Re: Changer le mot de passe d'une partition chiffrée
On Thu, Aug 01, 2024 at 09:44:09AM CEST, didier gaumet said: > Et pour insister sur l'avertissement de prudence contenu dans la réponse > détaillée de Michel, je pense qu'on peut aussi ajouter la ceinture aux > bretelles en opérant un remplacement par > - luksAddKey pour le nouveau password, vérification que le nouveau password > fonctionne, luksRemoveKey de l'ancien password > au lieu de > - luksChangeKey J'ajoute - lsblk pour vérifier le device où se trouve la partition chiffrée : Chez moi ça donne └─nvme0n1p3259:30 237.5G 0 part └─nvme0n1p3_crypt253:00 237.5G 0 crypt - cryptsetup luksDump pour être sûr du/des slots déjà utilisés et trouver un slot libre -- Erwan
Re: Upgrading systemd may silently break your Unstable/Sid system!; was: systemd may silently break your system!
Le 28/07/2024 à 14:28, allan a écrit : I would agree with you *if* the change had been publicized. I found the 99-sysctl.conf symlink accidentally. I removed the symlink and moved sysctl.conf to 99-sysctl.conf since the original config was not being read. This turned out to be a lousy idea since the symlink was removed with the next update, which in my case removed the original file. On Sun, Jul 28, 2024 at 6:15 AM Michael Kjörling wrote: It seems to me that if the administrator overrides a default, then the onus is on the administrator to maintain the intended effect of that override (including syntactic changes after a package upgrade), or remove the override if it's no longer relevant or useful. I also have a 99-systcl.conf which is a copy of the former /etc/sysctl.conf I juste renamed it. But in my view it is a bug to remove something else than the symlink even with the same name
Re: update system periodically
On Mon, Jul 22, 2024 at 04:06:55PM CEST, Michael Kjörling said: > On 22 Jul 2024 05:47 +0800, from cor...@free.fr: > > I have been running an old debian 11 for many days. > > is it safe to run 'apt upgrade' and 'apt update' periodically? > > for example put them into crontab. > > `apt update` (and `apt-get update`) will only update the package > database. That should be about as safe as you can get, because it will > have no impact on day-to-day use of the system. > > `apt upgrade`, `apt full-upgrade`, `apt-get dist-upgrade` and other > commands like those _can_ be risky, depending on circumstances. There > might also be legitimate reasons why you don't _want_ to upgrade right > then. > > Several possibilities for automating updates have already been > mentioned in this thread. Another that I haven't seen mentioned yet is > cron-apt; out of the box, it will download updates, send an email, but > _not_ install those updates. For me personally that's a good middle > ground. > > I would encourage you to upgrade to Debian 12, though. 11 is about to > exit mainline support. I did not see either that there are predefined systemd timers, which just wait for the right configuration to be put in /etc/apt/apt.conf.d Just see /usr/lib/apt/apt.systemd.daily for the apt configurations to use. -- Erwan
Re: [sid] update-initramfs: Generating /boot/initrd.img-6.9.9-amd64 => zstd: error 70 : Write error : cannot write block : No space left on device
Le 18/07/2024 à 08:31, Sébastien NOBILI a écrit : Bonjour, Le 2024-07-17 20:17, Gaëtan Perrier a écrit : Peut-être n'y a-t-il pas assez de place pour 3 noyaux. Je n'en ai qu'un seul. Ça fait beaucoup de place occupée pour un seul noyau, et c'est assez inhabituel. En général il y en a au moins deux : le courant et le n-1 (ou le n+1 si on n'a pas encore reboot). Ici j'ai 152M d'occupés pour deux noyaux installés : ``` $ ls /boot/vmlinuz-* /boot/vmlinuz-6.1.0-22-amd64 /boot/vmlinuz-6.1.0-23-amd64 ``` Si tu n'as réellement qu'un seul noyau installé, tu as peut-être de la place perdue quelque part… Sébastien Un vieil initrd qui traîne ? Ce sont eux qui prennent de la place, surtout s'ils ont les firmware de tous les modules (ceux des cartes graphiques en particulier)
Re: systemd-cryptsetup
Le 14/07/2024 à 11:44, Nicolas George a écrit : Erwan David (12024-07-14): You are a bit cryptic here : should it be installed or should it be removed Sorry. For me it was not installed and installing it fixed the problem. ? I am running testing without problem and systemd-cryptsetup is not installed. If I should install it I'd prefer to do it now rather than having to go through a rescue system Do you have encrypted volumes defined in crypttab? Regards, I have a "full" disk encryption as made by the installer, thus mounted in the initramfs, so it may be a little different
Re: systemd-cryptsetup
Le 14/07/2024 à 11:00, Nicolas George a écrit : Hi. In case you are running unstable or testing and it recently started blocking at boot waiting for encrypted swap or something to do with encrypted disks: Check if systemd-cryptsetup is installed. HtH You are a bit cryptic here : should it be installed or should it be removed ? I am running testing without problem and systemd-cryptsetup is not installed. If I should install it I'd prefer to do it now rather than having to go through a rescue system
Re: System time/timezone, was Re: Maximum size .bash_aliases file
Le 28 juin 2024 13:12:03 David Wright a écrit : On Wed 26 Jun 2024 at 12:50:32 (-0400), Greg Wooledge wrote: On Wed, Jun 26, 2024 at 11:25:38 -0500, John Hasler wrote: > I wrote: > > 12 Noon and 12 Midnight works. > > David Wright wrote: > > Except that The Wanderer's "strictly correct" version, M for noon, > > is out there in some pre-2008 documents. > > If you use M for noon you should use either AM or PM for midnight. That was the case in 1984¹, when they used PM, which agrees with the expression "midnight on Saturday", and with the terminology of deadlines, both of which assume that midnight belongs to the end of the day. But it's still somewhat arbitrary. By the 2000 edition, they decided to eliminate M in favour of 12 AM, presumably because of 12 PM being already established for midnight. Then, in the 2008 edition, they swapped AM and PM around, without so much as a footnote. Or... you could STOP confusing yourself and everyone around you, and use the correct, standard notation. 12:00 AM = Midnight 12:00 PM = Noon Like it or not, this is what people agreed on, decades or centuries ago. If you use this, you will be understood. If you make up your own crazy crap, you will not be. And then you risk polluting your mind with your made-up crap to the point where you can no longer remember what the correct versions are. I don't think that adopting AM/PM at 12 o'clock is some centuries-old tradition, with such a recent volte-face. The best idea is just to avoid them both. As the Chicago Manual of Style online FAQ says: "Q. To me, 12:00 is either noon or midnight, never a.m. or p.m. I keep seeing copy that says “before 12 p.m.” and I can’t convince the copywriters that this is confusing. Can you cite any rule that would clarify this once and for all? "A. Yes. Please see CMOS 9.38: “Except in the twenty-four-hour system (see 9.39), numbers should never be used to express noon or midnight (except, informally, in an expression like twelve o'clock at night). Although noon can be expressed as 12:00 m. (m. = meridies), very few use that form. And the term 12:00 p.m. is ambiguous, if not illogical.” I was taught that at school in the 1950s. It seems it got forgotten. ¹ various editions of US Government Printing Office Style Manual. Cheers, David. Seen in Japan that noon is 0:00 pm Quite logical -- Erwan David
Re: System time/timezone, was Re: Maximum size .bash_aliases file
Le 24/06/2024 à 22:38, Curt a écrit : On 2024-06-23, gene heskett wrote: A attribute the FCC forced on broadcasters as they like to see transmitter logs kept in 24 hour time. I got so used to it that when I retired in 2002, I'd been on 24 hour time for 40 years and didn't convert back to two 12 hour periods a day. The AM/PM convention. So when I say its 22:30, its 10:30 PM to the neighbors next door. Here in France I grew used to it very easily, and now the AM PM convention seems wrought with potential error. I'm sure we've crashed a space vehicle or two do to the potential for conflating the two, like we did when we mixed up miles for kilometers (or vice-versa). When my mom came to visit one time in the nineties she requested I change my alarm clock to AM PM time (it is now 15:25 here in the Gallic regions, where the weather has finally turned summery after forty days and forty nights of rain). Celsius too is only a matter of habit. 30° is hot; you don't translate anymore. It is what it is. Like a pomme is an apple and une feuille is a leaf. You can become confused, though, when filling out US forms where the birth date is written M/D/Y instead of D/M/Y, and sometimes you have to be careful not commit the silly mistake that will entrain months of delay in intricate *dédales* of the administration. AM/PM would not be so strange if between 11AM and 1 PM it was 12 AM ...
Re: Comment retrouver une IP privée perdue ?
Le 11/06/2024 à 14:14, Olivier a écrit : Pris par le temps, j'ai utilisé nmap avec une commande comme ci-après pour balayer la plage 192.168.0.0/16 et le début de 172.16.0.0/12. Le script met environ 8s pour chaque itération sur un réseau en /24. for i in $(seq 0 255); do sudo ip addr add 192.168.$i.2/24 dev eth0 sudo nmap -sn 192.168.$i.0/24 sudo ip addr add 192.168.$i.2/24 dev eth0 done Je recherche toujours un moyen pour réduire ce temps de balayage (dont je n'ose imaginer le temps d'exécution sur le réseau 10.0.0.0/8) quitte a prendre des hypothèses simplificatrices comme la présence d'une appli web de management sur le port 443. J'ai découvert l'existence d'outils comme Angry IP ou masscan mais je n'ai pas eu le temps de les tester. @Basile Un reset est effectivement une excellent idée pour récupérer une adresse par défaut et s'éviter un balayage. Dans mon cas, les équipements sont difficiles d'accès, en haut d'un mat. J'utilise en général un fping -ag on peut affiner avec un -q ou un -c 1 Si ce sont des devices qui ne répondent pas au ping, on peut regarder la table arp après ou faire une boucle avec des arping (si le device ne répond pas à un ARP WHO HAS, alors de toute façon il est injoignable) -- Erwan David
Re: Comment retrouver une IP privée perdue ?
Le 10/06/2024 à 14:27, Olivier a écrit : Bonjour, Sur un réseau, j'ai un appareil dont j'ai perdu l'IPv4 privée (rfc1918) de gestion. J'ignore aussi l'adresse du réseau, un /24 probablement, dans lequel j'avais choisi cette adresse. Je suis certain que l'appareil a une appli web de gestion qui écoute sur le port 443. Je n'ai pas communiqué avec cet appareil depuis des mois. J'utilise souvent nmap pour scanner des réseaux de petite taille mais ici la plage à balayer est immense. Comment déterminer le plus vite possible l'adresse de gestion de mon appareil ? Slts Humm une écoute des requêtes ARP sur le réseau physique où la machine est branchée ? -- Erwan David
Re: Souci de montage avec pcloud.com
Le 06/06/2024 à 11:38, Pierre Meurisse a écrit : Bonjour, je suis abonné à https://www.pcloud.com et je rencontre des difficultés avec le montage proposé. Avec la version web, firefox, https://my.pcloud.com, en utilisant le bouton "Téléversement", le fichier IMGtest.tar de 86 Mo est téléchargé en quelques secondes. Si par contre je lance l'application pcloud fournie, elle me crée bien le montage : pCloud.fs 500G138G 363G 28% /home/pier/pCloudDrive mais l'instruction : cp -iv pierh/tar_gz/IMGtest.tar pCloudDrive/ ne charge qu'une vingtaine de Mo en 5 minutes Par contre une instruction comme pier@msi~/pCloudDrive% find . -maxdepth 1 -type d ! -name "." -exec du -hs {} \; fonctionne très bien. Il s'agirait donc d'un pb d'upload vers pCloudDrive. Tout fonctionnait convenablement depuis il y a environ un mois. Je suis sur debian stable à jour. J'ai bien sûr contacté supp...@pcloud.com. Ils m'ont fait faire des tas de tests et de réglages, j'ai téléchargé la dernière version de pcloud mais rien à faire. Nous finissons par nous demander le souci ne vient pas du côté de debian, par exemple depuis la dernière maj du noyau. Je me tourne donc vers vous pour essayer de trouver une éventuelle solution. Merci d'avance pour les éclairages que vous pourrez apporter. Je vois que pcloud supporte le protocole webdav (https://www.clubic.com/stockage-en-ligne/pcloud/tutoriel-468081-comment-acceder-a-pcloud-via-webdav.html) peut-être essayer via un client webdav comme cadaver, rclone ou davfs2 ? Déjà voir si le problème vient de leur client -- Erwan David
Re: sudo echo 1 > /proc/sys/net/ipv4/ip_forward [was: How to run automatically a script as soon root login]
Le 13/05/2024 à 19:45, Stefan Monnier a écrit : $ su - Password: # echo 1 > /proc/sys/net/ipv4/ip_forward # ^D logout $ I don't need no stinkin' sudo :-) And if you only have `sudo`, but not the root password, of course: % sudo zsh -l # echo 1 > /proc/sys/net/ipv4/ip_forward # ^D logout % Stefan sudo -i will do the job instead of sudo zsh -l
Re: How to run automatically a script as soon root login
Le 13/05/2024 à 15:03, Richmond a écrit : Erwan David writes: Le 13/05/2024 à 14:36, Richmond a écrit : I was experimenting, and found this works: sudo xterm -e "echo 1 > hello" It created a file owned by root. But I found I was able to remove it without being root even though group and world permissions were read only. thats because sudo exceutes a xterm as root then this xterm executes a shell (as root) and this root shell does the redirection. Yes, but why did it allow me to delete the file? I was not root then. Try it. as said Dan Ritter : the owner of the directory can delete any file inside the directory. (see a directory as a special file containing pairs (name,file place on the disk). Deleting a file is just removing the pair from the directory, thus it is editing the directory, not the file. -- Erwan David
Re: How to run automatically a script as soon root login
Le 13/05/2024 à 14:36, Richmond a écrit : I was experimenting, and found this works: sudo xterm -e "echo 1 > hello" It created a file owned by root. But I found I was able to remove it without being root even though group and world permissions were read only. thats because sudo exceutes a xterm as root then this xterm executes a shell (as root) and this root shell does the redirection. -- Erwan David
Re: How to run automatically a script as soon root login
Le 13/05/2024 à 13:48, Mario Marietto a écrit : --> If they only want this thing to happen when root logs in directly on a console or ssh, then .profile may indeed be the correct answer. Yes,I don't need to run xorg and a desktop environment,since warp-cli disconnect and warp-cli connect do not require them. I wouldn't to login as root automatically,but I've realized that this command : echo 1 > /proc/sys/net/ipv4/ip_forward work only if I'm root. It does not work using sudo. So,in the end I've chosen to be root instead of a normal user that can use sudo. For this it is sufficient to use /etc/sysctl.conf You find in the file shipped by debian # Uncomment the next line to enable packet forwarding for IPv4 #net.ipv4.ip_forward=1 So you just have to uncomment and it will be done at boot time. (You have the ipv6 equivalent in the same file, if needed) -- Erwan David
Re: time_t transitions in testing
Le 03/05/2024 à 07:11, songbird a écrit : songbird wrote: ... the on-going time_t transitions may be causing some packages to be removed for a while as dependencies get adjusted. i've currently not been doing full upgrades because there are many Mate packages that would be removed. i decided to see what i could get upgraded tonight and have done it in layers. mainly i wanted to make sure that anything removed was being replaced and that my desktop would still be usable and that seems to have happened. so far it seems to have gone well but i'm on the last 400 packages (it takes me a bit to download since i'm not on a super-fast connection). with how things have gone so far i don't expect any hiccups. i Debian and testing aka trixie. :) thanks to all in the Debian community who have gotten this done. songbird Doing regular upgrades, checking what is removed, what is installed, waiting when situation is complex leads me to a perfectly working trixie. That's a good work from the team doing the transition. As always in testing, one must be careful (and I woul stringly advise against auto-upgrades...), but when a little attention and sometimes patience, it works. -- Erwan David
Re: recent Trixie upgrade removed nfs client
On Tue, Apr 30, 2024 at 03:51:01PM CEST, Gary Dale said: > I'm running Trixie on an AMD64 system. > > Yesterday after doing my usual morning full-upgrade, I rebooted because > there were a lot of Plasma-related updates. When I logged in, I found I > wasn't connected to my file server shares. I eventually traced this down to > a lack of nfs software on my workstation. Reinstalling nfs-client fixed > this. > > I guess I need to pay closer attention to what autoremove tells me it's > going to remove, but I'm confused as to why it would remove nfs-client & > related packages. > > This follows a couple of previous full-upgrades that were having problems. > The first, a few days ago, was stopped by gdb not being available. However, > it installed fine manually (apt install gdb). I don't see why apt > full-upgrade didn't do this automatically as a dependency for whatever > package needed it. > > The second was blocked by the lack of a lcl-qt5 or lcl-gtk5 library. I can > see this as legitimate because it looks like you don't need both so the > package manager lets you decide which you want. > > Not looking for a solution. Just reporting a spate of oddities I've > encountered lately. > Trixie is undergoing major transitions. You must be careful and check what each upgrade will want to uninstall, but it is normal for a "testing" distribution. In those cases I use the curses interface of aptitude to check which upgrade will remove another package that I want, and limit my upgrades to the one that do not break my system. Usually some days later it is Ok (sometimes week for major transitions) -- Erwan
Re: [HS] Lynx
Le 30/04/2024 à 12:06, Sébastien NOBILI a écrit : Le 2024-04-30 11:45, Marc Chantreux a écrit : Ah non! le chrome est au navigateur web ce que le decorateur est a une appli X: une zone totalement inutile qui t'es pourtant imposé en permanence. en gros ce que je veux c'est l'équivalent du mode plein écran (ou seule la page web est visible) mais dans 1 fenêtre. Tu as essayé userChrome.css dans Firefox ? (https://www.userchrome.org/) J'ai une interface vraiment minimaliste ici : pas de barre d'onglets et le plugin Tab Stash pour gérer (et remiser) mes onglets. Sébastien Bien trop complexe pour qui n'est pas un développeur web. -- Erwan David
Re: [HS] Lynx
Le 30/04/2024 à 07:55, Alex PADOLY a écrit : Bonjour à tous, Quel est l'intérêt aujourd'hui de navigateurs de type Lynx? Merci pour vos contributions. Lire cette putain de doc en HTML dans le paquet pour un soft qui doit tourner sur un serveur qui ne fait pas tourner de session graphique. -- Erwan David
Re: LibreOffice removed from Debian
Le 17/04/2024 à 15:26, Brad Rogers a écrit : On Wed, 17 Apr 2024 15:12:39 +0200 Vincent Lefevre wrote: Hello Vincent, Is there any reason why LibreOffice has been removed from Debian??? https://tracker.debian.org/pkg/libreoffice Has all the info you need, and more. Expect it to be removed from testing, too. This is not permanent. What scares me is seeing part of 18 ongoing transition, and 4 "coming soon transitions" with "please do not upload if it is not related to the transition".
Re: How does the 64bits time_t transition work?
Le 20/03/2024 à 09:09, Marco Moock a écrit : Am 20.03.2024 um 08:22:16 Uhr schrieb Detlef Vollmann: It currently has "871 not upgraded" and it's nearly impossible to install new packages. The libs will have a suffix of t64, so you need to use dist-upgrade to upgrade the packages if they depend on the t64 libs. Although, carefully read what it wants to remove. If it wants to remove packages you need, don't hit y. Then upgrade the packages manually and look which package creates dependency problems. Since I begin to have this in tetsing : and what should we do when a package tries to remove other (except wait) ? eg, now in testing upgrading nextcloud-desktop would remove plasma-discover, and fwbuilder would remove cups. -- Erwan David
Re: Question about what package to report bug
Le 06/03/2024 à 18:19, ke6jti a écrit : Hi, I have a possible kernel regression for a usb-dvb tuner card. I know the error in dmesg points to kernel : au0828 but I am not sure what package this belongs to. I think it belongs to v4l(video for linux) but I am still not sure what specific v4l package. Thanks for you help. apt-file shows au0828.ko comes in the linux-image-* packages. So report the bug for the one you use.
Re: Timer doing apt update
Le 20/02/2024 à 12:46, Andy Smith a écrit : Hi, On Tue, Feb 20, 2024 at 08:52:09AM +0100, Erwan David wrote: I use KDE, and I do not know wether discover does an update by itself. I do not thind any setting about this I think it is very likely that KDE has an equivalent to GNOME, which does the equivalent of "apt update" every day and then notifies you about available package upgrades. Thanks, Andy Yes, and it seems to be plasma-discover. But I do noit find how to configure it NOT to update package list automatically. A systemctl --user list-units '*discover*' gives UNIT LOAD ACTIVE SUB DESCRIPTION app-org.kde.discover-5f3c6a37712a431b929cbe82aa9555dc.scope loaded active running Discover - Logithèque app-org.kde.discover.notifier@autostart.service loaded active running Discover a list-unit-files says the service is generated. I did nit find from what it os generated. There is /etc/xdg/autostart/org.kde.discover.notifier.desktop which ends in Exec=/usr/lib/x86_64-linux-gnu/libexec/DiscoverNotifier Icon=system-software-update Type=Application NoDisplay=true X-KDE-autostart-phase=1 OnlyShowIn=KDE DiscoverNotifier comes form the plasma-discover package The pacakge contains a /usr/bin/plasma-discover-update binary, whose name appears in DiscoverNotifier binary... I'll try looking this way. I would have preferred being able to disable it (especially because it shows me a systray indication when there are upgradable packages) but if it is not possible I can remove it (it won't remove the meta-packages of the DE)
Re: Timer doing apt update
Le 20/02/2024 à 01:58, Andy Smith a écrit : Hi, On Mon, Feb 19, 2024 at 08:35:18PM +0100, Erwan David wrote: Sorry il was packagekit, I made a mistake while writing. If it's packagekit then isn't it going to be some part of your desktop environment? Which desktop environment are you using? GNOME will download updates and prompt you to install. To disable this open "GNOME software",m burger menu, "Update Preferences". The default behaviour of GNOME Software is to only download upgrades when on an unmetered connection so if you are using GNOME and this is what is happening, then as Max says telling NetworkManager that your connection is metered should stop it. I disable the timers, thanks I don't think it's any of the systemd timers or unattended-upgrades. Thanks, Andy I use KDE, and I do not know wether discover does an update by itself. I do not thind any setting about this -- Erwan David
Re: Timer doing apt update
Le 20/02/2024 à 03:20, Max Nikulin a écrit : On 20/02/2024 02:35, Erwan David wrote: Le 19/02/2024 à 18:00, Max Nikulin a écrit : systemctl disable --now apt-daily.timer apt-daily-upgrade.timer Perhaps it is possible to write a script that will respect connection.metered property set by NetworkManager. I disable the timers, thanks To avoid confusion, these timers are from the apt package, not from unattended-upgrades. So they are active on most Debian hosts. Desktop environments may display notifications after actions initiated by these timers. Likely desktop environments may do more, e.g. to query GNOME application shop for updates and initiate more frequent updates. I'll have a look at connection.metered Out of curiosity I have queried https://codesearch.debian.net. It seems, apt has no notion of metered connection. Perhaps the effect can be achieved by adding to unit configuration some Condition* mentioned in systemd.directives(7) https://stackoverflow.com/questions/43228973/detect-if-current-connection-is-metered-with-networkmanager busctl get-property \ org.freedesktop.NetworkManager \ /org/freedesktop/NetworkManager \ org.freedesktop.NetworkManager Metered It would also require to configure NetworkManager to set this correctly. Eg When I use USB tethering. (same NetworkManager connexion may be used at different places, without any way to simply detect this, when you do not use Wifi) -- Erwan David
Re: Timer doing apt update
Le 19/02/2024 à 18:00, Max Nikulin a écrit : On 19/02/2024 14:35, Erwan David wrote: After each boot, the equivalent of apt update is automatically done in background, through policykit (apt database is locked by policykitd). So I think there is a timer triggroing this. I'd like to disable this when my laptop is on expensive link (eg 4G link, or abroad). So I'd like to disable this timer, but I did not find it. If someone knws better than me... Perhaps I missed something since I have no idea why policykit (or polkit?) is involved. You may disable apt timers systemctl disable --now apt-daily.timer apt-daily-upgrade.timer Perhaps it is possible to write a script that will respect connection.metered property set by NetworkManager. Sorry il was packagekit, I made a mistake while writing. I disable the timers, thanks I'll have a look at connection.metered
Timer doing apt update
Hello, After each boot, the equivalent of apt update is automatically done in background, through policykit (apt database is locked by policykitd). So I think there is a timer triggroing this. I'd like to disable this when my laptop is on expensive link (eg 4G link, or abroad). So I'd like to disable this timer, but I did not find it. If someone knws better than me... -- Erwan David
Re: Revenir à la présentation précédente modififier Grub
Le 24/01/2024 à 11:36, Simeone Dominique a écrit : Bonjour, j'avais Debian 10 avec deŭx autres linŭx aŭxquels je pouvais accéder au démarrage. J'ai intsllé Debian 11 et le nouveau grub me propose uniquement Debian. Comment en ligne de commande revenir à la présentation de mes trois systèmes d'exploitations? Debianement votre. Mr.Dominique Simeone Peut-être faut-il réactiver os-prober. Sur les debian récentes, update-grub ne cherche pas les autres OS sur le disque. C'ets une configuration à ajouter. Je ne sais plus comment mais ça devrait permettre de retrouver -- Erwan David
Re: Désactiver le contrôle de la mémoire eMMC durant le boot
Le 28/12/2023 à 08:51, Olivier a écrit : Bonjour, J'ai un PC Acer Swift1 acheté en 2019 avec une mémoire flash 64Go et un emplacement M.2 Sata libre. Il y a quelques semaines, l'ordinateur (sous Win10) a refusé de démarrer car il ne trouvait plus de media pour le faire. J'ai installé une carte M.2 Sata dans l'emplacement libre et j'ai installé Bookworm dessus. Maintenant, le PC démarre correctement avec le bémol suivant: il m'affiche la mémoire flash est erronée (bad block). Comment faire pour conduire Debian à ne pas analyser au démarrage le mémoire eMMC? Outre la suppression des messages d'erreur, l'arrêt du test ferait gagner quelques secondes inutilement passées à tester un élément qui n'est pus utilisé. Le fichier /etc/fstab ne contient aucune référence à la mémoire flash (/dev/mmcblk0). Slts Peut-être qu'l est possible de la désactiver dans le BIOS/UEFI du PC, du coup elle ne serait plus visible de l'OS et donc a priori plus vérifiée
Re: Mails dans corbeille Debian-12
Le 19/12/2023 à 17:38, ajh-valmer a écrit : Bonsoir à tous, Spamassasin dépose les très nombreux mails-spams directement dans la corbeille de mon MUA, précédés de *** SPAM ***. La corbeille sous Debian est dans /home//.local/share/Trash/". Je souhaite que ces mails *** SPAM *** aillent automatiquement dans le répertoire "/dev/null". Comment puis-je le faire ? Bonne soirée, A. Valmer J'ai l'impression que tu confonds la corbeille de ton MUA et la corbeille des surcouches du FileSystem. ça n'a rien à voir parceque la corbeille de ton MUA est une boite aux lettres et la corbeille FileSystem un répertoire contenant des fichiers. -- Erwan David
Re: Problem between kernel 6.5.0-5 (testing) and Realtek NICs ?
Le 06/12/2023 à 16:44, Erwan David a écrit : Le 06/12/2023 à 15:55, Erwan David a écrit : After upgrade to 6.5.0-5 (a 6.5.13 kernel in testing), impossible to use the laptop when Realtek card present (in dock). it boots, sddm works but anything which tries to access networking (even the ip command) is then blocked It could be the same problem as in https://discussion.fedoraproject.org/t/kernel-6-5-12-or-later-on-fedora-39-broken-network-on-lenovo-t570/97586/18 I'll try installing the realtek-formware package, but the fedora discussion does not give much hope... Ok, it works with firmware-realtek package, from the non-free-firmware section (which should be added in /etc/apt/sources.list if not already present) SO, it worked yesterday (but I booted in recovery mode) not today. I'll have to do a reportbug for a non running kernel...
Re: Problem between kernel 6.5.0-5 (testing) and Realtek NICs ?
Le 06/12/2023 à 15:55, Erwan David a écrit : After upgrade to 6.5.0-5 (a 6.5.13 kernel in testing), impossible to use the laptop when Realtek card present (in dock). it boots, sddm works but anything which tries to access networking (even the ip command) is then blocked It could be the same problem as in https://discussion.fedoraproject.org/t/kernel-6-5-12-or-later-on-fedora-39-broken-network-on-lenovo-t570/97586/18 I'll try installing the realtek-formware package, but the fedora discussion does not give much hope... Ok, it works with firmware-realtek package, from the non-free-firmware section (which should be added in /etc/apt/sources.list if not already present) -- Erwan David
Problem between kernel 6.5.0-5 (testing) and Realtek NICs ?
After upgrade to 6.5.0-5 (a 6.5.13 kernel in testing), impossible to use the laptop when Realtek card present (in dock). it boots, sddm works but anything which tries to access networking (even the ip command) is then blocked It could be the same problem as in https://discussion.fedoraproject.org/t/kernel-6-5-12-or-later-on-fedora-39-broken-network-on-lenovo-t570/97586/18 I'll try installing the realtek-formware package, but the fedora discussion does not give much hope... -- Erwan David
Re: Systemd timer and sleeping laptop
Le 20/11/2023 à 13:10, Greg Wooledge a écrit : On Mon, Nov 20, 2023 at 12:48:24PM +0100, Erwan David wrote: What happens when a timer should have been triggered at a time the computer was sleeping ? systemd.timer(5): OnCalendar= [...] When a system is temporarily put to sleep (i.e. system suspend or hibernation) the realtime clock does not pause. When a calendar timer elapses while the system is sleeping it will not be acted on immediately, but once the system is later resumed it will catch up and process all timers that triggered while the system was sleeping. Note that if a calendar timer elapsed more than once while the system was continously sleeping the timer will only result in a single service activation. Thanks, I was looking at the wrong place. -- Erwan David
Systemd timer and sleeping laptop
Hello, What happens when a timer should have been triggered at a time the computer was sleeping ? I see that wit Persitent=true it is triggered at restart when it should have been triggered when the computer was off, but in case of sleep (or deeep sleep) the timer unit is not restarted, so what happens ?
Re: Password managers
Le 13/11/2023 à 15:11, Klaus Singvogel a écrit : Erwan David wrote: Note that you may have less dependencies with kpcli (a cli client for keepass password files) I always was peering at kpcli. Do you have any experience switching between the CLI (kpcli) and the GUI (keepassxc) version frequently? Is this flawless possible to switch from the one to the other and back, or is it something which can't easily to be done? Thanks in advance. Best regards, Klaus. That was a bad idea : lokking closer I see that kpcli does not support the latest keepass file format (v4) -- Erwan David
Re: Password managers
Le 12/11/2023 à 16:53, Michael Kjörling a écrit : On 12 Nov 2023 22:07 +0700, from maniku...@gmail.com (Max Nikulin): Having system booted from Debian Live image (assume some disaster), how many packaged have to be installed to get access to passwords stored by KeePassXC? I don't know about Debian Live images, but from an up-to-date install of my _very_ minimal VM setup (Bookworm with only the standard and ssh-server tasks installed), "apt-get install keepassxc" pulls in 142 packages totalling about 91 MB of downloads. Many of those packages are fairly obviously generally GUI-related and not directly related to KeepassXC specifically, so on a live image, which already has a GUI, it would be much less. Note that you may have less dependencies with kpcli (a cli client for keepass password files)
Re: Délai de 25 secondes
Le 09/11/2023 à 11:34, Seb a écrit : Bonjour ! J'ai installé hier une Debian 12 en remplacement d'une Debian plus ancienne. C'est une installation à partir de zéro, pas une mise à jour. Mon gestionnaire de fenêtres est fvwm. Lorsque je lance pavucontrol (ou xdaliclock, ou firefox), il s'écoule 25 secondes avant qu'une fenêtre ne s'ouvre. Et dans la Debian précédente, j'avais remarqué le même délai avec firefox depuis quelques mois seulement. Je n'ai pas souvenir que pavucontrol ou xdaliclock ait posé le même problème dans la Debian que j'utilisais précédemment. Les autres programmes s'ouvrent sans délai (gimp, brave-browser, okular, etc.). Quand j'appelle "strace pavucontrol", les messages cessent de défiler en arrivant à la dernière des lignes copiées-collées ci-dessous : [...] eventfd2(0, EFD_CLOEXEC|EFD_NONBLOCK) = 11 futex(0x55c3de03dba0, FUTEX_WAIT_PRIVATE, 2, NULL) = -1 EAGAIN (Resource temporarily unavailable) futex(0x55c3de03dba0, FUTEX_WAKE_PRIVATE, 1) = 0 write(10, "\1\0\0\0\0\0\0\0", 8) = 8 futex(0x55c3ddf73278, FUTEX_WAKE_PRIVATE, 1) = 1 poll([{fd=11, events=POLLIN}], 1, 25000 Sitôt le délai (25000) passé, pavucontrol s'ouvre. Auriez-vous une idée de ce qui cause cet arrêt temporaire, ou du moins d'une direction dans laquelle chercher ? Merci pour vos conseils ! Seb. Là il attend un évènement sur le file descripteur 11, il faudrait repérer au dessus un appel open (ou nom approchant) que retourne 11 pour voir à quelle ressource ça correspond
Re: Domain name to use on home networks
Le 27/10/2023 à 18:45, John Hasler a écrit : Erwan writes: Here are the first lines of 'man domainname" : That doesn't help very much with no hint as to what NIS is and that it isn't relevant to DNS. it is said later in the man Don't use the command domainname to get the DNS domain name because it will show the NIS domain name and not the DNS domain name. Use dnsdomainname instead. See the warnings in section THE FQDN above so for someone who do not know NIS it seems clear that "domainname " is for something else.
Re: Domain name to use on home networks
Le 27/10/2023 à 18:30, gene heskett a écrit : On 10/27/23 11:45, Greg Wooledge wrote: On Fri, Oct 27, 2023 at 11:25:00AM -0400, gene heskett wrote: Not a systemd luver nor expert. Someone suggested that if I was using dotted names, then I should edit (as sudo) /etc/hostname which I have now done t add the FQDN name of coyote.home.arpa. You should undo that. There's no reason to switch your philosophy at this point. I did not say that you SHOULD use hostnames with dots in them. I said that SOME PEOPLE use hostnames with dots in them, and that IF you are one of those people, there's an extra step to perform. I don't have any idea how this was so misunderstood. . Confusing, miss leading man pages are a lot of it. If the domainname command is only for NIS systems, whatever the hell that means, the first line of the man page should plainly state VALID FOR NIS SYSTEMS ONLY. Cheers, Gene Heskett. Here are the first lines of 'man domainname" : HOSTNAME(1) Linux Programmer's Manual HOSTNAME(1) NAME hostname - show or set the system's host name domainname - show or set the system's NIS/YP domain name
Re: Domain name to use on home networks; was: Bookworm:NetworkManager
Le 25/10/2023 à 03:47, David Wright a écrit : On Mon 23 Oct 2023 at 12:06:05 (+0200), Christian Groessler wrote: On 10/23/23 07:29, Jeffrey Walton wrote: On Mon, Oct 23, 2023 at 1:24 AM ghe2001 wrote: How about a /29 or so, named "here.", hosts named 2 or 3 letter abbreviations of what you call the computers, with unroutable IPs, DNS'ed in /etc/hosts (with shortcuts). Whatever you come up with for , ICANN can add to the gTLD namespace; see <https://icannwiki.org/Brand_TLD>. Just register a daomain and use that. That costs money, and I can't see the point when there are TLDs that are perfectly safe already available, like .home.arpa, and before that, .{corp,home,mail}. Cheers, David. Or if you already have a domain, you can use a subdomain. eg. I have rail.eu.org, and at home it is depot.rail.eu.org -- Erwan David
Re: imposer une IP à une seconde carte réseau
Le 17/10/2023 à 21:20, Alex PADOLY a écrit : Dans mon cas, cela ne fonctionne pas, je vais reprendre la proposition de Nospam '' Bonsoir sudo ip a add dev sudo ip a -6 add dev # pour une ipv6 L'interface doit être up sudo ip link set up '' Je vais adapter cette solution pour éditer sous root un cron qui effectuer une tâche à chaque démarrage du serveur, cela devrait donner ceci : /*|@reboot |ip a add dev */ Je testerai demain. Merci et bonne soirée! Le 2023-10-17 19:41, Frédéric MASSOT a écrit : Le 17/10/2023 à 15:34, Alex PADOLY a écrit : Bonsoir à tous, Cela fonctionne, le problème, c'est que l'on doit ressaisir cette commande à chaque redémarrage du serveur. Le serveur ltsp nécessite une seconde carte réseau ayant une adresse IP spécifique. Avez-vous une idée pour imposer cette adresse fixe à chaque redémarrage du serveur. Le fichier "/etc/network/interfaces" est là pour ça. Qu'est-ce qui ne marche pas ? Pouvez-vous donner ce fichier ?
Re: Configuration inn
Le 17/10/2023 à 17:05, BERTRAND Joël a écrit : Bonjour à tous, Je tente la configuration d'inn (parce que depuis que le service chez Nerim a été laissé en déshérence, je fais avec celui de free.fr qui est à peine mieux...) et il y a un point que je ne comprends pas bien. inn est censé se connecter à d'autres serveurs usenet mais comment les trouve-t-il ? Je n'ai rien vu dans la configuration du serveur à ce sujet (ou ça m'a échappé, ce qui est possible). De la même manière, comment les autres serveurs usenet vont savoir qu'il y a un serveur inn sur mon infrastructure ? Un genre de p2p ? Bien cordialement, JKB Il faut que tu trouves des "peers" avec qui tu vas échanger des messages, que tu te mettes d'accord avec leurs administrateurs pour ces échanges. De mémoire dans inn ça se configure dans le fichier innfeed.conf (mais ça fait TRÈS longtemps que je n'ai pas regardé INN) -- Erwan David
Re: Does debian installer use volume names for LVM?
Le 15/10/2023 à 10:32, Max Nikulin a écrit : I am curious if debian installer uses volume names in /etc/fstab when LVM is involved (either guided or manual partitioning). In guided partitionning, it uses the /dev/mapper name : here is what the installer put in the fstab of my laptop (/boot and /boot/efi outside lvm, encrytted lvm for / and swap) # /dev/mapper/maine--ocean--vg-root / ext4 errors=remount-ro 0 1 # /boot was on /dev/nvme0n1p2 during installation UUID=6657c315-cc1f-4727-adac-2997c8a34b5b /boot ext2 defaults 0 2 # /boot/efi was on /dev/nvme0n1p1 during installation UUID=8C47-97E7 /boot/efi vfat umask=0077 0 1 /dev/mapper/maine--ocean--vg-swap_1 none swap sw 0 0
Too much log for sudo.
I use a script to run borg backup. For it to be able to backup files that only root may read, i use sudo --preserv-env=BORG_REPO,BORG_PASSPHRASE. However I see that in the logs the VALUE of the env variable is loggued. How to change this ?
Re: Letting Windows go: scanning
Le 21/09/2023 à 23:15, Tom Browder a écrit : On Thu, Sep 21, 2023 at 08:30 Erwan David wrote: ... I have a HP LaserJet Pro MFP m125nw, installing it through hplip, It is seen on network by xsane and I can scan. Just have to install a binary blob each time hplip is upgraded, but it is rather straightforward Where do you find the "blob?" I've seen reference to it but haven't yet found it. Thanks. -Tom Throug hp-septup or the systray app, or just when xsane needs to access the scanner, it asks you to install and you can just say "install it from hp server", and it works
Re: Letting Windows go: scanning
Le 20/09/2023 à 19:17, Timothy M Butterworth a écrit : On Wed, Sep 20, 2023 at 1:11 PM Michael Kjörling <2695bd53d...@ewoof.net> wrote: On 20 Sep 2023 12:06 -0500, from tom.brow...@gmail.com (Tom Browder): > One major thing I use my windows host for is using my HP multifunction > laser printer to scan to pdf to save locally. I have just installed > gscan2pdf and sane but I am still missing something. > > I have tried printing docs from LibreOffice and it sees my networked > printer and prints just fine. > > So how can I get my Debuian host to see and use the scanner part? When I used to use HP MFD's I used to have to connect to it with USB to get scanning. I do not know if network scanning is now supported or not. "HP multifunction laser printer" would still encompass a fair number of products. Can you be more specific? -- Michael Kjörling https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?” I have a HP LaserJet Pro MFP m125nw, installing it through hplip, It is seen on network by xsane and I can scan. Just have to install a binary blob each time hplip is upgraded, but it is rather straightforward -- Erwan David
Re: Printer HP LaserJet MFP M234sdw 5085B1
On Wed, Sep 20, 2023 at 04:42:12PM CEST, Reco said: > On Wed, Sep 20, 2023 at 04:01:25PM +0200, Erwan David wrote: > > Le 20/09/2023 à 15:55, Jörg-Volker Peetz a écrit : > > > With this printer CUPS driverless printing works, see > > > https://wiki.debian.org/CUPSDriverlessPrinting . No need for hplip. > > > > > Once again : cups driverless printing works ONLY when printer and computer > > are on SAME NETWORK. > > Nope, that's not required. Whenever 'same network' is actually 'same L2 > network segment', or 'same L3 IP subnet'. > Because it's totally possible to configure CUPS to use known IPP > destination without discovery, like this: > > lpadmin -p myprinter -E -v ipp:///ipp/print -m > everywhere > > Discovering said IP is another story of course. > First time I here it (and that's not first time I try to find the info). I'll give it a try. So hplip will still be useful for scanning I guess ? -- Erwan
Re: Printer HP LaserJet MFP M234sdw 5085B1
Le 20/09/2023 à 15:55, Jörg-Volker Peetz a écrit : With this printer CUPS driverless printing works, see https://wiki.debian.org/CUPSDriverlessPrinting . No need for hplip. Regards, Jörg. Once again : cups driverless printing works ONLY when printer and computer are on SAME NETWORK. SO maybe there is no need for hplip, maybe there is. One cannot say -- Erwan David
kernel 6.4.0-3 (testing) cannot be installed with virtualbox-dkms
I had an upgrade failure today, when upgrading kernel to 6.4.0-3 : virtualbox-dkms needs a function which disappeared from kernel headers. I opened the bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050406 -- Erwan David
Re: Swap size in debain 12
Le 12/08/2023 à 16:24, David Wright a écrit : On Sat 12 Aug 2023 at 15:45:52 (+0200), Erwan David wrote: Installing a new debian 12 I see that the installer setups a 1G swap on a 24G RAM laptop. Is the hibernation out of swap now ? (I chose to have a biigger swap, but I find it strange) The arguments are rehearsed in: https://wiki.debian.org/Swap Cheers, David. Not completely : I think I will open a bug (wishlist) against the installer : it is complicated to change swap size when you must reduce root partition size to do this. So at least a question "will you use suspend/hibernate" at install time would be useful (I did not find in the installer how to change the sizes so I had to delete bot then recreate them, and it would have been complicated on a machine already installed) -- Erwan David
Swap size in debain 12
Installing a new debian 12 I see that the installer setups a 1G swap on a 24G RAM laptop. Is the hibernation out of swap now ? (I chose to have a biigger swap, but I find it strange) -- Erwan David
Re: sauvegardes: Vorta/Borgbackup et Deja-Dup/Duplicity
Le 04/08/2023 à 16:37, didier gaumet a écrit : Suite à une enfilade récente parlant de sauvegardes, j'avais dit que je regarderais un peu Vorta (GUI frontal de Borgbackup) et Borgbackup (CLI). A l'heure actuelle l'utilise un truc assez équivalent au sens où c'est un couple GUI et CLI qui produit des sauvegardes plutôt que des synchronisations, le couple Deja-Dup (GUI frontal à Duplicity) et Duplicity (CLI) - GUI: Vorta me paraît plus complet et plus complexe que Deja-Dup. Vorta permet si je me souviens bien de présenter le contenu d'une archive de sauvegarde par triage de date (ou autre) quand Deja-Dup présente des icônes triés par nom uniquement. ça ,'a l'air de rien mais ça peut être handicapant. Deja-Dup ne gère pas le chiffrement de la sauvegarde: ça ne me gène pas parce que mon disque externe de sauvegarde lui-même est chiffré, mais ça peut être gênant. Deja-Dup gère Microsift One Drive et Google Drive, pas Vorta. Vorta permet plus de flexibilité dans les fréquences de sauvegarde que Deja-Dup (uniquement quotidien ou hebdomadaire sans plus de précision, alors que Vorta peut sauvegarde toutes les trois minutes si ça vous semble pertinent) => Par contre, QUESTION: je n'ai pas compris comment je pouvais faire comme Deja-Dup: Deja-Dup crée une nouvelle sauvegarde complète tous les 90j (paramétrable dans dconf), J'ai essayé des paramètres d'élagage (pruning) dans Vorta en espérant que ça allait forcer la rre-création de sauvegardes complèrtes plutôt que continuer à faire des sauvegardes incrémentales. Mais l'élagage en lui-mêm n(a pas fonctionné donc pas de sauvegardes complètes Donc en gros, potentiellement, je conseillerais Deja-Dup pour sa simplicité d'emploi à ceux qui ont des besoins ordinaires (ou utilisent des services Google ou Microsoft) et je conseillerais Vorta à des utilisateurs plus autonomes et avertis qui ont des besoins un peu plus poussés - CLI: j'ai lu les docs sans quasiment utiliser (je suis une feignasse, pour ce genre de trucs j'utilise sans remords des outils GUI quand ça fait ce que je veux). J'ai eu l'impression que: Le développement de borgbackup est plus actif que celui de duplicity L'adoption de Borgbackup est plus importante que celle de Duplicity Les fonctionnalités de Borgbackup sont moins étendues que celles de Duplicity Voilà, c'était juste un petit retour d'expérience -minimaliste- sur ces outils? Sentez vous libre de compléter avec les vôtre, et de répondre à ma question si vous le pouvez, voire de me dire que mon approche est perfectible parce que vue du mauvais côté. Amicalement, DG. Dans borg, il n'y a pas de notion de complète/incrémentale. Tu as d'un côté des "chunks" (des blocs de données) et de l'autre des index. Un seul ensemble de chunks et chaque "sauvegarde" est un index qui vers les chunks correspondant à l'état de ta source au moment de la sauvegarde. Les chunks qui se retrouvent dans plusieurs sauvegardes (parceque les données sources n'ont pas changé par exemple) sont partagés. Donc chaque index pointe vers une sauvegarde totale, le logiciel n'a juste pas recopié ce qui était déjà dans le dépot borg. Le pruning revient à supprimmer un index, puis supprimer les chunks qui ne sont plus dans aucun index. Pas besoin de faire des totales et des incrémentales, avec ce principe de partage (qu'on trouve aussi dans les file system de type "copy on write" comme ZFS), toutes les sauvegardes sont équivalentes et le logiciel ne transfère que ce qui n'est pas déjà présent dans la sauvegarde.
Re: Lack of text console?
Le 04/08/2023 à 10:10, Nicolas George a écrit : Kamil Jońca (12023-08-04): Where text console can be configured? Recently I got laptop with debian installed. I wanted to log in into text console but Ctrl-Alt-F1 does nothing - it seems that lightdm(?) started at first console. Have you tried Ctrl-Alt-F2? Regards, Or rather Ctrl-Alt-F3, on my trixie (with SDDM) I have tty1 : logs & boot messages tty2 : Graphical session tty3, 4 etc : text sessions. Note that it needs some time after boot before getting the login prompt on text consoles -- Erwan David
Re: [testing] passage du pilote proprio à nouveau
Le 31/07/2023 à 14:00, didier gaumet a écrit : Le 31/07/2023 à 12:49, Gaëtan Perrier a écrit : Pas eu besoin d'attendre longtemps :( Freeze juste après l'envoi du message précédent. Rien dans /var/log/syslog à part une série de ^@ Tu es sous Wayland ou Xorg (et tu es bien sous Systemd pax SysV)? Pour Wayland il faudra fouiller dans les résultats de journalctl, pour Xorg lancé par un utilisateur avec un DE il faudra regarder le contenu de ~/.xsession-errors, pour Xorg lancé par un utilisateur sans DE, je ne me souviens plus, c'est peut-être plutôt ~/.xinitquelquechose (pas sûr). Pour un Xorg lancé par root ce devrait être /var/log/Xorg.0.log ou /var/log/Xorg.0.log. Pour tous les fichiers d'erreur Xorg, de mémoire il faut chercher les chaînes EE pour les erreurs et WW pour les avertissements, le reste je crois que c'est principalement II pour info (me rappelle pas bien) Et si tu veux vraiment faire de la plongée (je ne sais plus qui nous parlait de plongée récemment sur cette liste), tu peux essayer de debugger tout ça: https://x.org/wiki/Development/Documentation/ServerDebugging/ En testing ça fait plusieurs mois que les logs users après sddm sont dans journal, plus dans .xsession-errors -- Erwan David
Re: Networkmanager en mode console
Le 26/07/2023 à 21:09, ajh-valmer a écrit : Merci pour vos réponses. On Wednesday 26 July 2023 19:08:24 didier gaumet wrote: je crois que tu confonds le mode console et le mode récupération (recovery). C'est quasi pareil, c'est le mode dépannage, permettant, sans la couche graphique Xorg, un dépannage plus fluide. Non, il y a des milliers de serveurs linux qui tournent sans aucune couche graphique. Je ne vois pas la raison de bloquer networkmanager dans ce mode. Comment dépanner sans réseau ? C'est impossible. Seule solution, modifier "/etc/network/interfaces", rebooter et lancer le réseau par ifup . Ne pas lancer le réseau automatiquement en mode recovery : oh c'est simple : les cartes réseau (en particulier wifi) où le driver doit charger un blob binaire au démarrage ne sont pas rares. et si justement c'était ce chargement qui posait problème ? et comme on tape dans le firmware du hardware ça peut très bien complètement bloquer la machine. -- Erwan David
Re: Networkmanager en mode console
Le 26/07/2023 à 15:57, ajh-valmer a écrit : Le 26 juillet 2023 ajh-valmer a écrit : lorsque je boote Debian-12 en mode console (recovery), sans Xorg, le réseau ne fonctionne plus, On Wednesday 26 July 2023 15:32:01 Michel Verdier wrote: Je ne suis pas sûr mais n'est-ce pas le fonctionnement normal du recovery ? Il est là pour rétablir un système bootable, notamment le mount du root qui normalement doit être en read-only à ce stade. La connexion réseau en mode recovery est très importante, c'est dans ce mode que l'on fait "apt upgrade" et surtout pour "apt dist-upgrade" ou "apt full-upgrade. C'est évident, comment installer le firmware, pilote graphique, si Xorg ne les a pas. C'était ma question, pourquoi networkmanager ne connecte pas en boot recovery ? Peut-être faut-il lancer le service à la main ? ça aurait du sens que le recovery ne lance que le strict minimum quitte à ce que l'utilisateur lance à la main les services dont il a besoin. que dit systemctk status network-manager.service ? Et s'il n'ets pas lancé systemctl start network-manager.service ? -- Erwan David
Re: Fwd: Imprimante HP Deskjet Plus 4120
Le 21 juillet 2023 23:13:14 didier gaumet a écrit : Le 21/07/2023 à 20:16, Erwan David a écrit : Le 21/07/2023 à 19:32, didier gaumet a écrit : - absolument rien, lorsque c'est raccordé en USB ou en ethernet Pour ethernet c'est faucx dans le cas général, il n'y a rien à faire *à condition que l'ordinateur et l'imprimante soient sur le même résqeau* Tu as parfaitement raison, j'ai été trop approximatif: ça ne fonctionne par défaut uniquement si le client et l'imprimante ipp sont sur le même sous-réseau :-) Et je n'ai pas encore vu UNE SEULE doc expliquant comment faire quand ce n'est pas le cas vu mon niveau en réseaux, je ne suis pas qualifié pour dire si cette page web propose des pistes de solutions véritablement opérationnelles mais de loin ça m'a l'air intéressant: https://stackoverflow.com/questions/20986671/could-i-use-avahi-to-publish-service-across-subnetworks Ah merci, je vais me pencher là dessus -- Erwan David
Re: Fwd: Imprimante HP Deskjet Plus 4120
Le 21/07/2023 à 19:32, didier gaumet a écrit : - absolument rien, lorsque c'est raccordé en USB ou en ethernet Pour ethernet c'est faucx dans le cas général, il n'y a rien à faire *à condition que l'ordinateur et l'imprimante soient sur le même résqeau* Et je n'ai pas encore vu UNE SEULE doc expliquant comment faire quand ce n'est pas le cas
Re: Why does Debian have code names for releases?
Le 27/06/2023 à 05:06, Greg Wooledge a écrit : A lot of people who run stable releases use automatic upgrades. This is a thing that will attempt to run "apt update" and "apt upgrade" automatically for you in the background. If you use the "stable" label in your source.list file, and if you also use automatic upgrades, there is an extremely high chance that your system will perform a *partial* release upgrade at some random time when you are not expecting it, and that this will leave your system in a bad state. So no, the worst you'll have is that it wil stop upgrading, because you'll get "stable release changed it's Codename from bullseye to bookworm do you accept ?" And it must be manually answered.
Re: Compiling Virtualbox on "bookworm" [plain text email]
Le 20/06/2023 à 01:19, Ian Tan a écrit : Hello, Apologies for sending "rich text" of the same email previously. That was an accident. Here should be the plain text now. Due to upstream issues, Virtualbox is not available on bookworm. I have an urgent business use case, that required virtualbox to be installed on Debian 12 bookworm, as soon as possible. However, I am not able to compile virtual box on Debian 12 that easily, due to the error: "/usr/share/kBuild/footer-inherit-uses-tools.kmk:1012: *** kBuild: Cannot find include file for the SDK 'LIBSDL2'!" I have shown the details below. Any advice would be appreciated, thank you. No advice for compiling, but virtualbox is available in sid, and there is a repository by virtualbox giving access to the software. You may try them, it may work (I use virtualbox from sid on testing)
Re: Ligne de commande
Le 12/06/2023 à 19:59, Marc Chantreux a écrit : Le Mon, Jun 12, 2023 at 07:37:45PM +0200, Erwan David a écrit : J'aurais plutôt fait sudo sed -i.bak 's/bullseye/bookworm/' /etc/apt/sources.list tu pars du principe que c'est bullseye tout le temps et pas stable de temps en temps. Mais ça reste un peu tordu d ene pas vouloir utiliser d'éditeur de texte. pour une station de travail oui. si tu as 30 machines c'est effectivement mieux de scripter. Avec 30 machines (voire quelques centaines) 1) tu passes par de l'automatisation (salt, ansible, puppet, etc.) qui va pousser un sources.list (et pas le modifier) 2) tu upgrades pas en block, tu vérifies dans chaque cas si les services qui tournent ont besoin de vérifier les configurations. Et dans certains cas tu réinstalles plutôt que d'upgrader
Re: Ligne de commande
Le 12/06/2023 à 19:33, Marc Chantreux a écrit : Le Mon, Jun 12, 2023 at 05:17:41PM +, Simeone Dominique a écrit : Chers amis, comment ajouter à sources.list la nouvelle deb de Bookworm sans vim et en ligne de commande direct! Tout dépend de ce que tu avais précédement et de ce que tu veux conserver. Il faut aussi surveiller ce que tu avais éventuellement dans /etc/apt/sources.list.d. Si il est vide et que tu n'avais pas ajouté de sources à la main, je dirais: <<\% cat > /etc/apt/sources.list deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware deb http://deb.debian.org/debian/ bookworm main non-free non-free-firmware contrib deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware deb http://deb.debian.org/debian/ bookworm-backports main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian/ unstable main contrib non-free non-free-firmware % marc J'aurais plutôt fait sudo sed -i.bak 's/bullseye/bookworm/' /etc/apt/sources.list ce qui met une sauvegarde de l'ancien fichier dans /etc/apt/sources.list.bak Mais ça reste un peu tordu d ene pas vouloir utiliser d'éditeur de texte.
Re: What does "freeze" mean in Debian?
Le 25/05/2023 à 10:06, Hans a écrit : Hi folks, just a little thing, I am somehow confused about. I read that debian/testing is now in state "freeze" as the next release is shortly to come. As I running "bookworm" now, I am wondering, that debian/testing (aka bookworm), still gets a lot of changed packages last days. Obviously I seem to misunderstand the meaning of "freeze". Does "freeze" mean "No new packages" od does it mean "actual packages in testing will not be changed any more till next release". What did I not understand? For me "freeze" means "stay at actual status and do only necessary changes for security or breaking reasons". There are almost a hundered packages I got untill "freeze" and my change to bookworm (aka testing). If you look at the changelogs, you'll see that those upgrades are either because of security corrections, or to handle packaging or upgrade problems eg (today upgrade for me) --- Changes for texlive-bin (texlive-binaries libptexenc1 libsynctex2 libtexlua53-5 libtexluajit2 libkpathsea6) --- texlive-bin (2022.20220321.62855-5.1) unstable; urgency=high * Non-maintainer upload. * Fix improperly secured shell-escape in LuaTeX (CVE-2023-32700) -- Salvatore Bonaccorso Thu, 18 May 2023 23:15:13 +0200 --- Changes for boost1.74 (libboost-chrono1.74.0 libboost-filesystem1.74.0 libboost-iostreams1.74.0 libboost-thread1.74.0 libboost-locale1.74.0 libboost-program-options1.74.0 libboost-python1.74.0 libboost-regex1.74.0 libboost1.74-dev) --- boost1.74 (1.74.0+ds1-21) unstable; urgency=medium [ Andreas Beckmann ] * [f41f9a1] libboost-thread1.74.0: Add Breaks: libboost-regex1.74.0-icu67 for smoother upgrades from bullseye. (Closes: #1036070) -- Anton Gladky Fri, 19 May 2023 09:24:56 +0200 (output of apt-changelogs) freeze is that the software at kept at the same versions so that the teams preparing the distribution can concentrate on those problems.
Re: HS: pourquoi les disques SSD sont peu utilisé dans les serveurs
Le 11/05/2023 à 17:25, steve a écrit : Bonjour, Infomaniak, un des plus gros hébergeurs de Suisse (et le mien, mais c'est hors sujet ici), utilise de plus en plus des SSD sur leurs serveur: https://news.infomaniak.com/ssd-europeen-swissbit/ De plus, ces SSD (de marque Swissbit https://www.swissbit.com/en/) sont fabriqués en Europe. Je pensais que cette information pourrait être intéressante pour cette discussion. s. Je travaille chez un hébergeur (que je ne nommerai pas) et oui on a beaucoup de serveurs avec des SSD. Sans compter les baies de stockage en SSD aussi.
Re: HS: pourquoi les disques SSD sont peu utilisé dans les serveurs
Le 12/04/2023 à 09:34, Alex PADOLY a écrit : Bonjour à tous, Mes précédents messages montrent qu'à des fins de formation, je vais mettre en œuvre une architecture clients /serveur avec Debian Edu. La presse spécialisée indique que les disques durs SSD ont beaucoup de qualité, je l'ai aussi constaté par moi-même avec un chargement très rapide du système d'exploitation. En regardant des catalogues de serveurs, même sur des serveurs coutant plus de 1000 ou 2000 Euros, on ne voit pas ou très peu de disques SSD, on y voit des disques SATA et SAS. Quelles en sont les raisons d'après vous? Merci pour vos réponses. SATA ou SAS ce sont les normes de connexion, mais on peut avoir des disques SSD SATA ou SAS comme des disques rotatifs
Re: https://: vs. https://:.
Le 10/04/2023 à 21:37, Greg Wooledge a écrit : On Mon, Apr 10, 2023 at 12:13:15PM -0700, pe...@easthope.ca wrote: Name: hornby.islandhosting.com Address: 158.69.159.172 As expected, login at https://hornby.islandhosting.com:2096 and at https://mail.easthope.ca:2096 appear equivalent. But for URL https://158.69.159.172:2096 Firefox warns, "Warning: Potential Security Risk Ahead [...] What is the risk from an IP address? Misconfiguration at Island Hosting as Firefox suggests? You've got three different URLs here, which means you're looking at three different web sites. https://hornby.islandhosting.com:2096 https://mail.easthope.ca:2096 https://158.69.159.172:2096 Each of these may give you a different web site, even if they're all hosted on the same physical computer, or the same virtual machine. So, it's conceivable that Mozilla has flagged one of these web sites as a security risk, but not the other two. It's also conceivable that Mozilla has flagged an entire block of "raw IP address URLs" as a security risk, based on a pattern of behavior that they've seen from other web sites within that address range. You'd have to ask Mozilla for the exact details about why they've flagged what they've flagged. It lay aklso be that the defaukt certificate presented has a name, and not an IP address
Re: should CLI have a nice UI today?
Le 29/03/2023 à 16:24, Nicolas George a écrit : to...@tuxteam.de (12023-03-29): Perhaps roughly 3k to 4k years of storing, transmitting and retrieving information in written form have a part in it. It may be a social convention, but by now it runs so deep that I'm convinced you'll find epigenetic traces of it in us humans. Or perhaps those 3-4K years of storing information have selected a format that is close to the best possible with the limitations of our brains, our eyes and our hands. Keyboards are roughly 150 years old: it is possible we find some improvement on the way they are designed that makes entering data more efficient. On the other hand, computers have not changed the fact that data enters us mostly as images and sound, so I predict it is unlikely we find means significantly more efficient than reading. Regards, and do not forget that CLI is what we use in degraded conditions, eg when there is no way to get graphics and colors (text, or favorite virtualisation solution here> console) So we must not depend on graphical capacities to be available
Re: ssh-add after graphical login
Le 23/03/2023 à 09:42, Yassine Chaouche a écrit : Hello all, I'd like something to run ssh-add right after I login to my desktop (KDE). ssh-add needs to prompt me for my passphrase, and doesn't need any privileges. What are my options? Best, I do this way : I create a shell script ~/bin/start-session.sh in this script I have the command ssh-add < - in System Settings > Startup and Shutdown > autostart I add this script as a login script
Re: PDF on debian
Le 09/03/2023 à 12:03, Corey Hickman a écrit : I always compose documents in debian via VIM. so if there is a PDF plugin for VIM that would be great. Thanks Not a Vim plugin, but I usually compose documents in markdown in aneditor (be it vim or emacs) then generate a pdf from the markdown with pandoc
Re: hplip : looking for a workaround
Le 24/02/2023 à 18:41, Brian a écrit : On Fri 24 Feb 2023 at 18:25:24 +0100, Erwan David wrote: Le 24/02/2023 à 17:45, Brian a écrit : On Wed 22 Feb 2023 at 17:49:13 +0100, Erwan David wrote: Hi, hplip seems to need a dependency, many commands end with File "/usr/share/hplip/base/password.py", line 119, in __readAuthType distro_name = get_distro_std_name(os_name) ^^^ NameError: name 'get_distro_std_name' is not defined. Did you mean: 'get_distro_name'? I opend a bug for a missing dependency, but do someone know of a workaround ? I cannot use my scanner anymore because it needs a binary plugin installed by hplip Your issue and a workaround has been addressed. However, knowung the device model just might lead to a better solution. It is a LaserJet_Pro MFP M125nw This is a little unfortunate. My records show this device to be capable of driverless printing, but not of driverless scanning. The later can be ascertained by running avahi-browse -rt _uscan._tcp An empty output is bad news. It appears you have to rely on the non-free plugin and the workaround. Yes no problem with printing, only with scanning... (for driverless alas I did not find how to make it work when printer and computer are not on same network).
Re: hplip : looking for a workaround
Le 24/02/2023 à 17:45, Brian a écrit : On Wed 22 Feb 2023 at 17:49:13 +0100, Erwan David wrote: Hi, hplip seems to need a dependency, many commands end with File "/usr/share/hplip/base/password.py", line 119, in __readAuthType distro_name = get_distro_std_name(os_name) ^^^ NameError: name 'get_distro_std_name' is not defined. Did you mean: 'get_distro_name'? I opend a bug for a missing dependency, but do someone know of a workaround ? I cannot use my scanner anymore because it needs a binary plugin installed by hplip Your issue and a workaround has been addressed. However, knowung the device model just might lead to a better solution. It is a LaserJet_Pro MFP M125nw
Re: hplip : looking for a workaround
Le 22/02/2023 à 18:46, Celejar a écrit : On Wed, 22 Feb 2023 17:49:13 +0100 Erwan David wrote: Hi, hplip seems to need a dependency, many commands end with File "/usr/share/hplip/base/password.py", line 119, in __readAuthType distro_name = get_distro_std_name(os_name) ^^^ NameError: name 'get_distro_std_name' is not defined. Did you mean: 'get_distro_name'? I opend a bug for a missing dependency, but do someone know of a workaround ? I cannot use my scanner anymore because it needs a binary plugin installed by hplip This is your bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031784 but this earlier bug discussion contains a workaround (I haven't tried it): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029459 FTR, here's the upstream bug: https://bugs.launchpad.net/hplip/+bug/2003739 Thanks the workaround in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029459 worked.
hplip : looking for a workaround
Hi, hplip seems to need a dependency, many commands end with File "/usr/share/hplip/base/password.py", line 119, in __readAuthType distro_name = get_distro_std_name(os_name) ^^^ NameError: name 'get_distro_std_name' is not defined. Did you mean: 'get_distro_name'? I opend a bug for a missing dependency, but do someone know of a workaround ? I cannot use my scanner anymore because it needs a binary plugin installed by hplip
Re: Lien cassé sur le paquet apache2-data dist Bullseye et dépôt officiel http://ftp.debian.org
Le 11/01/2023 à 12:47, didier gaumet a écrit : Euh, je ne connaissais pas cette couche ICAP(1) mais en gros ton problème me semble venir de là: elle considère (ou a considéré ponctuellement) le paquet Debian en question comme suspect car présentant trop de sous-niveaux d'archive? (1) https://en.wikipedia.org/wiki/Internet_Content_Adaptation_Protocol Moi je vois un "Vendor: Sophos" ça sent le proxy filtrant avec son antivirus.
Gnome/Kde color correction
Hello, I have colord-kde installed, in the system settoings I get "You need Gnome Color Management installed in order to calibrate devices" Which package should I install ? I already have ii colord 1.4.6-2.1 amd64 system service to manage device colour profiles -- system daemon ii colord-data 1.4.6-2.1 all system service to manage device colour profiles -- data files ii colord-kde 22.12.0-1 amd64 Color management for KDE ii colord-sensor-argyll 1.4.6-2.1 amd64 system service to manage device colour profiles -- argyll sensor plugin ii elpa-color-theme-modern 0.0.3-3 all deftheme reimplementation of classic Emacs color-themes ii fonts-noto-color-emoji 2.038-1 all color emoji font from Google ii gnome-color-manager 3.36.0-1+b1 amd64 Color management integration for the GNOME desktop environment (so yes, gnome-color-manager is installed)
Re: Missing module in initramfs : haw to know which one, and how to add it.
Le 14/10/2022 à 09:12, Erwan David a écrit : I got my modules list, I put the list in /etc/iniramfs-tools/modules, update-initramfs -v -u : they are not added to the initrd man initramfs-tools says Modules listed in /etc/initramfs-tools/modules and /usr/share/initramfs-tools/modules.d/* are always included in the initramfs, and are loaded early in the boot process. So I do not understand what I should do Ok, solved : there shouldbe no white line in the file... Thanks for listening this helped me to find the errors
Re: Missing module in initramfs : haw to know which one, and how to add it.
Le 14/10/2022 à 07:30, Erwan David a écrit : Le 14/10/2022 à 07:18, Erwan David a écrit : Hi, Some times ago I went from modules=most to modules=dep in initramfs, because /boot was too small. the machine is a laptop usually standalone but from time to time connected to a dock with external USB keyboard Today at boot : external keyboard worked for grub, did not work for entering LUKS key, and works once system is started. This I deduce I need some supplementary module(s) in the initrd. Is there a way to identify those modules and add them ? Ok, I did an update-initramfs -v -u with and without the dock, now I have a list of modules added for my dock installation. I'll check how to force them being in the initrd even if devices are not detected at generation time. I got my modules list, I put the list in /etc/iniramfs-tools/modules, update-initramfs -v -u : they are not added to the initrd man initramfs-tools says Modules listed in /etc/initramfs-tools/modules and /usr/share/initramfs-tools/modules.d/* are always included in the initramfs, and are loaded early in the boot process. So I do not understand what I should do
Re: Missing module in initramfs : haw to know which one, and how to add it.
Le 14/10/2022 à 07:18, Erwan David a écrit : Hi, Some times ago I went from modules=most to modules=dep in initramfs, because /boot was too small. the machine is a laptop usually standalone but from time to time connected to a dock with external USB keyboard Today at boot : external keyboard worked for grub, did not work for entering LUKS key, and works once system is started. This I deduce I need some supplementary module(s) in the initrd. Is there a way to identify those modules and add them ? Ok, I did an update-initramfs -v -u with and without the dock, now I have a list of modules added for my dock installation. I'll check how to force them being in the initrd even if devices are not detected at generation time.
Missing module in initramfs : haw to know which one, and how to add it.
Hi, Some times ago I went from modules=most to modules=dep in initramfs, because /boot was too small. the machine is a laptop usually standalone but from time to time connected to a dock with external USB keyboard Today at boot : external keyboard worked for grub, did not work for entering LUKS key, and works once system is started. This I deduce I need some supplementary module(s) in the initrd. Is there a way to identify those modules and add them ?
Add route exception in NetworkManager vpn
Hi, I use a vpn with network manager which routes everything through it. I'd like to add some exceptions for local or not so local ressources that cannot be reached through the VPN. The ideal situation would be to be able to give as gateway for those routes "the default gateway before the VPN was up". Is there a way to do this ? It may be through a dispatcher script at vpn-preup time, but I'm not sure by reading the doc if the routes have been changed at that time or not. Thank you
Add route exceptions to a VPN with network manager
Hi, I use a vpn with network manager which routes everything through it. I'd like to add some exceptions for local or not so local ressources that cannot be reached through the VPN. The ideal situation would be to be able to give as gateway for those routes "the defayukt gateway before the VPN was up". Is there a way to do this ? Thank you
Re: Okular very slow
Le 06/10/2022 à 16:40, Kushal Kumaran a écrit : On Thu, Oct 06 2022 at 09:58:02 AM, Erwan David wrote: My okular is very slow at starting. I see that when it starts it mounts an automounted webdav share, and seems to scan it. How can I tell it not to scan anything at start ? Is it attempting to verify which, if any, of the files in "File" -> "Open Recent" are still available? Clear that list ("File" -> "Open Recent" -> "Clear List") and see. Seems to be the reason, thanks, I thought I had no file on this drive in the list, I was wrong
Okular very slow
My okular is very slow at starting. I see that when it starts it mounts an automounted webdav share, and seems to scan it. How can I tell it not to scan anything at start ?
Okular very slow : seems to scan webdav mounted share
My okular is very slow at starting. I see that when it starts it mounts an automounted webdav share, and seems to scan it. How can I tell it not to scan anything at start ?
Re: update-initramfs outside of /boot
Le 01/10/2022 à 18:25, Felix Miata a écrit : Erwan David composed on 2022-10-01 16:21 (UTC+0200): My /boot is 235 MB (from deb 10 installer), however in testing I now have 56MB initramfs files and update-initramfs cannot work for the 3rd kernel to install (and apt autoremove keeps 2 kernels, thus at upgrade there are temporarily 3 kernels). I see that all the files of the initramfs are put in /boot before creating the compressed image, thus the need for place. Is there a way to cofigure update-initrams so that the creation of the im age is done in another filesystem before instalation in /boot ? Alternative options: 1-Move the oldest kernel files to another filesystem, or everything, from /boot. You don't need them there until time to reboot. 2-You're not forced to keep two kernels. Remove the non-running one manually. 3-As Stefan already suggested, MODULES=dep. It's routine here. Big initrds take more time to load, which can be quite noticeable on old hardware. 4-Is your /boot adjacent to your swap? If yes, easily recreate both, with smaller swap, larger /boot. Don't forget to adjust fstab for UUID change of swap, or apply the one from fstab on the new. My /boot is next to an encrypted lvm containing te rest of the disk. I fear resizing /boot would require a reinstall, I'll set modules=dep
Re: update-initramfs outside of /boot
Le 01/10/2022 à 17:16, Stefan Monnier a écrit : My /boot is 235 MB (from deb 10 installer), however in testing I now have 56MB initramfs files and update-initramfs cannot work for the 3rd kernel to install (and apt autoremove keeps 2 kernels, thus at upgrade there are temporarily 3 kernels). MODULES=dep and COMPRESS=lzma in `initramfs.conf` can make a big difference. Stefan I alreaady have compres=zstd (should be better than lzma). modules=most because I do not like the "guess". An d It would be a temporary mesuer since initramfs siuze keeps growing. I just do not see the point of building it in /boot rather than eg /tmp or another directory specified in conf.
update-initramfs outside of /boot
My /boot is 235 MB (from deb 10 installer), however in testing I now have 56MB initramfs files and update-initramfs cannot work for the 3rd kernel to install (and apt autoremove keeps 2 kernels, thus at upgrade there are temporarily 3 kernels). I see that all the files of the initramfs are put in /boot before creating the compressed image, thus the need for place. Is there a way to cofigure update-initrams so that the creation of the im age is done in another filesystem before instalation in /boot ?
Re: Plugin HP
Le 30/09/2022 à 17:11, MERLIN Philippe a écrit : Le vendredi 30 septembre 2022, 15:42:43 CEST Bureau LxVx a écrit : Bonjour, Sur le pc d'un am et une debian toute fraîche et mise à jour, je ne réussis pas à installer / finaliser le HPLIP. A la fin de l'installation, impossibilité d'imprimer la page test. Il manque le plugin : ok Toutefois, l'installation de ce plugin et du lancement du .run https://developers.hp.com/sites/default/files/hplip-3.21.2-plugin.run se termine par checksum corrompu. Et cela que ce soit la dernière version hplip téléchargée sur https://developers.hp.com/hp-linux-imaging-and-printing : Version: 3.22.6 Clé du plugin correspondant corrompue ou celle de synaptic : 3.21.2+dfsg1-2 (unstable ?) https://developers.hp.com/sites/default/files/hplip-3.21.2-plugin.run Dans le script : HPLIP 3.21.2 Plugin Self Extracting Archive" J'espère avoir été assez claire ... Merci de votre aide. Bien librement, Sylvie Pouquoi installer un plugin ? normalement l'installation de hplip suffit, Sur mon ordi : hplip hplip-data hplip-cups hplip-gui venant sûrement de debian non-free hplip, hplip-data, hplip-gui 3.22.6 Sid Amicalement Philippe Merlin ça dépend de l'imprimante, pour scanner avec la mienne (MFP m125nw) il faut installer un plugin qui est un bout de firmware binaire fourni par HP mais qui n'est pas dans les paquets debian à ce qu'il semble
Re: Grosse fatigue
Le 23/09/2022 à 12:42, antoine.valmer a écrit : On Friday 23 September 2022 12:34:01 BERTRAND Joël wrote: Attention, les ports sont renommés automatiquement sauf s'il y a des règles udev spécifiques. Cela fut rigolo au passage de l'ancien système au nouveau (et si j'ai pu récupérer eth1 et eth2, eth0 n'a rien voulu savoir et se retrouve lan0). Hello, on peut tout à fait modifier le nom des ports eth, wlan..., que ces noms abscons non explicites (ens...) attribués d'office par Debian et Ubuntu : https://waytolearnx.com/2019/05/renommer-linterface-par-defaut-ens33-a-lancienne-eth0-sur-ubuntu-16-04.html eth0, wlan0... c'est explicite, et pratique pour réparer un réseau défaillant. Bonne journée. Et au moins ça change pas sur une mise à jour de udev/systemd comme ça m'est arrivé.
Re: Postfix rejeter from et to en même temps
Le 06/09/2022 à 11:33, Wallace a écrit : Bonjour, Sur Postfix j'arrive bien à filtrer les from et les to en fonction de différents critères mais je n'arrive pas à trouver comment filtrer en from et to en même temps. Exemple en to j'ai une boite d'une personne valide donc je ne peux pas la bloquer en filtre to mais certaines adresses en from vers ce to est refusé pour raison d'encodage des headers et l'éditeur ne semble pas vouloir corriger. Du coup je voudrais bloquer ce from vers ce to spécifiquement tout en laissant passer les autres mails vers le même to et les autres mails avec le from problématique vers d'autres to. Une idée de quelles options sont nécessaires pour cela? Sinon je regarde aussi un filtre milter spécifique mais je n'ai pas trouvé grand chose de pertinent. Merci par avance pour vos avis. Bonne journée Il va falloir regarder du côté des policy-filter. Car le filtrage interne à postfix ne travaille que sur un seul en-tête à la fois.
Re: Resize partitions ext4 /LVM
Le 16/08/2022 à 16:30, Daniel Caillibaud a écrit : Le 16/08/22 à 16:08, hamster a écrit : mount -o bind /home/docker /var/lib/docker C'est en effet une option, mais je comprend pas bien l'interet de le faire comme ca plutot qu'avec un lien symbolique ? Ça permet d'avoir le "vrai" chemin qui reste /var/lib/… Ça peut éviter des problèmes (une dépendance mal codée qui vérifierait ce chemin), ou de la customisation compliquée (pour apparmor par ex). Je me souviens avoir fait ça pour mysql il y a très longtemps, un lien symbolique passait pas (à cause de apparmor il me semble) alors qu'avec un bind ça passait crème sans aller bidouiller les configs par défaut du système. en cas de chroot (et iml y a des chances que docker en fasse) un lien symbolique absolu ne va plus marcher, alors que le montage bind n'aura pas ce problème.
Re: *Now* what is starting ssh-agent?
Le 26/07/2022 à 20:40, Chris Mitchell a écrit : Hi all, I have my own systemd "user" .service unit that I like to use to start ssh-agent the way I want it started, which works fine… except for the neverending game of whack-a-mole tracking down and disabling various legacy workarounds that go ahead and start ssh-agent unasked (or emulate it, poorly, like gnome-keyring) and clobber my SSH_AUTH_SOCK env-var. ssh-agent is usually started by your session manager. I do not know wether all DE use this, but you can find it in /etc/X11/Xsession.d/90x11-common_ssh-agent
Re: Où se documenter sur une expression comme ${1%/*} dans /bin/sh ?
On Mon, Jul 25, 2022 at 10:06:28AM CEST, bern said: > Le 2022-07-25 09:49, Olivier a écrit : > > Bonjour, > > > > Dans /etc:dhcp/debug sous Bullseye, j'ai trouvé l'instruction ci-après. > > echo "$(date): entering ${1%/*}, dumping variables." > > > > Cette expression vaut /etc/dhcp/dhclient-exit-hooks.d dans ce cas > > précis quand $1 vaut /etc/dhcp/dhclient-exit-hooks.d/monscript. > > > > Où trouver de la doc sur ce type d'expression (ie %/*) ? > > > > Slts > > man bash > > man sh plutôt non ? Par défaut sh c'est dash, pas bash sous debian -- Erwan
Re: nft newbie
Le 12/07/2022 à 22:00, Marco a écrit : Am Tue, 12 Jul 2022 21:17:40 +0200 schrieb : That looks like a sensible strategy to me. It isn't at all, completely blocking incoming ICMP is a very stupid idea. ICMP is used for control messages, e.g. for Path MTU discovery. The only IMCP message that can be blocked is echo request or echo reply, everything else creates problems like nasty timeouts to certain sites. You can block incoming echo requests and let all others through it. I did not speak of blocking ICMP, I refered to the ICMP (host not reachable, network not reachable or administratively prohibited that the firewall itself emits in cas of a Reject.
Re: nft newbie
Le 12/07/2022 à 17:27, Henning Follmann a écrit : On Tue, Jul 12, 2022 at 11:31:11AM +0100, mick crane wrote: On 2022-07-12 10:33, Gareth Evans wrote: On Tue 12 Jul 2022, at 10:19, Maximiliano Estudies In most cases it's a best practice to configure all chains with _policy drop_ and then add rules for the traffic that you want to allow All the nftables and PF howtos I have found take this approach. Why is it best practice? Is there any security advantage over rejection? I think it is just that 'reject' tells the remote system there is something listening. mick Oh quite contraire! It literally tells you that there is nothing. And that is the problem. This way your system can be part of an attack onto someone else. Because your system creates a message which then is sent to the address in the src address. And that can be a forged address. This way you reflect messages to someone else. In a nice world, where everybody plays by the rules reject would be the proper thing. Here in reality drop is the better choice. It depends on your settings. Personnally on a router I tend to Reject if the ICMP goes to the internal network, drop if it would be sent outside. That avoids some weird timeouts in the internal network (put your own definition of internal)
Re: sleep(1) vs. sync(1) twice before umount(8)
Le 10/07/2022 à 19:46, fxkl4...@protonmail.com a écrit : On Sun, 10 Jul 2022, David Christensen wrote: On 7/10/22 09:57, fxkl4...@protonmail.com wrote: On Sun, 10 Jul 2022, David Christensen wrote: On 7/10/22 05:55, fxkl4...@protonmail.com wrote: Several decades ago I was taught to type sync and then type sync again before unmounting a drive The only reason I ever got was that the second sync was a time delay Any potential gotchas? I was never brave enough to poke that bear :) Have you ever experienced any problems or surprises with the technique? No I spent a couple of decades baby sitting a room full of HP K200s and K380s Experimenting was not something done lightly, if you valued your job You stick with what works Typing sync twice was advised and I was not inclined to anger some unknown god Using sleep between operations is as you say experimental I wrote many scripts that ran as cron jobs at night I was not concerned with speed I've been retired for almost a decade and do not miss the sleepless nights IIRC the second sync() was blocked until the first one finished. Thus you were sure to wait the completion of the sync() whereas the sleep() waits for a fixed amount of time. However, I'm not sure it is still needed with modern file systems
Re: nft newbie
Le 07/07/2022 à 10:11, Roger Price a écrit : I looked at the workstation example, but it doesn't even allow access via ssh. On my Debian 11 box I found /usr/share/doc/nftables/examples/workstation.nft which does show how to allow incoming ssh, http and https traffic. Newbie 1: Is it normal for nftables configuration files to be executable? As a newcomer, I expected something more "traditional", ie a file containing only key words and data values. Yes it is. If you look at the first line you see it is a script to be evaluated by /usr/sbin/nft Newbie 2: Command ls -l /etc/nftables.conf reports -rwxr-xr-x 1 root root 228 Jan 17 2021 /etc/nftables.conf* This looks as if anyone can read and execute this file. I tried as a simple user and got the error message /etc/nftables.conf:3:1-14: Error: Could not process rule: Operation not permitted flush ruleset ^^ Is execution not permitted for non-root/non-file owner ? nft configuration is indeed possible only for root. Newbie 3: The configuration file begins with the Bash shebang #!/usr/sbin/nft -f but the Debian 11 man page for nftables says -f, --file filename Read input from filename. If filename is -, read from stdin. and doesn't mention omitting the filename. I'm guessing that -f with no file name means "read from the remainder of this file". Is this correct? It's very old for me (I began unix in 1990) but in my understanding when a file begins wth a shebang the line after the shebang is completed with the path to the file and the full line is then executed, thus You'll end with a command line of /usr/sbin/nft -f /etc/nftables.conf
Re: Firewall blocking my new Debian 11 server ports 80 and 443
Le 29/05/2022 à 13:22, Tom Browder a écrit : On Sun, May 29, 2022 at 05:41 Tom Browder wrote: Does anyone have a good reason for me to NOT install and enable UFW? -Tom good reason would be that thtere is obviously already something on your server magaing the firewalling. Having 2 different systems will lead to inconsistency and erratic behiaviour. First thing is to identify what is putting the rules you showed us. (rules that do not block ports 80 and 443)
Re: [SOLVED] Re: One-user system.
Le 06/05/2022 à 20:24, Thomas Schmitt a écrit : Hi, Greg Wooledge wrote: I think you're vastly underestimating the average age of subscribers on this list. Huh ? ... What ? ... Age ? ... Whom do you call old ? VIC-20 users don't get old. Since most of the posters here are of over average age we should immediately drop the whole concept in order to avoid a severe mathematical paradox. Have a nice day :) Thomas I my head I am still 13, the age when I discovered the C64...