Re: netatalk not on bookworm

[john doe]

On 12/26/23 21:13, Charles Curley wrote:

On Fri, 22 Dec 2023 16:25:11 -0700
Charles Curley  wrote:


I was able to build from source per the instructions at
https://netatalk.sourceforge.io/3.1/htmldocs/intro.html et seq.,
starting with "git clone https://github.com/Netatalk/netatalk.git";.


Well, that didn't work. I got two good backups, then the Mac stopped
communicating with the server.

Now what?




Can't you increase the verbosity to debug (see [1] "./configure --help"
and [2] "debug options")?

If you rebuild from source, does it work again for a few backups (the
README file has the project mailing list)?

HTH.

[1] https://gist.github.com/SuperShinyEyes/de17c8092df2ed525930e339235d624e
[2] https://netatalk.sourceforge.io/2.0/htmldocs/afpd.conf.5.html

--
John Doe

Re: GRUB -- Debian overrides? Or maybe I just don't understand it well...

[David Wright]

On Fri 22 Dec 2023 at 11:24:22 (+), Mark Fletcher wrote:
> On Fri, 22 Dec 2023 at 01:21, David Wright  wrote:
> >
> > What sort of mess? I would have thought Grub would ignore excess
> > kernels dropped into /boot.
> [ … ]
> It saw a Debian kernel (6.1.something) on / and
> a LFS kernel (6.4.12 IIRC) on /. It
> also saw candidate root filesystems on  and  partition>. And it proceeded to cartesian join them, so I got LFS
> kernel with debian root filesystem, Debian kernel with Debian root
> filesystem, LFS kernel with LFS root filesystem (specified by
> /dev/sdc2 which the very next time it booted that disk was /dev/sda2)
> and Debian kernel with LFS root filesystem (again specified by device
> name). Obviously, only 2 of those are things I'd ever want to boot.
> And, once I saw what it had done, I kinda slapped my forehead and
> thought well yeah, how was it supposed to know not to do that...

That seems to answer my question—it's something about installation
kernels that makes Grub ignore them, rather than Debian/non-Debian.

> > I've never run LFS; what does the menuentry in grub.cfg look like?
> [ … ]
> That is AFTER my edits to replace root=/dev/sdc2 in the linux command
> line with the PARTUUID. The FS UUIDs I elided above were put there by
> GRUB. Again, Debian GRUB created this when I ran it with os_prober
> turned ON. I grabbed this and copied it to custom.cfg, made the edit
> to add the PARTUUID, then ran update-grub again with os_prober turned
> off.
> 
> Ah hold on. Maybe os_prober is what is generating this menuentry
> stanza in the first place, and grub is just using it. If that's the
> case, I was asking the wrong question in the first place. Maybe the
> question isn't why isn't grub using PARTUUID= in this situation, which
> the manual says it will, but rather why isn't os_prober doing so?

AIUI os-prober doesn't write "fancy" kernel commands lines itself:
it copies them. The scripts that write prefix30 menuentries are happy
to juggle partitions and contents because they are written with Grub's
capabilities in mind, but they can't know how those kernels will
interpret their commandline parameters beyond the most basic.

[ … ]

> I don't know how it figured out /dev/sdc2 -- on the one hand it is
> clever to have done so with no grub.cfg to tell it,

It searched partitions for bootables, and found one in /dev/sdc2
(which, as you pointed out, is not a stable name), so it wrote
  linux /vmlinuz-6.4.12-lfs-12.0-systemd root=/dev/sdc2
named after where it found the kernel. "root=/dev/sdc2" can be
understood by any linux kernel.

> on the other I
> wish it were clever enough to use PARTUUID= instead, as the
> grub-mkconfig manual implies it is.

Only /etc/grub.d/{10_linux,20_linux_xen} can generate PARTUUIDs;
/etc/grub.d/30_os-prober doesn't even contain the string "PARTUUID".

And I noticed:

  https://www.linuxfromscratch.org/lfs/view/9.0/chapter08/grub.html

says:

 "Caution

 "There is a command, grub-mkconfig, that can write a configuration
  file automatically. It uses a set of scripts in /etc/grub.d/ and
  will destroy any customizations that you make. These scripts are
  designed primarily for non-source distributions and are not
  recommended for LFS. If you install a commercial Linux distribution,
  there is a good chance that this program will be run. Be sure to
  back up your grub.cfg file."

So it seems to be assumed that LFS sysadmins should craft their own.

> That all said, the updated idea of trying 40_custom instead of
> 41_custom and thus avoiding the question of the config_directory
> variable is what I will try next.

Yes, I posted a 40_custom entry, and have never seen any advantage
in trying the 41_custom method myself.

Cheers,
David.

Re: Firefox Warning

[Jeffrey Walton]

On Tue, Dec 26, 2023 at 7:03 PM Alexander J Martinez  wrote:
>
> On Sat, Dec 23, 2023 at 06:19:33PM -0600, Mike McClain wrote:
> > On my RPI4b bookworm system as I was browsing, Firefox stopped me
> > demanding to update and I couldn't continue to use FF until I accepted
> > its demand and let it update. It did so then restarted FF at which
> > point it became almost totally unusable the menu bars had come to
> > black background with very dark grey text. I have tried
> > 'apt-get update; apt-get upgrade' hoping restore FF to usability also
> > 'apt-get reinstall firefox' with no luck.
> > FF was very difficult to read and it took hours and going back to my
> > buster install on another PI before I figured out how to get it back
> > to a usable state.
> > [...]
>
> out of curiosity...did you upgrade using
>
> sudo apt upgrade firefox-esr
> or apt-get or synaptic.
>
> I have never had FF force me to upgrade. Hope you find a fix to  your problem.

I think the OP's description is a bit overdramatic. It sounds like
Firefox was updated, and it prompted for a restart. It happens to me
on occasion when I update with the browser open. When Firefox
restarts, it reopens the previous tabs.

I find the prompt for a restart to be useful. What I've found in the
past is, Firefox updates, it did not prompt, and then website logins
stopped working. I'd rather get the prompt and avoid the unexpected
website problems.

Jeff

Re: difference in seconds between two formatted dates ...

[Charlie Gibbs]

On 2023-12-25 18:05, Jeffrey Walton wrote:


On Mon, Dec 25, 2023 at 8:43 PM Charlie Gibbs  wrote:


On Mon Dec 25 12:01:59 2023 "Andrew M.A. Cater"  wrote:


Yes - that's the obvious way. I set my machines to /etc/UTC (or
/etc/GMT) and leave them there. No daylight saving time, no offsets -
all logs unambiguous. That's why (worldwide) radio logkeeping is/was
in UTC. If you're travelling in an aircraft, you don't _need_ to know
ground time but you do need to know flight time against a reference
time. The Royal Air Force keep to UTC wherever they are in the world
for just this reason.


Not just the RAF.  All aviation works in UTC, to avoid problems when
flights cross time zone boundaries, and to keep wide-area weather
forecasts sane.  Your average airline passenger never sees UTC,
since airlines use it behind the scenes and convert it to local time
for display purposes.  (That's why you can see some strange intervals
between departure and arrival times.)


The US airlines I worked for in the late 1980s and 1990s used Zulu
time. If I recall correctly, flight arrivals and departures were
specified like 10:34Z or 23:10Z.

I don't know why Z was used instead of UTC or GMT. Probably to save
space, and save some ink if a schedule was printed.


Not to mention time, back in the days when weather data was broadcast
across networks of Baudot Teletypes running at 45 baud.


I don't know if that is still the case.


It is.  In fact, even though weather data has evolved somewhat, it is
still in a highly compressed form which, once you learn to read it,
enables you to scan a lot of data very quickly.  Here's a copy of
this hour's METARs (weather observations) and TAF (terminal area
forecast) for Vancouver, B.C.  Note the Z at the end of many times
(ddhhmmZ), although the Z is omitted if this wouldn't be ambiguous.

METAR CYVR 270300Z 08010KT 20SM SCT140 OVC160 08/05 A2998 RMK AC3AS5 SLP155=
METAR CYVR 270200Z 09007KT 20SM OVC160 08/05 A3000 RMK AC8 SLP161=
METAR CYVR 270100Z CCA 05010G15KT 25SM BKN150 BKN170 09/05 A3002 RMK 
AC5AC3 SLP168=
METAR CYVR 270100Z 05010G15KT 25SM BKN150 BKN170 09/05 A3002 RMK AC4AC3 
SLP168=


TAF CYVR 270304Z 2703/2806 09008KT P6SM FEW080 OVC160
FM271100 09012G22KT P6SM SCT040 OVC100 TEMPO 2711/2715 P6SM
-SHRA FEW020 BKN040 OVC080
FM271500 09012G22KT P6SM BKN040 OVC120
FM271800 10012G22KT P6SM BKN080 OVC150
FM272200 10012G22KT P6SM -SHRA BKN020 OVC040
FM280400 11015G25KT P6SM FEW040 SCT120 BKN200
RMK NXT FCST BY 270600Z=

--
/~\  Charlie Gibbs  |  "Some of you may die,
\ /|  but it's a sacrifice
 X   I'm really at ac.dekanfrus |  I'm willing to make."
/ \  if you read it the right way.  |-- Lord Farquaad (Shrek)

Re: APT preferring `stable` over `stable-security`

[Max Nikulin]

On 26/12/2023 23:23, Dan Ritter wrote:


https://wiki.debian.org/AptConfiguration#Be_careful_with_APT::Default-Release

(quoted entirely)


But omitting a couple of links to comments from developers that 
APT::Default-Release is deprecated.


A tool to debug issues with upgrades is

apt policy

that gives overview of configured repositories and their priority. When 
a specific package is known use


apt policy openssh-client

The

[KAMPANAT]

KAMPANAT THUMWONG

Re: Firefox Warning

[Alexander J Martinez]

On Tue, Dec 26, 2023 at 04:38:04PM -0500, Greg Wooledge wrote:
> On Tue, Dec 26, 2023 at 12:38:44PM -0600, Alexander J Martinez wrote:
> > out of curiosity...did you upgrade using
> > 
> > sudo apt upgrade firefox-esr
> > or apt-get or synaptic.
> 
> That apt command isn't valid.  "apt upgrade" does not take package
> names as additional arguments.  It upgrades ALL the packages (except
> the ones it can't).
> 
> If you want to upgrade a single packge, use "apt[-get] install pkgname"
> and note that this may mark the package as manually installed, if it's
> not already.
> 

You're correct...my bad...then it is
sudo apt-get firefox-esr

thanks,
-- 
Alexander J. Martinez

No Sound With Bookworm

[Thomas George]

Pulseaudio Volume control shows a strong signal audio output but nothing 
reaches the speakers.


This must be a well known problem but I can't find the answer.

Please help

Tom George

Re: difference in seconds between two formatted dates ...

[Greg Wooledge]

On Wed, Dec 27, 2023 at 12:39:26AM +, Albretch Mueller wrote:
>  I am getting an "Operation not permitted" error while strace tries to
> attach to that pid:
> 
>  "strace: attach: ptrace(PTRACE_SEIZE, 52527): Operation not permitted"
> 
> 
> $   ping www.google.fr -c 4 &
> pid=$!
> strace -p "$pid"
> wait "$pid"

Yeah, even on Debian systems where ping isn't setuid root, it still seems
to need special capabilities that strace interferes with, or isn't
allowed to attach to, or something.

unicorn:~$ strace -o log ping www.debian.com -c 4
ping: socktype: SOCK_RAW
ping: socket: Operation not permitted
ping: => missing cap_net_raw+p capability or setuid?

So, pick something other than ping, or run the strace as root.

Re: difference in seconds between two formatted dates ...

[Albretch Mueller]

On 12/26/23, Greg Wooledge  wrote:
> If you want to launch a SIMPLE BACKGROUND PROCESS (note the SIMPLE here,
> this is IMPORTANT), and then strace it while it runs, you'd do it like
> this:
>
> ping www.google.fr -c 4 &
> pid=$!
> strace -p "$pid"
> wait "$pid"

 I am getting an "Operation not permitted" error while strace tries to
attach to that pid:

 "strace: attach: ptrace(PTRACE_SEIZE, 52527): Operation not permitted"


$   ping www.google.fr -c 4 &
pid=$!
strace -p "$pid"
wait "$pid"
[1] 52527
strace: attach: ptrace(PTRACE_SEIZE, 52527): Operation not permitted
PING www.google.fr (64.233.185.94) 56(84) bytes of data.
64 bytes from yb-in-f94.1e100.net (64.233.185.94): icmp_seq=1 ttl=55
time=54.2 ms
64 bytes from yb-in-f94.1e100.net (64.233.185.94): icmp_seq=2 ttl=55
time=61.3 ms
64 bytes from yb-in-f94.1e100.net (64.233.185.94): icmp_seq=3 ttl=55
time=60.5 ms
64 bytes from yb-in-f94.1e100.net (64.233.185.94): icmp_seq=4 ttl=55 time=125 ms

--- www.google.fr ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 54.240/75.219/124.823/28.769 ms
[1]+  Doneping www.google.fr -c 4
$

Re: difference in seconds between two formatted dates ...

[Andy Smith]

Hello,

On Sun, Dec 24, 2023 at 11:05:53PM +, Albretch Mueller wrote:
> Why would %S be in the range second (00..60), instead of
> (00..59)?:

Remember what seems like years ago in this thread when I said that
if we're being pedantic, this is more complicated than you think,
and you scoffed that it was obvious even to a schoolchild?

Welcome to the classroom, Albretch.

Thanks,m
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Heinlein and requirements (was Re: how to clone apt repository to newest only?)

[The Wanderer]

On 2023-12-26 at 17:33, Andrew M.A. Cater wrote:

> On Tue, Dec 26, 2023 at 04:49:13PM -0500, Roy J. Tellason, Sr. wrote:

>> -- 
>> Member of the toughest, meanest, deadliest, most unrelenting -- and
>> ablest -- form of life in this section of space,  a critter that can
>> be killed but can't be tamed.  --Robert A. Heinlein, "The Puppet Masters"
>> -
> 
> Sounds like a project manager imposing random requirements :)

You want to talk about random (or not so much) requirements found in
Heinlein?

>>> A human being should be able to change a diaper, plan an
>>> invasion, butcher a hog, conn a ship, design a building, write a
>>> sonnet, balance accounts, build a wall, set a bone, comfort the
>>> dying, take orders, give orders, cooperate, act alone, solve
>>> equations, analyze a new problem, pitch manure, program a
>>> computer, cook a tasty meal, fight efficiently, die gallantly.
>>> Specialization is for insects.

I can probably do... somewhere in the range from four to ten of those,
depending on one's definitions.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: how to clone apt repository to newest only?

[Andrew M.A. Cater]

On Tue, Dec 26, 2023 at 04:49:13PM -0500, Roy J. Tellason, Sr. wrote:
> On Tuesday 26 December 2023 09:34:00 am Andrew M.A. Cater wrote:
> > Living offline is not really feasible anymore - there are too many security
> > updates needed.
> (snip)
> > Linux distributions do update and you should ideally be running the latest
> > most up to date security patches. 
> 
> I must be missing something here.  If one is running a system that's NOT 
> net-connected,  why is security so important an issue?
> 

You always have to hope that it remains not connected :)

Remembering that each point update introduces fixes which may clear
previous problems, it is always worth keeping the system up to date.

Given the inadvertent upstream kernel problems we gained during the 12.3
release which resulted in 12.4 and that we then needed 12.5 relatively
immediately to solve problems that some users had - if you'd _only_ 
had the 12.4 medium, you might have had problems which could only have
been fixed by being net connected to pick up the appropriate kernel.

Just because you have a (relatively) isolated system doesn't mean that
your system shouldn't be consistent, patched and up to date which will
allow you to be sure that known vulnerabilites have been addressed.

There's nothing like the joy of inheriting a system tucked away somewhere
that hasn't been updated or rebooted in five years and not knowing what
you might expect when logging in, what services are running or what will
happen if you have to reboot. Marginally better because you know about it
then finding the system that everything depends on is undocumented,
running on a system with dead disks in the RAID and that has just
been bounced by the unscheduled power outage when the UPS failed ..

> -- 
> Member of the toughest, meanest, deadliest, most unrelenting -- and
> ablest -- form of life in this section of space,  a critter that can
> be killed but can't be tamed.  --Robert A. Heinlein, "The Puppet Masters"
> -

Sounds like a project manager imposing random requirements :)

All the very best, as ever,

Andy Cater
(amaca...@debian.org)

> Information is more dangerous than cannon to a society ruled by lies. --James 
> M Dakin
> 

Re: how to clone apt repository to newest only?

[Charles Curley]

On Tue, 26 Dec 2023 16:49:13 -0500
"Roy J. Tellason, Sr."  wrote:

> I must be missing something here.  If one is running a system that's
> NOT net-connected,  why is security so important an issue?

Physical access, especially a multi-user system. Think a college
science lab.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: how to clone apt repository to newest only?

[Roy J. Tellason, Sr.]

On Tuesday 26 December 2023 09:34:00 am Andrew M.A. Cater wrote:
> Living offline is not really feasible anymore - there are too many security
> updates needed.
(snip)
> Linux distributions do update and you should ideally be running the latest
> most up to date security patches. 

I must be missing something here.  If one is running a system that's NOT 
net-connected,  why is security so important an issue?

-- 
Member of the toughest, meanest, deadliest, most unrelenting -- and
ablest -- form of life in this section of space,  a critter that can
be killed but can't be tamed.  --Robert A. Heinlein, "The Puppet Masters"
-
Information is more dangerous than cannon to a society ruled by lies. --James 
M Dakin

Re: Firefox Warning

[Greg Wooledge]

On Tue, Dec 26, 2023 at 12:38:44PM -0600, Alexander J Martinez wrote:
> out of curiosity...did you upgrade using
> 
> sudo apt upgrade firefox-esr
> or apt-get or synaptic.

That apt command isn't valid.  "apt upgrade" does not take package
names as additional arguments.  It upgrades ALL the packages (except
the ones it can't).

If you want to upgrade a single packge, use "apt[-get] install pkgname"
and note that this may mark the package as manually installed, if it's
not already.

Re: difference in seconds between two formatted dates ...

[Greg Wooledge]

On Tue, Dec 26, 2023 at 06:31:19PM +, Albretch Mueller wrote:
>  I think I am getting close to where I need to with this (am I?):
> 
> $ bash -c 'ping www.google.fr -c 4 &'; echo "Caller PID: $$"; strace -p $$

I don't understand what you're trying to do here.  Is this an
oversimplified example that has been so twisted and distorted that we
can't tell what the point is?

If you want to strace a ping process, just use:

strace ping www.google.fr -c 4

There is no reason to invoke a second shell, nor to run the ping process
in the background, nor to use strace on an already-started ping
process.

Even if you DID for some reason want to launch a BACKGROUND PROCESS and
the strace it, you're doing it wrong.  The $$ you reference in your
strace command is the PID of the script.  Your bash -c is a child of
the script, and your ping is a child of the bash -c (thus, a grandchild
of the script).

If you want to launch a SIMPLE BACKGROUND PROCESS (note the SIMPLE here,
this is IMPORTANT), and then strace it while it runs, you'd do it like
this:

ping www.google.fr -c 4 &
pid=$!
strace -p "$pid"
wait "$pid"

Note that there is no "bash -c".  This is IMPORTANT.  The ping process
is a direct child of the script.  That's why we can get its PID with
the $! special parameter, after launching it with & into the background.

If the thing you're trying to strace is actually a COMPLEX DAEMON that
does its own forking and shit, then this MAY NOT WORK.  You could
attempt to attach strace to the daemon's original PID, but if the daemon
forks and then commits suicide (a VERY OUTDATED design), then your
strace may be too late.  It might be trying to attach to a process
that's already dead.

If the thing you're trying to strace is a long-running daemon that
forks child process but DOES NOT kill itself, then it MIGHT work.
You'd want the "-f" option to trace all child processes as well as
the main PID.

Now, you see, we cannot tell from your "ping" or "bash -c ping" example
what it is that you're ACTUALLY trying to attach to.  What is it
REALLY?  How does it behave?  What information are you trying to
capture in your strace?

What PROBLEM are you even trying to solve?

Why are you writing a SCRIPT to solve your problem instead of running
an strace command by hand to get a one-off trace log so that you can
analyze it?

(Oh, also, just to add more bruises on the dead horse, ping is sometimes
a setuid root program.  Depends on the OS.  If it's setuid root on your
system, you might not be able to strace it without being root to start
with.)

Re: netatalk not on bookworm

[Charles Curley]

On Fri, 22 Dec 2023 16:25:11 -0700
Charles Curley  wrote:

> I was able to build from source per the instructions at
> https://netatalk.sourceforge.io/3.1/htmldocs/intro.html et seq.,
> starting with "git clone https://github.com/Netatalk/netatalk.git";.

Well, that didn't work. I got two good backups, then the Mac stopped
communicating with the server.

Now what?

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Firefox Warning

[Alexander J Martinez]

On Sat, Dec 23, 2023 at 06:19:33PM -0600, Mike McClain wrote:
> On my RPI4b bookworm system as I was browsing, Firefox stopped me
> demanding to update and I couldn't continue to use FF until I accepted
> its demand and let it update. It did so then restarted FF at which
> point it became almost totally unusable the menu bars had come to
> black background with very dark grey text. I have tried
> 'apt-get update; apt-get upgrade' hoping restore FF to usability also
> 'apt-get reinstall firefox' with no luck.
> FF was very difficult to read and it took hours and going back to my
> buster install on another PI before I figured out how to get it back
> to a usable state.
> 
> When I loaded LibreOffice calc to record stock quotes I found that
> calc had, too, inherited the same problem with the top menu bars, as
> well as the side bars and bottom status bars are black with nearly
> illegible text.
> I've not yet gotten calc straightened out.
> 
> If anyone can point me to what in the system Firefox update could have
> changed to affect other programs I'd appreciate the help.
> 
> Frankly I'm aghast at the arrogance of the FF group to force an update
> on their users and quite peeved that they would do so and screw up my
> system as well.
> 
> Merry Christmas everyone,
> Mike
> --
> Silence & smile are two powerful tools.
> Smile is the way to solve many problems
> & Silence is the way to avoid many problems.
> 

out of curiosity...did you upgrade using

sudo apt upgrade firefox-esr
or apt-get or synaptic.

I have never had FF force me to upgrade. Hope you find a fix to  your problem.

-- 
Alexander J. Martinez

Re: difference in seconds between two formatted dates ...

[Albretch Mueller]

On 12/26/23, Greg Wooledge  wrote:
> On Tue, Dec 26, 2023 at 02:57:54PM +, Albretch Mueller wrote:
>>  1) how do you set up the process to be straced as a parameter? Something
>> like:
>> prx="echo hello"
>> logfile="file.txt"
>> #
>> strace "${prx}" 2>"${logfile}"
>> ls -l "${logfile}"; wc -l "${logfile}"; cat "${logfile}"
>
> Why?  This does not appear to have any usefulness.  You're just making
> your life harder for no reason.

 Well, the way I see such my options, you could:
 1.1) parametrize a call to a function, or
 1.2) use named files for each type of strace run.
 I would rather use §1.1

> See also .

 Thank you. As you have suggested to me. I will have to use a
highlevel language if I want to take care of my "coblesome" cases. I
tend to entangle myself in corner cases for which scripts aren't so
useful.

>>  2) how do you know for sure that you are stracing the same process
>> that you are running and is logging some data?
>
> You are EXTREMELY confused about something, and we NEED to address this
> immediately.
>
> If you run "strace ./foo", a new instance of ./foo is launched right
> then and there, and you get the system call trace of THAT instance.

 Based on:

 
https://askubuntu.com/questions/137233/how-to-command-ping-display-time-and-date-of-ping/867500

 I think I am getting close to where I need to with this (am I?):

$ bash -c 'ping www.google.fr -c 4 &'; echo "Caller PID: $$"; strace -p $$
Caller PID: 45588
strace: Process 45588 attached
wait4(-1, PING www.google.fr (142.250.190.131) 56(84) bytes of data.
64 bytes from ord37s36-in-f3.1e100.net (142.250.190.131): icmp_seq=1
ttl=54 time=50.0 ms
64 bytes from ord37s36-in-f3.1e100.net (142.250.190.131): icmp_seq=2
ttl=54 time=34.7 ms
64 bytes from ord37s36-in-f3.1e100.net (142.250.190.131): icmp_seq=3
ttl=54 time=38.7 ms
64 bytes from ord37s36-in-f3.1e100.net (142.250.190.131): icmp_seq=4
ttl=54 time=40.3 ms

--- www.google.fr ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 34.735/40.952/50.048/5.628 ms



^Cstrace: Process 45588 detached
 
$

 However, strace doesn't end gracefully even though it seems to attach
to the running process  before it starts and based on what strace
itself logs, the process seems to end just fine.

Re: single quote "'" in bash xterm or lxterminal

[Mike McClain]

You guys were rigt all along, I just couldn't see it.
Greg's suggestion to try dash showed me the error of my ways.
I moved .inputrc to no.inputrc, commented out the line in
bash.environment that pulled in xterm_bindings, killed and restarted X
and sure enough I had '"' in an lxterminal window.
I moved no.inputrc back to .inputrc, killed and restarted X and still
had '"' in an lxterminal window.
I deleted half of the entries in xterm_bindings, reenabled the
statement in bash.environment, killed and restarted X and
lost '"' in an lxterminal window.
I deleted another half of the entries in xterm_bindings,
killed and restarted X and  still no '"' in an lxterminal window.
Only when xterm_bindings has no executable lines in it does it not
kill '"' in an X terminal window.
The line that pulled it in was ;
[ -n "$DISPLAY" ] && [ -f /mc/bin/xterm_bindings ] && bind -f 
/mc/bin/xterm_bindings;

Greg I have no idea when this happened xterm_bindings was started in 2011
and either I didn't notice it or it wasn't a big enough problem to
deal with. I keep tty{1-10} open all the time and X only on tty11 so
seldom use a terminal window in X.

Thanks for your help fellows and Happy Holidays,
May the new year be good for you,
Mike
--
Never ascribe to stupidity what can be explained as ignorance.

Re: APT preferring `stable` over `stable-security`

[Stefan Monnier]

>> What am I missing?
> https://wiki.debian.org/AptConfiguration#Be_careful_with_APT::Default-Release

Indeed!  Thank you!
Apparently the release notes didn't warn me loudly enough about it :-(


Stefan

Re: APT preferring `stable` over `stable-security`

[Stefan Monnier]

>> I take it this is bookworm. In that case, you also need:
>>
>> # bookworm-updates, to get updates before a point release is made;
>> # see 
>> https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
>> deb http://deb.debian.org/debian bookworm-updates main contrib non-free 
>> non-free-firmware
>> # deb-src http://deb.debian.org/debian bookworm-updates main contrib 
>> non-free non-free-firmware
>>
>> in your e/a/sources.list
>
> Oh, so that's what this new `stable-updates` was about?

Hmm... looks like it's not sufficient.
I added

deb http://deb.debian.org/debian stable-updates main

then did

apt update
apt upgrade

and it still didn't upgrade to `1:9.2p1-2+deb12u2`.
:-(


Stefan

Re: APT preferring `stable` over `stable-security`

[Dan Ritter]

Stefan Monnier wrote: 
> I noticed today that one of my machines was still running openssh
> 1:9.2p1-2+deb12u1 rather than  1:9.2p1-2+deb12u2 even though it is
> supposed to do its unattended-upgrades, so I tried a manual upgrade and
> the result was still the same.
> 
> Only after
> 
> apt install openssh-server/stable-security
> 
> did the machine get the new version :-(
> 
> The `sources.list` files says:
> 
> deb http://security.debian.org/ stable-security main
> deb http://deb.debian.org/debian stable main
> 
> and the `apt.conf` says:
> 
> APT::Default-Release "stable";
> Aptitude::CmdLine::Show-Deps "true";
> APT::Periodic::Unattended-Upgrade "1";
> 
> Which I thought was the "normal" config (modulo the use of "stable"
> instead of "bookworm") where the `stable-security` would automatically
> take precedence when applicable.  But it looks like the
> `stable-security` repository is just not used at all!
> 
> What am I missing?

https://wiki.debian.org/AptConfiguration#Be_careful_with_APT::Default-Release

(quoted entirely)

Maybe you have noticed examples like setting APT::Default-Release "stable"; or 
APT::Default-Release "bookworm";. It prevents installing security updates by 
apt upgrade, so avoid it. Instead of increasing priority of the current 
release, consider setting lower priority of added repositories through 
#apt_preferences (APT pinning). Since Debian 11 bullseye the security 
repository is labeled as stable-security and e.g. bookworm-security, so at 
least use regular expression matching all primary suites

APT::Default-Release "/^bookworm(|-security|-updates)$/";

-dsr-

Re: how to clone apt repository to newest only?

[Max Nikulin]

On 20/12/2023 13:05, 이 강우 wrote:

how to clone apt repository to newest only?


If you are asking about partial mirror then some of the following links 
might be useful:


- 
https://wiki.debian.org/DebianRepository/Setup#Debian_Repository_Mirroring_Tools

- https://www.debian.org/mirror/ftpmirror.en.html
- https://wiki.debian.org/DebianRepository/Setup
- for apt-cacher-ng:

https://www.unix-ag.uni-kl.de/~bloch/acng/html/howtos.html#howto-importiso

Re: APT preferring `stable` over `stable-security`

[Stefan Monnier]

>> The `sources.list` files says:
>> 
>> deb http://security.debian.org/ stable-security main
>> deb http://deb.debian.org/debian stable main
>
> I take it this is bookworm. In that case, you also need:
>
> # bookworm-updates, to get updates before a point release is made;
> # see 
> https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
> deb http://deb.debian.org/debian bookworm-updates main contrib non-free 
> non-free-firmware
> # deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free 
> non-free-firmware
>
> in your e/a/sources.list

Oh, so that's what this new `stable-updates` was about?
But then what's the purpose of `stable-security` now?


Stefan

Re: APT preferring `stable` over `stable-security`

[Charles Curley]

On Tue, 26 Dec 2023 11:12:01 -0500
Stefan Monnier  wrote:

> The `sources.list` files says:
> 
> deb http://security.debian.org/ stable-security main
> deb http://deb.debian.org/debian stable main

I take it this is bookworm. In that case, you also need:

# bookworm-updates, to get updates before a point release is made;
# see 
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian bookworm-updates main contrib non-free 
non-free-firmware
# deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free 
non-free-firmware

in your e/a/sources.list

You may also want backports; see the article mentioned in the stanza
above.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

APT preferring `stable` over `stable-security`

[Stefan Monnier]

I noticed today that one of my machines was still running openssh
1:9.2p1-2+deb12u1 rather than  1:9.2p1-2+deb12u2 even though it is
supposed to do its unattended-upgrades, so I tried a manual upgrade and
the result was still the same.

Only after

apt install openssh-server/stable-security

did the machine get the new version :-(

The `sources.list` files says:

deb http://security.debian.org/ stable-security main
deb http://deb.debian.org/debian stable main

and the `apt.conf` says:

APT::Default-Release "stable";
Aptitude::CmdLine::Show-Deps "true";
APT::Periodic::Unattended-Upgrade "1";

Which I thought was the "normal" config (modulo the use of "stable"
instead of "bookworm") where the `stable-security` would automatically
take precedence when applicable.  But it looks like the
`stable-security` repository is just not used at all!

What am I missing?


Stefan

Re: single quote "'" in bash xterm or lxterminal

[Max Nikulin]

On 25/12/2023 12:31, Mike McClain wrote:

In lxterminal control v displays "'" though lxterminal doesn't.


Do xterm and lxterminal behave in a similar way? Is there something 
related to xterm *VT100*translations in the output of


xrdb -query -

I am unsure if there are terminal settings and capabilities that may 
affect "'". Anyway


 echo $TERM

What happens if single quote is typed when "cat" is running?

Does behavior of bash change when it is running in "screen" or "tmux" in 
VT or in a GUI terminal application. They use different terminal types.


To check if bash receives "'" you may attach to it by "strace -p PID" 
running in another window. To get PID you may use "echo $$".


Maybe I have missed it, but it is not clear for me if you use X11 or 
Wayland. However I have no ideas specific to session type.


May it happen that you have configured some input method, e.g. iBus?

Re: difference in seconds between two formatted dates ...

[Greg Wooledge]

On Tue, Dec 26, 2023 at 02:57:54PM +, Albretch Mueller wrote:
>  1) how do you set up the process to be straced as a parameter? Something 
> like:
> prx="echo hello"
> logfile="file.txt"
> #
> strace "${prx}" 2>"${logfile}"
> ls -l "${logfile}"; wc -l "${logfile}"; cat "${logfile}"

Why?  This does not appear to have any usefulness.  You're just making
your life harder for no reason.

See also .

>  2) how do you know for sure that you are stracing the same process
> that you are running and is logging some data?

You are EXTREMELY confused about something, and we NEED to address this
immediately.

If you run "strace ./foo", a new instance of ./foo is launched right
then and there, and you get the system call trace of THAT instance.

If another instance of ./foo was already running, you do NOT get the
system call trace of that first instance.

If you WANT the system call trace of an ALREADY-RUNNING PROCESS, you
need to get its process ID (PID) and use strace's "-p pid" option to
CONNECT to the existing process and begin tracing it.

That will not give you past system calls from the already-running
process.  What's done is done.  It will only give you system calls
that are made from that point forward.

>  The way I understand the PID options of strace:
> 
>  it seems to be attaching to some already running deamon or server process.

Yes.  If that's what you want.

>  How do you make it swallow a process that would go in one step/moment?

Don't use -p.  -p connects to an existing PID.  Without -p you create a
whole new process.

>  3) I have noticed that strace output is not totally predictable, so
> "parsing" is not that safe, straightforward

It's not meant to be parsed.  It's meant to be read by YOU, as part of
your debugging or diagnostics.  You use this tool when you want information
that nothing else will give you.

The strace output is long, detailed, and difficult to understand.  It
will take some practice to learn how to interpret it.

> $ strace wget --help  2>&1 | tail -n 5
> Email bug reports, questions, discussions to 
> and/or open issues at https://savannah.gnu.org/bugs/?func=additem&group=wget.
> ) = 956
> exit_group(0)   = ?
> +++ exited with 0 +++
> $

You're talking about timing and buffering issues here.  If these are
a concern, don't use stderr.  Use strace's -o option to log the trace
to a logfile.  That way it will not intermix with the program's standard
output and standard error.

Remember that standard output, when NOT going to a terminal, is usually
buffered.  In your example there, you've got wget's output going to a pipe
(which is not a terminal), so it gets buffered.  This can cause weird
artifacts, if you were expecting each line to be visible immediately for
example.  Even worse, you've got wget's stdout and stderr, and strace's
stderr, all mixed together into a single stream, with who-knows-what
kind of buffering on each component.

Re: difference in seconds between two formatted dates ...

[Albretch Mueller]

On 12/26/23, Thomas Schmitt  wrote:
> man strace says:
>   -o filename Write the trace output to the file  filename  rather
>   than  to  stderr.
>
> So strace normally directs its output to stderr. That's file descriptor 2.
> You can redirect it by the "2>file" gesture of the shell:
>
>   $ strace echo hello 2>file
>   hello
>   $ cat file
>   execve("/bin/echo", ["echo"], [/* 35 vars */]) = 0
>   brk(0)  = 0x13ba000
>   ...
>   exit_group(0)   = ?
>   +++ exited with 0 +++
>
> Or you may use the mentioned -o option which will keep the tracee's stderr
> out of the file:
>
>   $ strace -o file echo hello
>   hello
>   $ cat file
>   ...

 three questions:

 1) how do you set up the process to be straced as a parameter? Something like:
prx="echo hello"
logfile="file.txt"
#
strace "${prx}" 2>"${logfile}"
ls -l "${logfile}"; wc -l "${logfile}"; cat "${logfile}"

 2) how do you know for sure that you are stracing the same process
that you are running and is logging some data? I had read up from the
links that I included that there are ways to make the shell spit the
process number before a process is run, but how do you then insert the
stracing segment in the one liner in order the use that process id
before the process is actually run?

 The way I understand the PID options of strace:

strace --help ...
 -p PID, --attach=PID: trace process with process id PID, may be repeated
 --tips[=[[id:]ID][,[format:]FORMAT]]: show strace tips, tricks, and
tweaks on exit
 id: non-negative integer or random; default is random
 format: none, compact, full; default is compact

 it seems to be attaching to some already running deamon or server process.

 How do you make it swallow a process that would go in one step/moment?

 3) I have noticed that strace output is not totally predictable, so
"parsing" is not that safe, straightforward

 prx="echo hello"
logfile="file.txt"
#
strace "${prx}" 2>"${logfile}"
ls -l "${logfile}"; wc -l "${logfile}"; cat "${logfile}"


$ strace file strace.wlog.txt 2>&1 | tail -n 5
write(1, "strace.wlog.txt: ASCII text, wit"..., 56strace.wlog.txt:
ASCII text, with very long lines (348)
) = 56
munmap(0x7f127f083000, 8281024) = 0
exit_group(0)   = ?
+++ exited with 0 +++

$ strace wget --help  2>&1 | tail -n 5
Email bug reports, questions, discussions to 
and/or open issues at https://savannah.gnu.org/bugs/?func=additem&group=wget.
) = 956
exit_group(0)   = ?
+++ exited with 0 +++
$

Notice the diffing "munmap(0x7f127f083000, 8281024) = 0" line
which I think comes from strace.

 lbrtchc

Re: how to clone apt repository to newest only?

[Andrew M.A. Cater]

On Tue, Dec 26, 2023 at 10:19:26PM +0900, 이강우(KangWoo Lee) wrote:
> The reason I'm asking for this feature is that
> 
> For example, I want to install the most recent packages when installing an
> OS in a specific closed network environment.
> 
> Of course, I could use a recently created DVD iso file, but I would need to
> have an internet connection to apply files that have been updated since
> this ISO was created, so I only want to copy and apply the most recent
> packages.
> 
> Is there any way to do this?
> 
> 

OK - this is a little harder to explain :)

Living offline is not really feasible anymore - there are too many security
updates needed.
.
If you really want to live in a closed network environment - you can't really
do that with DNF either. If you're using Red Hat proper, then Red Hat will
normally expect you to run an Internet connected Satellite server.

Linux distributions do update and you should ideally be running the latest
most up to date security patches. Debian produces updates pretty well
every day for one package or another. The default settings for apt in 
Debian include a line for debian-security for just this reason.

Approximately once every two months, we produce a point release for Debian
stable which will pull together package fixes and security updates up to that
point from the state of the previous point release. We do produce media that
will give you just those updates to apply to a running system - almost nobody
does this, and the update media itself is rarely, if ever, tested - it is
used by very few people, if any.

If you were installing a system today - 26th December - you could install
from the base media released as part of Debian 12.4 - but there were almost
immediate updates provided in stable-updates to deal with kernel issues, for
example.

Those wouldn't be on the media until 12.5 which is currently being discussed
to take place in February 2025. At that point, we will have new media - and
the smaller update media to allow you to update from 12.4.

The canonical way to do disconnected mirroring is to have a Debian mirror
connected to the Internet somewhere and to allow that to do daily updates.
You can then take the daily updates and gateway them into your closed network
(or disconnect the mirror from the Internet and allow it to connect to an
"internal" copy of the mirror before disconnecting the "external-allowed"
copy and reconnecting it to the Internet.)

The Debian suggested mirroring scripts use rsync and produce logs so it
is not difficult to extract daily updates.

Setting up a full Debian mirror is not particularly hard - all architectures
with a mirror of Debian CD images will fit within 6TB or so.
I wrote up some outline instructions on a blog syndicated to Planet
Debian, for example: 
http://flosslinuxblog.blogspot.com/2020/02/rebuilding-mirror-software-mirroring-of.html
 

Note, I have rearranged the addresses on this reply so that it goes first
to the debian-user mailing list. Follow up to the list, please.

With every good wish, as ever,

Andy Cater

[amaca...@debian.org]
> 
> 
> 2023년 12월 25일 (월) 오후 11:05, Andrew M.A. Cater 님이 작성:
> 
> > On Mon, Dec 25, 2023 at 12:21:29PM +, ��  wrote:
> > [Copied to the poster because they may not be subscribed]
> >
> > > how to clone apt repository to newest only?
> > > Fedora/Red Hat will organize the repository by copying only the most
> > recent packages from that distribution if you give it the "reposync
> > --newest-only" option, but Debian doesn't seem to be able to do that.
> > >
> > > What can I do?
> > >
> > >
> > Hi
> >
> > By default, apt will check the dates on the package manifests and bring you
> > up to date based on that.
> >
> > If you install from nothing then the installer will do the same assuming
> > that you have an internet connection.
> >
> > reposync is really a Red Hat ecosystem specific command, I think.
> >
> > (already answered on the list: can I suggest that you subscribe to the
> > list)
> >
> > Andy
> > (amaca...@debian.org)
> >
> >

Re: how to clone apt repository to newest only?

[Hans]

Am Dienstag, 26. Dezember 2023, 14:19:26 CET schrieb 이강우(KangWoo Lee):
Suggestion:

First of all: Not all packages on the install DVD are as new as in the repo.

So the installer is always upgrading packages during the installation process.

What you can do, is downloading all the packages you need with another debian 
system, but not 
install it.

This can be done by synaptic, aptitude or apt-get.

For example with apt-get this shoule be 

apt-get -d --reinstall install packagename1 packagename2   ...  
packagename_whatever.

Then you will find all packages below /var/cache/apt/archives/

and can copy them to the other debian system using rsync.

Now these can be installed using apt-get on the other computer.




If I remember correctly, there is also an option 

apt-get -d --reinstall install world

which would redownload, but NOT install all installed packages. 

However, of the second one I am not sure if this is working, maybe someone else 
can confirm or 
deny this.  



third suggestion:

You can create a list with all installed packages, then edit it and download 
these files with apt-
get as described above. 

However, oif you want two identical systems, and only one is connected to the 
internet and the 
other is airgapped, but connected to the first one, you can simply rsync the 
whole system to the 
other or using harrdrive cloning tools (like clonezilla or similar)





Hope this helps a little bit.


Best regards

Hans


> The reason I'm asking for this feature is that
> 
> For example, I want to install the most recent packages when installing an
> OS in a specific closed network environment.
> 
> Of course, I could use a recently created DVD iso file, but I would need to
> have an internet connection to apply files that have been updated since
> this ISO was created, so I only want to copy and apply the most recent
> packages.
> 
> Is there any way to do this?
> 
> 2023년 12월 25일 (월) 오후 11:05, Andrew M.A. Cater 님이 작성:
> > On Mon, Dec 25, 2023 at 12:21:29PM +, ��  wrote:
> > [Copied to the poster because they may not be subscribed]
> > 
> > > how to clone apt repository to newest only?
> > > Fedora/Red Hat will organize the repository by copying only the most
> > 
> > recent packages from that distribution if you give it the "reposync
> > --newest-only" option, but Debian doesn't seem to be able to do that.
> > 
> > > What can I do?
> > 
> > Hi
> > 
> > By default, apt will check the dates on the package manifests and bring
> > you
> > up to date based on that.
> > 
> > If you install from nothing then the installer will do the same assuming
> > that you have an internet connection.
> > 
> > reposync is really a Red Hat ecosystem specific command, I think.
> > 
> > (already answered on the list: can I suggest that you subscribe to the
> > list)
> > 
> > Andy
> > (amaca...@debian.org)

Re: how to clone apt repository to newest only?

[Greg Wooledge]

On Tue, Dec 26, 2023 at 10:19:26PM +0900, 이강우(KangWoo Lee) wrote:
> For example, I want to install the most recent packages when installing an
> OS in a specific closed network environment.
> 
> Of course, I could use a recently created DVD iso file, but I would need to
> have an internet connection to apply files that have been updated since
> this ISO was created, so I only want to copy and apply the most recent
> packages.
> 
> Is there any way to do this?

There are many ways, and I can't even name all of them.  I'll just
describe one way.

Assume that all of your systems are running the same release, on
the same architecture.  You might have one system (same release, same
architecture, same set of packages) that DOES have Internet access.
Maybe it's a laptop that you take to another location, or whatever.

So, periodically, you take the laptop to your grandma's house, or
whatever it is.  While there, you do an "apt-get update" and an
"apt-get dist-upgrade".  This brings in new package lists (in the
/var/lib/apt/lists/ directory), and possibly some new *.deb package
files (in /var/cache/apt/archives/).

After that's done, you bring the laptop to the isolated network.  Then
you rsync the /var/lib/apt/lists/ directory to all the other computers.
Next, you share your /var/cache/apt/archives/ via NFS, and mount it on
all of the other computers.

Finally, you do an "apt-get dist-upgrade" on all the other computers.
They'll use the lists that you copied to them, and the NFS-shared
package archive.

Once that's all done, unmount the /var/cache/apt/archives/ directory
from the other systems, and you're all set for a while.

If the laptop starts to fill up, you can do "apt-get autoclean", but
be very careful NEVER to run "apt-get clean".

Re: how to clone apt repository to newest only?

[KangWoo Lee]

The reason I'm asking for this feature is that

For example, I want to install the most recent packages when installing an
OS in a specific closed network environment.

Of course, I could use a recently created DVD iso file, but I would need to
have an internet connection to apply files that have been updated since
this ISO was created, so I only want to copy and apply the most recent
packages.

Is there any way to do this?




2023년 12월 25일 (월) 오후 11:05, Andrew M.A. Cater 님이 작성:

> On Mon, Dec 25, 2023 at 12:21:29PM +, ��  wrote:
> [Copied to the poster because they may not be subscribed]
>
> > how to clone apt repository to newest only?
> > Fedora/Red Hat will organize the repository by copying only the most
> recent packages from that distribution if you give it the "reposync
> --newest-only" option, but Debian doesn't seem to be able to do that.
> >
> > What can I do?
> >
> >
> Hi
>
> By default, apt will check the dates on the package manifests and bring you
> up to date based on that.
>
> If you install from nothing then the installer will do the same assuming
> that you have an internet connection.
>
> reposync is really a Red Hat ecosystem specific command, I think.
>
> (already answered on the list: can I suggest that you subscribe to the
> list)
>
> Andy
> (amaca...@debian.org)
>
>

Logistics vs hystereisis [was: Dealing with SPAM.]

[tomas]

On Mon, Dec 25, 2023 at 01:49:17PM +0100, Thomas Schmitt wrote:
> Hi,
> 
> to...@tuxteam.de wrote:
> > [...] (it's actually a logistic function [1]).
> > [1] https://en.wikipedia.org/wiki/Logistic_function
> > Looking forward to Yet Another Of Those Nerdy Monster Threads ;-)
> 
> Since it's happening periodically with about the same participants,
> shouldn't we rather try to model it as hysteresis ?
>   https://en.wikipedia.org/wiki/Hysteresis
>   ("Not to be confused with Hysteria.")

You do have a point there :)

Cheers
-- 
t


signature.asc
Description: PGP signature