivalent of ~ 25$. Sure, I can get a
> 100MBit/s switch for ~ 10$, but unless I want to deploy 100s of
> these, I don't see the point in saving this small amount of money;
> especially since a Gigabit switch will likely still be something
> useful in 10 years once your brother completely changes his current
> setup, but a 100MBit/s switch might not be.
> 
> Regards,
> Christian

Re: OT: Question about 10/100 switch on a LAN with a faster router

[john doe]

On 12/31/2019 2:03 PM, rhkra...@gmail.com wrote:
> Mostly an aside: My brother lives in rural podunk USA and he has a fiber optic
> connection which his ISP says gives him 500 mbps (I live in a fairly urban
> location but can't get fiber)
>
> Background: His ISP says he has a 500 mbps connection which, without having
> seen his setup in a number of years, I'm sure there is a modem connected to a
> router (or maybe a combination modem router), that, connects to a television
> (that is the main user of the 500 mbps, iiuc), a Mac, an ObiHai, and, via
> WiFi, to two security cameras.
>
> There is one free Ethernet port on the router (or router modem), and I'm sure
> those ports must be 10/100/1000 "autoselect" type ports.
>
> The WiFi "connection" to the security cameras is unreliable, and he would like
> to hardwire the security cams to the network (I don't know whether he views
> them with the TV or with the Mac, or both, and I'm sure it doesn't matter).
>
> I'm about to recommend that he get a 10/100 5 port Ethernet switch to connect
> to the two cameras and then a short cat5 (or better) Ethernet cable to connect
> from the switch to the router.
>
> I'm abouit 99.9% sure that using such a switch will not slow down any other
> parts of his network, but I don't want to mislead him.
>
> (I do recognize that a 10/100/1000 switch might give him flexibility to use
> more faster than 100 mbps devices in the future, but he could also connect
> such a new device to the router and move a slower device (e.g., the ObiHai or
> the Mac) to the switch.)
>
> Am I missing anything?
>

Personally, I would buy a unmanaged PoE Gigabit switch.

The PoE could be useful for the cameras and the network could benefit
from Gigabit even though internet speed is slower.

You should also take into consideration  if the "router"/network can
handle that load!

--
John Doe

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Greg Wooledge]

On Tue, Dec 31, 2019 at 12:30:05AM -0700, ghe wrote:
> As I said before, (grumble, grumble, systemd, grumble, grumble). It seems to 
> be pretty nicely done system code, but with an absolutely abominable user 
> interface. So far, I know of systemd dirs in /lib, /etc, and /usr. That's no 
> way to run a *nix railroad.

Debian doesn't have one in /usr, except if usr-merge was performed,
in which case the one in /lib is also the one in /usr/lib.

So, there's really just /lib and /etc.  (In Debian.  And why do I have
to write that, on a debian-user mailing list)

The one in /lib is for PACKAGES, from your operating system, which for
most of us is Debian, but for you may be some Raspthing.  (And hell,
maybe Raspbian still uses the Red Hat directories, who the fuck knows,
that's why we can't support Raspbian questions here -- IT'S DIFFERENT!)

The one in /etc is for YOU, the local system administrator, to store
your locally written unit files.  And also for total-override unit
files created by "systemctl edit", and also for drop-in directories,
and also for automatically created symlinks that represent aliases
and masks and so on.

Unit files in /etc OVERRIDE unit files in /lib because YOU are the
master of your local system, and YOUR changes are intended to override
the operating system vendor's shipped files.  It's the same reason
why /usr/local/bin is in $PATH before /usr/bin and /bin.  It's the
same reason why files in a user's $HOME directory override system
defaults.

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Greg Wooledge]

On Mon, Dec 30, 2019 at 05:07:47PM -0700, ghe wrote:
> root@test:~# systemctl status ipfilter
> ● ipfilter.service - packetFilter
>Loaded: loaded (/usr/lib/systemd/system/ipfilter.service; enabled;
> vendor preset: enabled)

packages.debian.org says:

You have searched for files named /usr/lib/systemd/system/ipfilter.service
in suite buster, all sections, and all architectures.

Sorry, your search gave no results


And then:

You have searched for files named ipfilter.service in suite buster,
all sections, and all architectures.

Sorry, your search gave no results

> The service file:
> 
> root@test:/lib/systemd/system# cat /usr/lib/systemd/system/ipfilter.service
> [Unit]
> Description=packetFilter
> 
> [Service]
> ExecStart=/etc/ipfilterfiles/ipfilter.sh on
> ExecStop=/etc/ipfilterfiles/ipfilter.sh off
> 
> [Install]
> WantedBy=multi-user.target

> When I wrote it,

*sigh*

So, it's not --really-- a systemd unit.  You're just using systemd as
a thin layer on top of a shell script.  But you've not specified what
type of pseudo-service this is.

   Type=
   Configures the process start-up type for this service unit. One of
   simple, exec, forking, oneshot, dbus, notify or idle:

   •   If set to simple (the default if ExecStart= is specified but
   neither Type= nor BusName= are), the service manager will
   consider the unit started immediately after the main service
   process has been forked off. It is expected that the process
   configured with ExecStart= is the main process of the service.

What you're doing here is really closer to oneshot than simple.  I think.
I've never actually *written* a systemd unit file that simply acts as
a thin layer on top of a shell script.

> And this all on the RPi4.

So, it's not a Debian systemd unit file, and it's not running on Debian?
Sheesh.

Re: OT: Question about 10/100 switch on a LAN with a faster router

[Christian Seiler]

Hi there,

Am 2019-12-31 14:03, schrieb rhkra...@gmail.com:
I'm about to recommend that he get a 10/100 5 port Ethernet switch to 
connect
to the two cameras and then a short cat5 (or better) Ethernet cable to 
connect

from the switch to the router.

I'm abouit 99.9% sure that using such a switch will not slow down any 
other

parts of his network, but I don't want to mislead him.


I assume you want to do the following?

   +-- Other device (Gbit)
   |
   |  (100 MBit)
 Router - Switch
   |   / |  \
   |  /  |   \
   |  Camera A   |   (potentially more in the future)
   | |
   | Camera B
   |
   + Other device (GBit)


How much peak bandwidth are the cameras going to use simultaneously?

If both cameras won't ever use more than 100MBit/s _combined_
(either because they only use the bandwidth at different times OR
they only actually use 50MBit/s or less anyway), then this
configuration will be fine. Otherwise I wouldn't recommend this
setup. (Also consider the future-proofing of this setup, even if
you only add more 100MBit/s devices, because once you connect all
4 switch ports, all of these devices combined will share only a
single 100MBit/s link to the router.)


Am I missing anything?


Do you (or he) still have a 100MBit/s switch lying around so it
doesn't cost you anything? If so this will be fine. Otherwise I don't
see the point in buying a 100MBit/s switch -- I don't know about the
US, but here in Germany I can get a 5 port Gigabit switch for the
equivalent of ~ 20$, and that includes a VAT that is more than twice
that of the typical sales tax in the US. Heck, I can get an 8port
Gigabit switch for the equivalent of ~ 25$. Sure, I can get a
100MBit/s switch for ~ 10$, but unless I want to deploy 100s of
these, I don't see the point in saving this small amount of money;
especially since a Gigabit switch will likely still be something
useful in 10 years once your brother completely changes his current
setup, but a 100MBit/s switch might not be.

Regards,
Christian

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Sven Hartge]

ghe  wrote:
> On 12/31/19 1:05 AM, Andrei POPESCU wrote:

>>> I guess I misunderstood the term 'daemon.' I thought it was just a 
>>> piece of software that, when run, stays run until it's through -- when 
>>> it's started at boot and has no exit, hangs around in the background 
>>> doing stuff. Unless somebody tells it to stop.
>> 
>> Right. Does your script work like this? I'm asking because typically 
>> scripts do their thing and then exit.

> Yes, it does. It's a huge (for .sh) program (Python was unavailable at
> the time :-) that will, interactively, display and modify the iptables
> chains. There are several other .sh and PERL scripts I've written that
> do similar things -- intended to be daemons, as I understood it.

Care to share your Shell-Script? If it indeed is a daemon that keeps
running, then the lines to add to your unit file are wrong in this
circumstance.

Grüße,
S°

-- 
Sigmentation fault. Core dumped.

Re: bateria notebook

[Leonardo S. S. da Rocha]

Legal Sinval, não sabia do powertop. Eles coexistem ou é necessário
manter apenas um deles?

Muito obrigado pela dica.

Leonardo Rocha.

Em seg., 30 de dez. de 2019 às 11:15, Sinval Júnior
 escreveu:
>
> Se o processador for intel tem o powertop. Dependendo do fabricante há 
> modulos especificos no kernel. No meu mac eu melhorei bastante recompilando.
>
>
> Ao encaminhar esta mensagem, por favor:
> 1 - Apague meu endereço eletrônico;
> 2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários. 
> Dificulte assim a disseminação de vírus, spams e banners.
>
> #=+
> #!/usr/bin/env python
> nome = 'Sinval Júnior'
> email = 'sinvalju arroba gmail ponto com'
> print nome
> print email
> #==+
>
>
> Em seg., 30 de dez. de 2019 às 10:47, Leonardo S. S. da Rocha 
>  escreveu:
>>
>> Meus amigos, bom dia!
>>
>> tenho testado o CPUFreq e pretendo testar agora o TLP no Debian 10.
>> Quero encontrar um pacote que melhore o desempenho da bateria do meu
>> notebook e me permita decidir por prolongá-la ou não. Alguém tem
>> alguma experiência com algum desses pacotes para me fazer uma
>> recomendação do qual é o melhor?
>>
>> agradeço, aguardo um retorno e aproveito para desejar um feliz ano
>> novo de muitas realizações.
>>
>> Abraço,
>>
>> Leonardo Rocha.
>>

Giveaway-Laptop: sending system mails

[Markus Grunwald]

Dear List Participants,

An elder friend of mine uses his 10 year old Sony Vayo with Windows 7
mainly for browsing the net, homebanking, E-Mails. Due to several
reasons, I want to give him a Laptop with Debian Linux that I will support.

Several things should work to keep my active involvement low. One of the
basics is: I want to get mails whenever "something" happens. I think
that msmtp is the right tool for me, but correct me if I'm wrong, please.

But, there is a problem: I have to put the plain mail password in
/etc/msmtprc, because the normal user won't be there to unlock a gpg
file or give msmtp the password in any other way. That means, I want
/etc/msmtprc to be only readable by root (440). But then, users other
than root (nobody maybe?) won't be able to send mails...

I wonder if that could be solved in a better way? I don't want to miss
anything from unattended-upgrades or logcheck or apt-listchanges...

I would love to get your thoughts on that.
-- 
Markus Grunwald
https://www.the-grue.de/~markus/markus_grunwald.gpg



signature.asc
Description: OpenPGP digital signature

OT: Question about 10/100 switch on a LAN with a faster router

[rhkramer]

Mostly an aside: My brother lives in rural podunk USA and he has a fiber optic 
connection which his ISP says gives him 500 mbps (I live in a fairly urban 
location but can't get fiber) 

Background: His ISP says he has a 500 mbps connection which, without having 
seen his setup in a number of years, I'm sure there is a modem connected to a 
router (or maybe a combination modem router), that, connects to a television 
(that is the main user of the 500 mbps, iiuc), a Mac, an ObiHai, and, via 
WiFi, to two security cameras.

There is one free Ethernet port on the router (or router modem), and I'm sure 
those ports must be 10/100/1000 "autoselect" type ports.

The WiFi "connection" to the security cameras is unreliable, and he would like 
to hardwire the security cams to the network (I don't know whether he views 
them with the TV or with the Mac, or both, and I'm sure it doesn't matter).

I'm about to recommend that he get a 10/100 5 port Ethernet switch to connect 
to the two cameras and then a short cat5 (or better) Ethernet cable to connect 
from the switch to the router.

I'm abouit 99.9% sure that using such a switch will not slow down any other 
parts of his network, but I don't want to mislead him.

(I do recognize that a 10/100/1000 switch might give him flexibility to use 
more faster than 100 mbps devices in the future, but he could also connect 
such a new device to the router and move a slower device (e.g., the ObiHai or 
the Mac) to the switch.)

Am I missing anything?

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Gene Heskett]

On Tuesday 31 December 2019 05:37:54 Joe wrote:

> On Tue, 31 Dec 2019 04:37:10 -0500
>
> Gene Heskett  wrote:
> > On Tuesday 31 December 2019 02:30:05 ghe wrote:
> > > > On Dec 30, 2019, at 05:47 PM, Sven Hartge 
> > > > wrote:
> > > >
> > > > Please show the output of
> > > >
> > > >systemctl cat YOUR_SERVICE_UNIT
> > > >
> > > > This will show all additions and overrides to the unit.
> > >
> > > root@test:~# systemctl cat ipfilter
> > > # /usr/lib/systemd/system/ipfilter.service
> > > [Unit]
> > > Description=packetFilter
> > >
> > > [Service]
> > > ExecStart=/etc/ipfilterfiles/ipfilter.sh on
> > > ExecStop=/etc/ipfilterfiles/ipfilter.sh off
> > >
> > > [Install]
> > > WantedBy=multi-user.target
> > >
> > > > Your shell script isn't really daemon, so it is normal to not
> > > > stay running after it setup the iptables rules.
> > >
> > > I guess I misunderstood the term 'daemon.' I thought it was just a
> > > piece of software that, when run, stays run until it's through --
> > > when it's started at boot and has no exit, hangs around in the
> > > background doing stuff. Unless somebody tells it to stop.
> > >
> > > This code has, under the old init system, been thinking it's a
> > > daemon for a couple decades now. But you're right. On other
> > > systemd computers, I have to start my local firewall by hand, like
> > > I have to with BIND on the DNS server.
> > >
> > > > I think your unit is missing the following:
> > > >
> > > > ,
> > > >
> > > > | [Service]
> > > > | Type=oneshot
> > > > | RemainAfterExit=yes
> > > >
> > > > `
> > >
> > > That makes sense. I'll insert those lines and see what happens.
> > >
> > > I knew it'd be trivial when it came to light what I was missing.
> > > Thanks a lot.
> > >
> > > (grumble, grumble, systemd, grumble, grumble)
> > >
> > > >> And how did that file get in /usr? When I wrote it, it was in
> > > >> /lib/systemd/system.
> > > >
> > > > usr-merge is the keyword here.
> > >
> > > What's that? I never heard of that before, and I certainly didn't
> > > ask for it. One of the reasons I run Debian was that the config
> > > stuff is all in /etc. And, it goes without saying, stays there.
> > >
> > > As I said before, (grumble, grumble, systemd, grumble, grumble).
> > > It seems to be pretty nicely done system code, but with an
> > > absolutely abominable user interface. So far, I know of systemd
> > > dirs in /lib, /etc, and /usr. That's no way to run a *nix
> > > railroad.
> >
> > +100 (or more)
> >
> > > While I have you on the hook, Sven, how/where did you get your
> > > systemd knowledge? I've looked around, and I haven't seen any
> > > mention of what you just told me.
> >
> > I had that same didn't start after a reboot problem, but found this
> > script started iptables ok when executed by hand as ./start-iptables
> > while root in the /etc/iptables dir.
> >
> > #!/bin/bash
> > iptables-restore  >
> > And whenever I add a new rule, I resave the saved-rules with this
> >
> > #!/bin/bash
> > iptables-save >saved-rules
> >
> > A executed from /etc/iptables with ./iptables-saveem
> >
> > It seems to me, that if iptables has been intalled, there ought to
> > be a start script in /etc/init.d, or someplace in the /etc/systemd
> > path, but there is not such a critter in either path (nothing in
> > /usr, but /lib/systemd has 100 or so files) in this stretch install.
> >
> > This works, but leaves me open until I get around to starting it, so
> > I doubt its the approved method.  IMO it ought to be the first
> > active line in the ifup script so its active before the net is
> > brought up.
>
> Does iptables-persistent work for you?

It should, I just installed it. I'll have to change the name of the save 
file to match it in my other scripts, but haven't yet.

> I made my own pseudo-daemon before this existed, stealing a LFS
> skeleton, allowing multiple rulesets for various environments.


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Joe]

On Tue, 31 Dec 2019 04:37:10 -0500
Gene Heskett  wrote:

> On Tuesday 31 December 2019 02:30:05 ghe wrote:
> 
> > > On Dec 30, 2019, at 05:47 PM, Sven Hartge 
> > > wrote:
> > >
> > > Please show the output of
> > >
> > >systemctl cat YOUR_SERVICE_UNIT
> > >
> > > This will show all additions and overrides to the unit.  
> >
> > root@test:~# systemctl cat ipfilter
> > # /usr/lib/systemd/system/ipfilter.service
> > [Unit]
> > Description=packetFilter
> >
> > [Service]
> > ExecStart=/etc/ipfilterfiles/ipfilter.sh on
> > ExecStop=/etc/ipfilterfiles/ipfilter.sh off
> >
> > [Install]
> > WantedBy=multi-user.target
> >  
> > > Your shell script isn't really daemon, so it is normal to not stay
> > > running after it setup the iptables rules.  
> >
> > I guess I misunderstood the term 'daemon.' I thought it was just a
> > piece of software that, when run, stays run until it's through --
> > when it's started at boot and has no exit, hangs around in the
> > background doing stuff. Unless somebody tells it to stop.
> >
> > This code has, under the old init system, been thinking it's a
> > daemon for a couple decades now. But you're right. On other systemd
> > computers, I have to start my local firewall by hand, like I have to
> > with BIND on the DNS server.
> >  
> > > I think your unit is missing the following:
> > >
> > > ,
> > >
> > > | [Service]
> > > | Type=oneshot
> > > | RemainAfterExit=yes
> > >
> > > `  
> >
> > That makes sense. I'll insert those lines and see what happens.
> >
> > I knew it'd be trivial when it came to light what I was missing.
> > Thanks a lot.
> >
> > (grumble, grumble, systemd, grumble, grumble)
> >  
> > >> And how did that file get in /usr? When I wrote it, it was in
> > >> /lib/systemd/system.  
> > >
> > > usr-merge is the keyword here.  
> >
> > What's that? I never heard of that before, and I certainly didn't
> > ask for it. One of the reasons I run Debian was that the config
> > stuff is all in /etc. And, it goes without saying, stays there.
> >
> > As I said before, (grumble, grumble, systemd, grumble, grumble). It
> > seems to be pretty nicely done system code, but with an absolutely
> > abominable user interface. So far, I know of systemd dirs in /lib,
> > /etc, and /usr. That's no way to run a *nix railroad.
> >  
> +100 (or more)
> 
> > While I have you on the hook, Sven, how/where did you get your
> > systemd knowledge? I've looked around, and I haven't seen any
> > mention of what you just told me.  
> 
> I had that same didn't start after a reboot problem, but found this 
> script started iptables ok when executed by hand as ./start-iptables 
> while root in the /etc/iptables dir.
> 
> #!/bin/bash
> iptables-restore  
> And whenever I add a new rule, I resave the saved-rules with this
> 
> #!/bin/bash
> iptables-save >saved-rules
> 
> A executed from /etc/iptables with ./iptables-saveem
> 
> It seems to me, that if iptables has been intalled, there ought to be
> a start script in /etc/init.d, or someplace in the /etc/systemd path,
> but there is not such a critter in either path (nothing in /usr, 
> but /lib/systemd has 100 or so files) in this stretch install.
> 
> This works, but leaves me open until I get around to starting it, so
> I doubt its the approved method.  IMO it ought to be the first active
> line in the ifup script so its active before the net is brought up. 
> 

Does iptables-persistent work for you?

I made my own pseudo-daemon before this existed, stealing a LFS
skeleton, allowing multiple rulesets for various environments.

-- 
Joe

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[mick crane]

On 2019-12-31 09:21, ghe wrote:


But what I'm really looking for is a comprehensive book on systemd like
the 40 pounder 'Learning Python' or other O'Reilly, etc, books that've
saved my life in the past few years. (I'm more comfortable with dead
trees than I am with screens.)


When Microsoft was saying "Where do you want to go today ?" I started 
looking for another OS.
Really pleased to find Linux, although didn't find intuitive there was 
loads of documentation that came with it and all the O'Reilly books to 
help a new user figure out what was going on.
These days I don't bother so much as things seem to Just Work but it 
would be nice to have it a bit easier to find out what systemd is doing.


cheers
mick

--
Key ID4BFEBB31

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Gene Heskett]

On Tuesday 31 December 2019 02:30:05 ghe wrote:

> > On Dec 30, 2019, at 05:47 PM, Sven Hartge 
> > wrote:
> >
> > Please show the output of
> >
> >systemctl cat YOUR_SERVICE_UNIT
> >
> > This will show all additions and overrides to the unit.
>
> root@test:~# systemctl cat ipfilter
> # /usr/lib/systemd/system/ipfilter.service
> [Unit]
> Description=packetFilter
>
> [Service]
> ExecStart=/etc/ipfilterfiles/ipfilter.sh on
> ExecStop=/etc/ipfilterfiles/ipfilter.sh off
>
> [Install]
> WantedBy=multi-user.target
>
> > Your shell script isn't really daemon, so it is normal to not stay
> > running after it setup the iptables rules.
>
> I guess I misunderstood the term 'daemon.' I thought it was just a
> piece of software that, when run, stays run until it's through -- when
> it's started at boot and has no exit, hangs around in the background
> doing stuff. Unless somebody tells it to stop.
>
> This code has, under the old init system, been thinking it's a daemon
> for a couple decades now. But you're right. On other systemd
> computers, I have to start my local firewall by hand, like I have to
> with BIND on the DNS server.
>
> > I think your unit is missing the following:
> >
> > ,
> >
> > | [Service]
> > | Type=oneshot
> > | RemainAfterExit=yes
> >
> > `
>
> That makes sense. I'll insert those lines and see what happens.
>
> I knew it'd be trivial when it came to light what I was missing.
> Thanks a lot.
>
> (grumble, grumble, systemd, grumble, grumble)
>
> >> And how did that file get in /usr? When I wrote it, it was in
> >> /lib/systemd/system.
> >
> > usr-merge is the keyword here.
>
> What's that? I never heard of that before, and I certainly didn't ask
> for it. One of the reasons I run Debian was that the config stuff is
> all in /etc. And, it goes without saying, stays there.
>
> As I said before, (grumble, grumble, systemd, grumble, grumble). It
> seems to be pretty nicely done system code, but with an absolutely
> abominable user interface. So far, I know of systemd dirs in /lib,
> /etc, and /usr. That's no way to run a *nix railroad.
>
+100 (or more)

> While I have you on the hook, Sven, how/where did you get your systemd
> knowledge? I've looked around, and I haven't seen any mention of what
> you just told me.

I had that same didn't start after a reboot problem, but found this 
script started iptables ok when executed by hand as ./start-iptables 
while root in the /etc/iptables dir.

#!/bin/bash
iptables-restore saved-rules

A executed from /etc/iptables with ./iptables-saveem

It seems to me, that if iptables has been intalled, there ought to be a 
start script in /etc/init.d, or someplace in the /etc/systemd path, but 
there is not such a critter in either path (nothing in /usr, 
but /lib/systemd has 100 or so files) in this stretch install.

This works, but leaves me open until I get around to starting it, so I 
doubt its the approved method.  IMO it ought to be the first active line 
in the ifup script so its active before the net is brought up. 

Thanks.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[ghe]

On 12/31/19 1:05 AM, Andrei POPESCU wrote:

>> I guess I misunderstood the term 'daemon.' I thought it was just a 
>> piece of software that, when run, stays run until it's through -- when 
>> it's started at boot and has no exit, hangs around in the background 
>> doing stuff. Unless somebody tells it to stop.
> 
> Right. Does your script work like this? I'm asking because typically 
> scripts do their thing and then exit.

Yes, it does. It's a huge (for .sh) program (Python was unavailable at
the time :-) that will, interactively, display and modify the iptables
chains. There are several other .sh and PERL scripts I've written that
do similar things -- intended to be daemons, as I understood it.

> Try systemd.service(5).

In man? I will.

But what I'm really looking for is a comprehensive book on systemd like
the 40 pounder 'Learning Python' or other O'Reilly, etc, books that've
saved my life in the past few years. (I'm more comfortable with dead
trees than I am with screens.)

-- 
Glenn English

Re: On systemd, raspbian and off-topics [was: systemdq]

[tomas]

On Tue, Dec 31, 2019 at 02:08:17PM +0900, 황병희 wrote:
> > I actually do enjoy off-topic tangents, and [...]
> 
> Me too, happy new year tomás ^^^

Happy new year to yo, too (and to all others here). May your dreams
come true, whether you like systemd or not :-)

Cheers
-- t


signature.asc
Description: Digital signature

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[Andrei POPESCU]

On Ma, 31 dec 19, 00:30:05, ghe wrote:
> 
> I guess I misunderstood the term 'daemon.' I thought it was just a 
> piece of software that, when run, stays run until it's through -- when 
> it's started at boot and has no exit, hangs around in the background 
> doing stuff. Unless somebody tells it to stop.

Right. Does your script work like this? I'm asking because typically 
scripts do their thing and then exit.
 
> This code has, under the old init system, been thinking it's a daemon 
> for a couple decades now. But you're right. On other systemd 
> computers, I have to start my local firewall by hand, like I have to 
> with BIND on the DNS server. 
> 
> > I think your unit is missing the following:
> > 
> > ,
> > | [Service]
> > | Type=oneshot
> > | RemainAfterExit=yes
> > `
> 
> That makes sense. I'll insert those lines and see what happens. 
> 
> I knew it'd be trivial when it came to light what I was missing. Thanks a lot.
> 
> (grumble, grumble, systemd, grumble, grumble)
> 
> >> And how did that file get in /usr? When I wrote it, it was in
> >> /lib/systemd/system.
> > 
> > usr-merge is the keyword here.
> 
> What's that? I never heard of that before, and I certainly didn't ask 
> for it. One of the reasons I run Debian was that the config stuff is 
> all in /etc. And, it goes without saying, stays there.

usr-merge doesn't touch /etc.
 
> As I said before, (grumble, grumble, systemd, grumble, grumble). It 
> seems to be pretty nicely done system code, but with an absolutely 
> abominable user interface. So far, I know of systemd dirs in /lib, 
> /etc, and /usr. That's no way to run a *nix railroad.
 
If your system is usr-merged then /lib, /bin and /sbin are symlinks to 
their counterparts in /usr. Nothing else is affected.

> While I have you on the hook, Sven, how/where did you get your systemd 
> knowledge? I've looked around, and I haven't seen any mention of what 
> you just told me. 

Try systemd.service(5).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature