Re: Unable to associate to mobile hotspot

[Rodrigo Cunha]

>
> At any rate, I've tried adding "intel_iommu=off" to my kernel parameters
> and rebooted, but nothing changed.
>


Steps:
sudo nano /etc/default/grub
Change from this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
To this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=off"
Update grup:
sudo update-grub
Reinstall system.
shutdown -r now

Then,
*journal -b *and post here.

If skip task update-grub does not work.


On Tue, Mar 7, 2023 at 7:56 AM Lucio Crusca  wrote:

> Il 04/03/23 05:23, Rodrigo Cunha ha scritto:
> > What is your kernel?
>
> Linux t470 6.1.0-5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.12-1
> (2023-02-15) x86_64 GNU/Linux
>
>
> > I saw in a forum from Arch that a problem in the kernel is causing this.
>
> I've read through the forum posts you linked, and the ones linked
> therein. I'm afraid it's quite a different problem. My wifi connection
> has no stability issues: it just refuses to associate to this specific
> hotspot, but it works like a charm with others. My logs do not show the
> CTRL-EVENT-BEACON-LOSS message. My network adapter is not Atheros.
>
> At any rate, I've tried adding "intel_iommu=off" to my kernel parameters
> and rebooted, but nothing changed.
>


-- 
Atenciosamente,
Rodrigo da Silva Cunha
São Gonçalo, RJ - Brasil

Re: No /

[tomas]

On Tue, Mar 07, 2023 at 05:04:57PM -0600, David Wright wrote:
> On Tue 07 Mar 2023 at 19:36:04 (+0100), to...@tuxteam.de wrote:
> > On Tue, Mar 07, 2023 at 05:33:45PM +0100, Michael Lee wrote:
> > > Is it possible to reinstall the system and still retain the settings,
> > > logins, etc.? 
> > 
> > That depends on what you understand by "settings, logins, etc".
> > 
> > As others have said in this thread: what are you trying to achieve?
> > Why do you want to reinstall the system?
> 
> https://lists.debian.org/debian-user/2023/03/msg00064.html

Uh, oh.

If it's that, I'd try with /etc, /var, /home (and possibly others).
But this will only work if "the OS" [1] before and after are similar
enough.

Manual intervention might be unavoidable.

Cheers

[1] "The OS" is the "bunch of relevant applications". Yes, handwavy,
   but so was your request :)

-- 
t


signature.asc
Description: PGP signature

Re: No /

[Rodrigo Cunha]

It does not work if you want to use this host like a secure
server(server.key). So why do you not install a new server with the same
configuration? Commonly is suitable to install two servers, migrate
services, and switch at an appropriate time.

On Tue, Mar 7, 2023 at 8:05 PM David Wright 
wrote:

> On Tue 07 Mar 2023 at 19:36:04 (+0100), to...@tuxteam.de wrote:
> > On Tue, Mar 07, 2023 at 05:33:45PM +0100, Michael Lee wrote:
> > > Is it possible to reinstall the system and still retain the settings,
> > > logins, etc.?
> >
> > That depends on what you understand by "settings, logins, etc".
> >
> > As others have said in this thread: what are you trying to achieve?
> > Why do you want to reinstall the system?
>
> https://lists.debian.org/debian-user/2023/03/msg00064.html
>
> one might assume. BTRfs is w-a-y beyond my ken.
>
> Cheers,
> David.
>
>

-- 
Atenciosamente,
Rodrigo da Silva Cunha
São Gonçalo, RJ - Brasil

Re: how to activate my wireless card? nmtui only shows wireless connections . . .

[David Wright]

On Sun 05 Mar 2023 at 20:57:25 (+), Albretch Mueller wrote:
> On 3/5/23, David Wright  wrote:
> >
> > I run installed systems, so wifi passwords are either in individual
> > /var/lib/iwd/.psk files (with iwd), or collectively in
> > /etc/wpa_supplicant/.conf (with wpasupplicant/systemd-networkd).
> >
> > These files have go= permissions, and I don't consider them of great
> > enough concern to put them on an encrypted filesystem (which would
> > in any case need unlocking). However, you could do just that, with an
> > encrypted USB stick. At least you'd benefit from just one passphrase
> > to unlock any and all necessary secrets.
> 
>  Is there a way to pass the password on the command to that modprobe
> or whichever utility?
> 
>  Apparently because I use DL I don't have that kind of directory structure:
> 
> $ cd /var/lib/iwd/
> bash: cd: /var/lib/iwd/: No such file or directory

You only don't have this directory because you have:

> drwx-- 1 root  root   140 Mar  5 20:50 NetworkManager

running your network, not iwd. As for /etc/wpa_supplicant/, NM lists
it as a dependency. I don't whether NM is scriptable, for passing in
a password, or not: I've never used it.

Cheers,
David.

Re: Windows Subsystem for Linux Debian

[Richmond]

didier gaumet  writes:

> Le 07/03/2023 à 21:17, Richmond a écrit :
>> I have Debian 11 on Windows Subsystem for Linux, but it is using a
>> version 4 kernel. (I have established that it is debian 11 by looking in
>> /etc/issue, and /etc/apt/sources). The Kernel says it is Microsoft:
>> 4.4.0-19041-Microsoft #2311-Microsoft
>> So I guess this is not really a kernel? as the version is a Windows
>> version number, although I am on Windows 19045.2604.
>> Who supports Debian 11 for WSL? It is in the Microsoft Store. Why is
>> it
>> on version 4 kernel?
>
> Hello,
>
> Warning: I do not use WSL1/WSL2
>  but I would say that your Debian was installed as a WSL1 distro
>  (typical 4.4 pseudo linux kernel (translator, sort of)) and you could 
> migrate it to WSL2 (5.15 kernel presently, in a Hyper-V VM).
> https://learn.microsoft.com/en-us/windows/wsl/compare-versions
> https://superuser.com/questions/1628023/check-wsl-version-1-or-2-inside-the-linux-installation
> https://learn.microsoft.com/en-us/windows/wsl/kernel-release-notes

It seems I had not upgraded to WSL2. I thought I had. Now I have done
that I am on the right kernel.

5.15.90.1-microsoft-standard-WSL2 #1

Re: No /

[David Wright]

On Tue 07 Mar 2023 at 19:36:04 (+0100), to...@tuxteam.de wrote:
> On Tue, Mar 07, 2023 at 05:33:45PM +0100, Michael Lee wrote:
> > Is it possible to reinstall the system and still retain the settings,
> > logins, etc.? 
> 
> That depends on what you understand by "settings, logins, etc".
> 
> As others have said in this thread: what are you trying to achieve?
> Why do you want to reinstall the system?

https://lists.debian.org/debian-user/2023/03/msg00064.html

one might assume. BTRfs is w-a-y beyond my ken.

Cheers,
David.

Re: Windows Subsystem for Linux Debian

[Andrew M.A. Cater]

On Tue, Mar 07, 2023 at 08:17:41PM +, Richmond wrote:
> I have Debian 11 on Windows Subsystem for Linux, but it is using a
> version 4 kernel. (I have established that it is debian 11 by looking in
> /etc/issue, and /etc/apt/sources). The Kernel says it is Microsoft:
> 
> 4.4.0-19041-Microsoft #2311-Microsoft
> 
> So I guess this is not really a kernel? as the version is a Windows
> version number, although I am on Windows 19045.2604.
> 
> Who supports Debian 11 for WSL? It is in the Microsoft Store. Why is it
> on version 4 kernel?
>

The kernel version *is* provided by Microsoft - it has been engineered by them
to work with Windows.

Having just updated a Windows 10 laptop - there was a wsl.exe update to
install.

The WSL version I had installed was from the Microsoft store as version 1.0
After the latest update today 20230307: wsl.exe --version reports

WSL version: 1.1.3.0
Kernel version: 5.15.90.1
WSLg version: 1.0.49
MSRDC version: 1.2.3770
Direct3D version: 1.608.2-61064218
DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows version: 10.0.19045.2546

Essentially, as you do your updates so updated kernels get posted as part
of Windows Update from Microsoft.

Hope this helps,

Andy Cater

Re: Windows Subsystem for Linux Debian

[didier gaumet]

Le 07/03/2023 à 21:17, Richmond a écrit :

I have Debian 11 on Windows Subsystem for Linux, but it is using a
version 4 kernel. (I have established that it is debian 11 by looking in
/etc/issue, and /etc/apt/sources). The Kernel says it is Microsoft:

4.4.0-19041-Microsoft #2311-Microsoft

So I guess this is not really a kernel? as the version is a Windows
version number, although I am on Windows 19045.2604.

Who supports Debian 11 for WSL? It is in the Microsoft Store. Why is it
on version 4 kernel?


Hello,

Warning: I do not use WSL1/WSL2
 but I would say that your Debian was installed as a WSL1 distro 
(typical 4.4 pseudo linux kernel (translator, sort of)) and you could 
migrate it to WSL2 (5.15 kernel presently, in a Hyper-V VM).

https://learn.microsoft.com/en-us/windows/wsl/compare-versions
https://superuser.com/questions/1628023/check-wsl-version-1-or-2-inside-the-linux-installation
https://learn.microsoft.com/en-us/windows/wsl/kernel-release-notes

Re: Unable to associate to mobile hotspot

[Timothy M Butterworth]

On Tue, Mar 7, 2023 at 9:44 AM David Wright 
wrote:

> On Tue 07 Mar 2023 at 11:56:09 (+0100), Lucio Crusca wrote:
> >
> > I've read through the forum posts you linked, and the ones linked
> > therein. I'm afraid it's quite a different problem. My wifi connection
> > has no stability issues: it just refuses to associate to this specific
> > hotspot, but it works like a charm with others. My logs do not show
> > the CTRL-EVENT-BEACON-LOSS message. My network adapter is not Atheros.
> >
> > At any rate, I've tried adding "intel_iommu=off" to my kernel
> > parameters and rebooted, but nothing changed.
>
> In view of:
>
> wlp4s0: disassociated from e2:…:a9 (Reason: 2=PREV_AUTH_NOT_VALID)
> wlp4s0: CTRL-EVENT-DISCONNECTED bssid=e2:…:a9 reason=2
> wlp4s0: WPA: 4-Way Handshake failed - pre-shared key may be incorrect
> wlp4s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="papospot" auth_failures=1
> duration=10 reason=WRONG_KEY
>

According to these messages your WPA Pre-Shared Key is wrong. You can try
to disable WPA and connect to it as an open network temporarily just to
test the hardware and drivers.



> have you tried to get more information with this option in
> wpa_supplicant:
>
>-K Include keys (passwords, etc.) in debug output.
>
> You'd probably need to redact the logs, were you to post them.
>
> Cheers,
> David.
>
>

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Re: Windows Subsystem for Linux Debian

[John Hasler]

 Richmond writes:
> Who supports Debian 11 for WSL? It is in the Microsoft Store. Why is
> it on version 4 kernel?

No one here knows what changes Microsoft made in the process of
producing WSL or why they made them.  Ask Microsoft.
-- 
John Hasler 
j...@sugarbit.com
Elmwood, WI USA

Windows Subsystem for Linux Debian

[Richmond]

I have Debian 11 on Windows Subsystem for Linux, but it is using a
version 4 kernel. (I have established that it is debian 11 by looking in
/etc/issue, and /etc/apt/sources). The Kernel says it is Microsoft:

4.4.0-19041-Microsoft #2311-Microsoft

So I guess this is not really a kernel? as the version is a Windows
version number, although I am on Windows 19045.2604.

Who supports Debian 11 for WSL? It is in the Microsoft Store. Why is it
on version 4 kernel?

Re: Building binary package, howto enable init.d/systemd start

[Alexandre Rossi]

Hi,

> i am trying to build a binary debian package consisting of a python
> script, shell scripts and a config file as daemon with either init.d or
> systemd start.
> 
> The init.d script gets installed also the systemd file, but both are not
> enabled.

[...]

> In debian/rules is:
> 
> #!/usr/bin/make -f
> 
> DH_VERBOSE=1
> 
> %:
>   dh $@
> clean:
>   @# Do nothing
> 
> build:
>   @# Do nothing
> 
> binary:

[...]

I suggest you use override_dh_auto_install instead or better use
debian/install (man dh_install) for what you do in this target.

> I have the strange feeling the entire postinstall stuff is missing.
> Is there a significant typo somewhere so obvious I am to stupid to see?

I think that overriding the binary target breaks debhelper.
 
[...]

> If there is a distribution like Mint Tessa for example, how does the
> system decide which startmethod to choose, if init.d and systemd are
> enabled successfully? I see a mix of init.d and systemd there regading
> starting stuff.

Your package will support both and the magic will happen at package
install phase. I think dh_installinit and dh_installsystemd generate
the postinst scripts that make this happen.

Cheers,

Alex

Re: No /

[tomas]

On Tue, Mar 07, 2023 at 05:33:45PM +0100, Michael Lee wrote:
> Is it possible to reinstall the system and still retain the settings,
> logins, etc.? 

That depends on what you understand by "settings, logins, etc".

As others have said in this thread: what are you trying to achieve?
Why do you want to reinstall the system?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: No /

[Nicolas George]

Alain D D Williams (12023-03-07):
> > Is it possible to reinstall the system and still retain the settings,
> > logins, etc.? 
> This is what backups are for.

No it is not, that is complete nonsense.

-- 
  Nicolas George


signature.asc
Description: PGP signature

Re: No /

[Jeffrey Walton]

On Tue, Mar 7, 2023 at 11:34 AM Michael Lee  wrote:
>
> Is it possible to reinstall the system and still retain the settings, logins, 
> etc.?

Also see Data Management,
https://www.debian.org/doc/manuals/debian-reference/ch10.en.html .

Jeff

Re: No /

[Alain D D Williams]

On Tue, Mar 07, 2023 at 05:33:45PM +0100, Michael Lee wrote:
> Is it possible to reinstall the system and still retain the settings,
> logins, etc.? 

This is what backups are for. I assume that you have something.

> Michael Lee

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: No /

[Dan Ritter]

Michael Lee wrote: 
> Is it possible to reinstall the system and still retain the settings,
> logins, etc.? 

Not as such.

That said: what do you actually want to accomplish? There may be
ways to do what you want with less effort.

-dsr-

Re: No /

[Charles Curley]

On Tue, 07 Mar 2023 17:33:45 +0100
Michael Lee  wrote:

> Is it possible to reinstall the system and still retain the settings,
> logins, etc.? 

If you mean do a fresh installation, probably not.

First off, make sure you back up everything you are likely to want. You
can restore from your backups after the installation. You should be
doing regular backups anyway.

You can mitigate some of this by having a separate /home directory, but
that introduces new problems: old versions of users' configuration
files may not work with new versions of the software, or may not be
exactly what you want. But that doesn't preserve system settings in
/etc (where login information resides) and elsewhere.

I make backups of stuff I am likely to want (/etc, e.g.). After a new
installation, I copy the backups to a separate directory in /. If I
find I need an old version of a file, it's right there.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Forcing dhclient to not ignore tun0 interface when it's available

[davenull]

On 2023-03-07 16:20, Max Nikulin wrote:

On 06/03/2023 19:17, davenull wrote:

On 2023-03-03 06:22, Max Nikulin wrote:


Perhaps the opposite. dhclient running for enp2s0f0 should detect 
that

VPN is active and to avoid overwriting DNS settings that direct
requests to tun0.


Yes, indeed. I want dhclient to NOT overwrite /etc/resolv.conf when 
VPN is active. OR to use tun05 when it tries to renew the lease

...
If anyone has a good documention on how to configure openresolv 
correctly to use it with openconnect.


People suggested openvpn scripts and dhclient hooks in this thread. It
should be enough to write a couple of scripts that conditionally
update resolv.conf. I am not sure that it is possible to provide
configuration that would work out of the box. If you are seeking a
ready to use recipe, perhaps you should ask openvpn community.

I used network-manager-openconnect-gnome for some time and it was
enough to fill some fields in a GUI form for minimal working
configuration.


If it was for personal need, I wouldn't mind spending time with trial 
and error… but it's not.


That hook stuff might be enough for someone who either use a similar 
environnent/tools as the script's
OR known well enough both openconnect/connmann/openresolv, as well as 
openVPN… So they can easily adapt such hooks to different tolls


I use neither OpenVPN¹ for work nor network-manager. So hooks need to be 
adapted BUT my knowledge of openconnect is limited, let alone openresolv 
(0 knowledge)
So having some documentation "beginner-friendly" would actually make a 
big difference to help me achieving that in a reasonable amount of time


Not having a documentation means tinkering, and trial and error and 
spending (too much) time on it.

Sure it might work, but I requires more time and energy I can't afford.

During remote-work, extra hours are simply ignored. So I either thinker 
to make things work with near 0 knowledge of these tools, or do my 
actual.


And I'm not planning spending my free time debugging work's related 
stuff (anymore, did that mistake too often).
Workplace idiotic policy about both extra-hours during remote work AND 
on-site extra-hours if one leaves work the office
after 6:30 pm (clocking terminal configured to ignore working time after 
that) sc***ed me more than once during incidents.


So I'm clearly being lazy this time. I'd rather find a solution which is 
relatively "easy and fast" to implement, than work for free


1. Because, according to workspace staff who "choose" (a.k.a listened to 
marketing people) cisco crap… cisco blackbox with it's binary spyware 
(CSD idiocy) is "more secure"…

Re: No /

[Greg Wooledge]

On Tue, Mar 07, 2023 at 05:33:45PM +0100, Michael Lee wrote:
> Is it possible to reinstall the system and still retain the settings,
> logins, etc.? 

I'm assuming you already know about /home and have already taken care
of it.

To answer the question: yes, but not easily.  What you'll want to
do is make a backup copy of the /etc directory before reinstalling.
Then after reinstalling, carefully merge the contents of the old files
into the new files.

For local login accounts, you care about these files:

/etc/passwd
/etc/shadow
/etc/group

Merge the relevant lines (only the accounts *you* added, which correspond
to real humans, not the system accounts) from the backup files into the
reinstalled files, and use the "id" command and friends to verify that
they're working.

If you have user crontabs, you will need to move those over as well.  The
easiest way would be to save the output of "crontab -l" to a file before
the reinstall, and then use "crontab < my-saved-file" afterward, for
each user account that has a crontab.  If you prefer a lower-level approach,
the files are in /var/spool/cron/crontabs/.

For other "settings", whatever that word means, you'll need to find
the relevant files and once again merge contents from the backup version
into the reinstalled version.  This only applies to system-wide
configurations, not to personal settings.  Personal settings are in
/home and would be taken care of simply by not touching /home during
the reinstall.

You might want to start by making a list of all the things you care about,
which you want to migrate to the new system.  Figure out where all of
the files are, which pertain to those things.  Figure out how you'll merge
those files into the reinstalled system.  Just having a list, and having
gone through the mental effort of researching each thing, can make a big
difference.

No /

[Michael Lee]

Is it possible to reinstall the system and still retain the settings,
logins, etc.? 

Michael Lee

Re: Forcing dhclient to not ignore tun0 interface when it's available

[davenull]

On 2023-03-07 05:01, David Wright wrote:

On Mon 06 Mar 2023 at 13:34:52 (+0100), daven...@tuxfamily.org wrote:

On 2023-03-03 16:00, Max Nikulin wrote:
> On 03/03/2023 13:29, Tim Woodall wrote:
> > On Fri, 3 Mar 2023, Max Nikulin wrote:
> > >
> > > dhclient running for enp2s0f0 should detect that VPN is
> > > active and to avoid overwriting DNS settings that direct
> > > requests to tun0.
> > >
> > The hook can create and delete a file like rhis:
> > tim@dirac:/etc/dhcp (none)$ cat dhclient-enter-hooks.d/nodnsupdate
> > make_resolv_conf() {
> >  :
> > }
>
> I agree that VPN script may add and remove dhclient hook or may write
> some file in /run that is read by dhclient hook. They should cooperate
> in some way. In more versatile configuration domain resolution may be
> per-interface. E.g. hosts from the corporate domain are resolved
> through tun0, other sites through enp2s0f0.

I agree about cooperation. BUT  It would be much easier if everything
is resolved through workplace's resolver whenever openconnect is
active.


I don't see how your workplace's resolver can resolve addresses on
your own LAN.


Well, I meant resolving anything on the Internet + work's private 
network. Not on my LAN


It obviously can't resolve hostnames on my LAN, but for the time being, 
there's actually nothing on LAN I'd want to resolve.


I have a network printer which I use once in a while, but it configured 
in CUPS by IP, not by (its 3 km long, weird,) hostname.
And I don't use it often enough (so it's mostly off to save electricity) 
to spend time
to create/test (then script) a route specifically for anything 
192.168.1.0/192.0168.0.0 while the VPN is on.

So for the printer is inaccessible either way when the VPN is on

The printer being only thing on my which I might need to resolve… maybe 
one day.
But it has a weird hostname harder to remember than it's IP (not sure if 
I can change the hostname for something human-readable…,

still learning about its capabilities and menus),
And I don't use it daily. So I'm OK with not being able to print with 
VPN connected


Granted, I might want to exclude 192.168.0|1.0 from requests sert to 
workplace resolver. But I certainly
don't to think about each (sub)domain and whether it's should/can be 
resolved by worksplace or

not




If I have to specify all the domains I want to be resolved using tun0
interface,
It would be annoying to configure and error-prone. Because there
multiple "private"
different domains, in additions to private subdomains, of
publicly-accessible "parent" domains.


I was under the impression that the fifty-odd functions in the
vpnc-script we discussed earlier had a role in setting your
resolvers and routing for the tunnel with the environment parameters.


Not to mention redirections for SSO/authentication (depending on the
tool/server/where's it hosted, it not the same LDAP server),
or tools which multiple servers but without load-balancer/unique URL
for access. You just arrive on one of the servers.
Some kind of load balancing but different FQDN for each server of the
pool.

And some tools have literally multiples redirections before the home
page, across different domains and subdomains


I'm guessing that you're talking here about stuff at the other
end of the tunnel? Presumably they have sysadmins setting that up.

Cheers,
David.

Re: Forcing dhclient to not ignore tun0 interface when it's available

[davenull]

Hello

On 2023-03-07 05:01, David Wright wrote:

On Mon 06 Mar 2023 at 13:17:23 (+0100), daven...@tuxfamily.org wrote:

On 2023-03-03 06:22, Max Nikulin wrote:
> On 03/03/2023 10:08, Tim Woodall wrote:
> > New to this thread, so might be totally off-piste but openvpn
> > has hooks
> > to run scripts like this:
> ...
> > This is server side but the route-up/pre-down work client side too.

Since it's workplace's VPN, which I don't have access to, I can't do
anything which requires server-side access.
Plus, it's a Cisco VPN. I don't anything aout cisco stuff. I'm more
familiar with openVPN

> >
> > Presumably you can do something here to renew dhcp leases or restore
> > resolv.conf.
>
> Perhaps the opposite. dhclient running for enp2s0f0 should detect that
> VPN is active and to avoid overwriting DNS settings that direct
> requests to tun0.

Yes, indeed. I want dhclient to NOT overwrite /etc/resolv.conf when
VPN is active. OR to use tun05 when it tries to renew the lease

One person at work suggested to use resolvectl/resolvconf but after
looking at it, I noticed it requires using sytemd-resolved, which
I don't use.


  Package: resolvconf
  Depends: lsb-base (>= 4.1+Debian3), debconf (>= 0.5) | debconf-2.0

AIUI systemd-resolved is a replacement for openresolv, and it's
systemd-networkd that can work alongside openresolv.


As an alternative, there is openresolv, which seems work without
resolved. But I failed to find any document on how to useit with
openconnect.


Yes, no dependencies.

Openconnect will supply openresolv with the information it needs
when the vpnc-script that we discussed earlier runs. It's at the
function "modify_resolvconf_manager", around line 690.


The official website config page only gives parameters for some
well-known local resolvers, including unbound.


It also covers Bind, named (a part of bind), and dnsmasq
(mentioned in that script). All these are in Debian.


Yes. but I don't need any of these, or other local (at in localhost) 
resolver.

So that official page isn't helpful in my case.




If anyone has a good documention on how to configure openresolv
correctly to use it with openconnect.


I see that the openresolv wiki at Arch has a section on openconnect.
Obviously you may need to "bend" their pages when consulting them
for Debian.



Will check that out. I just realized "resolvconf" command in the script 
given
in openconnect's Arch wiki page is not necessarily resolvclt and might 
as well
refer to openconnect. When I searched for keybould with both openresolv 
and openconnect,

all I've found was a (still open) 3 years issue on openconnect't gitlab.

I'll give it a try and see what's to adjust for debian, once workload 
allows that.



Thing is : years ago I used to use OpenVPN on debian on another
computer, the DHCP client was also dhclient
but I didn't to do any extra configuration, it just worked… The only
differences was an older debian version,
as the stable batk them was like Debian 7 or 8, and I was using wicd
instead. So the network stuff probably changed since then

Therefore I have no damn idea on how to configure stuff like 
openresolv.


Cheers,
David.

Re: Forcing dhclient to not ignore tun0 interface when it's available

[Max Nikulin]

On 06/03/2023 19:17, davenull wrote:

On 2023-03-03 06:22, Max Nikulin wrote:


Perhaps the opposite. dhclient running for enp2s0f0 should detect that
VPN is active and to avoid overwriting DNS settings that direct
requests to tun0.


Yes, indeed. I want dhclient to NOT overwrite /etc/resolv.conf when VPN 
is active. OR to use tun05 when it tries to renew the lease

...
If anyone has a good documention on how to configure openresolv 
correctly to use it with openconnect.


People suggested openvpn scripts and dhclient hooks in this thread. It 
should be enough to write a couple of scripts that conditionally update 
resolv.conf. I am not sure that it is possible to provide configuration 
that would work out of the box. If you are seeking a ready to use 
recipe, perhaps you should ask openvpn community.


I used network-manager-openconnect-gnome for some time and it was enough 
to fill some fields in a GUI form for minimal working configuration.

Re: Libembree, but static

[Roberto C . Sánchez]

On Tue, Mar 07, 2023 at 03:21:00PM +0100, Julien D Arques wrote:
>Hi,
>We currently have libembree in .so shared library. Is it possible for the
>maintainers to provide the static .a?
>I use the latest available in testing 3.13.5
>Thanks

I would recommend filing wishlist a bug against the libembree-dev
requesting inclusion of the static .a.  When static archives are shipped
they are generally shipped in the -dev package.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: Looking for "Package Verification with dpkg: Implementation" Document

[David Wright]

On Tue 07 Mar 2023 at 12:19:21 (+0100), Cédric Van Rompay wrote:
> 
> I was looking at [the debsig-verify project](
> https://salsa.debian.org/dpkg-team/debsig-verify) and I cannot find which
> document is refered to in this part of the man pages:
> 
> > This program implements the verification specs defined in the document,
> "Package Verification with dpkg: Implementation", which is a more complete
> reference for the verification procedure.
> >
> > source:
> https://salsa.debian.org/dpkg-team/debsig-verify/-/blob/2ce143bb7a65fff3f5e837e788f621659cb67152/doc/debsig-verify.1.in#L27
> 
> I found [this document about signatures in debian packages][2] but it
> doesn't give many details about signature verification.
> 
> Any idea which document is this refering to?
> 
> Also, I tried creating an account at https://salsa.debian.org to create an
> issue on the project, but I got a HTTP 500 error during the process.
> 
> [2]:
> https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html

You might consider installing debsigs, which contains this document
at /usr/share/doc/debsigs/debsigs.txt.gz, and dpkg-sig, which AIUI
presents an implementation example.

Cheers,
David.

Re: Unable to associate to mobile hotspot

[David Wright]

On Tue 07 Mar 2023 at 11:56:09 (+0100), Lucio Crusca wrote:
> 
> I've read through the forum posts you linked, and the ones linked
> therein. I'm afraid it's quite a different problem. My wifi connection
> has no stability issues: it just refuses to associate to this specific
> hotspot, but it works like a charm with others. My logs do not show
> the CTRL-EVENT-BEACON-LOSS message. My network adapter is not Atheros.
> 
> At any rate, I've tried adding "intel_iommu=off" to my kernel
> parameters and rebooted, but nothing changed.

In view of:

wlp4s0: disassociated from e2:…:a9 (Reason: 2=PREV_AUTH_NOT_VALID)
wlp4s0: CTRL-EVENT-DISCONNECTED bssid=e2:…:a9 reason=2
wlp4s0: WPA: 4-Way Handshake failed - pre-shared key may be incorrect
wlp4s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="papospot" auth_failures=1
duration=10 reason=WRONG_KEY

have you tried to get more information with this option in
wpa_supplicant:

   -K Include keys (passwords, etc.) in debug output.

You'd probably need to redact the logs, were you to post them.

Cheers,
David.

Libembree, but static

[Julien D Arques]

Hi,
We currently have libembree in .so shared library. Is it possible for the
maintainers to provide the static .a?
I use the latest available in testing 3.13.5
Thanks

Re: Looking for "Package Verification with dpkg: Implementation" Document

[Max Nikulin]

On 07/03/2023 18:19, Cédric Van Rompay wrote:
 > This program implements the verification specs defined in the 
document, "Package Verification with dpkg: Implementation", which is a 
more complete reference for the verification procedure.

...

Any idea which document is this refering to?


From search engine results:

http://quux.org:70/devel/debian/debsigs.txt

Package Verification with dpkg: Implementation

John Goerzen 

Version 5; January 4, 2001

Re: alias in bash script issue

[Tom Browder]

On Sun, Mar 5, 2023 at 07:20 Nicolas George  wrote:
...

> Tom Browder (12023-03-05):
> > Yes, but please use its new name, Raku. Note new releases come out
> monthly

> so you shouldn't use the Debian packages since they are way behind. We
> have


I shouldn't have said "you shouldn't use the Debian packages." I've been a
core developer since 2016 and am automatically primed to use the latest
release. The Debian version should be fine for production use.

That kind of precision does not really scream “production ready”.
>
> If a language (or a library, a framework, whatever) cannot be used
> without the latest experimental features added in the last two years,
> then it might be worth toying with as a promising novelty, but we should
> not use it for a real project, especially if we do not work alone or
> intend to release the result.


The regular releases are generally speed improvements or new features--in
general, nothing that changes any exising Raku code. Any necessary changes
are done after a long deprecation period where the user can have adequate
warning and preparation time to update his existing code.

Try it, you'll like it. I like for many reasons. Among them:

+ it is C-like in its use of curly braces (and not weird whitespace like
Python, ugh)
+ its kebab-case as in:
   my $first-name = 'Tom';
+ easy use of classes
+ much easier to use than Perl (much less so-called "line noise")
+ huge set of built-in routines
+ easy to create and use public add-on modules
+ great built-in math capability

New users don't have to use the great power available all at once. It's
easy to get started building practical things. If I were building GnuCash
from scratch, I would use Raku and JSON instead of C, Scheme, and XML.

I hope to see you on IRC #raku.

Best regards,

-Tom

Looking for "Package Verification with dpkg: Implementation" Document

[Cédric Van Rompay]

Hi,

I was looking at [the debsig-verify project](
https://salsa.debian.org/dpkg-team/debsig-verify) and I cannot find which
document is refered to in this part of the man pages:

> This program implements the verification specs defined in the document,
"Package Verification with dpkg: Implementation", which is a more complete
reference for the verification procedure.
>
> source:
https://salsa.debian.org/dpkg-team/debsig-verify/-/blob/2ce143bb7a65fff3f5e837e788f621659cb67152/doc/debsig-verify.1.in#L27

I found [this document about signatures in debian packages][2] but it
doesn't give many details about signature verification.

Any idea which document is this refering to?

Also, I tried creating an account at https://salsa.debian.org to create an
issue on the project, but I got a HTTP 500 error during the process.

[2]:
https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html

-- 
Cédric Van Rompay (Confluence Profile)

Leader of the Software Integrity and Trust team

Datadog Paris Office.

Re: Unable to associate to mobile hotspot

[Lucio Crusca]

Il 04/03/23 05:23, Rodrigo Cunha ha scritto:

What is your kernel?


Linux t470 6.1.0-5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.12-1 
(2023-02-15) x86_64 GNU/Linux



I saw in a forum from Arch that a problem in the kernel is causing this. 


I've read through the forum posts you linked, and the ones linked 
therein. I'm afraid it's quite a different problem. My wifi connection 
has no stability issues: it just refuses to associate to this specific 
hotspot, but it works like a charm with others. My logs do not show the 
CTRL-EVENT-BEACON-LOSS message. My network adapter is not Atheros.


At any rate, I've tried adding "intel_iommu=off" to my kernel parameters 
and rebooted, but nothing changed.

Re: nvidia-driver gets a code 1

[Anssi Saari]

Charles Kroeger  writes:

> Where is this nvidia-open-kernel-525.89.02 ?

Seems like it's lost to history. Bookworm non-free has
nvidia-open-kernel-525.85.12.

So maybe you just need to run apt update to have up to date package
lists and then run apt upgrade?

> There was an advisory by Andreas Beckmann the firmware-gsp package being
> moved to the newly created 'non-free-firmware' archive area. 

nvidia-driver is a device driver, not firmware so it remains in non-free
even in Bookworm. https://packages.debian.org/ is a handy website to
search for packages and it shows in which repository a package is
found. Not to say it's a bad idea to add the new non-free-firmware repo
since a lot of computers are going to need that.

If you have issues with apt, post /etc/apt/sources.list and contents of
any files in /etc/apt/sources.list.d

nvidia-driver gets a code 1

[Charles Kroeger]

System Information
GTK 3.24.36 / GLib 2.74.5
Locale: en_US.UTF-8 (charset: UTF-8)
Operating System: Linux 6.1.0-3-amd64 (x86_64)
aka Debian 12 bookworm/testing

I ran nvidia-detect:

~# nvidia-detect
Detected NVIDIA GPUs:
01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP108 [GeForce
GT 1030] [10de:1d01] (rev a1)

Checking card:  NVIDIA Corporation GP108 [GeForce GT 1030] (rev a1)
Your card is supported by all driver versions.
Your card is also supported by the Tesla drivers series.
Your card is also supported by the Tesla 470 drivers series.
It is recommended to install the
nvidia-driver

on doing a dist-upgrade dpkg says this:

dpkg: dependency problems prevent configuration of nvidia-driver:
 nvidia-driver depends on nvidia-kernel-dkms (= 525.89.02-1) |
nvidia-kernel-525.89.02 | nvidia-open-kernel-525.89.02 |
nvidia-open-kernel-525.89.02; however:
  Version of nvidia-kernel-dkms on system is 515.86.01-1.
  
Package nvidia-kernel-525.89.02 is not installed.
 Package nvidia-open-kernel-525.89.02 is not installed.
 Package nvidia-open-kernel-525.89.02 is not installed.

This wouldn't seem too much of a problem, just install
nvidia-open-kernel-525-89.02, right?

# apt install nvidia-open-kernel-525.89.02
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package nvidia-open-kernel-525.89.02 is not available, but is referred to
by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

Where is this nvidia-open-kernel-525.89.02 ?

There was an advisory by Andreas Beckmann the firmware-gsp package being
moved to the newly created 'non-free-firmware' archive area. 

This area needs to be enabled in
  /etc/apt/sources.list (/etc/apt/sources.list.d/*.list) in addition to
  'non-free' in order to upgrade to the 525 driver series.

He gives this locaton:
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#non-free-split

however my /etc/apt/sources.list uses a different syntax to the location
Andreas has given and so it can't be read. I attempted to make his location
fit the syntax but then apt didn't trust the site and wouldn't use it in
the update

I need to get nvidia-driver working.  Without this driver there is also no
sound. I did make an image of the drive before doing the upgrade or I
wouldn't be writing this.

I did a dpkg -s nvidia-driver and got a lot of stuff about it but there was
this:

Please see the nvidia-kernel-dkms (nvidia-open-kernel-dkms)
 or nvidia-kernel-source (nvidia-open-kernel-source) packages
 for building the kernel module required by this package.
 This will provide nvidia-kernel-525.89.02
 (nvidia-open-kernel-525.89.02).

C. Kroeger --help

Re: service vs systemctl

[Tixy]

I accidentally deleted a sentence in my last reply, here's the
corrected version...

On Tue, 2023-03-07 at 15:38 +0800, Ken Young wrote:
> Hello
> 
> For debian 11, service is just a wrapper to systemctl, is it right?

It's a 217 line shell script and looking at it it checks for which init
system is in use. So if you have systemd (Debian's default now) then
yes, it will call systemctl.

> So for server management, both commands below have the same results.
> 
> sudo service nginx start
> sudo systemclt start nginx
> 

They may not be the same, e.g. under the section of the script dealing
with both stop and start is this comment

# Follow the principle of least surprise for SysV people:
# When running "service foo stop" and foo happens to be a service that
# has one or more .socket files, we also stop the .socket units.
# Users who need more control will use systemctl directly.

Personally, I still use 'service' through habit and won't change until
it doesn't do what I expect.

Re: service vs systemctl

[Tixy]

On Tue, 2023-03-07 at 15:38 +0800, Ken Young wrote:
> Hello
> 
> For debian 11, service is just a wrapper to systemctl, is it right?

It's a 217 line shell script and looking at it it checks for which init
system is in use. So if you have systemd (Debian's default now) then
yes, it will call systemctl.

> So for server management, both commands below have the same results.
> 
> sudo service nginx start
> sudo systemclt start nginx
> 

# Follow the principle of least surprise for SysV people:
# When running "service foo stop" and foo happens to be a service that
# has one or more .socket files, we also stop the .socket units.
# Users who need more control will use systemctl directly.

Personally, I still use 'service' through habit and won't change until
it doesn't do what I expect.

-- 
Tixy