Re: Domain name to use on home networks

[Stefan Monnier]

> I would have thought that techies understand its origins, and
> non-techies are fairly unlikely ever to encounter it.

That's the thing: if you use `home.arpa` for your home network, suddenly
it's exposed to non-techies, like your friends and family, contrary to
things like `in-addr.arpa`.


Stefan

Re: Panic again

[tomas]

On Thu, Oct 26, 2023 at 05:22:37PM -0400, Cindy Sue Causey wrote:

[...]

> An afterthought up top here: Is there a program that will snag and
> retain boot messages specifically geared toward systems that never
> fully boot? [...]

That depends on what you consider "boot messages". Surely you can
only start retaining stuff once you have managed to mount a writable
medium for the first time, which is pretty late in the boot process
(you miss all that interesting early kernel and initramfs action).

There are ways to dump all that via an interface (serial, net),
but then you need to set up things (including another computer
ready and willing to catch and store all that output).

> Has chroot been suggested and/or attempted? I'm imagining that it was
> possibly yes, suggested.

What has been tried is either taking file system snapshots (either
through LVM or with a snapshot capable file system) or installing
in an overlayfs, yes.

I think it hasn't stuck because of the added complexity. I know
I wouldn't use that for esactly that reason. Debian upgrades have
proven to be so rock solid that I just don't see it as a compelling
choice.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Instalación fallida de Ungoogled-Chromium appimage.

[tomas]

On Thu, Oct 26, 2023 at 10:13:36PM +0200, casadellabra...@tutanota.com wrote:
> Buenos días.
> Soy novato en el uso de Debian GNU/Linux 11 bullseye (x86-64), Cinnamon 
> 4.8.6; núcleo Linux: 5.10.0-26-amd64; procesador: Intel© Core™2 CPU T5600 @ 
> 1.83GHz × 2, RAM 2,9 GiB; tarjeta gráfica: Advanced Micro Devices, Inc. 
> [AMD/ATI] RV515/M52 [Mobility Radeon X1300] (prog-if 00 [VGA controller]).

No tengo mucha idea sobre AppImages, así que no te puedo ayudar
con tu pregunta original.

I haven't much knowledge about AppImages, so I can't help you
with your original question.

> PD: No hablo ni entiendo bien inglés, así que les anexo una traducción 
> realizada con DeepL.

Quizás en ese caso la lista en castellano sea mejor para ti:

Perhaps, in that case, the Spanish Debian mailing list is
better for you:

  https://lists.debian.org/debian-user-spanish/

Cheers/Saludos cordiales
-- 
tomás


signature.asc
Description: PGP signature

Re: Domain name to use on home networks; was: Bookworm:NetworkManager

[David Wright]

On Thu 26 Oct 2023 at 07:58:45 (+0800), jeremy ardley wrote:
> On 26/10/23 07:24, David Wright wrote:
> > > Or if you already have a domain, you can use a subdomain. eg. I have
> > > rail.eu.org, and at home it is depot.rail.eu.org
> > I'm not sure how that would work when my home network
> > is on a different continent from my domain's hosting.
> 
> This is no problem asides from DNS.
> 
> You will have DNS records set up for your hosted service  with public
> IP addresses. It's quite straight forward to add a subdomain and
> assign non routable IP addresses to it.
> 
> Downside is it will look odd to an observer, and will leak some info
> about your internal network.
> 
> As an alternative you can still use the same naming convention but not
> put it in the public domain. This will require you to set up your own
> internal DNS service or hosts files and have DNS queries resolved
> locally without going to the external DNS server.

I use hosts files, as my inexpensive router has no DNS facility to
parallel its DHCP service. Setting up an internal DNS would just be
extra work, another chance of inconsistency, and depend on an
individual machine always being up.

My machines send external DNS requests to the router, which is
configured to forward them to Google. Currently I still use .corp
as my domain name, and find it least confusing if anything with
"lionunicorn…" in it is an external address.

Cheers,
David.

Re: Domain name to use on home networks

[David Wright]

On Wed 25 Oct 2023 at 22:42:07 (-0400), Stefan Monnier wrote:
> >> It's just such a shame that they chose a name which refers to "arpa"
> >> in it, which is not only US-centric but even belongs to the US's war
> >> department, which I find rather unpalatable.
> >> I understand ARPA was closely related to the beginnings of the Internet,
> >> but...  couldn't they choose something a bit more neutral?

It's hardly surprising that the TLD of the ARPA Internet's naming
system was called arpa. It kinda chose itself. And hardly surprising
that it was US-centric as the ARPA Internet was a US commission.
At the time, there was no global Internet to be neutral about: the
ARPA Internet was one of several networks in the US, let alone
in the world.

DNS was running by at least 1983 (see RFCs 882/3), and I'm looking
at an email from December 1986 sent from (I've concealed the name)
foo%lpi.s...@star.stanford.edu%stanf...@uk.ac.rl.earn via Decnet,
Arpanet and Bitnet, to Janet. I constructed a reverse address, and
all went well for a few months, until I received an email: "During
August messages were addressed to you from the Arpanet and came
through the UCL Internet Gateway. Please take action to become a
registered user of the Gateway as messages addressed to your address
shown in the header may soon be blocked and thus will not get to you.
No warning will be given." The guy at LPI had discovered he could
send through a new gateway at UCL.

Note that the backwards address "uk.ac.rl.earn" is not a DNS address
but a Janet hierarchical name. Just as .arpa is a historical hangover
from a long time ago, so is the .uk at the end of my address, which
is a hangover from Janet's TLD "uk.", as seen above.

> > It belongs to the Internet Architecture Board and is administered by
> > IANA which is why they chose it. It stands for "Address and Routing
> > Parameter Area” .
> 
> But that's a "backronym".
> It originally referred to the US agency.
> I totally understand the technical reasons why they decided to stick to
> this naming, but it's still grating.

I would have thought that techies understand its origins, and
non-techies are fairly unlikely ever to encounter it.

Cheers,
David.

Re: Problem with apt update (is not signed)

[Steve McIntyre]

kopecpa...@gmail.com wrote:
>
>Hello,
>
>since yesterday (2023-10-25) I received an error during the apt update 
>command:

Only since yesterday? Was it working fine previously?

>docker run -it debian:bullseye /bin/bash
>Unable to find image 'debian:bullseye' locally
>bullseye: Pulling from library/debian
>69b3efbf67c2: Pull complete
>Digest: 
>sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b
>Status: Downloaded newer image for debian:bullseye
>
>root@eb335ad71846:/# apt-get update
>Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
>Get:2 http://deb.debian.org/debian-security bullseye-security InRelease 
>[48.4 kB]
>Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
>Err:1 http://deb.debian.org/debian bullseye InRelease
>   At least one invalid signature was encountered.
>Err:2 http://deb.debian.org/debian-security bullseye-security InRelease
>   At least one invalid signature was encountered.
>Err:3 http://deb.debian.org/debian bullseye-updates InRelease
>   At least one invalid signature was encountered.
>Reading package lists... Done
>W: GPG error: http://deb.debian.org/debian bullseye InRelease: At least 
>one invalid signature was encountered.
>E: The repository 'http://deb.debian.org/debian bullseye InRelease' is 
>not signed.
>N: Updating from such a repository can't be done securely, and is 
>therefore disabled by default.
>N: See apt-secure(8) manpage for repository creation and user 
>configuration details.
>W: GPG error: http://deb.debian.org/debian-security bullseye-security 
>InRelease: At least one invalid signature was encountered.
>E: The repository 'http://deb.debian.org/debian-security 
>bullseye-security InRelease' is not signed.
>N: Updating from such a repository can't be done securely, and is 
>therefore disabled by default.
>N: See apt-secure(8) manpage for repository creation and user 
>configuration details.
>W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: 
>At least one invalid signature was encountered.
>E: The repository 'http://deb.debian.org/debian bullseye-updates 
>InRelease' is not signed.
>N: Updating from such a repository can't be done securely, and is 
>therefore disabled by default.
>N: See apt-secure(8) manpage for repository creation and user 
>configuration details.

What are you running as a host OS here? Are you running the same arch
on both the host and inside the container (i.e. i386 on i386, or amd64
on amd64)?

I've seen this kind of symptom in the past when a docker image
included software which depended on system calls only provided by a
newer kernel.

Docker is *awful* here - it doesn't actually isolate you from this
kind of mismatch; instead it hides the details of problems to make
them almost impossible to debug.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Can't keep my eyes from the circling sky,
Tongue-tied & twisted, Just an earth-bound misfit, I...

Re: Panic again

[Cindy Sue Causey]

On 10/26/23, Schwibinger Michael  wrote:
>
> Good afternoon
> Thank You for help.
>
> I ll answer into Your email
> with
> +++
>
>
> Von: Andrew M.A. Cater 
> Gesendet: Mittwoch, 25. Oktober 2023 12:04
> An: Schwibinger Michael 
> Betreff: Re: AW: AW: Panic again any idea IV
>
> On Wed, Oct 25, 2023 at 10:59:09AM +, Schwibinger Michael wrote:
>> Good morning
>>
>> Thank You.
>>
>> I do booting.
>> Crash.
>> Bug report I did send.
>>
>
> Hi Sophie,
>
> Thank you. You didn't really send a bug report
>
>
> +++
> I know.
> But how can I produce a bug report
> when the PC is frozen?


An afterthought up top here: Is there a program that will snag and
retain boot messages specifically geared toward systems that never
fully boot? It seems like I've seen that topic come up and be answered
one single time in the last ~25 years. I actually tried to find some
form of that type of program the other day when I saw an earlier
portion of this thread then. I was thinking, hoping maybe such a
program could possibly be installed via chroot if it does exist.

Now my original thought..

Has chroot been suggested and/or attempted? I'm imagining that it was
possibly yes, suggested.

If not, what about attempting a chroot to then next attempt apt or
apt-get update then upgrade?

As a user who has occasionally battled issues, I know that, ideally,
it would be nice, i.e. satisfying, to find the cause of bigger issues
like this. At some point, I also know firsthand that outing the cause
becomes less important when weighed against moving on in Life. :)

Apt/apt-get upgrade via chroot would potentially help preserve a
particular setup rather than going with a new install if that is why
this continues to be a topic.

If anyone can think of a reason why running apt/apt-get in chroot
would only stand to cause data harm in this particular situation, that
would be great to know.

My firsthand experience has been that tinkering via chroot has
eventually gotten me back up and running maybe 99% of the time,
including against multiple kernel panic-ish fails a few years ago.

Biggest reason my chroot repair attempts ever failed was due to not
properly mounting maybe 4 or 5 basic necessities that apt/apt-get use
to properly install programs. /dev and /proc come first to mind as
examples there. That knowledge came from working through the manual
steps necessary during debootstrap installs, in case that ever helps
anyone else.

Cindy :)
-- 
Talking Rock, Pickens County, Georgia, USA
* runs with a retirement state of mind *

Instalación fallida de Ungoogled-Chromium appimage.

[casadellabrador]

Buenos días.
Soy novato en el uso de Debian GNU/Linux 11 bullseye (x86-64), Cinnamon 4.8.6; 
núcleo Linux: 5.10.0-26-amd64; procesador: Intel© Core™2 CPU T5600 @ 1.83GHz × 
2, RAM 2,9 GiB; tarjeta gráfica: Advanced Micro Devices, Inc. [AMD/ATI] 
RV515/M52 [Mobility Radeon X1300] (prog-if 00 [VGA controller]).
Igualmente soy novato en el uso de esta lista de correo y no se si la utilizaré 
bien, les ruego comprensión.
Mi problema es que he descargado y he querido usar el navegador 
ungoogled-chromium_118.0.5993.88-1.1.AppImage, pero no lo he conseguido pese a 
haber marcado en Propiedades del archivo que se ejecute como un programa.
¿Alguien sabría decirme, paso a paso y para meros usuarios informáticos, si 
tengo que hacer alguna otra cosa?
Un cordial saludo.
Gerardo

PD: No hablo ni entiendo bien inglés, así que les anexo una traducción 
realizada con DeepL.

---


Good morning.
I am new to using Debian GNU/Linux 11 bullseye (x86-64), Cinnamon 4.8.6; Linux 
kernel: 5.10.0-26-amd64; processor: Intel© Core™2 CPU T5600 @ 1.83GHz × 2, RAM 
2.9 GiB; graphics card: Advanced Micro Devices, Inc. [AMD/ATI] RV515/M52 
[Mobility Radeon X1300] (prog-if 00 [VGA controller]).
I am also a newbie to this mailing list and I don't know if I will use it well, 
so please understand.
My problem is that I have downloaded and wanted to use the browser 
ungoogled-chromium_118.0.5993.88-1.1.AppImage, but I have not succeeded despite 
having marked in file properties to run as a program.
Would anyone know how to tell me, step by step and for mere computer users, if 
I have to do something else?
Best regards.
Gerardo


PS: I do not speak or understand English well, so I attach a translation made 
with DeepL.



 Enviado con Tutanota, disfruta del correo seguro y sin publicidad.

Re: EASY way to install packages from trixie/sid to stable?

[Peter Hillier-Brook]

On 26/10/2023 14:39, Hans wrote:

Hi folks,

is there a very easy way, if I want to install packages from trixie oder sid
into my bookworm installation?

I read about apt pinning, but as far as I understood, I have to name
explicitily each package I want to install from sid. This can be much work,
when installing a high number of packages.

I suppose, I then have also to install all dependencies of the packaes from
sid, even if they are related to the system.

In my case I wanted to install virtualbox from sid, as it has all packages
ready. However, virtualbox requires and depends also the newer gcc compiler
and some compiler libs, thus I took distance from installing for now.

At the moment I am not using pinning. My actual way of doing is

1. adding the sid repo into /etc/apt/sources.list

2. then aptitude -u

3. then searching for the required package and mark it as install (or
upgradeble

4. Then install, if wanted.

Yes, I know, pinning would be the better way, but it is very, very seldom, I
need to install something from a higher repo.

And yes, I know, mixing repos is no good idea, so I am using this only for
applications, which are using theire own libraries (or libs, they are only for
this special application).

Do you know another way, except pinning or my (weired) way?

Oh, last but not least, I know, Oracle has its own debian-repo for virtualbox,
but it looks somehow not well set up IMHO.


It works well for me, running Bookworm with several Trixie guests. VBox 
7.0.12 from VirtualBox.org (Oracle, obviously), obtained via a 
"sources.list.d"


Peter HB

Re: Which Virtual Manager? Was: EASY way to install packages from trixie/sid to stable?

[Andrew M.A. Cater]

On Thu, Oct 26, 2023 at 03:18:34PM -0400, Jeffrey Walton wrote:
> On Thu, Oct 26, 2023 at 1:24 PM Hans  wrote:
> >
> > Am Donnerstag, 26. Oktober 2023, 19:03:15 CEST schrieb Michael Kjörling:
> > This is interesting information! Looks like KVM and Virt-Manager are better
> > and faster than Virtualbox.
> 
> libvirt is also available on Fedora, while Virtual Box is not. On
> Fedora, you have to build Virtual Box from sources, and configure DKMS
> to rebuild it for each kernel upgrade.
> 
> So if you want a virtualization platform that just works just about
> everywhere, then choose libvirt/QEMU/KVM.
> 
> Jeff
>

Apt-get install virt-manager will pull in all the associated qemu/KVM
packages you might need. It should be at least as straightforward to
use as Virtualbox.

I use this for testing when we do the testing for every Debian point release
- it's straightforward.

Andy 

Re: Problem with apt update (is not signed)

[Darac Marjal]

As another data point, I've tried the following:

$ docker run -it debian apt update

$ docker run -it debian:bullseye apt update

$ docker run -it 
debian@sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b 
apt update


And these all complete successfully:

❯ docker run -it 
debian@sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b 
apt update

Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://deb.debian.org/debian-security bullseye-security InRelease 
[48.4 kB]

Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:4 http://deb.debian.org/debian bullseye/main amd64 Packages [8062 kB]
Get:5 http://deb.debian.org/debian-security bullseye-security/main amd64 
Packages [256 kB]
Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages 
[17.4 kB]

Fetched 8544 kB in 2s (4269 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

So this would rule out an issue with the docker image. Instead, the only 
difference would be which mirror you pulled from. 
https://deb.debian.org/ is the mirror service provided by Fastly. 
Fetching URLs on deb.debian.org will transparently redirect you to a 
mirror close to you.


Now, it's possible that the mirror was in the process of updating. It's 
also (less likely) possible that someone tampered with the mirror (and 
so the failing signatures did exactly what they're supposed to do, 
prevent you downloading malicious software).


Unfortunately, unless you can identify which mirror you were directed 
to, it will be difficult for you to know who to notify.



On 26/10/2023 07:29, Paweł Kopeć wrote:


Hello,

since yesterday (2023-10-25) I received an error during the apt update 
command:


docker run -it debian:bullseye /bin/bash
Unable to find image 'debian:bullseye' locally
bullseye: Pulling from library/debian
69b3efbf67c2: Pull complete
Digest: 
sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b

Status: Downloaded newer image for debian:bullseye

root@eb335ad71846:/# apt-get update
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://deb.debian.org/debian-security bullseye-security 
InRelease [48.4 kB]

Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Err:1 http://deb.debian.org/debian bullseye InRelease
  At least one invalid signature was encountered.
Err:2 http://deb.debian.org/debian-security bullseye-security InRelease
  At least one invalid signature was encountered.
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian bullseye InRelease: At 
least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye InRelease' is 
not signed.
N: Updating from such a repository can't be done securely, and is 
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user 
configuration details.
W: GPG error: http://deb.debian.org/debian-security bullseye-security 
InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian-security 
bullseye-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is 
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user 
configuration details.
W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: 
At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye-updates 
InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is 
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user 
configuration details.


Where I should send this problem?

Regards



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Which Virtual Manager?

[Hans]

Yes, a little bit "googleing" showed me that way. However, it looks, that none 
of the other solutions can import OVA via the graphical interface. 

However, for me the CLI will be ok, but I am lazy and would like to do it 
graphical, if possible. 

But looks like none of the other solutions are capable of this. It is a pity, 
but ok.

Thanks for the advice anyway

Best regards

Hans

> I think you can use `qemu-img convert -f vdi -O qcow2` to convert from
> a VDI disk image to a QCOW2 or raw disk image, which QEMU/KVM in turn
> can use. (qemu-img convert can also convert to and from many other
> formats; see the output of qemu-img --help.) Compared to raw disk
> images, QCOW2 adds a number of nice features, not least of which disk
> snapshots.
> 
> In Debian, qemu-img is packaged in qemu-utils (in Bookworm, at least).
> 
> Apparently, a OVA is just a tarball of a hard disk image and a XML
> file describing the VM. It shouldn't be too difficult to convert the
> disk image and then create a similar KVM VM using the information in
> the XML file. It looks like there's a tool named virt-v2v which can do
> the conversion, although I have never had a need to try it.

Re: Which Virtual Manager?

[Michael Kjörling]

On 26 Oct 2023 17:23 +0200, from hans.ullr...@loop.de (Hans):
> I installed aqemu (a GUI for qemu), virt-manger (a little bit complex GUI) 
> and 
> virtualbox (from Oracle, but without guest-additions annd ext-pack).

You generally shouldn't install multiple hypervisors on the same
system. I have seen fairly sternly worded warnings against having
VirtualBox and KVM/QEMU installed simultaneously on the same host.
(They probably can _coexist_, but trying to _run_ both at the same
time may well cause issues.) There should be no problems with using
different front-ends for the same hypervisor, however; I regularly use
both virt-manager and the command-line utilities (including
virt-install and virsh) depending on what I need.


> Virtualbox is easy to use, but I like AQEMU, too (it is using KVM).
> 
> Are the other solutions capable, to import and export OVA or VDI?

I think you can use `qemu-img convert -f vdi -O qcow2` to convert from
a VDI disk image to a QCOW2 or raw disk image, which QEMU/KVM in turn
can use. (qemu-img convert can also convert to and from many other
formats; see the output of qemu-img --help.) Compared to raw disk
images, QCOW2 adds a number of nice features, not least of which disk
snapshots.

In Debian, qemu-img is packaged in qemu-utils (in Bookworm, at least).

Apparently, a OVA is just a tarball of a hard disk image and a XML
file describing the VM. It shouldn't be too difficult to convert the
disk image and then create a similar KVM VM using the information in
the XML file. It looks like there's a tool named virt-v2v which can do
the conversion, although I have never had a need to try it.

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: EASY way to install packages from trixie/sid to stable?

[exceptbees]

> Do you know another way, except pinning or my (weired) way?
> 
> Oh, last but not least, I know, Oracle has its own debian-repo for virtualbox,
> but it looks somehow not well set up IMHO.

The latest version of Virtualbox for bookworm is available from the Fast 
Track repository [1] [2]. I've been using it for a couple of months, 
haven't encountered any problems.

The instructions at [1] are for bullseye, the codename should be changed 
to 'bookworm' for it to work.

[1] https://fasttrack.debian.net/
[2] https://wiki.debian.org/FastTrack

Cheers,
exceptbees

Which Virtual Manager? Was: EASY way to install packages from trixie/sid to stable?

[Hans]

Am Donnerstag, 26. Oktober 2023, 19:03:15 CEST schrieb Michael Kjörling:
This is interesting information! Looks like KVM and Virt-Manager are better 
and faster than Virtualbox. 

Obviously it seems (regarding to other people), these solutions are more 
stable, too.

That looks great, as I am not so happy of beeing dependent on Oracle.

However, often I get some Images as OVA files, but I still could not get, how 
to import OVA files to Virt-Manager or KVM.

A graphical way is preferred, but if not possible, also the CLI way will be 
acceptable

I installed aqemu (a GUI for qemu), virt-manger (a little bit complex GUI) and 
virtualbox (from Oracle, but without guest-additions annd ext-pack).

Virtualbox is easy to use, but I like AQEMU, too (it is using KVM).

Are the other solutions capable, to import and export OVA or VDI?

Best

Hans

> On 26 Oct 2023 21:37 +0500, from avbe...@gmail.com (Alexander V. Makartsev):
> > I don't use virtualbox (KVM does everything and more for me) so I can't
> > vouch for the quality of packages from Oracle.
> 
> I switched from VirtualBox to KVM at one point; as I recall a Debian
> kernel upgrade broke VirtualBox and still after two weeks or so Oracle
> hadn't updated their for-Debian repository with a version that
> incorporated a fix. (This was the respective "stable" versions at the
> time, and while I don't recall the details, the breakage made
> VirtualBox useless for my use case.) I had planned to do such a
> migration anyway; the breakage just somewhat forced the issue.
> 
> KVM/QEMU/virt-manager and friends perhaps aren't as streamlined for
> the typical end user who just wants to quickly spin up a VM with
> minimal hassle, but they are also very much more powerful if you're
> willing to do a little reading. (For example, I had to do a fair bit
> of digging to figure out how to get guest networking to work reliably
> without turning off the host firewall.[1]) This is in line with their
> respective intended usage: VirtualBox is at best a power user tool,
> whereas KVM is intended for large server deployments but _can_ be used
> on workstation virtualization hosts as well.
> 
> [1]
> https://michael.kjorling.se/blog/2022/linux-kvm-host-nftables-guest-network
> ing/

Re: EASY way to install packages from trixie/sid to stable?

[Michael Kjörling]

On 26 Oct 2023 21:37 +0500, from avbe...@gmail.com (Alexander V. Makartsev):
> I don't use virtualbox (KVM does everything and more for me) so I can't
> vouch for the quality of packages from Oracle.

I switched from VirtualBox to KVM at one point; as I recall a Debian
kernel upgrade broke VirtualBox and still after two weeks or so Oracle
hadn't updated their for-Debian repository with a version that
incorporated a fix. (This was the respective "stable" versions at the
time, and while I don't recall the details, the breakage made
VirtualBox useless for my use case.) I had planned to do such a
migration anyway; the breakage just somewhat forced the issue.

KVM/QEMU/virt-manager and friends perhaps aren't as streamlined for
the typical end user who just wants to quickly spin up a VM with
minimal hassle, but they are also very much more powerful if you're
willing to do a little reading. (For example, I had to do a fair bit
of digging to figure out how to get guest networking to work reliably
without turning off the host firewall.[1]) This is in line with their
respective intended usage: VirtualBox is at best a power user tool,
whereas KVM is intended for large server deployments but _can_ be used
on workstation virtualization hosts as well.

[1] 
https://michael.kjorling.se/blog/2022/linux-kvm-host-nftables-guest-networking/

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: EASY way to install packages from trixie/sid to stable?

[Alexander V. Makartsev]

On 26.10.2023 18:39, Hans wrote:

Hi folks,

is there a very easy way, if I want to install packages from trixie oder sid
into my bookworm installation?

I read about apt pinning, but as far as I understood, I have to name
explicitily each package I want to install from sid. This can be much work,
when installing a high number of packages.

I suppose, I then have also to install all dependencies of the packaes from
sid, even if they are related to the system.

In my case I wanted to install virtualbox from sid, as it has all packages
ready. However, virtualbox requires and depends also the newer gcc compiler
and some compiler libs, thus I took distance from installing for now.

At the moment I am not using pinning. My actual way of doing is

1. adding the sid repo into /etc/apt/sources.list

2. then aptitude -u

3. then searching for the required package and mark it as install (or
upgradeble

4. Then install, if wanted.

Yes, I know, pinning would be the better way, but it is very, very seldom, I
need to install something from a higher repo.

And yes, I know, mixing repos is no good idea, so I am using this only for
applications, which are using theire own libraries (or libs, they are only for
this special application).

Do you know another way, except pinning or my (weired) way?
I've always did it "the right way", by making simple backports [1] of 
required package and its selected dependencies if newer versions are 
required.
For some exotic packages this approach is not feasible, because you 
might end up with dozens of packages to backport as dependencies and 
dependencies of their dependencies.

"php", "nodejs" and "golang" to name a few tend to snowball a lot.

In your situation, it could be better to use officially distributed 
package [2] from Oracle for now.
Foreign packages like these could be installed into separate location 
like into "/opt/". This way they won't interfere with the rest of your 
system.
I don't use virtualbox (KVM does everything and more for me) so I can't 
vouch for the quality of packages from Oracle.


[1] https://wiki.debian.org/SimpleBackportCreation
[2] https://www.virtualbox.org/wiki/Linux_Downloads

--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: EASY way to install packages from trixie/sid to stable?

[tomas]

On Thu, Oct 26, 2023 at 03:39:23PM +0200, Hans wrote:
> Hi folks, 
> 
> is there a very easy way, if I want to install packages from trixie oder sid 
> into my bookworm installation?

That will depend very much on the package.

1. If you try a naive install, the package will pull in its
   dependencies. If those are very fundamental (think libc,
   for example), that will wreak havoc in your system.

   Most people will tell you not to do that (you will create
   a FrankenDebian [1], the horrors!). I have actually been
   doing that for a while. If you try:

   - be prepared to learn a lot
   - always have a plan B for the case an upgrade renders
 your system useless
   - ask here, but please, don't complain :)

2. A significantly less traumatic option would be to see whether
   the package version you are after is in backports [2]. You say
   you are on bookworm, so this [2a] would be relevant to you.

3. In case (2) fails, you can still try to build your package
   from source. Debian makes that as easy as possible for you:
   in a nutshell: download your source package, install the
   building machinery (build-essential, possibly dpkg-dev, the
   package's build dependencies, change into the package's
   "debian" subdir, and issue there the magic incantation
   "dpkg-buildpackage -uc -us" or thereabouts [3].

   Of course, that might fail, because the build dependencies
   can't be satisfied by your bookworm or something.

Of course, I left out a lot :)

Cheers

[1] https://wiki.debian.org/DontBreakDebian
[2] https://backports.debian.org/
[2a] https://backports.debian.org/bookworm-backports/overview/
[3] https://www.debian.org/doc/manuals/maint-guide/build.en.html

-- 
t


signature.asc
Description: PGP signature

EASY way to install packages from trixie/sid to stable?

[Hans]

Hi folks, 

is there a very easy way, if I want to install packages from trixie oder sid 
into my bookworm installation?

I read about apt pinning, but as far as I understood, I have to name 
explicitily each package I want to install from sid. This can be much work, 
when installing a high number of packages.

I suppose, I then have also to install all dependencies of the packaes from 
sid, even if they are related to the system.

In my case I wanted to install virtualbox from sid, as it has all packages 
ready. However, virtualbox requires and depends also the newer gcc compiler 
and some compiler libs, thus I took distance from installing for now.

At the moment I am not using pinning. My actual way of doing is 

1. adding the sid repo into /etc/apt/sources.list

2. then aptitude -u

3. then searching for the required package and mark it as install (or 
upgradeble

4. Then install, if wanted.

Yes, I know, pinning would be the better way, but it is very, very seldom, I 
need to install something from a higher repo.

And yes, I know, mixing repos is no good idea, so I am using this only for 
applications, which are using theire own libraries (or libs, they are only for 
this special application).

Do you know another way, except pinning or my (weired) way?

Oh, last but not least, I know, Oracle has its own debian-repo for virtualbox, 
but it looks somehow not well set up IMHO.

Thanks for reading this.

Best regards

Hans

 

 

Panic again

[Schwibinger Michael]

Good afternoon
Thank You for help.

I ll answer into Your email
with
+++




Von: Andrew M.A. Cater 
Gesendet: Mittwoch, 25. Oktober 2023 12:04
An: Schwibinger Michael 
Betreff: Re: AW: AW: Panic again any idea IV

On Wed, Oct 25, 2023 at 10:59:09AM +, Schwibinger Michael wrote:
> Good morning
>
> Thank You.
>
> I do booting.
> Crash.
> Bug report I did send.
>

Hi Sophie,

Thank you. You didn't really send a bug report



+++
I know.
But how can I produce a bug report
when the PC is frozen?



that we could use.
If you could write down what happens, it would help


+++
I do booting---> Crash

I do booting from HD
I interrupt booting and I do change to recobery mode
then there is DEBIAN 11.



> I do booting recovery mode
> all is fine.
>

So: you are running Debian 11.


+++
Yes.



You boot from an install medium.



I do booting from HD
like every day before.





Instead of "install", you choose "recovery mode".



Sorry no.

Morning.
I push button of PC

PC is starting

DEBIAN tried to boot.

Now I interrupt booting
change to recvery.



That works for you. Am I right so far?


Maybe.

I try to boot from HD
in the morning.



Next question:

Is this on a desktop or on a laptop - what *sort* of computer, what type?



Its a desktop PC.




> Can I check the PC using recovery mode?
>

The recovery mode looks very like an install. If you work through, then you
should eventually be asked which filesystem to mount as your main partition.

+++
I think no.

When I do chose recovery it is booting like an OK-Debian.




If you are able to mount the original root (/) partition, you may also be
able to find out any logs or error messages written to disk which may help
diagnosis of your problem.


+++
How do I mount?

When do I have to mount?




You may be asked whether you want to reinstall Grub to make the system
bootable



Then I have to say YES?



>
>
> What error message is on the screen when it fails to boot?
> Id did send it.
> I only make a screenshop with a digicam
> because the PC is frozen.
>
Sorry that wasn't readable.


++
Its made with a digicam.




>
> Does the same thing happen if you boot off a live operating system image?
> Yes.

Can you show us - maybe by using the live system to export the install
logs?


Sorry.
I dont understand.

I put LIVE CD in
I start booting.
Same crash like booting from HD.



Second question here.

Can I read out
install logs during using recovery?


Or grub?



> I tried to kill Debian by install it new with a LIVE CD.
> Same bug report.
>
>
> Have you changed anything recently?
> What did I do?
> Update to 11.
> Boot and crash.
> Now I do use recovery mode.
>
> No change in any files.
>

Last and final question for now:

Do you have anything that you *need* on this computer - any data that is
important to you?


+++
No.
I do daily backup.

 If not, I would suggest that you use a new install
medium for Debian 12 - the netinst at https://www.debian.org/index.de.html


+++
Sorry for stupid question.

Do You think
PC is accepting
LIVE CD 12
but not accepting Debian 11 LIVECD?



>
> Has someone checked that the memory is seated correctly in the slots?
> Yes.
> The hardware is fine
> also because recovery does not have a problem:
> GIMP
> Burning
> GEDIT
> CAWS

CAWS - fitness coaching???


+++
Sorry
CLAWS
email software.

(for example: https://www.trainwithcaws.com/)

> FIREFOX
> all is working fine.
>
> Thank You
> Please ask me.
>
>

All the very best, as ever,

Andy Cater
(amaca...@debian.org)
>


Regards
Sophie





>

Re: How do I connect my new wifi router (Mi Router 4C)?

[Max Nikulin]

On 26/10/2023 17:06, Martin wrote:

On Thu, Oct 26, 2023 at 09:54:22AM +0700, Max Nikulin wrote:


#!/usr/sbin/nft -f
table inet sharedconnection {}
flush table inet sharedconnection
# table ip shared connection { ... } from above


I did create FILE.conf and after executing it I can connect to internet from
my phone. THANK YOU!

Now where do I put this FILE.conf? I would like for it to run everytime
I turn on my computer.


I wrote "FILE" in caps trying to express that you can choose any name. 
Debian has /etc/nftables.conf and nft supports the "include" directive, 
see nft(8). So you may put your file to /etc or to create a dedicated 
directory, e.g. /etc/nftables.conf.d, for your settings and include your 
file from the main conf file, so it should be applied on each boot by 
nftables.service. You may put "table ip shared ..." content directly 
into /etc/nftables.conf as well, however I prefer to minimize changes in 
files provided by packages when it is possible to use additional ones.


Instead of installing dnsmasq you may specify a public dns server in 
your router settings (8.8.8.8, etc.). Or if you are sure that DNS 
configuration provided by the upstream router 192.168.0.1 is stable then 
you may use servers from DHCP lease. However having a local caching DNS 
server (dnsmasq or systemd-resolved) should not harm.


By the way, since you have dnsmasq running, you may enable its DHCP 
server (dhcp-range=192.168.231.5,192.168.231.254) and may switch mi 
router from static network configuration to DHCP.


As a final note, NetworkManager allows to create "shared" connections 
(ipv4.method). It starts dnsmasq and adds necessary firewall nat rules. 
I used it in both directions: with ethernet upstream connection to share 
wifi or to leverage 1G ethernet link to copy files between laptops while 
one of them has an active wifi connection.

Re: Seeking an sftp location to test a problem?

[john doe]

On 10/26/23 15:47, Karen Lewellen wrote:

Because shellworld is theonly such door I know of, I need a completely
objective sftp location for testing, username  and password.


Googling around would lead you to something like [1].

[1] https://www.sftp.net/public-online-sftp-servers

--
John Doe

Seeking an sftp location to test a problem?

[Karen Lewellen]

Hi folks,
Its Karen Lewellen.
Going to ask  this question carefully.
I am having a computer built, due to a combination of experiences, DOS 
remains my main system.

However I do use sftp to reach a Linux shell service called shellworld.
Recently when I type exit, or bye, to leave sftp it reboots the computer.
The person building the new machine finds the same error, which is why 
Ineed your help.
Because shellworld is theonly such door I know of, I need a completely 
objective sftp location for testing, username  and password.
This way we discover if it is tied to my clientor shellwolrd or something 
else.

Ideas please?
Thanks,
Karen who cannot spell check this email due to computerissues

Re: Report Bug

[Marco M.]

Am 26.10.2023 um 19:29:13 Uhr schrieb Kevin Freeman:

> I have a bug here that needs to be reported.

Please use the "reportbug" software for that, so it is in the bug
tracker and maintainers can find it.

> It has been present in multiple versions and still exists in Debian
> 12. The issue is related to the desktop version's Wi-Fi icon and
> driver. While I can use Wi-Fi to connect to the internet, I would
> like to have a more intuitive icon and a toggle button, similar to
> what Ubuntu offers. I hope the community experts can provide support
> or a viable solution as soon as possible.

Do you use the NetworkManager?

Report Bug

[Kevin Freeman]

Dear friend,

Hello, I have a bug here that needs to be reported. It has been present in
multiple versions and still exists in Debian 12. The issue is related to
the desktop version's Wi-Fi icon and driver. While I can use Wi-Fi to
connect to the internet, I would like to have a more intuitive icon and a
toggle button, similar to what Ubuntu offers. I hope the community experts
can provide support or a viable solution as soon as possible.

Wishing you a wonderful day.

Kevin

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Thu, Oct 26, 2023 at 09:54:22AM +0700, Max Nikulin wrote:
> On 26/10/2023 02:20, Martin wrote:
> > On Wed, Oct 25, 2023 at 07:33:52PM +0700, Max Nikulin wrote:
> > > should have something like
> > > 
> > > table ip sharedconnection {
> > >chain postrouting {
> > >  type nat hook postrouting priority srcnat; policy accept;
> > >  ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
> > >}
> > > }
> 
> "sharedconnection" is an arbitrary name. It should be chosen to not conflict
> with other applications. Actually you have nat masquerading rules created by
> docker for other interfaces. Read /usr/share/doc/nftables/README.Debian and
> choose a convenient for you way to add rules. You may add the following
> heading and may save rules to a file that may be read by either "nft -f
> FILE.conf" or just executing it.
> 
> #!/usr/sbin/nft -f
> table inet sharedconnection {}
> flush table inet sharedconnection
> # table ip shared connection { ... } from above

I did create FILE.conf and after executing it I can connect to internet from
my phone. THANK YOU!

Now where do I put this FILE.conf? I would like for it to run everytime
I turn on my computer. Is there some standard place for it - perhaps in
/etc directory? Maybe i should create some script in /etc/init.d/
directory?

Martin

Re: Domain name to use on home networks

[Michael Kjörling]

On 26 Oct 2023 05:07 -0400, from noloa...@gmail.com (Jeffrey Walton):
> I think the real unpalatable part of DNS is, most of the operators are
> US-based:

Nothing about home.arpa requires or relies on the use of DNS, and most
residential networks are probably small enough that a non-DNS setup
(such as for example using exclusively /etc/hosts distributed among
the computers involved) is entirely manageable.

RFC 8375 section 3 specifically prohibits queries for anything under
home.arpa leaking "outside the logical boundaries of the homenet".

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Domain name to use on home networks

[Michael Kjörling]

On 26 Oct 2023 10:33 +0200, from m...@dorfdsl.de (Marco M.):
>> Certainly "local." would have been one possibility, but that is
>> reserved _specifically_ for mDNS (RFC 6762) although is often
>> incorrectly used for non-mDNS names.
> 
> rfc6762

>From section 3 of that RFC:

> This document specifies that the DNS top-level domain ".local." is a
> special domain with special semantics, namely that any fully
> qualified name ending in ".local." is link-local, and names within
> this domain are meaningful only on the link where they originate. [...]
> 
> Any DNS query for a name ending with ".local." MUST be sent to the
> mDNS IPv4 link-local multicast address 224.0.0.251 (or its IPv6
> equivalent FF02::FB).

"Link local" is not the same thing as "site local". "Site local" seems
a reasonable approximation of the scope of home.arpa names; it's
certainly not implausible for a home network to have both wired and
wireless parts, hosts on which would belong to different link local
scopes.

(Yes, it is possible to run a VPN or other type of tunnel between two
geographically disparate sites both of which use home.arpa names in a
coordinated fashion with non-routable IP addresses, such that hosts in
one location are accessible from the other under their *.home.arpa
names. But that only requires coordination between the sites involved,
not global coordination.)

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Domain name to use on home networks

[Marco M.]

Am 26.10.2023 um 08:16:47 Uhr schrieb Michael Kjörling:

> Certainly "local." would have been one possibility, but that is
> reserved _specifically_ for mDNS (RFC 6762) although is often
> incorrectly used for non-mDNS names.

rfc6762

|Implementers MAY choose to look up such names concurrently via other
|mechanisms (e.g., Unicast DNS) and coalesce the results in some
|fashion.

Although, querying mDNS is mandatory for it and MAY means there is no
guarantee that unicast DNS is being used.

Re: Domain name to use on home networks

[Marco M.]

Am 25.10.2023 um 21:23:41 Uhr schrieb Stefan Monnier:

> I understand ARPA was closely related to the beginnings of the
> Internet, but...  couldn't they choose something a bit more neutral?

I don't know the exact reason for that decision, but I assume they used
it because it is already there, e.g. in-addr.arpa and ip6.arpa exist
for reverse DNS.

I dunno if DARPA still uses that domain for their own stuff.

Re: Domain name to use on home networks

[Michael Kjörling]

On 25 Oct 2023 21:23 -0400, from monn...@iro.umontreal.ca (Stefan Monnier):
>> If you go with the domain name home.arpa and an IPv4 subnet sliced out
>> of one of 192.168.0.0/16, 172.12.0.0/12 or 10.0.0.0/8, you can be
>> _almost certain_ that nothing will break because of those choices, now
>> _or_ in the future.

Aside: I realized after sending the email quoted above that I'd made a
mistake. The subnet is 172.16.0.0/12, not 172.12.0.0/12. Apologies.


> 100% agreement.
> 
> It's just such a shame that they chose a name which refers to "arpa" in
> it, which is not only US-centric but even belongs to the US's war
> department, which I find rather unpalatable.
> I understand ARPA was closely related to the beginnings of the Internet,
> but...  couldn't they choose something a bit more neutral?

As already mentioned, it has been backronymed. Also, "arpa." already
existed, and is well established for infrastructure names in DNS. For
example both IPv4 and IPv6 reverse DNS are served under the arpa zone;
in-addr.arpa and ip6.arpa respectively. To "choose something a bit
more neutral", assuming such a name could be found (it seems likely
that almost anything reasonable could match _some_ government agency
_somewhere_ and therefore be, to borrow your phrasing, "unpalatable"
to some) would mean having to register and maintain (or at the very
least reserve) a new TLD just for the purpose, which was the problem
from RFC 7788 that RFC 8375 aimed to solve. Certainly "local." would
have been one possibility, but that is reserved _specifically_ for
mDNS (RFC 6762) although is often incorrectly used for non-mDNS names.

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”